From mboxrd@z Thu Jan  1 00:00:00 1970
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: Re: RE: produce windows compatible dump file from Dom0
Date: Tue, 8 Nov 2011 10:40:34 -0500
Message-ID: <20111108154034.GA12849@phenom.dumpdata.com>
References: <AEC6C66638C05B468B556EA548C1A77D01C558B2@trantor>
	<291EDFCB1E9E224A99088639C47620228D3EDCA57D@LONPMAILBOX01.citrite.net>
	<AEC6C66638C05B468B556EA548C1A77D01C558C1@trantor>
	<BANLkTin1MKmJXTe53SJBHxvw+TYgrEpdpw@mail.gmail.com>
	<AEC6C66638C05B468B556EA548C1A77D01D573FD@trantor>
	<20110526125239.GA7838@dumpdata.com>
	<CANXrN=0E70=AWfyhzUk6N3Rw=oVNqzcmUweCRforKpa3GQG4oQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <xen-devel-bounces@lists.xensource.com>
Content-Disposition: inline
In-Reply-To: <CANXrN=0E70=AWfyhzUk6N3Rw=oVNqzcmUweCRforKpa3GQG4oQ@mail.gmail.com>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: David Markey <admin@dmarkey.com>
Cc: Paul Durrant <Paul.Durrant@citrix.com>, James Harper <james.harper@bendigoit.com.au>, xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org

On Tue, Nov 08, 2011 at 03:15:10PM +0000, David Markey wrote:
> Hi Konrad,
> 
> Sorry for resurrecting,

Oh no trouble.
> 
> Did "the guy" manage to get clearance to release the source for this
> particular project?

Uh, I think we lost track of this. Let me poke "the guy".

> 
> 
> Thanks!
> 
> David
> 
> 
> On 26 May 2011 13:52, Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> wrote:
> 
> > On Wed, May 25, 2011 at 10:16:06PM +1000, James Harper wrote:
> > > >
> > > > Hi all,
> > > >
> > > > Did anyone make any progress on this?
> > > >
> > > > I'm interested in getting a Windows memory dump out of a XenServer
> > > suspend
> > > > image.
> > > >
> > > > Is it even remotely possible?
> > > >
> > >
> > > Yes. In order for it to work I believe the DomU needs to call
> > > KeInitializeCrashDumpHeader to place a crash dump header inside the
> > > memory image (eg in NonPagedPool). KeInitializeCrashDumpHeader is
> > > available in 2003sp1 and newer. You can then find that info in the saved
> > > image and use it to build a windows compatible crash dump. There is more
> > > to it than that obviously and I haven't actually done it myself. Ideally
> > > it would be possible to do 'xl wincrashdump -o memory.dmp domu_name' and
> > > have it all happen.
> > >
> > > I've BCC'd the guy who wrote a program to do it to see if he can share
> > > it (hope he doesn't mind :)
> >
> > I am not "the guy", and while "the guy" is working on getting a blanket
> > OK to release the source (or executable), let me give you some of the
> > technical details in case you feel inspired to write this yourself.
> >
> > The process in making a dumpconverter involves finding the windows dump
> > header
> > in memory and putting it at the beginning of the output file, then taking
> > the
> > raw domain dump and writing it as is except that the following two ranges
> > need
> > to be skipped - which can vary from system to system:
> >   1) the ELF header (by default the first 6 pages of the raw dump)
> >   2) a range which might be BIOS, which by default in the tool is set to
> >      pages 0x9F to 0xDF.
> >
> > Good luck!
> >