Re: RE: produce windows compatible dump file from Dom0

[Tim Deegan <tim@xen.org>]

At 16:28 +0000 on 08 Nov (1320769712), David Markey wrote:
> Kdd is for live debugging,(I thought)

It could be converted to run against a save file -- internally the
windowsy bits are kept separate from the state-access bits so it should
"just" be a matter of writing a new backend that can unfold save files
to get at memory and CPU state. 

For a quicker, uglier fix, you could restore (a copy of) the state file
into a paused VM. :)

kdd needs a bit of care and attention, actually; its internal list of
magic constants will need updating for recent windowses, and it hasn't
been tested against very recent debugger versions.  Sadly, I doubt I'll
have time to spend installing/prodding various windows flavours any time
soon. :(

Tim.

> I'm looking to specifically convert a VM save image(i,e, after suspend)
> into a WinDBG compatible image.
> 
> It looked like the utility Konrad spoke of could have achieved this.
> 
> David
> 
> 
> 
> On 8 November 2011 16:20, Paul Durrant <Paul.Durrant@citrix.com> wrote:
> 
> > Can't this now be done using kdd?
> >
> >  Paul
> >
> > > -----Original Message-----
> > > From: Konrad Rzeszutek Wilk [mailto:konrad.wilk@oracle.com]
> > > Sent: 08 November 2011 15:41
> > > To: David Markey
> > > Cc: James Harper; Paul Durrant; xen-devel@lists.xensource.com
> > > Subject: Re: [Xen-devel] RE: produce windows compatible dump file
> > > from Dom0
> > >
> > > On Tue, Nov 08, 2011 at 03:15:10PM +0000, David Markey wrote:
> > > > Hi Konrad,
> > > >
> > > > Sorry for resurrecting,
> > >
> > > Oh no trouble.
> > > >
> > > > Did "the guy" manage to get clearance to release the source for
> > > this
> > > > particular project?
> > >
> > > Uh, I think we lost track of this. Let me poke "the guy".
> > >
> > > >
> > > >
> > > > Thanks!
> > > >
> > > > David
> > > >
> > > >
> > > > On 26 May 2011 13:52, Konrad Rzeszutek Wilk
> > > <konrad.wilk@oracle.com> wrote:
> > > >
> > > > > On Wed, May 25, 2011 at 10:16:06PM +1000, James Harper wrote:
> > > > > > >
> > > > > > > Hi all,
> > > > > > >
> > > > > > > Did anyone make any progress on this?
> > > > > > >
> > > > > > > I'm interested in getting a Windows memory dump out of a
> > > > > > > XenServer
> > > > > > suspend
> > > > > > > image.
> > > > > > >
> > > > > > > Is it even remotely possible?
> > > > > > >
> > > > > >
> > > > > > Yes. In order for it to work I believe the DomU needs to call
> > > > > > KeInitializeCrashDumpHeader to place a crash dump header
> > > inside
> > > > > > the memory image (eg in NonPagedPool).
> > > KeInitializeCrashDumpHeader
> > > > > > is available in 2003sp1 and newer. You can then find that info
> > > in
> > > > > > the saved image and use it to build a windows compatible crash
> > > > > > dump. There is more to it than that obviously and I haven't
> > > > > > actually done it myself. Ideally it would be possible to do
> > > 'xl
> > > > > > wincrashdump -o memory.dmp domu_name' and have it all happen.
> > > > > >
> > > > > > I've BCC'd the guy who wrote a program to do it to see if he
> > > can
> > > > > > share it (hope he doesn't mind :)
> > > > >
> > > > > I am not "the guy", and while "the guy" is working on getting a
> > > > > blanket OK to release the source (or executable), let me give
> > > you
> > > > > some of the technical details in case you feel inspired to write
> > > this yourself.
> > > > >
> > > > > The process in making a dumpconverter involves finding the
> > > windows
> > > > > dump header in memory and putting it at the beginning of the
> > > output
> > > > > file, then taking the raw domain dump and writing it as is
> > > except
> > > > > that the following two ranges need to be skipped - which can
> > > vary
> > > > > from system to system:
> > > > >   1) the ELF header (by default the first 6 pages of the raw
> > > dump)
> > > > >   2) a range which might be BIOS, which by default in the tool
> > > is set to
> > > > >      pages 0x9F to 0xDF.
> > > > >
> > > > > Good luck!
> > > > >
> >

> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel