From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tim Deegan <tim@xen.org>
Subject: Re: RE: produce windows compatible dump file from Dom0
Date: Tue, 8 Nov 2011 22:04:22 +0000
Message-ID: <20111108220422.GA12734@ocelot.phlegethon.org>
References: <AEC6C66638C05B468B556EA548C1A77D01C558B2@trantor>
	<291EDFCB1E9E224A99088639C47620228D3EDCA57D@LONPMAILBOX01.citrite.net>
	<AEC6C66638C05B468B556EA548C1A77D01C558C1@trantor>
	<BANLkTin1MKmJXTe53SJBHxvw+TYgrEpdpw@mail.gmail.com>
	<AEC6C66638C05B468B556EA548C1A77D01D573FD@trantor>
	<20110526125239.GA7838@dumpdata.com>
	<CANXrN=0E70=AWfyhzUk6N3Rw=oVNqzcmUweCRforKpa3GQG4oQ@mail.gmail.com>
	<20111108154034.GA12849@phenom.dumpdata.com>
	<291EDFCB1E9E224A99088639C4762022B4543AB142@LONPMAILBOX01.citrite.net>
	<CANXrN=1Lno3WKxaQ=7QkV5W_ieRdSCPXsUoL4to+_7AL6GHYWA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Return-path: <xen-devel-bounces@lists.xensource.com>
Content-Disposition: inline
In-Reply-To: <CANXrN=1Lno3WKxaQ=7QkV5W_ieRdSCPXsUoL4to+_7AL6GHYWA@mail.gmail.com>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: David Markey <admin@dmarkey.com>
Cc: Paul Durrant <Paul.Durrant@citrix.com>, "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>, Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>, James Harper <james.harper@bendigoit.com.au>
List-Id: xen-devel@lists.xenproject.org

At 16:28 +0000 on 08 Nov (1320769712), David Markey wrote:
> Kdd is for live debugging,(I thought)

It could be converted to run against a save file -- internally the
windowsy bits are kept separate from the state-access bits so it should
"just" be a matter of writing a new backend that can unfold save files
to get at memory and CPU state. 

For a quicker, uglier fix, you could restore (a copy of) the state file
into a paused VM. :)

kdd needs a bit of care and attention, actually; its internal list of
magic constants will need updating for recent windowses, and it hasn't
been tested against very recent debugger versions.  Sadly, I doubt I'll
have time to spend installing/prodding various windows flavours any time
soon. :(

Tim.

> I'm looking to specifically convert a VM save image(i,e, after suspend)
> into a WinDBG compatible image.
> 
> It looked like the utility Konrad spoke of could have achieved this.
> 
> David
> 
> 
> 
> On 8 November 2011 16:20, Paul Durrant <Paul.Durrant@citrix.com> wrote:
> 
> > Can't this now be done using kdd?
> >
> >  Paul
> >
> > > -----Original Message-----
> > > From: Konrad Rzeszutek Wilk [mailto:konrad.wilk@oracle.com]
> > > Sent: 08 November 2011 15:41
> > > To: David Markey
> > > Cc: James Harper; Paul Durrant; xen-devel@lists.xensource.com
> > > Subject: Re: [Xen-devel] RE: produce windows compatible dump file
> > > from Dom0
> > >
> > > On Tue, Nov 08, 2011 at 03:15:10PM +0000, David Markey wrote:
> > > > Hi Konrad,
> > > >
> > > > Sorry for resurrecting,
> > >
> > > Oh no trouble.
> > > >
> > > > Did "the guy" manage to get clearance to release the source for
> > > this
> > > > particular project?
> > >
> > > Uh, I think we lost track of this. Let me poke "the guy".
> > >
> > > >
> > > >
> > > > Thanks!
> > > >
> > > > David
> > > >
> > > >
> > > > On 26 May 2011 13:52, Konrad Rzeszutek Wilk
> > > <konrad.wilk@oracle.com> wrote:
> > > >
> > > > > On Wed, May 25, 2011 at 10:16:06PM +1000, James Harper wrote:
> > > > > > >
> > > > > > > Hi all,
> > > > > > >
> > > > > > > Did anyone make any progress on this?
> > > > > > >
> > > > > > > I'm interested in getting a Windows memory dump out of a
> > > > > > > XenServer
> > > > > > suspend
> > > > > > > image.
> > > > > > >
> > > > > > > Is it even remotely possible?
> > > > > > >
> > > > > >
> > > > > > Yes. In order for it to work I believe the DomU needs to call
> > > > > > KeInitializeCrashDumpHeader to place a crash dump header
> > > inside
> > > > > > the memory image (eg in NonPagedPool).
> > > KeInitializeCrashDumpHeader
> > > > > > is available in 2003sp1 and newer. You can then find that info
> > > in
> > > > > > the saved image and use it to build a windows compatible crash
> > > > > > dump. There is more to it than that obviously and I haven't
> > > > > > actually done it myself. Ideally it would be possible to do
> > > 'xl
> > > > > > wincrashdump -o memory.dmp domu_name' and have it all happen.
> > > > > >
> > > > > > I've BCC'd the guy who wrote a program to do it to see if he
> > > can
> > > > > > share it (hope he doesn't mind :)
> > > > >
> > > > > I am not "the guy", and while "the guy" is working on getting a
> > > > > blanket OK to release the source (or executable), let me give
> > > you
> > > > > some of the technical details in case you feel inspired to write
> > > this yourself.
> > > > >
> > > > > The process in making a dumpconverter involves finding the
> > > windows
> > > > > dump header in memory and putting it at the beginning of the
> > > output
> > > > > file, then taking the raw domain dump and writing it as is
> > > except
> > > > > that the following two ranges need to be skipped - which can
> > > vary
> > > > > from system to system:
> > > > >   1) the ELF header (by default the first 6 pages of the raw
> > > dump)
> > > > >   2) a range which might be BIOS, which by default in the tool
> > > is set to
> > > > >      pages 0x9F to 0xDF.
> > > > >
> > > > > Good luck!
> > > > >
> >

> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel