From: "James Harper" <james.harper@bendigoit.com.au>
To: admin@dmarkey.com
Cc: Paul Durrant <Paul.Durrant@citrix.com>, xen-devel@lists.xensource.com
Subject: RE: RE: produce windows compatible dump file from Dom0
Date: Wed, 25 May 2011 22:16:06 +1000 [thread overview]
Message-ID: <AEC6C66638C05B468B556EA548C1A77D01D573FD@trantor> (raw)
In-Reply-To: <BANLkTin1MKmJXTe53SJBHxvw+TYgrEpdpw@mail.gmail.com>
>
> Hi all,
>
> Did anyone make any progress on this?
>
> I'm interested in getting a Windows memory dump out of a XenServer
suspend
> image.
>
> Is it even remotely possible?
>
Yes. In order for it to work I believe the DomU needs to call
KeInitializeCrashDumpHeader to place a crash dump header inside the
memory image (eg in NonPagedPool). KeInitializeCrashDumpHeader is
available in 2003sp1 and newer. You can then find that info in the saved
image and use it to build a windows compatible crash dump. There is more
to it than that obviously and I haven't actually done it myself. Ideally
it would be possible to do 'xl wincrashdump -o memory.dmp domu_name' and
have it all happen.
I've BCC'd the guy who wrote a program to do it to see if he can share
it (hope he doesn't mind :)
James
next prev parent reply other threads:[~2011-05-25 12:16 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-23 11:07 produce windows compatible dump file from Dom0 James Harper
2011-02-23 13:34 ` Paul Durrant
2011-02-23 22:15 ` James Harper
2011-05-25 9:54 ` David Markey
2011-05-25 10:17 ` Tim Deegan
2011-05-25 12:16 ` James Harper [this message]
2011-05-26 12:52 ` Konrad Rzeszutek Wilk
2011-11-08 15:15 ` David Markey
2011-11-08 15:40 ` Konrad Rzeszutek Wilk
2011-11-08 16:20 ` Paul Durrant
2011-11-08 16:28 ` David Markey
2011-11-08 16:48 ` Paul Durrant
2011-11-08 22:04 ` Tim Deegan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AEC6C66638C05B468B556EA548C1A77D01D573FD@trantor \
--to=james.harper@bendigoit.com.au \
--cc=Paul.Durrant@citrix.com \
--cc=admin@dmarkey.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).