From mboxrd@z Thu Jan 1 00:00:00 1970 From: "James Harper" Subject: RE: RE: produce windows compatible dump file from Dom0 Date: Wed, 25 May 2011 22:16:06 +1000 Message-ID: References: <291EDFCB1E9E224A99088639C47620228D3EDCA57D@LONPMAILBOX01.citrite.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Return-path: Content-class: urn:content-classes:message In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: admin@dmarkey.com Cc: Paul Durrant , xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org >=20 > Hi all, >=20 > Did anyone make any progress on this? >=20 > I'm interested in getting a Windows memory dump out of a XenServer suspend > image. >=20 > Is it even remotely possible? >=20 Yes. In order for it to work I believe the DomU needs to call KeInitializeCrashDumpHeader to place a crash dump header inside the memory image (eg in NonPagedPool). KeInitializeCrashDumpHeader is available in 2003sp1 and newer. You can then find that info in the saved image and use it to build a windows compatible crash dump. There is more to it than that obviously and I haven't actually done it myself. Ideally it would be possible to do 'xl wincrashdump -o memory.dmp domu_name' and have it all happen. I've BCC'd the guy who wrote a program to do it to see if he can share it (hope he doesn't mind :) James