[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] RE: produce windows compatible dump file from Dom0


Kdd is for live debugging,(I thought)

I'm looking to specifically convert a VM save image(i,e, after suspend) into a WinDBG compatible image.

It looked like the utility Konrad spoke of could have achieved this.

David



On 8 November 2011 16:20, Paul Durrant <Paul.Durrant@xxxxxxxxxx> wrote:
Can't this now be done using kdd?

 Paul

> -----Original Message-----
> From: Konrad Rzeszutek Wilk [mailto:konrad.wilk@xxxxxxxxxx]
> Sent: 08 November 2011 15:41
> To: David Markey
> Cc: James Harper; Paul Durrant; xen-devel@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Xen-devel] RE: produce windows compatible dump file
> from Dom0
>
> On Tue, Nov 08, 2011 at 03:15:10PM +0000, David Markey wrote:
> > Hi Konrad,
> >
> > Sorry for resurrecting,
>
> Oh no trouble.
> >
> > Did "the guy" manage to get clearance to release the source for
> this
> > particular project?
>
> Uh, I think we lost track of this. Let me poke "the guy".
>
> >
> >
> > Thanks!
> >
> > David
> >
> >
> > On 26 May 2011 13:52, Konrad Rzeszutek Wilk
> <konrad.wilk@xxxxxxxxxx> wrote:
> >
> > > On Wed, May 25, 2011 at 10:16:06PM +1000, James Harper wrote:
> > > > >
> > > > > Hi all,
> > > > >
> > > > > Did anyone make any progress on this?
> > > > >
> > > > > I'm interested in getting a Windows memory dump out of a
> > > > > XenServer
> > > > suspend
> > > > > image.
> > > > >
> > > > > Is it even remotely possible?
> > > > >
> > > >
> > > > Yes. In order for it to work I believe the DomU needs to call
> > > > KeInitializeCrashDumpHeader to place a crash dump header
> inside
> > > > the memory image (eg in NonPagedPool).
> KeInitializeCrashDumpHeader
> > > > is available in 2003sp1 and newer. You can then find that info
> in
> > > > the saved image and use it to build a windows compatible crash
> > > > dump. There is more to it than that obviously and I haven't
> > > > actually done it myself. Ideally it would be possible to do
> 'xl
> > > > wincrashdump -o memory.dmp domu_name' and have it all happen.
> > > >
> > > > I've BCC'd the guy who wrote a program to do it to see if he
> can
> > > > share it (hope he doesn't mind :)
> > >
> > > I am not "the guy", and while "the guy" is working on getting a
> > > blanket OK to release the source (or executable), let me give
> you
> > > some of the technical details in case you feel inspired to write
> this yourself.
> > >
> > > The process in making a dumpconverter involves finding the
> windows
> > > dump header in memory and putting it at the beginning of the
> output
> > > file, then taking the raw domain dump and writing it as is
> except
> > > that the following two ranges need to be skipped - which can
> vary
> > > from system to system:
> > >   1) the ELF header (by default the first 6 pages of the raw
> dump)
> > >   2) a range which might be BIOS, which by default in the tool
> is set to
> > >      pages 0x9F to 0xDF.
> > >
> > > Good luck!
> > >

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.