Xen project Mailing List

Re: [Xen-devel] RE: produce windows compatible dump file from Dom0

From: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>

Date: Tue, 8 Nov 2011 10:40:34 -0500

Cc: Paul Durrant <Paul.Durrant@xxxxxxxxxx>, James Harper <james.harper@xxxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx

Delivery-date: Tue, 08 Nov 2011 07:43:49 -0800

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

On Tue, Nov 08, 2011 at 03:15:10PM +0000, David Markey wrote: > Hi Konrad, > > Sorry for resurrecting, Oh no trouble. > > Did "the guy" manage to get clearance to release the source for this > particular project? Uh, I think we lost track of this. Let me poke "the guy". > > > Thanks! > > David > > > On 26 May 2011 13:52, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> wrote: > > > On Wed, May 25, 2011 at 10:16:06PM +1000, James Harper wrote: > > > > > > > > Hi all, > > > > > > > > Did anyone make any progress on this? > > > > > > > > I'm interested in getting a Windows memory dump out of a XenServer > > > suspend > > > > image. > > > > > > > > Is it even remotely possible? > > > > > > > > > > Yes. In order for it to work I believe the DomU needs to call > > > KeInitializeCrashDumpHeader to place a crash dump header inside the > > > memory image (eg in NonPagedPool). KeInitializeCrashDumpHeader is > > > available in 2003sp1 and newer. You can then find that info in the saved > > > image and use it to build a windows compatible crash dump. There is more > > > to it than that obviously and I haven't actually done it myself. Ideally > > > it would be possible to do 'xl wincrashdump -o memory.dmp domu_name' and > > > have it all happen. > > > > > > I've BCC'd the guy who wrote a program to do it to see if he can share > > > it (hope he doesn't mind :) > > > > I am not "the guy", and while "the guy" is working on getting a blanket > > OK to release the source (or executable), let me give you some of the > > technical details in case you feel inspired to write this yourself. > > > > The process in making a dumpconverter involves finding the windows dump > > header > > in memory and putting it at the beginning of the output file, then taking > > the > > raw domain dump and writing it as is except that the following two ranges > > need > > to be skipped - which can vary from system to system: > > 1) the ELF header (by default the first 6 pages of the raw dump) > > 2) a range which might be BIOS, which by default in the tool is set to > > pages 0x9F to 0xDF. > > > > Good luck! > > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.