WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] RE: produce windows compatible dump file from Dom0

To: David Markey <admin@xxxxxxxxxxx>
Subject: Re: [Xen-devel] RE: produce windows compatible dump file from Dom0
From: Tim Deegan <tim@xxxxxxx>
Date: Tue, 8 Nov 2011 22:04:22 +0000
Cc: Paul Durrant <Paul.Durrant@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, James Harper <james.harper@xxxxxxxxxxxxxxxx>
Delivery-date: Tue, 08 Nov 2011 14:07:10 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CANXrN=1Lno3WKxaQ=7QkV5W_ieRdSCPXsUoL4to+_7AL6GHYWA@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <AEC6C66638C05B468B556EA548C1A77D01C558B2@trantor> <291EDFCB1E9E224A99088639C47620228D3EDCA57D@xxxxxxxxxxxxxxxxxxxxxxxxx> <AEC6C66638C05B468B556EA548C1A77D01C558C1@trantor> <BANLkTin1MKmJXTe53SJBHxvw+TYgrEpdpw@xxxxxxxxxxxxxx> <AEC6C66638C05B468B556EA548C1A77D01D573FD@trantor> <20110526125239.GA7838@xxxxxxxxxxxx> <CANXrN=0E70=AWfyhzUk6N3Rw=oVNqzcmUweCRforKpa3GQG4oQ@xxxxxxxxxxxxxx> <20111108154034.GA12849@xxxxxxxxxxxxxxxxxxx> <291EDFCB1E9E224A99088639C4762022B4543AB142@xxxxxxxxxxxxxxxxxxxxxxxxx> <CANXrN=1Lno3WKxaQ=7QkV5W_ieRdSCPXsUoL4to+_7AL6GHYWA@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.4.2.1i
At 16:28 +0000 on 08 Nov (1320769712), David Markey wrote:
> Kdd is for live debugging,(I thought)

It could be converted to run against a save file -- internally the
windowsy bits are kept separate from the state-access bits so it should
"just" be a matter of writing a new backend that can unfold save files
to get at memory and CPU state. 

For a quicker, uglier fix, you could restore (a copy of) the state file
into a paused VM. :)

kdd needs a bit of care and attention, actually; its internal list of
magic constants will need updating for recent windowses, and it hasn't
been tested against very recent debugger versions.  Sadly, I doubt I'll
have time to spend installing/prodding various windows flavours any time
soon. :(

Tim.

> I'm looking to specifically convert a VM save image(i,e, after suspend)
> into a WinDBG compatible image.
> 
> It looked like the utility Konrad spoke of could have achieved this.
> 
> David
> 
> 
> 
> On 8 November 2011 16:20, Paul Durrant <Paul.Durrant@xxxxxxxxxx> wrote:
> 
> > Can't this now be done using kdd?
> >
> >  Paul
> >
> > > -----Original Message-----
> > > From: Konrad Rzeszutek Wilk [mailto:konrad.wilk@xxxxxxxxxx]
> > > Sent: 08 November 2011 15:41
> > > To: David Markey
> > > Cc: James Harper; Paul Durrant; xen-devel@xxxxxxxxxxxxxxxxxxx
> > > Subject: Re: [Xen-devel] RE: produce windows compatible dump file
> > > from Dom0
> > >
> > > On Tue, Nov 08, 2011 at 03:15:10PM +0000, David Markey wrote:
> > > > Hi Konrad,
> > > >
> > > > Sorry for resurrecting,
> > >
> > > Oh no trouble.
> > > >
> > > > Did "the guy" manage to get clearance to release the source for
> > > this
> > > > particular project?
> > >
> > > Uh, I think we lost track of this. Let me poke "the guy".
> > >
> > > >
> > > >
> > > > Thanks!
> > > >
> > > > David
> > > >
> > > >
> > > > On 26 May 2011 13:52, Konrad Rzeszutek Wilk
> > > <konrad.wilk@xxxxxxxxxx> wrote:
> > > >
> > > > > On Wed, May 25, 2011 at 10:16:06PM +1000, James Harper wrote:
> > > > > > >
> > > > > > > Hi all,
> > > > > > >
> > > > > > > Did anyone make any progress on this?
> > > > > > >
> > > > > > > I'm interested in getting a Windows memory dump out of a
> > > > > > > XenServer
> > > > > > suspend
> > > > > > > image.
> > > > > > >
> > > > > > > Is it even remotely possible?
> > > > > > >
> > > > > >
> > > > > > Yes. In order for it to work I believe the DomU needs to call
> > > > > > KeInitializeCrashDumpHeader to place a crash dump header
> > > inside
> > > > > > the memory image (eg in NonPagedPool).
> > > KeInitializeCrashDumpHeader
> > > > > > is available in 2003sp1 and newer. You can then find that info
> > > in
> > > > > > the saved image and use it to build a windows compatible crash
> > > > > > dump. There is more to it than that obviously and I haven't
> > > > > > actually done it myself. Ideally it would be possible to do
> > > 'xl
> > > > > > wincrashdump -o memory.dmp domu_name' and have it all happen.
> > > > > >
> > > > > > I've BCC'd the guy who wrote a program to do it to see if he
> > > can
> > > > > > share it (hope he doesn't mind :)
> > > > >
> > > > > I am not "the guy", and while "the guy" is working on getting a
> > > > > blanket OK to release the source (or executable), let me give
> > > you
> > > > > some of the technical details in case you feel inspired to write
> > > this yourself.
> > > > >
> > > > > The process in making a dumpconverter involves finding the
> > > windows
> > > > > dump header in memory and putting it at the beginning of the
> > > output
> > > > > file, then taking the raw domain dump and writing it as is
> > > except
> > > > > that the following two ranges need to be skipped - which can
> > > vary
> > > > > from system to system:
> > > > >   1) the ELF header (by default the first 6 pages of the raw
> > > dump)
> > > > >   2) a range which might be BIOS, which by default in the tool
> > > is set to
> > > > >      pages 0x9F to 0xDF.
> > > > >
> > > > > Good luck!
> > > > >
> >

> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel