Re: [Qemu-devel] [PATCH v1] dump: add Windows dump format to dump-guest-

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v1] dump: add Windows dump format to dump-guest-

From:	Viktor Prutyanov
Subject:	Re: [Qemu-devel] [PATCH v1] dump: add Windows dump format to dump-guest-memory
Date:	Tue, 17 Apr 2018 18:43:25 +0300

On Tue, 17 Apr 2018 16:17:54 +0200
Marc-André Lureau <address@hidden> wrote:

Hello,

> Hi
> 
> On Tue, Apr 17, 2018 at 3:50 PM, Viktor Prutyanov
> <address@hidden> wrote:
> > This patch adds Windows crashdumping feature. Now QEMU can produce
> > ELF-dump containing Windows crashdump header, which can help to
> > convert to a valid WinDbg-understandable crashdump file, or
> > immediately create such file. The crashdump will be obtained by
> > joining physical memory dump and 8K header exposed through
> > vmcoreinfo/fw_cfg device by guest driver at BSOD time. Option '-w'
> > was added to dump-guest-memory command. At the moment, only x64
> > configuration is supported. Suitable driver can be found at
> > https://github.com/virtio-win/kvm-guest-drivers-windows/tree/master/fwcfg64
> >
> > Signed-off-by: Viktor Prutyanov <address@hidden>
> > ---  
> 
> untested, but looks good to me.
> 
> Could you provide more details on how to test? provide a test build
> for the driver, the tool you use for elf conversion, explain windbg
> usage etc?
> 
> Thanks

How to test:

1. Use '-device vmcoreinfo', then install fwcfg64 driver from
   virtio-win repository into guest Windows. Versions from 7 to 10 are
   supported.
   Unofficial test-signed driver sample can be found at
   https://www.dropbox.com/s/nodjbehr9bb1x6i/fwcfg.zip?dl=0
2. Turn off "Automatically restart" or 
   use '-device pvpanic -no-shutdown' and install pvpanic driver.
3. Cause BSOD, for example, with HMP 'nmi' command.
4. Execute HMP command 'dump-guest-memory -w memory.dmp'
5. Open memory.dmp with WinDbg (better from WDK 10) on a Windows
   machine. It can use dump file in a proper way, for example, to
   display general information about dump with '!analyze -v' command or
   investigate a call stack with 'k' command.

In this way, if guest Windows can't save dump in appropriate type, we
can still do this.

At the moment, there are no tools to produce fully valid Windows dump
file from ELF because they are unaware of header information. But in
future, tools like Volatility which try to do this, could use header
from ELF-note.

Regards,
Viktor Prutyanov

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v1] dump: add Windows dump format to dump-guest-memory, Viktor Prutyanov, 2018/04/17
- Re: [Qemu-devel] [PATCH v1] dump: add Windows dump format to dump-guest-memory, Marc-André Lureau, 2018/04/17
  - Re: [Qemu-devel] [PATCH v1] dump: add Windows dump format to dump-guest-memory, Viktor Prutyanov <=
- Re: [Qemu-devel] [PATCH v1] dump: add Windows dump format to dump-guest-memory, Eric Blake, 2018/04/18

Prev by Date: Re: [Qemu-devel] [PATCH v4 0/9] enable numa configuration before machine_init() from QMP
Next by Date: Re: [Qemu-devel] [PATCH v1 0/1] xilinx_spips dummy bytes fix
Previous by thread: Re: [Qemu-devel] [PATCH v1] dump: add Windows dump format to dump-guest-memory
Next by thread: Re: [Qemu-devel] [PATCH v1] dump: add Windows dump format to dump-guest-memory
Index(es):
- Date
- Thread