summaryrefslogtreecommitdiffstats
path: root/win_dump.c
Commit message (Collapse)AuthorAgeFilesLines
* dump: fix Windows dump memory run mappingViktor Prutyanov2018-10-021-18/+22
| | | | | | | | | | | We should map and use guest memory run by parts if it can't be mapped as a whole. After this patch, continuos guest physical memory blocks which are not continuos in host virtual address space will be processed correctly. Signed-off-by: Viktor Prutyanov <viktor.prutyanov@virtuozzo.com> Message-Id: <1535567456-6904-1-git-send-email-viktor.prutyanov@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* dump: add Windows live system dumpViktor Prutyanov2018-06-291-2/+154
| | | | | | | | | | | | Unlike dying Windows, live system memory doesn't contain correct register contexts. But they can be populated with QEMU register values. After this patch, QEMU will be able to produce guest Windows live system dump. Signed-off-by: Viktor Prutyanov <viktor.prutyanov@virtuozzo.com> Message-Id: <20180517162342.4330-5-viktor.prutyanov@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* dump: add fallback KDBG using in Windows dumpViktor Prutyanov2018-06-291-6/+22
| | | | | | | | | | | KdDebuggerDataBlock may be encrypted in guest memory and dump will be useless in this case. But guest driver can obtain decrypted KDBG and expose its address through BugcheckParameter1 field in raw header. After this patch, QEMU will be able to use fallback KdDebuggerDataBlock. Signed-off-by: Viktor Prutyanov <viktor.prutyanov@virtuozzo.com> Message-Id: <20180517162342.4330-4-viktor.prutyanov@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* dump: use system context in Windows dumpViktor Prutyanov2018-06-291-9/+17
| | | | | | | | | | We use CPU #0 to access guest virtual memory, but it can execute user thread at that moment. So, switch CR3 to PageDirectoryBase from header and restore original value at the end. Signed-off-by: Viktor Prutyanov <viktor.prutyanov@virtuozzo.com> Message-Id: <20180517162342.4330-3-viktor.prutyanov@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* dump: add Windows dump format to dump-guest-memoryViktor Prutyanov2018-06-291-0/+209
This patch adds Windows crashdumping feature. Now QEMU can produce ELF-dump containing Windows crashdump header, which can help to convert to a valid WinDbg-understandable crashdump file, or immediately create such file. The crashdump will be obtained by joining physical memory dump and 8K header exposed through vmcoreinfo/fw_cfg device by guest driver at BSOD time. Option '-w' was added to dump-guest-memory command. At the moment, only x64 configuration is supported. Suitable driver can be found at https://github.com/virtio-win/kvm-guest-drivers-windows/tree/master/fwcfg64 Signed-off-by: Viktor Prutyanov <viktor.prutyanov@virtuozzo.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20180517162342.4330-2-viktor.prutyanov@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-07-11 00:34:03 +0200