Message ID | 1535546488-30208-1-git-send-email-viktor.prutyanov@virtuozzo.com |
---|---|
Headers | show |
Series | contrib: add elf2dmp tool | expand |
В Wed, 29 Aug 2018 15:41:23 +0300 Viktor Prutyanov <viktor.prutyanov@virtuozzo.com> пишет: > elf2dmp is a converter from ELF dump (produced by > 'dump-guest-memory') to Windows MEMORY.DMP format (also know as > 'Complete Memory Dump') which can be opened in WinDbg. > > This tool can help if VMCoreInfo device/driver is absent in Windows > VM and 'dump-guest-memory -w' is not available but dump can be > created in ELF format. > > elf2dmp differs from other universal converters in method of > determining of virtual memory layout. The tool uses register values > from QEMU ELF dump file to do it. In particular, it uses > KERNEL_GS_BASE value added to dump format in QEMU 3.0. > > Even if KERNEL_GS_BASEs are absent in ELF dump file, at least 1 vCPU > with kernel task can be found quite often and virtual memory layout > can be determined. > > Viktor Prutyanov (5): > dump: move Windows dump structures definitions > contrib: add elf2dmp tool > contrib/elf2dmp: improve paging root selection > contrib/elf2dmp: add DMP file name as 2nd argument > contrib/elf2dmp: add 1GB and 2MB pages support > > Makefile | 5 + > Makefile.objs | 1 + > configure | 3 + > contrib/elf2dmp/Makefile.objs | 1 + > contrib/elf2dmp/addrspace.c | 236 +++++++++++++++++ > contrib/elf2dmp/addrspace.h | 44 ++++ > contrib/elf2dmp/download.c | 50 ++++ > contrib/elf2dmp/download.h | 13 + > contrib/elf2dmp/err.h | 13 + > contrib/elf2dmp/kdbg.h | 194 ++++++++++++++ > contrib/elf2dmp/main.c | 594 > ++++++++++++++++++++++++++++++++++++++++++ > contrib/elf2dmp/pdb.c | 331 +++++++++++++++++++++++ > contrib/elf2dmp/pdb.h | 241 +++++++++++++++++ > contrib/elf2dmp/pe.h | 121 +++++++++ > contrib/elf2dmp/qemu_elf.c | 172 ++++++++++++ > contrib/elf2dmp/qemu_elf.h | 51 ++++ > include/qemu/win_dump_defs.h | 179 +++++++++++++ > win_dump.h | 166 +----------- 18 files changed, > 2253 insertions(+), 162 deletions(-) create mode 100644 > contrib/elf2dmp/Makefile.objs create mode 100644 > contrib/elf2dmp/addrspace.c create mode 100644 > contrib/elf2dmp/addrspace.h create mode 100644 > contrib/elf2dmp/download.c create mode 100644 > contrib/elf2dmp/download.h create mode 100644 contrib/elf2dmp/err.h > create mode 100644 contrib/elf2dmp/kdbg.h > create mode 100644 contrib/elf2dmp/main.c > create mode 100644 contrib/elf2dmp/pdb.c > create mode 100644 contrib/elf2dmp/pdb.h > create mode 100644 contrib/elf2dmp/pe.h > create mode 100644 contrib/elf2dmp/qemu_elf.c > create mode 100644 contrib/elf2dmp/qemu_elf.h > create mode 100644 include/qemu/win_dump_defs.h > ping
On 29/08/2018 14:41, Viktor Prutyanov wrote: > elf2dmp is a converter from ELF dump (produced by 'dump-guest-memory') to > Windows MEMORY.DMP format (also know as 'Complete Memory Dump') which can be > opened in WinDbg. > > This tool can help if VMCoreInfo device/driver is absent in Windows VM and > 'dump-guest-memory -w' is not available but dump can be created in ELF format. > > elf2dmp differs from other universal converters in method of determining of > virtual memory layout. The tool uses register values from QEMU ELF dump file > to do it. In particular, it uses KERNEL_GS_BASE value added to dump format in > QEMU 3.0. > > Even if KERNEL_GS_BASEs are absent in ELF dump file, at least 1 vCPU with > kernel task can be found quite often and virtual memory layout can be > determined. > > Viktor Prutyanov (5): > dump: move Windows dump structures definitions > contrib: add elf2dmp tool > contrib/elf2dmp: improve paging root selection > contrib/elf2dmp: add DMP file name as 2nd argument > contrib/elf2dmp: add 1GB and 2MB pages support > > Makefile | 5 + > Makefile.objs | 1 + > configure | 3 + > contrib/elf2dmp/Makefile.objs | 1 + > contrib/elf2dmp/addrspace.c | 236 +++++++++++++++++ > contrib/elf2dmp/addrspace.h | 44 ++++ > contrib/elf2dmp/download.c | 50 ++++ > contrib/elf2dmp/download.h | 13 + > contrib/elf2dmp/err.h | 13 + > contrib/elf2dmp/kdbg.h | 194 ++++++++++++++ > contrib/elf2dmp/main.c | 594 ++++++++++++++++++++++++++++++++++++++++++ > contrib/elf2dmp/pdb.c | 331 +++++++++++++++++++++++ > contrib/elf2dmp/pdb.h | 241 +++++++++++++++++ > contrib/elf2dmp/pe.h | 121 +++++++++ > contrib/elf2dmp/qemu_elf.c | 172 ++++++++++++ > contrib/elf2dmp/qemu_elf.h | 51 ++++ > include/qemu/win_dump_defs.h | 179 +++++++++++++ > win_dump.h | 166 +----------- > 18 files changed, 2253 insertions(+), 162 deletions(-) > create mode 100644 contrib/elf2dmp/Makefile.objs > create mode 100644 contrib/elf2dmp/addrspace.c > create mode 100644 contrib/elf2dmp/addrspace.h > create mode 100644 contrib/elf2dmp/download.c > create mode 100644 contrib/elf2dmp/download.h > create mode 100644 contrib/elf2dmp/err.h > create mode 100644 contrib/elf2dmp/kdbg.h > create mode 100644 contrib/elf2dmp/main.c > create mode 100644 contrib/elf2dmp/pdb.c > create mode 100644 contrib/elf2dmp/pdb.h > create mode 100644 contrib/elf2dmp/pe.h > create mode 100644 contrib/elf2dmp/qemu_elf.c > create mode 100644 contrib/elf2dmp/qemu_elf.h > create mode 100644 include/qemu/win_dump_defs.h > Queued, squashing patches 2-5. Would you like to send a patch for MAINTAINERS, adding yourself for elf2dmp? Paolo
On Fri, 14 Sep 2018 17:22:14 +0200 Paolo Bonzini <pbonzini@redhat.com> wrote: > On 29/08/2018 14:41, Viktor Prutyanov wrote: > > elf2dmp is a converter from ELF dump (produced by > > 'dump-guest-memory') to Windows MEMORY.DMP format (also know as > > 'Complete Memory Dump') which can be opened in WinDbg. > > > > This tool can help if VMCoreInfo device/driver is absent in Windows > > VM and 'dump-guest-memory -w' is not available but dump can be > > created in ELF format. > > > > elf2dmp differs from other universal converters in method of > > determining of virtual memory layout. The tool uses register values > > from QEMU ELF dump file to do it. In particular, it uses > > KERNEL_GS_BASE value added to dump format in QEMU 3.0. > > > > Even if KERNEL_GS_BASEs are absent in ELF dump file, at least 1 > > vCPU with kernel task can be found quite often and virtual memory > > layout can be determined. > > > > Viktor Prutyanov (5): > > dump: move Windows dump structures definitions > > contrib: add elf2dmp tool > > contrib/elf2dmp: improve paging root selection > > contrib/elf2dmp: add DMP file name as 2nd argument > > contrib/elf2dmp: add 1GB and 2MB pages support > > > > Makefile | 5 + > > Makefile.objs | 1 + > > configure | 3 + > > contrib/elf2dmp/Makefile.objs | 1 + > > contrib/elf2dmp/addrspace.c | 236 +++++++++++++++++ > > contrib/elf2dmp/addrspace.h | 44 ++++ > > contrib/elf2dmp/download.c | 50 ++++ > > contrib/elf2dmp/download.h | 13 + > > contrib/elf2dmp/err.h | 13 + > > contrib/elf2dmp/kdbg.h | 194 ++++++++++++++ > > contrib/elf2dmp/main.c | 594 > > ++++++++++++++++++++++++++++++++++++++++++ > > contrib/elf2dmp/pdb.c | 331 +++++++++++++++++++++++ > > contrib/elf2dmp/pdb.h | 241 +++++++++++++++++ > > contrib/elf2dmp/pe.h | 121 +++++++++ > > contrib/elf2dmp/qemu_elf.c | 172 ++++++++++++ > > contrib/elf2dmp/qemu_elf.h | 51 ++++ > > include/qemu/win_dump_defs.h | 179 +++++++++++++ > > win_dump.h | 166 +----------- 18 files changed, > > 2253 insertions(+), 162 deletions(-) create mode 100644 > > contrib/elf2dmp/Makefile.objs create mode 100644 > > contrib/elf2dmp/addrspace.c create mode 100644 > > contrib/elf2dmp/addrspace.h create mode 100644 > > contrib/elf2dmp/download.c create mode 100644 > > contrib/elf2dmp/download.h create mode 100644 contrib/elf2dmp/err.h > > create mode 100644 contrib/elf2dmp/kdbg.h > > create mode 100644 contrib/elf2dmp/main.c > > create mode 100644 contrib/elf2dmp/pdb.c > > create mode 100644 contrib/elf2dmp/pdb.h > > create mode 100644 contrib/elf2dmp/pe.h > > create mode 100644 contrib/elf2dmp/qemu_elf.c > > create mode 100644 contrib/elf2dmp/qemu_elf.h > > create mode 100644 include/qemu/win_dump_defs.h > > > > Queued, squashing patches 2-5. Would you like to send a patch for > MAINTAINERS, adding yourself for elf2dmp? > > Paolo If I add myself to MAINTAINERS, what I will be expected to do? Viktor
On 18/09/2018 07:44, Viktor Prutyanov wrote: > On Fri, 14 Sep 2018 17:22:14 +0200 > Paolo Bonzini <pbonzini@redhat.com> wrote: > >> On 29/08/2018 14:41, Viktor Prutyanov wrote: >>> elf2dmp is a converter from ELF dump (produced by >>> 'dump-guest-memory') to Windows MEMORY.DMP format (also know as >>> 'Complete Memory Dump') which can be opened in WinDbg. >>> >>> This tool can help if VMCoreInfo device/driver is absent in Windows >>> VM and 'dump-guest-memory -w' is not available but dump can be >>> created in ELF format. >>> >>> elf2dmp differs from other universal converters in method of >>> determining of virtual memory layout. The tool uses register values >>> from QEMU ELF dump file to do it. In particular, it uses >>> KERNEL_GS_BASE value added to dump format in QEMU 3.0. >>> >>> Even if KERNEL_GS_BASEs are absent in ELF dump file, at least 1 >>> vCPU with kernel task can be found quite often and virtual memory >>> layout can be determined. >>> >>> Viktor Prutyanov (5): >>> dump: move Windows dump structures definitions >>> contrib: add elf2dmp tool >>> contrib/elf2dmp: improve paging root selection >>> contrib/elf2dmp: add DMP file name as 2nd argument >>> contrib/elf2dmp: add 1GB and 2MB pages support >>> >>> Makefile | 5 + >>> Makefile.objs | 1 + >>> configure | 3 + >>> contrib/elf2dmp/Makefile.objs | 1 + >>> contrib/elf2dmp/addrspace.c | 236 +++++++++++++++++ >>> contrib/elf2dmp/addrspace.h | 44 ++++ >>> contrib/elf2dmp/download.c | 50 ++++ >>> contrib/elf2dmp/download.h | 13 + >>> contrib/elf2dmp/err.h | 13 + >>> contrib/elf2dmp/kdbg.h | 194 ++++++++++++++ >>> contrib/elf2dmp/main.c | 594 >>> ++++++++++++++++++++++++++++++++++++++++++ >>> contrib/elf2dmp/pdb.c | 331 +++++++++++++++++++++++ >>> contrib/elf2dmp/pdb.h | 241 +++++++++++++++++ >>> contrib/elf2dmp/pe.h | 121 +++++++++ >>> contrib/elf2dmp/qemu_elf.c | 172 ++++++++++++ >>> contrib/elf2dmp/qemu_elf.h | 51 ++++ >>> include/qemu/win_dump_defs.h | 179 +++++++++++++ >>> win_dump.h | 166 +----------- 18 files changed, >>> 2253 insertions(+), 162 deletions(-) create mode 100644 >>> contrib/elf2dmp/Makefile.objs create mode 100644 >>> contrib/elf2dmp/addrspace.c create mode 100644 >>> contrib/elf2dmp/addrspace.h create mode 100644 >>> contrib/elf2dmp/download.c create mode 100644 >>> contrib/elf2dmp/download.h create mode 100644 contrib/elf2dmp/err.h >>> create mode 100644 contrib/elf2dmp/kdbg.h >>> create mode 100644 contrib/elf2dmp/main.c >>> create mode 100644 contrib/elf2dmp/pdb.c >>> create mode 100644 contrib/elf2dmp/pdb.h >>> create mode 100644 contrib/elf2dmp/pe.h >>> create mode 100644 contrib/elf2dmp/qemu_elf.c >>> create mode 100644 contrib/elf2dmp/qemu_elf.h >>> create mode 100644 include/qemu/win_dump_defs.h >>> >> >> Queued, squashing patches 2-5. Would you like to send a patch for >> MAINTAINERS, adding yourself for elf2dmp? >> >> Paolo > > If I add myself to MAINTAINERS, what I will be expected to do? As a start, it's okay if you just review any patch. Peter or I (or in the future, the committer / misc tree maintainer) can take care of applying them. Paolo