On Tue, 17 Apr 2018 16:17:54 +0200 Marc-André Lureau <marcandre.lur...@gmail.com> wrote:
Hello, > Hi > > On Tue, Apr 17, 2018 at 3:50 PM, Viktor Prutyanov > <viktor.prutya...@virtuozzo.com> wrote: > > This patch adds Windows crashdumping feature. Now QEMU can produce > > ELF-dump containing Windows crashdump header, which can help to > > convert to a valid WinDbg-understandable crashdump file, or > > immediately create such file. The crashdump will be obtained by > > joining physical memory dump and 8K header exposed through > > vmcoreinfo/fw_cfg device by guest driver at BSOD time. Option '-w' > > was added to dump-guest-memory command. At the moment, only x64 > > configuration is supported. Suitable driver can be found at > > https://github.com/virtio-win/kvm-guest-drivers-windows/tree/master/fwcfg64 > > > > Signed-off-by: Viktor Prutyanov <viktor.prutya...@virtuozzo.com> > > --- > > untested, but looks good to me. > > Could you provide more details on how to test? provide a test build > for the driver, the tool you use for elf conversion, explain windbg > usage etc? > > Thanks How to test: 1. Use '-device vmcoreinfo', then install fwcfg64 driver from virtio-win repository into guest Windows. Versions from 7 to 10 are supported. Unofficial test-signed driver sample can be found at https://www.dropbox.com/s/nodjbehr9bb1x6i/fwcfg.zip?dl=0 2. Turn off "Automatically restart" or use '-device pvpanic -no-shutdown' and install pvpanic driver. 3. Cause BSOD, for example, with HMP 'nmi' command. 4. Execute HMP command 'dump-guest-memory -w memory.dmp' 5. Open memory.dmp with WinDbg (better from WDK 10) on a Windows machine. It can use dump file in a proper way, for example, to display general information about dump with '!analyze -v' command or investigate a call stack with 'k' command. In this way, if guest Windows can't save dump in appropriate type, we can still do this. At the moment, there are no tools to produce fully valid Windows dump file from ELF because they are unaware of header information. But in future, tools like Volatility which try to do this, could use header from ELF-note. Regards, Viktor Prutyanov
