On 10/10/2011 02:00 PM, Alon Levy wrote:
> Note that the guest can generate the buffer before it crashes.
>
Thanks. The contents seem to be undocumented (stubbed in reactos).
Those lazy reactos authors. :)
32-bit:
http://www.google.com/codesearch#s5CWGGZtI6g/trunk/Volatility/vtypes.py&q=MajorVersion&exact_package=http://volatility.googlecode.com/svn&ct=rc&cd=1
64-bit:
https://singularity.svn.codeplex.com/svn/base/Windows/Inc/Dump.h
Looks like most of the fields can be made up at crash time, with some
luck the others are not needed for a basic debugging session.
Paolo
