On Mon, Oct 10, 2011 at 02:38:35PM +0200, Paolo Bonzini wrote: > On 10/10/2011 02:00 PM, Alon Levy wrote: > >>> Note that the guest can generate the buffer before it crashes. > >>> > >Thanks. The contents seem to be undocumented (stubbed in reactos). > > Those lazy reactos authors. :) > > 32-bit: > > http://www.google.com/codesearch#s5CWGGZtI6g/trunk/Volatility/vtypes.py&q=MajorVersion&exact_package=http://volatility.googlecode.com/svn&ct=rc&cd=1 > > 64-bit: > > https://singularity.svn.codeplex.com/svn/base/Windows/Inc/Dump.h > > Looks like most of the fields can be made up at crash time, with > some luck the others are not needed for a basic debugging session. >
Great. Nice that singularity exposes stuff not in WinDDK. > Paolo >
