1. Patchew
  2. QEMU
  3. View series

[Qemu-devel] [PATCH 0/5] contrib: add elf2dmp tool

Viktor Prutyanov posted 5 patches 7 years, 2 months ago
Only 4 patches received!
Makefile                      |   5 +
Makefile.objs                 |   1 +
configure                     |   3 +
contrib/elf2dmp/Makefile.objs |   1 +
contrib/elf2dmp/addrspace.c   | 236 +++++++++++++++++
contrib/elf2dmp/addrspace.h   |  44 ++++
contrib/elf2dmp/download.c    |  50 ++++
contrib/elf2dmp/download.h    |  13 +
contrib/elf2dmp/err.h         |  13 +
contrib/elf2dmp/kdbg.h        | 194 ++++++++++++++
contrib/elf2dmp/main.c        | 594 ++++++++++++++++++++++++++++++++++++++++++
contrib/elf2dmp/pdb.c         | 331 +++++++++++++++++++++++
contrib/elf2dmp/pdb.h         | 241 +++++++++++++++++
contrib/elf2dmp/pe.h          | 121 +++++++++
contrib/elf2dmp/qemu_elf.c    | 172 ++++++++++++
contrib/elf2dmp/qemu_elf.h    |  51 ++++
include/qemu/win_dump_defs.h  | 179 +++++++++++++
win_dump.h                    | 166 +-----------
18 files changed, 2253 insertions(+), 162 deletions(-)
create mode 100644 contrib/elf2dmp/Makefile.objs
create mode 100644 contrib/elf2dmp/addrspace.c
create mode 100644 contrib/elf2dmp/addrspace.h
create mode 100644 contrib/elf2dmp/download.c
create mode 100644 contrib/elf2dmp/download.h
create mode 100644 contrib/elf2dmp/err.h
create mode 100644 contrib/elf2dmp/kdbg.h
create mode 100644 contrib/elf2dmp/main.c
create mode 100644 contrib/elf2dmp/pdb.c
create mode 100644 contrib/elf2dmp/pdb.h
create mode 100644 contrib/elf2dmp/pe.h
create mode 100644 contrib/elf2dmp/qemu_elf.c
create mode 100644 contrib/elf2dmp/qemu_elf.h
create mode 100644 include/qemu/win_dump_defs.h
[Qemu-devel] [PATCH 0/5] contrib: add elf2dmp tool
Posted by Viktor Prutyanov 7 years, 2 months ago 
elf2dmp is a converter from ELF dump (produced by 'dump-guest-memory') to
Windows MEMORY.DMP format (also know as 'Complete Memory Dump') which can be
opened in WinDbg.

This tool can help if VMCoreInfo device/driver is absent in Windows VM and
'dump-guest-memory -w' is not available but dump can be created in ELF format.

elf2dmp differs from other universal converters in method of determining of
virtual memory layout. The tool uses register values from QEMU ELF dump file
to do it. In particular, it uses KERNEL_GS_BASE value added to dump format in
QEMU 3.0.

Even if KERNEL_GS_BASEs are absent in ELF dump file, at least 1 vCPU with
kernel task can be found quite often and virtual memory layout can be
determined.

Viktor Prutyanov (5):
  dump: move Windows dump structures definitions
  contrib: add elf2dmp tool
  contrib/elf2dmp: improve paging root selection
  contrib/elf2dmp: add DMP file name as 2nd argument
  contrib/elf2dmp: add 1GB and 2MB pages support

 Makefile                      |   5 +
 Makefile.objs                 |   1 +
 configure                     |   3 +
 contrib/elf2dmp/Makefile.objs |   1 +
 contrib/elf2dmp/addrspace.c   | 236 +++++++++++++++++
 contrib/elf2dmp/addrspace.h   |  44 ++++
 contrib/elf2dmp/download.c    |  50 ++++
 contrib/elf2dmp/download.h    |  13 +
 contrib/elf2dmp/err.h         |  13 +
 contrib/elf2dmp/kdbg.h        | 194 ++++++++++++++
 contrib/elf2dmp/main.c        | 594 ++++++++++++++++++++++++++++++++++++++++++
 contrib/elf2dmp/pdb.c         | 331 +++++++++++++++++++++++
 contrib/elf2dmp/pdb.h         | 241 +++++++++++++++++
 contrib/elf2dmp/pe.h          | 121 +++++++++
 contrib/elf2dmp/qemu_elf.c    | 172 ++++++++++++
 contrib/elf2dmp/qemu_elf.h    |  51 ++++
 include/qemu/win_dump_defs.h  | 179 +++++++++++++
 win_dump.h                    | 166 +-----------
 18 files changed, 2253 insertions(+), 162 deletions(-)
 create mode 100644 contrib/elf2dmp/Makefile.objs
 create mode 100644 contrib/elf2dmp/addrspace.c
 create mode 100644 contrib/elf2dmp/addrspace.h
 create mode 100644 contrib/elf2dmp/download.c
 create mode 100644 contrib/elf2dmp/download.h
 create mode 100644 contrib/elf2dmp/err.h
 create mode 100644 contrib/elf2dmp/kdbg.h
 create mode 100644 contrib/elf2dmp/main.c
 create mode 100644 contrib/elf2dmp/pdb.c
 create mode 100644 contrib/elf2dmp/pdb.h
 create mode 100644 contrib/elf2dmp/pe.h
 create mode 100644 contrib/elf2dmp/qemu_elf.c
 create mode 100644 contrib/elf2dmp/qemu_elf.h
 create mode 100644 include/qemu/win_dump_defs.h

-- 
2.7.4
Re: [Qemu-devel] [PATCH 0/5] contrib: add elf2dmp tool
Posted by Viktor Prutyanov 7 years, 1 month ago 
В Wed, 29 Aug 2018 15:41:23 +0300
Viktor Prutyanov <viktor.prutyanov@virtuozzo.com> пишет:

> elf2dmp is a converter from ELF dump (produced by
> 'dump-guest-memory') to Windows MEMORY.DMP format (also know as
> 'Complete Memory Dump') which can be opened in WinDbg.
> 
> This tool can help if VMCoreInfo device/driver is absent in Windows
> VM and 'dump-guest-memory -w' is not available but dump can be
> created in ELF format.
> 
> elf2dmp differs from other universal converters in method of
> determining of virtual memory layout. The tool uses register values
> from QEMU ELF dump file to do it. In particular, it uses
> KERNEL_GS_BASE value added to dump format in QEMU 3.0.
> 
> Even if KERNEL_GS_BASEs are absent in ELF dump file, at least 1 vCPU
> with kernel task can be found quite often and virtual memory layout
> can be determined.
> 
> Viktor Prutyanov (5):
>   dump: move Windows dump structures definitions
>   contrib: add elf2dmp tool
>   contrib/elf2dmp: improve paging root selection
>   contrib/elf2dmp: add DMP file name as 2nd argument
>   contrib/elf2dmp: add 1GB and 2MB pages support
> 
>  Makefile                      |   5 +
>  Makefile.objs                 |   1 +
>  configure                     |   3 +
>  contrib/elf2dmp/Makefile.objs |   1 +
>  contrib/elf2dmp/addrspace.c   | 236 +++++++++++++++++
>  contrib/elf2dmp/addrspace.h   |  44 ++++
>  contrib/elf2dmp/download.c    |  50 ++++
>  contrib/elf2dmp/download.h    |  13 +
>  contrib/elf2dmp/err.h         |  13 +
>  contrib/elf2dmp/kdbg.h        | 194 ++++++++++++++
>  contrib/elf2dmp/main.c        | 594
> ++++++++++++++++++++++++++++++++++++++++++
> contrib/elf2dmp/pdb.c         | 331 +++++++++++++++++++++++
> contrib/elf2dmp/pdb.h         | 241 +++++++++++++++++
> contrib/elf2dmp/pe.h          | 121 +++++++++
> contrib/elf2dmp/qemu_elf.c    | 172 ++++++++++++
> contrib/elf2dmp/qemu_elf.h    |  51 ++++
> include/qemu/win_dump_defs.h  | 179 +++++++++++++
> win_dump.h                    | 166 +----------- 18 files changed,
> 2253 insertions(+), 162 deletions(-) create mode 100644
> contrib/elf2dmp/Makefile.objs create mode 100644
> contrib/elf2dmp/addrspace.c create mode 100644
> contrib/elf2dmp/addrspace.h create mode 100644
> contrib/elf2dmp/download.c create mode 100644
> contrib/elf2dmp/download.h create mode 100644 contrib/elf2dmp/err.h
>  create mode 100644 contrib/elf2dmp/kdbg.h
>  create mode 100644 contrib/elf2dmp/main.c
>  create mode 100644 contrib/elf2dmp/pdb.c
>  create mode 100644 contrib/elf2dmp/pdb.h
>  create mode 100644 contrib/elf2dmp/pe.h
>  create mode 100644 contrib/elf2dmp/qemu_elf.c
>  create mode 100644 contrib/elf2dmp/qemu_elf.h
>  create mode 100644 include/qemu/win_dump_defs.h
> 

ping
Re: [Qemu-devel] [PATCH 0/5] contrib: add elf2dmp tool
Posted by Paolo Bonzini 7 years, 1 month ago 
On 29/08/2018 14:41, Viktor Prutyanov wrote:
> elf2dmp is a converter from ELF dump (produced by 'dump-guest-memory') to
> Windows MEMORY.DMP format (also know as 'Complete Memory Dump') which can be
> opened in WinDbg.
> 
> This tool can help if VMCoreInfo device/driver is absent in Windows VM and
> 'dump-guest-memory -w' is not available but dump can be created in ELF format.
> 
> elf2dmp differs from other universal converters in method of determining of
> virtual memory layout. The tool uses register values from QEMU ELF dump file
> to do it. In particular, it uses KERNEL_GS_BASE value added to dump format in
> QEMU 3.0.
> 
> Even if KERNEL_GS_BASEs are absent in ELF dump file, at least 1 vCPU with
> kernel task can be found quite often and virtual memory layout can be
> determined.
> 
> Viktor Prutyanov (5):
>   dump: move Windows dump structures definitions
>   contrib: add elf2dmp tool
>   contrib/elf2dmp: improve paging root selection
>   contrib/elf2dmp: add DMP file name as 2nd argument
>   contrib/elf2dmp: add 1GB and 2MB pages support
> 
>  Makefile                      |   5 +
>  Makefile.objs                 |   1 +
>  configure                     |   3 +
>  contrib/elf2dmp/Makefile.objs |   1 +
>  contrib/elf2dmp/addrspace.c   | 236 +++++++++++++++++
>  contrib/elf2dmp/addrspace.h   |  44 ++++
>  contrib/elf2dmp/download.c    |  50 ++++
>  contrib/elf2dmp/download.h    |  13 +
>  contrib/elf2dmp/err.h         |  13 +
>  contrib/elf2dmp/kdbg.h        | 194 ++++++++++++++
>  contrib/elf2dmp/main.c        | 594 ++++++++++++++++++++++++++++++++++++++++++
>  contrib/elf2dmp/pdb.c         | 331 +++++++++++++++++++++++
>  contrib/elf2dmp/pdb.h         | 241 +++++++++++++++++
>  contrib/elf2dmp/pe.h          | 121 +++++++++
>  contrib/elf2dmp/qemu_elf.c    | 172 ++++++++++++
>  contrib/elf2dmp/qemu_elf.h    |  51 ++++
>  include/qemu/win_dump_defs.h  | 179 +++++++++++++
>  win_dump.h                    | 166 +-----------
>  18 files changed, 2253 insertions(+), 162 deletions(-)
>  create mode 100644 contrib/elf2dmp/Makefile.objs
>  create mode 100644 contrib/elf2dmp/addrspace.c
>  create mode 100644 contrib/elf2dmp/addrspace.h
>  create mode 100644 contrib/elf2dmp/download.c
>  create mode 100644 contrib/elf2dmp/download.h
>  create mode 100644 contrib/elf2dmp/err.h
>  create mode 100644 contrib/elf2dmp/kdbg.h
>  create mode 100644 contrib/elf2dmp/main.c
>  create mode 100644 contrib/elf2dmp/pdb.c
>  create mode 100644 contrib/elf2dmp/pdb.h
>  create mode 100644 contrib/elf2dmp/pe.h
>  create mode 100644 contrib/elf2dmp/qemu_elf.c
>  create mode 100644 contrib/elf2dmp/qemu_elf.h
>  create mode 100644 include/qemu/win_dump_defs.h
> 

Queued, squashing patches 2-5.  Would you like to send a patch for
MAINTAINERS, adding yourself for elf2dmp?

Paolo
Re: [Qemu-devel] [PATCH 0/5] contrib: add elf2dmp tool
Posted by Viktor Prutyanov 7 years, 1 month ago 
On Fri, 14 Sep 2018 17:22:14 +0200
Paolo Bonzini <pbonzini@redhat.com> wrote:

> On 29/08/2018 14:41, Viktor Prutyanov wrote:
> > elf2dmp is a converter from ELF dump (produced by
> > 'dump-guest-memory') to Windows MEMORY.DMP format (also know as
> > 'Complete Memory Dump') which can be opened in WinDbg.
> > 
> > This tool can help if VMCoreInfo device/driver is absent in Windows
> > VM and 'dump-guest-memory -w' is not available but dump can be
> > created in ELF format.
> > 
> > elf2dmp differs from other universal converters in method of
> > determining of virtual memory layout. The tool uses register values
> > from QEMU ELF dump file to do it. In particular, it uses
> > KERNEL_GS_BASE value added to dump format in QEMU 3.0.
> > 
> > Even if KERNEL_GS_BASEs are absent in ELF dump file, at least 1
> > vCPU with kernel task can be found quite often and virtual memory
> > layout can be determined.
> > 
> > Viktor Prutyanov (5):
> >   dump: move Windows dump structures definitions
> >   contrib: add elf2dmp tool
> >   contrib/elf2dmp: improve paging root selection
> >   contrib/elf2dmp: add DMP file name as 2nd argument
> >   contrib/elf2dmp: add 1GB and 2MB pages support
> > 
> >  Makefile                      |   5 +
> >  Makefile.objs                 |   1 +
> >  configure                     |   3 +
> >  contrib/elf2dmp/Makefile.objs |   1 +
> >  contrib/elf2dmp/addrspace.c   | 236 +++++++++++++++++
> >  contrib/elf2dmp/addrspace.h   |  44 ++++
> >  contrib/elf2dmp/download.c    |  50 ++++
> >  contrib/elf2dmp/download.h    |  13 +
> >  contrib/elf2dmp/err.h         |  13 +
> >  contrib/elf2dmp/kdbg.h        | 194 ++++++++++++++
> >  contrib/elf2dmp/main.c        | 594
> > ++++++++++++++++++++++++++++++++++++++++++
> > contrib/elf2dmp/pdb.c         | 331 +++++++++++++++++++++++
> > contrib/elf2dmp/pdb.h         | 241 +++++++++++++++++
> > contrib/elf2dmp/pe.h          | 121 +++++++++
> > contrib/elf2dmp/qemu_elf.c    | 172 ++++++++++++
> > contrib/elf2dmp/qemu_elf.h    |  51 ++++
> > include/qemu/win_dump_defs.h  | 179 +++++++++++++
> > win_dump.h                    | 166 +----------- 18 files changed,
> > 2253 insertions(+), 162 deletions(-) create mode 100644
> > contrib/elf2dmp/Makefile.objs create mode 100644
> > contrib/elf2dmp/addrspace.c create mode 100644
> > contrib/elf2dmp/addrspace.h create mode 100644
> > contrib/elf2dmp/download.c create mode 100644
> > contrib/elf2dmp/download.h create mode 100644 contrib/elf2dmp/err.h
> >  create mode 100644 contrib/elf2dmp/kdbg.h
> >  create mode 100644 contrib/elf2dmp/main.c
> >  create mode 100644 contrib/elf2dmp/pdb.c
> >  create mode 100644 contrib/elf2dmp/pdb.h
> >  create mode 100644 contrib/elf2dmp/pe.h
> >  create mode 100644 contrib/elf2dmp/qemu_elf.c
> >  create mode 100644 contrib/elf2dmp/qemu_elf.h
> >  create mode 100644 include/qemu/win_dump_defs.h
> >   
> 
> Queued, squashing patches 2-5.  Would you like to send a patch for
> MAINTAINERS, adding yourself for elf2dmp?
> 
> Paolo

If I add myself to MAINTAINERS, what I will be expected to do?

Viktor
Re: [Qemu-devel] [PATCH 0/5] contrib: add elf2dmp tool
Posted by Paolo Bonzini 7 years, 1 month ago 
On 18/09/2018 07:44, Viktor Prutyanov wrote:
> On Fri, 14 Sep 2018 17:22:14 +0200
> Paolo Bonzini <pbonzini@redhat.com> wrote:
> 
>> On 29/08/2018 14:41, Viktor Prutyanov wrote:
>>> elf2dmp is a converter from ELF dump (produced by
>>> 'dump-guest-memory') to Windows MEMORY.DMP format (also know as
>>> 'Complete Memory Dump') which can be opened in WinDbg.
>>>
>>> This tool can help if VMCoreInfo device/driver is absent in Windows
>>> VM and 'dump-guest-memory -w' is not available but dump can be
>>> created in ELF format.
>>>
>>> elf2dmp differs from other universal converters in method of
>>> determining of virtual memory layout. The tool uses register values
>>> from QEMU ELF dump file to do it. In particular, it uses
>>> KERNEL_GS_BASE value added to dump format in QEMU 3.0.
>>>
>>> Even if KERNEL_GS_BASEs are absent in ELF dump file, at least 1
>>> vCPU with kernel task can be found quite often and virtual memory
>>> layout can be determined.
>>>
>>> Viktor Prutyanov (5):
>>>   dump: move Windows dump structures definitions
>>>   contrib: add elf2dmp tool
>>>   contrib/elf2dmp: improve paging root selection
>>>   contrib/elf2dmp: add DMP file name as 2nd argument
>>>   contrib/elf2dmp: add 1GB and 2MB pages support
>>>
>>>  Makefile                      |   5 +
>>>  Makefile.objs                 |   1 +
>>>  configure                     |   3 +
>>>  contrib/elf2dmp/Makefile.objs |   1 +
>>>  contrib/elf2dmp/addrspace.c   | 236 +++++++++++++++++
>>>  contrib/elf2dmp/addrspace.h   |  44 ++++
>>>  contrib/elf2dmp/download.c    |  50 ++++
>>>  contrib/elf2dmp/download.h    |  13 +
>>>  contrib/elf2dmp/err.h         |  13 +
>>>  contrib/elf2dmp/kdbg.h        | 194 ++++++++++++++
>>>  contrib/elf2dmp/main.c        | 594
>>> ++++++++++++++++++++++++++++++++++++++++++
>>> contrib/elf2dmp/pdb.c         | 331 +++++++++++++++++++++++
>>> contrib/elf2dmp/pdb.h         | 241 +++++++++++++++++
>>> contrib/elf2dmp/pe.h          | 121 +++++++++
>>> contrib/elf2dmp/qemu_elf.c    | 172 ++++++++++++
>>> contrib/elf2dmp/qemu_elf.h    |  51 ++++
>>> include/qemu/win_dump_defs.h  | 179 +++++++++++++
>>> win_dump.h                    | 166 +----------- 18 files changed,
>>> 2253 insertions(+), 162 deletions(-) create mode 100644
>>> contrib/elf2dmp/Makefile.objs create mode 100644
>>> contrib/elf2dmp/addrspace.c create mode 100644
>>> contrib/elf2dmp/addrspace.h create mode 100644
>>> contrib/elf2dmp/download.c create mode 100644
>>> contrib/elf2dmp/download.h create mode 100644 contrib/elf2dmp/err.h
>>>  create mode 100644 contrib/elf2dmp/kdbg.h
>>>  create mode 100644 contrib/elf2dmp/main.c
>>>  create mode 100644 contrib/elf2dmp/pdb.c
>>>  create mode 100644 contrib/elf2dmp/pdb.h
>>>  create mode 100644 contrib/elf2dmp/pe.h
>>>  create mode 100644 contrib/elf2dmp/qemu_elf.c
>>>  create mode 100644 contrib/elf2dmp/qemu_elf.h
>>>  create mode 100644 include/qemu/win_dump_defs.h
>>>   
>>
>> Queued, squashing patches 2-5.  Would you like to send a patch for
>> MAINTAINERS, adding yourself for elf2dmp?
>>
>> Paolo
> 
> If I add myself to MAINTAINERS, what I will be expected to do?

As a start, it's okay if you just review any patch.  Peter or I (or in
the future, the committer / misc tree maintainer) can take care of
applying them.

Paolo
[Qemu-devel] [PATCH] MAINTAINERS: add myself as elf2dmp maintainer
Posted by Viktor Prutyanov 7 years, 1 month ago 
Add myself as contrib/elf2dmp maintainer and elf2dmp as maintained.

Signed-off-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu>
---
 MAINTAINERS | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index d12518c08f..e70ff1e009 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1888,6 +1888,11 @@ S: Maintained
 F: include/qemu/iova-tree.h
 F: util/iova-tree.c
 
+elf2dmp
+M: Viktor Prutyanov <viktor.prutyanov@phystech.edu>
+S: Maintained
+F: contrib/elf2dmp/
+
 Usermode Emulation
 ------------------
 Overall
-- 
2.14.3

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.