aboutsummaryrefslogtreecommitdiff
path: root/contrib/elf2dmp/main.c
AgeCommit message (Collapse)Author
2023-07-31elf2dmp: Don't abandon when Prcb is set to 0Akihiko Odaki
Prcb may be set to 0 for some CPUs if the dump was taken before they start. The dump may still contain valuable information for started CPUs so don't abandon conversion in such a case. Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu> Message-id: 20230611033434.14659-1-akihiko.odaki@daynix.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-03-21contrib/elf2dmp: add PE name check and Windows Server 2022 supportViktor Prutyanov
Since its inception elf2dmp has checked MZ signatures within an address space above IDT[0] interrupt vector and took first PE image found as Windows Kernel. But in Windows Server 2022 memory dump this address space range is full of invalid PE fragments and the tool must check that PE image is 'ntoskrnl.exe' actually. So, introduce additional validation by checking image name from Export Directory against 'ntoskrnl.exe'. Signed-off-by: Viktor Prutyanov <viktor@daynix.com> Tested-by: Yuri Benditovich <yuri.benditovich@daynix.com> Reviewed-by: Annie Li <annie.li@oracle.com> Message-id: 20230222211246.883679-4-viktor@daynix.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-03-21contrib/elf2dmp: move PE dir search to pe_get_data_dir_entryViktor Prutyanov
Move out PE directory search functionality to be reused not only for Debug Directory processing but for arbitrary PE directory. Signed-off-by: Viktor Prutyanov <viktor@daynix.com> Reviewed-by: Annie Li <annie.li@oracle.com> Message-id: 20230222211246.883679-3-viktor@daynix.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-03-21contrib/elf2dmp: fix code styleViktor Prutyanov
Originally elf2dmp were added with some code style issues, especially in pe.h header, and some were introduced by 2d0fc797faaa73fbc1d30f5f9e90407bf3dd93f0. Fix them now. Signed-off-by: Viktor Prutyanov <viktor@daynix.com> Reviewed-by: Annie Li <annie.li@oracle.com> Message-id: 20230222211246.883679-2-viktor@daynix.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-10-22elf2dmp: free memory in failurelu zhipeng
The 'kdgb' is allocating memory in get_kdbg(), but it is not freed in error path. So fix that. Signed-off-by: lu zhipeng <luzhipeng@cestc.cn> Reviewed-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20221007020128.760-1-luzhipeng@cestc.cn> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-04-22include/qemu: rename Windows context definitions to expose bitnessViktor Prutyanov
Context structure in 64-bit Windows differs from 32-bit one and it should be reflected in its name. Signed-off-by: Viktor Prutyanov <viktor.prutyanov@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20220406171558.199263-2-viktor.prutyanov@redhat.com>
2021-01-20elf2dmp: Rename PAGE_SIZE to ELF2DMP_PAGE_SIZEJiaxun Yang
As per POSIX specification of limits.h [1], OS libc may define PAGE_SIZE in limits.h. To prevent collosion of definition, we rename PAGE_SIZE here. [1]: https://pubs.opengroup.org/onlinepubs/7908799/xsh/limits.h.html Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210118063808.12471-6-jiaxun.yang@flygoat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-10-27elf2dmp: Fix memory leak on main() error pathsAlexChen
The 'kdgb' is allocating memory in get_kdbg(), but it is not freed in both fill_header() and fill_context() failed branches, fix it. Signed-off-by: AlexChen <alex.chen@huawei.com> Reviewed-by: Li Qiang <liq3ea@gmail.com> Reviewed-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <5F463659.8080101@huawei.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-05-13Clean up includesMarkus Armbruster
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes, with the changes to the following files manually reverted: contrib/libvhost-user/libvhost-user-glib.h contrib/libvhost-user/libvhost-user.c contrib/libvhost-user/libvhost-user.h linux-user/mips64/cpu_loop.c linux-user/mips64/signal.c linux-user/sparc64/cpu_loop.c linux-user/sparc64/signal.c linux-user/x86_64/cpu_loop.c linux-user/x86_64/signal.c slirp/src/* target/s390x/gen-features.c tests/fp/platform.h tests/migration/s390x/a-b-bios.c tests/test-rcu-simpleq.c tests/test-rcu-tailq.c tests/uefi-test-tools/UefiTestToolsPkg/BiosTablesTest/BiosTablesTest.c We're in the process of spinning out slirp/. tests/fp/platform.h is has to include qemu/osdep.h because tests/fp/berkeley-softfloat-3/ and tests/fp/berkeley-testfloat-3/ don't. tests/uefi-test-tools/ is guest software. The remaining reverts are the same as in commit b7d89466dde. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190313162812.8885-1-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> [Revert change to tests/fp/platform.h, adjust commit message]
2019-03-11contrib/elf2dmp: add kernel start address checkingViktor Prutyanov
Before this patch, if elf2dmp failed to find NT kernel PE magic in allowed virtual address range, then it assumes NULL as NT kernel address and cause segfault. This patch fix the problem described above by checking NT kernel address before futher processing. Signed-off-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu> Message-Id: <20190219211936.6466-1-viktor.prutyanov@phystech.edu> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-05contrib/elf2dmp: fix printf formatViktor Prutyanov
Format strings for printf are changed for successful build for Windows hosts. Signed-off-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu> Message-Id: <20181220012441.13694-6-viktor.prutyanov@phystech.edu> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-01-11avoid TABs in files that only contain a fewPaolo Bonzini
Most files that have TABs only contain a handful of them. Change them to spaces so that we don't confuse people. disas, standard-headers, linux-headers and libdecnumber are imported from other projects and probably should be exempted from the check. Outside those, after this patch the following files still contain both 8-space and TAB sequences at the beginning of the line. Many of them have a majority of TABs, or were initially committed with all tabs. bsd-user/i386/target_syscall.h bsd-user/x86_64/target_syscall.h crypto/aes.c hw/audio/fmopl.c hw/audio/fmopl.h hw/block/tc58128.c hw/display/cirrus_vga.c hw/display/xenfb.c hw/dma/etraxfs_dma.c hw/intc/sh_intc.c hw/misc/mst_fpga.c hw/net/pcnet.c hw/sh4/sh7750.c hw/timer/m48t59.c hw/timer/sh_timer.c include/crypto/aes.h include/disas/bfd.h include/hw/sh4/sh.h libdecnumber/decNumber.c linux-headers/asm-generic/unistd.h linux-headers/linux/kvm.h linux-user/alpha/target_syscall.h linux-user/arm/nwfpe/double_cpdo.c linux-user/arm/nwfpe/fpa11_cpdt.c linux-user/arm/nwfpe/fpa11_cprt.c linux-user/arm/nwfpe/fpa11.h linux-user/flat.h linux-user/flatload.c linux-user/i386/target_syscall.h linux-user/ppc/target_syscall.h linux-user/sparc/target_syscall.h linux-user/syscall.c linux-user/syscall_defs.h linux-user/x86_64/target_syscall.h slirp/cksum.c slirp/if.c slirp/ip.h slirp/ip_icmp.c slirp/ip_icmp.h slirp/ip_input.c slirp/ip_output.c slirp/mbuf.c slirp/misc.c slirp/sbuf.c slirp/socket.c slirp/socket.h slirp/tcp_input.c slirp/tcpip.h slirp/tcp_output.c slirp/tcp_subr.c slirp/tcp_timer.c slirp/tftp.c slirp/udp.c slirp/udp.h target/cris/cpu.h target/cris/mmu.c target/cris/op_helper.c target/sh4/helper.c target/sh4/op_helper.c target/sh4/translate.c tcg/sparc/tcg-target.inc.c tests/tcg/cris/check_addo.c tests/tcg/cris/check_moveq.c tests/tcg/cris/check_swap.c tests/tcg/multiarch/test-mmap.c ui/vnc-enc-hextile-template.h ui/vnc-enc-zywrle.h util/envlist.c util/readline.c The following have only TABs: bsd-user/i386/target_signal.h bsd-user/sparc64/target_signal.h bsd-user/sparc64/target_syscall.h bsd-user/sparc/target_signal.h bsd-user/sparc/target_syscall.h bsd-user/x86_64/target_signal.h crypto/desrfb.c hw/audio/intel-hda-defs.h hw/core/uboot_image.h hw/sh4/sh7750_regnames.c hw/sh4/sh7750_regs.h include/hw/cris/etraxfs_dma.h linux-user/alpha/termbits.h linux-user/arm/nwfpe/fpopcode.h linux-user/arm/nwfpe/fpsr.h linux-user/arm/syscall_nr.h linux-user/arm/target_signal.h linux-user/cris/target_signal.h linux-user/i386/target_signal.h linux-user/linux_loop.h linux-user/m68k/target_signal.h linux-user/microblaze/target_signal.h linux-user/mips64/target_signal.h linux-user/mips/target_signal.h linux-user/mips/target_syscall.h linux-user/mips/termbits.h linux-user/ppc/target_signal.h linux-user/sh4/target_signal.h linux-user/sh4/termbits.h linux-user/sparc64/target_syscall.h linux-user/sparc/target_signal.h linux-user/x86_64/target_signal.h linux-user/x86_64/termbits.h pc-bios/optionrom/optionrom.h slirp/mbuf.h slirp/misc.h slirp/sbuf.h slirp/tcp.h slirp/tcp_timer.h slirp/tcp_var.h target/i386/svm.h target/sparc/asi.h target/xtensa/core-dc232b/xtensa-modules.inc.c target/xtensa/core-dc233c/xtensa-modules.inc.c target/xtensa/core-de212/core-isa.h target/xtensa/core-de212/xtensa-modules.inc.c target/xtensa/core-fsf/xtensa-modules.inc.c target/xtensa/core-sample_controller/core-isa.h target/xtensa/core-sample_controller/xtensa-modules.inc.c target/xtensa/core-test_kc705_be/core-isa.h target/xtensa/core-test_kc705_be/xtensa-modules.inc.c tests/tcg/cris/check_abs.c tests/tcg/cris/check_addc.c tests/tcg/cris/check_addcm.c tests/tcg/cris/check_addoq.c tests/tcg/cris/check_bound.c tests/tcg/cris/check_ftag.c tests/tcg/cris/check_int64.c tests/tcg/cris/check_lz.c tests/tcg/cris/check_openpf5.c tests/tcg/cris/check_sigalrm.c tests/tcg/cris/crisutils.h tests/tcg/cris/sys.c tests/tcg/i386/test-i386-ssse3.c ui/vgafont.h Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20181213223737.11793-3-pbonzini@redhat.com> Reviewed-by: Aleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com> Acked-by: Richard Henderson <richard.henderson@linaro.org> Acked-by: Eric Blake <eblake@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Stefan Markovic <smarkovic@wavecomp.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02contrib: add elf2dmp toolViktor Prutyanov
elf2dmp is a converter from ELF dump (produced by 'dump-guest-memory') to Windows MEMORY.DMP format (also know as 'Complete Memory Dump') which can be opened in WinDbg. This tool can help if VMCoreInfo device/driver is absent in Windows VM and 'dump-guest-memory -w' is not available but dump can be created in ELF format. The tool works as follows: 1. Determine the system paging root looking at GS_BASE or KERNEL_GS_BASE to locate the PRCB structure and finds the kernel CR3 nearby if QEMU CPU state CR3 is not suitable. 2. Find an address within the kernel image by dereferencing the first IDT entry and scans virtual memory upwards until the start of the kernel. 3. Download a PDB matching the kernel from the Microsoft symbol store, and figure out the layout of certain relevant structures necessary for the dump. 4. Populate the corresponding structures in the memory image and create the appropriate dump header. Signed-off-by: Viktor Prutyanov <viktor.prutyanov@virtuozzo.com> Message-Id: <1535546488-30208-3-git-send-email-viktor.prutyanov@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>