aboutsummaryrefslogtreecommitdiff
path: root/contrib/elf2dmp/qemu_elf.c
AgeCommit message (Collapse)Author
2022-05-25contrib/elf2dmp: add ELF dump header checkingViktor Prutyanov
Add ELF header checking to prevent processing input file which is not QEMU x86_64 guest memory dump or even not ELF. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1013 Signed-off-by: Viktor Prutyanov <viktor.prutyanov@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220520084339.171684-1-viktor.prutyanov@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-12-13elf2dmp/qemu_elf: Plug memleak in QEMU_Elf_initPan Nengyuan
Missing g_error_free in QEMU_Elf_init() error path. Fix that. Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com> Reviewed-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu> Reviewed-by: Li Qiang <liq3ea@gmail.com> Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20201023061218.2080844-4-kuhn.chenqun@huawei.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-02-05contrib/elf2dmp: use GLib in ELF processingViktor Prutyanov
Replace POSIX mmap with GLib g_mapped_file_new in ELF processing module to make elf2dmp cross-platform. Signed-off-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu> Message-Id: <20181220012441.13694-3-viktor.prutyanov@phystech.edu> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-10-02contrib: add elf2dmp toolViktor Prutyanov
elf2dmp is a converter from ELF dump (produced by 'dump-guest-memory') to Windows MEMORY.DMP format (also know as 'Complete Memory Dump') which can be opened in WinDbg. This tool can help if VMCoreInfo device/driver is absent in Windows VM and 'dump-guest-memory -w' is not available but dump can be created in ELF format. The tool works as follows: 1. Determine the system paging root looking at GS_BASE or KERNEL_GS_BASE to locate the PRCB structure and finds the kernel CR3 nearby if QEMU CPU state CR3 is not suitable. 2. Find an address within the kernel image by dereferencing the first IDT entry and scans virtual memory upwards until the start of the kernel. 3. Download a PDB matching the kernel from the Microsoft symbol store, and figure out the layout of certain relevant structures necessary for the dump. 4. Populate the corresponding structures in the memory image and create the appropriate dump header. Signed-off-by: Viktor Prutyanov <viktor.prutyanov@virtuozzo.com> Message-Id: <1535546488-30208-3-git-send-email-viktor.prutyanov@virtuozzo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
generated by cgit v1.2.3 (git 2.26.2) at 2025-03-20 23:49:50 +0000