Hello, This may be more of a developer question. If so, please let me know, and I will ask it there instead. I am running Xen 3.1 with a Windows XP HVM, and I want to get a straight dump of physical memory. The dump-core command adds a lot of ELF cruft, so I commented out the ELF related portions of xc_domain_dumpcore_via_callback. However, when I run dump-core, I am still getting quite a few more pages in my dump file than I should (nearly 10MB worth). Has anyone else attempted to do this, or have any idea of what might be the issue? I can understand the utility of having the dump file conform to ELF format, but it''s also useful to get just the raw memory since there are tools out there that can take a Windows physical dump and analyze it. Thanks for the help, -Ryan _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi, Ryan Will you try to make a convert tools (from raw memory dump to Windows fomat dump)? If so, please post it to xen-devel ML. You can see docs/misc/dump-core-format.txt. ".xen_pages" section is raw memory, and .xen_p2m or .xen_pfn sections are used for looking for a memory address we want to see. You can see them with readelf -x option. If you want to make a new tools to get a straight dump of physical memory, it would just do xc_map_foreign_range() from 0 to max_pfn. Best Regards, Akio Takebe>Hello, > >This may be more of a developer question. If so, please let me know, and I >will ask it there instead. I am running Xen 3.1 with a Windows XP HVM, and >I want to get a straight dump of physical memory. The dump-core command >adds a lot of ELF cruft, so I commented out the ELF related portions of >xc_domain_dumpcore_via_callback. However, when I run dump-core, I am still >getting quite a few more pages in my dump file than I should (nearly 10MB >worth). Has anyone else attempted to do this, or have any idea of what >might be the issue? I can understand the utility of having the dump file >conform to ELF format, but it''s also useful to get just the raw memory since >there are tools out there that can take a Windows physical dump and analyze >it. > >Thanks for the help, >-Ryan > >-------------------------------text/plain------------------------------- >_______________________________________________ >Xen-users mailing list >Xen-users@lists.xensource.com >http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Akio, Thanks for the reply. How would I obtain max_pfn? In xc_domain_dumpcore_via_callback, the code pulls nr_pages from the xc_dominfo struct and uses this value as the number of pfns for the domain. Would max_pfn = nr_pages, or would they be different for some reason? I''m planning on adding a dump-physical tool, and I''ll post the code to xen-devel once I get it working. -Ryan On Wed, Feb 27, 2008 at 5:37 AM, Akio Takebe <takebe_akio@jp.fujitsu.com> wrote:> Hi, Ryan > > Will you try to make a convert tools (from raw memory dump to > Windows fomat dump)? If so, please post it to xen-devel ML. > > You can see docs/misc/dump-core-format.txt. > ".xen_pages" section is raw memory, > and .xen_p2m or .xen_pfn sections are used > for looking for a memory address we want to see. > > You can see them with readelf -x option. > > If you want to make a new tools to get a straight dump of physical memory, > it would just do xc_map_foreign_range() from 0 to max_pfn. > > Best Regards, > > Akio Takebe > > >Hello, > > > >This may be more of a developer question. If so, please let me know, and > I > >will ask it there instead. I am running Xen 3.1 with a Windows XP HVM, > and > >I want to get a straight dump of physical memory. The dump-core command > >adds a lot of ELF cruft, so I commented out the ELF related portions of > >xc_domain_dumpcore_via_callback. However, when I run dump-core, I am > still > >getting quite a few more pages in my dump file than I should (nearly 10MB > >worth). Has anyone else attempted to do this, or have any idea of what > >might be the issue? I can understand the utility of having the dump file > >conform to ELF format, but it''s also useful to get just the raw memory > since > >there are tools out there that can take a Windows physical dump and > analyze > >it. > > > >Thanks for the help, > >-Ryan > > > >-------------------------------text/plain------------------------------- > >_______________________________________________ > >Xen-users mailing list > >Xen-users@lists.xensource.com > >http://lists.xensource.com/xen-users > >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi, You''d better use max_memkb if you don''t make p2m table(like the .xen_pfn). e.g. "info.max_memkb >> (PAGE_SHIFT - 10)">max_pfn = nr_pages, or would they be different for some reason? I''m >planning on adding a dump-physical tool, and I''ll post the code to xen-devel >once I get it working.Great. It will be useful. Please CC to me at posting it into xen-devel ML. ;) Best Regards, Akio Takebe>Akio, > >Thanks for the reply. How would I obtain max_pfn? In >xc_domain_dumpcore_via_callback, the code pulls nr_pages from the xc_dominfo >struct and uses this value as the number of pfns for the domain. Would >max_pfn = nr_pages, or would they be different for some reason? I''m >planning on adding a dump-physical tool, and I''ll post the code to xen-devel >once I get it working. > >-Ryan > > > >On Wed, Feb 27, 2008 at 5:37 AM, Akio Takebe <takebe_akio@jp.fujitsu.com> >wrote: > >> Hi, Ryan >> >> Will you try to make a convert tools (from raw memory dump to >> Windows fomat dump)? If so, please post it to xen-devel ML. >> >> You can see docs/misc/dump-core-format.txt. >> ".xen_pages" section is raw memory, >> and .xen_p2m or .xen_pfn sections are used >> for looking for a memory address we want to see. >> >> You can see them with readelf -x option. >> >> If you want to make a new tools to get a straight dump of physical memory, >> it would just do xc_map_foreign_range() from 0 to max_pfn. >> >> Best Regards, >> >> Akio Takebe >> >> >Hello, >> > >> >This may be more of a developer question. If so, please let me know, and >> I >> >will ask it there instead. I am running Xen 3.1 with a Windows XP HVM, >> and >> >I want to get a straight dump of physical memory. The dump-core command >> >adds a lot of ELF cruft, so I commented out the ELF related portions of >> >xc_domain_dumpcore_via_callback. However, when I run dump-core, I am >> still >> >getting quite a few more pages in my dump file than I should (nearly 10MB >> >worth). Has anyone else attempted to do this, or have any idea of what >> >might be the issue? I can understand the utility of having the dump file >> >conform to ELF format, but it''s also useful to get just the raw memory >> since >> >there are tools out there that can take a Windows physical dump and >> analyze >> >it. >> > >> >Thanks for the help, >> >-Ryan >> > >> >-------------------------------text/plain------------------------------- >> >_______________________________________________ >> >Xen-users mailing list >> >Xen-users@lists.xensource.com >> >http://lists.xensource.com/xen-users >> >> > > >---html-part included links------- >mailto:takebe_akio@jp.fujitsu.com >mailto:Xen-users@lists.xensource.com_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Akio, That worked. What causes the discrepancy between the value for nr_pages and max_memkb/4? Also, if I wanted to add the code as a function named xc_dump_physical() in xc_core.c and be able to call it from main.py, what intermediate files are involved? I''ve tried to trace a call to dump-core to figure out the files that are involved, but I can only trace it to the call to server.xend.dump.core in main.py (I assume at this point it becomes an xml-rpc call?). Basically, I need the chain of files from main.py to xc_core.c involved in an invocation of dump-core. Thanks again for your time, -Ryan On Thu, Feb 28, 2008 at 12:14 AM, Akio Takebe <takebe_akio@jp.fujitsu.com> wrote:> Hi, > > You''d better use max_memkb if you don''t make p2m table(like the .xen_pfn). > e.g. > "info.max_memkb >> (PAGE_SHIFT - 10)" > > >max_pfn = nr_pages, or would they be different for some reason? I''m > >planning on adding a dump-physical tool, and I''ll post the code to > xen-devel > >once I get it working. > Great. It will be useful. Please CC to me at posting it into xen-devel ML. > ;) > > Best Regards, > > Akio Takebe > > >Akio, > > > >Thanks for the reply. How would I obtain max_pfn? In > >xc_domain_dumpcore_via_callback, the code pulls nr_pages from the > xc_dominfo > >struct and uses this value as the number of pfns for the domain. Would > >max_pfn = nr_pages, or would they be different for some reason? I''m > >planning on adding a dump-physical tool, and I''ll post the code to > xen-devel > >once I get it working. > > > >-Ryan > > > > > > > >On Wed, Feb 27, 2008 at 5:37 AM, Akio Takebe <takebe_akio@jp.fujitsu.com> > >wrote: > > > >> Hi, Ryan > >> > >> Will you try to make a convert tools (from raw memory dump to > >> Windows fomat dump)? If so, please post it to xen-devel ML. > >> > >> You can see docs/misc/dump-core-format.txt. > >> ".xen_pages" section is raw memory, > >> and .xen_p2m or .xen_pfn sections are used > >> for looking for a memory address we want to see. > >> > >> You can see them with readelf -x option. > >> > >> If you want to make a new tools to get a straight dump of physical > memory, > >> it would just do xc_map_foreign_range() from 0 to max_pfn. > >> > >> Best Regards, > >> > >> Akio Takebe > >> > >> >Hello, > >> > > >> >This may be more of a developer question. If so, please let me know, > and > >> I > >> >will ask it there instead. I am running Xen 3.1 with a Windows XP > HVM, > >> and > >> >I want to get a straight dump of physical memory. The dump-core > command > >> >adds a lot of ELF cruft, so I commented out the ELF related portions > of > >> >xc_domain_dumpcore_via_callback. However, when I run dump-core, I am > >> still > >> >getting quite a few more pages in my dump file than I should (nearly > 10MB > >> >worth). Has anyone else attempted to do this, or have any idea of > what > >> >might be the issue? I can understand the utility of having the dump > file > >> >conform to ELF format, but it''s also useful to get just the raw memory > >> since > >> >there are tools out there that can take a Windows physical dump and > >> analyze > >> >it. > >> > > >> >Thanks for the help, > >> >-Ryan > >> > > >> > >-------------------------------text/plain------------------------------- > >> >_______________________________________________ > >> >Xen-users mailing list > >> >Xen-users@lists.xensource.com > >> >http://lists.xensource.com/xen-users > >> > >> > > > > > >---html-part included links------- > >mailto:takebe_akio@jp.fujitsu.com > >mailto:Xen-users@lists.xensource.com > >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi, Ryan>That worked. What causes the discrepancy between the value for nr_pages and >max_memkb/4? Also, if I wanted to add the code as a function namedHVM domain would have sparce memory, so you will need max pfn. max_memkb/4 means (max_memkb*1024)/(PAGE_SIZE). It is max pfn. nr_pages means the number of pages passed from hypervisor. max_memkb*1024 will be more than nrpages*PAGE_SIZE.>xc_dump_physical() in xc_core.c and be able to call it from main.py, what >intermediate files are involved? I''ve tried to trace a call to dump-core to >figure out the files that are involved, but I can only trace it to the call >to server.xend.dump.core in main.py (I assume at this point it becomes an >xml-rpc call?). Basically, I need the chain of files from main.py to >xc_core.c involved in an invocation of dump-core.server.xend.dump.core is server.xend.domain.dump? After server.xend.domain.dump, the request posts to xend. xend get the request in xml-rpc, then domain_dump in tools/python/xen/xend/XendDomain.py ---> dumpCore() in tools/python/xen/xend/XendDomainInfo.py ---> xc_domain_dumpcore in libxc You can add a entance for xc_dump_physical() in dumpCore. Best Regards, Akio Takebe _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users