Memory Dumps from Xen-virtualized Windows
Suppose we got a kernel, complete or minidump from Windows running under Xen hypervisor. How would we distinguish it from a memory dump of Windows running on non-virtualized hardware? We can check machine id:
kd> !sysinfo machineid
Machine ID Information [From Smbios 2.4, DMIVersion 36, Size=348]
BiosMajorRelease = 3
BiosMinorRelease = 1
BiosVendor = Xen
BiosVersion = 3.1.0
SystemManufacturer = Xen
SystemProductName = HVM domU
SystemVersion = 3.1.0
and drivers:
kd> lm m *xen*
start end module name
f6012000 f605f000 dump_xenvbd (deferred)
f794b000 f795c000 xennet (deferred)
f82c0000 f830d000 xenvbd (deferred)
f845f000 f846b000 XENUTIL (deferred)
f84cf000 f84db000 dump_XENUTIL (deferred)
Note: similar information can be checked for VMWare and Virtual PC.
- Dmitry Vostokov @ DumpAnalysis.org -
July 10th, 2009 at 8:23 pm
[…] Memory Dumps from Xen-virtualized Windows […]
July 28th, 2009 at 9:34 pm
[…] is another addition to memory dumps coming VMWare, VirtualPC and Xen Server virtualized systems. Now I had a look at Hyper-V and found that this information could serve as an […]