Software Diagnostics Library

Memory Dumps from Xen-virtualized Windows

Suppose we got a kernel, complete or minidump from Windows running under Xen hypervisor. How would we distinguish it from a memory dump of Windows running on non-virtualized hardware? We can check machine id:

kd> !sysinfo machineid Machine ID Information [From Smbios 2.4, DMIVersion 36, Size=348] BiosMajorRelease = 3 BiosMinorRelease = 1 BiosVendor = Xen BiosVersion = 3.1.0 SystemManufacturer = Xen SystemProductName = HVM domU SystemVersion = 3.1.0

and drivers:

kd> lm m *xen* start end module name f6012000 f605f000 dump_xenvbd (deferred) f794b000 f795c000 xennet (deferred) f82c0000 f830d000 xenvbd (deferred) f845f000 f846b000 XENUTIL (deferred) f84cf000 f84db000 dump_XENUTIL (deferred)

Note: similar information can be checked for VMWare and Virtual PC.

- Dmitry Vostokov @ DumpAnalysis.org -

This entry was posted on Thursday, March 13th, 2008 at 5:18 pm and is filed under Citrix, Crash Dump Analysis, Virtualization. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Memory Dumps from Xen-virtualized Windows”

Crash Dump Analysis » Blog Archive » Crash Dump Analysis Patterns (Part 87) Says:
July 10th, 2009 at 8:23 pm
[…] Memory Dumps from Xen-virtualized Windows […]
Crash Dump Analysis » Blog Archive » Memory Dumps from Hyper-V-virtualized Windows Says:
July 28th, 2009 at 9:34 pm
[…] is another addition to memory dumps coming VMWare, VirtualPC and Xen Server virtualized systems. Now I had a look at Hyper-V and found that this information could serve as an […]

You must be logged in to post a comment.

Memory Dumps from Xen-virtualized Windows

2 Responses to “Memory Dumps from Xen-virtualized Windows”

Leave a Reply