Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Arch ¶
type Arch uint16
Arch is the type of the ProcessorArchitecture field of MINIDUMP_SYSTEM_INFO.
const ( CpuArchitectureX86 Arch = 0 CpuArchitectureMips Arch = 1 CpuArchitectureAlpha Arch = 2 CpuArchitecturePPC Arch = 3 CpuArchitectureSHX Arch = 4 // Super-H CpuArchitectureARM Arch = 5 CpuArchitectureIA64 Arch = 6 CpuArchitectureAlpha64 Arch = 7 CpuArchitectureMSIL Arch = 8 // Microsoft Intermediate Language CpuArchitectureAMD64 Arch = 9 CpuArchitectureWoW64 Arch = 10 CpuArchitectureARM64 Arch = 12 CpuArchitectureUnknown Arch = 0xffff )
type ErrNotAMinidump ¶
type ErrNotAMinidump struct {
// contains filtered or unexported fields
}
ErrNotAMinidump is the error returned when the file being loaded is not a minidump file.
func (ErrNotAMinidump) Error ¶
func (err ErrNotAMinidump) Error() string
type FileFlags ¶
type FileFlags uint64
FileFlags is the type of the Flags field of MINIDUMP_HEADER
const ( FileNormal FileFlags = 0x00000000 FileWithDataSegs FileFlags = 0x00000001 FileWithFullMemory FileFlags = 0x00000002 FileWithHandleData FileFlags = 0x00000004 FileFilterMemory FileFlags = 0x00000008 FileScanMemory FileFlags = 0x00000010 FileWithUnloadedModules FileFlags = 0x00000020 FileWithIncorrectlyReferencedMemory FileFlags = 0x00000040 FileFilterModulePaths FileFlags = 0x00000080 FileWithProcessThreadData FileFlags = 0x00000100 FileWithPrivateReadWriteMemory FileFlags = 0x00000200 FileWithoutOptionalData FileFlags = 0x00000400 FileWithFullMemoryInfo FileFlags = 0x00000800 FileWithThreadInfo FileFlags = 0x00001000 FileWithCodeSegs FileFlags = 0x00002000 FileWithoutAuxilliarySegs FileFlags = 0x00004000 FileWithFullAuxilliaryState FileFlags = 0x00008000 FileWithPrivateCopyMemory FileFlags = 0x00010000 FileIgnoreInaccessibleMemory FileFlags = 0x00020000 FileWithTokenInformation FileFlags = 0x00040000 )
type MemoryInfo ¶
type MemoryInfo struct { Addr uint64 Size uint64 State MemoryState Protection MemoryProtection Type MemoryType }
MemoryInfo represents an entry in the MemoryInfoList stream. See: https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/ns-minidumpapiset-minidump_memory_info_list
type MemoryProtection ¶
type MemoryProtection uint32
MemoryProtection is the type of the Protection field of MINIDUMP_MEMORY_INFO
const ( MemoryProtectNoAccess MemoryProtection = 0x01 // PAGE_NOACCESS MemoryProtectReadOnly MemoryProtection = 0x02 // PAGE_READONLY MemoryProtectReadWrite MemoryProtection = 0x04 // PAGE_READWRITE MemoryProtectWriteCopy MemoryProtection = 0x08 // PAGE_WRITECOPY MemoryProtectExecute MemoryProtection = 0x10 // PAGE_EXECUTE MemoryProtectExecuteRead MemoryProtection = 0x20 // PAGE_EXECUTE_READ MemoryProtectExecuteReadWrite MemoryProtection = 0x40 // PAGE_EXECUTE_READWRITE MemoryProtectExecuteWriteCopy MemoryProtection = 0x80 // PAGE_EXECUTE_WRITECOPY // These options can be combined with the previous flags MemoryProtectPageGuard MemoryProtection = 0x100 // PAGE_GUARD MemoryProtectNoCache MemoryProtection = 0x200 // PAGE_NOCACHE MemoryProtectWriteCombine MemoryProtection = 0x400 // PAGE_WRITECOMBINE )
func (MemoryProtection) String ¶
func (i MemoryProtection) String() string
type MemoryRange ¶
MemoryRange represents a region of memory saved to the core file, it's constructed after either: 1. parsing an entry in the Memory64List stream. 2. parsing the stack field of an entry in the ThreadList stream.
func (*MemoryRange) ReadMemory ¶
func (m *MemoryRange) ReadMemory(buf []byte, addr uint64) (int, error)
ReadMemory reads len(buf) bytes of memory starting at addr into buf from this memory region.
type MemoryState ¶
type MemoryState uint32
MemoryState is the type of the State field of MINIDUMP_MEMORY_INFO
const ( MemoryStateCommit MemoryState = 0x1000 MemoryStateReserve MemoryState = 0x2000 MemoryStateFree MemoryState = 0x10000 )
func (MemoryState) String ¶
func (i MemoryState) String() string
type MemoryType ¶
type MemoryType uint32
MemoryType is the type of the Type field of MINIDUMP_MEMORY_INFO
const ( MemoryTypePrivate MemoryType = 0x20000 MemoryTypeMapped MemoryType = 0x40000 MemoryTypeImage MemoryType = 0x1000000 )
func (MemoryType) String ¶
func (i MemoryType) String() string
type Minidump ¶
type Minidump struct { Timestamp uint32 Flags FileFlags Streams []Stream Threads []Thread Modules []Module Pid uint32 MemoryRanges []MemoryRange MemoryInfo []MemoryInfo // contains filtered or unexported fields }
Minidump represents a minidump file
type Module ¶
type Module struct { BaseOfImage uint64 SizeOfImage uint32 Checksum uint32 TimeDateStamp uint32 Name string VersionInfo VSFixedFileInfo // CVRecord stores a CodeView record and is populated when a module's debug information resides in a PDB file. It identifies the PDB file. CVRecord []byte // MiscRecord is populated when a module's debug information resides in a DBG file. It identifies the DBG file. This field is effectively obsolete with modules built by recent toolchains. MiscRecord []byte }
Module represents an entry in the ModuleList stream. See: https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/ns-minidumpapiset-minidump_module
type Stream ¶
type Stream struct { Type StreamType Offset int RawData []byte }
Stream represents one (uninterpreted) stream in a minidump file. See: https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/ns-minidumpapiset-minidump_directory
type StreamType ¶
type StreamType uint32
StreamType is the type of the StreamType field of MINIDUMP_DIRECTORY
const ( UnusedStream StreamType = 0 ReservedStream0 StreamType = 1 ReservedStream1 StreamType = 2 ThreadListStream StreamType = 3 ModuleListStream StreamType = 4 MemoryListStream StreamType = 5 ExceptionStream StreamType = 6 SystemInfoStream StreamType = 7 ThreadExListStream StreamType = 8 Memory64ListStream StreamType = 9 CommentStreamA StreamType = 10 CommentStreamW StreamType = 11 HandleDataStream StreamType = 12 FunctionTableStream StreamType = 13 UnloadedModuleStream StreamType = 14 MiscInfoStream StreamType = 15 MemoryInfoListStream StreamType = 16 ThreadInfoListStream StreamType = 17 HandleOperationListStream StreamType = 18 TokenStream StreamType = 19 JavascriptDataStream StreamType = 20 SystemMemoryInfoStream StreamType = 21 ProcessVMCounterStream StreamType = 22 )
func (StreamType) String ¶
func (i StreamType) String() string
type Thread ¶
type Thread struct { ID uint32 SuspendCount uint32 PriorityClass uint32 Priority uint32 TEB uint64 Context winutil.AMD64CONTEXT }
Thread represents an entry in the ThreadList stream. See: https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/ns-minidumpapiset-minidump_thread
type VSFixedFileInfo ¶
type VSFixedFileInfo struct { Signature uint32 StructVersion uint32 FileVersionHi uint32 FileVersionLo uint32 ProductVersionHi uint32 ProductVersionLo uint32 FileFlagsMask uint32 FileFlags uint32 FileOS uint32 FileType uint32 FileSubtype uint32 FileDateHi uint32 FileDateLo uint32 }
VSFixedFileInfo Visual Studio Fixed File Info. See: https://docs.microsoft.com/en-us/windows/win32/api/verrsrc/ns-verrsrc-vs_fixedfileinfo