minidump

package
v1.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 23, 2022 License: MIT Imports: 8 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Arch

type Arch uint16

Arch is the type of the ProcessorArchitecture field of MINIDUMP_SYSTEM_INFO.

const (
	CpuArchitectureX86     Arch = 0
	CpuArchitectureMips    Arch = 1
	CpuArchitectureAlpha   Arch = 2
	CpuArchitecturePPC     Arch = 3
	CpuArchitectureSHX     Arch = 4 // Super-H
	CpuArchitectureARM     Arch = 5
	CpuArchitectureIA64    Arch = 6
	CpuArchitectureAlpha64 Arch = 7
	CpuArchitectureMSIL    Arch = 8 // Microsoft Intermediate Language
	CpuArchitectureAMD64   Arch = 9
	CpuArchitectureWoW64   Arch = 10
	CpuArchitectureARM64   Arch = 12
	CpuArchitectureUnknown Arch = 0xffff
)

func (Arch) String

func (i Arch) String() string

type ErrNotAMinidump

type ErrNotAMinidump struct {
	// contains filtered or unexported fields
}

ErrNotAMinidump is the error returned when the file being loaded is not a minidump file.

func (ErrNotAMinidump) Error

func (err ErrNotAMinidump) Error() string

type FileFlags

type FileFlags uint64

FileFlags is the type of the Flags field of MINIDUMP_HEADER

const (
	FileNormal                          FileFlags = 0x00000000
	FileWithDataSegs                    FileFlags = 0x00000001
	FileWithFullMemory                  FileFlags = 0x00000002
	FileWithHandleData                  FileFlags = 0x00000004
	FileFilterMemory                    FileFlags = 0x00000008
	FileScanMemory                      FileFlags = 0x00000010
	FileWithUnloadedModules             FileFlags = 0x00000020
	FileWithIncorrectlyReferencedMemory FileFlags = 0x00000040
	FileFilterModulePaths               FileFlags = 0x00000080
	FileWithProcessThreadData           FileFlags = 0x00000100
	FileWithPrivateReadWriteMemory      FileFlags = 0x00000200
	FileWithoutOptionalData             FileFlags = 0x00000400
	FileWithFullMemoryInfo              FileFlags = 0x00000800
	FileWithThreadInfo                  FileFlags = 0x00001000
	FileWithCodeSegs                    FileFlags = 0x00002000
	FileWithoutAuxilliarySegs           FileFlags = 0x00004000
	FileWithFullAuxilliaryState         FileFlags = 0x00008000
	FileWithPrivateCopyMemory           FileFlags = 0x00010000
	FileIgnoreInaccessibleMemory        FileFlags = 0x00020000
	FileWithTokenInformation            FileFlags = 0x00040000
)

func (FileFlags) String

func (i FileFlags) String() string

type MemoryInfo

type MemoryInfo struct {
	Addr       uint64
	Size       uint64
	State      MemoryState
	Protection MemoryProtection
	Type       MemoryType
}

MemoryInfo reprents an entry in the MemoryInfoList stream. See: https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/ns-minidumpapiset-minidump_memory_info_list

type MemoryProtection

type MemoryProtection uint32

MemoryProtection is the type of the Protection field of MINIDUMP_MEMORY_INFO

const (
	MemoryProtectNoAccess         MemoryProtection = 0x01 // PAGE_NOACCESS
	MemoryProtectReadOnly         MemoryProtection = 0x02 // PAGE_READONLY
	MemoryProtectReadWrite        MemoryProtection = 0x04 // PAGE_READWRITE
	MemoryProtectWriteCopy        MemoryProtection = 0x08 // PAGE_WRITECOPY
	MemoryProtectExecute          MemoryProtection = 0x10 // PAGE_EXECUTE
	MemoryProtectExecuteRead      MemoryProtection = 0x20 // PAGE_EXECUTE_READ
	MemoryProtectExecuteReadWrite MemoryProtection = 0x40 // PAGE_EXECUTE_READWRITE
	MemoryProtectExecuteWriteCopy MemoryProtection = 0x80 // PAGE_EXECUTE_WRITECOPY
	// These options can be combined with the previous flags
	MemoryProtectPageGuard    MemoryProtection = 0x100 // PAGE_GUARD
	MemoryProtectNoCache      MemoryProtection = 0x200 // PAGE_NOCACHE
	MemoryProtectWriteCombine MemoryProtection = 0x400 // PAGE_WRITECOMBINE

)

func (MemoryProtection) String

func (i MemoryProtection) String() string

type MemoryRange

type MemoryRange struct {
	Addr uint64
	Data []byte
}

MemoryRange represents a region of memory saved to the core file, it's constructed after either: 1. parsing an entry in the Memory64List stream. 2. parsing the stack field of an entry in the ThreadList stream.

func (*MemoryRange) ReadMemory

func (m *MemoryRange) ReadMemory(buf []byte, addr uint64) (int, error)

ReadMemory reads len(buf) bytes of memory starting at addr into buf from this memory region.

type MemoryState

type MemoryState uint32

MemoryState is the type of the State field of MINIDUMP_MEMORY_INFO

const (
	MemoryStateCommit  MemoryState = 0x1000
	MemoryStateReserve MemoryState = 0x2000
	MemoryStateFree    MemoryState = 0x10000
)

func (MemoryState) String

func (i MemoryState) String() string

type MemoryType

type MemoryType uint32

MemoryType is the type of the Type field of MINIDUMP_MEMORY_INFO

const (
	MemoryTypePrivate MemoryType = 0x20000
	MemoryTypeMapped  MemoryType = 0x40000
	MemoryTypeImage   MemoryType = 0x1000000
)

func (MemoryType) String

func (i MemoryType) String() string

type Minidump

type Minidump struct {
	Timestamp uint32
	Flags     FileFlags

	Streams []Stream

	Threads []Thread
	Modules []Module

	Pid uint32

	MemoryRanges []MemoryRange
	MemoryInfo   []MemoryInfo
	// contains filtered or unexported fields
}

Minidump represents a minidump file

func Open

func Open(path string, logfn func(fmt string, args ...interface{})) (*Minidump, error)

Open reads the minidump file at path and returns it as a Minidump structure.

type Module

type Module struct {
	BaseOfImage   uint64
	SizeOfImage   uint32
	Checksum      uint32
	TimeDateStamp uint32
	Name          string
	VersionInfo   VSFixedFileInfo

	// CVRecord stores a CodeView record and is populated when a module's debug information resides in a PDB file.  It identifies the PDB file.
	CVRecord []byte

	// MiscRecord is populated when a module's debug information resides in a DBG file.  It identifies the DBG file.  This field is effectively obsolete with modules built by recent toolchains.
	MiscRecord []byte
}

Module represents an entry in the ModuleList stream. See: https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/ns-minidumpapiset-minidump_module

type Stream

type Stream struct {
	Type    StreamType
	Offset  int
	RawData []byte
}

Stream represents one (uninterpreted) stream in a minidump file. See: https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/ns-minidumpapiset-minidump_directory

type StreamType

type StreamType uint32

StreamType is the type of the StreamType field of MINIDUMP_DIRECTORY

const (
	UnusedStream              StreamType = 0
	ReservedStream0           StreamType = 1
	ReservedStream1           StreamType = 2
	ThreadListStream          StreamType = 3
	ModuleListStream          StreamType = 4
	MemoryListStream          StreamType = 5
	ExceptionStream           StreamType = 6
	SystemInfoStream          StreamType = 7
	ThreadExListStream        StreamType = 8
	Memory64ListStream        StreamType = 9
	CommentStreamA            StreamType = 10
	CommentStreamW            StreamType = 11
	HandleDataStream          StreamType = 12
	FunctionTableStream       StreamType = 13
	UnloadedModuleStream      StreamType = 14
	MiscInfoStream            StreamType = 15
	MemoryInfoListStream      StreamType = 16
	ThreadInfoListStream      StreamType = 17
	HandleOperationListStream StreamType = 18
	TokenStream               StreamType = 19
	JavascriptDataStream      StreamType = 20
	SystemMemoryInfoStream    StreamType = 21
	ProcessVMCounterStream    StreamType = 22
)

func (StreamType) String

func (i StreamType) String() string

type Thread

type Thread struct {
	ID            uint32
	SuspendCount  uint32
	PriorityClass uint32
	Priority      uint32
	TEB           uint64
	Context       winutil.AMD64CONTEXT
}

Thread represents an entry in the ThreadList stream. See: https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/ns-minidumpapiset-minidump_thread

type VSFixedFileInfo

type VSFixedFileInfo struct {
	Signature        uint32
	StructVersion    uint32
	FileVersionHi    uint32
	FileVersionLo    uint32
	ProductVersionHi uint32
	ProductVersionLo uint32
	FileFlagsMask    uint32
	FileFlags        uint32
	FileOS           uint32
	FileType         uint32
	FileSubtype      uint32
	FileDateHi       uint32
	FileDateLo       uint32
}

VSFixedFileInfo Visual Studio Fixed File Info. See: https://docs.microsoft.com/en-us/windows/win32/api/verrsrc/ns-verrsrc-vs_fixedfileinfo

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL