git.proxmox.com Git - mirror_qemu.git/commit

author	Viktor Prutyanov <viktor@daynix.com>
	Wed, 22 Feb 2023 21:12:46 +0000 (00:12 +0300)
committer	Peter Maydell <peter.maydell@linaro.org>
	Tue, 21 Mar 2023 13:19:07 +0000 (13:19 +0000)
commit	d399d6b179f07b9904de0e76d06c77a3d0a66b51
tree	6e9ae93486930855a5f89f1259348e9f4f04feec	tree
parent	06ac60b73e6abe1209d0ed1aca69d7f79f95b30b	commit \| diff

contrib/elf2dmp: add PE name check and Windows Server 2022 support

Since its inception elf2dmp has checked MZ signatures within an
address space above IDT[0] interrupt vector and took first PE image
found as Windows Kernel.
But in Windows Server 2022 memory dump this address space range is
full of invalid PE fragments and the tool must check that PE image
is 'ntoskrnl.exe' actually.
So, introduce additional validation by checking image name from
Export Directory against 'ntoskrnl.exe'.

Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
Tested-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Reviewed-by: Annie Li <annie.li@oracle.com>
Message-id: 20230222211246.883679-4-viktor@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

contrib/elf2dmp/main.c		diff \| blob \| blame \| history
contrib/elf2dmp/pe.h		diff \| blob \| blame \| history