Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Arch ¶
type Arch uint16
Arch is the type of the ProcessorArchitecture field of MINIDUMP_SYSTEM_INFO.
const ( CpuArchitectureX86 Arch = 0 CpuArchitectureMips Arch = 1 CpuArchitectureAlpha Arch = 2 CpuArchitecturePPC Arch = 3 CpuArchitectureSHX Arch = 4 // Super-H CpuArchitectureARM Arch = 5 CpuArchitectureIA64 Arch = 6 CpuArchitectureAlpha64 Arch = 7 CpuArchitectureMSIL Arch = 8 // Microsoft Intermediate Language CpuArchitectureAMD64 Arch = 9 CpuArchitectureWoW64 Arch = 10 CpuArchitectureARM64 Arch = 12 CpuArchitectureUnknown Arch = 0xffff )
type ErrNotAMinidump ¶
type ErrNotAMinidump struct {
// contains filtered or unexported fields
}
ErrNotAMinidump is the error returned when the file being loaded is not a minidump file.
func (ErrNotAMinidump) Error ¶
func (err ErrNotAMinidump) Error() string
type FileFlags ¶
type FileFlags uint64
FileFlags is the type of the Flags field of MINIDUMP_HEADER
const ( FileNormal FileFlags = 0x00000000 FileWithDataSegs FileFlags = 0x00000001 FileWithFullMemory FileFlags = 0x00000002 FileWithHandleData FileFlags = 0x00000004 FileFilterMemory FileFlags = 0x00000008 FileScanMemory FileFlags = 0x00000010 FileWithUnloadedModules FileFlags = 0x00000020 FileWithIncorrectlyReferencedMemory FileFlags = 0x00000040 FileFilterModulePaths FileFlags = 0x00000080 FileWithProcessThreadData FileFlags = 0x00000100 FileWithPrivateReadWriteMemory FileFlags = 0x00000200 FileWithoutOptionalData FileFlags = 0x00000400 FileWithFullMemoryInfo FileFlags = 0x00000800 FileWithThreadInfo FileFlags = 0x00001000 FileWithCodeSegs FileFlags = 0x00002000 FileWithoutAuxilliarySegs FileFlags = 0x00004000 FileWithFullAuxilliaryState FileFlags = 0x00008000 FileWithPrivateCopyMemory FileFlags = 0x00010000 FileIgnoreInaccessibleMemory FileFlags = 0x00020000 FileWithTokenInformation FileFlags = 0x00040000 )
type MemoryInfo ¶
type MemoryInfo struct {
Addr uint64
Size uint64
State MemoryState
Protection MemoryProtection
Type MemoryType
}
MemoryInfo represents an entry in the MemoryInfoList stream. See: https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/ns-minidumpapiset-minidump_memory_info_list
type MemoryProtection ¶
type MemoryProtection uint32
MemoryProtection is the type of the Protection field of MINIDUMP_MEMORY_INFO
const ( MemoryProtectNoAccess MemoryProtection = 0x01 // PAGE_NOACCESS MemoryProtectReadOnly MemoryProtection = 0x02 // PAGE_READONLY MemoryProtectReadWrite MemoryProtection = 0x04 // PAGE_READWRITE MemoryProtectWriteCopy MemoryProtection = 0x08 // PAGE_WRITECOPY MemoryProtectExecute MemoryProtection = 0x10 // PAGE_EXECUTE MemoryProtectExecuteRead MemoryProtection = 0x20 // PAGE_EXECUTE_READ MemoryProtectExecuteReadWrite MemoryProtection = 0x40 // PAGE_EXECUTE_READWRITE MemoryProtectExecuteWriteCopy MemoryProtection = 0x80 // PAGE_EXECUTE_WRITECOPY // These options can be combined with the previous flags MemoryProtectPageGuard MemoryProtection = 0x100 // PAGE_GUARD MemoryProtectNoCache MemoryProtection = 0x200 // PAGE_NOCACHE MemoryProtectWriteCombine MemoryProtection = 0x400 // PAGE_WRITECOMBINE )
func (MemoryProtection) String ¶
func (i MemoryProtection) String() string
type MemoryRange ¶
MemoryRange represents a region of memory saved to the core file, it's constructed after either: 1. parsing an entry in the Memory64List stream. 2. parsing the stack field of an entry in the ThreadList stream.
func (*MemoryRange) ReadMemory ¶
func (m *MemoryRange) ReadMemory(buf []byte, addr uint64) (int, error)
ReadMemory reads len(buf) bytes of memory starting at addr into buf from this memory region.
type MemoryState ¶
type MemoryState uint32
MemoryState is the type of the State field of MINIDUMP_MEMORY_INFO
const ( MemoryStateCommit MemoryState = 0x1000 MemoryStateReserve MemoryState = 0x2000 MemoryStateFree MemoryState = 0x10000 )
func (MemoryState) String ¶
func (i MemoryState) String() string
type MemoryType ¶
type MemoryType uint32
MemoryType is the type of the Type field of MINIDUMP_MEMORY_INFO
const ( MemoryTypePrivate MemoryType = 0x20000 MemoryTypeMapped MemoryType = 0x40000 MemoryTypeImage MemoryType = 0x1000000 )
func (MemoryType) String ¶
func (i MemoryType) String() string
type Minidump ¶
type Minidump struct {
Timestamp uint32
Flags FileFlags
Streams []Stream
Threads []Thread
Modules []Module
Pid uint32
MemoryRanges []MemoryRange
MemoryInfo []MemoryInfo
// contains filtered or unexported fields
}
Minidump represents a minidump file
type Module ¶
type Module struct {
BaseOfImage uint64
SizeOfImage uint32
Checksum uint32
TimeDateStamp uint32
Name string
VersionInfo VSFixedFileInfo
// CVRecord stores a CodeView record and is populated when a module's debug information resides in a PDB file. It identifies the PDB file.
CVRecord []byte
// MiscRecord is populated when a module's debug information resides in a DBG file. It identifies the DBG file. This field is effectively obsolete with modules built by recent toolchains.
MiscRecord []byte
}
Module represents an entry in the ModuleList stream. See: https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/ns-minidumpapiset-minidump_module
type Stream ¶
type Stream struct {
Type StreamType
Offset int
RawData []byte
}
Stream represents one (uninterpreted) stream in a minidump file. See: https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/ns-minidumpapiset-minidump_directory
type StreamType ¶
type StreamType uint32
StreamType is the type of the StreamType field of MINIDUMP_DIRECTORY
const ( UnusedStream StreamType = 0 ReservedStream0 StreamType = 1 ReservedStream1 StreamType = 2 ThreadListStream StreamType = 3 ModuleListStream StreamType = 4 MemoryListStream StreamType = 5 ExceptionStream StreamType = 6 SystemInfoStream StreamType = 7 ThreadExListStream StreamType = 8 Memory64ListStream StreamType = 9 CommentStreamA StreamType = 10 CommentStreamW StreamType = 11 HandleDataStream StreamType = 12 FunctionTableStream StreamType = 13 UnloadedModuleStream StreamType = 14 MiscInfoStream StreamType = 15 MemoryInfoListStream StreamType = 16 ThreadInfoListStream StreamType = 17 HandleOperationListStream StreamType = 18 TokenStream StreamType = 19 JavascriptDataStream StreamType = 20 SystemMemoryInfoStream StreamType = 21 ProcessVMCounterStream StreamType = 22 )
func (StreamType) String ¶
func (i StreamType) String() string
type Thread ¶
type Thread struct {
ID uint32
SuspendCount uint32
PriorityClass uint32
Priority uint32
TEB uint64
Context winutil.AMD64CONTEXT
}
Thread represents an entry in the ThreadList stream. See: https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/ns-minidumpapiset-minidump_thread
type VSFixedFileInfo ¶
type VSFixedFileInfo struct {
Signature uint32
StructVersion uint32
FileVersionHi uint32
FileVersionLo uint32
ProductVersionHi uint32
ProductVersionLo uint32
FileFlagsMask uint32
FileFlags uint32
FileOS uint32
FileType uint32
FileSubtype uint32
FileDateHi uint32
FileDateLo uint32
}
VSFixedFileInfo Visual Studio Fixed File Info. See: https://docs.microsoft.com/en-us/windows/win32/api/verrsrc/ns-verrsrc-vs_fixedfileinfo
Source Files