Struct DumpMetadata 

pub struct DumpMetadata {
    pub cr3: Option<u64>,
    pub machine_type: Option<MachineType>,
    pub os_version: Option<(u32, u32)>,
    pub num_processors: Option<u32>,
    pub ps_active_process_head: Option<u64>,
    pub ps_loaded_module_list: Option<u64>,
    pub kd_debugger_data_block: Option<u64>,
    pub system_time: Option<u64>,
    pub dump_type: Option<String>,
}

Optional metadata extracted from dump file headers.

Windows crash dumps embed analysis-critical fields directly in the header: CR3 (page table root), PsActiveProcessHead (EPROCESS list), and PsLoadedModuleList (driver list). These let downstream crates bootstrap kernel walking without symbol resolution.

Fields

cr3: Option<u64>

Page table root physical address (CR3 / DirectoryTableBase).

machine_type: Option<MachineType>

Machine architecture.

os_version: Option<(u32, u32)>

OS major and minor version from the dump header.

num_processors: Option<u32>

Number of processors.

ps_active_process_head: Option<u64>

Virtual address of PsActiveProcessHead (EPROCESS linked list head).

ps_loaded_module_list: Option<u64>

Virtual address of PsLoadedModuleList (loaded driver list head).

kd_debugger_data_block: Option<u64>

Virtual address of KdDebuggerDataBlock.

system_time: Option<u64>

System time at dump creation (Windows FILETIME, 100ns intervals since 1601-01-01).

dump_type: Option<String>

Human-readable dump sub-type (e.g., “Full”, “Kernel”, “Bitmap”).

Trait Implementations

impl Clone for DumpMetadata

fn clone(&self) -> DumpMetadata

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for DumpMetadata

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for DumpMetadata

fn default() -> DumpMetadata

Returns the “default value” for a type.