Struct KernelDumpParser 

pub struct KernelDumpParser { /* private fields */ }

A kernel dump parser that gives access to the physical memory space stored in the dump. It also offers virtual to physical memory translation as well as a virtual read facility.

Implementations

impl KernelDumpParser

pub fn with_reader(reader: impl Reader + 'static) -> Result<Self>

Create an instance from a Reader & parse the file.

pub fn new(dump_path: impl AsRef<Path>) -> Result<Self>

Create an instance from a file path; depending on the file size, it’ll either memory maps it or open it as a regular file.

pub fn physmem(&self) -> impl ExactSizeIterator<Item = (Gpa, u64)> + '_

Physical memory map that maps page aligned Gpa to offset where the content of the page can be found. The offset is relevant with the associated reader.

pub fn kernel_modules( &self, ) -> impl ExactSizeIterator<Item = (&Range<Gva>, &str)> + '_

Kernel modules loaded when the dump was taken.

pub fn user_modules( &self, ) -> impl ExactSizeIterator<Item = (&Range<Gva>, &str)> + '_

User modules loaded when the dump was taken.

pub fn dump_type(&self) -> DumpType

What kind of dump is it?

pub fn headers(&self) -> &Header64

Get the dump headers.

pub fn exception_record(&self) -> &ExceptionRecord64

Get the exception record.

pub fn context_record(&self) -> &Context

Get the context record.

Trait Implementations

impl Debug for KernelDumpParser

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.