Skip to main content

CrashDumpBuilder

memf_format::test_builders

Struct CrashDumpBuilder 

Source 
pub struct CrashDumpBuilder { /* private fields */ }
Expand description

Build a synthetic Windows 64-bit crash dump (_DUMP_HEADER64).

Produces an 8192-byte header followed by physical memory page data. Supports both run-based (DumpType 0x01) and bitmap (DumpType 0x02/0x05) layouts.

Header layout (little-endian, key offsets):

  • 0x000: “PAGE” magic (u32 = 0x4547_4150)
  • 0x004: “DU64” signature (u32 = 0x3436_5544)
  • 0x010: DirectoryTableBase / CR3 (u64)
  • 0x020: PsLoadedModuleList (u64)
  • 0x028: PsActiveProcessHead (u64)
  • 0x030: MachineImageType (u32)
  • 0x034: NumberProcessors (u32)
  • 0x080: KdDebuggerDataBlock (u64)
  • 0x088: PhysicalMemoryBlockBuffer — NumberOfRuns(u32) + pad(u32) + NumberOfPages(u64) + Runs[]
  • 0xF98: DumpType (u32)
  • 0xFA8: SystemTime (u64)

Implementations§

Source§

impl CrashDumpBuilder

Source

pub fn new() -> Self

Create a builder with sensible AMD64 defaults (DumpType = Full / run-based).

Source

pub fn add_run(self, base_page: u64, data: &[u8]) -> Self

Add a physical memory run starting at base_page (PFN) with the given page data. data.len() must be a multiple of 4096.

Source

pub fn cr3(self, val: u64) -> Self

Set the CR3 / DirectoryTableBase value.

Source

pub fn ps_active_process_head(self, val: u64) -> Self

Set the PsActiveProcessHead virtual address.

Source

pub fn ps_loaded_module_list(self, val: u64) -> Self

Set the PsLoadedModuleList virtual address.

Source

pub fn kd_debugger_data_block(self, val: u64) -> Self

Set the KdDebuggerDataBlock virtual address.

Source

pub fn machine_type(self, val: u32) -> Self

Set the MachineImageType (0x8664=AMD64, 0x014C=I386, 0xAA64=AArch64).

Source

pub fn num_processors(self, val: u32) -> Self

Set the number of processors.

Source

pub fn dump_type(self, val: u32) -> Self

Set the DumpType (0x01=Full, 0x02=Kernel/Bitmap, 0x05=Bitmap).

Source

pub fn system_time(self, val: u64) -> Self

Set the SystemTime value.

Source

pub fn build(self) -> Vec<u8>

Build the complete crash dump as a byte vector.

Trait Implementations§

Source§

impl Default for CrashDumpBuilder

Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.