Skip Menu |

This queue is for tickets about the Sys-Virt CPAN distribution.

Report information
The Basics
Id: 72572
Status: resolved
Priority: 0/
Queue: Sys-Virt
People
Owner: Nobody in particular
Requestors: perl-cpan [...] richardharman.com
Cc:
AdminCc:
Bug Information
Severity: Wishlist
Broken in: 0.9.7
Fixed in: (no value)

History Show all quoted text
  Sun Nov 20 20:21:40 2011 perl-cpan [...] richardharman.com - Ticket created
Subject: RFE - expose QEmu pmemsave or qemu_monitor_command
I do malicious code analysis under virtual machines, and am using Sys::Virt to automate some of my analysis, e.g. creating a non-persistent VM based on another VM's disk image w/ a qcow2 file for copy-on-write, snapshots, etc. Sometimes I need to get a physical memory dump of a VM for analysis under utilities like the volatility framework(*1), which prefers pmemsave dumps, and chokes on the core dumps created by $vmm->core_dump(), which appears to be the qemu memsave command. Any chance I could get a core dump that is of the pmemsave flavor? https://www.volatilesystems.com/default/volatility
  Tue Nov 05 01:33:42 2013 dan [...] berrange.com - Correspondence added
QEMU 1.1 gained support for a new monitor command "guest-dump-memory" which allowed for dumping a "pure" guest memory image, rather than the older "migration stream" memory. This is supported with libvirt 0.10.0 or later, by passing VIR_DUMP_MEMORY_ONLY flag to the virDomainCoreDump APi
  Tue Nov 05 01:33:42 2013 The RT System itself - Status changed from 'new' to 'open'
  Tue Nov 05 01:33:43 2013 dan [...] berrange.com - Status changed from 'open' to 'resolved'