sha0coder
Dump to Mini DuMP format
As a user, I want to run an executable, get it into a certain state (unpacked), then analyze it with static tools like Ghidra
To dump all memory in .dmp format would be great!
Not sure if https://github.com/rust-minidump/rust-minidump can serialize or only parse.
│ ╭───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮ │
│ │ Plan to Implement Minidump Generation for MWEMU │ │
│ │ │ │
│ │ I'll implement minidump generation for the emulator panic handler using a hybrid approach: │ │
│ │ │ │
│ │ 1. Add minidump-writer dependency │ │
│ │ │ │
│ │ - Add minidump-writer = "0.8" to Cargo.toml │ │
│ │ - Also add minidump-common for type definitions │ │
│ │ │ │
│ │ 2. Create a minidump module │ │
│ │ │ │
│ │ - Create mwemu/src/minidump.rs with functions to convert emulator state to minidump format │ │
│ │ - Implement conversion functions for: │ │
│ │ - System information (from emulator config) │ │
│ │ - Exception information (from panic info) │ │
│ │ - Thread context (from emulator registers) │ │
│ │ - Memory regions (from emulator maps) │ │
│ │ - Module list (from loaded DLLs/EXEs) │ │
│ │ │ │
│ │ 3. Implement custom minidump writer │ │
│ │ │ │
│ │ Since minidump-writer expects real process data, I'll create a custom implementation that: │ │
│ │ - Manually constructs the minidump file format │ │
│ │ - Writes the header with "MDMP" signature │ │
│ │ - Creates streams for: │ │
│ │ - SystemInfo (Windows version, CPU architecture) │ │
│ │ - Exception (with panic location and error code) │ │
│ │ - ThreadList (single thread with emulator's register state) │ │
│ │ - MemoryList (key memory regions from dumps) │ │
│ │ - ModuleList (loaded PE files) │ │
│ │ │ │
│ │ 4. Integrate with panic handler │ │
│ │ │ │
│ │ - Modify the panic handler in main.rs to: │ │
│ │ - Call the minidump generation function │ │
│ │ - Save the minidump file alongside the memory dumps │ │
│ │ - Include timestamp in filename (e.g., mwemu_20250802_162358.dmp) │ │
│ │ │ │
│ │ 5. Test implementation │ │
│ │ │ │
│ │ - Create a test case that triggers the panic │ │
│ │ - Verify the generated minidump can be opened in WinDbg or other debuggers │ │
│ │ │ │
│ │ This approach will create standard minidump files that can be analyzed with existing tools while capturing the emulator's state at the time of panic. │ │
│ ╰───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯ │
Hello, it would be very useful :)
Probably is more convenient writing it from scratch in a safe way, libs are using unsafe structs:
https://crates.io/crates/minidump-writer
https://docs.rs/crash-context/0.6.3/crash_context/struct.CrashContext.html
https://github.com/rust-minidump/minidump-writer/blob/main/src/windows/minidump_writer.rs
regards.
The context struct on a windows: https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-context