Discussion:
kernel dump, rdmsr
(too old to reply)
KernelNet
2009-12-30 09:03:01 UTC
Permalink
Can I read state of MSR regsiters when I'm analyzing memory dump? rdmsr
command seems to work only for live debugging. I need to read MSR 176h to
find out if ther is a hook at syscall.
Scott Noone
2009-12-30 14:02:19 UTC
Permalink
No such luck. Registers are only going to be there if they are recorded by
someone before the crash (and I don't believe that anyone snapshots these
before the crash, though you could add something if you can load a driver on
the system).

-scott
--
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
Post by KernelNet
Can I read state of MSR regsiters when I'm analyzing memory dump? rdmsr
command seems to work only for live debugging. I need to read MSR 176h to
find out if ther is a hook at syscall.
Loading...