Re: [Vol-users] Volatility Call for Bugs
8 Jul
2009
8 Jul
'09
5:32 p.m.
Andreas,
Any help would be greatly appreciated! Especially if you have access to
the tools. I think your testing methodology is along the correct path.
The most important aspect from my perspective will be to compare the two
converted samples and enumerate any differences. Then compare those
differences to the pages found in either prehib.vmem or posthib.vmem.
Leveraging those samples as a form of ground truth. Depending on the load
on the system you may need to compare the converted samples from within
the virtual address space.
I'm extremely interested to see your results. I know moyix did a lot of
testing before we released the hibernation support.
Feel free to move this discussion to vol-dev or the IRC channel. They are
probably better forums.
Thanks,
AW
On Wed, 8 Jul 2009, Andreas Schuster wrote:
All,
Maybe I can help with the test case. I could reactivate the VM that I created
to research the non-paged pool persistence about a year ago. It's a clean
install of Windows XP, 32 bit, Service Pack 2, and only a few background
services running.
What are your opinions on the following test plan:
1. start VM, boot Windows
2. enable hibernation
3. suspend VM
4. copy VMEM to prehib.vmem
5. resume VM
6. cause system to hibernate, VM stops
7. map system disk
8. copy hiberfil.sys
9. unmap system disk
10. start VM, resume Windows
11. suspend VM
12. copy VMEM to posthib.vmem
13. Compare prehib.vmem and posthib.vmem page by page (assuming a page size
of 4kiB, and neglecting large pages here). Assume, that identical pages also
were unchanged at time of hibernation.
14. Process hiberfil.sys by tool of choice. Verify, that unchanged pages
(step 13) match.
This would give us a first estimate of quality. A thorough test would require
a hiberfil.sys that has been constructed such that every possible code path
(in the original algorithm) is executed at least once. But, unfortunately,
that exceeds my abilities.
Cheers,
Andreas
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users