Creating a WinDbg-readable dump of QEmu guest OS

Question

I am running QEmu on Linux and the virtualized OS is Windows XP. I would like to have either the 1st or the 2nd possibility:

1. to apply a command in QEmu which creates a dump that can be opened with WinDbg
2. to apply a command in QEmu which creates a dump of a particular type and then use another utility to make it readable with WinDbg

I know about QEmu's "dump-guest-memory" (creates an ELF-dump), rekall's raw2dmp plugin and Volatility's raw2dmp plugin. The output can be scanned by WinDbg, but in fact you face the problem of a bad header - probably, the most important part of a dump, which is good for nothing when the dump was created using tools/plugins mentioned above. Many fields are lacking in correct details. Comparing to a normal dump created by Windows OS itself (for example, when crashing), which contains information which is full and correct.

I am a student and I got the task to resolve this problem. I think it is reasonable to ensure that it has not been completed yet by anybody so doing it does make sense.

Answer 1

if Qemu Monitor commands are acceptable set the crashonctrlscroll registry key in the guest os

set the dump creation parameters in SystemApplet

Mycomputer->properties->Advanced->Startup and Recovery->Settings->Complete memory dump)
path , no overwrite , uncheck automatically restart     

and from Qemu monitor shell use sendkeys ctrl_r-scroll_lock-scroll_lock

that will generate a dump that will be windbg compatible

manually initiated_crash bugcheck code 0xe2 

screen shot of a 700 mb ram xp64 guest os running inside qemu on a 32 bit xp32 os