qemu/include/qemu/win_dump_defs.h
<<
>>
Prefs 
   1/*
   2 * Windows crashdump definitions
   3 *
   4 * Copyright (c) 2018 Virtuozzo International GmbH
   5 *
   6 * This work is licensed under the terms of the GNU GPL, version 2 or later.
   7 * See the COPYING file in the top-level directory.
   8 *
   9 */
  10
  11#ifndef QEMU_WIN_DUMP_DEFS_H
  12#define QEMU_WIN_DUMP_DEFS_H
  13
  14typedef struct WinDumpPhyMemRun64 {
  15    uint64_t BasePage;
  16    uint64_t PageCount;
  17} QEMU_PACKED WinDumpPhyMemRun64;
  18
  19typedef struct WinDumpPhyMemDesc64 {
  20    uint32_t NumberOfRuns;
  21    uint32_t unused;
  22    uint64_t NumberOfPages;
  23    WinDumpPhyMemRun64 Run[43];
  24} QEMU_PACKED WinDumpPhyMemDesc64;
  25
  26typedef struct WinDumpExceptionRecord {
  27    uint32_t ExceptionCode;
  28    uint32_t ExceptionFlags;
  29    uint64_t ExceptionRecord;
  30    uint64_t ExceptionAddress;
  31    uint32_t NumberParameters;
  32    uint32_t unused;
  33    uint64_t ExceptionInformation[15];
  34} QEMU_PACKED WinDumpExceptionRecord;
  35
  36typedef struct WinDumpHeader64 {
  37    char Signature[4];
  38    char ValidDump[4];
  39    uint32_t MajorVersion;
  40    uint32_t MinorVersion;
  41    uint64_t DirectoryTableBase;
  42    uint64_t PfnDatabase;
  43    uint64_t PsLoadedModuleList;
  44    uint64_t PsActiveProcessHead;
  45    uint32_t MachineImageType;
  46    uint32_t NumberProcessors;
  47    union {
  48        struct {
  49            uint32_t BugcheckCode;
  50            uint32_t unused0;
  51            uint64_t BugcheckParameter1;
  52            uint64_t BugcheckParameter2;
  53            uint64_t BugcheckParameter3;
  54            uint64_t BugcheckParameter4;
  55        };
  56        uint8_t BugcheckData[40];
  57    };
  58    uint8_t VersionUser[32];
  59    uint64_t KdDebuggerDataBlock;
  60    union {
  61        WinDumpPhyMemDesc64 PhysicalMemoryBlock;
  62        uint8_t PhysicalMemoryBlockBuffer[704];
  63    };
  64    union {
  65        uint8_t ContextBuffer[3000];
  66    };
  67    WinDumpExceptionRecord Exception;
  68    uint32_t DumpType;
  69    uint32_t unused1;
  70    uint64_t RequiredDumpSpace;
  71    uint64_t SystemTime;
  72    char Comment[128];
  73    uint64_t SystemUpTime;
  74    uint32_t MiniDumpFields;
  75    uint32_t SecondaryDataState;
  76    uint32_t ProductType;
  77    uint32_t SuiteMask;
  78    uint32_t WriterStatus;
  79    uint8_t unused2;
  80    uint8_t KdSecondaryVersion;
  81    uint8_t reserved[4018];
  82} QEMU_PACKED WinDumpHeader64;
  83
  84#define KDBG_OWNER_TAG_OFFSET64             0x10
  85#define KDBG_MM_PFN_DATABASE_OFFSET64       0xC0
  86#define KDBG_KI_BUGCHECK_DATA_OFFSET64      0x88
  87#define KDBG_KI_PROCESSOR_BLOCK_OFFSET64    0x218
  88#define KDBG_OFFSET_PRCB_CONTEXT_OFFSET64   0x338
  89
  90#define VMCOREINFO_ELF_NOTE_HDR_SIZE    24
  91
  92#define WIN_CTX_X64 0x00100000L
  93
  94#define WIN_CTX_CTL 0x00000001L
  95#define WIN_CTX_INT 0x00000002L
  96#define WIN_CTX_SEG 0x00000004L
  97#define WIN_CTX_FP  0x00000008L
  98#define WIN_CTX_DBG 0x00000010L
  99
 100#define WIN_CTX_FULL    (WIN_CTX_X64 | WIN_CTX_CTL | WIN_CTX_INT | WIN_CTX_FP)
 101#define WIN_CTX_ALL     (WIN_CTX_FULL | WIN_CTX_SEG | WIN_CTX_DBG)
 102
 103#define LIVE_SYSTEM_DUMP    0x00000161
 104
 105typedef struct WinM128A {
 106    uint64_t low;
 107    int64_t high;
 108} QEMU_ALIGNED(16) WinM128A;
 109
 110typedef struct WinContext {
 111    uint64_t PHome[6];
 112
 113    uint32_t ContextFlags;
 114    uint32_t MxCsr;
 115
 116    uint16_t SegCs;
 117    uint16_t SegDs;
 118    uint16_t SegEs;
 119    uint16_t SegFs;
 120    uint16_t SegGs;
 121    uint16_t SegSs;
 122    uint32_t EFlags;
 123
 124    uint64_t Dr0;
 125    uint64_t Dr1;
 126    uint64_t Dr2;
 127    uint64_t Dr3;
 128    uint64_t Dr6;
 129    uint64_t Dr7;
 130
 131    uint64_t Rax;
 132    uint64_t Rcx;
 133    uint64_t Rdx;
 134    uint64_t Rbx;
 135    uint64_t Rsp;
 136    uint64_t Rbp;
 137    uint64_t Rsi;
 138    uint64_t Rdi;
 139    uint64_t R8;
 140    uint64_t R9;
 141    uint64_t R10;
 142    uint64_t R11;
 143    uint64_t R12;
 144    uint64_t R13;
 145    uint64_t R14;
 146    uint64_t R15;
 147
 148    uint64_t Rip;
 149
 150    struct {
 151        uint16_t ControlWord;
 152        uint16_t StatusWord;
 153        uint8_t TagWord;
 154        uint8_t Reserved1;
 155        uint16_t ErrorOpcode;
 156        uint32_t ErrorOffset;
 157        uint16_t ErrorSelector;
 158        uint16_t Reserved2;
 159        uint32_t DataOffset;
 160        uint16_t DataSelector;
 161        uint16_t Reserved3;
 162        uint32_t MxCsr;
 163        uint32_t MxCsr_Mask;
 164        WinM128A FloatRegisters[8];
 165        WinM128A XmmRegisters[16];
 166        uint8_t Reserved4[96];
 167    } FltSave;
 168
 169    WinM128A VectorRegister[26];
 170    uint64_t VectorControl;
 171
 172    uint64_t DebugControl;
 173    uint64_t LastBranchToRip;
 174    uint64_t LastBranchFromRip;
 175    uint64_t LastExceptionToRip;
 176    uint64_t LastExceptionFromRip;
 177} QEMU_ALIGNED(16) WinContext;
 178
 179#endif /* QEMU_WIN_DUMP_DEFS_H */
 180
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.