qemu/win_dump.h
<<
>>
Prefs
   1/*
   2 * Windows crashdump
   3 *
   4 * Copyright (c) 2018 Virtuozzo International GmbH
   5 *
   6 * This work is licensed under the terms of the GNU GPL, version 2 or later.
   7 * See the COPYING file in the top-level directory.
   8 *
   9 */
  10
  11typedef struct WinDumpPhyMemRun64 {
  12    uint64_t BasePage;
  13    uint64_t PageCount;
  14} QEMU_PACKED WinDumpPhyMemRun64;
  15
  16typedef struct WinDumpPhyMemDesc64 {
  17    uint32_t NumberOfRuns;
  18    uint32_t unused;
  19    uint64_t NumberOfPages;
  20    WinDumpPhyMemRun64 Run[43];
  21} QEMU_PACKED WinDumpPhyMemDesc64;
  22
  23typedef struct WinDumpExceptionRecord {
  24    uint32_t ExceptionCode;
  25    uint32_t ExceptionFlags;
  26    uint64_t ExceptionRecord;
  27    uint64_t ExceptionAddress;
  28    uint32_t NumberParameters;
  29    uint32_t unused;
  30    uint64_t ExceptionInformation[15];
  31} QEMU_PACKED WinDumpExceptionRecord;
  32
  33typedef struct WinDumpHeader64 {
  34    char Signature[4];
  35    char ValidDump[4];
  36    uint32_t MajorVersion;
  37    uint32_t MinorVersion;
  38    uint64_t DirectoryTableBase;
  39    uint64_t PfnDatabase;
  40    uint64_t PsLoadedModuleList;
  41    uint64_t PsActiveProcessHead;
  42    uint32_t MachineImageType;
  43    uint32_t NumberProcessors;
  44    union {
  45        struct {
  46            uint32_t BugcheckCode;
  47            uint32_t unused0;
  48            uint64_t BugcheckParameter1;
  49            uint64_t BugcheckParameter2;
  50            uint64_t BugcheckParameter3;
  51            uint64_t BugcheckParameter4;
  52        };
  53        uint8_t BugcheckData[40];
  54    };
  55    uint8_t VersionUser[32];
  56    uint64_t KdDebuggerDataBlock;
  57    union {
  58        WinDumpPhyMemDesc64 PhysicalMemoryBlock;
  59        uint8_t PhysicalMemoryBlockBuffer[704];
  60    };
  61    union {
  62        uint8_t ContextBuffer[3000];
  63    };
  64    WinDumpExceptionRecord Exception;
  65    uint32_t DumpType;
  66    uint32_t unused1;
  67    uint64_t RequiredDumpSpace;
  68    uint64_t SystemTime;
  69    char Comment[128];
  70    uint64_t SystemUpTime;
  71    uint32_t MiniDumpFields;
  72    uint32_t SecondaryDataState;
  73    uint32_t ProductType;
  74    uint32_t SuiteMask;
  75    uint32_t WriterStatus;
  76    uint8_t unused2;
  77    uint8_t KdSecondaryVersion;
  78    uint8_t reserved[4018];
  79} QEMU_PACKED WinDumpHeader64;
  80
  81void create_win_dump(DumpState *s, Error **errp);
  82
  83#define KDBG_OWNER_TAG_OFFSET64             0x10
  84#define KDBG_MM_PFN_DATABASE_OFFSET64       0xC0
  85#define KDBG_KI_BUGCHECK_DATA_OFFSET64      0x88
  86#define KDBG_KI_PROCESSOR_BLOCK_OFFSET64    0x218
  87#define KDBG_OFFSET_PRCB_CONTEXT_OFFSET64   0x338
  88
  89#define VMCOREINFO_ELF_NOTE_HDR_SIZE    24
  90
  91#define WIN_CTX_X64 0x00100000L
  92
  93#define WIN_CTX_CTL 0x00000001L
  94#define WIN_CTX_INT 0x00000002L
  95#define WIN_CTX_SEG 0x00000004L
  96#define WIN_CTX_FP  0x00000008L
  97#define WIN_CTX_DBG 0x00000010L
  98
  99#define WIN_CTX_FULL    (WIN_CTX_X64 | WIN_CTX_CTL | WIN_CTX_INT | WIN_CTX_FP)
 100#define WIN_CTX_ALL     (WIN_CTX_FULL | WIN_CTX_SEG | WIN_CTX_DBG)
 101
 102#define LIVE_SYSTEM_DUMP    0x00000161
 103
 104typedef struct WinM128A {
 105    uint64_t low;
 106    int64_t high;
 107} QEMU_ALIGNED(16) WinM128A;
 108
 109typedef struct WinContext {
 110    uint64_t PHome[6];
 111
 112    uint32_t ContextFlags;
 113    uint32_t MxCsr;
 114
 115    uint16_t SegCs;
 116    uint16_t SegDs;
 117    uint16_t SegEs;
 118    uint16_t SegFs;
 119    uint16_t SegGs;
 120    uint16_t SegSs;
 121    uint32_t EFlags;
 122
 123    uint64_t Dr0;
 124    uint64_t Dr1;
 125    uint64_t Dr2;
 126    uint64_t Dr3;
 127    uint64_t Dr6;
 128    uint64_t Dr7;
 129
 130    uint64_t Rax;
 131    uint64_t Rcx;
 132    uint64_t Rdx;
 133    uint64_t Rbx;
 134    uint64_t Rsp;
 135    uint64_t Rbp;
 136    uint64_t Rsi;
 137    uint64_t Rdi;
 138    uint64_t R8;
 139    uint64_t R9;
 140    uint64_t R10;
 141    uint64_t R11;
 142    uint64_t R12;
 143    uint64_t R13;
 144    uint64_t R14;
 145    uint64_t R15;
 146
 147    uint64_t Rip;
 148
 149    struct {
 150        uint16_t ControlWord;
 151        uint16_t StatusWord;
 152        uint8_t TagWord;
 153        uint8_t Reserved1;
 154        uint16_t ErrorOpcode;
 155        uint32_t ErrorOffset;
 156        uint16_t ErrorSelector;
 157        uint16_t Reserved2;
 158        uint32_t DataOffset;
 159        uint16_t DataSelector;
 160        uint16_t Reserved3;
 161        uint32_t MxCsr;
 162        uint32_t MxCsr_Mask;
 163        WinM128A FloatRegisters[8];
 164        WinM128A XmmRegisters[16];
 165        uint8_t Reserved4[96];
 166    } FltSave;
 167
 168    WinM128A VectorRegister[26];
 169    uint64_t VectorControl;
 170
 171    uint64_t DebugControl;
 172    uint64_t LastBranchToRip;
 173    uint64_t LastBranchFromRip;
 174    uint64_t LastExceptionToRip;
 175    uint64_t LastExceptionFromRip;
 176} QEMU_ALIGNED(16) WinContext;
 177