1 /* 2 * Windows crashdump definitions 3 * 4 * Copyright (c) 2018 Virtuozzo International GmbH 5 * 6 * This work is licensed under the terms of the GNU GPL, version 2 or later. 7 * See the COPYING file in the top-level directory. 8 * 9 */ 10 11 #ifndef QEMU_WIN_DUMP_DEFS_H 12 #define QEMU_WIN_DUMP_DEFS_H 13 14 typedef struct WinDumpPhyMemRun32 { 15 uint32_t BasePage; 16 uint32_t PageCount; 17 } QEMU_PACKED WinDumpPhyMemRun32; 18 19 typedef struct WinDumpPhyMemRun64 { 20 uint64_t BasePage; 21 uint64_t PageCount; 22 } QEMU_PACKED WinDumpPhyMemRun64; 23 24 typedef struct WinDumpPhyMemDesc32 { 25 uint32_t NumberOfRuns; 26 uint32_t NumberOfPages; 27 WinDumpPhyMemRun32 Run[86]; 28 } QEMU_PACKED WinDumpPhyMemDesc32; 29 30 typedef struct WinDumpPhyMemDesc64 { 31 uint32_t NumberOfRuns; 32 uint32_t unused; 33 uint64_t NumberOfPages; 34 WinDumpPhyMemRun64 Run[43]; 35 } QEMU_PACKED WinDumpPhyMemDesc64; 36 37 typedef struct WinDumpExceptionRecord { 38 uint32_t ExceptionCode; 39 uint32_t ExceptionFlags; 40 uint64_t ExceptionRecord; 41 uint64_t ExceptionAddress; 42 uint32_t NumberParameters; 43 uint32_t unused; 44 uint64_t ExceptionInformation[15]; 45 } QEMU_PACKED WinDumpExceptionRecord; 46 47 typedef struct WinDumpHeader32 { 48 char Signature[4]; 49 char ValidDump[4]; 50 uint32_t MajorVersion; 51 uint32_t MinorVersion; 52 uint32_t DirectoryTableBase; 53 uint32_t PfnDatabase; 54 uint32_t PsLoadedModuleList; 55 uint32_t PsActiveProcessHead; 56 uint32_t MachineImageType; 57 uint32_t NumberProcessors; 58 union { 59 struct { 60 uint32_t BugcheckCode; 61 uint32_t BugcheckParameter1; 62 uint32_t BugcheckParameter2; 63 uint32_t BugcheckParameter3; 64 uint32_t BugcheckParameter4; 65 }; 66 uint8_t BugcheckData[20]; 67 }; 68 uint8_t VersionUser[32]; 69 uint32_t reserved0; 70 uint32_t KdDebuggerDataBlock; 71 union { 72 WinDumpPhyMemDesc32 PhysicalMemoryBlock; 73 uint8_t PhysicalMemoryBlockBuffer[700]; 74 }; 75 uint8_t reserved1[3200]; 76 uint32_t RequiredDumpSpace; 77 uint8_t reserved2[92]; 78 } QEMU_PACKED WinDumpHeader32; 79 80 typedef struct WinDumpHeader64 { 81 char Signature[4]; 82 char ValidDump[4]; 83 uint32_t MajorVersion; 84 uint32_t MinorVersion; 85 uint64_t DirectoryTableBase; 86 uint64_t PfnDatabase; 87 uint64_t PsLoadedModuleList; 88 uint64_t PsActiveProcessHead; 89 uint32_t MachineImageType; 90 uint32_t NumberProcessors; 91 union { 92 struct { 93 uint32_t BugcheckCode; 94 uint32_t unused0; 95 uint64_t BugcheckParameter1; 96 uint64_t BugcheckParameter2; 97 uint64_t BugcheckParameter3; 98 uint64_t BugcheckParameter4; 99 }; 100 uint8_t BugcheckData[40]; 101 }; 102 uint8_t VersionUser[32]; 103 uint64_t KdDebuggerDataBlock; 104 union { 105 WinDumpPhyMemDesc64 PhysicalMemoryBlock; 106 uint8_t PhysicalMemoryBlockBuffer[704]; 107 }; 108 union { 109 uint8_t ContextBuffer[3000]; 110 }; 111 WinDumpExceptionRecord Exception; 112 uint32_t DumpType; 113 uint32_t unused1; 114 uint64_t RequiredDumpSpace; 115 uint64_t SystemTime; 116 char Comment[128]; 117 uint64_t SystemUpTime; 118 uint32_t MiniDumpFields; 119 uint32_t SecondaryDataState; 120 uint32_t ProductType; 121 uint32_t SuiteMask; 122 uint32_t WriterStatus; 123 uint8_t unused2; 124 uint8_t KdSecondaryVersion; 125 uint8_t reserved[4018]; 126 } QEMU_PACKED WinDumpHeader64; 127 128 typedef union WinDumpHeader { 129 struct { 130 char Signature[4]; 131 char ValidDump[4]; 132 }; 133 WinDumpHeader32 x32; 134 WinDumpHeader64 x64; 135 } WinDumpHeader; 136 137 #define KDBG_OWNER_TAG_OFFSET64 0x10 138 #define KDBG_MM_PFN_DATABASE_OFFSET64 0xC0 139 #define KDBG_KI_BUGCHECK_DATA_OFFSET64 0x88 140 #define KDBG_KI_PROCESSOR_BLOCK_OFFSET64 0x218 141 #define KDBG_OFFSET_PRCB_CONTEXT_OFFSET64 0x338 142 143 #define KDBG_OWNER_TAG_OFFSET KDBG_OWNER_TAG_OFFSET64 144 #define KDBG_MM_PFN_DATABASE_OFFSET KDBG_MM_PFN_DATABASE_OFFSET64 145 #define KDBG_KI_BUGCHECK_DATA_OFFSET KDBG_KI_BUGCHECK_DATA_OFFSET64 146 #define KDBG_KI_PROCESSOR_BLOCK_OFFSET KDBG_KI_PROCESSOR_BLOCK_OFFSET64 147 #define KDBG_OFFSET_PRCB_CONTEXT_OFFSET KDBG_OFFSET_PRCB_CONTEXT_OFFSET64 148 149 #define VMCOREINFO_ELF_NOTE_HDR_SIZE 24 150 #define VMCOREINFO_WIN_DUMP_NOTE_SIZE64 (sizeof(WinDumpHeader64) + \ 151 VMCOREINFO_ELF_NOTE_HDR_SIZE) 152 #define VMCOREINFO_WIN_DUMP_NOTE_SIZE32 (sizeof(WinDumpHeader32) + \ 153 VMCOREINFO_ELF_NOTE_HDR_SIZE) 154 155 #define WIN_CTX_X64 0x00100000L 156 #define WIN_CTX_X86 0x00010000L 157 158 #define WIN_CTX_CTL 0x00000001L 159 #define WIN_CTX_INT 0x00000002L 160 #define WIN_CTX_SEG 0x00000004L 161 #define WIN_CTX_FP 0x00000008L 162 #define WIN_CTX_DBG 0x00000010L 163 #define WIN_CTX_EXT 0x00000020L 164 165 #define WIN_CTX64_FULL (WIN_CTX_X64 | WIN_CTX_CTL | WIN_CTX_INT | WIN_CTX_FP) 166 #define WIN_CTX64_ALL (WIN_CTX64_FULL | WIN_CTX_SEG | WIN_CTX_DBG) 167 168 #define WIN_CTX32_FULL (WIN_CTX_X86 | WIN_CTX_CTL | WIN_CTX_INT | WIN_CTX_SEG) 169 #define WIN_CTX32_ALL (WIN_CTX32_FULL | WIN_CTX_FP | WIN_CTX_DBG | WIN_CTX_EXT) 170 171 #define LIVE_SYSTEM_DUMP 0x00000161 172 173 typedef struct WinM128A { 174 uint64_t low; 175 int64_t high; 176 } QEMU_ALIGNED(16) WinM128A; 177 178 typedef struct WinContext32 { 179 uint32_t ContextFlags; 180 181 uint32_t Dr0; 182 uint32_t Dr1; 183 uint32_t Dr2; 184 uint32_t Dr3; 185 uint32_t Dr6; 186 uint32_t Dr7; 187 188 uint8_t FloatSave[112]; 189 190 uint32_t SegGs; 191 uint32_t SegFs; 192 uint32_t SegEs; 193 uint32_t SegDs; 194 195 uint32_t Edi; 196 uint32_t Esi; 197 uint32_t Ebx; 198 uint32_t Edx; 199 uint32_t Ecx; 200 uint32_t Eax; 201 202 uint32_t Ebp; 203 uint32_t Eip; 204 uint32_t SegCs; 205 uint32_t EFlags; 206 uint32_t Esp; 207 uint32_t SegSs; 208 209 uint8_t ExtendedRegisters[512]; 210 } QEMU_ALIGNED(16) WinContext32; 211 212 typedef struct WinContext64 { 213 uint64_t PHome[6]; 214 215 uint32_t ContextFlags; 216 uint32_t MxCsr; 217 218 uint16_t SegCs; 219 uint16_t SegDs; 220 uint16_t SegEs; 221 uint16_t SegFs; 222 uint16_t SegGs; 223 uint16_t SegSs; 224 uint32_t EFlags; 225 226 uint64_t Dr0; 227 uint64_t Dr1; 228 uint64_t Dr2; 229 uint64_t Dr3; 230 uint64_t Dr6; 231 uint64_t Dr7; 232 233 uint64_t Rax; 234 uint64_t Rcx; 235 uint64_t Rdx; 236 uint64_t Rbx; 237 uint64_t Rsp; 238 uint64_t Rbp; 239 uint64_t Rsi; 240 uint64_t Rdi; 241 uint64_t R8; 242 uint64_t R9; 243 uint64_t R10; 244 uint64_t R11; 245 uint64_t R12; 246 uint64_t R13; 247 uint64_t R14; 248 uint64_t R15; 249 250 uint64_t Rip; 251 252 struct { 253 uint16_t ControlWord; 254 uint16_t StatusWord; 255 uint8_t TagWord; 256 uint8_t Reserved1; 257 uint16_t ErrorOpcode; 258 uint32_t ErrorOffset; 259 uint16_t ErrorSelector; 260 uint16_t Reserved2; 261 uint32_t DataOffset; 262 uint16_t DataSelector; 263 uint16_t Reserved3; 264 uint32_t MxCsr; 265 uint32_t MxCsr_Mask; 266 WinM128A FloatRegisters[8]; 267 WinM128A XmmRegisters[16]; 268 uint8_t Reserved4[96]; 269 } FltSave; 270 271 WinM128A VectorRegister[26]; 272 uint64_t VectorControl; 273 274 uint64_t DebugControl; 275 uint64_t LastBranchToRip; 276 uint64_t LastBranchFromRip; 277 uint64_t LastExceptionToRip; 278 uint64_t LastExceptionFromRip; 279 } QEMU_ALIGNED(16) WinContext64; 280 281 typedef union WinContext { 282 WinContext32 x32; 283 WinContext64 x64; 284 } WinContext; 285 286 #endif /* QEMU_WIN_DUMP_DEFS_H */ 287