1a52fbc37SViktor Prutyanov /* 2a52fbc37SViktor Prutyanov * Windows crashdump definitions 3a52fbc37SViktor Prutyanov * 4a52fbc37SViktor Prutyanov * Copyright (c) 2018 Virtuozzo International GmbH 5a52fbc37SViktor Prutyanov * 6a52fbc37SViktor Prutyanov * This work is licensed under the terms of the GNU GPL, version 2 or later. 7a52fbc37SViktor Prutyanov * See the COPYING file in the top-level directory. 8a52fbc37SViktor Prutyanov * 9a52fbc37SViktor Prutyanov */ 10a52fbc37SViktor Prutyanov 11a52fbc37SViktor Prutyanov #ifndef QEMU_WIN_DUMP_DEFS_H 12a52fbc37SViktor Prutyanov #define QEMU_WIN_DUMP_DEFS_H 13a52fbc37SViktor Prutyanov 14*c4fe3092SViktor Prutyanov typedef struct WinDumpPhyMemRun32 { 15*c4fe3092SViktor Prutyanov uint32_t BasePage; 16*c4fe3092SViktor Prutyanov uint32_t PageCount; 17*c4fe3092SViktor Prutyanov } QEMU_PACKED WinDumpPhyMemRun32; 18*c4fe3092SViktor Prutyanov 19a52fbc37SViktor Prutyanov typedef struct WinDumpPhyMemRun64 { 20a52fbc37SViktor Prutyanov uint64_t BasePage; 21a52fbc37SViktor Prutyanov uint64_t PageCount; 22a52fbc37SViktor Prutyanov } QEMU_PACKED WinDumpPhyMemRun64; 23a52fbc37SViktor Prutyanov 24*c4fe3092SViktor Prutyanov typedef struct WinDumpPhyMemDesc32 { 25*c4fe3092SViktor Prutyanov uint32_t NumberOfRuns; 26*c4fe3092SViktor Prutyanov uint32_t NumberOfPages; 27*c4fe3092SViktor Prutyanov WinDumpPhyMemRun32 Run[86]; 28*c4fe3092SViktor Prutyanov } QEMU_PACKED WinDumpPhyMemDesc32; 29*c4fe3092SViktor Prutyanov 30a52fbc37SViktor Prutyanov typedef struct WinDumpPhyMemDesc64 { 31a52fbc37SViktor Prutyanov uint32_t NumberOfRuns; 32a52fbc37SViktor Prutyanov uint32_t unused; 33a52fbc37SViktor Prutyanov uint64_t NumberOfPages; 34a52fbc37SViktor Prutyanov WinDumpPhyMemRun64 Run[43]; 35a52fbc37SViktor Prutyanov } QEMU_PACKED WinDumpPhyMemDesc64; 36a52fbc37SViktor Prutyanov 37a52fbc37SViktor Prutyanov typedef struct WinDumpExceptionRecord { 38a52fbc37SViktor Prutyanov uint32_t ExceptionCode; 39a52fbc37SViktor Prutyanov uint32_t ExceptionFlags; 40a52fbc37SViktor Prutyanov uint64_t ExceptionRecord; 41a52fbc37SViktor Prutyanov uint64_t ExceptionAddress; 42a52fbc37SViktor Prutyanov uint32_t NumberParameters; 43a52fbc37SViktor Prutyanov uint32_t unused; 44a52fbc37SViktor Prutyanov uint64_t ExceptionInformation[15]; 45a52fbc37SViktor Prutyanov } QEMU_PACKED WinDumpExceptionRecord; 46a52fbc37SViktor Prutyanov 47*c4fe3092SViktor Prutyanov typedef struct WinDumpHeader32 { 48*c4fe3092SViktor Prutyanov char Signature[4]; 49*c4fe3092SViktor Prutyanov char ValidDump[4]; 50*c4fe3092SViktor Prutyanov uint32_t MajorVersion; 51*c4fe3092SViktor Prutyanov uint32_t MinorVersion; 52*c4fe3092SViktor Prutyanov uint32_t DirectoryTableBase; 53*c4fe3092SViktor Prutyanov uint32_t PfnDatabase; 54*c4fe3092SViktor Prutyanov uint32_t PsLoadedModuleList; 55*c4fe3092SViktor Prutyanov uint32_t PsActiveProcessHead; 56*c4fe3092SViktor Prutyanov uint32_t MachineImageType; 57*c4fe3092SViktor Prutyanov uint32_t NumberProcessors; 58*c4fe3092SViktor Prutyanov union { 59*c4fe3092SViktor Prutyanov struct { 60*c4fe3092SViktor Prutyanov uint32_t BugcheckCode; 61*c4fe3092SViktor Prutyanov uint32_t BugcheckParameter1; 62*c4fe3092SViktor Prutyanov uint32_t BugcheckParameter2; 63*c4fe3092SViktor Prutyanov uint32_t BugcheckParameter3; 64*c4fe3092SViktor Prutyanov uint32_t BugcheckParameter4; 65*c4fe3092SViktor Prutyanov }; 66*c4fe3092SViktor Prutyanov uint8_t BugcheckData[20]; 67*c4fe3092SViktor Prutyanov }; 68*c4fe3092SViktor Prutyanov uint8_t VersionUser[32]; 69*c4fe3092SViktor Prutyanov uint32_t reserved0; 70*c4fe3092SViktor Prutyanov uint32_t KdDebuggerDataBlock; 71*c4fe3092SViktor Prutyanov union { 72*c4fe3092SViktor Prutyanov WinDumpPhyMemDesc32 PhysicalMemoryBlock; 73*c4fe3092SViktor Prutyanov uint8_t PhysicalMemoryBlockBuffer[700]; 74*c4fe3092SViktor Prutyanov }; 75*c4fe3092SViktor Prutyanov uint8_t reserved1[3200]; 76*c4fe3092SViktor Prutyanov uint32_t RequiredDumpSpace; 77*c4fe3092SViktor Prutyanov uint8_t reserved2[92]; 78*c4fe3092SViktor Prutyanov } QEMU_PACKED WinDumpHeader32; 79*c4fe3092SViktor Prutyanov 80a52fbc37SViktor Prutyanov typedef struct WinDumpHeader64 { 81a52fbc37SViktor Prutyanov char Signature[4]; 82a52fbc37SViktor Prutyanov char ValidDump[4]; 83a52fbc37SViktor Prutyanov uint32_t MajorVersion; 84a52fbc37SViktor Prutyanov uint32_t MinorVersion; 85a52fbc37SViktor Prutyanov uint64_t DirectoryTableBase; 86a52fbc37SViktor Prutyanov uint64_t PfnDatabase; 87a52fbc37SViktor Prutyanov uint64_t PsLoadedModuleList; 88a52fbc37SViktor Prutyanov uint64_t PsActiveProcessHead; 89a52fbc37SViktor Prutyanov uint32_t MachineImageType; 90a52fbc37SViktor Prutyanov uint32_t NumberProcessors; 91a52fbc37SViktor Prutyanov union { 92a52fbc37SViktor Prutyanov struct { 93a52fbc37SViktor Prutyanov uint32_t BugcheckCode; 94a52fbc37SViktor Prutyanov uint32_t unused0; 95a52fbc37SViktor Prutyanov uint64_t BugcheckParameter1; 96a52fbc37SViktor Prutyanov uint64_t BugcheckParameter2; 97a52fbc37SViktor Prutyanov uint64_t BugcheckParameter3; 98a52fbc37SViktor Prutyanov uint64_t BugcheckParameter4; 99a52fbc37SViktor Prutyanov }; 100a52fbc37SViktor Prutyanov uint8_t BugcheckData[40]; 101a52fbc37SViktor Prutyanov }; 102a52fbc37SViktor Prutyanov uint8_t VersionUser[32]; 103a52fbc37SViktor Prutyanov uint64_t KdDebuggerDataBlock; 104a52fbc37SViktor Prutyanov union { 105a52fbc37SViktor Prutyanov WinDumpPhyMemDesc64 PhysicalMemoryBlock; 106a52fbc37SViktor Prutyanov uint8_t PhysicalMemoryBlockBuffer[704]; 107a52fbc37SViktor Prutyanov }; 108a52fbc37SViktor Prutyanov union { 109a52fbc37SViktor Prutyanov uint8_t ContextBuffer[3000]; 110a52fbc37SViktor Prutyanov }; 111a52fbc37SViktor Prutyanov WinDumpExceptionRecord Exception; 112a52fbc37SViktor Prutyanov uint32_t DumpType; 113a52fbc37SViktor Prutyanov uint32_t unused1; 114a52fbc37SViktor Prutyanov uint64_t RequiredDumpSpace; 115a52fbc37SViktor Prutyanov uint64_t SystemTime; 116a52fbc37SViktor Prutyanov char Comment[128]; 117a52fbc37SViktor Prutyanov uint64_t SystemUpTime; 118a52fbc37SViktor Prutyanov uint32_t MiniDumpFields; 119a52fbc37SViktor Prutyanov uint32_t SecondaryDataState; 120a52fbc37SViktor Prutyanov uint32_t ProductType; 121a52fbc37SViktor Prutyanov uint32_t SuiteMask; 122a52fbc37SViktor Prutyanov uint32_t WriterStatus; 123a52fbc37SViktor Prutyanov uint8_t unused2; 124a52fbc37SViktor Prutyanov uint8_t KdSecondaryVersion; 125a52fbc37SViktor Prutyanov uint8_t reserved[4018]; 126a52fbc37SViktor Prutyanov } QEMU_PACKED WinDumpHeader64; 127a52fbc37SViktor Prutyanov 128*c4fe3092SViktor Prutyanov typedef union WinDumpHeader { 129*c4fe3092SViktor Prutyanov struct { 130*c4fe3092SViktor Prutyanov char Signature[4]; 131*c4fe3092SViktor Prutyanov char ValidDump[4]; 132*c4fe3092SViktor Prutyanov }; 133*c4fe3092SViktor Prutyanov WinDumpHeader32 x32; 134*c4fe3092SViktor Prutyanov WinDumpHeader64 x64; 135*c4fe3092SViktor Prutyanov } WinDumpHeader; 136*c4fe3092SViktor Prutyanov 137a52fbc37SViktor Prutyanov #define KDBG_OWNER_TAG_OFFSET64 0x10 138a52fbc37SViktor Prutyanov #define KDBG_MM_PFN_DATABASE_OFFSET64 0xC0 139a52fbc37SViktor Prutyanov #define KDBG_KI_BUGCHECK_DATA_OFFSET64 0x88 140a52fbc37SViktor Prutyanov #define KDBG_KI_PROCESSOR_BLOCK_OFFSET64 0x218 141a52fbc37SViktor Prutyanov #define KDBG_OFFSET_PRCB_CONTEXT_OFFSET64 0x338 142a52fbc37SViktor Prutyanov 143*c4fe3092SViktor Prutyanov #define KDBG_OWNER_TAG_OFFSET KDBG_OWNER_TAG_OFFSET64 144*c4fe3092SViktor Prutyanov #define KDBG_MM_PFN_DATABASE_OFFSET KDBG_MM_PFN_DATABASE_OFFSET64 145*c4fe3092SViktor Prutyanov #define KDBG_KI_BUGCHECK_DATA_OFFSET KDBG_KI_BUGCHECK_DATA_OFFSET64 146*c4fe3092SViktor Prutyanov #define KDBG_KI_PROCESSOR_BLOCK_OFFSET KDBG_KI_PROCESSOR_BLOCK_OFFSET64 147*c4fe3092SViktor Prutyanov #define KDBG_OFFSET_PRCB_CONTEXT_OFFSET KDBG_OFFSET_PRCB_CONTEXT_OFFSET64 148*c4fe3092SViktor Prutyanov 149a52fbc37SViktor Prutyanov #define VMCOREINFO_ELF_NOTE_HDR_SIZE 24 150*c4fe3092SViktor Prutyanov #define VMCOREINFO_WIN_DUMP_NOTE_SIZE64 (sizeof(WinDumpHeader64) + \ 151*c4fe3092SViktor Prutyanov VMCOREINFO_ELF_NOTE_HDR_SIZE) 152*c4fe3092SViktor Prutyanov #define VMCOREINFO_WIN_DUMP_NOTE_SIZE32 (sizeof(WinDumpHeader32) + \ 153*c4fe3092SViktor Prutyanov VMCOREINFO_ELF_NOTE_HDR_SIZE) 154a52fbc37SViktor Prutyanov 155a52fbc37SViktor Prutyanov #define WIN_CTX_X64 0x00100000L 156*c4fe3092SViktor Prutyanov #define WIN_CTX_X86 0x00010000L 157a52fbc37SViktor Prutyanov 158a52fbc37SViktor Prutyanov #define WIN_CTX_CTL 0x00000001L 159a52fbc37SViktor Prutyanov #define WIN_CTX_INT 0x00000002L 160a52fbc37SViktor Prutyanov #define WIN_CTX_SEG 0x00000004L 161a52fbc37SViktor Prutyanov #define WIN_CTX_FP 0x00000008L 162a52fbc37SViktor Prutyanov #define WIN_CTX_DBG 0x00000010L 163*c4fe3092SViktor Prutyanov #define WIN_CTX_EXT 0x00000020L 164a52fbc37SViktor Prutyanov 165a64b4e17SViktor Prutyanov #define WIN_CTX64_FULL (WIN_CTX_X64 | WIN_CTX_CTL | WIN_CTX_INT | WIN_CTX_FP) 166a64b4e17SViktor Prutyanov #define WIN_CTX64_ALL (WIN_CTX64_FULL | WIN_CTX_SEG | WIN_CTX_DBG) 167a52fbc37SViktor Prutyanov 168*c4fe3092SViktor Prutyanov #define WIN_CTX32_FULL (WIN_CTX_X86 | WIN_CTX_CTL | WIN_CTX_INT | WIN_CTX_SEG) 169*c4fe3092SViktor Prutyanov #define WIN_CTX32_ALL (WIN_CTX32_FULL | WIN_CTX_FP | WIN_CTX_DBG | WIN_CTX_EXT) 170*c4fe3092SViktor Prutyanov 171a52fbc37SViktor Prutyanov #define LIVE_SYSTEM_DUMP 0x00000161 172a52fbc37SViktor Prutyanov 173a52fbc37SViktor Prutyanov typedef struct WinM128A { 174a52fbc37SViktor Prutyanov uint64_t low; 175a52fbc37SViktor Prutyanov int64_t high; 176a52fbc37SViktor Prutyanov } QEMU_ALIGNED(16) WinM128A; 177a52fbc37SViktor Prutyanov 178*c4fe3092SViktor Prutyanov typedef struct WinContext32 { 179*c4fe3092SViktor Prutyanov uint32_t ContextFlags; 180*c4fe3092SViktor Prutyanov 181*c4fe3092SViktor Prutyanov uint32_t Dr0; 182*c4fe3092SViktor Prutyanov uint32_t Dr1; 183*c4fe3092SViktor Prutyanov uint32_t Dr2; 184*c4fe3092SViktor Prutyanov uint32_t Dr3; 185*c4fe3092SViktor Prutyanov uint32_t Dr6; 186*c4fe3092SViktor Prutyanov uint32_t Dr7; 187*c4fe3092SViktor Prutyanov 188*c4fe3092SViktor Prutyanov uint8_t FloatSave[112]; 189*c4fe3092SViktor Prutyanov 190*c4fe3092SViktor Prutyanov uint32_t SegGs; 191*c4fe3092SViktor Prutyanov uint32_t SegFs; 192*c4fe3092SViktor Prutyanov uint32_t SegEs; 193*c4fe3092SViktor Prutyanov uint32_t SegDs; 194*c4fe3092SViktor Prutyanov 195*c4fe3092SViktor Prutyanov uint32_t Edi; 196*c4fe3092SViktor Prutyanov uint32_t Esi; 197*c4fe3092SViktor Prutyanov uint32_t Ebx; 198*c4fe3092SViktor Prutyanov uint32_t Edx; 199*c4fe3092SViktor Prutyanov uint32_t Ecx; 200*c4fe3092SViktor Prutyanov uint32_t Eax; 201*c4fe3092SViktor Prutyanov 202*c4fe3092SViktor Prutyanov uint32_t Ebp; 203*c4fe3092SViktor Prutyanov uint32_t Eip; 204*c4fe3092SViktor Prutyanov uint32_t SegCs; 205*c4fe3092SViktor Prutyanov uint32_t EFlags; 206*c4fe3092SViktor Prutyanov uint32_t Esp; 207*c4fe3092SViktor Prutyanov uint32_t SegSs; 208*c4fe3092SViktor Prutyanov 209*c4fe3092SViktor Prutyanov uint8_t ExtendedRegisters[512]; 210*c4fe3092SViktor Prutyanov } QEMU_ALIGNED(16) WinContext32; 211*c4fe3092SViktor Prutyanov 212a64b4e17SViktor Prutyanov typedef struct WinContext64 { 213a52fbc37SViktor Prutyanov uint64_t PHome[6]; 214a52fbc37SViktor Prutyanov 215a52fbc37SViktor Prutyanov uint32_t ContextFlags; 216a52fbc37SViktor Prutyanov uint32_t MxCsr; 217a52fbc37SViktor Prutyanov 218a52fbc37SViktor Prutyanov uint16_t SegCs; 219a52fbc37SViktor Prutyanov uint16_t SegDs; 220a52fbc37SViktor Prutyanov uint16_t SegEs; 221a52fbc37SViktor Prutyanov uint16_t SegFs; 222a52fbc37SViktor Prutyanov uint16_t SegGs; 223a52fbc37SViktor Prutyanov uint16_t SegSs; 224a52fbc37SViktor Prutyanov uint32_t EFlags; 225a52fbc37SViktor Prutyanov 226a52fbc37SViktor Prutyanov uint64_t Dr0; 227a52fbc37SViktor Prutyanov uint64_t Dr1; 228a52fbc37SViktor Prutyanov uint64_t Dr2; 229a52fbc37SViktor Prutyanov uint64_t Dr3; 230a52fbc37SViktor Prutyanov uint64_t Dr6; 231a52fbc37SViktor Prutyanov uint64_t Dr7; 232a52fbc37SViktor Prutyanov 233a52fbc37SViktor Prutyanov uint64_t Rax; 234a52fbc37SViktor Prutyanov uint64_t Rcx; 235a52fbc37SViktor Prutyanov uint64_t Rdx; 236a52fbc37SViktor Prutyanov uint64_t Rbx; 237a52fbc37SViktor Prutyanov uint64_t Rsp; 238a52fbc37SViktor Prutyanov uint64_t Rbp; 239a52fbc37SViktor Prutyanov uint64_t Rsi; 240a52fbc37SViktor Prutyanov uint64_t Rdi; 241a52fbc37SViktor Prutyanov uint64_t R8; 242a52fbc37SViktor Prutyanov uint64_t R9; 243a52fbc37SViktor Prutyanov uint64_t R10; 244a52fbc37SViktor Prutyanov uint64_t R11; 245a52fbc37SViktor Prutyanov uint64_t R12; 246a52fbc37SViktor Prutyanov uint64_t R13; 247a52fbc37SViktor Prutyanov uint64_t R14; 248a52fbc37SViktor Prutyanov uint64_t R15; 249a52fbc37SViktor Prutyanov 250a52fbc37SViktor Prutyanov uint64_t Rip; 251a52fbc37SViktor Prutyanov 252a52fbc37SViktor Prutyanov struct { 253a52fbc37SViktor Prutyanov uint16_t ControlWord; 254a52fbc37SViktor Prutyanov uint16_t StatusWord; 255a52fbc37SViktor Prutyanov uint8_t TagWord; 256a52fbc37SViktor Prutyanov uint8_t Reserved1; 257a52fbc37SViktor Prutyanov uint16_t ErrorOpcode; 258a52fbc37SViktor Prutyanov uint32_t ErrorOffset; 259a52fbc37SViktor Prutyanov uint16_t ErrorSelector; 260a52fbc37SViktor Prutyanov uint16_t Reserved2; 261a52fbc37SViktor Prutyanov uint32_t DataOffset; 262a52fbc37SViktor Prutyanov uint16_t DataSelector; 263a52fbc37SViktor Prutyanov uint16_t Reserved3; 264a52fbc37SViktor Prutyanov uint32_t MxCsr; 265a52fbc37SViktor Prutyanov uint32_t MxCsr_Mask; 266a52fbc37SViktor Prutyanov WinM128A FloatRegisters[8]; 267a52fbc37SViktor Prutyanov WinM128A XmmRegisters[16]; 268a52fbc37SViktor Prutyanov uint8_t Reserved4[96]; 269a52fbc37SViktor Prutyanov } FltSave; 270a52fbc37SViktor Prutyanov 271a52fbc37SViktor Prutyanov WinM128A VectorRegister[26]; 272a52fbc37SViktor Prutyanov uint64_t VectorControl; 273a52fbc37SViktor Prutyanov 274a52fbc37SViktor Prutyanov uint64_t DebugControl; 275a52fbc37SViktor Prutyanov uint64_t LastBranchToRip; 276a52fbc37SViktor Prutyanov uint64_t LastBranchFromRip; 277a52fbc37SViktor Prutyanov uint64_t LastExceptionToRip; 278a52fbc37SViktor Prutyanov uint64_t LastExceptionFromRip; 279a64b4e17SViktor Prutyanov } QEMU_ALIGNED(16) WinContext64; 280a52fbc37SViktor Prutyanov 281*c4fe3092SViktor Prutyanov typedef union WinContext { 282*c4fe3092SViktor Prutyanov WinContext32 x32; 283*c4fe3092SViktor Prutyanov WinContext64 x64; 284*c4fe3092SViktor Prutyanov } WinContext; 285*c4fe3092SViktor Prutyanov 286a52fbc37SViktor Prutyanov #endif /* QEMU_WIN_DUMP_DEFS_H */ 287