2 * Windows crashdump definitions
4 * Copyright (c) 2018 Virtuozzo International GmbH
6 * This work is licensed under the terms of the GNU GPL, version 2 or later.
7 * See the COPYING file in the top-level directory.
11 #ifndef QEMU_WIN_DUMP_DEFS_H
12 #define QEMU_WIN_DUMP_DEFS_H
14 typedef struct WinDumpPhyMemRun32
{
17 } QEMU_PACKED WinDumpPhyMemRun32
;
19 typedef struct WinDumpPhyMemRun64
{
22 } QEMU_PACKED WinDumpPhyMemRun64
;
24 typedef struct WinDumpPhyMemDesc32
{
25 uint32_t NumberOfRuns
;
26 uint32_t NumberOfPages
;
27 WinDumpPhyMemRun32 Run
[86];
28 } QEMU_PACKED WinDumpPhyMemDesc32
;
30 typedef struct WinDumpPhyMemDesc64
{
31 uint32_t NumberOfRuns
;
33 uint64_t NumberOfPages
;
34 WinDumpPhyMemRun64 Run
[43];
35 } QEMU_PACKED WinDumpPhyMemDesc64
;
37 typedef struct WinDumpExceptionRecord
{
38 uint32_t ExceptionCode
;
39 uint32_t ExceptionFlags
;
40 uint64_t ExceptionRecord
;
41 uint64_t ExceptionAddress
;
42 uint32_t NumberParameters
;
44 uint64_t ExceptionInformation
[15];
45 } QEMU_PACKED WinDumpExceptionRecord
;
47 typedef struct WinDumpHeader32
{
50 uint32_t MajorVersion
;
51 uint32_t MinorVersion
;
52 uint32_t DirectoryTableBase
;
54 uint32_t PsLoadedModuleList
;
55 uint32_t PsActiveProcessHead
;
56 uint32_t MachineImageType
;
57 uint32_t NumberProcessors
;
60 uint32_t BugcheckCode
;
61 uint32_t BugcheckParameter1
;
62 uint32_t BugcheckParameter2
;
63 uint32_t BugcheckParameter3
;
64 uint32_t BugcheckParameter4
;
66 uint8_t BugcheckData
[20];
68 uint8_t VersionUser
[32];
70 uint32_t KdDebuggerDataBlock
;
72 WinDumpPhyMemDesc32 PhysicalMemoryBlock
;
73 uint8_t PhysicalMemoryBlockBuffer
[700];
75 uint8_t reserved1
[3200];
76 uint32_t RequiredDumpSpace
;
77 uint8_t reserved2
[92];
78 } QEMU_PACKED WinDumpHeader32
;
80 typedef struct WinDumpHeader64
{
83 uint32_t MajorVersion
;
84 uint32_t MinorVersion
;
85 uint64_t DirectoryTableBase
;
87 uint64_t PsLoadedModuleList
;
88 uint64_t PsActiveProcessHead
;
89 uint32_t MachineImageType
;
90 uint32_t NumberProcessors
;
93 uint32_t BugcheckCode
;
95 uint64_t BugcheckParameter1
;
96 uint64_t BugcheckParameter2
;
97 uint64_t BugcheckParameter3
;
98 uint64_t BugcheckParameter4
;
100 uint8_t BugcheckData
[40];
102 uint8_t VersionUser
[32];
103 uint64_t KdDebuggerDataBlock
;
105 WinDumpPhyMemDesc64 PhysicalMemoryBlock
;
106 uint8_t PhysicalMemoryBlockBuffer
[704];
109 uint8_t ContextBuffer
[3000];
111 WinDumpExceptionRecord Exception
;
114 uint64_t RequiredDumpSpace
;
117 uint64_t SystemUpTime
;
118 uint32_t MiniDumpFields
;
119 uint32_t SecondaryDataState
;
120 uint32_t ProductType
;
122 uint32_t WriterStatus
;
124 uint8_t KdSecondaryVersion
;
125 uint8_t reserved
[4018];
126 } QEMU_PACKED WinDumpHeader64
;
128 typedef union WinDumpHeader
{
137 #define KDBG_OWNER_TAG_OFFSET64 0x10
138 #define KDBG_MM_PFN_DATABASE_OFFSET64 0xC0
139 #define KDBG_KI_BUGCHECK_DATA_OFFSET64 0x88
140 #define KDBG_KI_PROCESSOR_BLOCK_OFFSET64 0x218
141 #define KDBG_OFFSET_PRCB_CONTEXT_OFFSET64 0x338
143 #define KDBG_OWNER_TAG_OFFSET KDBG_OWNER_TAG_OFFSET64
144 #define KDBG_MM_PFN_DATABASE_OFFSET KDBG_MM_PFN_DATABASE_OFFSET64
145 #define KDBG_KI_BUGCHECK_DATA_OFFSET KDBG_KI_BUGCHECK_DATA_OFFSET64
146 #define KDBG_KI_PROCESSOR_BLOCK_OFFSET KDBG_KI_PROCESSOR_BLOCK_OFFSET64
147 #define KDBG_OFFSET_PRCB_CONTEXT_OFFSET KDBG_OFFSET_PRCB_CONTEXT_OFFSET64
149 #define VMCOREINFO_ELF_NOTE_HDR_SIZE 24
150 #define VMCOREINFO_WIN_DUMP_NOTE_SIZE64 (sizeof(WinDumpHeader64) + \
151 VMCOREINFO_ELF_NOTE_HDR_SIZE)
152 #define VMCOREINFO_WIN_DUMP_NOTE_SIZE32 (sizeof(WinDumpHeader32) + \
153 VMCOREINFO_ELF_NOTE_HDR_SIZE)
155 #define WIN_CTX_X64 0x00100000L
156 #define WIN_CTX_X86 0x00010000L
158 #define WIN_CTX_CTL 0x00000001L
159 #define WIN_CTX_INT 0x00000002L
160 #define WIN_CTX_SEG 0x00000004L
161 #define WIN_CTX_FP 0x00000008L
162 #define WIN_CTX_DBG 0x00000010L
163 #define WIN_CTX_EXT 0x00000020L
165 #define WIN_CTX64_FULL (WIN_CTX_X64 | WIN_CTX_CTL | WIN_CTX_INT | WIN_CTX_FP)
166 #define WIN_CTX64_ALL (WIN_CTX64_FULL | WIN_CTX_SEG | WIN_CTX_DBG)
168 #define WIN_CTX32_FULL (WIN_CTX_X86 | WIN_CTX_CTL | WIN_CTX_INT | WIN_CTX_SEG)
169 #define WIN_CTX32_ALL (WIN_CTX32_FULL | WIN_CTX_FP | WIN_CTX_DBG | WIN_CTX_EXT)
171 #define LIVE_SYSTEM_DUMP 0x00000161
173 typedef struct WinM128A
{
176 } QEMU_ALIGNED(16) WinM128A
;
178 typedef struct WinContext32
{
179 uint32_t ContextFlags
;
188 uint8_t FloatSave
[112];
209 uint8_t ExtendedRegisters
[512];
210 } QEMU_ALIGNED(16) WinContext32
;
212 typedef struct WinContext64
{
215 uint32_t ContextFlags
;
253 uint16_t ControlWord
;
257 uint16_t ErrorOpcode
;
258 uint32_t ErrorOffset
;
259 uint16_t ErrorSelector
;
262 uint16_t DataSelector
;
266 WinM128A FloatRegisters
[8];
267 WinM128A XmmRegisters
[16];
268 uint8_t Reserved4
[96];
271 WinM128A VectorRegister
[26];
272 uint64_t VectorControl
;
274 uint64_t DebugControl
;
275 uint64_t LastBranchToRip
;
276 uint64_t LastBranchFromRip
;
277 uint64_t LastExceptionToRip
;
278 uint64_t LastExceptionFromRip
;
279 } QEMU_ALIGNED(16) WinContext64
;
281 typedef union WinContext
{
286 #endif /* QEMU_WIN_DUMP_DEFS_H */