aboutsummaryrefslogtreecommitdiff
path: root/win_dump.h
diff options
context:
space:
mode:
Diffstat (limited to 'win_dump.h')
-rw-r--r--win_dump.h166
1 files changed, 4 insertions, 162 deletions
diff --git a/win_dump.h b/win_dump.h
index f9e1faf..b8c2534 100644
--- a/win_dump.h
+++ b/win_dump.h
@@ -8,169 +8,11 @@
*
*/
-typedef struct WinDumpPhyMemRun64 {
- uint64_t BasePage;
- uint64_t PageCount;
-} QEMU_PACKED WinDumpPhyMemRun64;
+#ifndef WIN_DUMP_H
+#define WIN_DUMP_H
-typedef struct WinDumpPhyMemDesc64 {
- uint32_t NumberOfRuns;
- uint32_t unused;
- uint64_t NumberOfPages;
- WinDumpPhyMemRun64 Run[43];
-} QEMU_PACKED WinDumpPhyMemDesc64;
-
-typedef struct WinDumpExceptionRecord {
- uint32_t ExceptionCode;
- uint32_t ExceptionFlags;
- uint64_t ExceptionRecord;
- uint64_t ExceptionAddress;
- uint32_t NumberParameters;
- uint32_t unused;
- uint64_t ExceptionInformation[15];
-} QEMU_PACKED WinDumpExceptionRecord;
-
-typedef struct WinDumpHeader64 {
- char Signature[4];
- char ValidDump[4];
- uint32_t MajorVersion;
- uint32_t MinorVersion;
- uint64_t DirectoryTableBase;
- uint64_t PfnDatabase;
- uint64_t PsLoadedModuleList;
- uint64_t PsActiveProcessHead;
- uint32_t MachineImageType;
- uint32_t NumberProcessors;
- union {
- struct {
- uint32_t BugcheckCode;
- uint32_t unused0;
- uint64_t BugcheckParameter1;
- uint64_t BugcheckParameter2;
- uint64_t BugcheckParameter3;
- uint64_t BugcheckParameter4;
- };
- uint8_t BugcheckData[40];
- };
- uint8_t VersionUser[32];
- uint64_t KdDebuggerDataBlock;
- union {
- WinDumpPhyMemDesc64 PhysicalMemoryBlock;
- uint8_t PhysicalMemoryBlockBuffer[704];
- };
- union {
- uint8_t ContextBuffer[3000];
- };
- WinDumpExceptionRecord Exception;
- uint32_t DumpType;
- uint32_t unused1;
- uint64_t RequiredDumpSpace;
- uint64_t SystemTime;
- char Comment[128];
- uint64_t SystemUpTime;
- uint32_t MiniDumpFields;
- uint32_t SecondaryDataState;
- uint32_t ProductType;
- uint32_t SuiteMask;
- uint32_t WriterStatus;
- uint8_t unused2;
- uint8_t KdSecondaryVersion;
- uint8_t reserved[4018];
-} QEMU_PACKED WinDumpHeader64;
+#include "qemu/win_dump_defs.h"
void create_win_dump(DumpState *s, Error **errp);
-#define KDBG_OWNER_TAG_OFFSET64 0x10
-#define KDBG_MM_PFN_DATABASE_OFFSET64 0xC0
-#define KDBG_KI_BUGCHECK_DATA_OFFSET64 0x88
-#define KDBG_KI_PROCESSOR_BLOCK_OFFSET64 0x218
-#define KDBG_OFFSET_PRCB_CONTEXT_OFFSET64 0x338
-
-#define VMCOREINFO_ELF_NOTE_HDR_SIZE 24
-
-#define WIN_CTX_X64 0x00100000L
-
-#define WIN_CTX_CTL 0x00000001L
-#define WIN_CTX_INT 0x00000002L
-#define WIN_CTX_SEG 0x00000004L
-#define WIN_CTX_FP 0x00000008L
-#define WIN_CTX_DBG 0x00000010L
-
-#define WIN_CTX_FULL (WIN_CTX_X64 | WIN_CTX_CTL | WIN_CTX_INT | WIN_CTX_FP)
-#define WIN_CTX_ALL (WIN_CTX_FULL | WIN_CTX_SEG | WIN_CTX_DBG)
-
-#define LIVE_SYSTEM_DUMP 0x00000161
-
-typedef struct WinM128A {
- uint64_t low;
- int64_t high;
-} QEMU_ALIGNED(16) WinM128A;
-
-typedef struct WinContext {
- uint64_t PHome[6];
-
- uint32_t ContextFlags;
- uint32_t MxCsr;
-
- uint16_t SegCs;
- uint16_t SegDs;
- uint16_t SegEs;
- uint16_t SegFs;
- uint16_t SegGs;
- uint16_t SegSs;
- uint32_t EFlags;
-
- uint64_t Dr0;
- uint64_t Dr1;
- uint64_t Dr2;
- uint64_t Dr3;
- uint64_t Dr6;
- uint64_t Dr7;
-
- uint64_t Rax;
- uint64_t Rcx;
- uint64_t Rdx;
- uint64_t Rbx;
- uint64_t Rsp;
- uint64_t Rbp;
- uint64_t Rsi;
- uint64_t Rdi;
- uint64_t R8;
- uint64_t R9;
- uint64_t R10;
- uint64_t R11;
- uint64_t R12;
- uint64_t R13;
- uint64_t R14;
- uint64_t R15;
-
- uint64_t Rip;
-
- struct {
- uint16_t ControlWord;
- uint16_t StatusWord;
- uint8_t TagWord;
- uint8_t Reserved1;
- uint16_t ErrorOpcode;
- uint32_t ErrorOffset;
- uint16_t ErrorSelector;
- uint16_t Reserved2;
- uint32_t DataOffset;
- uint16_t DataSelector;
- uint16_t Reserved3;
- uint32_t MxCsr;
- uint32_t MxCsr_Mask;
- WinM128A FloatRegisters[8];
- WinM128A XmmRegisters[16];
- uint8_t Reserved4[96];
- } FltSave;
-
- WinM128A VectorRegister[26];
- uint64_t VectorControl;
-
- uint64_t DebugControl;
- uint64_t LastBranchToRip;
- uint64_t LastBranchFromRip;
- uint64_t LastExceptionToRip;
- uint64_t LastExceptionFromRip;
-} QEMU_ALIGNED(16) WinContext;
+#endif /* WIN_DUMP_H */