/* * Windows crashdump definitions * * Copyright (c) 2018 Virtuozzo International GmbH * * This work is licensed under the terms of the GNU GPL, version 2 or later. * See the COPYING file in the top-level directory. * */ #ifndef QEMU_WIN_DUMP_DEFS_H #define QEMU_WIN_DUMP_DEFS_H typedef struct WinDumpPhyMemRun32 { uint32_t BasePage; uint32_t PageCount; } QEMU_PACKED WinDumpPhyMemRun32; typedef struct WinDumpPhyMemRun64 { uint64_t BasePage; uint64_t PageCount; } QEMU_PACKED WinDumpPhyMemRun64; typedef struct WinDumpPhyMemDesc32 { uint32_t NumberOfRuns; uint32_t NumberOfPages; WinDumpPhyMemRun32 Run[86]; } QEMU_PACKED WinDumpPhyMemDesc32; typedef struct WinDumpPhyMemDesc64 { uint32_t NumberOfRuns; uint32_t unused; uint64_t NumberOfPages; WinDumpPhyMemRun64 Run[43]; } QEMU_PACKED WinDumpPhyMemDesc64; typedef struct WinDumpExceptionRecord { uint32_t ExceptionCode; uint32_t ExceptionFlags; uint64_t ExceptionRecord; uint64_t ExceptionAddress; uint32_t NumberParameters; uint32_t unused; uint64_t ExceptionInformation[15]; } QEMU_PACKED WinDumpExceptionRecord; typedef struct WinDumpHeader32 { char Signature[4]; char ValidDump[4]; uint32_t MajorVersion; uint32_t MinorVersion; uint32_t DirectoryTableBase; uint32_t PfnDatabase; uint32_t PsLoadedModuleList; uint32_t PsActiveProcessHead; uint32_t MachineImageType; uint32_t NumberProcessors; union { struct { uint32_t BugcheckCode; uint32_t BugcheckParameter1; uint32_t BugcheckParameter2; uint32_t BugcheckParameter3; uint32_t BugcheckParameter4; }; uint8_t BugcheckData[20]; }; uint8_t VersionUser[32]; uint32_t reserved0; uint32_t KdDebuggerDataBlock; union { WinDumpPhyMemDesc32 PhysicalMemoryBlock; uint8_t PhysicalMemoryBlockBuffer[700]; }; uint8_t reserved1[3200]; uint32_t RequiredDumpSpace; uint8_t reserved2[92]; } QEMU_PACKED WinDumpHeader32; typedef struct WinDumpHeader64 { char Signature[4]; char ValidDump[4]; uint32_t MajorVersion; uint32_t MinorVersion; uint64_t DirectoryTableBase; uint64_t PfnDatabase; uint64_t PsLoadedModuleList; uint64_t PsActiveProcessHead; uint32_t MachineImageType; uint32_t NumberProcessors; union { struct { uint32_t BugcheckCode; uint32_t unused0; uint64_t BugcheckParameter1; uint64_t BugcheckParameter2; uint64_t BugcheckParameter3; uint64_t BugcheckParameter4; }; uint8_t BugcheckData[40]; }; uint8_t VersionUser[32]; uint64_t KdDebuggerDataBlock; union { WinDumpPhyMemDesc64 PhysicalMemoryBlock; uint8_t PhysicalMemoryBlockBuffer[704]; }; union { uint8_t ContextBuffer[3000]; }; WinDumpExceptionRecord Exception; uint32_t DumpType; uint32_t unused1; uint64_t RequiredDumpSpace; uint64_t SystemTime; char Comment[128]; uint64_t SystemUpTime; uint32_t MiniDumpFields; uint32_t SecondaryDataState; uint32_t ProductType; uint32_t SuiteMask; uint32_t WriterStatus; uint8_t unused2; uint8_t KdSecondaryVersion; uint8_t reserved[4018]; } QEMU_PACKED WinDumpHeader64; typedef union WinDumpHeader { struct { char Signature[4]; char ValidDump[4]; }; WinDumpHeader32 x32; WinDumpHeader64 x64; } WinDumpHeader; #define KDBG_OWNER_TAG_OFFSET64 0x10 #define KDBG_MM_PFN_DATABASE_OFFSET64 0xC0 #define KDBG_KI_BUGCHECK_DATA_OFFSET64 0x88 #define KDBG_KI_PROCESSOR_BLOCK_OFFSET64 0x218 #define KDBG_OFFSET_PRCB_CONTEXT_OFFSET64 0x338 #define KDBG_OWNER_TAG_OFFSET KDBG_OWNER_TAG_OFFSET64 #define KDBG_MM_PFN_DATABASE_OFFSET KDBG_MM_PFN_DATABASE_OFFSET64 #define KDBG_KI_BUGCHECK_DATA_OFFSET KDBG_KI_BUGCHECK_DATA_OFFSET64 #define KDBG_KI_PROCESSOR_BLOCK_OFFSET KDBG_KI_PROCESSOR_BLOCK_OFFSET64 #define KDBG_OFFSET_PRCB_CONTEXT_OFFSET KDBG_OFFSET_PRCB_CONTEXT_OFFSET64 #define VMCOREINFO_ELF_NOTE_HDR_SIZE 24 #define VMCOREINFO_WIN_DUMP_NOTE_SIZE64 (sizeof(WinDumpHeader64) + \ VMCOREINFO_ELF_NOTE_HDR_SIZE) #define VMCOREINFO_WIN_DUMP_NOTE_SIZE32 (sizeof(WinDumpHeader32) + \ VMCOREINFO_ELF_NOTE_HDR_SIZE) #define WIN_CTX_X64 0x00100000L #define WIN_CTX_X86 0x00010000L #define WIN_CTX_CTL 0x00000001L #define WIN_CTX_INT 0x00000002L #define WIN_CTX_SEG 0x00000004L #define WIN_CTX_FP 0x00000008L #define WIN_CTX_DBG 0x00000010L #define WIN_CTX_EXT 0x00000020L #define WIN_CTX64_FULL (WIN_CTX_X64 | WIN_CTX_CTL | WIN_CTX_INT | WIN_CTX_FP) #define WIN_CTX64_ALL (WIN_CTX64_FULL | WIN_CTX_SEG | WIN_CTX_DBG) #define WIN_CTX32_FULL (WIN_CTX_X86 | WIN_CTX_CTL | WIN_CTX_INT | WIN_CTX_SEG) #define WIN_CTX32_ALL (WIN_CTX32_FULL | WIN_CTX_FP | WIN_CTX_DBG | WIN_CTX_EXT) #define LIVE_SYSTEM_DUMP 0x00000161 typedef struct WinM128A { uint64_t low; int64_t high; } QEMU_ALIGNED(16) WinM128A; typedef struct WinContext32 { uint32_t ContextFlags; uint32_t Dr0; uint32_t Dr1; uint32_t Dr2; uint32_t Dr3; uint32_t Dr6; uint32_t Dr7; uint8_t FloatSave[112]; uint32_t SegGs; uint32_t SegFs; uint32_t SegEs; uint32_t SegDs; uint32_t Edi; uint32_t Esi; uint32_t Ebx; uint32_t Edx; uint32_t Ecx; uint32_t Eax; uint32_t Ebp; uint32_t Eip; uint32_t SegCs; uint32_t EFlags; uint32_t Esp; uint32_t SegSs; uint8_t ExtendedRegisters[512]; } QEMU_ALIGNED(16) WinContext32; typedef struct WinContext64 { uint64_t PHome[6]; uint32_t ContextFlags; uint32_t MxCsr; uint16_t SegCs; uint16_t SegDs; uint16_t SegEs; uint16_t SegFs; uint16_t SegGs; uint16_t SegSs; uint32_t EFlags; uint64_t Dr0; uint64_t Dr1; uint64_t Dr2; uint64_t Dr3; uint64_t Dr6; uint64_t Dr7; uint64_t Rax; uint64_t Rcx; uint64_t Rdx; uint64_t Rbx; uint64_t Rsp; uint64_t Rbp; uint64_t Rsi; uint64_t Rdi; uint64_t R8; uint64_t R9; uint64_t R10; uint64_t R11; uint64_t R12; uint64_t R13; uint64_t R14; uint64_t R15; uint64_t Rip; struct { uint16_t ControlWord; uint16_t StatusWord; uint8_t TagWord; uint8_t Reserved1; uint16_t ErrorOpcode; uint32_t ErrorOffset; uint16_t ErrorSelector; uint16_t Reserved2; uint32_t DataOffset; uint16_t DataSelector; uint16_t Reserved3; uint32_t MxCsr; uint32_t MxCsr_Mask; WinM128A FloatRegisters[8]; WinM128A XmmRegisters[16]; uint8_t Reserved4[96]; } FltSave; WinM128A VectorRegister[26]; uint64_t VectorControl; uint64_t DebugControl; uint64_t LastBranchToRip; uint64_t LastBranchFromRip; uint64_t LastExceptionToRip; uint64_t LastExceptionFromRip; } QEMU_ALIGNED(16) WinContext64; typedef union WinContext { WinContext32 x32; WinContext64 x64; } WinContext; #endif /* QEMU_WIN_DUMP_DEFS_H */