blob: 281241881ef9e6c6752463926012a92e2c1eb132 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
/*
* Windows crashdump
*
* Copyright (c) 2018 Virtuozzo International GmbH
*
* This work is licensed under the terms of the GNU GPL, version 2 or later.
* See the COPYING file in the top-level directory.
*
*/
typedef struct WinDumpPhyMemRun64 {
uint64_t BasePage;
uint64_t PageCount;
} QEMU_PACKED WinDumpPhyMemRun64;
typedef struct WinDumpPhyMemDesc64 {
uint32_t NumberOfRuns;
uint32_t unused;
uint64_t NumberOfPages;
WinDumpPhyMemRun64 Run[43];
} QEMU_PACKED WinDumpPhyMemDesc64;
typedef struct WinDumpExceptionRecord {
uint32_t ExceptionCode;
uint32_t ExceptionFlags;
uint64_t ExceptionRecord;
uint64_t ExceptionAddress;
uint32_t NumberParameters;
uint32_t unused;
uint64_t ExceptionInformation[15];
} QEMU_PACKED WinDumpExceptionRecord;
typedef struct WinDumpHeader64 {
char Signature[4];
char ValidDump[4];
uint32_t MajorVersion;
uint32_t MinorVersion;
uint64_t DirectoryTableBase;
uint64_t PfnDatabase;
uint64_t PsLoadedModuleList;
uint64_t PsActiveProcessHead;
uint32_t MachineImageType;
uint32_t NumberProcessors;
union {
struct {
uint32_t BugcheckCode;
uint32_t unused0;
uint64_t BugcheckParameter1;
uint64_t BugcheckParameter2;
uint64_t BugcheckParameter3;
uint64_t BugcheckParameter4;
};
uint8_t BugcheckData[40];
};
uint8_t VersionUser[32];
uint64_t KdDebuggerDataBlock;
union {
WinDumpPhyMemDesc64 PhysicalMemoryBlock;
uint8_t PhysicalMemoryBlockBuffer[704];
};
union {
uint8_t ContextBuffer[3000];
};
WinDumpExceptionRecord Exception;
uint32_t DumpType;
uint32_t unused1;
uint64_t RequiredDumpSpace;
uint64_t SystemTime;
char Comment[128];
uint64_t SystemUpTime;
uint32_t MiniDumpFields;
uint32_t SecondaryDataState;
uint32_t ProductType;
uint32_t SuiteMask;
uint32_t WriterStatus;
uint8_t unused2;
uint8_t KdSecondaryVersion;
uint8_t reserved[4018];
} QEMU_PACKED WinDumpHeader64;
void create_win_dump(DumpState *s, Error **errp);
#define KDBG_OWNER_TAG_OFFSET64 0x10
#define KDBG_KI_BUGCHECK_DATA_OFFSET64 0x88
#define KDBG_MM_PFN_DATABASE_OFFSET64 0xC0
#define VMCOREINFO_ELF_NOTE_HDR_SIZE 24
|