2 * Windows crashdump definitions
4 * Copyright (c) 2018 Virtuozzo International GmbH
6 * This work is licensed under the terms of the GNU GPL, version 2 or later.
7 * See the COPYING file in the top-level directory.
11 #ifndef QEMU_WIN_DUMP_DEFS_H
12 #define QEMU_WIN_DUMP_DEFS_H
14 typedef struct WinDumpPhyMemRun64
{
17 } QEMU_PACKED WinDumpPhyMemRun64
;
19 typedef struct WinDumpPhyMemDesc64
{
20 uint32_t NumberOfRuns
;
22 uint64_t NumberOfPages
;
23 WinDumpPhyMemRun64 Run
[43];
24 } QEMU_PACKED WinDumpPhyMemDesc64
;
26 typedef struct WinDumpExceptionRecord
{
27 uint32_t ExceptionCode
;
28 uint32_t ExceptionFlags
;
29 uint64_t ExceptionRecord
;
30 uint64_t ExceptionAddress
;
31 uint32_t NumberParameters
;
33 uint64_t ExceptionInformation
[15];
34 } QEMU_PACKED WinDumpExceptionRecord
;
36 typedef struct WinDumpHeader64
{
39 uint32_t MajorVersion
;
40 uint32_t MinorVersion
;
41 uint64_t DirectoryTableBase
;
43 uint64_t PsLoadedModuleList
;
44 uint64_t PsActiveProcessHead
;
45 uint32_t MachineImageType
;
46 uint32_t NumberProcessors
;
49 uint32_t BugcheckCode
;
51 uint64_t BugcheckParameter1
;
52 uint64_t BugcheckParameter2
;
53 uint64_t BugcheckParameter3
;
54 uint64_t BugcheckParameter4
;
56 uint8_t BugcheckData
[40];
58 uint8_t VersionUser
[32];
59 uint64_t KdDebuggerDataBlock
;
61 WinDumpPhyMemDesc64 PhysicalMemoryBlock
;
62 uint8_t PhysicalMemoryBlockBuffer
[704];
65 uint8_t ContextBuffer
[3000];
67 WinDumpExceptionRecord Exception
;
70 uint64_t RequiredDumpSpace
;
73 uint64_t SystemUpTime
;
74 uint32_t MiniDumpFields
;
75 uint32_t SecondaryDataState
;
78 uint32_t WriterStatus
;
80 uint8_t KdSecondaryVersion
;
81 uint8_t reserved
[4018];
82 } QEMU_PACKED WinDumpHeader64
;
84 #define KDBG_OWNER_TAG_OFFSET64 0x10
85 #define KDBG_MM_PFN_DATABASE_OFFSET64 0xC0
86 #define KDBG_KI_BUGCHECK_DATA_OFFSET64 0x88
87 #define KDBG_KI_PROCESSOR_BLOCK_OFFSET64 0x218
88 #define KDBG_OFFSET_PRCB_CONTEXT_OFFSET64 0x338
90 #define VMCOREINFO_ELF_NOTE_HDR_SIZE 24
92 #define WIN_CTX_X64 0x00100000L
94 #define WIN_CTX_CTL 0x00000001L
95 #define WIN_CTX_INT 0x00000002L
96 #define WIN_CTX_SEG 0x00000004L
97 #define WIN_CTX_FP 0x00000008L
98 #define WIN_CTX_DBG 0x00000010L
100 #define WIN_CTX_FULL (WIN_CTX_X64 | WIN_CTX_CTL | WIN_CTX_INT | WIN_CTX_FP)
101 #define WIN_CTX_ALL (WIN_CTX_FULL | WIN_CTX_SEG | WIN_CTX_DBG)
103 #define LIVE_SYSTEM_DUMP 0x00000161
105 typedef struct WinM128A
{
108 } QEMU_ALIGNED(16) WinM128A
;
110 typedef struct WinContext
{
113 uint32_t ContextFlags
;
151 uint16_t ControlWord
;
155 uint16_t ErrorOpcode
;
156 uint32_t ErrorOffset
;
157 uint16_t ErrorSelector
;
160 uint16_t DataSelector
;
164 WinM128A FloatRegisters
[8];
165 WinM128A XmmRegisters
[16];
166 uint8_t Reserved4
[96];
169 WinM128A VectorRegister
[26];
170 uint64_t VectorControl
;
172 uint64_t DebugControl
;
173 uint64_t LastBranchToRip
;
174 uint64_t LastBranchFromRip
;
175 uint64_t LastExceptionToRip
;
176 uint64_t LastExceptionFromRip
;
177 } QEMU_ALIGNED(16) WinContext
;
179 #endif /* QEMU_WIN_DUMP_DEFS_H */