From nobody Wed Nov 5 16:41:02 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=virtuozzo.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1535546952162139.60569268484858; Wed, 29 Aug 2018 05:49:12 -0700 (PDT) Received: from localhost ([::1]:42946 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fuzuF-00034C-Vz for importer@patchew.org; Wed, 29 Aug 2018 08:49:08 -0400 Received: from eggs.gnu.org ([208.118.235.92]:42924) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fuzpA-00069q-UT for qemu-devel@nongnu.org; Wed, 29 Aug 2018 08:43:57 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fuznk-000315-SB for qemu-devel@nongnu.org; Wed, 29 Aug 2018 08:42:28 -0400 Received: from mail-eopbgr40138.outbound.protection.outlook.com ([40.107.4.138]:19424 helo=EUR03-DB5-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fuznk-0002zG-Fq for qemu-devel@nongnu.org; Wed, 29 Aug 2018 08:42:24 -0400 Received: from vp-pc.sw.ru (185.231.240.5) by DB7PR08MB3611.eurprd08.prod.outlook.com (2603:10a6:10:4a::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1080.17; Wed, 29 Aug 2018 12:42:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yqrgcIBrHXK+JyEyeeExLKypeExnFuxUQQE3Tjl5o0U=; b=iYEkSoVU+1V5AyCD3TIsIF/psg/O/RZ1N4S3N3+5uiW9e7RKV/HeBJDhtOvbTFnl0J0fTJJ7W6yj6qVEc9OidHSx1FDYZgVabG+825rhTg1TCk8I0I4OPAshzEVWHx1vKLUK9d3d27Mak7PCVHJIdWKz5jBl+laZELYCvBqwsdI= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=viktor.prutyanov@virtuozzo.com; From: Viktor Prutyanov To: qemu-devel@nongnu.org Date: Wed, 29 Aug 2018 15:41:24 +0300 Message-Id: <1535546488-30208-2-git-send-email-viktor.prutyanov@virtuozzo.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1535546488-30208-1-git-send-email-viktor.prutyanov@virtuozzo.com> References: <1535546488-30208-1-git-send-email-viktor.prutyanov@virtuozzo.com> MIME-Version: 1.0 X-Originating-IP: [185.231.240.5] X-ClientProxiedBy: AM5PR0102CA0003.eurprd01.prod.exchangelabs.com (2603:10a6:206::16) To DB7PR08MB3611.eurprd08.prod.outlook.com (2603:10a6:10:4a::13) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 403611d9-911a-4f26-a833-08d60dacdd3d X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:DB7PR08MB3611; X-Microsoft-Exchange-Diagnostics: 1; DB7PR08MB3611; 3:tlAn/qNkRkrwBOW8swdy8cbWE2TJ8G2STcQ+YdaYY+cX/Db0I+0Ysf8EXAHj1RppKwtxTM3Z9ZK7OU258hhTpoKPvY55RKyoM4sdhd45KEYuTbdBbAiY4WpSdqt7doCy+Bh36KoqK0sxLs+7pBBSC405WJXTsNeMR+1aAWUbo2pH9I85Dmw1YFuYYXnG+fdF2RaO2XFLwWRDrwk5MZ9Koz/00XE71Yecm1jjolpponQFQ534eYpRVPeh1Gc651jq; 25:He0kOGe+e9aMunEA00m9wLzIXIQrA/MM3yqHLpU1l3SxnzbB0xmYI6PtUKOqBftNDw91k4PEXeEVmdpLMrlUDzdTj0qND+ghP+mJKui0azpZPmABIbrXRbZNHL3WwuKzVxU8YnxFZdu2uYqMW+bcMIkGnGqwhZZMYpfE89Ek40AITTYvbIHpEAxamjXrlf+Tp89zRhD+qg/MLLTCIF3XL3fSOthC9zZCLY1Sw5SDhs5pj52E6IqiSaAMP/icuQ+uoSEe5flIdR7tr8Lgn5f0WJPRPFU/uacMy8I/K17KYwpPIBu9oUtv5M8m1fvs0HrSx7BzX6TjhkAvstr/5pWpfw==; 31:O7hA4c5jyGYde0jMoMk5QN8EkH7AtdUV1uIHwp989XFpgkPt2rqLcADMdU6VxS0EZfx/52C4PE931Kv1np2j293Jmz+1DS+nY77eAGRAlW/WSDvvNyb8gM6VL382QbDG5k3f8jyIiv4RwKrVOjnpDUmOIpjWp89YVuBttR1SRHXJ461KaYIplNrLDn/QI37gmfN7l7nfah8rNrmcvsq5niWoTKS9WhES0jpIXRnPc9U= X-MS-TrafficTypeDiagnostic: DB7PR08MB3611: X-Microsoft-Exchange-Diagnostics: 1; DB7PR08MB3611; 20:/n+TCTeWQ7tm1ODaa9c4PKgSG8rYo3db1yiQ3x8DgdxDWOz8CrY8kZbz/tHalNpZ0dxswGvERYBOhJmS2+AZvEF5d9hYUG0wA8zGlQRI/vS8PPLz38+xr48w398peTsdCOo1JFaKtYk8ECSIKFwgYiHOJ75vrblUBXZsIbZoqBzYTsfyaNIDmbcMvPqbVDGdBnI+m/2IRPi8u9Aowvmpy1c+8BxkUH/GOY7Hwf/bfZAONA7Ltuz34P4cKnUMpZjYDjQ5JgwTxyv4JU/rvRWX7EohiMZfRsxTuz1ZJcMeqo7DU19OjzBVnf3NDNHVuePojvWWHRRsy1d9e/u1Z5vz3+ujuIGlLeuxt2HNVFbE7uHS9QPwF6pAw2ilRxs7jbPl6g7KIFRVSs9SFeOLd81guREeFSS2+W9MZ9I9UbXbDk+pmV5hw6tBfsAuOxKfIqdElT//9Wxxva1DwHkxMvXrWx8X5TIfwoNTAJOwdrS6Zrv3/YilibJMUyIRCXH5+R0v; 4:EVhzaxX7ojF3r2s/d0jCBfTlPvR2n/z6CXt7RVIgS0G+Pd+MM+dTfpYU4j89e+XuwrFoqt70TEOLbQ8w7yOm0HGkIbfZakqvK0jiWs3DSVjQUdCvEWaVH6onc5Fkp6s517LrQ21CR7F5+96GPtoX20D6mewzadDU66uCYXahMcgjAdcQaSDztujP2v8yRvkoKWNllWt2lxZeWyK644r1IH7bwEk934jPgwqZBZe6HPWBTxlXMVeplwqI/dwMDtqe9RM9PtKm+ywwEqw2pCoyMQ== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(3231311)(944501410)(52105095)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123560045)(20161123564045)(201708071742011)(7699016); SRVR:DB7PR08MB3611; BCL:0; PCL:0; RULEID:; SRVR:DB7PR08MB3611; X-Forefront-PRVS: 077929D941 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(39840400004)(396003)(136003)(346002)(376002)(366004)(189003)(199004)(51416003)(97736004)(45954006)(5660300001)(105586002)(50226002)(25786009)(76176011)(4326008)(386003)(6506007)(6512007)(68736007)(53416004)(6486002)(2906002)(52116002)(69596002)(53936002)(107886003)(19627235002)(8676002)(36756003)(81156014)(48376002)(8936002)(50466002)(16586007)(956004)(81166006)(2361001)(6916009)(446003)(478600001)(2616005)(11346002)(86362001)(3846002)(486006)(26005)(186003)(316002)(16526019)(476003)(305945005)(106356001)(47776003)(66066001)(6116002)(44832011)(2351001)(7736002)(16060500001); DIR:OUT; SFP:1102; SCL:1; SRVR:DB7PR08MB3611; H:vp-pc.sw.ru; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: None (protection.outlook.com: virtuozzo.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DB7PR08MB3611; 23:gJXDp05LUrFE1++rxQczRRwcl7rFqLuaUaPf6ghr0?= =?us-ascii?Q?CUdoAea9M0NY+AokAeVmv4TfteCYwIHSpOMu1RZ66lZFcK7MUVUH8T/i3lD9?= =?us-ascii?Q?Izyte92gxeVWq6HMx+cO8Yc9RqK7RJeQRPKhlTAyQ4oEJ3nEiEoLMZLy0m6B?= =?us-ascii?Q?xkxuh1UqXNZYYwQdVv9Xe+84QhcvBkU1c+/SJN3D6ACu4OIF7+A8NtfcPJV+?= =?us-ascii?Q?STnGCYsRoWqSz5QMWyKWNcZO56r80kcqZixsONuNmKVEKINk9ba63EVtQePI?= =?us-ascii?Q?MiHgdk/EMD+ARInpnd4j+a8ZTaOoaPrtai5RM1+b6oB0KswUZ9Zu2R7y+fZ6?= =?us-ascii?Q?vk6LR5mxt5r5aZjULGEv6ZALURCzlt8kvsjfytQMhLvBtPAxwalLjz/Hj6RS?= =?us-ascii?Q?S4+9/9+Kljj8SCCgXXrLu6rKo+ARkcPR07tRHRR9LCfkVdZtB49soU65bFrS?= =?us-ascii?Q?bpc7ujVipZBiJKUjFgKT+YrQm+Y8LOkpJv00NzmzL8cFcVxOBL8WsQlewr7j?= =?us-ascii?Q?tVsKzv9P06PkeoVWhJpuoZrF79Jr+gsdQH19ERIfX5983TfdLxb0XKsyuLVB?= =?us-ascii?Q?wwWSJ99kzykyI9zjpryY3wajZacvpQkZ1uF9zLJm0qvStH/iAu+kfQYz4wgZ?= =?us-ascii?Q?LEUhxNbjsAFvStUm2aj8vNAXpULzzegxDOUeuPXEradgPiqC7/93dnpX7wx3?= =?us-ascii?Q?gJFywOWJUygZXnzloYC+VLvydMJbaqhRyTxTT0ltEroE8zZLegTSoaflPZYW?= =?us-ascii?Q?XPVg4aNMkIsQWtq2if6524LMNGQ46/OW4iLgxhn+vyjNAIDzIGYuQ0oVa93H?= =?us-ascii?Q?Yp37gss5+1j/jkjuwGGi9oubyzVbgzmqb6W2UoIqtY/lC+CH7a1dhQu3PcVN?= =?us-ascii?Q?fvZETMFmLx/mYdwfGp6Rf0eqU6Xp/JiY2hMj4kkD/gpls6LQY7z9WHUBROG7?= =?us-ascii?Q?6gkTH4bRHN1h8Omi1RpOT8fg0HhPB8oqqKMY/lrK+UCCv8uyCbEhmoOQyGUR?= =?us-ascii?Q?mB1TTitm9wYfzbU9e3g2NEcajJOXSAKQGtmUjC6m2yXJ+M172dot4hmxwFBu?= =?us-ascii?Q?28NYRMXCm37l4OPIWmydh7oErVXThXCA/DdYP96LM+gvneceYgq8dQhirb7O?= =?us-ascii?Q?r3w0EyhK+uXVgph4kPgAD39YIyQpH4lEkXF1z9iBjTcULriiGzlym9JHfDHg?= =?us-ascii?Q?T9YsUctSs4hJmsk43IrS00GcSdU4fisVEP6MpZI2P4vYT+0qVefynk0xhaNU?= =?us-ascii?Q?yJj++GjKT7fUimI94g3abRkwtbfbqCqO7kIq1N82VL/VynKM0dr8ShGIHeo8?= =?us-ascii?Q?3RrPLF2t7ZQXSWzhpU03ocKoquozekMfxIqLEgIJMNv/T2NwUlpaP1DhkD33?= =?us-ascii?Q?jgoAg=3D=3D?= X-Microsoft-Antispam-Message-Info: 9KzP8A7QplLADmy28vCbmhXsYh9iNbVRdxMxRv0RKc+xk9ZD0F1Dpm5ItE7ksOfn6T2qT/IopAgPbHXh0CfeeB+oj7iO7BqfwaYIqG1lVLDveg00akkJgtu6Env0B2fUGbZXkBS6qDDX4bpDkM38Oslb/6xswfyZRtwq6tFQTeMiNV74CqLj1gi3HAUaAsFlLrHZl4Hk4enf9R4zXw5eaCYNPN5SWRLvz8m1WPBkVwshmITOQlOmTkKuR+x+7xcxXLzDcsBX7lkMdB1H8lL89IuXSQ8ZzvM9k9AXilOMIoGgZpX59QDoOsbOPiqu/Ja3ud8MCzhqTToInoOFAMSB9pabCnzH6R3Gw0+l7u4Yby0= X-Microsoft-Exchange-Diagnostics: 1; DB7PR08MB3611; 6:URjSwbD9WtLSZ4oiFaG98JLnhm4ghaN0qzQja+9VzWdF6uY0TfWE3ztbkdbxT4pNPEGpciJP7/S38pVrn6mzsLX0/OW5oDoZf24EhlEyGeUURvf+7A5Egn9/UITEGSnjJBnrA0C1yrQCgnGI2IhIknJxxXLbd8SpEYk+mO3jSVvD+tIw+8is1NIpR4k4ic8xcUhP/YmEds/7ozxjhj3AWzuAwDSZVczzsStgR1X9zBjjLQK5pSzMIeUXpM4KLDvfCgP+qr6Arc/5y+KvRRAjlKXA/k7oArpLhBiHeu0Dbeqt0GQ7vGdPF0AadF7lqq6b945idZ103WU1J9588Plkfethqn2mWAXe9u5JE184cre4Rn7ANTwyGr6Xkdg9whHJrTx0H2Hzlq8is+MXTA3wSiLsfC6KHuoTPJ6GGuk2wRSAXWU4Crr0Ijs0dFF8KZKKE5Nsf7SKM5kwfkti3G4iPw==; 5:Cvtx0s5xMEmW8w3Twa0Xph+KHNw2ioP0/Hs/j4HWloH1XuH0ltBbZpbdrpla5q9OzSvpBNSC+1AkP518qKSEEmgMcKlosriW4yy3dhERKzziNhjY8rxLR+rW6VQx1iibR+qNaUjweqTtnGLZN0kbe2olgTLlJm5zTqE6UrphAu8=; 7:EHrBNLJkU/J8DeD9yHNrU5PmhrAkKMEP9vXqTV/scikDlEo6nNTJ4PKfat8wUaMj6LuqUQvxp+07H/kY9KxH1OeSastGS1hwRAglBMaxHibic9dZgl9w2Zt94tziWYgWZ4MwySNjlVoXjQXOAJKpC/P1gIKE0gF3jEgcx03pbZS+yLtLd9HS3vJTCclczRoYvkPjoniYUQq/vBBqs1pMX11tOUEbIM6opqbZ8nPVf2qW8s95Q3vCT1AEd71gLRoj SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DB7PR08MB3611; 20:cyt8EKVu29B36Lx6Asak8I2w2h+jfjsJCcR8nCwPUIhCKEfovM/kY8+3/mrEs9RcvJGgRPJxxUeUHheUd2f1uk60LWp1q+5SVZclPEboel6KSLi1Ti3GnR9P1IJsEf04PSW0MzmhC2g8LjTb1ZaZ07Guvvsgbv7eheaDchoe4Qw= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Aug 2018 12:42:21.0595 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 403611d9-911a-4f26-a833-08d60dacdd3d X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3611 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.4.138 Subject: [Qemu-devel] [PATCH 1/5] dump: move Windows dump structures definitions X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: viktor.prutyanov@phystech.edu, armbru@redhat.com, dgilbert@redhat.com, Viktor Prutyanov , rkagan@virtuozzo.com, pbonzini@redhat.com, marcandre.lureau@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDMRC_1 RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This patch moves definitions of Windows dump structures to include/qemu/win_dump_defs.h to keep create_win_dump() prototype separate. Signed-off-by: Viktor Prutyanov --- include/qemu/win_dump_defs.h | 179 +++++++++++++++++++++++++++++++++++++++= ++++ win_dump.h | 166 +-------------------------------------- 2 files changed, 183 insertions(+), 162 deletions(-) create mode 100644 include/qemu/win_dump_defs.h diff --git a/include/qemu/win_dump_defs.h b/include/qemu/win_dump_defs.h new file mode 100644 index 0000000..145096e --- /dev/null +++ b/include/qemu/win_dump_defs.h @@ -0,0 +1,179 @@ +/* + * Windows crashdump definitions + * + * Copyright (c) 2018 Virtuozzo International GmbH + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + * + */ + +#ifndef QEMU_WIN_DUMP_DEFS_H +#define QEMU_WIN_DUMP_DEFS_H + +typedef struct WinDumpPhyMemRun64 { + uint64_t BasePage; + uint64_t PageCount; +} QEMU_PACKED WinDumpPhyMemRun64; + +typedef struct WinDumpPhyMemDesc64 { + uint32_t NumberOfRuns; + uint32_t unused; + uint64_t NumberOfPages; + WinDumpPhyMemRun64 Run[43]; +} QEMU_PACKED WinDumpPhyMemDesc64; + +typedef struct WinDumpExceptionRecord { + uint32_t ExceptionCode; + uint32_t ExceptionFlags; + uint64_t ExceptionRecord; + uint64_t ExceptionAddress; + uint32_t NumberParameters; + uint32_t unused; + uint64_t ExceptionInformation[15]; +} QEMU_PACKED WinDumpExceptionRecord; + +typedef struct WinDumpHeader64 { + char Signature[4]; + char ValidDump[4]; + uint32_t MajorVersion; + uint32_t MinorVersion; + uint64_t DirectoryTableBase; + uint64_t PfnDatabase; + uint64_t PsLoadedModuleList; + uint64_t PsActiveProcessHead; + uint32_t MachineImageType; + uint32_t NumberProcessors; + union { + struct { + uint32_t BugcheckCode; + uint32_t unused0; + uint64_t BugcheckParameter1; + uint64_t BugcheckParameter2; + uint64_t BugcheckParameter3; + uint64_t BugcheckParameter4; + }; + uint8_t BugcheckData[40]; + }; + uint8_t VersionUser[32]; + uint64_t KdDebuggerDataBlock; + union { + WinDumpPhyMemDesc64 PhysicalMemoryBlock; + uint8_t PhysicalMemoryBlockBuffer[704]; + }; + union { + uint8_t ContextBuffer[3000]; + }; + WinDumpExceptionRecord Exception; + uint32_t DumpType; + uint32_t unused1; + uint64_t RequiredDumpSpace; + uint64_t SystemTime; + char Comment[128]; + uint64_t SystemUpTime; + uint32_t MiniDumpFields; + uint32_t SecondaryDataState; + uint32_t ProductType; + uint32_t SuiteMask; + uint32_t WriterStatus; + uint8_t unused2; + uint8_t KdSecondaryVersion; + uint8_t reserved[4018]; +} QEMU_PACKED WinDumpHeader64; + +#define KDBG_OWNER_TAG_OFFSET64 0x10 +#define KDBG_MM_PFN_DATABASE_OFFSET64 0xC0 +#define KDBG_KI_BUGCHECK_DATA_OFFSET64 0x88 +#define KDBG_KI_PROCESSOR_BLOCK_OFFSET64 0x218 +#define KDBG_OFFSET_PRCB_CONTEXT_OFFSET64 0x338 + +#define VMCOREINFO_ELF_NOTE_HDR_SIZE 24 + +#define WIN_CTX_X64 0x00100000L + +#define WIN_CTX_CTL 0x00000001L +#define WIN_CTX_INT 0x00000002L +#define WIN_CTX_SEG 0x00000004L +#define WIN_CTX_FP 0x00000008L +#define WIN_CTX_DBG 0x00000010L + +#define WIN_CTX_FULL (WIN_CTX_X64 | WIN_CTX_CTL | WIN_CTX_INT | WIN_CTX= _FP) +#define WIN_CTX_ALL (WIN_CTX_FULL | WIN_CTX_SEG | WIN_CTX_DBG) + +#define LIVE_SYSTEM_DUMP 0x00000161 + +typedef struct WinM128A { + uint64_t low; + int64_t high; +} QEMU_ALIGNED(16) WinM128A; + +typedef struct WinContext { + uint64_t PHome[6]; + + uint32_t ContextFlags; + uint32_t MxCsr; + + uint16_t SegCs; + uint16_t SegDs; + uint16_t SegEs; + uint16_t SegFs; + uint16_t SegGs; + uint16_t SegSs; + uint32_t EFlags; + + uint64_t Dr0; + uint64_t Dr1; + uint64_t Dr2; + uint64_t Dr3; + uint64_t Dr6; + uint64_t Dr7; + + uint64_t Rax; + uint64_t Rcx; + uint64_t Rdx; + uint64_t Rbx; + uint64_t Rsp; + uint64_t Rbp; + uint64_t Rsi; + uint64_t Rdi; + uint64_t R8; + uint64_t R9; + uint64_t R10; + uint64_t R11; + uint64_t R12; + uint64_t R13; + uint64_t R14; + uint64_t R15; + + uint64_t Rip; + + struct { + uint16_t ControlWord; + uint16_t StatusWord; + uint8_t TagWord; + uint8_t Reserved1; + uint16_t ErrorOpcode; + uint32_t ErrorOffset; + uint16_t ErrorSelector; + uint16_t Reserved2; + uint32_t DataOffset; + uint16_t DataSelector; + uint16_t Reserved3; + uint32_t MxCsr; + uint32_t MxCsr_Mask; + WinM128A FloatRegisters[8]; + WinM128A XmmRegisters[16]; + uint8_t Reserved4[96]; + } FltSave; + + WinM128A VectorRegister[26]; + uint64_t VectorControl; + + uint64_t DebugControl; + uint64_t LastBranchToRip; + uint64_t LastBranchFromRip; + uint64_t LastExceptionToRip; + uint64_t LastExceptionFromRip; +} QEMU_ALIGNED(16) WinContext; + +#endif /* QEMU_WIN_DUMP_DEFS_H */ diff --git a/win_dump.h b/win_dump.h index f9e1faf..b8c2534 100644 --- a/win_dump.h +++ b/win_dump.h @@ -8,169 +8,11 @@ * */ =20 -typedef struct WinDumpPhyMemRun64 { - uint64_t BasePage; - uint64_t PageCount; -} QEMU_PACKED WinDumpPhyMemRun64; +#ifndef WIN_DUMP_H +#define WIN_DUMP_H =20 -typedef struct WinDumpPhyMemDesc64 { - uint32_t NumberOfRuns; - uint32_t unused; - uint64_t NumberOfPages; - WinDumpPhyMemRun64 Run[43]; -} QEMU_PACKED WinDumpPhyMemDesc64; - -typedef struct WinDumpExceptionRecord { - uint32_t ExceptionCode; - uint32_t ExceptionFlags; - uint64_t ExceptionRecord; - uint64_t ExceptionAddress; - uint32_t NumberParameters; - uint32_t unused; - uint64_t ExceptionInformation[15]; -} QEMU_PACKED WinDumpExceptionRecord; - -typedef struct WinDumpHeader64 { - char Signature[4]; - char ValidDump[4]; - uint32_t MajorVersion; - uint32_t MinorVersion; - uint64_t DirectoryTableBase; - uint64_t PfnDatabase; - uint64_t PsLoadedModuleList; - uint64_t PsActiveProcessHead; - uint32_t MachineImageType; - uint32_t NumberProcessors; - union { - struct { - uint32_t BugcheckCode; - uint32_t unused0; - uint64_t BugcheckParameter1; - uint64_t BugcheckParameter2; - uint64_t BugcheckParameter3; - uint64_t BugcheckParameter4; - }; - uint8_t BugcheckData[40]; - }; - uint8_t VersionUser[32]; - uint64_t KdDebuggerDataBlock; - union { - WinDumpPhyMemDesc64 PhysicalMemoryBlock; - uint8_t PhysicalMemoryBlockBuffer[704]; - }; - union { - uint8_t ContextBuffer[3000]; - }; - WinDumpExceptionRecord Exception; - uint32_t DumpType; - uint32_t unused1; - uint64_t RequiredDumpSpace; - uint64_t SystemTime; - char Comment[128]; - uint64_t SystemUpTime; - uint32_t MiniDumpFields; - uint32_t SecondaryDataState; - uint32_t ProductType; - uint32_t SuiteMask; - uint32_t WriterStatus; - uint8_t unused2; - uint8_t KdSecondaryVersion; - uint8_t reserved[4018]; -} QEMU_PACKED WinDumpHeader64; +#include "qemu/win_dump_defs.h" =20 void create_win_dump(DumpState *s, Error **errp); =20 -#define KDBG_OWNER_TAG_OFFSET64 0x10 -#define KDBG_MM_PFN_DATABASE_OFFSET64 0xC0 -#define KDBG_KI_BUGCHECK_DATA_OFFSET64 0x88 -#define KDBG_KI_PROCESSOR_BLOCK_OFFSET64 0x218 -#define KDBG_OFFSET_PRCB_CONTEXT_OFFSET64 0x338 - -#define VMCOREINFO_ELF_NOTE_HDR_SIZE 24 - -#define WIN_CTX_X64 0x00100000L - -#define WIN_CTX_CTL 0x00000001L -#define WIN_CTX_INT 0x00000002L -#define WIN_CTX_SEG 0x00000004L -#define WIN_CTX_FP 0x00000008L -#define WIN_CTX_DBG 0x00000010L - -#define WIN_CTX_FULL (WIN_CTX_X64 | WIN_CTX_CTL | WIN_CTX_INT | WIN_CTX= _FP) -#define WIN_CTX_ALL (WIN_CTX_FULL | WIN_CTX_SEG | WIN_CTX_DBG) - -#define LIVE_SYSTEM_DUMP 0x00000161 - -typedef struct WinM128A { - uint64_t low; - int64_t high; -} QEMU_ALIGNED(16) WinM128A; - -typedef struct WinContext { - uint64_t PHome[6]; - - uint32_t ContextFlags; - uint32_t MxCsr; - - uint16_t SegCs; - uint16_t SegDs; - uint16_t SegEs; - uint16_t SegFs; - uint16_t SegGs; - uint16_t SegSs; - uint32_t EFlags; - - uint64_t Dr0; - uint64_t Dr1; - uint64_t Dr2; - uint64_t Dr3; - uint64_t Dr6; - uint64_t Dr7; - - uint64_t Rax; - uint64_t Rcx; - uint64_t Rdx; - uint64_t Rbx; - uint64_t Rsp; - uint64_t Rbp; - uint64_t Rsi; - uint64_t Rdi; - uint64_t R8; - uint64_t R9; - uint64_t R10; - uint64_t R11; - uint64_t R12; - uint64_t R13; - uint64_t R14; - uint64_t R15; - - uint64_t Rip; - - struct { - uint16_t ControlWord; - uint16_t StatusWord; - uint8_t TagWord; - uint8_t Reserved1; - uint16_t ErrorOpcode; - uint32_t ErrorOffset; - uint16_t ErrorSelector; - uint16_t Reserved2; - uint32_t DataOffset; - uint16_t DataSelector; - uint16_t Reserved3; - uint32_t MxCsr; - uint32_t MxCsr_Mask; - WinM128A FloatRegisters[8]; - WinM128A XmmRegisters[16]; - uint8_t Reserved4[96]; - } FltSave; - - WinM128A VectorRegister[26]; - uint64_t VectorControl; - - uint64_t DebugControl; - uint64_t LastBranchToRip; - uint64_t LastBranchFromRip; - uint64_t LastExceptionToRip; - uint64_t LastExceptionFromRip; -} QEMU_ALIGNED(16) WinContext; +#endif /* WIN_DUMP_H */ --=20 2.7.4