| Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 1 | /* |
| 2 | * Windows crashdump |
| 3 | * |
| 4 | * Copyright (c) 2018 Virtuozzo International GmbH |
| 5 | * |
| 6 | * This work is licensed under the terms of the GNU GPL, version 2 or later. |
| 7 | * See the COPYING file in the top-level directory. |
| 8 | * |
| 9 | */ |
| 10 | |
| 11 | typedef struct WinDumpPhyMemRun64 { |
| 12 | uint64_t BasePage; |
| 13 | uint64_t PageCount; |
| 14 | } QEMU_PACKED WinDumpPhyMemRun64; |
| 15 | |
| 16 | typedef struct WinDumpPhyMemDesc64 { |
| 17 | uint32_t NumberOfRuns; |
| 18 | uint32_t unused; |
| 19 | uint64_t NumberOfPages; |
| 20 | WinDumpPhyMemRun64 Run[43]; |
| 21 | } QEMU_PACKED WinDumpPhyMemDesc64; |
| 22 | |
| 23 | typedef struct WinDumpExceptionRecord { |
| 24 | uint32_t ExceptionCode; |
| 25 | uint32_t ExceptionFlags; |
| 26 | uint64_t ExceptionRecord; |
| 27 | uint64_t ExceptionAddress; |
| 28 | uint32_t NumberParameters; |
| 29 | uint32_t unused; |
| 30 | uint64_t ExceptionInformation[15]; |
| 31 | } QEMU_PACKED WinDumpExceptionRecord; |
| 32 | |
| 33 | typedef struct WinDumpHeader64 { |
| 34 | char Signature[4]; |
| 35 | char ValidDump[4]; |
| 36 | uint32_t MajorVersion; |
| 37 | uint32_t MinorVersion; |
| 38 | uint64_t DirectoryTableBase; |
| 39 | uint64_t PfnDatabase; |
| 40 | uint64_t PsLoadedModuleList; |
| 41 | uint64_t PsActiveProcessHead; |
| 42 | uint32_t MachineImageType; |
| 43 | uint32_t NumberProcessors; |
| 44 | union { |
| 45 | struct { |
| 46 | uint32_t BugcheckCode; |
| 47 | uint32_t unused0; |
| 48 | uint64_t BugcheckParameter1; |
| 49 | uint64_t BugcheckParameter2; |
| 50 | uint64_t BugcheckParameter3; |
| 51 | uint64_t BugcheckParameter4; |
| 52 | }; |
| 53 | uint8_t BugcheckData[40]; |
| 54 | }; |
| 55 | uint8_t VersionUser[32]; |
| 56 | uint64_t KdDebuggerDataBlock; |
| 57 | union { |
| 58 | WinDumpPhyMemDesc64 PhysicalMemoryBlock; |
| 59 | uint8_t PhysicalMemoryBlockBuffer[704]; |
| 60 | }; |
| 61 | union { |
| 62 | uint8_t ContextBuffer[3000]; |
| 63 | }; |
| 64 | WinDumpExceptionRecord Exception; |
| 65 | uint32_t DumpType; |
| 66 | uint32_t unused1; |
| 67 | uint64_t RequiredDumpSpace; |
| 68 | uint64_t SystemTime; |
| 69 | char Comment[128]; |
| 70 | uint64_t SystemUpTime; |
| 71 | uint32_t MiniDumpFields; |
| 72 | uint32_t SecondaryDataState; |
| 73 | uint32_t ProductType; |
| 74 | uint32_t SuiteMask; |
| 75 | uint32_t WriterStatus; |
| 76 | uint8_t unused2; |
| 77 | uint8_t KdSecondaryVersion; |
| 78 | uint8_t reserved[4018]; |
| 79 | } QEMU_PACKED WinDumpHeader64; |
| 80 | |
| 81 | void create_win_dump(DumpState *s, Error **errp); |
| 82 | |
| Viktor Prutyanov | 2ad9b50 | 2018-05-17 19:23:42 +0300 | [diff] [blame] | 83 | #define KDBG_OWNER_TAG_OFFSET64 0x10 |
| 84 | #define KDBG_MM_PFN_DATABASE_OFFSET64 0xC0 |
| 85 | #define KDBG_KI_BUGCHECK_DATA_OFFSET64 0x88 |
| 86 | #define KDBG_KI_PROCESSOR_BLOCK_OFFSET64 0x218 |
| 87 | #define KDBG_OFFSET_PRCB_CONTEXT_OFFSET64 0x338 |
| Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 88 | |
| 89 | #define VMCOREINFO_ELF_NOTE_HDR_SIZE 24 |
| Viktor Prutyanov | 2ad9b50 | 2018-05-17 19:23:42 +0300 | [diff] [blame] | 90 | |
| 91 | #define WIN_CTX_X64 0x00100000L |
| 92 | |
| 93 | #define WIN_CTX_CTL 0x00000001L |
| 94 | #define WIN_CTX_INT 0x00000002L |
| 95 | #define WIN_CTX_SEG 0x00000004L |
| 96 | #define WIN_CTX_FP 0x00000008L |
| 97 | #define WIN_CTX_DBG 0x00000010L |
| 98 | |
| 99 | #define WIN_CTX_FULL (WIN_CTX_X64 | WIN_CTX_CTL | WIN_CTX_INT | WIN_CTX_FP) |
| 100 | #define WIN_CTX_ALL (WIN_CTX_FULL | WIN_CTX_SEG | WIN_CTX_DBG) |
| 101 | |
| 102 | #define LIVE_SYSTEM_DUMP 0x00000161 |
| 103 | |
| 104 | typedef struct WinM128A { |
| 105 | uint64_t low; |
| 106 | int64_t high; |
| 107 | } QEMU_ALIGNED(16) WinM128A; |
| 108 | |
| 109 | typedef struct WinContext { |
| 110 | uint64_t PHome[6]; |
| 111 | |
| 112 | uint32_t ContextFlags; |
| 113 | uint32_t MxCsr; |
| 114 | |
| 115 | uint16_t SegCs; |
| 116 | uint16_t SegDs; |
| 117 | uint16_t SegEs; |
| 118 | uint16_t SegFs; |
| 119 | uint16_t SegGs; |
| 120 | uint16_t SegSs; |
| 121 | uint32_t EFlags; |
| 122 | |
| 123 | uint64_t Dr0; |
| 124 | uint64_t Dr1; |
| 125 | uint64_t Dr2; |
| 126 | uint64_t Dr3; |
| 127 | uint64_t Dr6; |
| 128 | uint64_t Dr7; |
| 129 | |
| 130 | uint64_t Rax; |
| 131 | uint64_t Rcx; |
| 132 | uint64_t Rdx; |
| 133 | uint64_t Rbx; |
| 134 | uint64_t Rsp; |
| 135 | uint64_t Rbp; |
| 136 | uint64_t Rsi; |
| 137 | uint64_t Rdi; |
| 138 | uint64_t R8; |
| 139 | uint64_t R9; |
| 140 | uint64_t R10; |
| 141 | uint64_t R11; |
| 142 | uint64_t R12; |
| 143 | uint64_t R13; |
| 144 | uint64_t R14; |
| 145 | uint64_t R15; |
| 146 | |
| 147 | uint64_t Rip; |
| 148 | |
| 149 | struct { |
| 150 | uint16_t ControlWord; |
| 151 | uint16_t StatusWord; |
| 152 | uint8_t TagWord; |
| 153 | uint8_t Reserved1; |
| 154 | uint16_t ErrorOpcode; |
| 155 | uint32_t ErrorOffset; |
| 156 | uint16_t ErrorSelector; |
| 157 | uint16_t Reserved2; |
| 158 | uint32_t DataOffset; |
| 159 | uint16_t DataSelector; |
| 160 | uint16_t Reserved3; |
| 161 | uint32_t MxCsr; |
| 162 | uint32_t MxCsr_Mask; |
| 163 | WinM128A FloatRegisters[8]; |
| 164 | WinM128A XmmRegisters[16]; |
| 165 | uint8_t Reserved4[96]; |
| 166 | } FltSave; |
| 167 | |
| 168 | WinM128A VectorRegister[26]; |
| 169 | uint64_t VectorControl; |
| 170 | |
| 171 | uint64_t DebugControl; |
| 172 | uint64_t LastBranchToRip; |
| 173 | uint64_t LastBranchFromRip; |
| 174 | uint64_t LastExceptionToRip; |
| 175 | uint64_t LastExceptionFromRip; |
| 176 | } QEMU_ALIGNED(16) WinContext; |
