You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4346 lines
136 KiB
4346 lines
136 KiB
/*++
|
|
|
|
Copyright (c) Microsoft Corporation. All rights reserved.
|
|
|
|
Module Name:
|
|
|
|
ntdbg.h
|
|
|
|
Abstract:
|
|
|
|
This module contains the public data structures, data types,
|
|
and procedures exported by the NT Dbg subsystem.
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#ifndef _NTDBG_
|
|
#define _NTDBG_
|
|
|
|
#if _MSC_VER > 1000
|
|
#pragma once
|
|
#endif
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
|
|
|
|
//
|
|
// The following are explicitly sized versions of common system
|
|
// structures which appear in the kernel debugger API.
|
|
//
|
|
// All of the debugger structures which are exposed to both
|
|
// sides of the KD API are declared below in explicitly sized
|
|
// versions as well, with inline converter functions.
|
|
//
|
|
|
|
//
|
|
// Macro for sign extending 32 bit addresses into 64 bits
|
|
//
|
|
|
|
#define COPYSE(p64,p32,f) p64->f = (ULONG64)(LONG64)(LONG)p32->f
|
|
|
|
__inline
|
|
void
|
|
ExceptionRecord32To64(
|
|
IN PEXCEPTION_RECORD32 Ex32,
|
|
OUT PEXCEPTION_RECORD64 Ex64
|
|
)
|
|
{
|
|
ULONG i;
|
|
Ex64->ExceptionCode = Ex32->ExceptionCode;
|
|
Ex64->ExceptionFlags = Ex32->ExceptionFlags;
|
|
Ex64->ExceptionRecord = Ex32->ExceptionRecord;
|
|
COPYSE(Ex64,Ex32,ExceptionAddress);
|
|
Ex64->NumberParameters = Ex32->NumberParameters;
|
|
for (i = 0; i < EXCEPTION_MAXIMUM_PARAMETERS; i++) {
|
|
COPYSE(Ex64,Ex32,ExceptionInformation[i]);
|
|
}
|
|
}
|
|
|
|
__inline
|
|
void
|
|
ExceptionRecord64To32(
|
|
IN PEXCEPTION_RECORD64 Ex64,
|
|
OUT PEXCEPTION_RECORD32 Ex32
|
|
)
|
|
{
|
|
ULONG i;
|
|
Ex32->ExceptionCode = Ex64->ExceptionCode;
|
|
Ex32->ExceptionFlags = Ex64->ExceptionFlags;
|
|
Ex32->ExceptionRecord = (ULONG) Ex64->ExceptionRecord;
|
|
Ex32->ExceptionAddress = (ULONG) Ex64->ExceptionAddress;
|
|
Ex32->NumberParameters = Ex64->NumberParameters;
|
|
for (i = 0; i < EXCEPTION_MAXIMUM_PARAMETERS; i++) {
|
|
Ex32->ExceptionInformation[i] = (ULONG) Ex64->ExceptionInformation[i];
|
|
}
|
|
}
|
|
|
|
|
|
//
|
|
// DbgKm Apis are from the kernel component (Dbgk) through a process
|
|
// debug port.
|
|
//
|
|
|
|
#define DBGKM_MSG_OVERHEAD \
|
|
(FIELD_OFFSET(DBGKM_APIMSG, u.Exception) - sizeof(PORT_MESSAGE))
|
|
|
|
#define DBGKM_API_MSG_LENGTH(TypeSize) \
|
|
((sizeof(DBGKM_APIMSG) << 16) | (DBGKM_MSG_OVERHEAD + (TypeSize)))
|
|
|
|
#define DBGKM_FORMAT_API_MSG(m,Number,TypeSize) \
|
|
(m).h.u1.Length = DBGKM_API_MSG_LENGTH((TypeSize)); \
|
|
(m).h.u2.ZeroInit = LPC_DEBUG_EVENT; \
|
|
(m).ApiNumber = (Number)
|
|
|
|
typedef enum _DBGKM_APINUMBER {
|
|
DbgKmExceptionApi,
|
|
DbgKmCreateThreadApi,
|
|
DbgKmCreateProcessApi,
|
|
DbgKmExitThreadApi,
|
|
DbgKmExitProcessApi,
|
|
DbgKmLoadDllApi,
|
|
DbgKmUnloadDllApi,
|
|
DbgKmMaxApiNumber
|
|
} DBGKM_APINUMBER;
|
|
|
|
|
|
#if !DBG_NO_PORTABLE_TYPES
|
|
typedef struct _DBGKM_EXCEPTION {
|
|
EXCEPTION_RECORD ExceptionRecord;
|
|
ULONG FirstChance;
|
|
} DBGKM_EXCEPTION, *PDBGKM_EXCEPTION;
|
|
#endif
|
|
|
|
typedef struct _DBGKM_EXCEPTION32 {
|
|
EXCEPTION_RECORD32 ExceptionRecord;
|
|
ULONG FirstChance;
|
|
} DBGKM_EXCEPTION32, *PDBGKM_EXCEPTION32;
|
|
|
|
typedef struct _DBGKM_EXCEPTION64 {
|
|
EXCEPTION_RECORD64 ExceptionRecord;
|
|
ULONG FirstChance;
|
|
} DBGKM_EXCEPTION64, *PDBGKM_EXCEPTION64;
|
|
|
|
__inline
|
|
void
|
|
DbgkmException32To64(
|
|
IN PDBGKM_EXCEPTION32 E32,
|
|
OUT PDBGKM_EXCEPTION64 E64
|
|
)
|
|
{
|
|
ExceptionRecord32To64(&E32->ExceptionRecord, &E64->ExceptionRecord);
|
|
E64->FirstChance = E32->FirstChance;
|
|
}
|
|
|
|
__inline
|
|
void
|
|
DbgkmException64To32(
|
|
IN PDBGKM_EXCEPTION64 E64,
|
|
OUT PDBGKM_EXCEPTION32 E32
|
|
)
|
|
{
|
|
ExceptionRecord64To32(&E64->ExceptionRecord, &E32->ExceptionRecord);
|
|
E32->FirstChance = E64->FirstChance;
|
|
}
|
|
|
|
|
|
//
|
|
// The DbgSS, DbgKm and DbgSs stuff is not needed in the portable debugger,
|
|
// and some of the following types and prototypes use portable types, so just
|
|
// turn them all off when building the debugger.
|
|
//
|
|
|
|
#if !DBG_NO_PORTABLE_TYPES
|
|
typedef struct _DBGKM_CREATE_THREAD {
|
|
ULONG SubSystemKey;
|
|
PVOID StartAddress;
|
|
} DBGKM_CREATE_THREAD, *PDBGKM_CREATE_THREAD;
|
|
|
|
typedef struct _DBGKM_CREATE_PROCESS {
|
|
ULONG SubSystemKey;
|
|
HANDLE FileHandle;
|
|
PVOID BaseOfImage;
|
|
ULONG DebugInfoFileOffset;
|
|
ULONG DebugInfoSize;
|
|
DBGKM_CREATE_THREAD InitialThread;
|
|
} DBGKM_CREATE_PROCESS, *PDBGKM_CREATE_PROCESS;
|
|
|
|
typedef struct _DBGKM_EXIT_THREAD {
|
|
NTSTATUS ExitStatus;
|
|
} DBGKM_EXIT_THREAD, *PDBGKM_EXIT_THREAD;
|
|
|
|
typedef struct _DBGKM_EXIT_PROCESS {
|
|
NTSTATUS ExitStatus;
|
|
} DBGKM_EXIT_PROCESS, *PDBGKM_EXIT_PROCESS;
|
|
|
|
typedef struct _DBGKM_LOAD_DLL {
|
|
HANDLE FileHandle;
|
|
PVOID BaseOfDll;
|
|
ULONG DebugInfoFileOffset;
|
|
ULONG DebugInfoSize;
|
|
PVOID NamePointer;
|
|
} DBGKM_LOAD_DLL, *PDBGKM_LOAD_DLL;
|
|
|
|
typedef struct _DBGKM_UNLOAD_DLL {
|
|
PVOID BaseAddress;
|
|
} DBGKM_UNLOAD_DLL, *PDBGKM_UNLOAD_DLL;
|
|
|
|
typedef struct _DBGKM_APIMSG {
|
|
PORT_MESSAGE h;
|
|
DBGKM_APINUMBER ApiNumber;
|
|
NTSTATUS ReturnedStatus;
|
|
union {
|
|
DBGKM_EXCEPTION Exception;
|
|
DBGKM_CREATE_THREAD CreateThread;
|
|
DBGKM_CREATE_PROCESS CreateProcessInfo;
|
|
DBGKM_EXIT_THREAD ExitThread;
|
|
DBGKM_EXIT_PROCESS ExitProcess;
|
|
DBGKM_LOAD_DLL LoadDll;
|
|
DBGKM_UNLOAD_DLL UnloadDll;
|
|
} u;
|
|
} DBGKM_APIMSG, *PDBGKM_APIMSG;
|
|
|
|
//
|
|
// DbgSrv Messages are from Dbg subsystem to emulation subsystem.
|
|
// The only defined message at this time is continue
|
|
//
|
|
|
|
#define DBGSRV_MSG_OVERHEAD \
|
|
(sizeof(DBGSRV_APIMSG) - sizeof(PORT_MESSAGE))
|
|
|
|
#define DBGSRV_API_MSG_LENGTH(TypeSize) \
|
|
((sizeof(DBGSRV_APIMSG) << 16) | (DBGSRV_MSG_OVERHEAD))
|
|
|
|
#define DBGSRV_FORMAT_API_MSG(m,Number,TypeSize,CKey) \
|
|
(m).h.u1.Length = DBGSRV_API_MSG_LENGTH((TypeSize)); \
|
|
(m).h.u2.ZeroInit = 0L; \
|
|
(m).ApiNumber = (Number); \
|
|
(m).ContinueKey = (PVOID)(CKey)
|
|
|
|
typedef enum _DBGSRV_APINUMBER {
|
|
DbgSrvContinueApi,
|
|
DbgSrvMaxApiNumber
|
|
} DBGSRV_APINUMBER;
|
|
|
|
typedef struct _DBGSRV_APIMSG {
|
|
PORT_MESSAGE h;
|
|
DBGSRV_APINUMBER ApiNumber;
|
|
NTSTATUS ReturnedStatus;
|
|
PVOID ContinueKey;
|
|
} DBGSRV_APIMSG, *PDBGSRV_APIMSG;
|
|
|
|
//
|
|
//
|
|
// DbgSs Apis are from the system service emulation subsystems to the Dbg
|
|
// subsystem
|
|
//
|
|
|
|
typedef enum _DBG_STATE {
|
|
DbgIdle,
|
|
DbgReplyPending,
|
|
DbgCreateThreadStateChange,
|
|
DbgCreateProcessStateChange,
|
|
DbgExitThreadStateChange,
|
|
DbgExitProcessStateChange,
|
|
DbgExceptionStateChange,
|
|
DbgBreakpointStateChange,
|
|
DbgSingleStepStateChange,
|
|
DbgLoadDllStateChange,
|
|
DbgUnloadDllStateChange
|
|
} DBG_STATE, *PDBG_STATE;
|
|
|
|
#define DBGSS_MSG_OVERHEAD \
|
|
(FIELD_OFFSET(DBGSS_APIMSG, u.Exception) - sizeof(PORT_MESSAGE))
|
|
|
|
#define DBGSS_API_MSG_LENGTH(TypeSize) \
|
|
((sizeof(DBGSS_APIMSG) << 16) | (DBGSS_MSG_OVERHEAD + (TypeSize)))
|
|
|
|
#define DBGSS_FORMAT_API_MSG(m,Number,TypeSize,pApp,CKey) \
|
|
(m).h.u1.Length = DBGSS_API_MSG_LENGTH((TypeSize)); \
|
|
(m).h.u2.ZeroInit = 0L; \
|
|
(m).ApiNumber = (Number); \
|
|
(m).AppClientId = *(pApp); \
|
|
(m).ContinueKey = (PVOID)(CKey)
|
|
|
|
typedef enum _DBGSS_APINUMBER {
|
|
DbgSsExceptionApi,
|
|
DbgSsCreateThreadApi,
|
|
DbgSsCreateProcessApi,
|
|
DbgSsExitThreadApi,
|
|
DbgSsExitProcessApi,
|
|
DbgSsLoadDllApi,
|
|
DbgSsUnloadDllApi,
|
|
DbgSsMaxApiNumber
|
|
} DBGSS_APINUMBER;
|
|
|
|
typedef struct _DBGSS_CREATE_PROCESS {
|
|
CLIENT_ID DebugUiClientId;
|
|
DBGKM_CREATE_PROCESS NewProcess;
|
|
} DBGSS_CREATE_PROCESS, *PDBGSS_CREATE_PROCESS;
|
|
|
|
typedef struct _DBGSS_APIMSG {
|
|
PORT_MESSAGE h;
|
|
DBGKM_APINUMBER ApiNumber;
|
|
NTSTATUS ReturnedStatus;
|
|
CLIENT_ID AppClientId;
|
|
PVOID ContinueKey;
|
|
union {
|
|
DBGKM_EXCEPTION Exception;
|
|
DBGKM_CREATE_THREAD CreateThread;
|
|
DBGSS_CREATE_PROCESS CreateProcessInfo;
|
|
DBGKM_EXIT_THREAD ExitThread;
|
|
DBGKM_EXIT_PROCESS ExitProcess;
|
|
DBGKM_LOAD_DLL LoadDll;
|
|
DBGKM_UNLOAD_DLL UnloadDll;
|
|
} u;
|
|
} DBGSS_APIMSG, *PDBGSS_APIMSG;
|
|
|
|
#define DBGUI_MSG_OVERHEAD \
|
|
(FIELD_OFFSET(DBGUI_APIMSG, u.Continue) - sizeof(PORT_MESSAGE))
|
|
|
|
#define DBGUI_API_MSG_LENGTH(TypeSize) \
|
|
((sizeof(DBGUI_APIMSG) << 16) | (DBGUI_MSG_OVERHEAD + (TypeSize)))
|
|
|
|
#define DBGUI_FORMAT_API_MSG(m,Number,TypeSize) \
|
|
(m).h.u1.Length = DBGUI_API_MSG_LENGTH((TypeSize)); \
|
|
(m).h.u2.ZeroInit = 0L; \
|
|
(m).ApiNumber = (Number)
|
|
|
|
typedef enum _DBGUI_APINUMBER {
|
|
DbgUiWaitStateChangeApi,
|
|
DbgUiContinueApi,
|
|
DbgUiStopDebugApi,
|
|
DbgUiMaxApiNumber
|
|
} DBGUI_APINUMBER;
|
|
|
|
typedef struct _DBGUI_CREATE_THREAD {
|
|
HANDLE HandleToThread;
|
|
DBGKM_CREATE_THREAD NewThread;
|
|
} DBGUI_CREATE_THREAD, *PDBGUI_CREATE_THREAD;
|
|
|
|
typedef struct _DBGUI_CREATE_PROCESS {
|
|
HANDLE HandleToProcess;
|
|
HANDLE HandleToThread;
|
|
DBGKM_CREATE_PROCESS NewProcess;
|
|
} DBGUI_CREATE_PROCESS, *PDBGUI_CREATE_PROCESS;
|
|
|
|
typedef struct _DBGUI_WAIT_STATE_CHANGE {
|
|
DBG_STATE NewState;
|
|
CLIENT_ID AppClientId;
|
|
union {
|
|
DBGKM_EXCEPTION Exception;
|
|
DBGUI_CREATE_THREAD CreateThread;
|
|
DBGUI_CREATE_PROCESS CreateProcessInfo;
|
|
DBGKM_EXIT_THREAD ExitThread;
|
|
DBGKM_EXIT_PROCESS ExitProcess;
|
|
DBGKM_LOAD_DLL LoadDll;
|
|
DBGKM_UNLOAD_DLL UnloadDll;
|
|
} StateInfo;
|
|
} DBGUI_WAIT_STATE_CHANGE, *PDBGUI_WAIT_STATE_CHANGE;
|
|
|
|
typedef struct _DBGUI_CONTINUE {
|
|
CLIENT_ID AppClientId;
|
|
NTSTATUS ContinueStatus;
|
|
} DBGUI_CONTINUE, *PDBGUI_CONTINUE;
|
|
|
|
typedef struct _DBGUI_STOPDEBUG {
|
|
ULONG ProcessId;
|
|
} DBGUI_STOPDEBUG, *PDBGUI_STOPDEBUG;
|
|
|
|
typedef struct _DBGUI_APIMSG {
|
|
PORT_MESSAGE h;
|
|
union {
|
|
HANDLE DbgStateChangeSemaphore;
|
|
struct {
|
|
DBGKM_APINUMBER ApiNumber;
|
|
NTSTATUS ReturnedStatus;
|
|
union {
|
|
DBGUI_CONTINUE Continue;
|
|
DBGUI_WAIT_STATE_CHANGE WaitStateChange;
|
|
DBGUI_STOPDEBUG StopDebug;
|
|
} u;
|
|
};
|
|
};
|
|
} DBGUI_APIMSG, *PDBGUI_APIMSG;
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(*PDBGSS_UI_LOOKUP) (
|
|
IN PCLIENT_ID AppClientId,
|
|
OUT PCLIENT_ID DebugUiClientId
|
|
);
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(*PDBGSS_DBGKM_APIMSG_FILTER) (
|
|
IN OUT PDBGKM_APIMSG ApiMsg
|
|
);
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(*PDBGSS_SUBSYSTEMKEY_LOOKUP) (
|
|
IN PCLIENT_ID AppClientId,
|
|
OUT PULONG SubsystemKey,
|
|
IN BOOLEAN ProcessKey
|
|
);
|
|
//
|
|
// DbgSs APIs
|
|
//
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgSsInitialize(
|
|
IN HANDLE KmReplyPort,
|
|
IN PDBGSS_UI_LOOKUP UiLookUpRoutine,
|
|
IN PDBGSS_SUBSYSTEMKEY_LOOKUP SubsystemKeyLookupRoutine OPTIONAL,
|
|
IN PDBGSS_DBGKM_APIMSG_FILTER KmApiMsgFilter OPTIONAL
|
|
);
|
|
|
|
VOID
|
|
NTAPI
|
|
DbgSsHandleKmApiMsg(
|
|
IN PDBGKM_APIMSG ApiMsg,
|
|
IN HANDLE ReplyEvent OPTIONAL
|
|
);
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(*PDBGSS_INITIALIZE_ROUTINE)(
|
|
IN HANDLE KmReplyPort,
|
|
IN PDBGSS_UI_LOOKUP UiLookUpRoutine,
|
|
IN PDBGSS_SUBSYSTEMKEY_LOOKUP SubsystemKeyLookupRoutine OPTIONAL,
|
|
IN PDBGSS_DBGKM_APIMSG_FILTER KmApiMsgFilter OPTIONAL
|
|
);
|
|
|
|
typedef
|
|
VOID
|
|
(*PDBGSS_HANDLE_MSG_ROUTINE)(
|
|
IN PDBGKM_APIMSG ApiMsg,
|
|
IN HANDLE ReplyEvent OPTIONAL
|
|
);
|
|
|
|
//
|
|
// DbgUi APIs
|
|
//
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiConnectToDbg( VOID );
|
|
|
|
HANDLE
|
|
NTAPI
|
|
DbgUiGetThreadDebugObject (
|
|
);
|
|
|
|
VOID
|
|
NTAPI
|
|
DbgUiSetThreadDebugObject (
|
|
IN HANDLE DebugObject
|
|
);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiWaitStateChange (
|
|
OUT PDBGUI_WAIT_STATE_CHANGE StateChange,
|
|
IN PLARGE_INTEGER Timeout OPTIONAL
|
|
);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiContinue (
|
|
IN PCLIENT_ID AppClientId,
|
|
IN NTSTATUS ContinueStatus
|
|
);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
DbgUiStopDebugging (
|
|
IN HANDLE Process
|
|
);
|
|
|
|
NTSTATUS
|
|
DbgUiDebugActiveProcess (
|
|
IN HANDLE Process
|
|
);
|
|
|
|
VOID
|
|
DbgUiRemoteBreakin (
|
|
IN PVOID Context
|
|
);
|
|
|
|
NTSTATUS
|
|
DbgUiIssueRemoteBreakin (
|
|
IN HANDLE Process
|
|
);
|
|
|
|
struct _DEBUG_EVENT;
|
|
|
|
NTSTATUS
|
|
DbgUiConvertStateChangeStructure (
|
|
IN PDBGUI_WAIT_STATE_CHANGE StateChange,
|
|
OUT struct _DEBUG_EVENT *DebugEvent);
|
|
|
|
#endif // DBG_NO_PORTABLE_TYPES
|
|
|
|
|
|
|
|
|
|
|
|
typedef struct _KAPC_STATE32 {
|
|
LIST_ENTRY32 ApcListHead[2];
|
|
ULONG Process;
|
|
BOOLEAN KernelApcInProgress;
|
|
BOOLEAN KernelApcPending;
|
|
BOOLEAN UserApcPending;
|
|
} KAPC_STATE32;
|
|
|
|
typedef struct _KAPC_STATE64 {
|
|
LIST_ENTRY64 ApcListHead[2];
|
|
ULONG64 Process;
|
|
BOOLEAN KernelApcInProgress;
|
|
BOOLEAN KernelApcPending;
|
|
BOOLEAN UserApcPending;
|
|
} KAPC_STATE64;
|
|
|
|
typedef struct _DISPATCHER_HEADER32 {
|
|
UCHAR Type;
|
|
UCHAR Absolute;
|
|
UCHAR Size;
|
|
UCHAR Inserted;
|
|
LONG SignalState;
|
|
LIST_ENTRY32 WaitListHead;
|
|
} DISPATCHER_HEADER32;
|
|
|
|
typedef struct _DISPATCHER_HEADER64 {
|
|
UCHAR Type;
|
|
UCHAR Absolute;
|
|
UCHAR Size;
|
|
UCHAR Inserted;
|
|
LONG SignalState;
|
|
LIST_ENTRY64 WaitListHead;
|
|
} DISPATCHER_HEADER64;
|
|
|
|
typedef struct _KSPIN_LOCK_QUEUE32 {
|
|
ULONG Next;
|
|
ULONG Lock;
|
|
} KSPIN_LOCK_QUEUE32, *PKSPIN_LOCK_QUEUE32;
|
|
|
|
typedef struct _KSPIN_LOCK_QUEUE64 {
|
|
ULONG64 Next;
|
|
ULONG64 Lock;
|
|
} KSPIN_LOCK_QUEUE64, *PKSPIN_LOCK_QUEUE64;
|
|
|
|
typedef struct _PP_LOOKASIDE_LIST32 {
|
|
ULONG P;
|
|
ULONG L;
|
|
} PP_LOOKASIDE_LIST32, *PPP_LOOKASIDE_LIST32;
|
|
|
|
typedef struct _PP_LOOKASIDE_LIST64 {
|
|
ULONG P;
|
|
ULONG L;
|
|
} PP_LOOKASIDE_LIST64, *PPP_LOOKASIDE_LIST64;
|
|
|
|
#define NT51_POOL_SMALL_LISTS 32
|
|
|
|
|
|
//
|
|
// X86 KSWITCHFRAME
|
|
//
|
|
typedef struct _X86_KSWITCHFRAME {
|
|
ULONG ExceptionList;
|
|
ULONG Eflags;
|
|
ULONG RetAddr;
|
|
} X86_KSWITCHFRAME, *PX86_KSWITCHFRAME;
|
|
|
|
|
|
//
|
|
// Special Registers for i386
|
|
//
|
|
|
|
typedef struct _X86_DESCRIPTOR {
|
|
USHORT Pad;
|
|
USHORT Limit;
|
|
ULONG Base;
|
|
} X86_DESCRIPTOR, *PX86_DESCRIPTOR;
|
|
|
|
typedef struct _X86_KSPECIAL_REGISTERS {
|
|
ULONG Cr0;
|
|
ULONG Cr2;
|
|
ULONG Cr3;
|
|
ULONG Cr4;
|
|
ULONG KernelDr0;
|
|
ULONG KernelDr1;
|
|
ULONG KernelDr2;
|
|
ULONG KernelDr3;
|
|
ULONG KernelDr6;
|
|
ULONG KernelDr7;
|
|
X86_DESCRIPTOR Gdtr;
|
|
X86_DESCRIPTOR Idtr;
|
|
USHORT Tr;
|
|
USHORT Ldtr;
|
|
ULONG Reserved[6];
|
|
} X86_KSPECIAL_REGISTERS, *PX86_KSPECIAL_REGISTERS;
|
|
|
|
|
|
//
|
|
// Define the size of the 80387 save area, which is in the context frame.
|
|
//
|
|
|
|
#define X86_SIZE_OF_80387_REGISTERS 80
|
|
|
|
typedef struct _X86_FLOATING_SAVE_AREA {
|
|
ULONG ControlWord;
|
|
ULONG StatusWord;
|
|
ULONG TagWord;
|
|
ULONG ErrorOffset;
|
|
ULONG ErrorSelector;
|
|
ULONG DataOffset;
|
|
ULONG DataSelector;
|
|
UCHAR RegisterArea[X86_SIZE_OF_80387_REGISTERS];
|
|
ULONG Cr0NpxState;
|
|
} X86_FLOATING_SAVE_AREA;
|
|
|
|
//
|
|
// Simulated context structure for the 16-bit environment
|
|
//
|
|
|
|
typedef struct _X86_CONTEXT {
|
|
|
|
ULONG ContextFlags;
|
|
ULONG Dr0;
|
|
ULONG Dr1;
|
|
ULONG Dr2;
|
|
ULONG Dr3;
|
|
ULONG Dr6;
|
|
ULONG Dr7;
|
|
X86_FLOATING_SAVE_AREA FloatSave;
|
|
ULONG SegGs;
|
|
ULONG SegFs;
|
|
ULONG SegEs;
|
|
ULONG SegDs;
|
|
ULONG Edi;
|
|
ULONG Esi;
|
|
ULONG Ebx;
|
|
ULONG Edx;
|
|
ULONG Ecx;
|
|
ULONG Eax;
|
|
ULONG Ebp;
|
|
ULONG Eip;
|
|
ULONG SegCs; // MUST BE SANITIZED
|
|
ULONG EFlags; // MUST BE SANITIZED
|
|
ULONG Esp;
|
|
ULONG SegSs;
|
|
|
|
} X86_CONTEXT, *PX86_CONTEXT;
|
|
|
|
#define MAXIMUM_SUPPORTED_EXTENSION 512
|
|
|
|
//
|
|
// Define the size of FP registers in the FXSAVE format
|
|
//
|
|
#define X86_SIZE_OF_FX_REGISTERS 128
|
|
|
|
typedef struct _X86_FXSAVE_FORMAT {
|
|
USHORT ControlWord;
|
|
USHORT StatusWord;
|
|
USHORT TagWord;
|
|
USHORT ErrorOpcode;
|
|
ULONG ErrorOffset;
|
|
ULONG ErrorSelector;
|
|
ULONG DataOffset;
|
|
ULONG DataSelector;
|
|
ULONG MXCsr;
|
|
ULONG Reserved2;
|
|
UCHAR RegisterArea[X86_SIZE_OF_FX_REGISTERS];
|
|
UCHAR Reserved3[X86_SIZE_OF_FX_REGISTERS];
|
|
UCHAR Reserved4[224];
|
|
} X86_FXSAVE_FORMAT, *PX86_FXSAVE_FORMAT;
|
|
|
|
typedef struct _X86_NT5_CONTEXT {
|
|
|
|
ULONG ContextFlags;
|
|
ULONG Dr0;
|
|
ULONG Dr1;
|
|
ULONG Dr2;
|
|
ULONG Dr3;
|
|
ULONG Dr6;
|
|
ULONG Dr7;
|
|
X86_FLOATING_SAVE_AREA FloatSave;
|
|
ULONG SegGs;
|
|
ULONG SegFs;
|
|
ULONG SegEs;
|
|
ULONG SegDs;
|
|
ULONG Edi;
|
|
ULONG Esi;
|
|
ULONG Ebx;
|
|
ULONG Edx;
|
|
ULONG Ecx;
|
|
ULONG Eax;
|
|
ULONG Ebp;
|
|
ULONG Eip;
|
|
ULONG SegCs; // MUST BE SANITIZED
|
|
ULONG EFlags; // MUST BE SANITIZED
|
|
ULONG Esp;
|
|
ULONG SegSs;
|
|
union {
|
|
UCHAR ExtendedRegisters[MAXIMUM_SUPPORTED_EXTENSION];
|
|
X86_FXSAVE_FORMAT FxSave;
|
|
};
|
|
|
|
} X86_NT5_CONTEXT, *PX86_NT5_CONTEXT;
|
|
|
|
typedef struct _ALPHA_CONTEXT {
|
|
|
|
ULONG FltF0;
|
|
ULONG FltF1;
|
|
ULONG FltF2;
|
|
ULONG FltF3;
|
|
ULONG FltF4;
|
|
ULONG FltF5;
|
|
ULONG FltF6;
|
|
ULONG FltF7;
|
|
ULONG FltF8;
|
|
ULONG FltF9;
|
|
ULONG FltF10;
|
|
ULONG FltF11;
|
|
ULONG FltF12;
|
|
ULONG FltF13;
|
|
ULONG FltF14;
|
|
ULONG FltF15;
|
|
ULONG FltF16;
|
|
ULONG FltF17;
|
|
ULONG FltF18;
|
|
ULONG FltF19;
|
|
ULONG FltF20;
|
|
ULONG FltF21;
|
|
ULONG FltF22;
|
|
ULONG FltF23;
|
|
ULONG FltF24;
|
|
ULONG FltF25;
|
|
ULONG FltF26;
|
|
ULONG FltF27;
|
|
ULONG FltF28;
|
|
ULONG FltF29;
|
|
ULONG FltF30;
|
|
ULONG FltF31;
|
|
|
|
ULONG IntV0; // $0: return value register, v0
|
|
ULONG IntT0; // $1: temporary registers, t0 - t7
|
|
ULONG IntT1; // $2:
|
|
ULONG IntT2; // $3:
|
|
ULONG IntT3; // $4:
|
|
ULONG IntT4; // $5:
|
|
ULONG IntT5; // $6:
|
|
ULONG IntT6; // $7:
|
|
ULONG IntT7; // $8:
|
|
ULONG IntS0; // $9: nonvolatile registers, s0 - s5
|
|
ULONG IntS1; // $10:
|
|
ULONG IntS2; // $11:
|
|
ULONG IntS3; // $12:
|
|
ULONG IntS4; // $13:
|
|
ULONG IntS5; // $14:
|
|
ULONG IntFp; // $15: frame pointer register, fp/s6
|
|
ULONG IntA0; // $16: argument registers, a0 - a5
|
|
ULONG IntA1; // $17:
|
|
ULONG IntA2; // $18:
|
|
ULONG IntA3; // $19:
|
|
ULONG IntA4; // $20:
|
|
ULONG IntA5; // $21:
|
|
ULONG IntT8; // $22: temporary registers, t8 - t11
|
|
ULONG IntT9; // $23:
|
|
ULONG IntT10; // $24:
|
|
ULONG IntT11; // $25:
|
|
ULONG IntRa; // $26: return address register, ra
|
|
ULONG IntT12; // $27: temporary register, t12
|
|
ULONG IntAt; // $28: assembler temp register, at
|
|
ULONG IntGp; // $29: global pointer register, gp
|
|
ULONG IntSp; // $30: stack pointer register, sp
|
|
ULONG IntZero; // $31: zero register, zero
|
|
|
|
ULONG Fpcr; // floating point control register
|
|
ULONG SoftFpcr; // software extension to FPCR
|
|
|
|
ULONG Fir; // (fault instruction) continuation address
|
|
|
|
ULONG Psr; // processor status
|
|
ULONG ContextFlags;
|
|
|
|
//
|
|
// Beginning of the "second half".
|
|
// The name "High" parallels the HighPart of a LargeInteger.
|
|
//
|
|
|
|
ULONG HighFltF0;
|
|
ULONG HighFltF1;
|
|
ULONG HighFltF2;
|
|
ULONG HighFltF3;
|
|
ULONG HighFltF4;
|
|
ULONG HighFltF5;
|
|
ULONG HighFltF6;
|
|
ULONG HighFltF7;
|
|
ULONG HighFltF8;
|
|
ULONG HighFltF9;
|
|
ULONG HighFltF10;
|
|
ULONG HighFltF11;
|
|
ULONG HighFltF12;
|
|
ULONG HighFltF13;
|
|
ULONG HighFltF14;
|
|
ULONG HighFltF15;
|
|
ULONG HighFltF16;
|
|
ULONG HighFltF17;
|
|
ULONG HighFltF18;
|
|
ULONG HighFltF19;
|
|
ULONG HighFltF20;
|
|
ULONG HighFltF21;
|
|
ULONG HighFltF22;
|
|
ULONG HighFltF23;
|
|
ULONG HighFltF24;
|
|
ULONG HighFltF25;
|
|
ULONG HighFltF26;
|
|
ULONG HighFltF27;
|
|
ULONG HighFltF28;
|
|
ULONG HighFltF29;
|
|
ULONG HighFltF30;
|
|
ULONG HighFltF31;
|
|
|
|
ULONG HighIntV0; // $0: return value register, v0
|
|
ULONG HighIntT0; // $1: temporary registers, t0 - t7
|
|
ULONG HighIntT1; // $2:
|
|
ULONG HighIntT2; // $3:
|
|
ULONG HighIntT3; // $4:
|
|
ULONG HighIntT4; // $5:
|
|
ULONG HighIntT5; // $6:
|
|
ULONG HighIntT6; // $7:
|
|
ULONG HighIntT7; // $8:
|
|
ULONG HighIntS0; // $9: nonvolatile registers, s0 - s5
|
|
ULONG HighIntS1; // $10:
|
|
ULONG HighIntS2; // $11:
|
|
ULONG HighIntS3; // $12:
|
|
ULONG HighIntS4; // $13:
|
|
ULONG HighIntS5; // $14:
|
|
ULONG HighIntFp; // $15: frame pointer register, fp/s6
|
|
ULONG HighIntA0; // $16: argument registers, a0 - a5
|
|
ULONG HighIntA1; // $17:
|
|
ULONG HighIntA2; // $18:
|
|
ULONG HighIntA3; // $19:
|
|
ULONG HighIntA4; // $20:
|
|
ULONG HighIntA5; // $21:
|
|
ULONG HighIntT8; // $22: temporary registers, t8 - t11
|
|
ULONG HighIntT9; // $23:
|
|
ULONG HighIntT10; // $24:
|
|
ULONG HighIntT11; // $25:
|
|
ULONG HighIntRa; // $26: return address register, ra
|
|
ULONG HighIntT12; // $27: temporary register, t12
|
|
ULONG HighIntAt; // $28: assembler temp register, at
|
|
ULONG HighIntGp; // $29: global pointer register, gp
|
|
ULONG HighIntSp; // $30: stack pointer register, sp
|
|
ULONG HighIntZero; // $31: zero register, zero
|
|
|
|
ULONG HighFpcr; // floating point control register
|
|
ULONG HighSoftFpcr; // software extension to FPCR
|
|
ULONG HighFir; // processor status
|
|
|
|
double DoNotUseThisField; // to force quadword structure alignment
|
|
ULONG HighFill[2]; // padding for 16-byte stack frame alignment
|
|
|
|
|
|
} ALPHA_CONTEXT, *PALPHA_CONTEXT;
|
|
|
|
|
|
typedef struct _ALPHA_NT5_CONTEXT {
|
|
|
|
//
|
|
// This section is specified/returned if the ContextFlags word contains
|
|
// the flag CONTEXT_FLOATING_POINT.
|
|
//
|
|
|
|
ULONGLONG FltF0;
|
|
ULONGLONG FltF1;
|
|
ULONGLONG FltF2;
|
|
ULONGLONG FltF3;
|
|
ULONGLONG FltF4;
|
|
ULONGLONG FltF5;
|
|
ULONGLONG FltF6;
|
|
ULONGLONG FltF7;
|
|
ULONGLONG FltF8;
|
|
ULONGLONG FltF9;
|
|
ULONGLONG FltF10;
|
|
ULONGLONG FltF11;
|
|
ULONGLONG FltF12;
|
|
ULONGLONG FltF13;
|
|
ULONGLONG FltF14;
|
|
ULONGLONG FltF15;
|
|
ULONGLONG FltF16;
|
|
ULONGLONG FltF17;
|
|
ULONGLONG FltF18;
|
|
ULONGLONG FltF19;
|
|
ULONGLONG FltF20;
|
|
ULONGLONG FltF21;
|
|
ULONGLONG FltF22;
|
|
ULONGLONG FltF23;
|
|
ULONGLONG FltF24;
|
|
ULONGLONG FltF25;
|
|
ULONGLONG FltF26;
|
|
ULONGLONG FltF27;
|
|
ULONGLONG FltF28;
|
|
ULONGLONG FltF29;
|
|
ULONGLONG FltF30;
|
|
ULONGLONG FltF31;
|
|
|
|
//
|
|
// This section is specified/returned if the ContextFlags word contains
|
|
// the flag CONTEXT_INTEGER.
|
|
//
|
|
// N.B. The registers gp, sp, and ra are defined in this section, but are
|
|
// considered part of the control context rather than part of the integer
|
|
// context.
|
|
//
|
|
|
|
ULONGLONG IntV0; // $0: return value register, v0
|
|
ULONGLONG IntT0; // $1: temporary registers, t0 - t7
|
|
ULONGLONG IntT1; // $2:
|
|
ULONGLONG IntT2; // $3:
|
|
ULONGLONG IntT3; // $4:
|
|
ULONGLONG IntT4; // $5:
|
|
ULONGLONG IntT5; // $6:
|
|
ULONGLONG IntT6; // $7:
|
|
ULONGLONG IntT7; // $8:
|
|
ULONGLONG IntS0; // $9: nonvolatile registers, s0 - s5
|
|
ULONGLONG IntS1; // $10:
|
|
ULONGLONG IntS2; // $11:
|
|
ULONGLONG IntS3; // $12:
|
|
ULONGLONG IntS4; // $13:
|
|
ULONGLONG IntS5; // $14:
|
|
ULONGLONG IntFp; // $15: frame pointer register, fp/s6
|
|
ULONGLONG IntA0; // $16: argument registers, a0 - a5
|
|
ULONGLONG IntA1; // $17:
|
|
ULONGLONG IntA2; // $18:
|
|
ULONGLONG IntA3; // $19:
|
|
ULONGLONG IntA4; // $20:
|
|
ULONGLONG IntA5; // $21:
|
|
ULONGLONG IntT8; // $22: temporary registers, t8 - t11
|
|
ULONGLONG IntT9; // $23:
|
|
ULONGLONG IntT10; // $24:
|
|
ULONGLONG IntT11; // $25:
|
|
ULONGLONG IntRa; // $26: return address register, ra
|
|
ULONGLONG IntT12; // $27: temporary register, t12
|
|
ULONGLONG IntAt; // $28: assembler temp register, at
|
|
ULONGLONG IntGp; // $29: global pointer register, gp
|
|
ULONGLONG IntSp; // $30: stack pointer register, sp
|
|
ULONGLONG IntZero; // $31: zero register, zero
|
|
|
|
//
|
|
// This section is specified/returned if the ContextFlags word contains
|
|
// the flag CONTEXT_FLOATING_POINT.
|
|
//
|
|
|
|
ULONGLONG Fpcr; // floating point control register
|
|
ULONGLONG SoftFpcr; // software extension to FPCR
|
|
|
|
//
|
|
// This section is specified/returned if the ContextFlags word contains
|
|
// the flag CONTEXT_CONTROL.
|
|
//
|
|
// N.B. The registers gp, sp, and ra are defined in the integer section,
|
|
// but are considered part of the control context rather than part of
|
|
// the integer context.
|
|
//
|
|
|
|
ULONGLONG Fir; // (fault instruction) continuation address
|
|
ULONG Psr; // processor status
|
|
|
|
//
|
|
// The flags values within this flag control the contents of
|
|
// a CONTEXT record.
|
|
//
|
|
// If the context record is used as an input parameter, then
|
|
// for each portion of the context record controlled by a flag
|
|
// whose value is set, it is assumed that that portion of the
|
|
// context record contains valid context. If the context record
|
|
// is being used to modify a thread's context, then only that
|
|
// portion of the threads context will be modified.
|
|
//
|
|
// If the context record is used as an IN OUT parameter to capture
|
|
// the context of a thread, then only those portions of the thread's
|
|
// context corresponding to set flags will be returned.
|
|
//
|
|
// The context record is never used as an OUT only parameter.
|
|
//
|
|
|
|
ULONG ContextFlags;
|
|
ULONG Fill[4]; // padding for 16-byte stack frame alignment
|
|
|
|
} ALPHA_NT5_CONTEXT, *PALPHA_NT5_CONTEXT;
|
|
|
|
|
|
typedef struct _IA64_KSPECIAL_REGISTERS { // Intel-IA64-Filler
|
|
|
|
// Kernel debug breakpoint registers // Intel-IA64-Filler
|
|
|
|
ULONGLONG KernelDbI0; // Instruction debug registers // Intel-IA64-Filler
|
|
ULONGLONG KernelDbI1; // Intel-IA64-Filler
|
|
ULONGLONG KernelDbI2; // Intel-IA64-Filler
|
|
ULONGLONG KernelDbI3; // Intel-IA64-Filler
|
|
ULONGLONG KernelDbI4; // Intel-IA64-Filler
|
|
ULONGLONG KernelDbI5; // Intel-IA64-Filler
|
|
ULONGLONG KernelDbI6; // Intel-IA64-Filler
|
|
ULONGLONG KernelDbI7; // Intel-IA64-Filler
|
|
|
|
ULONGLONG KernelDbD0; // Data debug registers // Intel-IA64-Filler
|
|
ULONGLONG KernelDbD1; // Intel-IA64-Filler
|
|
ULONGLONG KernelDbD2; // Intel-IA64-Filler
|
|
ULONGLONG KernelDbD3; // Intel-IA64-Filler
|
|
ULONGLONG KernelDbD4; // Intel-IA64-Filler
|
|
ULONGLONG KernelDbD5; // Intel-IA64-Filler
|
|
ULONGLONG KernelDbD6; // Intel-IA64-Filler
|
|
ULONGLONG KernelDbD7; // Intel-IA64-Filler
|
|
|
|
// Kernel performance monitor registers // Intel-IA64-Filler
|
|
|
|
ULONGLONG KernelPfC0; // Performance configuration registers // Intel-IA64-Filler
|
|
ULONGLONG KernelPfC1; // Intel-IA64-Filler
|
|
ULONGLONG KernelPfC2; // Intel-IA64-Filler
|
|
ULONGLONG KernelPfC3; // Intel-IA64-Filler
|
|
ULONGLONG KernelPfC4; // Intel-IA64-Filler
|
|
ULONGLONG KernelPfC5; // Intel-IA64-Filler
|
|
ULONGLONG KernelPfC6; // Intel-IA64-Filler
|
|
ULONGLONG KernelPfC7; // Intel-IA64-Filler
|
|
|
|
ULONGLONG KernelPfD0; // Performance data registers // Intel-IA64-Filler
|
|
ULONGLONG KernelPfD1; // Intel-IA64-Filler
|
|
ULONGLONG KernelPfD2; // Intel-IA64-Filler
|
|
ULONGLONG KernelPfD3; // Intel-IA64-Filler
|
|
ULONGLONG KernelPfD4; // Intel-IA64-Filler
|
|
ULONGLONG KernelPfD5; // Intel-IA64-Filler
|
|
ULONGLONG KernelPfD6; // Intel-IA64-Filler
|
|
ULONGLONG KernelPfD7; // Intel-IA64-Filler
|
|
|
|
// kernel bank shadow (hidden) registers // Intel-IA64-Filler
|
|
|
|
ULONGLONG IntH16; // Intel-IA64-Filler
|
|
ULONGLONG IntH17; // Intel-IA64-Filler
|
|
ULONGLONG IntH18; // Intel-IA64-Filler
|
|
ULONGLONG IntH19; // Intel-IA64-Filler
|
|
ULONGLONG IntH20; // Intel-IA64-Filler
|
|
ULONGLONG IntH21; // Intel-IA64-Filler
|
|
ULONGLONG IntH22; // Intel-IA64-Filler
|
|
ULONGLONG IntH23; // Intel-IA64-Filler
|
|
ULONGLONG IntH24; // Intel-IA64-Filler
|
|
ULONGLONG IntH25; // Intel-IA64-Filler
|
|
ULONGLONG IntH26; // Intel-IA64-Filler
|
|
ULONGLONG IntH27; // Intel-IA64-Filler
|
|
ULONGLONG IntH28; // Intel-IA64-Filler
|
|
ULONGLONG IntH29; // Intel-IA64-Filler
|
|
ULONGLONG IntH30; // Intel-IA64-Filler
|
|
ULONGLONG IntH31; // Intel-IA64-Filler
|
|
|
|
// Application Registers // Intel-IA64-Filler
|
|
|
|
// - CPUID Registers - AR // Intel-IA64-Filler
|
|
ULONGLONG ApCPUID0; // Cpuid Register 0 // Intel-IA64-Filler
|
|
ULONGLONG ApCPUID1; // Cpuid Register 1 // Intel-IA64-Filler
|
|
ULONGLONG ApCPUID2; // Cpuid Register 2 // Intel-IA64-Filler
|
|
ULONGLONG ApCPUID3; // Cpuid Register 3 // Intel-IA64-Filler
|
|
ULONGLONG ApCPUID4; // Cpuid Register 4 // Intel-IA64-Filler
|
|
ULONGLONG ApCPUID5; // Cpuid Register 5 // Intel-IA64-Filler
|
|
ULONGLONG ApCPUID6; // Cpuid Register 6 // Intel-IA64-Filler
|
|
ULONGLONG ApCPUID7; // Cpuid Register 7 // Intel-IA64-Filler
|
|
|
|
// - Kernel Registers - AR // Intel-IA64-Filler
|
|
ULONGLONG ApKR0; // Kernel Register 0 (User RO) // Intel-IA64-Filler
|
|
ULONGLONG ApKR1; // Kernel Register 1 (User RO) // Intel-IA64-Filler
|
|
ULONGLONG ApKR2; // Kernel Register 2 (User RO) // Intel-IA64-Filler
|
|
ULONGLONG ApKR3; // Kernel Register 3 (User RO) // Intel-IA64-Filler
|
|
ULONGLONG ApKR4; // Kernel Register 4 // Intel-IA64-Filler
|
|
ULONGLONG ApKR5; // Kernel Register 5 // Intel-IA64-Filler
|
|
ULONGLONG ApKR6; // Kernel Register 6 // Intel-IA64-Filler
|
|
ULONGLONG ApKR7; // Kernel Register 7 // Intel-IA64-Filler
|
|
|
|
ULONGLONG ApITC; // Interval Timer Counter // Intel-IA64-Filler
|
|
|
|
// Global control registers // Intel-IA64-Filler
|
|
|
|
ULONGLONG ApITM; // Interval Timer Match register // Intel-IA64-Filler
|
|
ULONGLONG ApIVA; // Interrupt Vector Address // Intel-IA64-Filler
|
|
ULONGLONG ApPTA; // Page Table Address // Intel-IA64-Filler
|
|
ULONGLONG ApGPTA; // ia32 Page Table Address // Intel-IA64-Filler
|
|
|
|
ULONGLONG StISR; // Interrupt status // Intel-IA64-Filler
|
|
ULONGLONG StIFA; // Interruption Faulting Address // Intel-IA64-Filler
|
|
ULONGLONG StITIR; // Interruption TLB Insertion Register // Intel-IA64-Filler
|
|
ULONGLONG StIIPA; // Interruption Instruction Previous Address (RO) // Intel-IA64-Filler
|
|
ULONGLONG StIIM; // Interruption Immediate register (RO) // Intel-IA64-Filler
|
|
ULONGLONG StIHA; // Interruption Hash Address (RO) // Intel-IA64-Filler
|
|
|
|
// - External Interrupt control registers (SAPIC) // Intel-IA64-Filler
|
|
ULONGLONG SaLID; // Local SAPIC ID // Intel-IA64-Filler
|
|
ULONGLONG SaIVR; // Interrupt Vector Register (RO) // Intel-IA64-Filler
|
|
ULONGLONG SaTPR; // Task Priority Register // Intel-IA64-Filler
|
|
ULONGLONG SaEOI; // End Of Interrupt // Intel-IA64-Filler
|
|
ULONGLONG SaIRR0; // Interrupt Request Register 0 (RO) // Intel-IA64-Filler
|
|
ULONGLONG SaIRR1; // Interrupt Request Register 1 (RO) // Intel-IA64-Filler
|
|
ULONGLONG SaIRR2; // Interrupt Request Register 2 (RO) // Intel-IA64-Filler
|
|
ULONGLONG SaIRR3; // Interrupt Request Register 3 (RO) // Intel-IA64-Filler
|
|
ULONGLONG SaITV; // Interrupt Timer Vector // Intel-IA64-Filler
|
|
ULONGLONG SaPMV; // Performance Monitor Vector // Intel-IA64-Filler
|
|
ULONGLONG SaCMCV; // Corrected Machine Check Vector // Intel-IA64-Filler
|
|
ULONGLONG SaLRR0; // Local Interrupt Redirection Vector 0 // Intel-IA64-Filler
|
|
ULONGLONG SaLRR1; // Local Interrupt Redirection Vector 1 // Intel-IA64-Filler
|
|
|
|
// System Registers // Intel-IA64-Filler
|
|
// - Region registers // Intel-IA64-Filler
|
|
ULONGLONG Rr0; // Region register 0 // Intel-IA64-Filler
|
|
ULONGLONG Rr1; // Region register 1 // Intel-IA64-Filler
|
|
ULONGLONG Rr2; // Region register 2 // Intel-IA64-Filler
|
|
ULONGLONG Rr3; // Region register 3 // Intel-IA64-Filler
|
|
ULONGLONG Rr4; // Region register 4 // Intel-IA64-Filler
|
|
ULONGLONG Rr5; // Region register 5 // Intel-IA64-Filler
|
|
ULONGLONG Rr6; // Region register 6 // Intel-IA64-Filler
|
|
ULONGLONG Rr7; // Region register 7 // Intel-IA64-Filler
|
|
|
|
// - Protection Key registers // Intel-IA64-Filler
|
|
ULONGLONG Pkr0; // Protection Key register 0 // Intel-IA64-Filler
|
|
ULONGLONG Pkr1; // Protection Key register 1 // Intel-IA64-Filler
|
|
ULONGLONG Pkr2; // Protection Key register 2 // Intel-IA64-Filler
|
|
ULONGLONG Pkr3; // Protection Key register 3 // Intel-IA64-Filler
|
|
ULONGLONG Pkr4; // Protection Key register 4 // Intel-IA64-Filler
|
|
ULONGLONG Pkr5; // Protection Key register 5 // Intel-IA64-Filler
|
|
ULONGLONG Pkr6; // Protection Key register 6 // Intel-IA64-Filler
|
|
ULONGLONG Pkr7; // Protection Key register 7 // Intel-IA64-Filler
|
|
ULONGLONG Pkr8; // Protection Key register 8 // Intel-IA64-Filler
|
|
ULONGLONG Pkr9; // Protection Key register 9 // Intel-IA64-Filler
|
|
ULONGLONG Pkr10; // Protection Key register 10 // Intel-IA64-Filler
|
|
ULONGLONG Pkr11; // Protection Key register 11 // Intel-IA64-Filler
|
|
ULONGLONG Pkr12; // Protection Key register 12 // Intel-IA64-Filler
|
|
ULONGLONG Pkr13; // Protection Key register 13 // Intel-IA64-Filler
|
|
ULONGLONG Pkr14; // Protection Key register 14 // Intel-IA64-Filler
|
|
ULONGLONG Pkr15; // Protection Key register 15 // Intel-IA64-Filler
|
|
|
|
// - Translation Lookaside buffers // Intel-IA64-Filler
|
|
ULONGLONG TrI0; // Instruction Translation Register 0 // Intel-IA64-Filler
|
|
ULONGLONG TrI1; // Instruction Translation Register 1 // Intel-IA64-Filler
|
|
ULONGLONG TrI2; // Instruction Translation Register 2 // Intel-IA64-Filler
|
|
ULONGLONG TrI3; // Instruction Translation Register 3 // Intel-IA64-Filler
|
|
ULONGLONG TrI4; // Instruction Translation Register 4 // Intel-IA64-Filler
|
|
ULONGLONG TrI5; // Instruction Translation Register 5 // Intel-IA64-Filler
|
|
ULONGLONG TrI6; // Instruction Translation Register 6 // Intel-IA64-Filler
|
|
ULONGLONG TrI7; // Instruction Translation Register 7 // Intel-IA64-Filler
|
|
|
|
ULONGLONG TrD0; // Data Translation Register 0 // Intel-IA64-Filler
|
|
ULONGLONG TrD1; // Data Translation Register 1 // Intel-IA64-Filler
|
|
ULONGLONG TrD2; // Data Translation Register 2 // Intel-IA64-Filler
|
|
ULONGLONG TrD3; // Data Translation Register 3 // Intel-IA64-Filler
|
|
ULONGLONG TrD4; // Data Translation Register 4 // Intel-IA64-Filler
|
|
ULONGLONG TrD5; // Data Translation Register 5 // Intel-IA64-Filler
|
|
ULONGLONG TrD6; // Data Translation Register 6 // Intel-IA64-Filler
|
|
ULONGLONG TrD7; // Data Translation Register 7 // Intel-IA64-Filler
|
|
|
|
// - Machine Specific Registers // Intel-IA64-Filler
|
|
ULONGLONG SrMSR0; // Machine Specific Register 0 // Intel-IA64-Filler
|
|
ULONGLONG SrMSR1; // Machine Specific Register 1 // Intel-IA64-Filler
|
|
ULONGLONG SrMSR2; // Machine Specific Register 2 // Intel-IA64-Filler
|
|
ULONGLONG SrMSR3; // Machine Specific Register 3 // Intel-IA64-Filler
|
|
ULONGLONG SrMSR4; // Machine Specific Register 4 // Intel-IA64-Filler
|
|
ULONGLONG SrMSR5; // Machine Specific Register 5 // Intel-IA64-Filler
|
|
ULONGLONG SrMSR6; // Machine Specific Register 6 // Intel-IA64-Filler
|
|
ULONGLONG SrMSR7; // Machine Specific Register 7 // Intel-IA64-Filler
|
|
|
|
} IA64_KSPECIAL_REGISTERS, *PIA64_KSPECIAL_REGISTERS; // Intel-IA64-Filler
|
|
|
|
|
|
typedef struct _IA64_CONTEXT {
|
|
|
|
//
|
|
// The flags values within this flag control the contents of
|
|
// a CONTEXT record.
|
|
//
|
|
// If the context record is used as an input parameter, then
|
|
// for each portion of the context record controlled by a flag
|
|
// whose value is set, it is assumed that that portion of the
|
|
// context record contains valid context. If the context record
|
|
// is being used to modify a thread's context, then only that
|
|
// portion of the threads context will be modified.
|
|
//
|
|
// If the context record is used as an IN OUT parameter to capture
|
|
// the context of a thread, then only those portions of the thread's
|
|
// context corresponding to set flags will be returned.
|
|
//
|
|
// The context record is never used as an OUT only parameter.
|
|
//
|
|
|
|
ULONG ContextFlags;
|
|
ULONG Fill1[3]; // for alignment of following on 16-byte boundary
|
|
|
|
//
|
|
// This section is specified/returned if the ContextFlags word contains
|
|
// the flag CONTEXT_DEBUG.
|
|
//
|
|
// N.B. CONTEXT_DEBUG is *not* part of CONTEXT_FULL.
|
|
//
|
|
|
|
ULONGLONG DbI0; // Intel-IA64-Filler
|
|
ULONGLONG DbI1; // Intel-IA64-Filler
|
|
ULONGLONG DbI2; // Intel-IA64-Filler
|
|
ULONGLONG DbI3; // Intel-IA64-Filler
|
|
ULONGLONG DbI4; // Intel-IA64-Filler
|
|
ULONGLONG DbI5; // Intel-IA64-Filler
|
|
ULONGLONG DbI6; // Intel-IA64-Filler
|
|
ULONGLONG DbI7; // Intel-IA64-Filler
|
|
|
|
ULONGLONG DbD0; // Intel-IA64-Filler
|
|
ULONGLONG DbD1; // Intel-IA64-Filler
|
|
ULONGLONG DbD2; // Intel-IA64-Filler
|
|
ULONGLONG DbD3; // Intel-IA64-Filler
|
|
ULONGLONG DbD4; // Intel-IA64-Filler
|
|
ULONGLONG DbD5; // Intel-IA64-Filler
|
|
ULONGLONG DbD6; // Intel-IA64-Filler
|
|
ULONGLONG DbD7; // Intel-IA64-Filler
|
|
|
|
//
|
|
// This section is specified/returned if the ContextFlags word contains
|
|
// the flag CONTEXT_LOWER_FLOATING_POINT.
|
|
//
|
|
|
|
FLOAT128 FltS0; // Intel-IA64-Filler
|
|
FLOAT128 FltS1; // Intel-IA64-Filler
|
|
FLOAT128 FltS2; // Intel-IA64-Filler
|
|
FLOAT128 FltS3; // Intel-IA64-Filler
|
|
FLOAT128 FltT0; // Intel-IA64-Filler
|
|
FLOAT128 FltT1; // Intel-IA64-Filler
|
|
FLOAT128 FltT2; // Intel-IA64-Filler
|
|
FLOAT128 FltT3; // Intel-IA64-Filler
|
|
FLOAT128 FltT4; // Intel-IA64-Filler
|
|
FLOAT128 FltT5; // Intel-IA64-Filler
|
|
FLOAT128 FltT6; // Intel-IA64-Filler
|
|
FLOAT128 FltT7; // Intel-IA64-Filler
|
|
FLOAT128 FltT8; // Intel-IA64-Filler
|
|
FLOAT128 FltT9; // Intel-IA64-Filler
|
|
|
|
//
|
|
// This section is specified/returned if the ContextFlags word contains
|
|
// the flag CONTEXT_HIGHER_FLOATING_POINT.
|
|
//
|
|
|
|
FLOAT128 FltS4; // Intel-IA64-Filler
|
|
FLOAT128 FltS5; // Intel-IA64-Filler
|
|
FLOAT128 FltS6; // Intel-IA64-Filler
|
|
FLOAT128 FltS7; // Intel-IA64-Filler
|
|
FLOAT128 FltS8; // Intel-IA64-Filler
|
|
FLOAT128 FltS9; // Intel-IA64-Filler
|
|
FLOAT128 FltS10; // Intel-IA64-Filler
|
|
FLOAT128 FltS11; // Intel-IA64-Filler
|
|
FLOAT128 FltS12; // Intel-IA64-Filler
|
|
FLOAT128 FltS13; // Intel-IA64-Filler
|
|
FLOAT128 FltS14; // Intel-IA64-Filler
|
|
FLOAT128 FltS15; // Intel-IA64-Filler
|
|
FLOAT128 FltS16; // Intel-IA64-Filler
|
|
FLOAT128 FltS17; // Intel-IA64-Filler
|
|
FLOAT128 FltS18; // Intel-IA64-Filler
|
|
FLOAT128 FltS19; // Intel-IA64-Filler
|
|
|
|
FLOAT128 FltF32; // Intel-IA64-Filler
|
|
FLOAT128 FltF33; // Intel-IA64-Filler
|
|
FLOAT128 FltF34; // Intel-IA64-Filler
|
|
FLOAT128 FltF35; // Intel-IA64-Filler
|
|
FLOAT128 FltF36; // Intel-IA64-Filler
|
|
FLOAT128 FltF37; // Intel-IA64-Filler
|
|
FLOAT128 FltF38; // Intel-IA64-Filler
|
|
FLOAT128 FltF39; // Intel-IA64-Filler
|
|
|
|
FLOAT128 FltF40; // Intel-IA64-Filler
|
|
FLOAT128 FltF41; // Intel-IA64-Filler
|
|
FLOAT128 FltF42; // Intel-IA64-Filler
|
|
FLOAT128 FltF43; // Intel-IA64-Filler
|
|
FLOAT128 FltF44; // Intel-IA64-Filler
|
|
FLOAT128 FltF45; // Intel-IA64-Filler
|
|
FLOAT128 FltF46; // Intel-IA64-Filler
|
|
FLOAT128 FltF47; // Intel-IA64-Filler
|
|
FLOAT128 FltF48; // Intel-IA64-Filler
|
|
FLOAT128 FltF49; // Intel-IA64-Filler
|
|
|
|
FLOAT128 FltF50; // Intel-IA64-Filler
|
|
FLOAT128 FltF51; // Intel-IA64-Filler
|
|
FLOAT128 FltF52; // Intel-IA64-Filler
|
|
FLOAT128 FltF53; // Intel-IA64-Filler
|
|
FLOAT128 FltF54; // Intel-IA64-Filler
|
|
FLOAT128 FltF55; // Intel-IA64-Filler
|
|
FLOAT128 FltF56; // Intel-IA64-Filler
|
|
FLOAT128 FltF57; // Intel-IA64-Filler
|
|
FLOAT128 FltF58; // Intel-IA64-Filler
|
|
FLOAT128 FltF59; // Intel-IA64-Filler
|
|
|
|
FLOAT128 FltF60; // Intel-IA64-Filler
|
|
FLOAT128 FltF61; // Intel-IA64-Filler
|
|
FLOAT128 FltF62; // Intel-IA64-Filler
|
|
FLOAT128 FltF63; // Intel-IA64-Filler
|
|
FLOAT128 FltF64; // Intel-IA64-Filler
|
|
FLOAT128 FltF65; // Intel-IA64-Filler
|
|
FLOAT128 FltF66; // Intel-IA64-Filler
|
|
FLOAT128 FltF67; // Intel-IA64-Filler
|
|
FLOAT128 FltF68; // Intel-IA64-Filler
|
|
FLOAT128 FltF69; // Intel-IA64-Filler
|
|
|
|
FLOAT128 FltF70; // Intel-IA64-Filler
|
|
FLOAT128 FltF71; // Intel-IA64-Filler
|
|
FLOAT128 FltF72; // Intel-IA64-Filler
|
|
FLOAT128 FltF73; // Intel-IA64-Filler
|
|
FLOAT128 FltF74; // Intel-IA64-Filler
|
|
FLOAT128 FltF75; // Intel-IA64-Filler
|
|
FLOAT128 FltF76; // Intel-IA64-Filler
|
|
FLOAT128 FltF77; // Intel-IA64-Filler
|
|
FLOAT128 FltF78; // Intel-IA64-Filler
|
|
FLOAT128 FltF79; // Intel-IA64-Filler
|
|
|
|
FLOAT128 FltF80; // Intel-IA64-Filler
|
|
FLOAT128 FltF81; // Intel-IA64-Filler
|
|
FLOAT128 FltF82; // Intel-IA64-Filler
|
|
FLOAT128 FltF83; // Intel-IA64-Filler
|
|
FLOAT128 FltF84; // Intel-IA64-Filler
|
|
FLOAT128 FltF85; // Intel-IA64-Filler
|
|
FLOAT128 FltF86; // Intel-IA64-Filler
|
|
FLOAT128 FltF87; // Intel-IA64-Filler
|
|
FLOAT128 FltF88; // Intel-IA64-Filler
|
|
FLOAT128 FltF89; // Intel-IA64-Filler
|
|
|
|
FLOAT128 FltF90; // Intel-IA64-Filler
|
|
FLOAT128 FltF91; // Intel-IA64-Filler
|
|
FLOAT128 FltF92; // Intel-IA64-Filler
|
|
FLOAT128 FltF93; // Intel-IA64-Filler
|
|
FLOAT128 FltF94; // Intel-IA64-Filler
|
|
FLOAT128 FltF95; // Intel-IA64-Filler
|
|
FLOAT128 FltF96; // Intel-IA64-Filler
|
|
FLOAT128 FltF97; // Intel-IA64-Filler
|
|
FLOAT128 FltF98; // Intel-IA64-Filler
|
|
FLOAT128 FltF99; // Intel-IA64-Filler
|
|
|
|
FLOAT128 FltF100; // Intel-IA64-Filler
|
|
FLOAT128 FltF101; // Intel-IA64-Filler
|
|
FLOAT128 FltF102; // Intel-IA64-Filler
|
|
FLOAT128 FltF103; // Intel-IA64-Filler
|
|
FLOAT128 FltF104; // Intel-IA64-Filler
|
|
FLOAT128 FltF105; // Intel-IA64-Filler
|
|
FLOAT128 FltF106; // Intel-IA64-Filler
|
|
FLOAT128 FltF107; // Intel-IA64-Filler
|
|
FLOAT128 FltF108; // Intel-IA64-Filler
|
|
FLOAT128 FltF109; // Intel-IA64-Filler
|
|
|
|
FLOAT128 FltF110; // Intel-IA64-Filler
|
|
FLOAT128 FltF111; // Intel-IA64-Filler
|
|
FLOAT128 FltF112; // Intel-IA64-Filler
|
|
FLOAT128 FltF113; // Intel-IA64-Filler
|
|
FLOAT128 FltF114; // Intel-IA64-Filler
|
|
FLOAT128 FltF115; // Intel-IA64-Filler
|
|
FLOAT128 FltF116; // Intel-IA64-Filler
|
|
FLOAT128 FltF117; // Intel-IA64-Filler
|
|
FLOAT128 FltF118; // Intel-IA64-Filler
|
|
FLOAT128 FltF119; // Intel-IA64-Filler
|
|
|
|
FLOAT128 FltF120; // Intel-IA64-Filler
|
|
FLOAT128 FltF121; // Intel-IA64-Filler
|
|
FLOAT128 FltF122; // Intel-IA64-Filler
|
|
FLOAT128 FltF123; // Intel-IA64-Filler
|
|
FLOAT128 FltF124; // Intel-IA64-Filler
|
|
FLOAT128 FltF125; // Intel-IA64-Filler
|
|
FLOAT128 FltF126; // Intel-IA64-Filler
|
|
FLOAT128 FltF127; // Intel-IA64-Filler
|
|
|
|
//
|
|
// This section is specified/returned if the ContextFlags word contains
|
|
// the flag CONTEXT_LOWER_FLOATING_POINT | CONTEXT_HIGHER_FLOATING_POINT | CONTEXT_CONTROL.
|
|
//
|
|
|
|
ULONGLONG StFPSR; // Intel-IA64-Filler ; FP status
|
|
|
|
//
|
|
// This section is specified/returned if the ContextFlags word contains
|
|
// the flag CONTEXT_INTEGER.
|
|
//
|
|
// N.B. The registers gp, sp, rp are part of the control context
|
|
//
|
|
|
|
ULONGLONG IntGp; // Intel-IA64-Filler ; r1, volatile
|
|
ULONGLONG IntT0; // Intel-IA64-Filler ; r2-r3, volatile
|
|
ULONGLONG IntT1; // Intel-IA64-Filler ;
|
|
ULONGLONG IntS0; // Intel-IA64-Filler ; r4-r7, preserved
|
|
ULONGLONG IntS1; // Intel-IA64-Filler
|
|
ULONGLONG IntS2; // Intel-IA64-Filler
|
|
ULONGLONG IntS3; // Intel-IA64-Filler
|
|
ULONGLONG IntV0; // Intel-IA64-Filler ; r8, volatile
|
|
ULONGLONG IntT2; // Intel-IA64-Filler ; r9-r11, volatile
|
|
ULONGLONG IntT3; // Intel-IA64-Filler
|
|
ULONGLONG IntT4; // Intel-IA64-Filler
|
|
ULONGLONG IntSp; // Intel-IA64-Filler ; stack pointer (r12), special
|
|
ULONGLONG IntTeb; // Intel-IA64-Filler ; teb (r13), special
|
|
ULONGLONG IntT5; // Intel-IA64-Filler ; r14-r31, volatile
|
|
ULONGLONG IntT6; // Intel-IA64-Filler
|
|
ULONGLONG IntT7; // Intel-IA64-Filler
|
|
ULONGLONG IntT8; // Intel-IA64-Filler
|
|
ULONGLONG IntT9; // Intel-IA64-Filler
|
|
ULONGLONG IntT10; // Intel-IA64-Filler
|
|
ULONGLONG IntT11; // Intel-IA64-Filler
|
|
ULONGLONG IntT12; // Intel-IA64-Filler
|
|
ULONGLONG IntT13; // Intel-IA64-Filler
|
|
ULONGLONG IntT14; // Intel-IA64-Filler
|
|
ULONGLONG IntT15; // Intel-IA64-Filler
|
|
ULONGLONG IntT16; // Intel-IA64-Filler
|
|
ULONGLONG IntT17; // Intel-IA64-Filler
|
|
ULONGLONG IntT18; // Intel-IA64-Filler
|
|
ULONGLONG IntT19; // Intel-IA64-Filler
|
|
ULONGLONG IntT20; // Intel-IA64-Filler
|
|
ULONGLONG IntT21; // Intel-IA64-Filler
|
|
ULONGLONG IntT22; // Intel-IA64-Filler
|
|
|
|
ULONGLONG IntNats; // Intel-IA64-Filler ; Nat bits for r1-r31
|
|
// Intel-IA64-Filler ; r1-r31 in bits 1 thru 31.
|
|
ULONGLONG Preds; // Intel-IA64-Filler ; predicates, preserved
|
|
|
|
ULONGLONG BrRp; // Intel-IA64-Filler ; return pointer, b0, preserved
|
|
ULONGLONG BrS0; // Intel-IA64-Filler ; b1-b5, preserved
|
|
ULONGLONG BrS1; // Intel-IA64-Filler
|
|
ULONGLONG BrS2; // Intel-IA64-Filler
|
|
ULONGLONG BrS3; // Intel-IA64-Filler
|
|
ULONGLONG BrS4; // Intel-IA64-Filler
|
|
ULONGLONG BrT0; // Intel-IA64-Filler ; b6-b7, volatile
|
|
ULONGLONG BrT1; // Intel-IA64-Filler
|
|
|
|
//
|
|
// This section is specified/returned if the ContextFlags word contains
|
|
// the flag CONTEXT_CONTROL.
|
|
//
|
|
|
|
// Other application registers
|
|
ULONGLONG ApUNAT; // Intel-IA64-Filler ; User Nat collection register, preserved
|
|
ULONGLONG ApLC; // Intel-IA64-Filler ; Loop counter register, preserved
|
|
ULONGLONG ApEC; // Intel-IA64-Filler ; Epilog counter register, preserved
|
|
ULONGLONG ApCCV; // Intel-IA64-Filler ; CMPXCHG value register, volatile
|
|
ULONGLONG ApDCR; // Intel-IA64-Filler ; Default control register (TBD)
|
|
|
|
// Register stack info
|
|
ULONGLONG RsPFS; // Intel-IA64-Filler ; Previous function state, preserved
|
|
ULONGLONG RsBSP; // Intel-IA64-Filler ; Backing store pointer, preserved
|
|
ULONGLONG RsBSPSTORE; // Intel-IA64-Filler
|
|
ULONGLONG RsRSC; // Intel-IA64-Filler ; RSE configuration, volatile
|
|
ULONGLONG RsRNAT; // Intel-IA64-Filler ; RSE Nat collection register, preserved
|
|
|
|
// Trap Status Information
|
|
ULONGLONG StIPSR; // Intel-IA64-Filler ; Interruption Processor Status
|
|
ULONGLONG StIIP; // Intel-IA64-Filler ; Interruption IP
|
|
ULONGLONG StIFS; // Intel-IA64-Filler ; Interruption Function State
|
|
|
|
// iA32 related control registers
|
|
ULONGLONG StFCR; // Intel-IA64-Filler ; copy of Ar21
|
|
ULONGLONG Eflag; // Intel-IA64-Filler ; Eflag copy of Ar24
|
|
ULONGLONG SegCSD; // Intel-IA64-Filler ; iA32 CSDescriptor (Ar25)
|
|
ULONGLONG SegSSD; // Intel-IA64-Filler ; iA32 SSDescriptor (Ar26)
|
|
ULONGLONG Cflag; // Intel-IA64-Filler ; Cr0+Cr4 copy of Ar27
|
|
ULONGLONG StFSR; // Intel-IA64-Filler ; x86 FP status (copy of AR28)
|
|
ULONGLONG StFIR; // Intel-IA64-Filler ; x86 FP status (copy of AR29)
|
|
ULONGLONG StFDR; // Intel-IA64-Filler ; x86 FP status (copy of AR30)
|
|
|
|
ULONGLONG UNUSEDPACK; // Intel-IA64-Filler ; added to pack StFDR to 16-bytes
|
|
|
|
} IA64_CONTEXT, *PIA64_CONTEXT;
|
|
|
|
//
|
|
// Special Registers for AMD64.
|
|
//
|
|
|
|
typedef struct _AMD64_DESCRIPTOR {
|
|
USHORT Pad[3];
|
|
USHORT Limit;
|
|
ULONG64 Base;
|
|
} AMD64_DESCRIPTOR, *PAMD64_DESCRIPTOR;
|
|
|
|
typedef struct _AMD64_KSPECIAL_REGISTERS {
|
|
ULONG64 Cr0;
|
|
ULONG64 Cr2;
|
|
ULONG64 Cr3;
|
|
ULONG64 Cr4;
|
|
ULONG64 KernelDr0;
|
|
ULONG64 KernelDr1;
|
|
ULONG64 KernelDr2;
|
|
ULONG64 KernelDr3;
|
|
ULONG64 KernelDr6;
|
|
ULONG64 KernelDr7;
|
|
AMD64_DESCRIPTOR Gdtr;
|
|
AMD64_DESCRIPTOR Idtr;
|
|
USHORT Tr;
|
|
USHORT Ldtr;
|
|
ULONG MxCsr;
|
|
ULONG64 DebugControl;
|
|
ULONG64 LastBranchToRip;
|
|
ULONG64 LastBranchFromRip;
|
|
ULONG64 LastExceptionToRip;
|
|
ULONG64 LastExceptionFromRip;
|
|
ULONG64 Cr8;
|
|
ULONG64 MsrGsBase;
|
|
ULONG64 MsrGsSwap;
|
|
ULONG64 MsrStar;
|
|
ULONG64 MsrLStar;
|
|
ULONG64 MsrCStar;
|
|
ULONG64 MsrSyscallMask;
|
|
} AMD64_KSPECIAL_REGISTERS, *PAMD64_KSPECIAL_REGISTERS;
|
|
|
|
typedef struct _AMD64_KSWITCH_FRAME {
|
|
ULONG64 P1Home;
|
|
ULONG64 P2Home;
|
|
ULONG64 P3Home;
|
|
ULONG64 P4Home;
|
|
ULONG64 P5Home;
|
|
ULONG MxCsr;
|
|
KIRQL ApcBypass;
|
|
UCHAR Fill1[3];
|
|
ULONG64 Rbp;
|
|
ULONG64 Return;
|
|
} AMD64_KSWITCH_FRAME, *PAMD64_KSWITCH_FRAME;
|
|
|
|
//
|
|
// Format of data for fnsave/frstor instructions.
|
|
//
|
|
// This structure is used to store the legacy floating point state.
|
|
//
|
|
|
|
typedef struct _AMD64_LEGACY_SAVE_AREA {
|
|
USHORT ControlWord;
|
|
USHORT Reserved0;
|
|
USHORT StatusWord;
|
|
USHORT Reserved1;
|
|
USHORT TagWord;
|
|
USHORT Reserved2;
|
|
ULONG ErrorOffset;
|
|
USHORT ErrorSelector;
|
|
USHORT ErrorOpcode;
|
|
ULONG DataOffset;
|
|
USHORT DataSelector;
|
|
USHORT Reserved3;
|
|
UCHAR FloatRegisters[8 * 10];
|
|
} AMD64_LEGACY_SAVE_AREA, *PAMD64_LEGACY_SAVE_AREA;
|
|
|
|
typedef struct _AMD64_M128 {
|
|
ULONGLONG Low;
|
|
LONGLONG High;
|
|
} AMD64_M128, *PAMD64_M128;
|
|
|
|
// Must be 16-byte aligned.
|
|
typedef struct _AMD64_CONTEXT {
|
|
|
|
//
|
|
// Register parameter home addresses.
|
|
//
|
|
|
|
ULONG64 P1Home;
|
|
ULONG64 P2Home;
|
|
ULONG64 P3Home;
|
|
ULONG64 P4Home;
|
|
ULONG64 P5Home;
|
|
ULONG64 P6Home;
|
|
|
|
//
|
|
// Control flags.
|
|
//
|
|
|
|
ULONG ContextFlags;
|
|
ULONG MxCsr;
|
|
|
|
//
|
|
// Segment Registers and processor flags.
|
|
//
|
|
|
|
USHORT SegCs;
|
|
USHORT SegDs;
|
|
USHORT SegEs;
|
|
USHORT SegFs;
|
|
USHORT SegGs;
|
|
USHORT SegSs;
|
|
ULONG EFlags;
|
|
|
|
//
|
|
// Debug registers
|
|
//
|
|
|
|
ULONG64 Dr0;
|
|
ULONG64 Dr1;
|
|
ULONG64 Dr2;
|
|
ULONG64 Dr3;
|
|
ULONG64 Dr6;
|
|
ULONG64 Dr7;
|
|
|
|
//
|
|
// Integer registers.
|
|
//
|
|
|
|
ULONG64 Rax;
|
|
ULONG64 Rcx;
|
|
ULONG64 Rdx;
|
|
ULONG64 Rbx;
|
|
ULONG64 Rsp;
|
|
ULONG64 Rbp;
|
|
ULONG64 Rsi;
|
|
ULONG64 Rdi;
|
|
ULONG64 R8;
|
|
ULONG64 R9;
|
|
ULONG64 R10;
|
|
ULONG64 R11;
|
|
ULONG64 R12;
|
|
ULONG64 R13;
|
|
ULONG64 R14;
|
|
ULONG64 R15;
|
|
|
|
//
|
|
// Program counter.
|
|
//
|
|
|
|
ULONG64 Rip;
|
|
|
|
//
|
|
// MMX/floating point state.
|
|
//
|
|
|
|
AMD64_M128 Xmm0;
|
|
AMD64_M128 Xmm1;
|
|
AMD64_M128 Xmm2;
|
|
AMD64_M128 Xmm3;
|
|
AMD64_M128 Xmm4;
|
|
AMD64_M128 Xmm5;
|
|
AMD64_M128 Xmm6;
|
|
AMD64_M128 Xmm7;
|
|
AMD64_M128 Xmm8;
|
|
AMD64_M128 Xmm9;
|
|
AMD64_M128 Xmm10;
|
|
AMD64_M128 Xmm11;
|
|
AMD64_M128 Xmm12;
|
|
AMD64_M128 Xmm13;
|
|
AMD64_M128 Xmm14;
|
|
AMD64_M128 Xmm15;
|
|
|
|
//
|
|
// Legacy floating point state.
|
|
//
|
|
|
|
AMD64_LEGACY_SAVE_AREA FltSave;
|
|
ULONG Fill;
|
|
|
|
//
|
|
// Special debug control registers.
|
|
//
|
|
|
|
ULONG64 DebugControl;
|
|
ULONG64 LastBranchToRip;
|
|
ULONG64 LastBranchFromRip;
|
|
ULONG64 LastExceptionToRip;
|
|
ULONG64 LastExceptionFromRip;
|
|
ULONG64 Fill1;
|
|
} AMD64_CONTEXT, *PAMD64_CONTEXT;
|
|
|
|
typedef struct _ARM_CONTEXT {
|
|
//
|
|
// The flags values within this flag control the contents of
|
|
// a CONTEXT record.
|
|
//
|
|
// If the context record is used as an input parameter, then
|
|
// for each portion of the context record controlled by a flag
|
|
// whose value is set, it is assumed that that portion of the
|
|
// context record contains valid context. If the context record
|
|
// is being used to modify a thread's context, then only that
|
|
// portion of the threads context will be modified.
|
|
//
|
|
// If the context record is used as an IN OUT parameter to capture
|
|
// the context of a thread, then only those portions of the thread's
|
|
// context corresponding to set flags will be returned.
|
|
//
|
|
// The context record is never used as an OUT only parameter.
|
|
//
|
|
|
|
ULONG ContextFlags;
|
|
|
|
//
|
|
// This section is specified/returned if the ContextFlags word contains
|
|
// the flag CONTEXT_INTEGER.
|
|
//
|
|
ULONG R0;
|
|
ULONG R1;
|
|
ULONG R2;
|
|
ULONG R3;
|
|
ULONG R4;
|
|
ULONG R5;
|
|
ULONG R6;
|
|
ULONG R7;
|
|
ULONG R8;
|
|
ULONG R9;
|
|
ULONG R10;
|
|
ULONG R11;
|
|
ULONG R12;
|
|
|
|
//
|
|
// This section is specified/returned if the ContextFlags word contains
|
|
// the flag CONTEXT_CONTROL.
|
|
//
|
|
ULONG Sp;
|
|
ULONG Lr;
|
|
ULONG Pc;
|
|
ULONG Psr;
|
|
} ARM_CONTEXT, *PARM_CONTEXT;
|
|
|
|
|
|
typedef struct _CROSS_PLATFORM_CONTEXT {
|
|
|
|
union {
|
|
X86_CONTEXT X86Context;
|
|
X86_NT5_CONTEXT X86Nt5Context;
|
|
ALPHA_CONTEXT AlphaContext;
|
|
ALPHA_NT5_CONTEXT AlphaNt5Context;
|
|
IA64_CONTEXT IA64Context;
|
|
AMD64_CONTEXT Amd64Context;
|
|
ARM_CONTEXT ArmContext;
|
|
};
|
|
|
|
} CROSS_PLATFORM_CONTEXT, *PCROSS_PLATFORM_CONTEXT;
|
|
|
|
|
|
typedef struct _CROSS_PLATFORM_KSPECIAL_REGISTERS {
|
|
|
|
union {
|
|
X86_KSPECIAL_REGISTERS X86Special;
|
|
IA64_KSPECIAL_REGISTERS IA64Special;
|
|
AMD64_KSPECIAL_REGISTERS Amd64Special;
|
|
};
|
|
|
|
} CROSS_PLATFORM_KSPECIAL_REGISTERS, *PCROSS_PLATFORM_KSPECIAL_REGISTERS;
|
|
|
|
|
|
typedef struct _X86_KPROCESSOR_STATE {
|
|
struct _X86_CONTEXT ContextFrame;
|
|
struct _X86_KSPECIAL_REGISTERS SpecialRegisters;
|
|
} X86_KPROCESSOR_STATE, *PX86_KPROCESSOR_STATE;
|
|
|
|
typedef struct _X86_NT5_KPROCESSOR_STATE {
|
|
struct _X86_NT5_CONTEXT ContextFrame;
|
|
struct _X86_KSPECIAL_REGISTERS SpecialRegisters;
|
|
} X86_NT5_KPROCESSOR_STATE, *PX86_NT5_KPROCESSOR_STATE;
|
|
|
|
typedef struct _ALPHA_NT5_KPROCESSOR_STATE {
|
|
struct _ALPHA_NT5_CONTEXT ContextFrame;
|
|
} ALPHA_NT5_KPROCESSOR_STATE, *PALPHA_NT5_KPROCESSOR_STATE;
|
|
|
|
typedef struct _IA64_KPROCESSOR_STATE {
|
|
struct _IA64_CONTEXT ContextFrame;
|
|
struct _IA64_KSPECIAL_REGISTERS SpecialRegisters;
|
|
} IA64_KPROCESSOR_STATE, *PIA64_KPROCESSOR_STATE;
|
|
|
|
typedef struct _AMD64_KPROCESSOR_STATE {
|
|
struct _AMD64_KSPECIAL_REGISTERS SpecialRegisters;
|
|
ULONG64 Fill;
|
|
struct _AMD64_CONTEXT ContextFrame;
|
|
} AMD64_KPROCESSOR_STATE, *PAMD64_KPROCESSOR_STATE;
|
|
|
|
|
|
typedef struct _X86_FIBER {
|
|
|
|
ULONG FiberData;
|
|
|
|
//
|
|
// Matches first three DWORDs of TEB
|
|
//
|
|
|
|
ULONG ExceptionList;
|
|
ULONG StackBase;
|
|
ULONG StackLimit;
|
|
|
|
//
|
|
// Used by base to free a thread's stack
|
|
//
|
|
|
|
ULONG DeallocationStack;
|
|
|
|
X86_NT5_CONTEXT FiberContext;
|
|
|
|
ULONG Wx86Tib;
|
|
|
|
} X86_FIBER, *PX86_FIBER;
|
|
|
|
typedef struct _IA64_FIBER {
|
|
|
|
ULONG64 FiberData;
|
|
|
|
//
|
|
// Matches first three DWORDs of TEB
|
|
//
|
|
|
|
ULONG64 ExceptionList;
|
|
ULONG64 StackBase;
|
|
ULONG64 StackLimit;
|
|
|
|
//
|
|
// Used by base to free a thread's stack
|
|
//
|
|
|
|
ULONG64 DeallocationStack;
|
|
|
|
IA64_CONTEXT FiberContext;
|
|
|
|
ULONG64 Wx86Tib;
|
|
|
|
ULONG64 DeallocationBStore;
|
|
ULONG64 BStoreLimit;
|
|
|
|
} IA64_FIBER, *PIA64_FIBER;
|
|
|
|
typedef struct _AMD64_FIBER {
|
|
|
|
ULONG64 FiberData;
|
|
|
|
//
|
|
// Matches first three DWORDs of TEB
|
|
//
|
|
|
|
ULONG64 ExceptionList;
|
|
ULONG64 StackBase;
|
|
ULONG64 StackLimit;
|
|
|
|
//
|
|
// Used by base to free a thread's stack
|
|
//
|
|
|
|
ULONG64 DeallocationStack;
|
|
|
|
AMD64_CONTEXT FiberContext;
|
|
|
|
ULONG64 Wx86Tib;
|
|
|
|
} AMD64_FIBER, *PAMD64_FIBER;
|
|
|
|
typedef struct _CROSS_PLATFORM_FIBER {
|
|
|
|
union {
|
|
X86_FIBER X86Fiber;
|
|
IA64_FIBER IA64Fiber;
|
|
AMD64_FIBER Amd64Fiber;
|
|
};
|
|
|
|
} CROSS_PLATFORM_FIBER, *PCROSS_PLATFORM_FIBER;
|
|
|
|
|
|
#define DBGKD_MAXSTREAM 16
|
|
|
|
typedef struct _X86_DBGKD_CONTROL_REPORT {
|
|
ULONG Dr6;
|
|
ULONG Dr7;
|
|
USHORT InstructionCount;
|
|
USHORT ReportFlags;
|
|
UCHAR InstructionStream[DBGKD_MAXSTREAM];
|
|
USHORT SegCs;
|
|
USHORT SegDs;
|
|
USHORT SegEs;
|
|
USHORT SegFs;
|
|
ULONG EFlags;
|
|
} X86_DBGKD_CONTROL_REPORT, *PX86_DBGKD_CONTROL_REPORT;
|
|
|
|
#define X86_REPORT_INCLUDES_SEGS 0x0001
|
|
// Indicates the current CS is a standard 32-bit flat segment.
|
|
// This allows the debugger to avoid retrieving the
|
|
// CS descriptor to see if it's 16-bit code or not.
|
|
// Note that the V86 flag in EFlags must also be checked
|
|
// when determining the code type.
|
|
#define X86_REPORT_STANDARD_CS 0x0002
|
|
|
|
typedef struct _ALPHA_DBGKD_CONTROL_REPORT {
|
|
ULONG InstructionCount;
|
|
UCHAR InstructionStream[DBGKD_MAXSTREAM];
|
|
} ALPHA_DBGKD_CONTROL_REPORT, *PALPHA_DBGKD_CONTROL_REPORT;
|
|
|
|
typedef struct _IA64_DBGKD_CONTROL_REPORT {
|
|
ULONG InstructionCount;
|
|
UCHAR InstructionStream[DBGKD_MAXSTREAM];
|
|
} IA64_DBGKD_CONTROL_REPORT, *PIA64_DBGKD_CONTROL_REPORT;
|
|
|
|
typedef struct _AMD64_DBGKD_CONTROL_REPORT {
|
|
ULONG64 Dr6;
|
|
ULONG64 Dr7;
|
|
ULONG EFlags;
|
|
USHORT InstructionCount;
|
|
USHORT ReportFlags;
|
|
UCHAR InstructionStream[DBGKD_MAXSTREAM];
|
|
USHORT SegCs;
|
|
USHORT SegDs;
|
|
USHORT SegEs;
|
|
USHORT SegFs;
|
|
} AMD64_DBGKD_CONTROL_REPORT, *PAMD64_DBGKD_CONTROL_REPORT;
|
|
|
|
#define AMD64_REPORT_INCLUDES_SEGS 0x0001
|
|
// Indicates the current CS is a standard 64-bit flat segment.
|
|
// This allows the debugger to avoid retrieving the
|
|
// CS descriptor to see if it's 16- or 32-bit code or not.
|
|
// Note that the V86 flag in EFlags must also be checked
|
|
// when determining the code type.
|
|
#define AMD64_REPORT_STANDARD_CS 0x0002
|
|
|
|
typedef struct _DBGKD_ANY_CONTROL_REPORT
|
|
{
|
|
union
|
|
{
|
|
X86_DBGKD_CONTROL_REPORT X86ControlReport;
|
|
ALPHA_DBGKD_CONTROL_REPORT AlphaControlReport;
|
|
IA64_DBGKD_CONTROL_REPORT IA64ControlReport;
|
|
AMD64_DBGKD_CONTROL_REPORT Amd64ControlReport;
|
|
};
|
|
} DBGKD_ANY_CONTROL_REPORT, *PDBGKD_ANY_CONTROL_REPORT;
|
|
|
|
// DBGKD_ANY_CONTROL_SET is 32-bit packed with an NTSTATUS in
|
|
// DBGKD_CONTINUE2 so start with a 32-bit value to get the 64-bit
|
|
// values aligned.
|
|
|
|
#include <pshpack4.h>
|
|
|
|
typedef struct _X86_DBGKD_CONTROL_SET {
|
|
ULONG TraceFlag;
|
|
ULONG Dr7;
|
|
ULONG CurrentSymbolStart;
|
|
ULONG CurrentSymbolEnd;
|
|
} X86_DBGKD_CONTROL_SET, *PX86_DBGKD_CONTROL_SET;
|
|
|
|
typedef ULONG ALPHA_DBGKD_CONTROL_SET, *PALPHA_DBGKD_CONTROL_SET;
|
|
|
|
#define IA64_DBGKD_CONTROL_SET_CONTINUE_NONE 0x0000
|
|
#define IA64_DBGKD_CONTROL_SET_CONTINUE_TRACE_INSTRUCTION 0x0001
|
|
#define IA64_DBGKD_CONTROL_SET_CONTINUE_TRACE_TAKEN_BRANCH 0x0002
|
|
|
|
typedef struct _IA64_DBGKD_CONTROL_SET {
|
|
ULONG Continue;
|
|
ULONG64 CurrentSymbolStart;
|
|
ULONG64 CurrentSymbolEnd;
|
|
} IA64_DBGKD_CONTROL_SET, *PIA64_DBGKD_CONTROL_SET;
|
|
|
|
typedef struct _AMD64_DBGKD_CONTROL_SET {
|
|
ULONG TraceFlag;
|
|
ULONG64 Dr7;
|
|
ULONG64 CurrentSymbolStart;
|
|
ULONG64 CurrentSymbolEnd;
|
|
} AMD64_DBGKD_CONTROL_SET, *PAMD64_DBGKD_CONTROL_SET;
|
|
|
|
typedef struct _DBGKD_ANY_CONTROL_SET
|
|
{
|
|
union
|
|
{
|
|
X86_DBGKD_CONTROL_SET X86ControlSet;
|
|
ALPHA_DBGKD_CONTROL_SET AlphaControlSet;
|
|
IA64_DBGKD_CONTROL_SET IA64ControlSet;
|
|
AMD64_DBGKD_CONTROL_SET Amd64ControlSet;
|
|
};
|
|
} DBGKD_ANY_CONTROL_SET, *PDBGKD_ANY_CONTROL_SET;
|
|
|
|
#include <poppack.h>
|
|
|
|
//
|
|
// Deferred Procedure Call (DPC) object
|
|
//
|
|
|
|
typedef struct _KDPC32 {
|
|
CSHORT Type;
|
|
UCHAR Number;
|
|
UCHAR Importance;
|
|
LIST_ENTRY32 DpcListEntry;
|
|
ULONG DeferredRoutine;
|
|
ULONG DeferredContext;
|
|
ULONG SystemArgument1;
|
|
ULONG SystemArgument2;
|
|
ULONG Lock;
|
|
} KDPC32;
|
|
|
|
typedef struct _KDPC64 {
|
|
CSHORT Type;
|
|
UCHAR Number;
|
|
UCHAR Importance;
|
|
LIST_ENTRY64 DpcListEntry;
|
|
ULONG64 DeferredRoutine;
|
|
ULONG64 DeferredContext;
|
|
ULONG64 SystemArgument1;
|
|
ULONG64 SystemArgument2;
|
|
ULONG64 Lock;
|
|
} KDPC64;
|
|
|
|
#define X86_MAX_RING 3
|
|
|
|
typedef struct _X86_KTSS {
|
|
// Intel's TSS format
|
|
ULONG Previous;
|
|
struct
|
|
{
|
|
ULONG Esp;
|
|
ULONG Ss;
|
|
} Ring[X86_MAX_RING];
|
|
ULONG Cr3;
|
|
ULONG Eip;
|
|
ULONG EFlags;
|
|
ULONG Eax;
|
|
ULONG Ecx;
|
|
ULONG Edx;
|
|
ULONG Ebx;
|
|
ULONG Esp;
|
|
ULONG Ebp;
|
|
ULONG Esi;
|
|
ULONG Edi;
|
|
ULONG Es;
|
|
ULONG Cs;
|
|
ULONG Ss;
|
|
ULONG Ds;
|
|
ULONG Fs;
|
|
ULONG Gs;
|
|
ULONG Ldt;
|
|
USHORT T;
|
|
USHORT IoMapBase;
|
|
} X86_KTSS, *PX86_KTSS;
|
|
|
|
//
|
|
// LDT descriptor entry
|
|
//
|
|
|
|
typedef struct _X86_LDT_ENTRY {
|
|
USHORT LimitLow;
|
|
USHORT BaseLow;
|
|
union {
|
|
struct {
|
|
UCHAR BaseMid;
|
|
UCHAR Flags1; // Declare as bytes to avoid alignment
|
|
UCHAR Flags2; // Problems.
|
|
UCHAR BaseHi;
|
|
} Bytes;
|
|
struct {
|
|
ULONG BaseMid : 8;
|
|
ULONG Type : 5;
|
|
ULONG Dpl : 2;
|
|
ULONG Pres : 1;
|
|
ULONG LimitHi : 4;
|
|
ULONG Sys : 1;
|
|
ULONG Reserved_0 : 1;
|
|
ULONG Default_Big : 1;
|
|
ULONG Granularity : 1;
|
|
ULONG BaseHi : 8;
|
|
} Bits;
|
|
} HighWord;
|
|
} X86_LDT_ENTRY, *PX86_LDT_ENTRY;
|
|
|
|
typedef struct _X86_DESCRIPTOR_TABLE_ENTRY {
|
|
ULONG Selector;
|
|
X86_LDT_ENTRY Descriptor;
|
|
} X86_DESCRIPTOR_TABLE_ENTRY, *PX86_DESCRIPTOR_TABLE_ENTRY;
|
|
|
|
typedef struct _X86_KTRAP_FRAME {
|
|
|
|
|
|
//
|
|
// Following 4 values are only used and defined for DBG systems,
|
|
// but are always allocated to make switching from DBG to non-DBG
|
|
// and back quicker. They are not DEVL because they have a non-0
|
|
// performance impact.
|
|
//
|
|
|
|
ULONG DbgEbp; // Copy of User EBP set up so KB will work.
|
|
ULONG DbgEip; // EIP of caller to system call, again, for KB.
|
|
ULONG DbgArgMark; // Marker to show no args here.
|
|
ULONG DbgArgPointer; // Pointer to the actual args
|
|
|
|
//
|
|
// Temporary values used when frames are edited.
|
|
//
|
|
//
|
|
// NOTE: Any code that want's ESP must materialize it, since it
|
|
// is not stored in the frame for kernel mode callers.
|
|
//
|
|
// And code that sets ESP in a KERNEL mode frame, must put
|
|
// the new value in TempEsp, make sure that TempSegCs holds
|
|
// the real SegCs value, and put a special marker value into SegCs.
|
|
//
|
|
|
|
ULONG TempSegCs;
|
|
ULONG TempEsp;
|
|
|
|
//
|
|
// Debug registers.
|
|
//
|
|
|
|
ULONG Dr0;
|
|
ULONG Dr1;
|
|
ULONG Dr2;
|
|
ULONG Dr3;
|
|
ULONG Dr6;
|
|
ULONG Dr7;
|
|
|
|
//
|
|
// Segment registers
|
|
//
|
|
|
|
ULONG SegGs;
|
|
ULONG SegEs;
|
|
ULONG SegDs;
|
|
|
|
//
|
|
// Volatile registers
|
|
//
|
|
|
|
ULONG Edx;
|
|
ULONG Ecx;
|
|
ULONG Eax;
|
|
|
|
//
|
|
// Nesting state, not part of context record
|
|
//
|
|
|
|
ULONG PreviousPreviousMode;
|
|
|
|
ULONG ExceptionList;
|
|
// Trash if caller was user mode.
|
|
// Saved exception list if caller
|
|
// was kernel mode or we're in
|
|
// an interrupt.
|
|
|
|
//
|
|
// FS is TIB/PCR pointer, is here to make save sequence easy
|
|
//
|
|
|
|
ULONG SegFs;
|
|
|
|
//
|
|
// Non-volatile registers
|
|
//
|
|
|
|
ULONG Edi;
|
|
ULONG Esi;
|
|
ULONG Ebx;
|
|
ULONG Ebp;
|
|
|
|
//
|
|
// Control registers
|
|
//
|
|
|
|
ULONG ErrCode;
|
|
ULONG Eip;
|
|
ULONG SegCs;
|
|
ULONG EFlags;
|
|
|
|
ULONG HardwareEsp; // WARNING - segSS:esp are only here for stacks
|
|
ULONG HardwareSegSs; // that involve a ring transition.
|
|
|
|
ULONG V86Es; // these will be present for all transitions from
|
|
ULONG V86Ds; // V86 mode
|
|
ULONG V86Fs;
|
|
ULONG V86Gs;
|
|
} X86_KTRAP_FRAME, *PX86_KTRAP_FRAME;
|
|
|
|
|
|
typedef struct _AMD64_KTRAP_FRAME {
|
|
|
|
//
|
|
// Home address for the parameter registers.
|
|
//
|
|
|
|
ULONG64 P1Home;
|
|
ULONG64 P2Home;
|
|
ULONG64 P3Home;
|
|
ULONG64 P4Home;
|
|
ULONG64 P5;
|
|
|
|
//
|
|
// Previous processor mode (system services only) and previous IRQL
|
|
// (interrupts only).
|
|
//
|
|
|
|
CCHAR PreviousMode;
|
|
KIRQL PreviousIrql;
|
|
|
|
//
|
|
// Page fault load/store indicator.
|
|
//
|
|
|
|
UCHAR FaultIndicator;
|
|
UCHAR Fill0;
|
|
|
|
//
|
|
// Floating point state.
|
|
//
|
|
|
|
ULONG MxCsr;
|
|
|
|
//
|
|
// Volatile registers.
|
|
//
|
|
// N.B. These registers are only saved on exceptions and interrupts. They
|
|
// are not saved for system calls.
|
|
//
|
|
|
|
ULONG64 Rax;
|
|
ULONG64 Rcx;
|
|
ULONG64 Rdx;
|
|
ULONG64 R8;
|
|
ULONG64 R9;
|
|
ULONG64 R10;
|
|
ULONG64 R11;
|
|
ULONG64 Spare0;
|
|
|
|
//
|
|
// Volatile floating registers.
|
|
//
|
|
// N.B. These registers are only saved on exceptions and interrupts. They
|
|
// are not saved for system calls.
|
|
//
|
|
|
|
AMD64_M128 Xmm0;
|
|
AMD64_M128 Xmm1;
|
|
AMD64_M128 Xmm2;
|
|
AMD64_M128 Xmm3;
|
|
AMD64_M128 Xmm4;
|
|
AMD64_M128 Xmm5;
|
|
|
|
//
|
|
// Page fault address.
|
|
//
|
|
|
|
ULONG64 FaultAddress;
|
|
|
|
//
|
|
// Debug registers.
|
|
//
|
|
|
|
ULONG64 Dr0;
|
|
ULONG64 Dr1;
|
|
ULONG64 Dr2;
|
|
ULONG64 Dr3;
|
|
ULONG64 Dr6;
|
|
ULONG64 Dr7;
|
|
|
|
//
|
|
// Special debug registers.
|
|
//
|
|
|
|
ULONG64 DebugControl;
|
|
ULONG64 LastBranchToRip;
|
|
ULONG64 LastBranchFromRip;
|
|
ULONG64 LastExceptionToRip;
|
|
ULONG64 LastExceptionFromRip;
|
|
|
|
//
|
|
// Segment registers
|
|
//
|
|
|
|
USHORT SegDs;
|
|
USHORT SegEs;
|
|
USHORT SegFs;
|
|
USHORT SegGs;
|
|
|
|
//
|
|
// Previous trap frame address.
|
|
//
|
|
|
|
ULONG64 TrapFrame;
|
|
|
|
//
|
|
// Saved nonvolatile registers RBX, RDI and RSI. These registers are only
|
|
// saved in system service trap frames.
|
|
//
|
|
|
|
ULONG64 Rbx;
|
|
ULONG64 Rdi;
|
|
ULONG64 Rsi;
|
|
|
|
//
|
|
// Saved nonvolatile register RBP. This register is used as a frame
|
|
// pointer during trap processing and is saved in all trap frames.
|
|
//
|
|
|
|
ULONG64 Rbp;
|
|
|
|
//
|
|
// Information pushed by hardware.
|
|
//
|
|
// N.B. The error code is not always pushed by hardware. For those cases
|
|
// where it is not pushed by hardware a dummy error code is allocated
|
|
// on the stack.
|
|
//
|
|
|
|
ULONG64 ErrorCode;
|
|
ULONG64 Rip;
|
|
USHORT SegCs;
|
|
USHORT Fill1[3];
|
|
ULONG EFlags;
|
|
ULONG Fill2;
|
|
ULONG64 Rsp;
|
|
USHORT SegSs;
|
|
USHORT Fill3[3];
|
|
} AMD64_KTRAP_FRAME, *PAMD64_KTRAP_FRAME;
|
|
|
|
|
|
typedef struct _IA64_KNONVOLATILE_CONTEXT_POINTERS {
|
|
PFLOAT128 FltS0; // Intel-IA64-Filler
|
|
PFLOAT128 FltS1; // Intel-IA64-Filler
|
|
PFLOAT128 FltS2; // Intel-IA64-Filler
|
|
PFLOAT128 FltS3; // Intel-IA64-Filler
|
|
PFLOAT128 HighFloatingContext[10]; // Intel-IA64-Filler
|
|
PFLOAT128 FltS4; // Intel-IA64-Filler
|
|
PFLOAT128 FltS5; // Intel-IA64-Filler
|
|
PFLOAT128 FltS6; // Intel-IA64-Filler
|
|
PFLOAT128 FltS7; // Intel-IA64-Filler
|
|
PFLOAT128 FltS8; // Intel-IA64-Filler
|
|
PFLOAT128 FltS9; // Intel-IA64-Filler
|
|
PFLOAT128 FltS10; // Intel-IA64-Filler
|
|
PFLOAT128 FltS11; // Intel-IA64-Filler
|
|
PFLOAT128 FltS12; // Intel-IA64-Filler
|
|
PFLOAT128 FltS13; // Intel-IA64-Filler
|
|
PFLOAT128 FltS14; // Intel-IA64-Filler
|
|
PFLOAT128 FltS15; // Intel-IA64-Filler
|
|
PFLOAT128 FltS16; // Intel-IA64-Filler
|
|
PFLOAT128 FltS17; // Intel-IA64-Filler
|
|
PFLOAT128 FltS18; // Intel-IA64-Filler
|
|
PFLOAT128 FltS19; // Intel-IA64-Filler
|
|
|
|
PULONGLONG IntS0; // Intel-IA64-Filler
|
|
PULONGLONG IntS1; // Intel-IA64-Filler
|
|
PULONGLONG IntS2; // Intel-IA64-Filler
|
|
PULONGLONG IntS3; // Intel-IA64-Filler
|
|
PULONGLONG IntSp; // Intel-IA64-Filler
|
|
PULONGLONG IntS0Nat; // Intel-IA64-Filler
|
|
PULONGLONG IntS1Nat; // Intel-IA64-Filler
|
|
PULONGLONG IntS2Nat; // Intel-IA64-Filler
|
|
PULONGLONG IntS3Nat; // Intel-IA64-Filler
|
|
PULONGLONG IntSpNat; // Intel-IA64-Filler
|
|
|
|
PULONGLONG Preds; // Intel-IA64-Filler
|
|
|
|
PULONGLONG BrRp; // Intel-IA64-Filler
|
|
PULONGLONG BrS0; // Intel-IA64-Filler
|
|
PULONGLONG BrS1; // Intel-IA64-Filler
|
|
PULONGLONG BrS2; // Intel-IA64-Filler
|
|
PULONGLONG BrS3; // Intel-IA64-Filler
|
|
PULONGLONG BrS4; // Intel-IA64-Filler
|
|
|
|
PULONGLONG ApUNAT; // Intel-IA64-Filler
|
|
PULONGLONG ApLC; // Intel-IA64-Filler
|
|
PULONGLONG ApEC; // Intel-IA64-Filler
|
|
PULONGLONG RsPFS; // Intel-IA64-Filler
|
|
|
|
PULONGLONG StFSR; // Intel-IA64-Filler
|
|
PULONGLONG StFIR; // Intel-IA64-Filler
|
|
PULONGLONG StFDR; // Intel-IA64-Filler
|
|
PULONGLONG Cflag; // Intel-IA64-Filler
|
|
|
|
} IA64_KNONVOLATILE_CONTEXT_POINTERS, *PIA64_KNONVOLATILE_CONTEXT_POINTERS;
|
|
|
|
typedef struct _IA64_KEXCEPTION_FRAME {
|
|
|
|
// Preserved application registers // Intel-IA64-Filler
|
|
ULONGLONG ApEC; // epilogue count // Intel-IA64-Filler
|
|
ULONGLONG ApLC; // loop count // Intel-IA64-Filler
|
|
ULONGLONG IntNats; // Nats for S0-S3; i.e. ar.UNAT after spill // Intel-IA64-Filler
|
|
|
|
// Preserved (saved) interger registers, s0-s3 // Intel-IA64-Filler
|
|
ULONGLONG IntS0; // Intel-IA64-Filler
|
|
ULONGLONG IntS1; // Intel-IA64-Filler
|
|
ULONGLONG IntS2; // Intel-IA64-Filler
|
|
ULONGLONG IntS3; // Intel-IA64-Filler
|
|
|
|
// Preserved (saved) branch registers, bs0-bs4 // Intel-IA64-Filler
|
|
ULONGLONG BrS0; // Intel-IA64-Filler
|
|
ULONGLONG BrS1; // Intel-IA64-Filler
|
|
ULONGLONG BrS2; // Intel-IA64-Filler
|
|
ULONGLONG BrS3; // Intel-IA64-Filler
|
|
ULONGLONG BrS4; // Intel-IA64-Filler
|
|
|
|
// Preserved (saved) floating point registers, f2 - f5, f16 - f31 // Intel-IA64-Filler
|
|
FLOAT128 FltS0; // Intel-IA64-Filler
|
|
FLOAT128 FltS1; // Intel-IA64-Filler
|
|
FLOAT128 FltS2; // Intel-IA64-Filler
|
|
FLOAT128 FltS3; // Intel-IA64-Filler
|
|
FLOAT128 FltS4; // Intel-IA64-Filler
|
|
FLOAT128 FltS5; // Intel-IA64-Filler
|
|
FLOAT128 FltS6; // Intel-IA64-Filler
|
|
FLOAT128 FltS7; // Intel-IA64-Filler
|
|
FLOAT128 FltS8; // Intel-IA64-Filler
|
|
FLOAT128 FltS9; // Intel-IA64-Filler
|
|
FLOAT128 FltS10; // Intel-IA64-Filler
|
|
FLOAT128 FltS11; // Intel-IA64-Filler
|
|
FLOAT128 FltS12; // Intel-IA64-Filler
|
|
FLOAT128 FltS13; // Intel-IA64-Filler
|
|
FLOAT128 FltS14; // Intel-IA64-Filler
|
|
FLOAT128 FltS15; // Intel-IA64-Filler
|
|
FLOAT128 FltS16; // Intel-IA64-Filler
|
|
FLOAT128 FltS17; // Intel-IA64-Filler
|
|
FLOAT128 FltS18; // Intel-IA64-Filler
|
|
FLOAT128 FltS19; // Intel-IA64-Filler
|
|
|
|
} IA64_KEXCEPTION_FRAME, *PIA64_KEXCEPTION_FRAME;
|
|
|
|
typedef struct _IA64_KSWITCH_FRAME { // Intel-IA64-Filler
|
|
|
|
ULONGLONG SwitchPredicates; // Predicates for Switch // Intel-IA64-Filler
|
|
ULONGLONG SwitchRp; // return pointer for Switch // Intel-IA64-Filler
|
|
ULONGLONG SwitchPFS; // PFS for Switch // Intel-IA64-Filler
|
|
ULONGLONG SwitchFPSR; // ProcessorFP status at thread switch // Intel-IA64-Filler
|
|
ULONGLONG SwitchBsp; // Intel-IA64-Filler
|
|
ULONGLONG SwitchRnat; // Intel-IA64-Filler
|
|
// ULONGLONG Pad;
|
|
|
|
IA64_KEXCEPTION_FRAME SwitchExceptionFrame; // Intel-IA64-Filler
|
|
|
|
} IA64_KSWITCH_FRAME, *PIA64_KSWITCH_FRAME; // Intel-IA64-Filler
|
|
|
|
#define IA64_KTRAP_FRAME_ARGUMENTS (8 * 8) // up to 8 in-memory syscall args // Intel-IA64-Filler
|
|
|
|
typedef struct _IA64_KTRAP_FRAME {
|
|
|
|
//
|
|
// Reserved for additional memory arguments and stack scratch area
|
|
// The size of Reserved[] must be a multiple of 16 bytes.
|
|
//
|
|
|
|
ULONGLONG Reserved[(IA64_KTRAP_FRAME_ARGUMENTS+16)/8]; // Intel-IA64-Filler
|
|
|
|
// Temporary (volatile) FP registers - f6-f15 (don't use f32+ in kernel) // Intel-IA64-Filler
|
|
FLOAT128 FltT0; // Intel-IA64-Filler
|
|
FLOAT128 FltT1; // Intel-IA64-Filler
|
|
FLOAT128 FltT2; // Intel-IA64-Filler
|
|
FLOAT128 FltT3; // Intel-IA64-Filler
|
|
FLOAT128 FltT4; // Intel-IA64-Filler
|
|
FLOAT128 FltT5; // Intel-IA64-Filler
|
|
FLOAT128 FltT6; // Intel-IA64-Filler
|
|
FLOAT128 FltT7; // Intel-IA64-Filler
|
|
FLOAT128 FltT8; // Intel-IA64-Filler
|
|
FLOAT128 FltT9; // Intel-IA64-Filler
|
|
|
|
// Temporary (volatile) interger registers
|
|
ULONGLONG IntGp; // global pointer (r1) // Intel-IA64-Filler
|
|
ULONGLONG IntT0; // Intel-IA64-Filler
|
|
ULONGLONG IntT1; // Intel-IA64-Filler
|
|
// The following 4 registers fill in space of preserved (S0-S3) to align Nats // Intel-IA64-Filler
|
|
ULONGLONG ApUNAT; // ar.UNAT on kernel entry // Intel-IA64-Filler
|
|
ULONGLONG ApCCV; // ar.CCV // Intel-IA64-Filler
|
|
ULONGLONG ApDCR; // DCR register on kernel entry // Intel-IA64-Filler
|
|
ULONGLONG Preds; // Predicates // Intel-IA64-Filler
|
|
|
|
ULONGLONG IntV0; // return value (r8) // Intel-IA64-Filler
|
|
ULONGLONG IntT2; // Intel-IA64-Filler
|
|
ULONGLONG IntT3; // Intel-IA64-Filler
|
|
ULONGLONG IntT4; // Intel-IA64-Filler
|
|
ULONGLONG IntSp; // stack pointer (r12) // Intel-IA64-Filler
|
|
ULONGLONG IntTeb; // teb (r13) // Intel-IA64-Filler
|
|
ULONGLONG IntT5; // Intel-IA64-Filler
|
|
ULONGLONG IntT6; // Intel-IA64-Filler
|
|
ULONGLONG IntT7; // Intel-IA64-Filler
|
|
ULONGLONG IntT8; // Intel-IA64-Filler
|
|
ULONGLONG IntT9; // Intel-IA64-Filler
|
|
ULONGLONG IntT10; // Intel-IA64-Filler
|
|
ULONGLONG IntT11; // Intel-IA64-Filler
|
|
ULONGLONG IntT12; // Intel-IA64-Filler
|
|
ULONGLONG IntT13; // Intel-IA64-Filler
|
|
ULONGLONG IntT14; // Intel-IA64-Filler
|
|
ULONGLONG IntT15; // Intel-IA64-Filler
|
|
ULONGLONG IntT16; // Intel-IA64-Filler
|
|
ULONGLONG IntT17; // Intel-IA64-Filler
|
|
ULONGLONG IntT18; // Intel-IA64-Filler
|
|
ULONGLONG IntT19; // Intel-IA64-Filler
|
|
ULONGLONG IntT20; // Intel-IA64-Filler
|
|
ULONGLONG IntT21; // Intel-IA64-Filler
|
|
ULONGLONG IntT22; // Intel-IA64-Filler
|
|
|
|
ULONGLONG IntNats; // Temporary (volatile) registers' Nats directly from ar.UNAT at point of spill // Intel-IA64-Filler
|
|
|
|
ULONGLONG BrRp; // Return pointer on kernel entry // Intel-IA64-Filler
|
|
|
|
ULONGLONG BrT0; // Temporary (volatile) branch registers (b6-b7) // Intel-IA64-Filler
|
|
ULONGLONG BrT1; // Intel-IA64-Filler
|
|
|
|
// Register stack info // Intel-IA64-Filler
|
|
ULONGLONG RsRSC; // RSC on kernel entry // Intel-IA64-Filler
|
|
ULONGLONG RsBSP; // BSP on kernel entry // Intel-IA64-Filler
|
|
ULONGLONG RsBSPSTORE; // User BSP Store at point of switch to kernel backing store // Intel-IA64-Filler
|
|
ULONGLONG RsRNAT; // old RNAT at point of switch to kernel backing store // Intel-IA64-Filler
|
|
ULONGLONG RsPFS; // PFS on kernel entry // Intel-IA64-Filler
|
|
|
|
// Trap Status Information // Intel-IA64-Filler
|
|
ULONGLONG StIPSR; // Interruption Processor Status Register // Intel-IA64-Filler
|
|
ULONGLONG StIIP; // Interruption IP // Intel-IA64-Filler
|
|
ULONGLONG StIFS; // Interruption Function State // Intel-IA64-Filler
|
|
ULONGLONG StFPSR; // FP status // Intel-IA64-Filler
|
|
ULONGLONG StISR; // Interruption Status Register // Intel-IA64-Filler
|
|
ULONGLONG StIFA; // Interruption Data Address // Intel-IA64-Filler
|
|
ULONGLONG StIIPA; // Last executed bundle address // Intel-IA64-Filler
|
|
ULONGLONG StIIM; // Interruption Immediate // Intel-IA64-Filler
|
|
ULONGLONG StIHA; // Interruption Hash Address // Intel-IA64-Filler
|
|
|
|
ULONG OldIrql; // Previous Irql. // Intel-IA64-Filler
|
|
ULONG PreviousMode; // Previous Mode. // Intel-IA64-Filler
|
|
ULONGLONG TrapFrame;// Previous Trap Frame // Intel-IA64-Filler
|
|
|
|
// Exception record
|
|
UCHAR ExceptionRecord[(sizeof(EXCEPTION_RECORD64) + 15) & (~15)];
|
|
|
|
// End of frame marker (for debugging)
|
|
ULONGLONG Handler; // Handler for this trap
|
|
ULONGLONG EOFMarker;
|
|
} IA64_KTRAP_FRAME, *PIA64_KTRAP_FRAME;
|
|
|
|
typedef struct _IA64_UNWIND_INFO { // Intel-IA64-Filler
|
|
USHORT Version; // Intel-IA64-Filler ; Version Number
|
|
USHORT Flags; // Intel-IA64-Filler ; Flags
|
|
ULONG DataLength; // Intel-IA64-Filler ; Length of Descriptor Data
|
|
} IA64_UNWIND_INFO, *PIA64_UNWIND_INFO; // Intel-IA64-Filler
|
|
|
|
//
|
|
// Define unwind operation codes.
|
|
//
|
|
|
|
typedef enum _AMD64_UNWIND_OP_CODES {
|
|
AMD64_UWOP_PUSH_NONVOL = 0,
|
|
AMD64_UWOP_ALLOC_LARGE,
|
|
AMD64_UWOP_ALLOC_SMALL,
|
|
AMD64_UWOP_SET_FPREG,
|
|
AMD64_UWOP_SAVE_NONVOL,
|
|
AMD64_UWOP_SAVE_NONVOL_FAR,
|
|
AMD64_UWOP_SAVE_XMM,
|
|
AMD64_UWOP_SAVE_XMM_FAR,
|
|
AMD64_UWOP_SAVE_XMM128,
|
|
AMD64_UWOP_SAVE_XMM128_FAR,
|
|
AMD64_UWOP_PUSH_MACHFRAME
|
|
} AMD64_UNWIND_OP_CODES, *PAMD64_UNWIND_OP_CODES;
|
|
|
|
//
|
|
// Define unwind code structure.
|
|
//
|
|
|
|
typedef union _AMD64_UNWIND_CODE {
|
|
struct {
|
|
UCHAR CodeOffset;
|
|
UCHAR UnwindOp : 4;
|
|
UCHAR OpInfo : 4;
|
|
};
|
|
|
|
USHORT FrameOffset;
|
|
} AMD64_UNWIND_CODE, *PAMD64_UNWIND_CODE;
|
|
|
|
//
|
|
// Define unwind information flags.
|
|
//
|
|
|
|
#define AMD64_UNW_FLAG_NHANDLER 0x0
|
|
#define AMD64_UNW_FLAG_EHANDLER 0x1
|
|
#define AMD64_UNW_FLAG_UHANDLER 0x2
|
|
#define AMD64_UNW_FLAG_CHAININFO 0x4
|
|
|
|
//
|
|
// Define unwind information structure.
|
|
//
|
|
|
|
typedef struct _AMD64_UNWIND_INFO {
|
|
UCHAR Version : 3;
|
|
UCHAR Flags : 5;
|
|
UCHAR SizeOfProlog;
|
|
UCHAR CountOfCodes;
|
|
UCHAR FrameRegister : 4;
|
|
UCHAR FrameOffset : 4;
|
|
AMD64_UNWIND_CODE UnwindCode[1];
|
|
|
|
//
|
|
// The unwind codes are followed by an optional DWORD aligned field that
|
|
// contains the exception handler address or the address of chained unwind
|
|
// information. If an exception handler address is specified, then it is
|
|
// followed by the language specified exception handler data.
|
|
//
|
|
// union {
|
|
// ULONG ExceptionHandler;
|
|
// ULONG FunctionEntry;
|
|
// };
|
|
//
|
|
// ULONG ExceptionData[];
|
|
//
|
|
|
|
} AMD64_UNWIND_INFO, *PAMD64_UNWIND_INFO;
|
|
|
|
#define IA64_IP_SLOT 2 // Intel-IA64-Filler
|
|
#define Ia64InsertIPSlotNumber(IP, SlotNumber) /* Intel-IA64-Filler */ \
|
|
((IP) | (SlotNumber << IA64_IP_SLOT)) // Intel-IA64-Filler
|
|
|
|
#define IA64_MM_EPC_VA 0xe0000000ffa00000
|
|
#define IA64_STACK_SCRATCH_AREA 16
|
|
#define IA64_SYSCALL_FRAME 0
|
|
#define IA64_INTERRUPT_FRAME 1
|
|
#define IA64_EXCEPTION_FRAME 2
|
|
#define IA64_CONTEXT_FRAME 10
|
|
|
|
#define IA64_IFS_IFM 0
|
|
#define IA64_IFS_IFM_LEN 38
|
|
#define IA64_IFS_MBZ0 38
|
|
#define IA64_IFS_MBZ0_V 0x1ffffffi64
|
|
#define IA64_IFS_V 63
|
|
#define IA64_IFS_V_LEN 1
|
|
#define IA64_PFS_EC_SHIFT 52
|
|
#define IA64_PFS_EC_SIZE 6
|
|
#define IA64_PFS_EC_MASK 0x3F
|
|
#define IA64_PFS_SIZE_SHIFT 7
|
|
#define IA64_PFS_SIZE_MASK 0x7F
|
|
#define IA64_NAT_BITS_PER_RNAT_REG 63
|
|
#define IA64_RNAT_ALIGNMENT (IA64_NAT_BITS_PER_RNAT_REG << 3)
|
|
#define IA64_FM_RRB_PR(Fm) (((Fm) >> 32) & 0x3f)
|
|
#define IA64_FM_RRB_FR(Fm) (((Fm) >> 25) & 0x7f)
|
|
#define IA64_FM_RRB_GR(Fm) (((Fm) >> 18) & 0x7f)
|
|
#define IA64_FM_SOR(Fm) (((Fm) >> 14) & 0xf)
|
|
#define IA64_FM_SOF(Fm) ((Fm) & 0x7f)
|
|
#define IA64_FM_FROM_FS(Fs) \
|
|
(((Fs) >> IA64_IFS_IFM) & ((1UI64 << IA64_IFS_IFM_LEN) - 1))
|
|
|
|
#define IA64_BREAK_DEBUG_BASE 0x080000
|
|
#define IA64_BREAK_SYSCALL_BASE 0x180000
|
|
#define IA64_BREAK_FASTSYS_BASE 0x1C0000
|
|
#define IA64_DEBUG_STOP_BREAKPOINT (IA64_BREAK_DEBUG_BASE+22)
|
|
|
|
|
|
#define ALPHA_PSR_USER_MODE 0x1
|
|
#define ALPHA_PSR_MODE 0x0 // Mode bit in PSR (bit 0)
|
|
#define ALPHA_PSR_MODE_MASK 0x1 // Mask (1 bit) for mode in PSR
|
|
#define ALPHA_PSR_IE 0x1 // Interrupt Enable bit in PSR (bit 1)
|
|
#define ALPHA_PSR_IE_MASK 0x1 // Mask (1 bit) for IE in PSR
|
|
#define ALPHA_PSR_IRQL 0x2 // IRQL in PSR (bit 2)
|
|
#define ALPHA_PSR_IRQL_MASK 0x7 // Mask (2 bits) for IRQL in PSR
|
|
|
|
|
|
#define X86_CONTEXT_X86 0x00010000
|
|
|
|
#define ALPHA_CONTEXT_ALPHA 0x00020000
|
|
#define ALPHA_CONTEXT_CONTROL (ALPHA_CONTEXT_ALPHA | 0x00000001L)
|
|
#define ALPHA_CONTEXT_FLOATING_POINT (ALPHA_CONTEXT_ALPHA | 0x00000002L)
|
|
#define ALPHA_CONTEXT_INTEGER (ALPHA_CONTEXT_ALPHA | 0x00000004L)
|
|
#define ALPHA_CONTEXT_FULL \
|
|
(ALPHA_CONTEXT_CONTROL | ALPHA_CONTEXT_FLOATING_POINT | \
|
|
ALPHA_CONTEXT_INTEGER)
|
|
|
|
#define IA64_CONTEXT_IA64 0x00080000
|
|
#define IA64_CONTEXT_CONTROL (IA64_CONTEXT_IA64 | 0x00000001L)
|
|
#define IA64_CONTEXT_LOWER_FLOATING_POINT (IA64_CONTEXT_IA64 | 0x00000002L)
|
|
#define IA64_CONTEXT_HIGHER_FLOATING_POINT (IA64_CONTEXT_IA64 | 0x00000004L)
|
|
#define IA64_CONTEXT_INTEGER (IA64_CONTEXT_IA64 | 0x00000008L)
|
|
#define IA64_CONTEXT_DEBUG (IA64_CONTEXT_IA64 | 0x00000010L)
|
|
#define IA64_CONTEXT_IA32_CONTROL (IA64_CONTEXT_IA64 | 0x00000020L)
|
|
#define IA64_CONTEXT_FLOATING_POINT \
|
|
(IA64_CONTEXT_LOWER_FLOATING_POINT | IA64_CONTEXT_HIGHER_FLOATING_POINT)
|
|
#define IA64_CONTEXT_FULL \
|
|
(IA64_CONTEXT_CONTROL | IA64_CONTEXT_FLOATING_POINT | IA64_CONTEXT_INTEGER | IA64_CONTEXT_IA32_CONTROL)
|
|
|
|
#define AMD64_CONTEXT_AMD64 0x00100000
|
|
#define AMD64_CONTEXT_CONTROL (AMD64_CONTEXT_AMD64 | 0x1L)
|
|
#define AMD64_CONTEXT_INTEGER (AMD64_CONTEXT_AMD64 | 0x2L)
|
|
#define AMD64_CONTEXT_SEGMENTS (AMD64_CONTEXT_AMD64 | 0x4L)
|
|
#define AMD64_CONTEXT_FLOATING_POINT (AMD64_CONTEXT_AMD64 | 0x8L)
|
|
#define AMD64_CONTEXT_DEBUG_REGISTERS (AMD64_CONTEXT_AMD64 | 0x10L)
|
|
#define AMD64_CONTEXT_FULL \
|
|
(AMD64_CONTEXT_CONTROL | AMD64_CONTEXT_INTEGER | AMD64_CONTEXT_FLOATING_POINT)
|
|
|
|
#define ARM_CONTEXT_ARM 0x0000040
|
|
#define ARM_CONTEXT_CONTROL (ARM_CONTEXT_ARM | 0x00000001L)
|
|
#define ARM_CONTEXT_INTEGER (ARM_CONTEXT_ARM | 0x00000002L)
|
|
|
|
#define ARM_CONTEXT_FULL (ARM_CONTEXT_CONTROL | ARM_CONTEXT_INTEGER)
|
|
|
|
|
|
#define X86_NT4_KPRCB_SIZE 0x9F0
|
|
#define X86_NT5_KPRCB_SIZE 0x9F0
|
|
#define X86_NT51_KPRCB_SIZE 0xC50
|
|
#define IA64_KPRCB_SIZE 0x1A40
|
|
|
|
#define DEF_KPRCB_CURRENT_THREAD_OFFSET_32 4
|
|
#define DEF_KPRCB_CURRENT_THREAD_OFFSET_64 8
|
|
|
|
#define X86_KPRCB_CPU_TYPE 0x18
|
|
#define IA64_KPRCB_PROCESSOR_MODEL 0x50
|
|
|
|
#define X86_1387_KPRCB_VENDOR_STRING 0x52D
|
|
#define X86_2087_KPRCB_VENDOR_STRING 0x72D
|
|
#define X86_2251_KPRCB_VENDOR_STRING 0x8AD
|
|
#define X86_2474_KPRCB_VENDOR_STRING 0x900
|
|
#define X86_VENDOR_STRING_SIZE 13
|
|
#define IA64_KPRCB_VENDOR_STRING 0x70
|
|
|
|
#define X86_1381_KPRCB_MHZ 0x53c
|
|
#define X86_2195_KPRCB_MHZ 0x73c
|
|
#define X86_2462_KPRCB_MHZ 0x8bc
|
|
#define X86_2505_KPRCB_MHZ 0x910
|
|
#define IA64_2462_KPRCB_MHZ 0x1728
|
|
|
|
#define X86_KPRCB_NUMBER 0x10
|
|
#define IA64_KPRCB_NUMBER 0x20
|
|
#define AMD64_KPRCB_NUMBER 4
|
|
|
|
#define X86_KPRCB_DPC_ROUTINE_ACTIVE 0x874
|
|
|
|
#define IA64_KPRCB_PCR_PAGE 0x38
|
|
|
|
#define X86_KPRCB_CONTEXT 0x1c
|
|
#define IA64_KPRCB_CONTEXT 0x190
|
|
#define AMD64_KPRCB_CONTEXT 0x120
|
|
|
|
#define X86_KPRCB_SPECIAL_REG 0x2e8
|
|
#define IA64_KPRCB_SPECIAL_REG 0xc00
|
|
#define AMD64_KPRCB_SPECIAL_REG 0x40
|
|
|
|
#define X86_1381_KPCR_SIZE 0x7f0
|
|
#define X86_2195_KPCR_SIZE 0xb10
|
|
#define X86_KPCR_SIZE 0xd70
|
|
#define IA64_KPCR_SIZE 0xe28
|
|
#define AMD64_KPCR_SIZE 0x12e0
|
|
|
|
#define X86_KPCR_SELF_PCR 0x1c
|
|
#define AMD64_KPCR_SELF 0x18
|
|
|
|
#define X86_KPCR_PRCB 0x20
|
|
#define IA64_KPCR_PRCB 0xb18
|
|
#define AMD64_KPCR_CURRENT_PRCB 0x38
|
|
|
|
#define X86_KPCR_PRCB_DATA 0x120
|
|
#define AMD64_KPCR_PRCB 0x180
|
|
|
|
#define AMD64_KPCR_KD_VERSION_BLOCK 0x108
|
|
|
|
#define IA64_KPCR_INITIAL_BSTORE 0xb68
|
|
#define IA64_KPCR_BSTORE_LIMIT 0xb78
|
|
#define IA64_KPCR_INITIAL_STACK 0xb60
|
|
#define IA64_KPCR_STACK_LIMIT 0xb70
|
|
|
|
#define X86_NT5_EPROCESS_SIZE 0x288
|
|
#define X86_NT51_EPROCESS_SIZE 0x258
|
|
#define X86_NT511_EPROCESS_SIZE 0x278
|
|
#define IA64_EPROCESS_SIZE 0x410
|
|
|
|
#define X86_PEB_IN_EPROCESS 0x1B0
|
|
#define X86_NT4_PEB_IN_EPROCESS 0x18C
|
|
#define IA64_PEB_IN_EPROCESS 0x2D0
|
|
#define IA64_3555_PEB_IN_EPROCESS 0x300
|
|
|
|
#define X86_PCID_IN_EPROCESS 0x14C
|
|
#define X86_NT4_PCID_IN_EPROCESS 0x1A4
|
|
#define IA64_PCID_IN_EPROCESS 0x260
|
|
|
|
#define IA64_DIRECTORY_TABLE_BASE_IN_EPROCESS 40
|
|
#define X86_DIRECTORY_TABLE_BASE_IN_EPROCESS 24
|
|
|
|
#define X86_ETHREAD_SIZE 0x258
|
|
#define X86_NT51_ETHREAD_SIZE 0x260
|
|
#define IA64_ETHREAD_SIZE 0x458
|
|
#define IA64_3555_ETHREAD_SIZE 0x440
|
|
|
|
#define X86_KTHREAD_NEXTPROCESSOR_OFFSET 0x11f
|
|
#define X86_2230_KTHREAD_NEXTPROCESSOR_OFFSET 0x123
|
|
#define X86_NT51_KTHREAD_NEXTPROCESSOR_OFFSET 0x12b
|
|
#define X86_3555_KTHREAD_NEXTPROCESSOR_OFFSET 0x107
|
|
#define IA64_KTHREAD_NEXTPROCESSOR_OFFSET 0x23b
|
|
#define IA64_3555_KTHREAD_NEXTPROCESSOR_OFFSET 0x1F7
|
|
|
|
#define X86_KTHREAD_TEB_OFFSET 0x020
|
|
#define X86_3555_KTHREAD_TEB_OFFSET 0x02C
|
|
#define IA64_KTHREAD_TEB_OFFSET 0x050
|
|
#define IA64_3555_KTHREAD_TEB_OFFSET 0x068
|
|
|
|
#define X86_KTHREAD_INITSTACK_OFFSET 0x018
|
|
#define IA64_KTHREAD_INITSTACK_OFFSET 0x028
|
|
|
|
#define X86_KTHREAD_KERNELSTACK_OFFSET 0x028
|
|
#define X86_3555_KTHREAD_KERNELSTACK_OFFSET 0x020
|
|
#define IA64_KTHREAD_KERNELSTACK_OFFSET 0x060
|
|
#define IA64_3555_KTHREAD_KERNELSTACK_OFFSET 0x038
|
|
|
|
#define X86_KTHREAD_APCPROCESS_OFFSET 0x044
|
|
#define X86_3555_KTHREAD_APCPROCESS_OFFSET 0x040
|
|
#define IA64_KTHREAD_APCPROCESS_OFFSET 0x098
|
|
#define IA64_3555_KTHREAD_APCPROCESS_OFFSET 0x090
|
|
|
|
#define X86_KTHREAD_STATE_OFFSET 0x02d
|
|
#define X86_3555_KTHREAD_STATE_OFFSET 0x028
|
|
#define IA64_KTHREAD_STATE_OFFSET 0x071
|
|
#define IA64_3555_KTHREAD_STATE_OFFSET 0x064
|
|
|
|
#define IA64_KTHREAD_BSTORE_OFFSET 0x038
|
|
#define IA64_3555_KTHREAD_BSTORE_OFFSET 0x040
|
|
|
|
#define IA64_KTHREAD_BSTORELIMIT_OFFSET 0x040
|
|
#define IA64_3555_KTHREAD_BSTORELIMIT_OFFSET 0x048
|
|
|
|
#define PEB_FROM_TEB32 48
|
|
#define PEB_FROM_TEB64 96
|
|
|
|
#define STACK_BASE_FROM_TEB32 4
|
|
#define STACK_BASE_FROM_TEB64 8
|
|
|
|
#define PEBLDR_FROM_PEB32 12
|
|
#define PEBLDR_FROM_PEB64 24
|
|
|
|
#define MODULE_LIST_FROM_PEBLDR32 12
|
|
#define MODULE_LIST_FROM_PEBLDR64 16
|
|
|
|
#define IA64_TEB_BSTORE_BASE 0x1788
|
|
|
|
#define X86_SHARED_SYSCALL_BASE_LT2412 0x7ffe02e0
|
|
#define X86_SHARED_SYSCALL_BASE_GTE2412 0x7ffe02f8
|
|
#define X86_SHARED_SYSCALL_BASE_GTE2492 0x7ffe0300
|
|
#define X86_SHARED_SYSCALL_SIZE 0x20
|
|
|
|
#define X86_KI_USER_SHARED_DATA 0xffdf0000U
|
|
#define IA64_KI_USER_SHARED_DATA 0xe0000000fffe0000UI64
|
|
#define AMD64_KI_USER_SHARED_DATA 0xfffff78000000000UI64
|
|
|
|
// Triage dumps contain a KPRCB and the debugger
|
|
// needs a safe address to map it into virtual space
|
|
// so that it's accessible in a way consistent with
|
|
// other dumps and live debugs. The debugger uses
|
|
// an address in the user-shared-memory area on the
|
|
// theory that nothing in that area should be present
|
|
// in a kernel triage dump so it's a safe place to map in.
|
|
#define X86_TRIAGE_PRCB_ADDRESS 0xffdff120U
|
|
#define IA64_TRIAGE_PRCB_ADDRESS 0xe0000000ffff0000UI64
|
|
#define AMD64_TRIAGE_PRCB_ADDRESS 0xfffff780ffff0000UI64
|
|
|
|
#define X86_KGDT_NULL 0
|
|
#define X86_KGDT_R0_CODE 8
|
|
#define X86_KGDT_R0_DATA 16
|
|
#define X86_KGDT_R3_CODE 24
|
|
#define X86_KGDT_R3_DATA 32
|
|
#define X86_KGDT_TSS 40
|
|
#define X86_KGDT_R0_PCR 48
|
|
#define X86_KGDT_R3_TEB 56
|
|
#define X86_KGDT_VDM_TILE 64
|
|
#define X86_KGDT_LDT 72
|
|
#define X86_KGDT_DF_TSS 80
|
|
#define X86_KGDT_NMI_TSS 88
|
|
|
|
#define X86_FRAME_EDITED 0xfff8
|
|
#define X86_MODE_MASK 1
|
|
#define X86_EFLAGS_V86_MASK 0x00020000
|
|
|
|
#define AMD64_KGDT64_NULL (0 * 16) // NULL descriptor
|
|
#define AMD64_KGDT64_R0_CODE (1 * 16) // kernel mode 64-bit code
|
|
#define AMD64_KGDT64_R0_DATA (1 * 16) + 8 // kernel mode 64-bit data (stack)
|
|
#define AMD64_KGDT64_R3_CMCODE (2 * 16) // user mode 32-bit code
|
|
#define AMD64_KGDT64_R3_DATA (2 * 16) + 8 // user mode 32-bit data
|
|
#define AMD64_KGDT64_R3_CODE (3 * 16) // user mode 64-bit code
|
|
#define AMD64_KGDT64_SYS_TSS (4 * 16) // kernel mode system task state
|
|
#define AMD64_KGDT64_R3_CMTEB (5 * 16) // user mode 32-bit TEB
|
|
#define AMD64_KGDT64_LAST (6 * 16)
|
|
|
|
//
|
|
// Memory management info
|
|
//
|
|
|
|
#define X86_BASE_VIRT 0xc0300000
|
|
#define X86_BASE_VIRT_PAE 0xc0600000
|
|
#define X86_PAGE_SIZE 0x1000
|
|
#define X86_PAGE_SHIFT 12L
|
|
#define X86_MM_PTE_TRANSITION_MASK 0x800
|
|
#define X86_MM_PTE_PROTOTYPE_MASK 0x400
|
|
#define X86_VALID_PFN_MASK 0xFFFFF000
|
|
#define X86_VALID_PFN_MASK_PAE 0x0000000FFFFFF000UI64
|
|
#define X86_VALID_PFN_SHIFT 12
|
|
#define X86_PDPE_SHIFT 30
|
|
#define X86_PDE_SHIFT 22
|
|
#define X86_PDE_SHIFT_PAE 21
|
|
#define X86_PDE_MASK_PAE 0x1ff
|
|
#define X86_PTE_SHIFT 12
|
|
#define X86_PTE_MASK 0x3ff
|
|
#define X86_PTE_MASK_PAE 0x1ff
|
|
#define X86_LARGE_PAGE_MASK 0x80
|
|
#define X86_LARGE_PAGE_SIZE (4 * 1024 * 1024)
|
|
#define X86_LARGE_PAGE_SIZE_PAE (2 * 1024 * 1024)
|
|
#define X86_PDBR_MASK 0xFFFFFFE0
|
|
|
|
#define IA64_PAGE_SIZE 0x2000
|
|
#define IA64_PAGE_SHIFT 13L
|
|
#define IA64_MM_PTE_TRANSITION_MASK 0x80
|
|
#define IA64_MM_PTE_PROTOTYPE_MASK 0x02
|
|
#define IA64_VALID_PFN_MASK 0x0007FFFFFFFFE000UI64
|
|
#define IA64_VALID_PFN_SHIFT 13
|
|
#define IA64_PDE1_SHIFT 33
|
|
#define IA64_PDE2_SHIFT 23
|
|
#define IA64_PDE_MASK 0x3ff
|
|
#define IA64_PTE_SHIFT 13
|
|
#define IA64_PTE_MASK 0x3ff
|
|
#define IA64_PHYSICAL1_START 0x8000000000000000UI64
|
|
#define IA64_PHYSICAL1_END 0x80000FFFFFFFFFFFUI64
|
|
#define IA64_PHYSICAL2_START 0xA000000000000000UI64
|
|
#define IA64_PHYSICAL2_END 0xA0000FFFFFFFFFFFUI64
|
|
#define IA64_PHYSICAL3_START 0xE000000080000000UI64
|
|
#define IA64_PHYSICAL3_END 0xE0000000BFFFFFFFUI64
|
|
#define IA64_PTA_BASE_MASK 0x1FFFFFFFFFFF8000UI64
|
|
#define IA64_REGION_MASK 0xE000000000000000UI64
|
|
#define IA64_REGION_SHIFT 61
|
|
#define IA64_REGION_COUNT 8
|
|
#define IA64_REGION_USER 0
|
|
#define IA64_REGION_SESSION 1
|
|
#define IA64_REGION_KERNEL 7
|
|
#define IA64_VHPT_MASK 0x000000FFFFFF8000UI64
|
|
#define IA64_LARGE_PAGE_PDE_MASK 0x1c
|
|
#define IA64_LARGE_PAGE_PDE_MARK 4
|
|
#define IA64_LARGE_PAGE_SIZE 0x800000
|
|
|
|
//
|
|
// Memory management info
|
|
//
|
|
|
|
#define AMD64_BASE_VIRT 0xFFFFF6FB7DBED000UI64
|
|
#define AMD64_PAGE_SIZE 0x1000
|
|
#define AMD64_PAGE_SHIFT 12L
|
|
#define AMD64_MM_PTE_TRANSITION_MASK 0x800
|
|
#define AMD64_MM_PTE_PROTOTYPE_MASK 0x400
|
|
#define AMD64_VALID_PFN_MASK 0x000000FFFFFFF000UI64
|
|
#define AMD64_VALID_PFN_SHIFT 12
|
|
#define AMD64_PML4E_SHIFT 39
|
|
#define AMD64_PML4E_MASK 0x1ff
|
|
#define AMD64_PDPE_SHIFT 30
|
|
#define AMD64_PDPE_MASK 0x1ff
|
|
#define AMD64_PDE_SHIFT 21
|
|
#define AMD64_PDE_MASK 0x1ff
|
|
#define AMD64_PTE_SHIFT 12
|
|
#define AMD64_PTE_MASK 0x1ff
|
|
#define AMD64_LARGE_PAGE_MASK 0x80
|
|
#define AMD64_LARGE_PAGE_SIZE (2 * 1024 * 1024)
|
|
#define AMD64_PDBR_MASK AMD64_VALID_PFN_MASK
|
|
#define AMD64_PHYSICAL_START 0xFFFFF80000000000UI64
|
|
#define AMD64_PHYSICAL_END 0xFFFFF8FFFFFFFFFFUI64
|
|
|
|
#define ARM_PAGE_SIZE 4096
|
|
#define ARM_PAGE_SHIFT 12
|
|
|
|
#define IA64_DEBUG_CONTROL_SPACE_PCR 1
|
|
#define IA64_DEBUG_CONTROL_SPACE_PRCB 2
|
|
#define IA64_DEBUG_CONTROL_SPACE_KSPECIAL 3
|
|
#define IA64_DEBUG_CONTROL_SPACE_THREAD 4
|
|
|
|
#define ALPHA_DEBUG_CONTROL_SPACE_PCR 1
|
|
#define ALPHA_DEBUG_CONTROL_SPACE_THREAD 2
|
|
#define ALPHA_DEBUG_CONTROL_SPACE_PRCB 3
|
|
#define ALPHA_DEBUG_CONTROL_SPACE_TEB 6
|
|
|
|
#define AMD64_DEBUG_CONTROL_SPACE_PCR 0
|
|
#define AMD64_DEBUG_CONTROL_SPACE_PRCB 1
|
|
#define AMD64_DEBUG_CONTROL_SPACE_KSPECIAL 2
|
|
#define AMD64_DEBUG_CONTROL_SPACE_THREAD 3
|
|
|
|
typedef enum _IA64_FUNCTION_TABLE_TYPE {
|
|
IA64_RF_SORTED,
|
|
IA64_RF_UNSORTED,
|
|
IA64_RF_CALLBACK
|
|
} IA64_FUNCTION_TABLE_TYPE;
|
|
|
|
typedef struct _IA64_DYNAMIC_FUNCTION_TABLE
|
|
{
|
|
LIST_ENTRY64 Links;
|
|
ULONG64 FunctionTable;
|
|
LARGE_INTEGER TimeStamp;
|
|
ULONG64 MinimumAddress;
|
|
ULONG64 MaximumAddress;
|
|
ULONG64 BaseAddress;
|
|
ULONG64 TargetGp;
|
|
ULONG64 Callback;
|
|
ULONG64 Context;
|
|
ULONG64 OutOfProcessCallbackDll;
|
|
IA64_FUNCTION_TABLE_TYPE Type;
|
|
ULONG EntryCount;
|
|
} IA64_DYNAMIC_FUNCTION_TABLE, *PIA64_DYNAMIC_FUNCTION_TABLE;
|
|
|
|
#define IA64_RF_BEGIN_ADDRESS(Base,RF) (( (ULONG64) Base + (RF)->BeginAddress) & (0xFFFFFFFFFFFFFFF0)) // Instruction Size 16 bytes
|
|
#define IA64_RF_END_ADDRESS(Base, RF) (((ULONG64) Base + (RF)->EndAddress+15) & (0xFFFFFFFFFFFFFFF0)) // Instruction Size 16 bytes
|
|
|
|
|
|
typedef enum _AMD64_FUNCTION_TABLE_TYPE {
|
|
AMD64_RF_SORTED,
|
|
AMD64_RF_UNSORTED,
|
|
AMD64_RF_CALLBACK
|
|
} AMD64_FUNCTION_TABLE_TYPE;
|
|
|
|
typedef struct _AMD64_DYNAMIC_FUNCTION_TABLE
|
|
{
|
|
LIST_ENTRY64 ListEntry;
|
|
ULONG64 FunctionTable;
|
|
LARGE_INTEGER TimeStamp;
|
|
ULONG64 MinimumAddress;
|
|
ULONG64 MaximumAddress;
|
|
ULONG64 BaseAddress;
|
|
ULONG64 Callback;
|
|
ULONG64 Context;
|
|
ULONG64 OutOfProcessCallbackDll;
|
|
AMD64_FUNCTION_TABLE_TYPE Type;
|
|
ULONG EntryCount;
|
|
} AMD64_DYNAMIC_FUNCTION_TABLE, *PAMD64_DYNAMIC_FUNCTION_TABLE;
|
|
|
|
typedef struct _CROSS_PLATFORM_DYNAMIC_FUNCTION_TABLE {
|
|
|
|
union {
|
|
IA64_DYNAMIC_FUNCTION_TABLE IA64Table;
|
|
AMD64_DYNAMIC_FUNCTION_TABLE Amd64Table;
|
|
};
|
|
|
|
} CROSS_PLATFORM_DYNAMIC_FUNCTION_TABLE, *PCROSS_PLATFORM_DYNAMIC_FUNCTION_TABLE;
|
|
|
|
|
|
// More stuff currently used by crashdump
|
|
|
|
|
|
typedef struct _PAE_ADDRESS {
|
|
union {
|
|
struct {
|
|
ULONG Offset : 12; // 0 .. 11
|
|
ULONG Table : 9; // 12 .. 20
|
|
ULONG Directory : 9; // 21 .. 29
|
|
ULONG DirectoryPointer : 2; // 30 .. 31
|
|
};
|
|
struct {
|
|
ULONG Offset : 21 ;
|
|
ULONG Directory : 9 ;
|
|
ULONG DirectoryPointer : 2;
|
|
} LargeAddress;
|
|
|
|
ULONG DwordPart;
|
|
};
|
|
} PAE_ADDRESS, * PPAE_ADDRESS;
|
|
|
|
typedef struct _X86PAE_HARDWARE_PTE {
|
|
union {
|
|
struct {
|
|
ULONGLONG Valid : 1;
|
|
ULONGLONG Write : 1;
|
|
ULONGLONG Owner : 1;
|
|
ULONGLONG WriteThrough : 1;
|
|
ULONGLONG CacheDisable : 1;
|
|
ULONGLONG Accessed : 1;
|
|
ULONGLONG Dirty : 1;
|
|
ULONGLONG LargePage : 1;
|
|
ULONGLONG Global : 1;
|
|
ULONGLONG CopyOnWrite : 1; // software field
|
|
ULONGLONG Prototype : 1; // software field
|
|
ULONGLONG reserved0 : 1; // software field
|
|
ULONGLONG PageFrameNumber : 24;
|
|
ULONGLONG reserved1 : 28; // software field
|
|
};
|
|
struct {
|
|
ULONG LowPart;
|
|
ULONG HighPart;
|
|
};
|
|
};
|
|
} X86PAE_HARDWARE_PTE, *PX86PAE_HARDWARE_PTE;
|
|
|
|
typedef X86PAE_HARDWARE_PTE X86PAE_HARDWARE_PDPTE;
|
|
|
|
|
|
typedef struct _X86PAE_HARDWARE_PDE {
|
|
union {
|
|
struct _X86PAE_HARDWARE_PTE Pte;
|
|
|
|
struct {
|
|
ULONGLONG Valid : 1;
|
|
ULONGLONG Write : 1;
|
|
ULONGLONG Owner : 1;
|
|
ULONGLONG WriteThrough : 1;
|
|
ULONGLONG CacheDisable : 1;
|
|
ULONGLONG Accessed : 1;
|
|
ULONGLONG Dirty : 1;
|
|
ULONGLONG LargePage : 1;
|
|
ULONGLONG Global : 1;
|
|
ULONGLONG CopyOnWrite : 1;
|
|
ULONGLONG Prototype : 1;
|
|
ULONGLONG reserved0 : 1;
|
|
ULONGLONG reserved2 : 9;
|
|
ULONGLONG PageFrameNumber : 15;
|
|
ULONGLONG reserved1 : 28;
|
|
} Large;
|
|
|
|
ULONGLONG QuadPart;
|
|
};
|
|
} X86PAE_HARDWARE_PDE;
|
|
|
|
#if defined(_X86_)
|
|
typedef X86_DBGKD_CONTROL_REPORT DBGKD_CONTROL_REPORT;
|
|
typedef X86_DBGKD_CONTROL_SET DBGKD_CONTROL_SET;
|
|
#elif defined(_ALPHA_)
|
|
typedef ALPHA_DBGKD_CONTROL_REPORT DBGKD_CONTROL_REPORT;
|
|
typedef ALPHA_DBGKD_CONTROL_SET DBGKD_CONTROL_SET;
|
|
#elif defined(_IA64_)
|
|
typedef IA64_DBGKD_CONTROL_REPORT DBGKD_CONTROL_REPORT;
|
|
typedef IA64_DBGKD_CONTROL_SET DBGKD_CONTROL_SET;
|
|
#elif defined(_AMD64_)
|
|
typedef AMD64_DBGKD_CONTROL_REPORT DBGKD_CONTROL_REPORT;
|
|
typedef AMD64_DBGKD_CONTROL_SET DBGKD_CONTROL_SET;
|
|
#endif
|
|
|
|
|
|
|
|
//
|
|
// DbgKd APIs are for the portable kernel debugger
|
|
//
|
|
|
|
//
|
|
// KD_PACKETS are the low level data format used in KD. All packets
|
|
// begin with a packet leader, byte count, packet type. The sequence
|
|
// for accepting a packet is:
|
|
//
|
|
// - read 4 bytes to get packet leader. If read times out (10 seconds)
|
|
// with a short read, or if packet leader is incorrect, then retry
|
|
// the read.
|
|
//
|
|
// - next read 2 byte packet type. If read times out (10 seconds) with
|
|
// a short read, or if packet type is bad, then start again looking
|
|
// for a packet leader.
|
|
//
|
|
// - next read 4 byte packet Id. If read times out (10 seconds)
|
|
// with a short read, or if packet Id is not what we expect, then
|
|
// ask for resend and restart again looking for a packet leader.
|
|
//
|
|
// - next read 2 byte count. If read times out (10 seconds) with
|
|
// a short read, or if byte count is greater than PACKET_MAX_SIZE,
|
|
// then start again looking for a packet leader.
|
|
//
|
|
// - next read 4 byte packet data checksum.
|
|
//
|
|
// - The packet data immediately follows the packet. There should be
|
|
// ByteCount bytes following the packet header. Read the packet
|
|
// data, if read times out (10 seconds) then start again looking for
|
|
// a packet leader.
|
|
//
|
|
|
|
|
|
typedef struct _KD_PACKET {
|
|
ULONG PacketLeader;
|
|
USHORT PacketType;
|
|
USHORT ByteCount;
|
|
ULONG PacketId;
|
|
ULONG Checksum;
|
|
} KD_PACKET, *PKD_PACKET;
|
|
|
|
|
|
#define PACKET_MAX_SIZE 4000
|
|
#define INITIAL_PACKET_ID 0x80800000 // Don't use 0
|
|
#define SYNC_PACKET_ID 0x00000800 // Or in with INITIAL_PACKET_ID
|
|
// to force a packet ID reset.
|
|
|
|
//
|
|
// BreakIn packet
|
|
//
|
|
|
|
#define BREAKIN_PACKET 0x62626262
|
|
#define BREAKIN_PACKET_BYTE 0x62
|
|
|
|
//
|
|
// Packet lead in sequence
|
|
//
|
|
|
|
#define PACKET_LEADER 0x30303030 //0x77000077
|
|
#define PACKET_LEADER_BYTE 0x30
|
|
|
|
#define CONTROL_PACKET_LEADER 0x69696969
|
|
#define CONTROL_PACKET_LEADER_BYTE 0x69
|
|
|
|
//
|
|
// Packet Trailing Byte
|
|
//
|
|
|
|
#define PACKET_TRAILING_BYTE 0xAA
|
|
|
|
//
|
|
// Packet Types
|
|
//
|
|
|
|
#define PACKET_TYPE_UNUSED 0
|
|
#define PACKET_TYPE_KD_STATE_CHANGE32 1
|
|
#define PACKET_TYPE_KD_STATE_MANIPULATE 2
|
|
#define PACKET_TYPE_KD_DEBUG_IO 3
|
|
#define PACKET_TYPE_KD_ACKNOWLEDGE 4 // Packet-control type
|
|
#define PACKET_TYPE_KD_RESEND 5 // Packet-control type
|
|
#define PACKET_TYPE_KD_RESET 6 // Packet-control type
|
|
#define PACKET_TYPE_KD_STATE_CHANGE64 7
|
|
#define PACKET_TYPE_KD_POLL_BREAKIN 8
|
|
#define PACKET_TYPE_KD_TRACE_IO 9
|
|
#define PACKET_TYPE_KD_CONTROL_REQUEST 10
|
|
#define PACKET_TYPE_KD_FILE_IO 11
|
|
#define PACKET_TYPE_MAX 12
|
|
|
|
//
|
|
// If the packet type is PACKET_TYPE_KD_STATE_CHANGE, then
|
|
// the format of the packet data is as follows:
|
|
//
|
|
|
|
#define DbgKdMinimumStateChange 0x00003030L
|
|
|
|
#define DbgKdExceptionStateChange 0x00003030L
|
|
#define DbgKdLoadSymbolsStateChange 0x00003031L
|
|
#define DbgKdCommandStringStateChange 0x00003032L
|
|
|
|
#define DbgKdMaximumStateChange 0x00003033L
|
|
|
|
// If the state change is from an alternate source
|
|
// then this bit is combined with the basic state change code.
|
|
#define DbgKdAlternateStateChange 0x00010000L
|
|
|
|
#define KD_REBOOT (-1)
|
|
#define KD_HIBERNATE (-2)
|
|
//
|
|
// Pathname Data follows directly
|
|
//
|
|
|
|
typedef struct _DBGKD_LOAD_SYMBOLS32 {
|
|
ULONG PathNameLength;
|
|
ULONG BaseOfDll;
|
|
ULONG ProcessId;
|
|
ULONG CheckSum;
|
|
ULONG SizeOfImage;
|
|
BOOLEAN UnloadSymbols;
|
|
} DBGKD_LOAD_SYMBOLS32, *PDBGKD_LOAD_SYMBOLS32;
|
|
|
|
typedef struct _DBGKD_LOAD_SYMBOLS64 {
|
|
ULONG PathNameLength;
|
|
ULONG64 BaseOfDll;
|
|
ULONG64 ProcessId;
|
|
ULONG CheckSum;
|
|
ULONG SizeOfImage;
|
|
BOOLEAN UnloadSymbols;
|
|
} DBGKD_LOAD_SYMBOLS64, *PDBGKD_LOAD_SYMBOLS64;
|
|
|
|
__inline
|
|
void
|
|
DbgkdLoadSymbols32To64(
|
|
IN PDBGKD_LOAD_SYMBOLS32 Ls32,
|
|
OUT PDBGKD_LOAD_SYMBOLS64 Ls64
|
|
)
|
|
{
|
|
Ls64->PathNameLength = Ls32->PathNameLength;
|
|
Ls64->ProcessId = Ls32->ProcessId;
|
|
COPYSE(Ls64,Ls32,BaseOfDll);
|
|
Ls64->CheckSum = Ls32->CheckSum;
|
|
Ls64->SizeOfImage = Ls32->SizeOfImage;
|
|
Ls64->UnloadSymbols = Ls32->UnloadSymbols;
|
|
}
|
|
|
|
__inline
|
|
void
|
|
LoadSymbols64To32(
|
|
IN PDBGKD_LOAD_SYMBOLS64 Ls64,
|
|
OUT PDBGKD_LOAD_SYMBOLS32 Ls32
|
|
)
|
|
{
|
|
Ls32->PathNameLength = Ls64->PathNameLength;
|
|
Ls32->ProcessId = (ULONG)Ls64->ProcessId;
|
|
Ls32->BaseOfDll = (ULONG)Ls64->BaseOfDll;
|
|
Ls32->CheckSum = Ls64->CheckSum;
|
|
Ls32->SizeOfImage = Ls64->SizeOfImage;
|
|
Ls32->UnloadSymbols = Ls64->UnloadSymbols;
|
|
}
|
|
|
|
//
|
|
// This structure is currently all zeroes.
|
|
// It just reserves a structure name for future use.
|
|
//
|
|
|
|
typedef struct _DBGKD_COMMAND_STRING {
|
|
ULONG Flags;
|
|
ULONG Reserved1;
|
|
ULONG64 Reserved2[7];
|
|
} DBGKD_COMMAND_STRING, *PDBGKD_COMMAND_STRING;
|
|
|
|
#ifdef _IA64_
|
|
#include <pshpck16.h>
|
|
#endif
|
|
|
|
typedef struct _DBGKD_WAIT_STATE_CHANGE32 {
|
|
ULONG NewState;
|
|
USHORT ProcessorLevel;
|
|
USHORT Processor;
|
|
ULONG NumberProcessors;
|
|
ULONG Thread;
|
|
ULONG ProgramCounter;
|
|
union {
|
|
DBGKM_EXCEPTION32 Exception;
|
|
DBGKD_LOAD_SYMBOLS32 LoadSymbols;
|
|
} u;
|
|
// A processor-specific control report and context follows.
|
|
} DBGKD_WAIT_STATE_CHANGE32, *PDBGKD_WAIT_STATE_CHANGE32;
|
|
|
|
// Protocol version 5 64-bit state change.
|
|
typedef struct _DBGKD_WAIT_STATE_CHANGE64 {
|
|
ULONG NewState;
|
|
USHORT ProcessorLevel;
|
|
USHORT Processor;
|
|
ULONG NumberProcessors;
|
|
ULONG64 Thread;
|
|
ULONG64 ProgramCounter;
|
|
union {
|
|
DBGKM_EXCEPTION64 Exception;
|
|
DBGKD_LOAD_SYMBOLS64 LoadSymbols;
|
|
} u;
|
|
// A processor-specific control report and context follows.
|
|
} DBGKD_WAIT_STATE_CHANGE64, *PDBGKD_WAIT_STATE_CHANGE64;
|
|
|
|
// Protocol version 6 state change.
|
|
typedef struct _DBGKD_ANY_WAIT_STATE_CHANGE {
|
|
ULONG NewState;
|
|
USHORT ProcessorLevel;
|
|
USHORT Processor;
|
|
ULONG NumberProcessors;
|
|
ULONG64 Thread;
|
|
ULONG64 ProgramCounter;
|
|
union {
|
|
DBGKM_EXCEPTION64 Exception;
|
|
DBGKD_LOAD_SYMBOLS64 LoadSymbols;
|
|
DBGKD_COMMAND_STRING CommandString;
|
|
} u;
|
|
// The ANY control report is unioned here to
|
|
// ensure that this structure is always large
|
|
// enough to hold any possible state change.
|
|
union {
|
|
DBGKD_CONTROL_REPORT ControlReport;
|
|
DBGKD_ANY_CONTROL_REPORT AnyControlReport;
|
|
};
|
|
} DBGKD_ANY_WAIT_STATE_CHANGE, *PDBGKD_ANY_WAIT_STATE_CHANGE;
|
|
|
|
#ifdef _IA64_
|
|
#include <poppack.h>
|
|
#endif
|
|
|
|
//
|
|
// If the packet type is PACKET_TYPE_KD_STATE_MANIPULATE, then
|
|
// the format of the packet data is as follows:
|
|
//
|
|
// Api Numbers for state manipulation
|
|
//
|
|
|
|
#define DbgKdMinimumManipulate 0x00003130L
|
|
|
|
#define DbgKdReadVirtualMemoryApi 0x00003130L
|
|
#define DbgKdWriteVirtualMemoryApi 0x00003131L
|
|
#define DbgKdGetContextApi 0x00003132L
|
|
#define DbgKdSetContextApi 0x00003133L
|
|
#define DbgKdWriteBreakPointApi 0x00003134L
|
|
#define DbgKdRestoreBreakPointApi 0x00003135L
|
|
#define DbgKdContinueApi 0x00003136L
|
|
#define DbgKdReadControlSpaceApi 0x00003137L
|
|
#define DbgKdWriteControlSpaceApi 0x00003138L
|
|
#define DbgKdReadIoSpaceApi 0x00003139L
|
|
#define DbgKdWriteIoSpaceApi 0x0000313AL
|
|
#define DbgKdRebootApi 0x0000313BL
|
|
#define DbgKdContinueApi2 0x0000313CL
|
|
#define DbgKdReadPhysicalMemoryApi 0x0000313DL
|
|
#define DbgKdWritePhysicalMemoryApi 0x0000313EL
|
|
//#define DbgKdQuerySpecialCallsApi 0x0000313FL
|
|
#define DbgKdSetSpecialCallApi 0x00003140L
|
|
#define DbgKdClearSpecialCallsApi 0x00003141L
|
|
#define DbgKdSetInternalBreakPointApi 0x00003142L
|
|
#define DbgKdGetInternalBreakPointApi 0x00003143L
|
|
#define DbgKdReadIoSpaceExtendedApi 0x00003144L
|
|
#define DbgKdWriteIoSpaceExtendedApi 0x00003145L
|
|
#define DbgKdGetVersionApi 0x00003146L
|
|
#define DbgKdWriteBreakPointExApi 0x00003147L
|
|
#define DbgKdRestoreBreakPointExApi 0x00003148L
|
|
#define DbgKdCauseBugCheckApi 0x00003149L
|
|
#define DbgKdSwitchProcessor 0x00003150L
|
|
#define DbgKdPageInApi 0x00003151L // obsolete
|
|
#define DbgKdReadMachineSpecificRegister 0x00003152L
|
|
#define DbgKdWriteMachineSpecificRegister 0x00003153L
|
|
#define OldVlm1 0x00003154L
|
|
#define OldVlm2 0x00003155L
|
|
#define DbgKdSearchMemoryApi 0x00003156L
|
|
#define DbgKdGetBusDataApi 0x00003157L
|
|
#define DbgKdSetBusDataApi 0x00003158L
|
|
#define DbgKdCheckLowMemoryApi 0x00003159L
|
|
#define DbgKdClearAllInternalBreakpointsApi 0x0000315AL
|
|
#define DbgKdFillMemoryApi 0x0000315BL
|
|
#define DbgKdQueryMemoryApi 0x0000315CL
|
|
#define DbgKdSwitchPartition 0x0000315DL
|
|
|
|
#define DbgKdMaximumManipulate 0x0000315EL
|
|
|
|
//
|
|
// Physical memory caching flags.
|
|
// These flags can be passed in on physical memory
|
|
// access requests in the ActualBytes field.
|
|
//
|
|
|
|
#define DBGKD_CACHING_UNKNOWN 0
|
|
#define DBGKD_CACHING_CACHED 1
|
|
#define DBGKD_CACHING_UNCACHED 2
|
|
#define DBGKD_CACHING_WRITE_COMBINED 3
|
|
|
|
//
|
|
// Response is a read memory message with data following
|
|
//
|
|
|
|
typedef struct _DBGKD_READ_MEMORY32 {
|
|
ULONG TargetBaseAddress;
|
|
ULONG TransferCount;
|
|
ULONG ActualBytesRead;
|
|
} DBGKD_READ_MEMORY32, *PDBGKD_READ_MEMORY32;
|
|
|
|
typedef struct _DBGKD_READ_MEMORY64 {
|
|
ULONG64 TargetBaseAddress;
|
|
ULONG TransferCount;
|
|
ULONG ActualBytesRead;
|
|
} DBGKD_READ_MEMORY64, *PDBGKD_READ_MEMORY64;
|
|
|
|
__inline
|
|
void
|
|
DbgkdReadMemory32To64(
|
|
IN PDBGKD_READ_MEMORY32 r32,
|
|
OUT PDBGKD_READ_MEMORY64 r64
|
|
)
|
|
{
|
|
COPYSE(r64,r32,TargetBaseAddress);
|
|
r64->TransferCount = r32->TransferCount;
|
|
r64->ActualBytesRead = r32->ActualBytesRead;
|
|
}
|
|
|
|
__inline
|
|
void
|
|
DbgkdReadMemory64To32(
|
|
IN PDBGKD_READ_MEMORY64 r64,
|
|
OUT PDBGKD_READ_MEMORY32 r32
|
|
)
|
|
{
|
|
r32->TargetBaseAddress = (ULONG)r64->TargetBaseAddress;
|
|
r32->TransferCount = r64->TransferCount;
|
|
r32->ActualBytesRead = r64->ActualBytesRead;
|
|
}
|
|
|
|
//
|
|
// Data follows directly
|
|
//
|
|
|
|
typedef struct _DBGKD_WRITE_MEMORY32 {
|
|
ULONG TargetBaseAddress;
|
|
ULONG TransferCount;
|
|
ULONG ActualBytesWritten;
|
|
} DBGKD_WRITE_MEMORY32, *PDBGKD_WRITE_MEMORY32;
|
|
|
|
typedef struct _DBGKD_WRITE_MEMORY64 {
|
|
ULONG64 TargetBaseAddress;
|
|
ULONG TransferCount;
|
|
ULONG ActualBytesWritten;
|
|
} DBGKD_WRITE_MEMORY64, *PDBGKD_WRITE_MEMORY64;
|
|
|
|
|
|
__inline
|
|
void
|
|
DbgkdWriteMemory32To64(
|
|
IN PDBGKD_WRITE_MEMORY32 r32,
|
|
OUT PDBGKD_WRITE_MEMORY64 r64
|
|
)
|
|
{
|
|
COPYSE(r64,r32,TargetBaseAddress);
|
|
r64->TransferCount = r32->TransferCount;
|
|
r64->ActualBytesWritten = r32->ActualBytesWritten;
|
|
}
|
|
|
|
__inline
|
|
void
|
|
DbgkdWriteMemory64To32(
|
|
IN PDBGKD_WRITE_MEMORY64 r64,
|
|
OUT PDBGKD_WRITE_MEMORY32 r32
|
|
)
|
|
{
|
|
r32->TargetBaseAddress = (ULONG)r64->TargetBaseAddress;
|
|
r32->TransferCount = r64->TransferCount;
|
|
r32->ActualBytesWritten = r64->ActualBytesWritten;
|
|
}
|
|
//
|
|
// Response is a get context message with a full context record following
|
|
//
|
|
|
|
typedef struct _DBGKD_GET_CONTEXT {
|
|
ULONG Unused;
|
|
} DBGKD_GET_CONTEXT, *PDBGKD_GET_CONTEXT;
|
|
|
|
//
|
|
// Full Context record follows
|
|
//
|
|
|
|
typedef struct _DBGKD_SET_CONTEXT {
|
|
ULONG ContextFlags;
|
|
} DBGKD_SET_CONTEXT, *PDBGKD_SET_CONTEXT;
|
|
|
|
#define BREAKPOINT_TABLE_SIZE 32 // max number supported by kernel
|
|
|
|
typedef struct _DBGKD_WRITE_BREAKPOINT32 {
|
|
ULONG BreakPointAddress;
|
|
ULONG BreakPointHandle;
|
|
} DBGKD_WRITE_BREAKPOINT32, *PDBGKD_WRITE_BREAKPOINT32;
|
|
|
|
typedef struct _DBGKD_WRITE_BREAKPOINT64 {
|
|
ULONG64 BreakPointAddress;
|
|
ULONG BreakPointHandle;
|
|
} DBGKD_WRITE_BREAKPOINT64, *PDBGKD_WRITE_BREAKPOINT64;
|
|
|
|
|
|
__inline
|
|
void
|
|
DbgkdWriteBreakpoint32To64(
|
|
IN PDBGKD_WRITE_BREAKPOINT32 r32,
|
|
OUT PDBGKD_WRITE_BREAKPOINT64 r64
|
|
)
|
|
{
|
|
COPYSE(r64,r32,BreakPointAddress);
|
|
r64->BreakPointHandle = r32->BreakPointHandle;
|
|
}
|
|
|
|
__inline
|
|
void
|
|
DbgkdWriteBreakpoint64To32(
|
|
IN PDBGKD_WRITE_BREAKPOINT64 r64,
|
|
OUT PDBGKD_WRITE_BREAKPOINT32 r32
|
|
)
|
|
{
|
|
r32->BreakPointAddress = (ULONG)r64->BreakPointAddress;
|
|
r32->BreakPointHandle = r64->BreakPointHandle;
|
|
}
|
|
|
|
typedef struct _DBGKD_RESTORE_BREAKPOINT {
|
|
ULONG BreakPointHandle;
|
|
} DBGKD_RESTORE_BREAKPOINT, *PDBGKD_RESTORE_BREAKPOINT;
|
|
|
|
typedef struct _DBGKD_BREAKPOINTEX {
|
|
ULONG BreakPointCount;
|
|
NTSTATUS ContinueStatus;
|
|
} DBGKD_BREAKPOINTEX, *PDBGKD_BREAKPOINTEX;
|
|
|
|
typedef struct _DBGKD_CONTINUE {
|
|
NTSTATUS ContinueStatus;
|
|
} DBGKD_CONTINUE, *PDBGKD_CONTINUE;
|
|
|
|
// This structure must be 32-bit packed for
|
|
// for compatibility with older, processor-specific
|
|
// versions of this structure.
|
|
#include <pshpack4.h>
|
|
|
|
typedef struct _DBGKD_CONTINUE2 {
|
|
NTSTATUS ContinueStatus;
|
|
// The ANY control set is unioned here to
|
|
// ensure that this structure is always large
|
|
// enough to hold any possible continue.
|
|
union {
|
|
DBGKD_CONTROL_SET ControlSet;
|
|
DBGKD_ANY_CONTROL_SET AnyControlSet;
|
|
};
|
|
} DBGKD_CONTINUE2, *PDBGKD_CONTINUE2;
|
|
|
|
#include <poppack.h>
|
|
|
|
typedef struct _DBGKD_READ_WRITE_IO32 {
|
|
ULONG DataSize; // 1, 2, 4
|
|
ULONG IoAddress;
|
|
ULONG DataValue;
|
|
} DBGKD_READ_WRITE_IO32, *PDBGKD_READ_WRITE_IO32;
|
|
|
|
typedef struct _DBGKD_READ_WRITE_IO64 {
|
|
ULONG64 IoAddress;
|
|
ULONG DataSize; // 1, 2, 4
|
|
ULONG DataValue;
|
|
} DBGKD_READ_WRITE_IO64, *PDBGKD_READ_WRITE_IO64;
|
|
|
|
__inline
|
|
void
|
|
DbgkdReadWriteIo32To64(
|
|
IN PDBGKD_READ_WRITE_IO32 r32,
|
|
OUT PDBGKD_READ_WRITE_IO64 r64
|
|
)
|
|
{
|
|
COPYSE(r64,r32,IoAddress);
|
|
r64->DataSize = r32->DataSize;
|
|
r64->DataValue = r32->DataValue;
|
|
}
|
|
|
|
__inline
|
|
void
|
|
DbgkdReadWriteIo64To32(
|
|
IN PDBGKD_READ_WRITE_IO64 r64,
|
|
OUT PDBGKD_READ_WRITE_IO32 r32
|
|
)
|
|
{
|
|
r32->IoAddress = (ULONG)r64->IoAddress;
|
|
r32->DataSize = r64->DataSize;
|
|
r32->DataValue = r64->DataValue;
|
|
}
|
|
|
|
typedef struct _DBGKD_READ_WRITE_IO_EXTENDED32 {
|
|
ULONG DataSize; // 1, 2, 4
|
|
ULONG InterfaceType;
|
|
ULONG BusNumber;
|
|
ULONG AddressSpace;
|
|
ULONG IoAddress;
|
|
ULONG DataValue;
|
|
} DBGKD_READ_WRITE_IO_EXTENDED32, *PDBGKD_READ_WRITE_IO_EXTENDED32;
|
|
|
|
typedef struct _DBGKD_READ_WRITE_IO_EXTENDED64 {
|
|
ULONG DataSize; // 1, 2, 4
|
|
ULONG InterfaceType;
|
|
ULONG BusNumber;
|
|
ULONG AddressSpace;
|
|
ULONG64 IoAddress;
|
|
ULONG DataValue;
|
|
} DBGKD_READ_WRITE_IO_EXTENDED64, *PDBGKD_READ_WRITE_IO_EXTENDED64;
|
|
|
|
__inline
|
|
void
|
|
DbgkdReadWriteIoExtended32To64(
|
|
IN PDBGKD_READ_WRITE_IO_EXTENDED32 r32,
|
|
OUT PDBGKD_READ_WRITE_IO_EXTENDED64 r64
|
|
)
|
|
{
|
|
r64->DataSize = r32->DataSize;
|
|
r64->InterfaceType = r32->InterfaceType;
|
|
r64->BusNumber = r32->BusNumber;
|
|
r64->AddressSpace = r32->AddressSpace;
|
|
COPYSE(r64,r32,IoAddress);
|
|
r64->DataValue = r32->DataValue;
|
|
}
|
|
|
|
__inline
|
|
void
|
|
DbgkdReadWriteIoExtended64To32(
|
|
IN PDBGKD_READ_WRITE_IO_EXTENDED64 r64,
|
|
OUT PDBGKD_READ_WRITE_IO_EXTENDED32 r32
|
|
)
|
|
{
|
|
r32->DataSize = r64->DataSize;
|
|
r32->InterfaceType = r64->InterfaceType;
|
|
r32->BusNumber = r64->BusNumber;
|
|
r32->AddressSpace = r64->AddressSpace;
|
|
r32->IoAddress = (ULONG)r64-> IoAddress;
|
|
r32->DataValue = r64->DataValue;
|
|
}
|
|
|
|
typedef struct _DBGKD_READ_WRITE_MSR {
|
|
ULONG Msr;
|
|
ULONG DataValueLow;
|
|
ULONG DataValueHigh;
|
|
} DBGKD_READ_WRITE_MSR, *PDBGKD_READ_WRITE_MSR;
|
|
|
|
|
|
typedef struct _DBGKD_QUERY_SPECIAL_CALLS {
|
|
ULONG NumberOfSpecialCalls;
|
|
// ULONG64 SpecialCalls[];
|
|
} DBGKD_QUERY_SPECIAL_CALLS, *PDBGKD_QUERY_SPECIAL_CALLS;
|
|
|
|
typedef struct _DBGKD_SET_SPECIAL_CALL32 {
|
|
ULONG SpecialCall;
|
|
} DBGKD_SET_SPECIAL_CALL32, *PDBGKD_SET_SPECIAL_CALL32;
|
|
|
|
typedef struct _DBGKD_SET_SPECIAL_CALL64 {
|
|
ULONG64 SpecialCall;
|
|
} DBGKD_SET_SPECIAL_CALL64, *PDBGKD_SET_SPECIAL_CALL64;
|
|
|
|
__inline
|
|
void
|
|
DbgkdSetSpecialCall64To32(
|
|
IN PDBGKD_SET_SPECIAL_CALL64 r64,
|
|
OUT PDBGKD_SET_SPECIAL_CALL32 r32
|
|
)
|
|
{
|
|
r32->SpecialCall = (ULONG)r64->SpecialCall;
|
|
}
|
|
|
|
#define DBGKD_MAX_INTERNAL_BREAKPOINTS 20
|
|
|
|
typedef struct _DBGKD_SET_INTERNAL_BREAKPOINT32 {
|
|
ULONG BreakpointAddress;
|
|
ULONG Flags;
|
|
} DBGKD_SET_INTERNAL_BREAKPOINT32, *PDBGKD_SET_INTERNAL_BREAKPOINT32;
|
|
|
|
typedef struct _DBGKD_SET_INTERNAL_BREAKPOINT64 {
|
|
ULONG64 BreakpointAddress;
|
|
ULONG Flags;
|
|
} DBGKD_SET_INTERNAL_BREAKPOINT64, *PDBGKD_SET_INTERNAL_BREAKPOINT64;
|
|
|
|
__inline
|
|
void
|
|
DbgkdSetInternalBreakpoint64To32(
|
|
IN PDBGKD_SET_INTERNAL_BREAKPOINT64 r64,
|
|
OUT PDBGKD_SET_INTERNAL_BREAKPOINT32 r32
|
|
)
|
|
{
|
|
r32->BreakpointAddress = (ULONG)r64->BreakpointAddress;
|
|
r32->Flags = r64->Flags;
|
|
}
|
|
|
|
typedef struct _DBGKD_GET_INTERNAL_BREAKPOINT32 {
|
|
ULONG BreakpointAddress;
|
|
ULONG Flags;
|
|
ULONG Calls;
|
|
ULONG MaxCallsPerPeriod;
|
|
ULONG MinInstructions;
|
|
ULONG MaxInstructions;
|
|
ULONG TotalInstructions;
|
|
} DBGKD_GET_INTERNAL_BREAKPOINT32, *PDBGKD_GET_INTERNAL_BREAKPOINT32;
|
|
|
|
typedef struct _DBGKD_GET_INTERNAL_BREAKPOINT64 {
|
|
ULONG64 BreakpointAddress;
|
|
ULONG Flags;
|
|
ULONG Calls;
|
|
ULONG MaxCallsPerPeriod;
|
|
ULONG MinInstructions;
|
|
ULONG MaxInstructions;
|
|
ULONG TotalInstructions;
|
|
} DBGKD_GET_INTERNAL_BREAKPOINT64, *PDBGKD_GET_INTERNAL_BREAKPOINT64;
|
|
|
|
__inline
|
|
void
|
|
DbgkdGetInternalBreakpoint32To64(
|
|
IN PDBGKD_GET_INTERNAL_BREAKPOINT32 r32,
|
|
OUT PDBGKD_GET_INTERNAL_BREAKPOINT64 r64
|
|
)
|
|
{
|
|
COPYSE(r64,r32,BreakpointAddress);
|
|
r64->Flags = r32->Flags;
|
|
r64->Calls = r32->Calls;
|
|
r64->MaxCallsPerPeriod = r32->MaxCallsPerPeriod;
|
|
r64->MinInstructions = r32->MinInstructions;
|
|
r64->MaxInstructions = r32->MaxInstructions;
|
|
r64->TotalInstructions = r32->TotalInstructions;
|
|
}
|
|
|
|
__inline
|
|
void
|
|
DbgkdGetInternalBreakpoint64To32(
|
|
IN PDBGKD_GET_INTERNAL_BREAKPOINT64 r64,
|
|
OUT PDBGKD_GET_INTERNAL_BREAKPOINT32 r32
|
|
)
|
|
{
|
|
r32->BreakpointAddress = (ULONG)r64->BreakpointAddress;
|
|
r32->Flags = r64->Flags;
|
|
r32->Calls = r64->Calls;
|
|
r32->MaxCallsPerPeriod = r64->MaxCallsPerPeriod;
|
|
r32->MinInstructions = r64->MinInstructions;
|
|
r32->MaxInstructions = r64->MaxInstructions;
|
|
r32->TotalInstructions = r64->TotalInstructions;
|
|
}
|
|
|
|
#define DBGKD_INTERNAL_BP_FLAG_COUNTONLY 0x00000001 // don't count instructions
|
|
#define DBGKD_INTERNAL_BP_FLAG_INVALID 0x00000002 // disabled BP
|
|
#define DBGKD_INTERNAL_BP_FLAG_SUSPENDED 0x00000004 // temporarily suspended
|
|
#define DBGKD_INTERNAL_BP_FLAG_DYING 0x00000008 // kill on exit
|
|
|
|
|
|
//
|
|
// The packet protocol was widened to 64 bits in version 5.
|
|
// The PTR64 flag allows the debugger to read the right
|
|
// size of pointer when neccessary.
|
|
//
|
|
// The version packet was changed in the same revision, to remove the
|
|
// data that are now available in KDDEBUGGER_DATA.
|
|
//
|
|
// Version 6 adjusted the structures to use
|
|
// cross-platform versions all the time.
|
|
//
|
|
#define DBGKD_64BIT_PROTOCOL_VERSION1 5
|
|
#define DBGKD_64BIT_PROTOCOL_VERSION2 6
|
|
|
|
|
|
typedef struct _DBGKD_SEARCH_MEMORY {
|
|
union {
|
|
ULONG64 SearchAddress;
|
|
ULONG64 FoundAddress;
|
|
};
|
|
ULONG64 SearchLength;
|
|
ULONG PatternLength;
|
|
} DBGKD_SEARCH_MEMORY, *PDBGKD_SEARCH_MEMORY;
|
|
|
|
|
|
typedef struct _DBGKD_GET_SET_BUS_DATA {
|
|
ULONG BusDataType;
|
|
ULONG BusNumber;
|
|
ULONG SlotNumber;
|
|
ULONG Offset;
|
|
ULONG Length;
|
|
} DBGKD_GET_SET_BUS_DATA, *PDBGKD_GET_SET_BUS_DATA;
|
|
|
|
|
|
#define DBGKD_FILL_MEMORY_VIRTUAL 0x00000001
|
|
#define DBGKD_FILL_MEMORY_PHYSICAL 0x00000002
|
|
|
|
typedef struct _DBGKD_FILL_MEMORY {
|
|
ULONG64 Address;
|
|
ULONG Length;
|
|
USHORT Flags;
|
|
USHORT PatternLength;
|
|
} DBGKD_FILL_MEMORY, *PDBGKD_FILL_MEMORY;
|
|
|
|
// Input AddressSpace values.
|
|
#define DBGKD_QUERY_MEMORY_VIRTUAL 0x00000000
|
|
|
|
// Output AddressSpace values.
|
|
#define DBGKD_QUERY_MEMORY_PROCESS 0x00000000
|
|
#define DBGKD_QUERY_MEMORY_SESSION 0x00000001
|
|
#define DBGKD_QUERY_MEMORY_KERNEL 0x00000002
|
|
|
|
// Output Flags.
|
|
// Currently the kernel always returns rwx.
|
|
#define DBGKD_QUERY_MEMORY_READ 0x00000001
|
|
#define DBGKD_QUERY_MEMORY_WRITE 0x00000002
|
|
#define DBGKD_QUERY_MEMORY_EXECUTE 0x00000004
|
|
#define DBGKD_QUERY_MEMORY_FIXED 0x00000008
|
|
|
|
typedef struct _DBGKD_QUERY_MEMORY {
|
|
ULONG64 Address;
|
|
ULONG64 Reserved;
|
|
ULONG AddressSpace;
|
|
ULONG Flags;
|
|
} DBGKD_QUERY_MEMORY, *PDBGKD_QUERY_MEMORY;
|
|
|
|
|
|
#define DBGKD_PARTITION_DEFAULT 0x00000000
|
|
#define DBGKD_PARTITION_ALTERNATE 0x00000001
|
|
|
|
typedef struct _DBGKD_SWITCH_PARTITION {
|
|
ULONG Partition;
|
|
} DBGKD_SWITCH_PARTITION;
|
|
|
|
|
|
#include <pshpack4.h>
|
|
|
|
typedef struct _DBGKD_MANIPULATE_STATE32 {
|
|
ULONG ApiNumber;
|
|
USHORT ProcessorLevel;
|
|
USHORT Processor;
|
|
NTSTATUS ReturnStatus;
|
|
union {
|
|
DBGKD_READ_MEMORY32 ReadMemory;
|
|
DBGKD_WRITE_MEMORY32 WriteMemory;
|
|
DBGKD_READ_MEMORY64 ReadMemory64;
|
|
DBGKD_WRITE_MEMORY64 WriteMemory64;
|
|
DBGKD_GET_CONTEXT GetContext;
|
|
DBGKD_SET_CONTEXT SetContext;
|
|
DBGKD_WRITE_BREAKPOINT32 WriteBreakPoint;
|
|
DBGKD_RESTORE_BREAKPOINT RestoreBreakPoint;
|
|
DBGKD_CONTINUE Continue;
|
|
DBGKD_CONTINUE2 Continue2;
|
|
DBGKD_READ_WRITE_IO32 ReadWriteIo;
|
|
DBGKD_READ_WRITE_IO_EXTENDED32 ReadWriteIoExtended;
|
|
DBGKD_QUERY_SPECIAL_CALLS QuerySpecialCalls;
|
|
DBGKD_SET_SPECIAL_CALL32 SetSpecialCall;
|
|
DBGKD_SET_INTERNAL_BREAKPOINT32 SetInternalBreakpoint;
|
|
DBGKD_GET_INTERNAL_BREAKPOINT32 GetInternalBreakpoint;
|
|
DBGKD_GET_VERSION32 GetVersion32;
|
|
DBGKD_BREAKPOINTEX BreakPointEx;
|
|
DBGKD_READ_WRITE_MSR ReadWriteMsr;
|
|
DBGKD_SEARCH_MEMORY SearchMemory;
|
|
} u;
|
|
} DBGKD_MANIPULATE_STATE32, *PDBGKD_MANIPULATE_STATE32;
|
|
|
|
#include <poppack.h>
|
|
|
|
|
|
typedef struct _DBGKD_MANIPULATE_STATE64 {
|
|
ULONG ApiNumber;
|
|
USHORT ProcessorLevel;
|
|
USHORT Processor;
|
|
NTSTATUS ReturnStatus;
|
|
union {
|
|
DBGKD_READ_MEMORY64 ReadMemory;
|
|
DBGKD_WRITE_MEMORY64 WriteMemory;
|
|
DBGKD_GET_CONTEXT GetContext;
|
|
DBGKD_SET_CONTEXT SetContext;
|
|
DBGKD_WRITE_BREAKPOINT64 WriteBreakPoint;
|
|
DBGKD_RESTORE_BREAKPOINT RestoreBreakPoint;
|
|
DBGKD_CONTINUE Continue;
|
|
DBGKD_CONTINUE2 Continue2;
|
|
DBGKD_READ_WRITE_IO64 ReadWriteIo;
|
|
DBGKD_READ_WRITE_IO_EXTENDED64 ReadWriteIoExtended;
|
|
DBGKD_QUERY_SPECIAL_CALLS QuerySpecialCalls;
|
|
DBGKD_SET_SPECIAL_CALL64 SetSpecialCall;
|
|
DBGKD_SET_INTERNAL_BREAKPOINT64 SetInternalBreakpoint;
|
|
DBGKD_GET_INTERNAL_BREAKPOINT64 GetInternalBreakpoint;
|
|
DBGKD_GET_VERSION64 GetVersion64;
|
|
DBGKD_BREAKPOINTEX BreakPointEx;
|
|
DBGKD_READ_WRITE_MSR ReadWriteMsr;
|
|
DBGKD_SEARCH_MEMORY SearchMemory;
|
|
DBGKD_GET_SET_BUS_DATA GetSetBusData;
|
|
DBGKD_FILL_MEMORY FillMemory;
|
|
DBGKD_QUERY_MEMORY QueryMemory;
|
|
DBGKD_SWITCH_PARTITION SwitchPartition;
|
|
} u;
|
|
} DBGKD_MANIPULATE_STATE64, *PDBGKD_MANIPULATE_STATE64;
|
|
|
|
__inline
|
|
ULONG
|
|
DbgkdManipulateState32To64(
|
|
IN PDBGKD_MANIPULATE_STATE32 r32,
|
|
OUT PDBGKD_MANIPULATE_STATE64 r64,
|
|
OUT PULONG AdditionalDataSize
|
|
)
|
|
{
|
|
r64->ApiNumber = r32->ApiNumber;
|
|
r64->ProcessorLevel = r32->ProcessorLevel;
|
|
r64->Processor = r32->Processor;
|
|
r64->ReturnStatus = r32->ReturnStatus;
|
|
|
|
*AdditionalDataSize = 0;
|
|
|
|
//
|
|
// translate the messages which may be sent by the kernel
|
|
//
|
|
|
|
switch (r64->ApiNumber) {
|
|
|
|
case DbgKdSetContextApi:
|
|
case DbgKdRestoreBreakPointApi:
|
|
case DbgKdContinueApi:
|
|
case DbgKdContinueApi2:
|
|
case DbgKdRebootApi:
|
|
case DbgKdClearSpecialCallsApi:
|
|
case DbgKdRestoreBreakPointExApi:
|
|
case DbgKdCauseBugCheckApi:
|
|
case DbgKdSwitchProcessor:
|
|
case DbgKdWriteMachineSpecificRegister:
|
|
case DbgKdWriteIoSpaceApi:
|
|
case DbgKdSetSpecialCallApi:
|
|
case DbgKdSetInternalBreakPointApi:
|
|
case DbgKdWriteIoSpaceExtendedApi:
|
|
break;
|
|
|
|
|
|
|
|
case DbgKdReadMachineSpecificRegister:
|
|
r64->u.ReadWriteMsr = r32->u.ReadWriteMsr;
|
|
break;
|
|
|
|
//
|
|
// GetVersion may need to be handled by the calling code;
|
|
// it needs to call DbgkdGetVersion32To64 with the DebuggerDataBlock.
|
|
//
|
|
|
|
case DbgKdGetVersionApi:
|
|
break;
|
|
|
|
case DbgKdGetContextApi:
|
|
*AdditionalDataSize = sizeof(CONTEXT);
|
|
break;
|
|
|
|
//case DbgKdQuerySpecialCallsApi:
|
|
// r64->u.QuerySpecialCalls = r32->u.QuerySpecialCalls;
|
|
// *AdditionalDataSize = r64->u.QuerySpecialCalls.NumberOfSpecialCalls * sizeof(ULONG);
|
|
// break;
|
|
|
|
case DbgKdWriteBreakPointExApi:
|
|
r64->u.BreakPointEx = r32->u.BreakPointEx;
|
|
*AdditionalDataSize = r64->u.BreakPointEx.BreakPointCount * sizeof(ULONG);
|
|
break;
|
|
|
|
case DbgKdReadVirtualMemoryApi:
|
|
case DbgKdReadPhysicalMemoryApi:
|
|
case DbgKdReadControlSpaceApi:
|
|
DbgkdReadMemory32To64(&r32->u.ReadMemory, &r64->u.ReadMemory);
|
|
if (NT_SUCCESS(r32->ReturnStatus)) {
|
|
*AdditionalDataSize = r64->u.ReadMemory.ActualBytesRead;
|
|
}
|
|
break;
|
|
|
|
case DbgKdWriteVirtualMemoryApi:
|
|
case DbgKdWritePhysicalMemoryApi:
|
|
case DbgKdWriteControlSpaceApi:
|
|
DbgkdWriteMemory32To64(&r32->u.WriteMemory, &r64->u.WriteMemory);
|
|
break;
|
|
|
|
|
|
|
|
case DbgKdWriteBreakPointApi:
|
|
DbgkdWriteBreakpoint32To64(&r32->u.WriteBreakPoint, &r64->u.WriteBreakPoint);
|
|
break;
|
|
|
|
case DbgKdReadIoSpaceApi:
|
|
DbgkdReadWriteIo32To64(&r32->u.ReadWriteIo, &r64->u.ReadWriteIo);
|
|
break;
|
|
|
|
case DbgKdReadIoSpaceExtendedApi:
|
|
DbgkdReadWriteIoExtended32To64(&r32->u.ReadWriteIoExtended, &r64->u.ReadWriteIoExtended);
|
|
break;
|
|
|
|
case DbgKdGetInternalBreakPointApi:
|
|
DbgkdGetInternalBreakpoint32To64(&r32->u.GetInternalBreakpoint, &r64->u.GetInternalBreakpoint);
|
|
break;
|
|
|
|
case DbgKdSearchMemoryApi:
|
|
r64->u.SearchMemory = r32->u.SearchMemory;
|
|
break;
|
|
}
|
|
|
|
return sizeof(DBGKD_MANIPULATE_STATE64);
|
|
}
|
|
|
|
__inline
|
|
ULONG
|
|
DbgkdManipulateState64To32(
|
|
IN PDBGKD_MANIPULATE_STATE64 r64,
|
|
OUT PDBGKD_MANIPULATE_STATE32 r32
|
|
)
|
|
{
|
|
r32->ApiNumber = r64->ApiNumber;
|
|
r32->ProcessorLevel = r64->ProcessorLevel;
|
|
r32->Processor = r64->Processor;
|
|
r32->ReturnStatus = r64->ReturnStatus;
|
|
|
|
//
|
|
// translate the messages sent by the debugger
|
|
//
|
|
|
|
switch (r32->ApiNumber) {
|
|
|
|
//
|
|
// These send nothing in the u part.
|
|
case DbgKdGetContextApi:
|
|
case DbgKdSetContextApi:
|
|
case DbgKdClearSpecialCallsApi:
|
|
case DbgKdRebootApi:
|
|
case DbgKdCauseBugCheckApi:
|
|
case DbgKdSwitchProcessor:
|
|
break;
|
|
|
|
|
|
case DbgKdRestoreBreakPointApi:
|
|
r32->u.RestoreBreakPoint = r64->u.RestoreBreakPoint;
|
|
break;
|
|
|
|
case DbgKdContinueApi:
|
|
r32->u.Continue = r64->u.Continue;
|
|
break;
|
|
|
|
case DbgKdContinueApi2:
|
|
r32->u.Continue2 = r64->u.Continue2;
|
|
break;
|
|
|
|
//case DbgKdQuerySpecialCallsApi:
|
|
// r32->u.QuerySpecialCalls = r64->u.QuerySpecialCalls;
|
|
// break;
|
|
|
|
case DbgKdRestoreBreakPointExApi:
|
|
// NYI
|
|
break;
|
|
|
|
case DbgKdReadMachineSpecificRegister:
|
|
case DbgKdWriteMachineSpecificRegister:
|
|
r32->u.ReadWriteMsr = r64->u.ReadWriteMsr;
|
|
break;
|
|
|
|
case DbgKdGetVersionApi:
|
|
r32->u.GetVersion32.ProtocolVersion = r64->u.GetVersion64.ProtocolVersion;
|
|
break;
|
|
|
|
case DbgKdWriteBreakPointExApi:
|
|
r32->u.BreakPointEx = r64->u.BreakPointEx;
|
|
break;
|
|
|
|
case DbgKdWriteVirtualMemoryApi:
|
|
DbgkdWriteMemory64To32(&r64->u.WriteMemory, &r32->u.WriteMemory);
|
|
break;
|
|
|
|
//
|
|
// 32 bit systems only support 32 bit physical r/w
|
|
//
|
|
case DbgKdReadControlSpaceApi:
|
|
case DbgKdReadVirtualMemoryApi:
|
|
case DbgKdReadPhysicalMemoryApi:
|
|
DbgkdReadMemory64To32(&r64->u.ReadMemory, &r32->u.ReadMemory);
|
|
break;
|
|
|
|
case DbgKdWritePhysicalMemoryApi:
|
|
DbgkdWriteMemory64To32(&r64->u.WriteMemory, &r32->u.WriteMemory);
|
|
break;
|
|
|
|
case DbgKdWriteBreakPointApi:
|
|
DbgkdWriteBreakpoint64To32(&r64->u.WriteBreakPoint, &r32->u.WriteBreakPoint);
|
|
break;
|
|
|
|
case DbgKdWriteControlSpaceApi:
|
|
DbgkdWriteMemory64To32(&r64->u.WriteMemory, &r32->u.WriteMemory);
|
|
break;
|
|
|
|
case DbgKdReadIoSpaceApi:
|
|
case DbgKdWriteIoSpaceApi:
|
|
DbgkdReadWriteIo64To32(&r64->u.ReadWriteIo, &r32->u.ReadWriteIo);
|
|
break;
|
|
|
|
case DbgKdSetSpecialCallApi:
|
|
DbgkdSetSpecialCall64To32(&r64->u.SetSpecialCall, &r32->u.SetSpecialCall);
|
|
break;
|
|
|
|
case DbgKdSetInternalBreakPointApi:
|
|
DbgkdSetInternalBreakpoint64To32(&r64->u.SetInternalBreakpoint, &r32->u.SetInternalBreakpoint);
|
|
break;
|
|
|
|
case DbgKdGetInternalBreakPointApi:
|
|
DbgkdGetInternalBreakpoint64To32(&r64->u.GetInternalBreakpoint, &r32->u.GetInternalBreakpoint);
|
|
break;
|
|
|
|
case DbgKdReadIoSpaceExtendedApi:
|
|
case DbgKdWriteIoSpaceExtendedApi:
|
|
DbgkdReadWriteIoExtended64To32(&r64->u.ReadWriteIoExtended, &r32->u.ReadWriteIoExtended);
|
|
break;
|
|
|
|
case DbgKdSearchMemoryApi:
|
|
r32->u.SearchMemory = r64->u.SearchMemory;
|
|
break;
|
|
}
|
|
|
|
return sizeof(DBGKD_MANIPULATE_STATE32);
|
|
}
|
|
|
|
//
|
|
// This is the format for the trace data passed back from the kernel to
|
|
// the debugger to describe multiple calls that have returned since the
|
|
// last trip back. The basic format is that there are a bunch of these
|
|
// (4 byte) unions stuck together. Each union is of one of two types: a
|
|
// 4 byte unsigned long integer, or a three field struct, describing a
|
|
// call (where "call" is delimited by returning or exiting the symbol
|
|
// scope). If the number of instructions executed is too big to fit
|
|
// into a USHORT -1, then the Instructions field has
|
|
// TRACE_DATA_INSTRUCTIONS_BIG and the next union is a LongNumber
|
|
// containing the real number of instructions executed.
|
|
//
|
|
// The very first union returned in each callback is a LongNumber
|
|
// containing the number of unions returned (including the "size"
|
|
// record, so it's always at least 1 even if there's no data to return).
|
|
//
|
|
// This is all returned to the debugger when one of two things
|
|
// happens:
|
|
//
|
|
// 1) The pc moves out of all defined symbol ranges
|
|
// 2) The buffer of trace data entries is filled.
|
|
//
|
|
// The "trace done" case is hacked around on the debugger side. It
|
|
// guarantees that the pc address that indicates a trace exit never
|
|
// winds up in a defined symbol range.
|
|
//
|
|
// The only other complexity in this system is handling the SymbolNumber
|
|
// table. This table is kept in parallel by the kernel and the
|
|
// debugger. When the PC exits a known symbol range, the Begin and End
|
|
// symbol ranges are set by the debugger and are allocated to the next
|
|
// symbol slot upon return. "The next symbol slot" means the numerical
|
|
// next slot number, unless we've filled all slots, in which case it is
|
|
// #0. (ie., allocation is cyclic and not LRU or something). The
|
|
// SymbolNumber table is flushed when a SpecialCalls call is made (ie.,
|
|
// at the beginning of the WatchTrace).
|
|
//
|
|
|
|
typedef union _DBGKD_TRACE_DATA {
|
|
struct {
|
|
UCHAR SymbolNumber;
|
|
CHAR LevelChange;
|
|
USHORT Instructions;
|
|
} s;
|
|
ULONG LongNumber;
|
|
} DBGKD_TRACE_DATA, *PDBGKD_TRACE_DATA;
|
|
|
|
#define TRACE_DATA_INSTRUCTIONS_BIG 0xffff
|
|
|
|
#define TRACE_DATA_BUFFER_MAX_SIZE 40
|
|
|
|
//
|
|
// If the packet type is PACKET_TYPE_KD_DEBUG_IO, then
|
|
// the format of the packet data is as follows:
|
|
//
|
|
|
|
#define DbgKdPrintStringApi 0x00003230L
|
|
#define DbgKdGetStringApi 0x00003231L
|
|
|
|
//
|
|
// For print string, the Null terminated string to print
|
|
// immediately follows the message
|
|
//
|
|
typedef struct _DBGKD_PRINT_STRING {
|
|
ULONG LengthOfString;
|
|
} DBGKD_PRINT_STRING, *PDBGKD_PRINT_STRING;
|
|
|
|
//
|
|
// For get string, the Null terminated prompt string
|
|
// immediately follows the message. The LengthOfStringRead
|
|
// field initially contains the maximum number of characters
|
|
// to read. Upon reply, this contains the number of bytes actually
|
|
// read. The data read immediately follows the message.
|
|
//
|
|
//
|
|
typedef struct _DBGKD_GET_STRING {
|
|
ULONG LengthOfPromptString;
|
|
ULONG LengthOfStringRead;
|
|
} DBGKD_GET_STRING, *PDBGKD_GET_STRING;
|
|
|
|
typedef struct _DBGKD_DEBUG_IO {
|
|
ULONG ApiNumber;
|
|
USHORT ProcessorLevel;
|
|
USHORT Processor;
|
|
union {
|
|
DBGKD_PRINT_STRING PrintString;
|
|
DBGKD_GET_STRING GetString;
|
|
} u;
|
|
} DBGKD_DEBUG_IO, *PDBGKD_DEBUG_IO;
|
|
|
|
|
|
//
|
|
// If the packet type is PACKET_TYPE_KD_TRACE_IO, then
|
|
// the format of the packet data is as follows:
|
|
//
|
|
|
|
#define DbgKdPrintTraceApi 0x00003330L
|
|
|
|
//
|
|
// For print trace, the trace buffer data
|
|
// immediately follows the message
|
|
//
|
|
typedef struct _DBGKD_PRINT_TRACE {
|
|
ULONG LengthOfData;
|
|
} DBGKD_PRINT_TRACE, *PDBGKD_PRINT_TRACE;
|
|
|
|
typedef struct _DBGKD_TRACE_IO {
|
|
ULONG ApiNumber;
|
|
USHORT ProcessorLevel;
|
|
USHORT Processor;
|
|
union {
|
|
ULONG64 ReserveSpace[7];
|
|
DBGKD_PRINT_TRACE PrintTrace;
|
|
} u;
|
|
} DBGKD_TRACE_IO, *PDBGKD_TRACE_IO;
|
|
|
|
|
|
//
|
|
// If the packet type is PACKET_TYPE_KD_CONTROL_REQUEST, then
|
|
// the format of the packet data is as follows:
|
|
//
|
|
|
|
#define DbgKdRequestHardwareBp 0x00004300L
|
|
#define DbgKdReleaseHardwareBp 0x00004301L
|
|
|
|
typedef struct _DBGKD_REQUEST_BREAKPOINT {
|
|
ULONG HardwareBreakPointNumber;
|
|
ULONG Available;
|
|
} DBGKD_REQUEST_BREAKPOINT, *PDBGKD_REQUEST_BREAKPOINT;
|
|
|
|
typedef struct _DBGKD_RELEASE_BREAKPOINT {
|
|
ULONG HardwareBreakPointNumber;
|
|
ULONG Released;
|
|
} DBGKD_RELEASE_BREAKPOINT, *PDBGKD_RELEASE_BREAKPOINT;
|
|
|
|
|
|
typedef struct _DBGKD_CONTROL_REQUEST {
|
|
ULONG ApiNumber;
|
|
union {
|
|
DBGKD_REQUEST_BREAKPOINT RequestBreakpoint;
|
|
DBGKD_RELEASE_BREAKPOINT ReleaseBreakpoint;
|
|
} u;
|
|
} DBGKD_CONTROL_REQUEST, *PDBGKD_CONTROL_REQUEST;
|
|
|
|
|
|
//
|
|
// If the packet type is PACKET_TYPE_KD_FILE_IO, then
|
|
// the format of the packet data is as follows:
|
|
//
|
|
|
|
#define DbgKdCreateFileApi 0x00003430L
|
|
#define DbgKdReadFileApi 0x00003431L
|
|
#define DbgKdWriteFileApi 0x00003432L
|
|
#define DbgKdCloseFileApi 0x00003433L
|
|
|
|
// Unicode filename follows as additional data.
|
|
typedef struct _DBGKD_CREATE_FILE {
|
|
ULONG DesiredAccess;
|
|
ULONG FileAttributes;
|
|
ULONG ShareAccess;
|
|
ULONG CreateDisposition;
|
|
ULONG CreateOptions;
|
|
// Return values.
|
|
ULONG64 Handle;
|
|
ULONG64 Length;
|
|
} DBGKD_CREATE_FILE, *PDBGKD_CREATE_FILE;
|
|
|
|
// Data is returned as additional data in the response.
|
|
typedef struct _DBGKD_READ_FILE {
|
|
ULONG64 Handle;
|
|
ULONG64 Offset;
|
|
ULONG Length;
|
|
} DBGKD_READ_FILE, *PDBGKD_READ_FILE;
|
|
|
|
// Data is given as additional data.
|
|
typedef struct _DBGKD_WRITE_FILE {
|
|
ULONG64 Handle;
|
|
ULONG64 Offset;
|
|
ULONG Length;
|
|
} DBGKD_WRITE_FILE, *PDBGKD_WRITE_FILE;
|
|
|
|
typedef struct _DBGKD_CLOSE_FILE {
|
|
ULONG64 Handle;
|
|
} DBGKD_CLOSE_FILE, *PDBGKD_CLOSE_FILE;
|
|
|
|
typedef struct _DBGKD_FILE_IO {
|
|
ULONG ApiNumber;
|
|
NTSTATUS Status;
|
|
union {
|
|
ULONG64 ReserveSpace[7];
|
|
DBGKD_CREATE_FILE CreateFile;
|
|
DBGKD_READ_FILE ReadFile;
|
|
DBGKD_WRITE_FILE WriteFile;
|
|
DBGKD_CLOSE_FILE CloseFile;
|
|
} u;
|
|
} DBGKD_FILE_IO, *PDBGKD_FILE_IO;
|
|
|
|
|
|
//
|
|
// Define debug object access types. No security is present on this object.
|
|
//
|
|
#define DEBUG_READ_EVENT (0x0001)
|
|
#define DEBUG_PROCESS_ASSIGN (0x0002)
|
|
#define DEBUG_SET_INFORMATION (0x0004)
|
|
#define DEBUG_QUERY_INFORMATION (0x0008)
|
|
#define DEBUG_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|DEBUG_READ_EVENT|DEBUG_PROCESS_ASSIGN|\
|
|
DEBUG_SET_INFORMATION|DEBUG_QUERY_INFORMATION)
|
|
|
|
#define DEBUG_KILL_ON_CLOSE (0x1) // Kill all debuggees on last handle close
|
|
|
|
typedef enum _DEBUGOBJECTINFOCLASS {
|
|
DebugObjectFlags = 1,
|
|
MaxDebugObjectInfoClass
|
|
} DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS;
|
|
|
|
NTSTATUS
|
|
NtRemoveProcessDebug (
|
|
IN HANDLE ProcessHandle,
|
|
IN HANDLE DebugObjectHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
NtWaitForDebugEvent (
|
|
IN HANDLE DebugObjectHandle,
|
|
IN BOOLEAN Alertable,
|
|
IN PLARGE_INTEGER Timeout OPTIONAL,
|
|
OUT PDBGUI_WAIT_STATE_CHANGE WaitStateChange
|
|
);
|
|
|
|
NTSTATUS
|
|
NtDebugContinue (
|
|
IN HANDLE DebugObjectHandle,
|
|
IN PCLIENT_ID ClientId,
|
|
IN NTSTATUS ContinueStatus
|
|
);
|
|
|
|
NTSTATUS
|
|
NtCreateDebugObject (
|
|
OUT PHANDLE DebugObjectHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
IN ULONG Flags
|
|
);
|
|
|
|
NTSTATUS
|
|
NtDebugActiveProcess (
|
|
IN HANDLE ProcessHandle,
|
|
IN HANDLE DebugObjectHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
NtSetInformationDebugObject (
|
|
IN HANDLE DebugObjectHandle,
|
|
IN DEBUGOBJECTINFOCLASS DebugObjectInformationClass,
|
|
IN PVOID DebugInformation,
|
|
IN ULONG DebugInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif // _NTDBG_
|