|
|
/*++
Copyright (c) Microsoft Corporation. All rights reserved.
Module Name:
ntdbg.h
Abstract:
This module contains the public data structures, data types, and procedures exported by the NT Dbg subsystem.
Revision History:
--*/
#ifndef _NTDBG_
#define _NTDBG_
#if _MSC_VER > 1000
#pragma once
#endif
#ifdef __cplusplus
extern "C" {#endif
//
// The following are explicitly sized versions of common system
// structures which appear in the kernel debugger API.
//
// All of the debugger structures which are exposed to both
// sides of the KD API are declared below in explicitly sized
// versions as well, with inline converter functions.
//
//
// Macro for sign extending 32 bit addresses into 64 bits
//
#define COPYSE(p64,p32,f) p64->f = (ULONG64)(LONG64)(LONG)p32->f
__inlinevoidExceptionRecord32To64( IN PEXCEPTION_RECORD32 Ex32, OUT PEXCEPTION_RECORD64 Ex64 ){ ULONG i; Ex64->ExceptionCode = Ex32->ExceptionCode; Ex64->ExceptionFlags = Ex32->ExceptionFlags; Ex64->ExceptionRecord = Ex32->ExceptionRecord; COPYSE(Ex64,Ex32,ExceptionAddress); Ex64->NumberParameters = Ex32->NumberParameters; for (i = 0; i < EXCEPTION_MAXIMUM_PARAMETERS; i++) { COPYSE(Ex64,Ex32,ExceptionInformation[i]); }}
__inlinevoidExceptionRecord64To32( IN PEXCEPTION_RECORD64 Ex64, OUT PEXCEPTION_RECORD32 Ex32 ){ ULONG i; Ex32->ExceptionCode = Ex64->ExceptionCode; Ex32->ExceptionFlags = Ex64->ExceptionFlags; Ex32->ExceptionRecord = (ULONG) Ex64->ExceptionRecord; Ex32->ExceptionAddress = (ULONG) Ex64->ExceptionAddress; Ex32->NumberParameters = Ex64->NumberParameters; for (i = 0; i < EXCEPTION_MAXIMUM_PARAMETERS; i++) { Ex32->ExceptionInformation[i] = (ULONG) Ex64->ExceptionInformation[i]; }}
//
// DbgKm Apis are from the kernel component (Dbgk) through a process
// debug port.
//
#define DBGKM_MSG_OVERHEAD \
(FIELD_OFFSET(DBGKM_APIMSG, u.Exception) - sizeof(PORT_MESSAGE))
#define DBGKM_API_MSG_LENGTH(TypeSize) \
((sizeof(DBGKM_APIMSG) << 16) | (DBGKM_MSG_OVERHEAD + (TypeSize)))
#define DBGKM_FORMAT_API_MSG(m,Number,TypeSize) \
(m).h.u1.Length = DBGKM_API_MSG_LENGTH((TypeSize)); \ (m).h.u2.ZeroInit = LPC_DEBUG_EVENT; \ (m).ApiNumber = (Number)
typedef enum _DBGKM_APINUMBER { DbgKmExceptionApi, DbgKmCreateThreadApi, DbgKmCreateProcessApi, DbgKmExitThreadApi, DbgKmExitProcessApi, DbgKmLoadDllApi, DbgKmUnloadDllApi, DbgKmMaxApiNumber} DBGKM_APINUMBER;
#if !DBG_NO_PORTABLE_TYPES
typedef struct _DBGKM_EXCEPTION { EXCEPTION_RECORD ExceptionRecord; ULONG FirstChance;} DBGKM_EXCEPTION, *PDBGKM_EXCEPTION;#endif
typedef struct _DBGKM_EXCEPTION32 { EXCEPTION_RECORD32 ExceptionRecord; ULONG FirstChance;} DBGKM_EXCEPTION32, *PDBGKM_EXCEPTION32;
typedef struct _DBGKM_EXCEPTION64 { EXCEPTION_RECORD64 ExceptionRecord; ULONG FirstChance;} DBGKM_EXCEPTION64, *PDBGKM_EXCEPTION64;
__inlinevoidDbgkmException32To64( IN PDBGKM_EXCEPTION32 E32, OUT PDBGKM_EXCEPTION64 E64 ){ ExceptionRecord32To64(&E32->ExceptionRecord, &E64->ExceptionRecord); E64->FirstChance = E32->FirstChance;}
__inlinevoidDbgkmException64To32( IN PDBGKM_EXCEPTION64 E64, OUT PDBGKM_EXCEPTION32 E32 ){ ExceptionRecord64To32(&E64->ExceptionRecord, &E32->ExceptionRecord); E32->FirstChance = E64->FirstChance;}
//
// The DbgSS, DbgKm and DbgSs stuff is not needed in the portable debugger,
// and some of the following types and prototypes use portable types, so just
// turn them all off when building the debugger.
//
#if !DBG_NO_PORTABLE_TYPES
typedef struct _DBGKM_CREATE_THREAD { ULONG SubSystemKey; PVOID StartAddress;} DBGKM_CREATE_THREAD, *PDBGKM_CREATE_THREAD;
typedef struct _DBGKM_CREATE_PROCESS { ULONG SubSystemKey; HANDLE FileHandle; PVOID BaseOfImage; ULONG DebugInfoFileOffset; ULONG DebugInfoSize; DBGKM_CREATE_THREAD InitialThread;} DBGKM_CREATE_PROCESS, *PDBGKM_CREATE_PROCESS;
typedef struct _DBGKM_EXIT_THREAD { NTSTATUS ExitStatus;} DBGKM_EXIT_THREAD, *PDBGKM_EXIT_THREAD;
typedef struct _DBGKM_EXIT_PROCESS { NTSTATUS ExitStatus;} DBGKM_EXIT_PROCESS, *PDBGKM_EXIT_PROCESS;
typedef struct _DBGKM_LOAD_DLL { HANDLE FileHandle; PVOID BaseOfDll; ULONG DebugInfoFileOffset; ULONG DebugInfoSize;} DBGKM_LOAD_DLL, *PDBGKM_LOAD_DLL;
typedef struct _DBGKM_UNLOAD_DLL { PVOID BaseAddress;} DBGKM_UNLOAD_DLL, *PDBGKM_UNLOAD_DLL;
typedef struct _DBGKM_APIMSG { PORT_MESSAGE h; DBGKM_APINUMBER ApiNumber; NTSTATUS ReturnedStatus; union { DBGKM_EXCEPTION Exception; DBGKM_CREATE_THREAD CreateThread; DBGKM_CREATE_PROCESS CreateProcessInfo; DBGKM_EXIT_THREAD ExitThread; DBGKM_EXIT_PROCESS ExitProcess; DBGKM_LOAD_DLL LoadDll; DBGKM_UNLOAD_DLL UnloadDll; } u;} DBGKM_APIMSG, *PDBGKM_APIMSG;
//
// DbgSrv Messages are from Dbg subsystem to emulation subsystem.
// The only defined message at this time is continue
//
#define DBGSRV_MSG_OVERHEAD \
(sizeof(DBGSRV_APIMSG) - sizeof(PORT_MESSAGE))
#define DBGSRV_API_MSG_LENGTH(TypeSize) \
((sizeof(DBGSRV_APIMSG) << 16) | (DBGSRV_MSG_OVERHEAD))
#define DBGSRV_FORMAT_API_MSG(m,Number,TypeSize,CKey) \
(m).h.u1.Length = DBGSRV_API_MSG_LENGTH((TypeSize)); \ (m).h.u2.ZeroInit = 0L; \ (m).ApiNumber = (Number); \ (m).ContinueKey = (PVOID)(CKey)
typedef enum _DBGSRV_APINUMBER { DbgSrvContinueApi, DbgSrvMaxApiNumber} DBGSRV_APINUMBER;
typedef struct _DBGSRV_APIMSG { PORT_MESSAGE h; DBGSRV_APINUMBER ApiNumber; NTSTATUS ReturnedStatus; PVOID ContinueKey;} DBGSRV_APIMSG, *PDBGSRV_APIMSG;
//
//
// DbgSs Apis are from the system service emulation subsystems to the Dbg
// subsystem
//
typedef enum _DBG_STATE { DbgIdle, DbgReplyPending, DbgCreateThreadStateChange, DbgCreateProcessStateChange, DbgExitThreadStateChange, DbgExitProcessStateChange, DbgExceptionStateChange, DbgBreakpointStateChange, DbgSingleStepStateChange, DbgLoadDllStateChange, DbgUnloadDllStateChange} DBG_STATE, *PDBG_STATE;
#define DBGSS_MSG_OVERHEAD \
(FIELD_OFFSET(DBGSS_APIMSG, u.Exception) - sizeof(PORT_MESSAGE))
#define DBGSS_API_MSG_LENGTH(TypeSize) \
((sizeof(DBGSS_APIMSG) << 16) | (DBGSS_MSG_OVERHEAD + (TypeSize)))
#define DBGSS_FORMAT_API_MSG(m,Number,TypeSize,pApp,CKey) \
(m).h.u1.Length = DBGSS_API_MSG_LENGTH((TypeSize)); \ (m).h.u2.ZeroInit = 0L; \ (m).ApiNumber = (Number); \ (m).AppClientId = *(pApp); \ (m).ContinueKey = (PVOID)(CKey)
typedef enum _DBGSS_APINUMBER { DbgSsExceptionApi, DbgSsCreateThreadApi, DbgSsCreateProcessApi, DbgSsExitThreadApi, DbgSsExitProcessApi, DbgSsLoadDllApi, DbgSsUnloadDllApi, DbgSsMaxApiNumber} DBGSS_APINUMBER;
typedef struct _DBGSS_CREATE_PROCESS { CLIENT_ID DebugUiClientId; DBGKM_CREATE_PROCESS NewProcess;} DBGSS_CREATE_PROCESS, *PDBGSS_CREATE_PROCESS;
typedef struct _DBGSS_APIMSG { PORT_MESSAGE h; DBGKM_APINUMBER ApiNumber; NTSTATUS ReturnedStatus; CLIENT_ID AppClientId; PVOID ContinueKey; union { DBGKM_EXCEPTION Exception; DBGKM_CREATE_THREAD CreateThread; DBGSS_CREATE_PROCESS CreateProcessInfo; DBGKM_EXIT_THREAD ExitThread; DBGKM_EXIT_PROCESS ExitProcess; DBGKM_LOAD_DLL LoadDll; DBGKM_UNLOAD_DLL UnloadDll; } u;} DBGSS_APIMSG, *PDBGSS_APIMSG;
#define DBGUI_MSG_OVERHEAD \
(FIELD_OFFSET(DBGUI_APIMSG, u.Continue) - sizeof(PORT_MESSAGE))
#define DBGUI_API_MSG_LENGTH(TypeSize) \
((sizeof(DBGUI_APIMSG) << 16) | (DBGUI_MSG_OVERHEAD + (TypeSize)))
#define DBGUI_FORMAT_API_MSG(m,Number,TypeSize) \
(m).h.u1.Length = DBGUI_API_MSG_LENGTH((TypeSize)); \ (m).h.u2.ZeroInit = 0L; \ (m).ApiNumber = (Number)
typedef enum _DBGUI_APINUMBER { DbgUiWaitStateChangeApi, DbgUiContinueApi, DbgUiStopDebugApi, DbgUiMaxApiNumber} DBGUI_APINUMBER;
typedef struct _DBGUI_CREATE_THREAD { HANDLE HandleToThread; DBGKM_CREATE_THREAD NewThread;} DBGUI_CREATE_THREAD, *PDBGUI_CREATE_THREAD;
typedef struct _DBGUI_CREATE_PROCESS { HANDLE HandleToProcess; HANDLE HandleToThread; DBGKM_CREATE_PROCESS NewProcess;} DBGUI_CREATE_PROCESS, *PDBGUI_CREATE_PROCESS;
typedef struct _DBGUI_WAIT_STATE_CHANGE { DBG_STATE NewState; CLIENT_ID AppClientId; union { DBGKM_EXCEPTION Exception; DBGUI_CREATE_THREAD CreateThread; DBGUI_CREATE_PROCESS CreateProcessInfo; DBGKM_EXIT_THREAD ExitThread; DBGKM_EXIT_PROCESS ExitProcess; DBGKM_LOAD_DLL LoadDll; DBGKM_UNLOAD_DLL UnloadDll; } StateInfo;} DBGUI_WAIT_STATE_CHANGE, *PDBGUI_WAIT_STATE_CHANGE;
typedef struct _DBGUI_CONTINUE { CLIENT_ID AppClientId; NTSTATUS ContinueStatus;} DBGUI_CONTINUE, *PDBGUI_CONTINUE;
typedef struct _DBGUI_STOPDEBUG { ULONG ProcessId;} DBGUI_STOPDEBUG, *PDBGUI_STOPDEBUG;
typedef struct _DBGUI_APIMSG { PORT_MESSAGE h; union { HANDLE DbgStateChangeSemaphore; struct { DBGKM_APINUMBER ApiNumber; NTSTATUS ReturnedStatus; union { DBGUI_CONTINUE Continue; DBGUI_WAIT_STATE_CHANGE WaitStateChange; DBGUI_STOPDEBUG StopDebug; } u; }; };} DBGUI_APIMSG, *PDBGUI_APIMSG;
typedefNTSTATUS(*PDBGSS_UI_LOOKUP) ( IN PCLIENT_ID AppClientId, OUT PCLIENT_ID DebugUiClientId );
typedefNTSTATUS(*PDBGSS_DBGKM_APIMSG_FILTER) ( IN OUT PDBGKM_APIMSG ApiMsg );
typedefNTSTATUS(*PDBGSS_SUBSYSTEMKEY_LOOKUP) ( IN PCLIENT_ID AppClientId, OUT PULONG SubsystemKey, IN BOOLEAN ProcessKey );//
// DbgSs APIs
//
NTSTATUSNTAPIDbgSsInitialize( IN HANDLE KmReplyPort, IN PDBGSS_UI_LOOKUP UiLookUpRoutine, IN PDBGSS_SUBSYSTEMKEY_LOOKUP SubsystemKeyLookupRoutine OPTIONAL, IN PDBGSS_DBGKM_APIMSG_FILTER KmApiMsgFilter OPTIONAL );
VOIDNTAPIDbgSsHandleKmApiMsg( IN PDBGKM_APIMSG ApiMsg, IN HANDLE ReplyEvent OPTIONAL );
typedefNTSTATUS(*PDBGSS_INITIALIZE_ROUTINE)( IN HANDLE KmReplyPort, IN PDBGSS_UI_LOOKUP UiLookUpRoutine, IN PDBGSS_SUBSYSTEMKEY_LOOKUP SubsystemKeyLookupRoutine OPTIONAL, IN PDBGSS_DBGKM_APIMSG_FILTER KmApiMsgFilter OPTIONAL );
typedefVOID(*PDBGSS_HANDLE_MSG_ROUTINE)( IN PDBGKM_APIMSG ApiMsg, IN HANDLE ReplyEvent OPTIONAL );
//
// DbgUi APIs
//
NTSTATUSNTAPIDbgUiConnectToDbg( VOID );
HANDLENTAPIDbgUiGetThreadDebugObject ( );
VOIDNTAPIDbgUiSetThreadDebugObject ( IN HANDLE DebugObject );
NTSTATUSNTAPIDbgUiWaitStateChange ( OUT PDBGUI_WAIT_STATE_CHANGE StateChange, IN PLARGE_INTEGER Timeout OPTIONAL );
NTSTATUSNTAPIDbgUiContinue ( IN PCLIENT_ID AppClientId, IN NTSTATUS ContinueStatus );
NTSTATUSNTAPIDbgUiStopDebugging ( IN HANDLE Process );
NTSTATUSDbgUiDebugActiveProcess ( IN HANDLE Process );
VOIDDbgUiRemoteBreakin ( IN PVOID Context );
NTSTATUSDbgUiIssueRemoteBreakin ( IN HANDLE Process );
struct _DEBUG_EVENT;
NTSTATUSDbgUiConvertStateChangeStructure ( IN PDBGUI_WAIT_STATE_CHANGE StateChange, OUT struct _DEBUG_EVENT *DebugEvent);
#endif // DBG_NO_PORTABLE_TYPES
typedef struct _KAPC_STATE32 { LIST_ENTRY32 ApcListHead[2]; ULONG Process; BOOLEAN KernelApcInProgress; BOOLEAN KernelApcPending; BOOLEAN UserApcPending;} KAPC_STATE32;
typedef struct _KAPC_STATE64 { LIST_ENTRY64 ApcListHead[2]; ULONG64 Process; BOOLEAN KernelApcInProgress; BOOLEAN KernelApcPending; BOOLEAN UserApcPending;} KAPC_STATE64;
typedef struct _DISPATCHER_HEADER32 { UCHAR Type; UCHAR Absolute; UCHAR Size; UCHAR Inserted; LONG SignalState; LIST_ENTRY32 WaitListHead;} DISPATCHER_HEADER32;
typedef struct _DISPATCHER_HEADER64 { UCHAR Type; UCHAR Absolute; UCHAR Size; UCHAR Inserted; LONG SignalState; LIST_ENTRY64 WaitListHead;} DISPATCHER_HEADER64;
typedef struct _KSPIN_LOCK_QUEUE32 { ULONG Next; ULONG Lock;} KSPIN_LOCK_QUEUE32, *PKSPIN_LOCK_QUEUE32;
typedef struct _KSPIN_LOCK_QUEUE64 { ULONG64 Next; ULONG64 Lock;} KSPIN_LOCK_QUEUE64, *PKSPIN_LOCK_QUEUE64;
typedef struct _PP_LOOKASIDE_LIST32 { ULONG P; ULONG L;} PP_LOOKASIDE_LIST32, *PPP_LOOKASIDE_LIST32;
typedef struct _PP_LOOKASIDE_LIST64 { ULONG P; ULONG L;} PP_LOOKASIDE_LIST64, *PPP_LOOKASIDE_LIST64;
#define NT51_POOL_SMALL_LISTS 32
typedef struct _X86_THREAD {
//
// The dispatcher header and mutant listhead are fairly infrequently
// referenced, but pad the thread to a 32-byte boundary (assumption
// that pool allocation is in units of 32-bytes).
//
DISPATCHER_HEADER32 Header; LIST_ENTRY32 MutantListHead;
//
// The following fields are referenced during trap, interrupts, or
// context switches.
//
// N.B. The Teb address and TlsArray are loaded as a quadword quantity
// on MIPS and therefore must be on a quadword boundary.
//
ULONG InitialStack; ULONG StackLimit; ULONG Teb; ULONG TlsArray; ULONG KernelStack; BOOLEAN DebugActive; UCHAR State; BOOLEAN Alerted[2]; UCHAR Iopl; UCHAR NpxState; CHAR Saturation; SCHAR Priority; KAPC_STATE32 ApcState;} X86_THREAD;
typedef struct _ALPHA_THREAD {
//
// The dispatcher header and mutant listhead are fairly infrequently
// referenced, but pad the thread to a 32-byte boundary (assumption
// that pool allocation is in units of 32-bytes).
//
DISPATCHER_HEADER32 Header; LIST_ENTRY32 MutantListHead;
//
// The following fields are referenced during trap, interrupts, or
// context switches.
//
// N.B. The Teb address and TlsArray are loaded as a quadword quantity
// on MIPS and therefore must be on a quadword boundary.
//
ULONG InitialStack; ULONG StackLimit; ULONG Teb; ULONG TlsArray; ULONG KernelStack; BOOLEAN DebugActive; UCHAR State; BOOLEAN Alerted[2]; UCHAR Iopl; UCHAR NpxState; CHAR Saturation; SCHAR Priority; KAPC_STATE32 ApcState;} ALPHA_THREAD, *PALPHA_THREAD;
typedef struct _AXP64_THREAD {
//
// The dispatcher header and mutant listhead are fairly infrequently
// referenced, but pad the thread to a 32-byte boundary (assumption
// that pool allocation is in units of 32-bytes).
//
DISPATCHER_HEADER64 Header; LIST_ENTRY64 MutantListHead;
//
// The following fields are referenced during trap, interrupts, or
// context switches.
//
// N.B. The Teb address and TlsArray are loaded as a quadword quantity
// on MIPS and therefore must be on a quadword boundary.
//
ULONG64 InitialStack; ULONG64 StackLimit; ULONG64 Teb; ULONG64 TlsArray; ULONG64 KernelStack; BOOLEAN DebugActive; UCHAR State; BOOLEAN Alerted[2]; UCHAR Iopl; UCHAR NpxState; CHAR Saturation; SCHAR Priority; KAPC_STATE64 ApcState;} AXP64_THREAD;
typedef struct _IA64_THREAD {
//
// The dispatcher header and mutant listhead are fairly infrequently
// referenced, but pad the thread to a 32-byte boundary (assumption
// that pool allocation is in units of 32-bytes).
//
DISPATCHER_HEADER64 Header; LIST_ENTRY64 MutantListHead;
//
// The following fields are referenced during trap, interrupts, or
// context switches.
//
// N.B. The Teb address and TlsArray are loaded as a quadword quantity
// on MIPS and therefore must be on a quadword boundary.
//
ULONG64 InitialStack; ULONG64 StackLimit; ULONG64 InitialBStore; ULONG64 BStoreLimit; CCHAR Number; ULONG64 Teb; ULONG64 TlsArray; ULONG64 KernelStack; ULONG64 KernelBStore; BOOLEAN DebugActive; UCHAR State; BOOLEAN Alerted[2]; UCHAR Iopl; UCHAR NpxState; CHAR Saturation; SCHAR Priority; KAPC_STATE64 ApcState;} IA64_THREAD;
typedef struct _AMD64_THREAD {
//
// The dispatcher header and mutant listhead are fairly infrequently
// referenced, but pad the thread to a 32-byte boundary (assumption
// that pool allocation is in units of 32-bytes).
//
DISPATCHER_HEADER64 Header; LIST_ENTRY64 MutantListHead;
//
// The following fields are referenced during trap, interrupts, or
// context switches.
//
// N.B. The Teb address and TlsArray are loaded as a quadword quantity
// on MIPS and therefore must be on a quadword boundary.
//
ULONG64 InitialStack; ULONG64 StackLimit; ULONG64 Teb; ULONG64 TlsArray; ULONG64 KernelStack; BOOLEAN DebugActive; UCHAR State; BOOLEAN Alerted[2]; UCHAR Iopl; UCHAR NpxState; CHAR Saturation; SCHAR Priority; KAPC_STATE64 ApcState;} AMD64_THREAD;
typedef struct _CROSS_PLATFORM_THREAD {
union { X86_THREAD X86Thread; ALPHA_THREAD AlphaThread; AXP64_THREAD Axp64Thread; IA64_THREAD IA64Thread; AMD64_THREAD Amd64Thread; };
} CROSS_PLATFORM_THREAD, *PCROSS_PLATFORM_THREAD;
//
// X86 KSWITCHFRAME
//
typedef struct _X86_KSWITCHFRAME { ULONG ExceptionList; ULONG Eflags; ULONG RetAddr;} X86_KSWITCHFRAME, *PX86_KSWITCHFRAME;
//
// Special Registers for i386
//
typedef struct _X86_DESCRIPTOR { USHORT Pad; USHORT Limit; ULONG Base;} X86_DESCRIPTOR, *PX86_DESCRIPTOR;
typedef struct _X86_KSPECIAL_REGISTERS { ULONG Cr0; ULONG Cr2; ULONG Cr3; ULONG Cr4; ULONG KernelDr0; ULONG KernelDr1; ULONG KernelDr2; ULONG KernelDr3; ULONG KernelDr6; ULONG KernelDr7; X86_DESCRIPTOR Gdtr; X86_DESCRIPTOR Idtr; USHORT Tr; USHORT Ldtr; ULONG Reserved[6];} X86_KSPECIAL_REGISTERS, *PX86_KSPECIAL_REGISTERS;
//
// Define the size of the 80387 save area, which is in the context frame.
//
#define X86_SIZE_OF_80387_REGISTERS 80
typedef struct _X86_FLOATING_SAVE_AREA { ULONG ControlWord; ULONG StatusWord; ULONG TagWord; ULONG ErrorOffset; ULONG ErrorSelector; ULONG DataOffset; ULONG DataSelector; UCHAR RegisterArea[X86_SIZE_OF_80387_REGISTERS]; ULONG Cr0NpxState;} X86_FLOATING_SAVE_AREA;
//
// Simulated context structure for the 16-bit environment
//
typedef struct _X86_CONTEXT {
ULONG ContextFlags; ULONG Dr0; ULONG Dr1; ULONG Dr2; ULONG Dr3; ULONG Dr6; ULONG Dr7; X86_FLOATING_SAVE_AREA FloatSave; ULONG SegGs; ULONG SegFs; ULONG SegEs; ULONG SegDs; ULONG Edi; ULONG Esi; ULONG Ebx; ULONG Edx; ULONG Ecx; ULONG Eax; ULONG Ebp; ULONG Eip; ULONG SegCs; // MUST BE SANITIZED
ULONG EFlags; // MUST BE SANITIZED
ULONG Esp; ULONG SegSs;
} X86_CONTEXT, *PX86_CONTEXT;
#define MAXIMUM_SUPPORTED_EXTENSION 512
//
// Define the size of FP registers in the FXSAVE format
//
#define X86_SIZE_OF_FX_REGISTERS 128
typedef struct _X86_FXSAVE_FORMAT { USHORT ControlWord; USHORT StatusWord; USHORT TagWord; USHORT ErrorOpcode; ULONG ErrorOffset; ULONG ErrorSelector; ULONG DataOffset; ULONG DataSelector; ULONG MXCsr; ULONG Reserved2; UCHAR RegisterArea[X86_SIZE_OF_FX_REGISTERS]; UCHAR Reserved3[X86_SIZE_OF_FX_REGISTERS]; UCHAR Reserved4[224];} X86_FXSAVE_FORMAT, *PX86_FXSAVE_FORMAT;
typedef struct _X86_NT5_CONTEXT {
ULONG ContextFlags; ULONG Dr0; ULONG Dr1; ULONG Dr2; ULONG Dr3; ULONG Dr6; ULONG Dr7; X86_FLOATING_SAVE_AREA FloatSave; ULONG SegGs; ULONG SegFs; ULONG SegEs; ULONG SegDs; ULONG Edi; ULONG Esi; ULONG Ebx; ULONG Edx; ULONG Ecx; ULONG Eax; ULONG Ebp; ULONG Eip; ULONG SegCs; // MUST BE SANITIZED
ULONG EFlags; // MUST BE SANITIZED
ULONG Esp; ULONG SegSs; union { UCHAR ExtendedRegisters[MAXIMUM_SUPPORTED_EXTENSION]; X86_FXSAVE_FORMAT FxSave; };
} X86_NT5_CONTEXT, *PX86_NT5_CONTEXT;
typedef struct _ALPHA_CONTEXT {
ULONG FltF0; ULONG FltF1; ULONG FltF2; ULONG FltF3; ULONG FltF4; ULONG FltF5; ULONG FltF6; ULONG FltF7; ULONG FltF8; ULONG FltF9; ULONG FltF10; ULONG FltF11; ULONG FltF12; ULONG FltF13; ULONG FltF14; ULONG FltF15; ULONG FltF16; ULONG FltF17; ULONG FltF18; ULONG FltF19; ULONG FltF20; ULONG FltF21; ULONG FltF22; ULONG FltF23; ULONG FltF24; ULONG FltF25; ULONG FltF26; ULONG FltF27; ULONG FltF28; ULONG FltF29; ULONG FltF30; ULONG FltF31;
ULONG IntV0; // $0: return value register, v0
ULONG IntT0; // $1: temporary registers, t0 - t7
ULONG IntT1; // $2:
ULONG IntT2; // $3:
ULONG IntT3; // $4:
ULONG IntT4; // $5:
ULONG IntT5; // $6:
ULONG IntT6; // $7:
ULONG IntT7; // $8:
ULONG IntS0; // $9: nonvolatile registers, s0 - s5
ULONG IntS1; // $10:
ULONG IntS2; // $11:
ULONG IntS3; // $12:
ULONG IntS4; // $13:
ULONG IntS5; // $14:
ULONG IntFp; // $15: frame pointer register, fp/s6
ULONG IntA0; // $16: argument registers, a0 - a5
ULONG IntA1; // $17:
ULONG IntA2; // $18:
ULONG IntA3; // $19:
ULONG IntA4; // $20:
ULONG IntA5; // $21:
ULONG IntT8; // $22: temporary registers, t8 - t11
ULONG IntT9; // $23:
ULONG IntT10; // $24:
ULONG IntT11; // $25:
ULONG IntRa; // $26: return address register, ra
ULONG IntT12; // $27: temporary register, t12
ULONG IntAt; // $28: assembler temp register, at
ULONG IntGp; // $29: global pointer register, gp
ULONG IntSp; // $30: stack pointer register, sp
ULONG IntZero; // $31: zero register, zero
ULONG Fpcr; // floating point control register
ULONG SoftFpcr; // software extension to FPCR
ULONG Fir; // (fault instruction) continuation address
ULONG Psr; // processor status
ULONG ContextFlags;
//
// Beginning of the "second half".
// The name "High" parallels the HighPart of a LargeInteger.
//
ULONG HighFltF0; ULONG HighFltF1; ULONG HighFltF2; ULONG HighFltF3; ULONG HighFltF4; ULONG HighFltF5; ULONG HighFltF6; ULONG HighFltF7; ULONG HighFltF8; ULONG HighFltF9; ULONG HighFltF10; ULONG HighFltF11; ULONG HighFltF12; ULONG HighFltF13; ULONG HighFltF14; ULONG HighFltF15; ULONG HighFltF16; ULONG HighFltF17; ULONG HighFltF18; ULONG HighFltF19; ULONG HighFltF20; ULONG HighFltF21; ULONG HighFltF22; ULONG HighFltF23; ULONG HighFltF24; ULONG HighFltF25; ULONG HighFltF26; ULONG HighFltF27; ULONG HighFltF28; ULONG HighFltF29; ULONG HighFltF30; ULONG HighFltF31;
ULONG HighIntV0; // $0: return value register, v0
ULONG HighIntT0; // $1: temporary registers, t0 - t7
ULONG HighIntT1; // $2:
ULONG HighIntT2; // $3:
ULONG HighIntT3; // $4:
ULONG HighIntT4; // $5:
ULONG HighIntT5; // $6:
ULONG HighIntT6; // $7:
ULONG HighIntT7; // $8:
ULONG HighIntS0; // $9: nonvolatile registers, s0 - s5
ULONG HighIntS1; // $10:
ULONG HighIntS2; // $11:
ULONG HighIntS3; // $12:
ULONG HighIntS4; // $13:
ULONG HighIntS5; // $14:
ULONG HighIntFp; // $15: frame pointer register, fp/s6
ULONG HighIntA0; // $16: argument registers, a0 - a5
ULONG HighIntA1; // $17:
ULONG HighIntA2; // $18:
ULONG HighIntA3; // $19:
ULONG HighIntA4; // $20:
ULONG HighIntA5; // $21:
ULONG HighIntT8; // $22: temporary registers, t8 - t11
ULONG HighIntT9; // $23:
ULONG HighIntT10; // $24:
ULONG HighIntT11; // $25:
ULONG HighIntRa; // $26: return address register, ra
ULONG HighIntT12; // $27: temporary register, t12
ULONG HighIntAt; // $28: assembler temp register, at
ULONG HighIntGp; // $29: global pointer register, gp
ULONG HighIntSp; // $30: stack pointer register, sp
ULONG HighIntZero; // $31: zero register, zero
ULONG HighFpcr; // floating point control register
ULONG HighSoftFpcr; // software extension to FPCR
ULONG HighFir; // processor status
double DoNotUseThisField; // to force quadword structure alignment
ULONG HighFill[2]; // padding for 16-byte stack frame alignment
} ALPHA_CONTEXT, *PALPHA_CONTEXT;
typedef struct _ALPHA_NT5_CONTEXT {
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_FLOATING_POINT.
//
ULONGLONG FltF0; ULONGLONG FltF1; ULONGLONG FltF2; ULONGLONG FltF3; ULONGLONG FltF4; ULONGLONG FltF5; ULONGLONG FltF6; ULONGLONG FltF7; ULONGLONG FltF8; ULONGLONG FltF9; ULONGLONG FltF10; ULONGLONG FltF11; ULONGLONG FltF12; ULONGLONG FltF13; ULONGLONG FltF14; ULONGLONG FltF15; ULONGLONG FltF16; ULONGLONG FltF17; ULONGLONG FltF18; ULONGLONG FltF19; ULONGLONG FltF20; ULONGLONG FltF21; ULONGLONG FltF22; ULONGLONG FltF23; ULONGLONG FltF24; ULONGLONG FltF25; ULONGLONG FltF26; ULONGLONG FltF27; ULONGLONG FltF28; ULONGLONG FltF29; ULONGLONG FltF30; ULONGLONG FltF31;
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_INTEGER.
//
// N.B. The registers gp, sp, and ra are defined in this section, but are
// considered part of the control context rather than part of the integer
// context.
//
ULONGLONG IntV0; // $0: return value register, v0
ULONGLONG IntT0; // $1: temporary registers, t0 - t7
ULONGLONG IntT1; // $2:
ULONGLONG IntT2; // $3:
ULONGLONG IntT3; // $4:
ULONGLONG IntT4; // $5:
ULONGLONG IntT5; // $6:
ULONGLONG IntT6; // $7:
ULONGLONG IntT7; // $8:
ULONGLONG IntS0; // $9: nonvolatile registers, s0 - s5
ULONGLONG IntS1; // $10:
ULONGLONG IntS2; // $11:
ULONGLONG IntS3; // $12:
ULONGLONG IntS4; // $13:
ULONGLONG IntS5; // $14:
ULONGLONG IntFp; // $15: frame pointer register, fp/s6
ULONGLONG IntA0; // $16: argument registers, a0 - a5
ULONGLONG IntA1; // $17:
ULONGLONG IntA2; // $18:
ULONGLONG IntA3; // $19:
ULONGLONG IntA4; // $20:
ULONGLONG IntA5; // $21:
ULONGLONG IntT8; // $22: temporary registers, t8 - t11
ULONGLONG IntT9; // $23:
ULONGLONG IntT10; // $24:
ULONGLONG IntT11; // $25:
ULONGLONG IntRa; // $26: return address register, ra
ULONGLONG IntT12; // $27: temporary register, t12
ULONGLONG IntAt; // $28: assembler temp register, at
ULONGLONG IntGp; // $29: global pointer register, gp
ULONGLONG IntSp; // $30: stack pointer register, sp
ULONGLONG IntZero; // $31: zero register, zero
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_FLOATING_POINT.
//
ULONGLONG Fpcr; // floating point control register
ULONGLONG SoftFpcr; // software extension to FPCR
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_CONTROL.
//
// N.B. The registers gp, sp, and ra are defined in the integer section,
// but are considered part of the control context rather than part of
// the integer context.
//
ULONGLONG Fir; // (fault instruction) continuation address
ULONG Psr; // processor status
//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a thread's context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//
ULONG ContextFlags; ULONG Fill[4]; // padding for 16-byte stack frame alignment
} ALPHA_NT5_CONTEXT, *PALPHA_NT5_CONTEXT;
typedef struct _IA64_KSPECIAL_REGISTERS { // Intel-IA64-Filler
// Kernel debug breakpoint registers // Intel-IA64-Filler
ULONGLONG KernelDbI0; // Instruction debug registers // Intel-IA64-Filler
ULONGLONG KernelDbI1; // Intel-IA64-Filler
ULONGLONG KernelDbI2; // Intel-IA64-Filler
ULONGLONG KernelDbI3; // Intel-IA64-Filler
ULONGLONG KernelDbI4; // Intel-IA64-Filler
ULONGLONG KernelDbI5; // Intel-IA64-Filler
ULONGLONG KernelDbI6; // Intel-IA64-Filler
ULONGLONG KernelDbI7; // Intel-IA64-Filler
ULONGLONG KernelDbD0; // Data debug registers // Intel-IA64-Filler
ULONGLONG KernelDbD1; // Intel-IA64-Filler
ULONGLONG KernelDbD2; // Intel-IA64-Filler
ULONGLONG KernelDbD3; // Intel-IA64-Filler
ULONGLONG KernelDbD4; // Intel-IA64-Filler
ULONGLONG KernelDbD5; // Intel-IA64-Filler
ULONGLONG KernelDbD6; // Intel-IA64-Filler
ULONGLONG KernelDbD7; // Intel-IA64-Filler
// Kernel performance monitor registers // Intel-IA64-Filler
ULONGLONG KernelPfC0; // Performance configuration registers // Intel-IA64-Filler
ULONGLONG KernelPfC1; // Intel-IA64-Filler
ULONGLONG KernelPfC2; // Intel-IA64-Filler
ULONGLONG KernelPfC3; // Intel-IA64-Filler
ULONGLONG KernelPfC4; // Intel-IA64-Filler
ULONGLONG KernelPfC5; // Intel-IA64-Filler
ULONGLONG KernelPfC6; // Intel-IA64-Filler
ULONGLONG KernelPfC7; // Intel-IA64-Filler
ULONGLONG KernelPfD0; // Performance data registers // Intel-IA64-Filler
ULONGLONG KernelPfD1; // Intel-IA64-Filler
ULONGLONG KernelPfD2; // Intel-IA64-Filler
ULONGLONG KernelPfD3; // Intel-IA64-Filler
ULONGLONG KernelPfD4; // Intel-IA64-Filler
ULONGLONG KernelPfD5; // Intel-IA64-Filler
ULONGLONG KernelPfD6; // Intel-IA64-Filler
ULONGLONG KernelPfD7; // Intel-IA64-Filler
// kernel bank shadow (hidden) registers // Intel-IA64-Filler
ULONGLONG IntH16; // Intel-IA64-Filler
ULONGLONG IntH17; // Intel-IA64-Filler
ULONGLONG IntH18; // Intel-IA64-Filler
ULONGLONG IntH19; // Intel-IA64-Filler
ULONGLONG IntH20; // Intel-IA64-Filler
ULONGLONG IntH21; // Intel-IA64-Filler
ULONGLONG IntH22; // Intel-IA64-Filler
ULONGLONG IntH23; // Intel-IA64-Filler
ULONGLONG IntH24; // Intel-IA64-Filler
ULONGLONG IntH25; // Intel-IA64-Filler
ULONGLONG IntH26; // Intel-IA64-Filler
ULONGLONG IntH27; // Intel-IA64-Filler
ULONGLONG IntH28; // Intel-IA64-Filler
ULONGLONG IntH29; // Intel-IA64-Filler
ULONGLONG IntH30; // Intel-IA64-Filler
ULONGLONG IntH31; // Intel-IA64-Filler
// Application Registers // Intel-IA64-Filler
// - CPUID Registers - AR // Intel-IA64-Filler
ULONGLONG ApCPUID0; // Cpuid Register 0 // Intel-IA64-Filler
ULONGLONG ApCPUID1; // Cpuid Register 1 // Intel-IA64-Filler
ULONGLONG ApCPUID2; // Cpuid Register 2 // Intel-IA64-Filler
ULONGLONG ApCPUID3; // Cpuid Register 3 // Intel-IA64-Filler
ULONGLONG ApCPUID4; // Cpuid Register 4 // Intel-IA64-Filler
ULONGLONG ApCPUID5; // Cpuid Register 5 // Intel-IA64-Filler
ULONGLONG ApCPUID6; // Cpuid Register 6 // Intel-IA64-Filler
ULONGLONG ApCPUID7; // Cpuid Register 7 // Intel-IA64-Filler
// - Kernel Registers - AR // Intel-IA64-Filler
ULONGLONG ApKR0; // Kernel Register 0 (User RO) // Intel-IA64-Filler
ULONGLONG ApKR1; // Kernel Register 1 (User RO) // Intel-IA64-Filler
ULONGLONG ApKR2; // Kernel Register 2 (User RO) // Intel-IA64-Filler
ULONGLONG ApKR3; // Kernel Register 3 (User RO) // Intel-IA64-Filler
ULONGLONG ApKR4; // Kernel Register 4 // Intel-IA64-Filler
ULONGLONG ApKR5; // Kernel Register 5 // Intel-IA64-Filler
ULONGLONG ApKR6; // Kernel Register 6 // Intel-IA64-Filler
ULONGLONG ApKR7; // Kernel Register 7 // Intel-IA64-Filler
ULONGLONG ApITC; // Interval Timer Counter // Intel-IA64-Filler
// Global control registers // Intel-IA64-Filler
ULONGLONG ApITM; // Interval Timer Match register // Intel-IA64-Filler
ULONGLONG ApIVA; // Interrupt Vector Address // Intel-IA64-Filler
ULONGLONG ApPTA; // Page Table Address // Intel-IA64-Filler
ULONGLONG ApGPTA; // ia32 Page Table Address // Intel-IA64-Filler
ULONGLONG StISR; // Interrupt status // Intel-IA64-Filler
ULONGLONG StIFA; // Interruption Faulting Address // Intel-IA64-Filler
ULONGLONG StITIR; // Interruption TLB Insertion Register // Intel-IA64-Filler
ULONGLONG StIIPA; // Interruption Instruction Previous Address (RO) // Intel-IA64-Filler
ULONGLONG StIIM; // Interruption Immediate register (RO) // Intel-IA64-Filler
ULONGLONG StIHA; // Interruption Hash Address (RO) // Intel-IA64-Filler
// - External Interrupt control registers (SAPIC) // Intel-IA64-Filler
ULONGLONG SaLID; // Local SAPIC ID // Intel-IA64-Filler
ULONGLONG SaIVR; // Interrupt Vector Register (RO) // Intel-IA64-Filler
ULONGLONG SaTPR; // Task Priority Register // Intel-IA64-Filler
ULONGLONG SaEOI; // End Of Interrupt // Intel-IA64-Filler
ULONGLONG SaIRR0; // Interrupt Request Register 0 (RO) // Intel-IA64-Filler
ULONGLONG SaIRR1; // Interrupt Request Register 1 (RO) // Intel-IA64-Filler
ULONGLONG SaIRR2; // Interrupt Request Register 2 (RO) // Intel-IA64-Filler
ULONGLONG SaIRR3; // Interrupt Request Register 3 (RO) // Intel-IA64-Filler
ULONGLONG SaITV; // Interrupt Timer Vector // Intel-IA64-Filler
ULONGLONG SaPMV; // Performance Monitor Vector // Intel-IA64-Filler
ULONGLONG SaCMCV; // Corrected Machine Check Vector // Intel-IA64-Filler
ULONGLONG SaLRR0; // Local Interrupt Redirection Vector 0 // Intel-IA64-Filler
ULONGLONG SaLRR1; // Local Interrupt Redirection Vector 1 // Intel-IA64-Filler
// System Registers // Intel-IA64-Filler
// - Region registers // Intel-IA64-Filler
ULONGLONG Rr0; // Region register 0 // Intel-IA64-Filler
ULONGLONG Rr1; // Region register 1 // Intel-IA64-Filler
ULONGLONG Rr2; // Region register 2 // Intel-IA64-Filler
ULONGLONG Rr3; // Region register 3 // Intel-IA64-Filler
ULONGLONG Rr4; // Region register 4 // Intel-IA64-Filler
ULONGLONG Rr5; // Region register 5 // Intel-IA64-Filler
ULONGLONG Rr6; // Region register 6 // Intel-IA64-Filler
ULONGLONG Rr7; // Region register 7 // Intel-IA64-Filler
// - Protection Key registers // Intel-IA64-Filler
ULONGLONG Pkr0; // Protection Key register 0 // Intel-IA64-Filler
ULONGLONG Pkr1; // Protection Key register 1 // Intel-IA64-Filler
ULONGLONG Pkr2; // Protection Key register 2 // Intel-IA64-Filler
ULONGLONG Pkr3; // Protection Key register 3 // Intel-IA64-Filler
ULONGLONG Pkr4; // Protection Key register 4 // Intel-IA64-Filler
ULONGLONG Pkr5; // Protection Key register 5 // Intel-IA64-Filler
ULONGLONG Pkr6; // Protection Key register 6 // Intel-IA64-Filler
ULONGLONG Pkr7; // Protection Key register 7 // Intel-IA64-Filler
ULONGLONG Pkr8; // Protection Key register 8 // Intel-IA64-Filler
ULONGLONG Pkr9; // Protection Key register 9 // Intel-IA64-Filler
ULONGLONG Pkr10; // Protection Key register 10 // Intel-IA64-Filler
ULONGLONG Pkr11; // Protection Key register 11 // Intel-IA64-Filler
ULONGLONG Pkr12; // Protection Key register 12 // Intel-IA64-Filler
ULONGLONG Pkr13; // Protection Key register 13 // Intel-IA64-Filler
ULONGLONG Pkr14; // Protection Key register 14 // Intel-IA64-Filler
ULONGLONG Pkr15; // Protection Key register 15 // Intel-IA64-Filler
// - Translation Lookaside buffers // Intel-IA64-Filler
ULONGLONG TrI0; // Instruction Translation Register 0 // Intel-IA64-Filler
ULONGLONG TrI1; // Instruction Translation Register 1 // Intel-IA64-Filler
ULONGLONG TrI2; // Instruction Translation Register 2 // Intel-IA64-Filler
ULONGLONG TrI3; // Instruction Translation Register 3 // Intel-IA64-Filler
ULONGLONG TrI4; // Instruction Translation Register 4 // Intel-IA64-Filler
ULONGLONG TrI5; // Instruction Translation Register 5 // Intel-IA64-Filler
ULONGLONG TrI6; // Instruction Translation Register 6 // Intel-IA64-Filler
ULONGLONG TrI7; // Instruction Translation Register 7 // Intel-IA64-Filler
ULONGLONG TrD0; // Data Translation Register 0 // Intel-IA64-Filler
ULONGLONG TrD1; // Data Translation Register 1 // Intel-IA64-Filler
ULONGLONG TrD2; // Data Translation Register 2 // Intel-IA64-Filler
ULONGLONG TrD3; // Data Translation Register 3 // Intel-IA64-Filler
ULONGLONG TrD4; // Data Translation Register 4 // Intel-IA64-Filler
ULONGLONG TrD5; // Data Translation Register 5 // Intel-IA64-Filler
ULONGLONG TrD6; // Data Translation Register 6 // Intel-IA64-Filler
ULONGLONG TrD7; // Data Translation Register 7 // Intel-IA64-Filler
// - Machine Specific Registers // Intel-IA64-Filler
ULONGLONG SrMSR0; // Machine Specific Register 0 // Intel-IA64-Filler
ULONGLONG SrMSR1; // Machine Specific Register 1 // Intel-IA64-Filler
ULONGLONG SrMSR2; // Machine Specific Register 2 // Intel-IA64-Filler
ULONGLONG SrMSR3; // Machine Specific Register 3 // Intel-IA64-Filler
ULONGLONG SrMSR4; // Machine Specific Register 4 // Intel-IA64-Filler
ULONGLONG SrMSR5; // Machine Specific Register 5 // Intel-IA64-Filler
ULONGLONG SrMSR6; // Machine Specific Register 6 // Intel-IA64-Filler
ULONGLONG SrMSR7; // Machine Specific Register 7 // Intel-IA64-Filler
} IA64_KSPECIAL_REGISTERS, *PIA64_KSPECIAL_REGISTERS; // Intel-IA64-Filler
typedef struct _IA64_CONTEXT {
//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a thread's context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//
ULONG ContextFlags; ULONG Fill1[3]; // for alignment of following on 16-byte boundary
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_DEBUG.
//
// N.B. CONTEXT_DEBUG is *not* part of CONTEXT_FULL.
//
ULONGLONG DbI0; // Intel-IA64-Filler
ULONGLONG DbI1; // Intel-IA64-Filler
ULONGLONG DbI2; // Intel-IA64-Filler
ULONGLONG DbI3; // Intel-IA64-Filler
ULONGLONG DbI4; // Intel-IA64-Filler
ULONGLONG DbI5; // Intel-IA64-Filler
ULONGLONG DbI6; // Intel-IA64-Filler
ULONGLONG DbI7; // Intel-IA64-Filler
ULONGLONG DbD0; // Intel-IA64-Filler
ULONGLONG DbD1; // Intel-IA64-Filler
ULONGLONG DbD2; // Intel-IA64-Filler
ULONGLONG DbD3; // Intel-IA64-Filler
ULONGLONG DbD4; // Intel-IA64-Filler
ULONGLONG DbD5; // Intel-IA64-Filler
ULONGLONG DbD6; // Intel-IA64-Filler
ULONGLONG DbD7; // Intel-IA64-Filler
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_LOWER_FLOATING_POINT.
//
FLOAT128 FltS0; // Intel-IA64-Filler
FLOAT128 FltS1; // Intel-IA64-Filler
FLOAT128 FltS2; // Intel-IA64-Filler
FLOAT128 FltS3; // Intel-IA64-Filler
FLOAT128 FltT0; // Intel-IA64-Filler
FLOAT128 FltT1; // Intel-IA64-Filler
FLOAT128 FltT2; // Intel-IA64-Filler
FLOAT128 FltT3; // Intel-IA64-Filler
FLOAT128 FltT4; // Intel-IA64-Filler
FLOAT128 FltT5; // Intel-IA64-Filler
FLOAT128 FltT6; // Intel-IA64-Filler
FLOAT128 FltT7; // Intel-IA64-Filler
FLOAT128 FltT8; // Intel-IA64-Filler
FLOAT128 FltT9; // Intel-IA64-Filler
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_HIGHER_FLOATING_POINT.
//
FLOAT128 FltS4; // Intel-IA64-Filler
FLOAT128 FltS5; // Intel-IA64-Filler
FLOAT128 FltS6; // Intel-IA64-Filler
FLOAT128 FltS7; // Intel-IA64-Filler
FLOAT128 FltS8; // Intel-IA64-Filler
FLOAT128 FltS9; // Intel-IA64-Filler
FLOAT128 FltS10; // Intel-IA64-Filler
FLOAT128 FltS11; // Intel-IA64-Filler
FLOAT128 FltS12; // Intel-IA64-Filler
FLOAT128 FltS13; // Intel-IA64-Filler
FLOAT128 FltS14; // Intel-IA64-Filler
FLOAT128 FltS15; // Intel-IA64-Filler
FLOAT128 FltS16; // Intel-IA64-Filler
FLOAT128 FltS17; // Intel-IA64-Filler
FLOAT128 FltS18; // Intel-IA64-Filler
FLOAT128 FltS19; // Intel-IA64-Filler
FLOAT128 FltF32; // Intel-IA64-Filler
FLOAT128 FltF33; // Intel-IA64-Filler
FLOAT128 FltF34; // Intel-IA64-Filler
FLOAT128 FltF35; // Intel-IA64-Filler
FLOAT128 FltF36; // Intel-IA64-Filler
FLOAT128 FltF37; // Intel-IA64-Filler
FLOAT128 FltF38; // Intel-IA64-Filler
FLOAT128 FltF39; // Intel-IA64-Filler
FLOAT128 FltF40; // Intel-IA64-Filler
FLOAT128 FltF41; // Intel-IA64-Filler
FLOAT128 FltF42; // Intel-IA64-Filler
FLOAT128 FltF43; // Intel-IA64-Filler
FLOAT128 FltF44; // Intel-IA64-Filler
FLOAT128 FltF45; // Intel-IA64-Filler
FLOAT128 FltF46; // Intel-IA64-Filler
FLOAT128 FltF47; // Intel-IA64-Filler
FLOAT128 FltF48; // Intel-IA64-Filler
FLOAT128 FltF49; // Intel-IA64-Filler
FLOAT128 FltF50; // Intel-IA64-Filler
FLOAT128 FltF51; // Intel-IA64-Filler
FLOAT128 FltF52; // Intel-IA64-Filler
FLOAT128 FltF53; // Intel-IA64-Filler
FLOAT128 FltF54; // Intel-IA64-Filler
FLOAT128 FltF55; // Intel-IA64-Filler
FLOAT128 FltF56; // Intel-IA64-Filler
FLOAT128 FltF57; // Intel-IA64-Filler
FLOAT128 FltF58; // Intel-IA64-Filler
FLOAT128 FltF59; // Intel-IA64-Filler
FLOAT128 FltF60; // Intel-IA64-Filler
FLOAT128 FltF61; // Intel-IA64-Filler
FLOAT128 FltF62; // Intel-IA64-Filler
FLOAT128 FltF63; // Intel-IA64-Filler
FLOAT128 FltF64; // Intel-IA64-Filler
FLOAT128 FltF65; // Intel-IA64-Filler
FLOAT128 FltF66; // Intel-IA64-Filler
FLOAT128 FltF67; // Intel-IA64-Filler
FLOAT128 FltF68; // Intel-IA64-Filler
FLOAT128 FltF69; // Intel-IA64-Filler
FLOAT128 FltF70; // Intel-IA64-Filler
FLOAT128 FltF71; // Intel-IA64-Filler
FLOAT128 FltF72; // Intel-IA64-Filler
FLOAT128 FltF73; // Intel-IA64-Filler
FLOAT128 FltF74; // Intel-IA64-Filler
FLOAT128 FltF75; // Intel-IA64-Filler
FLOAT128 FltF76; // Intel-IA64-Filler
FLOAT128 FltF77; // Intel-IA64-Filler
FLOAT128 FltF78; // Intel-IA64-Filler
FLOAT128 FltF79; // Intel-IA64-Filler
FLOAT128 FltF80; // Intel-IA64-Filler
FLOAT128 FltF81; // Intel-IA64-Filler
FLOAT128 FltF82; // Intel-IA64-Filler
FLOAT128 FltF83; // Intel-IA64-Filler
FLOAT128 FltF84; // Intel-IA64-Filler
FLOAT128 FltF85; // Intel-IA64-Filler
FLOAT128 FltF86; // Intel-IA64-Filler
FLOAT128 FltF87; // Intel-IA64-Filler
FLOAT128 FltF88; // Intel-IA64-Filler
FLOAT128 FltF89; // Intel-IA64-Filler
FLOAT128 FltF90; // Intel-IA64-Filler
FLOAT128 FltF91; // Intel-IA64-Filler
FLOAT128 FltF92; // Intel-IA64-Filler
FLOAT128 FltF93; // Intel-IA64-Filler
FLOAT128 FltF94; // Intel-IA64-Filler
FLOAT128 FltF95; // Intel-IA64-Filler
FLOAT128 FltF96; // Intel-IA64-Filler
FLOAT128 FltF97; // Intel-IA64-Filler
FLOAT128 FltF98; // Intel-IA64-Filler
FLOAT128 FltF99; // Intel-IA64-Filler
FLOAT128 FltF100; // Intel-IA64-Filler
FLOAT128 FltF101; // Intel-IA64-Filler
FLOAT128 FltF102; // Intel-IA64-Filler
FLOAT128 FltF103; // Intel-IA64-Filler
FLOAT128 FltF104; // Intel-IA64-Filler
FLOAT128 FltF105; // Intel-IA64-Filler
FLOAT128 FltF106; // Intel-IA64-Filler
FLOAT128 FltF107; // Intel-IA64-Filler
FLOAT128 FltF108; // Intel-IA64-Filler
FLOAT128 FltF109; // Intel-IA64-Filler
FLOAT128 FltF110; // Intel-IA64-Filler
FLOAT128 FltF111; // Intel-IA64-Filler
FLOAT128 FltF112; // Intel-IA64-Filler
FLOAT128 FltF113; // Intel-IA64-Filler
FLOAT128 FltF114; // Intel-IA64-Filler
FLOAT128 FltF115; // Intel-IA64-Filler
FLOAT128 FltF116; // Intel-IA64-Filler
FLOAT128 FltF117; // Intel-IA64-Filler
FLOAT128 FltF118; // Intel-IA64-Filler
FLOAT128 FltF119; // Intel-IA64-Filler
FLOAT128 FltF120; // Intel-IA64-Filler
FLOAT128 FltF121; // Intel-IA64-Filler
FLOAT128 FltF122; // Intel-IA64-Filler
FLOAT128 FltF123; // Intel-IA64-Filler
FLOAT128 FltF124; // Intel-IA64-Filler
FLOAT128 FltF125; // Intel-IA64-Filler
FLOAT128 FltF126; // Intel-IA64-Filler
FLOAT128 FltF127; // Intel-IA64-Filler
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_LOWER_FLOATING_POINT | CONTEXT_HIGHER_FLOATING_POINT | CONTEXT_CONTROL.
//
ULONGLONG StFPSR; // Intel-IA64-Filler ; FP status
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_INTEGER.
//
// N.B. The registers gp, sp, rp are part of the control context
//
ULONGLONG IntGp; // Intel-IA64-Filler ; r1, volatile
ULONGLONG IntT0; // Intel-IA64-Filler ; r2-r3, volatile
ULONGLONG IntT1; // Intel-IA64-Filler ;
ULONGLONG IntS0; // Intel-IA64-Filler ; r4-r7, preserved
ULONGLONG IntS1; // Intel-IA64-Filler
ULONGLONG IntS2; // Intel-IA64-Filler
ULONGLONG IntS3; // Intel-IA64-Filler
ULONGLONG IntV0; // Intel-IA64-Filler ; r8, volatile
ULONGLONG IntT2; // Intel-IA64-Filler ; r9-r11, volatile
ULONGLONG IntT3; // Intel-IA64-Filler
ULONGLONG IntT4; // Intel-IA64-Filler
ULONGLONG IntSp; // Intel-IA64-Filler ; stack pointer (r12), special
ULONGLONG IntTeb; // Intel-IA64-Filler ; teb (r13), special
ULONGLONG IntT5; // Intel-IA64-Filler ; r14-r31, volatile
ULONGLONG IntT6; // Intel-IA64-Filler
ULONGLONG IntT7; // Intel-IA64-Filler
ULONGLONG IntT8; // Intel-IA64-Filler
ULONGLONG IntT9; // Intel-IA64-Filler
ULONGLONG IntT10; // Intel-IA64-Filler
ULONGLONG IntT11; // Intel-IA64-Filler
ULONGLONG IntT12; // Intel-IA64-Filler
ULONGLONG IntT13; // Intel-IA64-Filler
ULONGLONG IntT14; // Intel-IA64-Filler
ULONGLONG IntT15; // Intel-IA64-Filler
ULONGLONG IntT16; // Intel-IA64-Filler
ULONGLONG IntT17; // Intel-IA64-Filler
ULONGLONG IntT18; // Intel-IA64-Filler
ULONGLONG IntT19; // Intel-IA64-Filler
ULONGLONG IntT20; // Intel-IA64-Filler
ULONGLONG IntT21; // Intel-IA64-Filler
ULONGLONG IntT22; // Intel-IA64-Filler
ULONGLONG IntNats; // Intel-IA64-Filler ; Nat bits for r1-r31
// Intel-IA64-Filler ; r1-r31 in bits 1 thru 31.
ULONGLONG Preds; // Intel-IA64-Filler ; predicates, preserved
ULONGLONG BrRp; // Intel-IA64-Filler ; return pointer, b0, preserved
ULONGLONG BrS0; // Intel-IA64-Filler ; b1-b5, preserved
ULONGLONG BrS1; // Intel-IA64-Filler
ULONGLONG BrS2; // Intel-IA64-Filler
ULONGLONG BrS3; // Intel-IA64-Filler
ULONGLONG BrS4; // Intel-IA64-Filler
ULONGLONG BrT0; // Intel-IA64-Filler ; b6-b7, volatile
ULONGLONG BrT1; // Intel-IA64-Filler
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_CONTROL.
//
// Other application registers
ULONGLONG ApUNAT; // Intel-IA64-Filler ; User Nat collection register, preserved
ULONGLONG ApLC; // Intel-IA64-Filler ; Loop counter register, preserved
ULONGLONG ApEC; // Intel-IA64-Filler ; Epilog counter register, preserved
ULONGLONG ApCCV; // Intel-IA64-Filler ; CMPXCHG value register, volatile
ULONGLONG ApDCR; // Intel-IA64-Filler ; Default control register (TBD)
// Register stack info
ULONGLONG RsPFS; // Intel-IA64-Filler ; Previous function state, preserved
ULONGLONG RsBSP; // Intel-IA64-Filler ; Backing store pointer, preserved
ULONGLONG RsBSPSTORE; // Intel-IA64-Filler
ULONGLONG RsRSC; // Intel-IA64-Filler ; RSE configuration, volatile
ULONGLONG RsRNAT; // Intel-IA64-Filler ; RSE Nat collection register, preserved
// Trap Status Information
ULONGLONG StIPSR; // Intel-IA64-Filler ; Interruption Processor Status
ULONGLONG StIIP; // Intel-IA64-Filler ; Interruption IP
ULONGLONG StIFS; // Intel-IA64-Filler ; Interruption Function State
// iA32 related control registers
ULONGLONG StFCR; // Intel-IA64-Filler ; copy of Ar21
ULONGLONG Eflag; // Intel-IA64-Filler ; Eflag copy of Ar24
ULONGLONG SegCSD; // Intel-IA64-Filler ; iA32 CSDescriptor (Ar25)
ULONGLONG SegSSD; // Intel-IA64-Filler ; iA32 SSDescriptor (Ar26)
ULONGLONG Cflag; // Intel-IA64-Filler ; Cr0+Cr4 copy of Ar27
ULONGLONG StFSR; // Intel-IA64-Filler ; x86 FP status (copy of AR28)
ULONGLONG StFIR; // Intel-IA64-Filler ; x86 FP status (copy of AR29)
ULONGLONG StFDR; // Intel-IA64-Filler ; x86 FP status (copy of AR30)
ULONGLONG UNUSEDPACK; // Intel-IA64-Filler ; added to pack StFDR to 16-bytes
} IA64_CONTEXT, *PIA64_CONTEXT;
//
// Special Registers for AMD64.
//
typedef struct _AMD64_DESCRIPTOR { USHORT Pad[3]; USHORT Limit; ULONG64 Base;} AMD64_DESCRIPTOR, *PAMD64_DESCRIPTOR;
typedef struct _AMD64_KSPECIAL_REGISTERS { ULONG64 Cr0; ULONG64 Cr2; ULONG64 Cr3; ULONG64 Cr4; ULONG64 KernelDr0; ULONG64 KernelDr1; ULONG64 KernelDr2; ULONG64 KernelDr3; ULONG64 KernelDr6; ULONG64 KernelDr7; AMD64_DESCRIPTOR Gdtr; AMD64_DESCRIPTOR Idtr; USHORT Tr; USHORT Ldtr; ULONG MxCsr;} AMD64_KSPECIAL_REGISTERS, *PAMD64_KSPECIAL_REGISTERS;
typedef struct _AMD64_KSWITCH_FRAME { ULONG64 Fill0; ULONG MxCsr; KIRQL ApcBypass; BOOLEAN NpxSave; UCHAR Fill1[2]; ULONG64 Rbp; ULONG64 Return;} AMD64_KSWITCH_FRAME, *PAMD64_KSWITCH_FRAME;
//
// Format of data for fnsave/frstor instructions.
//
// This structure is used to store the legacy floating point state.
//
typedef struct _AMD64_LEGACY_SAVE_AREA { USHORT ControlWord; USHORT Reserved0; USHORT StatusWord; USHORT Reserved1; USHORT TagWord; USHORT Reserved2; ULONG ErrorOffset; USHORT ErrorSelector; USHORT ErrorOpcode; ULONG DataOffset; USHORT DataSelector; USHORT Reserved3; UCHAR FloatRegisters[8 * 10];} AMD64_LEGACY_SAVE_AREA, *PAMD64_LEGACY_SAVE_AREA;
typedef struct _AMD64_M128 { ULONGLONG Low; LONGLONG High;} AMD64_M128, *PAMD64_M128;
// Must be 16-byte aligned.
typedef struct _AMD64_CONTEXT {
//
// Register parameter home addresses.
//
ULONG64 P1Home; ULONG64 P2Home; ULONG64 P3Home; ULONG64 P4Home; ULONG64 P5Home; ULONG64 P6Home;
//
// Control flags.
//
ULONG ContextFlags; ULONG MxCsr;
//
// Segment Registers and processor flags.
//
USHORT SegCs; USHORT SegDs; USHORT SegEs; USHORT SegFs; USHORT SegGs; USHORT SegSs; ULONG EFlags;
//
// Debug registers
//
ULONG64 Dr0; ULONG64 Dr1; ULONG64 Dr2; ULONG64 Dr3; ULONG64 Dr6; ULONG64 Dr7;
//
// Integer registers.
//
ULONG64 Rax; ULONG64 Rcx; ULONG64 Rdx; ULONG64 Rbx; ULONG64 Rsp; ULONG64 Rbp; ULONG64 Rsi; ULONG64 Rdi; ULONG64 R8; ULONG64 R9; ULONG64 R10; ULONG64 R11; ULONG64 R12; ULONG64 R13; ULONG64 R14; ULONG64 R15;
//
// Program counter.
//
ULONG64 Rip;
//
// MMX/floating point state.
//
AMD64_M128 Xmm0; AMD64_M128 Xmm1; AMD64_M128 Xmm2; AMD64_M128 Xmm3; AMD64_M128 Xmm4; AMD64_M128 Xmm5; AMD64_M128 Xmm6; AMD64_M128 Xmm7; AMD64_M128 Xmm8; AMD64_M128 Xmm9; AMD64_M128 Xmm10; AMD64_M128 Xmm11; AMD64_M128 Xmm12; AMD64_M128 Xmm13; AMD64_M128 Xmm14; AMD64_M128 Xmm15;
//
// Legacy floating point state.
//
AMD64_LEGACY_SAVE_AREA FltSave; ULONG Fill;} AMD64_CONTEXT, *PAMD64_CONTEXT;
typedef struct _CROSS_PLATFORM_CONTEXT {
union { X86_CONTEXT X86Context; X86_NT5_CONTEXT X86Nt5Context; ALPHA_CONTEXT AlphaContext; ALPHA_NT5_CONTEXT AlphaNt5Context; IA64_CONTEXT IA64Context; AMD64_CONTEXT Amd64Context; };
} CROSS_PLATFORM_CONTEXT, *PCROSS_PLATFORM_CONTEXT;
typedef struct _CROSS_PLATFORM_KSPECIAL_REGISTERS {
union { X86_KSPECIAL_REGISTERS X86Special; IA64_KSPECIAL_REGISTERS IA64Special; AMD64_KSPECIAL_REGISTERS Amd64Special; };
} CROSS_PLATFORM_KSPECIAL_REGISTERS, *PCROSS_PLATFORM_KSPECIAL_REGISTERS;
typedef struct _X86_KPROCESSOR_STATE { struct _X86_CONTEXT ContextFrame; struct _X86_KSPECIAL_REGISTERS SpecialRegisters;} X86_KPROCESSOR_STATE, *PX86_KPROCESSOR_STATE;
typedef struct _X86_NT5_KPROCESSOR_STATE { struct _X86_NT5_CONTEXT ContextFrame; struct _X86_KSPECIAL_REGISTERS SpecialRegisters;} X86_NT5_KPROCESSOR_STATE, *PX86_NT5_KPROCESSOR_STATE;
typedef struct _ALPHA_NT5_KPROCESSOR_STATE { struct _ALPHA_NT5_CONTEXT ContextFrame;} ALPHA_NT5_KPROCESSOR_STATE, *PALPHA_NT5_KPROCESSOR_STATE;
typedef struct _IA64_KPROCESSOR_STATE { struct _IA64_CONTEXT ContextFrame; struct _IA64_KSPECIAL_REGISTERS SpecialRegisters;} IA64_KPROCESSOR_STATE, *PIA64_KPROCESSOR_STATE;
typedef struct _AMD64_KPROCESSOR_STATE { struct _AMD64_KSPECIAL_REGISTERS SpecialRegisters; ULONG64 Fill; struct _AMD64_CONTEXT ContextFrame;} AMD64_KPROCESSOR_STATE, *PAMD64_KPROCESSOR_STATE;
#define DBGKD_MAXSTREAM 16
typedef struct _X86_DBGKD_CONTROL_REPORT { ULONG Dr6; ULONG Dr7; USHORT InstructionCount; USHORT ReportFlags; UCHAR InstructionStream[DBGKD_MAXSTREAM]; USHORT SegCs; USHORT SegDs; USHORT SegEs; USHORT SegFs; ULONG EFlags;} X86_DBGKD_CONTROL_REPORT, *PX86_DBGKD_CONTROL_REPORT;
#define X86_REPORT_INCLUDES_SEGS 0x0001
// Indicates the current CS is a standard 32-bit flat segment.
// This allows the debugger to avoid retrieving the
// CS descriptor to see if it's 16-bit code or not.
// Note that the V86 flag in EFlags must also be checked
// when determining the code type.
#define X86_REPORT_STANDARD_CS 0x0002
typedef struct _ALPHA_DBGKD_CONTROL_REPORT { ULONG InstructionCount; UCHAR InstructionStream[DBGKD_MAXSTREAM];} ALPHA_DBGKD_CONTROL_REPORT, *PALPHA_DBGKD_CONTROL_REPORT;
typedef struct _IA64_DBGKD_CONTROL_REPORT { ULONG InstructionCount; UCHAR InstructionStream[DBGKD_MAXSTREAM];} IA64_DBGKD_CONTROL_REPORT, *PIA64_DBGKD_CONTROL_REPORT;
typedef struct _AMD64_DBGKD_CONTROL_REPORT { ULONG64 Dr6; ULONG64 Dr7; ULONG EFlags; USHORT InstructionCount; USHORT ReportFlags; UCHAR InstructionStream[DBGKD_MAXSTREAM]; USHORT SegCs; USHORT SegDs; USHORT SegEs; USHORT SegFs;} AMD64_DBGKD_CONTROL_REPORT, *PAMD64_DBGKD_CONTROL_REPORT;
#define AMD64_REPORT_INCLUDES_SEGS 0x0001
// Indicates the current CS is a standard 64-bit flat segment.
// This allows the debugger to avoid retrieving the
// CS descriptor to see if it's 16- or 32-bit code or not.
// Note that the V86 flag in EFlags must also be checked
// when determining the code type.
#define AMD64_REPORT_STANDARD_CS 0x0002
typedef struct _DBGKD_ANY_CONTROL_REPORT{ union { X86_DBGKD_CONTROL_REPORT X86ControlReport; ALPHA_DBGKD_CONTROL_REPORT AlphaControlReport; IA64_DBGKD_CONTROL_REPORT IA64ControlReport; AMD64_DBGKD_CONTROL_REPORT Amd64ControlReport; };} DBGKD_ANY_CONTROL_REPORT, *PDBGKD_ANY_CONTROL_REPORT;
// DBGKD_ANY_CONTROL_SET is 32-bit packed with an NTSTATUS in
// DBGKD_CONTINUE2 so start with a 32-bit value to get the 64-bit
// values aligned.
#include <pshpack4.h>
typedef struct _X86_DBGKD_CONTROL_SET { ULONG TraceFlag; ULONG Dr7; ULONG CurrentSymbolStart; ULONG CurrentSymbolEnd;} X86_DBGKD_CONTROL_SET, *PX86_DBGKD_CONTROL_SET;
typedef ULONG ALPHA_DBGKD_CONTROL_SET, *PALPHA_DBGKD_CONTROL_SET;
#define IA64_DBGKD_CONTROL_SET_CONTINUE_NONE 0x0000
#define IA64_DBGKD_CONTROL_SET_CONTINUE_TRACE_INSTRUCTION 0x0001
#define IA64_DBGKD_CONTROL_SET_CONTINUE_TRACE_TAKEN_BRANCH 0x0002
typedef struct _IA64_DBGKD_CONTROL_SET { ULONG Continue; ULONG64 CurrentSymbolStart; ULONG64 CurrentSymbolEnd;} IA64_DBGKD_CONTROL_SET, *PIA64_DBGKD_CONTROL_SET;
typedef struct _AMD64_DBGKD_CONTROL_SET { ULONG TraceFlag; ULONG64 Dr7; ULONG64 CurrentSymbolStart; ULONG64 CurrentSymbolEnd;} AMD64_DBGKD_CONTROL_SET, *PAMD64_DBGKD_CONTROL_SET;
typedef struct _DBGKD_ANY_CONTROL_SET{ union { X86_DBGKD_CONTROL_SET X86ControlSet; ALPHA_DBGKD_CONTROL_SET AlphaControlSet; IA64_DBGKD_CONTROL_SET IA64ControlSet; AMD64_DBGKD_CONTROL_SET Amd64ControlSet; };} DBGKD_ANY_CONTROL_SET, *PDBGKD_ANY_CONTROL_SET;
#include <poppack.h>
//
// Deferred Procedure Call (DPC) object
//
typedef struct _KDPC32 { CSHORT Type; UCHAR Number; UCHAR Importance; LIST_ENTRY32 DpcListEntry; ULONG DeferredRoutine; ULONG DeferredContext; ULONG SystemArgument1; ULONG SystemArgument2; ULONG Lock;} KDPC32;
typedef struct _KDPC64 { CSHORT Type; UCHAR Number; UCHAR Importance; LIST_ENTRY64 DpcListEntry; ULONG64 DeferredRoutine; ULONG64 DeferredContext; ULONG64 SystemArgument1; ULONG64 SystemArgument2; ULONG64 Lock;} KDPC64;
//
// LDT descriptor entry
//
typedef struct _X86_LDT_ENTRY { USHORT LimitLow; USHORT BaseLow; union { struct { UCHAR BaseMid; UCHAR Flags1; // Declare as bytes to avoid alignment
UCHAR Flags2; // Problems.
UCHAR BaseHi; } Bytes; struct { ULONG BaseMid : 8; ULONG Type : 5; ULONG Dpl : 2; ULONG Pres : 1; ULONG LimitHi : 4; ULONG Sys : 1; ULONG Reserved_0 : 1; ULONG Default_Big : 1; ULONG Granularity : 1; ULONG BaseHi : 8; } Bits; } HighWord;} X86_LDT_ENTRY, *PX86_LDT_ENTRY;
typedef struct _X86_DESCRIPTOR_TABLE_ENTRY { ULONG Selector; X86_LDT_ENTRY Descriptor;} X86_DESCRIPTOR_TABLE_ENTRY, *PX86_DESCRIPTOR_TABLE_ENTRY;
typedef struct _X86_KTRAP_FRAME {
//
// Following 4 values are only used and defined for DBG systems,
// but are always allocated to make switching from DBG to non-DBG
// and back quicker. They are not DEVL because they have a non-0
// performance impact.
//
ULONG DbgEbp; // Copy of User EBP set up so KB will work.
ULONG DbgEip; // EIP of caller to system call, again, for KB.
ULONG DbgArgMark; // Marker to show no args here.
ULONG DbgArgPointer; // Pointer to the actual args
//
// Temporary values used when frames are edited.
//
//
// NOTE: Any code that want's ESP must materialize it, since it
// is not stored in the frame for kernel mode callers.
//
// And code that sets ESP in a KERNEL mode frame, must put
// the new value in TempEsp, make sure that TempSegCs holds
// the real SegCs value, and put a special marker value into SegCs.
//
ULONG TempSegCs; ULONG TempEsp;
//
// Debug registers.
//
ULONG Dr0; ULONG Dr1; ULONG Dr2; ULONG Dr3; ULONG Dr6; ULONG Dr7;
//
// Segment registers
//
ULONG SegGs; ULONG SegEs; ULONG SegDs;
//
// Volatile registers
//
ULONG Edx; ULONG Ecx; ULONG Eax;
//
// Nesting state, not part of context record
//
ULONG PreviousPreviousMode;
ULONG ExceptionList; // Trash if caller was user mode.
// Saved exception list if caller
// was kernel mode or we're in
// an interrupt.
//
// FS is TIB/PCR pointer, is here to make save sequence easy
//
ULONG SegFs;
//
// Non-volatile registers
//
ULONG Edi; ULONG Esi; ULONG Ebx; ULONG Ebp;
//
// Control registers
//
ULONG ErrCode; ULONG Eip; ULONG SegCs; ULONG EFlags;
ULONG HardwareEsp; // WARNING - segSS:esp are only here for stacks
ULONG HardwareSegSs; // that involve a ring transition.
ULONG V86Es; // these will be present for all transitions from
ULONG V86Ds; // V86 mode
ULONG V86Fs; ULONG V86Gs;} X86_KTRAP_FRAME, *PX86_KTRAP_FRAME;
typedef struct _ALPHA_KTRAP_FRAME {
//
// Fields saved in the PALcode.
//
ULONGLONG IntSp; // $30: stack pointer register, sp
ULONGLONG Fir; // (fault instruction) continuation address
ULONG Psr; // processor status
ULONG Fill1[1]; // unused
ULONGLONG IntFp; // $15: frame pointer register, fp/s6
ULONGLONG IntA0; // $16: argument registers, a0 - a3
ULONGLONG IntA1; // $17:
ULONGLONG IntA2; // $18:
ULONGLONG IntA3; // $19:
ULONGLONG IntRa; // $26: return address register, ra
ULONGLONG IntGp; // $29: global pointer register, gp
UCHAR ExceptionRecord[(sizeof(EXCEPTION_RECORD32) + 15) & (~15)];
//
// Volatile integer registers, s0 - s5 are nonvolatile.
//
ULONGLONG IntV0; // $0: return value register, v0
ULONGLONG IntT0; // $1: temporary registers, t0 - t7
ULONGLONG IntT1; // $2:
ULONGLONG IntT2; // $3:
ULONGLONG IntT3; // $4:
ULONGLONG IntT4; // $5:
ULONGLONG IntT5; // $6:
ULONGLONG IntT6; // $7:
ULONGLONG IntT7; // $8:
ULONGLONG IntT8; // $22: temporary registers, t8 - t11
ULONGLONG IntT9; // $23:
ULONGLONG IntT10; // $24:
ULONGLONG IntT11; // $25:
ULONGLONG IntT12; // $27: temporary register, t12
ULONGLONG IntAt; // $28: assembler temporary register, at
ULONGLONG IntA4; // $20: remaining argument registers a4 - a5
ULONGLONG IntA5; // $21:
//
// Volatile floating point registers, f2 - f9 are nonvolatile.
//
ULONGLONG FltF0; // $f0:
ULONGLONG Fpcr; // floating point control register
ULONGLONG FltF1; // $f1:
ULONGLONG FltF10; // $f10: temporary registers, $f10 - $f30
ULONGLONG FltF11; // $f11:
ULONGLONG FltF12; // $f12:
ULONGLONG FltF13; // $f13:
ULONGLONG FltF14; // $f14:
ULONGLONG FltF15; // $f15:
ULONGLONG FltF16; // $f16:
ULONGLONG FltF17; // $f17:
ULONGLONG FltF18; // $f18:
ULONGLONG FltF19; // $f19:
ULONGLONG FltF20; // $f20:
ULONGLONG FltF21; // $f21:
ULONGLONG FltF22; // $f22:
ULONGLONG FltF23; // $f23:
ULONGLONG FltF24; // $f24:
ULONGLONG FltF25; // $f25:
ULONGLONG FltF26; // $f26:
ULONGLONG FltF27; // $f27:
ULONGLONG FltF28; // $f28:
ULONGLONG FltF29; // $f29:
ULONGLONG FltF30; // $f30:
ULONG OldIrql; // Previous Irql.
ULONG PreviousMode; // Previous Mode.
ULONGLONG TrapFrame; //
ULONG Fill2[3]; // padding for 32-byte stack frame alignment
} ALPHA_KTRAP_FRAME, *PALPHA_KTRAP_FRAME;
typedef struct _AXP64_KTRAP_FRAME {
//
// Fields saved in the PALcode.
//
ULONGLONG IntSp; // $30: stack pointer register, sp
ULONGLONG Fir; // (fault instruction) continuation address
ULONG Psr; // processor status
ULONG Fill1[1]; // unused
ULONGLONG IntFp; // $15: frame pointer register, fp/s6
ULONGLONG IntA0; // $16: argument registers, a0 - a3
ULONGLONG IntA1; // $17:
ULONGLONG IntA2; // $18:
ULONGLONG IntA3; // $19:
ULONGLONG IntRa; // $26: return address register, ra
ULONGLONG IntGp; // $29: global pointer register, gp
UCHAR ExceptionRecord[(sizeof(EXCEPTION_RECORD64) + 15) & (~15)];
//
// Volatile integer registers, s0 - s5 are nonvolatile.
//
ULONGLONG IntV0; // $0: return value register, v0
ULONGLONG IntT0; // $1: temporary registers, t0 - t7
ULONGLONG IntT1; // $2:
ULONGLONG IntT2; // $3:
ULONGLONG IntT3; // $4:
ULONGLONG IntT4; // $5:
ULONGLONG IntT5; // $6:
ULONGLONG IntT6; // $7:
ULONGLONG IntT7; // $8:
ULONGLONG IntT8; // $22: temporary registers, t8 - t11
ULONGLONG IntT9; // $23:
ULONGLONG IntT10; // $24:
ULONGLONG IntT11; // $25:
ULONGLONG IntT12; // $27: temporary register, t12
ULONGLONG IntAt; // $28: assembler temporary register, at
ULONGLONG IntA4; // $20: remaining argument registers a4 - a5
ULONGLONG IntA5; // $21:
//
// Volatile floating point registers, f2 - f9 are nonvolatile.
//
ULONGLONG FltF0; // $f0:
ULONGLONG Fpcr; // floating point control register
ULONGLONG FltF1; // $f1:
ULONGLONG FltF10; // $f10: temporary registers, $f10 - $f30
ULONGLONG FltF11; // $f11:
ULONGLONG FltF12; // $f12:
ULONGLONG FltF13; // $f13:
ULONGLONG FltF14; // $f14:
ULONGLONG FltF15; // $f15:
ULONGLONG FltF16; // $f16:
ULONGLONG FltF17; // $f17:
ULONGLONG FltF18; // $f18:
ULONGLONG FltF19; // $f19:
ULONGLONG FltF20; // $f20:
ULONGLONG FltF21; // $f21:
ULONGLONG FltF22; // $f22:
ULONGLONG FltF23; // $f23:
ULONGLONG FltF24; // $f24:
ULONGLONG FltF25; // $f25:
ULONGLONG FltF26; // $f26:
ULONGLONG FltF27; // $f27:
ULONGLONG FltF28; // $f28:
ULONGLONG FltF29; // $f29:
ULONGLONG FltF30; // $f30:
ULONG OldIrql; // Previous Irql.
ULONG PreviousMode; // Previous Mode.
ULONGLONG TrapFrame; //
ULONG Fill2[3]; // padding for 32-byte stack frame alignment
} AXP64_KTRAP_FRAME, *PAXP64_KTRAP_FRAME;
typedef struct _AMD64_KTRAP_FRAME {
//
// Home address for the parameter registers.
//
ULONG64 P1Home; ULONG64 P2Home; ULONG64 P3Home; ULONG64 P4Home; ULONG64 P5;
//
// Previous processor mode (system services only) and previous IRQL
// (interrupts only).
//
CCHAR PreviousMode; KIRQL PreviousIrql; UCHAR Fill0[2];
//
// Floating point state.
//
ULONG MxCsr;
//
// Volatile registers.
//
// N.B. These registers are only saved on exceptions and interrupts. They
// are not saved for system calls.
//
ULONG64 Rax; ULONG64 Rcx; ULONG64 Rdx; ULONG64 R8; ULONG64 R9; ULONG64 R10; ULONG64 R11; ULONG64 Spare0;
//
// Volatile floating registers.
//
// N.B. These registers are only saved on exceptions and interrupts. They
// are not saved for system calls.
//
AMD64_M128 Xmm0; AMD64_M128 Xmm1; AMD64_M128 Xmm2; AMD64_M128 Xmm3; AMD64_M128 Xmm4; AMD64_M128 Xmm5;
//
// Debug registers.
//
ULONG64 Dr0; ULONG64 Dr1; ULONG64 Dr2; ULONG64 Dr3; ULONG64 Dr6; ULONG64 Dr7;
//
// Segment registers
//
USHORT SegDs; USHORT SegEs; USHORT SegFs; USHORT SegGs;
//
// Previous trap frame address.
//
ULONG64 TrapFrame;
//
// Exception record for exceptions.
//
UCHAR ExceptionRecord[(sizeof(EXCEPTION_RECORD64) + 15) & (~15)];
//
// Saved nonvolatile registers RBX, RDI and RSI. These registers are only
// saved in system service trap frames.
//
ULONG64 Rbx; ULONG64 Rdi; ULONG64 Rsi;
//
// Saved nonvolatile register RBP. This register is used as a frame
// pointer during trap processing and is saved in all trap frames.
//
ULONG64 Rbp;
//
// Information pushed by hardware.
//
// N.B. The error code is not always pushed by hardware. For those cases
// where it is not pushed by hardware a dummy error code is allocated
// on the stack.
//
ULONG64 ErrorCode; ULONG64 Rip; USHORT SegCs; USHORT Fill1[3]; ULONG EFlags; ULONG Fill2; ULONG64 Rsp; USHORT SegSs; USHORT Fill3[3];} AMD64_KTRAP_FRAME, *PAMD64_KTRAP_FRAME;
typedef struct _X86_PARTIAL_KPRCB {
//
// Start of the architecturally defined section of the PRCB. This section
// may be directly addressed by vendor/platform specific HAL code and will
// not change from version to version of NT.
//
USHORT MinorVersion; USHORT MajorVersion;
ULONG CurrentThread; ULONG NextThread; ULONG IdleThread;
CCHAR Number; CCHAR Reserved; USHORT BuildType; ULONG SetMember;
CCHAR CpuType; CCHAR CpuID; USHORT CpuStep;
X86_NT5_KPROCESSOR_STATE ProcessorState;
} X86_PARTIAL_KPRCB, *PX86_PARTIAL_KPRCB;
typedef struct _X86_KPCR {
//
// Start of the architecturally defined section of the PCR. This section
// may be directly addressed by vendor/platform specific HAL code and will
// not change from version to version of NT.
//
NT_TIB32 NtTib; ULONG SelfPcr; // flat address of this PCR
ULONG Prcb; // pointer to Prcb
} X86_KPCR, *PX86_KPCR;
typedef struct _ALPHA_PARTIAL_KPRCB {
//
// Major and minor version numbers of the PCR.
//
USHORT MinorVersion; USHORT MajorVersion;
//
// Start of the architecturally defined section of the PRCB. This section
// may be directly addressed by vendor/platform specific HAL code and will
// not change from version to version of NT.
//
ULONG CurrentThread; ULONG NextThread; ULONG IdleThread;
CCHAR Number; CCHAR Reserved; USHORT BuildType; ULONG SetMember; ULONG RestartBlock;
//
// End of the architecturally defined section of the PRCB. This section
// may be directly addressed by vendor/platform specific HAL code and will
// not change from version to version of NT.
//
ULONG InterruptCount; ULONG DpcTime; ULONG InterruptTime; ULONG KernelTime; ULONG UserTime; KDPC32 QuantumEndDpc;
//
// Address of PCR.
//
ULONG Pcr;
//
// MP Information.
//
ULONG Spare2; ULONG Spare3; volatile ULONG IpiFrozen; ALPHA_NT5_KPROCESSOR_STATE ProcessorState;
} ALPHA_PARTIAL_KPRCB, *PALPHA_PARTIAL_KPRCB;
typedef struct _ALPHA_PARTIAL_KPCR {
//
// Major and minor version numbers of the PCR.
//
ULONG MinorVersion; ULONG MajorVersion;
//
// Start of the architecturally defined section of the PCR. This section
// may be directly addressed by vendor/platform specific PAL/HAL code and will
// not change from version to version of NT.
//
// PALcode information.
//
ULONGLONG PalBaseAddress; ULONG PalMajorVersion; ULONG PalMinorVersion; ULONG PalSequenceVersion; ULONG PalMajorSpecification; ULONG PalMinorSpecification;
//
// Firmware restart information.
//
ULONGLONG FirmwareRestartAddress; ULONG RestartBlock;
//
// Reserved per-processor region for the PAL (3K-8 bytes).
//
ULONGLONG PalReserved[383];
//
// Alignment fixup count updated by PAL and read by kernel.
//
ULONGLONG PalAlignmentFixupCount;
//
// Panic Stack Address.
//
ULONG PanicStack;
//
// Processor parameters.
//
ULONG ProcessorType; ULONG ProcessorRevision; ULONG PhysicalAddressBits; ULONG MaximumAddressSpaceNumber; ULONG PageSize; ULONG FirstLevelDcacheSize; ULONG FirstLevelDcacheFillSize; ULONG FirstLevelIcacheSize; ULONG FirstLevelIcacheFillSize;
} ALPHA_PARTIAL_KPCR, *PALPHA_PARTIAL_KPCR;
typedef struct _AXP64_PARTIAL_KPRCB {
//
// Major and minor version numbers of the PCR.
//
USHORT MinorVersion; USHORT MajorVersion;
//
// Start of the architecturally defined section of the PRCB. This section
// may be directly addressed by vendor/platform specific HAL code and will
// not change from version to version of NT.
//
ULONG64 CurrentThread; ULONG64 NextThread; ULONG64 IdleThread; CCHAR Number; CCHAR Reserved; USHORT BuildType; ULONG64 SetMember; ULONG64 RestartBlock;
//
// End of the architecturally defined section of the PRCB. This section
// may be directly addressed by vendor/platform specific HAL code and will
// not change from version to version of NT.
//
ULONG InterruptCount; ULONG DpcTime; ULONG InterruptTime; ULONG KernelTime; ULONG UserTime; KDPC64 QuantumEndDpc;
//
// Address of PCR.
//
ULONG64 Pcr;
//
// MP Information.
//
ULONG64 Spare2; ULONG64 Spare3; volatile ULONG IpiFrozen; ALPHA_NT5_KPROCESSOR_STATE ProcessorState;
} AXP64_PARTIAL_KPRCB, *PAXP64_PARTIAL_KPRCB;
typedef struct _AXP64_PARTIAL_KPCR {
//
// Major and minor version numbers of the PCR.
//
ULONG MinorVersion; ULONG MajorVersion;
//
// Start of the architecturally defined section of the PCR. This section
// may be directly addressed by vendor/platform specific PAL/HAL code and will
// not change from version to version of NT.
//
// PALcode information.
//
ULONGLONG PalBaseAddress; ULONG PalMajorVersion; ULONG PalMinorVersion; ULONG PalSequenceVersion; ULONG PalMajorSpecification; ULONG PalMinorSpecification;
//
// Firmware restart information.
//
ULONGLONG FirmwareRestartAddress; ULONG64 RestartBlock;
//
// Reserved per-processor region for the PAL (3K-8 bytes).
//
ULONGLONG PalReserved[383];
//
// Alignment fixup count updated by PAL and read by kernel.
//
ULONGLONG PalAlignmentFixupCount;
//
// Panic Stack Address.
//
ULONG64 PanicStack;
//
// Processor parameters.
//
ULONG ProcessorType; ULONG ProcessorRevision; ULONG PhysicalAddressBits; ULONG MaximumAddressSpaceNumber; ULONG PageSize; ULONG FirstLevelDcacheSize; ULONG FirstLevelDcacheFillSize; ULONG FirstLevelIcacheSize; ULONG FirstLevelIcacheFillSize;
} AXP64_PARTIAL_KPCR, *PAXP64_PARTIAL_KPCR;
typedef struct _IA64_PARTIAL_KPRCB {
//
// Major and minor version numbers of the PCR.
//
USHORT MinorVersion; USHORT MajorVersion; ULONG64 CurrentThread; ULONG64 NextThread; ULONG64 IdleThread; CCHAR Number; CCHAR Reserved; USHORT BuildType; ULONG64 SetMember; ULONG64 RestartBlock; ULONG64 PcrPage; ULONG Spares1[4];
//
// Processor Idendification Registers.
//
ULONG ProcessorModel; ULONG ProcessorRevision; ULONG ProcessorFamily; ULONG ProcessorArchRev; ULONGLONG ProcessorSerialNumber; ULONGLONG ProcessorFeatureBits; UCHAR ProcessorVendorString[16];
//
// Space reserved for the system.
//
ULONGLONG SystemReserved[8];
//
// Space reserved for the HAL.
//
ULONGLONG HalReserved[16];
//
// End of the architecturally defined section of the PRCB.
// end_nthal end_ntddk
//
ULONG DpcTime; ULONG InterruptTime; ULONG KernelTime; ULONG UserTime; ULONG InterruptCount; ULONG DispatchInterruptCount; ULONG ApcBypassCount; ULONG DpcBypassCount; ULONG Spare0[4];
//
// MP information.
//
ULONG64 Spare1; ULONG64 Spare2; ULONG64 Spare3; volatile ULONG IpiFrozen; struct _IA64_KPROCESSOR_STATE ProcessorState;
} IA64_PARTIAL_KPRCB, *PIA64_PARTIAL_KPRCB;
typedef struct _AMD64_PARTIAL_KPRCB {
//
// Start of the architecturally defined section of the PRCB. This section
// may be directly addressed by vendor/platform specific HAL code and will
// not change from version to version of NT.
//
USHORT MinorVersion; USHORT MajorVersion; CCHAR Number; CCHAR Reserved; USHORT BuildType; ULONG64 CurrentThread; ULONG64 NextThread; ULONG64 IdleThread; ULONG64 SetMember; ULONG64 NotSetMember; AMD64_KPROCESSOR_STATE ProcessorState; CCHAR CpuType; CCHAR CpuID; USHORT CpuStep; ULONG KernelReserved[16]; ULONG HalReserved[16]; ULONG PrcbAlign1[22];
//
// End of the architecturally defined section of the PRCB.
//
// end_nthal end_ntosp
//
// Numbered queued spin locks - 128-byte aligned.
//
KSPIN_LOCK_QUEUE64 LockQueue[16];
//
// Nonpaged per processor lookaside lists - 128-byte aligned.
//
PP_LOOKASIDE_LIST64 PPLookasideList[16];
//
// Nonpaged per processor small pool lookaside lists - 128-byte aligned.
//
PP_LOOKASIDE_LIST64 PPNPagedLookasideList[NT51_POOL_SMALL_LISTS];
//
// Paged per processor small pool lookaside lists.
//
PP_LOOKASIDE_LIST64 PPPagedLookasideList[NT51_POOL_SMALL_LISTS];
//
// MP interprocessor request packet barrier - 128-byte aligned.
//
ULONG PacketBarrier; ULONG PrcbAlign2[31];
//
// MP interprocessor request packet and summary - 128-byte aligned.
//
ULONG64 CurrentPacket[3]; ULONG64 TargetSet; ULONG64 WorkerRoutine; ULONG IpiFrozen; ULONG PrcbAlign3[21];
//
// MP interprocessor request summary and packet address - 128-byte aligned.
//
ULONG64 PacketRequest; ULONG RequestSummary; ULONG PrcbAlign4[29];
//
// DPC listhead, counts, and batching parameters - 128-byte aligned.
//
LIST_ENTRY64 DpcListHead; ULONG64 DpcStack; ULONG64 SavedRsp; ULONG DpcCount; ULONG DpcQueueDepth; LOGICAL DpcRoutineActive; LOGICAL DpcInterruptRequested; ULONG DpcLastCount; ULONG DpcRequestRate; ULONG MaximumDpcQueueDepth; ULONG MinimumDpcRate; ULONG PrcbAlign5[16];
//
// DPC list lock - 128-byte aligned.
//
ULONG64 DpcLock; ULONG PrcbAlign6[30];
//
// Miscellaneous counters - 128-byte aligned.
//
ULONG InterruptCount; ULONG KernelTime; ULONG UserTime; ULONG DpcTime; ULONG InterruptTime; ULONG AdjustDpcThreshold; ULONG PageColor; ULONG TimerHand; ULONG64 ParentNode; ULONG64 MultiThreadProcessorSet; ULONG ThreadStartCount[2];
//
// Per processor data for various hot code which resides in the kernel image.
// Each processor has it's own copy of the data to lessen the caching impact
// of sharing the data between multiple processors.
//
// Cache manager performance counters.
//
ULONG CcFastReadNoWait; ULONG CcFastReadWait; ULONG CcFastReadNotPossible; ULONG CcCopyReadNoWait; ULONG CcCopyReadWait; ULONG CcCopyReadNoWaitMiss;
//
// Kernel performance counters.
//
ULONG KeAlignmentFixupCount; ULONG KeContextSwitches; ULONG KeDcacheFlushCount; ULONG KeExceptionDispatchCount; ULONG KeFirstLevelTbFills; ULONG KeFloatingEmulationCount; ULONG KeIcacheFlushCount; ULONG KeSecondLevelTbFills; ULONG KeSystemCalls;
//
// I/O system per processor single entry lookaside lists.
//
ULONG64 SmallIrpFreeEntry; ULONG64 LargeIrpFreeEntry; ULONG64 MdlFreeEntry;
//
// Object manager per processor single entry lookaside lists.
//
ULONG64 CreateInfoFreeEntry; ULONG64 NameBufferFreeEntry;
//
// Cache manager per processor single entry lookaside lists.
//
ULONG64 SharedCacheMapEntry;
//
// Debug & processor information
//
UCHAR VendorString[13]; UCHAR InitialApicId; UCHAR LogicalProcessorsPerPhysicalProcessor; BOOLEAN SkipTick; ULONG MHz; ULONG FeatureBits; LARGE_INTEGER UpdateSignature;
} AMD64_PARTIAL_KPRCB, *PAMD64_PARTIAL_KPRCB;
typedef struct _AMD64_KPCR {
//
// Start of the architecturally defined section of the PCR. This section
// may be directly addressed by vendor/platform specific HAL code and will
// not change from version to version of NT.
//
NT_TIB64 NtTib; ULONG64 CurrentPrcb; ULONG64 SavedRcx; ULONG64 SavedR11; KIRQL Irql; UCHAR SecondLevelCacheAssociativity; UCHAR Number; UCHAR Fill0; ULONG Irr; ULONG IrrActive; ULONG Idr; USHORT MajorVersion; USHORT MinorVersion; ULONG StallScaleFactor; ULONG64 IdtBase; ULONG64 GdtBase; ULONG64 TssBase;
ULONG KernelReserved[15]; // For use by the kernel
ULONG SecondLevelCacheSize; ULONG HalReserved[16]; // For use by Hal
//
// End of the architecturally defined section of the PCR.
//
// end_nthal
//
ULONG PcrAlign0;
ULONG64 KdVersionBlock;
ULONG PcrAlign1[26]; ULONG Align16Fill[2]; AMD64_PARTIAL_KPRCB Prcb;} AMD64_KPCR, *PAMD64_KPCR;
typedef struct _ALPHA_KEXCEPTION_FRAME {
ULONGLONG IntRa; // return address register, ra
ULONGLONG FltF2; // nonvolatile floating registers, f2 - f9
ULONGLONG FltF3; ULONGLONG FltF4; ULONGLONG FltF5; ULONGLONG FltF6; ULONGLONG FltF7; ULONGLONG FltF8; ULONGLONG FltF9;
ULONGLONG IntS0; // nonvolatile integer registers, s0 - s5
ULONGLONG IntS1; ULONGLONG IntS2; ULONGLONG IntS3; ULONGLONG IntS4; ULONGLONG IntS5; ULONGLONG IntFp; // frame pointer register, fp/s6
ULONGLONG SwapReturn; ULONG Psr; // processor status
ULONG Fill[5]; // padding for 32-byte stack frame alignment
// N.B. - Ulongs from the filler section are used
// in ctxsw.s - do not delete
} ALPHA_KEXCEPTION_FRAME, *PALPHA_KEXCEPTION_FRAME;
typedef struct _IA64_KNONVOLATILE_CONTEXT_POINTERS { PFLOAT128 FltS0; // Intel-IA64-Filler
PFLOAT128 FltS1; // Intel-IA64-Filler
PFLOAT128 FltS2; // Intel-IA64-Filler
PFLOAT128 FltS3; // Intel-IA64-Filler
PFLOAT128 HighFloatingContext[10]; // Intel-IA64-Filler
PFLOAT128 FltS4; // Intel-IA64-Filler
PFLOAT128 FltS5; // Intel-IA64-Filler
PFLOAT128 FltS6; // Intel-IA64-Filler
PFLOAT128 FltS7; // Intel-IA64-Filler
PFLOAT128 FltS8; // Intel-IA64-Filler
PFLOAT128 FltS9; // Intel-IA64-Filler
PFLOAT128 FltS10; // Intel-IA64-Filler
PFLOAT128 FltS11; // Intel-IA64-Filler
PFLOAT128 FltS12; // Intel-IA64-Filler
PFLOAT128 FltS13; // Intel-IA64-Filler
PFLOAT128 FltS14; // Intel-IA64-Filler
PFLOAT128 FltS15; // Intel-IA64-Filler
PFLOAT128 FltS16; // Intel-IA64-Filler
PFLOAT128 FltS17; // Intel-IA64-Filler
PFLOAT128 FltS18; // Intel-IA64-Filler
PFLOAT128 FltS19; // Intel-IA64-Filler
PULONGLONG IntS0; // Intel-IA64-Filler
PULONGLONG IntS1; // Intel-IA64-Filler
PULONGLONG IntS2; // Intel-IA64-Filler
PULONGLONG IntS3; // Intel-IA64-Filler
PULONGLONG IntSp; // Intel-IA64-Filler
PULONGLONG IntS0Nat; // Intel-IA64-Filler
PULONGLONG IntS1Nat; // Intel-IA64-Filler
PULONGLONG IntS2Nat; // Intel-IA64-Filler
PULONGLONG IntS3Nat; // Intel-IA64-Filler
PULONGLONG IntSpNat; // Intel-IA64-Filler
PULONGLONG Preds; // Intel-IA64-Filler
PULONGLONG BrRp; // Intel-IA64-Filler
PULONGLONG BrS0; // Intel-IA64-Filler
PULONGLONG BrS1; // Intel-IA64-Filler
PULONGLONG BrS2; // Intel-IA64-Filler
PULONGLONG BrS3; // Intel-IA64-Filler
PULONGLONG BrS4; // Intel-IA64-Filler
PULONGLONG ApUNAT; // Intel-IA64-Filler
PULONGLONG ApLC; // Intel-IA64-Filler
PULONGLONG ApEC; // Intel-IA64-Filler
PULONGLONG RsPFS; // Intel-IA64-Filler
PULONGLONG StFSR; // Intel-IA64-Filler
PULONGLONG StFIR; // Intel-IA64-Filler
PULONGLONG StFDR; // Intel-IA64-Filler
PULONGLONG Cflag; // Intel-IA64-Filler
} IA64_KNONVOLATILE_CONTEXT_POINTERS, *PIA64_KNONVOLATILE_CONTEXT_POINTERS;
typedef struct _IA64_KEXCEPTION_FRAME {
// Preserved application registers // Intel-IA64-Filler
ULONGLONG ApEC; // epilogue count // Intel-IA64-Filler
ULONGLONG ApLC; // loop count // Intel-IA64-Filler
ULONGLONG IntNats; // Nats for S0-S3; i.e. ar.UNAT after spill // Intel-IA64-Filler
// Preserved (saved) interger registers, s0-s3 // Intel-IA64-Filler
ULONGLONG IntS0; // Intel-IA64-Filler
ULONGLONG IntS1; // Intel-IA64-Filler
ULONGLONG IntS2; // Intel-IA64-Filler
ULONGLONG IntS3; // Intel-IA64-Filler
// Preserved (saved) branch registers, bs0-bs4 // Intel-IA64-Filler
ULONGLONG BrS0; // Intel-IA64-Filler
ULONGLONG BrS1; // Intel-IA64-Filler
ULONGLONG BrS2; // Intel-IA64-Filler
ULONGLONG BrS3; // Intel-IA64-Filler
ULONGLONG BrS4; // Intel-IA64-Filler
// Preserved (saved) floating point registers, f2 - f5, f16 - f31 // Intel-IA64-Filler
FLOAT128 FltS0; // Intel-IA64-Filler
FLOAT128 FltS1; // Intel-IA64-Filler
FLOAT128 FltS2; // Intel-IA64-Filler
FLOAT128 FltS3; // Intel-IA64-Filler
FLOAT128 FltS4; // Intel-IA64-Filler
FLOAT128 FltS5; // Intel-IA64-Filler
FLOAT128 FltS6; // Intel-IA64-Filler
FLOAT128 FltS7; // Intel-IA64-Filler
FLOAT128 FltS8; // Intel-IA64-Filler
FLOAT128 FltS9; // Intel-IA64-Filler
FLOAT128 FltS10; // Intel-IA64-Filler
FLOAT128 FltS11; // Intel-IA64-Filler
FLOAT128 FltS12; // Intel-IA64-Filler
FLOAT128 FltS13; // Intel-IA64-Filler
FLOAT128 FltS14; // Intel-IA64-Filler
FLOAT128 FltS15; // Intel-IA64-Filler
FLOAT128 FltS16; // Intel-IA64-Filler
FLOAT128 FltS17; // Intel-IA64-Filler
FLOAT128 FltS18; // Intel-IA64-Filler
FLOAT128 FltS19; // Intel-IA64-Filler
} IA64_KEXCEPTION_FRAME, *PIA64_KEXCEPTION_FRAME;
typedef struct _IA64_KSWITCH_FRAME { // Intel-IA64-Filler
ULONGLONG SwitchPredicates; // Predicates for Switch // Intel-IA64-Filler
ULONGLONG SwitchRp; // return pointer for Switch // Intel-IA64-Filler
ULONGLONG SwitchPFS; // PFS for Switch // Intel-IA64-Filler
ULONGLONG SwitchFPSR; // ProcessorFP status at thread switch // Intel-IA64-Filler
ULONGLONG SwitchBsp; // Intel-IA64-Filler
ULONGLONG SwitchRnat; // Intel-IA64-Filler
// ULONGLONG Pad;
IA64_KEXCEPTION_FRAME SwitchExceptionFrame; // Intel-IA64-Filler
} IA64_KSWITCH_FRAME, *PIA64_KSWITCH_FRAME; // Intel-IA64-Filler
#define IA64_KTRAP_FRAME_ARGUMENTS (8 * 8) // up to 8 in-memory syscall args // Intel-IA64-Filler
typedef struct _IA64_KTRAP_FRAME {
//
// Reserved for additional memory arguments and stack scratch area
// The size of Reserved[] must be a multiple of 16 bytes.
//
ULONGLONG Reserved[(IA64_KTRAP_FRAME_ARGUMENTS+16)/8]; // Intel-IA64-Filler
// Temporary (volatile) FP registers - f6-f15 (don't use f32+ in kernel) // Intel-IA64-Filler
FLOAT128 FltT0; // Intel-IA64-Filler
FLOAT128 FltT1; // Intel-IA64-Filler
FLOAT128 FltT2; // Intel-IA64-Filler
FLOAT128 FltT3; // Intel-IA64-Filler
FLOAT128 FltT4; // Intel-IA64-Filler
FLOAT128 FltT5; // Intel-IA64-Filler
FLOAT128 FltT6; // Intel-IA64-Filler
FLOAT128 FltT7; // Intel-IA64-Filler
FLOAT128 FltT8; // Intel-IA64-Filler
FLOAT128 FltT9; // Intel-IA64-Filler
// Temporary (volatile) interger registers
ULONGLONG IntGp; // global pointer (r1) // Intel-IA64-Filler
ULONGLONG IntT0; // Intel-IA64-Filler
ULONGLONG IntT1; // Intel-IA64-Filler
// The following 4 registers fill in space of preserved (S0-S3) to align Nats // Intel-IA64-Filler
ULONGLONG ApUNAT; // ar.UNAT on kernel entry // Intel-IA64-Filler
ULONGLONG ApCCV; // ar.CCV // Intel-IA64-Filler
ULONGLONG ApDCR; // DCR register on kernel entry // Intel-IA64-Filler
ULONGLONG Preds; // Predicates // Intel-IA64-Filler
ULONGLONG IntV0; // return value (r8) // Intel-IA64-Filler
ULONGLONG IntT2; // Intel-IA64-Filler
ULONGLONG IntT3; // Intel-IA64-Filler
ULONGLONG IntT4; // Intel-IA64-Filler
ULONGLONG IntSp; // stack pointer (r12) // Intel-IA64-Filler
ULONGLONG IntTeb; // teb (r13) // Intel-IA64-Filler
ULONGLONG IntT5; // Intel-IA64-Filler
ULONGLONG IntT6; // Intel-IA64-Filler
ULONGLONG IntT7; // Intel-IA64-Filler
ULONGLONG IntT8; // Intel-IA64-Filler
ULONGLONG IntT9; // Intel-IA64-Filler
ULONGLONG IntT10; // Intel-IA64-Filler
ULONGLONG IntT11; // Intel-IA64-Filler
ULONGLONG IntT12; // Intel-IA64-Filler
ULONGLONG IntT13; // Intel-IA64-Filler
ULONGLONG IntT14; // Intel-IA64-Filler
ULONGLONG IntT15; // Intel-IA64-Filler
ULONGLONG IntT16; // Intel-IA64-Filler
ULONGLONG IntT17; // Intel-IA64-Filler
ULONGLONG IntT18; // Intel-IA64-Filler
ULONGLONG IntT19; // Intel-IA64-Filler
ULONGLONG IntT20; // Intel-IA64-Filler
ULONGLONG IntT21; // Intel-IA64-Filler
ULONGLONG IntT22; // Intel-IA64-Filler
ULONGLONG IntNats; // Temporary (volatile) registers' Nats directly from ar.UNAT at point of spill // Intel-IA64-Filler
ULONGLONG BrRp; // Return pointer on kernel entry // Intel-IA64-Filler
ULONGLONG BrT0; // Temporary (volatile) branch registers (b6-b7) // Intel-IA64-Filler
ULONGLONG BrT1; // Intel-IA64-Filler
// Register stack info // Intel-IA64-Filler
ULONGLONG RsRSC; // RSC on kernel entry // Intel-IA64-Filler
ULONGLONG RsBSP; // BSP on kernel entry // Intel-IA64-Filler
ULONGLONG RsBSPSTORE; // User BSP Store at point of switch to kernel backing store // Intel-IA64-Filler
ULONGLONG RsRNAT; // old RNAT at point of switch to kernel backing store // Intel-IA64-Filler
ULONGLONG RsPFS; // PFS on kernel entry // Intel-IA64-Filler
// Trap Status Information // Intel-IA64-Filler
ULONGLONG StIPSR; // Interruption Processor Status Register // Intel-IA64-Filler
ULONGLONG StIIP; // Interruption IP // Intel-IA64-Filler
ULONGLONG StIFS; // Interruption Function State // Intel-IA64-Filler
ULONGLONG StFPSR; // FP status // Intel-IA64-Filler
ULONGLONG StISR; // Interruption Status Register // Intel-IA64-Filler
ULONGLONG StIFA; // Interruption Data Address // Intel-IA64-Filler
ULONGLONG StIIPA; // Last executed bundle address // Intel-IA64-Filler
ULONGLONG StIIM; // Interruption Immediate // Intel-IA64-Filler
ULONGLONG StIHA; // Interruption Hash Address // Intel-IA64-Filler
ULONG OldIrql; // Previous Irql. // Intel-IA64-Filler
ULONG PreviousMode; // Previous Mode. // Intel-IA64-Filler
ULONGLONG TrapFrame;// Previous Trap Frame // Intel-IA64-Filler
// Exception record
UCHAR ExceptionRecord[(sizeof(EXCEPTION_RECORD64) + 15) & (~15)];
// End of frame marker (for debugging)
ULONGLONG Handler; // Handler for this trap
ULONGLONG EOFMarker;} IA64_KTRAP_FRAME, *PIA64_KTRAP_FRAME;
typedef struct _IA64_UNWIND_INFO { // Intel-IA64-Filler
USHORT Version; // Intel-IA64-Filler ; Version Number
USHORT Flags; // Intel-IA64-Filler ; Flags
ULONG DataLength; // Intel-IA64-Filler ; Length of Descriptor Data
} IA64_UNWIND_INFO, *PIA64_UNWIND_INFO; // Intel-IA64-Filler
//
// Define unwind operation codes.
//
typedef enum _AMD64_UNWIND_OP_CODES { AMD64_UWOP_PUSH_NONVOL = 0, AMD64_UWOP_ALLOC_LARGE, AMD64_UWOP_ALLOC_SMALL, AMD64_UWOP_SET_FPREG, AMD64_UWOP_SAVE_NONVOL, AMD64_UWOP_SAVE_NONVOL_FAR, AMD64_UWOP_SAVE_XMM, AMD64_UWOP_SAVE_XMM_FAR, AMD64_UWOP_SAVE_XMM128, AMD64_UWOP_SAVE_XMM128_FAR, AMD64_UWOP_PUSH_MACHFRAME} AMD64_UNWIND_OP_CODES, *PAMD64_UNWIND_OP_CODES;
//
// Define unwind code structure.
//
typedef union _AMD64_UNWIND_CODE { struct { UCHAR CodeOffset; UCHAR UnwindOp : 4; UCHAR OpInfo : 4; };
USHORT FrameOffset;} AMD64_UNWIND_CODE, *PAMD64_UNWIND_CODE;
//
// Define unwind information flags.
//
#define AMD64_UNW_FLAG_NHANDLER 0x0
#define AMD64_UNW_FLAG_EHANDLER 0x1
#define AMD64_UNW_FLAG_UHANDLER 0x2
#define AMD64_UNW_FLAG_CHAININFO 0x4
//
// Define unwind information structure.
//
typedef struct _AMD64_UNWIND_INFO { UCHAR Version : 3; UCHAR Flags : 5; UCHAR SizeOfProlog; UCHAR CountOfCodes; UCHAR FrameRegister : 4; UCHAR FrameOffset : 4; AMD64_UNWIND_CODE UnwindCode[1];
//
// The unwind codes are followed by an optional DWORD aligned field that
// contains the exception handler address or the address of chained unwind
// information. If an exception handler address is specified, then it is
// followed by the language specified exception handler data.
//
// union {
// ULONG ExceptionHandler;
// ULONG FunctionEntry;
// };
//
// ULONG ExceptionData[];
//
} AMD64_UNWIND_INFO, *PAMD64_UNWIND_INFO;
#define IA64_IP_SLOT 2 // Intel-IA64-Filler
#define Ia64InsertIPSlotNumber(IP, SlotNumber) /* Intel-IA64-Filler */ \
((IP) | (SlotNumber << IA64_IP_SLOT)) // Intel-IA64-Filler
#define IA64_MM_EPC_VA 0xe0000000ffa00000
#define IA64_STACK_SCRATCH_AREA 16
#define IA64_SYSCALL_FRAME 0
#define IA64_INTERRUPT_FRAME 1
#define IA64_EXCEPTION_FRAME 2
#define IA64_CONTEXT_FRAME 10
#define IA64_IFS_IFM 0
#define IA64_IFS_IFM_LEN 38
#define IA64_IFS_MBZ0 38
#define IA64_IFS_MBZ0_V 0x1ffffffi64
#define IA64_IFS_V 63
#define IA64_IFS_V_LEN 1
#define IA64_PFS_EC_SHIFT 52
#define IA64_PFS_EC_SIZE 6
#define IA64_PFS_EC_MASK 0x3F
#define IA64_PFS_SIZE_SHIFT 7
#define IA64_PFS_SIZE_MASK 0x7F
#define IA64_NAT_BITS_PER_RNAT_REG 63
#define IA64_RNAT_ALIGNMENT (IA64_NAT_BITS_PER_RNAT_REG << 3)
#define IA64_BREAK_DEBUG_BASE 0x080000
#define IA64_BREAK_SYSCALL_BASE 0x180000
#define IA64_BREAK_FASTSYS_BASE 0x1C0000
#define IA64_DEBUG_STOP_BREAKPOINT (IA64_BREAK_DEBUG_BASE+22)
#define ALPHA_PSR_USER_MODE 0x1
#define ALPHA_PSR_MODE 0x0 // Mode bit in PSR (bit 0)
#define ALPHA_PSR_MODE_MASK 0x1 // Mask (1 bit) for mode in PSR
#define ALPHA_PSR_IE 0x1 // Interrupt Enable bit in PSR (bit 1)
#define ALPHA_PSR_IE_MASK 0x1 // Mask (1 bit) for IE in PSR
#define ALPHA_PSR_IRQL 0x2 // IRQL in PSR (bit 2)
#define ALPHA_PSR_IRQL_MASK 0x7 // Mask (2 bits) for IRQL in PSR
#define X86_CONTEXT_X86 0x00010000
#define ALPHA_CONTEXT_ALPHA 0x00020000
#define ALPHA_CONTEXT_CONTROL (ALPHA_CONTEXT_ALPHA | 0x00000001L)
#define ALPHA_CONTEXT_FLOATING_POINT (ALPHA_CONTEXT_ALPHA | 0x00000002L)
#define ALPHA_CONTEXT_INTEGER (ALPHA_CONTEXT_ALPHA | 0x00000004L)
#define ALPHA_CONTEXT_FULL \
(ALPHA_CONTEXT_CONTROL | ALPHA_CONTEXT_FLOATING_POINT | \ ALPHA_CONTEXT_INTEGER)
#define IA64_CONTEXT_IA64 0x00080000
#define IA64_CONTEXT_CONTROL (IA64_CONTEXT_IA64 | 0x00000001L)
#define IA64_CONTEXT_LOWER_FLOATING_POINT (IA64_CONTEXT_IA64 | 0x00000002L)
#define IA64_CONTEXT_HIGHER_FLOATING_POINT (IA64_CONTEXT_IA64 | 0x00000004L)
#define IA64_CONTEXT_INTEGER (IA64_CONTEXT_IA64 | 0x00000008L)
#define IA64_CONTEXT_DEBUG (IA64_CONTEXT_IA64 | 0x00000010L)
#define IA64_CONTEXT_IA32_CONTROL (IA64_CONTEXT_IA64 | 0x00000020L)
#define IA64_CONTEXT_FLOATING_POINT \
(IA64_CONTEXT_LOWER_FLOATING_POINT | IA64_CONTEXT_HIGHER_FLOATING_POINT)#define IA64_CONTEXT_FULL \
(IA64_CONTEXT_CONTROL | IA64_CONTEXT_FLOATING_POINT | IA64_CONTEXT_INTEGER | IA64_CONTEXT_IA32_CONTROL)
#define AMD64_CONTEXT_AMD64 0x00100000
#define AMD64_CONTEXT_CONTROL (AMD64_CONTEXT_AMD64 | 0x1L)
#define AMD64_CONTEXT_INTEGER (AMD64_CONTEXT_AMD64 | 0x2L)
#define AMD64_CONTEXT_SEGMENTS (AMD64_CONTEXT_AMD64 | 0x4L)
#define AMD64_CONTEXT_FLOATING_POINT (AMD64_CONTEXT_AMD64 | 0x8L)
#define AMD64_CONTEXT_DEBUG_REGISTERS (AMD64_CONTEXT_AMD64 | 0x10L)
#define AMD64_CONTEXT_FULL \
(AMD64_CONTEXT_CONTROL | AMD64_CONTEXT_INTEGER | AMD64_CONTEXT_FLOATING_POINT)
#define X86_NT4_KPRCB_SIZE 0x9F0
#define X86_NT5_KPRCB_SIZE 0x9F0
#define X86_NT51_KPRCB_SIZE 0xC50
#define ALPHA_KPRCB_SIZE 0xA00
#define AXP64_KPRCB_SIZE 0xC00
#define IA64_KPRCB_SIZE 0x1A40
#define AMD64_KPRCB_SIZE 0xC00
#define KPRCB_CURRENT_THREAD_OFFSET_32 4
#define KPRCB_CURRENT_THREAD_OFFSET_64 8
#define X86_1387_KPRCB_VENDOR_STRING 0x52D
#define X86_2087_KPRCB_VENDOR_STRING 0x72D
#define X86_2251_KPRCB_VENDOR_STRING 0x8AD
#define X86_2474_KPRCB_VENDOR_STRING 0x900
#define X86_VENDOR_STRING_SIZE 13
#define X86_NT5_EPROCESS_SIZE 0x288
#define X86_NT51_EPROCESS_SIZE 0x258
#define ALPHA_NT5_EPROCESS_SIZE 0x288
#define ALPHA_NT51_EPROCESS_SIZE 0x290
#define AXP64_EPROCESS_SIZE 0x418
#define IA64_EPROCESS_SIZE 0x3D0
#define AMD64_EPROCESS_SIZE 0x3D0
#define ALPHA_NT5_PEB_IN_EPROCESS 0x1A8
#define ALPHA_NT51_PEB_IN_EPROCESS 0x1B0
#define X86_PEB_IN_EPROCESS 0x1B0
#define X86_NT4_PEB_IN_EPROCESS 0x18C
#define AXP64_PEB_IN_EPROCESS 0x2B8
#define IA64_PEB_IN_EPROCESS 0x2D0
#define IA64_2259_PEB_IN_EPROCESS 0x300
#define AMD64_PEB_IN_EPROCESS 0x2c0
#define ALPHA_DIRECTORY_TABLE_BASE_IN_EPROCESS 24
#define AXP64_DIRECTORY_TABLE_BASE_IN_EPROCESS 40
#define IA64_DIRECTORY_TABLE_BASE_IN_EPROCESS 40
#define X86_DIRECTORY_TABLE_BASE_IN_EPROCESS 24
#define AMD64_DIRECTORY_TABLE_BASE_IN_EPROCESS 40
#define X86_ETHREAD_SIZE 0x258
#define X86_NT51_ETHREAD_SIZE 0x260
#define ALPHA_ETHREAD_SIZE 0x258
#define AXP64_ETHREAD_SIZE 0x420
#define IA64_ETHREAD_SIZE 0x458
#define AMD64_ETHREAD_SIZE 0x458
#define X86_KTHREAD_NEXTPROCESSOR_OFFSET 0x11f
#define X86_2230_KTHREAD_NEXTPROCESSOR_OFFSET 0x123
#define X86_NT51_KTHREAD_NEXTPROCESSOR_OFFSET 0x12b
#define IA64_KTHREAD_NEXTPROCESSOR_OFFSET 0x23b
#define AMD64_KTHREAD_NEXTPROCESSOR_OFFSET 0x21b
#define PEB_FROM_TEB32 48
#define PEB_FROM_TEB64 96
#define STACK_BASE_FROM_TEB32 4
#define STACK_BASE_FROM_TEB64 8
#define PEBLDR_FROM_PEB32 12
#define PEBLDR_FROM_PEB64 24
#define MODULE_LIST_FROM_PEBLDR32 12
#define MODULE_LIST_FROM_PEBLDR64 16
#define IA64_TEB_BSTORE_BASE 0x1788
#define X86_SHARED_SYSCALL_BASE_LT2412 0x7ffe02e0
#define X86_SHARED_SYSCALL_BASE_GTE2412 0x7ffe02f8
#define X86_SHARED_SYSCALL_SIZE 0xf
#define X86_KI_USER_SHARED_DATA 0xffdf0000U
#define IA64_KI_USER_SHARED_DATA 0xe0000000fffe0000UI64
#define ALPHA_KI_USER_SHARED_DATA 0xff000000U
#define AXP64_KI_USER_SHARED_DATA 0xffffffffff000000UI64
#define AMD64_KI_USER_SHARED_DATA 0xfffff78000000000UI64
// Triage dumps contain a KPRCB and the debugger
// needs a safe address to map it into virtual space
// so that it's accessible in a way consistent with
// other dumps and live debugs. The debugger uses
// an address in the user-shared-memory area on the
// theory that nothing in that area should be present
// in a kernel triage dump so it's a safe place to map in.
#define X86_TRIAGE_PRCB_ADDRESS 0xffdff120U
#define IA64_TRIAGE_PRCB_ADDRESS 0xe0000000ffff0000UI64
#define ALPHA_TRIAGE_PRCB_ADDRESS 0xffff0000U
#define AXP64_TRIAGE_PRCB_ADDRESS 0xffffffffffff0000UI64
#define AMD64_TRIAGE_PRCB_ADDRESS 0xfffff780ffff0000UI64
#define X86_KGDT_NULL 0
#define X86_KGDT_R0_CODE 8
#define X86_KGDT_R0_DATA 16
#define X86_KGDT_R3_CODE 24
#define X86_KGDT_R3_DATA 32
#define X86_KGDT_TSS 40
#define X86_KGDT_R0_PCR 48
#define X86_KGDT_R3_TEB 56
#define X86_KGDT_VDM_TILE 64
#define X86_KGDT_LDT 72
#define X86_KGDT_DF_TSS 80
#define X86_KGDT_NMI_TSS 88
#define X86_FRAME_EDITED 0xfff8
#define X86_MODE_MASK 1
#define X86_EFLAGS_V86_MASK 0x00020000
//
// Memory management info
//
#define X86_BASE_VIRT 0xc0300000
#define X86_BASE_VIRT_PAE 0xc0600000
#define X86_PAGE_SIZE 0x1000
#define X86_PAGE_SHIFT 12L
#define X86_MM_PTE_TRANSITION_MASK 0x800
#define X86_MM_PTE_PROTOTYPE_MASK 0x400
#define X86_VALID_PFN_MASK 0xFFFFF000
#define X86_VALID_PFN_MASK_PAE 0x0000000FFFFFF000UI64
#define X86_VALID_PFN_SHIFT 12
#define X86_PDPE_SHIFT 30
#define X86_PDE_SHIFT 22
#define X86_PDE_SHIFT_PAE 21
#define X86_PDE_MASK_PAE 0x1ff
#define X86_PTE_SHIFT 12
#define X86_PTE_MASK 0x3ff
#define X86_PTE_MASK_PAE 0x1ff
#define X86_LARGE_PAGE_MASK 0x80
#define X86_LARGE_PAGE_SIZE (4 * 1024 * 1024)
#define X86_LARGE_PAGE_SIZE_PAE (2 * 1024 * 1024)
#define X86_PDBR_MASK 0xFFFFFFE0
#define IA64_PAGE_SIZE 0x2000
#define IA64_PAGE_SHIFT 13L
#define IA64_MM_PTE_TRANSITION_MASK 0x80
#define IA64_MM_PTE_PROTOTYPE_MASK 0x02
#define IA64_VALID_PFN_MASK 0x0007FFFFFFFFE000UI64
#define IA64_VALID_PFN_SHIFT 13
#define IA64_PDE1_SHIFT 33
#define IA64_PDE2_SHIFT 23
#define IA64_PDE_MASK 0x3ff
#define IA64_PTE_SHIFT 13
#define IA64_PTE_MASK 0x3ff
#define IA64_PHYSICAL1_START 0x8000000000000000UI64
#define IA64_PHYSICAL1_END 0x80000FFFFFFFFFFFUI64
#define IA64_PHYSICAL2_START 0xE000000080000000UI64
#define IA64_PHYSICAL2_END 0xE0000000BFFFFFFFUI64
#define IA64_PTA_BASE_MASK 0x1FFFFFFFFFFF8000UI64
#define IA64_REGION_MASK 0xE000000000000000UI64
#define IA64_REGION_SHIFT 61
#define IA64_REGION_COUNT 8
#define IA64_REGION_USER 0
#define IA64_REGION_SESSION 1
#define IA64_REGION_KERNEL 7
#define IA64_VHPT_MASK 0x000000FFFFFF8000UI64
#define AXP64_BASE_VIRT 0xFFFFFFFFC0180000UI64
#define AXP64_PAGE_SIZE 0x2000
#define AXP64_PAGE_SHIFT 13L
#define AXP64_MM_PTE_TRANSITION_MASK 0x4
#define AXP64_MM_PTE_PROTOTYPE_MASK 0x2
#define AXP64_VALID_PFN_MASK 0xFFFFFFFF00000000UI64
#define AXP64_VALID_PFN_SHIFT 32
#define AXP64_PDE1_SHIFT 33
#define AXP64_PDE2_SHIFT 23
#define AXP64_PDE_MASK 0x3ff
#define AXP64_PTE_SHIFT 13
#define AXP64_PTE_MASK 0x3ff
#define AXP64_PHYSICAL1_START 0xFFFFFC0000000000UI64
#define AXP64_PHYSICAL1_END 0xFFFFFDFFFFFFFFFFUI64
#define AXP64_PHYSICAL2_START 0xFFFFFFFF80000000UI64
#define AXP64_PHYSICAL2_END 0xFFFFFFFFBFFFFFFFUI64
#define ALPHA_BASE_VIRT 0xFFFFFFFFC0180000UI64
#define ALPHA_PAGE_SIZE 0x2000
#define ALPHA_PAGE_SHIFT 13L
#define ALPHA_MM_PTE_TRANSITION_MASK 0x4
#define ALPHA_MM_PTE_PROTOTYPE_MASK 0x2
#define ALPHA_VALID_PFN_MASK 0xFFFFFE00
#define ALPHA_VALID_PFN_SHIFT 9
#define ALPHA_PDE_SHIFT 24
#define ALPHA_PTE_SHIFT 13
#define ALPHA_PTE_MASK 0x7ff
#define ALPHA_PHYSICAL_START 0x80000000
#define ALPHA_PHYSICAL_END 0xBFFFFFFF
//
// Memory management info
//
#define AMD64_BASE_VIRT 0xFFFFF6FB7DBED000UI64
#define AMD64_PAGE_SIZE 0x1000
#define AMD64_PAGE_SHIFT 12L
#define AMD64_MM_PTE_TRANSITION_MASK 0x800
#define AMD64_MM_PTE_PROTOTYPE_MASK 0x400
#define AMD64_VALID_PFN_MASK 0x000000FFFFFFF000UI64
#define AMD64_VALID_PFN_SHIFT 12
#define AMD64_PML4E_SHIFT 39
#define AMD64_PML4E_MASK 0x1ff
#define AMD64_PDPE_SHIFT 30
#define AMD64_PDPE_MASK 0x1ff
#define AMD64_PDE_SHIFT 21
#define AMD64_PDE_MASK 0x1ff
#define AMD64_PTE_SHIFT 12
#define AMD64_PTE_MASK 0x1ff
#define AMD64_LARGE_PAGE_MASK 0x80
#define AMD64_LARGE_PAGE_SIZE (2 * 1024 * 1024)
#define AMD64_PDBR_MASK AMD64_VALID_PFN_MASK
#define AMD64_PHYSICAL_START 0xFFFFF80000000000UI64
#define AMD64_PHYSICAL_END 0xFFFFF8FFFFFFFFFFUI64
#define IA64_DEBUG_CONTROL_SPACE_PCR 1
#define IA64_DEBUG_CONTROL_SPACE_PRCB 2
#define IA64_DEBUG_CONTROL_SPACE_KSPECIAL 3
#define IA64_DEBUG_CONTROL_SPACE_THREAD 4
#define ALPHA_DEBUG_CONTROL_SPACE_PCR 1
#define ALPHA_DEBUG_CONTROL_SPACE_THREAD 2
#define ALPHA_DEBUG_CONTROL_SPACE_PRCB 3
#define ALPHA_DEBUG_CONTROL_SPACE_TEB 6
#define AMD64_DEBUG_CONTROL_SPACE_PCR 0
#define AMD64_DEBUG_CONTROL_SPACE_PRCB 1
#define AMD64_DEBUG_CONTROL_SPACE_KSPECIAL 2
#define AMD64_DEBUG_CONTROL_SPACE_THREAD 3
typedef struct _ALPHA_DYNAMIC_FUNCTION_TABLE { LIST_ENTRY32 Links; ULONG FunctionTable; ULONG EntryCount; LARGE_INTEGER TimeStamp; ULONG MinimumAddress; ULONG MaximumAddress; BOOLEAN Sorted;} ALPHA_DYNAMIC_FUNCTION_TABLE, *PALPHA_DYNAMIC_FUNCTION_TABLE;
typedef struct _AXP64_DYNAMIC_FUNCTION_TABLE { LIST_ENTRY64 Links; ULONG64 FunctionTable; ULONG EntryCount; LARGE_INTEGER TimeStamp; ULONG64 MinimumAddress; ULONG64 MaximumAddress; BOOLEAN Sorted;} AXP64_DYNAMIC_FUNCTION_TABLE, *PAXP64_DYNAMIC_FUNCTION_TABLE;
#define ALPHA_RF_NOT_CONTIGUOUS 0
#define ALPHA_RF_ALT_ENT_PROLOG 1
#define ALPHA_RF_NULL_CONTEXT 2
#define ALPHA_RF_BEGIN_ADDRESS(RF) ((RF)->BeginAddress & (~3))
#define ALPHA_RF_END_ADDRESS(RF) ((RF)->EndAddress & (~3))
#define ALPHA_RF_EXCEPTION_HANDLER(RF) (PEXCEPTION_ROUTINE)((ULONG_PTR)((RF)->ExceptionHandler) & (~3))
#define ALPHA_RF_ENTRY_TYPE(RF) (ULONG)((ULONG_PTR)((RF)->HandlerData) & 3)
#define ALPHA_RF_PROLOG_END_ADDRESS(RF) ((RF)->PrologEndAddress & (~3))
#define ALPHA_RF_IS_FIXED_RETURN(RF) (BOOLEAN)(((ULONG_PTR)((RF)->ExceptionHandler) & 2) >> 1)
#define ALPHA_RF_NULL_CONTEXT_COUNT(RF) (ULONG)((ULONG_PTR)((RF)->EndAddress) & 3)
#define ALPHA_RF_FIXED_RETURN(RF) ((ULONG_PTR)((RF)->ExceptionHandler) & (~3))
#define ALPHA_RF_ALT_PROLOG(RF) ((ULONG_PTR)((RF)->ExceptionHandler) & (~3))
#define ALPHA_RF_STACK_ADJUST(RF) (ULONG)((ULONG_PTR)((RF)->ExceptionHandler) & (~3))
typedef enum _IA64_FUNCTION_TABLE_TYPE { IA64_RF_SORTED, IA64_RF_UNSORTED, IA64_RF_CALLBACK} IA64_FUNCTION_TABLE_TYPE;
typedef struct _IA64_DYNAMIC_FUNCTION_TABLE{ LIST_ENTRY64 Links; ULONG64 FunctionTable; LARGE_INTEGER TimeStamp; ULONG64 MinimumAddress; ULONG64 MaximumAddress; ULONG64 BaseAddress; ULONG64 TargetGp; ULONG64 Callback; ULONG64 Context; ULONG64 OutOfProcessCallbackDll; IA64_FUNCTION_TABLE_TYPE Type; ULONG EntryCount;} IA64_DYNAMIC_FUNCTION_TABLE, *PIA64_DYNAMIC_FUNCTION_TABLE;
#define IA64_RF_BEGIN_ADDRESS(Base,RF) (( (ULONG64) Base + (RF)->BeginAddress) & (0xFFFFFFFFFFFFFFF0)) // Instruction Size 16 bytes
#define IA64_RF_END_ADDRESS(Base, RF) (((ULONG64) Base + (RF)->EndAddress+15) & (0xFFFFFFFFFFFFFFF0)) // Instruction Size 16 bytes
typedef enum _AMD64_FUNCTION_TABLE_TYPE { AMD64_RF_SORTED, AMD64_RF_UNSORTED, AMD64_RF_CALLBACK} AMD64_FUNCTION_TABLE_TYPE;
typedef struct _AMD64_DYNAMIC_FUNCTION_TABLE{ LIST_ENTRY64 ListEntry; ULONG64 FunctionTable; LARGE_INTEGER TimeStamp; ULONG64 MinimumAddress; ULONG64 MaximumAddress; ULONG64 BaseAddress; ULONG64 Callback; ULONG64 Context; ULONG64 OutOfProcessCallbackDll; AMD64_FUNCTION_TABLE_TYPE Type; ULONG EntryCount;} AMD64_DYNAMIC_FUNCTION_TABLE, *PAMD64_DYNAMIC_FUNCTION_TABLE;
typedef struct _CROSS_PLATFORM_DYNAMIC_FUNCTION_TABLE {
union { ALPHA_DYNAMIC_FUNCTION_TABLE AlphaTable; AXP64_DYNAMIC_FUNCTION_TABLE Axp64Table; IA64_DYNAMIC_FUNCTION_TABLE IA64Table; AMD64_DYNAMIC_FUNCTION_TABLE Amd64Table; };
} CROSS_PLATFORM_DYNAMIC_FUNCTION_TABLE, *PCROSS_PLATFORM_DYNAMIC_FUNCTION_TABLE;
// More stuff currently used by crashdump
typedef struct _PAE_ADDRESS { union { struct { ULONG Offset : 12; // 0 .. 11
ULONG Table : 9; // 12 .. 20
ULONG Directory : 9; // 21 .. 29
ULONG DirectoryPointer : 2; // 30 .. 31
}; struct { ULONG Offset : 21 ; ULONG Directory : 9 ; ULONG DirectoryPointer : 2; } LargeAddress;
ULONG DwordPart; };} PAE_ADDRESS, * PPAE_ADDRESS;
typedef struct _X86PAE_HARDWARE_PTE { union { struct { ULONGLONG Valid : 1; ULONGLONG Write : 1; ULONGLONG Owner : 1; ULONGLONG WriteThrough : 1; ULONGLONG CacheDisable : 1; ULONGLONG Accessed : 1; ULONGLONG Dirty : 1; ULONGLONG LargePage : 1; ULONGLONG Global : 1; ULONGLONG CopyOnWrite : 1; // software field
ULONGLONG Prototype : 1; // software field
ULONGLONG reserved0 : 1; // software field
ULONGLONG PageFrameNumber : 24; ULONGLONG reserved1 : 28; // software field
}; struct { ULONG LowPart; ULONG HighPart; }; };} X86PAE_HARDWARE_PTE, *PX86PAE_HARDWARE_PTE;
typedef X86PAE_HARDWARE_PTE X86PAE_HARDWARE_PDPTE;
typedef struct _X86PAE_HARDWARE_PDE { union { struct _X86PAE_HARDWARE_PTE Pte;
struct { ULONGLONG Valid : 1; ULONGLONG Write : 1; ULONGLONG Owner : 1; ULONGLONG WriteThrough : 1; ULONGLONG CacheDisable : 1; ULONGLONG Accessed : 1; ULONGLONG Dirty : 1; ULONGLONG LargePage : 1; ULONGLONG Global : 1; ULONGLONG CopyOnWrite : 1; ULONGLONG Prototype : 1; ULONGLONG reserved0 : 1; ULONGLONG reserved2 : 9; ULONGLONG PageFrameNumber : 15; ULONGLONG reserved1 : 28; } Large;
ULONGLONG QuadPart; };} X86PAE_HARDWARE_PDE;
#if defined(_X86_)
typedef X86_DBGKD_CONTROL_REPORT DBGKD_CONTROL_REPORT;typedef X86_DBGKD_CONTROL_SET DBGKD_CONTROL_SET;#elif defined(_ALPHA_)
typedef ALPHA_DBGKD_CONTROL_REPORT DBGKD_CONTROL_REPORT;typedef ALPHA_DBGKD_CONTROL_SET DBGKD_CONTROL_SET;#elif defined(_IA64_)
typedef IA64_DBGKD_CONTROL_REPORT DBGKD_CONTROL_REPORT;typedef IA64_DBGKD_CONTROL_SET DBGKD_CONTROL_SET;#elif defined(_AMD64_)
typedef AMD64_DBGKD_CONTROL_REPORT DBGKD_CONTROL_REPORT;typedef AMD64_DBGKD_CONTROL_SET DBGKD_CONTROL_SET;#endif
//
// DbgKd APIs are for the portable kernel debugger
//
//
// KD_PACKETS are the low level data format used in KD. All packets
// begin with a packet leader, byte count, packet type. The sequence
// for accepting a packet is:
//
// - read 4 bytes to get packet leader. If read times out (10 seconds)
// with a short read, or if packet leader is incorrect, then retry
// the read.
//
// - next read 2 byte packet type. If read times out (10 seconds) with
// a short read, or if packet type is bad, then start again looking
// for a packet leader.
//
// - next read 4 byte packet Id. If read times out (10 seconds)
// with a short read, or if packet Id is not what we expect, then
// ask for resend and restart again looking for a packet leader.
//
// - next read 2 byte count. If read times out (10 seconds) with
// a short read, or if byte count is greater than PACKET_MAX_SIZE,
// then start again looking for a packet leader.
//
// - next read 4 byte packet data checksum.
//
// - The packet data immediately follows the packet. There should be
// ByteCount bytes following the packet header. Read the packet
// data, if read times out (10 seconds) then start again looking for
// a packet leader.
//
typedef struct _KD_PACKET { ULONG PacketLeader; USHORT PacketType; USHORT ByteCount; ULONG PacketId; ULONG Checksum;} KD_PACKET, *PKD_PACKET;
#define PACKET_MAX_SIZE 4000
#define INITIAL_PACKET_ID 0x80800000 // Don't use 0
#define SYNC_PACKET_ID 0x00000800 // Or in with INITIAL_PACKET_ID
// to force a packet ID reset.
//
// BreakIn packet
//
#define BREAKIN_PACKET 0x62626262
#define BREAKIN_PACKET_BYTE 0x62
//
// Packet lead in sequence
//
#define PACKET_LEADER 0x30303030 //0x77000077
#define PACKET_LEADER_BYTE 0x30
#define CONTROL_PACKET_LEADER 0x69696969
#define CONTROL_PACKET_LEADER_BYTE 0x69
//
// Packet Trailing Byte
//
#define PACKET_TRAILING_BYTE 0xAA
//
// Packet Types
//
#define PACKET_TYPE_UNUSED 0
#define PACKET_TYPE_KD_STATE_CHANGE32 1
#define PACKET_TYPE_KD_STATE_MANIPULATE 2
#define PACKET_TYPE_KD_DEBUG_IO 3
#define PACKET_TYPE_KD_ACKNOWLEDGE 4 // Packet-control type
#define PACKET_TYPE_KD_RESEND 5 // Packet-control type
#define PACKET_TYPE_KD_RESET 6 // Packet-control type
#define PACKET_TYPE_KD_STATE_CHANGE64 7
#define PACKET_TYPE_KD_POLL_BREAKIN 8
#define PACKET_TYPE_KD_TRACE_IO 9
#define PACKET_TYPE_KD_CONTROL_REQUEST 10
#define PACKET_TYPE_KD_FILE_IO 11
#define PACKET_TYPE_MAX 12
//
// If the packet type is PACKET_TYPE_KD_STATE_CHANGE, then
// the format of the packet data is as follows:
//
#define DbgKdMinimumStateChange 0x00003030L
#define DbgKdExceptionStateChange 0x00003030L
#define DbgKdLoadSymbolsStateChange 0x00003031L
#define DbgKdCommandStringStateChange 0x00003032L
#define DbgKdMaximumStateChange 0x00003033L
#define KD_REBOOT (-1)
#define KD_HIBERNATE (-2)
//
// Pathname Data follows directly
//
typedef struct _DBGKD_LOAD_SYMBOLS32 { ULONG PathNameLength; ULONG BaseOfDll; ULONG ProcessId; ULONG CheckSum; ULONG SizeOfImage; BOOLEAN UnloadSymbols;} DBGKD_LOAD_SYMBOLS32, *PDBGKD_LOAD_SYMBOLS32;
typedef struct _DBGKD_LOAD_SYMBOLS64 { ULONG PathNameLength; ULONG64 BaseOfDll; ULONG64 ProcessId; ULONG CheckSum; ULONG SizeOfImage; BOOLEAN UnloadSymbols;} DBGKD_LOAD_SYMBOLS64, *PDBGKD_LOAD_SYMBOLS64;
__inlinevoidDbgkdLoadSymbols32To64( IN PDBGKD_LOAD_SYMBOLS32 Ls32, OUT PDBGKD_LOAD_SYMBOLS64 Ls64 ){ Ls64->PathNameLength = Ls32->PathNameLength; Ls64->ProcessId = Ls32->ProcessId; COPYSE(Ls64,Ls32,BaseOfDll); Ls64->CheckSum = Ls32->CheckSum; Ls64->SizeOfImage = Ls32->SizeOfImage; Ls64->UnloadSymbols = Ls32->UnloadSymbols;}
__inlinevoidLoadSymbols64To32( IN PDBGKD_LOAD_SYMBOLS64 Ls64, OUT PDBGKD_LOAD_SYMBOLS32 Ls32 ){ Ls32->PathNameLength = Ls64->PathNameLength; Ls32->ProcessId = (ULONG)Ls64->ProcessId; Ls32->BaseOfDll = (ULONG)Ls64->BaseOfDll; Ls32->CheckSum = Ls64->CheckSum; Ls32->SizeOfImage = Ls64->SizeOfImage; Ls32->UnloadSymbols = Ls64->UnloadSymbols;}
//
// This structure is currently all zeroes.
// It just reserves a structure name for future use.
//
typedef struct _DBGKD_COMMAND_STRING { ULONG Flags; ULONG Reserved1; ULONG64 Reserved2[7];} DBGKD_COMMAND_STRING, *PDBGKD_COMMAND_STRING;
#ifdef _IA64_
#include <pshpck16.h>
#endif
typedef struct _DBGKD_WAIT_STATE_CHANGE32 { ULONG NewState; USHORT ProcessorLevel; USHORT Processor; ULONG NumberProcessors; ULONG Thread; ULONG ProgramCounter; union { DBGKM_EXCEPTION32 Exception; DBGKD_LOAD_SYMBOLS32 LoadSymbols; } u; // A processor-specific control report and context follows.
} DBGKD_WAIT_STATE_CHANGE32, *PDBGKD_WAIT_STATE_CHANGE32;
// Protocol version 5 64-bit state change.
typedef struct _DBGKD_WAIT_STATE_CHANGE64 { ULONG NewState; USHORT ProcessorLevel; USHORT Processor; ULONG NumberProcessors; ULONG64 Thread; ULONG64 ProgramCounter; union { DBGKM_EXCEPTION64 Exception; DBGKD_LOAD_SYMBOLS64 LoadSymbols; } u; // A processor-specific control report and context follows.
} DBGKD_WAIT_STATE_CHANGE64, *PDBGKD_WAIT_STATE_CHANGE64;
// Protocol version 6 state change.
typedef struct _DBGKD_ANY_WAIT_STATE_CHANGE { ULONG NewState; USHORT ProcessorLevel; USHORT Processor; ULONG NumberProcessors; ULONG64 Thread; ULONG64 ProgramCounter; union { DBGKM_EXCEPTION64 Exception; DBGKD_LOAD_SYMBOLS64 LoadSymbols; DBGKD_COMMAND_STRING CommandString; } u; // The ANY control report is unioned here to
// ensure that this structure is always large
// enough to hold any possible state change.
union { DBGKD_CONTROL_REPORT ControlReport; DBGKD_ANY_CONTROL_REPORT AnyControlReport; };} DBGKD_ANY_WAIT_STATE_CHANGE, *PDBGKD_ANY_WAIT_STATE_CHANGE;
#ifdef _IA64_
#include <poppack.h>
#endif
//
// If the packet type is PACKET_TYPE_KD_STATE_MANIPULATE, then
// the format of the packet data is as follows:
//
// Api Numbers for state manipulation
//
#define DbgKdMinimumManipulate 0x00003130L
#define DbgKdReadVirtualMemoryApi 0x00003130L
#define DbgKdWriteVirtualMemoryApi 0x00003131L
#define DbgKdGetContextApi 0x00003132L
#define DbgKdSetContextApi 0x00003133L
#define DbgKdWriteBreakPointApi 0x00003134L
#define DbgKdRestoreBreakPointApi 0x00003135L
#define DbgKdContinueApi 0x00003136L
#define DbgKdReadControlSpaceApi 0x00003137L
#define DbgKdWriteControlSpaceApi 0x00003138L
#define DbgKdReadIoSpaceApi 0x00003139L
#define DbgKdWriteIoSpaceApi 0x0000313AL
#define DbgKdRebootApi 0x0000313BL
#define DbgKdContinueApi2 0x0000313CL
#define DbgKdReadPhysicalMemoryApi 0x0000313DL
#define DbgKdWritePhysicalMemoryApi 0x0000313EL
//#define DbgKdQuerySpecialCallsApi 0x0000313FL
#define DbgKdSetSpecialCallApi 0x00003140L
#define DbgKdClearSpecialCallsApi 0x00003141L
#define DbgKdSetInternalBreakPointApi 0x00003142L
#define DbgKdGetInternalBreakPointApi 0x00003143L
#define DbgKdReadIoSpaceExtendedApi 0x00003144L
#define DbgKdWriteIoSpaceExtendedApi 0x00003145L
#define DbgKdGetVersionApi 0x00003146L
#define DbgKdWriteBreakPointExApi 0x00003147L
#define DbgKdRestoreBreakPointExApi 0x00003148L
#define DbgKdCauseBugCheckApi 0x00003149L
#define DbgKdSwitchProcessor 0x00003150L
#define DbgKdPageInApi 0x00003151L // obsolete
#define DbgKdReadMachineSpecificRegister 0x00003152L
#define DbgKdWriteMachineSpecificRegister 0x00003153L
#define OldVlm1 0x00003154L
#define OldVlm2 0x00003155L
#define DbgKdSearchMemoryApi 0x00003156L
#define DbgKdGetBusDataApi 0x00003157L
#define DbgKdSetBusDataApi 0x00003158L
#define DbgKdCheckLowMemoryApi 0x00003159L
#define DbgKdClearAllInternalBreakpointsApi 0x0000315AL
#define DbgKdFillMemoryApi 0x0000315BL
#define DbgKdQueryMemoryApi 0x0000315CL
#define DbgKdMaximumManipulate 0x0000315DL
//
// Physical memory caching flags.
// These flags can be passed in on physical memory
// access requests in the ActualBytes field.
//
#define DBGKD_CACHING_UNKNOWN 0
#define DBGKD_CACHING_CACHED 1
#define DBGKD_CACHING_UNCACHED 2
#define DBGKD_CACHING_WRITE_COMBINED 3
//
// Response is a read memory message with data following
//
typedef struct _DBGKD_READ_MEMORY32 { ULONG TargetBaseAddress; ULONG TransferCount; ULONG ActualBytesRead;} DBGKD_READ_MEMORY32, *PDBGKD_READ_MEMORY32;
typedef struct _DBGKD_READ_MEMORY64 { ULONG64 TargetBaseAddress; ULONG TransferCount; ULONG ActualBytesRead;} DBGKD_READ_MEMORY64, *PDBGKD_READ_MEMORY64;
__inlinevoidDbgkdReadMemory32To64( IN PDBGKD_READ_MEMORY32 r32, OUT PDBGKD_READ_MEMORY64 r64 ){ COPYSE(r64,r32,TargetBaseAddress); r64->TransferCount = r32->TransferCount; r64->ActualBytesRead = r32->ActualBytesRead;}
__inlinevoidDbgkdReadMemory64To32( IN PDBGKD_READ_MEMORY64 r64, OUT PDBGKD_READ_MEMORY32 r32 ){ r32->TargetBaseAddress = (ULONG)r64->TargetBaseAddress; r32->TransferCount = r64->TransferCount; r32->ActualBytesRead = r64->ActualBytesRead;}
//
// Data follows directly
//
typedef struct _DBGKD_WRITE_MEMORY32 { ULONG TargetBaseAddress; ULONG TransferCount; ULONG ActualBytesWritten;} DBGKD_WRITE_MEMORY32, *PDBGKD_WRITE_MEMORY32;
typedef struct _DBGKD_WRITE_MEMORY64 { ULONG64 TargetBaseAddress; ULONG TransferCount; ULONG ActualBytesWritten;} DBGKD_WRITE_MEMORY64, *PDBGKD_WRITE_MEMORY64;
__inlinevoidDbgkdWriteMemory32To64( IN PDBGKD_WRITE_MEMORY32 r32, OUT PDBGKD_WRITE_MEMORY64 r64 ){ COPYSE(r64,r32,TargetBaseAddress); r64->TransferCount = r32->TransferCount; r64->ActualBytesWritten = r32->ActualBytesWritten;}
__inlinevoidDbgkdWriteMemory64To32( IN PDBGKD_WRITE_MEMORY64 r64, OUT PDBGKD_WRITE_MEMORY32 r32 ){ r32->TargetBaseAddress = (ULONG)r64->TargetBaseAddress; r32->TransferCount = r64->TransferCount; r32->ActualBytesWritten = r64->ActualBytesWritten;}//
// Response is a get context message with a full context record following
//
typedef struct _DBGKD_GET_CONTEXT { ULONG Unused;} DBGKD_GET_CONTEXT, *PDBGKD_GET_CONTEXT;
//
// Full Context record follows
//
typedef struct _DBGKD_SET_CONTEXT { ULONG ContextFlags;} DBGKD_SET_CONTEXT, *PDBGKD_SET_CONTEXT;
#define BREAKPOINT_TABLE_SIZE 32 // max number supported by kernel
typedef struct _DBGKD_WRITE_BREAKPOINT32 { ULONG BreakPointAddress; ULONG BreakPointHandle;} DBGKD_WRITE_BREAKPOINT32, *PDBGKD_WRITE_BREAKPOINT32;
typedef struct _DBGKD_WRITE_BREAKPOINT64 { ULONG64 BreakPointAddress; ULONG BreakPointHandle;} DBGKD_WRITE_BREAKPOINT64, *PDBGKD_WRITE_BREAKPOINT64;
__inlinevoidDbgkdWriteBreakpoint32To64( IN PDBGKD_WRITE_BREAKPOINT32 r32, OUT PDBGKD_WRITE_BREAKPOINT64 r64 ){ COPYSE(r64,r32,BreakPointAddress); r64->BreakPointHandle = r32->BreakPointHandle;}
__inlinevoidDbgkdWriteBreakpoint64To32( IN PDBGKD_WRITE_BREAKPOINT64 r64, OUT PDBGKD_WRITE_BREAKPOINT32 r32 ){ r32->BreakPointAddress = (ULONG)r64->BreakPointAddress; r32->BreakPointHandle = r64->BreakPointHandle;}
typedef struct _DBGKD_RESTORE_BREAKPOINT { ULONG BreakPointHandle;} DBGKD_RESTORE_BREAKPOINT, *PDBGKD_RESTORE_BREAKPOINT;
typedef struct _DBGKD_BREAKPOINTEX { ULONG BreakPointCount; NTSTATUS ContinueStatus;} DBGKD_BREAKPOINTEX, *PDBGKD_BREAKPOINTEX;
typedef struct _DBGKD_CONTINUE { NTSTATUS ContinueStatus;} DBGKD_CONTINUE, *PDBGKD_CONTINUE;
// This structure must be 32-bit packed for
// for compatibility with older, processor-specific
// versions of this structure.
#include <pshpack4.h>
typedef struct _DBGKD_CONTINUE2 { NTSTATUS ContinueStatus; // The ANY control set is unioned here to
// ensure that this structure is always large
// enough to hold any possible continue.
union { DBGKD_CONTROL_SET ControlSet; DBGKD_ANY_CONTROL_SET AnyControlSet; };} DBGKD_CONTINUE2, *PDBGKD_CONTINUE2;
#include <poppack.h>
typedef struct _DBGKD_READ_WRITE_IO32 { ULONG DataSize; // 1, 2, 4
ULONG IoAddress; ULONG DataValue;} DBGKD_READ_WRITE_IO32, *PDBGKD_READ_WRITE_IO32;
typedef struct _DBGKD_READ_WRITE_IO64 { ULONG64 IoAddress; ULONG DataSize; // 1, 2, 4
ULONG DataValue;} DBGKD_READ_WRITE_IO64, *PDBGKD_READ_WRITE_IO64;
__inlinevoidDbgkdReadWriteIo32To64( IN PDBGKD_READ_WRITE_IO32 r32, OUT PDBGKD_READ_WRITE_IO64 r64 ){ COPYSE(r64,r32,IoAddress); r64->DataSize = r32->DataSize; r64->DataValue = r32->DataValue;}
__inlinevoidDbgkdReadWriteIo64To32( IN PDBGKD_READ_WRITE_IO64 r64, OUT PDBGKD_READ_WRITE_IO32 r32 ){ r32->IoAddress = (ULONG)r64->IoAddress; r32->DataSize = r64->DataSize; r32->DataValue = r64->DataValue;}
typedef struct _DBGKD_READ_WRITE_IO_EXTENDED32 { ULONG DataSize; // 1, 2, 4
ULONG InterfaceType; ULONG BusNumber; ULONG AddressSpace; ULONG IoAddress; ULONG DataValue;} DBGKD_READ_WRITE_IO_EXTENDED32, *PDBGKD_READ_WRITE_IO_EXTENDED32;
typedef struct _DBGKD_READ_WRITE_IO_EXTENDED64 { ULONG DataSize; // 1, 2, 4
ULONG InterfaceType; ULONG BusNumber; ULONG AddressSpace; ULONG64 IoAddress; ULONG DataValue;} DBGKD_READ_WRITE_IO_EXTENDED64, *PDBGKD_READ_WRITE_IO_EXTENDED64;
__inlinevoidDbgkdReadWriteIoExtended32To64( IN PDBGKD_READ_WRITE_IO_EXTENDED32 r32, OUT PDBGKD_READ_WRITE_IO_EXTENDED64 r64 ){ r64->DataSize = r32->DataSize; r64->InterfaceType = r32->InterfaceType; r64->BusNumber = r32->BusNumber; r64->AddressSpace = r32->AddressSpace; COPYSE(r64,r32,IoAddress); r64->DataValue = r32->DataValue;}
__inlinevoidDbgkdReadWriteIoExtended64To32( IN PDBGKD_READ_WRITE_IO_EXTENDED64 r64, OUT PDBGKD_READ_WRITE_IO_EXTENDED32 r32 ){ r32->DataSize = r64->DataSize; r32->InterfaceType = r64->InterfaceType; r32->BusNumber = r64->BusNumber; r32->AddressSpace = r64->AddressSpace; r32->IoAddress = (ULONG)r64-> IoAddress; r32->DataValue = r64->DataValue;}
typedef struct _DBGKD_READ_WRITE_MSR { ULONG Msr; ULONG DataValueLow; ULONG DataValueHigh;} DBGKD_READ_WRITE_MSR, *PDBGKD_READ_WRITE_MSR;
typedef struct _DBGKD_QUERY_SPECIAL_CALLS { ULONG NumberOfSpecialCalls; // ULONG64 SpecialCalls[];
} DBGKD_QUERY_SPECIAL_CALLS, *PDBGKD_QUERY_SPECIAL_CALLS;
typedef struct _DBGKD_SET_SPECIAL_CALL32 { ULONG SpecialCall;} DBGKD_SET_SPECIAL_CALL32, *PDBGKD_SET_SPECIAL_CALL32;
typedef struct _DBGKD_SET_SPECIAL_CALL64 { ULONG64 SpecialCall;} DBGKD_SET_SPECIAL_CALL64, *PDBGKD_SET_SPECIAL_CALL64;
__inlinevoidDbgkdSetSpecialCall64To32( IN PDBGKD_SET_SPECIAL_CALL64 r64, OUT PDBGKD_SET_SPECIAL_CALL32 r32 ){ r32->SpecialCall = (ULONG)r64->SpecialCall;}
#define DBGKD_MAX_INTERNAL_BREAKPOINTS 20
typedef struct _DBGKD_SET_INTERNAL_BREAKPOINT32 { ULONG BreakpointAddress; ULONG Flags;} DBGKD_SET_INTERNAL_BREAKPOINT32, *PDBGKD_SET_INTERNAL_BREAKPOINT32;
typedef struct _DBGKD_SET_INTERNAL_BREAKPOINT64 { ULONG64 BreakpointAddress; ULONG Flags;} DBGKD_SET_INTERNAL_BREAKPOINT64, *PDBGKD_SET_INTERNAL_BREAKPOINT64;
__inlinevoidDbgkdSetInternalBreakpoint64To32( IN PDBGKD_SET_INTERNAL_BREAKPOINT64 r64, OUT PDBGKD_SET_INTERNAL_BREAKPOINT32 r32 ){ r32->BreakpointAddress = (ULONG)r64->BreakpointAddress; r32->Flags = r64->Flags;}
typedef struct _DBGKD_GET_INTERNAL_BREAKPOINT32 { ULONG BreakpointAddress; ULONG Flags; ULONG Calls; ULONG MaxCallsPerPeriod; ULONG MinInstructions; ULONG MaxInstructions; ULONG TotalInstructions;} DBGKD_GET_INTERNAL_BREAKPOINT32, *PDBGKD_GET_INTERNAL_BREAKPOINT32;
typedef struct _DBGKD_GET_INTERNAL_BREAKPOINT64 { ULONG64 BreakpointAddress; ULONG Flags; ULONG Calls; ULONG MaxCallsPerPeriod; ULONG MinInstructions; ULONG MaxInstructions; ULONG TotalInstructions;} DBGKD_GET_INTERNAL_BREAKPOINT64, *PDBGKD_GET_INTERNAL_BREAKPOINT64;
__inlinevoidDbgkdGetInternalBreakpoint32To64( IN PDBGKD_GET_INTERNAL_BREAKPOINT32 r32, OUT PDBGKD_GET_INTERNAL_BREAKPOINT64 r64 ){ COPYSE(r64,r32,BreakpointAddress); r64->Flags = r32->Flags; r64->Calls = r32->Calls; r64->MaxCallsPerPeriod = r32->MaxCallsPerPeriod; r64->MinInstructions = r32->MinInstructions; r64->MaxInstructions = r32->MaxInstructions; r64->TotalInstructions = r32->TotalInstructions;}
__inlinevoidDbgkdGetInternalBreakpoint64To32( IN PDBGKD_GET_INTERNAL_BREAKPOINT64 r64, OUT PDBGKD_GET_INTERNAL_BREAKPOINT32 r32 ){ r32->BreakpointAddress = (ULONG)r64->BreakpointAddress; r32->Flags = r64->Flags; r32->Calls = r64->Calls; r32->MaxCallsPerPeriod = r64->MaxCallsPerPeriod; r32->MinInstructions = r64->MinInstructions; r32->MaxInstructions = r64->MaxInstructions; r32->TotalInstructions = r64->TotalInstructions;}
#define DBGKD_INTERNAL_BP_FLAG_COUNTONLY 0x00000001 // don't count instructions
#define DBGKD_INTERNAL_BP_FLAG_INVALID 0x00000002 // disabled BP
#define DBGKD_INTERNAL_BP_FLAG_SUSPENDED 0x00000004 // temporarily suspended
#define DBGKD_INTERNAL_BP_FLAG_DYING 0x00000008 // kill on exit
//
// The packet protocol was widened to 64 bits in version 5.
// The PTR64 flag allows the debugger to read the right
// size of pointer when neccessary.
//
// The version packet was changed in the same revision, to remove the
// data that are now available in KDDEBUGGER_DATA.
//
// Version 6 adjusted the structures to use
// cross-platform versions all the time.
//
#define DBGKD_64BIT_PROTOCOL_VERSION1 5
#define DBGKD_64BIT_PROTOCOL_VERSION2 6
typedef struct _DBGKD_SEARCH_MEMORY { union { ULONG64 SearchAddress; ULONG64 FoundAddress; }; ULONG64 SearchLength; ULONG PatternLength;} DBGKD_SEARCH_MEMORY, *PDBGKD_SEARCH_MEMORY;
typedef struct _DBGKD_GET_SET_BUS_DATA { ULONG BusDataType; ULONG BusNumber; ULONG SlotNumber; ULONG Offset; ULONG Length;} DBGKD_GET_SET_BUS_DATA, *PDBGKD_GET_SET_BUS_DATA;
#define DBGKD_FILL_MEMORY_VIRTUAL 0x00000001
#define DBGKD_FILL_MEMORY_PHYSICAL 0x00000002
typedef struct _DBGKD_FILL_MEMORY { ULONG64 Address; ULONG Length; USHORT Flags; USHORT PatternLength;} DBGKD_FILL_MEMORY, *PDBGKD_FILL_MEMORY;
// Input AddressSpace values.
#define DBGKD_QUERY_MEMORY_VIRTUAL 0x00000000
// Output AddressSpace values.
#define DBGKD_QUERY_MEMORY_PROCESS 0x00000000
#define DBGKD_QUERY_MEMORY_SESSION 0x00000001
#define DBGKD_QUERY_MEMORY_KERNEL 0x00000002
// Output Flags.
// Currently the kernel always returns rwx.
#define DBGKD_QUERY_MEMORY_READ 0x00000001
#define DBGKD_QUERY_MEMORY_WRITE 0x00000002
#define DBGKD_QUERY_MEMORY_EXECUTE 0x00000004
#define DBGKD_QUERY_MEMORY_FIXED 0x00000008
typedef struct _DBGKD_QUERY_MEMORY { ULONG64 Address; ULONG64 Reserved; ULONG AddressSpace; ULONG Flags;} DBGKD_QUERY_MEMORY, *PDBGKD_QUERY_MEMORY;
#include <pshpack4.h>
typedef struct _DBGKD_MANIPULATE_STATE32 { ULONG ApiNumber; USHORT ProcessorLevel; USHORT Processor; NTSTATUS ReturnStatus; union { DBGKD_READ_MEMORY32 ReadMemory; DBGKD_WRITE_MEMORY32 WriteMemory; DBGKD_READ_MEMORY64 ReadMemory64; DBGKD_WRITE_MEMORY64 WriteMemory64; DBGKD_GET_CONTEXT GetContext; DBGKD_SET_CONTEXT SetContext; DBGKD_WRITE_BREAKPOINT32 WriteBreakPoint; DBGKD_RESTORE_BREAKPOINT RestoreBreakPoint; DBGKD_CONTINUE Continue; DBGKD_CONTINUE2 Continue2; DBGKD_READ_WRITE_IO32 ReadWriteIo; DBGKD_READ_WRITE_IO_EXTENDED32 ReadWriteIoExtended; DBGKD_QUERY_SPECIAL_CALLS QuerySpecialCalls; DBGKD_SET_SPECIAL_CALL32 SetSpecialCall; DBGKD_SET_INTERNAL_BREAKPOINT32 SetInternalBreakpoint; DBGKD_GET_INTERNAL_BREAKPOINT32 GetInternalBreakpoint; DBGKD_GET_VERSION32 GetVersion32; DBGKD_BREAKPOINTEX BreakPointEx; DBGKD_READ_WRITE_MSR ReadWriteMsr; DBGKD_SEARCH_MEMORY SearchMemory; } u;} DBGKD_MANIPULATE_STATE32, *PDBGKD_MANIPULATE_STATE32;
#include <poppack.h>
typedef struct _DBGKD_MANIPULATE_STATE64 { ULONG ApiNumber; USHORT ProcessorLevel; USHORT Processor; NTSTATUS ReturnStatus; union { DBGKD_READ_MEMORY64 ReadMemory; DBGKD_WRITE_MEMORY64 WriteMemory; DBGKD_GET_CONTEXT GetContext; DBGKD_SET_CONTEXT SetContext; DBGKD_WRITE_BREAKPOINT64 WriteBreakPoint; DBGKD_RESTORE_BREAKPOINT RestoreBreakPoint; DBGKD_CONTINUE Continue; DBGKD_CONTINUE2 Continue2; DBGKD_READ_WRITE_IO64 ReadWriteIo; DBGKD_READ_WRITE_IO_EXTENDED64 ReadWriteIoExtended; DBGKD_QUERY_SPECIAL_CALLS QuerySpecialCalls; DBGKD_SET_SPECIAL_CALL64 SetSpecialCall; DBGKD_SET_INTERNAL_BREAKPOINT64 SetInternalBreakpoint; DBGKD_GET_INTERNAL_BREAKPOINT64 GetInternalBreakpoint; DBGKD_GET_VERSION64 GetVersion64; DBGKD_BREAKPOINTEX BreakPointEx; DBGKD_READ_WRITE_MSR ReadWriteMsr; DBGKD_SEARCH_MEMORY SearchMemory; DBGKD_GET_SET_BUS_DATA GetSetBusData; DBGKD_FILL_MEMORY FillMemory; DBGKD_QUERY_MEMORY QueryMemory; } u;} DBGKD_MANIPULATE_STATE64, *PDBGKD_MANIPULATE_STATE64;
__inlineULONGDbgkdManipulateState32To64( IN PDBGKD_MANIPULATE_STATE32 r32, OUT PDBGKD_MANIPULATE_STATE64 r64, OUT PULONG AdditionalDataSize ){ r64->ApiNumber = r32->ApiNumber; r64->ProcessorLevel = r32->ProcessorLevel; r64->Processor = r32->Processor; r64->ReturnStatus = r32->ReturnStatus;
*AdditionalDataSize = 0;
//
// translate the messages which may be sent by the kernel
//
switch (r64->ApiNumber) {
case DbgKdSetContextApi: case DbgKdRestoreBreakPointApi: case DbgKdContinueApi: case DbgKdContinueApi2: case DbgKdRebootApi: case DbgKdClearSpecialCallsApi: case DbgKdRestoreBreakPointExApi: case DbgKdCauseBugCheckApi: case DbgKdSwitchProcessor: case DbgKdWriteMachineSpecificRegister: case DbgKdWriteIoSpaceApi: case DbgKdSetSpecialCallApi: case DbgKdSetInternalBreakPointApi: case DbgKdWriteIoSpaceExtendedApi: break;
case DbgKdReadMachineSpecificRegister: r64->u.ReadWriteMsr = r32->u.ReadWriteMsr; break;
//
// GetVersion may need to be handled by the calling code;
// it needs to call DbgkdGetVersion32To64 with the DebuggerDataBlock.
//
case DbgKdGetVersionApi: break;
case DbgKdGetContextApi: *AdditionalDataSize = sizeof(CONTEXT); break;
//case DbgKdQuerySpecialCallsApi:
// r64->u.QuerySpecialCalls = r32->u.QuerySpecialCalls;
// *AdditionalDataSize = r64->u.QuerySpecialCalls.NumberOfSpecialCalls * sizeof(ULONG);
// break;
case DbgKdWriteBreakPointExApi: r64->u.BreakPointEx = r32->u.BreakPointEx; *AdditionalDataSize = r64->u.BreakPointEx.BreakPointCount * sizeof(ULONG); break;
case DbgKdReadVirtualMemoryApi: case DbgKdReadPhysicalMemoryApi: case DbgKdReadControlSpaceApi: DbgkdReadMemory32To64(&r32->u.ReadMemory, &r64->u.ReadMemory); if (NT_SUCCESS(r32->ReturnStatus)) { *AdditionalDataSize = r64->u.ReadMemory.ActualBytesRead; } break;
case DbgKdWriteVirtualMemoryApi: case DbgKdWritePhysicalMemoryApi: case DbgKdWriteControlSpaceApi: DbgkdWriteMemory32To64(&r32->u.WriteMemory, &r64->u.WriteMemory); break;
case DbgKdWriteBreakPointApi: DbgkdWriteBreakpoint32To64(&r32->u.WriteBreakPoint, &r64->u.WriteBreakPoint); break;
case DbgKdReadIoSpaceApi: DbgkdReadWriteIo32To64(&r32->u.ReadWriteIo, &r64->u.ReadWriteIo); break;
case DbgKdReadIoSpaceExtendedApi: DbgkdReadWriteIoExtended32To64(&r32->u.ReadWriteIoExtended, &r64->u.ReadWriteIoExtended); break;
case DbgKdGetInternalBreakPointApi: DbgkdGetInternalBreakpoint32To64(&r32->u.GetInternalBreakpoint, &r64->u.GetInternalBreakpoint); break;
case DbgKdSearchMemoryApi: r64->u.SearchMemory = r32->u.SearchMemory; break; }
return sizeof(DBGKD_MANIPULATE_STATE64);}
__inlineULONGDbgkdManipulateState64To32( IN PDBGKD_MANIPULATE_STATE64 r64, OUT PDBGKD_MANIPULATE_STATE32 r32 ){ r32->ApiNumber = r64->ApiNumber; r32->ProcessorLevel = r64->ProcessorLevel; r32->Processor = r64->Processor; r32->ReturnStatus = r64->ReturnStatus;
//
// translate the messages sent by the debugger
//
switch (r32->ApiNumber) {
//
// These send nothing in the u part.
case DbgKdGetContextApi: case DbgKdSetContextApi: case DbgKdClearSpecialCallsApi: case DbgKdRebootApi: case DbgKdCauseBugCheckApi: case DbgKdSwitchProcessor: break;
case DbgKdRestoreBreakPointApi: r32->u.RestoreBreakPoint = r64->u.RestoreBreakPoint; break;
case DbgKdContinueApi: r32->u.Continue = r64->u.Continue; break;
case DbgKdContinueApi2: r32->u.Continue2 = r64->u.Continue2; break;
//case DbgKdQuerySpecialCallsApi:
// r32->u.QuerySpecialCalls = r64->u.QuerySpecialCalls;
// break;
case DbgKdRestoreBreakPointExApi: // NYI
break;
case DbgKdReadMachineSpecificRegister: case DbgKdWriteMachineSpecificRegister: r32->u.ReadWriteMsr = r64->u.ReadWriteMsr; break;
case DbgKdGetVersionApi: r32->u.GetVersion32.ProtocolVersion = r64->u.GetVersion64.ProtocolVersion; break;
case DbgKdWriteBreakPointExApi: r32->u.BreakPointEx = r64->u.BreakPointEx; break;
case DbgKdWriteVirtualMemoryApi: DbgkdWriteMemory64To32(&r64->u.WriteMemory, &r32->u.WriteMemory); break;
//
// 32 bit systems only support 32 bit physical r/w
//
case DbgKdReadControlSpaceApi: case DbgKdReadVirtualMemoryApi: case DbgKdReadPhysicalMemoryApi: DbgkdReadMemory64To32(&r64->u.ReadMemory, &r32->u.ReadMemory); break;
case DbgKdWritePhysicalMemoryApi: DbgkdWriteMemory64To32(&r64->u.WriteMemory, &r32->u.WriteMemory); break;
case DbgKdWriteBreakPointApi: DbgkdWriteBreakpoint64To32(&r64->u.WriteBreakPoint, &r32->u.WriteBreakPoint); break;
case DbgKdWriteControlSpaceApi: DbgkdWriteMemory64To32(&r64->u.WriteMemory, &r32->u.WriteMemory); break;
case DbgKdReadIoSpaceApi: case DbgKdWriteIoSpaceApi: DbgkdReadWriteIo64To32(&r64->u.ReadWriteIo, &r32->u.ReadWriteIo); break;
case DbgKdSetSpecialCallApi: DbgkdSetSpecialCall64To32(&r64->u.SetSpecialCall, &r32->u.SetSpecialCall); break;
case DbgKdSetInternalBreakPointApi: DbgkdSetInternalBreakpoint64To32(&r64->u.SetInternalBreakpoint, &r32->u.SetInternalBreakpoint); break;
case DbgKdGetInternalBreakPointApi: DbgkdGetInternalBreakpoint64To32(&r64->u.GetInternalBreakpoint, &r32->u.GetInternalBreakpoint); break;
case DbgKdReadIoSpaceExtendedApi: case DbgKdWriteIoSpaceExtendedApi: DbgkdReadWriteIoExtended64To32(&r64->u.ReadWriteIoExtended, &r32->u.ReadWriteIoExtended); break;
case DbgKdSearchMemoryApi: r32->u.SearchMemory = r64->u.SearchMemory; break; }
return sizeof(DBGKD_MANIPULATE_STATE32);}
//
// This is the format for the trace data passed back from the kernel to
// the debugger to describe multiple calls that have returned since the
// last trip back. The basic format is that there are a bunch of these
// (4 byte) unions stuck together. Each union is of one of two types: a
// 4 byte unsigned long integer, or a three field struct, describing a
// call (where "call" is delimited by returning or exiting the symbol
// scope). If the number of instructions executed is too big to fit
// into a USHORT -1, then the Instructions field has
// TRACE_DATA_INSTRUCTIONS_BIG and the next union is a LongNumber
// containing the real number of instructions executed.
//
// The very first union returned in each callback is a LongNumber
// containing the number of unions returned (including the "size"
// record, so it's always at least 1 even if there's no data to return).
//
// This is all returned to the debugger when one of two things
// happens:
//
// 1) The pc moves out of all defined symbol ranges
// 2) The buffer of trace data entries is filled.
//
// The "trace done" case is hacked around on the debugger side. It
// guarantees that the pc address that indicates a trace exit never
// winds up in a defined symbol range.
//
// The only other complexity in this system is handling the SymbolNumber
// table. This table is kept in parallel by the kernel and the
// debugger. When the PC exits a known symbol range, the Begin and End
// symbol ranges are set by the debugger and are allocated to the next
// symbol slot upon return. "The next symbol slot" means the numerical
// next slot number, unless we've filled all slots, in which case it is
// #0. (ie., allocation is cyclic and not LRU or something). The
// SymbolNumber table is flushed when a SpecialCalls call is made (ie.,
// at the beginning of the WatchTrace).
//
typedef union _DBGKD_TRACE_DATA { struct { UCHAR SymbolNumber; CHAR LevelChange; USHORT Instructions; } s; ULONG LongNumber;} DBGKD_TRACE_DATA, *PDBGKD_TRACE_DATA;
#define TRACE_DATA_INSTRUCTIONS_BIG 0xffff
#define TRACE_DATA_BUFFER_MAX_SIZE 40
//
// If the packet type is PACKET_TYPE_KD_DEBUG_IO, then
// the format of the packet data is as follows:
//
#define DbgKdPrintStringApi 0x00003230L
#define DbgKdGetStringApi 0x00003231L
//
// For print string, the Null terminated string to print
// immediately follows the message
//
typedef struct _DBGKD_PRINT_STRING { ULONG LengthOfString;} DBGKD_PRINT_STRING, *PDBGKD_PRINT_STRING;
//
// For get string, the Null terminated prompt string
// immediately follows the message. The LengthOfStringRead
// field initially contains the maximum number of characters
// to read. Upon reply, this contains the number of bytes actually
// read. The data read immediately follows the message.
//
//
typedef struct _DBGKD_GET_STRING { ULONG LengthOfPromptString; ULONG LengthOfStringRead;} DBGKD_GET_STRING, *PDBGKD_GET_STRING;
typedef struct _DBGKD_DEBUG_IO { ULONG ApiNumber; USHORT ProcessorLevel; USHORT Processor; union { DBGKD_PRINT_STRING PrintString; DBGKD_GET_STRING GetString; } u;} DBGKD_DEBUG_IO, *PDBGKD_DEBUG_IO;
//
// If the packet type is PACKET_TYPE_KD_TRACE_IO, then
// the format of the packet data is as follows:
//
#define DbgKdPrintTraceApi 0x00003330L
//
// For print trace, the trace buffer data
// immediately follows the message
//
typedef struct _DBGKD_PRINT_TRACE { ULONG LengthOfData;} DBGKD_PRINT_TRACE, *PDBGKD_PRINT_TRACE;
typedef struct _DBGKD_TRACE_IO { ULONG ApiNumber; USHORT ProcessorLevel; USHORT Processor; union { ULONG64 ReserveSpace[7]; DBGKD_PRINT_TRACE PrintTrace; } u;} DBGKD_TRACE_IO, *PDBGKD_TRACE_IO;
//
// If the packet type is PACKET_TYPE_KD_CONTROL_REQUEST, then
// the format of the packet data is as follows:
//
#define DbgKdRequestHardwareBp 0x00004300L
#define DbgKdReleaseHardwareBp 0x00004301L
typedef struct _DBGKD_REQUEST_BREAKPOINT { ULONG HardwareBreakPointNumber; ULONG Available;} DBGKD_REQUEST_BREAKPOINT, *PDBGKD_REQUEST_BREAKPOINT;
typedef struct _DBGKD_RELEASE_BREAKPOINT { ULONG HardwareBreakPointNumber; ULONG Released;} DBGKD_RELEASE_BREAKPOINT, *PDBGKD_RELEASE_BREAKPOINT;
typedef struct _DBGKD_CONTROL_REQUEST { ULONG ApiNumber; union { DBGKD_REQUEST_BREAKPOINT RequestBreakpoint; DBGKD_RELEASE_BREAKPOINT ReleaseBreakpoint; } u;} DBGKD_CONTROL_REQUEST, *PDBGKD_CONTROL_REQUEST;
//
// If the packet type is PACKET_TYPE_KD_FILE_IO, then
// the format of the packet data is as follows:
//
#define DbgKdCreateFileApi 0x00003430L
#define DbgKdReadFileApi 0x00003431L
#define DbgKdWriteFileApi 0x00003432L
#define DbgKdCloseFileApi 0x00003433L
// Unicode filename follows as additional data.
typedef struct _DBGKD_CREATE_FILE { ULONG DesiredAccess; ULONG FileAttributes; ULONG ShareAccess; ULONG CreateDisposition; ULONG CreateOptions; // Return values.
ULONG64 Handle; ULONG64 Length;} DBGKD_CREATE_FILE, *PDBGKD_CREATE_FILE;
// Data is returned as additional data in the response.
typedef struct _DBGKD_READ_FILE { ULONG64 Handle; ULONG64 Offset; ULONG Length;} DBGKD_READ_FILE, *PDBGKD_READ_FILE;
// Data is given as additional data.
typedef struct _DBGKD_WRITE_FILE { ULONG64 Handle; ULONG64 Offset; ULONG Length;} DBGKD_WRITE_FILE, *PDBGKD_WRITE_FILE;
typedef struct _DBGKD_CLOSE_FILE { ULONG64 Handle;} DBGKD_CLOSE_FILE, *PDBGKD_CLOSE_FILE;
typedef struct _DBGKD_FILE_IO { ULONG ApiNumber; NTSTATUS Status; union { ULONG64 ReserveSpace[7]; DBGKD_CREATE_FILE CreateFile; DBGKD_READ_FILE ReadFile; DBGKD_WRITE_FILE WriteFile; DBGKD_CLOSE_FILE CloseFile; } u;} DBGKD_FILE_IO, *PDBGKD_FILE_IO;
//
// Define debug object access types. No security is present on this object.
//
#define DEBUG_READ_EVENT (0x0001)
#define DEBUG_PROCESS_ASSIGN (0x0002)
#define DEBUG_SET_INFORMATION (0x0004)
#define DEBUG_QUERY_INFORMATION (0x0008)
#define DEBUG_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|DEBUG_READ_EVENT|DEBUG_PROCESS_ASSIGN|\
DEBUG_SET_INFORMATION|DEBUG_QUERY_INFORMATION)
#define DEBUG_KILL_ON_CLOSE (0x1) // Kill all debuggees on last handle close
typedef enum _DEBUGOBJECTINFOCLASS { DebugObjectFlags = 1, MaxDebugObjectInfoClass} DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS;
NTSTATUSNtRemoveProcessDebug ( IN HANDLE ProcessHandle, IN HANDLE DebugObjectHandle );
NTSTATUSNtWaitForDebugEvent ( IN HANDLE DebugObjectHandle, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL, OUT PDBGUI_WAIT_STATE_CHANGE WaitStateChange );
NTSTATUSNtDebugContinue ( IN HANDLE DebugObjectHandle, IN PCLIENT_ID ClientId, IN NTSTATUS ContinueStatus );
NTSTATUSNtCreateDebugObject ( OUT PHANDLE DebugObjectHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG Flags );
NTSTATUSNtDebugActiveProcess ( IN HANDLE ProcessHandle, IN HANDLE DebugObjectHandle );
NTSTATUSNtSetInformationDebugObject ( IN HANDLE DebugObjectHandle, IN DEBUGOBJECTINFOCLASS DebugObjectInformationClass, IN PVOID DebugInformation, IN ULONG DebugInformationLength, OUT PULONG ReturnLength OPTIONAL );
#ifdef __cplusplus
}#endif
#endif // _NTDBG_
|
