|
|
/*++
Copyright(c) 1999 Microsoft Corporation
Module Name:
triage.h
Abstract:
The triage dump is a small crashdump that has been saved to the system pagefile. The boot loader loads this triage dump in an attempt to find out why the system crashed and (hopefully) prevent it from crashing again.
Author:
Matthew D Hendel (math) 20-Jan-1999
--*/
#ifndef __TRIAGE_H__
#define __TRIAGE_H__
#if _MSC_VER > 1000
#pragma once
#endif
//
// The representation of a module in the triage dump.
//
typedef struct _TRIAGE_DUMP_MODULE { LIST_ENTRY InLoadOrderLinks; UINT_PTR BaseAddress; UINT_PTR EntryPointAddress; ULONG SizeOfImage; UNICODE_STRING ImageName; WCHAR _ImageNameBuffer [ 260 ]; PVOID LdrEntry; ULONG CheckSum; ULONG TimeDateStamp;} TRIAGE_DUMP_MODULE, * PTRIAGE_DUMP_MODULE;
NTSTATUSTriageGetVersion( IN PVOID TriageDumpBlock, OUT ULONG * MajorVersion, OUT ULONG * MinorVersion, OUT ULONG * BuildNumber );
NTSTATUSTriageGetDriverCount( IN PVOID TriageDumpBlock, OUT ULONG * DriverCount );
NTSTATUSTriageGetContext( IN PVOID TriageDumpBlock, OUT PVOID * Context );
NTSTATUSTriageGetExceptionRecord( IN PVOID TriageDumpBlock, OUT PEXCEPTION_RECORD * ExceptionRecord );
NTSTATUSTriageGetBugcheckData( IN PVOID TriageDumpBlock, OUT ULONG * BugCheckCode, OUT UINT_PTR * BugCheckParam1, OUT UINT_PTR * BugCheckParam2, OUT UINT_PTR * BugCheckParam3, OUT UINT_PTR * BugCheckParam4 );
NTSTATUSTriageGetDriverEntry( IN PVOID TriageDumpBlock, IN ULONG ModuleIndex, OUT TRIAGE_DUMP_MODULE * Module, OUT BOOLEAN * BrokenModuleFlag );
NTSTATUSTriageGetStack( IN PVOID TriageDumpBlock, OUT UINT_PTR * BaseOfStack, OUT ULONG * SizeOfStack, OUT PVOID * StackData );
NTSTATUSTriageGetThread( IN PVOID TriageDumpBlock, OUT PVOID * Thread, OUT ULONG * ThreadSize );
NTSTATUSTriageGetProcessor( IN PVOID TriageDumpBlock, OUT PVOID * Processor, OUT ULONG * ProcessorSize );
NTSTATUSTriageGetProcess( IN PVOID TriageDumpBlock, OUT PVOID * Process, OUT ULONG * ProcessSize );
#endif // __TRIAGE_H__
|
