modeco80
/
singrdk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
singrdk/base/Windows/Inc/Dump.h

389 lines
12 KiB
C
Raw Blame History

////////////////////////////////////////////////////////////////////////////////
//
// Microsoft Research Singularity
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// File: Dump.h
//
// Note: Constants and types for kernel dump files.
//
#pragma warning(push)
#pragma warning(disable : 4200) // don't warn about zero-sized array in struct/union
#ifdef __cplusplus
extern "C" {
#endif
#define USERMODE_CRASHDUMP_SIGNATURE 'RESU'
#define USERMODE_CRASHDUMP_VALID_DUMP32 'PMUD'
#define USERMODE_CRASHDUMP_VALID_DUMP64 '46UD'
typedef struct _USERMODE_CRASHDUMP_HEADER64 {
ULONG Signature;
ULONG ValidDump;
ULONG MajorVersion;
ULONG MinorVersion;
ULONG MachineImageType;
ULONG ThreadCount;
ULONG ModuleCount;
ULONG MemoryRegionCount;
ULONGLONG ThreadOffset;
ULONGLONG ModuleOffset;
ULONGLONG DataOffset;
ULONGLONG MemoryRegionOffset;
ULONGLONG DebugEventOffset;
ULONGLONG ThreadStateOffset;
ULONGLONG VersionInfoOffset;
ULONGLONG Spare1;
} USERMODE_CRASHDUMP_HEADER64, *PUSERMODE_CRASHDUMP_HEADER64;
typedef struct _CRASH_MODULE64 {
ULONGLONG BaseOfImage;
ULONG SizeOfImage;
ULONG ImageNameLength;
CHAR ImageName[0];
} CRASH_MODULE64, *PCRASH_MODULE64;
typedef struct _CRASH_THREAD64 {
ULONG ThreadId;
ULONG SuspendCount;
ULONG PriorityClass;
ULONG Priority;
ULONGLONG Teb;
ULONGLONG Spare0;
ULONGLONG Spare1;
ULONGLONG Spare2;
ULONGLONG Spare3;
ULONGLONG Spare4;
ULONGLONG Spare5;
ULONGLONG Spare6;
} CRASH_THREAD64, *PCRASH_THREAD64;
typedef struct _CRASHDUMP_VERSION_INFO {
int IgnoreGuardPages; // Whether we should ignore GuardPages or not
ULONG PointerSize; // 32, 64 bit pointers
} CRASHDUMP_VERSION_INFO, *PCRASHDUMP_VERSION_INFO;
//
// usermode crash dump data types
//
#define DMP_EXCEPTION 1 // obsolete
#define DMP_MEMORY_BASIC_INFORMATION 2
#define DMP_THREAD_CONTEXT 3
#define DMP_MODULE 4
#define DMP_MEMORY_DATA 5
#define DMP_DEBUG_EVENT 6
#define DMP_THREAD_STATE 7
#define DMP_DUMP_FILE_HANDLE 8
//
// Define the information required to process memory dumps.
//
typedef enum _DUMP_TYPES {
DUMP_TYPE_INVALID = -1,
DUMP_TYPE_UNKNOWN = 0,
DUMP_TYPE_FULL = 1,
DUMP_TYPE_SUMMARY = 2,
DUMP_TYPE_HEADER = 3,
DUMP_TYPE_TRIAGE = 4,
} DUMP_TYPE;
//
// Signature and Valid fields.
//
#define DUMP_SIGNATURE32 ('EGAP')
#define DUMP_VALID_DUMP32 ('PMUD')
#define DUMP_SIGNATURE64 ('EGAP')
#define DUMP_VALID_DUMP64 ('46UD')
#define DUMP_SUMMARY_SIGNATURE ('PMDS')
#define DUMP_SUMMARY_VALID ('PMUD')
#define DUMP_SUMMARY_VALID_KERNEL_VA (1)
#define DUMP_SUMMARY_VALID_CURRENT_USER_VA (2)
//
//
// NOTE: The definition of PHYISCAL_MEMORY_RUN and PHYSICAL_MEMORY_DESCRIPTOR
// MUST be the same as in mm.h. The kernel portion of crashdump will
// verify that these structs are the same.
//
typedef struct _PHYSICAL_MEMORY_RUN64 {
ULONG64 BasePage;
ULONG64 PageCount;
} PHYSICAL_MEMORY_RUN64, *PPHYSICAL_MEMORY_RUN64;
typedef struct _PHYSICAL_MEMORY_DESCRIPTOR64 {
ULONG NumberOfRuns;
ULONG64 NumberOfPages;
PHYSICAL_MEMORY_RUN64 Run[1];
} PHYSICAL_MEMORY_DESCRIPTOR64, *PPHYSICAL_MEMORY_DESCRIPTOR64;
typedef struct _UNLOADED_DRIVERS64 {
UNICODE_STRING64 Name;
ULONG64 StartAddress;
ULONG64 EndAddress;
LARGE_INTEGER CurrentTime;
} UNLOADED_DRIVERS64, *PUNLOADED_DRIVERS64;
#define MAX_UNLOADED_NAME_LENGTH 24
typedef struct _DUMP_UNLOADED_DRIVERS64
{
UNICODE_STRING64 Name;
WCHAR DriverName[MAX_UNLOADED_NAME_LENGTH / sizeof (WCHAR)];
ULONG64 StartAddress;
ULONG64 EndAddress;
} DUMP_UNLOADED_DRIVERS64, *PDUMP_UNLOADED_DRIVERS64;
typedef struct _DUMP_MM_STORAGE64
{
ULONG Version;
ULONG Size;
ULONG MmSpecialPoolTag;
ULONG MiTriageActionTaken;
ULONG MmVerifyDriverLevel;
ULONG KernelVerifier;
ULONG64 MmMaximumNonPagedPool;
ULONG64 MmAllocatedNonPagedPool;
ULONG64 PagedPoolMaximum;
ULONG64 PagedPoolAllocated;
ULONG64 CommittedPages;
ULONG64 CommittedPagesPeak;
ULONG64 CommitLimitMaximum;
} DUMP_MM_STORAGE64, *PDUMP_MM_STORAGE64;
//
// Define the dump header structure. You cannot change these
// defines without breaking the debuggers, so don't.
//
#define DMP_PHYSICAL_MEMORY_BLOCK_SIZE_32 (700)
#define DMP_CONTEXT_RECORD_SIZE_32 (1200)
#define DMP_RESERVED_0_SIZE_32 (1768)
#define DMP_RESERVED_2_SIZE_32 (16)
#define DMP_RESERVED_3_SIZE_32 (56)
#define DMP_PHYSICAL_MEMORY_BLOCK_SIZE_64 (700)
#define DMP_CONTEXT_RECORD_SIZE_64 (3000)
#define DMP_RESERVED_0_SIZE_64 (4016)
#define DMP_HEADER_COMMENT_SIZE (128)
// Unset WriterStatus value from the header fill.
#define DUMP_WRITER_STATUS_UNINITIALIZED DUMP_SIGNATURE32
// WriterStatus codes for the dbgeng.dll dump writers.
enum
{
DUMP_DBGENG_SUCCESS,
DUMP_DBGENG_NO_MODULE_LIST,
DUMP_DBGENG_CORRUPT_MODULE_LIST,
};
typedef struct _DUMP_HEADER64 {
ULONG Signature;
ULONG ValidDump;
ULONG MajorVersion;
ULONG MinorVersion;
ULONG64 DirectoryTableBase;
ULONG64 PfnDataBase;
ULONG64 PsLoadedModuleList;
ULONG64 PsActiveProcessHead;
ULONG MachineImageType;
ULONG NumberProcessors;
ULONG BugCheckCode;
ULONG64 BugCheckParameter1;
ULONG64 BugCheckParameter2;
ULONG64 BugCheckParameter3;
ULONG64 BugCheckParameter4;
CHAR VersionUser[32];
ULONG64 KdDebuggerDataBlock;
union {
PHYSICAL_MEMORY_DESCRIPTOR64 PhysicalMemoryBlock;
UCHAR PhysicalMemoryBlockBuffer [ DMP_PHYSICAL_MEMORY_BLOCK_SIZE_64 ];
};
UCHAR ContextRecord [ DMP_CONTEXT_RECORD_SIZE_64 ];
EXCEPTION_RECORD64 Exception;
ULONG DumpType;
LARGE_INTEGER RequiredDumpSpace;
LARGE_INTEGER SystemTime;
CHAR Comment [ DMP_HEADER_COMMENT_SIZE ]; // May not be present.
LARGE_INTEGER SystemUpTime;
ULONG MiniDumpFields;
ULONG SecondaryDataState;
ULONG ProductType;
ULONG SuiteMask;
ULONG WriterStatus;
UCHAR Unused1;
UCHAR KdSecondaryVersion; // Present only for W2K3 SP1 and better
UCHAR Unused[2];
UCHAR _reserved0[ DMP_RESERVED_0_SIZE_64 ];
} DUMP_HEADER64, *PDUMP_HEADER64;
typedef struct _FULL_DUMP64 {
CHAR Memory[1]; // Variable length to the end of the dump file.
} FULL_DUMP64, *PFULL_DUMP64;
//
// ISSUE - 2000/02/17 - math: NT64 Summary dump.
//
// This is broken. The 64 bit summary dump should have a ULONG64 for
// the BitmapSize to match the size of the PFN_NUMBER.
//
typedef struct _SUMMARY_DUMP64 {
ULONG Signature;
ULONG ValidDump;
ULONG DumpOptions; // Summary Dump Options
ULONG HeaderSize; // Offset to the start of actual memory dump
ULONG BitmapSize; // Total bitmap size (i.e., maximum #bits)
ULONG Pages; // Total bits set in bitmap (i.e., total pages in sdump)
//
// ISSUE - 2000/02/17 - math: Win64
//
// With a 64-bit PFN, we should not have a 32-bit bitmap.
//
//
// These next three fields essentially form an on-disk RTL_BITMAP structure.
// The RESERVED field is stupidness introduced by the way the data is
// serialized to disk.
//
struct {
ULONG SizeOfBitMap;
ULONG64 _reserved0;
ULONG Buffer[];
} Bitmap;
} SUMMARY_DUMP64, * PSUMMARY_DUMP64;
typedef struct _TRIAGE_DUMP64 {
ULONG ServicePackBuild; // What service pack of NT was this ?
ULONG SizeOfDump; // Size in bytes of the dump
ULONG ValidOffset; // Offset valid ULONG
ULONG ContextOffset; // Offset of CONTEXT record
ULONG ExceptionOffset; // Offset of EXCEPTION record
ULONG MmOffset; // Offset of Mm information
ULONG UnloadedDriversOffset; // Offset of Unloaded Drivers
ULONG PrcbOffset; // Offset of KPRCB
ULONG ProcessOffset; // Offset of EPROCESS
ULONG ThreadOffset; // Offset of ETHREAD
ULONG CallStackOffset; // Offset of CallStack Pages
ULONG SizeOfCallStack; // Size in bytes of CallStack
ULONG DriverListOffset; // Offset of Driver List
ULONG DriverCount; // Number of Drivers in list
ULONG StringPoolOffset; // Offset to the string pool
ULONG StringPoolSize; // Size of the string pool
ULONG BrokenDriverOffset; // Offset into the driver of the driver that crashed
ULONG TriageOptions; // Triage options in effect at crashtime
ULONG64 TopOfStack; // The top (highest address) of the callstack
//
// Architecture Specific fields.
//
union {
//
// For IA64 we need to store the BStore as well.
//
struct {
ULONG BStoreOffset; // Offset of BStore region.
ULONG SizeOfBStore; // The size of the BStore region.
ULONG64 LimitOfBStore; // The limit (highest memory address)
} Ia64; // of the BStore region.
} ArchitectureSpecific;
ULONG64 DataPageAddress;
ULONG DataPageOffset;
ULONG DataPageSize;
ULONG DebuggerDataOffset;
ULONG DebuggerDataSize;
ULONG DataBlocksOffset;
ULONG DataBlocksCount;
} TRIAGE_DUMP64, * PTRIAGE_DUMP64;
typedef struct _MEMORY_DUMP64 {
DUMP_HEADER64 Header;
union {
FULL_DUMP64 Full; // DumpType == DUMP_TYPE_FULL
SUMMARY_DUMP64 Summary; // DumpType == DUMP_TYPE_SUMMARY
TRIAGE_DUMP64 Triage; // DumpType == DUMP_TYPE_TRIAGE
};
} MEMORY_DUMP64, *PMEMORY_DUMP64;
typedef struct _TRIAGE_DATA_BLOCK {
ULONG64 Address;
ULONG Offset;
ULONG Size;
} TRIAGE_DATA_BLOCK, *PTRIAGE_DATA_BLOCK;
//
// In the triage dump ValidFields field what portions of the triage-dump have
// been turned on.
//
#define TRIAGE_DUMP_CONTEXT (0x0001)
#define TRIAGE_DUMP_EXCEPTION (0x0002)
#define TRIAGE_DUMP_PRCB (0x0004)
#define TRIAGE_DUMP_PROCESS (0x0008)
#define TRIAGE_DUMP_THREAD (0x0010)
#define TRIAGE_DUMP_STACK (0x0020)
#define TRIAGE_DUMP_DRIVER_LIST (0x0040)
#define TRIAGE_DUMP_BROKEN_DRIVER (0x0080)
#define TRIAGE_DUMP_BASIC_INFO (0x00FF)
#define TRIAGE_DUMP_MMINFO (0x0100)
#define TRIAGE_DUMP_DATAPAGE (0x0200)
#define TRIAGE_DUMP_DEBUGGER_DATA (0x0400)
#define TRIAGE_DUMP_DATA_BLOCKS (0x0800)
#define TRIAGE_OPTION_OVERFLOWED (0x0100)
#define TRIAGE_DUMP_VALID ( 'DGRT' )
#define TRIAGE_DUMP_SIZE32 ( 0x1000 * 16 )
#define TRIAGE_DUMP_SIZE64 ( 0x2000 * 16 )
//
// The DUMP_STRING is guaranteed to be both NULL terminated and length prefixed
// (prefix does not include the NULL).
//
typedef struct _DUMP_STRING {
ULONG Length; // Length IN BYTES of the string.
WCHAR Buffer [0]; // Buffer.
} DUMP_STRING, * PDUMP_STRING;
#ifdef __cplusplus
}
#endif
#pragma warning(pop)
Reference in New Issue View Git Blame Copy Permalink