1 /* radare2 - LGPL - Copyright 2020 - abcSup */ 2 3 #ifndef DMP_SPECS_H 4 #define DMP_SPECS_H 5 6 #include <r_types_base.h> 7 8 #include "mdmp/mdmp_specs.h" 9 #include "mdmp/mdmp_windefs.h" 10 11 #define DMP64_MAGIC "\x50\x41\x47\x45\x44\x55\x36\x34" // PAGEDU64 12 #define DMP_BMP_MAGIC "\x53\x44\x4d\x50\x44\x55\x4d\x50" // SDMPDUMP 13 #define DMP_UNUSED_MAGIC "\x50\x41\x47\x45" // PAGE 14 15 #define DMP_DUMPTYPE_UNKNOWN 0 16 #define DMP_DUMPTYPE_FULL 1 17 #define DMP_DUMPTYPE_SUMMARY 2 18 #define DMP_DUMPTYPE_HEADER 3 19 #define DMP_DUMPTYPE_TRIAGE 4 20 #define DMP_DUMPTYPE_BITMAPFULL 5 21 #define DMP_DUMPTYPE_BITMAPKERNEL 6 22 #define DMP_DUMPTYPE_AUTOMATIC 7 23 24 #define DMP_PAGE_SIZE 0x1000 25 26 typedef struct _PHYSICAL_MEMORY_RUN { 27 ut64 BasePage; 28 ut64 PageCount; 29 } dmp_p_memory_run; 30 31 typedef struct _PHYSICAL_MEMORY_DESCRIPTOR32 { 32 ut32 NumberOfRuns; 33 ut32 NumberOfPages; 34 dmp_p_memory_run Run[1]; 35 } dmp32_p_memory_desc; 36 37 typedef struct _PHYSICAL_MEMORY_DESCRIPTOR64 { 38 ut32 NumberOfRuns; // 0x0 39 ut32 _padding1; 40 ut64 NumberOfPages; // 0x8 41 dmp_p_memory_run Run[1]; 42 } dmp64_p_memory_desc; 43 44 typedef struct { 45 ut8 Signature[4]; 46 ut8 ValidDump[4]; 47 ut32 MajorVersion; 48 ut32 MinorVersion; 49 ut32 DirectoryTableBase; 50 ut32 PfnDataBase; 51 ut32 PsLoadedModuleList; 52 ut32 PsActiveProcessHead; 53 ut32 MachineImageType; 54 ut32 NumberProcessors; 55 ut32 BugCheckCode; 56 ut32 BugCheckCodeParameter[4]; 57 ut8 VersionUser[32]; 58 ut8 PaeEnabled; 59 ut8 KdSecondaryVersion; 60 ut8 VersionUser2[2]; 61 ut32 KdDebuggerDataBlock; 62 dmp32_p_memory_desc PhysicalMemoryBlockBuffer; 63 struct context_type_i386 ContextRecord; // 0x320 0x2cc bytes 64 ut8 _padding1[0x1e4]; 65 struct windows_exception_record32 Exception; // 0x7d0 66 ut8 Comment[128]; 67 ut32 DumpType; 68 ut32 MiniDumpFields; 69 ut32 SecondaryDataState; 70 ut32 ProductType; 71 ut32 SuiteMask; 72 ut32 WriterStatus; 73 ut64 RequiredDumpSpace; 74 ut64 SystemUpTime; 75 ut64 SystemTime; 76 ut8 reserved3[56]; 77 } dmp32_header; 78 79 typedef struct { 80 ut8 Signature[4]; 81 ut8 ValidDump[4]; 82 ut32 MajorVersion; 83 ut32 MinorVersion; 84 ut64 DirectoryTableBase; 85 ut64 PfnDataBase; 86 ut64 PsLoadedModuleList; 87 ut64 PsActiveProcessHead; 88 ut32 MachineImageType; 89 ut32 NumberProcessors; 90 ut32 BugCheckCode; // 0x38 91 ut8 _padding1[0x4]; 92 ut64 BugCheckCodeParameter[4]; // 0x40 93 ut8 _padding2[0x20]; 94 ut64 KdDebuggerDataBlock; // 0x80 95 dmp64_p_memory_desc PhysicalMemoryBlockBuffer; // 0x88 0x20 bytes 96 ut8 _padding3[0x2a0]; 97 struct context_type_amd64 ContextRecord; // 0x348 0x4d0 bytes 98 ut8 _padding4[0x6e8]; 99 struct windows_exception_record64 Exception; // 0xf00 0x98 bytes 100 ut32 DumpType; // 0xf98 0x4 bytes 101 ut8 _padding5[0x4]; 102 ut64 RequiredDumpSpace; //0xfa0 103 ut64 SystemTime; 104 ut8 Comment[128]; 105 ut64 SystemUpTime; 106 ut32 MiniDumpFields; 107 ut32 SecondaryDataState; 108 ut32 ProductType; 109 ut32 SuiteMask; 110 ut32 WriterStatus; 111 ut8 Unused1; 112 ut8 KdSecondaryVersion; 113 ut8 Unused[2]; 114 ut8 _reserved0[4016]; 115 } dmp64_header; 116 117 typedef struct { 118 ut8 Signature[4]; 119 ut8 ValidDump[4]; 120 ut8 _padding1[0x18]; 121 ut64 FirstPage; 122 ut64 TotalPresentPages; 123 ut64 Pages; 124 ut8 Bitmap[1]; 125 } dmp_bmp_header; 126 127 #endif /* DMP_SPECS_H */ 128