1 2 RAW("#include <kxamd64.inc>"), 3 4 SIZE(SizeofPointer, PVOID), 5 6 7 HEADER("CPU type"), 8 CONSTANT(CPU_AMD), 9 CONSTANT(CPU_INTEL), 10 CONSTANT(CPU_VIA), 11 12 HEADER("CR0 flags"), 13 CONSTANT(CR0_PE), 14 CONSTANT(CR0_MP), 15 CONSTANT(CR0_EM), 16 CONSTANT(CR0_TS), 17 CONSTANT(CR0_ET), 18 CONSTANT(CR0_NE), 19 CONSTANT(CR0_WP), 20 CONSTANT(CR0_AM), 21 CONSTANT(CR0_NW), 22 CONSTANT(CR0_CD), 23 CONSTANT(CR0_PG), 24 25 HEADER("CR4 flags"), 26 CONSTANT(CR4_VME), 27 CONSTANT(CR4_PVI), 28 CONSTANT(CR4_TSD), 29 CONSTANT(CR4_DE), 30 CONSTANT(CR4_PSE), 31 CONSTANT(CR4_PAE), 32 CONSTANT(CR4_MCE), 33 CONSTANT(CR4_PGE), 34 CONSTANT(CR4_FXSR), 35 CONSTANT(CR4_XMMEXCPT), 36 CONSTANT(CR4_CHANNELS), // not in win 10 37 CONSTANT(CR4_XSAVE), 38 39 CONSTANT(DEBUG_ACTIVE_DR7), 40 CONSTANT(DEBUG_ACTIVE_INSTRUMENTED), 41 CONSTANT(DEBUG_ACTIVE_DBG_INSTRUMENTED), 42 CONSTANT(DEBUG_ACTIVE_MINIMAL_THREAD), 43 //CONSTANT(DEBUG_ACTIVE_SET_CONTEXT_STATE_LOCK_BIT), 44 //CONSTANT(DEBUG_ACTIVE_SET_CONTEXT_STATE_LOCK), 45 46 CONSTANT(DEBUG_ACTIVE_PRIMARY_THREAD), 47 CONSTANT(DEBUG_ACTIVE_PRIMARY_THREAD_BIT), 48 CONSTANT(DEBUG_ACTIVE_PRIMARY_THREAD_LOCK_BIT), 49 CONSTANT(DEBUG_ACTIVE_SCHEDULED_THREAD), 50 CONSTANT(DEBUG_ACTIVE_SCHEDULED_THREAD_BIT), 51 CONSTANT(DEBUG_ACTIVE_SCHEDULED_THREAD_LOCK), 52 CONSTANT(DEBUG_ACTIVE_SCHEDULED_THREAD_LOCK_BIT), 53 54 HEADER("DR7 debug control masks"), 55 CONSTANT(DR7_LEGAL), 56 CONSTANT(DR7_ACTIVE), 57 CONSTANT(DR7_TRACE_BRANCH), 58 CONSTANT(DR7_LAST_BRANCH), 59 60 HEADER("EFLAGS"), 61 CONSTANT(EFLAGS_TF_MASK), 62 CONSTANT(EFLAGS_TF_SHIFT), 63 CONSTANT(EFLAGS_IF_MASK), 64 CONSTANT(EFLAGS_IF_SHIFT), 65 CONSTANT(EFLAGS_ID_MASK), 66 CONSTANTX(EFLAGS_IF_BIT, EFLAGS_IF_SHIFT), 67 68 HEADER("Exception codes"), 69 CONSTANT(EXCEPTION_DIVIDED_BY_ZERO), 70 CONSTANT(EXCEPTION_DEBUG), 71 CONSTANT(EXCEPTION_NMI), 72 CONSTANT(EXCEPTION_INT3), 73 CONSTANT(EXCEPTION_BOUND_CHECK), 74 CONSTANT(EXCEPTION_INVALID_OPCODE), 75 CONSTANT(EXCEPTION_NPX_NOT_AVAILABLE), 76 CONSTANT(EXCEPTION_DOUBLE_FAULT), 77 CONSTANT(EXCEPTION_NPX_OVERRUN), 78 CONSTANT(EXCEPTION_INVALID_TSS), 79 CONSTANT(EXCEPTION_SEGMENT_NOT_PRESENT), 80 CONSTANT(EXCEPTION_STACK_FAULT), 81 CONSTANT(EXCEPTION_GP_FAULT), 82 CONSTANT(EXCEPTION_RESERVED_TRAP), 83 CONSTANT(EXCEPTION_NPX_ERROR), 84 CONSTANT(EXCEPTION_ALIGNMENT_CHECK), 85 //CONSTANT(EXCEPTION_VIRTUALIZATION_FAULT), 86 87 HEADER("Legacy Floating Status Bit Masks"), 88 CONSTANT(FSW_INVALID_OPERATION), 89 CONSTANT(FSW_DENORMAL), 90 CONSTANT(FSW_ZERO_DIVIDE), 91 CONSTANT(FSW_OVERFLOW), 92 CONSTANT(FSW_UNDERFLOW), 93 CONSTANT(FSW_PRECISION), 94 CONSTANT(FSW_STACK_FAULT), 95 CONSTANT(FSW_ERROR_SUMMARY), 96 CONSTANT(FSW_CONDITION_CODE_0), 97 CONSTANT(FSW_CONDITION_CODE_1), 98 CONSTANT(FSW_CONDITION_CODE_2), 99 CONSTANT(FSW_CONDITION_CODE_3), 100 CONSTANT(FSW_ERROR_MASK), 101 102 HEADER("Hypervisor Enlightenment Definitions"), 103 //CONSTANT(HV_MMU_USE_HYPERCALL_FOR_ADDRESS_SWITCH), 104 //CONSTANT(HV_MMU_USE_HYPERCALL_FOR_LOCAL_FLUSH), 105 //CONSTANT(HV_MMU_USE_HYPERCALL_FOR_REMOTE_FLUSH), 106 //CONSTANT(HV_X64_MSR_APIC_EOI), // not win 10 107 //CONSTANT(HV_APIC_ENLIGHTENED), 108 //CONSTANT(HV_KE_USE_HYPERCALL_FOR_LONG_SPIN_WAIT), 109 //CONSTANT(HV_DEPRECATE_AUTO_EOI), // win 10 110 //CONSTANT(HV_X64_MSR_EOI), // win 10 111 //CONSTANT(HV_VIRTUAL_APIC_NO_EOI_REQUIRED), // win 10 112 //CONSTANT(HV_VIRTUAL_APIC_NO_EOI_REQUIRED_V), // not win 10 113 //CONSTANT(HvApicFlags), 114 //HvVirtualFaultCode equ 00044H 115 //HvVirtualFaultParam equ 00048H 116 //HvExtVirtualizationFaultEpf equ 00001H 117 118 CONSTANT(KEXCEPTION_ACTIVE_INTERRUPT_FRAME), 119 CONSTANT(KEXCEPTION_ACTIVE_EXCEPTION_FRAME), 120 CONSTANT(KEXCEPTION_ACTIVE_SERVICE_FRAME), 121 122 HEADER("KeFeatureBits flags"), 123 CONSTANT(KF_RDTSC), 124 CONSTANT(KF_CR4), 125 CONSTANT(KF_GLOBAL_PAGE), 126 CONSTANT(KF_LARGE_PAGE), 127 CONSTANT(KF_CMPXCHG8B), 128 CONSTANT(KF_FAST_SYSCALL), 129 CONSTANT(KF_BRANCH), // win 10 130 CONSTANT(KF_XSTATE), // win 10 131 CONSTANT(KF_XSAVEOPT_BIT), // win 10 132 CONSTANT(KF_XSTATE_BIT), // win 10 133 CONSTANT(KF_RDWRFSGSBASE_BIT), // win 10 134 //CONSTANT(KF_XSAVES_BIT), 135 //CONSTANT(KF_FPU_LEAKAGE_BIT), 136 137 HEADER("KGDT selectors"), 138 CONSTANT(KGDT64_NULL), 139 CONSTANT(KGDT64_R0_CODE), 140 CONSTANT(KGDT64_R0_DATA), 141 CONSTANT(KGDT64_R3_CMCODE), 142 CONSTANT(KGDT64_R3_DATA), 143 CONSTANT(KGDT64_R3_CODE), 144 CONSTANT(KGDT64_SYS_TSS), 145 CONSTANT(KGDT64_R3_CMTEB), 146 CONSTANT(KGDT64_R0_LDT), // win 10 147 148 //HEADER("MCE Recovery Context Flags Definitions"), 149 //CONSTANT(KMRC_ALTERNATE_CONTEXT), 150 //CONSTANT(KMRC_WORK_ITEM), 151 //CONSTANT(KMRC_OFFLINE_PAGE), 152 //CONSTANT(KMRC_TERMINATE_PROCESS), 153 154 HEADER("Machine type definitions"), 155 CONSTANT(MACHINE_TYPE_ISA), 156 CONSTANT(MACHINE_TYPE_EISA), 157 CONSTANT(MACHINE_TYPE_MCA), 158 159 HEADER("Machine Specific Register Numbers"), 160 CONSTANT(MSR_EFER), 161 CONSTANT(MSR_STAR), 162 CONSTANT(MSR_LSTAR), 163 CONSTANT(MSR_CSTAR), 164 CONSTANT(MSR_SYSCALL_MASK), 165 CONSTANT(MSR_FS_BASE), 166 CONSTANT(MSR_GS_BASE), 167 CONSTANT(MSR_GS_SWAP), 168 CONSTANT(MSR_MCG_STATUS), 169 CONSTANT(MSR_AMD_ACCESS), 170 CONSTANT(MSR_IA32_MISC_ENABLE), 171 CONSTANT(MSR_DEBUG_CTL), 172 CONSTANT(MSR_LAST_BRANCH_FROM), // not win 10 173 CONSTANT(MSR_LAST_BRANCH_TO), // not win 10 174 CONSTANT(MSR_LAST_EXCEPTION_FROM), // not win 10 175 CONSTANT(MSR_LAST_EXCEPTION_TO), // not win 10 176 177 HEADER("Flags for MSR_EFER"), 178 CONSTANT(MSR_LMA), 179 CONSTANT(MSR_LME), 180 CONSTANT(MSR_SCE), 181 CONSTANT(MSR_NXE), 182 CONSTANT(MSR_PAT), 183 184 HEADER("Flags for MSR_DEBUG_CTL"), 185 //CONSTANT(MSR_DEBUG_CTL_LBR), 186 //CONSTANT(MSR_DEBUG_CTL_BTF), 187 188 HEADER("Flags for MSR_IA32_MISC_ENABLE"), 189 //CONSTANT(MSR_XD_ENABLE_MASK), 190 191 HEADER("Argument Home Address"), 192 CONSTANT(P1Home), 193 CONSTANT(P2Home), 194 CONSTANT(P3Home), 195 CONSTANT(P4Home), 196 197 #if (NTDDI_VERSION >= NTDDI_WIN7) 198 HEADER("RTL_UMS_SCHEDULER_REASON Enum Definitions"), 199 CONSTANT(UmsSchedulerStartup), 200 CONSTANT(UmsSchedulerThreadBlocked), 201 CONSTANT(UmsSchedulerThreadYield), 202 203 HEADER("User mode context flag definitions"), 204 CONSTANT(UMSCTX_SCHEDULED_THREAD_BIT), 205 CONSTANT(UMSCTX_SUSPENDED_BIT), 206 CONSTANT(UMSCTX_VOLATILE_CONTEXT_BIT), 207 CONSTANT(UMSCTX_TERMINATED_BIT), 208 CONSTANT(UMSCTX_DEBUG_ACTIVE_BIT), 209 CONSTANT(UMSCTX_DENY_RUNNING_ON_SELF_THREAD_BIT), 210 CONSTANT(UMSCTX_SCHEDULED_THREAD_MASK), 211 CONSTANT(UMSCTX_SUSPENDED_MASK), 212 CONSTANT(UMSCTX_VOLATILE_CONTEXT_MASK), 213 CONSTANT(UMSCTX_TERMINATED_MASK), 214 CONSTANT(UMSCTX_DEBUG_ACTIVE_MASK), 215 CONSTANT(UMSCTX_DENY_RUNNING_ON_SELF_THREAD_MASK), 216 217 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 218 219 CONSTANT(XSTATE_MASK_LEGACY_FLOATING_POINT), 220 CONSTANT(XSTATE_MASK_LEGACY_SSE), 221 CONSTANT(XSTATE_MASK_LEGACY), 222 CONSTANT(XSTATE_MASK_GSSE), 223 224 HEADER("MXCSR Floating Control/Status Bit Masks"), 225 CONSTANT(XSW_INVALID_OPERATION), 226 CONSTANT(XSW_DENORMAL), 227 CONSTANT(XSW_ZERO_DIVIDE), 228 CONSTANT(XSW_OVERFLOW), 229 CONSTANT(XSW_UNDERFLOW), 230 CONSTANT(XSW_PRECISION), 231 CONSTANT(XSW_ERROR_MASK), 232 CONSTANT(XSW_ERROR_SHIFT), 233 CONSTANT(XCW_INVALID_OPERATION), 234 CONSTANT(XCW_DENORMAL), 235 CONSTANT(XCW_ZERO_DIVIDE), 236 CONSTANT(XCW_OVERFLOW), 237 CONSTANT(XCW_UNDERFLOW), 238 CONSTANT(XCW_PRECISION), 239 CONSTANT(XCW_ROUND_CONTROL), 240 CONSTANT(XCW_FLUSH_ZERO), 241 CONSTANT(INITIAL_FPCSR), 242 CONSTANT(INITIAL_MXCSR), 243 244 HEADER("Misc constants"), 245 CONSTANT(CONTEXT_XSTATE), 246 //CONSTANT(CONTEXT_EX_LENGTH), 247 CONSTANT(EVENT_INCREMENT), 248 //CONSTANT(KI_SPINLOCK_ORDER_PRCB_LOCK), 249 //CONSTANT(KTHREAD_UMS_DIRECTED_SWITCH_ENABLE_BIT), 250 //CONSTANT(KTHREAD_UMS_PERFORMING_SYSCALL_BIT), 251 //CONSTANT(KUMS_UCH_VOLATILE_BIT), 252 //CONSTANT(KUMS_UCH_VOLATILE_MASK), 253 CONSTANT(PF_COMPARE_EXCHANGE128), 254 //CONSTANT(PF_RDWRFSGSBASE_AVAILABLE), 255 //CONSTANT(PF_RDTSCP_INSTRUCTION_AVAILABLE), 256 //CONSTANT(UMS_TLS_THREAD_CONTEXT), 257 //CONSTANT(XHF_NOEXECUTE), 258 259 /// Field offsets 260 261 HEADER("CPU_INFO offsets"), 262 OFFSET(CpuEax, CPU_INFO, Eax), 263 OFFSET(CpuEbx, CPU_INFO, Ebx), 264 OFFSET(CpuEcx, CPU_INFO, Ecx), 265 OFFSET(CpuEdx, CPU_INFO, Edx), 266 267 HEADER("UCALLOUT_FRAME offsets (yes, Cu/Ck is ...)"), 268 OFFSET(CkBuffer, UCALLOUT_FRAME, Buffer), 269 OFFSET(CkLength, UCALLOUT_FRAME, Length), 270 OFFSET(CkApiNumber, UCALLOUT_FRAME, ApiNumber), 271 OFFSET(CkRsp, UCALLOUT_FRAME, MachineFrame.Rsp), 272 OFFSET(CkRip, UCALLOUT_FRAME, MachineFrame.Rip), 273 SIZE(CalloutFrameLength, UCALLOUT_FRAME), 274 275 HEADER("KCALLOUT_FRAME offsets (yes, Cu/Ck is ...)"), 276 OFFSET(CuTrapFrame, KCALLOUT_FRAME, TrapFrame), 277 OFFSET(CuOutputBuffer, KCALLOUT_FRAME, OutputBuffer), 278 OFFSET(CuOutputLength, KCALLOUT_FRAME, OutputLength), 279 280 HEADER("CONTEXT offsets"), 281 OFFSET(CxP1Home, CONTEXT, P1Home), 282 OFFSET(CxP2Home, CONTEXT, P2Home), 283 OFFSET(CxP3Home, CONTEXT, P3Home), 284 OFFSET(CxP4Home, CONTEXT, P4Home), 285 OFFSET(CxP5Home, CONTEXT, P5Home), 286 OFFSET(CxP6Home, CONTEXT, P6Home), 287 OFFSET(CxContextFlags, CONTEXT, ContextFlags), 288 OFFSET(CxMxCsr, CONTEXT, MxCsr), 289 OFFSET(CxSegCs, CONTEXT, SegCs), 290 OFFSET(CxSegDs, CONTEXT, SegDs), 291 OFFSET(CxSegEs, CONTEXT, SegEs), 292 OFFSET(CxSegFs, CONTEXT, SegFs), 293 OFFSET(CxSegGs, CONTEXT, SegGs), 294 OFFSET(CxSegSs, CONTEXT, SegSs), 295 OFFSET(CxEFlags, CONTEXT, EFlags), 296 OFFSET(CxDr0, CONTEXT, Dr0), 297 OFFSET(CxDr1, CONTEXT, Dr1), 298 OFFSET(CxDr2, CONTEXT, Dr2), 299 OFFSET(CxDr3, CONTEXT, Dr3), 300 OFFSET(CxDr6, CONTEXT, Dr6), 301 OFFSET(CxDr7, CONTEXT, Dr7), 302 OFFSET(CxRax, CONTEXT, Rax), 303 OFFSET(CxRcx, CONTEXT, Rcx), 304 OFFSET(CxRdx, CONTEXT, Rdx), 305 OFFSET(CxRbx, CONTEXT, Rbx), 306 OFFSET(CxRsp, CONTEXT, Rsp), 307 OFFSET(CxRbp, CONTEXT, Rbp), 308 OFFSET(CxRsi, CONTEXT, Rsi), 309 OFFSET(CxRdi, CONTEXT, Rdi), 310 OFFSET(CxR8, CONTEXT, R8), 311 OFFSET(CxR9, CONTEXT, R9), 312 OFFSET(CxR10, CONTEXT, R10), 313 OFFSET(CxR11, CONTEXT, R11), 314 OFFSET(CxR12, CONTEXT, R12), 315 OFFSET(CxR13, CONTEXT, R13), 316 OFFSET(CxR14, CONTEXT, R14), 317 OFFSET(CxR15, CONTEXT, R15), 318 OFFSET(CxRip, CONTEXT, Rip), 319 OFFSET(CxFltSave, CONTEXT, FltSave), 320 OFFSET(CxXmm0, CONTEXT, Xmm0), 321 OFFSET(CxXmm1, CONTEXT, Xmm1), 322 OFFSET(CxXmm2, CONTEXT, Xmm2), 323 OFFSET(CxXmm3, CONTEXT, Xmm3), 324 OFFSET(CxXmm4, CONTEXT, Xmm4), 325 OFFSET(CxXmm5, CONTEXT, Xmm5), 326 OFFSET(CxXmm6, CONTEXT, Xmm6), 327 OFFSET(CxXmm7, CONTEXT, Xmm7), 328 OFFSET(CxXmm8, CONTEXT, Xmm8), 329 OFFSET(CxXmm9, CONTEXT, Xmm9), 330 OFFSET(CxXmm10, CONTEXT, Xmm10), 331 OFFSET(CxXmm11, CONTEXT, Xmm11), 332 OFFSET(CxXmm12, CONTEXT, Xmm12), 333 OFFSET(CxXmm13, CONTEXT, Xmm13), 334 OFFSET(CxXmm14, CONTEXT, Xmm14), 335 OFFSET(CxXmm15, CONTEXT, Xmm15), 336 OFFSET(CxDebugControl, CONTEXT, DebugControl), 337 OFFSET(CxLastBranchToRip, CONTEXT, LastBranchToRip), 338 OFFSET(CxLastBranchFromRip, CONTEXT, LastBranchFromRip), 339 OFFSET(CxLastExceptionToRip, CONTEXT, LastExceptionToRip), 340 OFFSET(CxLastExceptionFromRip, CONTEXT, LastExceptionFromRip), 341 OFFSET(CxVectorControl, CONTEXT, VectorControl), 342 OFFSET(CxVectorRegister, CONTEXT, VectorRegister), 343 SIZE(CONTEXT_FRAME_LENGTH, CONTEXT), 344 345 HEADER("DISPATCHER_CONTEXT"), 346 OFFSET(DcControlPc, DISPATCHER_CONTEXT, ControlPc), 347 OFFSET(DcImageBase, DISPATCHER_CONTEXT, ImageBase), 348 OFFSET(DcFunctionEntry, DISPATCHER_CONTEXT, FunctionEntry), 349 OFFSET(DcEstablisherFrame, DISPATCHER_CONTEXT, EstablisherFrame), 350 OFFSET(DcTargetIp, DISPATCHER_CONTEXT, TargetIp), 351 OFFSET(DcContextRecord, DISPATCHER_CONTEXT, ContextRecord), 352 OFFSET(DcLanguageHandler, DISPATCHER_CONTEXT, LanguageHandler), 353 OFFSET(DcHandlerData, DISPATCHER_CONTEXT, HandlerData), 354 OFFSET(DcHistoryTable, DISPATCHER_CONTEXT, HistoryTable), 355 OFFSET(DcScopeIndex, DISPATCHER_CONTEXT, ScopeIndex), 356 357 // DPC Stack Frame Defintions 358 //OFFSET(DpRsp, ????, Rsp), // 0x0040 359 //OFFSET(DpRip, ????, Rip), // 0x0028 360 361 HEADER("KEXCEPTION_FRAME offsets"), 362 OFFSET(ExP1Home, KEXCEPTION_FRAME, P1Home), 363 OFFSET(ExP2Home, KEXCEPTION_FRAME, P2Home), 364 OFFSET(ExP3Home, KEXCEPTION_FRAME, P3Home), 365 OFFSET(ExP4Home, KEXCEPTION_FRAME, P4Home), 366 OFFSET(ExP5, KEXCEPTION_FRAME, P5), 367 OFFSET(ExXmm6, KEXCEPTION_FRAME, Xmm6), 368 OFFSET(ExXmm7, KEXCEPTION_FRAME, Xmm7), 369 OFFSET(ExXmm8, KEXCEPTION_FRAME, Xmm8), 370 OFFSET(ExXmm9, KEXCEPTION_FRAME, Xmm9), 371 OFFSET(ExXmm10, KEXCEPTION_FRAME, Xmm10), 372 OFFSET(ExXmm11, KEXCEPTION_FRAME, Xmm11), 373 OFFSET(ExXmm12, KEXCEPTION_FRAME, Xmm12), 374 OFFSET(ExXmm13, KEXCEPTION_FRAME, Xmm13), 375 OFFSET(ExXmm14, KEXCEPTION_FRAME, Xmm14), 376 OFFSET(ExXmm15, KEXCEPTION_FRAME, Xmm15), 377 OFFSET(ExOutputBuffer, KEXCEPTION_FRAME, OutputBuffer), // not Win 10 378 OFFSET(ExOutputLength, KEXCEPTION_FRAME, OutputLength), // not Win 10 379 OFFSET(ExMxCsr, KEXCEPTION_FRAME, MxCsr), 380 OFFSET(ExRbp, KEXCEPTION_FRAME, Rbp), 381 OFFSET(ExRbx, KEXCEPTION_FRAME, Rbx), 382 OFFSET(ExRdi, KEXCEPTION_FRAME, Rdi), 383 OFFSET(ExRsi, KEXCEPTION_FRAME, Rsi), 384 OFFSET(ExR12, KEXCEPTION_FRAME, R12), 385 OFFSET(ExR13, KEXCEPTION_FRAME, R13), 386 OFFSET(ExR14, KEXCEPTION_FRAME, R14), 387 OFFSET(ExR15, KEXCEPTION_FRAME, R15), 388 OFFSET(ExReturn, KEXCEPTION_FRAME, Return), 389 SIZE(KEXCEPTION_FRAME_LENGTH, KEXCEPTION_FRAME), 390 391 HEADER("JUMP_BUFFER"), 392 OFFSET(JbFrame, _JUMP_BUFFER, Frame), 393 OFFSET(JbRbx, _JUMP_BUFFER, Rbx), 394 OFFSET(JbRsp, _JUMP_BUFFER, Rsp), 395 OFFSET(JbRbp, _JUMP_BUFFER, Rbp), 396 OFFSET(JbRsi, _JUMP_BUFFER, Rsi), 397 OFFSET(JbRdi, _JUMP_BUFFER, Rdi), 398 OFFSET(JbR12, _JUMP_BUFFER, R12), 399 OFFSET(JbR13, _JUMP_BUFFER, R13), 400 OFFSET(JbR14, _JUMP_BUFFER, R14), 401 OFFSET(JbR15, _JUMP_BUFFER, R15), 402 OFFSET(JbRip, _JUMP_BUFFER, Rip), 403 //OFFSET(JbMxCsr, _JUMP_BUFFER, MxCsr), 404 //OFFSET(JbFpCsr, _JUMP_BUFFER, FpCsr), 405 //OFFSET(JbSpare, _JUMP_BUFFER, Spare), 406 OFFSET(JbXmm6, _JUMP_BUFFER, Xmm6), 407 OFFSET(JbXmm7, _JUMP_BUFFER, Xmm7), 408 OFFSET(JbXmm8, _JUMP_BUFFER, Xmm8), 409 OFFSET(JbXmm9, _JUMP_BUFFER, Xmm9), 410 OFFSET(JbXmm10, _JUMP_BUFFER, Xmm10), 411 OFFSET(JbXmm11, _JUMP_BUFFER, Xmm11), 412 OFFSET(JbXmm12, _JUMP_BUFFER, Xmm12), 413 OFFSET(JbXmm13, _JUMP_BUFFER, Xmm13), 414 OFFSET(JbXmm14, _JUMP_BUFFER, Xmm14), 415 OFFSET(JbXmm15, _JUMP_BUFFER, Xmm15), 416 417 HEADER("XSAVE_FORMAT offsets"), 418 OFFSET(LfControlWord, XSAVE_FORMAT, ControlWord), 419 OFFSET(LfStatusWord, XSAVE_FORMAT, StatusWord), 420 OFFSET(LfTagWord, XSAVE_FORMAT, TagWord), 421 OFFSET(LfErrorOpcode, XSAVE_FORMAT, ErrorOpcode), 422 OFFSET(LfErrorOffset, XSAVE_FORMAT, ErrorOffset), 423 OFFSET(LfErrorSelector, XSAVE_FORMAT, ErrorSelector), 424 OFFSET(LfDataOffset, XSAVE_FORMAT, DataOffset), 425 OFFSET(LfDataSelector, XSAVE_FORMAT, DataSelector), 426 OFFSET(LfMxCsr, XSAVE_FORMAT, MxCsr), 427 OFFSET(LfMxCsr_Mask, XSAVE_FORMAT, MxCsr_Mask), 428 OFFSET(LfFloatRegisters, XSAVE_FORMAT, FloatRegisters), 429 OFFSET(LfXmmRegisters, XSAVE_FORMAT, XmmRegisters), 430 //OFFSET(LfFloatSaveLength, XSAVE_FORMAT, FloatSaveLength), 431 432 //X87ErrorOffset equ 0000CH 433 //X87FloatSaveLength equ 0006CH 434 435 HEADER("KGDTENTRY64 offsets"), 436 OFFSET(KgdtBaseLow, KGDTENTRY64, BaseLow), 437 OFFSET(KgdtBaseMiddle, KGDTENTRY64, Bytes.BaseMiddle), 438 OFFSET(KgdtBaseHigh, KGDTENTRY64, Bytes.BaseHigh), 439 OFFSET(KgdtBaseUpper, KGDTENTRY64, BaseUpper), 440 //OFFSET(KgdtFlags1, KGDTENTRY64, Flags1), 441 OFFSET(KgdtLimitHigh, KGDTENTRY64, Bytes.Flags2), 442 OFFSET(KgdtLimitLow, KGDTENTRY64, LimitLow), 443 //CONSTANT(KGDT_LIMIT_ENCODE_MASK), 444 //CONSTANT(KGDT_ENTRY_PRESENT), 445 446 HEADER("MACHINE_FRAME offsets"), 447 OFFSET(MfRip, MACHINE_FRAME, Rip), 448 OFFSET(MfSegCs, MACHINE_FRAME, SegCs), 449 OFFSET(MfEFlags, MACHINE_FRAME, EFlags), 450 OFFSET(MfRsp, MACHINE_FRAME, Rsp), 451 OFFSET(MfSegSs, MACHINE_FRAME, SegSs), 452 SIZE(MachineFrameLength, MACHINE_FRAME), 453 454 // MCE Recovery Context Offset Definitions 455 //OFFSET(MrcFlags, ????, Flags), 456 //OFFSET(MrcPhysicalAddress, ????, PhysicalAddress), 457 //SIZE(MceRecoveryContextLength, ????), 458 459 HEADER("KPRCB offsets"), 460 OFFSET(PbMxCsr, KPRCB, MxCsr), 461 OFFSET(PbNumber, KPRCB, Number), 462 OFFSET(PbInterruptRequest, KPRCB, InterruptRequest), 463 OFFSET(PbIdleHalt, KPRCB, IdleHalt), 464 OFFSET(PbCurrentThread, KPRCB, CurrentThread), 465 OFFSET(PbNextThread, KPRCB, NextThread), 466 OFFSET(PbIdleThread, KPRCB, IdleThread), 467 OFFSET(PbNestingLevel, KPRCB, NestingLevel), 468 OFFSET(PbRspBase, KPRCB, RspBase), 469 OFFSET(PbPrcbLock, KPRCB, PrcbLock), 470 #if (NTDDI_VERSION >= NTDDI_VISTA) 471 OFFSET(PbPriorityState, KPRCB, PriorityState), 472 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 473 OFFSET(PbSetMember, KPRCB, SetMember), // not Win 10 474 OFFSET(PbProcessorState, KPRCB, ProcessorState), 475 OFFSET(PbCpuType, KPRCB, CpuType), 476 OFFSET(PbCpuID, KPRCB, CpuID), 477 OFFSET(PbCpuStep, KPRCB, CpuStep), 478 OFFSET(PbHalReserved, KPRCB, HalReserved), 479 OFFSET(PbMinorVersion, KPRCB, MinorVersion), 480 OFFSET(PbMajorVersion, KPRCB, MajorVersion), 481 OFFSET(PbBuildType, KPRCB, BuildType), 482 OFFSET(PbCpuVendor, KPRCB, CpuVendor), 483 //OFFSET(PbCoresPerPhysicalProcessor, KPRCB, CoresPerPhysicalProcessor), 484 //OFFSET(PbLogicalProcessorsPerCore, KPRCB, LogicalProcessorsPerCore), 485 //OFFSET(PbGroup, KPRCB, Group), 486 //OFFSET(PbGroupIndex, KPRCB, GroupIndex), 487 OFFSET(PbApicMask, KPRCB, ApicMask), 488 OFFSET(PbCFlushSize, KPRCB, CFlushSize), 489 OFFSET(PbAcpiReserved, KPRCB, AcpiReserved), 490 OFFSET(PbInitialApicId, KPRCB, InitialApicId), 491 //OFFSET(PbStride, KPRCB, Stride), // not Win 10 492 OFFSET(PbLockQueue, KPRCB, LockQueue), 493 OFFSET(PbPPLookasideList, KPRCB, PPLookasideList), 494 OFFSET(PbPPNPagedLookasideList, KPRCB, PPNPagedLookasideList), 495 OFFSET(PbPPPagedLookasideList, KPRCB, PPPagedLookasideList), 496 OFFSET(PbPacketBarrier, KPRCB, PacketBarrier), 497 OFFSET(PbDeferredReadyListHead, KPRCB, DeferredReadyListHead), 498 OFFSET(PbLookasideIrpFloat, KPRCB, LookasideIrpFloat), 499 //OFFSET(PbSystemCalls, KPRCB, KeSystemCalls), 500 //OFFSET(PbReadOperationCount, KPRCB, IoReadOperationCount), 501 //OFFSET(PbWriteOperationCount, KPRCB, IoWriteOperationCount), 502 //OFFSET(PbOtherOperationCount, KPRCB, IoOtherOperationCount), 503 //OFFSET(PbReadTransferCount, KPRCB, IoReadTransferCount), 504 //OFFSET(PbWriteTransferCount, KPRCB, IoWriteTransferCount), 505 //OFFSET(PbOtherTransferCount, KPRCB, IoOtherTransferCount), 506 //OFFSET(PbContextSwitches, KPRCB, KeContextSwitches), 507 //OFFSET(PbLdtSelector, KPRCB, LdtSelector), // not Win 10 508 OFFSET(PbTargetSet, KPRCB, TargetSet), // not Win 10 509 //OFFSET(PbTargetCount, KPRCB, TargetCount), 510 OFFSET(PbIpiFrozen, KPRCB, IpiFrozen), 511 OFFSET(PbRequestMailbox, KPRCB, RequestMailbox), 512 OFFSET(PbSenderSummary, KPRCB, SenderSummary), // not Win 10 513 //OFFSET(PbDpcListHead, KPRCB, DpcListHead), // not Win 10 514 //OFFSET(PbDpcList, KPRCB, DpcList), 515 //OFFSET(PbDpcLock, KPRCB, DpcLock), 516 //OFFSET(PbDpcQueueDepth, KPRCB, DpcQueueDepth), // not Win 10 517 //OFFSET(PbDpcCount, KPRCB, DpcCount), 518 OFFSET(PbDpcStack, KPRCB, DpcStack), 519 OFFSET(PbMaximumDpcQueueDepth, KPRCB, MaximumDpcQueueDepth), 520 OFFSET(PbDpcRequestRate, KPRCB, DpcRequestRate), 521 OFFSET(PbMinimumDpcRate, KPRCB, MinimumDpcRate), 522 //OFFSET(PbDpcRequestSummary, KPRCB, DpcRequestSummary), 523 //OFFSET(PbNormalDpcState, KPRCB, NormalDpcState), 524 OFFSET(PbDpcInterruptRequested, KPRCB, DpcInterruptRequested), // not Win 10 525 OFFSET(PbDpcThreadRequested, KPRCB, DpcThreadRequested), // not Win 10 526 OFFSET(PbDpcRoutineActive, KPRCB, DpcRoutineActive), 527 OFFSET(PbDpcThreadActive, KPRCB, DpcThreadActive), // not Win 10 528 OFFSET(PbTimerHand, KPRCB, TimerHand), // not Win 10 529 OFFSET(PbTimerRequest, KPRCB, TimerRequest), // not Win 10 530 OFFSET(PbTickOffset, KPRCB, TickOffset), // not Win 10 531 //OFFSET(PbInterruptObject, KPRCB, InterruptObject), 532 OFFSET(PbMasterOffset, KPRCB, MasterOffset), // not Win 10 533 OFFSET(PbDpcLastCount, KPRCB, DpcLastCount), 534 OFFSET(PbQuantumEnd, KPRCB, QuantumEnd), 535 OFFSET(PbDpcSetEventRequest, KPRCB, DpcSetEventRequest), // not Win 10 536 OFFSET(PbIdleSchedule, KPRCB, IdleSchedule), 537 OFFSET(PbReadySummary, KPRCB, ReadySummary), 538 OFFSET(PbDispatcherReadyListHead, KPRCB, DispatcherReadyListHead), 539 OFFSET(PbInterruptCount, KPRCB, InterruptCount), 540 OFFSET(PbKernelTime, KPRCB, KernelTime), 541 OFFSET(PbUserTime, KPRCB, UserTime), 542 OFFSET(PbDpcTime, KPRCB, DpcTime), 543 OFFSET(PbInterruptTime, KPRCB, InterruptTime), 544 OFFSET(PbAdjustDpcThreshold, KPRCB, AdjustDpcThreshold), 545 OFFSET(PbSkipTick, KPRCB, SkipTick), // not Win 10 546 OFFSET(PbPollSlot, KPRCB, PollSlot), // not Win 10 547 OFFSET(PbParentNode, KPRCB, ParentNode), 548 OFFSET(PbMultiThreadProcessorSet, KPRCB, MultiThreadProcessorSet), 549 OFFSET(PbMultiThreadSetMaster, KPRCB, MultiThreadSetMaster), // not Win 10 550 //OFFSET(PbStartCycles, KPRCB, StartCycles), 551 OFFSET(PbPageColor, KPRCB, PageColor), 552 OFFSET(PbNodeColor, KPRCB, NodeColor), 553 OFFSET(PbNodeShiftedColor, KPRCB,NodeShiftedColor), 554 OFFSET(PbSecondaryColorMask, KPRCB, SecondaryColorMask), 555 OFFSET(PbSleeping, KPRCB, Sleeping), // not Win 10 556 //OFFSET(PbCycleTime, KPRCB, CycleTime), 557 //OFFSET(PbFastReadNoWait, KPRCB, FastReadNoWait), 558 //OFFSET(PbFastReadWait, KPRCB, FastReadWait), 559 //OFFSET(PbFastReadNotPossible, KPRCB, FastReadNotPossible), 560 //OFFSET(PbCopyReadNoWait, KPRCB, CopyReadNoWait), 561 //OFFSET(PbCopyReadWait, KPRCB, CopyReadWait), 562 //OFFSET(PbCopyReadNoWaitMiss, KPRCB, CopyReadNoWaitMiss), 563 //OFFSET(PbAlignmentFixupCount, KPRCB, AlignmentFixupCount), 564 //OFFSET(PbExceptionDispatchCount, KPRCB, ExceptionDispatchCount), 565 //OFFSET(PbKeSpinLockOrdering, KPRCB, KeSpinLockOrdering), 566 OFFSET(PbVendorString, KPRCB, VendorString), 567 OFFSET(PbPowerState, KPRCB, PowerState), // not Win 10 568 //OFFSET(PbContext, KPRCB, Context), 569 //OFFSET(PbIsrStack, KPRCB, IsrStack), 570 //OFFSET(PbEntropyCount, KPRCB, EntropyTimingState.EntropyCount), // not Win 10 571 //OFFSET(PbEntropyBuffer, KPRCB, EntropyTimingState.Buffer), // not Win 10 572 //OFFSET(PbMailbox, KPRCB, Mailbox), 573 //OFFSET(PbBamFlags, KPRCB, BamFlags), 574 SIZE(ProcessorBlockLength, KPRCB), 575 576 HEADER("KPCR"), 577 //OFFSET(PcGdt, KPCR, Gdt), 578 //OFFSET(PcTss, KPCR, Tss), 579 OFFSET(PcUserRsp, KPCR, UserRsp), 580 OFFSET(PcSelf, KPCR, Self), 581 OFFSET(PcCurrentPrcb, KPCR, CurrentPrcb), 582 OFFSET(PcLockArray, KPCR, LockArray), 583 //OFFSET(PcTeb, KPCR, Used_Self), 584 //OFFSET(PcIdt, KPCR, IdtBase), 585 OFFSET(PcIrql, KPCR, Irql), 586 OFFSET(PcStallScaleFactor, KPCR, StallScaleFactor), 587 OFFSET(PcHalReserved, KPCR, HalReserved), 588 //OFFSET(PcPrcb, KPCR, Prcb), 589 OFFSET(PcMxCsr, KIPCR, Prcb.MxCsr), 590 //OFFSET(PcNumber, KPCR, Number), 591 //OFFSET(PcInterruptRequest, KPCR, InterruptRequest), 592 //OFFSET(PcIdleHalt, KPCR, IdleHalt), 593 OFFSET(PcCurrentThread, KIPCR, Prcb.CurrentThread), 594 //OFFSET(PcNextThread, KPCR, NextThread), 595 //OFFSET(PcIdleThread, KPCR, IdleThread), 596 //OFFSET(PcIpiFrozen, KPCR, IpiFrozen), 597 //OFFSET(PcNestingLevel, KPCR, NestingLevel), 598 OFFSET(PcRspBase, KIPCR, Prcb.RspBase), 599 //OFFSET(PcPrcbLock, KPCR, PrcbLock), 600 OFFSET(PcSetMember, KIPCR, Prcb.SetMember), // not Win 10 601 #if 0 602 OFFSET(PcCr0, KIPCR, Prcb.Cr0), 603 OFFSET(PcCr2, KIPCR, Prcb.Cr2), 604 OFFSET(PcCr3, KIPCR, Prcb.Cr3), 605 OFFSET(PcCr4, KIPCR, Prcb.Cr4), 606 OFFSET(PcKernelDr0, KIPCR, Prcb.KernelDr0), 607 OFFSET(PcKernelDr1, KIPCR, Prcb.KernelDr1), 608 OFFSET(PcKernelDr2, KIPCR, Prcb.KernelDr2), 609 OFFSET(PcKernelDr3, KIPCR, Prcb.KernelDr3), 610 OFFSET(PcKernelDr7, KIPCR, Prcb.KernelDr7), 611 OFFSET(PcGdtrLimit, KIPCR, Prcb.GdtrLimit), 612 OFFSET(PcGdtrBase, KIPCR, Prcb.GdtrBase), 613 OFFSET(PcIdtrLimit, KIPCR, IdtrLimit), 614 OFFSET(PcIdtrBase, KIPCR, IdtrBase), 615 OFFSET(PcTr, KIPCR, Tr), 616 OFFSET(PcLdtr, KIPCR, Ldtr), 617 OFFSET(PcDebugControl, KIPCR, DebugControl), 618 OFFSET(PcLastBranchToRip, KIPCR, LastBranchToRip), 619 OFFSET(PcLastBranchFromRip, KIPCR, LastBranchFromRip), 620 OFFSET(PcLastExceptionToRip, KIPCR, LastExceptionToRip), 621 OFFSET(PcLastExceptionFromRip, KIPCR, LastExceptionFromRip), 622 OFFSET(PcCr8, KIPCR, Cr8), 623 #endif 624 OFFSET(PcCpuType, KIPCR, Prcb.CpuType), 625 OFFSET(PcCpuID, KIPCR, Prcb.CpuID), 626 OFFSET(PcCpuStep, KIPCR, Prcb.CpuStep), 627 OFFSET(PcCpuVendor, KIPCR, Prcb.CpuVendor), 628 OFFSET(PcCFlushSize, KIPCR, Prcb.CFlushSize), 629 OFFSET(PcDeferredReadyListHead, KIPCR, Prcb.DeferredReadyListHead), 630 OFFSET(PcSystemCalls, KIPCR, Prcb.KeSystemCalls), 631 OFFSET(PcDpcRoutineActive, KIPCR, Prcb.DpcRoutineActive), 632 OFFSET(PcInterruptCount, KIPCR, Prcb.InterruptCount), 633 OFFSET(PcDebuggerSavedIRQL, KIPCR, Prcb.DebuggerSavedIRQL), 634 OFFSET(PcTickOffset, KIPCR, Prcb.TickOffset), // not Win 10 635 OFFSET(PcMasterOffset, KIPCR, Prcb.MasterOffset), 636 OFFSET(PcSkipTick, KIPCR, Prcb.SkipTick), // not Win 10 637 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 638 OFFSET(PcVirtualApicAssist, KIPCR, Prcb.VirtualApicAssist), 639 OFFSET(PcStartCycles, KIPCR, Prcb.StartCycles), 640 #endif 641 //OFFSET(PcFeatureBits, KIPCR, Prcb.FeatureBits), 642 //OFFSET(PcNmiActive, KIPCR, Prcb.NmiActive), 643 //OFFSET(PcDeepSleep, KIPCR, Prcb.DeepSleep), 644 //OFFSET(PcSfCode equ 066A8H, KIPCR, Prcb.SfCode), 645 //OFFSET(PcSfVa equ 066B0H, KIPCR, Prcb.SfVa), 646 SIZE(ProcessorControlRegisterLength, KIPCR), 647 648 HEADER("KPROCESSOR_START_BLOCK offsets"), 649 OFFSET(PsbCompletionFlag, KPROCESSOR_START_BLOCK, CompletionFlag), 650 OFFSET(PsbFlags, KPROCESSOR_START_BLOCK, Flags), 651 OFFSET(PsbGdt32, KPROCESSOR_START_BLOCK, Gdt32), 652 OFFSET(PsbIdt32, KPROCESSOR_START_BLOCK, Idt32), 653 OFFSET(PsbGdt, KPROCESSOR_START_BLOCK, Gdt), 654 OFFSET(PsbTiledMemoryMap, KPROCESSOR_START_BLOCK, TiledMemoryMap), 655 OFFSET(PsbPmTarget, KPROCESSOR_START_BLOCK, PmTarget), 656 OFFSET(PsbLmIdentityTarget, KPROCESSOR_START_BLOCK, LmIdentityTarget), 657 OFFSET(PsbLmTarget, KPROCESSOR_START_BLOCK, LmTarget), 658 OFFSET(PsbSelfMap, KPROCESSOR_START_BLOCK, SelfMap), 659 OFFSET(PsbMsrPat, KPROCESSOR_START_BLOCK, MsrPat), 660 OFFSET(PsbMsrEFER, KPROCESSOR_START_BLOCK, MsrEFER), 661 OFFSET(PsbProcessorState, KPROCESSOR_START_BLOCK, ProcessorState), 662 SIZE(ProcessorStartBlockLength, KPROCESSOR_START_BLOCK), 663 CONSTANT(PROCESSOR_START_FLAG_FORCE_ENABLE_NX), 664 665 HEADER("KPROCESSOR_STATE offsets"), 666 OFFSET(PsSpecialRegisters, KPROCESSOR_STATE, SpecialRegisters), 667 OFFSET(PsCr0, KPROCESSOR_STATE, SpecialRegisters.Cr0), 668 OFFSET(PsCr2, KPROCESSOR_STATE, SpecialRegisters.Cr2), 669 OFFSET(PsCr3, KPROCESSOR_STATE, SpecialRegisters.Cr3), 670 OFFSET(PsCr4, KPROCESSOR_STATE, SpecialRegisters.Cr4), 671 OFFSET(PsKernelDr0, KPROCESSOR_STATE, SpecialRegisters.KernelDr0), 672 OFFSET(PsKernelDr1, KPROCESSOR_STATE, SpecialRegisters.KernelDr1), 673 OFFSET(PsKernelDr2, KPROCESSOR_STATE, SpecialRegisters.KernelDr2), 674 OFFSET(PsKernelDr3, KPROCESSOR_STATE, SpecialRegisters.KernelDr3), 675 OFFSET(PsKernelDr6, KPROCESSOR_STATE, SpecialRegisters.KernelDr6), 676 OFFSET(PsKernelDr7, KPROCESSOR_STATE, SpecialRegisters.KernelDr7), 677 OFFSET(PsGdtr, KPROCESSOR_STATE, SpecialRegisters.Gdtr), 678 OFFSET(PsIdtr, KPROCESSOR_STATE, SpecialRegisters.Idtr), 679 OFFSET(PsTr, KPROCESSOR_STATE, SpecialRegisters.Tr), 680 OFFSET(PsLdtr, KPROCESSOR_STATE, SpecialRegisters.Ldtr), 681 OFFSET(PsMxCsr, KPROCESSOR_STATE, SpecialRegisters.MxCsr), 682 //OFFSET(PsMsrGsBase, KPROCESSOR_STATE, MsrGsBase), 683 //OFFSET(PsMsrGsSwap, KPROCESSOR_STATE, MsrGsSwap), 684 //OFFSET(PsMsrStar, KPROCESSOR_STATE, MsrStar), 685 //OFFSET(PsMsrLStar, KPROCESSOR_STATE, MsrLStar), 686 //OFFSET(PsMsrCStar, KPROCESSOR_STATE, MsrCStar), 687 //OFFSET(PsMsrSyscallMask, KPROCESSOR_STATE, MsrSyscallMask), 688 //OFFSET(PsXcr0, KPROCESSOR_STATE, Xcr0), 689 //OFFSET(PsMsrFsBase, KPROCESSOR_STATE, MsrFsBase), 690 OFFSET(PsContextFrame, KPROCESSOR_STATE, ContextFrame), 691 OFFSET(PsDebugControl, KPROCESSOR_STATE, SpecialRegisters.DebugControl), 692 OFFSET(PsLastBranchToRip, KPROCESSOR_STATE, SpecialRegisters.LastBranchToRip), 693 OFFSET(PsLastBranchFromRip, KPROCESSOR_STATE, SpecialRegisters.LastBranchFromRip), 694 OFFSET(PsLastExceptionToRip, KPROCESSOR_STATE, SpecialRegisters.LastExceptionToRip), 695 OFFSET(PsLastExceptionFromRip, KPROCESSOR_STATE, SpecialRegisters.LastExceptionFromRip), 696 OFFSET(PsCr8, KPROCESSOR_STATE, SpecialRegisters.Cr8), 697 SIZE(ProcessorStateLength, KPROCESSOR_STATE), 698 699 HEADER("KSTART_FRAME"), 700 OFFSET(SfP1Home, KSTART_FRAME, P1Home), 701 OFFSET(SfP2Home, KSTART_FRAME, P2Home), 702 OFFSET(SfP3Home, KSTART_FRAME, P3Home), 703 OFFSET(SfP4Home, KSTART_FRAME, P4Home), 704 OFFSET(SfReturn, KSTART_FRAME, Return), 705 SIZE(KSTART_FRAME_LENGTH, KSTART_FRAME), 706 707 HEADER("KSPECIAL_REGISTERS"), 708 OFFSET(SrKernelDr0, KSPECIAL_REGISTERS, KernelDr0), 709 OFFSET(SrKernelDr1, KSPECIAL_REGISTERS, KernelDr1), 710 OFFSET(SrKernelDr2, KSPECIAL_REGISTERS, KernelDr2), 711 OFFSET(SrKernelDr3, KSPECIAL_REGISTERS, KernelDr3), 712 OFFSET(SrKernelDr6, KSPECIAL_REGISTERS, KernelDr6), 713 OFFSET(SrKernelDr7, KSPECIAL_REGISTERS, KernelDr7), 714 OFFSET(SrGdtr, KSPECIAL_REGISTERS, Gdtr), 715 OFFSET(SrIdtr, KSPECIAL_REGISTERS, Idtr), 716 OFFSET(SrTr, KSPECIAL_REGISTERS, Tr), 717 OFFSET(SrMxCsr, KSPECIAL_REGISTERS, MxCsr), 718 OFFSET(SrMsrGsBase, KSPECIAL_REGISTERS, MsrGsBase), 719 OFFSET(SrMsrGsSwap, KSPECIAL_REGISTERS, MsrGsSwap), 720 OFFSET(SrMsrStar, KSPECIAL_REGISTERS, MsrStar), 721 OFFSET(SrMsrLStar, KSPECIAL_REGISTERS, MsrLStar), 722 OFFSET(SrMsrCStar, KSPECIAL_REGISTERS, MsrCStar), 723 OFFSET(SrMsrSyscallMask, KSPECIAL_REGISTERS, MsrSyscallMask), 724 //OFFSET(SrXcr0, KSPECIAL_REGISTERS, Xcr0), 725 //OFFSET(SrMsrFsBase, KSPECIAL_REGISTERS, MsrFsBase), 726 727 HEADER("KSYSTEM_TIME"), // obsolete in win 10 728 OFFSET(StLowTime, KSYSTEM_TIME, LowPart), 729 OFFSET(StHigh1Time, KSYSTEM_TIME, High1Time), 730 OFFSET(StHigh2Time, KSYSTEM_TIME, High2Time), 731 732 HEADER("KSWITCH_FRAME"), 733 OFFSET(SwP5Home, KSWITCH_FRAME, P5Home), 734 OFFSET(SwApcBypass, KSWITCH_FRAME, ApcBypass), 735 OFFSET(SwRbp, KSWITCH_FRAME, Rbp), 736 OFFSET(SwReturn, KSWITCH_FRAME, Return), 737 SIZE(SwitchFrameLength, KSWITCH_FRAME), // not in Win 10 738 SIZE(KSWITCH_FRAME_LENGTH, KSWITCH_FRAME), 739 740 #if (NTDDI_VERSION >= NTDDI_WIN7) 741 HEADER("KTIMER_TABLE offsets"), // not in win 10 742 OFFSET(TtEntry, KTIMER_TABLE, TimerEntries), 743 OFFSET(TtTime, KTIMER_TABLE_ENTRY, Time), 744 SIZE(TIMER_ENTRY_SIZE, KTIMER_TABLE_ENTRY), 745 SIZE(TIMER_TABLE_SIZE, KTIMER_TABLE), 746 SIZE(KTIMER_TABLE_SIZE, KTIMER_TABLE), 747 #endif 748 749 #if 0 // FIXME: reloffset??? 750 HEADER("KTRAP_FRAME offsets"), 751 OFFSET(TrP1Home, KTRAP_FRAME, TrP1Home), 752 OFFSET(TrP2Home, KTRAP_FRAME, TrP2Home), 753 OFFSET(TrP3Home, KTRAP_FRAME, TrP3Home), 754 OFFSET(TrP4Home, KTRAP_FRAME, TrP4Home), 755 OFFSET(TrP5, KTRAP_FRAME, P5), 756 OFFSET(TrPreviousMode, KTRAP_FRAME, PreviousMode), 757 OFFSET(TrPreviousIrql, KTRAP_FRAME, PreviousIrql), 758 OFFSET(TrFaultIndicator, KTRAP_FRAME, TrP1Home), 759 OFFSET(TrExceptionActive, KTRAP_FRAME, TrP1Home), 760 OFFSET(TrMxCsr, KTRAP_FRAME, TrP1Home), 761 OFFSET(TrRax equ 0FFFFFFB0H), 762 OFFSET(TrRcx equ 0FFFFFFB8H), 763 OFFSET(TrRdx equ 0FFFFFFC0H), 764 OFFSET(TrR8 equ 0FFFFFFC8H), 765 OFFSET(TrR9 equ 0FFFFFFD0H), 766 OFFSET(TrR10 equ 0FFFFFFD8H), 767 OFFSET(TrR11 equ 0FFFFFFE0H), 768 OFFSET(TrGsBase equ 0FFFFFFE8H), 769 OFFSET(TrGsSwap equ 0FFFFFFE8H), 770 OFFSET(TrXmm0 equ 0FFFFFFF0H), 771 OFFSET(TrXmm1 equ 00000H), 772 OFFSET(TrXmm2 equ 00010H), 773 OFFSET(TrXmm3 equ 00020H), 774 OFFSET(TrXmm4 equ 00030H), 775 OFFSET(TrXmm5 equ 00040H), 776 OFFSET(TrFaultAddress equ 00050H), 777 OFFSET(TrDr0 equ 00058H), 778 OFFSET(TrDr1 equ 00060H), 779 OFFSET(TrDr2 equ 00068H), 780 OFFSET(TrDr3 equ 00070H), 781 OFFSET(TrDr6 equ 00078H), 782 OFFSET(TrDr7 equ 00080H), 783 OFFSET(TrDebugControl equ 00088H), 784 OFFSET(TrLastBranchToRip equ 00090H), 785 OFFSET(TrLastBranchFromRip equ 00098H), 786 OFFSET(TrLastExceptionToRip equ 000A0H), 787 OFFSET(TrLastExceptionFromRip equ 000A8H), 788 OFFSET(TrSegDs equ 000B0H), 789 OFFSET(TrSegEs equ 000B2H), 790 OFFSET(TrSegFs equ 000B4H), 791 OFFSET(TrSegGs equ 000B6H), 792 OFFSET(TrTrapFrame equ 000B8H), 793 OFFSET(TrRbx equ 000C0H), 794 OFFSET(TrRdi equ 000C8H), 795 OFFSET(TrRsi equ 000D0H), 796 OFFSET(TrRbp equ 000D8H), 797 OFFSET(TrErrorCode equ 000E0H), 798 OFFSET(TrRip equ 000E8H), 799 OFFSET(TrSegCs equ 000F0H), 800 OFFSET(TrLogging equ 000F3H), 801 OFFSET(TrEFlags equ 000F8H), 802 OFFSET(TrRsp equ 00100H), 803 OFFSET(TrSegSs equ 00108H), 804 #endif 805 SIZE(KTRAP_FRAME_LENGTH, KTRAP_FRAME), 806 807 HEADER("KTSS offsets"), 808 OFFSET(TssRsp0, KTSS64, Rsp0), 809 OFFSET(TssRsp1, KTSS64, Rsp1), 810 OFFSET(TssRsp2, KTSS64, Rsp2), 811 OFFSET(TssPanicStack, KTSS64, Ist[1]), 812 OFFSET(TssMcaStack, KTSS64, Ist[2]), 813 OFFSET(TssNmiStack, KTSS64, Ist[3]), 814 OFFSET(TssIoMapBase, KTSS64, IoMapBase), 815 SIZE(TssLength, KTSS64), 816 817 #if (NTDDI_VERSION >= NTDDI_WIN7) 818 HEADER("RTL_UMS_CONTEXT offsets"), 819 OFFSET(UcLink, RTL_UMS_CONTEXT, Link), 820 OFFSET(UcContext, RTL_UMS_CONTEXT, Context), 821 OFFSET(UcTeb, RTL_UMS_CONTEXT, Teb), 822 OFFSET(UcFlags, RTL_UMS_CONTEXT, Flags), 823 OFFSET(UcContextLock, RTL_UMS_CONTEXT, ContextLock), 824 OFFSET(UcPrimaryUmsContext, RTL_UMS_CONTEXT, PrimaryUmsContext), 825 SIZE(RTL_UMS_CONTEXT_LENGTH, RTL_UMS_CONTEXT), 826 827 HEADER("KUMS_CONTEXT_HEADER offsets"), 828 OFFSET(UchStackTop, KUMS_CONTEXT_HEADER, StackTop), 829 OFFSET(UchStackSize, KUMS_CONTEXT_HEADER, StackSize), 830 OFFSET(UchRspOffset, KUMS_CONTEXT_HEADER, RspOffset), 831 OFFSET(UchRip, KUMS_CONTEXT_HEADER, Rip), 832 OFFSET(UchFltSave, KUMS_CONTEXT_HEADER, FltSave), 833 OFFSET(UchFlags, KUMS_CONTEXT_HEADER, Flags), 834 OFFSET(UchTrapFrame, KUMS_CONTEXT_HEADER, TrapFrame), 835 OFFSET(UchExceptionFrame, KUMS_CONTEXT_HEADER, ExceptionFrame), 836 SIZE(KUMS_CONTEXT_HEADER_LENGTH, KUMS_CONTEXT_HEADER), 837 838 HEADER("UMS_CONTROL_BLOCK offsets"), 839 OFFSET(UcbUmsTeb, UMS_CONTROL_BLOCK, UmsTeb), 840 #endif 841 842 HEADER("XSTATE_CONFIGURATION offsets"), 843 OFFSET(XcfgEnabledFeatures, XSTATE_CONFIGURATION, EnabledFeatures), 844 #if (NTDDI_VERSION >= NTDDI_WIN10) 845 OFFSET(XcfgEnabledVolatileFeatures, XSTATE_CONFIGURATION, EnabledFeatures), 846 OFFSET(XcfgEnabledSupervisorFeatures, XSTATE_CONFIGURATION, EnabledSupervisorFeaturestures), 847 #endif 848 849 HEADER("XSTATE_CONTEXT offsets"), 850 OFFSET(XctxMask, XSTATE_CONTEXT, Mask), 851 OFFSET(XctxLength, XSTATE_CONTEXT, Length), 852 OFFSET(XctxArea, XSTATE_CONTEXT, Area), 853 854 HEADER("XSAVE_AREA offsets"), 855 OFFSET(XsaHeader, XSAVE_AREA, Header), 856 SIZE(XsaHeaderLength, XSAVE_AREA_HEADER), 857 //CONSTANTX(XSAVE_ALIGN, _alignof(XSAVE_AREA)), 858 859 //CONSTANT(CFlushSize), 860 861 HEADER("KTHREAD offsets"), 862 #if (NTDDI_VERSION >= NTDDI_VISTA) 863 OFFSET(ThTebMappedLowVa, KTHREAD, TebMappedLowVa), // not Win 10 864 OFFSET(ThUcb, KTHREAD, Ucb), 865 //OFFSET(ThBase, KTHREAD, Base?), 866 //OFFSET(ThLimit, KTHREAD, Limit?), 867 #endif 868 869 #if (NTDDI_VERSION >= NTDDI_VISTA) 870 HEADER("KPROCESS offsets"), 871 OFFSET(PrLdtSystemDescriptor, KPROCESS, LdtSystemDescriptor), // not Win 10 872 OFFSET(PrLdtBaseAddress, KPROCESS, LdtBaseAddress), // not Win 10 873 #endif 874 875 876 /// ROS definitions 877 878 HEADER("CONTEXT"), 879 OFFSET(CONTEXT_P1Home, CONTEXT, P1Home), 880 OFFSET(CONTEXT_P2Home, CONTEXT, P2Home), 881 OFFSET(CONTEXT_P3Home, CONTEXT, P3Home), 882 OFFSET(CONTEXT_P4Home, CONTEXT, P4Home), 883 OFFSET(CONTEXT_P5Home, CONTEXT, P5Home), 884 OFFSET(CONTEXT_P6Home, CONTEXT, P6Home), 885 OFFSET(CONTEXT_ContextFlags, CONTEXT, ContextFlags), 886 OFFSET(CONTEXT_MxCsr, CONTEXT, MxCsr), 887 OFFSET(CONTEXT_SegCs, CONTEXT, SegCs), 888 OFFSET(CONTEXT_SegDs, CONTEXT, SegDs), 889 OFFSET(CONTEXT_SegEs, CONTEXT, SegEs), 890 OFFSET(CONTEXT_SegFs, CONTEXT, SegFs), 891 OFFSET(CONTEXT_SegGs, CONTEXT, SegGs), 892 OFFSET(CONTEXT_SegSs, CONTEXT, SegSs), 893 OFFSET(CONTEXT_EFlags, CONTEXT, EFlags), 894 OFFSET(CONTEXT_Dr0, CONTEXT, Dr0), 895 OFFSET(CONTEXT_Dr1, CONTEXT, Dr1), 896 OFFSET(CONTEXT_Dr2, CONTEXT, Dr2), 897 OFFSET(CONTEXT_Dr3, CONTEXT, Dr3), 898 OFFSET(CONTEXT_Dr6, CONTEXT, Dr6), 899 OFFSET(CONTEXT_Dr7, CONTEXT, Dr7), 900 OFFSET(CONTEXT_Rax, CONTEXT, Rax), 901 OFFSET(CONTEXT_Rcx, CONTEXT, Rcx), 902 OFFSET(CONTEXT_Rdx, CONTEXT, Rdx), 903 OFFSET(CONTEXT_Rbx, CONTEXT, Rbx), 904 OFFSET(CONTEXT_Rsp, CONTEXT, Rsp), 905 OFFSET(CONTEXT_Rbp, CONTEXT, Rbp), 906 OFFSET(CONTEXT_Rsi, CONTEXT, Rsi), 907 OFFSET(CONTEXT_Rdi, CONTEXT, Rdi), 908 OFFSET(CONTEXT_R8, CONTEXT, R8), 909 OFFSET(CONTEXT_R9, CONTEXT, R9), 910 OFFSET(CONTEXT_R10, CONTEXT, R10), 911 OFFSET(CONTEXT_R11, CONTEXT, R11), 912 OFFSET(CONTEXT_R12, CONTEXT, R12), 913 OFFSET(CONTEXT_R13, CONTEXT, R13), 914 OFFSET(CONTEXT_R14, CONTEXT, R14), 915 OFFSET(CONTEXT_R15, CONTEXT, R15), 916 OFFSET(CONTEXT_Rip, CONTEXT, Rip), 917 OFFSET(CONTEXT_FltSave, CONTEXT, FltSave), 918 OFFSET(CONTEXT_Xmm0, CONTEXT, Xmm0), 919 OFFSET(CONTEXT_Xmm1, CONTEXT, Xmm1), 920 OFFSET(CONTEXT_Xmm2, CONTEXT, Xmm2), 921 OFFSET(CONTEXT_Xmm3, CONTEXT, Xmm3), 922 OFFSET(CONTEXT_Xmm4, CONTEXT, Xmm4), 923 OFFSET(CONTEXT_Xmm5, CONTEXT, Xmm5), 924 OFFSET(CONTEXT_Xmm6, CONTEXT, Xmm6), 925 OFFSET(CONTEXT_Xmm7, CONTEXT, Xmm7), 926 OFFSET(CONTEXT_Xmm8, CONTEXT, Xmm8), 927 OFFSET(CONTEXT_Xmm9, CONTEXT, Xmm9), 928 OFFSET(CONTEXT_Xmm10, CONTEXT, Xmm10), 929 OFFSET(CONTEXT_Xmm11, CONTEXT, Xmm11), 930 OFFSET(CONTEXT_Xmm12, CONTEXT, Xmm12), 931 OFFSET(CONTEXT_Xmm13, CONTEXT, Xmm13), 932 OFFSET(CONTEXT_Xmm14, CONTEXT, Xmm14), 933 OFFSET(CONTEXT_Xmm15, CONTEXT, Xmm15), 934 OFFSET(CONTEXT_DebugControl, CONTEXT, DebugControl), 935 OFFSET(CONTEXT_LastBranchToRip, CONTEXT, LastBranchToRip), 936 OFFSET(CONTEXT_LastBranchFromRip, CONTEXT, LastBranchFromRip), 937 OFFSET(CONTEXT_LastExceptionToRip, CONTEXT, LastExceptionToRip), 938 OFFSET(CONTEXT_LastExceptionFromRip, CONTEXT, LastExceptionFromRip), 939 OFFSET(CONTEXT_VectorControl, CONTEXT, VectorControl), 940 OFFSET(CONTEXT_VectorRegister, CONTEXT, VectorRegister), 941 SIZE(CONTEXT_FRAME_LENGTH, CONTEXT), 942 943 HEADER("KEXCEPTION_FRAME"), 944 OFFSET(KEXCEPTION_FRAME_P1Home, KEXCEPTION_FRAME, P1Home), 945 OFFSET(KEXCEPTION_FRAME_P2Home, KEXCEPTION_FRAME, P2Home), 946 OFFSET(KEXCEPTION_FRAME_P3Home, KEXCEPTION_FRAME, P3Home), 947 OFFSET(KEXCEPTION_FRAME_P4Home, KEXCEPTION_FRAME, P4Home), 948 OFFSET(KEXCEPTION_FRAME_P5, KEXCEPTION_FRAME, P5), 949 OFFSET(KEXCEPTION_FRAME_Xmm6, KEXCEPTION_FRAME, Xmm6), 950 OFFSET(KEXCEPTION_FRAME_Xmm7, KEXCEPTION_FRAME, Xmm7), 951 OFFSET(KEXCEPTION_FRAME_Xmm8, KEXCEPTION_FRAME, Xmm8), 952 OFFSET(KEXCEPTION_FRAME_Xmm9, KEXCEPTION_FRAME, Xmm9), 953 OFFSET(KEXCEPTION_FRAME_Xmm10, KEXCEPTION_FRAME, Xmm10), 954 OFFSET(KEXCEPTION_FRAME_Xmm11, KEXCEPTION_FRAME, Xmm11), 955 OFFSET(KEXCEPTION_FRAME_Xmm12, KEXCEPTION_FRAME, Xmm12), 956 OFFSET(KEXCEPTION_FRAME_Xmm13, KEXCEPTION_FRAME, Xmm13), 957 OFFSET(KEXCEPTION_FRAME_Xmm14, KEXCEPTION_FRAME, Xmm14), 958 OFFSET(KEXCEPTION_FRAME_Xmm15, KEXCEPTION_FRAME, Xmm15), 959 OFFSET(KEXCEPTION_FRAME_MxCsr, KEXCEPTION_FRAME, MxCsr), 960 OFFSET(KEXCEPTION_FRAME_Rbp, KEXCEPTION_FRAME, Rbp), 961 OFFSET(KEXCEPTION_FRAME_Rbx, KEXCEPTION_FRAME, Rbx), 962 OFFSET(KEXCEPTION_FRAME_Rdi, KEXCEPTION_FRAME, Rdi), 963 OFFSET(KEXCEPTION_FRAME_Rsi, KEXCEPTION_FRAME, Rsi), 964 OFFSET(KEXCEPTION_FRAME_R12, KEXCEPTION_FRAME, R12), 965 OFFSET(KEXCEPTION_FRAME_R13, KEXCEPTION_FRAME, R13), 966 OFFSET(KEXCEPTION_FRAME_R14, KEXCEPTION_FRAME, R14), 967 OFFSET(KEXCEPTION_FRAME_R15, KEXCEPTION_FRAME, R15), 968 OFFSET(KEXCEPTION_FRAME_Return, KEXCEPTION_FRAME, Return), 969 OFFSET(KEXCEPTION_FRAME_TrapFrame, KEXCEPTION_FRAME, TrapFrame), 970 OFFSET(KEXCEPTION_FRAME_OutputBuffer, KEXCEPTION_FRAME, OutputBuffer), 971 OFFSET(KEXCEPTION_FRAME_OutputLength, KEXCEPTION_FRAME, OutputLength), 972 SIZE(KEXCEPTION_FRAME_LENGTH, KEXCEPTION_FRAME), 973 974 HEADER("KTRAP_FRAME"), 975 OFFSET(KTRAP_FRAME_P1Home, KTRAP_FRAME, P1Home), 976 OFFSET(KTRAP_FRAME_P2Home, KTRAP_FRAME, P2Home), 977 OFFSET(KTRAP_FRAME_P3Home, KTRAP_FRAME, P3Home), 978 OFFSET(KTRAP_FRAME_P4Home, KTRAP_FRAME, P4Home), 979 OFFSET(KTRAP_FRAME_P5, KTRAP_FRAME, P5), 980 OFFSET(KTRAP_FRAME_PreviousMode, KTRAP_FRAME, PreviousMode), 981 OFFSET(KTRAP_FRAME_PreviousIrql, KTRAP_FRAME, PreviousIrql), 982 OFFSET(KTRAP_FRAME_FaultIndicator, KTRAP_FRAME, FaultIndicator), 983 OFFSET(KTRAP_FRAME_ExceptionActive, KTRAP_FRAME, ExceptionActive), 984 OFFSET(KTRAP_FRAME_MxCsr, KTRAP_FRAME, MxCsr), 985 OFFSET(KTRAP_FRAME_Rax, KTRAP_FRAME, Rax), 986 OFFSET(KTRAP_FRAME_Rcx, KTRAP_FRAME, Rcx), 987 OFFSET(KTRAP_FRAME_Rdx, KTRAP_FRAME, Rdx), 988 OFFSET(KTRAP_FRAME_R8, KTRAP_FRAME, R8), 989 OFFSET(KTRAP_FRAME_R9, KTRAP_FRAME, R9), 990 OFFSET(KTRAP_FRAME_R10, KTRAP_FRAME, R10), 991 OFFSET(KTRAP_FRAME_R11, KTRAP_FRAME, R11), 992 OFFSET(KTRAP_FRAME_GsBase, KTRAP_FRAME, GsBase), 993 OFFSET(KTRAP_FRAME_GsSwap, KTRAP_FRAME,GsSwap), 994 OFFSET(KTRAP_FRAME_Xmm0, KTRAP_FRAME, Xmm0), 995 OFFSET(KTRAP_FRAME_Xmm1, KTRAP_FRAME, Xmm1), 996 OFFSET(KTRAP_FRAME_Xmm2, KTRAP_FRAME, Xmm2), 997 OFFSET(KTRAP_FRAME_Xmm3, KTRAP_FRAME, Xmm3), 998 OFFSET(KTRAP_FRAME_Xmm4, KTRAP_FRAME, Xmm4), 999 OFFSET(KTRAP_FRAME_Xmm5, KTRAP_FRAME, Xmm5), 1000 OFFSET(KTRAP_FRAME_FaultAddress, KTRAP_FRAME, FaultAddress), 1001 OFFSET(KTRAP_FRAME_TimeStampCKCL, KTRAP_FRAME, TimeStampCKCL), 1002 OFFSET(KTRAP_FRAME_Dr0, KTRAP_FRAME, Dr0), 1003 OFFSET(KTRAP_FRAME_Dr1, KTRAP_FRAME, Dr1), 1004 OFFSET(KTRAP_FRAME_Dr2, KTRAP_FRAME, Dr2), 1005 OFFSET(KTRAP_FRAME_Dr3, KTRAP_FRAME, Dr3), 1006 OFFSET(KTRAP_FRAME_Dr6, KTRAP_FRAME, Dr6), 1007 OFFSET(KTRAP_FRAME_Dr7, KTRAP_FRAME, Dr7), 1008 OFFSET(KTRAP_FRAME_DebugControl, KTRAP_FRAME, DebugControl), 1009 OFFSET(KTRAP_FRAME_LastBranchToRip, KTRAP_FRAME, LastBranchToRip), 1010 OFFSET(KTRAP_FRAME_LastBranchFromRip, KTRAP_FRAME, LastBranchFromRip), 1011 OFFSET(KTRAP_FRAME_LastExceptionToRip, KTRAP_FRAME, LastExceptionToRip), 1012 OFFSET(KTRAP_FRAME_LastExceptionFromRip, KTRAP_FRAME, LastExceptionFromRip), 1013 OFFSET(KTRAP_FRAME_LastBranchControl, KTRAP_FRAME, LastBranchControl), 1014 OFFSET(KTRAP_FRAME_LastBranchMSR, KTRAP_FRAME, LastBranchMSR), 1015 OFFSET(KTRAP_FRAME_SegDs, KTRAP_FRAME, SegDs), 1016 OFFSET(KTRAP_FRAME_SegEs, KTRAP_FRAME, SegEs), 1017 OFFSET(KTRAP_FRAME_SegFs, KTRAP_FRAME, SegFs), 1018 OFFSET(KTRAP_FRAME_SegGs, KTRAP_FRAME, SegGs), 1019 OFFSET(KTRAP_FRAME_TrapFrame, KTRAP_FRAME, TrapFrame), 1020 OFFSET(KTRAP_FRAME_Rbx, KTRAP_FRAME, Rbx), 1021 OFFSET(KTRAP_FRAME_Rdi, KTRAP_FRAME, Rdi), 1022 OFFSET(KTRAP_FRAME_Rsi, KTRAP_FRAME, Rsi), 1023 OFFSET(KTRAP_FRAME_Rbp, KTRAP_FRAME, Rbp), 1024 OFFSET(KTRAP_FRAME_ErrorCode, KTRAP_FRAME, ErrorCode), 1025 OFFSET(KTRAP_FRAME_ExceptionFrame, KTRAP_FRAME, ExceptionFrame), 1026 OFFSET(KTRAP_FRAME_TimeStampKlog, KTRAP_FRAME, TimeStampKlog), 1027 OFFSET(KTRAP_FRAME_Rip, KTRAP_FRAME, Rip), 1028 OFFSET(KTRAP_FRAME_SegCs, KTRAP_FRAME, SegCs), 1029 OFFSET(KTRAP_FRAME_Logging, KTRAP_FRAME, Logging), 1030 OFFSET(KTRAP_FRAME_EFlags, KTRAP_FRAME, EFlags), 1031 OFFSET(KTRAP_FRAME_Rsp, KTRAP_FRAME, Rsp), 1032 OFFSET(KTRAP_FRAME_SegSs, KTRAP_FRAME, SegSs), 1033 OFFSET(KTRAP_FRAME_CodePatchCycle, KTRAP_FRAME, CodePatchCycle), 1034 SIZE(KTRAP_FRAME_LENGTH, KTRAP_FRAME), 1035 1036 HEADER("EXCEPTION_RECORD"), 1037 OFFSET(EXCEPTION_RECORD_ExceptionCode, EXCEPTION_RECORD, ExceptionCode), 1038 OFFSET(EXCEPTION_RECORD_ExceptionFlags, EXCEPTION_RECORD, ExceptionFlags), 1039 OFFSET(EXCEPTION_RECORD_ExceptionRecord, EXCEPTION_RECORD, ExceptionRecord), 1040 OFFSET(EXCEPTION_RECORD_ExceptionAddress, EXCEPTION_RECORD, ExceptionAddress), 1041 OFFSET(EXCEPTION_RECORD_NumberParameters, EXCEPTION_RECORD, NumberParameters), 1042 OFFSET(EXCEPTION_RECORD_ExceptionInformation, EXCEPTION_RECORD, ExceptionInformation), 1043 1044 HEADER("KTHREAD"), 1045 OFFSET(KTHREAD_WAIT_IRQL, KTHREAD, WaitIrql), 1046 OFFSET(KTHREAD_TrapFrame, KTHREAD, TrapFrame), 1047 OFFSET(KTHREAD_PreviousMode, KTHREAD, PreviousMode), 1048 OFFSET(KTHREAD_KernelStack, KTHREAD, KernelStack), 1049 OFFSET(KTHREAD_UserApcPending, KTHREAD, ApcState.UserApcPending), 1050 OFFSET(KTHREAD_LargeStack, KTHREAD, LargeStack), 1051 1052 HEADER("KINTERRUPT"), 1053 OFFSET(KINTERRUPT_Type, KINTERRUPT, Type), 1054 OFFSET(KINTERRUPT_Size, KINTERRUPT, Size), 1055 OFFSET(KINTERRUPT_InterruptListEntry, KINTERRUPT, InterruptListEntry), 1056 OFFSET(KINTERRUPT_ServiceRoutine, KINTERRUPT, ServiceRoutine), 1057 OFFSET(KINTERRUPT_ServiceContext, KINTERRUPT, ServiceContext), 1058 OFFSET(KINTERRUPT_SpinLock, KINTERRUPT, SpinLock), 1059 OFFSET(KINTERRUPT_TickCount, KINTERRUPT, TickCount), 1060 OFFSET(KINTERRUPT_ActualLock, KINTERRUPT, ActualLock), 1061 OFFSET(KINTERRUPT_DispatchAddress, KINTERRUPT, DispatchAddress), 1062 OFFSET(KINTERRUPT_Vector, KINTERRUPT, Vector), 1063 OFFSET(KINTERRUPT_Irql, KINTERRUPT, Irql), 1064 OFFSET(KINTERRUPT_SynchronizeIrql, KINTERRUPT, SynchronizeIrql), 1065 OFFSET(KINTERRUPT_FloatingSave, KINTERRUPT, FloatingSave), 1066 OFFSET(KINTERRUPT_Connected, KINTERRUPT, Connected), 1067 OFFSET(KINTERRUPT_Number, KINTERRUPT, Number), 1068 OFFSET(KINTERRUPT_ShareVector, KINTERRUPT, ShareVector), 1069 OFFSET(KINTERRUPT_Mode, KINTERRUPT, Mode), 1070 OFFSET(KINTERRUPT_ServiceCount, KINTERRUPT, ServiceCount), 1071 OFFSET(KINTERRUPT_DispatchCount, KINTERRUPT, DispatchCount), 1072 OFFSET(KINTERRUPT_TrapFrame, KINTERRUPT, TrapFrame), 1073 OFFSET(KINTERRUPT_DispatchCode, KINTERRUPT, DispatchCode), 1074 1075 HEADER("Misc definitions"), 1076 CONSTANT(MAX_SYSCALL_PARAM_SIZE), 1077