Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-09-28 21:44:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

[ASM]

Browse source 
Update templates for asm include generation

svn path=/trunk/; revision=67638
This commit is contained in:
Timo Kreuzer 2015-05-10 21:03:09 +00:00
parent d6c154bc77
commit 7c09970347
6 changed files with 2130 additions and 652 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
reactos/include/asm/asm.inc
View file

@ -6,6 +6,9 @@
* PROGRAMMERS: Timo Kreuzer (timo.kreuzer@reactos.org)
*/
#ifndef __ASM_INC__
#define __ASM_INC__
#ifdef _USE_ML
/* Allow ".name" identifiers */
@ -350,3 +353,5 @@ ENDM
#define FRAME_TRAP 1
#define FRAME_TSS 2
#define FRAME_NONFPO 3
#endif /* __ASM_INC__ */

6
reactos/include/asm/genincdata.c
View file

@ -60,9 +60,6 @@ __attribute__ ((section(".asmdef")))
ASMGENDATA Table[] =
{
/* PORTABLE CONSTANTS ********************************************************/
#include "ksx.template.h"
/* ARCHITECTURE SPECIFIC CONTSTANTS ******************************************/
#ifdef _M_IX86
#include "ks386.template.h"
@ -72,6 +69,9 @@ ASMGENDATA Table[] =
#include "ksarm.template.h"
#endif
/* PORTABLE CONSTANTS ********************************************************/
#include "ksx.template.h"
/* End of list */
{TYPE_END, "", 0}
};

550
reactos/include/asm/ks386.template.h
View file

@ -7,7 +7,7 @@ CONSTANT(CR0_TS),
CONSTANT(CR0_ET),
CONSTANT(CR0_NE),
CONSTANT(CR0_WP),
CONSTANT(CR0_AM),
CONSTANT(CR0_AM), // not win 10
CONSTANT(CR0_NW),
CONSTANT(CR0_CD),
CONSTANT(CR0_PG),
@ -26,20 +26,11 @@ CONSTANT(CR4_XMMEXCPT),
//CONSTANT(CR4_PGE_V),
//CONSTANT(CR4_XSAVE),
HEADER("KeFeatureBits flags"),
CONSTANT(KF_RDTSC),
CONSTANT(KF_CR4),
CONSTANT(KF_GLOBAL_PAGE),
CONSTANT(KF_LARGE_PAGE),
CONSTANT(KF_CMPXCHG8B),
CONSTANT(KF_FAST_SYSCALL),
CONSTANT(KF_V86_VIS),
//CONSTANT(KF_XSTATE),
HEADER("Machine type definitions"),
CONSTANT(MACHINE_TYPE_ISA),
CONSTANT(MACHINE_TYPE_EISA),
CONSTANT(MACHINE_TYPE_MCA),
HEADER("Debug Registers"),
CONSTANT(DR6_LEGAL),
CONSTANT(DR7_LEGAL),
CONSTANT(DR7_ACTIVE),
CONSTANT(DR7_RESERVED_MASK),
HEADER("EFLAGS"),
CONSTANT(EFLAGS_TF),
@ -49,6 +40,25 @@ CONSTANT(EFLAGS_ALIGN_CHECK),
CONSTANT(EFLAGS_VIF),
CONSTANT(EFLAGS_VIP),
CONSTANT(EFLAGS_USER_SANITIZE),
//CONSTANT(EFLAG_SELECT),
#if (NTDDI_VERSION >= NTDDI_VISTA)
HEADER("Hypervisor Enlightenment Definitions"),
CONSTANT(HV_MMU_USE_HYPERCALL_FOR_ADDRESS_SWITCH),
CONSTANT(HV_MMU_USE_HYPERCALL_FOR_LOCAL_FLUSH),
CONSTANT(HV_MMU_USE_HYPERCALL_FOR_REMOTE_FLUSH),
CONSTANT(HV_KE_USE_HYPERCALL_FOR_LONG_SPIN_WAIT),
#endif
HEADER("KeFeatureBits flags"),
CONSTANT(KF_V86_VIS),
CONSTANT(KF_RDTSC),
CONSTANT(KF_CR4),
CONSTANT(KF_GLOBAL_PAGE),
CONSTANT(KF_LARGE_PAGE),
CONSTANT(KF_CMPXCHG8B),
CONSTANT(KF_FAST_SYSCALL),
//CONSTANT(KF_XSTATE),
HEADER("KDGT selectors"),
CONSTANT(KGDT_R3_DATA),
@ -56,19 +66,64 @@ CONSTANT(KGDT_R3_CODE),
CONSTANT(KGDT_R0_CODE),
CONSTANT(KGDT_R0_DATA),
CONSTANT(KGDT_R0_PCR),
//CONSTANT(KGDT_STACK16),
//CONSTANT(KGDT_CODE16),
//CONSTANT(KGDT_STACK16),// obsolete
//CONSTANT(KGDT_CODE16),// obsolete
CONSTANT(KGDT_TSS),
CONSTANT(KGDT_R3_TEB),
//CONSTANT(KGDT_R3_GS),
CONSTANT(KGDT_DF_TSS),
CONSTANT(KGDT_NMI_TSS),
CONSTANT(KGDT_LDT),
CONSTANT(NPX_STATE_NOT_LOADED),
CONSTANT(NPX_STATE_LOADED),
//CONSTANT(NPX_MASK_LAZY),
HEADER("Machine type definitions"),
CONSTANT(MACHINE_TYPE_ISA),
CONSTANT(MACHINE_TYPE_EISA),
CONSTANT(MACHINE_TYPE_MCA),
HEADER("MSR definitions"),
CONSTANT(MSR_AMD_ACCESS),
CONSTANT(MSR_IA32_MISC_ENABLE),
CONSTANT(MSR_EFER),
HEADER("MSR values"),
CONSTANT(MSR_NXE),
CONSTANT(XHF_NOEXECUTE),
CONSTANT(MSR_XD_ENABLE_MASK),
HEADER("WOW64 turbo dispatch system call types"),
CONSTANT(ServiceNoTurbo),
CONSTANT(Service0Arg),
CONSTANT(Service0ArgReloadState),
CONSTANT(Service1ArgSp),
CONSTANT(Service1ArgNSp),
CONSTANT(Service2ArgNSpNSp),
CONSTANT(Service2ArgNSpNSpReloadState),
CONSTANT(Service2ArgSpNSp),
CONSTANT(Service2ArgSpSp),
CONSTANT(Service2ArgNSpSp),
CONSTANT(Service3ArgNSpNSpNSp),
CONSTANT(Service3ArgSpSpSp),
CONSTANT(Service3ArgSpNSpNSp),
CONSTANT(Service3ArgSpNSpNSpReloadState),
CONSTANT(Service3ArgSpSpNSp),
CONSTANT(Service3ArgNSpSpNSp),
CONSTANT(Service3ArgSpNSpSp),
CONSTANT(Service4ArgNSpNSpNSpNSp),
CONSTANT(Service4ArgSpSpNSpNSp),
CONSTANT(Service4ArgSpSpNSpNSpReloadState),
CONSTANT(Service4ArgSpNSpNSpNSp),
CONSTANT(Service4ArgSpNSpNSpNSpReloadState),
CONSTANT(Service4ArgNSpSpNSpNSp),
CONSTANT(Service4ArgSpSpSpNSp),
CONSTANT(ServiceCpupTdQuerySystemTime),
CONSTANT(ServiceCpupTdGetCurrentProcessorNumber),
CONSTANT(ServiceCpupTdReadWriteFile),
CONSTANT(ServiceCpupTdDeviceIoControlFile),
CONSTANT(ServiceCpupTdRemoveIoCompletion),
CONSTANT(ServiceCpupTdWaitForMultipleObjects),
CONSTANT(ServiceCpupTdWaitForMultipleObjects32),
CONSTANT(Wow64ServiceTypesCount),
/*
HEADER("VDM constants"),
CONSTANT(VDM_INDEX_Invalid),
CONSTANT(VDM_INDEX_0F),
@ -105,13 +160,57 @@ CONSTANT(VDM_INDEX_CLI),
CONSTANT(VDM_INDEX_STI),
CONSTANT(VDM_INDEX_HLT),
CONSTANT(MAX_VDM_INDEX),
*/
CONSTANT(PF_XMMI_INSTRUCTIONS_AVAILABLE),
CONSTANT(EFLAG_SELECT),
//HEADER("VDM feature bits"),
//CONSTANT(V86_VIRTUAL_INT_EXTENSIONS),
//CONSTANT(PM_VIRTUAL_INT_EXTENSIONS),
HEADER("XSAVE_AREA definitions"),
CONSTANT(XSTATE_MASK_LEGACY_FLOATING_POINT),
CONSTANT(XSTATE_MASK_LEGACY_SSE),
CONSTANT(XSTATE_MASK_LEGACY),
CONSTANT(XSTATE_MASK_GSSE),
//HEADER("Interrupt vector definitions"),
//CONSTANT(IOMMU_VECTOR),
//CONSTANT(STUB_VECTOR),
//CONSTANT(REBOOT_VECTOR),
//CONSTANT(IPI_VECTOR),
//CONSTANT(LOCAL_ERROR_VECTOR),
//CONSTANT(PERF_VECTOR),
HEADER("Miscellaneous constants"),
//CONSTANT(INITIAL_MXCSR),
//CONSTANT(IPI_FREEZE),
//CONSTANT(XSAVE_PRESENT),
SIZE(KTIMER_TABLE_SIZE, KTIMER_TABLE),
//CONSTANT(TRAP_FRAME_MARKER),
CONSTANT(FRAME_EDITED),
//CONSTANT(INTERRUPT_FRAME),
//CONSTANT(EXCEPTION_FRAME),
//CONSTANT(SYSCALL_FRAME),
//CONSTANT(KXMM_FRAME_SIZE),
//CONSTANT(KI_SLIST_FAULT_COUNT_MAXIMUM),
CONSTANT(PF_XMMI_INSTRUCTIONS_AVAILABLE),
CONSTANT(CPU_AMD),
CONSTANT(CPU_INTEL),
//CONSTANT(DEBUG_ACTIVE_MASK),
//CONSTANT(DEBUG_ACTIVE_MINIMAL_THREAD),
//CONSTANT(THREAD_LOCK_FLAGS_DBG_INSTRUMENTED),
//CONSTANT(X86AMD64_R3_LONG_MODE_CODE),
//CONSTANT(SEL_TYPE_NP),
//CONSTANT(TEB_FLAGS_SAFE_THUNK_CALL),
//CONSTANT(TEB_FLAGS_FIBER_SWAPPED),
//CONSTANT(KI_SPINLOCK_ORDER_PRCB_LOCK),
//CONSTANT(PROCESSOR_START_FLAG_FORCE_ENABLE_NX),
HEADER("CONTEXT"),
HEADER("** FIELD OFFSETS ***************"),
//HEADER("RtlBackoff offsets"),
//OFFSET(BoDelay, ????, Delay),
//SIZE(RtlBackoffLength, ????),
HEADER("CONTEXT offsets"),
OFFSET(CsContextFlags, CONTEXT, ContextFlags),
OFFSET(CsDr0, CONTEXT, Dr0),
OFFSET(CsDr1, CONTEXT, Dr1),
@ -137,58 +236,280 @@ OFFSET(CsEflags, CONTEXT, EFlags),
OFFSET(CsEsp, CONTEXT, Esp),
OFFSET(CsSegSs, CONTEXT, SegSs),
OFFSET(CsExtendedRegisters, CONTEXT, ExtendedRegisters),
//OFFSET(CsMxCsr, CONTEXT, MxCsr),
SIZE(ContextFrameLength, CONTEXT),
SIZE(CONTEXT_LENGTH, CONTEXT),
HEADER("KGDTENTRY"),
OFFSET(KgdtBaseLow, KGDTENTRY, BaseLow),
OFFSET(KgdtBaseMid, KGDTENTRY, HighWord.Bytes.BaseMid),
OFFSET(KgdtBaseHi, KGDTENTRY, HighWord.Bytes.BaseHi),
OFFSET(KgdtLimitHi, KGDTENTRY, HighWord.Bytes.Flags2),
HEADER("KCALLOUT_FRAME offsets"),
OFFSET(CuInStk, KCALLOUT_FRAME, InitialStack), // 00000H
OFFSET(CuTrFr, KCALLOUT_FRAME, TrapFrame), // 00004H
OFFSET(CuCbStk, KCALLOUT_FRAME, CallbackStack), // 00008H
OFFSET(CuEdi, KCALLOUT_FRAME, Edi), // 0000CH
OFFSET(CuEsi, KCALLOUT_FRAME, Esi), // 00010H
OFFSET(CuEbx, KCALLOUT_FRAME, Ebx), // 00014H
OFFSET(CuEbp, KCALLOUT_FRAME, Ebp), // 00018H
OFFSET(CuRet, KCALLOUT_FRAME, ReturnAddress), // 0001CH
OFFSET(CuOutBf, KCALLOUT_FRAME, Result), // 00020H
OFFSET(CuOutLn, KCALLOUT_FRAME, ResultLength), // 00024H
//HEADER("??? offsets"),
//OFFSET(ErrHandler, ???, Handler),
//OFFSET(ErrNext, ???, Next),
//OFFSET(ErrLength, ???, Length),
HEADER("FLOATING_SAVE_AREA offsets"),
OFFSET(FpControlWord, FLOATING_SAVE_AREA, ControlWord),
OFFSET(FpStatusWord, FLOATING_SAVE_AREA, StatusWord),
OFFSET(FpTagWord, FLOATING_SAVE_AREA, TagWord),
OFFSET(FpErrorOffset, FLOATING_SAVE_AREA, ErrorOffset),
OFFSET(FpErrorSelector, FLOATING_SAVE_AREA, ErrorSelector),
OFFSET(FpDataOffset, FLOATING_SAVE_AREA, DataOffset),
OFFSET(FpDataSelector, FLOATING_SAVE_AREA, DataSelector),
OFFSET(FpRegisterArea, FLOATING_SAVE_AREA, RegisterArea),
HEADER("XSAVE_FORMAT offsets"),
OFFSET(FxControlWord, XSAVE_FORMAT, ControlWord),
OFFSET(FxStatusWord, XSAVE_FORMAT, StatusWord),
OFFSET(FxTagWord, XSAVE_FORMAT, TagWord),
OFFSET(FxErrorOpcode, XSAVE_FORMAT, ErrorOpcode),
OFFSET(FxErrorOffset, XSAVE_FORMAT, ErrorOffset),
OFFSET(FxErrorSelector, XSAVE_FORMAT, ErrorSelector),
OFFSET(FxDataOffset, XSAVE_FORMAT, DataOffset),
OFFSET(FxDataSelector, XSAVE_FORMAT, DataSelector),
OFFSET(FxMxCsr, XSAVE_FORMAT, MxCsr),
SIZE(XSAVE_FORMAT_SIZE, XSAVE_FORMAT),
HEADER("KGDTENTRY offsets"),
OFFSET(KgdtLimitLow, KGDTENTRY, LimitLow),
OFFSET(KgdtBaseLow, KGDTENTRY, BaseLow),
OFFSET(KgdtHighWord, KGDTENTRY, HighWord),
OFFSET(KgdtBaseMid, KGDTENTRY, HighWord.Bytes.BaseMid),
OFFSET(KgdtLimitHi, KGDTENTRY, HighWord.Bytes.Flags2),
OFFSET(KgdtBaseHi, KGDTENTRY, HighWord.Bytes.BaseHi),
HEADER("KPRCB offsets"),
OFFSET(PbCurrentThread, KPRCB, CurrentThread),
OFFSET(PbNextThread, KPRCB, NextThread),
OFFSET(PbIdleThread, KPRCB, IdleThread),
//OFFSET(PbNestingLevel, KPRCB, NestingLevel),
OFFSET(PbCpuType, KPRCB, CpuType),
OFFSET(PbCpuID, KPRCB, CpuID),
OFFSET(PbCpuStep, KPRCB, CpuStep),
OFFSET(PbProcessorState, KPRCB, ProcessorState),
OFFSET(PbParentNode, KPRCB, ParentNode),
//OFFSET(PbPriorityState, KPRCB, PriorityState),
OFFSET(PbHalReserved, KPRCB, HalReserved),
//OFFSET(PbCFlushSize, KPRCB, CFlushSize),
//OFFSET(PbCpuVendor, KPRCB, CpuVendor),
//OFFSET(PbGroupSetMember, KPRCB, GroupSetMember),
OFFSET(PbNumber, KPRCB, Number),
//OFFSET(PbClockOwner, KPRCB, ClockOwner),
OFFSET(PbLockQueue, KPRCB, LockQueue),
OFFSET(PbInterruptCount, KPRCB, InterruptCount),
OFFSET(PbKernelTime, KPRCB, KernelTime),
OFFSET(PbUserTime, KPRCB, UserTime),
OFFSET(PbDpcTime, KPRCB, DpcTime),
OFFSET(PbInterruptTime, KPRCB, InterruptTime),
OFFSET(PbAdjustDpcThreshold, KPRCB, AdjustDpcThreshold),
OFFSET(PbPageColor, KPRCB, PageColor),
OFFSET(PbDebuggerSavedIRQL, KPRCB, DebuggerSavedIRQL),
OFFSET(PbNodeShiftedColor, KPRCB, NodeShiftedColor),
OFFSET(PbSecondaryColorMask, KPRCB, SecondaryColorMask),
//OFFSET(PbAlignmentFixupCount, KPRCB, AlignmentFixupCount),
//OFFSET(PbExceptionDispatchCount, KPRCB, ExceptionDispatchCount),
OFFSET(PbSystemCalls, KPRCB, KeSystemCalls),
OFFSET(PbPPLookasideList, KPRCB, PPLookasideList),
OFFSET(PbPPNPagedLookasideList, KPRCB, PPNPagedLookasideList),
OFFSET(PbPPPagedLookasideList, KPRCB, PPPagedLookasideList),
OFFSET(PbPacketBarrier, KPRCB, PacketBarrier),
OFFSET(PbReverseStall, KPRCB, ReverseStall),
OFFSET(PbIpiFrame, KPRCB, IpiFrame),
OFFSET(PbCurrentPacket, KPRCB, CurrentPacket),
OFFSET(PbTargetSet, KPRCB, TargetSet),
OFFSET(PbWorkerRoutine, KPRCB, WorkerRoutine),
OFFSET(PbIpiFrozen, KPRCB, IpiFrozen),
OFFSET(PbRequestSummary, KPRCB, RequestSummary),
//OFFSET(PbDpcList, KPRCB, DpcList),
//OFFSET(PbDpcLock, KPRCB, DpcLock),
//OFFSET(PbDpcCount, KPRCB, DpcCount),
OFFSET(PbDpcStack, KPRCB, DpcStack),
OFFSET(PbMaximumDpcQueueDepth, KPRCB, MaximumDpcQueueDepth),
OFFSET(PbDpcRequestRate, KPRCB, DpcRequestRate),
OFFSET(PbMinimumDpcRate, KPRCB, MinimumDpcRate),
OFFSET(PbDpcLastCount, KPRCB, DpcLastCount),
OFFSET(PbPrcbLock, KPRCB, PrcbLock),
OFFSET(PbQuantumEnd, KPRCB, QuantumEnd),
OFFSET(PbDpcRoutineActive, KPRCB, DpcRoutineActive),
OFFSET(PbIdleSchedule, KPRCB, IdleSchedule),
//OFFSET(PbNormalDpcState, KPRCB, NormalDpcState),
//OFFSET(PbKeSpinLockOrdering, KPRCB, KeSpinLockOrdering),
OFFSET(PbDeferredReadyListHead, KPRCB, DeferredReadyListHead),
OFFSET(PbReadySummary, KPRCB, ReadySummary),
OFFSET(PbWaitListHead, KPRCB, WaitListHead),
//OFFSET(PbStartCycle, KPRCB, StartCycle),
//OFFSET(PbCycleTime, KPRCB, CycleTime),
//OFFSET(PbHighCycleTime, KPRCB, HighCycleTime),
OFFSET(PbDispatcherReadyListHead, KPRCB, DispatcherReadyListHead),
OFFSET(PbChainedInterruptList, KPRCB, ChainedInterruptList),
//OFFSET(PbSpinLockAcquireCount, KPRCB, SpinLockAcquireCount),
//OFFSET(PbSpinLockContentionCount, KPRCB, SpinLockContentionCount),
//OFFSET(PbSpinLockSpinCount, KPRCB, SpinLockSpinCount),
//OFFSET(PbContext, KPRCB, Context),
//OFFSET(PbIsrStack, KPRCB, IsrStack),
//OFFSET(PbVectorToInterruptObject, KPRCB, VectorToInterruptObject),
//OFFSET(PbEntropyBuffer, KPRCB, EntropyTimingState.Buffer),
//OFFSET(PbMailbox, KPRCB, Mailbox),
SIZE(ProcessorBlockLength, KPRCB),
HEADER("KPCR offsets"),
OFFSET(PcExceptionList, KIPCR, NtTib.ExceptionList),
//OFFSET(PcInitialStack, KIPCR, InitialStack),
//OFFSET(PcMxCsr, KIPCR, MxCsr),
OFFSET(PcTssCopy, KIPCR, TssCopy),
OFFSET(PcContextSwitches, KIPCR, ContextSwitches),
OFFSET(PcSetMemberCopy, KIPCR, SetMemberCopy),
OFFSET(PcTeb, KIPCR, NtTib.Self),
OFFSET(PcSelfPcr, KIPCR, Self),
OFFSET(PcPrcb, KIPCR, Prcb),
OFFSET(PcIrql, KIPCR, Irql),
OFFSET(PcIRR, KIPCR, IRR),
OFFSET(PcIrrActive, KIPCR, IrrActive),
OFFSET(PcIDR, KIPCR, IDR),
OFFSET(PcIdt, KIPCR, IDT),
OFFSET(PcGdt, KIPCR, GDT),
OFFSET(PcTss, KIPCR, TSS),
OFFSET(PcSetMember, KIPCR, SetMember),
OFFSET(PcStallScaleFactor, KIPCR, StallScaleFactor),
OFFSET(PcNumber, KIPCR, Number),
OFFSET(PcVdmAlert, KIPCR, VdmAlert),
OFFSET(PcHal, KIPCR, HalReserved),
OFFSET(PcPrcbData, KIPCR, PrcbData),
OFFSET(PcCurrentThread, KIPCR, PrcbData.CurrentThread),
//OFFSET(PcNestingLevel, KIPCR, PrcbData.NestingLevel),
OFFSET(PcParentNode, KIPCR, PrcbData.ParentNode),
OFFSET(PcInterruptCount, KIPCR, PrcbData.InterruptCount),
//OFFSET(PcDpcRequestSummary, KIPCR, PrcbData.DpcRequestSummary),
//OFFSET(PcStartCycles, KIPCR, PrcbData.StartCycles),
//OFFSET(PcCycleTime, KIPCR, PrcbData.CycleTime),
//OFFSET(PcHighCycleTime, KIPCR, PrcbData.HighCycleTime),
SIZE(ProcessorControlRegisterLength, KIPCR),
// Processor Start Block Offset Definitions
//HEADER("??? offsets"),
//OFFSET(PsbCompletionFlag, ???, PsbCompletionFlag),
//OFFSET(PsbFlags, ???, PsbCompletionFlag),
//OFFSET(PsbTiledMemoryMap, ???, PsbCompletionFlag),
//OFFSET(PsbSelfMap, ???, PsbCompletionFlag),
//OFFSET(PsbProcessorState, ???, PsbCompletionFlag),
//SIZE(ProcessorStartBlockLength, ???, PsbCompletionFlag),
HEADER("PEB offsets"),
OFFSET(PebBeingDebugged, PEB, BeingDebugged),
OFFSET(PebKernelCallbackTable, PEB, KernelCallbackTable),
HEADER("KPROCESSOR_STATE offsets"),
OFFSET(PsContextFrame, KPROCESSOR_STATE, ContextFrame),
OFFSET(PsSpecialRegisters, KPROCESSOR_STATE, SpecialRegisters),
SIZE(ProcessorStateLength, KPROCESSOR_STATE),
HEADER("KSPECIAL_REGISTERS offsets"),
OFFSET(SrCr0, KSPECIAL_REGISTERS, Cr0),
OFFSET(SrCr2, KSPECIAL_REGISTERS, Cr2),
OFFSET(SrCr3, KSPECIAL_REGISTERS, Cr3),
OFFSET(SrCr4, KSPECIAL_REGISTERS, Cr4),
OFFSET(SrKernelDr0, KSPECIAL_REGISTERS, KernelDr0),
OFFSET(SrKernelDr1, KSPECIAL_REGISTERS, KernelDr1),
OFFSET(SrKernelDr2, KSPECIAL_REGISTERS, KernelDr2),
OFFSET(SrKernelDr3, KSPECIAL_REGISTERS, KernelDr3),
OFFSET(SrKernelDr6, KSPECIAL_REGISTERS, KernelDr6),
OFFSET(SrKernelDr7, KSPECIAL_REGISTERS, KernelDr7),
OFFSET(SrGdtr, KSPECIAL_REGISTERS, Gdtr),
OFFSET(SrIdtr, KSPECIAL_REGISTERS, Idtr),
OFFSET(SrTr, KSPECIAL_REGISTERS, Tr),
OFFSET(SrLdtr, KSPECIAL_REGISTERS, Ldtr),
//OFFSET(SrXcr0, KSPECIAL_REGISTERS, Xcr0),
//OFFSET(SrExceptionList, KSPECIAL_REGISTERS, ExceptionList),
HEADER("KSYSTEM_TIME offsets"),
OFFSET(StLowTime, KSYSTEM_TIME, LowTime),
OFFSET(StHigh1Time, KSYSTEM_TIME, High1Time),
OFFSET(StHigh2Time, KSYSTEM_TIME, High2Time),
//HEADER("KSWITCH_FRAME offsets"),
//SIZE(SwitchFrameLength, KSWITCH_FRAME),
HEADER("TEB offsets (duplicates Te* definitions!)"),
OFFSET(TbExceptionList, TEB, NtTib.ExceptionList),
OFFSET(TbStackBase, TEB, NtTib.StackBase),
OFFSET(TbStackLimit, TEB, NtTib.StackLimit),
OFFSET(TbVersion, TEB, NtTib.Version),
OFFSET(TbFiberData, TEB, NtTib.FiberData),
OFFSET(TbArbitraryUserPointer, TEB, NtTib.ArbitraryUserPointer),
OFFSET(TbEnvironmentPointer, TEB, EnvironmentPointer),
OFFSET(TbClientId, TEB, ClientId),
OFFSET(TbThreadLocalStoragePointer, TEB, ThreadLocalStoragePointer),
OFFSET(TbCountOfOwnedCriticalSections, TEB, CountOfOwnedCriticalSections),
OFFSET(TbCsrClientThread, TEB, CsrClientThread),
OFFSET(TbWOW32Reserved, TEB, WOW32Reserved),
OFFSET(TbSystemReserved1, TEB, SystemReserved1),
OFFSET(TbExceptionCode, TEB, ExceptionCode),
OFFSET(TbGdiThreadLocalInfo, TEB, GdiThreadLocalInfo),
OFFSET(TbglDispatchTable, TEB, glDispatchTable),
OFFSET(TbglSectionInfo, TEB, glSectionInfo),
OFFSET(TbglSection, TEB, glSection),
OFFSET(TbglTable, TEB, glTable),
OFFSET(TbglCurrentRC, TEB, glCurrentRC),
OFFSET(TbglContext, TEB, glContext),
OFFSET(TbDeallocationStack, TEB, DeallocationStack),
OFFSET(TbVdm, TEB, Vdm),
OFFSET(TbGdiBatchCount, TEB, GdiBatchCount),
//OFFSET(TeSameTebFlags, TEB, SameTebFlags),
OFFSET(TebPeb, TEB, ProcessEnvironmentBlock),
HEADER("KTRAP_FRAME"),
OFFSET(TsExceptionList, KTRAP_FRAME, ExceptionList),
OFFSET(TsPreviousPreviousMode, KTRAP_FRAME, PreviousPreviousMode),
OFFSET(TsSegGs, KTRAP_FRAME, SegGs),
OFFSET(TsSegFs, KTRAP_FRAME, SegFs),
OFFSET(TsSegEs, KTRAP_FRAME, SegEs),
OFFSET(TsSegDs, KTRAP_FRAME, SegDs),
OFFSET(TsEdi, KTRAP_FRAME, Edi),
OFFSET(TsEsi, KTRAP_FRAME, Esi),
OFFSET(TsEbp, KTRAP_FRAME, Ebp),
OFFSET(TsEbx, KTRAP_FRAME, Ebx),
OFFSET(TsEdx, KTRAP_FRAME, Edx),
OFFSET(TsEcx, KTRAP_FRAME, Ecx),
OFFSET(TsEax, KTRAP_FRAME, Eax),
OFFSET(TsErrCode, KTRAP_FRAME, ErrCode),
OFFSET(TsEip, KTRAP_FRAME, Eip),
OFFSET(TsSegCs, KTRAP_FRAME, SegCs),
OFFSET(TsEflags, KTRAP_FRAME, EFlags),
OFFSET(TsHardwareEsp, KTRAP_FRAME, HardwareEsp),
OFFSET(TsHardwareSegSs, KTRAP_FRAME, HardwareSegSs),
OFFSET(TsTempSegCs, KTRAP_FRAME, TempSegCs),
//OFFSET(TsLogging, KTRAP_FRAME, Logging),
OFFSET(TsTempEsp, KTRAP_FRAME, TempEsp),
OFFSET(TsDbgEbp, KTRAP_FRAME, DbgEbp),
OFFSET(TsDbgEip, KTRAP_FRAME, DbgEip),
OFFSET(TsDbgArgMark, KTRAP_FRAME, DbgArgMark),
OFFSET(TsDbgArgPointer, KTRAP_FRAME, DbgArgPointer),
OFFSET(TsTempSegCs, KTRAP_FRAME, TempSegCs),
//OFFSET(TsLogging, KTRAP_FRAME, Logging),
//OFFSET(TsFrameType, KTRAP_FRAME, FrameType),
OFFSET(TsTempEsp, KTRAP_FRAME, TempEsp),
OFFSET(TsDr0, KTRAP_FRAME, Dr0),
OFFSET(TsDr1, KTRAP_FRAME, Dr1),
OFFSET(TsDr2, KTRAP_FRAME, Dr2),
OFFSET(TsDr3, KTRAP_FRAME, Dr3),
OFFSET(TsDr6, KTRAP_FRAME, Dr6),
OFFSET(TsDr7, KTRAP_FRAME, Dr7),
OFFSET(TsSegGs, KTRAP_FRAME, SegGs),
OFFSET(TsSegEs, KTRAP_FRAME, SegEs),
OFFSET(TsSegDs, KTRAP_FRAME, SegDs),
OFFSET(TsEdx, KTRAP_FRAME, Edx),
OFFSET(TsEcx, KTRAP_FRAME, Ecx),
OFFSET(TsEax, KTRAP_FRAME, Eax),
OFFSET(TsPreviousPreviousMode, KTRAP_FRAME, PreviousPreviousMode),
//OFFSET(TsMxCsr, KTRAP_FRAME, MxCsr),
OFFSET(TsExceptionList, KTRAP_FRAME, ExceptionList),
//OFFSET(TsEntropyQueueDpc, KTRAP_FRAME, EntropyQueueDpc),
OFFSET(TsSegFs, KTRAP_FRAME, SegFs),
OFFSET(TsEdi, KTRAP_FRAME, Edi),
OFFSET(TsEsi, KTRAP_FRAME, Esi),
OFFSET(TsEbx, KTRAP_FRAME, Ebx),
OFFSET(TsEbp, KTRAP_FRAME, Ebp),
OFFSET(TsErrCode, KTRAP_FRAME, ErrCode),
OFFSET(TsEip, KTRAP_FRAME, Eip),
OFFSET(TsSegCs, KTRAP_FRAME, SegCs),
OFFSET(TsEflags, KTRAP_FRAME, EFlags),
OFFSET(TsHardwareEsp, KTRAP_FRAME, HardwareEsp),
OFFSET(TsHardwareSegSs, KTRAP_FRAME, HardwareSegSs),
OFFSET(TsDbgArgPointer, KTRAP_FRAME, DbgArgPointer), // not in win10
OFFSET(TsV86Es, KTRAP_FRAME, V86Es),
OFFSET(TsV86Ds, KTRAP_FRAME, V86Ds),
OFFSET(TsV86Fs, KTRAP_FRAME, V86Fs),
OFFSET(TsV86Gs, KTRAP_FRAME, V86Gs),
SIZE(KTRAP_FRAME_LENGTH, KTRAP_FRAME),
CONSTANT(KTRAP_FRAME_ALIGN),
CONSTANT(FRAME_EDITED),
HEADER("KTSS"),
HEADER("KTSS offsets"),
OFFSET(TssEsp0, KTSS, Esp0),
OFFSET(TssCR3, KTSS, CR3),
OFFSET(TssEip, KTSS, Eip),
@ -212,70 +533,76 @@ OFFSET(TssIoMapBase, KTSS, IoMapBase),
OFFSET(TssIoMaps, KTSS, IoMaps),
SIZE(TssLength, KTSS),
//HEADER("VDM_PROCESS_OBJECTS??? offsets"),
//VpVdmTib equ 00098H
HEADER("XSTATE_CONFIGURATION offsets"),
OFFSET(XcfgEnabledFeatures, XSTATE_CONFIGURATION, EnabledFeatures),
#if (NTDDI_VERSION >= NTDDI_WIN10)
OFFSET(XcfgEnabledVolatileFeatures, XSTATE_CONFIGURATION, EnabledFeatures),
#endif
HEADER("XSTATE_CONTEXT offsets"),
OFFSET(XctxMask, XSTATE_CONTEXT, Mask),
OFFSET(XctxLength, XSTATE_CONTEXT, Length),
OFFSET(XctxArea, XSTATE_CONTEXT, Area),
HEADER("XSAVE_AREA offsets"),
OFFSET(XsaHeader, XSAVE_AREA, Header),
SIZE(XsaHeaderLength, XSAVE_AREA_HEADER),
//CONSTANTX(XSAVE_ALIGN, _alignof(XSAVE_AREA)),
HEADER("Data access macros"),
RAW("#define USERDATA ds:[HEX(0FFDF0000)]"),
RAW("#define PCR fs:"),
#if (NTDDI_VERSION >= NTDDI_VISTA)
HEADER("KNODE offsets"),
OFFSET(NdIdleCpuSet, KNODE, IdleCpuSet),
#endif
//HEADER("ETW definitions for interrupt tracing"),
//SIZE(EtwTSLength, ???, TSLength),
//HEADER("WOW64 shared information block definitions"),
//OFFSET(PwWow64Info, ???, IdleCpuSet),
//OFFSET(WiCpuFlags, ???, IdleCpuSet),
//CONSTANT(WOW64_CPUFLAGS_SOFTWARE),
/// Unknown stuff:
CONSTANT(NPX_STATE_NOT_LOADED),
CONSTANT(NPX_STATE_LOADED),
//CONSTANT(NPX_MASK_LAZY),
// ReactOS stuff here
HEADER("KPCR"),
OFFSET(KPCR_EXCEPTION_LIST, KPCR, NtTib.ExceptionList),
//KPCR_INITIAL_STACK
//KPCR_STACK_LIMIT
OFFSET(KPCR_PERF_GLOBAL_GROUP_MASK, KIPCR, PerfGlobalGroupMask),
OFFSET(KPCR_CONTEXT_SWITCHES, KPCR, ContextSwitches),
// KPCR_SET_MEMBER_COPY
OFFSET(KPCR_TEB, KIPCR, Used_Self),
OFFSET(KPCR_SELF, KIPCR, Self),
OFFSET(KPCR_PRCB, KPCR, Prcb),
//KPCR_IRQL
//KPCR_IRR
//KPCR_IRR_ACTIVE
//KPCR_IDR
//KPCR_KD_VERSION_BLOCK
OFFSET(KPCR_IDT, KIPCR, IDT),
OFFSET(KPCR_GDT, KIPCR, GDT),
OFFSET(KPCR_TSS, KPCR, TSS),
OFFSET(KPCR_STALL_SCALE_FACTOR, KPCR, StallScaleFactor),
//KPCR_SET_MEMBER
//KPCR_NUMBER
//KPCR_VDM_ALERT
OFFSET(KPCR_PRCB_DATA, KIPCR, PrcbData),
OFFSET(KPCR_CURRENT_THREAD, KIPCR, PrcbData.CurrentThread),
OFFSET(KPCR_PRCB_NEXT_THREAD, KIPCR, PrcbData.NextThread),
//KPCR_PRCB_IDLE_THREAD
//KPCR_PROCESSOR_NUMBER
//KPCR_PRCB_SET_MEMBER
//KPCR_PRCB_CPU_TYPE
//KPCR_PRCB_PRCB_LOCK
//KPCR_NPX_THREAD
//KPCR_DR6
//KPCR_DR7
//KPCR_PRCB_INTERRUPT_COUNT 0x644
//KPCR_PRCB_KERNEL_TIME 0x648
//KPCR_PRCB_USER_TIME 0x64C
//KPCR_PRCB_DPC_TIME 0x650
//KPCR_PRCB_DEBUG_DPC_TIME 0x654
//KPCR_PRCB_INTERRUPT_TIME 0x658
//KPCR_PRCB_ADJUST_DPC_THRESHOLD 0x65C
//KPCR_PRCB_SKIP_TICK 0x664
//KPCR_SYSTEM_CALLS 0x6B8
OFFSET(KPCR_PRCB_DPC_QUEUE_DEPTH, KIPCR, PrcbData.DpcData[0].DpcQueueDepth),
//KPCR_PRCB_DPC_COUNT 0xA50
OFFSET(KPCR_PRCB_DPC_STACK, KIPCR, PrcbData.DpcStack),
OFFSET(KPCR_PRCB_MAXIMUM_DPC_QUEUE_DEPTH, KIPCR, PrcbData.MaximumDpcQueueDepth),
//KPCR_PRCB_MAXIMUM_DPC_QUEUE_DEPTH 0xA6C
//KPCR_PRCB_DPC_REQUEST_RATE 0xA70
//KPCR_PRCB_DPC_INTERRUPT_REQUESTED 0xA78
OFFSET(KPCR_PRCB_DPC_ROUTINE_ACTIVE, KIPCR, PrcbData.DpcRoutineActive),
//KPCR_PRCB_DPC_LAST_COUNT 0xA80
OFFSET(KPCR_PRCB_TIMER_REQUEST, KIPCR, PrcbData.TimerRequest),
OFFSET(KPCR_PRCB_QUANTUM_END, KIPCR, PrcbData.QuantumEnd),
//KPCR_PRCB_IDLE_SCHEDULE 0xAA3
OFFSET(KPCR_PRCB_DEFERRED_READY_LIST_HEAD, KIPCR, PrcbData.DeferredReadyListHead),
OFFSET(KPCR_PRCB_POWER_STATE_IDLE_FUNCTION, KIPCR, PrcbData.PowerState.IdleFunction),
HEADER("KTRAP_FRAME"),
OFFSET(KTRAP_FRAME_DEBUGEBP, KTRAP_FRAME, DbgEbp),
OFFSET(KTRAP_FRAME_DEBUGEIP, KTRAP_FRAME, DbgEip),
//OFFSET(KTRAP_FRAME_DEBUGARGMARK 0x8
//OFFSET(KTRAP_FRAME_DEBUGPOINTER 0xC
//OFFSET(KTRAP_FRAME_TEMPCS 0x10
OFFSET(KTRAP_FRAME_TEMPESP, KTRAP_FRAME, TempEsp),
OFFSET(KTRAP_FRAME_DR0, KTRAP_FRAME, Dr0),
OFFSET(KTRAP_FRAME_DR1, KTRAP_FRAME, Dr1),
@ -284,49 +611,31 @@ OFFSET(KTRAP_FRAME_DR3, KTRAP_FRAME, Dr3),
OFFSET(KTRAP_FRAME_DR6, KTRAP_FRAME, Dr6),
OFFSET(KTRAP_FRAME_DR7, KTRAP_FRAME, Dr7),
OFFSET(KTRAP_FRAME_GS, KTRAP_FRAME, SegGs),
//OFFSET(KTRAP_FRAME_RESERVED1 0x32
OFFSET(KTRAP_FRAME_ES, KTRAP_FRAME, SegEs),
//OFFSET(KTRAP_FRAME_RESERVED2 0x36
OFFSET(KTRAP_FRAME_DS, KTRAP_FRAME, SegDs),
//OFFSET(KTRAP_FRAME_RESERVED3 0x3A
OFFSET(KTRAP_FRAME_EDX, KTRAP_FRAME, Edx),
OFFSET(KTRAP_FRAME_ECX, KTRAP_FRAME, Ecx),
OFFSET(KTRAP_FRAME_EAX, KTRAP_FRAME, Eax),
OFFSET(KTRAP_FRAME_PREVIOUS_MODE, KTRAP_FRAME, PreviousPreviousMode),
OFFSET(KTRAP_FRAME_EXCEPTION_LIST, KTRAP_FRAME, ExceptionList),
OFFSET(KTRAP_FRAME_FS, KTRAP_FRAME, SegFs),
//OFFSET(KTRAP_FRAME_RESERVED4 0x52
OFFSET(KTRAP_FRAME_EDI, KTRAP_FRAME, Edi),
OFFSET(KTRAP_FRAME_ESI, KTRAP_FRAME, Esi),
OFFSET(KTRAP_FRAME_EBX, KTRAP_FRAME, Ebx),
OFFSET(KTRAP_FRAME_EBP, KTRAP_FRAME, Ebp),
OFFSET(KTRAP_FRAME_ERROR_CODE, KTRAP_FRAME, ErrCode),
OFFSET(KTRAP_FRAME_EIP, KTRAP_FRAME, Eip),
//OFFSET(KTRAP_FRAME_CS 0x6C
OFFSET(KTRAP_FRAME_EFLAGS, KTRAP_FRAME, EFlags),
OFFSET(KTRAP_FRAME_ESP, KTRAP_FRAME, HardwareEsp),
OFFSET(KTRAP_FRAME_SS, KTRAP_FRAME, HardwareSegSs),
//OFFSET(KTRAP_FRAME_RESERVED5 0x7A
OFFSET(KTRAP_FRAME_V86_ES, KTRAP_FRAME, V86Es),
//OFFSET(KTRAP_FRAME_RESERVED6 0x7E
OFFSET(KTRAP_FRAME_V86_DS, KTRAP_FRAME, V86Ds),
//OFFSET(KTRAP_FRAME_RESERVED7 0x82
OFFSET(KTRAP_FRAME_V86_FS, KTRAP_FRAME, V86Fs),
//OFFSET(KTRAP_FRAME_RESERVED8 0x86
OFFSET(KTRAP_FRAME_V86_GS, KTRAP_FRAME, V86Gs),
//OFFSET(KTRAP_FRAME_RESERVED9 0x8A
//OFFSET(KTRAP_FRAME_SIZE 0x8C
//OFFSET(KTRAP_FRAME_LENGTH 0x8C
//OFFSET(KTRAP_FRAME_ALIGN 0x04
SIZE(KTRAP_FRAME_SIZE, KTRAP_FRAME),
CONSTANT(FRAME_EDITED),
// ok
HEADER("CONTEXT"),
OFFSET(CONTEXT_FLAGS, CONTEXT, ContextFlags),
//OFFSET(CONTEXT_DR6 0x14
//OFFSET(CONTEXT_FLOAT_SAVE 0x1C
OFFSET(CONTEXT_SEGGS, CONTEXT, SegGs),
OFFSET(CONTEXT_SEGFS, CONTEXT, SegFs),
OFFSET(CONTEXT_SEGES, CONTEXT, SegEs),
@ -343,10 +652,6 @@ OFFSET(CONTEXT_SEGCS, CONTEXT, SegCs),
OFFSET(CONTEXT_EFLAGS, CONTEXT, EFlags),
OFFSET(CONTEXT_ESP, CONTEXT, Esp),
OFFSET(CONTEXT_SEGSS, CONTEXT, SegSs),
//OFFSET(CONTEXT_FLOAT_SAVE_CONTROL_WORD CONTEXT_FLOAT_SAVE + FP_CONTROL_WORD
//OFFSET(CONTEXT_FLOAT_SAVE_STATUS_WORD CONTEXT_FLOAT_SAVE + FP_STATUS_WORD
//OFFSET(CONTEXT_FLOAT_SAVE_TAG_WORD CONTEXT_FLOAT_SAVE + FP_TAG_WORD
//OFFSET(CONTEXT_FRAME_LENGTH 0x2D0
SIZE(CONTEXT_FRAME_LENGTH, CONTEXT),
HEADER("FIBER"),
@ -388,28 +693,19 @@ OFFSET(EXCEPTION_RECORD_EXCEPTION_ADDRESS, EXCEPTION_RECORD, ExceptionAddress),
SIZE(SIZEOF_EXCEPTION_RECORD, EXCEPTION_RECORD),
CONSTANT(EXCEPTION_RECORD_LENGTH),
//#define EXCEPTION_RECORD_LENGTH 0x50
HEADER("KTHREAD"),
OFFSET(KTHREAD_DEBUG_ACTIVE, KTHREAD, Header.DebugActive),
OFFSET(KTHREAD_INITIAL_STACK, KTHREAD, InitialStack),
OFFSET(KTHREAD_STACK_LIMIT, KTHREAD, StackLimit),
OFFSET(KTHREAD_TEB, KTHREAD, Teb),
OFFSET(KTHREAD_KERNEL_STACK, KTHREAD, KernelStack),
//OFFSET(KTHREAD_ALERTED 0x5E
OFFSET(KTHREAD_APCSTATE_PROCESS, KTHREAD, ApcState.Process),
//OFFSET(KTHREAD_PENDING_USER_APC 0x28 + 0x16
OFFSET(KTHREAD_PENDING_KERNEL_APC, KTHREAD, ApcState.KernelApcPending),
OFFSET(KTHREAD_CONTEXT_SWITCHES, KTHREAD, ContextSwitches),
OFFSET(KTHREAD_STATE_, KTHREAD, State),
OFFSET(KTHREAD_NPX_STATE, KTHREAD, NpxState),
OFFSET(KTHREAD_WAIT_IRQL, KTHREAD, WaitIrql),
//OFFSET(KTHREAD_NEXT_PROCESSOR 0x40
OFFSET(KTHREAD_WAIT_REASON, KTHREAD, WaitReason),
//OFFSET(KTHREAD_PRIORITY 0x5B
//OFFSET(KTHREAD_SWAP_BUSY 0x5D
//OFFSET(KTHREAD_SERVICE_TABLE 0x118
//OFFSET(KTHREAD_PREVIOUS_MODE 0xD7
OFFSET(KTHREAD_COMBINED_APC_DISABLE, KTHREAD, CombinedApcDisable),
OFFSET(KTHREAD_SPECIAL_APC_DISABLE, KTHREAD, SpecialApcDisable),
OFFSET(KTHREAD_LARGE_STACK, KTHREAD, LargeStack),
@ -417,9 +713,6 @@ OFFSET(KTHREAD_TRAP_FRAME, KTHREAD, TrapFrame),
OFFSET(KTHREAD_CALLBACK_STACK, KTHREAD, CallbackStack),
OFFSET(KTHREAD_APC_STATE_INDEX, KTHREAD, ApcStateIndex),
OFFSET(KTHREAD_STACK_BASE, KTHREAD, StackBase),
//OFFSET(KTHREAD_QUANTUM 0x15D
//OFFSET(KTHREAD_KERNEL_TIME 0x160
//OFFSET(KTHREAD_USER_TIME 0x18C
HEADER("KPROCESS"),
OFFSET(KPROCESS_DIRECTORY_TABLE_BASE, KPROCESS, DirectoryTableBase),
@ -428,10 +721,8 @@ OFFSET(KPROCESS_LDT_DESCRIPTOR1, KPROCESS, LdtDescriptor.HighWord),
OFFSET(KPROCESS_INT21_DESCRIPTOR0, KPROCESS, Int21Descriptor),
OFFSET(KPROCESS_INT21_DESCRIPTOR1, KPROCESS, Int21Descriptor.Access),
OFFSET(KPROCESS_IOPM_OFFSET, KPROCESS, IopmOffset),
//OFFSET(KPROCESS_ACTIVE_PROCESSORS 0x34
//OFFSET(EPROCESS_VDM_OBJECTS 0x144
HEADER("Teb"),
HEADER("TEB"),
OFFSET(TEB_EXCEPTION_LIST, TEB, NtTib.ExceptionList),
OFFSET(TEB_STACK_LIMIT, TEB, NtTib.StackLimit),
OFFSET(TEB_STACK_BASE, TEB, NtTib.StackBase),
@ -448,7 +739,6 @@ OFFSET(TEB_DEALLOCATION_STACK, TEB, DeallocationStack),
HEADER("Misc"),
CONSTANT(NPX_FRAME_LENGTH),
CONSTANT(FN_CR0_NPX_STATE),
CONSTANT(DR7_RESERVED_MASK),
CONSTANT(FP_CONTROL_WORD),
CONSTANT(FP_STATUS_WORD),
CONSTANT(FP_TAG_WORD),

810
reactos/include/asm/ksamd64.template.h
View file

@ -1,4 +1,11 @@
RAW("include kxamd64.inc"),
HEADER("CPU type"),
CONSTANT(CPU_AMD),
CONSTANT(CPU_INTEL),
CONSTANT(CPU_VIA),
HEADER("CR0 flags"),
CONSTANT(CR0_PE),
CONSTANT(CR0_MP),
@ -23,20 +30,27 @@ CONSTANT(CR4_MCE),
CONSTANT(CR4_PGE),
CONSTANT(CR4_FXSR),
CONSTANT(CR4_XMMEXCPT),
CONSTANT(CR4_CHANNELS),
CONSTANT(CR4_CHANNELS), // not in win 10
CONSTANT(CR4_XSAVE),
HEADER("KeFeatureBits flags"),
CONSTANT(KF_RDTSC),
CONSTANT(KF_CR4),
CONSTANT(KF_GLOBAL_PAGE),
CONSTANT(KF_LARGE_PAGE),
CONSTANT(KF_CMPXCHG8B),
CONSTANT(KF_FAST_SYSCALL),
CONSTANT(DEBUG_ACTIVE_DR7),
CONSTANT(DEBUG_ACTIVE_INSTRUMENTED),
CONSTANT(DEBUG_ACTIVE_DBG_INSTRUMENTED),
CONSTANT(DEBUG_ACTIVE_MINIMAL_THREAD),
HEADER("Machine type definitions"),
CONSTANT(MACHINE_TYPE_ISA),
CONSTANT(MACHINE_TYPE_EISA),
CONSTANT(MACHINE_TYPE_MCA),
CONSTANT(DEBUG_ACTIVE_PRIMARY_THREAD),
CONSTANT(DEBUG_ACTIVE_PRIMARY_THREAD_BIT),
CONSTANT(DEBUG_ACTIVE_PRIMARY_THREAD_LOCK_BIT),
CONSTANT(DEBUG_ACTIVE_SCHEDULED_THREAD),
CONSTANT(DEBUG_ACTIVE_SCHEDULED_THREAD_BIT),
CONSTANT(DEBUG_ACTIVE_SCHEDULED_THREAD_LOCK),
CONSTANT(DEBUG_ACTIVE_SCHEDULED_THREAD_LOCK_BIT),
HEADER("DR7 debug control masks"),
CONSTANT(DR7_LEGAL),
CONSTANT(DR7_ACTIVE),
CONSTANT(DR7_TRACE_BRANCH),
CONSTANT(DR7_LAST_BRANCH),
HEADER("EFLAGS"),
CONSTANT(EFLAGS_TF_MASK),
@ -44,56 +58,9 @@ CONSTANT(EFLAGS_TF_SHIFT),
CONSTANT(EFLAGS_IF_MASK),
CONSTANT(EFLAGS_IF_SHIFT),
CONSTANT(EFLAGS_ID_MASK),
CONSTANTX(EFLAGS_IF_BIT, EFLAGS_IF_MASK),
HEADER("Hypervisor Enlightenment Definitions"),
//CONSTANT(HV_MMU_USE_HYPERCALL_FOR_ADDRESS_SWITCH),
//CONSTANT(HV_MMU_USE_HYPERCALL_FOR_LOCAL_FLUSH),
//CONSTANT(HV_MMU_USE_HYPERCALL_FOR_REMOTE_FLUSH),
//CONSTANT(HV_X64_MSR_APIC_EOI),
//CONSTANT(HV_APIC_ENLIGHTENED),
//CONSTANT(HV_KE_USE_HYPERCALL_FOR_LONG_SPIN_WAIT),
//CONSTANT(HV_VIRTUAL_APIC_NO_EOI_REQUIRED_V),
//CONSTANT(HvApicFlags),
HEADER("KDGT selectors"),
CONSTANT(KGDT64_NULL),
CONSTANT(KGDT64_R0_CODE),
CONSTANT(KGDT64_R0_DATA),
CONSTANT(KGDT64_R3_CMCODE),
CONSTANT(KGDT64_R3_DATA),
CONSTANT(KGDT64_R3_CODE),
CONSTANT(KGDT64_SYS_TSS),
CONSTANT(KGDT64_R3_CMTEB),
HEADER("Machine Specific Register Numbers"),
CONSTANT(MSR_EFER),
CONSTANT(MSR_STAR),
CONSTANT(MSR_LSTAR),
CONSTANT(MSR_CSTAR),
CONSTANT(MSR_SYSCALL_MASK),
CONSTANT(MSR_FS_BASE),
CONSTANT(MSR_GS_BASE),
CONSTANT(MSR_GS_SWAP),
CONSTANT(MSR_MCG_STATUS),
CONSTANT(MSR_AMD_ACCESS),
HEADER("Flags for MSR_EFER"),
CONSTANT(MSR_LMA),
CONSTANT(MSR_LME),
CONSTANT(MSR_SCE),
CONSTANT(MSR_NXE),
CONSTANT(MSR_PAT),
CONSTANT(MSR_DEGUG_CTL),
CONSTANT(MSR_LAST_BRANCH_FROM),
CONSTANT(MSR_LAST_BRANCH_TO),
CONSTANT(MSR_LAST_EXCEPTION_FROM),
CONSTANT(MSR_LAST_EXCEPTION_TO),
HEADER("Flags for MSR_DEGUG_CTL"),
//CONSTANT(MSR_DEBUG_CTL_LBR),
//CONSTANT(MSR_DEBUG_CRL_BTF),
HEADER("Fatal exception codes"),
HEADER("Exception codes"),
CONSTANT(EXCEPTION_DIVIDED_BY_ZERO),
CONSTANT(EXCEPTION_DEBUG),
CONSTANT(EXCEPTION_NMI),
@ -111,75 +78,256 @@ CONSTANT(EXCEPTION_RESERVED_TRAP),
CONSTANT(EXCEPTION_NPX_ERROR),
CONSTANT(EXCEPTION_ALIGNMENT_CHECK),
HEADER("Legacy Floating Status Bit Masks"),
CONSTANT(FSW_INVALID_OPERATION),
CONSTANT(FSW_DENORMAL),
CONSTANT(FSW_ZERO_DIVIDE),
CONSTANT(FSW_OVERFLOW),
CONSTANT(FSW_UNDERFLOW),
CONSTANT(FSW_PRECISION),
CONSTANT(FSW_STACK_FAULT),
CONSTANT(FSW_ERROR_SUMMARY),
CONSTANT(FSW_CONDITION_CODE_0),
CONSTANT(FSW_CONDITION_CODE_1),
CONSTANT(FSW_CONDITION_CODE_2),
CONSTANT(FSW_CONDITION_CODE_3),
CONSTANT(FSW_ERROR_MASK),
HEADER("Hypervisor Enlightenment Definitions"),
//CONSTANT(HV_MMU_USE_HYPERCALL_FOR_ADDRESS_SWITCH),
//CONSTANT(HV_MMU_USE_HYPERCALL_FOR_LOCAL_FLUSH),
//CONSTANT(HV_MMU_USE_HYPERCALL_FOR_REMOTE_FLUSH),
//CONSTANT(HV_X64_MSR_APIC_EOI), // not win 10
//CONSTANT(HV_APIC_ENLIGHTENED),
//CONSTANT(HV_KE_USE_HYPERCALL_FOR_LONG_SPIN_WAIT),
//CONSTANT(HV_DEPRECATE_AUTO_EOI), // win 10
//CONSTANT(HV_X64_MSR_EOI), // win 10
//CONSTANT(HV_VIRTUAL_APIC_NO_EOI_REQUIRED), // win 10
//CONSTANT(HV_VIRTUAL_APIC_NO_EOI_REQUIRED_V), // not win 10
//CONSTANT(HvApicFlags),
CONSTANT(KEXCEPTION_ACTIVE_INTERRUPT_FRAME),
CONSTANT(KEXCEPTION_ACTIVE_EXCEPTION_FRAME),
CONSTANT(KEXCEPTION_ACTIVE_SERVICE_FRAME),
HEADER("KeFeatureBits flags"),
CONSTANT(KF_RDTSC),
CONSTANT(KF_CR4),
CONSTANT(KF_GLOBAL_PAGE),
CONSTANT(KF_LARGE_PAGE),
CONSTANT(KF_CMPXCHG8B),
CONSTANT(KF_FAST_SYSCALL),
CONSTANT(KF_BRANCH), // win 10
CONSTANT(KF_XSTATE), // win 10
CONSTANT(KF_XSAVEOPT_BIT), // win 10
CONSTANT(KF_XSTATE_BIT), // win 10
CONSTANT(KF_RDWRFSGSBASE_BIT), // win 10
HEADER("KDGT selectors"),
CONSTANT(KGDT64_NULL),
CONSTANT(KGDT64_R0_CODE),
CONSTANT(KGDT64_R0_DATA),
CONSTANT(KGDT64_R3_CMCODE),
CONSTANT(KGDT64_R3_DATA),
CONSTANT(KGDT64_R3_CODE),
CONSTANT(KGDT64_SYS_TSS),
CONSTANT(KGDT64_R3_CMTEB),
CONSTANT(KGDT64_R0_LDT), // win 10
//HEADER("MCE Recovery Context Flags Definitions"),
//CONSTANT(KMRC_ALTERNATE_CONTEXT),
//CONSTANT(KMRC_WORK_ITEM),
//CONSTANT(KMRC_OFFLINE_PAGE),
//CONSTANT(KMRC_TERMINATE_PROCESS),
HEADER("Machine type definitions"),
CONSTANT(MACHINE_TYPE_ISA),
CONSTANT(MACHINE_TYPE_EISA),
CONSTANT(MACHINE_TYPE_MCA),
HEADER("Machine Specific Register Numbers"),
CONSTANT(MSR_EFER),
CONSTANT(MSR_STAR),
CONSTANT(MSR_LSTAR),
CONSTANT(MSR_CSTAR),
CONSTANT(MSR_SYSCALL_MASK),
CONSTANT(MSR_FS_BASE),
CONSTANT(MSR_GS_BASE),
CONSTANT(MSR_GS_SWAP),
CONSTANT(MSR_MCG_STATUS),
CONSTANT(MSR_AMD_ACCESS),
CONSTANT(MSR_IA32_MISC_ENABLE),
HEADER("Flags for MSR_EFER"),
CONSTANT(MSR_LMA),
CONSTANT(MSR_LME),
CONSTANT(MSR_SCE),
CONSTANT(MSR_NXE),
CONSTANT(MSR_PAT),
CONSTANT(MSR_DEBUG_CTL),
CONSTANT(MSR_LAST_BRANCH_FROM), // not win 10
CONSTANT(MSR_LAST_BRANCH_TO), // not win 10
CONSTANT(MSR_LAST_EXCEPTION_FROM), // not win 10
CONSTANT(MSR_LAST_EXCEPTION_TO), // not win 10
HEADER("Flags for MSR_DEBUG_CTL"),
//CONSTANT(MSR_DEBUG_CTL_LBR),
//CONSTANT(MSR_DEBUG_CTL_BTF),
HEADER("Flags for MSR_IA32_MISC_ENABLE"),
//CONSTANT(MSR_XD_ENABLE_MASK),
HEADER("Argument Home Address"),
CONSTANT(P1Home),
CONSTANT(P2Home),
CONSTANT(P3Home),
CONSTANT(P4Home),
HEADER("CONTEXT"),
OFFSET(CONTEXT_P1Home, CONTEXT, P1Home),
OFFSET(CONTEXT_P2Home, CONTEXT, P2Home),
OFFSET(CONTEXT_P3Home, CONTEXT, P3Home),
OFFSET(CONTEXT_P4Home, CONTEXT, P4Home),
OFFSET(CONTEXT_P5Home, CONTEXT, P5Home),
OFFSET(CONTEXT_P6Home, CONTEXT, P6Home),
OFFSET(CONTEXT_ContextFlags, CONTEXT, ContextFlags),
OFFSET(CONTEXT_MxCsr, CONTEXT, MxCsr),
OFFSET(CONTEXT_SegCs, CONTEXT, SegCs),
OFFSET(CONTEXT_SegDs, CONTEXT, SegDs),
OFFSET(CONTEXT_SegEs, CONTEXT, SegEs),
OFFSET(CONTEXT_SegFs, CONTEXT, SegFs),
OFFSET(CONTEXT_SegGs, CONTEXT, SegGs),
OFFSET(CONTEXT_SegSs, CONTEXT, SegSs),
OFFSET(CONTEXT_EFlags, CONTEXT, EFlags),
OFFSET(CONTEXT_Dr0, CONTEXT, Dr0),
OFFSET(CONTEXT_Dr1, CONTEXT, Dr1),
OFFSET(CONTEXT_Dr2, CONTEXT, Dr2),
OFFSET(CONTEXT_Dr3, CONTEXT, Dr3),
OFFSET(CONTEXT_Dr6, CONTEXT, Dr6),
OFFSET(CONTEXT_Dr7, CONTEXT, Dr7),
OFFSET(CONTEXT_Rax, CONTEXT, Rax),
OFFSET(CONTEXT_Rcx, CONTEXT, Rcx),
OFFSET(CONTEXT_Rdx, CONTEXT, Rdx),
OFFSET(CONTEXT_Rbx, CONTEXT, Rbx),
OFFSET(CONTEXT_Rsp, CONTEXT, Rsp),
OFFSET(CONTEXT_Rbp, CONTEXT, Rbp),
OFFSET(CONTEXT_Rsi, CONTEXT, Rsi),
OFFSET(CONTEXT_Rdi, CONTEXT, Rdi),
OFFSET(CONTEXT_R8, CONTEXT, R8),
OFFSET(CONTEXT_R9, CONTEXT, R9),
OFFSET(CONTEXT_R10, CONTEXT, R10),
OFFSET(CONTEXT_R11, CONTEXT, R11),
OFFSET(CONTEXT_R12, CONTEXT, R12),
OFFSET(CONTEXT_R13, CONTEXT, R13),
OFFSET(CONTEXT_R14, CONTEXT, R14),
OFFSET(CONTEXT_R15, CONTEXT, R15),
OFFSET(CONTEXT_Rip, CONTEXT, Rip),
OFFSET(CONTEXT_FltSave, CONTEXT, FltSave),
OFFSET(CONTEXT_Xmm0, CONTEXT, Xmm0),
OFFSET(CONTEXT_Xmm1, CONTEXT, Xmm1),
OFFSET(CONTEXT_Xmm2, CONTEXT, Xmm2),
OFFSET(CONTEXT_Xmm3, CONTEXT, Xmm3),
OFFSET(CONTEXT_Xmm4, CONTEXT, Xmm4),
OFFSET(CONTEXT_Xmm5, CONTEXT, Xmm5),
OFFSET(CONTEXT_Xmm6, CONTEXT, Xmm6),
OFFSET(CONTEXT_Xmm7, CONTEXT, Xmm7),
OFFSET(CONTEXT_Xmm8, CONTEXT, Xmm8),
OFFSET(CONTEXT_Xmm9, CONTEXT, Xmm9),
OFFSET(CONTEXT_Xmm10, CONTEXT, Xmm10),
OFFSET(CONTEXT_Xmm11, CONTEXT, Xmm11),
OFFSET(CONTEXT_Xmm12, CONTEXT, Xmm12),
OFFSET(CONTEXT_Xmm13, CONTEXT, Xmm13),
OFFSET(CONTEXT_Xmm14, CONTEXT, Xmm14),
OFFSET(CONTEXT_Xmm15, CONTEXT, Xmm15),
OFFSET(CONTEXT_DebugControl, CONTEXT, DebugControl),
OFFSET(CONTEXT_LastBranchToRip, CONTEXT, LastBranchToRip),
OFFSET(CONTEXT_LastBranchFromRip, CONTEXT, LastBranchFromRip),
OFFSET(CONTEXT_LastExceptionToRip, CONTEXT, LastExceptionToRip),
OFFSET(CONTEXT_LastExceptionFromRip, CONTEXT, LastExceptionFromRip),
OFFSET(CONTEXT_VectorControl, CONTEXT, VectorControl),
OFFSET(CONTEXT_VectorRegister, CONTEXT, VectorRegister),
#if (NTDDI_VERSION >= NTDDI_WIN7)
HEADER("RTL_UMS_SCHEDULER_REASON Enum Definitions"),
CONSTANT(UmsSchedulerStartup),
CONSTANT(UmsSchedulerThreadBlocked),
CONSTANT(UmsSchedulerThreadYield),
HEADER("User mode context flag definitions"),
CONSTANT(UMSCTX_SCHEDULED_THREAD_BIT),
CONSTANT(UMSCTX_SUSPENDED_BIT),
CONSTANT(UMSCTX_VOLATILE_CONTEXT_BIT),
CONSTANT(UMSCTX_TERMINATED_BIT),
CONSTANT(UMSCTX_DEBUG_ACTIVE_BIT),
CONSTANT(UMSCTX_DENY_RUNNING_ON_SELF_THREAD_BIT),
CONSTANT(UMSCTX_SCHEDULED_THREAD_MASK),
CONSTANT(UMSCTX_SUSPENDED_MASK),
CONSTANT(UMSCTX_VOLATILE_CONTEXT_MASK),
CONSTANT(UMSCTX_TERMINATED_MASK),
CONSTANT(UMSCTX_DEBUG_ACTIVE_MASK),
CONSTANT(UMSCTX_DENY_RUNNING_ON_SELF_THREAD_MASK),
#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
CONSTANT(XSTATE_MASK_LEGACY_FLOATING_POINT),
CONSTANT(XSTATE_MASK_LEGACY_SSE),
CONSTANT(XSTATE_MASK_LEGACY),
CONSTANT(XSTATE_MASK_GSSE),
HEADER("MXCSR Floating Control/Status Bit Masks"),
CONSTANT(XSW_INVALID_OPERATION),
CONSTANT(XSW_DENORMAL),
CONSTANT(XSW_ZERO_DIVIDE),
CONSTANT(XSW_OVERFLOW),
CONSTANT(XSW_UNDERFLOW),
CONSTANT(XSW_PRECISION),
CONSTANT(XSW_ERROR_MASK),
CONSTANT(XSW_ERROR_SHIFT),
CONSTANT(XCW_INVALID_OPERATION),
CONSTANT(XCW_DENORMAL),
CONSTANT(XCW_ZERO_DIVIDE),
CONSTANT(XCW_OVERFLOW),
CONSTANT(XCW_UNDERFLOW),
CONSTANT(XCW_PRECISION),
CONSTANT(XCW_ROUND_CONTROL),
CONSTANT(XCW_FLUSH_ZERO),
CONSTANT(INITIAL_FPCSR),
CONSTANT(INITIAL_MXCSR),
HEADER("Misc constants"),
CONSTANT(CONTEXT_XSTATE),
//CONSTANT(CONTEXT_EX_LENGTH),
CONSTANT(EVENT_INCREMENT),
//CONSTANT(KI_SPINLOCK_ORDER_PRCB_LOCK),
//CONSTANT(KTHREAD_UMS_DIRECTED_SWITCH_ENABLE_BIT),
//CONSTANT(KTHREAD_UMS_PERFORMING_SYSCALL_BIT),
//CONSTANT(KUMS_UCH_VOLATILE_BIT),
//CONSTANT(KUMS_UCH_VOLATILE_MASK),
CONSTANT(PF_COMPARE_EXCHANGE128),
//CONSTANT(PF_RDWRFSGSBASE_AVAILABLE),
//CONSTANT(UMS_TLS_THREAD_CONTEXT),
//CONSTANT(XHF_NOEXECUTE),
/// Field offsets
HEADER("CPU_INFO offsets"),
OFFSET(CpuEax, CPU_INFO, Eax),
OFFSET(CpuEbx, CPU_INFO, Ebx),
OFFSET(CpuEcx, CPU_INFO, Ecx),
OFFSET(CpuEdx, CPU_INFO, Edx),
HEADER("UCALLOUT_FRAME offsets (yes, Cu/Ck is ...)"),
OFFSET(CkBuffer, UCALLOUT_FRAME, Buffer),
OFFSET(CkLength, UCALLOUT_FRAME, Length),
OFFSET(CkApiNumber, UCALLOUT_FRAME, ApiNumber),
OFFSET(CkRsp, UCALLOUT_FRAME, MachineFrame.Rsp),
OFFSET(CkRip, UCALLOUT_FRAME, MachineFrame.Rip),
SIZE(CalloutFrameLength, UCALLOUT_FRAME),
HEADER("KCALLOUT_FRAME offsets (yes, Cu/Ck is ...)"),
OFFSET(CuTrapFrame, KCALLOUT_FRAME, TrapFrame),
OFFSET(CuOutputBuffer, KCALLOUT_FRAME, OutputBuffer),
OFFSET(CuOutputLength, KCALLOUT_FRAME, OutputLength),
HEADER("CONTEXT offsets"),
OFFSET(CxP1Home, CONTEXT, P1Home),
OFFSET(CxP2Home, CONTEXT, P2Home),
OFFSET(CxP3Home, CONTEXT, P3Home),
OFFSET(CxP4Home, CONTEXT, P4Home),
OFFSET(CxP5Home, CONTEXT, P5Home),
OFFSET(CxP6Home, CONTEXT, P6Home),
OFFSET(CxContextFlags, CONTEXT, ContextFlags),
OFFSET(CxMxCsr, CONTEXT, MxCsr),
OFFSET(CxSegCs, CONTEXT, SegCs),
OFFSET(CxSegDs, CONTEXT, SegDs),
OFFSET(CxSegEs, CONTEXT, SegEs),
OFFSET(CxSegFs, CONTEXT, SegFs),
OFFSET(CxSegGs, CONTEXT, SegGs),
OFFSET(CxSegSs, CONTEXT, SegSs),
OFFSET(CxEFlags, CONTEXT, EFlags),
OFFSET(CxDr0, CONTEXT, Dr0),
OFFSET(CxDr1, CONTEXT, Dr1),
OFFSET(CxDr2, CONTEXT, Dr2),
OFFSET(CxDr3, CONTEXT, Dr3),
OFFSET(CxDr6, CONTEXT, Dr6),
OFFSET(CxDr7, CONTEXT, Dr7),
OFFSET(CxRax, CONTEXT, Rax),
OFFSET(CxRcx, CONTEXT, Rcx),
OFFSET(CxRdx, CONTEXT, Rdx),
OFFSET(CxRbx, CONTEXT, Rbx),
OFFSET(CxRsp, CONTEXT, Rsp),
OFFSET(CxRbp, CONTEXT, Rbp),
OFFSET(CxRsi, CONTEXT, Rsi),
OFFSET(CxRdi, CONTEXT, Rdi),
OFFSET(CxR8, CONTEXT, R8),
OFFSET(CxR9, CONTEXT, R9),
OFFSET(CxR10, CONTEXT, R10),
OFFSET(CxR11, CONTEXT, R11),
OFFSET(CxR12, CONTEXT, R12),
OFFSET(CxR13, CONTEXT, R13),
OFFSET(CxR14, CONTEXT, R14),
OFFSET(CxR15, CONTEXT, R15),
OFFSET(CxRip, CONTEXT, Rip),
OFFSET(CxFltSave, CONTEXT, FltSave),
OFFSET(CxXmm0, CONTEXT, Xmm0),
OFFSET(CxXmm1, CONTEXT, Xmm1),
OFFSET(CxXmm2, CONTEXT, Xmm2),
OFFSET(CxXmm3, CONTEXT, Xmm3),
OFFSET(CxXmm4, CONTEXT, Xmm4),
OFFSET(CxXmm5, CONTEXT, Xmm5),
OFFSET(CxXmm6, CONTEXT, Xmm6),
OFFSET(CxXmm7, CONTEXT, Xmm7),
OFFSET(CxXmm8, CONTEXT, Xmm8),
OFFSET(CxXmm9, CONTEXT, Xmm9),
OFFSET(CxXmm10, CONTEXT, Xmm10),
OFFSET(CxXmm11, CONTEXT, Xmm11),
OFFSET(CxXmm12, CONTEXT, Xmm12),
OFFSET(CxXmm13, CONTEXT, Xmm13),
OFFSET(CxXmm14, CONTEXT, Xmm14),
OFFSET(CxXmm15, CONTEXT, Xmm15),
OFFSET(CxDebugControl, CONTEXT, DebugControl),
OFFSET(CxLastBranchToRip, CONTEXT, LastBranchToRip),
OFFSET(CxLastBranchFromRip, CONTEXT, LastBranchFromRip),
OFFSET(CxLastExceptionToRip, CONTEXT, LastExceptionToRip),
OFFSET(CxLastExceptionFromRip, CONTEXT, LastExceptionFromRip),
OFFSET(CxVectorControl, CONTEXT, VectorControl),
OFFSET(CxVectorRegister, CONTEXT, VectorRegister),
SIZE(CONTEXT_FRAME_LENGTH, CONTEXT),
HEADER("DISPATCHER_CONTEXT"),
@ -194,37 +342,36 @@ OFFSET(DcHandlerData, DISPATCHER_CONTEXT, HandlerData),
OFFSET(DcHistoryTable, DISPATCHER_CONTEXT, HistoryTable),
OFFSET(DcScopeIndex, DISPATCHER_CONTEXT, ScopeIndex),
HEADER("KEXCEPTION_FRAME"),
OFFSET(KEXCEPTION_FRAME_P1Home, KEXCEPTION_FRAME, P1Home),
OFFSET(KEXCEPTION_FRAME_P2Home, KEXCEPTION_FRAME, P2Home),
OFFSET(KEXCEPTION_FRAME_P3Home, KEXCEPTION_FRAME, P3Home),
OFFSET(KEXCEPTION_FRAME_P4Home, KEXCEPTION_FRAME, P4Home),
OFFSET(KEXCEPTION_FRAME_P5, KEXCEPTION_FRAME, P5),
OFFSET(KEXCEPTION_FRAME_Xmm6, KEXCEPTION_FRAME, Xmm6),
OFFSET(KEXCEPTION_FRAME_Xmm7, KEXCEPTION_FRAME, Xmm7),
OFFSET(KEXCEPTION_FRAME_Xmm8, KEXCEPTION_FRAME, Xmm8),
OFFSET(KEXCEPTION_FRAME_Xmm9, KEXCEPTION_FRAME, Xmm9),
OFFSET(KEXCEPTION_FRAME_Xmm10, KEXCEPTION_FRAME, Xmm10),
OFFSET(KEXCEPTION_FRAME_Xmm11, KEXCEPTION_FRAME, Xmm11),
OFFSET(KEXCEPTION_FRAME_Xmm12, KEXCEPTION_FRAME, Xmm12),
OFFSET(KEXCEPTION_FRAME_Xmm13, KEXCEPTION_FRAME, Xmm13),
OFFSET(KEXCEPTION_FRAME_Xmm14, KEXCEPTION_FRAME, Xmm14),
OFFSET(KEXCEPTION_FRAME_Xmm15, KEXCEPTION_FRAME, Xmm15),
OFFSET(KEXCEPTION_FRAME_MxCsr, KEXCEPTION_FRAME, MxCsr),
OFFSET(KEXCEPTION_FRAME_Rbp, KEXCEPTION_FRAME, Rbp),
OFFSET(KEXCEPTION_FRAME_Rbx, KEXCEPTION_FRAME, Rbx),
OFFSET(KEXCEPTION_FRAME_Rdi, KEXCEPTION_FRAME, Rdi),
OFFSET(KEXCEPTION_FRAME_Rsi, KEXCEPTION_FRAME, Rsi),
OFFSET(KEXCEPTION_FRAME_R12, KEXCEPTION_FRAME, R12),
OFFSET(KEXCEPTION_FRAME_R13, KEXCEPTION_FRAME, R13),
OFFSET(KEXCEPTION_FRAME_R14, KEXCEPTION_FRAME, R14),
OFFSET(KEXCEPTION_FRAME_R15, KEXCEPTION_FRAME, R15),
OFFSET(KEXCEPTION_FRAME_Return, KEXCEPTION_FRAME, Return),
OFFSET(KEXCEPTION_FRAME_InitialStack, KEXCEPTION_FRAME, InitialStack),
OFFSET(KEXCEPTION_FRAME_TrapFrame, KEXCEPTION_FRAME, TrapFrame),
OFFSET(KEXCEPTION_FRAME_CallbackStack, KEXCEPTION_FRAME, CallbackStack),
OFFSET(KEXCEPTION_FRAME_OutputBuffer, KEXCEPTION_FRAME, OutputBuffer),
OFFSET(KEXCEPTION_FRAME_OutputLength, KEXCEPTION_FRAME, OutputLength),
// DPC Stack Frame Defintions
//OFFSET(DpRsp, ????, Rsp), // 0x0040
//OFFSET(DpRip, ????, Rip), // 0x0028
HEADER("KEXCEPTION_FRAME offsets"),
OFFSET(ExP1Home, KEXCEPTION_FRAME, P1Home),
OFFSET(ExP2Home, KEXCEPTION_FRAME, P2Home),
OFFSET(ExP3Home, KEXCEPTION_FRAME, P3Home),
OFFSET(ExP4Home, KEXCEPTION_FRAME, P4Home),
OFFSET(ExP5, KEXCEPTION_FRAME, P5),
OFFSET(ExXmm6, KEXCEPTION_FRAME, Xmm6),
OFFSET(ExXmm7, KEXCEPTION_FRAME, Xmm7),
OFFSET(ExXmm8, KEXCEPTION_FRAME, Xmm8),
OFFSET(ExXmm9, KEXCEPTION_FRAME, Xmm9),
OFFSET(ExXmm10, KEXCEPTION_FRAME, Xmm10),
OFFSET(ExXmm11, KEXCEPTION_FRAME, Xmm11),
OFFSET(ExXmm12, KEXCEPTION_FRAME, Xmm12),
OFFSET(ExXmm13, KEXCEPTION_FRAME, Xmm13),
OFFSET(ExXmm14, KEXCEPTION_FRAME, Xmm14),
OFFSET(ExXmm15, KEXCEPTION_FRAME, Xmm15),
OFFSET(ExMxCsr, KEXCEPTION_FRAME, MxCsr),
OFFSET(ExRbp, KEXCEPTION_FRAME, Rbp),
OFFSET(ExRbx, KEXCEPTION_FRAME, Rbx),
OFFSET(ExRdi, KEXCEPTION_FRAME, Rdi),
OFFSET(ExRsi, KEXCEPTION_FRAME, Rsi),
OFFSET(ExR12, KEXCEPTION_FRAME, R12),
OFFSET(ExR13, KEXCEPTION_FRAME, R13),
OFFSET(ExR14, KEXCEPTION_FRAME, R14),
OFFSET(ExR15, KEXCEPTION_FRAME, R15),
OFFSET(ExReturn, KEXCEPTION_FRAME, Return),
SIZE(KEXCEPTION_FRAME_LENGTH, KEXCEPTION_FRAME),
HEADER("JUMP_BUFFER"),
@ -239,8 +386,9 @@ OFFSET(JbR13, _JUMP_BUFFER, R13),
OFFSET(JbR14, _JUMP_BUFFER, R14),
OFFSET(JbR15, _JUMP_BUFFER, R15),
OFFSET(JbRip, _JUMP_BUFFER, Rip),
//OFFSET(JbMxCsr, _JUMP_BUFFER, MxCsr), // Spare
//OFFSET(JbMxCsr, _JUMP_BUFFER, MxCsr),
//OFFSET(JbFpCsr, _JUMP_BUFFER, FpCsr),
//OFFSET(JbSpare, _JUMP_BUFFER, Spare),
OFFSET(JbXmm6, _JUMP_BUFFER, Xmm6),
OFFSET(JbXmm7, _JUMP_BUFFER, Xmm7),
OFFSET(JbXmm8, _JUMP_BUFFER, Xmm8),
@ -252,7 +400,21 @@ OFFSET(JbXmm13, _JUMP_BUFFER, Xmm13),
OFFSET(JbXmm14, _JUMP_BUFFER, Xmm14),
OFFSET(JbXmm15, _JUMP_BUFFER, Xmm15),
HEADER("KGDTENTRY64"),
HEADER("XSAVE_FORMAT offsets"),
OFFSET(LfControlWord, XSAVE_FORMAT, ControlWord),
OFFSET(LfStatusWord, XSAVE_FORMAT, StatusWord),
OFFSET(LfTagWord, XSAVE_FORMAT, TagWord),
OFFSET(LfErrorOpcode, XSAVE_FORMAT, ErrorOpcode),
OFFSET(LfErrorOffset, XSAVE_FORMAT, ErrorOffset),
OFFSET(LfErrorSelector, XSAVE_FORMAT, ErrorSelector),
OFFSET(LfDataOffset, XSAVE_FORMAT, DataOffset),
OFFSET(LfDataSelector, XSAVE_FORMAT, DataSelector),
OFFSET(LfMxCsr, XSAVE_FORMAT, MxCsr),
OFFSET(LfMxCsr_Mask, XSAVE_FORMAT, MxCsr_Mask),
OFFSET(LfFloatRegisters, XSAVE_FORMAT, FloatRegisters),
OFFSET(LfXmmRegisters, XSAVE_FORMAT, XmmRegisters),
HEADER("KGDTENTRY64 offsets"),
OFFSET(KgdtBaseLow, KGDTENTRY64, BaseLow),
OFFSET(KgdtBaseMiddle, KGDTENTRY64, Bytes.BaseMiddle),
OFFSET(KgdtBaseHigh, KGDTENTRY64, Bytes.BaseHigh),
@ -261,7 +423,20 @@ OFFSET(KgdtLimitHigh, KGDTENTRY64, Bytes.Flags2),
OFFSET(KgdtLimitLow, KGDTENTRY64, LimitLow),
//CONSTANT(KGDT_LIMIT_ENCODE_MASK),
HEADER("KPRCB"),
HEADER("MACHINE_FRAME offsets"),
OFFSET(MfRip, MACHINE_FRAME, Rip),
OFFSET(MfSegCs, MACHINE_FRAME, SegCs),
OFFSET(MfEFlags, MACHINE_FRAME, EFlags),
OFFSET(MfRsp, MACHINE_FRAME, Rsp),
OFFSET(MfSegSs, MACHINE_FRAME, SegSs),
SIZE(MachineFrameLength, MACHINE_FRAME),
// MCE Recovery Context Offset Definitions
//OFFSET(MrcFlags, ????, Flags),
//OFFSET(MrcPhysicalAddress, ????, PhysicalAddress),
//SIZE(MceRecoveryContextLength, ????),
HEADER("KPRCB offsets"),
OFFSET(PbMxCsr, KPRCB, MxCsr),
OFFSET(PbNumber, KPRCB, Number),
OFFSET(PbInterruptRequest, KPRCB, InterruptRequest),
@ -272,6 +447,9 @@ OFFSET(PbIdleThread, KPRCB, IdleThread),
OFFSET(PbNestingLevel, KPRCB, NestingLevel),
OFFSET(PbRspBase, KPRCB, RspBase),
OFFSET(PbPrcbLock, KPRCB, PrcbLock),
#if (NTDDI_VERSION >= NTDDI_VISTA)
OFFSET(PbPriorityState, KPRCB, PriorityState),
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
OFFSET(PbSetMember, KPRCB, SetMember),
OFFSET(PbProcessorState, KPRCB, ProcessorState),
OFFSET(PbCpuType, KPRCB, CpuType),
@ -284,6 +462,8 @@ OFFSET(PbBuildType, KPRCB, BuildType),
OFFSET(PbCpuVendor, KPRCB, CpuVendor),
//OFFSET(PbCoresPerPhysicalProcessor, KPRCB, CoresPerPhysicalProcessor),
//OFFSET(PbLogicalProcessorsPerCore, KPRCB, LogicalProcessorsPerCore),
//OFFSET(PbGroup, KPRCB, Group),
//OFFSET(PbGroupIndex, KPRCB, GroupIndex),
OFFSET(PbApicMask, KPRCB, ApicMask),
OFFSET(PbCFlushSize, KPRCB, CFlushSize),
OFFSET(PbAcpiReserved, KPRCB, AcpiReserved),
@ -296,19 +476,22 @@ OFFSET(PbPPPagedLookasideList, KPRCB, PPPagedLookasideList),
OFFSET(PbPacketBarrier, KPRCB, PacketBarrier),
OFFSET(PbDeferredReadyListHead, KPRCB, DeferredReadyListHead),
OFFSET(PbLookasideIrpFloat, KPRCB, LookasideIrpFloat),
//OFFSET(PbSystemCalls, KPRCB, SystemCalls),
//OFFSET(PbReadOperationCount, KPRCB, ReadOperationCount),
//OFFSET(PbWriteOperationCount, KPRCB, WriteOperationCount),
//OFFSET(PbOtherOperationCount, KPRCB, OtherOperationCount),
//OFFSET(PbReadTransferCount, KPRCB, ReadTransferCount),
//OFFSET(PbWriteTransferCount, KPRCB, WriteTransferCount),
//OFFSET(PbOtherTransferCount, KPRCB, OtherTransferCount),
//OFFSET(PbContextSwitches, KPRCB, ContextSwitches),
//OFFSET(PbSystemCalls, KPRCB, KeSystemCalls),
//OFFSET(PbReadOperationCount, KPRCB, IoReadOperationCount),
//OFFSET(PbWriteOperationCount, KPRCB, IoWriteOperationCount),
//OFFSET(PbOtherOperationCount, KPRCB, IoOtherOperationCount),
//OFFSET(PbReadTransferCount, KPRCB, IoReadTransferCount),
//OFFSET(PbWriteTransferCount, KPRCB, IoWriteTransferCount),
//OFFSET(PbOtherTransferCount, KPRCB, IoOtherTransferCount),
//OFFSET(PbContextSwitches, KPRCB, KeContextSwitches),
//OFFSET(PbLdtSelector, KPRCB, LdtSelector),
OFFSET(PbTargetSet, KPRCB, TargetSet),
//OFFSET(PbTargetCount, KPRCB, TargetCount),
OFFSET(PbIpiFrozen, KPRCB, IpiFrozen),
OFFSET(PbRequestMailbox, KPRCB, RequestMailbox),
OFFSET(PbSenderSummary, KPRCB, SenderSummary),
//OFFSET(PbDpcListHead, KPRCB, DpcListHead),
//OFFSET(PbDpcList, KPRCB, DpcList),
//OFFSET(PbDpcLock, KPRCB, DpcLock),
//OFFSET(PbDpcQueueDepth, KPRCB, DpcQueueDepth),
//OFFSET(PbDpcCount, KPRCB, DpcCount),
@ -316,6 +499,8 @@ OFFSET(PbDpcStack, KPRCB, DpcStack),
OFFSET(PbMaximumDpcQueueDepth, KPRCB, MaximumDpcQueueDepth),
OFFSET(PbDpcRequestRate, KPRCB, DpcRequestRate),
OFFSET(PbMinimumDpcRate, KPRCB, MinimumDpcRate),
//OFFSET(PbDpcRequestSummary, KPRCB, DpcRequestSummary),
//OFFSET(PbNormalDpcState, KPRCB, NormalDpcState),
OFFSET(PbDpcInterruptRequested, KPRCB, DpcInterruptRequested),
OFFSET(PbDpcThreadRequested, KPRCB, DpcThreadRequested),
OFFSET(PbDpcRoutineActive, KPRCB, DpcRoutineActive),
@ -323,6 +508,7 @@ OFFSET(PbDpcThreadActive, KPRCB, DpcThreadActive),
OFFSET(PbTimerHand, KPRCB, TimerHand),
OFFSET(PbTimerRequest, KPRCB, TimerRequest),
OFFSET(PbTickOffset, KPRCB, TickOffset),
//OFFSET(PbInterruptObject, KPRCB, InterruptObject),
OFFSET(PbMasterOffset, KPRCB, MasterOffset),
OFFSET(PbDpcLastCount, KPRCB, DpcLastCount),
OFFSET(PbQuantumEnd, KPRCB, QuantumEnd),
@ -356,8 +542,14 @@ OFFSET(PbSleeping, KPRCB, Sleeping),
//OFFSET(PbCopyReadNoWaitMiss, KPRCB, CopyReadNoWaitMiss),
//OFFSET(PbAlignmentFixupCount, KPRCB, AlignmentFixupCount),
//OFFSET(PbExceptionDispatchCount, KPRCB, ExceptionDispatchCount),
//OFFSET(PbKeSpinLockOrdering, KPRCB, KeSpinLockOrdering),
OFFSET(PbVendorString, KPRCB, VendorString),
OFFSET(PbPowerState, KPRCB, PowerState),
//OFFSET(PbContext, KPRCB, Context),
//OFFSET(PbIsrStack, KPRCB, IsrStack),
//OFFSET(PbEntropyCount, KPRCB, EntropyTimingState.EntropyCount),
//OFFSET(PbEntropyBuffer, KPRCB, EntropyTimingState.Buffer),
//OFFSET(PbMailbox, KPRCB, Mailbox),
SIZE(ProcessorBlockLength, KPRCB),
HEADER("KPCR"),
@ -425,9 +617,29 @@ OFFSET(PcSkipTick, KIPCR, Prcb.SkipTick),
OFFSET(PcVirtualApicAssist, KIPCR, Prcb.VirtualApicAssist),
OFFSET(PcStartCycles, KIPCR, Prcb.StartCycles),
#endif
//OFFSET(PcFeatureBits, KIPCR, Prcb.FeatureBits),
//OFFSET(PcNmiActive, KIPCR, Prcb.NmiActive),
//OFFSET(PcDeepSleep, KIPCR, Prcb.DeepSleep),
SIZE(ProcessorControlRegisterLength, KIPCR),
HEADER("KPROCESSOR_STATE"),
HEADER("KPROCESSOR_START_BLOCK offsets"),
OFFSET(PsbCompletionFlag, KPROCESSOR_START_BLOCK, CompletionFlag),
OFFSET(PsbFlags, KPROCESSOR_START_BLOCK, Flags),
OFFSET(PsbGdt32, KPROCESSOR_START_BLOCK, Gdt32),
OFFSET(PsbIdt32, KPROCESSOR_START_BLOCK, Idt32),
OFFSET(PsbGdt, KPROCESSOR_START_BLOCK, Gdt),
OFFSET(PsbTiledMemoryMap, KPROCESSOR_START_BLOCK, TiledMemoryMap),
OFFSET(PsbPmTarget, KPROCESSOR_START_BLOCK, PmTarget),
OFFSET(PsbLmIdentityTarget, KPROCESSOR_START_BLOCK, LmIdentityTarget),
OFFSET(PsbLmTarget, KPROCESSOR_START_BLOCK, LmTarget),
OFFSET(PsbSelfMap, KPROCESSOR_START_BLOCK, SelfMap),
OFFSET(PsbMsrPat, KPROCESSOR_START_BLOCK, MsrPat),
OFFSET(PsbMsrEFER, KPROCESSOR_START_BLOCK, MsrEFER),
OFFSET(PsbProcessorState, KPROCESSOR_START_BLOCK, ProcessorState),
SIZE(ProcessorStartBlockLength, KPROCESSOR_START_BLOCK),
CONSTANT(PROCESSOR_START_FLAG_FORCE_ENABLE_NX),
HEADER("KPROCESSOR_STATE offsets"),
OFFSET(PsSpecialRegisters, KPROCESSOR_STATE, SpecialRegisters),
OFFSET(PsCr0, KPROCESSOR_STATE, SpecialRegisters.Cr0),
OFFSET(PsCr2, KPROCESSOR_STATE, SpecialRegisters.Cr2),
@ -444,6 +656,13 @@ OFFSET(PsIdtr, KPROCESSOR_STATE, SpecialRegisters.Idtr),
OFFSET(PsTr, KPROCESSOR_STATE, SpecialRegisters.Tr),
OFFSET(PsLdtr, KPROCESSOR_STATE, SpecialRegisters.Ldtr),
OFFSET(PsMxCsr, KPROCESSOR_STATE, SpecialRegisters.MxCsr),
//OFFSET(PsMsrGsBase, KPROCESSOR_STATE, MsrGsBase),
//OFFSET(PsMsrGsSwap, KPROCESSOR_STATE, MsrGsSwap),
//OFFSET(PsMsrStar, KPROCESSOR_STATE, MsrStar),
//OFFSET(PsMsrLStar, KPROCESSOR_STATE, MsrLStar),
//OFFSET(PsMsrCStar, KPROCESSOR_STATE, MsrCStar),
//OFFSET(PsMsrSyscallMask, KPROCESSOR_STATE, MsrSyscallMask),
//OFFSET(PsXcr0, KPROCESSOR_STATE, Xcr0),
OFFSET(PsContextFrame, KPROCESSOR_STATE, ContextFrame),
OFFSET(PsDebugControl, KPROCESSOR_STATE, SpecialRegisters.DebugControl),
OFFSET(PsLastBranchToRip, KPROCESSOR_STATE, SpecialRegisters.LastBranchToRip),
@ -478,8 +697,9 @@ OFFSET(SrMsrStar, KSPECIAL_REGISTERS, MsrStar),
OFFSET(SrMsrLStar, KSPECIAL_REGISTERS, MsrLStar),
OFFSET(SrMsrCStar, KSPECIAL_REGISTERS, MsrCStar),
OFFSET(SrMsrSyscallMask, KSPECIAL_REGISTERS, MsrSyscallMask),
//OFFSET(SrXcr0, KSPECIAL_REGISTERS, Xcr0),
HEADER("KSYSTEM_TIME"),
HEADER("KSYSTEM_TIME"), // obsolete in win 10
OFFSET(StLowTime, KSYSTEM_TIME, LowPart),
OFFSET(StHigh1Time, KSYSTEM_TIME, High1Time),
OFFSET(StHigh2Time, KSYSTEM_TIME, High2Time),
@ -492,6 +712,239 @@ OFFSET(SwReturn, KSWITCH_FRAME, Return),
SIZE(SwitchFrameLength, KSWITCH_FRAME),
SIZE(KSWITCH_FRAME_LENGTH, KSWITCH_FRAME),
#if (NTDDI_VERSION >= NTDDI_WIN7)
HEADER("KTIMER_TABLE offsets"), // not in win 10
OFFSET(TtEntry, KTIMER_TABLE, TimerEntries),
OFFSET(TtTime, KTIMER_TABLE_ENTRY, Time),
SIZE(TIMER_ENTRY_SIZE, KTIMER_TABLE_ENTRY),
SIZE(TIMER_TABLE_SIZE, KTIMER_TABLE),
SIZE(KTIMER_TABLE_SIZE, KTIMER_TABLE),
#endif
#if 0 // FIXME: reloffset???
HEADER("KTRAP_FRAME offsets"),
OFFSET(TrP1Home, KTRAP_FRAME, TrP1Home),
TrP2Home, KTRAP_FRAME, TrP1Home),
TrP3Home, KTRAP_FRAME, TrP1Home),
TrP4Home, KTRAP_FRAME, TrP1Home),
TrP5, KTRAP_FRAME, TrP1Home),
TrPreviousMode, KTRAP_FRAME, TrP1Home),
TrPreviousIrql, KTRAP_FRAME, TrP1Home),
TrFaultIndicator, KTRAP_FRAME, TrP1Home),
TrExceptionActive, KTRAP_FRAME, TrP1Home),
TrMxCsr, KTRAP_FRAME, TrP1Home),
TrRax equ 0FFFFFFB0H
TrRcx equ 0FFFFFFB8H
TrRdx equ 0FFFFFFC0H
TrR8 equ 0FFFFFFC8H
TrR9 equ 0FFFFFFD0H
TrR10 equ 0FFFFFFD8H
TrR11 equ 0FFFFFFE0H
TrGsBase equ 0FFFFFFE8H
TrGsSwap equ 0FFFFFFE8H
TrXmm0 equ 0FFFFFFF0H
TrXmm1 equ 00000H
TrXmm2 equ 00010H
TrXmm3 equ 00020H
TrXmm4 equ 00030H
TrXmm5 equ 00040H
TrFaultAddress equ 00050H
TrDr0 equ 00058H
TrDr1 equ 00060H
TrDr2 equ 00068H
TrDr3 equ 00070H
TrDr6 equ 00078H
TrDr7 equ 00080H
TrDebugControl equ 00088H
TrLastBranchToRip equ 00090H
TrLastBranchFromRip equ 00098H
TrLastExceptionToRip equ 000A0H
TrLastExceptionFromRip equ 000A8H
TrSegDs equ 000B0H
TrSegEs equ 000B2H
TrSegFs equ 000B4H
TrSegGs equ 000B6H
TrTrapFrame equ 000B8H
TrRbx equ 000C0H
TrRdi equ 000C8H
TrRsi equ 000D0H
TrRbp equ 000D8H
TrErrorCode equ 000E0H
TrRip equ 000E8H
TrSegCs equ 000F0H
TrLogging equ 000F3H
TrEFlags equ 000F8H
TrRsp equ 00100H
TrSegSs equ 00108H
SIZE(KTRAP_FRAME_LENGTH, KTRAP_FRAME),
#endif
HEADER("KTSS offsets"),
OFFSET(TssRsp0, KTSS64, Rsp0),
OFFSET(TssRsp1, KTSS64, Rsp1),
OFFSET(TssRsp2, KTSS64, Rsp2),
OFFSET(TssPanicStack, KTSS64, Ist[1]),
OFFSET(TssMcaStack, KTSS64, Ist[2]),
OFFSET(TssNmiStack, KTSS64, Ist[3]),
OFFSET(TssIoMapBase, KTSS64, IoMapBase),
SIZE(TssLength, KTSS64),
#if (NTDDI_VERSION >= NTDDI_WIN7)
HEADER("RTL_UMS_CONTEXT offsets"),
OFFSET(UcLink, RTL_UMS_CONTEXT, Link),
OFFSET(UcContext, RTL_UMS_CONTEXT, Context),
OFFSET(UcTeb, RTL_UMS_CONTEXT, Teb),
OFFSET(UcFlags, RTL_UMS_CONTEXT, Flags),
OFFSET(UcContextLock, RTL_UMS_CONTEXT, ContextLock),
OFFSET(UcPrimaryUmsContext, RTL_UMS_CONTEXT, PrimaryUmsContext),
SIZE(RTL_UMS_CONTEXT_LENGTH, RTL_UMS_CONTEXT),
HEADER("KUMS_CONTEXT_HEADER offsets"),
OFFSET(UchStackTop, KUMS_CONTEXT_HEADER, StackTop),
OFFSET(UchStackSize, KUMS_CONTEXT_HEADER, StackTop),
OFFSET(UchRspOffset, KUMS_CONTEXT_HEADER, StackTop),
OFFSET(UchRip, KUMS_CONTEXT_HEADER, StackTop),
OFFSET(UchFltSave, KUMS_CONTEXT_HEADER, StackTop),
OFFSET(UchFlags, KUMS_CONTEXT_HEADER, StackTop),
OFFSET(UchTrapFrame, KUMS_CONTEXT_HEADER, StackTop),
OFFSET(UchExceptionFrame, KUMS_CONTEXT_HEADER, StackTop),
SIZE(KUMS_CONTEXT_HEADER_LENGTH, KUMS_CONTEXT_HEADER),
HEADER("UMS_CONTROL_BLOCK offsets"),
OFFSET(UcbUmsTeb, UMS_CONTROL_BLOCK, UmsTeb),
#endif
HEADER("XSTATE_CONFIGURATION offsets"),
OFFSET(XcfgEnabledFeatures, XSTATE_CONFIGURATION, EnabledFeatures),
#if (NTDDI_VERSION >= NTDDI_WIN10)
OFFSET(XcfgEnabledVolatileFeatures, XSTATE_CONFIGURATION, EnabledFeatures),
#endif
HEADER("XSTATE_CONTEXT offsets"),
OFFSET(XctxMask, XSTATE_CONTEXT, Mask),
OFFSET(XctxLength, XSTATE_CONTEXT, Length),
OFFSET(XctxArea, XSTATE_CONTEXT, Area),
HEADER("XSAVE_AREA offsets"),
OFFSET(XsaHeader, XSAVE_AREA, Header),
SIZE(XsaHeaderLength, XSAVE_AREA_HEADER),
CONSTANTX(XSAVE_ALIGN, _alignof(XSAVE_AREA)),
//CONSTANT(CFlushSize),
HEADER("KTHREAD offsets"),
#if (NTDDI_VERSION >= NTDDI_VISTA)
OFFSET(ThTebMappedLowVa, KTHREAD, TebMappedLowVa),
OFFSET(ThUcb, KTHREAD, Ucb),
//OFFSET(ThBase, KTHREAD, Base?),
//OFFSET(ThLimit, KTHREAD, Limit?),
#endif
#if (NTDDI_VERSION >= NTDDI_VISTA)
HEADER("KPROCESS offsets"),
OFFSET(PrLdtSystemDescriptor, KPROCESS, LdtSystemDescriptor),
OFFSET(PrLdtBaseAddress, KPROCESS, LdtBaseAddress),
#endif
/// ROS definitions
HEADER("CONTEXT"),
OFFSET(CONTEXT_P1Home, CONTEXT, P1Home),
OFFSET(CONTEXT_P2Home, CONTEXT, P2Home),
OFFSET(CONTEXT_P3Home, CONTEXT, P3Home),
OFFSET(CONTEXT_P4Home, CONTEXT, P4Home),
OFFSET(CONTEXT_P5Home, CONTEXT, P5Home),
OFFSET(CONTEXT_P6Home, CONTEXT, P6Home),
OFFSET(CONTEXT_ContextFlags, CONTEXT, ContextFlags),
OFFSET(CONTEXT_MxCsr, CONTEXT, MxCsr),
OFFSET(CONTEXT_SegCs, CONTEXT, SegCs),
OFFSET(CONTEXT_SegDs, CONTEXT, SegDs),
OFFSET(CONTEXT_SegEs, CONTEXT, SegEs),
OFFSET(CONTEXT_SegFs, CONTEXT, SegFs),
OFFSET(CONTEXT_SegGs, CONTEXT, SegGs),
OFFSET(CONTEXT_SegSs, CONTEXT, SegSs),
OFFSET(CONTEXT_EFlags, CONTEXT, EFlags),
OFFSET(CONTEXT_Dr0, CONTEXT, Dr0),
OFFSET(CONTEXT_Dr1, CONTEXT, Dr1),
OFFSET(CONTEXT_Dr2, CONTEXT, Dr2),
OFFSET(CONTEXT_Dr3, CONTEXT, Dr3),
OFFSET(CONTEXT_Dr6, CONTEXT, Dr6),
OFFSET(CONTEXT_Dr7, CONTEXT, Dr7),
OFFSET(CONTEXT_Rax, CONTEXT, Rax),
OFFSET(CONTEXT_Rcx, CONTEXT, Rcx),
OFFSET(CONTEXT_Rdx, CONTEXT, Rdx),
OFFSET(CONTEXT_Rbx, CONTEXT, Rbx),
OFFSET(CONTEXT_Rsp, CONTEXT, Rsp),
OFFSET(CONTEXT_Rbp, CONTEXT, Rbp),
OFFSET(CONTEXT_Rsi, CONTEXT, Rsi),
OFFSET(CONTEXT_Rdi, CONTEXT, Rdi),
OFFSET(CONTEXT_R8, CONTEXT, R8),
OFFSET(CONTEXT_R9, CONTEXT, R9),
OFFSET(CONTEXT_R10, CONTEXT, R10),
OFFSET(CONTEXT_R11, CONTEXT, R11),
OFFSET(CONTEXT_R12, CONTEXT, R12),
OFFSET(CONTEXT_R13, CONTEXT, R13),
OFFSET(CONTEXT_R14, CONTEXT, R14),
OFFSET(CONTEXT_R15, CONTEXT, R15),
OFFSET(CONTEXT_Rip, CONTEXT, Rip),
OFFSET(CONTEXT_FltSave, CONTEXT, FltSave),
OFFSET(CONTEXT_Xmm0, CONTEXT, Xmm0),
OFFSET(CONTEXT_Xmm1, CONTEXT, Xmm1),
OFFSET(CONTEXT_Xmm2, CONTEXT, Xmm2),
OFFSET(CONTEXT_Xmm3, CONTEXT, Xmm3),
OFFSET(CONTEXT_Xmm4, CONTEXT, Xmm4),
OFFSET(CONTEXT_Xmm5, CONTEXT, Xmm5),
OFFSET(CONTEXT_Xmm6, CONTEXT, Xmm6),
OFFSET(CONTEXT_Xmm7, CONTEXT, Xmm7),
OFFSET(CONTEXT_Xmm8, CONTEXT, Xmm8),
OFFSET(CONTEXT_Xmm9, CONTEXT, Xmm9),
OFFSET(CONTEXT_Xmm10, CONTEXT, Xmm10),
OFFSET(CONTEXT_Xmm11, CONTEXT, Xmm11),
OFFSET(CONTEXT_Xmm12, CONTEXT, Xmm12),
OFFSET(CONTEXT_Xmm13, CONTEXT, Xmm13),
OFFSET(CONTEXT_Xmm14, CONTEXT, Xmm14),
OFFSET(CONTEXT_Xmm15, CONTEXT, Xmm15),
OFFSET(CONTEXT_DebugControl, CONTEXT, DebugControl),
OFFSET(CONTEXT_LastBranchToRip, CONTEXT, LastBranchToRip),
OFFSET(CONTEXT_LastBranchFromRip, CONTEXT, LastBranchFromRip),
OFFSET(CONTEXT_LastExceptionToRip, CONTEXT, LastExceptionToRip),
OFFSET(CONTEXT_LastExceptionFromRip, CONTEXT, LastExceptionFromRip),
OFFSET(CONTEXT_VectorControl, CONTEXT, VectorControl),
OFFSET(CONTEXT_VectorRegister, CONTEXT, VectorRegister),
SIZE(CONTEXT_FRAME_LENGTH, CONTEXT),
HEADER("KEXCEPTION_FRAME"),
OFFSET(KEXCEPTION_FRAME_P1Home, KEXCEPTION_FRAME, P1Home),
OFFSET(KEXCEPTION_FRAME_P2Home, KEXCEPTION_FRAME, P2Home),
OFFSET(KEXCEPTION_FRAME_P3Home, KEXCEPTION_FRAME, P3Home),
OFFSET(KEXCEPTION_FRAME_P4Home, KEXCEPTION_FRAME, P4Home),
OFFSET(KEXCEPTION_FRAME_P5, KEXCEPTION_FRAME, P5),
OFFSET(KEXCEPTION_FRAME_Xmm6, KEXCEPTION_FRAME, Xmm6),
OFFSET(KEXCEPTION_FRAME_Xmm7, KEXCEPTION_FRAME, Xmm7),
OFFSET(KEXCEPTION_FRAME_Xmm8, KEXCEPTION_FRAME, Xmm8),
OFFSET(KEXCEPTION_FRAME_Xmm9, KEXCEPTION_FRAME, Xmm9),
OFFSET(KEXCEPTION_FRAME_Xmm10, KEXCEPTION_FRAME, Xmm10),
OFFSET(KEXCEPTION_FRAME_Xmm11, KEXCEPTION_FRAME, Xmm11),
OFFSET(KEXCEPTION_FRAME_Xmm12, KEXCEPTION_FRAME, Xmm12),
OFFSET(KEXCEPTION_FRAME_Xmm13, KEXCEPTION_FRAME, Xmm13),
OFFSET(KEXCEPTION_FRAME_Xmm14, KEXCEPTION_FRAME, Xmm14),
OFFSET(KEXCEPTION_FRAME_Xmm15, KEXCEPTION_FRAME, Xmm15),
OFFSET(KEXCEPTION_FRAME_MxCsr, KEXCEPTION_FRAME, MxCsr),
OFFSET(KEXCEPTION_FRAME_Rbp, KEXCEPTION_FRAME, Rbp),
OFFSET(KEXCEPTION_FRAME_Rbx, KEXCEPTION_FRAME, Rbx),
OFFSET(KEXCEPTION_FRAME_Rdi, KEXCEPTION_FRAME, Rdi),
OFFSET(KEXCEPTION_FRAME_Rsi, KEXCEPTION_FRAME, Rsi),
OFFSET(KEXCEPTION_FRAME_R12, KEXCEPTION_FRAME, R12),
OFFSET(KEXCEPTION_FRAME_R13, KEXCEPTION_FRAME, R13),
OFFSET(KEXCEPTION_FRAME_R14, KEXCEPTION_FRAME, R14),
OFFSET(KEXCEPTION_FRAME_R15, KEXCEPTION_FRAME, R15),
OFFSET(KEXCEPTION_FRAME_Return, KEXCEPTION_FRAME, Return),
OFFSET(KEXCEPTION_FRAME_TrapFrame, KEXCEPTION_FRAME, TrapFrame),
OFFSET(KEXCEPTION_FRAME_OutputBuffer, KEXCEPTION_FRAME, OutputBuffer),
OFFSET(KEXCEPTION_FRAME_OutputLength, KEXCEPTION_FRAME, OutputLength),
SIZE(KEXCEPTION_FRAME_LENGTH, KEXCEPTION_FRAME),
HEADER("KTRAP_FRAME"),
OFFSET(KTRAP_FRAME_P1Home, KTRAP_FRAME, P1Home),
OFFSET(KTRAP_FRAME_P2Home, KTRAP_FRAME, P2Home),
@ -553,25 +1006,6 @@ OFFSET(KTRAP_FRAME_SegSs, KTRAP_FRAME, SegSs),
OFFSET(KTRAP_FRAME_CodePatchCycle, KTRAP_FRAME, CodePatchCycle),
SIZE(KTRAP_FRAME_LENGTH, KTRAP_FRAME),
#if (NTDDI_VERSION >= NTDDI_WIN7)
HEADER("KTIMER_TABLE"),
OFFSET(TtEntry, KTIMER_TABLE, TimerEntries),
OFFSET(TtTime, KTIMER_TABLE_ENTRY, Time),
SIZE(TIMER_ENTRY_SIZE, KTIMER_TABLE_ENTRY),
SIZE(TIMER_TABLE_SIZE, KTIMER_TABLE),
SIZE(KTIMER_TABLE_SIZE, KTIMER_TABLE),
#endif
HEADER("KTSS"),
OFFSET(TssRsp0, KTSS64, Rsp0),
OFFSET(TssRsp1, KTSS64, Rsp1),
OFFSET(TssRsp2, KTSS64, Rsp2),
OFFSET(TssPanicStack, KTSS64, Ist[1]),
OFFSET(TssMcaStack, KTSS64, Ist[2]),
OFFSET(TssNmiStack, KTSS64, Ist[3]),
OFFSET(TssIoMapBase, KTSS64, IoMapBase),
SIZE(TssLength, KTSS64),
HEADER("EXCEPTION_RECORD"),
OFFSET(EXCEPTION_RECORD_ExceptionCode, EXCEPTION_RECORD, ExceptionCode),
OFFSET(EXCEPTION_RECORD_ExceptionFlags, EXCEPTION_RECORD, ExceptionFlags),
@ -588,7 +1022,6 @@ OFFSET(KTHREAD_KernelStack, KTHREAD, KernelStack),
OFFSET(KTHREAD_UserApcPending, KTHREAD, ApcState.UserApcPending),
HEADER("KINTERRUPT"),
OFFSET(KINTERRUPT_Type, KINTERRUPT, Type),
OFFSET(KINTERRUPT_Size, KINTERRUPT, Size),
OFFSET(KINTERRUPT_InterruptListEntry, KINTERRUPT, InterruptListEntry),
@ -610,3 +1043,4 @@ OFFSET(KINTERRUPT_ServiceCount, KINTERRUPT, ServiceCount),
OFFSET(KINTERRUPT_DispatchCount, KINTERRUPT, DispatchCount),
OFFSET(KINTERRUPT_TrapFrame, KINTERRUPT, TrapFrame),
OFFSET(KINTERRUPT_DispatchCode, KINTERRUPT, DispatchCode),

773
reactos/include/asm/ksarm.template.h
View file

@ -4,102 +4,701 @@ RAW("#include <kxarm.h>"),
RAW(""),
HEADER("CPSR Values"),
CONSTANT(CPSR_THUMB_ENABLE),
CONSTANT(CPSR_FIQ_DISABLE),
CONSTANT(CPSR_IRQ_DISABLE),
CONSTANT(CPSR_USER_MODE),
CONSTANT(CPSR_FIQ_MODE),
CONSTANT(CPSR_IRQ_MODE),
CONSTANT(CPSR_SVC_MODE),
CONSTANT(CPSR_ABORT_MODE),
CONSTANT(CPSR_UND_MODE),
CONSTANT(CPSR_MODES),
CONSTANT(CPSRM_USER),
CONSTANT(CPSRM_FIQ),
CONSTANT(CPSRM_INT),
CONSTANT(CPSRM_SVC),
CONSTANT(CPSRM_ABT),
CONSTANT(CPSRM_UDF),
CONSTANT(CPSRM_SYS),
CONSTANT(CPSRM_MASK),
CONSTANT(SYSCALL_PSR),
HEADER("C1 Register Values"),
CONSTANT(C1_MMU_CONTROL),
CONSTANT(C1_ALIGNMENT_CONTROL),
CONSTANT(C1_DCACHE_CONTROL),
CONSTANT(C1_ICACHE_CONTROL),
CONSTANT(C1_VECTOR_CONTROL),
CONSTANT(CPSRF_N), // 0x80000000
CONSTANT(CPSRF_Z), // 0x40000000
CONSTANT(CPSRF_C), // 0x20000000
CONSTANT(CPSRF_V), // 0x10000000
CONSTANT(CPSRF_Q), // 0x8000000
CONSTANT(CPSR_IT_MASK), // 0x600fc00
HEADER("Loader Parameter Block Offsets"),
OFFSET(LpbKernelStack, LOADER_PARAMETER_BLOCK, KernelStack),
OFFSET(LpbPanicStack, LOADER_PARAMETER_BLOCK, u.Arm.PanicStack),
OFFSET(LpbInterruptStack, LOADER_PARAMETER_BLOCK, u.Arm.InterruptStack),
CONSTANT(FPSCRF_N), // 0x80000000
CONSTANT(FPSCRF_Z), // 0x40000000
CONSTANT(FPSCRF_C), // 0x20000000
CONSTANT(FPSCRF_V), // 0x10000000
CONSTANT(FPSCRF_QC), // 0x8000000
HEADER("Trap Frame offsets"),
OFFSET(TrDbgArgMark, KTRAP_FRAME, DbgArgMark),
OFFSET(TrR0, KTRAP_FRAME, R0),
OFFSET(TrR1, KTRAP_FRAME, R1),
OFFSET(TrR2, KTRAP_FRAME, R2),
OFFSET(TrR3, KTRAP_FRAME, R3),
OFFSET(TrR4, KTRAP_FRAME, R4),
OFFSET(TrR5, KTRAP_FRAME, R5),
OFFSET(TrR6, KTRAP_FRAME, R6),
OFFSET(TrR7, KTRAP_FRAME, R7),
OFFSET(TrR8, KTRAP_FRAME, R8),
OFFSET(TrR9, KTRAP_FRAME, R9),
OFFSET(TrR10, KTRAP_FRAME, R10),
OFFSET(TrR11, KTRAP_FRAME, R11),
OFFSET(TrR12, KTRAP_FRAME, R12),
OFFSET(TrUserSp, KTRAP_FRAME, UserSp),
OFFSET(TrUserLr, KTRAP_FRAME, UserLr),
OFFSET(TrSvcSp, KTRAP_FRAME, SvcSp),
OFFSET(TrSvcLr, KTRAP_FRAME, SvcLr),
OFFSET(TrPc, KTRAP_FRAME, Pc),
OFFSET(TrSpsr, KTRAP_FRAME, Spsr),
SIZE(TrapFrameLength, KTRAP_FRAME),
CONSTANT(FPSCRM_AHP), // 0x4000000
CONSTANT(FPSCRM_DN), // 0x2000000
CONSTANT(FPSCRM_FZ), // 0x1000000
CONSTANT(FPSCRM_RMODE_MASK), // 0xc00000
CONSTANT(FPSCRM_RMODE_RN), // 0x0
CONSTANT(FPSCRM_RMODE_RP), // 0x400000
CONSTANT(FPSCRM_RMODE_RM), // 0x800000
CONSTANT(FPSCRM_RMODE_RZ), // 0xc00000
CONSTANT(FPSCRM_DEPRECATED), // 0x370000
HEADER("Exception Frame offsets"),
OFFSET(ExR4, KEXCEPTION_FRAME, R4),
OFFSET(ExR5, KEXCEPTION_FRAME, R5),
OFFSET(ExR6, KEXCEPTION_FRAME, R6),
OFFSET(ExR7, KEXCEPTION_FRAME, R7),
OFFSET(ExR8, KEXCEPTION_FRAME, R8),
OFFSET(ExR9, KEXCEPTION_FRAME, R9),
OFFSET(ExR10, KEXCEPTION_FRAME, R10),
OFFSET(ExR11, KEXCEPTION_FRAME, R11),
OFFSET(ExLr, KEXCEPTION_FRAME, Lr),
OFFSET(ExSpsr, KEXCEPTION_FRAME, Psr), // name?
SIZE(ExceptionFrameLength, KEXCEPTION_FRAME),
CONSTANT(FPSCR_IDE), // 0x8000
CONSTANT(FPSCR_IXE), // 0x1000
CONSTANT(FPSCR_UFE), // 0x800
CONSTANT(FPSCR_OFE), // 0x400
CONSTANT(FPSCR_DZE), // 0x200
CONSTANT(FPSCR_IOE), // 0x100
CONSTANT(FPSCR_IDC), // 0x80
CONSTANT(FPSCR_IXC), // 0x10
CONSTANT(FPSCR_UFC), // 0x8
CONSTANT(FPSCR_OFC), // 0x4
CONSTANT(FPSCR_DZC), // 0x2
CONSTANT(FPSCR_IOC), // 0x1
HEADER("PCR"),
CONSTANTX(KiPcr, 0xFFFFF000),
CONSTANT(CPSRC_INT), // 0x80
CONSTANT(CPSRC_ABORT), // 0x100
CONSTANT(CPSRC_THUMB), // 0x20
HEADER("PCR Offsets"),
//OFFSET(PcCurrentIrql, KPCR, CurrentIrql),
CONSTANT(SWFS_PAGE_FAULT), // 0x10
CONSTANT(SWFS_ALIGN_FAULT), // 0x20
CONSTANT(SWFS_HWERR_FAULT), // 0x40
CONSTANT(SWFS_DEBUG_FAULT), // 0x80
CONSTANT(SWFS_EXECUTE), // 0x8
CONSTANT(SWFS_WRITE), // 0x1
HEADER("KTHREAD Offsets"),
OFFSET(ThKernelStack, KTHREAD, KernelStack),
CONSTANT(CP14_DBGDSCR_MOE_MASK), // 0x3c
CONSTANT(CP14_DBGDSCR_MOE_SHIFT), // 0x2
CONSTANT(CP14_DBGDSCR_MOE_HALT), // 0x0
CONSTANT(CP14_DBGDSCR_MOE_BP), // 0x1
CONSTANT(CP14_DBGDSCR_MOE_WPASYNC), // 0x2
CONSTANT(CP14_DBGDSCR_MOE_BKPT), // 0x3
CONSTANT(CP14_DBGDSCR_MOE_EXTERNAL), // 0x4
CONSTANT(CP14_DBGDSCR_MOE_VECTOR), // 0x5
CONSTANT(CP14_DBGDSCR_MOE_WPSYNC), // 0xa
HEADER("CONTEXT Offsets"),
OFFSET(CsContextFlags, CONTEXT, ContextFlags),
OFFSET(CsR0, CONTEXT, R0),
OFFSET(CsR1, CONTEXT, R1),
OFFSET(CsR2, CONTEXT, R2),
OFFSET(CsR3, CONTEXT, R3),
OFFSET(CsR4, CONTEXT, R4),
OFFSET(CsR5, CONTEXT, R5),
OFFSET(CsR6, CONTEXT, R6),
OFFSET(CsR7, CONTEXT, R7),
OFFSET(CsR8, CONTEXT, R8),
OFFSET(CsR9, CONTEXT, R9),
OFFSET(CsR10, CONTEXT, R10),
OFFSET(CsR11, CONTEXT, R11),
OFFSET(CsR12, CONTEXT, R12),
OFFSET(CsSp, CONTEXT, Sp),
OFFSET(CsLr, CONTEXT, Lr),
OFFSET(CsPc, CONTEXT, Pc),
OFFSET(CsCpsr, CONTEXT, Cpsr),
CONSTANT(CONTEXT_FULL),
CONSTANT(CP15_PMCR_DP), // 0x20
CONSTANT(CP15_PMCR_X), // 0x10
CONSTANT(CP15_PMCR_CLKCNT_DIV), // 0x8
CONSTANT(CP15_PMCR_CLKCNT_RST), // 0x4
CONSTANT(CP15_PMCR_CNT_RST), // 0x2
CONSTANT(CP15_PMCR_ENABLE), // 0x1
HEADER("DebugService Control Types"),
CONSTANT(BREAKPOINT_BREAK),
CONSTANT(BREAKPOINT_PRINT),
CONSTANT(BREAKPOINT_PROMPT),
CONSTANT(BREAKPOINT_LOAD_SYMBOLS),
CONSTANT(BREAKPOINT_UNLOAD_SYMBOLS),
CONSTANT(BREAKPOINT_COMMAND_STRING),
//CONSTANT(BREAKPOINT_HW_SYNCH_WATCH), // 0x6
//CONSTANT(BREAKPOINT_HW_ASYNCH_WATCH), // 0x7
//CONSTANT(BREAKPOINT_HW_BREAK), // 0x8
// Handle table entry definition (FIXME: since win10, portable?)
#if (NTDDI_VERSION >= NTDDI_WIN10)
HEADER("Handle table entry definition"),
#define EXHANDLE_TABLE_ENTRY_LOCK 0x1
#define EXHANDLE_REFERENCE_SHIFT 0x1b
#define EXHANDLE_REF_ACQUIRE_LOCK 0xffffffff
#define EXHANDLE_REPLENISH_REFS 0x8
#define EXHANDLE_CACHED_REFS 0x1f
#endif
HEADER("Other constants"),
CONSTANT(PAGE_SHIFT),
//CONSTANT(PTE_TOP),
//CONSTANT(TRANSITION_ASID),
CONSTANT(KI_EXCEPTION_INTERNAL), // 0x10000000
//CONSTANT(KI_EXCEPTION_HARDWARE_ERROR), // 0x10000005
HEADER("CONTEXT Offsets"),
OFFSET(CxContextFlags, CONTEXT, ContextFlags), // 0x0
OFFSET(CxR0, CONTEXT, R0), // 0x4
OFFSET(CxR1, CONTEXT, R1), // 0x8
OFFSET(CxR2, CONTEXT, R2), // 0xc
OFFSET(CxR3, CONTEXT, R3), // 0x10
OFFSET(CxR4, CONTEXT, R4), // 0x14
OFFSET(CxR5, CONTEXT, R5), // 0x18
OFFSET(CxR6, CONTEXT, R6), // 0x1c
OFFSET(CxR7, CONTEXT, R7), // 0x20
OFFSET(CxR8, CONTEXT, R8), // 0x24
OFFSET(CxR9, CONTEXT, R9), // 0x28
OFFSET(CxR10, CONTEXT, R10), // 0x2c
OFFSET(CxR11, CONTEXT, R11), // 0x30
OFFSET(CxR12, CONTEXT, R12), // 0x34
OFFSET(CxSp, CONTEXT, Sp), // 0x38
OFFSET(CxLr, CONTEXT, Lr), // 0x3c
OFFSET(CxPc, CONTEXT, Pc), // 0x40
OFFSET(CxCpsr, CONTEXT, Cpsr), // 0x44
OFFSET(CxFpscr, CONTEXT, Fpscr), // 0x48
OFFSET(CxQ, CONTEXT, Q), // 0x50
OFFSET(CxD, CONTEXT, D), // 0x50
OFFSET(CxS, CONTEXT, S), // 0x50
OFFSET(CxD8, CONTEXT, D[8]), // 0x90
OFFSET(CxBvr, CONTEXT, Bvr), // 0x150
OFFSET(CxBcr, CONTEXT, Bcr), // 0x170
OFFSET(CxWvr, CONTEXT, Wvr), // 0x190
OFFSET(CxWcr, CONTEXT, Wcr), // 0x194
SIZE(CONTEXT_FRAME_LENGTH, CONTEXT), // 0x1a0
//CONSTANT(CONTEXT_ALIGN, __alignof(CONTEXT)),
HEADER("_JUMP_BUFFER offsets"),
OFFSET(JbFrame, _JUMP_BUFFER, Frame), // 0x0
OFFSET(JbR4, _JUMP_BUFFER, R4), // 0x4
OFFSET(JbR5, _JUMP_BUFFER, R5), // 0x8
OFFSET(JbR6, _JUMP_BUFFER, R6), // 0xc
OFFSET(JbR7, _JUMP_BUFFER, R7), // 0x10
OFFSET(JbR8, _JUMP_BUFFER, R8), // 0x14
OFFSET(JbR9, _JUMP_BUFFER, R9), // 0x18
OFFSET(JbR10, _JUMP_BUFFER, R10), // 0x1c
OFFSET(JbR11, _JUMP_BUFFER, R11), // 0x20
OFFSET(JbSp, _JUMP_BUFFER, Sp), // 0x24
OFFSET(JbPc, _JUMP_BUFFER, Pc), // 0x28
OFFSET(JbFpscr, _JUMP_BUFFER, Fpscr), // 0x2c
OFFSET(JbD, _JUMP_BUFFER, D), // 0x30
HEADER("DISPATCHER_CONTEXT offsets"),
OFFSET(DcControlPc, DISPATCHER_CONTEXT, ControlPc), // 0x0
OFFSET(DcImageBase, DISPATCHER_CONTEXT, ImageBase), // 0x4
OFFSET(DcFunctionEntry, DISPATCHER_CONTEXT, FunctionEntry), // 0x8
OFFSET(DcEstablisherFrame, DISPATCHER_CONTEXT, EstablisherFrame), // 0xc
OFFSET(DcTargetPc, DISPATCHER_CONTEXT, TargetPc), // 0x10
OFFSET(DcContextRecord, DISPATCHER_CONTEXT, ContextRecord), // 0x14
OFFSET(DcLanguageHandler, DISPATCHER_CONTEXT, LanguageHandler), // 0x18
OFFSET(DcHandlerData, DISPATCHER_CONTEXT, HandlerData), // 0x1c
OFFSET(DcHistoryTable, DISPATCHER_CONTEXT, HistoryTable), // 0x20
OFFSET(DcScopeIndex, DISPATCHER_CONTEXT, ScopeIndex), // 0x24
OFFSET(DcControlPcIsUnwound, DISPATCHER_CONTEXT, ControlPcIsUnwound), // 0x28
OFFSET(DcNonVolatileRegisters, DISPATCHER_CONTEXT, NonVolatileRegisters), // 0x2c
OFFSET(DcReserved, DISPATCHER_CONTEXT, Reserved), // 0x30
HEADER("Trap Frame offsets"),
OFFSET(TrArg3, KTRAP_FRAME, Arg3), // 0x0
OFFSET(TrFaultStatus, KTRAP_FRAME, FaultStatus), // 0x4
OFFSET(TrFaultAddress, KTRAP_FRAME, FaultAddress), // 0x8
OFFSET(TrTrapFrame, KTRAP_FRAME, TrapFrame), // 0x8
OFFSET(TrReserved, KTRAP_FRAME, Reserved), // 0xc
OFFSET(TrExceptionActive, KTRAP_FRAME, ExceptionActive), // 0x10
OFFSET(TrPreviousMode, KTRAP_FRAME, PreviousMode), // 0x13
OFFSET(TrDebugRegistersValid, KTRAP_FRAME, DebugRegistersValid), // 0x12
OFFSET(TrBvr, KTRAP_FRAME, Bvr), // 0x18
OFFSET(TrBcr, KTRAP_FRAME, Bcr), // 0x38
OFFSET(TrWvr, KTRAP_FRAME, Wvr), // 0x58
OFFSET(TrWcr, KTRAP_FRAME, Wcr), // 0x5c
OFFSET(TrVfpState, KTRAP_FRAME, VfpState), // 0x14
OFFSET(TrR0, KTRAP_FRAME, R0), // 0x60
OFFSET(TrR1, KTRAP_FRAME, R1), // 0x64
OFFSET(TrR2, KTRAP_FRAME, R2), // 0x68
OFFSET(TrR3, KTRAP_FRAME, R3), // 0x6c
OFFSET(TrR12, KTRAP_FRAME, R12), // 0x70
OFFSET(TrSp, KTRAP_FRAME, Sp), // 0x74
OFFSET(TrLr, KTRAP_FRAME, Lr), // 0x78
OFFSET(TrR11, KTRAP_FRAME, R11), // 0x7c
OFFSET(TrPc, KTRAP_FRAME, Pc), // 0x80
OFFSET(TrCpsr, KTRAP_FRAME, Cpsr), // 0x84
SIZE(KTRAP_FRAME_LENGTH, KTRAP_FRAME), // 0x88
HEADER("KEXCEPTION_FRAME offsets"),
OFFSET(ExParam5, KEXCEPTION_FRAME, Param5), // 0x0
OFFSET(ExTrapFrame, KEXCEPTION_FRAME, TrapFrame), // 0x4
OFFSET(ExR4, KEXCEPTION_FRAME, R4), // 0x14
OFFSET(ExR5, KEXCEPTION_FRAME, R5), // 0x18
OFFSET(ExR6, KEXCEPTION_FRAME, R6), // 0x1c
OFFSET(ExR7, KEXCEPTION_FRAME, R7), // 0x20
OFFSET(ExR8, KEXCEPTION_FRAME, R8), // 0x24
OFFSET(ExR9, KEXCEPTION_FRAME, R9), // 0x28
OFFSET(ExR10, KEXCEPTION_FRAME, R10), // 0x2c
OFFSET(ExR11, KEXCEPTION_FRAME, R11), // 0x30
OFFSET(ExReturn, KEXCEPTION_FRAME, Return), // 0x34
SIZE(KEXCEPTION_FRAME_LENGTH, KEXCEPTION_FRAME), // 0x38
HEADER("KSPECIAL_REGISTERS offsets"),
OFFSET(KsCp15_Cr13_UsrRW, KSPECIAL_REGISTERS, Cp15_Cr13_UsrRW), // 0x1c
OFFSET(KsCp15_Cr13_UsrRO, KSPECIAL_REGISTERS, Cp15_Cr13_UsrRO), // 0x20
OFFSET(KsCp15_Cr13_SvcRW, KSPECIAL_REGISTERS, Cp15_Cr13_SvcRW), // 0x24
OFFSET(KsKernelBvr, KSPECIAL_REGISTERS, KernelBvr), // 0x28
OFFSET(KsKernelBcr, KSPECIAL_REGISTERS, KernelBcr), // 0x48
OFFSET(KsKernelWcr, KSPECIAL_REGISTERS, KernelWcr), // 0x6c
OFFSET(KsFpexc, KSPECIAL_REGISTERS, Fpexc), // 0x70
OFFSET(KsFpinst, KSPECIAL_REGISTERS, Fpinst), // 0x74
OFFSET(KsFpinst2, KSPECIAL_REGISTERS, Fpinst2), // 0x78
OFFSET(KsUserSp, KSPECIAL_REGISTERS, UserSp), // 0x7c
OFFSET(KsUserLr, KSPECIAL_REGISTERS, UserLr), // 0x80
OFFSET(KsAbortSp, KSPECIAL_REGISTERS, AbortSp), // 0x84
OFFSET(KsAbortLr, KSPECIAL_REGISTERS, AbortLr), // 0x88
OFFSET(KsAbortSpsr, KSPECIAL_REGISTERS, AbortSpsr), // 0x8c
OFFSET(KsUdfSp, KSPECIAL_REGISTERS, UdfSp), // 0x90
OFFSET(KsUdfLr, KSPECIAL_REGISTERS, UdfLr), // 0x94
OFFSET(KsUdfSpsr, KSPECIAL_REGISTERS, UdfSpsr), // 0x98
OFFSET(KsIrqSp, KSPECIAL_REGISTERS, IrqSp), // 0x9c
OFFSET(KsIrqLr, KSPECIAL_REGISTERS, IrqLr), // 0xa0
OFFSET(KsIrqSpsr, KSPECIAL_REGISTERS, IrqSpsr), // 0xa4
HEADER("KPROCESSOR_STATE offsets"),
OFFSET(PsSpecialRegisters, KPROCESSOR_STATE, SpecialRegisters), // 0x0
OFFSET(PsUsrRW, KPROCESSOR_STATE, SpecialRegisters.Cp15_Cr13_UsrRW), // 0x1c
OFFSET(PsUsrRO, KPROCESSOR_STATE, SpecialRegisters.Cp15_Cr13_UsrRO), // 0x20
OFFSET(PsSvcRW, KPROCESSOR_STATE, SpecialRegisters.Cp15_Cr13_SvcRW), // 0x24
OFFSET(PsArchState, KPROCESSOR_STATE, ArchState), // 0xa8
OFFSET(PsCpuid, KPROCESSOR_STATE, ArchState.Cp15_Cr0_CpuId), // 0xa8
OFFSET(PsControl, KPROCESSOR_STATE, ArchState.Cp15_Cr1_Control), // 0xac
OFFSET(PsAuxControl, KPROCESSOR_STATE, ArchState.Cp15_Cr1_AuxControl), // 0xb0
OFFSET(PsCpacr, KPROCESSOR_STATE, ArchState.Cp15_Cr1_Cpacr), // 0xb4
OFFSET(PsTtbControl, KPROCESSOR_STATE, ArchState.Cp15_Cr2_TtbControl), // 0xb8
OFFSET(PsTtb0, KPROCESSOR_STATE, ArchState.Cp15_Cr2_Ttb0), // 0xbc
OFFSET(PsTtb1, KPROCESSOR_STATE, ArchState.Cp15_Cr2_Ttb1), // 0xc0
OFFSET(PsDacr, KPROCESSOR_STATE, ArchState.Cp15_Cr3_Dacr), // 0xc4
OFFSET(PsPrimaryMemoryRemap, KPROCESSOR_STATE, ArchState.Cp15_Cr10_PrimaryMemoryRemap), // 0x1ec
OFFSET(PsNormalMemoryRemap, KPROCESSOR_STATE, ArchState.Cp15_Cr10_NormalMemoryRemap), // 0x1f0
OFFSET(PsVBARns, KPROCESSOR_STATE, ArchState.Cp15_Cr12_VBARns), // 0x1f4
OFFSET(PsAsid, KPROCESSOR_STATE, ArchState.Cp15_Cr13_ContextId), // 0x1f8
OFFSET(PsContextId, KPROCESSOR_STATE, ArchState.Cp15_Cr13_ContextId), // 0x1f8
OFFSET(PsContextFrame, KPROCESSOR_STATE, ContextFrame), // 0x200
SIZE(ProcessorStateLength, KPROCESSOR_STATE), // 0x3a0
HEADER("KARM_ARCH_STATE offsets"),
OFFSET(AaCp15_Cr0_CpuId, KARM_ARCH_STATE, Cp15_Cr0_CpuId), // 0x0
OFFSET(AaCp15_Cr1_Control, KARM_ARCH_STATE, Cp15_Cr1_Control), // 0x4
OFFSET(AaCp15_Cr1_AuxControl, KARM_ARCH_STATE, Cp15_Cr1_AuxControl), // 0x8
OFFSET(AaCp15_Cr1_Cpacr, KARM_ARCH_STATE, Cp15_Cr1_Cpacr), // 0xc
OFFSET(AaCp15_Cr2_TtbControl, KARM_ARCH_STATE, Cp15_Cr2_TtbControl), // 0x10
OFFSET(AaCp15_Cr2_Ttb0, KARM_ARCH_STATE, Cp15_Cr2_Ttb0), // 0x14
OFFSET(AaCp15_Cr2_Ttb1, KARM_ARCH_STATE, Cp15_Cr2_Ttb1), // 0x18
OFFSET(AaCp15_Cr3_Dacr, KARM_ARCH_STATE, Cp15_Cr3_Dacr), // 0x1c
OFFSET(AaCp15_Cr5_Dfsr, KARM_ARCH_STATE, Cp15_Cr5_Dfsr), // 0x20
OFFSET(AaCp15_Cr5_Ifsr, KARM_ARCH_STATE, Cp15_Cr5_Ifsr), // 0x24
OFFSET(AaCp15_Cr6_Dfar, KARM_ARCH_STATE, Cp15_Cr6_Dfar), // 0x28
OFFSET(AaCp15_Cr6_Ifar, KARM_ARCH_STATE, Cp15_Cr6_Ifar), // 0x2c
OFFSET(AaCp15_Cr9_PmControl, KARM_ARCH_STATE, Cp15_Cr9_PmControl), // 0x30
OFFSET(AaCp15_Cr9_PmCountEnableSet, KARM_ARCH_STATE, Cp15_Cr9_PmCountEnableSet), // 0x34
OFFSET(AaCp15_Cr9_PmCycleCounter, KARM_ARCH_STATE, Cp15_Cr9_PmCycleCounter), // 0x38
OFFSET(AaCp15_Cr9_PmEventCounter, KARM_ARCH_STATE, Cp15_Cr9_PmEventCounter), // 0x3c
OFFSET(AaCp15_Cr9_PmEventType, KARM_ARCH_STATE, Cp15_Cr9_PmEventType), // 0xb8
OFFSET(AaCp15_Cr9_PmInterruptSelect, KARM_ARCH_STATE, Cp15_Cr9_PmInterruptSelect), // 0x134
OFFSET(AaCp15_Cr9_PmOverflowStatus, KARM_ARCH_STATE, Cp15_Cr9_PmOverflowStatus), // 0x138
OFFSET(AaCp15_Cr9_PmSelect, KARM_ARCH_STATE, Cp15_Cr9_PmSelect), // 0x13c
OFFSET(AaCp15_Cr9_PmUserEnable, KARM_ARCH_STATE, Cp15_Cr9_PmUserEnable), // 0x140
OFFSET(AaCp15_Cr10_PrimaryMemoryRemap, KARM_ARCH_STATE, Cp15_Cr10_PrimaryMemoryRemap), // 0x144
OFFSET(AaCp15_Cr10_NormalMemoryRemap, KARM_ARCH_STATE, Cp15_Cr10_NormalMemoryRemap), // 0x148
OFFSET(AaCp15_Cr12_VBARns, KARM_ARCH_STATE, Cp15_Cr12_VBARns), // 0x14c
OFFSET(AaCp15_Cr13_ContextId, KARM_ARCH_STATE, Cp15_Cr13_ContextId), // 0x150
HEADER("KSTART_FRAME offsets"),
OFFSET(SfR0, KSTART_FRAME, R0), // 0x0
OFFSET(SfR1, KSTART_FRAME, R1), // 0x4
OFFSET(SfR2, KSTART_FRAME, R2), // 0x8
OFFSET(SfReturn, KSTART_FRAME, Return), // 0xc
SIZE(KSTART_FRAME_LENGTH, KSTART_FRAME), // 0x10
HEADER("KSWITCH_FRAME offsets"),
OFFSET(SwApcBypass, KSWITCH_FRAME, ApcBypass), // 0x0
OFFSET(SwR11, KSWITCH_FRAME, R11), // 0x8
OFFSET(SwReturn, KSWITCH_FRAME, Return), // 0xc
SIZE(KSWITCH_FRAME_LENGTH, KSWITCH_FRAME), // 0x10
HEADER("MACHINE_FRAME offsets"),
OFFSET(MfSp, MACHINE_FRAME, Sp), // 0x0
OFFSET(MfPc, MACHINE_FRAME, Pc), // 0x4
SIZE(MachineFrameLength, MACHINE_FRAME), // 0x8
HEADER("KARM_VFP_STATE offsets"),
OFFSET(VsLink, KARM_VFP_STATE, Link), // 0x0
OFFSET(VsFpscr, KARM_VFP_STATE, Fpscr), // 0x4
OFFSET(VsVfpD, KARM_VFP_STATE, VfpD), // 0x10
OFFSET(VsVfpD8, KARM_VFP_STATE, VfpD[8]), // 0x50
SIZE(VFP_STATE_LENGTH, KARM_VFP_STATE), // 0x110
HEADER("KARM_MINI_STACK offsets"),
OFFSET(MsPc, KARM_MINI_STACK, Pc), // 0x0
OFFSET(MsCpsr, KARM_MINI_STACK, Cpsr), // 0x4
OFFSET(MsR4, KARM_MINI_STACK, R4), // 0x8
OFFSET(MsR5, KARM_MINI_STACK, R5), // 0xc
OFFSET(MsR6, KARM_MINI_STACK, R6), // 0x10
OFFSET(MsR7, KARM_MINI_STACK, R7), // 0x14
OFFSET(MsReserved, KARM_MINI_STACK, Reserved), // 0x18
SIZE(MiniStackLength, KARM_MINI_STACK), // 0x20
HEADER("KPCR offsets"),
OFFSET(PcSelf, KIPCR, Self), // 0xc
OFFSET(PcCurrentPrcb, KIPCR, CurrentPrcb), // 0x10
OFFSET(PcLockArray, KIPCR, LockArray), // 0x14
OFFSET(PcTeb, KIPCR, Used_Self), // 0x18
OFFSET(PcStallScaleFactor, KIPCR, StallScaleFactor), // 0x30
OFFSET(PcHalReserved, KIPCR, HalReserved), // 0x84
OFFSET(PcPrcb, KIPCR, Prcb), // 0x580
OFFSET(PcIdleHalt, KIPCR, Prcb.IdleHalt), // 0x582
OFFSET(PcCurrentThread, KIPCR, Prcb.CurrentThread), // 0x584
OFFSET(PcNextThread, KIPCR, Prcb.NextThread), // 0x588
OFFSET(PcIdleThread, KIPCR, Prcb.IdleThread), // 0x58c
OFFSET(PcNestingLevel, KIPCR, Prcb.NestingLevel), // 0x590
OFFSET(PcNumber, KIPCR, Prcb.Number), // 0x594
OFFSET(PcPrcbLock, KIPCR, Prcb.PrcbLock), // 0x598
OFFSET(PcGroupSetMember, KIPCR, Prcb.GroupSetMember), // 0x998
OFFSET(PcFeatureBits, KIPCR, Prcb.FeatureBits), // 0xa8c
OFFSET(PcDeferredReadyListHead, KIPCR, Prcb.DeferredReadyListHead), // 0xb84
OFFSET(PcSystemCalls, KIPCR, Prcb.KeSystemCalls), // 0xbb0
OFFSET(PcSpBase, KIPCR, Prcb.SpBase), // 0xc44
OFFSET(PcDpcRoutineActive, KIPCR, Prcb.DpcRoutineActive), // 0xc5a
OFFSET(PcInterruptCount, KIPCR, Prcb.InterruptCount), // 0xe80
OFFSET(PcSkipTick, KIPCR, Prcb.SkipTick), // 0xe98
OFFSET(PcDebuggerSavedIRQL, KIPCR, Prcb.DebuggerSavedIRQL), // 0xe99
OFFSET(PcStartCycles, KIPCR, Prcb.StartCycles), // 0xec8
OFFSET(PcCycleCounterHigh, KIPCR, Prcb.CycleCounterHigh), // 0xed8
SIZE(ProcessorControlRegisterLength, KIPCR), // 0x5b80
HEADER("KPRCB offsets"),
OFFSET(PbIdleHalt, KPRCB, IdleHalt), // 0x2
OFFSET(PbCurrentThread, KPRCB, CurrentThread), // 0x4
OFFSET(PbNextThread, KPRCB, NextThread), // 0x8
OFFSET(PbIdleThread, KPRCB, IdleThread), // 0xc
OFFSET(PbNestingLevel, KPRCB, NestingLevel), // 0x10
OFFSET(PbNumber, KPRCB, Number), // 0x14
OFFSET(PbPrcbLock, KPRCB, PrcbLock), // 0x18
OFFSET(PbPriorityState, KPRCB, PriorityState), // 0x1c
OFFSET(PbProcessorState, KPRCB, ProcessorState), // 0x20
OFFSET(PbHalReserved, KPRCB, HalReserved), // 0x3d0
OFFSET(PbMinorVersion, KPRCB, MinorVersion), // 0x40c
OFFSET(PbMajorVersion, KPRCB, MajorVersion), // 0x40e
OFFSET(PbBuildType, KPRCB, BuildType), // 0x410
OFFSET(PbCoresPerPhysicalProcessor, KPRCB, CoresPerPhysicalProcessor), // 0x412
OFFSET(PbLogicalProcessorsPerCore, KPRCB, LogicalProcessorsPerCore), // 0x413
OFFSET(PbGroup, KPRCB, Group), // 0x41c
OFFSET(PbGroupIndex, KPRCB, GroupIndex), // 0x41d
OFFSET(PbLockQueue, KPRCB, LockQueue), // 0x480
OFFSET(PbProcessorVendorString, KPRCB, ProcessorVendorString), // 0x508
OFFSET(PbFeatureBits, KPRCB, FeatureBits), // 0x50c
OFFSET(PbPPLookasideList, KPRCB, PPLookasideList), // 0x580
OFFSET(PbPacketBarrier, KPRCB, PacketBarrier), // 0x600
OFFSET(PbDeferredReadyListHead, KPRCB, DeferredReadyListHead), // 0x604
OFFSET(PbSystemCalls, KPRCB, KeSystemCalls), // 0x630
OFFSET(PbContextSwitches, KPRCB, KeContextSwitches), // 0x634
OFFSET(PbFastReadNoWait, KPRCB, CcFastReadNoWait), // 0x638
OFFSET(PbFastReadWait, KPRCB, CcFastReadWait), // 0x63c
OFFSET(PbFastReadNotPossible, KPRCB, CcFastReadNotPossible), // 0x640
OFFSET(PbCopyReadNoWait, KPRCB, CcCopyReadNoWait), // 0x644
OFFSET(PbCopyReadWait, KPRCB, CcCopyReadWait), // 0x648
OFFSET(PbCopyReadNoWaitMiss, KPRCB, CcCopyReadNoWaitMiss), // 0x64c
OFFSET(PbLookasideIrpFloat, KPRCB, LookasideIrpFloat), // 0x650
OFFSET(PbReadOperationCount, KPRCB, IoReadOperationCount), // 0x654
OFFSET(PbWriteOperationCount, KPRCB, IoWriteOperationCount), // 0x658
OFFSET(PbOtherOperationCount, KPRCB, IoOtherOperationCount), // 0x65c
OFFSET(PbReadTransferCount, KPRCB, IoReadTransferCount), // 0x660
OFFSET(PbWriteTransferCount, KPRCB, IoWriteTransferCount), // 0x668
OFFSET(PbOtherTransferCount, KPRCB, IoOtherTransferCount), // 0x670
OFFSET(PbMailbox, KPRCB, Mailbox), // 0x680
OFFSET(PbIpiFrozen, KPRCB, IpiFrozen), // 0x688
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
OFFSET(PbDpcList, KPRCB, DpcData[0].DpcList), // 0x690
#else
OFFSET(PbDpcListHead, KPRCB, DpcData[0].DpcListHead), // 0x690
#endif
OFFSET(PbDpcLock, KPRCB, DpcData[0].DpcLock), // 0x698
OFFSET(PbDpcCount, KPRCB, DpcData[0].DpcCount), // 0x6a0
OFFSET(PbDpcStack, KPRCB, DpcStack), // 0x6c0
OFFSET(PbSpBase, KPRCB, SpBase), // 0x6c4
OFFSET(PbMaximumDpcQueueDepth, KPRCB, MaximumDpcQueueDepth), // 0x6c8
OFFSET(PbDpcRequestRate, KPRCB, DpcRequestRate), // 0x6cc
OFFSET(PbMinimumDpcRate, KPRCB, MinimumDpcRate), // 0x6d0
OFFSET(PbDpcLastCount, KPRCB, DpcLastCount), // 0x6d4
OFFSET(PbQuantumEnd, KPRCB, QuantumEnd), // 0x6d9
OFFSET(PbDpcRoutineActive, KPRCB, DpcRoutineActive), // 0x6da
OFFSET(PbIdleSchedule, KPRCB, IdleSchedule), // 0x6db
#if (NTDDI_VERSION >= NTDDI_WIN8)
OFFSET(PbDpcRequestSummary, KPRCB, DpcRequestSummary), // 0x6dc
OFFSET(PbNormalDpcState, KPRCB, NormalDpcState), // 0x6dc
OFFSET(PbDpcGate, KPRCB, DpcGate), // 0x700
#else
OFFSET(PbDpcSetEventRequest, KPRCB, DpcSetEventRequest), // 0x700
OFFSET(PbDpcEvent, KPRCB, DpcEvent), // 0x700
#endif
OFFSET(PbKeSpinLockOrdering, KPRCB, KeSpinLockOrdering), // 0x744
OFFSET(PbWaitListHead, KPRCB, WaitListHead), // 0x780
OFFSET(PbDispatcherReadyListHead, KPRCB, DispatcherReadyListHead), // 0x800
OFFSET(PbInterruptCount, KPRCB, InterruptCount), // 0x900
OFFSET(PbKernelTime, KPRCB, KernelTime), // 0x904
OFFSET(PbUserTime, KPRCB, UserTime), // 0x908
OFFSET(PbDpcTime, KPRCB, DpcTime), // 0x90c
OFFSET(PbInterruptTime, KPRCB, InterruptTime), // 0x910
OFFSET(PbAdjustDpcThreshold, KPRCB, AdjustDpcThreshold), // 0x914
OFFSET(PbExceptionDispatchCount, KPRCB, KeExceptionDispatchCount), // 0x934
OFFSET(PbParentNode, KPRCB, ParentNode), // 0x938
OFFSET(PbStartCycles, KPRCB, StartCycles), // 0x948
OFFSET(PbCycleCounterHigh, KPRCB, CycleCounterHigh), // 0x958
#if (NTDDI_VERSION >= NTDDI_WIN8)
OFFSET(PbEntropyCount, KPRCB, EntropyTimingState.EntropyCount), // 0x960
OFFSET(PbEntropyBuffer, KPRCB, EntropyTimingState.Buffer), // 0x964
#endif /* (NTDDI_VERSION >= NTDDI_WIN8) */
OFFSET(PbPageColor, KPRCB, PageColor), // 0xa8c
OFFSET(PbNodeColor, KPRCB, NodeColor), // 0xa90
OFFSET(PbNodeShiftedColor, KPRCB, NodeShiftedColor), // 0xa94
OFFSET(PbSecondaryColorMask, KPRCB, SecondaryColorMask), // 0xa98
OFFSET(PbCycleTime, KPRCB, CycleTime), // 0xaa0
OFFSET(PbCcFastMdlReadNoWait, KPRCB, CcFastMdlReadNoWait), // 0xb00
OFFSET(PbPowerState, KPRCB, PowerState), // 0xb80
OFFSET(PbAlignmentFixupCount, KPRCB, KeAlignmentFixupCount), // 0xd14
OFFSET(PbSpinLockAcquireCount, KPRCB, SynchCounters.SpinLockAcquireCount), // 0xe80
OFFSET(PbFiqMiniStack, KPRCB, FiqMiniStack), // 0xf50
OFFSET(PbIrqMiniStack, KPRCB, IrqMiniStack), // 0xf70
OFFSET(PbUdfMiniStack, KPRCB, UdfMiniStack), // 0xf90
OFFSET(PbAbtMiniStack, KPRCB, AbtMiniStack), // 0xfb0
OFFSET(PbPanicMiniStack, KPRCB, PanicMiniStack), // 0xfd0
OFFSET(PbPanicStackBase, KPRCB, PanicStackBase), // 0xff0
OFFSET(PbPPNPagedLookasideList, KPRCB, PPNPagedLookasideList), // 0x3200
OFFSET(PbPPPagedLookasideList, KPRCB, PPPagedLookasideList), // 0x3b00
//OFFSET(PbRequestMailbox, KPRCB, RequestMailbox), // 0x4600
HEADER("UCALLOUT_FRAME offsets (yes, Cu/Ck is confusing...)"),
OFFSET(CkBuffer, UCALLOUT_FRAME, Buffer),
OFFSET(CkLength, UCALLOUT_FRAME, Length),
OFFSET(CkApiNumber, UCALLOUT_FRAME, ApiNumber),
OFFSET(CkPc, UCALLOUT_FRAME, MachineFrame.Pc),
OFFSET(CkSp, UCALLOUT_FRAME, MachineFrame.Sp),
SIZE(CalloutFrameLength, UCALLOUT_FRAME),
HEADER("KCALLOUT_FRAME offsets (yes, Cu/Ck is confusing...)"),
OFFSET(CuTrapFrame, KCALLOUT_FRAME, TrapFrame),
OFFSET(CuOutputBuffer, KCALLOUT_FRAME, OutputBuffer),
OFFSET(CuOutputLength, KCALLOUT_FRAME, OutputLength),
// Processor Idle Times Offset Definitions
//#define PiStartTime 0x0
//#define PiEndTime 0x8
//#define DBGDSCR_MON_EN_BIT 0x8000
//#define KF_VFP_32REG 0x10
//#define KI_SPINLOCK_ORDER_PRCB_LOCK 0x40
//#define THREAD_FLAGS_CYCLE_PROFILING 0x1
//#define THREAD_FLAGS_CYCLE_PROFILING_LOCK_BIT 0x10
//#define THREAD_FLAGS_CYCLE_PROFILING_LOCK 0x10000
//#define THREAD_FLAGS_COUNTER_PROFILING 0x2
//#define THREAD_FLAGS_COUNTER_PROFILING_LOCK_BIT 0x11
//#define THREAD_FLAGS_COUNTER_PROFILING_LOCK 0x20000
//#define THREAD_FLAGS_GROUP_SCHEDULING 0x4
//#define THREAD_FLAGS_AFFINITY_SET 0x8
//#define THREAD_FLAGS_ACCOUNTING_CSWITCH 0x6
//#define THREAD_FLAGS_ACCOUNTING_ANY 0xe
//#define KTHREAD_AUTO_ALIGNMENT_BIT 0x0
//#define KTHREAD_GUI_THREAD_MASK 0x40
//#define KTHREAD_SYSTEM_THREAD_BIT 0xb
//#define KTHREAD_QUEUE_DEFER_PREEMPTION_BIT 0xa
//#define DEBUG_ACTIVE_DBG 0x1
//#define DEBUG_ACTIVE_DBG_INSTRUMENTED 0x3
//#define DEBUG_ACTIVE_INSTRUMENTED 0x2
//CONSTANT(DEBUG_ACTIVE_MINIMAL_THREAD),
//#define ARM_VFP_MANAGEMENT 0x1
//#define ARM_VFP_ENABLE_STATISTICS 0x0
//#define ARM_VFP_ALWAYSON 0x0
//#define ARM_VFP_LAZY_ONEWAY 0x1
//#define ARM_VFP_LAZY_WITH_DEMOTION 0x2
#define TRAP_TYPE_INTERRUPT 0x1
#define TRAP_TYPE_SYSCALL 0x2
#define TRAP_TYPE_UNDEFINED 0x3
#define TRAP_TYPE_DATA_ABORT 0x4
#define TRAP_TYPE_PREFETCH_ABORT 0x5
#define TRAP_TYPE_RESET 0x6
#define TRAP_TYPE_FIQ 0x7
#define THUMB_BREAKPOINT 0xdefe
#define THUMB_DEBUG_SERVICE 0xdefd
#define THUMB_ASSERT 0xdefc
#define THUMB_FASTFAIL 0xdefb
#define THUMB_READ_CYCLES 0xdefa
#define THUMB_DIVIDE_BY_0 0xdef9
#define ARM_EXCEPTION_VECTOR 0xffff0000 // obsolete in win10
#define KI_DPC_INTERRUPT_FLAGS 0x2f // amd64 as well
#define KI_EXCEPTION_HARDWARE_ERROR 0x10000005
#define KTRAP_FRAME_ARGUMENTS 0x38
#define ARM_RED_ZONE_BYTES 0x8
CONSTANT(PF_ARM_EXTERNAL_CACHE_AVAILABLE),
#define FAST_FAIL_DEPRECATED_SERVICE_INVOKED 0x1b // since win10
#define CP14_DBGBCR_MISMATCH_BIT 0x400000
#define CP14_DBGBCR_ENABLE_BIT 0x1
#define CP15_CPACR_D32DIS 0x80000000
#define CP15_CPACR_ASEDIS 0x40000000
#define CP15_CPACR_VFP_MASK 0xf00000
#define CPVFP_FPEXC_EX 0x80000000
#define CPVFP_FPEXC_EN 0x40000000
#define CPVFP_FPEXC_DEX 0x20000000
#define CPVFP_FPEXC_FP2V 0x10000000
#define CP15_CR0_HARVARD_CACHE 0x1000000
#define CP15_xFSR_FS_HIGH 0x400
#define CP15_xFSR_FS_LOW 0xf
#define CP15_DFSR_WnR 0x800
#define CP15_SCTLR_I 0x1000
#define CP15_SCTLR_C 0x4
#define CP15_SCTLR_M 0x1
#define CP15_SCTLR_Z 0x800
#define CP15_SCTLR_TR 0x10000000 // obsolete in win10
#define CP15_THREAD_RESERVED_MASK 0x3f
// Processor Start Block Offset Definitions
#define PsbSelfMap 0x0
#define PsbTiledTtb0 0x4
#define ProcessorStartBlockLength 0x8
// Processor Parked Page Offset Definitions
#define PppArchitecturalStateVirtualAddress 0x10
#define PppArchitecturalState 0x18
#define PppDcacheFlushSavedRegisters 0x3b8 // obsolete in win10
#define ProcessorParkedPageLength 0x1000
#define TlThread 0x0
#define TlCpuNumber 0x4
#define TlTrapType 0x5
#define TlPadding 0x6
#define TlR0 0x8
#define TlR1 0xc
#define TlR2 0x10
#define TlR3 0x14
#define TlR12 0x18
#define TlSp 0x1c
#define TlLr 0x20
#define TlR11 0x24
#define TlPc 0x28
#define TlCpsr 0x2c
// DPC stack
#define DpSp 0x8
#define DpPc 0xc
// also amd64
#define KEXCEPTION_ACTIVE_INTERRUPT_FRAME 0x0
#define KEXCEPTION_ACTIVE_EXCEPTION_FRAME 0x1
#define KEXCEPTION_ACTIVE_SERVICE_FRAME 0x2
#define CP15_MIDR 15, 0, 0, 0, 0
#define CP15_CTR 15, 0, 0, 0, 1
#define CP15_TCMTR 15, 0, 0, 0, 2
#define CP15_TLBTR 15, 0, 0, 0, 3
#define CP15_MPIDR 15, 0, 0, 0, 5
#define CP15_PFR0 15, 0, 0, 1, 0
#define CP15_PFR1 15, 0, 0, 1, 1
#define CP15_DFR0 15, 0, 0, 1, 2
#define CP15_AFR0 15, 0, 0, 1, 3
#define CP15_MMFR0 15, 0, 0, 1, 4
#define CP15_MMFR1 15, 0, 0, 1, 5
#define CP15_MMFR2 15, 0, 0, 1, 6
#define CP15_MMFR3 15, 0, 0, 1, 7
#define CP15_ISAR0 15, 0, 0, 2, 0
#define CP15_ISAR1 15, 0, 0, 2, 1
#define CP15_ISAR2 15, 0, 0, 2, 2
#define CP15_ISAR3 15, 0, 0, 2, 3
#define CP15_ISAR4 15, 0, 0, 2, 4
#define CP15_ISAR5 15, 0, 0, 2, 5
#define CP15_ISAR6 15, 0, 0, 2, 6
#define CP15_ISAR7 15, 0, 0, 2, 7
#define CP15_SCTLR 15, 0, 1, 0, 0
#define CP15_ACTLR 15, 0, 1, 0, 1
#define CP15_CPACR 15, 0, 1, 0, 2
#define CP15_SCR 15, 0, 1, 1, 0
#define CP15_SDER 15, 0, 1, 1, 1
#define CP15_NSACR 15, 0, 1, 1, 2
#define CP15_TTBR0 15, 0, 2, 0, 0
#define CP15_TTBR1 15, 0, 2, 0, 1
#define CP15_TTBCR 15, 0, 2, 0, 2
#define CP15_DACR 15, 0, 3, 0, 0
#define CP15_DFSR 15, 0, 5, 0, 0
#define CP15_IFSR 15, 0, 5, 0, 1
#define CP15_DFAR 15, 0, 6, 0, 0
#define CP15_IFAR 15, 0, 6, 0, 2
#define CP15_ICIALLUIS 15, 0, 7, 1, 0
#define CP15_BPIALLIS 15, 0, 7, 1, 6
#define CP15_ICIALLU 15, 0, 7, 5, 0
#define CP15_ICIMVAU 15, 0, 7, 5, 1
#define CP15_BPIALL 15, 0, 7, 5, 6
#define CP15_BPIMVA 15, 0, 7, 5, 7
#define CP15_DCIMVAC 15, 0, 7, 6, 1
#define CP15_DCISW 15, 0, 7, 6, 2
#define CP15_DCCMVAC 15, 0, 7, 10, 1
#define CP15_DCCSW 15, 0, 7, 10, 2
#define CP15_DCCMVAU 15, 0, 7, 11, 1
#define CP15_DCCIMVAC 15, 0, 7, 14, 1
#define CP15_DCCISW 15, 0, 7, 14, 2
#define CP15_PAR 15, 0, 7, 4, 0
#define CP15_ATS1CPR 15, 0, 7, 8, 0
#define CP15_ATS1CPW 15, 0, 7, 8, 1
#define CP15_ATS1CUR 15, 0, 7, 8, 2
#define CP15_ATS1CUW 15, 0, 7, 8, 3
#define CP15_ISB 15, 0, 7, 5, 4
#define CP15_DSB 15, 0, 7, 10, 4
#define CP15_DMB 15, 0, 7, 10, 5
#define CP15_TLBIALLIS 15, 0, 8, 3, 0
#define CP15_TLBIMVAIS 15, 0, 8, 3, 1
#define CP15_TLBIASIDIS 15, 0, 8, 3, 2
#define CP15_TLBIMVAAIS 15, 0, 8, 3, 3
#define CP15_ITLBIALL 15, 0, 8, 5, 0
#define CP15_ITLBIMVA 15, 0, 8, 5, 1
#define CP15_ITLBIASID 15, 0, 8, 5, 2
#define CP15_DTLBIALL 15, 0, 8, 6, 0
#define CP15_DTLBIMVA 15, 0, 8, 6, 1
#define CP15_DTLBIASID 15, 0, 8, 6, 2
#define CP15_TLBIALL 15, 0, 8, 7, 0
#define CP15_TLBIMVA 15, 0, 8, 7, 1
#define CP15_TLBIASID 15, 0, 8, 7, 2
#define CP15_TLBIMVAA 15, 0, 8, 7, 3
#define CP15_PMCR 15, 0, 9, 12, 0
#define CP15_PMCNTENSET 15, 0, 9, 12, 1
#define CP15_PMCNTENCLR 15, 0, 9, 12, 2
#define CP15_PMOVSR 15, 0, 9, 12, 3
#define CP15_PSWINC 15, 0, 9, 12, 4
#define CP15_PMSELR 15, 0, 9, 12, 5
#define CP15_PMCCNTR 15, 0, 9, 13, 0
#define CP15_PMXEVTYPER 15, 0, 9, 13, 1
#define CP15_PMXEVCNTR 15, 0, 9, 13, 2
#define CP15_PMUSERENR 15, 0, 9, 14, 0
#define CP15_PMINTENSET 15, 0, 9, 14, 1
#define CP15_PMINTENCLR 15, 0, 9, 14, 2
#define CP15_PRRR 15, 0, 10, 2, 0
#define CP15_NMRR 15, 0, 10, 2, 1
#define CP15_VBAR 15, 0, 12, 0, 0
#define CP15_MVBAR 15, 0, 12, 0, 1
#define CP15_ISR 15, 0, 12, 1, 0
#define CP15_CONTEXTIDR 15, 0, 13, 0, 1
#define CP15_TPIDRURW 15, 0, 13, 0, 2
#define CP15_TPIDRURO 15, 0, 13, 0, 3
#define CP15_TPIDRPRW 15, 0, 13, 0, 4
#define CP15_CCSIDR 15, 1, 0, 0, 0
#define CP15_CLIDR 15, 1, 0, 0, 1
#define CP15_AIDR 15, 1, 0, 0, 7
#define CP15_CSSELR 15, 2, 0, 0, 0
#define CP14_DBGDIDR 14, 0, 0, 0, 0
#define CP14_DBGWFAR 14, 0, 0, 6, 0
#define CP14_DBGVCR 14, 0, 0, 7, 0
#define CP14_DBGECR 14, 0, 0, 9, 0
#define CP14_DBGDSCCR 14, 0, 0, 10, 0
#define CP14_DBGDSMCR 14, 0, 0, 11, 0
#define CP14_DBGDTRRX 14, 0, 0, 0, 2
#define CP14_DBGPCSR 14, 0, 0, 1, 2
#define CP14_DBGITR 14, 0, 0, 1, 2
#define CP14_DBGDSCR 14, 0, 0, 2, 2
#define CP14_DBGDTRTX 14, 0, 0, 3, 2
#define CP14_DBGDRCR 14, 0, 0, 4, 2
#define CP14_DBGCIDSR 14, 0, 0, 9, 2
#define CP14_DBGBVR0 14, 0, 0, 0, 4
#define CP14_DBGBVR1 14, 0, 0, 1, 4
#define CP14_DBGBVR2 14, 0, 0, 2, 4
#define CP14_DBGBVR3 14, 0, 0, 3, 4
#define CP14_DBGBVR4 14, 0, 0, 4, 4
#define CP14_DBGBVR5 14, 0, 0, 5, 4
#define CP14_DBGBVR6 14, 0, 0, 6, 4
#define CP14_DBGBVR7 14, 0, 0, 7, 4
#define CP14_DBGBCR0 14, 0, 0, 0, 5
#define CP14_DBGBCR1 14, 0, 0, 1, 5
#define CP14_DBGBCR2 14, 0, 0, 2, 5
#define CP14_DBGBCR3 14, 0, 0, 3, 5
#define CP14_DBGBCR4 14, 0, 0, 4, 5
#define CP14_DBGBCR5 14, 0, 0, 5, 5
#define CP14_DBGBCR6 14, 0, 0, 6, 5
#define CP14_DBGBCR7 14, 0, 0, 7, 5
#define CP14_DBGWVR0 14, 0, 0, 0, 6
#define CP14_DBGWVR1 14, 0, 0, 1, 6
#define CP14_DBGWVR2 14, 0, 0, 2, 6
#define CP14_DBGWVR3 14, 0, 0, 3, 6
#define CP14_DBGWCR0 14, 0, 0, 0, 7
#define CP14_DBGWCR1 14, 0, 0, 1, 7
#define CP14_DBGWCR2 14, 0, 0, 2, 7
#define CP14_DBGWCR3 14, 0, 0, 3, 7
#define CPVFP_FPSID 10, 7, 0, 0, 0
#define CPVFP_FPSCR 10, 7, 1, 0, 0
#define CPVFP_MVFR1 10, 7, 6, 0, 0
#define CPVFP_MVFR0 10, 7, 7, 0, 0
#define CPVFP_FPEXC 10, 7, 8, 0, 0
#define CP15_TTBRx_PD_MASK 0xffffc000

638
reactos/include/asm/ksx.template.h
View file

@ -3,6 +3,44 @@
HEADER("Pointer size"),
SIZE(SizeofPointer, PVOID),
HEADER("Bug Check Codes"),
CONSTANT(APC_INDEX_MISMATCH),
CONSTANT(INVALID_AFFINITY_SET),
CONSTANT(INVALID_DATA_ACCESS_TRAP),
CONSTANT(IRQL_NOT_GREATER_OR_EQUAL),
CONSTANT(IRQL_NOT_LESS_OR_EQUAL), // 0x0a
CONSTANT(NO_USER_MODE_CONTEXT), // 0x0e
CONSTANT(SPIN_LOCK_ALREADY_OWNED), // 0x0f
CONSTANT(SPIN_LOCK_NOT_OWNED), // 0x10
CONSTANT(THREAD_NOT_MUTEX_OWNER), // 0x11
CONSTANT(TRAP_CAUSE_UNKNOWN), // 0x12
CONSTANT(KMODE_EXCEPTION_NOT_HANDLED), // 0x1e
CONSTANT(KERNEL_APC_PENDING_DURING_EXIT), // 0x20
CONSTANT(PANIC_STACK_SWITCH), // 0x2b
CONSTANT(DATA_BUS_ERROR), // 0x2e
CONSTANT(INSTRUCTION_BUS_ERROR), // 0x2f
CONSTANT(SYSTEM_EXIT_OWNED_MUTEX), // 0x39
//CONSTANT(SYSTEM_UNWIND_PREVIOUS_USER), // 0x3a
//CONSTANT(SYSTEM_SERVICE_EXCEPTION), // 0x3b
//CONSTANT(INTERRUPT_UNWIND_ATTEMPTED), // 0x3c
//CONSTANT(INTERRUPT_EXCEPTION_NOT_HANDLED), // 0x3d
CONSTANT(PAGE_FAULT_WITH_INTERRUPTS_OFF), // 0x49
CONSTANT(IRQL_GT_ZERO_AT_SYSTEM_SERVICE), // 0x4a
CONSTANT(DATA_COHERENCY_EXCEPTION), // 0x55
CONSTANT(INSTRUCTION_COHERENCY_EXCEPTION), // 0x56
CONSTANT(HAL1_INITIALIZATION_FAILED), // 0x61
CONSTANT(UNEXPECTED_KERNEL_MODE_TRAP), // 0x7f
CONSTANT(NMI_HARDWARE_FAILURE), // 0x80
CONSTANT(SPIN_LOCK_INIT_FAILURE), // 0x81
CONSTANT(ATTEMPTED_SWITCH_FROM_DPC), // 0xb8
//CONSTANT(MUTEX_ALREADY_OWNED), // 0xbf
//CONSTANT(HARDWARE_INTERRUPT_STORM), // 0xf2
//CONSTANT(RECURSIVE_MACHINE_CHECK), // 0xfb
//CONSTANT(RECURSIVE_NMI), // 0x111
CONSTANT(KERNEL_SECURITY_CHECK_FAILURE), // 0x139
//CONSTANT(UNSUPPORTED_INSTRUCTION_MODE), // 0x151
//CONSTANT(BUGCHECK_CONTEXT_MODIFIER), // 0x80000000
HEADER("Breakpoints"),
CONSTANT(BREAKPOINT_BREAK),
CONSTANT(BREAKPOINT_PRINT),
@ -15,10 +53,10 @@ HEADER("Context Frame Flags"),
CONSTANT(CONTEXT_FULL),
CONSTANT(CONTEXT_CONTROL),
CONSTANT(CONTEXT_INTEGER),
#ifndef _M_ARM
CONSTANT(CONTEXT_SEGMENTS),
CONSTANT(CONTEXT_FLOATING_POINT),
CONSTANT(CONTEXT_DEBUG_REGISTERS),
#if defined(_M_IX86) || defined(_M_AMD64)
CONSTANT(CONTEXT_SEGMENTS),
#endif
HEADER("Exception flags"),
@ -35,7 +73,7 @@ CONSTANT(EXCEPTION_CONTINUE_SEARCH),
CONSTANT(EXCEPTION_CONTINUE_EXECUTION),
#ifdef _X86_
CONSTANT(EXCEPTION_CHAIN_END),
//CONSTANT(FIXED_NTVDMSTATE_LINEAR),
//CONSTANT(FIXED_NTVDMSTATE_LINEAR), /// FIXME ???
#endif
HEADER("Exception types"),
@ -44,22 +82,80 @@ CONSTANT(ExceptionContinueSearch),
CONSTANT(ExceptionNestedException),
CONSTANT(ExceptionCollidedUnwind),
HEADER("Fast Fail Constants"),
CONSTANT(FAST_FAIL_GUARD_ICALL_CHECK_FAILURE),
//CONSTANT(FAST_FAIL_INVALID_BUFFER_ACCESS),
#ifdef _M_ASM64
CONSTANT(FAST_FAIL_INVALID_JUMP_BUFFER),
CONSTANT(FAST_FAIL_INVALID_SET_OF_CONTEXT),
#endif // _M_ASM64
HEADER("Interrupt object types"),
CONSTANTX(InLevelSensitive, LevelSensitive),
CONSTANTX(InLatched, Latched),
HEADER("IPI"),
#ifndef _M_AMD64
CONSTANT(IPI_APC),
CONSTANT(IPI_DPC),
CONSTANT(IPI_FREEZE),
CONSTANT(IPI_PACKET_READY),
#endif // _M_AMD64
#ifdef _M_IX86
CONSTANT(IPI_SYNCH_REQUEST),
#endif // _M_IX86
HEADER("IRQL"),
CONSTANT(PASSIVE_LEVEL),
CONSTANT(APC_LEVEL),
CONSTANT(DISPATCH_LEVEL),
#ifdef _M_AMD64
CONSTANT(CLOCK_LEVEL),
#elif defined(_M_IX86)
CONSTANT(CLOCK1_LEVEL),
CONSTANT(CLOCK2_LEVEL),
#endif
CONSTANT(IPI_LEVEL),
CONSTANT(POWER_LEVEL),
CONSTANT(PROFILE_LEVEL),
CONSTANT(HIGH_LEVEL),
RAW("#ifdef NT_UP"),
{TYPE_CONSTANT, "SYNCH_LEVEL", DISPATCH_LEVEL},
RAW("#else"),
{TYPE_CONSTANT, "SYNCH_LEVEL", (IPI_LEVEL - 2)},
RAW("#endif"),
#if (NTDDI_VERSION >= NTDDI_VISTA)
HEADER("Entropy Timing Constants"),
CONSTANT(KENTROPY_TIMING_INTERRUPTS_PER_BUFFER),
CONSTANT(KENTROPY_TIMING_BUFFER_MASK),
CONSTANT(KENTROPY_TIMING_ANALYSIS),
#endif
HEADER("Lock Queue"),
CONSTANT(LOCK_QUEUE_WAIT),
CONSTANT(LOCK_QUEUE_OWNER),
CONSTANT(LockQueueDispatcherLock),
CONSTANT(LockQueueDispatcherLock), /// FIXE: obsolete
//HEADER("Performance Definitions"),
//CONSTANT(PERF_CONTEXTSWAP_OFFSET),
//CONSTANT(PERF_CONTEXTSWAP_FLAG),
//CONSTANT(PERF_INTERRUPT_OFFSET),
//CONSTANT(PERF_INTERRUPT_FLAG),
//CONSTANT(PERF_PROFILE_OFFSET),
//CONSTANT(PERF_PROFILE_FLAG),
//CONSTANT(PERF_SYSCALL_OFFSET),
//CONSTANT(PERF_SYSCALL_FLAG),
//CONSTANT(PERF_SPINLOCK_OFFSET),
//CONSTANT(PERF_SPINLOCK_FLAG),
#ifndef _M_ARM
//CONSTANT(PERF_PROFILE_OFFSET), /// FIXE: obsolete
//CONSTANT(PERF_PROFILE_FLAG), /// FIXE: obsolete
//CONSTANT(PERF_SPINLOCK_OFFSET), /// FIXE: obsolete
//CONSTANT(PERF_SPINLOCK_FLAG), /// FIXE: obsolete
#endif
#ifdef _M_IX86
//CONSTANT(PERF_IPI_OFFSET), // 00008H
//CONSTANT(PERF_IPI_FLAG), // 0400000H
//CONSTANT(PERF_IPI), // 040400000H
//CONSTANT(PERF_INTERRUPT), // 020004000H
#endif
//CONSTANT(NTOS_YIELD_MACRO),
HEADER("Process states"),
@ -71,6 +167,13 @@ HEADER("Processor mode"),
CONSTANT(KernelMode),
CONSTANT(UserMode),
HEADER("Service Table Constants"),
CONSTANT(NUMBER_SERVICE_TABLES),
CONSTANT(SERVICE_NUMBER_MASK),
CONSTANT(SERVICE_TABLE_SHIFT),
CONSTANT(SERVICE_TABLE_MASK),
CONSTANT(SERVICE_TABLE_TEST),
HEADER("Status codes"),
CONSTANT(STATUS_ACCESS_VIOLATION),
CONSTANT(STATUS_ASSERTION_FAILURE),
@ -105,7 +208,9 @@ CONSTANT(STATUS_IN_PAGE_ERROR),
CONSTANT(STATUS_KERNEL_APC),
CONSTANT(STATUS_LONGJUMP),
CONSTANT(STATUS_NO_CALLBACK_ACTIVE),
CONSTANT(STATUS_NO_EVENT_PAIR),
#ifndef _M_ARM
CONSTANT(STATUS_NO_EVENT_PAIR), /// FIXME: obsolete
#endif
CONSTANT(STATUS_PRIVILEGED_INSTRUCTION),
CONSTANT(STATUS_SINGLE_STEP),
CONSTANT(STATUS_STACK_BUFFER_OVERRUN),
@ -116,8 +221,28 @@ CONSTANT(STATUS_TIMEOUT),
CONSTANT(STATUS_UNWIND),
CONSTANT(STATUS_UNWIND_CONSOLIDATE),
CONSTANT(STATUS_USER_APC),
CONSTANT(STATUS_WAKE_SYSTEM),
CONSTANT(STATUS_WAKE_SYSTEM_DEBUGGER),
//HEADER("Thread flags"),
//CONSTANT(THREAD_FLAGS_CYCLE_PROFILING),
//CONSTANT(THREAD_FLAGS_CYCLE_PROFILING_LOCK_BIT),
//CONSTANT(THREAD_FLAGS_CYCLE_PROFILING_LOCK),
//CONSTANT(THREAD_FLAGS_COUNTER_PROFILING),
//CONSTANT(THREAD_FLAGS_COUNTER_PROFILING_LOCK_BIT),
//CONSTANT(THREAD_FLAGS_COUNTER_PROFILING_LOCK),
//CONSTANT(THREAD_FLAGS_CPU_THROTTLED), /// FIXME: obsolete
//CONSTANT(THREAD_FLAGS_CPU_THROTTLED_BIT), /// FIXME: obsolete
//CONSTANT(THREAD_FLAGS_ACCOUNTING_CSWITCH),
//CONSTANT(THREAD_FLAGS_ACCOUNTING_INTERRUPT),
//CONSTANT(THREAD_FLAGS_ACCOUNTING_ANY),
//CONSTANT(THREAD_FLAGS_GROUP_SCHEDULING),
//CONSTANT(THREAD_FLAGS_AFFINITY_SET),
#ifdef _M_IX86
//CONSTANT(THREAD_FLAGS_INSTRUMENTED), // 0x0040
//CONSTANT(THREAD_FLAGS_INSTRUMENTED_PROFILING), // 0x0041
#endif // _M_IX86
HEADER("TLS defines"),
CONSTANT(TLS_MINIMUM_AVAILABLE),
CONSTANT(TLS_EXPANSION_SLOTS),
@ -129,99 +254,44 @@ CONSTANT(Running),
CONSTANT(Standby),
CONSTANT(Terminated),
CONSTANT(Waiting),
#ifdef _M_ARM
CONSTANT(Transition),
CONSTANT(DeferredReady),
//CONSTANT(GateWaitObsolete),
#endif // _M_ARM
HEADER("Wait type / reason"),
CONSTANT(WrExecutive),
CONSTANT(WrMutex),
CONSTANT(WrMutex), /// FIXME: Obsolete
CONSTANT(WrDispatchInt),
CONSTANT(WrQuantumEnd),
CONSTANT(WrEventPair),
CONSTANT(WrQuantumEnd), /// FIXME: Obsolete
CONSTANT(WrEventPair), /// FIXME: Obsolete
CONSTANT(WaitAny),
CONSTANT(WaitAll),
HEADER("Interrupt object types"),
CONSTANTX(InLevelSensitive, LevelSensitive),
CONSTANTX(InLatched, Latched),
HEADER("Bug Check Codes"),
CONSTANT(APC_INDEX_MISMATCH),
CONSTANT(INVALID_AFFINITY_SET),
CONSTANT(INVALID_DATA_ACCESS_TRAP),
CONSTANT(IRQL_NOT_GREATER_OR_EQUAL),
CONSTANT(IRQL_NOT_LESS_OR_EQUAL),
CONSTANT(NO_USER_MODE_CONTEXT),
CONSTANT(SPIN_LOCK_ALREADY_OWNED),
CONSTANT(SPIN_LOCK_NOT_OWNED),
CONSTANT(THREAD_NOT_MUTEX_OWNER),
CONSTANT(TRAP_CAUSE_UNKNOWN),
CONSTANT(KMODE_EXCEPTION_NOT_HANDLED),
CONSTANT(KERNEL_APC_PENDING_DURING_EXIT),
CONSTANT(PANIC_STACK_SWITCH),
CONSTANT(DATA_BUS_ERROR),
CONSTANT(INSTRUCTION_BUS_ERROR),
CONSTANT(SYSTEM_EXIT_OWNED_MUTEX),
//CONSTANT(SYSTEM_UNWIND_PREVIOUS_USER),
//CONSTANT(SYSTEM_SERVICE_EXCEPTION),
//CONSTANT(INTERRUPT_UNWIND_ATTEMPTED),
//CONSTANT(INTERRUPT_EXCEPTION_NOT_HANDLED),
CONSTANT(PAGE_FAULT_WITH_INTERRUPTS_OFF),
CONSTANT(IRQL_GT_ZERO_AT_SYSTEM_SERVICE),
CONSTANT(DATA_COHERENCY_EXCEPTION),
CONSTANT(INSTRUCTION_COHERENCY_EXCEPTION),
CONSTANT(HAL1_INITIALIZATION_FAILED),
CONSTANT(UNEXPECTED_KERNEL_MODE_TRAP),
CONSTANT(NMI_HARDWARE_FAILURE),
CONSTANT(SPIN_LOCK_INIT_FAILURE),
CONSTANT(ATTEMPTED_SWITCH_FROM_DPC),
//CONSTANT(MUTEX_ALREADY_OWNED),
//CONSTANT(HARDWARE_INTERRUPT_STORM),
//CONSTANT(RECURSIVE_MACHINE_CHECK),
//CONSTANT(RECURSIVE_NMI),
HEADER("IRQL"),
CONSTANT(PASSIVE_LEVEL),
CONSTANT(APC_LEVEL),
CONSTANT(DISPATCH_LEVEL),
#ifdef _M_AMD64
CONSTANT(CLOCK_LEVEL),
#else
CONSTANT(CLOCK1_LEVEL),
CONSTANT(CLOCK2_LEVEL),
#endif
CONSTANT(IPI_LEVEL),
CONSTANT(POWER_LEVEL),
CONSTANT(PROFILE_LEVEL),
CONSTANT(HIGH_LEVEL),
RAW("#ifdef NT_UP"),
{TYPE_CONSTANT, "SYNCH_LEVEL", DISPATCH_LEVEL},
RAW("#else"),
{TYPE_CONSTANT, "SYNCH_LEVEL", (IPI_LEVEL - 2)},
RAW("#endif"),
HEADER("Stack sizes"),
CONSTANT(KERNEL_STACK_SIZE),
CONSTANT(KERNEL_STACK_SIZE), /// FIXME: Obsolete
CONSTANT(KERNEL_LARGE_STACK_SIZE),
CONSTANT(KERNEL_LARGE_STACK_COMMIT),
CONSTANT(KERNEL_LARGE_STACK_COMMIT), /// FIXME: Obsolete
//CONSTANT(DOUBLE_FAULT_STACK_SIZE),
#ifdef _M_AMD64
CONSTANT(KERNEL_MCA_EXCEPTION_STACK_SIZE),
CONSTANT(NMI_STACK_SIZE),
CONSTANT(ISR_STACK_SIZE),
#endif
//HEADER("Thread flags"),
//CONSTANT(THREAD_FLAGS_CYCLE_PROFILING),
//CONSTANT(THREAD_FLAGS_CYCLE_PROFILING_LOCK_BIT),
//CONSTANT(THREAD_FLAGS_CYCLE_PROFILING_LOCK),
//CONSTANT(THREAD_FLAGS_COUNTER_PROFILING),
//CONSTANT(THREAD_FLAGS_COUNTER_PROFILING_LOCK_BIT),
//CONSTANT(THREAD_FLAGS_COUNTER_PROFILING_LOCK),
//CONSTANT(THREAD_FLAGS_CPU_THROTTLED),
//CONSTANT(THREAD_FLAGS_CPU_THROTTLED_BIT),
//CONSTANT(THREAD_FLAGS_ACCOUNTING_ANY),
//CONSTANT(KTHREAD_AUTO_ALIGNMENT_BIT),
//CONSTANT(KTHREAD_GUI_THREAD_MASK),
//CONSTANT(KTHREAD_SYSTEM_THREAD_BIT),
//CONSTANT(KTHREAD_QUEUE_DEFER_PREEMPTION_BIT),
HEADER("Miscellaneous Definitions"),
CONSTANT(TRUE),
CONSTANT(FALSE),
CONSTANT(PAGE_SIZE),
CONSTANT(Executive),
//CONSTANT(BASE_PRIORITY_THRESHOLD),
//CONSTANT(EVENT_PAIR_INCREMENT),
//CONSTANT(EVENT_PAIR_INCREMENT), /// FIXME: obsolete
CONSTANT(LOW_REALTIME_PRIORITY),
CONSTANT(CLOCK_QUANTUM_DECREMENT),
//CONSTANT(READY_SKIP_QUANTUM),
@ -230,49 +300,47 @@ CONSTANT(WAIT_QUANTUM_DECREMENT),
//CONSTANT(ROUND_TRIP_DECREMENT_COUNT),
CONSTANT(MAXIMUM_PROCESSORS),
CONSTANT(INITIAL_STALL_COUNT),
//CONSTANT(EXCEPTION_EXECUTE_FAULT),
//CONSTANT(KCACHE_ERRATA_MONITOR_FLAGS),
//CONSTANT(KI_EXCEPTION_GP_FAULT),
//CONSTANT(KI_EXCEPTION_INVALID_OP),
//CONSTANT(KI_EXCEPTION_INTEGER_DIVIDE_BY_ZERO),
//CONSTANT(EXCEPTION_EXECUTE_FAULT), // amd64
//CONSTANT(KCACHE_ERRATA_MONITOR_FLAGS), // not arm
//CONSTANT(KI_DPC_ALL_FLAGS),
//CONSTANT(KI_DPC_ANY_DPC_ACTIVE),
//CONSTANT(KI_DPC_INTERRUPT_FLAGS), // 0x2f arm and x64
//CONSTANT(KI_EXCEPTION_GP_FAULT), // not i386
//CONSTANT(KI_EXCEPTION_INVALID_OP), // not i386
//CONSTANT(KI_EXCEPTION_INTEGER_DIVIDE_BY_ZERO), // amd64
CONSTANT(KI_EXCEPTION_ACCESS_VIOLATION),
//CONSTANT(TARGET_FREEZE),
//CONSTANT(BlackHole),
CONSTANT(Executive),
CONSTANT(FALSE),
CONSTANT(TRUE),
//CONSTANT(KINTERRUPT_STATE_DISABLED_BIT),
//CONSTANT(KINTERRUPT_STATE_DISABLED),
//CONSTANT(TARGET_FREEZE), // amd64
//CONSTANT(BlackHole), // FIXME: obsolete
CONSTANT(DBG_STATUS_CONTROL_C),
//CONSTANTPTR(USER_SHARED_DATA), // FIXME: we need the kernel mode address here!
//CONSTANT(MM_SHARED_USER_DATA_VA),
CONSTANT(PAGE_SIZE),
//CONSTANT(KERNEL_STACK_CONTROL_LARGE_STACK),
//CONSTANT(KI_DPC_ALL_FLAGS),
//CONSTANT(DISPATCH_LENGTH),
//CONSTANT(MAXIMUM_PRIMARY_VECTOR),
//CONSTANT(KTHREAD_AUTO_ALIGNMENT_BIT),
//CONSTANT(KTHREAD_GUI_THREAD_MASK),
//CONSTANT(KI_SLIST_FAULT_COUNT_MAXIMUM),
//CONSTANT(KERNEL_STACK_CONTROL_LARGE_STACK), // FIXME: obsolete
//CONSTANT(DISPATCH_LENGTH), // FIXME: obsolete
//CONSTANT(MAXIMUM_PRIMARY_VECTOR), // not arm
//CONSTANT(KI_SLIST_FAULT_COUNT_MAXIMUM), // i386
//CONSTANTUSER_CALLBACK_FILTER),
#ifndef _M_ARM
CONSTANT(MAXIMUM_IDTVECTOR),
//CONSTANT(MAXIMUM_PRIMARY_VECTOR),
CONSTANT(PRIMARY_VECTOR_BASE),
CONSTANT(RPL_MASK),
CONSTANT(MODE_MASK),
CONSTANT(NUMBER_SERVICE_TABLES),
CONSTANT(SERVICE_NUMBER_MASK),
CONSTANT(SERVICE_TABLE_SHIFT),
CONSTANT(SERVICE_TABLE_MASK),
CONSTANT(SERVICE_TABLE_TEST),
//MODE_BIT equ 00000H amd64
//LDT_MASK equ 00004H amd64
#endif
/* STRUCTURE OFFSETS *********************************************************/
//HEADER("KAFFINITY_EX"),
//OFFSET(AfCount, KAFFINITY_EX, Count),
//OFFSET(AfBitmap, KAFFINITY_EX, Bitmap),
//HEADER("Aligned Affinity"),
//OFFSET(AfsCpuSet, ???, CpuSet),
//OFFSET(AfsCpuSet, ???, CpuSet), // FIXME: obsolete
HEADER("KAPC"),
OFFSET(ApType, KAPC, Type),
@ -290,10 +358,17 @@ OFFSET(ApApcMode, KAPC, ApcMode),
OFFSET(ApInserted, KAPC, Inserted),
SIZE(ApcObjectLength, KAPC),
HEADER("KAPC offsets (relative to NormalRoutine)"),
RELOFFSET(ArNormalRoutine, KAPC, NormalRoutine, NormalRoutine),
RELOFFSET(ArNormalContext, KAPC, NormalContext, NormalRoutine),
RELOFFSET(ArSystemArgument1, KAPC, SystemArgument1, NormalRoutine),
RELOFFSET(ArSystemArgument2, KAPC, SystemArgument2, NormalRoutine),
CONSTANTX(ApcRecordLength, 4 * sizeof(PVOID)),
HEADER("KAPC_STATE"),
OFFSET(AsApcListHead, KAPC_STATE, ApcListHead),
OFFSET(AsProcess, KAPC_STATE, Process),
OFFSET(AsKernelApcInProgress, KAPC_STATE, KernelApcInProgress),
OFFSET(AsKernelApcInProgress, KAPC_STATE, KernelApcInProgress), // FIXME: obsolete
OFFSET(AsKernelApcPending, KAPC_STATE, KernelApcPending),
OFFSET(AsUserApcPending, KAPC_STATE, UserApcPending),
@ -351,13 +426,21 @@ OFFSET(ErExceptionAddress, EXCEPTION_RECORD, ExceptionAddress),
OFFSET(ErNumberParameters, EXCEPTION_RECORD, NumberParameters),
OFFSET(ErExceptionInformation, EXCEPTION_RECORD, ExceptionInformation),
SIZE(ExceptionRecordLength, EXCEPTION_RECORD),
SIZE(EXCEPTION_RECORD_LENGTH, EXCEPTION_RECORD),
SIZE(EXCEPTION_RECORD_LENGTH, EXCEPTION_RECORD), // not 1386
HEADER("EPROCESS"),
OFFSET(EpDebugPort, EPROCESS, DebugPort),
#if defined(_M_IX86)
OFFSET(EpVdmObjects, EPROCESS, VdmObjects),
#elif defined(_M_AMD64)
OFFSET(EpWow64Process, EPROCESS, Wow64Process),
#endif
SIZE(ExecutiveProcessObjectLength, EPROCESS),
HEADER("ETHREAD offsets"),
OFFSET(EtCid, ETHREAD, Cid), // 0x364
SIZE(ExecutiveThreadObjectLength, ETHREAD), // 0x418
HEADER("KEVENT"),
OFFSET(EvType, KEVENT, Header.Type),
OFFSET(EvSize, KEVENT, Header.Size),
@ -365,13 +448,31 @@ OFFSET(EvSignalState, KEVENT, Header.SignalState),
OFFSET(EvWaitListHead, KEVENT, Header.WaitListHead),
SIZE(EventObjectLength, KEVENT),
HEADER("FIBER"),
OFFSET(FbFiberData, FIBER, FiberData),
OFFSET(FbExceptionList, FIBER, ExceptionList),
OFFSET(FbStackBase, FIBER, StackBase),
OFFSET(FbStackLimit, FIBER, StackLimit),
OFFSET(FbDeallocationStack, FIBER, DeallocationStack),
OFFSET(FbFiberContext, FIBER, FiberContext),
//OFFSET(FbWx86Tib, FIBER, Wx86Tib),
//OFFSET(FbActivationContextStackPointer, FIBER, ActivationContextStackPointer),
OFFSET(FbFlsData, FIBER, FlsData),
OFFSET(FbGuaranteedStackBytes, FIBER, GuaranteedStackBytes),
//OFFSET(FbTebFlags, FIBER, TebFlags),
HEADER("FAST_MUTEX"),
OFFSET(FmCount, FAST_MUTEX, Count),
OFFSET(FmOwner, FAST_MUTEX, Owner),
OFFSET(FmContention, FAST_MUTEX, Contention),
//OFFSET(FmGate, FAST_MUTEX, Gate),
//OFFSET(FmGate, FAST_MUTEX, Gate), // obsolete
OFFSET(FmOldIrql, FAST_MUTEX, OldIrql),
#ifndef _M_ARM
HEADER("GETSETCONTEXT offsets"), // GET_SET_CTX_CONTEXT
OFFSET(GetSetCtxContextPtr, GETSETCONTEXT, Context),
#endif // _M_ARM
HEADER("KINTERRUPT"),
OFFSET(InType, KINTERRUPT, Type),
OFFSET(InSize, KINTERRUPT, Size),
@ -389,33 +490,40 @@ OFFSET(InFloatingSave, KINTERRUPT, FloatingSave),
OFFSET(InConnected, KINTERRUPT, Connected),
OFFSET(InNumber, KINTERRUPT, Number),
OFFSET(InShareVector, KINTERRUPT, ShareVector),
//OFFSET(InInternalState, KINTERRUPT, InternalState),
OFFSET(InMode, KINTERRUPT, Mode),
OFFSET(InServiceCount, KINTERRUPT, ServiceCount),
OFFSET(InDispatchCount, KINTERRUPT, DispatchCount),
//OFFSET(InTrapFrame, KINTERRUPT, TrapFrame),
OFFSET(InDispatchCode, KINTERRUPT, DispatchCode),
//OFFSET(InTrapFrame, KINTERRUPT, TrapFrame), // amd64
OFFSET(InDispatchCode, KINTERRUPT, DispatchCode), // obsolete
SIZE(InterruptObjectLength, KINTERRUPT),
#ifdef _M_AMD64
HEADER("IO_STATUS_BLOCK"),
OFFSET(IoStatus, IO_STATUS_BLOCK, Status),
OFFSET(IoPointer, IO_STATUS_BLOCK, Pointer),
OFFSET(IoInformation, IO_STATUS_BLOCK, Information),
#endif /* _M_AMD64 */
//HEADER("KERNEL_STACK_CONTROL"),
#ifdef _M_IX86
// Kernel Stack Control Structure Offset (relative to initial stack pointer) Definitions
//RELOFFSET(KcPreviousBase, KERNEL_STACK_CONTROL, PreviousBase, ???), -40
//RELOFFSET(KcPreviousLimit, KERNEL_STACK_CONTROL, PreviousBase, ???), -36
//RELOFFSET(KcPreviousKernel, KERNEL_STACK_CONTROL, PreviousBase, ???), -32
//RELOFFSET(KcPreviousInitial, KERNEL_STACK_CONTROL, PreviousBase, ???), -28
#if (NTDDI_VERSION >= NTDDI_WIN8)
HEADER("KSTACK_CONTROL"),
OFFSET(KcCurrentBase, KSTACK_CONTROL, StackBase),
OFFSET(KcActualLimit, KSTACK_CONTROL, ActualLimit),
OFFSET(KcPreviousBase, KSTACK_CONTROL, Previous.StackBase),
OFFSET(KcPreviousLimit, KSTACK_CONTROL, Previous.StackLimit),
OFFSET(KcPreviousKernel, KSTACK_CONTROL, Previous.KernelStack),
OFFSET(KcPreviousInitial, KSTACK_CONTROL, Previous.InitialStack),
#ifdef _IX86
OFFSET(KcTrapFrame, KSTACK_CONTROL, PreviousTrapFrame),
OFFSET(KcExceptionList, KSTACK_CONTROL, PreviousExceptionList),
#endif // _IX86
SIZE(KSTACK_CONTROL_LENGTH, KSTACK_CONTROL),
CONSTANT(KSTACK_ACTUAL_LIMIT_EXPANDED), // move somewhere else?
#else
//OFFSET(KcPreviousBase, KERNEL_STACK_CONTROL, PreviousBase),
//OFFSET(KcPreviousLimit, KERNEL_STACK_CONTROL, PreviousLimit),
//OFFSET(KcPreviousKernel, KERNEL_STACK_CONTROL, PreviousKernel),
//OFFSET(KcPreviousInitial, KERNEL_STACK_CONTROL, PreviousInitial),
//SIZE(KERNEL_STACK_CONTROL_LENGTH, KERNEL_STACK_CONTROL),
//HEADER("KERNEL_STACK_CONTROL"),
#endif
#if 0 // no longer in win 10, different struct
HEADER("KNODE"),
//OFFSET(KnRight, KNODE, Right),
//OFFSET(KnLeft, KNODE, Left),
@ -425,47 +533,40 @@ OFFSET(KnColor, KNODE, Color),
OFFSET(KnSeed, KNODE, Seed),
OFFSET(KnNodeNumber, KNODE, NodeNumber),
OFFSET(KnFlags, KNODE, Flags),
OFFSET(knMmShiftedColor, KNODE, MmShiftedColor),
OFFSET(KnMmShiftedColor, KNODE, MmShiftedColor),
OFFSET(KnFreeCount, KNODE, FreeCount),
OFFSET(KnPfnDeferredList, KNODE, PfnDeferredList),
SIZE(KNODE_SIZE, KNODE),
#endif
HEADER("KSPIN_LOCK_QUEUE"),
OFFSET(LqNext, KSPIN_LOCK_QUEUE, Next),
OFFSET(LqLock, KSPIN_LOCK_QUEUE, Lock),
SIZE(LOCK_QUEUE_HEADER_SIZE, KSPIN_LOCK_QUEUE),
HEADER("KLOCK_QUEUE_HANDLE"),
OFFSET(LqhLockQueue, KLOCK_QUEUE_HANDLE, LockQueue),
OFFSET(LqhNext, KLOCK_QUEUE_HANDLE, LockQueue.Next),
OFFSET(LqhLock, KLOCK_QUEUE_HANDLE, LockQueue.Lock),
OFFSET(LqhOldIrql, KLOCK_QUEUE_HANDLE, OldIrql),
SIZE(LOCK_QUEUE_HEADER_SIZE, KLOCK_QUEUE_HANDLE),
HEADER("LARGE_INTEGER"),
OFFSET(LiLowPart, LARGE_INTEGER, LowPart),
OFFSET(LiHighPart, LARGE_INTEGER, HighPart),
#if 0
HEADER("LOADER_PARAMETER_BLOCK (rel. to LoadOrderListHead)"),
RELOFFSET(LpbLoadOrderListHead, LOADER_PARAMETER_BLOCK, LoadOrderListHead, LoadOrderListHead),
RELOFFSET(LpbMemoryDescriptorListHead, LOADER_PARAMETER_BLOCK, MemoryDescriptorListHead, LoadOrderListHead),
RELOFFSET(LpbKernelStack, LOADER_PARAMETER_BLOCK, KernelStack, LoadOrderListHead),
RELOFFSET(LpbPrcb, LOADER_PARAMETER_BLOCK, Prcb, LoadOrderListHead),
RELOFFSET(LpbProcess, LOADER_PARAMETER_BLOCK, Process, LoadOrderListHead),
RELOFFSET(LpbThread, LOADER_PARAMETER_BLOCK, Thread, LoadOrderListHead),
RELOFFSET(LpbI386, LOADER_PARAMETER_BLOCK, u.I386, LoadOrderListHead),
RELOFFSET(LpbRegistryLength, LOADER_PARAMETER_BLOCK, RegistryLength, LoadOrderListHead),
RELOFFSET(LpbRegistryBase, LOADER_PARAMETER_BLOCK, RegistryBase, LoadOrderListHead),
RELOFFSET(LpbConfigurationRoot, LOADER_PARAMETER_BLOCK, ConfigurationRoot, LoadOrderListHead),
RELOFFSET(LpbArcBootDeviceName, LOADER_PARAMETER_BLOCK, ArcBootDeviceName, LoadOrderListHead),
RELOFFSET(LpbArcHalDeviceName, LOADER_PARAMETER_BLOCK, ArcHalDeviceName, LoadOrderListHead),
RELOFFSET(LpbLoadOptions, LOADER_PARAMETER_BLOCK, LoadOptions, LoadOrderListHead),
RELOFFSET(LpbExtension, LOADER_PARAMETER_BLOCK, Extension, LoadOrderListHead),
#endif
HEADER("LIST_ENTRY"),
OFFSET(LsFlink, LIST_ENTRY, Flink),
OFFSET(LsBlink, LIST_ENTRY, Blink),
HEADER("PEB"),
OFFSET(PeBeingDebugged, PEB, BeingDebugged),
OFFSET(PeProcessParameters, PEB, ProcessParameters),
OFFSET(PeKernelCallbackTable, PEB, KernelCallbackTable),
SIZE(ProcessEnvironmentBlockLength, PEB),
@ -484,7 +585,7 @@ OFFSET(PfSource, KPROFILE, Source),
OFFSET(PfStarted, KPROFILE, Started),
SIZE(ProfileObjectLength, KPROFILE),
HEADER("PORT_MESSAGE"),
HEADER("PORT_MESSAGE"), // whole thing obsolete in win10
OFFSET(PmLength, PORT_MESSAGE, u1.Length),
OFFSET(PmZeroInit, PORT_MESSAGE, u2.ZeroInit),
OFFSET(PmClientId, PORT_MESSAGE, ClientId),
@ -500,36 +601,41 @@ OFFSET(PrSize, KPROCESS, Header.Size),
OFFSET(PrSignalState, KPROCESS, Header.SignalState),
OFFSET(PrProfileListHead, KPROCESS, ProfileListHead),
OFFSET(PrDirectoryTableBase, KPROCESS, DirectoryTableBase),
#ifdef _M_IX86
#ifdef _M_ARM
//OFFSET(PrPageDirectory, KPROCESS, PageDirectory),
#elif defined(_M_IX86)
OFFSET(PrLdtDescriptor, KPROCESS, LdtDescriptor),
OFFSET(PrIopmOffset, KPROCESS, IopmOffset),
OFFSET(PrInt21Descriptor, KPROCESS, Int21Descriptor),
OFFSET(PrVdmTrapcHandler, KPROCESS, VdmTrapcHandler),
//OFFSET(PrVdmObjects, KPROCESS, VdmObjects),
OFFSET(PrFlags, KPROCESS, Flags),
#endif
//OFFSET(PrInstrumentationCallback, KPROCESS, InstrumentationCallback),
OFFSET(PrActiveProcessors, KPROCESS, ActiveProcessors),
OFFSET(PrKernelTime, KPROCESS, KernelTime),
OFFSET(PrUserTime, KPROCESS, UserTime),
OFFSET(PrThreadListHead, KPROCESS, ThreadListHead),
OFFSET(PrAffinity, KPROCESS, Affinity),
OFFSET(PrReadyListHead, KPROCESS, ReadyListHead),
OFFSET(PrSwapListEntry, KPROCESS, SwapListEntry),
OFFSET(PrThreadListHead, KPROCESS, ThreadListHead),
OFFSET(PrProcessLock, KPROCESS, ProcessLock),
OFFSET(PrAffinity, KPROCESS, Affinity),
OFFSET(PrActiveProcessors, KPROCESS, ActiveProcessors),
OFFSET(PrProcessFlags, KPROCESS, ProcessFlags),
OFFSET(PrBasePriority, KPROCESS, BasePriority),
OFFSET(PrQuantumReset, KPROCESS, QuantumReset),
OFFSET(PrState, KPROCESS, State),
OFFSET(PrStackCount, KPROCESS, StackCount),
#if defined(_M_IX86)
OFFSET(PrIopmOffset, KPROCESS, IopmOffset),
#endif
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
OFFSET(PrCycleTime, KPROCESS, CycleTime),
#endif
OFFSET(PrKernelTime, KPROCESS, KernelTime),
OFFSET(PrUserTime, KPROCESS, UserTime),
#if defined(_M_AMD64) || defined(_M_ARM)
//OFFSET(PrInstrumentationCallback, KPROCESS, InstrumentationCallback),
#elif defined(_M_IX86)
OFFSET(PrVdmTrapcHandler, KPROCESS, VdmTrapcHandler),
//OFFSET(PrVdmObjects, KPROCESS, VdmObjects),
OFFSET(PrFlags, KPROCESS, Flags),
//PrInstrumentationCallback equ 0031CH // ???
#endif
SIZE(KernelProcessObjectLength, KPROCESS),
HEADER("KQUEUE"),
OFFSET(QuType, KQUEUE, Header.Type),
OFFSET(QuSize, KQUEUE, Header.Size),
OFFSET(QuType, KQUEUE, Header.Type), // not in win10
OFFSET(QuSize, KQUEUE, Header.Size), // not in win10
OFFSET(QuSignalState, KQUEUE, Header.SignalState),
OFFSET(QuEntryListHead, KQUEUE, EntryListHead),
OFFSET(QuCurrentCount, KQUEUE, CurrentCount),
@ -537,15 +643,23 @@ OFFSET(QuMaximumCount, KQUEUE, MaximumCount),
OFFSET(QuThreadListHead, KQUEUE, ThreadListHead),
SIZE(QueueObjectLength, KQUEUE),
HEADER("KSERVICE_TABLE_DESCRIPTOR offsets"),
OFFSET(SdBase, KSERVICE_TABLE_DESCRIPTOR, Base),
OFFSET(SdCount, KSERVICE_TABLE_DESCRIPTOR, Count), // not in win10
OFFSET(SdLimit, KSERVICE_TABLE_DESCRIPTOR, Limit),
OFFSET(SdNumber, KSERVICE_TABLE_DESCRIPTOR, Number),
SIZE(SdLength, KSERVICE_TABLE_DESCRIPTOR),
HEADER("STRING"),
OFFSET(StrLength, STRING, Length),
OFFSET(StrMaximumLength, STRING, MaximumLength),
OFFSET(StrBuffer, STRING, Buffer),
HEADER("TEB"),
OFFSET(TeCmTeb, TEB, NtTib),
#ifdef _M_IX86
#if defined(_M_IX86)
OFFSET(TeExceptionList, TEB, NtTib.ExceptionList),
#elif defined(_M_AMD64)
OFFSET(TeCmTeb, TEB, NtTib),
#endif
OFFSET(TeStackBase, TEB, NtTib.StackBase),
OFFSET(TeStackLimit, TEB, NtTib.StackLimit),
@ -555,13 +669,19 @@ OFFSET(TeEnvironmentPointer, TEB, EnvironmentPointer),
OFFSET(TeClientId, TEB, ClientId),
OFFSET(TeActiveRpcHandle, TEB, ActiveRpcHandle),
OFFSET(TeThreadLocalStoragePointer, TEB, ThreadLocalStoragePointer),
OFFSET(TeCountOfOwnedCriticalSections, TEB, CountOfOwnedCriticalSections),
OFFSET(TePeb, TEB, ProcessEnvironmentBlock),
OFFSET(TeLastErrorValue, TEB, LastErrorValue),
OFFSET(TeCountOfOwnedCriticalSections, TEB, CountOfOwnedCriticalSections),
OFFSET(TeCsrClientThread, TEB, CsrClientThread),
OFFSET(TeWOW32Reserved, TEB, WOW32Reserved),
//OFFSET(TeSoftFpcr, TEB, SoftFpcr),
OFFSET(TeExceptionCode, TEB, ExceptionCode),
OFFSET(TeActivationContextStackPointer, TEB, ActivationContextStackPointer),
//#if (NTDDI_VERSION >= NTDDI_WIN10)
//OFFSET(TeInstrumentationCallbackSp, TEB, InstrumentationCallbackSp),
//OFFSET(TeInstrumentationCallbackPreviousPc, TEB, InstrumentationCallbackPreviousPc),
//OFFSET(TeInstrumentationCallbackPreviousSp, TEB, InstrumentationCallbackPreviousSp),
//#endif
OFFSET(TeGdiClientPID, TEB, GdiClientPID),
OFFSET(TeGdiClientTID, TEB, GdiClientTID),
OFFSET(TeGdiThreadLocalInfo, TEB, GdiThreadLocalInfo),
@ -575,120 +695,109 @@ OFFSET(TeglCurrentRC, TEB, glCurrentRC),
OFFSET(TeglContext, TEB, glContext),
OFFSET(TeDeallocationStack, TEB, DeallocationStack),
OFFSET(TeTlsSlots, TEB, TlsSlots),
OFFSET(TeTlsExpansionSlots, TEB, TlsExpansionSlots),
OFFSET(TeLastErrorValue, TEB, LastErrorValue),
OFFSET(TeVdm, TEB, Vdm),
OFFSET(TeInstrumentation, TEB, Instrumentation),
OFFSET(TeGdiBatchCount, TEB, GdiBatchCount),
OFFSET(TeGuaranteedStackBytes, TEB, GuaranteedStackBytes),
OFFSET(TeTlsExpansionSlots, TEB, TlsExpansionSlots),
OFFSET(TeFlsData, TEB, FlsData),
//OFFSET(TeProcessRundown, TEB, ProcessRundown),
SIZE(ThreadEnvironmentBlockLength, TEB),
HEADER("TIME_FIELDS"),
OFFSET(TfSecond, TIME_FIELDS, Second),
OFFSET(TfMinute, TIME_FIELDS, Minute),
OFFSET(TfHour, TIME_FIELDS, Hour),
OFFSET(TfWeekday, TIME_FIELDS, Weekday),
OFFSET(TfDay, TIME_FIELDS, Day),
OFFSET(TfMonth, TIME_FIELDS, Month),
OFFSET(TfYear, TIME_FIELDS, Year),
OFFSET(TfMonth, TIME_FIELDS, Month),
OFFSET(TfDay, TIME_FIELDS, Day),
OFFSET(TfHour, TIME_FIELDS, Hour),
OFFSET(TfMinute, TIME_FIELDS, Minute),
OFFSET(TfSecond, TIME_FIELDS, Second),
OFFSET(TfMilliseconds, TIME_FIELDS, Milliseconds),
OFFSET(TfWeekday, TIME_FIELDS, Weekday),
HEADER("KTHREAD"),
OFFSET(ThType, KTHREAD, Header.Type),
//OFFSET(ThNpxIrql, KTHREAD, NpxIrql),
OFFSET(ThSize, KTHREAD, Header.Size),
OFFSET(ThLock, KTHREAD, Header.Lock),
OFFSET(ThSize, KTHREAD, Header.Size),
OFFSET(ThThreadControlFlags, KTHREAD, Header.ThreadControlFlags),
OFFSET(ThDebugActive, KTHREAD, Header.DebugActive),
//OFFSET(ThThreadControlFlags, KTHREAD, DispatcherHeader.ThreadControlFlags),
OFFSET(ThSignalState, KTHREAD, Header.SignalState),
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
OFFSET(ThCycleTime, KTHREAD, CycleTime),
OFFSET(ThHighCycleTime, KTHREAD, HighCycleTime),
#endif
OFFSET(ThInitialStack, KTHREAD, InitialStack),
OFFSET(ThStackLimit, KTHREAD, StackLimit),
OFFSET(ThKernelStack, KTHREAD, KernelStack),
OFFSET(ThStackBase, KTHREAD, StackBase),
OFFSET(ThThreadLock, KTHREAD, ThreadLock),
//OFFSET(ThRunning, KTHREAD, Running),
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
OFFSET(ThCycleTime, KTHREAD, CycleTime),
#if defined(_M_IX86)
OFFSET(ThHighCycleTime, KTHREAD, HighCycleTime),
#endif
#endif /* (NTDDI_VERSION >= NTDDI_LONGHORN) */
#if defined(_M_IX86)
OFFSET(ThServiceTable, KTHREAD, ServiceTable),
#endif
//OFFSET(ThCurrentRunTime, KTHREAD, CurrentRunTime),
//OFFSET(ThStateSaveArea, KTHREAD, StateSaveArea), // 0x3C not arm
OFFSET(ThKernelStack, KTHREAD, KernelStack),
#if (NTDDI_VERSION >= NTDDI_WIN7)
OFFSET(ThRunning, KTHREAD, Running),
#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
OFFSET(ThAlerted, KTHREAD, Alerted),
//OFFSET(ThMiscFlags, KTHREAD, MiscFlags),
#if (NTDDI_VERSION >= NTDDI_WIN7)
OFFSET(ThMiscFlags, KTHREAD, MiscFlags),
#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
OFFSET(ThThreadFlags, KTHREAD, ThreadFlags),
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
OFFSET(ThSystemCallNumber, KTHREAD, SystemCallNumber),
#endif /* (NTDDI_VERSION >= NTDDI_LONGHORN) */
//OFFSET(ThFirstArgument, KTHREAD, FirstArgument),
OFFSET(ThTrapFrame, KTHREAD, TrapFrame),
OFFSET(ThApcState, KTHREAD, ApcState),
OFFSET(ThPriority, KTHREAD, Priority),
OFFSET(ThSwapBusy, KTHREAD, SwapBusy),
OFFSET(ThNextProcessor, KTHREAD, NextProcessor),
OFFSET(ThDeferredProcessor, KTHREAD, DeferredProcessor),
OFFSET(ThApcQueueLock, KTHREAD, ApcQueueLock),
OFFSET(ThContextSwitches, KTHREAD, ContextSwitches),
OFFSET(ThState, KTHREAD, State),
OFFSET(ThNpxState, KTHREAD, NpxState),
OFFSET(ThWaitIrql, KTHREAD, WaitIrql),
OFFSET(ThWaitMode, KTHREAD, WaitMode),
OFFSET(ThWaitStatus, KTHREAD, WaitStatus),
OFFSET(ThWaitBlockList, KTHREAD, WaitBlockList),
OFFSET(ThGateObject, KTHREAD, GateObject),
OFFSET(ThWaitListEntry, KTHREAD, WaitListEntry),
OFFSET(ThSwapListEntry, KTHREAD, SwapListEntry),
OFFSET(ThQueue, KTHREAD, Queue),
OFFSET(ThTeb, KTHREAD, Teb),
OFFSET(ThTimer, KTHREAD, Timer),
OFFSET(ThWin32Thread, KTHREAD, Win32Thread),
OFFSET(ThWaitTime, KTHREAD, WaitTime),
OFFSET(ThCombinedApcDisable, KTHREAD, CombinedApcDisable),
OFFSET(ThKernelApcDisable, KTHREAD, KernelApcDisable),
OFFSET(ThSpecialApcDisable, KTHREAD, SpecialApcDisable),
OFFSET(ThTeb, KTHREAD, Teb),
OFFSET(ThTimer, KTHREAD, Timer),
OFFSET(ThThreadFlags, KTHREAD, ThreadFlags),
OFFSET(ThServiceTable, KTHREAD, ServiceTable),
OFFSET(ThWaitBlock, KTHREAD, WaitBlock),
OFFSET(ThResourceIndex, KTHREAD, ResourceIndex),
OFFSET(ThQueueListEntry, KTHREAD, QueueListEntry),
OFFSET(ThTrapFrame, KTHREAD, TrapFrame),
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
OFFSET(ThFirstArgument, KTHREAD, FirstArgument),
#if defined(_M_ARM)
//OFFSET(ThVfpState, KTHREAD, VfpState),
#endif
OFFSET(ThCallbackStack, KTHREAD, CallbackStack),
//OFFSET(ThCallbackDepth, KTHREAD, CallbackDepth),
OFFSET(ThApcStateIndex, KTHREAD, ApcStateIndex),
OFFSET(ThIdealProcessor, KTHREAD, IdealProcessor),
OFFSET(ThBasePriority, KTHREAD, BasePriority),
OFFSET(ThNextProcessor, KTHREAD, NextProcessor),
OFFSET(ThProcess, KTHREAD, Process),
OFFSET(ThPreviousMode, KTHREAD, PreviousMode),
OFFSET(ThPriorityDecrement, KTHREAD, PriorityDecrement),
OFFSET(ThAdjustReason, KTHREAD, AdjustReason),
OFFSET(ThAdjustIncrement, KTHREAD, AdjustIncrement),
OFFSET(ThPreviousMode, KTHREAD, PreviousMode),
OFFSET(ThSaturation, KTHREAD, Saturation),
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
OFFSET(ThSystemCallNumber, KTHREAD, SystemCallNumber),
#endif
OFFSET(ThFreezeCount, KTHREAD, FreezeCount),
OFFSET(ThUserAffinity, KTHREAD, UserAffinity),
OFFSET(ThProcess, KTHREAD, Process),
OFFSET(ThAffinity, KTHREAD, Affinity),
OFFSET(ThUserIdealProcessor, KTHREAD, UserIdealProcessor),
OFFSET(ThApcStateIndex, KTHREAD, ApcStateIndex),
OFFSET(ThIdealProcessor, KTHREAD, IdealProcessor),
OFFSET(ThApcStatePointer, KTHREAD, ApcStatePointer),
OFFSET(ThSavedApcState, KTHREAD, SavedApcState),
OFFSET(ThWaitReason, KTHREAD, WaitReason),
OFFSET(ThSuspendCount, KTHREAD, SuspendCount),
//OFFSET(ThCodePatchInProgress, KTHREAD, CodePatchInProgress),
OFFSET(ThWin32Thread, KTHREAD, Win32Thread),
OFFSET(ThStackBase, KTHREAD, StackBase),
OFFSET(ThSuspendApc, KTHREAD, SuspendApc),
OFFSET(ThPowerState, KTHREAD, PowerState),
OFFSET(ThKernelTime, KTHREAD, KernelTime),
OFFSET(ThSaturation, KTHREAD, Saturation),
OFFSET(ThLegoData, KTHREAD, LegoData),
OFFSET(ThLargeStack, KTHREAD, LargeStack),
OFFSET(ThUserTime, KTHREAD, UserTime),
OFFSET(ThSuspendSemaphore, KTHREAD, SuspendSemaphore),
OFFSET(ThSListFaultCount, KTHREAD, SListFaultCount),
OFFSET(ThThreadListEntry, KTHREAD, ThreadListEntry),
OFFSET(ThMutantListHead, KTHREAD, MutantListHead),
OFFSET(ThSListFaultAddress, KTHREAD, SListFaultAddress),
//#if defined(_M_ARM) && (NTDDI_VERSION >= NTDDI_WIN10)
//#define ThUserRoBase 0x434
//#define ThUserRwBase 0x438
//#endif
#ifdef _M_IX86
OFFSET(ThSListFaultCount, KTHREAD, WaitReason), // 0x18E
OFFSET(ThSListFaultAddress, KTHREAD, WaitReason), // 0x10
#endif // _M_IX86
#if defined(_M_IX86) || defined(_M_AMD64)
OFFSET(ThUserFsBase, KTHREAD, WaitReason), // 0x434
OFFSET(ThUserGsBase, KTHREAD, WaitReason), // 0x438
#endif // defined
SIZE(KernelThreadObjectLength, KTHREAD),
SIZE(ExecutiveThreadObjectLength, ETHREAD),
HEADER("KTIMER"),
OFFSET(TiType, KTIMER, Header.Type),
OFFSET(TiSize, KTIMER, Header.Size),
OFFSET(TiInserted, KTIMER, Header.Inserted),
OFFSET(TiInserted, KTIMER, Header.Inserted), // not in win 10
OFFSET(TiSignalState, KTIMER, Header.SignalState),
OFFSET(TiDueTime, KTIMER, DueTime),
OFFSET(TiTimerListEntry, KTIMER, TimerListEntry),
@ -697,10 +806,9 @@ OFFSET(TiPeriod, KTIMER, Period),
SIZE(TimerObjectLength, KTIMER),
HEADER("TIME"),
//OFFSET(TmLowTime, TIME, LowTime),
//OFFSET(TmHighTime, TIME, HighTime),
OFFSET(TmLowTime, TIME, LowTime),
OFFSET(TmHighTime, TIME, HighTime),
#if 0
HEADER("SYSTEM_CONTEXT_SWITCH_INFORMATION (relative to FindAny)"),
RELOFFSET(TwFindAny, SYSTEM_CONTEXT_SWITCH_INFORMATION, FindAny, FindAny),
RELOFFSET(TwFindIdeal, SYSTEM_CONTEXT_SWITCH_INFORMATION, FindIdeal, FindAny),
@ -713,13 +821,12 @@ RELOFFSET(TwPreemptAny, SYSTEM_CONTEXT_SWITCH_INFORMATION, PreemptAny, FindAny),
RELOFFSET(TwPreemptCurrent, SYSTEM_CONTEXT_SWITCH_INFORMATION, PreemptCurrent, FindAny),
RELOFFSET(TwPreemptLast, SYSTEM_CONTEXT_SWITCH_INFORMATION, PreemptLast, FindAny),
RELOFFSET(TwSwitchToIdle, SYSTEM_CONTEXT_SWITCH_INFORMATION, SwitchToIdle, FindAny),
#endif
HEADER("KUSER_SHARED_DATA"),
OFFSET(UsTickCountMultiplier, KUSER_SHARED_DATA, TickCountMultiplier),
OFFSET(UsInterruptTime, KUSER_SHARED_DATA, InterruptTime),
OFFSET(UsSystemTime, KUSER_SHARED_DATA, SystemTime),
OFFSET(UsTimeZoneBias, KUSER_SHARED_DATA, TimeZoneBias),
OFFSET(UsTickCountMultiplier, KUSER_SHARED_DATA, TickCountMultiplier), // 0x4
OFFSET(UsInterruptTime, KUSER_SHARED_DATA, InterruptTime), // 0x8
OFFSET(UsSystemTime, KUSER_SHARED_DATA, SystemTime), // 0x14
OFFSET(UsTimeZoneBias, KUSER_SHARED_DATA, TimeZoneBias), // 0x20
OFFSET(UsImageNumberLow, KUSER_SHARED_DATA, ImageNumberLow),
OFFSET(UsImageNumberHigh, KUSER_SHARED_DATA, ImageNumberHigh),
OFFSET(UsNtSystemRoot, KUSER_SHARED_DATA, NtSystemRoot),
@ -727,7 +834,11 @@ OFFSET(UsMaxStackTraceDepth, KUSER_SHARED_DATA, MaxStackTraceDepth),
OFFSET(UsCryptoExponent, KUSER_SHARED_DATA, CryptoExponent),
OFFSET(UsTimeZoneId, KUSER_SHARED_DATA, TimeZoneId),
OFFSET(UsLargePageMinimum, KUSER_SHARED_DATA, LargePageMinimum),
//#if (NTDDI_VERSION >= NTDDI_WIN10)
//OFFSET(UsNtBuildNumber, KUSER_SHARED_DATA, NtBuildNumber),
//#else
OFFSET(UsReserved2, KUSER_SHARED_DATA, Reserved2),
//#endif
OFFSET(UsNtProductType, KUSER_SHARED_DATA, NtProductType),
OFFSET(UsProductTypeIsValid, KUSER_SHARED_DATA, ProductTypeIsValid),
OFFSET(UsNtMajorVersion, KUSER_SHARED_DATA, NtMajorVersion),
@ -737,7 +848,7 @@ OFFSET(UsReserved1, KUSER_SHARED_DATA, Reserved1),
OFFSET(UsReserved3, KUSER_SHARED_DATA, Reserved3),
OFFSET(UsTimeSlip, KUSER_SHARED_DATA, TimeSlip),
OFFSET(UsAlternativeArchitecture, KUSER_SHARED_DATA, AlternativeArchitecture),
OFFSET(UsSystemExpirationDate, KUSER_SHARED_DATA, SystemExpirationDate),
OFFSET(UsSystemExpirationDate, KUSER_SHARED_DATA, SystemExpirationDate), // not arm
OFFSET(UsSuiteMask, KUSER_SHARED_DATA, SuiteMask),
OFFSET(UsKdDebuggerEnabled, KUSER_SHARED_DATA, KdDebuggerEnabled),
OFFSET(UsActiveConsoleId, KUSER_SHARED_DATA, ActiveConsoleId),
@ -746,20 +857,59 @@ OFFSET(UsComPlusPackage, KUSER_SHARED_DATA, ComPlusPackage),
OFFSET(UsLastSystemRITEventTickCount, KUSER_SHARED_DATA, LastSystemRITEventTickCount),
OFFSET(UsNumberOfPhysicalPages, KUSER_SHARED_DATA, NumberOfPhysicalPages),
OFFSET(UsSafeBootMode, KUSER_SHARED_DATA, SafeBootMode),
//OFFSET(UsTscQpcData, KUSER_SHARED_DATA, TscQpcData),
OFFSET(UsTestRetInstruction, KUSER_SHARED_DATA, TestRetInstruction),
OFFSET(UsSystemCall, KUSER_SHARED_DATA, SystemCall),
OFFSET(UsSystemCallReturn, KUSER_SHARED_DATA, SystemCallReturn),
OFFSET(UsSystemCall, KUSER_SHARED_DATA, SystemCall), // not in win10
OFFSET(UsSystemCallReturn, KUSER_SHARED_DATA, SystemCallReturn), // not in win10
OFFSET(UsSystemCallPad, KUSER_SHARED_DATA, SystemCallPad),
OFFSET(UsTickCount, KUSER_SHARED_DATA, TickCount),
OFFSET(UsTickCountQuad, KUSER_SHARED_DATA, TickCountQuad),
OFFSET(UsWow64SharedInformation, KUSER_SHARED_DATA, Wow64SharedInformation),
OFFSET(UsWow64SharedInformation, KUSER_SHARED_DATA, Wow64SharedInformation), // not in win10
//OFFSET(UsXState, KUSER_SHARED_DATA, XState), // win 10
HEADER("KWAIT_BLOCK"),
HEADER("KWAIT_BLOCK offsets"),
OFFSET(WbWaitListEntry, KWAIT_BLOCK, WaitListEntry),
OFFSET(WbThread, KWAIT_BLOCK, Thread),
OFFSET(WbObject, KWAIT_BLOCK, Object),
OFFSET(WbNextWaitBlock, KWAIT_BLOCK, NextWaitBlock),
OFFSET(WbNextWaitBlock, KWAIT_BLOCK, NextWaitBlock), // not in win10
OFFSET(WbWaitKey, KWAIT_BLOCK, WaitKey),
OFFSET(WbWaitType, KWAIT_BLOCK, WaitType),
#if 0
//OFFSET(IbCfgBitMap, ????, CfgBitMap),
CONSTANT(Win32BatchFlushCallout 0x7
#define CmThreadEnvironmentBlockOffset 0x1000
; Process Parameters Block Structure Offset Definitions
#define PpFlags 0x8
// Extended context structure offset definitions
#define CxxLegacyOffset 0x8
#define CxxLegacyLength 0xc
#define CxxXStateOffset 0x10
#define CxxXStateLength 0x14
#ifndef _M_ARM
; Bounds Callback Status Code Definitions
BoundExceptionContinueSearch equ 00000H
BoundExceptionHandled equ 00001H
BoundExceptionError equ 00002H
#endif
#ifndef _M_ARM
; Enlightenment structure definitions
HeEnlightenments equ 00000H
HeHypervisorConnected equ 00004H
HeEndOfInterrupt equ 00008H
HeApicWriteIcr equ 0000CH
HeSpinCountMask equ 00014H
HeLongSpinWait equ 00018H
#endif
// KAFFINITY_EX
#define AffinityExLength 0xc // not i386
#endif