1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
|
/*++
Copyright (c) 1993 Microsoft Corporation
Module Name:
crash.h
Abstract:
This module implements support for handling crash dump files.
*** Use this file when linking againts crashxxx.lib
Author:
Lou Perazzoli (Loup) 10-Nov-1993
Wesley Witt (wesw) 1-Dec-1993 (additional work)
Environment:
NT 3.5
Revision History:
--*/
#ifndef _CRASHLIB_
#define _CRASHLIB_
#include <ntiodump.h>
#ifdef __cplusplus
#pragma warning(disable:4200)
extern "C" {
#endif
typedef struct _USERMODE_CRASHDUMP_HEADER {
DWORD Signature;
DWORD ValidDump;
DWORD MajorVersion;
DWORD MinorVersion;
DWORD MachineImageType;
DWORD ThreadCount;
DWORD ModuleCount;
DWORD MemoryRegionCount;
DWORD ThreadOffset;
DWORD ModuleOffset;
DWORD DataOffset;
DWORD MemoryRegionOffset;
DWORD DebugEventOffset;
DWORD ThreadStateOffset;
DWORD Spare0;
DWORD Spare1;
} USERMODE_CRASHDUMP_HEADER, *PUSERMODE_CRASHDUMP_HEADER;
typedef struct _CRASH_MODULE {
DWORD BaseOfImage;
DWORD SizeOfImage;
DWORD ImageNameLength;
CHAR ImageName[0];
} CRASH_MODULE, *PCRASH_MODULE;
typedef struct _CRASH_THREAD {
DWORD ThreadId;
DWORD SuspendCount;
DWORD PriorityClass;
DWORD Priority;
DWORD Teb;
DWORD Spare0;
DWORD Spare1;
DWORD Spare2;
DWORD Spare3;
DWORD Spare4;
DWORD Spare5;
DWORD Spare6;
} CRASH_THREAD, *PCRASH_THREAD;
//
// usermode crash dump data types
//
#define DMP_EXCEPTION 1 // obsolete
#define DMP_MEMORY_BASIC_INFORMATION 2
#define DMP_THREAD_CONTEXT 3
#define DMP_MODULE 4
#define DMP_MEMORY_DATA 5
#define DMP_DEBUG_EVENT 6
#define DMP_THREAD_STATE 7
//
// usermode crashdump callback function
//
typedef BOOL (*PDMP_CREATE_DUMP_CALLBACK)(
DWORD DataType,
PVOID* DumpData,
LPDWORD DumpDataLength,
PVOID UserData
);
BOOL
DmpCreateUserDump(
IN LPSTR CrashDumpName,
IN PDMP_CREATE_DUMP_CALLBACK DmpCallback,
IN PVOID lpv
);
BOOL
DmpInitialize (
IN LPSTR FileName,
OUT PCONTEXT *Context,
OUT PEXCEPTION_RECORD *Exception,
OUT PVOID *DmpHeader
);
VOID
DmpUnInitialize (
VOID
);
DWORD
DmpReadMemory (
IN PVOID BaseAddress,
IN PVOID Buffer,
IN ULONG Size
);
DWORD
DmpWriteMemory (
IN PVOID BaseAddress,
IN PVOID Buffer,
IN ULONG Size
);
PVOID
VaToLocation (
IN PVOID VirtualAddress
);
PVOID
PhysicalToLocation (
IN PVOID PhysicalAddress
);
PVOID
PageToLocation (
IN ULONG Page
);
ULONG
GetPhysicalPage (
IN PVOID PhysicalAddress
);
BOOL
MapDumpFile(
IN LPSTR FileName
);
ULONG
PteToPfn (
IN ULONG Pte
);
ULONG
GetPhysicalPage (
IN PVOID PhysicalAddress
);
DWORD
DmpReadPhysicalMemory (
IN PVOID BaseAddress,
IN PVOID Buffer,
IN ULONG Size
);
DWORD
DmpWritePhysicalMemory (
IN PVOID BaseAddress,
IN PVOID Buffer,
IN ULONG Size
);
BOOL
DmpReadControlSpace(
IN USHORT Processor,
IN PVOID TargetBaseAddress,
OUT PVOID UserInterfaceBuffer,
OUT ULONG TransferCount,
OUT PULONG ActualBytesRead
);
BOOL
DmpGetContext(
IN ULONG Processor,
OUT PVOID Context
);
INT
DmpGetCurrentProcessor(
VOID
);
BOOL
DmpGetThread(
IN ULONG Processor,
OUT PCRASH_THREAD Thread
);
#ifdef __cplusplus
}
#pragma warning(default:4200)
#endif
#endif
|