KdDebuggerData64

kdmp_parser::structs

Struct KdDebuggerData64 

Source 
#[repr(C)]
pub struct KdDebuggerData64 {
Show 135 fields
    pub header: DbgKdDebugDataHeader64,
    pub kern_base: u64,
    pub breakpoint_with_status: u64,
    pub saved_context: u64,
    pub th_callback_stack: u16,
    pub next_callback: u16,
    pub frame_pointer: u16,
    pub pae_enabled: u16,
    pub ki_call_user_mode: u64,
    pub ke_user_callback_dispatcher: u64,
    pub ps_loaded_module_list: u64,
    pub ps_active_process_head: u64,
    pub psp_cid_table: u64,
    pub exp_system_resources_list: u64,
    pub exp_paged_pool_descriptor: u64,
    pub exp_number_of_paged_pools: u64,
    pub ke_time_increment: u64,
    pub ke_bug_check_callback_list_head: u64,
    pub ki_bugcheck_data: u64,
    pub iop_error_log_list_head: u64,
    pub obp_root_directory_object: u64,
    pub obp_type_object_type: u64,
    pub mm_system_cache_start: u64,
    pub mm_system_cache_end: u64,
    pub mm_system_cache_ws: u64,
    pub mm_pfn_database: u64,
    pub mm_system_ptes_start: u64,
    pub mm_system_ptes_end: u64,
    pub mm_subsection_base: u64,
    pub mm_number_of_paging_files: u64,
    pub mm_lowest_physical_page: u64,
    pub mm_highest_physical_page: u64,
    pub mm_number_of_physical_pages: u64,
    pub mm_maximum_non_paged_pool_in_bytes: u64,
    pub mm_non_paged_system_start: u64,
    pub mm_non_paged_pool_start: u64,
    pub mm_non_paged_pool_end: u64,
    pub mm_paged_pool_start: u64,
    pub mm_paged_pool_end: u64,
    pub mm_paged_pool_information: u64,
    pub mm_page_size: u64,
    pub mm_size_of_paged_pool_in_bytes: u64,
    pub mm_total_commit_limit: u64,
    pub mm_total_committed_pages: u64,
    pub mm_shared_commit: u64,
    pub mm_driver_commit: u64,
    pub mm_process_commit: u64,
    pub mm_paged_pool_commit: u64,
    pub mm_extended_commit: u64,
    pub mm_zeroed_page_list_head: u64,
    pub mm_free_page_list_head: u64,
    pub mm_standby_page_list_head: u64,
    pub mm_modified_page_list_head: u64,
    pub mm_modified_no_write_page_list_head: u64,
    pub mm_available_pages: u64,
    pub mm_resident_available_pages: u64,
    pub pool_track_table: u64,
    pub non_paged_pool_descriptor: u64,
    pub mm_highest_user_address: u64,
    pub mm_system_range_start: u64,
    pub mm_user_probe_address: u64,
    pub kd_print_circular_buffer: u64,
    pub kd_print_circular_buffer_end: u64,
    pub kd_print_write_pointer: u64,
    pub kd_print_rollover_count: u64,
    pub mm_loaded_user_image_list: u64,
    pub nt_build_lab: u64,
    pub ki_normal_system_call: u64,
    pub ki_processor_block: u64,
    pub mm_unloaded_drivers: u64,
    pub mm_last_unloaded_driver: u64,
    pub mm_triage_action_taken: u64,
    pub mm_special_pool_tag: u64,
    pub kernel_verifier: u64,
    pub mm_verifier_data: u64,
    pub mm_allocated_non_paged_pool: u64,
    pub mm_peak_commitment: u64,
    pub mm_total_commit_limit_maximum: u64,
    pub cm_nt_csd_version: u64,
    pub mm_physical_memory_block: u64,
    pub mm_session_base: u64,
    pub mm_session_size: u64,
    pub mm_system_parent_table_page: u64,
    pub mm_virtual_translation_base: u64,
    pub offset_kthread_next_processor: u16,
    pub offset_kthread_teb: u16,
    pub offset_kthread_kernel_stack: u16,
    pub offset_kthread_initial_stack: u16,
    pub offset_kthread_apc_process: u16,
    pub offset_kthread_state: u16,
    pub offset_kthread_b_store: u16,
    pub offset_kthread_b_store_limit: u16,
    pub size_eprocess: u16,
    pub offset_eprocess_peb: u16,
    pub offset_eprocess_parent_cid: u16,
    pub offset_eprocess_directory_table_base: u16,
    pub size_prcb: u16,
    pub offset_prcb_dpc_routine: u16,
    pub offset_prcb_current_thread: u16,
    pub offset_prcb_mhz: u16,
    pub offset_prcb_cpu_type: u16,
    pub offset_prcb_vendor_string: u16,
    pub offset_prcb_proc_state_context: u16,
    pub offset_prcb_number: u16,
    pub size_ethread: u16,
    pub kd_print_circular_buffer_ptr: u64,
    pub kd_print_buffer_size: u64,
    pub ke_loader_block: u64,
    pub size_pcr: u16,
    pub offset_pcr_self_pcr: u16,
    pub offset_pcr_current_prcb: u16,
    pub offset_pcr_contained_prcb: u16,
    pub offset_pcr_initial_b_store: u16,
    pub offset_pcr_b_store_limit: u16,
    pub offset_pcr_initial_stack: u16,
    pub offset_pcr_stack_limit: u16,
    pub offset_prcb_pcr_page: u16,
    pub offset_prcb_proc_state_special_reg: u16,
    pub gdt_r0_code: u16,
    pub gdt_r0_data: u16,
    pub gdt_r0_pcr: u16,
    pub gdt_r3_code: u16,
    pub gdt_r3_data: u16,
    pub gdt_r3_teb: u16,
    pub gdt_ldt: u16,
    pub gdt_tss: u16,
    pub gdt64_r3_cm_code: u16,
    pub gdt64_r3_cm_teb: u16,
    pub iop_num_triage_dump_data_blocks: u64,
    pub iop_triage_dump_data_blocks: u64,
    pub vf_crash_data_block: u64,
    pub mm_bad_pages_detected: u64,
    pub mm_zeroed_page_single_bit_errors_detected: u64,
    pub etwp_debugger_data: u64,
    pub offset_prcb_context: u16,

}

Fields§

§header: DbgKdDebugDataHeader64§kern_base: u64

Base address of kernel image

§breakpoint_with_status: u64

DbgBreakPointWithStatus is a function which takes an argument and hits a breakpoint. This field contains the address of the breakpoint instruction. When the debugger sees a breakpoint at this address, it may retrieve the argument from the first argument register, or on x86 the eax register.

§saved_context: u64

Address of the saved context record during a bugcheck N.B. This is an automatic in KeBugcheckEx’s frame, and is only valid after a bugcheck.

§th_callback_stack: u16

The address of the thread structure is provided in the WAIT_STATE_CHANGE packet. This is the offset from the base of the thread structure to the pointer to the kernel stack frame for the currently active usermode callback.

§next_callback: u16§frame_pointer: u16

saved frame pointer

§pae_enabled: u16

pad to a quad boundary

§ki_call_user_mode: u64

Address of the kernel callout routine.

§ke_user_callback_dispatcher: u64

Address of the usermode entry point for callbacks (in ntdll).

§ps_loaded_module_list: u64§ps_active_process_head: u64§psp_cid_table: u64§exp_system_resources_list: u64§exp_paged_pool_descriptor: u64§exp_number_of_paged_pools: u64§ke_time_increment: u64§ke_bug_check_callback_list_head: u64§ki_bugcheck_data: u64§iop_error_log_list_head: u64§obp_root_directory_object: u64§obp_type_object_type: u64§mm_system_cache_start: u64§mm_system_cache_end: u64§mm_system_cache_ws: u64§mm_pfn_database: u64§mm_system_ptes_start: u64§mm_system_ptes_end: u64§mm_subsection_base: u64§mm_number_of_paging_files: u64§mm_lowest_physical_page: u64§mm_highest_physical_page: u64§mm_number_of_physical_pages: u64§mm_maximum_non_paged_pool_in_bytes: u64§mm_non_paged_system_start: u64§mm_non_paged_pool_start: u64§mm_non_paged_pool_end: u64§mm_paged_pool_start: u64§mm_paged_pool_end: u64§mm_paged_pool_information: u64§mm_page_size: u64§mm_size_of_paged_pool_in_bytes: u64§mm_total_commit_limit: u64§mm_total_committed_pages: u64§mm_shared_commit: u64§mm_driver_commit: u64§mm_process_commit: u64§mm_paged_pool_commit: u64§mm_extended_commit: u64§mm_zeroed_page_list_head: u64§mm_free_page_list_head: u64§mm_standby_page_list_head: u64§mm_modified_page_list_head: u64§mm_modified_no_write_page_list_head: u64§mm_available_pages: u64§mm_resident_available_pages: u64§pool_track_table: u64§non_paged_pool_descriptor: u64§mm_highest_user_address: u64§mm_system_range_start: u64§mm_user_probe_address: u64§kd_print_circular_buffer: u64§kd_print_circular_buffer_end: u64§kd_print_write_pointer: u64§kd_print_rollover_count: u64§mm_loaded_user_image_list: u64§nt_build_lab: u64§ki_normal_system_call: u64§ki_processor_block: u64§mm_unloaded_drivers: u64§mm_last_unloaded_driver: u64§mm_triage_action_taken: u64§mm_special_pool_tag: u64§kernel_verifier: u64§mm_verifier_data: u64§mm_allocated_non_paged_pool: u64§mm_peak_commitment: u64§mm_total_commit_limit_maximum: u64§cm_nt_csd_version: u64§mm_physical_memory_block: u64§mm_session_base: u64§mm_session_size: u64§mm_system_parent_table_page: u64§mm_virtual_translation_base: u64§offset_kthread_next_processor: u16§offset_kthread_teb: u16§offset_kthread_kernel_stack: u16§offset_kthread_initial_stack: u16§offset_kthread_apc_process: u16§offset_kthread_state: u16§offset_kthread_b_store: u16§offset_kthread_b_store_limit: u16§size_eprocess: u16§offset_eprocess_peb: u16§offset_eprocess_parent_cid: u16§offset_eprocess_directory_table_base: u16§size_prcb: u16§offset_prcb_dpc_routine: u16§offset_prcb_current_thread: u16§offset_prcb_mhz: u16§offset_prcb_cpu_type: u16§offset_prcb_vendor_string: u16§offset_prcb_proc_state_context: u16§offset_prcb_number: u16§size_ethread: u16§kd_print_circular_buffer_ptr: u64§kd_print_buffer_size: u64§ke_loader_block: u64§size_pcr: u16§offset_pcr_self_pcr: u16§offset_pcr_current_prcb: u16§offset_pcr_contained_prcb: u16§offset_pcr_initial_b_store: u16§offset_pcr_b_store_limit: u16§offset_pcr_initial_stack: u16§offset_pcr_stack_limit: u16§offset_prcb_pcr_page: u16§offset_prcb_proc_state_special_reg: u16§gdt_r0_code: u16§gdt_r0_data: u16§gdt_r0_pcr: u16§gdt_r3_code: u16§gdt_r3_data: u16§gdt_r3_teb: u16§gdt_ldt: u16§gdt_tss: u16§gdt64_r3_cm_code: u16§gdt64_r3_cm_teb: u16§iop_num_triage_dump_data_blocks: u64§iop_triage_dump_data_blocks: u64§vf_crash_data_block: u64§mm_bad_pages_detected: u64§mm_zeroed_page_single_bit_errors_detected: u64§etwp_debugger_data: u64§offset_prcb_context: u16

Trait Implementations§

Source§

impl Debug for KdDebuggerData64

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for KdDebuggerData64

Source§

fn default() -> KdDebuggerData64

Returns the “default value” for a type. Read more
Source§

impl Pod for KdDebuggerData64

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.