Module structs 

This has all the raw structures that makes up Windows kernel crash-dumps.

Structs

BmpHeader64

Context

DbgKdDebugDataHeader64

ExceptionRecord64

FullRdmpHeader64

Header64

Adjusted C struct for DUMP_HEADERS64 from MS Rust docs. Padding adjustment added from reversing nt!IoFillDumpHeader.

KdDebuggerData64

KernelRdmpHeader64

LdrDataTableEntry

ListEntry

PfnRange

PhysmemDesc

PhysmemRun

RdmpHeader64

UnicodeString

Enums

DumpType

Types of kernel crash dump.

PageKind

The different kind of physical pages.

Constants

DUMP_HEADER64_EXPECTED_SIGNATURE

DUMP_HEADER64_EXPECTED_VALID_DUMP

Traits

Pod

We use this Pod trait to implement / constraint the *read_struct functions. For the functions to work as expected and be safe, here is the rule that a type T needs to follow to be Pod:

Type Aliases

PhysmemMap

The physical memory map maps a physical address to a file offset.