/* (C) 2003 XDA Developers itsme@xs4all.nl * * $Header$ */ typedef unsigned long ulong; typedef unsigned short ushort; typedef unsigned char uchar; typedef unsigned int uint; typedef void (*PFNVOID)(); #define NUM_SYS_HANDLES 32 #define SYS_HANDLE_BASE 64 #define SYSINTR_MAX_DEVICES 32 #define SYSINTR_MAXIMUM (SYSINTR_DEVICES+SYSINTR_MAX_DEVICES) typedef struct Thread THREAD; typedef THREAD *PTHREAD; typedef struct Process PROCESS; typedef PROCESS *PPROCESS; typedef ulong ACCESSKEY; typedef ulong ACCESSLOCK; typedef struct Module MODULE; typedef MODULE *PMODULE, *LPMODULE; typedef struct cinfo { char acName[4]; /* 00: object type ID string */ uchar disp; /* 04: type of dispatch */ uchar type; /* 05: api handle type */ ushort cMethods; /* 06: # of methods in dispatch table */ const PFNVOID *ppfnMethods;/* 08: ptr to array of methods (in server address space) */ const DWORD *pdwSig; /* 0C: ptr to array of method signatures */ PPROCESS pServer; /* 10: ptr to server process */ } CINFO; /* cinfo */ typedef CINFO *PCINFO; typedef struct APISet { CINFO cinfo; /* description of the API set */ int iReg; /* registered API set index (-1 if not registered) */ } APISET; typedef APISET *PAPISET; #define VA_PAGE 12 #define L2_MASK 0xFF // For a 4K page size (small pages) #define PAGE_SIZE 4096 #define PAGES_PER_BLOCK (0x10000 / PAGE_SIZE) /* Memory Block * This structure maps a 64K block of memory. All memory reservations * must begin on a 64k boundary. */ struct MemBlock { ACCESSLOCK alk; /* 00: key code for this set of pages */ uchar cUses; /* 04: # of page table entries sharing this leaf */ uchar flags; /* 05: mapping flags */ short ixBase; /* 06: first block in region */ short hPf; /* 08: handle to pager */ short cLocks; /* 0a: lock count */ ulong aPages[PAGES_PER_BLOCK]; /* 12: entrylo values */ }; /* MemBlock */ typedef struct MemBlock MEMBLOCK; #define BLOCK_MASK 0x1FF #define SECTION_MASK 0x03F typedef MEMBLOCK *SECTION[BLOCK_MASK+1]; typedef SECTION *PSECTION; typedef struct EVENT *LPEVENT; // at 0xffffc800 struct KDataStruct { LPDWORD lpvTls; /* 0x000 Current thread local storage pointer */ HANDLE ahSys[NUM_SYS_HANDLES]; /* 0x004 If this moves, change kapi.h */ char bResched; /* 0x084 reschedule flag */ char cNest; /* 0x085 kernel exception nesting */ char bPowerOff; /* 0x086 TRUE during "power off" processing */ char bProfileOn; /* 0x087 TRUE if profiling enabled */ ulong ptDesc; /* 0x088 Page Table Descriptor */ ulong rsvd2; /* 0x08c was DiffMSec */ PPROCESS pCurPrc; /* 0x090 ptr to current PROCESS struct */ PTHREAD pCurThd; /* 0x094 ptr to current THREAD struct */ DWORD dwKCRes; /* 0x098 */ ulong handleBase; /* 0x09c handle table base address */ PSECTION aSections[64]; /* 0x0a0 section table for virutal memory */ LPEVENT alpeIntrEvents[SYSINTR_MAX_DEVICES];/* 0x1a0 */ LPVOID alpvIntrData[SYSINTR_MAX_DEVICES]; /* 0x220 */ ulong pAPIReturn; /* 0x2a0 direct API return address for kernel mode */ uchar *pMap; /* 0x2a4 ptr to MemoryMap array */ DWORD dwInDebugger; /* 0x2a8 !0 when in debugger */ long alPad[21]; /* 0x2ac - padding */ DWORD aInfo[32]; /* 0x300 - misc. kernel info */ /* 0x380 - interlocked api code */ /* 0x400 - end */ }; /* KDataStruct */ // aInfo items: #define KINX_PROCARRAY 0 /* address of process array */ #define KINX_PAGESIZE 1 /* system page size */ #define KINX_PFN_SHIFT 2 /* shift for page # in PTE */ #define KINX_PFN_MASK 3 /* mask for page # in PTE */ #define KINX_PAGEFREE 4 /* # of free physical pages */ #define KINX_SYSPAGES 5 /* # of pages used by kernel */ #define KINX_KHEAP 6 /* ptr to kernel heap array */ #define KINX_SECTIONS 7 /* ptr to SectionTable array */ #define KINX_MEMINFO 8 /* ptr to system MemoryInfo struct */ #define KINX_MODULES 9 /* ptr to module list */ #define KINX_DLL_LOW 10 /* lower bound of DLL shared space */ #define KINX_NUMPAGES 11 /* total # of RAM pages */ #define KINX_PTOC 12 /* ptr to ROM table of contents */ #define KINX_KDATA_ADDR 13 /* kernel mode version of KData */ #define KINX_GWESHEAPINFO 14 /* Current amount of gwes heap in use */ #define KINX_TIMEZONEBIAS 15 /* Fast timezone bias info */ #define KINX_PENDEVENTS 16 /* bit mask for pending interrupt events */ #define KINX_KERNRESERVE 17 /* number of kernel reserved pages */ #define KINX_API_MASK 18 /* bit mask for registered api sets */ #define KINX_NLS_OCP 19 /* Current OEM code page */ #define KINX_NLS_ACP 20 /* Current ANSI code page */ #define KINX_NLS_LOC 21 /* Current NLS locale */ #define KINX_HEAP_WASTE 22 /* Kernel heap wasted space */ #define KINX_DEBUGGER 23 /* For use by debugger for protocol communication */ #define KINX_APISETS 24 /* APIset pointers */ typedef struct _CPUCONTEXT { ULONG Psr; ULONG R0; ULONG R1; ULONG R2; ULONG R3; ULONG R4; ULONG R5; ULONG R6; ULONG R7; ULONG R8; ULONG R9; ULONG R10; ULONG R11; ULONG R12; ULONG Sp; ULONG Lr; ULONG Pc; } CPUCONTEXT, *PCPUCONTEXT; typedef void (*RETADDR)(); typedef struct CALLSTACK { struct CALLSTACK *pcstkNext; RETADDR retAddr; /* return address */ PPROCESS pprcLast; /* previous process */ ACCESSKEY akyLast; /* previous access key */ uint extra; /* extra CPU dependent data */ #if defined(MIPS) ulong pPad; /* so that excinfo fits in a callstack */ #endif #if defined(x86) ulong ExEsp; /* saved Esp value for exception */ ulong ExEbp; /* saved Ebp " */ ulong ExEbx; /* saved Ebx " */ ulong ExEsi; /* saved Esi " */ ulong ExEdi; /* saved Edi " */ #endif } CALLSTACK; /* CallStack */ typedef CALLSTACK *PCALLSTACK; typedef struct PROXY *LPPROXY; typedef struct THRDDBG *LPTHRDDBG; typedef struct CRIT *LPCRIT; struct CLEANEVENT; #define MAX_PRIORITY_LEVELS 256 #define PRIORITY_LEVELS_HASHSIZE 32 struct Thread { WORD wInfo; /* 00: various info about thread, see above */ BYTE bSuspendCnt;/* 02: thread suspend count */ BYTE bWaitState; /* 03: state of waiting loop */ LPPROXY pProxList; /* 04: list of proxies to threads blocked on this thread */ PTHREAD pNextInProc;/* 08: next thread in this process */ PPROCESS pProc; /* 0C: pointer to current process */ PPROCESS pOwnerProc; /* 10: pointer to owner process */ ACCESSKEY aky; /* 14: keys used by thread to access memory & handles */ PCALLSTACK pcstkTop; /* 18: current api call info */ DWORD dwStackBase;/* 1C: stack base */ DWORD dwStackBound;/* 20: lower bound of commited stack space */ LPDWORD tlsPtr; /* 24: tls pointer */ DWORD dwSleepCnt; /* 28: sleep count, also pending sleepcnt on waitmult */ DWORD dwKernTime; /* 2C: elapsed kernel time */ DWORD dwUserTime; /* 30: elapsed user time */ LPPROXY lpProxy; /* 34: first proxy this thread is blocked on */ DWORD dwLastError;/* 38: last error */ HANDLE hTh; /* 3C: Handle to this thread, needed by NextThread */ BYTE bBPrio; /* 40: base priority */ BYTE bCPrio; /* 41: curr priority */ WORD wCount; /* 42: nonce for blocking lists */ PTHREAD pPrevInProc;/* 44: previous thread in this process */ LPTHRDDBG pThrdDbg; /* 48: pointer to thread debug structure, if any */ LPBYTE pSwapStack; /* 4c */ FILETIME ftCreate; /* 50: time thread is created */ CLEANEVENT *lpce; /* 58: cleanevent for unqueueing blocking lists */ CPUCONTEXT ctx; /* 5c: thread's cpu context information */ PTHREAD pNextSleepRun; /* ??: next sleeping thread, if sleeping, else next on runq if runnable */ PTHREAD pPrevSleepRun; /* ??: back pointer if sleeping or runnable */ PTHREAD pUpRun; /* ??: up run pointer */ PTHREAD pDownRun; /* ??: down run pointer */ LPCRIT pOwnedList; /* ??: list of crits and mutexes for priority inversion */ LPCRIT pOwnedHash[PRIORITY_LEVELS_HASHSIZE]; DWORD dwQuantum; /* ??: thread quantum */ DWORD dwQuantLeft;/* ??: quantum left */ LPPROXY lpCritProxy;/* ??: proxy from last critical section block, in case stolen back */ LPPROXY lpPendProxy;/* ??: pending proxies for queueing */ DWORD dwPendTime; /* ??: pending timeout delay */ DWORD dwPendReturn;/* ??: return value from pended wait */ DWORD dwPendStart;/* ??: time at which pendoperation started */ PTHREAD pCrabPth; DWORD dwCrabRem; HANDLE hLastCrit; /* ??: Last crit taken, cleared by nextthread */ DWORD dwCrabTime; DWORD dwCrabCount; CALLSTACK IntrStk; DWORD dwStartAddr; /* thread PC at creation, used to get thread name */ }; /* Thread */ //typedef void *PEXCEPTION_ROUTINE; typedef struct { WORD wPool; WCHAR name[MAX_PATH]; /* name of item */ } Name, * LPName; typedef struct TOCentry { // MODULE BIB section structure FILETIME ftTime; DWORD nFileSize; CHAR cFileName[ MAX_PATH ]; CHAR cAlternateFileName[ 14 ]; unsigned int ulE32Offset; // Offset to E32 structure unsigned int ulO32Offset; // Offset to O32 structure unsigned int ulLoadOffset; // MODULE load buffer offset } TOCentry, *LPTOCentry; struct info { /* Extra information header block */ unsigned long rva; /* Virtual relative address of info */ unsigned long size; /* Size of information block */ }; typedef struct openexe_t { union { int hppfs; // ppfs handle HANDLE hf; // object store handle TOCentry *tocptr; // rom entry pointer }; BYTE filetype; BYTE bIsOID; WORD pagemode; DWORD offset; union { Name *lpName; CEOID ceOid; }; } openexe_t; #define LITE_EXTRA 6 /* Only first 6 used by NK */ typedef struct e32_lite { /* PE 32-bit .EXE header */ unsigned short e32_objcnt; /* Number of memory objects */ BYTE e32_cevermajor; /* version of CE built for */ BYTE e32_ceverminor; /* version of CE built for */ unsigned long e32_stackmax; /* Maximum stack size */ unsigned long e32_vbase; /* Virtual base address of module */ unsigned long e32_vsize; /* Virtual size of the entire image */ unsigned long e32_sect14rva; /* section 14 rva */ unsigned long e32_sect14size; /* section 14 size */ struct info e32_unit[LITE_EXTRA]; /* Array of extra info units */ } e32_lite, *LPe32_list; typedef struct o32_lite { unsigned long o32_vsize; unsigned long o32_rva; unsigned long o32_realaddr; unsigned long o32_access; unsigned long o32_flags; unsigned long o32_psize; unsigned long o32_dataptr; } o32_lite, *LPo32_lite; struct Process { BYTE procnum; /* 00: ID of this process [ie: it's slot number] */ BYTE DbgActive; /* 01: ID of process currently DebugActiveProcess'ing this process */ BYTE bChainDebug;/* 02: Did the creator want to debug child processes? */ BYTE bTrustLevel;/* 03: level of trust of this exe */ LPPROXY pProxList; /* 04: list of proxies to threads blocked on this process */ HANDLE hProc; /* 08: handle for this process, needed only for SC_GetProcFromPtr */ DWORD dwVMBase; /* 0C: base of process's memory section, or 0 if not in use */ PTHREAD pTh; /* 10: first thread in this process */ ACCESSKEY aky; /* 14: default address space key for process's threads */ LPVOID BasePtr; /* 18: Base pointer of exe load */ HANDLE hDbgrThrd; /* 1C: handle of thread debugging this process, if any */ LPWSTR lpszProcName;/* 20: name of process */ DWORD tlsLowUsed; /* 24: TLS in use bitmask (first 32 slots) */ DWORD tlsHighUsed;/* 28: TLS in use bitmask (second 32 slots) */ PEXCEPTION_ROUTINE pfnEH;/*2C: process exception handler */ LPDBGPARAM ZonePtr; /* 30: Debug zone pointer */ PTHREAD pMainTh; /* 34 primary thread in this process*/ PMODULE pmodResource; /* 38: module that contains the resources */ LPName pStdNames[3]; /* 3C: Pointer to names for stdio */ LPCWSTR pcmdline; /* 48: Pointer to command line */ DWORD dwDyingThreads; /* 4C: number of pending dying threads */ openexe_t oe; /* 50: Pointer to executable file handle */ e32_lite e32; /* ??: structure containing exe header */ o32_lite *o32_ptr; /* ??: o32 array pointer for exe */ LPVOID pExtPdata; }; /* Process */ #define MAX_PROCESSES 32 typedef struct Module { LPVOID lpSelf; /* Self pointer for validation */ PMODULE pMod; /* Next module in chain */ LPWSTR lpszModName; /* Module name */ DWORD inuse; /* Bit vector of use */ DWORD calledfunc; /* Called entry but not exit */ WORD refcnt[MAX_PROCESSES];/* Reference count per process*/ LPVOID BasePtr; /* Base pointer of dll load (not 0 based) */ DWORD DbgFlags; /* Debug flags */ LPDBGPARAM ZonePtr; /* Debug zone pointer */ ulong startip; /* 0 based entrypoint */ openexe_t oe; /* Pointer to executable file handle */ e32_lite e32; /* E32 header */ o32_lite *o32_ptr; /* O32 chain ptr */ DWORD breadcrumb; DWORD dwNoNotify; /* 1 bit per process, set if notifications disabled */ WORD wFlags; BYTE bTrustLevel; BYTE bPadding; PMODULE pmodResource; /* module that contains the resources */ } Module; typedef struct _DList DList; struct _DList { DList *fwd; DList *back; }; // REFINFO - reference info for Handle Data. typedef struct FULLREF { ushort usRefs[MAX_PROCESSES]; } FULLREF; typedef union REFINFO { ulong count; FULLREF *pFr; } REFINFO; // HDATA - handle data structure typedef struct _HDATA HDATA, *PHDATA; struct _HDATA { DList linkage; /* 00: links for active handle list */ HANDLE hValue; /* 08: Current value of handle (nonce) */ ACCESSLOCK lock; /* 0C: access information */ REFINFO ref; /* 10: reference information */ const CINFO *pci; /* 14: ptr to object class description structure */ PVOID pvObj; /* 18: ptr to object */ DWORD dwInfo; /* 1C: extra handle info */ }; /* 20: sizeof(HDATA) */ typedef struct ROMHDR { ULONG dllfirst; // first DLL address ULONG dlllast; // last DLL address ULONG physfirst; // first physical address ULONG physlast; // highest physical address ULONG nummods; // number of TOCentry's ULONG ulRAMStart; // start of RAM ULONG ulRAMFree; // start of RAM free space ULONG ulRAMEnd; // end of RAM ULONG ulCopyEntries; // number of copy section entries ULONG ulCopyOffset; // offset to copy section ULONG ulProfileLen; // length of PROFentries RAM ULONG ulProfileOffset; // offset to PROFentries ULONG numfiles; // number of FILES ULONG ulKernelFlags; // optional kernel flags from ROMFLAGS .bib config option ULONG ulFSRamPercent; // Percentage of RAM used for filesystem // from FSRAMPERCENT .bib config option // byte 0 = #4K chunks/Mbyte of RAM for filesystem 0-2Mbytes 0-255 // byte 1 = #4K chunks/Mbyte of RAM for filesystem 2-4Mbytes 0-255 // byte 2 = #4K chunks/Mbyte of RAM for filesystem 4-6Mbytes 0-255 // byte 3 = #4K chunks/Mbyte of RAM for filesystem > 6Mbytes 0-255 ULONG ulDrivglobStart; // device driver global starting address ULONG ulDrivglobLen; // device driver global length USHORT usCPUType; // CPU (machine) Type USHORT usMiscFlags; // Miscellaneous flags PVOID pExtensions; // pointer to ROM Header extensions ULONG ulTrackingStart; // tracking memory starting address ULONG ulTrackingLen; // tracking memory ending address } ROMHDR; typedef struct ROMChain_t { struct ROMChain_t *pNext; ROMHDR *pTOC; } ROMChain_t;