API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 20th, 2019
63
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.37 KB | None | 0 0
raw download clone embed print report
  1. typedef struct _KTRAP_FRAME {
  2.  
  3.  
  4. //
  5. // Following 4 values are only used and defined for DBG systems,
  6. // but are always allocated to make switching from DBG to non-DBG
  7. // and back quicker. They are not DEVL because they have a non-0
  8. // performance impact.
  9. //
  10.  
  11. ULONG DbgEbp; // Copy of User EBP set up so KB will work.
  12. ULONG DbgEip; // EIP of caller to system call, again, for KB.
  13. ULONG DbgArgMark; // Marker to show no args here.
  14. ULONG DbgArgPointer; // Pointer to the actual args
  15.  
  16. //
  17. // Temporary values used when frames are edited.
  18. //
  19. //
  20. // NOTE: Any code that want's ESP must materialize it, since it
  21. // is not stored in the frame for kernel mode callers.
  22. //
  23. // And code that sets ESP in a KERNEL mode frame, must put
  24. // the new value in TempEsp, make sure that TempSegCs holds
  25. // the real SegCs value, and put a special marker value into SegCs.
  26. //
  27.  
  28. ULONG TempSegCs;
  29. ULONG TempEsp;
  30.  
  31. //
  32. // Debug registers.
  33. //
  34.  
  35. ULONG Dr0;
  36. ULONG Dr1;
  37. ULONG Dr2;
  38. ULONG Dr3;
  39. ULONG Dr6;
  40. ULONG Dr7;
  41.  
  42. //
  43. // Segment registers
  44. //
  45.  
  46. ULONG SegGs;
  47. ULONG SegEs;
  48. ULONG SegDs;
  49.  
  50. //
  51. // Volatile registers
  52. //
  53.  
  54. ULONG Edx;
  55. ULONG Ecx;
  56. ULONG Eax;
  57.  
  58. //
  59. // Nesting state, not part of context record
  60. //
  61.  
  62. ULONG PreviousPreviousMode;
  63.  
  64. PEXCEPTION_REGISTRATION_RECORD ExceptionList;
  65. // Trash if caller was user mode.
  66. // Saved exception list if caller
  67. // was kernel mode or we're in
  68. // an interrupt.
  69.  
  70. //
  71. // FS is TIB/PCR pointer, is here to make save sequence easy
  72. //
  73.  
  74. ULONG SegFs;
  75.  
  76. //
  77. // Non-volatile registers
  78. //
  79.  
  80. ULONG Edi;
  81. ULONG Esi;
  82. ULONG Ebx;
  83. ULONG Ebp;
  84.  
  85. //
  86. // Control registers
  87. //
  88.  
  89. ULONG ErrCode;
  90. ULONG Eip;
  91. ULONG SegCs;
  92. ULONG EFlags;
  93.  
  94. ULONG HardwareEsp; // WARNING - segSS:esp are only here for stacks
  95. ULONG HardwareSegSs; // that involve a ring transition.
  96.  
  97. ULONG V86Es; // these will be present for all transitions from
  98. ULONG V86Ds; // V86 mode
  99. ULONG V86Fs;
  100. ULONG V86Gs;
  101. } KTRAP_FRAME;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!