_KSPECIAL_REGISTERS


References

http://www.x86.org/secrets/dr7.htm
http://www.x86.org/secrets/opcodes/icebp.htm
http://www.x86.org/articles/pmcr/probemodecontrolregister.htm

Definition

typedef struct _KSPECIAL_REGISTERS
{
    union 
    {
    ULONG Cr0;
        struct
        {
            ULONG u00:31;
            ULONG Paging:1;             // 31
        };
    } u_cr0;
    ULONG Cr2;
    //
    // Magic Forensic register.
    //
    ULONG Cr3;
    union
    {
    ULONG Cr4;
        struct
        {
            ULONG u00:4;
            ULONG PageSizeExtensions:1;       // 4
            ULONG PhysicalAddressExtension:1; // 5
        };
    } u_cr4;
    ULONG KernelDr0;
    ULONG KernelDr1;
    ULONG KernelDr2;
    ULONG KernelDr3;
    ULONG KernelDr6;
    union
    {
    ULONG KernelDr7;
        struct
        {
            UCHAR    LocalDr0:1;             //  0
            UCHAR    GlobalDr0:1;            //  1
            UCHAR    LocalDr1:1;             //  2
            UCHAR    GlobalDr1:1;            //  3
            UCHAR    LocalDr2:1;             //  4
            UCHAR    GlobalDr2:1;            //  5
            UCHAR    LocalDr3:1;             //  6
            UCHAR    GlobalDr3:1;            //  7
            UCHAR    LocalExact:1;           //  8
            UCHAR    GlobalExact:1;          //  9
            UCHAR    Reserved0:2;            // 10
            /*++
            - IceBp  1=INT01 causes emulator to break emulation / 0=CPU handles INT01
            Interrupt Redirection = When set, causes the emulator to break execution when any 
                breakpoint condition occurs. These conditions include debug register breakpoints, 
            TSS breakpoints, and the undocumented instruction ICEBP.
            --*/
            UCHAR    InterruptRedirection:1; // 12
            /*++
            - Global Debug. This bit has enjoyed an on-again, off-again relationship with Intel 
                documenteers. It all depends on which data book you get, and where you look. 
            If you look in early 80386 data books, it is described. But if you look in the 
                80386 Programmer's Reference Manual, it is omitted. Suit yourself, Intel.
            --*/
            UCHAR    GlobalDebug:1;          // 13
            /*++
            - TRace1 1=Generate special address cycles after code dis-continuities.
            On Pentium, these cycles are called Branch Trace Messages.
            Trace1= When set, the CPU generates a special cycle each time a code discontinuity 
                occurs.
            The ICE reads this special cycle and stores it in the trace data. This address helps
                the CPU reconstruct code sequences from the trace data -- since all fetch 
                discontinuity are logged by the setting of this bit. See also Branch Trace Messages 
                in Pentium TR12.
            --*/
            UCHAR    TRace1:1;               // 14
            /*++
            - Trace2 1=Unknown.
            Trace2= I don't know the exact purpose of this bit, but somehow it governs trace collection.
            By clearing this bit and resuming emulation (on an ICE) until the trace buffer is full, one 
            can observe that the ICE is unable to reconstruct the execution trace for many hundreds, and 
            sometimes thousands of CPU cycles.
            --*/
            UCHAR    TRace2:1;               // 15
            UCHAR    ConditionDr0:2;
            UCHAR    LenghtDr0:2;
            UCHAR    ConditionDr1:2;
            UCHAR    LenghtDr1:2;
            UCHAR    ConditionDr2:2;
            UCHAR    LenghtDr2:2;
            UCHAR    ConditionDr3:2;
            UCHAR    LenghtDr3:2;
        };
    };
    DESCRIPTOR Gdtr;
    DESCRIPTOR Idtr;
    USHORT Tr;
    USHORT Ldtr;
    ULONG Reserved[6];
} KSPECIAL_REGISTERS, *PKSPECIAL_REGISTERS;

Sandman framework. (c) 2008. Matthieu Suiche(msuiche [at] gmail.com)