Add Microsoft Windows wProcessorRevision field of various structures, describing processor revision

windows/windows_minidump.ksy

@@ -6,6 +6,9 @@ meta:
     - mdmp
   license: CC0-1.0
   endian: le
+  imports:
+    - /windows/windows_processor_architecture
+    - /windows/windows_processor_revision
 doc: |
   Windows MiniDump (MDMP) file provides a concise way to store process
   core dumps, which is useful for debugging. Given its small size,
@@ -84,14 +87,14 @@ types:
     seq:
       - id: cpu_arch
         -orig-id: ProcessorArchitecture
-        type: u2
-        enum: cpu_archs
+        size: 2
+        type: windows_processor_architecture
       - id: cpu_level
         -orig-id: ProcessorLevel
         type: u2
       - id: cpu_revision
         -orig-id: ProcessorRevision
-        type: u2
+        type: windows_processor_revision(cpu_arch, cpu_level)
       - id: num_cpus
         -orig-id: NumberOfProcessors
         type: u1
@@ -124,13 +127,6 @@ types:
         pos: ofs_service_pack
         type: minidump_string
         if: ofs_service_pack > 0
-    enums:
-      cpu_archs:
-        0: intel
-        5: arm
-        6: ia64
-        9: amd64
-        0xffff: unknown
   misc_info:
     doc-ref: https://learn.microsoft.com/en-us/windows/win32/api/minidumpapiset/ns-minidumpapiset-minidump_misc_info
     # https://learn.microsoft.com/en-us/windows/win32/api/minidumpapiset/ns-minidumpapiset-minidump_misc_info_2

windows/windows_processor_architecture.ksy

@@ -0,0 +1,84 @@
+meta:
+  id: windows_processor_architecture
+  title: Microsoft Windows `dwOemId` union or just its `wProcessorArchitecture` field of various structures, describing general processor architecture
+  license: Unlicese
+  endian: le
+doc-ref:
+  - https://learn.microsoft.com/en-us/previous-versions/ms942639(v=msdn.10)
+  - https://github.com/reactos/reactos/blob/fe777bb52f67921b26bf5791b06a5c712f5be3f6/sdk/include/ndk/ketypes.h#L105-L115
+  - https://github.com/reactos/reactos/blob/4363e74ddcb26a528c2723ab0afe5af3443bde6f/sdk/include/xdk/winnt_old.h#L448-L458
+  - https://github.com/mirror/mingw-w64/blob/0f2264e7b8fedbe225921367e82aeb97ddfed46b/mingw-w64-headers/include/winnt.h#L5472-L5488
+doc: |
+  Stores the info about Windows processor archiectures. By default takes 4 bytes with the second `reserved` field`. Limit to 2 bytes if you don't need that.
+-orig-id: dwOemId
+seq:
+  - id: arch
+    -orig-id: wProcessorArchitecture
+    type: u2
+    enum: arch
+  - id: reserved
+    -orig-id: wReserved
+    type: u2
+    if: with_reserved
+instances:
+  with_reserved:
+    value: _io.size - _io.pos >= 2
+  oem_id:
+    -orig-id: dwOemId
+    value: (reserved << 16) | arch.to_i
+    if: with_reserved
+enums:
+  arch:
+    0:
+      id: intel
+      -orig-id: PROCESSOR_ARCHITECTURE_INTEL
+      doc: x86
+    1:
+      id: mips
+      -orig-id: PROCESSOR_ARCHITECTURE_MIPS
+    2:
+      id: alpha
+      -orig-id: PROCESSOR_ARCHITECTURE_ALPHA
+    3:
+      id: ppc
+      -orig-id: PROCESSOR_ARCHITECTURE_PPC
+    4:
+      id: superh
+      -orig-id: PROCESSOR_ARCHITECTURE_SHX
+      doc: undocumented
+    5:
+      id: arm32
+      -orig-id: PROCESSOR_ARCHITECTURE_ARM
+    6:
+      id: ia64
+      -orig-id: PROCESSOR_ARCHITECTURE_IA64
+    7:
+      id: alpha64
+      -orig-id: PROCESSOR_ARCHITECTURE_ALPHA64
+      doc: undocumented
+    8:
+      id: msil
+      -orig-id: PROCESSOR_ARCHITECTURE_MSIL
+      doc: intermediate language for CLR, including OptIL
+    9:
+      id: x86_64
+      -orig-id: PROCESSOR_ARCHITECTURE_AMD64
+    10:
+      id: ia32_on_win64
+      -orig-id: PROCESSOR_ARCHITECTURE_IA32_ON_WIN64
+    11:
+      id: neutral
+      -orig-id: PROCESSOR_ARCHITECTURE_NEUTRAL
+    12:
+      id: aarch64
+      -orig-id: PROCESSOR_ARCHITECTURE_ARM64
+      doc: ARM64
+    13:
+      id: arm32_on_win64
+      -orig-id: PROCESSOR_ARCHITECTURE_ARM32_ON_WIN64
+    14:
+      id: ia32_on_arm64
+      -orig-id: PROCESSOR_ARCHITECTURE_IA32_ON_ARM64
+    0xFFFF:
+      id: unknown
+      -orig-id: PROCESSOR_ARCHITECTURE_UNKNOWN

windows/windows_processor_revision.ksy

@@ -0,0 +1,113 @@
+meta:
+  id: windows_processor_revision
+  title: Microsoft Windows `wProcessorRevision` field of various structures, describing processor revision
+  license: Unlicese
+  endian: le
+  ks-opaque-types: true
+  -affected-by: 703
+  imports:
+    - /windows/windows_processor_architecture
+doc-ref:
+  - https://learn.microsoft.com/en-us/windows/win32/api/sysinfoapi/ns-sysinfoapi-system_info
+  - https://learn.microsoft.com/en-us/previous-versions/ms942639(v=msdn.10)
+  - https://learn.microsoft.com/en-us/windows/win32/api/minidumpapiset/ns-minidumpapiset-minidump_system_info
+doc: |
+  Decodes the info about Windows processor revision.
+-orig-id: wProcessorRevision
+params:
+  - id: oem_id
+    type: windows_processor_architecture
+  - id: level
+    type: u2
+seq:
+  - id: revision
+    -orig-id: wProcessorRevision
+    size: 2
+    type:
+      switch-on: oem_id.arch
+      cases:
+        windows_processor_architecture::arch::intel: rev_x86
+        windows_processor_architecture::arch::x86_64: rev_x86
+        windows_processor_architecture::arch::ia32_on_win64: rev_x86
+        windows_processor_architecture::arch::mips: rev_mips
+        windows_processor_architecture::arch::alpha: rev_alpha
+        windows_processor_architecture::arch::alpha64: rev_alpha
+        windows_processor_architecture::arch::ppc: rev_ppc
+        _: u2
+types:
+  rev_x86:
+    seq:
+      - id: revision
+        size: 2
+        type:
+          switch-on: _parent.level
+          cases:
+            0: u2
+            1: u2
+            2: u2
+            3: u2
+            4: rev_i486
+            _: rev_i586
+    types:
+      rev_i486:
+        seq:
+          - id: value
+            size: 1
+            type:
+              switch-on: hi
+              cases:
+                0xFF: v1
+                _: v2(hi)
+        instances:
+          hi:
+            pos: 1
+            type: u1
+        types:
+          v1:
+            seq:
+              - id: y
+                type: b4
+              - id: stepping_id
+                type: b4
+            instances:
+              model_no:
+                value: y - 0xA
+          v2:
+            params:
+              - id: xx
+                type: u1
+            seq:
+              - id: minor_stepping
+                type: u1
+            instances:
+              stepping_letter:
+                value: xx + 0x41
+      rev_i586:
+        seq:
+          - id: stepping
+            type: u1
+          - id: model
+            type: u1
+  rev_mips:
+    seq:
+      - id: revision
+        type: u1
+        doc: low-order 8 bits of the PRId register
+      - id: unkn
+        type: u1
+        doc: according to the docs are 0
+  rev_alpha:
+    doc: low-order 16 bits of the processor revision number from the firmware
+    seq:
+      - id: pass
+        type: u1
+        doc: low-order 8 bits of the PRId register
+      - id: model
+        type: u1
+  rev_ppc:
+    doc: low-order 16 bits of the Processor Version Register
+    seq:
+      - id: minor
+        type: u1
+      - id: major
+        type: u1