source: vbox/trunk/src/VBox/VMM/VMMSwitcher/LegacyandAMD64.mac@ 45737

; VMM - World Switchers, 32Bit to AMD64.
;

;
; Copyright (C) 2006-2012 Oracle Corporation
;
; This file is part of VirtualBox Open Source Edition (OSE), as
; available from http://www.alldomusa.eu.org. This file is free software;
; you can redistribute it and/or modify it under the terms of the GNU
; General Public License (GPL) as published by the Free Software
; Foundation, in version 2 as it comes in the "COPYING" file of the
; VirtualBox OSE distribution. VirtualBox OSE is distributed in the
; hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
;

;%define DEBUG_STUFF 1
;%define STRICT_IF 1

;*******************************************************************************
;*  Defined Constants And Macros                                               *
;*******************************************************************************


;*******************************************************************************
;* Header Files                                                                *
;*******************************************************************************
%include "VBox/asmdefs.mac"
%include "VBox/apic.mac"
%include "iprt/x86.mac"
%include "VBox/vmm/cpum.mac"
%include "VBox/vmm/stam.mac"
%include "VBox/vmm/vm.mac"
%include "CPUMInternal.mac"
%include "VMMSwitcher.mac"


;
; Start the fixup records
;   We collect the fixups in the .data section as we go along
;   It is therefore VITAL that no-one is using the .data section
;   for anything else between 'Start' and 'End'.
;
BEGINDATA
GLOBALNAME Fixups



BEGINCODE
GLOBALNAME Start

BITS 32

;;
; The C interface.
; @param    [esp + 04h]  Param 1 - VM handle
; @param    [esp + 08h]  Param 2 - Offset from VM::CPUM to the CPUMCPU
;                                  structure for the calling EMT.
;
BEGINPROC vmmR0ToRawMode
%ifdef DEBUG_STUFF
    COM32_S_NEWLINE
    COM32_S_CHAR '^'
%endif

%ifdef VBOX_WITH_STATISTICS
    ;
    ; Switcher stats.
    ;
    FIXUP FIX_HC_VM_OFF, 1, VM.StatSwitcherToGC
    mov     edx, 0ffffffffh
    STAM_PROFILE_ADV_START edx
%endif

    push    ebp
    mov     ebp, [esp + 12]             ; CPUMCPU offset

    ; turn off interrupts
    pushf
    cli

    ;
    ; Call worker.
    ;
    FIXUP FIX_HC_CPUM_OFF, 1, 0
    mov     edx, 0ffffffffh
    push    cs                          ; allow for far return and restore cs correctly.
    call    NAME(vmmR0ToRawModeAsm)

%ifdef VBOX_WITH_VMMR0_DISABLE_LAPIC_NMI
    CPUM_FROM_CPUMCPU(edx)
    ; Restore blocked Local APIC NMI vectors
    mov     ecx, [edx + CPUM.fApicDisVectors]
    mov     edx, [edx + CPUM.pvApicBase]
    shr     ecx, 1
    jnc     gth_nolint0
    and     dword [edx + APIC_REG_LVT_LINT0], ~APIC_REG_LVT_MASKED
gth_nolint0:
    shr     ecx, 1
    jnc     gth_nolint1
    and     dword [edx + APIC_REG_LVT_LINT1], ~APIC_REG_LVT_MASKED
gth_nolint1:
    shr     ecx, 1
    jnc     gth_nopc
    and     dword [edx + APIC_REG_LVT_PC], ~APIC_REG_LVT_MASKED
gth_nopc:
    shr     ecx, 1
    jnc     gth_notherm
    and     dword [edx + APIC_REG_LVT_THMR], ~APIC_REG_LVT_MASKED
gth_notherm:
%endif

    ; restore original flags
    popf
    pop     ebp

%ifdef VBOX_WITH_STATISTICS
    ;
    ; Switcher stats.
    ;
    FIXUP FIX_HC_VM_OFF, 1, VM.StatSwitcherToHC
    mov     edx, 0ffffffffh
    STAM_PROFILE_ADV_STOP edx
%endif

    ret

ENDPROC vmmR0ToRawMode

; *****************************************************************************
; vmmR0ToRawModeAsm
;
; Phase one of the switch from host to guest context (host MMU context)
;
; INPUT:
;       - edx       virtual address of CPUM structure (valid in host context)
;       - ebp       offset of the CPUMCPU structure relative to CPUM.
;
; USES/DESTROYS:
;       - eax, ecx, edx, esi
;
; ASSUMPTION:
;       - current CS and DS selectors are wide open
;
; *****************************************************************************
ALIGNCODE(16)
BEGINPROC vmmR0ToRawModeAsm
    ;;
    ;; Save CPU host context
    ;;      Skip eax, edx and ecx as these are not preserved over calls.
    ;;
    CPUMCPU_FROM_CPUM_WITH_OFFSET edx, ebp
%ifdef VBOX_WITH_CRASHDUMP_MAGIC
    ; phys address of scratch page
    mov     eax, dword [edx + CPUMCPU.Guest.dr + 4*8]
    mov     cr2, eax

    mov dword [edx + CPUMCPU.Guest.dr + 4*8], 1
%endif

    ; general registers.
    mov     [edx + CPUMCPU.Host.ebx], ebx
    mov     [edx + CPUMCPU.Host.edi], edi
    mov     [edx + CPUMCPU.Host.esi], esi
    mov     [edx + CPUMCPU.Host.esp], esp
    mov     [edx + CPUMCPU.Host.ebp], ebp
    ; selectors.
    mov     [edx + CPUMCPU.Host.ds], ds
    mov     [edx + CPUMCPU.Host.es], es
    mov     [edx + CPUMCPU.Host.fs], fs
    mov     [edx + CPUMCPU.Host.gs], gs
    mov     [edx + CPUMCPU.Host.ss], ss
    ; special registers.
    sldt    [edx + CPUMCPU.Host.ldtr]
    sidt    [edx + CPUMCPU.Host.idtr]
    sgdt    [edx + CPUMCPU.Host.gdtr]
    str     [edx + CPUMCPU.Host.tr]

%ifdef VBOX_WITH_CRASHDUMP_MAGIC
    mov dword [edx + CPUMCPU.Guest.dr + 4*8], 2
%endif

%ifdef VBOX_WITH_VMMR0_DISABLE_LAPIC_NMI
    CPUM_FROM_CPUMCPU_WITH_OFFSET edx, ebp
    mov     ebx, [edx + CPUM.pvApicBase]
    or      ebx, ebx
    jz      htg_noapic
    mov     eax, [ebx + APIC_REG_LVT_LINT0]
    mov     ecx, eax
    and     ecx, (APIC_REG_LVT_MASKED | APIC_REG_LVT_MODE_MASK)
    cmp     ecx, APIC_REG_LVT_MODE_NMI
    jne     htg_nolint0
    or      edi, 0x01
    or      eax, APIC_REG_LVT_MASKED
    mov     [ebx + APIC_REG_LVT_LINT0], eax
    mov     eax, [ebx + APIC_REG_LVT_LINT0] ; write completion
htg_nolint0:
    mov     eax, [ebx + APIC_REG_LVT_LINT1]
    mov     ecx, eax
    and     ecx, (APIC_REG_LVT_MASKED | APIC_REG_LVT_MODE_MASK)
    cmp     ecx, APIC_REG_LVT_MODE_NMI
    jne     htg_nolint1
    or      edi, 0x02
    or      eax, APIC_REG_LVT_MASKED
    mov     [ebx + APIC_REG_LVT_LINT1], eax
    mov     eax, [ebx + APIC_REG_LVT_LINT1] ; write completion
htg_nolint1:
    mov     eax, [ebx + APIC_REG_LVT_PC]
    mov     ecx, eax
    and     ecx, (APIC_REG_LVT_MASKED | APIC_REG_LVT_MODE_MASK)
    cmp     ecx, APIC_REG_LVT_MODE_NMI
    jne     htg_nopc
    or      edi, 0x04
    or      eax, APIC_REG_LVT_MASKED
    mov     [ebx + APIC_REG_LVT_PC], eax
    mov     eax, [ebx + APIC_REG_LVT_PC] ; write completion
htg_nopc:
    mov     eax, [ebx + APIC_REG_VERSION]
    shr     eax, 16
    cmp     al, 5
    jb      htg_notherm
    mov     eax, [ebx + APIC_REG_LVT_THMR]
    mov     ecx, eax
    and     ecx, (APIC_REG_LVT_MASKED | APIC_REG_LVT_MODE_MASK)
    cmp     ecx, APIC_REG_LVT_MODE_NMI
    jne     htg_notherm
    or      edi, 0x08
    or      eax, APIC_REG_LVT_MASKED
    mov     [ebx + APIC_REG_LVT_THMR], eax
    mov     eax, [ebx + APIC_REG_LVT_THMR] ; write completion
htg_notherm:
    mov     [edx + CPUM.fApicDisVectors], edi
htg_noapic:
    CPUMCPU_FROM_CPUM_WITH_OFFSET edx, ebp
%endif

    ; control registers.
    mov     eax, cr0
    mov     [edx + CPUMCPU.Host.cr0], eax
    ;Skip cr2; assume host os don't stuff things in cr2. (safe)
    mov     eax, cr3
    mov     [edx + CPUMCPU.Host.cr3], eax
    mov     eax, cr4
    mov     [edx + CPUMCPU.Host.cr4], eax

    ; save the host EFER msr
    mov     ebx, edx
    mov     ecx, MSR_K6_EFER
    rdmsr
    mov     [ebx + CPUMCPU.Host.efer], eax
    mov     [ebx + CPUMCPU.Host.efer + 4], edx
    mov     edx, ebx

%ifdef VBOX_WITH_CRASHDUMP_MAGIC
    mov dword [edx + CPUMCPU.Guest.dr + 4*8], 3
%endif

    ; Load new gdt so we can do a far jump after going into 64 bits mode
    lgdt    [edx + CPUMCPU.Hyper.gdtr]

%ifdef VBOX_WITH_CRASHDUMP_MAGIC
    mov dword [edx + CPUMCPU.Guest.dr + 4*8], 4
%endif

    ;;
    ;; Load Intermediate memory context.
    ;;
    FIXUP SWITCHER_FIX_INTER_CR3_HC, 1
    mov     eax, 0ffffffffh
    mov     cr3, eax
    DEBUG_CHAR('?')

    ;;
    ;; Jump to identity mapped location
    ;;
    FIXUP FIX_HC_2_ID_NEAR_REL, 1, NAME(IDEnterTarget) - NAME(Start)
    jmp near NAME(IDEnterTarget)


    ; We're now on identity mapped pages!
ALIGNCODE(16)
GLOBALNAME IDEnterTarget
    DEBUG_CHAR('2')

    ; 1. Disable paging.
    mov     ebx, cr0
    and     ebx, ~X86_CR0_PG
    mov     cr0, ebx
    DEBUG_CHAR('2')

%ifdef VBOX_WITH_CRASHDUMP_MAGIC
    mov     eax, cr2
    mov     dword [eax], 3
%endif

    ; 2. Enable PAE.
    mov     ecx, cr4
    or      ecx, X86_CR4_PAE
    mov     cr4, ecx

    ; 3. Load long mode intermediate CR3.
    FIXUP FIX_INTER_AMD64_CR3, 1
    mov     ecx, 0ffffffffh
    mov     cr3, ecx
    DEBUG_CHAR('3')

%ifdef VBOX_WITH_CRASHDUMP_MAGIC
    mov     eax, cr2
    mov     dword [eax], 4
%endif

    ; 4. Enable long mode.
    mov     esi, edx
    mov     ecx, MSR_K6_EFER
    rdmsr
    FIXUP FIX_EFER_OR_MASK, 1
    or      eax, 0ffffffffh
    and     eax, ~(MSR_K6_EFER_FFXSR) ; turn off fast fxsave/fxrstor (skipping xmm regs)
    wrmsr
    mov     edx, esi
    DEBUG_CHAR('4')

%ifdef VBOX_WITH_CRASHDUMP_MAGIC
    mov     eax, cr2
    mov     dword [eax], 5
%endif

    ; 5. Enable paging.
    or      ebx, X86_CR0_PG
    ; Disable ring 0 write protection too
    and     ebx, ~X86_CR0_WRITE_PROTECT
    mov     cr0, ebx
    DEBUG_CHAR('5')

    ; Jump from compatibility mode to 64-bit mode.
    FIXUP FIX_ID_FAR32_TO_64BIT_MODE, 1, NAME(IDEnter64Mode) - NAME(Start)
    jmp     0ffffh:0fffffffeh

    ;
    ; We're in 64-bit mode (ds, ss, es, fs, gs are all bogus).
BITS 64
ALIGNCODE(16)
NAME(IDEnter64Mode):
    DEBUG_CHAR('6')
    jmp     [NAME(pICEnterTarget) wrt rip]

; 64-bit jump target
NAME(pICEnterTarget):
FIXUP FIX_HC_64BIT_NOCHECK, 0, NAME(ICEnterTarget) - NAME(Start)
dq 0ffffffffffffffffh

; 64-bit pCpum address.
NAME(pCpumIC):
FIXUP FIX_GC_64_BIT_CPUM_OFF, 0, 0
dq 0ffffffffffffffffh

%ifdef VBOX_WITH_CRASHDUMP_MAGIC
NAME(pMarker):
db 'Switch_marker'
%endif

    ;
    ; When we arrive here we're in 64 bits mode in the intermediate context
    ;
ALIGNCODE(16)
GLOBALNAME ICEnterTarget
    ; Load CPUM pointer into rdx
    mov     rdx, [NAME(pCpumIC) wrt rip]
    CPUMCPU_FROM_CPUM_WITH_OFFSET edx, ebp

    mov     rax, cs
    mov     ds, rax
    mov     es, rax

    ; Invalidate fs & gs
    mov     rax, 0
    mov     fs, rax
    mov     gs, rax

%ifdef VBOX_WITH_CRASHDUMP_MAGIC
    mov dword [rdx + CPUMCPU.Guest.dr + 4*8], 5
%endif

    ; Setup stack.
    DEBUG_CHAR('7')
    mov     rsp, 0
    mov     eax, [rdx + CPUMCPU.Hyper.ss.Sel]
    mov     ss, ax
    mov     esp, [rdx + CPUMCPU.Hyper.esp]

%ifdef VBOX_WITH_CRASHDUMP_MAGIC
    mov dword [rdx + CPUMCPU.Guest.dr + 4*8], 6
%endif


    ; load the hypervisor function address
    mov     r9, [rdx + CPUMCPU.Hyper.eip]

    ; Check if we need to restore the guest FPU state
    mov     esi, [rdx + CPUMCPU.fUseFlags] ; esi == use flags.
    test    esi, CPUM_SYNC_FPU_STATE
    jz      near gth_fpu_no

%ifdef VBOX_WITH_CRASHDUMP_MAGIC
    mov dword [rdx + CPUMCPU.Guest.dr + 4*8], 7
%endif

    mov     rax, cr0
    mov     rcx, rax                    ; save old CR0
    and     rax, ~(X86_CR0_TS | X86_CR0_EM)
    mov     cr0, rax
    fxrstor [rdx + CPUMCPU.Guest.fpu]
    mov     cr0, rcx                    ; and restore old CR0 again

    and     dword [rdx + CPUMCPU.fUseFlags], ~CPUM_SYNC_FPU_STATE

gth_fpu_no:
    ; Check if we need to restore the guest debug state
    test    esi, CPUM_SYNC_DEBUG_STATE
    jz      near gth_debug_no

%ifdef VBOX_WITH_CRASHDUMP_MAGIC
    mov dword [rdx + CPUMCPU.Guest.dr + 4*8], 8
%endif

    mov     rax, qword [rdx + CPUMCPU.Guest.dr + 0*8]
    mov     dr0, rax
    mov     rax, qword [rdx + CPUMCPU.Guest.dr + 1*8]
    mov     dr1, rax
    mov     rax, qword [rdx + CPUMCPU.Guest.dr + 2*8]
    mov     dr2, rax
    mov     rax, qword [rdx + CPUMCPU.Guest.dr + 3*8]
    mov     dr3, rax
    mov     rax, qword [rdx + CPUMCPU.Guest.dr + 6*8]
    mov     dr6, rax    ; not required for AMD-V

    and     dword [rdx + CPUMCPU.fUseFlags], ~CPUM_SYNC_DEBUG_STATE

gth_debug_no:

%ifdef VBOX_WITH_CRASHDUMP_MAGIC
    mov dword [rdx + CPUMCPU.Guest.dr + 4*8], 9
%endif

    ; parameter for all helper functions (pCtx)
    lea     rsi, [rdx + CPUMCPU.Guest.fpu]
    call    r9

    ; Load CPUM pointer into rdx
    mov     rdx, [NAME(pCpumIC) wrt rip]
    CPUMCPU_FROM_CPUM_WITH_OFFSET edx, ebp

%ifdef VBOX_WITH_CRASHDUMP_MAGIC
    mov dword [rdx + CPUMCPU.Guest.dr + 4*8], 10
%endif

    ; Save the return code
    mov     dword [rdx + CPUMCPU.u32RetCode], eax

    ; now let's switch back
    jmp     NAME(vmmRCToHostAsm)   ; rax = returncode.

ENDPROC vmmR0ToRawModeAsm


;;
; Trampoline for doing a call when starting the hyper visor execution.
;
; Push any arguments to the routine.
; Push the argument frame size (cArg * 4).
; Push the call target (_cdecl convention).
; Push the address of this routine.
;
;
BITS 64
ALIGNCODE(16)
BEGINPROC vmmRCCallTrampoline
%ifdef DEBUG_STUFF
    COM64_S_CHAR 'c'
    COM64_S_CHAR 't'
    COM64_S_CHAR '!'
%endif
    int3
ENDPROC vmmRCCallTrampoline


;;
; The C interface.
;
BITS 64
ALIGNCODE(16)
BEGINPROC vmmRCToHost
%ifdef DEBUG_STUFF
    push    rsi
    COM_NEWLINE
    DEBUG_CHAR('b')
    DEBUG_CHAR('a')
    DEBUG_CHAR('c')
    DEBUG_CHAR('k')
    DEBUG_CHAR('!')
    COM_NEWLINE
    pop     rsi
%endif
    int3
ENDPROC vmmRCToHost

;;
; vmmRCToHostAsm
;
; This is an alternative entry point which we'll be using
; when the we have saved the guest state already or we haven't
; been messing with the guest at all.
;
; @param    eax     Return code.
; @uses     eax, edx, ecx (or it may use them in the future)
;
BITS 64
ALIGNCODE(16)
BEGINPROC vmmRCToHostAsm
NAME(vmmRCToHostAsmNoReturn):
    ;; We're still in the intermediate memory context!

    ;;
    ;; Switch to compatibility mode, placing ourselves in identity mapped code.
    ;;
    jmp far [NAME(fpIDEnterTarget) wrt rip]

; 16:32 Pointer to IDEnterTarget.
NAME(fpIDEnterTarget):
    FIXUP FIX_ID_32BIT, 0, NAME(IDExitTarget) - NAME(Start)
dd  0
    FIXUP FIX_HYPER_CS, 0
dd  0

    ; We're now on identity mapped pages!
ALIGNCODE(16)
GLOBALNAME IDExitTarget
BITS 32
    DEBUG_CHAR('1')

    ; 1. Deactivate long mode by turning off paging.
    mov     ebx, cr0
    and     ebx, ~X86_CR0_PG
    mov     cr0, ebx
    DEBUG_CHAR('2')

    ; 2. Load intermediate page table.
    FIXUP SWITCHER_FIX_INTER_CR3_HC, 1
    mov     edx, 0ffffffffh
    mov     cr3, edx
    DEBUG_CHAR('3')

    ; 3. Disable long mode.
    mov     ecx, MSR_K6_EFER
    rdmsr
    DEBUG_CHAR('5')
    and     eax, ~(MSR_K6_EFER_LME)
    wrmsr
    DEBUG_CHAR('6')

%ifndef NEED_PAE_ON_HOST
    ; 3b. Disable PAE.
    mov     eax, cr4
    and     eax, ~X86_CR4_PAE
    mov     cr4, eax
    DEBUG_CHAR('7')
%endif

    ; 4. Enable paging.
    or      ebx, X86_CR0_PG
    mov     cr0, ebx
    jmp short just_a_jump
just_a_jump:
    DEBUG_CHAR('8')

    ;;
    ;; 5. Jump to guest code mapping of the code and load the Hypervisor CS.
    ;;
    FIXUP FIX_ID_2_HC_NEAR_REL, 1, NAME(ICExitTarget) - NAME(Start)
    jmp near NAME(ICExitTarget)

    ;;
    ;; When we arrive at this label we're at the
    ;; intermediate mapping of the switching code.
    ;;
BITS 32
ALIGNCODE(16)
GLOBALNAME ICExitTarget
    DEBUG_CHAR('8')

    ; load the hypervisor data selector into ds & es
    FIXUP FIX_HYPER_DS, 1
    mov     eax, 0ffffh
    mov     ds, eax
    mov     es, eax

    FIXUP FIX_GC_CPUM_OFF, 1, 0
    mov     edx, 0ffffffffh
    CPUMCPU_FROM_CPUM_WITH_OFFSET edx, ebp
    mov     esi, [edx + CPUMCPU.Host.cr3]
    mov     cr3, esi

    ;; now we're in host memory context, let's restore regs
    FIXUP FIX_HC_CPUM_OFF, 1, 0
    mov     edx, 0ffffffffh
    CPUMCPU_FROM_CPUM_WITH_OFFSET edx, ebp

    ; restore the host EFER
    mov     ebx, edx
    mov     ecx, MSR_K6_EFER
    mov     eax, [ebx + CPUMCPU.Host.efer]
    mov     edx, [ebx + CPUMCPU.Host.efer + 4]
    wrmsr
    mov     edx, ebx

    ; activate host gdt and idt
    lgdt    [edx + CPUMCPU.Host.gdtr]
    DEBUG_CHAR('0')
    lidt    [edx + CPUMCPU.Host.idtr]
    DEBUG_CHAR('1')

    ; Restore TSS selector; must mark it as not busy before using ltr (!)
    ; ASSUME that this is supposed to be 'BUSY'. (saves 20-30 ticks on the T42p)
    movzx   eax, word [edx + CPUMCPU.Host.tr]          ; eax <- TR
    and     al, 0F8h                                ; mask away TI and RPL bits, get descriptor offset.
    add     eax, [edx + CPUMCPU.Host.gdtr + 2]         ; eax <- GDTR.address + descriptor offset.
    and     dword [eax + 4], ~0200h                 ; clear busy flag (2nd type2 bit)
    ltr     word [edx + CPUMCPU.Host.tr]

    ; activate ldt
    DEBUG_CHAR('2')
    lldt    [edx + CPUMCPU.Host.ldtr]

    ; Restore segment registers
    mov     eax, [edx + CPUMCPU.Host.ds]
    mov     ds, eax
    mov     eax, [edx + CPUMCPU.Host.es]
    mov     es, eax
    mov     eax, [edx + CPUMCPU.Host.fs]
    mov     fs, eax
    mov     eax, [edx + CPUMCPU.Host.gs]
    mov     gs, eax
    ; restore stack
    lss     esp, [edx + CPUMCPU.Host.esp]

    ; Control registers.
    mov     ecx, [edx + CPUMCPU.Host.cr4]
    mov     cr4, ecx
    mov     ecx, [edx + CPUMCPU.Host.cr0]
    mov     cr0, ecx
    ;mov     ecx, [edx + CPUMCPU.Host.cr2] ; assumes this is waste of time.
    ;mov     cr2, ecx

    ; restore general registers.
    mov     edi, [edx + CPUMCPU.Host.edi]
    mov     esi, [edx + CPUMCPU.Host.esi]
    mov     ebx, [edx + CPUMCPU.Host.ebx]
    mov     ebp, [edx + CPUMCPU.Host.ebp]

    ; store the return code in eax
    mov     eax, [edx + CPUMCPU.u32RetCode]
    retf
ENDPROC vmmRCToHostAsm


GLOBALNAME End
;
; The description string (in the text section).
;
NAME(Description):
    db SWITCHER_DESCRIPTION
    db 0

extern NAME(Relocate)

;
; End the fixup records.
;
BEGINDATA
    db FIX_THE_END                      ; final entry.
GLOBALNAME FixupsEnd

;;
; The switcher definition structure.
ALIGNDATA(16)
GLOBALNAME Def
    istruc VMMSWITCHERDEF
        at VMMSWITCHERDEF.pvCode,                       RTCCPTR_DEF NAME(Start)
        at VMMSWITCHERDEF.pvFixups,                     RTCCPTR_DEF NAME(Fixups)
        at VMMSWITCHERDEF.pszDesc,                      RTCCPTR_DEF NAME(Description)
        at VMMSWITCHERDEF.pfnRelocate,                  RTCCPTR_DEF NAME(Relocate)
        at VMMSWITCHERDEF.enmType,                      dd SWITCHER_TYPE
        at VMMSWITCHERDEF.cbCode,                       dd NAME(End)                        - NAME(Start)
        at VMMSWITCHERDEF.offR0ToRawMode,               dd NAME(vmmR0ToRawMode)             - NAME(Start)
        at VMMSWITCHERDEF.offRCToHost,                  dd NAME(vmmRCToHost)                - NAME(Start)
        at VMMSWITCHERDEF.offRCCallTrampoline,          dd NAME(vmmRCCallTrampoline)        - NAME(Start)
        at VMMSWITCHERDEF.offRCToHostAsm,               dd NAME(vmmRCToHostAsm)             - NAME(Start)
        at VMMSWITCHERDEF.offRCToHostAsmNoReturn,       dd NAME(vmmRCToHostAsmNoReturn)     - NAME(Start)
        ; disasm help
        at VMMSWITCHERDEF.offHCCode0,                   dd 0
        at VMMSWITCHERDEF.cbHCCode0,                    dd NAME(IDEnterTarget)              - NAME(Start)
        at VMMSWITCHERDEF.offHCCode1,                   dd NAME(ICExitTarget)               - NAME(Start)
        at VMMSWITCHERDEF.cbHCCode1,                    dd NAME(End)                        - NAME(ICExitTarget)
        at VMMSWITCHERDEF.offIDCode0,                   dd NAME(IDEnterTarget)              - NAME(Start)
        at VMMSWITCHERDEF.cbIDCode0,                    dd NAME(ICEnterTarget)              - NAME(IDEnterTarget)
        at VMMSWITCHERDEF.offIDCode1,                   dd NAME(IDExitTarget)               - NAME(Start)
        at VMMSWITCHERDEF.cbIDCode1,                    dd NAME(ICExitTarget)               - NAME(Start)
        at VMMSWITCHERDEF.offGCCode,                    dd 0
        at VMMSWITCHERDEF.cbGCCode,                     dd 0

    iend