2 * Win32 relay and snoop functions
4 * Copyright 1997 Alexandre Julliard
5 * Copyright 1998 Marcus Meissner
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
23 #include "wine/port.h"
31 #define WIN32_NO_STATUS
34 #include "wine/exception.h"
35 #include "ntdll_misc.h"
36 #include "wine/unicode.h"
37 #include "wine/debug.h"
39 WINE_DEFAULT_DEBUG_CHANNEL(relay);
41 #if defined(__i386__) || defined(__x86_64__)
43 WINE_DECLARE_DEBUG_CHANNEL(timestamp);
45 struct relay_descr /* descriptor for a module */
47 void *magic; /* signature */
48 void *relay_call; /* functions to call from relay thunks */
49 void *relay_call_regs;
50 void *private; /* reserved for the relay code private data */
51 const char *entry_point_base; /* base address of entry point thunks */
52 const unsigned int *entry_point_offsets; /* offsets of entry points thunks */
53 const unsigned int *arg_types; /* table of argument types for all entry points */
56 #define RELAY_DESCR_MAGIC ((void *)0xdeb90001)
57 #define IS_INTARG(x) (((ULONG_PTR)(x) >> 16) == 0)
59 /* private data built at dll load time */
61 struct relay_entry_point
63 void *orig_func; /* original entry point function */
64 const char *name; /* function name (if any) */
67 struct relay_private_data
69 HMODULE module; /* module handle of this dll */
70 unsigned int base; /* ordinal base */
71 char dllname[40]; /* dll name (without .dll extension) */
72 struct relay_entry_point entry_points[1]; /* list of dll entry points */
75 static const WCHAR **debug_relay_excludelist;
76 static const WCHAR **debug_relay_includelist;
77 static const WCHAR **debug_snoop_excludelist;
78 static const WCHAR **debug_snoop_includelist;
79 static const WCHAR **debug_from_relay_excludelist;
80 static const WCHAR **debug_from_relay_includelist;
81 static const WCHAR **debug_from_snoop_excludelist;
82 static const WCHAR **debug_from_snoop_includelist;
84 static BOOL init_done;
86 /* compare an ASCII and a Unicode string without depending on the current codepage */
87 static inline int strcmpAW( const char *strA, const WCHAR *strW )
89 while (*strA && ((unsigned char)*strA == *strW)) { strA++; strW++; }
90 return (unsigned char)*strA - *strW;
93 /* compare an ASCII and a Unicode string without depending on the current codepage */
94 static inline int strncmpiAW( const char *strA, const WCHAR *strW, int n )
97 for ( ; n > 0; n--, strA++, strW++)
98 if ((ret = toupperW((unsigned char)*strA) - toupperW(*strW)) || !*strA) break;
102 /***********************************************************************
105 * Build a function list from a ';'-separated string.
107 static const WCHAR **build_list( const WCHAR *buffer )
110 const WCHAR *p = buffer;
113 while ((p = strchrW( p, ';' )))
118 /* allocate count+1 pointers, plus the space for a copy of the string */
119 if ((ret = RtlAllocateHeap( GetProcessHeap(), 0,
120 (count+1) * sizeof(WCHAR*) + (strlenW(buffer)+1) * sizeof(WCHAR) )))
122 WCHAR *str = (WCHAR *)(ret + count + 1);
125 strcpyW( str, buffer );
130 if (!(q = strchrW( q, ';' ))) break;
138 /***********************************************************************
141 * Load a function list from a registry value.
143 static const WCHAR **load_list( HKEY hkey, const WCHAR *value )
145 char initial_buffer[4096];
146 char *buffer = initial_buffer;
150 const WCHAR **list = NULL;
152 RtlInitUnicodeString( &name, value );
153 status = NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(initial_buffer), &count );
154 if (status == STATUS_BUFFER_OVERFLOW)
156 buffer = RtlAllocateHeap( GetProcessHeap(), 0, count );
157 status = NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, count, &count );
159 if (status == STATUS_SUCCESS)
161 WCHAR *str = (WCHAR *)((KEY_VALUE_PARTIAL_INFORMATION *)buffer)->Data;
162 list = build_list( str );
163 if (list) TRACE( "%s = %s\n", debugstr_w(value), debugstr_w(str) );
166 if (buffer != initial_buffer) RtlFreeHeap( GetProcessHeap(), 0, buffer );
170 /***********************************************************************
173 * Build the relay include/exclude function lists.
175 static void init_debug_lists(void)
177 OBJECT_ATTRIBUTES attr;
180 static const WCHAR configW[] = {'S','o','f','t','w','a','r','e','\\',
181 'W','i','n','e','\\',
182 'D','e','b','u','g',0};
183 static const WCHAR RelayIncludeW[] = {'R','e','l','a','y','I','n','c','l','u','d','e',0};
184 static const WCHAR RelayExcludeW[] = {'R','e','l','a','y','E','x','c','l','u','d','e',0};
185 static const WCHAR SnoopIncludeW[] = {'S','n','o','o','p','I','n','c','l','u','d','e',0};
186 static const WCHAR SnoopExcludeW[] = {'S','n','o','o','p','E','x','c','l','u','d','e',0};
187 static const WCHAR RelayFromIncludeW[] = {'R','e','l','a','y','F','r','o','m','I','n','c','l','u','d','e',0};
188 static const WCHAR RelayFromExcludeW[] = {'R','e','l','a','y','F','r','o','m','E','x','c','l','u','d','e',0};
189 static const WCHAR SnoopFromIncludeW[] = {'S','n','o','o','p','F','r','o','m','I','n','c','l','u','d','e',0};
190 static const WCHAR SnoopFromExcludeW[] = {'S','n','o','o','p','F','r','o','m','E','x','c','l','u','d','e',0};
192 if (init_done) return;
195 RtlOpenCurrentUser( KEY_ALL_ACCESS, &root );
196 attr.Length = sizeof(attr);
197 attr.RootDirectory = root;
198 attr.ObjectName = &name;
200 attr.SecurityDescriptor = NULL;
201 attr.SecurityQualityOfService = NULL;
202 RtlInitUnicodeString( &name, configW );
204 /* @@ Wine registry key: HKCU\Software\Wine\Debug */
205 if (NtOpenKey( &hkey, KEY_ALL_ACCESS, &attr )) hkey = 0;
209 debug_relay_includelist = load_list( hkey, RelayIncludeW );
210 debug_relay_excludelist = load_list( hkey, RelayExcludeW );
211 debug_snoop_includelist = load_list( hkey, SnoopIncludeW );
212 debug_snoop_excludelist = load_list( hkey, SnoopExcludeW );
213 debug_from_relay_includelist = load_list( hkey, RelayFromIncludeW );
214 debug_from_relay_excludelist = load_list( hkey, RelayFromExcludeW );
215 debug_from_snoop_includelist = load_list( hkey, SnoopFromIncludeW );
216 debug_from_snoop_excludelist = load_list( hkey, SnoopFromExcludeW );
222 /***********************************************************************
225 * Check if a given module and function is in the list.
227 static BOOL check_list( const char *module, int ordinal, const char *func, const WCHAR *const *list )
231 sprintf( ord_str, "%d", ordinal );
234 const WCHAR *p = strrchrW( *list, '.' );
235 if (p && p > *list) /* check module and function */
238 if (strncmpiAW( module, *list, len-1 ) || module[len]) continue;
239 if (p[1] == '*' && !p[2]) return TRUE;
240 if (!strcmpAW( ord_str, p + 1 )) return TRUE;
241 if (func && !strcmpAW( func, p + 1 )) return TRUE;
243 else /* function only */
245 if (func && !strcmpAW( func, *list )) return TRUE;
252 /***********************************************************************
253 * check_relay_include
255 * Check if a given function must be included in the relay output.
257 static BOOL check_relay_include( const char *module, int ordinal, const char *func )
259 if (debug_relay_excludelist && check_list( module, ordinal, func, debug_relay_excludelist ))
261 if (debug_relay_includelist && !check_list( module, ordinal, func, debug_relay_includelist ))
266 /***********************************************************************
269 * Check if calls from a given module must be included in the relay/snoop output,
270 * given the exclusion and inclusion lists.
272 static BOOL check_from_module( const WCHAR **includelist, const WCHAR **excludelist, const WCHAR *module )
274 static const WCHAR dllW[] = {'.','d','l','l',0 };
275 const WCHAR **listitem;
278 if (!module) return TRUE;
279 if (!includelist && !excludelist) return TRUE;
283 listitem = excludelist;
288 listitem = includelist;
290 for(; *listitem; listitem++)
294 if (!strcmpiW( *listitem, module )) return !show;
295 len = strlenW( *listitem );
296 if (!strncmpiW( *listitem, module, len ) && !strcmpiW( module + len, dllW ))
302 /***********************************************************************
305 static inline void RELAY_PrintArgs( const INT_PTR *args, int nb_args, unsigned int typemask )
309 if ((typemask & 3) && !IS_INTARG(*args))
312 DPRINTF( "%08lx %s", *args, debugstr_w((LPCWSTR)*args) );
314 DPRINTF( "%08lx %s", *args, debugstr_a((LPCSTR)*args) );
316 else DPRINTF( "%08lx", *args );
317 if (nb_args) DPRINTF( "," );
323 extern LONGLONG CDECL call_entry_point( void *func, int nb_args, const INT_PTR *args, int flags );
325 __ASM_GLOBAL_FUNC( call_entry_point,
327 __ASM_CFI(".cfi_adjust_cfa_offset 4\n\t")
328 __ASM_CFI(".cfi_rel_offset %ebp,0\n\t")
330 __ASM_CFI(".cfi_def_cfa_register %ebp\n\t")
332 __ASM_CFI(".cfi_rel_offset %esi,-4\n\t")
334 __ASM_CFI(".cfi_rel_offset %edi,-8\n\t")
335 "movl 12(%ebp),%edx\n\t"
340 "movl 12(%ebp),%ecx\n\t"
341 "movl 16(%ebp),%esi\n\t"
345 "testl $2,20(%ebp)\n\t" /* (flags & 2) -> thiscall */
348 "1:\tcall *8(%ebp)\n\t"
349 "leal -8(%ebp),%esp\n\t"
351 __ASM_CFI(".cfi_same_value %edi\n\t")
353 __ASM_CFI(".cfi_same_value %esi\n\t")
355 __ASM_CFI(".cfi_def_cfa %esp,4\n\t")
356 __ASM_CFI(".cfi_same_value %ebp\n\t")
359 __ASM_GLOBAL_FUNC( call_entry_point,
361 __ASM_CFI(".cfi_adjust_cfa_offset 8\n\t")
362 __ASM_CFI(".cfi_rel_offset %rbp,0\n\t")
364 __ASM_CFI(".cfi_def_cfa_register %rbp\n\t")
366 __ASM_CFI(".cfi_rel_offset %rsi,-8\n\t")
368 __ASM_CFI(".cfi_rel_offset %rdi,-16\n\t")
372 "cmovgq %rdx,%rcx\n\t"
373 "leaq 0(,%rcx,8),%rdx\n\t"
379 "movq 0(%rsp),%rcx\n\t"
380 "movq 8(%rsp),%rdx\n\t"
381 "movq 16(%rsp),%r8\n\t"
382 "movq 24(%rsp),%r9\n\t"
383 "movq %rcx,%xmm0\n\t"
384 "movq %rdx,%xmm1\n\t"
388 "leaq -16(%rbp),%rsp\n\t"
390 __ASM_CFI(".cfi_same_value %rdi\n\t")
392 __ASM_CFI(".cfi_same_value %rsi\n\t")
393 __ASM_CFI(".cfi_def_cfa_register %rsp\n\t")
395 __ASM_CFI(".cfi_adjust_cfa_offset -8\n\t")
396 __ASM_CFI(".cfi_same_value %rbp\n\t")
401 static void print_timestamp(void)
403 ULONG ticks = NtGetTickCount();
404 DPRINTF( "%3u.%03u:", ticks / 1000, ticks % 1000 );
408 /***********************************************************************
411 * stack points to the return address, i.e. the first argument is stack[1].
413 static LONGLONG WINAPI relay_call( struct relay_descr *descr, unsigned int idx, const INT_PTR *stack )
416 WORD ordinal = LOWORD(idx);
417 BYTE nb_args = LOBYTE(HIWORD(idx));
418 BYTE flags = HIBYTE(HIWORD(idx));
419 struct relay_private_data *data = descr->private;
420 struct relay_entry_point *entry_point = data->entry_points + ordinal;
422 if (!TRACE_ON(relay))
423 ret = call_entry_point( entry_point->orig_func, nb_args, stack + 1, flags );
426 if (TRACE_ON(timestamp))
428 if (entry_point->name)
429 DPRINTF( "%04x:Call %s.%s(", GetCurrentThreadId(), data->dllname, entry_point->name );
431 DPRINTF( "%04x:Call %s.%u(", GetCurrentThreadId(), data->dllname, data->base + ordinal );
432 RELAY_PrintArgs( stack + 1, nb_args, descr->arg_types[ordinal] );
433 DPRINTF( ") ret=%08lx\n", stack[0] );
435 ret = call_entry_point( entry_point->orig_func, nb_args, stack + 1, flags );
437 if (TRACE_ON(timestamp))
439 if (entry_point->name)
440 DPRINTF( "%04x:Ret %s.%s()", GetCurrentThreadId(), data->dllname, entry_point->name );
442 DPRINTF( "%04x:Ret %s.%u()", GetCurrentThreadId(), data->dllname, data->base + ordinal );
444 if (flags & 1) /* 64-bit return value */
445 DPRINTF( " retval=%08x%08x ret=%08lx\n",
446 (UINT)(ret >> 32), (UINT)ret, stack[0] );
448 DPRINTF( " retval=%08lx ret=%08lx\n", (UINT_PTR)ret, stack[0] );
454 /***********************************************************************
458 void WINAPI __regs_relay_call_regs( struct relay_descr *descr, unsigned int idx,
459 unsigned int orig_eax, unsigned int ret_addr,
462 WORD ordinal = LOWORD(idx);
463 BYTE nb_args = LOBYTE(HIWORD(idx));
464 struct relay_private_data *data = descr->private;
465 struct relay_entry_point *entry_point = data->entry_points + ordinal;
466 BYTE *orig_func = entry_point->orig_func;
467 INT_PTR *args = (INT_PTR *)context->Esp;
468 INT_PTR args_copy[32];
470 /* restore the context to what it was before the relay thunk */
471 context->Eax = orig_eax;
472 context->Eip = ret_addr;
473 context->Esp += nb_args * sizeof(int);
477 if (entry_point->name)
478 DPRINTF( "%04x:Call %s.%s(", GetCurrentThreadId(), data->dllname, entry_point->name );
480 DPRINTF( "%04x:Call %s.%u(", GetCurrentThreadId(), data->dllname, data->base + ordinal );
481 RELAY_PrintArgs( args, nb_args, descr->arg_types[ordinal] );
482 DPRINTF( ") ret=%08x\n", ret_addr );
484 DPRINTF( "%04x: eax=%08x ebx=%08x ecx=%08x edx=%08x esi=%08x edi=%08x "
485 "ebp=%08x esp=%08x ds=%04x es=%04x fs=%04x gs=%04x flags=%08x\n",
486 GetCurrentThreadId(), context->Eax, context->Ebx, context->Ecx,
487 context->Edx, context->Esi, context->Edi, context->Ebp, context->Esp,
488 context->SegDs, context->SegEs, context->SegFs, context->SegGs, context->EFlags );
490 assert( orig_func[0] == 0x68 /* pushl func */ );
491 assert( orig_func[5] == 0x6a /* pushl args */ );
492 assert( orig_func[7] == 0xe8 /* call */ );
495 /* now call the real function */
497 memcpy( args_copy, args, nb_args * sizeof(args[0]) );
498 args_copy[nb_args++] = (INT_PTR)context; /* append context argument */
500 call_entry_point( orig_func + 12 + *(int *)(orig_func + 1), nb_args, args_copy, 0 );
505 if (entry_point->name)
506 DPRINTF( "%04x:Ret %s.%s() retval=%08x ret=%08x\n",
507 GetCurrentThreadId(), data->dllname, entry_point->name,
508 context->Eax, context->Eip );
510 DPRINTF( "%04x:Ret %s.%u() retval=%08x ret=%08x\n",
511 GetCurrentThreadId(), data->dllname, data->base + ordinal,
512 context->Eax, context->Eip );
513 DPRINTF( "%04x: eax=%08x ebx=%08x ecx=%08x edx=%08x esi=%08x edi=%08x "
514 "ebp=%08x esp=%08x ds=%04x es=%04x fs=%04x gs=%04x flags=%08x\n",
515 GetCurrentThreadId(), context->Eax, context->Ebx, context->Ecx,
516 context->Edx, context->Esi, context->Edi, context->Ebp, context->Esp,
517 context->SegDs, context->SegEs, context->SegFs, context->SegGs, context->EFlags );
520 extern void WINAPI relay_call_regs(void);
521 DEFINE_REGS_ENTRYPOINT( relay_call_regs, 4 )
525 void WINAPI relay_call_regs( struct relay_descr *descr, INT_PTR idx, INT_PTR *stack )
527 assert(0); /* should never be called */
530 #endif /* __i386__ */
533 /***********************************************************************
534 * RELAY_GetProcAddress
536 * Return the proc address to use for a given function.
538 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
539 DWORD exp_size, FARPROC proc, DWORD ordinal, const WCHAR *user )
541 struct relay_private_data *data;
542 const struct relay_descr *descr = (const struct relay_descr *)((const char *)exports + exp_size);
544 if (descr->magic != RELAY_DESCR_MAGIC || !(data = descr->private)) return proc; /* no relay data */
545 if (!data->entry_points[ordinal].orig_func) return proc; /* not a relayed function */
546 if (check_from_module( debug_from_relay_includelist, debug_from_relay_excludelist, user ))
547 return proc; /* we want to relay it */
548 return data->entry_points[ordinal].orig_func;
552 /***********************************************************************
555 * Setup relay debugging for a built-in dll.
557 void RELAY_SetupDLL( HMODULE module )
559 IMAGE_EXPORT_DIRECTORY *exports;
562 DWORD size, entry_point_rva;
563 struct relay_descr *descr;
564 struct relay_private_data *data;
567 if (!init_done) init_debug_lists();
569 exports = RtlImageDirectoryEntryToData( module, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
570 if (!exports) return;
572 descr = (struct relay_descr *)((char *)exports + size);
573 if (descr->magic != RELAY_DESCR_MAGIC) return;
575 if (!(data = RtlAllocateHeap( GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*data) +
576 (exports->NumberOfFunctions-1) * sizeof(data->entry_points) )))
579 descr->relay_call = relay_call;
580 descr->relay_call_regs = relay_call_regs;
581 descr->private = data;
583 data->module = module;
584 data->base = exports->Base;
585 len = strlen( (char *)module + exports->Name );
586 if (len > 4 && !strcasecmp( (char *)module + exports->Name + len - 4, ".dll" )) len -= 4;
587 len = min( len, sizeof(data->dllname) - 1 );
588 memcpy( data->dllname, (char *)module + exports->Name, len );
589 data->dllname[len] = 0;
591 /* fetch name pointer for all entry points and store them in the private structure */
593 ordptr = (const WORD *)((char *)module + exports->AddressOfNameOrdinals);
594 for (i = 0; i < exports->NumberOfNames; i++, ordptr++)
596 DWORD name_rva = ((DWORD*)((char *)module + exports->AddressOfNames))[i];
597 data->entry_points[*ordptr].name = (const char *)module + name_rva;
600 /* patch the functions in the export table to point to the relay thunks */
602 funcs = (DWORD *)((char *)module + exports->AddressOfFunctions);
603 entry_point_rva = descr->entry_point_base - (const char *)module;
604 for (i = 0; i < exports->NumberOfFunctions; i++, funcs++)
606 if (!descr->entry_point_offsets[i]) continue; /* not a normal function */
607 if (!check_relay_include( data->dllname, i + exports->Base, data->entry_points[i].name ))
608 continue; /* don't include this entry point */
610 data->entry_points[i].orig_func = (char *)module + *funcs;
611 *funcs = entry_point_rva + descr->entry_point_offsets[i];
615 #else /* __i386__ || __x86_64__ */
617 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
618 DWORD exp_size, FARPROC proc, DWORD ordinal, const WCHAR *user )
623 void RELAY_SetupDLL( HMODULE module )
627 #endif /* __i386__ || __x86_64__ */
630 /***********************************************************************/
632 /***********************************************************************/
636 WINE_DECLARE_DEBUG_CHANNEL(seh);
637 WINE_DECLARE_DEBUG_CHANNEL(snoop);
639 #include "pshpack1.h"
644 BYTE lcall; /* 0xe8 call snoopentry (relative) */
645 /* NOTE: If you move snoopentry OR nrofargs fix the relative offset
648 DWORD snoopentry; /* SNOOP_Entry relative */
655 typedef struct tagSNOOP_DLL {
660 struct tagSNOOP_DLL *next;
667 BYTE lcall; /* 0xe8 call snoopret relative*/
668 /* NOTE: If you move snoopret OR origreturn fix the relative offset
671 DWORD snoopret; /* SNOOP_Ret relative */
677 DWORD *args; /* saved args across a stdcall */
680 typedef struct tagSNOOP_RETURNENTRIES {
681 SNOOP_RETURNENTRY entry[4092/sizeof(SNOOP_RETURNENTRY)];
682 struct tagSNOOP_RETURNENTRIES *next;
683 } SNOOP_RETURNENTRIES;
687 extern void WINAPI SNOOP_Entry(void);
688 extern void WINAPI SNOOP_Return(void);
690 static SNOOP_DLL *firstdll;
691 static SNOOP_RETURNENTRIES *firstrets;
694 /***********************************************************************
695 * SNOOP_ShowDebugmsgSnoop
697 * Simple function to decide if a particular debugging message is
700 static BOOL SNOOP_ShowDebugmsgSnoop(const char *module, int ordinal, const char *func)
702 if (debug_snoop_excludelist && check_list( module, ordinal, func, debug_snoop_excludelist ))
704 if (debug_snoop_includelist && !check_list( module, ordinal, func, debug_snoop_includelist ))
710 /***********************************************************************
713 * Setup snoop debugging for a native dll.
715 void SNOOP_SetupDLL(HMODULE hmod)
717 SNOOP_DLL **dll = &firstdll;
722 IMAGE_EXPORT_DIRECTORY *exports;
724 if (!init_done) init_debug_lists();
726 exports = RtlImageDirectoryEntryToData( hmod, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size32 );
727 if (!exports || !exports->NumberOfFunctions) return;
728 name = (char *)hmod + exports->Name;
731 TRACE_(snoop)("hmod=%p, name=%s\n", hmod, name);
734 if ((*dll)->hmod == hmod)
736 /* another dll, loaded at the same address */
738 size = (*dll)->nrofordinals * sizeof(SNOOP_FUN);
739 NtFreeVirtualMemory(NtCurrentProcess(), &addr, &size, MEM_RELEASE);
742 dll = &((*dll)->next);
745 *dll = RtlReAllocateHeap(GetProcessHeap(),
746 HEAP_ZERO_MEMORY, *dll,
747 sizeof(SNOOP_DLL) + strlen(name));
749 *dll = RtlAllocateHeap(GetProcessHeap(),
751 sizeof(SNOOP_DLL) + strlen(name));
753 (*dll)->ordbase = exports->Base;
754 (*dll)->nrofordinals = exports->NumberOfFunctions;
755 strcpy( (*dll)->name, name );
756 p = (*dll)->name + strlen((*dll)->name) - 4;
757 if (p > (*dll)->name && !strcasecmp( p, ".dll" )) *p = 0;
759 size = exports->NumberOfFunctions * sizeof(SNOOP_FUN);
761 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
762 MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
764 RtlFreeHeap(GetProcessHeap(),0,*dll);
765 FIXME("out of memory\n");
769 memset((*dll)->funs,0,size);
773 /***********************************************************************
774 * SNOOP_GetProcAddress
776 * Return the proc address to use for a given function.
778 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports,
779 DWORD exp_size, FARPROC origfun, DWORD ordinal,
784 const WORD *ordinals;
786 SNOOP_DLL *dll = firstdll;
788 const IMAGE_SECTION_HEADER *sec;
790 if (!TRACE_ON(snoop)) return origfun;
791 if (!check_from_module( debug_from_snoop_includelist, debug_from_snoop_excludelist, user ))
792 return origfun; /* the calling module was explicitly excluded */
794 if (!*(LPBYTE)origfun) /* 0x00 is an impossible opcode, possible dataref. */
797 sec = RtlImageRvaToSection( RtlImageNtHeader(hmod), hmod, (char *)origfun - (char *)hmod );
799 if (!sec || !(sec->Characteristics & IMAGE_SCN_CNT_CODE))
800 return origfun; /* most likely a data reference */
803 if (hmod == dll->hmod)
807 if (!dll) /* probably internal */
810 /* try to find a name for it */
812 names = (const DWORD *)((const char *)hmod + exports->AddressOfNames);
813 ordinals = (const WORD *)((const char *)hmod + exports->AddressOfNameOrdinals);
814 if (names) for (i = 0; i < exports->NumberOfNames; i++)
816 if (ordinals[i] == ordinal)
818 ename = (const char *)hmod + names[i];
822 if (!SNOOP_ShowDebugmsgSnoop(dll->name,ordinal,ename))
824 assert(ordinal < dll->nrofordinals);
825 fun = dll->funs + ordinal;
830 /* NOTE: origreturn struct member MUST come directly after snoopentry */
831 fun->snoopentry = (char*)SNOOP_Entry-((char*)(&fun->nrofargs));
832 fun->origfun = origfun;
835 return (FARPROC)&(fun->lcall);
838 static void SNOOP_PrintArg(DWORD x)
843 if (IS_INTARG(x) || TRACE_ON(seh)) return; /* trivial reject to avoid faults */
850 if (s[i]<0x20) {nostring=1;break;}
851 if (s[i]>=0x80) {nostring=1;break;}
854 if (!nostring && i > 5)
855 DPRINTF(" %s",debugstr_an((LPSTR)x,i));
856 else /* try unicode */
862 if (s[i]<0x20) {nostring=1;break;}
863 if (s[i]>0x100) {nostring=1;break;}
866 if (!nostring && i > 5) DPRINTF(" %s",debugstr_wn((LPWSTR)x,i));
875 #define CALLER1REF (*(DWORD*)context->Esp)
877 void WINAPI __regs_SNOOP_Entry( CONTEXT *context )
879 DWORD ordinal=0,entry = context->Eip - 5;
880 SNOOP_DLL *dll = firstdll;
881 SNOOP_FUN *fun = NULL;
882 SNOOP_RETURNENTRIES **rets = &firstrets;
883 SNOOP_RETURNENTRY *ret;
887 if ( ((char*)entry>=(char*)dll->funs) &&
888 ((char*)entry<=(char*)(dll->funs+dll->nrofordinals))
890 fun = (SNOOP_FUN*)entry;
891 ordinal = fun-dll->funs;
897 FIXME("entrypoint 0x%08x not found\n",entry);
900 /* guess cdecl ... */
901 if (fun->nrofargs<0) {
902 /* Typical cdecl return frame is:
904 * which has (for xxxxxxxx up to 255 the opcode "83 C4 xx".
905 * (after that 81 C2 xx xx xx xx)
907 LPBYTE reteip = (LPBYTE)CALLER1REF;
910 if ((reteip[0]==0x83)&&(reteip[1]==0xc4))
911 fun->nrofargs=reteip[2]/4;
917 for (i=0;i<sizeof((*rets)->entry)/sizeof((*rets)->entry[0]);i++)
918 if (!(*rets)->entry[i].origreturn)
920 if (i!=sizeof((*rets)->entry)/sizeof((*rets)->entry[0]))
922 rets = &((*rets)->next);
928 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
929 MEM_COMMIT | MEM_RESERVE,
930 PAGE_EXECUTE_READWRITE);
933 memset(*rets,0,4096);
934 i = 0; /* entry 0 is free */
936 ret = &((*rets)->entry[i]);
938 /* NOTE: origreturn struct member MUST come directly after snoopret */
939 ret->snoopret = ((char*)SNOOP_Return)-(char*)(&ret->origreturn);
940 ret->origreturn = (FARPROC)CALLER1REF;
941 CALLER1REF = (DWORD)&ret->lcall;
944 ret->ordinal = ordinal;
945 ret->origESP = context->Esp;
947 context->Eip = (DWORD)fun->origfun;
949 if (TRACE_ON(timestamp))
951 if (fun->name) DPRINTF("%04x:CALL %s.%s(",GetCurrentThreadId(),dll->name,fun->name);
952 else DPRINTF("%04x:CALL %s.%d(",GetCurrentThreadId(),dll->name,dll->ordbase+ordinal);
953 if (fun->nrofargs>0) {
954 max = fun->nrofargs; if (max>16) max=16;
957 SNOOP_PrintArg(*(DWORD*)(context->Esp + 4 + sizeof(DWORD)*i));
958 if (i<fun->nrofargs-1) DPRINTF(",");
960 if (max!=fun->nrofargs)
962 } else if (fun->nrofargs<0) {
963 DPRINTF("<unknown, check return>");
964 ret->args = RtlAllocateHeap(GetProcessHeap(),
966 memcpy(ret->args,(LPBYTE)(context->Esp + 4),sizeof(DWORD)*16);
968 DPRINTF(") ret=%08x\n",(DWORD)ret->origreturn);
972 void WINAPI __regs_SNOOP_Return( CONTEXT *context )
974 SNOOP_RETURNENTRY *ret = (SNOOP_RETURNENTRY*)(context->Eip - 5);
975 SNOOP_FUN *fun = &ret->dll->funs[ret->ordinal];
977 /* We haven't found out the nrofargs yet. If we called a cdecl
978 * function it is too late anyway and we can just set '0' (which
979 * will be the difference between orig and current ESP
980 * If stdcall -> everything ok.
982 if (ret->dll->funs[ret->ordinal].nrofargs<0)
983 ret->dll->funs[ret->ordinal].nrofargs=(context->Esp - ret->origESP-4)/4;
984 context->Eip = (DWORD)ret->origreturn;
985 if (TRACE_ON(timestamp))
991 DPRINTF("%04x:RET %s.%s(", GetCurrentThreadId(), ret->dll->name, fun->name);
993 DPRINTF("%04x:RET %s.%d(", GetCurrentThreadId(),
994 ret->dll->name,ret->dll->ordbase+ret->ordinal);
1001 SNOOP_PrintArg(ret->args[i]);
1002 if (i<max-1) DPRINTF(",");
1004 DPRINTF(") retval=%08x ret=%08x\n",
1005 context->Eax,(DWORD)ret->origreturn );
1006 RtlFreeHeap(GetProcessHeap(),0,ret->args);
1012 DPRINTF("%04x:RET %s.%s() retval=%08x ret=%08x\n",
1013 GetCurrentThreadId(),
1014 ret->dll->name, fun->name, context->Eax, (DWORD)ret->origreturn);
1016 DPRINTF("%04x:RET %s.%d() retval=%08x ret=%08x\n",
1017 GetCurrentThreadId(),
1018 ret->dll->name,ret->dll->ordbase+ret->ordinal,
1019 context->Eax, (DWORD)ret->origreturn);
1021 ret->origreturn = NULL; /* mark as empty */
1024 /* assembly wrappers that save the context */
1025 DEFINE_REGS_ENTRYPOINT( SNOOP_Entry, 0 )
1026 DEFINE_REGS_ENTRYPOINT( SNOOP_Return, 0 )
1028 #else /* __i386__ */
1030 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports, DWORD exp_size,
1031 FARPROC origfun, DWORD ordinal, const WCHAR *user )
1036 void SNOOP_SetupDLL( HMODULE hmod )
1038 FIXME("snooping works only on i386 for now.\n");
1041 #endif /* __i386__ */
projects / wine / blob