2 * Win32 relay and snoop functions
4 * Copyright 1997 Alexandre Julliard
5 * Copyright 1998 Marcus Meissner
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 #include "wine/port.h"
35 #include "wine/exception.h"
36 #include "ntdll_misc.h"
37 #include "wine/unicode.h"
38 #include "wine/debug.h"
40 WINE_DEFAULT_DEBUG_CHANNEL(relay);
41 WINE_DECLARE_DEBUG_CHANNEL(snoop);
42 WINE_DECLARE_DEBUG_CHANNEL(seh);
44 static const WCHAR **debug_relay_excludelist;
45 static const WCHAR **debug_relay_includelist;
46 static const WCHAR **debug_snoop_excludelist;
47 static const WCHAR **debug_snoop_includelist;
48 static const WCHAR **debug_from_relay_excludelist;
49 static const WCHAR **debug_from_relay_includelist;
51 /* compare an ASCII and a Unicode string without depending on the current codepage */
52 inline static int strcmpAW( const char *strA, const WCHAR *strW )
54 while (*strA && ((unsigned char)*strA == *strW)) { strA++; strW++; }
55 return (unsigned char)*strA - *strW;
58 /* compare an ASCII and a Unicode string without depending on the current codepage */
59 inline static int strncmpiAW( const char *strA, const WCHAR *strW, int n )
62 for ( ; n > 0; n--, strA++, strW++)
63 if ((ret = toupperW((unsigned char)*strA) - toupperW(*strW)) || !*strA) break;
67 /***********************************************************************
70 * Build a function list from a ';'-separated string.
72 static const WCHAR **build_list( const WCHAR *buffer )
75 const WCHAR *p = buffer;
78 while ((p = strchrW( p, ';' )))
83 /* allocate count+1 pointers, plus the space for a copy of the string */
84 if ((ret = RtlAllocateHeap( GetProcessHeap(), 0,
85 (count+1) * sizeof(WCHAR*) + (strlenW(buffer)+1) * sizeof(WCHAR) )))
87 WCHAR *str = (WCHAR *)(ret + count + 1);
90 strcpyW( str, buffer );
95 if (!(p = strchrW( p, ';' ))) break;
104 /***********************************************************************
105 * RELAY_InitDebugLists
107 * Build the relay include/exclude function lists.
109 void RELAY_InitDebugLists(void)
111 OBJECT_ATTRIBUTES attr;
117 static const WCHAR configW[] = {'M','a','c','h','i','n','e','\\',
118 'S','o','f','t','w','a','r','e','\\',
119 'W','i','n','e','\\',
120 'W','i','n','e','\\',
121 'C','o','n','f','i','g','\\',
122 'D','e','b','u','g',0};
123 static const WCHAR RelayIncludeW[] = {'R','e','l','a','y','I','n','c','l','u','d','e',0};
124 static const WCHAR RelayExcludeW[] = {'R','e','l','a','y','E','x','c','l','u','d','e',0};
125 static const WCHAR SnoopIncludeW[] = {'S','n','o','o','p','I','n','c','l','u','d','e',0};
126 static const WCHAR SnoopExcludeW[] = {'S','n','o','o','p','E','x','c','l','u','d','e',0};
127 static const WCHAR RelayFromIncludeW[] = {'R','e','l','a','y','F','r','o','m','I','n','c','l','u','d','e',0};
128 static const WCHAR RelayFromExcludeW[] = {'R','e','l','a','y','F','r','o','m','E','x','c','l','u','d','e',0};
130 attr.Length = sizeof(attr);
131 attr.RootDirectory = 0;
132 attr.ObjectName = &name;
134 attr.SecurityDescriptor = NULL;
135 attr.SecurityQualityOfService = NULL;
136 RtlInitUnicodeString( &name, configW );
138 if (NtOpenKey( &hkey, KEY_ALL_ACCESS, &attr )) return;
140 str = (WCHAR *)((KEY_VALUE_PARTIAL_INFORMATION *)buffer)->Data;
141 RtlInitUnicodeString( &name, RelayIncludeW );
142 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
144 TRACE("RelayInclude = %s\n", debugstr_w(str) );
145 debug_relay_includelist = build_list( str );
148 RtlInitUnicodeString( &name, RelayExcludeW );
149 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
151 TRACE( "RelayExclude = %s\n", debugstr_w(str) );
152 debug_relay_excludelist = build_list( str );
155 RtlInitUnicodeString( &name, SnoopIncludeW );
156 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
158 TRACE_(snoop)( "SnoopInclude = %s\n", debugstr_w(str) );
159 debug_snoop_includelist = build_list( str );
162 RtlInitUnicodeString( &name, SnoopExcludeW );
163 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
165 TRACE_(snoop)( "SnoopExclude = %s\n", debugstr_w(str) );
166 debug_snoop_excludelist = build_list( str );
169 RtlInitUnicodeString( &name, RelayFromIncludeW );
170 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
172 TRACE("RelayFromInclude = %s\n", debugstr_w(str) );
173 debug_from_relay_includelist = build_list( str );
176 RtlInitUnicodeString( &name, RelayFromExcludeW );
177 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
179 TRACE( "RelayFromExclude = %s\n", debugstr_w(str) );
180 debug_from_relay_excludelist = build_list( str );
189 #include "pshpack1.h"
193 BYTE call; /* 0xe8 call callfrom32 (relative) */
194 DWORD callfrom32; /* RELAY_CallFrom32 relative addr */
195 BYTE ret; /* 0xc2 ret $n or 0xc3 ret */
196 WORD args; /* nb of args to remove from the stack */
197 void *orig; /* original entry point */
198 DWORD argtypes; /* argument types */
204 BYTE lcall; /* 0xe8 call snoopentry (relative) */
205 /* NOTE: If you move snoopentry OR nrofargs fix the relative offset
208 DWORD snoopentry; /* SNOOP_Entry relative */
215 typedef struct tagSNOOP_DLL {
220 struct tagSNOOP_DLL *next;
227 BYTE lcall; /* 0xe8 call snoopret relative*/
228 /* NOTE: If you move snoopret OR origreturn fix the relative offset
231 DWORD snoopret; /* SNOOP_Ret relative */
237 DWORD *args; /* saved args across a stdcall */
240 typedef struct tagSNOOP_RETURNENTRIES {
241 SNOOP_RETURNENTRY entry[4092/sizeof(SNOOP_RETURNENTRY)];
242 struct tagSNOOP_RETURNENTRIES *next;
243 } SNOOP_RETURNENTRIES;
247 extern void WINAPI SNOOP_Entry();
248 extern void WINAPI SNOOP_Return();
250 static SNOOP_DLL *firstdll;
251 static SNOOP_RETURNENTRIES *firstrets;
253 static WINE_EXCEPTION_FILTER(page_fault)
255 if (GetExceptionCode() == EXCEPTION_ACCESS_VIOLATION ||
256 GetExceptionCode() == EXCEPTION_PRIV_INSTRUCTION)
257 return EXCEPTION_EXECUTE_HANDLER;
258 return EXCEPTION_CONTINUE_SEARCH;
261 /***********************************************************************
262 * check_relay_include
264 * Check if a given function must be included in the relay output.
266 static BOOL check_relay_include( const char *module, const char *func )
268 const WCHAR **listitem;
271 if (!debug_relay_excludelist && !debug_relay_includelist) return TRUE;
272 if (debug_relay_excludelist)
275 listitem = debug_relay_excludelist;
280 listitem = debug_relay_includelist;
282 for(; *listitem; listitem++)
284 WCHAR *p = strrchrW( *listitem, '.' );
285 if (p && p > *listitem) /* check module and function */
287 int len = p - *listitem;
288 if (strncmpiAW( module, *listitem, len-1 ) || module[len]) continue;
289 if (p[1] == '*' && !p[2]) return !show;
290 if (!strcmpAW( func, p + 1 )) return !show;
292 else /* function only */
294 if (!strcmpAW( func, *listitem )) return !show;
301 /***********************************************************************
302 * check_relay_from_module
304 * Check if calls from a given module must be included in the relay output.
306 static BOOL check_relay_from_module( const WCHAR *module )
308 static const WCHAR dllW[] = {'.','d','l','l',0 };
309 const WCHAR **listitem;
312 if (!debug_from_relay_excludelist && !debug_from_relay_includelist) return TRUE;
313 if (debug_from_relay_excludelist)
316 listitem = debug_from_relay_excludelist;
321 listitem = debug_from_relay_includelist;
323 for(; *listitem; listitem++)
327 if (!strcmpiW( *listitem, module )) return !show;
328 len = strlenW( *listitem );
329 if (!strncmpiW( *listitem, module, len ) && !strcmpiW( module + len, dllW ))
336 /***********************************************************************
339 * Find the name of an exported function.
341 static const char *find_exported_name( HMODULE module,
342 IMAGE_EXPORT_DIRECTORY *exp, int ordinal )
345 const char *ret = NULL;
347 WORD *ordptr = (WORD *)((char *)module + exp->AddressOfNameOrdinals);
348 for (i = 0; i < exp->NumberOfNames; i++, ordptr++)
349 if (*ordptr + exp->Base == ordinal) break;
350 if (i < exp->NumberOfNames)
351 ret = (char *)module + ((DWORD*)((char *)module + exp->AddressOfNames))[i];
356 /***********************************************************************
359 * Get the name of the DLL entry point corresponding to a relay address.
361 static void get_entry_point( char *buffer, DEBUG_ENTRY_POINT *relay )
363 IMAGE_EXPORT_DIRECTORY *exp = NULL;
364 DEBUG_ENTRY_POINT *debug;
368 PLIST_ENTRY mark, entry;
369 PLDR_MODULE mod = NULL;
372 /* First find the module */
374 mark = &NtCurrentTeb()->Peb->LdrData->InLoadOrderModuleList;
375 for (entry = mark->Flink; entry != mark; entry = entry->Flink)
377 mod = CONTAINING_RECORD(entry, LDR_MODULE, InLoadOrderModuleList);
378 if (!(mod->Flags & LDR_WINE_INTERNAL)) continue;
379 exp = RtlImageDirectoryEntryToData( mod->BaseAddress, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
381 debug = (DEBUG_ENTRY_POINT *)((char *)exp + size);
382 if (debug <= relay && relay < debug + exp->NumberOfFunctions)
384 ordinal = relay - debug;
389 /* Now find the function */
391 strcpy( buffer, (char *)mod->BaseAddress + exp->Name );
392 p = buffer + strlen(buffer);
393 if (p > buffer + 4 && !strcasecmp( p - 4, ".dll" )) p -= 4;
395 if ((name = find_exported_name( mod->BaseAddress, exp, ordinal + exp->Base )))
396 sprintf( p, ".%s", name );
398 sprintf( p, ".%ld", ordinal + exp->Base );
402 /***********************************************************************
405 static inline void RELAY_PrintArgs( int *args, int nb_args, unsigned int typemask )
409 if ((typemask & 3) && HIWORD(*args))
412 DPRINTF( "%08x %s", *args, debugstr_w((LPWSTR)*args) );
414 DPRINTF( "%08x %s", *args, debugstr_a((LPCSTR)*args) );
416 else DPRINTF( "%08x", *args );
417 if (nb_args) DPRINTF( "," );
424 typedef LONGLONG (*LONGLONG_CPROC)();
425 typedef LONGLONG (WINAPI *LONGLONG_FARPROC)();
428 /***********************************************************************
429 * call_cdecl_function
431 static LONGLONG call_cdecl_function( LONGLONG_CPROC func, int nb_args, const int *args )
436 case 0: ret = func(); break;
437 case 1: ret = func(args[0]); break;
438 case 2: ret = func(args[0],args[1]); break;
439 case 3: ret = func(args[0],args[1],args[2]); break;
440 case 4: ret = func(args[0],args[1],args[2],args[3]); break;
441 case 5: ret = func(args[0],args[1],args[2],args[3],args[4]); break;
442 case 6: ret = func(args[0],args[1],args[2],args[3],args[4],
444 case 7: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
446 case 8: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
447 args[6],args[7]); break;
448 case 9: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
449 args[6],args[7],args[8]); break;
450 case 10: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
451 args[6],args[7],args[8],args[9]); break;
452 case 11: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
453 args[6],args[7],args[8],args[9],args[10]); break;
454 case 12: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
455 args[6],args[7],args[8],args[9],args[10],
457 case 13: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
458 args[6],args[7],args[8],args[9],args[10],args[11],
460 case 14: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
461 args[6],args[7],args[8],args[9],args[10],args[11],
462 args[12],args[13]); break;
463 case 15: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
464 args[6],args[7],args[8],args[9],args[10],args[11],
465 args[12],args[13],args[14]); break;
466 case 16: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
467 args[6],args[7],args[8],args[9],args[10],args[11],
468 args[12],args[13],args[14],args[15]); break;
470 ERR( "Unsupported nb of args %d\n", nb_args );
479 /***********************************************************************
480 * call_stdcall_function
482 static LONGLONG call_stdcall_function( LONGLONG_FARPROC func, int nb_args, const int *args )
487 case 0: ret = func(); break;
488 case 1: ret = func(args[0]); break;
489 case 2: ret = func(args[0],args[1]); break;
490 case 3: ret = func(args[0],args[1],args[2]); break;
491 case 4: ret = func(args[0],args[1],args[2],args[3]); break;
492 case 5: ret = func(args[0],args[1],args[2],args[3],args[4]); break;
493 case 6: ret = func(args[0],args[1],args[2],args[3],args[4],
495 case 7: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
497 case 8: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
498 args[6],args[7]); break;
499 case 9: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
500 args[6],args[7],args[8]); break;
501 case 10: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
502 args[6],args[7],args[8],args[9]); break;
503 case 11: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
504 args[6],args[7],args[8],args[9],args[10]); break;
505 case 12: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
506 args[6],args[7],args[8],args[9],args[10],
508 case 13: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
509 args[6],args[7],args[8],args[9],args[10],args[11],
511 case 14: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
512 args[6],args[7],args[8],args[9],args[10],args[11],
513 args[12],args[13]); break;
514 case 15: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
515 args[6],args[7],args[8],args[9],args[10],args[11],
516 args[12],args[13],args[14]); break;
517 case 16: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
518 args[6],args[7],args[8],args[9],args[10],args[11],
519 args[12],args[13],args[14],args[15]); break;
521 ERR( "Unsupported nb of args %d\n", nb_args );
530 /***********************************************************************
533 * Stack layout on entry to this function:
538 * (esp) return addr to relay code
540 static LONGLONG RELAY_CallFrom32( int ret_addr, ... )
545 int *args = &ret_addr + 1;
546 /* Relay addr is the return address for this function */
547 BYTE *relay_addr = (BYTE *)__builtin_return_address(0);
548 DEBUG_ENTRY_POINT *relay = (DEBUG_ENTRY_POINT *)(relay_addr - 5);
549 WORD nb_args = relay->args / sizeof(int);
553 get_entry_point( buffer, relay );
555 DPRINTF( "%04lx:Call %s(", GetCurrentThreadId(), buffer );
556 RELAY_PrintArgs( args, nb_args, relay->argtypes );
557 DPRINTF( ") ret=%08x\n", ret_addr );
560 if (relay->ret == 0xc3) /* cdecl */
562 ret = call_cdecl_function( (LONGLONG_CPROC)relay->orig, nb_args, args );
566 ret = call_stdcall_function( (LONGLONG_FARPROC)relay->orig, nb_args, args );
571 BOOL ret64 = (relay->argtypes & 0x80000000) && (nb_args < 16);
573 DPRINTF( "%04lx:Ret %s() retval=%08x%08x ret=%08x\n",
574 GetCurrentThreadId(),
575 buffer, (UINT)(ret >> 32), (UINT)ret, ret_addr );
577 DPRINTF( "%04lx:Ret %s() retval=%08x ret=%08x\n",
578 GetCurrentThreadId(),
579 buffer, (UINT)ret, ret_addr );
585 /***********************************************************************
586 * RELAY_CallFrom32Regs
588 * Stack layout (esp is context->Esp, not the current %esp):
592 * (esp) return addr to caller
593 * (esp-4) return addr to DEBUG_ENTRY_POINT
594 * (esp-8) ptr to relay entry code for RELAY_CallFrom32Regs
595 * ... >128 bytes space free to be modified (ensured by the assembly glue)
597 void WINAPI RELAY_DoCallFrom32Regs( CONTEXT86 *context )
604 BYTE *relay_addr = *((BYTE **)context->Esp - 1);
605 DEBUG_ENTRY_POINT *relay = (DEBUG_ENTRY_POINT *)(relay_addr - 5);
606 WORD nb_args = relay->args / sizeof(int);
608 /* remove extra stuff from the stack */
609 context->Eip = *(DWORD *)context->Esp;
610 context->Esp += sizeof(DWORD);
611 args = (int *)context->Esp;
612 if (relay->ret == 0xc2) /* stdcall */
613 context->Esp += nb_args * sizeof(int);
615 entry_point = (BYTE *)relay->orig;
616 assert( *entry_point == 0xe8 /* lcall */ );
620 get_entry_point( buffer, relay );
622 DPRINTF( "%04lx:Call %s(", GetCurrentThreadId(), buffer );
623 RELAY_PrintArgs( args, nb_args, relay->argtypes );
624 DPRINTF( ") ret=%08lx fs=%04lx\n", context->Eip, context->SegFs );
626 DPRINTF(" eax=%08lx ebx=%08lx ecx=%08lx edx=%08lx esi=%08lx edi=%08lx\n",
627 context->Eax, context->Ebx, context->Ecx,
628 context->Edx, context->Esi, context->Edi );
629 DPRINTF(" ebp=%08lx esp=%08lx ds=%04lx es=%04lx gs=%04lx flags=%08lx\n",
630 context->Ebp, context->Esp, context->SegDs,
631 context->SegEs, context->SegGs, context->EFlags );
634 /* Now call the real function */
636 memcpy( args_copy, args, nb_args * sizeof(args[0]) );
637 args_copy[nb_args] = (int)context; /* append context argument */
638 if (relay->ret == 0xc3) /* cdecl */
640 call_cdecl_function( *(LONGLONG_CPROC *)(entry_point + 5), nb_args+1, args_copy );
644 call_stdcall_function( *(LONGLONG_FARPROC *)(entry_point + 5), nb_args+1, args_copy );
649 DPRINTF( "%04lx:Ret %s() retval=%08lx ret=%08lx fs=%04lx\n",
650 GetCurrentThreadId(),
651 buffer, context->Eax, context->Eip, context->SegFs );
653 DPRINTF(" eax=%08lx ebx=%08lx ecx=%08lx edx=%08lx esi=%08lx edi=%08lx\n",
654 context->Eax, context->Ebx, context->Ecx,
655 context->Edx, context->Esi, context->Edi );
656 DPRINTF(" ebp=%08lx esp=%08lx ds=%04lx es=%04lx gs=%04lx flags=%08lx\n",
657 context->Ebp, context->Esp, context->SegDs,
658 context->SegEs, context->SegGs, context->EFlags );
662 void WINAPI RELAY_CallFrom32Regs(void);
663 __ASM_GLOBAL_FUNC( RELAY_CallFrom32Regs,
664 "call " __ASM_NAME("__wine_call_from_32_regs") "\n\t"
665 ".long " __ASM_NAME("RELAY_DoCallFrom32Regs") ",0" );
668 /* check whether the function at addr starts with a call to __wine_call_from_32_regs */
669 static BOOL is_register_entry_point( const BYTE *addr )
671 extern void __wine_call_from_32_regs();
675 if (*addr != 0xe8) return FALSE; /* not a call */
676 /* check if call target is __wine_call_from_32_regs */
677 offset = (int *)(addr + 1);
678 if (*offset == (char *)__wine_call_from_32_regs - (char *)(offset + 1)) return TRUE;
679 /* now check if call target is an import table jump to __wine_call_from_32_regs */
680 addr = (BYTE *)(offset + 1) + *offset;
681 if (addr[0] != 0xff || addr[1] != 0x25) return FALSE; /* not an indirect jmp */
682 ptr = *(void **)(addr + 2); /* get indirect jmp target address */
683 return (*(char **)ptr == (char *)__wine_call_from_32_regs);
687 /***********************************************************************
688 * RELAY_GetProcAddress
690 * Return the proc address to use for a given function.
692 FARPROC RELAY_GetProcAddress( HMODULE module, IMAGE_EXPORT_DIRECTORY *exports,
693 DWORD exp_size, FARPROC proc, const WCHAR *user )
695 DEBUG_ENTRY_POINT *debug = (DEBUG_ENTRY_POINT *)proc;
696 DEBUG_ENTRY_POINT *list = (DEBUG_ENTRY_POINT *)((char *)exports + exp_size);
698 if (debug < list || debug >= list + exports->NumberOfFunctions) return proc;
699 if (list + (debug - list) != debug) return proc; /* not a valid address */
700 if (check_relay_from_module( user )) return proc; /* we want to relay it */
701 if (!debug->call) return proc; /* not a normal function */
702 if (debug->call != 0xe8 && debug->call != 0xe9) return proc; /* not a debug thunk at all */
707 /***********************************************************************
710 * Setup relay debugging for a built-in dll.
712 void RELAY_SetupDLL( HMODULE module )
714 IMAGE_EXPORT_DIRECTORY *exports;
715 DEBUG_ENTRY_POINT *debug;
719 char *p, dllname[80];
722 exports = RtlImageDirectoryEntryToData( module, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
723 if (!exports) return;
724 debug = (DEBUG_ENTRY_POINT *)((char *)exports + size);
725 funcs = (DWORD *)((char *)module + exports->AddressOfFunctions);
726 strcpy( dllname, (char *)module + exports->Name );
727 p = dllname + strlen(dllname) - 4;
728 if (p > dllname && !strcasecmp( p, ".dll" )) *p = 0;
730 for (i = 0; i < exports->NumberOfFunctions; i++, funcs++, debug++)
734 if (!debug->call) continue; /* not a normal function */
735 if (debug->call != 0xe8 && debug->call != 0xe9) break; /* not a debug thunk at all */
737 if ((name = find_exported_name( module, exports, i + exports->Base )))
738 on = check_relay_include( dllname, name );
742 debug->call = 0xe8; /* call relative */
743 if (is_register_entry_point( debug->orig ))
744 debug->callfrom32 = (char *)RELAY_CallFrom32Regs - (char *)&debug->ret;
746 debug->callfrom32 = (char *)RELAY_CallFrom32 - (char *)&debug->ret;
750 debug->call = 0xe9; /* jmp relative */
751 debug->callfrom32 = (char *)debug->orig - (char *)&debug->ret;
754 debug->orig = (FARPROC)((char *)module + (DWORD)*funcs);
755 *funcs = (char *)debug - (char *)module;
760 /***********************************************************************
761 * SNOOP_ShowDebugmsgSnoop
763 * Simple function to decide if a particular debugging message is
766 static int SNOOP_ShowDebugmsgSnoop(const char *dll, int ord, const char *fname)
768 if(debug_snoop_excludelist || debug_snoop_includelist) {
769 const WCHAR **listitem;
771 int len, len2, itemlen, show;
773 if(debug_snoop_excludelist) {
775 listitem = debug_snoop_excludelist;
778 listitem = debug_snoop_includelist;
782 sprintf(buf, "%s.%d", dll, ord);
784 for(; *listitem; listitem++)
786 itemlen = strlenW(*listitem);
787 if((itemlen == len && !strncmpiAW( buf, *listitem, len)) ||
788 (itemlen == len2 && !strncmpiAW(buf, *listitem, len2)) ||
789 (fname && !strcmpAW(fname, *listitem)))
798 /***********************************************************************
801 * Setup snoop debugging for a native dll.
803 void SNOOP_SetupDLL(HMODULE hmod)
805 SNOOP_DLL **dll = &firstdll;
809 IMAGE_EXPORT_DIRECTORY *exports;
811 exports = RtlImageDirectoryEntryToData( hmod, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
812 if (!exports) return;
813 name = (char *)hmod + exports->Name;
815 TRACE("hmod=%p, name=%s\n", hmod, name);
818 if ((*dll)->hmod == hmod)
820 /* another dll, loaded at the same address */
822 size = (*dll)->nrofordinals * sizeof(SNOOP_FUN);
823 NtFreeVirtualMemory(GetCurrentProcess(), &addr, &size, MEM_RELEASE);
826 dll = &((*dll)->next);
828 *dll = RtlReAllocateHeap(ntdll_get_process_heap(),
829 HEAP_ZERO_MEMORY, *dll,
830 sizeof(SNOOP_DLL) + strlen(name));
832 (*dll)->ordbase = exports->Base;
833 (*dll)->nrofordinals = exports->NumberOfFunctions;
834 strcpy( (*dll)->name, name );
835 p = (*dll)->name + strlen((*dll)->name) - 4;
836 if (p > (*dll)->name && !strcasecmp( p, ".dll" )) *p = 0;
838 size = exports->NumberOfFunctions * sizeof(SNOOP_FUN);
839 NtAllocateVirtualMemory(GetCurrentProcess(), &addr, NULL, &size,
840 MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
842 RtlFreeHeap(ntdll_get_process_heap(),0,*dll);
843 FIXME("out of memory\n");
847 memset((*dll)->funs,0,size);
851 /***********************************************************************
852 * SNOOP_GetProcAddress
854 * Return the proc address to use for a given function.
856 FARPROC SNOOP_GetProcAddress( HMODULE hmod, IMAGE_EXPORT_DIRECTORY *exports,
857 DWORD exp_size, FARPROC origfun, DWORD ordinal )
863 SNOOP_DLL *dll = firstdll;
865 IMAGE_SECTION_HEADER *sec;
867 if (!TRACE_ON(snoop)) return origfun;
868 if (!*(LPBYTE)origfun) /* 0x00 is an imposs. opcode, poss. dataref. */
871 sec = RtlImageRvaToSection( RtlImageNtHeader(hmod), hmod, (char *)origfun - (char *)hmod );
873 if (!sec || !(sec->Characteristics & IMAGE_SCN_CNT_CODE))
874 return origfun; /* most likely a data reference */
877 if (hmod == dll->hmod)
881 if (!dll) /* probably internal */
884 /* try to find a name for it */
886 names = (DWORD *)((char *)hmod + exports->AddressOfNames);
887 ordinals = (WORD *)((char *)hmod + exports->AddressOfNameOrdinals);
888 if (names) for (i = 0; i < exports->NumberOfNames; i++)
890 if (ordinals[i] == ordinal)
892 ename = (char *)hmod + names[i];
896 if (!SNOOP_ShowDebugmsgSnoop(dll->name,ordinal,ename))
898 assert(ordinal < dll->nrofordinals);
899 fun = dll->funs+ordinal;
904 /* NOTE: origreturn struct member MUST come directly after snoopentry */
905 fun->snoopentry = (char*)SNOOP_Entry-((char*)(&fun->nrofargs));
906 fun->origfun = origfun;
909 return (FARPROC)&(fun->lcall);
912 static void SNOOP_PrintArg(DWORD x)
917 if (!HIWORD(x) || TRACE_ON(seh)) return; /* trivial reject to avoid faults */
924 if (s[i]<0x20) {nostring=1;break;}
925 if (s[i]>=0x80) {nostring=1;break;}
928 if (!nostring && i > 5)
929 DPRINTF(" %s",debugstr_an((LPSTR)x,i));
930 else /* try unicode */
936 if (s[i]<0x20) {nostring=1;break;}
937 if (s[i]>0x100) {nostring=1;break;}
940 if (!nostring && i > 5) DPRINTF(" %s",debugstr_wn((LPWSTR)x,i));
949 #define CALLER1REF (*(DWORD*)context->Esp)
951 void WINAPI SNOOP_DoEntry( CONTEXT86 *context )
953 DWORD ordinal=0,entry = context->Eip - 5;
954 SNOOP_DLL *dll = firstdll;
955 SNOOP_FUN *fun = NULL;
956 SNOOP_RETURNENTRIES **rets = &firstrets;
957 SNOOP_RETURNENTRY *ret;
961 if ( ((char*)entry>=(char*)dll->funs) &&
962 ((char*)entry<=(char*)(dll->funs+dll->nrofordinals))
964 fun = (SNOOP_FUN*)entry;
965 ordinal = fun-dll->funs;
971 FIXME("entrypoint 0x%08lx not found\n",entry);
974 /* guess cdecl ... */
975 if (fun->nrofargs<0) {
976 /* Typical cdecl return frame is:
978 * which has (for xxxxxxxx up to 255 the opcode "83 C4 xx".
979 * (after that 81 C2 xx xx xx xx)
981 LPBYTE reteip = (LPBYTE)CALLER1REF;
984 if ((reteip[0]==0x83)&&(reteip[1]==0xc4))
985 fun->nrofargs=reteip[2]/4;
991 for (i=0;i<sizeof((*rets)->entry)/sizeof((*rets)->entry[0]);i++)
992 if (!(*rets)->entry[i].origreturn)
994 if (i!=sizeof((*rets)->entry)/sizeof((*rets)->entry[0]))
996 rets = &((*rets)->next);
1002 NtAllocateVirtualMemory(GetCurrentProcess(), &addr, NULL, &size,
1003 MEM_COMMIT | MEM_RESERVE,
1004 PAGE_EXECUTE_READWRITE);
1007 memset(*rets,0,4096);
1008 i = 0; /* entry 0 is free */
1010 ret = &((*rets)->entry[i]);
1012 /* NOTE: origreturn struct member MUST come directly after snoopret */
1013 ret->snoopret = ((char*)SNOOP_Return)-(char*)(&ret->origreturn);
1014 ret->origreturn = (FARPROC)CALLER1REF;
1015 CALLER1REF = (DWORD)&ret->lcall;
1018 ret->ordinal = ordinal;
1019 ret->origESP = context->Esp;
1021 context->Eip = (DWORD)fun->origfun;
1023 if (fun->name) DPRINTF("%04lx:CALL %s.%s(",GetCurrentThreadId(),dll->name,fun->name);
1024 else DPRINTF("%04lx:CALL %s.%ld(",GetCurrentThreadId(),dll->name,dll->ordbase+ordinal);
1025 if (fun->nrofargs>0) {
1026 max = fun->nrofargs; if (max>16) max=16;
1029 SNOOP_PrintArg(*(DWORD*)(context->Esp + 4 + sizeof(DWORD)*i));
1030 if (i<fun->nrofargs-1) DPRINTF(",");
1032 if (max!=fun->nrofargs)
1034 } else if (fun->nrofargs<0) {
1035 DPRINTF("<unknown, check return>");
1036 ret->args = RtlAllocateHeap(ntdll_get_process_heap(),
1037 0,16*sizeof(DWORD));
1038 memcpy(ret->args,(LPBYTE)(context->Esp + 4),sizeof(DWORD)*16);
1040 DPRINTF(") ret=%08lx\n",(DWORD)ret->origreturn);
1044 void WINAPI SNOOP_DoReturn( CONTEXT86 *context )
1046 SNOOP_RETURNENTRY *ret = (SNOOP_RETURNENTRY*)(context->Eip - 5);
1047 SNOOP_FUN *fun = &ret->dll->funs[ret->ordinal];
1049 /* We haven't found out the nrofargs yet. If we called a cdecl
1050 * function it is too late anyway and we can just set '0' (which
1051 * will be the difference between orig and current ESP
1052 * If stdcall -> everything ok.
1054 if (ret->dll->funs[ret->ordinal].nrofargs<0)
1055 ret->dll->funs[ret->ordinal].nrofargs=(context->Esp - ret->origESP-4)/4;
1056 context->Eip = (DWORD)ret->origreturn;
1061 DPRINTF("%04lx:RET %s.%s(", GetCurrentThreadId(), ret->dll->name, fun->name);
1063 DPRINTF("%04lx:RET %s.%ld(", GetCurrentThreadId(),
1064 ret->dll->name,ret->dll->ordbase+ret->ordinal);
1066 max = fun->nrofargs;
1071 SNOOP_PrintArg(ret->args[i]);
1072 if (i<max-1) DPRINTF(",");
1074 DPRINTF(") retval=%08lx ret=%08lx\n",
1075 context->Eax,(DWORD)ret->origreturn );
1076 RtlFreeHeap(ntdll_get_process_heap(),0,ret->args);
1082 DPRINTF("%04lx:RET %s.%s() retval=%08lx ret=%08lx\n",
1083 GetCurrentThreadId(),
1084 ret->dll->name, fun->name, context->Eax, (DWORD)ret->origreturn);
1086 DPRINTF("%04lx:RET %s.%ld() retval=%08lx ret=%08lx\n",
1087 GetCurrentThreadId(),
1088 ret->dll->name,ret->dll->ordbase+ret->ordinal,
1089 context->Eax, (DWORD)ret->origreturn);
1091 ret->origreturn = NULL; /* mark as empty */
1094 /* assembly wrappers that save the context */
1095 __ASM_GLOBAL_FUNC( SNOOP_Entry,
1096 "call " __ASM_NAME("__wine_call_from_32_regs") "\n\t"
1097 ".long " __ASM_NAME("SNOOP_DoEntry") ",0" );
1098 __ASM_GLOBAL_FUNC( SNOOP_Return,
1099 "call " __ASM_NAME("__wine_call_from_32_regs") "\n\t"
1100 ".long " __ASM_NAME("SNOOP_DoReturn") ",0" );
1102 #else /* __i386__ */
1104 FARPROC RELAY_GetProcAddress( HMODULE module, IMAGE_EXPORT_DIRECTORY *exports,
1105 DWORD exp_size, FARPROC proc, const WCHAR *user )
1110 FARPROC SNOOP_GetProcAddress( HMODULE hmod, IMAGE_EXPORT_DIRECTORY *exports,
1111 DWORD exp_size, FARPROC origfun, DWORD ordinal )
1116 void RELAY_SetupDLL( HMODULE module )
1120 void SNOOP_SetupDLL( HMODULE hmod )
1122 FIXME("snooping works only on i386 for now.\n");
1125 #endif /* __i386__ */
projects / wine / blob