2 * Win32 relay and snoop functions
4 * Copyright 1997 Alexandre Julliard
5 * Copyright 1998 Marcus Meissner
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 #include "wine/port.h"
34 #include "wine/exception.h"
35 #include "ntdll_misc.h"
36 #include "wine/unicode.h"
37 #include "wine/debug.h"
39 WINE_DEFAULT_DEBUG_CHANNEL(relay);
40 WINE_DECLARE_DEBUG_CHANNEL(snoop);
41 WINE_DECLARE_DEBUG_CHANNEL(seh);
43 static const WCHAR **debug_relay_excludelist;
44 static const WCHAR **debug_relay_includelist;
45 static const WCHAR **debug_snoop_excludelist;
46 static const WCHAR **debug_snoop_includelist;
47 static const WCHAR **debug_from_relay_excludelist;
48 static const WCHAR **debug_from_relay_includelist;
49 static const WCHAR **debug_from_snoop_excludelist;
50 static const WCHAR **debug_from_snoop_includelist;
52 /* compare an ASCII and a Unicode string without depending on the current codepage */
53 inline static int strcmpAW( const char *strA, const WCHAR *strW )
55 while (*strA && ((unsigned char)*strA == *strW)) { strA++; strW++; }
56 return (unsigned char)*strA - *strW;
59 /* compare an ASCII and a Unicode string without depending on the current codepage */
60 inline static int strncmpiAW( const char *strA, const WCHAR *strW, int n )
63 for ( ; n > 0; n--, strA++, strW++)
64 if ((ret = toupperW((unsigned char)*strA) - toupperW(*strW)) || !*strA) break;
68 /***********************************************************************
71 * Build a function list from a ';'-separated string.
73 static const WCHAR **build_list( const WCHAR *buffer )
76 const WCHAR *p = buffer;
79 while ((p = strchrW( p, ';' )))
84 /* allocate count+1 pointers, plus the space for a copy of the string */
85 if ((ret = RtlAllocateHeap( GetProcessHeap(), 0,
86 (count+1) * sizeof(WCHAR*) + (strlenW(buffer)+1) * sizeof(WCHAR) )))
88 WCHAR *str = (WCHAR *)(ret + count + 1);
91 strcpyW( str, buffer );
96 if (!(p = strchrW( p, ';' ))) break;
105 /***********************************************************************
106 * RELAY_InitDebugLists
108 * Build the relay include/exclude function lists.
110 void RELAY_InitDebugLists(void)
112 OBJECT_ATTRIBUTES attr;
118 static const WCHAR configW[] = {'S','o','f','t','w','a','r','e','\\',
119 'W','i','n','e','\\',
120 'D','e','b','u','g',0};
121 static const WCHAR RelayIncludeW[] = {'R','e','l','a','y','I','n','c','l','u','d','e',0};
122 static const WCHAR RelayExcludeW[] = {'R','e','l','a','y','E','x','c','l','u','d','e',0};
123 static const WCHAR SnoopIncludeW[] = {'S','n','o','o','p','I','n','c','l','u','d','e',0};
124 static const WCHAR SnoopExcludeW[] = {'S','n','o','o','p','E','x','c','l','u','d','e',0};
125 static const WCHAR RelayFromIncludeW[] = {'R','e','l','a','y','F','r','o','m','I','n','c','l','u','d','e',0};
126 static const WCHAR RelayFromExcludeW[] = {'R','e','l','a','y','F','r','o','m','E','x','c','l','u','d','e',0};
127 static const WCHAR SnoopFromIncludeW[] = {'S','n','o','o','p','F','r','o','m','I','n','c','l','u','d','e',0};
128 static const WCHAR SnoopFromExcludeW[] = {'S','n','o','o','p','F','r','o','m','E','x','c','l','u','d','e',0};
130 RtlOpenCurrentUser( KEY_ALL_ACCESS, &root );
131 attr.Length = sizeof(attr);
132 attr.RootDirectory = root;
133 attr.ObjectName = &name;
135 attr.SecurityDescriptor = NULL;
136 attr.SecurityQualityOfService = NULL;
137 RtlInitUnicodeString( &name, configW );
139 /* @@ Wine registry key: HKCU\Software\Wine\Debug */
140 if (NtOpenKey( &hkey, KEY_ALL_ACCESS, &attr )) hkey = 0;
144 str = (WCHAR *)((KEY_VALUE_PARTIAL_INFORMATION *)buffer)->Data;
145 RtlInitUnicodeString( &name, RelayIncludeW );
146 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
148 TRACE("RelayInclude = %s\n", debugstr_w(str) );
149 debug_relay_includelist = build_list( str );
152 RtlInitUnicodeString( &name, RelayExcludeW );
153 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
155 TRACE( "RelayExclude = %s\n", debugstr_w(str) );
156 debug_relay_excludelist = build_list( str );
159 RtlInitUnicodeString( &name, SnoopIncludeW );
160 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
162 TRACE_(snoop)( "SnoopInclude = %s\n", debugstr_w(str) );
163 debug_snoop_includelist = build_list( str );
166 RtlInitUnicodeString( &name, SnoopExcludeW );
167 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
169 TRACE_(snoop)( "SnoopExclude = %s\n", debugstr_w(str) );
170 debug_snoop_excludelist = build_list( str );
173 RtlInitUnicodeString( &name, RelayFromIncludeW );
174 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
176 TRACE("RelayFromInclude = %s\n", debugstr_w(str) );
177 debug_from_relay_includelist = build_list( str );
180 RtlInitUnicodeString( &name, RelayFromExcludeW );
181 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
183 TRACE( "RelayFromExclude = %s\n", debugstr_w(str) );
184 debug_from_relay_excludelist = build_list( str );
187 RtlInitUnicodeString( &name, SnoopFromIncludeW );
188 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
190 TRACE_(snoop)("SnoopFromInclude = %s\n", debugstr_w(str) );
191 debug_from_snoop_includelist = build_list( str );
194 RtlInitUnicodeString( &name, SnoopFromExcludeW );
195 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
197 TRACE_(snoop)( "SnoopFromExclude = %s\n", debugstr_w(str) );
198 debug_from_snoop_excludelist = build_list( str );
207 #include "pshpack1.h"
211 BYTE call; /* 0xe8 call callfrom32 (relative) */
212 DWORD callfrom32; /* RELAY_CallFrom32 relative addr */
213 BYTE ret; /* 0xc2 ret $n or 0xc3 ret */
214 WORD args; /* nb of args to remove from the stack */
215 void *orig; /* original entry point */
216 DWORD argtypes; /* argument types */
222 BYTE lcall; /* 0xe8 call snoopentry (relative) */
223 /* NOTE: If you move snoopentry OR nrofargs fix the relative offset
226 DWORD snoopentry; /* SNOOP_Entry relative */
233 typedef struct tagSNOOP_DLL {
238 struct tagSNOOP_DLL *next;
245 BYTE lcall; /* 0xe8 call snoopret relative*/
246 /* NOTE: If you move snoopret OR origreturn fix the relative offset
249 DWORD snoopret; /* SNOOP_Ret relative */
255 DWORD *args; /* saved args across a stdcall */
258 typedef struct tagSNOOP_RETURNENTRIES {
259 SNOOP_RETURNENTRY entry[4092/sizeof(SNOOP_RETURNENTRY)];
260 struct tagSNOOP_RETURNENTRIES *next;
261 } SNOOP_RETURNENTRIES;
265 extern void WINAPI SNOOP_Entry();
266 extern void WINAPI SNOOP_Return();
268 static SNOOP_DLL *firstdll;
269 static SNOOP_RETURNENTRIES *firstrets;
271 static WINE_EXCEPTION_FILTER(page_fault)
273 if (GetExceptionCode() == EXCEPTION_ACCESS_VIOLATION ||
274 GetExceptionCode() == EXCEPTION_PRIV_INSTRUCTION)
275 return EXCEPTION_EXECUTE_HANDLER;
276 return EXCEPTION_CONTINUE_SEARCH;
279 /***********************************************************************
282 * Check if a given module and function is in the list.
284 static BOOL check_list( const char *module, int ordinal, const char *func, const WCHAR **list )
288 sprintf( ord_str, "%d", ordinal );
291 const WCHAR *p = strrchrW( *list, '.' );
292 if (p && p > *list) /* check module and function */
295 if (strncmpiAW( module, *list, len-1 ) || module[len]) continue;
296 if (p[1] == '*' && !p[2]) return TRUE;
297 if (!strcmpAW( ord_str, p + 1 )) return TRUE;
298 if (func && !strcmpAW( func, p + 1 )) return TRUE;
300 else /* function only */
302 if (func && !strcmpAW( func, *list )) return TRUE;
309 /***********************************************************************
310 * check_relay_include
312 * Check if a given function must be included in the relay output.
314 static BOOL check_relay_include( const char *module, int ordinal, const char *func )
316 if (debug_relay_excludelist && check_list( module, ordinal, func, debug_relay_excludelist ))
318 if (debug_relay_includelist && !check_list( module, ordinal, func, debug_relay_includelist ))
323 /***********************************************************************
326 * Check if calls from a given module must be included in the relay/snoop output,
327 * given the exclusion and inclusion lists.
329 static BOOL check_from_module( const WCHAR **includelist, const WCHAR **excludelist, const WCHAR *module )
331 static const WCHAR dllW[] = {'.','d','l','l',0 };
332 const WCHAR **listitem;
335 if (!module) return TRUE;
336 if (!includelist && !excludelist) return TRUE;
340 listitem = excludelist;
345 listitem = includelist;
347 for(; *listitem; listitem++)
351 if (!strcmpiW( *listitem, module )) return !show;
352 len = strlenW( *listitem );
353 if (!strncmpiW( *listitem, module, len ) && !strcmpiW( module + len, dllW ))
359 /***********************************************************************
362 * Find the name of an exported function.
364 static const char *find_exported_name( HMODULE module,
365 IMAGE_EXPORT_DIRECTORY *exp, int ordinal )
368 const char *ret = NULL;
370 WORD *ordptr = (WORD *)((char *)module + exp->AddressOfNameOrdinals);
371 for (i = 0; i < exp->NumberOfNames; i++, ordptr++)
372 if (*ordptr + exp->Base == ordinal) break;
373 if (i < exp->NumberOfNames)
374 ret = (char *)module + ((DWORD*)((char *)module + exp->AddressOfNames))[i];
379 /***********************************************************************
382 * Get the name of the DLL entry point corresponding to a relay address.
384 static void get_entry_point( char *buffer, DEBUG_ENTRY_POINT *relay )
386 IMAGE_EXPORT_DIRECTORY *exp = NULL;
387 DEBUG_ENTRY_POINT *debug;
391 PLIST_ENTRY mark, entry;
392 PLDR_MODULE mod = NULL;
395 /* First find the module */
397 mark = &NtCurrentTeb()->Peb->LdrData->InLoadOrderModuleList;
398 for (entry = mark->Flink; entry != mark; entry = entry->Flink)
400 mod = CONTAINING_RECORD(entry, LDR_MODULE, InLoadOrderModuleList);
401 if (!(mod->Flags & LDR_WINE_INTERNAL)) continue;
402 exp = RtlImageDirectoryEntryToData( mod->BaseAddress, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
404 debug = (DEBUG_ENTRY_POINT *)((char *)exp + size);
405 if (debug <= relay && relay < debug + exp->NumberOfFunctions)
407 ordinal = relay - debug;
412 /* Now find the function */
414 strcpy( buffer, (char *)mod->BaseAddress + exp->Name );
415 p = buffer + strlen(buffer);
416 if (p > buffer + 4 && !strcasecmp( p - 4, ".dll" )) p -= 4;
418 if ((name = find_exported_name( mod->BaseAddress, exp, ordinal + exp->Base )))
419 sprintf( p, ".%s", name );
421 sprintf( p, ".%ld", ordinal + exp->Base );
425 /***********************************************************************
428 static inline void RELAY_PrintArgs( int *args, int nb_args, unsigned int typemask )
432 if ((typemask & 3) && HIWORD(*args))
435 DPRINTF( "%08x %s", *args, debugstr_w((LPWSTR)*args) );
437 DPRINTF( "%08x %s", *args, debugstr_a((LPCSTR)*args) );
439 else DPRINTF( "%08x", *args );
440 if (nb_args) DPRINTF( "," );
447 typedef LONGLONG (*LONGLONG_CPROC)();
448 typedef LONGLONG (WINAPI *LONGLONG_FARPROC)();
451 /***********************************************************************
452 * call_cdecl_function
454 static LONGLONG call_cdecl_function( LONGLONG_CPROC func, int nb_args, const int *args )
459 case 0: ret = func(); break;
460 case 1: ret = func(args[0]); break;
461 case 2: ret = func(args[0],args[1]); break;
462 case 3: ret = func(args[0],args[1],args[2]); break;
463 case 4: ret = func(args[0],args[1],args[2],args[3]); break;
464 case 5: ret = func(args[0],args[1],args[2],args[3],args[4]); break;
465 case 6: ret = func(args[0],args[1],args[2],args[3],args[4],
467 case 7: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
469 case 8: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
470 args[6],args[7]); break;
471 case 9: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
472 args[6],args[7],args[8]); break;
473 case 10: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
474 args[6],args[7],args[8],args[9]); break;
475 case 11: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
476 args[6],args[7],args[8],args[9],args[10]); break;
477 case 12: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
478 args[6],args[7],args[8],args[9],args[10],
480 case 13: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
481 args[6],args[7],args[8],args[9],args[10],args[11],
483 case 14: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
484 args[6],args[7],args[8],args[9],args[10],args[11],
485 args[12],args[13]); break;
486 case 15: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
487 args[6],args[7],args[8],args[9],args[10],args[11],
488 args[12],args[13],args[14]); break;
489 case 16: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
490 args[6],args[7],args[8],args[9],args[10],args[11],
491 args[12],args[13],args[14],args[15]); break;
492 case 17: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
493 args[6],args[7],args[8],args[9],args[10],args[11],
494 args[12],args[13],args[14],args[15],args[16]); break;
495 case 18: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
496 args[6],args[7],args[8],args[9],args[10],args[11],
497 args[12],args[13],args[14],args[15],args[16],
500 ERR( "Unsupported nb of args %d\n", nb_args );
509 /***********************************************************************
510 * call_stdcall_function
512 static LONGLONG call_stdcall_function( LONGLONG_FARPROC func, int nb_args, const int *args )
517 case 0: ret = func(); break;
518 case 1: ret = func(args[0]); break;
519 case 2: ret = func(args[0],args[1]); break;
520 case 3: ret = func(args[0],args[1],args[2]); break;
521 case 4: ret = func(args[0],args[1],args[2],args[3]); break;
522 case 5: ret = func(args[0],args[1],args[2],args[3],args[4]); break;
523 case 6: ret = func(args[0],args[1],args[2],args[3],args[4],
525 case 7: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
527 case 8: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
528 args[6],args[7]); break;
529 case 9: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
530 args[6],args[7],args[8]); break;
531 case 10: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
532 args[6],args[7],args[8],args[9]); break;
533 case 11: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
534 args[6],args[7],args[8],args[9],args[10]); break;
535 case 12: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
536 args[6],args[7],args[8],args[9],args[10],
538 case 13: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
539 args[6],args[7],args[8],args[9],args[10],args[11],
541 case 14: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
542 args[6],args[7],args[8],args[9],args[10],args[11],
543 args[12],args[13]); break;
544 case 15: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
545 args[6],args[7],args[8],args[9],args[10],args[11],
546 args[12],args[13],args[14]); break;
547 case 16: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
548 args[6],args[7],args[8],args[9],args[10],args[11],
549 args[12],args[13],args[14],args[15]); break;
550 case 17: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
551 args[6],args[7],args[8],args[9],args[10],args[11],
552 args[12],args[13],args[14],args[15],args[16]); break;
553 case 18: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
554 args[6],args[7],args[8],args[9],args[10],args[11],
555 args[12],args[13],args[14],args[15],args[16],
558 ERR( "Unsupported nb of args %d\n", nb_args );
567 /***********************************************************************
570 * Stack layout on entry to this function:
575 * (esp) return addr to relay code
577 static LONGLONG RELAY_CallFrom32( int ret_addr, ... )
582 int *args = &ret_addr + 1;
583 /* Relay addr is the return address for this function */
584 BYTE *relay_addr = (BYTE *)__builtin_return_address(0);
585 DEBUG_ENTRY_POINT *relay = (DEBUG_ENTRY_POINT *)(relay_addr - 5);
586 WORD nb_args = relay->args / sizeof(int);
590 get_entry_point( buffer, relay );
592 DPRINTF( "%04lx:Call %s(", GetCurrentThreadId(), buffer );
593 RELAY_PrintArgs( args, nb_args, relay->argtypes );
594 DPRINTF( ") ret=%08x\n", ret_addr );
597 if (relay->ret == 0xc3) /* cdecl */
599 ret = call_cdecl_function( (LONGLONG_CPROC)relay->orig, nb_args, args );
603 ret = call_stdcall_function( (LONGLONG_FARPROC)relay->orig, nb_args, args );
608 BOOL ret64 = (relay->argtypes & 0x80000000) && (nb_args < 16);
610 DPRINTF( "%04lx:Ret %s() retval=%08x%08x ret=%08x\n",
611 GetCurrentThreadId(),
612 buffer, (UINT)(ret >> 32), (UINT)ret, ret_addr );
614 DPRINTF( "%04lx:Ret %s() retval=%08x ret=%08x\n",
615 GetCurrentThreadId(),
616 buffer, (UINT)ret, ret_addr );
622 /***********************************************************************
623 * RELAY_CallFrom32Regs
625 * Stack layout (esp is context->Esp, not the current %esp):
629 * (esp) return addr to caller
630 * (esp-4) return addr to DEBUG_ENTRY_POINT
631 * (esp-8) ptr to relay entry code for RELAY_CallFrom32Regs
632 * ... >128 bytes space free to be modified (ensured by the assembly glue)
634 void WINAPI __regs_RELAY_CallFrom32Regs( CONTEXT86 *context )
641 BYTE *relay_addr = *((BYTE **)context->Esp - 1);
642 DEBUG_ENTRY_POINT *relay = (DEBUG_ENTRY_POINT *)(relay_addr - 5);
643 WORD nb_args = relay->args / sizeof(int);
645 /* remove extra stuff from the stack */
646 context->Eip = *(DWORD *)context->Esp;
647 context->Esp += sizeof(DWORD);
648 args = (int *)context->Esp;
649 if (relay->ret == 0xc2) /* stdcall */
650 context->Esp += nb_args * sizeof(int);
652 entry_point = (BYTE *)relay->orig;
653 assert( *entry_point == 0xe8 /* lcall */ );
657 get_entry_point( buffer, relay );
659 DPRINTF( "%04lx:Call %s(", GetCurrentThreadId(), buffer );
660 RELAY_PrintArgs( args, nb_args, relay->argtypes );
661 DPRINTF( ") ret=%08lx fs=%04lx\n", context->Eip, context->SegFs );
663 DPRINTF(" eax=%08lx ebx=%08lx ecx=%08lx edx=%08lx esi=%08lx edi=%08lx\n",
664 context->Eax, context->Ebx, context->Ecx,
665 context->Edx, context->Esi, context->Edi );
666 DPRINTF(" ebp=%08lx esp=%08lx ds=%04lx es=%04lx gs=%04lx flags=%08lx\n",
667 context->Ebp, context->Esp, context->SegDs,
668 context->SegEs, context->SegGs, context->EFlags );
671 /* Now call the real function */
673 memcpy( args_copy, args, nb_args * sizeof(args[0]) );
674 args_copy[nb_args] = (int)context; /* append context argument */
675 if (relay->ret == 0xc3) /* cdecl */
677 call_cdecl_function( (LONGLONG_CPROC)(entry_point + 5 + *(DWORD *)(entry_point + 5)),
678 nb_args+1, args_copy );
682 call_stdcall_function( (LONGLONG_FARPROC)(entry_point + 5 + *(DWORD *)(entry_point + 5)),
683 nb_args+1, args_copy );
688 DPRINTF( "%04lx:Ret %s() retval=%08lx ret=%08lx fs=%04lx\n",
689 GetCurrentThreadId(),
690 buffer, context->Eax, context->Eip, context->SegFs );
692 DPRINTF(" eax=%08lx ebx=%08lx ecx=%08lx edx=%08lx esi=%08lx edi=%08lx\n",
693 context->Eax, context->Ebx, context->Ecx,
694 context->Edx, context->Esi, context->Edi );
695 DPRINTF(" ebp=%08lx esp=%08lx ds=%04lx es=%04lx gs=%04lx flags=%08lx\n",
696 context->Ebp, context->Esp, context->SegDs,
697 context->SegEs, context->SegGs, context->EFlags );
701 void WINAPI RELAY_CallFrom32Regs(void);
702 DEFINE_REGS_ENTRYPOINT( RELAY_CallFrom32Regs, 0, 0 );
704 /* check whether the function at addr starts with a call to __wine_call_from_32_regs */
705 static BOOL is_register_entry_point( const BYTE *addr )
707 extern void __wine_call_from_32_regs();
711 if (*addr != 0xe8) return FALSE; /* not a call */
712 /* check if call target is __wine_call_from_32_regs */
713 offset = (const int *)(addr + 1);
714 if (*offset == (const char *)__wine_call_from_32_regs - (const char *)(offset + 1)) return TRUE;
715 /* now check if call target is an import table jump to __wine_call_from_32_regs */
716 addr = (const BYTE *)(offset + 1) + *offset;
718 /* Note: the following checks depend on the asm code generated by winebuild */
720 if (addr[0] == 0xff && addr[1] == 0x25) /* indirect jmp */
722 ptr = *(const void * const*)(addr + 2); /* get indirect jmp target address */
724 else /* check for import thunk */
726 if (addr[0] != 0x50) return FALSE; /* pushl %%eax */
727 if (addr[1] != 0x9c) return FALSE; /* pushfl */
728 if (addr[2] != 0xe8 || addr[3] || addr[4] || addr[5] || addr[6]) return FALSE; /* call .+0 */
729 if (addr[7] != 0x58) return FALSE; /* popl %%eax */
730 if (addr[8] != 0x05) return FALSE; /* addl offset,%%eax */
731 ptr = addr + 7 + *(const int *)(addr + 9);
733 return (*(const char * const*)ptr == (char *)__wine_call_from_32_regs);
737 /***********************************************************************
738 * RELAY_GetProcAddress
740 * Return the proc address to use for a given function.
742 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
743 DWORD exp_size, FARPROC proc, const WCHAR *user )
745 const DEBUG_ENTRY_POINT *debug = (DEBUG_ENTRY_POINT *)proc;
746 const DEBUG_ENTRY_POINT *list = (const DEBUG_ENTRY_POINT *)((const char *)exports + exp_size);
748 if (debug < list || debug >= list + exports->NumberOfFunctions) return proc;
749 if (list + (debug - list) != debug) return proc; /* not a valid address */
750 if (check_from_module( debug_from_relay_includelist, debug_from_relay_excludelist, user ))
751 return proc; /* we want to relay it */
752 if (!debug->call) return proc; /* not a normal function */
753 if (debug->call != 0xe8 && debug->call != 0xe9) return proc; /* not a debug thunk at all */
758 /***********************************************************************
761 * Setup relay debugging for a built-in dll.
763 void RELAY_SetupDLL( HMODULE module )
765 IMAGE_EXPORT_DIRECTORY *exports;
766 DEBUG_ENTRY_POINT *debug;
770 char *p, dllname[80];
773 exports = RtlImageDirectoryEntryToData( module, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
774 if (!exports) return;
775 debug = (DEBUG_ENTRY_POINT *)((char *)exports + size);
776 funcs = (DWORD *)((char *)module + exports->AddressOfFunctions);
777 strcpy( dllname, (char *)module + exports->Name );
778 p = dllname + strlen(dllname) - 4;
779 if (p > dllname && !strcasecmp( p, ".dll" )) *p = 0;
781 for (i = 0; i < exports->NumberOfFunctions; i++, funcs++, debug++)
785 if (!debug->call) continue; /* not a normal function */
786 if (debug->call != 0xe8 && debug->call != 0xe9) break; /* not a debug thunk at all */
788 name = find_exported_name( module, exports, i + exports->Base );
789 on = check_relay_include( dllname, i + exports->Base, name );
793 debug->call = 0xe8; /* call relative */
794 if (is_register_entry_point( debug->orig ))
795 debug->callfrom32 = (char *)RELAY_CallFrom32Regs - (char *)&debug->ret;
797 debug->callfrom32 = (char *)RELAY_CallFrom32 - (char *)&debug->ret;
801 debug->call = 0xe9; /* jmp relative */
802 debug->callfrom32 = (char *)debug->orig - (char *)&debug->ret;
804 *funcs = (char *)debug - (char *)module;
809 /***********************************************************************
810 * SNOOP_ShowDebugmsgSnoop
812 * Simple function to decide if a particular debugging message is
815 static BOOL SNOOP_ShowDebugmsgSnoop(const char *module, int ordinal, const char *func)
817 if (debug_snoop_excludelist && check_list( module, ordinal, func, debug_snoop_excludelist ))
819 if (debug_snoop_includelist && !check_list( module, ordinal, func, debug_snoop_includelist ))
825 /***********************************************************************
828 * Setup snoop debugging for a native dll.
830 void SNOOP_SetupDLL(HMODULE hmod)
832 SNOOP_DLL **dll = &firstdll;
836 IMAGE_EXPORT_DIRECTORY *exports;
838 exports = RtlImageDirectoryEntryToData( hmod, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
839 if (!exports) return;
840 name = (char *)hmod + exports->Name;
842 TRACE_(snoop)("hmod=%p, name=%s\n", hmod, name);
845 if ((*dll)->hmod == hmod)
847 /* another dll, loaded at the same address */
849 size = (*dll)->nrofordinals * sizeof(SNOOP_FUN);
850 NtFreeVirtualMemory(NtCurrentProcess(), &addr, &size, MEM_RELEASE);
853 dll = &((*dll)->next);
856 *dll = RtlReAllocateHeap(GetProcessHeap(),
857 HEAP_ZERO_MEMORY, *dll,
858 sizeof(SNOOP_DLL) + strlen(name));
860 *dll = RtlAllocateHeap(GetProcessHeap(),
862 sizeof(SNOOP_DLL) + strlen(name));
864 (*dll)->ordbase = exports->Base;
865 (*dll)->nrofordinals = exports->NumberOfFunctions;
866 strcpy( (*dll)->name, name );
867 p = (*dll)->name + strlen((*dll)->name) - 4;
868 if (p > (*dll)->name && !strcasecmp( p, ".dll" )) *p = 0;
870 size = exports->NumberOfFunctions * sizeof(SNOOP_FUN);
872 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
873 MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
875 RtlFreeHeap(GetProcessHeap(),0,*dll);
876 FIXME("out of memory\n");
880 memset((*dll)->funs,0,size);
884 /***********************************************************************
885 * SNOOP_GetProcAddress
887 * Return the proc address to use for a given function.
889 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports,
890 DWORD exp_size, FARPROC origfun, DWORD ordinal,
895 const WORD *ordinals;
897 SNOOP_DLL *dll = firstdll;
899 const IMAGE_SECTION_HEADER *sec;
901 if (!TRACE_ON(snoop)) return origfun;
902 if (!check_from_module( debug_from_snoop_includelist, debug_from_snoop_excludelist, user ))
903 return origfun; /* the calling module was explicitly excluded */
905 if (!*(LPBYTE)origfun) /* 0x00 is an imposs. opcode, poss. dataref. */
908 sec = RtlImageRvaToSection( RtlImageNtHeader(hmod), hmod, (char *)origfun - (char *)hmod );
910 if (!sec || !(sec->Characteristics & IMAGE_SCN_CNT_CODE))
911 return origfun; /* most likely a data reference */
914 if (hmod == dll->hmod)
918 if (!dll) /* probably internal */
921 /* try to find a name for it */
923 names = (const DWORD *)((const char *)hmod + exports->AddressOfNames);
924 ordinals = (const WORD *)((const char *)hmod + exports->AddressOfNameOrdinals);
925 if (names) for (i = 0; i < exports->NumberOfNames; i++)
927 if (ordinals[i] == ordinal)
929 ename = (const char *)hmod + names[i];
933 if (!SNOOP_ShowDebugmsgSnoop(dll->name,ordinal,ename))
935 assert(ordinal < dll->nrofordinals);
936 fun = dll->funs + ordinal;
941 /* NOTE: origreturn struct member MUST come directly after snoopentry */
942 fun->snoopentry = (char*)SNOOP_Entry-((char*)(&fun->nrofargs));
943 fun->origfun = origfun;
946 return (FARPROC)&(fun->lcall);
949 static void SNOOP_PrintArg(DWORD x)
954 if (!HIWORD(x) || TRACE_ON(seh)) return; /* trivial reject to avoid faults */
961 if (s[i]<0x20) {nostring=1;break;}
962 if (s[i]>=0x80) {nostring=1;break;}
965 if (!nostring && i > 5)
966 DPRINTF(" %s",debugstr_an((LPSTR)x,i));
967 else /* try unicode */
973 if (s[i]<0x20) {nostring=1;break;}
974 if (s[i]>0x100) {nostring=1;break;}
977 if (!nostring && i > 5) DPRINTF(" %s",debugstr_wn((LPWSTR)x,i));
986 #define CALLER1REF (*(DWORD*)context->Esp)
988 void WINAPI __regs_SNOOP_Entry( CONTEXT86 *context )
990 DWORD ordinal=0,entry = context->Eip - 5;
991 SNOOP_DLL *dll = firstdll;
992 SNOOP_FUN *fun = NULL;
993 SNOOP_RETURNENTRIES **rets = &firstrets;
994 SNOOP_RETURNENTRY *ret;
998 if ( ((char*)entry>=(char*)dll->funs) &&
999 ((char*)entry<=(char*)(dll->funs+dll->nrofordinals))
1001 fun = (SNOOP_FUN*)entry;
1002 ordinal = fun-dll->funs;
1008 FIXME("entrypoint 0x%08lx not found\n",entry);
1011 /* guess cdecl ... */
1012 if (fun->nrofargs<0) {
1013 /* Typical cdecl return frame is:
1015 * which has (for xxxxxxxx up to 255 the opcode "83 C4 xx".
1016 * (after that 81 C2 xx xx xx xx)
1018 LPBYTE reteip = (LPBYTE)CALLER1REF;
1021 if ((reteip[0]==0x83)&&(reteip[1]==0xc4))
1022 fun->nrofargs=reteip[2]/4;
1028 for (i=0;i<sizeof((*rets)->entry)/sizeof((*rets)->entry[0]);i++)
1029 if (!(*rets)->entry[i].origreturn)
1031 if (i!=sizeof((*rets)->entry)/sizeof((*rets)->entry[0]))
1033 rets = &((*rets)->next);
1039 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
1040 MEM_COMMIT | MEM_RESERVE,
1041 PAGE_EXECUTE_READWRITE);
1044 memset(*rets,0,4096);
1045 i = 0; /* entry 0 is free */
1047 ret = &((*rets)->entry[i]);
1049 /* NOTE: origreturn struct member MUST come directly after snoopret */
1050 ret->snoopret = ((char*)SNOOP_Return)-(char*)(&ret->origreturn);
1051 ret->origreturn = (FARPROC)CALLER1REF;
1052 CALLER1REF = (DWORD)&ret->lcall;
1055 ret->ordinal = ordinal;
1056 ret->origESP = context->Esp;
1058 context->Eip = (DWORD)fun->origfun;
1060 if (fun->name) DPRINTF("%04lx:CALL %s.%s(",GetCurrentThreadId(),dll->name,fun->name);
1061 else DPRINTF("%04lx:CALL %s.%ld(",GetCurrentThreadId(),dll->name,dll->ordbase+ordinal);
1062 if (fun->nrofargs>0) {
1063 max = fun->nrofargs; if (max>16) max=16;
1066 SNOOP_PrintArg(*(DWORD*)(context->Esp + 4 + sizeof(DWORD)*i));
1067 if (i<fun->nrofargs-1) DPRINTF(",");
1069 if (max!=fun->nrofargs)
1071 } else if (fun->nrofargs<0) {
1072 DPRINTF("<unknown, check return>");
1073 ret->args = RtlAllocateHeap(GetProcessHeap(),
1074 0,16*sizeof(DWORD));
1075 memcpy(ret->args,(LPBYTE)(context->Esp + 4),sizeof(DWORD)*16);
1077 DPRINTF(") ret=%08lx\n",(DWORD)ret->origreturn);
1081 void WINAPI __regs_SNOOP_Return( CONTEXT86 *context )
1083 SNOOP_RETURNENTRY *ret = (SNOOP_RETURNENTRY*)(context->Eip - 5);
1084 SNOOP_FUN *fun = &ret->dll->funs[ret->ordinal];
1086 /* We haven't found out the nrofargs yet. If we called a cdecl
1087 * function it is too late anyway and we can just set '0' (which
1088 * will be the difference between orig and current ESP
1089 * If stdcall -> everything ok.
1091 if (ret->dll->funs[ret->ordinal].nrofargs<0)
1092 ret->dll->funs[ret->ordinal].nrofargs=(context->Esp - ret->origESP-4)/4;
1093 context->Eip = (DWORD)ret->origreturn;
1098 DPRINTF("%04lx:RET %s.%s(", GetCurrentThreadId(), ret->dll->name, fun->name);
1100 DPRINTF("%04lx:RET %s.%ld(", GetCurrentThreadId(),
1101 ret->dll->name,ret->dll->ordbase+ret->ordinal);
1103 max = fun->nrofargs;
1108 SNOOP_PrintArg(ret->args[i]);
1109 if (i<max-1) DPRINTF(",");
1111 DPRINTF(") retval=%08lx ret=%08lx\n",
1112 context->Eax,(DWORD)ret->origreturn );
1113 RtlFreeHeap(GetProcessHeap(),0,ret->args);
1119 DPRINTF("%04lx:RET %s.%s() retval=%08lx ret=%08lx\n",
1120 GetCurrentThreadId(),
1121 ret->dll->name, fun->name, context->Eax, (DWORD)ret->origreturn);
1123 DPRINTF("%04lx:RET %s.%ld() retval=%08lx ret=%08lx\n",
1124 GetCurrentThreadId(),
1125 ret->dll->name,ret->dll->ordbase+ret->ordinal,
1126 context->Eax, (DWORD)ret->origreturn);
1128 ret->origreturn = NULL; /* mark as empty */
1131 /* assembly wrappers that save the context */
1132 DEFINE_REGS_ENTRYPOINT( SNOOP_Entry, 0, 0 );
1133 DEFINE_REGS_ENTRYPOINT( SNOOP_Return, 0, 0 );
1135 #else /* __i386__ */
1137 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
1138 DWORD exp_size, FARPROC proc, const WCHAR *user )
1143 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports, DWORD exp_size,
1144 FARPROC origfun, DWORD ordinal, const WCHAR *user )
1149 void RELAY_SetupDLL( HMODULE module )
1153 void SNOOP_SetupDLL( HMODULE hmod )
1155 FIXME("snooping works only on i386 for now.\n");
1158 #endif /* __i386__ */