2 * Win32 relay and snoop functions
4 * Copyright 1997 Alexandre Julliard
5 * Copyright 1998 Marcus Meissner
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 #include "wine/port.h"
33 #include "wine/exception.h"
34 #include "ntdll_misc.h"
35 #include "wine/unicode.h"
36 #include "wine/debug.h"
38 WINE_DEFAULT_DEBUG_CHANNEL(relay);
39 WINE_DECLARE_DEBUG_CHANNEL(snoop);
40 WINE_DECLARE_DEBUG_CHANNEL(seh);
44 static const WCHAR **debug_relay_excludelist;
45 static const WCHAR **debug_relay_includelist;
46 static const WCHAR **debug_snoop_excludelist;
47 static const WCHAR **debug_snoop_includelist;
48 static const WCHAR **debug_from_relay_excludelist;
49 static const WCHAR **debug_from_relay_includelist;
50 static const WCHAR **debug_from_snoop_excludelist;
51 static const WCHAR **debug_from_snoop_includelist;
53 static BOOL init_done;
55 /* compare an ASCII and a Unicode string without depending on the current codepage */
56 inline static int strcmpAW( const char *strA, const WCHAR *strW )
58 while (*strA && ((unsigned char)*strA == *strW)) { strA++; strW++; }
59 return (unsigned char)*strA - *strW;
62 /* compare an ASCII and a Unicode string without depending on the current codepage */
63 inline static int strncmpiAW( const char *strA, const WCHAR *strW, int n )
66 for ( ; n > 0; n--, strA++, strW++)
67 if ((ret = toupperW((unsigned char)*strA) - toupperW(*strW)) || !*strA) break;
71 /***********************************************************************
74 * Build a function list from a ';'-separated string.
76 static const WCHAR **build_list( const WCHAR *buffer )
79 const WCHAR *p = buffer;
82 while ((p = strchrW( p, ';' )))
87 /* allocate count+1 pointers, plus the space for a copy of the string */
88 if ((ret = RtlAllocateHeap( GetProcessHeap(), 0,
89 (count+1) * sizeof(WCHAR*) + (strlenW(buffer)+1) * sizeof(WCHAR) )))
91 WCHAR *str = (WCHAR *)(ret + count + 1);
94 strcpyW( str, buffer );
99 if (!(p = strchrW( p, ';' ))) break;
108 /***********************************************************************
111 * Build the relay include/exclude function lists.
113 static void init_debug_lists(void)
115 OBJECT_ATTRIBUTES attr;
121 static const WCHAR configW[] = {'S','o','f','t','w','a','r','e','\\',
122 'W','i','n','e','\\',
123 'D','e','b','u','g',0};
124 static const WCHAR RelayIncludeW[] = {'R','e','l','a','y','I','n','c','l','u','d','e',0};
125 static const WCHAR RelayExcludeW[] = {'R','e','l','a','y','E','x','c','l','u','d','e',0};
126 static const WCHAR SnoopIncludeW[] = {'S','n','o','o','p','I','n','c','l','u','d','e',0};
127 static const WCHAR SnoopExcludeW[] = {'S','n','o','o','p','E','x','c','l','u','d','e',0};
128 static const WCHAR RelayFromIncludeW[] = {'R','e','l','a','y','F','r','o','m','I','n','c','l','u','d','e',0};
129 static const WCHAR RelayFromExcludeW[] = {'R','e','l','a','y','F','r','o','m','E','x','c','l','u','d','e',0};
130 static const WCHAR SnoopFromIncludeW[] = {'S','n','o','o','p','F','r','o','m','I','n','c','l','u','d','e',0};
131 static const WCHAR SnoopFromExcludeW[] = {'S','n','o','o','p','F','r','o','m','E','x','c','l','u','d','e',0};
133 if (init_done) return;
136 RtlOpenCurrentUser( KEY_ALL_ACCESS, &root );
137 attr.Length = sizeof(attr);
138 attr.RootDirectory = root;
139 attr.ObjectName = &name;
141 attr.SecurityDescriptor = NULL;
142 attr.SecurityQualityOfService = NULL;
143 RtlInitUnicodeString( &name, configW );
145 /* @@ Wine registry key: HKCU\Software\Wine\Debug */
146 if (NtOpenKey( &hkey, KEY_ALL_ACCESS, &attr )) hkey = 0;
150 str = (WCHAR *)((KEY_VALUE_PARTIAL_INFORMATION *)buffer)->Data;
151 RtlInitUnicodeString( &name, RelayIncludeW );
152 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
154 TRACE("RelayInclude = %s\n", debugstr_w(str) );
155 debug_relay_includelist = build_list( str );
158 RtlInitUnicodeString( &name, RelayExcludeW );
159 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
161 TRACE( "RelayExclude = %s\n", debugstr_w(str) );
162 debug_relay_excludelist = build_list( str );
165 RtlInitUnicodeString( &name, SnoopIncludeW );
166 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
168 TRACE_(snoop)( "SnoopInclude = %s\n", debugstr_w(str) );
169 debug_snoop_includelist = build_list( str );
172 RtlInitUnicodeString( &name, SnoopExcludeW );
173 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
175 TRACE_(snoop)( "SnoopExclude = %s\n", debugstr_w(str) );
176 debug_snoop_excludelist = build_list( str );
179 RtlInitUnicodeString( &name, RelayFromIncludeW );
180 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
182 TRACE("RelayFromInclude = %s\n", debugstr_w(str) );
183 debug_from_relay_includelist = build_list( str );
186 RtlInitUnicodeString( &name, RelayFromExcludeW );
187 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
189 TRACE( "RelayFromExclude = %s\n", debugstr_w(str) );
190 debug_from_relay_excludelist = build_list( str );
193 RtlInitUnicodeString( &name, SnoopFromIncludeW );
194 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
196 TRACE_(snoop)("SnoopFromInclude = %s\n", debugstr_w(str) );
197 debug_from_snoop_includelist = build_list( str );
200 RtlInitUnicodeString( &name, SnoopFromExcludeW );
201 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
203 TRACE_(snoop)( "SnoopFromExclude = %s\n", debugstr_w(str) );
204 debug_from_snoop_excludelist = build_list( str );
211 #include "pshpack1.h"
215 BYTE call; /* 0xe8 call callfrom32 (relative) */
216 DWORD callfrom32; /* RELAY_CallFrom32 relative addr */
217 BYTE ret; /* 0xc2 ret $n or 0xc3 ret */
218 WORD args; /* nb of args to remove from the stack */
219 void *orig; /* original entry point */
220 DWORD argtypes; /* argument types */
226 BYTE lcall; /* 0xe8 call snoopentry (relative) */
227 /* NOTE: If you move snoopentry OR nrofargs fix the relative offset
230 DWORD snoopentry; /* SNOOP_Entry relative */
237 typedef struct tagSNOOP_DLL {
242 struct tagSNOOP_DLL *next;
249 BYTE lcall; /* 0xe8 call snoopret relative*/
250 /* NOTE: If you move snoopret OR origreturn fix the relative offset
253 DWORD snoopret; /* SNOOP_Ret relative */
259 DWORD *args; /* saved args across a stdcall */
262 typedef struct tagSNOOP_RETURNENTRIES {
263 SNOOP_RETURNENTRY entry[4092/sizeof(SNOOP_RETURNENTRY)];
264 struct tagSNOOP_RETURNENTRIES *next;
265 } SNOOP_RETURNENTRIES;
269 extern void WINAPI SNOOP_Entry(void);
270 extern void WINAPI SNOOP_Return(void);
272 static SNOOP_DLL *firstdll;
273 static SNOOP_RETURNENTRIES *firstrets;
275 static WINE_EXCEPTION_FILTER(page_fault)
277 if (GetExceptionCode() == EXCEPTION_ACCESS_VIOLATION ||
278 GetExceptionCode() == EXCEPTION_PRIV_INSTRUCTION)
279 return EXCEPTION_EXECUTE_HANDLER;
280 return EXCEPTION_CONTINUE_SEARCH;
283 /***********************************************************************
286 * Check if a given module and function is in the list.
288 static BOOL check_list( const char *module, int ordinal, const char *func, const WCHAR **list )
292 sprintf( ord_str, "%d", ordinal );
295 const WCHAR *p = strrchrW( *list, '.' );
296 if (p && p > *list) /* check module and function */
299 if (strncmpiAW( module, *list, len-1 ) || module[len]) continue;
300 if (p[1] == '*' && !p[2]) return TRUE;
301 if (!strcmpAW( ord_str, p + 1 )) return TRUE;
302 if (func && !strcmpAW( func, p + 1 )) return TRUE;
304 else /* function only */
306 if (func && !strcmpAW( func, *list )) return TRUE;
313 /***********************************************************************
314 * check_relay_include
316 * Check if a given function must be included in the relay output.
318 static BOOL check_relay_include( const char *module, int ordinal, const char *func )
320 if (debug_relay_excludelist && check_list( module, ordinal, func, debug_relay_excludelist ))
322 if (debug_relay_includelist && !check_list( module, ordinal, func, debug_relay_includelist ))
327 /***********************************************************************
330 * Check if calls from a given module must be included in the relay/snoop output,
331 * given the exclusion and inclusion lists.
333 static BOOL check_from_module( const WCHAR **includelist, const WCHAR **excludelist, const WCHAR *module )
335 static const WCHAR dllW[] = {'.','d','l','l',0 };
336 const WCHAR **listitem;
339 if (!module) return TRUE;
340 if (!includelist && !excludelist) return TRUE;
344 listitem = excludelist;
349 listitem = includelist;
351 for(; *listitem; listitem++)
355 if (!strcmpiW( *listitem, module )) return !show;
356 len = strlenW( *listitem );
357 if (!strncmpiW( *listitem, module, len ) && !strcmpiW( module + len, dllW ))
363 /***********************************************************************
366 * Find the name of an exported function.
368 static const char *find_exported_name( HMODULE module,
369 IMAGE_EXPORT_DIRECTORY *exp, int ordinal )
372 const char *ret = NULL;
374 WORD *ordptr = (WORD *)((char *)module + exp->AddressOfNameOrdinals);
375 for (i = 0; i < exp->NumberOfNames; i++, ordptr++)
376 if (*ordptr + exp->Base == ordinal) break;
377 if (i < exp->NumberOfNames)
378 ret = (char *)module + ((DWORD*)((char *)module + exp->AddressOfNames))[i];
383 /***********************************************************************
386 * Get the name of the DLL entry point corresponding to a relay address.
388 static void get_entry_point( char *buffer, DEBUG_ENTRY_POINT *relay )
390 IMAGE_EXPORT_DIRECTORY *exp = NULL;
391 DEBUG_ENTRY_POINT *debug;
395 PLIST_ENTRY mark, entry;
396 PLDR_MODULE mod = NULL;
399 /* First find the module */
401 mark = &NtCurrentTeb()->Peb->LdrData->InLoadOrderModuleList;
402 for (entry = mark->Flink; entry != mark; entry = entry->Flink)
404 mod = CONTAINING_RECORD(entry, LDR_MODULE, InLoadOrderModuleList);
405 if (!(mod->Flags & LDR_WINE_INTERNAL)) continue;
406 exp = RtlImageDirectoryEntryToData( mod->BaseAddress, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
408 debug = (DEBUG_ENTRY_POINT *)((char *)exp + size);
409 if (debug <= relay && relay < debug + exp->NumberOfFunctions)
411 ordinal = relay - debug;
416 /* Now find the function */
418 strcpy( buffer, (char *)mod->BaseAddress + exp->Name );
419 p = buffer + strlen(buffer);
420 if (p > buffer + 4 && !strcasecmp( p - 4, ".dll" )) p -= 4;
422 if ((name = find_exported_name( mod->BaseAddress, exp, ordinal + exp->Base )))
423 sprintf( p, ".%s", name );
425 sprintf( p, ".%ld", ordinal + exp->Base );
429 /***********************************************************************
432 static inline void RELAY_PrintArgs( int *args, int nb_args, unsigned int typemask )
436 if ((typemask & 3) && HIWORD(*args))
439 DPRINTF( "%08x %s", *args, debugstr_w((LPWSTR)*args) );
441 DPRINTF( "%08x %s", *args, debugstr_a((LPCSTR)*args) );
443 else DPRINTF( "%08x", *args );
444 if (nb_args) DPRINTF( "," );
450 extern LONGLONG call_entry_point( void *func, int nb_args, const int *args );
451 __ASM_GLOBAL_FUNC( call_entry_point,
456 "\tmovl 12(%ebp),%edx\n"
461 "\tmovl 12(%ebp),%ecx\n"
462 "\tmovl 16(%ebp),%esi\n"
466 "1:\tcall *8(%ebp)\n"
467 "\tleal -8(%ebp),%esp\n"
474 /***********************************************************************
477 * Stack layout on entry to this function:
482 * (esp) return addr to relay code
484 static LONGLONG RELAY_CallFrom32( int ret_addr, ... )
489 int *args = &ret_addr + 1;
490 /* Relay addr is the return address for this function */
491 BYTE *relay_addr = (BYTE *)__builtin_return_address(0);
492 DEBUG_ENTRY_POINT *relay = (DEBUG_ENTRY_POINT *)(relay_addr - 5);
493 WORD nb_args = relay->args / sizeof(int);
497 get_entry_point( buffer, relay );
499 DPRINTF( "%04lx:Call %s(", GetCurrentThreadId(), buffer );
500 RELAY_PrintArgs( args, nb_args, relay->argtypes );
501 DPRINTF( ") ret=%08x\n", ret_addr );
504 ret = call_entry_point( relay->orig, nb_args, args );
508 BOOL ret64 = (relay->argtypes & 0x80000000) && (nb_args < 16);
510 DPRINTF( "%04lx:Ret %s() retval=%08x%08x ret=%08x\n",
511 GetCurrentThreadId(),
512 buffer, (UINT)(ret >> 32), (UINT)ret, ret_addr );
514 DPRINTF( "%04lx:Ret %s() retval=%08x ret=%08x\n",
515 GetCurrentThreadId(),
516 buffer, (UINT)ret, ret_addr );
522 /***********************************************************************
523 * RELAY_CallFrom32Regs
525 * Stack layout (esp is context->Esp, not the current %esp):
529 * (esp) return addr to caller
530 * (esp-4) return addr to DEBUG_ENTRY_POINT
532 * (esp-12) ptr to relay entry code for RELAY_CallFrom32Regs
533 * ... >128 bytes space free to be modified (ensured by the assembly glue)
535 void WINAPI __regs_RELAY_CallFrom32Regs( CONTEXT86 *context )
542 BYTE *relay_addr = *((BYTE **)context->Esp - 1);
543 DEBUG_ENTRY_POINT *relay = (DEBUG_ENTRY_POINT *)(relay_addr - 5);
544 WORD nb_args = relay->args / sizeof(int);
546 /* remove extra stuff from the stack */
547 context->Eip = *(DWORD *)context->Esp;
548 context->Esp += sizeof(DWORD);
549 args = (int *)context->Esp;
550 if (relay->ret == 0xc2) /* stdcall */
551 context->Esp += nb_args * sizeof(int);
553 entry_point = (BYTE *)relay->orig;
554 assert( entry_point[0] == 0x50 /* pushl %eax */ );
555 assert( entry_point[1] == 0xe8 /* call */ );
559 get_entry_point( buffer, relay );
561 DPRINTF( "%04lx:Call %s(", GetCurrentThreadId(), buffer );
562 RELAY_PrintArgs( args, nb_args, relay->argtypes );
563 DPRINTF( ") ret=%08lx fs=%04lx\n", context->Eip, context->SegFs );
565 DPRINTF(" eax=%08lx ebx=%08lx ecx=%08lx edx=%08lx esi=%08lx edi=%08lx\n",
566 context->Eax, context->Ebx, context->Ecx,
567 context->Edx, context->Esi, context->Edi );
568 DPRINTF(" ebp=%08lx esp=%08lx ds=%04lx es=%04lx gs=%04lx flags=%08lx\n",
569 context->Ebp, context->Esp, context->SegDs,
570 context->SegEs, context->SegGs, context->EFlags );
573 /* Now call the real function */
575 memcpy( args_copy, args, nb_args * sizeof(args[0]) );
576 args_copy[nb_args] = (int)context; /* append context argument */
578 call_entry_point( (entry_point + 6 + *(DWORD *)(entry_point + 6)), nb_args+1, args_copy );
582 DPRINTF( "%04lx:Ret %s() retval=%08lx ret=%08lx fs=%04lx\n",
583 GetCurrentThreadId(),
584 buffer, context->Eax, context->Eip, context->SegFs );
586 DPRINTF(" eax=%08lx ebx=%08lx ecx=%08lx edx=%08lx esi=%08lx edi=%08lx\n",
587 context->Eax, context->Ebx, context->Ecx,
588 context->Edx, context->Esi, context->Edi );
589 DPRINTF(" ebp=%08lx esp=%08lx ds=%04lx es=%04lx gs=%04lx flags=%08lx\n",
590 context->Ebp, context->Esp, context->SegDs,
591 context->SegEs, context->SegGs, context->EFlags );
595 void WINAPI RELAY_CallFrom32Regs(void);
596 DEFINE_REGS_ENTRYPOINT( RELAY_CallFrom32Regs, 0, 0 );
598 /* check whether the function at addr starts with a call to __wine_call_from_32_regs */
599 static BOOL is_register_entry_point( const BYTE *addr )
601 extern void __wine_call_from_32_regs();
605 if (addr[0] != 0x50) return FALSE; /* pushl %eax */
606 if (addr[1] != 0xe8) return FALSE; /* call */
607 /* check if call target is __wine_call_from_32_regs */
608 offset = (const int *)(addr + 2);
609 if (*offset == (const char *)__wine_call_from_32_regs - (const char *)(offset + 1)) return TRUE;
610 /* now check if call target is an import table jump to __wine_call_from_32_regs */
611 addr = (const BYTE *)(offset + 1) + *offset;
613 /* Note: the following checks depend on the asm code generated by winebuild */
615 if (addr[0] == 0xff && addr[1] == 0x25) /* indirect jmp */
617 ptr = *(const void * const*)(addr + 2); /* get indirect jmp target address */
619 else /* check for import thunk */
621 if (addr[0] != 0xe8) return FALSE; /* call get_pc_thunk */
622 if (addr[5] != 0xff || addr[6] != 0xa0) return FALSE; /* jmp *offset(%eax) */
623 ptr = addr + 5 + *(const int *)(addr + 7);
625 return (*(const char * const*)ptr == (char *)__wine_call_from_32_regs);
629 /***********************************************************************
630 * RELAY_GetProcAddress
632 * Return the proc address to use for a given function.
634 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
635 DWORD exp_size, FARPROC proc, const WCHAR *user )
637 const DEBUG_ENTRY_POINT *debug = (DEBUG_ENTRY_POINT *)proc;
638 const DEBUG_ENTRY_POINT *list = (const DEBUG_ENTRY_POINT *)((const char *)exports + exp_size);
640 if (debug < list || debug >= list + exports->NumberOfFunctions) return proc;
641 if (list + (debug - list) != debug) return proc; /* not a valid address */
642 if (check_from_module( debug_from_relay_includelist, debug_from_relay_excludelist, user ))
643 return proc; /* we want to relay it */
644 if (!debug->call) return proc; /* not a normal function */
645 if (debug->call != 0xe8 && debug->call != 0xe9) return proc; /* not a debug thunk at all */
650 /***********************************************************************
653 * Setup relay debugging for a built-in dll.
655 void RELAY_SetupDLL( HMODULE module )
657 IMAGE_EXPORT_DIRECTORY *exports;
658 DEBUG_ENTRY_POINT *debug;
662 char *p, dllname[80];
665 if (!init_done) init_debug_lists();
667 exports = RtlImageDirectoryEntryToData( module, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
668 if (!exports) return;
669 debug = (DEBUG_ENTRY_POINT *)((char *)exports + size);
670 funcs = (DWORD *)((char *)module + exports->AddressOfFunctions);
671 strcpy( dllname, (char *)module + exports->Name );
672 p = dllname + strlen(dllname) - 4;
673 if (p > dllname && !strcasecmp( p, ".dll" )) *p = 0;
675 for (i = 0; i < exports->NumberOfFunctions; i++, funcs++, debug++)
679 if (!debug->call) continue; /* not a normal function */
680 if (debug->call != 0xe8 && debug->call != 0xe9) break; /* not a debug thunk at all */
682 name = find_exported_name( module, exports, i + exports->Base );
683 on = check_relay_include( dllname, i + exports->Base, name );
687 debug->call = 0xe8; /* call relative */
688 if (is_register_entry_point( debug->orig ))
689 debug->callfrom32 = (char *)RELAY_CallFrom32Regs - (char *)&debug->ret;
691 debug->callfrom32 = (char *)RELAY_CallFrom32 - (char *)&debug->ret;
695 debug->call = 0xe9; /* jmp relative */
696 debug->callfrom32 = (char *)debug->orig - (char *)&debug->ret;
698 *funcs = (char *)debug - (char *)module;
703 /***********************************************************************
704 * SNOOP_ShowDebugmsgSnoop
706 * Simple function to decide if a particular debugging message is
709 static BOOL SNOOP_ShowDebugmsgSnoop(const char *module, int ordinal, const char *func)
711 if (debug_snoop_excludelist && check_list( module, ordinal, func, debug_snoop_excludelist ))
713 if (debug_snoop_includelist && !check_list( module, ordinal, func, debug_snoop_includelist ))
719 /***********************************************************************
722 * Setup snoop debugging for a native dll.
724 void SNOOP_SetupDLL(HMODULE hmod)
726 SNOOP_DLL **dll = &firstdll;
730 IMAGE_EXPORT_DIRECTORY *exports;
732 if (!init_done) init_debug_lists();
734 exports = RtlImageDirectoryEntryToData( hmod, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
735 if (!exports) return;
736 name = (char *)hmod + exports->Name;
738 TRACE_(snoop)("hmod=%p, name=%s\n", hmod, name);
741 if ((*dll)->hmod == hmod)
743 /* another dll, loaded at the same address */
745 size = (*dll)->nrofordinals * sizeof(SNOOP_FUN);
746 NtFreeVirtualMemory(NtCurrentProcess(), &addr, &size, MEM_RELEASE);
749 dll = &((*dll)->next);
752 *dll = RtlReAllocateHeap(GetProcessHeap(),
753 HEAP_ZERO_MEMORY, *dll,
754 sizeof(SNOOP_DLL) + strlen(name));
756 *dll = RtlAllocateHeap(GetProcessHeap(),
758 sizeof(SNOOP_DLL) + strlen(name));
760 (*dll)->ordbase = exports->Base;
761 (*dll)->nrofordinals = exports->NumberOfFunctions;
762 strcpy( (*dll)->name, name );
763 p = (*dll)->name + strlen((*dll)->name) - 4;
764 if (p > (*dll)->name && !strcasecmp( p, ".dll" )) *p = 0;
766 size = exports->NumberOfFunctions * sizeof(SNOOP_FUN);
768 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
769 MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
771 RtlFreeHeap(GetProcessHeap(),0,*dll);
772 FIXME("out of memory\n");
776 memset((*dll)->funs,0,size);
780 /***********************************************************************
781 * SNOOP_GetProcAddress
783 * Return the proc address to use for a given function.
785 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports,
786 DWORD exp_size, FARPROC origfun, DWORD ordinal,
791 const WORD *ordinals;
793 SNOOP_DLL *dll = firstdll;
795 const IMAGE_SECTION_HEADER *sec;
797 if (!TRACE_ON(snoop)) return origfun;
798 if (!check_from_module( debug_from_snoop_includelist, debug_from_snoop_excludelist, user ))
799 return origfun; /* the calling module was explicitly excluded */
801 if (!*(LPBYTE)origfun) /* 0x00 is an imposs. opcode, poss. dataref. */
804 sec = RtlImageRvaToSection( RtlImageNtHeader(hmod), hmod, (char *)origfun - (char *)hmod );
806 if (!sec || !(sec->Characteristics & IMAGE_SCN_CNT_CODE))
807 return origfun; /* most likely a data reference */
810 if (hmod == dll->hmod)
814 if (!dll) /* probably internal */
817 /* try to find a name for it */
819 names = (const DWORD *)((const char *)hmod + exports->AddressOfNames);
820 ordinals = (const WORD *)((const char *)hmod + exports->AddressOfNameOrdinals);
821 if (names) for (i = 0; i < exports->NumberOfNames; i++)
823 if (ordinals[i] == ordinal)
825 ename = (const char *)hmod + names[i];
829 if (!SNOOP_ShowDebugmsgSnoop(dll->name,ordinal,ename))
831 assert(ordinal < dll->nrofordinals);
832 fun = dll->funs + ordinal;
837 /* NOTE: origreturn struct member MUST come directly after snoopentry */
838 fun->snoopentry = (char*)SNOOP_Entry-((char*)(&fun->nrofargs));
839 fun->origfun = origfun;
842 return (FARPROC)&(fun->lcall);
845 static void SNOOP_PrintArg(DWORD x)
850 if (!HIWORD(x) || TRACE_ON(seh)) return; /* trivial reject to avoid faults */
857 if (s[i]<0x20) {nostring=1;break;}
858 if (s[i]>=0x80) {nostring=1;break;}
861 if (!nostring && i > 5)
862 DPRINTF(" %s",debugstr_an((LPSTR)x,i));
863 else /* try unicode */
869 if (s[i]<0x20) {nostring=1;break;}
870 if (s[i]>0x100) {nostring=1;break;}
873 if (!nostring && i > 5) DPRINTF(" %s",debugstr_wn((LPWSTR)x,i));
882 #define CALLER1REF (*(DWORD*)context->Esp)
884 void WINAPI __regs_SNOOP_Entry( CONTEXT86 *context )
886 DWORD ordinal=0,entry = context->Eip - 5;
887 SNOOP_DLL *dll = firstdll;
888 SNOOP_FUN *fun = NULL;
889 SNOOP_RETURNENTRIES **rets = &firstrets;
890 SNOOP_RETURNENTRY *ret;
894 if ( ((char*)entry>=(char*)dll->funs) &&
895 ((char*)entry<=(char*)(dll->funs+dll->nrofordinals))
897 fun = (SNOOP_FUN*)entry;
898 ordinal = fun-dll->funs;
904 FIXME("entrypoint 0x%08lx not found\n",entry);
907 /* guess cdecl ... */
908 if (fun->nrofargs<0) {
909 /* Typical cdecl return frame is:
911 * which has (for xxxxxxxx up to 255 the opcode "83 C4 xx".
912 * (after that 81 C2 xx xx xx xx)
914 LPBYTE reteip = (LPBYTE)CALLER1REF;
917 if ((reteip[0]==0x83)&&(reteip[1]==0xc4))
918 fun->nrofargs=reteip[2]/4;
924 for (i=0;i<sizeof((*rets)->entry)/sizeof((*rets)->entry[0]);i++)
925 if (!(*rets)->entry[i].origreturn)
927 if (i!=sizeof((*rets)->entry)/sizeof((*rets)->entry[0]))
929 rets = &((*rets)->next);
935 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
936 MEM_COMMIT | MEM_RESERVE,
937 PAGE_EXECUTE_READWRITE);
940 memset(*rets,0,4096);
941 i = 0; /* entry 0 is free */
943 ret = &((*rets)->entry[i]);
945 /* NOTE: origreturn struct member MUST come directly after snoopret */
946 ret->snoopret = ((char*)SNOOP_Return)-(char*)(&ret->origreturn);
947 ret->origreturn = (FARPROC)CALLER1REF;
948 CALLER1REF = (DWORD)&ret->lcall;
951 ret->ordinal = ordinal;
952 ret->origESP = context->Esp;
954 context->Eip = (DWORD)fun->origfun;
956 if (fun->name) DPRINTF("%04lx:CALL %s.%s(",GetCurrentThreadId(),dll->name,fun->name);
957 else DPRINTF("%04lx:CALL %s.%ld(",GetCurrentThreadId(),dll->name,dll->ordbase+ordinal);
958 if (fun->nrofargs>0) {
959 max = fun->nrofargs; if (max>16) max=16;
962 SNOOP_PrintArg(*(DWORD*)(context->Esp + 4 + sizeof(DWORD)*i));
963 if (i<fun->nrofargs-1) DPRINTF(",");
965 if (max!=fun->nrofargs)
967 } else if (fun->nrofargs<0) {
968 DPRINTF("<unknown, check return>");
969 ret->args = RtlAllocateHeap(GetProcessHeap(),
971 memcpy(ret->args,(LPBYTE)(context->Esp + 4),sizeof(DWORD)*16);
973 DPRINTF(") ret=%08lx\n",(DWORD)ret->origreturn);
977 void WINAPI __regs_SNOOP_Return( CONTEXT86 *context )
979 SNOOP_RETURNENTRY *ret = (SNOOP_RETURNENTRY*)(context->Eip - 5);
980 SNOOP_FUN *fun = &ret->dll->funs[ret->ordinal];
982 /* We haven't found out the nrofargs yet. If we called a cdecl
983 * function it is too late anyway and we can just set '0' (which
984 * will be the difference between orig and current ESP
985 * If stdcall -> everything ok.
987 if (ret->dll->funs[ret->ordinal].nrofargs<0)
988 ret->dll->funs[ret->ordinal].nrofargs=(context->Esp - ret->origESP-4)/4;
989 context->Eip = (DWORD)ret->origreturn;
994 DPRINTF("%04lx:RET %s.%s(", GetCurrentThreadId(), ret->dll->name, fun->name);
996 DPRINTF("%04lx:RET %s.%ld(", GetCurrentThreadId(),
997 ret->dll->name,ret->dll->ordbase+ret->ordinal);
1004 SNOOP_PrintArg(ret->args[i]);
1005 if (i<max-1) DPRINTF(",");
1007 DPRINTF(") retval=%08lx ret=%08lx\n",
1008 context->Eax,(DWORD)ret->origreturn );
1009 RtlFreeHeap(GetProcessHeap(),0,ret->args);
1015 DPRINTF("%04lx:RET %s.%s() retval=%08lx ret=%08lx\n",
1016 GetCurrentThreadId(),
1017 ret->dll->name, fun->name, context->Eax, (DWORD)ret->origreturn);
1019 DPRINTF("%04lx:RET %s.%ld() retval=%08lx ret=%08lx\n",
1020 GetCurrentThreadId(),
1021 ret->dll->name,ret->dll->ordbase+ret->ordinal,
1022 context->Eax, (DWORD)ret->origreturn);
1024 ret->origreturn = NULL; /* mark as empty */
1027 /* assembly wrappers that save the context */
1028 DEFINE_REGS_ENTRYPOINT( SNOOP_Entry, 0, 0 );
1029 DEFINE_REGS_ENTRYPOINT( SNOOP_Return, 0, 0 );
1031 #else /* __i386__ */
1033 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
1034 DWORD exp_size, FARPROC proc, const WCHAR *user )
1039 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports, DWORD exp_size,
1040 FARPROC origfun, DWORD ordinal, const WCHAR *user )
1045 void RELAY_SetupDLL( HMODULE module )
1049 void SNOOP_SetupDLL( HMODULE hmod )
1051 FIXME("snooping works only on i386 for now.\n");
1054 #endif /* __i386__ */
projects / wine / blob