2 * Win32 relay and snoop functions
4 * Copyright 1997 Alexandre Julliard
5 * Copyright 1998 Marcus Meissner
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
23 #include "wine/port.h"
31 #define WIN32_NO_STATUS
34 #include "wine/exception.h"
35 #include "ntdll_misc.h"
36 #include "wine/unicode.h"
37 #include "wine/debug.h"
39 WINE_DEFAULT_DEBUG_CHANNEL(relay);
41 #if defined(__i386__) || defined(__x86_64__)
43 struct relay_descr /* descriptor for a module */
45 void *magic; /* signature */
46 void *relay_call; /* functions to call from relay thunks */
47 void *relay_call_regs;
48 void *private; /* reserved for the relay code private data */
49 const char *entry_point_base; /* base address of entry point thunks */
50 const unsigned int *entry_point_offsets; /* offsets of entry points thunks */
51 const unsigned int *arg_types; /* table of argument types for all entry points */
54 #define RELAY_DESCR_MAGIC ((void *)0xdeb90001)
56 /* private data built at dll load time */
58 struct relay_entry_point
60 void *orig_func; /* original entry point function */
61 const char *name; /* function name (if any) */
64 struct relay_private_data
66 HMODULE module; /* module handle of this dll */
67 unsigned int base; /* ordinal base */
68 char dllname[40]; /* dll name (without .dll extension) */
69 struct relay_entry_point entry_points[1]; /* list of dll entry points */
72 static const WCHAR **debug_relay_excludelist;
73 static const WCHAR **debug_relay_includelist;
74 static const WCHAR **debug_snoop_excludelist;
75 static const WCHAR **debug_snoop_includelist;
76 static const WCHAR **debug_from_relay_excludelist;
77 static const WCHAR **debug_from_relay_includelist;
78 static const WCHAR **debug_from_snoop_excludelist;
79 static const WCHAR **debug_from_snoop_includelist;
81 static BOOL init_done;
83 /* compare an ASCII and a Unicode string without depending on the current codepage */
84 static inline int strcmpAW( const char *strA, const WCHAR *strW )
86 while (*strA && ((unsigned char)*strA == *strW)) { strA++; strW++; }
87 return (unsigned char)*strA - *strW;
90 /* compare an ASCII and a Unicode string without depending on the current codepage */
91 static inline int strncmpiAW( const char *strA, const WCHAR *strW, int n )
94 for ( ; n > 0; n--, strA++, strW++)
95 if ((ret = toupperW((unsigned char)*strA) - toupperW(*strW)) || !*strA) break;
99 /***********************************************************************
102 * Build a function list from a ';'-separated string.
104 static const WCHAR **build_list( const WCHAR *buffer )
107 const WCHAR *p = buffer;
110 while ((p = strchrW( p, ';' )))
115 /* allocate count+1 pointers, plus the space for a copy of the string */
116 if ((ret = RtlAllocateHeap( GetProcessHeap(), 0,
117 (count+1) * sizeof(WCHAR*) + (strlenW(buffer)+1) * sizeof(WCHAR) )))
119 WCHAR *str = (WCHAR *)(ret + count + 1);
122 strcpyW( str, buffer );
127 if (!(p = strchrW( p, ';' ))) break;
135 /***********************************************************************
138 * Load a function list from a registry value.
140 static const WCHAR **load_list( HKEY hkey, const WCHAR *value )
142 char initial_buffer[4096];
143 char *buffer = initial_buffer;
147 const WCHAR **list = NULL;
149 RtlInitUnicodeString( &name, value );
150 status = NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count );
151 if (status == STATUS_BUFFER_OVERFLOW)
153 buffer = RtlAllocateHeap( GetProcessHeap(), 0, count );
154 status = NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, count, &count );
156 if (status == STATUS_SUCCESS)
158 WCHAR *str = (WCHAR *)((KEY_VALUE_PARTIAL_INFORMATION *)buffer)->Data;
159 list = build_list( str );
160 if (list) TRACE( "%s = %s\n", debugstr_w(value), debugstr_w(str) );
163 if (buffer != initial_buffer) RtlFreeHeap( GetProcessHeap(), 0, buffer );
167 /***********************************************************************
170 * Build the relay include/exclude function lists.
172 static void init_debug_lists(void)
174 OBJECT_ATTRIBUTES attr;
177 static const WCHAR configW[] = {'S','o','f','t','w','a','r','e','\\',
178 'W','i','n','e','\\',
179 'D','e','b','u','g',0};
180 static const WCHAR RelayIncludeW[] = {'R','e','l','a','y','I','n','c','l','u','d','e',0};
181 static const WCHAR RelayExcludeW[] = {'R','e','l','a','y','E','x','c','l','u','d','e',0};
182 static const WCHAR SnoopIncludeW[] = {'S','n','o','o','p','I','n','c','l','u','d','e',0};
183 static const WCHAR SnoopExcludeW[] = {'S','n','o','o','p','E','x','c','l','u','d','e',0};
184 static const WCHAR RelayFromIncludeW[] = {'R','e','l','a','y','F','r','o','m','I','n','c','l','u','d','e',0};
185 static const WCHAR RelayFromExcludeW[] = {'R','e','l','a','y','F','r','o','m','E','x','c','l','u','d','e',0};
186 static const WCHAR SnoopFromIncludeW[] = {'S','n','o','o','p','F','r','o','m','I','n','c','l','u','d','e',0};
187 static const WCHAR SnoopFromExcludeW[] = {'S','n','o','o','p','F','r','o','m','E','x','c','l','u','d','e',0};
189 if (init_done) return;
192 RtlOpenCurrentUser( KEY_ALL_ACCESS, &root );
193 attr.Length = sizeof(attr);
194 attr.RootDirectory = root;
195 attr.ObjectName = &name;
197 attr.SecurityDescriptor = NULL;
198 attr.SecurityQualityOfService = NULL;
199 RtlInitUnicodeString( &name, configW );
201 /* @@ Wine registry key: HKCU\Software\Wine\Debug */
202 if (NtOpenKey( &hkey, KEY_ALL_ACCESS, &attr )) hkey = 0;
206 debug_relay_includelist = load_list( hkey, RelayIncludeW );
207 debug_relay_excludelist = load_list( hkey, RelayExcludeW );
208 debug_snoop_includelist = load_list( hkey, SnoopIncludeW );
209 debug_snoop_excludelist = load_list( hkey, SnoopExcludeW );
210 debug_from_relay_includelist = load_list( hkey, RelayFromIncludeW );
211 debug_from_relay_excludelist = load_list( hkey, RelayFromExcludeW );
212 debug_from_snoop_includelist = load_list( hkey, SnoopFromIncludeW );
213 debug_from_snoop_excludelist = load_list( hkey, SnoopFromExcludeW );
219 /***********************************************************************
222 * Check if a given module and function is in the list.
224 static BOOL check_list( const char *module, int ordinal, const char *func, const WCHAR *const *list )
228 sprintf( ord_str, "%d", ordinal );
231 const WCHAR *p = strrchrW( *list, '.' );
232 if (p && p > *list) /* check module and function */
235 if (strncmpiAW( module, *list, len-1 ) || module[len]) continue;
236 if (p[1] == '*' && !p[2]) return TRUE;
237 if (!strcmpAW( ord_str, p + 1 )) return TRUE;
238 if (func && !strcmpAW( func, p + 1 )) return TRUE;
240 else /* function only */
242 if (func && !strcmpAW( func, *list )) return TRUE;
249 /***********************************************************************
250 * check_relay_include
252 * Check if a given function must be included in the relay output.
254 static BOOL check_relay_include( const char *module, int ordinal, const char *func )
256 if (debug_relay_excludelist && check_list( module, ordinal, func, debug_relay_excludelist ))
258 if (debug_relay_includelist && !check_list( module, ordinal, func, debug_relay_includelist ))
263 /***********************************************************************
266 * Check if calls from a given module must be included in the relay/snoop output,
267 * given the exclusion and inclusion lists.
269 static BOOL check_from_module( const WCHAR **includelist, const WCHAR **excludelist, const WCHAR *module )
271 static const WCHAR dllW[] = {'.','d','l','l',0 };
272 const WCHAR **listitem;
275 if (!module) return TRUE;
276 if (!includelist && !excludelist) return TRUE;
280 listitem = excludelist;
285 listitem = includelist;
287 for(; *listitem; listitem++)
291 if (!strcmpiW( *listitem, module )) return !show;
292 len = strlenW( *listitem );
293 if (!strncmpiW( *listitem, module, len ) && !strcmpiW( module + len, dllW ))
299 /***********************************************************************
302 static inline void RELAY_PrintArgs( const INT_PTR *args, int nb_args, unsigned int typemask )
306 if ((typemask & 3) && HIWORD(*args))
309 DPRINTF( "%08lx %s", *args, debugstr_w((LPCWSTR)*args) );
311 DPRINTF( "%08lx %s", *args, debugstr_a((LPCSTR)*args) );
313 else DPRINTF( "%08lx", *args );
314 if (nb_args) DPRINTF( "," );
320 extern LONGLONG CDECL call_entry_point( void *func, int nb_args, const INT_PTR *args );
322 __ASM_GLOBAL_FUNC( call_entry_point,
324 __ASM_CFI(".cfi_adjust_cfa_offset 4\n\t")
325 __ASM_CFI(".cfi_rel_offset %ebp,0\n\t")
327 __ASM_CFI(".cfi_def_cfa_register %ebp\n\t")
329 __ASM_CFI(".cfi_rel_offset %esi,-4\n\t")
331 __ASM_CFI(".cfi_rel_offset %edi,-8\n\t")
332 "movl 12(%ebp),%edx\n\t"
337 "movl 12(%ebp),%ecx\n\t"
338 "movl 16(%ebp),%esi\n\t"
342 "1:\tcall *8(%ebp)\n\t"
343 "leal -8(%ebp),%esp\n\t"
345 __ASM_CFI(".cfi_same_value %edi\n\t")
347 __ASM_CFI(".cfi_same_value %esi\n\t")
349 __ASM_CFI(".cfi_def_cfa %esp,4\n\t")
350 __ASM_CFI(".cfi_same_value %ebp\n\t")
353 __ASM_GLOBAL_FUNC( call_entry_point,
355 ".cfi_adjust_cfa_offset 8\n\t"
356 ".cfi_rel_offset %rbp,0\n\t"
358 ".cfi_def_cfa_register %rbp\n\t"
360 ".cfi_rel_offset %rsi,-8\n\t"
362 ".cfi_rel_offset %rdi,-16\n\t"
366 "cmovgq %rdx,%rcx\n\t"
367 "leaq 0(,%rcx,8),%rdx\n\t"
373 "movq 0(%rsp),%rcx\n\t"
374 "movq 8(%rsp),%rdx\n\t"
375 "movq 16(%rsp),%r8\n\t"
376 "movq 24(%rsp),%r9\n\t"
378 "leaq -16(%rbp),%rsp\n\t"
380 ".cfi_same_value %rdi\n\t"
382 ".cfi_same_value %rsi\n\t"
383 ".cfi_def_cfa_register %rsp\n\t"
385 ".cfi_adjust_cfa_offset -8\n\t"
386 ".cfi_same_value %rbp\n\t"
391 /***********************************************************************
394 * stack points to the return address, i.e. the first argument is stack[1].
396 static LONGLONG WINAPI relay_call( struct relay_descr *descr, unsigned int idx, const INT_PTR *stack )
399 WORD ordinal = LOWORD(idx);
400 BYTE nb_args = LOBYTE(HIWORD(idx));
401 BYTE flags = HIBYTE(HIWORD(idx));
402 struct relay_private_data *data = descr->private;
403 struct relay_entry_point *entry_point = data->entry_points + ordinal;
405 if (!TRACE_ON(relay))
406 ret = call_entry_point( entry_point->orig_func, nb_args, stack + 1 );
409 if (entry_point->name)
410 DPRINTF( "%04x:Call %s.%s(", GetCurrentThreadId(), data->dllname, entry_point->name );
412 DPRINTF( "%04x:Call %s.%u(", GetCurrentThreadId(), data->dllname, data->base + ordinal );
413 RELAY_PrintArgs( stack + 1, nb_args, descr->arg_types[ordinal] );
414 DPRINTF( ") ret=%08lx\n", stack[0] );
416 ret = call_entry_point( entry_point->orig_func, nb_args, stack + 1 );
418 if (entry_point->name)
419 DPRINTF( "%04x:Ret %s.%s()", GetCurrentThreadId(), data->dllname, entry_point->name );
421 DPRINTF( "%04x:Ret %s.%u()", GetCurrentThreadId(), data->dllname, data->base + ordinal );
423 if (flags & 1) /* 64-bit return value */
424 DPRINTF( " retval=%08x%08x ret=%08lx\n",
425 (UINT)(ret >> 32), (UINT)ret, stack[0] );
427 DPRINTF( " retval=%08lx ret=%08lx\n", (UINT_PTR)ret, stack[0] );
433 /***********************************************************************
437 void WINAPI __regs_relay_call_regs( struct relay_descr *descr, unsigned int idx,
438 unsigned int orig_eax, unsigned int ret_addr,
441 WORD ordinal = LOWORD(idx);
442 BYTE nb_args = LOBYTE(HIWORD(idx));
443 struct relay_private_data *data = descr->private;
444 struct relay_entry_point *entry_point = data->entry_points + ordinal;
445 BYTE *orig_func = entry_point->orig_func;
446 INT_PTR *args = (INT_PTR *)context->Esp;
447 INT_PTR args_copy[32];
449 /* restore the context to what it was before the relay thunk */
450 context->Eax = orig_eax;
451 context->Eip = ret_addr;
452 context->Esp += nb_args * sizeof(int);
456 if (entry_point->name)
457 DPRINTF( "%04x:Call %s.%s(", GetCurrentThreadId(), data->dllname, entry_point->name );
459 DPRINTF( "%04x:Call %s.%u(", GetCurrentThreadId(), data->dllname, data->base + ordinal );
460 RELAY_PrintArgs( args, nb_args, descr->arg_types[ordinal] );
461 DPRINTF( ") ret=%08x\n", ret_addr );
463 DPRINTF( "%04x: eax=%08x ebx=%08x ecx=%08x edx=%08x esi=%08x edi=%08x "
464 "ebp=%08x esp=%08x ds=%04x es=%04x fs=%04x gs=%04x flags=%08x\n",
465 GetCurrentThreadId(), context->Eax, context->Ebx, context->Ecx,
466 context->Edx, context->Esi, context->Edi, context->Ebp, context->Esp,
467 context->SegDs, context->SegEs, context->SegFs, context->SegGs, context->EFlags );
469 assert( orig_func[0] == 0x68 /* pushl func */ );
470 assert( orig_func[5] == 0x6a /* pushl args */ );
471 assert( orig_func[7] == 0xe8 /* call */ );
474 /* now call the real function */
476 memcpy( args_copy, args, nb_args * sizeof(args[0]) );
477 args_copy[nb_args++] = (INT_PTR)context; /* append context argument */
479 call_entry_point( orig_func + 12 + *(int *)(orig_func + 1), nb_args, args_copy );
484 if (entry_point->name)
485 DPRINTF( "%04x:Ret %s.%s() retval=%08x ret=%08x\n",
486 GetCurrentThreadId(), data->dllname, entry_point->name,
487 context->Eax, context->Eip );
489 DPRINTF( "%04x:Ret %s.%u() retval=%08x ret=%08x\n",
490 GetCurrentThreadId(), data->dllname, data->base + ordinal,
491 context->Eax, context->Eip );
492 DPRINTF( "%04x: eax=%08x ebx=%08x ecx=%08x edx=%08x esi=%08x edi=%08x "
493 "ebp=%08x esp=%08x ds=%04x es=%04x fs=%04x gs=%04x flags=%08x\n",
494 GetCurrentThreadId(), context->Eax, context->Ebx, context->Ecx,
495 context->Edx, context->Esi, context->Edi, context->Ebp, context->Esp,
496 context->SegDs, context->SegEs, context->SegFs, context->SegGs, context->EFlags );
499 extern void WINAPI relay_call_regs(void);
500 DEFINE_REGS_ENTRYPOINT( relay_call_regs, 4 )
504 void WINAPI __regs_relay_call_regs( struct relay_descr *descr, INT_PTR idx,
505 INT_PTR *stack, CONTEXT *context )
507 WORD ordinal = LOWORD(idx);
508 BYTE nb_args = LOBYTE(HIWORD(idx));
509 struct relay_private_data *data = descr->private;
510 struct relay_entry_point *entry_point = data->entry_points + ordinal;
511 BYTE *orig_func = entry_point->orig_func;
512 INT_PTR *args = stack + 1;
513 INT_PTR args_copy[32];
515 /* restore the context to what it was before the relay thunk */
516 context->Rip = stack[0];
517 context->Rsp = (INT_PTR)args;
521 if (entry_point->name)
522 DPRINTF( "%04x:Call %s.%s(", GetCurrentThreadId(), data->dllname, entry_point->name );
524 DPRINTF( "%04x:Call %s.%u(", GetCurrentThreadId(), data->dllname, data->base + ordinal );
525 RELAY_PrintArgs( args, nb_args, descr->arg_types[ordinal] );
526 DPRINTF( ") ret=%08lx\n", context->Rip );
528 DPRINTF( "%04x: rax=%016lx rbx=%016lx rcx=%016lx rdx=%016lx rsi=%016lx rdi=%016lx rbp=%016lx rsp=%016lx\n",
529 GetCurrentThreadId(), context->Rax, context->Rbx, context->Rcx, context->Rdx,
530 context->Rsi, context->Rdi, context->Rbp, context->Rsp );
531 DPRINTF( "%04x: r8=%016lx r9=%016lx r10=%016lx r11=%016lx r12=%016lx r13=%016lx r14=%016lx r15=%016lx\n",
532 GetCurrentThreadId(), context->R8, context->R9, context->R10, context->R11,
533 context->R12, context->R13, context->R14, context->R15 );
535 assert( orig_func[17] == 0x48 /* leaq */ );
536 assert( orig_func[18] == 0x8d );
537 assert( orig_func[19] == 0x15 );
538 assert( orig_func[24] == 0xe8 /* call */ );
541 /* now call the real function */
543 memcpy( args_copy, args, nb_args * sizeof(args[0]) );
544 args_copy[nb_args++] = (INT_PTR)context; /* append context argument */
546 call_entry_point( orig_func + 24 + *(int *)(orig_func + 20), nb_args, args_copy );
551 if (entry_point->name)
552 DPRINTF( "%04x:Ret %s.%s() retval=%08lx ret=%08lx\n",
553 GetCurrentThreadId(), data->dllname, entry_point->name,
554 context->Rax, context->Rip );
556 DPRINTF( "%04x:Ret %s.%u() retval=%08lx ret=%08lx\n",
557 GetCurrentThreadId(), data->dllname, data->base + ordinal,
558 context->Rax, context->Rip );
559 DPRINTF( "%04x: rax=%016lx rbx=%016lx rcx=%016lx rdx=%016lx rsi=%016lx rdi=%016lx rbp=%016lx rsp=%016lx\n",
560 GetCurrentThreadId(), context->Rax, context->Rbx, context->Rcx, context->Rdx,
561 context->Rsi, context->Rdi, context->Rbp, context->Rsp );
562 DPRINTF( "%04x: r8=%016lx r9=%016lx r10=%016lx r11=%016lx r12=%016lx r13=%016lx r14=%016lx r15=%016lx\n",
563 GetCurrentThreadId(), context->R8, context->R9, context->R10, context->R11,
564 context->R12, context->R13, context->R14, context->R15 );
567 extern void WINAPI relay_call_regs(void);
568 DEFINE_REGS_ENTRYPOINT( relay_call_regs, 3 )
570 #endif /* __i386__ */
573 /***********************************************************************
574 * RELAY_GetProcAddress
576 * Return the proc address to use for a given function.
578 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
579 DWORD exp_size, FARPROC proc, DWORD ordinal, const WCHAR *user )
581 struct relay_private_data *data;
582 const struct relay_descr *descr = (const struct relay_descr *)((const char *)exports + exp_size);
584 if (descr->magic != RELAY_DESCR_MAGIC || !(data = descr->private)) return proc; /* no relay data */
585 if (!data->entry_points[ordinal].orig_func) return proc; /* not a relayed function */
586 if (check_from_module( debug_from_relay_includelist, debug_from_relay_excludelist, user ))
587 return proc; /* we want to relay it */
588 return data->entry_points[ordinal].orig_func;
592 /***********************************************************************
595 * Setup relay debugging for a built-in dll.
597 void RELAY_SetupDLL( HMODULE module )
599 IMAGE_EXPORT_DIRECTORY *exports;
602 DWORD size, entry_point_rva;
603 struct relay_descr *descr;
604 struct relay_private_data *data;
607 if (!init_done) init_debug_lists();
609 exports = RtlImageDirectoryEntryToData( module, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
610 if (!exports) return;
612 descr = (struct relay_descr *)((char *)exports + size);
613 if (descr->magic != RELAY_DESCR_MAGIC) return;
615 if (!(data = RtlAllocateHeap( GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*data) +
616 (exports->NumberOfFunctions-1) * sizeof(data->entry_points) )))
619 descr->relay_call = relay_call;
620 descr->relay_call_regs = relay_call_regs;
621 descr->private = data;
623 data->module = module;
624 data->base = exports->Base;
625 len = strlen( (char *)module + exports->Name );
626 if (len > 4 && !strcasecmp( (char *)module + exports->Name + len - 4, ".dll" )) len -= 4;
627 len = min( len, sizeof(data->dllname) - 1 );
628 memcpy( data->dllname, (char *)module + exports->Name, len );
629 data->dllname[len] = 0;
631 /* fetch name pointer for all entry points and store them in the private structure */
633 ordptr = (const WORD *)((char *)module + exports->AddressOfNameOrdinals);
634 for (i = 0; i < exports->NumberOfNames; i++, ordptr++)
636 DWORD name_rva = ((DWORD*)((char *)module + exports->AddressOfNames))[i];
637 data->entry_points[*ordptr].name = (const char *)module + name_rva;
640 /* patch the functions in the export table to point to the relay thunks */
642 funcs = (DWORD *)((char *)module + exports->AddressOfFunctions);
643 entry_point_rva = descr->entry_point_base - (const char *)module;
644 for (i = 0; i < exports->NumberOfFunctions; i++, funcs++)
646 if (!descr->entry_point_offsets[i]) continue; /* not a normal function */
647 if (!check_relay_include( data->dllname, i + exports->Base, data->entry_points[i].name ))
648 continue; /* don't include this entry point */
650 data->entry_points[i].orig_func = (char *)module + *funcs;
651 *funcs = entry_point_rva + descr->entry_point_offsets[i];
655 #else /* __i386__ || __x86_64__ */
657 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
658 DWORD exp_size, FARPROC proc, DWORD ordinal, const WCHAR *user )
663 void RELAY_SetupDLL( HMODULE module )
667 #endif /* __i386__ || __x86_64__ */
670 /***********************************************************************/
672 /***********************************************************************/
676 WINE_DECLARE_DEBUG_CHANNEL(seh);
677 WINE_DECLARE_DEBUG_CHANNEL(snoop);
679 #include "pshpack1.h"
684 BYTE lcall; /* 0xe8 call snoopentry (relative) */
685 /* NOTE: If you move snoopentry OR nrofargs fix the relative offset
688 DWORD snoopentry; /* SNOOP_Entry relative */
695 typedef struct tagSNOOP_DLL {
700 struct tagSNOOP_DLL *next;
707 BYTE lcall; /* 0xe8 call snoopret relative*/
708 /* NOTE: If you move snoopret OR origreturn fix the relative offset
711 DWORD snoopret; /* SNOOP_Ret relative */
717 DWORD *args; /* saved args across a stdcall */
720 typedef struct tagSNOOP_RETURNENTRIES {
721 SNOOP_RETURNENTRY entry[4092/sizeof(SNOOP_RETURNENTRY)];
722 struct tagSNOOP_RETURNENTRIES *next;
723 } SNOOP_RETURNENTRIES;
727 extern void WINAPI SNOOP_Entry(void);
728 extern void WINAPI SNOOP_Return(void);
730 static SNOOP_DLL *firstdll;
731 static SNOOP_RETURNENTRIES *firstrets;
734 /***********************************************************************
735 * SNOOP_ShowDebugmsgSnoop
737 * Simple function to decide if a particular debugging message is
740 static BOOL SNOOP_ShowDebugmsgSnoop(const char *module, int ordinal, const char *func)
742 if (debug_snoop_excludelist && check_list( module, ordinal, func, debug_snoop_excludelist ))
744 if (debug_snoop_includelist && !check_list( module, ordinal, func, debug_snoop_includelist ))
750 /***********************************************************************
753 * Setup snoop debugging for a native dll.
755 void SNOOP_SetupDLL(HMODULE hmod)
757 SNOOP_DLL **dll = &firstdll;
762 IMAGE_EXPORT_DIRECTORY *exports;
764 if (!init_done) init_debug_lists();
766 exports = RtlImageDirectoryEntryToData( hmod, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size32 );
767 if (!exports || !exports->NumberOfFunctions) return;
768 name = (char *)hmod + exports->Name;
771 TRACE_(snoop)("hmod=%p, name=%s\n", hmod, name);
774 if ((*dll)->hmod == hmod)
776 /* another dll, loaded at the same address */
778 size = (*dll)->nrofordinals * sizeof(SNOOP_FUN);
779 NtFreeVirtualMemory(NtCurrentProcess(), &addr, &size, MEM_RELEASE);
782 dll = &((*dll)->next);
785 *dll = RtlReAllocateHeap(GetProcessHeap(),
786 HEAP_ZERO_MEMORY, *dll,
787 sizeof(SNOOP_DLL) + strlen(name));
789 *dll = RtlAllocateHeap(GetProcessHeap(),
791 sizeof(SNOOP_DLL) + strlen(name));
793 (*dll)->ordbase = exports->Base;
794 (*dll)->nrofordinals = exports->NumberOfFunctions;
795 strcpy( (*dll)->name, name );
796 p = (*dll)->name + strlen((*dll)->name) - 4;
797 if (p > (*dll)->name && !strcasecmp( p, ".dll" )) *p = 0;
799 size = exports->NumberOfFunctions * sizeof(SNOOP_FUN);
801 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
802 MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
804 RtlFreeHeap(GetProcessHeap(),0,*dll);
805 FIXME("out of memory\n");
809 memset((*dll)->funs,0,size);
813 /***********************************************************************
814 * SNOOP_GetProcAddress
816 * Return the proc address to use for a given function.
818 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports,
819 DWORD exp_size, FARPROC origfun, DWORD ordinal,
824 const WORD *ordinals;
826 SNOOP_DLL *dll = firstdll;
828 const IMAGE_SECTION_HEADER *sec;
830 if (!TRACE_ON(snoop)) return origfun;
831 if (!check_from_module( debug_from_snoop_includelist, debug_from_snoop_excludelist, user ))
832 return origfun; /* the calling module was explicitly excluded */
834 if (!*(LPBYTE)origfun) /* 0x00 is an impossible opcode, possible dataref. */
837 sec = RtlImageRvaToSection( RtlImageNtHeader(hmod), hmod, (char *)origfun - (char *)hmod );
839 if (!sec || !(sec->Characteristics & IMAGE_SCN_CNT_CODE))
840 return origfun; /* most likely a data reference */
843 if (hmod == dll->hmod)
847 if (!dll) /* probably internal */
850 /* try to find a name for it */
852 names = (const DWORD *)((const char *)hmod + exports->AddressOfNames);
853 ordinals = (const WORD *)((const char *)hmod + exports->AddressOfNameOrdinals);
854 if (names) for (i = 0; i < exports->NumberOfNames; i++)
856 if (ordinals[i] == ordinal)
858 ename = (const char *)hmod + names[i];
862 if (!SNOOP_ShowDebugmsgSnoop(dll->name,ordinal,ename))
864 assert(ordinal < dll->nrofordinals);
865 fun = dll->funs + ordinal;
870 /* NOTE: origreturn struct member MUST come directly after snoopentry */
871 fun->snoopentry = (char*)SNOOP_Entry-((char*)(&fun->nrofargs));
872 fun->origfun = origfun;
875 return (FARPROC)&(fun->lcall);
878 static void SNOOP_PrintArg(DWORD x)
883 if (!HIWORD(x) || TRACE_ON(seh)) return; /* trivial reject to avoid faults */
890 if (s[i]<0x20) {nostring=1;break;}
891 if (s[i]>=0x80) {nostring=1;break;}
894 if (!nostring && i > 5)
895 DPRINTF(" %s",debugstr_an((LPSTR)x,i));
896 else /* try unicode */
902 if (s[i]<0x20) {nostring=1;break;}
903 if (s[i]>0x100) {nostring=1;break;}
906 if (!nostring && i > 5) DPRINTF(" %s",debugstr_wn((LPWSTR)x,i));
915 #define CALLER1REF (*(DWORD*)context->Esp)
917 void WINAPI __regs_SNOOP_Entry( CONTEXT86 *context )
919 DWORD ordinal=0,entry = context->Eip - 5;
920 SNOOP_DLL *dll = firstdll;
921 SNOOP_FUN *fun = NULL;
922 SNOOP_RETURNENTRIES **rets = &firstrets;
923 SNOOP_RETURNENTRY *ret;
927 if ( ((char*)entry>=(char*)dll->funs) &&
928 ((char*)entry<=(char*)(dll->funs+dll->nrofordinals))
930 fun = (SNOOP_FUN*)entry;
931 ordinal = fun-dll->funs;
937 FIXME("entrypoint 0x%08x not found\n",entry);
940 /* guess cdecl ... */
941 if (fun->nrofargs<0) {
942 /* Typical cdecl return frame is:
944 * which has (for xxxxxxxx up to 255 the opcode "83 C4 xx".
945 * (after that 81 C2 xx xx xx xx)
947 LPBYTE reteip = (LPBYTE)CALLER1REF;
950 if ((reteip[0]==0x83)&&(reteip[1]==0xc4))
951 fun->nrofargs=reteip[2]/4;
957 for (i=0;i<sizeof((*rets)->entry)/sizeof((*rets)->entry[0]);i++)
958 if (!(*rets)->entry[i].origreturn)
960 if (i!=sizeof((*rets)->entry)/sizeof((*rets)->entry[0]))
962 rets = &((*rets)->next);
968 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
969 MEM_COMMIT | MEM_RESERVE,
970 PAGE_EXECUTE_READWRITE);
973 memset(*rets,0,4096);
974 i = 0; /* entry 0 is free */
976 ret = &((*rets)->entry[i]);
978 /* NOTE: origreturn struct member MUST come directly after snoopret */
979 ret->snoopret = ((char*)SNOOP_Return)-(char*)(&ret->origreturn);
980 ret->origreturn = (FARPROC)CALLER1REF;
981 CALLER1REF = (DWORD)&ret->lcall;
984 ret->ordinal = ordinal;
985 ret->origESP = context->Esp;
987 context->Eip = (DWORD)fun->origfun;
989 if (fun->name) DPRINTF("%04x:CALL %s.%s(",GetCurrentThreadId(),dll->name,fun->name);
990 else DPRINTF("%04x:CALL %s.%d(",GetCurrentThreadId(),dll->name,dll->ordbase+ordinal);
991 if (fun->nrofargs>0) {
992 max = fun->nrofargs; if (max>16) max=16;
995 SNOOP_PrintArg(*(DWORD*)(context->Esp + 4 + sizeof(DWORD)*i));
996 if (i<fun->nrofargs-1) DPRINTF(",");
998 if (max!=fun->nrofargs)
1000 } else if (fun->nrofargs<0) {
1001 DPRINTF("<unknown, check return>");
1002 ret->args = RtlAllocateHeap(GetProcessHeap(),
1003 0,16*sizeof(DWORD));
1004 memcpy(ret->args,(LPBYTE)(context->Esp + 4),sizeof(DWORD)*16);
1006 DPRINTF(") ret=%08x\n",(DWORD)ret->origreturn);
1010 void WINAPI __regs_SNOOP_Return( CONTEXT86 *context )
1012 SNOOP_RETURNENTRY *ret = (SNOOP_RETURNENTRY*)(context->Eip - 5);
1013 SNOOP_FUN *fun = &ret->dll->funs[ret->ordinal];
1015 /* We haven't found out the nrofargs yet. If we called a cdecl
1016 * function it is too late anyway and we can just set '0' (which
1017 * will be the difference between orig and current ESP
1018 * If stdcall -> everything ok.
1020 if (ret->dll->funs[ret->ordinal].nrofargs<0)
1021 ret->dll->funs[ret->ordinal].nrofargs=(context->Esp - ret->origESP-4)/4;
1022 context->Eip = (DWORD)ret->origreturn;
1027 DPRINTF("%04x:RET %s.%s(", GetCurrentThreadId(), ret->dll->name, fun->name);
1029 DPRINTF("%04x:RET %s.%d(", GetCurrentThreadId(),
1030 ret->dll->name,ret->dll->ordbase+ret->ordinal);
1032 max = fun->nrofargs;
1037 SNOOP_PrintArg(ret->args[i]);
1038 if (i<max-1) DPRINTF(",");
1040 DPRINTF(") retval=%08x ret=%08x\n",
1041 context->Eax,(DWORD)ret->origreturn );
1042 RtlFreeHeap(GetProcessHeap(),0,ret->args);
1048 DPRINTF("%04x:RET %s.%s() retval=%08x ret=%08x\n",
1049 GetCurrentThreadId(),
1050 ret->dll->name, fun->name, context->Eax, (DWORD)ret->origreturn);
1052 DPRINTF("%04x:RET %s.%d() retval=%08x ret=%08x\n",
1053 GetCurrentThreadId(),
1054 ret->dll->name,ret->dll->ordbase+ret->ordinal,
1055 context->Eax, (DWORD)ret->origreturn);
1057 ret->origreturn = NULL; /* mark as empty */
1060 /* assembly wrappers that save the context */
1061 DEFINE_REGS_ENTRYPOINT( SNOOP_Entry, 0 )
1062 DEFINE_REGS_ENTRYPOINT( SNOOP_Return, 0 )
1064 #else /* __i386__ */
1066 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports, DWORD exp_size,
1067 FARPROC origfun, DWORD ordinal, const WCHAR *user )
1072 void SNOOP_SetupDLL( HMODULE hmod )
1074 FIXME("snooping works only on i386 for now.\n");
1077 #endif /* __i386__ */