2 * Win32 relay and snoop functions
4 * Copyright 1997 Alexandre Julliard
5 * Copyright 1998 Marcus Meissner
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 #include "wine/port.h"
35 #include "wine/exception.h"
36 #include "ntdll_misc.h"
37 #include "wine/unicode.h"
38 #include "wine/debug.h"
40 WINE_DEFAULT_DEBUG_CHANNEL(relay);
41 WINE_DECLARE_DEBUG_CHANNEL(snoop);
42 WINE_DECLARE_DEBUG_CHANNEL(seh);
44 static const WCHAR **debug_relay_excludelist;
45 static const WCHAR **debug_relay_includelist;
46 static const WCHAR **debug_snoop_excludelist;
47 static const WCHAR **debug_snoop_includelist;
48 static const WCHAR **debug_from_relay_excludelist;
49 static const WCHAR **debug_from_relay_includelist;
50 static const WCHAR **debug_from_snoop_excludelist;
51 static const WCHAR **debug_from_snoop_includelist;
53 /* compare an ASCII and a Unicode string without depending on the current codepage */
54 inline static int strcmpAW( const char *strA, const WCHAR *strW )
56 while (*strA && ((unsigned char)*strA == *strW)) { strA++; strW++; }
57 return (unsigned char)*strA - *strW;
60 /* compare an ASCII and a Unicode string without depending on the current codepage */
61 inline static int strncmpiAW( const char *strA, const WCHAR *strW, int n )
64 for ( ; n > 0; n--, strA++, strW++)
65 if ((ret = toupperW((unsigned char)*strA) - toupperW(*strW)) || !*strA) break;
69 /***********************************************************************
72 * Build a function list from a ';'-separated string.
74 static const WCHAR **build_list( const WCHAR *buffer )
77 const WCHAR *p = buffer;
80 while ((p = strchrW( p, ';' )))
85 /* allocate count+1 pointers, plus the space for a copy of the string */
86 if ((ret = RtlAllocateHeap( GetProcessHeap(), 0,
87 (count+1) * sizeof(WCHAR*) + (strlenW(buffer)+1) * sizeof(WCHAR) )))
89 WCHAR *str = (WCHAR *)(ret + count + 1);
92 strcpyW( str, buffer );
97 if (!(p = strchrW( p, ';' ))) break;
106 /***********************************************************************
107 * RELAY_InitDebugLists
109 * Build the relay include/exclude function lists.
111 void RELAY_InitDebugLists(void)
113 OBJECT_ATTRIBUTES attr;
119 static const WCHAR configW[] = {'S','o','f','t','w','a','r','e','\\',
120 'W','i','n','e','\\',
121 'D','e','b','u','g',0};
122 static const WCHAR RelayIncludeW[] = {'R','e','l','a','y','I','n','c','l','u','d','e',0};
123 static const WCHAR RelayExcludeW[] = {'R','e','l','a','y','E','x','c','l','u','d','e',0};
124 static const WCHAR SnoopIncludeW[] = {'S','n','o','o','p','I','n','c','l','u','d','e',0};
125 static const WCHAR SnoopExcludeW[] = {'S','n','o','o','p','E','x','c','l','u','d','e',0};
126 static const WCHAR RelayFromIncludeW[] = {'R','e','l','a','y','F','r','o','m','I','n','c','l','u','d','e',0};
127 static const WCHAR RelayFromExcludeW[] = {'R','e','l','a','y','F','r','o','m','E','x','c','l','u','d','e',0};
128 static const WCHAR SnoopFromIncludeW[] = {'S','n','o','o','p','F','r','o','m','I','n','c','l','u','d','e',0};
129 static const WCHAR SnoopFromExcludeW[] = {'S','n','o','o','p','F','r','o','m','E','x','c','l','u','d','e',0};
131 RtlOpenCurrentUser( KEY_ALL_ACCESS, &root );
132 attr.Length = sizeof(attr);
133 attr.RootDirectory = root;
134 attr.ObjectName = &name;
136 attr.SecurityDescriptor = NULL;
137 attr.SecurityQualityOfService = NULL;
138 RtlInitUnicodeString( &name, configW );
140 /* @@ Wine registry key: HKCU\Software\Wine\Debug */
141 if (NtOpenKey( &hkey, KEY_ALL_ACCESS, &attr )) hkey = 0;
145 str = (WCHAR *)((KEY_VALUE_PARTIAL_INFORMATION *)buffer)->Data;
146 RtlInitUnicodeString( &name, RelayIncludeW );
147 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
149 TRACE("RelayInclude = %s\n", debugstr_w(str) );
150 debug_relay_includelist = build_list( str );
153 RtlInitUnicodeString( &name, RelayExcludeW );
154 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
156 TRACE( "RelayExclude = %s\n", debugstr_w(str) );
157 debug_relay_excludelist = build_list( str );
160 RtlInitUnicodeString( &name, SnoopIncludeW );
161 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
163 TRACE_(snoop)( "SnoopInclude = %s\n", debugstr_w(str) );
164 debug_snoop_includelist = build_list( str );
167 RtlInitUnicodeString( &name, SnoopExcludeW );
168 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
170 TRACE_(snoop)( "SnoopExclude = %s\n", debugstr_w(str) );
171 debug_snoop_excludelist = build_list( str );
174 RtlInitUnicodeString( &name, RelayFromIncludeW );
175 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
177 TRACE("RelayFromInclude = %s\n", debugstr_w(str) );
178 debug_from_relay_includelist = build_list( str );
181 RtlInitUnicodeString( &name, RelayFromExcludeW );
182 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
184 TRACE( "RelayFromExclude = %s\n", debugstr_w(str) );
185 debug_from_relay_excludelist = build_list( str );
188 RtlInitUnicodeString( &name, SnoopFromIncludeW );
189 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
191 TRACE_(snoop)("SnoopFromInclude = %s\n", debugstr_w(str) );
192 debug_from_snoop_includelist = build_list( str );
195 RtlInitUnicodeString( &name, SnoopFromExcludeW );
196 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
198 TRACE_(snoop)( "SnoopFromExclude = %s\n", debugstr_w(str) );
199 debug_from_snoop_excludelist = build_list( str );
208 #include "pshpack1.h"
212 BYTE call; /* 0xe8 call callfrom32 (relative) */
213 DWORD callfrom32; /* RELAY_CallFrom32 relative addr */
214 BYTE ret; /* 0xc2 ret $n or 0xc3 ret */
215 WORD args; /* nb of args to remove from the stack */
216 void *orig; /* original entry point */
217 DWORD argtypes; /* argument types */
223 BYTE lcall; /* 0xe8 call snoopentry (relative) */
224 /* NOTE: If you move snoopentry OR nrofargs fix the relative offset
227 DWORD snoopentry; /* SNOOP_Entry relative */
234 typedef struct tagSNOOP_DLL {
239 struct tagSNOOP_DLL *next;
246 BYTE lcall; /* 0xe8 call snoopret relative*/
247 /* NOTE: If you move snoopret OR origreturn fix the relative offset
250 DWORD snoopret; /* SNOOP_Ret relative */
256 DWORD *args; /* saved args across a stdcall */
259 typedef struct tagSNOOP_RETURNENTRIES {
260 SNOOP_RETURNENTRY entry[4092/sizeof(SNOOP_RETURNENTRY)];
261 struct tagSNOOP_RETURNENTRIES *next;
262 } SNOOP_RETURNENTRIES;
266 extern void WINAPI SNOOP_Entry();
267 extern void WINAPI SNOOP_Return();
269 static SNOOP_DLL *firstdll;
270 static SNOOP_RETURNENTRIES *firstrets;
272 static WINE_EXCEPTION_FILTER(page_fault)
274 if (GetExceptionCode() == EXCEPTION_ACCESS_VIOLATION ||
275 GetExceptionCode() == EXCEPTION_PRIV_INSTRUCTION)
276 return EXCEPTION_EXECUTE_HANDLER;
277 return EXCEPTION_CONTINUE_SEARCH;
280 /***********************************************************************
283 * Check if a given module and function is in the list.
285 static BOOL check_list( const char *module, int ordinal, const char *func, const WCHAR **list )
289 sprintf( ord_str, "%d", ordinal );
292 const WCHAR *p = strrchrW( *list, '.' );
293 if (p && p > *list) /* check module and function */
296 if (strncmpiAW( module, *list, len-1 ) || module[len]) continue;
297 if (p[1] == '*' && !p[2]) return TRUE;
298 if (!strcmpAW( ord_str, p + 1 )) return TRUE;
299 if (func && !strcmpAW( func, p + 1 )) return TRUE;
301 else /* function only */
303 if (func && !strcmpAW( func, *list )) return TRUE;
310 /***********************************************************************
311 * check_relay_include
313 * Check if a given function must be included in the relay output.
315 static BOOL check_relay_include( const char *module, int ordinal, const char *func )
317 if (debug_relay_excludelist && check_list( module, ordinal, func, debug_relay_excludelist ))
319 if (debug_relay_includelist && !check_list( module, ordinal, func, debug_relay_includelist ))
324 /***********************************************************************
327 * Check if calls from a given module must be included in the relay/snoop output,
328 * given the exclusion and inclusion lists.
330 static BOOL check_from_module( const WCHAR **includelist, const WCHAR **excludelist, const WCHAR *module )
332 static const WCHAR dllW[] = {'.','d','l','l',0 };
333 const WCHAR **listitem;
336 if (!module) return TRUE;
337 if (!includelist && !excludelist) return TRUE;
341 listitem = excludelist;
346 listitem = includelist;
348 for(; *listitem; listitem++)
352 if (!strcmpiW( *listitem, module )) return !show;
353 len = strlenW( *listitem );
354 if (!strncmpiW( *listitem, module, len ) && !strcmpiW( module + len, dllW ))
360 /***********************************************************************
363 * Find the name of an exported function.
365 static const char *find_exported_name( HMODULE module,
366 IMAGE_EXPORT_DIRECTORY *exp, int ordinal )
369 const char *ret = NULL;
371 WORD *ordptr = (WORD *)((char *)module + exp->AddressOfNameOrdinals);
372 for (i = 0; i < exp->NumberOfNames; i++, ordptr++)
373 if (*ordptr + exp->Base == ordinal) break;
374 if (i < exp->NumberOfNames)
375 ret = (char *)module + ((DWORD*)((char *)module + exp->AddressOfNames))[i];
380 /***********************************************************************
383 * Get the name of the DLL entry point corresponding to a relay address.
385 static void get_entry_point( char *buffer, DEBUG_ENTRY_POINT *relay )
387 IMAGE_EXPORT_DIRECTORY *exp = NULL;
388 DEBUG_ENTRY_POINT *debug;
392 PLIST_ENTRY mark, entry;
393 PLDR_MODULE mod = NULL;
396 /* First find the module */
398 mark = &NtCurrentTeb()->Peb->LdrData->InLoadOrderModuleList;
399 for (entry = mark->Flink; entry != mark; entry = entry->Flink)
401 mod = CONTAINING_RECORD(entry, LDR_MODULE, InLoadOrderModuleList);
402 if (!(mod->Flags & LDR_WINE_INTERNAL)) continue;
403 exp = RtlImageDirectoryEntryToData( mod->BaseAddress, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
405 debug = (DEBUG_ENTRY_POINT *)((char *)exp + size);
406 if (debug <= relay && relay < debug + exp->NumberOfFunctions)
408 ordinal = relay - debug;
413 /* Now find the function */
415 strcpy( buffer, (char *)mod->BaseAddress + exp->Name );
416 p = buffer + strlen(buffer);
417 if (p > buffer + 4 && !strcasecmp( p - 4, ".dll" )) p -= 4;
419 if ((name = find_exported_name( mod->BaseAddress, exp, ordinal + exp->Base )))
420 sprintf( p, ".%s", name );
422 sprintf( p, ".%ld", ordinal + exp->Base );
426 /***********************************************************************
429 static inline void RELAY_PrintArgs( int *args, int nb_args, unsigned int typemask )
433 if ((typemask & 3) && HIWORD(*args))
436 DPRINTF( "%08x %s", *args, debugstr_w((LPWSTR)*args) );
438 DPRINTF( "%08x %s", *args, debugstr_a((LPCSTR)*args) );
440 else DPRINTF( "%08x", *args );
441 if (nb_args) DPRINTF( "," );
448 typedef LONGLONG (*LONGLONG_CPROC)();
449 typedef LONGLONG (WINAPI *LONGLONG_FARPROC)();
452 /***********************************************************************
453 * call_cdecl_function
455 static LONGLONG call_cdecl_function( LONGLONG_CPROC func, int nb_args, const int *args )
460 case 0: ret = func(); break;
461 case 1: ret = func(args[0]); break;
462 case 2: ret = func(args[0],args[1]); break;
463 case 3: ret = func(args[0],args[1],args[2]); break;
464 case 4: ret = func(args[0],args[1],args[2],args[3]); break;
465 case 5: ret = func(args[0],args[1],args[2],args[3],args[4]); break;
466 case 6: ret = func(args[0],args[1],args[2],args[3],args[4],
468 case 7: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
470 case 8: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
471 args[6],args[7]); break;
472 case 9: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
473 args[6],args[7],args[8]); break;
474 case 10: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
475 args[6],args[7],args[8],args[9]); break;
476 case 11: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
477 args[6],args[7],args[8],args[9],args[10]); break;
478 case 12: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
479 args[6],args[7],args[8],args[9],args[10],
481 case 13: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
482 args[6],args[7],args[8],args[9],args[10],args[11],
484 case 14: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
485 args[6],args[7],args[8],args[9],args[10],args[11],
486 args[12],args[13]); break;
487 case 15: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
488 args[6],args[7],args[8],args[9],args[10],args[11],
489 args[12],args[13],args[14]); break;
490 case 16: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
491 args[6],args[7],args[8],args[9],args[10],args[11],
492 args[12],args[13],args[14],args[15]); break;
493 case 17: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
494 args[6],args[7],args[8],args[9],args[10],args[11],
495 args[12],args[13],args[14],args[15],args[16]); break;
496 case 18: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
497 args[6],args[7],args[8],args[9],args[10],args[11],
498 args[12],args[13],args[14],args[15],args[16],
501 ERR( "Unsupported nb of args %d\n", nb_args );
510 /***********************************************************************
511 * call_stdcall_function
513 static LONGLONG call_stdcall_function( LONGLONG_FARPROC func, int nb_args, const int *args )
518 case 0: ret = func(); break;
519 case 1: ret = func(args[0]); break;
520 case 2: ret = func(args[0],args[1]); break;
521 case 3: ret = func(args[0],args[1],args[2]); break;
522 case 4: ret = func(args[0],args[1],args[2],args[3]); break;
523 case 5: ret = func(args[0],args[1],args[2],args[3],args[4]); break;
524 case 6: ret = func(args[0],args[1],args[2],args[3],args[4],
526 case 7: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
528 case 8: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
529 args[6],args[7]); break;
530 case 9: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
531 args[6],args[7],args[8]); break;
532 case 10: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
533 args[6],args[7],args[8],args[9]); break;
534 case 11: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
535 args[6],args[7],args[8],args[9],args[10]); break;
536 case 12: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
537 args[6],args[7],args[8],args[9],args[10],
539 case 13: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
540 args[6],args[7],args[8],args[9],args[10],args[11],
542 case 14: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
543 args[6],args[7],args[8],args[9],args[10],args[11],
544 args[12],args[13]); break;
545 case 15: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
546 args[6],args[7],args[8],args[9],args[10],args[11],
547 args[12],args[13],args[14]); break;
548 case 16: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
549 args[6],args[7],args[8],args[9],args[10],args[11],
550 args[12],args[13],args[14],args[15]); break;
551 case 17: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
552 args[6],args[7],args[8],args[9],args[10],args[11],
553 args[12],args[13],args[14],args[15],args[16]); break;
554 case 18: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
555 args[6],args[7],args[8],args[9],args[10],args[11],
556 args[12],args[13],args[14],args[15],args[16],
559 ERR( "Unsupported nb of args %d\n", nb_args );
568 /***********************************************************************
571 * Stack layout on entry to this function:
576 * (esp) return addr to relay code
578 static LONGLONG RELAY_CallFrom32( int ret_addr, ... )
583 int *args = &ret_addr + 1;
584 /* Relay addr is the return address for this function */
585 BYTE *relay_addr = (BYTE *)__builtin_return_address(0);
586 DEBUG_ENTRY_POINT *relay = (DEBUG_ENTRY_POINT *)(relay_addr - 5);
587 WORD nb_args = relay->args / sizeof(int);
591 get_entry_point( buffer, relay );
593 DPRINTF( "%04lx:Call %s(", GetCurrentThreadId(), buffer );
594 RELAY_PrintArgs( args, nb_args, relay->argtypes );
595 DPRINTF( ") ret=%08x\n", ret_addr );
598 if (relay->ret == 0xc3) /* cdecl */
600 ret = call_cdecl_function( (LONGLONG_CPROC)relay->orig, nb_args, args );
604 ret = call_stdcall_function( (LONGLONG_FARPROC)relay->orig, nb_args, args );
609 BOOL ret64 = (relay->argtypes & 0x80000000) && (nb_args < 16);
611 DPRINTF( "%04lx:Ret %s() retval=%08x%08x ret=%08x\n",
612 GetCurrentThreadId(),
613 buffer, (UINT)(ret >> 32), (UINT)ret, ret_addr );
615 DPRINTF( "%04lx:Ret %s() retval=%08x ret=%08x\n",
616 GetCurrentThreadId(),
617 buffer, (UINT)ret, ret_addr );
623 /***********************************************************************
624 * RELAY_CallFrom32Regs
626 * Stack layout (esp is context->Esp, not the current %esp):
630 * (esp) return addr to caller
631 * (esp-4) return addr to DEBUG_ENTRY_POINT
632 * (esp-8) ptr to relay entry code for RELAY_CallFrom32Regs
633 * ... >128 bytes space free to be modified (ensured by the assembly glue)
635 void WINAPI __regs_RELAY_CallFrom32Regs( CONTEXT86 *context )
642 BYTE *relay_addr = *((BYTE **)context->Esp - 1);
643 DEBUG_ENTRY_POINT *relay = (DEBUG_ENTRY_POINT *)(relay_addr - 5);
644 WORD nb_args = relay->args / sizeof(int);
646 /* remove extra stuff from the stack */
647 context->Eip = *(DWORD *)context->Esp;
648 context->Esp += sizeof(DWORD);
649 args = (int *)context->Esp;
650 if (relay->ret == 0xc2) /* stdcall */
651 context->Esp += nb_args * sizeof(int);
653 entry_point = (BYTE *)relay->orig;
654 assert( *entry_point == 0xe8 /* lcall */ );
658 get_entry_point( buffer, relay );
660 DPRINTF( "%04lx:Call %s(", GetCurrentThreadId(), buffer );
661 RELAY_PrintArgs( args, nb_args, relay->argtypes );
662 DPRINTF( ") ret=%08lx fs=%04lx\n", context->Eip, context->SegFs );
664 DPRINTF(" eax=%08lx ebx=%08lx ecx=%08lx edx=%08lx esi=%08lx edi=%08lx\n",
665 context->Eax, context->Ebx, context->Ecx,
666 context->Edx, context->Esi, context->Edi );
667 DPRINTF(" ebp=%08lx esp=%08lx ds=%04lx es=%04lx gs=%04lx flags=%08lx\n",
668 context->Ebp, context->Esp, context->SegDs,
669 context->SegEs, context->SegGs, context->EFlags );
672 /* Now call the real function */
674 memcpy( args_copy, args, nb_args * sizeof(args[0]) );
675 args_copy[nb_args] = (int)context; /* append context argument */
676 if (relay->ret == 0xc3) /* cdecl */
678 call_cdecl_function( (LONGLONG_CPROC)(entry_point + 5 + *(DWORD *)(entry_point + 5)),
679 nb_args+1, args_copy );
683 call_stdcall_function( (LONGLONG_FARPROC)(entry_point + 5 + *(DWORD *)(entry_point + 5)),
684 nb_args+1, args_copy );
689 DPRINTF( "%04lx:Ret %s() retval=%08lx ret=%08lx fs=%04lx\n",
690 GetCurrentThreadId(),
691 buffer, context->Eax, context->Eip, context->SegFs );
693 DPRINTF(" eax=%08lx ebx=%08lx ecx=%08lx edx=%08lx esi=%08lx edi=%08lx\n",
694 context->Eax, context->Ebx, context->Ecx,
695 context->Edx, context->Esi, context->Edi );
696 DPRINTF(" ebp=%08lx esp=%08lx ds=%04lx es=%04lx gs=%04lx flags=%08lx\n",
697 context->Ebp, context->Esp, context->SegDs,
698 context->SegEs, context->SegGs, context->EFlags );
702 void WINAPI RELAY_CallFrom32Regs(void);
703 DEFINE_REGS_ENTRYPOINT( RELAY_CallFrom32Regs, 0, 0 );
705 /* check whether the function at addr starts with a call to __wine_call_from_32_regs */
706 static BOOL is_register_entry_point( const BYTE *addr )
708 extern void __wine_call_from_32_regs();
712 if (*addr != 0xe8) return FALSE; /* not a call */
713 /* check if call target is __wine_call_from_32_regs */
714 offset = (const int *)(addr + 1);
715 if (*offset == (const char *)__wine_call_from_32_regs - (const char *)(offset + 1)) return TRUE;
716 /* now check if call target is an import table jump to __wine_call_from_32_regs */
717 addr = (const BYTE *)(offset + 1) + *offset;
718 if (addr[0] != 0xff || addr[1] != 0x25) return FALSE; /* not an indirect jmp */
719 ptr = *(const void * const*)(addr + 2); /* get indirect jmp target address */
720 return (*(const char * const*)ptr == (char *)__wine_call_from_32_regs);
724 /***********************************************************************
725 * RELAY_GetProcAddress
727 * Return the proc address to use for a given function.
729 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
730 DWORD exp_size, FARPROC proc, const WCHAR *user )
732 const DEBUG_ENTRY_POINT *debug = (DEBUG_ENTRY_POINT *)proc;
733 const DEBUG_ENTRY_POINT *list = (const DEBUG_ENTRY_POINT *)((const char *)exports + exp_size);
735 if (debug < list || debug >= list + exports->NumberOfFunctions) return proc;
736 if (list + (debug - list) != debug) return proc; /* not a valid address */
737 if (check_from_module( debug_from_relay_includelist, debug_from_relay_excludelist, user ))
738 return proc; /* we want to relay it */
739 if (!debug->call) return proc; /* not a normal function */
740 if (debug->call != 0xe8 && debug->call != 0xe9) return proc; /* not a debug thunk at all */
745 /***********************************************************************
748 * Setup relay debugging for a built-in dll.
750 void RELAY_SetupDLL( HMODULE module )
752 IMAGE_EXPORT_DIRECTORY *exports;
753 DEBUG_ENTRY_POINT *debug;
757 char *p, dllname[80];
760 exports = RtlImageDirectoryEntryToData( module, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
761 if (!exports) return;
762 debug = (DEBUG_ENTRY_POINT *)((char *)exports + size);
763 funcs = (DWORD *)((char *)module + exports->AddressOfFunctions);
764 strcpy( dllname, (char *)module + exports->Name );
765 p = dllname + strlen(dllname) - 4;
766 if (p > dllname && !strcasecmp( p, ".dll" )) *p = 0;
768 for (i = 0; i < exports->NumberOfFunctions; i++, funcs++, debug++)
772 if (!debug->call) continue; /* not a normal function */
773 if (debug->call != 0xe8 && debug->call != 0xe9) break; /* not a debug thunk at all */
775 name = find_exported_name( module, exports, i + exports->Base );
776 on = check_relay_include( dllname, i + exports->Base, name );
780 debug->call = 0xe8; /* call relative */
781 if (is_register_entry_point( debug->orig ))
782 debug->callfrom32 = (char *)RELAY_CallFrom32Regs - (char *)&debug->ret;
784 debug->callfrom32 = (char *)RELAY_CallFrom32 - (char *)&debug->ret;
788 debug->call = 0xe9; /* jmp relative */
789 debug->callfrom32 = (char *)debug->orig - (char *)&debug->ret;
791 *funcs = (char *)debug - (char *)module;
796 /***********************************************************************
797 * SNOOP_ShowDebugmsgSnoop
799 * Simple function to decide if a particular debugging message is
802 static BOOL SNOOP_ShowDebugmsgSnoop(const char *module, int ordinal, const char *func)
804 if (debug_snoop_excludelist && check_list( module, ordinal, func, debug_snoop_excludelist ))
806 if (debug_snoop_includelist && !check_list( module, ordinal, func, debug_snoop_includelist ))
812 /***********************************************************************
815 * Setup snoop debugging for a native dll.
817 void SNOOP_SetupDLL(HMODULE hmod)
819 SNOOP_DLL **dll = &firstdll;
823 IMAGE_EXPORT_DIRECTORY *exports;
825 exports = RtlImageDirectoryEntryToData( hmod, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
826 if (!exports) return;
827 name = (char *)hmod + exports->Name;
829 TRACE_(snoop)("hmod=%p, name=%s\n", hmod, name);
832 if ((*dll)->hmod == hmod)
834 /* another dll, loaded at the same address */
836 size = (*dll)->nrofordinals * sizeof(SNOOP_FUN);
837 NtFreeVirtualMemory(NtCurrentProcess(), &addr, &size, MEM_RELEASE);
840 dll = &((*dll)->next);
843 *dll = RtlReAllocateHeap(GetProcessHeap(),
844 HEAP_ZERO_MEMORY, *dll,
845 sizeof(SNOOP_DLL) + strlen(name));
847 *dll = RtlAllocateHeap(GetProcessHeap(),
849 sizeof(SNOOP_DLL) + strlen(name));
851 (*dll)->ordbase = exports->Base;
852 (*dll)->nrofordinals = exports->NumberOfFunctions;
853 strcpy( (*dll)->name, name );
854 p = (*dll)->name + strlen((*dll)->name) - 4;
855 if (p > (*dll)->name && !strcasecmp( p, ".dll" )) *p = 0;
857 size = exports->NumberOfFunctions * sizeof(SNOOP_FUN);
859 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
860 MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
862 RtlFreeHeap(GetProcessHeap(),0,*dll);
863 FIXME("out of memory\n");
867 memset((*dll)->funs,0,size);
871 /***********************************************************************
872 * SNOOP_GetProcAddress
874 * Return the proc address to use for a given function.
876 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports,
877 DWORD exp_size, FARPROC origfun, DWORD ordinal,
882 const WORD *ordinals;
884 SNOOP_DLL *dll = firstdll;
886 const IMAGE_SECTION_HEADER *sec;
888 if (!TRACE_ON(snoop)) return origfun;
889 if (!check_from_module( debug_from_snoop_includelist, debug_from_snoop_excludelist, user ))
890 return origfun; /* the calling module was explicitly excluded */
892 if (!*(LPBYTE)origfun) /* 0x00 is an imposs. opcode, poss. dataref. */
895 sec = RtlImageRvaToSection( RtlImageNtHeader(hmod), hmod, (char *)origfun - (char *)hmod );
897 if (!sec || !(sec->Characteristics & IMAGE_SCN_CNT_CODE))
898 return origfun; /* most likely a data reference */
901 if (hmod == dll->hmod)
905 if (!dll) /* probably internal */
908 /* try to find a name for it */
910 names = (const DWORD *)((const char *)hmod + exports->AddressOfNames);
911 ordinals = (const WORD *)((const char *)hmod + exports->AddressOfNameOrdinals);
912 if (names) for (i = 0; i < exports->NumberOfNames; i++)
914 if (ordinals[i] == ordinal)
916 ename = (const char *)hmod + names[i];
920 if (!SNOOP_ShowDebugmsgSnoop(dll->name,ordinal,ename))
922 assert(ordinal < dll->nrofordinals);
923 fun = dll->funs + ordinal;
928 /* NOTE: origreturn struct member MUST come directly after snoopentry */
929 fun->snoopentry = (char*)SNOOP_Entry-((char*)(&fun->nrofargs));
930 fun->origfun = origfun;
933 return (FARPROC)&(fun->lcall);
936 static void SNOOP_PrintArg(DWORD x)
941 if (!HIWORD(x) || TRACE_ON(seh)) return; /* trivial reject to avoid faults */
948 if (s[i]<0x20) {nostring=1;break;}
949 if (s[i]>=0x80) {nostring=1;break;}
952 if (!nostring && i > 5)
953 DPRINTF(" %s",debugstr_an((LPSTR)x,i));
954 else /* try unicode */
960 if (s[i]<0x20) {nostring=1;break;}
961 if (s[i]>0x100) {nostring=1;break;}
964 if (!nostring && i > 5) DPRINTF(" %s",debugstr_wn((LPWSTR)x,i));
973 #define CALLER1REF (*(DWORD*)context->Esp)
975 void WINAPI __regs_SNOOP_Entry( CONTEXT86 *context )
977 DWORD ordinal=0,entry = context->Eip - 5;
978 SNOOP_DLL *dll = firstdll;
979 SNOOP_FUN *fun = NULL;
980 SNOOP_RETURNENTRIES **rets = &firstrets;
981 SNOOP_RETURNENTRY *ret;
985 if ( ((char*)entry>=(char*)dll->funs) &&
986 ((char*)entry<=(char*)(dll->funs+dll->nrofordinals))
988 fun = (SNOOP_FUN*)entry;
989 ordinal = fun-dll->funs;
995 FIXME("entrypoint 0x%08lx not found\n",entry);
998 /* guess cdecl ... */
999 if (fun->nrofargs<0) {
1000 /* Typical cdecl return frame is:
1002 * which has (for xxxxxxxx up to 255 the opcode "83 C4 xx".
1003 * (after that 81 C2 xx xx xx xx)
1005 LPBYTE reteip = (LPBYTE)CALLER1REF;
1008 if ((reteip[0]==0x83)&&(reteip[1]==0xc4))
1009 fun->nrofargs=reteip[2]/4;
1015 for (i=0;i<sizeof((*rets)->entry)/sizeof((*rets)->entry[0]);i++)
1016 if (!(*rets)->entry[i].origreturn)
1018 if (i!=sizeof((*rets)->entry)/sizeof((*rets)->entry[0]))
1020 rets = &((*rets)->next);
1026 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
1027 MEM_COMMIT | MEM_RESERVE,
1028 PAGE_EXECUTE_READWRITE);
1031 memset(*rets,0,4096);
1032 i = 0; /* entry 0 is free */
1034 ret = &((*rets)->entry[i]);
1036 /* NOTE: origreturn struct member MUST come directly after snoopret */
1037 ret->snoopret = ((char*)SNOOP_Return)-(char*)(&ret->origreturn);
1038 ret->origreturn = (FARPROC)CALLER1REF;
1039 CALLER1REF = (DWORD)&ret->lcall;
1042 ret->ordinal = ordinal;
1043 ret->origESP = context->Esp;
1045 context->Eip = (DWORD)fun->origfun;
1047 if (fun->name) DPRINTF("%04lx:CALL %s.%s(",GetCurrentThreadId(),dll->name,fun->name);
1048 else DPRINTF("%04lx:CALL %s.%ld(",GetCurrentThreadId(),dll->name,dll->ordbase+ordinal);
1049 if (fun->nrofargs>0) {
1050 max = fun->nrofargs; if (max>16) max=16;
1053 SNOOP_PrintArg(*(DWORD*)(context->Esp + 4 + sizeof(DWORD)*i));
1054 if (i<fun->nrofargs-1) DPRINTF(",");
1056 if (max!=fun->nrofargs)
1058 } else if (fun->nrofargs<0) {
1059 DPRINTF("<unknown, check return>");
1060 ret->args = RtlAllocateHeap(GetProcessHeap(),
1061 0,16*sizeof(DWORD));
1062 memcpy(ret->args,(LPBYTE)(context->Esp + 4),sizeof(DWORD)*16);
1064 DPRINTF(") ret=%08lx\n",(DWORD)ret->origreturn);
1068 void WINAPI __regs_SNOOP_Return( CONTEXT86 *context )
1070 SNOOP_RETURNENTRY *ret = (SNOOP_RETURNENTRY*)(context->Eip - 5);
1071 SNOOP_FUN *fun = &ret->dll->funs[ret->ordinal];
1073 /* We haven't found out the nrofargs yet. If we called a cdecl
1074 * function it is too late anyway and we can just set '0' (which
1075 * will be the difference between orig and current ESP
1076 * If stdcall -> everything ok.
1078 if (ret->dll->funs[ret->ordinal].nrofargs<0)
1079 ret->dll->funs[ret->ordinal].nrofargs=(context->Esp - ret->origESP-4)/4;
1080 context->Eip = (DWORD)ret->origreturn;
1085 DPRINTF("%04lx:RET %s.%s(", GetCurrentThreadId(), ret->dll->name, fun->name);
1087 DPRINTF("%04lx:RET %s.%ld(", GetCurrentThreadId(),
1088 ret->dll->name,ret->dll->ordbase+ret->ordinal);
1090 max = fun->nrofargs;
1095 SNOOP_PrintArg(ret->args[i]);
1096 if (i<max-1) DPRINTF(",");
1098 DPRINTF(") retval=%08lx ret=%08lx\n",
1099 context->Eax,(DWORD)ret->origreturn );
1100 RtlFreeHeap(GetProcessHeap(),0,ret->args);
1106 DPRINTF("%04lx:RET %s.%s() retval=%08lx ret=%08lx\n",
1107 GetCurrentThreadId(),
1108 ret->dll->name, fun->name, context->Eax, (DWORD)ret->origreturn);
1110 DPRINTF("%04lx:RET %s.%ld() retval=%08lx ret=%08lx\n",
1111 GetCurrentThreadId(),
1112 ret->dll->name,ret->dll->ordbase+ret->ordinal,
1113 context->Eax, (DWORD)ret->origreturn);
1115 ret->origreturn = NULL; /* mark as empty */
1118 /* assembly wrappers that save the context */
1119 DEFINE_REGS_ENTRYPOINT( SNOOP_Entry, 0, 0 );
1120 DEFINE_REGS_ENTRYPOINT( SNOOP_Return, 0, 0 );
1122 #else /* __i386__ */
1124 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
1125 DWORD exp_size, FARPROC proc, const WCHAR *user )
1130 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports, DWORD exp_size,
1131 FARPROC origfun, DWORD ordinal, const WCHAR *user )
1136 void RELAY_SetupDLL( HMODULE module )
1140 void SNOOP_SetupDLL( HMODULE hmod )
1142 FIXME("snooping works only on i386 for now.\n");
1145 #endif /* __i386__ */
projects / wine / blob