2 * Win32 relay and snoop functions
4 * Copyright 1997 Alexandre Julliard
5 * Copyright 1998 Marcus Meissner
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
23 #include "wine/port.h"
31 #define WIN32_NO_STATUS
34 #include "wine/exception.h"
35 #include "ntdll_misc.h"
36 #include "wine/unicode.h"
37 #include "wine/debug.h"
39 WINE_DEFAULT_DEBUG_CHANNEL(relay);
40 WINE_DECLARE_DEBUG_CHANNEL(timestamp);
42 #if defined(__i386__) || defined(__x86_64__)
44 struct relay_descr /* descriptor for a module */
46 void *magic; /* signature */
47 void *relay_call; /* functions to call from relay thunks */
48 void *relay_call_regs;
49 void *private; /* reserved for the relay code private data */
50 const char *entry_point_base; /* base address of entry point thunks */
51 const unsigned int *entry_point_offsets; /* offsets of entry points thunks */
52 const unsigned int *arg_types; /* table of argument types for all entry points */
55 #define RELAY_DESCR_MAGIC ((void *)0xdeb90001)
56 #define IS_INTARG(x) (((ULONG_PTR)(x) >> 16) == 0)
58 /* private data built at dll load time */
60 struct relay_entry_point
62 void *orig_func; /* original entry point function */
63 const char *name; /* function name (if any) */
66 struct relay_private_data
68 HMODULE module; /* module handle of this dll */
69 unsigned int base; /* ordinal base */
70 char dllname[40]; /* dll name (without .dll extension) */
71 struct relay_entry_point entry_points[1]; /* list of dll entry points */
74 static const WCHAR **debug_relay_excludelist;
75 static const WCHAR **debug_relay_includelist;
76 static const WCHAR **debug_snoop_excludelist;
77 static const WCHAR **debug_snoop_includelist;
78 static const WCHAR **debug_from_relay_excludelist;
79 static const WCHAR **debug_from_relay_includelist;
80 static const WCHAR **debug_from_snoop_excludelist;
81 static const WCHAR **debug_from_snoop_includelist;
83 static BOOL init_done;
85 /* compare an ASCII and a Unicode string without depending on the current codepage */
86 static inline int strcmpAW( const char *strA, const WCHAR *strW )
88 while (*strA && ((unsigned char)*strA == *strW)) { strA++; strW++; }
89 return (unsigned char)*strA - *strW;
92 /* compare an ASCII and a Unicode string without depending on the current codepage */
93 static inline int strncmpiAW( const char *strA, const WCHAR *strW, int n )
96 for ( ; n > 0; n--, strA++, strW++)
97 if ((ret = toupperW((unsigned char)*strA) - toupperW(*strW)) || !*strA) break;
101 /***********************************************************************
104 * Build a function list from a ';'-separated string.
106 static const WCHAR **build_list( const WCHAR *buffer )
109 const WCHAR *p = buffer;
112 while ((p = strchrW( p, ';' )))
117 /* allocate count+1 pointers, plus the space for a copy of the string */
118 if ((ret = RtlAllocateHeap( GetProcessHeap(), 0,
119 (count+1) * sizeof(WCHAR*) + (strlenW(buffer)+1) * sizeof(WCHAR) )))
121 WCHAR *str = (WCHAR *)(ret + count + 1);
124 strcpyW( str, buffer );
129 if (!(p = strchrW( p, ';' ))) break;
137 /***********************************************************************
140 * Load a function list from a registry value.
142 static const WCHAR **load_list( HKEY hkey, const WCHAR *value )
144 char initial_buffer[4096];
145 char *buffer = initial_buffer;
149 const WCHAR **list = NULL;
151 RtlInitUnicodeString( &name, value );
152 status = NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(initial_buffer), &count );
153 if (status == STATUS_BUFFER_OVERFLOW)
155 buffer = RtlAllocateHeap( GetProcessHeap(), 0, count );
156 status = NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, count, &count );
158 if (status == STATUS_SUCCESS)
160 WCHAR *str = (WCHAR *)((KEY_VALUE_PARTIAL_INFORMATION *)buffer)->Data;
161 list = build_list( str );
162 if (list) TRACE( "%s = %s\n", debugstr_w(value), debugstr_w(str) );
165 if (buffer != initial_buffer) RtlFreeHeap( GetProcessHeap(), 0, buffer );
169 /***********************************************************************
172 * Build the relay include/exclude function lists.
174 static void init_debug_lists(void)
176 OBJECT_ATTRIBUTES attr;
179 static const WCHAR configW[] = {'S','o','f','t','w','a','r','e','\\',
180 'W','i','n','e','\\',
181 'D','e','b','u','g',0};
182 static const WCHAR RelayIncludeW[] = {'R','e','l','a','y','I','n','c','l','u','d','e',0};
183 static const WCHAR RelayExcludeW[] = {'R','e','l','a','y','E','x','c','l','u','d','e',0};
184 static const WCHAR SnoopIncludeW[] = {'S','n','o','o','p','I','n','c','l','u','d','e',0};
185 static const WCHAR SnoopExcludeW[] = {'S','n','o','o','p','E','x','c','l','u','d','e',0};
186 static const WCHAR RelayFromIncludeW[] = {'R','e','l','a','y','F','r','o','m','I','n','c','l','u','d','e',0};
187 static const WCHAR RelayFromExcludeW[] = {'R','e','l','a','y','F','r','o','m','E','x','c','l','u','d','e',0};
188 static const WCHAR SnoopFromIncludeW[] = {'S','n','o','o','p','F','r','o','m','I','n','c','l','u','d','e',0};
189 static const WCHAR SnoopFromExcludeW[] = {'S','n','o','o','p','F','r','o','m','E','x','c','l','u','d','e',0};
191 if (init_done) return;
194 RtlOpenCurrentUser( KEY_ALL_ACCESS, &root );
195 attr.Length = sizeof(attr);
196 attr.RootDirectory = root;
197 attr.ObjectName = &name;
199 attr.SecurityDescriptor = NULL;
200 attr.SecurityQualityOfService = NULL;
201 RtlInitUnicodeString( &name, configW );
203 /* @@ Wine registry key: HKCU\Software\Wine\Debug */
204 if (NtOpenKey( &hkey, KEY_ALL_ACCESS, &attr )) hkey = 0;
208 debug_relay_includelist = load_list( hkey, RelayIncludeW );
209 debug_relay_excludelist = load_list( hkey, RelayExcludeW );
210 debug_snoop_includelist = load_list( hkey, SnoopIncludeW );
211 debug_snoop_excludelist = load_list( hkey, SnoopExcludeW );
212 debug_from_relay_includelist = load_list( hkey, RelayFromIncludeW );
213 debug_from_relay_excludelist = load_list( hkey, RelayFromExcludeW );
214 debug_from_snoop_includelist = load_list( hkey, SnoopFromIncludeW );
215 debug_from_snoop_excludelist = load_list( hkey, SnoopFromExcludeW );
221 /***********************************************************************
224 * Check if a given module and function is in the list.
226 static BOOL check_list( const char *module, int ordinal, const char *func, const WCHAR *const *list )
230 sprintf( ord_str, "%d", ordinal );
233 const WCHAR *p = strrchrW( *list, '.' );
234 if (p && p > *list) /* check module and function */
237 if (strncmpiAW( module, *list, len-1 ) || module[len]) continue;
238 if (p[1] == '*' && !p[2]) return TRUE;
239 if (!strcmpAW( ord_str, p + 1 )) return TRUE;
240 if (func && !strcmpAW( func, p + 1 )) return TRUE;
242 else /* function only */
244 if (func && !strcmpAW( func, *list )) return TRUE;
251 /***********************************************************************
252 * check_relay_include
254 * Check if a given function must be included in the relay output.
256 static BOOL check_relay_include( const char *module, int ordinal, const char *func )
258 if (debug_relay_excludelist && check_list( module, ordinal, func, debug_relay_excludelist ))
260 if (debug_relay_includelist && !check_list( module, ordinal, func, debug_relay_includelist ))
265 /***********************************************************************
268 * Check if calls from a given module must be included in the relay/snoop output,
269 * given the exclusion and inclusion lists.
271 static BOOL check_from_module( const WCHAR **includelist, const WCHAR **excludelist, const WCHAR *module )
273 static const WCHAR dllW[] = {'.','d','l','l',0 };
274 const WCHAR **listitem;
277 if (!module) return TRUE;
278 if (!includelist && !excludelist) return TRUE;
282 listitem = excludelist;
287 listitem = includelist;
289 for(; *listitem; listitem++)
293 if (!strcmpiW( *listitem, module )) return !show;
294 len = strlenW( *listitem );
295 if (!strncmpiW( *listitem, module, len ) && !strcmpiW( module + len, dllW ))
301 /***********************************************************************
304 static inline void RELAY_PrintArgs( const INT_PTR *args, int nb_args, unsigned int typemask )
308 if ((typemask & 3) && !IS_INTARG(*args))
311 DPRINTF( "%08lx %s", *args, debugstr_w((LPCWSTR)*args) );
313 DPRINTF( "%08lx %s", *args, debugstr_a((LPCSTR)*args) );
315 else DPRINTF( "%08lx", *args );
316 if (nb_args) DPRINTF( "," );
322 extern LONGLONG CDECL call_entry_point( void *func, int nb_args, const INT_PTR *args, int flags );
324 __ASM_GLOBAL_FUNC( call_entry_point,
326 __ASM_CFI(".cfi_adjust_cfa_offset 4\n\t")
327 __ASM_CFI(".cfi_rel_offset %ebp,0\n\t")
329 __ASM_CFI(".cfi_def_cfa_register %ebp\n\t")
331 __ASM_CFI(".cfi_rel_offset %esi,-4\n\t")
333 __ASM_CFI(".cfi_rel_offset %edi,-8\n\t")
334 "movl 12(%ebp),%edx\n\t"
339 "movl 12(%ebp),%ecx\n\t"
340 "movl 16(%ebp),%esi\n\t"
344 "testl $2,20(%ebp)\n\t" /* (flags & 2) -> thiscall */
347 "1:\tcall *8(%ebp)\n\t"
348 "leal -8(%ebp),%esp\n\t"
350 __ASM_CFI(".cfi_same_value %edi\n\t")
352 __ASM_CFI(".cfi_same_value %esi\n\t")
354 __ASM_CFI(".cfi_def_cfa %esp,4\n\t")
355 __ASM_CFI(".cfi_same_value %ebp\n\t")
358 __ASM_GLOBAL_FUNC( call_entry_point,
360 __ASM_CFI(".cfi_adjust_cfa_offset 8\n\t")
361 __ASM_CFI(".cfi_rel_offset %rbp,0\n\t")
363 __ASM_CFI(".cfi_def_cfa_register %rbp\n\t")
365 __ASM_CFI(".cfi_rel_offset %rsi,-8\n\t")
367 __ASM_CFI(".cfi_rel_offset %rdi,-16\n\t")
371 "cmovgq %rdx,%rcx\n\t"
372 "leaq 0(,%rcx,8),%rdx\n\t"
378 "movq 0(%rsp),%rcx\n\t"
379 "movq 8(%rsp),%rdx\n\t"
380 "movq 16(%rsp),%r8\n\t"
381 "movq 24(%rsp),%r9\n\t"
382 "movq %rcx,%xmm0\n\t"
383 "movq %rdx,%xmm1\n\t"
387 "leaq -16(%rbp),%rsp\n\t"
389 __ASM_CFI(".cfi_same_value %rdi\n\t")
391 __ASM_CFI(".cfi_same_value %rsi\n\t")
392 __ASM_CFI(".cfi_def_cfa_register %rsp\n\t")
394 __ASM_CFI(".cfi_adjust_cfa_offset -8\n\t")
395 __ASM_CFI(".cfi_same_value %rbp\n\t")
400 static void print_timestamp(void)
402 ULONG ticks = NtGetTickCount();
403 DPRINTF( "%3u.%03u:", ticks / 1000, ticks % 1000 );
407 /***********************************************************************
410 * stack points to the return address, i.e. the first argument is stack[1].
412 static LONGLONG WINAPI relay_call( struct relay_descr *descr, unsigned int idx, const INT_PTR *stack )
415 WORD ordinal = LOWORD(idx);
416 BYTE nb_args = LOBYTE(HIWORD(idx));
417 BYTE flags = HIBYTE(HIWORD(idx));
418 struct relay_private_data *data = descr->private;
419 struct relay_entry_point *entry_point = data->entry_points + ordinal;
421 if (!TRACE_ON(relay))
422 ret = call_entry_point( entry_point->orig_func, nb_args, stack + 1, flags );
425 if (TRACE_ON(timestamp))
427 if (entry_point->name)
428 DPRINTF( "%04x:Call %s.%s(", GetCurrentThreadId(), data->dllname, entry_point->name );
430 DPRINTF( "%04x:Call %s.%u(", GetCurrentThreadId(), data->dllname, data->base + ordinal );
431 RELAY_PrintArgs( stack + 1, nb_args, descr->arg_types[ordinal] );
432 DPRINTF( ") ret=%08lx\n", stack[0] );
434 ret = call_entry_point( entry_point->orig_func, nb_args, stack + 1, flags );
436 if (TRACE_ON(timestamp))
438 if (entry_point->name)
439 DPRINTF( "%04x:Ret %s.%s()", GetCurrentThreadId(), data->dllname, entry_point->name );
441 DPRINTF( "%04x:Ret %s.%u()", GetCurrentThreadId(), data->dllname, data->base + ordinal );
443 if (flags & 1) /* 64-bit return value */
444 DPRINTF( " retval=%08x%08x ret=%08lx\n",
445 (UINT)(ret >> 32), (UINT)ret, stack[0] );
447 DPRINTF( " retval=%08lx ret=%08lx\n", (UINT_PTR)ret, stack[0] );
453 /***********************************************************************
457 void WINAPI __regs_relay_call_regs( struct relay_descr *descr, unsigned int idx,
458 unsigned int orig_eax, unsigned int ret_addr,
461 WORD ordinal = LOWORD(idx);
462 BYTE nb_args = LOBYTE(HIWORD(idx));
463 struct relay_private_data *data = descr->private;
464 struct relay_entry_point *entry_point = data->entry_points + ordinal;
465 BYTE *orig_func = entry_point->orig_func;
466 INT_PTR *args = (INT_PTR *)context->Esp;
467 INT_PTR args_copy[32];
469 /* restore the context to what it was before the relay thunk */
470 context->Eax = orig_eax;
471 context->Eip = ret_addr;
472 context->Esp += nb_args * sizeof(int);
476 if (entry_point->name)
477 DPRINTF( "%04x:Call %s.%s(", GetCurrentThreadId(), data->dllname, entry_point->name );
479 DPRINTF( "%04x:Call %s.%u(", GetCurrentThreadId(), data->dllname, data->base + ordinal );
480 RELAY_PrintArgs( args, nb_args, descr->arg_types[ordinal] );
481 DPRINTF( ") ret=%08x\n", ret_addr );
483 DPRINTF( "%04x: eax=%08x ebx=%08x ecx=%08x edx=%08x esi=%08x edi=%08x "
484 "ebp=%08x esp=%08x ds=%04x es=%04x fs=%04x gs=%04x flags=%08x\n",
485 GetCurrentThreadId(), context->Eax, context->Ebx, context->Ecx,
486 context->Edx, context->Esi, context->Edi, context->Ebp, context->Esp,
487 context->SegDs, context->SegEs, context->SegFs, context->SegGs, context->EFlags );
489 assert( orig_func[0] == 0x68 /* pushl func */ );
490 assert( orig_func[5] == 0x6a /* pushl args */ );
491 assert( orig_func[7] == 0xe8 /* call */ );
494 /* now call the real function */
496 memcpy( args_copy, args, nb_args * sizeof(args[0]) );
497 args_copy[nb_args++] = (INT_PTR)context; /* append context argument */
499 call_entry_point( orig_func + 12 + *(int *)(orig_func + 1), nb_args, args_copy, 0 );
504 if (entry_point->name)
505 DPRINTF( "%04x:Ret %s.%s() retval=%08x ret=%08x\n",
506 GetCurrentThreadId(), data->dllname, entry_point->name,
507 context->Eax, context->Eip );
509 DPRINTF( "%04x:Ret %s.%u() retval=%08x ret=%08x\n",
510 GetCurrentThreadId(), data->dllname, data->base + ordinal,
511 context->Eax, context->Eip );
512 DPRINTF( "%04x: eax=%08x ebx=%08x ecx=%08x edx=%08x esi=%08x edi=%08x "
513 "ebp=%08x esp=%08x ds=%04x es=%04x fs=%04x gs=%04x flags=%08x\n",
514 GetCurrentThreadId(), context->Eax, context->Ebx, context->Ecx,
515 context->Edx, context->Esi, context->Edi, context->Ebp, context->Esp,
516 context->SegDs, context->SegEs, context->SegFs, context->SegGs, context->EFlags );
519 extern void WINAPI relay_call_regs(void);
520 DEFINE_REGS_ENTRYPOINT( relay_call_regs, 4 )
524 void WINAPI relay_call_regs( struct relay_descr *descr, INT_PTR idx, INT_PTR *stack )
526 assert(0); /* should never be called */
529 #endif /* __i386__ */
532 /***********************************************************************
533 * RELAY_GetProcAddress
535 * Return the proc address to use for a given function.
537 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
538 DWORD exp_size, FARPROC proc, DWORD ordinal, const WCHAR *user )
540 struct relay_private_data *data;
541 const struct relay_descr *descr = (const struct relay_descr *)((const char *)exports + exp_size);
543 if (descr->magic != RELAY_DESCR_MAGIC || !(data = descr->private)) return proc; /* no relay data */
544 if (!data->entry_points[ordinal].orig_func) return proc; /* not a relayed function */
545 if (check_from_module( debug_from_relay_includelist, debug_from_relay_excludelist, user ))
546 return proc; /* we want to relay it */
547 return data->entry_points[ordinal].orig_func;
551 /***********************************************************************
554 * Setup relay debugging for a built-in dll.
556 void RELAY_SetupDLL( HMODULE module )
558 IMAGE_EXPORT_DIRECTORY *exports;
561 DWORD size, entry_point_rva;
562 struct relay_descr *descr;
563 struct relay_private_data *data;
566 if (!init_done) init_debug_lists();
568 exports = RtlImageDirectoryEntryToData( module, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
569 if (!exports) return;
571 descr = (struct relay_descr *)((char *)exports + size);
572 if (descr->magic != RELAY_DESCR_MAGIC) return;
574 if (!(data = RtlAllocateHeap( GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*data) +
575 (exports->NumberOfFunctions-1) * sizeof(data->entry_points) )))
578 descr->relay_call = relay_call;
579 descr->relay_call_regs = relay_call_regs;
580 descr->private = data;
582 data->module = module;
583 data->base = exports->Base;
584 len = strlen( (char *)module + exports->Name );
585 if (len > 4 && !strcasecmp( (char *)module + exports->Name + len - 4, ".dll" )) len -= 4;
586 len = min( len, sizeof(data->dllname) - 1 );
587 memcpy( data->dllname, (char *)module + exports->Name, len );
588 data->dllname[len] = 0;
590 /* fetch name pointer for all entry points and store them in the private structure */
592 ordptr = (const WORD *)((char *)module + exports->AddressOfNameOrdinals);
593 for (i = 0; i < exports->NumberOfNames; i++, ordptr++)
595 DWORD name_rva = ((DWORD*)((char *)module + exports->AddressOfNames))[i];
596 data->entry_points[*ordptr].name = (const char *)module + name_rva;
599 /* patch the functions in the export table to point to the relay thunks */
601 funcs = (DWORD *)((char *)module + exports->AddressOfFunctions);
602 entry_point_rva = descr->entry_point_base - (const char *)module;
603 for (i = 0; i < exports->NumberOfFunctions; i++, funcs++)
605 if (!descr->entry_point_offsets[i]) continue; /* not a normal function */
606 if (!check_relay_include( data->dllname, i + exports->Base, data->entry_points[i].name ))
607 continue; /* don't include this entry point */
609 data->entry_points[i].orig_func = (char *)module + *funcs;
610 *funcs = entry_point_rva + descr->entry_point_offsets[i];
614 #else /* __i386__ || __x86_64__ */
616 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
617 DWORD exp_size, FARPROC proc, DWORD ordinal, const WCHAR *user )
622 void RELAY_SetupDLL( HMODULE module )
626 #endif /* __i386__ || __x86_64__ */
629 /***********************************************************************/
631 /***********************************************************************/
635 WINE_DECLARE_DEBUG_CHANNEL(seh);
636 WINE_DECLARE_DEBUG_CHANNEL(snoop);
638 #include "pshpack1.h"
643 BYTE lcall; /* 0xe8 call snoopentry (relative) */
644 /* NOTE: If you move snoopentry OR nrofargs fix the relative offset
647 DWORD snoopentry; /* SNOOP_Entry relative */
654 typedef struct tagSNOOP_DLL {
659 struct tagSNOOP_DLL *next;
666 BYTE lcall; /* 0xe8 call snoopret relative*/
667 /* NOTE: If you move snoopret OR origreturn fix the relative offset
670 DWORD snoopret; /* SNOOP_Ret relative */
676 DWORD *args; /* saved args across a stdcall */
679 typedef struct tagSNOOP_RETURNENTRIES {
680 SNOOP_RETURNENTRY entry[4092/sizeof(SNOOP_RETURNENTRY)];
681 struct tagSNOOP_RETURNENTRIES *next;
682 } SNOOP_RETURNENTRIES;
686 extern void WINAPI SNOOP_Entry(void);
687 extern void WINAPI SNOOP_Return(void);
689 static SNOOP_DLL *firstdll;
690 static SNOOP_RETURNENTRIES *firstrets;
693 /***********************************************************************
694 * SNOOP_ShowDebugmsgSnoop
696 * Simple function to decide if a particular debugging message is
699 static BOOL SNOOP_ShowDebugmsgSnoop(const char *module, int ordinal, const char *func)
701 if (debug_snoop_excludelist && check_list( module, ordinal, func, debug_snoop_excludelist ))
703 if (debug_snoop_includelist && !check_list( module, ordinal, func, debug_snoop_includelist ))
709 /***********************************************************************
712 * Setup snoop debugging for a native dll.
714 void SNOOP_SetupDLL(HMODULE hmod)
716 SNOOP_DLL **dll = &firstdll;
721 IMAGE_EXPORT_DIRECTORY *exports;
723 if (!init_done) init_debug_lists();
725 exports = RtlImageDirectoryEntryToData( hmod, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size32 );
726 if (!exports || !exports->NumberOfFunctions) return;
727 name = (char *)hmod + exports->Name;
730 TRACE_(snoop)("hmod=%p, name=%s\n", hmod, name);
733 if ((*dll)->hmod == hmod)
735 /* another dll, loaded at the same address */
737 size = (*dll)->nrofordinals * sizeof(SNOOP_FUN);
738 NtFreeVirtualMemory(NtCurrentProcess(), &addr, &size, MEM_RELEASE);
741 dll = &((*dll)->next);
744 *dll = RtlReAllocateHeap(GetProcessHeap(),
745 HEAP_ZERO_MEMORY, *dll,
746 sizeof(SNOOP_DLL) + strlen(name));
748 *dll = RtlAllocateHeap(GetProcessHeap(),
750 sizeof(SNOOP_DLL) + strlen(name));
752 (*dll)->ordbase = exports->Base;
753 (*dll)->nrofordinals = exports->NumberOfFunctions;
754 strcpy( (*dll)->name, name );
755 p = (*dll)->name + strlen((*dll)->name) - 4;
756 if (p > (*dll)->name && !strcasecmp( p, ".dll" )) *p = 0;
758 size = exports->NumberOfFunctions * sizeof(SNOOP_FUN);
760 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
761 MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
763 RtlFreeHeap(GetProcessHeap(),0,*dll);
764 FIXME("out of memory\n");
768 memset((*dll)->funs,0,size);
772 /***********************************************************************
773 * SNOOP_GetProcAddress
775 * Return the proc address to use for a given function.
777 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports,
778 DWORD exp_size, FARPROC origfun, DWORD ordinal,
783 const WORD *ordinals;
785 SNOOP_DLL *dll = firstdll;
787 const IMAGE_SECTION_HEADER *sec;
789 if (!TRACE_ON(snoop)) return origfun;
790 if (!check_from_module( debug_from_snoop_includelist, debug_from_snoop_excludelist, user ))
791 return origfun; /* the calling module was explicitly excluded */
793 if (!*(LPBYTE)origfun) /* 0x00 is an impossible opcode, possible dataref. */
796 sec = RtlImageRvaToSection( RtlImageNtHeader(hmod), hmod, (char *)origfun - (char *)hmod );
798 if (!sec || !(sec->Characteristics & IMAGE_SCN_CNT_CODE))
799 return origfun; /* most likely a data reference */
802 if (hmod == dll->hmod)
806 if (!dll) /* probably internal */
809 /* try to find a name for it */
811 names = (const DWORD *)((const char *)hmod + exports->AddressOfNames);
812 ordinals = (const WORD *)((const char *)hmod + exports->AddressOfNameOrdinals);
813 if (names) for (i = 0; i < exports->NumberOfNames; i++)
815 if (ordinals[i] == ordinal)
817 ename = (const char *)hmod + names[i];
821 if (!SNOOP_ShowDebugmsgSnoop(dll->name,ordinal,ename))
823 assert(ordinal < dll->nrofordinals);
824 fun = dll->funs + ordinal;
829 /* NOTE: origreturn struct member MUST come directly after snoopentry */
830 fun->snoopentry = (char*)SNOOP_Entry-((char*)(&fun->nrofargs));
831 fun->origfun = origfun;
834 return (FARPROC)&(fun->lcall);
837 static void SNOOP_PrintArg(DWORD x)
842 if (IS_INTARG(x) || TRACE_ON(seh)) return; /* trivial reject to avoid faults */
849 if (s[i]<0x20) {nostring=1;break;}
850 if (s[i]>=0x80) {nostring=1;break;}
853 if (!nostring && i > 5)
854 DPRINTF(" %s",debugstr_an((LPSTR)x,i));
855 else /* try unicode */
861 if (s[i]<0x20) {nostring=1;break;}
862 if (s[i]>0x100) {nostring=1;break;}
865 if (!nostring && i > 5) DPRINTF(" %s",debugstr_wn((LPWSTR)x,i));
874 #define CALLER1REF (*(DWORD*)context->Esp)
876 void WINAPI __regs_SNOOP_Entry( CONTEXT *context )
878 DWORD ordinal=0,entry = context->Eip - 5;
879 SNOOP_DLL *dll = firstdll;
880 SNOOP_FUN *fun = NULL;
881 SNOOP_RETURNENTRIES **rets = &firstrets;
882 SNOOP_RETURNENTRY *ret;
886 if ( ((char*)entry>=(char*)dll->funs) &&
887 ((char*)entry<=(char*)(dll->funs+dll->nrofordinals))
889 fun = (SNOOP_FUN*)entry;
890 ordinal = fun-dll->funs;
896 FIXME("entrypoint 0x%08x not found\n",entry);
899 /* guess cdecl ... */
900 if (fun->nrofargs<0) {
901 /* Typical cdecl return frame is:
903 * which has (for xxxxxxxx up to 255 the opcode "83 C4 xx".
904 * (after that 81 C2 xx xx xx xx)
906 LPBYTE reteip = (LPBYTE)CALLER1REF;
909 if ((reteip[0]==0x83)&&(reteip[1]==0xc4))
910 fun->nrofargs=reteip[2]/4;
916 for (i=0;i<sizeof((*rets)->entry)/sizeof((*rets)->entry[0]);i++)
917 if (!(*rets)->entry[i].origreturn)
919 if (i!=sizeof((*rets)->entry)/sizeof((*rets)->entry[0]))
921 rets = &((*rets)->next);
927 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
928 MEM_COMMIT | MEM_RESERVE,
929 PAGE_EXECUTE_READWRITE);
932 memset(*rets,0,4096);
933 i = 0; /* entry 0 is free */
935 ret = &((*rets)->entry[i]);
937 /* NOTE: origreturn struct member MUST come directly after snoopret */
938 ret->snoopret = ((char*)SNOOP_Return)-(char*)(&ret->origreturn);
939 ret->origreturn = (FARPROC)CALLER1REF;
940 CALLER1REF = (DWORD)&ret->lcall;
943 ret->ordinal = ordinal;
944 ret->origESP = context->Esp;
946 context->Eip = (DWORD)fun->origfun;
948 if (TRACE_ON(timestamp))
950 if (fun->name) DPRINTF("%04x:CALL %s.%s(",GetCurrentThreadId(),dll->name,fun->name);
951 else DPRINTF("%04x:CALL %s.%d(",GetCurrentThreadId(),dll->name,dll->ordbase+ordinal);
952 if (fun->nrofargs>0) {
953 max = fun->nrofargs; if (max>16) max=16;
956 SNOOP_PrintArg(*(DWORD*)(context->Esp + 4 + sizeof(DWORD)*i));
957 if (i<fun->nrofargs-1) DPRINTF(",");
959 if (max!=fun->nrofargs)
961 } else if (fun->nrofargs<0) {
962 DPRINTF("<unknown, check return>");
963 ret->args = RtlAllocateHeap(GetProcessHeap(),
965 memcpy(ret->args,(LPBYTE)(context->Esp + 4),sizeof(DWORD)*16);
967 DPRINTF(") ret=%08x\n",(DWORD)ret->origreturn);
971 void WINAPI __regs_SNOOP_Return( CONTEXT *context )
973 SNOOP_RETURNENTRY *ret = (SNOOP_RETURNENTRY*)(context->Eip - 5);
974 SNOOP_FUN *fun = &ret->dll->funs[ret->ordinal];
976 /* We haven't found out the nrofargs yet. If we called a cdecl
977 * function it is too late anyway and we can just set '0' (which
978 * will be the difference between orig and current ESP
979 * If stdcall -> everything ok.
981 if (ret->dll->funs[ret->ordinal].nrofargs<0)
982 ret->dll->funs[ret->ordinal].nrofargs=(context->Esp - ret->origESP-4)/4;
983 context->Eip = (DWORD)ret->origreturn;
984 if (TRACE_ON(timestamp))
990 DPRINTF("%04x:RET %s.%s(", GetCurrentThreadId(), ret->dll->name, fun->name);
992 DPRINTF("%04x:RET %s.%d(", GetCurrentThreadId(),
993 ret->dll->name,ret->dll->ordbase+ret->ordinal);
1000 SNOOP_PrintArg(ret->args[i]);
1001 if (i<max-1) DPRINTF(",");
1003 DPRINTF(") retval=%08x ret=%08x\n",
1004 context->Eax,(DWORD)ret->origreturn );
1005 RtlFreeHeap(GetProcessHeap(),0,ret->args);
1011 DPRINTF("%04x:RET %s.%s() retval=%08x ret=%08x\n",
1012 GetCurrentThreadId(),
1013 ret->dll->name, fun->name, context->Eax, (DWORD)ret->origreturn);
1015 DPRINTF("%04x:RET %s.%d() retval=%08x ret=%08x\n",
1016 GetCurrentThreadId(),
1017 ret->dll->name,ret->dll->ordbase+ret->ordinal,
1018 context->Eax, (DWORD)ret->origreturn);
1020 ret->origreturn = NULL; /* mark as empty */
1023 /* assembly wrappers that save the context */
1024 DEFINE_REGS_ENTRYPOINT( SNOOP_Entry, 0 )
1025 DEFINE_REGS_ENTRYPOINT( SNOOP_Return, 0 )
1027 #else /* __i386__ */
1029 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports, DWORD exp_size,
1030 FARPROC origfun, DWORD ordinal, const WCHAR *user )
1035 void SNOOP_SetupDLL( HMODULE hmod )
1037 FIXME("snooping works only on i386 for now.\n");
1040 #endif /* __i386__ */
projects / wine / blob