2 * Win32 relay and snoop functions
4 * Copyright 1997 Alexandre Julliard
5 * Copyright 1998 Marcus Meissner
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
23 #include "wine/port.h"
32 #include "wine/exception.h"
33 #include "ntdll_misc.h"
34 #include "wine/unicode.h"
35 #include "wine/debug.h"
37 WINE_DEFAULT_DEBUG_CHANNEL(relay);
41 WINE_DECLARE_DEBUG_CHANNEL(snoop);
42 WINE_DECLARE_DEBUG_CHANNEL(seh);
44 struct relay_descr /* descriptor for a module */
46 void *magic; /* signature */
47 void *relay_from_32; /* functions to call from relay thunks */
48 void *relay_from_32_regs;
49 void *private; /* reserved for the relay code private data */
50 const char *entry_point_base; /* base address of entry point thunks */
51 const unsigned int *entry_point_offsets; /* offsets of entry points thunks */
52 const unsigned int *arg_types; /* table of argument types for all entry points */
55 #define RELAY_DESCR_MAGIC ((void *)0xdeb90001)
57 /* private data built at dll load time */
59 struct relay_entry_point
61 void *orig_func; /* original entry point function */
62 const char *name; /* function name (if any) */
65 struct relay_private_data
67 HMODULE module; /* module handle of this dll */
68 unsigned int base; /* ordinal base */
69 char dllname[40]; /* dll name (without .dll extension) */
70 struct relay_entry_point entry_points[1]; /* list of dll entry points */
73 static const WCHAR **debug_relay_excludelist;
74 static const WCHAR **debug_relay_includelist;
75 static const WCHAR **debug_snoop_excludelist;
76 static const WCHAR **debug_snoop_includelist;
77 static const WCHAR **debug_from_relay_excludelist;
78 static const WCHAR **debug_from_relay_includelist;
79 static const WCHAR **debug_from_snoop_excludelist;
80 static const WCHAR **debug_from_snoop_includelist;
82 static BOOL init_done;
84 /* compare an ASCII and a Unicode string without depending on the current codepage */
85 static inline int strcmpAW( const char *strA, const WCHAR *strW )
87 while (*strA && ((unsigned char)*strA == *strW)) { strA++; strW++; }
88 return (unsigned char)*strA - *strW;
91 /* compare an ASCII and a Unicode string without depending on the current codepage */
92 static inline int strncmpiAW( const char *strA, const WCHAR *strW, int n )
95 for ( ; n > 0; n--, strA++, strW++)
96 if ((ret = toupperW((unsigned char)*strA) - toupperW(*strW)) || !*strA) break;
100 /***********************************************************************
103 * Build a function list from a ';'-separated string.
105 static const WCHAR **build_list( const WCHAR *buffer )
108 const WCHAR *p = buffer;
111 while ((p = strchrW( p, ';' )))
116 /* allocate count+1 pointers, plus the space for a copy of the string */
117 if ((ret = RtlAllocateHeap( GetProcessHeap(), 0,
118 (count+1) * sizeof(WCHAR*) + (strlenW(buffer)+1) * sizeof(WCHAR) )))
120 WCHAR *str = (WCHAR *)(ret + count + 1);
123 strcpyW( str, buffer );
128 if (!(p = strchrW( p, ';' ))) break;
137 /***********************************************************************
140 * Build the relay include/exclude function lists.
142 static void init_debug_lists(void)
144 OBJECT_ATTRIBUTES attr;
150 static const WCHAR configW[] = {'S','o','f','t','w','a','r','e','\\',
151 'W','i','n','e','\\',
152 'D','e','b','u','g',0};
153 static const WCHAR RelayIncludeW[] = {'R','e','l','a','y','I','n','c','l','u','d','e',0};
154 static const WCHAR RelayExcludeW[] = {'R','e','l','a','y','E','x','c','l','u','d','e',0};
155 static const WCHAR SnoopIncludeW[] = {'S','n','o','o','p','I','n','c','l','u','d','e',0};
156 static const WCHAR SnoopExcludeW[] = {'S','n','o','o','p','E','x','c','l','u','d','e',0};
157 static const WCHAR RelayFromIncludeW[] = {'R','e','l','a','y','F','r','o','m','I','n','c','l','u','d','e',0};
158 static const WCHAR RelayFromExcludeW[] = {'R','e','l','a','y','F','r','o','m','E','x','c','l','u','d','e',0};
159 static const WCHAR SnoopFromIncludeW[] = {'S','n','o','o','p','F','r','o','m','I','n','c','l','u','d','e',0};
160 static const WCHAR SnoopFromExcludeW[] = {'S','n','o','o','p','F','r','o','m','E','x','c','l','u','d','e',0};
162 if (init_done) return;
165 RtlOpenCurrentUser( KEY_ALL_ACCESS, &root );
166 attr.Length = sizeof(attr);
167 attr.RootDirectory = root;
168 attr.ObjectName = &name;
170 attr.SecurityDescriptor = NULL;
171 attr.SecurityQualityOfService = NULL;
172 RtlInitUnicodeString( &name, configW );
174 /* @@ Wine registry key: HKCU\Software\Wine\Debug */
175 if (NtOpenKey( &hkey, KEY_ALL_ACCESS, &attr )) hkey = 0;
179 str = (WCHAR *)((KEY_VALUE_PARTIAL_INFORMATION *)buffer)->Data;
180 RtlInitUnicodeString( &name, RelayIncludeW );
181 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
183 TRACE("RelayInclude = %s\n", debugstr_w(str) );
184 debug_relay_includelist = build_list( str );
187 RtlInitUnicodeString( &name, RelayExcludeW );
188 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
190 TRACE( "RelayExclude = %s\n", debugstr_w(str) );
191 debug_relay_excludelist = build_list( str );
194 RtlInitUnicodeString( &name, SnoopIncludeW );
195 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
197 TRACE_(snoop)( "SnoopInclude = %s\n", debugstr_w(str) );
198 debug_snoop_includelist = build_list( str );
201 RtlInitUnicodeString( &name, SnoopExcludeW );
202 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
204 TRACE_(snoop)( "SnoopExclude = %s\n", debugstr_w(str) );
205 debug_snoop_excludelist = build_list( str );
208 RtlInitUnicodeString( &name, RelayFromIncludeW );
209 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
211 TRACE("RelayFromInclude = %s\n", debugstr_w(str) );
212 debug_from_relay_includelist = build_list( str );
215 RtlInitUnicodeString( &name, RelayFromExcludeW );
216 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
218 TRACE( "RelayFromExclude = %s\n", debugstr_w(str) );
219 debug_from_relay_excludelist = build_list( str );
222 RtlInitUnicodeString( &name, SnoopFromIncludeW );
223 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
225 TRACE_(snoop)("SnoopFromInclude = %s\n", debugstr_w(str) );
226 debug_from_snoop_includelist = build_list( str );
229 RtlInitUnicodeString( &name, SnoopFromExcludeW );
230 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
232 TRACE_(snoop)( "SnoopFromExclude = %s\n", debugstr_w(str) );
233 debug_from_snoop_excludelist = build_list( str );
240 /***********************************************************************
243 * Check if a given module and function is in the list.
245 static BOOL check_list( const char *module, int ordinal, const char *func, const WCHAR *const *list )
249 sprintf( ord_str, "%d", ordinal );
252 const WCHAR *p = strrchrW( *list, '.' );
253 if (p && p > *list) /* check module and function */
256 if (strncmpiAW( module, *list, len-1 ) || module[len]) continue;
257 if (p[1] == '*' && !p[2]) return TRUE;
258 if (!strcmpAW( ord_str, p + 1 )) return TRUE;
259 if (func && !strcmpAW( func, p + 1 )) return TRUE;
261 else /* function only */
263 if (func && !strcmpAW( func, *list )) return TRUE;
270 /***********************************************************************
271 * check_relay_include
273 * Check if a given function must be included in the relay output.
275 static BOOL check_relay_include( const char *module, int ordinal, const char *func )
277 if (debug_relay_excludelist && check_list( module, ordinal, func, debug_relay_excludelist ))
279 if (debug_relay_includelist && !check_list( module, ordinal, func, debug_relay_includelist ))
284 /***********************************************************************
287 * Check if calls from a given module must be included in the relay/snoop output,
288 * given the exclusion and inclusion lists.
290 static BOOL check_from_module( const WCHAR **includelist, const WCHAR **excludelist, const WCHAR *module )
292 static const WCHAR dllW[] = {'.','d','l','l',0 };
293 const WCHAR **listitem;
296 if (!module) return TRUE;
297 if (!includelist && !excludelist) return TRUE;
301 listitem = excludelist;
306 listitem = includelist;
308 for(; *listitem; listitem++)
312 if (!strcmpiW( *listitem, module )) return !show;
313 len = strlenW( *listitem );
314 if (!strncmpiW( *listitem, module, len ) && !strcmpiW( module + len, dllW ))
320 /***********************************************************************
323 static inline void RELAY_PrintArgs( const int *args, int nb_args, unsigned int typemask )
327 if ((typemask & 3) && HIWORD(*args))
330 DPRINTF( "%08x %s", *args, debugstr_w((LPCWSTR)*args) );
332 DPRINTF( "%08x %s", *args, debugstr_a((LPCSTR)*args) );
334 else DPRINTF( "%08x", *args );
335 if (nb_args) DPRINTF( "," );
341 extern LONGLONG call_entry_point( void *func, int nb_args, const int *args );
342 __ASM_GLOBAL_FUNC( call_entry_point,
347 "\tmovl 12(%ebp),%edx\n"
352 "\tmovl 12(%ebp),%ecx\n"
353 "\tmovl 16(%ebp),%esi\n"
357 "1:\tcall *8(%ebp)\n"
358 "\tleal -8(%ebp),%esp\n"
365 /***********************************************************************
368 * stack points to the return address, i.e. the first argument is stack[1].
370 static LONGLONG WINAPI relay_call_from_32( struct relay_descr *descr, unsigned int idx, const int *stack )
373 WORD ordinal = LOWORD(idx);
374 BYTE nb_args = LOBYTE(HIWORD(idx));
375 BYTE flags = HIBYTE(HIWORD(idx));
376 struct relay_private_data *data = descr->private;
377 struct relay_entry_point *entry_point = data->entry_points + ordinal;
379 if (!TRACE_ON(relay))
380 ret = call_entry_point( entry_point->orig_func, nb_args, stack + 1 );
383 if (entry_point->name)
384 DPRINTF( "%04x:Call %s.%s(", GetCurrentThreadId(), data->dllname, entry_point->name );
386 DPRINTF( "%04x:Call %s.%u(", GetCurrentThreadId(), data->dllname, data->base + ordinal );
387 RELAY_PrintArgs( stack + 1, nb_args, descr->arg_types[ordinal] );
388 DPRINTF( ") ret=%08x\n", stack[0] );
390 ret = call_entry_point( entry_point->orig_func, nb_args, stack + 1 );
392 if (entry_point->name)
393 DPRINTF( "%04x:Ret %s.%s()", GetCurrentThreadId(), data->dllname, entry_point->name );
395 DPRINTF( "%04x:Ret %s.%u()", GetCurrentThreadId(), data->dllname, data->base + ordinal );
397 if (flags & 1) /* 64-bit return value */
398 DPRINTF( " retval=%08x%08x ret=%08x\n",
399 (UINT)(ret >> 32), (UINT)ret, stack[0] );
401 DPRINTF( " retval=%08x ret=%08x\n", (UINT)ret, stack[0] );
407 /***********************************************************************
408 * relay_call_from_32_regs
410 void WINAPI __regs_relay_call_from_32_regs( struct relay_descr *descr, unsigned int idx,
411 unsigned int orig_eax, unsigned int ret_addr,
414 WORD ordinal = LOWORD(idx);
415 BYTE nb_args = LOBYTE(HIWORD(idx));
416 BYTE flags = HIBYTE(HIWORD(idx));
417 struct relay_private_data *data = descr->private;
418 struct relay_entry_point *entry_point = data->entry_points + ordinal;
419 BYTE *orig_func = entry_point->orig_func;
420 int *args = (int *)context->Esp;
423 /* restore the context to what it was before the relay thunk */
424 context->Eax = orig_eax;
425 context->Eip = ret_addr;
426 if (flags & 2) /* stdcall */
427 context->Esp += nb_args * sizeof(int);
431 if (entry_point->name)
432 DPRINTF( "%04x:Call %s.%s(", GetCurrentThreadId(), data->dllname, entry_point->name );
434 DPRINTF( "%04x:Call %s.%u(", GetCurrentThreadId(), data->dllname, data->base + ordinal );
435 RELAY_PrintArgs( args, nb_args, descr->arg_types[ordinal] );
436 DPRINTF( ") ret=%08x\n", ret_addr );
438 DPRINTF( "%04x: eax=%08x ebx=%08x ecx=%08x edx=%08x esi=%08x edi=%08x "
439 "ebp=%08x esp=%08x ds=%04x es=%04x fs=%04x gs=%04x flags=%08x\n",
440 GetCurrentThreadId(), context->Eax, context->Ebx, context->Ecx,
441 context->Edx, context->Esi, context->Edi, context->Ebp, context->Esp,
442 context->SegDs, context->SegEs, context->SegFs, context->SegGs, context->EFlags );
444 assert( orig_func[0] == 0x50 /* pushl %eax */ );
445 assert( orig_func[1] == 0xe8 /* call */ );
448 /* now call the real function */
450 memcpy( args_copy, args, nb_args * sizeof(args[0]) );
451 args_copy[nb_args++] = (int)context; /* append context argument */
453 call_entry_point( orig_func + 6 + *(int *)(orig_func + 6), nb_args, args_copy );
458 if (entry_point->name)
459 DPRINTF( "%04x:Ret %s.%s() retval=%08x ret=%08x\n",
460 GetCurrentThreadId(), data->dllname, entry_point->name,
461 context->Eax, context->Eip );
463 DPRINTF( "%04x:Ret %s.%u() retval=%08x ret=%08x\n",
464 GetCurrentThreadId(), data->dllname, data->base + ordinal,
465 context->Eax, context->Eip );
466 DPRINTF( "%04x: eax=%08x ebx=%08x ecx=%08x edx=%08x esi=%08x edi=%08x "
467 "ebp=%08x esp=%08x ds=%04x es=%04x fs=%04x gs=%04x flags=%08x\n",
468 GetCurrentThreadId(), context->Eax, context->Ebx, context->Ecx,
469 context->Edx, context->Esi, context->Edi, context->Ebp, context->Esp,
470 context->SegDs, context->SegEs, context->SegFs, context->SegGs, context->EFlags );
473 extern void WINAPI relay_call_from_32_regs(void);
474 DEFINE_REGS_ENTRYPOINT( relay_call_from_32_regs, 16, 16 )
477 /***********************************************************************
478 * RELAY_GetProcAddress
480 * Return the proc address to use for a given function.
482 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
483 DWORD exp_size, FARPROC proc, DWORD ordinal, const WCHAR *user )
485 struct relay_private_data *data;
486 const struct relay_descr *descr = (const struct relay_descr *)((const char *)exports + exp_size);
488 if (descr->magic != RELAY_DESCR_MAGIC || !(data = descr->private)) return proc; /* no relay data */
489 if (!data->entry_points[ordinal].orig_func) return proc; /* not a relayed function */
490 if (check_from_module( debug_from_relay_includelist, debug_from_relay_excludelist, user ))
491 return proc; /* we want to relay it */
492 return data->entry_points[ordinal].orig_func;
496 /***********************************************************************
499 * Setup relay debugging for a built-in dll.
501 void RELAY_SetupDLL( HMODULE module )
503 IMAGE_EXPORT_DIRECTORY *exports;
506 DWORD size, entry_point_rva;
507 struct relay_descr *descr;
508 struct relay_private_data *data;
511 if (!init_done) init_debug_lists();
513 exports = RtlImageDirectoryEntryToData( module, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
514 if (!exports) return;
516 descr = (struct relay_descr *)((char *)exports + size);
517 if (descr->magic != RELAY_DESCR_MAGIC) return;
519 if (!(data = RtlAllocateHeap( GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*data) +
520 (exports->NumberOfFunctions-1) * sizeof(data->entry_points) )))
523 descr->relay_from_32 = relay_call_from_32;
524 descr->relay_from_32_regs = relay_call_from_32_regs;
525 descr->private = data;
527 data->module = module;
528 data->base = exports->Base;
529 len = strlen( (char *)module + exports->Name );
530 if (len > 4 && !strcasecmp( (char *)module + exports->Name + len - 4, ".dll" )) len -= 4;
531 len = min( len, sizeof(data->dllname) - 1 );
532 memcpy( data->dllname, (char *)module + exports->Name, len );
533 data->dllname[len] = 0;
535 /* fetch name pointer for all entry points and store them in the private structure */
537 ordptr = (const WORD *)((char *)module + exports->AddressOfNameOrdinals);
538 for (i = 0; i < exports->NumberOfNames; i++, ordptr++)
540 DWORD name_rva = ((DWORD*)((char *)module + exports->AddressOfNames))[i];
541 data->entry_points[*ordptr].name = (const char *)module + name_rva;
544 /* patch the functions in the export table to point to the relay thunks */
546 funcs = (DWORD *)((char *)module + exports->AddressOfFunctions);
547 entry_point_rva = (const char *)descr->entry_point_base - (const char *)module;
548 for (i = 0; i < exports->NumberOfFunctions; i++, funcs++)
550 if (!descr->entry_point_offsets[i]) continue; /* not a normal function */
551 if (!check_relay_include( data->dllname, i + exports->Base, data->entry_points[i].name ))
552 continue; /* don't include this entry point */
554 data->entry_points[i].orig_func = (char *)module + *funcs;
555 *funcs = entry_point_rva + descr->entry_point_offsets[i];
561 /***********************************************************************/
563 /***********************************************************************/
565 #include "pshpack1.h"
570 BYTE lcall; /* 0xe8 call snoopentry (relative) */
571 /* NOTE: If you move snoopentry OR nrofargs fix the relative offset
574 DWORD snoopentry; /* SNOOP_Entry relative */
581 typedef struct tagSNOOP_DLL {
586 struct tagSNOOP_DLL *next;
593 BYTE lcall; /* 0xe8 call snoopret relative*/
594 /* NOTE: If you move snoopret OR origreturn fix the relative offset
597 DWORD snoopret; /* SNOOP_Ret relative */
603 DWORD *args; /* saved args across a stdcall */
606 typedef struct tagSNOOP_RETURNENTRIES {
607 SNOOP_RETURNENTRY entry[4092/sizeof(SNOOP_RETURNENTRY)];
608 struct tagSNOOP_RETURNENTRIES *next;
609 } SNOOP_RETURNENTRIES;
613 extern void WINAPI SNOOP_Entry(void);
614 extern void WINAPI SNOOP_Return(void);
616 static SNOOP_DLL *firstdll;
617 static SNOOP_RETURNENTRIES *firstrets;
620 /***********************************************************************
621 * SNOOP_ShowDebugmsgSnoop
623 * Simple function to decide if a particular debugging message is
626 static BOOL SNOOP_ShowDebugmsgSnoop(const char *module, int ordinal, const char *func)
628 if (debug_snoop_excludelist && check_list( module, ordinal, func, debug_snoop_excludelist ))
630 if (debug_snoop_includelist && !check_list( module, ordinal, func, debug_snoop_includelist ))
636 /***********************************************************************
639 * Setup snoop debugging for a native dll.
641 void SNOOP_SetupDLL(HMODULE hmod)
643 SNOOP_DLL **dll = &firstdll;
648 IMAGE_EXPORT_DIRECTORY *exports;
650 if (!init_done) init_debug_lists();
652 exports = RtlImageDirectoryEntryToData( hmod, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size32 );
653 if (!exports || !exports->NumberOfFunctions) return;
654 name = (char *)hmod + exports->Name;
657 TRACE_(snoop)("hmod=%p, name=%s\n", hmod, name);
660 if ((*dll)->hmod == hmod)
662 /* another dll, loaded at the same address */
664 size = (*dll)->nrofordinals * sizeof(SNOOP_FUN);
665 NtFreeVirtualMemory(NtCurrentProcess(), &addr, &size, MEM_RELEASE);
668 dll = &((*dll)->next);
671 *dll = RtlReAllocateHeap(GetProcessHeap(),
672 HEAP_ZERO_MEMORY, *dll,
673 sizeof(SNOOP_DLL) + strlen(name));
675 *dll = RtlAllocateHeap(GetProcessHeap(),
677 sizeof(SNOOP_DLL) + strlen(name));
679 (*dll)->ordbase = exports->Base;
680 (*dll)->nrofordinals = exports->NumberOfFunctions;
681 strcpy( (*dll)->name, name );
682 p = (*dll)->name + strlen((*dll)->name) - 4;
683 if (p > (*dll)->name && !strcasecmp( p, ".dll" )) *p = 0;
685 size = exports->NumberOfFunctions * sizeof(SNOOP_FUN);
687 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
688 MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
690 RtlFreeHeap(GetProcessHeap(),0,*dll);
691 FIXME("out of memory\n");
695 memset((*dll)->funs,0,size);
699 /***********************************************************************
700 * SNOOP_GetProcAddress
702 * Return the proc address to use for a given function.
704 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports,
705 DWORD exp_size, FARPROC origfun, DWORD ordinal,
710 const WORD *ordinals;
712 SNOOP_DLL *dll = firstdll;
714 const IMAGE_SECTION_HEADER *sec;
716 if (!TRACE_ON(snoop)) return origfun;
717 if (!check_from_module( debug_from_snoop_includelist, debug_from_snoop_excludelist, user ))
718 return origfun; /* the calling module was explicitly excluded */
720 if (!*(LPBYTE)origfun) /* 0x00 is an imposs. opcode, poss. dataref. */
723 sec = RtlImageRvaToSection( RtlImageNtHeader(hmod), hmod, (char *)origfun - (char *)hmod );
725 if (!sec || !(sec->Characteristics & IMAGE_SCN_CNT_CODE))
726 return origfun; /* most likely a data reference */
729 if (hmod == dll->hmod)
733 if (!dll) /* probably internal */
736 /* try to find a name for it */
738 names = (const DWORD *)((const char *)hmod + exports->AddressOfNames);
739 ordinals = (const WORD *)((const char *)hmod + exports->AddressOfNameOrdinals);
740 if (names) for (i = 0; i < exports->NumberOfNames; i++)
742 if (ordinals[i] == ordinal)
744 ename = (const char *)hmod + names[i];
748 if (!SNOOP_ShowDebugmsgSnoop(dll->name,ordinal,ename))
750 assert(ordinal < dll->nrofordinals);
751 fun = dll->funs + ordinal;
756 /* NOTE: origreturn struct member MUST come directly after snoopentry */
757 fun->snoopentry = (char*)SNOOP_Entry-((char*)(&fun->nrofargs));
758 fun->origfun = origfun;
761 return (FARPROC)&(fun->lcall);
764 static void SNOOP_PrintArg(DWORD x)
769 if (!HIWORD(x) || TRACE_ON(seh)) return; /* trivial reject to avoid faults */
776 if (s[i]<0x20) {nostring=1;break;}
777 if (s[i]>=0x80) {nostring=1;break;}
780 if (!nostring && i > 5)
781 DPRINTF(" %s",debugstr_an((LPSTR)x,i));
782 else /* try unicode */
788 if (s[i]<0x20) {nostring=1;break;}
789 if (s[i]>0x100) {nostring=1;break;}
792 if (!nostring && i > 5) DPRINTF(" %s",debugstr_wn((LPWSTR)x,i));
801 #define CALLER1REF (*(DWORD*)context->Esp)
803 void WINAPI __regs_SNOOP_Entry( CONTEXT86 *context )
805 DWORD ordinal=0,entry = context->Eip - 5;
806 SNOOP_DLL *dll = firstdll;
807 SNOOP_FUN *fun = NULL;
808 SNOOP_RETURNENTRIES **rets = &firstrets;
809 SNOOP_RETURNENTRY *ret;
813 if ( ((char*)entry>=(char*)dll->funs) &&
814 ((char*)entry<=(char*)(dll->funs+dll->nrofordinals))
816 fun = (SNOOP_FUN*)entry;
817 ordinal = fun-dll->funs;
823 FIXME("entrypoint 0x%08x not found\n",entry);
826 /* guess cdecl ... */
827 if (fun->nrofargs<0) {
828 /* Typical cdecl return frame is:
830 * which has (for xxxxxxxx up to 255 the opcode "83 C4 xx".
831 * (after that 81 C2 xx xx xx xx)
833 LPBYTE reteip = (LPBYTE)CALLER1REF;
836 if ((reteip[0]==0x83)&&(reteip[1]==0xc4))
837 fun->nrofargs=reteip[2]/4;
843 for (i=0;i<sizeof((*rets)->entry)/sizeof((*rets)->entry[0]);i++)
844 if (!(*rets)->entry[i].origreturn)
846 if (i!=sizeof((*rets)->entry)/sizeof((*rets)->entry[0]))
848 rets = &((*rets)->next);
854 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
855 MEM_COMMIT | MEM_RESERVE,
856 PAGE_EXECUTE_READWRITE);
859 memset(*rets,0,4096);
860 i = 0; /* entry 0 is free */
862 ret = &((*rets)->entry[i]);
864 /* NOTE: origreturn struct member MUST come directly after snoopret */
865 ret->snoopret = ((char*)SNOOP_Return)-(char*)(&ret->origreturn);
866 ret->origreturn = (FARPROC)CALLER1REF;
867 CALLER1REF = (DWORD)&ret->lcall;
870 ret->ordinal = ordinal;
871 ret->origESP = context->Esp;
873 context->Eip = (DWORD)fun->origfun;
875 if (fun->name) DPRINTF("%04x:CALL %s.%s(",GetCurrentThreadId(),dll->name,fun->name);
876 else DPRINTF("%04x:CALL %s.%d(",GetCurrentThreadId(),dll->name,dll->ordbase+ordinal);
877 if (fun->nrofargs>0) {
878 max = fun->nrofargs; if (max>16) max=16;
881 SNOOP_PrintArg(*(DWORD*)(context->Esp + 4 + sizeof(DWORD)*i));
882 if (i<fun->nrofargs-1) DPRINTF(",");
884 if (max!=fun->nrofargs)
886 } else if (fun->nrofargs<0) {
887 DPRINTF("<unknown, check return>");
888 ret->args = RtlAllocateHeap(GetProcessHeap(),
890 memcpy(ret->args,(LPBYTE)(context->Esp + 4),sizeof(DWORD)*16);
892 DPRINTF(") ret=%08x\n",(DWORD)ret->origreturn);
896 void WINAPI __regs_SNOOP_Return( CONTEXT86 *context )
898 SNOOP_RETURNENTRY *ret = (SNOOP_RETURNENTRY*)(context->Eip - 5);
899 SNOOP_FUN *fun = &ret->dll->funs[ret->ordinal];
901 /* We haven't found out the nrofargs yet. If we called a cdecl
902 * function it is too late anyway and we can just set '0' (which
903 * will be the difference between orig and current ESP
904 * If stdcall -> everything ok.
906 if (ret->dll->funs[ret->ordinal].nrofargs<0)
907 ret->dll->funs[ret->ordinal].nrofargs=(context->Esp - ret->origESP-4)/4;
908 context->Eip = (DWORD)ret->origreturn;
913 DPRINTF("%04x:RET %s.%s(", GetCurrentThreadId(), ret->dll->name, fun->name);
915 DPRINTF("%04x:RET %s.%d(", GetCurrentThreadId(),
916 ret->dll->name,ret->dll->ordbase+ret->ordinal);
923 SNOOP_PrintArg(ret->args[i]);
924 if (i<max-1) DPRINTF(",");
926 DPRINTF(") retval=%08x ret=%08x\n",
927 context->Eax,(DWORD)ret->origreturn );
928 RtlFreeHeap(GetProcessHeap(),0,ret->args);
934 DPRINTF("%04x:RET %s.%s() retval=%08x ret=%08x\n",
935 GetCurrentThreadId(),
936 ret->dll->name, fun->name, context->Eax, (DWORD)ret->origreturn);
938 DPRINTF("%04x:RET %s.%d() retval=%08x ret=%08x\n",
939 GetCurrentThreadId(),
940 ret->dll->name,ret->dll->ordbase+ret->ordinal,
941 context->Eax, (DWORD)ret->origreturn);
943 ret->origreturn = NULL; /* mark as empty */
946 /* assembly wrappers that save the context */
947 DEFINE_REGS_ENTRYPOINT( SNOOP_Entry, 0, 0 )
948 DEFINE_REGS_ENTRYPOINT( SNOOP_Return, 0, 0 )
952 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
953 DWORD exp_size, FARPROC proc, DWORD ordinal, const WCHAR *user )
958 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports, DWORD exp_size,
959 FARPROC origfun, DWORD ordinal, const WCHAR *user )
964 void RELAY_SetupDLL( HMODULE module )
968 void SNOOP_SetupDLL( HMODULE hmod )
970 FIXME("snooping works only on i386 for now.\n");
973 #endif /* __i386__ */
projects / wine / blob