2 * Win32 relay and snoop functions
4 * Copyright 1997 Alexandre Julliard
5 * Copyright 1998 Marcus Meissner
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
23 #include "wine/port.h"
33 #include "wine/exception.h"
34 #include "ntdll_misc.h"
35 #include "wine/unicode.h"
36 #include "wine/debug.h"
38 WINE_DEFAULT_DEBUG_CHANNEL(relay);
42 WINE_DECLARE_DEBUG_CHANNEL(snoop);
43 WINE_DECLARE_DEBUG_CHANNEL(seh);
45 struct relay_descr /* descriptor for a module */
47 void *magic; /* signature */
48 void *relay_from_32; /* functions to call from relay thunks */
49 void *relay_from_32_regs;
50 void *private; /* reserved for the relay code private data */
51 const char *entry_point_base; /* base address of entry point thunks */
52 const unsigned int *entry_point_offsets; /* offsets of entry points thunks */
53 const unsigned int *arg_types; /* table of argument types for all entry points */
56 #define RELAY_DESCR_MAGIC ((void *)0xdeb90001)
58 /* private data built at dll load time */
60 struct relay_entry_point
62 void *orig_func; /* original entry point function */
63 const char *name; /* function name (if any) */
66 struct relay_private_data
68 HMODULE module; /* module handle of this dll */
69 unsigned int base; /* ordinal base */
70 char dllname[40]; /* dll name (without .dll extension) */
71 struct relay_entry_point entry_points[1]; /* list of dll entry points */
74 static const WCHAR **debug_relay_excludelist;
75 static const WCHAR **debug_relay_includelist;
76 static const WCHAR **debug_snoop_excludelist;
77 static const WCHAR **debug_snoop_includelist;
78 static const WCHAR **debug_from_relay_excludelist;
79 static const WCHAR **debug_from_relay_includelist;
80 static const WCHAR **debug_from_snoop_excludelist;
81 static const WCHAR **debug_from_snoop_includelist;
83 static BOOL init_done;
85 /* compare an ASCII and a Unicode string without depending on the current codepage */
86 inline static int strcmpAW( const char *strA, const WCHAR *strW )
88 while (*strA && ((unsigned char)*strA == *strW)) { strA++; strW++; }
89 return (unsigned char)*strA - *strW;
92 /* compare an ASCII and a Unicode string without depending on the current codepage */
93 inline static int strncmpiAW( const char *strA, const WCHAR *strW, int n )
96 for ( ; n > 0; n--, strA++, strW++)
97 if ((ret = toupperW((unsigned char)*strA) - toupperW(*strW)) || !*strA) break;
101 /***********************************************************************
104 * Build a function list from a ';'-separated string.
106 static const WCHAR **build_list( const WCHAR *buffer )
109 const WCHAR *p = buffer;
112 while ((p = strchrW( p, ';' )))
117 /* allocate count+1 pointers, plus the space for a copy of the string */
118 if ((ret = RtlAllocateHeap( GetProcessHeap(), 0,
119 (count+1) * sizeof(WCHAR*) + (strlenW(buffer)+1) * sizeof(WCHAR) )))
121 WCHAR *str = (WCHAR *)(ret + count + 1);
124 strcpyW( str, buffer );
129 if (!(p = strchrW( p, ';' ))) break;
138 /***********************************************************************
141 * Build the relay include/exclude function lists.
143 static void init_debug_lists(void)
145 OBJECT_ATTRIBUTES attr;
151 static const WCHAR configW[] = {'S','o','f','t','w','a','r','e','\\',
152 'W','i','n','e','\\',
153 'D','e','b','u','g',0};
154 static const WCHAR RelayIncludeW[] = {'R','e','l','a','y','I','n','c','l','u','d','e',0};
155 static const WCHAR RelayExcludeW[] = {'R','e','l','a','y','E','x','c','l','u','d','e',0};
156 static const WCHAR SnoopIncludeW[] = {'S','n','o','o','p','I','n','c','l','u','d','e',0};
157 static const WCHAR SnoopExcludeW[] = {'S','n','o','o','p','E','x','c','l','u','d','e',0};
158 static const WCHAR RelayFromIncludeW[] = {'R','e','l','a','y','F','r','o','m','I','n','c','l','u','d','e',0};
159 static const WCHAR RelayFromExcludeW[] = {'R','e','l','a','y','F','r','o','m','E','x','c','l','u','d','e',0};
160 static const WCHAR SnoopFromIncludeW[] = {'S','n','o','o','p','F','r','o','m','I','n','c','l','u','d','e',0};
161 static const WCHAR SnoopFromExcludeW[] = {'S','n','o','o','p','F','r','o','m','E','x','c','l','u','d','e',0};
163 if (init_done) return;
166 RtlOpenCurrentUser( KEY_ALL_ACCESS, &root );
167 attr.Length = sizeof(attr);
168 attr.RootDirectory = root;
169 attr.ObjectName = &name;
171 attr.SecurityDescriptor = NULL;
172 attr.SecurityQualityOfService = NULL;
173 RtlInitUnicodeString( &name, configW );
175 /* @@ Wine registry key: HKCU\Software\Wine\Debug */
176 if (NtOpenKey( &hkey, KEY_ALL_ACCESS, &attr )) hkey = 0;
180 str = (WCHAR *)((KEY_VALUE_PARTIAL_INFORMATION *)buffer)->Data;
181 RtlInitUnicodeString( &name, RelayIncludeW );
182 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
184 TRACE("RelayInclude = %s\n", debugstr_w(str) );
185 debug_relay_includelist = build_list( str );
188 RtlInitUnicodeString( &name, RelayExcludeW );
189 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
191 TRACE( "RelayExclude = %s\n", debugstr_w(str) );
192 debug_relay_excludelist = build_list( str );
195 RtlInitUnicodeString( &name, SnoopIncludeW );
196 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
198 TRACE_(snoop)( "SnoopInclude = %s\n", debugstr_w(str) );
199 debug_snoop_includelist = build_list( str );
202 RtlInitUnicodeString( &name, SnoopExcludeW );
203 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
205 TRACE_(snoop)( "SnoopExclude = %s\n", debugstr_w(str) );
206 debug_snoop_excludelist = build_list( str );
209 RtlInitUnicodeString( &name, RelayFromIncludeW );
210 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
212 TRACE("RelayFromInclude = %s\n", debugstr_w(str) );
213 debug_from_relay_includelist = build_list( str );
216 RtlInitUnicodeString( &name, RelayFromExcludeW );
217 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
219 TRACE( "RelayFromExclude = %s\n", debugstr_w(str) );
220 debug_from_relay_excludelist = build_list( str );
223 RtlInitUnicodeString( &name, SnoopFromIncludeW );
224 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
226 TRACE_(snoop)("SnoopFromInclude = %s\n", debugstr_w(str) );
227 debug_from_snoop_includelist = build_list( str );
230 RtlInitUnicodeString( &name, SnoopFromExcludeW );
231 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
233 TRACE_(snoop)( "SnoopFromExclude = %s\n", debugstr_w(str) );
234 debug_from_snoop_excludelist = build_list( str );
241 /***********************************************************************
244 * Check if a given module and function is in the list.
246 static BOOL check_list( const char *module, int ordinal, const char *func, const WCHAR **list )
250 sprintf( ord_str, "%d", ordinal );
253 const WCHAR *p = strrchrW( *list, '.' );
254 if (p && p > *list) /* check module and function */
257 if (strncmpiAW( module, *list, len-1 ) || module[len]) continue;
258 if (p[1] == '*' && !p[2]) return TRUE;
259 if (!strcmpAW( ord_str, p + 1 )) return TRUE;
260 if (func && !strcmpAW( func, p + 1 )) return TRUE;
262 else /* function only */
264 if (func && !strcmpAW( func, *list )) return TRUE;
271 /***********************************************************************
272 * check_relay_include
274 * Check if a given function must be included in the relay output.
276 static BOOL check_relay_include( const char *module, int ordinal, const char *func )
278 if (debug_relay_excludelist && check_list( module, ordinal, func, debug_relay_excludelist ))
280 if (debug_relay_includelist && !check_list( module, ordinal, func, debug_relay_includelist ))
285 /***********************************************************************
288 * Check if calls from a given module must be included in the relay/snoop output,
289 * given the exclusion and inclusion lists.
291 static BOOL check_from_module( const WCHAR **includelist, const WCHAR **excludelist, const WCHAR *module )
293 static const WCHAR dllW[] = {'.','d','l','l',0 };
294 const WCHAR **listitem;
297 if (!module) return TRUE;
298 if (!includelist && !excludelist) return TRUE;
302 listitem = excludelist;
307 listitem = includelist;
309 for(; *listitem; listitem++)
313 if (!strcmpiW( *listitem, module )) return !show;
314 len = strlenW( *listitem );
315 if (!strncmpiW( *listitem, module, len ) && !strcmpiW( module + len, dllW ))
321 /***********************************************************************
324 static inline void RELAY_PrintArgs( int *args, int nb_args, unsigned int typemask )
328 if ((typemask & 3) && HIWORD(*args))
331 DPRINTF( "%08x %s", *args, debugstr_w((LPWSTR)*args) );
333 DPRINTF( "%08x %s", *args, debugstr_a((LPCSTR)*args) );
335 else DPRINTF( "%08x", *args );
336 if (nb_args) DPRINTF( "," );
342 extern LONGLONG call_entry_point( void *func, int nb_args, const int *args );
343 __ASM_GLOBAL_FUNC( call_entry_point,
348 "\tmovl 12(%ebp),%edx\n"
353 "\tmovl 12(%ebp),%ecx\n"
354 "\tmovl 16(%ebp),%esi\n"
358 "1:\tcall *8(%ebp)\n"
359 "\tleal -8(%ebp),%esp\n"
366 /***********************************************************************
369 * stack points to the return address, i.e. the first argument is stack[1].
371 static LONGLONG WINAPI relay_call_from_32( struct relay_descr *descr, unsigned int idx, int *stack )
374 WORD ordinal = LOWORD(idx);
375 BYTE nb_args = LOBYTE(HIWORD(idx));
376 BYTE flags = HIBYTE(HIWORD(idx));
377 struct relay_private_data *data = descr->private;
378 struct relay_entry_point *entry_point = data->entry_points + ordinal;
380 if (!TRACE_ON(relay))
381 ret = call_entry_point( entry_point->orig_func, nb_args, stack + 1 );
384 if (entry_point->name)
385 DPRINTF( "%04x:Call %s.%s(", GetCurrentThreadId(), data->dllname, entry_point->name );
387 DPRINTF( "%04x:Call %s.%u(", GetCurrentThreadId(), data->dllname, data->base + ordinal );
388 RELAY_PrintArgs( stack + 1, nb_args, descr->arg_types[ordinal] );
389 DPRINTF( ") ret=%08x\n", stack[0] );
391 ret = call_entry_point( entry_point->orig_func, nb_args, stack + 1 );
393 if (entry_point->name)
394 DPRINTF( "%04x:Ret %s.%s()", GetCurrentThreadId(), data->dllname, entry_point->name );
396 DPRINTF( "%04x:Ret %s.%u()", GetCurrentThreadId(), data->dllname, data->base + ordinal );
398 if (flags & 1) /* 64-bit return value */
399 DPRINTF( " retval=%08x%08x ret=%08x\n",
400 (UINT)(ret >> 32), (UINT)ret, stack[0] );
402 DPRINTF( " retval=%08x ret=%08x\n", (UINT)ret, stack[0] );
408 /***********************************************************************
409 * relay_call_from_32_regs
411 void WINAPI __regs_relay_call_from_32_regs( struct relay_descr *descr, unsigned int idx,
412 unsigned int orig_eax, unsigned int ret_addr,
415 WORD ordinal = LOWORD(idx);
416 BYTE nb_args = LOBYTE(HIWORD(idx));
417 BYTE flags = HIBYTE(HIWORD(idx));
418 struct relay_private_data *data = descr->private;
419 struct relay_entry_point *entry_point = data->entry_points + ordinal;
420 BYTE *orig_func = entry_point->orig_func;
421 int *args = (int *)context->Esp;
424 /* restore the context to what it was before the relay thunk */
425 context->Eax = orig_eax;
426 context->Eip = ret_addr;
427 if (flags & 2) /* stdcall */
428 context->Esp += nb_args * sizeof(int);
432 if (entry_point->name)
433 DPRINTF( "%04x:Call %s.%s(", GetCurrentThreadId(), data->dllname, entry_point->name );
435 DPRINTF( "%04x:Call %s.%u(", GetCurrentThreadId(), data->dllname, data->base + ordinal );
436 RELAY_PrintArgs( args, nb_args, descr->arg_types[ordinal] );
437 DPRINTF( ") ret=%08x\n", ret_addr );
439 DPRINTF( "%04x: eax=%08x ebx=%08x ecx=%08x edx=%08x esi=%08x edi=%08x "
440 "ebp=%08x esp=%08x ds=%04x es=%04x fs=%04x gs=%04x flags=%08x\n",
441 GetCurrentThreadId(), context->Eax, context->Ebx, context->Ecx,
442 context->Edx, context->Esi, context->Edi, context->Ebp, context->Esp,
443 context->SegDs, context->SegEs, context->SegFs, context->SegGs, context->EFlags );
445 assert( orig_func[0] == 0x50 /* pushl %eax */ );
446 assert( orig_func[1] == 0xe8 /* call */ );
449 /* now call the real function */
451 memcpy( args_copy, args, nb_args * sizeof(args[0]) );
452 args_copy[nb_args++] = (int)context; /* append context argument */
454 call_entry_point( orig_func + 6 + *(int *)(orig_func + 6), nb_args, args_copy );
459 if (entry_point->name)
460 DPRINTF( "%04x:Ret %s.%s() retval=%08x ret=%08x\n",
461 GetCurrentThreadId(), data->dllname, entry_point->name,
462 context->Eax, context->Eip );
464 DPRINTF( "%04x:Ret %s.%u() retval=%08x ret=%08x\n",
465 GetCurrentThreadId(), data->dllname, data->base + ordinal,
466 context->Eax, context->Eip );
467 DPRINTF( "%04x: eax=%08x ebx=%08x ecx=%08x edx=%08x esi=%08x edi=%08x "
468 "ebp=%08x esp=%08x ds=%04x es=%04x fs=%04x gs=%04x flags=%08x\n",
469 GetCurrentThreadId(), context->Eax, context->Ebx, context->Ecx,
470 context->Edx, context->Esi, context->Edi, context->Ebp, context->Esp,
471 context->SegDs, context->SegEs, context->SegFs, context->SegGs, context->EFlags );
474 extern void WINAPI relay_call_from_32_regs(void);
475 DEFINE_REGS_ENTRYPOINT( relay_call_from_32_regs, 16, 16 );
478 /***********************************************************************
479 * RELAY_GetProcAddress
481 * Return the proc address to use for a given function.
483 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
484 DWORD exp_size, FARPROC proc, DWORD ordinal, const WCHAR *user )
486 struct relay_private_data *data;
487 const struct relay_descr *descr = (const struct relay_descr *)((const char *)exports + exp_size);
489 if (descr->magic != RELAY_DESCR_MAGIC || !(data = descr->private)) return proc; /* no relay data */
490 if (!data->entry_points[ordinal].orig_func) return proc; /* not a relayed function */
491 if (check_from_module( debug_from_relay_includelist, debug_from_relay_excludelist, user ))
492 return proc; /* we want to relay it */
493 return data->entry_points[ordinal].orig_func;
497 /***********************************************************************
500 * Setup relay debugging for a built-in dll.
502 void RELAY_SetupDLL( HMODULE module )
504 IMAGE_EXPORT_DIRECTORY *exports;
507 DWORD size, entry_point_rva;
508 struct relay_descr *descr;
509 struct relay_private_data *data;
512 if (!init_done) init_debug_lists();
514 exports = RtlImageDirectoryEntryToData( module, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
515 if (!exports) return;
517 descr = (struct relay_descr *)((char *)exports + size);
518 if (descr->magic != RELAY_DESCR_MAGIC) return;
520 if (!(data = RtlAllocateHeap( GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*data) +
521 (exports->NumberOfFunctions-1) * sizeof(data->entry_points) )))
524 descr->relay_from_32 = relay_call_from_32;
525 descr->relay_from_32_regs = relay_call_from_32_regs;
526 descr->private = data;
528 data->module = module;
529 data->base = exports->Base;
530 len = strlen( (char *)module + exports->Name );
531 if (len > 4 && !strcasecmp( (char *)module + exports->Name + len - 4, ".dll" )) len -= 4;
532 len = min( len, sizeof(data->dllname) - 1 );
533 memcpy( data->dllname, (char *)module + exports->Name, len );
534 data->dllname[len] = 0;
536 /* fetch name pointer for all entry points and store them in the private structure */
538 ordptr = (const WORD *)((char *)module + exports->AddressOfNameOrdinals);
539 for (i = 0; i < exports->NumberOfNames; i++, ordptr++)
541 DWORD name_rva = ((DWORD*)((char *)module + exports->AddressOfNames))[i];
542 data->entry_points[*ordptr].name = (const char *)module + name_rva;
545 /* patch the functions in the export table to point to the relay thunks */
547 funcs = (DWORD *)((char *)module + exports->AddressOfFunctions);
548 entry_point_rva = (const char *)descr->entry_point_base - (const char *)module;
549 for (i = 0; i < exports->NumberOfFunctions; i++, funcs++)
551 if (!descr->entry_point_offsets[i]) continue; /* not a normal function */
552 if (!check_relay_include( data->dllname, i + exports->Base, data->entry_points[i].name ))
553 continue; /* don't include this entry point */
555 data->entry_points[i].orig_func = (char *)module + *funcs;
556 *funcs = entry_point_rva + descr->entry_point_offsets[i];
562 /***********************************************************************/
564 /***********************************************************************/
566 #include "pshpack1.h"
571 BYTE lcall; /* 0xe8 call snoopentry (relative) */
572 /* NOTE: If you move snoopentry OR nrofargs fix the relative offset
575 DWORD snoopentry; /* SNOOP_Entry relative */
582 typedef struct tagSNOOP_DLL {
587 struct tagSNOOP_DLL *next;
594 BYTE lcall; /* 0xe8 call snoopret relative*/
595 /* NOTE: If you move snoopret OR origreturn fix the relative offset
598 DWORD snoopret; /* SNOOP_Ret relative */
604 DWORD *args; /* saved args across a stdcall */
607 typedef struct tagSNOOP_RETURNENTRIES {
608 SNOOP_RETURNENTRY entry[4092/sizeof(SNOOP_RETURNENTRY)];
609 struct tagSNOOP_RETURNENTRIES *next;
610 } SNOOP_RETURNENTRIES;
614 extern void WINAPI SNOOP_Entry(void);
615 extern void WINAPI SNOOP_Return(void);
617 static SNOOP_DLL *firstdll;
618 static SNOOP_RETURNENTRIES *firstrets;
621 /***********************************************************************
622 * SNOOP_ShowDebugmsgSnoop
624 * Simple function to decide if a particular debugging message is
627 static BOOL SNOOP_ShowDebugmsgSnoop(const char *module, int ordinal, const char *func)
629 if (debug_snoop_excludelist && check_list( module, ordinal, func, debug_snoop_excludelist ))
631 if (debug_snoop_includelist && !check_list( module, ordinal, func, debug_snoop_includelist ))
637 /***********************************************************************
640 * Setup snoop debugging for a native dll.
642 void SNOOP_SetupDLL(HMODULE hmod)
644 SNOOP_DLL **dll = &firstdll;
649 IMAGE_EXPORT_DIRECTORY *exports;
651 if (!init_done) init_debug_lists();
653 exports = RtlImageDirectoryEntryToData( hmod, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size32 );
654 if (!exports) return;
655 name = (char *)hmod + exports->Name;
658 TRACE_(snoop)("hmod=%p, name=%s\n", hmod, name);
661 if ((*dll)->hmod == hmod)
663 /* another dll, loaded at the same address */
665 size = (*dll)->nrofordinals * sizeof(SNOOP_FUN);
666 NtFreeVirtualMemory(NtCurrentProcess(), &addr, &size, MEM_RELEASE);
669 dll = &((*dll)->next);
672 *dll = RtlReAllocateHeap(GetProcessHeap(),
673 HEAP_ZERO_MEMORY, *dll,
674 sizeof(SNOOP_DLL) + strlen(name));
676 *dll = RtlAllocateHeap(GetProcessHeap(),
678 sizeof(SNOOP_DLL) + strlen(name));
680 (*dll)->ordbase = exports->Base;
681 (*dll)->nrofordinals = exports->NumberOfFunctions;
682 strcpy( (*dll)->name, name );
683 p = (*dll)->name + strlen((*dll)->name) - 4;
684 if (p > (*dll)->name && !strcasecmp( p, ".dll" )) *p = 0;
686 size = exports->NumberOfFunctions * sizeof(SNOOP_FUN);
688 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
689 MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
691 RtlFreeHeap(GetProcessHeap(),0,*dll);
692 FIXME("out of memory\n");
696 memset((*dll)->funs,0,size);
700 /***********************************************************************
701 * SNOOP_GetProcAddress
703 * Return the proc address to use for a given function.
705 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports,
706 DWORD exp_size, FARPROC origfun, DWORD ordinal,
711 const WORD *ordinals;
713 SNOOP_DLL *dll = firstdll;
715 const IMAGE_SECTION_HEADER *sec;
717 if (!TRACE_ON(snoop)) return origfun;
718 if (!check_from_module( debug_from_snoop_includelist, debug_from_snoop_excludelist, user ))
719 return origfun; /* the calling module was explicitly excluded */
721 if (!*(LPBYTE)origfun) /* 0x00 is an imposs. opcode, poss. dataref. */
724 sec = RtlImageRvaToSection( RtlImageNtHeader(hmod), hmod, (char *)origfun - (char *)hmod );
726 if (!sec || !(sec->Characteristics & IMAGE_SCN_CNT_CODE))
727 return origfun; /* most likely a data reference */
730 if (hmod == dll->hmod)
734 if (!dll) /* probably internal */
737 /* try to find a name for it */
739 names = (const DWORD *)((const char *)hmod + exports->AddressOfNames);
740 ordinals = (const WORD *)((const char *)hmod + exports->AddressOfNameOrdinals);
741 if (names) for (i = 0; i < exports->NumberOfNames; i++)
743 if (ordinals[i] == ordinal)
745 ename = (const char *)hmod + names[i];
749 if (!SNOOP_ShowDebugmsgSnoop(dll->name,ordinal,ename))
751 assert(ordinal < dll->nrofordinals);
752 fun = dll->funs + ordinal;
757 /* NOTE: origreturn struct member MUST come directly after snoopentry */
758 fun->snoopentry = (char*)SNOOP_Entry-((char*)(&fun->nrofargs));
759 fun->origfun = origfun;
762 return (FARPROC)&(fun->lcall);
765 static void SNOOP_PrintArg(DWORD x)
770 if (!HIWORD(x) || TRACE_ON(seh)) return; /* trivial reject to avoid faults */
777 if (s[i]<0x20) {nostring=1;break;}
778 if (s[i]>=0x80) {nostring=1;break;}
781 if (!nostring && i > 5)
782 DPRINTF(" %s",debugstr_an((LPSTR)x,i));
783 else /* try unicode */
789 if (s[i]<0x20) {nostring=1;break;}
790 if (s[i]>0x100) {nostring=1;break;}
793 if (!nostring && i > 5) DPRINTF(" %s",debugstr_wn((LPWSTR)x,i));
802 #define CALLER1REF (*(DWORD*)context->Esp)
804 void WINAPI __regs_SNOOP_Entry( CONTEXT86 *context )
806 DWORD ordinal=0,entry = context->Eip - 5;
807 SNOOP_DLL *dll = firstdll;
808 SNOOP_FUN *fun = NULL;
809 SNOOP_RETURNENTRIES **rets = &firstrets;
810 SNOOP_RETURNENTRY *ret;
814 if ( ((char*)entry>=(char*)dll->funs) &&
815 ((char*)entry<=(char*)(dll->funs+dll->nrofordinals))
817 fun = (SNOOP_FUN*)entry;
818 ordinal = fun-dll->funs;
824 FIXME("entrypoint 0x%08x not found\n",entry);
827 /* guess cdecl ... */
828 if (fun->nrofargs<0) {
829 /* Typical cdecl return frame is:
831 * which has (for xxxxxxxx up to 255 the opcode "83 C4 xx".
832 * (after that 81 C2 xx xx xx xx)
834 LPBYTE reteip = (LPBYTE)CALLER1REF;
837 if ((reteip[0]==0x83)&&(reteip[1]==0xc4))
838 fun->nrofargs=reteip[2]/4;
844 for (i=0;i<sizeof((*rets)->entry)/sizeof((*rets)->entry[0]);i++)
845 if (!(*rets)->entry[i].origreturn)
847 if (i!=sizeof((*rets)->entry)/sizeof((*rets)->entry[0]))
849 rets = &((*rets)->next);
855 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
856 MEM_COMMIT | MEM_RESERVE,
857 PAGE_EXECUTE_READWRITE);
860 memset(*rets,0,4096);
861 i = 0; /* entry 0 is free */
863 ret = &((*rets)->entry[i]);
865 /* NOTE: origreturn struct member MUST come directly after snoopret */
866 ret->snoopret = ((char*)SNOOP_Return)-(char*)(&ret->origreturn);
867 ret->origreturn = (FARPROC)CALLER1REF;
868 CALLER1REF = (DWORD)&ret->lcall;
871 ret->ordinal = ordinal;
872 ret->origESP = context->Esp;
874 context->Eip = (DWORD)fun->origfun;
876 if (fun->name) DPRINTF("%04x:CALL %s.%s(",GetCurrentThreadId(),dll->name,fun->name);
877 else DPRINTF("%04x:CALL %s.%d(",GetCurrentThreadId(),dll->name,dll->ordbase+ordinal);
878 if (fun->nrofargs>0) {
879 max = fun->nrofargs; if (max>16) max=16;
882 SNOOP_PrintArg(*(DWORD*)(context->Esp + 4 + sizeof(DWORD)*i));
883 if (i<fun->nrofargs-1) DPRINTF(",");
885 if (max!=fun->nrofargs)
887 } else if (fun->nrofargs<0) {
888 DPRINTF("<unknown, check return>");
889 ret->args = RtlAllocateHeap(GetProcessHeap(),
891 memcpy(ret->args,(LPBYTE)(context->Esp + 4),sizeof(DWORD)*16);
893 DPRINTF(") ret=%08x\n",(DWORD)ret->origreturn);
897 void WINAPI __regs_SNOOP_Return( CONTEXT86 *context )
899 SNOOP_RETURNENTRY *ret = (SNOOP_RETURNENTRY*)(context->Eip - 5);
900 SNOOP_FUN *fun = &ret->dll->funs[ret->ordinal];
902 /* We haven't found out the nrofargs yet. If we called a cdecl
903 * function it is too late anyway and we can just set '0' (which
904 * will be the difference between orig and current ESP
905 * If stdcall -> everything ok.
907 if (ret->dll->funs[ret->ordinal].nrofargs<0)
908 ret->dll->funs[ret->ordinal].nrofargs=(context->Esp - ret->origESP-4)/4;
909 context->Eip = (DWORD)ret->origreturn;
914 DPRINTF("%04x:RET %s.%s(", GetCurrentThreadId(), ret->dll->name, fun->name);
916 DPRINTF("%04x:RET %s.%d(", GetCurrentThreadId(),
917 ret->dll->name,ret->dll->ordbase+ret->ordinal);
924 SNOOP_PrintArg(ret->args[i]);
925 if (i<max-1) DPRINTF(",");
927 DPRINTF(") retval=%08x ret=%08x\n",
928 context->Eax,(DWORD)ret->origreturn );
929 RtlFreeHeap(GetProcessHeap(),0,ret->args);
935 DPRINTF("%04x:RET %s.%s() retval=%08x ret=%08x\n",
936 GetCurrentThreadId(),
937 ret->dll->name, fun->name, context->Eax, (DWORD)ret->origreturn);
939 DPRINTF("%04x:RET %s.%d() retval=%08x ret=%08x\n",
940 GetCurrentThreadId(),
941 ret->dll->name,ret->dll->ordbase+ret->ordinal,
942 context->Eax, (DWORD)ret->origreturn);
944 ret->origreturn = NULL; /* mark as empty */
947 /* assembly wrappers that save the context */
948 DEFINE_REGS_ENTRYPOINT( SNOOP_Entry, 0, 0 );
949 DEFINE_REGS_ENTRYPOINT( SNOOP_Return, 0, 0 );
953 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
954 DWORD exp_size, FARPROC proc, DWORD ordinal, const WCHAR *user )
959 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports, DWORD exp_size,
960 FARPROC origfun, DWORD ordinal, const WCHAR *user )
965 void RELAY_SetupDLL( HMODULE module )
969 void SNOOP_SetupDLL( HMODULE hmod )
971 FIXME("snooping works only on i386 for now.\n");
974 #endif /* __i386__ */