2 * Win32 relay and snoop functions
4 * Copyright 1997 Alexandre Julliard
5 * Copyright 1998 Marcus Meissner
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 #include "wine/port.h"
33 #include "wine/exception.h"
34 #include "ntdll_misc.h"
35 #include "wine/unicode.h"
36 #include "wine/debug.h"
38 WINE_DEFAULT_DEBUG_CHANNEL(relay);
39 WINE_DECLARE_DEBUG_CHANNEL(snoop);
40 WINE_DECLARE_DEBUG_CHANNEL(seh);
42 static const WCHAR **debug_relay_excludelist;
43 static const WCHAR **debug_relay_includelist;
44 static const WCHAR **debug_snoop_excludelist;
45 static const WCHAR **debug_snoop_includelist;
46 static const WCHAR **debug_from_relay_excludelist;
47 static const WCHAR **debug_from_relay_includelist;
48 static const WCHAR **debug_from_snoop_excludelist;
49 static const WCHAR **debug_from_snoop_includelist;
51 /* compare an ASCII and a Unicode string without depending on the current codepage */
52 inline static int strcmpAW( const char *strA, const WCHAR *strW )
54 while (*strA && ((unsigned char)*strA == *strW)) { strA++; strW++; }
55 return (unsigned char)*strA - *strW;
58 /* compare an ASCII and a Unicode string without depending on the current codepage */
59 inline static int strncmpiAW( const char *strA, const WCHAR *strW, int n )
62 for ( ; n > 0; n--, strA++, strW++)
63 if ((ret = toupperW((unsigned char)*strA) - toupperW(*strW)) || !*strA) break;
67 /***********************************************************************
70 * Build a function list from a ';'-separated string.
72 static const WCHAR **build_list( const WCHAR *buffer )
75 const WCHAR *p = buffer;
78 while ((p = strchrW( p, ';' )))
83 /* allocate count+1 pointers, plus the space for a copy of the string */
84 if ((ret = RtlAllocateHeap( GetProcessHeap(), 0,
85 (count+1) * sizeof(WCHAR*) + (strlenW(buffer)+1) * sizeof(WCHAR) )))
87 WCHAR *str = (WCHAR *)(ret + count + 1);
90 strcpyW( str, buffer );
95 if (!(p = strchrW( p, ';' ))) break;
104 /***********************************************************************
105 * RELAY_InitDebugLists
107 * Build the relay include/exclude function lists.
109 void RELAY_InitDebugLists(void)
111 OBJECT_ATTRIBUTES attr;
117 static const WCHAR configW[] = {'S','o','f','t','w','a','r','e','\\',
118 'W','i','n','e','\\',
119 'D','e','b','u','g',0};
120 static const WCHAR RelayIncludeW[] = {'R','e','l','a','y','I','n','c','l','u','d','e',0};
121 static const WCHAR RelayExcludeW[] = {'R','e','l','a','y','E','x','c','l','u','d','e',0};
122 static const WCHAR SnoopIncludeW[] = {'S','n','o','o','p','I','n','c','l','u','d','e',0};
123 static const WCHAR SnoopExcludeW[] = {'S','n','o','o','p','E','x','c','l','u','d','e',0};
124 static const WCHAR RelayFromIncludeW[] = {'R','e','l','a','y','F','r','o','m','I','n','c','l','u','d','e',0};
125 static const WCHAR RelayFromExcludeW[] = {'R','e','l','a','y','F','r','o','m','E','x','c','l','u','d','e',0};
126 static const WCHAR SnoopFromIncludeW[] = {'S','n','o','o','p','F','r','o','m','I','n','c','l','u','d','e',0};
127 static const WCHAR SnoopFromExcludeW[] = {'S','n','o','o','p','F','r','o','m','E','x','c','l','u','d','e',0};
129 RtlOpenCurrentUser( KEY_ALL_ACCESS, &root );
130 attr.Length = sizeof(attr);
131 attr.RootDirectory = root;
132 attr.ObjectName = &name;
134 attr.SecurityDescriptor = NULL;
135 attr.SecurityQualityOfService = NULL;
136 RtlInitUnicodeString( &name, configW );
138 /* @@ Wine registry key: HKCU\Software\Wine\Debug */
139 if (NtOpenKey( &hkey, KEY_ALL_ACCESS, &attr )) hkey = 0;
143 str = (WCHAR *)((KEY_VALUE_PARTIAL_INFORMATION *)buffer)->Data;
144 RtlInitUnicodeString( &name, RelayIncludeW );
145 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
147 TRACE("RelayInclude = %s\n", debugstr_w(str) );
148 debug_relay_includelist = build_list( str );
151 RtlInitUnicodeString( &name, RelayExcludeW );
152 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
154 TRACE( "RelayExclude = %s\n", debugstr_w(str) );
155 debug_relay_excludelist = build_list( str );
158 RtlInitUnicodeString( &name, SnoopIncludeW );
159 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
161 TRACE_(snoop)( "SnoopInclude = %s\n", debugstr_w(str) );
162 debug_snoop_includelist = build_list( str );
165 RtlInitUnicodeString( &name, SnoopExcludeW );
166 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
168 TRACE_(snoop)( "SnoopExclude = %s\n", debugstr_w(str) );
169 debug_snoop_excludelist = build_list( str );
172 RtlInitUnicodeString( &name, RelayFromIncludeW );
173 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
175 TRACE("RelayFromInclude = %s\n", debugstr_w(str) );
176 debug_from_relay_includelist = build_list( str );
179 RtlInitUnicodeString( &name, RelayFromExcludeW );
180 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
182 TRACE( "RelayFromExclude = %s\n", debugstr_w(str) );
183 debug_from_relay_excludelist = build_list( str );
186 RtlInitUnicodeString( &name, SnoopFromIncludeW );
187 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
189 TRACE_(snoop)("SnoopFromInclude = %s\n", debugstr_w(str) );
190 debug_from_snoop_includelist = build_list( str );
193 RtlInitUnicodeString( &name, SnoopFromExcludeW );
194 if (!NtQueryValueKey( hkey, &name, KeyValuePartialInformation, buffer, sizeof(buffer), &count ))
196 TRACE_(snoop)( "SnoopFromExclude = %s\n", debugstr_w(str) );
197 debug_from_snoop_excludelist = build_list( str );
206 #include "pshpack1.h"
210 BYTE call; /* 0xe8 call callfrom32 (relative) */
211 DWORD callfrom32; /* RELAY_CallFrom32 relative addr */
212 BYTE ret; /* 0xc2 ret $n or 0xc3 ret */
213 WORD args; /* nb of args to remove from the stack */
214 void *orig; /* original entry point */
215 DWORD argtypes; /* argument types */
221 BYTE lcall; /* 0xe8 call snoopentry (relative) */
222 /* NOTE: If you move snoopentry OR nrofargs fix the relative offset
225 DWORD snoopentry; /* SNOOP_Entry relative */
232 typedef struct tagSNOOP_DLL {
237 struct tagSNOOP_DLL *next;
244 BYTE lcall; /* 0xe8 call snoopret relative*/
245 /* NOTE: If you move snoopret OR origreturn fix the relative offset
248 DWORD snoopret; /* SNOOP_Ret relative */
254 DWORD *args; /* saved args across a stdcall */
257 typedef struct tagSNOOP_RETURNENTRIES {
258 SNOOP_RETURNENTRY entry[4092/sizeof(SNOOP_RETURNENTRY)];
259 struct tagSNOOP_RETURNENTRIES *next;
260 } SNOOP_RETURNENTRIES;
264 extern void WINAPI SNOOP_Entry();
265 extern void WINAPI SNOOP_Return();
267 static SNOOP_DLL *firstdll;
268 static SNOOP_RETURNENTRIES *firstrets;
270 static WINE_EXCEPTION_FILTER(page_fault)
272 if (GetExceptionCode() == EXCEPTION_ACCESS_VIOLATION ||
273 GetExceptionCode() == EXCEPTION_PRIV_INSTRUCTION)
274 return EXCEPTION_EXECUTE_HANDLER;
275 return EXCEPTION_CONTINUE_SEARCH;
278 /***********************************************************************
281 * Check if a given module and function is in the list.
283 static BOOL check_list( const char *module, int ordinal, const char *func, const WCHAR **list )
287 sprintf( ord_str, "%d", ordinal );
290 const WCHAR *p = strrchrW( *list, '.' );
291 if (p && p > *list) /* check module and function */
294 if (strncmpiAW( module, *list, len-1 ) || module[len]) continue;
295 if (p[1] == '*' && !p[2]) return TRUE;
296 if (!strcmpAW( ord_str, p + 1 )) return TRUE;
297 if (func && !strcmpAW( func, p + 1 )) return TRUE;
299 else /* function only */
301 if (func && !strcmpAW( func, *list )) return TRUE;
308 /***********************************************************************
309 * check_relay_include
311 * Check if a given function must be included in the relay output.
313 static BOOL check_relay_include( const char *module, int ordinal, const char *func )
315 if (debug_relay_excludelist && check_list( module, ordinal, func, debug_relay_excludelist ))
317 if (debug_relay_includelist && !check_list( module, ordinal, func, debug_relay_includelist ))
322 /***********************************************************************
325 * Check if calls from a given module must be included in the relay/snoop output,
326 * given the exclusion and inclusion lists.
328 static BOOL check_from_module( const WCHAR **includelist, const WCHAR **excludelist, const WCHAR *module )
330 static const WCHAR dllW[] = {'.','d','l','l',0 };
331 const WCHAR **listitem;
334 if (!module) return TRUE;
335 if (!includelist && !excludelist) return TRUE;
339 listitem = excludelist;
344 listitem = includelist;
346 for(; *listitem; listitem++)
350 if (!strcmpiW( *listitem, module )) return !show;
351 len = strlenW( *listitem );
352 if (!strncmpiW( *listitem, module, len ) && !strcmpiW( module + len, dllW ))
358 /***********************************************************************
361 * Find the name of an exported function.
363 static const char *find_exported_name( HMODULE module,
364 IMAGE_EXPORT_DIRECTORY *exp, int ordinal )
367 const char *ret = NULL;
369 WORD *ordptr = (WORD *)((char *)module + exp->AddressOfNameOrdinals);
370 for (i = 0; i < exp->NumberOfNames; i++, ordptr++)
371 if (*ordptr + exp->Base == ordinal) break;
372 if (i < exp->NumberOfNames)
373 ret = (char *)module + ((DWORD*)((char *)module + exp->AddressOfNames))[i];
378 /***********************************************************************
381 * Get the name of the DLL entry point corresponding to a relay address.
383 static void get_entry_point( char *buffer, DEBUG_ENTRY_POINT *relay )
385 IMAGE_EXPORT_DIRECTORY *exp = NULL;
386 DEBUG_ENTRY_POINT *debug;
390 PLIST_ENTRY mark, entry;
391 PLDR_MODULE mod = NULL;
394 /* First find the module */
396 mark = &NtCurrentTeb()->Peb->LdrData->InLoadOrderModuleList;
397 for (entry = mark->Flink; entry != mark; entry = entry->Flink)
399 mod = CONTAINING_RECORD(entry, LDR_MODULE, InLoadOrderModuleList);
400 if (!(mod->Flags & LDR_WINE_INTERNAL)) continue;
401 exp = RtlImageDirectoryEntryToData( mod->BaseAddress, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
403 debug = (DEBUG_ENTRY_POINT *)((char *)exp + size);
404 if (debug <= relay && relay < debug + exp->NumberOfFunctions)
406 ordinal = relay - debug;
411 /* Now find the function */
413 strcpy( buffer, (char *)mod->BaseAddress + exp->Name );
414 p = buffer + strlen(buffer);
415 if (p > buffer + 4 && !strcasecmp( p - 4, ".dll" )) p -= 4;
417 if ((name = find_exported_name( mod->BaseAddress, exp, ordinal + exp->Base )))
418 sprintf( p, ".%s", name );
420 sprintf( p, ".%ld", ordinal + exp->Base );
424 /***********************************************************************
427 static inline void RELAY_PrintArgs( int *args, int nb_args, unsigned int typemask )
431 if ((typemask & 3) && HIWORD(*args))
434 DPRINTF( "%08x %s", *args, debugstr_w((LPWSTR)*args) );
436 DPRINTF( "%08x %s", *args, debugstr_a((LPCSTR)*args) );
438 else DPRINTF( "%08x", *args );
439 if (nb_args) DPRINTF( "," );
446 typedef LONGLONG (*LONGLONG_CPROC)();
447 typedef LONGLONG (WINAPI *LONGLONG_FARPROC)();
450 /***********************************************************************
451 * call_cdecl_function
453 static LONGLONG call_cdecl_function( LONGLONG_CPROC func, int nb_args, const int *args )
458 case 0: ret = func(); break;
459 case 1: ret = func(args[0]); break;
460 case 2: ret = func(args[0],args[1]); break;
461 case 3: ret = func(args[0],args[1],args[2]); break;
462 case 4: ret = func(args[0],args[1],args[2],args[3]); break;
463 case 5: ret = func(args[0],args[1],args[2],args[3],args[4]); break;
464 case 6: ret = func(args[0],args[1],args[2],args[3],args[4],
466 case 7: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
468 case 8: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
469 args[6],args[7]); break;
470 case 9: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
471 args[6],args[7],args[8]); break;
472 case 10: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
473 args[6],args[7],args[8],args[9]); break;
474 case 11: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
475 args[6],args[7],args[8],args[9],args[10]); break;
476 case 12: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
477 args[6],args[7],args[8],args[9],args[10],
479 case 13: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
480 args[6],args[7],args[8],args[9],args[10],args[11],
482 case 14: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
483 args[6],args[7],args[8],args[9],args[10],args[11],
484 args[12],args[13]); break;
485 case 15: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
486 args[6],args[7],args[8],args[9],args[10],args[11],
487 args[12],args[13],args[14]); break;
488 case 16: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
489 args[6],args[7],args[8],args[9],args[10],args[11],
490 args[12],args[13],args[14],args[15]); break;
491 case 17: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
492 args[6],args[7],args[8],args[9],args[10],args[11],
493 args[12],args[13],args[14],args[15],args[16]); break;
494 case 18: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
495 args[6],args[7],args[8],args[9],args[10],args[11],
496 args[12],args[13],args[14],args[15],args[16],
499 ERR( "Unsupported nb of args %d\n", nb_args );
508 /***********************************************************************
509 * call_stdcall_function
511 static LONGLONG call_stdcall_function( LONGLONG_FARPROC func, int nb_args, const int *args )
516 case 0: ret = func(); break;
517 case 1: ret = func(args[0]); break;
518 case 2: ret = func(args[0],args[1]); break;
519 case 3: ret = func(args[0],args[1],args[2]); break;
520 case 4: ret = func(args[0],args[1],args[2],args[3]); break;
521 case 5: ret = func(args[0],args[1],args[2],args[3],args[4]); break;
522 case 6: ret = func(args[0],args[1],args[2],args[3],args[4],
524 case 7: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
526 case 8: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
527 args[6],args[7]); break;
528 case 9: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
529 args[6],args[7],args[8]); break;
530 case 10: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
531 args[6],args[7],args[8],args[9]); break;
532 case 11: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
533 args[6],args[7],args[8],args[9],args[10]); break;
534 case 12: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
535 args[6],args[7],args[8],args[9],args[10],
537 case 13: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
538 args[6],args[7],args[8],args[9],args[10],args[11],
540 case 14: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
541 args[6],args[7],args[8],args[9],args[10],args[11],
542 args[12],args[13]); break;
543 case 15: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
544 args[6],args[7],args[8],args[9],args[10],args[11],
545 args[12],args[13],args[14]); break;
546 case 16: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
547 args[6],args[7],args[8],args[9],args[10],args[11],
548 args[12],args[13],args[14],args[15]); break;
549 case 17: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
550 args[6],args[7],args[8],args[9],args[10],args[11],
551 args[12],args[13],args[14],args[15],args[16]); break;
552 case 18: ret = func(args[0],args[1],args[2],args[3],args[4],args[5],
553 args[6],args[7],args[8],args[9],args[10],args[11],
554 args[12],args[13],args[14],args[15],args[16],
557 ERR( "Unsupported nb of args %d\n", nb_args );
566 /***********************************************************************
569 * Stack layout on entry to this function:
574 * (esp) return addr to relay code
576 static LONGLONG RELAY_CallFrom32( int ret_addr, ... )
581 int *args = &ret_addr + 1;
582 /* Relay addr is the return address for this function */
583 BYTE *relay_addr = (BYTE *)__builtin_return_address(0);
584 DEBUG_ENTRY_POINT *relay = (DEBUG_ENTRY_POINT *)(relay_addr - 5);
585 WORD nb_args = relay->args / sizeof(int);
589 get_entry_point( buffer, relay );
591 DPRINTF( "%04lx:Call %s(", GetCurrentThreadId(), buffer );
592 RELAY_PrintArgs( args, nb_args, relay->argtypes );
593 DPRINTF( ") ret=%08x\n", ret_addr );
596 if (relay->ret == 0xc3) /* cdecl */
598 ret = call_cdecl_function( (LONGLONG_CPROC)relay->orig, nb_args, args );
602 ret = call_stdcall_function( (LONGLONG_FARPROC)relay->orig, nb_args, args );
607 BOOL ret64 = (relay->argtypes & 0x80000000) && (nb_args < 16);
609 DPRINTF( "%04lx:Ret %s() retval=%08x%08x ret=%08x\n",
610 GetCurrentThreadId(),
611 buffer, (UINT)(ret >> 32), (UINT)ret, ret_addr );
613 DPRINTF( "%04lx:Ret %s() retval=%08x ret=%08x\n",
614 GetCurrentThreadId(),
615 buffer, (UINT)ret, ret_addr );
621 /***********************************************************************
622 * RELAY_CallFrom32Regs
624 * Stack layout (esp is context->Esp, not the current %esp):
628 * (esp) return addr to caller
629 * (esp-4) return addr to DEBUG_ENTRY_POINT
630 * (esp-8) ptr to relay entry code for RELAY_CallFrom32Regs
631 * ... >128 bytes space free to be modified (ensured by the assembly glue)
633 void WINAPI __regs_RELAY_CallFrom32Regs( CONTEXT86 *context )
640 BYTE *relay_addr = *((BYTE **)context->Esp - 1);
641 DEBUG_ENTRY_POINT *relay = (DEBUG_ENTRY_POINT *)(relay_addr - 5);
642 WORD nb_args = relay->args / sizeof(int);
644 /* remove extra stuff from the stack */
645 context->Eip = *(DWORD *)context->Esp;
646 context->Esp += sizeof(DWORD);
647 args = (int *)context->Esp;
648 if (relay->ret == 0xc2) /* stdcall */
649 context->Esp += nb_args * sizeof(int);
651 entry_point = (BYTE *)relay->orig;
652 assert( *entry_point == 0xe8 /* lcall */ );
656 get_entry_point( buffer, relay );
658 DPRINTF( "%04lx:Call %s(", GetCurrentThreadId(), buffer );
659 RELAY_PrintArgs( args, nb_args, relay->argtypes );
660 DPRINTF( ") ret=%08lx fs=%04lx\n", context->Eip, context->SegFs );
662 DPRINTF(" eax=%08lx ebx=%08lx ecx=%08lx edx=%08lx esi=%08lx edi=%08lx\n",
663 context->Eax, context->Ebx, context->Ecx,
664 context->Edx, context->Esi, context->Edi );
665 DPRINTF(" ebp=%08lx esp=%08lx ds=%04lx es=%04lx gs=%04lx flags=%08lx\n",
666 context->Ebp, context->Esp, context->SegDs,
667 context->SegEs, context->SegGs, context->EFlags );
670 /* Now call the real function */
672 memcpy( args_copy, args, nb_args * sizeof(args[0]) );
673 args_copy[nb_args] = (int)context; /* append context argument */
674 if (relay->ret == 0xc3) /* cdecl */
676 call_cdecl_function( (LONGLONG_CPROC)(entry_point + 5 + *(DWORD *)(entry_point + 5)),
677 nb_args+1, args_copy );
681 call_stdcall_function( (LONGLONG_FARPROC)(entry_point + 5 + *(DWORD *)(entry_point + 5)),
682 nb_args+1, args_copy );
687 DPRINTF( "%04lx:Ret %s() retval=%08lx ret=%08lx fs=%04lx\n",
688 GetCurrentThreadId(),
689 buffer, context->Eax, context->Eip, context->SegFs );
691 DPRINTF(" eax=%08lx ebx=%08lx ecx=%08lx edx=%08lx esi=%08lx edi=%08lx\n",
692 context->Eax, context->Ebx, context->Ecx,
693 context->Edx, context->Esi, context->Edi );
694 DPRINTF(" ebp=%08lx esp=%08lx ds=%04lx es=%04lx gs=%04lx flags=%08lx\n",
695 context->Ebp, context->Esp, context->SegDs,
696 context->SegEs, context->SegGs, context->EFlags );
700 void WINAPI RELAY_CallFrom32Regs(void);
701 DEFINE_REGS_ENTRYPOINT( RELAY_CallFrom32Regs, 0, 0 );
703 /* check whether the function at addr starts with a call to __wine_call_from_32_regs */
704 static BOOL is_register_entry_point( const BYTE *addr )
706 extern void __wine_call_from_32_regs();
710 if (*addr != 0xe8) return FALSE; /* not a call */
711 /* check if call target is __wine_call_from_32_regs */
712 offset = (const int *)(addr + 1);
713 if (*offset == (const char *)__wine_call_from_32_regs - (const char *)(offset + 1)) return TRUE;
714 /* now check if call target is an import table jump to __wine_call_from_32_regs */
715 addr = (const BYTE *)(offset + 1) + *offset;
717 /* Note: the following checks depend on the asm code generated by winebuild */
719 if (addr[0] == 0xff && addr[1] == 0x25) /* indirect jmp */
721 ptr = *(const void * const*)(addr + 2); /* get indirect jmp target address */
723 else /* check for import thunk */
725 if (addr[0] != 0x50) return FALSE; /* pushl %eax */
726 if (addr[1] != 0xe8 || addr[2] || addr[3] || addr[4] || addr[5]) return FALSE; /* call .+0 */
727 if (addr[6] != 0x58) return FALSE; /* popl %eax */
728 if (addr[7] != 0x8b || addr[8] != 0x80) return FALSE; /* movl offset(%eax),%eax */
729 ptr = addr + 6 + *(const int *)(addr + 9);
731 return (*(const char * const*)ptr == (char *)__wine_call_from_32_regs);
735 /***********************************************************************
736 * RELAY_GetProcAddress
738 * Return the proc address to use for a given function.
740 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
741 DWORD exp_size, FARPROC proc, const WCHAR *user )
743 const DEBUG_ENTRY_POINT *debug = (DEBUG_ENTRY_POINT *)proc;
744 const DEBUG_ENTRY_POINT *list = (const DEBUG_ENTRY_POINT *)((const char *)exports + exp_size);
746 if (debug < list || debug >= list + exports->NumberOfFunctions) return proc;
747 if (list + (debug - list) != debug) return proc; /* not a valid address */
748 if (check_from_module( debug_from_relay_includelist, debug_from_relay_excludelist, user ))
749 return proc; /* we want to relay it */
750 if (!debug->call) return proc; /* not a normal function */
751 if (debug->call != 0xe8 && debug->call != 0xe9) return proc; /* not a debug thunk at all */
756 /***********************************************************************
759 * Setup relay debugging for a built-in dll.
761 void RELAY_SetupDLL( HMODULE module )
763 IMAGE_EXPORT_DIRECTORY *exports;
764 DEBUG_ENTRY_POINT *debug;
768 char *p, dllname[80];
771 exports = RtlImageDirectoryEntryToData( module, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
772 if (!exports) return;
773 debug = (DEBUG_ENTRY_POINT *)((char *)exports + size);
774 funcs = (DWORD *)((char *)module + exports->AddressOfFunctions);
775 strcpy( dllname, (char *)module + exports->Name );
776 p = dllname + strlen(dllname) - 4;
777 if (p > dllname && !strcasecmp( p, ".dll" )) *p = 0;
779 for (i = 0; i < exports->NumberOfFunctions; i++, funcs++, debug++)
783 if (!debug->call) continue; /* not a normal function */
784 if (debug->call != 0xe8 && debug->call != 0xe9) break; /* not a debug thunk at all */
786 name = find_exported_name( module, exports, i + exports->Base );
787 on = check_relay_include( dllname, i + exports->Base, name );
791 debug->call = 0xe8; /* call relative */
792 if (is_register_entry_point( debug->orig ))
793 debug->callfrom32 = (char *)RELAY_CallFrom32Regs - (char *)&debug->ret;
795 debug->callfrom32 = (char *)RELAY_CallFrom32 - (char *)&debug->ret;
799 debug->call = 0xe9; /* jmp relative */
800 debug->callfrom32 = (char *)debug->orig - (char *)&debug->ret;
802 *funcs = (char *)debug - (char *)module;
807 /***********************************************************************
808 * SNOOP_ShowDebugmsgSnoop
810 * Simple function to decide if a particular debugging message is
813 static BOOL SNOOP_ShowDebugmsgSnoop(const char *module, int ordinal, const char *func)
815 if (debug_snoop_excludelist && check_list( module, ordinal, func, debug_snoop_excludelist ))
817 if (debug_snoop_includelist && !check_list( module, ordinal, func, debug_snoop_includelist ))
823 /***********************************************************************
826 * Setup snoop debugging for a native dll.
828 void SNOOP_SetupDLL(HMODULE hmod)
830 SNOOP_DLL **dll = &firstdll;
834 IMAGE_EXPORT_DIRECTORY *exports;
836 exports = RtlImageDirectoryEntryToData( hmod, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size );
837 if (!exports) return;
838 name = (char *)hmod + exports->Name;
840 TRACE_(snoop)("hmod=%p, name=%s\n", hmod, name);
843 if ((*dll)->hmod == hmod)
845 /* another dll, loaded at the same address */
847 size = (*dll)->nrofordinals * sizeof(SNOOP_FUN);
848 NtFreeVirtualMemory(NtCurrentProcess(), &addr, &size, MEM_RELEASE);
851 dll = &((*dll)->next);
854 *dll = RtlReAllocateHeap(GetProcessHeap(),
855 HEAP_ZERO_MEMORY, *dll,
856 sizeof(SNOOP_DLL) + strlen(name));
858 *dll = RtlAllocateHeap(GetProcessHeap(),
860 sizeof(SNOOP_DLL) + strlen(name));
862 (*dll)->ordbase = exports->Base;
863 (*dll)->nrofordinals = exports->NumberOfFunctions;
864 strcpy( (*dll)->name, name );
865 p = (*dll)->name + strlen((*dll)->name) - 4;
866 if (p > (*dll)->name && !strcasecmp( p, ".dll" )) *p = 0;
868 size = exports->NumberOfFunctions * sizeof(SNOOP_FUN);
870 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
871 MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
873 RtlFreeHeap(GetProcessHeap(),0,*dll);
874 FIXME("out of memory\n");
878 memset((*dll)->funs,0,size);
882 /***********************************************************************
883 * SNOOP_GetProcAddress
885 * Return the proc address to use for a given function.
887 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports,
888 DWORD exp_size, FARPROC origfun, DWORD ordinal,
893 const WORD *ordinals;
895 SNOOP_DLL *dll = firstdll;
897 const IMAGE_SECTION_HEADER *sec;
899 if (!TRACE_ON(snoop)) return origfun;
900 if (!check_from_module( debug_from_snoop_includelist, debug_from_snoop_excludelist, user ))
901 return origfun; /* the calling module was explicitly excluded */
903 if (!*(LPBYTE)origfun) /* 0x00 is an imposs. opcode, poss. dataref. */
906 sec = RtlImageRvaToSection( RtlImageNtHeader(hmod), hmod, (char *)origfun - (char *)hmod );
908 if (!sec || !(sec->Characteristics & IMAGE_SCN_CNT_CODE))
909 return origfun; /* most likely a data reference */
912 if (hmod == dll->hmod)
916 if (!dll) /* probably internal */
919 /* try to find a name for it */
921 names = (const DWORD *)((const char *)hmod + exports->AddressOfNames);
922 ordinals = (const WORD *)((const char *)hmod + exports->AddressOfNameOrdinals);
923 if (names) for (i = 0; i < exports->NumberOfNames; i++)
925 if (ordinals[i] == ordinal)
927 ename = (const char *)hmod + names[i];
931 if (!SNOOP_ShowDebugmsgSnoop(dll->name,ordinal,ename))
933 assert(ordinal < dll->nrofordinals);
934 fun = dll->funs + ordinal;
939 /* NOTE: origreturn struct member MUST come directly after snoopentry */
940 fun->snoopentry = (char*)SNOOP_Entry-((char*)(&fun->nrofargs));
941 fun->origfun = origfun;
944 return (FARPROC)&(fun->lcall);
947 static void SNOOP_PrintArg(DWORD x)
952 if (!HIWORD(x) || TRACE_ON(seh)) return; /* trivial reject to avoid faults */
959 if (s[i]<0x20) {nostring=1;break;}
960 if (s[i]>=0x80) {nostring=1;break;}
963 if (!nostring && i > 5)
964 DPRINTF(" %s",debugstr_an((LPSTR)x,i));
965 else /* try unicode */
971 if (s[i]<0x20) {nostring=1;break;}
972 if (s[i]>0x100) {nostring=1;break;}
975 if (!nostring && i > 5) DPRINTF(" %s",debugstr_wn((LPWSTR)x,i));
984 #define CALLER1REF (*(DWORD*)context->Esp)
986 void WINAPI __regs_SNOOP_Entry( CONTEXT86 *context )
988 DWORD ordinal=0,entry = context->Eip - 5;
989 SNOOP_DLL *dll = firstdll;
990 SNOOP_FUN *fun = NULL;
991 SNOOP_RETURNENTRIES **rets = &firstrets;
992 SNOOP_RETURNENTRY *ret;
996 if ( ((char*)entry>=(char*)dll->funs) &&
997 ((char*)entry<=(char*)(dll->funs+dll->nrofordinals))
999 fun = (SNOOP_FUN*)entry;
1000 ordinal = fun-dll->funs;
1006 FIXME("entrypoint 0x%08lx not found\n",entry);
1009 /* guess cdecl ... */
1010 if (fun->nrofargs<0) {
1011 /* Typical cdecl return frame is:
1013 * which has (for xxxxxxxx up to 255 the opcode "83 C4 xx".
1014 * (after that 81 C2 xx xx xx xx)
1016 LPBYTE reteip = (LPBYTE)CALLER1REF;
1019 if ((reteip[0]==0x83)&&(reteip[1]==0xc4))
1020 fun->nrofargs=reteip[2]/4;
1026 for (i=0;i<sizeof((*rets)->entry)/sizeof((*rets)->entry[0]);i++)
1027 if (!(*rets)->entry[i].origreturn)
1029 if (i!=sizeof((*rets)->entry)/sizeof((*rets)->entry[0]))
1031 rets = &((*rets)->next);
1037 NtAllocateVirtualMemory(NtCurrentProcess(), &addr, 0, &size,
1038 MEM_COMMIT | MEM_RESERVE,
1039 PAGE_EXECUTE_READWRITE);
1042 memset(*rets,0,4096);
1043 i = 0; /* entry 0 is free */
1045 ret = &((*rets)->entry[i]);
1047 /* NOTE: origreturn struct member MUST come directly after snoopret */
1048 ret->snoopret = ((char*)SNOOP_Return)-(char*)(&ret->origreturn);
1049 ret->origreturn = (FARPROC)CALLER1REF;
1050 CALLER1REF = (DWORD)&ret->lcall;
1053 ret->ordinal = ordinal;
1054 ret->origESP = context->Esp;
1056 context->Eip = (DWORD)fun->origfun;
1058 if (fun->name) DPRINTF("%04lx:CALL %s.%s(",GetCurrentThreadId(),dll->name,fun->name);
1059 else DPRINTF("%04lx:CALL %s.%ld(",GetCurrentThreadId(),dll->name,dll->ordbase+ordinal);
1060 if (fun->nrofargs>0) {
1061 max = fun->nrofargs; if (max>16) max=16;
1064 SNOOP_PrintArg(*(DWORD*)(context->Esp + 4 + sizeof(DWORD)*i));
1065 if (i<fun->nrofargs-1) DPRINTF(",");
1067 if (max!=fun->nrofargs)
1069 } else if (fun->nrofargs<0) {
1070 DPRINTF("<unknown, check return>");
1071 ret->args = RtlAllocateHeap(GetProcessHeap(),
1072 0,16*sizeof(DWORD));
1073 memcpy(ret->args,(LPBYTE)(context->Esp + 4),sizeof(DWORD)*16);
1075 DPRINTF(") ret=%08lx\n",(DWORD)ret->origreturn);
1079 void WINAPI __regs_SNOOP_Return( CONTEXT86 *context )
1081 SNOOP_RETURNENTRY *ret = (SNOOP_RETURNENTRY*)(context->Eip - 5);
1082 SNOOP_FUN *fun = &ret->dll->funs[ret->ordinal];
1084 /* We haven't found out the nrofargs yet. If we called a cdecl
1085 * function it is too late anyway and we can just set '0' (which
1086 * will be the difference between orig and current ESP
1087 * If stdcall -> everything ok.
1089 if (ret->dll->funs[ret->ordinal].nrofargs<0)
1090 ret->dll->funs[ret->ordinal].nrofargs=(context->Esp - ret->origESP-4)/4;
1091 context->Eip = (DWORD)ret->origreturn;
1096 DPRINTF("%04lx:RET %s.%s(", GetCurrentThreadId(), ret->dll->name, fun->name);
1098 DPRINTF("%04lx:RET %s.%ld(", GetCurrentThreadId(),
1099 ret->dll->name,ret->dll->ordbase+ret->ordinal);
1101 max = fun->nrofargs;
1106 SNOOP_PrintArg(ret->args[i]);
1107 if (i<max-1) DPRINTF(",");
1109 DPRINTF(") retval=%08lx ret=%08lx\n",
1110 context->Eax,(DWORD)ret->origreturn );
1111 RtlFreeHeap(GetProcessHeap(),0,ret->args);
1117 DPRINTF("%04lx:RET %s.%s() retval=%08lx ret=%08lx\n",
1118 GetCurrentThreadId(),
1119 ret->dll->name, fun->name, context->Eax, (DWORD)ret->origreturn);
1121 DPRINTF("%04lx:RET %s.%ld() retval=%08lx ret=%08lx\n",
1122 GetCurrentThreadId(),
1123 ret->dll->name,ret->dll->ordbase+ret->ordinal,
1124 context->Eax, (DWORD)ret->origreturn);
1126 ret->origreturn = NULL; /* mark as empty */
1129 /* assembly wrappers that save the context */
1130 DEFINE_REGS_ENTRYPOINT( SNOOP_Entry, 0, 0 );
1131 DEFINE_REGS_ENTRYPOINT( SNOOP_Return, 0, 0 );
1133 #else /* __i386__ */
1135 FARPROC RELAY_GetProcAddress( HMODULE module, const IMAGE_EXPORT_DIRECTORY *exports,
1136 DWORD exp_size, FARPROC proc, const WCHAR *user )
1141 FARPROC SNOOP_GetProcAddress( HMODULE hmod, const IMAGE_EXPORT_DIRECTORY *exports, DWORD exp_size,
1142 FARPROC origfun, DWORD ordinal, const WCHAR *user )
1147 void RELAY_SetupDLL( HMODULE module )
1151 void SNOOP_SetupDLL( HMODULE hmod )
1153 FIXME("snooping works only on i386 for now.\n");
1156 #endif /* __i386__ */
projects / wine / blob