2 * KERNEL32 thunks and other undocumented stuff
4 * Copyright 1996, 1997 Alexandre Julliard
5 * Copyright 1997, 1998 Marcus Meissner
6 * Copyright 1998 Ulrich Weigand
11 #include <sys/types.h>
17 #include "wine/winbase16.h"
19 #include "builtin16.h"
21 #include "debugtools.h"
22 #include "flatthunk.h"
25 #include "selectors.h"
26 #include "stackframe.h"
30 DEFAULT_DEBUG_CHANNEL(thunk);
33 /***********************************************************************
35 * Win95 internal thunks *
37 ***********************************************************************/
39 /***********************************************************************
40 * LogApiThk (KERNEL.423)
42 void WINAPI LogApiThk( LPSTR func )
44 TRACE( "%s\n", debugstr_a(func) );
47 /***********************************************************************
48 * LogApiThkLSF (KERNEL32.42)
50 * NOTE: needs to preserve all registers!
52 void WINAPI LogApiThkLSF( LPSTR func, CONTEXT86 *context )
54 TRACE( "%s\n", debugstr_a(func) );
57 /***********************************************************************
58 * LogApiThkSL (KERNEL32.44)
60 * NOTE: needs to preserve all registers!
62 void WINAPI LogApiThkSL( LPSTR func, CONTEXT86 *context )
64 TRACE( "%s\n", debugstr_a(func) );
67 /***********************************************************************
68 * LogCBThkSL (KERNEL32.47)
70 * NOTE: needs to preserve all registers!
72 void WINAPI LogCBThkSL( LPSTR func, CONTEXT86 *context )
74 TRACE( "%s\n", debugstr_a(func) );
77 /***********************************************************************
78 * Generates a FT_Prolog call.
80 * 0FB6D1 movzbl edx,cl
81 * 8B1495xxxxxxxx mov edx,[4*edx + targetTable]
82 * 68xxxxxxxx push FT_Prolog
85 static void _write_ftprolog(LPBYTE relayCode ,DWORD *targetTable) {
89 *x++ = 0x0f;*x++=0xb6;*x++=0xd1; /* movzbl edx,cl */
90 *x++ = 0x8B;*x++=0x14;*x++=0x95;*(DWORD**)x= targetTable;
91 x+=4; /* mov edx, [4*edx + targetTable] */
92 *x++ = 0x68; *(DWORD*)x = (DWORD)GetProcAddress(GetModuleHandleA("KERNEL32"),"FT_Prolog");
93 x+=4; /* push FT_Prolog */
94 *x++ = 0xC3; /* lret */
95 /* fill rest with 0xCC / int 3 */
98 /***********************************************************************
99 * _write_qtthunk (internal)
100 * Generates a QT_Thunk style call.
103 * 8A4DFC mov cl , [ebp-04]
104 * 8B148Dxxxxxxxx mov edx, [4*ecx + targetTable]
105 * B8yyyyyyyy mov eax, QT_Thunk
108 static void _write_qtthunk(
109 LPBYTE relayCode, /* [in] start of QT_Thunk stub */
110 DWORD *targetTable /* [in] start of thunk (for index lookup) */
115 *x++ = 0x33;*x++=0xC9; /* xor ecx,ecx */
116 *x++ = 0x8A;*x++=0x4D;*x++=0xFC; /* movb cl,[ebp-04] */
117 *x++ = 0x8B;*x++=0x14;*x++=0x8D;*(DWORD**)x= targetTable;
118 x+=4; /* mov edx, [4*ecx + targetTable */
119 *x++ = 0xB8; *(DWORD*)x = (DWORD)GetProcAddress(GetModuleHandleA("KERNEL32"),"QT_Thunk");
120 x+=4; /* mov eax , QT_Thunk */
121 *x++ = 0xFF; *x++ = 0xE0; /* jmp eax */
122 /* should fill the rest of the 32 bytes with 0xCC */
125 /***********************************************************************
128 static LPVOID _loadthunk(LPCSTR module, LPCSTR func, LPCSTR module32,
129 struct ThunkDataCommon *TD32, DWORD checksum)
131 struct ThunkDataCommon *TD16;
135 if ((hmod = LoadLibrary16(module)) <= 32)
137 ERR("(%s, %s, %s): Unable to load '%s', error %d\n",
138 module, func, module32, module, hmod);
142 if ( !(ordinal = NE_GetOrdinal(hmod, func))
143 || !(TD16 = PTR_SEG_TO_LIN(NE_GetEntryPointEx(hmod, ordinal, FALSE))))
145 ERR("Unable to find thunk data '%s' in %s, required by %s (conflicting/incorrect DLL versions !?).\n",
146 func, module, module32);
150 if (TD32 && memcmp(TD16->magic, TD32->magic, 4))
152 ERR("(%s, %s, %s): Bad magic %c%c%c%c (should be %c%c%c%c)\n",
153 module, func, module32,
154 TD16->magic[0], TD16->magic[1], TD16->magic[2], TD16->magic[3],
155 TD32->magic[0], TD32->magic[1], TD32->magic[2], TD32->magic[3]);
159 if (TD32 && TD16->checksum != TD32->checksum)
161 ERR("(%s, %s, %s): Wrong checksum %08lx (should be %08lx)\n",
162 module, func, module32, TD16->checksum, TD32->checksum);
166 if (!TD32 && checksum && checksum != *(LPDWORD)TD16)
168 ERR("(%s, %s, %s): Wrong checksum %08lx (should be %08lx)\n",
169 module, func, module32, *(LPDWORD)TD16, checksum);
176 /***********************************************************************
177 * GetThunkStuff (KERNEL32.53)
179 LPVOID WINAPI GetThunkStuff(LPSTR module, LPSTR func)
181 return _loadthunk(module, func, "<kernel>", NULL, 0L);
184 /***********************************************************************
185 * GetThunkBuff (KERNEL32.52)
186 * Returns a pointer to ThkBuf in the 16bit library SYSTHUNK.DLL.
188 LPVOID WINAPI GetThunkBuff(void)
190 return GetThunkStuff("SYSTHUNK.DLL", "ThkBuf");
193 /***********************************************************************
194 * ThunkConnect32 (KERNEL32)
195 * Connects a 32bit and a 16bit thunkbuffer.
197 UINT WINAPI ThunkConnect32(
198 struct ThunkDataCommon *TD, /* [in/out] thunkbuffer */
199 LPSTR thunkfun16, /* [in] win16 thunkfunction */
200 LPSTR module16, /* [in] name of win16 dll */
201 LPSTR module32, /* [in] name of win32 dll */
202 HMODULE hmod32, /* [in] hmodule of win32 dll */
203 DWORD dwReason /* [in] initialisation argument */
207 if (!strncmp(TD->magic, "SL01", 4))
211 TRACE("SL01 thunk %s (%lx) <- %s (%s), Reason: %ld\n",
212 module32, (DWORD)TD, module16, thunkfun16, dwReason);
214 else if (!strncmp(TD->magic, "LS01", 4))
218 TRACE("LS01 thunk %s (%lx) -> %s (%s), Reason: %ld\n",
219 module32, (DWORD)TD, module16, thunkfun16, dwReason);
223 ERR("Invalid magic %c%c%c%c\n",
224 TD->magic[0], TD->magic[1], TD->magic[2], TD->magic[3]);
230 case DLL_PROCESS_ATTACH:
232 struct ThunkDataCommon *TD16;
233 if (!(TD16 = _loadthunk(module16, thunkfun16, module32, TD, 0L)))
238 struct ThunkDataSL32 *SL32 = (struct ThunkDataSL32 *)TD;
239 struct ThunkDataSL16 *SL16 = (struct ThunkDataSL16 *)TD16;
240 struct SLTargetDB *tdb;
242 if (SL16->fpData == NULL)
244 ERR("ThunkConnect16 was not called!\n");
248 SL32->data = SL16->fpData;
250 tdb = HeapAlloc(GetProcessHeap(), 0, sizeof(*tdb));
251 tdb->process = GetCurrentProcessId();
252 tdb->targetTable = (DWORD *)(thunkfun16 + SL32->offsetTargetTable);
254 tdb->next = SL32->data->targetDB; /* FIXME: not thread-safe! */
255 SL32->data->targetDB = tdb;
257 TRACE("Process %08lx allocated TargetDB entry for ThunkDataSL %08lx\n",
258 GetCurrentProcessId(), (DWORD)SL32->data);
262 struct ThunkDataLS32 *LS32 = (struct ThunkDataLS32 *)TD;
263 struct ThunkDataLS16 *LS16 = (struct ThunkDataLS16 *)TD16;
265 LS32->targetTable = PTR_SEG_TO_LIN(LS16->targetTable);
267 /* write QT_Thunk and FT_Prolog stubs */
268 _write_qtthunk ((LPBYTE)TD + LS32->offsetQTThunk, LS32->targetTable);
269 _write_ftprolog((LPBYTE)TD + LS32->offsetFTProlog, LS32->targetTable);
274 case DLL_PROCESS_DETACH:
282 /**********************************************************************
283 * QT_Thunk (KERNEL32)
285 * The target address is in EDX.
286 * The 16 bit arguments start at ESP.
287 * The number of 16bit argument bytes is EBP-ESP-0x40 (64 Byte thunksetup).
290 void WINAPI QT_Thunk( CONTEXT86 *context )
295 memcpy(&context16,context,sizeof(context16));
297 context16.SegCs = HIWORD(context->Edx);
298 context16.Eip = LOWORD(context->Edx);
299 context16.Ebp = OFFSETOF( NtCurrentTeb()->cur_stack )
300 + (WORD)&((STACK16FRAME*)0)->bp;
302 argsize = context->Ebp-context->Esp-0x40;
304 memcpy( (LPBYTE)CURRENT_STACK16 - argsize,
305 (LPBYTE)context->Esp, argsize );
307 CallTo16RegisterShort( &context16, argsize );
308 context->Eax = context16.Eax;
309 context->Edx = context16.Edx;
310 context->Ecx = context16.Ecx;
312 context->Esp += LOWORD(context16.Esp) -
313 ( OFFSETOF( NtCurrentTeb()->cur_stack ) - argsize );
317 /**********************************************************************
318 * FT_Prolog (KERNEL32.233)
320 * The set of FT_... thunk routines is used instead of QT_Thunk,
321 * if structures have to be converted from 32-bit to 16-bit
322 * (change of member alignment, conversion of members).
324 * The thunk function (as created by the thunk compiler) calls
325 * FT_Prolog at the beginning, to set up a stack frame and
326 * allocate a 64 byte buffer on the stack.
327 * The input parameters (target address and some flags) are
328 * saved for later use by FT_Thunk.
330 * Input: EDX 16-bit target address (SEGPTR)
331 * CX bits 0..7 target number (in target table)
332 * bits 8..9 some flags (unclear???)
333 * bits 10..15 number of DWORD arguments
335 * Output: A new stackframe is created, and a 64 byte buffer
336 * allocated on the stack. The layout of the stack
337 * on return is as follows:
339 * (ebp+4) return address to caller of thunk function
341 * (ebp-4) saved EBX register of caller
342 * (ebp-8) saved ESI register of caller
343 * (ebp-12) saved EDI register of caller
344 * (ebp-16) saved ECX register, containing flags
345 * (ebp-20) bitmap containing parameters that are to be converted
346 * by FT_Thunk; it is initialized to 0 by FT_Prolog and
347 * filled in by the thunk code before calling FT_Thunk
351 * (ebp-48) saved EAX register of caller (unclear, never restored???)
352 * (ebp-52) saved EDX register, containing 16-bit thunk target
357 * ESP is EBP-64 after return.
361 void WINAPI FT_Prolog( CONTEXT86 *context )
363 /* Build stack frame */
364 stack32_push(context, context->Ebp);
365 context->Ebp = context->Esp;
367 /* Allocate 64-byte Thunk Buffer */
369 memset((char *)context->Esp, '\0', 64);
371 /* Store Flags (ECX) and Target Address (EDX) */
372 /* Save other registers to be restored later */
373 *(DWORD *)(context->Ebp - 4) = context->Ebx;
374 *(DWORD *)(context->Ebp - 8) = context->Esi;
375 *(DWORD *)(context->Ebp - 12) = context->Edi;
376 *(DWORD *)(context->Ebp - 16) = context->Ecx;
378 *(DWORD *)(context->Ebp - 48) = context->Eax;
379 *(DWORD *)(context->Ebp - 52) = context->Edx;
382 /**********************************************************************
383 * FT_Thunk (KERNEL32.234)
385 * This routine performs the actual call to 16-bit code,
386 * similar to QT_Thunk. The differences are:
387 * - The call target is taken from the buffer created by FT_Prolog
388 * - Those arguments requested by the thunk code (by setting the
389 * corresponding bit in the bitmap at EBP-20) are converted
390 * from 32-bit pointers to segmented pointers (those pointers
391 * are guaranteed to point to structures copied to the stack
392 * by the thunk code, so we always use the 16-bit stack selector
393 * for those addresses).
395 * The bit #i of EBP-20 corresponds here to the DWORD starting at
398 * FIXME: It is unclear what happens if there are more than 32 WORDs
399 * of arguments, so that the single DWORD bitmap is no longer
403 void WINAPI FT_Thunk( CONTEXT86 *context )
405 DWORD mapESPrelative = *(DWORD *)(context->Ebp - 20);
406 DWORD callTarget = *(DWORD *)(context->Ebp - 52);
410 LPBYTE newstack, oldstack;
412 memcpy(&context16,context,sizeof(context16));
414 context16.SegCs = HIWORD(callTarget);
415 context16.Eip = LOWORD(callTarget);
416 context16.Ebp = OFFSETOF( NtCurrentTeb()->cur_stack )
417 + (WORD)&((STACK16FRAME*)0)->bp;
419 argsize = context->Ebp-context->Esp-0x40;
420 newstack = (LPBYTE)CURRENT_STACK16 - argsize;
421 oldstack = (LPBYTE)context->Esp;
423 memcpy( newstack, oldstack, argsize );
425 for (i = 0; i < 32; i++) /* NOTE: What about > 32 arguments? */
426 if (mapESPrelative & (1 << i))
428 SEGPTR *arg = (SEGPTR *)(newstack + 2*i);
429 *arg = PTR_SEG_OFF_TO_SEGPTR(SELECTOROF(NtCurrentTeb()->cur_stack),
430 OFFSETOF(NtCurrentTeb()->cur_stack) - argsize
431 + (*(LPBYTE *)arg - oldstack));
434 CallTo16RegisterShort( &context16, argsize );
435 context->Eax = context16.Eax;
436 context->Edx = context16.Edx;
437 context->Ecx = context16.Ecx;
439 context->Esp += LOWORD(context16.Esp) -
440 ( OFFSETOF( NtCurrentTeb()->cur_stack ) - argsize );
442 /* Copy modified buffers back to 32-bit stack */
443 memcpy( oldstack, newstack, argsize );
446 /**********************************************************************
447 * FT_ExitNN (KERNEL32.218 - 232)
449 * One of the FT_ExitNN functions is called at the end of the thunk code.
450 * It removes the stack frame created by FT_Prolog, moves the function
451 * return from EBX to EAX (yes, FT_Thunk did use EAX for the return
452 * value, but the thunk code has moved it from EAX to EBX in the
453 * meantime ... :-), restores the caller's EBX, ESI, and EDI registers,
454 * and perform a return to the CALLER of the thunk code (while removing
455 * the given number of arguments from the caller's stack).
458 static void FT_Exit(CONTEXT86 *context, int nPopArgs)
460 /* Return value is in EBX */
461 context->Eax = context->Ebx;
463 /* Restore EBX, ESI, and EDI registers */
464 context->Ebx = *(DWORD *)(context->Ebp - 4);
465 context->Esi = *(DWORD *)(context->Ebp - 8);
466 context->Edi = *(DWORD *)(context->Ebp - 12);
468 /* Clean up stack frame */
469 context->Esp = context->Ebp;
470 context->Ebp = stack32_pop(context);
472 /* Pop return address to CALLER of thunk code */
473 context->Eip = stack32_pop(context);
474 /* Remove arguments */
475 context->Esp += nPopArgs;
478 /***********************************************************************
479 * FT_Exit0 (KERNEL32.218)
481 void WINAPI FT_Exit0 (CONTEXT86 *context) { FT_Exit(context, 0); }
483 /***********************************************************************
484 * FT_Exit4 (KERNEL32.219)
486 void WINAPI FT_Exit4 (CONTEXT86 *context) { FT_Exit(context, 4); }
488 /***********************************************************************
489 * FT_Exit8 (KERNEL32.220)
491 void WINAPI FT_Exit8 (CONTEXT86 *context) { FT_Exit(context, 8); }
493 /***********************************************************************
494 * FT_Exit12 (KERNEL32.221)
496 void WINAPI FT_Exit12(CONTEXT86 *context) { FT_Exit(context, 12); }
498 /***********************************************************************
499 * FT_Exit16 (KERNEL32.222)
501 void WINAPI FT_Exit16(CONTEXT86 *context) { FT_Exit(context, 16); }
503 /***********************************************************************
504 * FT_Exit20 (KERNEL32.223)
506 void WINAPI FT_Exit20(CONTEXT86 *context) { FT_Exit(context, 20); }
508 /***********************************************************************
509 * FT_Exit24 (KERNEL32.224)
511 void WINAPI FT_Exit24(CONTEXT86 *context) { FT_Exit(context, 24); }
513 /***********************************************************************
514 * FT_Exit28 (KERNEL32.225)
516 void WINAPI FT_Exit28(CONTEXT86 *context) { FT_Exit(context, 28); }
518 /***********************************************************************
519 * FT_Exit32 (KERNEL32.226)
521 void WINAPI FT_Exit32(CONTEXT86 *context) { FT_Exit(context, 32); }
523 /***********************************************************************
524 * FT_Exit36 (KERNEL32.227)
526 void WINAPI FT_Exit36(CONTEXT86 *context) { FT_Exit(context, 36); }
528 /***********************************************************************
529 * FT_Exit40 (KERNEL32.228)
531 void WINAPI FT_Exit40(CONTEXT86 *context) { FT_Exit(context, 40); }
533 /***********************************************************************
534 * FT_Exit44 (KERNEL32.229)
536 void WINAPI FT_Exit44(CONTEXT86 *context) { FT_Exit(context, 44); }
538 /***********************************************************************
539 * FT_Exit48 (KERNEL32.230)
541 void WINAPI FT_Exit48(CONTEXT86 *context) { FT_Exit(context, 48); }
543 /***********************************************************************
544 * FT_Exit52 (KERNEL32.231)
546 void WINAPI FT_Exit52(CONTEXT86 *context) { FT_Exit(context, 52); }
548 /***********************************************************************
549 * FT_Exit56 (KERNEL32.232)
551 void WINAPI FT_Exit56(CONTEXT86 *context) { FT_Exit(context, 56); }
553 /***********************************************************************
554 * ThunkInitLS (KERNEL32.43)
555 * A thunkbuffer link routine
556 * The thunkbuf looks like:
558 * 00: DWORD length ? don't know exactly
559 * 04: SEGPTR ptr ? where does it point to?
560 * The pointer ptr is written into the first DWORD of 'thunk'.
561 * (probably correctly implemented)
564 * segmented pointer to thunk?
566 DWORD WINAPI ThunkInitLS(
567 LPDWORD thunk, /* [in] win32 thunk */
568 LPCSTR thkbuf, /* [in] thkbuffer name in win16 dll */
569 DWORD len, /* [in] thkbuffer length */
570 LPCSTR dll16, /* [in] name of win16 dll */
571 LPCSTR dll32 /* [in] name of win32 dll (FIXME: not used?) */
575 if (!(addr = _loadthunk( dll16, thkbuf, dll32, NULL, len )))
580 *(DWORD*)thunk = addr[1];
585 /***********************************************************************
586 * Common32ThkLS (KERNEL32.45)
588 * This is another 32->16 thunk, independent of the QT_Thunk/FT_Thunk
589 * style thunks. The basic difference is that the parameter conversion
590 * is done completely on the *16-bit* side here. Thus we do not call
591 * the 16-bit target directly, but call a common entry point instead.
592 * This entry function then calls the target according to the target
593 * number passed in the DI register.
595 * Input: EAX SEGPTR to the common 16-bit entry point
596 * CX offset in thunk table (target number * 4)
597 * DX error return value if execution fails (unclear???)
598 * EDX.HI number of DWORD parameters
600 * (Note that we need to move the thunk table offset from CX to DI !)
602 * The called 16-bit stub expects its stack to look like this:
604 * (esp+40) 32-bit arguments
606 * (esp+8) 32 byte of stack space available as buffer
607 * (esp) 8 byte return address for use with 0x66 lret
609 * The called 16-bit stub uses a 0x66 lret to return to 32-bit code,
610 * and uses the EAX register to return a DWORD return value.
611 * Thus we need to use a special assembly glue routine
612 * (CallRegisterLongProc instead of CallRegisterShortProc).
614 * Finally, we return to the caller, popping the arguments off
615 * the stack. The number of arguments to be popped is returned
616 * in the BL register by the called 16-bit routine.
619 void WINAPI Common32ThkLS( CONTEXT86 *context )
624 memcpy(&context16,context,sizeof(context16));
626 context16.Edi = LOWORD(context->Ecx);
627 context16.SegCs = HIWORD(context->Eax);
628 context16.Eip = LOWORD(context->Eax);
629 context16.Ebp = OFFSETOF( NtCurrentTeb()->cur_stack )
630 + (WORD)&((STACK16FRAME*)0)->bp;
632 argsize = HIWORD(context->Edx) * 4;
634 /* FIXME: hack for stupid USER32 CallbackGlueLS routine */
635 if (context->Edx == context->Eip)
638 memcpy( (LPBYTE)CURRENT_STACK16 - argsize,
639 (LPBYTE)context->Esp, argsize );
641 CallTo16RegisterLong(&context16, argsize + 32);
642 context->Eax = context16.Eax;
644 /* Clean up caller's stack frame */
645 context->Esp += BL_reg(&context16);
648 /***********************************************************************
649 * OT_32ThkLSF (KERNEL32.40)
651 * YET Another 32->16 thunk. The difference to Common32ThkLS is that
652 * argument processing is done on both the 32-bit and the 16-bit side:
653 * The 32-bit side prepares arguments, copying them onto the stack.
655 * When this routine is called, the first word on the stack is the
656 * number of argument bytes prepared by the 32-bit code, and EDX
657 * contains the 16-bit target address.
659 * The called 16-bit routine is another relaycode, doing further
660 * argument processing and then calling the real 16-bit target
661 * whose address is stored at [bp-04].
663 * The call proceeds using a normal CallRegisterShortProc.
664 * After return from the 16-bit relaycode, the arguments need
665 * to be copied *back* to the 32-bit stack, since the 32-bit
666 * relaycode processes output parameters.
668 * Note that we copy twice the number of arguments, since some of the
669 * 16-bit relaycodes in SYSTHUNK.DLL directly access the original
670 * arguments of the caller!
672 * (Note that this function seems only to be used for
673 * OLECLI32 -> OLECLI and OLESVR32 -> OLESVR thunking.)
675 void WINAPI OT_32ThkLSF( CONTEXT86 *context )
680 memcpy(&context16,context,sizeof(context16));
682 context16.SegCs = HIWORD(context->Edx);
683 context16.Eip = LOWORD(context->Edx);
684 context16.Ebp = OFFSETOF( NtCurrentTeb()->cur_stack )
685 + (WORD)&((STACK16FRAME*)0)->bp;
687 argsize = 2 * *(WORD *)context->Esp + 2;
689 memcpy( (LPBYTE)CURRENT_STACK16 - argsize,
690 (LPBYTE)context->Esp, argsize );
692 CallTo16RegisterShort(&context16, argsize);
693 context->Eax = context16.Eax;
694 context->Edx = context16.Edx;
696 /* Copy modified buffers back to 32-bit stack */
697 memcpy( (LPBYTE)context->Esp,
698 (LPBYTE)CURRENT_STACK16 - argsize, argsize );
700 context->Esp += LOWORD(context16.Esp) -
701 ( OFFSETOF( NtCurrentTeb()->cur_stack ) - argsize );
704 /***********************************************************************
705 * ThunkInitLSF (KERNEL32.41)
706 * A thunk setup routine.
707 * Expects a pointer to a preinitialized thunkbuffer in the first argument
709 * 00..03: unknown (pointer, check _41, _43, _46)
712 * 06..23: unknown (space for replacement code, check .90)
714 * 24:>E800000000 call offset 29
715 * 29:>58 pop eax ( target of call )
716 * 2A: 2D25000000 sub eax,0x00000025 ( now points to offset 4 )
717 * 2F: BAxxxxxxxx mov edx,xxxxxxxx
718 * 34: 68yyyyyyyy push KERNEL32.90
722 * 3E ... 59: unknown (space for replacement code?)
723 * 5A: E8xxxxxxxx call <32bitoffset xxxxxxxx>
725 * 60: 81EA25xxxxxx sub edx, 0x25xxxxxx
727 * 67: 68xxxxxxxx push xxxxxxxx
728 * 6C: 68yyyyyyyy push KERNEL32.89
731 * This function checks if the code is there, and replaces the yyyyyyyy entries
732 * by the functionpointers.
733 * The thunkbuf looks like:
735 * 00: DWORD length ? don't know exactly
736 * 04: SEGPTR ptr ? where does it point to?
737 * The segpointer ptr is written into the first DWORD of 'thunk'.
740 * unclear, pointer to win16 thkbuffer?
742 LPVOID WINAPI ThunkInitLSF(
743 LPBYTE thunk, /* [in] win32 thunk */
744 LPCSTR thkbuf, /* [in] thkbuffer name in win16 dll */
745 DWORD len, /* [in] length of thkbuffer */
746 LPCSTR dll16, /* [in] name of win16 dll */
747 LPCSTR dll32 /* [in] name of win32 dll */
749 HMODULE hkrnl32 = GetModuleHandleA("KERNEL32");
752 /* FIXME: add checks for valid code ... */
753 /* write pointers to kernel32.89 and kernel32.90 (+ordinal base of 1) */
754 *(DWORD*)(thunk+0x35) = (DWORD)GetProcAddress(hkrnl32,(LPSTR)90);
755 *(DWORD*)(thunk+0x6D) = (DWORD)GetProcAddress(hkrnl32,(LPSTR)89);
758 if (!(addr = _loadthunk( dll16, thkbuf, dll32, NULL, len )))
761 addr2 = PTR_SEG_TO_LIN(addr[1]);
763 *(DWORD*)thunk = (DWORD)addr2;
768 /***********************************************************************
769 * FT_PrologPrime (KERNEL32.89)
771 * This function is called from the relay code installed by
772 * ThunkInitLSF. It replaces the location from where it was
773 * called by a standard FT_Prolog call stub (which is 'primed'
774 * by inserting the correct target table pointer).
775 * Finally, it calls that stub.
777 * Input: ECX target number + flags (passed through to FT_Prolog)
778 * (ESP) offset of location where target table pointer
779 * is stored, relative to the start of the relay code
780 * (ESP+4) pointer to start of relay code
781 * (this is where the FT_Prolog call stub gets written to)
783 * Note: The two DWORD arguments get popped off the stack.
786 void WINAPI FT_PrologPrime( CONTEXT86 *context )
788 DWORD targetTableOffset;
791 /* Compensate for the fact that the Wine register relay code thought
792 we were being called, although we were in fact jumped to */
795 /* Write FT_Prolog call stub */
796 targetTableOffset = stack32_pop(context);
797 relayCode = (LPBYTE)stack32_pop(context);
798 _write_ftprolog( relayCode, *(DWORD **)(relayCode+targetTableOffset) );
800 /* Jump to the call stub just created */
801 context->Eip = (DWORD)relayCode;
804 /***********************************************************************
805 * QT_ThunkPrime (KERNEL32.90)
807 * This function corresponds to FT_PrologPrime, but installs a
808 * call stub for QT_Thunk instead.
810 * Input: (EBP-4) target number (passed through to QT_Thunk)
811 * EDX target table pointer location offset
812 * EAX start of relay code
815 void WINAPI QT_ThunkPrime( CONTEXT86 *context )
817 DWORD targetTableOffset;
820 /* Compensate for the fact that the Wine register relay code thought
821 we were being called, although we were in fact jumped to */
824 /* Write QT_Thunk call stub */
825 targetTableOffset = context->Edx;
826 relayCode = (LPBYTE)context->Eax;
827 _write_qtthunk( relayCode, *(DWORD **)(relayCode+targetTableOffset) );
829 /* Jump to the call stub just created */
830 context->Eip = (DWORD)relayCode;
833 /***********************************************************************
834 * ThunkInitSL (KERNEL32.46)
835 * Another thunkbuf link routine.
836 * The start of the thunkbuf looks like this:
838 * 04: SEGPTR address for thunkbuffer pointer
841 VOID WINAPI ThunkInitSL(
842 LPBYTE thunk, /* [in] start of thunkbuffer */
843 LPCSTR thkbuf, /* [in] name/ordinal of thunkbuffer in win16 dll */
844 DWORD len, /* [in] length of thunkbuffer */
845 LPCSTR dll16, /* [in] name of win16 dll containing the thkbuf */
846 LPCSTR dll32 /* [in] win32 dll. FIXME: strange, unused */
850 if (!(addr = _loadthunk( dll16, thkbuf, dll32, NULL, len )))
853 *(DWORD*)PTR_SEG_TO_LIN(addr[1]) = (DWORD)thunk;
856 /**********************************************************************
861 BOOL WINAPI SSInit16()
866 /**********************************************************************
867 * SSOnBigStack KERNEL32.87
868 * Check if thunking is initialized (ss selector set up etc.)
869 * We do that differently, so just return TRUE.
874 BOOL WINAPI SSOnBigStack()
876 TRACE("Yes, thunking is initialized\n");
880 /**********************************************************************
881 * SSConfirmSmallStack KERNEL.704
883 * Abort if not on small stack.
885 * This must be a register routine as it has to preserve *all* registers.
887 void WINAPI SSConfirmSmallStack( CONTEXT86 *context )
889 /* We are always on the small stack while in 16-bit code ... */
892 /**********************************************************************
894 * One of the real thunking functions. This one seems to be for 32<->32
895 * thunks. It should probably be capable of crossing processboundaries.
897 * And YES, I've seen nr=48 (somewhere in the Win95 32<->16 OLE coupling)
900 DWORD WINAPIV SSCall(
901 DWORD nr, /* [in] number of argument bytes */
902 DWORD flags, /* [in] FIXME: flags ? */
903 FARPROC fun, /* [in] function to call */
904 ... /* [in/out] arguments */
907 DWORD *args = ((DWORD *)&fun) + 1;
911 DPRINTF("(%ld,0x%08lx,%p,[",nr,flags,fun);
913 DPRINTF("0x%08lx,",args[i]);
919 case 4: ret = fun(args[0]);
921 case 8: ret = fun(args[0],args[1]);
923 case 12: ret = fun(args[0],args[1],args[2]);
925 case 16: ret = fun(args[0],args[1],args[2],args[3]);
927 case 20: ret = fun(args[0],args[1],args[2],args[3],args[4]);
929 case 24: ret = fun(args[0],args[1],args[2],args[3],args[4],args[5]);
931 case 28: ret = fun(args[0],args[1],args[2],args[3],args[4],args[5],args[6]);
933 case 32: ret = fun(args[0],args[1],args[2],args[3],args[4],args[5],args[6],args[7]);
935 case 36: ret = fun(args[0],args[1],args[2],args[3],args[4],args[5],args[6],args[7],args[8]);
937 case 40: ret = fun(args[0],args[1],args[2],args[3],args[4],args[5],args[6],args[7],args[8],args[9]);
939 case 44: ret = fun(args[0],args[1],args[2],args[3],args[4],args[5],args[6],args[7],args[8],args[9],args[10]);
941 case 48: ret = fun(args[0],args[1],args[2],args[3],args[4],args[5],args[6],args[7],args[8],args[9],args[10],args[11]);
944 WARN("Unsupported nr of arguments, %ld\n",nr);
949 TRACE(" returning %ld ...\n",ret);
953 /**********************************************************************
954 * W32S_BackTo32 (KERNEL32.51)
956 void WINAPI W32S_BackTo32( CONTEXT86 *context )
958 LPDWORD stack = (LPDWORD)context->Esp;
959 FARPROC proc = (FARPROC)context->Eip;
961 context->Eax = proc( stack[1], stack[2], stack[3], stack[4], stack[5],
962 stack[6], stack[7], stack[8], stack[9], stack[10] );
964 context->Eip = stack32_pop(context);
967 /**********************************************************************
968 * AllocSLCallback (KERNEL32)
970 * Win95 uses some structchains for callbacks. It allocates them
971 * in blocks of 100 entries, size 32 bytes each, layout:
973 * 0: PTR nextblockstart
975 * 8: WORD sel ( start points to blockstart)
979 * 18: PDB *owning_process;
982 * We ignore this for now. (Just a note for further developers)
983 * FIXME: use this method, so we don't waste selectors...
985 * Following code is then generated by AllocSLCallback. The code is 16 bit, so
986 * the 0x66 prefix switches from word->long registers.
989 * 6668x arg2 x pushl <arg2>
991 * EAx arg1 x jmpf <arg1>
993 * returns the startaddress of this thunk.
995 * Note, that they look very similair to the ones allocates by THUNK_Alloc.
997 * segmented pointer to the start of the thunk
1001 DWORD finalizer, /* [in] finalizer function */
1002 DWORD callback /* [in] callback function */
1004 LPBYTE x,thunk = HeapAlloc( GetProcessHeap(), 0, 32 );
1008 *x++=0x66;*x++=0x5a; /* popl edx */
1009 *x++=0x66;*x++=0x68;*(DWORD*)x=finalizer;x+=4; /* pushl finalizer */
1010 *x++=0x66;*x++=0x52; /* pushl edx */
1011 *x++=0xea;*(DWORD*)x=callback;x+=4; /* jmpf callback */
1013 *(DWORD*)(thunk+18) = GetCurrentProcessId();
1015 sel = SELECTOR_AllocBlock( thunk , 32, SEGMENT_CODE, FALSE, FALSE );
1019 /**********************************************************************
1020 * FreeSLCallback (KERNEL32.274)
1021 * Frees the specified 16->32 callback
1025 DWORD x /* [in] 16 bit callback (segmented pointer?) */
1027 FIXME("(0x%08lx): stub\n",x);
1031 /**********************************************************************
1032 * GetTEBSelectorFS (KERNEL.475)
1033 * Set the 16-bit %fs to the 32-bit %fs (current TEB selector)
1035 void WINAPI GetTEBSelectorFS16(void)
1037 CURRENT_STACK16->fs = __get_fs();
1040 /**********************************************************************
1041 * KERNEL_431 (KERNEL.431)
1042 * IsPeFormat (W32SYS.2)
1043 * Checks the passed filename if it is a PE format executeable
1048 BOOL16 WINAPI IsPeFormat16(
1049 LPSTR fn, /* [in] filename to executeable */
1050 HFILE16 hf16 /* [in] open file, if filename is NULL */
1052 IMAGE_DOS_HEADER mzh;
1057 hf16 = OpenFile16(fn,&ofs,OF_READ);
1058 if (hf16==HFILE_ERROR16)
1061 _llseek16(hf16,0,SEEK_SET);
1062 if (sizeof(mzh)!=_lread16(hf16,&mzh,sizeof(mzh))) {
1066 if (mzh.e_magic!=IMAGE_DOS_SIGNATURE) {
1067 WARN("File has not got dos signature!\n");
1071 _llseek16(hf16,mzh.e_lfanew,SEEK_SET);
1072 if (sizeof(DWORD)!=_lread16(hf16,&xmagic,sizeof(DWORD))) {
1077 return (xmagic == IMAGE_NT_SIGNATURE);
1081 /***********************************************************************
1082 * K32Thk1632Prolog (KERNEL32.492)
1084 void WINAPI K32Thk1632Prolog( CONTEXT86 *context )
1086 LPBYTE code = (LPBYTE)context->Eip - 5;
1088 /* Arrrgh! SYSTHUNK.DLL just has to re-implement another method
1089 of 16->32 thunks instead of using one of the standard methods!
1090 This means that SYSTHUNK.DLL itself switches to a 32-bit stack,
1091 and does a far call to the 32-bit code segment of OLECLI32/OLESVR32.
1092 Unfortunately, our CallTo/CallFrom mechanism is therefore completely
1093 bypassed, which means it will crash the next time the 32-bit OLE
1094 code thunks down again to 16-bit (this *will* happen!).
1096 The following hack tries to recognize this situation.
1097 This is possible since the called stubs in OLECLI32/OLESVR32 all
1098 look exactly the same:
1099 00 E8xxxxxxxx call K32Thk1632Prolog
1100 05 FF55FC call [ebp-04]
1101 08 E8xxxxxxxx call K32Thk1632Epilog
1104 If we recognize this situation, we try to simulate the actions
1105 of our CallTo/CallFrom mechanism by copying the 16-bit stack
1106 to our 32-bit stack, creating a proper STACK16FRAME and
1107 updating cur_stack. */
1109 if ( code[5] == 0xFF && code[6] == 0x55 && code[7] == 0xFC
1110 && code[13] == 0x66 && code[14] == 0xCB)
1112 WORD stackSel = NtCurrentTeb()->stack_sel;
1113 DWORD stackBase = GetSelectorBase(stackSel);
1115 DWORD argSize = context->Ebp - context->Esp;
1116 char *stack16 = (char *)context->Esp - 4;
1117 char *stack32 = (char *)NtCurrentTeb()->cur_stack - argSize;
1118 STACK16FRAME *frame16 = (STACK16FRAME *)stack16 - 1;
1120 TRACE("before SYSTHUNK hack: EBP: %08lx ESP: %08lx cur_stack: %08lx\n",
1121 context->Ebp, context->Esp, NtCurrentTeb()->cur_stack);
1123 memset(frame16, '\0', sizeof(STACK16FRAME));
1124 frame16->frame32 = (STACK32FRAME *)NtCurrentTeb()->cur_stack;
1125 frame16->ebp = context->Ebp;
1127 memcpy(stack32, stack16, argSize);
1128 NtCurrentTeb()->cur_stack = PTR_SEG_OFF_TO_SEGPTR(stackSel, (DWORD)frame16 - stackBase);
1130 context->Esp = (DWORD)stack32 + 4;
1131 context->Ebp = context->Esp + argSize;
1133 TRACE("after SYSTHUNK hack: EBP: %08lx ESP: %08lx cur_stack: %08lx\n",
1134 context->Ebp, context->Esp, NtCurrentTeb()->cur_stack);
1137 SYSLEVEL_ReleaseWin16Lock();
1140 /***********************************************************************
1141 * K32Thk1632Epilog (KERNEL32.491)
1143 void WINAPI K32Thk1632Epilog( CONTEXT86 *context )
1145 LPBYTE code = (LPBYTE)context->Eip - 13;
1147 SYSLEVEL_RestoreWin16Lock();
1149 /* We undo the SYSTHUNK hack if necessary. See K32Thk1632Prolog. */
1151 if ( code[5] == 0xFF && code[6] == 0x55 && code[7] == 0xFC
1152 && code[13] == 0x66 && code[14] == 0xCB)
1154 STACK16FRAME *frame16 = (STACK16FRAME *)PTR_SEG_TO_LIN(NtCurrentTeb()->cur_stack);
1155 char *stack16 = (char *)(frame16 + 1);
1156 DWORD argSize = frame16->ebp - (DWORD)stack16;
1157 char *stack32 = (char *)frame16->frame32 - argSize;
1159 DWORD nArgsPopped = context->Esp - (DWORD)stack32;
1161 TRACE("before SYSTHUNK hack: EBP: %08lx ESP: %08lx cur_stack: %08lx\n",
1162 context->Ebp, context->Esp, NtCurrentTeb()->cur_stack);
1164 NtCurrentTeb()->cur_stack = (DWORD)frame16->frame32;
1166 context->Esp = (DWORD)stack16 + nArgsPopped;
1167 context->Ebp = frame16->ebp;
1169 TRACE("after SYSTHUNK hack: EBP: %08lx ESP: %08lx cur_stack: %08lx\n",
1170 context->Ebp, context->Esp, NtCurrentTeb()->cur_stack);
1174 /*********************************************************************
1175 * PK16FNF [KERNEL32.91]
1177 * This routine fills in the supplied 13-byte (8.3 plus terminator)
1178 * string buffer with the 8.3 filename of a recently loaded 16-bit
1179 * module. It is unknown exactly what modules trigger this
1180 * mechanism or what purpose this serves. Win98 Explorer (and
1181 * probably also Win95 with IE 4 shell integration) calls this
1182 * several times during initialization.
1184 * FIXME: find out what this really does and make it work.
1186 void WINAPI PK16FNF(LPSTR strPtr)
1188 FIXME("(%p): stub\n", strPtr);
1190 /* fill in a fake filename that'll be easy to recognize */
1191 strcpy(strPtr, "WINESTUB.FIX");
1194 /***********************************************************************
1195 * 16->32 Flat Thunk routines:
1198 /***********************************************************************
1199 * ThunkConnect16 (KERNEL.651)
1200 * Connects a 32bit and a 16bit thunkbuffer.
1202 UINT WINAPI ThunkConnect16(
1203 LPSTR module16, /* [in] name of win16 dll */
1204 LPSTR module32, /* [in] name of win32 dll */
1205 HINSTANCE16 hInst16, /* [in] hInst of win16 dll */
1206 DWORD dwReason, /* [in] initialisation argument */
1207 struct ThunkDataCommon *TD, /* [in/out] thunkbuffer */
1208 LPSTR thunkfun32, /* [in] win32 thunkfunction */
1209 WORD cs /* [in] CS of win16 dll */
1213 if (!strncmp(TD->magic, "SL01", 4))
1217 TRACE("SL01 thunk %s (%lx) -> %s (%s), Reason: %ld\n",
1218 module16, (DWORD)TD, module32, thunkfun32, dwReason);
1220 else if (!strncmp(TD->magic, "LS01", 4))
1222 directionSL = FALSE;
1224 TRACE("LS01 thunk %s (%lx) <- %s (%s), Reason: %ld\n",
1225 module16, (DWORD)TD, module32, thunkfun32, dwReason);
1229 ERR("Invalid magic %c%c%c%c\n",
1230 TD->magic[0], TD->magic[1], TD->magic[2], TD->magic[3]);
1236 case DLL_PROCESS_ATTACH:
1239 struct ThunkDataSL16 *SL16 = (struct ThunkDataSL16 *)TD;
1240 struct ThunkDataSL *SL = SL16->fpData;
1244 SL = HeapAlloc(GetProcessHeap(), 0, sizeof(*SL));
1246 SL->common = SL16->common;
1247 SL->flags1 = SL16->flags1;
1248 SL->flags2 = SL16->flags2;
1250 SL->apiDB = PTR_SEG_TO_LIN(SL16->apiDatabase);
1251 SL->targetDB = NULL;
1253 lstrcpynA(SL->pszDll16, module16, 255);
1254 lstrcpynA(SL->pszDll32, module32, 255);
1256 /* We should create a SEGPTR to the ThunkDataSL,
1257 but since the contents are not in the original format,
1258 any access to this by 16-bit code would crash anyway. */
1264 if (SL->flags2 & 0x80000000)
1266 TRACE("Preloading 32-bit library\n");
1267 LoadLibraryA(module32);
1276 case DLL_PROCESS_DETACH:
1277 /* FIXME: cleanup */
1285 /***********************************************************************
1286 * C16ThkSL (KERNEL.630)
1289 void WINAPI C16ThkSL(CONTEXT86 *context)
1291 LPBYTE stub = PTR_SEG_TO_LIN(context->Eax), x = stub;
1292 WORD cs = __get_cs();
1293 WORD ds = __get_ds();
1295 /* We produce the following code:
1300 * mov edx, es:[ecx + $EDX]
1305 * call __FLATCS:CallFrom16Thunk
1308 *x++ = 0xB8; *((WORD *)x)++ = ds;
1309 *x++ = 0x8E; *x++ = 0xC0;
1310 *x++ = 0x66; *x++ = 0x0F; *x++ = 0xB7; *x++ = 0xC9;
1311 *x++ = 0x67; *x++ = 0x66; *x++ = 0x26; *x++ = 0x8B;
1312 *x++ = 0x91; *((DWORD *)x)++ = context->Edx;
1315 *x++ = 0x66; *x++ = 0x52;
1317 *x++ = 0x66; *x++ = 0x52;
1318 *x++ = 0x66; *x++ = 0x9A; *((DWORD *)x)++ = (DWORD)CallFrom16Thunk;
1319 *((WORD *)x)++ = cs;
1321 /* Jump to the stub code just created */
1322 context->Eip = LOWORD(context->Eax);
1323 context->SegCs = HIWORD(context->Eax);
1325 /* Since C16ThkSL got called by a jmp, we need to leave the
1326 original return address on the stack */
1330 /***********************************************************************
1331 * C16ThkSL01 (KERNEL.631)
1334 void WINAPI C16ThkSL01(CONTEXT86 *context)
1336 LPBYTE stub = PTR_SEG_TO_LIN(context->Eax), x = stub;
1340 struct ThunkDataSL16 *SL16 = PTR_SEG_TO_LIN(context->Edx);
1341 struct ThunkDataSL *td = SL16->fpData;
1343 DWORD procAddress = (DWORD)GetProcAddress16(GetModuleHandle16("KERNEL"), 631);
1344 WORD cs = __get_cs();
1348 ERR("ThunkConnect16 was not called!\n");
1352 TRACE("Creating stub for ThunkDataSL %08lx\n", (DWORD)td);
1355 /* We produce the following code:
1364 * call __FLATCS:CallFrom16Thunk
1367 *x++ = 0x66; *x++ = 0x33; *x++ = 0xC0;
1368 *x++ = 0x66; *x++ = 0xBA; *((DWORD *)x)++ = (DWORD)td;
1369 *x++ = 0x9A; *((DWORD *)x)++ = procAddress;
1372 *x++ = 0x66; *x++ = 0x52;
1374 *x++ = 0x66; *x++ = 0x52;
1375 *x++ = 0x66; *x++ = 0x9A; *((DWORD *)x)++ = (DWORD)CallFrom16Thunk;
1376 *((WORD *)x)++ = cs;
1378 /* Jump to the stub code just created */
1379 context->Eip = LOWORD(context->Eax);
1380 context->SegCs = HIWORD(context->Eax);
1382 /* Since C16ThkSL01 got called by a jmp, we need to leave the
1383 orginal return address on the stack */
1388 struct ThunkDataSL *td = (struct ThunkDataSL *)context->Edx;
1389 DWORD targetNr = CX_reg(context) / 4;
1390 struct SLTargetDB *tdb;
1392 TRACE("Process %08lx calling target %ld of ThunkDataSL %08lx\n",
1393 GetCurrentProcessId(), targetNr, (DWORD)td);
1395 for (tdb = td->targetDB; tdb; tdb = tdb->next)
1396 if (tdb->process == GetCurrentProcessId())
1401 TRACE("Loading 32-bit library %s\n", td->pszDll32);
1402 LoadLibraryA(td->pszDll32);
1404 for (tdb = td->targetDB; tdb; tdb = tdb->next)
1405 if (tdb->process == GetCurrentProcessId())
1411 context->Edx = tdb->targetTable[targetNr];
1413 TRACE("Call target is %08lx\n", context->Edx);
1417 WORD *stack = PTR_SEG_OFF_TO_LIN(context->SegSs, LOWORD(context->Esp));
1418 DX_reg(context) = HIWORD(td->apiDB[targetNr].errorReturnValue);
1419 AX_reg(context) = LOWORD(td->apiDB[targetNr].errorReturnValue);
1420 context->Eip = stack[2];
1421 context->SegCs = stack[3];
1422 context->Esp += td->apiDB[targetNr].nrArgBytes + 4;
1424 ERR("Process %08lx did not ThunkConnect32 %s to %s\n",
1425 GetCurrentProcessId(), td->pszDll32, td->pszDll16);
1431 /***********************************************************************
1432 * 16<->32 Thunklet/Callback API:
1435 #include "pshpack1.h"
1436 typedef struct _THUNKLET
1451 struct _THUNKLET *next;
1453 #include "poppack.h"
1455 #define THUNKLET_TYPE_LS 1
1456 #define THUNKLET_TYPE_SL 2
1458 static HANDLE ThunkletHeap = 0;
1459 static THUNKLET *ThunkletAnchor = NULL;
1461 static FARPROC ThunkletSysthunkGlueLS = 0;
1462 static SEGPTR ThunkletSysthunkGlueSL = 0;
1464 static FARPROC ThunkletCallbackGlueLS = 0;
1465 static SEGPTR ThunkletCallbackGlueSL = 0;
1467 /***********************************************************************
1470 BOOL THUNK_Init(void)
1474 ThunkletHeap = HeapCreate(HEAP_WINE_SEGPTR | HEAP_WINE_CODE16SEG, 0, 0);
1475 if (!ThunkletHeap) return FALSE;
1477 thunk = HeapAlloc( ThunkletHeap, 0, 5 );
1478 if (!thunk) return FALSE;
1480 ThunkletSysthunkGlueLS = (FARPROC)thunk;
1481 *thunk++ = 0x58; /* popl eax */
1482 *thunk++ = 0xC3; /* ret */
1484 ThunkletSysthunkGlueSL = HEAP_GetSegptr( ThunkletHeap, 0, thunk );
1485 *thunk++ = 0x66; *thunk++ = 0x58; /* popl eax */
1486 *thunk++ = 0xCB; /* lret */
1491 /***********************************************************************
1492 * SetThunkletCallbackGlue (KERNEL.560)
1494 void WINAPI SetThunkletCallbackGlue16( FARPROC glueLS, SEGPTR glueSL )
1496 ThunkletCallbackGlueLS = glueLS;
1497 ThunkletCallbackGlueSL = glueSL;
1501 /***********************************************************************
1502 * THUNK_FindThunklet
1504 THUNKLET *THUNK_FindThunklet( DWORD target, DWORD relay,
1505 DWORD glue, BYTE type )
1509 for (thunk = ThunkletAnchor; thunk; thunk = thunk->next)
1510 if ( thunk->type == type
1511 && thunk->target == target
1512 && thunk->relay == relay
1513 && ( type == THUNKLET_TYPE_LS ?
1514 ( thunk->glue == glue - (DWORD)&thunk->type )
1515 : ( thunk->glue == glue ) ) )
1521 /***********************************************************************
1522 * THUNK_AllocLSThunklet
1524 FARPROC THUNK_AllocLSThunklet( SEGPTR target, DWORD relay,
1525 FARPROC glue, HTASK16 owner )
1527 THUNKLET *thunk = THUNK_FindThunklet( (DWORD)target, relay, (DWORD)glue,
1531 TDB *pTask = (TDB*)GlobalLock16( owner );
1533 if ( !(thunk = HeapAlloc( ThunkletHeap, 0, sizeof(THUNKLET) )) )
1536 thunk->prefix_target = thunk->prefix_relay = 0x90;
1537 thunk->pushl_target = thunk->pushl_relay = 0x68;
1538 thunk->jmp_glue = 0xE9;
1540 thunk->target = (DWORD)target;
1541 thunk->relay = (DWORD)relay;
1542 thunk->glue = (DWORD)glue - (DWORD)&thunk->type;
1544 thunk->type = THUNKLET_TYPE_LS;
1545 thunk->owner = pTask? pTask->hInstance : 0;
1547 thunk->next = ThunkletAnchor;
1548 ThunkletAnchor = thunk;
1551 return (FARPROC)thunk;
1554 /***********************************************************************
1555 * THUNK_AllocSLThunklet
1557 SEGPTR THUNK_AllocSLThunklet( FARPROC target, DWORD relay,
1558 SEGPTR glue, HTASK16 owner )
1560 THUNKLET *thunk = THUNK_FindThunklet( (DWORD)target, relay, (DWORD)glue,
1564 TDB *pTask = (TDB*)GlobalLock16( owner );
1566 if ( !(thunk = HeapAlloc( ThunkletHeap, 0, sizeof(THUNKLET) )) )
1569 thunk->prefix_target = thunk->prefix_relay = 0x66;
1570 thunk->pushl_target = thunk->pushl_relay = 0x68;
1571 thunk->jmp_glue = 0xEA;
1573 thunk->target = (DWORD)target;
1574 thunk->relay = (DWORD)relay;
1575 thunk->glue = (DWORD)glue;
1577 thunk->type = THUNKLET_TYPE_SL;
1578 thunk->owner = pTask? pTask->hInstance : 0;
1580 thunk->next = ThunkletAnchor;
1581 ThunkletAnchor = thunk;
1584 return HEAP_GetSegptr( ThunkletHeap, 0, thunk );
1587 /**********************************************************************
1590 BOOL16 WINAPI IsLSThunklet( THUNKLET *thunk )
1592 return thunk->prefix_target == 0x90 && thunk->pushl_target == 0x68
1593 && thunk->prefix_relay == 0x90 && thunk->pushl_relay == 0x68
1594 && thunk->jmp_glue == 0xE9 && thunk->type == THUNKLET_TYPE_LS;
1597 /**********************************************************************
1598 * IsSLThunklet (KERNEL.612)
1600 BOOL16 WINAPI IsSLThunklet16( THUNKLET *thunk )
1602 return thunk->prefix_target == 0x66 && thunk->pushl_target == 0x68
1603 && thunk->prefix_relay == 0x66 && thunk->pushl_relay == 0x68
1604 && thunk->jmp_glue == 0xEA && thunk->type == THUNKLET_TYPE_SL;
1609 /***********************************************************************
1610 * AllocLSThunkletSysthunk (KERNEL.607)
1612 FARPROC WINAPI AllocLSThunkletSysthunk16( SEGPTR target,
1613 FARPROC relay, DWORD dummy )
1615 return THUNK_AllocLSThunklet( (SEGPTR)relay, (DWORD)target,
1616 ThunkletSysthunkGlueLS, GetCurrentTask() );
1619 /***********************************************************************
1620 * AllocSLThunkletSysthunk (KERNEL.608)
1622 SEGPTR WINAPI AllocSLThunkletSysthunk16( FARPROC target,
1623 SEGPTR relay, DWORD dummy )
1625 return THUNK_AllocSLThunklet( (FARPROC)relay, (DWORD)target,
1626 ThunkletSysthunkGlueSL, GetCurrentTask() );
1630 /***********************************************************************
1631 * AllocLSThunkletCallbackEx (KERNEL.567)
1633 FARPROC WINAPI AllocLSThunkletCallbackEx16( SEGPTR target,
1634 DWORD relay, HTASK16 task )
1636 THUNKLET *thunk = (THUNKLET *)PTR_SEG_TO_LIN( target );
1637 if ( !thunk ) return NULL;
1639 if ( IsSLThunklet16( thunk ) && thunk->relay == relay
1640 && thunk->glue == (DWORD)ThunkletCallbackGlueSL )
1641 return (FARPROC)thunk->target;
1643 return THUNK_AllocLSThunklet( target, relay,
1644 ThunkletCallbackGlueLS, task );
1647 /***********************************************************************
1648 * AllocSLThunkletCallbackEx (KERNEL.568)
1650 SEGPTR WINAPI AllocSLThunkletCallbackEx16( FARPROC target,
1651 DWORD relay, HTASK16 task )
1653 THUNKLET *thunk = (THUNKLET *)target;
1654 if ( !thunk ) return 0;
1656 if ( IsLSThunklet( thunk ) && thunk->relay == relay
1657 && thunk->glue == (DWORD)ThunkletCallbackGlueLS - (DWORD)&thunk->type )
1658 return (SEGPTR)thunk->target;
1660 return THUNK_AllocSLThunklet( target, relay,
1661 ThunkletCallbackGlueSL, task );
1664 /***********************************************************************
1665 * AllocLSThunkletCallback (KERNEL.561) (KERNEL.606)
1667 FARPROC WINAPI AllocLSThunkletCallback16( SEGPTR target, DWORD relay )
1669 return AllocLSThunkletCallbackEx16( target, relay, GetCurrentTask() );
1672 /***********************************************************************
1673 * AllocSLThunkletCallback (KERNEL.562) (KERNEL.605)
1675 SEGPTR WINAPI AllocSLThunkletCallback16( FARPROC target, DWORD relay )
1677 return AllocSLThunkletCallbackEx16( target, relay, GetCurrentTask() );
1680 /***********************************************************************
1681 * FindLSThunkletCallback (KERNEL.563) (KERNEL.609)
1683 FARPROC WINAPI FindLSThunkletCallback( SEGPTR target, DWORD relay )
1685 THUNKLET *thunk = (THUNKLET *)PTR_SEG_TO_LIN( target );
1686 if ( thunk && IsSLThunklet16( thunk ) && thunk->relay == relay
1687 && thunk->glue == (DWORD)ThunkletCallbackGlueSL )
1688 return (FARPROC)thunk->target;
1690 thunk = THUNK_FindThunklet( (DWORD)target, relay,
1691 (DWORD)ThunkletCallbackGlueLS,
1693 return (FARPROC)thunk;
1696 /***********************************************************************
1697 * FindSLThunkletCallback (KERNEL.564) (KERNEL.610)
1699 SEGPTR WINAPI FindSLThunkletCallback( FARPROC target, DWORD relay )
1701 THUNKLET *thunk = (THUNKLET *)target;
1702 if ( thunk && IsLSThunklet( thunk ) && thunk->relay == relay
1703 && thunk->glue == (DWORD)ThunkletCallbackGlueLS - (DWORD)&thunk->type )
1704 return (SEGPTR)thunk->target;
1706 thunk = THUNK_FindThunklet( (DWORD)target, relay,
1707 (DWORD)ThunkletCallbackGlueSL,
1709 return HEAP_GetSegptr( ThunkletHeap, 0, thunk );
1713 /***********************************************************************
1714 * FreeThunklet16 (KERNEL.611)
1716 BOOL16 WINAPI FreeThunklet16( DWORD unused1, DWORD unused2 )
1722 /***********************************************************************
1723 * Callback Client API
1726 #define N_CBC_FIXED 20
1727 #define N_CBC_VARIABLE 10
1728 #define N_CBC_TOTAL (N_CBC_FIXED + N_CBC_VARIABLE)
1730 static SEGPTR CBClientRelay16[ N_CBC_TOTAL ];
1731 static FARPROC *CBClientRelay32[ N_CBC_TOTAL ];
1733 /***********************************************************************
1734 * RegisterCBClient (KERNEL.619)
1736 INT16 WINAPI RegisterCBClient16( INT16 wCBCId,
1737 SEGPTR relay16, FARPROC *relay32 )
1739 /* Search for free Callback ID */
1741 for ( wCBCId = N_CBC_FIXED; wCBCId < N_CBC_TOTAL; wCBCId++ )
1742 if ( !CBClientRelay16[ wCBCId ] )
1745 /* Register Callback ID */
1746 if ( wCBCId > 0 && wCBCId < N_CBC_TOTAL )
1748 CBClientRelay16[ wCBCId ] = relay16;
1749 CBClientRelay32[ wCBCId ] = relay32;
1757 /***********************************************************************
1758 * UnRegisterCBClient (KERNEL.622)
1760 INT16 WINAPI UnRegisterCBClient16( INT16 wCBCId,
1761 SEGPTR relay16, FARPROC *relay32 )
1763 if ( wCBCId >= N_CBC_FIXED && wCBCId < N_CBC_TOTAL
1764 && CBClientRelay16[ wCBCId ] == relay16
1765 && CBClientRelay32[ wCBCId ] == relay32 )
1767 CBClientRelay16[ wCBCId ] = 0;
1768 CBClientRelay32[ wCBCId ] = 0;
1777 /***********************************************************************
1778 * InitCBClient (KERNEL.623)
1780 void WINAPI InitCBClient16( FARPROC glueLS )
1782 HMODULE16 kernel = GetModuleHandle16( "KERNEL" );
1783 SEGPTR glueSL = (SEGPTR)WIN32_GetProcAddress16( kernel, (LPCSTR)604 );
1785 SetThunkletCallbackGlue16( glueLS, glueSL );
1788 /***********************************************************************
1789 * CBClientGlueSL (KERNEL.604)
1791 void WINAPI CBClientGlueSL( CONTEXT86 *context )
1793 /* Create stack frame */
1794 SEGPTR stackSeg = stack16_push( 12 );
1795 LPWORD stackLin = PTR_SEG_TO_LIN( stackSeg );
1796 SEGPTR glue, *glueTab;
1798 stackLin[3] = BP_reg( context );
1799 stackLin[2] = SI_reg( context );
1800 stackLin[1] = DI_reg( context );
1801 stackLin[0] = context->SegDs;
1803 context->Ebp = OFFSETOF( stackSeg ) + 6;
1804 context->Esp = OFFSETOF( stackSeg ) - 4;
1807 /* Jump to 16-bit relay code */
1808 glueTab = PTR_SEG_TO_LIN( CBClientRelay16[ stackLin[5] ] );
1809 glue = glueTab[ stackLin[4] ];
1810 context->SegCs = SELECTOROF( glue );
1811 context->Eip = OFFSETOF ( glue );
1814 /***********************************************************************
1815 * CBClientThunkSL (KERNEL.620)
1817 extern DWORD CALL32_CBClient( FARPROC proc, LPWORD args, DWORD *esi );
1818 void WINAPI CBClientThunkSL( CONTEXT86 *context )
1820 /* Call 32-bit relay code */
1822 LPWORD args = PTR_SEG_OFF_TO_LIN( context->SegSs, BP_reg( context ) );
1823 FARPROC proc = CBClientRelay32[ args[2] ][ args[1] ];
1825 context->Eax = CALL32_CBClient( proc, args, &context->Esi );
1828 /***********************************************************************
1829 * CBClientThunkSLEx (KERNEL.621)
1831 extern DWORD CALL32_CBClientEx( FARPROC proc, LPWORD args, DWORD *esi, INT *nArgs );
1832 void WINAPI CBClientThunkSLEx( CONTEXT86 *context )
1834 /* Call 32-bit relay code */
1836 LPWORD args = PTR_SEG_OFF_TO_LIN( context->SegSs, BP_reg( context ) );
1837 FARPROC proc = CBClientRelay32[ args[2] ][ args[1] ];
1841 context->Eax = CALL32_CBClientEx( proc, args, &context->Esi, &nArgs );
1843 /* Restore registers saved by CBClientGlueSL */
1844 stackLin = (LPWORD)((LPBYTE)CURRENT_STACK16 + sizeof(STACK16FRAME) - 4);
1845 BP_reg( context ) = stackLin[3];
1846 SI_reg( context ) = stackLin[2];
1847 DI_reg( context ) = stackLin[1];
1848 context->SegDs = stackLin[0];
1849 context->Esp += 16+nArgs;
1851 /* Return to caller of CBClient thunklet */
1852 context->SegCs = stackLin[9];
1853 context->Eip = stackLin[8];
1857 /***********************************************************************
1858 * Get16DLLAddress (KERNEL32)
1860 * This function is used by a Win32s DLL if it wants to call a Win16 function.
1861 * A 16:16 segmented pointer to the function is returned.
1862 * Written without any docu.
1864 SEGPTR WINAPI Get16DLLAddress(HMODULE handle, LPSTR func_name) {
1865 HANDLE ThunkHeap = HeapCreate(HEAP_WINE_SEGPTR | HEAP_WINE_CODESEG, 0, 64);
1867 LPVOID tmpheap = HeapAlloc(ThunkHeap, 0, 32);
1868 SEGPTR thunk = HEAP_GetSegptr(ThunkHeap, 0, tmpheap);
1871 if (!handle) handle=GetModuleHandle16("WIN32S16");
1872 proc_16 = (DWORD)WIN32_GetProcAddress16(handle, func_name);
1874 x=PTR_SEG_TO_LIN(thunk);
1875 *x++=0xba; *(DWORD*)x=proc_16;x+=4; /* movl proc_16, $edx */
1876 *x++=0xea; *(DWORD*)x=(DWORD)GetProcAddress(GetModuleHandleA("KERNEL32"),"QT_Thunk");x+=4; /* jmpl QT_Thunk */
1877 *(WORD*)x=__get_cs();
1882 /***********************************************************************
1883 * GetWin16DOSEnv (KERNEL32.34)
1884 * Returns some internal value.... probably the default environment database?
1886 DWORD WINAPI GetWin16DOSEnv()
1888 FIXME("stub, returning 0\n");
1892 /**********************************************************************
1893 * GetPK16SysVar (KERNEL32.92)
1895 LPVOID WINAPI GetPK16SysVar(void)
1897 static BYTE PK16SysVar[128];
1903 /**********************************************************************
1904 * CommonUnimpStub (KERNEL32.17)
1906 void WINAPI CommonUnimpStub( CONTEXT86 *context )
1909 MESSAGE( "*** Unimplemented Win32 API: %s\n", (LPSTR)context->Eax );
1911 switch ((context->Ecx >> 4) & 0x0f)
1913 case 15: context->Eax = -1; break;
1914 case 14: context->Eax = 0x78; break;
1915 case 13: context->Eax = 0x32; break;
1916 case 1: context->Eax = 1; break;
1917 default: context->Eax = 0; break;
1920 context->Esp += (context->Ecx & 0x0f) * 4;
1923 /**********************************************************************
1924 * HouseCleanLogicallyDeadHandles (KERNEL32.33)
1926 void WINAPI HouseCleanLogicallyDeadHandles(void)
1928 /* Whatever this is supposed to do, our handles probably
1929 don't need it :-) */
1932 /**********************************************************************
1935 BOOL WINAPI _KERNEL32_100(HANDLE threadid,DWORD exitcode,DWORD x)
1937 FIXME("(%d,%ld,0x%08lx): stub\n",threadid,exitcode,x);
1941 /**********************************************************************
1944 DWORD WINAPI _KERNEL32_99(DWORD x)
1946 FIXME("(0x%08lx): stub\n",x);
1951 /**********************************************************************
1954 * Real prototype is:
1955 * INT16 WINAPI Catch( LPCATCHBUF lpbuf );
1957 void WINAPI Catch16( LPCATCHBUF lpbuf, CONTEXT86 *context )
1959 /* Note: we don't save the current ss, as the catch buffer is */
1960 /* only 9 words long. Hopefully no one will have the silly */
1961 /* idea to change the current stack before calling Throw()... */
1975 lpbuf[0] = LOWORD(context->Eip);
1976 lpbuf[1] = context->SegCs;
1977 /* Windows pushes 4 more words before saving sp */
1978 lpbuf[2] = LOWORD(context->Esp) - 4 * sizeof(WORD);
1979 lpbuf[3] = LOWORD(context->Ebp);
1980 lpbuf[4] = LOWORD(context->Esi);
1981 lpbuf[5] = LOWORD(context->Edi);
1982 lpbuf[6] = context->SegDs;
1984 lpbuf[8] = context->SegSs;
1985 AX_reg(context) = 0; /* Return 0 */
1989 /**********************************************************************
1992 * Real prototype is:
1993 * INT16 WINAPI Throw( LPCATCHBUF lpbuf, INT16 retval );
1995 void WINAPI Throw16( LPCATCHBUF lpbuf, INT16 retval, CONTEXT86 *context )
1997 STACK16FRAME *pFrame;
1998 STACK32FRAME *frame32;
1999 TEB *teb = NtCurrentTeb();
2001 AX_reg(context) = retval;
2003 /* Find the frame32 corresponding to the frame16 we are jumping to */
2004 pFrame = THREAD_STACK16(teb);
2005 frame32 = pFrame->frame32;
2006 while (frame32 && frame32->frame16)
2008 if (OFFSETOF(frame32->frame16) < OFFSETOF(teb->cur_stack))
2009 break; /* Something strange is going on */
2010 if (OFFSETOF(frame32->frame16) > lpbuf[2])
2012 /* We found the right frame */
2013 pFrame->frame32 = frame32;
2016 frame32 = ((STACK16FRAME *)PTR_SEG_TO_LIN(frame32->frame16))->frame32;
2019 context->Eip = lpbuf[0];
2020 context->SegCs = lpbuf[1];
2021 context->Esp = lpbuf[2] + 4 * sizeof(WORD) - sizeof(WORD) /*extra arg*/;
2022 context->Ebp = lpbuf[3];
2023 context->Esi = lpbuf[4];
2024 context->Edi = lpbuf[5];
2025 context->SegDs = lpbuf[6];
2027 if (lpbuf[8] != context->SegSs)
2028 ERR("Switching stack segment with Throw() not supported; expect crash now\n" );
projects / wine / blob