archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/base/mvdm/wow16/toolhelp/notify2.asm

643 lines
26 KiB
Raw Blame History

PAGE 60,150
;***************************************************************************
;* NOTIFY2.ASM
;*
;* Assembly code support routines used for the TOOLHELP.DLL
;* notification API
;*
;***************************************************************************
INCLUDE TOOLPRIV.INC
.286p
;** Data
sBegin DATA
globalW wCASRqFlag,0 ;Set when an CASRq INT3 has been set
globalD dwCASRqCSIP,0 ;Holds the CS:IP of the CASRq INT3
globalD lpfnOldProc,0 ;Old hook from new PTrace hook
szWinDebug DB 'WINDEBUG', 0
;** WARNING!!
;** This structure is set to the size of the largest notification
;** structure. This is currently NFYLOADSEG which is 16 bytes long.
;** If a structure is added that is longer than this or if any other
;** structure is added, this space must be increased to match!!
ReturnStruct DB 16 DUP (?)
sEnd
;** Imports
externFP GetModuleHandle
externFP RegisterPTrace
externFP OutputDebugString
externFP AllocCStoDSAlias
externFP FreeSelector
externNP HelperHandleToSel
sBegin CODE
assumes CS,CODE
assumes DS,DATA
; NotifyInit
; Called when the first app registers a notification handler.
; Hooks the Register PTrace notification.
; Returns FALSE if we couldn't initialize, TRUE otherwise
cProc NotifyInit, <NEAR,PUBLIC>, <si,di,ds>
cBegin
;** In the Windows 3.1 KERNEL, there is a special hook just for
;* TOOLHELP that lets us get PTrace stuff and still coexist
;* with old-fashioned debuggers. We can check to see if the
;* hook exists by simply checking the TOOLHELP flags
;**
test wTHFlags,TH_GOODPTRACEHOOK ;Good hook around?
jz DNI_UseRegPTrace ;Nope, use the old one
lea si,NotifyHandler ;Point to the routine
push cs ;Parameter is lpfn to callback
push si
call lpfnNotifyHook ;Hook it
mov WORD PTR lpfnOldProc[0],ax ;Save old proc
mov WORD PTR lpfnOldProc[2],dx
jmp SHORT DNI_10 ;We're in
;** Since there's no way we can see if someone else has Register
;* PTrace, we just connect and hope for the best!
;** We do check, however, to see if WINDEBUG.DLL is installed.
DNI_UseRegPTrace:
lea si,szWinDebug ;Get the name of the module
cCall GetModuleHandle, <ds,si> ;Is WINDEBUG present?
or ax,ax ;Check the handle
jnz DNI_Fail ;It's here so fail
or wTHFlags,TH_GOTOLDPTRACE ;Flag that we made the hook
lea si,NotifyHandler ;Point to our routine
cCall RegisterPTrace, <cs,si> ;Tell KERNEL to use it
;** Connect to the FatalExit hook. We currently ignore
;** the return value, thus unhooking anyone else
DNI_10: cmp WORD PTR lpfnFatalExitHook + 2,0 ;Can we hook it?
jz DNI_20 ;Can't do it
push cs ;Get the CS:IP of RIP handler
push OFFSET NotifyRIPHandler
call DWORD PTR lpfnFatalExitHook ;Tell KERNEL to insert the hook
DNI_20:
;** Return OK
mov ax,TRUE ;Return TRUE
jmp SHORT DNI_End ;Get out
DNI_Fail:
xor ax,ax ;FALSE
DNI_End:
cEnd
; NotifyUnInit
; Called when the no more apps have hooked notification handlers
; so the hook to the Register PTrace notification is no longer needed.
cProc NotifyUnInit, <NEAR,PUBLIC>, <si,di,ds>
cBegin
;** Did we have a new hook to undo?
test wTHFlags,TH_GOODPTRACEHOOK ;Do we have a new hook?
jz DNU_TryOldPTrace ;No
push WORD PTR lpfnOldProc[0] ;Get the old proc
push WORD PTR lpfnOldProc[2]
call lpfnNotifyHook ;Unhook ourself
jmp SHORT DNU_NoOldPTrace
;** Unhook the old-style hook if necessary
DNU_TryOldPTrace:
test wTHFlags,TH_GOTOLDPTRACE ;Did we have a hook?
jz DNU_NoOldPTrace ;No
push 0
push 0
call RegisterPTrace ;Call KERNEL's routine to unhook
DNU_NoOldPTrace:
;** Unhook alternate hooks
cmp WORD PTR lpfnFatalExitHook + 2,0 ;Can we unhook it?
jz DNU_NoRIP ;Can't do it
xor ax,ax ;Remove any other hooks
push ax ;NULL procedure
push ax
call DWORD PTR lpfnFatalExitHook
DNU_NoRIP:
cEnd
; NotifyHandler
; This routine is called directly by PTrace and is used to
; dispatch the notifications to all registered callbacks.
cProc NotifyHandler, <FAR,PUBLIC>
cBegin NOGEN
;** Push a register frame
;* When done, it should look like this:
;* ------------
;* | ES | [BP - 14h]
;* | DS | [BP - 12h]
;* | DI | [BP - 10h]
;* | SI | [BP - 0Eh]
;* | BP | [BP - 0Ch]
;* | SP | [BP - 0Ah]
;* | BX | [BP - 08h]
;* | DX | [BP - 06h]
;* | CX | [BP - 04h]
;* | AX | [BP - 02h]
;* BP-->| Old BP | [BP - 00h]
;* | IP | [BP + 02h]
;* | CS | [BP + 04h]
;* ------------
;**
push bp ;Make a stack frame
mov bp,sp
pusha ;Save all registers
push ds ;Save segment registers, too
push es
;** Get the data segment
mov bx,_DATA ;Get TOOLHELP data segment
mov ds,bx
;** If in 3.0 std mode and we get this wild notification 69h,
;** translate it to a inchar notification as this is what it
;** is supposed to be.
cmp ax,69h ;Bogus notification?
jne NH_NoBogusNotify ;No, don't do this
test wTHFlags,TH_WIN30STDMODE ;3.0 standard mode?
jz NH_NoBogusNotify ;No, might be valid in the future...
mov ax,NI_INCHAR ;Put in real notify value
NH_NoBogusNotify:
;** Special case notifications:
;* Notification 63h means that CtlAltSysRq was pressed. For
;* this, we want to handle as an interrupt, not a notification.
;* To do this, we set a breakpoint and set a flag so that the
;** INT3 handler knows what to do with it
cmp ax,63h ;CtlAltSysRq?
jne NH_NoCASRq ;No.
mov ax,[bp + 04h] ;Since we can't use IRET CS:IP, get
mov si,[bp + 02h] ; a safe address in KERNEL
mov WORD PTR dwCASRqCSIP[2],ax ;Save the CS:IP value
cCall AllocCStoDSAlias, <ax> ;Get a data alias to the CS
or ax,ax ;Error?
jnz @F
jmp SHORT DNH_End ;Yes, get out
@@: verw ax ;OK to write to?
jnz DNH_NoWrite ;Yes, so do it
DNH_IRETCSOK:
mov es,ax ;Point with ES
mov WORD PTR dwCASRqCSIP[0],si
mov al,es:[si] ;Get the character there
mov ah,1 ;Make sure there's something in AH
mov wCASRqFlag,ax ;Save the thing for the INT3 handler
mov BYTE PTR es:[si],0cch ;Poke the INT3 in there
mov ax,es ;Get the selector back
DNH_NoWrite:
cCall FreeSelector, <ax> ;Get rid of the alias
jmp SHORT DNH_End ;Get out. This will INT3 soon
NH_NoCASRq: ; Does not return
;** Notifications to ignore here:
;** Notification 60h is bogus and should be ignored
cmp ax,60h ;PostLoad notification?
jz DNH_End ;Yes, don't report
;** Decode the notification
cCall DecodeNotification ;Returns dwData in CX:DX, AX is wID
; BX is NOTIFYSTRUCT match flags
;** This is an entry point for notifications from sources other than
;** PTrace
DNH_Decoded:
;** Loop through callbacks
mov di,npNotifyHead ;Point to the start of the list
xor si,si ;FALSE return value is default
DNH_Loop:
push ax
mov ax,ds:[di].ns_pNext ;Save the next pointer in a global
mov npNotifyNext,ax ; so we can chain in NotifyUnregister
pop ax
or di,di ;End of list?
jz DNH_Done ;Yep. Get out
;** If the flags for this notification are zero, we always send it
or bx,bx ;Check the matching flags
jz DNH_DoIt ;Do notification
;** See if the flags match
test bx,ds:[di].ns_wFlags ;Check against the NOTIFYSTRUCT flags
jz DNH_Continue ;If zero, no match, don't do it
;** Call the user callback
DNH_DoIt:
push ax ;Save everything we need
push bx
push cx
push dx
push ax ;wID
push cx ;High word of dwData
push dx ;Low word
call DWORD PTR ds:[di].ns_lpfn ;Call the callback (PASCAL style)
mov si,ax ;Get return value in SI
pop dx ;Restore everything
pop cx
pop bx
pop ax
;** If the return value is nonzero, we don't want to give this to
;** any more callbacks
or si,si ;TRUE return value?
jnz DNH_Done ;Yes, get out
;** Get the next callback
DNH_Continue:
mov di,npNotifyNext ;Get next pointer
jmp DNH_Loop ; and loop back
;** End of callback loop.
DNH_Done:
;** If this was an InChar message but everyone ignored it, force
;** the return to be an 'i' for 'ignore' on RIPs. This i
;** only necessary in 3.0 because the 3.1 KERNEL treats 0
;** returns just like 'i'
cmp ax,NFY_INCHAR ;Is this an InChar notification?
jne DNH_Default ;No, so ignore
test wTHFlags,TH_WIN30 ;In 3.0?
jz DNH_Default ;No, don't do this
and si,0ffh ;Ignore all but low byte
or si,si ;Non-zero?
jnz DNH_Default ;Yes, return it as the character
mov si,'i' ;Instead of zero, return 'i'gnore.
DNH_Default:
mov [bp - 02h],si ;Return the return code in AX
;** Clear off the stack and exit
DNH_End:
mov npNotifyNext,0 ;No current next pointer
pop es ;Restore all registers
pop ds
popa
pop bp
retf ;Just return
cEnd NOGEN
; NotifyRIPHandler
; Gets called by KERNEL when a RIP occurs. If it returns TRUE,
; KERNEL will act like the RIP was ignored. Otherwise, the RIP
; procedes normally.
; This routine does not need to worry about saving non-C regs
cProc NotifyRIPHandler, <FAR,PUBLIC>
; parmW wExitCode
cBegin nogen
;** Clear PASCAL-style parameters
push bp ;Make a stack frame
mov bp,sp
mov bx,[bp + 6] ;Get the BP value
mov dx,[bp + 8] ;Get the Exit code
mov [bp - 2],ax ;Save it out of the way for now
mov ax,[bp + 4] ;Get the RETF CS value
mov [bp + 8],ax ;Shift down to clear parameters
mov ax,[bp + 2] ;Get the RETF IP value
mov [bp + 6],ax ;Shift down to clear parameters
mov ax,[bp + 0] ;Get the old BP value
mov [bp + 4],ax ;Shift down
add bp,4 ;Move BP down on the stack
mov sp,bp ;Point SP there too
pusha ;Save matching register frame
push ds
push es
;** Get the data segment
mov ax,_DATA ;Get TOOLHELP data segment
mov ds,ax
;** Prepare to jump into the notification handler.
;** The trick here is that if a notification callback returns
;** non-zero, the RIP has been handled. Otherwise, it has not.
;** DX holds the exit code here, BX has the old BP value
lea si,ReturnStruct ;Get a pointer to the return struct
mov WORD PTR [si].nrp_dwSize[0],SIZE NFYRIP
mov WORD PTR [si].nrp_dwSize[2],0
mov ax,ss:[bx + 4] ;Get old CS value from stack
mov [si].nrp_wCS,ax ; (BX is BP from FatalExit stack)
mov ax,ss:[bx + 2] ;Get old IP value
mov [si].nrp_wIP,ax
mov [si].nrp_wSS,ss ;Save SS:BP for stack trace
mov [si].nrp_wBP,bx
mov [si].nrp_wExitCode,dx
mov cx,ds ;Point to structure
mov dx,si
mov bx,NF_RIP ;Get the NOTIFYINFO match flags
mov ax,NFY_RIP ;TOOLHELP ID
;** Jump to the real handler
jmp DNH_Decoded ;Jump to alternate entry point
cEnd nogen
;** Helper routines
; DecodeNotification
; Decodes a notification by pointing to a static structure and filling
; this structure with notification-specific information.
; The PTrace notification ID is in AX.
; Returns the ToolHelp ID in AX
; and the dwData value is in CX:DX.
cProc DecodeNotification, <NEAR,PUBLIC>
cBegin
;** Point dwData to the structure just in case
mov cx,ds ;Get the segment value
lea dx,ReturnStruct ;Get a pointer to the return struct
xor bx,bx ;Most notifications always match
;** The stack frame looks like this:
;* ------------
;* | ES | [BP - 14h]
;* | DS | [BP - 12h]
;* | DI | [BP - 10h]
;* | SI | [BP - 0Eh]
;* | BP | [BP - 0Ch]
;* | SP | [BP - 0Ah]
;* | BX | [BP - 08h]
;* | DX | [BP - 06h]
;* | CX | [BP - 04h]
;* | AX | [BP - 02h]
;* BP-->| Old BP | [BP - 00h]
;* ------------
;**
FrameES EQU [BP - 14h]
FrameDS EQU [BP - 12h]
FrameDI EQU [BP - 10h]
FrameSI EQU [BP - 0Eh]
FrameBP EQU [BP - 0Ch]
FrameSP EQU [BP - 0Ah]
FrameBX EQU [BP - 08h]
FrameDX EQU [BP - 06h]
FrameCX EQU [BP - 04h]
FrameAX EQU [BP - 02h]
;** Check for LoadSeg
cmp ax,NI_LOADSEG ;LoadSeg?
jnz DN_10 ;No
;** LoadSeg:
;* CX is selector
;* BX is segment number
;* SI is type: Low bit set for data segment, clear for code
;* DX is instance count only for data segments
;** ES:DI module name
mov si,dx ;Point to NFYLOADSEG struct
mov ax,SIZE NFYLOADSEG ;Get the structure size
mov WORD PTR [si].nls_dwSize,ax ;Save the LOWORD of the size
mov WORD PTR [si].nls_dwSize + 2,0 ;HIWORD is zero
mov ax,FrameCX ;Get selector
mov [si].nls_wSelector,ax ;Save in structure
mov ax,FrameBX ;Get segment number
inc ax ;Segment number is 1-based
mov [si].nls_wSegNum,ax ;Save in structure
mov ax,FrameSI ;Get the segment type
mov [si].nls_wType,ax ;Put in structure
mov ax,FrameDX ;Get instance count
mov [si].nls_wcInstance,ax ;Put in structure
mov ax,FrameDI ;Get offset of module name str
mov WORD PTR [si].nls_lpstrModuleName,ax ;Save it
mov ax,FrameES ;Get segment of module name str
mov WORD PTR [si].nls_lpstrModuleName + 2,ax ;Save it
mov ax,NFY_LOADSEG ;Get the TOOLHELP ID
jmp DN_End
;** Check for FreeSeg
DN_10: cmp ax,NI_FREESEG ;FreeSeg?
jnz DN_15 ;No
;** FreeSeg:
;** BX is selector
xor cx,cx ;Clear high word
mov dx,FrameBX ;Get the selector
test wTHFlags,TH_WIN30STDMODE ;3.0 standard mode?
jz DN_FS_GotSelValue ;No, what we have is correct
mov si,FrameSP ;Point to old stack frame
mov dx, ss:[si + 6] ;Selector is 6 bytes down
lsl ax, dx
jz DN_FS_CheckLen ;Selector is OK
mov dx, FrameBX ;Revert to BX value
jmp SHORT DN_FS_GotSelValue
DN_FS_CheckLen:
cmp ax, 15 ;If the segment is 15 bytes long,
jne DN_FS_GotSelValue ; this is a bogus selector and is
; really an arena header.
push es
mov es, dx ;Get handle
cCall HelperHandleToSel, <es:[0ah]> ;Convert to selector
mov dx, ax ;Get handle out of arena header
pop es
DN_FS_GotSelValue:
mov ax,NFY_FREESEG ;Get the TOOLHELP ID
jmp DN_End
;** Check for StartDLL
DN_15: cmp ax,NI_LOADDLL
jnz DN_20
;** StartDLL:
;** CX is CS
;** BX is IP
;** SI is Module handle
mov si,dx ;Point with SI
mov ax,SIZE NFYSTARTDLL ;Get the size
mov WORD PTR [si].nsd_dwSize,ax ;Save the LOWORD of the size
mov WORD PTR [si].nsd_dwSize + 2,0 ;HIWORD is always zero
mov ax,FrameSI ;Get the hInstance
mov [si].nsd_hModule,ax ;Save in structure
mov ax,FrameCX ;Get the starting CS
mov [si].nsd_wCS,ax ;Save in structure
mov ax,FrameBX ;Get the starting IP
mov [si].nsd_wIP,ax ;Save in structure
mov ax,NFY_STARTDLL
jmp DN_End
;** Check for StartTask
DN_20: cmp ax,NI_STARTTASK ;StartTask?
jnz DN_30 ;No
;** StartTask:
;* CX is CS
;** BX is IP
mov cx,FrameCX
mov dx,FrameBX
mov ax,NFY_STARTTASK
jmp DN_End
;** Check for ExitCall
DN_30: cmp ax,NI_EXITCALL ;ExitCall
jnz DN_40 ;No
;** ExitCall:
;* Exit code is on stack somewhere if we don't have the new
;** notification handler. If we do, it's in BL.
xor cx,cx ;Clear all but low byte
xor dh,dh
test wTHFlags,TH_GOODPTRACEHOOK ;Do we have the good hook?
jz DN_DoOldHook ;Nope, grope on the stack
mov dl,BYTE PTR FrameBX ;Get the exit code
mov ax,NFY_EXITTASK ;Get the TOOLHELP ID
jmp DN_End
DN_DoOldHook:
mov si,FrameSP ;Point to old stack frame
mov dl,ss:[si + 6] ;Exit code is 6 bytes down on stack
mov ax,NFY_EXITTASK ;Get the TOOLHELP ID
jmp DN_End
;** Check for DelModule
DN_40: cmp ax,NI_DELMODULE ;DelModule?
jnz DN_60 ;No
;** DelModule:
;** ES is module handle
xor cx,cx ;Clear HIWORD
mov dx,FrameES ;Get the module handle
mov ax,NFY_DELMODULE ;Get the TOOLHELP ID
jmp DN_End
;** Check for TaskSwitchIn
DN_60: cmp ax,NI_TASKIN ;TaskSwitchIn?
jnz DN_70 ;No
;** TaskSwitchIn:
;** No data. Callback should do GetCurrentTask()
xor cx,cx ;Clear data
xor dx,dx
mov ax,NFY_TASKIN ;Get the TOOLHELP ID
mov bx,NF_TASKSWITCH ;Get the NOTIFYSTRUCT match flag
jmp DN_End
;** Check for TaskSwitchOut
DN_70: cmp ax,NI_TASKOUT ;TaskSwitchOut?
jnz DN_90 ;No
;** TaskSwitchOut:
;** No data
xor cx,cx ;Clear data
xor dx,dx
mov ax,NFY_TASKOUT ;Get the TOOLHELP ID
mov bx,NF_TASKSWITCH ;Get the NOTIFYSTRUCT match flag
jmp DN_End
;** Check for OutStr
DN_90: cmp ax,NI_OUTSTR ;OutStr?
jnz DN_100 ;No
;** OutStr:
;** ES:SI points to string to display in 3.1
;** DS:SI in 3.0
test wTHFlags,TH_WIN30 ;3.0?
jz DN_OS_Win31 ;Nope
mov cx,FrameDS ;Get the segment value
jmp SHORT @F
DN_OS_Win31:
mov cx,FrameES ;Get the segment value
@@: mov dx,FrameSI ; and the offset
mov ax,NFY_OUTSTR ;Get the TOOLHELP ID
jmp DN_End
;** Check for InChar
DN_100: cmp ax,NI_INCHAR ;InChar?
jnz DN_105 ;No
;** InChar:
;** No data passed (it wants data back in AL)
xor cx,cx ;Clear dwData
xor dx,dx
mov ax,NFY_INCHAR ;Get the TOOLHELP ID
jmp SHORT DN_End
;** NOTE: The following notifications are defined as "NEW" and
;** are NOT sent through the normal PTrace interface so as to
;** not break CodeSpew. It stack faults when
;** it is sent a notification it doesn't understand. So,
;** here we don't bother decoding any of these unless we have
;** the new (Win 3.1) style hook
DN_105: test wTHFlags,TH_GOODPTRACEHOOK ;Do we have the advanced hook?
jnz DN_110 ;Yes
jmp SHORT DN_End
;** Check for the parameter validation notifications
DN_110: cmp ax,NI_LOGERROR ;SDM_LOGERROR?
jne DN_120 ;No
;** SDM_LOGERROR:
;* CX is Error code
;** DX:BX is lpInfo
mov si,dx ;Point with SI
mov ax,SIZE NFYLOGERROR ;Get the size
mov WORD PTR [si].nle_dwSize[0],ax ;Save the LOWORD of the size
mov WORD PTR [si].nle_dwSize[2],0 ;HIWORD is always zero
mov ax,FrameCX ;Get the error code
mov [si].nle_wErrCode,ax ;Save in structure
mov ax,FrameDX ;Get the lpInfo
mov WORD PTR [si].nle_lpInfo[2],ax ;Save in structure
mov ax,FrameBX
mov WORD PTR [si].nle_lpInfo[0],ax ;Save in structure
mov ax,NFY_LOGERROR ;Get the TOOLHELP ID
jmp SHORT DN_End
DN_120: cmp ax,NI_LOGPARAMERROR ;SDM_LOGPARAMERROR?
jne DN_Unknown ;No
;** SDM_LOGPARAMERROR:
;** ES:BX points to a structure:
;** WORD wErr
;** FARPROC lpfn
;** VOID FAR* lpBadParam
mov si,dx ;Point with SI
mov ax,SIZE NFYLOGPARAMERROR ;Struct size
mov WORD PTR [si].nlp_dwSize[0],ax ;Save the LOWORD of the size
mov WORD PTR [si].nlp_dwSize[2],0 ;HIWORD is always zero
mov es,FrameES ;Point to the structure
mov bx,FrameBX
mov ax,es:[bx] ;Get wErr
mov [si].nlp_wErrCode,ax ;Save in structure
mov ax,es:[bx + 2] ;Get lpfn[0]
mov WORD PTR [si].nlp_lpfnErrorAddr[0],ax
mov ax,es:[bx + 4] ;Get lpfn[2]
mov WORD PTR [si].nlp_lpfnErrorAddr[2],ax
mov ax,es:[bx + 6] ;Get lpBadParam[0]
mov WORD PTR [si].nlp_lpBadParam[0],ax
mov ax,es:[bx + 8] ;Get lpBadParam[2]
mov WORD PTR [si].nlp_lpBadParam[2],ax
mov ax,NFY_LOGPARAMERROR ;Get the TOOLHELP ID
xor bx,bx ;Always match
jmp SHORT DN_End
;** Must be unknown, return TOOLHELP ID NFY_UNKNOWN with KERNEL value
;** in LOWORD(wData)
DN_Unknown:
mov dx,ax ;Get the notification value
mov ax,NFY_UNKNOWN ;Unknown KERNEL notification
xor cx,cx ;Clear high WORD
DN_End:
cEnd
sEnd
END