Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

767 lines
20 KiB

//
// COM.C
// Utility functions
//
// Copyright(c) Microsoft 1997-
//
#include <as16.h>
//
// PostMessageNoFail()
// This makes sure posted messages don't get lost on Win95 due to the fixed
// interrupt queue. Conveniently, USER exports PostPostedMessages for
// KERNEL to flush the queue, so we call that before calling PostMessage().
//
void PostMessageNoFail(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
PostPostedMessages();
PostMessage(hwnd, uMsg, wParam, lParam);
}
//
// AnsiToUni()
//
// UniToAnsi() is conveniently exported by krnl386. However, we need
// AnsiToUni() conversions also so we can make sure we end up where we
// started. This one we have to roll our own thunk for
//
int AnsiToUni
(
LPSTR lpAnsi,
int cchAnsi,
LPWSTR lpUni,
int cchUni
)
{
DWORD dwMask;
LONG lReturn;
DebugEntry(AnsiToUni);
ASSERT(g_lpfnAnsiToUni);
ASSERT(SELECTOROF(lpAnsi));
ASSERT(SELECTOROF(lpUni));
//
// Set up the mask. These are the params:
// 0 -- CodePage (CP_ACP, which is 0L)
// 1 -- Flags (0L)
// 2 -- lpAnsi POINTER
// 3 -- cchAnsi
// 4 -- lpUni POINTER
// 5 -- cchUni
//
//
dwMask = (1L << 2) | (1L << 4);
//
// Take the win16lock an extra time; this API will release it, and we
// can't yield in the middle of a GDI call.
//
_EnterWin16Lock();
lReturn = CallProcEx32W(6, dwMask, (DWORD)g_lpfnAnsiToUni, 0L, 0L, lpAnsi,
(DWORD)(UINT)cchAnsi, lpUni, (DWORD)(UINT)cchUni);
_LeaveWin16Lock();
DebugExitDWORD(AnsiToUni, (DWORD)lReturn);
return((int)lReturn);
}
//
// PATCHING CODE
//
//
// Get32BitOnlyExport16()
//
// This function gets hold of a 16:16 function address that isn't exported
// but is called via a flat thunk from the exported 32-bit version. We use
// this for GDI and USER functions that are handy.
//
// This code assumes that the 32-bit routine looks like the following:
// <DEBUG>
// 68 dwStr32 Push string
// E8 dwOffsetOut Call trace out
// <DEBUG AND RETAIL>
// B1 bIndex Put offset in thunk table into cl
// OR
// 66 B9 wIndex Put offset in thunk table into cx
//
// EB bOffset Jmp to common flat thunk routine
// OR
// 66 ED wOffset Jmp word to common flat thunk routine
// OR
// prolog of common flat thunk routine
//
BOOL GetGdi32OnlyExport
(
LPSTR lpszExport32,
UINT cbJmpOffset,
FARPROC FAR* lplpfn16
)
{
BOOL rc;
DebugEntry(GetGdi32OnlyExport);
rc = Get32BitOnlyExport(GetProcAddress32(g_hInstGdi32, lpszExport32),
cbJmpOffset, FT_GdiFThkThkConnectionData, lplpfn16);
DebugExitBOOL(GetGdi32OnlyExport, rc);
return(rc);
}
BOOL GetUser32OnlyExport
(
LPSTR lpszExport32,
FARPROC FAR* lplpfn16
)
{
BOOL rc;
DebugEntry(GetUser32OnlyExport);
rc = Get32BitOnlyExport(GetProcAddress32(g_hInstUser32, lpszExport32),
0, FT_UsrFThkThkConnectionData, lplpfn16);
DebugExitBOOL(GetUser32OnlyExport, rc);
return(rc);
}
BOOL Get32BitOnlyExport
(
DWORD dwfn32,
UINT cbJmpOffset,
LPDWORD lpThunkTable,
FARPROC FAR* lplpfn16
)
{
LPBYTE lpfn32;
UINT offsetThunk;
DebugEntry(Get32BitOnlyExport);
ASSERT(lplpfn16);
*lplpfn16 = NULL;
//
// The thunk table pointer points to two DWORDs. The first is a
// checksum signature. The second is the pointer to the target
// function array.
//
ASSERT(!IsBadReadPtr(lpThunkTable, 2*sizeof(DWORD)));
lpThunkTable = (LPDWORD)lpThunkTable[1];
ASSERT(!IsBadReadPtr(lpThunkTable, sizeof(DWORD)));
//
// Get 16:16 pointer to export
//
lpfn32 = NULL;
if (!dwfn32)
{
ERROR_OUT(("Missing 32-bit export"));
DC_QUIT;
}
lpfn32 = MapLS((LPVOID)dwfn32);
if (!SELECTOROF(lpfn32))
{
ERROR_OUT(("Out of selectors"));
DC_QUIT;
}
//
// Was a jmp offset passed in? If so, decode the instruction there.
// It should be a jmp <dword offset>. Figure out what EIP would be
// if we jumped there. That's the place the flat thunk occurs.
// Currently, only PolyPolyline needs this.
//
if (cbJmpOffset)
{
if (IsBadReadPtr(lpfn32, cbJmpOffset+5) ||
(lpfn32[cbJmpOffset] != OPCODE32_JUMP4))
{
ERROR_OUT(("Can't read 32-bit export"));
DC_QUIT;
}
//
// Add dword at cbJmpOffset+1, add this number to (lpfn32+cbJmpOffset+
// 5), which is the EIP of the next instruction after the jump. This
// produces the EIP of the real thunk stub.
//
dwfn32 += cbJmpOffset + 5 + *(LPDWORD)(lpfn32+cbJmpOffset+1);
UnMapLS(lpfn32);
lpfn32 = MapLS((LPVOID)dwfn32);
if (!SELECTOROF(lpfn32))
{
ERROR_OUT(("Out of selectors"));
DC_QUIT;
}
}
//
// Verify that we can read 13 bytes. The reason this will won't go
// past the end in a legitimate case is that this thunklet is either
// followed by the large # of bytes in the common flat thunk routine,
// or by another thunklet
//
if (IsBadReadPtr(lpfn32, 13))
{
ERROR_OUT(("Can't read code in 32-bit export"));
DC_QUIT;
}
//
// Does this have the 10-byte DEBUG prolog?
//
if (*lpfn32 == OPCODE32_PUSH)
{
// Yes, skip it
lpfn32 += 5;
// Make sure that next thing is a call
if (*lpfn32 != OPCODE32_CALL)
{
ERROR_OUT(("Can't read code in 32-bit export"));
DC_QUIT;
}
lpfn32 += 5;
}
//
// This should either be mov cl, byte or mov cx, word
//
if (*lpfn32 == OPCODE32_MOVCL)
{
offsetThunk = *(lpfn32+1);
}
else if (*((LPWORD)lpfn32) == OPCODE32_MOVCX)
{
//
// NOTE: Even though this is a CX offset, the thunk code only
// looks at the low BYTE
//
offsetThunk = *(lpfn32+2);
}
else
{
ERROR_OUT(("Can't read code in 32-bit export"));
DC_QUIT;
}
//
// Now, can we read this value?
//
if (IsBadReadPtr(lpThunkTable+offsetThunk, sizeof(DWORD)) ||
IsBadCodePtr((FARPROC)lpThunkTable[offsetThunk]))
{
ERROR_OUT(("Can't read thunk table entry"));
DC_QUIT;
}
*lplpfn16 = (FARPROC)lpThunkTable[offsetThunk];
DC_EXIT_POINT:
if (SELECTOROF(lpfn32))
{
UnMapLS(lpfn32);
}
DebugExitBOOL(Get32BitOnlyExport16, (*lplpfn16 != NULL));
return(*lplpfn16 != NULL);
}
//
// CreateFnPatch()
// This sets things up to be able to quickly patch/unpatch a system routine.
// The patch is not originally enabled.
//
UINT CreateFnPatch
(
LPVOID lpfnToPatch,
LPVOID lpfnJumpTo,
LPFN_PATCH lpbPatch,
UINT uCodeAlias
)
{
SEGINFO segInfo;
UINT ib;
DebugEntry(CreateFnPatch);
ASSERT(lpbPatch->lpCodeAlias == NULL);
ASSERT(lpbPatch->wSegOrg == 0);
//
// Do NOT call IsBadReadPtr() here, that will cause the segment, if
// not present, to get pulled in, and will masks problems in the debug
// build that will show up in retail.
//
// Fortunately, PrestoChangoSelector() will set the linear address and
// limit and attributes of our read/write selector properly.
//
//
// Call GetCodeInfo() to check out bit-ness of code segment. If 32-bit
// we need to use the 16-bit override opcode for a far 16:16 jump.
//
segInfo.flags = 0;
GetCodeInfo(lpfnToPatch, &segInfo);
if (segInfo.flags & NSUSE32)
{
WARNING_OUT(("Patching 32-bit code segment 0x%04x:0x%04x", SELECTOROF(lpfnToPatch), OFFSETOF(lpfnToPatch)));
lpbPatch->f32Bit = TRUE;
}
//
// We must fix the codeseg in linear memory, or our shadow will end up
// pointing somewhere if the original moves. PolyBezier and SetPixel
// are in moveable code segments for example.
//
// So save this away. We will fix it when the patch is enabled.
//
lpbPatch->wSegOrg = SELECTOROF(lpfnToPatch);
if (uCodeAlias)
{
//
// We are going to share an already allocated selector. Note that
// this only works if the code segments of the two patched functions
// are identical. We verify this by the base address in an assert
// down below.
//
lpbPatch->fSharedAlias = TRUE;
}
else
{
//
// Create a selector with read-write attributes to alias the read-only
// code function. Using the original will set the limit of our
// selector to the same as that of the codeseg, with the same
// attributes but read-write.
//
uCodeAlias = AllocSelector(SELECTOROF(lpfnToPatch));
if (!uCodeAlias)
{
ERROR_OUT(("CreateFnPatch: Unable to create alias selector"));
DC_QUIT;
}
uCodeAlias = PrestoChangoSelector(SELECTOROF(lpfnToPatch), uCodeAlias);
}
lpbPatch->lpCodeAlias = MAKELP(uCodeAlias, OFFSETOF(lpfnToPatch));
//
// Create the N patch bytes (jmp far16 Seg:Function) of the patch
//
ib = 0;
if (lpbPatch->f32Bit)
{
lpbPatch->rgbPatch[ib++] = OPCODE32_16OVERRIDE;
}
lpbPatch->rgbPatch[ib++] = OPCODE_FARJUMP16;
lpbPatch->rgbPatch[ib++] = LOBYTE(OFFSETOF(lpfnJumpTo));
lpbPatch->rgbPatch[ib++] = HIBYTE(OFFSETOF(lpfnJumpTo));
lpbPatch->rgbPatch[ib++] = LOBYTE(SELECTOROF(lpfnJumpTo));
lpbPatch->rgbPatch[ib++] = HIBYTE(SELECTOROF(lpfnJumpTo));
lpbPatch->fActive = FALSE;
lpbPatch->fEnabled = FALSE;
DC_EXIT_POINT:
DebugExitBOOL(CreateFnPatch, uCodeAlias);
return(uCodeAlias);
}
//
// DestroyFnPatch()
// This frees any resources used when creating a function patch. The
// alias data selector to the codeseg for writing purposes is it.
//
void DestroyFnPatch(LPFN_PATCH lpbPatch)
{
DebugEntry(DestroyFnPatch);
//
// First, disable the patch if in use
//
if (lpbPatch->fActive)
{
TRACE_OUT(("Destroying active patch"));
EnableFnPatch(lpbPatch, PATCH_DEACTIVATE);
}
//
// Second, free the alias selector if we allocated one
//
if (lpbPatch->lpCodeAlias)
{
if (!lpbPatch->fSharedAlias)
{
FreeSelector(SELECTOROF(lpbPatch->lpCodeAlias));
}
lpbPatch->lpCodeAlias = NULL;
}
//
// Third, clear this to fine cleanup problems
//
lpbPatch->wSegOrg = 0;
lpbPatch->f32Bit = FALSE;
DebugExitVOID(DestroyFnPatch);
}
//
// EnableFnPatch()
// This actually patches the function to jump to our routine using the
// info saved when created.
//
// THIS ROUTINE MAY GET CALLED AT INTERRUPT TIME. YOU CAN NOT USE ANY
// EXTERNAL FUNCTION, INCLUDING DEBUG TRACING/ASSERTS.
//
#define SAFE_ASSERT(x) if (!lpbPatch->fInterruptable) { ASSERT(x); }
void EnableFnPatch(LPFN_PATCH lpbPatch, UINT flags)
{
UINT ib;
UINT cbPatch;
SAFE_ASSERT(lpbPatch->lpCodeAlias);
SAFE_ASSERT(lpbPatch->wSegOrg);
//
// Make sure the original and the alias are pointing to the same
// linear memory. We don't do this when not enabling/disabling for calls,
// only when starting/stopping the patches
//
//
// If enabling for the first time, fix BEFORE bytes are copied
//
if ((flags & ENABLE_MASK) == ENABLE_ON)
{
//
// We need to fix the original code segment so it won't move in
// linear memory. Note that we set the selector base of our alias
// even though several patches (not too many) may share one. The
// extra times are harmless, and this prevents us from having to order
// patches in our array in such a way that the original precedes the
// shared ones, and walking our array in opposite orders to enable or
// disable.
//
// And GlobalFix() just bumps up a lock count, so again, it's OK to do
// this multiple times.
//
//
// WE KNOW THIS CODE DOESN'T EXECUTE AT INTERRUPT TIME.
//
ASSERT(!lpbPatch->fEnabled);
ASSERT(!lpbPatch->fActive);
if (!lpbPatch->fActive)
{
lpbPatch->fActive = TRUE;
//
// Make sure this segment gets pulled in if discarded. GlobalFix()
// fails if not, and worse we'll fault the second we try to write
// to or read from the alias. We do this by grabbing the 1st word
// from the original.
//
// GlobalFix will prevent the segment from being discarded until
// GlobalUnfix() happens.
//
ib = *(LPUINT)MAKELP(lpbPatch->wSegOrg, OFFSETOF(lpbPatch->lpCodeAlias));
GlobalFix((HGLOBAL)lpbPatch->wSegOrg);
SetSelectorBase(SELECTOROF(lpbPatch->lpCodeAlias), GetSelectorBase(lpbPatch->wSegOrg));
}
}
if (lpbPatch->fInterruptable)
{
//
// If this is for starting/stopping the patch, we have to disable
// interrupts around the byte copying. Or we could die if the
// interrupt handler happens in the middle.
//
// We don't need to do this when disabling/enabling to call through
// to the original, since we know that reflected interrupts aren't
// nested, and the interrupt will complete before we come back to
// the interrupted normal app code.
//
if (!(flags & ENABLE_FORCALL))
{
_asm cli
}
}
SAFE_ASSERT(GetSelectorBase(SELECTOROF(lpbPatch->lpCodeAlias)) == GetSelectorBase(lpbPatch->wSegOrg));
if (lpbPatch->f32Bit)
{
cbPatch = CB_PATCHBYTES32;
}
else
{
cbPatch = CB_PATCHBYTES16;
}
if (flags & ENABLE_ON)
{
SAFE_ASSERT(lpbPatch->fActive);
SAFE_ASSERT(!lpbPatch->fEnabled);
if (!lpbPatch->fEnabled)
{
//
// Save the function's original first N bytes, and copy the jump far16
// patch in.
//
for (ib = 0; ib < cbPatch; ib++)
{
lpbPatch->rgbOrg[ib] = lpbPatch->lpCodeAlias[ib];
lpbPatch->lpCodeAlias[ib] = lpbPatch->rgbPatch[ib];
}
lpbPatch->fEnabled = TRUE;
}
}
else
{
SAFE_ASSERT(lpbPatch->fActive);
SAFE_ASSERT(lpbPatch->fEnabled);
if (lpbPatch->fEnabled)
{
//
// Put back the function's original first N bytes
//
for (ib = 0; ib < cbPatch; ib++)
{
lpbPatch->lpCodeAlias[ib] = lpbPatch->rgbOrg[ib];
}
lpbPatch->fEnabled = FALSE;
}
}
SAFE_ASSERT(GetSelectorBase(SELECTOROF(lpbPatch->lpCodeAlias)) == GetSelectorBase(lpbPatch->wSegOrg));
if (lpbPatch->fInterruptable)
{
//
// Reenable interrupts
//
if (!(flags & ENABLE_FORCALL))
{
_asm sti
}
}
//
// If really stopping, unfix AFTER the bytes have been copied. This will
// bump down a lock count, so when all patches are disabled, the original
// code segment will be able to move.
//
if ((flags & ENABLE_MASK) == ENABLE_OFF)
{
//
// WE KNOW THIS CODE DOESN'T EXECUTE AT INTERRUPT TIME.
//
ASSERT(!lpbPatch->fEnabled);
ASSERT(lpbPatch->fActive);
if (lpbPatch->fActive)
{
lpbPatch->fActive = FALSE;
GlobalUnfix((HGLOBAL)lpbPatch->wSegOrg);
}
}
}
//
// LIST MANIPULATION ROUTINES
//
//
// COM_BasedListInsertBefore(...)
//
// See com.h for description.
//
void COM_BasedListInsertBefore(PBASEDLIST pExisting, PBASEDLIST pNew)
{
PBASEDLIST pTemp;
DebugEntry(COM_BasedListInsertBefore);
//
// Check for bad parameters.
//
ASSERT((pNew != NULL));
ASSERT((pExisting != NULL));
//
// Find the item before pExisting:
//
pTemp = COM_BasedPrevListField(pExisting);
ASSERT((pTemp != NULL));
TRACE_OUT(("Inserting item at %#lx into list between %#lx and %#lx",
pNew, pTemp, pExisting));
//
// Set its <next> field to point to the new item
//
pTemp->next = PTRBASE_TO_OFFSET(pNew, pTemp);
pNew->prev = PTRBASE_TO_OFFSET(pTemp, pNew);
//
// Set <prev> field of pExisting to point to new item:
//
pExisting->prev = PTRBASE_TO_OFFSET(pNew, pExisting);
pNew->next = PTRBASE_TO_OFFSET(pExisting, pNew);
DebugExitVOID(COM_BasedListInsertBefore);
} // COM_BasedListInsertBefore
//
// COM_BasedListInsertAfter(...)
//
// See com.h for description.
//
void COM_BasedListInsertAfter(PBASEDLIST pExisting, PBASEDLIST pNew)
{
PBASEDLIST pTemp;
DebugEntry(COM_BasedListInsertAfter);
//
// Check for bad parameters.
//
ASSERT((pNew != NULL));
ASSERT((pExisting != NULL));
//
// Find the item after pExisting:
//
pTemp = COM_BasedNextListField(pExisting);
ASSERT((pTemp != NULL));
TRACE_OUT(("Inserting item at %#lx into list between %#lx and %#lx",
pNew, pExisting, pTemp));
//
// Set its <prev> field to point to the new item
//
pTemp->prev = PTRBASE_TO_OFFSET(pNew, pTemp);
pNew->next = PTRBASE_TO_OFFSET(pTemp, pNew);
//
// Set <next> field of pExisting to point to new item:
//
pExisting->next = PTRBASE_TO_OFFSET(pNew, pExisting);
pNew->prev = PTRBASE_TO_OFFSET(pExisting, pNew);
DebugExitVOID(COM_BasedListInsertAfter);
} // COM_BasedListInsertAfter
//
// COM_BasedListRemove(...)
//
// See com.h for description.
//
void COM_BasedListRemove(PBASEDLIST pListItem)
{
PBASEDLIST pNext = NULL;
PBASEDLIST pPrev = NULL;
DebugEntry(COM_BasedListRemove);
//
// Check for bad parameters.
//
ASSERT((pListItem != NULL));
pPrev = COM_BasedPrevListField(pListItem);
pNext = COM_BasedNextListField(pListItem);
ASSERT((pPrev != NULL));
ASSERT((pNext != NULL));
TRACE_OUT(("Removing item at %#lx from list", pListItem));
pPrev->next = PTRBASE_TO_OFFSET(pNext, pPrev);
pNext->prev = PTRBASE_TO_OFFSET(pPrev, pNext);
DebugExitVOID(COM_BasedListRemove);
} // COM_BasedListRemove
//
// NOTE:
// Because this is small model 16-bit code, NULL (which is 0) gets turned
// into ds:0 when casting to void FAR*. Therefore we use our own FAR_NULL
// define, which is 0:0.
//
void FAR * COM_BasedListNext( PBASEDLIST pHead, void FAR * pEntry, UINT nOffset )
{
PBASEDLIST p;
ASSERT(pHead != NULL);
ASSERT(pEntry != NULL);
p = COM_BasedNextListField(COM_BasedStructToField(pEntry, nOffset));
return ((p == pHead) ? FAR_NULL : COM_BasedFieldToStruct(p, nOffset));
}
void FAR * COM_BasedListPrev ( PBASEDLIST pHead, void FAR * pEntry, UINT nOffset )
{
PBASEDLIST p;
ASSERT(pHead != NULL);
ASSERT(pEntry != NULL);
p = COM_BasedPrevListField(COM_BasedStructToField(pEntry, nOffset));
return ((p == pHead) ? FAR_NULL : COM_BasedFieldToStruct(p, nOffset));
}
void FAR * COM_BasedListFirst ( PBASEDLIST pHead, UINT nOffset )
{
return (COM_BasedListIsEmpty(pHead) ?
FAR_NULL :
COM_BasedFieldToStruct(COM_BasedNextListField(pHead), nOffset));
}
void FAR * COM_BasedListLast ( PBASEDLIST pHead, UINT nOffset )
{
return (COM_BasedListIsEmpty(pHead) ?
FAR_NULL :
COM_BasedFieldToStruct(COM_BasedPrevListField(pHead), nOffset));
}