void main(uint32 kernel_image_size)
{
puts("\nHello world\n", 30);
puts("Shellcode OS is starting...\n", 30);
CppInit();
//callbios 要求内存地址位于1M一下,
//因此,此处从栈(esp<0x00090000)中分配meminfo
memory_info meminfo;
uint32 memsize = get_mem_info(meminfo);
printf("memsize=%08X(%dMb)\n", memsize, memsize >> 20);
System.Init(kernel_image_size, &meminfo);
uint32 system_stack = System.get_stack();
__asm mov esp, system_stack
//
//LIST<PROCESS>* process_list = new LIST<PROCESS>();
//PROCESS* proc = new PROCESS();
//printf("process_list=%08X process=%08X\n", process_list, (uint32)proc);
//process_list->insert_head(proc);
//process_list->remove_tail();
//delete process_list;
//delete proc;
//load_minidump();
//load_shellcode();
//
_enable();
panic("");
_enable();
__asm jmp $
}
void InstallDOSIntercepts( void )
{
int i;
for( i = 0; i < next_intr; ++i ) {
_disable();
*old_intxx_handlers[i] = INT_LOCATE( intr_list[i] );
INT_LOCATE( intr_list[i] ) = intxx_handlers[i];
_enable();
}
_disable();
old_int28 = INT_LOCATE( 0x28 );
INT_LOCATE( 0x28 ) = &int28_handler;
old_int21 = INT_LOCATE( 0x21 );
INT_LOCATE( 0x21 ) = &int21_handler;
old_int13 = INT_LOCATE( 0x13 );
INT_LOCATE( 0x13 ) = &int13_handler;
old_int03 = INT_LOCATE( 0x03 );
INT_LOCATE( 0x03 ) = &int03_handler;
_enable();
}
//컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴컴
//Procedure InsertUIKey
//Author Jim Taylor
//Date Tue 30 Jan 1996
//
//Description insert a key press/release event into the key queue
//
//Inputs
//
//Returns
//
//------------------------------------------------------------------------------
void keytests::InsertUIKey(UIKeyNoMouse& keyfake)
{
UIKeyQueue*
keyqueue=(UIKeyQueue*) hitqueueui.flat;
{ _disable();
int oldadd=keyqueue->addref;
int addref=oldadd+1;
if (addref==keyqueue->queuesize)
{
addref=0;
}
if (addref==keyqueue->takeref)
{
_enable(); //JIM 21Oct96
return;
}
keyqueue->keyqueue[oldadd].keycode=keyfake.keycode;
keyqueue->keyqueue[oldadd].keyhit=keyfake.keyhit;
if (keyfake.keyshifts)
keyqueue->keyqueue[oldadd].keyshifts=keyfake.keyshifts;
else
keyqueue->keyqueue[oldadd].keyshifts=keyqueue->currshifts;
keyqueue->keyqueue[oldadd].mousecoords=keyqueue->currmouse;
keyqueue->addref=addref;
} _enable();
}
void main(void)
{
int i;
// Zero the function counts
for (i = 0; i < 255; i++)
function[i] = 0;
original_handler = _dos_getvect(0x21);
_disable();
_dos_setvect(0x21, handler);
_enable();
printf("This is a message\n");
fprintf(stdout, "This is a second message\n");
printf("Current disk is %c\n", getdisk() + 'A');
_disable();
_dos_setvect(0x21, original_handler);
_enable();
for (i = 0; i <= 255; i++)
if (function[i])
printf("Function %x called %d times\n", i, function[i]);
}
void main(void)
{
void interrupt (*original_handler)();
int old_count = 0;
original_handler = _dos_getvect(5);
_disable(); // Turn off interrupts during _dos_setvect
_dos_setvect(5, handler);
_enable();
printf("Press Shift-PrtSc three times or any key to end\n");
while (count < 3)
if (count != old_count)
{
printf("Shift-PrtSc pressed\n");
old_count = count;
}
_disable();
_dos_setvect(5, original_handler);
_enable();
}
bool TestForBreak( void )
{
_disable();
if( BreakFlag || ( inp(LSR) & LSR_BRK ) ) {
BreakFlag = 0;
_enable();
return( TRUE );
}
_enable();
return( FALSE );
}
static void InitComPort()
{
unsigned char st,i;
#define NEW_RESET
inp(PortBase);
inp(PortBase_5);
_disable();
st=inp(PortBase_3);
outp(PortBase_3,st|0x80); /* LCR : next is baud rate */
//outpw(PortBase_1,0);
outpw(PortBase,6); // 19200=115200/6 /* Baud rate low byte */
outp(PortBase_3,st);
outp(PortBase_3,3); // Dlab=0, no parity, 1 stop, 8 data
_enable();
st=inp(PortBase_2) & 0xc0;
if(st==0xc0)
outp(PortBase_2,0xc7);
#ifdef NEW_RESET
outp(PortBase_2,0);
outp(PortBase_1,0);
st=inp(PortBase_4) & 0xef;
outp(PortBase_4,st|0xb);
#endif
inp(PortBase);
#ifdef NEW_RESET
inp(PortBase_2);
#endif
inp(PortBase_5);
inp(PortBase_6);
_disable();
st=inp(0x21) & IntDisableMask;
#ifdef NEW_RESET
outp(PortBase_1,0x7);
#else
outp(PortBase_1,0x3);
#endif
outp(PortBase_4,0xb); // MCR: DTR=1, RTS=1
outp(0x21,st);
_enable();
for (i=0; i<8; i++) /* Edge-triggering, read the ports */
inp(PortBase + i); /* Port to clear */
}
QueueItem::QueueItem( QueueMaster& master )
: DataOStream()
, _impl( new detail::QueueItem( master ))
{
enableSave();
_enable();
}
unsigned int key_get_shift_status()
{
unsigned int shift_status = 0;
_disable();
key_clear_bios_buffer();
if ( keyd_pressed[KEY_LSHIFT] || keyd_pressed[KEY_RSHIFT] )
shift_status |= KEY_SHIFTED;
if ( keyd_pressed[KEY_LALT] || keyd_pressed[KEY_RALT] )
shift_status |= KEY_ALTED;
if ( keyd_pressed[KEY_LCTRL] || keyd_pressed[KEY_RCTRL] )
shift_status |= KEY_CTRLED;
#ifndef NDEBUG
if (keyd_pressed[KEY_DELETE])
shift_status |=KEY_DEBUGGED;
#endif
_enable();
return shift_status;
}
void RemoveDOSIntercepts( void ) /* will undo the above */
{
int i;
for( i = 0; i < next_intr; ++i ) {
_disable();
INT_LOCATE( intr_list[i] ) = *old_intxx_handlers[i];
_enable();
}
_disable();
INT_LOCATE( 0x21 ) = old_int21;
INT_LOCATE( 0x28 ) = old_int28;
INT_LOCATE( 0x13 ) = old_int13;
INT_LOCATE( 0x03 ) = old_int03;
_enable();
}
void CrystalLakeWriteMCP( ushort mc_addr, ubyte mc_data )
{
_disable();
outp( CL_MC0, 0xE2 ); // Write password
outp( mc_addr, mc_data ); // Write data
_enable();
}
void timer_exit(void)
{
if (!timer_initialized)
return;
_disable();
/* Reset channel 0 to square wave mode, 18.2 Hz. */
outp(PIT_COMMAND, 54);
outp(PIT_CH0_DATA, 0x00);
outp(PIT_CH0_DATA, 0x00);
_dos_setvect(PIT_SYSTEM_INT, timer.default_handler);
_enable();
if (dpmi_unlock_linear_region((uint32_t) &timer, sizeof(timer)) != 0)
error("Unlocking timer data failed");
if (dpmi_unlock_linear_region(
(uint32_t) &timer_handler,
(char *) timer_handler_end - (char *) timer_handler) != 0)
error(" Unlocking timer interrupt handler failed");
}
static void
cmos_set(unsigned i, unsigned d) {
_disable();
chip_write8(0,i);
chip_write8(1,d);
_enable();
}
void ftOutput (unsigned short port, unsigned char byte) {
#ifdef _WIN32
int enabled = ftDisable && _disable();
#endif
int data;
int bit = 8;
trace(1, ("output %03x", port));
while (bit-- > 0) {
data = triggerX|triggerY;
if (byte & (1<<bit)) data |= dataOut;
trace(2, (" >%02x", data));
_outp(port, data); idle(ftIdle);
data |= clock;
trace(4, (" >%02x", data));
_outp(port, data); idle(ftIdle);
}
data = triggerX|triggerY|loadOut|clock;
trace(2, (" >%02x", data));
_outp(port, data);
trace(1, (" %02x\n", byte));
#ifdef _WIN32
if (enabled) _enable();
#endif
}
KIRQL FASTCALL
KfRaiseIrql (KIRQL NewIrql)
{
KIRQL OldIrql;
ULONG Flags;
Flags = __readeflags();
_disable();
OldIrql = KeGetCurrentIrql ();
if (NewIrql < OldIrql)
{
DPRINT1 ("CurrentIrql %x NewIrql %x\n", KeGetCurrentIrql (), NewIrql);
ASSERT(FALSE);
}
if (NewIrql > DISPATCH_LEVEL)
{
APICWrite (APIC_TPR, IRQL2TPR(NewIrql) & APIC_TPR_PRI);
}
KeSetCurrentIrql (NewIrql);
if (Flags & EFLAGS_INTERRUPT_MASK)
{
_enable();
}
return OldIrql;
}
VOID
NTAPI
INIT_FUNCTION
KiSystemStartupBootStack(VOID)
{
PKTHREAD Thread;
/* Initialize the kernel for the current CPU */
KiInitializeKernel(&KiInitialProcess.Pcb,
(PKTHREAD)KeLoaderBlock->Thread,
(PVOID)(KeLoaderBlock->KernelStack & ~3),
(PKPRCB)__readfsdword(KPCR_PRCB),
KeNumberProcessors - 1,
KeLoaderBlock);
/* Set the priority of this thread to 0 */
Thread = KeGetCurrentThread();
Thread->Priority = 0;
/* Force interrupts enabled and lower IRQL back to DISPATCH_LEVEL */
_enable();
KfLowerIrql(DISPATCH_LEVEL);
/* Set the right wait IRQL */
Thread->WaitIrql = DISPATCH_LEVEL;
/* Jump into the idle loop */
KiIdleLoop();
}
/*-- return:
1=time out, 0=ok
--------------*/
static int SendCmdChar(unsigned char ch)
{
int n;
if(fUseFlow==0)
{
lbl_send:
n=0x1ff;
do {
if( (inp(PortBase_5)&0x20) !=0 )
{
_disable();
outp(PortBase,ch);
_enable();
return 0;
}
n--;
} while(n);
return 2; /*- time out -*/
}
if(flowCtrl==XOFF)
return 1;
if( (inp(PortBase_6)&0x10) !=0 )
goto lbl_send;
return 1;
}
int ui_play_events_fast( int NumberOfEvents, UI_EVENT * buffer )
{
int i;
if ( buffer == NULL ) return 1;
EventBuffer = buffer;
FrameCount = 0;
ui_event_counter = 0;
ui_number_of_events = NumberOfEvents;
Record = 3;
_disable();
keyd_last_released= 0;
keyd_last_pressed= 0;
//mprintf( 0, "Before: ", i );
for (i=0; i<256; i++ )
{
//if (keyd_pressed[i]) mprintf( 0, "%d ", i );
SavedState[i] = keyd_pressed[i];
}
//mprintf( 0, "\n" );
_enable();
key_flush();
return 0;
}
PUBLIC void SER_InitComInterrupts(SER_PComPort p, void __interrupt (__far *isr)(void)) {
byte t;
assert(p != NULL);
// Init interrupts.
outp(p->port + SERR_IER, 0);
t = inp(p->port + SERR_MCR);
t |= SERR_MCR_OUT2;
t &= ~SERR_MCR_LOOPBACK;
outp(p->port + SERR_MCR, t);
if (isr != NULL) {
// Save previous vector and hook vector.
p->oldint = _dos_getvect(p->irq + 8);
_dos_setvect(p->irq + 8, isr);
}
// Setup comm interrupts.
outp(0x21, inp(0x21) & ~(1 << p->irq)); // Mask in port's IRQ.
_disable();
outp(p->port + SERR_IER, SERR_IER_RXREADY | SERR_IER_TXREADY);
outp(0x20, 0xC2);
// Raise DTR
outp(p->port + SERR_MCR, inp(p->port + SERR_MCR) | SERR_MCR_DTR);
_enable();
}
QueueItem::QueueItem( const QueueItem& rhs )
: DataOStream()
, _impl( new detail::QueueItem( *rhs._impl ))
{
enableSave();
_enable();
}
void init_timer(int res_hz)
{
_disable();
if(res_hz > 0) {
int reload_val = DIV_ROUND(OSC_FREQ_HZ, res_hz);
set_timer_reload(reload_val);
tick_interval = DIV_ROUND(1000, res_hz);
ticks_per_dos_intr = DIV_ROUND(65535L, reload_val);
inum = PIT_TIMER_INTR;
prev_timer_intr = _dos_getvect(inum);
_dos_setvect(inum, timer_irq);
} else {
tick_interval = 55;
inum = DOS_TIMER_INTR;
prev_timer_intr = _dos_getvect(inum);
_dos_setvect(inum, dos_timer_intr);
}
_enable();
atexit(cleanup);
}
unsigned ftAnalog (unsigned short port, int nTrigger) {
unsigned result = 0;
#ifdef _WIN32
unsigned short status = port+1;
int enabled = ftDisable && _disable();
#endif
#ifdef SC12
unsigned short status = port;
#endif
int data = (nTrigger ? triggerX : triggerY)|clock;
if (ftLoadOut) data |= loadOut;
trace(64, ("analog %03x", port));
trace(128, (" >%02x", data));
_outp(port, data); idle(ftIdle);
data = triggerX|triggerY|clock;
if (ftLoadOut) data |= loadOut;
trace(128, (" >%02x", data));
_outp(port, data);
while (_inp(status) & busy) ++ result, idle(ftScale);
trace(64, (" %u\n", result));
#ifdef _WIN32
if (enabled) _enable();
#endif
return result;
}
char *InitSys( void )
{
int i8259_val; /* storing I8259 value */
int i8259m_val; /* storing I8259 mask register value */
inp( IOBase ); /* base com port: clear any characters */
outp( IER, 0 ); /* ier <= 0 : no ints for now */
inp( MSR ); /* MSR : reset MSR now */
InitInts();
outp( LCR, LCR_SETUP ); /* set com line characteristics */
outp( MCR, MCR_SETUP ); /* set MCR value */
outp( IER, 0x05 ); /* set ier, allow lsr & rx ints */
_disable();
i8259m_val = inp( I8259M ); /* set 8259 mask register */
I8259mBit = i8259m_val & ( 1 << IntVector );
i8259m_val &= ~( 1 << IntVector ); /* to allow com interrupts */
outp( I8259M, i8259m_val );
_enable();
i8259_val = IntVector; /* set 8259 priority */
--i8259_val;
i8259_val |= 0xc0;
outp( I8259, i8259_val );
CurrentBaud = -1;
Modem = 0;
return( NULL );
}
void ObjectDataOStream::enableCommit( const uint128_t& version,
const Nodes& receivers )
{
_version = version;
_setupConnections( receivers );
_enable();
}
bool Baud( int index )
{
int lcr_value;
ErrorFlag = 0;
BreakFlag = 0;
if( index == MIN_BAUD ) {
Modem = 1;
return( TRUE );
}
Modem = 0;
if( index == CurrentBaud ) return( TRUE );
/* don't change baud rate while a character is still being sent */
do {} while( (inp( LSR ) & LSR_TSRE) == 0 );
lcr_value = inp( LCR ); /* get LCR value */
_disable(); /* disable interrupt */
outp( LCR, lcr_value | LCR_DLAB ); /* set Divisor Latch Access Bit(DLAB)*/
/* to enable setting of baud rate */
outp( IOBase, Divisor[index] ); /* LSB portion of new divisor */
outp( IOBase+1, 0 ); /* MSB portion of new divisor */
lcr_value = inp( LCR );
outp( LCR, lcr_value & ~LCR_DLAB ); /* set off DLAB bit of LCR */
_enable(); /* re-enable interrupts */
CurrentBaud = index;
return( TRUE );
}
int kb_init(int bufsz)
{
if(DONE_INIT) {
fprintf(stderr, "keyboard driver already initialized!\n");
return 0;
}
buffer_size = bufsz;
if(buffer_size && !(buffer = malloc(buffer_size * sizeof *buffer))) {
fprintf(stderr, "failed to allocate input buffer, continuing without\n");
buffer_size = 0;
}
buf_ridx = buf_widx = 0;
last_key = -1;
memset(keystate, 0, sizeof keystate);
num_pressed = 0;
/* set our interrupt handler */
_disable();
prev_handler = _dos_getvect(KB_INTR);
_dos_setvect(KB_INTR, kbintr);
_enable();
return 0;
}
/* initialize interruption vectors */
void init()
{
/* save standart master IRQ vectors */
std_int8 = getvect(0x08);
std_int9 = getvect(0x09);
std_int10 = getvect(0x0A);
std_int11 = getvect(0x0B);
std_int12 = getvect(0x0C);
std_int13 = getvect(0x0D);
std_int14 = getvect(0x0E);
std_int15 = getvect(0x0F);
/* set new master IRQ interruptions*/
setvect(0x08, new_int8);
setvect(0x09, new_int9);
setvect(0x0A, new_int10);
setvect(0x0B, new_int11);
setvect(0x0C, new_int12);
setvect(0x0D, new_int13);
setvect(0x0E, new_int14);
setvect(0x0F, new_int15);
/* save standart slave IRQ vectors*/
std_int70 = getvect(0x70);
std_int71 = getvect(0x71);
std_int72 = getvect(0x72);
std_int73 = getvect(0x73);
std_int74 = getvect(0x74);
std_int75 = getvect(0x75);
std_int76 = getvect(0x76);
std_int77 = getvect(0x77);
/* set new slave IRQ interruptions*/
setvect(0x90, new_int70);
setvect(0x91, new_int71);
setvect(0x92, new_int72);
setvect(0x93, new_int73);
setvect(0x94, new_int74);
setvect(0x95, new_int75);
setvect(0x96, new_int76);
setvect(0x97, new_int77);
/* make operations atomic */
_disable();
outp(0x20,0x11); // send ICW1
outp(0x21,0x08); // send ICW2
outp(0x21,0x04); // send ICW3
outp(0x21,0x01); // send ICW4
outp(0xA0,0x11); // same above
outp(0xA1,0x90);
outp(0xA1,0x02);
outp(0xA1,0x01);
_enable();
}
void key_flush()
{
int i;
fix CurTime;
_disable();
// Clear the BIOS buffer
key_clear_bios_buffer();
key_data.keyhead = key_data.keytail = 0;
//Clear the keyboard buffer
for (i=0; i<KEY_BUFFER_SIZE; i++ ) {
key_data.keybuffer[i] = 0;
key_data.time_pressed[i] = 0;
}
//Clear the keyboard array
CurTime =timer_get_fixed_secondsX();
for (i=0; i<256; i++ ) {
keyd_pressed[i] = 0;
key_data.TimeKeyWentDown[i] = CurTime;
key_data.TimeKeyHeldDown[i] = 0;
key_data.NumDowns[i]=0;
key_data.NumUps[i]=0;
}
_enable();
}
/*
* @implemented
*/
VOID
NTAPI
HalProcessorIdle(VOID)
{
/* Enable interrupts and halt the processor */
_enable();
}
/*---------------------------------------------------------------------
Function: InterruptInit
Purpose: Initialisation of interrupt handling
Arguments: void
Return: void
---------------------------------------------------------------------*/
void InterruptInit(void)
{
/* initialise vector tables */
_init_vectab();
/* enable external interrupts */
_enable();
}
