static BOOL
win32_alloc_scheme_selectors (unsigned long base,
unsigned long size,
unsigned short * scheme_cs,
unsigned short * scheme_ds,
unsigned short * scheme_ss)
{
BOOL result;
struct ntw32lib_selalloc_s param;
LPVOID translation[1];
param.base = base;
param.limit = ((size + (I386_PAGE_SIZE - 1)) & (~ (I386_PAGE_SIZE - 1)));
param.cs32 = (getCS ());
param.ds32 = (getDS ());
param.cs = 0;
param.ds = 0;
param.ss = 0;
translation[0] = ((LPVOID) NULL);
result = ((BOOL)
((* call_16_bit_code) (& param, NTW32LIB_ALLOC_SELECTORS,
&translation[0])));
* scheme_cs = param.cs;
* scheme_ds = param.ds;
* scheme_ss = param.ss;
return (result);
}
/* cmdGetAutoexecBat - Creates a temp file to replace c:\autoexec.bat
*
* Entry - Client (DS:DX) pointer to receive file name
*
* EXIT - This routine will Terminate the vdm if it fails
* And will not return
*
*
* The buffer to receive the file name must be at least 64 bytes
*/
VOID cmdGetAutoexecBat (VOID)
{
UNICODE_STRING Unicode;
OEM_STRING OemString;
ANSI_STRING AnsiString;
ExpandConfigFiles(FALSE);
RtlInitAnsiString(&AnsiString, pchTmpAutoexecFile);
if (!NT_SUCCESS(RtlAnsiStringToUnicodeString(&Unicode,&AnsiString,TRUE)) )
goto ErrExit;
OemString.Buffer = (char *)GetVDMAddr(getDS(),getDX());
OemString.MaximumLength = 64;
if (!NT_SUCCESS(RtlUnicodeStringToOemString(&OemString,&Unicode,FALSE)) )
goto ErrExit;
RtlFreeUnicodeString(&Unicode);
return;
ErrExit:
RcErrorDialogBox(ED_INITMEMERR, pchTmpConfigFile, NULL);
TerminateVDM(); // skip cleanup since I insist that we exit!
}
BOOL DemDispatch (ULONG iSvc)
{
#if DBG
if(iSvc < SVC_DEMLASTSVC && (fShowSVCMsg & DEMSVCTRACE) &&
apfnSVC[iSvc] != demNotYetImplemented){
sprintf(demDebugBuffer,"DemDispatch: Entering %s\n\tAX=%.4x BX=%.4x CX=%.4x DX=%.4x DI=%.4x SI=%.4x\n",
aSVCNames[iSvc],getAX(),getBX(),getCX(),getDX(),getDI(),getSI());
OutputDebugStringOem(demDebugBuffer);
sprintf(demDebugBuffer,"\tCS=%.4x IP=%.4x DS=%.4x ES=%.4x SS=%.4x SP=%.4x BP=%.4x\n",
getCS(),getIP(), getDS(),getES(),getSS(),getSP(),getBP());
OutputDebugStringOem(demDebugBuffer);
}
#endif
if (iSvc >= SVC_DEMLASTSVC){
#if DBG
sprintf(demDebugBuffer,"Unimplemented SVC index %x\n",iSvc);
OutputDebugStringOem(demDebugBuffer);
#endif
setCF(1);
return FALSE;
}
if (pHardErrPacket) {
pHardErrPacket->vhe_fbInt24 = 0;
}
CurrentISVC = iSvc;
(apfnSVC [iSvc])();
#if DBG
if((fShowSVCMsg & DEMSVCTRACE)){
sprintf(demDebugBuffer,"DemDispatch:On Leaving %s\n\tAX=%.4x BX=%.4x CX=%.4x DX=%.4x DI=%.4x SI=%.4x\n",
aSVCNames[iSvc],getAX(),getBX(),getCX(),getDX(),getDI(),getSI());
OutputDebugStringOem(demDebugBuffer);
sprintf(demDebugBuffer,"\tCS=%.4x IP=%.4x DS=%.4x ES=%.4x SS=%.4x SP=%.4x BP=%.4x CF=%x\n",
getCS(),getIP(), getDS(),getES(),getSS(),getSP(),getBP(),getCF());
OutputDebugStringOem(demDebugBuffer);
}
#endif
return TRUE;
}
static VOID CmdStartExternalCommand(VOID)
{
DWORD Result;
// TODO: improve: this code has strong similarities
// with the 'default' case of DosCreateProcess.
LPSTR Command = (LPSTR)SEG_OFF_TO_PTR(getDS(), getSI());
CHAR CmdLine[sizeof("cmd.exe /c ") + DOS_CMDLINE_LENGTH + 1] = "";
LPSTR CmdLinePtr;
ULONG CmdLineLen;
/* Spawn a user-defined 32-bit command preprocessor */
// FIXME: Use COMSPEC env var!!
CmdLinePtr = CmdLine;
strcpy(CmdLinePtr, "cmd.exe /c ");
CmdLinePtr += strlen(CmdLinePtr);
/* Build a Win32-compatible command-line */
CmdLineLen = min(strlen(Command), sizeof(CmdLine) - strlen(CmdLinePtr) - 1);
RtlCopyMemory(CmdLinePtr, Command, CmdLineLen);
CmdLinePtr[CmdLineLen] = '\0';
/* Remove any trailing return carriage character and NULL-terminate the command line */
while (*CmdLinePtr && *CmdLinePtr != '\r' && *CmdLinePtr != '\n') CmdLinePtr++;
*CmdLinePtr = '\0';
DPRINT1("CMD Run Command '%s' ('%s')\n", Command, CmdLine);
/*
* No need to prepare the stack for DosStartComSpec since we won't start it.
*/
Result = DosStartProcess32(Command, CmdLine,
SEG_OFF_TO_PTR(getES(), 0) /*Environment*/,
MAKELONG(getIP(), getCS()) /*ReturnAddress*/,
FALSE);
if (Result != ERROR_SUCCESS)
{
DosDisplayMessage("Failed to start command '%s' ('%s'). Error: %u\n", Command, CmdLine, Result);
setCF(0);
setAL((UCHAR)Result);
}
else
{
DosDisplayMessage("Command '%s' ('%s') started successfully.\n", Command, CmdLine);
#ifndef STANDALONE
setCF(Repeat); // Set CF if we need to start a 16-bit process
#else
setCF(0);
#endif
}
}
void cGenProt(isrVal_t regs)
{
printf("GP\n");
printf("\nGeneral Protection Fault\neip\tcs\tds\teflags\tprocesp\tss\n");
printf("%X\t%X\t%X\t%X\t%X\n", regs.eip, regs.cs, regs.ds, regs.eflags,
regs.procesp, regs.ss);
printf("\nCurrent:\n");
printf("CS\tDS\tSS\tESP\n");
printf("%X\t%X\t%X\t%X\n", getCS(), getDS(), getSS(), getESP());
checkFrame(®s);
// panic("General Protection fault");
}
VOID cmdExec (VOID)
{
DWORD i;
DWORD dwRet;
PCHAR pCommandTail;
PCHAR pEnv;
CHAR Buffer[MAX_PATH];
pCommandTail = (PCHAR) GetVDMAddr ((USHORT)getDS(),(USHORT)getSI());
pEnv = (PCHAR) GetVDMAddr ((USHORT)getES(),0);
for (i=0 ; i<124 ; i++) {
if (pCommandTail[i] == 0x0d){
pCommandTail[i] = 0;
break;
}
}
if (i == 124){
setCF(0);
setAL((UCHAR)ERROR_BAD_FORMAT);
return;
}
chDefaultDrive = (CHAR)(getAL() + 'A');
if (getAH() == 0) {
cmdExec32 (pCommandTail,pEnv);
}
else {
dwRet = GetEnvironmentVariable ("COMSPEC",Buffer,MAX_PATH);
if (dwRet == 0 || dwRet >= MAX_PATH){
setCF(0);
setAL((UCHAR)ERROR_BAD_ENVIRONMENT);
return;
}
if ((dwRet + 4 + strlen(pCommandTail)) > MAX_PATH) {
setCF(0);
setAL((UCHAR)ERROR_BAD_ENVIRONMENT);
return;
}
strcat (Buffer, " /c ");
strcat (Buffer, pCommandTail);
cmdExec32 (Buffer,pEnv);
}
return;
}
void cBreakp(isrVal_t regs)
{
printf("BP\n");
checkFrame(®s);
printf("Debug:\n");
printf("eax\tebx\tecx\tedx\n%X\t%X\t%X\t%X\n", regs.eax, regs.ebx, regs.ecx, regs.edx);
printf("\nds\n%X\n", regs.ds);
printf("\nedi\tesi\tebp\tesp\n%X\t%X\t%X\t%X\n", regs.edi, regs.esi, regs.ebp, regs.esp);
printf("\neip\tcs\teflags\tuseresp\tss\n%X\t%X\t%X\t%X\t%X\n", regs.eip, regs.cs, regs.eflags, regs.procesp, regs.ss);
printf("\nerr_code\tfunc_ptr\n%X\t%X\n", regs.errCode, regs.funcPtr);
printf("\n\nCurrent:\n");
printf("CS\tDS\tSS\tESP\n%X\t%X\t%X\t%X\n", getCS(), getDS(), getSS(), getESP());
}
void cDivByZero(isrVal_t regs)
{
printf("D0\n");
checkFrame(®s);
if (regs.cs != 0x8)
{
panic("No process killing code yet");
}
printf("\nDiv by 0\neip\tcs\teflags\tprocesp\tss\n");
printf("%X\t%X\t%X\t%X\t%X\n", regs.eip, regs.cs, regs.eflags, regs.procesp, regs.ss);
printf("\nCurrent:\n");
printf("CS\tDS\tSS\tESP\n");
printf("%X\t%X\t%X\t%X\n", getCS(), getDS(), getSS(), getESP());
panic ("Devide by zero");
}
static void
win32_release_scheme_selectors (unsigned short scheme_cs,
unsigned short scheme_ds,
unsigned short scheme_ss)
{
struct ntw32lib_selfree_s param;
LPVOID translation[1];
param.cs32 = (getCS ());
param.ds32 = (getDS ());
param.cs = scheme_cs;
param.ds = scheme_ds;
param.ss = scheme_ss;
translation[0] = ((LPVOID) NULL);
(* call_16_bit_code) (& param, NTW32LIB_FREE_SELECTORS, &translation[0]);
return;
}
void MS_bop_F(void)
{
extern void kb_setup_vectors(void);
kb_setup_vectors();
#ifdef MONITOR
AddrIretBopTable = ( ((ULONG)getDS() << 16) | (ULONG)getDI() );
#ifndef PROD
if (getCX() != VDM_RM_IRETBOPSIZE) {
OutputDebugString("NTVDM:spacing != VDM_RM_IRETBOPSIZE\n");
DebugBreak();
}
#endif
#endif
/*
* Now that spckbd is loaded, and the ivt rom vectors are hooked
* we can allow hw interrupts.
*/
// nt_init_event_thread will resume the event thread after it
// sync up BIOS led states with the system
// ResumeThread(ThreadInfo.EventMgr.Handle);
host_ica_lock();
DelayIrqLine = 0;
if (!ica_restart_interrupts(ICA_SLAVE))
ica_restart_interrupts(ICA_MASTER);
host_ica_unlock();
#ifdef MONITOR
setCF(1);
#else
setCF(0);
#endif
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath)
/*++
Routine Description:
This routine is called when the driver is loaded by NT.
Arguments:
DriverObject - Pointer to driver object created by system.
RegistryPath - Pointer to the name of the services node for this driver.
Return Value:
The function value is the final status from the initialization operation.
--*/
{
NTSTATUS ntStatus;
PVOID BufDriverString=NULL,BufProcessEventString=NULL,BufThreadEventString=NULL;
UNICODE_STRING uszDriverString;
UNICODE_STRING uszProcessEventString;
UNICODE_STRING uszThreadEventString;
PDEVICE_OBJECT pDeviceObject;
HANDLE reg=0;
OBJECT_ATTRIBUTES oa;
UNICODE_STRING temp;
char wbuf[100];
WORD this_cs, this_ss, this_ds, this_es, this_fs, this_gs;
ULONG cr4reg;
criticalSection csTest;
HANDLE Ultimap2Handle;
KernelCodeStepping=0;
KernelWritesIgnoreWP = 0;
this_cs=getCS();
this_ss=getSS();
this_ds=getDS();
this_es=getES();
this_fs=getFS();
this_gs=getGS();
//InitializeObjectAttributes(&ao, NULL, OBJ_KERNEL_HANDLE, NULL, NULL);
//PsCreateSystemThread(&Ultimap2Handle, 0, NULL, 0, NULL, TestThread, PsGetCurrentProcess());
DbgPrint("DBK loading...");
#ifdef TOBESIGNED
DbgPrint("Signed version");
#endif
//lame antiviruses and more lamer users that keep crying rootkit virus....
temp.Buffer=(PWCH)wbuf;
temp.Length=0;
temp.MaximumLength=100;
RtlAppendUnicodeToString(&temp, L"Ke"); //KeServiceDescriptorTable
RtlAppendUnicodeToString(&temp, L"Service");
RtlAppendUnicodeToString(&temp, L"Descriptor");
RtlAppendUnicodeToString(&temp, L"Table");
KeServiceDescriptorTable=MmGetSystemRoutineAddress(&temp);
DbgPrint("Loading driver\n");
if (RegistryPath)
{
DbgPrint("Registry path = %S\n", RegistryPath->Buffer);
InitializeObjectAttributes(&oa,RegistryPath,OBJ_KERNEL_HANDLE ,NULL,NULL);
ntStatus=ZwOpenKey(®,KEY_QUERY_VALUE,&oa);
if (ntStatus == STATUS_SUCCESS)
{
UNICODE_STRING A,B,C,D;
PKEY_VALUE_PARTIAL_INFORMATION bufA,bufB,bufC,bufD;
ULONG ActualSize;
DbgPrint("Opened the key\n");
BufDriverString=ExAllocatePool(PagedPool,sizeof(KEY_VALUE_PARTIAL_INFORMATION)+100);
BufDeviceString=ExAllocatePool(PagedPool,sizeof(KEY_VALUE_PARTIAL_INFORMATION)+100);
BufProcessEventString=ExAllocatePool(PagedPool,sizeof(KEY_VALUE_PARTIAL_INFORMATION)+100);
BufThreadEventString=ExAllocatePool(PagedPool,sizeof(KEY_VALUE_PARTIAL_INFORMATION)+100);
bufA=BufDriverString;
bufB=BufDeviceString;
bufC=BufProcessEventString;
bufD=BufThreadEventString;
RtlInitUnicodeString(&A, L"A");
RtlInitUnicodeString(&B, L"B");
RtlInitUnicodeString(&C, L"C");
RtlInitUnicodeString(&D, L"D");
if (ntStatus == STATUS_SUCCESS)
ntStatus=ZwQueryValueKey(reg,&A,KeyValuePartialInformation ,bufA,sizeof(KEY_VALUE_PARTIAL_INFORMATION)+100,&ActualSize);
if (ntStatus == STATUS_SUCCESS)
ntStatus=ZwQueryValueKey(reg,&B,KeyValuePartialInformation ,bufB,sizeof(KEY_VALUE_PARTIAL_INFORMATION)+100,&ActualSize);
if (ntStatus == STATUS_SUCCESS)
ntStatus=ZwQueryValueKey(reg,&C,KeyValuePartialInformation ,bufC,sizeof(KEY_VALUE_PARTIAL_INFORMATION)+100,&ActualSize);
if (ntStatus == STATUS_SUCCESS)
ntStatus=ZwQueryValueKey(reg,&D,KeyValuePartialInformation ,bufD,sizeof(KEY_VALUE_PARTIAL_INFORMATION)+100,&ActualSize);
if (ntStatus == STATUS_SUCCESS)
{
DbgPrint("Read ok\n");
RtlInitUnicodeString(&uszDriverString,(PCWSTR) bufA->Data);
RtlInitUnicodeString(&uszDeviceString,(PCWSTR) bufB->Data);
RtlInitUnicodeString(&uszProcessEventString,(PCWSTR) bufC->Data);
RtlInitUnicodeString(&uszThreadEventString,(PCWSTR) bufD->Data);
DbgPrint("DriverString=%S\n",uszDriverString.Buffer);
DbgPrint("DeviceString=%S\n",uszDeviceString.Buffer);
DbgPrint("ProcessEventString=%S\n",uszProcessEventString.Buffer);
DbgPrint("ThreadEventString=%S\n",uszThreadEventString.Buffer);
}
else
{
ExFreePool(bufA);
ExFreePool(bufB);
ExFreePool(bufC);
ExFreePool(bufD);
DbgPrint("Failed reading the value\n");
ZwClose(reg);
return STATUS_UNSUCCESSFUL;;
}
}
else
{
DbgPrint("Failed opening the key\n");
return STATUS_UNSUCCESSFUL;;
}
}
else
loadedbydbvm=TRUE;
ntStatus = STATUS_SUCCESS;
if (!loadedbydbvm)
{
// Point uszDriverString at the driver name
#ifndef CETC
// Create and initialize device object
ntStatus = IoCreateDevice(DriverObject,
0,
&uszDriverString,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&pDeviceObject);
if(ntStatus != STATUS_SUCCESS)
{
DbgPrint("IoCreateDevice failed\n");
ExFreePool(BufDriverString);
ExFreePool(BufDeviceString);
ExFreePool(BufProcessEventString);
ExFreePool(BufThreadEventString);
if (reg)
ZwClose(reg);
return ntStatus;
}
// Point uszDeviceString at the device name
// Create symbolic link to the user-visible name
ntStatus = IoCreateSymbolicLink(&uszDeviceString, &uszDriverString);
if(ntStatus != STATUS_SUCCESS)
{
DbgPrint("IoCreateSymbolicLink failed: %x\n",ntStatus);
// Delete device object if not successful
IoDeleteDevice(pDeviceObject);
ExFreePool(BufDriverString);
ExFreePool(BufDeviceString);
ExFreePool(BufProcessEventString);
ExFreePool(BufThreadEventString);
if (reg)
ZwClose(reg);
return ntStatus;
}
#endif
}
//when loaded by dbvm driver object is 'valid' so store the function addresses
DbgPrint("DriverObject=%p\n", DriverObject);
// Load structure to point to IRP handlers...
DriverObject->DriverUnload = UnloadDriver;
DriverObject->MajorFunction[IRP_MJ_CREATE] = DispatchCreate;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = DispatchClose;
if (loadedbydbvm)
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = (PDRIVER_DISPATCH)DispatchIoctlDBVM;
else
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchIoctl;
//Processlist init
#ifndef CETC
ProcessEventCount=0;
KeInitializeSpinLock(&ProcesslistSL);
#endif
CreateProcessNotifyRoutineEnabled=FALSE;
//threadlist init
ThreadEventCount=0;
BufferSize=0;
processlist=NULL;
#ifndef AMD64
//determine if PAE is used
cr4reg=(ULONG)getCR4();
if ((cr4reg & 0x20)==0x20)
{
PTESize=8; //pae
PAGE_SIZE_LARGE=0x200000;
MAX_PDE_POS=0xC0604000;
MAX_PTE_POS=0xC07FFFF8;
}
else
{
PTESize=4;
PAGE_SIZE_LARGE=0x400000;
MAX_PDE_POS=0xC0301000;
MAX_PTE_POS=0xC03FFFFC;
}
#else
PTESize=8; //pae
PAGE_SIZE_LARGE=0x200000;
MAX_PTE_POS=0xFFFFF6FFFFFFFFF8ULL;
MAX_PDE_POS=0xFFFFF6FB7FFFFFF8ULL;
#endif
#ifdef CETC
DbgPrint("Going to initialice CETC\n");
InitializeCETC();
#endif
//hideme(DriverObject); //ok, for those that see this, enabling this WILL f**k up try except routines, even in usermode you'll get a blue sreen
DbgPrint("Initializing debugger\n");
debugger_initialize();
// Return success (don't do the devicestring, I need it for unload)
DbgPrint("Cleaning up initialization buffers\n");
if (BufDriverString)
{
ExFreePool(BufDriverString);
BufDriverString=NULL;
}
if (BufProcessEventString)
{
ExFreePool(BufProcessEventString);
BufProcessEventString=NULL;
}
if (BufThreadEventString)
{
ExFreePool(BufThreadEventString);
BufThreadEventString=NULL;
}
if (reg)
{
ZwClose(reg);
reg=0;
}
//fetch cpu info
{
DWORD r[4];
DWORD a;
__cpuid(r,0);
DbgPrint("cpuid.0: r[1]=%x", r[1]);
if (r[1]==0x756e6547) //GenuineIntel
{
__cpuid(r,1);
a=r[0];
cpu_stepping=a & 0xf;
cpu_model=(a >> 4) & 0xf;
cpu_familyID=(a >> 8) & 0xf;
cpu_type=(a >> 12) & 0x3;
cpu_ext_modelID=(a >> 16) & 0xf;
cpu_ext_familyID=(a >> 20) & 0xff;
cpu_model=cpu_model + (cpu_ext_modelID << 4);
cpu_familyID=cpu_familyID + (cpu_ext_familyID << 4);
if ((r[2]<<9) & 1)
{
DbgPrint("Intel cpu. IA32_FEATURE_CONTROL MSR=%x", readMSR(0x3a));
}
else
{
DbgPrint("Intel cpu without IA32_FEATURE_CONTROL MSR");
}
vmx_init_dovmcall(1);
setup_APIC_BASE(); //for ultimap
}
else
{
static VOID WINAPI DosCmdInterpreterBop(LPWORD Stack)
{
/* Get the Function Number and skip it */
BYTE FuncNum = *(PBYTE)SEG_OFF_TO_PTR(getCS(), getIP());
setIP(getIP() + 1);
switch (FuncNum)
{
case 0x08: // Launch external command
{
#define CMDLINE_LENGTH 1024
BOOL Result;
DWORD dwExitCode;
LPSTR Command = (LPSTR)SEG_OFF_TO_PTR(getDS(), getSI());
LPSTR CmdPtr = Command;
CHAR CommandLine[CMDLINE_LENGTH] = "";
STARTUPINFOA StartupInfo;
PROCESS_INFORMATION ProcessInformation;
/* NULL-terminate the command line by removing the return carriage character */
while (*CmdPtr && *CmdPtr != '\r') CmdPtr++;
*CmdPtr = '\0';
DPRINT1("CMD Run Command '%s'\n", Command);
/* Spawn a user-defined 32-bit command preprocessor */
/* Build the command line */
// FIXME: Use COMSPEC env var!!
strcpy(CommandLine, "cmd.exe /c ");
strcat(CommandLine, Command);
ZeroMemory(&StartupInfo, sizeof(StartupInfo));
ZeroMemory(&ProcessInformation, sizeof(ProcessInformation));
StartupInfo.cb = sizeof(StartupInfo);
VidBiosDetachFromConsole();
Result = CreateProcessA(NULL,
CommandLine,
NULL,
NULL,
TRUE,
0,
NULL,
NULL,
&StartupInfo,
&ProcessInformation);
if (Result)
{
DPRINT1("Command '%s' launched successfully\n", Command);
/* Wait for process termination */
WaitForSingleObject(ProcessInformation.hProcess, INFINITE);
/* Get the exit code */
GetExitCodeProcess(ProcessInformation.hProcess, &dwExitCode);
/* Close handles */
CloseHandle(ProcessInformation.hThread);
CloseHandle(ProcessInformation.hProcess);
}
else
{
DPRINT1("Failed when launched command '%s'\n");
dwExitCode = GetLastError();
}
VidBiosAttachToConsole();
setAL((UCHAR)dwExitCode);
break;
}
default:
{
DPRINT1("Unknown DOS CMD Interpreter BOP Function: 0x%02X\n", FuncNum);
// setCF(1); // Disable, otherwise we enter an infinite loop
break;
}
}
}
static VOID WINAPI DosCmdInterpreterBop(LPWORD Stack)
{
/* Get the Function Number and skip it */
BYTE FuncNum = *(PBYTE)SEG_OFF_TO_PTR(getCS(), getIP());
setIP(getIP() + 1);
switch (FuncNum)
{
/* Kill the VDM */
case 0x00:
{
/* Stop the VDM */
EmulatorTerminate();
return;
}
/*
* Get a new app to start
*
* Input
* DS:DX : Data block.
*
* Output
* CF : 0: Success; 1: Failure.
*/
case 0x01:
{
CmdStartProcess();
break;
}
/*
* Check binary format
*
* Input
* DS:DX : Program to check.
*
* Output
* CF : 0: Success; 1: Failure.
* AX : Error code.
*/
case 0x07:
{
DWORD BinaryType;
LPSTR ProgramName = (LPSTR)SEG_OFF_TO_PTR(getDS(), getDX());
if (!GetBinaryTypeA(ProgramName, &BinaryType))
{
/* An error happened, bail out */
setCF(1);
setAX(LOWORD(GetLastError()));
break;
}
// FIXME: We only support DOS binaries for now...
ASSERT(BinaryType == SCS_DOS_BINARY);
if (BinaryType != SCS_DOS_BINARY)
{
/* An error happened, bail out */
setCF(1);
setAX(LOWORD(ERROR_BAD_EXE_FORMAT));
break;
}
/* Return success: DOS application */
setCF(0);
break;
}
/*
* Start an external command
*
* Input
* DS:SI : Command to start.
* ES : Environment block segment.
* AL : Current drive number.
* AH : 0: Directly start the command;
* 1: Use "cmd.exe /c" to start the command.
*
* Output
* CF : 0: Shell-out; 1: Continue.
* AL : Error/Exit code.
*/
case 0x08:
{
CmdStartExternalCommand();
break;
}
/*
* Start the default 32-bit command interpreter (COMSPEC)
*
* Input
* ES : Environment block segment.
* AL : Current drive number.
*
* Output
* CF : 0: Shell-out; 1: Continue.
* AL : Error/Exit code.
*/
case 0x0A:
{
CmdStartComSpec32();
break;
}
/*
* Set exit code
*
* Input
* DX : Exit code
*
* Output
* CF : 0: Shell-out; 1: Continue.
*/
case 0x0B:
{
CmdSetExitCode();
break;
}
/*
* Get start information
*
* Output
* AL : 0 (resp. 1): Started from (resp. without) an existing console.
*/
case 0x10:
{
#ifndef STANDALONE
/*
* When a new instance of our (internal) COMMAND.COM is started,
* we check whether we need to run a 32-bit COMSPEC. This goes by
* checking whether we were started in a new console (no parent
* console process) or from an existing one.
*
* However COMMAND.COM can also be started in the case where a
* 32-bit process (started by a 16-bit parent) wants to start a new
* 16-bit process: to ensure DOS reentry we need to start a new
* instance of COMMAND.COM. On Windows the COMMAND.COM is started
* just before the 32-bit process (in fact, it is this COMMAND.COM
* which starts the 32-bit process via an undocumented command-line
* switch '/z', which syntax is:
* COMMAND.COM /z\bAPPNAME.EXE
* notice the '\b' character inserted in-between. Then COMMAND.COM
* issues a BOP_CMD 08h with AH=00h to start the process).
*
* Instead, we do the reverse, i.e. we start the 32-bit process,
* and *only* if needed, i.e. if this process wants to start a
* new 16-bit process, we start our COMMAND.COM.
*
* The problem we then face is that our COMMAND.COM will possibly
* want to start a new COMSPEC, however we do not want this.
* The chosen solution is to flag this case -- done with the 'Reentry'
* boolean -- so that COMMAND.COM will not attempt to start COMSPEC
* but instead will directly try to start the 16-bit process.
*/
// setAL(SessionId != 0);
setAL((SessionId != 0) && !Reentry);
/* Reset 'Reentry' */
Reentry = FALSE;
#else
setAL(0);
#endif
break;
}
default:
{
DPRINT1("Unknown DOS CMD Interpreter BOP Function: 0x%02X\n", FuncNum);
// setCF(1); // Disable, otherwise we enter an infinite loop
break;
}
}
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath)
/*++
Routine Description:
This routine is called when the driver is loaded by NT.
Arguments:
DriverObject - Pointer to driver object created by system.
RegistryPath - Pointer to the name of the services node for this driver.
Return Value:
The function value is the final status from the initialization operation.
--*/
{
NTSTATUS ntStatus;
PVOID BufDriverString=NULL,BufProcessEventString=NULL,BufThreadEventString=NULL;
UNICODE_STRING uszDriverString;
UNICODE_STRING uszProcessEventString;
UNICODE_STRING uszThreadEventString;
PDEVICE_OBJECT pDeviceObject;
HANDLE reg=0;
OBJECT_ATTRIBUTES oa;
UNICODE_STRING temp;
char wbuf[100];
WORD this_cs, this_ss, this_ds, this_es, this_fs, this_gs;
ULONG cr4reg;
criticalSection csTest;
DbgPrint("I'm alive!\n");
//DbgPrint("%S",oa.ObjectName.Buffer);
KernelCodeStepping=0;
this_cs=getCS();
this_ss=getSS();
this_ds=getDS();
this_es=getES();
this_fs=getFS();
this_gs=getGS();
#ifdef AMD64
DbgPrint("cs=%x ss=%x ds=%x es=%x fs=%x gs=%x\n",getCS(), getSS(), getDS(), getES(), getFS(), getGS());
DbgPrint("fsbase=%llx gsbase=%llx gskernel=%llx\n", readMSR(0xc0000100), readMSR(0xc0000101), readMSR(0xc0000102));
DbgPrint("rbp=%llx\n", getRBP());
DbgPrint("gs:188=%llx\n", __readgsqword(0x188));
DbgPrint("current csr=%x\n", _mm_getcsr());
#endif
DbgPrint("Test critical section routines\n");
RtlZeroMemory(&csTest,sizeof(criticalSection));
DbgPrint("csTest.locked=%d\n",csTest.locked);
csEnter(&csTest);
DbgPrint("After enter\n");
DbgPrint("csTest.locked=%d\n",csTest.locked);
csLeave(&csTest);
DbgPrint("After leave\n");
DbgPrint("csTest.locked=%d\n",csTest.locked);
//lame antiviruses and more lamer users that keep crying rootkit virus....
temp.Buffer=(PWCH)wbuf;
temp.Length=0;
temp.MaximumLength=100;
RtlAppendUnicodeToString(&temp, L"Ke"); //KeServiceDescriptorTable
RtlAppendUnicodeToString(&temp, L"Service");
RtlAppendUnicodeToString(&temp, L"Descriptor");
RtlAppendUnicodeToString(&temp, L"Table");
KeServiceDescriptorTable=MmGetSystemRoutineAddress(&temp);
DbgPrint("Loading driver\n");
if (RegistryPath)
{
DbgPrint("Registry path = %S\n", RegistryPath->Buffer);
InitializeObjectAttributes(&oa,RegistryPath,OBJ_KERNEL_HANDLE ,NULL,NULL);
ntStatus=ZwOpenKey(®,KEY_QUERY_VALUE,&oa);
if (ntStatus == STATUS_SUCCESS)
{
UNICODE_STRING A,B,C,D;
PKEY_VALUE_PARTIAL_INFORMATION bufA,bufB,bufC,bufD;
ULONG ActualSize;
DbgPrint("Opened the key\n");
BufDriverString=ExAllocatePool(PagedPool,sizeof(KEY_VALUE_PARTIAL_INFORMATION)+100);
BufDeviceString=ExAllocatePool(PagedPool,sizeof(KEY_VALUE_PARTIAL_INFORMATION)+100);
BufProcessEventString=ExAllocatePool(PagedPool,sizeof(KEY_VALUE_PARTIAL_INFORMATION)+100);
BufThreadEventString=ExAllocatePool(PagedPool,sizeof(KEY_VALUE_PARTIAL_INFORMATION)+100);
bufA=BufDriverString;
bufB=BufDeviceString;
bufC=BufProcessEventString;
bufD=BufThreadEventString;
RtlInitUnicodeString(&A, L"A");
RtlInitUnicodeString(&B, L"B");
RtlInitUnicodeString(&C, L"C");
RtlInitUnicodeString(&D, L"D");
if (ntStatus == STATUS_SUCCESS)
ntStatus=ZwQueryValueKey(reg,&A,KeyValuePartialInformation ,bufA,sizeof(KEY_VALUE_PARTIAL_INFORMATION)+100,&ActualSize);
if (ntStatus == STATUS_SUCCESS)
ntStatus=ZwQueryValueKey(reg,&B,KeyValuePartialInformation ,bufB,sizeof(KEY_VALUE_PARTIAL_INFORMATION)+100,&ActualSize);
if (ntStatus == STATUS_SUCCESS)
ntStatus=ZwQueryValueKey(reg,&C,KeyValuePartialInformation ,bufC,sizeof(KEY_VALUE_PARTIAL_INFORMATION)+100,&ActualSize);
if (ntStatus == STATUS_SUCCESS)
ntStatus=ZwQueryValueKey(reg,&D,KeyValuePartialInformation ,bufD,sizeof(KEY_VALUE_PARTIAL_INFORMATION)+100,&ActualSize);
if (ntStatus == STATUS_SUCCESS)
{
DbgPrint("Read ok\n");
RtlInitUnicodeString(&uszDriverString,(PCWSTR) bufA->Data);
RtlInitUnicodeString(&uszDeviceString,(PCWSTR) bufB->Data);
RtlInitUnicodeString(&uszProcessEventString,(PCWSTR) bufC->Data);
RtlInitUnicodeString(&uszThreadEventString,(PCWSTR) bufD->Data);
DbgPrint("DriverString=%S\n",uszDriverString.Buffer);
DbgPrint("DeviceString=%S\n",uszDeviceString.Buffer);
DbgPrint("ProcessEventString=%S\n",uszProcessEventString.Buffer);
DbgPrint("ThreadEventString=%S\n",uszThreadEventString.Buffer);
}
else
{
ExFreePool(bufA);
ExFreePool(bufB);
ExFreePool(bufC);
ExFreePool(bufD);
DbgPrint("Failed reading the value\n");
ZwClose(reg);
return STATUS_UNSUCCESSFUL;;
}
}
else
{
DbgPrint("Failed opening the key\n");
return STATUS_UNSUCCESSFUL;;
}
}
else
loadedbydbvm=TRUE;
ntStatus = STATUS_SUCCESS;
if (!loadedbydbvm)
{
// Point uszDriverString at the driver name
#ifndef CETC
// Create and initialize device object
ntStatus = IoCreateDevice(DriverObject,
0,
&uszDriverString,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&pDeviceObject);
if(ntStatus != STATUS_SUCCESS)
{
DbgPrint("IoCreateDevice failed\n");
ExFreePool(BufDriverString);
ExFreePool(BufDeviceString);
ExFreePool(BufProcessEventString);
ExFreePool(BufThreadEventString);
if (reg)
ZwClose(reg);
return ntStatus;
}
// Point uszDeviceString at the device name
// Create symbolic link to the user-visible name
ntStatus = IoCreateSymbolicLink(&uszDeviceString, &uszDriverString);
if(ntStatus != STATUS_SUCCESS)
{
DbgPrint("IoCreateSymbolicLink failed: %x\n",ntStatus);
// Delete device object if not successful
IoDeleteDevice(pDeviceObject);
ExFreePool(BufDriverString);
ExFreePool(BufDeviceString);
ExFreePool(BufProcessEventString);
ExFreePool(BufThreadEventString);
if (reg)
ZwClose(reg);
return ntStatus;
}
#endif
}
//when loaded by dbvm driver object is 'valid' so store the function addresses
DbgPrint("DriverObject=%p\n", DriverObject);
// Load structure to point to IRP handlers...
DriverObject->DriverUnload = UnloadDriver;
DriverObject->MajorFunction[IRP_MJ_CREATE] = DispatchCreate;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = DispatchClose;
if (loadedbydbvm)
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = (PDRIVER_DISPATCH)DispatchIoctlDBVM;
else
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchIoctl;
//Processlist init
#ifndef CETC
ProcessEventCount=0;
KeInitializeSpinLock(&ProcesslistSL);
#endif
CreateProcessNotifyRoutineEnabled=FALSE;
//threadlist init
ThreadEventCount=0;
BufferSize=0;
processlist=NULL;
#ifndef AMD64
//determine if PAE is used
cr4reg=(ULONG)getCR4();
if ((cr4reg & 0x20)==0x20)
{
PTESize=8; //pae
PAGE_SIZE_LARGE=0x200000;
MAX_PDE_POS=0xC0604000;
MAX_PTE_POS=0xC07FFFF8;
}
else
{
PTESize=4;
PAGE_SIZE_LARGE=0x400000;
MAX_PDE_POS=0xC0301000;
MAX_PTE_POS=0xC03FFFFC;
}
#else
PTESize=8; //pae
PAGE_SIZE_LARGE=0x200000;
MAX_PTE_POS=0xFFFFF6FFFFFFFFF8ULL;
MAX_PDE_POS=0xFFFFF6FB7FFFFFF8ULL;
#endif
#ifdef CETC
DbgPrint("Going to initialice CETC\n");
InitializeCETC();
#endif
//hideme(DriverObject); //ok, for those that see this, enabling this WILL f**k up try except routines, even in usermode you'll get a blue sreen
DbgPrint("Initializing debugger\n");
debugger_initialize();
// Return success (don't do the devicestring, I need it for unload)
DbgPrint("Cleaning up initialization buffers\n");
if (BufDriverString)
{
ExFreePool(BufDriverString);
BufDriverString=NULL;
}
if (BufProcessEventString)
{
ExFreePool(BufProcessEventString);
BufProcessEventString=NULL;
}
if (BufThreadEventString)
{
ExFreePool(BufThreadEventString);
BufThreadEventString=NULL;
}
if (reg)
{
ZwClose(reg);
reg=0;
}
//fetch cpu info
{
DWORD r[4];
DWORD a;
__cpuid(r,1);
a=r[0];
cpu_stepping=a & 0xf;
cpu_model=(a >> 4) & 0xf;
cpu_familyID=(a >> 8) & 0xf;
cpu_type=(a >> 12) & 0x3;
cpu_ext_modelID=(a >> 16) & 0xf;
cpu_ext_familyID=(a >> 20) & 0xff;
cpu_model=cpu_model + (cpu_ext_modelID << 4);
cpu_familyID=cpu_familyID + (cpu_ext_familyID << 4);
}
{
APIC y;
DebugStackState x;
DbgPrint("offset of LBR_Count=%d\n", (UINT_PTR)&x.LBR_Count-(UINT_PTR)&x);
DbgPrint("Testing forEachCpu(...)\n");
forEachCpu(TestDPC, NULL, NULL, NULL);
forEachCpuPassive(TestPassive, 0);
DbgPrint("LVT_Performance_Monitor=%x\n", (UINT_PTR)&y.LVT_Performance_Monitor-(UINT_PTR)&y);
}
return STATUS_SUCCESS;
}
static VOID CmdStartProcess(VOID)
{
#ifndef STANDALONE
PCOMSPEC_INFO ComSpecInfo;
#endif
SIZE_T CmdLen;
PNEXT_CMD DataStruct = (PNEXT_CMD)SEG_OFF_TO_PTR(getDS(), getDX());
DPRINT1("CmdStartProcess -- DS:DX = %04X:%04X (DataStruct = 0x%p)\n",
getDS(), getDX(), DataStruct);
/* Pause the VM */
EmulatorPause();
#ifndef STANDALONE
/* Check whether we need to shell out now in case we were started by a 32-bit app */
ComSpecInfo = FindComSpecInfoByPsp(Sda->CurrentPsp);
if (ComSpecInfo && ComSpecInfo->Terminated)
{
RemoveComSpecInfo(ComSpecInfo);
DPRINT1("Exit DOS from start-app BOP\n");
setCF(1);
goto Quit;
}
/* Clear the structure */
RtlZeroMemory(&CommandInfo, sizeof(CommandInfo));
/* Initialize the structure members */
CommandInfo.TaskId = SessionId;
CommandInfo.VDMState = VDM_FLAG_DOS;
CommandInfo.CmdLine = CmdLine;
CommandInfo.CmdLen = sizeof(CmdLine);
CommandInfo.AppName = AppName;
CommandInfo.AppLen = sizeof(AppName);
CommandInfo.PifFile = PifFile;
CommandInfo.PifLen = sizeof(PifFile);
CommandInfo.CurDirectory = CurDirectory;
CommandInfo.CurDirectoryLen = sizeof(CurDirectory);
CommandInfo.Desktop = Desktop;
CommandInfo.DesktopLen = sizeof(Desktop);
CommandInfo.Title = Title;
CommandInfo.TitleLen = sizeof(Title);
CommandInfo.Env = Env;
CommandInfo.EnvLen = EnvSize;
if (First) CommandInfo.VDMState |= VDM_FLAG_FIRST_TASK;
Command:
if (Repeat) CommandInfo.VDMState |= VDM_FLAG_RETRY;
Repeat = FALSE;
/* Get the VDM command information */
DPRINT1("Calling GetNextVDMCommand in CmdStartProcess: wait for new VDM task...\n");
if (!GetNextVDMCommand(&CommandInfo))
{
DPRINT1("CmdStartProcess - GetNextVDMCommand failed, retrying... last error = %d\n", GetLastError());
if (CommandInfo.EnvLen > EnvSize)
{
/* Expand the environment size */
EnvSize = CommandInfo.EnvLen;
CommandInfo.Env = Env = RtlReAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Env, EnvSize);
/* Repeat the request */
Repeat = TRUE;
goto Command;
}
/* Shouldn't happen */
DisplayMessage(L"An unrecoverable failure happened from start-app BOP; exiting DOS.");
setCF(1);
goto Quit;
}
// FIXME: What happens if some other 32-bit app is killed while we are waiting there??
DPRINT1("CmdStartProcess - GetNextVDMCommand succeeded, start app...\n");
#else
if (!First)
{
DPRINT1("Exit DOS from start-app BOP\n");
setCF(1);
goto Quit;
}
#endif
/* Compute the command line length, not counting the terminating "\r\n" */
CmdLen = strlen(CmdLine);
if (CmdLen >= 2 && CmdLine[CmdLen - 2] == '\r')
CmdLen -= 2;
DPRINT1("Starting '%s' ('%.*s')...\n", AppName, CmdLen, CmdLine);
/* Start the process */
// FIXME: Merge 'Env' with the master environment SEG_OFF_TO_PTR(SYSTEM_ENV_BLOCK, 0)
// FIXME: Environment
RtlCopyMemory(SEG_OFF_TO_PTR(DataStruct->AppNameSeg, DataStruct->AppNameOff), AppName, MAX_PATH);
*(PBYTE)(SEG_OFF_TO_PTR(DataStruct->CmdLineSeg, DataStruct->CmdLineOff)) = (BYTE)CmdLen;
RtlCopyMemory(SEG_OFF_TO_PTR(DataStruct->CmdLineSeg, DataStruct->CmdLineOff + 1), CmdLine, DOS_CMDLINE_LENGTH);
#ifndef STANDALONE
/* Update console title if we run in a separate console */
if (SessionId != 0)
SetConsoleTitleA(AppName);
#endif
First = FALSE;
setCF(0);
DPRINT1("App started!\n");
Quit:
/* Resume the VM */
EmulatorResume();
}
void ISV_RegisterModule (BOOL fMode)
{
char *pchDll,*pchInit,*pchDispatch;
HANDLE hDll;
FARPROC DispatchEntry;
FARPROC InitEntry;
ULONG i;
UCHAR uchMode;
// Check if we have free space in bop table.
for (i=0; i<MAX_ISV_BOP; i++) {
if (isvbop_table[i].hDll == 0)
break;
}
if (i == MAX_ISV_BOP) {
setCF (1);
setAX(4);
return;
}
uchMode = fMode ? TRUE : FALSE;
pchDll = (PCHAR) Sim32GetVDMPointer (SEGOFF(getDS(),getSI()),
1,
uchMode
);
if (pchDll == NULL) {
setCF (1);
setAX(1);
return;
}
pchInit = (PCHAR) Sim32GetVDMPointer(SEGOFF(getES(),getDI()),
1,
uchMode
);
pchDispatch = (PCHAR) Sim32GetVDMPointer(SEGOFF(getDS(),getBX()),
1,
uchMode
);
if (pchDispatch == NULL) {
setCF (1);
setAX(2);
return;
}
if ((hDll = SafeLoadLibrary(pchDll)) == NULL){
setCF (1);
setAX(1);
return;
}
// Get the init entry point and dispatch entry point
if (pchInit){
if ((ULONG)pchInit < 64*1024){
if (strlen (pchInit) >= MAX_PROC_NAME) {
FreeLibrary(hDll);
setCF (1);
setAX(4);
return;
}
strcpy (procbuffer,pchInit);
pchInit = procbuffer;
}
if ((InitEntry = (MYFARPROC)GetProcAddress(hDll, pchInit)) == NULL){
FreeLibrary(hDll);
setCF(1);
setAX(3);
return;
}
}
if ((ULONG)pchDispatch < 64*1024){
if (strlen (pchDispatch) >= MAX_PROC_NAME) {
FreeLibrary(hDll);
setCF (1);
setAX(4);
return;
}
strcpy (procbuffer,pchDispatch);
pchDispatch = procbuffer;
}
if ((DispatchEntry = (MYFARPROC)GetProcAddress(hDll, pchDispatch)) == NULL){
FreeLibrary(hDll);
setCF(1);
setAX(2);
return;
}
// Call the init routine
if (pchInit) {
(*InitEntry)();
}
// Fill up the bop table
isvbop_table[i].hDll = hDll;
isvbop_table[i].fpDispatch = DispatchEntry;
i++;
setAX((USHORT)i);
return;
}
VOID cmdCheckBinary (VOID)
{
LPSTR lpAppName;
ULONG BinaryType;
PPARAMBLOCK lpParamBlock;
PCHAR lpCommandTail,lpTemp;
ULONG AppNameLen,CommandTailLen = 0;
USHORT CommandTailOff,CommandTailSeg,usTemp;
NTSTATUS Status;
UNICODE_STRING Unicode;
OEM_STRING OemString;
ANSI_STRING AnsiString;
if(DontCheckDosBinaryType){
setCF(0);
return; // DOS Exe
}
lpAppName = (LPSTR) GetVDMAddr (getDS(),getDX());
Unicode.Buffer = NULL;
AnsiString.Buffer = NULL;
RtlInitString((PSTRING)&OemString, lpAppName);
Status = RtlOemStringToUnicodeString(&Unicode,&OemString,TRUE);
if ( NT_SUCCESS(Status) ) {
Status = RtlUnicodeStringToAnsiString(&AnsiString, &Unicode, TRUE);
}
if ( !NT_SUCCESS(Status) ) {
Status = RtlNtStatusToDosError(Status);
}
else if (GetBinaryType (AnsiString.Buffer,(LPLONG)&BinaryType) == FALSE)
{
Status = GetLastError();
}
if (Unicode.Buffer != NULL) {
RtlFreeUnicodeString( &Unicode );
}
if (AnsiString.Buffer != NULL) {
RtlFreeAnsiString( &AnsiString);
}
if (Status){
setCF(1);
setAX((USHORT)Status);
return; // Invalid path
}
if (BinaryType == SCS_DOS_BINARY) {
setCF(0);
return; // DOS Exe
}
// Prevent certain WOW apps from being spawned by DOS exe's
// This is for win31 compatibility
else if (BinaryType == SCS_WOW_BINARY) {
if (!IsWowAppRunnable(lpAppName)) {
setCF(0);
return; // Run as DOS Exe
}
}
if (VDMForWOW && BinaryType == SCS_WOW_BINARY && IsFirstWOWCheckBinary) {
IsFirstWOWCheckBinary = FALSE;
setCF(0);
return; // Special Hack for krnl286.exe
}
// dont allow running 32bit binaries from autoexec.nt. Reason is that
// running non-dos binary requires that we should have read the actual
// command from GetNextVDMCommand. Otherwise the whole design gets into
// synchronization problems.
if (IsFirstCall) {
setCF(1);
setAX((USHORT)ERROR_FILE_NOT_FOUND);
return;
}
// Its a 32bit exe, replace the command with "command.com /z" and add the
// original binary name to command tail.
AppNameLen = strlen (lpAppName);
lpParamBlock = (PPARAMBLOCK) GetVDMAddr (getES(),getBX());
if (lpParamBlock) {
CommandTailOff = FETCHWORD(lpParamBlock->OffCmdTail);
CommandTailSeg = FETCHWORD(lpParamBlock->SegCmdTail);
lpCommandTail = (PCHAR) GetVDMAddr (CommandTailSeg,CommandTailOff);
if (lpCommandTail){
CommandTailLen = *(PCHAR)lpCommandTail;
lpCommandTail++; // point to the actual command tail
if (CommandTailLen)
CommandTailLen++; // For CR
}
// We are adding 3 below for "/z<space>" and anothre space between
// AppName and CommandTail.
if ((3 + AppNameLen + CommandTailLen ) > 128){
setCF(1);
setAX((USHORT)ERROR_NOT_ENOUGH_MEMORY);
return;
}
}
// copy the stub command.com name
strcpy ((PCHAR)&pSCSInfo->SCS_ComSpec,lpszComSpec+8);
lpTemp = (PCHAR) &pSCSInfo->SCS_ComSpec;
lpTemp = (PCHAR)((ULONG)lpTemp - (ULONG)GetVDMAddr(0,0));
usTemp = (USHORT)((ULONG)lpTemp >> 4);
setDS(usTemp);
usTemp = (USHORT)((ULONG)lpTemp & 0x0f);
setDX((usTemp));
// Form the command tail, first "3" is for "/z "
pSCSInfo->SCS_CmdTail [0] = (UCHAR)(3 +
AppNameLen +
CommandTailLen);
RtlCopyMemory ((PCHAR)&pSCSInfo->SCS_CmdTail[1],"/z ",3);
strcpy ((PCHAR)&pSCSInfo->SCS_CmdTail[4],lpAppName);
if (CommandTailLen) {
pSCSInfo->SCS_CmdTail[4+AppNameLen] = ' ';
RtlCopyMemory ((PCHAR)((ULONG)&pSCSInfo->SCS_CmdTail[4]+AppNameLen+1),
lpCommandTail,
CommandTailLen);
}
else {
pSCSInfo->SCS_CmdTail[4+AppNameLen] = 0xd;
}
// Set the parameter Block
if (lpParamBlock) {
STOREWORD(pSCSInfo->SCS_ParamBlock.SegEnv,lpParamBlock->SegEnv);
STOREDWORD(pSCSInfo->SCS_ParamBlock.pFCB1,lpParamBlock->pFCB1);
STOREDWORD(pSCSInfo->SCS_ParamBlock.pFCB2,lpParamBlock->pFCB2);
}
else {
STOREWORD(pSCSInfo->SCS_ParamBlock.SegEnv,0);
STOREDWORD(pSCSInfo->SCS_ParamBlock.pFCB1,0);
STOREDWORD(pSCSInfo->SCS_ParamBlock.pFCB2,0);
}
lpTemp = (PCHAR) &pSCSInfo->SCS_CmdTail;
lpTemp = (PCHAR)((ULONG)lpTemp - (ULONG)GetVDMAddr(0,0));
usTemp = (USHORT)((ULONG)lpTemp & 0x0f);
STOREWORD(pSCSInfo->SCS_ParamBlock.OffCmdTail,usTemp);
usTemp = (USHORT)((ULONG)lpTemp >> 4);
STOREWORD(pSCSInfo->SCS_ParamBlock.SegCmdTail,usTemp);
lpTemp = (PCHAR) &pSCSInfo->SCS_ParamBlock;
lpTemp = (PCHAR)((ULONG)lpTemp - (ULONG)GetVDMAddr(0,0));
usTemp = (USHORT)((ULONG)lpTemp >> 4);
setES (usTemp);
usTemp = (USHORT)((ULONG)lpTemp & 0x0f);
setBX (usTemp);
setCF(0);
return;
}
static VOID WINAPI XmsBopProcedure(LPWORD Stack)
{
switch (getAH())
{
/* Get XMS Version */
case 0x00:
{
setAX(0x0300); /* XMS version 3.00 */
setBX(0x0301); /* Driver version 3.01 */
setDX(0x0001); /* HMA present */
break;
}
/* Request HMA */
case 0x01:
{
/* Check whether HMA is already reserved */
if (IsHmaReserved)
{
/* It is, bail out */
setAX(0x0000);
setBL(XMS_STATUS_HMA_IN_USE);
break;
}
// NOTE: We implicitely suppose that we always have HMA.
// If not, we should fail there with the XMS_STATUS_HMA_DOES_NOT_EXIST
// error code.
/* Check whether the requested size is above the minimal allowed one */
if (getDX() < HmaMinSize)
{
/* It is not, bail out */
setAX(0x0000);
setBL(XMS_STATUS_HMA_MIN_SIZE);
break;
}
/* Reserve it */
IsHmaReserved = TRUE;
setAX(0x0001);
setBL(XMS_STATUS_SUCCESS);
break;
}
/* Release HMA */
case 0x02:
{
/* Check whether HMA was reserved */
if (!IsHmaReserved)
{
/* It was not, bail out */
setAX(0x0000);
setBL(XMS_STATUS_HMA_NOT_ALLOCATED);
break;
}
/* Release it */
IsHmaReserved = FALSE;
setAX(0x0001);
setBL(XMS_STATUS_SUCCESS);
break;
}
/* Global Enable A20 */
case 0x03:
{
/* Enable A20 if needed */
if (!IsA20Enabled)
{
XmsLocalEnableA20();
if (getAX() != 0x0001)
{
/* XmsLocalEnableA20 failed and already set AX and BL to their correct values */
break;
}
IsA20Enabled = TRUE;
}
setAX(0x0001); /* Line successfully enabled */
setBL(XMS_STATUS_SUCCESS);
break;
}
/* Global Disable A20 */
case 0x04:
{
UCHAR Result = XMS_STATUS_SUCCESS;
/* Disable A20 if needed */
if (IsA20Enabled)
{
XmsLocalDisableA20();
if (getAX() != 0x0001)
{
/* XmsLocalDisableA20 failed and already set AX and BL to their correct values */
break;
}
IsA20Enabled = FALSE;
Result = getBL();
}
setAX(0x0001); /* Line successfully disabled */
setBL(Result);
break;
}
/* Local Enable A20 */
case 0x05:
{
/* This call sets AX and BL to their correct values */
XmsLocalEnableA20();
break;
}
/* Local Disable A20 */
case 0x06:
{
/* This call sets AX and BL to their correct values */
XmsLocalDisableA20();
break;
}
/* Query A20 State */
case 0x07:
{
setAX(EmulatorGetA20());
setBL(XMS_STATUS_SUCCESS);
break;
}
/* Query Free Extended Memory */
case 0x08:
{
setAX(XmsGetLargestFreeBlock());
setDX(FreeBlocks);
if (FreeBlocks > 0)
setBL(XMS_STATUS_SUCCESS);
else
setBL(XMS_STATUS_OUT_OF_MEMORY);
break;
}
/* Allocate Extended Memory Block */
case 0x09:
{
WORD Handle;
UCHAR Result = XmsAlloc(getDX(), &Handle);
if (Result == XMS_STATUS_SUCCESS)
{
setAX(1);
setDX(Handle);
}
else
{
setAX(0);
setBL(Result);
}
break;
}
/* Free Extended Memory Block */
case 0x0A:
{
UCHAR Result = XmsFree(getDX());
setAX(Result == XMS_STATUS_SUCCESS);
setBL(Result);
break;
}
/* Move Extended Memory Block */
case 0x0B:
{
PVOID SourceAddress, DestAddress;
PXMS_COPY_DATA CopyData = (PXMS_COPY_DATA)SEG_OFF_TO_PTR(getDS(), getSI());
PXMS_HANDLE HandleEntry;
if (CopyData->SourceHandle)
{
HandleEntry = GetHandleRecord(CopyData->SourceHandle);
if (!ValidateHandle(HandleEntry))
{
setAX(0);
setBL(XMS_STATUS_BAD_SRC_HANDLE);
break;
}
if (CopyData->SourceOffset >= HandleEntry->Size * XMS_BLOCK_SIZE)
{
setAX(0);
setBL(XMS_STATUS_BAD_SRC_OFFSET);
}
SourceAddress = (PVOID)REAL_TO_PHYS(HandleEntry->Address + CopyData->SourceOffset);
}
else
{
/* The offset is actually a 16-bit segment:offset pointer */
SourceAddress = FAR_POINTER(CopyData->SourceOffset);
}
if (CopyData->DestHandle)
{
HandleEntry = GetHandleRecord(CopyData->DestHandle);
if (!ValidateHandle(HandleEntry))
{
setAX(0);
setBL(XMS_STATUS_BAD_DEST_HANDLE);
break;
}
if (CopyData->DestOffset >= HandleEntry->Size * XMS_BLOCK_SIZE)
{
setAX(0);
setBL(XMS_STATUS_BAD_DEST_OFFSET);
}
DestAddress = (PVOID)REAL_TO_PHYS(HandleEntry->Address + CopyData->DestOffset);
}
else
{
/* The offset is actually a 16-bit segment:offset pointer */
DestAddress = FAR_POINTER(CopyData->DestOffset);
}
/* Perform the move */
RtlMoveMemory(DestAddress, SourceAddress, CopyData->Count);
setAX(1);
setBL(XMS_STATUS_SUCCESS);
break;
}
/* Lock Extended Memory Block */
case 0x0C:
{
DWORD Address;
UCHAR Result = XmsLock(getDX(), &Address);
if (Result == XMS_STATUS_SUCCESS)
{
setAX(1);
/* Store the LINEAR address in DX:BX */
setDX(HIWORD(Address));
setBX(LOWORD(Address));
}
else
{
setAX(0);
setBL(Result);
}
break;
}
/* Unlock Extended Memory Block */
case 0x0D:
{
UCHAR Result = XmsUnlock(getDX());
setAX(Result == XMS_STATUS_SUCCESS);
setBL(Result);
break;
}
/* Get Handle Information */
case 0x0E:
{
PXMS_HANDLE HandleEntry = GetHandleRecord(getDX());
UINT i;
UCHAR Handles = 0;
if (!ValidateHandle(HandleEntry))
{
setAX(0);
setBL(XMS_STATUS_INVALID_HANDLE);
break;
}
for (i = 0; i < XMS_MAX_HANDLES; i++)
{
if (HandleTable[i].Handle == 0) Handles++;
}
setAX(1);
setBH(HandleEntry->LockCount);
setBL(Handles);
setDX(HandleEntry->Size);
break;
}
/* Reallocate Extended Memory Block */
case 0x0F:
{
UCHAR Result = XmsRealloc(getDX(), getBX());
setAX(Result == XMS_STATUS_SUCCESS);
setBL(Result);
break;
}
/* Request UMB */
case 0x10:
{
BOOLEAN Result;
USHORT Segment = 0x0000; /* No preferred segment */
USHORT Size = getDX(); /* Size is in paragraphs */
Result = UmaDescReserve(&Segment, &Size);
if (Result)
setBX(Segment);
else
setBL(Size > 0 ? XMS_STATUS_SMALLER_UMB : XMS_STATUS_OUT_OF_UMBS);
setDX(Size);
setAX(Result);
break;
}
/* Release UMB */
case 0x11:
{
BOOLEAN Result;
USHORT Segment = getDX();
Result = UmaDescRelease(Segment);
if (!Result)
setBL(XMS_STATUS_INVALID_UMB);
setAX(Result);
break;
}
/* Reallocate UMB */
case 0x12:
{
BOOLEAN Result;
USHORT Segment = getDX();
USHORT Size = getBX(); /* Size is in paragraphs */
Result = UmaDescReallocate(Segment, &Size);
if (!Result)
{
if (Size > 0)
{
setBL(XMS_STATUS_SMALLER_UMB);
setDX(Size);
}
else
{
setBL(XMS_STATUS_INVALID_UMB);
}
}
setAX(Result);
break;
}
default:
{
DPRINT1("XMS command AH = 0x%02X NOT IMPLEMENTED\n", getAH());
setBL(XMS_STATUS_NOT_IMPLEMENTED);
}
}
}
VOID WINAPI ThirdPartyVDDBop(LPWORD Stack)
{
/* Get the Function Number and skip it */
BYTE FuncNum = *(PBYTE)SEG_OFF_TO_PTR(getCS(), getIP());
setIP(getIP() + 1);
switch (FuncNum)
{
/* RegisterModule */
case 0:
{
BOOL Success = TRUE;
WORD RetVal = 0;
WORD Entry = 0;
LPCSTR DllName = NULL,
InitRoutineName = NULL,
DispatchRoutineName = NULL;
HMODULE hDll = NULL;
VDD_PROC InitRoutine = NULL,
DispatchRoutine = NULL;
DPRINT("RegisterModule() called\n");
/* Clear the Carry Flag (no error happened so far) */
setCF(0);
/* Retrieve the next free entry in the table (used later on) */
Entry = GetNextFreeVDDEntry();
if (Entry >= MAX_VDD_MODULES)
{
DPRINT1("Failed to create a new VDD module entry\n");
Success = FALSE;
RetVal = 4;
goto Quit;
}
/* Retrieve the VDD name in DS:SI */
DllName = (LPCSTR)SEG_OFF_TO_PTR(getDS(), getSI());
/* Retrieve the initialization routine API name in ES:DI (optional --> ES=DI=0) */
if (TO_LINEAR(getES(), getDI()) != 0)
InitRoutineName = (LPCSTR)SEG_OFF_TO_PTR(getES(), getDI());
/* Retrieve the dispatch routine API name in DS:BX */
DispatchRoutineName = (LPCSTR)SEG_OFF_TO_PTR(getDS(), getBX());
DPRINT1("DllName = '%s' - InitRoutineName = '%s' - DispatchRoutineName = '%s'\n",
(DllName ? DllName : "n/a"),
(InitRoutineName ? InitRoutineName : "n/a"),
(DispatchRoutineName ? DispatchRoutineName : "n/a"));
/* Load the VDD DLL */
hDll = LoadLibraryA(DllName);
if (hDll == NULL)
{
DWORD LastError = GetLastError();
Success = FALSE;
if (LastError == ERROR_NOT_ENOUGH_MEMORY)
{
DPRINT1("Not enough memory to load DLL '%s'\n", DllName);
RetVal = 4;
goto Quit;
}
else
{
DPRINT1("Failed to load DLL '%s'; last error = %d\n", DllName, LastError);
RetVal = 1;
goto Quit;
}
}
/* Load the initialization routine if needed */
if (InitRoutineName)
{
InitRoutine = (VDD_PROC)GetProcAddress(hDll, InitRoutineName);
if (InitRoutine == NULL)
{
DPRINT1("Failed to load the initialization routine '%s'\n", InitRoutineName);
Success = FALSE;
RetVal = 3;
goto Quit;
}
}
/* Load the dispatch routine */
DispatchRoutine = (VDD_PROC)GetProcAddress(hDll, DispatchRoutineName);
if (DispatchRoutine == NULL)
{
DPRINT1("Failed to load the dispatch routine '%s'\n", DispatchRoutineName);
Success = FALSE;
RetVal = 2;
goto Quit;
}
/* If we arrived there, that means everything is OK */
/* Register the VDD DLL */
VDDList[Entry].hDll = hDll;
VDDList[Entry].DispatchRoutine = DispatchRoutine;
/* Call the initialization routine if needed */
if (InitRoutine) InitRoutine();
/* We succeeded. RetVal will contain a valid VDD DLL handle */
Success = TRUE;
RetVal = ENTRY_TO_HANDLE(Entry); // Convert the entry to a valid handle
Quit:
if (!Success)
{
/* Unload the VDD DLL */
if (hDll) FreeLibrary(hDll);
/* Set the Carry Flag to indicate that an error happened */
setCF(1);
}
// else
// {
// /* Clear the Carry Flag (success) */
// setCF(0);
// }
setAX(RetVal);
break;
}
/* UnRegisterModule */
case 1:
{
WORD Handle = getAX();
WORD Entry = HANDLE_TO_ENTRY(Handle); // Convert the handle to a valid entry
DPRINT("UnRegisterModule() called\n");
/* Sanity checks */
if (!IS_VALID_HANDLE(Handle) || VDDList[Entry].hDll == NULL)
{
DPRINT1("Invalid VDD DLL Handle: %d\n", Entry);
/* Stop the VDM */
EmulatorTerminate();
return;
}
/* Unregister the VDD DLL */
FreeLibrary(VDDList[Entry].hDll);
VDDList[Entry].hDll = NULL;
VDDList[Entry].DispatchRoutine = NULL;
break;
}
/* DispatchCall */
case 2:
{
WORD Handle = getAX();
WORD Entry = HANDLE_TO_ENTRY(Handle); // Convert the handle to a valid entry
DPRINT("DispatchCall() called\n");
/* Sanity checks */
if (!IS_VALID_HANDLE(Handle) ||
VDDList[Entry].hDll == NULL ||
VDDList[Entry].DispatchRoutine == NULL)
{
DPRINT1("Invalid VDD DLL Handle: %d\n", Entry);
/* Stop the VDM */
EmulatorTerminate();
return;
}
/* Call the dispatch routine */
VDDList[Entry].DispatchRoutine();
break;
}
default:
{
DPRINT1("Unknown 3rd-party VDD BOP Function: 0x%02X\n", FuncNum);
setCF(1);
break;
}
}
}
static VOID WINAPI EmsIntHandler(LPWORD Stack)
{
switch (getAH())
{
/* Get Manager Status */
case 0x40:
{
setAH(EMS_STATUS_SUCCESS);
break;
}
/* Get Page Frame Segment */
case 0x41:
{
setAH(EMS_STATUS_SUCCESS);
setBX(EmsSegment);
break;
}
/* Get Number of Unallocated Pages */
case 0x42:
{
setAH(EMS_STATUS_SUCCESS);
setBX(RtlNumberOfClearBits(&AllocBitmap));
setDX(EmsTotalPages);
break;
}
/* Get Handle and Allocate Memory */
case 0x43:
{
USHORT Handle;
UCHAR Status = EmsAlloc(getBX(), &Handle);
if (Status == EMS_STATUS_SUCCESS)
setDX(Handle);
setAH(Status);
break;
}
/* Map Memory */
case 0x44:
{
setAH(EmsMap(getDX(), getAL(), getBX()));
break;
}
/* Release Handle and Memory */
case 0x45:
{
setAH(EmsFree(getDX()));
break;
}
/* Get EMM Version */
case 0x46:
{
setAH(EMS_STATUS_SUCCESS);
setAL(EMS_VERSION_NUM);
break;
}
/* Save Page Map */
case 0x47:
{
// FIXME: This depends on an EMS handle given in DX
RtlCopyMemory(MappingBackup, Mapping, sizeof(Mapping));
setAH(EMS_STATUS_SUCCESS);
break;
}
/* Restore Page Map */
case 0x48:
{
// FIXME: This depends on an EMS handle given in DX
RtlCopyMemory(Mapping, MappingBackup, sizeof(Mapping));
setAH(EMS_STATUS_SUCCESS);
break;
}
/* Get Number of Opened Handles */
case 0x4B:
{
USHORT NumOpenHandles = 0;
USHORT i;
for (i = 0; i < ARRAYSIZE(HandleTable); i++)
{
if (HandleTable[i].Allocated)
++NumOpenHandles;
}
setAH(EMS_STATUS_SUCCESS);
setBX(NumOpenHandles);
break;
}
/* Get Handle Number of Pages */
case 0x4C:
{
PEMS_HANDLE HandleEntry = GetHandleRecord(getDX());
if (!ValidateHandle(HandleEntry))
{
setAH(EMS_STATUS_INVALID_HANDLE);
break;
}
setAH(EMS_STATUS_SUCCESS);
setBX(HandleEntry->PageCount);
break;
}
/* Get All Handles Number of Pages */
case 0x4D:
{
PEMS_HANDLE_PAGE_INFO HandlePageInfo = (PEMS_HANDLE_PAGE_INFO)SEG_OFF_TO_PTR(getES(), getDI());
USHORT NumOpenHandles = 0;
USHORT i;
for (i = 0; i < ARRAYSIZE(HandleTable); i++)
{
if (HandleTable[i].Allocated)
{
HandlePageInfo->Handle = i;
HandlePageInfo->PageCount = HandleTable[i].PageCount;
++HandlePageInfo;
++NumOpenHandles;
}
}
setAH(EMS_STATUS_SUCCESS);
setBX(NumOpenHandles);
break;
}
/* Get or Set Page Map */
case 0x4E:
{
switch (getAL())
{
/* Get Mapping Registers */
// case 0x00: // TODO: NOT IMPLEMENTED
/* Set Mapping Registers */
// case 0x01: // TODO: NOT IMPLEMENTED
/* Get and Set Mapping Registers At Once */
// case 0x02: // TODO: NOT IMPLEMENTED
/* Get Size of Page-Mapping Array */
case 0x03:
{
setAH(EMS_STATUS_SUCCESS);
setAL(sizeof(Mapping));
break;
}
default:
{
DPRINT1("EMS function AH = 0x4E, subfunction AL = %02X NOT IMPLEMENTED\n", getAL());
setAH(EMS_STATUS_UNKNOWN_FUNCTION);
break;
}
}
break;
}
/* Get/Set Handle Name */
case 0x53:
{
PEMS_HANDLE HandleEntry = GetHandleRecord(getDX());
if (!ValidateHandle(HandleEntry))
{
setAH(EMS_STATUS_INVALID_HANDLE);
break;
}
if (getAL() == 0x00)
{
/* Retrieve the name */
RtlCopyMemory(SEG_OFF_TO_PTR(getES(), getDI()),
HandleEntry->Name,
sizeof(HandleEntry->Name));
setAH(EMS_STATUS_SUCCESS);
}
else if (getAL() == 0x01)
{
/* Store the name */
RtlCopyMemory(HandleEntry->Name,
SEG_OFF_TO_PTR(getDS(), getSI()),
sizeof(HandleEntry->Name));
setAH(EMS_STATUS_SUCCESS);
}
else
{
DPRINT1("Invalid subfunction %02X for EMS function AH = 53h\n", getAL());
setAH(EMS_STATUS_INVALID_SUBFUNCTION);
}
break;
}
/* Handle Directory functions */
case 0x54:
{
if (getAL() == 0x00)
{
/* Get Handle Directory */
PEMS_HANDLE_DIR_ENTRY HandleDir = (PEMS_HANDLE_DIR_ENTRY)SEG_OFF_TO_PTR(getES(), getDI());
USHORT NumOpenHandles = 0;
USHORT i;
for (i = 0; i < ARRAYSIZE(HandleTable); i++)
{
if (HandleTable[i].Allocated)
{
HandleDir->Handle = i;
RtlCopyMemory(HandleDir->Name,
HandleTable[i].Name,
sizeof(HandleDir->Name));
++HandleDir;
++NumOpenHandles;
}
}
setAH(EMS_STATUS_SUCCESS);
setAL((UCHAR)NumOpenHandles);
}
else if (getAL() == 0x01)
{
/* Search for Named Handle */
PUCHAR HandleName = (PUCHAR)SEG_OFF_TO_PTR(getDS(), getSI());
PEMS_HANDLE HandleFound = NULL;
USHORT i;
for (i = 0; i < ARRAYSIZE(HandleTable); i++)
{
if (HandleTable[i].Allocated &&
RtlCompareMemory(HandleName,
HandleTable[i].Name,
sizeof(HandleTable[i].Name)) == sizeof(HandleTable[i].Name))
{
HandleFound = &HandleTable[i];
break;
}
}
/* Bail out if no handle was found */
if (i >= ARRAYSIZE(HandleTable)) // HandleFound == NULL
{
setAH(EMS_STATUS_HANDLE_NOT_FOUND);
break;
}
/* Return the handle number */
setDX(i);
/* Sanity check: Check whether the handle was unnamed */
i = 0;
while ((i < sizeof(HandleFound->Name)) && (HandleFound->Name[i] == '\0'))
++i;
if (i >= sizeof(HandleFound->Name))
{
setAH(EMS_STATUS_UNNAMED_HANDLE);
}
else
{
setAH(EMS_STATUS_SUCCESS);
}
}
else if (getAL() == 0x02)
{
/*
* Get Total Number of Handles
*
* This function retrieves the maximum number of handles
* (allocated or not) the memory manager supports, which
* a program may request.
*/
setAH(EMS_STATUS_SUCCESS);
setBX(ARRAYSIZE(HandleTable));
}
else
{
DPRINT1("Invalid subfunction %02X for EMS function AH = 54h\n", getAL());
setAH(EMS_STATUS_INVALID_SUBFUNCTION);
}
break;
}
/* Move/Exchange Memory */
case 0x57:
{
PUCHAR SourcePtr, DestPtr;
PEMS_HANDLE HandleEntry;
PEMS_PAGE PageEntry;
BOOLEAN Exchange = getAL();
PEMS_COPY_DATA Data = (PEMS_COPY_DATA)SEG_OFF_TO_PTR(getDS(), getSI());
if (Data->SourceType)
{
/* Expanded memory */
HandleEntry = GetHandleRecord(Data->SourceHandle);
if (!ValidateHandle(HandleEntry))
{
setAH(EMS_STATUS_INVALID_HANDLE);
break;
}
PageEntry = GetLogicalPage(HandleEntry, Data->SourceSegment);
if (!PageEntry)
{
setAH(EMS_STATUS_INV_LOGICAL_PAGE);
break;
}
SourcePtr = (PUCHAR)((ULONG_PTR)EmsMemory
+ ARRAY_INDEX(PageEntry, PageTable) * EMS_PAGE_SIZE
+ Data->SourceOffset);
}
else
{
/* Conventional memory */
SourcePtr = (PUCHAR)SEG_OFF_TO_PTR(Data->SourceSegment, Data->SourceOffset);
}
if (Data->DestType)
{
/* Expanded memory */
HandleEntry = GetHandleRecord(Data->DestHandle);
if (!ValidateHandle(HandleEntry))
{
setAH(EMS_STATUS_INVALID_HANDLE);
break;
}
PageEntry = GetLogicalPage(HandleEntry, Data->DestSegment);
if (!PageEntry)
{
setAH(EMS_STATUS_INV_LOGICAL_PAGE);
break;
}
DestPtr = (PUCHAR)((ULONG_PTR)EmsMemory
+ ARRAY_INDEX(PageEntry, PageTable) * EMS_PAGE_SIZE
+ Data->DestOffset);
}
else
{
/* Conventional memory */
DestPtr = (PUCHAR)SEG_OFF_TO_PTR(Data->DestSegment, Data->DestOffset);
}
if (Exchange)
{
ULONG i;
/* Exchange */
for (i = 0; i < Data->RegionLength; i++)
{
UCHAR Temp = DestPtr[i];
DestPtr[i] = SourcePtr[i];
SourcePtr[i] = Temp;
}
}
else
{
/* Move */
RtlMoveMemory(DestPtr, SourcePtr, Data->RegionLength);
}
setAH(EMS_STATUS_SUCCESS);
break;
}
/* Get Mappable Physical Address Array */
case 0x58:
{
if (getAL() == 0x00)
{
PEMS_MAPPABLE_PHYS_PAGE PageArray = (PEMS_MAPPABLE_PHYS_PAGE)SEG_OFF_TO_PTR(getES(), getDI());
ULONG i;
for (i = 0; i < EMS_PHYSICAL_PAGES; i++)
{
PageArray->PageSegment = EMS_SEGMENT + i * (EMS_PAGE_SIZE >> 4);
PageArray->PageNumber = i;
++PageArray;
}
setAH(EMS_STATUS_SUCCESS);
setCX(EMS_PHYSICAL_PAGES);
}
else if (getAL() == 0x01)
{
setAH(EMS_STATUS_SUCCESS);
setCX(EMS_PHYSICAL_PAGES);
}
else
{
DPRINT1("Invalid subfunction %02X for EMS function AH = 58h\n", getAL());
setAH(EMS_STATUS_INVALID_SUBFUNCTION);
}
break;
}