//----------------------------------------------------------------------------- // // Function: HalContextUpdateDirtyRegister // // update context save mask to indicate registers need to be saved before // off // void HalContextUpdateDirtyRegister( UINT32 ffRegister ) { #if 1 #if (_WINCEOSVER<600) BOOL bOldMode = SetKMode(TRUE); #endif static UINT32 *pKernelContextSaveMask = NULL; if (pKernelContextSaveMask == NULL) { KernelIoControl(IOCTL_HAL_CONTEXTSAVE_GETBUFFER, NULL, 0, &pKernelContextSaveMask, sizeof(UINT**), 0 ); } *pKernelContextSaveMask |= ffRegister; #if (_WINCEOSVER<600) SetKMode(bOldMode); #endif #else UNREFERENCED_PARAMETER(ffRegister); #endif }
void SH4dev::dump(u_int8_t bit) { int kmode; super::dump(bit); kmode = SetKMode(1); if (bit & DUMP_DEV) { // INTC icu_dump(); } if (bit & DUMP_COMPANION) { // HD64465 hd64465_dump(); } if (bit & DUMP_VIDEO) { // MQ100 mq100_dump(); } SetKMode(kmode); }
int _tmain(int argc, _TCHAR* argv[]) { BOOL bMode = SetKMode(TRUE); DWORD dwPerm = SetProcPermissions(0xFFFFFFFF); DWORD microP1Version = 0xFFFFFFFF, microP2Version = 0xFFFFFFFF, engineerID = 0xFFFFFFFF, projectID = 0xFFFFFFFF; BYTE byHWBoaredVersion = 0xFF; microP1Version = *(DWORD*)(0xBA081C2C); microP2Version = *(DWORD*)(0xBA081C30); byHWBoaredVersion = *(BYTE*)(0xBA081030); engineerID = *(DWORD*)(0xBA081C88); projectID = *(DWORD*)(0xBA081C8C); SetKMode(bMode); SetProcPermissions(dwPerm); wchar_t str[500]; swprintf(str, L"microP1Version = %X\nmicroP2Version = %X\nboard = %X\nengineerID = %X\nprojectID = %X\n", microP1Version, microP2Version, byHWBoaredVersion, engineerID, projectID); MessageBox(NULL, str, L"HardwareRevision for SE X1", 0); return 0; }
void SH3dev::dump(uint8_t bit) { int kmode; super::dump(bit); kmode = SetKMode(1); if (bit & DUMP_DEV) { // INTC icu_dump(); // BSC bsc_dump(); // TMU tmu_dump(); // PFC , I/O port pfc_dump(); } if (bit & DUMP_COMPANION) { // HD64461 platid_t platform; platform.dw.dw0 = _menu->_pref.platid_hi; platform.dw.dw1 = _menu->_pref.platid_lo; hd64461_dump(platform); } SetKMode(kmode); }
void MemoryManager_SHMMU::CacheDump() { static const char *able[] = {"dis", "en" }; int write_through_p0_u0_p3; int write_through_p1; u_int32_t r; int kmode; DPRINTF_SETUP(); kmode = SetKMode(1); switch (SHArchitecture::cpu_type()) { default: DPRINTF((TEXT("unknown architecture.\n"))); SetKMode(kmode); return; case 3: r = _reg_read_4(SH3_CCR); DPRINTF((TEXT("cache %Sabled"), able[(r & SH3_CCR_CE ? 1 : 0)])); if (r & SH3_CCR_RA) DPRINTF((TEXT(" ram-mode"))); write_through_p0_u0_p3 = r & SH3_CCR_WT; write_through_p1 = !(r & SH3_CCR_CB); break; case 4: r = _reg_read_4(SH4_CCR); DPRINTF((TEXT("I-cache %Sabled"), able[(r & SH4_CCR_ICE) ? 1 : 0])); if (r & SH4_CCR_IIX) DPRINTF((TEXT(" index-mode "))); DPRINTF((TEXT(" D-cache %Sabled"), able[(r & SH4_CCR_OCE) ? 1 : 0])); if (r & SH4_CCR_OIX) DPRINTF((TEXT(" index-mode"))); if (r & SH4_CCR_ORA) DPRINTF((TEXT(" ram-mode"))); write_through_p0_u0_p3 = r & SH4_CCR_WT; write_through_p1 = !(r & SH4_CCR_CB); break; } DPRINTF((TEXT("."))); // Write-through/back DPRINTF((TEXT(" P0, U0, P3 write-%S P1 write-%S\n"), write_through_p0_u0_p3 ? "through" : "back", write_through_p1 ? "through" : "back")); SetKMode(kmode); }
BOOL InstallHook() { static long s_lCount = 0; if (InterlockedIncrement(&s_lCount) > 1) { // no need to install again return TRUE; } BOOL bResult = TRUE; if (m_hDestProcess == NULL) { int iAPISetId = SH_WMGR; DWORD dwOldPermissions = 0; SetKMode(TRUE); dwOldPermissions = SetProcPermissions(-1); __try { CINFO ** pSystemAPISets = (CINFO**)(UserKInfo[KINX_APISETS]); m_hDestProcess = pSystemAPISets[iAPISetId]->m_pProcessServer->hProc; CALLBACKINFO cbi; ZeroMemory(&cbi, sizeof(CALLBACKINFO)); cbi.m_hDestinationProcessHandle = m_hDestProcess; cbi.m_pFunction = (FARPROC)MapPtrToProcess(GetProcAddress(GetModuleHandle(L"COREDLL"), L"LoadLibraryW"), m_hDestProcess); cbi.m_pFirstArgument = (LPVOID)MapPtrToProcess(L"\\Windows\\FingerSuiteDll.dll", GetCurrentProcess()); m_hDllInst = (HINSTANCE)PerformCallBack4(&cbi, 0,0,0); //returns the HINSTANCE from LoadLibraryW Sleep(1000); ZeroMemory(&cbi, sizeof(CALLBACKINFO)); cbi.m_hDestinationProcessHandle = m_hDestProcess; cbi.m_pFunction = (FARPROC)MapPtrToProcess(GetProcAddress(m_hDllInst, L"StartHookOnServer"), m_hDestProcess); cbi.m_pFirstArgument = NULL; DWORD dw = PerformCallBack4(&cbi, 0,0,0); //returns 1 if correctly executed Sleep(1000); } __except(FilterException(GetExceptionInformation())) { bResult = FALSE; } if(dwOldPermissions) { SetProcPermissions(dwOldPermissions); } SetKMode(FALSE); }
// // Get physical address from memory mapped TLB. // SH3 version. SH4 can't do this method. because address/data array must be // accessed from P2. // paddr_t MemoryManager_SHMMU::searchPage(vaddr_t vaddr) { u_int32_t vpn, idx, s, dum, aae, dae, entry_idx, asid; paddr_t paddr = ~0; int way, kmode; vpn = vaddr & SH3_PAGE_MASK; // Windows CE uses VPN-only index-mode. idx = vaddr & SH3_MMU_VPN_MASK; kmode = SetKMode(1); // Get current ASID asid = _reg_read_4(SH3_PTEH) & SH3_PTEH_ASID_MASK; // to avoid another TLB access, disable external interrupt. s = suspendIntr(); do { // load target address page to TLB dum = _reg_read_4(vaddr); _reg_write_4(vaddr, dum); for (way = 0; way < SH3_MMU_WAY; way++) { entry_idx = idx | (way << SH3_MMU_WAY_SHIFT); // inquire MMU address array. aae = _reg_read_4(SH3_MMUAA | entry_idx); if (!(aae & SH3_MMU_D_VALID) || ((aae & SH3_MMUAA_D_ASID_MASK) != asid) || (((aae | idx) & SH3_PAGE_MASK) != vpn)) continue; // entry found. // inquire MMU data array to get its physical address. dae = _reg_read_4(SH3_MMUDA | entry_idx); paddr = (dae & SH3_PAGE_MASK) | (vaddr & ~SH3_PAGE_MASK); break; } } while (paddr == ~0); resumeIntr(s); SetKMode(kmode); return paddr; }
void SA1100Architecture::jump(paddr_t info, paddr_t pvec) { kaddr_t sp; vaddr_t v; paddr_t p; // stack for bootloader _mem->getPage(v, p); sp = ptokv(p) + _mem->getPageSize(); DPRINTF((TEXT("sp for bootloader = %08x + %08x = %08x\n"), ptokv(p), _mem->getPageSize(), sp)); // writeback whole D-cache WritebackDCache(); SetKMode(1); FlatJump(info, pvec, sp, _loader_addr); // NOTREACHED }
BOOL MemoryManager_ArmMMU::init(void) { u_int32_t reg; _kmode = SetKMode(1); // Check system mode if ((GetCPSR() & 0x1f) != 0x1f) { DPRINTF((TEXT("not System mode\n"))); return FALSE; } // Domain access control.(full access) SetCop15Reg3(~0); // Get Translation table base. reg = GetCop15Reg2(); _table_base = reg & ARM_MMU_TABLEBASE_MASK; DPRINTF((TEXT("page directory address=0x%08x->0x%08x(0x%08x)\n"), _table_base, readPhysical4(_table_base), reg)); return TRUE; }
int _tmain(int argc, _TCHAR* argv[]) { BOOL bMode = SetKMode(TRUE); DWORD dwPerm = SetProcPermissions(0xFFFFFFFF); CINFO **SystemAPISets= (CINFO **)KData.aInfo[KINX_APISETS]; for(int i=0; i<NUM_SYSTEM_SETS; i++) { DEBUGMSG(1, (L"SystemAPISets[%d]:\n",i)); DEBUGMSG(1, (L"API set: %s\n", getApiName(i))); if(SystemAPISets[i]==0) { DEBUGMSG(1, (L" NULL\n")); continue; } DEBUGMSG(1, (L" acName: %S\n",SystemAPISets[i]->acName)); //use %S (capital S) as acName is char* DEBUGMSG(1, (L" cMethods: %d\n",SystemAPISets[i]->cMethods)); DEBUGMSG(1, (L" handle type: %i\n",SystemAPISets[i]->type)); DEBUGMSG(1, (L" disp type: %s\n",getDispType(SystemAPISets[i]->disp))); DEBUGMSG(1, (L"\n")); } DWORD Tmp= (FIRST_METHOD-FAULT_ADDR)/APICALL_SCALE; DWORD ApiSet=(Tmp>>HANDLE_SHIFT)&HANDLE_MASK; DWORD Method=Tmp&METHOD_MASK; // validate if(ApiSet>NUM_SYSTEM_SETS) { DEBUGMSG(1, (L"Invalid ApiSet\n")); return 0; } if(SystemAPISets[ApiSet]==0) { DEBUGMSG(1, (L"Invalid ApiSet\n")); return 0; } if(SystemAPISets[ApiSet]->cMethods<=Method) { DEBUGMSG(1, (L"Invalid method number\n")); return 0; } // I support only filesystem and similar hooks that are processed inside filesys.exe if(SystemAPISets[ApiSet]->pServer==0) { DEBUGMSG(1, (L"Calls with pServer==0 are not supported\n")); return 0; } // get server process and inject DLL there HANDLE Proc=SystemAPISets[ApiSet]->pServer->hProc; void *Ptr=MapPtrToProcess(L"TestApiSetHookDll.dll",GetCurrentProcess()); CALLBACKINFO ci; ci.hProc=Proc; void *t=GetProcAddress(GetModuleHandle(L"coredll.dll"),L"LoadLibraryW"); ci.pfn=(FARPROC)MapPtrToProcess(t,Proc); ci.pvArg0=Ptr; PerformCallBack4(&ci); Sleep(1000); // allow PerformCallBack4 to finish before exit. Better enum loaded DLLs or use events // bug in VS2005b1 causes DllMain not to be called in DLLs HMODULE Hm=LoadLibrary(L"TestApiSetHookDll.dll"); void *Fn=GetProcAddress(Hm,L"PerformHook"); if(Hm==0 || Fn==0) { DEBUGMSG(1, (L"Unable to load library\n")); return 0; } ci.hProc=Proc; ci.pfn=(FARPROC)MapPtrToProcess(Fn,Proc); ci.pvArg0=Proc; // pass the hooked process ID as parameter to be sure that we are called from the context of hooked process PerformCallBack4(&ci); // so we call function ourselves, fortunately DLLs are loaded at the same address in all processes Sleep(3000); DEBUGMSG(1, (L"exit\n")); MessageBox(GetForegroundWindow(),L"CreateFileW hooked!",L"Done",0); FreeLibrary(Hm); return 0; }
MemoryManager_ArmMMU::~MemoryManager_ArmMMU(void) { SetKMode(_kmode); }
~get_permissions_t(void) { SetProcPermissions(dwPerm); SetKMode(bMode); }
get_permissions_t(void) { bMode = SetKMode(TRUE); // Switch to kernel mode dwPerm = SetProcPermissions(0xFFFFFFFF); // Set access rights to the whole system }
void MemoryManager_SHMMU::MMUDump() { #define ON(x, c) ((x) & (c) ? '|' : '.') u_int32_t r, e, a; int i, kmode; DPRINTF_SETUP(); kmode = SetKMode(1); DPRINTF((TEXT("MMU:\n"))); switch (SHArchitecture::cpu_type()) { default: DPRINTF((TEXT("unknown architecture.\n"))); SetKMode(kmode); return; case 3: r = _reg_read_4(SH3_MMUCR); if (!(r & SH3_MMUCR_AT)) goto disabled; // MMU configuration. DPRINTF((TEXT("%s index-mode, %s virtual storage mode\n"), r & SH3_MMUCR_IX ? TEXT("ASID + VPN") : TEXT("VPN only"), r & SH3_MMUCR_SV ? TEXT("single") : TEXT("multiple"))); // Dump TLB. DPRINTF((TEXT("---TLB---\n"))); DPRINTF((TEXT(" VPN ASID PFN VDCG PR SZ\n"))); for (i = 0; i < SH3_MMU_WAY; i++) { DPRINTF((TEXT(" [way %d]\n"), i)); for (e = 0; e < SH3_MMU_ENTRY; e++) { // address/data array common offset. a = (e << SH3_MMU_VPN_SHIFT) | (i << SH3_MMU_WAY_SHIFT); r = _reg_read_4(SH3_MMUAA | a); DPRINTF((TEXT("0x%08x %3d"), r & SH3_MMUAA_D_VPN_MASK, r & SH3_MMUAA_D_ASID_MASK)); r = _reg_read_4(SH3_MMUDA | a); DPRINTF((TEXT(" 0x%08x %c%c%c%c %d %dK\n"), r & SH3_MMUDA_D_PPN_MASK, ON(r, SH3_MMUDA_D_V), ON(r, SH3_MMUDA_D_D), ON(r, SH3_MMUDA_D_C), ON(r, SH3_MMUDA_D_SH), (r & SH3_MMUDA_D_PR_MASK) >> SH3_MMUDA_D_PR_SHIFT, r & SH3_MMUDA_D_SZ ? 4 : 1)); } } break; case 4: r = _reg_read_4(SH4_MMUCR); if (!(r & SH4_MMUCR_AT)) goto disabled; DPRINTF((TEXT("%s virtual storage mode,"), r & SH3_MMUCR_SV ? TEXT("single") : TEXT("multiple"))); DPRINTF((TEXT(" SQ access: (priviledge%S)"), r & SH4_MMUCR_SQMD ? "" : "/user")); DPRINTF((TEXT("\n"))); #if sample_code // // Memory mapped TLB accessing program must run on P2. // This is sample code. // // Dump ITLB DPRINTF((TEXT("---ITLB---\n"))); for (i = 0; i < 4; i++) { e = i << SH4_ITLB_E_SHIFT; r = _reg_read_4(SH4_ITLB_AA | e); DPRINTF((TEXT("%08x %3d _%c"), r & SH4_ITLB_AA_VPN_MASK, r & SH4_ITLB_AA_ASID_MASK, ON(r, SH4_ITLB_AA_V))); r = _reg_read_4(SH4_ITLB_DA1 | e); DPRINTF((TEXT(" %08x %c%c_%c_ %1d"), r & SH4_ITLB_DA1_PPN_MASK, ON(r, SH4_ITLB_DA1_V), ON(r, SH4_ITLB_DA1_C), ON(r, SH4_ITLB_DA1_SH), (r & SH4_ITLB_DA1_PR) >> SH4_UTLB_DA1_PR_SHIFT )); r = _reg_read_4(SH4_ITLB_DA2 | e); DPRINTF((TEXT(" %c%d\n"), ON(r, SH4_ITLB_DA2_TC), r & SH4_ITLB_DA2_SA_MASK)); } // Dump UTLB DPRINTF((TEXT("---UTLB---\n"))); for (i = 0; i < 64; i++) { e = i << SH4_UTLB_E_SHIFT; r = _reg_read_4(SH4_UTLB_AA | e); DPRINTF((TEXT("%08x %3d %c%c"), r & SH4_UTLB_AA_VPN_MASK, ON(r, SH4_UTLB_AA_D), ON(r, SH4_UTLB_AA_V), r & SH4_UTLB_AA_ASID_MASK)); r = _reg_read_4(SH4_UTLB_DA1 | e); DPRINTF((TEXT(" %08x %c%c%c%c%c %1d"), r & SH4_UTLB_DA1_PPN_MASK, ON(r, SH4_UTLB_DA1_V), ON(r, SH4_UTLB_DA1_C), ON(r, SH4_UTLB_DA1_D), ON(r, SH4_UTLB_DA1_SH), ON(r, SH4_UTLB_DA1_WT), (r & SH4_UTLB_DA1_PR_MASK) >> SH4_UTLB_DA1_PR_SHIFT )); r = _reg_read_4(SH4_UTLB_DA2 | e); DPRINTF((TEXT(" %c%d\n"), ON(r, SH4_UTLB_DA2_TC), r & SH4_UTLB_DA2_SA_MASK)); } #endif //sample_code break; } SetKMode(kmode); return; disabled: DPRINTF((TEXT("disabled.\n"))); SetKMode(kmode); #undef ON }