//-----------------------------------------------------------------------------
//
// Function: HalContextUpdateDirtyRegister
//
// update context save mask to indicate registers need to be saved before
// off
//
void
HalContextUpdateDirtyRegister(
UINT32 ffRegister
)
{
#if 1
#if (_WINCEOSVER<600)
BOOL bOldMode = SetKMode(TRUE);
#endif
static UINT32 *pKernelContextSaveMask = NULL;
if (pKernelContextSaveMask == NULL)
{
KernelIoControl(IOCTL_HAL_CONTEXTSAVE_GETBUFFER,
NULL,
0,
&pKernelContextSaveMask,
sizeof(UINT**),
0
);
}
*pKernelContextSaveMask |= ffRegister;
#if (_WINCEOSVER<600)
SetKMode(bOldMode);
#endif
#else
UNREFERENCED_PARAMETER(ffRegister);
#endif
}
void
SH4dev::dump(u_int8_t bit)
{
int kmode;
super::dump(bit);
kmode = SetKMode(1);
if (bit & DUMP_DEV) {
// INTC
icu_dump();
}
if (bit & DUMP_COMPANION) {
// HD64465
hd64465_dump();
}
if (bit & DUMP_VIDEO) {
// MQ100
mq100_dump();
}
SetKMode(kmode);
}
int _tmain(int argc, _TCHAR* argv[])
{
BOOL bMode = SetKMode(TRUE);
DWORD dwPerm = SetProcPermissions(0xFFFFFFFF);
DWORD microP1Version = 0xFFFFFFFF,
microP2Version = 0xFFFFFFFF,
engineerID = 0xFFFFFFFF,
projectID = 0xFFFFFFFF;
BYTE byHWBoaredVersion = 0xFF;
microP1Version = *(DWORD*)(0xBA081C2C);
microP2Version = *(DWORD*)(0xBA081C30);
byHWBoaredVersion = *(BYTE*)(0xBA081030);
engineerID = *(DWORD*)(0xBA081C88);
projectID = *(DWORD*)(0xBA081C8C);
SetKMode(bMode);
SetProcPermissions(dwPerm);
wchar_t str[500];
swprintf(str, L"microP1Version = %X\nmicroP2Version = %X\nboard = %X\nengineerID = %X\nprojectID = %X\n",
microP1Version, microP2Version, byHWBoaredVersion, engineerID, projectID);
MessageBox(NULL, str, L"HardwareRevision for SE X1", 0);
return 0;
}
void
SH3dev::dump(uint8_t bit)
{
int kmode;
super::dump(bit);
kmode = SetKMode(1);
if (bit & DUMP_DEV) {
// INTC
icu_dump();
// BSC
bsc_dump();
// TMU
tmu_dump();
// PFC , I/O port
pfc_dump();
}
if (bit & DUMP_COMPANION) {
// HD64461
platid_t platform;
platform.dw.dw0 = _menu->_pref.platid_hi;
platform.dw.dw1 = _menu->_pref.platid_lo;
hd64461_dump(platform);
}
SetKMode(kmode);
}
void
MemoryManager_SHMMU::CacheDump()
{
static const char *able[] = {"dis", "en" };
int write_through_p0_u0_p3;
int write_through_p1;
u_int32_t r;
int kmode;
DPRINTF_SETUP();
kmode = SetKMode(1);
switch (SHArchitecture::cpu_type()) {
default:
DPRINTF((TEXT("unknown architecture.\n")));
SetKMode(kmode);
return;
case 3:
r = _reg_read_4(SH3_CCR);
DPRINTF((TEXT("cache %Sabled"),
able[(r & SH3_CCR_CE ? 1 : 0)]));
if (r & SH3_CCR_RA)
DPRINTF((TEXT(" ram-mode")));
write_through_p0_u0_p3 = r & SH3_CCR_WT;
write_through_p1 = !(r & SH3_CCR_CB);
break;
case 4:
r = _reg_read_4(SH4_CCR);
DPRINTF((TEXT("I-cache %Sabled"),
able[(r & SH4_CCR_ICE) ? 1 : 0]));
if (r & SH4_CCR_IIX)
DPRINTF((TEXT(" index-mode ")));
DPRINTF((TEXT(" D-cache %Sabled"),
able[(r & SH4_CCR_OCE) ? 1 : 0]));
if (r & SH4_CCR_OIX)
DPRINTF((TEXT(" index-mode")));
if (r & SH4_CCR_ORA)
DPRINTF((TEXT(" ram-mode")));
write_through_p0_u0_p3 = r & SH4_CCR_WT;
write_through_p1 = !(r & SH4_CCR_CB);
break;
}
DPRINTF((TEXT(".")));
// Write-through/back
DPRINTF((TEXT(" P0, U0, P3 write-%S P1 write-%S\n"),
write_through_p0_u0_p3 ? "through" : "back",
write_through_p1 ? "through" : "back"));
SetKMode(kmode);
}
BOOL InstallHook()
{
static long s_lCount = 0;
if (InterlockedIncrement(&s_lCount) > 1)
{
// no need to install again
return TRUE;
}
BOOL bResult = TRUE;
if (m_hDestProcess == NULL)
{
int iAPISetId = SH_WMGR;
DWORD dwOldPermissions = 0;
SetKMode(TRUE);
dwOldPermissions = SetProcPermissions(-1);
__try
{
CINFO ** pSystemAPISets = (CINFO**)(UserKInfo[KINX_APISETS]);
m_hDestProcess = pSystemAPISets[iAPISetId]->m_pProcessServer->hProc;
CALLBACKINFO cbi;
ZeroMemory(&cbi, sizeof(CALLBACKINFO));
cbi.m_hDestinationProcessHandle = m_hDestProcess;
cbi.m_pFunction = (FARPROC)MapPtrToProcess(GetProcAddress(GetModuleHandle(L"COREDLL"), L"LoadLibraryW"), m_hDestProcess);
cbi.m_pFirstArgument = (LPVOID)MapPtrToProcess(L"\\Windows\\FingerSuiteDll.dll", GetCurrentProcess());
m_hDllInst = (HINSTANCE)PerformCallBack4(&cbi, 0,0,0); //returns the HINSTANCE from LoadLibraryW
Sleep(1000);
ZeroMemory(&cbi, sizeof(CALLBACKINFO));
cbi.m_hDestinationProcessHandle = m_hDestProcess;
cbi.m_pFunction = (FARPROC)MapPtrToProcess(GetProcAddress(m_hDllInst, L"StartHookOnServer"), m_hDestProcess);
cbi.m_pFirstArgument = NULL;
DWORD dw = PerformCallBack4(&cbi, 0,0,0); //returns 1 if correctly executed
Sleep(1000);
}
__except(FilterException(GetExceptionInformation()))
{
bResult = FALSE;
}
if(dwOldPermissions)
{
SetProcPermissions(dwOldPermissions);
}
SetKMode(FALSE);
}
//
// Get physical address from memory mapped TLB.
// SH3 version. SH4 can't do this method. because address/data array must be
// accessed from P2.
//
paddr_t
MemoryManager_SHMMU::searchPage(vaddr_t vaddr)
{
u_int32_t vpn, idx, s, dum, aae, dae, entry_idx, asid;
paddr_t paddr = ~0;
int way, kmode;
vpn = vaddr & SH3_PAGE_MASK;
// Windows CE uses VPN-only index-mode.
idx = vaddr & SH3_MMU_VPN_MASK;
kmode = SetKMode(1);
// Get current ASID
asid = _reg_read_4(SH3_PTEH) & SH3_PTEH_ASID_MASK;
// to avoid another TLB access, disable external interrupt.
s = suspendIntr();
do {
// load target address page to TLB
dum = _reg_read_4(vaddr);
_reg_write_4(vaddr, dum);
for (way = 0; way < SH3_MMU_WAY; way++) {
entry_idx = idx | (way << SH3_MMU_WAY_SHIFT);
// inquire MMU address array.
aae = _reg_read_4(SH3_MMUAA | entry_idx);
if (!(aae & SH3_MMU_D_VALID) ||
((aae & SH3_MMUAA_D_ASID_MASK) != asid) ||
(((aae | idx) & SH3_PAGE_MASK) != vpn))
continue;
// entry found.
// inquire MMU data array to get its physical address.
dae = _reg_read_4(SH3_MMUDA | entry_idx);
paddr = (dae & SH3_PAGE_MASK) | (vaddr & ~SH3_PAGE_MASK);
break;
}
} while (paddr == ~0);
resumeIntr(s);
SetKMode(kmode);
return paddr;
}
void
SA1100Architecture::jump(paddr_t info, paddr_t pvec)
{
kaddr_t sp;
vaddr_t v;
paddr_t p;
// stack for bootloader
_mem->getPage(v, p);
sp = ptokv(p) + _mem->getPageSize();
DPRINTF((TEXT("sp for bootloader = %08x + %08x = %08x\n"),
ptokv(p), _mem->getPageSize(), sp));
// writeback whole D-cache
WritebackDCache();
SetKMode(1);
FlatJump(info, pvec, sp, _loader_addr);
// NOTREACHED
}
BOOL
MemoryManager_ArmMMU::init(void)
{
u_int32_t reg;
_kmode = SetKMode(1);
// Check system mode
if ((GetCPSR() & 0x1f) != 0x1f) {
DPRINTF((TEXT("not System mode\n")));
return FALSE;
}
// Domain access control.(full access)
SetCop15Reg3(~0);
// Get Translation table base.
reg = GetCop15Reg2();
_table_base = reg & ARM_MMU_TABLEBASE_MASK;
DPRINTF((TEXT("page directory address=0x%08x->0x%08x(0x%08x)\n"),
_table_base, readPhysical4(_table_base), reg));
return TRUE;
}
int _tmain(int argc, _TCHAR* argv[])
{
BOOL bMode = SetKMode(TRUE);
DWORD dwPerm = SetProcPermissions(0xFFFFFFFF);
CINFO **SystemAPISets= (CINFO **)KData.aInfo[KINX_APISETS];
for(int i=0; i<NUM_SYSTEM_SETS; i++)
{
DEBUGMSG(1, (L"SystemAPISets[%d]:\n",i));
DEBUGMSG(1, (L"API set: %s\n", getApiName(i)));
if(SystemAPISets[i]==0)
{
DEBUGMSG(1, (L" NULL\n"));
continue;
}
DEBUGMSG(1, (L" acName: %S\n",SystemAPISets[i]->acName)); //use %S (capital S) as acName is char*
DEBUGMSG(1, (L" cMethods: %d\n",SystemAPISets[i]->cMethods));
DEBUGMSG(1, (L" handle type: %i\n",SystemAPISets[i]->type));
DEBUGMSG(1, (L" disp type: %s\n",getDispType(SystemAPISets[i]->disp)));
DEBUGMSG(1, (L"\n"));
}
DWORD Tmp= (FIRST_METHOD-FAULT_ADDR)/APICALL_SCALE;
DWORD ApiSet=(Tmp>>HANDLE_SHIFT)&HANDLE_MASK;
DWORD Method=Tmp&METHOD_MASK;
// validate
if(ApiSet>NUM_SYSTEM_SETS)
{
DEBUGMSG(1, (L"Invalid ApiSet\n"));
return 0;
}
if(SystemAPISets[ApiSet]==0)
{
DEBUGMSG(1, (L"Invalid ApiSet\n"));
return 0;
}
if(SystemAPISets[ApiSet]->cMethods<=Method)
{
DEBUGMSG(1, (L"Invalid method number\n"));
return 0;
}
// I support only filesystem and similar hooks that are processed inside filesys.exe
if(SystemAPISets[ApiSet]->pServer==0)
{
DEBUGMSG(1, (L"Calls with pServer==0 are not supported\n"));
return 0;
}
// get server process and inject DLL there
HANDLE Proc=SystemAPISets[ApiSet]->pServer->hProc;
void *Ptr=MapPtrToProcess(L"TestApiSetHookDll.dll",GetCurrentProcess());
CALLBACKINFO ci;
ci.hProc=Proc;
void *t=GetProcAddress(GetModuleHandle(L"coredll.dll"),L"LoadLibraryW");
ci.pfn=(FARPROC)MapPtrToProcess(t,Proc);
ci.pvArg0=Ptr;
PerformCallBack4(&ci);
Sleep(1000); // allow PerformCallBack4 to finish before exit. Better enum loaded DLLs or use events
// bug in VS2005b1 causes DllMain not to be called in DLLs
HMODULE Hm=LoadLibrary(L"TestApiSetHookDll.dll");
void *Fn=GetProcAddress(Hm,L"PerformHook");
if(Hm==0 || Fn==0)
{
DEBUGMSG(1, (L"Unable to load library\n"));
return 0;
}
ci.hProc=Proc;
ci.pfn=(FARPROC)MapPtrToProcess(Fn,Proc);
ci.pvArg0=Proc; // pass the hooked process ID as parameter to be sure that we are called from the context of hooked process
PerformCallBack4(&ci); // so we call function ourselves, fortunately DLLs are loaded at the same address in all processes
Sleep(3000);
DEBUGMSG(1, (L"exit\n"));
MessageBox(GetForegroundWindow(),L"CreateFileW hooked!",L"Done",0);
FreeLibrary(Hm);
return 0;
}
MemoryManager_ArmMMU::~MemoryManager_ArmMMU(void)
{
SetKMode(_kmode);
}
~get_permissions_t(void)
{
SetProcPermissions(dwPerm);
SetKMode(bMode);
}
get_permissions_t(void)
{
bMode = SetKMode(TRUE); // Switch to kernel mode
dwPerm = SetProcPermissions(0xFFFFFFFF); // Set access rights to the whole system
}
void
MemoryManager_SHMMU::MMUDump()
{
#define ON(x, c) ((x) & (c) ? '|' : '.')
u_int32_t r, e, a;
int i, kmode;
DPRINTF_SETUP();
kmode = SetKMode(1);
DPRINTF((TEXT("MMU:\n")));
switch (SHArchitecture::cpu_type()) {
default:
DPRINTF((TEXT("unknown architecture.\n")));
SetKMode(kmode);
return;
case 3:
r = _reg_read_4(SH3_MMUCR);
if (!(r & SH3_MMUCR_AT))
goto disabled;
// MMU configuration.
DPRINTF((TEXT("%s index-mode, %s virtual storage mode\n"),
r & SH3_MMUCR_IX
? TEXT("ASID + VPN") : TEXT("VPN only"),
r & SH3_MMUCR_SV ? TEXT("single") : TEXT("multiple")));
// Dump TLB.
DPRINTF((TEXT("---TLB---\n")));
DPRINTF((TEXT(" VPN ASID PFN VDCG PR SZ\n")));
for (i = 0; i < SH3_MMU_WAY; i++) {
DPRINTF((TEXT(" [way %d]\n"), i));
for (e = 0; e < SH3_MMU_ENTRY; e++) {
// address/data array common offset.
a = (e << SH3_MMU_VPN_SHIFT) |
(i << SH3_MMU_WAY_SHIFT);
r = _reg_read_4(SH3_MMUAA | a);
DPRINTF((TEXT("0x%08x %3d"),
r & SH3_MMUAA_D_VPN_MASK,
r & SH3_MMUAA_D_ASID_MASK));
r = _reg_read_4(SH3_MMUDA | a);
DPRINTF((TEXT(" 0x%08x %c%c%c%c %d %dK\n"),
r & SH3_MMUDA_D_PPN_MASK,
ON(r, SH3_MMUDA_D_V),
ON(r, SH3_MMUDA_D_D),
ON(r, SH3_MMUDA_D_C),
ON(r, SH3_MMUDA_D_SH),
(r & SH3_MMUDA_D_PR_MASK) >>
SH3_MMUDA_D_PR_SHIFT,
r & SH3_MMUDA_D_SZ ? 4 : 1));
}
}
break;
case 4:
r = _reg_read_4(SH4_MMUCR);
if (!(r & SH4_MMUCR_AT))
goto disabled;
DPRINTF((TEXT("%s virtual storage mode,"),
r & SH3_MMUCR_SV ? TEXT("single") : TEXT("multiple")));
DPRINTF((TEXT(" SQ access: (priviledge%S)"),
r & SH4_MMUCR_SQMD ? "" : "/user"));
DPRINTF((TEXT("\n")));
#if sample_code
//
// Memory mapped TLB accessing program must run on P2.
// This is sample code.
//
// Dump ITLB
DPRINTF((TEXT("---ITLB---\n")));
for (i = 0; i < 4; i++) {
e = i << SH4_ITLB_E_SHIFT;
r = _reg_read_4(SH4_ITLB_AA | e);
DPRINTF((TEXT("%08x %3d _%c"),
r & SH4_ITLB_AA_VPN_MASK,
r & SH4_ITLB_AA_ASID_MASK,
ON(r, SH4_ITLB_AA_V)));
r = _reg_read_4(SH4_ITLB_DA1 | e);
DPRINTF((TEXT(" %08x %c%c_%c_ %1d"),
r & SH4_ITLB_DA1_PPN_MASK,
ON(r, SH4_ITLB_DA1_V),
ON(r, SH4_ITLB_DA1_C),
ON(r, SH4_ITLB_DA1_SH),
(r & SH4_ITLB_DA1_PR) >> SH4_UTLB_DA1_PR_SHIFT
));
r = _reg_read_4(SH4_ITLB_DA2 | e);
DPRINTF((TEXT(" %c%d\n"),
ON(r, SH4_ITLB_DA2_TC),
r & SH4_ITLB_DA2_SA_MASK));
}
// Dump UTLB
DPRINTF((TEXT("---UTLB---\n")));
for (i = 0; i < 64; i++) {
e = i << SH4_UTLB_E_SHIFT;
r = _reg_read_4(SH4_UTLB_AA | e);
DPRINTF((TEXT("%08x %3d %c%c"),
r & SH4_UTLB_AA_VPN_MASK,
ON(r, SH4_UTLB_AA_D),
ON(r, SH4_UTLB_AA_V),
r & SH4_UTLB_AA_ASID_MASK));
r = _reg_read_4(SH4_UTLB_DA1 | e);
DPRINTF((TEXT(" %08x %c%c%c%c%c %1d"),
r & SH4_UTLB_DA1_PPN_MASK,
ON(r, SH4_UTLB_DA1_V),
ON(r, SH4_UTLB_DA1_C),
ON(r, SH4_UTLB_DA1_D),
ON(r, SH4_UTLB_DA1_SH),
ON(r, SH4_UTLB_DA1_WT),
(r & SH4_UTLB_DA1_PR_MASK) >> SH4_UTLB_DA1_PR_SHIFT
));
r = _reg_read_4(SH4_UTLB_DA2 | e);
DPRINTF((TEXT(" %c%d\n"),
ON(r, SH4_UTLB_DA2_TC),
r & SH4_UTLB_DA2_SA_MASK));
}
#endif //sample_code
break;
}
SetKMode(kmode);
return;
disabled:
DPRINTF((TEXT("disabled.\n")));
SetKMode(kmode);
#undef ON
}
