bool DllLoader::Load()
{
if (!Parse())
{
CLog::Log(LOGERROR, "Unable to open dll %s", GetFileName());
return false;
}
ResolveImports();
LoadSymbols();
// only execute DllMain if no EntryPoint is found
if (!EntryAddress)
ResolveExport("DllMain", (void**)&EntryAddress);
#ifdef LOGALL
CLog::Log(LOGDEBUG, "Executing EntryPoint with DLL_PROCESS_ATTACH at: 0x%x - Dll: %s", pLoader->EntryAddress, sName);
#endif
if(EntryAddress)
{
EntryFunc initdll = (EntryFunc)EntryAddress;
/* since we are handing execution over to unknown code, safeguard here */
try
{
#ifdef TARGET_POSIX
extend_stack_for_dll_alloca();
#endif
initdll((HINSTANCE)hModule, DLL_PROCESS_ATTACH , 0); //call "DllMain" with DLL_PROCESS_ATTACH
#ifdef LOGALL
CLog::Log(LOGDEBUG, "EntryPoint with DLL_PROCESS_ATTACH called - Dll: %s", sName);
#endif
}
XBMCCOMMONS_HANDLE_UNCHECKED
catch(...)
{
CLog::Log(LOGERROR, "%s - Unhandled exception during DLL_PROCESS_ATTACH", __FUNCTION__);
// vp7vfw.dll throws a CUserException due to a missing export
// but the export isn't really needed for normal operation
// and dll works anyway, so let's ignore it
if(stricmp(GetName(), "vp7vfw.dll") != 0)
return false;
CLog::Log(LOGDEBUG, "%s - Ignoring exception during DLL_PROCESS_ATTACH", __FUNCTION__);
}
// init function may have fixed up the export table
// this is what I expect should happens on PECompact2
// dll's if export table is compressed.
if(!m_pExportHead)
LoadExports();
}
return true;
}
void RSOView::LoadAll(u32 address)
{
LoadHeader(address);
LoadSections();
LoadImports();
LoadExports();
LoadInternals();
LoadExternals();
}
int DllLoader::Parse()
{
int iResult = 0;
std::string strFileName= GetFileName();
FILE* fp = fopen_utf8(CSpecialProtocol::TranslatePath(strFileName).c_str(), "rb");
if (fp)
{
if (CoffLoader::ParseCoff(fp))
{
if(WindowsHeader)
tracker_dll_set_addr(this, (uintptr_t)hModule,
(uintptr_t)hModule + WindowsHeader->SizeOfImage - 1);
else
{
uintptr_t iMinAddr = std::numeric_limits<uintptr_t>::max();
uintptr_t iMaxAddr = 0;
// dll is loaded now, this means we also know the base address of it and its size
for (int i = 0; i < NumOfSections; ++i)
{
iMinAddr = std::min<uintptr_t>(iMinAddr,
(uintptr_t)SectionHeader[i].VirtualAddress);
iMaxAddr = std::max<uintptr_t>(iMaxAddr,
(uintptr_t)(SectionHeader[i].VirtualAddress +
SectionHeader[i].VirtualSize));
}
if(iMaxAddr > iMinAddr)
{
iMinAddr += (uintptr_t)hModule;
iMaxAddr += (uintptr_t)hModule;
tracker_dll_set_addr(this, iMinAddr, iMaxAddr - 1);
}
}
LoadExports();
iResult = 1;
}
fclose(fp);
}
if (iResult == 0)
{
m_bTrack = false;
}
return iResult;
}
bool DllLoader::Load()
{
if (!Parse())
{
CLog::Log(LOGERROR, "Unable to open dll %s", GetFileName());
return false;
}
ResolveImports();
LoadSymbols();
// only execute DllMain if no EntryPoint is found
if (!EntryAddress)
ResolveExport("DllMain", (void**)&EntryAddress);
// patch some unwanted calls in memory
if (strstr(GetName(), "QuickTime.qts"))
{
int i;
uintptr_t dispatch_addr;
uintptr_t imagebase_addr;
uintptr_t dispatch_rva;
ResolveExport("theQuickTimeDispatcher", (void **)&dispatch_addr);
imagebase_addr = (uintptr_t)hModule;
CLog::Log(LOGDEBUG,
"Virtual Address of theQuickTimeDispatcher = %p",
(void *)dispatch_addr);
CLog::Log(LOGDEBUG, "ImageBase of %s = %p",
GetName(), (void *)imagebase_addr);
dispatch_rva = dispatch_addr - imagebase_addr;
CLog::Log(LOGDEBUG,
"Relative Virtual Address of theQuickTimeDispatcher = %p",
(void *)dispatch_rva);
uintptr_t base = imagebase_addr;
if (dispatch_rva == 0x124C30)
{
CLog::Log(LOGINFO, "QuickTime5 DLLs found\n");
for (i = 0;i < 5;i++) ((BYTE*)base + 0x19e842)[i] = 0x90; // make_new_region ?
for (i = 0;i < 28;i++) ((BYTE*)base + 0x19e86d)[i] = 0x90; // call__call_CreateCompatibleDC ?
for (i = 0;i < 5;i++) ((BYTE*)base + 0x19e898)[i] = 0x90; // jmp_to_call_loadbitmap ?
for (i = 0;i < 9;i++) ((BYTE*)base + 0x19e8ac)[i] = 0x90; // call__calls_OLE_shit ?
for (i = 0;i < 106;i++) ((BYTE*)base + 0x261B10)[i] = 0x90; // disable threads
}
else if (dispatch_rva == 0x13B330)
{
CLog::Log(LOGINFO, "QuickTime6 DLLs found\n");
for (i = 0;i < 5;i++) ((BYTE*)base + 0x2730CC)[i] = 0x90; // make_new_region
for (i = 0;i < 28;i++) ((BYTE*)base + 0x2730f7)[i] = 0x90; // call__call_CreateCompatibleDC
for (i = 0;i < 5;i++) ((BYTE*)base + 0x273122)[i] = 0x90; // jmp_to_call_loadbitmap
for (i = 0;i < 9;i++) ((BYTE*)base + 0x273131)[i] = 0x90; // call__calls_OLE_shit
for (i = 0;i < 96;i++) ((BYTE*)base + 0x2AC852)[i] = 0x90; // disable threads
}
else if (dispatch_rva == 0x13C3E0)
{
CLog::Log(LOGINFO, "QuickTime6.3 DLLs found\n");
for (i = 0;i < 5;i++) ((BYTE*)base + 0x268F6C)[i] = 0x90; // make_new_region
for (i = 0;i < 28;i++) ((BYTE*)base + 0x268F97)[i] = 0x90; // call__call_CreateCompatibleDC
for (i = 0;i < 5;i++) ((BYTE*)base + 0x268FC2)[i] = 0x90; // jmp_to_call_loadbitmap
for (i = 0;i < 9;i++) ((BYTE*)base + 0x268FD1)[i] = 0x90; // call__calls_OLE_shit
for (i = 0;i < 96;i++) ((BYTE*)base + 0x2B4722)[i] = 0x90; // disable threads
}
else
{
CLog::Log(LOGERROR, "Unsupported QuickTime version");
}
CLog::Log(LOGINFO, "QuickTime.qts patched!!!\n");
}
#ifdef LOGALL
CLog::Log(LOGDEBUG, "Executing EntryPoint with DLL_PROCESS_ATTACH at: 0x%x - Dll: %s", pLoader->EntryAddress, sName);
#endif
if(EntryAddress)
{
EntryFunc initdll = (EntryFunc)EntryAddress;
/* since we are handing execution over to unknown code, safeguard here */
try
{
#ifdef TARGET_POSIX
extend_stack_for_dll_alloca();
#endif
initdll((HINSTANCE)hModule, DLL_PROCESS_ATTACH , 0); //call "DllMain" with DLL_PROCESS_ATTACH
#ifdef LOGALL
CLog::Log(LOGDEBUG, "EntryPoint with DLL_PROCESS_ATTACH called - Dll: %s", sName);
#endif
}
XBMCCOMMONS_HANDLE_UNCHECKED
catch(...)
{
CLog::Log(LOGERROR, "%s - Unhandled exception during DLL_PROCESS_ATTACH", __FUNCTION__);
// vp7vfw.dll throws a CUserException due to a missing export
// but the export isn't really needed for normal operation
// and dll works anyway, so let's ignore it
if(stricmp(GetName(), "vp7vfw.dll") != 0)
return false;
CLog::Log(LOGDEBUG, "%s - Ignoring exception during DLL_PROCESS_ATTACH", __FUNCTION__);
}
// init function may have fixed up the export table
// this is what I expect should happens on PECompact2
// dll's if export table is compressed.
if(!m_pExportHead)
LoadExports();
}
return true;
}
//*************************************************************************
// InitPICE()
//
//*************************************************************************
BOOLEAN InitPICE(void)
{
ULONG ulHandleScancode=0,ulHandleKbdEvent=0;
ARGS Args;
KIRQL Dirql;
KAFFINITY Affinity;
ULONG ulAddr;
ENTER_FUNC();
DPRINT((0,"InitPICE(): trace step 0.5\n"));
KeyboardIRQL = HalGetInterruptVector(Internal,
0,
0,
KEYBOARD_IRQ,
&Dirql,
&Affinity);
DPRINT((0,"KeyboardIRQL: %x\n", KeyboardIRQL));
DPRINT((0,"InitPICE(): trace step 1\n"));
// enable monochrome passthrough on BX type chipset
EnablePassThrough();
DPRINT((0,"InitPICE(): trace step 2\n"));
// now load all symbol files described in /etc/pice.conf
if(!LoadSymbolsFromConfig(FALSE))
{
DPRINT((0,"InitPICE: LoadSymbolsFromConfig() failed\n"));
LEAVE_FUNC();
return FALSE;
}
DPRINT((0,"InitPICE(): trace step 3\n"));
// init the output console
// this might be one of the following depending setup
// a) monochrome card
// b) serial terminal (TODO)
if(!ConsoleInit())
{
DPRINT((0,"InitPICE: ConsoleInit() failed\n"));
UnloadSymbols();
LEAVE_FUNC();
return FALSE;
}
DPRINT((0,"InitPICE(): trace step 4\n"));
// print the initial screen template
PrintTemplate();
/*
DPRINT((0,"InitPICE(): trace step 5\n"));
// ask the user if he wants to abort the debugger load
if(!CheckLoadAbort())
{
Print(OUTPUT_WINDOW,"pICE: ABORT (abort by user)\n");
UnloadSymbols();
ConsoleShutdown();
LEAVE_FUNC();
return FALSE;
}
*/
DPRINT((0,"InitPICE(): trace step 6\n"));
// load the file /boot/System.map.
// !!! It must be consistent with the current kernel at all cost!!!
if(!LoadExports())
{
Print(OUTPUT_WINDOW,"pICE: failed to load exports\n");
Print(OUTPUT_WINDOW,"press any key to continue...\n");
while(!GetKeyPolled());
UnloadSymbols();
ConsoleShutdown();
LEAVE_FUNC();
return FALSE;
}
DPRINT((0,"InitPICE(): trace step 7\n"));
ScanExports("_KernelAddressSpace", &ulAddr);
my_init_mm = (PMADDRESS_SPACE) ulAddr;
DPRINT((0,"init_mm %x @ %x\n",&my_init_mm,my_init_mm));
if(!my_init_mm)
{
Print(OUTPUT_WINDOW,"pICE: ABORT (initial memory map not found)\n");
Print(OUTPUT_WINDOW,"pICE: press any key to continue...\n");
DbgPrint("pICE: ABORT (initial memory map not found)\n");
DbgPrint("pICE: press any key to continue...\n");
while(!GetKeyPolled());
UnloadSymbols();
ConsoleShutdown();
LEAVE_FUNC();
return FALSE;
}
DPRINT((0,"InitPICE(): trace step 7.1\n"));
ScanExports("_ModuleListHead",&ulAddr);
pModuleListHead = (LIST_ENTRY*)ulAddr;
DPRINT((0,"pModuleListHead @ %X\n",pModuleListHead));
if(!pModuleListHead)
{
Print(OUTPUT_WINDOW,"pICE: ABORT (pModuleListHead not found)\n");
Print(OUTPUT_WINDOW,"pICE: press any key to continue...\n");
while(!GetKeyPolled());
UnloadSymbols();
ConsoleShutdown();
LEAVE_FUNC();
return FALSE;
}
DPRINT((0,"InitPICE(): trace step 7.2\n"));
ScanExports("_PsProcessListHead",&ulAddr);
pPsProcessListHead = (LIST_ENTRY*)ulAddr;
DPRINT((0,"pPsProcessListHead @ %X\n",pPsProcessListHead));
if(!pPsProcessListHead)
{
Print(OUTPUT_WINDOW,"pICE: ABORT (PsProcessListHead not found)\n");
Print(OUTPUT_WINDOW,"pICE: press any key to continue...\n");
while(!GetKeyPolled());
UnloadSymbols();
ConsoleShutdown();
LEAVE_FUNC();
return FALSE;
}
DPRINT((0,"InitPICE(): trace step 8\n"));
// end of the kernel
/*
ScanExports("_end",(PULONG)&kernel_end);
if(!kernel_end)
{
Print(OUTPUT_WINDOW,"pICE: ABORT (kernel size is unknown)\n");
Print(OUTPUT_WINDOW,"pICE: press any key to continue...\n");
while(!GetKeyPolled());
UnloadExports();
UnloadSymbols();
ConsoleShutdown();
LEAVE_FUNC();
return FALSE;
}
*/
DPRINT((0,"InitPICE(): trace step 9\n"));
// the loaded module list
ScanExports("_NameSpaceRoot", &ulAddr);
pNameSpaceRoot = (PDIRECTORY_OBJECT *)ulAddr;
DPRINT((0,"pNameSpaceRoot @ %X\n",pNameSpaceRoot));
if(!pNameSpaceRoot)
{
Print(OUTPUT_WINDOW,"pICE: ABORT (couldn't retreive name space root)\n");
Print(OUTPUT_WINDOW,"pICE: press any key to continue...\n");
while(!GetKeyPolled());
UnloadExports();
UnloadSymbols();
ConsoleShutdown();
LEAVE_FUNC();
return FALSE;
}
DPRINT((0,"InitPICE(): trace step 10\n"));
// setup a linked list for use in module parsing routines.
if(!InitModuleList(&pdebug_module_head, 100))
{
Print(OUTPUT_WINDOW,"pICE: ABORT (couldn't initialize kernel module list)\n");
Print(OUTPUT_WINDOW,"pICE: press any key to continue...\n");
FreeModuleList( pdebug_module_head );
while(!GetKeyPolled());
UnloadExports();
UnloadSymbols();
ConsoleShutdown();
LEAVE_FUNC();
return FALSE;
}
pdebug_module_tail = pdebug_module_head;
DPRINT((0,"InitPICE(): trace step 11\n"));
// do a sanity check on exports
if(!SanityCheckExports())
{
Print(OUTPUT_WINDOW,"pICE: ABORT (exports are conflicting with kernel symbols)\n");
Print(OUTPUT_WINDOW,"pICE: press any key to continue...\n");
while(!GetKeyPolled());
UnloadExports();
UnloadSymbols();
ConsoleShutdown();
LEAVE_FUNC();
return FALSE;
}
DPRINT((0,"InitPICE(): trace step 12\n"));
DPRINT((0,"InitPICE(): trace step 13\n"));
// patch the keyboard driver
if(!PatchKeyboardDriver())
{
Print(OUTPUT_WINDOW,"pICE: ABORT (couldn't patch keyboard driver)\n");
Print(OUTPUT_WINDOW,"pICE: press any key to continue...\n");
while(!GetKeyPolled());
UnloadSymbols();
UnloadExports();
ConsoleShutdown();
LEAVE_FUNC();
return FALSE;
}
DPRINT((0,"InitPICE(): trace step 14\n"));
// partial init of shadow registers
CurrentCS = GLOBAL_CODE_SEGMENT;
CurrentEIP = (ULONG)RealIsr;
CurrentDS = CurrentSS = GLOBAL_DATA_SEGMENT;
__asm__("\n\t \
mov %%esp,%%eax\n\t \
mov %%eax,_CurrentESP\n\t \
":::"eax");
// display version and symbol information
Ver(NULL);
// disable HW breakpoints
__asm__("\n\t \
xorl %%eax,%%eax\n\t \
mov %%eax,%%dr6\n\t \
mov %%eax,%%dr7\n\t \
mov %%dr0,%%eax\n\t \
mov %%dr1,%%eax\n\t \
mov %%dr2,%%eax\n\t \
mov %%dr3,%%eax"
:::"eax"
);
DPRINT((0,"InitPICE(): trace step 15\n"));
TakeIdtSnapshot();
DPRINT((0,"InitPICE(): trace step 16\n"));
// install all hooks
InstallTraceHook();
InstallGlobalKeyboardHook();
InstallSyscallHook();
InstallInt3Hook();
InstallDblFltHook();
InstallGPFaultHook();
InstallIntEHook();
InstallPrintkHook();
DPRINT((0,"InitPICE(): trace step 16\n"));
if(ulDoInitialBreak)
{
DPRINT((0,"about to do initial break...\n"));
// simulate an initial break
__asm__("\n\t \
pushfl\n\t \
pushl %cs\n\t \
pushl $initialreturnpoint\n\t \
pushl $" STR(REASON_CTRLF) "\n\t \
jmp NewInt31Handler\n\t \
initialreturnpoint:");
}
else
{