ReactOS  0.4.15-dev-3308-g9455def
syscall.c
Go to the documentation of this file.
1 /*++
2 
3 Copyright (c) 1998-2001 Klaus P. Gerlicher
4 
5 Module Name:
6 
7  syscall.c
8 
9 Abstract:
10 
11 Environment:
12 
13  Kernel mode only
14 
15 Author:
16 
17  Klaus P. Gerlicher
18 
19 Revision History:
20 
21  12-Nov-1999: created
22  15-Nov-2000: general cleanup of source files
23 
24 Copyright notice:
25 
26  This file may be distributed under the terms of the GNU Public License.
27 
28 --*/
29 
31 // INCLUDES
33 #include "remods.h"
34 #include "precomp.h"
35 
36 char syscallTemp[1024];
37 
38 typedef struct _FRAME_SYSCALL
39 {
40  ULONG eip;
41  ULONG cs;
42  ULONG eflags;
43 }FRAME_SYSCALL;
44 
45 BOOLEAN bReportProcessEvents = TRUE;
46 
47 ULONG OldSyscallHandler=0;
48 
49 ULONG ulFreeModule=0;
50 
51 PDEBUG_MODULE pModJustFreed=NULL;
52 void (*old_cleanup_module)(void)=NULL;
53 
54 void other_module_cleanup_module(void)
55 {
56  DPRINT((0,"other_module_cleanup_module()\n"));
57 
58  if(old_cleanup_module)
59  {
60  DPRINT((0,"other_module_cleanup_module(): calling %x\n",(ULONG)old_cleanup_module));
61  old_cleanup_module();
62  }
63 
64  if(pModJustFreed)
65  {
66  DPRINT((0,"other_module_cleanup_module(): calling RevirtualizeBreakpointsForModule(%x)\n",(ULONG)pModJustFreed));
67  RevirtualizeBreakpointsForModule(pModJustFreed);
68  }
69 }
70 
71 void CSyscallHandler(FRAME_SYSCALL* ptr,ULONG ulSysCall,ULONG ebx)
72 {
73 // DPRINT((0,"CSyscallHandler(): %.4X:%.8X (syscall = %u)\n",ptr->cs,ptr->eip,ulSysCall));
74 /*
75  switch(ulSysCall)
76  {
77  case 1: // sys_exit
78  DPRINT((0,"CSysCallHandler(): 1\n"));
79  if(bReportProcessEvents)
80  {
81  PICE_sprintf(syscallTemp,"pICE: process destroyed \"%s\" PID=%.4X\n",current->comm,current->pid);
82  AddToRingBuffer(syscallTemp);
83  }
84  break;
85  case 11: // sys_execve
86  DPRINT((0,"CSysCallHandler(): 11\n"));
87  if(bReportProcessEvents)
88  {
89  if(PICE_strlen((char*)ebx))
90  PICE_sprintf(syscallTemp,"pICE: process created \"%s\" PID=%.4X (parent \"%s\")\n",(char *)ebx,current->pid,current->comm);
91  else
92  PICE_sprintf(syscallTemp,"pICE: process created PID=%.4X (parent \"%s\")\n",current->pid,current->comm);
93  AddToRingBuffer(syscallTemp);
94  }
95  break;
96  case 128: // sys_init_module
97  DPRINT((0,"CSysCallHandler(): 128\n"));
98  if(PICE_strlen((char *)ebx))
99  {
100  if(pmodule_list)
101  {
102  struct module* pMod = *pmodule_list;
103  do
104  {
105  if(PICE_strcmpi((char*)ebx,(LPSTR)pMod->name)==0)
106  {
107  ULONG ulInitAddress;
108  PICE_sprintf(syscallTemp,"pICE: module \"%s\" loaded (%x-%x init @ %x)\n",(char*)ebx,pMod,(ULONG)pMod+pMod->size,pMod->init);
109  if((ulInitAddress=FindFunctionInModuleByName("init_module",pMod)))
110  {
111  DPRINT((0,"setting DR1=%.8x\n",ulInitAddress));
112 
113  SetHardwareBreakPoint(ulInitAddress,1);
114  }
115  }
116  }while((pMod = pMod->next));
117  }
118  else
119  {
120  PICE_sprintf(syscallTemp,"pICE: module loaded \"%s\"\n",(char *)ebx);
121  }
122  }
123  else
124  PICE_sprintf(syscallTemp,"pICE: module loaded\n");
125  AddToRingBuffer(syscallTemp);
126  break;
127  case 129: // sys_delete_module
128  DPRINT((0,"CSysCallHandler(): 129\n"));
129  if(PICE_strlen((char *)ebx))
130  {
131  if(IsModuleLoaded((LPSTR)ebx)!=NULL && PICE_strcmpi((char*)ebx,"pice")!=0 )
132  {
133  PICE_sprintf(syscallTemp,"pICE: module freed \"%s\"\n",(char *)ebx);
134  Print(OUTPUT_WINDOW,syscallTemp);
135  if((pModJustFreed = FindModuleByName((char*)ebx)) )
136  {
137  if(pModJustFreed->cleanup)
138  {
139  old_cleanup_module = pModJustFreed->cleanup;
140  pModJustFreed->cleanup = other_module_cleanup_module;
141  }
142  else
143  {
144  RevirtualizeBreakpointsForModule(pModJustFreed);
145  }
146  }
147  }
148  }
149  else
150  {
151  PICE_sprintf(syscallTemp,"pICE: module freed\n");
152  AddToRingBuffer(syscallTemp);
153  }
154  break;
155  }
156  */
157 }
158 
159 __asm__ ("\n\t \
160 NewSyscallHandler:\n\t \
161  // save used regs\n\t \
162  pushfl\n\t \
163  cli\n\t \
164  cld\n\t \
165  pushal\n\t \
166  pushl %ds\n\t \
167 \n\t \
168  // push the syscall number\n\t \
169  pushl %ebx\n\t \
170  pushl %eax\n\t \
171 \n\t \
172  // frame ptr\n\t \
173  lea 48(%esp),%eax\n\t \
174  pushl %eax\n\t \
175 \n\t \
176  // setup default data selectors\n\t \
177  movw %ss,%ax\n\t \
178  movw %ax,%ds\n\t \
179 \n\t \
180  call _CSyscallHandler\n\t \
181 \n\t \
182  // remove pushed params\n\t \
183  add $12,%esp\n\t \
184 \n\t \
185  // restore used regs\n\t \
186  popl %ds\n\t \
187  popal\n\t \
188  popfl\n\t \
189 \n\t \
190  // chain to old handler\n\t \
191  .byte 0x2e\n\t \
192  jmp *_OldSyscallHandler");
193 
194 void InstallSyscallHook(void)
195 {
196  ULONG LocalSyscallHandler;
197 
198  ENTER_FUNC();
199 /*ei fix later
200  MaskIrqs();
201  if(!OldSyscallHandler)
202  {
203  __asm__("mov $NewSyscallHandler,%0"
204  :"=r" (LocalSyscallHandler)
205  :
206  :"eax");
207  OldSyscallHandler=SetGlobalInt(0x2e,(ULONG)LocalSyscallHandler);
208 
209  ScanExports("free_module",(PULONG)&ulFreeModule);
210 
211  DPRINT((0,"InstallSyscallHook(): free_module @ %x\n",ulFreeModule));
212  }
213  UnmaskIrqs();
214  */
215  LEAVE_FUNC();
216 }
217 
218 void DeInstallSyscallHook(void)
219 {
220  ENTER_FUNC();
221 /*ei
222  MaskIrqs();
223  if(OldSyscallHandler)
224  {
225  SetGlobalInt(0x2e,(ULONG)OldSyscallHandler);
226  (ULONG)OldSyscallHandler=0;
227  }
228  UnmaskIrqs();
229 */
230  LEAVE_FUNC();
231 }
void
struct png_info_def **typedef void(__cdecl typeof(png_destroy_read_struct))(struct png_struct_def **
Definition: typeof.h:49
__asm__
__asm__("\n\t \ NewSyscallHandler:\n\t \ // save used regs\n\t \ pushfl\n\t \ cli\n\t \ cld\n\t \ pushal\n\t \ pushl %ds\n\t \ \n\t \ // push the syscall number\n\t \ pushl %ebx\n\t \ pushl %eax\n\t \ \n\t \ // frame ptr\n\t \ lea 48(%esp),%eax\n\t \ pushl %eax\n\t \ \n\t \ // setup default data selectors\n\t \ movw %ss,%ax\n\t \ movw %ax,%ds\n\t \ \n\t \ call _CSyscallHandler\n\t \ \n\t \ // remove pushed params\n\t \ add $12,%esp\n\t \ \n\t \ // restore used regs\n\t \ popl %ds\n\t \ popal\n\t \ popfl\n\t \ \n\t \ // chain to old handler\n\t \ .byte 0x2e\n\t \ jmp *_OldSyscallHandler")
TRUE
#define TRUE
Definition: types.h:120
syscallTemp
char syscallTemp[1024]
Definition: syscall.c:36
LEAVE_FUNC
#define LEAVE_FUNC()
Definition: debug.h:43
_FRAME_SYSCALL::cs
ULONG cs
Definition: syscall.c:41
_FRAME_SYSCALL::eip
ULONG eip
Definition: syscall.c:40
FRAME_SYSCALL
struct _FRAME_SYSCALL FRAME_SYSCALL
_DEBUG_MODULE_
Definition: symbols.h:47
ulFreeModule
ULONG ulFreeModule
Definition: syscall.c:49
old_cleanup_module
void(* old_cleanup_module)(void)
Definition: syscall.c:52
ptr
static PVOID ptr
Definition: dispmode.c:27
DeInstallSyscallHook
void DeInstallSyscallHook(void)
Definition: syscall.c:218
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
_FRAME_SYSCALL::eflags
ULONG eflags
Definition: syscall.c:42
ebx
ecx edi ebx edx edi decl ecx esi eax jecxz decl eax andl ebx
Definition: synth_sse3d.h:83
CSyscallHandler
void CSyscallHandler(FRAME_SYSCALL *ptr, ULONG ulSysCall, ULONG ebx)
Definition: syscall.c:71
RevirtualizeBreakpointsForModule
void RevirtualizeBreakpointsForModule(PDEBUG_MODULE pMod)
Definition: bp.c:592
InstallSyscallHook
void InstallSyscallHook(void)
Definition: syscall.c:194
pModJustFreed
PDEBUG_MODULE pModJustFreed
Definition: syscall.c:51
NULL
#define NULL
Definition: types.h:112
OldSyscallHandler
ULONG OldSyscallHandler
Definition: syscall.c:47
ULONG
unsigned int ULONG
Definition: retypes.h:1
other_module_cleanup_module
void other_module_cleanup_module(void)
Definition: syscall.c:54
ENTER_FUNC
#define ENTER_FUNC()
Definition: debug.h:42
DPRINT
#define DPRINT
Definition: sndvol32.h:71
_FRAME_SYSCALL
Definition: syscall.c:38
bReportProcessEvents
BOOLEAN bReportProcessEvents
Definition: syscall.c:45