apps/utils/pice/module/syscall.c

   1 /*++
   2
   3 Copyright (c) 1998-2001 Klaus P. Gerlicher
   4
   5 Module Name:
   6
   7     syscall.c
   8
   9 Abstract:
  10
  11 Environment:
  12
  13     Kernel mode only
  14
  15 Author:
  16
  17     Klaus P. Gerlicher
  18
  19 Revision History:
  20
  21     12-Nov-1999:        created
  22     15-Nov-2000:    general cleanup of source files
  23
  24 Copyright notice:
  25
  26   This file may be distributed under the terms of the GNU Public License.
  27
  28 --*/
  29
  30 ////////////////////////////////////////////////////
  31 // INCLUDES
  32 ////
  33 #include "remods.h"
  34 #include "precomp.h"
  35
  36 char syscallTemp[1024];
  37
  38 typedef struct _FRAME_SYSCALL
  39 {
  40     ULONG eip;
  41     ULONG cs;
  42     ULONG eflags;
  43 }FRAME_SYSCALL;
  44
  45 BOOLEAN bReportProcessEvents = TRUE;
  46
  47 ULONG OldSyscallHandler=0;
  48
  49 ULONG ulFreeModule=0;
  50
  51 PDEBUG_MODULE pModJustFreed=NULL;
  52 void (*old_cleanup_module)(void)=NULL;
  53
  54 void other_module_cleanup_module(void)
  55 {
  56     DPRINT((0,"other_module_cleanup_module()\n"));
  57
  58     if(old_cleanup_module)
  59     {
  60         DPRINT((0,"other_module_cleanup_module(): calling %x\n",(ULONG)old_cleanup_module));
  61         old_cleanup_module();
  62     }
  63
  64     if(pModJustFreed)
  65     {
  66         DPRINT((0,"other_module_cleanup_module(): calling RevirtualizeBreakpointsForModule(%x)\n",(ULONG)pModJustFreed));
  67         RevirtualizeBreakpointsForModule(pModJustFreed);
  68     }
  69 }
  70
  71 void CSyscallHandler(FRAME_SYSCALL* ptr,ULONG ulSysCall,ULONG ebx)
  72 {
  73 //      DPRINT((0,"CSyscallHandler(): %.4X:%.8X (syscall = %u)\n",ptr->cs,ptr->eip,ulSysCall));
  74 /*
  75         switch(ulSysCall)
  76     {
  77         case 1: // sys_exit
  78             DPRINT((0,"CSysCallHandler(): 1\n"));
  79                         if(bReportProcessEvents)
  80                         {
  81                                 PICE_sprintf(syscallTemp,"pICE: process destroyed \"%s\" PID=%.4X\n",current->comm,current->pid);
  82                                 AddToRingBuffer(syscallTemp);
  83                         }
  84             break;
  85         case 11: // sys_execve
  86             DPRINT((0,"CSysCallHandler(): 11\n"));
  87                         if(bReportProcessEvents)
  88                         {
  89                                 if(PICE_strlen((char*)ebx))
  90                                         PICE_sprintf(syscallTemp,"pICE: process created \"%s\" PID=%.4X (parent \"%s\")\n",(char *)ebx,current->pid,current->comm);
  91                                 else
  92                                         PICE_sprintf(syscallTemp,"pICE: process created PID=%.4X (parent \"%s\")\n",current->pid,current->comm);
  93                                 AddToRingBuffer(syscallTemp);
  94                         }
  95             break;
  96         case 128: // sys_init_module
  97             DPRINT((0,"CSysCallHandler(): 128\n"));
  98             if(PICE_strlen((char *)ebx))
  99             {
 100                 if(pmodule_list)
 101                 {
 102                     struct module* pMod = *pmodule_list;
 103                     do
 104                     {
 105                         if(PICE_strcmpi((char*)ebx,(LPSTR)pMod->name)==0)
 106                         {
 107                             ULONG ulInitAddress;
 108                             PICE_sprintf(syscallTemp,"pICE: module \"%s\" loaded (%x-%x init @ %x)\n",(char*)ebx,pMod,(ULONG)pMod+pMod->size,pMod->init);
 109                             if((ulInitAddress=FindFunctionInModuleByName("init_module",pMod)))
 110                             {
 111                                             DPRINT((0,"setting DR1=%.8x\n",ulInitAddress));
 112
 113                                 SetHardwareBreakPoint(ulInitAddress,1);
 114                             }
 115                         }
 116                     }while((pMod = pMod->next));
 117                 }
 118                 else
 119                 {
 120                     PICE_sprintf(syscallTemp,"pICE: module loaded \"%s\"\n",(char *)ebx);
 121                 }
 122             }
 123             else
 124                 PICE_sprintf(syscallTemp,"pICE: module loaded\n");
 125             AddToRingBuffer(syscallTemp);
 126             break;
 127         case 129: // sys_delete_module
 128             DPRINT((0,"CSysCallHandler(): 129\n"));
 129             if(PICE_strlen((char *)ebx))
 130             {
 131                 if(IsModuleLoaded((LPSTR)ebx)!=NULL && PICE_strcmpi((char*)ebx,"pice")!=0 )
 132                 {
 133                     PICE_sprintf(syscallTemp,"pICE: module freed \"%s\"\n",(char *)ebx);
 134                     Print(OUTPUT_WINDOW,syscallTemp);
 135                                         if((pModJustFreed = FindModuleByName((char*)ebx)) )
 136                                         {
 137                         if(pModJustFreed->cleanup)
 138                         {
 139                             old_cleanup_module = pModJustFreed->cleanup;
 140                             pModJustFreed->cleanup = other_module_cleanup_module;
 141                         }
 142                         else
 143                         {
 144                                                     RevirtualizeBreakpointsForModule(pModJustFreed);
 145                         }
 146                                         }
 147                 }
 148             }
 149             else
 150             {
 151                 PICE_sprintf(syscallTemp,"pICE: module freed\n");
 152                 AddToRingBuffer(syscallTemp);
 153             }
 154                         break;
 155     }
 156  */
 157 }
 158
 159 __asm__ ("\n\t \
 160 NewSyscallHandler:\n\t \
 161                 // save used regs\n\t \
 162                 pushfl\n\t \
 163                 cli\n\t \
 164         cld\n\t \
 165         pushal\n\t \
 166             pushl %ds\n\t \
 167 \n\t \
 168         // push the syscall number\n\t \
 169         pushl %ebx\n\t \
 170         pushl %eax\n\t \
 171 \n\t \
 172         // frame ptr\n\t \
 173         lea 48(%esp),%eax\n\t \
 174         pushl %eax\n\t \
 175 \n\t \
 176             // setup default data selectors\n\t \
 177             movw %ss,%ax\n\t \
 178             movw %ax,%ds\n\t \
 179 \n\t \
 180         call _CSyscallHandler\n\t \
 181 \n\t \
 182                 // remove pushed params\n\t \
 183         add $12,%esp\n\t \
 184 \n\t \
 185                 // restore used regs\n\t \
 186             popl %ds\n\t \
 187         popal\n\t \
 188                 popfl\n\t \
 189 \n\t \
 190                 // chain to old handler\n\t \
 191                 .byte 0x2e\n\t \
 192                 jmp *_OldSyscallHandler");
 193
 194 void InstallSyscallHook(void)
 195 {
 196         ULONG LocalSyscallHandler;
 197
 198         ENTER_FUNC();
 199 /*ei  fix later
 200         MaskIrqs();
 201         if(!OldSyscallHandler)
 202         {
 203                 __asm__("mov $NewSyscallHandler,%0"
 204                         :"=r" (LocalSyscallHandler)
 205                         :
 206                         :"eax");
 207                 OldSyscallHandler=SetGlobalInt(0x2e,(ULONG)LocalSyscallHandler);
 208
 209                 ScanExports("free_module",(PULONG)&ulFreeModule);
 210
 211                 DPRINT((0,"InstallSyscallHook(): free_module @ %x\n",ulFreeModule));
 212         }
 213         UnmaskIrqs();
 214  */
 215     LEAVE_FUNC();
 216 }
 217
 218 void DeInstallSyscallHook(void)
 219 {
 220         ENTER_FUNC();
 221 /*ei
 222         MaskIrqs();
 223         if(OldSyscallHandler)
 224         {
 225                 SetGlobalInt(0x2e,(ULONG)OldSyscallHandler);
 226         (ULONG)OldSyscallHandler=0;
 227         }
 228         UnmaskIrqs();
 229 */
 230     LEAVE_FUNC();
 231 }