patch.c

一个类似与Windows环境下的softice的源代码

/******************************************************************************
 *
 * Copyright (c) 2003 Gerhard W. Gruber
 *
 * PROJECT: pICE
 * $Source: /cvsroot/pice/pice/module/patch.c,v $
 * $Revision: 1.5 $
 * $Date: 2004/02/17 23:07:37 $
 * $Author: lightweave $
 * $Name:  $
 *
 * $Log: patch.c,v $
 * Revision 1.5  2004/02/17 23:07:37  lightweave
 *
 * Improved the DEBUG facillity and replaced the configuration handler with a
 * new code which now can read MS Windows INI style files. See CHANGES.txt for
 * more details.
 * Also added a macro which prevents compiling for kernels before 2.4.19.
 *
 * Revision 1.4  2003/06/18 22:00:22  lightweave
 * DEBUG and DEBUG_SERIAL added
 *
 *
 *****************************************************************************/

static char *ident = "$Header: /cvsroot/pice/pice/module/patch.c,v 1.5 2004/02/17 23:07:37 lightweave Exp $";


/*++

Copyright (c) 1998-2001 Klaus P. Gerlicher

Module Name:

    patch.c

Abstract:

    hooking of kernel internal keyboard interrupt handler

Environment:

    Kernel mode only

Author:

    Klaus P. Gerlicher

Revision History:

    10-Jul-1999:	created
    15-Nov-2000:    general cleanup of source files

Copyright notice:

  This file may be distributed under the terms of the GNU Public License.

--*/

////////////////////////////////////////////////////
// INCLUDES
////
#include "remods.h"

#include <asm/system.h>

#include "precomp.h"
#include "utils.h"

////////////////////////////////////////////////////
// GLOBALS
////

PUCHAR pPatchAddress;
ULONG ulOldOffset = 0;
ULONG ulKeyPatchFlags;
BOOLEAN g_bKeyboardDriverPatched = FALSE;
void (*old_handle_scancode)(unsigned char,int);
UCHAR ucBreakKey = 'F'; // key that will break into debugger in combination with CTRL

////////////////////////////////////////////////////
// FUNCTIONS
////

//************************************************************************* 
// HandleHotKey() 
// 
//************************************************************************* 
void HandleHotKey(EXCEPTION_FRAME* pFrame)
{
	ulSingleStepCondition |= SINGLE_STEP_CONDITION_HOTKEY;
	pFrame->eflags |= TF_FLAG;
}

//************************************************************************* 
// pice_handle_scancode() 
// 
// the keyboard hook
//
//************************************************************************* 
void pice_handle_scancode(unsigned char scancode, int down)
{
	UCHAR ucKey = scancode & 0x7f;
	static BOOLEAN bControl = FALSE;
	BOOLEAN bForward=TRUE;

    ENTER_FUNC();

    DPRINT(PICE_DEBUG, DBT_PATCH, DBL_INFO, "pice_handle_scancode(%x,%x)\n", scancode, down);
    DPRINT(PICE_DEBUG, DBT_PATCH, DBL_INFO, "bControl = %u bForward = %u\n",bControl,bForward);
	if(!(scancode & 0x80))
	{
        // CTRL pressed
		if(ucKey==0x1d)
		{
		    DPRINT(PICE_DEBUG, DBT_PATCH, DBL_INFO , "pice_handle_scancode(%x,%x): CTRL pressed\n",scancode,down);
			bControl=TRUE;
		}
		else if(bControl==TRUE && ucKey==AsciiToScan(ucBreakKey)) // CTRL-F
		{
		    DPRINT(PICE_DEBUG, DBT_PATCH, DBL_INFO, "pice_handle_scancode(%x,%x): enter sequence detected\n",scancode,down);

            // fake a CTRL-F release call
			old_handle_scancode(0x1d | 0x80,0);

			bForward=FALSE;

            // simulate an initial break 
			DebuggerHotkey();

			bControl=FALSE;
		}
	}
	else
	{
        // CTRL released
		if(ucKey==0x1d)
		{
		    DPRINT(PICE_DEBUG, DBT_PATCH, DBL_INFO, "pice_handle_scancode(%x,%x): CTRL released\n",scancode,down);
			bControl=FALSE;
		}
    }

    if(bForward)
    {
        DPRINT(PICE_DEBUG, DBT_PATCH, DBL_INFO, "pice_handle_scancode(): forwarding key stroke\n");
	    old_handle_scancode(scancode,down);
    }

    LEAVE_FUNC();
}

//************************************************************************* 
// PatchKeyboardDriver() 
// 
//************************************************************************* 
BOOLEAN PatchKeyboardDriver(ULONG AddrOfKbdEvent,ULONG AddrOfScancode)
{
#ifdef ACTIVATE_KEYBOARD_PATCHING
	UCHAR ucPattern[5] = {0xE8,0x0,0x0,0x0,0x0};
	PULONG pOffset = (PULONG)&ucPattern[1];
	ULONG ulOffset,countBytes = 0;

    ENTER_FUNC();

	(void*)old_handle_scancode = AddrOfScancode;
    DPRINT(PICE_DEBUG, DBT_PATCH, DBL_INFO, "handle_scancode = %X\n",AddrOfScancode);

	pPatchAddress = (PUCHAR)AddrOfKbdEvent; // handle_kbd_event
    DPRINT(PICE_DEBUG, DBT_PATCH, DBL_INFO, "initial patch address = %X\n",AddrOfKbdEvent);
    ulOffset = (ULONG)old_handle_scancode - ((ULONG)pPatchAddress+sizeof(ULONG)+1);
    DPRINT(PICE_DEBUG, DBT_PATCH, DBL_INFO, "initial offset = %X\n",ulOffset);
	*pOffset = ulOffset;

	while((memcmp(pPatchAddress,ucPattern,sizeof(ucPattern))!=0) &&
	      (countBytes<0x1000))
	{
        DPRINT(PICE_DEBUG, DBT_PATCH, DBL_INFO, "offset = %X\n",ulOffset);
        DPRINT(PICE_DEBUG, DBT_PATCH, DBL_INFO, "patch address = %p\n", pPatchAddress);
        DPRINT(PICE_DEBUG, DBT_PATCH, DBL_INFO, "pattern1 = %.2X %.2X %.2X %.2X %.2X\n",ucPattern[0],ucPattern[1],ucPattern[2],ucPattern[3],ucPattern[4]);
        DPRINT(PICE_DEBUG, DBT_PATCH, DBL_INFO, "pattern2 = %.2X %.2X %.2X %.2X %.2X\n",pPatchAddress[0],pPatchAddress[1],pPatchAddress[2],pPatchAddress[3],pPatchAddress[4]);

		countBytes++;
		pPatchAddress++;

		ulOffset = (ULONG)old_handle_scancode - ((ULONG)pPatchAddress+sizeof(ULONG)+1);
		*pOffset = ulOffset;
	}
	
	if(memcmp(pPatchAddress,ucPattern,sizeof(ucPattern))==0)
	{
		DPRINT(PICE_DEBUG, DBT_PATCH, DBL_INFO, "pattern found @ %p\n", pPatchAddress);
		
		ulOffset = (ULONG)&pice_handle_scancode - ((ULONG)pPatchAddress+sizeof(ULONG)+1);
		ulOldOffset = *(PULONG)(pPatchAddress + 1);
		DPRINT(PICE_DEBUG, DBT_PATCH, DBL_INFO, "old offset = %x new offset = %x\n",ulOldOffset,ulOffset);

		save_flags(ulKeyPatchFlags);
		cli();
		*(PULONG)(pPatchAddress + 1) = ulOffset;

		g_bKeyboardDriverPatched = TRUE;

		restore_flags(ulKeyPatchFlags);

		DPRINT(PICE_DEBUG, DBT_PATCH, DBL_INFO, "PatchKeyboardDriver(): SUCCESS!\n");
	}

    LEAVE_FUNC();

    return g_bKeyboardDriverPatched;
#else 
    return TRUE; // success though not installed
#endif // ACTIVATE_KEYBOARD_PATCHING
}

//************************************************************************* 
// RestoreKeyboardDriver() 
// 
//************************************************************************* 
void RestoreKeyboardDriver(void)
{
#ifdef ACTIVATE_KEYBOARD_PATCHING
    ENTER_FUNC();

	if(g_bKeyboardDriverPatched)
	{
		save_flags(ulKeyPatchFlags);
		cli();
		*(PULONG)(pPatchAddress + 1) = ulOldOffset;
		restore_flags(ulKeyPatchFlags);
	}

    LEAVE_FUNC();
#endif // ACTIVATE_KEYBOARD_PATCHING
}