diff options
author | wpaul <wpaul@FreeBSD.org> | 2005-02-16 05:41:18 +0000 |
---|---|---|
committer | wpaul <wpaul@FreeBSD.org> | 2005-02-16 05:41:18 +0000 |
commit | 07b632956a99a773db5488fdd2ffd5f209d38dea (patch) | |
tree | f3934335c485d66f4991e7d9fc75b2e17460984c /sys/compat/ndis/subr_pe.c | |
parent | 41238cc6d19537d94771e20dbde35067d8d8f618 (diff) | |
download | FreeBSD-src-07b632956a99a773db5488fdd2ffd5f209d38dea.zip FreeBSD-src-07b632956a99a773db5488fdd2ffd5f209d38dea.tar.gz |
Add support for Windows/x86-64 binaries to Project Evil.
Ville-Pertti Keinonen (will at exomi dot comohmygodnospampleasekthx)
deserves a big thanks for submitting initial patches to make it
work. I have mangled his contributions appropriately.
The main gotcha with Windows/x86-64 is that Microsoft uses a different
calling convention than everyone else. The standard ABI requires using
6 registers for argument passing, with other arguments on the stack.
Microsoft uses only 4 registers, and requires the caller to leave room
on the stack for the register arguments incase the callee needs to
spill them. Unlike x86, where Microsoft uses a mix of _cdecl, _stdcall
and _fastcall, all routines on Windows/x86-64 uses the same convention.
This unfortunately means that all the functions we export to the
driver require an intermediate translation wrapper. Similarly, we have
to wrap all calls back into the driver binary itself.
The original patches provided macros to wrap every single routine at
compile time, providing a secondary jump table with a customized
wrapper for each exported routine. I decided to use a different approach:
the call wrapper for each function is created from a template at
runtime, and the routine to jump to is patched into the wrapper as
it is created. The subr_pe module has been modified to patch in the
wrapped function instead of the original. (On x86, the wrapping
routine is a no-op.)
There are some minor API differences that had to be accounted for:
- KeAcquireSpinLock() is a real function on amd64, not a macro wrapper
around KfAcquireSpinLock()
- NdisFreeBuffer() is actually IoFreeMdl(). I had to change the whole
NDIS_BUFFER API a bit to accomodate this.
Bugs fixed along the way:
- IoAllocateMdl() always returned NULL
- kern_windrv.c:windrv_unload() wasn't releasing private driver object
extensions correctly (found thanks to memguard)
This has only been tested with the driver for the Broadcom 802.11g
chipset, which was the only Windows/x86-64 driver I could find.
Diffstat (limited to 'sys/compat/ndis/subr_pe.c')
-rw-r--r-- | sys/compat/ndis/subr_pe.c | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/sys/compat/ndis/subr_pe.c b/sys/compat/ndis/subr_pe.c index 5f37ead..6ac815d 100644 --- a/sys/compat/ndis/subr_pe.c +++ b/sys/compat/ndis/subr_pe.c @@ -263,7 +263,7 @@ pe_directory_offset(imgbase, diridx) vm_offset_t pe_translate_addr(imgbase, rva) vm_offset_t imgbase; - uint32_t rva; + vm_offset_t rva; { image_optional_header opt_hdr; image_section_header *sect_hdr; @@ -366,7 +366,10 @@ pe_relocate(imgbase) image_section_header sect; image_base_reloc *relhdr; uint16_t rel, *sloc; - uint32_t base, delta, *lloc; + vm_offset_t base; + vm_size_t delta; + uint32_t *lloc; + uint64_t *qloc; int i, count; vm_offset_t txt; @@ -403,6 +406,13 @@ pe_relocate(imgbase) relhdr->ibr_vaddr + IMR_RELOFFSET(rel)); *sloc += (delta & 0xFFFF); break; + case IMAGE_REL_BASED_DIR64: + qloc = (uint64_t *)pe_translate_addr(imgbase, + relhdr->ibr_vaddr + IMR_RELOFFSET(rel)); + *qloc = pe_translate_addr(imgbase, + (*qloc - base)); + break; + default: printf ("[%d]reloc type: %d\n",i, IMR_RELTYPE(rel)); @@ -561,11 +571,19 @@ pe_functbl_match(functbl, name) while (p->ipt_name != NULL) { if (!strcmp(p->ipt_name, name)) - return((vm_offset_t)p->ipt_func); + return((vm_offset_t)p->ipt_wrap); p++; } printf ("no match for %s\n", name); - return((vm_offset_t)p->ipt_func); + + /* + * Return the wrapper pointer for this routine. + * For x86, this is the same as the funcptr. + * For amd64, this points to a wrapper routine + * that does calling convention translation and + * then invokes the underlying routine. + */ + return((vm_offset_t)p->ipt_wrap); } /* |