Main Page | Class Hierarchy | Class List | File List | Class Members | File Members

htxbeimp.cc

Go to the documentation of this file.
00001 /*
00002  *      HT Editor
00003  *      htxbeimp.cc
00004  *
00005  *      Copyright (C) 2003 Stefan Esser
00006  *
00007  *      This program is free software; you can redistribute it and/or modify
00008  *      it under the terms of the GNU General Public License version 2 as
00009  *      published by the Free Software Foundation.
00010  *
00011  *      This program is distributed in the hope that it will be useful,
00012  *      but WITHOUT ANY WARRANTY; without even the implied warranty of
00013  *      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00014  *      GNU General Public License for more details.
00015  *
00016  *      You should have received a copy of the GNU General Public License
00017  *      along with this program; if not, write to the Free Software
00018  *      Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
00019  */
00020 
00021 #include "formats.h"
00022 #include "htanaly.h"
00023 #include "htctrl.h"
00024 #include "htdata.h"
00025 #include "htendian.h"
00026 #include "htiobox.h"
00027 #include "htpal.h"
00028 #include "xbestruct.h"
00029 #include "htxbe.h"
00030 #include "htxbeimp.h"
00031 #include "stream.h"
00032 #include "htstring.h"
00033 #include "httag.h"
00034 #include "log.h"
00035 #include "xbe_analy.h"
00036 #include "snprintf.h"
00037 #include "tools.h"
00038 
00039 #include <stdlib.h>
00040 #include <string.h>
00041 
00042 static const char *xbox_exports[] = {
00043         NULL,
00044         "AvGetSavedDataAddress",                         //   1  80000001
00045         "AvSendTVEncoderOption",                         //   2  80000002
00046         "AvSetDisplayMode",                              //   3  80000003
00047         "AvSetSavedDataAddress",                         //   4  80000004
00048         "DbgBreakPoint",                                 //   5  80000005
00049         "DbgBreakPointWithStatus",                       //   6  80000006
00050         "DbgLoadImageSymbols",                           //   7  80000007
00051         "DbgPrint",                                      //   8  80000008
00052         "HalReadSMCTrayState",                           //   9  80000009
00053         "DbgPrompt",                                     //  10  8000000A
00054         "DbgUnLoadImageSymbols",                         //  11  8000000B
00055         "ExAcquireReadWriteLockExclusive",               //  12  8000000C
00056         "ExAcquireReadWriteLockShared",                  //  13  8000000D
00057         "ExAllocatePool",                                //  14  8000000E
00058         "ExAllocatePoolWithTag",                         //  15  8000000F
00059         "ExEventObjectType",                             //  16  80000010
00060         "ExFreePool",                                    //  17  80000011
00061         "ExInitializeReadWriteLock",                     //  18  80000012
00062         "ExInterlockedAddLargeInteger",                  //  19  80000013
00063         "ExInterlockedAddLargeStatistic",                //  20  80000014
00064         "ExInterlockedCompareExchange64",                //  21  80000015
00065         "ExMutantObjectType",                            //  22  80000016
00066         "ExQueryPoolBlockSize",                          //  23  80000017
00067         "ExQueryNonVolatileSetting",                     //  24  80000018
00068         "ExReadWriteRefurbInfo",                         //  25  80000019
00069         "ExRaiseException",                              //  26  8000001A
00070         "ExRaiseStatus",                                 //  27  8000001B
00071         "ExReleaseReadWriteLock",                        //  28  8000001C
00072         "ExSaveNonVolatileSetting",                      //  29  8000001D
00073         "ExSemaphoreObjectType",                         //  30  8000001E
00074         "ExTimerObjectType",                             //  31  8000001F
00075         "ExfInterlockedInsertHeadList",                  //  32  80000020
00076         "ExfInterlockedInsertTailList",                  //  33  80000021
00077         "ExfInterlockedRemoveHeadList",                  //  34  80000022
00078         "FscGetCacheSize",                               //  35  80000023
00079         "FscInvalidateIdleBlocks",                       //  36  80000024
00080         "FscSetCacheSize",                               //  37  80000025
00081         "HalClearSoftwareInterrupt",                     //  38  80000026
00082         "HalDisableSystemInterrupt",                     //  39  80000027
00083         "HalDiskCachePartitionCount",                    //  40  80000028
00084         "HalDiskModelNumber",                            //  41  80000029
00085         "HalDiskSerialNumber",                           //  42  8000002A
00086         "HalEnableSystemInterrupt",                      //  43  8000002B
00087         "HalGetInterruptVector",                         //  44  8000002C
00088         "HalReadSMBusValue",                             //  45  8000002D
00089         "HalReadWritePCISpace",                          //  46  8000002E
00090         "HalRegisterShutdownNotification",               //  47  8000002F
00091         "HalRequestSoftwareInterrupt",                   //  48  80000030
00092         "HalReturnToFirmware",                           //  49  80000031
00093         "HalWriteSMBusValue",                            //  50  80000032
00094         "InterlockedCompareExchange",                    //  51  80000033
00095         "InterlockedDecrement",                          //  52  80000034
00096         "InterlockedIncrement",                          //  53  80000035
00097         "InterlockedExchange",                           //  54  80000036
00098         "InterlockedExchangeAdd",                        //  55  80000037
00099         "InterlockedFlushSList",                         //  56  80000038
00100         "InterlockedPopEntrySList",                      //  57  80000039
00101         "InterlockedPushEntrySList",                     //  58  8000003A
00102         "IoAllocateIrp",                                 //  59  8000003B
00103         "IoBuildAsynchronousFsdRequest",                 //  60  8000003C
00104         "IoBuildDeviceIoControlRequest",                 //  61  8000003D
00105         "IoBuildSynchronousFsdRequest",                  //  62  8000003E
00106         "IoCheckShareAccess",                            //  63  8000003F
00107         "IoCompletionObjectType",                        //  64  80000040
00108         "IoCreateDevice",                                //  65  80000041
00109         "IoCreateFile",                                  //  66  80000042
00110         "IoCreateSymbolicLink",                          //  67  80000043
00111         "IoDeleteDevice",                                //  68  80000044
00112         "IoDeleteSymbolicLink",                          //  69  80000045
00113         "IoDeviceObjectType",                            //  70  80000046
00114         "IoFileObjectType",                              //  71  80000047
00115         "IoFreeIrp",                                     //  72  80000048
00116         "IoInitializeIrp",                               //  73  80000049
00117         "IoInvalidDeviceRequest",                        //  74  8000004A
00118         "IoQueryFileInformation",                        //  75  8000004B
00119         "IoQueryVolumeInformation",                      //  76  8000004C
00120         "IoQueueThreadIrp",                              //  77  8000004D
00121         "IoRemoveShareAccess",                           //  78  8000004E
00122         "IoSetIoCompletion",                             //  79  8000004F
00123         "IoSetShareAccess",                              //  80  80000050
00124         "IoStartNextPacket",                             //  81  80000051
00125         "IoStartNextPacketByKey",                        //  82  80000052
00126         "IoStartPacket",                                 //  83  80000053
00127         "IoSynchronousDeviceIoControlRequest",           //  84  80000054
00128         "IoSynchronousFsdRequest",                       //  85  80000055
00129         "IofCallDriver",                                 //  86  80000056
00130         "IofCompleteRequest",                            //  87  80000057
00131         "KdDebuggerEnabled",                             //  88  80000058
00132         "KdDebuggerNotPresent",                          //  89  80000059
00133         "IoDismountVolume",                              //  90  8000005A
00134         "IoDismountVolumeByName",                        //  91  8000005B
00135         "KeAlertResumeThread",                           //  92  8000005C
00136         "KeAlertThread",                                 //  93  8000005D
00137         "KeBoostPriorityThread",                         //  94  8000005E
00138         "KeBugCheck",                                    //  95  8000005F
00139         "KeBugCheckEx",                                  //  96  80000060
00140         "KeCancelTimer",                                 //  97  80000061
00141         "KeConnectInterrupt",                            //  98  80000062
00142         "KeDelayExecutionThread",                        //  99  80000063
00143         "KeDisconnectInterrupt",                         // 100  80000064
00144         "KeEnterCriticalRegion",                         // 101  80000065
00145         "MmGlobalData",                                  // 102  80000066
00146         "KeGetCurrentIrql",                              // 103  80000067
00147         "KeGetCurrentThread",                            // 104  80000068
00148         "KeInitializeApc",                               // 105  80000069
00149         "KeInitializeDeviceQueue",                       // 106  8000006A
00150         "KeInitializeDpc",                               // 107  8000006B
00151         "KeInitializeEvent",                             // 108  8000006C
00152         "KeInitializeInterrupt",                         // 109  8000006D
00153         "KeInitializeMutant",                            // 110  8000006E
00154         "KeInitializeQueue",                             // 111  8000006F
00155         "KeInitializeSemaphore",                         // 112  80000070
00156         "KeInitializeTimerEx",                           // 113  80000071
00157         "KeInsertByKeyDeviceQueue",                      // 114  80000072
00158         "KeInsertDeviceQueue",                           // 115  80000073
00159         "KeInsertHeadQueue",                             // 116  80000074
00160         "KeInsertQueue",                                 // 117  80000075
00161         "KeInsertQueueApc",                              // 118  80000076
00162         "KeInsertQueueDpc",                              // 119  80000077
00163         "KeInterruptTime",                               // 120  80000078
00164         "KeIsExecutingDpc",                              // 121  80000079
00165         "KeLeaveCriticalRegion",                         // 122  8000007A
00166         "KePulseEvent",                                  // 123  8000007B
00167         "KeQueryBasePriorityThread",                     // 124  8000007C
00168         "KeQueryInterruptTime",                          // 125  8000007D
00169         "KeQueryPerformanceCounter",                     // 126  8000007E
00170         "KeQueryPerformanceFrequency",                   // 127  8000007F
00171         "KeQuerySystemTime",                             // 128  80000080
00172         "KeRaiseIrqlToDpcLevel",                         // 129  80000081
00173         "KeRaiseIrqlToSynchLevel",                       // 130  80000082
00174         "KeReleaseMutant",                               // 131  80000083
00175         "KeReleaseSemaphore",                            // 132  80000084
00176         "KeRemoveByKeyDeviceQueue",                      // 133  80000085
00177         "KeRemoveDeviceQueue",                           // 134  80000086
00178         "KeRemoveEntryDeviceQueue",                      // 135  80000087
00179         "KeRemoveQueue",                                 // 136  80000088
00180         "KeRemoveQueueDpc",                              // 137  80000089
00181         "KeResetEvent",                                  // 138  8000008A
00182         "KeRestoreFloatingPointState",                   // 139  8000008B
00183         "KeResumeThread",                                // 140  8000008C
00184         "KeRundownQueue",                                // 141  8000008D
00185         "KeSaveFloatingPointState",                      // 142  8000008E
00186         "KeSetBasePriorityThread",                       // 143  8000008F
00187         "KeSetDisableBoostThread",                       // 144  80000090
00188         "KeSetEvent",                                    // 145  80000091
00189         "KeSetEventBoostPriority",                       // 146  80000092
00190         "KeSetPriorityProcess",                          // 147  80000093
00191         "KeSetPriorityThread",                           // 148  80000094
00192         "KeSetTimer",                                    // 149  80000095
00193         "KeSetTimerEx",                                  // 150  80000096
00194         "KeStallExecutionProcessor",                     // 151  80000097
00195         "KeSuspendThread",                               // 152  80000098
00196         "KeSynchronizeExecution",                        // 153  80000099
00197         "KeSystemTime",                                  // 154  8000009A
00198         "KeTestAlertThread",                             // 155  8000009B
00199         "KeTickCount",                                   // 156  8000009C
00200         "KeTimeIncrement",                               // 157  8000009D
00201         "KeWaitForMultipleObjects",                      // 158  8000009E
00202         "KeWaitForSingleObject",                         // 159  8000009F
00203         "KfRaiseIrql",                                   // 160  800000A0
00204         "KfLowerIrql",                                   // 161  800000A1
00205         "KiBugCheckData",                                // 162  800000A2
00206         "KiUnlockDispatcherDatabase",                    // 163  800000A3
00207         "LaunchDataPage",                                // 164  800000A4
00208         "MmAllocateContiguousMemory",                    // 165  800000A5
00209         "MmAllocateContiguousMemoryEx",                  // 166  800000A6
00210         "MmAllocateSystemMemory",                        // 167  800000A7
00211         "MmClaimGpuInstanceMemory",                      // 168  800000A8
00212         "MmCreateKernelStack",                           // 169  800000A9
00213         "MmDeleteKernelStack",                           // 170  800000AA
00214         "MmFreeContiguousMemory",                        // 171  800000AB
00215         "MmFreeSystemMemory",                            // 172  800000AC
00216         "MmGetPhysicalAddress",                          // 173  800000AD
00217         "MmIsAddressValid",                              // 174  800000AE
00218         "MmLockUnlockBufferPages",                       // 175  800000AF
00219         "MmLockUnlockPhysicalPage",                      // 176  800000B0
00220         "MmMapIoSpace",                                  // 177  800000B1
00221         "MmPersistContiguousMemory",                     // 178  800000B2
00222         "MmQueryAddressProtect",                         // 179  800000B3
00223         "MmQueryAllocationSize",                         // 180  800000B4
00224         "MmQueryStatistics",                             // 181  800000B5
00225         "MmSetAddressProtect",                           // 182  800000B6
00226         "MmUnmapIoSpace",                                // 183  800000B7
00227         "NtAllocateVirtualMemory",                       // 184  800000B8
00228         "NtCancelTimer",                                 // 185  800000B9
00229         "NtClearEvent",                                  // 186  800000BA
00230         "NtClose",                                       // 187  800000BB
00231         "NtCreateDirectoryObject",                       // 188  800000BC
00232         "NtCreateEvent",                                 // 189  800000BD
00233         "NtCreateFile",                                  // 190  800000BE
00234         "NtCreateIoCompletion",                          // 191  800000BF
00235         "NtCreateMutant",                                // 192  800000C0
00236         "NtCreateSemaphore",                             // 193  800000C1
00237         "NtCreateTimer",                                 // 194  800000C2
00238         "NtDeleteFile",                                  // 195  800000C3
00239         "NtDeviceIoControlFile",                         // 196  800000C4
00240         "NtDuplicateObject",                             // 197  800000C5
00241         "NtFlushBuffersFile",                            // 198  800000C6
00242         "NtFreeVirtualMemory",                           // 199  800000C7
00243         "NtFsControlFile",                               // 200  800000C8
00244         "NtOpenDirectoryObject",                         // 201  800000C9
00245         "NtOpenFile",                                    // 202  800000CA
00246         "NtOpenSymbolicLinkObject",                      // 203  800000CB
00247         "NtProtectVirtualMemory",                        // 204  800000CC
00248         "NtPulseEvent",                                  // 205  800000CD
00249         "NtQueueApcThread",                              // 206  800000CE
00250         "NtQueryDirectoryFile",                          // 207  800000CF
00251         "NtQueryDirectoryObject",                        // 208  800000D0
00252         "NtQueryEvent",                                  // 209  800000D1
00253         "NtQueryFullAttributesFile",                     // 210  800000D2
00254         "NtQueryInformationFile",                        // 211  800000D3
00255         "NtQueryIoCompletion",                           // 212  800000D4
00256         "NtQueryMutant",                                 // 213  800000D5
00257         "NtQuerySemaphore",                              // 214  800000D6
00258         "NtQuerySymbolicLinkObject",                     // 215  800000D7
00259         "NtQueryTimer",                                  // 216  800000D8
00260         "NtQueryVirtualMemory",                          // 217  800000D9
00261         "NtQueryVolumeInformationFile",                  // 218  800000DA
00262         "NtReadFile",                                    // 219  800000DB
00263         "NtReadFileScatter",                             // 220  800000DC
00264         "NtReleaseMutant",                               // 221  800000DD
00265         "NtReleaseSemaphore",                            // 222  800000DE
00266         "NtRemoveIoCompletion",                          // 223  800000DF
00267         "NtResumeThread",                                // 224  800000E0
00268         "NtSetEvent",                                    // 225  800000E1
00269         "NtSetInformationFile",                          // 226  800000E2
00270         "NtSetIoCompletion",                             // 227  800000E3
00271         "NtSetSystemTime",                               // 228  800000E4
00272         "NtSetTimerEx",                                  // 229  800000E5
00273         "NtSignalAndWaitForSingleObjectEx",              // 230  800000E6
00274         "NtSuspendThread",                               // 231  800000E7
00275         "NtUserIoApcDispatcher",                         // 232  800000E8
00276         "NtWaitForSingleObject",                         // 233  800000E9
00277         "NtWaitForSingleObjectEx",                       // 234  800000EA
00278         "NtWaitForMultipleObjectsEx",                    // 235  800000EB
00279         "NtWriteFile",                                   // 236  800000EC
00280         "NtWriteFileGather",                             // 237  800000ED
00281         "NtYieldExecution",                              // 238  800000EE
00282         "ObCreateObject",                                // 239  800000EF
00283         "ObDirectoryObjectType",                         // 240  800000F0
00284         "ObInsertObject",                                // 241  800000F1
00285         "ObMakeTemporaryObject",                         // 242  800000F2
00286         "ObOpenObjectByName",                            // 243  800000F3
00287         "ObOpenObjectByPointer",                         // 244  800000F4
00288         "ObpObjectHandleTable",                          // 245  800000F5
00289         "ObReferenceObjectByHandle",                     // 246  800000F6
00290         "ObReferenceObjectByName",                       // 247  800000F7
00291         "ObReferenceObjectByPointer",                    // 248  800000F8
00292         "ObSymbolicLinkObjectType",                      // 249  800000F9
00293         "ObfDereferenceObject",                          // 250  800000FA
00294         "ObfReferenceObject",                            // 251  800000FB
00295         "PhyGetLinkState",                               // 252  800000FC
00296         "PhyInitialize",                                 // 253  800000FD
00297         "PsCreateSystemThread",                          // 254  800000FE
00298         "PsCreateSystemThreadEx",                        // 255  800000FF
00299         "PsQueryStatistics",                             // 256  80000100
00300         "PsSetCreateThreadNotifyRoutine",                // 257  80000101
00301         "PsTerminateSystemThread",                       // 258  80000102
00302         "PsThreadObjectType",                            // 259  80000103
00303         "RtlAnsiStringToUnicodeString",                  // 260  80000104
00304         "RtlAppendStringToString",                       // 261  80000105
00305         "RtlAppendUnicodeStringToString",                // 262  80000106
00306         "RtlAppendUnicodeToString",                      // 263  80000107
00307         "RtlAssert",                                     // 264  80000108
00308         "RtlCaptureContext",                             // 265  80000109
00309         "RtlCaptureStackBackTrace",                      // 266  8000010A
00310         "RtlCharToInteger",                              // 267  8000010B
00311         "RtlCompareMemory",                              // 268  8000010C
00312         "RtlCompareMemoryUlong",                         // 269  8000010D
00313         "RtlCompareString",                              // 270  8000010E
00314         "RtlCompareUnicodeString",                       // 271  8000010F
00315         "RtlCopyString",                                 // 272  80000110
00316         "RtlCopyUnicodeString",                          // 273  80000111
00317         "RtlCreateUnicodeString",                        // 274  80000112
00318         "RtlDowncaseUnicodeChar",                        // 275  80000113
00319         "RtlDowncaseUnicodeString",                      // 276  80000114
00320         "RtlEnterCriticalSection",                       // 277  80000115
00321         "RtlEnterCriticalSectionAndRegion",              // 278  80000116
00322         "RtlEqualString",                                // 279  80000117
00323         "RtlEqualUnicodeString",                         // 280  80000118
00324         "RtlExtendedIntegerMultiply",                    // 281  80000119
00325         "RtlExtendedLargeIntegerDivide",                 // 282  8000011A
00326         "RtlExtendedMagicDivide",                        // 283  8000011B
00327         "RtlFillMemory",                                 // 284  8000011C
00328         "RtlFillMemoryUlong",                            // 285  8000011D
00329         "RtlFreeAnsiString",                             // 286  8000011E
00330         "RtlFreeUnicodeString",                          // 287  8000011F
00331         "RtlGetCallersAddress",                          // 288  80000120
00332         "RtlInitAnsiString",                             // 289  80000121
00333         "RtlInitUnicodeString",                          // 290  80000122
00334         "RtlInitializeCriticalSection",                  // 291  80000123
00335         "RtlIntegerToChar",                              // 292  80000124
00336         "RtlIntegerToUnicodeString",                     // 293  80000125
00337         "RtlLeaveCriticalSection",                       // 294  80000126
00338         "RtlLeaveCriticalSectionAndRegion",              // 295  80000127
00339         "RtlLowerChar",                                  // 296  80000128
00340         "RtlMapGenericMask",                             // 297  80000129
00341         "RtlMoveMemory",                                 // 298  8000012A
00342         "RtlMultiByteToUnicodeN",                        // 299  8000012B
00343         "RtlMultiByteToUnicodeSize",                     // 300  8000012C
00344         "RtlNtStatusToDosError",                         // 301  8000012D
00345         "RtlRaiseException",                             // 302  8000012E
00346         "RtlRaiseStatus",                                // 303  8000012F
00347         "RtlTimeFieldsToTime",                           // 304  80000130
00348         "RtlTimeToTimeFields",                           // 305  80000131
00349         "RtlTryEnterCriticalSection",                    // 306  80000132
00350         "RtlUlongByteSwap",                              // 307  80000133
00351         "RtlUnicodeStringToAnsiString",                  // 308  80000134
00352         "RtlUnicodeStringToInteger",                     // 309  80000135
00353         "RtlUnicodeToMultiByteN",                        // 310  80000136
00354         "RtlUnicodeToMultiByteSize",                     // 311  80000137
00355         "RtlUnwind",                                     // 312  80000138
00356         "RtlUpcaseUnicodeChar",                          // 313  80000139
00357         "RtlUpcaseUnicodeString",                        // 314  8000013A
00358         "RtlUpcaseUnicodeToMultiByteN",                  // 315  8000013B
00359         "RtlUpperChar",                                  // 316  8000013C
00360         "RtlUpperString",                                // 317  8000013D
00361         "RtlUshortByteSwap",                             // 318  8000013E
00362         "RtlWalkFrameChain",                             // 319  8000013F
00363         "RtlZeroMemory",                                 // 320  80000140
00364         "XboxEEPROMKey",                                 // 321  80000141
00365         "XboxHardwareInfo",                              // 322  80000142
00366         "XboxHDKey",                                     // 323  80000143
00367         "XboxKrnlVersion",                               // 324  80000144
00368         "XboxSignatureKey",                              // 325  80000145
00369         "XeImageFileName",                               // 326  80000146
00370         "XeLoadSection",                                 // 327  80000147
00371         "XeUnloadSection",                               // 328  80000148
00372         "READ_PORT_BUFFER_UCHAR",                        // 329  80000149
00373         "READ_PORT_BUFFER_USHORT",                       // 330  8000014A
00374         "READ_PORT_BUFFER_ULONG",                        // 331  8000014B
00375         "WRITE_PORT_BUFFER_UCHAR",                       // 332  8000014C
00376         "WRITE_PORT_BUFFER_USHORT",                      // 333  8000014D
00377         "WRITE_PORT_BUFFER_ULONG",                       // 334  8000014E
00378         "XcSHAInit",                                     // 335  8000014F
00379         "XcSHAUpdate",                                   // 336  80000150
00380         "XcSHAFinal",                                    // 337  80000151
00381         "XcRC4Key",                                      // 338  80000152
00382         "XcRC4Crypt",                                    // 339  80000153
00383         "XcHMAC",                                        // 340  80000154
00384         "XcPKEncPublic",                                 // 341  80000155
00385         "XcPKDecPrivate",                                // 342  80000156
00386         "XcPKGetKeyLen",                                 // 343  80000157
00387         "XcVerifyPKCS1Signature",                        // 344  80000158
00388         "XcModExp",                                      // 345  80000159
00389         "XcDESKeyParity",                                // 346  8000015A
00390         "XcKeyTable",                                    // 347  8000015B
00391         "XcBlockCrypt",                                  // 348  8000015C
00392         "XcBlockCryptCBC",                               // 349  8000015D
00393         "XcCryptService",                                // 350  8000015E
00394         "XcUpdateCrypto",                                // 351  8000015F
00395         "RtlRip",                                        // 352  80000160
00396         "XboxLANKey",                                    // 353  80000161
00397         "XboxAlternateSignatureKeys",                    // 354  80000162
00398         "XePublicKeyData",                               // 355  80000163
00399         "HalBootSMCVideoMode",                           // 356  80000164
00400         "IdexChannelObject",                             // 357  80000165
00401         "HalIsResetOrShutdownPending",                   // 358  80000166
00402         "IoMarkIrpMustComplete",                         // 359  80000167
00403         "HalInitiateShutdown",                           // 360  80000168
00404         "snprintf",                                      // 361  80000169
00405         "sprintf",                                       // 362  8000016A
00406         "vsnprintf",                                     // 363  8000016B
00407         "vsprintf",                                      // 364  8000016C
00408         "HalEnableSecureTrayEject",                      // 365  8000016D
00409         "HalWriteSMCScratchRegister"                     // 366  8000016E
00410 };
00411 
00412 static ht_view *htxbeimports_init(bounds *b, ht_streamfile *file, ht_format_group *group)
00413 {
00414         ht_xbe_shared_data *xbe_shared=(ht_xbe_shared_data *)group->get_shared_data();
00415 
00416         int h0=new_timer();
00417         start_timer(h0);
00418 
00419         ht_group *g;
00420         bounds c;
00421 
00422         c=*b;
00423         g=new ht_group();
00424         g->init(&c, VO_RESIZE, DESC_XBE_IMPORTS"-g");
00425         ht_statictext *head;
00426 
00427         int function_count=0;
00428 
00429         c.y++;
00430         c.h--;
00431         ht_xbe_import_viewer *v=new ht_xbe_import_viewer();
00432         v->init(&c, DESC_XBE_IMPORTS, group);
00433 
00434         c.y--;
00435         c.h=1;
00436 
00437         FILEOFS ofs;
00438         UINT thunktablerva = xbe_shared->header.kernel_image_thunk_address - xbe_shared->header.base_address;
00439         UINT *thunktable = (UINT *)malloc(sizeof(xbox_exports));
00440         if (!thunktable) goto xbe_read_error;
00441         memset(thunktable, 0, sizeof(xbox_exports));
00442 
00443         if (!xbe_rva_to_ofs(&xbe_shared->sections, thunktablerva, &ofs))
00444                 goto xbe_read_error;
00445 
00446         file->seek(ofs);
00447         if (file->read(thunktable, sizeof(xbox_exports)-4) != sizeof(xbox_exports)-4)
00448                 goto xbe_read_error;
00449 
00450         for (; *thunktable; thunktable++, thunktablerva+=4) {
00451                 UINT ordinal;
00452 
00453                 ordinal = create_host_int(thunktable, 4, little_endian);
00454                 ht_xbe_import_function *func = new ht_xbe_import_function(thunktablerva, (char *)xbox_exports[ordinal & 0xfff], ordinal);
00455                 xbe_shared->imports.funcs->insert(func);
00456                 function_count++;
00457         }
00458         
00459 
00460         stop_timer(h0);
00461 //      LOG("%s: PE: %d ticks (%d msec) to read imports", file->get_name(), get_timer_tick(h0), get_timer_msec(h0));
00462         delete_timer(h0);
00463 
00464         char iline[256];
00465         ht_snprintf(iline, sizeof iline, "* XBE kernel thunk table at offset %08x (%d functions)", xbe_shared->header.kernel_image_thunk_address, function_count);
00466         head=new ht_statictext();
00467         head->init(&c, iline, align_left);
00468 
00469         g->insert(head);
00470         g->insert(v);
00471         //
00472         for (UINT i=0; i<xbe_shared->imports.funcs->count(); i++) {
00473                 ht_xbe_import_function *func = (ht_xbe_import_function*)xbe_shared->imports.funcs->get(i);
00474                 assert(func);
00475                 char addr[32], name[256];
00476                 ht_snprintf(addr, sizeof addr, "%08x", func->address);
00477                 if (func->byname) {
00478                         ht_snprintf(name, sizeof name, "%s", func->name.name);
00479                 } else {
00480                         ht_snprintf(name, sizeof name, "%04x (by ordinal)", func->ordinal);
00481                 }
00482                 v->insert_str(i, "NTOSKRNL.EXE", addr, name);
00483         }
00484         //
00485         v->update();
00486 
00487         g->setpalette(palkey_generic_window_default);
00488 
00489         xbe_shared->v_imports=v;
00490         return g;
00491 xbe_read_error:
00492         delete_timer(h0);
00493         errorbox("%s: XBE import section seems to be corrupted.", file->get_filename());
00494         g->done();
00495         delete g;
00496         v->done();
00497         delete v;
00498         return NULL;
00499 }
00500 
00501 format_viewer_if htxbeimports_if = {
00502         htxbeimports_init,
00503         NULL
00504 };
00505 
00506 /*
00507  *      ht_xbe_import_function
00508  */
00509 ht_xbe_import_function::ht_xbe_import_function(RVA a, UINT o)
00510 {
00511         ordinal = o;
00512         address = a;
00513         byname = false;
00514 }
00515 
00516 ht_xbe_import_function::ht_xbe_import_function(RVA a, char *n, UINT h)
00517 {
00518         name.name = ht_strdup(n);
00519         name.hint = h;
00520         address = a;
00521         byname = true;
00522 }
00523 
00524 ht_xbe_import_function::~ht_xbe_import_function()
00525 {
00526         if ((byname) && (name.name)) free(name.name);
00527 }
00528 
00529 /*
00530  *      ht_xbe_import_viewer
00531  */
00532 void ht_xbe_import_viewer::init(bounds *b, char *Desc, ht_format_group *fg)
00533 {
00534         ht_text_listbox::init(b, 3, 2, LISTBOX_QUICKFIND);
00535         options |= VO_BROWSABLE;
00536         desc = strdup(Desc);
00537         format_group = fg;
00538         grouplib = false;
00539         sortby = 1;
00540         dosort();
00541 }
00542 
00543 void ht_xbe_import_viewer::done()
00544 {
00545         ht_text_listbox::done();
00546 }
00547 
00548 void ht_xbe_import_viewer::dosort()
00549 {
00550         ht_text_listbox_sort_order sortord[2];
00551         UINT l, s;
00552         if (grouplib) {
00553                 l = 0;
00554                 s = 1;
00555         } else {
00556                 l = 1;
00557                 s = 0;
00558         }
00559         sortord[l].col = 0;
00560         sortord[l].compare_func = strcmp;
00561         sortord[s].col = sortby;
00562         sortord[s].compare_func = strcmp;
00563         sort(2, sortord);
00564 }
00565 
00566 char *ht_xbe_import_viewer::func(UINT i, bool execute)
00567 {
00568         switch (i) {
00569                 case 2:
00570                         if (execute) {
00571                                 grouplib = !grouplib;
00572                                 dosort();
00573                         }
00574                         return grouplib ? (char*)"nbylib" : (char*)"bylib";
00575                 case 4:
00576                         if (execute) {
00577                                 if (sortby != 1) {
00578                                         sortby = 1;
00579                                         dosort();
00580                                 }
00581                         }
00582                         return "byaddr";
00583                 case 5:
00584                         if (execute) {
00585                                 if (sortby != 2) {
00586                                         sortby = 2;
00587                                         dosort();
00588                                 }
00589                         }
00590                         return "byname";
00591         }
00592         return NULL;
00593 }
00594 
00595 void ht_xbe_import_viewer::handlemsg(htmsg *msg)
00596 {
00597         switch (msg->msg) {
00598                 case msg_funcexec:
00599                         if (func(msg->data1.integer, 1)) {
00600                                 clearmsg(msg);
00601                                 return;
00602                         }
00603                         break;
00604                 case msg_funcquery: {
00605                         char *s=func(msg->data1.integer, 0);
00606                         if (s) {
00607                                 msg->msg=msg_retval;
00608                                 msg->data1.str=s;
00609                         }
00610                         break;
00611                 }
00612 /*              case msg_get_scrollinfo:
00613                         switch (msg->data1.integer) {
00614                                 case gsi_pindicator: {
00615                                         strcpy((char*)msg->data2.ptr, " Enter to view, Backspace to return here");
00616                                         clearmsg(msg);
00617                                         return;
00618                                 }
00619                         }
00620                         break;*/
00621                 case msg_keypressed: {
00622                         if (msg->data1.integer == K_Return) {
00623                                 select_entry(e_cursor);
00624                                 clearmsg(msg);
00625                         }
00626                         break;
00627                 }
00628         }
00629         ht_text_listbox::handlemsg(msg);
00630 }
00631 
00632 bool ht_xbe_import_viewer::select_entry(void *entry)
00633 {
00634         ht_text_listbox_item *i = (ht_text_listbox_item *)entry;
00635 
00636         ht_xbe_shared_data *xbe_shared=(ht_xbe_shared_data *)format_group->get_shared_data();
00637 
00638         ht_xbe_import_function *e = (ht_xbe_import_function*)xbe_shared->imports.funcs->get(i->id);
00639         if (!e) return true;
00640         if (xbe_shared->v_image) {
00641                 ht_aviewer *av = (ht_aviewer*)xbe_shared->v_image;
00642                 XBEAnalyser *a = (XBEAnalyser*)av->analy;
00643                 Address *addr;
00644                 addr = a->createAddress32(e->address+xbe_shared->header.base_address);
00645                 if (av->gotoAddress(addr, NULL)) {
00646                         app->focus(av);
00647                         vstate_save();
00648                 } else {
00649                         global_analyser_address_string_format = ADDRESS_STRING_FORMAT_COMPACT | ADDRESS_STRING_FORMAT_ADD_0X;
00650                         errorbox("can't follow: %s %y is not valid !", "import address", addr);
00651                 }
00652                 delete addr;
00653         } else errorbox("can't follow: no image viewer");
00654         return true;
00655 }
Generated on Fri May 7 21:15:38 2004 by doxygen 1.3.5