概述
前段时间突然兴趣大发,把KDCOM.DLL用IDA进行了分析和阅读,并导出成asm文件,作了修改和编译使之可以编译后替换原先的kdcom.dll正常工作, 这之间最难的莫过于kdcom.dll无法进行调试和跟踪的问题了, 手段非常有限, 我暂时只知道使用一下Vmware的后门I/O port进行一些检测性的LOG,以致使由反向代码编译出的kdom.dll最终能正常工作花费了我极多的时间.
事实上, 由IDA导出的代码要修改的问题并不多,只涉及到以下方面:
1.API函数导入和导出的问题,包括命名和正确链接;
2.代码的区段问题和一些全局绝对址的引用问题,如_KUSER_SHARED_DATA的引用,IDA反编出是这样的
and byte ptr ds:0FFDF02D4h, 0FDh
事实上必须写成 and byte ptr ds:[0FFDF02D4h], 0FDh
否则Masm32编译生成出问题,VMWARE直接就崩溃.
3.导入变量的地址使用问题,这里是搞了我最多时间的地方,因为,发生这种异常VMWARE直接就出错,结束,郁闷呀.
类似第2点的问题,
例如,IDA反编出来的,关于使用KdDebuggerNotPresent这个由ntosknrl.exe导出的符时,语句是这样的
- mov eax, ds:_KdDebuggerNotPresent
- and byte ptr [eax], 0
把_KdDebuggerNotPresent改成KdDebuggerNotPresent编译和链接都没有问题,都一运行VMWARE就直接崩溃.
事实上应该写成这样的(这个可是花了我无数的时间才发现的,--#):
- mov eax, dword ptr ds:[KdDebuggerNotPresent]
- and byte ptr [eax], 0
下面给出可以编译生成正常运行的反向汇编源代码,有三个文件kdcom.Inc,kdcom.def和kdcom.Asm,需要安装RadASM这个IDE来编译.
kdcom.Inc:
- ;kdcom.Inc
- ;
- include w2k/ntstatus.inc
- include w2k/ntddk.inc
- include w2k/ntoskrnl.inc
- include w2k/hal.inc
- includelib hal.lib
- includelib ntoskrnl.lib
kdcom.def
- EXPORTS
- KdD0Transition
- KdD3Transition=KdD0Transition
- KdDebuggerInitialize0
- KdDebuggerInitialize1
- KdReceivePacket
- KdRestore
- KdSave
- KdSendPacket
kdcom.Asm:
- ;
- ; BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
- ; ?This file is generated by The Interactive Disassembler (IDA) ?
- .686p
- .model flat,stdcall
- include kdcom.inc
- ;
- ;import variable
- ; extrn KdComPortInUse:dword
- ; extrn KdDebuggerNotPresent:dword
- ; extrn HalPrivateDispatchTable:dword
- ; Section 2. (virtual address 00000D00)
- ; Virtual size : 0000009C ( 156.)
- ; Section size in file : 00000100 ( 256.)
- ; Offset to raw data for section: 00000D00
- ; Flags C8000040: Data Not pageable Readable Writable
- ; Alignment : default
- ; BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
- ; Segment type: Pure data
- ; Segment permissions: Read/Write
- _data segment para public 'DATA' use32
- aKdReceivePacket db 'KdReceivePacket',0Ah,0Dh,0
- aKdSendPacket db 'KdSendPacket',0
- aSwitchingDebug db 'Switching debugger to 9600 baud',0Ah,0 ; DATA XREF: CpReadLsr(x,x)+194o
- aDebugport db 'DEBUGPORT',0 ; DATA XREF: KdDebuggerInitialize0(x)+18o
- aBaudrate db 'BAUDRATE',0 ; DATA XREF: KdDebuggerInitialize0(x)+25o
- aCom db 'COM',0 ; DATA XREF: KdDebuggerInitialize0(x)+3Bo
- _KdCompNumberRetries dd 5 ; DATA XREF: KdReceivePacket(x,x,x,x,x)+51w
- ; KdSendPacket(x,x,x,x)+54w ...
- _KdCompRetryCount dd 5 ; DATA XREF: KdReceivePacket(x,x,x,x,x)+4Br
- ; KdSendPacket(x,x,x,x)+3Br ...
- _KdCompDbgPortsPresent db 1 ; DATA XREF: KdRestore(x)+7w
- ; CpReadLsr(x,x)+34w ...
- aPrtOvlFrm db 20h ; DATA XREF: CpReadLsr(x,x)+1ACo
- db 50h ; P
- db 52h ; R
- db 54h ; T
- db 20h
- db 4Fh ; O
- db 56h ; V
- db 4Ch ; L
- db 20h
- db 46h ; F
- db 52h ; R
- db 4Dh ; M
- aAt db 0Ah ; DATA XREF: CpReadLsr(x,x)+D5o
- db 0Dh,'AT',0Ah
- db 0Dh,0
- _Port dd 0 ; DATA XREF: KdCompGetByte(x)+6o
- ; KdCompPollByte(x)+6o ...
- _com_status_flag db 1 ; DATA XREF: KdCompRestore()w
- ; KdCompSave()w ...
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- _PortInformation dd 0 ; DATA XREF: KdCompInitialize(x,x)+88w
- ; KdCompInitialize(x,x):loc_GetSavedPortInfow ...
- _ComBaudratePara dd 0 ; DATA XREF: KdCompInitialize(x,x)+B5w
- ; KdCompInitialize(x,x)+CBw ...
- db 1
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- db 0
- _KdComAddressID db 1 ; DATA XREF: KdCompInitialize1()r
- ; KdCompInitialize(x,x)+4Aw ...
- _KdWriteUchar dd offset CpWritePortUchar ; DATA XREF: CpSetBaud(x,x)+2Dr
- ; CpSetBaud(x,x)+3Er ...
- ; CpWritePortUchar(x,x)
- _KdReadUchar dd offset CpReadPortUchar ; DATA XREF: CpSetBaud(x,x)+1Er
- ; CpSendModemString(x,x)+A4r ...
- ; CpReadPortUchar(x)
- _KdCompDbgParams dd 0 ; DATA XREF: KdDebuggerInitialize0(x)+56w
- ; KdDebuggerInitialize0(x)+7Fo
- _ArgKdcomBaudrate dd 0 ; DATA XREF: KdDebuggerInitialize0(x)+78w
- _KdCompPacketIdExpected dd 0 ; DATA XREF: KdDebuggerInitialize0(x)+98w
- ; KdReceivePacket(x,x,x,x,x)+13Dr ...
- _KdCompNextPacketIdToSend dd 0 ; DATA XREF: KdDebuggerInitialize0(x)+8Ew
- ; KdReceivePacket(x,x,x,x,x)+F8r ...
- byte_MsrLastValue db 0 ; DATA XREF: CpReadLsr(x,x)+149r
- ; CpReadLsr(x,x)+1E0w
- byte_LsrExpectedError db 0 ; DATA XREF: CpReadLsr(x,x)+74w
- ; CpReadLsr(x,x)+13Er ...
- dword_80010D7C dd 0 ; DATA XREF: CpSendModemString(x,x)+1Er
- ; CpSendModemString(x,x)+4Bw ...
- byte_LsrParityError db 0 ; DATA XREF: CpReadLsr(x,x)+4Cw
- ; CpReadLsr(x,x)+1A7o
- byte_LsrOverrunError db 0 ; DATA XREF: CpReadLsr(x,x)+58w
- byte_LsrFramingError db 0 ; DATA XREF: CpReadLsr(x,x)+64w
- _KdCompDbgErrorCount db 0 ; DATA XREF: CpReadLsr(x,x)+21w
- ; CpReadLsr(x,x)+27r ...
- byte_MsrRingIndicator db 0 ; DATA XREF: CpReadLsr(x,x)+BDw
- ; CpReadLsr(x,x)+15Ew ...
- _ComPort dd 0 ; DATA XREF: KdCompInitialize(x,x)+22Cw
- _HalpGetInfoFromACPI db 0 ; DATA XREF: KdCompInitialize(x,x)+A1w
- ; KdCompInitialize(x,x)+E9r
- _DbgpKdComPhysicalAddress0 dd 0 ; DATA XREF: KdCompInitialize1()+13r
- _DbgpKdComPhysicalAddress4 dd 0 ; DATA XREF: KdCompInitialize1()+13r
- ; KdCompInitialize(x,x)+60w ...
- _HalpDebugPortTable dd 0 ; DATA XREF: KdCompInitialize(x,x)+2Ew
- ; KdCompInitialize(x,x):loc_80010A63r ...
- _HintsCount dd 0CAFEBEBEh
- _data ends
- .CODE _text
- HintOsNotFound proc near ; CODE XREF: KdVmCommunicationsBackChannelNotify+1Ap
- pushad
- mov eax, 564D5868h
- mov ebx,_HintsCount
- inc ebx
- mov _HintsCount,ebx
- cmp ebx,0CAFEBEC0h
- ja loc_return
- mov cx, 12h
- mov dx, 5658h
- in eax, dx
- loc_return:
- popad
- retn
- HintOsNotFound endp
- ; BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
- ; Segment type: Pure code
- ; Segment permissions: Read/Execute
- ;_text segment para public 'CODE' use32
- ; assume cs:_text
- ;org 80010344h
- ; assume es:nothing, ss:nothing, _data, fs:nothing, gs:nothing
- ;AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
- ; Exported entry 1. KdD0Transition
- ; Exported entry 2. KdD3Transition
- ; _stdcall KdD0Transition()
- public KdD0Transition
- KdD0Transition proc near
- xor eax, eax ; KdD0Transition
- retn
- KdD0Transition endp
- ; CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
- ; Exported entry 3. KdDebuggerInitialize0
- ; _stdcall KdDebuggerInitialize0(pctx)
- public KdDebuggerInitialize0
- KdDebuggerInitialize0 proc near
- var_C = dword ptr -0Ch
- arg_0 = dword ptr 8
- push ebx
- mov ebx, [esp+arg_0]
- test ebx, ebx
- jz short loc_reinit
- push esi
- mov esi, [ebx+44h]
- test esi, esi
- jz short loc_80010423
- push edi
- push esi ; char *
- call _strupr
- mov [esp+0Ch+var_C], offset aDebugport ; "DEBUGPORT"
- push esi ; char *
- call strstr
- push offset aBaudrate ; "BAUDRATE"
- push esi ; char *
- mov edi, eax
- call strstr
- add esp, 10h
- test edi, edi
- mov esi, eax
- jz short loc_80010401
- push offset aCom ; "COM"
- push edi ; char *
- call strstr
- test eax, eax
- pop ecx
- pop ecx
- jz short loc_80010401
- add eax, 3
- push eax
- call atol
- pop ecx
- mov _KdCompDbgParams, eax
- loc_80010401: ; CODE XREF: KdDebuggerInitialize0(x)+39j
- ; KdDebuggerInitialize0(x)+4Aj
- test esi, esi
- pop edi
- jz short loc_80010423
- add esi, 8
- jmp short loc_8001040C
- ; CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
- loc_8001040B: ; CODE XREF: KdDebuggerInitialize0(x)+69j
- inc esi
- loc_8001040C: ; CODE XREF: KdDebuggerInitialize0(x)+63j
- cmp byte ptr [esi], 20h ; Data Ready?
- jz short loc_8001040B
- cmp byte ptr [esi], 0
- jz short loc_80010423
- inc esi
- push esi
- call atol
- pop ecx
- mov _ArgKdcomBaudrate, eax
- loc_80010423: ; CODE XREF: KdDebuggerInitialize0(x)+Fj
- ; KdDebuggerInitialize0(x)+5Ej ...
- pop esi
- loc_reinit: ; CODE XREF: KdDebuggerInitialize0(x)+7j
- push ebx
- push offset _KdCompDbgParams
- call KdCompInitialize ; KdCompInitialize(_KdCompDbgParams,pctx)
- test eax, eax
- pop ebx
- jl short locret_80010448
- mov _KdCompNextPacketIdToSend, 80800800h
- mov _KdCompPacketIdExpected, 80800000h
- locret_80010448: ; CODE XREF: KdDebuggerInitialize0(x)+8Cj
- retn 4
- KdDebuggerInitialize0 endp
- ;++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- ; Exported entry 4. KdDebuggerInitialize1
- ;------------------------------------------------------------------------
- ; _stdcall KdDebuggerInitialize1(x)
- public KdDebuggerInitialize1
- KdDebuggerInitialize1 proc near
- call KdCompInitialize1 ; KdCompInitialize1()
- xor eax, eax
- retn 4
- KdDebuggerInitialize1 endp
- ; Exported entry 7. KdSave
- ;------------------------------------------------------------------------
- ; _stdcall KdSave(x)
- public KdSave
- KdSave proc near
- call KdCompSave ; KdCompSave()
- xor eax, eax
- retn 4
- KdSave endp
- ; Exported entry 6. KdRestore
- ;------------------------------------------------------------------------
- ; _stdcall KdRestore(x)
- public KdRestore
- KdRestore proc near
- arg_0 = byte ptr 4
- cmp [esp+arg_0], 0
- jz short loc_80010470
- and _KdCompDbgPortsPresent, 0
- jmp short loc_80010475
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- loc_80010470: ; CODE XREF: KdRestore(x)+5j
- call KdCompRestore ; KdCompRestore()
- loc_80010475: ; CODE XREF: KdRestore(x)+Ej
- xor eax, eax
- retn 4
- KdRestore endp
- ;------------------------------------------------------------------------
- ; Attributes: bp-based frame
- ; _stdcall CpSetBaud(x, x)
- CpSetBaud proc near ; CODE XREF: CpReadLsr(x,x)+1A0p
- ; CpGetByte(x,x,x)+3Ap ...
- arg_0 = dword ptr 8
- arg_4 = dword ptr 0Ch
- push ebp
- mov ebp, esp
- push ebx
- mov ebx, [ebp+arg_4]
- xor edx, edx
- mov eax, 1C200h
- div ebx
- push esi
- push edi
- mov edi, [ebp+arg_0]
- mov esi, [edi]
- add esi, 3
- push esi
- mov [ebp+arg_4], eax
- call _KdReadUchar ; CpReadPortUchar(x)
- or al, 80h
- mov byte ptr [ebp+arg_0], al
- push [ebp+arg_0]
- push esi
- call _KdWriteUchar ; CpWritePortUchar(x,x)
- mov eax, [ebp+arg_4]
- mov esi, [edi]
- shr eax, 8
- push eax
- inc esi
- push esi
- call _KdWriteUchar ; CpWritePortUchar(x,x)
- push [ebp+arg_4]
- dec esi
- push esi
- call _KdWriteUchar ; CpWritePortUchar(x,x)
- mov eax, [edi]
- push 3
- add eax, 3
- push eax
- call _KdWriteUchar ; CpWritePortUchar(x,x)
- mov [edi+4], ebx
- pop edi
- pop esi
- pop ebx
- pop ebp
- retn 8
- CpSetBaud endp
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- ;------------------------------------------------------------------------
- ; Attributes: bp-based frame
- ; _stdcall CpSendModemString(x, x)
- CpSendModemString proc near ; CODE XREF: CpReadLsr(x,x)+ECp
- ; CpReadLsr(x,x)+120p
- var_10 = dword ptr -10h
- var_6 = word ptr -6
- arg_0 = dword ptr 8
- arg_4 = dword ptr 0Ch
- push ebp
- mov ebp, esp
- sub esp, 10h
- push esi
- mov esi, [ebp+arg_0]
- mov ax, [esi+8]
- test al, 40h
- jnz loc_80010597
- or ax, 40h
- mov [esi+8], ax
- mov eax, dword_80010D7C
- test eax, eax
- push ebx
- push edi
- jnz short loc_80010548
- lea eax, [ebp+var_10]
- push eax
- call HalQueryRealTimeClock ; HalQueryRealTimeClock(x)
- movsx edi, [ebp+var_6]
- loc_80010518: ; CODE XREF: CpSendModemString(x,x)+53j
- push 0
- push esi
- call CpReadLsr ; CpReadLsr(x,x)
- lea eax, [ebp+var_10]
- push eax
- call HalQueryRealTimeClock ; HalQueryRealTimeClock(x)
- movsx eax, [ebp+var_6]
- inc dword_80010D7C
- cmp edi, eax
- jz short loc_80010518
- mov eax, dword_80010D7C
- push 3
- xor edx, edx
- pop ecx
- div ecx
- mov dword_80010D7C, eax
- loc_80010548: ; CODE XREF: CpSendModemString(x,x)+27j
- mov edi, [ebp+arg_4]
- mov ebx, eax
- jmp short loc_8001058C
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- loc_8001054F: ; CODE XREF: CpSendModemString(x,x)+ADj
- lea eax, [ebp+var_10]
- push eax
- call HalQueryRealTimeClock ; HalQueryRealTimeClock(x)
- push 0
- push esi
- call CpReadLsr ; CpReadLsr(x,x)
- test al, 20h
- mov byte ptr [ebp+arg_0+3], al
- jz short loc_8001057E
- dec ebx
- jnz short loc_8001057E
- xor eax, eax
- mov al, [edi]
- push eax
- push dword ptr [esi]
- call _KdWriteUchar ; CpWritePortUchar(x,x)
- mov ebx, dword_80010D7C
- inc edi
- loc_8001057E: ; CODE XREF: CpSendModemString(x,x)+83j
- ; CpSendModemString(x,x)+86j
- test byte ptr [ebp+arg_0+3], 1
- jz short loc_8001058C
- push dword ptr [esi]
- call _KdReadUchar ; CpReadPortUchar(x)
- loc_8001058C: ; CODE XREF: CpSendModemString(x,x)+6Bj
- ; CpSendModemString(x,x)+A0j
- cmp byte ptr [edi], 0
- jnz short loc_8001054F
- and byte ptr [esi+8], 0BFh
- pop edi
- pop ebx
- loc_80010597: ; CODE XREF: CpSendModemString(x,x)+10j
- pop esi
- leave
- retn 8
- CpSendModemString endp
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- ;------------------------------------------------------------------------
- ; Attributes: bp-based frame
- ; _stdcall CpReadLsr(x, x)
- CpReadLsr proc near ; CODE XREF: CpSendModemString(x,x)+39p
- ; CpSendModemString(x,x)+79p ...
- var_18 = dword ptr -18h
- var_10 = dword ptr -10h
- var_8 = word ptr -8
- var_6 = word ptr -6
- port = dword ptr 8
- vLsr = dword ptr 0Bh
- CheckStatus = byte ptr 0Ch
- vMsr = byte ptr 0Fh
- push ebp
- mov ebp, esp
- sub esp, 40h
- push esi
- mov esi, [ebp+port]
- mov eax, [esi]
- add eax, 5
- push eax
- call _KdReadUchar ; CpReadPortUchar(x)
- mov cl, al
- mov al, 0FFh
- cmp cl, al
- mov byte ptr [ebp+vLsr], cl ;Lsr
- jnz short loc_80010604
- inc _KdCompDbgErrorCount
- cmp _KdCompDbgErrorCount, 19h
- jb loc_800107A4
- and _KdCompDbgPortsPresent, 0
- and _KdCompDbgErrorCount, 0
- jmp loc_800107A4
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- loc_80010604: ; CODE XREF: CpReadLsr(x,x)+1Fj
- test cl, 4 ; Parity Error?
- jz short loc_80010610
- mov byte_LsrParityError, 8
- loc_80010610: ; CODE XREF: CpReadLsr(x,x)+4Aj
- test cl, 2 ; Overrun Error?
- jz short loc_8001061C
- mov byte_LsrOverrunError, 8
- loc_8001061C: ; CODE XREF: CpReadLsr(x,x)+56j
- test cl, 8 ; Framing Error?
- jz short loc_80010628
- mov byte_LsrFramingError, 8
- loc_80010628: ; CODE XREF: CpReadLsr(x,x)+62j
- test [ebp+CheckStatus], cl ; ?Expectecd
- jz short loc_notCheckStatus
- mov al, cl
- or al, 0FEh
- mov byte_LsrExpectedError, al
- mov al, cl
- jmp loc_800107A4
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- loc_notCheckStatus: ; CODE XREF: CpReadLsr(x,x)+6Ej
- mov eax, [esi]
- push edi
- add eax, 6
- push eax
- call _KdReadUchar ; CpReadPortUchar(x)
- mov [ebp+vMsr], al
- mov ax, [esi+8]
- test al, 2
- jz loc_800106E2
- test [ebp+vMsr], 80h
- jz short loc_80010669
- or ax, 90h
- mov [esi+8], ax
- jmp short loc_800106E2
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- loc_80010669: ; CODE XREF: CpReadLsr(x,x)+A0j
- test al, 10h
- jz short loc_80010681
- lea eax, [esi+0Ah]
- push eax
- call HalQueryRealTimeClock ; HalQueryRealTimeClock(x)
- and byte ptr [esi+8], 0EFh
- and byte_MsrRingIndicator, 0
- loc_80010681: ; CODE XREF: CpReadLsr(x,x)+AEj
- lea eax, [ebp+var_10]
- push eax
- call HalQueryRealTimeClock ; HalQueryRealTimeClock(x)
- mov ax, [ebp+var_8]
- cmp ax, [esi+12h]
- mov edi, offset aAt ; "/n/rAT/n/r"
- jz short loc_800106AE
- mov ax, [ebp+var_6]
- cmp ax, [esi+14h]
- jl short loc_800106AE
- and byte ptr [esi+8], 0FDh
- push edi
- push esi
- call CpSendModemString ; CpSendModemString(x,x)
- loc_800106AE: ; CODE XREF: CpReadLsr(x,x)+DAj
- ; CpReadLsr(x,x)+E4j
- mov ax, [esi+8]
- test al, al
- jns short loc_800106E2
- mov cx, [esi+14h]
- cmp [ebp+var_6], cx
- jge short loc_800106C5
- add [ebp+var_6], 3Ch
- loc_800106C5: ; CODE XREF: CpReadLsr(x,x)+101j
- movsx edx, [ebp+var_6]
- movsx ecx, cx
- add ecx, 0Ah
- cmp edx, ecx
- jle short loc_800106E2
- push edi
- and ax, 0FF7Fh
- push esi
- mov [esi+8], ax
- call CpSendModemString ; CpSendModemString(x,x)
- loc_800106E2: ; CODE XREF: CpReadLsr(x,x)+96j
- ; CpReadLsr(x,x)+AAj ...
- test byte ptr [esi+8], 4
- jnz short loc_800106F0
- mov al, byte ptr [ebp+vLsr]
- jmp loc_800107A3
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- loc_800106F0: ; CODE XREF: CpReadLsr(x,x)+129j
- mov eax, dword ptr ds:[HalPrivateDispatchTable]
- call dword ptr [eax+3Ch]
- mov al, byte ptr [ebp+vLsr]
- cmp al, byte_LsrExpectedError
- jnz short loc_80010712
- mov cl, [ebp+vMsr]
- cmp cl, byte_MsrLastValue
- jz loc_800107A3
- loc_80010712: ; CODE XREF: CpReadLsr(x,x)+144j
- test [ebp+vMsr], 40h ; Ring Indicator ?
- setz al
- inc al
- or byte_MsrRingIndicator, al
- cmp byte_MsrRingIndicator, 3
- jnz short loc_80010762
- and byte_MsrRingIndicator, 0
- xor eax, eax
- mov ax, [esi+8]
- and eax, 0FF7Fh
- or eax, 12h
- test al, 1
- mov [esi+8], ax
- jz short loc_80010762
- mov edi, 2580h
- cmp [esi+4], edi
- jz short loc_80010762
- push offset aSwitchingDebug ; "Switching debugger to 9600 baud/n"
- call ds:InbvDisplayString ; InbvDisplayString(x)
- push edi
- push esi
- call CpSetBaud ; CpSetBaud(x,x)
- loc_80010762: ; CODE XREF: CpReadLsr(x,x)+16Bj
- ; CpReadLsr(x,x)+188j ...
- push 3
- mov edx, offset byte_LsrParityError
- mov esi, offset aPrtOvlFrm
- lea ecx, [ebp+var_18]
- pop edi
- loc_80010772: ; CODE XREF: CpReadLsr(x,x)+1D3j
- mov al, [edx]
- test al, al
- jz short loc_80010782
- dec al
- mov [edx], al
- mov eax, [esi]
- mov [ecx], eax
- jmp short loc_80010788
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- loc_80010782: ; CODE XREF: CpReadLsr(x,x)+1B9j
- mov dword ptr [ecx], 20202020h
- loc_80010788: ; CODE XREF: CpReadLsr(x,x)+1C3j
- inc edx
- add esi, 4
- sub ecx, 4
- dec edi
- jnz short loc_80010772
- mov al, byte ptr [ebp+vLsr]
- mov cl, [ebp+vMsr]
- mov byte_LsrExpectedError, al
- mov byte_MsrLastValue, cl
- loc_800107A3: ; CODE XREF: CpReadLsr(x,x)+12Ej
- ; CpReadLsr(x,x)+14Fj
- pop edi
- loc_800107A4: ; CODE XREF: CpReadLsr(x,x)+2Ej
- ; CpReadLsr(x,x)+42j ...
- pop esi
- leave
- retn 8
- CpReadLsr endp
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- ;------------------------------------------------------------------------
- ; _stdcall CpPutByte(x, x)
- CpPutByte proc near ; CODE XREF: KdCompPutByte(x)+9p
- arg_0 = dword ptr 4
- cmp _KdCompDbgPortsPresent, 0
- jz short locret_8001080D
- push esi
- mov esi, [esp+4+arg_0]
- test byte ptr [esi+8], 2
- jz short loc_800107F4
- push ebx
- loc_800107BF: ; CODE XREF: CpPutByte(x,x)+47j
- mov eax, [esi]
- add eax, 6
- push eax
- call _KdReadUchar ; CpReadPortUchar(x)
- mov bl, al
- and bl, 0B0h
- cmp bl, 0B0h
- jz short loc_800107F3
- push 0
- push esi
- call CpReadLsr ; CpReadLsr(x,x)
- test bl, bl
- js short loc_800107ED
- test al, 1
- jz short loc_800107ED
- push dword ptr [esi]
- call _KdReadUchar ; CpReadPortUchar(x)
- loc_800107ED: ; CODE XREF: CpPutByte(x,x)+35j
- ; CpPutByte(x,x)+39j
- test byte ptr [esi+8], 2
- jnz short loc_800107BF
- loc_800107F3: ; CODE XREF: CpPutByte(x,x)+29j
- pop ebx
- loc_800107F4: ; CODE XREF: CpPutByte(x,x)+12j
- ; CpPutByte(x,x)+54j
- push 20h
- push esi
- call CpReadLsr ; CpReadLsr(x,x)
- test al, 20h
- jz short loc_800107F4
- push dword ptr [esp+0Ch]
- push dword ptr [esi]
- call _KdWriteUchar ; CpWritePortUchar(x,x)
- pop esi
- locret_8001080D: ; CODE XREF: CpPutByte(x,x)+7j
- retn 8
- CpPutByte endp
- ;------------------------------------------------------------------------
- ; Attributes: bp-based frame
- ; _stdcall CpGetByte(x, x, x)
- CpGetByte proc near ; CODE XREF: KdCompGetByte(x)+Bp
- ; KdCompPollByte(x)+Bp
- arg_0 = dword ptr 8
- arg_4 = dword ptr 0Ch
- arg_8 = byte ptr 10h
- arg_B = byte ptr 13h
- push ebp
- mov ebp, esp
- push esi
- mov esi, [ebp+arg_0]
- cmp dword ptr [esi], 0
- jnz short loc_portIsOk
- mov eax, dword ptr ds:[HalPrivateDispatchTable]
- call dword ptr [eax+3Ch]
- mov ax, 1
- jmp loc_return
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- loc_portIsOk: ; CODE XREF: CpGetByte(x,x,x)+Aj
- push ebx
- xor ebx, ebx
- inc ebx
- cmp _KdCompDbgPortsPresent, 0
- push edi
- jnz short loc_80010855
- push ebx
- push esi
- call CpReadLsr ; CpReadLsr(x,x)
- cmp al, 0FFh
- jz short loc_800108AE
- push dword ptr [esi+4]
- push esi
- call CpSetBaud ; CpSetBaud(x,x)
- mov _KdCompDbgPortsPresent, bl
- loc_80010855: ; CODE XREF: CpGetByte(x,x,x)+29j
- mov al, [ebp+arg_8]
- neg al
- sbb eax, eax
- and eax, 31FFFh
- inc eax
- mov edi, eax
- jz short loc_8001089F
- loc_80010866: ; CODE XREF: CpGetByte(x,x,x)+8Dj
- push ebx
- push esi
- dec edi
- call CpReadLsr ; CpReadLsr(x,x)
- cmp al, 0FFh
- jz short loc_800108AE
- test al, bl
- jz short loc_8001089B
- test al, 0Eh
- jnz short loc_800108B8
- push dword ptr [esi]
- call _KdReadUchar ; CpReadPortUchar(x)
- test byte ptr [esi+8], 2
- mov [ebp+arg_B], al
- jz short loc_800108C4
- mov eax, [esi]
- add eax, 6
- push eax
- call _KdReadUchar ; CpReadPortUchar(x)
- test al, al
- js short loc_800108C4
- loc_8001089B: ; CODE XREF: CpGetByte(x,x,x)+64j
- test edi, edi
- jnz short loc_80010866
- loc_8001089F: ; CODE XREF: CpGetByte(x,x,x)+54j
- and byte_LsrExpectedError, 0
- push 0
- push esi
- call CpReadLsr ; CpReadLsr(x,x)
- loc_800108AE: ; CODE XREF: CpGetByte(x,x,x)+34j
- ; CpGetByte(x,x,x)+60j
- mov ax, bx
- loc_800108B1: ; CODE XREF: CpGetByte(x,x,x)+B2j
- ; CpGetByte(x,x,x)+BFj
- pop edi
- pop ebx
- loc_return: ; CODE XREF: CpGetByte(x,x,x)+18j
- pop esi
- pop ebp
- retn 0Ch
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- loc_800108B8: ; CODE XREF: CpGetByte(x,x,x)+68j
- mov eax, [ebp+arg_4]
- and byte ptr [eax], 0
- mov ax, 2
- jmp short loc_800108B1
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- loc_800108C4: ; CODE XREF: CpGetByte(x,x,x)+79j
- ; CpGetByte(x,x,x)+89j
- mov eax, [ebp+arg_4]
- mov cl, [ebp+arg_B]
- mov [eax], cl
- xor ax, ax
- jmp short loc_800108B1
- CpGetByte endp
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- align 2
- ;------------------------------------------------------------------------
- ; Attributes: bp-based frame
- ; _stdcall CpDoesPortExist(x)
- CpDoesPortExist proc near ; CODE XREF: KdCompInitialize(x,x)+19Cp
- ; KdCompInitialize(x,x)+1B3p
- arg_0 = dword ptr 8
- push ebp
- mov ebp, esp
- push ebx
- push esi
- push edi
- mov edi, [ebp+arg_0]
- lea esi, [edi+4]
- push esi
- mov bl, 1
- call _KdReadUchar ; CpReadPortUchar(x)
- push 10h
- push esi
- mov byte ptr [ebp+arg_0], al
- call _KdWriteUchar ; CpWritePortUchar(x,x)
- push 10h
- push esi
- call _KdWriteUchar ; CpWritePortUchar(x,x)
- add edi, 6
- push edi
- call _KdReadUchar ; CpReadPortUchar(x)
- test al, 0F0h
- jnz short loc_8001091E
- push 14h
- push esi
- call _KdWriteUchar ; CpWritePortUchar(x,x)
- push edi
- call _KdReadUchar ; CpReadPortUchar(x)
- test al, 40h
- jnz short loc_80010920
- loc_8001091E: ; CODE XREF: CpDoesPortExist(x)+36j
- xor bl, bl
- loc_80010920: ; CODE XREF: CpDoesPortExist(x)+4Aj
- push [ebp+arg_0]
- push esi
- call _KdWriteUchar ; CpWritePortUchar(x,x)
- pop edi
- pop esi
- mov al, bl
- pop ebx
- pop ebp
- retn 4
- CpDoesPortExist endp
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- align 4
- ;------------------------------------------------------------------------
- ; _stdcall CpWritePortUchar(x, x)
- CpWritePortUchar proc near ; CODE XREF: CpSetBaud(x,x)+2Dp
- ; CpSetBaud(x,x)+3Ep ...
- jmp ds:WRITE_PORT_UCHAR ; WRITE_PORT_UCHAR(x,x)
- CpWritePortUchar endp
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- align 2
- ;------------------------------------------------------------------------
- ; _stdcall CpReadPortUchar(x)
- CpReadPortUchar proc near ; CODE XREF: CpSetBaud(x,x)+1Ep
- ; CpSendModemString(x,x)+A4p ...
- jmp ds:READ_PORT_UCHAR ; READ_PORT_UCHAR(x)
- CpReadPortUchar endp
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- align 10h
- ;------------------------------------------------------------------------
- ; _stdcall CpWriteRegisterUchar(x, x)
- CpWriteRegisterUchar proc near ; DATA XREF: KdCompInitialize(x,x)+246o
- jmp ds:WRITE_REGISTER_UCHAR ; WRITE_REGISTER_UCHAR(x,x)
- CpWriteRegisterUchar endp
- ;------------------------------------------------------------------------
- ; _stdcall CpReadRegisterUchar(x)
- CpReadRegisterUchar proc near ; DATA XREF: KdCompInitialize(x,x)+250o
- jmp ds:READ_REGISTER_UCHAR ; READ_REGISTER_UCHAR(x)
- CpReadRegisterUchar endp
- ;------------------------------------------------------------------------
- ; _stdcall CpInitialize(x, x, x)
- CpInitialize proc near ; CODE XREF: KdCompInitialize(x,x)+266p
- arg_0 = dword ptr 4
- arg_4 = dword ptr 8
- arg_8 = dword ptr 0Ch
- mov eax, [esp+arg_4]
- push esi
- mov esi, [esp+4+arg_0]
- push [esp+4+arg_8]
- and dword ptr [esi+4], 0
- push esi
- mov [esi], eax
- call CpSetBaud ; CpSetBaud(x,x)
- mov eax, [esi]
- push 3
- add eax, 4
- push eax
- call _KdWriteUchar ; CpWritePortUchar(x,x)
- mov eax, [esi]
- push 0
- inc eax
- push eax
- call _KdWriteUchar ; CpWritePortUchar(x,x)
- pop esi
- retn 0Ch
- CpInitialize endp
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- align 4
- ;------------------------------------------------------------------------
- ; _stdcall KdCompGetByte(x)
- KdCompGetByte proc near pucdata:PUCHAR ; CODE XREF: KdCompReceivePacketLeader(x,x,x)+11p
- ; KdpReceiveString(x,x)+11p ...
- push 1
- push pucdata
- push offset _Port
- call CpGetByte ; CpGetByte(x,x,x)
- movzx eax, ax
- ret
- KdCompGetByte endp
- ;------------------------------------------------------------------------
- ; _stdcall KdCompPollByte(x)
- KdCompPollByte proc near pucdata:PUCHAR ; CODE XREF: KdReceivePacket(x,x,x,x,x)+10p
- push 0
- push pucdata
- push offset _Port
- call CpGetByte ; CpGetByte(x,x,x)
- movzx eax, ax
- ret
- KdCompPollByte endp
- ;------------------------------------------------------------------------
- ; _stdcall KdCompPutByte(x)
- KdCompPutByte proc near ucdata:DWORD ; CODE XREF: KdpSendString(x,x)+18p
- ; KdSendPacket(x,x,x,x)+C9p
- push ucdata
- push offset _Port
- call CpPutByte ; CpPutByte(x,x)
- ret
- KdCompPutByte endp
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- align 2
- ;------------------------------------------------------------------------
- ; _stdcall KdCompRestore()
- KdCompRestore proc near ; CODE XREF: KdRestore(x):loc_80010470p
- and _com_status_flag, 0FBh
- retn
- KdCompRestore endp
- ;------------------------------------------------------------------------
- ; _stdcall KdCompSave()
- KdCompSave proc near ; CODE XREF: KdSave(x)p
- or _com_status_flag, 4
- retn
- KdCompSave endp
- ;------------------------------------------------------------------------
- ; _stdcall KdCompInitialize1()
- KdCompInitialize1 proc near ; CODE XREF: KdDebuggerInitialize1(x)p
- cmp _KdComAddressID, 0
- jnz short locret_800109FE
- push 0 ; CacheType
- push 8 ; NumberOfBytes
- push dword ptr _DbgpKdComPhysicalAddress4
- push dword ptr _DbgpKdComPhysicalAddress0 ; PhysicalAddress
- call MmMapIoSpace ; MmMapIoSpace(x,x,x,x)
- mov ecx, dword ptr ds:[KdComPortInUse]
- mov _Port, eax
- mov [ecx], eax
- locret_800109FE: ; CODE XREF: KdCompInitialize1()+7j
- retn
- KdCompInitialize1 endp
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- align 10h
- ;------------------------------------------------------------------------
- ; _stdcall KdCompGetDebugTblBaudRate(x)
- KdCompGetDebugTblBaudRate proc near ; CODE XREF: KdCompInitialize(x,x)+C6p
- arg_0 = byte ptr 4
- movzx ecx, [esp+arg_0]
- sub ecx, 3
- mov eax, 0E100h
- jz short loc_80010A25
- dec ecx
- jz short loc_80010A1E
- sub ecx, 3
- jnz short locret_80010A2A
- mov eax, 1C200h
- jmp short locret_80010A2A
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- loc_80010A1E: ; CODE XREF: KdCompGetDebugTblBaudRate(x)+10j
- mov eax, 4B00h
- jmp short locret_80010A2A
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- loc_80010A25: ; CODE XREF: KdCompGetDebugTblBaudRate(x)+Dj
- mov eax, 2580h
- locret_80010A2A: ; CODE XREF: KdCompGetDebugTblBaudRate(x)+15j
- ; KdCompGetDebugTblBaudRate(x)+1Cj ...
- retn 4
- KdCompGetDebugTblBaudRate endp
- ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- align 2
- ;------------------------------------------------------------------------
- ; Attributes: bp-based frame
- ; _stdcall KdCompInitialize(_kdParams, pctx)
- KdCompInitialize proc near ; CODE XREF: KdDebuggerInitialize0(x)+84p
- var_8 = dword ptr -8
- var_4 = dword ptr -4
- arg_0 = dword ptr 8
- arg_4 = dword ptr 0Ch
- push ebp
- mov ebp, esp
- push ecx
- push ecx
- and [ebp+var_4], 0
- push ebx
- mov ebx, [ebp+arg_4] ;pctx
- test ebx, ebx
- push esi
- push edi
- mov [ebp+var_8], 4B00h
- jz short loc_GetSavedDbgp
- mov eax, dword ptr ds:[HalPrivateDispatchTable]
- mov eax, [eax+38h]
- test eax, eax
- jz short loc_GetSavedDbgp
- push 50474244h ;'DBGP'
- push ebx ;pctx
- call eax ; 取得 _HalpDebugPortTable
- mov _HalpDebugPortTable , eax
- jmp short loc_DbgPortGot
- ; ---------------------------------------------------------------------------------C--
- loc_GetSavedDbgp: ; CODE XREF: KdCompInitialize(x,x)+18j
- ; KdCompInitialize(x,x)+24j
- mov eax, _HalpDebugPortTable
- loc_DbgPortGot: ; CODE XREF: KdCompInitialize(x,x)+33j
- test eax, eax
- mov esi, [ebp+arg_0]
- jz loc_checkDbgPortInfo ;无法取得_HalpDebugPortTable,则跳转
- mov dl, [eax+28h]
- test dl, dl
- mov _KdComAddressID, dl
- jz short loc_getPhiscalAddr ;如果_KdComAddressID为零,跳
- cmp dl, 1
- jnz loc_checkDbgPortInfo; 如果_KdComAddressID是1,跳转
- loc_getPhiscalAddr: ; CODE XREF: KdCompInitialize(x,x)+50j
- ;
- ;实际调试发现睟B嶂葱械秸饫?
- ;
- test dl, dl
- mov ecx, [eax+2Ch]
- mov dword ptr _DbgpKdComPhysicalAddress0, ecx
- mov edi, [eax+30h]
- mov dword ptr _DbgpKdComPhysicalAddress4, edi
- jnz short loc_GetSavedPortInfo
- mov ecx, dword ptr ds:[HalPrivateDispatchTable]
- mov ecx, [ecx+44h]
- test ecx, ecx
- jz short loc_GotPortInfo
- push 1
- push dword ptr [eax+30h] ;B厦嫒〉玫C物理地址
- push dword ptr [eax+2Ch] ;
- call ecx ;B袢PortInformation.
- mov _PortInformation, eax
- mov eax, _HalpDebugPortTable
- jmp short loc_GotPortInfo
- ; -----------------------------------------------------------------------------------C
- loc_GetSavedPortInfo: ; CODE XREF: KdCompInitialize(x,x)+6Fj
- mov _PortInformation, ecx
- loc_GotPortInfo: ; CODE XREF: KdCompInitialize(x,x)+7Cj
- ; KdCompInitialize(x,x)+92j
- and _com_status_flag, 0FCh
- mov _HalpGetInfoFromACPI, 1
- cmp byte ptr [eax+24h], 0
- jnz short loc_setDefaultBaudrate
- mov ecx, [esi+4]
- test ecx, ecx
- jz short loc_usrNotSetBaudrate
- mov _ComBaudratePara, ecx
- jmp short loc_checkDbgPortInfo
- ; -----------------------------------------------------------------------------------C
- loc_usrNotSetBaudrate: ; CODE XREF: KdCompInitialize(x,x)+B3j
- movzx eax, byte ptr [eax+3Ah] ;如果用BB有指定速度,则从刚才取读礐信息中B袢?
- test al, al
- jz short loc_setDefaultBaudrate ;如果速度礐tableIndex为零,B柚萌≡ざǖC0E100h
- push eax
- call KdCompGetDebugTblBaudRate ; KdCompGetDebugTblBaudRate(x)
- mov _ComBaudratePara, eax
- jmp short loc_checkDbgPortInfo
- ; -----------------------------------------------------------------------------------C
- loc_setDefaultBaudrate: ; CODE XREF: KdCompInitialize(x,x)+ACj
- ; KdCompInitialize(x,x)+C3j
- mov _ComBaudratePara, 0E100h
- loc_checkDbgPortInfo: ; CODE XREF: KdCompInitialize(x,x)+3Fj
- ; KdCompInitialize(x,x)+55j ...
- mov eax, _PortInformation
- test eax, eax
- jnz loc_PortInformationNonZero
- cmp _HalpGetInfoFromACPI, al
- jnz loc_PortInformationNonZero
- mov eax, [esi+4]
- test eax, eax
- jz short loc_passInBaudrateIsZero
- and _com_status_flag, 0FEh
- mov [ebp+var_8], eax
- loc_passInBaudrateIsZero: ; CODE XREF: KdCompInitialize(x,x)+FAj
- mov eax, [esi]
- test eax, eax
- jz short loc_portidIsZero
- test ebx, ebx
- mov edi, eax
- lea eax, [edi-1]
- mov [ebp+arg_4], eax
- jz short loc_80010B5E ;如果pCtx为空则跳转
- lea eax, [ebp+arg_4]
- push eax
- push 11h
- push 4
- push dword ptr [ebx+30h]
- call ds:KeFindConfigurationEntry ; KeFindConfigurationEntry(x,x,x,x)
- mov esi, eax
- jmp loc_80010BFC
- ; -----------------------------------------------------------------------------------C
- loc_80010B5E: ; CODE XREF: KdCompInitialize(x,x)+116j
- xor esi, esi
- jmp loc_80010BFC
- ; -----------------------------------------------------------------------------------C
- loc_portidIsZero: ; CODE XREF: KdCompInitialize(x,x)+10Aj
- test ebx, ebx
- mov edi, ds:KeFindConfigurationEntry ; KeFindConfigurationEntry(x,x,x,x)
- mov [ebp+arg_4], 1
- jz short loc_80010B87
- lea eax, [ebp+arg_4]
- push eax
- push 11h
- push 4
- push dword ptr [ebx+30h]
- call edi ; KeFindConfigurationEntry(x,x,x,x) ; KeFindConfigurationEntry(x,x,x,x)
- mov esi, eax
- jmp short loc_FoundConfigEntry
- ; -----------------------------------------------------------------------------------C
- loc_80010B87: ; CODE XREF: KdCompInitialize(x,x)+146j
- xor esi, esi
- loc_FoundConfigEntry: ; CODE XREF: KdCompInitialize(x,x)+157j
- test esi, esi
- jz short loc_80010BA0
- mov eax, [esi+4]
- test eax, eax
- jz short loc_80010B9C
- cmp dword ptr [eax+10h], 1Fh
- jnz short loc_80010B9C
- xor esi, esi
- loc_80010B9C: ; CODE XREF: KdCompInitialize(x,x)+164j
- ; KdCompInitialize(x,x)+16Aj
- test esi, esi
- jnz short loc_80010BF9
- loc_80010BA0: ; CODE XREF: KdCompInitialize(x,x)+15Dj
- and [ebp+arg_4], 0
- test ebx, ebx
- jz short loc_80010BB9
- lea eax, [ebp+arg_4]
- push eax
- push 11h
- push 4
- push dword ptr [ebx+30h]
- call edi ; KeFindConfigurationEntry(x,x,x,x) ; KeFindConfigurationEntry(x,x,x,x)
- mov esi, eax
- jmp short loc_80010BBB
- ; -----------------------------------------------------------------------------------C
- loc_80010BB9: ; CODE XREF: KdCompInitialize(x,x)+178j
- xor esi, esi
- loc_80010BBB: ; CODE XREF: KdCompInitialize(x,x)+189j
- test esi, esi
- jz short loc_TestPortIdBrute
- loc_port3f8Ok: ; CODE XREF: KdCompInitialize(x,x)+1BFj
- xor edi, edi
- inc edi
- jmp short loc_80010BFC
- ; -----------------------------------------------------------------------------------C
- loc_TestPortIdBrute: ; CODE XREF: KdCompInitialize(x,x)+18Fj
- mov edi, 2F8h
- push edi
- call CpDoesPortExist ; CpDoesPortExist(x)
- test al, al
- jz short loc_TestPortIdBrute_3f8
- push 2
- mov [ebp+var_4], edi
- pop edi
- jmp short loc_SaveComPortId
- ; -----------------------------------------------------------------------------------C
- loc_TestPortIdBrute_3f8: ; CODE XREF: KdCompInitialize(x,x)+1A3j
- mov edi, 3F8h
- push edi
- call CpDoesPortExist ; CpDoesPortExist(x)
- test al, al
- jz short loc_Brutefailed
- mov [ebp+var_4], edi ;var_4 = tempport
- jmp short loc_port3f8Ok
- ; -----------------------------------------------------------------------------------C
- loc_Brutefailed: ; CODE XREF: KdCompInitialize(x,x)+1BAj
- mov eax, 0C0000225h
- jmp loc_80010CC7
- ; -----------------------------------------------------------------------------------C
- loc_80010BF9: ; CODE XREF: KdCompInitialize(x,x)+170j
- push 2
- pop edi
- loc_80010BFC: ; CODE XREF: KdCompInitialize(x,x)+12Bj
- ; KdCompInitialize(x,x)+132j ...
- test esi, esi
- jz short loc_getPortIdByIndex
- mov esi, [esi+30h]
- mov ecx, [esi+4]
- test ecx, ecx
- jbe short loc_getPortIdByIndex
- lea eax, [esi+8]
- loc_80010C0D: ; CODE XREF: KdCompInitialize(x,x)+1EEj
- cmp byte ptr [eax], 1
- jnz short loc_80010C18
- mov edx, [eax+4]
- mov [ebp+var_4], edx
- loc_80010C18: ; CODE XREF: KdCompInitialize(x,x)+1E2j
- add eax, 10h
- dec ecx
- jnz short loc_80010C0D
- loc_getPortIdByIndex: ; CODE XREF: KdCompInitialize(x,x)+1D0j
- ; KdCompInitialize(x,x)+1DAj
- cmp [ebp+var_4], 0 ;TEMP PORT
- jnz short loc_SaveComPortId
- mov eax, edi
- dec eax
- jz short loc_80010C4D
- dec eax
- jz short loc_80010C44
- dec eax
- jz short loc_80010C3B
- dec eax
- jnz short loc_SaveComPortId
- mov [ebp+var_4], 2E8h
- jmp short loc_SaveComPortId
- ; -----------------------------------------------------------------------------------C
- loc_80010C3B: ; CODE XREF: KdCompInitialize(x,x)+1FFj
- mov [ebp+var_4], 3E8h
- jmp short loc_SaveComPortId
- ; -----------------------------------------------------------------------------------C
- loc_80010C44: ; CODE XREF: KdCompInitialize(x,x)+1FCj
- mov [ebp+var_4], 2F8h
- jmp short loc_SaveComPortId
- ; -----------------------------------------------------------------------------------C
- loc_80010C4D: ; CODE XREF: KdCompInitialize(x,x)+1F9j
- mov [ebp+var_4], 3F8h
- loc_SaveComPortId: ; CODE XREF: KdCompInitialize(x,x)+1ABj
- ; KdCompInitialize(x,x)+1F4j ...
- mov eax, [ebp+var_4]
- mov ecx, [ebp+var_8]
- mov _ComPort, edi
- mov _PortInformation, eax
- mov _ComBaudratePara, ecx
- loc_PortInformationNonZero: ; CODE XREF: KdCompInitialize(x,x)+E3j
- ; KdCompInitialize(x,x)+EFj
- cmp _KdComAddressID, 0
- jnz short loc_comAddrIdNonZero
- mov _KdWriteUchar, offset CpWriteRegisterUchar ; CpWriteRegisterUchar(x,x)
- mov _KdReadUchar, offset CpReadRegisterUchar ; CpReadRegisterUchar(x)
- loc_comAddrIdNonZero: ; CODE XREF: KdCompInitialize(x,x)+244j
- push _ComBaudratePara
- push eax
- push offset _Port
- call CpInitialize ; CpInitialize(x,x,x)
- cmp _HalpDebugPortTable, 0
- jz short loc_80010CB8
- cmp _KdComAddressID, 0
- jnz short loc_80010CB8
- mov eax, dword ptr ds:[KdComPortInUse]
- and dword ptr [eax], 0FFFh
- jmp short loc_80010CC5
- ; -----------------------------------------------------------------------------------C
- loc_80010CB8: ; CODE XREF: KdCompInitialize(x,x)+272j
- ; KdCompInitialize(x,x)+27Bj
- mov eax, _PortInformation
- mov ecx,dword ptr ds:[KdComPortInUse]
- mov [ecx], eax
- loc_80010CC5: ; CODE XREF: KdCompInitialize(x,x)+288j
- xor eax, eax
- loc_80010CC7: ; CODE XREF: KdCompInitialize(x,x)+1C6j
- pop edi
- pop esi
- pop ebx
- leave
- retn 8
- KdCompInitialize endp
- public DllEntryPoint
- DllEntryPoint proc near
- jmp HalInitSystem; HalInitSystem(x,x)
- xor eax,eax
- retn 8;
- DllEntryPoint endp
- align 10h
- _text ends
- ; Section 3. (virtual address 00000E00)
- ; Virtual size : 000004DF ( 1247.)
- ; Section size in file : 00000500 ( 1280.)
- ; Offset to raw data for section: 00000E00
- ; Flags 60000020: Text Executable Readable
- ; Alignment : default
- ; BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
- ; Segment type: Pure code
- ; Segment permissions: Read/Execute
- ;PAGEKD segment para public 'CODE' use32
- ; assume cs:PAGEKD
- ; ;org 80010E00h
- ; assume es:nothing, ss:nothing, _data, fs:nothing, gs:nothing
- .code PAGEKD
- ;------------------------------------------------------------------------
- ; _stdcall KdpComputeChecksum(x, x)
- KdpComputeChecksum proc near Buffer:PUCHAR,Len:ULONG
- ; CODE XREF: KdReceivePacket(x,x,x,x,x)+1F0p
- ; KdReceivePacket(x,x,x,x,x)+1FEp ...
- mov edx, Len
- xor eax, eax
- test edx, edx
- jbe short locret_80010E19
- mov ecx, Buffer
- push esi
- loc_80010E0F: ; CODE XREF: KdpComputeChecksum(x,x)+16j
- movzx esi, byte ptr [ecx]
- add eax, esi
- inc ecx
- dec edx
- jnz short loc_80010E0F
- pop esi
- locret_80010E19: ; CODE XREF: KdpComputeChecksum(x,x)+8j
- ret
- KdpComputeChecksum endp
- ;------------------------------------------------------------------------
- ; Attributes: bp-based frame
- ; _stdcall KdCompReceivePacketLeader(x, x, x)
- KdCompReceivePacketLeader proc near ; CODE XREF: KdReceivePacket(x,x,x,x,x)+3Ep
- var_2 = dword ptr -2
- arg_4 = dword ptr 0Ch
- arg_8 = dword ptr 10h
- push ebp
- mov ebp, esp
- push ecx
- push ebx
- xor bl, bl
- and byte ptr [ebp+var_2+1], bl
- push esi
- loc_80010E27: ; CODE XREF: KdCompReceivePacketLeader(x,x,x)+20j
- ; KdCompReceivePacketLeader(x,x,x)+33j
- xor esi, esi
- loc_80010E29: ; CODE XREF: KdCompReceivePacketLeader(x,x,x)+3Dj
- ; KdCompReceivePacketLeader(x,x,x)+4Dj
- lea eax, [ebp+var_2]
- push eax
- call KdCompGetByte ; KdCompGetByte(x)
- xor ecx, ecx
- inc ecx
- cmp eax, ecx
- jz short loc_80010EA9
- cmp eax, 2
- jz short loc_80010E27
- mov al, byte ptr [ebp+var_2]
- cmp al, 30h
- jz short loc_80010E51
- cmp al, 69h
- jz short loc_80010E51
- cmp al, 62h
- setz byte ptr [ebp+var_2+1]
- jmp short loc_80010E27
- ;-------------------------------------------------------------------------
- loc_80010E51: ; CODE XREF: KdCompReceivePacketLeader(x,x,x)+27j
- ; KdCompReceivePacketLeader(x,x,x)+2Bj
- test esi, esi
- jnz short loc_80010E5B
- mov bl, al
- mov esi, ecx
- jmp short loc_80010E29
- ;-------------------------------------------------------------------------
- loc_80010E5B: ; CODE XREF: KdCompReceivePacketLeader(x,x,x)+37j
- cmp al, bl
- jnz short loc_80010E62
- inc esi
- jmp short loc_80010E66
- ;-------------------------------------------------------------------------
- loc_80010E62: ; CODE XREF: KdCompReceivePacketLeader(x,x,x)+41j
- mov bl, al
- mov esi, ecx
- loc_80010E66: ; CODE XREF: KdCompReceivePacketLeader(x,x,x)+44j
- cmp esi, 4
- jb short loc_80010E29
- cmp byte ptr [ebp+var_2+1], 0
- jz short loc_80010E78
- mov ecx, [ebp+arg_8]
- mov byte ptr [ecx+4], 1
- loc_80010E78: ; CODE XREF: KdCompReceivePacketLeader(x,x,x)+53j
- xor ecx, ecx
- cmp al, 30h
- mov eax, [ebp+arg_4]
- setnz cl
- dec ecx
- and ecx, 0C6C6C6C7h
- add ecx, 69696969h
- mov [eax], ecx
- mov eax, dword ptr ds:[KdDebuggerNotPresent]
- and byte ptr [eax], 0
- or byte ptr ds:[0FFDF02D4h], 2
- xor ax, ax
- loc_80010EA3: ; CODE XREF: KdCompReceivePacketLeader(x,x,x)+9Ej
- ; KdCompReceivePacketLeader(x,x,x)+A3j
- pop esi
- pop ebx
- pop ecx
- leave
- retn 0Ch
- ;-------------------------------------------------------------------------
- loc_80010EA9: ; CODE XREF: KdCompReceivePacketLeader(x,x,x)+1Bj
- cmp byte ptr [ebp+var_2+1], 0
- jz short loc_80010EBC
- mov eax, [ebp+arg_8]
- mov byte ptr [eax+4], 1
- mov ax, 2
- jmp short loc_80010EA3
- ;-------------------------------------------------------------------------
- loc_80010EBC: ; CODE XREF: KdCompReceivePacketLeader(x,x,x)+91j
- mov ax, cx
- jmp short loc_80010EA3
- KdCompReceivePacketLeader endp
- ; -----------------------------------------------------------------------------------C
- align 2
- ;------------------------------------------------------------------------
- ; Attributes: bp-based frame
- ; _stdcall KdpReceiveString(x, x)
- KdpReceiveString proc near ; CODE XREF: KdReceivePacket(x,x,x,x,x)+67p
- ; KdReceivePacket(x,x,x,x,x)+92p ...
- arg_0 = dword ptr 8
- arg_4 = dword ptr 0Ch
- push ebp
- mov ebp, esp
- cmp [ebp+arg_4], 0
- push esi
- jbe short loc_80010EE7
- mov esi, [ebp+arg_0]
- loc_80010ECF: ; CODE XREF: KdpReceiveString(x,x)+23j
- lea eax, [ebp+arg_0+3]
- push eax
- call KdCompGetByte ; KdCompGetByte(x)
- test eax, eax
- jnz short loc_80010EE9
- mov al, byte ptr [ebp+arg_0+3]
- mov [esi], al
- inc esi
- dec [ebp+arg_4]
- jnz short loc_80010ECF
- loc_80010EE7: ; CODE XREF: KdpReceiveString(x,x)+8j
- xor eax, eax
- loc_80010EE9: ; CODE XREF: KdpReceiveString(x,x)+18j
- pop esi
- pop ebp
- retn 8
- KdpReceiveString endp
- ;------------------------------------------------------------------------
- ; Attributes: bp-based frame
- ; _stdcall KdpSendString(x, x)
- KdpSendString proc near ; CODE XREF: KdpSendControlPacket(x,x)+2Ep
- ; KdSendPacket(x,x,x,x)+A0p ...
- arg_0 = dword ptr 8
- arg_4 = dword ptr 0Ch
- push ebp
- mov ebp, esp
- push edi
- mov edi, [ebp+arg_4]
- test edi, edi
- jbe short loc_80010F0F
- push esi
- mov esi, [ebp+arg_0]
- loc_80010EFD: ; CODE XREF: KdpSendString(x,x)+1Ej
- mov al, [esi]
- mov byte ptr [ebp+arg_4], al
- push [ebp+arg_4]
- inc esi
- call KdCompPutByte ; KdCompPutByte(x)
- dec edi
- jnz short loc_80010EFD
- pop esi
- loc_80010F0F: ; CODE XREF: KdpSendString(x,x)+9j
- pop edi
- pop ebp
- retn 8
- KdpSendString endp
- ;------------------------------------------------------------------------
- ; Attributes: bp-based frame
- ; _stdcall KdpSendControlPacket(x, x)
- KdpSendControlPacket proc near ; CODE XREF: KdReceivePacket(x,x,x,x,x):loc_sendControlPacketAndWaitAgainp
- ; KdReceivePacket(x,x,x,x,x)+232p ...
- var_10 = dword ptr -10h
- var_C = word ptr -0Ch
- var_A = word ptr -0Ah
- var_8 = dword ptr -8
- var_4 = dword ptr -4
- arg_0 = word ptr 8
- arg_4 = dword ptr 0Ch
- push ebp
- mov ebp, esp
- sub esp, 10h
- mov eax, [ebp+arg_4]
- test eax, eax
- mov [ebp+var_10], 69696969h
- jz short loc_80010F2B
- mov [ebp+var_8], eax
- loc_80010F2B: ; CODE XREF: KdpSendControlPacket(x,x)+12j
- mov ax, [ebp+arg_0]
- and [ebp+var_A], 0
- and [ebp+var_4], 0
- mov [ebp+var_C], ax
- push 10h
- lea eax, [ebp+var_10]
- push eax
- call KdpSendString ; KdpSendString(x,x)
- leave
- retn 8
- KdpSendControlPacket endp
- ; -----------------------------------------------------------------------------------C
- align 4
- ; Exported entry 5. KdReceivePacket
- ;------------------------------------------------------------------------
- ; Attributes: bp-based frame
- ; _stdcall KdReceivePacket(x, x, x, x, x)
- public KdReceivePacket
- KdReceivePacket proc near ; CODE XREF: KdSendPacket(x,x,x,x)+D8p
- PacketLeader = dword ptr -10h
- vPacketType = dword ptr -0Ch
- vByteCount = dword ptr -0Ah
- vPacketId = dword ptr -8
- varCheckSum = dword ptr -4
- argPacketType = dword ptr 8
- arg_7 = dword ptr 0Fh
- arg_C = dword ptr 14h
- lpKdContext = dword ptr 18h
- push ebp
- mov ebp, esp
- sub esp, 10h
- cmp [ebp+argPacketType], 8 ;PACKET_TYPE_KD_POLL_BREAKIN
- jnz short loc_NormalPacketType
- ;
- ;PACKET_TYPE_KD_POLL_BREAKIN
- ;
- lea eax, [ebp+arg_7]
- push eax
- call KdCompPollByte ; KdCompPollByte(x)
- test eax, eax
- jnz short loc_recvPacketTimeOut
- cmp byte ptr [ebp+arg_7], 62h
- jz loc_return
- loc_recvPacketTimeOut: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+17j
- xor eax, eax
- inc eax ;KDP_PACKET_TIMEOUT
- jmp loc_return
- ; -----------------------------------------------------------------------------------C
- loc_NormalPacketType: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+Aj
- push ebx
- mov ebx, [ebp+arg_C]
- push esi
- push edi
- mov edi, [ebp+0Ch]
- loc_WaitForPacketLeader: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+DEj
- ; KdReceivePacket(x,x,x,x,x)+105j ...
- push [ebp+lpKdContext]
- lea eax, [ebp+PacketLeader]
- push eax
- push [ebp+argPacketType]
- call KdCompReceivePacketLeader ; KdCompReceivePacketLeader(x,x,x)
- movzx eax, ax
- cmp eax, 1
- jz short loc_RecvTimeout
- mov ecx, _KdCompRetryCount
- mov _KdCompNumberRetries, ecx
- loc_RecvTimeout: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+49j
- test eax, eax
- jnz loc_return0
- ;
- ;Read packet type.
- ;
- push 2
- pop esi
- push esi
- lea eax, [ebp+vPacketType]
- push eax
- call KdpReceiveString ; KdpReceiveString(x,x)
- cmp eax, 1 ;CP_GET_NODATA
- jz loc_GetNoData
- cmp eax, esi ;CP_GET_ERROR
- jz short loc_GetStrError
- cmp [ebp+PacketLeader], 69696969h ;CONTROL_PACKET_LEADER
- jnz short loc_NotControlPacketLeader
- cmp word ptr [ebp+vPacketType], 5
- jz loc_returnReSend
- loc_NotControlPacketLeader: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+80j
- ;
- ; Read data length.
- ;
- push esi
- lea eax, [ebp+vByteCount]
- push eax
- call KdpReceiveString ; KdpReceiveString(x,x)
- cmp eax, 1
- jz loc_GetNoData
- cmp eax, esi
- jz short loc_GetStrError
- ;
- ;Read Packet Id.
- ;
- push 4
- pop esi
- push esi
- lea eax, [ebp+vPacketId]
- push eax
- call KdpReceiveString ; KdpReceiveString(x,x)
- cmp eax, 1
- jz loc_GetNoData
- cmp eax, 2
- jz short loc_GetStrError
- ;
- ; Read packet checksum.
- ;
- push esi
- lea eax, [ebp+varCheckSum]
- push eax
- call KdpReceiveString ; KdpReceiveString(x,x)
- cmp eax, 1
- jz loc_GetNoData
- cmp eax, 2
- jnz short loc_cpGetDataOk
- loc_GetStrError: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+77j
- ; KdReceivePacket(x,x,x,x,x)+A2j ...
- cmp [ebp+PacketLeader], 69696969h
- jz loc_WaitForPacketLeader
- jmp loc_SendControlPacketResend
- ; -----------------------------------------------------------------------------------C
- loc_cpGetDataOk: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+D5j
- cmp [ebp+PacketLeader], 69696969h
- jnz short loc_NotControlPacketLeader2
- cmp word ptr [ebp+vPacketType], si
- jnz short loc_notPacketTypeAcknowlodge
- mov eax, _KdCompNextPacketIdToSend
- and eax, 0FFFFF7FFh
- cmp [ebp+vPacketId], eax
- jnz loc_WaitForPacketLeader
- cmp [ebp+argPacketType], 4
- jnz loc_WaitForPacketLeader
- jmp loc_PacketTypeAcknowlege
- ; -----------------------------------------------------------------------------------C
- loc_notPacketTypeAcknowlodge: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+F6j
- cmp word ptr [ebp+vPacketType], 6
- jz loc_vPacketTypeReset
- cmp word ptr [ebp+vPacketType], 5
- jnz loc_WaitForPacketLeader
- jmp loc_vPacketTypeResend
- ; -----------------------------------------------------------------------------------C
- loc_NotControlPacketLeader2: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+F0j
- cmp [ebp+argPacketType], esi
- jnz short loc_receivedvByteCountOk
- mov eax, [ebp+vPacketId]
- cmp eax, _KdCompPacketIdExpected
- jz loc_SendResendControlPacket
- push eax
- push esi
- loc_sendControlPacketAndWaitAgain: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+1E1j
- ; KdReceivePacket(x,x,x,x,x)+211j
- call KdpSendControlPacket ; KdpSendControlPacket(x,x)
- jmp loc_WaitForPacketLeader
- ; -----------------------------------------------------------------------------------C
- loc_receivedvByteCountOk: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+138j
- cmp word ptr [ebp+vByteCount], 0FA0h
- movzx esi, word ptr [edi+2]
- ja loc_SendControlPacketResend
- cmp word ptr [ebp+vByteCount], si
- jb loc_SendControlPacketResend
- ;
- ;***Read the message header.
- ;
- movzx eax, word ptr [ebp+vByteCount]
- sub eax, esi
- push esi
- mov [ebx], eax
- push dword ptr [edi+4]
- call KdpReceiveString ; KdpReceiveString(x,x)
- test eax, eax
- jnz loc_SendControlPacketResend
- ;
- ; ***Read the message data.
- ;
- mov [edi], si
- push dword ptr [ebx]
- mov esi, [ebp+arg_7+1]
- push dword ptr [esi+4]
- call KdpReceiveString ; KdpReceiveString(x,x)
- test eax, eax
- jnz short loc_SendControlPacketResend
- ;
- ;****Get Tailing Byte
- ;
- mov ax, [ebx]
- mov [esi], ax
- lea eax, [ebp+arg_7]
- push eax
- call KdCompGetByte ; KdCompGetByte(x)
- test eax, eax
- jnz short loc_SendControlPacketResend
- cmp byte ptr [ebp+arg_7], 0AAh
- jnz short loc_SendControlPacketResend
- movzx eax, word ptr [ebp+vPacketType]
- cmp [ebp+argPacketType], eax
- jz short loc_ReceivedPacketIdOk
- push [ebp+vPacketId]
- jmp short loc_AcknowledgeAndWait
- ; -----------------------------------------------------------------------------------C
- loc_ReceivedPacketIdOk: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+1BCj
- mov esi, [ebp+vPacketId]
- cmp esi, 80800000h ;INITIAL_PACKET_ID
- jz short loc_InitPacketId
- cmp esi, 80800001h ; INITIAL_PACKET_ID_1
- jnz short loc_SendControlPacketResend
- loc_InitPacketId: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+1CCj
- cmp esi, _KdCompPacketIdExpected
- jz short loc_ComputeCheckSum
- push esi
- loc_AcknowledgeAndWait: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+1C1j
- push 4
- jmp loc_sendControlPacketAndWaitAgain
- ; -----------------------------------------------------------------------------------C
- loc_ComputeCheckSum: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+1DCj
- mov eax, [ebp+arg_7+1]
- movzx ecx, word ptr [eax]
- push ecx
- push dword ptr [eax+4]
- call KdpComputeChecksum ; KdpComputeChecksum(x,x)
- mov ebx, eax
- movzx eax, word ptr [edi]
- push eax
- push dword ptr [edi+4]
- call KdpComputeChecksum ; KdpComputeChecksum(x,x)
- add ebx, eax
- cmp ebx, [ebp+varCheckSum]
- jz short loc_SendAcknowledgePacket
- mov ebx, [ebp+arg_C]
- loc_SendControlPacketResend: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+E4j
- ; KdReceivePacket(x,x,x,x,x)+15Fj ...
- push 0
- push 5 ;PACKET_TYPE_KD_RESEND
- jmp loc_sendControlPacketAndWaitAgain
- ; -----------------------------------------------------------------------------------C
- loc_GetNoData: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+6Fj
- ; KdReceivePacket(x,x,x,x,x)+9Aj ...
- xor eax, eax
- inc eax
- jmp short loc_return0
- ; -----------------------------------------------------------------------------------C
- loc_returnReSend: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+87j
- mov eax, esi
- jmp short loc_return0
- ; -----------------------------------------------------------------------------------C
- loc_vPacketTypeReset: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+11Fj
- mov eax, 80800000h
- push 0
- push 6
- mov _KdCompNextPacketIdToSend, eax
- mov _KdCompPacketIdExpected, eax
- call KdpSendControlPacket ; KdpSendControlPacket(x,x)
- loc_vPacketTypeResend: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+130j
- push 2
- pop eax
- jmp short loc_return0
- ; -----------------------------------------------------------------------------------C
- loc_SendResendControlPacket: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+143j
- push 0
- push 5
- call KdpSendControlPacket ; KdpSendControlPacket(x,x)
- loc_PacketTypeAcknowlege: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+115j
- xor _KdCompNextPacketIdToSend, 1
- jmp short loc_returnOk
- ; -----------------------------------------------------------------------------------C
- loc_SendAcknowledgePacket: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+208j
- push esi
- push 4 ;PACKET_TYPE_KD_ACKNOWLEDGE
- call KdpSendControlPacket ; KdpSendControlPacket(x,x)
- xor _KdCompPacketIdExpected, 1
- loc_returnOk: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+24Cj
- xor eax, eax
- loc_return0: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+59j
- ; KdReceivePacket(x,x,x,x,x)+219j ...
- pop edi
- pop esi
- pop ebx
- loc_return: ; CODE XREF: KdReceivePacket(x,x,x,x,x)+1Dj
- ; KdReceivePacket(x,x,x,x,x)+26j
- leave
- retn 14h
- KdReceivePacket endp
- ; Exported entry 8. KdSendPacket
- ;------------------------------------------------------------------------
- ; Attributes: bp-based frame
- ; _stdcall KdSendPacket(x, x, x, x)
- public KdSendPacket
- KdSendPacket proc near
- vPacketLeader = dword ptr -10h
- vPacketType = word ptr -0Ch
- vByteCount = word ptr -0Ah
- vPacketId = dword ptr -8
- vCheckSum = dword ptr -4
- ArgPacketType = dword ptr 8
- MessageHeader = dword ptr 0Ch
- MessageData = dword ptr 10h
- KdContext = dword ptr 14h
- push ebp
- mov ebp, esp
- sub esp, 10h
- mov eax, [ebp+MessageData]
- push ebx
- xor ebx, ebx
- cmp eax, ebx
- push esi
- push edi
- jz short loc_noMessageData
- movzx ebx, word ptr [eax]
- push ebx
- push dword ptr [eax+4]
- call KdpComputeChecksum ; KdpComputeChecksum(x,x)
- mov [ebp+vCheckSum], eax
- jmp short loc_computeHeaderCheckSum
- ; -----------------------------------------------------------------------------------C
- loc_noMessageData: ; CODE XREF: KdSendPacket(x,x,x,x)+10j
- mov [ebp+vCheckSum], ebx
- loc_computeHeaderCheckSum: ; CODE XREF: KdSendPacket(x,x,x,x)+21j
- mov esi, [ebp+MessageHeader]
- mov di, [esi]
- movzx eax, di
- push eax
- push dword ptr [esi+4]
- call KdpComputeChecksum ; KdpComputeChecksum(x,x)
- add [ebp+vCheckSum], eax
- mov eax, _KdCompRetryCount
- add edi, ebx
- mov [ebp+var_A], di
- mov edi, [ebp+ArgPacketType]
- mov [ebp+vPacketLeader], 30303030h
- mov [ebp+vPacketType], di
- mov _KdCompNumberRetries, eax
- loc_loopSendData: ; CODE XREF: KdSendPacket(x,x,x,x)+EAj
- cmp _KdCompNumberRetries, 0
- jnz short loc_normalSendString
- ;
- ; If the packet is not for reporting exception, we give up
- ; and declare debugger not present.
- ;
- cmp edi, 3 ;cmp edi, PACKET_TYPE_KD_DEBUG_IO
- jnz short loc_notPacketTypeDebugIo
- mov eax, [esi+4] ;DebugIo->ApiNumber
- cmp dword ptr [eax], 3230h ;#define DbgKdPrintStringApi 0x00003230
- jmp short loc_checkApiNumber
- ; -----------------------------------------------------------------------------------C
- loc_notPacketTypeDebugIo: ; CODE XREF: KdSendPacket(x,x,x,x)+65j
- cmp edi, 7 ;PACKET_TYPE_KD_STATE_CHANGE64
- jnz short loc_notKdstateChange64
- mov eax, [esi+4]
- cmp dword ptr [eax], 3031h ;#define DbgKdLoadSymbolsStateChange 0x00003031
- jmp short loc_checkApiNumber
- ; -----------------------------------------------------------------------------------C
- loc_notKdstateChange64: ; CODE XREF: KdSendPacket(x,x,x,x)+75j
- cmp edi, 0Bh ; PACKET_TYPE_KD_FILE_IO 11
- jnz short loc_normalSendString
- mov eax, [esi+4]
- cmp dword ptr [eax], 3430h ;DbgKdCreateFileApi
- loc_checkApiNumber: ; CODE XREF: KdSendPacket(x,x,x,x)+70j
- ; KdSendPacket(x,x,x,x)+80j
- jz short loc_MarkDisableDuggerAndReturn
- loc_normalSendString: ; CODE XREF: KdSendPacket(x,x,x,x)+60j
- ; KdSendPacket(x,x,x,x)+85j
- mov eax, _KdCompNextPacketIdToSend
- mov [ebp+vPacketId], eax
- push 10h
- lea eax, [ebp+vPacketLeader]
- push eax
- call KdpSendString ; KdpSendString(x,x)
- movzx eax, word ptr [esi]
- push eax
- push dword ptr [esi+4]
- call KdpSendString ; KdpSendString(x,x)
- test ebx, ebx
- jz short loc_sendTailingByte
- mov eax, [ebp+MessageData]
- movzx ecx, word ptr [eax]
- push ecx
- push dword ptr [eax+4]
- call KdpSendString ; KdpSendString(x,x)
- loc_sendTailingByte: ; CODE XREF: KdSendPacket(x,x,x,x)+B3j
- push 0AAh
- call KdCompPutByte ; KdCompPutByte(x)
- push [ebp+KdContext]
- xor eax, eax
- push eax
- push eax
- push eax
- push 4
- call KdReceivePacket ; KdReceivePacket(x,x,x,x,x)
- cmp eax, 1
- jnz short loc_receiveNotTimeOut
- dec _KdCompNumberRetries
- loc_receiveNotTimeOut: ; CODE XREF: KdSendPacket(x,x,x,x)+E0j
- test eax, eax
- jnz loc_loopSendData ;jump upon looOOOOOOp....
- ;Send Ok
- ;
- mov eax, [ebp+KdContext]
- ;
- ; Reset Sync bit in packet id. The packet we sent may have Sync bit set
- ;
- ;
- and byte_MsrLastValue, 0F7h ; KdpNextPacketIdToSend &= ~SYNC_PACKET_ID;
- mov eax, [eax]
- mov _KdCompRetryCount, eax
- loc_return: ; CODE XREF: KdSendPacket(x,x,x,x)+12Bj
- pop edi
- pop esi
- pop ebx
- leave
- retn 10h
- ; -----------------------------------------------------------------------------------C
- loc_MarkDisableDuggerAndReturn: ; CODE XREF: KdSendPacket(x,x,x,x):loc_80011242j
- mov eax, dword ptr ds:[KdDebuggerNotPresent]
- mov byte ptr [eax], 1
- and byte ptr ds:[0FFDF02D4h], 0FDh
- mov _KdCompNextPacketIdToSend, 80800800h
- mov _KdCompPacketIdExpected, 80800000h
- jmp short loc_return
- KdSendPacket endp
- ; -----------------------------------------------------------------------------------C
- PAGEKD ends
- end DllEntryPoint
另外我结合了win2k的源代和reactos的代码,编译了部分成C语言,下面顺合给出这个文件kdcomio.c以供研究.
你可以使用将C言语实现过的函数从上面的asm代码中出除,然后使用以下命令混合编译ASM和C语言生成一个可用的kdcom.dll,
这个我也已经测试成的.假设你安装了RadAsm和VS或DDK,生成的命令如下:
- @rem build.bat
- E:/WINDDK/2600/bin/x86/ML.EXE /nologo /c /Gz /coff /I"C:/RadASM/Masm32/Include" "kdcom.asm"
- E:/WINDDK/2600/bin/x86/CL.EXE /c /Od /W3 /TC /Gz "kdcomio.c"
- E:/WINDDK/2600/bin/x86/LINK.EXE /nologo /driver /base:0x80010000 /subsystem:native /NODEFAULTLIB:LIBC.lib /NODEFAULTLIB:OLDNAMES.lib /align:128 /libpath:C:/RadASM/masm32/lib/w2k /entry:DllEntryPoint /DEF:kdcom.Def /out:"kdcom.dll" "kdcom.obj" "kdcomio.obj"
- pause
- /**
- kdcomio.c
- Create by Aerror
- */
- #define IN
- #define OUT
- #define IN_OUT
- #define OPTIONAL
- #define FALSE 0
- #define TRUE 1
- #define NULL 0
- #define PACKET_MAX_SIZE 0x0FA0
- #define DBGKD_MAXSTREAM 16
- #define EXCEPTION_MAXIMUM_PARAMETERS 15 // maximum number of exception parameters
- #define CP_GET_SUCCESS 0
- #define CP_GET_NODATA 1
- #define CP_GET_ERROR 2
- #define KDP_PACKET_RECEIVED 0
- #define KDP_PACKET_TIMEOUT 1
- #define KDP_PACKET_RESEND 2
- #define PACKET_LEADER_BYTE 0x30
- #define PACKET_LEADER 0x30303030
- #define CONTROL_PACKET_LEADER_BYTE 0x69
- #define CONTROL_PACKET_LEADER 0x69696969
- #define BREAKIN_PACKET_BYTE 0x62
- #define BREAKIN_PACKET 0x62626262
- #define PACKET_TRAILING_BYTE 0xAA
- #define DbgKdPrintStringApi 0x00003230
- #define DbgKdGetStringApi 0x00003231
- //
- // Wait State Change Types
- //
- #define DbgKdMinimumStateChange 0x00003030
- #define DbgKdExceptionStateChange 0x00003030
- #define DbgKdLoadSymbolsStateChange 0x00003031
- #define DbgKdCommandStringStateChange 0x00003032
- #define DbgKdMaximumStateChange 0x00003033
- //
- // Manipulate Types
- //
- #define DbgKdMinimumManipulate 0x00003130
- #define DbgKdReadVirtualMemoryApi 0x00003130
- #define DbgKdWriteVirtualMemoryApi 0x00003131
- #define DbgKdGetContextApi 0x00003132
- #define DbgKdSetContextApi 0x00003133
- #define DbgKdWriteBreakPointApi 0x00003134
- #define DbgKdRestoreBreakPointApi 0x00003135
- #define DbgKdContinueApi 0x00003136
- #define DbgKdReadControlSpaceApi 0x00003137
- #define DbgKdWriteControlSpaceApi 0x00003138
- #define DbgKdReadIoSpaceApi 0x00003139
- #define DbgKdWriteIoSpaceApi 0x0000313A
- #define DbgKdRebootApi 0x0000313B
- #define DbgKdContinueApi2 0x0000313C
- #define DbgKdReadPhysicalMemoryApi 0x0000313D
- #define DbgKdWritePhysicalMemoryApi 0x0000313E
- #define DbgKdQuerySpecialCallsApi 0x0000313F
- #define DbgKdSetSpecialCallApi 0x00003140
- #define DbgKdClearSpecialCallsApi 0x00003141
- #define DbgKdSetInternalBreakPointApi 0x00003142
- #define DbgKdGetInternalBreakPointApi 0x00003143
- #define DbgKdReadIoSpaceExtendedApi 0x00003144
- #define DbgKdWriteIoSpaceExtendedApi 0x00003145
- #define DbgKdGetVersionApi 0x00003146
- #define DbgKdWriteBreakPointExApi 0x00003147
- #define DbgKdRestoreBreakPointExApi 0x00003148
- #define DbgKdCauseBugCheckApi 0x00003149
- #define DbgKdSwitchProcessor 0x00003150
- #define DbgKdPageInApi 0x00003151
- #define DbgKdReadMachineSpecificRegister 0x00003152
- #define DbgKdWriteMachineSpecificRegister 0x00003153
- #define OldVlm1 0x00003154
- #define OldVlm2 0x00003155
- #define DbgKdSearchMemoryApi 0x00003156
- #define DbgKdGetBusDataApi 0x00003157
- #define DbgKdSetBusDataApi 0x00003158
- #define DbgKdCheckLowMemoryApi 0x00003159
- #define DbgKdClearAllInternalBreakpointsApi 0x0000315A
- #define DbgKdFillMemoryApi 0x0000315B
- #define DbgKdQueryMemoryApi 0x0000315C
- #define DbgKdSwitchPartition 0x0000315D
- #define DbgKdMaximumManipulate 0x0000315E
- //
- // Debug I/O Types
- //
- #define DbgKdPrintStringApi 0x00003230
- #define DbgKdGetStringApi 0x00003231
- //
- // Control Report Flags
- //
- #define REPORT_INCLUDES_SEGS 0x0001
- #define REPORT_INCLUDES_CS 0x0002
- #define INITIAL_PACKET_ID 0x80800000
- #define INITIAL_PACKET_ID_1 0x80800001
- #define SYNC_PACKET_ID 0x0800
- #define PACKET_TYPE_UNUSED 0
- #define PACKET_TYPE_KD_STATE_CHANGE32 1
- #define PACKET_TYPE_KD_STATE_MANIPULATE 2
- #define PACKET_TYPE_KD_DEBUG_IO 3
- #define PACKET_TYPE_KD_ACKNOWLEDGE 4
- #define PACKET_TYPE_KD_RESEND 5
- #define PACKET_TYPE_KD_RESET 6
- #define PACKET_TYPE_KD_STATE_CHANGE64 7
- #define PACKET_TYPE_KD_POLL_BREAKIN 8
- #define PACKET_TYPE_KD_TRACE_IO 9
- #define PACKET_TYPE_KD_CONTROL_REQUEST 10
- #define PACKET_TYPE_KD_FILE_IO 11
- #define PACKET_TYPE_MAX 12
- #define ARGUMENT_PRESENT(ArgumentPointer) (/
- (CHAR *)(ArgumentPointer) != (CHAR *)(NULL) )
- typedef unsigned int ULONG ;
- typedef ULONG* PULONG;
- typedef unsigned char UCHAR;
- typedef UCHAR* PUCHAR;
- typedef unsigned short USHORT;
- typedef unsigned short* PUSHORT;
- typedef char* PCHAR;
- typedef char CHAR;
- typedef void VOID;
- typedef void* PVOID;
- typedef unsigned char BOOLEAN;
- typedef long LONG_PTR, *PLONG_PTR;
- typedef long ULONG_PTR, *PULONG_PTR;
- typedef unsigned _int64 ULONGLONG;
- typedef ULONGLONG ULONG64;
- typedef struct _STRING {
- USHORT Length;
- USHORT MaximumLength;
- PCHAR Buffer;
- } STRING;
- typedef STRING *PSTRING;
- typedef struct _KD_CONTEXT
- {
- ULONG RetryCount;
- BOOLEAN BreakInRequested;
- } KD_CONTEXT, * PKD_CONTEXT;
- typedef struct _KSYSTEM_TIME{
- ULONG LowPart ; //+0x000
- ULONG High1Time ;// : Int4B
- ULONG High2Time ;// : Int4B
- }KSYSTEM_TIME;
- typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
- {
- StandardDesign = 0,
- NEC98x86 = 1,
- EndAlternatives = 2
- }ALTERNATIVE_ARCHITECTURE_TYPE;
- typedef enum _NT_PRODUCT_TYPE{
- NtProductWinNt = 1,
- NtProductLanManNt = 2,
- NtProductServer = 3,
- }NT_PRODUCT_TYPE;
- typedef struct _LARGE_INTEGER{
- ULONG LowPart ;// Uint4B
- ULONG HighPart ;// Int4B
- }LARGE_INTEGER;
- #define MAXIMUM_SUPPORTED_EXTENSION 512
- #define SIZE_OF_80387_REGISTERS 80
- typedef struct _FLOATING_SAVE_AREA {
- ULONG ControlWord;
- ULONG StatusWord;
- ULONG TagWord;
- ULONG ErrorOffset;
- ULONG ErrorSelector;
- ULONG DataOffset;
- ULONG DataSelector;
- UCHAR RegisterArea[SIZE_OF_80387_REGISTERS];
- ULONG Cr0NpxState;
- } FLOATING_SAVE_AREA;
- typedef FLOATING_SAVE_AREA *PFLOATING_SAVE_AREA;
- typedef struct _CONTEXT {
- //
- // The flags values within this flag control the contents of
- // a CONTEXT record.
- //
- // If the context record is used as an input parameter, then
- // for each portion of the context record controlled by a flag
- // whose value is set, it is assumed that that portion of the
- // context record contains valid context. If the context record
- // is being used to modify a threads context, then only that
- // portion of the threads context will be modified.
- //
- // If the context record is used as an IN OUT parameter to capture
- // the context of a thread, then only those portions of the thread's
- // context corresponding to set flags will be returned.
- //
- // The context record is never used as an OUT only parameter.
- //
- ULONG ContextFlags;
- //
- // This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
- // set in ContextFlags. Note that CONTEXT_DEBUG_REGISTERS is NOT
- // included in CONTEXT_FULL.
- //
- ULONG Dr0;
- ULONG Dr1;
- ULONG Dr2;
- ULONG Dr3;
- ULONG Dr6;
- ULONG Dr7;
- //
- // This section is specified/returned if the
- // ContextFlags word contians the flag CONTEXT_FLOATING_POINT.
- //
- FLOATING_SAVE_AREA FloatSave;
- //
- // This section is specified/returned if the
- // ContextFlags word contians the flag CONTEXT_SEGMENTS.
- //
- ULONG SegGs;
- ULONG SegFs;
- ULONG SegEs;
- ULONG SegDs;
- //
- // This section is specified/returned if the
- // ContextFlags word contians the flag CONTEXT_INTEGER.
- //
- ULONG Edi;
- ULONG Esi;
- ULONG Ebx;
- ULONG Edx;
- ULONG Ecx;
- ULONG Eax;
- //
- // This section is specified/returned if the
- // ContextFlags word contians the flag CONTEXT_CONTROL.
- //
- ULONG Ebp;
- ULONG Eip;
- ULONG SegCs; // MUST BE SANITIZED
- ULONG EFlags; // MUST BE SANITIZED
- ULONG Esp;
- ULONG SegSs;
- //
- // This section is specified/returned if the ContextFlags word
- // contains the flag CONTEXT_EXTENDED_REGISTERS.
- // The format and contexts are processor specific
- //
- UCHAR ExtendedRegisters[MAXIMUM_SUPPORTED_EXTENSION];
- } CONTEXT;
- typedef struct _EXCEPTION_RECORD64 {
- ULONG ExceptionCode;
- ULONG ExceptionFlags;
- ULONG64 ExceptionRecord;
- ULONG64 ExceptionAddress;
- ULONG NumberParameters;
- ULONG __unusedAlignment;
- ULONG64 ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
- } EXCEPTION_RECORD64, *PEXCEPTION_RECORD64;
- //
- // DBGKM Structure for Exceptions
- //
- typedef struct _DBGKM_EXCEPTION64
- {
- EXCEPTION_RECORD64 ExceptionRecord;
- ULONG FirstChance;
- } DBGKM_EXCEPTION64, *PDBGKM_EXCEPTION64;
- //
- // DBGKD Structure for State Change
- //
- typedef struct _DBGKD_CONTROL_REPORT
- {
- ULONG Dr6;
- ULONG Dr7;
- USHORT InstructionCount;
- USHORT ReportFlags;
- UCHAR InstructionStream[DBGKD_MAXSTREAM];
- USHORT SegCs;
- USHORT SegDs;
- USHORT SegEs;
- USHORT SegFs;
- ULONG EFlags;
- } DBGKD_CONTROL_REPORT, *PDBGKD_CONTROL_REPORT;
- //
- // DBGKD Structure for Debug I/O Type Print String
- //
- typedef struct _DBGKD_PRINT_STRING
- {
- ULONG LengthOfString;
- } DBGKD_PRINT_STRING, *PDBGKD_PRINT_STRING;
- //
- // DBGKD Structure for Debug I/O Type Get String
- //
- typedef struct _DBGKD_GET_STRING
- {
- ULONG LengthOfPromptString;
- ULONG LengthOfStringRead;
- } DBGKD_GET_STRING, *PDBGKD_GET_STRING;
- //
- // DBGKD Structure for Load Symbols
- //
- typedef struct _DBGKD_LOAD_SYMBOLS64
- {
- ULONG PathNameLength;
- ULONG64 BaseOfDll;
- ULONG64 ProcessId;
- ULONG CheckSum;
- ULONG SizeOfImage;
- BOOLEAN UnloadSymbols;
- } DBGKD_LOAD_SYMBOLS64, *PDBGKD_LOAD_SYMBOLS64;
- typedef struct _KUSER_SHARED_DATA
- {
- ULONG TickCountLow ; //+0x000
- ULONG TickCountMultiplier ; //+0x004
- KSYSTEM_TIME InterruptTime ; //+0x008
- KSYSTEM_TIME SystemTime ; //+0x014
- KSYSTEM_TIME TimeZoneBias ; //+0x020
- USHORT ImageNumberLow ; //+0x02c
- USHORT ImageNumberHigh ; //+0x02e
- USHORT NtSystemRoot [260] ; //+0x030
- ULONG MaxStackTraceDepth ; //+0x238
- ULONG CryptoExponent ; //+0x23c
- ULONG TimeZoneId ; //+0x240
- ULONG Reserved2[8] ; //+0x244
- NT_PRODUCT_TYPE NtProductType ; //+0x264
- UCHAR ProductTypeIsValid ; //+0x268
- ULONG NtMajorVersion ; //+0x26c
- ULONG NtMinorVersion ; //+0x270
- UCHAR ProcessorFeatures[64] ; //+0x274
- ULONG Reserved1 ; //+0x2b4
- ULONG Reserved3 ; //+0x2b8
- ULONG TimeSlip ; //+0x2bc
- ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture ; //+0x2c0
- LARGE_INTEGER SystemExpirationDate ; //+0x2c8
- ULONG SuiteMask ; //+0x2d0
- UCHAR KdDebuggerEnabled ; //+0x2d4
- UCHAR NXSupportPolicy ; //+0x2d5
- ULONG ActiveConsoleId ; //+0x2d8
- ULONG DismountCount ; //+0x2dc
- ULONG ComPlusPackage ; //+0x2e0
- ULONG LastSystemRITEventTickCount ; //+0x2e4
- ULONG NumberOfPhysicalPages ; //+0x2e8
- UCHAR SafeBootMode ; //+0x2ec
- ULONG TraceLogging ; //+0x2f0
- ULONGLONG TestRetInstruction ; //+0x2f8
- ULONG SystemCall ; //+0x300
- ULONG SystemCallReturn ; //+0x304
- ULONGLONG SystemCallPad[3] ; //+0x308
- KSYSTEM_TIME TickCount ; //+0x320
- ULONGLONG TickCountQuad ; //+0x320
- ULONG Cookie ; //+0x330
- }KUSER_SHARED_DATA;
- typedef struct _KD_PACKET
- {
- ULONG PacketLeader ;
- USHORT PacketType ;
- USHORT byteCount ;
- ULONG PacketId ;
- ULONG Checksum ;
- }KD_PACKET;
- typedef struct _DBGKD_DEBUG_IO
- {
- ULONG ApiNumber;
- USHORT ProcessorLevel;
- USHORT Processor;
- union
- {
- DBGKD_PRINT_STRING PrintString;
- DBGKD_GET_STRING GetString;
- } u;
- } DBGKD_DEBUG_IO, *PDBGKD_DEBUG_IO;
- typedef struct _DBGKD_WAIT_STATE_CHANGE64
- {
- ULONG NewState;
- USHORT ProcessorLevel;
- USHORT Processor;
- ULONG NumberProcessors;
- ULONG64 Thread;
- ULONG64 ProgramCounter;
- union
- {
- DBGKM_EXCEPTION64 Exception;
- DBGKD_LOAD_SYMBOLS64 LoadSymbols;
- } u;
- DBGKD_CONTROL_REPORT ControlReport;
- CONTEXT Context;
- } DBGKD_WAIT_STATE_CHANGE64, *PDBGKD_WAIT_STATE_CHANGE64;
- //
- // If the packet type is PACKET_TYPE_KD_FILE_IO, then
- // the format of the packet data is as follows:
- //
- #define DbgKdCreateFileApi 0x00003430L
- #define DbgKdReadFileApi 0x00003431L
- #define DbgKdWriteFileApi 0x00003432L
- #define DbgKdCloseFileApi 0x00003433L
- // Unicode filename follows as additional data.
- typedef struct _DBGKD_CREATE_FILE {
- ULONG DesiredAccess;
- ULONG FileAttributes;
- ULONG ShareAccess;
- ULONG CreateDisposition;
- ULONG CreateOptions;
- // Return values.
- ULONG64 Handle;
- ULONG64 Length;
- } DBGKD_CREATE_FILE, *PDBGKD_CREATE_FILE;
- // Data is returned as additional data in the response.
- typedef struct _DBGKD_READ_FILE {
- ULONG64 Handle;
- ULONG64 Offset;
- ULONG Length;
- } DBGKD_READ_FILE, *PDBGKD_READ_FILE;
- // Data is given as additional data.
- typedef struct _DBGKD_WRITE_FILE {
- ULONG64 Handle;
- ULONG64 Offset;
- ULONG Length;
- } DBGKD_WRITE_FILE, *PDBGKD_WRITE_FILE;
- typedef struct _DBGKD_CLOSE_FILE {
- ULONG64 Handle;
- } DBGKD_CLOSE_FILE, *PDBGKD_CLOSE_FILE;
- typedef struct _DBGKD_FILE_IO {
- ULONG ApiNumber;
- ULONG Status;
- union {
- ULONG64 ReserveSpace[7];
- DBGKD_CREATE_FILE CreateFile;
- DBGKD_READ_FILE ReadFile;
- DBGKD_WRITE_FILE WriteFile;
- DBGKD_CLOSE_FILE CloseFile;
- } u;
- } DBGKD_FILE_IO, *PDBGKD_FILE_IO;
- #define KI_USER_SHARED_DATA 0xffdf0000
- #define SharedUserData ((KUSER_SHARED_DATA * const) KI_USER_SHARED_DATA)
- extern BOOLEAN KdDebuggerNotPresent;
- BOOLEAN KdpControlCPending = FALSE;
- BOOLEAN KdpControlCPressed = FALSE;
- ULONG KdpRetryCount = 5;
- ULONG KdpNumberRetries = 5;
- ULONG KdpPacketIdExpected =0;
- ULONG KdpNextPacketIdToSend =0;
- //ULONG KdpDefaultRetries =0;
- //--------------------------------
- ULONG
- KdCompGetByte (
- OUT PUCHAR Input
- );
- ULONG
- KdCompPollByte (
- OUT PUCHAR Input
- );
- VOID
- KdCompPutByte (
- IN UCHAR Output
- );
- ULONG
- KdpComputeChecksum (
- IN PUCHAR Buffer,
- IN ULONG Length
- );
- ULONG
- KdpReceiveString (
- OUT PCHAR Destination,
- IN ULONG Length
- );
- VOID
- KdpSendString (
- IN PCHAR Source,
- IN ULONG Length
- );
- VOID
- KdpSendControlPacket (
- IN USHORT PacketType,
- IN ULONG PacketId OPTIONAL
- );
- #ifdef ALLOC_PRAGMA
- #pragma alloc_text(PAGEKD, KdpComputeChecksum)
- #pragma alloc_text(PAGEKD, KdpReceivePacketLeader)
- #pragma alloc_text(PAGEKD, KdpReceiveString)
- #pragma alloc_text(PAGEKD, KdpSendString)
- #pragma alloc_text(PAGEKD, KdpSendControlPacket)
- #pragma alloc_text(PAGEKD, KdReceivePacket)
- #pragma alloc_text(PAGEKD, KdSendPacket)
- #endif
- ULONG
- KdpComputeChecksum (
- IN PUCHAR Buffer,
- IN ULONG Length
- )
- /*++
- Routine Description:
- This routine computes the checksum for the string passed in.
- Arguments:
- Buffer - Supplies a pointer to the string.
- Length - Supplies the length of the string.
- Return Value:
- A ULONG is return as the checksum for the input string.
- --*/
- {
- ULONG Checksum = 0;
- while (Length > 0) {
- Checksum = Checksum + (ULONG)*Buffer++;
- Length--;
- }
- return Checksum;
- }
- USHORT
- KdpReceivePacketLeader (
- IN ULONG PacketType,
- OUT PULONG PacketLeader,
- IN_OUT PKD_CONTEXT KdContext OPTIONAL
- )
- /*++
- Routine Description:
- This routine waits for a packet header leader.
- Arguments:
- PacketType - supplies the type of packet we are expecting.
- PacketLeader - supplies a pointer to a ulong variable to receive
- packet leader UCHARs.
- Return Value:
- KDP_PACKET_RESEND - if resend is required.
- KDP_PAKCET_TIMEOUT - if timeout.
- KDP_PACKET_RECEIVED - if packet received.
- --*/
- {
- UCHAR Input, PreviousUCHAR = 0;
- ULONG PacketId = 0;
- ULONG Index;
- ULONG ReturnCode;
- BOOLEAN BreakinDetected = FALSE;
- if(KdContext)
- {
- KdContext->BreakInRequested = BreakinDetected;
- }
- //
- // NOTE - With all the interrupts being off, it is very hard
- // to implement the actual timeout code. (Maybe, by reading the CMOS.)
- // Here we use a loop count to wait about 3 seconds. The CpGetUCHAR
- // will return with error code = CP_GET_NODATA if it cannot find data
- // UCHAR within 1 second. Kernel debugger's timeout period is 5 seconds.
- //
- Index = 0;
- do {
- ReturnCode = KdCompGetByte(&Input);
- if (ReturnCode == CP_GET_NODATA) {
- if (BreakinDetected) {
- KdpControlCPending = TRUE;
- if(KdContext)
- {
- KdContext->BreakInRequested = BreakinDetected;
- }
- return KDP_PACKET_RESEND;
- } else {
- if(KdContext)
- {
- KdContext->BreakInRequested = BreakinDetected;
- }
- return KDP_PACKET_TIMEOUT;
- }
- }
- else if (ReturnCode == CP_GET_ERROR) {
- Index = 0;
- continue;
- }
- else { // if (ReturnCode == CP_GET_SUCCESS)
- if ( Input == PACKET_LEADER_BYTE ||
- Input == CONTROL_PACKET_LEADER_BYTE ) {
- if ( Index == 0 ) {
- PreviousUCHAR = Input;
- Index++;
- } else if (Input == PreviousUCHAR ) {
- Index++;
- } else {
- PreviousUCHAR = Input;
- Index = 1;
- }
- } else {
- //
- // If we detect breakin character, we need to verify it
- // validity. (It is possible that we missed a packet leader
- // and the breakin character is simply a data UCHAR in the
- // packet.)
- // Since kernel debugger send out breakin character ONLY
- // when it is waiting for State Change packet. The breakin
- // character should not be followed by any other character
- // except packet leader UCHAR.
- //
- if ( Input == BREAKIN_PACKET_BYTE) {
- BreakinDetected = TRUE;
- } else {
- //
- // The following statement is ABSOLUTELY necessary.
- //
- BreakinDetected = FALSE;
- }
- Index = 0;
- }
- }
- } while ( Index < 4 );
- if (BreakinDetected) {
- KdpControlCPending = TRUE;
- }
- //
- // return the packet leader and FALSE to indicate no resend is needed.
- //
- if ( Input == PACKET_LEADER_BYTE ) {
- *PacketLeader = PACKET_LEADER;
- } else {
- *PacketLeader = CONTROL_PACKET_LEADER;
- }
- if(KdContext)
- {
- KdContext->BreakInRequested = BreakinDetected;
- }
- KdDebuggerNotPresent = FALSE;
- SharedUserData->KdDebuggerEnabled |= 0x00000002;
- return KDP_PACKET_RECEIVED;
- }
- ULONG
- KdpReceiveString (
- OUT PCHAR Destination,
- IN ULONG Length
- )
- /*++
- Routine Description:
- This routine reads a string from the kernel debugger port.
- Arguments:
- Destination - Supplies a pointer to the input string.
- Length - Supplies the length of the string to be read.
- Return Value:
- CP_GET_SUCCESS is returned if string is successfully read from the
- kernel debugger line.
- CP_GET_ERROR is returned if error encountered during reading.
- CP_GET_NODATA is returned if timeout.
- --*/
- {
- UCHAR Input;
- ULONG ReturnCode;
- //
- // Read UCHARs until either a error is encountered or the entire string
- // has been read.
- //
- while (Length > 0) {
- ReturnCode = KdCompGetByte(&Input);
- if (ReturnCode != CP_GET_SUCCESS) {
- return ReturnCode;
- } else {
- *Destination++ = Input;
- Length -= 1;
- }
- }
- return CP_GET_SUCCESS;
- }
- VOID
- KdpSendString (
- IN PCHAR Source,
- IN ULONG Length
- )
- /*++
- Routine Description:
- This routine writes a string to the kernel debugger port.
- Arguments:
- Source - Supplies a pointer to the output string.
- Length - Supplies the length of the string to be written.
- Return Value:
- None.
- --*/
- {
- UCHAR Output;
- //
- // Write UCHARs to the kernel debugger port.
- //
- while (Length > 0) {
- Output = *Source++;
- KdCompPutByte(Output);
- Length -= 1;
- }
- return;
- }
- VOID
- KdpSendControlPacket (
- IN USHORT PacketType,
- IN ULONG PacketId OPTIONAL
- )
- /*++
- Routine Description:
- This routine sends a control packet to the host machine that is running the
- kernel debugger and waits for an ACK.
- Arguments:
- PacketType - Supplies the type of packet to send.
- PacketId - Supplies packet id, optionally.
- Return Value:
- None.
- --*/
- {
- KD_PACKET PacketHeader;
- //
- // Initialize and send the packet header.
- //
- PacketHeader.PacketLeader = CONTROL_PACKET_LEADER;
- if (ARGUMENT_PRESENT( (PVOID)(ULONG_PTR) PacketId )) {
- PacketHeader.PacketId = PacketId;
- }
- PacketHeader.byteCount = 0;
- PacketHeader.Checksum = 0;
- PacketHeader.PacketType = PacketType;
- KdpSendString((PCHAR)&PacketHeader, sizeof(KD_PACKET));
- return;
- }
- ULONG
- KdReceivePacket (
- IN ULONG PacketType,
- OUT PSTRING MessageHeader,
- OUT PSTRING MessageData,
- OUT PULONG DataLength,
- IN_OUT PKD_CONTEXT KdContext OPTIONAL
- )
- /*++
- Routine Description:
- This routine receives a packet from the host machine that is running
- the kernel debugger UI. This routine is ALWAYS called after packet being
- sent by caller. It first waits for ACK packet for the packet sent and
- then waits for the packet desired.
- N.B. If caller is KdPrintString, the parameter PacketType is
- PACKET_TYPE_KD_ACKNOWLEDGE. In this case, this routine will return
- right after the ack packet is received.
- Arguments:
- PacketType - Supplies the type of packet that is excepted.
- MessageHeader - Supplies a pointer to a string descriptor for the input
- message.
- MessageData - Supplies a pointer to a string descriptor for the input data.
- DataLength - Supplies pointer to ULONG to receive length of recv. data.
- Return Value:
- KDP_PACKET_RESEND - if resend is required.
- KDP_PAKCET_TIMEOUT - if timeout.
- KDP_PACKET_RECEIVED - if packet received.
- --*/
- {
- UCHAR Input;
- ULONG MessageLength;
- KD_PACKET PacketHeader;
- ULONG ReturnCode;
- ULONG Checksum;
- if(PacketType==PACKET_TYPE_KD_POLL_BREAKIN)
- {
- ReturnCode= KdCompPollByte(&Input);
- if(ReturnCode==CP_GET_SUCCESS && BREAKIN_PACKET_BYTE==Input)
- {
- return KDP_PACKET_RECEIVED;
- }
- else
- {
- return KDP_PACKET_TIMEOUT;
- }
- }
- WaitForPacketLeader:
- //
- // Read Packet Leader
- //
- ReturnCode = KdpReceivePacketLeader(PacketType, &PacketHeader.PacketLeader,KdContext);
- //
- // If we can successfully read packet leader, it has high possibility that
- // kernel debugger is alive. So reset count.
- //
- if (ReturnCode != KDP_PACKET_TIMEOUT) {
- KdpNumberRetries = KdpRetryCount;
- }
- if (ReturnCode != KDP_PACKET_RECEIVED) {
- return ReturnCode;
- }
- //
- // Read packet type.
- //
- ReturnCode = KdpReceiveString((PCHAR)&PacketHeader.PacketType,
- sizeof(PacketHeader.PacketType));
- if (ReturnCode == CP_GET_NODATA) {
- return KDP_PACKET_TIMEOUT;
- } else if (ReturnCode == CP_GET_ERROR) {
- if (PacketHeader.PacketLeader == CONTROL_PACKET_LEADER) {
- //
- // If read error and it is for a control packet, simply
- // preptend that we have not seen this packet. Hopefully
- // we will receive the packet we desire which automatically acks
- // the packet we just sent.
- //
- goto WaitForPacketLeader;
- } else {
- //
- // if read error while reading data packet, we have to ask
- // kernel debugger to resend us the packet.
- //
- goto SendResendPacket;
- }
- }
- //
- // if the packet we received is a resend request, we return true and
- // let caller resend the packet.
- //
- if ( PacketHeader.PacketLeader == CONTROL_PACKET_LEADER &
- PacketHeader.PacketType == PACKET_TYPE_KD_RESEND ) {
- return KDP_PACKET_RESEND;
- }
- //
- // Read data length.
- //
- ReturnCode = KdpReceiveString((PCHAR)&PacketHeader.byteCount,
- sizeof(PacketHeader.byteCount));
- if (ReturnCode == CP_GET_NODATA) {
- return KDP_PACKET_TIMEOUT;
- } else if (ReturnCode == CP_GET_ERROR) {
- if (PacketHeader.PacketLeader == CONTROL_PACKET_LEADER) {
- goto WaitForPacketLeader;
- } else {
- goto SendResendPacket;
- }
- }
- //
- // Read Packet Id.
- //
- ReturnCode = KdpReceiveString((PCHAR)&PacketHeader.PacketId,
- sizeof(PacketHeader.PacketId));
- if (ReturnCode == CP_GET_NODATA) {
- return KDP_PACKET_TIMEOUT;
- } else if (ReturnCode == CP_GET_ERROR) {
- if (PacketHeader.PacketLeader == CONTROL_PACKET_LEADER) {
- goto WaitForPacketLeader;
- } else {
- goto SendResendPacket;
- }
- }
- //
- // Read packet checksum.
- //
- ReturnCode = KdpReceiveString((PCHAR)&PacketHeader.Checksum,
- sizeof(PacketHeader.Checksum));
- if (ReturnCode == CP_GET_NODATA) {
- return KDP_PACKET_TIMEOUT;
- } else if (ReturnCode == CP_GET_ERROR) {
- if (PacketHeader.PacketLeader == CONTROL_PACKET_LEADER) {
- goto WaitForPacketLeader;
- } else {
- goto SendResendPacket;
- }
- }
- //
- // A complete packet header is received. Check its validity and
- // perform appropriate action depending on packet type.
- //
- if (PacketHeader.PacketLeader == CONTROL_PACKET_LEADER ) {
- if (PacketHeader.PacketType == PACKET_TYPE_KD_ACKNOWLEDGE /*4*/) {
- //
- // If we received an expected ACK packet and we are not
- // waiting for any new packet, update outgoing packet id
- // and return. If we are NOT waiting for ACK packet
- // we will keep on waiting. If the ACK packet
- // is not for the packet we send, ignore it and keep on waiting.
- //
- if (PacketHeader.PacketId !=
- (KdpNextPacketIdToSend & ~SYNC_PACKET_ID)) {
- goto WaitForPacketLeader;
- } else if (PacketType == PACKET_TYPE_KD_ACKNOWLEDGE) {
- KdpNextPacketIdToSend ^= 1;
- return KDP_PACKET_RECEIVED;
- } else {
- goto WaitForPacketLeader;
- }
- } else if (PacketHeader.PacketType == PACKET_TYPE_KD_RESET/*6*/) {
- //
- // if we received Reset packet, reset the packet control variables
- // and resend earlier packet.
- //
- KdpNextPacketIdToSend = INITIAL_PACKET_ID;
- KdpPacketIdExpected = INITIAL_PACKET_ID;
- KdpSendControlPacket(PACKET_TYPE_KD_RESET, 0L);
- return KDP_PACKET_RESEND;
- } else if (PacketHeader.PacketType == PACKET_TYPE_KD_RESEND/*5*/) {
- return KDP_PACKET_RESEND;
- } else {
- //
- // Invalid packet header, ignore it.
- //
- goto WaitForPacketLeader;
- }
- //
- // The packet header is for data packet (not control packet).
- //
- } else if (PacketType == PACKET_TYPE_KD_ACKNOWLEDGE) {
- //
- // if we are waiting for ACK packet ONLY
- // and we receive a data packet header, check if the packet id
- // is what we expected. If yes, assume the acknowledge is lost (but
- // sent), ask sender to resend and return with PACKET_RECEIVED.
- //
- if (PacketHeader.PacketId == KdpPacketIdExpected) {
- KdpSendControlPacket(PACKET_TYPE_KD_RESEND, 0L);
- KdpNextPacketIdToSend ^= 1;
- return KDP_PACKET_RECEIVED;
- } else {
- KdpSendControlPacket(PACKET_TYPE_KD_ACKNOWLEDGE,
- PacketHeader.PacketId
- );
- goto WaitForPacketLeader;
- }
- }
- //
- // we are waiting for data packet and we received the packet header
- // for data packet. Perform the following checkings to make sure
- // it is the packet we are waiting for.
- //
- //
- // Check byteCount received is valid
- //
- MessageLength = MessageHeader->MaximumLength;
- if ((PacketHeader.byteCount > (USHORT)PACKET_MAX_SIZE) ||
- (PacketHeader.byteCount < (USHORT)MessageLength)) {
- goto SendResendPacket;
- }
- *DataLength = PacketHeader.byteCount - MessageLength;
- //
- // Read the message header.
- //
- ReturnCode = KdpReceiveString(MessageHeader->Buffer, MessageLength);
- if (ReturnCode != CP_GET_SUCCESS) {
- goto SendResendPacket;
- }
- MessageHeader->Length = (USHORT)MessageLength;
- //
- // Read the message data.
- //
- ReturnCode = KdpReceiveString(MessageData->Buffer, *DataLength);
- if (ReturnCode != CP_GET_SUCCESS) {
- goto SendResendPacket;
- }
- MessageData->Length = (USHORT)*DataLength;
- //
- // Read packet trailing byte
- //
- ReturnCode = KdCompGetByte(&Input);
- if (ReturnCode != CP_GET_SUCCESS || Input != PACKET_TRAILING_BYTE/*0AAh*/) {
- goto SendResendPacket;
- }
- //
- // Check PacketType is what we are waiting for.
- //
- if (PacketType != PacketHeader.PacketType) {
- KdpSendControlPacket(PACKET_TYPE_KD_ACKNOWLEDGE,
- PacketHeader.PacketId
- );
- goto WaitForPacketLeader;
- }
- //
- // Check PacketId is valid.
- //
- if (PacketHeader.PacketId == INITIAL_PACKET_ID ||
- PacketHeader.PacketId == (INITIAL_PACKET_ID ^ 1)) {
- if (PacketHeader.PacketId != KdpPacketIdExpected) {
- KdpSendControlPacket(PACKET_TYPE_KD_ACKNOWLEDGE,
- PacketHeader.PacketId
- );
- goto WaitForPacketLeader;
- }
- } else {
- goto SendResendPacket;
- }
- //
- // Check checksum is valid.
- //
- Checksum = KdpComputeChecksum(
- MessageHeader->Buffer,
- MessageHeader->Length
- );
- Checksum += KdpComputeChecksum(
- MessageData->Buffer,
- MessageData->Length
- );
- if (Checksum != PacketHeader.Checksum) {
- goto SendResendPacket;
- }
- //
- // Send Acknowledge UCHAR and the Id of the packet received.
- // Then, update the ExpectId for next incoming packet.
- //
- KdpSendControlPacket(PACKET_TYPE_KD_ACKNOWLEDGE,
- PacketHeader.PacketId
- );
- //
- // We have successfully received the packet so update the
- // packet control variables and return sucess.
- //
- KdpPacketIdExpected ^= 1;
- return KDP_PACKET_RECEIVED;
- SendResendPacket:
- KdpSendControlPacket(PACKET_TYPE_KD_RESEND, 0L);
- goto WaitForPacketLeader;
- }
- void
- KdSendPacket (
- IN ULONG PacketType,
- IN PSTRING MessageHeader,
- IN PSTRING MessageData OPTIONAL,
- IN_OUT PKD_CONTEXT KdContext OPTIONAL
- )
- /*++
- Routine Description:
- This routine sends a packet to the host machine that is running the
- kernel debugger and waits for an ACK.
- Arguments:
- PacketType - Supplies the type of packet to send.
- MessageHeader - Supplies a pointer to a string descriptor that describes
- the message information.
- MessageData - Supplies a pointer to a string descriptor that describes
- the optional message data.
- Return Value:
- None.
- --*/
- {
- KD_PACKET PacketHeader;
- ULONG MessageDataLength;
- ULONG ReturnCode;
- PDBGKD_DEBUG_IO DebugIo;
- PDBGKD_FILE_IO FileIo;
- PDBGKD_WAIT_STATE_CHANGE64 StateChange;
- if ( ARGUMENT_PRESENT(MessageData) ) {
- MessageDataLength = MessageData->Length;
- PacketHeader.Checksum = KdpComputeChecksum(
- MessageData->Buffer,
- MessageData->Length
- );
- } else {
- MessageDataLength = 0;
- PacketHeader.Checksum = 0;
- }
- PacketHeader.Checksum += KdpComputeChecksum (
- MessageHeader->Buffer,
- MessageHeader->Length
- );
- //
- // Initialize and send the packet header.
- //
- PacketHeader.PacketLeader = PACKET_LEADER;
- PacketHeader.byteCount = (USHORT)(MessageHeader->Length + MessageDataLength);
- PacketHeader.PacketType = (USHORT)PacketType;
- KdpNumberRetries = KdpRetryCount;
- do {
- if (KdpNumberRetries == 0) {
- //
- // If the packet is not for reporting exception, we give up
- // and declare debugger not present.
- //
- if (PacketType == PACKET_TYPE_KD_DEBUG_IO) {
- DebugIo = (PDBGKD_DEBUG_IO)MessageHeader->Buffer;
- if (DebugIo->ApiNumber == DbgKdPrintStringApi) {
- KdDebuggerNotPresent = TRUE;
- SharedUserData->KdDebuggerEnabled &= ~0x00000002;
- KdpNextPacketIdToSend = INITIAL_PACKET_ID | SYNC_PACKET_ID;//80800000|0800h
- KdpPacketIdExpected = INITIAL_PACKET_ID; //80800000h
- return;
- }
- } else if (PacketType == PACKET_TYPE_KD_STATE_CHANGE64) {
- StateChange = (PDBGKD_WAIT_STATE_CHANGE64)MessageHeader->Buffer;
- if (StateChange->NewState == DbgKdLoadSymbolsStateChange) {
- KdDebuggerNotPresent = TRUE;
- SharedUserData->KdDebuggerEnabled &= ~0x00000002;
- KdpNextPacketIdToSend = INITIAL_PACKET_ID | SYNC_PACKET_ID;
- KdpPacketIdExpected = INITIAL_PACKET_ID;
- return;
- }
- }
- else if (PacketType == PACKET_TYPE_KD_FILE_IO)
- {
- FileIo = (PDBGKD_FILE_IO)MessageHeader->Buffer;
- if (FileIo->ApiNumber== DbgKdCreateFileApi) {
- KdDebuggerNotPresent = TRUE;
- SharedUserData->KdDebuggerEnabled &= ~0x00000002;
- KdpNextPacketIdToSend = INITIAL_PACKET_ID | SYNC_PACKET_ID;
- KdpPacketIdExpected = INITIAL_PACKET_ID;
- return;
- }
- }
- }
- //
- // Setting PacketId has to be in the do loop in case Packet Id was
- // reset.
- //
- PacketHeader.PacketId = KdpNextPacketIdToSend;
- KdpSendString((PCHAR)&PacketHeader, sizeof(KD_PACKET));
- //
- // Output message header.
- //
- KdpSendString(MessageHeader->Buffer, MessageHeader->Length);
- //
- // Output message data.
- //
- if ( MessageDataLength ) {
- KdpSendString(MessageData->Buffer, MessageData->Length);
- }
- //
- // Output a packet trailing UCHAR
- //
- KdCompPutByte(PACKET_TRAILING_BYTE);
- //
- // Wait for the Ack Packet
- //
- ReturnCode = KdReceivePacket(
- PACKET_TYPE_KD_ACKNOWLEDGE,
- NULL,
- NULL,
- NULL,
- KdContext
- );
- if (ReturnCode == KDP_PACKET_TIMEOUT) {
- KdpNumberRetries--;
- }
- } while (ReturnCode != KDP_PACKET_RECEIVED);
- //
- // Reset Sync bit in packet id. The packet we sent may have Sync bit set
- //
- KdpNextPacketIdToSend &= ~SYNC_PACKET_ID;
- //
- // Since we are able to talk to debugger, the retrycount is set to
- // maximum value.
- //
- KdpRetryCount = KdContext->RetryCount;
- }
另给出我在网上找到的关于串口通信的资料:
- Serial I/O
- Table of Registers
- --------------------------------------------------------------------------------
- Base Address DLAB Read/Write Abr. Register Name
- + 0 =0 Write - Transmitter Holding Buffer
- =0 Read - Receiver Buffer
- =1 Read/Write - Divisor Latch Low Byte
- + 1 =0 Read/Write IER Interrupt Enable Register
- =1 Read/Write - Divisor Latch High Byte
- + 2 - Read IIR Interrupt Identification Register
- - Write FCR FIFO Control Register
- + 3 - Read/Write LCR Line Control Register
- + 4 - Read/Write MCR Modem Control Register
- + 5 - Read LSR Line Status Register
- + 6 - Read MSR Modem Status Register
- + 7 - Read/Write - Scratch Register
- -------------------------------------------------------------------------------
- Table 5 : Table of Registers
- DLAB ?
- --------------------------------------------------------------------------------
- You will have noticed in the table of registers that there is a DLAB column. When DLAB is set to '0' or '1' some of the
- registers change. This is how the UART is able to have 12 registers (including the scratch register) through only 8 port
- addresses. DLAB stands for Divisor Latch Access Bit. When DLAB is set to '1' via the line control register, two registers
- become available from which you can set your speed of communications measured in bits per second.
- The UART will have a crystal which should oscillate around 1.8432 MHZ. The UART incorporates a divide by 16 counter
- which simply divides the incoming clock signal by 16. Assuming we had the 1.8432 MHZ clock signal, that would leave us
- with a maximum, 115,200 hertz signal making the UART capable of transmitting and receiving at 115,200 Bits Per Second (BPS).
- That would be fine for some of the faster modems and devices which can handle that speed, but others just wouldn't communicate
- at all. Therefore the UART is fitted with a Programmable Baud Rate Generator which is controlled by two registers.
- Lets say for example we only wanted to communicate at 2400 BPS. We worked out that we would have to divide 115,200 by 48 to
- get a workable 2400 Hertz Clock. The "Divisor", in this case 48, is stored in the two registers controlled by the
- "Divisor Latch Access Bit". This divisor can be any number which can be stored in 16 bits (ie 0 to 65535). The UART only
- has a 8 bit data bus, thus this is where the two registers are used. The first register (Base + 0) when DLAB = 1 stores
- the "Divisor latch low byte" where as the second register (base + 1 when DLAB = 1) stores the "Divisor latch high byte."
- Below is a table of some more common speeds and their divisor latch high bytes & low bytes. Note that all the divisors are
- shown in Hexadecimal.
- -------------------------------------------------------------------------------
- Speed (BPS) Divisor (Dec) Divisor Latch High Byte Divisor Latch Low Byte
- 50 2304 09h 00h
- 300 384 01h 80h
- 600 192 00h C0h
- 2400 48 00h 30h
- 4800 24 00h 18h
- 9600 12 00h 0Ch
- 19200 6 00h 06h
- 38400 3 00h 03h
- 57600 2 00h 02h
- 115200 1 00h 01h
- -------------------------------------------------------------------------------
- Table 6 : Table of Commonly Used Baudrate Divisors
- Interrupt Enable Register (IER)
- --------------------------------------------------------------------------------
- -------------------------------------------------------------------------------
- Bit Notes
- Bit 7 Reserved
- Bit 6 Reserved
- Bit 5 Enables Low Power Mode (16750)
- Bit 4 Enables Sleep Mode (16750)
- Bit 3 Enable Modem Status Interrupt
- Bit 2 Enable Receiver Line Status Interrupt
- Bit 1 Enable Transmitter Holding Register Empty Interrupt
- Bit 0 Enable Received Data Available Interrupt
- -------------------------------------------------------------------------------
- Table 7 : Interrupt Enable Register
- The Interrupt Enable Register could possibly be one of the easiest registers on a UART to understand. Setting Bit 0 high enables
- the Received Data Available Interrupt which generates an interrupt when the receiving register/FIFO contains data to be read by
- the CPU.
- Bit 1 enables Transmit Holding Register Empty Interrupt. This interrupts the CPU when the transmitter buffer is empty. Bit 2
- enables the receiver line status interrupt. The UART will interrupt when the receiver line status changes. Likewise for bit 3
- which enables the modem status interrupt. Bits 4 to 7 are the easy ones. They are simply reserved. (If only everything was that
- easy!)
- Interrupt Identification Register (IIR)
- -------------------------------------------------------------------------------
- Bit Notes
- Bits 6 and 7 Bit 6 Bit 7
- 0 0 No FIFO
- 0 1 FIFO Enabled but Unusable
- 1 1 FIFO Enabled
- Bit 5 64 Byte Fifo Enabled (16750 only)
- Bit 4 Reserved
- Bit 3 0 Reserved on 8250, 16450
- 1 16550 Time-out Interrupt Pending
- Bits 1 and 2 Bit 2 Bit 1
- 0 0 Modem Status Interrupt
- 0 1 Transmitter Holding Register Empty Interrupt
- 1 0 Received Data Available Interrupt
- 1 1 Receiver Line Status Interrupt
- Bit0 0 Interrupt Pending
- 1 No Interrupt Pending
- Table 8 : Interrupt Identification Register
- The interrupt identification register is a read only register. Bits 6 and 7 give status on the FIFO Buffer. When both bits are '0'
- no FIFO buffers are active. This should be the only result you will get from a 8250 or 16450. If bit 7 is active but bit 6 is not
- active then the UART has it's buffers enabled but are unusable. This occurs on the 16550 UART where a bug in the FIFO buffer made
- the FIFO's unusable. If both bits are '1' then the FIFO buffers are enabled and fully operational.
- Bits 4 and 5 are reserved. Bit 3 shows the status of the time-out interrupt on a 16550 or higher.
- Lets jump to Bit 0 which shows whether an interrupt has occurred. If an interrupt has occurred it's status will shown by bits 1
- and 2. These interrupts work on a priority status. The Line Status Interrupt has the highest Priority, followed by the Data
- Available Interrupt, then the Transmit Register Empty Interrupt and then the Modem Status Interrupt which has the lowest priority.
- First In / First Out Control Register (FCR)
- -------------------------------------------------------------------------------
- Bit Notes
- Bits 6 and 7 Bit 7 Bit 6 Interrupt Trigger Level
- 0 0 1 Byte
- 0 1 4 Bytes
- 1 0 8 Bytes
- 1 1 14 Bytes
- Bit 5 Enable 64 Byte FIFO (16750 only)
- Bit 4 Reserved
- Bit 3 DMA Mode Select. Change status of RXRDY & TXRDY pins from mode 1 to mode 2.
- Bit 2 Clear Transmit FIFO
- Bit 1 Clear Receive FIFO
- Bit 0 Enable FIFO's
- -------------------------------------------------------------------------------
- Table 9 : FIFO Control Register
- The FIFO register is a write only register. This register is used to control the FIFO (First In / First Out) buffers which are
- found on 16550's and higher.
- Bit 0 enables the operation of the receive and transmit FIFO's. Writing a '0' to this bit will disable the operation of transmit
- and receive FIFO's, thus you will loose all data stored in these FIFO buffers.
- Bit's 1 and 2 control the clearing of the transmit or receive FIFO's. Bit 1 is responsible for the receive buffer while bit 2 is
- responsible for the transmit buffer. Setting these bits to 1 will only clear the contents of the FIFO and will not affect the
- shift registers. These two bits are self resetting, thus you don't need to set the bits to '0' when finished.
- Bit 3 enables the DMA mode select which is found on 16550 UARTs and higher. More on this later. Bits 4 and 5 are those easy type
- again, Reserved.
- Bits 6 and 7 are used to set the triggering level on the Receive FIFO. For example if bit 7 was set to '1' and bit 6 was set to '0'
- then the trigger level is set to 8 bytes. When there is 8 bytes of data in the receive FIFO then the Received Data Available
- interrupt is set. See (IIR)
- Line Control Register (LCR)
- ----------------------+---------------------------------------------------------
- Bit Notes
- Bit 7 1 Divisor Latch Access Bit
- 0 Access to Receiver buffer, Transmitter buffer & Interrupt Enable Register
- Bit 6 Set Break Enable
- Bits 3, 4 And 5 Bit 5 Bit 4 Bit 3 Parity Select
- X X 0 No Parity
- 0 0 1 Odd Parity
- 0 1 1 Even Parity
- 1 0 1 High Parity (Sticky)
- 1 1 1 Low Parity (Sticky)
- Bit 2 Length of Stop Bit
- 0 One Stop Bit
- 1 2 Stop bits for words of length 6,7 or 8 bits or 1.5 Stop Bits for Word lengths of 5 bits.
- Bits 0 And 1 Bit 1 Bit 0 Word Length
- 0 0 5 Bits
- 0 1 6 Bits
- 1 0 7 Bits
- 1 1 8 Bits
- ----------------------+---------------------------------------------------------
- Table 10 : Line Control Register
- The Line Control register sets the basic parameters for communication. Bit 7 is the Divisor Latch Access Bit or DLAB for short.
- We have already talked about what it does. (See DLAB?) Bit 6 Sets break enable. When active, the TD line goes into "Spacing"
- state which causes a break in the receiving UART. Setting this bit to '0' Disables the Break.
- Bits 3,4 and 5 select parity. If you study the 3 bits, you will find that bit 3 controls parity. That is, if it is
- set to '0' then no parity is used, but if it is set to '1' then parity is used. Jumping to bit 5, we can see that it
- controls sticky parity. Sticky parity is simply when the parity bit is always transmitted and checked as a '1' or '0'.
- This has very little success in checking for errors as if the first 4 bits contain errors but the sticky parity bit contains
- the appropriately set bit, then a parity error will not result. Sticky high parity is the use of a '1' for the parity bit,
- while the opposite, sticky low parity is the use of a '0' for the parity bit.
- If bit 5 controls sticky parity, then turning this bit off must produce normal parity provided bit 3 is still set to '1'.
- Odd parity is when the parity bit is transmitted as a '1' or '0' so that there is a odd number of 1's. Even parity must
- then be the parity bit produces and even number of 1's. This provides better error checking but still is not perfect,
- thus CRC-32 is often used for software error correction. If one bit happens to be inverted with even or odd parity set,
- then a parity error will occur, however if two bits are flipped in such a way that it produces the correct parity bit
- then an parity error will no occur.
- Bit 2 sets the length of the stop bits. Setting this bit to '0' will produce one stop bit, however setting it to '1' will
- produce either 1.5 or 2 stop bits depending upon the word length. Note that the receiver only checks the first stop bit.
- Bits 0 and 1 set the word length. This should be pretty straight forward. A word length of 8 bits is most commonly used today.
- Modem Control Register (MCR)
- -----+--------------------------------------------------------------------------
- Bit Notes
- Bit 7 Reserved
- Bit 6 Reserved
- Bit 5 Autoflow Control Enabled (16750 only)
- Bit 4 LoopBack Mode
- Bit 3 Aux Output 2
- Bit 2 Aux Output 1
- Bit 1 Force Request to Send
- Bit 0 Force Data Terminal Ready
- -----+--------------------------------------------------------------------------
- Table 11 : Modem Control Register
- The Modem Control Register is a Read/Write Register. Bits 5,6 and 7 are reserved. Bit 4 activates the loopback mode. In Loopback
- mode the transmitter serial output is placed into marking state. The receiver serial input is disconnected. The transmitter out
- is looped back to the receiver in. DSR, CTS, RI & DCD are disconnected. DTR, RTS, OUT1 & OUT2 are connected to the modem control
- inputs. The modem control output pins are then place in an inactive state. In this mode any data which is placed in the transmitter
- registers for output is received by the receiver circuitry on the same chip and is available at the receiver buffer. This can be
- used to test the UARTs operation.
- Aux Output 2 maybe connected to external circuitry which controls the UART-CPU interrupt process. Aux Output 1 is normally
- disconnected, but on some cards is used to switch between a 1.8432MHZ crystal to a 4MHZ crystal which is used for MIDI.
- Bits 0 and 1 simply control their relevant data lines. For example setting bit 1 to '1' makes the request to send line active.
- Line Status Register (LSR)
- -----+--------------------------------------------------------------------------
- Bit |Notes
- -----+--------------------------------------------------------------------------
- Bit 7 Error in Received FIFO
- Bit 6 Empty Data Holding Registers
- Bit 5 Empty Transmitter Holding Register
- Bit 4 Break Interrupt
- Bit 3 Framing Error
- Bit 2 Parity Error
- Bit 1 Overrun Error
- Bit 0 Data Ready
- -----+--------------------------------------------------------------------------
- Table 12 : Line Status Register
- The line status register is a read only register. Bit 7 is the error in received FIFO bit. This bit is high when at least one break,
- parity or framing error has occurred on a byte which is contained in the FIFO.
- When bit 6 is set, both the transmitter holding register and the shift register are empty. The UART's holding register holds the
- next byte of data to be sent in parallel fashion. The shift register is used to convert the byte to serial, so that it can be
- transmitted over one line. When bit 5 is set, only the transmitter holding register is empty. So what's the difference between the
- two? When bit 6, the transmitter holding and shift registers are empty, no serial conversions are taking place so there should be
- no activity on the transmit data line. When bit 5 is set, the transmitter holding register is empty, thus another byte can be sent
- to the data port, but a serial conversion using the shift register may be taking place.
- The break interrupt (Bit 4) occurs when the received data line is held in a logic state '0' (Space) for more than the time it takes
- to send a full word. That includes the time for the start bit, data bits, parity bits and stop bits.
- A framing error (Bit 3) occurs when the last bit is not a stop bit. This may occur due to a timing error. You will most commonly
- encounter a framing error when using a null modem linking two computers or a protocol analyzer when the speed at which the data
- is being sent is different to that of what you have the UART set to receive it at.
- A overrun error normally occurs when your program can't read from the port fast enough. If you don't get an incoming byte out of
- the register fast enough, and another byte just happens to be received, then the last byte will be lost and a overrun error will
- result.
- Bit 0 shows data ready, which means that a byte has been received by the UART and is at the receiver buffer ready to be read.
- Modem Status Register (MSR)
- -----+--------------------------------------------------------------------------
- Bit | Notes
- -----+--------------------------------------------------------------------------
- Bit 7 Carrier Detect
- Bit 6 Ring Indicator
- Bit 5 Data Set Ready
- Bit 4 Clear To Send
- Bit 3 Delta Data Carrier Detect
- Bit 2 Trailing Edge Ring Indicator
- Bit 1 Delta Data Set Ready
- Bit 0 Delta Clear to Send
- -----+--------------------------------------------------------------------------
- Table 13 : Modem Status Register
- Bit 0 of the modem status register shows delta clear to send, delta meaning a change in, thus delta clear to send means that there
- was a change in the clear to send line, since the last read of this register. This is the same for bits 1 and 3. Bit 1 shows a
- change in the Data Set Ready line where as Bit 3 shows a change in the Data Carrier Detect line. Bit 2 is the Trailing Edge Ring
- Indicator which indicates that there was a transformation from low to high state on the Ring Indicator line.
- Bits 4 to 7 show the current state of the data lines when read. Bit 7 shows Carrier Detect, Bit 6 shows Ring Indicator, Bit 5 shows
- Data Set Ready & Bit 4 shows the status of the Clear To Send line.
- --------------------------------------------------------------------------------
- Samples
- /* Name : Sample Comm's Program - Polled Version - termpoll.c */
- #include <dos.h>
- #include <stdio.h>
- #include <conio.h>
- #define PORT1 0x3F8
- /* Defines Serial Ports Base Address */
- /* COM1 0x3F8 */
- /* COM2 0x2F8 */
- /* COM3 0x3E8 */
- /* COM4 0x2E8 */
- void main(void)
- {
- int c;
- int ch;
- outportb(PORT1 + 1 , 0); /* Turn off interrupts - Port1 */
- /* PORT 1 - Communication Settings */
- outportb(PORT1 + 3 , 0x80); /* SET DLAB ON */
- outportb(PORT1 + 0 , 0x03); /* Set Baud rate - Divisor Latch Low Byte */
- /* Default 0x03 = 38,400 BPS */
- /* 0x01 = 115,200 BPS */
- /* 0x02 = 57,600 BPS */
- /* 0x06 = 19,200 BPS */
- /* 0x0C = 9,600 BPS */
- /* 0x18 = 4,800 BPS */
- /* 0x30 = 2,400 BPS */
- outportb(PORT1 + 1 , 0x00); /* Set Baud rate - Divisor Latch High Byte */
- outportb(PORT1 + 3 , 0x03); /* 8 Bits, No Parity, 1 Stop Bit */
- outportb(PORT1 + 2 , 0xC7); /* FIFO Control Register */
- outportb(PORT1 + 4 , 0x0B); /* Turn on DTR, RTS, and OUT2 */
- printf("/nSample Comm's Program. Press ESC to quit /n");
- do { c = inportb(PORT1 + 5); /* Check to see if char has been */
- /* received. */
- if (c & 1) {ch = inportb(PORT1); /* If so, then get Char */
- printf("%c",ch);} /* Print Char to Screen */
- if (kbhit()){ch = getch(); /* If key pressed, get Char */
- outportb(PORT1, ch);} /* Send Char to Serial Port */
- } while (ch !=27); /* Quit when ESC (ASC 27) is pressed */
- }
- --------------------------------------------------------------------------------
- The End
最后
以上就是简单水蜜桃为你收集整理的Windows串口调试通信协议KDCOM.DLL的反向分析及Asm和C源代码的全部内容,希望文章能够帮你解决Windows串口调试通信协议KDCOM.DLL的反向分析及Asm和C源代码所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复