I’m working on an pseudo-emulator software. I have
to provide a box capable of loading and running a
binary code. This binary is a DLL compiled in VC++.
The same source code compiled for a specific
processor
is used by the real machine. The source code cannot
be
changed.
The code makes use of direct memory manipulations
like:
*(unsigned char *)(0xFF00FF00) = 0x80
or
unsigned char ch = *(unsigned char *)(0xFF00FF00);
I am searching for a solution to intercept these
memory accesses. I need to know:
the operation type: write or read
the address
the value (if write)
It is important to intercept the read because some
devices need only a register read to switch to a
specific mode.
Could someone give me some advices about how
should
I implement this mechanism?
I am familiar with filter drivers but, in this
case,
I don’t know which driver I have to filter.
I haven’t received Maxim’s message (but my co-worker did?) but I can add
Vectored exception handler (AddVectoredExceptionHandler) if you can afford
to run only on XP and your DLL is multithreaded. __try/__except won’t work
well if it is multithreaded. On earlier systems, you can use
(UnhandledExceptionFilter)…
Reserving or using a guard pages are 2 nice way to force the exception
mecanism. For sure, if the adresses are in kernel range, you don’t have to
do anything to throw exceptions
For guard pages, your DLL *MUST* be single threaded.
So you can all do this in user mode.
M-A
“Razvan Marcus” a écrit dans le message de news: xxxxx@ntfsd… > > > Hello, > > I’m working on an pseudo-emulator software. I have > to provide a box capable of loading and running a > binary code. This binary is a DLL compiled in VC++. > The same source code compiled for a specific > processor > is used by the real machine. The source code cannot > be > changed. > The code makes use of direct memory manipulations > like: > *(unsigned char *)(0xFF00FF00) = 0x80 > or > unsigned char ch = *(unsigned char *)(0xFF00FF00); > > I am searching for a solution to intercept these > memory accesses. I need to know: > - the operation type: write or read > - the address > - the value (if write) > > It is important to intercept the read because some > devices need only a register read to switch to a > specific mode. > > Could someone give me some advices about how > should > I implement this mechanism? > I am familiar with filter drivers but, in this > case, > I don’t know which driver I have to filter. > > Thank you > > > > > > > > > > > __________________________________ > Do you Yahoo!? > The all-new My Yahoo! - Get yours free! > http://my.yahoo.com > > >
“Marc-Antoine Ruel” a écrit dans le message de news: xxxxx@ntfsd… >I haven’t received Maxim’s message (but my co-worker did?) but I can add > > - Vectored exception handler (AddVectoredExceptionHandler) if you can > afford to run only on XP and your DLL is multithreaded. try/ except > won’t work well if it is multithreaded. On earlier systems, you can use > (UnhandledExceptionFilter)… > > Reserving or using a guard pages are 2 nice way to force the exception > mecanism. For sure, if the adresses are in kernel range, you don’t have to > do anything to throw exceptions > > For guard pages, your DLL MUST be single threaded. > > So you can all do this in user mode. > > M-A > > “Razvan Marcus” a écrit dans le message de news: > xxxxx@ntfsd… >> >> >> Hello, >> >> I’m working on an pseudo-emulator software. I have >> to provide a box capable of loading and running a >> binary code. This binary is a DLL compiled in VC++. >> The same source code compiled for a specific >> processor >> is used by the real machine. The source code cannot >> be >> changed. >> The code makes use of direct memory manipulations >> like: >> *(unsigned char *)(0xFF00FF00) = 0x80 >> or >> unsigned char ch = *(unsigned char *)(0xFF00FF00); >> >> I am searching for a solution to intercept these >> memory accesses. I need to know: >> - the operation type: write or read >> - the address >> - the value (if write) >> >> It is important to intercept the read because some >> devices need only a register read to switch to a >> specific mode. >> >> Could someone give me some advices about how >> should >> I implement this mechanism? >> I am familiar with filter drivers but, in this >> case, >> I don’t know which driver I have to filter. >> >> Thank you >> >> >> >> >> >> >> >> >> >> >> __________________________________ >> Do you Yahoo!? >> The all-new My Yahoo! - Get yours free! >> http://my.yahoo.com >> >> >> > > >
There’s debug registers, if you are dealing with a limited number of
funny locations. Otherwise, it’s exception handling, as per other
posters. Or you could disassemble and analyze the code.
in fact I posted the question in both lists. finally it seems there are the
same people
sorry
“Marc-Antoine Ruel” wrote in message news:xxxxx@ntfsd… > Oops, you cross-posted!?! > Stay in ntdev… > > > “Marc-Antoine Ruel” a écrit dans le message de news: > xxxxx@ntfsd… >>I haven’t received Maxim’s message (but my co-worker did?) but I can add >> >> - Vectored exception handler (AddVectoredExceptionHandler) if you can >> afford to run only on XP and your DLL is multithreaded. try/ except >> won’t work well if it is multithreaded. On earlier systems, you can use >> (UnhandledExceptionFilter)… >> >> Reserving or using a guard pages are 2 nice way to force the exception >> mecanism. For sure, if the adresses are in kernel range, you don’t have >> to do anything to throw exceptions >> >> For guard pages, your DLL MUST be single threaded. >> >> So you can all do this in user mode. >> >> M-A >> >> “Razvan Marcus” a écrit dans le message de >> news: xxxxx@ntfsd… >>> >>> >>> Hello, >>> >>> I’m working on an pseudo-emulator software. I have >>> to provide a box capable of loading and running a >>> binary code. This binary is a DLL compiled in VC++. >>> The same source code compiled for a specific >>> processor >>> is used by the real machine. The source code cannot >>> be >>> changed. >>> The code makes use of direct memory manipulations >>> like: >>> *(unsigned char *)(0xFF00FF00) = 0x80 >>> or >>> unsigned char ch = *(unsigned char *)(0xFF00FF00); >>> >>> I am searching for a solution to intercept these >>> memory accesses. I need to know: >>> - the operation type: write or read >>> - the address >>> - the value (if write) >>> >>> It is important to intercept the read because some >>> devices need only a register read to switch to a >>> specific mode. >>> >>> Could someone give me some advices about how >>> should >>> I implement this mechanism? >>> I am familiar with filter drivers but, in this >>> case, >>> I don’t know which driver I have to filter. >>> >>> Thank you >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> __________________________________ >>> Do you Yahoo!? >>> The all-new My Yahoo! - Get yours free! >>> http://my.yahoo.com >>> >>> >>> >> >> >> > > >