PATMA.asm@ 5605

Last change on this file since 5605 was 5286, checked in by vboxsync, 17 years ago
Missing relocations
Property svn:eol-style set to `native` Property svn:keywords set to `Id`
File size: 70.3 KB

Line
1	; $Id: PATMA.asm 5286 2007-10-14 11:12:34Z vboxsync $
2	;; @file
3	; PATM Assembly Routines.
4	;
5
6	; Copyright (C) 2006-2007 innotek GmbH
7	;
8	; This file is part of VirtualBox Open Source Edition (OSE), as
9	; available from http://www.virtualbox.org. This file is free software;
10	; you can redistribute it and/or modify it under the terms of the GNU
11	; General Public License as published by the Free Software Foundation,
12	; in version 2 as it comes in the "COPYING" file of the VirtualBox OSE
13	; distribution. VirtualBox OSE is distributed in the hope that it will
14	; be useful, but WITHOUT ANY WARRANTY of any kind.
15
16	;
17	; @note This method has problems in theory. If we fault for any reason, then we won't be able to restore
18	; the guest's context properly!!
19	; E.g if one of the push instructions causes a fault or SS isn't wide open and our patch GC state accesses aren't valid.
20	; @assumptions
21	; - Enough stack for a few pushes
22	; - The SS selector has base 0 and limit 0xffffffff
23	;
24	; @todo stack probing is currently hardcoded and not present everywhere (search for 'probe stack')
25
26
27	;*******************************************************************************
28	;* Header Files *
29	;*******************************************************************************
30	%include "VBox/asmdefs.mac"
31	%include "VBox/err.mac"
32	%include "VBox/x86.mac"
33	%include "VBox/vm.mac"
34	%include "PATMA.mac"
35
36	%ifdef DEBUG
37	; Noisy, but useful for debugging certain problems
38	;;;%define PATM_LOG_PATCHINSTR
39	;;%define PATM_LOG_PATCHIRET
40	%endif
41
42	BEGINCODE
43
44	%ifdef RT_ARCH_AMD64
45	BITS 32 ; switch to 32-bit mode (x86).
46	%endif
47
48	%ifdef VBOX_WITH_STATISTICS
49	;
50	; Patch call statistics
51	;
52	BEGINPROC PATMStats
53	PATMStats_Start:
54	mov dword [ss:PATM_INTERRUPTFLAG], 0
55	pushf
56	inc dword [ss:PATM_ALLPATCHCALLS]
57	inc dword [ss:PATM_PERPATCHCALLS]
58	popf
59	mov dword [ss:PATM_INTERRUPTFLAG], 1
60	PATMStats_End:
61	ENDPROC PATMStats
62
63
64	; Patch record for statistics
65	GLOBALNAME PATMStatsRecord
66	RTCCPTR_DEF PATMStats_Start
67	DD 0
68	DD 0
69	DD 0
70	DD PATMStats_End - PATMStats_Start
71	DD 4
72	DD PATM_INTERRUPTFLAG
73	DD 0
74	DD PATM_ALLPATCHCALLS
75	DD 0
76	DD PATM_PERPATCHCALLS
77	DD 0
78	DD PATM_INTERRUPTFLAG
79	DD 0
80	DD 0ffffffffh
81	%endif
82
83	;
84	; Set PATM_INTERRUPTFLAG
85	;
86	BEGINPROC PATMSetPIF
87	PATMSetPIF_Start:
88	mov dword [ss:PATM_INTERRUPTFLAG], 1
89	PATMSetPIF_End:
90	ENDPROC PATMSetPIF
91
92
93	; Patch record for setting PATM_INTERRUPTFLAG
94	GLOBALNAME PATMSetPIFRecord
95	RTCCPTR_DEF PATMSetPIF_Start
96	DD 0
97	DD 0
98	DD 0
99	DD PATMSetPIF_End - PATMSetPIF_Start
100	DD 1
101	DD PATM_INTERRUPTFLAG
102	DD 0
103	DD 0ffffffffh
104
105	;
106	; Clear PATM_INTERRUPTFLAG
107	;
108	BEGINPROC PATMClearPIF
109	PATMClearPIF_Start:
110	; probe stack here as we can't recover from page faults later on
111	not dword [esp-64]
112	not dword [esp-64]
113	mov dword [ss:PATM_INTERRUPTFLAG], 0
114	PATMClearPIF_End:
115	ENDPROC PATMClearPIF
116
117
118	; Patch record for clearing PATM_INTERRUPTFLAG
119	GLOBALNAME PATMClearPIFRecord
120	RTCCPTR_DEF PATMClearPIF_Start
121	DD 0
122	DD 0
123	DD 0
124	DD PATMClearPIF_End - PATMClearPIF_Start
125	DD 1
126	DD PATM_INTERRUPTFLAG
127	DD 0
128	DD 0ffffffffh
129
130	;
131	; Clear PATM_INHIBITIRQADDR and fault if IF=0
132	;
133	BEGINPROC PATMClearInhibitIRQFaultIF0
134	PATMClearInhibitIRQFaultIF0_Start:
135	mov dword [ss:PATM_INTERRUPTFLAG], 0
136	mov dword [ss:PATM_INHIBITIRQADDR], 0
137	pushf
138
139	test dword [ss:PATM_VMFLAGS], X86_EFL_IF
140	jz PATMClearInhibitIRQFaultIF0_Fault
141
142	; if interrupts are pending, then we must go back to the host context to handle them!
143	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
144	jz PATMClearInhibitIRQFaultIF0_Continue
145
146	; Go to our hypervisor trap handler to dispatch the pending irq
147	mov dword [ss:PATM_TEMP_EAX], eax
148	mov dword [ss:PATM_TEMP_ECX], ecx
149	mov dword [ss:PATM_TEMP_EDI], edi
150	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
151	mov eax, PATM_ACTION_DISPATCH_PENDING_IRQ
152	lock or dword [ss:PATM_PENDINGACTION], eax
153	mov ecx, PATM_ACTION_MAGIC
154	mov edi, PATM_NEXTINSTRADDR
155	popfd ; restore flags we pushed above (the or instruction changes the flags as well)
156	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
157	; does not return
158
159	PATMClearInhibitIRQFaultIF0_Fault:
160	popf
161	mov dword [ss:PATM_INTERRUPTFLAG], 1
162	PATM_INT3
163
164	PATMClearInhibitIRQFaultIF0_Continue:
165	popf
166	mov dword [ss:PATM_INTERRUPTFLAG], 1
167	PATMClearInhibitIRQFaultIF0_End:
168	ENDPROC PATMClearInhibitIRQFaultIF0
169
170
171	; Patch record for clearing PATM_INHIBITIRQADDR
172	GLOBALNAME PATMClearInhibitIRQFaultIF0Record
173	RTCCPTR_DEF PATMClearInhibitIRQFaultIF0_Start
174	DD 0
175	DD 0
176	DD 0
177	DD PATMClearInhibitIRQFaultIF0_End - PATMClearInhibitIRQFaultIF0_Start
178	DD 12
179	DD PATM_INTERRUPTFLAG
180	DD 0
181	DD PATM_INHIBITIRQADDR
182	DD 0
183	DD PATM_VMFLAGS
184	DD 0
185	DD PATM_VM_FORCEDACTIONS
186	DD 0
187	DD PATM_TEMP_EAX
188	DD 0
189	DD PATM_TEMP_ECX
190	DD 0
191	DD PATM_TEMP_EDI
192	DD 0
193	DD PATM_TEMP_RESTORE_FLAGS
194	DD 0
195	DD PATM_PENDINGACTION
196	DD 0
197	DD PATM_NEXTINSTRADDR
198	DD 0
199	DD PATM_INTERRUPTFLAG
200	DD 0
201	DD PATM_INTERRUPTFLAG
202	DD 0
203	DD 0ffffffffh
204
205	;
206	; Clear PATM_INHIBITIRQADDR and continue if IF=0 (duplicated function only; never jump back to guest code afterwards!!)
207	;
208	BEGINPROC PATMClearInhibitIRQContIF0
209	PATMClearInhibitIRQContIF0_Start:
210	mov dword [ss:PATM_INTERRUPTFLAG], 0
211	mov dword [ss:PATM_INHIBITIRQADDR], 0
212	pushf
213
214	test dword [ss:PATM_VMFLAGS], X86_EFL_IF
215	jz PATMClearInhibitIRQContIF0_Continue
216
217	; if interrupts are pending, then we must go back to the host context to handle them!
218	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
219	jz PATMClearInhibitIRQContIF0_Continue
220
221	; Go to our hypervisor trap handler to dispatch the pending irq
222	mov dword [ss:PATM_TEMP_EAX], eax
223	mov dword [ss:PATM_TEMP_ECX], ecx
224	mov dword [ss:PATM_TEMP_EDI], edi
225	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
226	mov eax, PATM_ACTION_DISPATCH_PENDING_IRQ
227	lock or dword [ss:PATM_PENDINGACTION], eax
228	mov ecx, PATM_ACTION_MAGIC
229	mov edi, PATM_NEXTINSTRADDR
230	popfd ; restore flags we pushed above (the or instruction changes the flags as well)
231	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
232	; does not return
233
234	PATMClearInhibitIRQContIF0_Continue:
235	popf
236	mov dword [ss:PATM_INTERRUPTFLAG], 1
237	PATMClearInhibitIRQContIF0_End:
238	ENDPROC PATMClearInhibitIRQContIF0
239
240
241	; Patch record for clearing PATM_INHIBITIRQADDR
242	GLOBALNAME PATMClearInhibitIRQContIF0Record
243	RTCCPTR_DEF PATMClearInhibitIRQContIF0_Start
244	DD 0
245	DD 0
246	DD 0
247	DD PATMClearInhibitIRQContIF0_End - PATMClearInhibitIRQContIF0_Start
248	DD 11
249	DD PATM_INTERRUPTFLAG
250	DD 0
251	DD PATM_INHIBITIRQADDR
252	DD 0
253	DD PATM_VMFLAGS
254	DD 0
255	DD PATM_VM_FORCEDACTIONS
256	DD 0
257	DD PATM_TEMP_EAX
258	DD 0
259	DD PATM_TEMP_ECX
260	DD 0
261	DD PATM_TEMP_EDI
262	DD 0
263	DD PATM_TEMP_RESTORE_FLAGS
264	DD 0
265	DD PATM_PENDINGACTION
266	DD 0
267	DD PATM_NEXTINSTRADDR
268	DD 0
269	DD PATM_INTERRUPTFLAG
270	DD 0
271	DD 0ffffffffh
272
273
274	BEGINPROC PATMCliReplacement
275	PATMCliStart:
276	mov dword [ss:PATM_INTERRUPTFLAG], 0
277	pushf
278	%ifdef PATM_LOG_PATCHINSTR
279	push eax
280	push ecx
281	mov eax, PATM_ACTION_LOG_CLI
282	lock or dword [ss:PATM_PENDINGACTION], eax
283	mov ecx, PATM_ACTION_MAGIC
284	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
285	pop ecx
286	pop eax
287	%endif
288
289	and dword [ss:PATM_VMFLAGS], ~X86_EFL_IF
290	popf
291
292	mov dword [ss:PATM_INTERRUPTFLAG], 1
293	DB 0xE9
294	PATMCliJump:
295	DD PATM_JUMPDELTA
296	PATMCliEnd:
297	ENDPROC PATMCliReplacement
298
299
300	; Patch record for 'cli'
301	GLOBALNAME PATMCliRecord
302	RTCCPTR_DEF PATMCliStart
303	DD PATMCliJump - PATMCliStart
304	DD 0
305	DD 0
306	DD PATMCliEnd - PATMCliStart
307	%ifdef PATM_LOG_PATCHINSTR
308	DD 4
309	%else
310	DD 3
311	%endif
312	DD PATM_INTERRUPTFLAG
313	DD 0
314	%ifdef PATM_LOG_PATCHINSTR
315	DD PATM_PENDINGACTION
316	DD 0
317	%endif
318	DD PATM_VMFLAGS
319	DD 0
320	DD PATM_INTERRUPTFLAG
321	DD 0
322	DD 0ffffffffh
323
324
325	BEGINPROC PATMStiReplacement
326	PATMStiStart:
327	mov dword [ss:PATM_INTERRUPTFLAG], 0
328	mov dword [ss:PATM_INHIBITIRQADDR], PATM_NEXTINSTRADDR
329	pushf
330	%ifdef PATM_LOG_PATCHINSTR
331	push eax
332	push ecx
333	mov eax, PATM_ACTION_LOG_STI
334	lock or dword [ss:PATM_PENDINGACTION], eax
335	mov ecx, PATM_ACTION_MAGIC
336	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
337	pop ecx
338	pop eax
339	%endif
340	or dword [ss:PATM_VMFLAGS], X86_EFL_IF
341	popf
342	mov dword [ss:PATM_INTERRUPTFLAG], 1
343	PATMStiEnd:
344	ENDPROC PATMStiReplacement
345
346	; Patch record for 'sti'
347	GLOBALNAME PATMStiRecord
348	RTCCPTR_DEF PATMStiStart
349	DD 0
350	DD 0
351	DD 0
352	DD PATMStiEnd - PATMStiStart
353	%ifdef PATM_LOG_PATCHINSTR
354	DD 6
355	%else
356	DD 5
357	%endif
358	DD PATM_INTERRUPTFLAG
359	DD 0
360	DD PATM_INHIBITIRQADDR
361	DD 0
362	DD PATM_NEXTINSTRADDR
363	DD 0
364	%ifdef PATM_LOG_PATCHINSTR
365	DD PATM_PENDINGACTION
366	DD 0
367	%endif
368	DD PATM_VMFLAGS
369	DD 0
370	DD PATM_INTERRUPTFLAG
371	DD 0
372	DD 0ffffffffh
373
374	;
375	; Trampoline code for trap entry (without error code on the stack)
376	;
377	; esp + 32 - GS (V86 only)
378	; esp + 28 - FS (V86 only)
379	; esp + 24 - DS (V86 only)
380	; esp + 20 - ES (V86 only)
381	; esp + 16 - SS (if transfer to inner ring)
382	; esp + 12 - ESP (if transfer to inner ring)
383	; esp + 8 - EFLAGS
384	; esp + 4 - CS
385	; esp - EIP
386	;
387	BEGINPROC PATMTrapEntry
388	PATMTrapEntryStart:
389	mov dword [ss:PATM_INTERRUPTFLAG], 0
390	pushf
391
392	%ifdef PATM_LOG_PATCHIRET
393	push eax
394	push ecx
395	push edx
396	lea edx, dword [ss:esp+12+4] ;3 dwords + pushed flags -> iret eip
397	mov eax, PATM_ACTION_LOG_GATE_ENTRY
398	lock or dword [ss:PATM_PENDINGACTION], eax
399	mov ecx, PATM_ACTION_MAGIC
400	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
401	pop edx
402	pop ecx
403	pop eax
404	%endif
405
406	test dword [esp+12], X86_EFL_VM
407	jnz PATMTrapNoRing1
408
409	; make sure the saved CS selector for ring 1 is made 0
410	test dword [esp+8], 2
411	jnz PATMTrapNoRing1
412	test dword [esp+8], 1
413	jz PATMTrapNoRing1
414	and dword [esp+8], dword ~1 ; yasm / nasm dword
415	PATMTrapNoRing1:
416
417	; correct EFLAGS on the stack to include the current IOPL
418	push eax
419	mov eax, dword [ss:PATM_VMFLAGS]
420	and eax, X86_EFL_IOPL
421	and dword [esp+16], ~X86_EFL_IOPL ; esp+16 = eflags = esp+8+4(efl)+4(eax)
422	or dword [esp+16], eax
423	pop eax
424
425	popf
426	mov dword [ss:PATM_INTERRUPTFLAG], 1
427	DB 0xE9
428	PATMTrapEntryJump:
429	DD PATM_JUMPDELTA
430	PATMTrapEntryEnd:
431	ENDPROC PATMTrapEntry
432
433
434	; Patch record for trap gate entrypoint
435	GLOBALNAME PATMTrapEntryRecord
436	RTCCPTR_DEF PATMTrapEntryStart
437	DD PATMTrapEntryJump - PATMTrapEntryStart
438	DD 0
439	DD 0
440	DD PATMTrapEntryEnd - PATMTrapEntryStart
441	%ifdef PATM_LOG_PATCHIRET
442	DD 4
443	%else
444	DD 3
445	%endif
446	DD PATM_INTERRUPTFLAG
447	DD 0
448	%ifdef PATM_LOG_PATCHIRET
449	DD PATM_PENDINGACTION
450	DD 0
451	%endif
452	DD PATM_VMFLAGS
453	DD 0
454	DD PATM_INTERRUPTFLAG
455	DD 0
456	DD 0ffffffffh
457
458	;
459	; Trampoline code for trap entry (with error code on the stack)
460	;
461	; esp + 36 - GS (V86 only)
462	; esp + 32 - FS (V86 only)
463	; esp + 28 - DS (V86 only)
464	; esp + 24 - ES (V86 only)
465	; esp + 20 - SS (if transfer to inner ring)
466	; esp + 16 - ESP (if transfer to inner ring)
467	; esp + 12 - EFLAGS
468	; esp + 8 - CS
469	; esp + 4 - EIP
470	; esp - error code
471	;
472	BEGINPROC PATMTrapEntryErrorCode
473	PATMTrapErrorCodeEntryStart:
474	mov dword [ss:PATM_INTERRUPTFLAG], 0
475	pushf
476
477	%ifdef PATM_LOG_PATCHIRET
478	push eax
479	push ecx
480	push edx
481	lea edx, dword [ss:esp+12+4+4] ;3 dwords + pushed flags + error code -> iret eip
482	mov eax, PATM_ACTION_LOG_GATE_ENTRY
483	lock or dword [ss:PATM_PENDINGACTION], eax
484	mov ecx, PATM_ACTION_MAGIC
485	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
486	pop edx
487	pop ecx
488	pop eax
489	%endif
490
491	test dword [esp+16], X86_EFL_VM
492	jnz PATMTrapErrorCodeNoRing1
493
494	; make sure the saved CS selector for ring 1 is made 0
495	test dword [esp+12], 2
496	jnz PATMTrapErrorCodeNoRing1
497	test dword [esp+12], 1
498	jz PATMTrapErrorCodeNoRing1
499	and dword [esp+12], dword ~1 ; yasm / nasm dword
500	PATMTrapErrorCodeNoRing1:
501
502	; correct EFLAGS on the stack to include the current IOPL
503	push eax
504	mov eax, dword [ss:PATM_VMFLAGS]
505	and eax, X86_EFL_IOPL
506	and dword [esp+20], ~X86_EFL_IOPL ; esp+20 = eflags = esp+8+4(efl)+4(error code)+4(eax)
507	or dword [esp+20], eax
508	pop eax
509
510	popf
511	mov dword [ss:PATM_INTERRUPTFLAG], 1
512	DB 0xE9
513	PATMTrapErrorCodeEntryJump:
514	DD PATM_JUMPDELTA
515	PATMTrapErrorCodeEntryEnd:
516	ENDPROC PATMTrapEntryErrorCode
517
518
519	; Patch record for trap gate entrypoint
520	GLOBALNAME PATMTrapEntryRecordErrorCode
521	RTCCPTR_DEF PATMTrapErrorCodeEntryStart
522	DD PATMTrapErrorCodeEntryJump - PATMTrapErrorCodeEntryStart
523	DD 0
524	DD 0
525	DD PATMTrapErrorCodeEntryEnd - PATMTrapErrorCodeEntryStart
526	%ifdef PATM_LOG_PATCHIRET
527	DD 4
528	%else
529	DD 3
530	%endif
531	DD PATM_INTERRUPTFLAG
532	DD 0
533	%ifdef PATM_LOG_PATCHIRET
534	DD PATM_PENDINGACTION
535	DD 0
536	%endif
537	DD PATM_VMFLAGS
538	DD 0
539	DD PATM_INTERRUPTFLAG
540	DD 0
541	DD 0ffffffffh
542
543
544	;
545	; Trampoline code for interrupt gate entry (without error code on the stack)
546	;
547	; esp + 32 - GS (V86 only)
548	; esp + 28 - FS (V86 only)
549	; esp + 24 - DS (V86 only)
550	; esp + 20 - ES (V86 only)
551	; esp + 16 - SS (if transfer to inner ring)
552	; esp + 12 - ESP (if transfer to inner ring)
553	; esp + 8 - EFLAGS
554	; esp + 4 - CS
555	; esp - EIP
556	;
557	BEGINPROC PATMIntEntry
558	PATMIntEntryStart:
559	mov dword [ss:PATM_INTERRUPTFLAG], 0
560	pushf
561
562	%ifdef PATM_LOG_PATCHIRET
563	push eax
564	push ecx
565	push edx
566	lea edx, dword [ss:esp+12+4] ;3 dwords + pushed flags -> iret eip
567	mov eax, PATM_ACTION_LOG_GATE_ENTRY
568	lock or dword [ss:PATM_PENDINGACTION], eax
569	mov ecx, PATM_ACTION_MAGIC
570	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
571	pop edx
572	pop ecx
573	pop eax
574	%endif
575
576	test dword [esp+12], X86_EFL_VM
577	jnz PATMIntNoRing1
578
579	; make sure the saved CS selector for ring 1 is made 0
580	test dword [esp+8], 2
581	jnz PATMIntNoRing1
582	test dword [esp+8], 1
583	jz PATMIntNoRing1
584	and dword [esp+8], dword ~1 ; yasm / nasm dword
585	PATMIntNoRing1:
586
587	; correct EFLAGS on the stack to include the current IOPL
588	push eax
589	mov eax, dword [ss:PATM_VMFLAGS]
590	and eax, X86_EFL_IOPL
591	and dword [esp+16], ~X86_EFL_IOPL ; esp+16 = eflags = esp+8+4(efl)+4(eax)
592	or dword [esp+16], eax
593	pop eax
594
595	popf
596	mov dword [ss:PATM_INTERRUPTFLAG], 1
597	PATMIntEntryEnd:
598	ENDPROC PATMIntEntry
599
600
601	; Patch record for interrupt gate entrypoint
602	GLOBALNAME PATMIntEntryRecord
603	RTCCPTR_DEF PATMIntEntryStart
604	DD 0
605	DD 0
606	DD 0
607	DD PATMIntEntryEnd - PATMIntEntryStart
608	%ifdef PATM_LOG_PATCHIRET
609	DD 4
610	%else
611	DD 3
612	%endif
613	DD PATM_INTERRUPTFLAG
614	DD 0
615	%ifdef PATM_LOG_PATCHIRET
616	DD PATM_PENDINGACTION
617	DD 0
618	%endif
619	DD PATM_VMFLAGS
620	DD 0
621	DD PATM_INTERRUPTFLAG
622	DD 0
623	DD 0ffffffffh
624
625	;
626	; Trampoline code for interrupt gate entry (with error code on the stack)
627	;
628	; esp + 36 - GS (V86 only)
629	; esp + 32 - FS (V86 only)
630	; esp + 28 - DS (V86 only)
631	; esp + 24 - ES (V86 only)
632	; esp + 20 - SS (if transfer to inner ring)
633	; esp + 16 - ESP (if transfer to inner ring)
634	; esp + 12 - EFLAGS
635	; esp + 8 - CS
636	; esp + 4 - EIP
637	; esp - error code
638	;
639	BEGINPROC PATMIntEntryErrorCode
640	PATMIntEntryErrorCodeStart:
641	mov dword [ss:PATM_INTERRUPTFLAG], 0
642	pushf
643
644	%ifdef PATM_LOG_PATCHIRET
645	push eax
646	push ecx
647	push edx
648	lea edx, dword [ss:esp+12+4+4] ;3 dwords + pushed flags + error code -> iret eip
649	mov eax, PATM_ACTION_LOG_GATE_ENTRY
650	lock or dword [ss:PATM_PENDINGACTION], eax
651	mov ecx, PATM_ACTION_MAGIC
652	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
653	pop edx
654	pop ecx
655	pop eax
656	%endif
657
658	test dword [esp+16], X86_EFL_VM
659	jnz PATMIntNoRing1_ErrorCode
660
661	; make sure the saved CS selector for ring 1 is made 0
662	test dword [esp+12], 2
663	jnz PATMIntNoRing1_ErrorCode
664	test dword [esp+12], 1
665	jz PATMIntNoRing1_ErrorCode
666	and dword [esp+12], dword ~1 ; yasm / nasm dword
667	PATMIntNoRing1_ErrorCode:
668
669	; correct EFLAGS on the stack to include the current IOPL
670	push eax
671	mov eax, dword [ss:PATM_VMFLAGS]
672	and eax, X86_EFL_IOPL
673	and dword [esp+20], ~X86_EFL_IOPL ; esp+20 = eflags = esp+8+4(efl)+4(eax)+4(error code)
674	or dword [esp+20], eax
675	pop eax
676
677	popf
678	mov dword [ss:PATM_INTERRUPTFLAG], 1
679	PATMIntEntryErrorCodeEnd:
680	ENDPROC PATMIntEntryErrorCode
681
682
683	; Patch record for interrupt gate entrypoint
684	GLOBALNAME PATMIntEntryRecordErrorCode
685	RTCCPTR_DEF PATMIntEntryErrorCodeStart
686	DD 0
687	DD 0
688	DD 0
689	DD PATMIntEntryErrorCodeEnd - PATMIntEntryErrorCodeStart
690	%ifdef PATM_LOG_PATCHIRET
691	DD 4
692	%else
693	DD 3
694	%endif
695	DD PATM_INTERRUPTFLAG
696	DD 0
697	%ifdef PATM_LOG_PATCHIRET
698	DD PATM_PENDINGACTION
699	DD 0
700	%endif
701	DD PATM_VMFLAGS
702	DD 0
703	DD PATM_INTERRUPTFLAG
704	DD 0
705	DD 0ffffffffh
706
707	;
708	; 32 bits Popf replacement that faults when IF remains 0
709	;
710	BEGINPROC PATMPopf32Replacement
711	PATMPopf32Start:
712	mov dword [ss:PATM_INTERRUPTFLAG], 0
713	%ifdef PATM_LOG_PATCHINSTR
714	push eax
715	push ecx
716	mov eax, PATM_ACTION_LOG_POPF_IF1
717	test dword [esp+8], X86_EFL_IF
718	jnz PATMPopf32_Log
719	mov eax, PATM_ACTION_LOG_POPF_IF0
720
721	PATMPopf32_Log:
722	lock or dword [ss:PATM_PENDINGACTION], eax
723	mov ecx, PATM_ACTION_MAGIC
724	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
725	pop ecx
726	pop eax
727	%endif
728
729	test dword [esp], X86_EFL_IF
730	jnz PATMPopf32_Ok
731	mov dword [ss:PATM_INTERRUPTFLAG], 1
732	PATM_INT3
733
734	PATMPopf32_Ok:
735	; Note: we don't allow popf instructions to change the current IOPL; we simply ignore such changes (!!!)
736	; In this particular patch it's rather unlikely the pushf was included, so we have no way to check if the flags on the stack were correctly synched
737	; PATMPopf32Replacement_NoExit is different, because it's only used in IDT and function patches
738	or dword [ss:PATM_VMFLAGS], X86_EFL_IF
739
740	; if interrupts are pending, then we must go back to the host context to handle them!
741	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
742	jz PATMPopf32_Continue
743
744	; Go to our hypervisor trap handler to dispatch the pending irq
745	mov dword [ss:PATM_TEMP_EAX], eax
746	mov dword [ss:PATM_TEMP_ECX], ecx
747	mov dword [ss:PATM_TEMP_EDI], edi
748	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
749	mov eax, PATM_ACTION_DISPATCH_PENDING_IRQ
750	lock or dword [ss:PATM_PENDINGACTION], eax
751	mov ecx, PATM_ACTION_MAGIC
752	mov edi, PATM_NEXTINSTRADDR
753
754	popfd ; restore flags we pushed above (the or instruction changes the flags as well)
755	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
756	; does not return
757
758	PATMPopf32_Continue:
759	popfd ; restore flags we pushed above
760	mov dword [ss:PATM_INTERRUPTFLAG], 1
761	DB 0xE9
762	PATMPopf32Jump:
763	DD PATM_JUMPDELTA
764	PATMPopf32End:
765	ENDPROC PATMPopf32Replacement
766
767
768	; Patch record for 'popfd'
769	GLOBALNAME PATMPopf32Record
770	RTCCPTR_DEF PATMPopf32Start
771	DD PATMPopf32Jump - PATMPopf32Start
772	DD 0
773	DD 0
774	DD PATMPopf32End - PATMPopf32Start
775	%ifdef PATM_LOG_PATCHINSTR
776	DD 12
777	%else
778	DD 11
779	%endif
780	DD PATM_INTERRUPTFLAG
781	DD 0
782	%ifdef PATM_LOG_PATCHINSTR
783	DD PATM_PENDINGACTION
784	DD 0
785	%endif
786	DD PATM_INTERRUPTFLAG
787	DD 0
788	DD PATM_VMFLAGS
789	DD 0
790	DD PATM_VM_FORCEDACTIONS
791	DD 0
792	DD PATM_TEMP_EAX
793	DD 0
794	DD PATM_TEMP_ECX
795	DD 0
796	DD PATM_TEMP_EDI
797	DD 0
798	DD PATM_TEMP_RESTORE_FLAGS
799	DD 0
800	DD PATM_PENDINGACTION
801	DD 0
802	DD PATM_NEXTINSTRADDR
803	DD 0
804	DD PATM_INTERRUPTFLAG
805	DD 0
806	DD 0ffffffffh
807
808	; no need to check the IF flag when popf isn't an exit point of a patch (e.g. function duplication)
809	BEGINPROC PATMPopf32Replacement_NoExit
810	PATMPopf32_NoExitStart:
811	mov dword [ss:PATM_INTERRUPTFLAG], 0
812	%ifdef PATM_LOG_PATCHINSTR
813	push eax
814	push ecx
815	mov eax, PATM_ACTION_LOG_POPF_IF1
816	test dword [esp+8], X86_EFL_IF
817	jnz PATMPopf32_NoExitLog
818	mov eax, PATM_ACTION_LOG_POPF_IF0
819
820	PATMPopf32_NoExitLog:
821	lock or dword [ss:PATM_PENDINGACTION], eax
822	mov ecx, PATM_ACTION_MAGIC
823	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
824	pop ecx
825	pop eax
826	%endif
827	test dword [esp], X86_EFL_IF
828	jz PATMPopf32_NoExit_Continue
829
830	; if interrupts are pending, then we must go back to the host context to handle them!
831	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
832	jz PATMPopf32_NoExit_Continue
833
834	; Go to our hypervisor trap handler to dispatch the pending irq
835	mov dword [ss:PATM_TEMP_EAX], eax
836	mov dword [ss:PATM_TEMP_ECX], ecx
837	mov dword [ss:PATM_TEMP_EDI], edi
838	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
839	mov eax, PATM_ACTION_DISPATCH_PENDING_IRQ
840	lock or dword [ss:PATM_PENDINGACTION], eax
841	mov ecx, PATM_ACTION_MAGIC
842	mov edi, PATM_NEXTINSTRADDR
843
844	pop dword [ss:PATM_VMFLAGS] ; restore flags now (the or instruction changes the flags as well)
845	push dword [ss:PATM_VMFLAGS]
846	popfd
847
848	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
849	; does not return
850
851	PATMPopf32_NoExit_Continue:
852	pop dword [ss:PATM_VMFLAGS]
853	push dword [ss:PATM_VMFLAGS]
854	popfd
855	mov dword [ss:PATM_INTERRUPTFLAG], 1
856	PATMPopf32_NoExitEnd:
857	ENDPROC PATMPopf32Replacement_NoExit
858
859
860	; Patch record for 'popfd'
861	GLOBALNAME PATMPopf32Record_NoExit
862	RTCCPTR_DEF PATMPopf32_NoExitStart
863	DD 0
864	DD 0
865	DD 0
866	DD PATMPopf32_NoExitEnd - PATMPopf32_NoExitStart
867	%ifdef PATM_LOG_PATCHINSTR
868	DD 14
869	%else
870	DD 13
871	%endif
872	DD PATM_INTERRUPTFLAG
873	DD 0
874	%ifdef PATM_LOG_PATCHINSTR
875	DD PATM_PENDINGACTION
876	DD 0
877	%endif
878	DD PATM_VM_FORCEDACTIONS
879	DD 0
880	DD PATM_TEMP_EAX
881	DD 0
882	DD PATM_TEMP_ECX
883	DD 0
884	DD PATM_TEMP_EDI
885	DD 0
886	DD PATM_TEMP_RESTORE_FLAGS
887	DD 0
888	DD PATM_PENDINGACTION
889	DD 0
890	DD PATM_NEXTINSTRADDR
891	DD 0
892	DD PATM_VMFLAGS
893	DD 0
894	DD PATM_VMFLAGS
895	DD 0
896	DD PATM_VMFLAGS
897	DD 0
898	DD PATM_VMFLAGS
899	DD 0
900	DD PATM_INTERRUPTFLAG
901	DD 0
902	DD 0ffffffffh
903
904
905	;
906	; 16 bits Popf replacement that faults when IF remains 0
907	;
908	BEGINPROC PATMPopf16Replacement
909	PATMPopf16Start:
910	mov dword [ss:PATM_INTERRUPTFLAG], 0
911	test word [esp], X86_EFL_IF
912	jnz PATMPopf16_Ok
913	mov dword [ss:PATM_INTERRUPTFLAG], 1
914	PATM_INT3
915
916	PATMPopf16_Ok:
917	; if interrupts are pending, then we must go back to the host context to handle them!
918	; @note we destroy the flags here, but that should really not matter (PATM_INT3 case)
919	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
920	jz PATMPopf16_Continue
921	mov dword [ss:PATM_INTERRUPTFLAG], 1
922	PATM_INT3
923
924	PATMPopf16_Continue:
925
926	pop word [ss:PATM_VMFLAGS]
927	push word [ss:PATM_VMFLAGS]
928	and dword [ss:PATM_VMFLAGS], PATM_VIRTUAL_FLAGS_MASK
929	or dword [ss:PATM_VMFLAGS], PATM_VIRTUAL_FLAGS_MASK
930
931	DB 0x66 ; size override
932	popf ;after the and and or operations!! (flags must be preserved)
933	mov dword [ss:PATM_INTERRUPTFLAG], 1
934
935	DB 0xE9
936	PATMPopf16Jump:
937	DD PATM_JUMPDELTA
938	PATMPopf16End:
939	ENDPROC PATMPopf16Replacement
940
941
942	; Patch record for 'popf'
943	GLOBALNAME PATMPopf16Record
944	RTCCPTR_DEF PATMPopf16Start
945	DD PATMPopf16Jump - PATMPopf16Start
946	DD 0
947	DD 0
948	DD PATMPopf16End - PATMPopf16Start
949	DD 9
950	DD PATM_INTERRUPTFLAG
951	DD 0
952	DD PATM_INTERRUPTFLAG
953	DD 0
954	DD PATM_VM_FORCEDACTIONS
955	DD 0
956	DD PATM_INTERRUPTFLAG
957	DD 0
958	DD PATM_VMFLAGS
959	DD 0
960	DD PATM_VMFLAGS
961	DD 0
962	DD PATM_VMFLAGS
963	DD 0
964	DD PATM_VMFLAGS
965	DD 0
966	DD PATM_INTERRUPTFLAG
967	DD 0
968	DD 0ffffffffh
969
970	;
971	; 16 bits Popf replacement that faults when IF remains 0
972	; @todo not necessary to fault in that case (see 32 bits version)
973	BEGINPROC PATMPopf16Replacement_NoExit
974	PATMPopf16Start_NoExit:
975	mov dword [ss:PATM_INTERRUPTFLAG], 0
976	test word [esp], X86_EFL_IF
977	jnz PATMPopf16_Ok_NoExit
978	mov dword [ss:PATM_INTERRUPTFLAG], 1
979	PATM_INT3
980
981	PATMPopf16_Ok_NoExit:
982	; if interrupts are pending, then we must go back to the host context to handle them!
983	; @note we destroy the flags here, but that should really not matter (PATM_INT3 case)
984	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
985	jz PATMPopf16_Continue_NoExit
986	mov dword [ss:PATM_INTERRUPTFLAG], 1
987	PATM_INT3
988
989	PATMPopf16_Continue_NoExit:
990
991	pop word [ss:PATM_VMFLAGS]
992	push word [ss:PATM_VMFLAGS]
993	and dword [ss:PATM_VMFLAGS], PATM_VIRTUAL_FLAGS_MASK
994	or dword [ss:PATM_VMFLAGS], PATM_VIRTUAL_FLAGS_MASK
995
996	DB 0x66 ; size override
997	popf ;after the and and or operations!! (flags must be preserved)
998	mov dword [ss:PATM_INTERRUPTFLAG], 1
999	PATMPopf16End_NoExit:
1000	ENDPROC PATMPopf16Replacement_NoExit
1001
1002
1003	; Patch record for 'popf'
1004	GLOBALNAME PATMPopf16Record_NoExit
1005	RTCCPTR_DEF PATMPopf16Start_NoExit
1006	DD 0
1007	DD 0
1008	DD 0
1009	DD PATMPopf16End_NoExit - PATMPopf16Start_NoExit
1010	DD 9
1011	DD PATM_INTERRUPTFLAG
1012	DD 0
1013	DD PATM_INTERRUPTFLAG
1014	DD 0
1015	DD PATM_VM_FORCEDACTIONS
1016	DD 0
1017	DD PATM_INTERRUPTFLAG
1018	DD 0
1019	DD PATM_VMFLAGS
1020	DD 0
1021	DD PATM_VMFLAGS
1022	DD 0
1023	DD PATM_VMFLAGS
1024	DD 0
1025	DD PATM_VMFLAGS
1026	DD 0
1027	DD PATM_INTERRUPTFLAG
1028	DD 0
1029	DD 0ffffffffh
1030
1031
1032	BEGINPROC PATMPushf32Replacement
1033	PATMPushf32Start:
1034	mov dword [ss:PATM_INTERRUPTFLAG], 0
1035	pushfd
1036	%ifdef PATM_LOG_PATCHINSTR
1037	push eax
1038	push ecx
1039	mov eax, PATM_ACTION_LOG_PUSHF
1040	lock or dword [ss:PATM_PENDINGACTION], eax
1041	mov ecx, PATM_ACTION_MAGIC
1042	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1043	pop ecx
1044	pop eax
1045	%endif
1046
1047	pushfd
1048	push eax
1049	mov eax, dword [esp+8]
1050	and eax, PATM_FLAGS_MASK
1051	or eax, dword [ss:PATM_VMFLAGS]
1052	mov dword [esp+8], eax
1053	pop eax
1054	popfd
1055	mov dword [ss:PATM_INTERRUPTFLAG], 1
1056	PATMPushf32End:
1057	ENDPROC PATMPushf32Replacement
1058
1059
1060	; Patch record for 'pushfd'
1061	GLOBALNAME PATMPushf32Record
1062	RTCCPTR_DEF PATMPushf32Start
1063	DD 0
1064	DD 0
1065	DD 0
1066	DD PATMPushf32End - PATMPushf32Start
1067	%ifdef PATM_LOG_PATCHINSTR
1068	DD 4
1069	%else
1070	DD 3
1071	%endif
1072	DD PATM_INTERRUPTFLAG
1073	DD 0
1074	%ifdef PATM_LOG_PATCHINSTR
1075	DD PATM_PENDINGACTION
1076	DD 0
1077	%endif
1078	DD PATM_VMFLAGS
1079	DD 0
1080	DD PATM_INTERRUPTFLAG
1081	DD 0
1082	DD 0ffffffffh
1083
1084
1085	BEGINPROC PATMPushf16Replacement
1086	PATMPushf16Start:
1087	mov dword [ss:PATM_INTERRUPTFLAG], 0
1088	DB 0x66 ; size override
1089	pushf
1090	DB 0x66 ; size override
1091	pushf
1092	push eax
1093	xor eax, eax
1094	mov ax, word [esp+6]
1095	and eax, PATM_FLAGS_MASK
1096	or eax, dword [ss:PATM_VMFLAGS]
1097	mov word [esp+6], ax
1098	pop eax
1099
1100	DB 0x66 ; size override
1101	popf
1102	mov dword [ss:PATM_INTERRUPTFLAG], 1
1103	PATMPushf16End:
1104	ENDPROC PATMPushf16Replacement
1105
1106
1107	; Patch record for 'pushf'
1108	GLOBALNAME PATMPushf16Record
1109	RTCCPTR_DEF PATMPushf16Start
1110	DD 0
1111	DD 0
1112	DD 0
1113	DD PATMPushf16End - PATMPushf16Start
1114	DD 3
1115	DD PATM_INTERRUPTFLAG
1116	DD 0
1117	DD PATM_VMFLAGS
1118	DD 0
1119	DD PATM_INTERRUPTFLAG
1120	DD 0
1121	DD 0ffffffffh
1122
1123
1124	BEGINPROC PATMPushCSReplacement
1125	PATMPushCSStart:
1126	mov dword [ss:PATM_INTERRUPTFLAG], 0
1127	push cs
1128	pushfd
1129
1130	test dword [esp+4], 2
1131	jnz pushcs_notring1
1132
1133	; change dpl from 1 to 0
1134	and dword [esp+4], dword ~1 ; yasm / nasm dword
1135
1136	pushcs_notring1:
1137	popfd
1138
1139	mov dword [ss:PATM_INTERRUPTFLAG], 1
1140	DB 0xE9
1141	PATMPushCSJump:
1142	DD PATM_JUMPDELTA
1143	PATMPushCSEnd:
1144	ENDPROC PATMPushCSReplacement
1145
1146
1147	; Patch record for 'push cs'
1148	GLOBALNAME PATMPushCSRecord
1149	RTCCPTR_DEF PATMPushCSStart
1150	DD PATMPushCSJump - PATMPushCSStart
1151	DD 0
1152	DD 0
1153	DD PATMPushCSEnd - PATMPushCSStart
1154	DD 2
1155	DD PATM_INTERRUPTFLAG
1156	DD 0
1157	DD PATM_INTERRUPTFLAG
1158	DD 0
1159	DD 0ffffffffh
1160
1161	;;****************************************************
1162	;; Abstract:
1163	;;
1164	;; if eflags.NT==0 && iretstack.eflags.VM==0 && iretstack.eflags.IOPL==0
1165	;; then
1166	;; if return to ring 0 (iretstack.new_cs & 3 == 0)
1167	;; then
1168	;; if iretstack.new_eflags.IF == 1 && iretstack.new_eflags.IOPL == 0
1169	;; then
1170	;; iretstack.new_cs \|= 1
1171	;; else
1172	;; int 3
1173	;; endif
1174	;; uVMFlags &= ~X86_EFL_IF
1175	;; iret
1176	;; else
1177	;; int 3
1178	;;****************************************************
1179	;;
1180	; Stack:
1181	;
1182	; esp + 32 - GS (V86 only)
1183	; esp + 28 - FS (V86 only)
1184	; esp + 24 - DS (V86 only)
1185	; esp + 20 - ES (V86 only)
1186	; esp + 16 - SS (if transfer to outer ring)
1187	; esp + 12 - ESP (if transfer to outer ring)
1188	; esp + 8 - EFLAGS
1189	; esp + 4 - CS
1190	; esp - EIP
1191	;;
1192	BEGINPROC PATMIretReplacement
1193	PATMIretStart:
1194	mov dword [ss:PATM_INTERRUPTFLAG], 0
1195	pushfd
1196
1197	%ifdef PATM_LOG_PATCHIRET
1198	push eax
1199	push ecx
1200	push edx
1201	lea edx, dword [ss:esp+12+4] ;3 dwords + pushed flags -> iret eip
1202	mov eax, PATM_ACTION_LOG_IRET
1203	lock or dword [ss:PATM_PENDINGACTION], eax
1204	mov ecx, PATM_ACTION_MAGIC
1205	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1206	pop edx
1207	pop ecx
1208	pop eax
1209	%endif
1210
1211	test dword [esp], X86_EFL_NT
1212	jnz near iret_fault1
1213
1214	; we can't do an iret to v86 code, as we run with CPL=1. The iret would attempt a protected mode iret and (most likely) fault.
1215	test dword [esp+12], X86_EFL_VM
1216	jnz near iret_return_to_v86
1217
1218	;;!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1219	;;@todo: not correct for iret back to ring 2!!!!!
1220	;;!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1221
1222	test dword [esp+8], 2
1223	jnz iret_notring0
1224
1225	test dword [esp+12], X86_EFL_IF
1226	jz near iret_clearIF
1227
1228	; force ring 1 CS RPL
1229	or dword [esp+8], 1
1230	iret_notring0:
1231
1232	; if interrupts are pending, then we must go back to the host context to handle them!
1233	; Note: This is very important as pending pic interrupts can be overriden by apic interrupts if we don't check early enough (Fedora 5 boot)
1234	; @@todo fix this properly, so we can dispatch pending interrupts in GC
1235	test dword [ss:PATM_VM_FORCEDACTIONS], VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC
1236	jz iret_continue
1237
1238	; Go to our hypervisor trap handler to dispatch the pending irq
1239	mov dword [ss:PATM_TEMP_EAX], eax
1240	mov dword [ss:PATM_TEMP_ECX], ecx
1241	mov dword [ss:PATM_TEMP_EDI], edi
1242	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX \| PATM_RESTORE_EDI
1243	mov eax, PATM_ACTION_PENDING_IRQ_AFTER_IRET
1244	lock or dword [ss:PATM_PENDINGACTION], eax
1245	mov ecx, PATM_ACTION_MAGIC
1246	mov edi, PATM_CURINSTRADDR
1247
1248	popfd
1249	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1250	; does not return
1251
1252	iret_continue :
1253	; This section must always be executed (!!)
1254	; Extract the IOPL from the return flags, save them to our virtual flags and
1255	; put them back to zero
1256	; @note we assume iretd doesn't fault!!!
1257	push eax
1258	mov eax, dword [esp+16]
1259	and eax, X86_EFL_IOPL
1260	and dword [ss:PATM_VMFLAGS], ~X86_EFL_IOPL
1261	or dword [ss:PATM_VMFLAGS], eax
1262	pop eax
1263	and dword [esp+12], ~X86_EFL_IOPL
1264
1265	; Set IF again; below we make sure this won't cause problems.
1266	or dword [ss:PATM_VMFLAGS], X86_EFL_IF
1267
1268	; make sure iret is executed fully (including the iret below; cli ... iret can otherwise be interrupted)
1269	mov dword [ss:PATM_INHIBITIRQADDR], PATM_CURINSTRADDR
1270
1271	popfd
1272	mov dword [ss:PATM_INTERRUPTFLAG], 1
1273	iretd
1274	PATM_INT3
1275
1276	iret_fault:
1277	popfd
1278	mov dword [ss:PATM_INTERRUPTFLAG], 1
1279	PATM_INT3
1280
1281	iret_fault1:
1282	nop
1283	popfd
1284	mov dword [ss:PATM_INTERRUPTFLAG], 1
1285	PATM_INT3
1286
1287	iret_clearIF:
1288	push dword [esp+4] ; eip to return to
1289	pushfd
1290	push eax
1291	push PATM_FIXUP
1292	DB 0E8h ; call
1293	DD PATM_IRET_FUNCTION
1294	add esp, 4 ; pushed address of jump table
1295
1296	cmp eax, 0
1297	je near iret_fault3
1298
1299	mov dword [esp+12+4], eax ; stored eip in iret frame
1300	pop eax
1301	popfd
1302	add esp, 4 ; pushed eip
1303
1304	; always ring 0 return -> change to ring 1 (CS in iret frame)
1305	or dword [esp+8], 1
1306
1307	; This section must always be executed (!!)
1308	; Extract the IOPL from the return flags, save them to our virtual flags and
1309	; put them back to zero
1310	push eax
1311	mov eax, dword [esp+16]
1312	and eax, X86_EFL_IOPL
1313	and dword [ss:PATM_VMFLAGS], ~X86_EFL_IOPL
1314	or dword [ss:PATM_VMFLAGS], eax
1315	pop eax
1316	and dword [esp+12], ~X86_EFL_IOPL
1317
1318	; Clear IF
1319	and dword [ss:PATM_VMFLAGS], ~X86_EFL_IF
1320	popfd
1321
1322	; the patched destination code will set PATM_INTERRUPTFLAG after the return!
1323	iretd
1324
1325	iret_return_to_v86:
1326	test dword [esp+12], X86_EFL_IF
1327	jz iret_fault
1328
1329	; Go to our hypervisor trap handler to perform the iret to v86 code
1330	mov dword [ss:PATM_TEMP_EAX], eax
1331	mov dword [ss:PATM_TEMP_ECX], ecx
1332	mov dword [ss:PATM_TEMP_RESTORE_FLAGS], PATM_RESTORE_EAX \| PATM_RESTORE_ECX
1333	mov eax, PATM_ACTION_DO_V86_IRET
1334	lock or dword [ss:PATM_PENDINGACTION], eax
1335	mov ecx, PATM_ACTION_MAGIC
1336
1337	popfd
1338
1339	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1340	; does not return
1341
1342
1343	iret_fault3:
1344	pop eax
1345	popfd
1346	add esp, 4 ; pushed eip
1347	jmp iret_fault
1348
1349	align 4
1350	PATMIretTable:
1351	DW PATM_MAX_JUMPTABLE_ENTRIES ; nrSlots
1352	DW 0 ; ulInsertPos
1353	DD 0 ; cAddresses
1354	TIMES PATCHJUMPTABLE_SIZE DB 0 ; lookup slots
1355
1356	PATMIretEnd:
1357	ENDPROC PATMIretReplacement
1358
1359	; Patch record for 'iretd'
1360	GLOBALNAME PATMIretRecord
1361	RTCCPTR_DEF PATMIretStart
1362	DD 0
1363	DD 0
1364	DD 0
1365	DD PATMIretEnd- PATMIretStart
1366	%ifdef PATM_LOG_PATCHIRET
1367	DD 26
1368	%else
1369	DD 25
1370	%endif
1371	DD PATM_INTERRUPTFLAG
1372	DD 0
1373	%ifdef PATM_LOG_PATCHIRET
1374	DD PATM_PENDINGACTION
1375	DD 0
1376	%endif
1377	DD PATM_VM_FORCEDACTIONS
1378	DD 0
1379	DD PATM_TEMP_EAX
1380	DD 0
1381	DD PATM_TEMP_ECX
1382	DD 0
1383	DD PATM_TEMP_EDI
1384	DD 0
1385	DD PATM_TEMP_RESTORE_FLAGS
1386	DD 0
1387	DD PATM_PENDINGACTION
1388	DD 0
1389	DD PATM_CURINSTRADDR
1390	DD 0
1391	DD PATM_VMFLAGS
1392	DD 0
1393	DD PATM_VMFLAGS
1394	DD 0
1395	DD PATM_VMFLAGS
1396	DD 0
1397	DD PATM_INHIBITIRQADDR
1398	DD 0
1399	DD PATM_CURINSTRADDR
1400	DD 0
1401	DD PATM_INTERRUPTFLAG
1402	DD 0
1403	DD PATM_INTERRUPTFLAG
1404	DD 0
1405	DD PATM_INTERRUPTFLAG
1406	DD 0
1407	DD PATM_FIXUP
1408	DD PATMIretTable - PATMIretStart
1409	DD PATM_IRET_FUNCTION
1410	DD 0
1411	DD PATM_VMFLAGS
1412	DD 0
1413	DD PATM_VMFLAGS
1414	DD 0
1415	DD PATM_VMFLAGS
1416	DD 0
1417	DD PATM_TEMP_EAX
1418	DD 0
1419	DD PATM_TEMP_ECX
1420	DD 0
1421	DD PATM_TEMP_RESTORE_FLAGS
1422	DD 0
1423	DD PATM_PENDINGACTION
1424	DD 0
1425	DD 0ffffffffh
1426
1427
1428	;
1429	; global function for implementing 'iret' to code with IF cleared
1430	;
1431	; Caller is responsible for right stack layout
1432	; + 16 original return address
1433	; + 12 eflags
1434	; + 8 eax
1435	; + 4 Jump table address
1436	;( + 0 return address )
1437	;
1438	; @note assumes PATM_INTERRUPTFLAG is zero
1439	; @note assumes it can trash eax and eflags
1440	;
1441	; @returns eax=0 on failure
1442	; otherwise return address in eax
1443	;
1444	; @note NEVER change this without bumping the SSM version
1445	align 32
1446	BEGINPROC PATMIretFunction
1447	PATMIretFunction_Start:
1448	push ecx
1449	push edx
1450	push edi
1451
1452	; Event order:
1453	; 1) Check if the return patch address can be found in the lookup table
1454	; 2) Query return patch address from the hypervisor
1455
1456	; 1) Check if the return patch address can be found in the lookup table
1457	mov edx, dword [esp+12+16] ; pushed target address
1458
1459	xor eax, eax ; default result -> nothing found
1460	mov edi, dword [esp+12+4] ; jump table
1461	mov ecx, [ss:edi + PATCHJUMPTABLE.cAddresses]
1462	cmp ecx, 0
1463	je near PATMIretFunction_AskHypervisor
1464
1465	PATMIretFunction_SearchStart:
1466	cmp [ss:edi + PATCHJUMPTABLE.Slot_pInstrGC + eax*8], edx ; edx = GC address to search for
1467	je near PATMIretFunction_SearchHit
1468	inc eax
1469	cmp eax, ecx
1470	jl near PATMIretFunction_SearchStart
1471
1472	PATMIretFunction_AskHypervisor:
1473	; 2) Query return patch address from the hypervisor
1474	; @todo private ugly interface, since we have nothing generic at the moment
1475	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOOKUP_ADDRESS
1476	mov eax, PATM_ACTION_LOOKUP_ADDRESS
1477	mov ecx, PATM_ACTION_MAGIC
1478	mov edi, dword [esp+12+4] ; jump table address
1479	mov edx, dword [esp+12+16] ; original return address
1480	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1481	jmp near PATMIretFunction_SearchEnd
1482
1483	PATMIretFunction_SearchHit:
1484	mov eax, [ss:edi + PATCHJUMPTABLE.Slot_pRelPatchGC + eax*8] ; found a match!
1485	;@note can be zero, so the next check is required!!
1486
1487	PATMIretFunction_SearchEnd:
1488	cmp eax, 0
1489	jz PATMIretFunction_Failure
1490
1491	add eax, PATM_PATCHBASE
1492
1493	pop edi
1494	pop edx
1495	pop ecx
1496	ret
1497
1498	PATMIretFunction_Failure:
1499	;signal error
1500	xor eax, eax
1501	pop edi
1502	pop edx
1503	pop ecx
1504	ret
1505
1506	PATMIretFunction_End:
1507	ENDPROC PATMIretFunction
1508
1509	GLOBALNAME PATMIretFunctionRecord
1510	RTCCPTR_DEF PATMIretFunction_Start
1511	DD 0
1512	DD 0
1513	DD 0
1514	DD PATMIretFunction_End - PATMIretFunction_Start
1515	DD 2
1516	DD PATM_PENDINGACTION
1517	DD 0
1518	DD PATM_PATCHBASE
1519	DD 0
1520	DD 0ffffffffh
1521
1522
1523	align 32 ; yasm / nasm diff - remove me!
1524	BEGINPROC PATMCpuidReplacement
1525	PATMCpuidStart:
1526	mov dword [ss:PATM_INTERRUPTFLAG], 0
1527	pushf
1528
1529	cmp eax, PATM_CPUID_STD_MAX
1530	jb cpuid_std
1531	cmp eax, 0x80000000
1532	jb cpuid_def
1533	cmp eax, PATM_CPUID_EXT_MAX
1534	jb cpuid_ext
1535	cmp eax, 0xc0000000
1536	jb cpuid_def
1537	cmp eax, PATM_CPUID_CENTAUR_MAX
1538	jb cpuid_centaur
1539
1540	cpuid_def:
1541	mov eax, PATM_CPUID_DEF_PTR
1542	jmp cpuid_fetch
1543
1544	cpuid_std:
1545	mov edx, PATM_CPUID_STD_PTR
1546	jmp cpuid_calc
1547
1548	cpuid_ext:
1549	and eax, 0ffh ; strictly speaking not necessary.
1550	mov edx, PATM_CPUID_EXT_PTR
1551	jmp cpuid_calc
1552
1553	cpuid_centaur:
1554	and eax, 0ffh ; strictly speaking not necessary.
1555	mov edx, PATM_CPUID_CENTAUR_PTR
1556
1557	cpuid_calc:
1558	lea eax, [ss:eax * 4] ; 4 entries...
1559	lea eax, [ss:eax * 4] ; 4 bytes each
1560	add eax, edx
1561
1562	cpuid_fetch:
1563	mov edx, [ss:eax + 12] ; CPUMCPUID layout assumptions!
1564	mov ecx, [ss:eax + 8]
1565	mov ebx, [ss:eax + 4]
1566	mov eax, [ss:eax]
1567
1568	popf
1569	mov dword [ss:PATM_INTERRUPTFLAG], 1
1570
1571	PATMCpuidEnd:
1572	ENDPROC PATMCpuidReplacement
1573
1574	; Patch record for 'cpuid'
1575	GLOBALNAME PATMCpuidRecord
1576	RTCCPTR_DEF PATMCpuidStart
1577	DD 0
1578	DD 0
1579	DD 0
1580	DD PATMCpuidEnd- PATMCpuidStart
1581	DD 9
1582	DD PATM_INTERRUPTFLAG
1583	DD 0
1584	DD PATM_CPUID_STD_MAX
1585	DD 0
1586	DD PATM_CPUID_EXT_MAX
1587	DD 0
1588	DD PATM_CPUID_CENTAUR_MAX
1589	DD 0
1590	DD PATM_CPUID_DEF_PTR
1591	DD 0
1592	DD PATM_CPUID_STD_PTR
1593	DD 0
1594	DD PATM_CPUID_EXT_PTR
1595	DD 0
1596	DD PATM_CPUID_CENTAUR_PTR
1597	DD 0
1598	DD PATM_INTERRUPTFLAG
1599	DD 0
1600	DD 0ffffffffh
1601
1602
1603	BEGINPROC PATMJEcxReplacement
1604	PATMJEcxStart:
1605	mov dword [ss:PATM_INTERRUPTFLAG], 0
1606	pushfd
1607	PATMJEcxSizeOverride:
1608	DB 0x90 ; nop
1609	cmp ecx, dword 0 ; yasm / nasm dword
1610	jnz PATMJEcxContinue
1611
1612	popfd
1613	mov dword [ss:PATM_INTERRUPTFLAG], 1
1614	DB 0xE9
1615	PATMJEcxJump:
1616	DD PATM_JUMPDELTA
1617
1618	PATMJEcxContinue:
1619	popfd
1620	mov dword [ss:PATM_INTERRUPTFLAG], 1
1621	PATMJEcxEnd:
1622	ENDPROC PATMJEcxReplacement
1623
1624	; Patch record for 'JEcx'
1625	GLOBALNAME PATMJEcxRecord
1626	RTCCPTR_DEF PATMJEcxStart
1627	DD 0
1628	DD PATMJEcxJump - PATMJEcxStart
1629	DD PATMJEcxSizeOverride - PATMJEcxStart
1630	DD PATMJEcxEnd- PATMJEcxStart
1631	DD 3
1632	DD PATM_INTERRUPTFLAG
1633	DD 0
1634	DD PATM_INTERRUPTFLAG
1635	DD 0
1636	DD PATM_INTERRUPTFLAG
1637	DD 0
1638	DD 0ffffffffh
1639
1640	align 32; yasm / nasm diffing. remove me!
1641	BEGINPROC PATMLoopReplacement
1642	PATMLoopStart:
1643	mov dword [ss:PATM_INTERRUPTFLAG], 0
1644	pushfd
1645	PATMLoopSizeOverride:
1646	DB 0x90 ; nop
1647	dec ecx
1648	jz PATMLoopContinue
1649
1650	popfd
1651	mov dword [ss:PATM_INTERRUPTFLAG], 1
1652	DB 0xE9
1653	PATMLoopJump:
1654	DD PATM_JUMPDELTA
1655
1656	PATMLoopContinue:
1657	popfd
1658	mov dword [ss:PATM_INTERRUPTFLAG], 1
1659	PATMLoopEnd:
1660	ENDPROC PATMLoopReplacement
1661
1662	; Patch record for 'Loop'
1663	GLOBALNAME PATMLoopRecord
1664	RTCCPTR_DEF PATMLoopStart
1665	DD 0
1666	DD PATMLoopJump - PATMLoopStart
1667	DD PATMLoopSizeOverride - PATMLoopStart
1668	DD PATMLoopEnd- PATMLoopStart
1669	DD 3
1670	DD PATM_INTERRUPTFLAG
1671	DD 0
1672	DD PATM_INTERRUPTFLAG
1673	DD 0
1674	DD PATM_INTERRUPTFLAG
1675	DD 0
1676	DD 0ffffffffh
1677
1678	BEGINPROC PATMLoopZReplacement
1679	PATMLoopZStart:
1680	; jump if ZF=1 AND (E)CX != 0
1681
1682	mov dword [ss:PATM_INTERRUPTFLAG], 0
1683	jnz PATMLoopZEnd
1684	pushfd
1685	PATMLoopZSizeOverride:
1686	DB 0x90 ; nop
1687	dec ecx
1688	jz PATMLoopZContinue
1689
1690	popfd
1691	mov dword [ss:PATM_INTERRUPTFLAG], 1
1692	DB 0xE9
1693	PATMLoopZJump:
1694	DD PATM_JUMPDELTA
1695
1696	PATMLoopZContinue:
1697	popfd
1698	mov dword [ss:PATM_INTERRUPTFLAG], 1
1699	PATMLoopZEnd:
1700	ENDPROC PATMLoopZReplacement
1701
1702	; Patch record for 'Loopz'
1703	GLOBALNAME PATMLoopZRecord
1704	RTCCPTR_DEF PATMLoopZStart
1705	DD 0
1706	DD PATMLoopZJump - PATMLoopZStart
1707	DD PATMLoopZSizeOverride - PATMLoopZStart
1708	DD PATMLoopZEnd- PATMLoopZStart
1709	DD 3
1710	DD PATM_INTERRUPTFLAG
1711	DD 0
1712	DD PATM_INTERRUPTFLAG
1713	DD 0
1714	DD PATM_INTERRUPTFLAG
1715	DD 0
1716	DD 0ffffffffh
1717
1718
1719	BEGINPROC PATMLoopNZReplacement
1720	PATMLoopNZStart:
1721	; jump if ZF=0 AND (E)CX != 0
1722
1723	mov dword [ss:PATM_INTERRUPTFLAG], 0
1724	jz PATMLoopNZEnd
1725	pushfd
1726	PATMLoopNZSizeOverride:
1727	DB 0x90 ; nop
1728	dec ecx
1729	jz PATMLoopNZContinue
1730
1731	popfd
1732	mov dword [ss:PATM_INTERRUPTFLAG], 1
1733	DB 0xE9
1734	PATMLoopNZJump:
1735	DD PATM_JUMPDELTA
1736
1737	PATMLoopNZContinue:
1738	popfd
1739	mov dword [ss:PATM_INTERRUPTFLAG], 1
1740	PATMLoopNZEnd:
1741	ENDPROC PATMLoopNZReplacement
1742
1743	; Patch record for 'LoopNZ'
1744	GLOBALNAME PATMLoopNZRecord
1745	RTCCPTR_DEF PATMLoopNZStart
1746	DD 0
1747	DD PATMLoopNZJump - PATMLoopNZStart
1748	DD PATMLoopNZSizeOverride - PATMLoopNZStart
1749	DD PATMLoopNZEnd- PATMLoopNZStart
1750	DD 3
1751	DD PATM_INTERRUPTFLAG
1752	DD 0
1753	DD PATM_INTERRUPTFLAG
1754	DD 0
1755	DD PATM_INTERRUPTFLAG
1756	DD 0
1757	DD 0ffffffffh
1758
1759	align 32
1760	; Global patch function for indirect calls
1761	; Caller is responsible for clearing PATM_INTERRUPTFLAG and doing:
1762	; + 20 push [pTargetGC]
1763	; + 16 pushfd
1764	; + 12 push [JumpTableAddress]
1765	; + 8 push [PATMRelReturnAddress]
1766	; + 4 push [GuestReturnAddress]
1767	;( + 0 return address )
1768	;
1769	; @note NEVER change this without bumping the SSM version
1770	BEGINPROC PATMLookupAndCall
1771	PATMLookupAndCallStart:
1772	push eax
1773	push edx
1774	push edi
1775	push ecx
1776
1777	mov eax, dword [esp+16+4] ; guest return address
1778	mov dword [ss:PATM_CALL_RETURN_ADDR], eax ; temporary storage
1779
1780	mov edx, dword [esp+16+20] ; pushed target address
1781
1782	xor eax, eax ; default result -> nothing found
1783	mov edi, dword [esp+16+12] ; jump table
1784	mov ecx, [ss:edi + PATCHJUMPTABLE.cAddresses]
1785	cmp ecx, 0
1786	je near PATMLookupAndCall_QueryPATM
1787
1788	PATMLookupAndCall_SearchStart:
1789	cmp [ss:edi + PATCHJUMPTABLE.Slot_pInstrGC + eax*8], edx ; edx = GC address to search for
1790	je near PATMLookupAndCall_SearchHit
1791	inc eax
1792	cmp eax, ecx
1793	jl near PATMLookupAndCall_SearchStart
1794
1795	PATMLookupAndCall_QueryPATM:
1796	; nothing found -> let our trap handler try to find it
1797	; @todo private ugly interface, since we have nothing generic at the moment
1798	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOOKUP_ADDRESS
1799	mov eax, PATM_ACTION_LOOKUP_ADDRESS
1800	mov ecx, PATM_ACTION_MAGIC
1801	; edx = GC address to find
1802	; edi = jump table address
1803	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1804
1805	jmp near PATMLookupAndCall_SearchEnd
1806
1807	PATMLookupAndCall_Failure:
1808	; return to caller; it must raise an error, due to patch to guest address translation (remember that there's only one copy of this code block).
1809	pop ecx
1810	pop edi
1811	pop edx
1812	pop eax
1813	ret
1814
1815	PATMLookupAndCall_SearchHit:
1816	mov eax, [ss:edi + PATCHJUMPTABLE.Slot_pRelPatchGC + eax*8] ; found a match!
1817
1818	;@note can be zero, so the next check is required!!
1819
1820	PATMLookupAndCall_SearchEnd:
1821	cmp eax, 0
1822	je near PATMLookupAndCall_Failure
1823
1824	mov ecx, eax ; ECX = target address (relative!)
1825	add ecx, PATM_PATCHBASE ; Make it absolute
1826
1827	mov edx, dword PATM_STACKPTR
1828	cmp dword [ss:edx], PATM_STACK_SIZE
1829	ja near PATMLookupAndCall_Failure ; should never happen actually!!!
1830	cmp dword [ss:edx], 0
1831	je near PATMLookupAndCall_Failure ; no more room
1832
1833	; save the patch return address on our private stack
1834	sub dword [ss:edx], 4 ; sizeof(RTGCPTR)
1835	mov eax, dword PATM_STACKBASE
1836	add eax, dword [ss:edx] ; stack base + stack position
1837	mov edi, dword [esp+16+8] ; PATM return address
1838	mov dword [ss:eax], edi ; relative address of patch return (instruction following this block)
1839
1840	; save the original return address as well (checked by ret to make sure the guest hasn't messed around with the stack)
1841	mov edi, dword PATM_STACKBASE_GUEST
1842	add edi, dword [ss:edx] ; stack base (guest) + stack position
1843	mov eax, dword [esp+16+4] ; guest return address
1844	mov dword [ss:edi], eax
1845
1846	mov dword [ss:PATM_CALL_PATCH_TARGET_ADDR], ecx ; temporarily store the target address
1847	pop ecx
1848	pop edi
1849	pop edx
1850	pop eax
1851	add esp, 24 ; parameters + return address pushed by caller (changes the flags, but that shouldn't matter)
1852
1853	%ifdef PATM_LOG_PATCHINSTR
1854	push eax
1855	push ecx
1856	push edx
1857	lea edx, [esp + 12 - 4] ; stack address to store return address
1858	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOG_CALL
1859	mov eax, PATM_ACTION_LOG_CALL
1860	mov ecx, PATM_ACTION_MAGIC
1861	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1862	pop edx
1863	pop ecx
1864	pop eax
1865	%endif
1866
1867	push dword [ss:PATM_CALL_RETURN_ADDR] ; push original guest return address
1868
1869	; the called function will set PATM_INTERRUPTFLAG (!!)
1870	jmp dword [ss:PATM_CALL_PATCH_TARGET_ADDR]
1871
1872	PATMLookupAndCallEnd:
1873	; returning here -> do not add code here or after the jmp!!!!!
1874	ENDPROC PATMLookupAndCall
1875
1876	; Patch record for indirect calls and jumps
1877	GLOBALNAME PATMLookupAndCallRecord
1878	RTCCPTR_DEF PATMLookupAndCallStart
1879	DD 0
1880	DD 0
1881	DD 0
1882	DD PATMLookupAndCallEnd - PATMLookupAndCallStart
1883	%ifdef PATM_LOG_PATCHINSTR
1884	DD 10
1885	%else
1886	DD 9
1887	%endif
1888	DD PATM_CALL_RETURN_ADDR
1889	DD 0
1890	DD PATM_PENDINGACTION
1891	DD 0
1892	DD PATM_PATCHBASE
1893	DD 0
1894	DD PATM_STACKPTR
1895	DD 0
1896	DD PATM_STACKBASE
1897	DD 0
1898	DD PATM_STACKBASE_GUEST
1899	DD 0
1900	DD PATM_CALL_PATCH_TARGET_ADDR
1901	DD 0
1902	%ifdef PATM_LOG_PATCHINSTR
1903	DD PATM_PENDINGACTION
1904	DD 0
1905	%endif
1906	DD PATM_CALL_RETURN_ADDR
1907	DD 0
1908	DD PATM_CALL_PATCH_TARGET_ADDR
1909	DD 0
1910	DD 0ffffffffh
1911
1912
1913	align 32
1914	; Global patch function for indirect jumps
1915	; Caller is responsible for clearing PATM_INTERRUPTFLAG and doing:
1916	; + 8 push [pTargetGC]
1917	; + 4 push [JumpTableAddress]
1918	;( + 0 return address )
1919	; And saving eflags in PATM_TEMP_EFLAGS
1920	;
1921	; @note NEVER change this without bumping the SSM version
1922	BEGINPROC PATMLookupAndJump
1923	PATMLookupAndJumpStart:
1924	push eax
1925	push edx
1926	push edi
1927	push ecx
1928
1929	mov edx, dword [esp+16+8] ; pushed target address
1930
1931	xor eax, eax ; default result -> nothing found
1932	mov edi, dword [esp+16+4] ; jump table
1933	mov ecx, [ss:edi + PATCHJUMPTABLE.cAddresses]
1934	cmp ecx, 0
1935	je near PATMLookupAndJump_QueryPATM
1936
1937	PATMLookupAndJump_SearchStart:
1938	cmp [ss:edi + PATCHJUMPTABLE.Slot_pInstrGC + eax*8], edx ; edx = GC address to search for
1939	je near PATMLookupAndJump_SearchHit
1940	inc eax
1941	cmp eax, ecx
1942	jl near PATMLookupAndJump_SearchStart
1943
1944	PATMLookupAndJump_QueryPATM:
1945	; nothing found -> let our trap handler try to find it
1946	; @todo private ugly interface, since we have nothing generic at the moment
1947	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOOKUP_ADDRESS
1948	mov eax, PATM_ACTION_LOOKUP_ADDRESS
1949	mov ecx, PATM_ACTION_MAGIC
1950	; edx = GC address to find
1951	; edi = jump table address
1952	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
1953
1954	jmp near PATMLookupAndJump_SearchEnd
1955
1956	PATMLookupAndJump_Failure:
1957	; return to caller; it must raise an error, due to patch to guest address translation (remember that there's only one copy of this code block).
1958	pop ecx
1959	pop edi
1960	pop edx
1961	pop eax
1962	ret
1963
1964	PATMLookupAndJump_SearchHit:
1965	mov eax, [ss:edi + PATCHJUMPTABLE.Slot_pRelPatchGC + eax*8] ; found a match!
1966
1967	;@note can be zero, so the next check is required!!
1968
1969	PATMLookupAndJump_SearchEnd:
1970	cmp eax, 0
1971	je near PATMLookupAndJump_Failure
1972
1973	mov ecx, eax ; ECX = target address (relative!)
1974	add ecx, PATM_PATCHBASE ; Make it absolute
1975
1976	; save jump patch target
1977	mov dword [ss:PATM_TEMP_EAX], ecx
1978	pop ecx
1979	pop edi
1980	pop edx
1981	pop eax
1982	add esp, 12 ; parameters + return address pushed by caller
1983	; restore flags (just to be sure)
1984	push dword [ss:PATM_TEMP_EFLAGS]
1985	popfd
1986
1987	; the jump destination will set PATM_INTERRUPTFLAG (!!)
1988	jmp dword [ss:PATM_TEMP_EAX] ; call duplicated patch destination address
1989
1990	PATMLookupAndJumpEnd:
1991	ENDPROC PATMLookupAndJump
1992
1993	; Patch record for indirect calls and jumps
1994	GLOBALNAME PATMLookupAndJumpRecord
1995	RTCCPTR_DEF PATMLookupAndJumpStart
1996	DD 0
1997	DD 0
1998	DD 0
1999	DD PATMLookupAndJumpEnd - PATMLookupAndJumpStart
2000	DD 5
2001	DD PATM_PENDINGACTION
2002	DD 0
2003	DD PATM_PATCHBASE
2004	DD 0
2005	DD PATM_TEMP_EAX
2006	DD 0
2007	DD PATM_TEMP_EFLAGS
2008	DD 0
2009	DD PATM_TEMP_EAX
2010	DD 0
2011	DD 0ffffffffh
2012
2013
2014
2015
2016	align 32
2017	; Patch function for static calls
2018	; @note static calls have only one lookup slot!
2019	; Caller is responsible for clearing PATM_INTERRUPTFLAG and adding:
2020	; push [pTargetGC]
2021	;
2022	BEGINPROC PATMCall
2023	PATMCallStart:
2024	pushfd
2025	push PATM_FIXUP ; fixup for jump table below
2026	push PATM_PATCHNEXTBLOCK
2027	push PATM_RETURNADDR
2028	DB 0E8h ; call
2029	DD PATM_LOOKUP_AND_CALL_FUNCTION
2030	; we only return in case of a failure
2031	add esp, 12 ; pushed address of jump table
2032	popfd
2033	add esp, 4 ; pushed by caller (changes the flags, but that shouldn't matter (@todo))
2034	mov dword [ss:PATM_INTERRUPTFLAG], 1
2035	PATM_INT3
2036	%ifdef DEBUG
2037	; for disassembly
2038	jmp PATMCallEnd
2039	%endif
2040
2041	align 4
2042	PATMCallTable:
2043	DW 1 ; nrSlots
2044	DW 0 ; ulInsertPos
2045	DD 0 ; cAddresses
2046	TIMES PATCHDIRECTJUMPTABLE_SIZE DB 0 ; only one lookup slot
2047
2048	PATMCallEnd:
2049	; returning here -> do not add code here or after the jmp!!!!!
2050	ENDPROC PATMCall
2051
2052	; Patch record for direct calls
2053	GLOBALNAME PATMCallRecord
2054	RTCCPTR_DEF PATMCallStart
2055	DD 0
2056	DD 0
2057	DD 0
2058	DD PATMCallEnd - PATMCallStart
2059	DD 5
2060	DD PATM_FIXUP
2061	DD PATMCallTable - PATMCallStart
2062	DD PATM_PATCHNEXTBLOCK
2063	DD 0
2064	DD PATM_RETURNADDR
2065	DD 0
2066	DD PATM_LOOKUP_AND_CALL_FUNCTION
2067	DD 0
2068	DD PATM_INTERRUPTFLAG
2069	DD 0
2070	DD 0ffffffffh
2071
2072
2073	align 32
2074	; Patch function for indirect calls
2075	; Caller is responsible for clearing PATM_INTERRUPTFLAG and adding:
2076	; push [pTargetGC]
2077	;
2078	BEGINPROC PATMCallIndirect
2079	PATMCallIndirectStart:
2080	pushfd
2081	push PATM_FIXUP ; fixup for jump table below
2082	push PATM_PATCHNEXTBLOCK
2083	push PATM_RETURNADDR
2084	DB 0E8h ; call
2085	DD PATM_LOOKUP_AND_CALL_FUNCTION
2086	; we only return in case of a failure
2087	add esp, 12 ; pushed address of jump table
2088	popfd
2089	add esp, 4 ; pushed by caller (changes the flags, but that shouldn't matter (@todo))
2090	mov dword [ss:PATM_INTERRUPTFLAG], 1
2091	PATM_INT3
2092	%ifdef DEBUG
2093	; for disassembly
2094	jmp PATMCallIndirectEnd
2095	%endif
2096
2097	align 4
2098	PATMCallIndirectTable:
2099	DW PATM_MAX_JUMPTABLE_ENTRIES ; nrSlots
2100	DW 0 ; ulInsertPos
2101	DD 0 ; cAddresses
2102	TIMES PATCHJUMPTABLE_SIZE DB 0 ; lookup slots
2103
2104	PATMCallIndirectEnd:
2105	; returning here -> do not add code here or after the jmp!!!!!
2106	ENDPROC PATMCallIndirect
2107
2108	; Patch record for indirect calls
2109	GLOBALNAME PATMCallIndirectRecord
2110	RTCCPTR_DEF PATMCallIndirectStart
2111	DD 0
2112	DD 0
2113	DD 0
2114	DD PATMCallIndirectEnd - PATMCallIndirectStart
2115	DD 5
2116	DD PATM_FIXUP
2117	DD PATMCallIndirectTable - PATMCallIndirectStart
2118	DD PATM_PATCHNEXTBLOCK
2119	DD 0
2120	DD PATM_RETURNADDR
2121	DD 0
2122	DD PATM_LOOKUP_AND_CALL_FUNCTION
2123	DD 0
2124	DD PATM_INTERRUPTFLAG
2125	DD 0
2126	DD 0ffffffffh
2127
2128
2129	align 32
2130	; Patch function for indirect jumps
2131	; Caller is responsible for clearing PATM_INTERRUPTFLAG and adding:
2132	; push [pTargetGC]
2133	;
2134	BEGINPROC PATMJumpIndirect
2135	PATMJumpIndirectStart:
2136	; save flags (just to be sure)
2137	pushfd
2138	pop dword [ss:PATM_TEMP_EFLAGS]
2139
2140	push PATM_FIXUP ; fixup for jump table below
2141	DB 0E8h ; call
2142	DD PATM_LOOKUP_AND_JUMP_FUNCTION
2143	; we only return in case of a failure
2144	add esp, 8 ; pushed address of jump table + pushed target address
2145
2146	; restore flags (just to be sure)
2147	push dword [ss:PATM_TEMP_EFLAGS]
2148	popfd
2149
2150	mov dword [ss:PATM_INTERRUPTFLAG], 1
2151	PATM_INT3
2152
2153	%ifdef DEBUG
2154	; for disassembly
2155	jmp PATMJumpIndirectEnd
2156	%endif
2157
2158	align 4
2159	PATMJumpIndirectTable:
2160	DW PATM_MAX_JUMPTABLE_ENTRIES ; nrSlots
2161	DW 0 ; ulInsertPos
2162	DD 0 ; cAddresses
2163	TIMES PATCHJUMPTABLE_SIZE DB 0 ; lookup slots
2164
2165	PATMJumpIndirectEnd:
2166	; returning here -> do not add code here or after the jmp!!!!!
2167	ENDPROC PATMJumpIndirect
2168
2169	; Patch record for indirect jumps
2170	GLOBALNAME PATMJumpIndirectRecord
2171	RTCCPTR_DEF PATMJumpIndirectStart
2172	DD 0
2173	DD 0
2174	DD 0
2175	DD PATMJumpIndirectEnd - PATMJumpIndirectStart
2176	DD 5
2177	DD PATM_TEMP_EFLAGS
2178	DD 0
2179	DD PATM_FIXUP
2180	DD PATMJumpIndirectTable - PATMJumpIndirectStart
2181	DD PATM_LOOKUP_AND_JUMP_FUNCTION
2182	DD 0
2183	DD PATM_TEMP_EFLAGS
2184	DD 0
2185	DD PATM_INTERRUPTFLAG
2186	DD 0
2187	DD 0ffffffffh
2188
2189	;
2190	; return from duplicated function
2191	;
2192	align 32
2193	BEGINPROC PATMRet
2194	PATMRet_Start:
2195	; probe stack here as we can't recover from page faults later on
2196	not dword [esp-32]
2197	not dword [esp-32]
2198	mov dword [ss:PATM_INTERRUPTFLAG], 0
2199	pushfd
2200	push eax
2201	push PATM_FIXUP
2202	DB 0E8h ; call
2203	DD PATM_RETURN_FUNCTION
2204	add esp, 4 ; pushed address of jump table
2205
2206	cmp eax, 0
2207	jne near PATMRet_Success
2208
2209	pop eax
2210	popfd
2211	mov dword [ss:PATM_INTERRUPTFLAG], 1
2212	PATM_INT3
2213
2214	%ifdef DEBUG
2215	; for disassembly
2216	jmp PATMRet_Success
2217	%endif
2218	align 4
2219	PATMRetTable:
2220	DW PATM_MAX_JUMPTABLE_ENTRIES ; nrSlots
2221	DW 0 ; ulInsertPos
2222	DD 0 ; cAddresses
2223	TIMES PATCHJUMPTABLE_SIZE DB 0 ; lookup slots
2224
2225	PATMRet_Success:
2226	mov dword [esp+8], eax ; overwrite the saved return address
2227	pop eax
2228	popf
2229	; caller will duplicate the ret or ret n instruction
2230	; the patched call will set PATM_INTERRUPTFLAG after the return!
2231	PATMRet_End:
2232	ENDPROC PATMRet
2233
2234	GLOBALNAME PATMRetRecord
2235	RTCCPTR_DEF PATMRet_Start
2236	DD 0
2237	DD 0
2238	DD 0
2239	DD PATMRet_End - PATMRet_Start
2240	DD 4
2241	DD PATM_INTERRUPTFLAG
2242	DD 0
2243	DD PATM_FIXUP
2244	DD PATMRetTable - PATMRet_Start
2245	DD PATM_RETURN_FUNCTION
2246	DD 0
2247	DD PATM_INTERRUPTFLAG
2248	DD 0
2249	DD 0ffffffffh
2250
2251	;
2252	; global function for implementing 'retn'
2253	;
2254	; Caller is responsible for right stack layout
2255	; + 16 original return address
2256	; + 12 eflags
2257	; + 8 eax
2258	; + 4 Jump table address
2259	;( + 0 return address )
2260	;
2261	; @note assumes PATM_INTERRUPTFLAG is zero
2262	; @note assumes it can trash eax and eflags
2263	;
2264	; @returns eax=0 on failure
2265	; otherwise return address in eax
2266	;
2267	; @note NEVER change this without bumping the SSM version
2268	align 32
2269	BEGINPROC PATMRetFunction
2270	PATMRetFunction_Start:
2271	push ecx
2272	push edx
2273	push edi
2274
2275	; Event order:
2276	; (@todo figure out which path is taken most often (1 or 2))
2277	; 1) Check if the return patch address was pushed onto the PATM stack
2278	; 2) Check if the return patch address can be found in the lookup table
2279	; 3) Query return patch address from the hypervisor
2280
2281
2282	; 1) Check if the return patch address was pushed on the PATM stack
2283	cmp dword [ss:PATM_STACKPTR], PATM_STACK_SIZE
2284	jae near PATMRetFunction_FindReturnAddress
2285
2286	mov edx, dword PATM_STACKPTR
2287
2288	; check if the return address is what we expect it to be
2289	mov eax, dword PATM_STACKBASE_GUEST
2290	add eax, dword [ss:edx] ; stack base + stack position
2291	mov eax, dword [ss:eax] ; original return address
2292	cmp eax, dword [esp+12+16] ; pushed return address
2293
2294	; the return address was changed -> let our trap handler try to find it
2295	; (can happen when the guest messes with the stack (seen it) or when we didn't call this function ourselves)
2296	jne near PATMRetFunction_FindReturnAddress
2297
2298	; found it, convert relative to absolute patch address and return the result to the caller
2299	mov eax, dword PATM_STACKBASE
2300	add eax, dword [ss:edx] ; stack base + stack position
2301	mov eax, dword [ss:eax] ; relative patm return address
2302	add eax, PATM_PATCHBASE
2303
2304	%ifdef PATM_LOG_PATCHINSTR
2305	push eax
2306	push ebx
2307	push ecx
2308	push edx
2309	mov edx, eax ; return address
2310	lea ebx, [esp+16+12+16] ; stack address containing the return address
2311	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOG_RET
2312	mov eax, PATM_ACTION_LOG_RET
2313	mov ecx, PATM_ACTION_MAGIC
2314	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
2315	pop edx
2316	pop ecx
2317	pop ebx
2318	pop eax
2319	%endif
2320
2321	add dword [ss:edx], 4 ; pop return address from the PATM stack (sizeof(RTGCPTR); @note hardcoded assumption!)
2322
2323	pop edi
2324	pop edx
2325	pop ecx
2326	ret
2327
2328	PATMRetFunction_FindReturnAddress:
2329	; 2) Check if the return patch address can be found in the lookup table
2330	mov edx, dword [esp+12+16] ; pushed target address
2331
2332	xor eax, eax ; default result -> nothing found
2333	mov edi, dword [esp+12+4] ; jump table
2334	mov ecx, [ss:edi + PATCHJUMPTABLE.cAddresses]
2335	cmp ecx, 0
2336	je near PATMRetFunction_AskHypervisor
2337
2338	PATMRetFunction_SearchStart:
2339	cmp [ss:edi + PATCHJUMPTABLE.Slot_pInstrGC + eax*8], edx ; edx = GC address to search for
2340	je near PATMRetFunction_SearchHit
2341	inc eax
2342	cmp eax, ecx
2343	jl near PATMRetFunction_SearchStart
2344
2345	PATMRetFunction_AskHypervisor:
2346	; 3) Query return patch address from the hypervisor
2347	; @todo private ugly interface, since we have nothing generic at the moment
2348	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOOKUP_ADDRESS
2349	mov eax, PATM_ACTION_LOOKUP_ADDRESS
2350	mov ecx, PATM_ACTION_MAGIC
2351	mov edi, dword [esp+12+4] ; jump table address
2352	mov edx, dword [esp+12+16] ; original return address
2353	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
2354	jmp near PATMRetFunction_SearchEnd
2355
2356	PATMRetFunction_SearchHit:
2357	mov eax, [ss:edi + PATCHJUMPTABLE.Slot_pRelPatchGC + eax*8] ; found a match!
2358	;@note can be zero, so the next check is required!!
2359
2360	PATMRetFunction_SearchEnd:
2361	cmp eax, 0
2362	jz PATMRetFunction_Failure
2363
2364	add eax, PATM_PATCHBASE
2365
2366	%ifdef PATM_LOG_PATCHINSTR
2367	push eax
2368	push ebx
2369	push ecx
2370	push edx
2371	mov edx, eax ; return address
2372	lea ebx, [esp+16+12+16] ; stack address containing the return address
2373	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOG_RET
2374	mov eax, PATM_ACTION_LOG_RET
2375	mov ecx, PATM_ACTION_MAGIC
2376	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
2377	pop edx
2378	pop ecx
2379	pop ebx
2380	pop eax
2381	%endif
2382
2383	pop edi
2384	pop edx
2385	pop ecx
2386	ret
2387
2388	PATMRetFunction_Failure:
2389	;signal error
2390	xor eax, eax
2391	pop edi
2392	pop edx
2393	pop ecx
2394	ret
2395
2396	PATMRetFunction_End:
2397	ENDPROC PATMRetFunction
2398
2399	GLOBALNAME PATMRetFunctionRecord
2400	RTCCPTR_DEF PATMRetFunction_Start
2401	DD 0
2402	DD 0
2403	DD 0
2404	DD PATMRetFunction_End - PATMRetFunction_Start
2405	%ifdef PATM_LOG_PATCHINSTR
2406	DD 9
2407	%else
2408	DD 7
2409	%endif
2410	DD PATM_STACKPTR
2411	DD 0
2412	DD PATM_STACKPTR
2413	DD 0
2414	DD PATM_STACKBASE_GUEST
2415	DD 0
2416	DD PATM_STACKBASE
2417	DD 0
2418	DD PATM_PATCHBASE
2419	DD 0
2420	%ifdef PATM_LOG_PATCHINSTR
2421	DD PATM_PENDINGACTION
2422	DD 0
2423	%endif
2424	DD PATM_PENDINGACTION
2425	DD 0
2426	DD PATM_PATCHBASE
2427	DD 0
2428	%ifdef PATM_LOG_PATCHINSTR
2429	DD PATM_PENDINGACTION
2430	DD 0
2431	%endif
2432	DD 0ffffffffh
2433
2434
2435	;
2436	; Jump to original instruction if IF=1
2437	;
2438	BEGINPROC PATMCheckIF
2439	PATMCheckIF_Start:
2440	mov dword [ss:PATM_INTERRUPTFLAG], 0
2441	pushf
2442	test dword [ss:PATM_VMFLAGS], X86_EFL_IF
2443	jnz PATMCheckIF_Safe
2444	nop
2445
2446	; IF=0 -> unsafe, so we must call the duplicated function (which we don't do here)
2447	popf
2448	mov dword [ss:PATM_INTERRUPTFLAG], 1
2449	jmp PATMCheckIF_End
2450
2451	PATMCheckIF_Safe:
2452	; invalidate the PATM stack as we'll jump back to guest code
2453	mov dword [ss:PATM_STACKPTR], PATM_STACK_SIZE
2454
2455	%ifdef PATM_LOG_PATCHINSTR
2456	push eax
2457	push ecx
2458	lock or dword [ss:PATM_PENDINGACTION], PATM_ACTION_LOG_IF1
2459	mov eax, PATM_ACTION_LOG_IF1
2460	mov ecx, PATM_ACTION_MAGIC
2461	db 0fh, 0bh ; illegal instr (hardcoded assumption in PATMHandleIllegalInstrTrap)
2462	pop ecx
2463	pop eax
2464	%endif
2465	popf
2466	mov dword [ss:PATM_INTERRUPTFLAG], 1
2467	; IF=1 -> we can safely jump back to the original instruction
2468	DB 0xE9
2469	PATMCheckIF_Jump:
2470	DD PATM_JUMPDELTA
2471	PATMCheckIF_End:
2472	ENDPROC PATMCheckIF
2473
2474	; Patch record for call instructions
2475	GLOBALNAME PATMCheckIFRecord
2476	RTCCPTR_DEF PATMCheckIF_Start
2477	DD PATMCheckIF_Jump - PATMCheckIF_Start
2478	DD 0
2479	DD 0
2480	DD PATMCheckIF_End - PATMCheckIF_Start
2481	%ifdef PATM_LOG_PATCHINSTR
2482	DD 6
2483	%else
2484	DD 5
2485	%endif
2486	DD PATM_INTERRUPTFLAG
2487	DD 0
2488	DD PATM_VMFLAGS
2489	DD 0
2490	DD PATM_INTERRUPTFLAG
2491	DD 0
2492	DD PATM_STACKPTR
2493	DD 0
2494	%ifdef PATM_LOG_PATCHINSTR
2495	DD PATM_PENDINGACTION
2496	DD 0
2497	%endif
2498	DD PATM_INTERRUPTFLAG
2499	DD 0
2500	DD 0ffffffffh
2501
2502	;
2503	; Jump back to guest if IF=1, else fault
2504	;
2505	BEGINPROC PATMJumpToGuest_IF1
2506	PATMJumpToGuest_IF1_Start:
2507	mov dword [ss:PATM_INTERRUPTFLAG], 0
2508	pushf
2509	test dword [ss:PATM_VMFLAGS], X86_EFL_IF
2510	jnz PATMJumpToGuest_IF1_Safe
2511	nop
2512
2513	; IF=0 -> unsafe, so fault
2514	popf
2515	mov dword [ss:PATM_INTERRUPTFLAG], 1
2516	PATM_INT3
2517
2518	PATMJumpToGuest_IF1_Safe:
2519	; IF=1 -> we can safely jump back to the original instruction
2520	popf
2521	mov dword [ss:PATM_INTERRUPTFLAG], 1
2522	DB 0xE9
2523	PATMJumpToGuest_IF1_Jump:
2524	DD PATM_JUMPDELTA
2525	PATMJumpToGuest_IF1_End:
2526	ENDPROC PATMJumpToGuest_IF1
2527
2528	; Patch record for call instructions
2529	GLOBALNAME PATMJumpToGuest_IF1Record
2530	RTCCPTR_DEF PATMJumpToGuest_IF1_Start
2531	DD PATMJumpToGuest_IF1_Jump - PATMJumpToGuest_IF1_Start
2532	DD 0
2533	DD 0
2534	DD PATMJumpToGuest_IF1_End - PATMJumpToGuest_IF1_Start
2535	DD 4
2536	DD PATM_INTERRUPTFLAG
2537	DD 0
2538	DD PATM_VMFLAGS
2539	DD 0
2540	DD PATM_INTERRUPTFLAG
2541	DD 0
2542	DD PATM_INTERRUPTFLAG
2543	DD 0
2544	DD 0ffffffffh
2545
2546
2547	; check and correct RPL of pushed ss
2548	BEGINPROC PATMMovFromSS
2549	PATMMovFromSS_Start:
2550	push eax
2551	pushfd
2552	mov ax, ss
2553	and ax, 3
2554	cmp ax, 1
2555	jne near PATMMovFromSS_Continue
2556
2557	and dword [esp+8], ~3 ; clear RPL 1
2558	PATMMovFromSS_Continue:
2559	popfd
2560	pop eax
2561	PATMMovFromSS_Start_End:
2562	ENDPROC PATMMovFromSS
2563
2564	GLOBALNAME PATMMovFromSSRecord
2565	RTCCPTR_DEF PATMMovFromSS_Start
2566	DD 0
2567	DD 0
2568	DD 0
2569	DD PATMMovFromSS_Start_End - PATMMovFromSS_Start
2570	DD 0
2571	DD 0ffffffffh
2572
2573
2574
2575
2576	; For assertion during init (to make absolutely sure the flags are in sync in vm.mac & vm.h)
2577	GLOBALNAME PATMInterruptFlag
2578	DD VM_FF_INTERRUPT_APIC \| VM_FF_INTERRUPT_PIC \| VM_FF_TIMER \| VM_FF_REQUEST
2579

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/VBox/VMM/PATM/PATMA.asm@ 5605

Download in other formats: