From 49fc9be3535799a11803f66202c4e18af0b4e591 Mon Sep 17 00:00:00 2001 From: Fisherman166 Date: Sun, 28 Jan 2018 23:08:38 -0800 Subject: [PATCH] Add reversed engineered KeLeaveCriticalRegion and KeEnterCriticalRegion kernel functions --- src/CxbxKrnl/EmuKrnlKe.cpp | 38 ++++++++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 10 deletions(-) diff --git a/src/CxbxKrnl/EmuKrnlKe.cpp b/src/CxbxKrnl/EmuKrnlKe.cpp index 96fd1e525..dfdb717b5 100644 --- a/src/CxbxKrnl/EmuKrnlKe.cpp +++ b/src/CxbxKrnl/EmuKrnlKe.cpp @@ -565,19 +565,29 @@ XBSYSAPI EXPORTNUM(100) xboxkrnl::VOID NTAPI xboxkrnl::KeDisconnectInterrupt KiUnlockDispatcherDatabase(OldIrql); } +// From looking at the wine src code for Rtl*CriticalSection functions +// and from seeing what the xbox kernel does with KeEnter/Leave CriticalRegion, +// I can only conclude that is is accessing a Teb structure in Xbox memory. +// Many Xbox Kernel functions load this pointer and make changes to fields +// in it. More research will be needed to define all fields +uint8_t* get_thread_Teb() { + return (uint8_t*)0x80047BF0; +} +#define CRITICAL_REGION_UNKNOWN1 (get_thread_Teb() + 0x34) +#define CRITICAL_REGION_UNKNOWN2 (get_thread_Teb() + 0x49) +#define CRITICAL_REGION_UNKNOWN3 (get_thread_Teb() + 0x68) + // ****************************************************************** // * 0x0065 - KeEnterCriticalRegion() // ****************************************************************** XBSYSAPI EXPORTNUM(101) xboxkrnl::VOID NTAPI xboxkrnl::KeEnterCriticalRegion ( - VOID + VOID ) { - LOG_FUNC(); - - // TODO : Disable kernel APCs - - LOG_UNIMPLEMENTED(); + LOG_FUNC(); + uint32_t* critical_region_unk = (uint32_t*)CRITICAL_REGION_UNKNOWN3; + *critical_region_unk--; } // ****************************************************************** @@ -1039,14 +1049,22 @@ void ConnectKeInterruptTimeToThunkTable() // ****************************************************************** XBSYSAPI EXPORTNUM(122) xboxkrnl::VOID NTAPI xboxkrnl::KeLeaveCriticalRegion ( - VOID + VOID ) { - LOG_FUNC(); + LOG_FUNC(); - // TODO : Enable kernel APCs + uint32_t* critcal_region_unk1 = (uint32_t*)CRITICAL_REGION_UNKNOWN1; + uint8_t* critcal_region_unk2 = CRITICAL_REGION_UNKNOWN2; + uint32_t* critical_region_unk3 = (uint32_t*)CRITICAL_REGION_UNKNOWN3; - LOG_UNIMPLEMENTED(); + *critical_region_unk3++; + if(*critical_region_unk3 == 0) { + if(*critcal_region_unk1 != (uint32_t)critcal_region_unk1) { + *critcal_region_unk2 = 1; + HalRequestSoftwareInterrupt(1); + } + } } XBSYSAPI EXPORTNUM(123) xboxkrnl::LONG NTAPI xboxkrnl::KePulseEvent