lcrp-samp/pawno/include/YSI_Internal/y_writemem.inc

/**--------------------------------------------------------------------------**\
					===========================
					Y Sever Includes - Writemem
					===========================
Description:
	Write to any absolute address in the SA:MP server in pure PAWN with embedded
	assembly (i.e. a new native).  Calls "VirtualProtect" to make writes safe.
Legal:
	Version: MPL 1.1

	The contents of this file are subject to the Mozilla Public License Version
	1.1 (the "License"); you may not use this file except in compliance with
	the License. You may obtain a copy of the License at
	http://www.mozilla.org/MPL/

	Software distributed under the License is distributed on an "AS IS" basis,
	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
	for the specific language governing rights and limitations under the
	License.

	The Original Code is the YSI ini include.

	The Initial Developer of the Original Code is Alex "Y_Less" Cole.
	Portions created by the Initial Developer are Copyright (C) 2011
	the Initial Developer. All Rights Reserved.

	Contributors:
		ZeeX, koolk, JoeBullet/Google63, g_aSlice/Slice

	Thanks:
		JoeBullet/Google63 - Handy arbitrary ASM jump code using SCTRL.
		ZeeX - Very productive conversations.
		koolk - IsPlayerinAreaEx code.
		TheAlpha - Danish translation.
		breadfish - German translation.
		Fireburn - Dutch translation.
		yom - French translation.
		50p - Polish translation.
		Zamaroht - Spanish translation.
		Dracoblue, sintax, mabako, Xtreme, other coders - Producing other modes
			for me to strive to better.
		Pixels^ - Running XScripters where the idea was born.
		Matite - Pestering me to release it and using it.

	Very special thanks to:
		Thiadmer - PAWN, whose limits continue to amaze me!
		Kye/Kalcor - SA:MP.
		SA:MP Team past, present and future - SA:MP.

Version:
	1.0
Changelog:
	01/02/12:
		Zeex_: Changed to use SYSREQ.D call not SYSREQ.C.
		Zeex_: Modified "VirtualProtect" pointer to SA:MP server one.
		Added "VirtualProtect" calls to the code.
		First version.
Functions:
	Public:
		-
	Core:
		-
	Stock:
		-
	Static:
		-
	Inline:
		-
	API:
		WriteMem - Write data to an address.
Callbacks:
	-
Definitions:
	asm - Convert a stream of assembly to a cell.
Enums:
	-
Macros:
	-
Tags:
	-
Variables:
	Global:
		-
	Static:
		YSI_g_sWriteMem - The assembly.
Commands:
	-
Compile options:
	-
Operators:
	-
\**--------------------------------------------------------------------------**/

#if defined _INC_y_writemem
	#endinput
#endif
#define _INC_y_writemem

#include <a_samp>
#include "..\YSI_Storage\y_amx"
#include "..\YSI_Coding\y_hooks"
#include "..\YSI_Core\y_utils"

#tryinclude "..\amx\windows\import_table"
#tryinclude <amx_assembly\windows\import_table>
#tryinclude "..\amx_assembly\windows\import_table"
#tryinclude "..\..\amx_assembly\windows\import_table"

forward WriteMem(addr, value);

#define asm(%0,%1,%2,%3) ((0x%0<<0)|(0x%1<<8)|(0x%2<<16)|(0x%3<<24))

/*
cell AMX_NATIVE_CALL
	n_WriteMem(AMX * amx, cell * params)
{
	if (params[0] == 8)
	{
		DWORD
			oldp;
		VirtualProtect((cell *)params[1], 4, PAGE_EXECUTE_READWRITE, &oldp);
		*((cell *)params[1]) = params[2];
	}
	return 0;
}

BECOMES:

	align   16
	push    ebp
	mov     ebp, esp
	push    esi
	mov     esi, [ebp+12]
	cmp     dword ptr [esi], 8
	jnz     short loc_ret
	mov     ecx, [esi+4]
	lea     eax, [ebp+12]
	push    eax
	push    40h
	push    4
	push    ecx
	call    ds:__imp__VirtualProtect@16 ; LOOK THIS UP FIRST.
	mov     edx, [esi+4]
	mov     eax, [esi+8]
	mov     [edx], eax
loc_ret:
	xor     eax, eax
	pop     esi
	pop     ebp
	retn
*/

static
	YSI_g_sWriteMem[] =
	{
		asm(CC,CC,CC,CC), asm(CC,CC,CC,CC), asm(CC,CC,CC,CC), asm(CC,CC,CC,CC),
		asm(55,8B,EC,56), asm(8B,75,0C,83), asm(3E,08,75,1A), asm(8B,4E,04,8D),
		//asm(45,0C,50,6A), asm(40,6A,04,51), asm(FF,15,8C,11), asm(4A,00,8B,56),
		asm(45,0C,50,6A), asm(40,6A,04,51), asm(FF,15,00,00), asm(00,00,8B,56),
		asm(04,8B,46,08), asm(89,02,33,C0), asm(5E,5D,C3,CC)
	},
	YSI_g_iWriteMemAddr = 0;

stock WriteMem(addr, value)
{
	static ptr = -1;
	
	// Push addr and value.
	#emit PUSH.S value
	#emit PUSH.S addr
	#emit PUSH.C 8
	
	if (ptr == -1)
	{
		// ptr = COD + CIP - DAT + <distance to nop #1>
		// Modified from code by Zeex_.
		#emit LCTRL      6  // CIP
		#emit LOAD.alt   AMX_HEADER_COD
		#emit ADD
		#emit ADD.C      84
		#emit STOR.pri   ptr
		
		// NOP #1 = SYSREQ.D
		#emit CONST.pri  135
		#emit SREF.pri   ptr
		
		// ptr += 4
		#emit LOAD.pri   ptr
		#emit ADD.C      4
		#emit STOR.pri   ptr
		
		// NOP #2 = address
		#emit LOAD.pri   YSI_g_iWriteMemAddr
		#emit SREF.pri   ptr
	}
	// Reserve space for SYSREQ.D WriteMem.
	#emit NOP
	#emit NOP
	
	// Pop native arguments.
	#emit STACK 12
}

static WM_Shift(from, to, data[], len = sizeof (data))
{
	if (FALSE)
	{
		WriteMem(0, 0);
	}
	while (from < len)
	{
		data[to++] = data[from++];
	}
}

hook OnScriptInit()
{
	// 00 4A 61 98
	new
		addr = GetImportPointer("VirtualProtect");
	#emit LOAD.S.alt      addr
	// Get the offset to the long call address.
	#emit CONST.pri       YSI_g_sWriteMem
	#emit ADD.C           42
	#emit STOR.S.pri      addr
	// Write the real address.
	#emit SREF.S.alt      addr
	// Align the code to a 16-byte boundary.
	addr = AMX_GetGlobalAddress(YSI_g_sWriteMem);
	switch (addr & 15)
	{
		case 0:
		{
			WM_Shift(4, 0, YSI_g_sWriteMem);
		}
		case 4:
		{
			WM_Shift(4, 3, YSI_g_sWriteMem);
			addr += 12;
		}
		case 8:
		{
			WM_Shift(4, 2, YSI_g_sWriteMem);
			addr += 8;
		}
		case 12:
		{
			WM_Shift(4, 1, YSI_g_sWriteMem);
			addr += 4;
		}
		default:
		{
			P:E("Cannot relocate YSI_g_sWriteMem");
		}
	}
	YSI_g_iWriteMemAddr = addr;
	return 1;
}