Intercepting filesystem operations

  • 0 Replies
  • 568 Views
*

Offline srsa_4c

  • ******
  • 3530
Intercepting filesystem operations
« on: 16 / February / 2014, 18:23:29 »
Advertisements
Ever since I found the DryOS driver registration function, I suspected that this can be done. I used the attached patch to find out which task saves native CR2 files on the g10 (102a). I'm intercepting the 'open' handler of the newcatfs driver and logging some details to the syslog. I'm posting this here in case somebody needs debug info about file operations. Some function arguments might have misleading names below.
A pointer to the current task's TCB seems to be at 0x1958 on this cam (haven't tried to trace back code, evaluated a RAM dump instead to get it).
Code: [Select]
Index: platform/g10/sub/102a/boot.c
===================================================================
--- platform/g10/sub/102a/boot.c (revision 3359)
+++ platform/g10/sub/102a/boot.c (working copy)
@@ -5,6 +5,7 @@
 #include "stdlib.h"
 #include "gui.h"
 #include "../../../../core/gui_draw.h"
+#include "dryos31.h"
 
 const char * const new_sa = &_end;
 
@@ -457,6 +458,9 @@
 " BLNE sub_FF87CD38 \n"                   
 //" BL sub_FF878098 \n" 
 " BL      sub_FF878098_my\n"    //----------->
+
+"BL replace_catfshandlers \n"
+
 " BL      core_spytask_can_start\n"      // +                   
 " CMP R4, #0 \n"                           
 " MOVEQ R0, R5 \n"                         
@@ -808,3 +812,26 @@
 " B loc_FF84B25C \n"                       
  );
 }
+
+static int (*orig_catfsopen)(int handle, char *name, int flags, int mode, int stuff);
+
+static int my_catfsopen(int handle, char *name, int flags, int mode, int stuff) {
+    task_t** tt = (task_t**)0x1958;
+    extern void _LogCameraEvent(int,char*,int,int);
+    _LogCameraEvent(0x20,"open: %s, 0x%x",(int)name,(int)name);
+    _LogCameraEvent(0x20,"open in task %s 0x%x",(*tt)->name,(int)((*tt)->name));
+    return orig_catfsopen(handle, name, flags, mode, stuff);
+}
+
+static int my_catfshandlers[9];
+
+void replace_catfshandlers() {
+    // copy handlers
+    _memcpy(my_catfshandlers,(void*)0xFFB0FFA8,9*4);
+    // get orignal open handler
+    orig_catfsopen = (void*) my_catfshandlers[0];
+    // replace open handler with our wrapper
+    my_catfshandlers[0] = (int) my_catfsopen;
+    // replace handler list pointer
+    *(int*)0x10cec = (int)&my_catfshandlers[0];
+}
Index: platform/g10/sub/102a/stubs_entry_2.S
===================================================================
--- platform/g10/sub/102a/stubs_entry_2.S (revision 3359)
+++ platform/g10/sub/102a/stubs_entry_2.S (working copy)
@@ -16,3 +16,4 @@
 NHSTUB(Mount_FileSystem, 0xFF81093C )
 NHSTUB(SetZoomActuatorSpeedPercent, 0xFF81093C )
 
+NHSTUB(LogCameraEvent, 0xFF874ABC)

 

Related Topics