windowsdlls
This is an old revision of the document!
Table of Contents
WindowsDLLs
----
+ Checkout(file)
- Checkin(file)
-----------------------------------------------
NetMD.dll COM (AVLib) c++ code
-----------------------------------------------
| |
| v (This equivalent functionality as libnetmd)
| ----------------------------------
| NetMDAPI.dll / NetMDUSB.sys c++ code
| -----------------------------------
+ IOmgNetMD::AttemptCheckout, CompleteCheckout...
|
---------------------------------------------- COM
OmgNetMD.dll c++ code
-----------------------------------------------
|
| salExec0 ( A procedure in netmd.ocm would implement first step in checkout...)
|---------------------------------------------------------- netmd.ocm (encrypted bytecode and c code)
|
---------------------------------------------- DLL
salwrap.dll c++ code
--------------------------------
Application VM
-------------------------------- <--------------- init.ocm (interpeter, and runtime c libraries)
----------------------------------------------
Virtual Machine overview
---------------------------------- OpenMG Module ---------------------------------- | ---------------------------------- ocm_module_proc_X() ---------------------------------- | salExec0 ............................................................... Secure Application Loader ............................................................... | ---------------------------------- Secure Application ---------------------------------- ^ | v ---------------------------------- Virtual ISA + Virtual ABI (library calls.) virtual machine ---------------------------------- ISA salwrap (host) ---------------------------------- ISA + ABI Windows ---------------------------------- ISA Hardware ---------------------------------- * ISA: Instruction Set Architecture. * Virtual ISA: bytecode architecture. * ABI: Application Binary Interface: Interface to OS System Calls. * Virtual ISA: library calls to runtime libraries.
C++ interface to the virtual machine (application loader)
#include <iostream>
#include <vector>
using namespace std;
class SalBytecode
{
SalBytecode(unsigned int);
clear();
dataType();
SalBytecode & operator=(class SalBytecode const &);
~SalBytecode();
// Input stream operators
operator<<(SalBytecode &, long &);
operator<<(SalBytecode &, SalPointer const &);
operator<<(SalBytecode &, SalNonConstPointer const &);
operator<<(SalBytecode &, OmgString const &);
operator<<(SalBytecode &, SalString const &);
operator<<(SalBytecode &, SalFileContent const &);
operator<<(SalBytecode &, SalExtrinsicsProg const &);
operator<<(SalBytecode &, SalLoadableModule const &);
operator<<(SalBytecode &, std::vector<unsigned char> &)
operator<<(SalBytecode &, SalOmgId const &);
operator<<(SalBytecode &, OmgMmap const &);
operator<<(SalBytecode &, SalKey const &);
// Output stream operators
operator>>(SalBytecode &, std::string<char> &);
operator>>(SalBytecode &, std::vector<unsigned char> &);
operator>>(SalBytecode &, SalAsnSeqBegin);
operator>>(SalBytecode &, SalAsnSeqEnd &);
operator>>(SalBytecode &, SalNonConstPointer &);
operator>>(SalBytecode &, OmgString &);
private:
SalBytecode::SalByteCode_impl_constr(var_size_512);
// 10 vars
// var 0
uchar *StreamBuf; // var 1
int StreamPos; // var 2
long int lenStreamBuf; // var 3h
int inArgSize; // var10: 512
};
void salExec0(SalBytecode& input, SalBytecode& output, int, int, int);
OpenMG Secure Module - Implementation Architecture
* In Sony Patent EP1 496 439 A1, Fig.6 there are a Functional architecture diagram.
.................................................................................................... + UI
SonicStage
....................................................................................................
^ ^
| |
| COM | COM
v v
.................................................................................................... Plug-in layer
+ CheckOut +Playback + PlayBack
+ CheckIn +Convert + Convert
--------------------- ------------------------ ------------------------
| NetMD.dll | | OpcOmg.dll | | OpcWMA.dll |
--------------------- ------------------------ ------------------------
---------------------
NetMDAPI.dll
---------------------
---------------------
NetMDUSB.dll
---------------------
.................................................................................................... OpenMG
^
| COM
DLL v DLL
----------------------- ----------------------- --------------------------------------------
pfcom.dll | <-> OmgNetMD.dll <-> | salwrap.dll
| ----------------------- |
| ----------------------- | - EkbCapabilityTable
createInstanceForMp3 | <-> omgconv2.dll <-> | - OmgEkb
| ----------------------- |
| ----------------------- | - salExec0
| <-> MemStick.dll <-> | ----------------------
| ----------------------- | SAL VM
| | ----------------------
----------------------- --------------------------------------------
^
|
v
+++++++++++++++++ +++++++++++++++++++++ +++++++++++++++++++++++++
rights information
(opf data) icv.dat maclist1,2.dat OMGKEY, OMGRIGHTS
+++++++++++++++++ +++++++++++++++++++++ +++++++++++++++++++++++++
.................................................................................................... Secure Applications
------------------ ----------------- ------------------- ------------------ ------------------
device.sal init.ocm netmd.ocm icv.ocm maclist.ocm ...
------------------ ----------------- ------------------- ------------------ ------------------
-------------------
SAL Runtime
-------------------
....................................................................................................
The ocm-files
OCM-Interpretor:
- http://users.physik.fu-berlin.de/~glaubitz/linux-minidisc/dis-09-02-01.rar - latest version as of May, 2nd 2009
OCM handling code is stored in a private git repository (run using gitosis). Access is only possible by ssh with public key authentication. To get access, your need to have your ssh public key (either a role-specific one or your standard personal key, doesn't matter) added into the list of authorized keys, just ask in the IRC channel. When your key is added, and you use a role-specific key, add something like this to your .ssh/config
Hostname z6.physik.fu-berlin.de
IdentityFile ~/.ssh/id-rsa-minidisc
After that, you can clone the repo by using
git-clone gitosis@z6.physik.fu-berlin.de:/ocm
The OCM files (except for init.ocm which contains an extra layer of packing) are interpreted as OCMBytecode
Here is a decode for native code blocks from OCM files. It is severe works-for-me-quality, having at least the following issues:
- It does not name imports from salwrap, it just puts offsets into the import table into a generic name. Check here for some name OCMSalwrapExports
- It is unable to parse named exports
- It does only support the relocation types (mostly direct imports of compiler helper functions) I needed.
The output of the program is an assembler source file (completely unreadable) that is intended to be compiled by the GNU assembler (Win32 port or cross-assembler in linux) and then loaded into a good disassembler, like IDA 4.9 Freeware for example.
Some info about analysing an OCM file can be found in this part of chat log:
These pages show internals of some modules (internal access only)
windowsdlls.1241769540.txt.gz · Last modified: 2009/05/08 07:59 by nopsled