windowsdlls
This is an old revision of the document!
WindowsDLLs
---- + Checkout(file) - Checkin(file) ----------------------------------------------- NetMD.dll COM (AVLib) c++ code ----------------------------------------------- | | | v (This equivalent functionality as libnetmd) | ---------------------------------- | NetMDAPI.dll / NetMDUSB.sys c++ code | ----------------------------------- + IOmgNetMD::AttemptCheckout, CompleteCheckout... | ---------------------------------------------- COM OmgNetMD.dll c++ code ----------------------------------------------- | | salExec0 ( A procedure in netmd.ocm would implement first step in checkout...) |---------------------------------------------------------- netmd.ocm (encrypted bytecode and c code) | ---------------------------------------------- DLL salwrap.dll c++ code -------------------------------- Application VM -------------------------------- <--------------- init.ocm (interpeter, and runtime c libraries) ----------------------------------------------
Virtual Machine overview
---------------------------------- OpenMG Module ---------------------------------- | ---------------------------------- ocm_module_proc_X() ---------------------------------- | salExec0 ............................................................... Secure Application Loader ............................................................... | ---------------------------------- Secure Application ---------------------------------- ^ | v ---------------------------------- Virtual ISA + Virtual ABI (library calls.) virtual machine ---------------------------------- ISA salwrap (host) ---------------------------------- ISA + ABI Windows ---------------------------------- ISA Hardware ---------------------------------- * ISA: Instruction Set Architecture. * Virtual ISA: bytecode architecture. * ABI: Application Binary Interface: Interface to OS System Calls. * Virtual ISA: library calls to runtime libraries.
C++ interface to the virtual machine (application loader)
#include <iostream> #include <vector> using namespace std; class SalBytecode { SalBytecode(unsigned int); clear(); dataType(); SalBytecode & operator=(class SalBytecode const &); ~SalBytecode(); // Input stream operators operator<<(SalBytecode &, long &); operator<<(SalBytecode &, SalPointer const &); operator<<(SalBytecode &, SalNonConstPointer const &); operator<<(SalBytecode &, OmgString const &); operator<<(SalBytecode &, SalString const &); operator<<(SalBytecode &, SalFileContent const &); operator<<(SalBytecode &, SalExtrinsicsProg const &); operator<<(SalBytecode &, SalLoadableModule const &); operator<<(SalBytecode &, std::vector<unsigned char> &) operator<<(SalBytecode &, SalOmgId const &); operator<<(SalBytecode &, OmgMmap const &); operator<<(SalBytecode &, SalKey const &); // Output stream operators operator>>(SalBytecode &, std::string<char> &); operator>>(SalBytecode &, std::vector<unsigned char> &); operator>>(SalBytecode &, SalAsnSeqBegin); operator>>(SalBytecode &, SalAsnSeqEnd &); operator>>(SalBytecode &, SalNonConstPointer &); operator>>(SalBytecode &, OmgString &); private: SalBytecode::SalByteCode_impl_constr(var_size_512); // 10 vars // var 0 uchar *StreamBuf; // var 1 int StreamPos; // var 2 long int lenStreamBuf; // var 3h int inArgSize; // var10: 512 }; void salExec0(SalBytecode& input, SalBytecode& output, int, int, int);
The ocm-files
OCM-Interpretor:
- http://users.physik.fu-berlin.de/~glaubitz/linux-minidisc/dis-09-02-01.rar - latest version as of May, 2nd 2009
The OCM files (except for init.ocm which contains an extra layer of packing) are interpreted as OCMBytecode
Here is a decode for native code blocks from OCM files. It is severe works-for-me-quality, having at least the following issues:
- It does not name imports from salwrap, it just puts offsets into the import table into a generic name. Check here for some name OCMSalwrapExports
- It is unable to parse named exports
- It does only support the relocation types (mostly direct imports of compiler helper functions) I needed.
The output of the program is an assembler source file (completely unreadable) that is intended to be compiled by the GNU assembler (Win32 port or cross-assembler in linux) and then loaded into a good disassembler, like IDA 4.9 Freeware for example.
Some info about analysing an OCM file can be found in this part of chat log:
These pages show internals of some modules (internal access only)
windowsdlls.1241509186.txt.gz · Last modified: 2009/05/05 07:39 by megadiscman