windowsdlls
This is an old revision of the document!
Table of Contents
WindowsDLLs
---- + Checkout(file) - Checkin(file) ----------------------------------------------- NetMD.dll COM (AVLib) c++ code ----------------------------------------------- | | | v (This equivalent functionality as libnetmd) | ---------------------------------- | NetMDAPI.dll / NetMDUSB.sys c++ code | ----------------------------------- + IOmgNetMD::AttemptCheckout, CompleteCheckout... | ---------------------------------------------- COM OmgNetMD.dll c++ code ----------------------------------------------- | | salExec0 ( A procedure in netmd.ocm would implement first step in checkout...) |---------------------------------------------------------- netmd.ocm (encrypted bytecode and c code) | ---------------------------------------------- DLL salwrap.dll c++ code -------------------------------- Application VM -------------------------------- <--------------- init.ocm (interpeter, and runtime c libraries) ----------------------------------------------
Virtual Machine overview
---------------------------------- OpenMG Module ---------------------------------- | ---------------------------------- ocm_module_proc_X() ---------------------------------- | salExec0 ............................................................... Secure Application Loader ............................................................... | ---------------------------------- Secure Application ---------------------------------- ^ | v ---------------------------------- Virtual ISA + Virtual ABI (library calls.) virtual machine ---------------------------------- ISA salwrap (host) ---------------------------------- ISA + ABI Windows ---------------------------------- ISA Hardware ---------------------------------- * ISA: Instruction Set Architecture. * Virtual ISA: bytecode architecture. * ABI: Application Binary Interface: Interface to OS System Calls. * Virtual ISA: library calls to runtime libraries.
C++ interface to the virtual machine (application loader)
#include <iostream> #include <vector> using namespace std; class SalBytecode { SalBytecode(unsigned int); clear(); dataType(); SalBytecode & operator=(class SalBytecode const &); ~SalBytecode(); // Input stream operators operator<<(SalBytecode &, long &); operator<<(SalBytecode &, SalPointer const &); operator<<(SalBytecode &, SalNonConstPointer const &); operator<<(SalBytecode &, OmgString const &); operator<<(SalBytecode &, SalString const &); operator<<(SalBytecode &, SalFileContent const &); operator<<(SalBytecode &, SalExtrinsicsProg const &); operator<<(SalBytecode &, SalLoadableModule const &); operator<<(SalBytecode &, std::vector<unsigned char> &) operator<<(SalBytecode &, SalOmgId const &); operator<<(SalBytecode &, OmgMmap const &); operator<<(SalBytecode &, SalKey const &); // Output stream operators operator>>(SalBytecode &, std::string<char> &); operator>>(SalBytecode &, std::vector<unsigned char> &); operator>>(SalBytecode &, SalAsnSeqBegin); operator>>(SalBytecode &, SalAsnSeqEnd &); operator>>(SalBytecode &, SalNonConstPointer &); operator>>(SalBytecode &, OmgString &); private: SalBytecode::SalByteCode_impl_constr(var_size_512); // 10 vars // var 0 uchar *StreamBuf; // var 1 int StreamPos; // var 2 long int lenStreamBuf; // var 3h int inArgSize; // var10: 512 }; void salExec0(SalBytecode& input, SalBytecode& output, int, int, int);
OpenMG Secure Module - Implementation Architecture
.................................................................................................... + UI SonicStage .................................................................................................... ^ ^ | | | COM | COM v v .................................................................................................... Plug-in layer + CheckOut +Playback + PlayBack + CheckIn +Convert + Convert --------------------- ------------------------ ------------------------ | NetMD.dll | | OpcOmg.dll | | OpcWMA.dll | --------------------- ------------------------ ------------------------ --------------------- NetMDAPI.dll --------------------- --------------------- NetMDUSB.dll --------------------- .................................................................................................... OpenMG ^ | COM DLL v DLL ----------------------- ----------------------- -------------------------------------------- pfcom.dll | <-> OmgNetMD.dll <-> | salwrap.dll | ----------------------- | | ----------------------- | - EkbCapabilityTable createInstanceForMp3 | <-> omgconv2.dll <-> | - OmgEkb | ----------------------- | | ----------------------- | - salExec0 | <-> MemStick.dll <-> | ---------------------- | ----------------------- | SAL VM | | ---------------------- ----------------------- -------------------------------------------- ^ | v +++++++++++++++++ +++++++++++++++++++++ +++++++++++++++++++++++++ rights information (opf data) icv.dat maclist1,2.dat OMGKEY, OMGRIGHTS +++++++++++++++++ +++++++++++++++++++++ +++++++++++++++++++++++++ .................................................................................................... Secure Applications ------------------ ----------------- ------------------- ------------------ ------------------ device.sal init.ocm netmd.ocm icv.ocm maclist.ocm ... ------------------ ----------------- ------------------- ------------------ ------------------ ------------------- SAL Runtime ------------------- ....................................................................................................
The ocm-files
OCM-Interpretor:
- http://users.physik.fu-berlin.de/~glaubitz/linux-minidisc/dis-09-02-01.rar - latest version as of May, 2nd 2009
The OCM files (except for init.ocm which contains an extra layer of packing) are interpreted as OCMBytecode
Here is a decode for native code blocks from OCM files. It is severe works-for-me-quality, having at least the following issues:
- It does not name imports from salwrap, it just puts offsets into the import table into a generic name. Check here for some name OCMSalwrapExports
- It is unable to parse named exports
- It does only support the relocation types (mostly direct imports of compiler helper functions) I needed.
The output of the program is an assembler source file (completely unreadable) that is intended to be compiled by the GNU assembler (Win32 port or cross-assembler in linux) and then loaded into a good disassembler, like IDA 4.9 Freeware for example.
Some info about analysing an OCM file can be found in this part of chat log:
These pages show internals of some modules (internal access only)
windowsdlls.1241682975.txt.gz · Last modified: 2009/05/07 07:56 by nopsled