;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;                                                              ;;
;; Copyright (C) KolibriOS team 2004-2009. All rights reserved. ;;
;; Distributed under terms of the GNU General Public License    ;;
;;                                                              ;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

$Revision$


DRV_COMPAT   equ  5  ;minimal required drivers version
DRV_CURRENT  equ  6  ;current drivers model version

DRV_VERSION equ (DRV_COMPAT shl 16) or DRV_CURRENT
PID_KERNEL  equ 1    ;os_idle thread



align 4
proc get_notify stdcall, p_ev:dword

.wait:
	   mov ebx,[current_slot]
	   test dword [ebx+APPDATA.event_mask],EVENT_NOTIFY
	   jz @f
	   and dword [ebx+APPDATA.event_mask], not EVENT_NOTIFY
	   mov edi, [p_ev]
	   mov dword [edi], EV_INTR
	   mov eax, [ebx+APPDATA.event]
	   mov dword [edi+4], eax
	   ret
@@:
	   call change_task
	   jmp .wait
endp

align 4
proc pci_read32 stdcall, bus:dword, devfn:dword, reg:dword
	   push ebx
	   xor eax, eax
	   xor ebx, ebx
	   mov ah, byte [bus]
	   mov al, 6
	   mov bh, byte [devfn]
	   mov bl, byte [reg]
	   call pci_read_reg
	   pop ebx
	   ret
endp

align 4
proc pci_read16 stdcall, bus:dword, devfn:dword, reg:dword
	   push ebx
	   xor eax, eax
	   xor ebx, ebx
	   mov ah, byte [bus]
	   mov al, 5
	   mov bh, byte [devfn]
	   mov bl, byte [reg]
	   call pci_read_reg
	   pop ebx
	   ret
endp

align 4
proc pci_read8 stdcall, bus:dword, devfn:dword, reg:dword
	   push ebx
	   xor eax, eax
	   xor ebx, ebx
	   mov ah, byte [bus]
	   mov al, 4
	   mov bh, byte [devfn]
	   mov bl, byte [reg]
	   call pci_read_reg
	   pop ebx
	   ret
endp

align 4
proc pci_write8 stdcall, bus:dword, devfn:dword, reg:dword, val:dword
	   push ebx
	   xor eax, eax
	   xor ebx, ebx
	   mov ah, byte [bus]
	   mov al, 8
	   mov bh, byte [devfn]
	   mov bl, byte [reg]
	   mov ecx, [val]
	   call pci_write_reg
	   pop ebx
	   ret
endp

align 4
proc pci_write16 stdcall, bus:dword, devfn:dword, reg:dword, val:dword
	   push ebx
	   xor eax, eax
	   xor ebx, ebx
	   mov ah, byte [bus]
	   mov al, 9
	   mov bh, byte [devfn]
	   mov bl, byte [reg]
	   mov ecx, [val]
	   call pci_write_reg
	   pop ebx
	   ret
endp

align 4
proc pci_write32 stdcall, bus:dword, devfn:dword, reg:dword, val:dword
	   push ebx
	   xor eax, eax
	   xor ebx, ebx
	   mov ah, byte [bus]
	   mov al, 10
	   mov bh, byte [devfn]
	   mov bl, byte [reg]
	   mov ecx, [val]
	   call pci_write_reg
	   pop ebx
	   ret
endp

handle	   equ	IOCTL.handle
io_code    equ	IOCTL.io_code
input	   equ	IOCTL.input
inp_size   equ	IOCTL.inp_size
output	   equ	IOCTL.output
out_size   equ	IOCTL.out_size


align 4
proc srv_handler stdcall, ioctl:dword
	   mov esi, [ioctl]
	   test esi, esi
	   jz .err

	   mov edi, [esi+handle]
	   cmp [edi+SRV.magic], ' SRV'
	   jne .fail

       cmp [edi+SRV.size], SRV.sizeof
	   jne .fail

	   stdcall [edi+SRV.srv_proc], esi
	   ret
.fail:
	   xor eax, eax
	   not eax
	   mov [esi+output], eax
	   mov [esi+out_size], 4
	   ret
.err:
	   xor eax, eax
	   not eax
	   ret
endp

; param
;  ecx= io_control
;
; retval
;  eax= error code

align 4
srv_handlerEx:
	   cmp ecx, OS_BASE
	   jae .fail

	   mov eax, [ecx+handle]
	   cmp [eax+SRV.magic], ' SRV'
	   jne .fail

       cmp [eax+SRV.size], SRV.sizeof
	   jne .fail

	   stdcall [eax+SRV.srv_proc], ecx
	   ret
.fail:
	   or eax, -1
	   ret

restore  handle
restore  io_code
restore  input
restore  inp_size
restore  output
restore  out_size

align 4
proc get_service stdcall, sz_name:dword
	   mov eax, [sz_name]
	   test eax, eax
	   jnz @F
	   ret
@@:
	   mov edx, [srv.fd]
@@:
	   cmp edx, srv.fd-SRV_FD_OFFSET
	   je .not_load

	   stdcall strncmp, edx, [sz_name], 16
	   test eax, eax
	   je .ok

	   mov edx, [edx+SRV.fd]
	   jmp @B
.not_load:
	   pop ebp
	   jmp load_driver
.ok:
	   mov eax, edx
	   ret
endp

align 4
proc reg_service stdcall, name:dword, handler:dword

	   push ebx

           xor eax, eax

	   cmp [name], eax
	   je .fail

	   cmp [handler], eax
	   je .fail

       mov eax, SRV.sizeof
       call malloc
	   test eax, eax
	   jz .fail

	   push esi
	   push edi
	   mov edi, eax
	   mov esi, [name]
       movsd
       movsd
       movsd
       movsd
	   pop edi
	   pop esi

	   mov [eax+SRV.magic], ' SRV'
       mov [eax+SRV.size], SRV.sizeof

	   mov ebx, srv.fd-SRV_FD_OFFSET
	   mov edx, [ebx+SRV.fd]
	   mov [eax+SRV.fd], edx
	   mov [eax+SRV.bk], ebx
	   mov [ebx+SRV.fd], eax
	   mov [edx+SRV.bk], eax

	   mov ecx, [handler]
	   mov [eax+SRV.srv_proc], ecx
	   pop ebx
	   ret
.fail:
	   xor eax, eax
           pop ebx
	   ret
endp

align 4
proc get_proc stdcall, exp:dword, sz_name:dword

	   mov edx, [exp]
.next:
	   mov eax, [edx]
	   test eax, eax
	   jz .end

	   push edx
	   stdcall strncmp, eax, [sz_name], 16
	   pop edx
	   test eax, eax
	   jz .ok

	   add edx,8
	   jmp .next
.ok:
	   mov eax, [edx+4]
.end:
	   ret
endp

align 4
proc get_coff_sym stdcall, pSym:dword,count:dword, sz_sym:dword

@@:
	   stdcall strncmp, [pSym], [sz_sym], 8
	   test eax,eax
	   jz .ok
	   add [pSym], 18
	   dec [count]
	   jnz @b
	   xor eax, eax
	   ret
.ok:
	   mov eax, [pSym]
	   mov eax, [eax+8]
	   ret
endp

align 4
proc get_curr_task
	   mov eax,[CURRENT_TASK]
	   shl eax, 8
	   ret
endp

align 4
proc get_fileinfo stdcall, file_name:dword, info:dword
	   locals
	     cmd     dd ?
	     offset  dd ?
		     dd ?
	     count   dd ?
	     buff    dd ?
		     db ?
	     name    dd ?
	   endl

	   xor eax, eax
	   mov ebx, [file_name]
	   mov ecx, [info]

	   mov [cmd], 5
	   mov [offset], eax
	   mov [offset+4], eax
	   mov [count], eax
	   mov [buff], ecx
	   mov byte [buff+4], al
	   mov [name], ebx

	   mov eax, 70
	   lea ebx, [cmd]
	   int 0x40
	   ret
endp

align 4
proc read_file stdcall,file_name:dword, buffer:dword, off:dword,\
				     bytes:dword
	   locals
	     cmd     dd ?
	     offset  dd ?
		     dd ?
	     count   dd ?
	     buff    dd ?
		     db ?
	     name    dd ?
	   endl

	   xor eax, eax
	   mov ebx, [file_name]
	   mov ecx, [off]
	   mov edx, [bytes]
	   mov esi, [buffer]

	   mov [cmd], eax
	   mov [offset], ecx
	   mov [offset+4], eax
	   mov [count], edx
	   mov [buff], esi
	   mov byte [buff+4], al
	   mov [name], ebx

	   pushad
	   lea ebx, [cmd]
	   call file_system_lfn
	   popad
	   ret
endp

; description
;  allocate kernel memory and loads the specified file
;
; param
;  file_name= full path to file
;
; retval
;  eax= file image in kernel memory
;  ebx= size of file
;
; warging
;  You mast call kernel_free() to delete each file
;  loaded by the load_file() function

align 4
proc load_file stdcall, file_name:dword
	   locals
	     attr	dd ?
	     flags	dd ?
	     cr_time	dd ?
	     cr_date	dd ?
	     acc_time	dd ?
	     acc_date	dd ?
	     mod_time	dd ?
	     mod_date	dd ?
	     file_size	dd ?

	     file	dd ?
	     file2	dd ?
	   endl

	   push esi
	   push edi

	   lea eax, [attr]
	   stdcall get_fileinfo, [file_name], eax
	   test eax, eax
	   jnz .fail

	   mov eax, [file_size]
	   cmp eax, 1024*1024*16
	   ja .fail

	   stdcall kernel_alloc, [file_size]
	   mov [file], eax
       test eax, eax
       jz .fail

	   stdcall read_file, [file_name], eax, dword 0, [file_size]
	   cmp ebx, [file_size]
	   jne .cleanup

	   mov eax, [file]
	   cmp dword [eax], 0x4B43504B
	   jne .exit
	   mov ebx, [eax+4]
	   mov [file_size], ebx
	   stdcall kernel_alloc, ebx

	   test eax, eax
	   jz .cleanup

	   mov [file2], eax
       pushfd
       cli
	   stdcall unpack, [file], eax
       popfd
	   stdcall kernel_free, [file]
	   mov eax, [file2]
	   mov ebx, [file_size]
.exit:
	   push eax
	   lea edi, [eax+ebx]	  ;cleanup remain space
	   mov ecx, 4096	  ;from file end
	   and ebx, 4095
	   jz  @f
	   sub ecx, ebx
	   xor eax, eax
	   cld
	   rep stosb
@@:
	   mov ebx, [file_size]
	   pop eax
	   pop edi
	   pop esi
	   ret
.cleanup:
	   stdcall kernel_free, [file]
.fail:
	   xor eax, eax
	   xor ebx, ebx
	   pop edi
	   pop esi
	   ret
endp

align 4
proc get_proc_ex stdcall, proc_name:dword, imports:dword

.look_up:
	   mov edx, [imports]
	   test edx, edx
	   jz .end
	   mov edx, [edx]
	   test edx, edx
	   jz .end
.next:
	   mov eax, [edx]
	   test eax, eax
	   jz .next_table

	   push edx
       stdcall strncmp, eax, [proc_name], 256
	   pop edx
	   test eax, eax
	   jz .ok

	   add edx,8
	   jmp .next
.next_table:
	   add [imports], 4
	   jmp .look_up
.ok:
	   mov eax, [edx+4]
	   ret
.end:
	   xor eax, eax
	   ret
endp

align 4
proc fix_coff_symbols stdcall uses ebx esi, sec:dword, symbols:dword,\
		      sym_count:dword, strings:dword, imports:dword
	   locals
	     retval dd ?
	   endl

	   mov edi, [symbols]
	   mov [retval], 1
.fix:
	   movzx ebx, [edi+CSYM.SectionNumber]
	   test ebx, ebx
	   jnz .internal
	   mov eax, dword [edi+CSYM.Name]
	   test eax, eax
	   jnz @F

	   mov edi, [edi+4]
	   add edi, [strings]
@@:
	   push edi
	   stdcall get_proc_ex, edi,[imports]
	   pop edi

	   xor ebx, ebx
	   test eax, eax
	   jnz @F

	   mov esi, msg_unresolved
	   call sys_msg_board_str
	   mov esi, edi
	   call sys_msg_board_str
	   mov esi, msg_CR
	   call sys_msg_board_str

	   mov [retval],0
@@:
	   mov edi, [symbols]
	   mov [edi+CSYM.Value], eax
	   jmp .next
.internal:
	   cmp bx, -1
	   je .next
	   cmp bx, -2
	   je .next

	   dec ebx
	   shl ebx, 3
	   lea ebx, [ebx+ebx*4]
	   add ebx, [sec]

	   mov eax, [ebx+CFS.VirtualAddress]
	   add [edi+CSYM.Value], eax
.next:
	   add edi, CSYM_SIZE
	   mov [symbols], edi
	   dec [sym_count]
	   jnz .fix
	   mov eax, [retval]
	   ret
endp

align 4
proc fix_coff_relocs stdcall uses ebx esi, coff:dword, sym:dword, \
	delta:dword
	   locals
	     n_sec     dd ?
	   endl

	   mov eax, [coff]
	   movzx ebx, [eax+CFH.nSections]
	   mov [n_sec], ebx
	   lea esi, [eax+20]
.fix_sec:
	   mov edi, [esi+CFS.PtrReloc]
	   add edi, [coff]

	   movzx ecx, [esi+CFS.NumReloc]
	   test ecx, ecx
	   jz .next
.reloc_loop:
	   mov ebx, [edi+CRELOC.SymIndex]
	   add ebx,ebx
	   lea ebx,[ebx+ebx*8]
	   add ebx, [sym]

	   mov edx, [ebx+CSYM.Value]

	   cmp [edi+CRELOC.Type], 6
	   je .dir_32

	   cmp [edi+CRELOC.Type], 20
	   jne .next_reloc
.rel_32:
	   mov eax, [edi+CRELOC.VirtualAddress]
	   add eax, [esi+CFS.VirtualAddress]
	   sub edx, eax
	   sub edx, 4
	   jmp .fix
.dir_32:
	   mov eax, [edi+CRELOC.VirtualAddress]
	   add eax, [esi+CFS.VirtualAddress]
.fix:
	   add eax, [delta]
	   add [eax], edx
.next_reloc:
	   add edi, 10
	   dec ecx
	   jnz .reloc_loop
.next:
	   add esi, COFF_SECTION_SIZE
	   dec [n_sec]
	   jnz .fix_sec
.exit:
	   ret
endp

align 4
proc rebase_coff stdcall uses ebx esi, coff:dword, sym:dword, \
	delta:dword
	   locals
	     n_sec     dd ?
	   endl

	   mov eax, [coff]
	   movzx ebx, [eax+CFH.nSections]
	   mov [n_sec], ebx
	   lea esi, [eax+20]
	   mov edx, [delta]
.fix_sec:
	   mov edi, [esi+CFS.PtrReloc]
	   add edi, [coff]

	   movzx ecx, [esi+CFS.NumReloc]
	   test ecx, ecx
	   jz .next
.reloc_loop:
	   cmp [edi+CRELOC.Type], 6
	   jne .next_reloc
.dir_32:
	   mov eax, [edi+CRELOC.VirtualAddress]
	   add eax, [esi+CFS.VirtualAddress]
	   add [eax+edx], edx
.next_reloc:
	   add edi, 10
	   dec ecx
	   jnz .reloc_loop
.next:
	   add esi, COFF_SECTION_SIZE
	   dec [n_sec]
	   jnz .fix_sec
.exit:
	   ret
endp

align 4
proc load_driver stdcall, driver_name:dword
	   locals
	     coff      dd ?
	     sym       dd ?
	     strings   dd ?
	     img_size  dd ?
	     img_base  dd ?
	     start     dd ?

	     exports   dd ?   ;fake exports table
		       dd ?
	     file_name rb 13+16+4+1	 ; '/sys/drivers/<up-to-16-chars>.obj'
	   endl

	   lea	   edx, [file_name]
	   mov	   dword [edx], '/sys'
	   mov	   dword [edx+4], '/dri'
	   mov	   dword [edx+8], 'vers'
	   mov	   byte [edx+12], '/'
	   mov	   esi, [driver_name]
.redo:
           lea     edx, [file_name]
	   lea	   edi, [edx+13]
	   mov	   ecx, 16
@@:
	   lodsb
	   test    al, al
	   jz	   @f
	   stosb
	   loop    @b
@@:
	   mov	   dword [edi], '.obj'
	   mov	   byte [edi+4], 0
	   stdcall load_file, edx

	   test eax, eax
	   jz .exit

	   mov [coff], eax

	   movzx ecx, [eax+CFH.nSections]
	   xor ebx, ebx

	   lea edx, [eax+20]
@@:
	   add ebx, [edx+CFS.SizeOfRawData]
	   add ebx, 15
	   and ebx, not 15
	   add edx, COFF_SECTION_SIZE
	   dec ecx
	   jnz @B
	   mov [img_size], ebx

	   stdcall kernel_alloc, ebx
	   test eax, eax
	   jz .fail
	   mov [img_base], eax

	   mov edi, eax
	   xor eax, eax
	   mov ecx, [img_size]
	   add ecx, 4095
	   and ecx, not 4095
	   shr ecx, 2
	   cld
	   rep stosd

	   mov edx, [coff]
	   movzx ebx, [edx+CFH.nSections]
	   mov edi, [img_base]
	   lea eax, [edx+20]
@@:
	   mov [eax+CFS.VirtualAddress], edi
	   mov esi, [eax+CFS.PtrRawData]
	   test esi, esi
	   jnz .copy
	   add edi, [eax+CFS.SizeOfRawData]
	   jmp .next
.copy:
	   add esi, edx
	   mov ecx, [eax+CFS.SizeOfRawData]
	   cld
	   rep movsb
.next:
	   add edi, 15
	   and edi, not 15
	   add eax, COFF_SECTION_SIZE
	   dec ebx
	   jnz @B

	   mov ebx, [edx+CFH.pSymTable]
	   add ebx, edx
	   mov [sym], ebx
	   mov ecx, [edx+CFH.nSymbols]
	   add ecx,ecx
	   lea ecx,[ecx+ecx*8] ;ecx*=18 = nSymbols*CSYM_SIZE
	   add ecx, [sym]
	   mov [strings], ecx

	   lea ebx, [exports]
	   mov dword [ebx], kernel_export
	   mov dword [ebx+4], 0
	   lea eax, [edx+20]

	   stdcall fix_coff_symbols, eax, [sym], [edx+CFH.nSymbols],\
				     [strings], ebx
	   test eax, eax
	   jz .link_fail

	   mov ebx, [coff]
	   stdcall fix_coff_relocs, ebx, [sym], 0

	   stdcall get_coff_sym,[sym],[ebx+CFH.nSymbols],szVersion
	   test eax, eax
	   jz .link_fail

	   mov eax, [eax]
	   shr eax, 16
	   cmp eax, DRV_COMPAT
	   jb .ver_fail

	   cmp eax, DRV_CURRENT
	   ja .ver_fail

	   mov ebx, [coff]
	   stdcall get_coff_sym,[sym],[ebx+CFH.nSymbols],szSTART
	   mov [start], eax

	   stdcall kernel_free, [coff]

	   mov ebx, [start]
	   stdcall ebx, DRV_ENTRY
	   test eax, eax
	   jnz .ok

	   stdcall kernel_free, [img_base]
           cmp     dword [file_name+13], 'SOUN'
           jnz     @f
           cmp     dword [file_name+17], 'D.ob'
           jnz     @f
           cmp     word [file_name+21], 'j'
           jnz     @f
           mov     esi, aSis
           jmp     .redo
@@:
	   xor eax, eax
	   ret
.ok:
	   mov ebx, [img_base]
	   mov [eax+SRV.base], ebx
	   mov ecx, [start]
	   mov [eax+SRV.entry], ecx
	   ret

.ver_fail:
	   mov esi, msg_CR
	   call sys_msg_board_str
	   mov esi, [driver_name]
	   call sys_msg_board_str
	   mov esi, msg_CR
	   call sys_msg_board_str
	   mov esi, msg_version
	   call sys_msg_board_str
	   mov esi, msg_www
	   call sys_msg_board_str
	   jmp .cleanup

.link_fail:
	   mov esi, msg_module
	   call sys_msg_board_str
	   mov esi, [driver_name]
	   call sys_msg_board_str
	   mov esi, msg_CR
	   call sys_msg_board_str
.cleanup:
	   stdcall kernel_free,[img_base]
.fail:
	   stdcall kernel_free, [coff]
.exit:
	   xor eax, eax
	   ret
endp

; in: edx -> COFF_SECTION struct
; out: eax = alignment as mask for bits to drop
coff_get_align:
; Rules:
; - if alignment is not given, use default = 4K;
; - if alignment is given and is no more than 4K, use it;
; - if alignment is more than 4K, revert to 4K.
	push	ecx
	mov	cl, byte [edx+CFS.Characteristics+2]
	mov	eax, 1
	shr	cl, 4
	dec	cl
	js	.default
	cmp	cl, 12
	jbe	@f
.default:
	mov	cl, 12
@@:
	shl	eax, cl
	pop	ecx
	dec	eax
	ret

align 4
proc load_library stdcall, file_name:dword
	   locals
	     fullname  rb 260
	     fileinfo  rb 40
	     coff      dd ?
	     img_base  dd ?
	   endl

	   cli

; resolve file name
	   mov ebx, [file_name]
	   lea edi, [fullname+1]
	   mov byte [edi-1], '/'
	   stdcall get_full_file_name, edi, 259
	   test al, al
	   jz .fail

; scan for required DLL in list of already loaded for this process,
; ignore timestamp
	   mov esi, [CURRENT_TASK]
	   shl esi, 8
	   lea edi, [fullname]
	   mov ebx, [esi+SLOT_BASE+APPDATA.dlls_list_ptr]
	   test ebx, ebx
	   jz  .not_in_process
	   mov esi, [ebx+HDLL.fd]
.scan_in_process:
	   cmp esi, ebx
	   jz .not_in_process
	   mov eax, [esi+HDLL.parent]
	   add eax, DLLDESCR.name
	   stdcall strncmp, eax, edi, -1
	   test eax, eax
	   jnz .next_in_process
; simple variant: load DLL which is already loaded in this process
; just increment reference counters and return address of exports table
	   inc [esi+HDLL.refcount]
	   mov ecx, [esi+HDLL.parent]
	   inc [ecx+DLLDESCR.refcount]
	   mov eax, [ecx+DLLDESCR.exports]
	   sub eax, [ecx+DLLDESCR.defaultbase]
	   add eax, [esi+HDLL.base]
	   ret
.next_in_process:
	   mov esi, [esi+HDLL.fd]
	   jmp .scan_in_process
.not_in_process:

; scan in full list, compare timestamp
	   lea eax, [fileinfo]
	   stdcall get_fileinfo, edi, eax
	   test eax, eax
	   jnz .fail
	   mov esi, [dll_list.fd]
.scan_for_dlls:
	   cmp esi, dll_list
	   jz .load_new
	   lea eax, [esi+DLLDESCR.name]
	   stdcall strncmp, eax, edi, -1
	   test eax, eax
	   jnz .continue_scan
.test_prev_dll:
	   mov eax, dword [fileinfo+24]	; last modified time
	   mov edx, dword [fileinfo+28]	; last modified date
	   cmp dword [esi+DLLDESCR.timestamp], eax
	   jnz .continue_scan
	   cmp dword [esi+DLLDESCR.timestamp+4], edx
	   jz .dll_already_loaded
.continue_scan:
	   mov esi, [esi+DLLDESCR.fd]
	   jmp .scan_for_dlls

; new DLL
.load_new:
; load file
	   stdcall load_file, edi
	   test eax, eax
	   jz .fail
	   mov [coff], eax
	   mov dword [fileinfo+32], ebx

; allocate DLLDESCR struct; size is DLLDESCR.sizeof plus size of DLL name
	   mov esi, edi
	   mov ecx, -1
	   xor eax, eax
	   repnz scasb
	   not ecx
	   lea eax, [ecx+DLLDESCR.sizeof]
	   push ecx
	   call malloc
	   pop ecx
	   test eax, eax
	   jz .fail_and_free_coff
; save timestamp
	   lea edi, [eax+DLLDESCR.name]
	   rep movsb
	   mov esi, eax
	   mov eax, dword [fileinfo+24]
	   mov dword [esi+DLLDESCR.timestamp], eax
	   mov eax, dword [fileinfo+28]
	   mov dword [esi+DLLDESCR.timestamp+4], eax
; initialize DLLDESCR struct
	   and dword [esi+DLLDESCR.refcount], 0 ; no HDLLs yet; later it will be incremented
	   mov [esi+DLLDESCR.fd], dll_list
	   mov eax, [dll_list.bk]
	   mov [dll_list.bk], esi
	   mov [esi+DLLDESCR.bk], eax
	   mov [eax+DLLDESCR.fd], esi

; calculate size of loaded DLL
	   mov edx, [coff]
	   movzx ecx, [edx+CFH.nSections]
	   xor ebx, ebx

	   add edx, 20
@@:
	   call coff_get_align
	   add ebx, eax
	   not eax
	   and ebx, eax
	   add ebx, [edx+CFS.SizeOfRawData]
	   add edx, COFF_SECTION_SIZE
	   dec ecx
	   jnz @B
; it must be nonzero and not too big
	   mov [esi+DLLDESCR.size], ebx
	   test ebx, ebx
	   jz .fail_and_free_dll
	   cmp ebx, MAX_DEFAULT_DLL_ADDR-MIN_DEFAULT_DLL_ADDR
	   ja .fail_and_free_dll
; allocate memory for kernel-side image
	   stdcall kernel_alloc, ebx
	   test eax, eax
	   jz .fail_and_free_dll
	   mov [esi+DLLDESCR.data], eax
; calculate preferred base address
	   add ebx, 0x1FFF
	   and ebx, not 0xFFF
	   mov ecx, [dll_cur_addr]
	   lea edx, [ecx+ebx]
	   cmp edx, MAX_DEFAULT_DLL_ADDR
	   jb @f
	   mov ecx, MIN_DEFAULT_DLL_ADDR
	   lea edx, [ecx+ebx]
@@:
	   mov [esi+DLLDESCR.defaultbase], ecx
	   mov [dll_cur_addr], edx

; copy sections and set correct values for VirtualAddress'es in headers
	   push esi
	   mov edx, [coff]
	   movzx ebx, [edx+CFH.nSections]
	   mov edi, eax
	   add edx, 20
	   cld
@@:
	   call coff_get_align
	   add ecx, eax
	   add edi, eax
	   not eax
	   and ecx, eax
	   and edi, eax
	   mov [edx+CFS.VirtualAddress], ecx
	   add ecx, [edx+CFS.SizeOfRawData]
	   mov esi, [edx+CFS.PtrRawData]
	   push ecx
	   mov ecx, [edx+CFS.SizeOfRawData]
	   test esi, esi
	   jnz .copy
	   xor eax, eax
	   rep stosb
	   jmp .next
.copy:
	   add esi, [coff]
	   rep movsb
.next:
           pop ecx
	   add edx, COFF_SECTION_SIZE
	   dec ebx
	   jnz @B
	   pop esi

; save some additional data from COFF file
; later we will use COFF header, headers for sections and symbol table
; and also relocations table for all sections
	   mov edx, [coff]
	   mov ebx, [edx+CFH.pSymTable]
	   mov edi, dword [fileinfo+32]
	   sub edi, ebx
	   jc .fail_and_free_data
	   mov [esi+DLLDESCR.symbols_lim], edi
	   add ebx, edx
	   movzx ecx, [edx+CFH.nSections]
	   lea ecx, [ecx*5]
	   lea edi, [edi+ecx*8+20]
	   add edx, 20
@@:
	   movzx eax, [edx+CFS.NumReloc]
	   lea eax, [eax*5]
	   lea edi, [edi+eax*2]
	   add edx, COFF_SECTION_SIZE
	   sub ecx, 5
	   jnz @b
	   stdcall kernel_alloc, edi
	   test eax, eax
	   jz  .fail_and_free_data
	   mov edx, [coff]
	   movzx ecx, [edx+CFH.nSections]
	   lea ecx, [ecx*5]
	   lea ecx, [ecx*2+5]
	   mov [esi+DLLDESCR.coff_hdr], eax
	   push esi
	   mov esi, edx
	   mov edi, eax
	   rep movsd
	   pop esi
	   mov [esi+DLLDESCR.symbols_ptr], edi
	   push esi
	   mov ecx, [edx+CFH.nSymbols]
	   mov [esi+DLLDESCR.symbols_num], ecx
	   mov ecx, [esi+DLLDESCR.symbols_lim]
	   mov esi, ebx
	   rep movsb
	   pop esi
	   mov ebx, [esi+DLLDESCR.coff_hdr]
	   push esi
	   movzx eax, [edx+CFH.nSections]
	   lea edx, [ebx+20]
@@:
           movzx ecx, [edx+CFS.NumReloc]
           lea ecx, [ecx*5]
           mov esi, [edx+CFS.PtrReloc]
           mov [edx+CFS.PtrReloc], edi
           sub [edx+CFS.PtrReloc], ebx
           add esi, [coff]
           shr ecx, 1
           rep movsd
           adc ecx, ecx
           rep movsw
           add edx, COFF_SECTION_SIZE
           dec eax
           jnz @b
	   pop esi

; fixup symbols
	   mov edx, ebx
	   mov eax, [ebx+CFH.nSymbols]
	   add edx, 20
	   mov ecx, [esi+DLLDESCR.symbols_num]
	   lea ecx, [ecx*9]
	   add ecx, ecx
	   add ecx, [esi+DLLDESCR.symbols_ptr]

	   stdcall fix_coff_symbols, edx, [esi+DLLDESCR.symbols_ptr], eax,\
				     ecx, 0
;	   test eax, eax
;	   jnz @F
;
;@@:

	   stdcall get_coff_sym,[esi+DLLDESCR.symbols_ptr],[ebx+CFH.nSymbols],szEXPORTS
	   test eax, eax
	   jnz @F

	   stdcall get_coff_sym,[esi+DLLDESCR.symbols_ptr],[ebx+CFH.nSymbols],sz_EXPORTS
@@:
	   mov [esi+DLLDESCR.exports], eax

; fix relocs in the hidden copy in kernel memory to default address
; it is first fix; usually this will be enough, but second fix
; can be necessary if real load address will not equal assumption
	   mov eax, [esi+DLLDESCR.data]
	   sub eax, [esi+DLLDESCR.defaultbase]
	   stdcall fix_coff_relocs, ebx, [esi+DLLDESCR.symbols_ptr], eax

	   stdcall kernel_free, [coff]

.dll_already_loaded:
	   inc [esi+DLLDESCR.refcount]
	   push esi
	   call init_heap
	   pop  esi

	   mov edi, [esi+DLLDESCR.size]
	   stdcall user_alloc_at, [esi+DLLDESCR.defaultbase], edi
	   test eax, eax
	   jnz @f
	   stdcall user_alloc, edi
	   test eax, eax
	   jz  .fail_and_dereference
@@:
	   mov [img_base], eax
	   mov eax, HDLL.sizeof
	   call malloc
	   test eax, eax
	   jz  .fail_and_free_user
	   mov ebx, [CURRENT_TASK]
	   shl ebx, 5
	   mov edx, [CURRENT_TASK+ebx+TASKDATA.pid]
	   mov [eax+HDLL.pid], edx
	   push eax
	   call init_dlls_in_thread
	   pop  ebx
	   test eax, eax
	   jz  .fail_and_free_user
	   mov edx, [eax+HDLL.fd]
	   mov [ebx+HDLL.fd], edx
	   mov [ebx+HDLL.bk], eax
	   mov [eax+HDLL.fd], ebx
	   mov [edx+HDLL.bk], ebx
	   mov eax, ebx
	   mov ebx, [img_base]
	   mov [eax+HDLL.base], ebx
	   mov [eax+HDLL.size], edi
	   mov [eax+HDLL.refcount], 1
	   mov [eax+HDLL.parent], esi
	   mov edx, ebx
	   shr edx, 12
	   or dword [page_tabs+(edx-1)*4], DONT_FREE_BLOCK
; copy entries of page table from kernel-side image to usermode
; use copy-on-write for user-mode image, so map as readonly
	   xor edi, edi
	   mov ecx, [esi+DLLDESCR.data]
	   shr ecx, 12
.map_pages_loop:
	   mov eax, [page_tabs+ecx*4]
	   and eax, not 0xFFF
	   or al, PG_USER
	   xchg eax, [page_tabs+edx*4]
	   test al, 1
	   jz @f
	   call free_page
@@:
	   invlpg [ebx+edi]
	   inc ecx
	   inc edx
	   add edi, 0x1000
	   cmp edi, [esi+DLLDESCR.size]
	   jb .map_pages_loop

; if real user-mode base is not equal to preferred base, relocate image
	   sub ebx, [esi+DLLDESCR.defaultbase]
	   jz @f
	   stdcall rebase_coff, [esi+DLLDESCR.coff_hdr], [esi+DLLDESCR.symbols_ptr], ebx
@@:

	   mov eax, [esi+DLLDESCR.exports]
	   sub eax, [esi+DLLDESCR.defaultbase]
	   add eax, [img_base]
	   ret
.fail_and_free_data:
	   stdcall kernel_free, [esi+DLLDESCR.data]
.fail_and_free_dll:
	   mov eax, esi
	   call free
.fail_and_free_coff:
	   stdcall kernel_free, [coff]
.fail:
	   xor eax, eax
	   ret
.fail_and_free_user:
	   stdcall user_free, [img_base]
.fail_and_dereference:
	   mov eax, 1	; delete 1 reference
	   call dereference_dll
	   xor eax, eax
	   ret
endp

; initialize [APPDATA.dlls_list_ptr] for given thread
; DLL is per-process object, so APPDATA.dlls_list_ptr must be
; kept in sync for all threads of one process.
; out: eax = APPDATA.dlls_list_ptr if all is OK,
; NULL if memory allocation failed
init_dlls_in_thread:
	mov	ebx, [current_slot]
	mov	eax, [ebx+APPDATA.dlls_list_ptr]
	test	eax, eax
	jnz	.ret
	push	[ebx+APPDATA.dir_table]
	mov	eax, 8
	call	malloc
	pop	edx
	test	eax, eax
	jz	.ret
	mov	[eax], eax
	mov	[eax+4], eax
	mov	ecx, [TASK_COUNT]
	mov	ebx, SLOT_BASE+256
.set:
	cmp	[ebx+APPDATA.dir_table], edx
	jnz	@f
	mov	[ebx+APPDATA.dlls_list_ptr], eax
@@:
	add	ebx, 256
	dec	ecx
	jnz	.set
.ret:
	ret

; in: eax = number of references to delete, esi -> DLLDESCR struc
dereference_dll:
	sub	[esi+DLLDESCR.refcount], eax
	jnz	.ret
	mov	eax, [esi+DLLDESCR.fd]
	mov	edx, [esi+DLLDESCR.bk]
	mov	[eax+DLLDESCR.bk], edx
	mov	[edx+DLLDESCR.fd], eax
	stdcall	kernel_free, [esi+DLLDESCR.coff_hdr]
	stdcall	kernel_free, [esi+DLLDESCR.data]
	mov	eax, esi
	call	free
.ret:
	ret

destroy_hdll:
	push	ebx ecx esi edi
	push	eax
	mov	ebx, [eax+HDLL.base]
	mov	esi, [eax+HDLL.parent]
	mov	edx, [esi+DLLDESCR.size]
; The following actions require the context of application where HDLL is mapped.
; However, destroy_hdll can be called in the context of OS thread when
; cleaning up objects created by the application which is destroyed.
; So remember current cr3 and set it to page table of target.
	mov	eax, [ecx+APPDATA.dir_table]
; Because we cheat with cr3, disable interrupts: task switch would restore
; page table from APPDATA of current thread.
; Also set [current_slot] because it is used by user_free.
	pushf
	cli
	push	[current_slot]
	mov	[current_slot], ecx
	mov	ecx, cr3
	push	ecx
	mov	cr3, eax
	push	ebx	; argument for user_free
	mov	eax, ebx
	shr	ebx, 12
	push	ebx
	mov	esi, [esi+DLLDESCR.data]
	shr	esi, 12
.unmap_loop:
	push	eax
	mov	eax, 2
	xchg	eax, [page_tabs+ebx*4]
	mov	ecx, [page_tabs+esi*4]
	and	eax, not 0xFFF
	and	ecx, not 0xFFF
	cmp	eax, ecx
	jz	@f
	call	free_page
@@:
	pop	eax
	invlpg	[eax]
	add	eax, 0x1000
	inc	ebx
	inc	esi
	sub	edx, 0x1000
	ja	.unmap_loop
	pop	ebx
	and	dword [page_tabs+(ebx-1)*4], not DONT_FREE_BLOCK
	call	user_free
; Restore context.
	pop	eax
	mov	cr3, eax
	pop	[current_slot]
	popf
; Ok, cheating is done.
	pop	eax
	push	eax
	mov	esi, [eax+HDLL.parent]
	mov	eax, [eax+HDLL.refcount]
	call	dereference_dll
	pop	eax
	mov	edx, [eax+HDLL.bk]
	mov	ebx, [eax+HDLL.fd]
	mov	[ebx+HDLL.bk], edx
	mov	[edx+HDLL.fd], ebx
	call	free
	pop	edi esi ecx ebx
	ret

; ecx -> APPDATA for slot, esi = dlls_list_ptr
destroy_all_hdlls:
	test	esi, esi
	jz	.ret
.loop:
	mov	eax, [esi+HDLL.fd]
	cmp	eax, esi
	jz	free
	call	destroy_hdll
	jmp	.loop
.ret:
	ret

align 4
stop_all_services:
       push ebp
	   mov edx, [srv.fd]
.next:
	   cmp edx,  srv.fd-SRV_FD_OFFSET
	   je .done
	   cmp [edx+SRV.magic], ' SRV'
	   jne .next
       cmp [edx+SRV.size], SRV.sizeof
	   jne .next

	   mov ebx, [edx+SRV.entry]
	   mov edx, [edx+SRV.fd]
	   test ebx, ebx
	   jz .next

	   push edx
       mov ebp, esp
       push  0
       push -1
       call ebx
       mov esp, ebp
	   pop edx
	   jmp .next
.done:
       pop ebp
	   ret

; param
;  eax= size
;  ebx= pid

align 4
create_kernel_object:

	   push ebx
	   call malloc
	   pop ebx
	   test eax, eax
	   jz .fail

	   mov ecx,[current_slot]
	   add ecx, APP_OBJ_OFFSET

	   pushfd
	   cli
	   mov edx, [ecx+APPOBJ.fd]
	   mov [eax+APPOBJ.fd], edx
	   mov [eax+APPOBJ.bk], ecx
	   mov [eax+APPOBJ.pid], ebx

	   mov [ecx+APPOBJ.fd], eax
	   mov [edx+APPOBJ.bk], eax
	   popfd
.fail:
	   ret

; param
;  eax= object

align 4
destroy_kernel_object:

	   pushfd
	   cli
	   mov ebx, [eax+APPOBJ.fd]
	   mov ecx, [eax+APPOBJ.bk]
	   mov [ebx+APPOBJ.bk], ecx
	   mov [ecx+APPOBJ.fd], ebx
	   popfd

	   xor edx, edx        ;clear common header
	   mov [eax], edx
	   mov [eax+4], edx
	   mov [eax+8], edx
	   mov [eax+12], edx
	   mov [eax+16], edx

	   call free	       ;release object memory
	   ret