// cl /Zi /D_NO_WINDOWS /D_NO_RAPI /EHsc /I ..\common /DW32TST atcmdmon.cpp ..\common\debug.cpp ..\common\stringutils.cpp ..\common\vectorutils.cpp  /link /subsystem:console
// 

// todo: find shared memory buffers through buffer alloc info at 0x1f000d0 ( item #2 )
// and names from item #0x0d (0x1f0b970)
//
//
// drivers involved:
//    smem.dll
#include  <windows.h>

#ifndef W32TST
#include  "cenk.h"
#include  "kernelmisc.h"
#endif

#include  "vectorutils.h"
#include  "stringutils.h"
#include "debug.h"
#include "deviceinfo.h"

// diamond2 support - 
//   0000d9b8 00004000  item#0157  CONTROL
//   000119e0 00004000  item#0154  RPCCALL
//   00015a08 00010000  item#0153  DIAG
//   00025a30 00004000  item#016D  GPSNMEA
//   00029a58 00004000  item#0152  DS
//   0002da80 00010000  item#0159  DATA1
//   0003daa8 00010000  item#015A  DATA2
//   0004dad0 00010000  item#015B  DATA3
//   0005daf8 00004000  item#0161  DATA9
// -> can't use bufbase + bufsize*index anymore, buffers are varying sizes
//

/*  diamond shared mem layout
 *
 * see also:
/Users/itsme-plain/phones/htc_diamond/devices/dutch/hex-phys01f.txt

/Users/itsme-plain/phones/htc_diamond/devices/dutch/about-smem.txt
/Users/itsme-plain/phones/htc_diamondpro/devices/sharedmem-dump.txt
 *
8a0000d0 0000: 00000001 00000000 00000040 00000000
8a000100 0003: 00000001 00000040 00000080 00000000
8a0000e0 0001: 00000001 000000c0 00000010 00000000  -- alloc info
8a0000f0 0002: 00000001 000000d0 00000800 00000000  -- alloc list
8a000110 0004: 00000001 000008d0 00000008 00000000
8a000120 0005: 00000001 000008d8 00000004 00000000
8a000130 0006: 00000001 000008dc 000000c8 00000000
8a000140 0007: 00000001 000009a4 00000020 00000000  -- locks
8a000150 0008: 00000001 000009c4 00000004 00000000
8a000770 006a: 00000001 000009c8 00000008 00000000
8a0006f0 0062: 00000001 000009d0 00000258 00000000
8a000620 0055: 00000001 00000c28 00000010 00000000   'A11' .. 'A9'
8a000630 0056: 00000001 00000c38 00000010 00000000   SMSM_INT_INFO
8a000640 0057: 00000001 00000c48 00000008 00000000   SMSM_SLEEP_DELAY
8a000650 0058: 00000001 00000c50 00000008 00000000   SMSM_LIMIT_SLEEP
8a000190 000c: 00000001 00000c58 00000010 00000000
8a0006a0 005d: 00000001 00000c68 00000070 00000000   gpio_int
8a0005c0 004f: 00000001 00000cd8 00009c40 00000000
8a0005b0 004e: 00000001 0000a918 00000008 00000000
8a0005e0 0051: 00000001 0000a920 00000bb8 00000000
8a0005d0 0050: 00000001 0000b4d8 00000008 00000000
8a000600 0053: 00000001 0000b4e0 00000008 00000000
8a000660 0059: 00000001 0000b4e8 00000008 00000000
8a000710 0064: 00000001 0000b4f0 00000480 00000000
8a0001a0 000d: 00000001 0000b970 00000800 00000000  -- name list

8a000200 0013: 00000001 0000c170 00004028 00000000  8a00ba10 0013: CONTROL.........................
8a0001d0 0010: 00000001 00010198 00004028 00000000  8a00b9b0 0010: RPCCALL.........................
8a0002c0 001f: 00000001 000141c0 00004028 00000000  ?
8a000360 0029: 00000001 000181e8 00004028 00000000  8a00bcd0 0029: GPSNMEA.........................
8a0001b0 000e: 00000001 0001c210 00004028 00000000  8a00b970 000e: DS..............................
8a000220 0015: 00000001 00020238 00004028 00000000  8a00ba50 0015: DATA1...........................
8a000230 0016: 00000001 00024260 00004028 00000000  8a00ba70 0016: DATA2...........................
8a000240 0017: 00000001 00028288 00004028 00000000  8a00ba90 0017: DATA3...........................
8a0002a0 001d: 00000001 0002c2b0 00004028 00000000  8a00bb50 001d: DATA9...........................
8a0002b0 001e: 00000001 000302d8 00004028 00000000  8a00bb90 001f: DATA11..........................
*/

// offset 0xc0, toc-item 0x01
struct alloc_info {
    uint32_t flag;
    uint32_t usedspace;
    uint32_t freespace;
    uint32_t reserved;
};

// offset 0x00d0, toc-item 0x02
struct toc_entry {
    uint32_t used;
    uint32_t offset;
    uint32_t size;
    uint32_t reserved;
};

// offset 0xd090,  toc-item 0x0d
struct streamname {
    char name[20];
    uint32_t ix;        // equals in
    char reserved[8];
    uint32_t flag;
};

// offset 0xcc00, toc-item 0x64
struct devicename {
    char name[9];
};

static int g_devtype=-1;

inline DWORD read_dword(DWORD ofs)
{
    return *(DWORD*)ofs;
}
inline std::string read_string(DWORD ofs)
{
    std::string str;
    char *p= (char*)ofs;
    while (*p)
        str += *p++;
    return str;
}
template <typename T>
void read_mem(DWORD ofs, DWORD size, T &buf)
{
    buf.resize(size/sizeof(T::value_type));
    memcpy(vectorptr(buf), (void*)ofs, size);
}
const char*bufname(int i)
{
    if (g_devtype==HTC_KAISER)
    switch(i)
    {
        case 0:    return "atcmd:req";
        case 2:    return "bin_1:req";
        case 3:    return "bin_2:req";
        case 15:   return "csd__:req";
        case 0+23: return "atcmd:rsp";
        case 2+23: return "bin_1:rsp";
        case 3+23: return "bin_2:rsp";
        case 15+23:return "csd__:req";
        default:
                   static char name[10];
                   sprintf(name, "unk%02d:%s", i%23, i<23?"req":"rsp");
                   return name;
    }
    else if (g_devtype==HTC_DIAMOND)
    switch(i)
    {
        // CONTROL, id=0x13
        case 0:return "ctl__:req";
        case 1:return "ctl__:rsp";
        // RPCCALL, id=0x10
        case 2:return "rpc__:req";
        case 3:return "rpc__:rsp";
        // id=0x1f
        case 4:return "_____:req";
        case 5:return "_____:rsp";
        // GPSNMEA, id=0x29
        case 6:return "gps__:req";
        case 7:return "gps__:rsp";
        // DS, id=0x0e
        case 8:return "atcmd:req";
        case 9:return "atcmd:rsp";
        // DATA1, id=0x15
        case 10:return "g3dat:req";
        case 11:return "g3dat:rsp";
        // DATA2, id=0x16
        case 12:return "dat2_:req";
        case 13:return "dat2_:rsp";
        // DATA3, id=0x17
        case 14:return "dat3_:req";
        case 15:return "dat3_:rsp";
        // DATA9, id=0x1d
        case 16:return "csd__:req";
        case 17:return "csd__:rsp";
        // DATA11, id=0x1f
        case 18:return "dat11:req";
        case 19:return "dat11:rsp";
        default:
                   static char name[10];
                   sprintf(name, "unk%02d:%s", i/2, (i%2)==0?"req":"rsp");
                   return name;
    }
    else {
                   static char name[10];
                   sprintf(name, "unk%02d:???", i);
                   return name;
    }
}
bool is_binary(int i)
{
    if (g_devtype==HTC_KAISER)
        return (i%23)!=0;
    if (g_devtype==HTC_DIAMOND)
        return (i/2)!=4;
    if (g_devtype==HTC_TOPAZ || g_devtype==HTC_PHOTON || g_devtype==MOTO_ES400)
        return i!=0;

    return true;
}
void write_diffs(bool bIsBin, const std::string& name, DWORD prev, DWORD cur, ByteVector::const_iterator bufstart, ByteVector::const_iterator bufend, const char *type)
{
    if (prev==cur) {
        return;
    }
    ByteVector diff;
    if (prev<cur) {
        diff.insert(diff.end(), bufstart+prev, bufstart+cur);
    }
    else {
        diff.insert(diff.end(), bufstart+prev, bufend);
        diff.insert(diff.end(), bufstart, bufstart+cur);
    }
    debugt("%s  %s %04x-%04x  : %04x bytes\n", name.c_str(), type, prev, cur, diff.size());

    if (bIsBin) {
        for (unsigned i=0 ; i<diff.size() ; i+=4096) {
            debug("%s\n", hexdump(&diff.front()+i, std::min((int)(diff.size()-i), 4096)).c_str());
        }
        debug("\n");
    }
    else
        debug("%s\n\n", ascdump(diff, "\n\r", true).c_str());
}
void diamondmon(DWORD bufbase, DWORD bufsize, int wrofs, int rdofs, int datofs)
{
    DwordVector prevptrs;
    prevptrs.resize(2*23*2);
    while (1) {
        DwordVector ptrs;
        ptrs.reserve(2*23*2);
        for (int i=0 ; i<2*23 ; i++)
        {
            ptrs.push_back(read_dword(bufbase+bufsize*i+wrofs));
            ptrs.push_back(read_dword(bufbase+bufsize*i+rdofs));
            if (ptrs[2*i]!=prevptrs[2*i] || ptrs[2*i+1]!=prevptrs[2*i+1])
            {
                ByteVector buf;
                read_mem(bufbase+bufsize*i+datofs, bufsize-datofs, buf);
                if (ptrs[2*i]!=prevptrs[2*i]) {
                    //debugt("%s  %s %04x-%04x\n", bufname(i), "writ", prevptrs[2*i], ptrs[2*i]);
                    write_diffs(is_binary(i), bufname(i), prevptrs[2*i], ptrs[2*i], buf.begin(), buf.end(), "writ");
                }
                if (ptrs[2*i+1]!=prevptrs[2*i+1]) {
                    debugt("%s  %s %04x-%04x\n", bufname(i), "read", prevptrs[2*i+1], ptrs[2*i+1]);
                    //write_diffs(is_binary(i), bufname(i), prevptrs[2*i+1], ptrs[2*i+1], buf.begin(), buf.end(), "read");
                }
            }
        }
        prevptrs.swap(ptrs);
        Sleep(30);
    }
}
class ipcinfo {
    DWORD _base;
    DWORD _toc;
public:
    ipcinfo(DWORD base)
        : _base(base), _toc(0xd0)
    {
    }
    bool itemvalid(int i)
    {
        return read_dword(_base+_toc+16*i)!=0;
    }
    DWORD itemofs(int i)
    {
        return read_dword(_base+_toc+16*i+4);
    }
    DWORD itemsize(int i)
    {
        return read_dword(_base+_toc+16*i+8);
    }
};
void topazmon(DWORD ipcbase)
{
    DwordVector hdrofs;
    DwordVector datofs;
    DwordVector datsize;
    StringList names;

    ipcinfo ipc(ipcbase);

    size_t streamrecsize= g_devtype==HTC_TOPAZ ? 36 : (g_devtype==HTC_PHOTON || g_devtype==MOTO_ES400) ? 32 : 64;

    debug("qualcomm ipc base= %08x\n", ipcbase);

// /Users/itsme-plain/phones/htc_diamond/devices/dutch/hex-phys01f.txt   64
// /Users/itsme-plain/phones/htc_topaz/devices/ipcdump.txt               36
// /Users/itsme/phones/htc_photon/devices/ipc.txt                        32
//
// /Users/itsme-plain/phones/htc_diamond/devices/dutch/about-smem.txt
    int itembase= g_devtype==MOTO_ES400 ? 15 : 13;
    DWORD streamnames= ipc.itemofs(itembase);
    for (int i=0 ; i<64 ; i++) {
        if (ipc.itemvalid(itembase+1+i)) {
            hdrofs.push_back(ipc.itemofs(itembase+1+i));
            datofs.push_back(ipc.itemofs(itembase+325+i));
            datsize.push_back(ipc.itemsize(itembase+325+i));
            std::string str= read_string(ipcbase+streamnames+i*streamrecsize);
            if (str.empty())
                str= stringformat("unk_%02x", i);
            names.push_back(str);

            debug("%02x [%02x] %05x %05x %05x %s\n", i, i+14, hdrofs.back(), datofs.back(), datsize.back(), str.c_str());
        }
    }

    DwordVector prevptrs;
    prevptrs.resize(2*hdrofs.size());
    while (1) {
        DwordVector ptrs;
        ptrs.reserve(prevptrs.size());
        for (unsigned i=0 ; i<hdrofs.size() ; i++)
        {
            ptrs.push_back(read_dword(ipcbase+hdrofs[i]+0x0c));
            ptrs.push_back(read_dword(ipcbase+hdrofs[i]+0x20));
            if (ptrs[2*i]!=prevptrs[2*i])
            {
                ByteVector buf;
                read_mem(ipcbase+datofs[i], datsize[i]/2, buf);
                write_diffs(i!=0, names[i], prevptrs[2*i], ptrs[2*i], buf.begin(), buf.end(), "req");
            }
            if (ptrs[2*i+1]!=prevptrs[2*i+1])
            {
                ByteVector buf;
                read_mem(ipcbase+datofs[i]+datsize[i]/2, datsize[i]/2, buf);
                write_diffs(i!=0, names[i], prevptrs[2*i+1], ptrs[2*i+1], buf.begin(), buf.end(), "rsp");
            }
        }
        prevptrs.swap(ptrs);
        Sleep(30);
    }
}

#ifndef W32TST
int WINAPI WinMain( HINSTANCE hInstance,
                   HINSTANCE hPrevInstance,
                   LPTSTR    lpCmdLine,
                   int       nCmdShow)
#else
int main(char**,int)
#endif
{

    DebugSetLogfile("qualbufmon.log");
#ifndef W32TST
    KernelMode _km;
#else
    DebugStdOut();
#endif
    deviceinfo di;

    DWORD bufbase= 0;
    DWORD bufsize= 0;
    int wrofs=0;
    int rdofs=0;
    int datofs=0;

    if (lpCmdLine && lpCmdLine[0])
        bufbase= _tcstoul(lpCmdLine, 0, 0);

    g_devtype= di.devtype();
    if (!di.GetQualcommIpcBuf(bufbase,bufsize,wrofs,rdofs,datofs))
        debug("unknown device: %s\n", di.getoemname().c_str());

    if (bufbase==0) {
        debug("no bufbase specified\n");
        return 1;
    }
    debugt("qualbufmon started - %08lx\n", bufbase);

    if (g_devtype==HTC_TOPAZ || g_devtype==HTC_PHOTON || g_devtype==MOTO_ES400) {
        topazmon(bufbase);
    }
    else {
        diamondmon(bufbase, bufsize, wrofs, rdofs, datofs);
    }
    return 0;
}