// (c) 2003 Willem jan Hengeveld
// email: itsme@xs4all.nl
// web: http://www.xs4all.nl/~itsme/projects/xda/rilhook.html
//
// this hook is jumped to by inserting a jump instruction over the
// last ioctl value test in RIL_IOControl from rilgsm.dll
//
// first the original test is performed, and jumped back
// then our own ioctl value is tested for, all relevant parameters
// are loaded, and the 6th parameter is tricked, by doubling as a local variable
// in RIL_IOControl, and as 6th parameter to Handle_My_RILIoctl
// 
.globl ioctl_03000900;
.globl ioctl_invalid;
.globl ioctl_exit;
.globl ioctl_constant;
.globl Handle_My_RILIoctl;
.globl hook;
hook:
      mov r3, #0x3000000
      orr r3, r3, #0x900
      cmp r7, r3
      bne L1
      ldr r3, ioctl_03000900_ptr
      ldr pc, [r3]
ioctl_03000900_ptr:
      .word ioctl_03000900
   L1:
      ldr r3, ioctl_constant_ptr
      ldr r3, [r3]
      cmp r7, r3
      beq L2
      ldr r3, ioctl_invalid_ptr
      ldr pc, [r3]
ioctl_invalid_ptr:
      .word ioctl_invalid
ioctl_constant_ptr:
      .word ioctl_constant
   L2:
      mov r0, r6                // param0
      mov r1, r4                // param2
      ldr r2, [sp, #0x74]       // param3
      ldr r3, [sp, #0x7c]       // param5
      str r3, [sp]
      ldr r3, [sp, #0x78]       // param4
      BL  Handle_My_RILIoctl
      mov r5, r0
      ldr r3, ioctl_exit_ptr
      ldr pc, [r3]
ioctl_exit_ptr:
      .word ioctl_exit