extending ril/rilgsm
This is an attempt to extend the functionality of a devicedriver at runtime.
by adding new ioctls to rilgsm.dll.
you can browse the source files
here
it only works with the rilgsm.dll of 2002-12-27 16:25, 208466 bytes
with md5sum of 393dc76613321fecaf0f1f40ad73b336
that can be found in most radio updates
It doesn't work
unfortunately it does not work yet.
I tried to add ril ioctl functions to the rilgsm.dll, by patching a jump in ram
to my extension dll for a specific version of rilgsm.dll.
all code seems to execute at the expected moments.
just the result never arrives in my test application.
any ideas?
- extendril.cpp
- contains code that inserts the hook in rilgsm.dll
- contains the code to be executed for our ioctl.
- loadrilextension.cpp
- inserts the extendril.dll hook in the device.exe process memory
- rilhook.S
- small assembler stub, that calls our ioctl
- riltest.cpp
- program to test it all
example output
riltest.log
starting test
NOT: 00800002 01 00 00 00
RIL_DevSpecific: 00000050
RES: 00000001 00000050
RIL_DevSpecific: 80004005
RIL_GetCellBroadcastMsgConfig: 00000051
RES: 00000001 00000051 10 00 00 00 07 00 00 00 ff ff 01 00 00 00 00 00
RIL_GetCurrentAddressId: 00000052
RES: 00000001 00000052 00 00 00 00
RIL_GetEquipmentInfo: 00000053
RES: 00000001 00000053 08 02 00 00 0f 00 00 00 48 54 43 00 ....
RIL_GetSubscriberNumbers: 00000054
RES: 00000001 00000054
ioctl(adef65ba, 03000800) : res=00000055 nret=00000004
test done
loadril.log
injectdll(8dfe1796 \Windows\extendril.dll)
openprocess: 8dfe1796
km=00000001 perm=00800001
LocalAllocInProcess : 06097998
MapPtrUnsecure : 3010318c
callback done
extendril.log
hook dllmain(8d947148, 00000001, 00000000)
RIL_IOControl=00950210
valid rilgsm signature found at 00951da4
writing to memory 00951da4
done: 00951da4:e59f3000 e1a0f003 007b1700
Hook installed 1
Handle_My_RILIoctl(00093f00): hr=00000001 res=00000055
response=00093638 ppdata=0009321c plen=00093220
response=
+EXT_UREG FFFFFFFFFFFFFFFFFFFFFFFFFF .....
0
*ppdata= 00000000
*plen= 00000000