ReactOS  0.4.13-dev-99-g7e18b6d
ldrpe.c
Go to the documentation of this file.
1 /*
2  * COPYRIGHT: See COPYING in the top level directory
3  * PROJECT: ReactOS kernel
4  * FILE: lib/ntdll/ldr/ldrpe.c
5  * PURPOSE: Loader Functions dealing low-level PE Format structures
6  * PROGRAMMERS: Alex Ionescu (alex@relsoft.net)
7  */
8 
9 /* INCLUDES *****************************************************************/
10 
11 #include <ntdll.h>
12 
13 #define NDEBUG
14 #include <debug.h>
15 
16 /* GLOBALS *******************************************************************/
17 
18 PLDR_MANIFEST_PROBER_ROUTINE LdrpManifestProberRoutine;
19 ULONG LdrpNormalSnap;
20 
21 /* FUNCTIONS *****************************************************************/
22 
23 
24 NTSTATUS
25 NTAPI
26 LdrpSnapIAT(IN PLDR_DATA_TABLE_ENTRY ExportLdrEntry,
27  IN PLDR_DATA_TABLE_ENTRY ImportLdrEntry,
28  IN PIMAGE_IMPORT_DESCRIPTOR IatEntry,
29  IN BOOLEAN EntriesValid)
30 {
31  PVOID Iat;
32  NTSTATUS Status;
33  PIMAGE_THUNK_DATA OriginalThunk, FirstThunk;
34  PIMAGE_NT_HEADERS NtHeader;
35  PIMAGE_SECTION_HEADER SectionHeader;
36  PIMAGE_EXPORT_DIRECTORY ExportDirectory;
37  LPSTR ImportName;
38  ULONG ForwarderChain, i, Rva, OldProtect, IatSize, ExportSize;
39  SIZE_T ImportSize;
40  DPRINT("LdrpSnapIAT(%wZ %wZ %p %u)\n", &ExportLdrEntry->BaseDllName, &ImportLdrEntry->BaseDllName, IatEntry, EntriesValid);
41 
42  /* Get export directory */
43  ExportDirectory = RtlImageDirectoryEntryToData(ExportLdrEntry->DllBase,
44  TRUE,
45  IMAGE_DIRECTORY_ENTRY_EXPORT,
46  &ExportSize);
47 
48  /* Make sure it has one */
49  if (!ExportDirectory)
50  {
51  /* Fail */
52  DbgPrint("LDR: %wZ doesn't contain an EXPORT table\n",
53  &ExportLdrEntry->BaseDllName);
54  return STATUS_INVALID_IMAGE_FORMAT;
55  }
56 
57  /* Get the IAT */
58  Iat = RtlImageDirectoryEntryToData(ImportLdrEntry->DllBase,
59  TRUE,
60  IMAGE_DIRECTORY_ENTRY_IAT,
61  &IatSize);
62  ImportSize = IatSize;
63 
64  /* Check if we don't have one */
65  if (!Iat)
66  {
67  /* Get the NT Header and the first section */
68  NtHeader = RtlImageNtHeader(ImportLdrEntry->DllBase);
69  if (!NtHeader) return STATUS_INVALID_IMAGE_FORMAT;
70  SectionHeader = IMAGE_FIRST_SECTION(NtHeader);
71 
72  /* Get the RVA of the import directory */
73  Rva = NtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
74 
75  /* Make sure we got one */
76  if (Rva)
77  {
78  /* Loop all the sections */
79  for (i = 0; i < NtHeader->FileHeader.NumberOfSections; i++)
80  {
81  /* Check if we are inside this section */
82  if ((Rva >= SectionHeader->VirtualAddress) &&
83  (Rva < (SectionHeader->VirtualAddress +
84  SectionHeader->SizeOfRawData)))
85  {
86  /* We are, so set the IAT here */
87  Iat = (PVOID)((ULONG_PTR)(ImportLdrEntry->DllBase) +
88  SectionHeader->VirtualAddress);
89 
90  /* Set the size */
91  IatSize = SectionHeader->Misc.VirtualSize;
92 
93  /* Deal with Watcom and other retarded compilers */
94  if (!IatSize) IatSize = SectionHeader->SizeOfRawData;
95 
96  /* Found it, get out */
97  break;
98  }
99 
100  /* No match, move to the next section */
101  SectionHeader++;
102  }
103  }
104 
105  /* If we still don't have an IAT, that's bad */
106  if (!Iat)
107  {
108  /* Fail */
109  DbgPrint("LDR: Unable to unprotect IAT for %wZ (Image Base %p)\n",
110  &ImportLdrEntry->BaseDllName,
111  ImportLdrEntry->DllBase);
112  return STATUS_INVALID_IMAGE_FORMAT;
113  }
114 
115  /* Set the right size */
116  ImportSize = IatSize;
117  }
118 
119  /* Unprotect the IAT */
120  Status = NtProtectVirtualMemory(NtCurrentProcess(),
121  &Iat,
122  &ImportSize,
123  PAGE_READWRITE,
124  &OldProtect);
125  if (!NT_SUCCESS(Status))
126  {
127  /* Fail */
128  DbgPrint("LDR: Unable to unprotect IAT for %wZ (Status %x)\n",
129  &ImportLdrEntry->BaseDllName,
130  Status);
131  return Status;
132  }
133 
134  /* Check if the Thunks are already valid */
135  if (EntriesValid)
136  {
137  /* We'll only do forwarders. Get the import name */
138  ImportName = (LPSTR)((ULONG_PTR)ImportLdrEntry->DllBase + IatEntry->Name);
139 
140  /* Get the list of forwarders */
141  ForwarderChain = IatEntry->ForwarderChain;
142 
143  /* Loop them */
144  while (ForwarderChain != -1)
145  {
146  /* Get the cached thunk VA*/
147  OriginalThunk = (PIMAGE_THUNK_DATA)
148  ((ULONG_PTR)ImportLdrEntry->DllBase +
149  IatEntry->OriginalFirstThunk +
150  (ForwarderChain * sizeof(IMAGE_THUNK_DATA)));
151 
152  /* Get the first thunk */
153  FirstThunk = (PIMAGE_THUNK_DATA)
154  ((ULONG_PTR)ImportLdrEntry->DllBase +
155  IatEntry->FirstThunk +
156  (ForwarderChain * sizeof(IMAGE_THUNK_DATA)));
157 
158  /* Get the Forwarder from the thunk */
159  ForwarderChain = (ULONG)FirstThunk->u1.Ordinal;
160 
161  /* Snap the thunk */
162  _SEH2_TRY
163  {
164  Status = LdrpSnapThunk(ExportLdrEntry->DllBase,
165  ImportLdrEntry->DllBase,
166  OriginalThunk,
167  FirstThunk,
168  ExportDirectory,
169  ExportSize,
170  TRUE,
171  ImportName);
172 
173  /* Move to the next thunk */
174  FirstThunk++;
175  } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
176  {
177  /* Fail with the SEH error */
178  Status = _SEH2_GetExceptionCode();
179  } _SEH2_END;
180 
181  /* If we messed up, exit */
182  if (!NT_SUCCESS(Status)) break;
183  }
184  }
185  else if (IatEntry->FirstThunk)
186  {
187  /* Full snapping. Get the First thunk */
188  FirstThunk = (PIMAGE_THUNK_DATA)
189  ((ULONG_PTR)ImportLdrEntry->DllBase +
190  IatEntry->FirstThunk);
191 
192  /* Get the NT Header */
193  NtHeader = RtlImageNtHeader(ImportLdrEntry->DllBase);
194 
195  /* Get the Original thunk VA, watch out for weird images */
196  if ((IatEntry->Characteristics < NtHeader->OptionalHeader.SizeOfHeaders) ||
197  (IatEntry->Characteristics >= NtHeader->OptionalHeader.SizeOfImage))
198  {
199  /* Refuse it, this is a strange linked file */
200  OriginalThunk = FirstThunk;
201  }
202  else
203  {
204  /* Get the address from the field and convert to VA */
205  OriginalThunk = (PIMAGE_THUNK_DATA)
206  ((ULONG_PTR)ImportLdrEntry->DllBase +
207  IatEntry->OriginalFirstThunk);
208  }
209 
210  /* Get the Import name VA */
211  ImportName = (LPSTR)((ULONG_PTR)ImportLdrEntry->DllBase +
212  IatEntry->Name);
213 
214  /* Loop while it's valid */
215  while (OriginalThunk->u1.AddressOfData)
216  {
217  /* Snap the Thunk */
218  _SEH2_TRY
219  {
220  Status = LdrpSnapThunk(ExportLdrEntry->DllBase,
221  ImportLdrEntry->DllBase,
222  OriginalThunk,
223  FirstThunk,
224  ExportDirectory,
225  ExportSize,
226  TRUE,
227  ImportName);
228 
229  /* Next thunks */
230  OriginalThunk++;
231  FirstThunk++;
232  } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
233  {
234  /* Fail with the SEH error */
235  Status = _SEH2_GetExceptionCode();
236  } _SEH2_END;
237 
238  /* If we failed the snap, break out */
239  if (!NT_SUCCESS(Status)) break;
240  }
241  }
242 
243  /* Protect the IAT again */
244  NtProtectVirtualMemory(NtCurrentProcess(),
245  &Iat,
246  &ImportSize,
247  OldProtect,
248  &OldProtect);
249 
250  /* Also flush out the cache */
251  NtFlushInstructionCache(NtCurrentProcess(), Iat, IatSize);
252 
253  /* Return to Caller */
254  return Status;
255 }
256 
257 NTSTATUS
258 NTAPI
259 LdrpHandleOneNewFormatImportDescriptor(IN LPWSTR DllPath OPTIONAL,
260  IN PLDR_DATA_TABLE_ENTRY LdrEntry,
261  IN PIMAGE_BOUND_IMPORT_DESCRIPTOR *BoundEntryPtr,
262  IN PIMAGE_BOUND_IMPORT_DESCRIPTOR FirstEntry)
263 {
264  LPSTR ImportName = NULL, BoundImportName, ForwarderName;
265  NTSTATUS Status;
266  BOOLEAN AlreadyLoaded = FALSE, Stale;
267  PIMAGE_IMPORT_DESCRIPTOR ImportEntry;
268  PLDR_DATA_TABLE_ENTRY DllLdrEntry, ForwarderLdrEntry;
269  PIMAGE_BOUND_FORWARDER_REF ForwarderEntry;
270  PIMAGE_BOUND_IMPORT_DESCRIPTOR BoundEntry;
271  PPEB Peb = NtCurrentPeb();
272  ULONG i, IatSize;
273 
274  /* Get the pointer to the bound entry */
275  BoundEntry = *BoundEntryPtr;
276 
277  /* Get the name's VA */
278  BoundImportName = (LPSTR)FirstEntry + BoundEntry->OffsetModuleName;
279 
280  /* Show debug message */
281  if (ShowSnaps)
282  {
283  DPRINT1("LDR: %wZ bound to %s\n", &LdrEntry->BaseDllName, BoundImportName);
284  }
285 
286  /* Load the module for this entry */
287  Status = LdrpLoadImportModule(DllPath,
288  BoundImportName,
289  &DllLdrEntry,
290  &AlreadyLoaded);
291  if (!NT_SUCCESS(Status))
292  {
293  /* Show debug message */
294  if (ShowSnaps)
295  {
296  DPRINT1("LDR: %wZ failed to load import module %s; status = %x\n",
297  &LdrEntry->BaseDllName,
298  BoundImportName,
299  Status);
300  }
301  goto Quickie;
302  }
303 
304  /* Check if it wasn't already loaded */
305  if (!AlreadyLoaded)
306  {
307  /* Add it to our list */
308  InsertTailList(&Peb->Ldr->InInitializationOrderModuleList,
309  &DllLdrEntry->InInitializationOrderLinks);
310  }
311 
312  /* Check if the Bound Entry is now invalid */
313  if ((BoundEntry->TimeDateStamp != DllLdrEntry->TimeDateStamp) ||
314  (DllLdrEntry->Flags & LDRP_IMAGE_NOT_AT_BASE))
315  {
316  /* Show debug message */
317  if (ShowSnaps)
318  {
319  DPRINT1("LDR: %wZ has stale binding to %s\n",
320  &LdrEntry->BaseDllName,
321  BoundImportName);
322  }
323 
324  /* Remember it's become stale */
325  Stale = TRUE;
326  }
327  else
328  {
329  /* Show debug message */
330  if (ShowSnaps)
331  {
332  DPRINT1("LDR: %wZ has correct binding to %s\n",
333  &LdrEntry->BaseDllName,
334  BoundImportName);
335  }
336 
337  /* Remember it's valid */
338  Stale = FALSE;
339  }
340 
341  /* Get the forwarders */
342  ForwarderEntry = (PIMAGE_BOUND_FORWARDER_REF)(BoundEntry + 1);
343 
344  /* Loop them */
345  for (i = 0; i < BoundEntry->NumberOfModuleForwarderRefs; i++)
346  {
347  /* Get the name */
348  ForwarderName = (LPSTR)FirstEntry + ForwarderEntry->OffsetModuleName;
349 
350  /* Show debug message */
351  if (ShowSnaps)
352  {
353  DPRINT1("LDR: %wZ bound to %s via forwarder(s) from %wZ\n",
354  &LdrEntry->BaseDllName,
355  ForwarderName,
356  &DllLdrEntry->BaseDllName);
357  }
358 
359  /* Load the module */
360  Status = LdrpLoadImportModule(DllPath,
361  ForwarderName,
362  &ForwarderLdrEntry,
363  &AlreadyLoaded);
364  if (NT_SUCCESS(Status))
365  {
366  /* Loaded it, was it already loaded? */
367  if (!AlreadyLoaded)
368  {
369  /* Add it to our list */
370  InsertTailList(&Peb->Ldr->InInitializationOrderModuleList,
371  &ForwarderLdrEntry->InInitializationOrderLinks);
372  }
373  }
374 
375  /* Check if the Bound Entry is now invalid */
376  if (!(NT_SUCCESS(Status)) ||
377  (ForwarderEntry->TimeDateStamp != ForwarderLdrEntry->TimeDateStamp) ||
378  (ForwarderLdrEntry->Flags & LDRP_IMAGE_NOT_AT_BASE))
379  {
380  /* Show debug message */
381  if (ShowSnaps)
382  {
383  DPRINT1("LDR: %wZ has stale binding to %s\n",
384  &LdrEntry->BaseDllName,
385  ForwarderName);
386  }
387 
388  /* Remember it's become stale */
389  Stale = TRUE;
390  }
391  else
392  {
393  /* Show debug message */
394  if (ShowSnaps)
395  {
396  DPRINT1("LDR: %wZ has correct binding to %s\n",
397  &LdrEntry->BaseDllName,
398  ForwarderName);
399  }
400 
401  /* Remember it's valid */
402  Stale = FALSE;
403  }
404 
405  /* Move to the next one */
406  ForwarderEntry++;
407  }
408 
409  /* Set the next bound entry to the forwarder */
410  FirstEntry = (PIMAGE_BOUND_IMPORT_DESCRIPTOR)ForwarderEntry;
411 
412  /* Check if the binding was stale */
413  if (Stale)
414  {
415  /* It was, so find the IAT entry for it */
416  ++LdrpNormalSnap;
417  ImportEntry = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
418  TRUE,
419  IMAGE_DIRECTORY_ENTRY_IMPORT,
420  &IatSize);
421 
422  /* Make sure it has a name */
423  while (ImportEntry->Name)
424  {
425  /* Get the name */
426  ImportName = (LPSTR)((ULONG_PTR)LdrEntry->DllBase + ImportEntry->Name);
427 
428  /* Compare it */
429  if (!_stricmp(ImportName, BoundImportName)) break;
430 
431  /* Move to next entry */
432  ImportEntry++;
433  }
434 
435  /* If we didn't find a name, fail */
436  if (!ImportEntry->Name)
437  {
438  /* Show debug message */
439  if (ShowSnaps)
440  {
441  DPRINT1("LDR: LdrpWalkImportTable - failing with"
442  "STATUS_OBJECT_NAME_INVALID due to no import descriptor name\n");
443  }
444 
445  /* Return error */
446  Status = STATUS_OBJECT_NAME_INVALID;
447  goto Quickie;
448  }
449 
450  /* Show debug message */
451  if (ShowSnaps)
452  {
453  DPRINT1("LDR: Stale Bind %s from %wZ\n",
454  ImportName,
455  &LdrEntry->BaseDllName);
456  }
457 
458  /* Snap the IAT Entry*/
459  Status = LdrpSnapIAT(DllLdrEntry,
460  LdrEntry,
461  ImportEntry,
462  FALSE);
463 
464  /* Make sure we didn't fail */
465  if (!NT_SUCCESS(Status))
466  {
467  /* Show debug message */
468  if (ShowSnaps)
469  {
470  DPRINT1("LDR: %wZ failed to load import module %s; status = %x\n",
471  &LdrEntry->BaseDllName,
472  BoundImportName,
473  Status);
474  }
475 
476  /* Return */
477  goto Quickie;
478  }
479  }
480 
481  /* All done */
482  Status = STATUS_SUCCESS;
483 
484 Quickie:
485  /* Write where we are now and return */
486  *BoundEntryPtr = FirstEntry;
487  return Status;
488 }
489 
490 NTSTATUS
491 NTAPI
492 LdrpHandleNewFormatImportDescriptors(IN LPWSTR DllPath OPTIONAL,
493  IN PLDR_DATA_TABLE_ENTRY LdrEntry,
494  IN PIMAGE_BOUND_IMPORT_DESCRIPTOR BoundEntry)
495 {
496  PIMAGE_BOUND_IMPORT_DESCRIPTOR FirstEntry = BoundEntry;
497  NTSTATUS Status;
498 
499  /* Make sure we have a name */
500  while (BoundEntry->OffsetModuleName)
501  {
502  /* Parse this descriptor */
503  Status = LdrpHandleOneNewFormatImportDescriptor(DllPath,
504  LdrEntry,
505  &BoundEntry,
506  FirstEntry);
507  if (!NT_SUCCESS(Status)) return Status;
508  }
509 
510  /* Done */
511  return STATUS_SUCCESS;
512 }
513 
514 NTSTATUS
515 NTAPI
516 LdrpHandleOneOldFormatImportDescriptor(IN LPWSTR DllPath OPTIONAL,
517  IN PLDR_DATA_TABLE_ENTRY LdrEntry,
518  IN PIMAGE_IMPORT_DESCRIPTOR *ImportEntry)
519 {
520  LPSTR ImportName;
521  NTSTATUS Status;
522  BOOLEAN AlreadyLoaded = FALSE;
523  PLDR_DATA_TABLE_ENTRY DllLdrEntry;
524  PIMAGE_THUNK_DATA FirstThunk;
525  PPEB Peb = NtCurrentPeb();
526 
527  /* Get the import name's VA */
528  ImportName = (LPSTR)((ULONG_PTR)LdrEntry->DllBase + (*ImportEntry)->Name);
529 
530  /* Get the first thunk */
531  FirstThunk = (PIMAGE_THUNK_DATA)((ULONG_PTR)LdrEntry->DllBase +
532  (*ImportEntry)->FirstThunk);
533 
534  /* Make sure it's valid */
535  if (!FirstThunk->u1.Function) goto SkipEntry;
536 
537  /* Show debug message */
538  if (ShowSnaps)
539  {
540  DPRINT1("LDR: %s used by %wZ\n",
541  ImportName,
542  &LdrEntry->BaseDllName);
543  }
544 
545  /* Load the module associated to it */
546  Status = LdrpLoadImportModule(DllPath,
547  ImportName,
548  &DllLdrEntry,
549  &AlreadyLoaded);
550  if (!NT_SUCCESS(Status))
551  {
552  /* Fail */
553  if (ShowSnaps)
554  {
555  DbgPrint("LDR: LdrpWalkImportTable - LdrpLoadImportModule failed "
556  "on import %s with status %x\n",
557  ImportName,
558  Status);
559  }
560 
561  /* Return */
562  return Status;
563  }
564 
565  /* Show debug message */
566  if (ShowSnaps)
567  {
568  DPRINT1("LDR: Snapping imports for %wZ from %s\n",
569  &LdrEntry->BaseDllName,
570  ImportName);
571  }
572 
573  /* Check if it wasn't already loaded */
574  ++LdrpNormalSnap;
575  if (!AlreadyLoaded)
576  {
577  /* Add the DLL to our list */
578  InsertTailList(&Peb->Ldr->InInitializationOrderModuleList,
579  &DllLdrEntry->InInitializationOrderLinks);
580  }
581 
582  /* Now snap the IAT Entry */
583  Status = LdrpSnapIAT(DllLdrEntry, LdrEntry, *ImportEntry, FALSE);
584  if (!NT_SUCCESS(Status))
585  {
586  /* Fail */
587  if (ShowSnaps)
588  {
589  DbgPrint("LDR: LdrpWalkImportTable - LdrpSnapIAT #2 failed with "
590  "status %x\n",
591  Status);
592  }
593 
594  /* Return */
595  return Status;
596  }
597 
598 SkipEntry:
599  /* Move on */
600  (*ImportEntry)++;
601  return STATUS_SUCCESS;
602 }
603 
604 NTSTATUS
605 NTAPI
606 LdrpHandleOldFormatImportDescriptors(IN LPWSTR DllPath OPTIONAL,
607  IN PLDR_DATA_TABLE_ENTRY LdrEntry,
608  IN PIMAGE_IMPORT_DESCRIPTOR ImportEntry)
609 {
610  NTSTATUS Status;
611 
612  /* Check for Name and Thunk */
613  while ((ImportEntry->Name) && (ImportEntry->FirstThunk))
614  {
615  /* Parse this descriptor */
616  Status = LdrpHandleOneOldFormatImportDescriptor(DllPath,
617  LdrEntry,
618  &ImportEntry);
619  if (!NT_SUCCESS(Status)) return Status;
620  }
621 
622  /* Done */
623  return STATUS_SUCCESS;
624 }
625 
626 USHORT
627 NTAPI
628 LdrpNameToOrdinal(IN LPSTR ImportName,
629  IN ULONG NumberOfNames,
630  IN PVOID ExportBase,
631  IN PULONG NameTable,
632  IN PUSHORT OrdinalTable)
633 {
634  LONG Start, End, Next, CmpResult;
635 
636  /* Use classical binary search to find the ordinal */
637  Start = Next = 0;
638  End = NumberOfNames - 1;
639  while (End >= Start)
640  {
641  /* Next will be exactly between Start and End */
642  Next = (Start + End) >> 1;
643 
644  /* Compare this name with the one we need to find */
645  CmpResult = strcmp(ImportName, (PCHAR)((ULONG_PTR)ExportBase + NameTable[Next]));
646 
647  /* We found our entry if result is 0 */
648  if (!CmpResult) break;
649 
650  /* We didn't find, update our range then */
651  if (CmpResult < 0)
652  {
653  End = Next - 1;
654  }
655  else if (CmpResult > 0)
656  {
657  Start = Next + 1;
658  }
659  }
660 
661  /* If end is before start, then the search failed */
662  if (End < Start) return -1;
663 
664  /* Return found name */
665  return OrdinalTable[Next];
666 }
667 
668 NTSTATUS
669 NTAPI
670 LdrpWalkImportDescriptor(IN LPWSTR DllPath OPTIONAL,
671  IN PLDR_DATA_TABLE_ENTRY LdrEntry)
672 {
673  RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
674  PPEB Peb = NtCurrentPeb();
675  NTSTATUS Status = STATUS_SUCCESS, Status2;
676  PIMAGE_BOUND_IMPORT_DESCRIPTOR BoundEntry = NULL;
677  PIMAGE_IMPORT_DESCRIPTOR ImportEntry;
678  ULONG BoundSize, IatSize;
679 
680  DPRINT("LdrpWalkImportDescriptor - BEGIN (%wZ %p '%S')\n", &LdrEntry->BaseDllName, LdrEntry, DllPath);
681 
682  /* Set up the Act Ctx */
683  RtlZeroMemory(&ActCtx, sizeof(ActCtx));
684  ActCtx.Size = sizeof(ActCtx);
685  ActCtx.Format = RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER;
686 
687  /* Check if we have a manifest prober routine */
688  if (LdrpManifestProberRoutine)
689  {
690  /* Probe the DLL for its manifest. Some details are omitted */
691  Status2 = LdrpManifestProberRoutine(LdrEntry->DllBase, LdrEntry->FullDllName.Buffer, &LdrEntry->EntryPointActivationContext);
692 
693  if (!NT_SUCCESS(Status2) &&
694  Status2 != STATUS_NO_SUCH_FILE &&
695  Status2 != STATUS_RESOURCE_DATA_NOT_FOUND &&
696  Status2 != STATUS_RESOURCE_TYPE_NOT_FOUND &&
697  Status2 != STATUS_RESOURCE_NAME_NOT_FOUND &&
698  Status2 != STATUS_RESOURCE_LANG_NOT_FOUND)
699  {
700  /* Some serious issue */
701  //Status = Status2; // FIXME: Ignore that error for now
702  DbgPrintEx(DPFLTR_SXS_ID,
703  DPFLTR_WARNING_LEVEL,
704  "LDR: LdrpWalkImportDescriptor() failed to probe %wZ for its "
705  "manifest, ntstatus = 0x%08lx\n",
706  &LdrEntry->FullDllName, Status);
707  }
708  }
709 
710  /* Check if we failed above */
711  if (!NT_SUCCESS(Status)) return Status;
712 
713  /* Get the Active ActCtx */
714  if (!LdrEntry->EntryPointActivationContext)
715  {
716  Status = RtlGetActiveActivationContext(&LdrEntry->EntryPointActivationContext);
717 
718  if (!NT_SUCCESS(Status))
719  {
720  /* Exit */
721  DbgPrintEx(DPFLTR_SXS_ID,
722  DPFLTR_WARNING_LEVEL,
723  "LDR: RtlGetActiveActivationContext() failed; ntstatus = "
724  "0x%08lx\n",
725  Status);
726  return Status;
727  }
728  }
729 
730  /* Activate the ActCtx */
731  RtlActivateActivationContextUnsafeFast(&ActCtx,
732  LdrEntry->EntryPointActivationContext);
733 
734  /* Check if we were redirected */
735  if (!(LdrEntry->Flags & LDRP_REDIRECTED))
736  {
737  /* Get the Bound IAT */
738  BoundEntry = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
739  TRUE,
740  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT,
741  &BoundSize);
742  }
743 
744  /* Get the regular IAT, for fallback */
745  ImportEntry = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
746  TRUE,
747  IMAGE_DIRECTORY_ENTRY_IMPORT,
748  &IatSize);
749 
750  /* Check if we got at least one */
751  if ((BoundEntry) || (ImportEntry))
752  {
753  /* Do we have a Bound IAT */
754  if (BoundEntry)
755  {
756  /* Handle the descriptor */
757  Status = LdrpHandleNewFormatImportDescriptors(DllPath,
758  LdrEntry,
759  BoundEntry);
760  }
761  else
762  {
763  /* Handle the descriptor */
764  Status = LdrpHandleOldFormatImportDescriptors(DllPath,
765  LdrEntry,
766  ImportEntry);
767  }
768 
769  /* Check the status of the handlers */
770  if (NT_SUCCESS(Status))
771  {
772  /* Check for Per-DLL Heap Tagging */
773  if (Peb->NtGlobalFlag & FLG_HEAP_ENABLE_TAG_BY_DLL)
774  {
775  /* FIXME */
776  DPRINT1("We don't support Per-DLL Heap Tagging yet!\n");
777  }
778 
779  /* Check if Page Heap was enabled */
780  if (Peb->NtGlobalFlag & FLG_HEAP_PAGE_ALLOCS)
781  {
782  /* Initialize target DLL */
783  AVrfPageHeapDllNotification(LdrEntry);
784  }
785 
786  /* Check if Application Verifier was enabled */
787  if (Peb->NtGlobalFlag & FLG_APPLICATION_VERIFIER)
788  {
789  AVrfDllLoadNotification(LdrEntry);
790  }
791 
792  /* Just to be safe */
793  Status = STATUS_SUCCESS;
794  }
795  }
796 
797  /* Release the activation context */
798  RtlDeactivateActivationContextUnsafeFast(&ActCtx);
799 
800  DPRINT("LdrpWalkImportDescriptor - END (%wZ %p)\n", &LdrEntry->BaseDllName, LdrEntry);
801 
802  /* Return status */
803  return Status;
804 }
805 
806 NTSTATUS
807 NTAPI
808 LdrpLoadImportModule(IN PWSTR DllPath OPTIONAL,
809  IN LPSTR ImportName,
810  OUT PLDR_DATA_TABLE_ENTRY *DataTableEntry,
811  OUT PBOOLEAN Existing)
812 {
813  ANSI_STRING AnsiString;
814  PUNICODE_STRING ImpDescName;
815  const WCHAR *p;
816  BOOLEAN GotExtension;
817  WCHAR c;
818  NTSTATUS Status;
819  PPEB Peb = RtlGetCurrentPeb();
820  PTEB Teb = NtCurrentTeb();
821  UNICODE_STRING RedirectedImpDescName;
822  BOOLEAN RedirectedDll;
823 
824  DPRINT("LdrpLoadImportModule('%S' '%s' %p %p)\n", DllPath, ImportName, DataTableEntry, Existing);
825 
826  RedirectedDll = FALSE;
827  RtlInitEmptyUnicodeString(&RedirectedImpDescName, NULL, 0);
828 
829  /* Convert import descriptor name to unicode string */
830  ImpDescName = &Teb->StaticUnicodeString;
831  RtlInitAnsiString(&AnsiString, ImportName);
832  Status = RtlAnsiStringToUnicodeString(ImpDescName, &AnsiString, FALSE);
833  if (!NT_SUCCESS(Status)) return Status;
834 
835  /* Find the extension, if present */
836  p = ImpDescName->Buffer + ImpDescName->Length / sizeof(WCHAR) - 1;
837  GotExtension = FALSE;
838  while (p >= ImpDescName->Buffer)
839  {
840  c = *p--;
841  if (c == L'.')
842  {
843  GotExtension = TRUE;
844  break;
845  }
846  else if (c == L'\\')
847  {
848  break;
849  }
850  }
851 
852  /* If no extension was found, add the default extension */
853  if (!GotExtension)
854  {
855  /* Check that we have space to add one */
856  if ((ImpDescName->Length + LdrApiDefaultExtension.Length + sizeof(UNICODE_NULL)) >=
857  sizeof(Teb->StaticUnicodeBuffer))
858  {
859  /* No space to add the extension */
860  DbgPrintEx(DPFLTR_LDR_ID,
861  DPFLTR_ERROR_LEVEL,
862  "LDR: %s - Dll name missing extension; with extension "
863  "added the name is too long\n"
864  " ImpDescName: (@ %p) \"%wZ\"\n"
865  " ImpDescName->Length: %u\n",
866  __FUNCTION__,
867  ImpDescName,
868  ImpDescName,
869  ImpDescName->Length);
870  return STATUS_NAME_TOO_LONG;
871  }
872 
873  /* Add it. Needs to be null terminated, thus the length check above */
874  (VOID)RtlAppendUnicodeStringToString(ImpDescName,
875  &LdrApiDefaultExtension);
876  }
877 
878  /* Check if the SxS Assemblies specify another file */
879  Status = RtlDosApplyFileIsolationRedirection_Ustr(TRUE,
880  ImpDescName,
881  &LdrApiDefaultExtension,
882  NULL,
883  &RedirectedImpDescName,
884  &ImpDescName,
885  NULL,
886  NULL,
887  NULL);
888 
889  /* Check success */
890  if (NT_SUCCESS(Status))
891  {
892  /* Let Ldrp know */
893  RedirectedDll = TRUE;
894  }
895  else if (Status != STATUS_SXS_KEY_NOT_FOUND)
896  {
897  /* Unrecoverable SxS failure */
898  DPRINT1("LDR: RtlDosApplyFileIsolationRedirection_Ustr failed with status %x for dll %wZ\n", Status, ImpDescName);
899  goto done;
900  }
901 
902  /* Check if it's loaded */
903  if (LdrpCheckForLoadedDll(DllPath,
904  ImpDescName,
905  TRUE,
906  RedirectedDll,
907  DataTableEntry))
908  {
909  /* It's already existing in the list */
910  *Existing = TRUE;
911  Status = STATUS_SUCCESS;
912  goto done;
913  }
914 
915  /* We're loading it for the first time */
916  *Existing = FALSE;
917 
918  /* Map it */
919  Status = LdrpMapDll(DllPath,
920  NULL,
921  ImpDescName->Buffer,
922  NULL,
923  TRUE,
924  RedirectedDll,
925  DataTableEntry);
926  if (!NT_SUCCESS(Status))
927  {
928  DPRINT1("LDR: LdrpMapDll failed with status %x for dll %wZ\n", Status, ImpDescName);
929  goto done;
930  }
931 
932  /* Walk its import descriptor table */
933  Status = LdrpWalkImportDescriptor(DllPath,
934  *DataTableEntry);
935  if (!NT_SUCCESS(Status))
936  {
937  /* Add it to the in-init-order list in case of failure */
938  InsertTailList(&Peb->Ldr->InInitializationOrderModuleList,
939  &(*DataTableEntry)->InInitializationOrderLinks);
940  }
941 
942 done:
943  RtlFreeUnicodeString(&RedirectedImpDescName);
944 
945  return Status;
946 }
947 
948 NTSTATUS
949 NTAPI
950 LdrpSnapThunk(IN PVOID ExportBase,
951  IN PVOID ImportBase,
952  IN PIMAGE_THUNK_DATA OriginalThunk,
953  IN OUT PIMAGE_THUNK_DATA Thunk,
954  IN PIMAGE_EXPORT_DIRECTORY ExportEntry,
955  IN ULONG ExportSize,
956  IN BOOLEAN Static,
957  IN LPSTR DllName)
958 {
959  BOOLEAN IsOrdinal;
960  USHORT Ordinal;
961  ULONG OriginalOrdinal = 0;
962  PIMAGE_IMPORT_BY_NAME AddressOfData;
963  PULONG NameTable;
964  PUSHORT OrdinalTable;
965  LPSTR ImportName = NULL, DotPosition;
966  USHORT Hint;
967  NTSTATUS Status;
968  ULONG_PTR HardErrorParameters[3];
969  UNICODE_STRING HardErrorDllName, HardErrorEntryPointName;
970  ANSI_STRING TempString;
971  ULONG Mask;
972  ULONG Response;
973  PULONG AddressOfFunctions;
974  UNICODE_STRING TempUString;
975  ANSI_STRING ForwarderName;
976  PANSI_STRING ForwardName;
977  PVOID ForwarderHandle;
978  ULONG ForwardOrdinal;
979 
980  /* Check if the snap is by ordinal */
981  if ((IsOrdinal = IMAGE_SNAP_BY_ORDINAL(OriginalThunk->u1.Ordinal)))
982  {
983  /* Get the ordinal number, and its normalized version */
984  OriginalOrdinal = IMAGE_ORDINAL(OriginalThunk->u1.Ordinal);
985  Ordinal = (USHORT)(OriginalOrdinal - ExportEntry->Base);
986  }
987  else
988  {
989  /* First get the data VA */
990  AddressOfData = (PIMAGE_IMPORT_BY_NAME)
991  ((ULONG_PTR)ImportBase +
992  ((ULONG_PTR)OriginalThunk->u1.AddressOfData & 0xffffffff));
993 
994  /* Get the name */
995  ImportName = (LPSTR)AddressOfData->Name;
996 
997  /* Now get the VA of the Name and Ordinal Tables */
998  NameTable = (PULONG)((ULONG_PTR)ExportBase +
999  (ULONG_PTR)ExportEntry->AddressOfNames);
1000  OrdinalTable = (PUSHORT)((ULONG_PTR)ExportBase +
1001  (ULONG_PTR)ExportEntry->AddressOfNameOrdinals);
1002 
1003  /* Get the hint */
1004  Hint = AddressOfData->Hint;
1005 
1006  /* Try to get a match by using the hint */
1007  if (((ULONG)Hint < ExportEntry->NumberOfNames) &&
1008  (!strcmp(ImportName, ((LPSTR)((ULONG_PTR)ExportBase + NameTable[Hint])))))
1009  {
1010  /* We got a match, get the Ordinal from the hint */
1011  Ordinal = OrdinalTable[Hint];
1012  }
1013  else
1014  {
1015  /* Well bummer, hint didn't work, do it the long way */
1016  Ordinal = LdrpNameToOrdinal(ImportName,
1017  ExportEntry->NumberOfNames,
1018  ExportBase,
1019  NameTable,
1020  OrdinalTable);
1021  }
1022  }
1023 
1024  /* Check if the ordinal is invalid */
1025  if ((ULONG)Ordinal >= ExportEntry->NumberOfFunctions)
1026  {
1027 FailurePath:
1028  /* Is this a static snap? */
1029  if (Static)
1030  {
1031  RtlInitAnsiString(&TempString, DllName ? DllName : "Unknown");
1032  /* Inform the debug log */
1033  if (IsOrdinal)
1034  DPRINT1("Failed to snap ordinal %Z!0x%x\n", &TempString, OriginalOrdinal);
1035  else
1036  DPRINT1("Failed to snap %Z!%s\n", &TempString, ImportName);
1037 
1038  /* These are critical errors. Setup a string for the DLL name */
1039  RtlAnsiStringToUnicodeString(&HardErrorDllName, &TempString, TRUE);
1040 
1041  /* Set it as the parameter */
1042  HardErrorParameters[1] = (ULONG_PTR)&HardErrorDllName;
1043  Mask = 2;
1044 
1045  /* Check if we have an ordinal */
1046  if (IsOrdinal)
1047  {
1048  /* Then set the ordinal as the 1st parameter */
1049  HardErrorParameters[0] = OriginalOrdinal;
1050  }
1051  else
1052  {
1053  /* We don't, use the entrypoint. Set up a string for it */
1054  RtlInitAnsiString(&TempString, ImportName);
1055  RtlAnsiStringToUnicodeString(&HardErrorEntryPointName,
1056  &TempString,
1057  TRUE);
1058 
1059  /* Set it as the parameter */
1060  HardErrorParameters[0] = (ULONG_PTR)&HardErrorEntryPointName;
1061  Mask = 3;
1062  }
1063 
1064  /* Raise the error */
1065  NtRaiseHardError(IsOrdinal ? STATUS_ORDINAL_NOT_FOUND :
1066  STATUS_ENTRYPOINT_NOT_FOUND,
1067  2,
1068  Mask,
1069  HardErrorParameters,
1070  OptionOk,
1071  &Response);
1072 
1073  /* Increase the error count */
1074  if (LdrpInLdrInit) LdrpFatalHardErrorCount++;
1075 
1076  /* Free our string */
1077  RtlFreeUnicodeString(&HardErrorDllName);
1078  if (!IsOrdinal)
1079  {
1080  /* Free our second string. Return entrypoint error */
1081  RtlFreeUnicodeString(&HardErrorEntryPointName);
1082  RtlRaiseStatus(STATUS_ENTRYPOINT_NOT_FOUND);
1083  }
1084 
1085  /* Return ordinal error */
1086  RtlRaiseStatus(STATUS_ORDINAL_NOT_FOUND);
1087  }
1088  else
1089  {
1090  /* Inform the debug log */
1091  if (IsOrdinal)
1092  DPRINT("Non-fatal: Failed to snap ordinal 0x%x\n", OriginalOrdinal);
1093  else
1094  DPRINT("Non-fatal: Failed to snap %s\n", ImportName);
1095  }
1096 
1097  /* Set this as a bad DLL */
1098  Thunk->u1.Function = (ULONG_PTR)0xffbadd11;
1099 
1100  /* Return the right error code */
1101  Status = IsOrdinal ? STATUS_ORDINAL_NOT_FOUND :
1102  STATUS_ENTRYPOINT_NOT_FOUND;
1103  }
1104  else
1105  {
1106  /* The ordinal seems correct, get the AddressOfFunctions VA */
1107  AddressOfFunctions = (PULONG)
1108  ((ULONG_PTR)ExportBase +
1109  (ULONG_PTR)ExportEntry->AddressOfFunctions);
1110 
1111  /* Write the function pointer*/
1112  Thunk->u1.Function = (ULONG_PTR)ExportBase + AddressOfFunctions[Ordinal];
1113 
1114  /* Make sure it's within the exports */
1115  if ((Thunk->u1.Function > (ULONG_PTR)ExportEntry) &&
1116  (Thunk->u1.Function < ((ULONG_PTR)ExportEntry + ExportSize)))
1117  {
1118  /* Get the Import and Forwarder Names */
1119  ImportName = (LPSTR)Thunk->u1.Function;
1120 
1121  DotPosition = strchr(ImportName, '.');
1122  ASSERT(DotPosition != NULL);
1123  if (!DotPosition)
1124  goto FailurePath;
1125 
1126  ForwarderName.Buffer = ImportName;
1127  ForwarderName.Length = (USHORT)(DotPosition - ImportName);
1128  ForwarderName.MaximumLength = ForwarderName.Length;
1129  Status = RtlAnsiStringToUnicodeString(&TempUString,
1130  &ForwarderName,
1131  TRUE);
1132 
1133  /* Make sure the conversion was OK */
1134  if (NT_SUCCESS(Status))
1135  {
1136  WCHAR StringBuffer[MAX_PATH];
1137  UNICODE_STRING StaticString, *RedirectedImportName;
1138  BOOLEAN Redirected = FALSE;
1139 
1140  RtlInitEmptyUnicodeString(&StaticString, StringBuffer, sizeof(StringBuffer));
1141 
1142  /* Check if the SxS Assemblies specify another file */
1143  Status = RtlDosApplyFileIsolationRedirection_Ustr(TRUE,
1144  &TempUString,
1145  &LdrApiDefaultExtension,
1146  &StaticString,
1147  NULL,
1148  &RedirectedImportName,
1149  NULL,
1150  NULL,
1151  NULL);
1152  if (NT_SUCCESS(Status))
1153  {
1154  if (ShowSnaps)
1155  {
1156  DPRINT1("LDR: %Z got redirected to %wZ\n", &ForwarderName, RedirectedImportName);
1157  }
1158  /* Let Ldrp know */
1159  Redirected = TRUE;
1160  }
1161  else
1162  {
1163  RedirectedImportName = &TempUString;
1164  }
1165 
1166  /* Load the forwarder */
1167  Status = LdrpLoadDll(Redirected,
1168  NULL,
1169  NULL,
1170  RedirectedImportName,
1171  &ForwarderHandle,
1172  FALSE);
1173 
1174  RtlFreeUnicodeString(&TempUString);
1175  }
1176 
1177  /* If the load or conversion failed, use the failure path */
1178  if (!NT_SUCCESS(Status)) goto FailurePath;
1179 
1180  /* Now set up a name for the actual forwarder dll */
1181  RtlInitAnsiString(&ForwarderName,
1182  ImportName + ForwarderName.Length + sizeof(CHAR));
1183 
1184  /* Check if it's an ordinal forward */
1185  if ((ForwarderName.Length > 1) && (*ForwarderName.Buffer == '#'))
1186  {
1187  /* We don't have an actual function name */
1188  ForwardName = NULL;
1189 
1190  /* Convert the string into an ordinal */
1191  Status = RtlCharToInteger(ForwarderName.Buffer + sizeof(CHAR),
1192  0,
1193  &ForwardOrdinal);
1194 
1195  /* If this fails, then error out */
1196  if (!NT_SUCCESS(Status)) goto FailurePath;
1197  }
1198  else
1199  {
1200  /* Import by name */
1201  ForwardName = &ForwarderName;
1202  ForwardOrdinal = 0;
1203  }
1204 
1205  /* Get the pointer */
1206  Status = LdrpGetProcedureAddress(ForwarderHandle,
1207  ForwardName,
1208  ForwardOrdinal,
1209  (PVOID*)&Thunk->u1.Function,
1210  FALSE);
1211  /* If this fails, then error out */
1212  if (!NT_SUCCESS(Status)) goto FailurePath;
1213  }
1214  else
1215  {
1216  /* It's not within the exports, let's hope it's valid */
1217  if (!AddressOfFunctions[Ordinal]) goto FailurePath;
1218  }
1219 
1220  /* If we got here, then it's success */
1221  Status = STATUS_SUCCESS;
1222  }
1223 
1224  /* Return status */
1225  return Status;
1226 }
1227 
1228 /* EOF */
PCHAR
signed char * PCHAR
Definition: retypes.h:7
Static
Definition: window.h:584
_IMAGE_BOUND_FORWARDER_REF
Definition: winnt_old.h:3233
LdrpLoadImportModule
NTSTATUS NTAPI LdrpLoadImportModule(IN PWSTR DllPath OPTIONAL, IN LPSTR ImportName, OUT PLDR_DATA_TABLE_ENTRY *DataTableEntry, OUT PBOOLEAN Existing)
Definition: ldrpe.c:808
LdrpFatalHardErrorCount
ULONG LdrpFatalHardErrorCount
Definition: ldrinit.c:83
RtlCharToInteger
NTSYSAPI NTSTATUS NTAPI RtlCharToInteger(PCSZ String, ULONG Base, PULONG Value)
Definition: unicode.c:261
IN
#define IN
Definition: typedefs.h:38
RtlRaiseStatus
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
_IMAGE_SECTION_HEADER
Definition: pedump.c:279
_TEB::StaticUnicodeBuffer
WCHAR StaticUnicodeBuffer[261]
Definition: compat.h:526
TRUE
#define TRUE
Definition: types.h:120
Peb
PPEB Peb
Definition: dllmain.c:27
_IMAGE_OPTIONAL_HEADER::DataDirectory
IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]
Definition: ntddk_ex.h:178
_PEB_LDR_DATA::InInitializationOrderModuleList
LIST_ENTRY InInitializationOrderModuleList
Definition: ldrtypes.h:121
_IMAGE_BOUND_IMPORT_DESCRIPTOR::NumberOfModuleForwarderRefs
WORD NumberOfModuleForwarderRefs
Definition: winnt_old.h:3230
_ANSI_STRING::Buffer
PSTR Buffer
Definition: env_spec_w32.h:378
NtRaiseHardError
NTSTATUS NTAPI NtRaiseHardError(IN NTSTATUS ErrorStatus, IN ULONG NumberOfParameters, IN ULONG UnicodeStringParameterMask, IN PULONG_PTR Parameters, IN ULONG ValidResponseOptions, OUT PULONG Response)
Definition: harderr.c:553
DbgPrint
#define DbgPrint
Definition: loader.c:25
LDRP_REDIRECTED
#define LDRP_REDIRECTED
Definition: ldrtypes.h:57
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:54
CHAR
char CHAR
Definition: xmlstorage.h:175
NtProtectVirtualMemory
NTSTATUS NTAPI NtProtectVirtualMemory(IN HANDLE ProcessHandle, IN OUT PVOID *UnsafeBaseAddress, IN OUT SIZE_T *UnsafeNumberOfBytesToProtect, IN ULONG NewAccessProtection, OUT PULONG UnsafeOldAccessProtection)
Definition: virtual.c:2986
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
ShowSnaps
BOOLEAN ShowSnaps
Definition: ldrinit.c:81
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
PIMAGE_BOUND_FORWARDER_REF
struct _IMAGE_BOUND_FORWARDER_REF * PIMAGE_BOUND_FORWARDER_REF
_IMAGE_IMPORT_BY_NAME
Definition: pedump.c:328
DbgPrintEx
NTSYSAPI ULONG __cdecl DbgPrintEx(_In_ ULONG ComponentId, _In_ ULONG Level, _In_z_ _Printf_format_string_ PCSTR Format,...)
PIMAGE_IMPORT_BY_NAME
struct _IMAGE_IMPORT_BY_NAME * PIMAGE_IMPORT_BY_NAME
STATUS_SXS_KEY_NOT_FOUND
#define STATUS_SXS_KEY_NOT_FOUND
Definition: ntstatus.h:1170
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
Definition: pedump.c:270
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
LPSTR
char * LPSTR
Definition: xmlstorage.h:182
_stricmp
#define _stricmp
Definition: cat.c:22
AVrfPageHeapDllNotification
VOID NTAPI AVrfPageHeapDllNotification(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: verifier.c:361
DPFLTR_WARNING_LEVEL
#define DPFLTR_WARNING_LEVEL
Definition: kdtypes.h:31
_IMAGE_NT_HEADERS::OptionalHeader
IMAGE_OPTIONAL_HEADER32 OptionalHeader
Definition: ntddk_ex.h:184
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4250
RtlInitAnsiString
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:63
_PEB::NtGlobalFlag
ULONG NtGlobalFlag
Definition: ntddk_ex.h:270
IMAGE_THUNK_DATA
IMAGE_THUNK_DATA32 IMAGE_THUNK_DATA
Definition: ntimage.h:565
_TEB::StaticUnicodeString
UNICODE_STRING StaticUnicodeString
Definition: compat.h:525
PLDR_MANIFEST_PROBER_ROUTINE
LDR_MANIFEST_PROBER_ROUTINE * PLDR_MANIFEST_PROBER_ROUTINE
Definition: ldrtypes.h:247
LdrpCheckForLoadedDll
BOOLEAN NTAPI LdrpCheckForLoadedDll(IN PWSTR DllPath, IN PUNICODE_STRING DllName, IN BOOLEAN Flag, IN BOOLEAN RedirectedDll, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
Definition: ldrutils.c:1974
_IMAGE_IMPORT_DESCRIPTOR::Name
ULONG Name
Definition: ntimage.h:579
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
AVrfDllLoadNotification
VOID NTAPI AVrfDllLoadNotification(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: verifier.c:294
NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
LdrpSnapThunk
NTSTATUS NTAPI LdrpSnapThunk(IN PVOID ExportBase, IN PVOID ImportBase, IN PIMAGE_THUNK_DATA OriginalThunk, IN OUT PIMAGE_THUNK_DATA Thunk, IN PIMAGE_EXPORT_DIRECTORY ExportEntry, IN ULONG ExportSize, IN BOOLEAN Static, IN LPSTR DllName)
Definition: ldrpe.c:950
UNICODE_NULL
#define UNICODE_NULL
IMAGE_FIRST_SECTION
#define IMAGE_FIRST_SECTION(NtHeader)
Definition: ntimage.h:427
LdrpWalkImportDescriptor
NTSTATUS NTAPI LdrpWalkImportDescriptor(IN LPWSTR DllPath OPTIONAL, IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: ldrpe.c:670
LONG
long LONG
Definition: pedump.c:60
LdrpSnapIAT
NTSTATUS NTAPI LdrpSnapIAT(IN PLDR_DATA_TABLE_ENTRY ExportLdrEntry, IN PLDR_DATA_TABLE_ENTRY ImportLdrEntry, IN PIMAGE_IMPORT_DESCRIPTOR IatEntry, IN BOOLEAN EntriesValid)
Definition: ldrpe.c:26
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
_ANSI_STRING
Definition: env_spec_w32.h:375
_IMAGE_NT_HEADERS
Definition: ntddk_ex.h:181
_IMAGE_BOUND_IMPORT_DESCRIPTOR::OffsetModuleName
WORD OffsetModuleName
Definition: winnt_old.h:3229
NtFlushInstructionCache
NTSTATUS NTAPI NtFlushInstructionCache(_In_ HANDLE ProcessHandle, _In_opt_ PVOID BaseAddress, _In_ SIZE_T FlushSize)
Definition: virtual.c:2919
_IMAGE_SECTION_HEADER::Misc
union _IMAGE_SECTION_HEADER::@1519 Misc
RtlGetActiveActivationContext
NTSYSAPI NTSTATUS WINAPI RtlGetActiveActivationContext(HANDLE *)
Definition: actctx.c:5405
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
LDRP_IMAGE_NOT_AT_BASE
#define LDRP_IMAGE_NOT_AT_BASE
Definition: ldrtypes.h:50
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
NULL
smooth NULL
Definition: ftsmooth.c:416
FLG_APPLICATION_VERIFIER
#define FLG_APPLICATION_VERIFIER
Definition: pstypes.h:64
_IMAGE_FILE_HEADER::NumberOfSections
WORD NumberOfSections
Definition: ntddk_ex.h:123
DPRINT
void DPRINT(...)
Definition: polytest.cpp:61
_IMAGE_SECTION_HEADER::SizeOfRawData
DWORD SizeOfRawData
Definition: pedump.c:289
RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER
#define RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER
Definition: rtltypes.h:101
LdrpNormalSnap
ULONG LdrpNormalSnap
Definition: ldrpe.c:19
PVOID
void * PVOID
Definition: retypes.h:9
_IMAGE_NT_HEADERS::FileHeader
IMAGE_FILE_HEADER FileHeader
Definition: ntddk_ex.h:183
LdrpHandleOneOldFormatImportDescriptor
NTSTATUS NTAPI LdrpHandleOneOldFormatImportDescriptor(IN LPWSTR DllPath OPTIONAL, IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN PIMAGE_IMPORT_DESCRIPTOR *ImportEntry)
Definition: ldrpe.c:516
STATUS_NAME_TOO_LONG
#define STATUS_NAME_TOO_LONG
Definition: ntstatus.h:484
_IMAGE_IMPORT_BY_NAME::Name
BYTE Name[1]
Definition: pedump.c:331
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657
_ANSI_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:377
LdrpHandleNewFormatImportDescriptors
NTSTATUS NTAPI LdrpHandleNewFormatImportDescriptors(IN LPWSTR DllPath OPTIONAL, IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN PIMAGE_BOUND_IMPORT_DESCRIPTOR BoundEntry)
Definition: ldrpe.c:492
STATUS_INVALID_IMAGE_FORMAT
#define STATUS_INVALID_IMAGE_FORMAT
Definition: ntstatus.h:345
_IMAGE_THUNK_DATA32::Ordinal
ULONG Ordinal
Definition: ntimage.h:514
_IMAGE_DATA_DIRECTORY::VirtualAddress
DWORD VirtualAddress
Definition: ntddk_ex.h:132
if
if(!(yy_init))
Definition: macro.lex.yy.c:714
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_IMAGE_BOUND_IMPORT_DESCRIPTOR::TimeDateStamp
DWORD TimeDateStamp
Definition: winnt_old.h:3228
_IMAGE_THUNK_DATA32::Function
ULONG Function
Definition: ntimage.h:513
FLG_HEAP_PAGE_ALLOCS
#define FLG_HEAP_PAGE_ALLOCS
Definition: pstypes.h:84
MAX_PATH
#define MAX_PATH
Definition: compat.h:26
c
const GLubyte * c
Definition: glext.h:8905
_IMAGE_BOUND_FORWARDER_REF::OffsetModuleName
WORD OffsetModuleName
Definition: winnt_old.h:3235
_IMAGE_BOUND_FORWARDER_REF::TimeDateStamp
DWORD TimeDateStamp
Definition: winnt_old.h:3234
RtlDeactivateActivationContextUnsafeFast
PRTL_ACTIVATION_CONTEXT_STACK_FRAME FASTCALL RtlDeactivateActivationContextUnsafeFast(IN PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED Frame)
Definition: actctx.c:5934
RtlFreeUnicodeString
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
RtlGetCurrentPeb
PPEB NTAPI RtlGetCurrentPeb(VOID)
Definition: libsupp.c:63
LdrpGetProcedureAddress
NTSTATUS NTAPI LdrpGetProcedureAddress(IN PVOID BaseAddress, IN PANSI_STRING Name, IN ULONG Ordinal, OUT PVOID *ProcedureAddress, IN BOOLEAN ExecuteInit)
Definition: ldrutils.c:2247
ActCtx
_In_ PCWSTR _Out_ PVOID * ActCtx
Definition: ldrtypes.h:246
_ANSI_STRING::Length
USHORT Length
Definition: env_spec_w32.h:376
Start
Definition: partlist.h:33
Response
Definition: ncftp.h:89
ASSERT
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
LdrpHandleOldFormatImportDescriptors
NTSTATUS NTAPI LdrpHandleOldFormatImportDescriptors(IN LPWSTR DllPath OPTIONAL, IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN PIMAGE_IMPORT_DESCRIPTOR ImportEntry)
Definition: ldrpe.c:606
PBOOLEAN
char * PBOOLEAN
Definition: retypes.h:11
_IMAGE_EXPORT_DIRECTORY
Definition: compat.h:144
STATUS_RESOURCE_DATA_NOT_FOUND
#define STATUS_RESOURCE_DATA_NOT_FOUND
Definition: ntstatus.h:359
L
static const WCHAR L[]
Definition: oid.c:1250
RtlImageDirectoryEntryToData
#define RtlImageDirectoryEntryToData
Definition: compat.h:460
LdrpMapDll
NTSTATUS NTAPI LdrpMapDll(IN PWSTR SearchPath OPTIONAL, IN PWSTR DllPath2, IN PWSTR DllName OPTIONAL, IN PULONG DllCharacteristics, IN BOOLEAN Static, IN BOOLEAN Redirect, OUT PLDR_DATA_TABLE_ENTRY *DataTableEntry)
Definition: ldrutils.c:1020
VOID
#define VOID
Definition: acefi.h:82
RtlDosApplyFileIsolationRedirection_Ustr
NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG Flags, IN PUNICODE_STRING OriginalName, IN PUNICODE_STRING Extension, IN OUT PUNICODE_STRING StaticString, IN OUT PUNICODE_STRING DynamicString, IN OUT PUNICODE_STRING *NewName, IN PULONG NewFlags, IN PSIZE_T FileNameSize, IN PSIZE_T RequiredLength)
Definition: libsupp.c:778
_LDR_DATA_TABLE_ENTRY
Definition: btrfs_drv.h:1801
LdrpLoadDll
NTSTATUS NTAPI LdrpLoadDll(IN BOOLEAN Redirected, IN PWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *BaseAddress, IN BOOLEAN CallInit)
Definition: ldrutils.c:2424
LdrpManifestProberRoutine
PLDR_MANIFEST_PROBER_ROUTINE LdrpManifestProberRoutine
Definition: ldrpe.c:18
IMAGE_DIRECTORY_ENTRY_IAT
#define IMAGE_DIRECTORY_ENTRY_IAT
Definition: pedump.c:271
IMAGE_DIRECTORY_ENTRY_EXPORT
#define IMAGE_DIRECTORY_ENTRY_EXPORT
Definition: compat.h:140
Status
Status
Definition: gdiplustypes.h:24
LdrpHandleOneNewFormatImportDescriptor
NTSTATUS NTAPI LdrpHandleOneNewFormatImportDescriptor(IN LPWSTR DllPath OPTIONAL, IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN PIMAGE_BOUND_IMPORT_DESCRIPTOR *BoundEntryPtr, IN PIMAGE_BOUND_IMPORT_DESCRIPTOR FirstEntry)
Definition: ldrpe.c:259
_LDR_DATA_TABLE_ENTRY::TimeDateStamp
ULONG TimeDateStamp
Definition: btrfs_drv.h:1814
STATUS_ORDINAL_NOT_FOUND
#define STATUS_ORDINAL_NOT_FOUND
Definition: ntstatus.h:534
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:78
_UNICODE_STRING
Definition: env_spec_w32.h:368
_TEB
Definition: compat.h:484
_SEH2_END
_SEH2_END
Definition: create.c:4424
_PEB
Definition: btrfs_drv.h:1832
NtCurrentTeb
FORCEINLINE struct _TEB * NtCurrentTeb(VOID)
Definition: psfuncs.h:420
IMAGE_SNAP_BY_ORDINAL
#define IMAGE_SNAP_BY_ORDINAL(Ordinal)
Definition: ntimage.h:567
STATUS_RESOURCE_LANG_NOT_FOUND
#define STATUS_RESOURCE_LANG_NOT_FOUND
Definition: ntstatus.h:634
NtCurrentPeb
#define NtCurrentPeb()
Definition: FLS.c:19
DPFLTR_ERROR_LEVEL
#define DPFLTR_ERROR_LEVEL
Definition: main.cpp:32
USHORT
unsigned short USHORT
Definition: pedump.c:61
RtlAnsiStringToUnicodeString
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
_PEB::Ldr
PPEB_LDR_DATA Ldr
Definition: btrfs_drv.h:1837
DllPath
static const char const char * DllPath
Definition: image.c:34
STATUS_RESOURCE_NAME_NOT_FOUND
#define STATUS_RESOURCE_NAME_NOT_FOUND
Definition: ntstatus.h:361
RtlAppendUnicodeStringToString
NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeStringToString(PUNICODE_STRING Destination, PUNICODE_STRING Source)
STATUS_NO_SUCH_FILE
#define STATUS_NO_SUCH_FILE
Definition: udferr_usr.h:137
FLG_HEAP_ENABLE_TAG_BY_DLL
#define FLG_HEAP_ENABLE_TAG_BY_DLL
Definition: pstypes.h:70
_LDR_DATA_TABLE_ENTRY::BaseDllName
UNICODE_STRING BaseDllName
Definition: ldrtypes.h:144
STATUS_OBJECT_NAME_INVALID
#define STATUS_OBJECT_NAME_INVALID
Definition: udferr_usr.h:148
PULONG
unsigned int * PULONG
Definition: retypes.h:1
_IMAGE_THUNK_DATA32
Definition: ntimage.h:510
strchr
char * strchr(const char *String, int ch)
Definition: utclib.c:501
DPRINT1
#define DPRINT1
Definition: precomp.h:8
PIMAGE_BOUND_IMPORT_DESCRIPTOR
struct _IMAGE_BOUND_IMPORT_DESCRIPTOR * PIMAGE_BOUND_IMPORT_DESCRIPTOR
RtlImageNtHeader
#define RtlImageNtHeader
Definition: compat.h:457
_IMAGE_SECTION_HEADER::VirtualSize
DWORD VirtualSize
Definition: pedump.c:285
STATUS_ENTRYPOINT_NOT_FOUND
#define STATUS_ENTRYPOINT_NOT_FOUND
Definition: ntstatus.h:535
IMAGE_DIRECTORY_ENTRY_IMPORT
#define IMAGE_DIRECTORY_ENTRY_IMPORT
Definition: pedump.c:260
RtlActivateActivationContextUnsafeFast
PRTL_ACTIVATION_CONTEXT_STACK_FRAME FASTCALL RtlActivateActivationContextUnsafeFast(IN PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED Frame, IN PVOID Context)
Definition: actctx.c:5857
OUT
#define OUT
Definition: typedefs.h:39
_LDR_DATA_TABLE_ENTRY::Flags
ULONG Flags
Definition: ntddk_ex.h:207
c
#define c
Definition: ke_i.h:80
ULONG
unsigned int ULONG
Definition: retypes.h:1
strcmp
int strcmp(const char *String1, const char *String2)
Definition: utclib.c:469
Response
struct Response Response
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
_IMAGE_BOUND_IMPORT_DESCRIPTOR
Definition: winnt_old.h:3227
_IMAGE_IMPORT_BY_NAME::Hint
WORD Hint
Definition: pedump.c:330
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
IMAGE_ORDINAL
#define IMAGE_ORDINAL(Ordinal)
Definition: pedump.c:337
LdrpInLdrInit
BOOLEAN LdrpInLdrInit
Definition: ldrinit.c:30
LdrApiDefaultExtension
UNICODE_STRING LdrApiDefaultExtension
Definition: ldrapi.c:22
p
GLfloat GLfloat p
Definition: glext.h:8902
LPWSTR
WCHAR * LPWSTR
Definition: xmlstorage.h:184
STATUS_SUCCESS
return STATUS_SUCCESS
Definition: btrfs.c:2725
__FUNCTION__
#define __FUNCTION__
Definition: types.h:112
StringBuffer
WCHAR StringBuffer[156]
Definition: ldrinit.c:41
_IMAGE_IMPORT_DESCRIPTOR
Definition: ntimage.h:572
PUSHORT
unsigned short * PUSHORT
Definition: retypes.h:2
_LDR_DATA_TABLE_ENTRY::InInitializationOrderLinks
LIST_ENTRY InInitializationOrderLinks
Definition: ldrtypes.h:139
StaticString
IN PUNICODE_STRING StaticString
Definition: RtlGetFullPathName_UstrEx.c:29
PIMAGE_THUNK_DATA
PIMAGE_THUNK_DATA32 PIMAGE_THUNK_DATA
Definition: ntimage.h:566
_IMAGE_THUNK_DATA32::u1
union _IMAGE_THUNK_DATA32::@2046 u1
LdrpNameToOrdinal
USHORT NTAPI LdrpNameToOrdinal(IN LPSTR ImportName, IN ULONG NumberOfNames, IN PVOID ExportBase, IN PULONG NameTable, IN PUSHORT OrdinalTable)
Definition: ldrpe.c:628
PAGE_READWRITE
#define PAGE_READWRITE
Definition: nt_native.h:1304
_IMAGE_SECTION_HEADER::VirtualAddress
DWORD VirtualAddress
Definition: pedump.c:288
STATUS_RESOURCE_TYPE_NOT_FOUND
#define STATUS_RESOURCE_TYPE_NOT_FOUND
Definition: ntstatus.h:360
OPTIONAL
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68