14#define APPHELP_NOSDBPAPI
80 SHIMENG_FAIL(
"Failed to allocate %d bytes\n",
Count *
ItemSize);
115 ASSERT(n < Array->Size__);
122#define ARRAY_Init(Array, TypeOfArray) ARRAY_InitWorker((Array), sizeof(TypeOfArray))
123#define ARRAY_Append(Array, TypeOfArray) (TypeOfArray*)ARRAY_AppendWorker((Array), sizeof(TypeOfArray), 5)
124#define ARRAY_At(Array, TypeOfArray, at) (TypeOfArray*)ARRAY_AtWorker((Array), sizeof(TypeOfArray), at)
125#define ARRAY_Size(Array) (Array)->Size__
136 RtlInitEmptyUnicodeString(&DebugValue,
Buffer,
sizeof(
Buffer));
164 const char* LevelStr;
242 return strcmp(lpProcName1, lpProcName2);
262 if (!pShimModule->pNotifyShims)
273 ULONG ComSectionSize;
276 SHIMENG_INFO(
"COM+ executable %s\n",
g_bComPlusImage ?
"TRUE" :
"FALSE");
304 SHIMENG_WARN(
"Failed to resolve entry points for %S\n", DllName);
320 Data->pNotifyShims = pNotifyShims;
345 Data->pHookApi = pHookApi;
346 Data->dwHookCount = dwHookCount;
347 Data->pShimModule = pShimModuleInfo;
383 SHIMENG_FAIL(
"Unable to convert dll name to unicode\n");
391 SHIMENG_FAIL(
"Unable to get module handle for %wZ (%p)\n", &DllName, DllBase);
466 SHIMENG_INFO(
"%wZ=%wZ\n", &VarName, &
Value);
468 SHIMENG_FAIL(
"Failed to set %wZ: 0x%x\n", &VarName,
Status);
471#define MAX_LAYER_LENGTH 256
525 if (wszLayerEnvVar[0])
530 SHIMENG_FAIL(
"Unable to append %S\n", LayerName);
551 if (wszLayerEnvVar[0])
562 RtlInitEmptyUnicodeString(&UnicodeModName, Buf,
sizeof(Buf));
564 for (
n = 0;
n < dwHookCount; ++
n)
575 SHIMENG_FAIL(
"Unable to convert %s to Unicode\n",
hook->LibraryName);
600 hook->pShimInfo = pShim;
633 char szOrdProcFmt[10];
690 char szOrdProcFmt[10];
692 SHIMENG_FAIL(
"Unable to retrieve %s!%s\n", HookApi->
LibraryName, lpFunctionName);
699 SHIMENG_MSG(
"TODO: Figure out how to handle conflicting In/Exports with ApiLink!\n");
738 for (
n = 0;
n < dwShimCount; ++
n)
766 ULONG OldProtection = 0;
770 char szOrdProcFmt[10];
780 SHIMENG_FAIL(
"Unable to unprotect 0x%p\n", &FirstThunk->
u1.
Function);
792 SHIMENG_WARN(
"Unable to reprotect 0x%p\n", &FirstThunk->
u1.
Function);
817 char szOrdProcFmt[10];
836 SHIMENG_INFO(
"Module '%wZ' excluded for shim %S, API '%s!%s', because it on in the exclude list.\n",
844 SHIMENG_INFO(
"Module '%wZ' included for shim %S, API '%s!%s', because it is on the include list.\n",
853 SHIMENG_INFO(
"Module '%wZ' excluded for shim %S, API '%s!%s', because it is in System32/WinSXS.\n",
908 SHIMENG_WARN(
"INEXCLUDE without Module: 0x%x\n", InExcludeTag);
923 SHIMENG_WARN(
"Unable to resolve database root\n");
929 SHIMENG_WARN(
"Unable to resolve database\n");
935 SHIMENG_WARN(
"Unable to resolve library\n");
1015 SHIMENG_INFO(
"Skipping shim module 0x%p \"%wZ\"\n", LdrEntry->
DllBase, &LdrEntry->
BaseDllName);
1021 SHIMENG_INFO(
"Skipping module 0x%p \"%wZ\" because it was already processed\n", LdrEntry->
DllBase, &LdrEntry->
BaseDllName);
1026 if (!ImportDescriptor)
1028 SHIMENG_INFO(
"Skipping module 0x%p \"%wZ\" due to no iat found\n", LdrEntry->
DllBase, &LdrEntry->
BaseDllName);
1032 SHIMENG_INFO(
"Hooking module 0x%p \"%wZ\"\n", LdrEntry->
DllBase, &LdrEntry->
BaseDllName);
1035 if (!HasImportNameTable)
1039 SHIMENG_INFO(
"Module 0x%p \"%wZ\" does not have an import name table\n", LdrEntry->
DllBase, &LdrEntry->
BaseDllName);
1067 if (HasImportNameTable)
1080 char szOrdProcFmt[10];
1103 ListHead = &
NtCurrentPeb()->Ldr->InLoadOrderModuleList;
1104 ListEntry = ListHead->
Flink;
1106 while (ListHead != ListEntry)
1111 ListEntry = ListEntry->
Flink;
1118#define SYSTEM32 L"\\system32"
1119#define WINSXS L"\\winsxs"
1143 ListHead = &
NtCurrentPeb()->Ldr->InInitializationOrderModuleList;
1145 while (
Entry != ListHead)
1157 SHIMENG_WARN(
"Don't mess with 0x%p '%wZ'\n", LdrEntry->
DllBase, &LdrEntry->
BaseDllName);
1166 ListHead = &
NtCurrentPeb()->Ldr->InMemoryOrderModuleList;
1168 SHIMENG_INFO(
"In memory:\n");
1169 while (
Entry != ListHead)
1177 ListHead = &
NtCurrentPeb()->Ldr->InLoadOrderModuleList;
1179 SHIMENG_INFO(
"In load:\n");
1180 while (
Entry != ListHead)
1194 ListHead = &
NtCurrentPeb()->Ldr->InInitializationOrderModuleList;
1196 while (
Entry != ListHead)
1206 !(LdrEntry->
Flags & LDRP_SHIMENG_SUPPRESSED_ENTRY))
1208 SHIMENG_WARN(
"Don't mess with 0x%p '%wZ'\n", LdrEntry->
DllBase, &LdrEntry->
BaseDllName);
1222 DWORD dwTotalHooks = 0;
1270 SHIMENG_INFO(
"Got %d shims\n",
ARRAY_Size(&ShimRefArray));
1297 SHIMENG_FAIL(
"Failed to retrieve the name for 0x%x\n", tr);
1302 if (CommandLine && *CommandLine)
1307 SHIMENG_INFO(
"COMMAND LINE %s for %S", AnsiCommandLine.
Buffer, ShimName);
1311 AnsiCommandLine.
Buffer =
"";
1319 SHIMENG_FAIL(
"Failed to resolve %S to a shim\n", ShimName);
1325 SHIMENG_WARN(
"Failed to get the AppPatch dir\n");
1330 if (DllName ==
NULL ||
1334 SHIMENG_WARN(
"Failed to build a full path for %S\n", ShimName);
1347 SHIMENG_WARN(
"Failed to load %wZ for %S\n", &UnicodeDllName, ShimName);
1352 if (!pShimModuleInfo)
1355 if (!pShimModuleInfo)
1357 SHIMENG_FAIL(
"Failed to allocate ShimInfo for %S\n", DllName);
1362 SHIMENG_INFO(
"Shim DLL 0x%p \"%wZ\" loaded\n",
BaseAddress, &UnicodeDllName);
1363 SHIMENG_INFO(
"Using SHIM \"%S!%S\"\n", DllName, ShimName);
1367 pHookApi = pShimModuleInfo->pGetHookAPIs(AnsiCommandLine.
Buffer, ShimName, &dwHookCount);
1368 SHIMENG_INFO(
"GetHookAPIs returns %d hooks for DLL \"%wZ\" SHIM \"%S\"\n", dwHookCount, &UnicodeDllName, ShimName);
1369 if (dwHookCount && pHookApi)
1370 pShimInfo =
SeiAppendHookInfo(pShimModuleInfo, pHookApi, dwHookCount, ShimName);
1378 if (CommandLine && *CommandLine)
1381 dwTotalHooks += dwHookCount;
1419 PathDivider +=
sizeof(
WCHAR);
1422 ProcessName.
Length = ProcessImage->
Length - PathDivider;
1429 SHIMENG_MSG(
"Not shimming %wZ\n", ForbiddenShimmingApps +
n);
1454 SHIMENG_INFO(
"(%wZ, %p)\n", ProcessImage, pShimData);
1456 if (!
SeiGetShimData(ProcessImage, pShimData, &hsdb, &QueryResult))
1458 SHIMENG_FAIL(
"Failed to get shim data\n");
1476 SHIMENG_MSG(
"()\n");
1500 SHIMENG_INFO(
"(%p)\n", LdrEntry);
1524 SHIMENG_MSG(
"ReactOS HACK(CORE-13283): ShimEng already initialized!\n");
std::map< E_MODULE, HMODULE > mod
ACPI_BUFFER *RetBuffer ACPI_BUFFER *RetBuffer char ACPI_WALK_RESOURCE_CALLBACK void *Context ACPI_BUFFER *RetBuffer UINT16 ACPI_RESOURCE **ResourcePtr ACPI_GENERIC_ADDRESS *Reg UINT32 *ReturnValue UINT8 UINT8 *Slp_TypB ACPI_PHYSICAL_ADDRESS PhysicalAddress64 UINT32 UINT32 *TimeElapsed UINT32 ACPI_STATUS const char UINT32 ACPI_STATUS const char UINT32 const char const char * ModuleName
DWORD SdbpStrsize(PCWSTR string)
#define SDB_DATABASE_MAIN_SHIM
TAGID WINAPI SdbFindFirstTag(PDB pdb, TAGID parent, TAG tag)
BOOL WINAPI SdbTagRefToTagID(HSDB hsdb, TAGREF trWhich, PDB *ppdb, TAGID *ptiWhich)
void WINAPI SdbReleaseDatabase(HSDB)
PWSTR SdbpStrDup(LPCWSTR string)
HRESULT WINAPI SdbGetAppPatchDir(HSDB db, LPWSTR path, DWORD size)
BOOL WINAPI SdbTagIDToTagRef(HSDB hsdb, PDB pdb, TAGID tiWhich, TAGREF *ptrWhich)
HSDB WINAPI SdbInitDatabase(DWORD, LPCWSTR)
QWORD WINAPI SdbReadQWORDTag(PDB pdb, TAGID tagid, QWORD ret)
BOOL WINAPI SdbUnpackAppCompatData(HSDB hsdb, LPCWSTR pszImageName, PVOID pData, PSDBQUERYRESULT pQueryResult)
TAGID WINAPI SdbFindNextTag(PDB pdb, TAGID parent, TAGID prev_child)
DWORD WINAPI SdbReadDWORDTag(PDB pdb, TAGID tagid, DWORD ret)
LPWSTR WINAPI SdbGetStringTagPtr(PDB pdb, TAGID tagid)
_In_ CDROM_SCAN_FOR_SPECIAL_INFO _In_ PCDROM_SCAN_FOR_SPECIAL_HANDLER Function
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define NT_SUCCESS(StatCode)
PHOOKAPI WINAPI GetHookAPIs(IN LPCSTR szCommandLine, IN LPCWSTR wszShimName, OUT PDWORD pdwHookCount)
PVOID NTAPI RtlPcToFileHeader(IN PVOID PcValue, PVOID *BaseOfImage)
#define RtlImageDirectoryEntryToData
_ACRTIMP int __cdecl strcmp(const char *, const char *)
NTSTATUS RtlAppendUnicodeToString(IN PUNICODE_STRING Str1, IN PWSTR Str2)
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
GLuint GLuint GLsizei GLenum type
GLenum const GLvoid * addr
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
macro IMPORT Name endm macro EXPORT Name global &Name endm macro TEXTAREA section rx align endm macro DATAAREA section rw endm macro RODATAAREA section rw endm macro NESTED_ENTRY Name FuncName equ &Name PrologName equ &Name &_Prolog FuncEndName equ &Name &_end global &FuncName align func &FuncName & FuncName
NTSTATUS NTAPI LdrGetDllHandle(_In_opt_ PWSTR DllPath, _In_opt_ PULONG DllCharacteristics, _In_ PUNICODE_STRING DllName, _Out_ PVOID *DllHandle)
NTSTATUS NTAPI DECLSPEC_HOTPATCH LdrLoadDll(_In_opt_ PWSTR SearchPath, _In_opt_ PULONG DllCharacteristics, _In_ PUNICODE_STRING DllName, _Out_ PVOID *BaseAddress)
NTSTATUS NTAPI LdrGetProcedureAddress(_In_ PVOID BaseAddress, _In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING Name, _In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG Ordinal, _Out_ PVOID *ProcedureAddress)
#define LDRP_ENTRY_PROCESSED
#define LDRP_COMPAT_DATABASE_PROCESSED
#define memcpy(s1, s2, n)
LPCWSTR LPCWSTR LPCWSTR DWORD PSDBQUERYRESULT_VISTA pQueryResult
static tGETHOOKAPIS pGetHookAPIs
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
NTSYSAPI NTSTATUS NTAPI RtlSetEnvironmentVariable(_In_z_ PWSTR *Environment, _In_ PUNICODE_STRING Name, _In_ PUNICODE_STRING Value)
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz(_Out_ PUNICODE_STRING Destination, _In_ PCSZ Source)
NTSYSAPI NTSTATUS NTAPI RtlQueryEnvironmentVariable_U(_In_opt_ PWSTR Environment, _In_ PCUNICODE_STRING Name, _Out_ PUNICODE_STRING Value)
NTSYSAPI VOID NTAPI RtlCopyUnicodeString(PUNICODE_STRING DestinationString, PUNICODE_STRING SourceString)
NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToAnsiString(PANSI_STRING DestinationString, PUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString)
NTSYSAPI VOID NTAPI RtlFreeAnsiString(PANSI_STRING AnsiString)
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
#define NtCurrentProcess()
NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToInteger(PUNICODE_STRING String, ULONG Base, PULONG Value)
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI BOOLEAN NTAPI RtlPrefixUnicodeString(IN PUNICODE_STRING String1, IN PUNICODE_STRING String2, IN BOOLEAN CaseInSensitive)
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
#define PAGE_EXECUTE_READWRITE
_In_ ULONG _In_ ULONG _In_ ULONG Length
#define IMAGE_SNAP_BY_ORDINAL(Ordinal)
#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
PIMAGE_THUNK_DATA32 PIMAGE_THUNK_DATA
#define RTL_FIND_CHAR_IN_UNICODE_STRING_START_AT_END
NTSTATUS NTAPI RtlFindCharInUnicodeString(_In_ ULONG Flags, _In_ PCUNICODE_STRING SearchString, _In_ PCUNICODE_STRING MatchString, _Out_ PUSHORT Position)
NTSTATUS NTAPI NtProtectVirtualMemory(IN HANDLE ProcessHandle, IN OUT PVOID *UnsafeBaseAddress, IN OUT SIZE_T *UnsafeNumberOfBytesToProtect, IN ULONG NewAccessProtection, OUT PULONG UnsafeOldAccessProtection)
#define STRSAFE_NULL_ON_FAILURE
#define IMAGE_DIRECTORY_ENTRY_IMPORT
struct _IMAGE_IMPORT_BY_NAME * PIMAGE_IMPORT_BY_NAME
#define IMAGE_ORDINAL(Ordinal)
LPVOID SdbpAlloc(SIZE_T size)
#define TAG_FLAG_PROCESSPARAM
#define TAG_FLAG_MASK_KERNEL
#define TAG_FLAG_MASK_USER
VOID SeiAppendInExclude(PARRAY dest, PCWSTR ModuleName, BOOL IsInclude)
BOOL SeiIsExcluded(PLDR_DATA_TABLE_ENTRY LdrEntry, PHOOKAPIEX HookApi)
VOID SeiCombineHookInfo(VOID)
PHOOKMODULEINFO SeiFindHookModuleInfo(PUNICODE_STRING ModuleName, PVOID BaseAddress)
PHOOKMODULEINFO SeiFindHookModuleInfoForImportDescriptor(PBYTE DllBase, PIMAGE_IMPORT_DESCRIPTOR ImportDescriptor)
static const UNICODE_STRING Verifier
PINEXCLUDE SeiFindInExclude(PARRAY InExclude, PCUNICODE_STRING DllName)
BOOL WINAPI SE_DynamicShim(LPCWSTR ProcessImage, HSDB hsdb, PVOID pQueryResult, LPCSTR Module, LPDWORD lpdwDynamicToken)
VOID NotifyShims(DWORD dwReason, PVOID Info)
PSHIMINFO SeiAppendHookInfo(PSHIMMODULE pShimModuleInfo, PHOOKAPIEX pHookApi, DWORD dwHookCount, PCWSTR ShimName)
VOID SeiAddInternalHooks(DWORD dwNumHooks)
static DWORD SeiGetDWORD(PDB pdb, TAGID tag, TAG type)
DWORD SeiPatchImportsByAddress(PIMAGE_THUNK_DATA FirstThunk, PHOOKAPIEX HookApi, PLDR_DATA_TABLE_ENTRY LdrEntry)
VOID SeiBuildGlobalInclExclList(HSDB hsdb)
static PVOID ARRAY_AtWorker(PARRAY Array, DWORD ItemSize, DWORD n)
VOID SeiCheckComPlusImage(PVOID BaseAddress)
static UNICODE_STRING g_LoadingShimDll
DWORD SeiPatchImportsByName(PIMAGE_THUNK_DATA OriginalThunk, PIMAGE_THUNK_DATA FirstThunk, PHOOKAPIEX HookApi, PLDR_DATA_TABLE_ENTRY LdrEntry)
#define ARRAY_Init(Array, TypeOfArray)
VOID SeiResetEntryProcessed(PPEB Peb)
PVOID SeiGetModuleFromAddress(PVOID addr)
static UNICODE_STRING g_System32Directory
static const UNICODE_STRING Ntdll
VOID SeiResolveAPI(PHOOKMODULEINFO HookModuleInfo)
FARPROC WINAPI StubGetProcAddress(HINSTANCE hModule, LPCSTR lpProcName)
BOOLEAN NTAPI LdrInitShimEngineDynamic(IN PVOID BaseAddress)
BOOL SeiGetShimData(PUNICODE_STRING ProcessImage, PVOID pShimData, HSDB *pHsdb, SDBQUERYRESULT *pQuery)
VOID SeiPatchNewImport(PIMAGE_THUNK_DATA FirstThunk, PHOOKAPIEX HookApi, PLDR_DATA_TABLE_ENTRY LdrEntry)
VOID SeiReadInExclude(PDB pdb, TAGID parent, PARRAY dest)
#define ARRAY_Append(Array, TypeOfArray)
BOOL g_bInternalHooksUsed
BOOL WINAPIV SeiDbgPrint(SEI_LOG_LEVEL Level, PCSTR Function, PCSTR Format,...)
LPCSTR SeiPrintFunctionName(LPCSTR lpProcName, char szOrdProcFmt[10])
VOID PatchNewModules(PPEB Peb)
static PVOID ARRAY_AppendWorker(PARRAY Array, DWORD ItemSize, DWORD GrowWith)
static VOID SeiBuildShimRefArray(HSDB hsdb, SDBQUERYRESULT *pQuery, PARRAY pShimRef, PFLAGINFO pFlagInfo)
static UNICODE_STRING g_SxsDirectory
VOID SeiBuildInclExclList(PDB pdb, TAGID ShimTag, PSHIMINFO pShimInfo)
static UNICODE_STRING g_WindowsDirectory
PSHIMMODULE SeiCreateShimModuleInfo(PCWSTR DllName, PVOID BaseAddress)
static LPCWSTR SeiGetStringPtr(PDB pdb, TAGID tag, TAG type)
int SeiCompareFunctionName(LPCSTR lpProcName1, LPCSTR lpProcName2)
VOID NTAPI SE_InstallAfterInit(PUNICODE_STRING ProcessImage, PVOID pShimData)
VOID NTAPI SE_InstallBeforeInit(PUNICODE_STRING ProcessImage, PVOID pShimData)
static VOID SeiAddShim(TAGREF trShimRef, PARRAY pShimRef)
static BOOL SeiIsOrdinalName(LPCSTR lpProcName)
VOID SeiResolveAPIs(VOID)
BOOL WINAPI SE_IsShimDll(PVOID BaseAddress)
VOID SeiInitDebugSupport(VOID)
static BOOL ARRAY_EnsureSize(PARRAY Array, DWORD ItemSize, DWORD GrowWith)
#define ARRAY_Size(Array)
ULONG g_ShimEngDebugLevel
VOID NTAPI SE_ProcessDying(VOID)
static VOID SeiSetLayerEnvVar(LPCWSTR wszLayer)
VOID WINAPI SE_DllLoaded(PLDR_DATA_TABLE_ENTRY LdrEntry)
static VOID SeiAddFlag(PDB pdb, TAGID tiFlagRef, PFLAGINFO pFlagInfo)
static BOOL ARRAY_InitWorker(PARRAY Array, DWORD ItemSize)
static ARRAY g_pHookArray
static const UNICODE_STRING Kernel32
static QWORD SeiGetQWORD(PDB pdb, TAGID tag, TAG type)
VOID SeiSetEntryProcessed(PPEB Peb)
#define ARRAY_At(Array, TypeOfArray, at)
VOID WINAPI SE_DllUnloaded(PLDR_DATA_TABLE_ENTRY LdrEntry)
BOOL g_bShimEngInitialized
VOID SeiInit(LPCWSTR ProcessImage, HSDB hsdb, SDBQUERYRESULT *pQuery, BOOLEAN ProcessInit)
VOID SeiHookImports(PLDR_DATA_TABLE_ENTRY LdrEntry)
PSHIMMODULE SeiGetShimModuleInfo(PVOID BaseAddress)
VOID SeiAddHooks(PHOOKAPIEX hooks, DWORD dwHookCount, PSHIMINFO pShim)
FARPROC(WINAPI * GETPROCADDRESSPROC)(HINSTANCE, LPCSTR)
#define SHIM_REASON_DLL_UNLOAD
#define SHIM_REASON_DLL_LOAD
#define SHIM_NOTIFY_DETACH
enum _SEI_LOG_LEVEL SEI_LOG_LEVEL
#define SHIM_NOTIFY_ATTACH
STRSAFEAPI StringCchVPrintfExA(STRSAFE_LPSTR pszDest, size_t cchDest, STRSAFE_LPSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags, STRSAFE_LPCSTR pszFormat, va_list argList)
STRSAFEAPI StringCchCatW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
STRSAFEAPI StringCchPrintfExA(STRSAFE_LPSTR pszDest, size_t cchDest, STRSAFE_LPSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags, STRSAFE_LPCSTR pszFormat,...)
STRSAFEAPI StringCchPrintfA(STRSAFE_LPSTR pszDest, size_t cchDest, STRSAFE_LPCSTR pszFormat,...)
base of all file and directory entries
ULONG ProcessParameters_Flags
ULARGE_INTEGER AppCompatFlagsUser
ULARGE_INTEGER AppCompatFlags
union _IMAGE_THUNK_DATA32::@2328 u1
UNICODE_STRING FullDllName
UNICODE_STRING BaseDllName
struct _LIST_ENTRY * Flink
PRTL_USER_PROCESS_PARAMETERS ProcessParameters
ULARGE_INTEGER AppCompatFlagsUser
ULARGE_INTEGER AppCompatFlags
PVOID ReplacementFunction
#define RTL_CONSTANT_STRING(s)
TW_UINT32 TW_UINT16 TW_UINT16 TW_MEMREF pData
#define RtlZeroMemory(Destination, Length)
#define CONTAINING_RECORD(address, type, field)
_Must_inspect_result_ _In_ WDFCHILDLIST _In_ PWDF_CHILD_LIST_ITERATOR _Out_ WDFDEVICE _Inout_opt_ PWDF_CHILD_RETRIEVE_INFO Info
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _Out_opt_ PUSHORT _Inout_opt_ PUNICODE_STRING Value
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
1.9.6