Include dependency graph for ldrapi.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
Macro Definition Documentation
◆ NDEBUG
Function Documentation
◆ LdrAccessOutOfProcessResource()
| NTSTATUS NTAPI LdrAccessOutOfProcessResource | ( | IN PVOID | Unknown, |
| IN PVOID | Image, | ||
| IN PVOID | Unknown1, | ||
| IN PVOID | Unknown2, | ||
| IN PVOID | Unknown3 | ||
| ) |
◆ LdrAddRefDll()
Definition at line 1219 of file ldrapi.c.
1222{
1223 PLDR_DATA_TABLE_ENTRY LdrEntry;
1227
1228 /* Check for invalid flags */
1230 {
1231 /* Fail with invalid parameter status if so */
1233 goto quickie;
1234 }
1235
1236 /* Acquire the loader lock if not in init phase */
1238 {
1239 /* Acquire the lock */
1243 }
1244
1245 /* Get this module's data table entry */
1247 {
1248 if (!LdrEntry)
1249 {
1250 /* Shouldn't happen */
1252 goto quickie;
1253 }
1254
1255 /* If this is not a pinned module */
1257 {
1258 /* Update its load count */
1260 {
1261 /* Pin it by setting load count to -1 */
1262 LdrEntry->LoadCount = 0xFFFF;
1264 }
1265 else
1266 {
1267 /* Increase its load count by one */
1268 LdrEntry->LoadCount++;
1270 }
1271
1272 /* Clear load in progress */
1273 LdrpClearLoadInProgress();
1274 }
1275 }
1276 else
1277 {
1278 /* There was an error getting this module's handle, return invalid param status */
1280 }
1281
1282quickie:
1283 /* Check for error case */
1285 {
1286 /* Print debug information */
1290 {
1292 }
1293 }
1294
1295 /* Release the lock if needed */
1298}
NTSTATUS NTAPI LdrUnlockLoaderLock(_In_ ULONG Flags, _In_opt_ ULONG_PTR Cookie)
Definition: ldrapi.c:101
NTSTATUS NTAPI LdrLockLoaderLock(_In_ ULONG Flags, _Out_opt_ PULONG Disposition, _Out_opt_ PULONG_PTR Cookie)
Definition: ldrapi.c:174
#define LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS
Definition: ldrtypes.h:86
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize _Pre_valid_ PVOID * BaseAddress
Definition: mmfuncs.h:404
BOOLEAN NTAPI LdrpCheckForLoadedDllHandle(IN PVOID Base, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
Definition: ldrutils.c:1600
VOID NTAPI LdrpUpdateLoadCount2(IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Flags)
Definition: ldrutils.c:434
Definition: btrfs_drv.h:1876
Referenced by BasepGetModuleHandleExW(), DllMain(), GetModuleHandleExW(), test_LdrAddRefDll(), and tp_object_initialize().
◆ LdrAlternateResourcesEnabled()
Definition at line 81 of file ldrapi.c.
Referenced by LdrLoadAlternateResourceModule().
◆ LdrCreateOutOfProcessImage()
| NTSTATUS NTAPI LdrCreateOutOfProcessImage | ( | IN ULONG | Flags, |
| IN HANDLE | ProcessHandle, | ||
| IN HANDLE | DllHandle, | ||
| IN PVOID | Unknown3 | ||
| ) |
◆ LdrDestroyOutOfProcessImage()
◆ LdrDisableThreadCalloutsForDll()
Definition at line 1168 of file ldrapi.c.
1170{
1171 PLDR_DATA_TABLE_ENTRY LdrEntry;
1173 BOOLEAN LockHeld;
1176
1177 /* Don't do it during shutdown */
1179
1180 /* Check if we should grab the lock */
1181 LockHeld = FALSE;
1183 {
1184 /* Grab the lock */
1187 LockHeld = TRUE;
1188 }
1189
1190 /* Make sure the DLL is valid and get its entry */
1193 {
1194 /* Get if it has a TLS slot */
1196 {
1197 /* It doesn't, so you're allowed to call this */
1200 }
1201 }
1202
1203 /* Check if the lock was held */
1204 if (LockHeld)
1205 {
1206 /* Release it */
1208 }
1209
1210 /* Return the status */
1212}
Referenced by DisableThreadLibraryCalls(), and DllMain().
◆ LdrEnumerateLoadedModules()
| NTSTATUS NTAPI LdrEnumerateLoadedModules | ( | _Reserved_ ULONG | ReservedFlag, |
| _In_ PLDR_ENUM_CALLBACK | EnumProc, | ||
| _In_opt_ PVOID | Context | ||
| ) |
Definition at line 1104 of file ldrapi.c.
1108{
1109 PLIST_ENTRY ListHead, ListEntry;
1110 PLDR_DATA_TABLE_ENTRY LdrEntry;
1114
1115 /* Check parameters */
1117
1118 /* Acquire the loader lock */
1121
1122 /* Loop all the modules and call enum proc */
1123 ListHead = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
1124 ListEntry = ListHead->Flink;
1125 while (ListHead != ListEntry)
1126 {
1127 /* Get the entry */
1129
1130 /* Call the enumeration proc inside SEH */
1131 _SEH2_TRY
1132 {
1134 }
1136 {
1137 /* Ignoring the exception */
1138 } _SEH2_END;
1139
1140 /* Break if we were asked to stop enumeration */
1142 {
1143 break;
1144 }
1145
1146 /* Advance to the next module */
1147 ListEntry = ListEntry->Flink;
1148 }
1149
1150 /* Release loader lock */
1153
1154 /* Reset any successful status to STATUS_SUCCESS,
1155 * but leave failure to the caller */
1158
1159 /* Return any possible failure status */
1161}
Definition: typedefs.h:120
Referenced by BasepComputeProcessPath(), and LoadLibraryExW().
◆ LdrFindCreateProcessManifest()
| NTSTATUS NTAPI LdrFindCreateProcessManifest | ( | IN ULONG | Flags, |
| IN PVOID | Image, | ||
| IN PVOID | IdPath, | ||
| IN ULONG | IdPathLength, | ||
| IN PVOID | OutDataEntry | ||
| ) |
◆ LdrFindEntryForAddress()
Definition at line 425 of file ldrapi.c.
428{
429 PLIST_ENTRY ListHead, NextEntry;
430 PLDR_DATA_TABLE_ENTRY LdrEntry;
431 PIMAGE_NT_HEADERS NtHeader;
433 ULONG_PTR DllBase, DllEnd;
434
436
437 /* Nothing to do */
439
440 /* Get the current entry */
441 LdrEntry = Ldr->EntryInProgress;
442 if (LdrEntry)
443 {
444 /* Get the NT Headers */
446 if (NtHeader)
447 {
448 /* Get the Image Base */
451
452 /* Check if they match */
455 {
456 /* Return it */
457 *Module = LdrEntry;
459 }
460 }
461 }
462
463 /* Loop the module list */
464 ListHead = &Ldr->InMemoryOrderModuleList;
465 NextEntry = ListHead->Flink;
466 while (NextEntry != ListHead)
467 {
468 /* Get the entry and NT Headers */
471 if (NtHeader)
472 {
473 /* Get the Image Base */
476
477 /* Check if they match */
480 {
481 /* Return it */
482 *Module = LdrEntry;
484 }
485
486 /* Next Entry */
487 NextEntry = NextEntry->Flink;
488 }
489 }
490
491 /* Nothing found */
493 DPFLTR_WARNING_LEVEL,
494 "LDR: %s() exiting 0x%08lx\n",
495 __FUNCTION__,
496 STATUS_NO_MORE_ENTRIES);
498}
Definition: ntddk_ex.h:181
Definition: btrfs_drv.h:1892
LIST_ENTRY InMemoryOrderModuleList
Definition: btrfs_drv.h:1895
Referenced by find_query_actctx(), get_module_filename(), is_old_loader_struct(), and test_ddag_node().
◆ LdrFlushAlternateResourceModules()
◆ LdrGetDllHandle()
| NTSTATUS NTAPI LdrGetDllHandle | ( | _In_opt_ PWSTR | DllPath, |
| _In_opt_ PULONG | DllCharacteristics, | ||
| _In_ PUNICODE_STRING | DllName, | ||
| _Out_ PVOID * | DllHandle | ||
| ) |
Definition at line 770 of file ldrapi.c.
775{
776 /* Call the newer API */
778 DllPath,
779 DllCharacteristics,
780 DllName,
781 DllHandle);
782}
NTSTATUS NTAPI LdrGetDllHandleEx(_In_ ULONG Flags, _In_opt_ PWSTR DllPath, _In_opt_ PULONG DllCharacteristics, _In_ PUNICODE_STRING DllName, _Out_opt_ PVOID *DllHandle)
Definition: ldrapi.c:505
#define LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT
Definition: ldrtypes.h:91
Referenced by BroadcastDriveLetterChange(), CsrClientConnectToServer(), CsrConnectToUser(), FirstSoundSentry(), GetModuleHandleForUnicodeString(), init_pointers(), SeiAddHooks(), SeiFindHookModuleInfoForImportDescriptor(), and SeiInit().
◆ LdrGetDllHandleEx()
| NTSTATUS NTAPI LdrGetDllHandleEx | ( | _In_ ULONG | Flags, |
| _In_opt_ PWSTR | DllPath, | ||
| _In_opt_ PULONG | DllCharacteristics, | ||
| _In_ PUNICODE_STRING | DllName, | ||
| _Out_opt_ PVOID * | DllHandle | ||
| ) |
Definition at line 505 of file ldrapi.c.
511{
513 PLDR_DATA_TABLE_ENTRY LdrEntry;
516 PWCHAR p1, p2, p3;
520
521 /* Initialize the strings */
523 RtlInitEmptyUnicodeString(&RawDllName, NULL, 0);
524 RedirectName = *DllName;
525 pRedirectName = &RedirectName;
526
527 /* Initialize state */
529 LdrEntry = NULL;
530 Cookie = 0;
531
532 /* Clear the handle */
534
535 /* Check for a valid flag combination */
538 {
541 goto Quickie;
542 }
543
544 /* If not initializing */
546 {
547 /* Acquire the lock */
550
551 /* Remember we own it */
553 }
554
558 {
560 goto Quickie;
561 }
562
563 /* Set default failure code */
565
566 /* Use the cache if we can */
568 {
569 /* Check if we were redirected */
570 if (RedirectedDll)
571 {
572 /* Check the flag */
574 {
575 goto DontCompare;
576 }
577
578 /* Use the right name */
580 }
581 else
582 {
583 /* Check the flag */
585 {
586 goto DontCompare;
587 }
588
589 /* Use the right name */
591 }
592
593 /* Check if the name matches */
595 CompareName,
596 TRUE))
597 {
598 /* Skip the rest */
599 LdrEntry = LdrpGetModuleHandleCache;
600
601 /* Return success */
603 goto Quickie;
604 }
605 }
606
607DontCompare:
608 /* Find the name without the extension */
609 p1 = pRedirectName->Buffer;
610 p2 = NULL;
612 while (p1 != p3)
613 {
615 {
616 p2 = p1;
617 }
619 {
620 p2 = NULL;
621 }
622 }
623
624 /* Check if no extension was found or if we got a slash */
626 {
627 /* Check that we have space to add one */
631 {
632 /* No space to add the extension */
634 goto Quickie;
635 }
636
637 /* Setup the string */
641 0,
642 RawDllName.MaximumLength);
644 {
646 goto Quickie;
647 }
648
649 /* Copy the string and add extension */
650 RtlCopyUnicodeString(&RawDllName, pRedirectName);
652 }
653 else
654 {
655 /* Check if there's something in the name */
658 {
659 /* Check and remove trailing period */
661 {
662 /* Decrease the size */
664 }
665 }
666
667 /* Setup the string */
670 0,
671 RawDllName.MaximumLength);
673 {
675 goto Quickie;
676 }
677
678 /* Copy the string */
679 RtlCopyUnicodeString(&RawDllName, pRedirectName);
680 }
681
682 /* Display debug string */
684 {
686 &RawDllName,
688 }
689
690 /* Do the lookup */
692 &RawDllName,
694 RedirectedDll,
695 &LdrEntry))
696 {
697 /* Update cached entry */
698 LdrpGetModuleHandleCache = LdrEntry;
699
700 /* Return success */
702 }
703 else
704 {
705 /* Make sure to NULL this */
706 LdrEntry = NULL;
707 }
708Quickie:
709 /* The success path must have a valid loader entry */
711
712 /* Check if we got an entry and success */
715 {
716 /* Check if the DLL is locked */
719 {
720 /* Check what to do with the load count */
722 {
723 /* Pin it */
724 LdrEntry->LoadCount = 0xFFFF;
725 LoadFlag = LDRP_UPDATE_PIN;
726 }
727 else
728 {
729 /* Increase the load count */
730 LdrEntry->LoadCount++;
731 LoadFlag = LDRP_UPDATE_REFCOUNT;
732 }
733
734 /* Update the load count now */
735 LdrpUpdateLoadCount2(LdrEntry, LoadFlag);
736 LdrpClearLoadInProgress();
737 }
738
739 /* Check if the caller is requesting the handle */
741 }
742
743 /* Free string if needed */
745
746 /* Free the raw DLL Name if needed */
748 {
749 /* Free the heap-allocated buffer */
752 }
753
754 /* Release lock */
756 {
758 Cookie);
759 }
760
761 /* Return */
763}
IN PUNICODE_STRING IN PUNICODE_STRING DynamicString
Definition: RtlGetFullPathName_UstrEx.c:30
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:616
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:634
NTSYSAPI VOID NTAPI RtlCopyUnicodeString(PUNICODE_STRING DestinationString, PUNICODE_STRING SourceString)
NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeStringToString(PUNICODE_STRING Destination, PUNICODE_STRING Source)
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
#define UNICODE_NULL
#define UNICODE_STRING_MAX_BYTES
#define ANSI_NULL
NTSYSAPI NTSTATUS NTAPI LdrpApplyFileNameRedirection(_In_ PUNICODE_STRING OriginalName, _In_ PUNICODE_STRING Extension, _Inout_opt_ PUNICODE_STRING StaticString, _Inout_opt_ PUNICODE_STRING DynamicString, _Inout_ PUNICODE_STRING *NewName, _Inout_ PBOOLEAN RedirectedDll)
BOOLEAN NTAPI LdrpCheckForLoadedDll(IN PWSTR DllPath, IN PUNICODE_STRING DllName, IN BOOLEAN Flag, IN BOOLEAN RedirectedDll, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
Definition: ldrutils.c:1958
Definition: env_spec_w32.h:368
Referenced by GetModuleHandleExW(), init_pointers(), LdrGetDllHandle(), load_library(), and LoadLibraryExW().
◆ LdrGetProcedureAddress()
| NTSTATUS NTAPI LdrGetProcedureAddress | ( | _In_ PVOID | BaseAddress, |
| _In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING | Name, | ||
| _In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG | Ordinal, | ||
| _Out_ PVOID * | ProcedureAddress | ||
| ) |
Definition at line 789 of file ldrapi.c.
794{
795 /* Call the internal routine and tell it to execute DllInit */
797}
NTSTATUS NTAPI LdrpGetProcedureAddress(_In_ PVOID BaseAddress, _In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING Name, _In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG Ordinal, _Out_ PVOID *ProcedureAddress, _In_ BOOLEAN ExecuteInit)
Definition: ldrutils.c:2231
Referenced by BaseInitApphelp(), BasepReplaceProcessThreadTokens(), BaseSrvDelayLoadKernel32(), BroadcastDriveLetterChange(), CsrClientConnectToServer(), CsrConnectToUser(), CsrLoadServerDll(), FirstSoundSentry(), get_proc_address(), GetProcAddress(), InitApphelp(), LdrpInitializeProcess(), LoadOle32Export(), LsapAddAuthPackage(), SeiCreateShimModuleInfo(), and SeiResolveAPI().
◆ LdrGetProcedureAddressEx()
| NTSTATUS NTAPI LdrGetProcedureAddressEx | ( | _In_ PVOID | BaseAddress, |
| _In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING | Name, | ||
| _In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG | Ordinal, | ||
| _Out_ PVOID * | ProcedureAddress, | ||
| _In_ ULONG | Flags | ||
| ) |
Definition at line 801 of file ldrapi.c.
807{
808 /* Call the internal routine and execute DllInit depending of flags */
811}
#define LDR_GET_PROCEDURE_ADDRESS_DONT_RECORD_FORWARDER
Definition: ldrfuncs.h:101
◆ LdrInitShimEngineDynamic()
Definition at line 1663 of file ldrapi.c.
Referenced by SE_DynamicShim().
◆ LdrLoadAlternateResourceModule()
◆ LdrLoadDll()
| NTSTATUS NTAPI DECLSPEC_HOTPATCH LdrLoadDll | ( | _In_opt_ PWSTR | SearchPath, |
| _In_opt_ PULONG | DllCharacteristics, | ||
| _In_ PUNICODE_STRING | DllName, | ||
| _Out_ PVOID * | BaseAddress | ||
| ) |
Definition at line 312 of file ldrapi.c.
317{
323 PUNICODE_STRING OldTldDll;
325
326 /* Initialize the strings */
329
330 Status = LdrpApplyFileNameRedirection(DllName, &LdrApiDefaultExtension, &StaticString, &DynamicString, &DllName, &RedirectedDll);
331
332 /* Lock the loader lock */
334
335 /* Check if there's a TLD DLL being loaded */
336 OldTldDll = LdrpTopLevelDllBeingLoaded;
337 _SEH2_TRY
338 {
339
340 if (OldTldDll)
341 {
342 /* This is a recursive load, do something about it? */
344 {
345 /* Print out debug messages */
352 OldTldDll);
356 DllName);
357
358 /* Was it initializing too? */
360 {
364 }
365 else
366 {
371 }
372 }
373 }
374
375 /* Set this one as the TLD DLL being loaded*/
376 LdrpTopLevelDllBeingLoaded = DllName;
377
378 /* Load the DLL */
380 SearchPath,
381 DllCharacteristics,
382 DllName,
383 BaseAddress,
384 TRUE);
386 {
388 }
393 {
395 DPFLTR_WARNING_LEVEL,
396 "LDR: %s - failing because LdrpLoadDll(%wZ) returned status %x\n",
397 __FUNCTION__,
398 DllName,
399 Status);
400 }
401 }
402 _SEH2_FINALLY
403 {
404 /* Restore the old TLD DLL */
405 LdrpTopLevelDllBeingLoaded = OldTldDll;
406
407 /* Release the lock */
409 }
410 _SEH2_END;
411
412 /* Do we have a redirect string? */
415
416 /* Return */
418}
#define LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS
Definition: ldrtypes.h:80
NTSTATUS NTAPI LdrpLoadDll(IN BOOLEAN Redirected, IN PWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *BaseAddress, IN BOOLEAN CallInit)
Definition: ldrutils.c:2423
Definition: compat.h:836
Referenced by AVrfpLoadAndInitializeProvider(), BaseInitApphelp(), BaseSrvDelayLoadKernel32(), CsrLoadServerDll(), InitApphelp(), LdrpInitializeProcess(), load_library(), LoadLibraryExW(), LoadOle32Export(), LsapAddAuthPackage(), SeiInit(), and START_TEST().
◆ LdrLockLoaderLock()
| NTSTATUS NTAPI LdrLockLoaderLock | ( | _In_ ULONG | Flags, |
| _Out_opt_ PULONG | Disposition, | ||
| _Out_opt_ PULONG_PTR | Cookie | ||
| ) |
Definition at line 174 of file ldrapi.c.
178{
181
183
184 /* Zero out the outputs */
187
188 /* Validate the flags */
191 {
192 /* Flags are invalid, check how to fail */
194 {
195 /* The caller wants us to raise status */
197 }
198
199 /* A normal failure */
201 }
202
203 /* Make sure we got a cookie */
205 {
206 /* No cookie check how to fail */
208 {
209 /* The caller wants us to raise status */
211 }
212
213 /* A normal failure */
215 }
216
217 /* If the flag is set, make sure we have a valid pointer to use */
219 {
220 /* No pointer to return the data to */
222 {
223 /* The caller wants us to raise status */
225 }
226
227 /* Fail */
229 }
230
231 /* Return now if we are in the init phase */
233
234 /* Check what locking semantic to use */
236 {
237 /* Check if we should enter or simply try */
239 {
240 /* Do a try */
242 {
243 /* It's locked */
245 }
246 else
247 {
248 /* It worked */
251 }
252 }
253 else
254 {
255 /* Do a enter */
257
258 /* See if result was requested */
261 }
262 }
263 else
264 {
265 /* Wrap this in SEH, since we're not supposed to raise */
266 _SEH2_TRY
267 {
268 /* Check if we should enter or simply try */
270 {
271 /* Do a try */
273 {
274 /* It's locked */
276 }
277 else
278 {
279 /* It worked */
282 }
283 }
284 else
285 {
286 /* Do an enter */
288
289 /* See if result was requested */
292 }
293 }
295 {
296 /* We should use the LDR Filter instead */
298 }
299 _SEH2_END;
300 }
301
302 /* Return status */
304}
#define LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_NOT_ACQUIRED
Definition: ldrtypes.h:97
#define LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY
Definition: ldrtypes.h:81
#define LDR_LOCK_LOADER_LOCK_DISPOSITION_INVALID
Definition: ldrtypes.h:95
#define LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED
Definition: ldrtypes.h:96
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Reserved_ ULONG _In_opt_ PUNICODE_STRING _In_ ULONG _Out_opt_ PULONG Disposition
Definition: cmfuncs.h:56
NTSYSAPI NTSTATUS NTAPI RtlEnterCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
NTSYSAPI LOGICAL NTAPI RtlTryEnterCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
Referenced by BasepGetModuleHandleExW(), find_query_actctx(), get_module_filename(), GetModuleFileNameW(), LdrAddRefDll(), LdrDisableThreadCalloutsForDll(), LdrEnumerateLoadedModules(), LdrGetDllHandleEx(), LdrInitShimEngineDynamic(), LdrLoadDll(), LdrUnloadAlternateResourceModule(), and test_LdrLockLoaderLock().
◆ LdrpMakeCookie()
| FORCEINLINE ULONG_PTR LdrpMakeCookie | ( | VOID | ) |
Definition at line 89 of file ldrapi.c.
90{
91 /* Generate a cookie */
94}
long __cdecl _InterlockedIncrement(_Interlocked_operand_ long volatile *_Addend)
Referenced by LdrLockLoaderLock().
◆ LdrProcessRelocationBlock()
| PIMAGE_BASE_RELOCATION NTAPI LdrProcessRelocationBlock | ( | _In_ ULONG_PTR | Address, |
| _In_ ULONG | Count, | ||
| _In_ PUSHORT | TypeOffset, | ||
| _In_ LONG_PTR | Delta | ||
| ) |
Definition at line 1584 of file ldrapi.c.
1589{
1591}
PIMAGE_BASE_RELOCATION NTAPI LdrProcessRelocationBlockLongLong(_In_ ULONG_PTR Address, _In_ ULONG Count, _In_ PUSHORT TypeOffset, _In_ LONGLONG Delta)
Referenced by perform_relocations(), and test_LdrProcessRelocationBlock().
◆ LdrQueryProcessModuleInformation()
| NTSTATUS NTAPI LdrQueryProcessModuleInformation | ( | _Out_writes_bytes_to_(Size, *ReturnedSize) PRTL_PROCESS_MODULES | ModuleInformation, |
| _In_ ULONG | Size, | ||
| _Out_opt_ PULONG | ReturnedSize | ||
| ) |
Definition at line 1090 of file ldrapi.c.
1094{
1095 /* Call Ex version of the API */
1097}
NTSTATUS NTAPI LdrQueryProcessModuleInformationEx(_In_opt_ ULONG ProcessId, _Reserved_ ULONG Reserved, _Out_writes_bytes_to_(Size, *ReturnedSize) PRTL_PROCESS_MODULES ModuleInformation, _In_ ULONG Size, _Out_opt_ PULONG ReturnedSize)
Definition: ldrapi.c:961
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4539
Referenced by RtlQueryProcessDebugInformation(), and Test_ProcessModules().
◆ LdrQueryProcessModuleInformationEx()
| NTSTATUS NTAPI LdrQueryProcessModuleInformationEx | ( | _In_opt_ ULONG | ProcessId, |
| _Reserved_ ULONG | Reserved, | ||
| _Out_writes_bytes_to_(Size, *ReturnedSize) PRTL_PROCESS_MODULES | ModuleInformation, | ||
| _In_ ULONG | Size, | ||
| _Out_opt_ PULONG | ReturnedSize | ||
| ) |
Definition at line 961 of file ldrapi.c.
967{
970 PLDR_DATA_TABLE_ENTRY Module, InitModule;
976
978
979 /* Acquire loader lock */
981
982 _SEH2_TRY
983 {
984 /* Check if we were given enough space */
986 {
988 }
989 else
990 {
991 ModuleInformation->NumberOfModules = 0;
992 ModulePtr = &ModuleInformation->Modules[0];
994 }
995
996 /* Traverse the list of modules */
999
1001 {
1003
1005
1006 /* Increase the used size */
1008
1010 {
1012 }
1013 else
1014 {
1020 ModulePtr->InitOrderIndex = 0;
1021 ModulePtr->LoadOrderIndex = ModuleInformation->NumberOfModules;
1022
1023 /* Now get init order index by traversing init list */
1024 InitListHead = &NtCurrentPeb()->Ldr->InInitializationOrderModuleList;
1025 InitEntry = InitListHead->Flink;
1026
1027 while (InitEntry != InitListHead)
1028 {
1030
1031 /* Increase the index */
1032 ModulePtr->InitOrderIndex++;
1033
1034 /* Quit the loop if our module is found */
1035 if (InitModule == Module) break;
1036
1037 /* Advance to the next entry */
1038 InitEntry = InitEntry->Flink;
1039 }
1040
1041 /* Prepare ANSI string with the module's name */
1042 AnsiString.Length = 0;
1046 &Module->FullDllName,
1047 FALSE);
1048
1049 /* Calculate OffsetToFileName field */
1053 else
1054 ModulePtr->OffsetToFileName = 0;
1055
1056 /* Advance to the next module in the output list */
1057 ModulePtr++;
1058
1059 /* Increase number of modules */
1060 if (ModuleInformation)
1061 ModuleInformation->NumberOfModules++;
1062 }
1063
1064 /* Go to the next entry in the modules list */
1066 }
1067
1068 /* Set returned size if it was provided */
1070 *ReturnedSize = UsedSize;
1071 }
1073 {
1074 /* Ignoring the exception */
1075 } _SEH2_END;
1076
1077 /* Release the lock */
1079
1081
1083}
NTSYSAPI NTSTATUS NTAPI RtlLeaveCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
struct _RTL_PROCESS_MODULE_INFORMATION RTL_PROCESS_MODULE_INFORMATION
NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToAnsiString(PANSI_STRING DestinationString, PUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString)
Definition: env_spec_w32.h:375
Definition: rtltypes.h:1010
Definition: rtltypes.h:996
Referenced by LdrQueryProcessModuleInformation().
◆ LdrSetAppCompatDllRedirectionCallback()
| NTSTATUS NTAPI LdrSetAppCompatDllRedirectionCallback | ( | _In_ ULONG | Flags, |
| _In_ PLDR_APP_COMPAT_DLL_REDIRECTION_CALLBACK_FUNCTION | CallbackFunction, | ||
| _In_opt_ PVOID | CallbackData | ||
| ) |
◆ LdrSetDllManifestProber()
| VOID NTAPI LdrSetDllManifestProber | ( | _In_ PLDR_MANIFEST_PROBER_ROUTINE | Routine | ) |
Definition at line 73 of file ldrapi.c.
75{
76 LdrpManifestProberRoutine = Routine;
77}
PLDR_MANIFEST_PROBER_ROUTINE LdrpManifestProberRoutine
Definition: ldrpe.c:18
Referenced by DllMain().
◆ LdrUnloadAlternateResourceModule()
Definition at line 1614 of file ldrapi.c.
1616{
1618
1619 /* Acquire the loader lock */
1621
1622 /* Check if there's any alternate resources loaded */
1624 {
1625 UNIMPLEMENTED;
1626 }
1627
1628 /* Release the loader lock */
1630
1631 /* All done */
1633}
Referenced by FreeLibrary(), FreeLibraryAndExitThread(), and LdrUnloadDll().
◆ LdrUnloadDll()
Definition at line 1305 of file ldrapi.c.
1307{
1310 PLDR_DATA_TABLE_ENTRY LdrEntry, CurrentEntry;
1311 PVOID EntryPoint;
1312 PLIST_ENTRY NextEntry;
1313 LIST_ENTRY UnloadList;
1314 RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
1315 PVOID CorImageData;
1316 ULONG ComSectionSize;
1317
1318 /* Get the LDR Lock */
1320
1321 /* Increase the unload count */
1322 LdrpActiveUnloadCount++;
1323
1324 /* Skip unload */
1326
1327 /* Make sure the DLL is valid and get its entry */
1329 {
1331 goto Quickie;
1332 }
1333
1334 /* Check the current Load Count */
1336 {
1337 /* Decrease it */
1338 LdrEntry->LoadCount--;
1339
1340 /* If it's a dll */
1342 {
1343 /* Set up the Act Ctx */
1347
1348 /* Activate the ActCtx */
1349 RtlActivateActivationContextUnsafeFast(&ActCtx,
1350 LdrEntry->EntryPointActivationContext);
1351
1352 /* Update the load count */
1354
1355 /* Release the context */
1356 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
1357 }
1358 }
1359 else
1360 {
1361 /* The DLL is locked */
1362 goto Quickie;
1363 }
1364
1365 /* Show debug message */
1367
1368 /* Check if this is our only unload and initialize the list if so */
1370
1371 /* Loop the modules to build the list */
1374 {
1375 /* Get the entry */
1376 LdrEntry = CONTAINING_RECORD(NextEntry,
1377 LDR_DATA_TABLE_ENTRY,
1378 InInitializationOrderLinks);
1379 NextEntry = NextEntry->Blink;
1380
1381 /* Remove flag */
1382 LdrEntry->Flags &= ~LDRP_UNLOAD_IN_PROGRESS;
1383
1384 /* If the load count is now 0 */
1386 {
1387 /* Show message */
1389 {
1391 LdrpActiveUnloadCount,
1395 LdrEntry->EntryPoint);
1396 }
1397
1398 /* Call Shim Engine and notify */
1400 {
1402 SE_DllUnloaded(LdrEntry);
1403 }
1404
1405 /* Unlink it */
1406 CurrentEntry = LdrEntry;
1410
1411 /* If there's more then one active unload */
1413 {
1414 /* Flush the cached DLL handle and clear the list */
1417 }
1418
1419 /* Add the entry on the unload list */
1421 }
1422 }
1423
1424 /* Only call the entrypoints once */
1426
1427 /* Now loop the unload list and create our own */
1428 InitializeListHead(&UnloadList);
1429 CurrentEntry = NULL;
1432 {
1433 /* Get the current entry */
1435
1436 LdrpRecordUnloadEvent(LdrEntry);
1437
1438 /* Set the entry and clear it from the list */
1439 CurrentEntry = LdrEntry;
1442
1443 /* Move it from the global to the local list */
1446
1447 /* Get the entrypoint */
1448 EntryPoint = LdrEntry->EntryPoint;
1449
1450 /* Check if we should call it */
1452 {
1453 /* Show message */
1455 {
1457 }
1458
1459 /* Set up the Act Ctx */
1463
1464 /* Activate the ActCtx */
1465 RtlActivateActivationContextUnsafeFast(&ActCtx,
1466 LdrEntry->EntryPointActivationContext);
1467
1468 /* Call the entrypoint */
1469 _SEH2_TRY
1470 {
1472 LdrEntry->DllBase,
1473 DLL_PROCESS_DETACH,
1474 NULL);
1475 }
1477 {
1480 }
1481 _SEH2_END;
1482
1483 /* Release the context */
1484 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
1485 }
1486
1487 /* Remove it from the list */
1489 CurrentEntry = NULL;
1491 }
1492
1493 /* Now loop our local list */
1494 NextEntry = UnloadList.Flink;
1495 while (NextEntry != &UnloadList)
1496 {
1497 /* Get the entry */
1499 NextEntry = NextEntry->Flink;
1500 CurrentEntry = LdrEntry;
1501
1502 /* Notify Application Verifier */
1504 {
1505 AVrfDllUnloadNotification(LdrEntry);
1506 }
1507
1508 /* Show message */
1510 {
1512 }
1513
1514#if (_WIN32_WINNT >= _WIN32_WINNT_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA)
1515 /* Send shutdown notification */
1517#endif
1518
1519 /* Check if this is a .NET executable */
1521 TRUE,
1523 &ComSectionSize);
1524 if (CorImageData)
1525 {
1526 /* FIXME */
1528 }
1529
1530 /* Check if we should unmap*/
1532 {
1533 /* Unmap the DLL */
1535 CurrentEntry->DllBase);
1537 }
1538
1539 /* Unload the alternate resource module, if any */
1541
1542 /* Check if a Hotpatch is active */
1544 {
1545 /* FIXME */
1547 }
1548
1549 /* Deallocate the Entry */
1550 LdrpFinalizeAndDeallocateDataTableEntry(CurrentEntry);
1551
1552 /* If this is the cached entry, invalidate it */
1554 {
1556 }
1557 }
1558
1559Quickie:
1560 /* Decrease unload count */
1561 LdrpActiveUnloadCount--;
1563
1564 /* Return to caller */
1566}
NTSTATUS NTAPI NtUnmapViewOfSection(IN HANDLE ProcessHandle, IN PVOID BaseAddress)
Definition: section.c:3498
Definition: nsiface.idl:2307
BOOLEAN NTAPI LdrUnloadAlternateResourceModule(_In_ PVOID BaseAddress)
Definition: ldrapi.c:1614
#define LDR_DLL_NOTIFICATION_REASON_UNLOADED
Definition: ldrtypes.h:204
#define RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER
Definition: rtltypes.h:101
VOID NTAPI LdrpFinalizeAndDeallocateDataTableEntry(IN PLDR_DATA_TABLE_ENTRY Entry)
Definition: ldrutils.c:1577
BOOLEAN NTAPI LdrpCallInitRoutine(IN PDLL_INIT_ROUTINE EntryPoint, IN PVOID BaseAddress, IN ULONG Reason, IN PVOID Context)
Definition: ldrutils.c:100
VOID NTAPI AVrfDllUnloadNotification(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: verifier.c:332
VOID NTAPI LdrpSendDllNotifications(_In_ PLDR_DATA_TABLE_ENTRY DllEntry, _In_ ULONG NotificationReason)
Definition: ldrnotify.c:104
VOID NTAPI LdrpRecordUnloadEvent(_In_ PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: trace.c:28
#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Definition: ntimage.h:489
PACTIVATION_CONTEXT EntryPointActivationContext
Definition: ldrtypes.h:167
LIST_ENTRY InInitializationOrderLinks
Definition: ldrtypes.h:144
LIST_ENTRY InInitializationOrderModuleList
Definition: ldrtypes.h:126
Definition: btrfs_drv.h:1907
Referenced by BasepReplaceProcessThreadTokens(), CsrLoadServerDll(), FreeLibrary(), FreeLibraryAndExitThread(), InitApphelp(), LdrpGetProcedureAddress(), LdrpLoadDll(), LdrpSnapThunk(), LdrpUnloadShimEngine(), LsapAddAuthPackage(), PropertyLengthAsVariant(), RtlConvertPropertyToVariant(), RtlConvertVariantToProperty(), START_TEST(), tp_object_execute(), and tp_object_release().
◆ LdrUnlockLoaderLock()
Definition at line 101 of file ldrapi.c.
104{
106
108
109 /* Check for valid flags */
111 {
112 /* Flags are invalid, check how to fail */
114 {
115 /* The caller wants us to raise status */
117 }
118
119 /* A normal failure */
121 }
122
123 /* If we don't have a cookie, just return */
125
126 /* Validate the cookie */
129 {
131
132 /* Invalid cookie, check how to fail */
134 {
135 /* The caller wants us to raise status */
137 }
138
139 /* A normal failure */
141 }
142
143 /* Ready to release the lock */
145 {
146 /* Do a direct leave */
148 }
149 else
150 {
151 /* Wrap this in SEH, since we're not supposed to raise */
152 _SEH2_TRY
153 {
154 /* Leave the lock */
156 }
158 {
159 /* We should use the LDR Filter instead */
161 }
162 _SEH2_END;
163 }
164
165 /* All done */
167}
Referenced by BasepGetModuleHandleExW(), find_query_actctx(), get_module_filename(), GetModuleFileNameW(), LdrAddRefDll(), LdrDisableThreadCalloutsForDll(), LdrEnumerateLoadedModules(), LdrGetDllHandleEx(), LdrInitShimEngineDynamic(), LdrLoadDll(), LdrUnloadAlternateResourceModule(), and test_LdrLockLoaderLock().
◆ LdrVerifyImageMatchesChecksum()
| NTSTATUS NTAPI LdrVerifyImageMatchesChecksum | ( | _In_ HANDLE | FileHandle, |
| _In_ PLDR_CALLBACK | Callback, | ||
| _In_ PVOID | CallbackContext, | ||
| _Out_ PUSHORT | ImageCharacteristics | ||
| ) |
Definition at line 818 of file ldrapi.c.
823{
825 PIMAGE_IMPORT_DESCRIPTOR ImportData;
828 PIMAGE_NT_HEADERS NtHeader;
829 HANDLE SectionHandle;
831 PVOID ViewBase;
834 PVOID ImportName;
837
838 /* If the handle has the magic KnownDll flag, skip actual checksums */
840
841 /* Create the section */
843 SECTION_MAP_EXECUTE,
844 NULL,
845 NULL,
846 PAGE_EXECUTE,
847 SEC_COMMIT,
848 FileHandle);
850 {
853 }
854
855 /* Map the section */
856 ViewSize = 0;
857 ViewBase = NULL;
859 NtCurrentProcess(),
860 &ViewBase,
861 0,
862 0,
863 NULL,
864 &ViewSize,
865 ViewShare,
866 0,
867 PAGE_EXECUTE);
869 {
871 NtClose(SectionHandle);
873 }
874
875 /* Get the file information */
877 &IoStatusBlock,
878 &FileStandardInfo,
880 FileStandardInformation);
882 {
885 NtClose(SectionHandle);
887 }
888
889 /* Protect with SEH */
890 _SEH2_TRY
891 {
892 /* Check if this is the KnownDll hack */
893 if (NoActualCheck)
894 {
895 /* Don't actually do it */
897 }
898 else
899 {
900 /* Verify the checksum */
902 FileStandardInfo.EndOfFile.LowPart,
903 FileStandardInfo.EndOfFile.LowPart);
904 }
905
906 /* Check if a callback was supplied */
908 {
909 /* Get the NT Header */
910 NtHeader = RtlImageNtHeader(ViewBase);
911
912 /* Check if caller requested this back */
913 if (ImageCharacteristics)
914 {
915 /* Return to caller */
917 }
918
919 /* Get the Import Directory Data */
920 ImportData = RtlImageDirectoryEntryToData(ViewBase,
921 FALSE,
923 &Size);
924
925 /* Make sure there is one */
926 if (ImportData)
927 {
928 /* Loop the imports */
930 {
931 /* Get the name */
932 ImportName = RtlImageRvaToVa(NtHeader,
933 ViewBase,
934 ImportData->Name,
935 &LastSection);
936
937 /* Notify the callback */
939 ImportData++;
940 }
941 }
942 }
943 }
945 {
946 /* Fail the request returning STATUS_IMAGE_CHECKSUM_MISMATCH */
948 }
949 _SEH2_END;
950
951 /* Unmap file and close handle */
953 NtClose(SectionHandle);
954
955 /* Return status */
957}
NTSTATUS NTAPI NtCreateSection(OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG SectionPageProtection OPTIONAL, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL)
Definition: section.c:3090
NTSTATUS NTAPI NtMapViewOfSection(_In_ HANDLE SectionHandle, _In_ HANDLE ProcessHandle, _Outptr_result_bytebuffer_(*ViewSize) _Pre_valid_ PVOID *BaseAddress, _In_ ULONG_PTR ZeroBits, _In_ SIZE_T CommitSize, _Inout_opt_ PLARGE_INTEGER SectionOffset, _Inout_ PSIZE_T ViewSize, _In_range_(ViewShare, ViewUnmap) SECTION_INHERIT InheritDisposition, _In_ ULONG AllocationType, _In_ ULONG Win32Protect)
Definition: section.c:3271
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE FileHandle
Definition: fltkernel.h:1231
BOOLEAN NTAPI LdrVerifyMappedImageMatchesChecksum(_In_ PVOID BaseAddress, _In_ SIZE_T NumberOfBytes, _In_ ULONG FileLength)
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize _Pre_valid_ PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T ViewSize
Definition: mmfuncs.h:408
NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(IN HANDLE hFile, OUT PIO_STATUS_BLOCK pIoStatusBlock, OUT PVOID FileInformationBuffer, IN ULONG FileInformationBufferLength, IN FILE_INFORMATION_CLASS FileInfoClass)
Definition: propsheet.cpp:53
Definition: ntimage.h:572
Definition: pedump.c:280
Definition: env_spec_w32.h:870
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR _In_ ULONGLONG _In_ ULONGLONG _In_opt_ PEVENT_FILTER_DESCRIPTOR _Inout_opt_ PVOID CallbackContext
Definition: wmitypes.h:60
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
Referenced by SmpInitializeKnownDllsInternal().
◆ RtlDllShutdownInProgress()
Definition at line 1573 of file ldrapi.c.
Referenced by CtfImmDispatchDefImeMessage(), fls_exit_deadlock_callback(), and ISPY_PreUninitialize().
Variable Documentation
◆ AlternateResourceModuleCount
| ULONG AlternateResourceModuleCount |
Definition at line 23 of file ldrapi.c.
Referenced by LdrUnloadAlternateResourceModule().
◆ LdrApiDefaultExtension
| UNICODE_STRING LdrApiDefaultExtension = RTL_CONSTANT_STRING(L".DLL") |
Definition at line 22 of file ldrapi.c.
Referenced by LdrGetDllHandleEx(), LdrLoadDll(), LdrpLoadDll(), LdrpLoadImportModule(), LdrpSnapThunk(), and LdrpUpdateLoadCount3().
◆ LdrpBreakOnRecursiveDllLoads
| BOOLEAN LdrpBreakOnRecursiveDllLoads |
Definition at line 21 of file ldrapi.c.
Referenced by LdrLoadDll().
◆ LdrpLoaderLockAcquisitionCount
| LONG LdrpLoaderLockAcquisitionCount |
Definition at line 20 of file ldrapi.c.
Referenced by LdrpMakeCookie().
◆ LdrpManifestProberRoutine
|
extern |
Definition at line 18 of file ldrpe.c.
Referenced by LdrpWalkImportDescriptor(), and LdrSetDllManifestProber().
◆ LdrpShowRecursiveLoads
| BOOLEAN LdrpShowRecursiveLoads |
Definition at line 21 of file ldrapi.c.
Referenced by LdrLoadDll().
◆ LdrpUnloadHead
| LIST_ENTRY LdrpUnloadHead |
Definition at line 19 of file ldrapi.c.
Referenced by LdrUnloadDll().
