#include <ntdll.h>#include <debug.h>
Include dependency graph for ldrapi.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
| #define | STATUS_MUI_FILE_NOT_FOUND ((NTSTATUS)0xC00B0001L) |
Macro Definition Documentation
◆ NDEBUG
◆ STATUS_MUI_FILE_NOT_FOUND
Function Documentation
◆ LdrAccessOutOfProcessResource()
| NTSTATUS NTAPI LdrAccessOutOfProcessResource | ( | IN PVOID | Unknown, |
| IN PVOID | Image, | ||
| IN PVOID | Unknown1, | ||
| IN PVOID | Unknown2, | ||
| IN PVOID | Unknown3 | ||
| ) |
◆ LdrAddRefDll()
Definition at line 1237 of file ldrapi.c.
1239{
1240 PLDR_DATA_TABLE_ENTRY LdrEntry;
1244
1245 /* Check for invalid flags */
1247 {
1248 /* Fail with invalid parameter status if so */
1250 goto quickie;
1251 }
1252
1253 /* Acquire the loader lock if not in init phase */
1255 {
1256 /* Acquire the lock */
1260 }
1261
1262 /* Get this module's data table entry */
1264 {
1265 if (!LdrEntry)
1266 {
1267 /* Shouldn't happen */
1269 goto quickie;
1270 }
1271
1272 /* If this is not a pinned module */
1274 {
1275 /* Update its load count */
1277 {
1278 /* Pin it by setting load count to -1 */
1279 LdrEntry->LoadCount = 0xFFFF;
1281 }
1282 else
1283 {
1284 /* Increase its load count by one */
1285 LdrEntry->LoadCount++;
1287 }
1288
1289 /* Clear load in progress */
1290 LdrpClearLoadInProgress();
1291 }
1292 }
1293 else
1294 {
1295 /* There was an error getting this module's handle, return invalid param status */
1297 }
1298
1299quickie:
1300 /* Check for error case */
1302 {
1303 /* Print debug information */
1307 {
1309 }
1310 }
1311
1312 /* Release the lock if needed */
1315}
NTSTATUS NTAPI LdrLockLoaderLock(IN ULONG Flags, OUT PULONG Disposition OPTIONAL, OUT PULONG_PTR Cookie OPTIONAL)
Definition: ldrapi.c:173
NTSTATUS NTAPI LdrUnlockLoaderLock(IN ULONG Flags, IN ULONG Cookie OPTIONAL)
Definition: ldrapi.c:101
#define LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS
Definition: ldrtypes.h:76
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
Definition: mmfuncs.h:404
BOOLEAN NTAPI LdrpCheckForLoadedDllHandle(IN PVOID Base, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
Definition: ldrutils.c:1621
VOID NTAPI LdrpUpdateLoadCount2(IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Flags)
Definition: ldrutils.c:460
Definition: btrfs_drv.h:1876
Referenced by BasepGetModuleHandleExW().
◆ LdrAlternateResourcesEnabled()
Definition at line 81 of file ldrapi.c.
Referenced by LdrLoadAlternateResourceModule().
◆ LdrCreateOutOfProcessImage()
| NTSTATUS NTAPI LdrCreateOutOfProcessImage | ( | IN ULONG | Flags, |
| IN HANDLE | ProcessHandle, | ||
| IN HANDLE | DllHandle, | ||
| IN PVOID | Unknown3 | ||
| ) |
◆ LdrDestroyOutOfProcessImage()
◆ LdrDisableThreadCalloutsForDll()
Definition at line 1187 of file ldrapi.c.
1188{
1189 PLDR_DATA_TABLE_ENTRY LdrEntry;
1191 BOOLEAN LockHeld;
1194
1195 /* Don't do it during shutdown */
1197
1198 /* Check if we should grab the lock */
1199 LockHeld = FALSE;
1201 {
1202 /* Grab the lock */
1205 LockHeld = TRUE;
1206 }
1207
1208 /* Make sure the DLL is valid and get its entry */
1211 {
1212 /* Get if it has a TLS slot */
1214 {
1215 /* It doesn't, so you're allowed to call this */
1218 }
1219 }
1220
1221 /* Check if the lock was held */
1222 if (LockHeld)
1223 {
1224 /* Release it */
1226 }
1227
1228 /* Return the status */
1230}
#define LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS
Definition: ldrtypes.h:82
Referenced by DisableThreadLibraryCalls(), and DllMain().
◆ LdrEnumerateLoadedModules()
| NTSTATUS NTAPI LdrEnumerateLoadedModules | ( | IN BOOLEAN | ReservedFlag, |
| IN PLDR_ENUM_CALLBACK | EnumProc, | ||
| IN PVOID | Context | ||
| ) |
Definition at line 1120 of file ldrapi.c.
1123{
1124 PLIST_ENTRY ListHead, ListEntry;
1125 PLDR_DATA_TABLE_ENTRY LdrEntry;
1129
1130 /* Check parameters */
1132
1133 /* Acquire the loader lock */
1136
1137 /* Loop all the modules and call enum proc */
1138 ListHead = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
1139 ListEntry = ListHead->Flink;
1140 while (ListHead != ListEntry)
1141 {
1142 /* Get the entry */
1144
1145 /* Call the enumeration proc inside SEH */
1146 _SEH2_TRY
1147 {
1149 }
1151 {
1152 /* Ignoring the exception */
1153 } _SEH2_END;
1154
1155 /* Break if we were asked to stop enumeration */
1157 {
1158 /* Release loader lock */
1160
1161 /* Reset any successful status to STATUS_SUCCESS, but leave
1162 failure to the caller */
1165
1166 /* Return any possible failure status */
1168 }
1169
1170 /* Advance to the next module */
1171 ListEntry = ListEntry->Flink;
1172 }
1173
1174 /* Release loader lock, it must succeed this time */
1177
1178 /* Return success */
1180}
BOOL CALLBACK EnumProc(_In_ HWND hwnd, _In_ LPARAM lParam)
Definition: ShellExecuteEx.cpp:380
Definition: compobj.c:4795
Definition: typedefs.h:120
Referenced by BasepComputeProcessPath(), and LoadLibraryExW().
◆ LdrFindCreateProcessManifest()
| NTSTATUS NTAPI LdrFindCreateProcessManifest | ( | IN ULONG | Flags, |
| IN PVOID | Image, | ||
| IN PVOID | IdPath, | ||
| IN ULONG | IdPathLength, | ||
| IN PVOID | OutDataEntry | ||
| ) |
◆ LdrFindEntryForAddress()
| NTSTATUS NTAPI LdrFindEntryForAddress | ( | PVOID | Address, |
| PLDR_DATA_TABLE_ENTRY * | Module | ||
| ) |
Definition at line 443 of file ldrapi.c.
445{
446 PLIST_ENTRY ListHead, NextEntry;
447 PLDR_DATA_TABLE_ENTRY LdrEntry;
448 PIMAGE_NT_HEADERS NtHeader;
450 ULONG_PTR DllBase, DllEnd;
451
453
454 /* Nothing to do */
456
457 /* Get the current entry */
458 LdrEntry = Ldr->EntryInProgress;
459 if (LdrEntry)
460 {
461 /* Get the NT Headers */
463 if (NtHeader)
464 {
465 /* Get the Image Base */
468
469 /* Check if they match */
472 {
473 /* Return it */
474 *Module = LdrEntry;
476 }
477 }
478 }
479
480 /* Loop the module list */
481 ListHead = &Ldr->InMemoryOrderModuleList;
482 NextEntry = ListHead->Flink;
483 while (NextEntry != ListHead)
484 {
485 /* Get the entry and NT Headers */
488 if (NtHeader)
489 {
490 /* Get the Image Base */
493
494 /* Check if they match */
497 {
498 /* Return it */
499 *Module = LdrEntry;
501 }
502
503 /* Next Entry */
504 NextEntry = NextEntry->Flink;
505 }
506 }
507
508 /* Nothing found */
510 DPFLTR_WARNING_LEVEL,
511 "LDR: %s() exiting 0x%08lx\n",
512 __FUNCTION__,
513 STATUS_NO_MORE_ENTRIES);
515}
NTSYSAPI ULONG __cdecl DbgPrintEx(_In_ ULONG ComponentId, _In_ ULONG Level, _In_z_ _Printf_format_string_ PCSTR Format,...)
Definition: ntddk_ex.h:181
Definition: btrfs_drv.h:1892
LIST_ENTRY InMemoryOrderModuleList
Definition: btrfs_drv.h:1895
Referenced by find_query_actctx(), and get_module_filename().
◆ LdrFlushAlternateResourceModules()
◆ LdrGetDllHandle()
| NTSTATUS NTAPI LdrGetDllHandle | ( | IN PWSTR DllPath | OPTIONAL, |
| IN PULONG DllCharacteristics | OPTIONAL, | ||
| IN PUNICODE_STRING | DllName, | ||
| OUT PVOID * | DllHandle | ||
| ) |
Definition at line 805 of file ldrapi.c.
809{
810 /* Call the newer API */
812 DllPath,
813 DllCharacteristics,
814 DllName,
815 DllHandle);
816}
NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG Flags, IN PWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *DllHandle OPTIONAL)
Definition: ldrapi.c:522
#define LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT
Definition: ldrtypes.h:87
Referenced by BroadcastDriveLetterChange(), CsrClientConnectToServer(), CsrConnectToUser(), FirstSoundSentry(), GetModuleHandleForUnicodeString(), SeiAddHooks(), SeiFindHookModuleInfoForImportDescriptor(), and SeiInit().
◆ LdrGetDllHandleEx()
| NTSTATUS NTAPI LdrGetDllHandleEx | ( | IN ULONG | Flags, |
| IN PWSTR DllPath | OPTIONAL, | ||
| IN PULONG DllCharacteristics | OPTIONAL, | ||
| IN PUNICODE_STRING | DllName, | ||
| OUT PVOID *DllHandle | OPTIONAL | ||
| ) |
Definition at line 522 of file ldrapi.c.
527{
529 PLDR_DATA_TABLE_ENTRY LdrEntry;
530 UNICODE_STRING RedirectName, DllString1, RawDllName;
532 PWCHAR p1, p2, p3;
536
537 /* Initialize the strings */
538 RtlInitEmptyUnicodeString(&DllString1, NULL, 0);
539 RtlInitEmptyUnicodeString(&RawDllName, NULL, 0);
540 RedirectName = *DllName;
541 pRedirectName = &RedirectName;
542
543 /* Initialize state */
545 LdrEntry = NULL;
546 Cookie = 0;
547
548 /* Clear the handle */
550
551 /* Check for a valid flag combination */
554 {
557 goto Quickie;
558 }
559
560 /* If not initializing */
562 {
563 /* Acquire the lock */
566
567 /* Remember we own it */
569 }
570
571 /* Check if the SxS Assemblies specify another file */
573 pRedirectName,
574 &LdrApiDefaultExtension,
575 NULL,
576 &DllString1,
577 &pRedirectName,
578 NULL,
579 NULL,
580 NULL);
581
582 /* Check success */
584 {
585 /* Let Ldrp know */
586 RedirectedDll = TRUE;
587 }
589 {
590 /* Unrecoverable SxS failure */
591 goto Quickie;
592 }
593 else
594 {
595 ASSERT(pRedirectName == &RedirectName);
596 }
597
598 /* Set default failure code */
600
601 /* Use the cache if we can */
603 {
604 /* Check if we were redirected */
605 if (RedirectedDll)
606 {
607 /* Check the flag */
609 {
610 goto DontCompare;
611 }
612
613 /* Use the right name */
615 }
616 else
617 {
618 /* Check the flag */
620 {
621 goto DontCompare;
622 }
623
624 /* Use the right name */
626 }
627
628 /* Check if the name matches */
630 CompareName,
631 TRUE))
632 {
633 /* Skip the rest */
634 LdrEntry = LdrpGetModuleHandleCache;
635
636 /* Return success */
638 goto Quickie;
639 }
640 }
641
642DontCompare:
643 /* Find the name without the extension */
644 p1 = pRedirectName->Buffer;
645 p2 = NULL;
647 while (p1 != p3)
648 {
650 {
651 p2 = p1;
652 }
654 {
655 p2 = NULL;
656 }
657 }
658
659 /* Check if no extension was found or if we got a slash */
661 {
662 /* Check that we have space to add one */
666 {
667 /* No space to add the extension */
669 goto Quickie;
670 }
671
672 /* Setup the string */
676 0,
677 RawDllName.MaximumLength);
679 {
681 goto Quickie;
682 }
683
684 /* Copy the string and add extension */
685 RtlCopyUnicodeString(&RawDllName, pRedirectName);
687 }
688 else
689 {
690 /* Check if there's something in the name */
693 {
694 /* Check and remove trailing period */
696 {
697 /* Decrease the size */
699 }
700 }
701
702 /* Setup the string */
705 0,
706 RawDllName.MaximumLength);
708 {
710 goto Quickie;
711 }
712
713 /* Copy the string */
714 RtlCopyUnicodeString(&RawDllName, pRedirectName);
715 }
716
717 /* Display debug string */
719 {
721 &RawDllName,
723 }
724
725 /* Do the lookup */
727 &RawDllName,
729 RedirectedDll,
730 &LdrEntry))
731 {
732 /* Update cached entry */
733 LdrpGetModuleHandleCache = LdrEntry;
734
735 /* Return success */
737 }
738 else
739 {
740 /* Make sure to NULL this */
741 LdrEntry = NULL;
742 }
743Quickie:
744 /* The success path must have a valid loader entry */
746
747 /* Check if we got an entry and success */
750 {
751 /* Check if the DLL is locked */
754 {
755 /* Check what to do with the load count */
757 {
758 /* Pin it */
759 LdrEntry->LoadCount = 0xFFFF;
760 LoadFlag = LDRP_UPDATE_PIN;
761 }
762 else
763 {
764 /* Increase the load count */
765 LdrEntry->LoadCount++;
766 LoadFlag = LDRP_UPDATE_REFCOUNT;
767 }
768
769 /* Update the load count now */
770 LdrpUpdateLoadCount2(LdrEntry, LoadFlag);
771 LdrpClearLoadInProgress();
772 }
773
774 /* Check if the caller is requesting the handle */
776 }
777
778 /* Free string if needed */
780
781 /* Free the raw DLL Name if needed */
783 {
784 /* Free the heap-allocated buffer */
787 }
788
789 /* Release lock */
791 {
793 Cookie);
794 }
795
796 /* Return */
798}
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG Flags, IN PUNICODE_STRING OriginalName, IN PUNICODE_STRING Extension, IN OUT PUNICODE_STRING StaticString, IN OUT PUNICODE_STRING DynamicString, IN OUT PUNICODE_STRING *NewName, IN PULONG NewFlags, IN PSIZE_T FileNameSize, IN PSIZE_T RequiredLength)
Definition: libsupp.c:821
NTSYSAPI VOID NTAPI RtlCopyUnicodeString(PUNICODE_STRING DestinationString, PUNICODE_STRING SourceString)
NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeStringToString(PUNICODE_STRING Destination, PUNICODE_STRING Source)
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
#define UNICODE_NULL
#define UNICODE_STRING_MAX_BYTES
#define ANSI_NULL
BOOLEAN NTAPI LdrpCheckForLoadedDll(IN PWSTR DllPath, IN PUNICODE_STRING DllName, IN BOOLEAN Flag, IN BOOLEAN RedirectedDll, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
Definition: ldrutils.c:1979
Definition: env_spec_w32.h:368
Referenced by LdrGetDllHandle(), and LoadLibraryExW().
◆ LdrGetProcedureAddress()
| NTSTATUS NTAPI LdrGetProcedureAddress | ( | IN PVOID | BaseAddress, |
| IN PANSI_STRING | Name, | ||
| IN ULONG | Ordinal, | ||
| OUT PVOID * | ProcedureAddress | ||
| ) |
Definition at line 823 of file ldrapi.c.
827{
828 /* Call the internal routine and tell it to execute DllInit */
830}
NTSTATUS NTAPI LdrpGetProcedureAddress(IN PVOID BaseAddress, IN PANSI_STRING Name, IN ULONG Ordinal, OUT PVOID *ProcedureAddress, IN BOOLEAN ExecuteInit)
Definition: ldrutils.c:2252
Definition: apinames.c:49
Referenced by BaseInitApphelp(), BasepReplaceProcessThreadTokens(), BaseSrvDelayLoadKernel32(), BroadcastDriveLetterChange(), CsrClientConnectToServer(), CsrConnectToUser(), CsrLoadServerDll(), FirstSoundSentry(), GetProcAddress(), InitApphelp(), LdrpInitializeProcess(), LoadOle32Export(), LsapAddAuthPackage(), SeiCreateShimModuleInfo(), and SeiResolveAPI().
◆ LdrInitShimEngineDynamic()
Definition at line 1677 of file ldrapi.c.
Referenced by SE_DynamicShim().
◆ LdrLoadAlternateResourceModule()
◆ LdrLoadDll()
| NTSTATUS NTAPI DECLSPEC_HOTPATCH LdrLoadDll | ( | IN PWSTR SearchPath | OPTIONAL, |
| IN PULONG DllCharacteristics | OPTIONAL, | ||
| IN PUNICODE_STRING | DllName, | ||
| OUT PVOID * | BaseAddress | ||
| ) |
Definition at line 310 of file ldrapi.c.
314{
316 UNICODE_STRING DllString1, DllString2;
320 PUNICODE_STRING OldTldDll;
322
323 /* Initialize the strings */
325 RtlInitEmptyUnicodeString(&DllString2, NULL, 0);
326
327 /* Check if the SxS Assemblies specify another file */
329 DllName,
330 &LdrApiDefaultExtension,
331 &DllString1,
332 &DllString2,
333 &DllName,
334 NULL,
335 NULL,
336 NULL);
337
338 /* Check success */
340 {
341 /* Let Ldrp know */
342 RedirectedDll = TRUE;
343 }
345 {
346 /* Unrecoverable SxS failure; did we get a string? */
349 }
350
351 /* Lock the loader lock */
353
354 /* Check if there's a TLD DLL being loaded */
355 OldTldDll = LdrpTopLevelDllBeingLoaded;
356 _SEH2_TRY
357 {
358
359 if (OldTldDll)
360 {
361 /* This is a recursive load, do something about it? */
363 {
364 /* Print out debug messages */
371 OldTldDll);
375 DllName);
376
377 /* Was it initializing too? */
379 {
383 }
384 else
385 {
390 }
391 }
392 }
393
394 /* Set this one as the TLD DLL being loaded*/
395 LdrpTopLevelDllBeingLoaded = DllName;
396
397 /* Load the DLL */
399 SearchPath,
400 DllCharacteristics,
401 DllName,
402 BaseAddress,
403 TRUE);
405 {
407 }
412 {
414 DPFLTR_WARNING_LEVEL,
415 "LDR: %s - failing because LdrpLoadDll(%wZ) returned status %x\n",
416 __FUNCTION__,
417 DllName,
418 Status);
419 }
420 }
421 _SEH2_FINALLY
422 {
423 /* Restore the old TLD DLL */
424 LdrpTopLevelDllBeingLoaded = OldTldDll;
425
426 /* Release the lock */
428 }
429 _SEH2_END;
430
431 /* Do we have a redirect string? */
433
434 /* Return */
436}
NTSTATUS NTAPI LdrpLoadDll(IN BOOLEAN Redirected, IN PWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *BaseAddress, IN BOOLEAN CallInit)
Definition: ldrutils.c:2429
Definition: compat.h:836
Referenced by AVrfpLoadAndInitializeProvider(), BaseInitApphelp(), BaseSrvDelayLoadKernel32(), CsrLoadServerDll(), InitApphelp(), LdrpInitializeProcess(), LoadLibraryExW(), LoadOle32Export(), LsapAddAuthPackage(), and SeiInit().
◆ LdrLockLoaderLock()
| NTSTATUS NTAPI LdrLockLoaderLock | ( | IN ULONG | Flags, |
| OUT PULONG Disposition | OPTIONAL, | ||
| OUT PULONG_PTR Cookie | OPTIONAL | ||
| ) |
Definition at line 173 of file ldrapi.c.
176{
179
181
182 /* Zero out the outputs */
185
186 /* Validate the flags */
189 {
190 /* Flags are invalid, check how to fail */
192 {
193 /* The caller wants us to raise status */
195 }
196
197 /* A normal failure */
199 }
200
201 /* Make sure we got a cookie */
203 {
204 /* No cookie check how to fail */
206 {
207 /* The caller wants us to raise status */
209 }
210
211 /* A normal failure */
213 }
214
215 /* If the flag is set, make sure we have a valid pointer to use */
217 {
218 /* No pointer to return the data to */
220 {
221 /* The caller wants us to raise status */
223 }
224
225 /* Fail */
227 }
228
229 /* Return now if we are in the init phase */
231
232 /* Check what locking semantic to use */
234 {
235 /* Check if we should enter or simply try */
237 {
238 /* Do a try */
240 {
241 /* It's locked */
243 }
244 else
245 {
246 /* It worked */
249 }
250 }
251 else
252 {
253 /* Do a enter */
255
256 /* See if result was requested */
259 }
260 }
261 else
262 {
263 /* Wrap this in SEH, since we're not supposed to raise */
264 _SEH2_TRY
265 {
266 /* Check if we should enter or simply try */
268 {
269 /* Do a try */
271 {
272 /* It's locked */
274 }
275 else
276 {
277 /* It worked */
280 }
281 }
282 else
283 {
284 /* Do an enter */
286
287 /* See if result was requested */
290 }
291 }
293 {
294 /* We should use the LDR Filter instead */
296 }
297 _SEH2_END;
298 }
299
300 /* Return status */
302}
#define LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_NOT_ACQUIRED
Definition: ldrtypes.h:93
#define LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY
Definition: ldrtypes.h:77
#define LDR_LOCK_LOADER_LOCK_DISPOSITION_INVALID
Definition: ldrtypes.h:91
#define LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED
Definition: ldrtypes.h:92
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Reserved_ ULONG _In_opt_ PUNICODE_STRING _In_ ULONG _Out_opt_ PULONG Disposition
Definition: cmfuncs.h:56
NTSYSAPI BOOLEAN NTAPI RtlTryEnterCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
NTSYSAPI NTSTATUS NTAPI RtlEnterCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
Referenced by BasepGetModuleHandleExW(), find_query_actctx(), get_module_filename(), GetModuleFileNameW(), LdrAddRefDll(), LdrDisableThreadCalloutsForDll(), LdrEnumerateLoadedModules(), LdrGetDllHandleEx(), LdrInitShimEngineDynamic(), LdrLoadDll(), and LdrUnloadAlternateResourceModule().
◆ LdrpMakeCookie()
| FORCEINLINE ULONG_PTR LdrpMakeCookie | ( | VOID | ) |
Definition at line 89 of file ldrapi.c.
90{
91 /* Generate a cookie */
94}
long __cdecl _InterlockedIncrement(_Interlocked_operand_ long volatile *_Addend)
Referenced by LdrLockLoaderLock().
◆ LdrProcessRelocationBlock()
| PIMAGE_BASE_RELOCATION NTAPI LdrProcessRelocationBlock | ( | IN ULONG_PTR | Address, |
| IN ULONG | Count, | ||
| IN PUSHORT | TypeOffset, | ||
| IN LONG_PTR | Delta | ||
| ) |
◆ LdrQueryProcessModuleInformation()
| NTSTATUS NTAPI LdrQueryProcessModuleInformation | ( | IN PRTL_PROCESS_MODULES | ModuleInformation, |
| IN ULONG | Size, | ||
| OUT PULONG ReturnedSize | OPTIONAL | ||
| ) |
Definition at line 1107 of file ldrapi.c.
1110{
1111 /* Call Ex version of the API */
1113}
NTSTATUS NTAPI LdrQueryProcessModuleInformationEx(IN ULONG ProcessId, IN ULONG Reserved, OUT PRTL_PROCESS_MODULES ModuleInformation, IN ULONG Size, OUT PULONG ReturnedSize OPTIONAL)
Definition: ldrapi.c:979
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533
Referenced by RtlQueryProcessDebugInformation(), and Test_ProcessModules().
◆ LdrQueryProcessModuleInformationEx()
| NTSTATUS NTAPI LdrQueryProcessModuleInformationEx | ( | IN ULONG | ProcessId, |
| IN ULONG | Reserved, | ||
| OUT PRTL_PROCESS_MODULES | ModuleInformation, | ||
| IN ULONG | Size, | ||
| OUT PULONG ReturnedSize | OPTIONAL | ||
| ) |
Definition at line 979 of file ldrapi.c.
984{
987 PLDR_DATA_TABLE_ENTRY Module, InitModule;
993
995
996 /* Acquire loader lock */
998
999 _SEH2_TRY
1000 {
1001 /* Check if we were given enough space */
1003 {
1005 }
1006 else
1007 {
1008 ModuleInformation->NumberOfModules = 0;
1009 ModulePtr = &ModuleInformation->Modules[0];
1011 }
1012
1013 /* Traverse the list of modules */
1016
1018 {
1020
1022
1023 /* Increase the used size */
1025
1027 {
1029 }
1030 else
1031 {
1037 ModulePtr->InitOrderIndex = 0;
1038 ModulePtr->LoadOrderIndex = ModuleInformation->NumberOfModules;
1039
1040 /* Now get init order index by traversing init list */
1041 InitListHead = &NtCurrentPeb()->Ldr->InInitializationOrderModuleList;
1042 InitEntry = InitListHead->Flink;
1043
1044 while (InitEntry != InitListHead)
1045 {
1047
1048 /* Increase the index */
1049 ModulePtr->InitOrderIndex++;
1050
1051 /* Quit the loop if our module is found */
1052 if (InitModule == Module) break;
1053
1054 /* Advance to the next entry */
1055 InitEntry = InitEntry->Flink;
1056 }
1057
1058 /* Prepare ANSI string with the module's name */
1059 AnsiString.Length = 0;
1063 &Module->FullDllName,
1064 FALSE);
1065
1066 /* Calculate OffsetToFileName field */
1070 else
1071 ModulePtr->OffsetToFileName = 0;
1072
1073 /* Advance to the next module in the output list */
1074 ModulePtr++;
1075
1076 /* Increase number of modules */
1077 if (ModuleInformation)
1078 ModuleInformation->NumberOfModules++;
1079 }
1080
1081 /* Go to the next entry in the modules list */
1083 }
1084
1085 /* Set returned size if it was provided */
1087 *ReturnedSize = UsedSize;
1088 }
1090 {
1091 /* Ignoring the exception */
1092 } _SEH2_END;
1093
1094 /* Release the lock */
1096
1098
1100}
NTSYSAPI NTSTATUS NTAPI RtlLeaveCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
struct _RTL_PROCESS_MODULE_INFORMATION RTL_PROCESS_MODULE_INFORMATION
NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToAnsiString(PANSI_STRING DestinationString, PUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString)
_Check_return_ _CRTIMP _CONST_RETURN char *__cdecl strrchr(_In_z_ const char *_Str, _In_ int _Ch)
Definition: env_spec_w32.h:375
Definition: rtltypes.h:1002
Referenced by LdrQueryProcessModuleInformation().
◆ LdrSetAppCompatDllRedirectionCallback()
| NTSTATUS NTAPI LdrSetAppCompatDllRedirectionCallback | ( | _In_ ULONG | Flags, |
| _In_ PLDR_APP_COMPAT_DLL_REDIRECTION_CALLBACK_FUNCTION | CallbackFunction, | ||
| _In_opt_ PVOID | CallbackData | ||
| ) |
◆ LdrSetDllManifestProber()
| VOID NTAPI LdrSetDllManifestProber | ( | _In_ PLDR_MANIFEST_PROBER_ROUTINE | Routine | ) |
Definition at line 73 of file ldrapi.c.
75{
76 LdrpManifestProberRoutine = Routine;
77}
PLDR_MANIFEST_PROBER_ROUTINE LdrpManifestProberRoutine
Definition: ldrpe.c:18
Referenced by DllMain().
◆ LdrUnloadAlternateResourceModule()
Definition at line 1629 of file ldrapi.c.
1630{
1632
1633 /* Acquire the loader lock */
1635
1636 /* Check if there's any alternate resources loaded */
1638 {
1639 UNIMPLEMENTED;
1640 }
1641
1642 /* Release the loader lock */
1644
1645 /* All done */
1647}
Referenced by FreeLibrary(), FreeLibraryAndExitThread(), and LdrUnloadDll().
◆ LdrUnloadDll()
Definition at line 1322 of file ldrapi.c.
1323{
1326 PLDR_DATA_TABLE_ENTRY LdrEntry, CurrentEntry;
1327 PVOID EntryPoint;
1328 PLIST_ENTRY NextEntry;
1329 LIST_ENTRY UnloadList;
1330 RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
1331 PVOID CorImageData;
1332 ULONG ComSectionSize;
1333
1334 /* Get the LDR Lock */
1336
1337 /* Increase the unload count */
1338 LdrpActiveUnloadCount++;
1339
1340 /* Skip unload */
1342
1343 /* Make sure the DLL is valid and get its entry */
1345 {
1347 goto Quickie;
1348 }
1349
1350 /* Check the current Load Count */
1352 {
1353 /* Decrease it */
1354 LdrEntry->LoadCount--;
1355
1356 /* If it's a dll */
1358 {
1359 /* Set up the Act Ctx */
1363
1364 /* Activate the ActCtx */
1366 LdrEntry->EntryPointActivationContext);
1367
1368 /* Update the load count */
1370
1371 /* Release the context */
1373 }
1374 }
1375 else
1376 {
1377 /* The DLL is locked */
1378 goto Quickie;
1379 }
1380
1381 /* Show debug message */
1383
1384 /* Check if this is our only unload and initialize the list if so */
1386
1387 /* Loop the modules to build the list */
1390 {
1391 /* Get the entry */
1392 LdrEntry = CONTAINING_RECORD(NextEntry,
1393 LDR_DATA_TABLE_ENTRY,
1394 InInitializationOrderLinks);
1395 NextEntry = NextEntry->Blink;
1396
1397 /* Remove flag */
1398 LdrEntry->Flags &= ~LDRP_UNLOAD_IN_PROGRESS;
1399
1400 /* If the load count is now 0 */
1402 {
1403 /* Show message */
1405 {
1407 LdrpActiveUnloadCount,
1411 LdrEntry->EntryPoint);
1412 }
1413
1414 /* Call Shim Engine and notify */
1416 {
1418 SE_DllUnloaded(LdrEntry);
1419 }
1420
1421 /* Unlink it */
1422 CurrentEntry = LdrEntry;
1426
1427 /* If there's more then one active unload */
1429 {
1430 /* Flush the cached DLL handle and clear the list */
1433 }
1434
1435 /* Add the entry on the unload list */
1437 }
1438 }
1439
1440 /* Only call the entrypoints once */
1442
1443 /* Now loop the unload list and create our own */
1444 InitializeListHead(&UnloadList);
1445 CurrentEntry = NULL;
1448 {
1449 /* Get the current entry */
1451
1452 LdrpRecordUnloadEvent(LdrEntry);
1453
1454 /* Set the entry and clear it from the list */
1455 CurrentEntry = LdrEntry;
1458
1459 /* Move it from the global to the local list */
1462
1463 /* Get the entrypoint */
1464 EntryPoint = LdrEntry->EntryPoint;
1465
1466 /* Check if we should call it */
1468 {
1469 /* Show message */
1471 {
1473 }
1474
1475 /* Set up the Act Ctx */
1479
1480 /* Activate the ActCtx */
1482 LdrEntry->EntryPointActivationContext);
1483
1484 /* Call the entrypoint */
1485 _SEH2_TRY
1486 {
1488 LdrEntry->DllBase,
1489 DLL_PROCESS_DETACH,
1490 NULL);
1491 }
1493 {
1496 }
1497 _SEH2_END;
1498
1499 /* Release the context */
1501 }
1502
1503 /* Remove it from the list */
1505 CurrentEntry = NULL;
1507 }
1508
1509 /* Now loop our local list */
1510 NextEntry = UnloadList.Flink;
1511 while (NextEntry != &UnloadList)
1512 {
1513 /* Get the entry */
1515 NextEntry = NextEntry->Flink;
1516 CurrentEntry = LdrEntry;
1517
1518 /* Notify Application Verifier */
1520 {
1521 AVrfDllUnloadNotification(LdrEntry);
1522 }
1523
1524 /* Show message */
1526 {
1528 }
1529
1530 /* Check if this is a .NET executable */
1532 TRUE,
1534 &ComSectionSize);
1535 if (CorImageData)
1536 {
1537 /* FIXME */
1539 }
1540
1541 /* Check if we should unmap*/
1543 {
1544 /* Unmap the DLL */
1546 CurrentEntry->DllBase);
1548 }
1549
1550 /* Unload the alternate resource module, if any */
1552
1553 /* FIXME: Send shutdown notification */
1554 //LdrpSendDllNotifications(CurrentEntry, 2, LdrpShutdownInProgress);
1555
1556 /* Check if a Hotpatch is active */
1558 {
1559 /* FIXME */
1561 }
1562
1563 /* Deallocate the Entry */
1564 LdrpFinalizeAndDeallocateDataTableEntry(CurrentEntry);
1565
1566 /* If this is the cached entry, invalidate it */
1568 {
1570 }
1571 }
1572
1573Quickie:
1574 /* Decrease unload count */
1575 LdrpActiveUnloadCount--;
1577
1578 /* Return to caller */
1580}
NTSTATUS NTAPI NtUnmapViewOfSection(IN HANDLE ProcessHandle, IN PVOID BaseAddress)
Definition: section.c:3848
Definition: nsiface.idl:2307
BOOLEAN NTAPI LdrUnloadAlternateResourceModule(IN PVOID BaseAddress)
Definition: ldrapi.c:1629
#define RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER
Definition: rtltypes.h:101
VOID NTAPI LdrpFinalizeAndDeallocateDataTableEntry(IN PLDR_DATA_TABLE_ENTRY Entry)
Definition: ldrutils.c:1598
BOOLEAN NTAPI LdrpCallInitRoutine(IN PDLL_INIT_ROUTINE EntryPoint, IN PVOID BaseAddress, IN ULONG Reason, IN PVOID Context)
Definition: ldrutils.c:100
VOID NTAPI AVrfDllUnloadNotification(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: verifier.c:328
VOID NTAPI LdrpRecordUnloadEvent(_In_ PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: trace.c:28
#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Definition: ntimage.h:489
PRTL_ACTIVATION_CONTEXT_STACK_FRAME FASTCALL RtlActivateActivationContextUnsafeFast(IN PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED Frame, IN PVOID Context)
Definition: actctx.c:5934
PRTL_ACTIVATION_CONTEXT_STACK_FRAME FASTCALL RtlDeactivateActivationContextUnsafeFast(IN PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED Frame)
Definition: actctx.c:6011
PACTIVATION_CONTEXT EntryPointActivationContext
Definition: ldrtypes.h:163
LIST_ENTRY InInitializationOrderLinks
Definition: ldrtypes.h:140
LIST_ENTRY InInitializationOrderModuleList
Definition: ldrtypes.h:122
Definition: btrfs_drv.h:1907
Referenced by BasepReplaceProcessThreadTokens(), CsrLoadServerDll(), FreeLibrary(), FreeLibraryAndExitThread(), InitApphelp(), LdrpLoadDll(), LdrpUnloadShimEngine(), LsapAddAuthPackage(), PropertyLengthAsVariant(), RtlConvertPropertyToVariant(), and RtlConvertVariantToProperty().
◆ LdrUnlockLoaderLock()
Definition at line 101 of file ldrapi.c.
103{
105
107
108 /* Check for valid flags */
110 {
111 /* Flags are invalid, check how to fail */
113 {
114 /* The caller wants us to raise status */
116 }
117
118 /* A normal failure */
120 }
121
122 /* If we don't have a cookie, just return */
124
125 /* Validate the cookie */
128 {
130
131 /* Invalid cookie, check how to fail */
133 {
134 /* The caller wants us to raise status */
136 }
137
138 /* A normal failure */
140 }
141
142 /* Ready to release the lock */
144 {
145 /* Do a direct leave */
147 }
148 else
149 {
150 /* Wrap this in SEH, since we're not supposed to raise */
151 _SEH2_TRY
152 {
153 /* Leave the lock */
155 }
157 {
158 /* We should use the LDR Filter instead */
160 }
161 _SEH2_END;
162 }
163
164 /* All done */
166}
Referenced by BasepGetModuleHandleExW(), find_query_actctx(), get_module_filename(), GetModuleFileNameW(), LdrAddRefDll(), LdrDisableThreadCalloutsForDll(), LdrEnumerateLoadedModules(), LdrGetDllHandleEx(), LdrInitShimEngineDynamic(), LdrLoadDll(), and LdrUnloadAlternateResourceModule().
◆ LdrVerifyImageMatchesChecksum()
| NTSTATUS NTAPI LdrVerifyImageMatchesChecksum | ( | IN HANDLE | FileHandle, |
| IN PLDR_CALLBACK | Callback, | ||
| IN PVOID | CallbackContext, | ||
| OUT PUSHORT | ImageCharacteristics | ||
| ) |
Definition at line 837 of file ldrapi.c.
841{
842 FILE_STANDARD_INFORMATION FileStandardInfo;
843 PIMAGE_IMPORT_DESCRIPTOR ImportData;
846 PIMAGE_NT_HEADERS NtHeader;
847 HANDLE SectionHandle;
849 PVOID ViewBase;
852 PVOID ImportName;
855
856 /* If the handle has the magic KnownDll flag, skip actual checksums */
858
859 /* Create the section */
861 SECTION_MAP_EXECUTE,
862 NULL,
863 NULL,
864 PAGE_EXECUTE,
865 SEC_COMMIT,
866 FileHandle);
868 {
871 }
872
873 /* Map the section */
874 ViewSize = 0;
875 ViewBase = NULL;
877 NtCurrentProcess(),
878 &ViewBase,
879 0,
880 0,
881 NULL,
882 &ViewSize,
883 ViewShare,
884 0,
885 PAGE_EXECUTE);
887 {
889 NtClose(SectionHandle);
891 }
892
893 /* Get the file information */
895 &IoStatusBlock,
896 &FileStandardInfo,
898 FileStandardInformation);
900 {
903 NtClose(SectionHandle);
905 }
906
907 /* Protect with SEH */
908 _SEH2_TRY
909 {
910 /* Check if this is the KnownDll hack */
911 if (NoActualCheck)
912 {
913 /* Don't actually do it */
915 }
916 else
917 {
918 /* Verify the checksum */
922 }
923
924 /* Check if a callback was supplied */
926 {
927 /* Get the NT Header */
928 NtHeader = RtlImageNtHeader(ViewBase);
929
930 /* Check if caller requested this back */
931 if (ImageCharacteristics)
932 {
933 /* Return to caller */
935 }
936
937 /* Get the Import Directory Data */
938 ImportData = RtlImageDirectoryEntryToData(ViewBase,
939 FALSE,
941 &Size);
942
943 /* Make sure there is one */
944 if (ImportData)
945 {
946 /* Loop the imports */
948 {
949 /* Get the name */
950 ImportName = RtlImageRvaToVa(NtHeader,
951 ViewBase,
952 ImportData->Name,
953 &LastSection);
954
955 /* Notify the callback */
957 ImportData++;
958 }
959 }
960 }
961 }
963 {
964 /* Fail the request returning STATUS_IMAGE_CHECKSUM_MISMATCH */
966 }
967 _SEH2_END;
968
969 /* Unmap file and close handle */
971 NtClose(SectionHandle);
972
973 /* Return status */
975}
NTSTATUS NTAPI NtCreateSection(OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG SectionPageProtection OPTIONAL, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL)
Definition: section.c:3441
NTSTATUS NTAPI NtMapViewOfSection(IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG_PTR ZeroBits, IN SIZE_T CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PSIZE_T ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Protect)
Definition: section.c:3622
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE FileHandle
Definition: fltkernel.h:1231
BOOLEAN NTAPI LdrVerifyMappedImageMatchesChecksum(_In_ PVOID BaseAddress, _In_ SIZE_T NumberOfBytes, _In_ ULONG FileLength)
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T ViewSize
Definition: mmfuncs.h:408
NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(IN HANDLE hFile, OUT PIO_STATUS_BLOCK pIoStatusBlock, OUT PVOID FileInformationBuffer, IN ULONG FileInformationBufferLength, IN FILE_INFORMATION_CLASS FileInfoClass)
Definition: propsheet.cpp:53
Definition: ntimage.h:572
Definition: pedump.c:280
Definition: env_spec_w32.h:870
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR _In_ ULONGLONG _In_ ULONGLONG _In_opt_ PEVENT_FILTER_DESCRIPTOR _Inout_opt_ PVOID CallbackContext
Definition: wmitypes.h:60
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
Referenced by SmpInitializeKnownDllsInternal().
◆ RtlDllShutdownInProgress()
Variable Documentation
◆ AlternateResourceModuleCount
| ULONG AlternateResourceModuleCount |
Definition at line 23 of file ldrapi.c.
Referenced by LdrUnloadAlternateResourceModule().
◆ LdrApiDefaultExtension
| UNICODE_STRING LdrApiDefaultExtension = RTL_CONSTANT_STRING(L".DLL") |
Definition at line 22 of file ldrapi.c.
Referenced by LdrGetDllHandleEx(), LdrLoadDll(), LdrpLoadDll(), LdrpLoadImportModule(), LdrpSnapThunk(), and LdrpUpdateLoadCount3().
◆ LdrpBreakOnRecursiveDllLoads
| BOOLEAN LdrpBreakOnRecursiveDllLoads |
Definition at line 21 of file ldrapi.c.
Referenced by LdrLoadDll().
◆ LdrpLoaderLockAcquisitionCount
| LONG LdrpLoaderLockAcquisitionCount |
Definition at line 20 of file ldrapi.c.
Referenced by LdrpMakeCookie().
◆ LdrpManifestProberRoutine
|
extern |
Definition at line 18 of file ldrpe.c.
Referenced by LdrpWalkImportDescriptor(), and LdrSetDllManifestProber().
◆ LdrpShowRecursiveLoads
| BOOLEAN LdrpShowRecursiveLoads |
Definition at line 21 of file ldrapi.c.
Referenced by LdrLoadDll().
◆ LdrpUnloadHead
| LIST_ENTRY LdrpUnloadHead |
Definition at line 19 of file ldrapi.c.
Referenced by LdrUnloadDll().
