ReactOS 0.4.16-dev-1946-g52006dd
Functions
libsupp.c File Reference
#include "bl.h"
Include dependency graph for libsupp.c:

Go to the source code of this file.

Functions

NTSTATUS NTAPI RtlpImageNtHeaderEx (_In_ ULONG Flags, _In_ PVOID Base, _In_ ULONG64 Size, _Out_ PIMAGE_NT_HEADERS *OutHeaders)
 
NTSTATUS NTAPI RtlImageNtHeaderEx (_In_ ULONG Flags, _In_ PVOID Base, _In_ ULONG64 Size, _Out_ PIMAGE_NT_HEADERS *OutHeaders)
 

Function Documentation

◆ RtlImageNtHeaderEx()

NTSTATUS NTAPI RtlImageNtHeaderEx ( _In_ ULONG  Flags,
_In_ PVOID  Base,
_In_ ULONG64  Size,
_Out_ PIMAGE_NT_HEADERS OutHeaders 
)

Definition at line 32 of file libsupp.c.

37{
38 return RtlpImageNtHeaderEx(Flags, Base, Size, OutHeaders);
39}
RtlpImageNtHeaderEx
NTSTATUS NTAPI RtlpImageNtHeaderEx(_In_ ULONG Flags, _In_ PVOID Base, _In_ ULONG64 Size, _Out_ PIMAGE_NT_HEADERS *OutHeaders)
Definition: image.c:140
Base
_In_opt_ ULONG Base
Definition: rtlfuncs.h:2486
Size
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4539
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170

Referenced by BlImgFindSection(), ImgArchEfiStartBootApplication(), ImgpInitializeBootApplicationParameters(), ImgpLoadPEImage(), LdrpCheckForLoadedDll(), and RtlImageNtHeader().

◆ RtlpImageNtHeaderEx()

NTSTATUS NTAPI RtlpImageNtHeaderEx ( _In_ ULONG  Flags,
_In_ PVOID  Base,
_In_ ULONG64  Size,
_Out_ PIMAGE_NT_HEADERS OutHeaders 
)

Definition at line 140 of file image.c.

145{
146 PIMAGE_NT_HEADERS NtHeaders;
147 PIMAGE_DOS_HEADER DosHeader;
148 BOOLEAN WantsRangeCheck;
149 ULONG NtHeaderOffset;
150
151 /* You must want NT Headers, no? */
152 if (OutHeaders == NULL)
153 {
154 DPRINT1("OutHeaders is NULL\n");
155 return STATUS_INVALID_PARAMETER;
156 }
157
158 /* Assume failure */
159 *OutHeaders = NULL;
160
161 /* Validate Flags */
162 if (Flags & ~RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK)
163 {
164 DPRINT1("Invalid flags: 0x%lx\n", Flags);
165 return STATUS_INVALID_PARAMETER;
166 }
167
168 /* Validate base */
169 if ((Base == NULL) || (Base == (PVOID)-1))
170 {
171 DPRINT1("Invalid base address: %p\n", Base);
172 return STATUS_INVALID_PARAMETER;
173 }
174
175 /* Check if the caller wants range checks */
176 WantsRangeCheck = !(Flags & RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK);
177 if (WantsRangeCheck)
178 {
179 /* Make sure the image size is at least big enough for the DOS header */
180 if (Size < sizeof(IMAGE_DOS_HEADER))
181 {
182 DPRINT1("Size too small\n");
183 return STATUS_INVALID_IMAGE_FORMAT;
184 }
185 }
186
187 /* Check if the DOS Signature matches */
188 DosHeader = Base;
189 if (DosHeader->e_magic != IMAGE_DOS_SIGNATURE)
190 {
191 /* Not a valid COFF */
192 DPRINT1("Invalid image DOS signature!\n");
193 return STATUS_INVALID_IMAGE_FORMAT;
194 }
195
196 /* Get the offset to the NT headers (and copy from LONG to ULONG) */
197 NtHeaderOffset = DosHeader->e_lfanew;
198
199 /* The offset must not be larger than 256MB, as a hard-coded check.
200 In Windows this check is only done in user mode, not in kernel mode,
201 but it shouldn't harm to have it anyway. Note that without this check,
202 other overflow checks would become necessary! */
203 if (NtHeaderOffset >= (256 * 1024 * 1024))
204 {
205 /* Fail */
206 DPRINT1("NT headers offset is larger than 256MB!\n");
207 return STATUS_INVALID_IMAGE_FORMAT;
208 }
209
210 /* Check if the caller wants validation */
211 if (WantsRangeCheck)
212 {
213 /* Make sure the file header fits into the size */
214 if ((NtHeaderOffset +
215 RTL_SIZEOF_THROUGH_FIELD(IMAGE_NT_HEADERS, FileHeader)) >= Size)
216 {
217 /* Fail */
218 DPRINT1("NT headers beyond image size!\n");
219 return STATUS_INVALID_IMAGE_FORMAT;
220 }
221 }
222
223 /* Now get a pointer to the NT Headers */
224 NtHeaders = (PIMAGE_NT_HEADERS)((ULONG_PTR)Base + NtHeaderOffset);
225
226 /* Check if the mapping is in user space */
227 if (Base <= MmHighestUserAddress)
228 {
229 /* Make sure we don't overflow into kernel space */
230 if ((PVOID)(NtHeaders + 1) > MmHighestUserAddress)
231 {
232 DPRINT1("Image overflows from user space into kernel space!\n");
233 return STATUS_INVALID_IMAGE_FORMAT;
234 }
235 }
236
237 /* Verify the PE Signature */
238 if (NtHeaders->Signature != IMAGE_NT_SIGNATURE)
239 {
240 /* Fail */
241 DPRINT1("Invalid image NT signature!\n");
242 return STATUS_INVALID_IMAGE_FORMAT;
243 }
244
245 /* Now return success and the NT header */
246 *OutHeaders = NtHeaders;
247 return STATUS_SUCCESS;
248}
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
DPRINT1
#define DPRINT1
Definition: precomp.h:8
NULL
#define NULL
Definition: types.h:112
PIMAGE_NT_HEADERS
PIMAGE_NT_HEADERS32 PIMAGE_NT_HEADERS
Definition: ntddk_ex.h:187
RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK
#define RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK
Definition: rtltypes.h:352
RTL_SIZEOF_THROUGH_FIELD
#define RTL_SIZEOF_THROUGH_FIELD(type, field)
Definition: ntbasedef.h:684
STATUS_INVALID_IMAGE_FORMAT
#define STATUS_INVALID_IMAGE_FORMAT
Definition: ntstatus.h:453
IMAGE_NT_SIGNATURE
#define IMAGE_NT_SIGNATURE
Definition: pedump.c:93
IMAGE_DOS_SIGNATURE
#define IMAGE_DOS_SIGNATURE
Definition: pedump.c:89
MmHighestUserAddress
PVOID MmHighestUserAddress
Definition: rtlcompat.c:29
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_IMAGE_DOS_HEADER
Definition: ntddk_ex.h:99
_IMAGE_DOS_HEADER::e_magic
WORD e_magic
Definition: ntddk_ex.h:100
_IMAGE_DOS_HEADER::e_lfanew
LONG e_lfanew
Definition: ntddk_ex.h:118
_IMAGE_NT_HEADERS
Definition: ntddk_ex.h:181
_IMAGE_NT_HEADERS::Signature
DWORD Signature
Definition: ntddk_ex.h:182
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
ULONG
uint32_t ULONG
Definition: typedefs.h:59
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135

Referenced by RtlImageNtHeaderEx().