ReactOS 0.4.15-dev-7089-gea8a49d
ldrutils.c
Go to the documentation of this file.
1/*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS NT User-Mode Library
4 * FILE: dll/ntdll/ldr/ldrutils.c
5 * PURPOSE: Internal Loader Utility Functions
6 * PROGRAMMERS: Alex Ionescu (alex@relsoft.net)
7 * Aleksey Bragin (aleksey@reactos.org)
8 */
9
10/* INCLUDES *****************************************************************/
11
12#include <ntdll.h>
13
14#define NDEBUG
15#include <debug.h>
16
17/* GLOBALS *******************************************************************/
18
19PLDR_DATA_TABLE_ENTRY LdrpLoadedDllHandleCache, LdrpGetModuleHandleCache;
20
21BOOLEAN g_ShimsEnabled;
22PVOID g_pShimEngineModule;
23PVOID g_pfnSE_DllLoaded;
24PVOID g_pfnSE_DllUnloaded;
25PVOID g_pfnSE_InstallBeforeInit;
26PVOID g_pfnSE_InstallAfterInit;
27PVOID g_pfnSE_ProcessDying;
28
29/* FUNCTIONS *****************************************************************/
30
31NTSTATUS
32NTAPI
33LdrpAllocateUnicodeString(IN OUT PUNICODE_STRING StringOut,
34 IN ULONG Length)
35{
36 /* Sanity checks */
37 ASSERT(StringOut);
38 ASSERT(Length <= UNICODE_STRING_MAX_BYTES);
39
40 /* Assume failure */
41 StringOut->Length = 0;
42
43 /* Make sure it's not mis-aligned */
44 if (Length & 1)
45 {
46 /* Fail */
47 StringOut->Buffer = NULL;
48 StringOut->MaximumLength = 0;
49 return STATUS_INVALID_PARAMETER;
50 }
51
52 /* Allocate the string*/
53 StringOut->Buffer = RtlAllocateHeap(LdrpHeap,
54 0,
55 Length + sizeof(WCHAR));
56 if (!StringOut->Buffer)
57 {
58 /* Fail */
59 StringOut->MaximumLength = 0;
60 return STATUS_NO_MEMORY;
61 }
62
63 /* Null-terminate it */
64 StringOut->Buffer[Length / sizeof(WCHAR)] = UNICODE_NULL;
65
66 /* Check if this is a maximum-sized string */
67 if (Length != UNICODE_STRING_MAX_BYTES)
68 {
69 /* It's not, so set the maximum length to be one char more */
70 StringOut->MaximumLength = (USHORT)Length + sizeof(UNICODE_NULL);
71 }
72 else
73 {
74 /* The length is already the maximum possible */
75 StringOut->MaximumLength = UNICODE_STRING_MAX_BYTES;
76 }
77
78 /* Return success */
79 return STATUS_SUCCESS;
80}
81
82VOID
83NTAPI
84LdrpFreeUnicodeString(IN PUNICODE_STRING StringIn)
85{
86 ASSERT(StringIn != NULL);
87
88 /* If Buffer is not NULL - free it */
89 if (StringIn->Buffer)
90 {
91 RtlFreeHeap(LdrpHeap, 0, StringIn->Buffer);
92 }
93
94 /* Zero it out */
95 RtlInitEmptyUnicodeString(StringIn, NULL, 0);
96}
97
98BOOLEAN
99NTAPI
100LdrpCallInitRoutine(IN PDLL_INIT_ROUTINE EntryPoint,
101 IN PVOID BaseAddress,
102 IN ULONG Reason,
103 IN PVOID Context)
104{
105 /* Call the entry */
106 return EntryPoint(BaseAddress, Reason, Context);
107}
108
109/* NOTE: This function is broken */
110VOID
111NTAPI
112LdrpUpdateLoadCount3(IN PLDR_DATA_TABLE_ENTRY LdrEntry,
113 IN ULONG Flags,
114 OUT PUNICODE_STRING UpdateString)
115{
116 PIMAGE_BOUND_FORWARDER_REF NewImportForwarder;
117 PIMAGE_BOUND_IMPORT_DESCRIPTOR FirstEntry;
118 PIMAGE_BOUND_IMPORT_DESCRIPTOR BoundEntry;
119 PIMAGE_IMPORT_DESCRIPTOR ImportEntry;
120 PIMAGE_THUNK_DATA FirstThunk;
121 PLDR_DATA_TABLE_ENTRY Entry;
122 PUNICODE_STRING ImportNameUnic, RedirectedImportName;
123 ANSI_STRING ImportNameAnsi;
124 LPSTR ImportName;
125 ULONG ImportSize;
126 NTSTATUS Status;
127 ULONG i;
128 BOOLEAN RedirectedDll;
129 RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
130
131 /* Set up the Act Ctx */
132 ActCtx.Size = sizeof(ActCtx);
133 ActCtx.Format = RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER;
134 RtlZeroMemory(&ActCtx.Frame, sizeof(RTL_ACTIVATION_CONTEXT_STACK_FRAME));
135
136 /* Activate the ActCtx */
137 RtlActivateActivationContextUnsafeFast(&ActCtx,
138 LdrEntry->EntryPointActivationContext);
139
140 /* Check the action we need to perform */
141 if ((Flags == LDRP_UPDATE_REFCOUNT) || (Flags == LDRP_UPDATE_PIN))
142 {
143 /* Make sure entry is not being loaded already */
144 if (LdrEntry->Flags & LDRP_LOAD_IN_PROGRESS)
145 goto done;
146
147 LdrEntry->Flags |= LDRP_LOAD_IN_PROGRESS;
148 }
149 else if (Flags == LDRP_UPDATE_DEREFCOUNT)
150 {
151 /* Make sure the entry is not being unloaded already */
152 if (LdrEntry->Flags & LDRP_UNLOAD_IN_PROGRESS)
153 goto done;
154
155 LdrEntry->Flags |= LDRP_UNLOAD_IN_PROGRESS;
156 }
157
158 /* Go through all bound DLLs and dereference them */
159 ImportNameUnic = &NtCurrentTeb()->StaticUnicodeString;
160
161 /* Try to get the new import entry */
162 FirstEntry = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
163 TRUE,
164 IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT,
165 &ImportSize);
166
167 if (FirstEntry)
168 {
169 /* Set entry flags if refing/derefing */
170 if (Flags == LDRP_UPDATE_REFCOUNT)
171 LdrEntry->Flags |= LDRP_LOAD_IN_PROGRESS;
172 else if (Flags == LDRP_UPDATE_DEREFCOUNT)
173 LdrEntry->Flags |= LDRP_UNLOAD_IN_PROGRESS;
174
175 BoundEntry = FirstEntry;
176 while (BoundEntry->OffsetModuleName)
177 {
178 /* Get pointer to the current import name */
179 ImportName = (LPSTR)FirstEntry + BoundEntry->OffsetModuleName;
180
181 RtlInitAnsiString(&ImportNameAnsi, ImportName);
182 Status = RtlAnsiStringToUnicodeString(ImportNameUnic, &ImportNameAnsi, FALSE);
183
184 if (NT_SUCCESS(Status))
185 {
186 RedirectedDll = FALSE;
187 RedirectedImportName = ImportNameUnic;
188
189 /* Check if the SxS Assemblies specify another file */
190 Status = RtlDosApplyFileIsolationRedirection_Ustr(TRUE,
191 ImportNameUnic,
192 &LdrApiDefaultExtension,
193 UpdateString,
194 NULL,
195 &RedirectedImportName,
196 NULL,
197 NULL,
198 NULL);
199
200 /* Check success */
201 if (NT_SUCCESS(Status))
202 {
203 /* Let Ldrp know */
204 if (ShowSnaps)
205 {
206 DPRINT1("LDR: %Z got redirected to %wZ\n", &ImportNameAnsi, RedirectedImportName);
207 }
208
209 RedirectedDll = TRUE;
210 }
211
212 if (RedirectedDll || Status == STATUS_SXS_KEY_NOT_FOUND)
213 {
214 if (LdrpCheckForLoadedDll(NULL,
215 RedirectedImportName,
216 TRUE,
217 RedirectedDll,
218 &Entry))
219 {
220 if (Entry->LoadCount != 0xFFFF)
221 {
222 /* Perform the required action */
223 switch (Flags)
224 {
225 case LDRP_UPDATE_REFCOUNT:
226 Entry->LoadCount++;
227 break;
228 case LDRP_UPDATE_DEREFCOUNT:
229 Entry->LoadCount--;
230 break;
231 case LDRP_UPDATE_PIN:
232 Entry->LoadCount = 0xFFFF;
233 break;
234 }
235
236 /* Show snaps */
237 if (ShowSnaps)
238 {
239 DPRINT1("LDR: Flags %lu %wZ (%lx)\n", Flags, RedirectedImportName, Entry->LoadCount);
240 }
241 }
242
243 /* Recurse into this entry */
244 LdrpUpdateLoadCount3(Entry, Flags, UpdateString);
245 }
246 else if (RedirectedDll)
247 {
248 DPRINT1("LDR: LdrpCheckForLoadedDll failed for redirected dll %wZ\n", RedirectedImportName);
249 }
250 }
251 else
252 {
253 /* Unrecoverable SxS failure */
254 DPRINT1("LDR: RtlDosApplyFileIsolationRedirection_Ustr failed with status %x for dll %wZ\n", Status, ImportNameUnic);
255 }
256
257 }
258
259 /* Go through forwarders */
260 NewImportForwarder = (PIMAGE_BOUND_FORWARDER_REF)(BoundEntry + 1);
261 for (i = 0; i < BoundEntry->NumberOfModuleForwarderRefs; i++)
262 {
263 ImportName = (LPSTR)FirstEntry + NewImportForwarder->OffsetModuleName;
264
265 RtlInitAnsiString(&ImportNameAnsi, ImportName);
266 Status = RtlAnsiStringToUnicodeString(ImportNameUnic, &ImportNameAnsi, FALSE);
267 if (NT_SUCCESS(Status))
268 {
269 RedirectedDll = FALSE;
270 RedirectedImportName = ImportNameUnic;
271
272 /* Check if the SxS Assemblies specify another file */
273 Status = RtlDosApplyFileIsolationRedirection_Ustr(TRUE,
274 ImportNameUnic,
275 &LdrApiDefaultExtension,
276 UpdateString,
277 NULL,
278 &RedirectedImportName,
279 NULL,
280 NULL,
281 NULL);
282 /* Check success */
283 if (NT_SUCCESS(Status))
284 {
285 if (ShowSnaps)
286 {
287 DPRINT1("LDR: %Z got redirected to %wZ\n", &ImportNameAnsi, RedirectedImportName);
288 }
289 /* Let Ldrp know */
290 RedirectedDll = TRUE;
291 }
292
293 if (RedirectedDll || Status == STATUS_SXS_KEY_NOT_FOUND)
294 {
295 if (LdrpCheckForLoadedDll(NULL,
296 RedirectedImportName,
297 TRUE,
298 RedirectedDll,
299 &Entry))
300 {
301 if (Entry->LoadCount != 0xFFFF)
302 {
303 /* Perform the required action */
304 switch (Flags)
305 {
306 case LDRP_UPDATE_REFCOUNT:
307 Entry->LoadCount++;
308 break;
309 case LDRP_UPDATE_DEREFCOUNT:
310 Entry->LoadCount--;
311 break;
312 case LDRP_UPDATE_PIN:
313 Entry->LoadCount = 0xFFFF;
314 break;
315 }
316
317 /* Show snaps */
318 if (ShowSnaps)
319 {
320 DPRINT1("LDR: Flags %lu %wZ (%lx)\n", Flags, RedirectedImportName, Entry->LoadCount);
321 }
322 }
323
324 /* Recurse into this entry */
325 LdrpUpdateLoadCount3(Entry, Flags, UpdateString);
326 }
327 else if (RedirectedDll)
328 {
329 DPRINT1("LDR: LdrpCheckForLoadedDll failed with status %x for redirected dll %wZ\n", Status, RedirectedImportName);
330 }
331 }
332 else
333 {
334 /* Unrecoverable SxS failure */
335 DPRINT1("LDR: RtlDosApplyFileIsolationRedirection_Ustr failed with status %x for dll %wZ\n", Status, ImportNameUnic);
336 }
337
338 }
339
340 NewImportForwarder++;
341 }
342
343 BoundEntry = (PIMAGE_BOUND_IMPORT_DESCRIPTOR)NewImportForwarder;
344 }
345
346 /* We're done */
347 goto done;
348 }
349
350 /* Check oldstyle import descriptor */
351 ImportEntry = (PIMAGE_IMPORT_DESCRIPTOR)RtlImageDirectoryEntryToData(LdrEntry->DllBase,
352 TRUE,
353 IMAGE_DIRECTORY_ENTRY_IMPORT,
354 &ImportSize);
355 if (ImportEntry)
356 {
357 /* There is old one, so go through its entries */
358 while (ImportEntry->Name && ImportEntry->FirstThunk)
359 {
360 FirstThunk = (PIMAGE_THUNK_DATA)((ULONG_PTR)LdrEntry->DllBase + ImportEntry->FirstThunk);
361
362 /* Skip this entry if needed */
363 if (!FirstThunk->u1.Function)
364 {
365 ImportEntry++;
366 continue;
367 }
368
369 ImportName = (PSZ)((ULONG_PTR)LdrEntry->DllBase + ImportEntry->Name);
370
371 RtlInitAnsiString(&ImportNameAnsi, ImportName);
372 Status = RtlAnsiStringToUnicodeString(ImportNameUnic, &ImportNameAnsi, FALSE);
373 if (NT_SUCCESS(Status))
374 {
375 RedirectedDll = FALSE;
376 RedirectedImportName = ImportNameUnic;
377
378 /* Check if the SxS Assemblies specify another file */
379 Status = RtlDosApplyFileIsolationRedirection_Ustr(TRUE,
380 ImportNameUnic,
381 &LdrApiDefaultExtension,
382 UpdateString,
383 NULL,
384 &RedirectedImportName,
385 NULL,
386 NULL,
387 NULL);
388 /* Check success */
389 if (NT_SUCCESS(Status))
390 {
391 if (ShowSnaps)
392 {
393 DPRINT1("LDR: %Z got redirected to %wZ\n", &ImportNameAnsi, RedirectedImportName);
394 }
395
396 /* Let Ldrp know */
397 RedirectedDll = TRUE;
398 }
399
400 if (RedirectedDll || Status == STATUS_SXS_KEY_NOT_FOUND)
401 {
402 if (LdrpCheckForLoadedDll(NULL,
403 RedirectedImportName,
404 TRUE,
405 RedirectedDll,
406 &Entry))
407 {
408 if (Entry->LoadCount != 0xFFFF)
409 {
410 /* Perform the required action */
411 switch (Flags)
412 {
413 case LDRP_UPDATE_REFCOUNT:
414 Entry->LoadCount++;
415 break;
416 case LDRP_UPDATE_DEREFCOUNT:
417 Entry->LoadCount--;
418 break;
419 case LDRP_UPDATE_PIN:
420 Entry->LoadCount = 0xFFFF;
421 break;
422 }
423
424 /* Show snaps */
425 if (ShowSnaps)
426 {
427 DPRINT1("LDR: Flags %lu %wZ (%lx)\n", Flags, RedirectedImportName, Entry->LoadCount);
428 }
429 }
430
431 /* Recurse */
432 LdrpUpdateLoadCount3(Entry, Flags, UpdateString);
433 }
434 else if (RedirectedDll)
435 {
436 DPRINT1("LDR: LdrpCheckForLoadedDll failed for redirected dll %wZ\n", RedirectedImportName);
437 }
438
439 }
440 else
441 {
442 /* Unrecoverable SxS failure */
443 DPRINT1("LDR: RtlDosApplyFileIsolationRedirection_Ustr failed for dll %wZ\n", ImportNameUnic);
444 }
445
446 }
447
448 /* Go to the next entry */
449 ImportEntry++;
450 }
451 }
452
453done:
454 /* Release the context */
455 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
456}
457
458VOID
459NTAPI
460LdrpUpdateLoadCount2(IN PLDR_DATA_TABLE_ENTRY LdrEntry,
461 IN ULONG Flags)
462{
463 WCHAR Buffer[MAX_PATH];
464 UNICODE_STRING UpdateString;
465
466 /* Setup the string and call the extended API */
467 RtlInitEmptyUnicodeString(&UpdateString, Buffer, sizeof(Buffer));
468 LdrpUpdateLoadCount3(LdrEntry, Flags, &UpdateString);
469}
470
471VOID
472NTAPI
473LdrpCallTlsInitializers(IN PLDR_DATA_TABLE_ENTRY LdrEntry,
474 IN ULONG Reason)
475{
476 PIMAGE_TLS_DIRECTORY TlsDirectory;
477 PIMAGE_TLS_CALLBACK *Array, Callback;
478 ULONG Size;
479
480 /* Get the TLS Directory */
481 TlsDirectory = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
482 TRUE,
483 IMAGE_DIRECTORY_ENTRY_TLS,
484 &Size);
485
486 /* Protect against invalid pointers */
487 _SEH2_TRY
488 {
489 /* Make sure it's valid */
490 if (TlsDirectory)
491 {
492 /* Get the array */
493 Array = (PIMAGE_TLS_CALLBACK *)TlsDirectory->AddressOfCallBacks;
494 if (Array)
495 {
496 /* Display debug */
497 if (ShowSnaps)
498 {
499 DPRINT1("LDR: Tls Callbacks Found. Imagebase %p Tls %p CallBacks %p\n",
500 LdrEntry->DllBase, TlsDirectory, Array);
501 }
502
503 /* Loop the array */
504 while (*Array)
505 {
506 /* Get the TLS Entrypoint */
507 Callback = *Array++;
508
509 /* Display debug */
510 if (ShowSnaps)
511 {
512 DPRINT1("LDR: Calling Tls Callback Imagebase %p Function %p\n",
513 LdrEntry->DllBase, Callback);
514 }
515
516 /* Call it */
517 LdrpCallInitRoutine((PDLL_INIT_ROUTINE)Callback,
518 LdrEntry->DllBase,
519 Reason,
520 NULL);
521 }
522 }
523 }
524 }
525 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
526 {
527 DPRINT1("LDR: Exception 0x%x during Tls Callback(%u) for %wZ\n",
528 _SEH2_GetExceptionCode(), Reason, &LdrEntry->BaseDllName);
529 }
530 _SEH2_END;
531}
532
533NTSTATUS
534NTAPI
535LdrpCodeAuthzCheckDllAllowed(IN PUNICODE_STRING FullName,
536 IN HANDLE DllHandle)
537{
538 /* Not implemented */
539 return STATUS_SUCCESS;
540}
541
542NTSTATUS
543NTAPI
544LdrpCreateDllSection(IN PUNICODE_STRING FullName,
545 IN HANDLE DllHandle,
546 IN PULONG DllCharacteristics OPTIONAL,
547 OUT PHANDLE SectionHandle)
548{
549 HANDLE FileHandle;
550 NTSTATUS Status;
551 OBJECT_ATTRIBUTES ObjectAttributes;
552 IO_STATUS_BLOCK IoStatusBlock;
553 ULONG_PTR HardErrorParameters[1];
554 ULONG Response;
555 SECTION_IMAGE_INFORMATION SectionImageInfo;
556
557 /* Check if we don't already have a handle */
558 if (!DllHandle)
559 {
560 /* Create the object attributes */
561 InitializeObjectAttributes(&ObjectAttributes,
562 FullName,
563 OBJ_CASE_INSENSITIVE,
564 NULL,
565 NULL);
566
567 /* Open the DLL */
568 Status = NtOpenFile(&FileHandle,
569 SYNCHRONIZE | FILE_EXECUTE | FILE_READ_DATA,
570 &ObjectAttributes,
571 &IoStatusBlock,
572 FILE_SHARE_READ | FILE_SHARE_DELETE,
573 FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT);
574
575 /* Check if we failed */
576 if (!NT_SUCCESS(Status))
577 {
578 /* Attempt to open for execute only */
579 Status = NtOpenFile(&FileHandle,
580 SYNCHRONIZE | FILE_EXECUTE,
581 &ObjectAttributes,
582 &IoStatusBlock,
583 FILE_SHARE_READ | FILE_SHARE_DELETE,
584 FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT);
585
586 /* Check if this failed too */
587 if (!NT_SUCCESS(Status))
588 {
589 /* Show debug message */
590 if (ShowSnaps)
591 {
592 DPRINT1("LDR: LdrpCreateDllSection - NtOpenFile failed; status = %x\n",
593 Status);
594 }
595
596 /* Make sure to return an expected status code */
597 if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
598 {
599 /* Callers expect this instead */
600 Status = STATUS_DLL_NOT_FOUND;
601 }
602
603 /* Return an empty section handle */
604 *SectionHandle = NULL;
605 return Status;
606 }
607 }
608 }
609 else
610 {
611 /* Use the handle we already have */
612 FileHandle = DllHandle;
613 }
614
615 /* Create a section for the DLL */
616 Status = NtCreateSection(SectionHandle,
617 SECTION_MAP_READ | SECTION_MAP_EXECUTE |
618 SECTION_MAP_WRITE | SECTION_QUERY,
619 NULL,
620 NULL,
621 PAGE_EXECUTE,
622 SEC_IMAGE,
623 FileHandle);
624
625 /* If mapping failed, raise a hard error */
626 if (!NT_SUCCESS(Status))
627 {
628 /* Forget the handle */
629 *SectionHandle = NULL;
630
631 /* Give the DLL name */
632 HardErrorParameters[0] = (ULONG_PTR)FullName;
633
634 /* Raise the error */
635 ZwRaiseHardError(STATUS_INVALID_IMAGE_FORMAT,
636 1,
637 1,
638 HardErrorParameters,
639 OptionOk,
640 &Response);
641
642 /* Increment the error count */
643 if (LdrpInLdrInit) LdrpFatalHardErrorCount++;
644
645 goto Exit;
646 }
647
648 /* Check for Safer restrictions */
649 if (!DllCharacteristics ||
650 !(*DllCharacteristics & IMAGE_FILE_SYSTEM))
651 {
652 /* Make sure it's executable */
653 Status = ZwQuerySection(*SectionHandle,
654 SectionImageInformation,
655 &SectionImageInfo,
656 sizeof(SECTION_IMAGE_INFORMATION),
657 NULL);
658 if (NT_SUCCESS(Status))
659 {
660 /* Bypass the check for .NET images */
661 if (!(SectionImageInfo.LoaderFlags & IMAGE_LOADER_FLAGS_COMPLUS))
662 {
663 /* Check with Safer */
664 Status = LdrpCodeAuthzCheckDllAllowed(FullName, DllHandle);
665 if (!NT_SUCCESS(Status) && (Status != STATUS_NOT_FOUND))
666 {
667 /* Show debug message */
668 if (ShowSnaps)
669 {
670 DPRINT1("LDR: Loading of (%wZ) blocked by Winsafer\n",
671 &FullName);
672 }
673
674 /* Failure case, close section handle */
675 NtClose(*SectionHandle);
676 *SectionHandle = NULL;
677 }
678 }
679 }
680 else
681 {
682 /* Failure case, close section handle */
683 NtClose(*SectionHandle);
684 *SectionHandle = NULL;
685 }
686 }
687
688Exit:
689 /* Close the file handle, we don't need it */
690 NtClose(FileHandle);
691
692 /* Return status */
693 return Status;
694}
695
696/* NOTE: This function is totally b0rked and doesn't handle the parameters/functionality it should */
697BOOLEAN
698NTAPI
699LdrpResolveDllName(PWSTR DllPath,
700 PWSTR DllName,
701 PUNICODE_STRING FullDllName,
702 PUNICODE_STRING BaseDllName)
703{
704 PWCHAR NameBuffer, p1, p2 = 0;
705 ULONG Length;
706 ULONG BufSize = 500;
707
708 /* Allocate space for full DLL name */
709 FullDllName->Buffer = RtlAllocateHeap(LdrpHeap, 0, BufSize + sizeof(UNICODE_NULL));
710 if (!FullDllName->Buffer) return FALSE;
711
712 Length = RtlDosSearchPath_U(DllPath ? DllPath : LdrpDefaultPath.Buffer,
713 DllName,
714 NULL,
715 BufSize,
716 FullDllName->Buffer,
717 &BaseDllName->Buffer);
718
719 if (!Length || Length > BufSize)
720 {
721 if (ShowSnaps)
722 {
723 DPRINT1("LDR: LdrResolveDllName - Unable to find ");
724 DPRINT1("%ws from %ws\n", DllName, DllPath ? DllPath : LdrpDefaultPath.Buffer);
725 }
726
727 LdrpFreeUnicodeString(FullDllName);
728 return FALSE;
729 }
730
731 /* Construct full DLL name */
732 FullDllName->Length = Length;
733 FullDllName->MaximumLength = FullDllName->Length + sizeof(UNICODE_NULL);
734
735 /* Allocate a new buffer */
736 NameBuffer = RtlAllocateHeap(LdrpHeap, 0, FullDllName->MaximumLength);
737 if (!NameBuffer)
738 {
739 RtlFreeHeap(LdrpHeap, 0, FullDllName->Buffer);
740 return FALSE;
741 }
742
743 /* Copy over the contents from the previous one and free it */
744 RtlCopyMemory(NameBuffer, FullDllName->Buffer, FullDllName->MaximumLength);
745 RtlFreeHeap(LdrpHeap, 0, FullDllName->Buffer);
746 FullDllName->Buffer = NameBuffer;
747
748 /* Find last backslash */
749 p1 = FullDllName->Buffer;
750 while (*p1)
751 {
752 if (*p1++ == L'\\')
753 {
754 p2 = p1;
755 }
756 }
757
758 /* If found, set p1 to it, otherwise p1 points to the beginning of DllName */
759 if (p2)
760 p1 = p2;
761 else
762 p1 = DllName;
763
764 p2 = p1;
765
766 /* Calculate remaining length */
767 while (*p1) ++p1;
768
769 /* Construct base DLL name */
770 BaseDllName->Length = (ULONG_PTR)p1 - (ULONG_PTR)p2;
771 BaseDllName->MaximumLength = BaseDllName->Length + sizeof(UNICODE_NULL);
772 BaseDllName->Buffer = RtlAllocateHeap(LdrpHeap, 0, BaseDllName->MaximumLength);
773
774 if (!BaseDllName->Buffer)
775 {
776 RtlFreeHeap(LdrpHeap, 0, NameBuffer);
777 return FALSE;
778 }
779
780 /* Copy base dll name to the new buffer */
781 RtlMoveMemory(BaseDllName->Buffer,
782 p2,
783 BaseDllName->Length);
784
785 /* Null-terminate the string */
786 BaseDllName->Buffer[BaseDllName->Length / sizeof(WCHAR)] = 0;
787
788 return TRUE;
789}
790
791PVOID
792NTAPI
793LdrpFetchAddressOfEntryPoint(IN PVOID ImageBase)
794{
795 PIMAGE_NT_HEADERS NtHeaders;
796 ULONG_PTR EntryPoint = 0;
797
798 /* Get entry point offset from NT headers */
799 NtHeaders = RtlImageNtHeader(ImageBase);
800 if (NtHeaders)
801 {
802 /* Add image base */
803 EntryPoint = NtHeaders->OptionalHeader.AddressOfEntryPoint;
804 if (EntryPoint) EntryPoint += (ULONG_PTR)ImageBase;
805 }
806
807 /* Return calculated pointer (or zero in case of failure) */
808 return (PVOID)EntryPoint;
809}
810
811/* NOTE: This function is partially missing SxS */
812NTSTATUS
813NTAPI
814LdrpCheckForKnownDll(PWSTR DllName,
815 PUNICODE_STRING FullDllName,
816 PUNICODE_STRING BaseDllName,
817 HANDLE *SectionHandle)
818{
819 OBJECT_ATTRIBUTES ObjectAttributes;
820 HANDLE Section = NULL;
821 UNICODE_STRING DllNameUnic;
822 NTSTATUS Status;
823 PCHAR p1;
824 PWCHAR p2;
825
826 /* Zero initialize provided parameters */
827 if (SectionHandle) *SectionHandle = 0;
828
829 if (FullDllName)
830 {
831 FullDllName->Length = 0;
832 FullDllName->MaximumLength = 0;
833 FullDllName->Buffer = NULL;
834 }
835
836 if (BaseDllName)
837 {
838 BaseDllName->Length = 0;
839 BaseDllName->MaximumLength = 0;
840 BaseDllName->Buffer = NULL;
841 }
842
843 /* If any of these three params are missing then fail */
844 if (!SectionHandle || !FullDllName || !BaseDllName)
845 return STATUS_INVALID_PARAMETER;
846
847 /* Check the Loader Lock */
848 LdrpEnsureLoaderLockIsHeld();
849
850 /* Upgrade DllName to a unicode string */
851 RtlInitUnicodeString(&DllNameUnic, DllName);
852
853 /* FIXME: Missing RtlComputePrivatizedDllName_U related functionality */
854
855 /* Get the activation context */
856 Status = RtlFindActivationContextSectionString(0,
857 NULL,
858 ACTIVATION_CONTEXT_SECTION_DLL_REDIRECTION,
859 &DllNameUnic,
860 NULL);
861
862 /* Check if it's a SxS or not */
863 if (Status == STATUS_SXS_SECTION_NOT_FOUND ||
864 Status == STATUS_SXS_KEY_NOT_FOUND)
865 {
866 /* NOTE: Here it's beneficial to allocate one big unicode string
867 using LdrpAllocateUnicodeString instead of fragmenting the heap
868 with two allocations as it's done now. */
869
870 /* Set up BaseDllName */
871 BaseDllName->Length = DllNameUnic.Length;
872 BaseDllName->MaximumLength = DllNameUnic.MaximumLength;
873 BaseDllName->Buffer = RtlAllocateHeap(LdrpHeap,
874 0,
875 DllNameUnic.MaximumLength);
876 if (!BaseDllName->Buffer)
877 {
878 Status = STATUS_NO_MEMORY;
879 goto Failure;
880 }
881
882 /* Copy the contents there */
883 RtlMoveMemory(BaseDllName->Buffer, DllNameUnic.Buffer, DllNameUnic.MaximumLength);
884
885 /* Set up FullDllName */
886 FullDllName->Length = LdrpKnownDllPath.Length + BaseDllName->Length + sizeof(WCHAR);
887 FullDllName->MaximumLength = FullDllName->Length + sizeof(UNICODE_NULL);
888 FullDllName->Buffer = RtlAllocateHeap(LdrpHeap, 0, FullDllName->MaximumLength);
889 if (!FullDllName->Buffer)
890 {
891 Status = STATUS_NO_MEMORY;
892 goto Failure;
893 }
894
895 RtlMoveMemory(FullDllName->Buffer, LdrpKnownDllPath.Buffer, LdrpKnownDllPath.Length);
896
897 /* Put a slash there */
898 p1 = (PCHAR)FullDllName->Buffer + LdrpKnownDllPath.Length;
899 p2 = (PWCHAR)p1;
900 *p2++ = (WCHAR)'\\';
901 p1 = (PCHAR)p2;
902
903 /* Set up DllNameUnic for a relative path */
904 DllNameUnic.Buffer = (PWSTR)p1;
905 DllNameUnic.Length = BaseDllName->Length;
906 DllNameUnic.MaximumLength = DllNameUnic.Length + sizeof(UNICODE_NULL);
907
908 /* Copy the contents */
909 RtlMoveMemory(p1, BaseDllName->Buffer, BaseDllName->MaximumLength);
910
911 /* There are all names, init attributes and open the section */
912 InitializeObjectAttributes(&ObjectAttributes,
913 &DllNameUnic,
914 OBJ_CASE_INSENSITIVE,
915 LdrpKnownDllObjectDirectory,
916 NULL);
917
918 Status = NtOpenSection(&Section,
919 SECTION_MAP_READ | SECTION_MAP_EXECUTE | SECTION_MAP_WRITE,
920 &ObjectAttributes);
921 if (!NT_SUCCESS(Status))
922 {
923 /* Clear status in case it was just not found */
924 if (Status == STATUS_OBJECT_NAME_NOT_FOUND) Status = STATUS_SUCCESS;
925 goto Failure;
926 }
927
928 /* Pass section handle to the caller and return success */
929 *SectionHandle = Section;
930 return STATUS_SUCCESS;
931 }
932
933Failure:
934 /* Close section object if it was opened */
935 if (Section) NtClose(Section);
936
937 /* Free string resources */
938 if (BaseDllName->Buffer) RtlFreeHeap(LdrpHeap, 0, BaseDllName->Buffer);
939 if (FullDllName->Buffer) RtlFreeHeap(LdrpHeap, 0, FullDllName->Buffer);
940
941 /* Return status */
942 return Status;
943}
944
945NTSTATUS
946NTAPI
947LdrpSetProtection(PVOID ViewBase,
948 BOOLEAN Restore)
949{
950 PIMAGE_NT_HEADERS NtHeaders;
951 PIMAGE_SECTION_HEADER Section;
952 NTSTATUS Status;
953 PVOID SectionBase;
954 SIZE_T SectionSize;
955 ULONG NewProtection, OldProtection, i;
956
957 /* Get the NT headers */
958 NtHeaders = RtlImageNtHeader(ViewBase);
959 if (!NtHeaders) return STATUS_INVALID_IMAGE_FORMAT;
960
961 /* Compute address of the first section header */
962 Section = IMAGE_FIRST_SECTION(NtHeaders);
963
964 /* Go through all sections */
965 for (i = 0; i < NtHeaders->FileHeader.NumberOfSections; i++)
966 {
967 /* Check for read-only non-zero section */
968 if ((Section->SizeOfRawData) &&
969 !(Section->Characteristics & IMAGE_SCN_MEM_WRITE))
970 {
971 /* Check if we are setting or restoring protection */
972 if (Restore)
973 {
974 /* Set it to either EXECUTE or READONLY */
975 if (Section->Characteristics & IMAGE_SCN_MEM_EXECUTE)
976 {
977 NewProtection = PAGE_EXECUTE;
978 }
979 else
980 {
981 NewProtection = PAGE_READONLY;
982 }
983
984 /* Add PAGE_NOCACHE if needed */
985 if (Section->Characteristics & IMAGE_SCN_MEM_NOT_CACHED)
986 {
987 NewProtection |= PAGE_NOCACHE;
988 }
989 }
990 else
991 {
992 /* Enable write access */
993 NewProtection = PAGE_READWRITE;
994 }
995
996 /* Get the section VA */
997 SectionBase = (PVOID)((ULONG_PTR)ViewBase + Section->VirtualAddress);
998 SectionSize = Section->SizeOfRawData;
999 if (SectionSize)
1000 {
1001 /* Set protection */
1002 Status = ZwProtectVirtualMemory(NtCurrentProcess(),
1003 &SectionBase,
1004 &SectionSize,
1005 NewProtection,
1006 &OldProtection);
1007 if (!NT_SUCCESS(Status)) return Status;
1008 }
1009 }
1010
1011 /* Move to the next section */
1012 Section++;
1013 }
1014
1015 /* Flush instruction cache if necessary */
1016 if (Restore) ZwFlushInstructionCache(NtCurrentProcess(), NULL, 0);
1017 return STATUS_SUCCESS;
1018}
1019
1020/* NOTE: Not yet reviewed */
1021NTSTATUS
1022NTAPI
1023LdrpMapDll(IN PWSTR SearchPath OPTIONAL,
1024 IN PWSTR DllPath2,
1025 IN PWSTR DllName OPTIONAL,
1026 IN PULONG DllCharacteristics,
1027 IN BOOLEAN Static,
1028 IN BOOLEAN Redirect,
1029 OUT PLDR_DATA_TABLE_ENTRY *DataTableEntry)
1030{
1031 PTEB Teb = NtCurrentTeb();
1032 PPEB Peb = NtCurrentPeb();
1033 PWCHAR p1 = DllName;
1034 WCHAR TempChar;
1035 BOOLEAN KnownDll = FALSE;
1036 UNICODE_STRING FullDllName, BaseDllName;
1037 HANDLE SectionHandle = NULL, DllHandle = 0;
1038 UNICODE_STRING NtPathDllName;
1039 ULONG_PTR HardErrorParameters[2];
1040 UNICODE_STRING HardErrorDllName, HardErrorDllPath;
1041 ULONG Response;
1042 SIZE_T ViewSize = 0;
1043 PVOID ViewBase = NULL;
1044 PVOID ArbitraryUserPointer;
1045 PIMAGE_NT_HEADERS NtHeaders;
1046 NTSTATUS HardErrorStatus, Status;
1047 BOOLEAN OverlapDllFound = FALSE;
1048 ULONG_PTR ImageBase, ImageEnd;
1049 PLIST_ENTRY ListHead, NextEntry;
1050 PLDR_DATA_TABLE_ENTRY CandidateEntry, LdrEntry;
1051 ULONG_PTR CandidateBase, CandidateEnd;
1052 UNICODE_STRING OverlapDll;
1053 BOOLEAN RelocatableDll = TRUE;
1054 UNICODE_STRING IllegalDll;
1055 PVOID RelocData;
1056 ULONG RelocDataSize = 0;
1057
1058 // FIXME: AppCompat stuff is missing
1059
1060 if (ShowSnaps)
1061 {
1062 DPRINT1("LDR: LdrpMapDll: Image Name %ws, Search Path %ws\n",
1063 DllName,
1064 SearchPath ? SearchPath : L"");
1065 }
1066
1067 /* Check if we have a known dll directory */
1068 if (LdrpKnownDllObjectDirectory && Redirect == FALSE)
1069 {
1070 /* Check if the path is full */
1071 while (*p1)
1072 {
1073 TempChar = *p1++;
1074 if (TempChar == '\\' || TempChar == '/' )
1075 {
1076 /* Complete path, don't do Known Dll lookup */
1077 goto SkipCheck;
1078 }
1079 }
1080
1081 /* Try to find a Known DLL */
1082 Status = LdrpCheckForKnownDll(DllName,
1083 &FullDllName,
1084 &BaseDllName,
1085 &SectionHandle);
1086
1087 if (!NT_SUCCESS(Status) && (Status != STATUS_DLL_NOT_FOUND))
1088 {
1089 /* Failure */
1090 DbgPrintEx(DPFLTR_LDR_ID,
1091 DPFLTR_ERROR_LEVEL,
1092 "LDR: %s - call to LdrpCheckForKnownDll(\"%ws\", ...) failed with status %x\n",
1093 __FUNCTION__,
1094 DllName,
1095 Status);
1096
1097 return Status;
1098 }
1099 }
1100
1101SkipCheck:
1102
1103 /* Check if the Known DLL Check returned something */
1104 if (!SectionHandle)
1105 {
1106 /* It didn't, so try to resolve the name now */
1107 if (LdrpResolveDllName(SearchPath,
1108 DllName,
1109 &FullDllName,
1110 &BaseDllName))
1111 {
1112 /* Got a name, display a message */
1113 if (ShowSnaps)
1114 {
1115 DPRINT1("LDR: Loading (%s) %wZ\n",
1116 Static ? "STATIC" : "DYNAMIC",
1117 &FullDllName);
1118 }
1119
1120 /* Convert to NT Name */
1121 if (!RtlDosPathNameToNtPathName_U(FullDllName.Buffer,
1122 &NtPathDllName,
1123 NULL,
1124 NULL))
1125 {
1126 /* Path was invalid */
1127 return STATUS_OBJECT_PATH_SYNTAX_BAD;
1128 }
1129
1130 /* Create a section for this dLL */
1131 Status = LdrpCreateDllSection(&NtPathDllName,
1132 DllHandle,
1133 DllCharacteristics,
1134 &SectionHandle);
1135
1136 /* Free the NT Name */
1137 RtlFreeHeap(RtlGetProcessHeap(), 0, NtPathDllName.Buffer);
1138
1139 /* If we failed */
1140 if (!NT_SUCCESS(Status))
1141 {
1142 /* Free the name strings and return */
1143 LdrpFreeUnicodeString(&FullDllName);
1144 LdrpFreeUnicodeString(&BaseDllName);
1145 return Status;
1146 }
1147 }
1148 else
1149 {
1150 /* We couldn't resolve the name, is this a static load? */
1151 if (Static)
1152 {
1153 /*
1154 * This is BAD! Static loads are CRITICAL. Bugcheck!
1155 * Initialize the strings for the error
1156 */
1157 RtlInitUnicodeString(&HardErrorDllName, DllName);
1158 RtlInitUnicodeString(&HardErrorDllPath,
1159 DllPath2 ? DllPath2 : LdrpDefaultPath.Buffer);
1160
1161 /* Set them as error parameters */
1162 HardErrorParameters[0] = (ULONG_PTR)&HardErrorDllName;
1163 HardErrorParameters[1] = (ULONG_PTR)&HardErrorDllPath;
1164
1165 /* Raise the hard error */
1166 NtRaiseHardError(STATUS_DLL_NOT_FOUND,
1167 2,
1168 0x00000003,
1169 HardErrorParameters,
1170 OptionOk,
1171 &Response);
1172
1173 /* We're back, where we initializing? */
1174 if (LdrpInLdrInit) LdrpFatalHardErrorCount++;
1175 }
1176
1177 /* Return failure */
1178 return STATUS_DLL_NOT_FOUND;
1179 }
1180 }
1181 else
1182 {
1183 /* We have a section handle, so this is a known dll */
1184 KnownDll = TRUE;
1185 }
1186
1187 /* Stuff the image name in the TIB, for the debugger */
1188 ArbitraryUserPointer = Teb->NtTib.ArbitraryUserPointer;
1189 Teb->NtTib.ArbitraryUserPointer = FullDllName.Buffer;
1190
1191 /* Map the DLL */
1192 ViewBase = NULL;
1193 ViewSize = 0;
1194 Status = NtMapViewOfSection(SectionHandle,
1195 NtCurrentProcess(),
1196 &ViewBase,
1197 0,
1198 0,
1199 NULL,
1200 &ViewSize,
1201 ViewShare,
1202 0,
1203 PAGE_READWRITE);
1204
1205 /* Restore */
1206 Teb->NtTib.ArbitraryUserPointer = ArbitraryUserPointer;
1207
1208 /* Fail if we couldn't map it */
1209 if (!NT_SUCCESS(Status))
1210 {
1211 /* Close and return */
1212 NtClose(SectionHandle);
1213 return Status;
1214 }
1215
1216 /* Get the NT Header */
1217 if (!(NtHeaders = RtlImageNtHeader(ViewBase)))
1218 {
1219 /* Invalid image, unmap, close handle and fail */
1220 NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
1221 NtClose(SectionHandle);
1222 return STATUS_INVALID_IMAGE_FORMAT;
1223 }
1224
1225 // FIXME: .NET support is missing
1226
1227 /* Allocate an entry */
1228 if (!(LdrEntry = LdrpAllocateDataTableEntry(ViewBase)))
1229 {
1230 /* Invalid image, unmap, close handle and fail */
1231 NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
1232 NtClose(SectionHandle);
1233 return STATUS_NO_MEMORY;
1234 }
1235
1236 /* Setup the entry */
1237 LdrEntry->Flags = Static ? LDRP_STATIC_LINK : 0;
1238 if (Redirect) LdrEntry->Flags |= LDRP_REDIRECTED;
1239 LdrEntry->LoadCount = 0;
1240 LdrEntry->FullDllName = FullDllName;
1241 LdrEntry->BaseDllName = BaseDllName;
1242 LdrEntry->EntryPoint = LdrpFetchAddressOfEntryPoint(LdrEntry->DllBase);
1243
1244 /* Show debug message */
1245 if (ShowSnaps)
1246 {
1247 DPRINT1("LDR: LdrpMapDll: Full Name %wZ, Base Name %wZ\n",
1248 &FullDllName,
1249 &BaseDllName);
1250 }
1251
1252 /* Insert this entry */
1253 LdrpInsertMemoryTableEntry(LdrEntry);
1254
1255 // LdrpSendDllNotifications(LdrEntry, TRUE, Status == STATUS_IMAGE_NOT_AT_BASE)
1256
1257 /* Check for invalid CPU Image */
1258 if (Status == STATUS_IMAGE_MACHINE_TYPE_MISMATCH)
1259 {
1260 /* Load our header */
1261 PIMAGE_NT_HEADERS ImageNtHeader = RtlImageNtHeader(Peb->ImageBaseAddress);
1262
1263 /* Assume defaults if we don't have to run the Hard Error path */
1264 HardErrorStatus = STATUS_SUCCESS;
1265 Response = ResponseCancel;
1266
1267 /* Are we an NT 3.0 image? [Do these still exist? LOL -- IAI] */
1268 if (ImageNtHeader->OptionalHeader.MajorSubsystemVersion <= 3)
1269 {
1270 /* Reset the entrypoint, save our Dll Name */
1271 LdrEntry->EntryPoint = 0;
1272 HardErrorParameters[0] = (ULONG_PTR)&FullDllName;
1273
1274 /* Raise the error */
1275 HardErrorStatus = ZwRaiseHardError(STATUS_IMAGE_MACHINE_TYPE_MISMATCH,
1276 1,
1277 1,
1278 HardErrorParameters,
1279 OptionOkCancel,
1280 &Response);
1281 }
1282
1283 /* Check if the user pressed cancel */
1284 if (NT_SUCCESS(HardErrorStatus) && Response == ResponseCancel)
1285 {
1286 /* Remove the DLL from the lists */
1287 RemoveEntryList(&LdrEntry->InLoadOrderLinks);
1288 RemoveEntryList(&LdrEntry->InMemoryOrderLinks);
1289 RemoveEntryList(&LdrEntry->HashLinks);
1290
1291 /* Remove the LDR Entry */
1292 RtlFreeHeap(LdrpHeap, 0, LdrEntry );
1293
1294 /* Unmap and close section */
1295 NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
1296 NtClose(SectionHandle);
1297
1298 /* Did we do a hard error? */
1299 if (ImageNtHeader->OptionalHeader.MajorSubsystemVersion <= 3)
1300 {
1301 /* Yup, so increase fatal error count if we are initializing */
1302 if (LdrpInLdrInit) LdrpFatalHardErrorCount++;
1303 }
1304
1305 /* Return failure */
1306 return STATUS_INVALID_IMAGE_FORMAT;
1307 }
1308 }
1309 else
1310 {
1311 /* The image was valid. Is it a DLL? */
1312 if (NtHeaders->FileHeader.Characteristics & IMAGE_FILE_DLL)
1313 {
1314 /* Set the DLL Flag */
1315 LdrEntry->Flags |= LDRP_IMAGE_DLL;
1316 }
1317
1318 /* If we're not a DLL, clear the entrypoint */
1319 if (!(LdrEntry->Flags & LDRP_IMAGE_DLL))
1320 {
1321 LdrEntry->EntryPoint = 0;
1322 }
1323 }
1324
1325 /* Return it for the caller */
1326 *DataTableEntry = LdrEntry;
1327
1328 /* Check if we loaded somewhere else */
1329 if (Status == STATUS_IMAGE_NOT_AT_BASE)
1330 {
1331 /* Write the flag */
1332 LdrEntry->Flags |= LDRP_IMAGE_NOT_AT_BASE;
1333
1334 /* Find our region */
1335 ImageBase = (ULONG_PTR)NtHeaders->OptionalHeader.ImageBase;
1336 ImageEnd = ImageBase + ViewSize;
1337
1338 DPRINT("LDR: LdrpMapDll Relocating Image Name %ws (%p-%p -> %p)\n", DllName, (PVOID)ImageBase, (PVOID)ImageEnd, ViewBase);
1339
1340 /* Scan all the modules */
1341 ListHead = &Peb->Ldr->InLoadOrderModuleList;
1342 NextEntry = ListHead->Flink;
1343 while (NextEntry != ListHead)
1344 {
1345 /* Get the entry */
1346 CandidateEntry = CONTAINING_RECORD(NextEntry,
1347 LDR_DATA_TABLE_ENTRY,
1348 InLoadOrderLinks);
1349 NextEntry = NextEntry->Flink;
1350
1351 /* Get the entry's bounds */
1352 CandidateBase = (ULONG_PTR)CandidateEntry->DllBase;
1353 CandidateEnd = CandidateBase + CandidateEntry->SizeOfImage;
1354
1355 /* Make sure this entry isn't unloading */
1356 if (!CandidateEntry->InMemoryOrderLinks.Flink) continue;
1357
1358 /* Check if our regions are colliding */
1359 if ((ImageBase >= CandidateBase && ImageBase <= CandidateEnd) ||
1360 (ImageEnd >= CandidateBase && ImageEnd <= CandidateEnd) ||
1361 (CandidateBase >= ImageBase && CandidateBase <= ImageEnd))
1362 {
1363 /* Found who is overlapping */
1364 OverlapDllFound = TRUE;
1365 OverlapDll = CandidateEntry->FullDllName;
1366 break;
1367 }
1368 }
1369
1370 /* Check if we found the DLL overlapping with us */
1371 if (!OverlapDllFound)
1372 {
1373 /* It's not another DLL, it's memory already here */
1374 RtlInitUnicodeString(&OverlapDll, L"Dynamically Allocated Memory");
1375 }
1376
1377 DPRINT("Overlapping DLL: %wZ\n", &OverlapDll);
1378
1379 /* Are we dealing with a DLL? */
1380 if (LdrEntry->Flags & LDRP_IMAGE_DLL)
1381 {
1382 /* Check if relocs were stripped */
1383 if (!(NtHeaders->FileHeader.Characteristics & IMAGE_FILE_RELOCS_STRIPPED))
1384 {
1385 /* Get the relocation data */
1386 RelocData = RtlImageDirectoryEntryToData(ViewBase,
1387 TRUE,
1388 IMAGE_DIRECTORY_ENTRY_BASERELOC,
1389 &RelocDataSize);
1390
1391 /* Does the DLL not have any? */
1392 if (!RelocData && !RelocDataSize)
1393 {
1394 /* We'll allow this and simply continue */
1395 goto NoRelocNeeded;
1396 }
1397 }
1398
1399 /* See if this is an Illegal DLL - IE: user32 and kernel32 */
1400 RtlInitUnicodeString(&IllegalDll,L"user32.dll");
1401 if (RtlEqualUnicodeString(&BaseDllName, &IllegalDll, TRUE))
1402 {
1403 /* Can't relocate user32 */
1404 RelocatableDll = FALSE;
1405 }
1406 else
1407 {
1408 RtlInitUnicodeString(&IllegalDll, L"kernel32.dll");
1409 if (RtlEqualUnicodeString(&BaseDllName, &IllegalDll, TRUE))
1410 {
1411 /* Can't relocate kernel32 */
1412 RelocatableDll = FALSE;
1413 }
1414 }
1415
1416 /* Known DLLs are not allowed to be relocated */
1417 if (KnownDll && !RelocatableDll)
1418 {
1419 /* Setup for hard error */
1420 HardErrorParameters[0] = (ULONG_PTR)&IllegalDll;
1421 HardErrorParameters[1] = (ULONG_PTR)&OverlapDll;
1422
1423 DPRINT1("Illegal DLL relocation! %wZ overlaps %wZ\n", &OverlapDll, &IllegalDll);
1424
1425 /* Raise the error */
1426 ZwRaiseHardError(STATUS_ILLEGAL_DLL_RELOCATION,
1427 2,
1428 3,
1429 HardErrorParameters,
1430 OptionOk,
1431 &Response);
1432
1433 /* If initializing, increase the error count */
1434 if (LdrpInLdrInit) LdrpFatalHardErrorCount++;
1435
1436 /* Don't do relocation */
1437 Status = STATUS_CONFLICTING_ADDRESSES;
1438 goto FailRelocate;
1439 }
1440
1441 /* Change the protection to prepare for relocation */
1442 Status = LdrpSetProtection(ViewBase, FALSE);
1443
1444 /* Make sure we changed the protection */
1445 if (NT_SUCCESS(Status))
1446 {
1447 /* Do the relocation */
1448 Status = LdrRelocateImageWithBias(ViewBase, 0LL, NULL, STATUS_SUCCESS,
1449 STATUS_CONFLICTING_ADDRESSES, STATUS_INVALID_IMAGE_FORMAT);
1450
1451 if (NT_SUCCESS(Status))
1452 {
1453 /* Stuff the image name in the TIB, for the debugger */
1454 ArbitraryUserPointer = Teb->NtTib.ArbitraryUserPointer;
1455 Teb->NtTib.ArbitraryUserPointer = FullDllName.Buffer;
1456#if 0
1457 /* Map the DLL */
1458 Status = NtMapViewOfSection(SectionHandle,
1459 NtCurrentProcess(),
1460 &ViewBase,
1461 0,
1462 0,
1463 NULL,
1464 &ViewSize,
1465 ViewShare,
1466 0,
1467 PAGE_READWRITE);
1468#endif
1469 /* Restore */
1470 Teb->NtTib.ArbitraryUserPointer = ArbitraryUserPointer;
1471
1472 /* Return the protection */
1473 Status = LdrpSetProtection(ViewBase, TRUE);
1474 }
1475 }
1476FailRelocate:
1477 /* Handle any kind of failure */
1478 if (!NT_SUCCESS(Status))
1479 {
1480 /* Remove it from the lists */
1481 RemoveEntryList(&LdrEntry->InLoadOrderLinks);
1482 RemoveEntryList(&LdrEntry->InMemoryOrderLinks);
1483 RemoveEntryList(&LdrEntry->HashLinks);
1484
1485 /* Unmap it, clear the entry */
1486 NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
1487 LdrEntry = NULL;
1488 }
1489
1490 /* Show debug message */
1491 if (ShowSnaps)
1492 {
1493 DPRINT1("LDR: Fixups %successfully re-applied @ %p\n",
1494 NT_SUCCESS(Status) ? "s" : "uns", ViewBase);
1495 }
1496 }
1497 else
1498 {
1499NoRelocNeeded:
1500 /* Not a DLL, or no relocation needed */
1501 Status = STATUS_SUCCESS;
1502
1503 /* Stuff the image name in the TIB, for the debugger */
1504 ArbitraryUserPointer = Teb->NtTib.ArbitraryUserPointer;
1505 Teb->NtTib.ArbitraryUserPointer = FullDllName.Buffer;
1506#if 0
1507 /* Map the DLL */
1508 Status = NtMapViewOfSection(SectionHandle,
1509 NtCurrentProcess(),
1510 &ViewBase,
1511 0,
1512 0,
1513 NULL,
1514 &ViewSize,
1515 ViewShare,
1516 0,
1517 PAGE_READWRITE);
1518#endif
1519 /* Restore */
1520 Teb->NtTib.ArbitraryUserPointer = ArbitraryUserPointer;
1521
1522 /* Show debug message */
1523 if (ShowSnaps)
1524 {
1525 DPRINT1("LDR: Fixups won't be re-applied to non-Dll @ %p\n", ViewBase);
1526 }
1527 }
1528 }
1529
1530 // FIXME: LdrpCheckCorImage() is missing
1531
1532 /* Check if this is an SMP Machine and a DLL */
1533 if ((LdrpNumberOfProcessors > 1) &&
1534 (LdrEntry && (LdrEntry->Flags & LDRP_IMAGE_DLL)))
1535 {
1536 /* Validate the image for MP */
1537 LdrpValidateImageForMp(LdrEntry);
1538 }
1539
1540 // FIXME: LdrpCorUnloadImage() is missing
1541
1542 /* Close section and return status */
1543 NtClose(SectionHandle);
1544 return Status;
1545}
1546
1547PLDR_DATA_TABLE_ENTRY
1548NTAPI
1549LdrpAllocateDataTableEntry(IN PVOID BaseAddress)
1550{
1551 PLDR_DATA_TABLE_ENTRY LdrEntry = NULL;
1552 PIMAGE_NT_HEADERS NtHeader;
1553
1554 /* Make sure the header is valid */
1555 NtHeader = RtlImageNtHeader(BaseAddress);
1556 DPRINT("LdrpAllocateDataTableEntry(%p), NtHeader %p\n", BaseAddress, NtHeader);
1557
1558 if (NtHeader)
1559 {
1560 /* Allocate an entry */
1561 LdrEntry = RtlAllocateHeap(LdrpHeap,
1562 HEAP_ZERO_MEMORY,
1563 sizeof(LDR_DATA_TABLE_ENTRY));
1564
1565 /* Make sure we got one */
1566 if (LdrEntry)
1567 {
1568 /* Set it up */
1569 LdrEntry->DllBase = BaseAddress;
1570 LdrEntry->SizeOfImage = NtHeader->OptionalHeader.SizeOfImage;
1571 LdrEntry->TimeDateStamp = NtHeader->FileHeader.TimeDateStamp;
1572 LdrEntry->PatchInformation = NULL;
1573 }
1574 }
1575
1576 /* Return the entry */
1577 return LdrEntry;
1578}
1579
1580VOID
1581NTAPI
1582LdrpInsertMemoryTableEntry(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
1583{
1584 PPEB_LDR_DATA PebData = NtCurrentPeb()->Ldr;
1585 ULONG i;
1586
1587 /* Insert into hash table */
1588 i = LDR_GET_HASH_ENTRY(LdrEntry->BaseDllName.Buffer[0]);
1589 InsertTailList(&LdrpHashTable[i], &LdrEntry->HashLinks);
1590
1591 /* Insert into other lists */
1592 InsertTailList(&PebData->InLoadOrderModuleList, &LdrEntry->InLoadOrderLinks);
1593 InsertTailList(&PebData->InMemoryOrderModuleList, &LdrEntry->InMemoryOrderLinks);
1594}
1595
1596VOID
1597NTAPI
1598LdrpFinalizeAndDeallocateDataTableEntry(IN PLDR_DATA_TABLE_ENTRY Entry)
1599{
1600 /* Sanity check */
1601 ASSERT(Entry != NULL);
1602
1603 /* Release the activation context if it exists and wasn't already released */
1604 if ((Entry->EntryPointActivationContext) &&
1605 (Entry->EntryPointActivationContext != INVALID_HANDLE_VALUE))
1606 {
1607 /* Mark it as invalid */
1608 RtlReleaseActivationContext(Entry->EntryPointActivationContext);
1609 Entry->EntryPointActivationContext = INVALID_HANDLE_VALUE;
1610 }
1611
1612 /* Release the full dll name string */
1613 if (Entry->FullDllName.Buffer) LdrpFreeUnicodeString(&Entry->FullDllName);
1614
1615 /* Finally free the entry's memory */
1616 RtlFreeHeap(LdrpHeap, 0, Entry);
1617}
1618
1619BOOLEAN
1620NTAPI
1621LdrpCheckForLoadedDllHandle(IN PVOID Base,
1622 OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
1623{
1624 PLDR_DATA_TABLE_ENTRY Current;
1625 PLIST_ENTRY ListHead, Next;
1626
1627 /* Check the cache first */
1628 if ((LdrpLoadedDllHandleCache) &&
1629 (LdrpLoadedDllHandleCache->DllBase == Base))
1630 {
1631 /* We got lucky, return the cached entry */
1632 *LdrEntry = LdrpLoadedDllHandleCache;
1633 return TRUE;
1634 }
1635
1636 /* Time for a lookup */
1637 ListHead = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
1638 Next = ListHead->Flink;
1639 while (Next != ListHead)
1640 {
1641 /* Get the current entry */
1642 Current = CONTAINING_RECORD(Next,
1643 LDR_DATA_TABLE_ENTRY,
1644 InLoadOrderLinks);
1645
1646 /* Make sure it's not unloading and check for a match */
1647 if ((Current->InMemoryOrderLinks.Flink) && (Base == Current->DllBase))
1648 {
1649 /* Save in cache */
1650 LdrpLoadedDllHandleCache = Current;
1651
1652 /* Return it */
1653 *LdrEntry = Current;
1654 return TRUE;
1655 }
1656
1657 /* Move to the next one */
1658 Next = Next->Flink;
1659 }
1660
1661 /* Nothing found */
1662 return FALSE;
1663}
1664
1665NTSTATUS
1666NTAPI
1667LdrpResolveFullName(IN PUNICODE_STRING OriginalName,
1668 IN PUNICODE_STRING PathName,
1669 IN PUNICODE_STRING FullPathName,
1670 IN PUNICODE_STRING *ExpandedName)
1671{
1672 NTSTATUS Status = STATUS_SUCCESS;
1673// RTL_PATH_TYPE PathType;
1674// BOOLEAN InvalidName;
1675 ULONG Length;
1676
1677 /* Display debug output if snaps are on */
1678 if (ShowSnaps)
1679 {
1680 DbgPrintEx(DPFLTR_LDR_ID,
1681 DPFLTR_ERROR_LEVEL,
1682 "LDR: %s - Expanding full name of %wZ\n",
1683 __FUNCTION__,
1684 OriginalName);
1685 }
1686
1687 /* FIXME: Lock the PEB */
1688 //RtlEnterCriticalSection(&FastPebLock);
1689#if 0
1690 /* Get the path name */
1691 Length = RtlGetFullPathName_Ustr(OriginalName,
1692 PathName->Length,
1693 PathName->Buffer,
1694 NULL,
1695 &InvalidName,
1696 &PathType);
1697#else
1698 Length = 0;
1699#endif
1700 if (!(Length) || (Length > UNICODE_STRING_MAX_BYTES))
1701 {
1702 /* Fail */
1703 Status = STATUS_NAME_TOO_LONG;
1704 goto Quickie;
1705 }
1706
1707 /* Check if the length hasn't changed */
1708 if (Length <= PathName->Length)
1709 {
1710 /* Return the same thing */
1711 *ExpandedName = PathName;
1712 PathName->Length = (USHORT)Length;
1713 goto Quickie;
1714 }
1715
1716 /* Sanity check */
1717 ASSERT(Length >= sizeof(WCHAR));
1718
1719 /* Allocate a string */
1720 Status = LdrpAllocateUnicodeString(FullPathName, Length - sizeof(WCHAR));
1721 if (!NT_SUCCESS(Status)) goto Quickie;
1722
1723 /* Now get the full path again */
1724#if 0
1725 Length = RtlGetFullPathName_Ustr(OriginalName,
1726 FullPathName->Length,
1727 FullPathName->Buffer,
1728 NULL,
1729 &InvalidName,
1730 &PathType);
1731#else
1732 Length = 0;
1733#endif
1734 if (!(Length) || (Length > FullPathName->Length))
1735 {
1736 /* Fail */
1737 LdrpFreeUnicodeString(FullPathName);
1738 Status = STATUS_NAME_TOO_LONG;
1739 }
1740 else
1741 {
1742 /* Return the expanded name */
1743 *ExpandedName = FullPathName;
1744 FullPathName->Length = (USHORT)Length;
1745 }
1746
1747Quickie:
1748 /* FIXME: Unlock the PEB */
1749 //RtlLeaveCriticalSection(&FastPebLock);
1750
1751 /* Display debug output if snaps are on */
1752 if (ShowSnaps)
1753 {
1754 /* Check which output to use -- failure or success */
1755 if (NT_SUCCESS(Status))
1756 {
1757 DbgPrintEx(DPFLTR_LDR_ID,
1758 DPFLTR_ERROR_LEVEL,
1759 "LDR: %s - Expanded to %wZ\n",
1760 __FUNCTION__,
1761 *ExpandedName);
1762 }
1763 else
1764 {
1765 DbgPrintEx(DPFLTR_LDR_ID,
1766 DPFLTR_ERROR_LEVEL,
1767 "LDR: %s - Failed to expand %wZ; 0x%08x\n",
1768 __FUNCTION__,
1769 OriginalName,
1770 Status);
1771 }
1772 }
1773
1774 /* If we failed, return NULL */
1775 if (!NT_SUCCESS(Status)) *ExpandedName = NULL;
1776
1777 /* Return status */
1778 return Status;
1779}
1780
1781NTSTATUS
1782NTAPI
1783LdrpSearchPath(IN PWCHAR *SearchPath,
1784 IN PWCHAR DllName,
1785 IN PUNICODE_STRING PathName,
1786 IN PUNICODE_STRING FullPathName,
1787 IN PUNICODE_STRING *ExpandedName)
1788{
1789 BOOLEAN TryAgain = FALSE;
1790 PWCHAR ActualSearchPath = *SearchPath;
1791 UNICODE_STRING TestName;
1792 NTSTATUS Status;
1793 PWCHAR Buffer, BufEnd = NULL;
1794 ULONG Length = 0;
1795 WCHAR p;
1796 //PWCHAR pp;
1797
1798 /* Check if we don't have a search path */
1799 if (!ActualSearchPath) *SearchPath = LdrpDefaultPath.Buffer;
1800
1801 /* Display debug output if snaps are on */
1802 if (ShowSnaps)
1803 {
1804 DbgPrintEx(DPFLTR_LDR_ID,
1805 DPFLTR_ERROR_LEVEL,
1806 "LDR: %s - Looking for %ws in %ws\n",
1807 __FUNCTION__,
1808 DllName,
1809 *SearchPath);
1810 }
1811
1812 /* Check if we're dealing with a relative path */
1813 if (RtlDetermineDosPathNameType_U(DllName) != RtlPathTypeRelative)
1814 {
1815 /* Good, we're not. Create the name string */
1816 Status = RtlInitUnicodeStringEx(&TestName, DllName);
1817 if (!NT_SUCCESS(Status)) goto Quickie;
1818
1819 /* Make sure it exists */
1820 #if 0
1821 if (!RtlDoesFileExists_UstrEx(&TestName, TRUE))
1822 {
1823 /* It doesn't, fail */
1824 Status = STATUS_DLL_NOT_FOUND;
1825 goto Quickie;
1826 }
1827 #endif
1828
1829 /* Resolve the full name */
1830 Status = LdrpResolveFullName(&TestName,
1831 PathName,
1832 FullPathName,
1833 ExpandedName);
1834 goto Quickie;
1835 }
1836
1837 /* FIXME: Handle relative case semicolon-lookup here */
1838
1839 /* Calculate length */
1840 Length += (ULONG)wcslen(DllName) + 1;
1841 if (Length > UNICODE_STRING_MAX_CHARS)
1842 {
1843 /* Too long, fail */
1844 Status = STATUS_NAME_TOO_LONG;
1845 goto Quickie;
1846 }
1847
1848 /* Allocate buffer */
1849 Buffer = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length * sizeof(WCHAR));
1850 if (!Buffer)
1851 {
1852 /* Fail */
1853 Status = STATUS_NO_MEMORY;
1854 goto Quickie;
1855 }
1856
1857 /* FIXME: Setup TestName here */
1858 Status = STATUS_NOT_FOUND;
1859 BufEnd = Buffer;
1860
1861 /* Start loop */
1862 do
1863 {
1864 /* Get character */
1865 p = *ActualSearchPath;
1866 if (!(p) || (p == ';'))
1867 {
1868 /* FIXME: We don't have a character, or is a semicolon.*/
1869
1870 /* Display debug output if snaps are on */
1871 if (ShowSnaps)
1872 {
1873 DbgPrintEx(DPFLTR_LDR_ID,
1874 DPFLTR_ERROR_LEVEL,
1875 "LDR: %s - Looking for %ws\n",
1876 __FUNCTION__,
1877 Buffer);
1878 }
1879
1880 /* Sanity check */
1881 TestName.Length = (USHORT)ALIGN_DOWN((BufEnd - Buffer), WCHAR);
1882#if 0
1883 ASSERT(TestName.Length < TestName.MaximumLength);
1884#endif
1885
1886 /* Check if the file exists */
1887 #if 0
1888 if (RtlDoesFileExists_UstrEx(&TestName, FALSE))
1889 #endif
1890 {
1891 /* It does. Reallocate the buffer */
1892 TestName.MaximumLength = (USHORT)ALIGN_DOWN((BufEnd - Buffer), WCHAR) + sizeof(WCHAR);
1893 TestName.Buffer = RtlReAllocateHeap(RtlGetProcessHeap(),
1894 0,
1895 Buffer,
1896 TestName.MaximumLength);
1897 if (!TestName.Buffer)
1898 {
1899 /* Keep the old one */
1900 TestName.Buffer = Buffer;
1901 }
1902 else
1903 {
1904 /* Update buffer */
1905 Buffer = TestName.Buffer;
1906 }
1907
1908 /* Make sure we have a buffer at least */
1909 ASSERT(TestName.Buffer);
1910
1911 /* Resolve the name */
1912 *SearchPath = ActualSearchPath++;
1913 Status = LdrpResolveFullName(&TestName,
1914 PathName,
1915 FullPathName,
1916 ExpandedName);
1917 break;
1918 }
1919
1920 /* Update buffer end */
1921 BufEnd = Buffer;
1922
1923 /* Update string position */
1924 //pp = ActualSearchPath++;
1925 }
1926 else
1927 {
1928 /* Otherwise, write the character */
1929 *BufEnd = p;
1930 BufEnd++;
1931 }
1932
1933 /* Check if the string is empty, meaning we're done */
1934 if (!(*ActualSearchPath)) TryAgain = TRUE;
1935
1936 /* Advance in the string */
1937 ActualSearchPath++;
1938 } while (!TryAgain);
1939
1940 /* Check if we had a buffer and free it */
1941 if (Buffer) RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer);
1942
1943Quickie:
1944 /* Check if we got here through failure */
1945 if (!NT_SUCCESS(Status)) *ExpandedName = NULL;
1946
1947 /* Display debug output if snaps are on */
1948 if (ShowSnaps)
1949 {
1950 /* Check which output to use -- failure or success */
1951 if (NT_SUCCESS(Status))
1952 {
1953 DbgPrintEx(DPFLTR_LDR_ID,
1954 DPFLTR_ERROR_LEVEL,
1955 "LDR: %s - Returning %wZ\n",
1956 __FUNCTION__,
1957 *ExpandedName);
1958 }
1959 else
1960 {
1961 DbgPrintEx(DPFLTR_LDR_ID,
1962 DPFLTR_ERROR_LEVEL,
1963 "LDR: %s - Unable to locate %ws in %ws: 0x%08x\n",
1964 __FUNCTION__,
1965 DllName,
1966 ActualSearchPath,
1967 Status);
1968 }
1969 }
1970
1971 /* Return status */
1972 return Status;
1973}
1974
1975
1976/* NOTE: This function is b0rked and in the process of being slowly unf*cked */
1977BOOLEAN
1978NTAPI
1979LdrpCheckForLoadedDll(IN PWSTR DllPath,
1980 IN PUNICODE_STRING DllName,
1981 IN BOOLEAN Flag,
1982 IN BOOLEAN RedirectedDll,
1983 OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
1984{
1985 ULONG HashIndex;
1986 PLIST_ENTRY ListHead, ListEntry;
1987 PLDR_DATA_TABLE_ENTRY CurEntry;
1988 BOOLEAN FullPath = FALSE;
1989 PWCHAR wc;
1990 WCHAR NameBuf[266];
1991 UNICODE_STRING FullDllName, NtPathName;
1992 ULONG Length;
1993 OBJECT_ATTRIBUTES ObjectAttributes;
1994 NTSTATUS Status;
1995 HANDLE FileHandle, SectionHandle;
1996 IO_STATUS_BLOCK Iosb;
1997 PVOID ViewBase = NULL;
1998 SIZE_T ViewSize = 0;
1999 PIMAGE_NT_HEADERS NtHeader, NtHeader2;
2000 DPRINT("LdrpCheckForLoadedDll('%S' '%wZ' %u %u %p)\n", DllPath ? ((ULONG_PTR)DllPath == 1 ? L"" : DllPath) : L"", DllName, Flag, RedirectedDll, LdrEntry);
2001
2002 /* Check if a dll name was provided */
2003 if (!(DllName->Buffer) || !(DllName->Buffer[0])) return FALSE;
2004
2005 /* FIXME: Warning, "Flag" is used as magic instead of "Static" */
2006 /* FIXME: Warning, code does not support redirection at all */
2007
2008 /* Look in the hash table if flag was set */
2009lookinhash:
2010 if (Flag /* the second check is a hack */ && !RedirectedDll)
2011 {
2012 /* FIXME: if we get redirected dll it means that we also get a full path so we need to find its filename for the hash lookup */
2013
2014 /* Get hash index */
2015 HashIndex = LDR_GET_HASH_ENTRY(DllName->Buffer[0]);
2016
2017 /* Traverse that list */
2018 ListHead = &LdrpHashTable[HashIndex];
2019 ListEntry = ListHead->Flink;
2020 while (ListEntry != ListHead)
2021 {
2022 /* Get the current entry */
2023 CurEntry = CONTAINING_RECORD(ListEntry, LDR_DATA_TABLE_ENTRY, HashLinks);
2024
2025 /* Check base name of that module */
2026 if (RtlEqualUnicodeString(DllName, &CurEntry->BaseDllName, TRUE))
2027 {
2028 /* It matches, return it */
2029 *LdrEntry = CurEntry;
2030 return TRUE;
2031 }
2032
2033 /* Advance to the next entry */
2034 ListEntry = ListEntry->Flink;
2035 }
2036
2037 /* Module was not found, return failure */
2038 return FALSE;
2039 }
2040
2041 /* Check if this is a redirected DLL */
2042 if (RedirectedDll)
2043 {
2044 /* Redirected dlls already have a full path */
2045 FullPath = TRUE;
2046 FullDllName = *DllName;
2047 }
2048 else
2049 {
2050 /* Check if there is a full path in this DLL */
2051 wc = DllName->Buffer;
2052 while (*wc)
2053 {
2054 /* Check for a slash in the current position*/
2055 if ((*wc == L'\\') || (*wc == L'/'))
2056 {
2057 /* Found the slash, so dll name contains path */
2058 FullPath = TRUE;
2059
2060 /* Setup full dll name string */
2061 FullDllName.Buffer = NameBuf;
2062
2063 /* FIXME: This is from the Windows 2000 loader, not XP/2003, we should call LdrpSearchPath */
2064 Length = RtlDosSearchPath_U(DllPath ? DllPath : LdrpDefaultPath.Buffer,
2065 DllName->Buffer,
2066 NULL,
2067 sizeof(NameBuf) - sizeof(UNICODE_NULL),
2068 FullDllName.Buffer,
2069 NULL);
2070
2071 /* Check if that was successful */
2072 if (!(Length) || (Length > (sizeof(NameBuf) - sizeof(UNICODE_NULL))))
2073 {
2074 if (ShowSnaps)
2075 {
2076 DPRINT1("LDR: LdrpCheckForLoadedDll - Unable To Locate %wZ: 0x%08x\n",
2077 &DllName, Length);
2078 }
2079 }
2080
2081 /* Full dll name is found */
2082 FullDllName.Length = Length;
2083 FullDllName.MaximumLength = FullDllName.Length + sizeof(UNICODE_NULL);
2084 break;
2085 }
2086
2087 wc++;
2088 }
2089 }
2090
2091 /* Go check the hash table */
2092 if (!FullPath)
2093 {
2094 Flag = TRUE;
2095 goto lookinhash;
2096 }
2097
2098 /* FIXME: Warning, activation context missing */
2099 DPRINT("Warning, activation context missing\n");
2100
2101 /* NOTE: From here on down, everything looks good */
2102
2103 /* Loop the module list */
2104 ListHead = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
2105 ListEntry = ListHead->Flink;
2106 while (ListEntry != ListHead)
2107 {
2108 /* Get the current entry and advance to the next one */
2109 CurEntry = CONTAINING_RECORD(ListEntry,
2110 LDR_DATA_TABLE_ENTRY,
2111 InLoadOrderLinks);
2112 ListEntry = ListEntry->Flink;
2113
2114 /* Check if it's being unloaded */
2115 if (!CurEntry->InMemoryOrderLinks.Flink) continue;
2116
2117 /* Check if name matches */
2118 if (RtlEqualUnicodeString(&FullDllName,
2119 &CurEntry->FullDllName,
2120 TRUE))
2121 {
2122 /* Found it */
2123 *LdrEntry = CurEntry;
2124 return TRUE;
2125 }
2126 }
2127
2128 /* Convert given path to NT path */
2129 if (!RtlDosPathNameToNtPathName_U(FullDllName.Buffer,
2130 &NtPathName,
2131 NULL,
2132 NULL))
2133 {
2134 /* Fail if conversion failed */
2135 return FALSE;
2136 }
2137
2138 /* Initialize object attributes and open it */
2139 InitializeObjectAttributes(&ObjectAttributes,
2140 &NtPathName,
2141 OBJ_CASE_INSENSITIVE,
2142 NULL,
2143 NULL);
2144 Status = NtOpenFile(&FileHandle,
2145 SYNCHRONIZE | FILE_EXECUTE,
2146 &ObjectAttributes,
2147 &Iosb,
2148 FILE_SHARE_READ | FILE_SHARE_DELETE,
2149 FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT);
2150
2151 /* Free NT path name */
2152 RtlFreeHeap(RtlGetProcessHeap(), 0, NtPathName.Buffer);
2153
2154 /* If opening the file failed - return failure */
2155 if (!NT_SUCCESS(Status)) return FALSE;
2156
2157 /* Create a section for this file */
2158 Status = NtCreateSection(&SectionHandle,
2159 SECTION_MAP_READ |
2160 SECTION_MAP_EXECUTE |
2161 SECTION_MAP_WRITE,
2162 NULL,
2163 NULL,
2164 PAGE_EXECUTE,
2165 SEC_COMMIT,
2166 FileHandle);
2167
2168 /* Close file handle */
2169 NtClose(FileHandle);
2170
2171 /* If creating section failed - return failure */
2172 if (!NT_SUCCESS(Status)) return FALSE;
2173
2174 /* Map view of this section */
2175 Status = ZwMapViewOfSection(SectionHandle,
2176 NtCurrentProcess(),
2177 &ViewBase,
2178 0,
2179 0,
2180 NULL,
2181 &ViewSize,
2182 ViewShare,
2183 0,
2184 PAGE_EXECUTE);
2185
2186 /* Close section handle */
2187 NtClose(SectionHandle);
2188
2189 /* If section mapping failed - return failure */
2190 if (!NT_SUCCESS(Status)) return FALSE;
2191
2192 /* Get pointer to the NT header of this section */
2193 Status = RtlImageNtHeaderEx(0, ViewBase, ViewSize, &NtHeader);
2194 if (!(NT_SUCCESS(Status)) || !(NtHeader))
2195 {
2196 /* Unmap the section and fail */
2197 NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
2198 return FALSE;
2199 }
2200
2201 /* Go through the list of modules again */
2202 ListHead = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
2203 ListEntry = ListHead->Flink;
2204 while (ListEntry != ListHead)
2205 {
2206 /* Get the current entry and advance to the next one */
2207 CurEntry = CONTAINING_RECORD(ListEntry,
2208 LDR_DATA_TABLE_ENTRY,
2209 InLoadOrderLinks);
2210 ListEntry = ListEntry->Flink;
2211
2212 /* Check if it's in the process of being unloaded */
2213 if (!CurEntry->InMemoryOrderLinks.Flink) continue;
2214
2215 /* The header is untrusted, use SEH */
2216 _SEH2_TRY
2217 {
2218 /* Check if timedate stamp and sizes match */
2219 if ((CurEntry->TimeDateStamp == NtHeader->FileHeader.TimeDateStamp) &&
2220 (CurEntry->SizeOfImage == NtHeader->OptionalHeader.SizeOfImage))
2221 {
2222 /* Time, date and size match. Let's compare their headers */
2223 NtHeader2 = RtlImageNtHeader(CurEntry->DllBase);
2224 if (RtlCompareMemory(NtHeader2, NtHeader, sizeof(IMAGE_NT_HEADERS)))
2225 {
2226 /* Headers match too! Finally ask the kernel to compare mapped files */
2227 Status = ZwAreMappedFilesTheSame(CurEntry->DllBase, ViewBase);
2228 if (NT_SUCCESS(Status))
2229 {
2230 /* This is our entry!, unmap and return success */
2231 *LdrEntry = CurEntry;
2232 NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
2233 _SEH2_YIELD(return TRUE;)
2234 }
2235 }
2236 }
2237 }
2238 _SEH2_EXCEPT (EXCEPTION_EXECUTE_HANDLER)
2239 {
2240 _SEH2_YIELD(break;)
2241 }
2242 _SEH2_END;
2243 }
2244
2245 /* Unmap the section and fail */
2246 NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
2247 return FALSE;
2248}
2249
2250NTSTATUS
2251NTAPI
2252LdrpGetProcedureAddress(
2253 _In_ PVOID BaseAddress,
2254 _In_opt_ _When_(Ordinal == 0, _Notnull_) PANSI_STRING Name,
2255 _In_opt_ _When_(Name == NULL, _In_range_(>, 0)) ULONG Ordinal,
2256 _Out_ PVOID *ProcedureAddress,
2257 _In_ BOOLEAN ExecuteInit)
2258{
2259 NTSTATUS Status = STATUS_SUCCESS;
2260 UCHAR ImportBuffer[64]; // 128 since NT6.2
2261 PLDR_DATA_TABLE_ENTRY LdrEntry;
2262 IMAGE_THUNK_DATA Thunk;
2263 PVOID ImageBase;
2264 PIMAGE_IMPORT_BY_NAME ImportName = NULL;
2265 PIMAGE_EXPORT_DIRECTORY ExportDir;
2266 ULONG ExportDirSize, Length;
2267 PLIST_ENTRY Entry;
2268
2269 /* Show debug message */
2270 if (ShowSnaps) DPRINT1("LDR: LdrGetProcedureAddress by ");
2271
2272 /* Check if we got a name */
2273 if (Name)
2274 {
2275 /* Show debug message */
2276 if (ShowSnaps) DbgPrint("NAME - %s\n", Name->Buffer);
2277
2278 /* Make sure it's not too long */
2279 Length = Name->Length +
2280 sizeof(CHAR) +
2281 FIELD_OFFSET(IMAGE_IMPORT_BY_NAME, Name);
2282 if (Length > UNICODE_STRING_MAX_BYTES)
2283 {
2284 /* Won't have enough space to add the hint */
2285 return STATUS_NAME_TOO_LONG;
2286 }
2287
2288 /* Check if our buffer is large enough */
2289 if (Length > sizeof(ImportBuffer))
2290 {
2291 /* Allocate from heap, plus 2 bytes for the Hint */
2292 ImportName = RtlAllocateHeap(RtlGetProcessHeap(),
2293 0,
2294 Length);
2295 if (!ImportName)
2296 {
2297 /* Return STATUS_INSUFFICIENT_RESOURCES since NT6.2 */
2298 return STATUS_INVALID_PARAMETER;
2299 }
2300 }
2301 else
2302 {
2303 /* Use our internal buffer */
2304 ImportName = (PIMAGE_IMPORT_BY_NAME)ImportBuffer;
2305 }
2306
2307 /* Clear the hint */
2308 ImportName->Hint = 0;
2309
2310 /* Copy the name and null-terminate it */
2311 RtlCopyMemory(ImportName->Name, Name->Buffer, Name->Length);
2312 ImportName->Name[Name->Length] = ANSI_NULL;
2313
2314 /* Clear the high bit */
2315 ImageBase = ImportName;
2316 Thunk.u1.AddressOfData = 0;
2317 }
2318 else
2319 {
2320 /* Do it by ordinal */
2321 ImageBase = NULL;
2322
2323 /* Show debug message */
2324 if (ShowSnaps) DbgPrint("ORDINAL - %lx\n", Ordinal);
2325
2326 /* Make sure an ordinal was given */
2327 if (!Ordinal)
2328 {
2329 /* No ordinal */
2330 DPRINT1("No ordinal and no name\n");
2331 return STATUS_INVALID_PARAMETER;
2332 }
2333
2334 /* Set the original flag in the thunk */
2335 Thunk.u1.Ordinal = Ordinal | IMAGE_ORDINAL_FLAG;
2336 }
2337
2338 /* Acquire lock unless we are initting */
2339 if (!LdrpInLdrInit) RtlEnterCriticalSection(&LdrpLoaderLock);
2340
2341 _SEH2_TRY
2342 {
2343 /* Try to find the loaded DLL */
2344 if (!LdrpCheckForLoadedDllHandle(BaseAddress, &LdrEntry))
2345 {
2346 /* Invalid base */
2347 DPRINT1("Invalid base address %p\n", BaseAddress);
2348 Status = STATUS_DLL_NOT_FOUND;
2349 _SEH2_YIELD(goto Quickie;)
2350 }
2351
2352 /* Get the pointer to the export directory */
2353 ExportDir = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
2354 TRUE,
2355 IMAGE_DIRECTORY_ENTRY_EXPORT,
2356 &ExportDirSize);
2357
2358 if (!ExportDir)
2359 {
2360 DPRINT1("Image %wZ has no exports, but were trying to get procedure %Z. BaseAddress asked 0x%p, got entry BA 0x%p\n",
2361 &LdrEntry->BaseDllName, Name, BaseAddress, LdrEntry->DllBase);
2362 Status = STATUS_PROCEDURE_NOT_FOUND;
2363 _SEH2_YIELD(goto Quickie;)
2364 }
2365
2366 /* Now get the thunk */
2367 Status = LdrpSnapThunk(LdrEntry->DllBase,
2368 ImageBase,
2369 &Thunk,
2370 &Thunk,
2371 ExportDir,
2372 ExportDirSize,
2373 FALSE,
2374 NULL);
2375
2376 /* Finally, see if we're supposed to run the init routines */
2377 if ((NT_SUCCESS(Status)) && (ExecuteInit))
2378 {
2379 /*
2380 * It's possible a forwarded entry had us load the DLL. In that case,
2381 * then we will call its DllMain. Use the last loaded DLL for this.
2382 */
2383 Entry = NtCurrentPeb()->Ldr->InInitializationOrderModuleList.Blink;
2384 LdrEntry = CONTAINING_RECORD(Entry,
2385 LDR_DATA_TABLE_ENTRY,
2386 InInitializationOrderLinks);
2387
2388 /* Make sure we didn't process it yet*/
2389 if (!(LdrEntry->Flags & LDRP_ENTRY_PROCESSED))
2390 {
2391 /* Call the init routine */
2392 _SEH2_TRY
2393 {
2394 Status = LdrpRunInitializeRoutines(NULL);
2395 }
2396 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2397 {
2398 /* Get the exception code */
2399 Status = _SEH2_GetExceptionCode();
2400 }
2401 _SEH2_END;
2402 }
2403 }
2404
2405 /* Make sure we're OK till here */
2406 if (NT_SUCCESS(Status))
2407 {
2408 /* Return the address */
2409 *ProcedureAddress = (PVOID)Thunk.u1.Function;
2410 }
2411 }
2412 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2413 {
2414 /* Just ignore exceptions */
2415 }
2416 _SEH2_END;
2417
2418Quickie:
2419 /* Cleanup */
2420 if (ImportName && (ImportName != (PIMAGE_IMPORT_BY_NAME)ImportBuffer))
2421 {
2422 /* We allocated from heap, free it */
2423 RtlFreeHeap(RtlGetProcessHeap(), 0, ImportName);
2424 }
2425
2426 /* Release the CS if we entered it */
2427 if (!LdrpInLdrInit) RtlLeaveCriticalSection(&LdrpLoaderLock);
2428
2429 /* We're done */
2430 return Status;
2431}
2432
2433NTSTATUS
2434NTAPI
2435LdrpLoadDll(IN BOOLEAN Redirected,
2436 IN PWSTR DllPath OPTIONAL,
2437 IN PULONG DllCharacteristics OPTIONAL,
2438 IN PUNICODE_STRING DllName,
2439 OUT PVOID *BaseAddress,
2440 IN BOOLEAN CallInit)
2441{
2442 PPEB Peb = NtCurrentPeb();
2443 NTSTATUS Status = STATUS_SUCCESS;
2444 const WCHAR *p;
2445 BOOLEAN GotExtension;
2446 WCHAR c;
2447 WCHAR NameBuffer[MAX_PATH + 6];
2448 UNICODE_STRING RawDllName;
2449 PLDR_DATA_TABLE_ENTRY LdrEntry;
2450 BOOLEAN InInit = LdrpInLdrInit;
2451
2452 /* Save the Raw DLL Name */
2453 if (DllName->Length >= sizeof(NameBuffer)) return STATUS_NAME_TOO_LONG;
2454 RtlInitEmptyUnicodeString(&RawDllName, NameBuffer, sizeof(NameBuffer));
2455 RtlCopyUnicodeString(&RawDllName, DllName);
2456
2457 /* Find the extension, if present */
2458 p = DllName->Buffer + DllName->Length / sizeof(WCHAR) - 1;
2459 GotExtension = FALSE;
2460 while (p >= DllName->Buffer)
2461 {
2462 c = *p--;
2463 if (c == L'.')
2464 {
2465 GotExtension = TRUE;
2466 break;
2467 }
2468 else if (c == L'\\')
2469 {
2470 break;
2471 }
2472 }
2473
2474 /* If no extension was found, add the default extension */
2475 if (!GotExtension)
2476 {
2477 /* Check that we have space to add one */
2478 if ((DllName->Length + LdrApiDefaultExtension.Length + sizeof(UNICODE_NULL)) >=
2479 sizeof(NameBuffer))
2480 {
2481 /* No space to add the extension */
2482 DbgPrintEx(DPFLTR_LDR_ID,
2483 DPFLTR_ERROR_LEVEL,
2484 "LDR: %s - Dll name missing extension; with extension "
2485 "added the name is too long\n"
2486 " DllName: (@ %p) \"%wZ\"\n"
2487 " DllName->Length: %u\n",
2488 __FUNCTION__,
2489 DllName,
2490 DllName,
2491 DllName->Length);
2492 return STATUS_NAME_TOO_LONG;
2493 }
2494
2495 /* Add it. Needs to be null terminated, thus the length check above */
2496 (VOID)RtlAppendUnicodeStringToString(&RawDllName,
2497 &LdrApiDefaultExtension);
2498 }
2499
2500 /* Check for init flag and acquire lock */
2501 if (!InInit) RtlEnterCriticalSection(&LdrpLoaderLock);
2502
2503 _SEH2_TRY
2504 {
2505 /* Show debug message */
2506 if (ShowSnaps)
2507 {
2508 DPRINT1("LDR: LdrLoadDll, loading %wZ from %ws\n",
2509 &RawDllName,
2510 DllPath ? DllPath : L"");
2511 }
2512
2513 /* Check if the DLL is already loaded */
2514 if (!LdrpCheckForLoadedDll(DllPath,
2515 &RawDllName,
2516 FALSE,
2517 Redirected,
2518 &LdrEntry))
2519 {
2520 /* Map it */
2521 Status = LdrpMapDll(DllPath,
2522 DllPath,
2523 NameBuffer,
2524 DllCharacteristics,
2525 FALSE,
2526 Redirected,
2527 &LdrEntry);
2528 if (!NT_SUCCESS(Status))
2529 _SEH2_LEAVE;
2530
2531 /* FIXME: Need to mark the DLL range for the stack DB */
2532 //RtlpStkMarkDllRange(LdrEntry);
2533
2534 /* Check if IMAGE_FILE_EXECUTABLE_IMAGE was provided */
2535 if ((DllCharacteristics) &&
2536 (*DllCharacteristics & IMAGE_FILE_EXECUTABLE_IMAGE))
2537 {
2538 /* This is not a DLL, so remove such data */
2539 LdrEntry->EntryPoint = NULL;
2540 LdrEntry->Flags &= ~LDRP_IMAGE_DLL;
2541 }
2542
2543 /* Make sure it's a DLL */
2544 if (LdrEntry->Flags & LDRP_IMAGE_DLL)
2545 {
2546 /* Check if this is a .NET Image */
2547 if (!(LdrEntry->Flags & LDRP_COR_IMAGE))
2548 {
2549 /* Walk the Import Descriptor */
2550 Status = LdrpWalkImportDescriptor(DllPath, LdrEntry);
2551 }
2552
2553 /* Update load count, unless it's locked */
2554 if (LdrEntry->LoadCount != 0xFFFF) LdrEntry->LoadCount++;
2555 LdrpUpdateLoadCount2(LdrEntry, LDRP_UPDATE_REFCOUNT);
2556
2557 /* Check if we failed */
2558 if (!NT_SUCCESS(Status))
2559 {
2560 /* Clear entrypoint, and insert into list */
2561 LdrEntry->EntryPoint = NULL;
2562 InsertTailList(&Peb->Ldr->InInitializationOrderModuleList,
2563 &LdrEntry->InInitializationOrderLinks);
2564
2565 /* Cancel the load */
2566 LdrpClearLoadInProgress();
2567
2568 /* Unload the DLL */
2569 if (ShowSnaps)
2570 {
2571 DbgPrint("LDR: Unloading %wZ due to error %x walking "
2572 "import descriptors\n",
2573 DllName,
2574 Status);
2575 }
2576 LdrUnloadDll(LdrEntry->DllBase);
2577
2578 /* Return the error */
2579 _SEH2_LEAVE;
2580 }
2581 }
2582 else if (LdrEntry->LoadCount != 0xFFFF)
2583 {
2584 /* Increase load count */
2585 LdrEntry->LoadCount++;
2586 }
2587
2588 /* Insert it into the list */
2589 InsertTailList(&Peb->Ldr->InInitializationOrderModuleList,
2590 &LdrEntry->InInitializationOrderLinks);
2591
2592 /* If we have to run the entrypoint, make sure the DB is ready */
2593 if (CallInit && LdrpLdrDatabaseIsSetup)
2594 {
2595 /* Notify Shim Engine */
2596 if (g_ShimsEnabled)
2597 {
2598 VOID (NTAPI* SE_DllLoaded)(PLDR_DATA_TABLE_ENTRY) = RtlDecodeSystemPointer(g_pfnSE_DllLoaded);
2599 SE_DllLoaded(LdrEntry);
2600 }
2601
2602 /* Run the init routine */
2603 Status = LdrpRunInitializeRoutines(NULL);
2604 if (!NT_SUCCESS(Status))
2605 {
2606 /* Failed, unload the DLL */
2607 if (ShowSnaps)
2608 {
2609 DbgPrint("LDR: Unloading %wZ because either its init "
2610 "routine or one of its static imports failed; "
2611 "status = 0x%08lx\n",
2612 DllName,
2613 Status);
2614 }
2615 LdrUnloadDll(LdrEntry->DllBase);
2616 }
2617 }
2618 else
2619 {
2620 /* The DB isn't ready, which means we were loaded because of a forwarder */
2621 Status = STATUS_SUCCESS;
2622 }
2623 }
2624 else
2625 {
2626 /* We were already loaded. Are we a DLL? */
2627 if ((LdrEntry->Flags & LDRP_IMAGE_DLL) && (LdrEntry->LoadCount != 0xFFFF))
2628 {
2629 /* Increase load count */
2630 LdrEntry->LoadCount++;
2631 LdrpUpdateLoadCount2(LdrEntry, LDRP_UPDATE_REFCOUNT);
2632
2633 /* Clear the load in progress */
2634 LdrpClearLoadInProgress();
2635 }
2636 else
2637 {
2638 /* Not a DLL, just increase the load count */
2639 if (LdrEntry->LoadCount != 0xFFFF) LdrEntry->LoadCount++;
2640 }
2641 }
2642
2643 }
2644 _SEH2_FINALLY
2645 {
2646 /* Release the lock */
2647 if (!InInit) RtlLeaveCriticalSection(&LdrpLoaderLock);
2648 }
2649 _SEH2_END;
2650
2651 /* Check for success */
2652 if (NT_SUCCESS(Status))
2653 {
2654 /* Return the base address */
2655 *BaseAddress = LdrEntry->DllBase;
2656 }
2657 else
2658 {
2659 /* Nothing found */
2660 *BaseAddress = NULL;
2661 }
2662
2663 /* Return status */
2664 return Status;
2665}
2666
2667ULONG
2668NTAPI
2669LdrpClearLoadInProgress(VOID)
2670{
2671 PLIST_ENTRY ListHead, Entry;
2672 PLDR_DATA_TABLE_ENTRY LdrEntry;
2673 ULONG ModulesCount = 0;
2674
2675 /* Traverse the init list */
2676 ListHead = &NtCurrentPeb()->Ldr->InInitializationOrderModuleList;
2677 Entry = ListHead->Flink;
2678 while (Entry != ListHead)
2679 {
2680 /* Get the loader entry */
2681 LdrEntry = CONTAINING_RECORD(Entry,
2682 LDR_DATA_TABLE_ENTRY,
2683 InInitializationOrderLinks);
2684
2685 /* Clear load in progress flag */
2686 LdrEntry->Flags &= ~LDRP_LOAD_IN_PROGRESS;
2687
2688 /* Check for modules with entry point count but not processed yet */
2689 if ((LdrEntry->EntryPoint) &&
2690 !(LdrEntry->Flags & LDRP_ENTRY_PROCESSED))
2691 {
2692 /* Increase counter */
2693 ModulesCount++;
2694 }
2695
2696 /* Advance to the next entry */
2697 Entry = Entry->Flink;
2698 }
2699
2700 /* Return final count */
2701 return ModulesCount;
2702}
2703
2704PVOID LdrpGetShimEngineFunction(PCSZ FunctionName)
2705{
2706 ANSI_STRING Function;
2707 NTSTATUS Status;
2708 PVOID Address;
2709 RtlInitAnsiString(&Function, FunctionName);
2710 /* Skip Dll init */
2711 Status = LdrpGetProcedureAddress(g_pShimEngineModule, &Function, 0, &Address, FALSE);
2712 return NT_SUCCESS(Status) ? Address : NULL;
2713}
2714
2715VOID
2716NTAPI
2717LdrpGetShimEngineInterface()
2718{
2719 PVOID SE_DllLoaded = LdrpGetShimEngineFunction("SE_DllLoaded");
2720 PVOID SE_DllUnloaded = LdrpGetShimEngineFunction("SE_DllUnloaded");
2721 PVOID SE_InstallBeforeInit = LdrpGetShimEngineFunction("SE_InstallBeforeInit");
2722 PVOID SE_InstallAfterInit = LdrpGetShimEngineFunction("SE_InstallAfterInit");
2723 PVOID SE_ProcessDying = LdrpGetShimEngineFunction("SE_ProcessDying");
2724
2725 if (SE_DllLoaded && SE_DllUnloaded && SE_InstallBeforeInit && SE_InstallAfterInit && SE_ProcessDying)
2726 {
2727 g_pfnSE_DllLoaded = RtlEncodeSystemPointer(SE_DllLoaded);
2728 g_pfnSE_DllUnloaded = RtlEncodeSystemPointer(SE_DllUnloaded);
2729 g_pfnSE_InstallBeforeInit = RtlEncodeSystemPointer(SE_InstallBeforeInit);
2730 g_pfnSE_InstallAfterInit = RtlEncodeSystemPointer(SE_InstallAfterInit);
2731 g_pfnSE_ProcessDying = RtlEncodeSystemPointer(SE_ProcessDying);
2732 g_ShimsEnabled = TRUE;
2733 }
2734 else
2735 {
2736 LdrpUnloadShimEngine();
2737 }
2738}
2739
2740VOID
2741NTAPI
2742LdrpRunShimEngineInitRoutine(IN ULONG Reason)
2743{
2744 PLIST_ENTRY ListHead, Next;
2745 PLDR_DATA_TABLE_ENTRY LdrEntry;
2746
2747 ListHead = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
2748 Next = ListHead->Flink;
2749 while (Next != ListHead)
2750 {
2751 LdrEntry = CONTAINING_RECORD(Next, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
2752
2753 if (g_pShimEngineModule == LdrEntry->DllBase)
2754 {
2755 if (LdrEntry->EntryPoint)
2756 {
2757 _SEH2_TRY
2758 {
2759 LdrpCallInitRoutine(LdrEntry->EntryPoint, LdrEntry->DllBase, Reason, NULL);
2760 }
2761 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2762 {
2763 DPRINT1("WARNING: Exception 0x%x during LdrpRunShimEngineInitRoutine(%u)\n",
2764 _SEH2_GetExceptionCode(), Reason);
2765 }
2766 _SEH2_END;
2767 }
2768 return;
2769 }
2770
2771 Next = Next->Flink;
2772 }
2773}
2774
2775VOID
2776NTAPI
2777LdrpLoadShimEngine(IN PWSTR ImageName, IN PUNICODE_STRING ProcessImage, IN PVOID pShimData)
2778{
2779 UNICODE_STRING ShimLibraryName;
2780 PVOID ShimLibrary;
2781 NTSTATUS Status;
2782 RtlInitUnicodeString(&ShimLibraryName, ImageName);
2783 /* We should NOT pass CallInit = TRUE!
2784 If we do this, other init routines will be called before we get a chance to shim stuff.. */
2785 Status = LdrpLoadDll(FALSE, NULL, NULL, &ShimLibraryName, &ShimLibrary, FALSE);
2786 if (NT_SUCCESS(Status))
2787 {
2788 g_pShimEngineModule = ShimLibrary;
2789 LdrpRunShimEngineInitRoutine(DLL_PROCESS_ATTACH);
2790 LdrpGetShimEngineInterface();
2791 if (g_ShimsEnabled)
2792 {
2793 VOID(NTAPI *SE_InstallBeforeInit)(PUNICODE_STRING, PVOID);
2794 SE_InstallBeforeInit = RtlDecodeSystemPointer(g_pfnSE_InstallBeforeInit);
2795 SE_InstallBeforeInit(ProcessImage, pShimData);
2796 }
2797 }
2798}
2799
2800VOID
2801NTAPI
2802LdrpUnloadShimEngine()
2803{
2804 /* Make sure we do not call into the shim engine anymore */
2805 g_ShimsEnabled = FALSE;
2806 LdrpRunShimEngineInitRoutine(DLL_PROCESS_DETACH);
2807 LdrUnloadDll(g_pShimEngineModule);
2808 g_pShimEngineModule = NULL;
2809}
2810
2811/* EOF */
NtUnmapViewOfSection
NTSTATUS NTAPI NtUnmapViewOfSection(IN HANDLE ProcessHandle, IN PVOID BaseAddress)
Definition: section.c:3848
NtCreateSection
NTSTATUS NTAPI NtCreateSection(OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG SectionPageProtection OPTIONAL, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL)
Definition: section.c:3441
NtOpenSection
NTSTATUS NTAPI NtOpenSection(OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: section.c:3569
NtMapViewOfSection
NTSTATUS NTAPI NtMapViewOfSection(IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG_PTR ZeroBits, IN SIZE_T CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PSIZE_T ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Protect)
Definition: section.c:3622
NtCurrentPeb
#define NtCurrentPeb()
Definition: FLS.c:22
BufSize
#define BufSize
Definition: FsRtlTunnel.c:28
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
PathType
static IN ULONG IN PWSTR OUT PCWSTR OUT PBOOLEAN OUT PATH_TYPE_AND_UNKNOWN * PathType
Definition: RtlGetFullPathName_Ustr.c:44
InvalidName
static IN ULONG IN PWSTR OUT PCWSTR OUT PBOOLEAN InvalidName
Definition: RtlGetFullPathName_Ustr.c:38
VOID
#define VOID
Definition: acefi.h:82
FunctionName
ACPI_BUFFER *RetBuffer ACPI_BUFFER *RetBuffer char ACPI_WALK_RESOURCE_CALLBACK void *Context ACPI_BUFFER *RetBuffer UINT16 ACPI_RESOURCE **ResourcePtr ACPI_GENERIC_ADDRESS *Reg UINT32 *ReturnValue UINT8 UINT8 *Slp_TypB ACPI_PHYSICAL_ADDRESS PhysicalAddress64 UINT32 UINT32 *TimeElapsed UINT32 ACPI_STATUS const char UINT32 ACPI_STATUS const char UINT32 const char * FunctionName
Definition: acpixf.h:1279
DPFLTR_ERROR_LEVEL
#define DPFLTR_ERROR_LEVEL
Definition: main.cpp:32
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
FILE_NON_DIRECTORY_FILE
#define FILE_NON_DIRECTORY_FILE
Definition: constants.h:492
DPRINT1
#define DPRINT1
Definition: precomp.h:8
CHAR
#define CHAR(Char)
TryAgain
@ TryAgain
Definition: bl.h:896
RtlImageNtHeaderEx
NTSTATUS NTAPI RtlImageNtHeaderEx(_In_ ULONG Flags, _In_ PVOID Base, _In_ ULONG64 Size, _Out_ PIMAGE_NT_HEADERS *OutHeaders)
Definition: libsupp.c:32
RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
PLDR_DATA_TABLE_ENTRY
struct _LDR_DATA_TABLE_ENTRY * PLDR_DATA_TABLE_ENTRY
Function
_In_ CDROM_SCAN_FOR_SPECIAL_INFO _In_ PCDROM_SCAN_FOR_SPECIAL_HANDLER Function
Definition: cdrom.h:1156
Buffer
Definition: bufpool.h:45
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
ImageNtHeader
PIMAGE_NT_HEADERS WINAPI ImageNtHeader(_In_ PVOID)
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
RtlDosApplyFileIsolationRedirection_Ustr
NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG Flags, IN PUNICODE_STRING OriginalName, IN PUNICODE_STRING Extension, IN OUT PUNICODE_STRING StaticString, IN OUT PUNICODE_STRING DynamicString, IN OUT PUNICODE_STRING *NewName, IN PULONG NewFlags, IN PSIZE_T FileNameSize, IN PSIZE_T RequiredLength)
Definition: libsupp.c:818
IMAGE_DIRECTORY_ENTRY_EXPORT
#define IMAGE_DIRECTORY_ENTRY_EXPORT
Definition: compat.h:151
PAGE_READONLY
#define PAGE_READONLY
Definition: compat.h:138
SECTION_MAP_READ
#define SECTION_MAP_READ
Definition: compat.h:139
DLL_PROCESS_ATTACH
#define DLL_PROCESS_ATTACH
Definition: compat.h:131
DLL_PROCESS_DETACH
#define DLL_PROCESS_DETACH
Definition: compat.h:130
INVALID_HANDLE_VALUE
#define INVALID_HANDLE_VALUE
Definition: compat.h:731
RtlImageDirectoryEntryToData
#define RtlImageDirectoryEntryToData
Definition: compat.h:809
RtlImageNtHeader
#define RtlImageNtHeader
Definition: compat.h:806
MAX_PATH
#define MAX_PATH
Definition: compat.h:34
FILE_SHARE_READ
#define FILE_SHARE_READ
Definition: compat.h:136
HEAP_ZERO_MEMORY
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
Peb
PPEB Peb
Definition: dllmain.c:27
DPFLTR_LDR_ID
@ DPFLTR_LDR_ID
Definition: dpfilter.h:113
__FUNCTION__
#define __FUNCTION__
Definition: types.h:116
Iosb
return Iosb
Definition: create.c:4402
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
RemoveEntryList
#define RemoveEntryList(Entry)
Definition: env_spec_w32.h:986
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
PUNICODE_STRING
UNICODE_STRING * PUNICODE_STRING
Definition: env_spec_w32.h:373
RtlCompareMemory
#define RtlCompareMemory(s1, s2, l)
Definition: env_spec_w32.h:465
_SEH2_FINALLY
#define _SEH2_FINALLY
Definition: filesup.c:21
_SEH2_END
#define _SEH2_END
Definition: filesup.c:22
_SEH2_TRY
#define _SEH2_TRY
Definition: filesup.c:19
_SEH2_LEAVE
#define _SEH2_LEAVE
Definition: filesup.c:20
FileHandle
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE FileHandle
Definition: fltkernel.h:1231
FILE_SYNCHRONOUS_IO_NONALERT
#define FILE_SYNCHRONOUS_IO_NONALERT
Definition: from_kernel.h:31
Status
Status
Definition: gdiplustypes.h:25
c
const GLubyte * c
Definition: glext.h:8905
p
GLfloat GLfloat p
Definition: glext.h:8902
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
DbgPrint
#define DbgPrint
Definition: hal.h:12
NtRaiseHardError
NTSTATUS NTAPI NtRaiseHardError(IN NTSTATUS ErrorStatus, IN ULONG NumberOfParameters, IN ULONG UnicodeStringParameterMask, IN PULONG_PTR Parameters, IN ULONG ValidResponseOptions, OUT PULONG Response)
Definition: harderr.c:551
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
wcslen
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
RtlFindActivationContextSectionString
NTSYSAPI NTSTATUS WINAPI RtlFindActivationContextSectionString(ULONG, const GUID *, ULONG, const UNICODE_STRING *, PVOID)
Definition: actctx.c:5815
RtlReAllocateHeap
NTSYSAPI PVOID WINAPI RtlReAllocateHeap(HANDLE, ULONG, PVOID, SIZE_T)
Definition: heap.c:2667
RtlInitUnicodeStringEx
NTSYSAPI NTSTATUS WINAPI RtlInitUnicodeStringEx(PUNICODE_STRING, PCWSTR)
RtlReleaseActivationContext
NTSYSAPI void WINAPI RtlReleaseActivationContext(HANDLE)
Definition: actctx.c:5344
NtCurrentTeb
#define NtCurrentTeb
Definition: iphlpapi_private.h:4
c
#define c
Definition: ke_i.h:80
LdrUnloadDll
NTSTATUS NTAPI LdrUnloadDll(_In_ PVOID BaseAddress)
Definition: ldrapi.c:1331
LDRP_UNLOAD_IN_PROGRESS
#define LDRP_UNLOAD_IN_PROGRESS
Definition: ldrtypes.h:43
LDRP_REDIRECTED
#define LDRP_REDIRECTED
Definition: ldrtypes.h:58
LDRP_ENTRY_PROCESSED
#define LDRP_ENTRY_PROCESSED
Definition: ldrtypes.h:44
PDLL_INIT_ROUTINE
BOOLEAN(NTAPI * PDLL_INIT_ROUTINE)(_In_ PVOID DllHandle, _In_ ULONG Reason, _In_opt_ PCONTEXT Context)
Definition: ldrtypes.h:254
ActCtx
_In_ PCWSTR _Out_ PVOID * ActCtx
Definition: ldrtypes.h:247
LDRP_IMAGE_NOT_AT_BASE
#define LDRP_IMAGE_NOT_AT_BASE
Definition: ldrtypes.h:51
LDRP_STATIC_LINK
#define LDRP_STATIC_LINK
Definition: ldrtypes.h:38
LDRP_COR_IMAGE
#define LDRP_COR_IMAGE
Definition: ldrtypes.h:52
FullDllName
_In_ PCWSTR FullDllName
Definition: ldrtypes.h:247
LDRP_IMAGE_DLL
#define LDRP_IMAGE_DLL
Definition: ldrtypes.h:39
LDRP_LOAD_IN_PROGRESS
#define LDRP_LOAD_IN_PROGRESS
Definition: ldrtypes.h:42
LdrpCallTlsInitializers
VOID NTAPI LdrpCallTlsInitializers(IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Reason)
Definition: ldrutils.c:473
LdrpResolveDllName
BOOLEAN NTAPI LdrpResolveDllName(PWSTR DllPath, PWSTR DllName, PUNICODE_STRING FullDllName, PUNICODE_STRING BaseDllName)
Definition: ldrutils.c:699
LdrpUnloadShimEngine
VOID NTAPI LdrpUnloadShimEngine()
Definition: ldrutils.c:2802
g_pfnSE_InstallBeforeInit
PVOID g_pfnSE_InstallBeforeInit
Definition: ldrutils.c:25
LdrpMapDll
NTSTATUS NTAPI LdrpMapDll(IN PWSTR SearchPath OPTIONAL, IN PWSTR DllPath2, IN PWSTR DllName OPTIONAL, IN PULONG DllCharacteristics, IN BOOLEAN Static, IN BOOLEAN Redirect, OUT PLDR_DATA_TABLE_ENTRY *DataTableEntry)
Definition: ldrutils.c:1023
LdrpAllocateUnicodeString
NTSTATUS NTAPI LdrpAllocateUnicodeString(IN OUT PUNICODE_STRING StringOut, IN ULONG Length)
Definition: ldrutils.c:33
g_pfnSE_InstallAfterInit
PVOID g_pfnSE_InstallAfterInit
Definition: ldrutils.c:26
LdrpLoadShimEngine
VOID NTAPI LdrpLoadShimEngine(IN PWSTR ImageName, IN PUNICODE_STRING ProcessImage, IN PVOID pShimData)
Definition: ldrutils.c:2777
LdrpCheckForLoadedDllHandle
BOOLEAN NTAPI LdrpCheckForLoadedDllHandle(IN PVOID Base, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
Definition: ldrutils.c:1621
LdrpLoadDll
NTSTATUS NTAPI LdrpLoadDll(IN BOOLEAN Redirected, IN PWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *BaseAddress, IN BOOLEAN CallInit)
Definition: ldrutils.c:2435
g_pShimEngineModule
PVOID g_pShimEngineModule
Definition: ldrutils.c:22
g_pfnSE_ProcessDying
PVOID g_pfnSE_ProcessDying
Definition: ldrutils.c:27
LdrpSearchPath
NTSTATUS NTAPI LdrpSearchPath(IN PWCHAR *SearchPath, IN PWCHAR DllName, IN PUNICODE_STRING PathName, IN PUNICODE_STRING FullPathName, IN PUNICODE_STRING *ExpandedName)
Definition: ldrutils.c:1783
LdrpFetchAddressOfEntryPoint
PVOID NTAPI LdrpFetchAddressOfEntryPoint(IN PVOID ImageBase)
Definition: ldrutils.c:793
LdrpUpdateLoadCount2
VOID NTAPI LdrpUpdateLoadCount2(IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Flags)
Definition: ldrutils.c:460
LdrpRunShimEngineInitRoutine
VOID NTAPI LdrpRunShimEngineInitRoutine(IN ULONG Reason)
Definition: ldrutils.c:2742
LdrpFinalizeAndDeallocateDataTableEntry
VOID NTAPI LdrpFinalizeAndDeallocateDataTableEntry(IN PLDR_DATA_TABLE_ENTRY Entry)
Definition: ldrutils.c:1598
LdrpCheckForKnownDll
NTSTATUS NTAPI LdrpCheckForKnownDll(PWSTR DllName, PUNICODE_STRING FullDllName, PUNICODE_STRING BaseDllName, HANDLE *SectionHandle)
Definition: ldrutils.c:814
LdrpGetModuleHandleCache
PLDR_DATA_TABLE_ENTRY LdrpGetModuleHandleCache
Definition: ldrutils.c:19
LdrpGetProcedureAddress
NTSTATUS NTAPI LdrpGetProcedureAddress(_In_ PVOID BaseAddress, _In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING Name, _In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG Ordinal, _Out_ PVOID *ProcedureAddress, _In_ BOOLEAN ExecuteInit)
Definition: ldrutils.c:2252
LdrpUpdateLoadCount3
VOID NTAPI LdrpUpdateLoadCount3(IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Flags, OUT PUNICODE_STRING UpdateString)
Definition: ldrutils.c:112
LdrpInsertMemoryTableEntry
VOID NTAPI LdrpInsertMemoryTableEntry(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: ldrutils.c:1582
LdrpSetProtection
NTSTATUS NTAPI LdrpSetProtection(PVOID ViewBase, BOOLEAN Restore)
Definition: ldrutils.c:947
LdrpCheckForLoadedDll
BOOLEAN NTAPI LdrpCheckForLoadedDll(IN PWSTR DllPath, IN PUNICODE_STRING DllName, IN BOOLEAN Flag, IN BOOLEAN RedirectedDll, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
Definition: ldrutils.c:1979
LdrpCallInitRoutine
BOOLEAN NTAPI LdrpCallInitRoutine(IN PDLL_INIT_ROUTINE EntryPoint, IN PVOID BaseAddress, IN ULONG Reason, IN PVOID Context)
Definition: ldrutils.c:100
LdrpCodeAuthzCheckDllAllowed
NTSTATUS NTAPI LdrpCodeAuthzCheckDllAllowed(IN PUNICODE_STRING FullName, IN HANDLE DllHandle)
Definition: ldrutils.c:535
LdrpAllocateDataTableEntry
PLDR_DATA_TABLE_ENTRY NTAPI LdrpAllocateDataTableEntry(IN PVOID BaseAddress)
Definition: ldrutils.c:1549
LdrpCreateDllSection
NTSTATUS NTAPI LdrpCreateDllSection(IN PUNICODE_STRING FullName, IN HANDLE DllHandle, IN PULONG DllCharacteristics OPTIONAL, OUT PHANDLE SectionHandle)
Definition: ldrutils.c:544
g_ShimsEnabled
BOOLEAN g_ShimsEnabled
Definition: ldrutils.c:21
LdrpResolveFullName
NTSTATUS NTAPI LdrpResolveFullName(IN PUNICODE_STRING OriginalName, IN PUNICODE_STRING PathName, IN PUNICODE_STRING FullPathName, IN PUNICODE_STRING *ExpandedName)
Definition: ldrutils.c:1667
LdrpClearLoadInProgress
ULONG NTAPI LdrpClearLoadInProgress(VOID)
Definition: ldrutils.c:2669
LdrpGetShimEngineFunction
PVOID LdrpGetShimEngineFunction(PCSZ FunctionName)
Definition: ldrutils.c:2704
g_pfnSE_DllUnloaded
PVOID g_pfnSE_DllUnloaded
Definition: ldrutils.c:24
LdrpLoadedDllHandleCache
PLDR_DATA_TABLE_ENTRY LdrpLoadedDllHandleCache
Definition: ldrutils.c:19
g_pfnSE_DllLoaded
PVOID g_pfnSE_DllLoaded
Definition: ldrutils.c:23
LdrpFreeUnicodeString
VOID NTAPI LdrpFreeUnicodeString(IN PUNICODE_STRING StringIn)
Definition: ldrutils.c:84
LdrpGetShimEngineInterface
VOID NTAPI LdrpGetShimEngineInterface()
Definition: ldrutils.c:2717
if
if(dx< 0)
Definition: linetemp.h:194
PCHAR
#define PCHAR
Definition: match.c:90
ASSERT
#define ASSERT(a)
Definition: mode.c:44
Reason
PVOID PVOID PWCHAR PVOID USHORT PULONG Reason
Definition: env.c:47
StringOut
string StringOut(const string &String, bool forcePrint=true)
Definition: tools.cpp:96
DllPath
static const char const char * DllPath
Definition: image.c:34
ImageName
static const char * ImageName
Definition: image.c:34
IoStatusBlock
static OUT PIO_STATUS_BLOCK IoStatusBlock
Definition: pipe.c:75
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
_Notnull_
#define _Notnull_
Definition: ms_sal.h:658
_Out_
#define _Out_
Definition: ms_sal.h:345
_When_
#define _When_(expr, annos)
Definition: ms_sal.h:254
_In_
#define _In_
Definition: ms_sal.h:308
_In_opt_
#define _In_opt_
Definition: ms_sal.h:309
_In_range_
#define _In_range_(lb, ub)
Definition: ms_sal.h:571
ZwRaiseHardError
NTSYSAPI NTSTATUS NTAPI ZwRaiseHardError(_In_ NTSTATUS ErrorStatus, _In_ ULONG NumberOfParameters, _In_ ULONG UnicodeStringParameterMask, _In_ PULONG_PTR Parameters, _In_ ULONG ValidResponseOptions, _Out_ PULONG Response)
OptionOkCancel
@ OptionOkCancel
Definition: extypes.h:188
OptionOk
@ OptionOk
Definition: extypes.h:187
ResponseCancel
@ ResponseCancel
Definition: extypes.h:202
ZwFlushInstructionCache
NTSYSAPI NTSTATUS NTAPI ZwFlushInstructionCache(_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ ULONG NumberOfBytesToFlush)
ZwQuerySection
NTSYSAPI NTSTATUS NTAPI ZwQuerySection(_In_ HANDLE SectionHandle, _In_ SECTION_INFORMATION_CLASS SectionInformationClass, _Out_ PVOID SectionInformation, _In_ SIZE_T Length, _Out_opt_ PSIZE_T ResultLength)
ZwAreMappedFilesTheSame
NTSYSAPI NTSTATUS NTAPI ZwAreMappedFilesTheSame(_In_ PVOID File1MappedAsAnImage, _In_ PVOID File2MappedAsFile)
BaseAddress
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
Definition: mmfuncs.h:404
ViewSize
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T ViewSize
Definition: mmfuncs.h:408
ZwProtectVirtualMemory
NTSYSAPI NTSTATUS NTAPI ZwProtectVirtualMemory(_In_ HANDLE ProcessHandle, _In_ PVOID *BaseAddress, _In_ SIZE_T *NumberOfBytesToProtect, _In_ ULONG NewAccessProtection, _Out_ PULONG OldAccessProtection)
SEC_COMMIT
#define SEC_COMMIT
Definition: mmtypes.h:100
SEC_IMAGE
#define SEC_IMAGE
Definition: mmtypes.h:97
SectionImageInformation
@ SectionImageInformation
Definition: mmtypes.h:196
RtlDetermineDosPathNameType_U
NTSYSAPI RTL_PATH_TYPE NTAPI RtlDetermineDosPathNameType_U(_In_ PCWSTR Path)
DbgPrintEx
NTSYSAPI ULONG __cdecl DbgPrintEx(_In_ ULONG ComponentId, _In_ ULONG Level, _In_z_ _Printf_format_string_ PCSTR Format,...)
RtlEnterCriticalSection
NTSYSAPI NTSTATUS NTAPI RtlEnterCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
Base
_In_opt_ ULONG Base
Definition: rtlfuncs.h:2439
LdrRelocateImageWithBias
ULONG NTAPI LdrRelocateImageWithBias(_In_ PVOID BaseAddress, _In_ LONGLONG AdditionalBias, _In_opt_ PCSTR LoaderName, _In_ ULONG Success, _In_ ULONG Conflict, _In_ ULONG Invalid)
Definition: image.c:474
RtlLeaveCriticalSection
NTSYSAPI NTSTATUS NTAPI RtlLeaveCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
RtlDosSearchPath_U
NTSYSAPI ULONG NTAPI RtlDosSearchPath_U(_In_ PCWSTR Path, _In_ PCWSTR FileName, _In_ PCWSTR Extension, _In_ ULONG BufferSize, _Out_ PWSTR Buffer, _Out_ PWSTR *PartName)
RtlDosPathNameToNtPathName_U
NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U(_In_opt_z_ PCWSTR DosPathName, _Out_ PUNICODE_STRING NtPathName, _Out_opt_ PCWSTR *NtFileNamePart, _Out_opt_ PRTL_RELATIVE_NAME_U DirectoryInfo)
RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER
#define RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER
Definition: rtltypes.h:101
RtlPathTypeRelative
@ RtlPathTypeRelative
Definition: rtltypes.h:476
RtlCopyUnicodeString
NTSYSAPI VOID NTAPI RtlCopyUnicodeString(PUNICODE_STRING DestinationString, PUNICODE_STRING SourceString)
SECTION_MAP_EXECUTE
#define SECTION_MAP_EXECUTE
Definition: nt_native.h:1290
NtOpenFile
NTSYSAPI NTSTATUS NTAPI NtOpenFile(OUT PHANDLE phFile, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN ULONG ShareMode, IN ULONG OpenMode)
Definition: file.c:3952
SYNCHRONIZE
#define SYNCHRONIZE
Definition: nt_native.h:61
SECTION_MAP_WRITE
#define SECTION_MAP_WRITE
Definition: nt_native.h:1288
FILE_READ_DATA
#define FILE_READ_DATA
Definition: nt_native.h:628
PAGE_NOCACHE
#define PAGE_NOCACHE
Definition: nt_native.h:1311
RtlAppendUnicodeStringToString
NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeStringToString(PUNICODE_STRING Destination, PUNICODE_STRING Source)
PAGE_READWRITE
#define PAGE_READWRITE
Definition: nt_native.h:1304
SECTION_QUERY
#define SECTION_QUERY
Definition: nt_native.h:1287
RtlAnsiStringToUnicodeString
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
PAGE_EXECUTE
#define PAGE_EXECUTE
Definition: nt_native.h:1306
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
RtlEqualUnicodeString
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657
FILE_SHARE_DELETE
#define FILE_SHARE_DELETE
Definition: nt_native.h:682
FILE_EXECUTE
#define FILE_EXECUTE
Definition: nt_native.h:642
ViewShare
@ ViewShare
Definition: nt_native.h:1278
NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
RtlInitAnsiString
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
UNICODE_NULL
#define UNICODE_NULL
UNICODE_STRING_MAX_CHARS
#define UNICODE_STRING_MAX_CHARS
UNICODE_STRING_MAX_BYTES
#define UNICODE_STRING_MAX_BYTES
ANSI_NULL
#define ANSI_NULL
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
LdrpInLdrInit
BOOLEAN LdrpInLdrInit
Definition: ldrinit.c:30
LdrpDefaultPath
UNICODE_STRING LdrpDefaultPath
Definition: ldrinit.c:65
LdrpWalkImportDescriptor
NTSTATUS NTAPI LdrpWalkImportDescriptor(IN LPWSTR DllPath OPTIONAL, IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: ldrpe.c:670
LdrpNumberOfProcessors
ULONG LdrpNumberOfProcessors
Definition: ldrinit.c:55
LdrpHeap
PVOID LdrpHeap
Definition: ldrinit.c:59
LDRP_UPDATE_DEREFCOUNT
#define LDRP_UPDATE_DEREFCOUNT
Definition: ntdllp.h:16
LdrApiDefaultExtension
UNICODE_STRING LdrApiDefaultExtension
Definition: ldrapi.c:22
LDR_GET_HASH_ENTRY
#define LDR_GET_HASH_ENTRY(x)
Definition: ntdllp.h:12
LdrpFatalHardErrorCount
ULONG LdrpFatalHardErrorCount
Definition: ldrinit.c:83
LdrpValidateImageForMp
VOID NTAPI LdrpValidateImageForMp(IN PLDR_DATA_TABLE_ENTRY LdrDataTableEntry)
Definition: ldrinit.c:1539
LdrpHashTable
LIST_ENTRY LdrpHashTable[LDR_HASH_TABLE_ENTRIES]
Definition: ldrinit.c:60
LdrpKnownDllPath
UNICODE_STRING LdrpKnownDllPath
Definition: ldrinit.c:63
IMAGE_LOADER_FLAGS_COMPLUS
#define IMAGE_LOADER_FLAGS_COMPLUS
Definition: ntdllp.h:20
LdrpRunInitializeRoutines
NTSTATUS NTAPI LdrpRunInitializeRoutines(IN PCONTEXT Context OPTIONAL)
Definition: ldrinit.c:641
LdrpLdrDatabaseIsSetup
BOOLEAN LdrpLdrDatabaseIsSetup
Definition: ldrinit.c:33
ShowSnaps
BOOLEAN ShowSnaps
Definition: ldrinit.c:81
LdrpKnownDllObjectDirectory
HANDLE LdrpKnownDllObjectDirectory
Definition: ldrinit.c:62
LDRP_UPDATE_PIN
#define LDRP_UPDATE_PIN
Definition: ntdllp.h:17
LdrpLoaderLock
RTL_CRITICAL_SECTION LdrpLoaderLock
Definition: ldrinit.c:70
LDRP_UPDATE_REFCOUNT
#define LDRP_UPDATE_REFCOUNT
Definition: ntdllp.h:15
LdrpEnsureLoaderLockIsHeld
VOID NTAPI LdrpEnsureLoaderLockIsHeld(VOID)
Definition: ldrinit.c:409
LdrpSnapThunk
NTSTATUS NTAPI LdrpSnapThunk(IN PVOID ExportBase, IN PVOID ImportBase, IN PIMAGE_THUNK_DATA OriginalThunk, IN OUT PIMAGE_THUNK_DATA Thunk, IN PIMAGE_EXPORT_DIRECTORY ExportEntry, IN ULONG ExportSize, IN BOOLEAN Static, IN LPSTR DllName)
Definition: ldrpe.c:950
IMAGE_SCN_MEM_NOT_CACHED
#define IMAGE_SCN_MEM_NOT_CACHED
Definition: ntimage.h:236
IMAGE_SCN_MEM_WRITE
#define IMAGE_SCN_MEM_WRITE
Definition: ntimage.h:241
PIMAGE_IMPORT_DESCRIPTOR
struct _IMAGE_IMPORT_DESCRIPTOR * PIMAGE_IMPORT_DESCRIPTOR
IMAGE_SCN_MEM_EXECUTE
#define IMAGE_SCN_MEM_EXECUTE
Definition: ntimage.h:239
IMAGE_FIRST_SECTION
#define IMAGE_FIRST_SECTION(NtHeader)
Definition: ntimage.h:427
PIMAGE_THUNK_DATA
PIMAGE_THUNK_DATA32 PIMAGE_THUNK_DATA
Definition: ntimage.h:566
PIMAGE_TLS_CALLBACK
VOID(NTAPI * PIMAGE_TLS_CALLBACK)(PVOID DllHandle, ULONG Reason, PVOID Reserved)
Definition: ntimage.h:531
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455
STATUS_INVALID_IMAGE_FORMAT
#define STATUS_INVALID_IMAGE_FORMAT
Definition: ntstatus.h:359
STATUS_IMAGE_MACHINE_TYPE_MISMATCH
#define STATUS_IMAGE_MACHINE_TYPE_MISMATCH
Definition: ntstatus.h:128
STATUS_DLL_NOT_FOUND
#define STATUS_DLL_NOT_FOUND
Definition: ntstatus.h:545
STATUS_OBJECT_PATH_SYNTAX_BAD
#define STATUS_OBJECT_PATH_SYNTAX_BAD
Definition: ntstatus.h:295
STATUS_ILLEGAL_DLL_RELOCATION
#define STATUS_ILLEGAL_DLL_RELOCATION
Definition: ntstatus.h:742
STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
STATUS_PROCEDURE_NOT_FOUND
#define STATUS_PROCEDURE_NOT_FOUND
Definition: ntstatus.h:358
STATUS_CONFLICTING_ADDRESSES
#define STATUS_CONFLICTING_ADDRESSES
Definition: ntstatus.h:261
STATUS_SXS_SECTION_NOT_FOUND
#define STATUS_SXS_SECTION_NOT_FOUND
Definition: ntstatus.h:1382
STATUS_SXS_KEY_NOT_FOUND
#define STATUS_SXS_KEY_NOT_FOUND
Definition: ntstatus.h:1389
STATUS_IMAGE_NOT_AT_BASE
#define STATUS_IMAGE_NOT_AT_BASE
Definition: ntstatus.h:117
STATUS_NAME_TOO_LONG
#define STATUS_NAME_TOO_LONG
Definition: ntstatus.h:498
L
#define L(x)
Definition: ntvdm.h:50
IMAGE_FILE_EXECUTABLE_IMAGE
#define IMAGE_FILE_EXECUTABLE_IMAGE
Definition: pedump.c:160
IMAGE_DIRECTORY_ENTRY_IMPORT
#define IMAGE_DIRECTORY_ENTRY_IMPORT
Definition: pedump.c:260
IMAGE_ORDINAL_FLAG
#define IMAGE_ORDINAL_FLAG
Definition: pedump.c:336
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
Definition: pedump.c:270
IMAGE_DIRECTORY_ENTRY_BASERELOC
#define IMAGE_DIRECTORY_ENTRY_BASERELOC
Definition: pedump.c:264
IMAGE_FILE_DLL
#define IMAGE_FILE_DLL
Definition: pedump.c:169
IMAGE_DIRECTORY_ENTRY_TLS
#define IMAGE_DIRECTORY_ENTRY_TLS
Definition: pedump.c:268
IMAGE_FILE_SYSTEM
#define IMAGE_FILE_SYSTEM
Definition: pedump.c:168
PIMAGE_IMPORT_BY_NAME
struct _IMAGE_IMPORT_BY_NAME * PIMAGE_IMPORT_BY_NAME
USHORT
unsigned short USHORT
Definition: pedump.c:61
IMAGE_FILE_RELOCS_STRIPPED
#define IMAGE_FILE_RELOCS_STRIPPED
Definition: pedump.c:159
Address
static WCHAR Address[46]
Definition: ping.c:68
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:159
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:34
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:162
RtlActivateActivationContextUnsafeFast
PRTL_ACTIVATION_CONTEXT_STACK_FRAME FASTCALL RtlActivateActivationContextUnsafeFast(IN PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED Frame, IN PVOID Context)
Definition: actctx.c:5934
RtlDeactivateActivationContextUnsafeFast
PRTL_ACTIVATION_CONTEXT_STACK_FRAME FASTCALL RtlDeactivateActivationContextUnsafeFast(IN PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED Frame)
Definition: actctx.c:6011
RtlDoesFileExists_UstrEx
BOOLEAN NTAPI RtlDoesFileExists_UstrEx(IN PCUNICODE_STRING FileName, IN BOOLEAN SucceedIfBusy)
Definition: path.c:1430
RtlGetFullPathName_Ustr
ULONG NTAPI RtlGetFullPathName_Ustr(_In_ PUNICODE_STRING FileName, _In_ ULONG Size, _Out_z_bytecap_(Size) PWSTR Buffer, _Out_opt_ PCWSTR *ShortName, _Out_opt_ PBOOLEAN InvalidName, _Out_ RTL_PATH_TYPE *PathType)
Definition: path.c:734
RtlEncodeSystemPointer
PVOID NTAPI RtlEncodeSystemPointer(IN PVOID Pointer)
Definition: process.c:429
RtlDecodeSystemPointer
PVOID NTAPI RtlDecodeSystemPointer(IN PVOID Pointer)
Definition: process.c:439
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
STATUS_NOT_FOUND
#define STATUS_NOT_FOUND
Definition: shellext.h:72
SE_InstallAfterInit
VOID NTAPI SE_InstallAfterInit(PUNICODE_STRING ProcessImage, PVOID pShimData)
Definition: shimeng.c:1436
SE_InstallBeforeInit
VOID NTAPI SE_InstallBeforeInit(PUNICODE_STRING ProcessImage, PVOID pShimData)
Definition: shimeng.c:1417
SE_ProcessDying
VOID NTAPI SE_ProcessDying(VOID)
Definition: shimeng.c:1441
SE_DllLoaded
VOID WINAPI SE_DllLoaded(PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: shimeng.c:1447
SE_DllUnloaded
VOID WINAPI SE_DllUnloaded(PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: shimeng.c:1465
DPRINT
#define DPRINT
Definition: sndvol32.h:71
Exit
static void Exit(void)
Definition: sock.c:1330
OPTIONAL
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68
Entry
base of all file and directory entries
Definition: entries.h:83
Flag
Definition: xml2sdb.h:80
NameRec_
Definition: apinames.c:49
Response
Definition: ncftp.h:89
Static
Definition: window.h:585
_ANSI_STRING
Definition: env_spec_w32.h:375
_IMAGE_BOUND_FORWARDER_REF
Definition: winnt_old.h:3437
_IMAGE_BOUND_FORWARDER_REF::OffsetModuleName
WORD OffsetModuleName
Definition: winnt_old.h:3439
_IMAGE_BOUND_IMPORT_DESCRIPTOR
Definition: winnt_old.h:3431
_IMAGE_BOUND_IMPORT_DESCRIPTOR::OffsetModuleName
WORD OffsetModuleName
Definition: winnt_old.h:3433
_IMAGE_BOUND_IMPORT_DESCRIPTOR::NumberOfModuleForwarderRefs
WORD NumberOfModuleForwarderRefs
Definition: winnt_old.h:3434
_IMAGE_EXPORT_DIRECTORY
Definition: compat.h:156
_IMAGE_FILE_HEADER::Characteristics
WORD Characteristics
Definition: ntddk_ex.h:128
_IMAGE_FILE_HEADER::NumberOfSections
WORD NumberOfSections
Definition: ntddk_ex.h:123
_IMAGE_FILE_HEADER::TimeDateStamp
DWORD TimeDateStamp
Definition: ntddk_ex.h:124
_IMAGE_IMPORT_BY_NAME
Definition: pedump.c:329
_IMAGE_IMPORT_BY_NAME::Name
BYTE Name[1]
Definition: pedump.c:331
_IMAGE_IMPORT_BY_NAME::Hint
WORD Hint
Definition: pedump.c:330
_IMAGE_IMPORT_DESCRIPTOR
Definition: ntimage.h:572
_IMAGE_IMPORT_DESCRIPTOR::FirstThunk
ULONG FirstThunk
Definition: ntimage.h:580
_IMAGE_IMPORT_DESCRIPTOR::Name
ULONG Name
Definition: ntimage.h:579
_IMAGE_NT_HEADERS
Definition: ntddk_ex.h:181
_IMAGE_NT_HEADERS::OptionalHeader
IMAGE_OPTIONAL_HEADER32 OptionalHeader
Definition: ntddk_ex.h:184
_IMAGE_NT_HEADERS::FileHeader
IMAGE_FILE_HEADER FileHeader
Definition: ntddk_ex.h:183
_IMAGE_OPTIONAL_HEADER::SizeOfImage
DWORD SizeOfImage
Definition: ntddk_ex.h:167
_IMAGE_OPTIONAL_HEADER::AddressOfEntryPoint
DWORD AddressOfEntryPoint
Definition: ntddk_ex.h:149
_IMAGE_OPTIONAL_HEADER::MajorSubsystemVersion
WORD MajorSubsystemVersion
Definition: ntddk_ex.h:164
_IMAGE_OPTIONAL_HEADER::ImageBase
DWORD ImageBase
Definition: ntddk_ex.h:157
_IMAGE_SECTION_HEADER
Definition: pedump.c:280
_IMAGE_SECTION_HEADER::SizeOfRawData
DWORD SizeOfRawData
Definition: pedump.c:289
_IMAGE_SECTION_HEADER::Characteristics
DWORD Characteristics
Definition: pedump.c:295
_IMAGE_SECTION_HEADER::VirtualAddress
DWORD VirtualAddress
Definition: pedump.c:288
_IMAGE_THUNK_DATA32
Definition: ntimage.h:510
_IMAGE_THUNK_DATA32::u1
union _IMAGE_THUNK_DATA32::@2121 u1
_IMAGE_THUNK_DATA32::Ordinal
ULONG Ordinal
Definition: ntimage.h:514
_IMAGE_THUNK_DATA32::Function
ULONG Function
Definition: ntimage.h:513
_IMAGE_THUNK_DATA32::AddressOfData
ULONG AddressOfData
Definition: ntimage.h:515
_IMAGE_TLS_DIRECTORY32
Definition: ntimage.h:545
_IMAGE_TLS_DIRECTORY32::AddressOfCallBacks
ULONG AddressOfCallBacks
Definition: ntimage.h:549
_IO_STATUS_BLOCK
Definition: env_spec_w32.h:870
_LDR_DATA_TABLE_ENTRY
Definition: btrfs_drv.h:1876
_LDR_DATA_TABLE_ENTRY::LoadCount
USHORT LoadCount
Definition: ntddk_ex.h:208
_LDR_DATA_TABLE_ENTRY::EntryPoint
PVOID EntryPoint
Definition: ntddk_ex.h:203
_LDR_DATA_TABLE_ENTRY::FullDllName
UNICODE_STRING FullDllName
Definition: btrfs_drv.h:1882
_LDR_DATA_TABLE_ENTRY::SizeOfImage
ULONG SizeOfImage
Definition: ldrtypes.h:143
_LDR_DATA_TABLE_ENTRY::InLoadOrderLinks
LIST_ENTRY InLoadOrderLinks
Definition: ldrtypes.h:138
_LDR_DATA_TABLE_ENTRY::InInitializationOrderLinks
LIST_ENTRY InInitializationOrderLinks
Definition: ldrtypes.h:140
_LDR_DATA_TABLE_ENTRY::DllBase
PVOID DllBase
Definition: btrfs_drv.h:1880
_LDR_DATA_TABLE_ENTRY::InMemoryOrderLinks
LIST_ENTRY InMemoryOrderLinks
Definition: btrfs_drv.h:1878
_LDR_DATA_TABLE_ENTRY::Flags
ULONG Flags
Definition: ntddk_ex.h:207
_LDR_DATA_TABLE_ENTRY::TimeDateStamp
ULONG TimeDateStamp
Definition: btrfs_drv.h:1889
_LDR_DATA_TABLE_ENTRY::HashLinks
LIST_ENTRY HashLinks
Definition: ldrtypes.h:151
_LDR_DATA_TABLE_ENTRY::BaseDllName
UNICODE_STRING BaseDllName
Definition: ldrtypes.h:145
_LDR_DATA_TABLE_ENTRY::PatchInformation
PVOID PatchInformation
Definition: ldrtypes.h:164
_LIST_ENTRY
Definition: typedefs.h:120
_LIST_ENTRY::Flink
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
_NT_TIB::ArbitraryUserPointer
PVOID ArbitraryUserPointer
Definition: compat.h:719
_OBJECT_ATTRIBUTES
Definition: umtypes.h:182
_PEB_LDR_DATA
Definition: btrfs_drv.h:1892
_PEB_LDR_DATA::InInitializationOrderModuleList
LIST_ENTRY InInitializationOrderModuleList
Definition: ldrtypes.h:122
_PEB_LDR_DATA::InMemoryOrderModuleList
LIST_ENTRY InMemoryOrderModuleList
Definition: btrfs_drv.h:1895
_PEB_LDR_DATA::InLoadOrderModuleList
LIST_ENTRY InLoadOrderModuleList
Definition: ldrtypes.h:120
_PEB
Definition: btrfs_drv.h:1907
_PEB::Ldr
PPEB_LDR_DATA Ldr
Definition: btrfs_drv.h:1912
_PEB::ImageBaseAddress
PVOID ImageBaseAddress
Definition: ntddk_ex.h:245
_RTL_ACTIVATION_CONTEXT_STACK_FRAME
Definition: winternl.h:248
_SECTION_IMAGE_INFORMATION
Definition: mmtypes.h:340
_SECTION_IMAGE_INFORMATION::LoaderFlags
ULONG LoaderFlags
Definition: mmtypes.h:376
_TEB
Definition: compat.h:836
_TEB::NtTib
NT_TIB NtTib
Definition: ntddk_ex.h:332
_UNICODE_STRING
Definition: env_spec_w32.h:368
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
_UNICODE_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:370
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
LL
#define LL
Definition: tui.h:150
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
NTAPI
#define NTAPI
Definition: typedefs.h:36
PVOID
void * PVOID
Definition: typedefs.h:50
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
IN
#define IN
Definition: typedefs.h:39
RtlMoveMemory
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:264
PWCHAR
uint16_t * PWCHAR
Definition: typedefs.h:56
CONTAINING_RECORD
#define CONTAINING_RECORD(address, type, field)
Definition: typedefs.h:260
ULONG
uint32_t ULONG
Definition: typedefs.h:59
OUT
#define OUT
Definition: typedefs.h:40
PCHAR
char * PCHAR
Definition: typedefs.h:51
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
STATUS_OBJECT_NAME_NOT_FOUND
#define STATUS_OBJECT_NAME_NOT_FOUND
Definition: udferr_usr.h:149
PCSZ
CONST char * PCSZ
Definition: umtypes.h:125
ALIGN_DOWN
#define ALIGN_DOWN(size, type)
Definition: umtypes.h:88
Size
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533
Callback
_In_ WDFINTERRUPT _In_ PFN_WDF_INTERRUPT_SYNCHRONIZE Callback
Definition: wdfinterrupt.h:458
SearchPath
#define SearchPath
Definition: winbase.h:3835
PSZ
char * PSZ
Definition: windef.h:57
PIMAGE_BOUND_FORWARDER_REF
struct _IMAGE_BOUND_FORWARDER_REF * PIMAGE_BOUND_FORWARDER_REF
PIMAGE_BOUND_IMPORT_DESCRIPTOR
struct _IMAGE_BOUND_IMPORT_DESCRIPTOR * PIMAGE_BOUND_IMPORT_DESCRIPTOR
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
FullName
_In_ PSTRING FullName
Definition: rtlfuncs.h:1648
LPSTR
char * LPSTR
Definition: xmlstorage.h:182
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180