95 RtlInitEmptyUnicodeString(StringIn,
NULL, 0);
129 RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED
ActCtx;
137 RtlActivateActivationContextUnsafeFast(&
ActCtx,
138 LdrEntry->EntryPointActivationContext);
175 BoundEntry = FirstEntry;
186 RedirectedDll =
FALSE;
187 RedirectedImportName = ImportNameUnic;
199 DPRINT1(
"LDR: %Z got redirected to %wZ\n", &ImportNameAnsi, RedirectedImportName);
206 RedirectedImportName,
211 if (
Entry->LoadCount != 0xFFFF)
223 Entry->LoadCount = 0xFFFF;
230 DPRINT1(
"LDR: Flags %lu %wZ (%lx)\n",
Flags, RedirectedImportName,
Entry->LoadCount);
237 else if (RedirectedDll)
239 DPRINT1(
"LDR: LdrpCheckForLoadedDll failed for redirected dll %wZ\n", RedirectedImportName);
245 DPRINT1(
"LDR: LdrpApplyFileNameRedirection failed with status %x for dll %wZ\n",
Status, ImportNameUnic);
260 RedirectedDll =
FALSE;
261 RedirectedImportName = ImportNameUnic;
273 DPRINT1(
"LDR: %Z got redirected to %wZ\n", &ImportNameAnsi, RedirectedImportName);
280 RedirectedImportName,
285 if (
Entry->LoadCount != 0xFFFF)
297 Entry->LoadCount = 0xFFFF;
304 DPRINT1(
"LDR: Flags %lu %wZ (%lx)\n",
Flags, RedirectedImportName,
Entry->LoadCount);
311 else if (RedirectedDll)
313 DPRINT1(
"LDR: LdrpCheckForLoadedDll failed with status %x for redirected dll %wZ\n",
Status, RedirectedImportName);
319 DPRINT1(
"LDR: LdrpApplyFileNameRedirection failed with status %x for dll %wZ\n",
Status, ImportNameUnic);
324 NewImportForwarder++;
359 RedirectedDll =
FALSE;
360 RedirectedImportName = ImportNameUnic;
371 DPRINT1(
"LDR: %Z got redirected to %wZ\n", &ImportNameAnsi, RedirectedImportName);
378 RedirectedImportName,
383 if (
Entry->LoadCount != 0xFFFF)
395 Entry->LoadCount = 0xFFFF;
402 DPRINT1(
"LDR: Flags %lu %wZ (%lx)\n",
Flags, RedirectedImportName,
Entry->LoadCount);
409 else if (RedirectedDll)
411 DPRINT1(
"LDR: LdrpCheckForLoadedDll failed for redirected dll %wZ\n", RedirectedImportName);
418 DPRINT1(
"LDR: LdrpApplyFileNameRedirection failed for dll %wZ\n", ImportNameUnic);
429 RtlDeactivateActivationContextUnsafeFast(&
ActCtx);
441 RtlInitEmptyUnicodeString(&UpdateString,
Buffer,
sizeof(
Buffer));
473 DPRINT1(
"LDR: Tls Callbacks Found. Imagebase %p Tls %p CallBacks %p\n",
474 LdrEntry->DllBase, TlsDirectory, Array);
486 DPRINT1(
"LDR: Calling Tls Callback Imagebase %p Function %p\n",
501 DPRINT1(
"LDR: Exception 0x%x during Tls Callback(%u) for %wZ\n",
566 DPRINT1(
"LDR: LdrpCreateDllSection - NtOpenFile failed; status = %x\n",
578 *SectionHandle =
NULL;
603 *SectionHandle =
NULL;
623 if (!DllCharacteristics ||
644 DPRINT1(
"LDR: Loading of (%wZ) blocked by Winsafer\n",
650 *SectionHandle =
NULL;
658 *SectionHandle =
NULL;
678 PWCHAR NameBuffer, p1, p2 = 0;
697 DPRINT1(
"LDR: LdrResolveDllName - Unable to find ");
778 if (EntryPoint) EntryPoint += (
ULONG_PTR)ImageBase;
782 return (
PVOID)EntryPoint;
801 if (SectionHandle) *SectionHandle = 0;
818 if (!SectionHandle || !
FullDllName || !BaseDllName)
832 ACTIVATION_CONTEXT_SECTION_DLL_REDIRECTION,
903 *SectionHandle = Section;
929 ULONG NewProtection, OldProtection,
i;
1018 PVOID ArbitraryUserPointer;
1030 ULONG RelocDataSize = 0;
1036 DPRINT1(
"LDR: LdrpMapDll: Image Name %ws, Search Path %ws\n",
1048 if (TempChar ==
'\\' || TempChar ==
'/' )
1066 "LDR: %s - call to LdrpCheckForKnownDll(\"%ws\", ...) failed with status %x\n",
1089 DPRINT1(
"LDR: Loading (%s) %wZ\n",
1090 Static ?
"STATIC" :
"DYNAMIC",
1136 HardErrorParameters[0] = (
ULONG_PTR)&HardErrorDllName;
1137 HardErrorParameters[1] = (
ULONG_PTR)&HardErrorDllPath;
1143 HardErrorParameters,
1221 DPRINT1(
"LDR: LdrpMapDll: Full Name %wZ, Base Name %wZ\n",
1252 HardErrorParameters,
1300 *DataTableEntry = LdrEntry;
1312 DPRINT(
"LDR: LdrpMapDll Relocating Image Name %ws (%p-%p -> %p)\n", DllName, (
PVOID)ImageBase, (
PVOID)ImageEnd, ViewBase);
1316 NextEntry = ListHead->
Flink;
1317 while (NextEntry != ListHead)
1323 NextEntry = NextEntry->
Flink;
1327 CandidateEnd = CandidateBase + CandidateEntry->
SizeOfImage;
1333 if ((ImageBase >= CandidateBase && ImageBase <= CandidateEnd) ||
1334 (ImageEnd >= CandidateBase && ImageEnd <= CandidateEnd) ||
1335 (CandidateBase >= ImageBase && CandidateBase <= ImageEnd))
1338 OverlapDllFound =
TRUE;
1345 if (!OverlapDllFound)
1351 DPRINT(
"Overlapping DLL: %wZ\n", &OverlapDll);
1366 if (!RelocData && !RelocDataSize)
1378 RelocatableDll =
FALSE;
1386 RelocatableDll =
FALSE;
1391 if (KnownDll && !RelocatableDll)
1394 HardErrorParameters[0] = (
ULONG_PTR)&IllegalDll;
1395 HardErrorParameters[1] = (
ULONG_PTR)&OverlapDll;
1397 DPRINT1(
"Illegal DLL relocation! %wZ overlaps %wZ\n", &OverlapDll, &IllegalDll);
1403 HardErrorParameters,
1467 DPRINT1(
"LDR: Fixups %successfully re-applied @ %p\n",
1499 DPRINT1(
"LDR: Fixups won't be re-applied to non-Dll @ %p\n", ViewBase);
1578 if ((
Entry->EntryPointActivationContext) &&
1611 ListHead = &
NtCurrentPeb()->Ldr->InLoadOrderModuleList;
1612 Next = ListHead->
Flink;
1613 while (Next != ListHead)
1627 *LdrEntry = Current;
1656 "LDR: %s - Expanding full name of %wZ\n",
1682 if (Length <= PathName->
Length)
1685 *ExpandedName = PathName;
1700 FullPathName->Length,
1701 FullPathName->Buffer,
1717 *ExpandedName = FullPathName;
1733 "LDR: %s - Expanded to %wZ\n",
1741 "LDR: %s - Failed to expand %wZ; 0x%08x\n",
1780 "LDR: %s - Looking for %ws in %ws\n",
1839 p = *ActualSearchPath;
1840 if (!(
p) || (
p ==
';'))
1849 "LDR: %s - Looking for %ws\n",
1929 "LDR: %s - Returning %wZ\n",
1937 "LDR: %s - Unable to locate %ws in %ws: 0x%08x\n",
1977 if (!(DllName->Buffer) || !(DllName->Buffer[0]))
return FALSE;
1984 if (
Flag && !RedirectedDll)
1993 ListEntry = ListHead->
Flink;
1994 while (ListEntry != ListHead)
2003 *LdrEntry = CurEntry;
2008 ListEntry = ListEntry->
Flink;
2025 wc = DllName->Buffer;
2029 if ((*wc ==
L'\\') || (*wc ==
L'/'))
2050 DPRINT1(
"LDR: LdrpCheckForLoadedDll - Unable To Locate %wZ: 0x%08x\n",
2073 DPRINT(
"Warning, activation context missing\n");
2078 ListHead = &
NtCurrentPeb()->Ldr->InLoadOrderModuleList;
2079 ListEntry = ListHead->
Flink;
2080 while (ListEntry != ListHead)
2086 ListEntry = ListEntry->
Flink;
2097 *LdrEntry = CurEntry;
2149 Status = ZwMapViewOfSection(SectionHandle,
2176 ListHead = &
NtCurrentPeb()->Ldr->InLoadOrderModuleList;
2177 ListEntry = ListHead->
Flink;
2178 while (ListEntry != ListHead)
2184 ListEntry = ListEntry->
Flink;
2205 *LdrEntry = CurEntry;
2234 UCHAR ImportBuffer[64];
2263 if (
Length >
sizeof(ImportBuffer))
2282 ImportName->
Hint = 0;
2289 ImageBase = ImportName;
2304 DPRINT1(
"No ordinal and no name\n");
2334 DPRINT1(
"Image %wZ has no exports, but were trying to get procedure %Z. BaseAddress asked 0x%p, got entry BA 0x%p\n",
2360 InInitializationOrderLinks);
2428 RtlInitEmptyUnicodeString(&RawDllName, NameBuffer,
sizeof(NameBuffer));
2433 p = DllName->Buffer + DllName->Length /
sizeof(
WCHAR) - 1;
2434 GotExtension =
FALSE;
2435 while (
p >= DllName->Buffer)
2440 GotExtension =
TRUE;
2443 else if (
c ==
L'\\')
2459 "LDR: %s - Dll name missing extension; with extension "
2460 "added the name is too long\n"
2461 " DllName: (@ %p) \"%wZ\"\n"
2462 " DllName->Length: %u\n",
2483 DPRINT1(
"LDR: LdrLoadDll, loading %wZ from %ws\n",
2510 if ((DllCharacteristics) &&
2515 LdrEntry->
Flags &= ~LDRP_IMAGE_DLL;
2546 DbgPrint(
"LDR: Unloading %wZ due to error %x walking "
2547 "import descriptors\n",
2584 DbgPrint(
"LDR: Unloading %wZ because either its init "
2585 "routine or one of its static imports failed; "
2586 "status = 0x%08lx\n",
2648 ULONG ModulesCount = 0;
2651 ListHead = &
NtCurrentPeb()->Ldr->InInitializationOrderModuleList;
2653 while (
Entry != ListHead)
2658 InInitializationOrderLinks);
2661 LdrEntry->
Flags &= ~LDRP_LOAD_IN_PROGRESS;
2676 return ModulesCount;
2722 ListHead = &
NtCurrentPeb()->Ldr->InLoadOrderModuleList;
2723 Next = ListHead->
Flink;
2724 while (Next != ListHead)
2738 DPRINT1(
"WARNING: Exception 0x%x during LdrpRunShimEngineInitRoutine(%u)\n",
NTSTATUS NTAPI NtUnmapViewOfSection(IN HANDLE ProcessHandle, IN PVOID BaseAddress)
NTSTATUS NTAPI NtCreateSection(OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG SectionPageProtection OPTIONAL, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL)
NTSTATUS NTAPI NtOpenSection(OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
NTSTATUS NTAPI NtMapViewOfSection(IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG_PTR ZeroBits, IN SIZE_T CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PSIZE_T ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Protect)
static IN ULONG IN PWSTR OUT PCWSTR OUT PBOOLEAN OUT PATH_TYPE_AND_UNKNOWN * PathType
static IN ULONG IN PWSTR OUT PCWSTR OUT PBOOLEAN InvalidName
ACPI_BUFFER *RetBuffer ACPI_BUFFER *RetBuffer char ACPI_WALK_RESOURCE_CALLBACK void *Context ACPI_BUFFER *RetBuffer UINT16 ACPI_RESOURCE **ResourcePtr ACPI_GENERIC_ADDRESS *Reg UINT32 *ReturnValue UINT8 UINT8 *Slp_TypB ACPI_PHYSICAL_ADDRESS PhysicalAddress64 UINT32 UINT32 *TimeElapsed UINT32 ACPI_STATUS const char UINT32 ACPI_STATUS const char UINT32 const char * FunctionName
#define DPFLTR_ERROR_LEVEL
#define FILE_NON_DIRECTORY_FILE
NTSTATUS NTAPI RtlImageNtHeaderEx(_In_ ULONG Flags, _In_ PVOID Base, _In_ ULONG64 Size, _Out_ PIMAGE_NT_HEADERS *OutHeaders)
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
struct _LDR_DATA_TABLE_ENTRY * PLDR_DATA_TABLE_ENTRY
_In_ CDROM_SCAN_FOR_SPECIAL_INFO _In_ PCDROM_SCAN_FOR_SPECIAL_HANDLER Function
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
PIMAGE_NT_HEADERS WINAPI ImageNtHeader(_In_ PVOID)
#define NT_SUCCESS(StatCode)
#define IMAGE_DIRECTORY_ENTRY_EXPORT
#define DLL_PROCESS_ATTACH
#define DLL_PROCESS_DETACH
#define INVALID_HANDLE_VALUE
#define RtlImageDirectoryEntryToData
#define RemoveEntryList(Entry)
#define InsertTailList(ListHead, Entry)
UNICODE_STRING * PUNICODE_STRING
#define RtlCompareMemory(s1, s2, l)
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE FileHandle
#define FILE_SYNCHRONOUS_IO_NONALERT
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
NTSTATUS NTAPI NtRaiseHardError(IN NTSTATUS ErrorStatus, IN ULONG NumberOfParameters, IN ULONG UnicodeStringParameterMask, IN PULONG_PTR Parameters, IN ULONG ValidResponseOptions, OUT PULONG Response)
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define OBJ_CASE_INSENSITIVE
NTSYSAPI NTSTATUS WINAPI RtlFindActivationContextSectionString(ULONG, const GUID *, ULONG, const UNICODE_STRING *, PVOID)
NTSYSAPI PVOID WINAPI RtlReAllocateHeap(HANDLE, ULONG, PVOID, SIZE_T)
NTSYSAPI NTSTATUS WINAPI RtlInitUnicodeStringEx(PUNICODE_STRING, PCWSTR)
NTSYSAPI void WINAPI RtlReleaseActivationContext(HANDLE)
#define EXCEPTION_EXECUTE_HANDLER
NTSTATUS NTAPI LdrUnloadDll(_In_ PVOID BaseAddress)
#define LDRP_UNLOAD_IN_PROGRESS
#define LDRP_ENTRY_PROCESSED
BOOLEAN(NTAPI * PDLL_INIT_ROUTINE)(_In_ PVOID DllHandle, _In_ ULONG Reason, _In_opt_ PCONTEXT Context)
_In_ PCWSTR _Out_ PVOID * ActCtx
#define LDRP_IMAGE_NOT_AT_BASE
#define LDRP_LOAD_IN_PROGRESS
VOID NTAPI LdrpCallTlsInitializers(IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Reason)
BOOLEAN NTAPI LdrpResolveDllName(PWSTR DllPath, PWSTR DllName, PUNICODE_STRING FullDllName, PUNICODE_STRING BaseDllName)
VOID NTAPI LdrpUnloadShimEngine()
PVOID g_pfnSE_InstallBeforeInit
NTSTATUS NTAPI LdrpMapDll(IN PWSTR SearchPath OPTIONAL, IN PWSTR DllPath2, IN PWSTR DllName OPTIONAL, IN PULONG DllCharacteristics, IN BOOLEAN Static, IN BOOLEAN Redirect, OUT PLDR_DATA_TABLE_ENTRY *DataTableEntry)
NTSTATUS NTAPI LdrpAllocateUnicodeString(IN OUT PUNICODE_STRING StringOut, IN ULONG Length)
PVOID g_pfnSE_InstallAfterInit
VOID NTAPI LdrpLoadShimEngine(IN PWSTR ImageName, IN PUNICODE_STRING ProcessImage, IN PVOID pShimData)
BOOLEAN NTAPI LdrpCheckForLoadedDllHandle(IN PVOID Base, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
NTSTATUS NTAPI LdrpLoadDll(IN BOOLEAN Redirected, IN PWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *BaseAddress, IN BOOLEAN CallInit)
PVOID g_pShimEngineModule
PVOID g_pfnSE_ProcessDying
NTSTATUS NTAPI LdrpSearchPath(IN PWCHAR *SearchPath, IN PWCHAR DllName, IN PUNICODE_STRING PathName, IN PUNICODE_STRING FullPathName, IN PUNICODE_STRING *ExpandedName)
PVOID NTAPI LdrpFetchAddressOfEntryPoint(IN PVOID ImageBase)
VOID NTAPI LdrpUpdateLoadCount2(IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Flags)
VOID NTAPI LdrpRunShimEngineInitRoutine(IN ULONG Reason)
VOID NTAPI LdrpFinalizeAndDeallocateDataTableEntry(IN PLDR_DATA_TABLE_ENTRY Entry)
NTSTATUS NTAPI LdrpCheckForKnownDll(PWSTR DllName, PUNICODE_STRING FullDllName, PUNICODE_STRING BaseDllName, HANDLE *SectionHandle)
PLDR_DATA_TABLE_ENTRY LdrpGetModuleHandleCache
NTSTATUS NTAPI LdrpGetProcedureAddress(_In_ PVOID BaseAddress, _In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING Name, _In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG Ordinal, _Out_ PVOID *ProcedureAddress, _In_ BOOLEAN ExecuteInit)
VOID NTAPI LdrpUpdateLoadCount3(IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Flags, OUT PUNICODE_STRING UpdateString)
VOID NTAPI LdrpInsertMemoryTableEntry(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
NTSTATUS NTAPI LdrpSetProtection(PVOID ViewBase, BOOLEAN Restore)
BOOLEAN NTAPI LdrpCheckForLoadedDll(IN PWSTR DllPath, IN PUNICODE_STRING DllName, IN BOOLEAN Flag, IN BOOLEAN RedirectedDll, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
BOOLEAN NTAPI LdrpCallInitRoutine(IN PDLL_INIT_ROUTINE EntryPoint, IN PVOID BaseAddress, IN ULONG Reason, IN PVOID Context)
NTSTATUS NTAPI LdrpCodeAuthzCheckDllAllowed(IN PUNICODE_STRING FullName, IN HANDLE DllHandle)
PLDR_DATA_TABLE_ENTRY NTAPI LdrpAllocateDataTableEntry(IN PVOID BaseAddress)
NTSTATUS NTAPI LdrpCreateDllSection(IN PUNICODE_STRING FullName, IN HANDLE DllHandle, IN PULONG DllCharacteristics OPTIONAL, OUT PHANDLE SectionHandle)
NTSTATUS NTAPI LdrpResolveFullName(IN PUNICODE_STRING OriginalName, IN PUNICODE_STRING PathName, IN PUNICODE_STRING FullPathName, IN PUNICODE_STRING *ExpandedName)
ULONG NTAPI LdrpClearLoadInProgress(VOID)
PVOID LdrpGetShimEngineFunction(PCSZ FunctionName)
PVOID g_pfnSE_DllUnloaded
PLDR_DATA_TABLE_ENTRY LdrpLoadedDllHandleCache
VOID NTAPI LdrpFreeUnicodeString(IN PUNICODE_STRING StringIn)
VOID NTAPI LdrpGetShimEngineInterface()
PVOID PVOID PWCHAR PVOID USHORT PULONG Reason
string StringOut(const string &String, bool forcePrint=true)
static const char const char * DllPath
static const char * ImageName
static OUT PIO_STATUS_BLOCK IoStatusBlock
#define InitializeObjectAttributes(p, n, a, r, s)
NTSYSAPI NTSTATUS NTAPI ZwRaiseHardError(_In_ NTSTATUS ErrorStatus, _In_ ULONG NumberOfParameters, _In_ ULONG UnicodeStringParameterMask, _In_ PULONG_PTR Parameters, _In_ ULONG ValidResponseOptions, _Out_ PULONG Response)
NTSYSAPI NTSTATUS NTAPI ZwFlushInstructionCache(_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ ULONG NumberOfBytesToFlush)
NTSYSAPI NTSTATUS NTAPI ZwQuerySection(_In_ HANDLE SectionHandle, _In_ SECTION_INFORMATION_CLASS SectionInformationClass, _Out_ PVOID SectionInformation, _In_ SIZE_T Length, _Out_opt_ PSIZE_T ResultLength)
NTSYSAPI NTSTATUS NTAPI ZwAreMappedFilesTheSame(_In_ PVOID File1MappedAsAnImage, _In_ PVOID File2MappedAsFile)
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T ViewSize
NTSYSAPI NTSTATUS NTAPI ZwProtectVirtualMemory(_In_ HANDLE ProcessHandle, _In_ PVOID *BaseAddress, _In_ SIZE_T *NumberOfBytesToProtect, _In_ ULONG NewAccessProtection, _Out_ PULONG OldAccessProtection)
@ SectionImageInformation
NTSYSAPI RTL_PATH_TYPE NTAPI RtlDetermineDosPathNameType_U(_In_ PCWSTR Path)
NTSYSAPI ULONG __cdecl DbgPrintEx(_In_ ULONG ComponentId, _In_ ULONG Level, _In_z_ _Printf_format_string_ PCSTR Format,...)
NTSYSAPI NTSTATUS NTAPI RtlEnterCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
ULONG NTAPI LdrRelocateImageWithBias(_In_ PVOID BaseAddress, _In_ LONGLONG AdditionalBias, _In_opt_ PCSTR LoaderName, _In_ ULONG Success, _In_ ULONG Conflict, _In_ ULONG Invalid)
NTSYSAPI NTSTATUS NTAPI RtlLeaveCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
NTSYSAPI ULONG NTAPI RtlDosSearchPath_U(_In_ PCWSTR Path, _In_ PCWSTR FileName, _In_ PCWSTR Extension, _In_ ULONG BufferSize, _Out_ PWSTR Buffer, _Out_ PWSTR *PartName)
NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U(_In_opt_z_ PCWSTR DosPathName, _Out_ PUNICODE_STRING NtPathName, _Out_opt_ PCWSTR *NtFileNamePart, _Out_opt_ PRTL_RELATIVE_NAME_U DirectoryInfo)
#define RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER
NTSYSAPI VOID NTAPI RtlCopyUnicodeString(PUNICODE_STRING DestinationString, PUNICODE_STRING SourceString)
#define SECTION_MAP_EXECUTE
NTSYSAPI NTSTATUS NTAPI NtOpenFile(OUT PHANDLE phFile, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN ULONG ShareMode, IN ULONG OpenMode)
#define SECTION_MAP_WRITE
NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeStringToString(PUNICODE_STRING Destination, PUNICODE_STRING Source)
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
#define NtCurrentProcess()
#define FILE_SHARE_DELETE
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
#define UNICODE_STRING_MAX_CHARS
#define UNICODE_STRING_MAX_BYTES
_In_ ULONG _In_ ULONG _In_ ULONG Length
NTSYSAPI NTSTATUS NTAPI LdrpApplyFileNameRedirection(_In_ PUNICODE_STRING OriginalName, _In_ PUNICODE_STRING Extension, _Inout_opt_ PUNICODE_STRING StaticString, _Inout_opt_ PUNICODE_STRING DynamicString, _Inout_ PUNICODE_STRING *NewName, _Inout_ PBOOLEAN RedirectedDll)
UNICODE_STRING LdrpDefaultPath
NTSTATUS NTAPI LdrpWalkImportDescriptor(IN LPWSTR DllPath OPTIONAL, IN PLDR_DATA_TABLE_ENTRY LdrEntry)
ULONG LdrpNumberOfProcessors
#define LDRP_UPDATE_DEREFCOUNT
UNICODE_STRING LdrApiDefaultExtension
#define LDR_GET_HASH_ENTRY(x)
ULONG LdrpFatalHardErrorCount
VOID NTAPI LdrpValidateImageForMp(IN PLDR_DATA_TABLE_ENTRY LdrDataTableEntry)
LIST_ENTRY LdrpHashTable[LDR_HASH_TABLE_ENTRIES]
UNICODE_STRING LdrpKnownDllPath
#define IMAGE_LOADER_FLAGS_COMPLUS
NTSTATUS NTAPI LdrpRunInitializeRoutines(IN PCONTEXT Context OPTIONAL)
BOOLEAN LdrpLdrDatabaseIsSetup
HANDLE LdrpKnownDllObjectDirectory
RTL_CRITICAL_SECTION LdrpLoaderLock
#define LDRP_UPDATE_REFCOUNT
VOID NTAPI LdrpEnsureLoaderLockIsHeld(VOID)
NTSTATUS NTAPI LdrpSnapThunk(IN PVOID ExportBase, IN PVOID ImportBase, IN PIMAGE_THUNK_DATA OriginalThunk, IN OUT PIMAGE_THUNK_DATA Thunk, IN PIMAGE_EXPORT_DIRECTORY ExportEntry, IN ULONG ExportSize, IN BOOLEAN Static, IN LPSTR DllName)
#define IMAGE_SCN_MEM_NOT_CACHED
#define IMAGE_SCN_MEM_WRITE
struct _IMAGE_IMPORT_DESCRIPTOR * PIMAGE_IMPORT_DESCRIPTOR
#define IMAGE_SCN_MEM_EXECUTE
#define IMAGE_FIRST_SECTION(NtHeader)
PIMAGE_THUNK_DATA32 PIMAGE_THUNK_DATA
VOID(NTAPI * PIMAGE_TLS_CALLBACK)(PVOID DllHandle, ULONG Reason, PVOID Reserved)
#define STATUS_INVALID_IMAGE_FORMAT
#define STATUS_IMAGE_MACHINE_TYPE_MISMATCH
#define STATUS_DLL_NOT_FOUND
#define STATUS_OBJECT_PATH_SYNTAX_BAD
#define STATUS_ILLEGAL_DLL_RELOCATION
#define STATUS_PROCEDURE_NOT_FOUND
#define STATUS_CONFLICTING_ADDRESSES
#define STATUS_SXS_SECTION_NOT_FOUND
#define STATUS_SXS_KEY_NOT_FOUND
#define STATUS_IMAGE_NOT_AT_BASE
#define STATUS_NAME_TOO_LONG
#define IMAGE_FILE_EXECUTABLE_IMAGE
#define IMAGE_DIRECTORY_ENTRY_IMPORT
#define IMAGE_ORDINAL_FLAG
#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
#define IMAGE_DIRECTORY_ENTRY_BASERELOC
#define IMAGE_DIRECTORY_ENTRY_TLS
#define IMAGE_FILE_SYSTEM
struct _IMAGE_IMPORT_BY_NAME * PIMAGE_IMPORT_BY_NAME
#define IMAGE_FILE_RELOCS_STRIPPED
#define _SEH2_GetExceptionCode()
#define _SEH2_EXCEPT(...)
#define _SEH2_YIELD(__stmt)
BOOLEAN NTAPI RtlDoesFileExists_UstrEx(IN PCUNICODE_STRING FileName, IN BOOLEAN SucceedIfBusy)
ULONG NTAPI RtlGetFullPathName_Ustr(_In_ PUNICODE_STRING FileName, _In_ ULONG Size, _Out_z_bytecap_(Size) PWSTR Buffer, _Out_opt_ PCWSTR *ShortName, _Out_opt_ PBOOLEAN InvalidName, _Out_ RTL_PATH_TYPE *PathType)
PVOID NTAPI RtlEncodeSystemPointer(IN PVOID Pointer)
PVOID NTAPI RtlDecodeSystemPointer(IN PVOID Pointer)
VOID NTAPI SE_InstallAfterInit(PUNICODE_STRING ProcessImage, PVOID pShimData)
VOID NTAPI SE_InstallBeforeInit(PUNICODE_STRING ProcessImage, PVOID pShimData)
VOID NTAPI SE_ProcessDying(VOID)
VOID WINAPI SE_DllLoaded(PLDR_DATA_TABLE_ENTRY LdrEntry)
VOID WINAPI SE_DllUnloaded(PLDR_DATA_TABLE_ENTRY LdrEntry)
PULONG MinorVersion OPTIONAL
base of all file and directory entries
WORD NumberOfModuleForwarderRefs
union _IMAGE_THUNK_DATA32::@2141 u1
UNICODE_STRING FullDllName
LIST_ENTRY InLoadOrderLinks
LIST_ENTRY InInitializationOrderLinks
LIST_ENTRY InMemoryOrderLinks
UNICODE_STRING BaseDllName
struct _LIST_ENTRY * Flink
PVOID ArbitraryUserPointer
LIST_ENTRY InInitializationOrderModuleList
LIST_ENTRY InMemoryOrderModuleList
LIST_ENTRY InLoadOrderModuleList
#define FIELD_OFFSET(t, f)
#define RtlCopyMemory(Destination, Source, Length)
#define RtlZeroMemory(Destination, Length)
#define RtlMoveMemory(Destination, Source, Length)
#define CONTAINING_RECORD(address, type, field)
#define STATUS_INVALID_PARAMETER
#define STATUS_OBJECT_NAME_NOT_FOUND
#define ALIGN_DOWN(size, type)
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
_In_ WDFINTERRUPT _In_ PFN_WDF_INTERRUPT_SYNCHRONIZE Callback
struct _IMAGE_BOUND_FORWARDER_REF * PIMAGE_BOUND_FORWARDER_REF
struct _IMAGE_BOUND_IMPORT_DESCRIPTOR * PIMAGE_BOUND_IMPORT_DESCRIPTOR
_Must_inspect_result_ _In_ ULONG Flags