Include dependency graph for peloader.c:
Go to the source code of this file.
Macros | |
| #define | DEFAULT_SECURITY_COOKIE 0xBB40E64E |
Variables | |
| LIST_ENTRY | FrLdrModuleList |
| PELDR_IMPORTDLL_LOAD_CALLBACK | PeLdrImportDllLoadCallback = NULL |
Macro Definition Documentation
◆ DEFAULT_SECURITY_COOKIE
| #define DEFAULT_SECURITY_COOKIE 0xBB40E64E |
Definition at line 36 of file peloader.c.
Function Documentation
◆ DBG_DEFAULT_CHANNEL()
| DBG_DEFAULT_CHANNEL | ( | PELOADER | ) |
◆ PeLdrAllocateDataTableEntry()
| BOOLEAN PeLdrAllocateDataTableEntry | ( | IN OUT PLIST_ENTRY | ModuleListHead, |
| IN PCCH | BaseDllName, | ||
| IN PCCH | FullDllName, | ||
| IN PVOID | BaseVA, | ||
| OUT PLDR_DATA_TABLE_ENTRY * | NewEntry | ||
| ) |
Definition at line 706 of file peloader.c.
712{
715 PLDR_DATA_TABLE_ENTRY DataTableEntry;
716 PIMAGE_NT_HEADERS NtHeaders;
718
720 BaseDllName, FullDllName, BasePA);
721
722 /* Allocate memory for a data table entry, zero-initialize it */
724 TAG_WLDR_DTE);
727
728 /* Get NT headers from the image */
729 NtHeaders = RtlImageNtHeader(BasePA);
730
731 /* Initialize corresponding fields of DTE based on NT headers value */
733 DataTableEntry->DllBase = BaseVA;
736 DataTableEntry->SectionPointer = 0;
738
739 /* Initialize BaseDllName field (UNICODE_STRING) from the Ansi BaseDllName
740 by simple conversion - copying each character */
744 {
747 }
748
749 /* Save Buffer, in case of later failure */
750 BaseDllNameBuffer = Buffer;
751
755
759 {
760 *Buffer++ = *BaseDllName++;
761 }
762
763 /* Initialize FullDllName field (UNICODE_STRING) from the Ansi FullDllName
764 using the same method */
768 {
772 }
773
777
781 {
783 }
784
785 /* Initialize what's left - LoadCount which is 1, and set Flags so that
786 we know this entry is processed */
788 DataTableEntry->LoadCount = 1;
789
790 /* Honour the FORCE_INTEGRITY flag */
792 {
793 /*
794 * On Vista and above, the LDRP_IMAGE_INTEGRITY_FORCED flag must be set
795 * if IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY is set in the image header.
796 * This is done after the image has been loaded and the digital signature
797 * check has passed successfully. (We do not do it yet!)
798 *
799 * Several OS functionality depend on the presence of this flag.
800 * For example, when using Object-Manager callbacks the latter will call
801 * MmVerifyCallbackFunction() to verify whether the flag is present.
802 * If not callbacks will not work.
803 * (See Windows Internals Part 1, 6th edition, p. 176.)
804 */
806 }
807
808 /* Insert this DTE to a list in the LPB */
813 DataTableEntry->DllBase);
814
815 /* Save pointer to a newly allocated and initialized entry */
816 *NewEntry = DataTableEntry;
817
818 /* Return success */
820}
struct _LDR_DATA_TABLE_ENTRY * PLDR_DATA_TABLE_ENTRY
Definition: bufpool.h:45
Definition: nsiface.idl:2307
#define IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
Definition: ntimage.h:456
Definition: ntddk_ex.h:181
Definition: btrfs_drv.h:1876
Referenced by LoadModule(), PeLdrInitializeModuleList(), PeLdrLoadBootImage(), PeLdrpLoadAndScanReferencedDll(), and WinLdrLoadDeviceDriver().
◆ PeLdrCheckForLoadedDll()
| BOOLEAN PeLdrCheckForLoadedDll | ( | _Inout_ PLIST_ENTRY | ModuleListHead, |
| _In_ PCSTR | DllName, | ||
| _Out_ PLDR_DATA_TABLE_ENTRY * | LoadedEntry | ||
| ) |
Definition at line 581 of file peloader.c.
585{
586 PLIST_ENTRY ModuleEntry;
587 PLDR_DATA_TABLE_ENTRY DataTableEntry;
588
590
591 /* Go through each entry in the LoadOrderList and
592 * compare the module's name with the given name */
594 ModuleEntry != ModuleListHead;
595 ModuleEntry = ModuleEntry->Flink)
596 {
597 /* Get a pointer to the current DTE */
598 DataTableEntry = CONTAINING_RECORD(ModuleEntry,
599 LDR_DATA_TABLE_ENTRY,
600 InLoadOrderLinks);
601
606
607 /* Compare names */
609 {
610 /* Found it, return a pointer to the loaded module's
611 * DTE to the caller and increase its load count */
612 *LoadedEntry = DataTableEntry;
613 DataTableEntry->LoadCount++;
616 }
617 }
618
619 /* Nothing found */
621}
static BOOLEAN PeLdrpCompareDllName(_In_ PCSTR DllName, _In_ PCUNICODE_STRING UnicodeName)
Definition: peloader.c:78
Definition: typedefs.h:120
Referenced by PeLdrpBindImportName(), PeLdrScanImportDescriptorTable(), and WinLdrLoadDeviceDriver().
◆ PeLdrFreeDataTableEntry()
| VOID PeLdrFreeDataTableEntry | ( | _In_ PLDR_DATA_TABLE_ENTRY | Entry | ) |
Definition at line 823 of file peloader.c.
826{
827 // ASSERT(ModuleListHead);
829
834}
Referenced by LoadWindowsCore(), PeLdrLoadBootImage(), PeLdrpLoadAndScanReferencedDll(), and WinLdrLoadDeviceDriver().
◆ PeLdrInitializeModuleList()
Definition at line 522 of file peloader.c.
523{
524 PLDR_DATA_TABLE_ENTRY FreeldrDTE;
525
527
528 /* Allocate a data table entry for freeldr.sys */
530 "freeldr.sys",
531 "freeldr.sys",
532 &__ImageBase,
533 &FreeldrDTE))
534 {
535 /* Cleanup and bail out */
538 }
539
541}
BOOLEAN PeLdrAllocateDataTableEntry(IN OUT PLIST_ENTRY ModuleListHead, IN PCCH BaseDllName, IN PCCH FullDllName, IN PVOID BaseVA, OUT PLDR_DATA_TABLE_ENTRY *NewEntry)
Definition: peloader.c:706
Referenced by BootMain(), and EfiEntry().
◆ PeLdrInitSecurityCookie()
| PVOID PeLdrInitSecurityCookie | ( | PLDR_DATA_TABLE_ENTRY | LdrEntry | ) |
Definition at line 544 of file peloader.c.
545{
547 ULONG_PTR NewCookie;
548
549 /* Fetch address of the cookie */
553
554 /* Check if it's a default one */
556 {
557 /* Generate new cookie using cookie address and time as seed */
559#ifdef _WIN64
560 /* Some images expect first 16 bits to be kept clean (like in default cookie) */
561 if (NewCookie > COOKIE_MAX)
562 {
563 NewCookie >>= 16;
564 }
565#endif
566 /* If the result is 0 or the same as we got, just add one to the default value */
568 {
569 NewCookie = DEFAULT_SECURITY_COOKIE + 1;
570 }
571
572 /* Set the new cookie value */
573 *Cookie = NewCookie;
574 }
575
577}
static PVOID PeLdrpFetchAddressOfSecurityCookie(PVOID BaseAddress, ULONG SizeOfImage)
Definition: peloader.c:43
Referenced by PeLdrpLoadAndScanReferencedDll().
◆ PeLdrLoadBootImage()
| BOOLEAN PeLdrLoadBootImage | ( | _In_ PCSTR | FilePath, |
| _In_ PCSTR | BaseDllName, | ||
| _Out_ PVOID * | ImageBase, | ||
| _Out_ PLDR_DATA_TABLE_ENTRY * | DataTableEntry | ||
| ) |
Definition at line 1047 of file peloader.c.
1052{
1054
1055 /* Load the image as a bootloader image */
1057 LoaderLoadedProgram,
1058 ImageBase,
1059 FALSE);
1061 {
1064 }
1065
1066 /* Allocate a DTE */
1068 BaseDllName,
1069 FilePath,
1070 *ImageBase,
1071 DataTableEntry);
1073 {
1074 /* Cleanup and bail out */
1076 MmFreeMemory(*ImageBase);
1078 }
1079
1080 /* Resolve imports */
1083 {
1084 /* Cleanup and bail out */
1086 PeLdrFreeDataTableEntry(*DataTableEntry);
1087 MmFreeMemory(*ImageBase);
1089 }
1090
1092}
BOOLEAN PeLdrScanImportDescriptorTable(IN OUT PLIST_ENTRY ModuleListHead, IN PCCH DirectoryPath, IN PLDR_DATA_TABLE_ENTRY ScanDTE)
Definition: peloader.c:624
VOID PeLdrFreeDataTableEntry(_In_ PLDR_DATA_TABLE_ENTRY Entry)
Definition: peloader.c:823
BOOLEAN PeLdrLoadImageEx(_In_ PCSTR FilePath, _In_ TYPE_OF_MEMORY MemoryType, _Out_ PVOID *ImageBasePA, _In_ BOOLEAN KernelMapping)
Loads the specified image from the file.
Definition: peloader.c:848
Referenced by LoadBootDeviceDriver(), and LoadRosload().
◆ PeLdrLoadImage()
| BOOLEAN PeLdrLoadImage | ( | _In_ PCSTR | FilePath, |
| _In_ TYPE_OF_MEMORY | MemoryType, | ||
| _Out_ PVOID * | ImageBasePA | ||
| ) |
Definition at line 1038 of file peloader.c.
Referenced by LoadModule(), PeLdrpLoadAndScanReferencedDll(), and WinLdrLoadDeviceDriver().
◆ PeLdrLoadImageEx()
| BOOLEAN PeLdrLoadImageEx | ( | _In_ PCSTR | FilePath, |
| _In_ TYPE_OF_MEMORY | MemoryType, | ||
| _Out_ PVOID * | ImageBasePA, | ||
| _In_ BOOLEAN | KernelMapping | ||
| ) |
Loads the specified image from the file.
PeLdrLoadImage doesn't perform any additional operations on the file path, it just directly calls the file I/O routines. It then relocates the image so that it's ready to be used when paging is enabled.
- Note
- Addressing mode: physical.
Definition at line 848 of file peloader.c.
853{
854 ULONG FileId;
855 PVOID PhysicalBase;
858 PIMAGE_NT_HEADERS NtHeaders;
859 PIMAGE_SECTION_HEADER SectionHeader;
860 ULONG VirtualSize, SizeOfRawData, NumberOfSections;
864
866
867 /* Open the image file */
870 {
873 }
874
875 /* Load the first 2 sectors of the image so we can read the PE header */
878 {
880 ArcClose(FileId);
882 }
883
884 /* Now read the MZ header to get the offset to the PE Header */
885 NtHeaders = RtlImageNtHeader(HeadersBuffer);
886 if (!NtHeaders)
887 {
889 ArcClose(FileId);
891 }
892
893 /* Ensure this is executable image */
895 {
897 ArcClose(FileId);
899 }
900
901 /* Store number of sections to read and a pointer to the first section */
903 SectionHeader = IMAGE_FIRST_SECTION(NtHeaders);
904
905 /* Try to allocate this memory; if it fails, allocate somewhere else */
908 MemoryType);
910 {
911 /* Don't fail, allocate again at any other "low" place */
914 {
915 ERR("Failed to alloc %lu bytes for image %s\n", NtHeaders->OptionalHeader.SizeOfImage, FilePath);
916 ArcClose(FileId);
918 }
919 }
920
921 /* This is the real image base, in form of a virtual address */
922 VirtualBase = KernelMapping ? PaToVa(PhysicalBase) : PhysicalBase;
923
925
926 /* Copy headers from already read data */
927 RtlCopyMemory(PhysicalBase, HeadersBuffer, min(NtHeaders->OptionalHeader.SizeOfHeaders, sizeof(HeadersBuffer)));
928 /* If headers are quite big, request next bytes from file */
930 {
931 Status = ArcRead(FileId, (PUCHAR)PhysicalBase + sizeof(HeadersBuffer), NtHeaders->OptionalHeader.SizeOfHeaders - sizeof(HeadersBuffer), &BytesRead);
933 {
935 // UiMessageBox("Error reading headers.");
936 ArcClose(FileId);
937 goto Failure;
938 }
939 }
940
941 /*
942 * On Vista and above, a digital signature check is performed when the image
943 * has the IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY flag set in its header.
944 * (We of course do not perform this check yet!)
945 */
946
947 /* Reload the NT Header */
948 NtHeaders = RtlImageNtHeader(PhysicalBase);
949
950 /* Load the first section */
951 SectionHeader = IMAGE_FIRST_SECTION(NtHeaders);
952
953 /* Walk through each section and read it (check/fix any possible
954 bad situations, if they arise) */
956 {
958 SizeOfRawData = SectionHeader->SizeOfRawData;
959
960 /* Handle a case when VirtualSize equals 0 */
961 if (VirtualSize == 0)
962 VirtualSize = SizeOfRawData;
963
964 /* If PointerToRawData is 0, then force its size to be also 0 */
966 {
967 SizeOfRawData = 0;
968 }
969 else
970 {
971 /* Cut the loaded size to the VirtualSize extents */
972 if (SizeOfRawData > VirtualSize)
973 SizeOfRawData = VirtualSize;
974 }
975
976 /* Actually read the section (if its size is not 0) */
977 if (SizeOfRawData != 0)
978 {
979 /* Seek to the correct position */
982
984
985 /* Read this section from the file, size = SizeOfRawData */
986 Status = ArcRead(FileId, (PUCHAR)PhysicalBase + SectionHeader->VirtualAddress, SizeOfRawData, &BytesRead);
988 {
990 break;
991 }
992 }
993
994 /* Size of data is less than the virtual size: fill up the remainder with zeroes */
995 if (SizeOfRawData < VirtualSize)
996 {
998 RtlZeroMemory((PVOID)(SectionHeader->VirtualAddress + (ULONG_PTR)PhysicalBase + SizeOfRawData), VirtualSize - SizeOfRawData);
999 }
1000
1001 SectionHeader++;
1002 }
1003
1004 /* We are done with the file, close it */
1005 ArcClose(FileId);
1006
1007 /* If loading failed, return right now */
1009 goto Failure;
1010
1011 /* Relocate the image, if it needs it */
1013 {
1017 "FreeLdr",
1018 ESUCCESS,
1020 ENOEXEC);
1022 goto Failure;
1023 }
1024
1025 /* Fill output parameters */
1026 *ImageBasePA = PhysicalBase;
1027
1030
1031Failure:
1032 /* Cleanup and bail out */
1033 MmFreeMemory(PhysicalBase);
1035}
ARC_STATUS ArcSeek(ULONG FileId, LARGE_INTEGER *Position, SEEKMODE SeekMode)
Definition: fs.c:455
PVOID MmAllocateMemoryAtAddress(SIZE_T MemorySize, PVOID DesiredAddress, TYPE_OF_MEMORY MemoryType)
Definition: mm.c:85
PVOID MmAllocateMemoryWithType(SIZE_T MemorySize, TYPE_OF_MEMORY MemoryType)
Definition: mm.c:31
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
ULONG NTAPI LdrRelocateImageWithBias(_In_ PVOID BaseAddress, _In_ LONGLONG AdditionalBias, _In_opt_ PCSTR LoaderName, _In_ ULONG Success, _In_ ULONG Conflict, _In_ ULONG Invalid)
Definition: image.c:474
Definition: pedump.c:280
union _IMAGE_SECTION_HEADER::@1688 Misc
Definition: typedefs.h:103
_Must_inspect_result_ _In_ WDFIOTARGET _In_opt_ WDFREQUEST _In_opt_ PWDF_MEMORY_DESCRIPTOR _In_opt_ PLONGLONG _In_opt_ PWDF_REQUEST_SEND_OPTIONS _Out_opt_ PULONG_PTR BytesRead
Definition: wdfiotarget.h:870
Referenced by PeLdrLoadBootImage(), and PeLdrLoadImage().
◆ PeLdrpBindImportName()
|
static |
Definition at line 137 of file peloader.c.
148{
149 ULONG Ordinal;
151 PUSHORT OrdinalTable;
153 ULONG Hint;
154 PIMAGE_IMPORT_BY_NAME ImportData;
155 PCHAR ExportName, ForwarderName;
157
158 //TRACE("PeLdrpBindImportName(): "
159 // "DllBase 0x%p, ImageBase 0x%p, ThunkName 0x%p, ThunkData 0x%p, ExportDirectory 0x%p, ExportSize %d, ProcessForwards 0x%X\n",
160 // DllBase, ImageBase, ThunkName, ThunkData, ExportDirectory, ExportSize, ProcessForwards);
161
162 /* Check passed DllBase */
163 if (!DllBase)
164 {
167 }
168
169 /* Convert all non-critical pointers to PA from VA */
170 ThunkName = VaToPa(ThunkName);
171 ThunkData = VaToPa(ThunkData);
172
173 /* Is the reference by ordinal? */
175 {
176 /* Yes, calculate the ordinal */
178 //TRACE("PeLdrpBindImportName(): Ordinal %d\n", Ordinal);
179 }
180 else
181 {
182 /* It's reference by name, we have to look it up in the export directory */
183 if (!ProcessForwards)
184 {
185 /* AddressOfData in thunk entry will become a virtual address (from relative) */
186 //TRACE("PeLdrpBindImportName(): ThunkName->u1.AOD was %p\n", ThunkName->u1.AddressOfData);
187 ThunkName->u1.AddressOfData =
189 //TRACE("PeLdrpBindImportName(): ThunkName->u1.AOD became %p\n", ThunkName->u1.AddressOfData);
190 }
191
192 /* Get the import name, convert it to a physical pointer */
194
195 /* Get pointers to Name and Ordinal tables (RVA -> VA) */
198
199 //TRACE("NameTable 0x%X, OrdinalTable 0x%X, ED->AddressOfNames 0x%X, ED->AOFO 0x%X\n",
200 // NameTable, OrdinalTable, ExportDirectory->AddressOfNames, ExportDirectory->AddressOfNameOrdinals);
201
202 /* Get the hint */
203 Hint = ImportData->Hint;
204 //TRACE("HintIndex %d\n", Hint);
205
206 /* Get the export name from the hint */
208
209 /* If Hint is less than total number of entries in the export directory,
210 and import name == export name, then we can just get it from the OrdinalTable */
211 if ((Hint < ExportDirectory->NumberOfNames) &&
213 {
214 Ordinal = OrdinalTable[Hint];
215 //TRACE("PeLdrpBindImportName(): Ordinal %d\n", Ordinal);
216 }
217 else
218 {
219 /* It's not the easy way, we have to lookup import name in the name table.
220 Let's use a binary search for this task. */
221
222 //TRACE("PeLdrpBindImportName() looking up the import name using binary search...\n");
223
224 /* Low boundary is set to 0, and high boundary to the maximum index */
225 Low = 0;
226 High = ExportDirectory->NumberOfNames - 1;
227
228 /* Perform a binary-search loop */
230 {
231 /* Divide by 2 by shifting to the right once */
233
234 /* Get the name from the name table */
236
237 /* Compare the names */
239
240 // TRACE("Binary search: comparing Import '%s', Export '%s'\n",
241 // (PCHAR)ImportData->Name, ExportName);
242
243 /* Depending on result of strcmp, perform different actions */
245 {
246 /* Adjust top boundary */
247 High = Middle - 1;
248 }
250 {
251 /* Adjust bottom boundary */
252 Low = Middle + 1;
253 }
254 else
255 {
256 /* Yay, found it! */
257 break;
258 }
259 }
260
261 /* If high boundary is less than low boundary, then no result found */
263 {
266 }
267
268 /* Everything alright, get the ordinal */
269 Ordinal = OrdinalTable[Middle];
270 //TRACE("PeLdrpBindImportName() found Ordinal %d\n", Ordinal);
271 }
272 }
273
274 /* Check ordinal number for validity! */
275 if (Ordinal >= ExportDirectory->NumberOfFunctions)
276 {
279 }
280
281 /* Get a pointer to the function table */
283
284 /* Save a pointer to the function */
286
287 /* Is it a forwarder? (function pointer is within the export directory) */
291 {
292 PLDR_DATA_TABLE_ENTRY DataTableEntry;
293 PIMAGE_EXPORT_DIRECTORY RefExportDirectory;
294 ULONG RefExportSize;
295 CHAR ForwardDllName[256];
296
298
299 /* Save the name of the forward dll */
301
302 /* Strip out the symbol name */
304
305 /* Check if the target image is already loaded */
307 {
308 /* Check if the forward dll name has an extension */
310 {
311 /* Name does not have an extension, append '.dll' */
313 }
314
315 /* Now let's try to load it! */
317 DirectoryPath,
318 ForwardDllName,
319 Parent,
320 &DataTableEntry);
322 {
325 }
326 }
327
328 /* Get pointer to the export directory of loaded DLL */
329 RefExportDirectory = (PIMAGE_EXPORT_DIRECTORY)
331 TRUE,
333 &RefExportSize);
334 if (RefExportDirectory)
335 {
337 IMAGE_THUNK_DATA RefThunkData;
338 PIMAGE_IMPORT_BY_NAME ImportByName;
339 PCHAR ImportName;
340
341 /* Get pointer to the import name */
343
344 /* Create a IMAGE_IMPORT_BY_NAME structure, pointing to the local Buffer */
346
347 /* Fill the name with the import name */
349
350 /* Set Hint to 0 */
351 ImportByName->Hint = 0;
352
353 /* And finally point ThunkData's AddressOfData to that structure */
355
356 /* And recursively call ourselves */
358 DataTableEntry->DllBase,
359 ImageBase,
360 &RefThunkData,
361 &RefThunkData,
362 RefExportDirectory,
363 RefExportSize,
364 TRUE,
365 DirectoryPath,
366 Parent);
367
368 /* Fill out the ThunkData with data from RefThunkData */
369 ThunkData->u1 = RefThunkData.u1;
370
371 /* Return what we got from the recursive call */
373 }
374 else
375 {
376 /* Fail if ExportDirectory is NULL */
378 }
379 }
380
381 /* Success! */
383}
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn UINT32 *TableIdx UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:732
struct _IMAGE_EXPORT_DIRECTORY * PIMAGE_EXPORT_DIRECTORY
#define ANSI_NULL
NTSTRSAFEAPI RtlStringCbCatA(_Inout_updates_bytes_(cbDest) _Always_(_Post_z_) NTSTRSAFE_PSTR pszDest, _In_ size_t cbDest, _In_ NTSTRSAFE_PCSTR pszSrc)
Definition: ntstrsafe.h:625
struct _IMAGE_IMPORT_BY_NAME * PIMAGE_IMPORT_BY_NAME
static BOOLEAN PeLdrpBindImportName(_Inout_ PLIST_ENTRY ModuleListHead, _In_ PVOID DllBase, _In_ PVOID ImageBase, _In_ PIMAGE_THUNK_DATA ThunkName, _Inout_ PIMAGE_THUNK_DATA ThunkData, _In_ PIMAGE_EXPORT_DIRECTORY ExportDirectory, _In_ ULONG ExportSize, _In_ BOOLEAN ProcessForwards, _In_ PCSTR DirectoryPath, _In_ PLIST_ENTRY Parent)
Definition: peloader.c:137
static BOOLEAN PeLdrpLoadAndScanReferencedDll(IN OUT PLIST_ENTRY ModuleListHead, IN PCCH DirectoryPath, IN PCH ImportName, IN PLIST_ENTRY Parent OPTIONAL, OUT PLDR_DATA_TABLE_ENTRY *DataTableEntry)
Definition: peloader.c:386
BOOLEAN PeLdrCheckForLoadedDll(_Inout_ PLIST_ENTRY ModuleListHead, _In_ PCSTR DllName, _Out_ PLDR_DATA_TABLE_ENTRY *LoadedEntry)
Definition: peloader.c:581
Definition: compat.h:156
Definition: pedump.c:329
Definition: ntimage.h:510
union _IMAGE_THUNK_DATA32::@2335 u1
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
Referenced by PeLdrpBindImportName(), and PeLdrpScanImportAddressTable().
◆ PeLdrpCompareDllName()
|
static |
Definition at line 78 of file peloader.c.
81{
84
85 /* First obvious check: for length of two names */
87
88#if DBG
89 {
90 UNICODE_STRING UnicodeNamePA;
96 }
97#endif
98
101
102 /* Store pointer to unicode string's buffer */
104
105 /* Loop character by character */
107 {
108 /* Compare two characters, uppercasing them */
111
112 /* Move to the next character */
113 DllName++;
114 Buffer++;
115 }
116
117 /* Check, if strings either fully match, or match till the "." (w/o extension) */
119 {
120 /* Yes they do */
122 }
123
124 /* Strings don't match */
126}
Definition: env_spec_w32.h:368
Referenced by PeLdrCheckForLoadedDll(), and PeLdrScanImportDescriptorTable().
◆ PeLdrpFetchAddressOfSecurityCookie()
Definition at line 43 of file peloader.c.
44{
45 PIMAGE_LOAD_CONFIG_DIRECTORY ConfigDir;
46 ULONG DirSize;
48
49 /* Get the pointer to the config directory */
51 TRUE,
53 &DirSize);
54 /* Validate it */
55 if (!ConfigDir ||
57 {
58 /* Invalid directory */
60 }
61
62 /* Now get the cookie */
64
65 /* Check this cookie */
68 {
70 }
71
72 /* Return validated security cookie */
74}
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize _Pre_valid_ PVOID * BaseAddress
Definition: mmfuncs.h:404
Definition: ntimage.h:105
Referenced by PeLdrInitSecurityCookie().
◆ PeLdrpLoadAndScanReferencedDll()
|
static |
Definition at line 386 of file peloader.c.
392{
396
397 /* Prepare the full path to the file to be loaded */
400
402
405
406 /* Load the image */
409 {
412 }
413
414 /* Allocate DTE for newly loaded DLL */
416 ImportName,
417 FullDllName,
418 PaToVa(BasePA),
419 DataTableEntry);
421 {
422 /* Cleanup and bail out */
424 MmFreeMemory(BasePA);
426 }
427
428 /* Init security cookie */
429 PeLdrInitSecurityCookie(*DataTableEntry);
430
431 (*DataTableEntry)->Flags |= LDRP_DRIVER_DEPENDENT_DLL;
432
433 /* Scan its dependencies too */
436 VaToPa((*DataTableEntry)->BaseDllName.Buffer));
439 {
440 /* Cleanup and bail out */
442 PeLdrFreeDataTableEntry(*DataTableEntry);
443 MmFreeMemory(BasePA);
445 }
446
448}
NTSTRSAFEAPI RtlStringCbCopyA(_Out_writes_bytes_(cbDest) _Always_(_Post_z_) NTSTRSAFE_PSTR pszDest, _In_ size_t cbDest, _In_ NTSTRSAFE_PCSTR pszSrc)
Definition: ntstrsafe.h:156
PELDR_IMPORTDLL_LOAD_CALLBACK PeLdrImportDllLoadCallback
Definition: peloader.c:30
PVOID PeLdrInitSecurityCookie(PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: peloader.c:544
BOOLEAN PeLdrLoadImage(_In_ PCSTR FilePath, _In_ TYPE_OF_MEMORY MemoryType, _Out_ PVOID *ImageBasePA)
Definition: peloader.c:1038
Referenced by PeLdrpBindImportName(), and PeLdrScanImportDescriptorTable().
◆ PeLdrpScanImportAddressTable()
|
static |
Definition at line 451 of file peloader.c.
459{
462 ULONG ExportSize;
463
465 "DllBase 0x%p, ImageBase 0x%p, ThunkName 0x%p, ThunkData 0x%p\n",
466 DllBase, ImageBase, ThunkName, ThunkData);
467
468 /* Obtain the export table from the DLL's base */
469 if (!DllBase)
470 {
473 }
474 else
475 {
476 ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)
478 TRUE,
480 &ExportSize);
481 }
483
484 /* Fail if no export directory */
485 if (!ExportDirectory)
486 {
489 }
490
491 /* Go through each thunk in the table and bind it */
493 {
494 /* Bind it */
496 DllBase,
497 ImageBase,
498 ThunkName,
499 ThunkData,
500 ExportDirectory,
501 ExportSize,
502 FALSE,
503 DirectoryPath,
504 Parent);
505 /* Fail if binding was unsuccessful */
508
509 /* Move to the next thunk */
510 ThunkName++;
511 ThunkData++;
512 }
513
514 /* Return success */
516}
Referenced by PeLdrScanImportDescriptorTable().
◆ PeLdrScanImportDescriptorTable()
| BOOLEAN PeLdrScanImportDescriptorTable | ( | IN OUT PLIST_ENTRY | ModuleListHead, |
| IN PCCH | DirectoryPath, | ||
| IN PLDR_DATA_TABLE_ENTRY | ScanDTE | ||
| ) |
Definition at line 624 of file peloader.c.
628{
629 PLDR_DATA_TABLE_ENTRY DataTableEntry;
630 PIMAGE_IMPORT_DESCRIPTOR ImportTable;
631 ULONG ImportTableSize;
632 PCH ImportName;
634
635 /* Get a pointer to the import table of this image */
636 ImportTable = (PIMAGE_IMPORT_DESCRIPTOR)
638 TRUE,
640 &ImportTableSize);
641
642#if DBG
643 {
644 UNICODE_STRING BaseName;
646 BaseName.MaximumLength = ScanDTE->BaseDllName.MaximumLength;
647 BaseName.Length = ScanDTE->BaseDllName.Length;
649 &BaseName, ImportTable);
650 }
651#endif
652
653 /* If the image doesn't have any import directory, just return success */
654 if (!ImportTable)
656
657 /* Loop through all the entries */
659 {
662
663 /* Get pointer to the name */
666
667 /* In case we get a reference to ourselves - just skip it */
669 continue;
670
671 /* Load the DLL if it is not already loaded */
673 {
675 DirectoryPath,
676 ImportName,
677 &ScanDTE->InLoadOrderLinks,
678 &DataTableEntry);
680 {
683 }
684 }
685
686 /* Scan its import address table */
688 DataTableEntry->DllBase,
689 ScanDTE->DllBase,
690 ThunkName,
691 ThunkData,
692 DirectoryPath,
693 &ScanDTE->InLoadOrderLinks);
695 {
697 ImportName, DirectoryPath);
699 }
700 }
701
703}
struct _IMAGE_IMPORT_DESCRIPTOR * PIMAGE_IMPORT_DESCRIPTOR
static BOOLEAN PeLdrpScanImportAddressTable(_Inout_ PLIST_ENTRY ModuleListHead, _In_ PVOID DllBase, _In_ PVOID ImageBase, _In_ PIMAGE_THUNK_DATA ThunkName, _Inout_ PIMAGE_THUNK_DATA ThunkData, _In_ PCSTR DirectoryPath, _In_ PLIST_ENTRY Parent)
Definition: peloader.c:451
Definition: ntimage.h:572
Referenced by LoadWindowsCore(), PeLdrLoadBootImage(), PeLdrpLoadAndScanReferencedDll(), and WinLdrLoadDeviceDriver().
Variable Documentation
◆ FrLdrModuleList
| LIST_ENTRY FrLdrModuleList |
Definition at line 28 of file peloader.c.
Referenced by PeLdrInitializeModuleList(), and PeLdrLoadBootImage().
◆ PeLdrImportDllLoadCallback
| PELDR_IMPORTDLL_LOAD_CALLBACK PeLdrImportDllLoadCallback = NULL |
Definition at line 30 of file peloader.c.
Referenced by LoadAndBootWindowsCommon(), and PeLdrpLoadAndScanReferencedDll().
