ReactOS 0.4.15-dev-7674-gc0b4db1
umfuncs.h File Reference
#include <umtypes.h>
#include <dbgktypes.h>
Include dependency graph for umfuncs.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Typedefs

typedef VOID(NTAPIPLDR_CALLBACK) (PVOID CallbackContext, PCHAR Name)
 

Functions

__analysis_noreturn NTSYSAPI VOID NTAPI DbgBreakPointWithStatus (_In_ ULONG Status)
 
NTSTATUS NTAPI DbgUiConnectToDbg (VOID)
 
NTSTATUS NTAPI DbgUiContinue (_In_ PCLIENT_ID ClientId, _In_ NTSTATUS ContinueStatus)
 
NTSTATUS NTAPI DbgUiDebugActiveProcess (_In_ HANDLE Process)
 
NTSTATUS NTAPI DbgUiStopDebugging (_In_ HANDLE Process)
 
NTSYSAPI NTSTATUS NTAPI DbgUiWaitStateChange (_In_ PDBGUI_WAIT_STATE_CHANGE DbgUiWaitStateCange, _In_ PLARGE_INTEGER TimeOut)
 
NTSTATUS NTAPI DbgUiConvertStateChangeStructure (_In_ PDBGUI_WAIT_STATE_CHANGE WaitStateChange, _In_ PVOID DebugEvent)
 
VOID NTAPI DbgUiRemoteBreakin (VOID)
 
NTSTATUS NTAPI DbgUiIssueRemoteBreakin (_In_ HANDLE Process)
 
HANDLE NTAPI DbgUiGetThreadDebugObject (VOID)
 
NTSTATUS NTAPI LdrAddRefDll (_In_ ULONG Flags, _In_ PVOID BaseAddress)
 
NTSTATUS NTAPI LdrDisableThreadCalloutsForDll (_In_ PVOID BaseAddress)
 
NTSTATUS NTAPI LdrGetDllHandle (_In_opt_ PWSTR DllPath, _In_opt_ PULONG DllCharacteristics, _In_ PUNICODE_STRING DllName, _Out_ PVOID *DllHandle)
 
NTSTATUS NTAPI LdrGetDllHandleEx (_In_ ULONG Flags, _In_opt_ PWSTR DllPath, _In_opt_ PULONG DllCharacteristics, _In_ PUNICODE_STRING DllName, _Out_opt_ PVOID *DllHandle)
 
NTSTATUS NTAPI LdrFindEntryForAddress (_In_ PVOID Address, _Out_ PLDR_DATA_TABLE_ENTRY *Module)
 
NTSTATUS NTAPI LdrGetProcedureAddress (_In_ PVOID BaseAddress, _In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING Name, _In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG Ordinal, _Out_ PVOID *ProcedureAddress)
 
VOID NTAPI LdrInitializeThunk (ULONG Unknown1, ULONG Unknown2, ULONG Unknown3, ULONG Unknown4)
 
NTSTATUS NTAPI LdrLoadDll (_In_opt_ PWSTR SearchPath, _In_opt_ PULONG DllCharacteristics, _In_ PUNICODE_STRING DllName, _Out_ PVOID *BaseAddress)
 
PIMAGE_BASE_RELOCATION NTAPI LdrProcessRelocationBlock (_In_ ULONG_PTR Address, _In_ ULONG Count, _In_ PUSHORT TypeOffset, _In_ LONG_PTR Delta)
 
NTSTATUS NTAPI LdrQueryImageFileExecutionOptions (_In_ PUNICODE_STRING SubKey, _In_ PCWSTR ValueName, _In_ ULONG Type, _Out_ PVOID Buffer, _In_ ULONG BufferSize, _Out_opt_ PULONG ReturnedLength)
 
NTSTATUS NTAPI LdrQueryProcessModuleInformation (_Out_writes_bytes_to_(Size, *ReturnedSize) PRTL_PROCESS_MODULES ModuleInformation, _In_ ULONG Size, _Out_opt_ PULONG ReturnedSize)
 
VOID NTAPI LdrSetDllManifestProber (_In_ PLDR_MANIFEST_PROBER_ROUTINE Routine)
 
NTSTATUS NTAPI LdrShutdownProcess (VOID)
 
NTSTATUS NTAPI LdrShutdownThread (VOID)
 
NTSTATUS NTAPI LdrUnloadDll (_In_ PVOID BaseAddress)
 
NTSTATUS NTAPI LdrVerifyImageMatchesChecksum (_In_ HANDLE FileHandle, _In_ PLDR_CALLBACK Callback, _In_ PVOID CallbackContext, _Out_ PUSHORT ImageCharacteristics)
 
NTSTATUS NTAPI LdrOpenImageFileOptionsKey (_In_ PUNICODE_STRING SubKey, _In_ BOOLEAN Wow64, _Out_ PHANDLE NewKeyHandle)
 
NTSTATUS NTAPI LdrQueryImageFileKeyOption (_In_ HANDLE KeyHandle, _In_ PCWSTR ValueName, _In_ ULONG Type, _Out_ PVOID Buffer, _In_ ULONG BufferSize, _Out_opt_ PULONG ReturnedLength)
 

Typedef Documentation

◆ PLDR_CALLBACK

typedef VOID(NTAPI * PLDR_CALLBACK) (PVOID CallbackContext, PCHAR Name)

Definition at line 217 of file umfuncs.h.

Function Documentation

◆ DbgBreakPointWithStatus()

◆ DbgUiConnectToDbg()

NTSTATUS NTAPI DbgUiConnectToDbg ( VOID  )

Definition at line 25 of file dbgui.c.

26{
28
29 /* Don't connect twice */
30 if (NtCurrentTeb()->DbgSsReserved[1]) return STATUS_SUCCESS;
31
32 /* Setup the Attributes */
34
35 /* Create the object */
36 return ZwCreateDebugObject(&NtCurrentTeb()->DbgSsReserved[1],
40}
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
NTSYSAPI NTSTATUS NTAPI ZwCreateDebugObject(_Out_ PHANDLE DebugHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ ULONG Flags)
#define DEBUG_OBJECT_ALL_ACCESS
Definition: dbgktypes.h:34
#define DBGK_KILL_PROCESS_ON_EXIT
Definition: dbgktypes.h:49
#define NULL
Definition: types.h:112
#define NtCurrentTeb
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by CreateProcessInternalW(), DebugActiveProcess(), and Main().

◆ DbgUiContinue()

NTSTATUS NTAPI DbgUiContinue ( _In_ PCLIENT_ID  ClientId,
_In_ NTSTATUS  ContinueStatus 
)

◆ DbgUiConvertStateChangeStructure()

NTSTATUS NTAPI DbgUiConvertStateChangeStructure ( _In_ PDBGUI_WAIT_STATE_CHANGE  WaitStateChange,
_In_ PVOID  DebugEvent 
)

◆ DbgUiDebugActiveProcess()

NTSTATUS NTAPI DbgUiDebugActiveProcess ( _In_ HANDLE  Process)

◆ DbgUiGetThreadDebugObject()

HANDLE NTAPI DbgUiGetThreadDebugObject ( VOID  )

Definition at line 333 of file dbgui.c.

334{
335 /* Just return the handle from the TEB */
336 return NtCurrentTeb()->DbgSsReserved[1];
337}

Referenced by CreateProcessInternalW(), and DebugSetProcessKillOnExit().

◆ DbgUiIssueRemoteBreakin()

NTSTATUS NTAPI DbgUiIssueRemoteBreakin ( _In_ HANDLE  Process)

◆ DbgUiRemoteBreakin()

VOID NTAPI DbgUiRemoteBreakin ( VOID  )

Definition at line 289 of file dbgui.c.

290{
291 /* Make sure a debugger is enabled; if so, breakpoint */
292 if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
293
294 /* Exit the thread */
296}
#define NtCurrentPeb()
Definition: FLS.c:22
NTSYSAPI void WINAPI DbgBreakPoint(void)
NTSYSAPI VOID NTAPI RtlExitUserThread(_In_ NTSTATUS Status)

Referenced by DbgUiIssueRemoteBreakin().

◆ DbgUiStopDebugging()

NTSTATUS NTAPI DbgUiStopDebugging ( _In_ HANDLE  Process)

◆ DbgUiWaitStateChange()

NTSYSAPI NTSTATUS NTAPI DbgUiWaitStateChange ( _In_ PDBGUI_WAIT_STATE_CHANGE  DbgUiWaitStateCange,
_In_ PLARGE_INTEGER  TimeOut 
)

◆ LdrAddRefDll()

NTSTATUS NTAPI LdrAddRefDll ( _In_ ULONG  Flags,
_In_ PVOID  BaseAddress 
)

Definition at line 1245 of file ldrapi.c.

1248{
1249 PLDR_DATA_TABLE_ENTRY LdrEntry;
1253
1254 /* Check for invalid flags */
1255 if (Flags & ~(LDR_ADDREF_DLL_PIN))
1256 {
1257 /* Fail with invalid parameter status if so */
1259 goto quickie;
1260 }
1261
1262 /* Acquire the loader lock if not in init phase */
1263 if (!LdrpInLdrInit)
1264 {
1265 /* Acquire the lock */
1267 if (!NT_SUCCESS(Status)) goto quickie;
1268 Locked = TRUE;
1269 }
1270
1271 /* Get this module's data table entry */
1273 {
1274 if (!LdrEntry)
1275 {
1276 /* Shouldn't happen */
1278 goto quickie;
1279 }
1280
1281 /* If this is not a pinned module */
1282 if (LdrEntry->LoadCount != 0xFFFF)
1283 {
1284 /* Update its load count */
1286 {
1287 /* Pin it by setting load count to -1 */
1288 LdrEntry->LoadCount = 0xFFFF;
1290 }
1291 else
1292 {
1293 /* Increase its load count by one */
1294 LdrEntry->LoadCount++;
1296 }
1297
1298 /* Clear load in progress */
1300 }
1301 }
1302 else
1303 {
1304 /* There was an error getting this module's handle, return invalid param status */
1306 }
1307
1308quickie:
1309 /* Check for error case */
1310 if (!NT_SUCCESS(Status))
1311 {
1312 /* Print debug information */
1313 if ((ShowSnaps) || ((Status != STATUS_NO_SUCH_FILE) &&
1316 {
1317 DPRINT1("LDR: LdrAddRefDll(%p) 0x%08lx\n", BaseAddress, Status);
1318 }
1319 }
1320
1321 /* Release the lock if needed */
1323 return Status;
1324}
unsigned char BOOLEAN
LONG NTSTATUS
Definition: precomp.h:26
#define DPRINT1
Definition: precomp.h:8
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
Status
Definition: gdiplustypes.h:25
NTSTATUS NTAPI LdrUnlockLoaderLock(_In_ ULONG Flags, _In_opt_ ULONG_PTR Cookie)
Definition: ldrapi.c:101
NTSTATUS NTAPI LdrLockLoaderLock(_In_ ULONG Flags, _Out_opt_ PULONG Disposition, _Out_opt_ PULONG_PTR Cookie)
Definition: ldrapi.c:174
#define LDR_ADDREF_DLL_PIN
Definition: ldrtypes.h:71
#define LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS
Definition: ldrtypes.h:82
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
Definition: mmfuncs.h:404
_In_ PMEMORY_AREA _In_ PVOID _In_ BOOLEAN Locked
Definition: newmm.h:209
BOOLEAN LdrpInLdrInit
Definition: ldrinit.c:30
BOOLEAN NTAPI LdrpCheckForLoadedDllHandle(IN PVOID Base, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
Definition: ldrutils.c:1621
VOID NTAPI LdrpUpdateLoadCount2(IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Flags)
Definition: ldrutils.c:460
BOOLEAN ShowSnaps
Definition: ldrinit.c:81
#define LDRP_UPDATE_PIN
Definition: ntdllp.h:17
#define LDRP_UPDATE_REFCOUNT
Definition: ntdllp.h:15
ULONG NTAPI LdrpClearLoadInProgress(VOID)
Definition: ldrutils.c:2669
#define STATUS_INTERNAL_ERROR
Definition: ntstatus.h:465
#define STATUS_DLL_NOT_FOUND
Definition: ntstatus.h:545
Definition: btrfs_drv.h:1876
USHORT LoadCount
Definition: ntddk_ex.h:208
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define STATUS_NO_SUCH_FILE
Definition: udferr_usr.h:137
#define STATUS_OBJECT_NAME_NOT_FOUND
Definition: udferr_usr.h:149
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
_In_opt_ PVOID _Out_ PLARGE_INTEGER Cookie
Definition: cmfuncs.h:14

Referenced by BasepGetModuleHandleExW().

◆ LdrDisableThreadCalloutsForDll()

NTSTATUS NTAPI LdrDisableThreadCalloutsForDll ( _In_ PVOID  BaseAddress)

Definition at line 1194 of file ldrapi.c.

1196{
1197 PLDR_DATA_TABLE_ENTRY LdrEntry;
1199 BOOLEAN LockHeld;
1201 DPRINT("LdrDisableThreadCalloutsForDll (BaseAddress %p)\n", BaseAddress);
1202
1203 /* Don't do it during shutdown */
1205
1206 /* Check if we should grab the lock */
1207 LockHeld = FALSE;
1208 if (!LdrpInLdrInit)
1209 {
1210 /* Grab the lock */
1212 if (!NT_SUCCESS(Status)) return Status;
1213 LockHeld = TRUE;
1214 }
1215
1216 /* Make sure the DLL is valid and get its entry */
1219 {
1220 /* Get if it has a TLS slot */
1221 if (!LdrEntry->TlsIndex)
1222 {
1223 /* It doesn't, so you're allowed to call this */
1224 LdrEntry->Flags |= LDRP_DONT_CALL_FOR_THREADS;
1226 }
1227 }
1228
1229 /* Check if the lock was held */
1230 if (LockHeld)
1231 {
1232 /* Release it */
1234 }
1235
1236 /* Return the status */
1237 return Status;
1238}
#define LDRP_DONT_CALL_FOR_THREADS
Definition: ldrtypes.h:48
BOOLEAN LdrpShutdownInProgress
Definition: ldrinit.c:34
#define DPRINT
Definition: sndvol32.h:71
USHORT TlsIndex
Definition: ntddk_ex.h:209
ULONG Flags
Definition: ntddk_ex.h:207

Referenced by DisableThreadLibraryCalls(), and DllMain().

◆ LdrFindEntryForAddress()

NTSTATUS NTAPI LdrFindEntryForAddress ( _In_ PVOID  Address,
_Out_ PLDR_DATA_TABLE_ENTRY Module 
)

Definition at line 446 of file ldrapi.c.

449{
450 PLIST_ENTRY ListHead, NextEntry;
451 PLDR_DATA_TABLE_ENTRY LdrEntry;
452 PIMAGE_NT_HEADERS NtHeader;
453 PPEB_LDR_DATA Ldr = NtCurrentPeb()->Ldr;
454 ULONG_PTR DllBase, DllEnd;
455
456 DPRINT("LdrFindEntryForAddress(Address %p)\n", Address);
457
458 /* Nothing to do */
459 if (!Ldr) return STATUS_NO_MORE_ENTRIES;
460
461 /* Get the current entry */
462 LdrEntry = Ldr->EntryInProgress;
463 if (LdrEntry)
464 {
465 /* Get the NT Headers */
466 NtHeader = RtlImageNtHeader(LdrEntry->DllBase);
467 if (NtHeader)
468 {
469 /* Get the Image Base */
470 DllBase = (ULONG_PTR)LdrEntry->DllBase;
471 DllEnd = DllBase + NtHeader->OptionalHeader.SizeOfImage;
472
473 /* Check if they match */
474 if (((ULONG_PTR)Address >= DllBase) &&
475 ((ULONG_PTR)Address < DllEnd))
476 {
477 /* Return it */
478 *Module = LdrEntry;
479 return STATUS_SUCCESS;
480 }
481 }
482 }
483
484 /* Loop the module list */
485 ListHead = &Ldr->InMemoryOrderModuleList;
486 NextEntry = ListHead->Flink;
487 while (NextEntry != ListHead)
488 {
489 /* Get the entry and NT Headers */
490 LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks);
491 NtHeader = RtlImageNtHeader(LdrEntry->DllBase);
492 if (NtHeader)
493 {
494 /* Get the Image Base */
495 DllBase = (ULONG_PTR)LdrEntry->DllBase;
496 DllEnd = DllBase + NtHeader->OptionalHeader.SizeOfImage;
497
498 /* Check if they match */
499 if (((ULONG_PTR)Address >= DllBase) &&
500 ((ULONG_PTR)Address < DllEnd))
501 {
502 /* Return it */
503 *Module = LdrEntry;
504 return STATUS_SUCCESS;
505 }
506
507 /* Next Entry */
508 NextEntry = NextEntry->Flink;
509 }
510 }
511
512 /* Nothing found */
515 "LDR: %s() exiting 0x%08lx\n",
519}
#define RtlImageNtHeader
Definition: compat.h:806
@ DPFLTR_LDR_ID
Definition: dpfilter.h:113
#define __FUNCTION__
Definition: types.h:116
#define ULONG_PTR
Definition: config.h:101
if(dx< 0)
Definition: linetemp.h:194
#define DPFLTR_WARNING_LEVEL
Definition: kdtypes.h:31
NTSYSAPI ULONG __cdecl DbgPrintEx(_In_ ULONG ComponentId, _In_ ULONG Level, _In_z_ _Printf_format_string_ PCSTR Format,...)
#define STATUS_NO_MORE_ENTRIES
Definition: ntstatus.h:205
static WCHAR Address[46]
Definition: ping.c:68
IMAGE_OPTIONAL_HEADER32 OptionalHeader
Definition: ntddk_ex.h:184
PVOID DllBase
Definition: btrfs_drv.h:1880
Definition: typedefs.h:120
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
PVOID EntryInProgress
Definition: ldrtypes.h:123
LIST_ENTRY InMemoryOrderModuleList
Definition: btrfs_drv.h:1895
#define CONTAINING_RECORD(address, type, field)
Definition: typedefs.h:260

Referenced by find_query_actctx(), and get_module_filename().

◆ LdrGetDllHandle()

NTSTATUS NTAPI LdrGetDllHandle ( _In_opt_ PWSTR  DllPath,
_In_opt_ PULONG  DllCharacteristics,
_In_ PUNICODE_STRING  DllName,
_Out_ PVOID DllHandle 
)

Definition at line 810 of file ldrapi.c.

815{
816 /* Call the newer API */
818 DllPath,
819 DllCharacteristics,
820 DllName,
821 DllHandle);
822}
NTSTATUS NTAPI LdrGetDllHandleEx(_In_ ULONG Flags, _In_opt_ PWSTR DllPath, _In_opt_ PULONG DllCharacteristics, _In_ PUNICODE_STRING DllName, _Out_opt_ PVOID *DllHandle)
Definition: ldrapi.c:526
#define LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT
Definition: ldrtypes.h:87
static const char const char * DllPath
Definition: image.c:34

Referenced by BroadcastDriveLetterChange(), CsrClientConnectToServer(), CsrConnectToUser(), FirstSoundSentry(), GetModuleHandleForUnicodeString(), SeiAddHooks(), SeiFindHookModuleInfoForImportDescriptor(), and SeiInit().

◆ LdrGetDllHandleEx()

NTSTATUS NTAPI LdrGetDllHandleEx ( _In_ ULONG  Flags,
_In_opt_ PWSTR  DllPath,
_In_opt_ PULONG  DllCharacteristics,
_In_ PUNICODE_STRING  DllName,
_Out_opt_ PVOID DllHandle 
)

Definition at line 526 of file ldrapi.c.

532{
534 PLDR_DATA_TABLE_ENTRY LdrEntry;
535 UNICODE_STRING RedirectName, DllString1, RawDllName;
536 PUNICODE_STRING pRedirectName, CompareName;
537 PWCHAR p1, p2, p3;
538 BOOLEAN Locked, RedirectedDll;
540 ULONG LoadFlag, Length;
541
542 /* Initialize the strings */
543 RtlInitEmptyUnicodeString(&DllString1, NULL, 0);
544 RtlInitEmptyUnicodeString(&RawDllName, NULL, 0);
545 RedirectName = *DllName;
546 pRedirectName = &RedirectName;
547
548 /* Initialize state */
549 RedirectedDll = Locked = FALSE;
550 LdrEntry = NULL;
551 Cookie = 0;
552
553 /* Clear the handle */
554 if (DllHandle) *DllHandle = NULL;
555
556 /* Check for a valid flag combination */
558 (!DllHandle && !(Flags & LDR_GET_DLL_HANDLE_EX_PIN)))
559 {
560 DPRINT1("Flags are invalid or no DllHandle given\n");
562 goto Quickie;
563 }
564
565 /* If not initializing */
566 if (!LdrpInLdrInit)
567 {
568 /* Acquire the lock */
570 if (!NT_SUCCESS(Status)) goto Quickie;
571
572 /* Remember we own it */
573 Locked = TRUE;
574 }
575
576 /* Check if the SxS Assemblies specify another file */
578 pRedirectName,
580 NULL,
581 &DllString1,
582 &pRedirectName,
583 NULL,
584 NULL,
585 NULL);
586
587 /* Check success */
588 if (NT_SUCCESS(Status))
589 {
590 /* Let Ldrp know */
591 RedirectedDll = TRUE;
592 }
594 {
595 /* Unrecoverable SxS failure */
596 goto Quickie;
597 }
598 else
599 {
600 ASSERT(pRedirectName == &RedirectName);
601 }
602
603 /* Set default failure code */
605
606 /* Use the cache if we can */
608 {
609 /* Check if we were redirected */
610 if (RedirectedDll)
611 {
612 /* Check the flag */
614 {
615 goto DontCompare;
616 }
617
618 /* Use the right name */
620 }
621 else
622 {
623 /* Check the flag */
625 {
626 goto DontCompare;
627 }
628
629 /* Use the right name */
631 }
632
633 /* Check if the name matches */
634 if (RtlEqualUnicodeString(pRedirectName,
636 TRUE))
637 {
638 /* Skip the rest */
639 LdrEntry = LdrpGetModuleHandleCache;
640
641 /* Return success */
643 goto Quickie;
644 }
645 }
646
647DontCompare:
648 /* Find the name without the extension */
649 p1 = pRedirectName->Buffer;
650 p2 = NULL;
651 p3 = &p1[pRedirectName->Length / sizeof(WCHAR)];
652 while (p1 != p3)
653 {
654 if (*p1++ == L'.')
655 {
656 p2 = p1;
657 }
658 else if (*p1 == L'\\')
659 {
660 p2 = NULL;
661 }
662 }
663
664 /* Check if no extension was found or if we got a slash */
665 if (!(p2) || (*p2 == L'\\') || (*p2 == L'/'))
666 {
667 /* Check that we have space to add one */
668 Length = pRedirectName->Length +
671 {
672 /* No space to add the extension */
674 goto Quickie;
675 }
676
677 /* Setup the string */
678 RawDllName.MaximumLength = Length;
679 ASSERT(Length >= sizeof(UNICODE_NULL));
680 RawDllName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
681 0,
682 RawDllName.MaximumLength);
683 if (!RawDllName.Buffer)
684 {
686 goto Quickie;
687 }
688
689 /* Copy the string and add extension */
690 RtlCopyUnicodeString(&RawDllName, pRedirectName);
692 }
693 else
694 {
695 /* Check if there's something in the name */
696 Length = pRedirectName->Length;
697 if (Length)
698 {
699 /* Check and remove trailing period */
700 if (pRedirectName->Buffer[Length / sizeof(WCHAR) - sizeof(ANSI_NULL)] == '.')
701 {
702 /* Decrease the size */
703 pRedirectName->Length -= sizeof(WCHAR);
704 }
705 }
706
707 /* Setup the string */
708 RawDllName.MaximumLength = pRedirectName->Length + sizeof(WCHAR);
709 RawDllName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
710 0,
711 RawDllName.MaximumLength);
712 if (!RawDllName.Buffer)
713 {
715 goto Quickie;
716 }
717
718 /* Copy the string */
719 RtlCopyUnicodeString(&RawDllName, pRedirectName);
720 }
721
722 /* Display debug string */
723 if (ShowSnaps)
724 {
725 DPRINT1("LDR: LdrGetDllHandleEx, searching for %wZ from %ws\n",
726 &RawDllName,
727 DllPath ? ((ULONG_PTR)DllPath == 1 ? L"" : DllPath) : L"");
728 }
729
730 /* Do the lookup */
732 &RawDllName,
733 ((ULONG_PTR)DllPath == 1) ? TRUE : FALSE,
734 RedirectedDll,
735 &LdrEntry))
736 {
737 /* Update cached entry */
738 LdrpGetModuleHandleCache = LdrEntry;
739
740 /* Return success */
742 }
743 else
744 {
745 /* Make sure to NULL this */
746 LdrEntry = NULL;
747 }
748Quickie:
749 /* The success path must have a valid loader entry */
750 ASSERT((LdrEntry != NULL) == NT_SUCCESS(Status));
751
752 /* Check if we got an entry and success */
753 DPRINT("Got LdrEntry->BaseDllName %wZ\n", LdrEntry ? &LdrEntry->BaseDllName : NULL);
754 if ((LdrEntry) && (NT_SUCCESS(Status)))
755 {
756 /* Check if the DLL is locked */
757 if ((LdrEntry->LoadCount != 0xFFFF) &&
759 {
760 /* Check what to do with the load count */
762 {
763 /* Pin it */
764 LdrEntry->LoadCount = 0xFFFF;
765 LoadFlag = LDRP_UPDATE_PIN;
766 }
767 else
768 {
769 /* Increase the load count */
770 LdrEntry->LoadCount++;
771 LoadFlag = LDRP_UPDATE_REFCOUNT;
772 }
773
774 /* Update the load count now */
775 LdrpUpdateLoadCount2(LdrEntry, LoadFlag);
777 }
778
779 /* Check if the caller is requesting the handle */
780 if (DllHandle) *DllHandle = LdrEntry->DllBase;
781 }
782
783 /* Free string if needed */
784 if (DllString1.Buffer) RtlFreeUnicodeString(&DllString1);
785
786 /* Free the raw DLL Name if needed */
787 if (RawDllName.Buffer)
788 {
789 /* Free the heap-allocated buffer */
790 RtlFreeHeap(RtlGetProcessHeap(), 0, RawDllName.Buffer);
791 RawDllName.Buffer = NULL;
792 }
793
794 /* Release lock */
795 if (Locked)
796 {
798 Cookie);
799 }
800
801 /* Return */
802 return Status;
803}
static BOOL CompareName(LPCWSTR pszName1, LPCWSTR pszName2)
Definition: find.c:72
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG Flags, IN PUNICODE_STRING OriginalName, IN PUNICODE_STRING Extension, IN OUT PUNICODE_STRING StaticString, IN OUT PUNICODE_STRING DynamicString, IN OUT PUNICODE_STRING *NewName, IN PULONG NewFlags, IN PSIZE_T FileNameSize, IN PSIZE_T RequiredLength)
Definition: libsupp.c:818
UNICODE_STRING LdrApiDefaultExtension
Definition: ldrapi.c:22
#define LDRP_REDIRECTED
Definition: ldrtypes.h:58
#define LDR_GET_DLL_HANDLE_EX_PIN
Definition: ldrtypes.h:88
#define ASSERT(a)
Definition: mode.c:44
NTSYSAPI VOID NTAPI RtlCopyUnicodeString(PUNICODE_STRING DestinationString, PUNICODE_STRING SourceString)
NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeStringToString(PUNICODE_STRING Destination, PUNICODE_STRING Source)
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
#define UNICODE_NULL
#define UNICODE_STRING_MAX_BYTES
#define ANSI_NULL
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
PLDR_DATA_TABLE_ENTRY LdrpGetModuleHandleCache
Definition: ldrutils.c:19
BOOLEAN NTAPI LdrpCheckForLoadedDll(IN PWSTR DllPath, IN PUNICODE_STRING DllName, IN BOOLEAN Flag, IN BOOLEAN RedirectedDll, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
Definition: ldrutils.c:1979
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
#define STATUS_SXS_KEY_NOT_FOUND
Definition: ntstatus.h:1389
#define STATUS_NAME_TOO_LONG
Definition: ntstatus.h:498
#define L(x)
Definition: ntvdm.h:50
UNICODE_STRING FullDllName
Definition: btrfs_drv.h:1882
UNICODE_STRING BaseDllName
Definition: ldrtypes.h:145
USHORT MaximumLength
Definition: env_spec_w32.h:370
uint16_t * PWCHAR
Definition: typedefs.h:56
uint32_t ULONG
Definition: typedefs.h:59
__wchar_t WCHAR
Definition: xmlstorage.h:180

Referenced by LdrGetDllHandle(), and LoadLibraryExW().

◆ LdrGetProcedureAddress()

NTSTATUS NTAPI LdrGetProcedureAddress ( _In_ PVOID  BaseAddress,
_In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING  Name,
_In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG  Ordinal,
_Out_ PVOID ProcedureAddress 
)

Definition at line 829 of file ldrapi.c.

834{
835 /* Call the internal routine and tell it to execute DllInit */
836 return LdrpGetProcedureAddress(BaseAddress, Name, Ordinal, ProcedureAddress, TRUE);
837}
NTSTATUS NTAPI LdrpGetProcedureAddress(_In_ PVOID BaseAddress, _In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING Name, _In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG Ordinal, _Out_ PVOID *ProcedureAddress, _In_ BOOLEAN ExecuteInit)
Definition: ldrutils.c:2252

Referenced by BaseInitApphelp(), BasepReplaceProcessThreadTokens(), BaseSrvDelayLoadKernel32(), BroadcastDriveLetterChange(), CsrClientConnectToServer(), CsrConnectToUser(), CsrLoadServerDll(), FirstSoundSentry(), GetProcAddress(), InitApphelp(), LdrpInitializeProcess(), LoadOle32Export(), LsapAddAuthPackage(), SeiCreateShimModuleInfo(), and SeiResolveAPI().

◆ LdrInitializeThunk()

VOID NTAPI LdrInitializeThunk ( ULONG  Unknown1,
ULONG  Unknown2,
ULONG  Unknown3,
ULONG  Unknown4 
)

◆ LdrLoadDll()

NTSTATUS NTAPI LdrLoadDll ( _In_opt_ PWSTR  SearchPath,
_In_opt_ PULONG  DllCharacteristics,
_In_ PUNICODE_STRING  DllName,
_Out_ PVOID BaseAddress 
)

Definition at line 312 of file ldrapi.c.

317{
319 UNICODE_STRING DllString1, DllString2;
320 BOOLEAN RedirectedDll = FALSE;
323 PUNICODE_STRING OldTldDll;
324 PTEB Teb = NtCurrentTeb();
325
326 /* Initialize the strings */
327 RtlInitEmptyUnicodeString(&DllString1, StringBuffer, sizeof(StringBuffer));
328 RtlInitEmptyUnicodeString(&DllString2, NULL, 0);
329
330 /* Check if the SxS Assemblies specify another file */
332 DllName,
334 &DllString1,
335 &DllString2,
336 &DllName,
337 NULL,
338 NULL,
339 NULL);
340
341 /* Check success */
342 if (NT_SUCCESS(Status))
343 {
344 /* Let Ldrp know */
345 RedirectedDll = TRUE;
346 }
348 {
349 /* Unrecoverable SxS failure; did we get a string? */
350 if (DllString2.Buffer) RtlFreeUnicodeString(&DllString2);
351 return Status;
352 }
353
354 /* Lock the loader lock */
356
357 /* Check if there's a TLD DLL being loaded */
358 OldTldDll = LdrpTopLevelDllBeingLoaded;
360 {
361
362 if (OldTldDll)
363 {
364 /* This is a recursive load, do something about it? */
366 {
367 /* Print out debug messages */
368 DPRINT1("[%p, %p] LDR: Recursive DLL Load\n",
371 DPRINT1("[%p, %p] Previous DLL being loaded \"%wZ\"\n",
374 OldTldDll);
375 DPRINT1("[%p, %p] DLL being requested \"%wZ\"\n",
378 DllName);
379
380 /* Was it initializing too? */
382 {
383 DPRINT1("[%p, %p] LDR: No DLL Initializer was running\n",
386 }
387 else
388 {
389 DPRINT1("[%p, %p] DLL whose initializer was currently running \"%wZ\"\n",
393 }
394 }
395 }
396
397 /* Set this one as the TLD DLL being loaded*/
399
400 /* Load the DLL */
401 Status = LdrpLoadDll(RedirectedDll,
403 DllCharacteristics,
404 DllName,
406 TRUE);
407 if (NT_SUCCESS(Status))
408 {
410 }
411 else if ((Status != STATUS_NO_SUCH_FILE) &&
415 {
418 "LDR: %s - failing because LdrpLoadDll(%wZ) returned status %x\n",
420 DllName,
421 Status);
422 }
423 }
425 {
426 /* Restore the old TLD DLL */
427 LdrpTopLevelDllBeingLoaded = OldTldDll;
428
429 /* Release the lock */
431 }
432 _SEH2_END;
433
434 /* Do we have a redirect string? */
435 if (DllString2.Buffer) RtlFreeUnicodeString(&DllString2);
436
437 /* Return */
438 return Status;
439}
#define MAX_PATH
Definition: compat.h:34
#define _SEH2_FINALLY
Definition: filesup.c:21
#define _SEH2_END
Definition: filesup.c:22
#define _SEH2_TRY
Definition: filesup.c:19
BOOLEAN LdrpBreakOnRecursiveDllLoads
Definition: ldrapi.c:21
BOOLEAN LdrpShowRecursiveLoads
Definition: ldrapi.c:21
WCHAR StringBuffer[156]
Definition: ldrinit.c:41
#define LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS
Definition: ldrtypes.h:76
NTSTATUS NTAPI LdrpLoadDll(IN BOOLEAN Redirected, IN PWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *BaseAddress, IN BOOLEAN CallInit)
Definition: ldrutils.c:2435
PLDR_DATA_TABLE_ENTRY LdrpCurrentDllInitializer
Definition: ldrinit.c:43
PUNICODE_STRING LdrpTopLevelDllBeingLoaded
Definition: ldrinit.c:40
#define STATUS_DLL_INIT_FAILED
Definition: ntstatus.h:558
HANDLE UniqueThread
Definition: compat.h:826
HANDLE UniqueProcess
Definition: compat.h:825
Definition: compat.h:836
CLIENT_ID ClientId
Definition: compat.h:839
CLIENT_ID RealClientId
Definition: compat.h:861
#define SearchPath
Definition: winbase.h:3835

Referenced by AVrfpLoadAndInitializeProvider(), BaseInitApphelp(), BaseSrvDelayLoadKernel32(), CsrLoadServerDll(), InitApphelp(), LdrpInitializeProcess(), LoadLibraryExW(), LoadOle32Export(), LsapAddAuthPackage(), and SeiInit().

◆ LdrOpenImageFileOptionsKey()

NTSTATUS NTAPI LdrOpenImageFileOptionsKey ( _In_ PUNICODE_STRING  SubKey,
_In_ BOOLEAN  Wow64,
_Out_ PHANDLE  NewKeyHandle 
)

Definition at line 112 of file ldrinit.c.

116{
117 PHANDLE RootKeyLocation;
119 UNICODE_STRING SubKeyString;
122 PWCHAR p1;
123
124 /* Check which root key to open */
125 if (Wow64)
126 RootKeyLocation = &Wow64ExecOptionsKey;
127 else
128 RootKeyLocation = &ImageExecOptionsKey;
129
130 /* Get the current key */
131 RootKey = *RootKeyLocation;
132
133 /* Setup the object attributes */
135 Wow64 ?
138 NULL,
139 NULL);
140
141 /* Open the root key */
143 if (NT_SUCCESS(Status))
144 {
145 /* Write the key handle */
146 if (InterlockedCompareExchangePointer(RootKeyLocation, RootKey, NULL) != NULL)
147 {
148 /* Someone already opened it, use it instead */
150 RootKey = *RootKeyLocation;
151 }
152
153 /* Extract the name */
154 SubKeyString = *SubKey;
155 p1 = (PWCHAR)((ULONG_PTR)SubKeyString.Buffer + SubKeyString.Length);
156 while (SubKeyString.Length)
157 {
158 if (p1[-1] == L'\\') break;
159 p1--;
160 SubKeyString.Length -= sizeof(*p1);
161 }
162 SubKeyString.Buffer = p1;
163 SubKeyString.Length = SubKey->Length - SubKeyString.Length;
164
165 /* Setup the object attributes */
167 &SubKeyString,
169 RootKey,
170 NULL);
171
172 /* Open the setting key */
173 Status = ZwOpenKey((PHANDLE)NewKeyHandle, GENERIC_READ, &ObjectAttributes);
174 }
175
176 /* Return to caller */
177 return Status;
178}
#define GENERIC_READ
Definition: compat.h:135
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
HANDLE ImageExecOptionsKey
Definition: ldrinit.c:22
HANDLE Wow64ExecOptionsKey
Definition: ldrinit.c:23
UNICODE_STRING ImageExecOptionsString
Definition: ldrinit.c:24
UNICODE_STRING Wow64OptionsString
Definition: ldrinit.c:25
#define KEY_ENUMERATE_SUB_KEYS
Definition: nt_native.h:1019
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455
static PMEMKEY RootKey
Definition: registry.c:55

Referenced by CreateProcessInternalW(), LdrpInitializeExecutionOptions(), and LdrQueryImageFileExecutionOptionsEx().

◆ LdrProcessRelocationBlock()

PIMAGE_BASE_RELOCATION NTAPI LdrProcessRelocationBlock ( _In_ ULONG_PTR  Address,
_In_ ULONG  Count,
_In_ PUSHORT  TypeOffset,
_In_ LONG_PTR  Delta 
)

Definition at line 1608 of file ldrapi.c.

1613{
1615}
PIMAGE_BASE_RELOCATION NTAPI LdrProcessRelocationBlockLongLong(_In_ ULONG_PTR Address, _In_ ULONG Count, _In_ PUSHORT TypeOffset, _In_ LONGLONG Delta)
int Count
Definition: noreturn.cpp:7
static ULONG Delta
Definition: xboxvideo.c:33

◆ LdrQueryImageFileExecutionOptions()

NTSTATUS NTAPI LdrQueryImageFileExecutionOptions ( _In_ PUNICODE_STRING  SubKey,
_In_ PCWSTR  ValueName,
_In_ ULONG  Type,
_Out_ PVOID  Buffer,
_In_ ULONG  BufferSize,
_Out_opt_ PULONG  ReturnedLength 
)

Definition at line 389 of file ldrinit.c.

396{
397 /* Call the newer function */
399 ValueName,
400 Type,
401 Buffer,
404 FALSE);
405}
Type
Definition: Type.h:7
_In_ ULONG _In_ BATTERY_QUERY_INFORMATION_LEVEL _In_ LONG _In_ ULONG _Out_ PULONG ReturnedLength
Definition: batclass.h:188
Definition: bufpool.h:45
NTSTATUS NTAPI LdrQueryImageFileExecutionOptionsEx(_In_ PUNICODE_STRING SubKey, _In_ PCWSTR ValueName, _In_ ULONG Type, _Out_ PVOID Buffer, _In_ ULONG BufferSize, _Out_opt_ PULONG ReturnedLength, _In_ BOOLEAN Wow64)
Definition: ldrinit.c:350
_In_ WDFMEMORY _Out_opt_ size_t * BufferSize
Definition: wdfmemory.h:254
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING ValueName
Definition: wdfregistry.h:243

Referenced by LdrpRunInitializeRoutines(), and SmpLoadSubSystemsForMuSession().

◆ LdrQueryImageFileKeyOption()

NTSTATUS NTAPI LdrQueryImageFileKeyOption ( _In_ HANDLE  KeyHandle,
_In_ PCWSTR  ValueName,
_In_ ULONG  Type,
_Out_ PVOID  Buffer,
_In_ ULONG  BufferSize,
_Out_opt_ PULONG  ReturnedLength 
)

Definition at line 185 of file ldrinit.c.

192{
193 ULONG KeyInfo[256];
194 UNICODE_STRING ValueNameString, IntegerString;
195 ULONG KeyInfoSize, ResultSize;
197 BOOLEAN FreeHeap = FALSE;
199
200 /* Build a string for the value name */
201 Status = RtlInitUnicodeStringEx(&ValueNameString, ValueName);
202 if (!NT_SUCCESS(Status)) return Status;
203
204 /* Query the value */
205 Status = ZwQueryValueKey(KeyHandle,
206 &ValueNameString,
208 KeyValueInformation,
209 sizeof(KeyInfo),
210 &ResultSize);
212 {
213 /* Our local buffer wasn't enough, allocate one */
214 KeyInfoSize = sizeof(KEY_VALUE_PARTIAL_INFORMATION) +
215 KeyValueInformation->DataLength;
216 KeyValueInformation = RtlAllocateHeap(RtlGetProcessHeap(),
217 0,
218 KeyInfoSize);
219 if (KeyValueInformation != NULL)
220 {
221 /* Try again */
222 Status = ZwQueryValueKey(KeyHandle,
223 &ValueNameString,
225 KeyValueInformation,
226 KeyInfoSize,
227 &ResultSize);
228 FreeHeap = TRUE;
229 }
230 else
231 {
232 /* Give up this time */
234 }
235 }
236
237 /* Check for success */
238 if (NT_SUCCESS(Status))
239 {
240 /* Handle binary data */
241 if (KeyValueInformation->Type == REG_BINARY)
242 {
243 /* Check validity */
244 if ((Buffer) && (KeyValueInformation->DataLength <= BufferSize))
245 {
246 /* Copy into buffer */
248 &KeyValueInformation->Data,
249 KeyValueInformation->DataLength);
250 }
251 else
252 {
254 }
255
256 /* Copy the result length */
257 if (ReturnedLength) *ReturnedLength = KeyValueInformation->DataLength;
258 }
259 else if (KeyValueInformation->Type == REG_DWORD)
260 {
261 /* Check for valid type */
262 if (KeyValueInformation->Type != Type)
263 {
264 /* Error */
266 }
267 else
268 {
269 /* Check validity */
270 if ((Buffer) &&
271 (BufferSize == sizeof(ULONG)) &&
272 (KeyValueInformation->DataLength <= BufferSize))
273 {
274 /* Copy into buffer */
276 &KeyValueInformation->Data,
277 KeyValueInformation->DataLength);
278 }
279 else
280 {
282 }
283
284 /* Copy the result length */
285 if (ReturnedLength) *ReturnedLength = KeyValueInformation->DataLength;
286 }
287 }
288 else if (KeyValueInformation->Type != REG_SZ)
289 {
290 /* We got something weird */
292 }
293 else
294 {
295 /* String, check what you requested */
296 if (Type == REG_DWORD)
297 {
298 /* Validate */
299 if (BufferSize != sizeof(ULONG))
300 {
301 /* Invalid size */
302 BufferSize = 0;
304 }
305 else
306 {
307 /* OK, we know what you want... */
308 IntegerString.Buffer = (PWSTR)KeyValueInformation->Data;
309 IntegerString.Length = (USHORT)KeyValueInformation->DataLength -
310 sizeof(WCHAR);
311 IntegerString.MaximumLength = (USHORT)KeyValueInformation->DataLength;
312 Status = RtlUnicodeStringToInteger(&IntegerString, 0, (PULONG)Buffer);
313 }
314 }
315 else
316 {
317 /* Validate */
318 if (KeyValueInformation->DataLength > BufferSize)
319 {
320 /* Invalid */
322 }
323 else
324 {
325 /* Set the size */
326 BufferSize = KeyValueInformation->DataLength;
327 }
328
329 /* Copy the string */
330 RtlMoveMemory(Buffer, &KeyValueInformation->Data, BufferSize);
331 }
332
333 /* Copy the result length */
334 if (ReturnedLength) *ReturnedLength = KeyValueInformation->DataLength;
335 }
336 }
337
338 /* Check if buffer was in heap */
339 if (FreeHeap) RtlFreeHeap(RtlGetProcessHeap(), 0, KeyValueInformation);
340
341 /* Return status */
342 return Status;
343}
NTSYSAPI NTSTATUS WINAPI RtlInitUnicodeStringEx(PUNICODE_STRING, PCWSTR)
#define REG_SZ
Definition: layer.c:22
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
Definition: ndis.h:4715
#define REG_BINARY
Definition: nt_native.h:1496
@ KeyValuePartialInformation
Definition: nt_native.h:1182
NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToInteger(PUNICODE_STRING String, ULONG Base, PULONG Value)
struct _KEY_VALUE_PARTIAL_INFORMATION KEY_VALUE_PARTIAL_INFORMATION
struct _KEY_VALUE_PARTIAL_INFORMATION * PKEY_VALUE_PARTIAL_INFORMATION
#define STATUS_OBJECT_TYPE_MISMATCH
Definition: ntstatus.h:273
unsigned short USHORT
Definition: pedump.c:61
#define REG_DWORD
Definition: sdbapi.c:596
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:66
uint16_t * PWSTR
Definition: typedefs.h:56
uint32_t * PULONG
Definition: typedefs.h:59
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:264
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133

Referenced by AVrfReadIFEO(), CreateProcessInternalW(), LdrpInitializeExecutionOptions(), LdrpInitializeProcess(), and LdrQueryImageFileExecutionOptionsEx().

◆ LdrQueryProcessModuleInformation()

NTSTATUS NTAPI LdrQueryProcessModuleInformation ( _Out_writes_bytes_to_(Size, *ReturnedSize) PRTL_PROCESS_MODULES  ModuleInformation,
_In_ ULONG  Size,
_Out_opt_ PULONG  ReturnedSize 
)

Definition at line 1116 of file ldrapi.c.

1120{
1121 /* Call Ex version of the API */
1122 return LdrQueryProcessModuleInformationEx(0, 0, ModuleInformation, Size, ReturnedSize);
1123}
ULONG ReturnedSize
NTSTATUS NTAPI LdrQueryProcessModuleInformationEx(_In_opt_ ULONG ProcessId, _Reserved_ ULONG Reserved, _Out_writes_bytes_to_(Size, *ReturnedSize) PRTL_PROCESS_MODULES ModuleInformation, _In_ ULONG Size, _Out_opt_ PULONG ReturnedSize)
Definition: ldrapi.c:987
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533

Referenced by RtlQueryProcessDebugInformation(), and Test_ProcessModules().

◆ LdrSetDllManifestProber()

VOID NTAPI LdrSetDllManifestProber ( _In_ PLDR_MANIFEST_PROBER_ROUTINE  Routine)

Definition at line 73 of file ldrapi.c.

75{
77}
PLDR_MANIFEST_PROBER_ROUTINE LdrpManifestProberRoutine
Definition: ldrpe.c:18

Referenced by DllMain().

◆ LdrShutdownProcess()

NTSTATUS NTAPI LdrShutdownProcess ( VOID  )

Definition at line 943 of file ldrinit.c.

944{
946 PLDR_DATA_TABLE_ENTRY LdrEntry;
947 PLIST_ENTRY NextEntry, ListHead;
948 RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
949 PVOID EntryPoint;
950
951 DPRINT("LdrShutdownProcess() called for %wZ\n", &LdrpImageEntry->BaseDllName);
953
954 /* Tell the Shim Engine */
955 if (g_ShimsEnabled)
956 {
960 }
961
962 /* Tell the world */
963 if (ShowSnaps)
964 {
965 DPRINT1("\n");
966 }
967
968 /* Set the shutdown variables */
969 LdrpShutdownThreadId = NtCurrentTeb()->RealClientId.UniqueThread;
971
972 /* Enter the Loader Lock */
974
975 /* Cleanup trace logging data (Etw) */
976 if (SharedUserData->TraceLogging)
977 {
978 /* FIXME */
979 DPRINT1("We don't support Etw yet.\n");
980 }
981
982 /* Start at the end */
984 NextEntry = ListHead->Blink;
985 while (NextEntry != ListHead)
986 {
987 /* Get the current entry */
988 LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InInitializationOrderLinks);
989 NextEntry = NextEntry->Blink;
990
991 /* Make sure it's not ourselves */
992 if (Peb->ImageBaseAddress != LdrEntry->DllBase)
993 {
994 /* Get the entrypoint */
995 EntryPoint = LdrEntry->EntryPoint;
996
997 /* Check if we are ready to call it */
998 if (EntryPoint &&
999 (LdrEntry->Flags & LDRP_PROCESS_ATTACH_CALLED) &&
1000 LdrEntry->Flags)
1001 {
1002 /* Set up the Act Ctx */
1003 ActCtx.Size = sizeof(ActCtx);
1004 ActCtx.Format = 1;
1006
1007 /* Activate the ActCtx */
1009 LdrEntry->EntryPointActivationContext);
1010
1011 _SEH2_TRY
1012 {
1013 /* Check if it has TLS */
1014 if (LdrEntry->TlsIndex)
1015 {
1016 /* Call TLS */
1018 }
1019
1020 /* Call the Entrypoint */
1021 DPRINT("%wZ - Calling entry point at %p for thread detaching\n",
1022 &LdrEntry->BaseDllName, LdrEntry->EntryPoint);
1023 LdrpCallInitRoutine(EntryPoint,
1024 LdrEntry->DllBase,
1026 (PVOID)1);
1027 }
1029 {
1030 DPRINT1("WARNING: Exception 0x%x during LdrpCallInitRoutine(DLL_PROCESS_DETACH) for %wZ\n",
1031 _SEH2_GetExceptionCode(), &LdrEntry->BaseDllName);
1032 }
1033 _SEH2_END;
1034
1035 /* Deactivate the ActCtx */
1037 }
1038 }
1039 }
1040
1041 /* Check for TLS */
1042 if (LdrpImageHasTls)
1043 {
1044 /* Set up the Act Ctx */
1045 ActCtx.Size = sizeof(ActCtx);
1046 ActCtx.Format = 1;
1048
1049 /* Activate the ActCtx */
1052
1053 _SEH2_TRY
1054 {
1055 /* Do TLS callbacks */
1057 }
1059 {
1060 /* Do nothing */
1061 }
1062 _SEH2_END;
1063
1064 /* Deactivate the ActCtx */
1066 }
1067
1068 /* FIXME: Do Heap detection and Etw final shutdown */
1069
1070 /* Release the lock */
1072 DPRINT("LdrpShutdownProcess() done\n");
1073
1074 return STATUS_SUCCESS;
1075}
#define VOID
Definition: acefi.h:82
#define DLL_PROCESS_DETACH
Definition: compat.h:130
PPEB Peb
Definition: dllmain.c:27
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
PLDR_DATA_TABLE_ENTRY LdrpImageEntry
Definition: ldrinit.c:39
BOOLEAN LdrpShutdownInProgress
Definition: ldrinit.c:34
HANDLE LdrpShutdownThreadId
Definition: ldrinit.c:35
BOOLEAN LdrpImageHasTls
Definition: ldrinit.c:52
BOOLEAN ShowSnaps
Definition: ldrinit.c:81
RTL_CRITICAL_SECTION LdrpLoaderLock
Definition: ldrinit.c:70
_In_ PCWSTR _Out_ PVOID * ActCtx
Definition: ldrtypes.h:247
#define LDRP_PROCESS_ATTACH_CALLED
Definition: ldrtypes.h:49
NTSYSAPI NTSTATUS NTAPI RtlEnterCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
NTSYSAPI NTSTATUS NTAPI RtlLeaveCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
VOID NTAPI LdrpCallTlsInitializers(IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Reason)
Definition: ldrutils.c:473
PVOID g_pfnSE_ProcessDying
Definition: ldrutils.c:27
BOOLEAN NTAPI LdrpCallInitRoutine(IN PDLL_INIT_ROUTINE EntryPoint, IN PVOID BaseAddress, IN ULONG Reason, IN PVOID Context)
Definition: ldrutils.c:100
BOOLEAN g_ShimsEnabled
Definition: ldrutils.c:21
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:159
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:34
#define SharedUserData
PRTL_ACTIVATION_CONTEXT_STACK_FRAME FASTCALL RtlActivateActivationContextUnsafeFast(IN PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED Frame, IN PVOID Context)
Definition: actctx.c:5934
PRTL_ACTIVATION_CONTEXT_STACK_FRAME FASTCALL RtlDeactivateActivationContextUnsafeFast(IN PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED Frame)
Definition: actctx.c:6011
PVOID NTAPI RtlDecodeSystemPointer(IN PVOID Pointer)
Definition: process.c:439
VOID NTAPI SE_ProcessDying(VOID)
Definition: shimeng.c:1441
PACTIVATION_CONTEXT EntryPointActivationContext
Definition: ldrtypes.h:163
PVOID EntryPoint
Definition: ntddk_ex.h:203
struct _LIST_ENTRY * Blink
Definition: typedefs.h:122
LIST_ENTRY InInitializationOrderModuleList
Definition: ldrtypes.h:122
PPEB_LDR_DATA Ldr
Definition: btrfs_drv.h:1912
PVOID ImageBaseAddress
Definition: ntddk_ex.h:245
#define NTAPI
Definition: typedefs.h:36
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262

◆ LdrShutdownThread()

NTSTATUS NTAPI LdrShutdownThread ( VOID  )

Definition at line 1082 of file ldrinit.c.

1083{
1084 PPEB Peb = NtCurrentPeb();
1085 PTEB Teb = NtCurrentTeb();
1086 PLDR_DATA_TABLE_ENTRY LdrEntry;
1087 PLIST_ENTRY NextEntry, ListHead;
1088 RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
1089 PVOID EntryPoint;
1090
1091 DPRINT("LdrShutdownThread() called for %wZ\n",
1093
1094 /* Cleanup trace logging data (Etw) */
1095 if (SharedUserData->TraceLogging)
1096 {
1097 /* FIXME */
1098 DPRINT1("We don't support Etw yet.\n");
1099 }
1100
1101 /* Get the Ldr Lock */
1103
1104 /* Start at the end */
1106 NextEntry = ListHead->Blink;
1107 while (NextEntry != ListHead)
1108 {
1109 /* Get the current entry */
1110 LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InInitializationOrderLinks);
1111 NextEntry = NextEntry->Blink;
1112
1113 /* Make sure it's not ourselves */
1114 if (Peb->ImageBaseAddress != LdrEntry->DllBase)
1115 {
1116 /* Check if we should call */
1117 if (!(LdrEntry->Flags & LDRP_DONT_CALL_FOR_THREADS) &&
1118 (LdrEntry->Flags & LDRP_PROCESS_ATTACH_CALLED) &&
1119 (LdrEntry->Flags & LDRP_IMAGE_DLL))
1120 {
1121 /* Get the entrypoint */
1122 EntryPoint = LdrEntry->EntryPoint;
1123
1124 /* Check if we are ready to call it */
1125 if (EntryPoint)
1126 {
1127 /* Set up the Act Ctx */
1128 ActCtx.Size = sizeof(ActCtx);
1129 ActCtx.Format = 1;
1131
1132 /* Activate the ActCtx */
1134 LdrEntry->EntryPointActivationContext);
1135
1136 _SEH2_TRY
1137 {
1138 /* Check if it has TLS */
1139 if (LdrEntry->TlsIndex)
1140 {
1141 /* Make sure we're not shutting down */
1143 {
1144 /* Call TLS */
1146 }
1147 }
1148
1149 /* Make sure we're not shutting down */
1151 {
1152 /* Call the Entrypoint */
1153 DPRINT("%wZ - Calling entry point at %p for thread detaching\n",
1154 &LdrEntry->BaseDllName, LdrEntry->EntryPoint);
1155 LdrpCallInitRoutine(EntryPoint,
1156 LdrEntry->DllBase,
1158 NULL);
1159 }
1160 }
1162 {
1163 DPRINT1("WARNING: Exception 0x%x during LdrpCallInitRoutine(DLL_THREAD_DETACH) for %wZ\n",
1164 _SEH2_GetExceptionCode(), &LdrEntry->BaseDllName);
1165 }
1166 _SEH2_END;
1167
1168 /* Deactivate the ActCtx */
1170 }
1171 }
1172 }
1173 }
1174
1175 /* Check for TLS */
1176 if (LdrpImageHasTls)
1177 {
1178 /* Set up the Act Ctx */
1179 ActCtx.Size = sizeof(ActCtx);
1180 ActCtx.Format = 1;
1182
1183 /* Activate the ActCtx */
1186
1187 _SEH2_TRY
1188 {
1189 /* Do TLS callbacks */
1191 }
1193 {
1194 /* Do nothing */
1195 }
1196 _SEH2_END;
1197
1198 /* Deactivate the ActCtx */
1200 }
1201
1202 /* Free TLS */
1203 LdrpFreeTls();
1205
1206 /* Check for expansion slots */
1207 if (Teb->TlsExpansionSlots)
1208 {
1209 /* Free expansion slots */
1210 RtlFreeHeap(RtlGetProcessHeap(), 0, Teb->TlsExpansionSlots);
1211 }
1212
1213 /* Check for FLS Data */
1214 if (Teb->FlsData)
1215 {
1216 /* Mimic BaseRundownFls */
1217 ULONG n, FlsHighIndex;
1218 PRTL_FLS_DATA pFlsData;
1219 PFLS_CALLBACK_FUNCTION lpCallback;
1220
1221 pFlsData = Teb->FlsData;
1222
1224 FlsHighIndex = NtCurrentPeb()->FlsHighIndex;
1225 RemoveEntryList(&pFlsData->ListEntry);
1227
1228 for (n = 1; n <= FlsHighIndex; ++n)
1229 {
1230 lpCallback = NtCurrentPeb()->FlsCallback[n];
1231 if (lpCallback && pFlsData->Data[n])
1232 {
1233 lpCallback(pFlsData->Data[n]);
1234 }
1235 }
1236
1237 RtlFreeHeap(RtlGetProcessHeap(), 0, pFlsData);
1238 Teb->FlsData = NULL;
1239 }
1240
1241 /* Check for Fiber data */
1242 if (Teb->HasFiberData)
1243 {
1244 /* Free Fiber data*/
1245 RtlFreeHeap(RtlGetProcessHeap(), 0, Teb->NtTib.FiberData);
1246 Teb->NtTib.FiberData = NULL;
1247 }
1248
1249 /* Free the activation context stack */
1251 DPRINT("LdrShutdownThread() done\n");
1252
1253 return STATUS_SUCCESS;
1254}
#define DLL_THREAD_DETACH
Definition: compat.h:133
#define RemoveEntryList(Entry)
Definition: env_spec_w32.h:986
GLdouble n
Definition: glext.h:7729
NTSYSAPI void WINAPI RtlReleasePebLock(void)
Definition: libsupp.c:82
NTSYSAPI void WINAPI RtlAcquirePebLock(void)
Definition: libsupp.c:72
NTSYSAPI void WINAPI RtlFreeThreadActivationContextStack(void)
Definition: actctx.c:5472
VOID NTAPI LdrpFreeTls(VOID)
Definition: ldrinit.c:1384
#define LDRP_IMAGE_DLL
Definition: ldrtypes.h:39
PVOID FiberData
Definition: compat.h:716
LIST_ENTRY ListEntry
Definition: rtltypes.h:1223
PVOID Data[RTL_FLS_MAXIMUM_AVAILABLE]
Definition: rtltypes.h:1224
PVOID * TlsExpansionSlots
Definition: compat.h:894
NT_TIB NtTib
Definition: ntddk_ex.h:332
VOID(WINAPI * PFLS_CALLBACK_FUNCTION)(PVOID)
Definition: winbase.h:1444

◆ LdrUnloadDll()

NTSTATUS NTAPI LdrUnloadDll ( _In_ PVOID  BaseAddress)

Definition at line 1331 of file ldrapi.c.

1333{
1335 PPEB Peb = NtCurrentPeb();
1336 PLDR_DATA_TABLE_ENTRY LdrEntry, CurrentEntry;
1337 PVOID EntryPoint;
1338 PLIST_ENTRY NextEntry;
1339 LIST_ENTRY UnloadList;
1340 RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
1341 PVOID CorImageData;
1342 ULONG ComSectionSize;
1343
1344 /* Get the LDR Lock */
1346
1347 /* Increase the unload count */
1349
1350 /* Skip unload */
1351 if (LdrpShutdownInProgress) goto Quickie;
1352
1353 /* Make sure the DLL is valid and get its entry */
1355 {
1357 goto Quickie;
1358 }
1359
1360 /* Check the current Load Count */
1361 if (LdrEntry->LoadCount != 0xFFFF)
1362 {
1363 /* Decrease it */
1364 LdrEntry->LoadCount--;
1365
1366 /* If it's a dll */
1367 if (LdrEntry->Flags & LDRP_IMAGE_DLL)
1368 {
1369 /* Set up the Act Ctx */
1370 ActCtx.Size = sizeof(ActCtx);
1373
1374 /* Activate the ActCtx */
1376 LdrEntry->EntryPointActivationContext);
1377
1378 /* Update the load count */
1380
1381 /* Release the context */
1383 }
1384 }
1385 else
1386 {
1387 /* The DLL is locked */
1388 goto Quickie;
1389 }
1390
1391 /* Show debug message */
1392 if (ShowSnaps) DPRINT1("LDR: UNINIT LIST\n");
1393
1394 /* Check if this is our only unload and initialize the list if so */
1396
1397 /* Loop the modules to build the list */
1399 while (NextEntry != &Peb->Ldr->InInitializationOrderModuleList)
1400 {
1401 /* Get the entry */
1402 LdrEntry = CONTAINING_RECORD(NextEntry,
1404 InInitializationOrderLinks);
1405 NextEntry = NextEntry->Blink;
1406
1407 /* Remove flag */
1408 LdrEntry->Flags &= ~LDRP_UNLOAD_IN_PROGRESS;
1409
1410 /* If the load count is now 0 */
1411 if (!LdrEntry->LoadCount)
1412 {
1413 /* Show message */
1414 if (ShowSnaps)
1415 {
1416 DPRINT1("(%lu) [%ws] %ws (%lx) deinit %p\n",
1418 LdrEntry->BaseDllName.Buffer,
1419 LdrEntry->FullDllName.Buffer,
1420 (ULONG)LdrEntry->LoadCount,
1421 LdrEntry->EntryPoint);
1422 }
1423
1424 /* Call Shim Engine and notify */
1425 if (g_ShimsEnabled)
1426 {
1428 SE_DllUnloaded(LdrEntry);
1429 }
1430
1431 /* Unlink it */
1432 CurrentEntry = LdrEntry;
1434 RemoveEntryList(&CurrentEntry->InMemoryOrderLinks);
1435 RemoveEntryList(&CurrentEntry->HashLinks);
1436
1437 /* If there's more then one active unload */
1438 if (LdrpActiveUnloadCount > 1)
1439 {
1440 /* Flush the cached DLL handle and clear the list */
1442 CurrentEntry->InMemoryOrderLinks.Flink = NULL;
1443 }
1444
1445 /* Add the entry on the unload list */
1446 InsertTailList(&LdrpUnloadHead, &CurrentEntry->HashLinks);
1447 }
1448 }
1449
1450 /* Only call the entrypoints once */
1451 if (LdrpActiveUnloadCount > 1) goto Quickie;
1452
1453 /* Now loop the unload list and create our own */
1454 InitializeListHead(&UnloadList);
1455 CurrentEntry = NULL;
1456 NextEntry = LdrpUnloadHead.Flink;
1457 while (NextEntry != &LdrpUnloadHead)
1458 {
1459 /* Get the current entry */
1460 LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, HashLinks);
1461
1462 LdrpRecordUnloadEvent(LdrEntry);
1463
1464 /* Set the entry and clear it from the list */
1465 CurrentEntry = LdrEntry;
1467 CurrentEntry->InMemoryOrderLinks.Flink = NULL;
1468
1469 /* Move it from the global to the local list */
1470 RemoveEntryList(&CurrentEntry->HashLinks);
1471 InsertTailList(&UnloadList, &CurrentEntry->HashLinks);
1472
1473 /* Get the entrypoint */
1474 EntryPoint = LdrEntry->EntryPoint;
1475
1476 /* Check if we should call it */
1477 if ((EntryPoint) && (LdrEntry->Flags & LDRP_PROCESS_ATTACH_CALLED))
1478 {
1479 /* Show message */
1480 if (ShowSnaps)
1481 {
1482 DPRINT1("LDR: Calling deinit %p\n", EntryPoint);
1483 }
1484
1485 /* Set up the Act Ctx */
1486 ActCtx.Size = sizeof(ActCtx);
1489
1490 /* Activate the ActCtx */
1492 LdrEntry->EntryPointActivationContext);
1493
1494 /* Call the entrypoint */
1495 _SEH2_TRY
1496 {
1498 LdrEntry->DllBase,
1500 NULL);
1501 }
1503 {
1504 DPRINT1("WARNING: Exception 0x%x during LdrpCallInitRoutine(DLL_PROCESS_DETACH) for %wZ\n",
1505 _SEH2_GetExceptionCode(), &LdrEntry->BaseDllName);
1506 }
1507 _SEH2_END;
1508
1509 /* Release the context */
1511 }
1512
1513 /* Remove it from the list */
1514 RemoveEntryList(&CurrentEntry->InLoadOrderLinks);
1515 CurrentEntry = NULL;
1516 NextEntry = LdrpUnloadHead.Flink;
1517 }
1518
1519 /* Now loop our local list */
1520 NextEntry = UnloadList.Flink;
1521 while (NextEntry != &UnloadList)
1522 {
1523 /* Get the entry */
1524 LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, HashLinks);
1525 NextEntry = NextEntry->Flink;
1526 CurrentEntry = LdrEntry;
1527
1528 /* Notify Application Verifier */
1530 {
1531 AVrfDllUnloadNotification(LdrEntry);
1532 }
1533
1534 /* Show message */
1535 if (ShowSnaps)
1536 {
1537 DPRINT1("LDR: Unmapping [%ws]\n", LdrEntry->BaseDllName.Buffer);
1538 }
1539
1540 /* Check if this is a .NET executable */
1541 CorImageData = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
1542 TRUE,
1544 &ComSectionSize);
1545 if (CorImageData)
1546 {
1547 /* FIXME */
1548 DPRINT1(".NET Images are not supported yet\n");
1549 }
1550
1551 /* Check if we should unmap*/
1552 if (!(CurrentEntry->Flags & LDR_COR_OWNS_UNMAP))
1553 {
1554 /* Unmap the DLL */
1556 CurrentEntry->DllBase);
1558 }
1559
1560 /* Unload the alternate resource module, if any */
1562
1563 /* FIXME: Send shutdown notification */
1564 //LdrpSendDllNotifications(CurrentEntry, 2, LdrpShutdownInProgress);
1565
1566 /* Check if a Hotpatch is active */
1567 if (LdrEntry->PatchInformation)
1568 {
1569 /* FIXME */
1570 DPRINT1("We don't support Hotpatching yet\n");
1571 }
1572
1573 /* Deallocate the Entry */
1575
1576 /* If this is the cached entry, invalidate it */
1577 if (LdrpGetModuleHandleCache == CurrentEntry)
1578 {
1580 }
1581 }
1582
1583Quickie:
1584 /* Decrease unload count */
1587
1588 /* Return to caller */
1589 return Status;
1590}
NTSTATUS NTAPI NtUnmapViewOfSection(IN HANDLE ProcessHandle, IN PVOID BaseAddress)
Definition: section.c:3848
#define RtlImageDirectoryEntryToData
Definition: compat.h:809
#define InsertTailList(ListHead, Entry)
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
#define FLG_HEAP_ENABLE_TAIL_CHECK
Definition: pstypes.h:60
LIST_ENTRY LdrpUnloadHead
Definition: ldrapi.c:19
BOOLEAN NTAPI LdrUnloadAlternateResourceModule(_In_ PVOID BaseAddress)
Definition: ldrapi.c:1641
#define LDR_COR_OWNS_UNMAP
Definition: ldrtypes.h:53
#define RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER
Definition: rtltypes.h:101
#define NtCurrentProcess()
Definition: nt_native.h:1657
#define LDRP_UPDATE_DEREFCOUNT
Definition: ntdllp.h:16
ULONG LdrpActiveUnloadCount
Definition: ldrinit.c:84
VOID NTAPI LdrpFinalizeAndDeallocateDataTableEntry(IN PLDR_DATA_TABLE_ENTRY Entry)
Definition: ldrutils.c:1598
VOID NTAPI AVrfDllUnloadNotification(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: verifier.c:328
VOID NTAPI LdrpRecordUnloadEvent(_In_ PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: trace.c:28
PVOID g_pfnSE_DllUnloaded
Definition: ldrutils.c:24
PLDR_DATA_TABLE_ENTRY LdrpLoadedDllHandleCache
Definition: ntdllp.h:59
#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Definition: ntimage.h:489
VOID WINAPI SE_DllUnloaded(PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: shimeng.c:1465
LIST_ENTRY InLoadOrderLinks
Definition: ldrtypes.h:138
LIST_ENTRY InInitializationOrderLinks
Definition: ldrtypes.h:140
LIST_ENTRY InMemoryOrderLinks
Definition: btrfs_drv.h:1878
LIST_ENTRY HashLinks
Definition: ldrtypes.h:151
PVOID PatchInformation
Definition: ldrtypes.h:164
PVOID LoaderLock
Definition: ntddk_ex.h:295
ULONG NtGlobalFlag
Definition: ntddk_ex.h:270
void * PVOID
Definition: typedefs.h:50

Referenced by BasepReplaceProcessThreadTokens(), CsrLoadServerDll(), FreeLibrary(), FreeLibraryAndExitThread(), InitApphelp(), LdrpLoadDll(), LdrpUnloadShimEngine(), LsapAddAuthPackage(), PropertyLengthAsVariant(), RtlConvertPropertyToVariant(), and RtlConvertVariantToProperty().

◆ LdrVerifyImageMatchesChecksum()

NTSTATUS NTAPI LdrVerifyImageMatchesChecksum ( _In_ HANDLE  FileHandle,
_In_ PLDR_CALLBACK  Callback,
_In_ PVOID  CallbackContext,
_Out_ PUSHORT  ImageCharacteristics 
)

Definition at line 844 of file ldrapi.c.

849{
850 FILE_STANDARD_INFORMATION FileStandardInfo;
851 PIMAGE_IMPORT_DESCRIPTOR ImportData;
852 PIMAGE_SECTION_HEADER LastSection = NULL;
854 PIMAGE_NT_HEADERS NtHeader;
855 HANDLE SectionHandle;
857 PVOID ViewBase;
858 BOOLEAN Result, NoActualCheck;
860 PVOID ImportName;
861 ULONG Size;
862 DPRINT("LdrVerifyImageMatchesChecksum() called\n");
863
864 /* If the handle has the magic KnownDll flag, skip actual checksums */
865 NoActualCheck = ((ULONG_PTR)FileHandle & 1);
866
867 /* Create the section */
868 Status = NtCreateSection(&SectionHandle,
870 NULL,
871 NULL,
874 FileHandle);
875 if (!NT_SUCCESS(Status))
876 {
877 DPRINT1 ("NtCreateSection() failed (Status 0x%x)\n", Status);
878 return Status;
879 }
880
881 /* Map the section */
882 ViewSize = 0;
883 ViewBase = NULL;
884 Status = NtMapViewOfSection(SectionHandle,
886 &ViewBase,
887 0,
888 0,
889 NULL,
890 &ViewSize,
891 ViewShare,
892 0,
894 if (!NT_SUCCESS(Status))
895 {
896 DPRINT1("NtMapViewOfSection() failed (Status 0x%x)\n", Status);
897 NtClose(SectionHandle);
898 return Status;
899 }
900
901 /* Get the file information */
904 &FileStandardInfo,
907 if (!NT_SUCCESS(Status))
908 {
909 DPRINT1("NtMapViewOfSection() failed (Status 0x%x)\n", Status);
911 NtClose(SectionHandle);
912 return Status;
913 }
914
915 /* Protect with SEH */
917 {
918 /* Check if this is the KnownDll hack */
919 if (NoActualCheck)
920 {
921 /* Don't actually do it */
922 Result = TRUE;
923 }
924 else
925 {
926 /* Verify the checksum */
928 FileStandardInfo.EndOfFile.LowPart,
929 FileStandardInfo.EndOfFile.LowPart);
930 }
931
932 /* Check if a callback was supplied */
933 if ((Result) && (Callback))
934 {
935 /* Get the NT Header */
936 NtHeader = RtlImageNtHeader(ViewBase);
937
938 /* Check if caller requested this back */
939 if (ImageCharacteristics)
940 {
941 /* Return to caller */
942 *ImageCharacteristics = NtHeader->FileHeader.Characteristics;
943 }
944
945 /* Get the Import Directory Data */
946 ImportData = RtlImageDirectoryEntryToData(ViewBase,
947 FALSE,
949 &Size);
950
951 /* Make sure there is one */
952 if (ImportData)
953 {
954 /* Loop the imports */
955 while (ImportData->Name)
956 {
957 /* Get the name */
958 ImportName = RtlImageRvaToVa(NtHeader,
959 ViewBase,
960 ImportData->Name,
961 &LastSection);
962
963 /* Notify the callback */
964 Callback(CallbackContext, ImportName);
965 ImportData++;
966 }
967 }
968 }
969 }
971 {
972 /* Fail the request returning STATUS_IMAGE_CHECKSUM_MISMATCH */
973 Result = FALSE;
974 }
975 _SEH2_END;
976
977 /* Unmap file and close handle */
979 NtClose(SectionHandle);
980
981 /* Return status */
983}
NTSTATUS NTAPI NtCreateSection(OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG SectionPageProtection OPTIONAL, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL)
Definition: section.c:3441
NTSTATUS NTAPI NtMapViewOfSection(IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG_PTR ZeroBits, IN SIZE_T CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PSIZE_T ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Protect)
Definition: section.c:3622
#define RtlImageRvaToVa
Definition: compat.h:807
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE FileHandle
Definition: fltkernel.h:1231
BOOLEAN NTAPI LdrVerifyMappedImageMatchesChecksum(_In_ PVOID BaseAddress, _In_ SIZE_T NumberOfBytes, _In_ ULONG FileLength)
static OUT PIO_STATUS_BLOCK IoStatusBlock
Definition: pipe.c:75
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T ViewSize
Definition: mmfuncs.h:408
#define SEC_COMMIT
Definition: mmtypes.h:100
#define SECTION_MAP_EXECUTE
Definition: nt_native.h:1290
#define PAGE_EXECUTE
Definition: nt_native.h:1306
NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(IN HANDLE hFile, OUT PIO_STATUS_BLOCK pIoStatusBlock, OUT PVOID FileInformationBuffer, IN ULONG FileInformationBufferLength, IN FILE_INFORMATION_CLASS FileInfoClass)
@ ViewShare
Definition: nt_native.h:1278
#define STATUS_IMAGE_CHECKSUM_MISMATCH
Definition: ntstatus.h:677
#define IMAGE_DIRECTORY_ENTRY_IMPORT
Definition: pedump.c:260
#define FileStandardInformation
Definition: propsheet.cpp:61
IMAGE_FILE_HEADER FileHeader
Definition: ntddk_ex.h:183
ULONG_PTR SIZE_T
Definition: typedefs.h:80
ULONG LowPart
Definition: typedefs.h:106
_In_ WDFINTERRUPT _In_ PFN_WDF_INTERRUPT_SYNCHRONIZE Callback
Definition: wdfinterrupt.h:458
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR _In_ ULONGLONG _In_ ULONGLONG _In_opt_ PEVENT_FILTER_DESCRIPTOR _Inout_opt_ PVOID CallbackContext
Definition: wmitypes.h:60
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409

Referenced by SmpInitializeKnownDllsInternal().