umfuncs.h File Reference

#include <umtypes.h>
#include <dbgktypes.h>

Include dependency graph for umfuncs.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Typedefs
typedef VOID(NTAPI *	PLDR_CALLBACK) (PVOID CallbackContext, PCHAR Name)

Functions
__analysis_noreturn NTSYSAPI VOID NTAPI	DbgBreakPointWithStatus (_In_ ULONG Status)
NTSTATUS NTAPI	DbgUiConnectToDbg (VOID)
NTSTATUS NTAPI	DbgUiContinue (_In_ PCLIENT_ID ClientId, _In_ NTSTATUS ContinueStatus)
NTSTATUS NTAPI	DbgUiDebugActiveProcess (_In_ HANDLE Process)
NTSTATUS NTAPI	DbgUiStopDebugging (_In_ HANDLE Process)
NTSYSAPI NTSTATUS NTAPI	DbgUiWaitStateChange (_In_ PDBGUI_WAIT_STATE_CHANGE DbgUiWaitStateCange, _In_ PLARGE_INTEGER TimeOut)
NTSTATUS NTAPI	DbgUiConvertStateChangeStructure (_In_ PDBGUI_WAIT_STATE_CHANGE WaitStateChange, _In_ PVOID DebugEvent)
VOID NTAPI	DbgUiRemoteBreakin (VOID)
NTSTATUS NTAPI	DbgUiIssueRemoteBreakin (_In_ HANDLE Process)
HANDLE NTAPI	DbgUiGetThreadDebugObject (VOID)
NTSTATUS NTAPI	LdrAddRefDll (_In_ ULONG Flags, _In_ PVOID BaseAddress)
NTSTATUS NTAPI	LdrDisableThreadCalloutsForDll (_In_ PVOID BaseAddress)
NTSTATUS NTAPI	LdrGetDllHandle (_In_opt_ PWSTR DllPath, _In_ PULONG DllCharacteristics, _In_ PUNICODE_STRING DllName, _Out_ PVOID *DllHandle)
NTSTATUS NTAPI	LdrGetDllHandleEx (_In_ ULONG Flags, _In_opt_ PWSTR DllPath, _In_opt_ PULONG DllCharacteristics, _In_ PUNICODE_STRING DllName, _Out_opt_ PVOID *DllHandle)
NTSTATUS NTAPI	LdrFindEntryForAddress (_In_ PVOID Address, _Out_ PLDR_DATA_TABLE_ENTRY *Module)
NTSTATUS NTAPI	LdrGetProcedureAddress (_In_ PVOID BaseAddress, _In_ PANSI_STRING Name, _In_ ULONG Ordinal, _Out_ PVOID *ProcedureAddress)
VOID NTAPI	LdrInitializeThunk (ULONG Unknown1, ULONG Unknown2, ULONG Unknown3, ULONG Unknown4)
NTSTATUS NTAPI	LdrLoadDll (_In_opt_ PWSTR SearchPath, _In_opt_ PULONG LoadFlags, _In_ PUNICODE_STRING Name, _Out_opt_ PVOID *BaseAddress)
PIMAGE_BASE_RELOCATION NTAPI	LdrProcessRelocationBlock (_In_ ULONG_PTR Address, _In_ ULONG Count, _In_ PUSHORT TypeOffset, _In_ LONG_PTR Delta)
NTSTATUS NTAPI	LdrQueryImageFileExecutionOptions (_In_ PUNICODE_STRING SubKey, _In_ PCWSTR ValueName, _In_ ULONG ValueSize, _Out_ PVOID Buffer, _In_ ULONG BufferSize, _Out_opt_ PULONG RetunedLength)
NTSTATUS NTAPI	LdrQueryProcessModuleInformation (_In_opt_ PRTL_PROCESS_MODULES ModuleInformation, _In_opt_ ULONG Size, _Out_ PULONG ReturnedSize)
VOID NTAPI	LdrSetDllManifestProber (_In_ PLDR_MANIFEST_PROBER_ROUTINE Routine)
NTSTATUS NTAPI	LdrShutdownProcess (VOID)
NTSTATUS NTAPI	LdrShutdownThread (VOID)
NTSTATUS NTAPI	LdrUnloadDll (_In_ PVOID BaseAddress)
NTSTATUS NTAPI	LdrVerifyImageMatchesChecksum (_In_ HANDLE FileHandle, _In_ PLDR_CALLBACK Callback, _In_ PVOID CallbackContext, _Out_ PUSHORT ImageCharacterstics)
NTSTATUS NTAPI	LdrOpenImageFileOptionsKey (_In_ PUNICODE_STRING SubKey, _In_ BOOLEAN Wow64, _Out_ PHANDLE NewKeyHandle)
NTSTATUS NTAPI	LdrQueryImageFileKeyOption (_In_ HANDLE KeyHandle, _In_ PCWSTR ValueName, _In_ ULONG Type, _Out_ PVOID Buffer, _In_ ULONG BufferSize, _Out_opt_ PULONG ReturnedLength)

Typedef Documentation

PLDR_CALLBACK

typedef VOID(NTAPI * PLDR_CALLBACK) (PVOID CallbackContext, PCHAR Name)

Definition at line 217 of file umfuncs.h.

Function Documentation

DbgBreakPointWithStatus()

__analysis_noreturn NTSYSAPI VOID NTAPI DbgBreakPointWithStatus

(

_In_ ULONG

Status

)

Referenced by ExpDebuggerWorker(), ExpInitializeExecutive(), i8042KbdInterruptService(), KeUpdateSystemTime(), KiBugCheckDebugBreak(), KiInitializeSystem(), KiSystemStartup(), and vDbgPrintExWithPrefixInternal().

DbgUiConnectToDbg()

NTSTATUS NTAPI DbgUiConnectToDbg

(

VOID

)

Definition at line 25 of file dbgui.c.

{
    OBJECT_ATTRIBUTES ObjectAttributes;

    /* Don't connect twice */
    if (NtCurrentTeb()->DbgSsReserved[1]) return STATUS_SUCCESS;

    /* Setup the Attributes */
    InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, 0);

    /* Create the object */
    return ZwCreateDebugObject(&NtCurrentTeb()->DbgSsReserved[1],
                               DEBUG_OBJECT_ALL_ACCESS,
                               &ObjectAttributes,
                               DBGK_KILL_PROCESS_ON_EXIT);
}

Referenced by CreateProcessInternalW(), DebugActiveProcess(), and Main().

DbgUiContinue()

NTSTATUS NTAPI DbgUiContinue	(	_In_ PCLIENT_ID	ClientId,
		_In_ NTSTATUS	ContinueStatus
	)

DbgUiConvertStateChangeStructure()

NTSTATUS NTAPI DbgUiConvertStateChangeStructure	(	_In_ PDBGUI_WAIT_STATE_CHANGE	WaitStateChange,
		_In_ PVOID	DebugEvent
	)

DbgUiDebugActiveProcess()

NTSTATUS NTAPI DbgUiDebugActiveProcess

(

_In_ HANDLE

Process

)

DbgUiGetThreadDebugObject()

HANDLE NTAPI DbgUiGetThreadDebugObject

(

VOID

)

Definition at line 333 of file dbgui.c.

{
    /* Just return the handle from the TEB */
    return NtCurrentTeb()->DbgSsReserved[1];
}

Referenced by CreateProcessInternalW(), and DebugSetProcessKillOnExit().

DbgUiIssueRemoteBreakin()

NTSTATUS NTAPI DbgUiIssueRemoteBreakin

(

_In_ HANDLE

Process

)

DbgUiRemoteBreakin()

VOID NTAPI DbgUiRemoteBreakin

(

VOID

)

Definition at line 289 of file dbgui.c.

{
    /* Make sure a debugger is enabled; if so, breakpoint */
    if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();

    /* Exit the thread */
    RtlExitUserThread(STATUS_SUCCESS);
}

Referenced by DbgUiIssueRemoteBreakin().

DbgUiStopDebugging()

NTSTATUS NTAPI DbgUiStopDebugging

(

_In_ HANDLE

Process

)

DbgUiWaitStateChange()

NTSYSAPI NTSTATUS NTAPI DbgUiWaitStateChange	(	_In_ PDBGUI_WAIT_STATE_CHANGE	DbgUiWaitStateCange,
		_In_ PLARGE_INTEGER	TimeOut
	)

LdrAddRefDll()

NTSTATUS NTAPI LdrAddRefDll	(	_In_ ULONG	Flags,
		_In_ PVOID	BaseAddress
	)

LdrDisableThreadCalloutsForDll()

NTSTATUS NTAPI LdrDisableThreadCalloutsForDll

(

_In_ PVOID

BaseAddress

)

LdrFindEntryForAddress()

NTSTATUS NTAPI LdrFindEntryForAddress	(	_In_ PVOID	Address,
		_Out_ PLDR_DATA_TABLE_ENTRY *	Module
	)

LdrGetDllHandle()

NTSTATUS NTAPI LdrGetDllHandle	(	_In_opt_ PWSTR	DllPath,
		_In_ PULONG	DllCharacteristics,
		_In_ PUNICODE_STRING	DllName,
		_Out_ PVOID *	DllHandle
	)

LdrGetDllHandleEx()

NTSTATUS NTAPI LdrGetDllHandleEx	(	_In_ ULONG	Flags,
		_In_opt_ PWSTR	DllPath,
		_In_opt_ PULONG	DllCharacteristics,
		_In_ PUNICODE_STRING	DllName,
		_Out_opt_ PVOID *	DllHandle
	)

LdrGetProcedureAddress()

NTSTATUS NTAPI LdrGetProcedureAddress	(	_In_ PVOID	BaseAddress,
		_In_ PANSI_STRING	Name,
		_In_ ULONG	Ordinal,
		_Out_ PVOID *	ProcedureAddress
	)

LdrInitializeThunk()

VOID NTAPI LdrInitializeThunk	(	ULONG	Unknown1,
		ULONG	Unknown2,
		ULONG	Unknown3,
		ULONG	Unknown4
	)

LdrLoadDll()

NTSTATUS NTAPI LdrLoadDll	(	_In_opt_ PWSTR	SearchPath,
		_In_opt_ PULONG	LoadFlags,
		_In_ PUNICODE_STRING	Name,
		_Out_opt_ PVOID *	BaseAddress
	)

LdrOpenImageFileOptionsKey()

NTSTATUS NTAPI LdrOpenImageFileOptionsKey	(	_In_ PUNICODE_STRING	SubKey,
		_In_ BOOLEAN	Wow64,
		_Out_ PHANDLE	NewKeyHandle
	)

LdrProcessRelocationBlock()

PIMAGE_BASE_RELOCATION NTAPI LdrProcessRelocationBlock	(	_In_ ULONG_PTR	Address,
		_In_ ULONG	Count,
		_In_ PUSHORT	TypeOffset,
		_In_ LONG_PTR	Delta
	)

LdrQueryImageFileExecutionOptions()

NTSTATUS NTAPI LdrQueryImageFileExecutionOptions	(	_In_ PUNICODE_STRING	SubKey,
		_In_ PCWSTR	ValueName,
		_In_ ULONG	ValueSize,
		_Out_ PVOID	Buffer,
		_In_ ULONG	BufferSize,
		_Out_opt_ PULONG	RetunedLength
	)

LdrQueryImageFileKeyOption()

NTSTATUS NTAPI LdrQueryImageFileKeyOption	(	_In_ HANDLE	KeyHandle,
		_In_ PCWSTR	ValueName,
		_In_ ULONG	Type,
		_Out_ PVOID	Buffer,
		_In_ ULONG	BufferSize,
		_Out_opt_ PULONG	ReturnedLength
	)

LdrQueryProcessModuleInformation()

NTSTATUS NTAPI LdrQueryProcessModuleInformation	(	_In_opt_ PRTL_PROCESS_MODULES	ModuleInformation,
		_In_opt_ ULONG	Size,
		_Out_ PULONG	ReturnedSize
	)

LdrSetDllManifestProber()

VOID NTAPI LdrSetDllManifestProber

(

_In_ PLDR_MANIFEST_PROBER_ROUTINE

Routine

)

Definition at line 73 of file ldrapi.c.

{
    LdrpManifestProberRoutine = Routine;
}

Referenced by DllMain().

LdrShutdownProcess()

NTSTATUS NTAPI LdrShutdownProcess

(

VOID

)

Definition at line 939 of file ldrinit.c.

{
    PPEB Peb = NtCurrentPeb();
    PLDR_DATA_TABLE_ENTRY LdrEntry;
    PLIST_ENTRY NextEntry, ListHead;
    RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
    PVOID EntryPoint;

    DPRINT("LdrShutdownProcess() called for %wZ\n", &LdrpImageEntry->BaseDllName);
    if (LdrpShutdownInProgress) return STATUS_SUCCESS;

    /* Tell the Shim Engine */
    if (g_ShimsEnabled)
    {
        VOID(NTAPI *SE_ProcessDying)();
        SE_ProcessDying = RtlDecodeSystemPointer(g_pfnSE_ProcessDying);
        SE_ProcessDying();
    }

    /* Tell the world */
    if (ShowSnaps)
    {
        DPRINT1("\n");
    }

    /* Set the shutdown variables */
    LdrpShutdownThreadId = NtCurrentTeb()->RealClientId.UniqueThread;
    LdrpShutdownInProgress = TRUE;

    /* Enter the Loader Lock */
    RtlEnterCriticalSection(&LdrpLoaderLock);

    /* Cleanup trace logging data (Etw) */
    if (SharedUserData->TraceLogging)
    {
        /* FIXME */
        DPRINT1("We don't support Etw yet.\n");
    }

    /* Start at the end */
    ListHead = &Peb->Ldr->InInitializationOrderModuleList;
    NextEntry = ListHead->Blink;
    while (NextEntry != ListHead)
    {
        /* Get the current entry */
        LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InInitializationOrderLinks);
        NextEntry = NextEntry->Blink;

        /* Make sure it's not ourselves */
        if (Peb->ImageBaseAddress != LdrEntry->DllBase)
        {
            /* Get the entrypoint */
            EntryPoint = LdrEntry->EntryPoint;

            /* Check if we are ready to call it */
            if (EntryPoint &&
                (LdrEntry->Flags & LDRP_PROCESS_ATTACH_CALLED) &&
                LdrEntry->Flags)
            {
                /* Set up the Act Ctx */
                ActCtx.Size = sizeof(ActCtx);
                ActCtx.Format = 1;
                RtlZeroMemory(&ActCtx.Frame, sizeof(RTL_ACTIVATION_CONTEXT_STACK_FRAME));

                /* Activate the ActCtx */
                RtlActivateActivationContextUnsafeFast(&ActCtx,
                                                       LdrEntry->EntryPointActivationContext);

                _SEH2_TRY
                {
                    /* Check if it has TLS */
                    if (LdrEntry->TlsIndex)
                    {
                        /* Call TLS */
                        LdrpCallTlsInitializers(LdrEntry, DLL_PROCESS_DETACH);
                    }

                    /* Call the Entrypoint */
                    DPRINT("%wZ - Calling entry point at %p for thread detaching\n",
                           &LdrEntry->BaseDllName, LdrEntry->EntryPoint);
                    LdrpCallInitRoutine(EntryPoint,
                                        LdrEntry->DllBase,
                                        DLL_PROCESS_DETACH,
                                        (PVOID)1);
                }
                _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                {
                    DPRINT1("WARNING: Exception 0x%x during LdrpCallInitRoutine(DLL_PROCESS_DETACH) for %wZ\n",
                            _SEH2_GetExceptionCode(), &LdrEntry->BaseDllName);
                }
                _SEH2_END;

                /* Deactivate the ActCtx */
                RtlDeactivateActivationContextUnsafeFast(&ActCtx);
            }
        }
    }

    /* Check for TLS */
    if (LdrpImageHasTls)
    {
        /* Set up the Act Ctx */
        ActCtx.Size = sizeof(ActCtx);
        ActCtx.Format = 1;
        RtlZeroMemory(&ActCtx.Frame, sizeof(RTL_ACTIVATION_CONTEXT_STACK_FRAME));

        /* Activate the ActCtx */
        RtlActivateActivationContextUnsafeFast(&ActCtx,
                                               LdrpImageEntry->EntryPointActivationContext);

        _SEH2_TRY
        {
            /* Do TLS callbacks */
            LdrpCallTlsInitializers(LdrpImageEntry, DLL_PROCESS_DETACH);
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Do nothing */
        }
        _SEH2_END;

        /* Deactivate the ActCtx */
        RtlDeactivateActivationContextUnsafeFast(&ActCtx);
    }

    /* FIXME: Do Heap detection and Etw final shutdown */

    /* Release the lock */
    RtlLeaveCriticalSection(&LdrpLoaderLock);
    DPRINT("LdrpShutdownProcess() done\n");

    return STATUS_SUCCESS;
}

LdrShutdownThread()

NTSTATUS NTAPI LdrShutdownThread

(

VOID

)

Definition at line 1078 of file ldrinit.c.

{
    PPEB Peb = NtCurrentPeb();
    PTEB Teb = NtCurrentTeb();
    PLDR_DATA_TABLE_ENTRY LdrEntry;
    PLIST_ENTRY NextEntry, ListHead;
    RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
    PVOID EntryPoint;

    DPRINT("LdrShutdownThread() called for %wZ\n",
            &LdrpImageEntry->BaseDllName);

    /* Cleanup trace logging data (Etw) */
    if (SharedUserData->TraceLogging)
    {
        /* FIXME */
        DPRINT1("We don't support Etw yet.\n");
    }

    /* Get the Ldr Lock */
    RtlEnterCriticalSection(&LdrpLoaderLock);

    /* Start at the end */
    ListHead = &Peb->Ldr->InInitializationOrderModuleList;
    NextEntry = ListHead->Blink;
    while (NextEntry != ListHead)
    {
        /* Get the current entry */
        LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InInitializationOrderLinks);
        NextEntry = NextEntry->Blink;

        /* Make sure it's not ourselves */
        if (Peb->ImageBaseAddress != LdrEntry->DllBase)
        {
            /* Check if we should call */
            if (!(LdrEntry->Flags & LDRP_DONT_CALL_FOR_THREADS) &&
                (LdrEntry->Flags & LDRP_PROCESS_ATTACH_CALLED) &&
                (LdrEntry->Flags & LDRP_IMAGE_DLL))
            {
                /* Get the entrypoint */
                EntryPoint = LdrEntry->EntryPoint;

                /* Check if we are ready to call it */
                if (EntryPoint)
                {
                    /* Set up the Act Ctx */
                    ActCtx.Size = sizeof(ActCtx);
                    ActCtx.Format = 1;
                    RtlZeroMemory(&ActCtx.Frame, sizeof(RTL_ACTIVATION_CONTEXT_STACK_FRAME));

                    /* Activate the ActCtx */
                    RtlActivateActivationContextUnsafeFast(&ActCtx,
                                                           LdrEntry->EntryPointActivationContext);

                    _SEH2_TRY
                    {
                        /* Check if it has TLS */
                        if (LdrEntry->TlsIndex)
                        {
                            /* Make sure we're not shutting down */
                            if (!LdrpShutdownInProgress)
                            {
                                /* Call TLS */
                                LdrpCallTlsInitializers(LdrEntry, DLL_THREAD_DETACH);
                            }
                        }

                        /* Make sure we're not shutting down */
                        if (!LdrpShutdownInProgress)
                        {
                            /* Call the Entrypoint */
                            DPRINT("%wZ - Calling entry point at %p for thread detaching\n",
                                   &LdrEntry->BaseDllName, LdrEntry->EntryPoint);
                            LdrpCallInitRoutine(EntryPoint,
                                                LdrEntry->DllBase,
                                                DLL_THREAD_DETACH,
                                                NULL);
                        }
                    }
                    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                    {
                        DPRINT1("WARNING: Exception 0x%x during LdrpCallInitRoutine(DLL_THREAD_DETACH) for %wZ\n",
                                _SEH2_GetExceptionCode(), &LdrEntry->BaseDllName);
                    }
                    _SEH2_END;

                    /* Deactivate the ActCtx */
                    RtlDeactivateActivationContextUnsafeFast(&ActCtx);
                }
            }
        }
    }

    /* Check for TLS */
    if (LdrpImageHasTls)
    {
        /* Set up the Act Ctx */
        ActCtx.Size = sizeof(ActCtx);
        ActCtx.Format = 1;
        RtlZeroMemory(&ActCtx.Frame, sizeof(RTL_ACTIVATION_CONTEXT_STACK_FRAME));

        /* Activate the ActCtx */
        RtlActivateActivationContextUnsafeFast(&ActCtx,
                                               LdrpImageEntry->EntryPointActivationContext);

        _SEH2_TRY
        {
            /* Do TLS callbacks */
            LdrpCallTlsInitializers(LdrpImageEntry, DLL_THREAD_DETACH);
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Do nothing */
        }
        _SEH2_END;

        /* Deactivate the ActCtx */
        RtlDeactivateActivationContextUnsafeFast(&ActCtx);
    }

    /* Free TLS */
    LdrpFreeTls();
    RtlLeaveCriticalSection(&LdrpLoaderLock);

    /* Check for expansion slots */
    if (Teb->TlsExpansionSlots)
    {
        /* Free expansion slots */
        RtlFreeHeap(RtlGetProcessHeap(), 0, Teb->TlsExpansionSlots);
    }

    /* Check for FLS Data */
    if (Teb->FlsData)
    {
        /* Mimic BaseRundownFls */
        ULONG n, FlsHighIndex;
        PRTL_FLS_DATA pFlsData;
        PFLS_CALLBACK_FUNCTION lpCallback;

        pFlsData = Teb->FlsData;

        RtlAcquirePebLock();
        FlsHighIndex = NtCurrentPeb()->FlsHighIndex;
        RemoveEntryList(&pFlsData->ListEntry);
        RtlReleasePebLock();

        for (n = 1; n <= FlsHighIndex; ++n)
        {
            lpCallback = NtCurrentPeb()->FlsCallback[n];
            if (lpCallback && pFlsData->Data[n])
            {
                lpCallback(pFlsData->Data[n]);
            }
        }

        RtlFreeHeap(RtlGetProcessHeap(), 0, pFlsData);
        Teb->FlsData = NULL;
    }

    /* Check for Fiber data */
    if (Teb->HasFiberData)
    {
        /* Free Fiber data*/
        RtlFreeHeap(RtlGetProcessHeap(), 0, Teb->NtTib.FiberData);
        Teb->NtTib.FiberData = NULL;
    }

    /* Free the activation context stack */
    RtlFreeThreadActivationContextStack();
    DPRINT("LdrShutdownThread() done\n");

    return STATUS_SUCCESS;
}

LdrUnloadDll()

NTSTATUS NTAPI LdrUnloadDll

(

_In_ PVOID

BaseAddress

)

LdrVerifyImageMatchesChecksum()

NTSTATUS NTAPI LdrVerifyImageMatchesChecksum	(	_In_ HANDLE	FileHandle,
		_In_ PLDR_CALLBACK	Callback,
		_In_ PVOID	CallbackContext,
		_Out_ PUSHORT	ImageCharacterstics
	)