Include dependency graph for umfuncs.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Typedefs | |
| typedef VOID(NTAPI * | PLDR_CALLBACK) (PVOID CallbackContext, PCHAR Name) |
Typedef Documentation
◆ PLDR_CALLBACK
Function Documentation
◆ DbgBreakPointWithStatus()
◆ DbgUiConnectToDbg()
Definition at line 25 of file dbgui.c.
26{
28
29 /* Don't connect twice */
31
32 /* Setup the Attributes */
34
35 /* Create the object */
38 &ObjectAttributes,
40}
NTSYSAPI NTSTATUS NTAPI ZwCreateDebugObject(_Out_ PHANDLE DebugHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ ULONG Flags)
Definition: umtypes.h:182
Referenced by CreateProcessInternalW(), DebugActiveProcess(), and Main().
◆ DbgUiContinue()
◆ DbgUiConvertStateChangeStructure()
| NTSTATUS NTAPI DbgUiConvertStateChangeStructure | ( | _In_ PDBGUI_WAIT_STATE_CHANGE | WaitStateChange, |
| _In_ PVOID | DebugEvent | ||
| ) |
◆ DbgUiDebugActiveProcess()
◆ DbgUiGetThreadDebugObject()
Definition at line 333 of file dbgui.c.
334{
335 /* Just return the handle from the TEB */
337}
Referenced by CreateProcessInternalW(), and DebugSetProcessKillOnExit().
◆ DbgUiIssueRemoteBreakin()
◆ DbgUiRemoteBreakin()
Definition at line 289 of file dbgui.c.
290{
291 /* Make sure a debugger is enabled; if so, breakpoint */
293
294 /* Exit the thread */
296}
NTSYSAPI void WINAPI DbgBreakPoint(void)
NTSYSAPI VOID NTAPI RtlExitUserThread(_In_ NTSTATUS Status)
Referenced by DbgUiIssueRemoteBreakin().
◆ DbgUiStopDebugging()
◆ DbgUiWaitStateChange()
| NTSYSAPI NTSTATUS NTAPI DbgUiWaitStateChange | ( | _In_ PDBGUI_WAIT_STATE_CHANGE | DbgUiWaitStateCange, |
| _In_ PLARGE_INTEGER | TimeOut | ||
| ) |
◆ LdrAddRefDll()
Definition at line 1205 of file ldrapi.c.
1208{
1209 PLDR_DATA_TABLE_ENTRY LdrEntry;
1213
1214 /* Check for invalid flags */
1216 {
1217 /* Fail with invalid parameter status if so */
1219 goto quickie;
1220 }
1221
1222 /* Acquire the loader lock if not in init phase */
1224 {
1225 /* Acquire the lock */
1229 }
1230
1231 /* Get this module's data table entry */
1233 {
1234 if (!LdrEntry)
1235 {
1236 /* Shouldn't happen */
1238 goto quickie;
1239 }
1240
1241 /* If this is not a pinned module */
1243 {
1244 /* Update its load count */
1246 {
1247 /* Pin it by setting load count to -1 */
1248 LdrEntry->LoadCount = 0xFFFF;
1250 }
1251 else
1252 {
1253 /* Increase its load count by one */
1254 LdrEntry->LoadCount++;
1256 }
1257
1258 /* Clear load in progress */
1259 LdrpClearLoadInProgress();
1260 }
1261 }
1262 else
1263 {
1264 /* There was an error getting this module's handle, return invalid param status */
1266 }
1267
1268quickie:
1269 /* Check for error case */
1271 {
1272 /* Print debug information */
1276 {
1278 }
1279 }
1280
1281 /* Release the lock if needed */
1284}
NTSTATUS NTAPI LdrUnlockLoaderLock(_In_ ULONG Flags, _In_opt_ ULONG_PTR Cookie)
Definition: ldrapi.c:101
NTSTATUS NTAPI LdrLockLoaderLock(_In_ ULONG Flags, _Out_opt_ PULONG Disposition, _Out_opt_ PULONG_PTR Cookie)
Definition: ldrapi.c:174
#define LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS
Definition: ldrtypes.h:86
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
Definition: mmfuncs.h:404
BOOLEAN NTAPI LdrpCheckForLoadedDllHandle(IN PVOID Base, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
Definition: ldrutils.c:1600
VOID NTAPI LdrpUpdateLoadCount2(IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Flags)
Definition: ldrutils.c:434
Definition: btrfs_drv.h:1876
Referenced by BasepGetModuleHandleExW(), GetModuleHandleExW(), and tp_object_initialize().
◆ LdrDisableThreadCalloutsForDll()
Definition at line 1154 of file ldrapi.c.
1156{
1157 PLDR_DATA_TABLE_ENTRY LdrEntry;
1159 BOOLEAN LockHeld;
1162
1163 /* Don't do it during shutdown */
1165
1166 /* Check if we should grab the lock */
1167 LockHeld = FALSE;
1169 {
1170 /* Grab the lock */
1173 LockHeld = TRUE;
1174 }
1175
1176 /* Make sure the DLL is valid and get its entry */
1179 {
1180 /* Get if it has a TLS slot */
1182 {
1183 /* It doesn't, so you're allowed to call this */
1186 }
1187 }
1188
1189 /* Check if the lock was held */
1190 if (LockHeld)
1191 {
1192 /* Release it */
1194 }
1195
1196 /* Return the status */
1198}
◆ LdrFindEntryForAddress()
Definition at line 425 of file ldrapi.c.
428{
429 PLIST_ENTRY ListHead, NextEntry;
430 PLDR_DATA_TABLE_ENTRY LdrEntry;
431 PIMAGE_NT_HEADERS NtHeader;
433 ULONG_PTR DllBase, DllEnd;
434
436
437 /* Nothing to do */
439
440 /* Get the current entry */
441 LdrEntry = Ldr->EntryInProgress;
442 if (LdrEntry)
443 {
444 /* Get the NT Headers */
446 if (NtHeader)
447 {
448 /* Get the Image Base */
451
452 /* Check if they match */
455 {
456 /* Return it */
457 *Module = LdrEntry;
459 }
460 }
461 }
462
463 /* Loop the module list */
464 ListHead = &Ldr->InMemoryOrderModuleList;
465 NextEntry = ListHead->Flink;
466 while (NextEntry != ListHead)
467 {
468 /* Get the entry and NT Headers */
471 if (NtHeader)
472 {
473 /* Get the Image Base */
476
477 /* Check if they match */
480 {
481 /* Return it */
482 *Module = LdrEntry;
484 }
485
486 /* Next Entry */
487 NextEntry = NextEntry->Flink;
488 }
489 }
490
491 /* Nothing found */
493 DPFLTR_WARNING_LEVEL,
494 "LDR: %s() exiting 0x%08lx\n",
495 __FUNCTION__,
496 STATUS_NO_MORE_ENTRIES);
498}
Definition: ntddk_ex.h:181
Definition: typedefs.h:120
Definition: btrfs_drv.h:1892
LIST_ENTRY InMemoryOrderModuleList
Definition: btrfs_drv.h:1895
Referenced by find_query_actctx(), and get_module_filename().
◆ LdrGetDllHandle()
| NTSTATUS NTAPI LdrGetDllHandle | ( | _In_opt_ PWSTR | DllPath, |
| _In_opt_ PULONG | DllCharacteristics, | ||
| _In_ PUNICODE_STRING | DllName, | ||
| _Out_ PVOID * | DllHandle | ||
| ) |
Definition at line 770 of file ldrapi.c.
775{
776 /* Call the newer API */
778 DllPath,
779 DllCharacteristics,
780 DllName,
781 DllHandle);
782}
NTSTATUS NTAPI LdrGetDllHandleEx(_In_ ULONG Flags, _In_opt_ PWSTR DllPath, _In_opt_ PULONG DllCharacteristics, _In_ PUNICODE_STRING DllName, _Out_opt_ PVOID *DllHandle)
Definition: ldrapi.c:505
#define LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT
Definition: ldrtypes.h:91
Referenced by BroadcastDriveLetterChange(), CsrClientConnectToServer(), CsrConnectToUser(), FirstSoundSentry(), GetModuleHandleForUnicodeString(), SeiAddHooks(), SeiFindHookModuleInfoForImportDescriptor(), and SeiInit().
◆ LdrGetDllHandleEx()
| NTSTATUS NTAPI LdrGetDllHandleEx | ( | _In_ ULONG | Flags, |
| _In_opt_ PWSTR | DllPath, | ||
| _In_opt_ PULONG | DllCharacteristics, | ||
| _In_ PUNICODE_STRING | DllName, | ||
| _Out_opt_ PVOID * | DllHandle | ||
| ) |
Definition at line 505 of file ldrapi.c.
511{
513 PLDR_DATA_TABLE_ENTRY LdrEntry;
516 PWCHAR p1, p2, p3;
520
521 /* Initialize the strings */
523 RtlInitEmptyUnicodeString(&RawDllName, NULL, 0);
524 RedirectName = *DllName;
525 pRedirectName = &RedirectName;
526
527 /* Initialize state */
529 LdrEntry = NULL;
530 Cookie = 0;
531
532 /* Clear the handle */
534
535 /* Check for a valid flag combination */
538 {
541 goto Quickie;
542 }
543
544 /* If not initializing */
546 {
547 /* Acquire the lock */
550
551 /* Remember we own it */
553 }
554
558 {
560 goto Quickie;
561 }
562
563 /* Set default failure code */
565
566 /* Use the cache if we can */
568 {
569 /* Check if we were redirected */
570 if (RedirectedDll)
571 {
572 /* Check the flag */
574 {
575 goto DontCompare;
576 }
577
578 /* Use the right name */
580 }
581 else
582 {
583 /* Check the flag */
585 {
586 goto DontCompare;
587 }
588
589 /* Use the right name */
591 }
592
593 /* Check if the name matches */
595 CompareName,
596 TRUE))
597 {
598 /* Skip the rest */
599 LdrEntry = LdrpGetModuleHandleCache;
600
601 /* Return success */
603 goto Quickie;
604 }
605 }
606
607DontCompare:
608 /* Find the name without the extension */
609 p1 = pRedirectName->Buffer;
610 p2 = NULL;
612 while (p1 != p3)
613 {
615 {
616 p2 = p1;
617 }
619 {
620 p2 = NULL;
621 }
622 }
623
624 /* Check if no extension was found or if we got a slash */
626 {
627 /* Check that we have space to add one */
631 {
632 /* No space to add the extension */
634 goto Quickie;
635 }
636
637 /* Setup the string */
641 0,
642 RawDllName.MaximumLength);
644 {
646 goto Quickie;
647 }
648
649 /* Copy the string and add extension */
650 RtlCopyUnicodeString(&RawDllName, pRedirectName);
652 }
653 else
654 {
655 /* Check if there's something in the name */
658 {
659 /* Check and remove trailing period */
661 {
662 /* Decrease the size */
664 }
665 }
666
667 /* Setup the string */
670 0,
671 RawDllName.MaximumLength);
673 {
675 goto Quickie;
676 }
677
678 /* Copy the string */
679 RtlCopyUnicodeString(&RawDllName, pRedirectName);
680 }
681
682 /* Display debug string */
684 {
686 &RawDllName,
688 }
689
690 /* Do the lookup */
692 &RawDllName,
694 RedirectedDll,
695 &LdrEntry))
696 {
697 /* Update cached entry */
698 LdrpGetModuleHandleCache = LdrEntry;
699
700 /* Return success */
702 }
703 else
704 {
705 /* Make sure to NULL this */
706 LdrEntry = NULL;
707 }
708Quickie:
709 /* The success path must have a valid loader entry */
711
712 /* Check if we got an entry and success */
715 {
716 /* Check if the DLL is locked */
719 {
720 /* Check what to do with the load count */
722 {
723 /* Pin it */
724 LdrEntry->LoadCount = 0xFFFF;
725 LoadFlag = LDRP_UPDATE_PIN;
726 }
727 else
728 {
729 /* Increase the load count */
730 LdrEntry->LoadCount++;
731 LoadFlag = LDRP_UPDATE_REFCOUNT;
732 }
733
734 /* Update the load count now */
735 LdrpUpdateLoadCount2(LdrEntry, LoadFlag);
736 LdrpClearLoadInProgress();
737 }
738
739 /* Check if the caller is requesting the handle */
741 }
742
743 /* Free string if needed */
745
746 /* Free the raw DLL Name if needed */
748 {
749 /* Free the heap-allocated buffer */
752 }
753
754 /* Release lock */
756 {
758 Cookie);
759 }
760
761 /* Return */
763}
IN PUNICODE_STRING IN PUNICODE_STRING DynamicString
Definition: RtlGetFullPathName_UstrEx.c:30
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:616
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:634
NTSYSAPI VOID NTAPI RtlCopyUnicodeString(PUNICODE_STRING DestinationString, PUNICODE_STRING SourceString)
NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeStringToString(PUNICODE_STRING Destination, PUNICODE_STRING Source)
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
#define UNICODE_NULL
#define UNICODE_STRING_MAX_BYTES
#define ANSI_NULL
NTSYSAPI NTSTATUS NTAPI LdrpApplyFileNameRedirection(_In_ PUNICODE_STRING OriginalName, _In_ PUNICODE_STRING Extension, _Inout_opt_ PUNICODE_STRING StaticString, _Inout_opt_ PUNICODE_STRING DynamicString, _Inout_ PUNICODE_STRING *NewName, _Inout_ PBOOLEAN RedirectedDll)
BOOLEAN NTAPI LdrpCheckForLoadedDll(IN PWSTR DllPath, IN PUNICODE_STRING DllName, IN BOOLEAN Flag, IN BOOLEAN RedirectedDll, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
Definition: ldrutils.c:1958
Definition: env_spec_w32.h:368
Referenced by GetModuleHandleExW(), LdrGetDllHandle(), load_library(), and LoadLibraryExW().
◆ LdrGetProcedureAddress()
| NTSTATUS NTAPI LdrGetProcedureAddress | ( | _In_ PVOID | BaseAddress, |
| _In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING | Name, | ||
| _In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG | Ordinal, | ||
| _Out_ PVOID * | ProcedureAddress | ||
| ) |
Definition at line 789 of file ldrapi.c.
794{
795 /* Call the internal routine and tell it to execute DllInit */
797}
NTSTATUS NTAPI LdrpGetProcedureAddress(_In_ PVOID BaseAddress, _In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING Name, _In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG Ordinal, _Out_ PVOID *ProcedureAddress, _In_ BOOLEAN ExecuteInit)
Definition: ldrutils.c:2231
Referenced by BaseInitApphelp(), BasepReplaceProcessThreadTokens(), BaseSrvDelayLoadKernel32(), BroadcastDriveLetterChange(), CsrClientConnectToServer(), CsrConnectToUser(), CsrLoadServerDll(), FirstSoundSentry(), get_proc_address(), GetProcAddress(), InitApphelp(), LdrpInitializeProcess(), LoadOle32Export(), LsapAddAuthPackage(), SeiCreateShimModuleInfo(), and SeiResolveAPI().
◆ LdrInitializeThunk()
◆ LdrLoadDll()
| NTSTATUS NTAPI LdrLoadDll | ( | _In_opt_ PWSTR | SearchPath, |
| _In_opt_ PULONG | DllCharacteristics, | ||
| _In_ PUNICODE_STRING | DllName, | ||
| _Out_ PVOID * | BaseAddress | ||
| ) |
Definition at line 312 of file ldrapi.c.
317{
323 PUNICODE_STRING OldTldDll;
325
326 /* Initialize the strings */
329
330 Status = LdrpApplyFileNameRedirection(DllName, &LdrApiDefaultExtension, &StaticString, &DynamicString, &DllName, &RedirectedDll);
331
332 /* Lock the loader lock */
334
335 /* Check if there's a TLD DLL being loaded */
336 OldTldDll = LdrpTopLevelDllBeingLoaded;
337 _SEH2_TRY
338 {
339
340 if (OldTldDll)
341 {
342 /* This is a recursive load, do something about it? */
344 {
345 /* Print out debug messages */
352 OldTldDll);
356 DllName);
357
358 /* Was it initializing too? */
360 {
364 }
365 else
366 {
371 }
372 }
373 }
374
375 /* Set this one as the TLD DLL being loaded*/
376 LdrpTopLevelDllBeingLoaded = DllName;
377
378 /* Load the DLL */
380 SearchPath,
381 DllCharacteristics,
382 DllName,
383 BaseAddress,
384 TRUE);
386 {
388 }
393 {
395 DPFLTR_WARNING_LEVEL,
396 "LDR: %s - failing because LdrpLoadDll(%wZ) returned status %x\n",
397 __FUNCTION__,
398 DllName,
399 Status);
400 }
401 }
402 _SEH2_FINALLY
403 {
404 /* Restore the old TLD DLL */
405 LdrpTopLevelDllBeingLoaded = OldTldDll;
406
407 /* Release the lock */
409 }
410 _SEH2_END;
411
412 /* Do we have a redirect string? */
415
416 /* Return */
418}
#define LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS
Definition: ldrtypes.h:80
NTSTATUS NTAPI LdrpLoadDll(IN BOOLEAN Redirected, IN PWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *BaseAddress, IN BOOLEAN CallInit)
Definition: ldrutils.c:2414
Definition: compat.h:836
Referenced by AVrfpLoadAndInitializeProvider(), BaseInitApphelp(), BaseSrvDelayLoadKernel32(), CsrLoadServerDll(), InitApphelp(), LdrpInitializeProcess(), load_library(), LoadLibraryExW(), LoadOle32Export(), LsapAddAuthPackage(), SeiInit(), and START_TEST().
◆ LdrOpenImageFileOptionsKey()
| NTSTATUS NTAPI LdrOpenImageFileOptionsKey | ( | _In_ PUNICODE_STRING | SubKey, |
| _In_ BOOLEAN | Wow64, | ||
| _Out_ PHANDLE | NewKeyHandle | ||
| ) |
Definition at line 111 of file ldrinit.c.
115{
116 PHANDLE RootKeyLocation;
118 UNICODE_STRING SubKeyString;
121 PWCHAR p1;
122
123 /* Check which root key to open */
124 if (Wow64)
125 RootKeyLocation = &Wow64ExecOptionsKey;
126 else
127 RootKeyLocation = &ImageExecOptionsKey;
128
129 /* Get the current key */
130 RootKey = *RootKeyLocation;
131
132 /* Setup the object attributes */
134 Wow64 ?
136 OBJ_CASE_INSENSITIVE,
137 NULL,
138 NULL);
139
140 /* Open the root key */
143 {
144 /* Write the key handle */
146 {
147 /* Someone already opened it, use it instead */
149 RootKey = *RootKeyLocation;
150 }
151
152 /* Extract the name */
153 SubKeyString = *SubKey;
156 {
158 p1--;
160 }
161 SubKeyString.Buffer = p1;
163
164 /* Setup the object attributes */
166 &SubKeyString,
167 OBJ_CASE_INSENSITIVE,
168 RootKey,
169 NULL);
170
171 /* Open the setting key */
173 }
174
175 /* Return to caller */
177}
Definition: nsiface.idl:2307
#define InterlockedCompareExchangePointer
Definition: interlocked.h:144
Referenced by CreateProcessInternalW(), LdrpInitializeExecutionOptions(), and LdrQueryImageFileExecutionOptionsEx().
◆ LdrProcessRelocationBlock()
| PIMAGE_BASE_RELOCATION NTAPI LdrProcessRelocationBlock | ( | _In_ ULONG_PTR | Address, |
| _In_ ULONG | Count, | ||
| _In_ PUSHORT | TypeOffset, | ||
| _In_ LONG_PTR | Delta | ||
| ) |
◆ LdrQueryImageFileExecutionOptions()
| NTSTATUS NTAPI LdrQueryImageFileExecutionOptions | ( | _In_ PUNICODE_STRING | SubKey, |
| _In_ PCWSTR | ValueName, | ||
| _In_ ULONG | Type, | ||
| _Out_ PVOID | Buffer, | ||
| _In_ ULONG | BufferSize, | ||
| _Out_opt_ PULONG | ReturnedLength | ||
| ) |
Definition at line 388 of file ldrinit.c.
395{
396 /* Call the newer function */
398 ValueName,
399 Type,
400 Buffer,
401 BufferSize,
402 ReturnedLength,
403 FALSE);
404}
_In_ ULONG _In_ BATTERY_QUERY_INFORMATION_LEVEL _In_ LONG _In_ ULONG _Out_ PULONG ReturnedLength
Definition: batclass.h:188
Definition: bufpool.h:45
NTSTATUS NTAPI LdrQueryImageFileExecutionOptionsEx(_In_ PUNICODE_STRING SubKey, _In_ PCWSTR ValueName, _In_ ULONG Type, _Out_ PVOID Buffer, _In_ ULONG BufferSize, _Out_opt_ PULONG ReturnedLength, _In_ BOOLEAN Wow64)
Definition: ldrinit.c:349
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING ValueName
Definition: wdfregistry.h:243
Referenced by LdrpRunInitializeRoutines(), and SmpLoadSubSystemsForMuSession().
◆ LdrQueryImageFileKeyOption()
| NTSTATUS NTAPI LdrQueryImageFileKeyOption | ( | _In_ HANDLE | KeyHandle, |
| _In_ PCWSTR | ValueName, | ||
| _In_ ULONG | Type, | ||
| _Out_ PVOID | Buffer, | ||
| _In_ ULONG | BufferSize, | ||
| _Out_opt_ PULONG | ReturnedLength | ||
| ) |
Definition at line 184 of file ldrinit.c.
191{
192 ULONG KeyInfo[256];
193 UNICODE_STRING ValueNameString, IntegerString;
194 ULONG KeyInfoSize, ResultSize;
198
199 /* Build a string for the value name */
202
203 /* Query the value */
205 &ValueNameString,
207 KeyValueInformation,
208 sizeof(KeyInfo),
209 &ResultSize);
211 {
212 /* Our local buffer wasn't enough, allocate one */
214 KeyValueInformation->DataLength;
215 KeyValueInformation = RtlAllocateHeap(RtlGetProcessHeap(),
216 0,
217 KeyInfoSize);
219 {
220 /* Try again */
222 &ValueNameString,
224 KeyValueInformation,
225 KeyInfoSize,
226 &ResultSize);
227 FreeHeap = TRUE;
228 }
229 else
230 {
231 /* Give up this time */
233 }
234 }
235
236 /* Check for success */
238 {
239 /* Handle binary data */
241 {
242 /* Check validity */
244 {
245 /* Copy into buffer */
247 &KeyValueInformation->Data,
248 KeyValueInformation->DataLength);
249 }
250 else
251 {
253 }
254
255 /* Copy the result length */
257 }
259 {
260 /* Check for valid type */
262 {
263 /* Error */
265 }
266 else
267 {
268 /* Check validity */
272 {
273 /* Copy into buffer */
275 &KeyValueInformation->Data,
276 KeyValueInformation->DataLength);
277 }
278 else
279 {
281 }
282
283 /* Copy the result length */
285 }
286 }
288 {
289 /* We got something weird */
291 }
292 else
293 {
294 /* String, check what you requested */
296 {
297 /* Validate */
299 {
300 /* Invalid size */
301 BufferSize = 0;
303 }
304 else
305 {
306 /* OK, we know what you want... */
312 }
313 }
314 else
315 {
316 /* Validate */
318 {
319 /* Invalid */
321 }
322 else
323 {
324 /* Set the size */
326 }
327
328 /* Copy the string */
330 }
331
332 /* Copy the result length */
334 }
335 }
336
337 /* Check if buffer was in heap */
339
340 /* Return status */
342}
NTSYSAPI NTSTATUS WINAPI RtlInitUnicodeStringEx(PUNICODE_STRING, PCWSTR)
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
Definition: ndis.h:4715
NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToInteger(PUNICODE_STRING String, ULONG Base, PULONG Value)
struct _KEY_VALUE_PARTIAL_INFORMATION KEY_VALUE_PARTIAL_INFORMATION
struct _KEY_VALUE_PARTIAL_INFORMATION * PKEY_VALUE_PARTIAL_INFORMATION
Definition: nt_native.h:1165
Referenced by AVrfReadIFEO(), CreateProcessInternalW(), LdrpInitializeExecutionOptions(), LdrpInitializeProcess(), and LdrQueryImageFileExecutionOptionsEx().
◆ LdrQueryProcessModuleInformation()
| NTSTATUS NTAPI LdrQueryProcessModuleInformation | ( | _Out_writes_bytes_to_(Size, *ReturnedSize) PRTL_PROCESS_MODULES | ModuleInformation, |
| _In_ ULONG | Size, | ||
| _Out_opt_ PULONG | ReturnedSize | ||
| ) |
Definition at line 1076 of file ldrapi.c.
1080{
1081 /* Call Ex version of the API */
1083}
NTSTATUS NTAPI LdrQueryProcessModuleInformationEx(_In_opt_ ULONG ProcessId, _Reserved_ ULONG Reserved, _Out_writes_bytes_to_(Size, *ReturnedSize) PRTL_PROCESS_MODULES ModuleInformation, _In_ ULONG Size, _Out_opt_ PULONG ReturnedSize)
Definition: ldrapi.c:947
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533
Referenced by RtlQueryProcessDebugInformation(), and Test_ProcessModules().
◆ LdrSetDllManifestProber()
| VOID NTAPI LdrSetDllManifestProber | ( | _In_ PLDR_MANIFEST_PROBER_ROUTINE | Routine | ) |
Definition at line 73 of file ldrapi.c.
75{
76 LdrpManifestProberRoutine = Routine;
77}
PLDR_MANIFEST_PROBER_ROUTINE LdrpManifestProberRoutine
Definition: ldrpe.c:18
Referenced by DllMain().
◆ LdrShutdownProcess()
Definition at line 950 of file ldrinit.c.
951{
953 PLDR_DATA_TABLE_ENTRY LdrEntry;
954 PLIST_ENTRY NextEntry, ListHead;
955 RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
956 PVOID EntryPoint;
957
960
961 /* Tell the Shim Engine */
963 {
966 SE_ProcessDying();
967 }
968
969 /* Tell the world */
971 {
973 }
974
975 /* Set the shutdown variables */
978
979 /* Enter the Loader Lock */
981
982 /* Cleanup trace logging data (Etw) */
984 {
985 /* FIXME */
987 }
988
989 /* Start at the end */
991 NextEntry = ListHead->Blink;
992 while (NextEntry != ListHead)
993 {
994 /* Get the current entry */
996 NextEntry = NextEntry->Blink;
997
998 /* Make sure it's not ourselves */
1000 {
1001 /* Get the entrypoint */
1002 EntryPoint = LdrEntry->EntryPoint;
1003
1004 /* Check if we are ready to call it */
1005 if (EntryPoint &&
1007 LdrEntry->Flags)
1008 {
1009 /* Set up the Act Ctx */
1011 ActCtx.Format = 1;
1013
1014 /* Activate the ActCtx */
1015 RtlActivateActivationContextUnsafeFast(&ActCtx,
1016 LdrEntry->EntryPointActivationContext);
1017
1018 _SEH2_TRY
1019 {
1020 /* Check if it has TLS */
1022 {
1023 /* Call TLS */
1025 }
1026
1027 /* Call the Entrypoint */
1030 LdrpCallInitRoutine(EntryPoint,
1031 LdrEntry->DllBase,
1032 DLL_PROCESS_DETACH,
1033 (PVOID)1);
1034 }
1036 {
1039 }
1040 _SEH2_END;
1041
1042 /* Deactivate the ActCtx */
1043 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
1044 }
1045 }
1046 }
1047
1048 /* Check for TLS */
1050 {
1051 /* Set up the Act Ctx */
1053 ActCtx.Format = 1;
1055
1056 /* Activate the ActCtx */
1057 RtlActivateActivationContextUnsafeFast(&ActCtx,
1059
1060 _SEH2_TRY
1061 {
1062 /* Do TLS callbacks */
1064 }
1066 {
1067 /* Do nothing */
1068 }
1069 _SEH2_END;
1070
1071 /* Deactivate the ActCtx */
1072 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
1073 }
1074
1075 /* FIXME: Do Heap detection and Etw final shutdown */
1076
1077 /* Release the lock */
1080
1082}
NTSYSAPI NTSTATUS NTAPI RtlEnterCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
NTSYSAPI NTSTATUS NTAPI RtlLeaveCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
VOID NTAPI LdrpCallTlsInitializers(IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Reason)
Definition: ldrutils.c:447
BOOLEAN NTAPI LdrpCallInitRoutine(IN PDLL_INIT_ROUTINE EntryPoint, IN PVOID BaseAddress, IN ULONG Reason, IN PVOID Context)
Definition: ldrutils.c:100
#define SharedUserData
PACTIVATION_CONTEXT EntryPointActivationContext
Definition: ldrtypes.h:167
LIST_ENTRY InInitializationOrderModuleList
Definition: ldrtypes.h:126
Definition: btrfs_drv.h:1907
◆ LdrShutdownThread()
Definition at line 1089 of file ldrinit.c.
1090{
1093 PLDR_DATA_TABLE_ENTRY LdrEntry;
1094 PLIST_ENTRY NextEntry, ListHead;
1095 RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
1096 PVOID EntryPoint;
1097
1100
1101 /* Cleanup trace logging data (Etw) */
1103 {
1104 /* FIXME */
1106 }
1107
1108 /* Get the Ldr Lock */
1110
1111 /* Start at the end */
1113 NextEntry = ListHead->Blink;
1114 while (NextEntry != ListHead)
1115 {
1116 /* Get the current entry */
1118 NextEntry = NextEntry->Blink;
1119
1120 /* Make sure it's not ourselves */
1122 {
1123 /* Check if we should call */
1127 {
1128 /* Get the entrypoint */
1129 EntryPoint = LdrEntry->EntryPoint;
1130
1131 /* Check if we are ready to call it */
1132 if (EntryPoint)
1133 {
1134 /* Set up the Act Ctx */
1136 ActCtx.Format = 1;
1138
1139 /* Activate the ActCtx */
1140 RtlActivateActivationContextUnsafeFast(&ActCtx,
1141 LdrEntry->EntryPointActivationContext);
1142
1143 _SEH2_TRY
1144 {
1145 /* Check if it has TLS */
1147 {
1148 /* Make sure we're not shutting down */
1150 {
1151 /* Call TLS */
1153 }
1154 }
1155
1156 /* Make sure we're not shutting down */
1158 {
1159 /* Call the Entrypoint */
1162 LdrpCallInitRoutine(EntryPoint,
1163 LdrEntry->DllBase,
1164 DLL_THREAD_DETACH,
1165 NULL);
1166 }
1167 }
1169 {
1172 }
1173 _SEH2_END;
1174
1175 /* Deactivate the ActCtx */
1176 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
1177 }
1178 }
1179 }
1180 }
1181
1182 /* Check for TLS */
1184 {
1185 /* Set up the Act Ctx */
1187 ActCtx.Format = 1;
1189
1190 /* Activate the ActCtx */
1191 RtlActivateActivationContextUnsafeFast(&ActCtx,
1193
1194 _SEH2_TRY
1195 {
1196 /* Do TLS callbacks */
1198 }
1200 {
1201 /* Do nothing */
1202 }
1203 _SEH2_END;
1204
1205 /* Deactivate the ActCtx */
1206 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
1207 }
1208
1209 /* Free TLS */
1210 LdrpFreeTls();
1212
1213 /* Check for expansion slots */
1215 {
1216 /* Free expansion slots */
1218 }
1219
1220 /* Check for FLS Data */
1221 if (Teb->FlsData)
1222 {
1223 /* Mimic BaseRundownFls */
1225 PRTL_FLS_DATA pFlsData;
1226 PFLS_CALLBACK_FUNCTION lpCallback;
1227
1228 pFlsData = Teb->FlsData;
1229
1230 RtlAcquirePebLock();
1231 FlsHighIndex = NtCurrentPeb()->FlsHighIndex;
1233 RtlReleasePebLock();
1234
1236 {
1239 {
1241 }
1242 }
1243
1244 RtlFreeHeap(RtlGetProcessHeap(), 0, pFlsData);
1245 Teb->FlsData = NULL;
1246 }
1247
1248 /* Check for Fiber data */
1249 if (Teb->HasFiberData)
1250 {
1251 /* Free Fiber data*/
1254 }
1255
1256 /* Free the activation context stack */
1259
1261}
NTSYSAPI void WINAPI RtlFreeThreadActivationContextStack(void)
Definition: actctx.c:5515
Definition: rtltypes.h:1216
◆ LdrUnloadDll()
Definition at line 1291 of file ldrapi.c.
1293{
1296 PLDR_DATA_TABLE_ENTRY LdrEntry, CurrentEntry;
1297 PVOID EntryPoint;
1298 PLIST_ENTRY NextEntry;
1299 LIST_ENTRY UnloadList;
1300 RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
1301 PVOID CorImageData;
1302 ULONG ComSectionSize;
1303
1304 /* Get the LDR Lock */
1306
1307 /* Increase the unload count */
1308 LdrpActiveUnloadCount++;
1309
1310 /* Skip unload */
1312
1313 /* Make sure the DLL is valid and get its entry */
1315 {
1317 goto Quickie;
1318 }
1319
1320 /* Check the current Load Count */
1322 {
1323 /* Decrease it */
1324 LdrEntry->LoadCount--;
1325
1326 /* If it's a dll */
1328 {
1329 /* Set up the Act Ctx */
1333
1334 /* Activate the ActCtx */
1335 RtlActivateActivationContextUnsafeFast(&ActCtx,
1336 LdrEntry->EntryPointActivationContext);
1337
1338 /* Update the load count */
1340
1341 /* Release the context */
1342 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
1343 }
1344 }
1345 else
1346 {
1347 /* The DLL is locked */
1348 goto Quickie;
1349 }
1350
1351 /* Show debug message */
1353
1354 /* Check if this is our only unload and initialize the list if so */
1356
1357 /* Loop the modules to build the list */
1360 {
1361 /* Get the entry */
1362 LdrEntry = CONTAINING_RECORD(NextEntry,
1363 LDR_DATA_TABLE_ENTRY,
1364 InInitializationOrderLinks);
1365 NextEntry = NextEntry->Blink;
1366
1367 /* Remove flag */
1368 LdrEntry->Flags &= ~LDRP_UNLOAD_IN_PROGRESS;
1369
1370 /* If the load count is now 0 */
1372 {
1373 /* Show message */
1375 {
1377 LdrpActiveUnloadCount,
1381 LdrEntry->EntryPoint);
1382 }
1383
1384 /* Call Shim Engine and notify */
1386 {
1388 SE_DllUnloaded(LdrEntry);
1389 }
1390
1391 /* Unlink it */
1392 CurrentEntry = LdrEntry;
1396
1397 /* If there's more then one active unload */
1399 {
1400 /* Flush the cached DLL handle and clear the list */
1403 }
1404
1405 /* Add the entry on the unload list */
1407 }
1408 }
1409
1410 /* Only call the entrypoints once */
1412
1413 /* Now loop the unload list and create our own */
1414 InitializeListHead(&UnloadList);
1415 CurrentEntry = NULL;
1418 {
1419 /* Get the current entry */
1421
1422 LdrpRecordUnloadEvent(LdrEntry);
1423
1424 /* Set the entry and clear it from the list */
1425 CurrentEntry = LdrEntry;
1428
1429 /* Move it from the global to the local list */
1432
1433 /* Get the entrypoint */
1434 EntryPoint = LdrEntry->EntryPoint;
1435
1436 /* Check if we should call it */
1438 {
1439 /* Show message */
1441 {
1443 }
1444
1445 /* Set up the Act Ctx */
1449
1450 /* Activate the ActCtx */
1451 RtlActivateActivationContextUnsafeFast(&ActCtx,
1452 LdrEntry->EntryPointActivationContext);
1453
1454 /* Call the entrypoint */
1455 _SEH2_TRY
1456 {
1458 LdrEntry->DllBase,
1459 DLL_PROCESS_DETACH,
1460 NULL);
1461 }
1463 {
1466 }
1467 _SEH2_END;
1468
1469 /* Release the context */
1470 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
1471 }
1472
1473 /* Remove it from the list */
1475 CurrentEntry = NULL;
1477 }
1478
1479 /* Now loop our local list */
1480 NextEntry = UnloadList.Flink;
1481 while (NextEntry != &UnloadList)
1482 {
1483 /* Get the entry */
1485 NextEntry = NextEntry->Flink;
1486 CurrentEntry = LdrEntry;
1487
1488 /* Notify Application Verifier */
1490 {
1491 AVrfDllUnloadNotification(LdrEntry);
1492 }
1493
1494 /* Show message */
1496 {
1498 }
1499
1500#if (_WIN32_WINNT >= _WIN32_WINNT_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA)
1501 /* Send shutdown notification */
1503#endif
1504
1505 /* Check if this is a .NET executable */
1507 TRUE,
1509 &ComSectionSize);
1510 if (CorImageData)
1511 {
1512 /* FIXME */
1514 }
1515
1516 /* Check if we should unmap*/
1518 {
1519 /* Unmap the DLL */
1521 CurrentEntry->DllBase);
1523 }
1524
1525 /* Unload the alternate resource module, if any */
1527
1528 /* Check if a Hotpatch is active */
1530 {
1531 /* FIXME */
1533 }
1534
1535 /* Deallocate the Entry */
1536 LdrpFinalizeAndDeallocateDataTableEntry(CurrentEntry);
1537
1538 /* If this is the cached entry, invalidate it */
1540 {
1542 }
1543 }
1544
1545Quickie:
1546 /* Decrease unload count */
1547 LdrpActiveUnloadCount--;
1549
1550 /* Return to caller */
1552}
NTSTATUS NTAPI NtUnmapViewOfSection(IN HANDLE ProcessHandle, IN PVOID BaseAddress)
Definition: section.c:3483
BOOLEAN NTAPI LdrUnloadAlternateResourceModule(_In_ PVOID BaseAddress)
Definition: ldrapi.c:1603
#define LDR_DLL_NOTIFICATION_REASON_UNLOADED
Definition: ldrtypes.h:204
#define RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER
Definition: rtltypes.h:101
VOID NTAPI LdrpFinalizeAndDeallocateDataTableEntry(IN PLDR_DATA_TABLE_ENTRY Entry)
Definition: ldrutils.c:1577
VOID NTAPI AVrfDllUnloadNotification(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: verifier.c:332
VOID NTAPI LdrpSendDllNotifications(_In_ PLDR_DATA_TABLE_ENTRY DllEntry, _In_ ULONG NotificationReason)
Definition: ldrnotify.c:104
VOID NTAPI LdrpRecordUnloadEvent(_In_ PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: trace.c:28
#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Definition: ntimage.h:489
LIST_ENTRY InInitializationOrderLinks
Definition: ldrtypes.h:144
Referenced by BasepReplaceProcessThreadTokens(), CsrLoadServerDll(), FreeLibrary(), FreeLibraryAndExitThread(), InitApphelp(), LdrpLoadDll(), LdrpUnloadShimEngine(), LsapAddAuthPackage(), PropertyLengthAsVariant(), RtlConvertPropertyToVariant(), RtlConvertVariantToProperty(), START_TEST(), tp_object_execute(), and tp_object_release().
◆ LdrVerifyImageMatchesChecksum()
| NTSTATUS NTAPI LdrVerifyImageMatchesChecksum | ( | _In_ HANDLE | FileHandle, |
| _In_ PLDR_CALLBACK | Callback, | ||
| _In_ PVOID | CallbackContext, | ||
| _Out_ PUSHORT | ImageCharacteristics | ||
| ) |
Definition at line 804 of file ldrapi.c.
809{
810 FILE_STANDARD_INFORMATION FileStandardInfo;
811 PIMAGE_IMPORT_DESCRIPTOR ImportData;
814 PIMAGE_NT_HEADERS NtHeader;
815 HANDLE SectionHandle;
817 PVOID ViewBase;
820 PVOID ImportName;
823
824 /* If the handle has the magic KnownDll flag, skip actual checksums */
826
827 /* Create the section */
829 SECTION_MAP_EXECUTE,
830 NULL,
831 NULL,
832 PAGE_EXECUTE,
833 SEC_COMMIT,
834 FileHandle);
836 {
839 }
840
841 /* Map the section */
842 ViewSize = 0;
843 ViewBase = NULL;
845 NtCurrentProcess(),
846 &ViewBase,
847 0,
848 0,
849 NULL,
850 &ViewSize,
851 ViewShare,
852 0,
853 PAGE_EXECUTE);
855 {
857 NtClose(SectionHandle);
859 }
860
861 /* Get the file information */
863 &IoStatusBlock,
864 &FileStandardInfo,
866 FileStandardInformation);
868 {
871 NtClose(SectionHandle);
873 }
874
875 /* Protect with SEH */
876 _SEH2_TRY
877 {
878 /* Check if this is the KnownDll hack */
879 if (NoActualCheck)
880 {
881 /* Don't actually do it */
883 }
884 else
885 {
886 /* Verify the checksum */
890 }
891
892 /* Check if a callback was supplied */
894 {
895 /* Get the NT Header */
896 NtHeader = RtlImageNtHeader(ViewBase);
897
898 /* Check if caller requested this back */
899 if (ImageCharacteristics)
900 {
901 /* Return to caller */
903 }
904
905 /* Get the Import Directory Data */
906 ImportData = RtlImageDirectoryEntryToData(ViewBase,
907 FALSE,
909 &Size);
910
911 /* Make sure there is one */
912 if (ImportData)
913 {
914 /* Loop the imports */
916 {
917 /* Get the name */
918 ImportName = RtlImageRvaToVa(NtHeader,
919 ViewBase,
920 ImportData->Name,
921 &LastSection);
922
923 /* Notify the callback */
925 ImportData++;
926 }
927 }
928 }
929 }
931 {
932 /* Fail the request returning STATUS_IMAGE_CHECKSUM_MISMATCH */
934 }
935 _SEH2_END;
936
937 /* Unmap file and close handle */
939 NtClose(SectionHandle);
940
941 /* Return status */
943}
NTSTATUS NTAPI NtCreateSection(OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG SectionPageProtection OPTIONAL, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL)
Definition: section.c:3076
NTSTATUS NTAPI NtMapViewOfSection(IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG_PTR ZeroBits, IN SIZE_T CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PSIZE_T ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Protect)
Definition: section.c:3257
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE FileHandle
Definition: fltkernel.h:1231
BOOLEAN NTAPI LdrVerifyMappedImageMatchesChecksum(_In_ PVOID BaseAddress, _In_ SIZE_T NumberOfBytes, _In_ ULONG FileLength)
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T ViewSize
Definition: mmfuncs.h:408
NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(IN HANDLE hFile, OUT PIO_STATUS_BLOCK pIoStatusBlock, OUT PVOID FileInformationBuffer, IN ULONG FileInformationBufferLength, IN FILE_INFORMATION_CLASS FileInfoClass)
Definition: propsheet.cpp:53
Definition: ntimage.h:572
Definition: pedump.c:280
Definition: env_spec_w32.h:870
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR _In_ ULONGLONG _In_ ULONGLONG _In_opt_ PEVENT_FILTER_DESCRIPTOR _Inout_opt_ PVOID CallbackContext
Definition: wmitypes.h:60
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
Referenced by SmpInitializeKnownDllsInternal().
