ReactOS 0.4.16-dev-1019-g2c2cdfd
Typedefs | Functions
umfuncs.h File Reference
#include <umtypes.h>
#include <dbgktypes.h>
Include dependency graph for umfuncs.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Typedefs

typedef VOID(NTAPIPLDR_CALLBACK) (PVOID CallbackContext, PCHAR Name)
 

Functions

__analysis_noreturn NTSYSAPI VOID NTAPI DbgBreakPointWithStatus (_In_ ULONG Status)
 
NTSTATUS NTAPI DbgUiConnectToDbg (VOID)
 
NTSTATUS NTAPI DbgUiContinue (_In_ PCLIENT_ID ClientId, _In_ NTSTATUS ContinueStatus)
 
NTSTATUS NTAPI DbgUiDebugActiveProcess (_In_ HANDLE Process)
 
NTSTATUS NTAPI DbgUiStopDebugging (_In_ HANDLE Process)
 
NTSYSAPI NTSTATUS NTAPI DbgUiWaitStateChange (_In_ PDBGUI_WAIT_STATE_CHANGE DbgUiWaitStateCange, _In_ PLARGE_INTEGER TimeOut)
 
NTSTATUS NTAPI DbgUiConvertStateChangeStructure (_In_ PDBGUI_WAIT_STATE_CHANGE WaitStateChange, _In_ PVOID DebugEvent)
 
VOID NTAPI DbgUiRemoteBreakin (VOID)
 
NTSTATUS NTAPI DbgUiIssueRemoteBreakin (_In_ HANDLE Process)
 
HANDLE NTAPI DbgUiGetThreadDebugObject (VOID)
 
NTSTATUS NTAPI LdrAddRefDll (_In_ ULONG Flags, _In_ PVOID BaseAddress)
 
NTSTATUS NTAPI LdrDisableThreadCalloutsForDll (_In_ PVOID BaseAddress)
 
NTSTATUS NTAPI LdrGetDllHandle (_In_opt_ PWSTR DllPath, _In_opt_ PULONG DllCharacteristics, _In_ PUNICODE_STRING DllName, _Out_ PVOID *DllHandle)
 
NTSTATUS NTAPI LdrGetDllHandleEx (_In_ ULONG Flags, _In_opt_ PWSTR DllPath, _In_opt_ PULONG DllCharacteristics, _In_ PUNICODE_STRING DllName, _Out_opt_ PVOID *DllHandle)
 
NTSTATUS NTAPI LdrFindEntryForAddress (_In_ PVOID Address, _Out_ PLDR_DATA_TABLE_ENTRY *Module)
 
NTSTATUS NTAPI LdrGetProcedureAddress (_In_ PVOID BaseAddress, _In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING Name, _In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG Ordinal, _Out_ PVOID *ProcedureAddress)
 
VOID NTAPI LdrInitializeThunk (ULONG Unknown1, ULONG Unknown2, ULONG Unknown3, ULONG Unknown4)
 
NTSTATUS NTAPI LdrLoadDll (_In_opt_ PWSTR SearchPath, _In_opt_ PULONG DllCharacteristics, _In_ PUNICODE_STRING DllName, _Out_ PVOID *BaseAddress)
 
PIMAGE_BASE_RELOCATION NTAPI LdrProcessRelocationBlock (_In_ ULONG_PTR Address, _In_ ULONG Count, _In_ PUSHORT TypeOffset, _In_ LONG_PTR Delta)
 
NTSTATUS NTAPI LdrQueryImageFileExecutionOptions (_In_ PUNICODE_STRING SubKey, _In_ PCWSTR ValueName, _In_ ULONG Type, _Out_ PVOID Buffer, _In_ ULONG BufferSize, _Out_opt_ PULONG ReturnedLength)
 
NTSTATUS NTAPI LdrQueryProcessModuleInformation (_Out_writes_bytes_to_(Size, *ReturnedSize) PRTL_PROCESS_MODULES ModuleInformation, _In_ ULONG Size, _Out_opt_ PULONG ReturnedSize)
 
VOID NTAPI LdrSetDllManifestProber (_In_ PLDR_MANIFEST_PROBER_ROUTINE Routine)
 
NTSTATUS NTAPI LdrShutdownProcess (VOID)
 
NTSTATUS NTAPI LdrShutdownThread (VOID)
 
NTSTATUS NTAPI LdrUnloadDll (_In_ PVOID BaseAddress)
 
NTSTATUS NTAPI LdrVerifyImageMatchesChecksum (_In_ HANDLE FileHandle, _In_ PLDR_CALLBACK Callback, _In_ PVOID CallbackContext, _Out_ PUSHORT ImageCharacteristics)
 
NTSTATUS NTAPI LdrOpenImageFileOptionsKey (_In_ PUNICODE_STRING SubKey, _In_ BOOLEAN Wow64, _Out_ PHANDLE NewKeyHandle)
 
NTSTATUS NTAPI LdrQueryImageFileKeyOption (_In_ HANDLE KeyHandle, _In_ PCWSTR ValueName, _In_ ULONG Type, _Out_ PVOID Buffer, _In_ ULONG BufferSize, _Out_opt_ PULONG ReturnedLength)
 

Typedef Documentation

◆ PLDR_CALLBACK

typedef VOID(NTAPI * PLDR_CALLBACK) (PVOID CallbackContext, PCHAR Name)

Definition at line 217 of file umfuncs.h.

Function Documentation

◆ DbgBreakPointWithStatus()

__analysis_noreturn NTSYSAPI VOID NTAPI DbgBreakPointWithStatus ( _In_ ULONG  Status)

Referenced by ExpDebuggerWorker(), ExpInitializeExecutive(), i8042KbdInterruptService(), KdbpCliInit(), KeUpdateSystemTime(), KiBugCheckDebugBreak(), KiInitializeSystem(), KiSystemStartup(), NtSystemDebugControl(), and vDbgPrintExWithPrefixInternal().

◆ DbgUiConnectToDbg()

NTSTATUS NTAPI DbgUiConnectToDbg ( VOID  )

Definition at line 25 of file dbgui.c.

26{
27 OBJECT_ATTRIBUTES ObjectAttributes;
28
29 /* Don't connect twice */
30 if (NtCurrentTeb()->DbgSsReserved[1]) return STATUS_SUCCESS;
31
32 /* Setup the Attributes */
33 InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, 0);
34
35 /* Create the object */
36 return ZwCreateDebugObject(&NtCurrentTeb()->DbgSsReserved[1],
37 DEBUG_OBJECT_ALL_ACCESS,
38 &ObjectAttributes,
39 DBGK_KILL_PROCESS_ON_EXIT);
40}
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
ZwCreateDebugObject
NTSYSAPI NTSTATUS NTAPI ZwCreateDebugObject(_Out_ PHANDLE DebugHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ ULONG Flags)
DEBUG_OBJECT_ALL_ACCESS
#define DEBUG_OBJECT_ALL_ACCESS
Definition: dbgktypes.h:34
DBGK_KILL_PROCESS_ON_EXIT
#define DBGK_KILL_PROCESS_ON_EXIT
Definition: dbgktypes.h:49
NULL
#define NULL
Definition: types.h:112
NtCurrentTeb
#define NtCurrentTeb
Definition: iphlpapi_private.h:4
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_OBJECT_ATTRIBUTES
Definition: umtypes.h:182

Referenced by CreateProcessInternalW(), DebugActiveProcess(), and Main().

◆ DbgUiContinue()

NTSTATUS NTAPI DbgUiContinue ( _In_ PCLIENT_ID  ClientId,
_In_ NTSTATUS  ContinueStatus 
)

◆ DbgUiConvertStateChangeStructure()

NTSTATUS NTAPI DbgUiConvertStateChangeStructure ( _In_ PDBGUI_WAIT_STATE_CHANGE  WaitStateChange,
_In_ PVOID  DebugEvent 
)

◆ DbgUiDebugActiveProcess()

NTSTATUS NTAPI DbgUiDebugActiveProcess ( _In_ HANDLE  Process)

◆ DbgUiGetThreadDebugObject()

HANDLE NTAPI DbgUiGetThreadDebugObject ( VOID  )

Definition at line 333 of file dbgui.c.

334{
335 /* Just return the handle from the TEB */
336 return NtCurrentTeb()->DbgSsReserved[1];
337}

Referenced by CreateProcessInternalW(), and DebugSetProcessKillOnExit().

◆ DbgUiIssueRemoteBreakin()

NTSTATUS NTAPI DbgUiIssueRemoteBreakin ( _In_ HANDLE  Process)

◆ DbgUiRemoteBreakin()

VOID NTAPI DbgUiRemoteBreakin ( VOID  )

Definition at line 289 of file dbgui.c.

290{
291 /* Make sure a debugger is enabled; if so, breakpoint */
292 if (NtCurrentPeb()->BeingDebugged) DbgBreakPoint();
293
294 /* Exit the thread */
295 RtlExitUserThread(STATUS_SUCCESS);
296}
NtCurrentPeb
#define NtCurrentPeb()
Definition: FLS.c:22
DbgBreakPoint
NTSYSAPI void WINAPI DbgBreakPoint(void)
RtlExitUserThread
NTSYSAPI VOID NTAPI RtlExitUserThread(_In_ NTSTATUS Status)

Referenced by DbgUiIssueRemoteBreakin().

◆ DbgUiStopDebugging()

NTSTATUS NTAPI DbgUiStopDebugging ( _In_ HANDLE  Process)

◆ DbgUiWaitStateChange()

NTSYSAPI NTSTATUS NTAPI DbgUiWaitStateChange ( _In_ PDBGUI_WAIT_STATE_CHANGE  DbgUiWaitStateCange,
_In_ PLARGE_INTEGER  TimeOut 
)

◆ LdrAddRefDll()

NTSTATUS NTAPI LdrAddRefDll ( _In_ ULONG  Flags,
_In_ PVOID  BaseAddress 
)

Definition at line 1205 of file ldrapi.c.

1208{
1209 PLDR_DATA_TABLE_ENTRY LdrEntry;
1210 NTSTATUS Status = STATUS_SUCCESS;
1211 ULONG_PTR Cookie;
1212 BOOLEAN Locked = FALSE;
1213
1214 /* Check for invalid flags */
1215 if (Flags & ~(LDR_ADDREF_DLL_PIN))
1216 {
1217 /* Fail with invalid parameter status if so */
1218 Status = STATUS_INVALID_PARAMETER;
1219 goto quickie;
1220 }
1221
1222 /* Acquire the loader lock if not in init phase */
1223 if (!LdrpInLdrInit)
1224 {
1225 /* Acquire the lock */
1226 Status = LdrLockLoaderLock(0, NULL, &Cookie);
1227 if (!NT_SUCCESS(Status)) goto quickie;
1228 Locked = TRUE;
1229 }
1230
1231 /* Get this module's data table entry */
1232 if (LdrpCheckForLoadedDllHandle(BaseAddress, &LdrEntry))
1233 {
1234 if (!LdrEntry)
1235 {
1236 /* Shouldn't happen */
1237 Status = STATUS_INTERNAL_ERROR;
1238 goto quickie;
1239 }
1240
1241 /* If this is not a pinned module */
1242 if (LdrEntry->LoadCount != 0xFFFF)
1243 {
1244 /* Update its load count */
1245 if (Flags & LDR_ADDREF_DLL_PIN)
1246 {
1247 /* Pin it by setting load count to -1 */
1248 LdrEntry->LoadCount = 0xFFFF;
1249 LdrpUpdateLoadCount2(LdrEntry, LDRP_UPDATE_PIN);
1250 }
1251 else
1252 {
1253 /* Increase its load count by one */
1254 LdrEntry->LoadCount++;
1255 LdrpUpdateLoadCount2(LdrEntry, LDRP_UPDATE_REFCOUNT);
1256 }
1257
1258 /* Clear load in progress */
1259 LdrpClearLoadInProgress();
1260 }
1261 }
1262 else
1263 {
1264 /* There was an error getting this module's handle, return invalid param status */
1265 Status = STATUS_INVALID_PARAMETER;
1266 }
1267
1268quickie:
1269 /* Check for error case */
1270 if (!NT_SUCCESS(Status))
1271 {
1272 /* Print debug information */
1273 if ((ShowSnaps) || ((Status != STATUS_NO_SUCH_FILE) &&
1274 (Status != STATUS_DLL_NOT_FOUND) &&
1275 (Status != STATUS_OBJECT_NAME_NOT_FOUND)))
1276 {
1277 DPRINT1("LDR: LdrAddRefDll(%p) 0x%08lx\n", BaseAddress, Status);
1278 }
1279 }
1280
1281 /* Release the lock if needed */
1282 if (Locked) LdrUnlockLoaderLock(LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS, Cookie);
1283 return Status;
1284}
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
DPRINT1
#define DPRINT1
Definition: precomp.h:8
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
Status
Status
Definition: gdiplustypes.h:25
LdrUnlockLoaderLock
NTSTATUS NTAPI LdrUnlockLoaderLock(_In_ ULONG Flags, _In_opt_ ULONG_PTR Cookie)
Definition: ldrapi.c:101
LdrLockLoaderLock
NTSTATUS NTAPI LdrLockLoaderLock(_In_ ULONG Flags, _Out_opt_ PULONG Disposition, _Out_opt_ PULONG_PTR Cookie)
Definition: ldrapi.c:174
LDR_ADDREF_DLL_PIN
#define LDR_ADDREF_DLL_PIN
Definition: ldrtypes.h:75
LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS
#define LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS
Definition: ldrtypes.h:86
BaseAddress
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
Definition: mmfuncs.h:404
Locked
_In_ PMEMORY_AREA _In_ PVOID _In_ BOOLEAN Locked
Definition: newmm.h:209
LdrpInLdrInit
BOOLEAN LdrpInLdrInit
Definition: ldrinit.c:30
LdrpCheckForLoadedDllHandle
BOOLEAN NTAPI LdrpCheckForLoadedDllHandle(IN PVOID Base, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
Definition: ldrutils.c:1600
LdrpUpdateLoadCount2
VOID NTAPI LdrpUpdateLoadCount2(IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Flags)
Definition: ldrutils.c:434
ShowSnaps
BOOLEAN ShowSnaps
Definition: ldrinit.c:79
LDRP_UPDATE_PIN
#define LDRP_UPDATE_PIN
Definition: ntdllp.h:17
LDRP_UPDATE_REFCOUNT
#define LDRP_UPDATE_REFCOUNT
Definition: ntdllp.h:15
LdrpClearLoadInProgress
ULONG NTAPI LdrpClearLoadInProgress(VOID)
Definition: ldrutils.c:2649
STATUS_INTERNAL_ERROR
#define STATUS_INTERNAL_ERROR
Definition: ntstatus.h:465
STATUS_DLL_NOT_FOUND
#define STATUS_DLL_NOT_FOUND
Definition: ntstatus.h:545
_LDR_DATA_TABLE_ENTRY
Definition: btrfs_drv.h:1876
_LDR_DATA_TABLE_ENTRY::LoadCount
USHORT LoadCount
Definition: ntddk_ex.h:208
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
STATUS_NO_SUCH_FILE
#define STATUS_NO_SUCH_FILE
Definition: udferr_usr.h:137
STATUS_OBJECT_NAME_NOT_FOUND
#define STATUS_OBJECT_NAME_NOT_FOUND
Definition: udferr_usr.h:149
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
Cookie
_In_opt_ PVOID _Out_ PLARGE_INTEGER Cookie
Definition: cmfuncs.h:14

Referenced by BasepGetModuleHandleExW(), and tp_object_initialize().

◆ LdrDisableThreadCalloutsForDll()

NTSTATUS NTAPI LdrDisableThreadCalloutsForDll ( _In_ PVOID  BaseAddress)

Definition at line 1154 of file ldrapi.c.

1156{
1157 PLDR_DATA_TABLE_ENTRY LdrEntry;
1158 NTSTATUS Status;
1159 BOOLEAN LockHeld;
1160 ULONG_PTR Cookie;
1161 DPRINT("LdrDisableThreadCalloutsForDll (BaseAddress %p)\n", BaseAddress);
1162
1163 /* Don't do it during shutdown */
1164 if (LdrpShutdownInProgress) return STATUS_SUCCESS;
1165
1166 /* Check if we should grab the lock */
1167 LockHeld = FALSE;
1168 if (!LdrpInLdrInit)
1169 {
1170 /* Grab the lock */
1171 Status = LdrLockLoaderLock(0, NULL, &Cookie);
1172 if (!NT_SUCCESS(Status)) return Status;
1173 LockHeld = TRUE;
1174 }
1175
1176 /* Make sure the DLL is valid and get its entry */
1177 Status = STATUS_DLL_NOT_FOUND;
1178 if (LdrpCheckForLoadedDllHandle(BaseAddress, &LdrEntry))
1179 {
1180 /* Get if it has a TLS slot */
1181 if (!LdrEntry->TlsIndex)
1182 {
1183 /* It doesn't, so you're allowed to call this */
1184 LdrEntry->Flags |= LDRP_DONT_CALL_FOR_THREADS;
1185 Status = STATUS_SUCCESS;
1186 }
1187 }
1188
1189 /* Check if the lock was held */
1190 if (LockHeld)
1191 {
1192 /* Release it */
1193 LdrUnlockLoaderLock(LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS, Cookie);
1194 }
1195
1196 /* Return the status */
1197 return Status;
1198}
LDRP_DONT_CALL_FOR_THREADS
#define LDRP_DONT_CALL_FOR_THREADS
Definition: ldrtypes.h:52
LdrpShutdownInProgress
BOOLEAN LdrpShutdownInProgress
Definition: ldrinit.c:34
DPRINT
#define DPRINT
Definition: sndvol32.h:73
_LDR_DATA_TABLE_ENTRY::TlsIndex
USHORT TlsIndex
Definition: ntddk_ex.h:209
_LDR_DATA_TABLE_ENTRY::Flags
ULONG Flags
Definition: ntddk_ex.h:207

◆ LdrFindEntryForAddress()

NTSTATUS NTAPI LdrFindEntryForAddress ( _In_ PVOID  Address,
_Out_ PLDR_DATA_TABLE_ENTRY Module 
)

Definition at line 425 of file ldrapi.c.

428{
429 PLIST_ENTRY ListHead, NextEntry;
430 PLDR_DATA_TABLE_ENTRY LdrEntry;
431 PIMAGE_NT_HEADERS NtHeader;
432 PPEB_LDR_DATA Ldr = NtCurrentPeb()->Ldr;
433 ULONG_PTR DllBase, DllEnd;
434
435 DPRINT("LdrFindEntryForAddress(Address %p)\n", Address);
436
437 /* Nothing to do */
438 if (!Ldr) return STATUS_NO_MORE_ENTRIES;
439
440 /* Get the current entry */
441 LdrEntry = Ldr->EntryInProgress;
442 if (LdrEntry)
443 {
444 /* Get the NT Headers */
445 NtHeader = RtlImageNtHeader(LdrEntry->DllBase);
446 if (NtHeader)
447 {
448 /* Get the Image Base */
449 DllBase = (ULONG_PTR)LdrEntry->DllBase;
450 DllEnd = DllBase + NtHeader->OptionalHeader.SizeOfImage;
451
452 /* Check if they match */
453 if (((ULONG_PTR)Address >= DllBase) &&
454 ((ULONG_PTR)Address < DllEnd))
455 {
456 /* Return it */
457 *Module = LdrEntry;
458 return STATUS_SUCCESS;
459 }
460 }
461 }
462
463 /* Loop the module list */
464 ListHead = &Ldr->InMemoryOrderModuleList;
465 NextEntry = ListHead->Flink;
466 while (NextEntry != ListHead)
467 {
468 /* Get the entry and NT Headers */
469 LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks);
470 NtHeader = RtlImageNtHeader(LdrEntry->DllBase);
471 if (NtHeader)
472 {
473 /* Get the Image Base */
474 DllBase = (ULONG_PTR)LdrEntry->DllBase;
475 DllEnd = DllBase + NtHeader->OptionalHeader.SizeOfImage;
476
477 /* Check if they match */
478 if (((ULONG_PTR)Address >= DllBase) &&
479 ((ULONG_PTR)Address < DllEnd))
480 {
481 /* Return it */
482 *Module = LdrEntry;
483 return STATUS_SUCCESS;
484 }
485
486 /* Next Entry */
487 NextEntry = NextEntry->Flink;
488 }
489 }
490
491 /* Nothing found */
492 DbgPrintEx(DPFLTR_LDR_ID,
493 DPFLTR_WARNING_LEVEL,
494 "LDR: %s() exiting 0x%08lx\n",
495 __FUNCTION__,
496 STATUS_NO_MORE_ENTRIES);
497 return STATUS_NO_MORE_ENTRIES;
498}
RtlImageNtHeader
#define RtlImageNtHeader
Definition: compat.h:806
DPFLTR_LDR_ID
@ DPFLTR_LDR_ID
Definition: dpfilter.h:113
__FUNCTION__
#define __FUNCTION__
Definition: types.h:116
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
DbgPrintEx
#define DbgPrintEx(cmpid, lvl, fmt,...)
Definition: kdinit.c:24
if
if(dx< 0)
Definition: linetemp.h:194
DPFLTR_WARNING_LEVEL
#define DPFLTR_WARNING_LEVEL
Definition: kdtypes.h:31
STATUS_NO_MORE_ENTRIES
#define STATUS_NO_MORE_ENTRIES
Definition: ntstatus.h:205
Address
static WCHAR Address[46]
Definition: ping.c:68
_IMAGE_NT_HEADERS
Definition: ntddk_ex.h:181
_IMAGE_NT_HEADERS::OptionalHeader
IMAGE_OPTIONAL_HEADER32 OptionalHeader
Definition: ntddk_ex.h:184
_IMAGE_OPTIONAL_HEADER::SizeOfImage
DWORD SizeOfImage
Definition: ntddk_ex.h:167
_LDR_DATA_TABLE_ENTRY::DllBase
PVOID DllBase
Definition: btrfs_drv.h:1880
_LIST_ENTRY
Definition: typedefs.h:120
_LIST_ENTRY::Flink
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
_PEB_LDR_DATA
Definition: btrfs_drv.h:1892
_PEB_LDR_DATA::EntryInProgress
PVOID EntryInProgress
Definition: ldrtypes.h:127
_PEB_LDR_DATA::InMemoryOrderModuleList
LIST_ENTRY InMemoryOrderModuleList
Definition: btrfs_drv.h:1895
CONTAINING_RECORD
#define CONTAINING_RECORD(address, type, field)
Definition: typedefs.h:260

Referenced by find_query_actctx(), and get_module_filename().

◆ LdrGetDllHandle()

NTSTATUS NTAPI LdrGetDllHandle ( _In_opt_ PWSTR  DllPath,
_In_opt_ PULONG  DllCharacteristics,
_In_ PUNICODE_STRING  DllName,
_Out_ PVOID DllHandle 
)

Definition at line 770 of file ldrapi.c.

775{
776 /* Call the newer API */
777 return LdrGetDllHandleEx(LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT,
778 DllPath,
779 DllCharacteristics,
780 DllName,
781 DllHandle);
782}
LdrGetDllHandleEx
NTSTATUS NTAPI LdrGetDllHandleEx(_In_ ULONG Flags, _In_opt_ PWSTR DllPath, _In_opt_ PULONG DllCharacteristics, _In_ PUNICODE_STRING DllName, _Out_opt_ PVOID *DllHandle)
Definition: ldrapi.c:505
LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT
#define LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT
Definition: ldrtypes.h:91
DllPath
static const char const char * DllPath
Definition: image.c:34

Referenced by BroadcastDriveLetterChange(), CsrClientConnectToServer(), CsrConnectToUser(), FirstSoundSentry(), GetModuleHandleForUnicodeString(), SeiAddHooks(), SeiFindHookModuleInfoForImportDescriptor(), and SeiInit().

◆ LdrGetDllHandleEx()

NTSTATUS NTAPI LdrGetDllHandleEx ( _In_ ULONG  Flags,
_In_opt_ PWSTR  DllPath,
_In_opt_ PULONG  DllCharacteristics,
_In_ PUNICODE_STRING  DllName,
_Out_opt_ PVOID DllHandle 
)

Definition at line 505 of file ldrapi.c.

511{
512 NTSTATUS Status;
513 PLDR_DATA_TABLE_ENTRY LdrEntry;
514 UNICODE_STRING RedirectName, DynamicString, RawDllName;
515 PUNICODE_STRING pRedirectName, CompareName;
516 PWCHAR p1, p2, p3;
517 BOOLEAN Locked, RedirectedDll;
518 ULONG_PTR Cookie;
519 ULONG LoadFlag, Length;
520
521 /* Initialize the strings */
522 RtlInitEmptyUnicodeString(&DynamicString, NULL, 0);
523 RtlInitEmptyUnicodeString(&RawDllName, NULL, 0);
524 RedirectName = *DllName;
525 pRedirectName = &RedirectName;
526
527 /* Initialize state */
528 RedirectedDll = Locked = FALSE;
529 LdrEntry = NULL;
530 Cookie = 0;
531
532 /* Clear the handle */
533 if (DllHandle) *DllHandle = NULL;
534
535 /* Check for a valid flag combination */
536 if ((Flags & ~(LDR_GET_DLL_HANDLE_EX_PIN | LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT)) ||
537 (!DllHandle && !(Flags & LDR_GET_DLL_HANDLE_EX_PIN)))
538 {
539 DPRINT1("Flags are invalid or no DllHandle given\n");
540 Status = STATUS_INVALID_PARAMETER;
541 goto Quickie;
542 }
543
544 /* If not initializing */
545 if (!LdrpInLdrInit)
546 {
547 /* Acquire the lock */
548 Status = LdrLockLoaderLock(0, NULL, &Cookie);
549 if (!NT_SUCCESS(Status)) goto Quickie;
550
551 /* Remember we own it */
552 Locked = TRUE;
553 }
554
555 Status = LdrpApplyFileNameRedirection(
556 pRedirectName, &LdrApiDefaultExtension, NULL, &DynamicString, &pRedirectName, &RedirectedDll);
557 if (!NT_SUCCESS(Status))
558 {
559 DPRINT1("LdrpApplyFileNameRedirection FAILED: (Status 0x%x)\n", Status);
560 goto Quickie;
561 }
562
563 /* Set default failure code */
564 Status = STATUS_DLL_NOT_FOUND;
565
566 /* Use the cache if we can */
567 if (LdrpGetModuleHandleCache)
568 {
569 /* Check if we were redirected */
570 if (RedirectedDll)
571 {
572 /* Check the flag */
573 if (!(LdrpGetModuleHandleCache->Flags & LDRP_REDIRECTED))
574 {
575 goto DontCompare;
576 }
577
578 /* Use the right name */
579 CompareName = &LdrpGetModuleHandleCache->FullDllName;
580 }
581 else
582 {
583 /* Check the flag */
584 if (LdrpGetModuleHandleCache->Flags & LDRP_REDIRECTED)
585 {
586 goto DontCompare;
587 }
588
589 /* Use the right name */
590 CompareName = &LdrpGetModuleHandleCache->BaseDllName;
591 }
592
593 /* Check if the name matches */
594 if (RtlEqualUnicodeString(pRedirectName,
595 CompareName,
596 TRUE))
597 {
598 /* Skip the rest */
599 LdrEntry = LdrpGetModuleHandleCache;
600
601 /* Return success */
602 Status = STATUS_SUCCESS;
603 goto Quickie;
604 }
605 }
606
607DontCompare:
608 /* Find the name without the extension */
609 p1 = pRedirectName->Buffer;
610 p2 = NULL;
611 p3 = &p1[pRedirectName->Length / sizeof(WCHAR)];
612 while (p1 != p3)
613 {
614 if (*p1++ == L'.')
615 {
616 p2 = p1;
617 }
618 else if (*p1 == L'\\')
619 {
620 p2 = NULL;
621 }
622 }
623
624 /* Check if no extension was found or if we got a slash */
625 if (!(p2) || (*p2 == L'\\') || (*p2 == L'/'))
626 {
627 /* Check that we have space to add one */
628 Length = pRedirectName->Length +
629 LdrApiDefaultExtension.Length + sizeof(UNICODE_NULL);
630 if (Length >= UNICODE_STRING_MAX_BYTES)
631 {
632 /* No space to add the extension */
633 Status = STATUS_NAME_TOO_LONG;
634 goto Quickie;
635 }
636
637 /* Setup the string */
638 RawDllName.MaximumLength = Length;
639 ASSERT(Length >= sizeof(UNICODE_NULL));
640 RawDllName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
641 0,
642 RawDllName.MaximumLength);
643 if (!RawDllName.Buffer)
644 {
645 Status = STATUS_NO_MEMORY;
646 goto Quickie;
647 }
648
649 /* Copy the string and add extension */
650 RtlCopyUnicodeString(&RawDllName, pRedirectName);
651 RtlAppendUnicodeStringToString(&RawDllName, &LdrApiDefaultExtension);
652 }
653 else
654 {
655 /* Check if there's something in the name */
656 Length = pRedirectName->Length;
657 if (Length)
658 {
659 /* Check and remove trailing period */
660 if (pRedirectName->Buffer[Length / sizeof(WCHAR) - sizeof(ANSI_NULL)] == '.')
661 {
662 /* Decrease the size */
663 pRedirectName->Length -= sizeof(WCHAR);
664 }
665 }
666
667 /* Setup the string */
668 RawDllName.MaximumLength = pRedirectName->Length + sizeof(WCHAR);
669 RawDllName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
670 0,
671 RawDllName.MaximumLength);
672 if (!RawDllName.Buffer)
673 {
674 Status = STATUS_NO_MEMORY;
675 goto Quickie;
676 }
677
678 /* Copy the string */
679 RtlCopyUnicodeString(&RawDllName, pRedirectName);
680 }
681
682 /* Display debug string */
683 if (ShowSnaps)
684 {
685 DPRINT1("LDR: LdrGetDllHandleEx, searching for %wZ from %ws\n",
686 &RawDllName,
687 DllPath ? ((ULONG_PTR)DllPath == 1 ? L"" : DllPath) : L"");
688 }
689
690 /* Do the lookup */
691 if (LdrpCheckForLoadedDll(DllPath,
692 &RawDllName,
693 ((ULONG_PTR)DllPath == 1) ? TRUE : FALSE,
694 RedirectedDll,
695 &LdrEntry))
696 {
697 /* Update cached entry */
698 LdrpGetModuleHandleCache = LdrEntry;
699
700 /* Return success */
701 Status = STATUS_SUCCESS;
702 }
703 else
704 {
705 /* Make sure to NULL this */
706 LdrEntry = NULL;
707 }
708Quickie:
709 /* The success path must have a valid loader entry */
710 ASSERT((LdrEntry != NULL) == NT_SUCCESS(Status));
711
712 /* Check if we got an entry and success */
713 DPRINT("Got LdrEntry->BaseDllName %wZ\n", LdrEntry ? &LdrEntry->BaseDllName : NULL);
714 if ((LdrEntry) && (NT_SUCCESS(Status)))
715 {
716 /* Check if the DLL is locked */
717 if ((LdrEntry->LoadCount != 0xFFFF) &&
718 !(Flags & LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT))
719 {
720 /* Check what to do with the load count */
721 if (Flags & LDR_GET_DLL_HANDLE_EX_PIN)
722 {
723 /* Pin it */
724 LdrEntry->LoadCount = 0xFFFF;
725 LoadFlag = LDRP_UPDATE_PIN;
726 }
727 else
728 {
729 /* Increase the load count */
730 LdrEntry->LoadCount++;
731 LoadFlag = LDRP_UPDATE_REFCOUNT;
732 }
733
734 /* Update the load count now */
735 LdrpUpdateLoadCount2(LdrEntry, LoadFlag);
736 LdrpClearLoadInProgress();
737 }
738
739 /* Check if the caller is requesting the handle */
740 if (DllHandle) *DllHandle = LdrEntry->DllBase;
741 }
742
743 /* Free string if needed */
744 if (DynamicString.Buffer) RtlFreeUnicodeString(&DynamicString);
745
746 /* Free the raw DLL Name if needed */
747 if (RawDllName.Buffer)
748 {
749 /* Free the heap-allocated buffer */
750 RtlFreeHeap(RtlGetProcessHeap(), 0, RawDllName.Buffer);
751 RawDllName.Buffer = NULL;
752 }
753
754 /* Release lock */
755 if (Locked)
756 {
757 LdrUnlockLoaderLock(LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS,
758 Cookie);
759 }
760
761 /* Return */
762 return Status;
763}
DynamicString
IN PUNICODE_STRING IN PUNICODE_STRING DynamicString
Definition: RtlGetFullPathName_UstrEx.c:30
CompareName
static BOOL CompareName(LPCWSTR pszName1, LPCWSTR pszName2)
Definition: find.c:60
RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:616
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:634
STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: d3dkmdt.h:51
LdrApiDefaultExtension
UNICODE_STRING LdrApiDefaultExtension
Definition: ldrapi.c:22
LDRP_REDIRECTED
#define LDRP_REDIRECTED
Definition: ldrtypes.h:62
LDR_GET_DLL_HANDLE_EX_PIN
#define LDR_GET_DLL_HANDLE_EX_PIN
Definition: ldrtypes.h:92
ASSERT
#define ASSERT(a)
Definition: mode.c:44
RtlCopyUnicodeString
NTSYSAPI VOID NTAPI RtlCopyUnicodeString(PUNICODE_STRING DestinationString, PUNICODE_STRING SourceString)
RtlAppendUnicodeStringToString
NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeStringToString(PUNICODE_STRING Destination, PUNICODE_STRING Source)
RtlEqualUnicodeString
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
RtlFreeUnicodeString
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
UNICODE_NULL
#define UNICODE_NULL
UNICODE_STRING_MAX_BYTES
#define UNICODE_STRING_MAX_BYTES
ANSI_NULL
#define ANSI_NULL
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
LdrpApplyFileNameRedirection
NTSYSAPI NTSTATUS NTAPI LdrpApplyFileNameRedirection(_In_ PUNICODE_STRING OriginalName, _In_ PUNICODE_STRING Extension, _Inout_opt_ PUNICODE_STRING StaticString, _Inout_opt_ PUNICODE_STRING DynamicString, _Inout_ PUNICODE_STRING *NewName, _Inout_ PBOOLEAN RedirectedDll)
LdrpGetModuleHandleCache
PLDR_DATA_TABLE_ENTRY LdrpGetModuleHandleCache
Definition: ldrutils.c:19
LdrpCheckForLoadedDll
BOOLEAN NTAPI LdrpCheckForLoadedDll(IN PWSTR DllPath, IN PUNICODE_STRING DllName, IN BOOLEAN Flag, IN BOOLEAN RedirectedDll, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
Definition: ldrutils.c:1958
STATUS_NAME_TOO_LONG
#define STATUS_NAME_TOO_LONG
Definition: ntstatus.h:498
L
#define L(x)
Definition: ntvdm.h:50
_LDR_DATA_TABLE_ENTRY::FullDllName
UNICODE_STRING FullDllName
Definition: btrfs_drv.h:1882
_LDR_DATA_TABLE_ENTRY::BaseDllName
UNICODE_STRING BaseDllName
Definition: ldrtypes.h:149
_UNICODE_STRING
Definition: env_spec_w32.h:368
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
_UNICODE_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:370
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
PWCHAR
uint16_t * PWCHAR
Definition: typedefs.h:56
ULONG
uint32_t ULONG
Definition: typedefs.h:59
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180

Referenced by LdrGetDllHandle(), and LoadLibraryExW().

◆ LdrGetProcedureAddress()

NTSTATUS NTAPI LdrGetProcedureAddress ( _In_ PVOID  BaseAddress,
_In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING  Name,
_In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG  Ordinal,
_Out_ PVOID ProcedureAddress 
)

Definition at line 789 of file ldrapi.c.

794{
795 /* Call the internal routine and tell it to execute DllInit */
796 return LdrpGetProcedureAddress(BaseAddress, Name, Ordinal, ProcedureAddress, TRUE);
797}
Name
LPWSTR Name
Definition: desk.c:124
LdrpGetProcedureAddress
NTSTATUS NTAPI LdrpGetProcedureAddress(_In_ PVOID BaseAddress, _In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING Name, _In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG Ordinal, _Out_ PVOID *ProcedureAddress, _In_ BOOLEAN ExecuteInit)
Definition: ldrutils.c:2231

Referenced by BaseInitApphelp(), BasepReplaceProcessThreadTokens(), BaseSrvDelayLoadKernel32(), BroadcastDriveLetterChange(), CsrClientConnectToServer(), CsrConnectToUser(), CsrLoadServerDll(), FirstSoundSentry(), GetProcAddress(), InitApphelp(), LdrpInitializeProcess(), LoadOle32Export(), LsapAddAuthPackage(), SeiCreateShimModuleInfo(), and SeiResolveAPI().

◆ LdrInitializeThunk()

VOID NTAPI LdrInitializeThunk ( ULONG  Unknown1,
ULONG  Unknown2,
ULONG  Unknown3,
ULONG  Unknown4 
)

◆ LdrLoadDll()

NTSTATUS NTAPI LdrLoadDll ( _In_opt_ PWSTR  SearchPath,
_In_opt_ PULONG  DllCharacteristics,
_In_ PUNICODE_STRING  DllName,
_Out_ PVOID BaseAddress 
)

Definition at line 312 of file ldrapi.c.

317{
318 WCHAR StringBuffer[MAX_PATH];
319 UNICODE_STRING StaticString, DynamicString;
320 BOOLEAN RedirectedDll = FALSE;
321 NTSTATUS Status;
322 ULONG_PTR Cookie;
323 PUNICODE_STRING OldTldDll;
324 PTEB Teb = NtCurrentTeb();
325
326 /* Initialize the strings */
327 RtlInitEmptyUnicodeString(&StaticString, StringBuffer, sizeof(StringBuffer));
328 RtlInitEmptyUnicodeString(&DynamicString, NULL, 0);
329
330 Status = LdrpApplyFileNameRedirection(DllName, &LdrApiDefaultExtension, &StaticString, &DynamicString, &DllName, &RedirectedDll);
331
332 /* Lock the loader lock */
333 LdrLockLoaderLock(LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS, NULL, &Cookie);
334
335 /* Check if there's a TLD DLL being loaded */
336 OldTldDll = LdrpTopLevelDllBeingLoaded;
337 _SEH2_TRY
338 {
339
340 if (OldTldDll)
341 {
342 /* This is a recursive load, do something about it? */
343 if ((ShowSnaps) || (LdrpShowRecursiveLoads) || (LdrpBreakOnRecursiveDllLoads))
344 {
345 /* Print out debug messages */
346 DPRINT1("[%p, %p] LDR: Recursive DLL Load\n",
347 Teb->RealClientId.UniqueProcess,
348 Teb->RealClientId.UniqueThread);
349 DPRINT1("[%p, %p] Previous DLL being loaded \"%wZ\"\n",
350 Teb->RealClientId.UniqueProcess,
351 Teb->RealClientId.UniqueThread,
352 OldTldDll);
353 DPRINT1("[%p, %p] DLL being requested \"%wZ\"\n",
354 Teb->RealClientId.UniqueProcess,
355 Teb->RealClientId.UniqueThread,
356 DllName);
357
358 /* Was it initializing too? */
359 if (!LdrpCurrentDllInitializer)
360 {
361 DPRINT1("[%p, %p] LDR: No DLL Initializer was running\n",
362 Teb->RealClientId.UniqueProcess,
363 Teb->RealClientId.UniqueThread);
364 }
365 else
366 {
367 DPRINT1("[%p, %p] DLL whose initializer was currently running \"%wZ\"\n",
368 Teb->ClientId.UniqueProcess,
369 Teb->ClientId.UniqueThread,
370 &LdrpCurrentDllInitializer->BaseDllName);
371 }
372 }
373 }
374
375 /* Set this one as the TLD DLL being loaded*/
376 LdrpTopLevelDllBeingLoaded = DllName;
377
378 /* Load the DLL */
379 Status = LdrpLoadDll(RedirectedDll,
380 SearchPath,
381 DllCharacteristics,
382 DllName,
383 BaseAddress,
384 TRUE);
385 if (NT_SUCCESS(Status))
386 {
387 Status = STATUS_SUCCESS;
388 }
389 else if ((Status != STATUS_NO_SUCH_FILE) &&
390 (Status != STATUS_DLL_NOT_FOUND) &&
391 (Status != STATUS_OBJECT_NAME_NOT_FOUND) &&
392 (Status != STATUS_DLL_INIT_FAILED))
393 {
394 DbgPrintEx(DPFLTR_LDR_ID,
395 DPFLTR_WARNING_LEVEL,
396 "LDR: %s - failing because LdrpLoadDll(%wZ) returned status %x\n",
397 __FUNCTION__,
398 DllName,
399 Status);
400 }
401 }
402 _SEH2_FINALLY
403 {
404 /* Restore the old TLD DLL */
405 LdrpTopLevelDllBeingLoaded = OldTldDll;
406
407 /* Release the lock */
408 LdrUnlockLoaderLock(LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS, Cookie);
409 }
410 _SEH2_END;
411
412 /* Do we have a redirect string? */
413 if (DynamicString.Buffer)
414 RtlFreeUnicodeString(&DynamicString);
415
416 /* Return */
417 return Status;
418}
StaticString
IN PUNICODE_STRING StaticString
Definition: RtlGetFullPathName_UstrEx.c:29
MAX_PATH
#define MAX_PATH
Definition: compat.h:34
StringBuffer
WCHAR StringBuffer[156]
Definition: ldrinit.c:41
LdrpBreakOnRecursiveDllLoads
BOOLEAN LdrpBreakOnRecursiveDllLoads
Definition: ldrapi.c:21
LdrpShowRecursiveLoads
BOOLEAN LdrpShowRecursiveLoads
Definition: ldrapi.c:21
LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS
#define LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS
Definition: ldrtypes.h:80
LdrpLoadDll
NTSTATUS NTAPI LdrpLoadDll(IN BOOLEAN Redirected, IN PWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *BaseAddress, IN BOOLEAN CallInit)
Definition: ldrutils.c:2414
LdrpCurrentDllInitializer
PLDR_DATA_TABLE_ENTRY LdrpCurrentDllInitializer
Definition: ldrinit.c:43
LdrpTopLevelDllBeingLoaded
PUNICODE_STRING LdrpTopLevelDllBeingLoaded
Definition: ldrinit.c:40
STATUS_DLL_INIT_FAILED
#define STATUS_DLL_INIT_FAILED
Definition: ntstatus.h:558
_SEH2_FINALLY
#define _SEH2_FINALLY
Definition: pseh2_64.h:130
_SEH2_END
#define _SEH2_END
Definition: pseh2_64.h:171
_SEH2_TRY
#define _SEH2_TRY
Definition: pseh2_64.h:71
_CLIENT_ID::UniqueThread
HANDLE UniqueThread
Definition: compat.h:826
_CLIENT_ID::UniqueProcess
HANDLE UniqueProcess
Definition: compat.h:825
_TEB
Definition: compat.h:836
_TEB::ClientId
CLIENT_ID ClientId
Definition: compat.h:839
_TEB::RealClientId
CLIENT_ID RealClientId
Definition: compat.h:861
SearchPath
#define SearchPath
Definition: winbase.h:3931

Referenced by AVrfpLoadAndInitializeProvider(), BaseInitApphelp(), BaseSrvDelayLoadKernel32(), CsrLoadServerDll(), InitApphelp(), LdrpInitializeProcess(), LoadLibraryExW(), LoadOle32Export(), LsapAddAuthPackage(), SeiInit(), and START_TEST().

◆ LdrOpenImageFileOptionsKey()

NTSTATUS NTAPI LdrOpenImageFileOptionsKey ( _In_ PUNICODE_STRING  SubKey,
_In_ BOOLEAN  Wow64,
_Out_ PHANDLE  NewKeyHandle 
)

Definition at line 111 of file ldrinit.c.

115{
116 PHANDLE RootKeyLocation;
117 HANDLE RootKey;
118 UNICODE_STRING SubKeyString;
119 OBJECT_ATTRIBUTES ObjectAttributes;
120 NTSTATUS Status;
121 PWCHAR p1;
122
123 /* Check which root key to open */
124 if (Wow64)
125 RootKeyLocation = &Wow64ExecOptionsKey;
126 else
127 RootKeyLocation = &ImageExecOptionsKey;
128
129 /* Get the current key */
130 RootKey = *RootKeyLocation;
131
132 /* Setup the object attributes */
133 InitializeObjectAttributes(&ObjectAttributes,
134 Wow64 ?
135 &Wow64OptionsString : &ImageExecOptionsString,
136 OBJ_CASE_INSENSITIVE,
137 NULL,
138 NULL);
139
140 /* Open the root key */
141 Status = ZwOpenKey(&RootKey, KEY_ENUMERATE_SUB_KEYS, &ObjectAttributes);
142 if (NT_SUCCESS(Status))
143 {
144 /* Write the key handle */
145 if (InterlockedCompareExchangePointer(RootKeyLocation, RootKey, NULL) != NULL)
146 {
147 /* Someone already opened it, use it instead */
148 NtClose(RootKey);
149 RootKey = *RootKeyLocation;
150 }
151
152 /* Extract the name */
153 SubKeyString = *SubKey;
154 p1 = (PWCHAR)((ULONG_PTR)SubKeyString.Buffer + SubKeyString.Length);
155 while (SubKeyString.Length)
156 {
157 if (p1[-1] == L'\\') break;
158 p1--;
159 SubKeyString.Length -= sizeof(*p1);
160 }
161 SubKeyString.Buffer = p1;
162 SubKeyString.Length = SubKey->Length - SubKeyString.Length;
163
164 /* Setup the object attributes */
165 InitializeObjectAttributes(&ObjectAttributes,
166 &SubKeyString,
167 OBJ_CASE_INSENSITIVE,
168 RootKey,
169 NULL);
170
171 /* Open the setting key */
172 Status = ZwOpenKey((PHANDLE)NewKeyHandle, GENERIC_READ, &ObjectAttributes);
173 }
174
175 /* Return to caller */
176 return Status;
177}
GENERIC_READ
#define GENERIC_READ
Definition: compat.h:135
OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
InterlockedCompareExchangePointer
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
ImageExecOptionsKey
HANDLE ImageExecOptionsKey
Definition: ldrinit.c:22
Wow64ExecOptionsKey
HANDLE Wow64ExecOptionsKey
Definition: ldrinit.c:23
ImageExecOptionsString
UNICODE_STRING ImageExecOptionsString
Definition: ldrinit.c:24
Wow64OptionsString
UNICODE_STRING Wow64OptionsString
Definition: ldrinit.c:25
KEY_ENUMERATE_SUB_KEYS
#define KEY_ENUMERATE_SUB_KEYS
Definition: nt_native.h:1019
NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455
RootKey
static PMEMKEY RootKey
Definition: registry.c:55

Referenced by CreateProcessInternalW(), LdrpInitializeExecutionOptions(), and LdrQueryImageFileExecutionOptionsEx().

◆ LdrProcessRelocationBlock()

PIMAGE_BASE_RELOCATION NTAPI LdrProcessRelocationBlock ( _In_ ULONG_PTR  Address,
_In_ ULONG  Count,
_In_ PUSHORT  TypeOffset,
_In_ LONG_PTR  Delta 
)

Definition at line 1570 of file ldrapi.c.

1575{
1576 return LdrProcessRelocationBlockLongLong(Address, Count, TypeOffset, Delta);
1577}
LdrProcessRelocationBlockLongLong
PIMAGE_BASE_RELOCATION NTAPI LdrProcessRelocationBlockLongLong(_In_ ULONG_PTR Address, _In_ ULONG Count, _In_ PUSHORT TypeOffset, _In_ LONGLONG Delta)
Count
int Count
Definition: noreturn.cpp:7
Delta
static ULONG Delta
Definition: xboxvideo.c:33

◆ LdrQueryImageFileExecutionOptions()

NTSTATUS NTAPI LdrQueryImageFileExecutionOptions ( _In_ PUNICODE_STRING  SubKey,
_In_ PCWSTR  ValueName,
_In_ ULONG  Type,
_Out_ PVOID  Buffer,
_In_ ULONG  BufferSize,
_Out_opt_ PULONG  ReturnedLength 
)

Definition at line 388 of file ldrinit.c.

395{
396 /* Call the newer function */
397 return LdrQueryImageFileExecutionOptionsEx(SubKey,
398 ValueName,
399 Type,
400 Buffer,
401 BufferSize,
402 ReturnedLength,
403 FALSE);
404}
Type
Type
Definition: Type.h:7
ReturnedLength
_In_ ULONG _In_ BATTERY_QUERY_INFORMATION_LEVEL _In_ LONG _In_ ULONG _Out_ PULONG ReturnedLength
Definition: batclass.h:188
Buffer
Definition: bufpool.h:45
LdrQueryImageFileExecutionOptionsEx
NTSTATUS NTAPI LdrQueryImageFileExecutionOptionsEx(_In_ PUNICODE_STRING SubKey, _In_ PCWSTR ValueName, _In_ ULONG Type, _Out_ PVOID Buffer, _In_ ULONG BufferSize, _Out_opt_ PULONG ReturnedLength, _In_ BOOLEAN Wow64)
Definition: ldrinit.c:349
BufferSize
_In_ WDFMEMORY _Out_opt_ size_t * BufferSize
Definition: wdfmemory.h:254
ValueName
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING ValueName
Definition: wdfregistry.h:243

Referenced by LdrpRunInitializeRoutines(), and SmpLoadSubSystemsForMuSession().

◆ LdrQueryImageFileKeyOption()

NTSTATUS NTAPI LdrQueryImageFileKeyOption ( _In_ HANDLE  KeyHandle,
_In_ PCWSTR  ValueName,
_In_ ULONG  Type,
_Out_ PVOID  Buffer,
_In_ ULONG  BufferSize,
_Out_opt_ PULONG  ReturnedLength 
)

Definition at line 184 of file ldrinit.c.

191{
192 ULONG KeyInfo[256];
193 UNICODE_STRING ValueNameString, IntegerString;
194 ULONG KeyInfoSize, ResultSize;
195 PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION)&KeyInfo;
196 BOOLEAN FreeHeap = FALSE;
197 NTSTATUS Status;
198
199 /* Build a string for the value name */
200 Status = RtlInitUnicodeStringEx(&ValueNameString, ValueName);
201 if (!NT_SUCCESS(Status)) return Status;
202
203 /* Query the value */
204 Status = ZwQueryValueKey(KeyHandle,
205 &ValueNameString,
206 KeyValuePartialInformation,
207 KeyValueInformation,
208 sizeof(KeyInfo),
209 &ResultSize);
210 if (Status == STATUS_BUFFER_OVERFLOW)
211 {
212 /* Our local buffer wasn't enough, allocate one */
213 KeyInfoSize = sizeof(KEY_VALUE_PARTIAL_INFORMATION) +
214 KeyValueInformation->DataLength;
215 KeyValueInformation = RtlAllocateHeap(RtlGetProcessHeap(),
216 0,
217 KeyInfoSize);
218 if (KeyValueInformation != NULL)
219 {
220 /* Try again */
221 Status = ZwQueryValueKey(KeyHandle,
222 &ValueNameString,
223 KeyValuePartialInformation,
224 KeyValueInformation,
225 KeyInfoSize,
226 &ResultSize);
227 FreeHeap = TRUE;
228 }
229 else
230 {
231 /* Give up this time */
232 Status = STATUS_NO_MEMORY;
233 }
234 }
235
236 /* Check for success */
237 if (NT_SUCCESS(Status))
238 {
239 /* Handle binary data */
240 if (KeyValueInformation->Type == REG_BINARY)
241 {
242 /* Check validity */
243 if ((Buffer) && (KeyValueInformation->DataLength <= BufferSize))
244 {
245 /* Copy into buffer */
246 RtlMoveMemory(Buffer,
247 &KeyValueInformation->Data,
248 KeyValueInformation->DataLength);
249 }
250 else
251 {
252 Status = STATUS_BUFFER_OVERFLOW;
253 }
254
255 /* Copy the result length */
256 if (ReturnedLength) *ReturnedLength = KeyValueInformation->DataLength;
257 }
258 else if (KeyValueInformation->Type == REG_DWORD)
259 {
260 /* Check for valid type */
261 if (KeyValueInformation->Type != Type)
262 {
263 /* Error */
264 Status = STATUS_OBJECT_TYPE_MISMATCH;
265 }
266 else
267 {
268 /* Check validity */
269 if ((Buffer) &&
270 (BufferSize == sizeof(ULONG)) &&
271 (KeyValueInformation->DataLength <= BufferSize))
272 {
273 /* Copy into buffer */
274 RtlMoveMemory(Buffer,
275 &KeyValueInformation->Data,
276 KeyValueInformation->DataLength);
277 }
278 else
279 {
280 Status = STATUS_BUFFER_OVERFLOW;
281 }
282
283 /* Copy the result length */
284 if (ReturnedLength) *ReturnedLength = KeyValueInformation->DataLength;
285 }
286 }
287 else if (KeyValueInformation->Type != REG_SZ)
288 {
289 /* We got something weird */
290 Status = STATUS_OBJECT_TYPE_MISMATCH;
291 }
292 else
293 {
294 /* String, check what you requested */
295 if (Type == REG_DWORD)
296 {
297 /* Validate */
298 if (BufferSize != sizeof(ULONG))
299 {
300 /* Invalid size */
301 BufferSize = 0;
302 Status = STATUS_INFO_LENGTH_MISMATCH;
303 }
304 else
305 {
306 /* OK, we know what you want... */
307 IntegerString.Buffer = (PWSTR)KeyValueInformation->Data;
308 IntegerString.Length = (USHORT)KeyValueInformation->DataLength -
309 sizeof(WCHAR);
310 IntegerString.MaximumLength = (USHORT)KeyValueInformation->DataLength;
311 Status = RtlUnicodeStringToInteger(&IntegerString, 0, (PULONG)Buffer);
312 }
313 }
314 else
315 {
316 /* Validate */
317 if (KeyValueInformation->DataLength > BufferSize)
318 {
319 /* Invalid */
320 Status = STATUS_BUFFER_OVERFLOW;
321 }
322 else
323 {
324 /* Set the size */
325 BufferSize = KeyValueInformation->DataLength;
326 }
327
328 /* Copy the string */
329 RtlMoveMemory(Buffer, &KeyValueInformation->Data, BufferSize);
330 }
331
332 /* Copy the result length */
333 if (ReturnedLength) *ReturnedLength = KeyValueInformation->DataLength;
334 }
335 }
336
337 /* Check if buffer was in heap */
338 if (FreeHeap) RtlFreeHeap(RtlGetProcessHeap(), 0, KeyValueInformation);
339
340 /* Return status */
341 return Status;
342}
STATUS_OBJECT_TYPE_MISMATCH
#define STATUS_OBJECT_TYPE_MISMATCH
Definition: d3dkmdt.h:46
RtlInitUnicodeStringEx
NTSYSAPI NTSTATUS WINAPI RtlInitUnicodeStringEx(PUNICODE_STRING, PCWSTR)
REG_SZ
#define REG_SZ
Definition: layer.c:22
KeyHandle
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
Definition: ndis.h:4715
REG_BINARY
#define REG_BINARY
Definition: nt_native.h:1496
KeyValuePartialInformation
@ KeyValuePartialInformation
Definition: nt_native.h:1182
RtlUnicodeStringToInteger
NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToInteger(PUNICODE_STRING String, ULONG Base, PULONG Value)
KEY_VALUE_PARTIAL_INFORMATION
struct _KEY_VALUE_PARTIAL_INFORMATION KEY_VALUE_PARTIAL_INFORMATION
PKEY_VALUE_PARTIAL_INFORMATION
struct _KEY_VALUE_PARTIAL_INFORMATION * PKEY_VALUE_PARTIAL_INFORMATION
USHORT
unsigned short USHORT
Definition: pedump.c:61
REG_DWORD
#define REG_DWORD
Definition: sdbapi.c:596
STATUS_BUFFER_OVERFLOW
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:66
_KEY_VALUE_PARTIAL_INFORMATION
Definition: nt_native.h:1165
_KEY_VALUE_PARTIAL_INFORMATION::Data
UCHAR Data[1]
Definition: nt_native.h:1169
_KEY_VALUE_PARTIAL_INFORMATION::DataLength
ULONG DataLength
Definition: nt_native.h:1168
_KEY_VALUE_PARTIAL_INFORMATION::Type
ULONG Type
Definition: nt_native.h:1167
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
RtlMoveMemory
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:264
STATUS_INFO_LENGTH_MISMATCH
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133

Referenced by AVrfReadIFEO(), CreateProcessInternalW(), LdrpInitializeExecutionOptions(), LdrpInitializeProcess(), and LdrQueryImageFileExecutionOptionsEx().

◆ LdrQueryProcessModuleInformation()

NTSTATUS NTAPI LdrQueryProcessModuleInformation ( _Out_writes_bytes_to_(Size, *ReturnedSize) PRTL_PROCESS_MODULES  ModuleInformation,
_In_ ULONG  Size,
_Out_opt_ PULONG  ReturnedSize 
)

Definition at line 1076 of file ldrapi.c.

1080{
1081 /* Call Ex version of the API */
1082 return LdrQueryProcessModuleInformationEx(0, 0, ModuleInformation, Size, ReturnedSize);
1083}
ReturnedSize
ULONG ReturnedSize
Definition: RtlUnicodeToOemN.c:18
LdrQueryProcessModuleInformationEx
NTSTATUS NTAPI LdrQueryProcessModuleInformationEx(_In_opt_ ULONG ProcessId, _Reserved_ ULONG Reserved, _Out_writes_bytes_to_(Size, *ReturnedSize) PRTL_PROCESS_MODULES ModuleInformation, _In_ ULONG Size, _Out_opt_ PULONG ReturnedSize)
Definition: ldrapi.c:947
Size
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533

Referenced by RtlQueryProcessDebugInformation(), and Test_ProcessModules().

◆ LdrSetDllManifestProber()

VOID NTAPI LdrSetDllManifestProber ( _In_ PLDR_MANIFEST_PROBER_ROUTINE  Routine)

Definition at line 73 of file ldrapi.c.

75{
76 LdrpManifestProberRoutine = Routine;
77}
LdrpManifestProberRoutine
PLDR_MANIFEST_PROBER_ROUTINE LdrpManifestProberRoutine
Definition: ldrpe.c:18

Referenced by DllMain().

◆ LdrShutdownProcess()

NTSTATUS NTAPI LdrShutdownProcess ( VOID  )

Definition at line 950 of file ldrinit.c.

951{
952 PPEB Peb = NtCurrentPeb();
953 PLDR_DATA_TABLE_ENTRY LdrEntry;
954 PLIST_ENTRY NextEntry, ListHead;
955 RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
956 PVOID EntryPoint;
957
958 DPRINT("LdrShutdownProcess() called for %wZ\n", &LdrpImageEntry->BaseDllName);
959 if (LdrpShutdownInProgress) return STATUS_SUCCESS;
960
961 /* Tell the Shim Engine */
962 if (g_ShimsEnabled)
963 {
964 VOID(NTAPI *SE_ProcessDying)();
965 SE_ProcessDying = RtlDecodeSystemPointer(g_pfnSE_ProcessDying);
966 SE_ProcessDying();
967 }
968
969 /* Tell the world */
970 if (ShowSnaps)
971 {
972 DPRINT1("\n");
973 }
974
975 /* Set the shutdown variables */
976 LdrpShutdownThreadId = NtCurrentTeb()->RealClientId.UniqueThread;
977 LdrpShutdownInProgress = TRUE;
978
979 /* Enter the Loader Lock */
980 RtlEnterCriticalSection(&LdrpLoaderLock);
981
982 /* Cleanup trace logging data (Etw) */
983 if (SharedUserData->TraceLogging)
984 {
985 /* FIXME */
986 DPRINT1("We don't support Etw yet.\n");
987 }
988
989 /* Start at the end */
990 ListHead = &Peb->Ldr->InInitializationOrderModuleList;
991 NextEntry = ListHead->Blink;
992 while (NextEntry != ListHead)
993 {
994 /* Get the current entry */
995 LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InInitializationOrderLinks);
996 NextEntry = NextEntry->Blink;
997
998 /* Make sure it's not ourselves */
999 if (Peb->ImageBaseAddress != LdrEntry->DllBase)
1000 {
1001 /* Get the entrypoint */
1002 EntryPoint = LdrEntry->EntryPoint;
1003
1004 /* Check if we are ready to call it */
1005 if (EntryPoint &&
1006 (LdrEntry->Flags & LDRP_PROCESS_ATTACH_CALLED) &&
1007 LdrEntry->Flags)
1008 {
1009 /* Set up the Act Ctx */
1010 ActCtx.Size = sizeof(ActCtx);
1011 ActCtx.Format = 1;
1012 RtlZeroMemory(&ActCtx.Frame, sizeof(RTL_ACTIVATION_CONTEXT_STACK_FRAME));
1013
1014 /* Activate the ActCtx */
1015 RtlActivateActivationContextUnsafeFast(&ActCtx,
1016 LdrEntry->EntryPointActivationContext);
1017
1018 _SEH2_TRY
1019 {
1020 /* Check if it has TLS */
1021 if (LdrEntry->TlsIndex)
1022 {
1023 /* Call TLS */
1024 LdrpCallTlsInitializers(LdrEntry, DLL_PROCESS_DETACH);
1025 }
1026
1027 /* Call the Entrypoint */
1028 DPRINT("%wZ - Calling entry point at %p for thread detaching\n",
1029 &LdrEntry->BaseDllName, LdrEntry->EntryPoint);
1030 LdrpCallInitRoutine(EntryPoint,
1031 LdrEntry->DllBase,
1032 DLL_PROCESS_DETACH,
1033 (PVOID)1);
1034 }
1035 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1036 {
1037 DPRINT1("WARNING: Exception 0x%x during LdrpCallInitRoutine(DLL_PROCESS_DETACH) for %wZ\n",
1038 _SEH2_GetExceptionCode(), &LdrEntry->BaseDllName);
1039 }
1040 _SEH2_END;
1041
1042 /* Deactivate the ActCtx */
1043 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
1044 }
1045 }
1046 }
1047
1048 /* Check for TLS */
1049 if (LdrpImageHasTls)
1050 {
1051 /* Set up the Act Ctx */
1052 ActCtx.Size = sizeof(ActCtx);
1053 ActCtx.Format = 1;
1054 RtlZeroMemory(&ActCtx.Frame, sizeof(RTL_ACTIVATION_CONTEXT_STACK_FRAME));
1055
1056 /* Activate the ActCtx */
1057 RtlActivateActivationContextUnsafeFast(&ActCtx,
1058 LdrpImageEntry->EntryPointActivationContext);
1059
1060 _SEH2_TRY
1061 {
1062 /* Do TLS callbacks */
1063 LdrpCallTlsInitializers(LdrpImageEntry, DLL_PROCESS_DETACH);
1064 }
1065 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1066 {
1067 /* Do nothing */
1068 }
1069 _SEH2_END;
1070
1071 /* Deactivate the ActCtx */
1072 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
1073 }
1074
1075 /* FIXME: Do Heap detection and Etw final shutdown */
1076
1077 /* Release the lock */
1078 RtlLeaveCriticalSection(&LdrpLoaderLock);
1079 DPRINT("LdrpShutdownProcess() done\n");
1080
1081 return STATUS_SUCCESS;
1082}
VOID
#define VOID
Definition: acefi.h:82
DLL_PROCESS_DETACH
#define DLL_PROCESS_DETACH
Definition: compat.h:130
Peb
PPEB Peb
Definition: dllmain.c:27
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:90
LdrpImageEntry
PLDR_DATA_TABLE_ENTRY LdrpImageEntry
Definition: ldrinit.c:39
LdrpShutdownInProgress
BOOLEAN LdrpShutdownInProgress
Definition: ldrinit.c:34
LdrpShutdownThreadId
HANDLE LdrpShutdownThreadId
Definition: ldrinit.c:35
LdrpImageHasTls
BOOLEAN LdrpImageHasTls
Definition: ldrinit.c:52
ShowSnaps
BOOLEAN ShowSnaps
Definition: ldrinit.c:79
LdrpLoaderLock
RTL_CRITICAL_SECTION LdrpLoaderLock
Definition: ldrinit.c:68
ActCtx
_In_ PCWSTR _Out_ PVOID * ActCtx
Definition: ldrtypes.h:264
LDRP_PROCESS_ATTACH_CALLED
#define LDRP_PROCESS_ATTACH_CALLED
Definition: ldrtypes.h:53
RtlEnterCriticalSection
NTSYSAPI NTSTATUS NTAPI RtlEnterCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
RtlLeaveCriticalSection
NTSYSAPI NTSTATUS NTAPI RtlLeaveCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
LdrpCallTlsInitializers
VOID NTAPI LdrpCallTlsInitializers(IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Reason)
Definition: ldrutils.c:447
g_pfnSE_ProcessDying
PVOID g_pfnSE_ProcessDying
Definition: ldrutils.c:27
LdrpCallInitRoutine
BOOLEAN NTAPI LdrpCallInitRoutine(IN PDLL_INIT_ROUTINE EntryPoint, IN PVOID BaseAddress, IN ULONG Reason, IN PVOID Context)
Definition: ldrutils.c:100
g_ShimsEnabled
BOOLEAN g_ShimsEnabled
Definition: ldrutils.c:21
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:181
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:82
SharedUserData
#define SharedUserData
RtlDecodeSystemPointer
PVOID NTAPI RtlDecodeSystemPointer(IN PVOID Pointer)
Definition: process.c:439
SE_ProcessDying
VOID NTAPI SE_ProcessDying(VOID)
Definition: shimeng.c:1441
_LDR_DATA_TABLE_ENTRY::EntryPointActivationContext
PACTIVATION_CONTEXT EntryPointActivationContext
Definition: ldrtypes.h:167
_LDR_DATA_TABLE_ENTRY::EntryPoint
PVOID EntryPoint
Definition: ntddk_ex.h:203
_LIST_ENTRY::Blink
struct _LIST_ENTRY * Blink
Definition: typedefs.h:122
_PEB_LDR_DATA::InInitializationOrderModuleList
LIST_ENTRY InInitializationOrderModuleList
Definition: ldrtypes.h:126
_PEB
Definition: btrfs_drv.h:1907
_PEB::Ldr
PPEB_LDR_DATA Ldr
Definition: btrfs_drv.h:1912
_PEB::ImageBaseAddress
PVOID ImageBaseAddress
Definition: ntddk_ex.h:245
_RTL_ACTIVATION_CONTEXT_STACK_FRAME
Definition: winternl.h:248
NTAPI
#define NTAPI
Definition: typedefs.h:36
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262

◆ LdrShutdownThread()

NTSTATUS NTAPI LdrShutdownThread ( VOID  )

Definition at line 1089 of file ldrinit.c.

1090{
1091 PPEB Peb = NtCurrentPeb();
1092 PTEB Teb = NtCurrentTeb();
1093 PLDR_DATA_TABLE_ENTRY LdrEntry;
1094 PLIST_ENTRY NextEntry, ListHead;
1095 RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
1096 PVOID EntryPoint;
1097
1098 DPRINT("LdrShutdownThread() called for %wZ\n",
1099 &LdrpImageEntry->BaseDllName);
1100
1101 /* Cleanup trace logging data (Etw) */
1102 if (SharedUserData->TraceLogging)
1103 {
1104 /* FIXME */
1105 DPRINT1("We don't support Etw yet.\n");
1106 }
1107
1108 /* Get the Ldr Lock */
1109 RtlEnterCriticalSection(&LdrpLoaderLock);
1110
1111 /* Start at the end */
1112 ListHead = &Peb->Ldr->InInitializationOrderModuleList;
1113 NextEntry = ListHead->Blink;
1114 while (NextEntry != ListHead)
1115 {
1116 /* Get the current entry */
1117 LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InInitializationOrderLinks);
1118 NextEntry = NextEntry->Blink;
1119
1120 /* Make sure it's not ourselves */
1121 if (Peb->ImageBaseAddress != LdrEntry->DllBase)
1122 {
1123 /* Check if we should call */
1124 if (!(LdrEntry->Flags & LDRP_DONT_CALL_FOR_THREADS) &&
1125 (LdrEntry->Flags & LDRP_PROCESS_ATTACH_CALLED) &&
1126 (LdrEntry->Flags & LDRP_IMAGE_DLL))
1127 {
1128 /* Get the entrypoint */
1129 EntryPoint = LdrEntry->EntryPoint;
1130
1131 /* Check if we are ready to call it */
1132 if (EntryPoint)
1133 {
1134 /* Set up the Act Ctx */
1135 ActCtx.Size = sizeof(ActCtx);
1136 ActCtx.Format = 1;
1137 RtlZeroMemory(&ActCtx.Frame, sizeof(RTL_ACTIVATION_CONTEXT_STACK_FRAME));
1138
1139 /* Activate the ActCtx */
1140 RtlActivateActivationContextUnsafeFast(&ActCtx,
1141 LdrEntry->EntryPointActivationContext);
1142
1143 _SEH2_TRY
1144 {
1145 /* Check if it has TLS */
1146 if (LdrEntry->TlsIndex)
1147 {
1148 /* Make sure we're not shutting down */
1149 if (!LdrpShutdownInProgress)
1150 {
1151 /* Call TLS */
1152 LdrpCallTlsInitializers(LdrEntry, DLL_THREAD_DETACH);
1153 }
1154 }
1155
1156 /* Make sure we're not shutting down */
1157 if (!LdrpShutdownInProgress)
1158 {
1159 /* Call the Entrypoint */
1160 DPRINT("%wZ - Calling entry point at %p for thread detaching\n",
1161 &LdrEntry->BaseDllName, LdrEntry->EntryPoint);
1162 LdrpCallInitRoutine(EntryPoint,
1163 LdrEntry->DllBase,
1164 DLL_THREAD_DETACH,
1165 NULL);
1166 }
1167 }
1168 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1169 {
1170 DPRINT1("WARNING: Exception 0x%x during LdrpCallInitRoutine(DLL_THREAD_DETACH) for %wZ\n",
1171 _SEH2_GetExceptionCode(), &LdrEntry->BaseDllName);
1172 }
1173 _SEH2_END;
1174
1175 /* Deactivate the ActCtx */
1176 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
1177 }
1178 }
1179 }
1180 }
1181
1182 /* Check for TLS */
1183 if (LdrpImageHasTls)
1184 {
1185 /* Set up the Act Ctx */
1186 ActCtx.Size = sizeof(ActCtx);
1187 ActCtx.Format = 1;
1188 RtlZeroMemory(&ActCtx.Frame, sizeof(RTL_ACTIVATION_CONTEXT_STACK_FRAME));
1189
1190 /* Activate the ActCtx */
1191 RtlActivateActivationContextUnsafeFast(&ActCtx,
1192 LdrpImageEntry->EntryPointActivationContext);
1193
1194 _SEH2_TRY
1195 {
1196 /* Do TLS callbacks */
1197 LdrpCallTlsInitializers(LdrpImageEntry, DLL_THREAD_DETACH);
1198 }
1199 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1200 {
1201 /* Do nothing */
1202 }
1203 _SEH2_END;
1204
1205 /* Deactivate the ActCtx */
1206 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
1207 }
1208
1209 /* Free TLS */
1210 LdrpFreeTls();
1211 RtlLeaveCriticalSection(&LdrpLoaderLock);
1212
1213 /* Check for expansion slots */
1214 if (Teb->TlsExpansionSlots)
1215 {
1216 /* Free expansion slots */
1217 RtlFreeHeap(RtlGetProcessHeap(), 0, Teb->TlsExpansionSlots);
1218 }
1219
1220 /* Check for FLS Data */
1221 if (Teb->FlsData)
1222 {
1223 /* Mimic BaseRundownFls */
1224 ULONG n, FlsHighIndex;
1225 PRTL_FLS_DATA pFlsData;
1226 PFLS_CALLBACK_FUNCTION lpCallback;
1227
1228 pFlsData = Teb->FlsData;
1229
1230 RtlAcquirePebLock();
1231 FlsHighIndex = NtCurrentPeb()->FlsHighIndex;
1232 RemoveEntryList(&pFlsData->ListEntry);
1233 RtlReleasePebLock();
1234
1235 for (n = 1; n <= FlsHighIndex; ++n)
1236 {
1237 lpCallback = NtCurrentPeb()->FlsCallback[n];
1238 if (lpCallback && pFlsData->Data[n])
1239 {
1240 lpCallback(pFlsData->Data[n]);
1241 }
1242 }
1243
1244 RtlFreeHeap(RtlGetProcessHeap(), 0, pFlsData);
1245 Teb->FlsData = NULL;
1246 }
1247
1248 /* Check for Fiber data */
1249 if (Teb->HasFiberData)
1250 {
1251 /* Free Fiber data*/
1252 RtlFreeHeap(RtlGetProcessHeap(), 0, Teb->NtTib.FiberData);
1253 Teb->NtTib.FiberData = NULL;
1254 }
1255
1256 /* Free the activation context stack */
1257 RtlFreeThreadActivationContextStack();
1258 DPRINT("LdrShutdownThread() done\n");
1259
1260 return STATUS_SUCCESS;
1261}
DLL_THREAD_DETACH
#define DLL_THREAD_DETACH
Definition: compat.h:133
RemoveEntryList
#define RemoveEntryList(Entry)
Definition: env_spec_w32.h:986
n
GLdouble n
Definition: glext.h:7729
RtlReleasePebLock
NTSYSAPI void WINAPI RtlReleasePebLock(void)
Definition: libsupp.c:84
RtlAcquirePebLock
NTSYSAPI void WINAPI RtlAcquirePebLock(void)
Definition: libsupp.c:74
RtlFreeThreadActivationContextStack
NTSYSAPI void WINAPI RtlFreeThreadActivationContextStack(void)
Definition: actctx.c:5515
LdrpFreeTls
VOID NTAPI LdrpFreeTls(VOID)
Definition: ldrinit.c:1391
LDRP_IMAGE_DLL
#define LDRP_IMAGE_DLL
Definition: ldrtypes.h:39
_NT_TIB::FiberData
PVOID FiberData
Definition: compat.h:716
_RTL_FLS_DATA
Definition: rtltypes.h:1216
_RTL_FLS_DATA::ListEntry
LIST_ENTRY ListEntry
Definition: rtltypes.h:1217
_RTL_FLS_DATA::Data
PVOID Data[RTL_FLS_MAXIMUM_AVAILABLE]
Definition: rtltypes.h:1218
_TEB::TlsExpansionSlots
PVOID * TlsExpansionSlots
Definition: compat.h:894
_TEB::NtTib
NT_TIB NtTib
Definition: ntddk_ex.h:332
PFLS_CALLBACK_FUNCTION
VOID(WINAPI * PFLS_CALLBACK_FUNCTION)(PVOID)
Definition: winbase.h:1475

◆ LdrUnloadDll()

NTSTATUS NTAPI LdrUnloadDll ( _In_ PVOID  BaseAddress)

Definition at line 1291 of file ldrapi.c.

1293{
1294 NTSTATUS Status = STATUS_SUCCESS;
1295 PPEB Peb = NtCurrentPeb();
1296 PLDR_DATA_TABLE_ENTRY LdrEntry, CurrentEntry;
1297 PVOID EntryPoint;
1298 PLIST_ENTRY NextEntry;
1299 LIST_ENTRY UnloadList;
1300 RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
1301 PVOID CorImageData;
1302 ULONG ComSectionSize;
1303
1304 /* Get the LDR Lock */
1305 if (!LdrpInLdrInit) RtlEnterCriticalSection(Peb->LoaderLock);
1306
1307 /* Increase the unload count */
1308 LdrpActiveUnloadCount++;
1309
1310 /* Skip unload */
1311 if (LdrpShutdownInProgress) goto Quickie;
1312
1313 /* Make sure the DLL is valid and get its entry */
1314 if (!LdrpCheckForLoadedDllHandle(BaseAddress, &LdrEntry))
1315 {
1316 Status = STATUS_DLL_NOT_FOUND;
1317 goto Quickie;
1318 }
1319
1320 /* Check the current Load Count */
1321 if (LdrEntry->LoadCount != 0xFFFF)
1322 {
1323 /* Decrease it */
1324 LdrEntry->LoadCount--;
1325
1326 /* If it's a dll */
1327 if (LdrEntry->Flags & LDRP_IMAGE_DLL)
1328 {
1329 /* Set up the Act Ctx */
1330 ActCtx.Size = sizeof(ActCtx);
1331 ActCtx.Format = RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER;
1332 RtlZeroMemory(&ActCtx.Frame, sizeof(RTL_ACTIVATION_CONTEXT_STACK_FRAME));
1333
1334 /* Activate the ActCtx */
1335 RtlActivateActivationContextUnsafeFast(&ActCtx,
1336 LdrEntry->EntryPointActivationContext);
1337
1338 /* Update the load count */
1339 LdrpUpdateLoadCount2(LdrEntry, LDRP_UPDATE_DEREFCOUNT);
1340
1341 /* Release the context */
1342 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
1343 }
1344 }
1345 else
1346 {
1347 /* The DLL is locked */
1348 goto Quickie;
1349 }
1350
1351 /* Show debug message */
1352 if (ShowSnaps) DPRINT1("LDR: UNINIT LIST\n");
1353
1354 /* Check if this is our only unload and initialize the list if so */
1355 if (LdrpActiveUnloadCount == 1) InitializeListHead(&LdrpUnloadHead);
1356
1357 /* Loop the modules to build the list */
1358 NextEntry = Peb->Ldr->InInitializationOrderModuleList.Blink;
1359 while (NextEntry != &Peb->Ldr->InInitializationOrderModuleList)
1360 {
1361 /* Get the entry */
1362 LdrEntry = CONTAINING_RECORD(NextEntry,
1363 LDR_DATA_TABLE_ENTRY,
1364 InInitializationOrderLinks);
1365 NextEntry = NextEntry->Blink;
1366
1367 /* Remove flag */
1368 LdrEntry->Flags &= ~LDRP_UNLOAD_IN_PROGRESS;
1369
1370 /* If the load count is now 0 */
1371 if (!LdrEntry->LoadCount)
1372 {
1373 /* Show message */
1374 if (ShowSnaps)
1375 {
1376 DPRINT1("(%lu) [%ws] %ws (%lx) deinit %p\n",
1377 LdrpActiveUnloadCount,
1378 LdrEntry->BaseDllName.Buffer,
1379 LdrEntry->FullDllName.Buffer,
1380 (ULONG)LdrEntry->LoadCount,
1381 LdrEntry->EntryPoint);
1382 }
1383
1384 /* Call Shim Engine and notify */
1385 if (g_ShimsEnabled)
1386 {
1387 VOID (NTAPI* SE_DllUnloaded)(PVOID) = RtlDecodeSystemPointer(g_pfnSE_DllUnloaded);
1388 SE_DllUnloaded(LdrEntry);
1389 }
1390
1391 /* Unlink it */
1392 CurrentEntry = LdrEntry;
1393 RemoveEntryList(&CurrentEntry->InInitializationOrderLinks);
1394 RemoveEntryList(&CurrentEntry->InMemoryOrderLinks);
1395 RemoveEntryList(&CurrentEntry->HashLinks);
1396
1397 /* If there's more then one active unload */
1398 if (LdrpActiveUnloadCount > 1)
1399 {
1400 /* Flush the cached DLL handle and clear the list */
1401 LdrpLoadedDllHandleCache = NULL;
1402 CurrentEntry->InMemoryOrderLinks.Flink = NULL;
1403 }
1404
1405 /* Add the entry on the unload list */
1406 InsertTailList(&LdrpUnloadHead, &CurrentEntry->HashLinks);
1407 }
1408 }
1409
1410 /* Only call the entrypoints once */
1411 if (LdrpActiveUnloadCount > 1) goto Quickie;
1412
1413 /* Now loop the unload list and create our own */
1414 InitializeListHead(&UnloadList);
1415 CurrentEntry = NULL;
1416 NextEntry = LdrpUnloadHead.Flink;
1417 while (NextEntry != &LdrpUnloadHead)
1418 {
1419 /* Get the current entry */
1420 LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, HashLinks);
1421
1422 LdrpRecordUnloadEvent(LdrEntry);
1423
1424 /* Set the entry and clear it from the list */
1425 CurrentEntry = LdrEntry;
1426 LdrpLoadedDllHandleCache = NULL;
1427 CurrentEntry->InMemoryOrderLinks.Flink = NULL;
1428
1429 /* Move it from the global to the local list */
1430 RemoveEntryList(&CurrentEntry->HashLinks);
1431 InsertTailList(&UnloadList, &CurrentEntry->HashLinks);
1432
1433 /* Get the entrypoint */
1434 EntryPoint = LdrEntry->EntryPoint;
1435
1436 /* Check if we should call it */
1437 if ((EntryPoint) && (LdrEntry->Flags & LDRP_PROCESS_ATTACH_CALLED))
1438 {
1439 /* Show message */
1440 if (ShowSnaps)
1441 {
1442 DPRINT1("LDR: Calling deinit %p\n", EntryPoint);
1443 }
1444
1445 /* Set up the Act Ctx */
1446 ActCtx.Size = sizeof(ActCtx);
1447 ActCtx.Format = RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER;
1448 RtlZeroMemory(&ActCtx.Frame, sizeof(RTL_ACTIVATION_CONTEXT_STACK_FRAME));
1449
1450 /* Activate the ActCtx */
1451 RtlActivateActivationContextUnsafeFast(&ActCtx,
1452 LdrEntry->EntryPointActivationContext);
1453
1454 /* Call the entrypoint */
1455 _SEH2_TRY
1456 {
1457 LdrpCallInitRoutine(LdrEntry->EntryPoint,
1458 LdrEntry->DllBase,
1459 DLL_PROCESS_DETACH,
1460 NULL);
1461 }
1462 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1463 {
1464 DPRINT1("WARNING: Exception 0x%x during LdrpCallInitRoutine(DLL_PROCESS_DETACH) for %wZ\n",
1465 _SEH2_GetExceptionCode(), &LdrEntry->BaseDllName);
1466 }
1467 _SEH2_END;
1468
1469 /* Release the context */
1470 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
1471 }
1472
1473 /* Remove it from the list */
1474 RemoveEntryList(&CurrentEntry->InLoadOrderLinks);
1475 CurrentEntry = NULL;
1476 NextEntry = LdrpUnloadHead.Flink;
1477 }
1478
1479 /* Now loop our local list */
1480 NextEntry = UnloadList.Flink;
1481 while (NextEntry != &UnloadList)
1482 {
1483 /* Get the entry */
1484 LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, HashLinks);
1485 NextEntry = NextEntry->Flink;
1486 CurrentEntry = LdrEntry;
1487
1488 /* Notify Application Verifier */
1489 if (Peb->NtGlobalFlag & FLG_HEAP_ENABLE_TAIL_CHECK)
1490 {
1491 AVrfDllUnloadNotification(LdrEntry);
1492 }
1493
1494 /* Show message */
1495 if (ShowSnaps)
1496 {
1497 DPRINT1("LDR: Unmapping [%ws]\n", LdrEntry->BaseDllName.Buffer);
1498 }
1499
1500#if (_WIN32_WINNT >= _WIN32_WINNT_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA)
1501 /* Send shutdown notification */
1502 LdrpSendDllNotifications(CurrentEntry, LDR_DLL_NOTIFICATION_REASON_UNLOADED);
1503#endif
1504
1505 /* Check if this is a .NET executable */
1506 CorImageData = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
1507 TRUE,
1508 IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR,
1509 &ComSectionSize);
1510 if (CorImageData)
1511 {
1512 /* FIXME */
1513 DPRINT1(".NET Images are not supported yet\n");
1514 }
1515
1516 /* Check if we should unmap*/
1517 if (!(CurrentEntry->Flags & LDR_COR_OWNS_UNMAP))
1518 {
1519 /* Unmap the DLL */
1520 Status = NtUnmapViewOfSection(NtCurrentProcess(),
1521 CurrentEntry->DllBase);
1522 ASSERT(NT_SUCCESS(Status));
1523 }
1524
1525 /* Unload the alternate resource module, if any */
1526 LdrUnloadAlternateResourceModule(CurrentEntry->DllBase);
1527
1528 /* Check if a Hotpatch is active */
1529 if (LdrEntry->PatchInformation)
1530 {
1531 /* FIXME */
1532 DPRINT1("We don't support Hotpatching yet\n");
1533 }
1534
1535 /* Deallocate the Entry */
1536 LdrpFinalizeAndDeallocateDataTableEntry(CurrentEntry);
1537
1538 /* If this is the cached entry, invalidate it */
1539 if (LdrpGetModuleHandleCache == CurrentEntry)
1540 {
1541 LdrpGetModuleHandleCache = NULL;
1542 }
1543 }
1544
1545Quickie:
1546 /* Decrease unload count */
1547 LdrpActiveUnloadCount--;
1548 if (!LdrpInLdrInit) RtlLeaveCriticalSection(Peb->LoaderLock);
1549
1550 /* Return to caller */
1551 return Status;
1552}
NtUnmapViewOfSection
NTSTATUS NTAPI NtUnmapViewOfSection(IN HANDLE ProcessHandle, IN PVOID BaseAddress)
Definition: section.c:3483
RtlImageDirectoryEntryToData
#define RtlImageDirectoryEntryToData
Definition: compat.h:809
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
InitializeListHead
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
FLG_HEAP_ENABLE_TAIL_CHECK
#define FLG_HEAP_ENABLE_TAIL_CHECK
Definition: pstypes.h:60
LdrpUnloadHead
LIST_ENTRY LdrpUnloadHead
Definition: ldrapi.c:19
LdrUnloadAlternateResourceModule
BOOLEAN NTAPI LdrUnloadAlternateResourceModule(_In_ PVOID BaseAddress)
Definition: ldrapi.c:1603
LDR_DLL_NOTIFICATION_REASON_UNLOADED
#define LDR_DLL_NOTIFICATION_REASON_UNLOADED
Definition: ldrtypes.h:204
LDR_COR_OWNS_UNMAP
#define LDR_COR_OWNS_UNMAP
Definition: ldrtypes.h:57
RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER
#define RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER
Definition: rtltypes.h:101
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657
LDRP_UPDATE_DEREFCOUNT
#define LDRP_UPDATE_DEREFCOUNT
Definition: ntdllp.h:16
LdrpActiveUnloadCount
ULONG LdrpActiveUnloadCount
Definition: ldrinit.c:82
LdrpFinalizeAndDeallocateDataTableEntry
VOID NTAPI LdrpFinalizeAndDeallocateDataTableEntry(IN PLDR_DATA_TABLE_ENTRY Entry)
Definition: ldrutils.c:1577
AVrfDllUnloadNotification
VOID NTAPI AVrfDllUnloadNotification(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: verifier.c:332
LdrpSendDllNotifications
VOID NTAPI LdrpSendDllNotifications(_In_ PLDR_DATA_TABLE_ENTRY DllEntry, _In_ ULONG NotificationReason)
Definition: ldrnotify.c:104
LdrpRecordUnloadEvent
VOID NTAPI LdrpRecordUnloadEvent(_In_ PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: trace.c:28
g_pfnSE_DllUnloaded
PVOID g_pfnSE_DllUnloaded
Definition: ldrutils.c:24
LdrpLoadedDllHandleCache
PLDR_DATA_TABLE_ENTRY LdrpLoadedDllHandleCache
Definition: ntdllp.h:59
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Definition: ntimage.h:489
SE_DllUnloaded
VOID WINAPI SE_DllUnloaded(PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: shimeng.c:1465
_LDR_DATA_TABLE_ENTRY::InLoadOrderLinks
LIST_ENTRY InLoadOrderLinks
Definition: ldrtypes.h:142
_LDR_DATA_TABLE_ENTRY::InInitializationOrderLinks
LIST_ENTRY InInitializationOrderLinks
Definition: ldrtypes.h:144
_LDR_DATA_TABLE_ENTRY::InMemoryOrderLinks
LIST_ENTRY InMemoryOrderLinks
Definition: btrfs_drv.h:1878
_LDR_DATA_TABLE_ENTRY::HashLinks
LIST_ENTRY HashLinks
Definition: ldrtypes.h:155
_LDR_DATA_TABLE_ENTRY::PatchInformation
PVOID PatchInformation
Definition: ldrtypes.h:168
_PEB::LoaderLock
PVOID LoaderLock
Definition: ntddk_ex.h:295
_PEB::NtGlobalFlag
ULONG NtGlobalFlag
Definition: ntddk_ex.h:270
PVOID
void * PVOID
Definition: typedefs.h:50

Referenced by BasepReplaceProcessThreadTokens(), CsrLoadServerDll(), FreeLibrary(), FreeLibraryAndExitThread(), InitApphelp(), LdrpLoadDll(), LdrpUnloadShimEngine(), LsapAddAuthPackage(), PropertyLengthAsVariant(), RtlConvertPropertyToVariant(), RtlConvertVariantToProperty(), START_TEST(), tp_object_execute(), and tp_object_release().

◆ LdrVerifyImageMatchesChecksum()

NTSTATUS NTAPI LdrVerifyImageMatchesChecksum ( _In_ HANDLE  FileHandle,
_In_ PLDR_CALLBACK  Callback,
_In_ PVOID  CallbackContext,
_Out_ PUSHORT  ImageCharacteristics 
)

Definition at line 804 of file ldrapi.c.

809{
810 FILE_STANDARD_INFORMATION FileStandardInfo;
811 PIMAGE_IMPORT_DESCRIPTOR ImportData;
812 PIMAGE_SECTION_HEADER LastSection = NULL;
813 IO_STATUS_BLOCK IoStatusBlock;
814 PIMAGE_NT_HEADERS NtHeader;
815 HANDLE SectionHandle;
816 SIZE_T ViewSize;
817 PVOID ViewBase;
818 BOOLEAN Result, NoActualCheck;
819 NTSTATUS Status;
820 PVOID ImportName;
821 ULONG Size;
822 DPRINT("LdrVerifyImageMatchesChecksum() called\n");
823
824 /* If the handle has the magic KnownDll flag, skip actual checksums */
825 NoActualCheck = ((ULONG_PTR)FileHandle & 1);
826
827 /* Create the section */
828 Status = NtCreateSection(&SectionHandle,
829 SECTION_MAP_EXECUTE,
830 NULL,
831 NULL,
832 PAGE_EXECUTE,
833 SEC_COMMIT,
834 FileHandle);
835 if (!NT_SUCCESS(Status))
836 {
837 DPRINT1 ("NtCreateSection() failed (Status 0x%x)\n", Status);
838 return Status;
839 }
840
841 /* Map the section */
842 ViewSize = 0;
843 ViewBase = NULL;
844 Status = NtMapViewOfSection(SectionHandle,
845 NtCurrentProcess(),
846 &ViewBase,
847 0,
848 0,
849 NULL,
850 &ViewSize,
851 ViewShare,
852 0,
853 PAGE_EXECUTE);
854 if (!NT_SUCCESS(Status))
855 {
856 DPRINT1("NtMapViewOfSection() failed (Status 0x%x)\n", Status);
857 NtClose(SectionHandle);
858 return Status;
859 }
860
861 /* Get the file information */
862 Status = NtQueryInformationFile(FileHandle,
863 &IoStatusBlock,
864 &FileStandardInfo,
865 sizeof(FILE_STANDARD_INFORMATION),
866 FileStandardInformation);
867 if (!NT_SUCCESS(Status))
868 {
869 DPRINT1("NtMapViewOfSection() failed (Status 0x%x)\n", Status);
870 NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
871 NtClose(SectionHandle);
872 return Status;
873 }
874
875 /* Protect with SEH */
876 _SEH2_TRY
877 {
878 /* Check if this is the KnownDll hack */
879 if (NoActualCheck)
880 {
881 /* Don't actually do it */
882 Result = TRUE;
883 }
884 else
885 {
886 /* Verify the checksum */
887 Result = LdrVerifyMappedImageMatchesChecksum(ViewBase,
888 FileStandardInfo.EndOfFile.LowPart,
889 FileStandardInfo.EndOfFile.LowPart);
890 }
891
892 /* Check if a callback was supplied */
893 if ((Result) && (Callback))
894 {
895 /* Get the NT Header */
896 NtHeader = RtlImageNtHeader(ViewBase);
897
898 /* Check if caller requested this back */
899 if (ImageCharacteristics)
900 {
901 /* Return to caller */
902 *ImageCharacteristics = NtHeader->FileHeader.Characteristics;
903 }
904
905 /* Get the Import Directory Data */
906 ImportData = RtlImageDirectoryEntryToData(ViewBase,
907 FALSE,
908 IMAGE_DIRECTORY_ENTRY_IMPORT,
909 &Size);
910
911 /* Make sure there is one */
912 if (ImportData)
913 {
914 /* Loop the imports */
915 while (ImportData->Name)
916 {
917 /* Get the name */
918 ImportName = RtlImageRvaToVa(NtHeader,
919 ViewBase,
920 ImportData->Name,
921 &LastSection);
922
923 /* Notify the callback */
924 Callback(CallbackContext, ImportName);
925 ImportData++;
926 }
927 }
928 }
929 }
930 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
931 {
932 /* Fail the request returning STATUS_IMAGE_CHECKSUM_MISMATCH */
933 Result = FALSE;
934 }
935 _SEH2_END;
936
937 /* Unmap file and close handle */
938 NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
939 NtClose(SectionHandle);
940
941 /* Return status */
942 return Result ? Status : STATUS_IMAGE_CHECKSUM_MISMATCH;
943}
NtCreateSection
NTSTATUS NTAPI NtCreateSection(OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG SectionPageProtection OPTIONAL, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL)
Definition: section.c:3076
NtMapViewOfSection
NTSTATUS NTAPI NtMapViewOfSection(IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG_PTR ZeroBits, IN SIZE_T CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PSIZE_T ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Protect)
Definition: section.c:3257
RtlImageRvaToVa
#define RtlImageRvaToVa
Definition: compat.h:807
FileHandle
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE FileHandle
Definition: fltkernel.h:1231
LdrVerifyMappedImageMatchesChecksum
BOOLEAN NTAPI LdrVerifyMappedImageMatchesChecksum(_In_ PVOID BaseAddress, _In_ SIZE_T NumberOfBytes, _In_ ULONG FileLength)
IoStatusBlock
static OUT PIO_STATUS_BLOCK IoStatusBlock
Definition: pipe.c:75
ViewSize
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T ViewSize
Definition: mmfuncs.h:408
SEC_COMMIT
#define SEC_COMMIT
Definition: mmtypes.h:100
SECTION_MAP_EXECUTE
#define SECTION_MAP_EXECUTE
Definition: nt_native.h:1290
PAGE_EXECUTE
#define PAGE_EXECUTE
Definition: nt_native.h:1306
NtQueryInformationFile
NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(IN HANDLE hFile, OUT PIO_STATUS_BLOCK pIoStatusBlock, OUT PVOID FileInformationBuffer, IN ULONG FileInformationBufferLength, IN FILE_INFORMATION_CLASS FileInfoClass)
ViewShare
@ ViewShare
Definition: nt_native.h:1278
STATUS_IMAGE_CHECKSUM_MISMATCH
#define STATUS_IMAGE_CHECKSUM_MISMATCH
Definition: ntstatus.h:677
IMAGE_DIRECTORY_ENTRY_IMPORT
#define IMAGE_DIRECTORY_ENTRY_IMPORT
Definition: pedump.c:260
FileStandardInformation
#define FileStandardInformation
Definition: propsheet.cpp:61
_FILE_STANDARD_INFORMATION
Definition: propsheet.cpp:53
_FILE_STANDARD_INFORMATION::EndOfFile
LARGE_INTEGER EndOfFile
Definition: propsheet.cpp:55
_IMAGE_FILE_HEADER::Characteristics
WORD Characteristics
Definition: ntddk_ex.h:128
_IMAGE_IMPORT_DESCRIPTOR
Definition: ntimage.h:572
_IMAGE_IMPORT_DESCRIPTOR::Name
ULONG Name
Definition: ntimage.h:579
_IMAGE_NT_HEADERS::FileHeader
IMAGE_FILE_HEADER FileHeader
Definition: ntddk_ex.h:183
_IMAGE_SECTION_HEADER
Definition: pedump.c:280
_IO_STATUS_BLOCK
Definition: env_spec_w32.h:870
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
_LARGE_INTEGER::LowPart
ULONG LowPart
Definition: typedefs.h:106
Callback
_In_ WDFINTERRUPT _In_ PFN_WDF_INTERRUPT_SYNCHRONIZE Callback
Definition: wdfinterrupt.h:458
CallbackContext
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR _In_ ULONGLONG _In_ ULONGLONG _In_opt_ PEVENT_FILTER_DESCRIPTOR _Inout_opt_ PVOID CallbackContext
Definition: wmitypes.h:60
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409

Referenced by SmpInitializeKnownDllsInternal().