ReactOS 0.4.16-dev-814-g656a5dc
Macros | Functions | Variables
verifier.c File Reference
#include <ndk/rtlfuncs.h>
#include <reactos/verifier.h>
Include dependency graph for verifier.c:

Go to the source code of this file.

Macros

#define PROVIDER_PREFIX   "RVRF"
 

Functions

VOID NTAPI AVrfpDllLoadCallback (PWSTR DllName, PVOID DllBase, SIZE_T DllSize, PVOID Reserved)
 
VOID NTAPI AVrfpDllUnloadCallback (PWSTR DllName, PVOID DllBase, SIZE_T DllSize, PVOID Reserved)
 
VOID NTAPI AVrfpNtdllHeapFreeCallback (PVOID AllocationBase, SIZE_T AllocationSize)
 
NTSTATUS NTAPI AVrfpLdrGetProcedureAddress (_In_ PVOID BaseAddress, _In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING Name, _In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG Ordinal, _Out_ PVOID *ProcedureAddress)
 
FARPROC WINAPI AVrfpGetProcAddress (IN HMODULE hModule, IN LPCSTR lpProcName)
 
BOOL WINAPI DllMain (HANDLE hInstance, DWORD dwReason, LPVOID lpReserved)
 
PVOID AVrfpFindReplacementThunk (PVOID Proc)
 

Variables

static RTL_VERIFIER_THUNK_DESCRIPTOR AVrfpNtdllThunks []
 
static RTL_VERIFIER_THUNK_DESCRIPTOR AVrfpKernel32Thunks []
 
static RTL_VERIFIER_DLL_DESCRIPTOR AVrfpDllDescriptors []
 
RTL_VERIFIER_PROVIDER_DESCRIPTOR AVrfpProvider
 

Macro Definition Documentation

◆ PROVIDER_PREFIX

#define PROVIDER_PREFIX   "RVRF"

Definition at line 14 of file verifier.c.

Function Documentation

◆ AVrfpDllLoadCallback()

VOID NTAPI AVrfpDllLoadCallback ( PWSTR  DllName,
PVOID  DllBase,
SIZE_T  DllSize,
PVOID  Reserved 
)

Definition at line 87 of file verifier.c.

88{
89 PLDR_DATA_TABLE_ENTRY LdrEntry = (PLDR_DATA_TABLE_ENTRY)Reserved;
90 DbgPrint(PROVIDER_PREFIX ": %ws @ %p: ep: %p\n", DllName, DllBase, LdrEntry->EntryPoint);
91 /* TODO: Hook entrypoint */
92}
PLDR_DATA_TABLE_ENTRY
struct _LDR_DATA_TABLE_ENTRY * PLDR_DATA_TABLE_ENTRY
DbgPrint
#define DbgPrint
Definition: hal.h:12
_LDR_DATA_TABLE_ENTRY
Definition: btrfs_drv.h:1876
_LDR_DATA_TABLE_ENTRY::EntryPoint
PVOID EntryPoint
Definition: ntddk_ex.h:203
PROVIDER_PREFIX
#define PROVIDER_PREFIX
Definition: verifier.c:14
Reserved
_Reserved_ PVOID Reserved
Definition: winddi.h:3974

◆ AVrfpDllUnloadCallback()

VOID NTAPI AVrfpDllUnloadCallback ( PWSTR  DllName,
PVOID  DllBase,
SIZE_T  DllSize,
PVOID  Reserved 
)

Definition at line 95 of file verifier.c.

96{
97 DbgPrint(PROVIDER_PREFIX ": unloading %ws\n", DllName);
98}

◆ AVrfpFindReplacementThunk()

PVOID AVrfpFindReplacementThunk ( PVOID  Proc)

Definition at line 106 of file verifier.c.

107{
108 PRTL_VERIFIER_DLL_DESCRIPTOR DllDescriptor;
109 PRTL_VERIFIER_THUNK_DESCRIPTOR ThunkDescriptor;
110
111 for (DllDescriptor = AVrfpDllDescriptors; DllDescriptor->DllName; ++DllDescriptor)
112 {
113 for (ThunkDescriptor = DllDescriptor->DllThunks; ThunkDescriptor->ThunkName; ++ThunkDescriptor)
114 {
115 if (ThunkDescriptor->ThunkOldAddress == Proc)
116 {
117 return ThunkDescriptor->ThunkNewAddress;
118 }
119 }
120 }
121 return Proc;
122}
_RTL_VERIFIER_DLL_DESCRIPTOR
Definition: verifier.h:16
_RTL_VERIFIER_DLL_DESCRIPTOR::DllName
PWCHAR DllName
Definition: verifier.h:17
_RTL_VERIFIER_DLL_DESCRIPTOR::DllThunks
PRTL_VERIFIER_THUNK_DESCRIPTOR DllThunks
Definition: verifier.h:20
_RTL_VERIFIER_THUNK_DESCRIPTOR
Definition: verifier.h:10
_RTL_VERIFIER_THUNK_DESCRIPTOR::ThunkName
PCHAR ThunkName
Definition: verifier.h:11
_RTL_VERIFIER_THUNK_DESCRIPTOR::ThunkOldAddress
PVOID ThunkOldAddress
Definition: verifier.h:12
_RTL_VERIFIER_THUNK_DESCRIPTOR::ThunkNewAddress
PVOID ThunkNewAddress
Definition: verifier.h:13
AVrfpDllDescriptors
static RTL_VERIFIER_DLL_DESCRIPTOR AVrfpDllDescriptors[]
Definition: verifier.c:47

Referenced by AVrfpGetProcAddress(), and AVrfpLdrGetProcedureAddress().

◆ AVrfpGetProcAddress()

FARPROC WINAPI AVrfpGetProcAddress ( IN HMODULE  hModule,
IN LPCSTR  lpProcName 
)

Definition at line 157 of file verifier.c.

158{
159 FARPROC (WINAPI* oGetProcAddress)(IN HMODULE hModule, IN LPCSTR lpProcName);
160 FARPROC Proc, Replacement;
161
162 if (AVrfpProvider.VerifierDebug & RTL_VRF_DBG_VERIFIER_LOGCALLS)
163 DbgPrint(PROVIDER_PREFIX ": AVrfpGetProcAddress (%p, %s)\n", hModule, lpProcName);
164
165 oGetProcAddress = AVrfpKernel32Thunks[0].ThunkOldAddress;
166 Proc = oGetProcAddress(hModule, lpProcName);
167 if (!Proc)
168 return Proc;
169
170 Replacement = AVrfpFindReplacementThunk(Proc);
171 if (Replacement != Proc)
172 {
173 Proc = Replacement;
174 if (AVrfpProvider.VerifierDebug & RTL_VRF_DBG_VERIFIER_SHOWDYNTHUNKS)
175 DbgPrint(PROVIDER_PREFIX ": AVrfpGetProcAddress (%p, %s) -> thunk address %p\n", hModule, lpProcName, Proc);
176 }
177
178 return Proc;
179}
hModule
HMODULE hModule
Definition: animate.c:44
FARPROC
int(* FARPROC)()
Definition: compat.h:36
_RTL_VERIFIER_PROVIDER_DESCRIPTOR::VerifierDebug
DWORD VerifierDebug
Definition: verifier.h:33
IN
#define IN
Definition: typedefs.h:39
RTL_VRF_DBG_VERIFIER_LOGCALLS
#define RTL_VRF_DBG_VERIFIER_LOGCALLS
Definition: verifier.h:80
RTL_VRF_DBG_VERIFIER_SHOWDYNTHUNKS
#define RTL_VRF_DBG_VERIFIER_SHOWDYNTHUNKS
Definition: verifier.h:81
AVrfpKernel32Thunks
static RTL_VERIFIER_THUNK_DESCRIPTOR AVrfpKernel32Thunks[]
Definition: verifier.c:41
AVrfpFindReplacementThunk
PVOID AVrfpFindReplacementThunk(PVOID Proc)
Definition: verifier.c:106
AVrfpProvider
RTL_VERIFIER_PROVIDER_DESCRIPTOR AVrfpProvider
Definition: verifier.c:54
WINAPI
#define WINAPI
Definition: msvc.h:6
LPCSTR
const char * LPCSTR
Definition: xmlstorage.h:183

◆ AVrfpLdrGetProcedureAddress()

NTSTATUS NTAPI AVrfpLdrGetProcedureAddress ( _In_ PVOID  BaseAddress,
_In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING  Name,
_In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG  Ordinal,
_Out_ PVOID ProcedureAddress 
)

Definition at line 126 of file verifier.c.

131{
132 NTSTATUS(NTAPI *oLdrGetProcedureAddress)(
133 _In_ PVOID BaseAddress,
134 _In_opt_ _When_(Ordinal == 0, _Notnull_) PANSI_STRING Name,
135 _In_opt_ _When_(Name == NULL, _In_range_(>, 0)) ULONG Ordinal,
136 _Out_ PVOID *ProcedureAddress);
137 NTSTATUS Status;
138 PVOID Replacement;
139
140 oLdrGetProcedureAddress = AVrfpNtdllThunks[0].ThunkOldAddress;
141
142 Status = oLdrGetProcedureAddress(BaseAddress, Name, Ordinal, ProcedureAddress);
143 if (!NT_SUCCESS(Status))
144 return Status;
145
146 Replacement = AVrfpFindReplacementThunk(*ProcedureAddress);
147 if (Replacement != *ProcedureAddress)
148 {
149 *ProcedureAddress = Replacement;
150 if (AVrfpProvider.VerifierDebug & RTL_VRF_DBG_VERIFIER_SHOWDYNTHUNKS)
151 DbgPrint(PROVIDER_PREFIX ": AVrfpLdrGetProcedureAddress (%p, %Z) -> thunk address %p\n", BaseAddress, Name, *ProcedureAddress);
152 }
153
154 return Status;
155}
Name
struct NameRec_ * Name
Definition: cdprocs.h:460
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
return
return
Definition: dirsup.c:529
NULL
#define NULL
Definition: types.h:112
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
NTSTATUS
#define NTSTATUS
Definition: precomp.h:19
Status
Status
Definition: gdiplustypes.h:25
if
if(dx< 0)
Definition: linetemp.h:194
BaseAddress
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
Definition: mmfuncs.h:404
_Notnull_
#define _Notnull_
Definition: no_sal2.h:54
_Out_
#define _Out_
Definition: no_sal2.h:160
_In_
#define _In_
Definition: no_sal2.h:158
_In_opt_
#define _In_opt_
Definition: no_sal2.h:212
_In_range_
#define _In_range_(l, h)
Definition: no_sal2.h:368
_When_
#define _When_(c, a)
Definition: no_sal2.h:38
NameRec_
Definition: apinames.c:49
_ANSI_STRING
Definition: env_spec_w32.h:375
NTAPI
#define NTAPI
Definition: typedefs.h:36
ULONG
uint32_t ULONG
Definition: typedefs.h:59
AVrfpNtdllThunks
static RTL_VERIFIER_THUNK_DESCRIPTOR AVrfpNtdllThunks[]
Definition: verifier.c:33

◆ AVrfpNtdllHeapFreeCallback()

VOID NTAPI AVrfpNtdllHeapFreeCallback ( PVOID  AllocationBase,
SIZE_T  AllocationSize 
)

Definition at line 100 of file verifier.c.

101{
102 DbgPrint(PROVIDER_PREFIX ": Heap free 0x%x @ %p\n", AllocationSize, AllocationBase);
103 /* TODO: Sanity checks */
104}
AllocationSize
IN PFCB IN PFILE_OBJECT FileObject IN ULONG AllocationSize
Definition: fatprocs.h:323

◆ DllMain()

BOOL WINAPI DllMain ( HANDLE  hInstance,
DWORD  dwReason,
LPVOID  lpReserved 
)

Definition at line 71 of file verifier.c.

72{
73 switch (dwReason)
74 {
75 case DLL_PROCESS_ATTACH:
76 case DLL_PROCESS_DETACH:
77 case DLL_THREAD_ATTACH:
78 case DLL_THREAD_DETACH:
79 break;
80 case DLL_PROCESS_VERIFIER:
81 *(PRTL_VERIFIER_PROVIDER_DESCRIPTOR*)lpReserved = &AVrfpProvider;
82 break;
83 }
84 return TRUE;
85}
lpReserved
static DWORD const LPVOID const lpReserved
Definition: appcrt_dllmain.cpp:58
dwReason
DWORD dwReason
Definition: misc.cpp:135
TRUE
#define TRUE
Definition: types.h:120
DLL_THREAD_DETACH
#define DLL_THREAD_DETACH
Definition: compat.h:133
DLL_PROCESS_ATTACH
#define DLL_PROCESS_ATTACH
Definition: compat.h:131
DLL_PROCESS_DETACH
#define DLL_PROCESS_DETACH
Definition: compat.h:130
DLL_THREAD_ATTACH
#define DLL_THREAD_ATTACH
Definition: compat.h:132
_RTL_VERIFIER_PROVIDER_DESCRIPTOR
Definition: verifier.h:23
DLL_PROCESS_VERIFIER
#define DLL_PROCESS_VERIFIER
Definition: verifier.h:4

Variable Documentation

◆ AVrfpDllDescriptors

RTL_VERIFIER_DLL_DESCRIPTOR AVrfpDllDescriptors[]
static
Initial value:
=
{
{ L"ntdll.dll", 0, NULL, AVrfpNtdllThunks },
{ L"kernel32.dll", 0, NULL, AVrfpKernel32Thunks },
{ NULL }
}
L
#define L(x)
Definition: ntvdm.h:50

Definition at line 47 of file verifier.c.

Referenced by AVrfpFindReplacementThunk().

◆ AVrfpKernel32Thunks

RTL_VERIFIER_THUNK_DESCRIPTOR AVrfpKernel32Thunks[]
static
Initial value:
=
{
{ "GetProcAddress", NULL, AVrfpGetProcAddress },
{ NULL }
}
AVrfpGetProcAddress
FARPROC WINAPI AVrfpGetProcAddress(IN HMODULE hModule, IN LPCSTR lpProcName)
Definition: verifier.c:157

Definition at line 41 of file verifier.c.

Referenced by AVrfpGetProcAddress().

◆ AVrfpNtdllThunks

RTL_VERIFIER_THUNK_DESCRIPTOR AVrfpNtdllThunks[]
static
Initial value:
=
{
{ "LdrGetProcedureAddress", NULL, AVrfpLdrGetProcedureAddress },
{ NULL }
}
AVrfpLdrGetProcedureAddress
NTSTATUS NTAPI AVrfpLdrGetProcedureAddress(_In_ PVOID BaseAddress, _In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING Name, _In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG Ordinal, _Out_ PVOID *ProcedureAddress)
Definition: verifier.c:126

Definition at line 33 of file verifier.c.

Referenced by AVrfpLdrGetProcedureAddress().

◆ AVrfpProvider

RTL_VERIFIER_PROVIDER_DESCRIPTOR AVrfpProvider
Initial value:
=
{
sizeof(AVrfpProvider),
AVrfpDllDescriptors,
AVrfpDllLoadCallback,
AVrfpDllUnloadCallback,
NULL,
0,
0,
NULL,
NULL,
NULL,
AVrfpNtdllHeapFreeCallback
}
AVrfpDllUnloadCallback
VOID NTAPI AVrfpDllUnloadCallback(PWSTR DllName, PVOID DllBase, SIZE_T DllSize, PVOID Reserved)
Definition: verifier.c:95
AVrfpDllLoadCallback
VOID NTAPI AVrfpDllLoadCallback(PWSTR DllName, PVOID DllBase, SIZE_T DllSize, PVOID Reserved)
Definition: verifier.c:87
AVrfpNtdllHeapFreeCallback
VOID NTAPI AVrfpNtdllHeapFreeCallback(PVOID AllocationBase, SIZE_T AllocationSize)
Definition: verifier.c:100

Definition at line 54 of file verifier.c.

Referenced by AVrfpGetProcAddress(), AVrfpLdrGetProcedureAddress(), and DllMain().