libsupp.c File Reference

#include <freeldr.h>

Include dependency graph for libsupp.c:

Go to the source code of this file.

Functions
PVOID NTAPI	RtlpAllocateMemory (ULONG Bytes, ULONG Tag)
VOID NTAPI	RtlpFreeMemory (PVOID Mem, ULONG Tag)
NTSTATUS NTAPI	RtlpSafeCopyMemory (_Out_writes_bytes_all_(Length) VOID UNALIGNED *Destination, _In_reads_bytes_(Length) CONST VOID UNALIGNED *Source, _In_ SIZE_T Length)
NTSTATUS NTAPI	RtlpImageNtHeaderEx (_In_ ULONG Flags, _In_ PVOID Base, _In_ ULONG64 Size, _Out_ PIMAGE_NT_HEADERS *OutHeaders)
NTSTATUS NTAPI	RtlImageNtHeaderEx (_In_ ULONG Flags, _In_ PVOID Base, _In_ ULONG64 Size, _Out_ PIMAGE_NT_HEADERS *OutHeaders)

Variables
PVOID	MmHighestUserAddress = (PVOID)MI_HIGHEST_USER_ADDRESS

Function Documentation

RtlImageNtHeaderEx()

NTSTATUS NTAPI RtlImageNtHeaderEx	(	_In_ ULONG	Flags,
		_In_ PVOID	Base,
		_In_ ULONG64	Size,
		_Out_ PIMAGE_NT_HEADERS *	OutHeaders
	)

Definition at line 78 of file libsupp.c.

{
    return RtlpImageNtHeaderEx(Flags, Base, Size, OutHeaders);
}

Referenced by LdrpCheckForLoadedDll(), and RtlImageNtHeader().

RtlpAllocateMemory()

PVOID NTAPI RtlpAllocateMemory	(	ULONG	Bytes,
		ULONG	Tag
	)

Definition at line 35 of file libsupp.c.

{
    return FrLdrHeapAlloc(Bytes, Tag);
}

Referenced by _Success_(), RtlAddFunctionTable(), RtlAddRange(), RtlAllocateAndInitializeSid(), RtlCopyRangeList(), RtlInstallFunctionTableCallback(), RtlpSysVolCheckOwnerAndSecurity(), and RtlpSysVolCreateSecurityDescriptor().

RtlpFreeMemory()

VOID NTAPI RtlpFreeMemory	(	PVOID	Mem,
		ULONG	Tag
	)

Definition at line 44 of file libsupp.c.

{
    FrLdrHeapFree(Mem, Tag);
}

Referenced by _Success_(), RtlAddRange(), RtlCreateSystemVolumeInformationFolder(), RtlDeleteFunctionTable(), RtlDeleteOwnersRanges(), RtlDeleteRange(), RtlFreeRangeList(), RtlFreeSid(), RtlpSysVolCheckOwnerAndSecurity(), and RtlpSysVolCreateSecurityDescriptor().

RtlpImageNtHeaderEx()

NTSTATUS NTAPI RtlpImageNtHeaderEx	(	_In_ ULONG	Flags,
		_In_ PVOID	Base,
		_In_ ULONG64	Size,
		_Out_ PIMAGE_NT_HEADERS *	OutHeaders
	)

Definition at line 140 of file image.c.

{
    PIMAGE_NT_HEADERS NtHeaders;
    PIMAGE_DOS_HEADER DosHeader;
    BOOLEAN WantsRangeCheck;
    ULONG NtHeaderOffset;
 
    /* You must want NT Headers, no? */
    if (OutHeaders == NULL)
    {
        DPRINT1("OutHeaders is NULL\n");
        return STATUS_INVALID_PARAMETER;
    }
 
    /* Assume failure */
    *OutHeaders = NULL;
 
    /* Validate Flags */
    if (Flags & ~RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK)
    {
        DPRINT1("Invalid flags: 0x%lx\n", Flags);
        return STATUS_INVALID_PARAMETER;
    }
 
    /* Validate base */
    if ((Base == NULL) || (Base == (PVOID)-1))
    {
        DPRINT1("Invalid base address: %p\n", Base);
        return STATUS_INVALID_PARAMETER;
    }
 
    /* Check if the caller wants range checks */
    WantsRangeCheck = !(Flags & RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK);
    if (WantsRangeCheck)
    {
        /* Make sure the image size is at least big enough for the DOS header */
        if (Size < sizeof(IMAGE_DOS_HEADER))
        {
            DPRINT1("Size too small\n");
            return STATUS_INVALID_IMAGE_FORMAT;
        }
    }
 
    /* Check if the DOS Signature matches */
    DosHeader = Base;
    if (DosHeader->e_magic != IMAGE_DOS_SIGNATURE)
    {
        /* Not a valid COFF */
        DPRINT1("Invalid image DOS signature!\n");
        return STATUS_INVALID_IMAGE_FORMAT;
    }
 
    /* Get the offset to the NT headers (and copy from LONG to ULONG) */
    NtHeaderOffset = DosHeader->e_lfanew;
 
    /* The offset must not be larger than 256MB, as a hard-coded check.
       In Windows this check is only done in user mode, not in kernel mode,
       but it shouldn't harm to have it anyway. Note that without this check,
       other overflow checks would become necessary! */
    if (NtHeaderOffset >= (256 * 1024 * 1024))
    {
        /* Fail */
        DPRINT1("NT headers offset is larger than 256MB!\n");
        return STATUS_INVALID_IMAGE_FORMAT;
    }
 
    /* Check if the caller wants validation */
    if (WantsRangeCheck)
    {
        /* Make sure the file header fits into the size */
        if ((NtHeaderOffset +
             RTL_SIZEOF_THROUGH_FIELD(IMAGE_NT_HEADERS, FileHeader)) >= Size)
        {
            /* Fail */
            DPRINT1("NT headers beyond image size!\n");
            return STATUS_INVALID_IMAGE_FORMAT;
        }
    }
 
    /* Now get a pointer to the NT Headers */
    NtHeaders = (PIMAGE_NT_HEADERS)((ULONG_PTR)Base + NtHeaderOffset);
 
    /* Check if the mapping is in user space */
    if (Base <= MmHighestUserAddress)
    {
        /* Make sure we don't overflow into kernel space */
        if ((PVOID)(NtHeaders + 1) > MmHighestUserAddress)
        {
            DPRINT1("Image overflows from user space into kernel space!\n");
            return STATUS_INVALID_IMAGE_FORMAT;
        }
    }
 
    /* Verify the PE Signature */
    if (NtHeaders->Signature != IMAGE_NT_SIGNATURE)
    {
        /* Fail */
        DPRINT1("Invalid image NT signature!\n");
        return STATUS_INVALID_IMAGE_FORMAT;
    }
 
    /* Now return success and the NT header */
    *OutHeaders = NtHeaders;
    return STATUS_SUCCESS;
}

Referenced by RtlImageNtHeaderEx().

RtlpSafeCopyMemory()

NTSTATUS NTAPI RtlpSafeCopyMemory	(	_Out_writes_bytes_all_(Length) VOID UNALIGNED *	Destination,
		_In_reads_bytes_(Length) CONST VOID UNALIGNED *	Source,
		_In_ SIZE_T	Length
	)

Definition at line 52 of file libsupp.c.

{
    RtlCopyMemory(Destination, Source, Length);
    return STATUS_SUCCESS;
}

Referenced by RtlLargeIntegerToChar().

Variable Documentation

MmHighestUserAddress

PVOID MmHighestUserAddress = (PVOID)MI_HIGHEST_USER_ADDRESS

Definition at line 23 of file libsupp.c.

Referenced by ExpInitializeExecutive(), KdpQueryMemory(), KeContextToTrapFrame(), KeRosDumpStackFrameArray(), MiDeletePte(), MiInitializePageTable(), NtFlushInstructionCache(), PspIsDescriptorValid(), QSI_DEF(), RtlPcToFileHeader(), and RtlpImageNtHeaderEx().