ntdllp.h File Reference

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes
struct	_LDRP_TLS_DATA

Macros
#define	LDR_HASH_TABLE_ENTRIES   32
#define	LDR_GET_HASH_ENTRY(x)   (RtlUpcaseUnicodeChar((x)) & (LDR_HASH_TABLE_ENTRIES - 1))
#define	LDRP_UPDATE_REFCOUNT   0x01
#define	LDRP_UPDATE_DEREFCOUNT   0x02
#define	LDRP_UPDATE_PIN   0x03
#define	IMAGE_LOADER_FLAGS_COMPLUS   0x00000001
#define	IMAGE_LOADER_FLAGS_SYSTEM_GLOBAL   0x01000000
#define	DPH_FLAG_DLL_NOTIFY   0x40

Typedefs
typedef struct _LDRP_TLS_DATA	LDRP_TLS_DATA
typedef struct _LDRP_TLS_DATA *	PLDRP_TLS_DATA
typedef NTSTATUS(NTAPI *	PLDR_APP_COMPAT_DLL_REDIRECTION_CALLBACK_FUNCTION) (_In_ ULONG Flags, _In_ PCWSTR DllName, _In_ PCWSTR DllPath OPTIONAL, _Inout_opt_ PULONG DllCharacteristics, _In_ PVOID CallbackData, _Outptr_ PWSTR *EffectiveDllPath)
typedef NTSTATUS(NTAPI *	PEPFUNC) (PPEB)

Functions
NTSTATUS NTAPI	LdrpRunInitializeRoutines (IN PCONTEXT Context OPTIONAL)
VOID NTAPI	LdrpInitializeThread (IN PCONTEXT Context)
NTSTATUS NTAPI	LdrpInitializeTls (VOID)
NTSTATUS NTAPI	LdrpAllocateTls (VOID)
VOID NTAPI	LdrpFreeTls (VOID)
VOID NTAPI	LdrpCallTlsInitializers (IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Reason)
BOOLEAN NTAPI	LdrpCallInitRoutine (IN PDLL_INIT_ROUTINE EntryPoint, IN PVOID BaseAddress, IN ULONG Reason, IN PVOID Context)
NTSTATUS NTAPI	LdrpInitializeProcess (IN PCONTEXT Context, IN PVOID SystemArgument1)
VOID NTAPI	LdrpInitFailure (NTSTATUS Status)
VOID NTAPI	LdrpValidateImageForMp (IN PLDR_DATA_TABLE_ENTRY LdrDataTableEntry)
VOID NTAPI	LdrpEnsureLoaderLockIsHeld (VOID)
NTSTATUS NTAPI	LdrpSnapThunk (IN PVOID ExportBase, IN PVOID ImportBase, IN PIMAGE_THUNK_DATA OriginalThunk, IN OUT PIMAGE_THUNK_DATA Thunk, IN PIMAGE_EXPORT_DIRECTORY ExportEntry, IN ULONG ExportSize, IN BOOLEAN Static, IN LPSTR DllName)
NTSTATUS NTAPI	LdrpWalkImportDescriptor (IN LPWSTR DllPath OPTIONAL, IN PLDR_DATA_TABLE_ENTRY LdrEntry)
NTSTATUS NTAPI	LdrpGetProcedureAddress (IN PVOID BaseAddress, IN PANSI_STRING Name, IN ULONG Ordinal, OUT PVOID *ProcedureAddress, IN BOOLEAN ExecuteInit)
PLDR_DATA_TABLE_ENTRY NTAPI	LdrpAllocateDataTableEntry (IN PVOID BaseAddress)
VOID NTAPI	LdrpInsertMemoryTableEntry (IN PLDR_DATA_TABLE_ENTRY LdrEntry)
NTSTATUS NTAPI	LdrpLoadDll (IN BOOLEAN Redirected, IN PWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *BaseAddress, IN BOOLEAN CallInit)
VOID NTAPI	LdrpUpdateLoadCount2 (IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Flags)
ULONG NTAPI	LdrpClearLoadInProgress (VOID)
NTSTATUS NTAPI	LdrpSetProtection (PVOID ViewBase, BOOLEAN Restore)
BOOLEAN NTAPI	LdrpCheckForLoadedDllHandle (IN PVOID Base, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
BOOLEAN NTAPI	LdrpCheckForLoadedDll (IN PWSTR DllPath, IN PUNICODE_STRING DllName, IN BOOLEAN Flag, IN BOOLEAN RedirectedDll, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
NTSTATUS NTAPI	LdrpMapDll (IN PWSTR SearchPath OPTIONAL, IN PWSTR DllPath2, IN PWSTR DllName OPTIONAL, IN PULONG DllCharacteristics, IN BOOLEAN Static, IN BOOLEAN Redirect, OUT PLDR_DATA_TABLE_ENTRY *DataTableEntry)
PVOID NTAPI	LdrpFetchAddressOfEntryPoint (PVOID ImageBase)
VOID NTAPI	LdrpFreeUnicodeString (PUNICODE_STRING String)
VOID NTAPI	LdrpRecordUnloadEvent (_In_ PLDR_DATA_TABLE_ENTRY LdrEntry)
VOID NTAPI	LdrpGetShimEngineInterface (VOID)
VOID NTAPI	LdrpLoadShimEngine (IN PWSTR ImageName, IN PUNICODE_STRING ProcessImage, IN PVOID pShimData)
VOID NTAPI	LdrpUnloadShimEngine (VOID)
NTSTATUS NTAPI	LdrpInitializeApplicationVerifierPackage (IN HANDLE KeyHandle, IN PPEB Peb, IN BOOLEAN SystemWide, IN BOOLEAN ReadAdvancedOptions)
NTSTATUS NTAPI	AVrfInitializeVerifier (VOID)
VOID NTAPI	AVrfDllLoadNotification (IN PLDR_DATA_TABLE_ENTRY LdrEntry)
VOID NTAPI	AVrfDllUnloadNotification (IN PLDR_DATA_TABLE_ENTRY LdrEntry)
VOID NTAPI	AVrfPageHeapDllNotification (IN PLDR_DATA_TABLE_ENTRY LdrEntry)
NTSTATUS	LdrMapSections (HANDLE ProcessHandle, PVOID ImageBase, HANDLE SectionHandle, PIMAGE_NT_HEADERS NTHeaders)
NTSTATUS	LdrMapNTDllForProcess (HANDLE ProcessHandle, PHANDLE NTDllSectionHandle)
ULONG	LdrpGetResidentSize (PIMAGE_NT_HEADERS NTHeaders)
NTSTATUS NTAPI	LdrpLoadImportModule (IN PWSTR DllPath OPTIONAL, IN LPSTR ImportName, OUT PLDR_DATA_TABLE_ENTRY *DataTableEntry, OUT PBOOLEAN Existing)
VOID NTAPI	LdrpFinalizeAndDeallocateDataTableEntry (IN PLDR_DATA_TABLE_ENTRY Entry)
BOOLEAN NTAPI	RtlDoesFileExists_UStr (IN PUNICODE_STRING FileName)

Variables
RTL_CRITICAL_SECTION	LdrpLoaderLock
BOOLEAN	LdrpInLdrInit
PVOID	LdrpHeap
LIST_ENTRY	LdrpHashTable [LDR_HASH_TABLE_ENTRIES]
BOOLEAN	ShowSnaps
UNICODE_STRING	LdrpDefaultPath
HANDLE	LdrpKnownDllObjectDirectory
ULONG	LdrpNumberOfProcessors
ULONG	LdrpFatalHardErrorCount
PUNICODE_STRING	LdrpTopLevelDllBeingLoaded
PLDR_DATA_TABLE_ENTRY	LdrpCurrentDllInitializer
UNICODE_STRING	LdrApiDefaultExtension
BOOLEAN	LdrpLdrDatabaseIsSetup
ULONG	LdrpActiveUnloadCount
BOOLEAN	LdrpShutdownInProgress
UNICODE_STRING	LdrpKnownDllPath
PLDR_DATA_TABLE_ENTRY	LdrpGetModuleHandleCache
PLDR_DATA_TABLE_ENTRY	LdrpLoadedDllHandleCache
BOOLEAN	RtlpPageHeapEnabled
ULONG	RtlpDphGlobalFlags
BOOLEAN	g_ShimsEnabled
PVOID	g_pShimEngineModule
PVOID	g_pfnSE_DllLoaded
PVOID	g_pfnSE_DllUnloaded
PVOID	g_pfnSE_InstallBeforeInit
PVOID	g_pfnSE_InstallAfterInit
PVOID	g_pfnSE_ProcessDying

Macro Definition Documentation

DPH_FLAG_DLL_NOTIFY

#define DPH_FLAG_DLL_NOTIFY   0x40

Definition at line 24 of file ntdllp.h.

IMAGE_LOADER_FLAGS_COMPLUS

#define IMAGE_LOADER_FLAGS_COMPLUS   0x00000001

Definition at line 20 of file ntdllp.h.

IMAGE_LOADER_FLAGS_SYSTEM_GLOBAL

#define IMAGE_LOADER_FLAGS_SYSTEM_GLOBAL   0x01000000

Definition at line 21 of file ntdllp.h.

LDR_GET_HASH_ENTRY

#define LDR_GET_HASH_ENTRY

(

x

)

(RtlUpcaseUnicodeChar((x)) & (LDR_HASH_TABLE_ENTRIES - 1))

Definition at line 12 of file ntdllp.h.

LDR_HASH_TABLE_ENTRIES

#define LDR_HASH_TABLE_ENTRIES   32

Definition at line 11 of file ntdllp.h.

LDRP_UPDATE_DEREFCOUNT

#define LDRP_UPDATE_DEREFCOUNT   0x02

Definition at line 16 of file ntdllp.h.

LDRP_UPDATE_PIN

#define LDRP_UPDATE_PIN   0x03

Definition at line 17 of file ntdllp.h.

LDRP_UPDATE_REFCOUNT

#define LDRP_UPDATE_REFCOUNT   0x01

Definition at line 15 of file ntdllp.h.

Typedef Documentation

LDRP_TLS_DATA

typedef struct _LDRP_TLS_DATA LDRP_TLS_DATA

PEPFUNC

typedef NTSTATUS(NTAPI * PEPFUNC) (PPEB)

Definition at line 198 of file ntdllp.h.

PLDR_APP_COMPAT_DLL_REDIRECTION_CALLBACK_FUNCTION

typedef NTSTATUS(NTAPI* PLDR_APP_COMPAT_DLL_REDIRECTION_CALLBACK_FUNCTION) (_In_ ULONG Flags, _In_ PCWSTR DllName, _In_ PCWSTR DllPath OPTIONAL, _Inout_opt_ PULONG DllCharacteristics, _In_ PVOID CallbackData, _Outptr_ PWSTR *EffectiveDllPath)

Definition at line 34 of file ntdllp.h.

PLDRP_TLS_DATA

typedef struct _LDRP_TLS_DATA * PLDRP_TLS_DATA

Function Documentation

AVrfDllLoadNotification()

VOID NTAPI AVrfDllLoadNotification

(

IN PLDR_DATA_TABLE_ENTRY

LdrEntry

)

Definition at line 294 of file verifier.c.

{
    PLIST_ENTRY Entry;

    if (!(NtCurrentPeb()->NtGlobalFlag & FLG_APPLICATION_VERIFIER))
        return;

    RtlEnterCriticalSection(&AVrfpVerifierLock);
    if (!AVrfpIsVerifierProviderDll(LdrEntry->DllBase))
    {
        AvrfpResolveThunks(LdrEntry);

        for (Entry = AVrfpVerifierProvidersList.Flink; Entry != &AVrfpVerifierProvidersList; Entry = Entry->Flink)
        {
            PVERIFIER_PROVIDER Provider;
            RTL_VERIFIER_DLL_LOAD_CALLBACK ProviderDllLoadCallback;

            Provider = CONTAINING_RECORD(Entry, VERIFIER_PROVIDER, ListEntry);

            ProviderDllLoadCallback = Provider->ProviderDllLoadCallback;
            if (ProviderDllLoadCallback)
            {
                ProviderDllLoadCallback(LdrEntry->BaseDllName.Buffer,
                                        LdrEntry->DllBase,
                                        LdrEntry->SizeOfImage,
                                        LdrEntry);
            }
        }
    }
    RtlLeaveCriticalSection(&AVrfpVerifierLock);
}

Referenced by LdrpWalkImportDescriptor().

AVrfDllUnloadNotification()

VOID NTAPI AVrfDllUnloadNotification

(

IN PLDR_DATA_TABLE_ENTRY

LdrEntry

)

Definition at line 328 of file verifier.c.

{
    PLIST_ENTRY Entry;

    if (!(NtCurrentPeb()->NtGlobalFlag & FLG_APPLICATION_VERIFIER))
        return;

    RtlEnterCriticalSection(&AVrfpVerifierLock);
    if (!AVrfpIsVerifierProviderDll(LdrEntry->DllBase))
    {
        for (Entry = AVrfpVerifierProvidersList.Flink; Entry != &AVrfpVerifierProvidersList; Entry = Entry->Flink)
        {
            PVERIFIER_PROVIDER Provider;
            RTL_VERIFIER_DLL_UNLOAD_CALLBACK ProviderDllUnloadCallback;

            Provider = CONTAINING_RECORD(Entry, VERIFIER_PROVIDER, ListEntry);

            ProviderDllUnloadCallback = Provider->ProviderDllUnloadCallback;
            if (ProviderDllUnloadCallback)
            {
                ProviderDllUnloadCallback(LdrEntry->BaseDllName.Buffer,
                                          LdrEntry->DllBase,
                                          LdrEntry->SizeOfImage,
                                          LdrEntry);
            }
        }
    }
    RtlLeaveCriticalSection(&AVrfpVerifierLock);
}

Referenced by LdrUnloadDll().

AVrfInitializeVerifier()

NTSTATUS NTAPI AVrfInitializeVerifier

(

VOID

)

Definition at line 612 of file verifier.c.

{
    NTSTATUS Status;
    PVERIFIER_PROVIDER Provider;
    PLIST_ENTRY Entry;
    WCHAR* Ptr, *Next;

    Status = RtlInitializeCriticalSection(&AVrfpVerifierLock);
    InitializeListHead(&AVrfpVerifierProvidersList);

    if (!NT_SUCCESS(Status))
        return Status;

    DbgPrint("AVRF: %wZ: pid 0x%X: flags 0x%X: application verifier enabled\n",
             &LdrpImageEntry->BaseDllName, NtCurrentTeb()->ClientId.UniqueProcess, AVrfpVerifierFlags);

    Provider = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(VERIFIER_PROVIDER));
    if (!Provider)
        return STATUS_NO_MEMORY;

    RtlInitUnicodeString(&Provider->DllName, L"verifier.dll");
    InsertTailList(&AVrfpVerifierProvidersList, &Provider->ListEntry);

    Next = AVrfpVerifierDllsString;

    do
    {
        while (*Next == L' ' || *Next == L'\t')
            Next++;

        Ptr = Next;

        while (*Next != ' ' && *Next != '\t' && *Next)
            Next++;

        if (*Next)
            *(Next++) = '\0';
        else
            Next = NULL;

        if (*Ptr)
        {
            Provider = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(VERIFIER_PROVIDER));
            if (!Provider)
                return STATUS_NO_MEMORY;
            RtlInitUnicodeString(&Provider->DllName, Ptr);
            InsertTailList(&AVrfpVerifierProvidersList, &Provider->ListEntry);
        }
    } while (Next);

    Entry = AVrfpVerifierProvidersList.Flink;
    while (Entry != &AVrfpVerifierProvidersList)
    {
        Provider = CONTAINING_RECORD(Entry, VERIFIER_PROVIDER, ListEntry);
        Entry = Entry->Flink;

        Status = AVrfpLoadAndInitializeProvider(Provider);
        if (!NT_SUCCESS(Status))
        {
            RemoveEntryList(&Provider->ListEntry);
            RtlFreeHeap(RtlGetProcessHeap(), 0, Provider);
        }
    }

    if (!NT_SUCCESS(Status))
    {
        DbgPrint("AVRF: %wZ: pid 0x%X: application verifier will be disabled due to an initialization error.\n",
                 &LdrpImageEntry->BaseDllName, NtCurrentTeb()->ClientId.UniqueProcess);
        NtCurrentPeb()->NtGlobalFlag &= ~FLG_APPLICATION_VERIFIER;
    }

    return Status;
}

Referenced by LdrpInitializeProcess().

AVrfPageHeapDllNotification()

VOID NTAPI AVrfPageHeapDllNotification

(

IN PLDR_DATA_TABLE_ENTRY

LdrEntry

)

Definition at line 361 of file verifier.c.

{
    /* Check if page heap dll notification is turned on */
    if (!(RtlpDphGlobalFlags & DPH_FLAG_DLL_NOTIFY))
        return;

    /* We don't support this flag currently */
    UNIMPLEMENTED;
}

Referenced by LdrpWalkImportDescriptor().

LdrMapNTDllForProcess()

NTSTATUS LdrMapNTDllForProcess	(	HANDLE	ProcessHandle,
		PHANDLE	NTDllSectionHandle
	)

LdrMapSections()

NTSTATUS LdrMapSections	(	HANDLE	ProcessHandle,
		PVOID	ImageBase,
		HANDLE	SectionHandle,
		PIMAGE_NT_HEADERS	NTHeaders
	)

LdrpAllocateDataTableEntry()

PLDR_DATA_TABLE_ENTRY NTAPI LdrpAllocateDataTableEntry

(

IN PVOID

BaseAddress

)

Definition at line 1549 of file ldrutils.c.

{
    PLDR_DATA_TABLE_ENTRY LdrEntry = NULL;
    PIMAGE_NT_HEADERS NtHeader;

    /* Make sure the header is valid */
    NtHeader = RtlImageNtHeader(BaseAddress);
    DPRINT("LdrpAllocateDataTableEntry(%p), NtHeader %p\n", BaseAddress, NtHeader);

    if (NtHeader)
    {
        /* Allocate an entry */
        LdrEntry = RtlAllocateHeap(LdrpHeap,
                                   HEAP_ZERO_MEMORY,
                                   sizeof(LDR_DATA_TABLE_ENTRY));

        /* Make sure we got one */
        if (LdrEntry)
        {
            /* Set it up */
            LdrEntry->DllBase = BaseAddress;
            LdrEntry->SizeOfImage = NtHeader->OptionalHeader.SizeOfImage;
            LdrEntry->TimeDateStamp = NtHeader->FileHeader.TimeDateStamp;
            LdrEntry->PatchInformation = NULL;
        }
    }

    /* Return the entry */
    return LdrEntry;
}

Referenced by LdrpInitializeProcess(), and LdrpMapDll().

LdrpAllocateTls()

NTSTATUS NTAPI LdrpAllocateTls

(

VOID

)

Definition at line 1317 of file ldrinit.c.

{
    PTEB Teb = NtCurrentTeb();
    PLIST_ENTRY NextEntry, ListHead;
    PLDRP_TLS_DATA TlsData;
    SIZE_T TlsDataSize;
    PVOID *TlsVector;

    /* Check if we have any entries */
    if (!LdrpNumberOfTlsEntries)
        return STATUS_SUCCESS;

    /* Allocate the vector array */
    TlsVector = RtlAllocateHeap(RtlGetProcessHeap(),
                                    0,
                                    LdrpNumberOfTlsEntries * sizeof(PVOID));
    if (!TlsVector) return STATUS_NO_MEMORY;
    Teb->ThreadLocalStoragePointer = TlsVector;

    /* Loop the TLS Array */
    ListHead = &LdrpTlsList;
    NextEntry = ListHead->Flink;
    while (NextEntry != ListHead)
    {
        /* Get the entry */
        TlsData = CONTAINING_RECORD(NextEntry, LDRP_TLS_DATA, TlsLinks);
        NextEntry = NextEntry->Flink;

        /* Allocate this vector */
        TlsDataSize = TlsData->TlsDirectory.EndAddressOfRawData -
                      TlsData->TlsDirectory.StartAddressOfRawData;
        TlsVector[TlsData->TlsDirectory.Characteristics] = RtlAllocateHeap(RtlGetProcessHeap(),
                                                                           0,
                                                                           TlsDataSize);
        if (!TlsVector[TlsData->TlsDirectory.Characteristics])
        {
            /* Out of memory */
            return STATUS_NO_MEMORY;
        }

        /* Show debug message */
        if (ShowSnaps)
        {
            DPRINT1("LDR: TlsVector %p Index %lu = %p copied from %x to %p\n",
                    TlsVector,
                    TlsData->TlsDirectory.Characteristics,
                    &TlsVector[TlsData->TlsDirectory.Characteristics],
                    TlsData->TlsDirectory.StartAddressOfRawData,
                    TlsVector[TlsData->TlsDirectory.Characteristics]);
        }

        /* Copy the data */
        RtlCopyMemory(TlsVector[TlsData->TlsDirectory.Characteristics],
                      (PVOID)TlsData->TlsDirectory.StartAddressOfRawData,
                      TlsDataSize);
    }

    /* Done */
    return STATUS_SUCCESS;
}

Referenced by LdrpInitializeThread(), and LdrpInitializeTls().

LdrpCallInitRoutine()

BOOLEAN NTAPI LdrpCallInitRoutine	(	IN PDLL_INIT_ROUTINE	EntryPoint,
		IN PVOID	BaseAddress,
		IN ULONG	Reason,
		IN PVOID	Context
	)

Definition at line 100 of file ldrutils.c.

{
    /* Call the entry */
    return EntryPoint(BaseAddress, Reason, Context);
}

Referenced by AVrfpLoadAndInitializeProvider(), LdrpCallTlsInitializers(), LdrpInitializeThread(), LdrpRunInitializeRoutines(), LdrpRunShimEngineInitRoutine(), LdrShutdownProcess(), LdrShutdownThread(), and LdrUnloadDll().

LdrpCallTlsInitializers()

VOID NTAPI LdrpCallTlsInitializers	(	IN PLDR_DATA_TABLE_ENTRY	LdrEntry,
		IN ULONG	Reason
	)

Definition at line 473 of file ldrutils.c.

{
    PIMAGE_TLS_DIRECTORY TlsDirectory;
    PIMAGE_TLS_CALLBACK *Array, Callback;
    ULONG Size;

    /* Get the TLS Directory */
    TlsDirectory = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
                                                TRUE,
                                                IMAGE_DIRECTORY_ENTRY_TLS,
                                                &Size);

    /* Protect against invalid pointers */
    _SEH2_TRY
    {
        /* Make sure it's valid */
        if (TlsDirectory)
        {
            /* Get the array */
            Array = (PIMAGE_TLS_CALLBACK *)TlsDirectory->AddressOfCallBacks;
            if (Array)
            {
                /* Display debug */
                if (ShowSnaps)
                {
                    DPRINT1("LDR: Tls Callbacks Found. Imagebase %p Tls %p CallBacks %p\n",
                            LdrEntry->DllBase, TlsDirectory, Array);
                }

                /* Loop the array */
                while (*Array)
                {
                    /* Get the TLS Entrypoint */
                    Callback = *Array++;

                    /* Display debug */
                    if (ShowSnaps)
                    {
                        DPRINT1("LDR: Calling Tls Callback Imagebase %p Function %p\n",
                                LdrEntry->DllBase, Callback);
                    }

                    /* Call it */
                    LdrpCallInitRoutine((PDLL_INIT_ROUTINE)Callback,
                                        LdrEntry->DllBase,
                                        Reason,
                                        NULL);
                }
            }
        }
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        DPRINT1("LDR: Exception 0x%x during Tls Callback(%u) for %wZ\n",
                _SEH2_GetExceptionCode(), Reason, &LdrEntry->BaseDllName);
    }
    _SEH2_END;
}

Referenced by LdrpInitializeThread(), LdrpRunInitializeRoutines(), LdrShutdownProcess(), and LdrShutdownThread().

LdrpCheckForLoadedDll()

BOOLEAN NTAPI LdrpCheckForLoadedDll	(	IN PWSTR	DllPath,
		IN PUNICODE_STRING	DllName,
		IN BOOLEAN	Flag,
		IN BOOLEAN	RedirectedDll,
		OUT PLDR_DATA_TABLE_ENTRY *	LdrEntry
	)

Definition at line 1979 of file ldrutils.c.

{
    ULONG HashIndex;
    PLIST_ENTRY ListHead, ListEntry;
    PLDR_DATA_TABLE_ENTRY CurEntry;
    BOOLEAN FullPath = FALSE;
    PWCHAR wc;
    WCHAR NameBuf[266];
    UNICODE_STRING FullDllName, NtPathName;
    ULONG Length;
    OBJECT_ATTRIBUTES ObjectAttributes;
    NTSTATUS Status;
    HANDLE FileHandle, SectionHandle;
    IO_STATUS_BLOCK Iosb;
    PVOID ViewBase = NULL;
    SIZE_T ViewSize = 0;
    PIMAGE_NT_HEADERS NtHeader, NtHeader2;
    DPRINT("LdrpCheckForLoadedDll('%S' '%wZ' %u %u %p)\n", DllPath ? ((ULONG_PTR)DllPath == 1 ? L"" : DllPath) : L"", DllName, Flag, RedirectedDll, LdrEntry);

    /* Check if a dll name was provided */
    if (!(DllName->Buffer) || !(DllName->Buffer[0])) return FALSE;

    /* FIXME: Warning, "Flag" is used as magic instead of "Static" */
    /* FIXME: Warning, code does not support redirection at all */

    /* Look in the hash table if flag was set */
lookinhash:
    if (Flag  /* the second check is a hack */ && !RedirectedDll)
    {
        /* FIXME: if we get redirected dll it means that we also get a full path so we need to find its filename for the hash lookup */

        /* Get hash index */
        HashIndex = LDR_GET_HASH_ENTRY(DllName->Buffer[0]);

        /* Traverse that list */
        ListHead = &LdrpHashTable[HashIndex];
        ListEntry = ListHead->Flink;
        while (ListEntry != ListHead)
        {
            /* Get the current entry */
            CurEntry = CONTAINING_RECORD(ListEntry, LDR_DATA_TABLE_ENTRY, HashLinks);

            /* Check base name of that module */
            if (RtlEqualUnicodeString(DllName, &CurEntry->BaseDllName, TRUE))
            {
                /* It matches, return it */
                *LdrEntry = CurEntry;
                return TRUE;
            }

            /* Advance to the next entry */
            ListEntry = ListEntry->Flink;
        }

        /* Module was not found, return failure */
        return FALSE;
    }

    /* Check if this is a redirected DLL */
    if (RedirectedDll)
    {
        /* Redirected dlls already have a full path */
        FullPath = TRUE;
        FullDllName = *DllName;
    }
    else
    {
        /* Check if there is a full path in this DLL */
        wc = DllName->Buffer;
        while (*wc)
        {
            /* Check for a slash in the current position*/
            if ((*wc == L'\\') || (*wc == L'/'))
            {
                /* Found the slash, so dll name contains path */
                FullPath = TRUE;

                /* Setup full dll name string */
                FullDllName.Buffer = NameBuf;

                /* FIXME: This is from the Windows 2000 loader, not XP/2003, we should call LdrpSearchPath */
                Length = RtlDosSearchPath_U(DllPath ? DllPath : LdrpDefaultPath.Buffer,
                                            DllName->Buffer,
                                            NULL,
                                            sizeof(NameBuf) - sizeof(UNICODE_NULL),
                                            FullDllName.Buffer,
                                            NULL);

                /* Check if that was successful */
                if (!(Length) || (Length > (sizeof(NameBuf) - sizeof(UNICODE_NULL))))
                {
                    if (ShowSnaps)
                    {
                        DPRINT1("LDR: LdrpCheckForLoadedDll - Unable To Locate %wZ: 0x%08x\n",
                            &DllName, Length);
                    }
                }

                /* Full dll name is found */
                FullDllName.Length = Length;
                FullDllName.MaximumLength = FullDllName.Length + sizeof(UNICODE_NULL);
                break;
            }

            wc++;
        }
    }

    /* Go check the hash table */
    if (!FullPath)
    {
        Flag = TRUE;
        goto lookinhash;
    }

    /* FIXME: Warning, activation context missing */
    DPRINT("Warning, activation context missing\n");

    /* NOTE: From here on down, everything looks good */

    /* Loop the module list */
    ListHead = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
    ListEntry = ListHead->Flink;
    while (ListEntry != ListHead)
    {
        /* Get the current entry and advance to the next one */
        CurEntry = CONTAINING_RECORD(ListEntry,
                                     LDR_DATA_TABLE_ENTRY,
                                     InLoadOrderLinks);
        ListEntry = ListEntry->Flink;

        /* Check if it's being unloaded */
        if (!CurEntry->InMemoryOrderLinks.Flink) continue;

        /* Check if name matches */
        if (RtlEqualUnicodeString(&FullDllName,
                                  &CurEntry->FullDllName,
                                  TRUE))
        {
            /* Found it */
            *LdrEntry = CurEntry;
            return TRUE;
        }
    }

    /* Convert given path to NT path */
    if (!RtlDosPathNameToNtPathName_U(FullDllName.Buffer,
                                      &NtPathName,
                                      NULL,
                                      NULL))
    {
        /* Fail if conversion failed */
        return FALSE;
    }

    /* Initialize object attributes and open it */
    InitializeObjectAttributes(&ObjectAttributes,
                               &NtPathName,
                               OBJ_CASE_INSENSITIVE,
                               NULL,
                               NULL);
    Status = NtOpenFile(&FileHandle,
                        SYNCHRONIZE | FILE_EXECUTE,
                        &ObjectAttributes,
                        &Iosb,
                        FILE_SHARE_READ | FILE_SHARE_DELETE,
                        FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT);

    /* Free NT path name */
    RtlFreeHeap(RtlGetProcessHeap(), 0, NtPathName.Buffer);

    /* If opening the file failed - return failure */
    if (!NT_SUCCESS(Status)) return FALSE;

    /* Create a section for this file */
    Status = NtCreateSection(&SectionHandle,
                             SECTION_MAP_READ |
                             SECTION_MAP_EXECUTE |
                             SECTION_MAP_WRITE,
                             NULL,
                             NULL,
                             PAGE_EXECUTE,
                             SEC_COMMIT,
                             FileHandle);

    /* Close file handle */
    NtClose(FileHandle);

    /* If creating section failed - return failure */
    if (!NT_SUCCESS(Status)) return FALSE;

    /* Map view of this section */
    Status = ZwMapViewOfSection(SectionHandle,
                                NtCurrentProcess(),
                                &ViewBase,
                                0,
                                0,
                                NULL,
                                &ViewSize,
                                ViewShare,
                                0,
                                PAGE_EXECUTE);

    /* Close section handle */
    NtClose(SectionHandle);

    /* If section mapping failed - return failure */
    if (!NT_SUCCESS(Status)) return FALSE;

    /* Get pointer to the NT header of this section */
    Status = RtlImageNtHeaderEx(0, ViewBase, ViewSize, &NtHeader);
    if (!(NT_SUCCESS(Status)) || !(NtHeader))
    {
        /* Unmap the section and fail */
        NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
        return FALSE;
    }

    /* Go through the list of modules again */
    ListHead = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
    ListEntry = ListHead->Flink;
    while (ListEntry != ListHead)
    {
        /* Get the current entry and advance to the next one */
        CurEntry = CONTAINING_RECORD(ListEntry,
                                     LDR_DATA_TABLE_ENTRY,
                                     InLoadOrderLinks);
        ListEntry = ListEntry->Flink;

        /* Check if it's in the process of being unloaded */
        if (!CurEntry->InMemoryOrderLinks.Flink) continue;

        /* The header is untrusted, use SEH */
        _SEH2_TRY
        {
            /* Check if timedate stamp and sizes match */
            if ((CurEntry->TimeDateStamp == NtHeader->FileHeader.TimeDateStamp) &&
                (CurEntry->SizeOfImage == NtHeader->OptionalHeader.SizeOfImage))
            {
                /* Time, date and size match. Let's compare their headers */
                NtHeader2 = RtlImageNtHeader(CurEntry->DllBase);
                if (RtlCompareMemory(NtHeader2, NtHeader, sizeof(IMAGE_NT_HEADERS)))
                {
                    /* Headers match too! Finally ask the kernel to compare mapped files */
                    Status = ZwAreMappedFilesTheSame(CurEntry->DllBase, ViewBase);
                    if (NT_SUCCESS(Status))
                    {
                        /* This is our entry!, unmap and return success */
                        *LdrEntry = CurEntry;
                        NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
                        _SEH2_YIELD(return TRUE;)
                    }
                }
            }
        }
        _SEH2_EXCEPT (EXCEPTION_EXECUTE_HANDLER)
        {
            _SEH2_YIELD(break;)
        }
        _SEH2_END;
    }

    /* Unmap the section and fail */
    NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
    return FALSE;
}

Referenced by LdrGetDllHandleEx(), LdrpLoadDll(), LdrpLoadImportModule(), and LdrpUpdateLoadCount3().

LdrpCheckForLoadedDllHandle()

BOOLEAN NTAPI LdrpCheckForLoadedDllHandle	(	IN PVOID	Base,
		OUT PLDR_DATA_TABLE_ENTRY *	LdrEntry
	)

Definition at line 1621 of file ldrutils.c.

{
    PLDR_DATA_TABLE_ENTRY Current;
    PLIST_ENTRY ListHead, Next;

    /* Check the cache first */
    if ((LdrpLoadedDllHandleCache) &&
        (LdrpLoadedDllHandleCache->DllBase == Base))
    {
        /* We got lucky, return the cached entry */
        *LdrEntry = LdrpLoadedDllHandleCache;
        return TRUE;
    }

    /* Time for a lookup */
    ListHead = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
    Next = ListHead->Flink;
    while (Next != ListHead)
    {
        /* Get the current entry */
        Current = CONTAINING_RECORD(Next,
                                    LDR_DATA_TABLE_ENTRY,
                                    InLoadOrderLinks);

        /* Make sure it's not unloading and check for a match */
        if ((Current->InMemoryOrderLinks.Flink) && (Base == Current->DllBase))
        {
            /* Save in cache */
            LdrpLoadedDllHandleCache = Current;

            /* Return it */
            *LdrEntry = Current;
            return TRUE;
        }

        /* Move to the next one */
        Next = Next->Flink;
    }

    /* Nothing found */
    return FALSE;
}

Referenced by LdrAddRefDll(), LdrDisableThreadCalloutsForDll(), LdrpGetProcedureAddress(), LdrpSnapThunk(), and LdrUnloadDll().

LdrpClearLoadInProgress()

ULONG NTAPI LdrpClearLoadInProgress

(

VOID

)

Definition at line 2663 of file ldrutils.c.

{
    PLIST_ENTRY ListHead, Entry;
    PLDR_DATA_TABLE_ENTRY LdrEntry;
    ULONG ModulesCount = 0;

    /* Traverse the init list */
    ListHead = &NtCurrentPeb()->Ldr->InInitializationOrderModuleList;
    Entry = ListHead->Flink;
    while (Entry != ListHead)
    {
        /* Get the loader entry */
        LdrEntry = CONTAINING_RECORD(Entry,
                                     LDR_DATA_TABLE_ENTRY,
                                     InInitializationOrderLinks);

        /* Clear load in progress flag */
        LdrEntry->Flags &= ~LDRP_LOAD_IN_PROGRESS;

        /* Check for modules with entry point count but not processed yet */
        if ((LdrEntry->EntryPoint) &&
            !(LdrEntry->Flags & LDRP_ENTRY_PROCESSED))
        {
            /* Increase counter */
            ModulesCount++;
        }

        /* Advance to the next entry */
        Entry = Entry->Flink;
    }

    /* Return final count */
    return ModulesCount;
}

Referenced by LdrAddRefDll(), LdrGetDllHandleEx(), LdrpLoadDll(), and LdrpRunInitializeRoutines().

LdrpEnsureLoaderLockIsHeld()

VOID NTAPI LdrpEnsureLoaderLockIsHeld

(

VOID

)

Definition at line 405 of file ldrinit.c.

{
    // Ignored atm
}

Referenced by LdrpCheckForKnownDll(), and LdrpRunInitializeRoutines().

LdrpFetchAddressOfEntryPoint()

PVOID NTAPI LdrpFetchAddressOfEntryPoint

(

PVOID

ImageBase

)

Referenced by AVrfpLoadAndInitializeProvider(), and LdrpInitializeProcess().

LdrpFinalizeAndDeallocateDataTableEntry()

VOID NTAPI LdrpFinalizeAndDeallocateDataTableEntry

(

IN PLDR_DATA_TABLE_ENTRY

Entry

)

Definition at line 1598 of file ldrutils.c.

{
    /* Sanity check */
    ASSERT(Entry != NULL);

    /* Release the activation context if it exists and wasn't already released */
    if ((Entry->EntryPointActivationContext) &&
        (Entry->EntryPointActivationContext != INVALID_HANDLE_VALUE))
    {
        /* Mark it as invalid */
        RtlReleaseActivationContext(Entry->EntryPointActivationContext);
        Entry->EntryPointActivationContext = INVALID_HANDLE_VALUE;
    }

    /* Release the full dll name string */
    if (Entry->FullDllName.Buffer) LdrpFreeUnicodeString(&Entry->FullDllName);

    /* Finally free the entry's memory */
    RtlFreeHeap(LdrpHeap, 0, Entry);
}

Referenced by LdrUnloadDll().

LdrpFreeTls()

VOID NTAPI LdrpFreeTls

(

VOID

)

Definition at line 1380 of file ldrinit.c.

{
    PLIST_ENTRY ListHead, NextEntry;
    PLDRP_TLS_DATA TlsData;
    PVOID *TlsVector;
    PTEB Teb = NtCurrentTeb();

    /* Get a pointer to the vector array */
    TlsVector = Teb->ThreadLocalStoragePointer;
    if (!TlsVector) return;

    /* Loop through it */
    ListHead = &LdrpTlsList;
    NextEntry = ListHead->Flink;
    while (NextEntry != ListHead)
    {
        TlsData = CONTAINING_RECORD(NextEntry, LDRP_TLS_DATA, TlsLinks);
        NextEntry = NextEntry->Flink;

        /* Free each entry */
        if (TlsVector[TlsData->TlsDirectory.Characteristics])
        {
            RtlFreeHeap(RtlGetProcessHeap(),
                        0,
                        TlsVector[TlsData->TlsDirectory.Characteristics]);
        }
    }

    /* Free the array itself */
    RtlFreeHeap(RtlGetProcessHeap(),
                0,
                TlsVector);
}

Referenced by LdrShutdownThread().

LdrpFreeUnicodeString()

VOID NTAPI LdrpFreeUnicodeString

(

PUNICODE_STRING

String

)

LdrpGetProcedureAddress()

NTSTATUS NTAPI LdrpGetProcedureAddress	(	IN PVOID	BaseAddress,
		IN PANSI_STRING	Name,
		IN ULONG	Ordinal,
		OUT PVOID *	ProcedureAddress,
		IN BOOLEAN	ExecuteInit
	)

Definition at line 2252 of file ldrutils.c.

{
    NTSTATUS Status = STATUS_SUCCESS;
    UCHAR ImportBuffer[64];
    PLDR_DATA_TABLE_ENTRY LdrEntry;
    IMAGE_THUNK_DATA Thunk;
    PVOID ImageBase;
    PIMAGE_IMPORT_BY_NAME ImportName = NULL;
    PIMAGE_EXPORT_DIRECTORY ExportDir;
    ULONG ExportDirSize, Length;
    PLIST_ENTRY Entry;

    /* Show debug message */
    if (ShowSnaps) DPRINT1("LDR: LdrGetProcedureAddress by ");

    /* Check if we got a name */
    if (Name)
    {
        /* Show debug message */
        if (ShowSnaps) DbgPrint("NAME - %s\n", Name->Buffer);

        /* Make sure it's not too long */
        Length = Name->Length +
                 sizeof(CHAR) +
                 FIELD_OFFSET(IMAGE_IMPORT_BY_NAME, Name);
        if (Length > UNICODE_STRING_MAX_BYTES)
        {
            /* Won't have enough space to add the hint */
            return STATUS_NAME_TOO_LONG;
        }

        /* Check if our buffer is large enough */
        if (Length > sizeof(ImportBuffer))
        {
            /* Allocate from heap, plus 2 bytes for the Hint */
            ImportName = RtlAllocateHeap(RtlGetProcessHeap(),
                                         0,
                                         Length);
        }
        else
        {
            /* Use our internal buffer */
            ImportName = (PIMAGE_IMPORT_BY_NAME)ImportBuffer;
        }

        /* Clear the hint */
        ImportName->Hint = 0;

        /* Copy the name and null-terminate it */
        RtlCopyMemory(ImportName->Name, Name->Buffer, Name->Length);
        ImportName->Name[Name->Length] = ANSI_NULL;

        /* Clear the high bit */
        ImageBase = ImportName;
        Thunk.u1.AddressOfData = 0;
    }
    else
    {
        /* Do it by ordinal */
        ImageBase = NULL;

        /* Show debug message */
        if (ShowSnaps) DbgPrint("ORDINAL - %lx\n", Ordinal);

        /* Make sure an ordinal was given */
        if (!Ordinal)
        {
            /* No ordinal */
            DPRINT1("No ordinal and no name\n");
            return STATUS_INVALID_PARAMETER;
        }

        /* Set the original flag in the thunk */
        Thunk.u1.Ordinal = Ordinal | IMAGE_ORDINAL_FLAG;
    }

    /* Acquire lock unless we are initting */
    if (!LdrpInLdrInit) RtlEnterCriticalSection(&LdrpLoaderLock);

    _SEH2_TRY
    {
        /* Try to find the loaded DLL */
        if (!LdrpCheckForLoadedDllHandle(BaseAddress, &LdrEntry))
        {
            /* Invalid base */
            DPRINT1("Invalid base address %p\n", BaseAddress);
            Status = STATUS_DLL_NOT_FOUND;
            _SEH2_YIELD(goto Quickie;)
        }

        /* Get the pointer to the export directory */
        ExportDir = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
                                                 TRUE,
                                                 IMAGE_DIRECTORY_ENTRY_EXPORT,
                                                 &ExportDirSize);

        if (!ExportDir)
        {
            DPRINT1("Image %wZ has no exports, but were trying to get procedure %Z. BaseAddress asked 0x%p, got entry BA 0x%p\n",
                    &LdrEntry->BaseDllName, Name, BaseAddress, LdrEntry->DllBase);
            Status = STATUS_PROCEDURE_NOT_FOUND;
            _SEH2_YIELD(goto Quickie;)
        }

        /* Now get the thunk */
        Status = LdrpSnapThunk(LdrEntry->DllBase,
                               ImageBase,
                               &Thunk,
                               &Thunk,
                               ExportDir,
                               ExportDirSize,
                               FALSE,
                               NULL);

        /* Finally, see if we're supposed to run the init routines */
        if ((NT_SUCCESS(Status)) && (ExecuteInit))
        {
            /*
            * It's possible a forwarded entry had us load the DLL. In that case,
            * then we will call its DllMain. Use the last loaded DLL for this.
            */
            Entry = NtCurrentPeb()->Ldr->InInitializationOrderModuleList.Blink;
            LdrEntry = CONTAINING_RECORD(Entry,
                                         LDR_DATA_TABLE_ENTRY,
                                         InInitializationOrderLinks);

            /* Make sure we didn't process it yet*/
            if (!(LdrEntry->Flags & LDRP_ENTRY_PROCESSED))
            {
                /* Call the init routine */
                _SEH2_TRY
                {
                    Status = LdrpRunInitializeRoutines(NULL);
                }
                _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                {
                    /* Get the exception code */
                    Status = _SEH2_GetExceptionCode();
                }
                _SEH2_END;
            }
        }

        /* Make sure we're OK till here */
        if (NT_SUCCESS(Status))
        {
            /* Return the address */
            *ProcedureAddress = (PVOID)Thunk.u1.Function;
        }
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        /* Just ignore exceptions */
    }
    _SEH2_END;

Quickie:
    /* Cleanup */
    if (ImportName && (ImportName != (PIMAGE_IMPORT_BY_NAME)ImportBuffer))
    {
        /* We allocated from heap, free it */
        RtlFreeHeap(RtlGetProcessHeap(), 0, ImportName);
    }

    /* Release the CS if we entered it */
    if (!LdrpInLdrInit) RtlLeaveCriticalSection(&LdrpLoaderLock);

    /* We're done */
    return Status;
}

Referenced by AvrfpResolveThunks(), LdrGetProcedureAddress(), LdrpGetShimEngineFunction(), and LdrpSnapThunk().

LdrpGetResidentSize()

ULONG LdrpGetResidentSize

(

PIMAGE_NT_HEADERS

NTHeaders

)

LdrpGetShimEngineInterface()

VOID NTAPI LdrpGetShimEngineInterface

(

VOID

)

LdrpInitFailure()

VOID NTAPI LdrpInitFailure

(

NTSTATUS

Status

)

Definition at line 2537 of file ldrinit.c.

{
    ULONG Response;
    PPEB Peb = NtCurrentPeb();

    /* Print a debug message */
    DPRINT1("LDR: Process initialization failure for %wZ; NTSTATUS = %08lx\n",
            &Peb->ProcessParameters->ImagePathName, Status);

    /* Raise a hard error */
    if (!LdrpFatalHardErrorCount)
    {
        ZwRaiseHardError(STATUS_APP_INIT_FAILURE, 1, 0, (PULONG_PTR)&Status, OptionOk, &Response);
    }
}

Referenced by LdrpInit(), and LdrpInitializeProcess().

LdrpInitializeApplicationVerifierPackage()

NTSTATUS NTAPI LdrpInitializeApplicationVerifierPackage	(	IN HANDLE	KeyHandle,
		IN PPEB	Peb,
		IN BOOLEAN	SystemWide,
		IN BOOLEAN	ReadAdvancedOptions
	)

Referenced by LdrpInitializeExecutionOptions().

LdrpInitializeProcess()

NTSTATUS NTAPI LdrpInitializeProcess	(	IN PCONTEXT	Context,
		IN PVOID	SystemArgument1
	)

Definition at line 1753 of file ldrinit.c.

{
    RTL_HEAP_PARAMETERS HeapParameters;
    ULONG ComSectionSize;
    ANSI_STRING BaseProcessInitPostImportName = RTL_CONSTANT_STRING("BaseProcessInitPostImport");
    ANSI_STRING BaseQueryModuleDataName = RTL_CONSTANT_STRING("BaseQueryModuleData");
    PVOID OldShimData;
    OBJECT_ATTRIBUTES ObjectAttributes;
    //UNICODE_STRING LocalFileName, FullImageName;
    HANDLE SymLinkHandle;
    //ULONG DebugHeapOnly;
    UNICODE_STRING CommandLine, NtSystemRoot, ImagePathName, FullPath, ImageFileName, KnownDllString;
    PPEB Peb = NtCurrentPeb();
    BOOLEAN IsDotNetImage = FALSE;
    BOOLEAN FreeCurDir = FALSE;
    //HANDLE CompatKey;
    PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
    //LPWSTR ImagePathBuffer;
    ULONG ConfigSize;
    UNICODE_STRING CurrentDirectory;
    HANDLE OptionsKey;
    ULONG HeapFlags;
    PIMAGE_NT_HEADERS NtHeader;
    LPWSTR NtDllName = NULL;
    NTSTATUS Status, ImportStatus;
    NLSTABLEINFO NlsTable;
    PIMAGE_LOAD_CONFIG_DIRECTORY LoadConfig;
    PTEB Teb = NtCurrentTeb();
    PLIST_ENTRY ListHead;
    PLIST_ENTRY NextEntry;
    ULONG i;
    PWSTR ImagePath;
    ULONG DebugProcessHeapOnly = 0;
    PLDR_DATA_TABLE_ENTRY NtLdrEntry;
    PWCHAR Current;
    ULONG ExecuteOptions = 0;
    PVOID ViewBase;

    /* Set a NULL SEH Filter */
    RtlSetUnhandledExceptionFilter(NULL);

    /* Get the image path */
    ImagePath = Peb->ProcessParameters->ImagePathName.Buffer;

    /* Check if it's not normalized */
    if (!(Peb->ProcessParameters->Flags & RTL_USER_PROCESS_PARAMETERS_NORMALIZED))
    {
        /* Normalize it*/
        ImagePath = (PWSTR)((ULONG_PTR)ImagePath + (ULONG_PTR)Peb->ProcessParameters);
    }

    /* Create a unicode string for the Image Path */
    ImagePathName.Length = Peb->ProcessParameters->ImagePathName.Length;
    ImagePathName.MaximumLength = ImagePathName.Length + sizeof(WCHAR);
    ImagePathName.Buffer = ImagePath;

    /* Get the NT Headers */
    NtHeader = RtlImageNtHeader(Peb->ImageBaseAddress);

    /* Get the execution options */
    Status = LdrpInitializeExecutionOptions(&ImagePathName, Peb, &OptionsKey);

    /* Check if this is a .NET executable */
    if (RtlImageDirectoryEntryToData(Peb->ImageBaseAddress,
                                     TRUE,
                                     IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR,
                                     &ComSectionSize))
    {
        /* Remember this for later */
        IsDotNetImage = TRUE;
    }

    /* Save the NTDLL Base address */
    NtDllBase = SystemArgument1;

    /* If this is a Native Image */
    if (NtHeader->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_NATIVE)
    {
        /* Then do DLL Validation */
        LdrpDllValidation = TRUE;
    }

    /* Save the old Shim Data */
    OldShimData = Peb->pShimData;

    /* ReactOS specific: do not clear it. (Windows starts doing the same in later versions) */
    //Peb->pShimData = NULL;

    /* Save the number of processors and CS Timeout */
    LdrpNumberOfProcessors = Peb->NumberOfProcessors;
    RtlpTimeout = Peb->CriticalSectionTimeout;

    /* Normalize the parameters */
    ProcessParameters = RtlNormalizeProcessParams(Peb->ProcessParameters);
    if (ProcessParameters)
    {
        /* Save the Image and Command Line Names */
        ImageFileName = ProcessParameters->ImagePathName;
        CommandLine = ProcessParameters->CommandLine;
    }
    else
    {
        /* It failed, initialize empty strings */
        RtlInitUnicodeString(&ImageFileName, NULL);
        RtlInitUnicodeString(&CommandLine, NULL);
    }

    /* Initialize NLS data */
    RtlInitNlsTables(Peb->AnsiCodePageData,
                     Peb->OemCodePageData,
                     Peb->UnicodeCaseTableData,
                     &NlsTable);

    /* Reset NLS Translations */
    RtlResetRtlTranslations(&NlsTable);

    /* Get the Image Config Directory */
    LoadConfig = RtlImageDirectoryEntryToData(Peb->ImageBaseAddress,
                                              TRUE,
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG,
                                              &ConfigSize);

    /* Setup the Heap Parameters */
    RtlZeroMemory(&HeapParameters, sizeof(HeapParameters));
    HeapFlags = HEAP_GROWABLE;
    HeapParameters.Length = sizeof(HeapParameters);

    /* Check if we have Configuration Data */
#define VALID_CONFIG_FIELD(Name) (ConfigSize >= (FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY, Name) + sizeof(LoadConfig->Name)))
    /* The 'original' load config ends after SecurityCookie */
    if ((LoadConfig) && ConfigSize && (VALID_CONFIG_FIELD(SecurityCookie) || ConfigSize == LoadConfig->Size))
    {
        if (ConfigSize != sizeof(IMAGE_LOAD_CONFIG_DIRECTORY))
            DPRINT1("WARN: Accepting different LOAD_CONFIG size!\n");
        else
            DPRINT1("Applying LOAD_CONFIG\n");

        if (VALID_CONFIG_FIELD(GlobalFlagsSet) && LoadConfig->GlobalFlagsSet)
            Peb->NtGlobalFlag |= LoadConfig->GlobalFlagsSet;

        if (VALID_CONFIG_FIELD(GlobalFlagsClear) && LoadConfig->GlobalFlagsClear)
            Peb->NtGlobalFlag &= ~LoadConfig->GlobalFlagsClear;

        if (VALID_CONFIG_FIELD(CriticalSectionDefaultTimeout) && LoadConfig->CriticalSectionDefaultTimeout)
            RtlpTimeout.QuadPart = Int32x32To64(LoadConfig->CriticalSectionDefaultTimeout, -10000000);

        if (VALID_CONFIG_FIELD(DeCommitFreeBlockThreshold) && LoadConfig->DeCommitFreeBlockThreshold)
            HeapParameters.DeCommitFreeBlockThreshold = LoadConfig->DeCommitFreeBlockThreshold;

        if (VALID_CONFIG_FIELD(DeCommitTotalFreeThreshold) && LoadConfig->DeCommitTotalFreeThreshold)
            HeapParameters.DeCommitTotalFreeThreshold = LoadConfig->DeCommitTotalFreeThreshold;

        if (VALID_CONFIG_FIELD(MaximumAllocationSize) && LoadConfig->MaximumAllocationSize)
            HeapParameters.MaximumAllocationSize = LoadConfig->MaximumAllocationSize;

        if (VALID_CONFIG_FIELD(VirtualMemoryThreshold) && LoadConfig->VirtualMemoryThreshold)
            HeapParameters.VirtualMemoryThreshold = LoadConfig->VirtualMemoryThreshold;

        if (VALID_CONFIG_FIELD(ProcessHeapFlags) && LoadConfig->ProcessHeapFlags)
            HeapFlags = LoadConfig->ProcessHeapFlags;
    }
#undef VALID_CONFIG_FIELD

    /* Check for custom affinity mask */
    if (Peb->ImageProcessAffinityMask)
    {
        /* Set it */
        Status = NtSetInformationProcess(NtCurrentProcess(),
                                         ProcessAffinityMask,
                                         &Peb->ImageProcessAffinityMask,
                                         sizeof(Peb->ImageProcessAffinityMask));
    }

    /* Check if verbose debugging (ShowSnaps) was requested */
    ShowSnaps = Peb->NtGlobalFlag & FLG_SHOW_LDR_SNAPS;

    /* Start verbose debugging messages right now if they were requested */
    if (ShowSnaps)
    {
        DPRINT1("LDR: PID: 0x%p started - '%wZ'\n",
                Teb->ClientId.UniqueProcess,
                &CommandLine);
    }

    /* If the timeout is too long */
    if (RtlpTimeout.QuadPart < Int32x32To64(3600, -10000000))
    {
        /* Then disable CS Timeout */
        RtlpTimeoutDisable = TRUE;
    }

    /* Initialize Critical Section Data */
    RtlpInitDeferedCriticalSection();

    /* Initialize VEH Call lists */
    RtlpInitializeVectoredExceptionHandling();

    /* Set TLS/FLS Bitmap data */
    Peb->FlsBitmap = &FlsBitMap;
    Peb->TlsBitmap = &TlsBitMap;
    Peb->TlsExpansionBitmap = &TlsExpansionBitMap;

    /* Initialize FLS Bitmap */
    RtlInitializeBitMap(&FlsBitMap,
                        Peb->FlsBitmapBits,
                        FLS_MAXIMUM_AVAILABLE);
    RtlSetBit(&FlsBitMap, 0);
    InitializeListHead(&Peb->FlsListHead);

    /* Initialize TLS Bitmap */
    RtlInitializeBitMap(&TlsBitMap,
                        Peb->TlsBitmapBits,
                        TLS_MINIMUM_AVAILABLE);
    RtlSetBit(&TlsBitMap, 0);
    RtlInitializeBitMap(&TlsExpansionBitMap,
                        Peb->TlsExpansionBitmapBits,
                        TLS_EXPANSION_SLOTS);
    RtlSetBit(&TlsExpansionBitMap, 0);

    /* Initialize the Hash Table */
    for (i = 0; i < LDR_HASH_TABLE_ENTRIES; i++)
    {
        InitializeListHead(&LdrpHashTable[i]);
    }

    /* Initialize the Loader Lock */
    // FIXME: What's the point of initing it manually, if two lines lower
    //        a call to RtlInitializeCriticalSection() is being made anyway?
    //InsertTailList(&RtlCriticalSectionList, &LdrpLoaderLock.DebugInfo->ProcessLocksList);
    //LdrpLoaderLock.DebugInfo->CriticalSection = &LdrpLoaderLock;
    RtlInitializeCriticalSection(&LdrpLoaderLock);
    LdrpLoaderLockInit = TRUE;

    /* Check if User Stack Trace Database support was requested */
    if (Peb->NtGlobalFlag & FLG_USER_STACK_TRACE_DB)
    {
        DPRINT1("We don't support user stack trace databases yet\n");
    }

    /* Setup Fast PEB Lock */
    RtlInitializeCriticalSection(&FastPebLock);
    Peb->FastPebLock = &FastPebLock;
    //Peb->FastPebLockRoutine = (PPEBLOCKROUTINE)RtlEnterCriticalSection;
    //Peb->FastPebUnlockRoutine = (PPEBLOCKROUTINE)RtlLeaveCriticalSection;

    /* Setup Callout Lock and Notification list */
    //RtlInitializeCriticalSection(&RtlpCalloutEntryLock);
    InitializeListHead(&LdrpDllNotificationList);

    /* For old executables, use 16-byte aligned heap */
    if ((NtHeader->OptionalHeader.MajorSubsystemVersion <= 3) &&
        (NtHeader->OptionalHeader.MinorSubsystemVersion < 51))
    {
        HeapFlags |= HEAP_CREATE_ALIGN_16;
    }

    /* Setup the Heap */
    RtlInitializeHeapManager();
    Peb->ProcessHeap = RtlCreateHeap(HeapFlags,
                                     NULL,
                                     NtHeader->OptionalHeader.SizeOfHeapReserve,
                                     NtHeader->OptionalHeader.SizeOfHeapCommit,
                                     NULL,
                                     &HeapParameters);

    if (!Peb->ProcessHeap)
    {
        DPRINT1("Failed to create process heap\n");
        return STATUS_NO_MEMORY;
    }

    /* Allocate an Activation Context Stack */
    Status = RtlAllocateActivationContextStack(&Teb->ActivationContextStackPointer);
    if (!NT_SUCCESS(Status)) return Status;

    RtlZeroMemory(&HeapParameters, sizeof(HeapParameters));
    HeapFlags = HEAP_GROWABLE | HEAP_CLASS_1;
    HeapParameters.Length = sizeof(HeapParameters);
    LdrpHeap = RtlCreateHeap(HeapFlags, 0, 0x10000, 0x6000, 0, &HeapParameters);
    if (!LdrpHeap)
    {
        DPRINT1("Failed to create loader private heap\n");
        return STATUS_NO_MEMORY;
    }

    /* Check for Debug Heap */
    if (OptionsKey)
    {
        /* Query the setting */
        Status = LdrQueryImageFileKeyOption(OptionsKey,
                                            L"DebugProcessHeapOnly",
                                            REG_DWORD,
                                            &DebugProcessHeapOnly,
                                            sizeof(ULONG),
                                            NULL);

        if (NT_SUCCESS(Status))
        {
            /* Reset DPH if requested */
            if (RtlpPageHeapEnabled && DebugProcessHeapOnly)
            {
                RtlpDphGlobalFlags &= ~DPH_FLAG_DLL_NOTIFY;
                RtlpPageHeapEnabled = FALSE;
            }
        }
    }

    /* Build the NTDLL Path */
    FullPath.Buffer = StringBuffer;
    FullPath.Length = 0;
    FullPath.MaximumLength = sizeof(StringBuffer);
    RtlInitUnicodeString(&NtSystemRoot, SharedUserData->NtSystemRoot);
    RtlAppendUnicodeStringToString(&FullPath, &NtSystemRoot);
    RtlAppendUnicodeToString(&FullPath, L"\\System32\\");

    /* Open the Known DLLs directory */
    RtlInitUnicodeString(&KnownDllString, L"\\KnownDlls");
    InitializeObjectAttributes(&ObjectAttributes,
                               &KnownDllString,
                               OBJ_CASE_INSENSITIVE,
                               NULL,
                               NULL);
    Status = ZwOpenDirectoryObject(&LdrpKnownDllObjectDirectory,
                                   DIRECTORY_QUERY | DIRECTORY_TRAVERSE,
                                   &ObjectAttributes);

    /* Check if it exists */
    if (NT_SUCCESS(Status))
    {
        /* Open the Known DLLs Path */
        RtlInitUnicodeString(&KnownDllString, L"KnownDllPath");
        InitializeObjectAttributes(&ObjectAttributes,
                                   &KnownDllString,
                                   OBJ_CASE_INSENSITIVE,
                                   LdrpKnownDllObjectDirectory,
                                   NULL);
        Status = NtOpenSymbolicLinkObject(&SymLinkHandle,
                                          SYMBOLIC_LINK_QUERY,
                                          &ObjectAttributes);
        if (NT_SUCCESS(Status))
        {
            /* Query the path */
            LdrpKnownDllPath.Length = 0;
            LdrpKnownDllPath.MaximumLength = sizeof(LdrpKnownDllPathBuffer);
            LdrpKnownDllPath.Buffer = LdrpKnownDllPathBuffer;
            Status = ZwQuerySymbolicLinkObject(SymLinkHandle, &LdrpKnownDllPath, NULL);
            NtClose(SymLinkHandle);
            if (!NT_SUCCESS(Status))
            {
                DPRINT1("LDR: %s - failed call to ZwQuerySymbolicLinkObject with status %x\n", "", Status);
                return Status;
            }
        }
    }

    /* Check if we failed */
    if (!NT_SUCCESS(Status))
    {
        /* Assume System32 */
        LdrpKnownDllObjectDirectory = NULL;
        RtlInitUnicodeString(&LdrpKnownDllPath, StringBuffer);
        LdrpKnownDllPath.Length -= sizeof(WCHAR);
    }

    /* If we have process parameters, get the default path and current path */
    if (ProcessParameters)
    {
        /* Check if we have a Dll Path */
        if (ProcessParameters->DllPath.Length)
        {
            /* Get the path */
            LdrpDefaultPath = *(PUNICODE_STRING)&ProcessParameters->DllPath;
        }
        else
        {
            /* We need a valid path */
            DPRINT1("No valid DllPath was given!\n");
            LdrpInitFailure(STATUS_INVALID_PARAMETER);
        }

        /* Set the current directory */
        CurrentDirectory = ProcessParameters->CurrentDirectory.DosPath;

        /* Check if it's empty or invalid */
        if ((!CurrentDirectory.Buffer) ||
            (CurrentDirectory.Buffer[0] == UNICODE_NULL) ||
            (!CurrentDirectory.Length))
        {
            /* Allocate space for the buffer */
            CurrentDirectory.Buffer = RtlAllocateHeap(Peb->ProcessHeap,
                                                      0,
                                                      3 * sizeof(WCHAR) +
                                                      sizeof(UNICODE_NULL));
            if (!CurrentDirectory.Buffer)
            {
                DPRINT1("LDR: LdrpInitializeProcess - unable to allocate current working directory buffer\n");
                // FIXME: And what?
            }

            /* Copy the drive of the system root */
            RtlMoveMemory(CurrentDirectory.Buffer,
                          SharedUserData->NtSystemRoot,
                          3 * sizeof(WCHAR));
            CurrentDirectory.Buffer[3] = UNICODE_NULL;
            CurrentDirectory.Length = 3 * sizeof(WCHAR);
            CurrentDirectory.MaximumLength = CurrentDirectory.Length + sizeof(WCHAR);

            FreeCurDir = TRUE;
            DPRINT("Using dynamically allocd curdir\n");
        }
        else
        {
            /* Use the local buffer */
            DPRINT("Using local system root\n");
        }
    }

    /* Setup Loader Data */
    Peb->Ldr = &PebLdr;
    InitializeListHead(&PebLdr.InLoadOrderModuleList);
    InitializeListHead(&PebLdr.InMemoryOrderModuleList);
    InitializeListHead(&PebLdr.InInitializationOrderModuleList);
    PebLdr.Length = sizeof(PEB_LDR_DATA);
    PebLdr.Initialized = TRUE;

    /* Allocate a data entry for the Image */
    LdrpImageEntry = LdrpAllocateDataTableEntry(Peb->ImageBaseAddress);

    /* Set it up */
    LdrpImageEntry->EntryPoint = LdrpFetchAddressOfEntryPoint(LdrpImageEntry->DllBase);
    LdrpImageEntry->LoadCount = -1;
    LdrpImageEntry->EntryPointActivationContext = 0;
    LdrpImageEntry->FullDllName = ImageFileName;

    if (IsDotNetImage)
        LdrpImageEntry->Flags = LDRP_COR_IMAGE;
    else
        LdrpImageEntry->Flags = 0;

    /* Check if the name is empty */
    if (!ImageFileName.Buffer[0])
    {
        /* Use the same Base name */
        LdrpImageEntry->BaseDllName = LdrpImageEntry->FullDllName;
    }
    else
    {
        /* Find the last slash */
        Current = ImageFileName.Buffer;
        while (*Current)
        {
            if (*Current++ == '\\')
            {
                /* Set this path */
                NtDllName = Current;
            }
        }

        /* Did we find anything? */
        if (!NtDllName)
        {
            /* Use the same Base name */
            LdrpImageEntry->BaseDllName = LdrpImageEntry->FullDllName;
        }
        else
        {
            /* Setup the name */
            LdrpImageEntry->BaseDllName.Length = (USHORT)((ULONG_PTR)ImageFileName.Buffer + ImageFileName.Length - (ULONG_PTR)NtDllName);
            LdrpImageEntry->BaseDllName.MaximumLength = LdrpImageEntry->BaseDllName.Length + sizeof(WCHAR);
            LdrpImageEntry->BaseDllName.Buffer = (PWSTR)((ULONG_PTR)ImageFileName.Buffer +
                                                     (ImageFileName.Length - LdrpImageEntry->BaseDllName.Length));
        }
    }

    /* Processing done, insert it */
    LdrpInsertMemoryTableEntry(LdrpImageEntry);
    LdrpImageEntry->Flags |= LDRP_ENTRY_PROCESSED;

    /* Now add an entry for NTDLL */
    NtLdrEntry = LdrpAllocateDataTableEntry(SystemArgument1);
    NtLdrEntry->Flags = LDRP_IMAGE_DLL;
    NtLdrEntry->EntryPoint = LdrpFetchAddressOfEntryPoint(NtLdrEntry->DllBase);
    NtLdrEntry->LoadCount = -1;
    NtLdrEntry->EntryPointActivationContext = 0;

    NtLdrEntry->FullDllName.Length = FullPath.Length;
    NtLdrEntry->FullDllName.MaximumLength = FullPath.MaximumLength;
    NtLdrEntry->FullDllName.Buffer = StringBuffer;
    RtlAppendUnicodeStringToString(&NtLdrEntry->FullDllName, &NtDllString);

    NtLdrEntry->BaseDllName.Length = NtDllString.Length;
    NtLdrEntry->BaseDllName.MaximumLength = NtDllString.MaximumLength;
    NtLdrEntry->BaseDllName.Buffer = NtDllString.Buffer;

    /* Processing done, insert it */
    LdrpNtDllDataTableEntry = NtLdrEntry;
    LdrpInsertMemoryTableEntry(NtLdrEntry);

    /* Let the world know */
    if (ShowSnaps)
    {
        DPRINT1("LDR: NEW PROCESS\n");
        DPRINT1("     Image Path: %wZ (%wZ)\n", &LdrpImageEntry->FullDllName, &LdrpImageEntry->BaseDllName);
        DPRINT1("     Current Directory: %wZ\n", &CurrentDirectory);
        DPRINT1("     Search Path: %wZ\n", &LdrpDefaultPath);
    }

    /* Link the Init Order List */
    InsertHeadList(&Peb->Ldr->InInitializationOrderModuleList,
                   &LdrpNtDllDataTableEntry->InInitializationOrderLinks);

    /* Initialize Wine's active context implementation for the current process */
    actctx_init(&OldShimData);

    /* Set the current directory */
    Status = RtlSetCurrentDirectory_U(&CurrentDirectory);
    if (!NT_SUCCESS(Status))
    {
        /* We failed, check if we should free it */
        if (FreeCurDir) RtlFreeUnicodeString(&CurrentDirectory);

        /* Set it to the NT Root */
        CurrentDirectory = NtSystemRoot;
        RtlSetCurrentDirectory_U(&CurrentDirectory);
    }
    else
    {
        /* We're done with it, free it */
        if (FreeCurDir) RtlFreeUnicodeString(&CurrentDirectory);
    }

    /* Check if we should look for a .local file */
    if (ProcessParameters && !(ProcessParameters->Flags & RTL_USER_PROCESS_PARAMETERS_LOCAL_DLL_PATH))
    {
        LdrpInitializeDotLocalSupport(ProcessParameters);
    }

    /* Check if the Application Verifier was enabled */
    if (Peb->NtGlobalFlag & FLG_APPLICATION_VERIFIER)
    {
        Status = AVrfInitializeVerifier();
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("LDR: AVrfInitializeVerifier failed (ntstatus 0x%x)\n", Status);
            return Status;
        }

    }

    if (IsDotNetImage)
    {
        /* FIXME */
        DPRINT1("We don't support .NET applications yet\n");
    }

    if (NtHeader->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_GUI ||
        NtHeader->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI)
    {
        PVOID Kernel32BaseAddress;
        PVOID FunctionAddress;

        Status = LdrLoadDll(NULL, NULL, &Kernel32String, &Kernel32BaseAddress);

        if (!NT_SUCCESS(Status))
        {
            if (ShowSnaps)
                DPRINT1("LDR: Unable to load %wZ, Status=0x%08lx\n", &Kernel32String, Status);
            return Status;
        }

        Status = LdrGetProcedureAddress(Kernel32BaseAddress,
                                        &BaseProcessInitPostImportName,
                                        0,
                                        &FunctionAddress);

        if (!NT_SUCCESS(Status))
        {
            if (ShowSnaps)
                DPRINT1("LDR: Unable to find post-import process init function, Status=0x%08lx\n", &Kernel32String, Status);
            return Status;
        }
        Kernel32ProcessInitPostImportFunction = FunctionAddress;

        Status = LdrGetProcedureAddress(Kernel32BaseAddress,
                                        &BaseQueryModuleDataName,
                                        0,
                                        &FunctionAddress);

        if (!NT_SUCCESS(Status))
        {
            if (ShowSnaps)
                DPRINT1("LDR: Unable to find BaseQueryModuleData, Status=0x%08lx\n", &Kernel32String, Status);
            return Status;
        }
        Kernel32BaseQueryModuleData = FunctionAddress;
    }

    /* Walk the IAT and load all the DLLs */
    ImportStatus = LdrpWalkImportDescriptor(LdrpDefaultPath.Buffer, LdrpImageEntry);

    /* Check if relocation is needed */
    if (Peb->ImageBaseAddress != (PVOID)NtHeader->OptionalHeader.ImageBase)
    {
        DPRINT1("LDR: Performing EXE relocation\n");

        /* Change the protection to prepare for relocation */
        ViewBase = Peb->ImageBaseAddress;
        Status = LdrpSetProtection(ViewBase, FALSE);
        if (!NT_SUCCESS(Status)) return Status;

        /* Do the relocation */
        Status = LdrRelocateImageWithBias(ViewBase,
                                          0LL,
                                          NULL,
                                          STATUS_SUCCESS,
                                          STATUS_CONFLICTING_ADDRESSES,
                                          STATUS_INVALID_IMAGE_FORMAT);
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("LdrRelocateImageWithBias() failed\n");
            return Status;
        }

        /* Check if a start context was provided */
        if (Context)
        {
            DPRINT1("WARNING: Relocated EXE Context");
            UNIMPLEMENTED; // We should support this
            return STATUS_INVALID_IMAGE_FORMAT;
        }

        /* Restore the protection */
        Status = LdrpSetProtection(ViewBase, TRUE);
        if (!NT_SUCCESS(Status)) return Status;
    }

    /* Lock the DLLs */
    ListHead = &Peb->Ldr->InLoadOrderModuleList;
    NextEntry = ListHead->Flink;
    while (ListHead != NextEntry)
    {
        NtLdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
        NtLdrEntry->LoadCount = -1;
        NextEntry = NextEntry->Flink;
    }

    /* Phase 0 is done */
    LdrpLdrDatabaseIsSetup = TRUE;

    /* Check whether all static imports were properly loaded and return here */
    if (!NT_SUCCESS(ImportStatus)) return ImportStatus;

    /* Initialize TLS */
    Status = LdrpInitializeTls();
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("LDR: LdrpProcessInitialization failed to initialize TLS slots; status %x\n",
                Status);
        return Status;
    }

    /* FIXME Mark the DLL Ranges for Stack Traces later */

    /* Notify the debugger now */
    if (Peb->BeingDebugged)
    {
        /* Break */
        DbgBreakPoint();

        /* Update show snaps again */
        ShowSnaps = Peb->NtGlobalFlag & FLG_SHOW_LDR_SNAPS;
    }

    /* Validate the Image for MP Usage */
    if (LdrpNumberOfProcessors > 1) LdrpValidateImageForMp(LdrpImageEntry);

    /* Check NX options and set them */
    if (SharedUserData->NXSupportPolicy == NX_SUPPORT_POLICY_ALWAYSON)
    {
        ExecuteOptions = MEM_EXECUTE_OPTION_DISABLE |
                         MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION |
                         MEM_EXECUTE_OPTION_PERMANENT;
    }
    else if (SharedUserData->NXSupportPolicy == NX_SUPPORT_POLICY_ALWAYSOFF)
    {
        ExecuteOptions = MEM_EXECUTE_OPTION_ENABLE | MEM_EXECUTE_OPTION_PERMANENT;
    }
    Status = NtSetInformationProcess(NtCurrentProcess(),
                                     ProcessExecuteFlags,
                                     &ExecuteOptions,
                                     sizeof(ExecuteOptions));
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("LDR: Could not set process execute flags 0x%x; status %x\n",
                ExecuteOptions, Status);
    }

    // FIXME: Should be done by Application Compatibility features,
    // by reading the registry, etc...
    // For now, this is the old code from ntdll!RtlGetVersion().
    RtlInitEmptyUnicodeString(&Peb->CSDVersion, NULL, 0);
    if (((Peb->OSCSDVersion >> 8) & 0xFF) != 0)
    {
        WCHAR szCSDVersion[128];
        LONG i;
        USHORT Length = (USHORT)ARRAYSIZE(szCSDVersion) - 1;
        i = _snwprintf(szCSDVersion, Length,
                       L"Service Pack %d",
                       ((Peb->OSCSDVersion >> 8) & 0xFF));
        if (i < 0)
        {
            /* Null-terminate if it was overflowed */
            szCSDVersion[Length] = UNICODE_NULL;
        }

        Length *= sizeof(WCHAR);
        Peb->CSDVersion.Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
                                                 0,
                                                 Length + sizeof(UNICODE_NULL));
        if (Peb->CSDVersion.Buffer)
        {
            Peb->CSDVersion.Length = Length;
            Peb->CSDVersion.MaximumLength = Length + sizeof(UNICODE_NULL);

            RtlCopyMemory(Peb->CSDVersion.Buffer,
                          szCSDVersion,
                          Peb->CSDVersion.MaximumLength);
            Peb->CSDVersion.Buffer[Peb->CSDVersion.Length / sizeof(WCHAR)] = UNICODE_NULL;
        }
    }

    /* Check if we had Shim Data */
    if (OldShimData)
    {
        /* Load the Shim Engine */
        Peb->AppCompatInfo = NULL;
        LdrpLoadShimEngine(OldShimData, &ImagePathName, OldShimData);
    }
    else
    {
        /* Check for Application Compatibility Goo */
        //LdrQueryApplicationCompatibilityGoo(hKey);
        DPRINT("Querying app compat hacks is missing!\n");
    }

    /*
     * FIXME: Check for special images, SecuROM, SafeDisc and other NX-
     * incompatible images.
     */

    /* Now call the Init Routines */
    Status = LdrpRunInitializeRoutines(Context);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("LDR: LdrpProcessInitialization failed running initialization routines; status %x\n",
                Status);
        return Status;
    }

    /* Notify Shim Engine */
    if (g_ShimsEnabled)
    {
        VOID(NTAPI *SE_InstallAfterInit)(PUNICODE_STRING, PVOID);
        SE_InstallAfterInit = RtlDecodeSystemPointer(g_pfnSE_InstallAfterInit);
        SE_InstallAfterInit(&ImagePathName, OldShimData);
    }

    /* Check if we have a user-defined Post Process Routine */
    if (NT_SUCCESS(Status) && Peb->PostProcessInitRoutine)
    {
        /* Call it */
        Peb->PostProcessInitRoutine();
    }

    /* Close the key if we have one opened */
    if (OptionsKey) NtClose(OptionsKey);

    /* Return status */
    return Status;
}

Referenced by LdrpInit().

LdrpInitializeThread()

VOID NTAPI LdrpInitializeThread

(

IN PCONTEXT

Context

)

Definition at line 502 of file ldrinit.c.

{
    PPEB Peb = NtCurrentPeb();
    PLDR_DATA_TABLE_ENTRY LdrEntry;
    PLIST_ENTRY NextEntry, ListHead;
    RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
    NTSTATUS Status;
    PVOID EntryPoint;

    DPRINT("LdrpInitializeThread() called for %wZ (%p/%p)\n",
            &LdrpImageEntry->BaseDllName,
            NtCurrentTeb()->RealClientId.UniqueProcess,
            NtCurrentTeb()->RealClientId.UniqueThread);

    /* Allocate an Activation Context Stack */
    DPRINT("ActivationContextStack %p\n", NtCurrentTeb()->ActivationContextStackPointer);
    Status = RtlAllocateActivationContextStack(&NtCurrentTeb()->ActivationContextStackPointer);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Warning: Unable to allocate ActivationContextStack\n");
    }

    /* Make sure we are not shutting down */
    if (LdrpShutdownInProgress) return;

    /* Allocate TLS */
    LdrpAllocateTls();

    /* Start at the beginning */
    ListHead = &Peb->Ldr->InMemoryOrderModuleList;
    NextEntry = ListHead->Flink;
    while (NextEntry != ListHead)
    {
        /* Get the current entry */
        LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks);

        /* Make sure it's not ourselves */
        if (Peb->ImageBaseAddress != LdrEntry->DllBase)
        {
            /* Check if we should call */
            if (!(LdrEntry->Flags & LDRP_DONT_CALL_FOR_THREADS))
            {
                /* Get the entrypoint */
                EntryPoint = LdrEntry->EntryPoint;

                /* Check if we are ready to call it */
                if ((EntryPoint) &&
                    (LdrEntry->Flags & LDRP_PROCESS_ATTACH_CALLED) &&
                    (LdrEntry->Flags & LDRP_IMAGE_DLL))
                {
                    /* Set up the Act Ctx */
                    ActCtx.Size = sizeof(ActCtx);
                    ActCtx.Format = 1;
                    RtlZeroMemory(&ActCtx.Frame, sizeof(RTL_ACTIVATION_CONTEXT_STACK_FRAME));

                    /* Activate the ActCtx */
                    RtlActivateActivationContextUnsafeFast(&ActCtx,
                                                           LdrEntry->EntryPointActivationContext);

                    _SEH2_TRY
                    {
                        /* Check if it has TLS */
                        if (LdrEntry->TlsIndex)
                        {
                            /* Make sure we're not shutting down */
                            if (!LdrpShutdownInProgress)
                            {
                                /* Call TLS */
                                LdrpCallTlsInitializers(LdrEntry, DLL_THREAD_ATTACH);
                            }
                        }

                        /* Make sure we're not shutting down */
                        if (!LdrpShutdownInProgress)
                        {
                            /* Call the Entrypoint */
                            DPRINT("%wZ - Calling entry point at %p for thread attaching, %p/%p\n",
                                   &LdrEntry->BaseDllName, LdrEntry->EntryPoint,
                                   NtCurrentTeb()->RealClientId.UniqueProcess,
                                   NtCurrentTeb()->RealClientId.UniqueThread);
                            LdrpCallInitRoutine(LdrEntry->EntryPoint,
                                                LdrEntry->DllBase,
                                                DLL_THREAD_ATTACH,
                                                NULL);
                        }
                    }
                    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                    {
                        DPRINT1("WARNING: Exception 0x%x during LdrpCallInitRoutine(DLL_THREAD_ATTACH) for %wZ\n",
                                _SEH2_GetExceptionCode(), &LdrEntry->BaseDllName);
                    }
                    _SEH2_END;

                    /* Deactivate the ActCtx */
                    RtlDeactivateActivationContextUnsafeFast(&ActCtx);
                }
            }
        }

        /* Next entry */
        NextEntry = NextEntry->Flink;
    }

    /* Check for TLS */
    if (LdrpImageHasTls && !LdrpShutdownInProgress)
    {
        /* Set up the Act Ctx */
        ActCtx.Size = sizeof(ActCtx);
        ActCtx.Format = 1;
        RtlZeroMemory(&ActCtx.Frame, sizeof(RTL_ACTIVATION_CONTEXT_STACK_FRAME));

        /* Activate the ActCtx */
        RtlActivateActivationContextUnsafeFast(&ActCtx,
                                               LdrpImageEntry->EntryPointActivationContext);

        _SEH2_TRY
        {
            /* Do TLS callbacks */
            LdrpCallTlsInitializers(LdrpImageEntry, DLL_THREAD_ATTACH);
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Do nothing */
        }
        _SEH2_END;

        /* Deactivate the ActCtx */
        RtlDeactivateActivationContextUnsafeFast(&ActCtx);
    }

    DPRINT("LdrpInitializeThread() done\n");
}

Referenced by LdrpInit().

LdrpInitializeTls()

NTSTATUS NTAPI LdrpInitializeTls

(

VOID

)

Definition at line 1254 of file ldrinit.c.

{
    PLIST_ENTRY NextEntry, ListHead;
    PLDR_DATA_TABLE_ENTRY LdrEntry;
    PIMAGE_TLS_DIRECTORY TlsDirectory;
    PLDRP_TLS_DATA TlsData;
    ULONG Size;

    /* Initialize the TLS List */
    InitializeListHead(&LdrpTlsList);

    /* Loop all the modules */
    ListHead = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
    NextEntry = ListHead->Flink;
    while (ListHead != NextEntry)
    {
        /* Get the entry */
        LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
        NextEntry = NextEntry->Flink;

        /* Get the TLS directory */
        TlsDirectory = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
                                                    TRUE,
                                                    IMAGE_DIRECTORY_ENTRY_TLS,
                                                    &Size);

        /* Check if we have a directory */
        if (!TlsDirectory) continue;

        /* Check if the image has TLS */
        if (!LdrpImageHasTls) LdrpImageHasTls = TRUE;

        /* Show debug message */
        if (ShowSnaps)
        {
            DPRINT1("LDR: Tls Found in %wZ at %p\n",
                    &LdrEntry->BaseDllName,
                    TlsDirectory);
        }

        /* Allocate an entry */
        TlsData = RtlAllocateHeap(RtlGetProcessHeap(), 0, sizeof(LDRP_TLS_DATA));
        if (!TlsData) return STATUS_NO_MEMORY;

        /* Lock the DLL and mark it for TLS Usage */
        LdrEntry->LoadCount = -1;
        LdrEntry->TlsIndex = -1;

        /* Save the cached TLS data */
        TlsData->TlsDirectory = *TlsDirectory;
        InsertTailList(&LdrpTlsList, &TlsData->TlsLinks);

        /* Update the index */
        *(PLONG)TlsData->TlsDirectory.AddressOfIndex = LdrpNumberOfTlsEntries;
        TlsData->TlsDirectory.Characteristics = LdrpNumberOfTlsEntries++;
    }

    /* Done setting up TLS, allocate entries */
    return LdrpAllocateTls();
}

Referenced by LdrpInitializeProcess().

LdrpInsertMemoryTableEntry()

VOID NTAPI LdrpInsertMemoryTableEntry

(

IN PLDR_DATA_TABLE_ENTRY

LdrEntry

)

Definition at line 1582 of file ldrutils.c.

{
    PPEB_LDR_DATA PebData = NtCurrentPeb()->Ldr;
    ULONG i;

    /* Insert into hash table */
    i = LDR_GET_HASH_ENTRY(LdrEntry->BaseDllName.Buffer[0]);
    InsertTailList(&LdrpHashTable[i], &LdrEntry->HashLinks);

    /* Insert into other lists */
    InsertTailList(&PebData->InLoadOrderModuleList, &LdrEntry->InLoadOrderLinks);
    InsertTailList(&PebData->InMemoryOrderModuleList, &LdrEntry->InMemoryOrderLinks);
}

Referenced by LdrpInitializeProcess(), and LdrpMapDll().

LdrpLoadDll()

NTSTATUS NTAPI LdrpLoadDll	(	IN BOOLEAN	Redirected,
		IN PWSTR DllPath	OPTIONAL,
		IN PULONG DllCharacteristics	OPTIONAL,
		IN PUNICODE_STRING	DllName,
		OUT PVOID *	BaseAddress,
		IN BOOLEAN	CallInit
	)

Definition at line 2429 of file ldrutils.c.

{
    PPEB Peb = NtCurrentPeb();
    NTSTATUS Status = STATUS_SUCCESS;
    const WCHAR *p;
    BOOLEAN GotExtension;
    WCHAR c;
    WCHAR NameBuffer[MAX_PATH + 6];
    UNICODE_STRING RawDllName;
    PLDR_DATA_TABLE_ENTRY LdrEntry;
    BOOLEAN InInit = LdrpInLdrInit;

    /* Save the Raw DLL Name */
    if (DllName->Length >= sizeof(NameBuffer)) return STATUS_NAME_TOO_LONG;
    RtlInitEmptyUnicodeString(&RawDllName, NameBuffer, sizeof(NameBuffer));
    RtlCopyUnicodeString(&RawDllName, DllName);

    /* Find the extension, if present */
    p = DllName->Buffer + DllName->Length / sizeof(WCHAR) - 1;
    GotExtension = FALSE;
    while (p >= DllName->Buffer)
    {
        c = *p--;
        if (c == L'.')
        {
            GotExtension = TRUE;
            break;
        }
        else if (c == L'\\')
        {
            break;
        }
    }

    /* If no extension was found, add the default extension */
    if (!GotExtension)
    {
        /* Check that we have space to add one */
        if ((DllName->Length + LdrApiDefaultExtension.Length + sizeof(UNICODE_NULL)) >=
            sizeof(NameBuffer))
        {
            /* No space to add the extension */
            DbgPrintEx(DPFLTR_LDR_ID,
                       DPFLTR_ERROR_LEVEL,
                       "LDR: %s - Dll name missing extension; with extension "
                       "added the name is too long\n"
                       "   DllName: (@ %p) \"%wZ\"\n"
                       "   DllName->Length: %u\n",
                       __FUNCTION__,
                       DllName,
                       DllName,
                       DllName->Length);
            return STATUS_NAME_TOO_LONG;
        }

        /* Add it. Needs to be null terminated, thus the length check above */
        (VOID)RtlAppendUnicodeStringToString(&RawDllName,
                                             &LdrApiDefaultExtension);
    }

    /* Check for init flag and acquire lock */
    if (!InInit) RtlEnterCriticalSection(&LdrpLoaderLock);

    _SEH2_TRY
    {
        /* Show debug message */
        if (ShowSnaps)
        {
            DPRINT1("LDR: LdrLoadDll, loading %wZ from %ws\n",
                     &RawDllName,
                     DllPath ? DllPath : L"");
        }

        /* Check if the DLL is already loaded */
        if (!LdrpCheckForLoadedDll(DllPath,
                                   &RawDllName,
                                   FALSE,
                                   Redirected,
                                   &LdrEntry))
        {
            /* Map it */
            Status = LdrpMapDll(DllPath,
                                DllPath,
                                NameBuffer,
                                DllCharacteristics,
                                FALSE,
                                Redirected,
                                &LdrEntry);
            if (!NT_SUCCESS(Status))
                _SEH2_LEAVE;

            /* FIXME: Need to mark the DLL range for the stack DB */
            //RtlpStkMarkDllRange(LdrEntry);

            /* Check if IMAGE_FILE_EXECUTABLE_IMAGE was provided */
            if ((DllCharacteristics) &&
                (*DllCharacteristics & IMAGE_FILE_EXECUTABLE_IMAGE))
            {
                /* This is not a DLL, so remove such data */
                LdrEntry->EntryPoint = NULL;
                LdrEntry->Flags &= ~LDRP_IMAGE_DLL;
            }

            /* Make sure it's a DLL */
            if (LdrEntry->Flags & LDRP_IMAGE_DLL)
            {
                /* Check if this is a .NET Image */
                if (!(LdrEntry->Flags & LDRP_COR_IMAGE))
                {
                    /* Walk the Import Descriptor */
                    Status = LdrpWalkImportDescriptor(DllPath, LdrEntry);
                }

                /* Update load count, unless it's locked */
                if (LdrEntry->LoadCount != 0xFFFF) LdrEntry->LoadCount++;
                LdrpUpdateLoadCount2(LdrEntry, LDRP_UPDATE_REFCOUNT);

                /* Check if we failed */
                if (!NT_SUCCESS(Status))
                {
                    /* Clear entrypoint, and insert into list */
                    LdrEntry->EntryPoint = NULL;
                    InsertTailList(&Peb->Ldr->InInitializationOrderModuleList,
                                   &LdrEntry->InInitializationOrderLinks);

                    /* Cancel the load */
                    LdrpClearLoadInProgress();

                    /* Unload the DLL */
                    if (ShowSnaps)
                    {
                        DbgPrint("LDR: Unloading %wZ due to error %x walking "
                                 "import descriptors\n",
                                 DllName,
                                 Status);
                    }
                    LdrUnloadDll(LdrEntry->DllBase);

                    /* Return the error */
                    _SEH2_LEAVE;
                }
            }
            else if (LdrEntry->LoadCount != 0xFFFF)
            {
                /* Increase load count */
                LdrEntry->LoadCount++;
            }

            /* Insert it into the list */
            InsertTailList(&Peb->Ldr->InInitializationOrderModuleList,
                           &LdrEntry->InInitializationOrderLinks);

            /* If we have to run the entrypoint, make sure the DB is ready */
            if (CallInit && LdrpLdrDatabaseIsSetup)
            {
                /* Notify Shim Engine */
                if (g_ShimsEnabled)
                {
                    VOID (NTAPI* SE_DllLoaded)(PLDR_DATA_TABLE_ENTRY) = RtlDecodeSystemPointer(g_pfnSE_DllLoaded);
                    SE_DllLoaded(LdrEntry);
                }

                /* Run the init routine */
                Status = LdrpRunInitializeRoutines(NULL);
                if (!NT_SUCCESS(Status))
                {
                    /* Failed, unload the DLL */
                    if (ShowSnaps)
                    {
                        DbgPrint("LDR: Unloading %wZ because either its init "
                                 "routine or one of its static imports failed; "
                                 "status = 0x%08lx\n",
                                 DllName,
                                 Status);
                    }
                    LdrUnloadDll(LdrEntry->DllBase);
                }
            }
            else
            {
                /* The DB isn't ready, which means we were loaded because of a forwarder */
                Status = STATUS_SUCCESS;
            }
        }
        else
        {
            /* We were already loaded. Are we a DLL? */
            if ((LdrEntry->Flags & LDRP_IMAGE_DLL) && (LdrEntry->LoadCount != 0xFFFF))
            {
                /* Increase load count */
                LdrEntry->LoadCount++;
                LdrpUpdateLoadCount2(LdrEntry, LDRP_UPDATE_REFCOUNT);

                /* Clear the load in progress */
                LdrpClearLoadInProgress();
            }
            else
            {
                /* Not a DLL, just increase the load count */
                if (LdrEntry->LoadCount != 0xFFFF) LdrEntry->LoadCount++;
            }
        }

    }
    _SEH2_FINALLY
    {
        /* Release the lock */
        if (!InInit) RtlLeaveCriticalSection(&LdrpLoaderLock);
    }
    _SEH2_END;

    /* Check for success */
    if (NT_SUCCESS(Status))
    {
        /* Return the base address */
        *BaseAddress = LdrEntry->DllBase;
    }
    else
    {
        /* Nothing found */
        *BaseAddress = NULL;
    }

    /* Return status */
    return Status;
}

Referenced by LdrLoadDll(), LdrpLoadShimEngine(), and LdrpSnapThunk().

LdrpLoadImportModule()

NTSTATUS NTAPI LdrpLoadImportModule	(	IN PWSTR DllPath	OPTIONAL,
		IN LPSTR	ImportName,
		OUT PLDR_DATA_TABLE_ENTRY *	DataTableEntry,
		OUT PBOOLEAN	Existing
	)

Definition at line 808 of file ldrpe.c.

{
    ANSI_STRING AnsiString;
    PUNICODE_STRING ImpDescName;
    const WCHAR *p;
    BOOLEAN GotExtension;
    WCHAR c;
    NTSTATUS Status;
    PPEB Peb = RtlGetCurrentPeb();
    PTEB Teb = NtCurrentTeb();
    UNICODE_STRING RedirectedImpDescName;
    BOOLEAN RedirectedDll;

    DPRINT("LdrpLoadImportModule('%S' '%s' %p %p)\n", DllPath, ImportName, DataTableEntry, Existing);

    RedirectedDll = FALSE;
    RtlInitEmptyUnicodeString(&RedirectedImpDescName, NULL, 0);

    /* Convert import descriptor name to unicode string */
    ImpDescName = &Teb->StaticUnicodeString;
    RtlInitAnsiString(&AnsiString, ImportName);
    Status = RtlAnsiStringToUnicodeString(ImpDescName, &AnsiString, FALSE);
    if (!NT_SUCCESS(Status)) return Status;

    /* Find the extension, if present */
    p = ImpDescName->Buffer + ImpDescName->Length / sizeof(WCHAR) - 1;
    GotExtension = FALSE;
    while (p >= ImpDescName->Buffer)
    {
        c = *p--;
        if (c == L'.')
        {
            GotExtension = TRUE;
            break;
        }
        else if (c == L'\\')
        {
            break;
        }
    }

    /* If no extension was found, add the default extension */
    if (!GotExtension)
    {
        /* Check that we have space to add one */
        if ((ImpDescName->Length + LdrApiDefaultExtension.Length + sizeof(UNICODE_NULL)) >=
            sizeof(Teb->StaticUnicodeBuffer))
        {
            /* No space to add the extension */
            DbgPrintEx(DPFLTR_LDR_ID,
                       DPFLTR_ERROR_LEVEL,
                       "LDR: %s - Dll name missing extension; with extension "
                       "added the name is too long\n"
                       "   ImpDescName: (@ %p) \"%wZ\"\n"
                       "   ImpDescName->Length: %u\n",
                       __FUNCTION__,
                       ImpDescName,
                       ImpDescName,
                       ImpDescName->Length);
            return STATUS_NAME_TOO_LONG;
        }

        /* Add it. Needs to be null terminated, thus the length check above */
        (VOID)RtlAppendUnicodeStringToString(ImpDescName,
                                             &LdrApiDefaultExtension);
    }

    /* Check if the SxS Assemblies specify another file */
    Status = RtlDosApplyFileIsolationRedirection_Ustr(TRUE,
                                                      ImpDescName,
                                                      &LdrApiDefaultExtension,
                                                      NULL,
                                                      &RedirectedImpDescName,
                                                      &ImpDescName,
                                                      NULL,
                                                      NULL,
                                                      NULL);

    /* Check success */
    if (NT_SUCCESS(Status))
    {
        /* Let Ldrp know */
        RedirectedDll = TRUE;
    }
    else if (Status != STATUS_SXS_KEY_NOT_FOUND)
    {
        /* Unrecoverable SxS failure */
        DPRINT1("LDR: RtlDosApplyFileIsolationRedirection_Ustr failed  with status %x for dll %wZ\n", Status, ImpDescName);
        goto done;
    }

    /* Check if it's loaded */
    if (LdrpCheckForLoadedDll(DllPath,
                              ImpDescName,
                              TRUE,
                              RedirectedDll,
                              DataTableEntry))
    {
        /* It's already existing in the list */
        *Existing = TRUE;
        Status = STATUS_SUCCESS;
        goto done;
    }

    /* We're loading it for the first time */
    *Existing = FALSE;

    /* Map it */
    Status = LdrpMapDll(DllPath,
                        NULL,
                        ImpDescName->Buffer,
                        NULL,
                        TRUE,
                        RedirectedDll,
                        DataTableEntry);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("LDR: LdrpMapDll failed  with status %x for dll %wZ\n", Status, ImpDescName);
        goto done;
    }

    /* Walk its import descriptor table */
    Status = LdrpWalkImportDescriptor(DllPath,
                                      *DataTableEntry);
    if (!NT_SUCCESS(Status))
    {
        /* Add it to the in-init-order list in case of failure */
        InsertTailList(&Peb->Ldr->InInitializationOrderModuleList,
                       &(*DataTableEntry)->InInitializationOrderLinks);
    }

done:
    RtlFreeUnicodeString(&RedirectedImpDescName);

    return Status;
}

Referenced by LdrpHandleOneNewFormatImportDescriptor(), and LdrpHandleOneOldFormatImportDescriptor().

LdrpLoadShimEngine()

VOID NTAPI LdrpLoadShimEngine	(	IN PWSTR	ImageName,
		IN PUNICODE_STRING	ProcessImage,
		IN PVOID	pShimData
	)

Definition at line 2771 of file ldrutils.c.

{
    UNICODE_STRING ShimLibraryName;
    PVOID ShimLibrary;
    NTSTATUS Status;
    RtlInitUnicodeString(&ShimLibraryName, ImageName);
    /* We should NOT pass CallInit = TRUE!
       If we do this, other init routines will be called before we get a chance to shim stuff.. */
    Status = LdrpLoadDll(FALSE, NULL, NULL, &ShimLibraryName, &ShimLibrary, FALSE);
    if (NT_SUCCESS(Status))
    {
        g_pShimEngineModule = ShimLibrary;
        LdrpRunShimEngineInitRoutine(DLL_PROCESS_ATTACH);
        LdrpGetShimEngineInterface();
        if (g_ShimsEnabled)
        {
            VOID(NTAPI *SE_InstallBeforeInit)(PUNICODE_STRING, PVOID);
            SE_InstallBeforeInit = RtlDecodeSystemPointer(g_pfnSE_InstallBeforeInit);
            SE_InstallBeforeInit(ProcessImage, pShimData);
        }
    }
}

Referenced by LdrpInitializeProcess().

LdrpMapDll()

NTSTATUS NTAPI LdrpMapDll	(	IN PWSTR SearchPath	OPTIONAL,
		IN PWSTR	DllPath2,
		IN PWSTR DllName	OPTIONAL,
		IN PULONG	DllCharacteristics,
		IN BOOLEAN	Static,
		IN BOOLEAN	Redirect,
		OUT PLDR_DATA_TABLE_ENTRY *	DataTableEntry
	)

Definition at line 1023 of file ldrutils.c.

{
    PTEB Teb = NtCurrentTeb();
    PPEB Peb = NtCurrentPeb();
    PWCHAR p1 = DllName;
    WCHAR TempChar;
    BOOLEAN KnownDll = FALSE;
    UNICODE_STRING FullDllName, BaseDllName;
    HANDLE SectionHandle = NULL, DllHandle = 0;
    UNICODE_STRING NtPathDllName;
    ULONG_PTR HardErrorParameters[2];
    UNICODE_STRING HardErrorDllName, HardErrorDllPath;
    ULONG Response;
    SIZE_T ViewSize = 0;
    PVOID ViewBase = NULL;
    PVOID ArbitraryUserPointer;
    PIMAGE_NT_HEADERS NtHeaders;
    NTSTATUS HardErrorStatus, Status;
    BOOLEAN OverlapDllFound = FALSE;
    ULONG_PTR ImageBase, ImageEnd;
    PLIST_ENTRY ListHead, NextEntry;
    PLDR_DATA_TABLE_ENTRY CandidateEntry, LdrEntry;
    ULONG_PTR CandidateBase, CandidateEnd;
    UNICODE_STRING OverlapDll;
    BOOLEAN RelocatableDll = TRUE;
    UNICODE_STRING IllegalDll;
    PVOID RelocData;
    ULONG RelocDataSize = 0;

    // FIXME: AppCompat stuff is missing

    if (ShowSnaps)
    {
        DPRINT1("LDR: LdrpMapDll: Image Name %ws, Search Path %ws\n",
                DllName,
                SearchPath ? SearchPath : L"");
    }

    /* Check if we have a known dll directory */
    if (LdrpKnownDllObjectDirectory && Redirect == FALSE)
    {
        /* Check if the path is full */
        while (*p1)
        {
            TempChar = *p1++;
            if (TempChar == '\\' || TempChar == '/' )
            {
                /* Complete path, don't do Known Dll lookup */
                goto SkipCheck;
            }
        }

        /* Try to find a Known DLL */
        Status = LdrpCheckForKnownDll(DllName,
                                      &FullDllName,
                                      &BaseDllName,
                                      &SectionHandle);

        if (!NT_SUCCESS(Status) && (Status != STATUS_DLL_NOT_FOUND))
        {
            /* Failure */
            DbgPrintEx(DPFLTR_LDR_ID,
                       DPFLTR_ERROR_LEVEL,
                       "LDR: %s - call to LdrpCheckForKnownDll(\"%ws\", ...) failed with status %x\n",
                        __FUNCTION__,
                        DllName,
                        Status);

            return Status;
        }
    }

SkipCheck:

    /* Check if the Known DLL Check returned something */
    if (!SectionHandle)
    {
        /* It didn't, so try to resolve the name now */
        if (LdrpResolveDllName(SearchPath,
                               DllName,
                               &FullDllName,
                               &BaseDllName))
        {
            /* Got a name, display a message */
            if (ShowSnaps)
            {
                DPRINT1("LDR: Loading (%s) %wZ\n",
                        Static ? "STATIC" : "DYNAMIC",
                        &FullDllName);
            }

            /* Convert to NT Name */
            if (!RtlDosPathNameToNtPathName_U(FullDllName.Buffer,
                                              &NtPathDllName,
                                              NULL,
                                              NULL))
            {
                /* Path was invalid */
                return STATUS_OBJECT_PATH_SYNTAX_BAD;
            }

            /* Create a section for this dLL */
            Status = LdrpCreateDllSection(&NtPathDllName,
                                          DllHandle,
                                          DllCharacteristics,
                                          &SectionHandle);

            /* Free the NT Name */
            RtlFreeHeap(RtlGetProcessHeap(), 0, NtPathDllName.Buffer);

            /* If we failed */
            if (!NT_SUCCESS(Status))
            {
                /* Free the name strings and return */
                LdrpFreeUnicodeString(&FullDllName);
                LdrpFreeUnicodeString(&BaseDllName);
                return Status;
            }
        }
        else
        {
            /* We couldn't resolve the name, is this a static load? */
            if (Static)
            {
                /*
                 * This is BAD! Static loads are CRITICAL. Bugcheck!
                 * Initialize the strings for the error
                 */
                RtlInitUnicodeString(&HardErrorDllName, DllName);
                RtlInitUnicodeString(&HardErrorDllPath,
                                     DllPath2 ? DllPath2 : LdrpDefaultPath.Buffer);

                /* Set them as error parameters */
                HardErrorParameters[0] = (ULONG_PTR)&HardErrorDllName;
                HardErrorParameters[1] = (ULONG_PTR)&HardErrorDllPath;

                /* Raise the hard error */
                NtRaiseHardError(STATUS_DLL_NOT_FOUND,
                                 2,
                                 0x00000003,
                                 HardErrorParameters,
                                 OptionOk,
                                 &Response);

                /* We're back, where we initializing? */
                if (LdrpInLdrInit) LdrpFatalHardErrorCount++;
            }

            /* Return failure */
            return STATUS_DLL_NOT_FOUND;
        }
    }
    else
    {
        /* We have a section handle, so this is a known dll */
        KnownDll = TRUE;
    }

    /* Stuff the image name in the TIB, for the debugger */
    ArbitraryUserPointer = Teb->NtTib.ArbitraryUserPointer;
    Teb->NtTib.ArbitraryUserPointer = FullDllName.Buffer;

    /* Map the DLL */
    ViewBase = NULL;
    ViewSize = 0;
    Status = NtMapViewOfSection(SectionHandle,
                                NtCurrentProcess(),
                                &ViewBase,
                                0,
                                0,
                                NULL,
                                &ViewSize,
                                ViewShare,
                                0,
                                PAGE_READWRITE);

    /* Restore */
    Teb->NtTib.ArbitraryUserPointer = ArbitraryUserPointer;

    /* Fail if we couldn't map it */
    if (!NT_SUCCESS(Status))
    {
        /* Close and return */
        NtClose(SectionHandle);
        return Status;
    }

    /* Get the NT Header */
    if (!(NtHeaders = RtlImageNtHeader(ViewBase)))
    {
        /* Invalid image, unmap, close handle and fail */
        NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
        NtClose(SectionHandle);
        return STATUS_INVALID_IMAGE_FORMAT;
    }

    // FIXME: .NET support is missing

    /* Allocate an entry */
    if (!(LdrEntry = LdrpAllocateDataTableEntry(ViewBase)))
    {
        /* Invalid image, unmap, close handle and fail */
        NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
        NtClose(SectionHandle);
        return STATUS_NO_MEMORY;
    }

    /* Setup the entry */
    LdrEntry->Flags = Static ? LDRP_STATIC_LINK : 0;
    if (Redirect) LdrEntry->Flags |= LDRP_REDIRECTED;
    LdrEntry->LoadCount = 0;
    LdrEntry->FullDllName = FullDllName;
    LdrEntry->BaseDllName = BaseDllName;
    LdrEntry->EntryPoint = LdrpFetchAddressOfEntryPoint(LdrEntry->DllBase);

    /* Show debug message */
    if (ShowSnaps)
    {
        DPRINT1("LDR: LdrpMapDll: Full Name %wZ, Base Name %wZ\n",
                &FullDllName,
                &BaseDllName);
    }

    /* Insert this entry */
    LdrpInsertMemoryTableEntry(LdrEntry);

    // LdrpSendDllNotifications(LdrEntry, TRUE, Status == STATUS_IMAGE_NOT_AT_BASE)

    /* Check for invalid CPU Image */
    if (Status == STATUS_IMAGE_MACHINE_TYPE_MISMATCH)
    {
        /* Load our header */
        PIMAGE_NT_HEADERS ImageNtHeader = RtlImageNtHeader(Peb->ImageBaseAddress);

        /* Assume defaults if we don't have to run the Hard Error path */
        HardErrorStatus = STATUS_SUCCESS;
        Response = ResponseCancel;

        /* Are we an NT 3.0 image? [Do these still exist? LOL -- IAI] */
        if (ImageNtHeader->OptionalHeader.MajorSubsystemVersion <= 3)
        {
            /* Reset the entrypoint, save our Dll Name */
            LdrEntry->EntryPoint = 0;
            HardErrorParameters[0] = (ULONG_PTR)&FullDllName;

            /* Raise the error */
            HardErrorStatus = ZwRaiseHardError(STATUS_IMAGE_MACHINE_TYPE_MISMATCH,
                                               1,
                                               1,
                                               HardErrorParameters,
                                               OptionOkCancel,
                                               &Response);
        }

        /* Check if the user pressed cancel */
        if (NT_SUCCESS(HardErrorStatus) && Response == ResponseCancel)
        {
            /* Remove the DLL from the lists */
            RemoveEntryList(&LdrEntry->InLoadOrderLinks);
            RemoveEntryList(&LdrEntry->InMemoryOrderLinks);
            RemoveEntryList(&LdrEntry->HashLinks);

            /* Remove the LDR Entry */
            RtlFreeHeap(LdrpHeap, 0, LdrEntry );

            /* Unmap and close section */
            NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
            NtClose(SectionHandle);

            /* Did we do a hard error? */
            if (ImageNtHeader->OptionalHeader.MajorSubsystemVersion <= 3)
            {
                /* Yup, so increase fatal error count if we are initializing */
                if (LdrpInLdrInit) LdrpFatalHardErrorCount++;
            }

            /* Return failure */
            return STATUS_INVALID_IMAGE_FORMAT;
        }
    }
    else
    {
        /* The image was valid. Is it a DLL? */
        if (NtHeaders->FileHeader.Characteristics & IMAGE_FILE_DLL)
        {
            /* Set the DLL Flag */
            LdrEntry->Flags |= LDRP_IMAGE_DLL;
        }

        /* If we're not a DLL, clear the entrypoint */
        if (!(LdrEntry->Flags & LDRP_IMAGE_DLL))
        {
            LdrEntry->EntryPoint = 0;
        }
    }

    /* Return it for the caller */
    *DataTableEntry = LdrEntry;

    /* Check if we loaded somewhere else */
    if (Status == STATUS_IMAGE_NOT_AT_BASE)
    {
        /* Write the flag */
        LdrEntry->Flags |= LDRP_IMAGE_NOT_AT_BASE;

        /* Find our region */
        ImageBase = (ULONG_PTR)NtHeaders->OptionalHeader.ImageBase;
        ImageEnd = ImageBase + ViewSize;

        DPRINT("LDR: LdrpMapDll Relocating Image Name %ws (%p-%p -> %p)\n", DllName, (PVOID)ImageBase, (PVOID)ImageEnd, ViewBase);

        /* Scan all the modules */
        ListHead = &Peb->Ldr->InLoadOrderModuleList;
        NextEntry = ListHead->Flink;
        while (NextEntry != ListHead)
        {
            /* Get the entry */
            CandidateEntry = CONTAINING_RECORD(NextEntry,
                                               LDR_DATA_TABLE_ENTRY,
                                               InLoadOrderLinks);
            NextEntry = NextEntry->Flink;

            /* Get the entry's bounds */
            CandidateBase = (ULONG_PTR)CandidateEntry->DllBase;
            CandidateEnd = CandidateBase + CandidateEntry->SizeOfImage;

            /* Make sure this entry isn't unloading */
            if (!CandidateEntry->InMemoryOrderLinks.Flink) continue;

            /* Check if our regions are colliding */
            if ((ImageBase >= CandidateBase && ImageBase <= CandidateEnd) ||
                (ImageEnd >= CandidateBase && ImageEnd <= CandidateEnd) ||
                (CandidateBase >= ImageBase && CandidateBase <= ImageEnd))
            {
                /* Found who is overlapping */
                OverlapDllFound = TRUE;
                OverlapDll = CandidateEntry->FullDllName;
                break;
            }
        }

        /* Check if we found the DLL overlapping with us */
        if (!OverlapDllFound)
        {
            /* It's not another DLL, it's memory already here */
            RtlInitUnicodeString(&OverlapDll, L"Dynamically Allocated Memory");
        }

        DPRINT("Overlapping DLL: %wZ\n", &OverlapDll);

        /* Are we dealing with a DLL? */
        if (LdrEntry->Flags & LDRP_IMAGE_DLL)
        {
            /* Check if relocs were stripped */
            if (!(NtHeaders->FileHeader.Characteristics & IMAGE_FILE_RELOCS_STRIPPED))
            {
                /* Get the relocation data */
                RelocData = RtlImageDirectoryEntryToData(ViewBase,
                                                         TRUE,
                                                         IMAGE_DIRECTORY_ENTRY_BASERELOC,
                                                         &RelocDataSize);

                /* Does the DLL not have any? */
                if (!RelocData && !RelocDataSize)
                {
                    /* We'll allow this and simply continue */
                    goto NoRelocNeeded;
                }
            }

            /* See if this is an Illegal DLL - IE: user32 and kernel32 */
            RtlInitUnicodeString(&IllegalDll,L"user32.dll");
            if (RtlEqualUnicodeString(&BaseDllName, &IllegalDll, TRUE))
            {
                /* Can't relocate user32 */
                RelocatableDll = FALSE;
            }
            else
            {
                RtlInitUnicodeString(&IllegalDll, L"kernel32.dll");
                if (RtlEqualUnicodeString(&BaseDllName, &IllegalDll, TRUE))
                {
                    /* Can't relocate kernel32 */
                    RelocatableDll = FALSE;
                }
            }

            /* Known DLLs are not allowed to be relocated */
            if (KnownDll && !RelocatableDll)
            {
                /* Setup for hard error */
                HardErrorParameters[0] = (ULONG_PTR)&IllegalDll;
                HardErrorParameters[1] = (ULONG_PTR)&OverlapDll;

                DPRINT1("Illegal DLL relocation! %wZ overlaps %wZ\n", &OverlapDll, &IllegalDll);

                /* Raise the error */
                ZwRaiseHardError(STATUS_ILLEGAL_DLL_RELOCATION,
                                 2,
                                 3,
                                 HardErrorParameters,
                                 OptionOk,
                                 &Response);

                /* If initializing, increase the error count */
                if (LdrpInLdrInit) LdrpFatalHardErrorCount++;

                /* Don't do relocation */
                Status = STATUS_CONFLICTING_ADDRESSES;
                goto FailRelocate;
            }

            /* Change the protection to prepare for relocation */
            Status = LdrpSetProtection(ViewBase, FALSE);

            /* Make sure we changed the protection */
            if (NT_SUCCESS(Status))
            {
                /* Do the relocation */
                Status = LdrRelocateImageWithBias(ViewBase, 0LL, NULL, STATUS_SUCCESS,
                    STATUS_CONFLICTING_ADDRESSES, STATUS_INVALID_IMAGE_FORMAT);

                if (NT_SUCCESS(Status))
                {
                    /* Stuff the image name in the TIB, for the debugger */
                    ArbitraryUserPointer = Teb->NtTib.ArbitraryUserPointer;
                    Teb->NtTib.ArbitraryUserPointer = FullDllName.Buffer;
#if 0
                    /* Map the DLL */
                    Status = NtMapViewOfSection(SectionHandle,
                                                NtCurrentProcess(),
                                                &ViewBase,
                                                0,
                                                0,
                                                NULL,
                                                &ViewSize,
                                                ViewShare,
                                                0,
                                                PAGE_READWRITE);
#endif
                    /* Restore */
                    Teb->NtTib.ArbitraryUserPointer = ArbitraryUserPointer;

                    /* Return the protection */
                    Status = LdrpSetProtection(ViewBase, TRUE);
                }
            }
FailRelocate:
            /* Handle any kind of failure */
            if (!NT_SUCCESS(Status))
            {
                /* Remove it from the lists */
                RemoveEntryList(&LdrEntry->InLoadOrderLinks);
                RemoveEntryList(&LdrEntry->InMemoryOrderLinks);
                RemoveEntryList(&LdrEntry->HashLinks);

                /* Unmap it, clear the entry */
                NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
                LdrEntry = NULL;
            }

            /* Show debug message */
            if (ShowSnaps)
            {
                DPRINT1("LDR: Fixups %successfully re-applied @ %p\n",
                        NT_SUCCESS(Status) ? "s" : "uns", ViewBase);
            }
        }
        else
        {
NoRelocNeeded:
            /* Not a DLL, or no relocation needed */
            Status = STATUS_SUCCESS;

            /* Stuff the image name in the TIB, for the debugger */
            ArbitraryUserPointer = Teb->NtTib.ArbitraryUserPointer;
            Teb->NtTib.ArbitraryUserPointer = FullDllName.Buffer;
#if 0
            /* Map the DLL */
            Status = NtMapViewOfSection(SectionHandle,
                                        NtCurrentProcess(),
                                        &ViewBase,
                                        0,
                                        0,
                                        NULL,
                                        &ViewSize,
                                        ViewShare,
                                        0,
                                        PAGE_READWRITE);
#endif
            /* Restore */
            Teb->NtTib.ArbitraryUserPointer = ArbitraryUserPointer;

            /* Show debug message */
            if (ShowSnaps)
            {
                DPRINT1("LDR: Fixups won't be re-applied to non-Dll @ %p\n", ViewBase);
            }
        }
    }

    // FIXME: LdrpCheckCorImage() is missing

    /* Check if this is an SMP Machine and a DLL */
    if ((LdrpNumberOfProcessors > 1) &&
        (LdrEntry && (LdrEntry->Flags & LDRP_IMAGE_DLL)))
    {
        /* Validate the image for MP */
        LdrpValidateImageForMp(LdrEntry);
    }

    // FIXME: LdrpCorUnloadImage() is missing

    /* Close section and return status */
    NtClose(SectionHandle);
    return Status;
}