ReactOS 0.4.16-dev-979-g79f281e
Classes | Macros | Typedefs | Functions | Variables
ntdllp.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  _LDRP_TLS_DATA
 

Macros

#define LDR_HASH_TABLE_ENTRIES   32
 
#define LDR_GET_HASH_ENTRY(x)   (RtlUpcaseUnicodeChar((x)) & (LDR_HASH_TABLE_ENTRIES - 1))
 
#define LDRP_UPDATE_REFCOUNT   0x01
 
#define LDRP_UPDATE_DEREFCOUNT   0x02
 
#define LDRP_UPDATE_PIN   0x03
 
#define IMAGE_LOADER_FLAGS_COMPLUS   0x00000001
 
#define IMAGE_LOADER_FLAGS_SYSTEM_GLOBAL   0x01000000
 
#define DPH_FLAG_DLL_NOTIFY   0x40
 

Typedefs

typedef struct _LDRP_TLS_DATA LDRP_TLS_DATA
 
typedef struct _LDRP_TLS_DATAPLDRP_TLS_DATA
 
typedef NTSTATUS(NTAPIPLDR_APP_COMPAT_DLL_REDIRECTION_CALLBACK_FUNCTION) (_In_ ULONG Flags, _In_ PCWSTR DllName, _In_ PCWSTR DllPath OPTIONAL, _Inout_opt_ PULONG DllCharacteristics, _In_ PVOID CallbackData, _Outptr_ PWSTR *EffectiveDllPath)
 
typedef NTSTATUS(NTAPIPEPFUNC) (PPEB)
 

Functions

NTSTATUS NTAPI LdrpRunInitializeRoutines (IN PCONTEXT Context OPTIONAL)
 
VOID NTAPI LdrpInitializeThread (IN PCONTEXT Context)
 
NTSTATUS NTAPI LdrpInitializeTls (VOID)
 
NTSTATUS NTAPI LdrpAllocateTls (VOID)
 
VOID NTAPI LdrpFreeTls (VOID)
 
VOID NTAPI LdrpCallTlsInitializers (IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Reason)
 
BOOLEAN NTAPI LdrpCallInitRoutine (IN PDLL_INIT_ROUTINE EntryPoint, IN PVOID BaseAddress, IN ULONG Reason, IN PVOID Context)
 
NTSTATUS NTAPI LdrpInitializeProcess (IN PCONTEXT Context, IN PVOID SystemArgument1)
 
VOID NTAPI LdrpInitFailure (NTSTATUS Status)
 
VOID NTAPI LdrpValidateImageForMp (IN PLDR_DATA_TABLE_ENTRY LdrDataTableEntry)
 
VOID NTAPI LdrpEnsureLoaderLockIsHeld (VOID)
 
NTSTATUS NTAPI LdrpSnapThunk (IN PVOID ExportBase, IN PVOID ImportBase, IN PIMAGE_THUNK_DATA OriginalThunk, IN OUT PIMAGE_THUNK_DATA Thunk, IN PIMAGE_EXPORT_DIRECTORY ExportEntry, IN ULONG ExportSize, IN BOOLEAN Static, IN LPSTR DllName)
 
NTSTATUS NTAPI LdrpWalkImportDescriptor (IN LPWSTR DllPath OPTIONAL, IN PLDR_DATA_TABLE_ENTRY LdrEntry)
 
NTSYSAPI NTSTATUS NTAPI LdrpApplyFileNameRedirection (_In_ PUNICODE_STRING OriginalName, _In_ PUNICODE_STRING Extension, _Inout_opt_ PUNICODE_STRING StaticString, _Inout_opt_ PUNICODE_STRING DynamicString, _Inout_ PUNICODE_STRING *NewName, _Inout_ PBOOLEAN RedirectedDll)
 
NTSTATUS NTAPI LdrpGetProcedureAddress (_In_ PVOID BaseAddress, _In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING Name, _In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG Ordinal, _Out_ PVOID *ProcedureAddress, _In_ BOOLEAN ExecuteInit)
 
PLDR_DATA_TABLE_ENTRY NTAPI LdrpAllocateDataTableEntry (IN PVOID BaseAddress)
 
VOID NTAPI LdrpInsertMemoryTableEntry (IN PLDR_DATA_TABLE_ENTRY LdrEntry)
 
NTSTATUS NTAPI LdrpLoadDll (IN BOOLEAN Redirected, IN PWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *BaseAddress, IN BOOLEAN CallInit)
 
VOID NTAPI LdrpUpdateLoadCount2 (IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Flags)
 
ULONG NTAPI LdrpClearLoadInProgress (VOID)
 
NTSTATUS NTAPI LdrpSetProtection (PVOID ViewBase, BOOLEAN Restore)
 
BOOLEAN NTAPI LdrpCheckForLoadedDllHandle (IN PVOID Base, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
 
BOOLEAN NTAPI LdrpCheckForLoadedDll (IN PWSTR DllPath, IN PUNICODE_STRING DllName, IN BOOLEAN Flag, IN BOOLEAN RedirectedDll, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
 
NTSTATUS NTAPI LdrpMapDll (IN PWSTR SearchPath OPTIONAL, IN PWSTR DllPath2, IN PWSTR DllName OPTIONAL, IN PULONG DllCharacteristics, IN BOOLEAN Static, IN BOOLEAN Redirect, OUT PLDR_DATA_TABLE_ENTRY *DataTableEntry)
 
PVOID NTAPI LdrpFetchAddressOfEntryPoint (PVOID ImageBase)
 
VOID NTAPI LdrpFreeUnicodeString (PUNICODE_STRING String)
 
VOID NTAPI LdrpRecordUnloadEvent (_In_ PLDR_DATA_TABLE_ENTRY LdrEntry)
 
VOID NTAPI LdrpGetShimEngineInterface (VOID)
 
VOID NTAPI LdrpLoadShimEngine (IN PWSTR ImageName, IN PUNICODE_STRING ProcessImage, IN PVOID pShimData)
 
VOID NTAPI LdrpUnloadShimEngine (VOID)
 
NTSTATUS NTAPI LdrpInitializeApplicationVerifierPackage (IN HANDLE KeyHandle, IN PPEB Peb, IN BOOLEAN SystemWide, IN BOOLEAN ReadAdvancedOptions)
 
NTSTATUS NTAPI AVrfInitializeVerifier (VOID)
 
VOID NTAPI AVrfDllLoadNotification (IN PLDR_DATA_TABLE_ENTRY LdrEntry)
 
VOID NTAPI AVrfDllUnloadNotification (IN PLDR_DATA_TABLE_ENTRY LdrEntry)
 
VOID NTAPI AVrfPageHeapDllNotification (IN PLDR_DATA_TABLE_ENTRY LdrEntry)
 
NTSTATUS LdrMapSections (HANDLE ProcessHandle, PVOID ImageBase, HANDLE SectionHandle, PIMAGE_NT_HEADERS NTHeaders)
 
NTSTATUS LdrMapNTDllForProcess (HANDLE ProcessHandle, PHANDLE NTDllSectionHandle)
 
ULONG LdrpGetResidentSize (PIMAGE_NT_HEADERS NTHeaders)
 
NTSTATUS NTAPI LdrpLoadImportModule (IN PWSTR DllPath OPTIONAL, IN LPSTR ImportName, OUT PLDR_DATA_TABLE_ENTRY *DataTableEntry, OUT PBOOLEAN Existing)
 
VOID NTAPI LdrpFinalizeAndDeallocateDataTableEntry (IN PLDR_DATA_TABLE_ENTRY Entry)
 
VOID NTAPI LdrpSendDllNotifications (_In_ PLDR_DATA_TABLE_ENTRY DllEntry, _In_ ULONG NotificationReason)
 
BOOLEAN NTAPI RtlDoesFileExists_UStr (IN PUNICODE_STRING FileName)
 
VOID NTAPI RtlpInitializeKeyedEvent (VOID)
 
VOID NTAPI RtlpCloseKeyedEvent (VOID)
 
VOID NTAPI RtlpInitializeThreadPooling (VOID)
 

Variables

RTL_CRITICAL_SECTION LdrpLoaderLock
 
BOOLEAN LdrpInLdrInit
 
PVOID LdrpHeap
 
LIST_ENTRY LdrpHashTable [LDR_HASH_TABLE_ENTRIES]
 
BOOLEAN ShowSnaps
 
UNICODE_STRING LdrpDefaultPath
 
HANDLE LdrpKnownDllObjectDirectory
 
ULONG LdrpNumberOfProcessors
 
ULONG LdrpFatalHardErrorCount
 
PUNICODE_STRING LdrpTopLevelDllBeingLoaded
 
PLDR_DATA_TABLE_ENTRY LdrpCurrentDllInitializer
 
UNICODE_STRING LdrApiDefaultExtension
 
BOOLEAN LdrpLdrDatabaseIsSetup
 
ULONG LdrpActiveUnloadCount
 
BOOLEAN LdrpShutdownInProgress
 
UNICODE_STRING LdrpKnownDllPath
 
PLDR_DATA_TABLE_ENTRY LdrpGetModuleHandleCache
 
PLDR_DATA_TABLE_ENTRY LdrpLoadedDllHandleCache
 
BOOLEAN RtlpPageHeapEnabled
 
ULONG RtlpDphGlobalFlags
 
BOOLEAN g_ShimsEnabled
 
PVOID g_pShimEngineModule
 
PVOID g_pfnSE_DllLoaded
 
PVOID g_pfnSE_DllUnloaded
 
PVOID g_pfnSE_InstallBeforeInit
 
PVOID g_pfnSE_InstallAfterInit
 
PVOID g_pfnSE_ProcessDying
 

Macro Definition Documentation

◆ DPH_FLAG_DLL_NOTIFY

#define DPH_FLAG_DLL_NOTIFY   0x40

Definition at line 24 of file ntdllp.h.

◆ IMAGE_LOADER_FLAGS_COMPLUS

#define IMAGE_LOADER_FLAGS_COMPLUS   0x00000001

Definition at line 20 of file ntdllp.h.

◆ IMAGE_LOADER_FLAGS_SYSTEM_GLOBAL

#define IMAGE_LOADER_FLAGS_SYSTEM_GLOBAL   0x01000000

Definition at line 21 of file ntdllp.h.

◆ LDR_GET_HASH_ENTRY

#define LDR_GET_HASH_ENTRY (   x)    (RtlUpcaseUnicodeChar((x)) & (LDR_HASH_TABLE_ENTRIES - 1))

Definition at line 12 of file ntdllp.h.

◆ LDR_HASH_TABLE_ENTRIES

#define LDR_HASH_TABLE_ENTRIES   32

Definition at line 11 of file ntdllp.h.

◆ LDRP_UPDATE_DEREFCOUNT

#define LDRP_UPDATE_DEREFCOUNT   0x02

Definition at line 16 of file ntdllp.h.

◆ LDRP_UPDATE_PIN

#define LDRP_UPDATE_PIN   0x03

Definition at line 17 of file ntdllp.h.

◆ LDRP_UPDATE_REFCOUNT

#define LDRP_UPDATE_REFCOUNT   0x01

Definition at line 15 of file ntdllp.h.

Typedef Documentation

◆ LDRP_TLS_DATA

typedef struct _LDRP_TLS_DATA LDRP_TLS_DATA

◆ PEPFUNC

typedef NTSTATUS(NTAPI * PEPFUNC) (PPEB)

Definition at line 211 of file ntdllp.h.

◆ PLDR_APP_COMPAT_DLL_REDIRECTION_CALLBACK_FUNCTION

typedef NTSTATUS(NTAPI * PLDR_APP_COMPAT_DLL_REDIRECTION_CALLBACK_FUNCTION) (_In_ ULONG Flags, _In_ PCWSTR DllName, _In_ PCWSTR DllPath OPTIONAL, _Inout_opt_ PULONG DllCharacteristics, _In_ PVOID CallbackData, _Outptr_ PWSTR *EffectiveDllPath)

Definition at line 33 of file ntdllp.h.

◆ PLDRP_TLS_DATA

typedef struct _LDRP_TLS_DATA * PLDRP_TLS_DATA

Function Documentation

◆ AVrfDllLoadNotification()

VOID NTAPI AVrfDllLoadNotification ( IN PLDR_DATA_TABLE_ENTRY  LdrEntry)

Definition at line 298 of file verifier.c.

299{
300 PLIST_ENTRY Entry;
301
302 if (!(NtCurrentPeb()->NtGlobalFlag & FLG_APPLICATION_VERIFIER))
303 return;
304
305 RtlEnterCriticalSection(&AVrfpVerifierLock);
306 if (!AVrfpIsVerifierProviderDll(LdrEntry->DllBase))
307 {
308 AvrfpResolveThunks(LdrEntry);
309
310 for (Entry = AVrfpVerifierProvidersList.Flink; Entry != &AVrfpVerifierProvidersList; Entry = Entry->Flink)
311 {
312 PVERIFIER_PROVIDER Provider;
313 RTL_VERIFIER_DLL_LOAD_CALLBACK ProviderDllLoadCallback;
314
315 Provider = CONTAINING_RECORD(Entry, VERIFIER_PROVIDER, ListEntry);
316
317 ProviderDllLoadCallback = Provider->ProviderDllLoadCallback;
318 if (ProviderDllLoadCallback)
319 {
320 ProviderDllLoadCallback(LdrEntry->BaseDllName.Buffer,
321 LdrEntry->DllBase,
322 LdrEntry->SizeOfImage,
323 LdrEntry);
324 }
325 }
326 }
327 RtlLeaveCriticalSection(&AVrfpVerifierLock);
328}
NtCurrentPeb
#define NtCurrentPeb()
Definition: FLS.c:22
FLG_APPLICATION_VERIFIER
#define FLG_APPLICATION_VERIFIER
Definition: pstypes.h:64
RtlEnterCriticalSection
NTSYSAPI NTSTATUS NTAPI RtlEnterCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
RtlLeaveCriticalSection
NTSYSAPI NTSTATUS NTAPI RtlLeaveCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
AVrfpVerifierProvidersList
LIST_ENTRY AVrfpVerifierProvidersList
Definition: verifier.c:26
AVrfpVerifierLock
RTL_CRITICAL_SECTION AVrfpVerifierLock
Definition: verifier.c:25
AVrfpIsVerifierProviderDll
BOOLEAN AVrfpIsVerifierProviderDll(PVOID BaseAddress)
Definition: verifier.c:107
AvrfpResolveThunks
VOID AvrfpResolveThunks(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: verifier.c:239
NtGlobalFlag
ULONG NtGlobalFlag
Definition: init.c:54
Entry
base of all file and directory entries
Definition: entries.h:83
_LIST_ENTRY
Definition: typedefs.h:120
_LIST_ENTRY::Flink
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
_VERIFIER_PROVIDER
Definition: verifier.c:32
CONTAINING_RECORD
#define CONTAINING_RECORD(address, type, field)
Definition: typedefs.h:260
RTL_VERIFIER_DLL_LOAD_CALLBACK
VOID(NTAPI * RTL_VERIFIER_DLL_LOAD_CALLBACK)(PWSTR DllName, PVOID DllBase, SIZE_T DllSize, PVOID Reserved)
Definition: verifier.h:6

Referenced by LdrpWalkImportDescriptor().

◆ AVrfDllUnloadNotification()

VOID NTAPI AVrfDllUnloadNotification ( IN PLDR_DATA_TABLE_ENTRY  LdrEntry)

Definition at line 332 of file verifier.c.

333{
334 PLIST_ENTRY Entry;
335
336 if (!(NtCurrentPeb()->NtGlobalFlag & FLG_APPLICATION_VERIFIER) || !AVrfpInitialized)
337 return;
338
339 RtlEnterCriticalSection(&AVrfpVerifierLock);
340 if (!AVrfpIsVerifierProviderDll(LdrEntry->DllBase))
341 {
342 for (Entry = AVrfpVerifierProvidersList.Flink; Entry != &AVrfpVerifierProvidersList; Entry = Entry->Flink)
343 {
344 PVERIFIER_PROVIDER Provider;
345 RTL_VERIFIER_DLL_UNLOAD_CALLBACK ProviderDllUnloadCallback;
346
347 Provider = CONTAINING_RECORD(Entry, VERIFIER_PROVIDER, ListEntry);
348
349 ProviderDllUnloadCallback = Provider->ProviderDllUnloadCallback;
350 if (ProviderDllUnloadCallback)
351 {
352 ProviderDllUnloadCallback(LdrEntry->BaseDllName.Buffer,
353 LdrEntry->DllBase,
354 LdrEntry->SizeOfImage,
355 LdrEntry);
356 }
357 }
358 }
359 RtlLeaveCriticalSection(&AVrfpVerifierLock);
360}
AVrfpInitialized
BOOL AVrfpInitialized
Definition: verifier.c:24
RTL_VERIFIER_DLL_UNLOAD_CALLBACK
VOID(NTAPI * RTL_VERIFIER_DLL_UNLOAD_CALLBACK)(PWSTR DllName, PVOID DllBase, SIZE_T DllSize, PVOID Reserved)
Definition: verifier.h:7

Referenced by LdrUnloadDll().

◆ AVrfInitializeVerifier()

NTSTATUS NTAPI AVrfInitializeVerifier ( VOID  )

Definition at line 672 of file verifier.c.

673{
674 NTSTATUS Status;
675 PVERIFIER_PROVIDER Provider;
676 PLIST_ENTRY Entry;
677 WCHAR* Ptr, *Next;
678
679 Status = RtlInitializeCriticalSection(&AVrfpVerifierLock);
680 InitializeListHead(&AVrfpVerifierProvidersList);
681
682 if (!NT_SUCCESS(Status))
683 return Status;
684
685 DbgPrint("AVRF: %wZ: pid 0x%X: flags 0x%X: application verifier enabled\n",
686 &LdrpImageEntry->BaseDllName, NtCurrentTeb()->ClientId.UniqueProcess, AVrfpVerifierFlags);
687
688 Provider = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(VERIFIER_PROVIDER));
689 if (!Provider)
690 return STATUS_NO_MEMORY;
691
692 RtlInitUnicodeString(&Provider->DllName, L"verifier.dll");
693 InsertTailList(&AVrfpVerifierProvidersList, &Provider->ListEntry);
694
695 Next = AVrfpVerifierDllsString;
696
697 do
698 {
699 while (*Next == L' ' || *Next == L'\t')
700 Next++;
701
702 Ptr = Next;
703
704 while (*Next != ' ' && *Next != '\t' && *Next)
705 Next++;
706
707 if (*Next)
708 *(Next++) = '\0';
709 else
710 Next = NULL;
711
712 if (*Ptr)
713 {
714 Provider = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(VERIFIER_PROVIDER));
715 if (!Provider)
716 return STATUS_NO_MEMORY;
717 RtlInitUnicodeString(&Provider->DllName, Ptr);
718 InsertTailList(&AVrfpVerifierProvidersList, &Provider->ListEntry);
719 }
720 } while (Next);
721
722 Entry = AVrfpVerifierProvidersList.Flink;
723 while (Entry != &AVrfpVerifierProvidersList)
724 {
725 Provider = CONTAINING_RECORD(Entry, VERIFIER_PROVIDER, ListEntry);
726 Entry = Entry->Flink;
727
728 Status = AVrfpLoadAndInitializeProvider(Provider);
729 if (!NT_SUCCESS(Status))
730 {
731 RemoveEntryList(&Provider->ListEntry);
732 RtlFreeHeap(RtlGetProcessHeap(), 0, Provider);
733 }
734 }
735
736 if (!NT_SUCCESS(Status))
737 {
738 DbgPrint("AVRF: %wZ: pid 0x%X: application verifier will be disabled due to an initialization error.\n",
739 &LdrpImageEntry->BaseDllName, NtCurrentTeb()->ClientId.UniqueProcess);
740 NtCurrentPeb()->NtGlobalFlag &= ~FLG_APPLICATION_VERIFIER;
741 }
742
743 return Status;
744}
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:616
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:634
STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: d3dkmdt.h:51
NULL
#define NULL
Definition: types.h:112
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
HEAP_ZERO_MEMORY
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
RemoveEntryList
#define RemoveEntryList(Entry)
Definition: env_spec_w32.h:986
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
InitializeListHead
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
Ptr
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
Definition: fsrtlfuncs.h:898
Status
Status
Definition: gdiplustypes.h:25
DbgPrint
#define DbgPrint
Definition: hal.h:12
NtCurrentTeb
#define NtCurrentTeb
Definition: iphlpapi_private.h:4
RtlInitializeCriticalSection
NTSYSAPI NTSTATUS NTAPI RtlInitializeCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
AVrfpVerifierFlags
ULONG AVrfpVerifierFlags
Definition: verifier.c:21
LdrpImageEntry
PLDR_DATA_TABLE_ENTRY LdrpImageEntry
Definition: ldrinit.c:39
AVrfpVerifierDllsString
WCHAR AVrfpVerifierDllsString[256]
Definition: verifier.c:22
AVrfpLoadAndInitializeProvider
NTSTATUS NTAPI AVrfpLoadAndInitializeProvider(PVERIFIER_PROVIDER Provider)
Definition: verifier.c:549
L
#define L(x)
Definition: ntvdm.h:50
Next
STDMETHOD() Next(THIS_ ULONG celt, IAssociationElement *pElement, ULONG *pceltFetched) PURE
_CLIENT_ID::UniqueProcess
HANDLE UniqueProcess
Definition: compat.h:825
_LDR_DATA_TABLE_ENTRY::BaseDllName
UNICODE_STRING BaseDllName
Definition: ldrtypes.h:149
ClientId
_Out_ PCLIENT_ID ClientId
Definition: kefuncs.h:1151
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180

Referenced by LdrpInitializeProcess().

◆ AVrfPageHeapDllNotification()

VOID NTAPI AVrfPageHeapDllNotification ( IN PLDR_DATA_TABLE_ENTRY  LdrEntry)

Definition at line 390 of file verifier.c.

391{
392 /* Check if page heap dll notification is turned on */
393 if (!(RtlpDphGlobalFlags & DPH_FLAG_DLL_NOTIFY))
394 return;
395
396 /* We don't support this flag currently */
397 UNIMPLEMENTED;
398}
UNIMPLEMENTED
#define UNIMPLEMENTED
Definition: ntoskrnl.c:15
RtlpDphGlobalFlags
ULONG RtlpDphGlobalFlags
Definition: heappage.c:108
DPH_FLAG_DLL_NOTIFY
#define DPH_FLAG_DLL_NOTIFY
Definition: ntdllp.h:24

Referenced by LdrpWalkImportDescriptor().

◆ LdrMapNTDllForProcess()

NTSTATUS LdrMapNTDllForProcess ( HANDLE  ProcessHandle,
PHANDLE  NTDllSectionHandle 
)

◆ LdrMapSections()

NTSTATUS LdrMapSections ( HANDLE  ProcessHandle,
PVOID  ImageBase,
HANDLE  SectionHandle,
PIMAGE_NT_HEADERS  NTHeaders 
)

◆ LdrpAllocateDataTableEntry()

PLDR_DATA_TABLE_ENTRY NTAPI LdrpAllocateDataTableEntry ( IN PVOID  BaseAddress)

Definition at line 1528 of file ldrutils.c.

1529{
1530 PLDR_DATA_TABLE_ENTRY LdrEntry = NULL;
1531 PIMAGE_NT_HEADERS NtHeader;
1532
1533 /* Make sure the header is valid */
1534 NtHeader = RtlImageNtHeader(BaseAddress);
1535 DPRINT("LdrpAllocateDataTableEntry(%p), NtHeader %p\n", BaseAddress, NtHeader);
1536
1537 if (NtHeader)
1538 {
1539 /* Allocate an entry */
1540 LdrEntry = RtlAllocateHeap(LdrpHeap,
1541 HEAP_ZERO_MEMORY,
1542 sizeof(LDR_DATA_TABLE_ENTRY));
1543
1544 /* Make sure we got one */
1545 if (LdrEntry)
1546 {
1547 /* Set it up */
1548 LdrEntry->DllBase = BaseAddress;
1549 LdrEntry->SizeOfImage = NtHeader->OptionalHeader.SizeOfImage;
1550 LdrEntry->TimeDateStamp = NtHeader->FileHeader.TimeDateStamp;
1551 LdrEntry->PatchInformation = NULL;
1552 }
1553 }
1554
1555 /* Return the entry */
1556 return LdrEntry;
1557}
RtlImageNtHeader
#define RtlImageNtHeader
Definition: compat.h:806
BaseAddress
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID * BaseAddress
Definition: mmfuncs.h:404
LdrpHeap
PVOID LdrpHeap
Definition: ldrinit.c:3
DPRINT
#define DPRINT
Definition: sndvol32.h:73
_IMAGE_FILE_HEADER::TimeDateStamp
DWORD TimeDateStamp
Definition: ntddk_ex.h:124
_IMAGE_NT_HEADERS
Definition: ntddk_ex.h:181
_IMAGE_NT_HEADERS::OptionalHeader
IMAGE_OPTIONAL_HEADER32 OptionalHeader
Definition: ntddk_ex.h:184
_IMAGE_NT_HEADERS::FileHeader
IMAGE_FILE_HEADER FileHeader
Definition: ntddk_ex.h:183
_IMAGE_OPTIONAL_HEADER::SizeOfImage
DWORD SizeOfImage
Definition: ntddk_ex.h:167
_LDR_DATA_TABLE_ENTRY
Definition: btrfs_drv.h:1876
_LDR_DATA_TABLE_ENTRY::SizeOfImage
ULONG SizeOfImage
Definition: ldrtypes.h:147
_LDR_DATA_TABLE_ENTRY::DllBase
PVOID DllBase
Definition: btrfs_drv.h:1880
_LDR_DATA_TABLE_ENTRY::TimeDateStamp
ULONG TimeDateStamp
Definition: btrfs_drv.h:1889
_LDR_DATA_TABLE_ENTRY::PatchInformation
PVOID PatchInformation
Definition: ldrtypes.h:168

Referenced by LdrpInitializeProcess(), and LdrpMapDll().

◆ LdrpAllocateTls()

NTSTATUS NTAPI LdrpAllocateTls ( VOID  )

Definition at line 1328 of file ldrinit.c.

1329{
1330 PTEB Teb = NtCurrentTeb();
1331 PLIST_ENTRY NextEntry, ListHead;
1332 PLDRP_TLS_DATA TlsData;
1333 SIZE_T TlsDataSize;
1334 PVOID *TlsVector;
1335
1336 /* Check if we have any entries */
1337 if (!LdrpNumberOfTlsEntries)
1338 return STATUS_SUCCESS;
1339
1340 /* Allocate the vector array */
1341 TlsVector = RtlAllocateHeap(RtlGetProcessHeap(),
1342 0,
1343 LdrpNumberOfTlsEntries * sizeof(PVOID));
1344 if (!TlsVector) return STATUS_NO_MEMORY;
1345 Teb->ThreadLocalStoragePointer = TlsVector;
1346
1347 /* Loop the TLS Array */
1348 ListHead = &LdrpTlsList;
1349 NextEntry = ListHead->Flink;
1350 while (NextEntry != ListHead)
1351 {
1352 /* Get the entry */
1353 TlsData = CONTAINING_RECORD(NextEntry, LDRP_TLS_DATA, TlsLinks);
1354 NextEntry = NextEntry->Flink;
1355
1356 /* Allocate this vector */
1357 TlsDataSize = TlsData->TlsDirectory.EndAddressOfRawData -
1358 TlsData->TlsDirectory.StartAddressOfRawData;
1359 TlsVector[TlsData->TlsDirectory.Characteristics] = RtlAllocateHeap(RtlGetProcessHeap(),
1360 0,
1361 TlsDataSize);
1362 if (!TlsVector[TlsData->TlsDirectory.Characteristics])
1363 {
1364 /* Out of memory */
1365 return STATUS_NO_MEMORY;
1366 }
1367
1368 /* Show debug message */
1369 if (ShowSnaps)
1370 {
1371 DPRINT1("LDR: TlsVector %p Index %lu = %p copied from %x to %p\n",
1372 TlsVector,
1373 TlsData->TlsDirectory.Characteristics,
1374 &TlsVector[TlsData->TlsDirectory.Characteristics],
1375 TlsData->TlsDirectory.StartAddressOfRawData,
1376 TlsVector[TlsData->TlsDirectory.Characteristics]);
1377 }
1378
1379 /* Copy the data */
1380 RtlCopyMemory(TlsVector[TlsData->TlsDirectory.Characteristics],
1381 (PVOID)TlsData->TlsDirectory.StartAddressOfRawData,
1382 TlsDataSize);
1383 }
1384
1385 /* Done */
1386 return STATUS_SUCCESS;
1387}
DPRINT1
#define DPRINT1
Definition: precomp.h:8
LdrpNumberOfTlsEntries
ULONG LdrpNumberOfTlsEntries
Definition: ldrinit.c:54
LdrpTlsList
LIST_ENTRY LdrpTlsList
Definition: ldrinit.c:53
ShowSnaps
BOOLEAN ShowSnaps
Definition: ldrinit.c:79
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_IMAGE_TLS_DIRECTORY32::StartAddressOfRawData
ULONG StartAddressOfRawData
Definition: ntimage.h:546
_IMAGE_TLS_DIRECTORY32::EndAddressOfRawData
ULONG EndAddressOfRawData
Definition: ntimage.h:547
_IMAGE_TLS_DIRECTORY32::Characteristics
ULONG Characteristics
Definition: ntimage.h:551
_LDRP_TLS_DATA
Definition: ntdllp.h:27
_LDRP_TLS_DATA::TlsDirectory
IMAGE_TLS_DIRECTORY TlsDirectory
Definition: ntdllp.h:29
_TEB
Definition: compat.h:836
_TEB::ThreadLocalStoragePointer
PVOID ThreadLocalStoragePointer
Definition: compat.h:841
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263

Referenced by LdrpInitializeThread(), and LdrpInitializeTls().

◆ LdrpApplyFileNameRedirection()

NTSYSAPI NTSTATUS NTAPI LdrpApplyFileNameRedirection ( _In_ PUNICODE_STRING  OriginalName,
_In_ PUNICODE_STRING  Extension,
_Inout_opt_ PUNICODE_STRING  StaticString,
_Inout_opt_ PUNICODE_STRING  DynamicString,
_Inout_ PUNICODE_STRING NewName,
_Inout_ PBOOLEAN  RedirectedDll 
)

Referenced by LdrGetDllHandleEx(), LdrLoadDll(), LdrpLoadImportModule(), LdrpSnapThunk(), and LdrpUpdateLoadCount3().

◆ LdrpCallInitRoutine()

BOOLEAN NTAPI LdrpCallInitRoutine ( IN PDLL_INIT_ROUTINE  EntryPoint,
IN PVOID  BaseAddress,
IN ULONG  Reason,
IN PVOID  Context 
)

Definition at line 100 of file ldrutils.c.

104{
105 /* Call the entry */
106 return EntryPoint(BaseAddress, Reason, Context);
107}
Reason
PVOID PVOID PWCHAR PVOID USHORT PULONG Reason
Definition: env.c:47

Referenced by AVrfpLoadAndInitializeProvider(), LdrpCallTlsInitializers(), LdrpInitializeThread(), LdrpRunInitializeRoutines(), LdrpRunShimEngineInitRoutine(), LdrShutdownProcess(), LdrShutdownThread(), and LdrUnloadDll().

◆ LdrpCallTlsInitializers()

VOID NTAPI LdrpCallTlsInitializers ( IN PLDR_DATA_TABLE_ENTRY  LdrEntry,
IN ULONG  Reason 
)

Definition at line 447 of file ldrutils.c.

449{
450 PIMAGE_TLS_DIRECTORY TlsDirectory;
451 PIMAGE_TLS_CALLBACK *Array, Callback;
452 ULONG Size;
453
454 /* Get the TLS Directory */
455 TlsDirectory = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
456 TRUE,
457 IMAGE_DIRECTORY_ENTRY_TLS,
458 &Size);
459
460 /* Protect against invalid pointers */
461 _SEH2_TRY
462 {
463 /* Make sure it's valid */
464 if (TlsDirectory)
465 {
466 /* Get the array */
467 Array = (PIMAGE_TLS_CALLBACK *)TlsDirectory->AddressOfCallBacks;
468 if (Array)
469 {
470 /* Display debug */
471 if (ShowSnaps)
472 {
473 DPRINT1("LDR: Tls Callbacks Found. Imagebase %p Tls %p CallBacks %p\n",
474 LdrEntry->DllBase, TlsDirectory, Array);
475 }
476
477 /* Loop the array */
478 while (*Array)
479 {
480 /* Get the TLS Entrypoint */
481 Callback = *Array++;
482
483 /* Display debug */
484 if (ShowSnaps)
485 {
486 DPRINT1("LDR: Calling Tls Callback Imagebase %p Function %p\n",
487 LdrEntry->DllBase, Callback);
488 }
489
490 /* Call it */
491 LdrpCallInitRoutine((PDLL_INIT_ROUTINE)Callback,
492 LdrEntry->DllBase,
493 Reason,
494 NULL);
495 }
496 }
497 }
498 }
499 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
500 {
501 DPRINT1("LDR: Exception 0x%x during Tls Callback(%u) for %wZ\n",
502 _SEH2_GetExceptionCode(), Reason, &LdrEntry->BaseDllName);
503 }
504 _SEH2_END;
505}
TRUE
#define TRUE
Definition: types.h:120
RtlImageDirectoryEntryToData
#define RtlImageDirectoryEntryToData
Definition: compat.h:809
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:90
PDLL_INIT_ROUTINE
BOOLEAN(NTAPI * PDLL_INIT_ROUTINE)(_In_ PVOID DllHandle, _In_ ULONG Reason, _In_opt_ PCONTEXT Context)
Definition: ldrtypes.h:271
LdrpCallInitRoutine
BOOLEAN NTAPI LdrpCallInitRoutine(IN PDLL_INIT_ROUTINE EntryPoint, IN PVOID BaseAddress, IN ULONG Reason, IN PVOID Context)
Definition: ldrutils.c:100
if
if(dx< 0)
Definition: linetemp.h:194
ShowSnaps
BOOLEAN ShowSnaps
Definition: ldrinit.c:79
PIMAGE_TLS_CALLBACK
VOID(NTAPI * PIMAGE_TLS_CALLBACK)(PVOID DllHandle, ULONG Reason, PVOID Reserved)
Definition: ntimage.h:531
IMAGE_DIRECTORY_ENTRY_TLS
#define IMAGE_DIRECTORY_ENTRY_TLS
Definition: pedump.c:268
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:181
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:82
_SEH2_END
#define _SEH2_END
Definition: pseh2_64.h:171
_SEH2_TRY
#define _SEH2_TRY
Definition: pseh2_64.h:71
_IMAGE_TLS_DIRECTORY32
Definition: ntimage.h:545
_IMAGE_TLS_DIRECTORY32::AddressOfCallBacks
ULONG AddressOfCallBacks
Definition: ntimage.h:549
ULONG
uint32_t ULONG
Definition: typedefs.h:59
Size
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533
Callback
_In_ WDFINTERRUPT _In_ PFN_WDF_INTERRUPT_SYNCHRONIZE Callback
Definition: wdfinterrupt.h:458

Referenced by LdrpInitializeThread(), LdrpRunInitializeRoutines(), LdrShutdownProcess(), and LdrShutdownThread().

◆ LdrpCheckForLoadedDll()

BOOLEAN NTAPI LdrpCheckForLoadedDll ( IN PWSTR  DllPath,
IN PUNICODE_STRING  DllName,
IN BOOLEAN  Flag,
IN BOOLEAN  RedirectedDll,
OUT PLDR_DATA_TABLE_ENTRY LdrEntry 
)

Definition at line 1958 of file ldrutils.c.

1963{
1964 ULONG HashIndex;
1965 PLIST_ENTRY ListHead, ListEntry;
1966 PLDR_DATA_TABLE_ENTRY CurEntry;
1967 BOOLEAN FullPath = FALSE;
1968 PWCHAR wc;
1969 WCHAR NameBuf[266];
1970 UNICODE_STRING FullDllName, NtPathName;
1971 ULONG Length;
1972 OBJECT_ATTRIBUTES ObjectAttributes;
1973 NTSTATUS Status;
1974 HANDLE FileHandle, SectionHandle;
1975 IO_STATUS_BLOCK Iosb;
1976 PVOID ViewBase = NULL;
1977 SIZE_T ViewSize = 0;
1978 PIMAGE_NT_HEADERS NtHeader, NtHeader2;
1979 DPRINT("LdrpCheckForLoadedDll('%S' '%wZ' %u %u %p)\n", DllPath ? ((ULONG_PTR)DllPath == 1 ? L"" : DllPath) : L"", DllName, Flag, RedirectedDll, LdrEntry);
1980
1981 /* Check if a dll name was provided */
1982 if (!(DllName->Buffer) || !(DllName->Buffer[0])) return FALSE;
1983
1984 /* FIXME: Warning, "Flag" is used as magic instead of "Static" */
1985 /* FIXME: Warning, code does not support redirection at all */
1986
1987 /* Look in the hash table if flag was set */
1988lookinhash:
1989 if (Flag /* the second check is a hack */ && !RedirectedDll)
1990 {
1991 /* FIXME: if we get redirected dll it means that we also get a full path so we need to find its filename for the hash lookup */
1992
1993 /* Get hash index */
1994 HashIndex = LDR_GET_HASH_ENTRY(DllName->Buffer[0]);
1995
1996 /* Traverse that list */
1997 ListHead = &LdrpHashTable[HashIndex];
1998 ListEntry = ListHead->Flink;
1999 while (ListEntry != ListHead)
2000 {
2001 /* Get the current entry */
2002 CurEntry = CONTAINING_RECORD(ListEntry, LDR_DATA_TABLE_ENTRY, HashLinks);
2003
2004 /* Check base name of that module */
2005 if (RtlEqualUnicodeString(DllName, &CurEntry->BaseDllName, TRUE))
2006 {
2007 /* It matches, return it */
2008 *LdrEntry = CurEntry;
2009 return TRUE;
2010 }
2011
2012 /* Advance to the next entry */
2013 ListEntry = ListEntry->Flink;
2014 }
2015
2016 /* Module was not found, return failure */
2017 return FALSE;
2018 }
2019
2020 /* Check if this is a redirected DLL */
2021 if (RedirectedDll)
2022 {
2023 /* Redirected dlls already have a full path */
2024 FullPath = TRUE;
2025 FullDllName = *DllName;
2026 }
2027 else
2028 {
2029 /* Check if there is a full path in this DLL */
2030 wc = DllName->Buffer;
2031 while (*wc)
2032 {
2033 /* Check for a slash in the current position*/
2034 if ((*wc == L'\\') || (*wc == L'/'))
2035 {
2036 /* Found the slash, so dll name contains path */
2037 FullPath = TRUE;
2038
2039 /* Setup full dll name string */
2040 FullDllName.Buffer = NameBuf;
2041
2042 /* FIXME: This is from the Windows 2000 loader, not XP/2003, we should call LdrpSearchPath */
2043 Length = RtlDosSearchPath_U(DllPath ? DllPath : LdrpDefaultPath.Buffer,
2044 DllName->Buffer,
2045 NULL,
2046 sizeof(NameBuf) - sizeof(UNICODE_NULL),
2047 FullDllName.Buffer,
2048 NULL);
2049
2050 /* Check if that was successful */
2051 if (!(Length) || (Length > (sizeof(NameBuf) - sizeof(UNICODE_NULL))))
2052 {
2053 if (ShowSnaps)
2054 {
2055 DPRINT1("LDR: LdrpCheckForLoadedDll - Unable To Locate %wZ: 0x%08x\n",
2056 &DllName, Length);
2057 }
2058 }
2059
2060 /* Full dll name is found */
2061 FullDllName.Length = Length;
2062 FullDllName.MaximumLength = FullDllName.Length + sizeof(UNICODE_NULL);
2063 break;
2064 }
2065
2066 wc++;
2067 }
2068 }
2069
2070 /* Go check the hash table */
2071 if (!FullPath)
2072 {
2073 Flag = TRUE;
2074 goto lookinhash;
2075 }
2076
2077 /* FIXME: Warning, activation context missing */
2078 DPRINT("Warning, activation context missing\n");
2079
2080 /* NOTE: From here on down, everything looks good */
2081
2082 /* Loop the module list */
2083 ListHead = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
2084 ListEntry = ListHead->Flink;
2085 while (ListEntry != ListHead)
2086 {
2087 /* Get the current entry and advance to the next one */
2088 CurEntry = CONTAINING_RECORD(ListEntry,
2089 LDR_DATA_TABLE_ENTRY,
2090 InLoadOrderLinks);
2091 ListEntry = ListEntry->Flink;
2092
2093 /* Check if it's being unloaded */
2094 if (!CurEntry->InMemoryOrderLinks.Flink) continue;
2095
2096 /* Check if name matches */
2097 if (RtlEqualUnicodeString(&FullDllName,
2098 &CurEntry->FullDllName,
2099 TRUE))
2100 {
2101 /* Found it */
2102 *LdrEntry = CurEntry;
2103 return TRUE;
2104 }
2105 }
2106
2107 /* Convert given path to NT path */
2108 if (!RtlDosPathNameToNtPathName_U(FullDllName.Buffer,
2109 &NtPathName,
2110 NULL,
2111 NULL))
2112 {
2113 /* Fail if conversion failed */
2114 return FALSE;
2115 }
2116
2117 /* Initialize object attributes and open it */
2118 InitializeObjectAttributes(&ObjectAttributes,
2119 &NtPathName,
2120 OBJ_CASE_INSENSITIVE,
2121 NULL,
2122 NULL);
2123 Status = NtOpenFile(&FileHandle,
2124 SYNCHRONIZE | FILE_EXECUTE,
2125 &ObjectAttributes,
2126 &Iosb,
2127 FILE_SHARE_READ | FILE_SHARE_DELETE,
2128 FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT);
2129
2130 /* Free NT path name */
2131 RtlFreeHeap(RtlGetProcessHeap(), 0, NtPathName.Buffer);
2132
2133 /* If opening the file failed - return failure */
2134 if (!NT_SUCCESS(Status)) return FALSE;
2135
2136 /* Create a section for this file */
2137 Status = NtCreateSection(&SectionHandle,
2138 SECTION_MAP_READ |
2139 SECTION_MAP_EXECUTE |
2140 SECTION_MAP_WRITE,
2141 NULL,
2142 NULL,
2143 PAGE_EXECUTE,
2144 SEC_COMMIT,
2145 FileHandle);
2146
2147 /* Close file handle */
2148 NtClose(FileHandle);
2149
2150 /* If creating section failed - return failure */
2151 if (!NT_SUCCESS(Status)) return FALSE;
2152
2153 /* Map view of this section */
2154 Status = ZwMapViewOfSection(SectionHandle,
2155 NtCurrentProcess(),
2156 &ViewBase,
2157 0,
2158 0,
2159 NULL,
2160 &ViewSize,
2161 ViewShare,
2162 0,
2163 PAGE_EXECUTE);
2164
2165 /* Close section handle */
2166 NtClose(SectionHandle);
2167
2168 /* If section mapping failed - return failure */
2169 if (!NT_SUCCESS(Status)) return FALSE;
2170
2171 /* Get pointer to the NT header of this section */
2172 Status = RtlImageNtHeaderEx(0, ViewBase, ViewSize, &NtHeader);
2173 if (!(NT_SUCCESS(Status)) || !(NtHeader))
2174 {
2175 /* Unmap the section and fail */
2176 NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
2177 return FALSE;
2178 }
2179
2180 /* Go through the list of modules again */
2181 ListHead = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
2182 ListEntry = ListHead->Flink;
2183 while (ListEntry != ListHead)
2184 {
2185 /* Get the current entry and advance to the next one */
2186 CurEntry = CONTAINING_RECORD(ListEntry,
2187 LDR_DATA_TABLE_ENTRY,
2188 InLoadOrderLinks);
2189 ListEntry = ListEntry->Flink;
2190
2191 /* Check if it's in the process of being unloaded */
2192 if (!CurEntry->InMemoryOrderLinks.Flink) continue;
2193
2194 /* The header is untrusted, use SEH */
2195 _SEH2_TRY
2196 {
2197 /* Check if timedate stamp and sizes match */
2198 if ((CurEntry->TimeDateStamp == NtHeader->FileHeader.TimeDateStamp) &&
2199 (CurEntry->SizeOfImage == NtHeader->OptionalHeader.SizeOfImage))
2200 {
2201 /* Time, date and size match. Let's compare their headers */
2202 NtHeader2 = RtlImageNtHeader(CurEntry->DllBase);
2203 if (RtlCompareMemory(NtHeader2, NtHeader, sizeof(IMAGE_NT_HEADERS)))
2204 {
2205 /* Headers match too! Finally ask the kernel to compare mapped files */
2206 Status = ZwAreMappedFilesTheSame(CurEntry->DllBase, ViewBase);
2207 if (NT_SUCCESS(Status))
2208 {
2209 /* This is our entry!, unmap and return success */
2210 *LdrEntry = CurEntry;
2211 NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
2212 _SEH2_YIELD(return TRUE;)
2213 }
2214 }
2215 }
2216 }
2217 _SEH2_EXCEPT (EXCEPTION_EXECUTE_HANDLER)
2218 {
2219 _SEH2_YIELD(break;)
2220 }
2221 _SEH2_END;
2222 }
2223
2224 /* Unmap the section and fail */
2225 NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
2226 return FALSE;
2227}
NtUnmapViewOfSection
NTSTATUS NTAPI NtUnmapViewOfSection(IN HANDLE ProcessHandle, IN PVOID BaseAddress)
Definition: section.c:3481
NtCreateSection
NTSTATUS NTAPI NtCreateSection(OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG SectionPageProtection OPTIONAL, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL)
Definition: section.c:3074
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
FILE_NON_DIRECTORY_FILE
#define FILE_NON_DIRECTORY_FILE
Definition: constants.h:492
RtlImageNtHeaderEx
NTSTATUS NTAPI RtlImageNtHeaderEx(_In_ ULONG Flags, _In_ PVOID Base, _In_ ULONG64 Size, _Out_ PIMAGE_NT_HEADERS *OutHeaders)
Definition: libsupp.c:32
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
FALSE
#define FALSE
Definition: types.h:117
SECTION_MAP_READ
#define SECTION_MAP_READ
Definition: compat.h:139
FILE_SHARE_READ
#define FILE_SHARE_READ
Definition: compat.h:136
Iosb
return Iosb
Definition: create.c:4403
RtlCompareMemory
#define RtlCompareMemory(s1, s2, l)
Definition: env_spec_w32.h:465
FileHandle
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE FileHandle
Definition: fltkernel.h:1231
FILE_SYNCHRONOUS_IO_NONALERT
#define FILE_SYNCHRONOUS_IO_NONALERT
Definition: from_kernel.h:31
OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
FullDllName
_In_ PCWSTR FullDllName
Definition: ldrtypes.h:264
DllPath
static const char const char * DllPath
Definition: image.c:34
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
ZwAreMappedFilesTheSame
NTSYSAPI NTSTATUS NTAPI ZwAreMappedFilesTheSame(_In_ PVOID File1MappedAsAnImage, _In_ PVOID File2MappedAsFile)
ViewSize
_In_ HANDLE _Outptr_result_bytebuffer_ ViewSize PVOID _In_ ULONG_PTR _In_ SIZE_T _Inout_opt_ PLARGE_INTEGER _Inout_ PSIZE_T ViewSize
Definition: mmfuncs.h:408
SEC_COMMIT
#define SEC_COMMIT
Definition: mmtypes.h:100
RtlDosSearchPath_U
NTSYSAPI ULONG NTAPI RtlDosSearchPath_U(_In_ PCWSTR Path, _In_ PCWSTR FileName, _In_ PCWSTR Extension, _In_ ULONG BufferSize, _Out_ PWSTR Buffer, _Out_ PWSTR *PartName)
RtlDosPathNameToNtPathName_U
NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U(_In_opt_z_ PCWSTR DosPathName, _Out_ PUNICODE_STRING NtPathName, _Out_opt_ PCWSTR *NtFileNamePart, _Out_opt_ PRTL_RELATIVE_NAME_U DirectoryInfo)
SECTION_MAP_EXECUTE
#define SECTION_MAP_EXECUTE
Definition: nt_native.h:1290
NtOpenFile
NTSYSAPI NTSTATUS NTAPI NtOpenFile(OUT PHANDLE phFile, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN ULONG ShareMode, IN ULONG OpenMode)
Definition: file.c:3953
SYNCHRONIZE
#define SYNCHRONIZE
Definition: nt_native.h:61
SECTION_MAP_WRITE
#define SECTION_MAP_WRITE
Definition: nt_native.h:1288
PAGE_EXECUTE
#define PAGE_EXECUTE
Definition: nt_native.h:1306
RtlEqualUnicodeString
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657
FILE_SHARE_DELETE
#define FILE_SHARE_DELETE
Definition: nt_native.h:682
FILE_EXECUTE
#define FILE_EXECUTE
Definition: nt_native.h:642
ViewShare
@ ViewShare
Definition: nt_native.h:1278
NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
UNICODE_NULL
#define UNICODE_NULL
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
LdrpDefaultPath
UNICODE_STRING LdrpDefaultPath
Definition: ldrinit.c:63
LDR_GET_HASH_ENTRY
#define LDR_GET_HASH_ENTRY(x)
Definition: ntdllp.h:12
LdrpHashTable
LIST_ENTRY LdrpHashTable[LDR_HASH_TABLE_ENTRIES]
Definition: ldrinit.c:59
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:184
Flag
Definition: xml2sdb.h:80
_IO_STATUS_BLOCK
Definition: env_spec_w32.h:870
_LDR_DATA_TABLE_ENTRY::FullDllName
UNICODE_STRING FullDllName
Definition: btrfs_drv.h:1882
_LDR_DATA_TABLE_ENTRY::InMemoryOrderLinks
LIST_ENTRY InMemoryOrderLinks
Definition: btrfs_drv.h:1878
_OBJECT_ATTRIBUTES
Definition: umtypes.h:182
_UNICODE_STRING
Definition: env_spec_w32.h:368
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
PWCHAR
uint16_t * PWCHAR
Definition: typedefs.h:56

Referenced by LdrGetDllHandleEx(), LdrpLoadDll(), LdrpLoadImportModule(), and LdrpUpdateLoadCount3().

◆ LdrpCheckForLoadedDllHandle()

BOOLEAN NTAPI LdrpCheckForLoadedDllHandle ( IN PVOID  Base,
OUT PLDR_DATA_TABLE_ENTRY LdrEntry 
)

Definition at line 1600 of file ldrutils.c.

1602{
1603 PLDR_DATA_TABLE_ENTRY Current;
1604 PLIST_ENTRY ListHead, Next;
1605
1606 /* Check the cache first */
1607 if ((LdrpLoadedDllHandleCache) &&
1608 (LdrpLoadedDllHandleCache->DllBase == Base))
1609 {
1610 /* We got lucky, return the cached entry */
1611 *LdrEntry = LdrpLoadedDllHandleCache;
1612 return TRUE;
1613 }
1614
1615 /* Time for a lookup */
1616 ListHead = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
1617 Next = ListHead->Flink;
1618 while (Next != ListHead)
1619 {
1620 /* Get the current entry */
1621 Current = CONTAINING_RECORD(Next,
1622 LDR_DATA_TABLE_ENTRY,
1623 InLoadOrderLinks);
1624
1625 /* Make sure it's not unloading and check for a match */
1626 if ((Current->InMemoryOrderLinks.Flink) && (Base == Current->DllBase))
1627 {
1628 /* Save in cache */
1629 LdrpLoadedDllHandleCache = Current;
1630
1631 /* Return it */
1632 *LdrEntry = Current;
1633 return TRUE;
1634 }
1635
1636 /* Move to the next one */
1637 Next = Next->Flink;
1638 }
1639
1640 /* Nothing found */
1641 return FALSE;
1642}
LdrpLoadedDllHandleCache
PLDR_DATA_TABLE_ENTRY LdrpLoadedDllHandleCache
Definition: ldrutils.c:19
Base
_In_opt_ ULONG Base
Definition: rtlfuncs.h:2478

Referenced by LdrAddRefDll(), LdrDisableThreadCalloutsForDll(), LdrpGetProcedureAddress(), LdrpSnapThunk(), and LdrUnloadDll().

◆ LdrpClearLoadInProgress()

ULONG NTAPI LdrpClearLoadInProgress ( VOID  )

Definition at line 2649 of file ldrutils.c.

2650{
2651 PLIST_ENTRY ListHead, Entry;
2652 PLDR_DATA_TABLE_ENTRY LdrEntry;
2653 ULONG ModulesCount = 0;
2654
2655 /* Traverse the init list */
2656 ListHead = &NtCurrentPeb()->Ldr->InInitializationOrderModuleList;
2657 Entry = ListHead->Flink;
2658 while (Entry != ListHead)
2659 {
2660 /* Get the loader entry */
2661 LdrEntry = CONTAINING_RECORD(Entry,
2662 LDR_DATA_TABLE_ENTRY,
2663 InInitializationOrderLinks);
2664
2665 /* Clear load in progress flag */
2666 LdrEntry->Flags &= ~LDRP_LOAD_IN_PROGRESS;
2667
2668 /* Check for modules with entry point count but not processed yet */
2669 if ((LdrEntry->EntryPoint) &&
2670 !(LdrEntry->Flags & LDRP_ENTRY_PROCESSED))
2671 {
2672 /* Increase counter */
2673 ModulesCount++;
2674 }
2675
2676 /* Advance to the next entry */
2677 Entry = Entry->Flink;
2678 }
2679
2680 /* Return final count */
2681 return ModulesCount;
2682}
LDRP_ENTRY_PROCESSED
#define LDRP_ENTRY_PROCESSED
Definition: ldrtypes.h:48
_LDR_DATA_TABLE_ENTRY::EntryPoint
PVOID EntryPoint
Definition: ntddk_ex.h:203
_LDR_DATA_TABLE_ENTRY::Flags
ULONG Flags
Definition: ntddk_ex.h:207

Referenced by LdrAddRefDll(), LdrGetDllHandleEx(), LdrpLoadDll(), and LdrpRunInitializeRoutines().

◆ LdrpEnsureLoaderLockIsHeld()

VOID NTAPI LdrpEnsureLoaderLockIsHeld ( VOID  )

Definition at line 408 of file ldrinit.c.

409{
410 // Ignored atm
411}

Referenced by LdrpCheckForKnownDll(), and LdrpRunInitializeRoutines().

◆ LdrpFetchAddressOfEntryPoint()

PVOID NTAPI LdrpFetchAddressOfEntryPoint ( PVOID  ImageBase)

Referenced by AVrfpLoadAndInitializeProvider(), and LdrpInitializeProcess().

◆ LdrpFinalizeAndDeallocateDataTableEntry()

VOID NTAPI LdrpFinalizeAndDeallocateDataTableEntry ( IN PLDR_DATA_TABLE_ENTRY  Entry)

Definition at line 1577 of file ldrutils.c.

1578{
1579 /* Sanity check */
1580 ASSERT(Entry != NULL);
1581
1582 /* Release the activation context if it exists and wasn't already released */
1583 if ((Entry->EntryPointActivationContext) &&
1584 (Entry->EntryPointActivationContext != INVALID_HANDLE_VALUE))
1585 {
1586 /* Mark it as invalid */
1587 RtlReleaseActivationContext(Entry->EntryPointActivationContext);
1588 Entry->EntryPointActivationContext = INVALID_HANDLE_VALUE;
1589 }
1590
1591 /* Release the full dll name string */
1592 if (Entry->FullDllName.Buffer) LdrpFreeUnicodeString(&Entry->FullDllName);
1593
1594 /* Finally free the entry's memory */
1595 RtlFreeHeap(LdrpHeap, 0, Entry);
1596}
INVALID_HANDLE_VALUE
#define INVALID_HANDLE_VALUE
Definition: compat.h:731
RtlReleaseActivationContext
NTSYSAPI void WINAPI RtlReleaseActivationContext(HANDLE)
Definition: actctx.c:5384
LdrpFreeUnicodeString
VOID NTAPI LdrpFreeUnicodeString(IN PUNICODE_STRING StringIn)
Definition: ldrutils.c:84
ASSERT
#define ASSERT(a)
Definition: mode.c:44

Referenced by LdrUnloadDll().

◆ LdrpFreeTls()

VOID NTAPI LdrpFreeTls ( VOID  )

Definition at line 1391 of file ldrinit.c.

1392{
1393 PLIST_ENTRY ListHead, NextEntry;
1394 PLDRP_TLS_DATA TlsData;
1395 PVOID *TlsVector;
1396 PTEB Teb = NtCurrentTeb();
1397
1398 /* Get a pointer to the vector array */
1399 TlsVector = Teb->ThreadLocalStoragePointer;
1400 if (!TlsVector) return;
1401
1402 /* Loop through it */
1403 ListHead = &LdrpTlsList;
1404 NextEntry = ListHead->Flink;
1405 while (NextEntry != ListHead)
1406 {
1407 TlsData = CONTAINING_RECORD(NextEntry, LDRP_TLS_DATA, TlsLinks);
1408 NextEntry = NextEntry->Flink;
1409
1410 /* Free each entry */
1411 if (TlsVector[TlsData->TlsDirectory.Characteristics])
1412 {
1413 RtlFreeHeap(RtlGetProcessHeap(),
1414 0,
1415 TlsVector[TlsData->TlsDirectory.Characteristics]);
1416 }
1417 }
1418
1419 /* Free the array itself */
1420 RtlFreeHeap(RtlGetProcessHeap(),
1421 0,
1422 TlsVector);
1423}

Referenced by LdrShutdownThread().

◆ LdrpFreeUnicodeString()

VOID NTAPI LdrpFreeUnicodeString ( PUNICODE_STRING  String)

◆ LdrpGetProcedureAddress()

NTSTATUS NTAPI LdrpGetProcedureAddress ( _In_ PVOID  BaseAddress,
_In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING  Name,
_In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG  Ordinal,
_Out_ PVOID ProcedureAddress,
_In_ BOOLEAN  ExecuteInit 
)

Definition at line 2231 of file ldrutils.c.

2237{
2238 NTSTATUS Status = STATUS_SUCCESS;
2239 UCHAR ImportBuffer[64]; // 128 since NT6.2
2240 PLDR_DATA_TABLE_ENTRY LdrEntry;
2241 IMAGE_THUNK_DATA Thunk;
2242 PVOID ImageBase;
2243 PIMAGE_IMPORT_BY_NAME ImportName = NULL;
2244 PIMAGE_EXPORT_DIRECTORY ExportDir;
2245 ULONG ExportDirSize, Length;
2246 PLIST_ENTRY Entry;
2247
2248 /* Show debug message */
2249 if (ShowSnaps) DPRINT1("LDR: LdrGetProcedureAddress by ");
2250
2251 /* Check if we got a name */
2252 if (Name)
2253 {
2254 /* Show debug message */
2255 if (ShowSnaps) DbgPrint("NAME - %s\n", Name->Buffer);
2256
2257 /* Make sure it's not too long */
2258 Length = Name->Length +
2259 sizeof(CHAR) +
2260 FIELD_OFFSET(IMAGE_IMPORT_BY_NAME, Name);
2261 if (Length > UNICODE_STRING_MAX_BYTES)
2262 {
2263 /* Won't have enough space to add the hint */
2264 return STATUS_NAME_TOO_LONG;
2265 }
2266
2267 /* Check if our buffer is large enough */
2268 if (Length > sizeof(ImportBuffer))
2269 {
2270 /* Allocate from heap, plus 2 bytes for the Hint */
2271 ImportName = RtlAllocateHeap(RtlGetProcessHeap(),
2272 0,
2273 Length);
2274 if (!ImportName)
2275 {
2276 /* Return STATUS_INSUFFICIENT_RESOURCES since NT6.2 */
2277 return STATUS_INVALID_PARAMETER;
2278 }
2279 }
2280 else
2281 {
2282 /* Use our internal buffer */
2283 ImportName = (PIMAGE_IMPORT_BY_NAME)ImportBuffer;
2284 }
2285
2286 /* Clear the hint */
2287 ImportName->Hint = 0;
2288
2289 /* Copy the name and null-terminate it */
2290 RtlCopyMemory(ImportName->Name, Name->Buffer, Name->Length);
2291 ImportName->Name[Name->Length] = ANSI_NULL;
2292
2293 /* Clear the high bit */
2294 ImageBase = ImportName;
2295 Thunk.u1.AddressOfData = 0;
2296 }
2297 else
2298 {
2299 /* Do it by ordinal */
2300 ImageBase = NULL;
2301
2302 /* Show debug message */
2303 if (ShowSnaps) DbgPrint("ORDINAL - %lx\n", Ordinal);
2304
2305 /* Make sure an ordinal was given */
2306 if (!Ordinal)
2307 {
2308 /* No ordinal */
2309 DPRINT1("No ordinal and no name\n");
2310 return STATUS_INVALID_PARAMETER;
2311 }
2312
2313 /* Set the original flag in the thunk */
2314 Thunk.u1.Ordinal = Ordinal | IMAGE_ORDINAL_FLAG;
2315 }
2316
2317 /* Acquire lock unless we are initting */
2318 if (!LdrpInLdrInit) RtlEnterCriticalSection(&LdrpLoaderLock);
2319
2320 _SEH2_TRY
2321 {
2322 /* Try to find the loaded DLL */
2323 if (!LdrpCheckForLoadedDllHandle(BaseAddress, &LdrEntry))
2324 {
2325 /* Invalid base */
2326 DPRINT1("Invalid base address %p\n", BaseAddress);
2327 Status = STATUS_DLL_NOT_FOUND;
2328 _SEH2_YIELD(goto Quickie;)
2329 }
2330
2331 /* Get the pointer to the export directory */
2332 ExportDir = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
2333 TRUE,
2334 IMAGE_DIRECTORY_ENTRY_EXPORT,
2335 &ExportDirSize);
2336
2337 if (!ExportDir)
2338 {
2339 DPRINT1("Image %wZ has no exports, but were trying to get procedure %Z. BaseAddress asked 0x%p, got entry BA 0x%p\n",
2340 &LdrEntry->BaseDllName, Name, BaseAddress, LdrEntry->DllBase);
2341 Status = STATUS_PROCEDURE_NOT_FOUND;
2342 _SEH2_YIELD(goto Quickie;)
2343 }
2344
2345 /* Now get the thunk */
2346 Status = LdrpSnapThunk(LdrEntry->DllBase,
2347 ImageBase,
2348 &Thunk,
2349 &Thunk,
2350 ExportDir,
2351 ExportDirSize,
2352 FALSE,
2353 NULL);
2354
2355 /* Finally, see if we're supposed to run the init routines */
2356 if ((NT_SUCCESS(Status)) && (ExecuteInit))
2357 {
2358 /*
2359 * It's possible a forwarded entry had us load the DLL. In that case,
2360 * then we will call its DllMain. Use the last loaded DLL for this.
2361 */
2362 Entry = NtCurrentPeb()->Ldr->InInitializationOrderModuleList.Blink;
2363 LdrEntry = CONTAINING_RECORD(Entry,
2364 LDR_DATA_TABLE_ENTRY,
2365 InInitializationOrderLinks);
2366
2367 /* Make sure we didn't process it yet*/
2368 if (!(LdrEntry->Flags & LDRP_ENTRY_PROCESSED))
2369 {
2370 /* Call the init routine */
2371 _SEH2_TRY
2372 {
2373 Status = LdrpRunInitializeRoutines(NULL);
2374 }
2375 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2376 {
2377 /* Get the exception code */
2378 Status = _SEH2_GetExceptionCode();
2379 }
2380 _SEH2_END;
2381 }
2382 }
2383
2384 /* Make sure we're OK till here */
2385 if (NT_SUCCESS(Status))
2386 {
2387 /* Return the address */
2388 *ProcedureAddress = (PVOID)Thunk.u1.Function;
2389 }
2390 }
2391 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2392 {
2393 /* Just ignore exceptions */
2394 }
2395 _SEH2_END;
2396
2397Quickie:
2398 /* Cleanup */
2399 if (ImportName && (ImportName != (PIMAGE_IMPORT_BY_NAME)ImportBuffer))
2400 {
2401 /* We allocated from heap, free it */
2402 RtlFreeHeap(RtlGetProcessHeap(), 0, ImportName);
2403 }
2404
2405 /* Release the CS if we entered it */
2406 if (!LdrpInLdrInit) RtlLeaveCriticalSection(&LdrpLoaderLock);
2407
2408 /* We're done */
2409 return Status;
2410}
CHAR
#define CHAR(Char)
Name
LPWSTR Name
Definition: desk.c:124
IMAGE_DIRECTORY_ENTRY_EXPORT
#define IMAGE_DIRECTORY_ENTRY_EXPORT
Definition: compat.h:151
LdrpCheckForLoadedDllHandle
BOOLEAN NTAPI LdrpCheckForLoadedDllHandle(IN PVOID Base, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
Definition: ldrutils.c:1600
UNICODE_STRING_MAX_BYTES
#define UNICODE_STRING_MAX_BYTES
ANSI_NULL
#define ANSI_NULL
LdrpInLdrInit
BOOLEAN LdrpInLdrInit
Definition: ldrinit.c:30
LdrpRunInitializeRoutines
NTSTATUS NTAPI LdrpRunInitializeRoutines(IN PCONTEXT Context OPTIONAL)
Definition: ldrinit.c:648
LdrpLoaderLock
RTL_CRITICAL_SECTION LdrpLoaderLock
Definition: ldrinit.c:68
LdrpSnapThunk
NTSTATUS NTAPI LdrpSnapThunk(IN PVOID ExportBase, IN PVOID ImportBase, IN PIMAGE_THUNK_DATA OriginalThunk, IN OUT PIMAGE_THUNK_DATA Thunk, IN PIMAGE_EXPORT_DIRECTORY ExportEntry, IN ULONG ExportSize, IN BOOLEAN Static, IN LPSTR DllName)
Definition: ldrpe.c:937
STATUS_DLL_NOT_FOUND
#define STATUS_DLL_NOT_FOUND
Definition: ntstatus.h:545
STATUS_PROCEDURE_NOT_FOUND
#define STATUS_PROCEDURE_NOT_FOUND
Definition: ntstatus.h:358
STATUS_NAME_TOO_LONG
#define STATUS_NAME_TOO_LONG
Definition: ntstatus.h:498
IMAGE_ORDINAL_FLAG
#define IMAGE_ORDINAL_FLAG
Definition: pedump.c:336
PIMAGE_IMPORT_BY_NAME
struct _IMAGE_IMPORT_BY_NAME * PIMAGE_IMPORT_BY_NAME
_IMAGE_EXPORT_DIRECTORY
Definition: compat.h:156
_IMAGE_IMPORT_BY_NAME
Definition: pedump.c:329
_IMAGE_IMPORT_BY_NAME::Name
BYTE Name[1]
Definition: pedump.c:331
_IMAGE_IMPORT_BY_NAME::Hint
WORD Hint
Definition: pedump.c:330
_IMAGE_THUNK_DATA32
Definition: ntimage.h:510
_IMAGE_THUNK_DATA32::Ordinal
ULONG Ordinal
Definition: ntimage.h:514
_IMAGE_THUNK_DATA32::Function
ULONG Function
Definition: ntimage.h:513
_IMAGE_THUNK_DATA32::AddressOfData
ULONG AddressOfData
Definition: ntimage.h:515
_IMAGE_THUNK_DATA32::u1
union _IMAGE_THUNK_DATA32::@2218 u1
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
PVOID
void * PVOID
Definition: typedefs.h:50
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181

Referenced by AvrfpResolveThunks(), LdrGetProcedureAddress(), LdrpGetShimEngineFunction(), and LdrpSnapThunk().

◆ LdrpGetResidentSize()

ULONG LdrpGetResidentSize ( PIMAGE_NT_HEADERS  NTHeaders)

◆ LdrpGetShimEngineInterface()

VOID NTAPI LdrpGetShimEngineInterface ( VOID  )

◆ LdrpInitFailure()

VOID NTAPI LdrpInitFailure ( NTSTATUS  Status)

Definition at line 2559 of file ldrinit.c.

2560{
2561 ULONG Response;
2562 PPEB Peb = NtCurrentPeb();
2563
2564 /* Print a debug message */
2565 DPRINT1("LDR: Process initialization failure for %wZ; NTSTATUS = %08lx\n",
2566 &Peb->ProcessParameters->ImagePathName, Status);
2567
2568 /* Raise a hard error */
2569 if (!LdrpFatalHardErrorCount)
2570 {
2571 ZwRaiseHardError(STATUS_APP_INIT_FAILURE, 1, 0, (PULONG_PTR)&Status, OptionOk, &Response);
2572 }
2573}
Peb
PPEB Peb
Definition: dllmain.c:27
LdrpFatalHardErrorCount
ULONG LdrpFatalHardErrorCount
Definition: ldrinit.c:81
ZwRaiseHardError
NTSYSAPI NTSTATUS NTAPI ZwRaiseHardError(_In_ NTSTATUS ErrorStatus, _In_ ULONG NumberOfParameters, _In_ ULONG UnicodeStringParameterMask, _In_ PULONG_PTR Parameters, _In_ ULONG ValidResponseOptions, _Out_ PULONG Response)
OptionOk
@ OptionOk
Definition: extypes.h:187
STATUS_APP_INIT_FAILURE
#define STATUS_APP_INIT_FAILURE
Definition: ntstatus.h:561
Response
Definition: ncftp.h:89
_PEB
Definition: btrfs_drv.h:1907
_PEB::ProcessParameters
PRTL_USER_PROCESS_PARAMETERS ProcessParameters
Definition: btrfs_drv.h:1913
_RTL_USER_PROCESS_PARAMETERS::ImagePathName
UNICODE_STRING ImagePathName
Definition: btrfs_drv.h:1901
PULONG_PTR
uint32_t * PULONG_PTR
Definition: typedefs.h:65

Referenced by LdrpInit(), and LdrpInitializeProcess().

◆ LdrpInitializeApplicationVerifierPackage()

NTSTATUS NTAPI LdrpInitializeApplicationVerifierPackage ( IN HANDLE  KeyHandle,
IN PPEB  Peb,
IN BOOLEAN  SystemWide,
IN BOOLEAN  ReadAdvancedOptions 
)

Referenced by LdrpInitializeExecutionOptions().

◆ LdrpInitializeProcess()

NTSTATUS NTAPI LdrpInitializeProcess ( IN PCONTEXT  Context,
IN PVOID  SystemArgument1 
)

Definition at line 1766 of file ldrinit.c.

1768{
1769 RTL_HEAP_PARAMETERS HeapParameters;
1770 ULONG ComSectionSize;
1771 ANSI_STRING BaseProcessInitPostImportName = RTL_CONSTANT_STRING("BaseProcessInitPostImport");
1772 ANSI_STRING BaseQueryModuleDataName = RTL_CONSTANT_STRING("BaseQueryModuleData");
1773 PVOID OldShimData;
1774 OBJECT_ATTRIBUTES ObjectAttributes;
1775 //UNICODE_STRING LocalFileName, FullImageName;
1776 HANDLE SymLinkHandle;
1777 //ULONG DebugHeapOnly;
1778 UNICODE_STRING CommandLine, NtSystemRoot, ImagePathName, FullPath, ImageFileName, KnownDllString;
1779 PPEB Peb = NtCurrentPeb();
1780 BOOLEAN IsDotNetImage = FALSE;
1781 BOOLEAN FreeCurDir = FALSE;
1782 //HANDLE CompatKey;
1783 PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
1784 //LPWSTR ImagePathBuffer;
1785 ULONG ConfigSize;
1786 UNICODE_STRING CurrentDirectory;
1787 HANDLE OptionsKey;
1788 ULONG HeapFlags;
1789 PIMAGE_NT_HEADERS NtHeader;
1790 LPWSTR NtDllName = NULL;
1791 NTSTATUS Status, ImportStatus;
1792 NLSTABLEINFO NlsTable;
1793 PIMAGE_LOAD_CONFIG_DIRECTORY LoadConfig;
1794 PTEB Teb = NtCurrentTeb();
1795 PLIST_ENTRY ListHead;
1796 PLIST_ENTRY NextEntry;
1797 ULONG i;
1798 PWSTR ImagePath;
1799 ULONG DebugProcessHeapOnly = 0;
1800 PLDR_DATA_TABLE_ENTRY NtLdrEntry;
1801 PWCHAR Current;
1802 ULONG ExecuteOptions = 0;
1803 PVOID ViewBase;
1804
1805 /* Set a NULL SEH Filter */
1806 RtlSetUnhandledExceptionFilter(NULL);
1807
1808 /* Get the image path */
1809 ImagePath = Peb->ProcessParameters->ImagePathName.Buffer;
1810
1811 /* Check if it's not normalized */
1812 if (!(Peb->ProcessParameters->Flags & RTL_USER_PROCESS_PARAMETERS_NORMALIZED))
1813 {
1814 /* Normalize it*/
1815 ImagePath = (PWSTR)((ULONG_PTR)ImagePath + (ULONG_PTR)Peb->ProcessParameters);
1816 }
1817
1818 /* Create a unicode string for the Image Path */
1819 ImagePathName.Length = Peb->ProcessParameters->ImagePathName.Length;
1820 ImagePathName.MaximumLength = ImagePathName.Length + sizeof(WCHAR);
1821 ImagePathName.Buffer = ImagePath;
1822
1823 /* Get the NT Headers */
1824 NtHeader = RtlImageNtHeader(Peb->ImageBaseAddress);
1825
1826 /* Get the execution options */
1827 Status = LdrpInitializeExecutionOptions(&ImagePathName, Peb, &OptionsKey);
1828
1829 /* Check if this is a .NET executable */
1830 if (RtlImageDirectoryEntryToData(Peb->ImageBaseAddress,
1831 TRUE,
1832 IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR,
1833 &ComSectionSize))
1834 {
1835 /* Remember this for later */
1836 IsDotNetImage = TRUE;
1837 }
1838
1839 /* Save the NTDLL Base address */
1840 NtDllBase = SystemArgument1;
1841
1842 /* If this is a Native Image */
1843 if (NtHeader->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_NATIVE)
1844 {
1845 /* Then do DLL Validation */
1846 LdrpDllValidation = TRUE;
1847 }
1848
1849 /* Save the old Shim Data */
1850 OldShimData = Peb->pShimData;
1851
1852 /* ReactOS specific: do not clear it. (Windows starts doing the same in later versions) */
1853 //Peb->pShimData = NULL;
1854
1855 /* Save the number of processors and CS timeout */
1856 LdrpNumberOfProcessors = Peb->NumberOfProcessors;
1857 RtlpTimeout = Peb->CriticalSectionTimeout;
1858
1859 /* Normalize the parameters */
1860 ProcessParameters = RtlNormalizeProcessParams(Peb->ProcessParameters);
1861 if (ProcessParameters)
1862 {
1863 /* Save the Image and Command Line Names */
1864 ImageFileName = ProcessParameters->ImagePathName;
1865 CommandLine = ProcessParameters->CommandLine;
1866 }
1867 else
1868 {
1869 /* It failed, initialize empty strings */
1870 RtlInitUnicodeString(&ImageFileName, NULL);
1871 RtlInitUnicodeString(&CommandLine, NULL);
1872 }
1873
1874 /* Initialize NLS data */
1875 RtlInitNlsTables(Peb->AnsiCodePageData,
1876 Peb->OemCodePageData,
1877 Peb->UnicodeCaseTableData,
1878 &NlsTable);
1879
1880 /* Reset NLS Translations */
1881 RtlResetRtlTranslations(&NlsTable);
1882
1883 /* Get the Image Config Directory */
1884 LoadConfig = RtlImageDirectoryEntryToData(Peb->ImageBaseAddress,
1885 TRUE,
1886 IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG,
1887 &ConfigSize);
1888
1889 /* Setup the Heap Parameters */
1890 RtlZeroMemory(&HeapParameters, sizeof(HeapParameters));
1891 HeapFlags = HEAP_GROWABLE;
1892 HeapParameters.Length = sizeof(HeapParameters);
1893
1894 /* Check if we have Configuration Data */
1895#define VALID_CONFIG_FIELD(Name) (ConfigSize >= RTL_SIZEOF_THROUGH_FIELD(IMAGE_LOAD_CONFIG_DIRECTORY, Name))
1896 /* The 'original' load config ends after SecurityCookie */
1897 if ((LoadConfig) && ConfigSize && (VALID_CONFIG_FIELD(SecurityCookie) || ConfigSize == LoadConfig->Size))
1898 {
1899 if (ConfigSize != sizeof(IMAGE_LOAD_CONFIG_DIRECTORY))
1900 DPRINT1("WARN: Accepting different LOAD_CONFIG size!\n");
1901 else
1902 DPRINT1("Applying LOAD_CONFIG\n");
1903
1904 if (VALID_CONFIG_FIELD(GlobalFlagsSet) && LoadConfig->GlobalFlagsSet)
1905 Peb->NtGlobalFlag |= LoadConfig->GlobalFlagsSet;
1906
1907 if (VALID_CONFIG_FIELD(GlobalFlagsClear) && LoadConfig->GlobalFlagsClear)
1908 Peb->NtGlobalFlag &= ~LoadConfig->GlobalFlagsClear;
1909
1910 /* Convert the default CS timeout from milliseconds to 100ns units */
1911 if (VALID_CONFIG_FIELD(CriticalSectionDefaultTimeout) && LoadConfig->CriticalSectionDefaultTimeout)
1912 RtlpTimeout.QuadPart = Int32x32To64(LoadConfig->CriticalSectionDefaultTimeout, -10000);
1913
1914 if (VALID_CONFIG_FIELD(DeCommitFreeBlockThreshold) && LoadConfig->DeCommitFreeBlockThreshold)
1915 HeapParameters.DeCommitFreeBlockThreshold = LoadConfig->DeCommitFreeBlockThreshold;
1916
1917 if (VALID_CONFIG_FIELD(DeCommitTotalFreeThreshold) && LoadConfig->DeCommitTotalFreeThreshold)
1918 HeapParameters.DeCommitTotalFreeThreshold = LoadConfig->DeCommitTotalFreeThreshold;
1919
1920 if (VALID_CONFIG_FIELD(MaximumAllocationSize) && LoadConfig->MaximumAllocationSize)
1921 HeapParameters.MaximumAllocationSize = LoadConfig->MaximumAllocationSize;
1922
1923 if (VALID_CONFIG_FIELD(VirtualMemoryThreshold) && LoadConfig->VirtualMemoryThreshold)
1924 HeapParameters.VirtualMemoryThreshold = LoadConfig->VirtualMemoryThreshold;
1925
1926 if (VALID_CONFIG_FIELD(ProcessHeapFlags) && LoadConfig->ProcessHeapFlags)
1927 HeapFlags = LoadConfig->ProcessHeapFlags;
1928 }
1929#undef VALID_CONFIG_FIELD
1930
1931 /* Check for custom affinity mask */
1932 if (Peb->ImageProcessAffinityMask)
1933 {
1934 /* Set it */
1935 Status = NtSetInformationProcess(NtCurrentProcess(),
1936 ProcessAffinityMask,
1937 &Peb->ImageProcessAffinityMask,
1938 sizeof(Peb->ImageProcessAffinityMask));
1939 }
1940
1941 /* Check if verbose debugging (ShowSnaps) was requested */
1942 ShowSnaps = Peb->NtGlobalFlag & FLG_SHOW_LDR_SNAPS;
1943
1944 /* Start verbose debugging messages right now if they were requested */
1945 if (ShowSnaps)
1946 {
1947 DPRINT1("LDR: PID: 0x%p started - '%wZ'\n",
1948 Teb->ClientId.UniqueProcess,
1949 &CommandLine);
1950 }
1951
1952 /* If the CS timeout is longer than 1 hour, disable it */
1953 if (RtlpTimeout.QuadPart < Int32x32To64(3600, -10000000))
1954 RtlpTimeoutDisable = TRUE;
1955
1956 /* Initialize Critical Section Data */
1957 RtlpInitDeferredCriticalSection();
1958
1959 /* Initialize VEH Call lists */
1960 RtlpInitializeVectoredExceptionHandling();
1961
1962 /* Set TLS/FLS Bitmap data */
1963 Peb->FlsBitmap = &FlsBitMap;
1964 Peb->TlsBitmap = &TlsBitMap;
1965 Peb->TlsExpansionBitmap = &TlsExpansionBitMap;
1966
1967 /* Initialize FLS Bitmap */
1968 RtlInitializeBitMap(&FlsBitMap,
1969 Peb->FlsBitmapBits,
1970 FLS_MAXIMUM_AVAILABLE);
1971 RtlSetBit(&FlsBitMap, 0);
1972 InitializeListHead(&Peb->FlsListHead);
1973
1974 /* Initialize TLS Bitmap */
1975 RtlInitializeBitMap(&TlsBitMap,
1976 Peb->TlsBitmapBits,
1977 TLS_MINIMUM_AVAILABLE);
1978 RtlSetBit(&TlsBitMap, 0);
1979 RtlInitializeBitMap(&TlsExpansionBitMap,
1980 Peb->TlsExpansionBitmapBits,
1981 TLS_EXPANSION_SLOTS);
1982 RtlSetBit(&TlsExpansionBitMap, 0);
1983
1984 /* Initialize the Hash Table */
1985 for (i = 0; i < LDR_HASH_TABLE_ENTRIES; i++)
1986 {
1987 InitializeListHead(&LdrpHashTable[i]);
1988 }
1989
1990 /* Initialize the Loader Lock */
1991 // FIXME: What's the point of initing it manually, if two lines lower
1992 // a call to RtlInitializeCriticalSection() is being made anyway?
1993 //InsertTailList(&RtlCriticalSectionList, &LdrpLoaderLock.DebugInfo->ProcessLocksList);
1994 //LdrpLoaderLock.DebugInfo->CriticalSection = &LdrpLoaderLock;
1995 RtlInitializeCriticalSection(&LdrpLoaderLock);
1996 LdrpLoaderLockInit = TRUE;
1997
1998 /* Check if User Stack Trace Database support was requested */
1999 if (Peb->NtGlobalFlag & FLG_USER_STACK_TRACE_DB)
2000 {
2001 DPRINT1("We don't support user stack trace databases yet\n");
2002 }
2003
2004 /* Setup Fast PEB Lock */
2005 RtlInitializeCriticalSection(&FastPebLock);
2006 Peb->FastPebLock = &FastPebLock;
2007 //Peb->FastPebLockRoutine = (PPEBLOCKROUTINE)RtlEnterCriticalSection;
2008 //Peb->FastPebUnlockRoutine = (PPEBLOCKROUTINE)RtlLeaveCriticalSection;
2009
2010 /* Setup Callout Lock */
2011 //RtlInitializeCriticalSection(&RtlpCalloutEntryLock);
2012
2013 /* For old executables, use 16-byte aligned heap */
2014 if ((NtHeader->OptionalHeader.MajorSubsystemVersion <= 3) &&
2015 (NtHeader->OptionalHeader.MinorSubsystemVersion < 51))
2016 {
2017 HeapFlags |= HEAP_CREATE_ALIGN_16;
2018 }
2019
2020 /* Setup the Heap */
2021 RtlInitializeHeapManager();
2022 Peb->ProcessHeap = RtlCreateHeap(HeapFlags,
2023 NULL,
2024 NtHeader->OptionalHeader.SizeOfHeapReserve,
2025 NtHeader->OptionalHeader.SizeOfHeapCommit,
2026 NULL,
2027 &HeapParameters);
2028
2029 if (!Peb->ProcessHeap)
2030 {
2031 DPRINT1("Failed to create process heap\n");
2032 return STATUS_NO_MEMORY;
2033 }
2034
2035 Status = RtlpInitializeLocaleTable();
2036 if (!NT_SUCCESS(Status))
2037 {
2038 DPRINT1("Failed to initialize locale table\n");
2039 return Status;
2040 }
2041
2042 /* Allocate an Activation Context Stack */
2043 Status = RtlAllocateActivationContextStack(&Teb->ActivationContextStackPointer);
2044 if (!NT_SUCCESS(Status)) return Status;
2045
2046 RtlZeroMemory(&HeapParameters, sizeof(HeapParameters));
2047 HeapFlags = HEAP_GROWABLE | HEAP_CLASS_1;
2048 HeapParameters.Length = sizeof(HeapParameters);
2049 LdrpHeap = RtlCreateHeap(HeapFlags, 0, 0x10000, 0x6000, 0, &HeapParameters);
2050 if (!LdrpHeap)
2051 {
2052 DPRINT1("Failed to create loader private heap\n");
2053 return STATUS_NO_MEMORY;
2054 }
2055
2056 /* Check for Debug Heap */
2057 if (OptionsKey)
2058 {
2059 /* Query the setting */
2060 Status = LdrQueryImageFileKeyOption(OptionsKey,
2061 L"DebugProcessHeapOnly",
2062 REG_DWORD,
2063 &DebugProcessHeapOnly,
2064 sizeof(ULONG),
2065 NULL);
2066
2067 if (NT_SUCCESS(Status))
2068 {
2069 /* Reset DPH if requested */
2070 if (RtlpPageHeapEnabled && DebugProcessHeapOnly)
2071 {
2072 RtlpDphGlobalFlags &= ~DPH_FLAG_DLL_NOTIFY;
2073 RtlpPageHeapEnabled = FALSE;
2074 }
2075 }
2076 }
2077
2078 /* Build the NTDLL Path */
2079 FullPath.Buffer = StringBuffer;
2080 FullPath.Length = 0;
2081 FullPath.MaximumLength = sizeof(StringBuffer);
2082 RtlInitUnicodeString(&NtSystemRoot, SharedUserData->NtSystemRoot);
2083 RtlAppendUnicodeStringToString(&FullPath, &NtSystemRoot);
2084 RtlAppendUnicodeToString(&FullPath, L"\\System32\\");
2085
2086 /* Open the Known DLLs directory */
2087 RtlInitUnicodeString(&KnownDllString, L"\\KnownDlls");
2088 InitializeObjectAttributes(&ObjectAttributes,
2089 &KnownDllString,
2090 OBJ_CASE_INSENSITIVE,
2091 NULL,
2092 NULL);
2093 Status = ZwOpenDirectoryObject(&LdrpKnownDllObjectDirectory,
2094 DIRECTORY_QUERY | DIRECTORY_TRAVERSE,
2095 &ObjectAttributes);
2096
2097 /* Check if it exists */
2098 if (NT_SUCCESS(Status))
2099 {
2100 /* Open the Known DLLs Path */
2101 RtlInitUnicodeString(&KnownDllString, L"KnownDllPath");
2102 InitializeObjectAttributes(&ObjectAttributes,
2103 &KnownDllString,
2104 OBJ_CASE_INSENSITIVE,
2105 LdrpKnownDllObjectDirectory,
2106 NULL);
2107 Status = NtOpenSymbolicLinkObject(&SymLinkHandle,
2108 SYMBOLIC_LINK_QUERY,
2109 &ObjectAttributes);
2110 if (NT_SUCCESS(Status))
2111 {
2112 /* Query the path */
2113 LdrpKnownDllPath.Length = 0;
2114 LdrpKnownDllPath.MaximumLength = sizeof(LdrpKnownDllPathBuffer);
2115 LdrpKnownDllPath.Buffer = LdrpKnownDllPathBuffer;
2116 Status = ZwQuerySymbolicLinkObject(SymLinkHandle, &LdrpKnownDllPath, NULL);
2117 NtClose(SymLinkHandle);
2118 if (!NT_SUCCESS(Status))
2119 {
2120 DPRINT1("LDR: %s - failed call to ZwQuerySymbolicLinkObject with status %x\n", "", Status);
2121 return Status;
2122 }
2123 }
2124 }
2125
2126 /* Check if we failed */
2127 if (!NT_SUCCESS(Status))
2128 {
2129 /* Assume System32 */
2130 LdrpKnownDllObjectDirectory = NULL;
2131 RtlInitUnicodeString(&LdrpKnownDllPath, StringBuffer);
2132 LdrpKnownDllPath.Length -= sizeof(WCHAR);
2133 }
2134
2135 /* If we have process parameters, get the default path and current path */
2136 if (ProcessParameters)
2137 {
2138 /* Check if we have a Dll Path */
2139 if (ProcessParameters->DllPath.Length)
2140 {
2141 /* Get the path */
2142 LdrpDefaultPath = *(PUNICODE_STRING)&ProcessParameters->DllPath;
2143 }
2144 else
2145 {
2146 /* We need a valid path */
2147 DPRINT1("No valid DllPath was given!\n");
2148 LdrpInitFailure(STATUS_INVALID_PARAMETER);
2149 }
2150
2151 /* Set the current directory */
2152 CurrentDirectory = ProcessParameters->CurrentDirectory.DosPath;
2153
2154 /* Check if it's empty or invalid */
2155 if ((!CurrentDirectory.Buffer) ||
2156 (CurrentDirectory.Buffer[0] == UNICODE_NULL) ||
2157 (!CurrentDirectory.Length))
2158 {
2159 /* Allocate space for the buffer */
2160 CurrentDirectory.Buffer = RtlAllocateHeap(Peb->ProcessHeap,
2161 0,
2162 3 * sizeof(WCHAR) +
2163 sizeof(UNICODE_NULL));
2164 if (!CurrentDirectory.Buffer)
2165 {
2166 DPRINT1("LDR: LdrpInitializeProcess - unable to allocate current working directory buffer\n");
2167 // FIXME: And what?
2168 }
2169
2170 /* Copy the drive of the system root */
2171 RtlMoveMemory(CurrentDirectory.Buffer,
2172 SharedUserData->NtSystemRoot,
2173 3 * sizeof(WCHAR));
2174 CurrentDirectory.Buffer[3] = UNICODE_NULL;
2175 CurrentDirectory.Length = 3 * sizeof(WCHAR);
2176 CurrentDirectory.MaximumLength = CurrentDirectory.Length + sizeof(WCHAR);
2177
2178 FreeCurDir = TRUE;
2179 DPRINT("Using dynamically allocd curdir\n");
2180 }
2181 else
2182 {
2183 /* Use the local buffer */
2184 DPRINT("Using local system root\n");
2185 }
2186 }
2187
2188 /* Setup Loader Data */
2189 Peb->Ldr = &PebLdr;
2190 InitializeListHead(&PebLdr.InLoadOrderModuleList);
2191 InitializeListHead(&PebLdr.InMemoryOrderModuleList);
2192 InitializeListHead(&PebLdr.InInitializationOrderModuleList);
2193 PebLdr.Length = sizeof(PEB_LDR_DATA);
2194 PebLdr.Initialized = TRUE;
2195
2196 /* Allocate a data entry for the Image */
2197 LdrpImageEntry = LdrpAllocateDataTableEntry(Peb->ImageBaseAddress);
2198
2199 /* Set it up */
2200 LdrpImageEntry->EntryPoint = LdrpFetchAddressOfEntryPoint(LdrpImageEntry->DllBase);
2201 LdrpImageEntry->LoadCount = -1;
2202 LdrpImageEntry->EntryPointActivationContext = 0;
2203 LdrpImageEntry->FullDllName = ImageFileName;
2204
2205 if (IsDotNetImage)
2206 LdrpImageEntry->Flags = LDRP_COR_IMAGE;
2207 else
2208 LdrpImageEntry->Flags = 0;
2209
2210 /* Check if the name is empty */
2211 if (!ImageFileName.Buffer[0])
2212 {
2213 /* Use the same Base name */
2214 LdrpImageEntry->BaseDllName = LdrpImageEntry->FullDllName;
2215 }
2216 else
2217 {
2218 /* Find the last slash */
2219 Current = ImageFileName.Buffer;
2220 while (*Current)
2221 {
2222 if (*Current++ == '\\')
2223 {
2224 /* Set this path */
2225 NtDllName = Current;
2226 }
2227 }
2228
2229 /* Did we find anything? */
2230 if (!NtDllName)
2231 {
2232 /* Use the same Base name */
2233 LdrpImageEntry->BaseDllName = LdrpImageEntry->FullDllName;
2234 }
2235 else
2236 {
2237 /* Setup the name */
2238 LdrpImageEntry->BaseDllName.Length = (USHORT)((ULONG_PTR)ImageFileName.Buffer + ImageFileName.Length - (ULONG_PTR)NtDllName);
2239 LdrpImageEntry->BaseDllName.MaximumLength = LdrpImageEntry->BaseDllName.Length + sizeof(WCHAR);
2240 LdrpImageEntry->BaseDllName.Buffer = (PWSTR)((ULONG_PTR)ImageFileName.Buffer +
2241 (ImageFileName.Length - LdrpImageEntry->BaseDllName.Length));
2242 }
2243 }
2244
2245 /* Processing done, insert it */
2246 LdrpInsertMemoryTableEntry(LdrpImageEntry);
2247 LdrpImageEntry->Flags |= LDRP_ENTRY_PROCESSED;
2248
2249 /* Now add an entry for NTDLL */
2250 NtLdrEntry = LdrpAllocateDataTableEntry(SystemArgument1);
2251 NtLdrEntry->Flags = LDRP_IMAGE_DLL;
2252 NtLdrEntry->EntryPoint = LdrpFetchAddressOfEntryPoint(NtLdrEntry->DllBase);
2253 NtLdrEntry->LoadCount = -1;
2254 NtLdrEntry->EntryPointActivationContext = 0;
2255
2256 NtLdrEntry->FullDllName.Length = FullPath.Length;
2257 NtLdrEntry->FullDllName.MaximumLength = FullPath.MaximumLength;
2258 NtLdrEntry->FullDllName.Buffer = StringBuffer;
2259 RtlAppendUnicodeStringToString(&NtLdrEntry->FullDllName, &NtDllString);
2260
2261 NtLdrEntry->BaseDllName.Length = NtDllString.Length;
2262 NtLdrEntry->BaseDllName.MaximumLength = NtDllString.MaximumLength;
2263 NtLdrEntry->BaseDllName.Buffer = NtDllString.Buffer;
2264
2265 /* Processing done, insert it */
2266 LdrpNtDllDataTableEntry = NtLdrEntry;
2267 LdrpInsertMemoryTableEntry(NtLdrEntry);
2268
2269 /* Let the world know */
2270 if (ShowSnaps)
2271 {
2272 DPRINT1("LDR: NEW PROCESS\n");
2273 DPRINT1(" Image Path: %wZ (%wZ)\n", &LdrpImageEntry->FullDllName, &LdrpImageEntry->BaseDllName);
2274 DPRINT1(" Current Directory: %wZ\n", &CurrentDirectory);
2275 DPRINT1(" Search Path: %wZ\n", &LdrpDefaultPath);
2276 }
2277
2278 /* Link the Init Order List */
2279 InsertHeadList(&Peb->Ldr->InInitializationOrderModuleList,
2280 &LdrpNtDllDataTableEntry->InInitializationOrderLinks);
2281
2282 /* Initialize Wine's active context implementation for the current process */
2283 RtlpInitializeActCtx(&OldShimData);
2284
2285 /* Set the current directory */
2286 Status = RtlSetCurrentDirectory_U(&CurrentDirectory);
2287 if (!NT_SUCCESS(Status))
2288 {
2289 /* We failed, check if we should free it */
2290 if (FreeCurDir) RtlFreeUnicodeString(&CurrentDirectory);
2291
2292 /* Set it to the NT Root */
2293 CurrentDirectory = NtSystemRoot;
2294 RtlSetCurrentDirectory_U(&CurrentDirectory);
2295 }
2296 else
2297 {
2298 /* We're done with it, free it */
2299 if (FreeCurDir) RtlFreeUnicodeString(&CurrentDirectory);
2300 }
2301
2302 /* Check if we should look for a .local file */
2303 if (ProcessParameters && !(ProcessParameters->Flags & RTL_USER_PROCESS_PARAMETERS_LOCAL_DLL_PATH))
2304 {
2305 LdrpInitializeDotLocalSupport(ProcessParameters);
2306 }
2307
2308 /* Check if the Application Verifier was enabled */
2309 if (Peb->NtGlobalFlag & FLG_APPLICATION_VERIFIER)
2310 {
2311 Status = AVrfInitializeVerifier();
2312 if (!NT_SUCCESS(Status))
2313 {
2314 DPRINT1("LDR: AVrfInitializeVerifier failed (ntstatus 0x%x)\n", Status);
2315 return Status;
2316 }
2317
2318 }
2319
2320 if (IsDotNetImage)
2321 {
2322 /* FIXME */
2323 DPRINT1("We don't support .NET applications yet\n");
2324 }
2325
2326 if (NtHeader->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_GUI ||
2327 NtHeader->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI)
2328 {
2329 PVOID Kernel32BaseAddress;
2330 PVOID FunctionAddress;
2331
2332 Status = LdrLoadDll(NULL, NULL, &Kernel32String, &Kernel32BaseAddress);
2333
2334 if (!NT_SUCCESS(Status))
2335 {
2336 if (ShowSnaps)
2337 DPRINT1("LDR: Unable to load %wZ, Status=0x%08lx\n", &Kernel32String, Status);
2338 return Status;
2339 }
2340
2341 Status = LdrGetProcedureAddress(Kernel32BaseAddress,
2342 &BaseProcessInitPostImportName,
2343 0,
2344 &FunctionAddress);
2345
2346 if (!NT_SUCCESS(Status))
2347 {
2348 if (ShowSnaps)
2349 DPRINT1("LDR: Unable to find post-import process init function, Status=0x%08lx\n", Status);
2350 return Status;
2351 }
2352 Kernel32ProcessInitPostImportFunction = FunctionAddress;
2353
2354 Status = LdrGetProcedureAddress(Kernel32BaseAddress,
2355 &BaseQueryModuleDataName,
2356 0,
2357 &FunctionAddress);
2358
2359 if (!NT_SUCCESS(Status))
2360 {
2361 if (ShowSnaps)
2362 DPRINT1("LDR: Unable to find BaseQueryModuleData, Status=0x%08lx\n", Status);
2363 return Status;
2364 }
2365 Kernel32BaseQueryModuleData = FunctionAddress;
2366 }
2367
2368 /* Walk the IAT and load all the DLLs */
2369 ImportStatus = LdrpWalkImportDescriptor(LdrpDefaultPath.Buffer, LdrpImageEntry);
2370
2371 /* Check if relocation is needed */
2372 if (Peb->ImageBaseAddress != (PVOID)NtHeader->OptionalHeader.ImageBase)
2373 {
2374 DPRINT1("LDR: Performing EXE relocation\n");
2375
2376 /* Change the protection to prepare for relocation */
2377 ViewBase = Peb->ImageBaseAddress;
2378 Status = LdrpSetProtection(ViewBase, FALSE);
2379 if (!NT_SUCCESS(Status)) return Status;
2380
2381 /* Do the relocation */
2382 Status = LdrRelocateImageWithBias(ViewBase,
2383 0LL,
2384 NULL,
2385 STATUS_SUCCESS,
2386 STATUS_CONFLICTING_ADDRESSES,
2387 STATUS_INVALID_IMAGE_FORMAT);
2388 if (!NT_SUCCESS(Status))
2389 {
2390 DPRINT1("LdrRelocateImageWithBias() failed\n");
2391 return Status;
2392 }
2393
2394 /* Check if a start context was provided */
2395 if (Context)
2396 {
2397 DPRINT1("WARNING: Relocated EXE Context");
2398 UNIMPLEMENTED; // We should support this
2399 return STATUS_INVALID_IMAGE_FORMAT;
2400 }
2401
2402 /* Restore the protection */
2403 Status = LdrpSetProtection(ViewBase, TRUE);
2404 if (!NT_SUCCESS(Status)) return Status;
2405 }
2406
2407 /* Lock the DLLs */
2408 ListHead = &Peb->Ldr->InLoadOrderModuleList;
2409 NextEntry = ListHead->Flink;
2410 while (ListHead != NextEntry)
2411 {
2412 NtLdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
2413 NtLdrEntry->LoadCount = -1;
2414 NextEntry = NextEntry->Flink;
2415 }
2416
2417 /* Phase 0 is done */
2418 LdrpLdrDatabaseIsSetup = TRUE;
2419
2420 /* Check whether all static imports were properly loaded and return here */
2421 if (!NT_SUCCESS(ImportStatus)) return ImportStatus;
2422
2423 /* Following two calls are for Vista+ support, required for winesync */
2424 /* Initialize the keyed event for condition variables */
2425 RtlpInitializeKeyedEvent();
2426 RtlpInitializeThreadPooling();
2427
2428 /* Initialize TLS */
2429 Status = LdrpInitializeTls();
2430 if (!NT_SUCCESS(Status))
2431 {
2432 DPRINT1("LDR: LdrpProcessInitialization failed to initialize TLS slots; status %x\n",
2433 Status);
2434 return Status;
2435 }
2436
2437 /* FIXME Mark the DLL Ranges for Stack Traces later */
2438
2439 /* Notify the debugger now */
2440 if (Peb->BeingDebugged)
2441 {
2442 /* Break */
2443 DbgBreakPoint();
2444
2445 /* Update show snaps again */
2446 ShowSnaps = Peb->NtGlobalFlag & FLG_SHOW_LDR_SNAPS;
2447 }
2448
2449 /* Validate the Image for MP Usage */
2450 if (LdrpNumberOfProcessors > 1) LdrpValidateImageForMp(LdrpImageEntry);
2451
2452 /* Check NX options and set them */
2453 if (SharedUserData->NXSupportPolicy == NX_SUPPORT_POLICY_ALWAYSON)
2454 {
2455 ExecuteOptions = MEM_EXECUTE_OPTION_DISABLE |
2456 MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION |
2457 MEM_EXECUTE_OPTION_PERMANENT;
2458 }
2459 else if (SharedUserData->NXSupportPolicy == NX_SUPPORT_POLICY_ALWAYSOFF)
2460 {
2461 ExecuteOptions = MEM_EXECUTE_OPTION_ENABLE | MEM_EXECUTE_OPTION_PERMANENT;
2462 }
2463 Status = NtSetInformationProcess(NtCurrentProcess(),
2464 ProcessExecuteFlags,
2465 &ExecuteOptions,
2466 sizeof(ExecuteOptions));
2467 if (!NT_SUCCESS(Status))
2468 {
2469 DPRINT1("LDR: Could not set process execute flags 0x%x; status %x\n",
2470 ExecuteOptions, Status);
2471 }
2472
2473 // FIXME: Should be done by Application Compatibility features,
2474 // by reading the registry, etc...
2475 // For now, this is the old code from ntdll!RtlGetVersion().
2476 RtlInitEmptyUnicodeString(&Peb->CSDVersion, NULL, 0);
2477 if (((Peb->OSCSDVersion >> 8) & 0xFF) != 0)
2478 {
2479 WCHAR szCSDVersion[128];
2480 LONG i;
2481 USHORT Length = (USHORT)ARRAYSIZE(szCSDVersion) - 1;
2482 i = _snwprintf(szCSDVersion, Length,
2483 L"Service Pack %d",
2484 ((Peb->OSCSDVersion >> 8) & 0xFF));
2485 if (i < 0)
2486 {
2487 /* Null-terminate if it was overflowed */
2488 szCSDVersion[Length] = UNICODE_NULL;
2489 }
2490
2491 Length *= sizeof(WCHAR);
2492 Peb->CSDVersion.Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
2493 0,
2494 Length + sizeof(UNICODE_NULL));
2495 if (Peb->CSDVersion.Buffer)
2496 {
2497 Peb->CSDVersion.Length = Length;
2498 Peb->CSDVersion.MaximumLength = Length + sizeof(UNICODE_NULL);
2499
2500 RtlCopyMemory(Peb->CSDVersion.Buffer,
2501 szCSDVersion,
2502 Peb->CSDVersion.MaximumLength);
2503 Peb->CSDVersion.Buffer[Peb->CSDVersion.Length / sizeof(WCHAR)] = UNICODE_NULL;
2504 }
2505 }
2506
2507 /* Check if we had Shim Data */
2508 if (OldShimData)
2509 {
2510 /* Load the Shim Engine */
2511 Peb->AppCompatInfo = NULL;
2512 LdrpLoadShimEngine(OldShimData, &ImagePathName, OldShimData);
2513 }
2514 else
2515 {
2516 /* Check for Application Compatibility Goo */
2517 //LdrQueryApplicationCompatibilityGoo(hKey);
2518 DPRINT("Querying app compat hacks is missing!\n");
2519 }
2520
2521 /*
2522 * FIXME: Check for special images, SecuROM, SafeDisc and other NX-
2523 * incompatible images.
2524 */
2525
2526 /* Now call the Init Routines */
2527 Status = LdrpRunInitializeRoutines(Context);
2528 if (!NT_SUCCESS(Status))
2529 {
2530 DPRINT1("LDR: LdrpProcessInitialization failed running initialization routines; status %x\n",
2531 Status);
2532 return Status;
2533 }
2534
2535 /* Notify Shim Engine */
2536 if (g_ShimsEnabled)
2537 {
2538 VOID(NTAPI *SE_InstallAfterInit)(PUNICODE_STRING, PVOID);
2539 SE_InstallAfterInit = RtlDecodeSystemPointer(g_pfnSE_InstallAfterInit);
2540 SE_InstallAfterInit(&ImagePathName, OldShimData);
2541 }
2542
2543 /* Check if we have a user-defined Post Process Routine */
2544 if (NT_SUCCESS(Status) && Peb->PostProcessInitRoutine)
2545 {
2546 /* Call it */
2547 Peb->PostProcessInitRoutine();
2548 }
2549
2550 /* Close the key if we have one opened */
2551 if (OptionsKey) NtClose(OptionsKey);
2552
2553 /* Return status */
2554 return Status;
2555}
VOID
#define VOID
Definition: acefi.h:82
CurrentDirectory
WCHAR CurrentDirectory[1024]
Definition: chkdsk.c:74
PEB_LDR_DATA
struct _PEB_LDR_DATA PEB_LDR_DATA
RtlInitializeBitMap
#define RtlInitializeBitMap
Definition: dbgbitmap.h:326
RtlSetBit
#define RtlSetBit
Definition: dbgbitmap.h:344
ARRAYSIZE
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Definition: compat.h:153
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
InsertHeadList
#define InsertHeadList(ListHead, Entry)
Definition: env_spec_w32.h:1022
PUNICODE_STRING
UNICODE_STRING * PUNICODE_STRING
Definition: env_spec_w32.h:373
RtlAppendUnicodeToString
NTSTATUS RtlAppendUnicodeToString(IN PUNICODE_STRING Str1, IN PWSTR Str2)
Definition: string_lib.cpp:62
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
FLG_USER_STACK_TRACE_DB
#define FLG_USER_STACK_TRACE_DB
Definition: pstypes.h:67
FLG_SHOW_LDR_SNAPS
#define FLG_SHOW_LDR_SNAPS
Definition: pstypes.h:57
TLS_EXPANSION_SLOTS
#define TLS_EXPANSION_SLOTS
Definition: pstypes.h:311
DbgBreakPoint
NTSYSAPI void WINAPI DbgBreakPoint(void)
ProcessAffinityMask
@ ProcessAffinityMask
Definition: winternl.h:877
ProcessExecuteFlags
@ ProcessExecuteFlags
Definition: winternl.h:889
NtDllBase
PVOID NtDllBase
Definition: ldrinit.c:56
LdrpImageEntry
PLDR_DATA_TABLE_ENTRY LdrpImageEntry
Definition: ldrinit.c:39
LdrpInitializeDotLocalSupport
VOID NTAPI LdrpInitializeDotLocalSupport(PRTL_USER_PROCESS_PARAMETERS ProcessParameters)
Definition: ldrinit.c:1705
LdrpKnownDllPathBuffer
WCHAR LdrpKnownDllPathBuffer[128]
Definition: ldrinit.c:62
LdrpDefaultPath
UNICODE_STRING LdrpDefaultPath
Definition: ldrinit.c:63
RtlpInitDeferredCriticalSection
VOID NTAPI RtlpInitDeferredCriticalSection(VOID)
Definition: critical.c:272
LdrpInitializeExecutionOptions
NTSTATUS NTAPI LdrpInitializeExecutionOptions(PUNICODE_STRING ImagePathName, PPEB Peb, PHANDLE OptionsKey)
Definition: ldrinit.c:1427
FastPebLock
RTL_CRITICAL_SECTION FastPebLock
Definition: ldrinit.c:77
LdrpNumberOfProcessors
ULONG LdrpNumberOfProcessors
Definition: ldrinit.c:55
FlsBitMap
RTL_BITMAP FlsBitMap
Definition: ldrinit.c:51
TlsBitMap
RTL_BITMAP TlsBitMap
Definition: ldrinit.c:49
LdrpLoaderLockInit
BOOLEAN LdrpLoaderLockInit
Definition: ldrinit.c:32
RtlpTimeout
LARGE_INTEGER RtlpTimeout
Definition: critical.c:25
RtlpInitializeLocaleTable
NTSTATUS NTAPI RtlpInitializeLocaleTable(VOID)
Definition: locale.c:529
LdrQueryImageFileKeyOption
NTSTATUS NTAPI LdrQueryImageFileKeyOption(_In_ HANDLE KeyHandle, _In_ PCWSTR ValueName, _In_ ULONG Type, _Out_ PVOID Buffer, _In_ ULONG BufferSize, _Out_opt_ PULONG ReturnedLength)
Definition: ldrinit.c:184
RtlInitializeHeapManager
VOID NTAPI RtlInitializeHeapManager(VOID)
Definition: libsupp.c:243
LdrpValidateImageForMp
VOID NTAPI LdrpValidateImageForMp(IN PLDR_DATA_TABLE_ENTRY LdrDataTableEntry)
Definition: ldrinit.c:1546
LdrpHashTable
LIST_ENTRY LdrpHashTable[LDR_HASH_TABLE_ENTRIES]
Definition: ldrinit.c:59
LdrpKnownDllPath
UNICODE_STRING LdrpKnownDllPath
Definition: ldrinit.c:61
TlsExpansionBitMap
RTL_BITMAP TlsExpansionBitMap
Definition: ldrinit.c:50
LdrpRunInitializeRoutines
NTSTATUS NTAPI LdrpRunInitializeRoutines(IN PCONTEXT Context OPTIONAL)
Definition: ldrinit.c:648
LdrpLdrDatabaseIsSetup
BOOLEAN LdrpLdrDatabaseIsSetup
Definition: ldrinit.c:33
RtlpInitializeVectoredExceptionHandling
VOID NTAPI RtlpInitializeVectoredExceptionHandling(VOID)
Definition: vectoreh.c:30
StringBuffer
WCHAR StringBuffer[156]
Definition: ldrinit.c:41
LdrpKnownDllObjectDirectory
HANDLE LdrpKnownDllObjectDirectory
Definition: ldrinit.c:60
LdrpLoaderLock
RTL_CRITICAL_SECTION LdrpLoaderLock
Definition: ldrinit.c:68
LdrpInitFailure
VOID NTAPI LdrpInitFailure(NTSTATUS Status)
Definition: ldrinit.c:2559
LdrpNtDllDataTableEntry
PLDR_DATA_TABLE_ENTRY LdrpNtDllDataTableEntry
Definition: ldrinit.c:44
LdrpInitializeTls
NTSTATUS NTAPI LdrpInitializeTls(VOID)
Definition: ldrinit.c:1265
VALID_CONFIG_FIELD
#define VALID_CONFIG_FIELD(Name)
Kernel32String
UNICODE_STRING Kernel32String
Definition: ldrinit.c:27
RtlpTimeoutDisable
BOOLEAN RtlpTimeoutDisable
Definition: critical.c:26
NtDllString
UNICODE_STRING NtDllString
Definition: ldrinit.c:26
RtlpInitializeActCtx
NTSTATUS NTAPI RtlpInitializeActCtx(PVOID *pOldShimData)
LdrpDllValidation
BOOLEAN LdrpDllValidation
Definition: ldrinit.c:37
PebLdr
PEB_LDR_DATA PebLdr
Definition: ldrinit.c:65
LdrLoadDll
NTSTATUS NTAPI DECLSPEC_HOTPATCH LdrLoadDll(_In_opt_ PWSTR SearchPath, _In_opt_ PULONG DllCharacteristics, _In_ PUNICODE_STRING DllName, _Out_ PVOID *BaseAddress)
Definition: ldrapi.c:312
LdrGetProcedureAddress
NTSTATUS NTAPI LdrGetProcedureAddress(_In_ PVOID BaseAddress, _In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING Name, _In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG Ordinal, _Out_ PVOID *ProcedureAddress)
Definition: ldrapi.c:789
LDRP_COR_IMAGE
#define LDRP_COR_IMAGE
Definition: ldrtypes.h:56
LDRP_IMAGE_DLL
#define LDRP_IMAGE_DLL
Definition: ldrtypes.h:39
_snwprintf
int _snwprintf(wchar_t *buffer, size_t count, const wchar_t *format,...)
MEM_EXECUTE_OPTION_DISABLE
#define MEM_EXECUTE_OPTION_DISABLE
Definition: mmtypes.h:73
MEM_EXECUTE_OPTION_PERMANENT
#define MEM_EXECUTE_OPTION_PERMANENT
Definition: mmtypes.h:76
MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION
#define MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION
Definition: mmtypes.h:75
MEM_EXECUTE_OPTION_ENABLE
#define MEM_EXECUTE_OPTION_ENABLE
Definition: mmtypes.h:74
ZwOpenDirectoryObject
NTSYSAPI NTSTATUS NTAPI ZwOpenDirectoryObject(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
RtlInitNlsTables
NTSYSAPI VOID NTAPI RtlInitNlsTables(_In_ PUSHORT AnsiTableBase, _In_ PUSHORT OemTableBase, _In_ PUSHORT CaseTableBase, _Out_ PNLSTABLEINFO NlsTable)
RtlResetRtlTranslations
NTSYSAPI VOID NTAPI RtlResetRtlTranslations(_In_ PNLSTABLEINFO NlsTable)
RtlSetCurrentDirectory_U
NTSYSAPI NTSTATUS NTAPI RtlSetCurrentDirectory_U(_In_ PUNICODE_STRING name)
LdrRelocateImageWithBias
ULONG NTAPI LdrRelocateImageWithBias(_In_ PVOID BaseAddress, _In_ LONGLONG AdditionalBias, _In_opt_ PCSTR LoaderName, _In_ ULONG Success, _In_ ULONG Conflict, _In_ ULONG Invalid)
Definition: image.c:474
RtlNormalizeProcessParams
NTSYSAPI PRTL_USER_PROCESS_PARAMETERS NTAPI RtlNormalizeProcessParams(_In_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters)
RTL_USER_PROCESS_PARAMETERS_LOCAL_DLL_PATH
#define RTL_USER_PROCESS_PARAMETERS_LOCAL_DLL_PATH
Definition: rtltypes.h:53
RTL_USER_PROCESS_PARAMETERS_NORMALIZED
#define RTL_USER_PROCESS_PARAMETERS_NORMALIZED
Definition: rtltypes.h:41
SYMBOLIC_LINK_QUERY
#define SYMBOLIC_LINK_QUERY
Definition: nt_native.h:1265
RtlAppendUnicodeStringToString
NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeStringToString(PUNICODE_STRING Destination, PUNICODE_STRING Source)
DIRECTORY_QUERY
#define DIRECTORY_QUERY
Definition: nt_native.h:1254
DIRECTORY_TRAVERSE
#define DIRECTORY_TRAVERSE
Definition: nt_native.h:1255
HEAP_CLASS_1
#define HEAP_CLASS_1
Definition: nt_native.h:1711
RtlCreateHeap
NTSYSAPI PVOID NTAPI RtlCreateHeap(IN ULONG Flags, IN PVOID HeapBase OPTIONAL, IN ULONG ReserveSize OPTIONAL, IN ULONG CommitSize OPTIONAL, IN PVOID Lock OPTIONAL, IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL)
HEAP_GROWABLE
#define HEAP_GROWABLE
Definition: nt_native.h:1693
RtlFreeUnicodeString
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
HEAP_CREATE_ALIGN_16
#define HEAP_CREATE_ALIGN_16
Definition: nt_native.h:1701
Int32x32To64
#define Int32x32To64(a, b)
g_pfnSE_InstallAfterInit
PVOID g_pfnSE_InstallAfterInit
Definition: ldrutils.c:26
LdrpLoadShimEngine
VOID NTAPI LdrpLoadShimEngine(IN PWSTR ImageName, IN PUNICODE_STRING ProcessImage, IN PVOID pShimData)
Definition: ldrutils.c:2757
LdrpWalkImportDescriptor
NTSTATUS NTAPI LdrpWalkImportDescriptor(IN LPWSTR DllPath OPTIONAL, IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: ldrpe.c:670
AVrfInitializeVerifier
NTSTATUS NTAPI AVrfInitializeVerifier(VOID)
Definition: verifier.c:672
LDR_HASH_TABLE_ENTRIES
#define LDR_HASH_TABLE_ENTRIES
Definition: ntdllp.h:11
RtlpInitializeThreadPooling
VOID NTAPI RtlpInitializeThreadPooling(VOID)
LdrpInsertMemoryTableEntry
VOID NTAPI LdrpInsertMemoryTableEntry(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: ldrutils.c:1561
LdrpSetProtection
NTSTATUS NTAPI LdrpSetProtection(PVOID ViewBase, BOOLEAN Restore)
Definition: ldrutils.c:921
LdrpFetchAddressOfEntryPoint
PVOID NTAPI LdrpFetchAddressOfEntryPoint(PVOID ImageBase)
RtlpPageHeapEnabled
BOOLEAN RtlpPageHeapEnabled
Definition: heappage.c:107
LdrpAllocateDataTableEntry
PLDR_DATA_TABLE_ENTRY NTAPI LdrpAllocateDataTableEntry(IN PVOID BaseAddress)
Definition: ldrutils.c:1528
g_ShimsEnabled
BOOLEAN g_ShimsEnabled
Definition: ldrutils.c:21
RtlpInitializeKeyedEvent
VOID NTAPI RtlpInitializeKeyedEvent(VOID)
Definition: condvar.c:460
IMAGE_SUBSYSTEM_WINDOWS_CUI
#define IMAGE_SUBSYSTEM_WINDOWS_CUI
Definition: ntimage.h:438
IMAGE_SUBSYSTEM_WINDOWS_GUI
#define IMAGE_SUBSYSTEM_WINDOWS_GUI
Definition: ntimage.h:437
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Definition: ntimage.h:489
IMAGE_SUBSYSTEM_NATIVE
#define IMAGE_SUBSYSTEM_NATIVE
Definition: ntimage.h:436
NtSystemRoot
UNICODE_STRING NtSystemRoot
Definition: init.c:76
NtSetInformationProcess
NTSTATUS NTAPI NtSetInformationProcess(IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, IN PVOID ProcessInformation, IN ULONG ProcessInformationLength)
Definition: query.c:1154
STATUS_INVALID_IMAGE_FORMAT
#define STATUS_INVALID_IMAGE_FORMAT
Definition: ntstatus.h:359
STATUS_CONFLICTING_ADDRESSES
#define STATUS_CONFLICTING_ADDRESSES
Definition: ntstatus.h:261
LONG
long LONG
Definition: pedump.c:60
USHORT
unsigned short USHORT
Definition: pedump.c:61
LoadConfig
static VOID LoadConfig(HWND hwndDlg, PPOWER_SCHEMES_PAGE_DATA pPageData, PPOWER_SCHEME pScheme)
Definition: powershemes.c:237
REG_DWORD
#define REG_DWORD
Definition: sdbapi.c:596
SharedUserData
#define SharedUserData
RtlSetUnhandledExceptionFilter
VOID NTAPI RtlSetUnhandledExceptionFilter(IN PRTLP_UNHANDLED_EXCEPTION_FILTER TopLevelExceptionFilter)
Definition: exception.c:341
RtlDecodeSystemPointer
PVOID NTAPI RtlDecodeSystemPointer(IN PVOID Pointer)
Definition: process.c:439
SE_InstallAfterInit
VOID NTAPI SE_InstallAfterInit(PUNICODE_STRING ProcessImage, PVOID pShimData)
Definition: shimeng.c:1436
TLS_MINIMUM_AVAILABLE
#define TLS_MINIMUM_AVAILABLE
Definition: ntddk_ex.h:236
IMAGE_LOAD_CONFIG_DIRECTORY32
Definition: ntimage.h:105
_ANSI_STRING
Definition: env_spec_w32.h:375
_CURDIR::DosPath
UNICODE_STRING DosPath
Definition: rtltypes.h:1362
_IMAGE_OPTIONAL_HEADER::SizeOfHeapReserve
DWORD SizeOfHeapReserve
Definition: ntddk_ex.h:174
_IMAGE_OPTIONAL_HEADER::Subsystem
WORD Subsystem
Definition: ntddk_ex.h:170
_IMAGE_OPTIONAL_HEADER::MajorSubsystemVersion
WORD MajorSubsystemVersion
Definition: ntddk_ex.h:164
_IMAGE_OPTIONAL_HEADER::SizeOfHeapCommit
DWORD SizeOfHeapCommit
Definition: ntddk_ex.h:175
_IMAGE_OPTIONAL_HEADER::ImageBase
DWORD ImageBase
Definition: ntddk_ex.h:157
_IMAGE_OPTIONAL_HEADER::MinorSubsystemVersion
WORD MinorSubsystemVersion
Definition: ntddk_ex.h:165
_LDR_DATA_TABLE_ENTRY::EntryPointActivationContext
PACTIVATION_CONTEXT EntryPointActivationContext
Definition: ldrtypes.h:167
_LDR_DATA_TABLE_ENTRY::LoadCount
USHORT LoadCount
Definition: ntddk_ex.h:208
_LDR_DATA_TABLE_ENTRY::InInitializationOrderLinks
LIST_ENTRY InInitializationOrderLinks
Definition: ldrtypes.h:144
_NLSTABLEINFO
Definition: ntnls.h:27
_PEB_LDR_DATA::InInitializationOrderModuleList
LIST_ENTRY InInitializationOrderModuleList
Definition: ldrtypes.h:126
_PEB_LDR_DATA::InMemoryOrderModuleList
LIST_ENTRY InMemoryOrderModuleList
Definition: btrfs_drv.h:1895
_PEB_LDR_DATA::Length
ULONG Length
Definition: ntddk_ex.h:221
_PEB_LDR_DATA::InLoadOrderModuleList
LIST_ENTRY InLoadOrderModuleList
Definition: ldrtypes.h:124
_PEB_LDR_DATA::Initialized
BOOLEAN Initialized
Definition: ntddk_ex.h:222
_PEB::CSDVersion
UNICODE_STRING CSDVersion
Definition: winternl.h:353
_PEB::Ldr
PPEB_LDR_DATA Ldr
Definition: btrfs_drv.h:1912
_PEB::NumberOfProcessors
ULONG NumberOfProcessors
Definition: ntddk_ex.h:269
_PEB::TlsBitmapBits
ULONG TlsBitmapBits[2]
Definition: ntddk_ex.h:260
_PEB::ImageProcessAffinityMask
ULONG ImageProcessAffinityMask
Definition: ntddk_ex.h:307
_PEB::ImageBaseAddress
PVOID ImageBaseAddress
Definition: ntddk_ex.h:245
_PEB::FlsBitmapBits
ULONG FlsBitmapBits[4]
Definition: winternl.h:362
_PEB::PostProcessInitRoutine
PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine
Definition: btrfs_drv.h:1916
_PEB::ProcessHeap
PVOID ProcessHeap
Definition: ntddk_ex.h:249
_PEB::CriticalSectionTimeout
LARGE_INTEGER CriticalSectionTimeout
Definition: ntddk_ex.h:274
_PEB::TlsExpansionBitmapBits
ULONG TlsExpansionBitmapBits[32]
Definition: winternl.h:347
_PEB::AnsiCodePageData
PVOID AnsiCodePageData
Definition: ntddk_ex.h:264
_PEB::BeingDebugged
BYTE BeingDebugged
Definition: btrfs_drv.h:1909
_PEB::FastPebLock
PVOID FastPebLock
Definition: ntddk_ex.h:250
_PEB::TlsBitmap
PVOID TlsBitmap
Definition: ntddk_ex.h:259
_PEB::OemCodePageData
PVOID OemCodePageData
Definition: ntddk_ex.h:265
_PEB::FlsListHead
LIST_ENTRY FlsListHead
Definition: winternl.h:360
_PEB::NtGlobalFlag
ULONG NtGlobalFlag
Definition: ntddk_ex.h:270
_PEB::FlsBitmap
PRTL_BITMAP FlsBitmap
Definition: winternl.h:361
_PEB::AppCompatInfo
PVOID AppCompatInfo
Definition: winternl.h:352
_PEB::TlsExpansionBitmap
PRTL_BITMAP TlsExpansionBitmap
Definition: winternl.h:346
_PEB::UnicodeCaseTableData
PVOID UnicodeCaseTableData
Definition: ntddk_ex.h:266
_RTL_HEAP_PARAMETERS
Definition: nt_native.h:1666
_RTL_HEAP_PARAMETERS::DeCommitFreeBlockThreshold
ULONG DeCommitFreeBlockThreshold
Definition: nt_native.h:1670
_RTL_HEAP_PARAMETERS::Length
ULONG Length
Definition: nt_native.h:1667
_RTL_HEAP_PARAMETERS::VirtualMemoryThreshold
ULONG VirtualMemoryThreshold
Definition: nt_native.h:1673
_RTL_HEAP_PARAMETERS::DeCommitTotalFreeThreshold
ULONG DeCommitTotalFreeThreshold
Definition: nt_native.h:1671
_RTL_HEAP_PARAMETERS::MaximumAllocationSize
ULONG MaximumAllocationSize
Definition: nt_native.h:1672
_RTL_USER_PROCESS_PARAMETERS
Definition: btrfs_drv.h:1898
_RTL_USER_PROCESS_PARAMETERS::CommandLine
UNICODE_STRING CommandLine
Definition: btrfs_drv.h:1902
_RTL_USER_PROCESS_PARAMETERS::DllPath
UNICODE_STRING DllPath
Definition: rtltypes.h:1551
_RTL_USER_PROCESS_PARAMETERS::CurrentDirectory
CURDIR CurrentDirectory
Definition: rtltypes.h:1550
_RTL_USER_PROCESS_PARAMETERS::Flags
ULONG Flags
Definition: rtltypes.h:1543
_TEB::ActivationContextStackPointer
PVOID ActivationContextStackPointer
Definition: compat.h:854
_TEB::ClientId
CLIENT_ID ClientId
Definition: compat.h:839
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
_UNICODE_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:370
LL
#define LL
Definition: tui.h:166
RTL_CONSTANT_STRING
#define RTL_CONSTANT_STRING(s)
Definition: tunneltest.c:14
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
NTAPI
#define NTAPI
Definition: typedefs.h:36
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
RtlMoveMemory
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:264
_LARGE_INTEGER::QuadPart
LONGLONG QuadPart
Definition: typedefs.h:114
FLS_MAXIMUM_AVAILABLE
#define FLS_MAXIMUM_AVAILABLE
Definition: winnt_old.h:1097
NX_SUPPORT_POLICY_ALWAYSOFF
#define NX_SUPPORT_POLICY_ALWAYSOFF
Definition: ketypes.h:1260
SystemArgument1
_In_opt_ PVOID _In_opt_ PVOID SystemArgument1
Definition: ketypes.h:688
NX_SUPPORT_POLICY_ALWAYSON
#define NX_SUPPORT_POLICY_ALWAYSON
Definition: ketypes.h:1261
LPWSTR
WCHAR * LPWSTR
Definition: xmlstorage.h:184

Referenced by LdrpInit().

◆ LdrpInitializeThread()

VOID NTAPI LdrpInitializeThread ( IN PCONTEXT  Context)

Definition at line 505 of file ldrinit.c.

506{
507 PPEB Peb = NtCurrentPeb();
508 PLDR_DATA_TABLE_ENTRY LdrEntry;
509 PLIST_ENTRY NextEntry, ListHead;
510 RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
511 NTSTATUS Status;
512 PVOID EntryPoint;
513
514 DPRINT("LdrpInitializeThread() called for %wZ (%p/%p)\n",
515 &LdrpImageEntry->BaseDllName,
516 NtCurrentTeb()->RealClientId.UniqueProcess,
517 NtCurrentTeb()->RealClientId.UniqueThread);
518
519 /* Acquire the loader Lock */
520 RtlEnterCriticalSection(&LdrpLoaderLock);
521
522 /* Allocate an Activation Context Stack */
523 DPRINT("ActivationContextStack %p\n", NtCurrentTeb()->ActivationContextStackPointer);
524 Status = RtlAllocateActivationContextStack(&NtCurrentTeb()->ActivationContextStackPointer);
525 if (!NT_SUCCESS(Status))
526 {
527 DPRINT1("Warning: Unable to allocate ActivationContextStack\n");
528 }
529
530 /* Make sure we are not shutting down */
531 if (LdrpShutdownInProgress) goto Exit;
532
533 /* Allocate TLS */
534 LdrpAllocateTls();
535
536 /* Start at the beginning */
537 ListHead = &Peb->Ldr->InMemoryOrderModuleList;
538 NextEntry = ListHead->Flink;
539 while (NextEntry != ListHead)
540 {
541 /* Get the current entry */
542 LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks);
543
544 /* Make sure it's not ourselves */
545 if (Peb->ImageBaseAddress != LdrEntry->DllBase)
546 {
547 /* Check if we should call */
548 if (!(LdrEntry->Flags & LDRP_DONT_CALL_FOR_THREADS))
549 {
550 /* Get the entrypoint */
551 EntryPoint = LdrEntry->EntryPoint;
552
553 /* Check if we are ready to call it */
554 if ((EntryPoint) &&
555 (LdrEntry->Flags & LDRP_PROCESS_ATTACH_CALLED) &&
556 (LdrEntry->Flags & LDRP_IMAGE_DLL))
557 {
558 /* Set up the Act Ctx */
559 ActCtx.Size = sizeof(ActCtx);
560 ActCtx.Format = 1;
561 RtlZeroMemory(&ActCtx.Frame, sizeof(RTL_ACTIVATION_CONTEXT_STACK_FRAME));
562
563 /* Activate the ActCtx */
564 RtlActivateActivationContextUnsafeFast(&ActCtx,
565 LdrEntry->EntryPointActivationContext);
566
567 _SEH2_TRY
568 {
569 /* Check if it has TLS */
570 if (LdrEntry->TlsIndex)
571 {
572 /* Make sure we're not shutting down */
573 if (!LdrpShutdownInProgress)
574 {
575 /* Call TLS */
576 LdrpCallTlsInitializers(LdrEntry, DLL_THREAD_ATTACH);
577 }
578 }
579
580 /* Make sure we're not shutting down */
581 if (!LdrpShutdownInProgress)
582 {
583 /* Call the Entrypoint */
584 DPRINT("%wZ - Calling entry point at %p for thread attaching, %p/%p\n",
585 &LdrEntry->BaseDllName, LdrEntry->EntryPoint,
586 NtCurrentTeb()->RealClientId.UniqueProcess,
587 NtCurrentTeb()->RealClientId.UniqueThread);
588 LdrpCallInitRoutine(LdrEntry->EntryPoint,
589 LdrEntry->DllBase,
590 DLL_THREAD_ATTACH,
591 NULL);
592 }
593 }
594 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
595 {
596 DPRINT1("WARNING: Exception 0x%x during LdrpCallInitRoutine(DLL_THREAD_ATTACH) for %wZ\n",
597 _SEH2_GetExceptionCode(), &LdrEntry->BaseDllName);
598 }
599 _SEH2_END;
600
601 /* Deactivate the ActCtx */
602 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
603 }
604 }
605 }
606
607 /* Next entry */
608 NextEntry = NextEntry->Flink;
609 }
610
611 /* Check for TLS */
612 if (LdrpImageHasTls && !LdrpShutdownInProgress)
613 {
614 /* Set up the Act Ctx */
615 ActCtx.Size = sizeof(ActCtx);
616 ActCtx.Format = 1;
617 RtlZeroMemory(&ActCtx.Frame, sizeof(RTL_ACTIVATION_CONTEXT_STACK_FRAME));
618
619 /* Activate the ActCtx */
620 RtlActivateActivationContextUnsafeFast(&ActCtx,
621 LdrpImageEntry->EntryPointActivationContext);
622
623 _SEH2_TRY
624 {
625 /* Do TLS callbacks */
626 LdrpCallTlsInitializers(LdrpImageEntry, DLL_THREAD_ATTACH);
627 }
628 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
629 {
630 /* Do nothing */
631 }
632 _SEH2_END;
633
634 /* Deactivate the ActCtx */
635 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
636 }
637
638Exit:
639
640 /* Release the loader lock */
641 RtlLeaveCriticalSection(&LdrpLoaderLock);
642
643 DPRINT("LdrpInitializeThread() done\n");
644}
DLL_THREAD_ATTACH
#define DLL_THREAD_ATTACH
Definition: compat.h:132
LdrpShutdownInProgress
BOOLEAN LdrpShutdownInProgress
Definition: ldrinit.c:34
LdrpImageHasTls
BOOLEAN LdrpImageHasTls
Definition: ldrinit.c:52
LdrpAllocateTls
NTSTATUS NTAPI LdrpAllocateTls(VOID)
Definition: ldrinit.c:1328
ActCtx
_In_ PCWSTR _Out_ PVOID * ActCtx
Definition: ldrtypes.h:264
LDRP_DONT_CALL_FOR_THREADS
#define LDRP_DONT_CALL_FOR_THREADS
Definition: ldrtypes.h:52
LDRP_PROCESS_ATTACH_CALLED
#define LDRP_PROCESS_ATTACH_CALLED
Definition: ldrtypes.h:53
LdrpCallTlsInitializers
VOID NTAPI LdrpCallTlsInitializers(IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Reason)
Definition: ldrutils.c:447
LdrpCallInitRoutine
BOOLEAN NTAPI LdrpCallInitRoutine(IN PDLL_INIT_ROUTINE EntryPoint, IN PVOID BaseAddress, IN ULONG Reason, IN PVOID Context)
Definition: ldrutils.c:100
Exit
static void Exit(void)
Definition: sock.c:1330
_LDR_DATA_TABLE_ENTRY::TlsIndex
USHORT TlsIndex
Definition: ntddk_ex.h:209
_RTL_ACTIVATION_CONTEXT_STACK_FRAME
Definition: winternl.h:248

Referenced by LdrpInit().

◆ LdrpInitializeTls()

NTSTATUS NTAPI LdrpInitializeTls ( VOID  )

Definition at line 1265 of file ldrinit.c.

1266{
1267 PLIST_ENTRY NextEntry, ListHead;
1268 PLDR_DATA_TABLE_ENTRY LdrEntry;
1269 PIMAGE_TLS_DIRECTORY TlsDirectory;
1270 PLDRP_TLS_DATA TlsData;
1271 ULONG Size;
1272
1273 /* Initialize the TLS List */
1274 InitializeListHead(&LdrpTlsList);
1275
1276 /* Loop all the modules */
1277 ListHead = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
1278 NextEntry = ListHead->Flink;
1279 while (ListHead != NextEntry)
1280 {
1281 /* Get the entry */
1282 LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
1283 NextEntry = NextEntry->Flink;
1284
1285 /* Get the TLS directory */
1286 TlsDirectory = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
1287 TRUE,
1288 IMAGE_DIRECTORY_ENTRY_TLS,
1289 &Size);
1290
1291 /* Check if we have a directory */
1292 if (!TlsDirectory) continue;
1293
1294 /* Check if the image has TLS */
1295 if (!LdrpImageHasTls) LdrpImageHasTls = TRUE;
1296
1297 /* Show debug message */
1298 if (ShowSnaps)
1299 {
1300 DPRINT1("LDR: Tls Found in %wZ at %p\n",
1301 &LdrEntry->BaseDllName,
1302 TlsDirectory);
1303 }
1304
1305 /* Allocate an entry */
1306 TlsData = RtlAllocateHeap(RtlGetProcessHeap(), 0, sizeof(LDRP_TLS_DATA));
1307 if (!TlsData) return STATUS_NO_MEMORY;
1308
1309 /* Lock the DLL and mark it for TLS Usage */
1310 LdrEntry->LoadCount = -1;
1311 LdrEntry->TlsIndex = -1;
1312
1313 /* Save the cached TLS data */
1314 TlsData->TlsDirectory = *TlsDirectory;
1315 InsertTailList(&LdrpTlsList, &TlsData->TlsLinks);
1316
1317 /* Update the index */
1318 *(PLONG)TlsData->TlsDirectory.AddressOfIndex = LdrpNumberOfTlsEntries;
1319 TlsData->TlsDirectory.Characteristics = LdrpNumberOfTlsEntries++;
1320 }
1321
1322 /* Done setting up TLS, allocate entries */
1323 return LdrpAllocateTls();
1324}
_IMAGE_TLS_DIRECTORY32::AddressOfIndex
ULONG AddressOfIndex
Definition: ntimage.h:548
_LDRP_TLS_DATA::TlsLinks
LIST_ENTRY TlsLinks
Definition: ntdllp.h:28
PLONG
int32_t * PLONG
Definition: typedefs.h:58

Referenced by LdrpInitializeProcess().

◆ LdrpInsertMemoryTableEntry()

VOID NTAPI LdrpInsertMemoryTableEntry ( IN PLDR_DATA_TABLE_ENTRY  LdrEntry)

Definition at line 1561 of file ldrutils.c.

1562{
1563 PPEB_LDR_DATA PebData = NtCurrentPeb()->Ldr;
1564 ULONG i;
1565
1566 /* Insert into hash table */
1567 i = LDR_GET_HASH_ENTRY(LdrEntry->BaseDllName.Buffer[0]);
1568 InsertTailList(&LdrpHashTable[i], &LdrEntry->HashLinks);
1569
1570 /* Insert into other lists */
1571 InsertTailList(&PebData->InLoadOrderModuleList, &LdrEntry->InLoadOrderLinks);
1572 InsertTailList(&PebData->InMemoryOrderModuleList, &LdrEntry->InMemoryOrderLinks);
1573}
_PEB_LDR_DATA
Definition: btrfs_drv.h:1892

Referenced by LdrpInitializeProcess(), and LdrpMapDll().

◆ LdrpLoadDll()

NTSTATUS NTAPI LdrpLoadDll ( IN BOOLEAN  Redirected,
IN PWSTR DllPath  OPTIONAL,
IN PULONG DllCharacteristics  OPTIONAL,
IN PUNICODE_STRING  DllName,
OUT PVOID BaseAddress,
IN BOOLEAN  CallInit 
)

Definition at line 2414 of file ldrutils.c.

2420{
2421 PPEB Peb = NtCurrentPeb();
2422 NTSTATUS Status = STATUS_SUCCESS;
2423 const WCHAR *p;
2424 BOOLEAN GotExtension;
2425 WCHAR c;
2426 WCHAR NameBuffer[MAX_PATH + 6];
2427 UNICODE_STRING RawDllName;
2428 PLDR_DATA_TABLE_ENTRY LdrEntry;
2429 BOOLEAN InInit = LdrpInLdrInit;
2430
2431 /* Save the Raw DLL Name */
2432 if (DllName->Length >= sizeof(NameBuffer)) return STATUS_NAME_TOO_LONG;
2433 RtlInitEmptyUnicodeString(&RawDllName, NameBuffer, sizeof(NameBuffer));
2434 RtlCopyUnicodeString(&RawDllName, DllName);
2435
2436 /* Find the extension, if present */
2437 /* NOTE: Access violation is expected here in some cases (Buffer[-1]) */
2438 p = DllName->Buffer + DllName->Length / sizeof(WCHAR) - 1;
2439 GotExtension = FALSE;
2440 while (p >= DllName->Buffer)
2441 {
2442 c = *p--;
2443 if (c == L'.')
2444 {
2445 GotExtension = TRUE;
2446 break;
2447 }
2448 else if (c == L'\\')
2449 {
2450 break;
2451 }
2452 }
2453
2454 /* If no extension was found, add the default extension */
2455 if (!GotExtension)
2456 {
2457 /* Check that we have space to add one */
2458 if ((DllName->Length + LdrApiDefaultExtension.Length + sizeof(UNICODE_NULL)) >=
2459 sizeof(NameBuffer))
2460 {
2461 /* No space to add the extension */
2462 DbgPrintEx(DPFLTR_LDR_ID,
2463 DPFLTR_ERROR_LEVEL,
2464 "LDR: %s - Dll name missing extension; with extension "
2465 "added the name is too long\n"
2466 " DllName: (@ %p) \"%wZ\"\n"
2467 " DllName->Length: %u\n",
2468 __FUNCTION__,
2469 DllName,
2470 DllName,
2471 DllName->Length);
2472 return STATUS_NAME_TOO_LONG;
2473 }
2474
2475 /* Add it. Needs to be null terminated, thus the length check above */
2476 (VOID)RtlAppendUnicodeStringToString(&RawDllName,
2477 &LdrApiDefaultExtension);
2478 }
2479
2480 /* Check for init flag and acquire lock */
2481 if (!InInit) RtlEnterCriticalSection(&LdrpLoaderLock);
2482
2483 _SEH2_TRY
2484 {
2485 /* Show debug message */
2486 if (ShowSnaps)
2487 {
2488 DPRINT1("LDR: LdrLoadDll, loading %wZ from %ws\n",
2489 &RawDllName,
2490 DllPath ? DllPath : L"");
2491 }
2492
2493 /* Check if the DLL is already loaded */
2494 if (!LdrpCheckForLoadedDll(DllPath,
2495 &RawDllName,
2496 FALSE,
2497 Redirected,
2498 &LdrEntry))
2499 {
2500 /* Map it */
2501 Status = LdrpMapDll(DllPath,
2502 DllPath,
2503 NameBuffer,
2504 DllCharacteristics,
2505 FALSE,
2506 Redirected,
2507 &LdrEntry);
2508 if (!NT_SUCCESS(Status))
2509 _SEH2_LEAVE;
2510
2511 /* FIXME: Need to mark the DLL range for the stack DB */
2512 //RtlpStkMarkDllRange(LdrEntry);
2513
2514 /* Check if IMAGE_FILE_EXECUTABLE_IMAGE was provided */
2515 if ((DllCharacteristics) &&
2516 (*DllCharacteristics & IMAGE_FILE_EXECUTABLE_IMAGE))
2517 {
2518 /* This is not a DLL, so remove such data */
2519 LdrEntry->EntryPoint = NULL;
2520 LdrEntry->Flags &= ~LDRP_IMAGE_DLL;
2521 }
2522
2523 /* Make sure it's a DLL */
2524 if (LdrEntry->Flags & LDRP_IMAGE_DLL)
2525 {
2526 /* Check if this is a .NET Image */
2527 if (!(LdrEntry->Flags & LDRP_COR_IMAGE))
2528 {
2529 /* Walk the Import Descriptor */
2530 Status = LdrpWalkImportDescriptor(DllPath, LdrEntry);
2531 }
2532
2533 /* Update load count, unless it's locked */
2534 if (LdrEntry->LoadCount != 0xFFFF) LdrEntry->LoadCount++;
2535 LdrpUpdateLoadCount2(LdrEntry, LDRP_UPDATE_REFCOUNT);
2536
2537 /* Check if we failed */
2538 if (!NT_SUCCESS(Status))
2539 {
2540 /* Clear entrypoint, and insert into list */
2541 LdrEntry->EntryPoint = NULL;
2542 InsertTailList(&Peb->Ldr->InInitializationOrderModuleList,
2543 &LdrEntry->InInitializationOrderLinks);
2544
2545 /* Cancel the load */
2546 LdrpClearLoadInProgress();
2547
2548 /* Unload the DLL */
2549 if (ShowSnaps)
2550 {
2551 DbgPrint("LDR: Unloading %wZ due to error %x walking "
2552 "import descriptors\n",
2553 DllName,
2554 Status);
2555 }
2556 LdrUnloadDll(LdrEntry->DllBase);
2557
2558 /* Return the error */
2559 _SEH2_LEAVE;
2560 }
2561 }
2562 else if (LdrEntry->LoadCount != 0xFFFF)
2563 {
2564 /* Increase load count */
2565 LdrEntry->LoadCount++;
2566 }
2567
2568 /* Insert it into the list */
2569 InsertTailList(&Peb->Ldr->InInitializationOrderModuleList,
2570 &LdrEntry->InInitializationOrderLinks);
2571
2572 /* If we have to run the entrypoint, make sure the DB is ready */
2573 if (CallInit && LdrpLdrDatabaseIsSetup)
2574 {
2575 /* Notify Shim Engine */
2576 if (g_ShimsEnabled)
2577 {
2578 VOID (NTAPI* SE_DllLoaded)(PLDR_DATA_TABLE_ENTRY) = RtlDecodeSystemPointer(g_pfnSE_DllLoaded);
2579 SE_DllLoaded(LdrEntry);
2580 }
2581
2582 /* Run the init routine */
2583 Status = LdrpRunInitializeRoutines(NULL);
2584 if (!NT_SUCCESS(Status))
2585 {
2586 /* Failed, unload the DLL */
2587 if (ShowSnaps)
2588 {
2589 DbgPrint("LDR: Unloading %wZ because either its init "
2590 "routine or one of its static imports failed; "
2591 "status = 0x%08lx\n",
2592 DllName,
2593 Status);
2594 }
2595 LdrUnloadDll(LdrEntry->DllBase);
2596 }
2597 }
2598 else
2599 {
2600 /* The DB isn't ready, which means we were loaded because of a forwarder */
2601 Status = STATUS_SUCCESS;
2602 }
2603 }
2604 else
2605 {
2606 /* We were already loaded. Are we a DLL? */
2607 if ((LdrEntry->Flags & LDRP_IMAGE_DLL) && (LdrEntry->LoadCount != 0xFFFF))
2608 {
2609 /* Increase load count */
2610 LdrEntry->LoadCount++;
2611 LdrpUpdateLoadCount2(LdrEntry, LDRP_UPDATE_REFCOUNT);
2612
2613 /* Clear the load in progress */
2614 LdrpClearLoadInProgress();
2615 }
2616 else
2617 {
2618 /* Not a DLL, just increase the load count */
2619 if (LdrEntry->LoadCount != 0xFFFF) LdrEntry->LoadCount++;
2620 }
2621 }
2622
2623 }
2624 _SEH2_FINALLY
2625 {
2626 /* Release the lock */
2627 if (!InInit) RtlLeaveCriticalSection(&LdrpLoaderLock);
2628 }
2629 _SEH2_END;
2630
2631 /* Check for success */
2632 if (NT_SUCCESS(Status))
2633 {
2634 /* Return the base address */
2635 *BaseAddress = LdrEntry->DllBase;
2636 }
2637 else
2638 {
2639 /* Nothing found */
2640 *BaseAddress = NULL;
2641 }
2642
2643 /* Return status */
2644 return Status;
2645}
DPFLTR_ERROR_LEVEL
#define DPFLTR_ERROR_LEVEL
Definition: main.cpp:32
PLDR_DATA_TABLE_ENTRY
struct _LDR_DATA_TABLE_ENTRY * PLDR_DATA_TABLE_ENTRY
MAX_PATH
#define MAX_PATH
Definition: compat.h:34
DPFLTR_LDR_ID
@ DPFLTR_LDR_ID
Definition: dpfilter.h:113
__FUNCTION__
#define __FUNCTION__
Definition: types.h:116
c
const GLubyte * c
Definition: glext.h:8905
p
GLfloat GLfloat p
Definition: glext.h:8902
DbgPrintEx
#define DbgPrintEx(cmpid, lvl, fmt,...)
Definition: kdinit.c:24
c
#define c
Definition: ke_i.h:80
LdrUnloadDll
NTSTATUS NTAPI LdrUnloadDll(_In_ PVOID BaseAddress)
Definition: ldrapi.c:1291
LdrpMapDll
NTSTATUS NTAPI LdrpMapDll(IN PWSTR SearchPath OPTIONAL, IN PWSTR DllPath2, IN PWSTR DllName OPTIONAL, IN PULONG DllCharacteristics, IN BOOLEAN Static, IN BOOLEAN Redirect, OUT PLDR_DATA_TABLE_ENTRY *DataTableEntry)
Definition: ldrutils.c:997
LdrpUpdateLoadCount2
VOID NTAPI LdrpUpdateLoadCount2(IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Flags)
Definition: ldrutils.c:434
LdrpCheckForLoadedDll
BOOLEAN NTAPI LdrpCheckForLoadedDll(IN PWSTR DllPath, IN PUNICODE_STRING DllName, IN BOOLEAN Flag, IN BOOLEAN RedirectedDll, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
Definition: ldrutils.c:1958
g_ShimsEnabled
BOOLEAN g_ShimsEnabled
Definition: ldrutils.c:21
LdrpClearLoadInProgress
ULONG NTAPI LdrpClearLoadInProgress(VOID)
Definition: ldrutils.c:2649
g_pfnSE_DllLoaded
PVOID g_pfnSE_DllLoaded
Definition: ldrutils.c:23
RtlCopyUnicodeString
NTSYSAPI VOID NTAPI RtlCopyUnicodeString(PUNICODE_STRING DestinationString, PUNICODE_STRING SourceString)
LdrApiDefaultExtension
UNICODE_STRING LdrApiDefaultExtension
Definition: ldrapi.c:22
LdrpLdrDatabaseIsSetup
BOOLEAN LdrpLdrDatabaseIsSetup
Definition: ldrinit.c:33
LDRP_UPDATE_REFCOUNT
#define LDRP_UPDATE_REFCOUNT
Definition: ntdllp.h:15
IMAGE_FILE_EXECUTABLE_IMAGE
#define IMAGE_FILE_EXECUTABLE_IMAGE
Definition: pedump.c:160
_SEH2_FINALLY
#define _SEH2_FINALLY
Definition: pseh2_64.h:130
_SEH2_LEAVE
#define _SEH2_LEAVE
Definition: pseh2_64.h:183
SE_DllLoaded
VOID WINAPI SE_DllLoaded(PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: shimeng.c:1447

Referenced by LdrLoadDll(), LdrpLoadShimEngine(), and LdrpSnapThunk().

◆ LdrpLoadImportModule()

NTSTATUS NTAPI LdrpLoadImportModule ( IN PWSTR DllPath  OPTIONAL,
IN LPSTR  ImportName,
OUT PLDR_DATA_TABLE_ENTRY DataTableEntry,
OUT PBOOLEAN  Existing 
)

Definition at line 808 of file ldrpe.c.

812{
813 ANSI_STRING AnsiString;
814 PUNICODE_STRING ImpDescName;
815 const WCHAR *p;
816 BOOLEAN GotExtension;
817 WCHAR c;
818 NTSTATUS Status;
819 PPEB Peb = RtlGetCurrentPeb();
820 PTEB Teb = NtCurrentTeb();
821 UNICODE_STRING RedirectedImpDescName;
822 BOOLEAN RedirectedDll;
823
824 DPRINT("LdrpLoadImportModule('%S' '%s' %p %p)\n", DllPath, ImportName, DataTableEntry, Existing);
825
826 RedirectedDll = FALSE;
827 RtlInitEmptyUnicodeString(&RedirectedImpDescName, NULL, 0);
828
829 /* Convert import descriptor name to unicode string */
830 ImpDescName = &Teb->StaticUnicodeString;
831 RtlInitAnsiString(&AnsiString, ImportName);
832 Status = RtlAnsiStringToUnicodeString(ImpDescName, &AnsiString, FALSE);
833 if (!NT_SUCCESS(Status)) return Status;
834
835 /* Find the extension, if present */
836 p = ImpDescName->Buffer + ImpDescName->Length / sizeof(WCHAR) - 1;
837 GotExtension = FALSE;
838 while (p >= ImpDescName->Buffer)
839 {
840 c = *p--;
841 if (c == L'.')
842 {
843 GotExtension = TRUE;
844 break;
845 }
846 else if (c == L'\\')
847 {
848 break;
849 }
850 }
851
852 /* If no extension was found, add the default extension */
853 if (!GotExtension)
854 {
855 /* Check that we have space to add one */
856 if ((ImpDescName->Length + LdrApiDefaultExtension.Length + sizeof(UNICODE_NULL)) >=
857 sizeof(Teb->StaticUnicodeBuffer))
858 {
859 /* No space to add the extension */
860 DbgPrintEx(DPFLTR_LDR_ID,
861 DPFLTR_ERROR_LEVEL,
862 "LDR: %s - Dll name missing extension; with extension "
863 "added the name is too long\n"
864 " ImpDescName: (@ %p) \"%wZ\"\n"
865 " ImpDescName->Length: %u\n",
866 __FUNCTION__,
867 ImpDescName,
868 ImpDescName,
869 ImpDescName->Length);
870 return STATUS_NAME_TOO_LONG;
871 }
872
873 /* Add it. Needs to be null terminated, thus the length check above */
874 (VOID)RtlAppendUnicodeStringToString(ImpDescName,
875 &LdrApiDefaultExtension);
876 }
877
878 /* Check if the SxS Assemblies specify another file */
879 Status = LdrpApplyFileNameRedirection(
880 ImpDescName, &LdrApiDefaultExtension, NULL, &RedirectedImpDescName, &ImpDescName, &RedirectedDll);
881
882 if (!NT_SUCCESS(Status))
883 {
884 /* Unrecoverable SxS failure */
885 DPRINT1("LDR: LdrpApplyFileNameRedirection failed with status %x for dll %wZ\n", Status, ImpDescName);
886 goto done;
887 }
888
889 /* Check if it's loaded */
890 if (LdrpCheckForLoadedDll(DllPath,
891 ImpDescName,
892 TRUE,
893 RedirectedDll,
894 DataTableEntry))
895 {
896 /* It's already existing in the list */
897 *Existing = TRUE;
898 Status = STATUS_SUCCESS;
899 goto done;
900 }
901
902 /* We're loading it for the first time */
903 *Existing = FALSE;
904
905 /* Map it */
906 Status = LdrpMapDll(DllPath,
907 NULL,
908 ImpDescName->Buffer,
909 NULL,
910 TRUE,
911 RedirectedDll,
912 DataTableEntry);
913 if (!NT_SUCCESS(Status))
914 {
915 DPRINT1("LDR: LdrpMapDll failed with status %x for dll %wZ\n", Status, ImpDescName);
916 goto done;
917 }
918
919 /* Walk its import descriptor table */
920 Status = LdrpWalkImportDescriptor(DllPath,
921 *DataTableEntry);
922 if (!NT_SUCCESS(Status))
923 {
924 /* Add it to the in-init-order list in case of failure */
925 InsertTailList(&Peb->Ldr->InInitializationOrderModuleList,
926 &(*DataTableEntry)->InInitializationOrderLinks);
927 }
928
929done:
930 RtlFreeUnicodeString(&RedirectedImpDescName);
931
932 return Status;
933}
AnsiString
@ AnsiString
Definition: dnslib.h:19
RtlGetCurrentPeb
NTSYSAPI PEB *WINAPI RtlGetCurrentPeb(void)
Definition: libsupp.c:65
LdrpWalkImportDescriptor
NTSTATUS NTAPI LdrpWalkImportDescriptor(IN LPWSTR DllPath OPTIONAL, IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: ldrpe.c:670
RtlAnsiStringToUnicodeString
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
RtlInitAnsiString
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
LdrpApplyFileNameRedirection
NTSYSAPI NTSTATUS NTAPI LdrpApplyFileNameRedirection(_In_ PUNICODE_STRING OriginalName, _In_ PUNICODE_STRING Extension, _Inout_opt_ PUNICODE_STRING StaticString, _Inout_opt_ PUNICODE_STRING DynamicString, _Inout_ PUNICODE_STRING *NewName, _Inout_ PBOOLEAN RedirectedDll)
LdrpMapDll
NTSTATUS NTAPI LdrpMapDll(IN PWSTR SearchPath OPTIONAL, IN PWSTR DllPath2, IN PWSTR DllName OPTIONAL, IN PULONG DllCharacteristics, IN BOOLEAN Static, IN BOOLEAN Redirect, OUT PLDR_DATA_TABLE_ENTRY *DataTableEntry)
Definition: ldrutils.c:997
LdrpCheckForLoadedDll
BOOLEAN NTAPI LdrpCheckForLoadedDll(IN PWSTR DllPath, IN PUNICODE_STRING DllName, IN BOOLEAN Flag, IN BOOLEAN RedirectedDll, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
Definition: ldrutils.c:1958
_TEB::StaticUnicodeBuffer
WCHAR StaticUnicodeBuffer[261]
Definition: compat.h:877
_TEB::StaticUnicodeString
UNICODE_STRING StaticUnicodeString
Definition: compat.h:876

Referenced by LdrpHandleOneNewFormatImportDescriptor(), and LdrpHandleOneOldFormatImportDescriptor().

◆ LdrpLoadShimEngine()

VOID NTAPI LdrpLoadShimEngine ( IN PWSTR  ImageName,
IN PUNICODE_STRING  ProcessImage,
IN PVOID  pShimData 
)

Definition at line 2757 of file ldrutils.c.

2758{
2759 UNICODE_STRING ShimLibraryName;
2760 PVOID ShimLibrary;
2761 NTSTATUS Status;
2762 RtlInitUnicodeString(&ShimLibraryName, ImageName);
2763 /* We should NOT pass CallInit = TRUE!
2764 If we do this, other init routines will be called before we get a chance to shim stuff.. */
2765 Status = LdrpLoadDll(FALSE, NULL, NULL, &ShimLibraryName, &ShimLibrary, FALSE);
2766 if (NT_SUCCESS(Status))
2767 {
2768 g_pShimEngineModule = ShimLibrary;
2769 LdrpRunShimEngineInitRoutine(DLL_PROCESS_ATTACH);
2770 LdrpGetShimEngineInterface();
2771 if (g_ShimsEnabled)
2772 {
2773 VOID(NTAPI *SE_InstallBeforeInit)(PUNICODE_STRING, PVOID);
2774 SE_InstallBeforeInit = RtlDecodeSystemPointer(g_pfnSE_InstallBeforeInit);
2775 SE_InstallBeforeInit(ProcessImage, pShimData);
2776 }
2777 }
2778}
DLL_PROCESS_ATTACH
#define DLL_PROCESS_ATTACH
Definition: compat.h:131
g_pfnSE_InstallBeforeInit
PVOID g_pfnSE_InstallBeforeInit
Definition: ldrutils.c:25
LdrpLoadDll
NTSTATUS NTAPI LdrpLoadDll(IN BOOLEAN Redirected, IN PWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *BaseAddress, IN BOOLEAN CallInit)
Definition: ldrutils.c:2414
g_pShimEngineModule
PVOID g_pShimEngineModule
Definition: ldrutils.c:22
LdrpRunShimEngineInitRoutine
VOID NTAPI LdrpRunShimEngineInitRoutine(IN ULONG Reason)
Definition: ldrutils.c:2722
LdrpGetShimEngineInterface
VOID NTAPI LdrpGetShimEngineInterface()
Definition: ldrutils.c:2697
ImageName
static const char * ImageName
Definition: image.c:34
SE_InstallBeforeInit
VOID NTAPI SE_InstallBeforeInit(PUNICODE_STRING ProcessImage, PVOID pShimData)
Definition: shimeng.c:1417

Referenced by LdrpInitializeProcess().

◆ LdrpMapDll()

NTSTATUS NTAPI LdrpMapDll ( IN PWSTR SearchPath  OPTIONAL,
IN PWSTR  DllPath2,
IN PWSTR DllName  OPTIONAL,
IN PULONG  DllCharacteristics,
IN BOOLEAN  Static,
IN BOOLEAN  Redirect,
OUT PLDR_DATA_TABLE_ENTRY DataTableEntry 
)

Definition at line 997 of file ldrutils.c.

1004{
1005 PTEB Teb = NtCurrentTeb();
1006 PPEB Peb = NtCurrentPeb();
1007 PWCHAR p1 = DllName;
1008 WCHAR TempChar;
1009 BOOLEAN KnownDll = FALSE;
1010 UNICODE_STRING FullDllName, BaseDllName;
1011 HANDLE SectionHandle = NULL, DllHandle = 0;
1012 UNICODE_STRING NtPathDllName;
1013 ULONG_PTR HardErrorParameters[2];
1014 UNICODE_STRING HardErrorDllName, HardErrorDllPath;
1015 ULONG Response;
1016 SIZE_T ViewSize = 0;
1017 PVOID ViewBase = NULL;
1018 PVOID ArbitraryUserPointer;
1019 PIMAGE_NT_HEADERS NtHeaders;
1020 NTSTATUS HardErrorStatus, Status;
1021 BOOLEAN OverlapDllFound = FALSE;
1022 ULONG_PTR ImageBase, ImageEnd;
1023 PLIST_ENTRY ListHead, NextEntry;
1024 PLDR_DATA_TABLE_ENTRY CandidateEntry, LdrEntry;
1025 ULONG_PTR CandidateBase, CandidateEnd;
1026 UNICODE_STRING OverlapDll;
1027 BOOLEAN RelocatableDll = TRUE;
1028 UNICODE_STRING IllegalDll;
1029 PVOID RelocData;
1030 ULONG RelocDataSize = 0;
1031
1032 // FIXME: AppCompat stuff is missing
1033
1034 if (ShowSnaps)
1035 {
1036 DPRINT1("LDR: LdrpMapDll: Image Name %ws, Search Path %ws\n",
1037 DllName,
1038 SearchPath ? SearchPath : L"");
1039 }
1040
1041 /* Check if we have a known dll directory */
1042 if (LdrpKnownDllObjectDirectory && Redirect == FALSE)
1043 {
1044 /* Check if the path is full */
1045 while (*p1)
1046 {
1047 TempChar = *p1++;
1048 if (TempChar == '\\' || TempChar == '/' )
1049 {
1050 /* Complete path, don't do Known Dll lookup */
1051 goto SkipCheck;
1052 }
1053 }
1054
1055 /* Try to find a Known DLL */
1056 Status = LdrpCheckForKnownDll(DllName,
1057 &FullDllName,
1058 &BaseDllName,
1059 &SectionHandle);
1060
1061 if (!NT_SUCCESS(Status) && (Status != STATUS_DLL_NOT_FOUND))
1062 {
1063 /* Failure */
1064 DbgPrintEx(DPFLTR_LDR_ID,
1065 DPFLTR_ERROR_LEVEL,
1066 "LDR: %s - call to LdrpCheckForKnownDll(\"%ws\", ...) failed with status %x\n",
1067 __FUNCTION__,
1068 DllName,
1069 Status);
1070
1071 return Status;
1072 }
1073 }
1074
1075SkipCheck:
1076
1077 /* Check if the Known DLL Check returned something */
1078 if (!SectionHandle)
1079 {
1080 /* It didn't, so try to resolve the name now */
1081 if (LdrpResolveDllName(SearchPath,
1082 DllName,
1083 &FullDllName,
1084 &BaseDllName))
1085 {
1086 /* Got a name, display a message */
1087 if (ShowSnaps)
1088 {
1089 DPRINT1("LDR: Loading (%s) %wZ\n",
1090 Static ? "STATIC" : "DYNAMIC",
1091 &FullDllName);
1092 }
1093
1094 /* Convert to NT Name */
1095 if (!RtlDosPathNameToNtPathName_U(FullDllName.Buffer,
1096 &NtPathDllName,
1097 NULL,
1098 NULL))
1099 {
1100 /* Path was invalid */
1101 return STATUS_OBJECT_PATH_SYNTAX_BAD;
1102 }
1103
1104 /* Create a section for this dLL */
1105 Status = LdrpCreateDllSection(&NtPathDllName,
1106 DllHandle,
1107 DllCharacteristics,
1108 &SectionHandle);
1109
1110 /* Free the NT Name */
1111 RtlFreeHeap(RtlGetProcessHeap(), 0, NtPathDllName.Buffer);
1112
1113 /* If we failed */
1114 if (!NT_SUCCESS(Status))
1115 {
1116 /* Free the name strings and return */
1117 LdrpFreeUnicodeString(&FullDllName);
1118 LdrpFreeUnicodeString(&BaseDllName);
1119 return Status;
1120 }
1121 }
1122 else
1123 {
1124 /* We couldn't resolve the name, is this a static load? */
1125 if (Static)
1126 {
1127 /*
1128 * This is BAD! Static loads are CRITICAL. Bugcheck!
1129 * Initialize the strings for the error
1130 */
1131 RtlInitUnicodeString(&HardErrorDllName, DllName);
1132 RtlInitUnicodeString(&HardErrorDllPath,
1133 DllPath2 ? DllPath2 : LdrpDefaultPath.Buffer);
1134
1135 /* Set them as error parameters */
1136 HardErrorParameters[0] = (ULONG_PTR)&HardErrorDllName;
1137 HardErrorParameters[1] = (ULONG_PTR)&HardErrorDllPath;
1138
1139 /* Raise the hard error */
1140 NtRaiseHardError(STATUS_DLL_NOT_FOUND,
1141 2,
1142 0x00000003,
1143 HardErrorParameters,
1144 OptionOk,
1145 &Response);
1146
1147 /* We're back, where we initializing? */
1148 if (LdrpInLdrInit) LdrpFatalHardErrorCount++;
1149 }
1150
1151 /* Return failure */
1152 return STATUS_DLL_NOT_FOUND;
1153 }
1154 }
1155 else
1156 {
1157 /* We have a section handle, so this is a known dll */
1158 KnownDll = TRUE;
1159 }
1160
1161 /* Stuff the image name in the TIB, for the debugger */
1162 ArbitraryUserPointer = Teb->NtTib.ArbitraryUserPointer;
1163 Teb->NtTib.ArbitraryUserPointer = FullDllName.Buffer;
1164
1165 /* Map the DLL */
1166 ViewBase = NULL;
1167 ViewSize = 0;
1168 Status = NtMapViewOfSection(SectionHandle,
1169 NtCurrentProcess(),
1170 &ViewBase,
1171 0,
1172 0,
1173 NULL,
1174 &ViewSize,
1175 ViewShare,
1176 0,
1177 PAGE_READWRITE);
1178
1179 /* Restore */
1180 Teb->NtTib.ArbitraryUserPointer = ArbitraryUserPointer;
1181
1182 /* Fail if we couldn't map it */
1183 if (!NT_SUCCESS(Status))
1184 {
1185 /* Close and return */
1186 NtClose(SectionHandle);
1187 return Status;
1188 }
1189
1190 /* Get the NT Header */
1191 if (!(NtHeaders = RtlImageNtHeader(ViewBase)))
1192 {
1193 /* Invalid image, unmap, close handle and fail */
1194 NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
1195 NtClose(SectionHandle);
1196 return STATUS_INVALID_IMAGE_FORMAT;
1197 }
1198
1199 // FIXME: .NET support is missing
1200
1201 /* Allocate an entry */
1202 if (!(LdrEntry = LdrpAllocateDataTableEntry(ViewBase)))
1203 {
1204 /* Invalid image, unmap, close handle and fail */
1205 NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
1206 NtClose(SectionHandle);
1207 return STATUS_NO_MEMORY;
1208 }
1209
1210 /* Setup the entry */
1211 LdrEntry->Flags = Static ? LDRP_STATIC_LINK : 0;
1212 if (Redirect) LdrEntry->Flags |= LDRP_REDIRECTED;
1213 LdrEntry->LoadCount = 0;
1214 LdrEntry->FullDllName = FullDllName;
1215 LdrEntry->BaseDllName = BaseDllName;
1216 LdrEntry->EntryPoint = LdrpFetchAddressOfEntryPoint(LdrEntry->DllBase);
1217
1218 /* Show debug message */
1219 if (ShowSnaps)
1220 {
1221 DPRINT1("LDR: LdrpMapDll: Full Name %wZ, Base Name %wZ\n",
1222 &FullDllName,
1223 &BaseDllName);
1224 }
1225
1226 /* Insert this entry */
1227 LdrpInsertMemoryTableEntry(LdrEntry);
1228
1229#if (_WIN32_WINNT >= _WIN32_WINNT_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA)
1230 LdrpSendDllNotifications(LdrEntry, LDR_DLL_NOTIFICATION_REASON_LOADED);
1231#if (_WIN32_WINNT >= _WIN32_WINNT_WIN8)
1232 LdrEntry->Flags |= LDRP_LOAD_NOTIFICATIONS_SENT; /* LdrEntry->LoadNotificationsSent = TRUE; */
1233#endif
1234#endif
1235
1236 /* Check for invalid CPU Image */
1237 if (Status == STATUS_IMAGE_MACHINE_TYPE_MISMATCH)
1238 {
1239 /* Load our header */
1240 PIMAGE_NT_HEADERS ImageNtHeader = RtlImageNtHeader(Peb->ImageBaseAddress);
1241
1242 /* Assume defaults if we don't have to run the Hard Error path */
1243 HardErrorStatus = STATUS_SUCCESS;
1244 Response = ResponseCancel;
1245
1246 /* Are we an NT 3.0 image? [Do these still exist? LOL -- IAI] */
1247 if (ImageNtHeader->OptionalHeader.MajorSubsystemVersion <= 3)
1248 {
1249 /* Reset the entrypoint, save our Dll Name */
1250 LdrEntry->EntryPoint = 0;
1251 HardErrorParameters[0] = (ULONG_PTR)&FullDllName;
1252
1253 /* Raise the error */
1254 HardErrorStatus = ZwRaiseHardError(STATUS_IMAGE_MACHINE_TYPE_MISMATCH,
1255 1,
1256 1,
1257 HardErrorParameters,
1258 OptionOkCancel,
1259 &Response);
1260 }
1261
1262 /* Check if the user pressed cancel */
1263 if (NT_SUCCESS(HardErrorStatus) && Response == ResponseCancel)
1264 {
1265 /* Remove the DLL from the lists */
1266 RemoveEntryList(&LdrEntry->InLoadOrderLinks);
1267 RemoveEntryList(&LdrEntry->InMemoryOrderLinks);
1268 RemoveEntryList(&LdrEntry->HashLinks);
1269
1270 /* Remove the LDR Entry */
1271 RtlFreeHeap(LdrpHeap, 0, LdrEntry );
1272
1273 /* Unmap and close section */
1274 NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
1275 NtClose(SectionHandle);
1276
1277 /* Did we do a hard error? */
1278 if (ImageNtHeader->OptionalHeader.MajorSubsystemVersion <= 3)
1279 {
1280 /* Yup, so increase fatal error count if we are initializing */
1281 if (LdrpInLdrInit) LdrpFatalHardErrorCount++;
1282 }
1283
1284 /* Return failure */
1285 return STATUS_INVALID_IMAGE_FORMAT;
1286 }
1287 }
1288 else
1289 {
1290 /* The image was valid. Is it a DLL? */
1291 if (NtHeaders->FileHeader.Characteristics & IMAGE_FILE_DLL)
1292 {
1293 /* Set the DLL Flag */
1294 LdrEntry->Flags |= LDRP_IMAGE_DLL;
1295 }
1296
1297 /* If we're not a DLL, clear the entrypoint */
1298 if (!(LdrEntry->Flags & LDRP_IMAGE_DLL))
1299 {
1300 LdrEntry->EntryPoint = 0;
1301 }
1302 }
1303
1304 /* Return it for the caller */
1305 *DataTableEntry = LdrEntry;
1306
1307 /* Check if we loaded somewhere else */
1308 if (Status == STATUS_IMAGE_NOT_AT_BASE)
1309 {
1310 /* Write the flag */
1311 LdrEntry->Flags |= LDRP_IMAGE_NOT_AT_BASE;
1312
1313 /* Find our region */
1314 ImageBase = (ULONG_PTR)NtHeaders->OptionalHeader.ImageBase;
1315 ImageEnd = ImageBase + ViewSize;
1316
1317 DPRINT("LDR: LdrpMapDll Relocating Image Name %ws (%p-%p -> %p)\n", DllName, (PVOID)ImageBase, (PVOID)ImageEnd, ViewBase);
1318
1319 /* Scan all the modules */
1320 ListHead = &Peb->Ldr->InLoadOrderModuleList;
1321 NextEntry = ListHead->Flink;
1322 while (NextEntry != ListHead)
1323 {
1324 /* Get the entry */
1325 CandidateEntry = CONTAINING_RECORD(NextEntry,
1326 LDR_DATA_TABLE_ENTRY,
1327 InLoadOrderLinks);
1328 NextEntry = NextEntry->Flink;
1329
1330 /* Get the entry's bounds */
1331 CandidateBase = (ULONG_PTR)CandidateEntry->DllBase;
1332 CandidateEnd = CandidateBase + CandidateEntry->SizeOfImage;
1333
1334 /* Make sure this entry isn't unloading */
1335 if (!CandidateEntry->InMemoryOrderLinks.Flink) continue;
1336
1337 /* Check if our regions are colliding */
1338 if ((ImageBase >= CandidateBase && ImageBase <= CandidateEnd) ||
1339 (ImageEnd >= CandidateBase && ImageEnd <= CandidateEnd) ||
1340 (CandidateBase >= ImageBase && CandidateBase <= ImageEnd))
1341 {
1342 /* Found who is overlapping */
1343 OverlapDllFound = TRUE;
1344 OverlapDll = CandidateEntry->FullDllName;
1345 break;
1346 }
1347 }
1348
1349 /* Check if we found the DLL overlapping with us */
1350 if (!OverlapDllFound)
1351 {
1352 /* It's not another DLL, it's memory already here */
1353 RtlInitUnicodeString(&OverlapDll, L"Dynamically Allocated Memory");
1354 }
1355
1356 DPRINT("Overlapping DLL: %wZ\n", &OverlapDll);
1357
1358 /* Are we dealing with a DLL? */
1359 if (LdrEntry->Flags & LDRP_IMAGE_DLL)
1360 {
1361 /* Check if relocs were stripped */
1362 if (!(NtHeaders->FileHeader.Characteristics & IMAGE_FILE_RELOCS_STRIPPED))
1363 {
1364 /* Get the relocation data */
1365 RelocData = RtlImageDirectoryEntryToData(ViewBase,
1366 TRUE,
1367 IMAGE_DIRECTORY_ENTRY_BASERELOC,
1368 &RelocDataSize);
1369
1370 /* Does the DLL not have any? */
1371 if (!RelocData && !RelocDataSize)
1372 {
1373 /* We'll allow this and simply continue */
1374 goto NoRelocNeeded;
1375 }
1376 }
1377
1378 /* See if this is an Illegal DLL - IE: user32 and kernel32 */
1379 RtlInitUnicodeString(&IllegalDll,L"user32.dll");
1380 if (RtlEqualUnicodeString(&BaseDllName, &IllegalDll, TRUE))
1381 {
1382 /* Can't relocate user32 */
1383 RelocatableDll = FALSE;
1384 }
1385 else
1386 {
1387 RtlInitUnicodeString(&IllegalDll, L"kernel32.dll");
1388 if (RtlEqualUnicodeString(&BaseDllName, &IllegalDll, TRUE))
1389 {
1390 /* Can't relocate kernel32 */
1391 RelocatableDll = FALSE;
1392 }
1393 }
1394
1395 /* Known DLLs are not allowed to be relocated */
1396 if (KnownDll && !RelocatableDll)
1397 {
1398 /* Setup for hard error */
1399 HardErrorParameters[0] = (ULONG_PTR)&IllegalDll;
1400 HardErrorParameters[1] = (ULONG_PTR)&OverlapDll;
1401
1402 DPRINT1("Illegal DLL relocation! %wZ overlaps %wZ\n", &OverlapDll, &IllegalDll);
1403
1404 /* Raise the error */
1405 ZwRaiseHardError(STATUS_ILLEGAL_DLL_RELOCATION,
1406 2,
1407 3,
1408 HardErrorParameters,
1409 OptionOk,
1410 &Response);
1411
1412 /* If initializing, increase the error count */
1413 if (LdrpInLdrInit) LdrpFatalHardErrorCount++;
1414
1415 /* Don't do relocation */
1416 Status = STATUS_CONFLICTING_ADDRESSES;
1417 goto FailRelocate;
1418 }
1419
1420 /* Change the protection to prepare for relocation */
1421 Status = LdrpSetProtection(ViewBase, FALSE);
1422
1423 /* Make sure we changed the protection */
1424 if (NT_SUCCESS(Status))
1425 {
1426 /* Do the relocation */
1427 Status = LdrRelocateImageWithBias(ViewBase, 0LL, NULL, STATUS_SUCCESS,
1428 STATUS_CONFLICTING_ADDRESSES, STATUS_INVALID_IMAGE_FORMAT);
1429
1430 if (NT_SUCCESS(Status))
1431 {
1432 /* Stuff the image name in the TIB, for the debugger */
1433 ArbitraryUserPointer = Teb->NtTib.ArbitraryUserPointer;
1434 Teb->NtTib.ArbitraryUserPointer = FullDllName.Buffer;
1435#if 0
1436 /* Map the DLL */
1437 Status = NtMapViewOfSection(SectionHandle,
1438 NtCurrentProcess(),
1439 &ViewBase,
1440 0,
1441 0,
1442 NULL,
1443 &ViewSize,
1444 ViewShare,
1445 0,
1446 PAGE_READWRITE);
1447#endif
1448 /* Restore */
1449 Teb->NtTib.ArbitraryUserPointer = ArbitraryUserPointer;
1450
1451 /* Return the protection */
1452 Status = LdrpSetProtection(ViewBase, TRUE);
1453 }
1454 }
1455FailRelocate:
1456 /* Handle any kind of failure */
1457 if (!NT_SUCCESS(Status))
1458 {
1459 /* Remove it from the lists */
1460 RemoveEntryList(&LdrEntry->InLoadOrderLinks);
1461 RemoveEntryList(&LdrEntry->InMemoryOrderLinks);
1462 RemoveEntryList(&LdrEntry->HashLinks);
1463
1464 /* Unmap it, clear the entry */
1465 NtUnmapViewOfSection(NtCurrentProcess(), ViewBase);
1466 LdrEntry = NULL;
1467 }
1468
1469 /* Show debug message */
1470 if (ShowSnaps)
1471 {
1472 DPRINT1("LDR: Fixups %successfully re-applied @ %p\n",
1473 NT_SUCCESS(Status) ? "s" : "uns", ViewBase);
1474 }
1475 }
1476 else
1477 {
1478NoRelocNeeded:
1479 /* Not a DLL, or no relocation needed */
1480 Status = STATUS_SUCCESS;
1481
1482 /* Stuff the image name in the TIB, for the debugger */
1483 ArbitraryUserPointer = Teb->NtTib.ArbitraryUserPointer;
1484 Teb->NtTib.ArbitraryUserPointer = FullDllName.Buffer;
1485#if 0
1486 /* Map the DLL */
1487 Status = NtMapViewOfSection(SectionHandle,
1488 NtCurrentProcess(),
1489 &ViewBase,
1490 0,
1491 0,
1492 NULL,
1493 &ViewSize,
1494 ViewShare,
1495 0,
1496 PAGE_READWRITE);
1497#endif
1498 /* Restore */
1499 Teb->NtTib.ArbitraryUserPointer = ArbitraryUserPointer;
1500
1501 /* Show debug message */
1502 if (ShowSnaps)
1503 {
1504 DPRINT1("LDR: Fixups won't be re-applied to non-Dll @ %p\n", ViewBase);
1505 }
1506 }
1507 }
1508
1509 // FIXME: LdrpCheckCorImage() is missing
1510
1511 /* Check if this is an SMP Machine and a DLL */
1512 if ((LdrpNumberOfProcessors > 1) &&
1513 (LdrEntry && (LdrEntry->Flags & LDRP_IMAGE_DLL)))
1514 {
1515 /* Validate the image for MP */
1516 LdrpValidateImageForMp(LdrEntry);
1517 }
1518
1519 // FIXME: LdrpCorUnloadImage() is missing
1520
1521 /* Close section and return status */
1522 NtClose(SectionHandle);
1523 return Status;
1524}
NtMapViewOfSection
NTSTATUS NTAPI NtMapViewOfSection(IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG_PTR ZeroBits, IN SIZE_T CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PSIZE_T ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Protect)
Definition: section.c:3255
ImageNtHeader
PIMAGE_NT_HEADERS WINAPI ImageNtHeader(_In_ PVOID)
NtRaiseHardError
NTSTATUS NTAPI NtRaiseHardError(IN NTSTATUS ErrorStatus, IN ULONG NumberOfParameters, IN ULONG UnicodeStringParameterMask, IN PULONG_PTR Parameters, IN ULONG ValidResponseOptions, OUT PULONG Response)
Definition: harderr.c:551
LDRP_REDIRECTED
#define LDRP_REDIRECTED
Definition: ldrtypes.h:62
LDR_DLL_NOTIFICATION_REASON_LOADED
#define LDR_DLL_NOTIFICATION_REASON_LOADED
Definition: ldrtypes.h:203
LDRP_LOAD_NOTIFICATIONS_SENT
#define LDRP_LOAD_NOTIFICATIONS_SENT
Definition: ldrtypes.h:43
LDRP_IMAGE_NOT_AT_BASE
#define LDRP_IMAGE_NOT_AT_BASE
Definition: ldrtypes.h:55
LDRP_STATIC_LINK
#define LDRP_STATIC_LINK
Definition: ldrtypes.h:38
LdrpResolveDllName
BOOLEAN NTAPI LdrpResolveDllName(PWSTR DllPath, PWSTR DllName, PUNICODE_STRING FullDllName, PUNICODE_STRING BaseDllName)
Definition: ldrutils.c:673
LdrpFetchAddressOfEntryPoint
PVOID NTAPI LdrpFetchAddressOfEntryPoint(IN PVOID ImageBase)
Definition: ldrutils.c:767
LdrpCheckForKnownDll
NTSTATUS NTAPI LdrpCheckForKnownDll(PWSTR DllName, PUNICODE_STRING FullDllName, PUNICODE_STRING BaseDllName, HANDLE *SectionHandle)
Definition: ldrutils.c:788
LdrpInsertMemoryTableEntry
VOID NTAPI LdrpInsertMemoryTableEntry(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: ldrutils.c:1561
LdrpSetProtection
NTSTATUS NTAPI LdrpSetProtection(PVOID ViewBase, BOOLEAN Restore)
Definition: ldrutils.c:921
LdrpAllocateDataTableEntry
PLDR_DATA_TABLE_ENTRY NTAPI LdrpAllocateDataTableEntry(IN PVOID BaseAddress)
Definition: ldrutils.c:1528
LdrpCreateDllSection
NTSTATUS NTAPI LdrpCreateDllSection(IN PUNICODE_STRING FullName, IN HANDLE DllHandle, IN PULONG DllCharacteristics OPTIONAL, OUT PHANDLE SectionHandle)
Definition: ldrutils.c:518
OptionOkCancel
@ OptionOkCancel
Definition: extypes.h:188
ResponseCancel
@ ResponseCancel
Definition: extypes.h:202
PAGE_READWRITE
#define PAGE_READWRITE
Definition: nt_native.h:1304
LdrpNumberOfProcessors
ULONG LdrpNumberOfProcessors
Definition: ldrinit.c:55
LdrpFatalHardErrorCount
ULONG LdrpFatalHardErrorCount
Definition: ldrinit.c:81
LdrpValidateImageForMp
VOID NTAPI LdrpValidateImageForMp(IN PLDR_DATA_TABLE_ENTRY LdrDataTableEntry)
Definition: ldrinit.c:1546
LdrpKnownDllObjectDirectory
HANDLE LdrpKnownDllObjectDirectory
Definition: ldrinit.c:60
LdrpSendDllNotifications
VOID NTAPI LdrpSendDllNotifications(_In_ PLDR_DATA_TABLE_ENTRY DllEntry, _In_ ULONG NotificationReason)
Definition: ldrnotify.c:104
STATUS_IMAGE_MACHINE_TYPE_MISMATCH
#define STATUS_IMAGE_MACHINE_TYPE_MISMATCH
Definition: ntstatus.h:128
STATUS_OBJECT_PATH_SYNTAX_BAD
#define STATUS_OBJECT_PATH_SYNTAX_BAD
Definition: ntstatus.h:295
STATUS_ILLEGAL_DLL_RELOCATION
#define STATUS_ILLEGAL_DLL_RELOCATION
Definition: ntstatus.h:742
STATUS_IMAGE_NOT_AT_BASE
#define STATUS_IMAGE_NOT_AT_BASE
Definition: ntstatus.h:117
IMAGE_DIRECTORY_ENTRY_BASERELOC
#define IMAGE_DIRECTORY_ENTRY_BASERELOC
Definition: pedump.c:264
IMAGE_FILE_DLL
#define IMAGE_FILE_DLL
Definition: pedump.c:169
IMAGE_FILE_RELOCS_STRIPPED
#define IMAGE_FILE_RELOCS_STRIPPED
Definition: pedump.c:159
Static
Definition: window.h:585
_IMAGE_FILE_HEADER::Characteristics
WORD Characteristics
Definition: ntddk_ex.h:128
_LDR_DATA_TABLE_ENTRY::InLoadOrderLinks
LIST_ENTRY InLoadOrderLinks
Definition: ldrtypes.h:142
_LDR_DATA_TABLE_ENTRY::HashLinks
LIST_ENTRY HashLinks
Definition: ldrtypes.h:155
_NT_TIB::ArbitraryUserPointer
PVOID ArbitraryUserPointer
Definition: compat.h:719
_TEB::NtTib
NT_TIB NtTib
Definition: ntddk_ex.h:332
SearchPath
#define SearchPath
Definition: winbase.h:3931

Referenced by LdrpLoadDll(), and LdrpLoadImportModule().

◆ LdrpRecordUnloadEvent()

VOID NTAPI LdrpRecordUnloadEvent ( _In_ PLDR_DATA_TABLE_ENTRY  LdrEntry)

Definition at line 28 of file trace.c.

29{
30 PIMAGE_NT_HEADERS NtHeaders;
31 UINT Sequence = RtlpUnloadEventTraceIndex++;
32 UINT Index = Sequence % RTL_UNLOAD_EVENT_TRACE_NUMBER;
33 USHORT StringLen;
34
35 DPRINT("LdrpRecordUnloadEvent(%wZ, %p - %p)\n", &LdrEntry->BaseDllName, LdrEntry->DllBase,
36 (ULONG_PTR)LdrEntry->DllBase + LdrEntry->SizeOfImage);
37
38 RtlpUnloadEventTrace[Index].BaseAddress = LdrEntry->DllBase;
39 RtlpUnloadEventTrace[Index].SizeOfImage = LdrEntry->SizeOfImage;
40 RtlpUnloadEventTrace[Index].Sequence = Sequence;
41
42 NtHeaders = RtlImageNtHeader(LdrEntry->DllBase);
43
44 if (NtHeaders)
45 {
46 RtlpUnloadEventTrace[Index].TimeDateStamp = NtHeaders->FileHeader.TimeDateStamp;
47 RtlpUnloadEventTrace[Index].CheckSum = NtHeaders->OptionalHeader.CheckSum;
48 }
49 else
50 {
51 RtlpUnloadEventTrace[Index].TimeDateStamp = 0;
52 RtlpUnloadEventTrace[Index].CheckSum = 0;
53 }
54
55 StringLen = min(LdrEntry->BaseDllName.Length / sizeof(WCHAR), RTL_NUMBER_OF(RtlpUnloadEventTrace[Index].ImageName));
56 RtlCopyMemory(RtlpUnloadEventTrace[Index].ImageName, LdrEntry->BaseDllName.Buffer, StringLen * sizeof(WCHAR));
57 if (StringLen < RTL_NUMBER_OF(RtlpUnloadEventTrace[Index].ImageName))
58 RtlpUnloadEventTrace[Index].ImageName[StringLen] = 0;
59}
RTL_NUMBER_OF
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
min
#define min(a, b)
Definition: monoChain.cc:55
UINT
unsigned int UINT
Definition: ndis.h:50
RTL_UNLOAD_EVENT_TRACE_NUMBER
#define RTL_UNLOAD_EVENT_TRACE_NUMBER
Definition: rtltypes.h:1225
RtlpUnloadEventTrace
static RTL_UNLOAD_EVENT_TRACE RtlpUnloadEventTrace[RTL_UNLOAD_EVENT_TRACE_NUMBER]
Definition: trace.c:13
RtlpUnloadEventTraceIndex
static UINT RtlpUnloadEventTraceIndex
Definition: trace.c:14
_IMAGE_OPTIONAL_HEADER::CheckSum
DWORD CheckSum
Definition: ntddk_ex.h:169
_RTL_UNLOAD_EVENT_TRACE::BaseAddress
PVOID BaseAddress
Definition: rtltypes.h:1229
_RTL_UNLOAD_EVENT_TRACE::TimeDateStamp
ULONG TimeDateStamp
Definition: rtltypes.h:1232
_RTL_UNLOAD_EVENT_TRACE::Sequence
ULONG Sequence
Definition: rtltypes.h:1231
_RTL_UNLOAD_EVENT_TRACE::CheckSum
ULONG CheckSum
Definition: rtltypes.h:1233
_RTL_UNLOAD_EVENT_TRACE::ImageName
WCHAR ImageName[32]
Definition: rtltypes.h:1234
_RTL_UNLOAD_EVENT_TRACE::SizeOfImage
ULONG SizeOfImage
Definition: rtltypes.h:1230
Index
_In_ WDFCOLLECTION _In_ ULONG Index
Definition: wdfcollection.h:182

Referenced by LdrUnloadDll().

◆ LdrpRunInitializeRoutines()

NTSTATUS NTAPI LdrpRunInitializeRoutines ( IN PCONTEXT Context  OPTIONAL)

Definition at line 648 of file ldrinit.c.

649{
650 PLDR_DATA_TABLE_ENTRY LocalArray[16];
651 PLIST_ENTRY ListHead;
652 PLIST_ENTRY NextEntry;
653 PLDR_DATA_TABLE_ENTRY LdrEntry, *LdrRootEntry, OldInitializer;
654 PVOID EntryPoint;
655 ULONG Count, i;
656 //ULONG BreakOnInit;
657 NTSTATUS Status = STATUS_SUCCESS;
658 PPEB Peb = NtCurrentPeb();
659 RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
660 ULONG BreakOnDllLoad;
661 PTEB OldTldTeb;
662 BOOLEAN DllStatus;
663
664 DPRINT("LdrpRunInitializeRoutines() called for %wZ (%p/%p)\n",
665 &LdrpImageEntry->BaseDllName,
666 NtCurrentTeb()->RealClientId.UniqueProcess,
667 NtCurrentTeb()->RealClientId.UniqueThread);
668
669 /* Check the Loader Lock */
670 LdrpEnsureLoaderLockIsHeld();
671
672 /* Get the number of entries to call */
673 if ((Count = LdrpClearLoadInProgress()))
674 {
675 /* Check if we can use our local buffer */
676 if (Count > 16)
677 {
678 /* Allocate space for all the entries */
679 LdrRootEntry = RtlAllocateHeap(LdrpHeap,
680 0,
681 Count * sizeof(*LdrRootEntry));
682 if (!LdrRootEntry) return STATUS_NO_MEMORY;
683 }
684 else
685 {
686 /* Use our local array */
687 LdrRootEntry = LocalArray;
688 }
689 }
690 else
691 {
692 /* Don't need one */
693 LdrRootEntry = NULL;
694 }
695
696 /* Show debug message */
697 if (ShowSnaps)
698 {
699 DPRINT1("[%p,%p] LDR: Real INIT LIST for Process %wZ\n",
700 NtCurrentTeb()->RealClientId.UniqueThread,
701 NtCurrentTeb()->RealClientId.UniqueProcess,
702 &Peb->ProcessParameters->ImagePathName);
703 }
704
705 /* Loop in order */
706 ListHead = &Peb->Ldr->InInitializationOrderModuleList;
707 NextEntry = ListHead->Flink;
708 i = 0;
709 while (NextEntry != ListHead)
710 {
711 /* Get the Data Entry */
712 LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InInitializationOrderLinks);
713
714 /* Check if we have a Root Entry */
715 if (LdrRootEntry)
716 {
717 /* Check flags */
718 if (!(LdrEntry->Flags & LDRP_ENTRY_PROCESSED))
719 {
720 /* Setup the Cookie for the DLL */
721 LdrpInitSecurityCookie(LdrEntry);
722
723 /* Check for valid entrypoint */
724 if (LdrEntry->EntryPoint)
725 {
726 /* Write in array */
727 ASSERT(i < Count);
728 LdrRootEntry[i] = LdrEntry;
729
730 /* Display debug message */
731 if (ShowSnaps)
732 {
733 DPRINT1("[%p,%p] LDR: %wZ init routine %p\n",
734 NtCurrentTeb()->RealClientId.UniqueThread,
735 NtCurrentTeb()->RealClientId.UniqueProcess,
736 &LdrEntry->FullDllName,
737 LdrEntry->EntryPoint);
738 }
739 i++;
740 }
741 }
742 }
743
744 /* Set the flag */
745 LdrEntry->Flags |= LDRP_ENTRY_PROCESSED;
746 NextEntry = NextEntry->Flink;
747 }
748
749 Status = STATUS_SUCCESS;
750
751 /* If we got a context, then we have to call Kernel32 for TS support */
752 if (Context)
753 {
754 /* Check if we have one */
755 if (Kernel32ProcessInitPostImportFunction)
756 {
757 /* Call it */
758 Status = Kernel32ProcessInitPostImportFunction();
759 if (!NT_SUCCESS(Status))
760 {
761 DPRINT1("LDR: LdrpRunInitializeRoutines - Failed running kernel32 post-import function, Status=0x%08lx\n", Status);
762 }
763 }
764 /* Clear it */
765 Kernel32ProcessInitPostImportFunction = NULL;
766 }
767
768 /* No root entry? return */
769 if (!LdrRootEntry)
770 return Status;
771
772 /* Set the TLD TEB */
773 OldTldTeb = LdrpTopLevelDllBeingLoadedTeb;
774 LdrpTopLevelDllBeingLoadedTeb = NtCurrentTeb();
775
776 /* Loop */
777 i = 0;
778 while (i < Count)
779 {
780 /* Get an entry */
781 LdrEntry = LdrRootEntry[i];
782
783 /* FIXME: Verify NX Compat */
784
785 /* Move to next entry */
786 i++;
787
788 /* Get its entrypoint */
789 EntryPoint = LdrEntry->EntryPoint;
790
791 /* Are we being debugged? */
792 BreakOnDllLoad = 0;
793 if (Peb->BeingDebugged || Peb->ReadImageFileExecOptions)
794 {
795 /* Check if we should break on load */
796 Status = LdrQueryImageFileExecutionOptions(&LdrEntry->BaseDllName,
797 L"BreakOnDllLoad",
798 REG_DWORD,
799 &BreakOnDllLoad,
800 sizeof(ULONG),
801 NULL);
802 if (!NT_SUCCESS(Status)) BreakOnDllLoad = 0;
803
804 /* Reset status back to STATUS_SUCCESS */
805 Status = STATUS_SUCCESS;
806 }
807
808 /* Break if aksed */
809 if (BreakOnDllLoad)
810 {
811 /* Check if we should show a message */
812 if (ShowSnaps)
813 {
814 DPRINT1("LDR: %wZ loaded.", &LdrEntry->BaseDllName);
815 DPRINT1(" - About to call init routine at %p\n", EntryPoint);
816 }
817
818 /* Break in debugger */
819 DbgBreakPoint();
820 }
821
822 /* Make sure we have an entrypoint */
823 if (EntryPoint)
824 {
825 /* Save the old Dll Initializer and write the current one */
826 OldInitializer = LdrpCurrentDllInitializer;
827 LdrpCurrentDllInitializer = LdrEntry;
828
829 /* Set up the Act Ctx */
830 ActCtx.Size = sizeof(ActCtx);
831 ActCtx.Format = 1;
832 RtlZeroMemory(&ActCtx.Frame, sizeof(RTL_ACTIVATION_CONTEXT_STACK_FRAME));
833
834 /* Activate the ActCtx */
835 RtlActivateActivationContextUnsafeFast(&ActCtx,
836 LdrEntry->EntryPointActivationContext);
837
838 _SEH2_TRY
839 {
840 /* Check if it has TLS */
841 if (LdrEntry->TlsIndex && Context)
842 {
843 /* Call TLS */
844 LdrpCallTlsInitializers(LdrEntry, DLL_PROCESS_ATTACH);
845 }
846
847 /* Call the Entrypoint */
848 if (ShowSnaps)
849 {
850 DPRINT1("%wZ - Calling entry point at %p for DLL_PROCESS_ATTACH\n",
851 &LdrEntry->BaseDllName, EntryPoint);
852 }
853 DllStatus = LdrpCallInitRoutine(EntryPoint,
854 LdrEntry->DllBase,
855 DLL_PROCESS_ATTACH,
856 Context);
857 }
858 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
859 {
860 DllStatus = FALSE;
861 DPRINT1("WARNING: Exception 0x%x during LdrpCallInitRoutine(DLL_PROCESS_ATTACH) for %wZ\n",
862 _SEH2_GetExceptionCode(), &LdrEntry->BaseDllName);
863 }
864 _SEH2_END;
865
866 /* Deactivate the ActCtx */
867 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
868
869 /* Save the Current DLL Initializer */
870 LdrpCurrentDllInitializer = OldInitializer;
871
872 /* Mark the entry as processed */
873 LdrEntry->Flags |= LDRP_PROCESS_ATTACH_CALLED;
874
875 /* Fail if DLL init failed */
876 if (!DllStatus)
877 {
878 DPRINT1("LDR: DLL_PROCESS_ATTACH for dll \"%wZ\" (InitRoutine: %p) failed\n",
879 &LdrEntry->BaseDllName, EntryPoint);
880
881 Status = STATUS_DLL_INIT_FAILED;
882 goto Quickie;
883 }
884 }
885 }
886
887 /* Loop in order */
888 ListHead = &Peb->Ldr->InInitializationOrderModuleList;
889 NextEntry = NextEntry->Flink;
890 while (NextEntry != ListHead)
891 {
892 /* Get the Data Entry */
893 LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InInitializationOrderLinks);
894
895 /* FIXME: Verify NX Compat */
896 // LdrpCheckNXCompatibility()
897
898 /* Next entry */
899 NextEntry = NextEntry->Flink;
900 }
901
902 /* Check for TLS */
903 if (LdrpImageHasTls && Context)
904 {
905 /* Set up the Act Ctx */
906 ActCtx.Size = sizeof(ActCtx);
907 ActCtx.Format = 1;
908 RtlZeroMemory(&ActCtx.Frame, sizeof(RTL_ACTIVATION_CONTEXT_STACK_FRAME));
909
910 /* Activate the ActCtx */
911 RtlActivateActivationContextUnsafeFast(&ActCtx,
912 LdrpImageEntry->EntryPointActivationContext);
913
914 _SEH2_TRY
915 {
916 /* Do TLS callbacks */
917 LdrpCallTlsInitializers(LdrpImageEntry, DLL_PROCESS_ATTACH);
918 }
919 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
920 {
921 /* Do nothing */
922 }
923 _SEH2_END;
924
925 /* Deactivate the ActCtx */
926 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
927 }
928
929Quickie:
930 /* Restore old TEB */
931 LdrpTopLevelDllBeingLoadedTeb = OldTldTeb;
932
933 /* Check if the array is in the heap */
934 if (LdrRootEntry != LocalArray)
935 {
936 /* Free the array */
937 RtlFreeHeap(LdrpHeap, 0, LdrRootEntry);
938 }
939
940 /* Return to caller */
941 DPRINT("LdrpRunInitializeRoutines() done\n");
942 return Status;
943}
LdrpCurrentDllInitializer
PLDR_DATA_TABLE_ENTRY LdrpCurrentDllInitializer
Definition: ldrinit.c:43
LdrQueryImageFileExecutionOptions
NTSTATUS NTAPI LdrQueryImageFileExecutionOptions(_In_ PUNICODE_STRING SubKey, _In_ PCWSTR ValueName, _In_ ULONG Type, _Out_ PVOID Buffer, _In_ ULONG BufferSize, _Out_opt_ PULONG ReturnedLength)
Definition: ldrinit.c:388
LdrpInitSecurityCookie
PVOID NTAPI LdrpInitSecurityCookie(PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: ldrinit.c:452
LdrpTopLevelDllBeingLoadedTeb
PTEB LdrpTopLevelDllBeingLoadedTeb
Definition: libsupp.c:20
LdrpEnsureLoaderLockIsHeld
VOID NTAPI LdrpEnsureLoaderLockIsHeld(VOID)
Definition: ldrinit.c:408
Count
int Count
Definition: noreturn.cpp:7
LdrpClearLoadInProgress
ULONG NTAPI LdrpClearLoadInProgress(VOID)
Definition: ldrutils.c:2649
STATUS_DLL_INIT_FAILED
#define STATUS_DLL_INIT_FAILED
Definition: ntstatus.h:558
_PEB::ReadImageFileExecOptions
BOOLEAN ReadImageFileExecOptions
Definition: ntddk_ex.h:240

Referenced by LdrpGetProcedureAddress(), LdrpInitializeProcess(), and LdrpLoadDll().

◆ LdrpSendDllNotifications()

VOID NTAPI LdrpSendDllNotifications ( _In_ PLDR_DATA_TABLE_ENTRY  DllEntry,
_In_ ULONG  NotificationReason 
)

Definition at line 104 of file ldrnotify.c.

107{
108 PLIST_ENTRY Entry;
109 PLDR_DLL_NOTIFICATION_ENTRY NotificationEntry;
110 LDR_DLL_NOTIFICATION_DATA NotificationData;
111
112 /*
113 * LDR_DLL_LOADED_NOTIFICATION_DATA and LDR_DLL_UNLOADED_NOTIFICATION_DATA
114 * currently are the same. Use C_ASSERT to ensure it, then fill either of them.
115 */
116#define LdrpAssertDllNotificationDataMember(x)\
117 C_ASSERT(FIELD_OFFSET(LDR_DLL_NOTIFICATION_DATA, Loaded.x) ==\
118 FIELD_OFFSET(LDR_DLL_NOTIFICATION_DATA, Unloaded.x))
119
120 C_ASSERT(sizeof(NotificationData.Loaded) == sizeof(NotificationData.Unloaded));
121 LdrpAssertDllNotificationDataMember(Flags);
122 LdrpAssertDllNotificationDataMember(FullDllName);
123 LdrpAssertDllNotificationDataMember(BaseDllName);
124 LdrpAssertDllNotificationDataMember(DllBase);
125 LdrpAssertDllNotificationDataMember(SizeOfImage);
126
127#undef LdrpAssertDllNotificationDataMember
128
129 NotificationData.Loaded.Flags = 0; /* Reserved and always 0, not DllEntry->Flags */
130 NotificationData.Loaded.FullDllName = &DllEntry->FullDllName;
131 NotificationData.Loaded.BaseDllName = &DllEntry->BaseDllName;
132 NotificationData.Loaded.DllBase = DllEntry->DllBase;
133 NotificationData.Loaded.SizeOfImage = DllEntry->SizeOfImage;
134
135 /* Send notification to all registered callbacks */
136 RtlEnterCriticalSection(&LdrpDllNotificationLock);
137 _SEH2_TRY
138 {
139 for (Entry = LdrpDllNotificationList.Flink;
140 Entry != &LdrpDllNotificationList;
141 Entry = Entry->Flink)
142 {
143 NotificationEntry = CONTAINING_RECORD(Entry, LDR_DLL_NOTIFICATION_ENTRY, List);
144 NotificationEntry->Callback(NotificationReason,
145 &NotificationData,
146 NotificationEntry->Context);
147 }
148 }
149 _SEH2_FINALLY
150 {
151 RtlLeaveCriticalSection(&LdrpDllNotificationLock);
152 }
153 _SEH2_END;
154}
C_ASSERT
#define C_ASSERT(e)
Definition: intsafe.h:73
LdrpAssertDllNotificationDataMember
#define LdrpAssertDllNotificationDataMember(x)
LdrpDllNotificationLock
static RTL_CRITICAL_SECTION LdrpDllNotificationLock
Definition: ldrnotify.c:22
_LDR_DLL_NOTIFICATION_ENTRY
Definition: ldrnotify.c:13
_LDR_DLL_NOTIFICATION_DATA
Definition: ldrtypes.h:225
NotificationData
_In_ PCWDF_DEVICE_PNP_NOTIFICATION_DATA NotificationData
Definition: wdfdevice.h:782
List
_Must_inspect_result_ _In_ WDFCMRESLIST List
Definition: wdfresource.h:550
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
NotificationEntry
_In_ ULONG _In_opt_ PVOID _In_ PDRIVER_OBJECT _In_ PDRIVER_NOTIFICATION_CALLBACK_ROUTINE _Inout_opt_ __drv_aliasesMem PVOID _Outptr_result_nullonfailure_ _At_ * NotificationEntry(return==0, __drv_allocatesMem(Mem))) PVOID *NotificationEntry

Referenced by LdrpMapDll(), and LdrUnloadDll().

◆ LdrpSetProtection()

NTSTATUS NTAPI LdrpSetProtection ( PVOID  ViewBase,
BOOLEAN  Restore 
)

Definition at line 921 of file ldrutils.c.

923{
924 PIMAGE_NT_HEADERS NtHeaders;
925 PIMAGE_SECTION_HEADER Section;
926 NTSTATUS Status;
927 PVOID SectionBase;
928 SIZE_T SectionSize;
929 ULONG NewProtection, OldProtection, i;
930
931 /* Get the NT headers */
932 NtHeaders = RtlImageNtHeader(ViewBase);
933 if (!NtHeaders) return STATUS_INVALID_IMAGE_FORMAT;
934
935 /* Compute address of the first section header */
936 Section = IMAGE_FIRST_SECTION(NtHeaders);
937
938 /* Go through all sections */
939 for (i = 0; i < NtHeaders->FileHeader.NumberOfSections; i++)
940 {
941 /* Check for read-only non-zero section */
942 if ((Section->SizeOfRawData) &&
943 !(Section->Characteristics & IMAGE_SCN_MEM_WRITE))
944 {
945 /* Check if we are setting or restoring protection */
946 if (Restore)
947 {
948 /* Set it to either EXECUTE or READONLY */
949 if (Section->Characteristics & IMAGE_SCN_MEM_EXECUTE)
950 {
951 NewProtection = PAGE_EXECUTE;
952 }
953 else
954 {
955 NewProtection = PAGE_READONLY;
956 }
957
958 /* Add PAGE_NOCACHE if needed */
959 if (Section->Characteristics & IMAGE_SCN_MEM_NOT_CACHED)
960 {
961 NewProtection |= PAGE_NOCACHE;
962 }
963 }
964 else
965 {
966 /* Enable write access */
967 NewProtection = PAGE_READWRITE;
968 }
969
970 /* Get the section VA */
971 SectionBase = (PVOID)((ULONG_PTR)ViewBase + Section->VirtualAddress);
972 SectionSize = Section->SizeOfRawData;
973 if (SectionSize)
974 {
975 /* Set protection */
976 Status = ZwProtectVirtualMemory(NtCurrentProcess(),
977 &SectionBase,
978 &SectionSize,
979 NewProtection,
980 &OldProtection);
981 if (!NT_SUCCESS(Status)) return Status;
982 }
983 }
984
985 /* Move to the next section */
986 Section++;
987 }
988
989 /* Flush instruction cache if necessary */
990 if (Restore) ZwFlushInstructionCache(NtCurrentProcess(), NULL, 0);
991 return STATUS_SUCCESS;
992}
PAGE_READONLY
#define PAGE_READONLY
Definition: compat.h:138
ZwFlushInstructionCache
NTSYSAPI NTSTATUS NTAPI ZwFlushInstructionCache(_In_ HANDLE ProcessHandle, _In_ PVOID BaseAddress, _In_ ULONG NumberOfBytesToFlush)
ZwProtectVirtualMemory
NTSYSAPI NTSTATUS NTAPI ZwProtectVirtualMemory(_In_ HANDLE ProcessHandle, _In_ PVOID *BaseAddress, _In_ SIZE_T *NumberOfBytesToProtect, _In_ ULONG NewAccessProtection, _Out_ PULONG OldAccessProtection)
PAGE_NOCACHE
#define PAGE_NOCACHE
Definition: nt_native.h:1311
IMAGE_SCN_MEM_NOT_CACHED
#define IMAGE_SCN_MEM_NOT_CACHED
Definition: ntimage.h:236
IMAGE_SCN_MEM_WRITE
#define IMAGE_SCN_MEM_WRITE
Definition: ntimage.h:241
IMAGE_SCN_MEM_EXECUTE
#define IMAGE_SCN_MEM_EXECUTE
Definition: ntimage.h:239
IMAGE_FIRST_SECTION
#define IMAGE_FIRST_SECTION(NtHeader)
Definition: ntimage.h:427
_IMAGE_FILE_HEADER::NumberOfSections
WORD NumberOfSections
Definition: ntddk_ex.h:123
_IMAGE_SECTION_HEADER
Definition: pedump.c:280
_IMAGE_SECTION_HEADER::SizeOfRawData
DWORD SizeOfRawData
Definition: pedump.c:289
_IMAGE_SECTION_HEADER::Characteristics
DWORD Characteristics
Definition: pedump.c:295
_IMAGE_SECTION_HEADER::VirtualAddress
DWORD VirtualAddress
Definition: pedump.c:288

Referenced by LdrpInitializeProcess(), and LdrpMapDll().

◆ LdrpSnapThunk()

NTSTATUS NTAPI LdrpSnapThunk ( IN PVOID  ExportBase,
IN PVOID  ImportBase,
IN PIMAGE_THUNK_DATA  OriginalThunk,
IN OUT PIMAGE_THUNK_DATA  Thunk,
IN PIMAGE_EXPORT_DIRECTORY  ExportEntry,
IN ULONG  ExportSize,
IN BOOLEAN  Static,
IN LPSTR  DllName 
)

Definition at line 937 of file ldrpe.c.

945{
946 BOOLEAN IsOrdinal;
947 USHORT Ordinal;
948 ULONG OriginalOrdinal = 0;
949 PIMAGE_IMPORT_BY_NAME AddressOfData;
950 PULONG NameTable;
951 PUSHORT OrdinalTable;
952 LPSTR ImportName = NULL, DotPosition;
953 USHORT Hint;
954 NTSTATUS Status;
955 ULONG_PTR HardErrorParameters[3];
956 UNICODE_STRING HardErrorDllName, HardErrorEntryPointName;
957 ANSI_STRING TempString;
958 ULONG Mask;
959 ULONG Response;
960 PULONG AddressOfFunctions;
961 UNICODE_STRING TempUString;
962 ANSI_STRING ForwarderName;
963 PANSI_STRING ForwardName;
964 PVOID ForwarderHandle;
965 ULONG ForwardOrdinal;
966
967 /* Check if the snap is by ordinal */
968 if ((IsOrdinal = IMAGE_SNAP_BY_ORDINAL(OriginalThunk->u1.Ordinal)))
969 {
970 /* Get the ordinal number, and its normalized version */
971 OriginalOrdinal = IMAGE_ORDINAL(OriginalThunk->u1.Ordinal);
972 Ordinal = (USHORT)(OriginalOrdinal - ExportDirectory->Base);
973 }
974 else
975 {
976 /* First get the data VA */
977 AddressOfData = (PIMAGE_IMPORT_BY_NAME)
978 ((ULONG_PTR)ImportBase +
979 ((ULONG_PTR)OriginalThunk->u1.AddressOfData & 0xffffffff));
980
981 /* Get the name */
982 ImportName = (LPSTR)AddressOfData->Name;
983
984 /* Now get the VA of the Name and Ordinal Tables */
985 NameTable = (PULONG)((ULONG_PTR)ExportBase +
986 (ULONG_PTR)ExportDirectory->AddressOfNames);
987 OrdinalTable = (PUSHORT)((ULONG_PTR)ExportBase +
988 (ULONG_PTR)ExportDirectory->AddressOfNameOrdinals);
989
990 /* Get the hint */
991 Hint = AddressOfData->Hint;
992
993 /* Try to get a match by using the hint */
994 if (((ULONG)Hint < ExportDirectory->NumberOfNames) &&
995 (!strcmp(ImportName, ((LPSTR)((ULONG_PTR)ExportBase + NameTable[Hint])))))
996 {
997 /* We got a match, get the Ordinal from the hint */
998 Ordinal = OrdinalTable[Hint];
999 }
1000 else
1001 {
1002 /* Well bummer, hint didn't work, do it the long way */
1003 Ordinal = LdrpNameToOrdinal(ImportName,
1004 ExportDirectory->NumberOfNames,
1005 ExportBase,
1006 NameTable,
1007 OrdinalTable);
1008 }
1009 }
1010
1011 /* Check if the ordinal is invalid */
1012 if ((ULONG)Ordinal >= ExportDirectory->NumberOfFunctions)
1013 {
1014FailurePath:
1015 /* Is this a static snap? */
1016 if (Static)
1017 {
1018 UNICODE_STRING SnapTarget;
1019 PLDR_DATA_TABLE_ENTRY LdrEntry;
1020
1021 /* What was the module we were searching in */
1022 RtlInitAnsiString(&TempString, DllName ? DllName : "Unknown");
1023
1024 /* What was the module we were searching for */
1025 if (LdrpCheckForLoadedDllHandle(ImportBase, &LdrEntry))
1026 SnapTarget = LdrEntry->BaseDllName;
1027 else
1028 RtlInitUnicodeString(&SnapTarget, L"Unknown");
1029
1030 /* Inform the debug log */
1031 if (IsOrdinal)
1032 DPRINT1("Failed to snap ordinal %Z!0x%x for %wZ\n", &TempString, OriginalOrdinal, &SnapTarget);
1033 else
1034 DPRINT1("Failed to snap %Z!%s for %wZ\n", &TempString, ImportName, &SnapTarget);
1035
1036 /* These are critical errors. Setup a string for the DLL name */
1037 RtlAnsiStringToUnicodeString(&HardErrorDllName, &TempString, TRUE);
1038
1039 /* Set it as the parameter */
1040 HardErrorParameters[1] = (ULONG_PTR)&HardErrorDllName;
1041 Mask = 2;
1042
1043 /* Check if we have an ordinal */
1044 if (IsOrdinal)
1045 {
1046 /* Then set the ordinal as the 1st parameter */
1047 HardErrorParameters[0] = OriginalOrdinal;
1048 }
1049 else
1050 {
1051 /* We don't, use the entrypoint. Set up a string for it */
1052 RtlInitAnsiString(&TempString, ImportName);
1053 RtlAnsiStringToUnicodeString(&HardErrorEntryPointName,
1054 &TempString,
1055 TRUE);
1056
1057 /* Set it as the parameter */
1058 HardErrorParameters[0] = (ULONG_PTR)&HardErrorEntryPointName;
1059 Mask = 3;
1060 }
1061
1062 /* Raise the error */
1063 NtRaiseHardError(IsOrdinal ? STATUS_ORDINAL_NOT_FOUND :
1064 STATUS_ENTRYPOINT_NOT_FOUND,
1065 2,
1066 Mask,
1067 HardErrorParameters,
1068 OptionOk,
1069 &Response);
1070
1071 /* Increase the error count */
1072 if (LdrpInLdrInit) LdrpFatalHardErrorCount++;
1073
1074 /* Free our string */
1075 RtlFreeUnicodeString(&HardErrorDllName);
1076 if (!IsOrdinal)
1077 {
1078 /* Free our second string. Return entrypoint error */
1079 RtlFreeUnicodeString(&HardErrorEntryPointName);
1080 RtlRaiseStatus(STATUS_ENTRYPOINT_NOT_FOUND);
1081 }
1082
1083 /* Return ordinal error */
1084 RtlRaiseStatus(STATUS_ORDINAL_NOT_FOUND);
1085 }
1086 else
1087 {
1088 /* Inform the debug log */
1089 if (IsOrdinal)
1090 DPRINT("Non-fatal: Failed to snap ordinal 0x%x\n", OriginalOrdinal);
1091 else
1092 DPRINT("Non-fatal: Failed to snap %s\n", ImportName);
1093 }
1094
1095 /* Set this as a bad DLL */
1096 Thunk->u1.Function = (ULONG_PTR)0xffbadd11;
1097
1098 /* Return the right error code */
1099 Status = IsOrdinal ? STATUS_ORDINAL_NOT_FOUND :
1100 STATUS_ENTRYPOINT_NOT_FOUND;
1101 }
1102 else
1103 {
1104 /* The ordinal seems correct, get the AddressOfFunctions VA */
1105 AddressOfFunctions = (PULONG)
1106 ((ULONG_PTR)ExportBase +
1107 (ULONG_PTR)ExportDirectory->AddressOfFunctions);
1108
1109 /* Write the function pointer*/
1110 Thunk->u1.Function = (ULONG_PTR)ExportBase + AddressOfFunctions[Ordinal];
1111
1112 /* Make sure it's within the exports */
1113 if ((Thunk->u1.Function > (ULONG_PTR)ExportDirectory) &&
1114 (Thunk->u1.Function < ((ULONG_PTR)ExportDirectory + ExportSize)))
1115 {
1116 /* Get the Import and Forwarder Names */
1117 ImportName = (LPSTR)Thunk->u1.Function;
1118
1119 DotPosition = strchr(ImportName, '.');
1120 ASSERT(DotPosition != NULL);
1121 if (!DotPosition)
1122 goto FailurePath;
1123
1124 ForwarderName.Buffer = ImportName;
1125 ForwarderName.Length = (USHORT)(DotPosition - ImportName);
1126 ForwarderName.MaximumLength = ForwarderName.Length;
1127 Status = RtlAnsiStringToUnicodeString(&TempUString,
1128 &ForwarderName,
1129 TRUE);
1130
1131 /* Make sure the conversion was OK */
1132 if (NT_SUCCESS(Status))
1133 {
1134 WCHAR StringBuffer[MAX_PATH];
1135 UNICODE_STRING StaticString, *RedirectedImportName;
1136 BOOLEAN Redirected = FALSE;
1137
1138 RtlInitEmptyUnicodeString(&StaticString, StringBuffer, sizeof(StringBuffer));
1139
1140 /* Check if the SxS Assemblies specify another file */
1141 Status = LdrpApplyFileNameRedirection(
1142 &TempUString, &LdrApiDefaultExtension, &StaticString, NULL, &RedirectedImportName, &Redirected);
1143
1144 if (NT_SUCCESS(Status) && Redirected)
1145 {
1146 if (ShowSnaps)
1147 DPRINT1("LDR: %Z got redirected to %wZ\n", &ForwarderName, RedirectedImportName);
1148 }
1149 else
1150 {
1151 RedirectedImportName = &TempUString;
1152 }
1153
1154 /* Load the forwarder */
1155 Status = LdrpLoadDll(Redirected,
1156 NULL,
1157 NULL,
1158 RedirectedImportName,
1159 &ForwarderHandle,
1160 FALSE);
1161
1162 RtlFreeUnicodeString(&TempUString);
1163 }
1164
1165 /* If the load or conversion failed, use the failure path */
1166 if (!NT_SUCCESS(Status)) goto FailurePath;
1167
1168 /* Now set up a name for the actual forwarder dll */
1169 RtlInitAnsiString(&ForwarderName,
1170 ImportName + ForwarderName.Length + sizeof(CHAR));
1171
1172 /* Check if it's an ordinal forward */
1173 if ((ForwarderName.Length > 1) && (*ForwarderName.Buffer == '#'))
1174 {
1175 /* We don't have an actual function name */
1176 ForwardName = NULL;
1177
1178 /* Convert the string into an ordinal */
1179 Status = RtlCharToInteger(ForwarderName.Buffer + sizeof(CHAR),
1180 0,
1181 &ForwardOrdinal);
1182
1183 /* If this fails, then error out */
1184 if (!NT_SUCCESS(Status)) goto FailurePath;
1185 }
1186 else
1187 {
1188 /* Import by name */
1189 ForwardName = &ForwarderName;
1190 ForwardOrdinal = 0;
1191 }
1192
1193 /* Get the pointer */
1194 Status = LdrpGetProcedureAddress(ForwarderHandle,
1195 ForwardName,
1196 ForwardOrdinal,
1197 (PVOID*)&Thunk->u1.Function,
1198 FALSE);
1199 /* If this fails, then error out */
1200 if (!NT_SUCCESS(Status)) goto FailurePath;
1201 }
1202 else
1203 {
1204 /* It's not within the exports, let's hope it's valid */
1205 if (!AddressOfFunctions[Ordinal]) goto FailurePath;
1206 }
1207
1208 /* If we got here, then it's success */
1209 Status = STATUS_SUCCESS;
1210 }
1211
1212 /* Return status */
1213 return Status;
1214}
StaticString
IN PUNICODE_STRING StaticString
Definition: RtlGetFullPathName_UstrEx.c:29
strcmp
int strcmp(const char *String1, const char *String2)
Definition: utclib.c:469
strchr
char * strchr(const char *String, int ch)
Definition: utclib.c:501
Mask
unsigned int Mask
Definition: fpcontrol.c:82
LdrpNameToOrdinal
USHORT NTAPI LdrpNameToOrdinal(IN LPSTR ImportName, IN ULONG NumberOfNames, IN PVOID ExportBase, IN PULONG NameTable, IN PUSHORT OrdinalTable)
Definition: ldrpe.c:628
RtlRaiseStatus
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
RtlCharToInteger
NTSYSAPI NTSTATUS NTAPI RtlCharToInteger(PCSZ String, ULONG Base, PULONG Value)
Definition: unicode.c:261
LdrpCheckForLoadedDllHandle
BOOLEAN NTAPI LdrpCheckForLoadedDllHandle(IN PVOID Base, OUT PLDR_DATA_TABLE_ENTRY *LdrEntry)
Definition: ldrutils.c:1600
LdrpLoadDll
NTSTATUS NTAPI LdrpLoadDll(IN BOOLEAN Redirected, IN PWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *BaseAddress, IN BOOLEAN CallInit)
Definition: ldrutils.c:2414
LdrpGetProcedureAddress
NTSTATUS NTAPI LdrpGetProcedureAddress(_In_ PVOID BaseAddress, _In_opt_ _When_(Ordinal==0, _Notnull_) PANSI_STRING Name, _In_opt_ _When_(Name==NULL, _In_range_(>, 0)) ULONG Ordinal, _Out_ PVOID *ProcedureAddress, _In_ BOOLEAN ExecuteInit)
Definition: ldrutils.c:2231
IMAGE_SNAP_BY_ORDINAL
#define IMAGE_SNAP_BY_ORDINAL(Ordinal)
Definition: ntimage.h:567
STATUS_ORDINAL_NOT_FOUND
#define STATUS_ORDINAL_NOT_FOUND
Definition: ntstatus.h:548
STATUS_ENTRYPOINT_NOT_FOUND
#define STATUS_ENTRYPOINT_NOT_FOUND
Definition: ntstatus.h:549
IMAGE_ORDINAL
#define IMAGE_ORDINAL(Ordinal)
Definition: pedump.c:337
_ANSI_STRING::Buffer
PSTR Buffer
Definition: env_spec_w32.h:378
_ANSI_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:377
_ANSI_STRING::Length
USHORT Length
Definition: env_spec_w32.h:376
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
PUSHORT
uint16_t * PUSHORT
Definition: typedefs.h:56
LPSTR
char * LPSTR
Definition: xmlstorage.h:182
CHAR
char CHAR
Definition: xmlstorage.h:175

Referenced by LdrpGetProcedureAddress(), and LdrpSnapIAT().

◆ LdrpUnloadShimEngine()

VOID NTAPI LdrpUnloadShimEngine ( VOID  )

◆ LdrpUpdateLoadCount2()

VOID NTAPI LdrpUpdateLoadCount2 ( IN PLDR_DATA_TABLE_ENTRY  LdrEntry,
IN ULONG  Flags 
)

Definition at line 434 of file ldrutils.c.

436{
437 WCHAR Buffer[MAX_PATH];
438 UNICODE_STRING UpdateString;
439
440 /* Setup the string and call the extended API */
441 RtlInitEmptyUnicodeString(&UpdateString, Buffer, sizeof(Buffer));
442 LdrpUpdateLoadCount3(LdrEntry, Flags, &UpdateString);
443}
Buffer
Definition: bufpool.h:45
LdrpUpdateLoadCount3
VOID NTAPI LdrpUpdateLoadCount3(IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN ULONG Flags, OUT PUNICODE_STRING UpdateString)
Definition: ldrutils.c:112

Referenced by LdrAddRefDll(), LdrGetDllHandleEx(), LdrpLoadDll(), and LdrUnloadDll().

◆ LdrpValidateImageForMp()

VOID NTAPI LdrpValidateImageForMp ( IN PLDR_DATA_TABLE_ENTRY  LdrDataTableEntry)

Definition at line 1546 of file ldrinit.c.

1547{
1548 DPRINT("LdrpValidateImageForMp is unimplemented\n");
1549 // TODO:
1550 // Scan the LockPrefixTable in the load config directory
1551}

Referenced by LdrpInitializeProcess(), and LdrpMapDll().

◆ LdrpWalkImportDescriptor()

NTSTATUS NTAPI LdrpWalkImportDescriptor ( IN LPWSTR DllPath  OPTIONAL,
IN PLDR_DATA_TABLE_ENTRY  LdrEntry 
)

Definition at line 670 of file ldrpe.c.

672{
673 RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED ActCtx;
674 PPEB Peb = NtCurrentPeb();
675 NTSTATUS Status = STATUS_SUCCESS, Status2;
676 PIMAGE_BOUND_IMPORT_DESCRIPTOR BoundEntry = NULL;
677 PIMAGE_IMPORT_DESCRIPTOR ImportEntry;
678 ULONG BoundSize, IatSize;
679
680 DPRINT("LdrpWalkImportDescriptor - BEGIN (%wZ %p '%S')\n", &LdrEntry->BaseDllName, LdrEntry, DllPath);
681
682 /* Set up the Act Ctx */
683 RtlZeroMemory(&ActCtx, sizeof(ActCtx));
684 ActCtx.Size = sizeof(ActCtx);
685 ActCtx.Format = RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER;
686
687 /* Check if we have a manifest prober routine */
688 if (LdrpManifestProberRoutine)
689 {
690 /* Probe the DLL for its manifest. Some details are omitted */
691 Status2 = LdrpManifestProberRoutine(LdrEntry->DllBase, LdrEntry->FullDllName.Buffer, &LdrEntry->EntryPointActivationContext);
692
693 if (!NT_SUCCESS(Status2) &&
694 Status2 != STATUS_NO_SUCH_FILE &&
695 Status2 != STATUS_RESOURCE_DATA_NOT_FOUND &&
696 Status2 != STATUS_RESOURCE_TYPE_NOT_FOUND &&
697 Status2 != STATUS_RESOURCE_NAME_NOT_FOUND &&
698 Status2 != STATUS_RESOURCE_LANG_NOT_FOUND)
699 {
700 /* Some serious issue */
701 //Status = Status2; // FIXME: Ignore that error for now
702 DbgPrintEx(DPFLTR_SXS_ID,
703 DPFLTR_WARNING_LEVEL,
704 "LDR: LdrpWalkImportDescriptor() failed to probe %wZ for its "
705 "manifest, ntstatus = 0x%08lx\n",
706 &LdrEntry->FullDllName, Status2);
707 }
708 }
709
710 /* Check if we failed above */
711 if (!NT_SUCCESS(Status)) return Status;
712
713 /* Get the Active ActCtx */
714 if (!LdrEntry->EntryPointActivationContext)
715 {
716 Status = RtlGetActiveActivationContext(&LdrEntry->EntryPointActivationContext);
717
718 if (!NT_SUCCESS(Status))
719 {
720 /* Exit */
721 DbgPrintEx(DPFLTR_SXS_ID,
722 DPFLTR_WARNING_LEVEL,
723 "LDR: RtlGetActiveActivationContext() failed; ntstatus = "
724 "0x%08lx\n",
725 Status);
726 return Status;
727 }
728 }
729
730 /* Activate the ActCtx */
731 RtlActivateActivationContextUnsafeFast(&ActCtx,
732 LdrEntry->EntryPointActivationContext);
733
734 /* Check if we were redirected */
735 if (!(LdrEntry->Flags & LDRP_REDIRECTED))
736 {
737 /* Get the Bound IAT */
738 BoundEntry = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
739 TRUE,
740 IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT,
741 &BoundSize);
742 }
743
744 /* Get the regular IAT, for fallback */
745 ImportEntry = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
746 TRUE,
747 IMAGE_DIRECTORY_ENTRY_IMPORT,
748 &IatSize);
749
750 /* Check if we got at least one */
751 if ((BoundEntry) || (ImportEntry))
752 {
753 /* Do we have a Bound IAT */
754 if (BoundEntry)
755 {
756 /* Handle the descriptor */
757 Status = LdrpHandleNewFormatImportDescriptors(DllPath,
758 LdrEntry,
759 BoundEntry);
760 }
761 else
762 {
763 /* Handle the descriptor */
764 Status = LdrpHandleOldFormatImportDescriptors(DllPath,
765 LdrEntry,
766 ImportEntry);
767 }
768
769 /* Check the status of the handlers */
770 if (NT_SUCCESS(Status))
771 {
772 /* Check for Per-DLL Heap Tagging */
773 if (Peb->NtGlobalFlag & FLG_HEAP_ENABLE_TAG_BY_DLL)
774 {
775 /* FIXME */
776 DPRINT1("We don't support Per-DLL Heap Tagging yet!\n");
777 }
778
779 /* Check if Page Heap was enabled */
780 if (Peb->NtGlobalFlag & FLG_HEAP_PAGE_ALLOCS)
781 {
782 /* Initialize target DLL */
783 AVrfPageHeapDllNotification(LdrEntry);
784 }
785
786 /* Check if Application Verifier was enabled */
787 if (Peb->NtGlobalFlag & FLG_APPLICATION_VERIFIER)
788 {
789 AVrfDllLoadNotification(LdrEntry);
790 }
791
792 /* Just to be safe */
793 Status = STATUS_SUCCESS;
794 }
795 }
796
797 /* Release the activation context */
798 RtlDeactivateActivationContextUnsafeFast(&ActCtx);
799
800 DPRINT("LdrpWalkImportDescriptor - END (%wZ %p)\n", &LdrEntry->BaseDllName, LdrEntry);
801
802 /* Return status */
803 return Status;
804}
DPFLTR_SXS_ID
@ DPFLTR_SXS_ID
Definition: dpfilter.h:79
FLG_HEAP_PAGE_ALLOCS
#define FLG_HEAP_PAGE_ALLOCS
Definition: pstypes.h:84
FLG_HEAP_ENABLE_TAG_BY_DLL
#define FLG_HEAP_ENABLE_TAG_BY_DLL
Definition: pstypes.h:70
RtlGetActiveActivationContext
NTSYSAPI NTSTATUS WINAPI RtlGetActiveActivationContext(HANDLE *)
Definition: actctx.c:5539
LdrpHandleOldFormatImportDescriptors
NTSTATUS NTAPI LdrpHandleOldFormatImportDescriptors(IN LPWSTR DllPath OPTIONAL, IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN PIMAGE_IMPORT_DESCRIPTOR ImportEntry)
Definition: ldrpe.c:606
LdrpManifestProberRoutine
PLDR_MANIFEST_PROBER_ROUTINE LdrpManifestProberRoutine
Definition: ldrpe.c:18
LdrpHandleNewFormatImportDescriptors
NTSTATUS NTAPI LdrpHandleNewFormatImportDescriptors(IN LPWSTR DllPath OPTIONAL, IN PLDR_DATA_TABLE_ENTRY LdrEntry, IN PIMAGE_BOUND_IMPORT_DESCRIPTOR BoundEntry)
Definition: ldrpe.c:492
DPFLTR_WARNING_LEVEL
#define DPFLTR_WARNING_LEVEL
Definition: kdtypes.h:31
RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER
#define RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER
Definition: rtltypes.h:101
AVrfDllLoadNotification
VOID NTAPI AVrfDllLoadNotification(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: verifier.c:298
AVrfPageHeapDllNotification
VOID NTAPI AVrfPageHeapDllNotification(IN PLDR_DATA_TABLE_ENTRY LdrEntry)
Definition: verifier.c:390
STATUS_RESOURCE_LANG_NOT_FOUND
#define STATUS_RESOURCE_LANG_NOT_FOUND
Definition: ntstatus.h:648
STATUS_RESOURCE_NAME_NOT_FOUND
#define STATUS_RESOURCE_NAME_NOT_FOUND
Definition: ntstatus.h:375
STATUS_RESOURCE_TYPE_NOT_FOUND
#define STATUS_RESOURCE_TYPE_NOT_FOUND
Definition: ntstatus.h:374
STATUS_RESOURCE_DATA_NOT_FOUND
#define STATUS_RESOURCE_DATA_NOT_FOUND
Definition: ntstatus.h:373
IMAGE_DIRECTORY_ENTRY_IMPORT
#define IMAGE_DIRECTORY_ENTRY_IMPORT
Definition: pedump.c:260
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
Definition: pedump.c:270
_IMAGE_BOUND_IMPORT_DESCRIPTOR
Definition: winnt_old.h:3468
_IMAGE_IMPORT_DESCRIPTOR
Definition: ntimage.h:572
STATUS_NO_SUCH_FILE
#define STATUS_NO_SUCH_FILE
Definition: udferr_usr.h:137

Referenced by LdrpInitializeProcess(), LdrpLoadDll(), and LdrpLoadImportModule().

◆ RtlDoesFileExists_UStr()

BOOLEAN NTAPI RtlDoesFileExists_UStr ( IN PUNICODE_STRING  FileName)

Definition at line 1503 of file path.c.

1504{
1505 /* Call the updated API */
1506 return RtlDoesFileExists_UstrEx(FileName, TRUE);
1507}
RtlDoesFileExists_UstrEx
BOOLEAN NTAPI RtlDoesFileExists_UstrEx(IN PCUNICODE_STRING FileName, IN BOOLEAN SucceedIfBusy)
Definition: path.c:1430
_FileName
Definition: filecomp.c:348

Referenced by LdrpInitializeDotLocalSupport(), RtlDosApplyFileIsolationRedirection_Ustr(), and START_TEST().

◆ RtlpCloseKeyedEvent()

VOID NTAPI RtlpCloseKeyedEvent ( VOID  )

Definition at line 468 of file condvar.c.

469{
470 ASSERT(CondVarKeyedEventHandle != NULL);
471 NtClose(CondVarKeyedEventHandle);
472 CondVarKeyedEventHandle = NULL;
473}
CondVarKeyedEventHandle
static HANDLE CondVarKeyedEventHandle
Definition: condvar.c:42

Referenced by DllMain().

◆ RtlpInitializeKeyedEvent()

VOID NTAPI RtlpInitializeKeyedEvent ( VOID  )

Definition at line 460 of file condvar.c.

461{
462 ASSERT(CondVarKeyedEventHandle == NULL);
463 NtCreateKeyedEvent(&CondVarKeyedEventHandle, EVENT_ALL_ACCESS, NULL, 0);
464}
NtCreateKeyedEvent
NTSYSAPI NTSTATUS WINAPI NtCreateKeyedEvent(HANDLE *, ACCESS_MASK, const OBJECT_ATTRIBUTES *, ULONG)
EVENT_ALL_ACCESS
#define EVENT_ALL_ACCESS
Definition: isotest.c:82

Referenced by DllMain(), and LdrpInitializeProcess().

◆ RtlpInitializeThreadPooling()

VOID NTAPI RtlpInitializeThreadPooling ( VOID  )

Referenced by LdrpInitializeProcess().

Variable Documentation

◆ g_pfnSE_DllLoaded

PVOID g_pfnSE_DllLoaded
extern

Definition at line 23 of file ldrutils.c.

Referenced by LdrpGetShimEngineInterface(), and LdrpLoadDll().

◆ g_pfnSE_DllUnloaded

PVOID g_pfnSE_DllUnloaded
extern

Definition at line 24 of file ldrutils.c.

Referenced by LdrpGetShimEngineInterface(), and LdrUnloadDll().

◆ g_pfnSE_InstallAfterInit

PVOID g_pfnSE_InstallAfterInit
extern

Definition at line 26 of file ldrutils.c.

Referenced by LdrpGetShimEngineInterface(), and LdrpInitializeProcess().

◆ g_pfnSE_InstallBeforeInit

PVOID g_pfnSE_InstallBeforeInit
extern

Definition at line 25 of file ldrutils.c.

Referenced by LdrpGetShimEngineInterface(), and LdrpLoadShimEngine().

◆ g_pfnSE_ProcessDying

PVOID g_pfnSE_ProcessDying
extern

Definition at line 27 of file ldrutils.c.

Referenced by LdrpGetShimEngineInterface(), and LdrShutdownProcess().

◆ g_pShimEngineModule

PVOID g_pShimEngineModule
extern

Definition at line 22 of file ldrutils.c.

Referenced by LdrInitShimEngineDynamic(), LdrpGetShimEngineFunction(), LdrpLoadShimEngine(), LdrpRunShimEngineInitRoutine(), and LdrpUnloadShimEngine().

◆ g_ShimsEnabled

BOOLEAN g_ShimsEnabled
extern

Definition at line 21 of file ldrutils.c.

Referenced by LdrpGetShimEngineInterface(), LdrpInitializeProcess(), LdrpLoadDll(), LdrpLoadShimEngine(), LdrpUnloadShimEngine(), LdrShutdownProcess(), and LdrUnloadDll().

◆ LdrApiDefaultExtension

UNICODE_STRING LdrApiDefaultExtension
extern

Definition at line 22 of file ldrapi.c.

Referenced by LdrGetDllHandleEx(), LdrLoadDll(), LdrpLoadDll(), LdrpLoadImportModule(), LdrpSnapThunk(), and LdrpUpdateLoadCount3().

◆ LdrpActiveUnloadCount

ULONG LdrpActiveUnloadCount
extern

Definition at line 82 of file ldrinit.c.

Referenced by LdrUnloadDll().

◆ LdrpCurrentDllInitializer

PLDR_DATA_TABLE_ENTRY LdrpCurrentDllInitializer
extern

Definition at line 43 of file ldrinit.c.

Referenced by LdrLoadDll(), and LdrpRunInitializeRoutines().

◆ LdrpDefaultPath

UNICODE_STRING LdrpDefaultPath
extern

Definition at line 63 of file ldrinit.c.

Referenced by LdrpCheckForLoadedDll(), LdrpInitializeProcess(), LdrpMapDll(), LdrpResolveDllName(), and LdrpSearchPath().

◆ LdrpFatalHardErrorCount

ULONG LdrpFatalHardErrorCount
extern

Definition at line 81 of file ldrinit.c.

Referenced by LdrpCreateDllSection(), LdrpInitFailure(), LdrpMapDll(), and LdrpSnapThunk().

◆ LdrpGetModuleHandleCache

PLDR_DATA_TABLE_ENTRY LdrpGetModuleHandleCache
extern

Definition at line 19 of file ldrutils.c.

Referenced by LdrGetDllHandleEx(), and LdrUnloadDll().

◆ LdrpHashTable

LIST_ENTRY LdrpHashTable[LDR_HASH_TABLE_ENTRIES]
extern

Definition at line 59 of file ldrinit.c.

Referenced by LdrpCheckForLoadedDll(), LdrpInitializeProcess(), and LdrpInsertMemoryTableEntry().

◆ LdrpHeap

PVOID LdrpHeap
extern

Definition at line 3 of file ldrinit.c.

Referenced by LdrpAllocateDataTableEntry(), LdrpAllocateUnicodeString(), LdrpCheckForKnownDll(), LdrpFinalizeAndDeallocateDataTableEntry(), LdrpFreeUnicodeString(), LdrpInitializeProcess(), LdrpMapDll(), LdrpResolveDllName(), LdrpRunInitializeRoutines(), LdrRegisterDllNotification(), and LdrUnregisterDllNotification().

◆ LdrpInLdrInit

BOOLEAN LdrpInLdrInit
extern

Definition at line 30 of file ldrinit.c.

Referenced by LdrAddRefDll(), LdrDisableThreadCalloutsForDll(), LdrGetDllHandleEx(), LdrLockLoaderLock(), LdrpCreateDllSection(), LdrpGetProcedureAddress(), LdrpInit(), LdrpLoadDll(), LdrpMapDll(), LdrpSnapThunk(), and LdrUnloadDll().

◆ LdrpKnownDllObjectDirectory

HANDLE LdrpKnownDllObjectDirectory
extern

Definition at line 60 of file ldrinit.c.

Referenced by LdrpCheckForKnownDll(), LdrpInitializeProcess(), and LdrpMapDll().

◆ LdrpKnownDllPath

UNICODE_STRING LdrpKnownDllPath
extern

Definition at line 61 of file ldrinit.c.

Referenced by LdrpCheckForKnownDll(), and LdrpInitializeProcess().

◆ LdrpLdrDatabaseIsSetup

BOOLEAN LdrpLdrDatabaseIsSetup
extern

Definition at line 33 of file ldrinit.c.

Referenced by LdrpInitializeProcess(), and LdrpLoadDll().

◆ LdrpLoadedDllHandleCache

PLDR_DATA_TABLE_ENTRY LdrpLoadedDllHandleCache

Definition at line 59 of file ntdllp.h.

Referenced by LdrUnloadDll().

◆ LdrpLoaderLock

RTL_CRITICAL_SECTION LdrpLoaderLock
extern

Definition at line 68 of file ldrinit.c.

Referenced by LdrLockLoaderLock(), LdrpGetProcedureAddress(), LdrpInit(), LdrpInitializeProcess(), LdrpInitializeThread(), LdrpLoadDll(), LdrShutdownProcess(), LdrShutdownThread(), and LdrUnlockLoaderLock().

◆ LdrpNumberOfProcessors

ULONG LdrpNumberOfProcessors
extern

Definition at line 55 of file ldrinit.c.

Referenced by LdrpInitializeProcess(), and LdrpMapDll().

◆ LdrpShutdownInProgress

BOOLEAN LdrpShutdownInProgress
extern

Definition at line 34 of file ldrinit.c.

Referenced by LdrDisableThreadCalloutsForDll(), LdrUnloadDll(), and RtlDllShutdownInProgress().

◆ LdrpTopLevelDllBeingLoaded

PUNICODE_STRING LdrpTopLevelDllBeingLoaded
extern

Definition at line 40 of file ldrinit.c.

Referenced by LdrLoadDll().

◆ RtlpDphGlobalFlags

ULONG RtlpDphGlobalFlags
extern

Definition at line 108 of file heappage.c.

Referenced by AVrfPageHeapDllNotification(), LdrpInitializeProcess(), RtlpDphProcessStartupInitialization(), and RtlpPageHeapCreate().

◆ RtlpPageHeapEnabled

BOOLEAN RtlpPageHeapEnabled
extern

Definition at line 107 of file heappage.c.

Referenced by LdrpInitializeApplicationVerifierPackage(), LdrpInitializeProcess(), and RtlCreateHeap().

◆ ShowSnaps

BOOLEAN ShowSnaps
extern

Definition at line 79 of file ldrinit.c.

Referenced by LdrAddRefDll(), LdrGetDllHandleEx(), LdrLoadDll(), LdrpAllocateTls(), LdrpCallTlsInitializers(), LdrpCheckForLoadedDll(), LdrpCreateDllSection(), LdrpGetProcedureAddress(), LdrpHandleOneNewFormatImportDescriptor(), LdrpHandleOneOldFormatImportDescriptor(), LdrpInitializeProcess(), LdrpInitializeTls(), LdrpLoadDll(), LdrpMapDll(), LdrpResolveDllName(), LdrpResolveFullName(), LdrpRunInitializeRoutines(), LdrpSearchPath(), LdrpSnapThunk(), LdrpUpdateLoadCount3(), LdrShutdownProcess(), and LdrUnloadDll().