able/windows-nt
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
windows-nt/Source/XPSP1/NT/base/ntdll/ldrapi.c
CryptoAlgo Inc b3cac27891 Add source files
2020-09-26 16:20:57 +08:00

2864 lines
84 KiB
C
Raw Blame History

/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
ldrapi.c
Abstract:
This module implements the Ldr APIs that can be linked with
an application to perform loader services. All of the APIs in
this component are implemented in a DLL. They are not part of the
DLL snap procedure.
Author:
Mike O'Leary (mikeol) 23-Mar-1990
Revision History:
--*/
#include "ldrp.h"
#include "ntos.h"
#include "nt.h"
#include "ntrtl.h"
#include "nturtl.h"
#include "objidl.h"
#include <windows.h>
#include <apcompat.h>
#include <shimhapi.h>
#if defined(_WIN64)
#include <wow64t.h>
#endif // defined(_WIN64)
#define ULONG_PTR_IZE(_x) ((ULONG_PTR) (_x))
#define ULONG_PTR_IZE_SHIFT_AND_MASK(_x, _shift, _mask) ((ULONG_PTR) ((ULONG_PTR_IZE((_x)) & (_mask)) << (_shift)))
#define CHAR_BITS 8
#define LOADER_LOCK_COOKIE_TYPE_BIT_LENGTH (4)
#define LOADER_LOCK_COOKIE_TYPE_BIT_OFFSET ((CHAR_BITS * sizeof(PVOID)) - LOADER_LOCK_COOKIE_TYPE_BIT_LENGTH)
#define LOADER_LOCK_COOKIE_TYPE_BIT_MASK ((1 << LOADER_LOCK_COOKIE_TYPE_BIT_LENGTH) - 1)
#define LOADER_LOCK_COOKIE_TID_BIT_LENGTH (12)
#define LOADER_LOCK_COOKIE_TID_BIT_OFFSET (LOADER_LOCK_COOKIE_TYPE_BIT_OFFSET - LOADER_LOCK_COOKIE_TID_BIT_LENGTH)
#define LOADER_LOCK_COOKIE_TID_BIT_MASK ((1 << LOADER_LOCK_COOKIE_TID_BIT_LENGTH) - 1)
#define LOADER_LOCK_COOKIE_CODE_BIT_LENGTH (16)
#define LOADER_LOCK_COOKIE_CODE_BIT_OFFSET (0)
#define LOADER_LOCK_COOKIE_CODE_BIT_MASK ((1 << LOADER_LOCK_COOKIE_CODE_BIT_LENGTH) - 1)
#define MAKE_LOADER_LOCK_COOKIE(_type, _code) \
((ULONG_PTR) (ULONG_PTR_IZE_SHIFT_AND_MASK((_type), LOADER_LOCK_COOKIE_TYPE_BIT_OFFSET, LOADER_LOCK_COOKIE_TYPE_BIT_MASK) | \
ULONG_PTR_IZE_SHIFT_AND_MASK((HandleToUlong((NtCurrentTeb())->ClientId.UniqueThread)), LOADER_LOCK_COOKIE_TID_BIT_OFFSET, LOADER_LOCK_COOKIE_TID_BIT_MASK) | \
ULONG_PTR_IZE_SHIFT_AND_MASK((_code), LOADER_LOCK_COOKIE_CODE_BIT_OFFSET, LOADER_LOCK_COOKIE_CODE_BIT_MASK)))
#define EXTRACT_LOADER_LOCK_COOKIE_FIELD(_cookie, _shift, _mask) ((((ULONG_PTR) (_cookie)) >> (_shift)) & (_mask))
#define EXTRACT_LOADER_LOCK_COOKIE_TYPE(_cookie) EXTRACT_LOADER_LOCK_COOKIE_FIELD((_cookie), LOADER_LOCK_COOKIE_TYPE_BIT_OFFSET, LOADER_LOCK_COOKIE_TYPE_BIT_MASK)
#define EXTRACT_LOADER_LOCK_COOKIE_TID(_cookie) EXTRACT_LOADER_LOCK_COOKIE_FIELD((_cookie), LOADER_LOCK_COOKIE_TID_BIT_OFFSET, LOADER_LOCK_COOKIE_TID_BIT_MASK)
#define LOADER_LOCK_COOKIE_TYPE_NORMAL (0)
LONG LdrpLoaderLockAcquisitionCount;
// Note the case inconsistency is due to preserving case from earlier versions.
WCHAR DllExtension[] = L".dll";
static UNICODE_STRING DefaultExtension = RTL_CONSTANT_STRING(L".DLL");
PLDR_MANIFEST_PROBER_ROUTINE LdrpManifestProberRoutine = NULL;
extern PFNSE_DLLLOADED g_pfnSE_DllLoaded;
extern PFNSE_DLLUNLOADED g_pfnSE_DllUnloaded;
extern PFNSE_GETPROCADDRESS g_pfnSE_GetProcAddress;
PLDR_APP_COMPAT_DLL_REDIRECTION_CALLBACK_FUNCTION LdrpAppCompatDllRedirectionCallbackFunction = NULL;
PVOID LdrpAppCompatDllRedirectionCallbackData = NULL;
BOOLEAN LdrpShowRecursiveDllLoads;
BOOLEAN LdrpBreakOnRecursiveDllLoads;
PLDR_DATA_TABLE_ENTRY LdrpCurrentDllInitializer;
VOID
RtlpDphDisableFaultInjection (
);
VOID
RtlpDphEnableFaultInjection (
);
ULONG
LdrpClearLoadInProgress(
VOID
);
NTSTATUS
LdrLoadDll (
IN PWSTR DllPath OPTIONAL,
IN PULONG DllCharacteristics OPTIONAL,
IN PUNICODE_STRING DllName,
OUT PVOID *DllHandle
)
/*++
Routine Description:
This function loads a DLL into the calling process address space.
Arguments:
DllPath - Supplies the search path to be used to locate the DLL.
DllCharacteristics - Supplies an optional DLL characteristics flag,
that if specified is used to match against the dll being loaded.
DllName - Supplies the name of the DLL to load.
DllHandle - Returns a handle to the loaded DLL.
Return Value:
TBD
--*/
{
NTSTATUS Status;
WCHAR StaticRedirectedDllNameBuffer[DOS_MAX_PATH_LENGTH];
UNICODE_STRING StaticRedirectedDllName;
UNICODE_STRING DynamicRedirectedDllName = {0};
ULONG LdrpLoadDllFlags = 0;
PCUNICODE_STRING OldTopLevelDllBeingLoaded = NULL;
PVOID LockCookie = NULL;
//
// We need to disable page heap fault injection while loader is active.
// This is important so that we avoid lots of hits(failures) in this
// area. The Disable/Enable function have basically zero impact on
// performance because they just increment/decrement a lock variable
// that is checked when an actual allocation is performed (page heap
// needs to be enabled for that).
//
RtlpDphDisableFaultInjection ();
StaticRedirectedDllName.Length = 0;
StaticRedirectedDllName.MaximumLength = sizeof(StaticRedirectedDllNameBuffer);
StaticRedirectedDllName.Buffer = StaticRedirectedDllNameBuffer;
Status = RtlDosApplyFileIsolationRedirection_Ustr(
RTL_DOS_APPLY_FILE_REDIRECTION_USTR_FLAG_RESPECT_DOT_LOCAL,
DllName, // dll name to look up
&DefaultExtension,
&StaticRedirectedDllName,
&DynamicRedirectedDllName,
&DllName,
NULL,
NULL, // not interested in where the filename starts
NULL); // not interested in bytes required if we only had a static string
if (NT_SUCCESS(Status)) {
LdrpLoadDllFlags |= LDRP_LOAD_DLL_FLAG_DLL_IS_REDIRECTED;
} else if (Status != STATUS_SXS_KEY_NOT_FOUND) {
#if DBG
DbgPrint("%s(%wZ): RtlDosApplyFileIsolationRedirection_Ustr() failed with status %08lx\n", __FUNCTION__, DllName, Status);
#endif // DBG
goto Exit;
}
LdrLockLoaderLock(LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS, NULL, &LockCookie);
__try {
OldTopLevelDllBeingLoaded = LdrpTopLevelDllBeingLoaded;
if (OldTopLevelDllBeingLoaded) {
if (ShowSnaps || LdrpShowRecursiveDllLoads || LdrpBreakOnRecursiveDllLoads) {
DbgPrint(
"[%lx,%lx] LDR: Recursive DLL load\n",
HandleToULong(NtCurrentTeb()->ClientId.UniqueProcess),
HandleToULong(NtCurrentTeb()->ClientId.UniqueThread));
DbgPrint(
"[%lx,%lx] Previous DLL being loaded: \"%wZ\"\n",
HandleToULong(NtCurrentTeb()->ClientId.UniqueProcess),
HandleToULong(NtCurrentTeb()->ClientId.UniqueThread),
OldTopLevelDllBeingLoaded);
DbgPrint(
"[%lx,%lx] DLL being requested: \"%wZ\"\n",
HandleToULong(NtCurrentTeb()->ClientId.UniqueProcess),
HandleToULong(NtCurrentTeb()->ClientId.UniqueThread),
DllName);
if (LdrpCurrentDllInitializer != NULL) {
DbgPrint(
"[%lx,%lx] DLL whose initializer was currently running: \"%wZ\"\n",
HandleToULong(NtCurrentTeb()->ClientId.UniqueProcess),
HandleToULong(NtCurrentTeb()->ClientId.UniqueThread),
&LdrpCurrentDllInitializer->FullDllName);
} else {
DbgPrint(
"[%lx,%lx] No DLL initializer was running\n",
HandleToULong(NtCurrentTeb()->ClientId.UniqueProcess),
HandleToULong(NtCurrentTeb()->ClientId.UniqueThread));
}
}
}
LdrpTopLevelDllBeingLoaded = DllName;
Status = LdrpLoadDll(LdrpLoadDllFlags, DllPath, DllCharacteristics, DllName, DllHandle, TRUE);
if (!NT_SUCCESS(Status)) {
if ((Status != STATUS_NO_SUCH_FILE) &&
(Status != STATUS_DLL_NOT_FOUND) &&
(Status != STATUS_OBJECT_NAME_NOT_FOUND)) {
// Dll initialization failure is common enough that we won't want to print unless snaps are turned on.
if (ShowSnaps || (Status != STATUS_DLL_INIT_FAILED)) {
DbgPrintEx(
DPFLTR_LDR_ID,
LDR_ERROR_DPFLTR,
"LDR: %s - failing because LdrpLoadDll(%wZ) returned status %x\n",
__FUNCTION__,
DllName,
Status);
}
}
goto Exit;
}
} __finally {
LdrpTopLevelDllBeingLoaded = OldTopLevelDllBeingLoaded;
LdrUnlockLoaderLock(LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS, LockCookie);
}
Status = STATUS_SUCCESS;
Exit:
if (DynamicRedirectedDllName.Buffer != NULL)
RtlFreeUnicodeString(&DynamicRedirectedDllName);
//
// Reenable page heap fault injection.
//
RtlpDphEnableFaultInjection ();
return Status;
}
NTSTATUS
NTAPI
LdrpLoadDll(
ULONG Flags OPTIONAL,
IN PWSTR DllPath OPTIONAL,
IN PULONG DllCharacteristics OPTIONAL,
IN PUNICODE_STRING DllName,
OUT PVOID *DllHandle,
IN BOOLEAN RunInitRoutines
)
{
PPEB Peb;
PTEB Teb;
NTSTATUS st;
PLDR_DATA_TABLE_ENTRY LdrDataTableEntry;
PWSTR ActualDllName;
PWCH p, pp;
UNICODE_STRING ActualDllNameStr;
WCHAR FreeBuffer[LDR_MAX_PATH + 1];
BOOLEAN Redirected = ((Flags & LDRP_LOAD_DLL_FLAG_DLL_IS_REDIRECTED) != 0);
const InLdrInit = LdrpInLdrInit;
PVOID LockCookie = NULL;
Peb = NtCurrentPeb();
Teb = NtCurrentTeb();
st = STATUS_SUCCESS;
//
// Except during process initializeation, grab loader lock and Snap All Links to specified DLL
//
if (!InLdrInit)
RtlEnterCriticalSection(&LdrpLoaderLock);
try {
p = DllName->Buffer;
pp = NULL;
while (*p) {
if (*p++ == (WCHAR)'.') {
//
// pp will point to first character after last '.'
//
pp = p;
}
}
ActualDllName = FreeBuffer;
if ( DllName->Length >= sizeof(FreeBuffer)) {
return STATUS_NAME_TOO_LONG;
}
RtlMoveMemory(ActualDllName, DllName->Buffer, DllName->Length);
if (!pp || *pp == (WCHAR)'\\') {
//
// No extension found (just ..\)
//
if (DllName->Length + sizeof(DllExtension) >= sizeof(FreeBuffer)) {
DbgPrintEx(
DPFLTR_LDR_ID,
LDR_ERROR_DPFLTR,
"LDR: %s - Dll name missing extension; with extension added the length is too long\n"
" DllName: (@ %p) \"%wZ\"\n"
" DllName->Length: %u\n",
__FUNCTION__,
DllName, DllName,
DllName->Length);
return STATUS_NAME_TOO_LONG;
}
RtlMoveMemory((PCHAR)ActualDllName+DllName->Length, DllExtension, sizeof(DllExtension));
} else
ActualDllName[DllName->Length >> 1] = UNICODE_NULL;
if (ShowSnaps) {
DbgPrint("LDR: LdrLoadDll, loading %ws from %ws\n",
ActualDllName,
ARGUMENT_PRESENT(DllPath) ? DllPath : L""
);
}
RtlInitUnicodeString(&ActualDllNameStr,ActualDllName);
ActualDllNameStr.MaximumLength = sizeof(FreeBuffer);
if (!LdrpCheckForLoadedDll( DllPath,
&ActualDllNameStr,
FALSE,
Redirected,
&LdrDataTableEntry)) {
st = LdrpMapDll(DllPath,
ActualDllName,
DllCharacteristics,
FALSE,
Redirected,
&LdrDataTableEntry);
if (!NT_SUCCESS(st))
return st;
//
// Register dll with the stack tracing module.
// This is used for getting reliable stack traces on X86.
//
#if defined(_X86_)
RtlpStkMarkDllRange (LdrDataTableEntry);
#endif
if (ARGUMENT_PRESENT( DllCharacteristics ) &&
*DllCharacteristics & IMAGE_FILE_EXECUTABLE_IMAGE) {
LdrDataTableEntry->EntryPoint = 0;
LdrDataTableEntry->Flags &= ~LDRP_IMAGE_DLL;
}
//
// and walk the import descriptor.
//
if (LdrDataTableEntry->Flags & LDRP_IMAGE_DLL) {
try {
//
// if the image is COR-ILONLY, then don't walk the import descriptor
// as it is assumed that it only imports %windir%\system32\mscoree.dll, otherwise
// walk the import descriptor table of the dll.
//
if ((LdrDataTableEntry->Flags & LDRP_COR_IMAGE) == 0) {
st = LdrpWalkImportDescriptor(
DllPath,
LdrDataTableEntry
);
}
} __except(LdrpGenericExceptionFilter(GetExceptionInformation(), __FUNCTION__)) {
st = GetExceptionCode();
DbgPrintEx(
DPFLTR_LDR_ID,
LDR_ERROR_DPFLTR,
"LDR: %s - Exception %x thrown by LdrpWalkImportDescriptor\n",
__FUNCTION__,
st);
}
if ( LdrDataTableEntry->LoadCount != 0xffff )
LdrDataTableEntry->LoadCount++;
LdrpReferenceLoadedDll(LdrDataTableEntry);
if (!NT_SUCCESS(st)) {
LdrDataTableEntry->EntryPoint = NULL;
InsertTailList(
&NtCurrentPeb()->Ldr->InInitializationOrderModuleList,
&LdrDataTableEntry->InInitializationOrderLinks);
LdrpClearLoadInProgress();
if (ShowSnaps)
DbgPrint("LDR: Unloading %wZ due to error %x walking import descriptors\n", DllName, st);
LdrUnloadDll((PVOID)LdrDataTableEntry->DllBase);
return st;
}
}
else {
if ( LdrDataTableEntry->LoadCount != 0xffff ) {
LdrDataTableEntry->LoadCount++;
}
}
//
// Add init routine to list
//
InsertTailList(&NtCurrentPeb()->Ldr->InInitializationOrderModuleList,
&LdrDataTableEntry->InInitializationOrderLinks);
//
// If the loader data base is not fully setup, this load was because
// of a forwarder in the static load set. Can't run init routines
// yet because the load counts are NOT set
//
if ( RunInitRoutines && LdrpLdrDatabaseIsSetup ) {
//
// Shim engine callback. This is the chance to patch
// dynamically loaded modules.
//
if (g_pfnSE_DllLoaded != NULL) {
(*g_pfnSE_DllLoaded)(LdrDataTableEntry);
}
try {
st = LdrpRunInitializeRoutines(NULL);
if ( !NT_SUCCESS(st) ) {
if (ShowSnaps) {
DbgPrint("LDR: Unloading %wZ because either its init routine or one of its static imports failed; status = 0x%08lx", DllName, st);
}
LdrUnloadDll((PVOID)LdrDataTableEntry->DllBase);
}
}
__except (LdrpGenericExceptionFilter(GetExceptionInformation(), __FUNCTION__)) {
st = GetExceptionCode();
DbgPrintEx(
DPFLTR_LDR_ID,
LDR_ERROR_DPFLTR,
"LDR: %s - Exception %08lx thrown running initialization routines for %wZ\n",
__FUNCTION__,
st,
&LdrDataTableEntry->FullDllName);
LdrUnloadDll((PVOID)LdrDataTableEntry->DllBase);
return st;
}
}
else {
st = STATUS_SUCCESS;
}
}
else {
//
// Count it. And everything that it imports.
//
if ( LdrDataTableEntry->Flags & LDRP_IMAGE_DLL &&
LdrDataTableEntry->LoadCount != 0xffff ) {
LdrDataTableEntry->LoadCount++;
LdrpReferenceLoadedDll(LdrDataTableEntry);
//
// Now clear the Load in progress bits
//
LdrpClearLoadInProgress();
}
else {
if ( LdrDataTableEntry->LoadCount != 0xffff ) {
LdrDataTableEntry->LoadCount++;
}
}
}
}
__finally {
if (!InLdrInit)
RtlLeaveCriticalSection(&LdrpLoaderLock);
}
if (NT_SUCCESS(st))
*DllHandle = (PVOID)LdrDataTableEntry->DllBase;
else
*DllHandle = NULL;
return st;
}
NTSTATUS
LdrGetDllHandle(
IN PWSTR DllPath OPTIONAL,
IN PULONG DllCharacteristics OPTIONAL,
IN PUNICODE_STRING DllName,
OUT PVOID *DllHandle
)
{
NTSTATUS Status = STATUS_SUCCESS;
//
// Preserve the old behavior.
//
ULONG Flags = LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT;
Status = LdrGetDllHandleEx(Flags, DllPath, DllCharacteristics, DllName, DllHandle);
return Status;
}
NTSTATUS
LdrGetDllHandleEx(
IN ULONG Flags,
IN PWSTR DllPath OPTIONAL,
IN PULONG DllCharacteristics OPTIONAL,
IN PUNICODE_STRING DllName,
OUT PVOID *DllHandle OPTIONAL
)
/*++
Routine Description:
This function locates the specified DLL and returns its handle.
Arguments:
Flags - various bits to affect the behavior
default: the returned handle is addrefed
LDR_GET_DLL_HANDLE_EX_PIN - the dll will not be unloaded until
the process exits
LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT - the dll's reference
count is not changed
DllPath - Supplies the search path to be used to locate the DLL.
DllCharacteristics - Supplies an optional DLL characteristics flag,
that if specified is used to match against the dll being loaded.
The currently supported flags are:
IMAGE_FILE_EXECUTABLE_IMAGE - indicates that imported dll
referenced by the DLL being loaded should not be followed.
This corresponds to DONT_RESOLVE_DLL_REFERENCES
IMAGE_FILE_SYSTEM - indicates that the DLL is a known trusted
system component and that WinSafer sandbox checking
should not be performed on the DLL before loading it.
DllName - Supplies the name of the DLL to load.
DllHandle - Returns a handle to the loaded DLL.
Return Value:
TBD
--*/
{
NTSTATUS st;
PTEB Teb = NtCurrentTeb();
PPEB Peb = NtCurrentPeb();
PLDR_DATA_TABLE_ENTRY LdrDataTableEntry = NULL;
PWSTR ActualDllName;
PWCH p, pp, pEnd;
UNICODE_STRING ActualDllNameStr;
// These two are made static because we only use them when we have the loader
// lock, and it also reduces the stack by 260*4 bytes.
static WCHAR FreeBuffer[LDR_MAX_PATH + 1];
static WCHAR StaticRedirectedDllNameBuffer[DOS_MAX_PATH_LENGTH];
UNICODE_STRING StaticRedirectedDllName = {0, 0, NULL};
UNICODE_STRING DynamicRedirectedDllName = {0, 0, NULL};
BOOLEAN Redirected = FALSE;
BOOLEAN HoldingLoaderLock = FALSE;
const BOOLEAN InLdrInit = LdrpInLdrInit;
PVOID LockCookie = NULL;
const ULONG ValidFlags = LDR_GET_DLL_HANDLE_EX_PIN | LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT;
__try {
if (DllHandle != NULL) {
*DllHandle = NULL;
}
if (Flags & ~ValidFlags) {
st = STATUS_INVALID_PARAMETER;
goto Exit;
}
//
// DllHandle is optional if you are pinning the .dll, otherwise it is mandatory.
//
if (DllHandle == NULL
&& (Flags & LDR_GET_DLL_HANDLE_EX_PIN) == 0
) {
st = STATUS_INVALID_PARAMETER;
goto Exit;
}
if ( (Flags & LDR_GET_DLL_HANDLE_EX_PIN)
&& (Flags & LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT)
) {
st = STATUS_INVALID_PARAMETER;
goto Exit;
}
//
// Grab Ldr lock
//
if (!InLdrInit) {
st = LdrLockLoaderLock(0, NULL, &LockCookie);
if (!NT_SUCCESS(st))
goto Exit;
HoldingLoaderLock = TRUE;
}
#if DBG
ASSERT( FreeBuffer[0] == UNICODE_NULL
|| (LdrpShutdownInProgress && LdrpShutdownThreadId == NtCurrentTeb()->ClientId.UniqueThread));
ASSERT( StaticRedirectedDllNameBuffer[0] == UNICODE_NULL
|| (LdrpShutdownInProgress && LdrpShutdownThreadId == NtCurrentTeb()->ClientId.UniqueThread));
FreeBuffer[0] = L' ';
StaticRedirectedDllNameBuffer[0] = L' ';
#endif
StaticRedirectedDllName.Length = 0;
StaticRedirectedDllName.MaximumLength = sizeof(StaticRedirectedDllNameBuffer);
StaticRedirectedDllName.Buffer = StaticRedirectedDllNameBuffer;
st = RtlDosApplyFileIsolationRedirection_Ustr(
RTL_DOS_APPLY_FILE_REDIRECTION_USTR_FLAG_RESPECT_DOT_LOCAL,
DllName,
&DefaultExtension,
&StaticRedirectedDllName,
&DynamicRedirectedDllName,
&DllName,
NULL,
NULL,
NULL);
if (NT_SUCCESS(st)) {
Redirected = TRUE;
} else if (st != STATUS_SXS_KEY_NOT_FOUND) {
// Something unusual and bad happened.
__leave;
}
st = STATUS_DLL_NOT_FOUND;
if ( LdrpGetModuleHandleCache ) {
if (Redirected) {
if (((LdrpGetModuleHandleCache->Flags & LDRP_REDIRECTED) != 0) &&
RtlEqualUnicodeString(DllName, &LdrpGetModuleHandleCache->FullDllName, TRUE)) {
LdrDataTableEntry = LdrpGetModuleHandleCache;
st = STATUS_SUCCESS;
goto Exit;
}
} else {
// Not redirected...
if (((LdrpGetModuleHandleCache->Flags & LDRP_REDIRECTED) == 0) &&
RtlEqualUnicodeString(DllName, &LdrpGetModuleHandleCache->BaseDllName, TRUE)) {
LdrDataTableEntry = LdrpGetModuleHandleCache;
st = STATUS_SUCCESS;
goto Exit;
}
}
}
p = DllName->Buffer;
pEnd = p + (DllName->Length / sizeof(WCHAR));
pp = NULL;
while (p != pEnd) {
if (*p++ == L'.') {
//
// pp will point to first character after last '.'
//
pp = p;
}
}
ActualDllName = FreeBuffer;
if ( DllName->Length >= sizeof(FreeBuffer)) {
st = STATUS_NAME_TOO_LONG;
__leave;
}
RtlCopyMemory(ActualDllName, DllName->Buffer, DllName->Length);
if ((pp == NULL) || (*pp == L'\\') || (*pp == L'/')) {
//
// No extension found (just ..\)
//
if ( DllName->Length + (5 * sizeof(WCHAR)) >= sizeof(FreeBuffer) ) {
st = STATUS_NAME_TOO_LONG;
__leave;
}
RtlCopyMemory(((PCHAR)ActualDllName) + DllName->Length, DllExtension, sizeof(DllExtension));
} else {
//
// see if the name ends in . If it does, trim out the trailing
// .
//
if ((DllName->Length != 0) && (ActualDllName[(DllName->Length / sizeof(WCHAR)) - 1] == L'.')) {
DllName->Length -= sizeof(WCHAR);
}
ActualDllName[DllName->Length / sizeof(WCHAR)] = UNICODE_NULL;
}
//
// Check the LdrTable to see if Dll has already been loaded
// into this image.
//
RtlInitUnicodeString(&ActualDllNameStr,ActualDllName);
ActualDllNameStr.MaximumLength = sizeof(FreeBuffer);
if (ShowSnaps) {
DbgPrint(
"LDR: LdrGetDllHandle, searching for %ws from %ws\n",
ActualDllName,
ARGUMENT_PRESENT(DllPath) ? (DllPath == (PWSTR)1 ? L"" : DllPath) : L""
);
}
//
// sort of a hack, but done to speed up GetModuleHandle. kernel32
// now does a two pass call here to avoid computing
// process dll path
//
if (LdrpCheckForLoadedDll(DllPath,
&ActualDllNameStr,
(BOOLEAN)(DllPath == (PWSTR)1 ? TRUE : FALSE),
Redirected,
&LdrDataTableEntry)) {
LdrpGetModuleHandleCache = LdrDataTableEntry;
st = STATUS_SUCCESS;
goto Exit;
}
LdrDataTableEntry = NULL;
RTL_SOFT_ASSERT(st == STATUS_DLL_NOT_FOUND);
Exit:
ASSERT((LdrDataTableEntry != NULL) == NT_SUCCESS(st));
if (LdrDataTableEntry != NULL && NT_SUCCESS(st)) {
//
// It's standard gross procedure to put the check for 0xffff,
// and the updaates of the root LoadCount outside the
// call to LdrpUpdateLoadCount..
//
if (LdrDataTableEntry->LoadCount != 0xffff) {
if ((Flags & LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT) != 0
){
// nothing
}
else {
if (Flags & LDR_GET_DLL_HANDLE_EX_PIN) {
LdrDataTableEntry->LoadCount = 0xffff;
LdrpPinLoadedDll(LdrDataTableEntry);
}
else {
LdrDataTableEntry->LoadCount++;
LdrpReferenceLoadedDll(LdrDataTableEntry);
}
LdrpClearLoadInProgress();
}
}
if (DllHandle != NULL
) {
*DllHandle = (PVOID)LdrDataTableEntry->DllBase;
}
}
if (DynamicRedirectedDllName.Buffer != NULL)
RtlFreeUnicodeString(&DynamicRedirectedDllName);
} __finally {
#if DBG
FreeBuffer[0] = UNICODE_NULL;
StaticRedirectedDllNameBuffer[0] = UNICODE_NULL;
#endif
if (HoldingLoaderLock) {
LdrUnlockLoaderLock(LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS, LockCookie);
HoldingLoaderLock = FALSE;
}
}
return st;
}
NTSTATUS
LdrDisableThreadCalloutsForDll (
IN PVOID DllHandle
)
/*++
Routine Description:
This function disables thread attach and detach notification
for the specified DLL.
Arguments:
DllHandle - Supplies a handle to the DLL to disable.
Return Value:
TBD
--*/
{
NTSTATUS st = STATUS_SUCCESS;
PLDR_DATA_TABLE_ENTRY LdrDataTableEntry = NULL;
const BOOLEAN InLdrInit = LdrpInLdrInit;
BOOL HoldingLoaderLock = FALSE;
PVOID LockCookie = NULL;
if ( LdrpShutdownInProgress ) {
return STATUS_SUCCESS;
}
try {
if ( InLdrInit == FALSE ) {
st = LdrLockLoaderLock(0, NULL, &LockCookie);
if (!NT_SUCCESS(st))
goto Exit;
HoldingLoaderLock = TRUE;
}
if (LdrpCheckForLoadedDllHandle(DllHandle, &LdrDataTableEntry)) {
if ( LdrDataTableEntry->TlsIndex ) {
st = STATUS_DLL_NOT_FOUND;
}
else {
LdrDataTableEntry->Flags |= LDRP_DONT_CALL_FOR_THREADS;
}
}
Exit:
;
}
finally {
if (HoldingLoaderLock) {
LdrUnlockLoaderLock(LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS, LockCookie);
HoldingLoaderLock = FALSE;
}
}
return st;
}
NTSTATUS
LdrUnloadDll (
IN PVOID DllHandle
)
/*++
Routine Description:
This function unloads the DLL from the specified process
Arguments:
DllHandle - Supplies a handle to the DLL to unload.
Return Value:
TBD
--*/
{
NTSTATUS st;
PPEB Peb;
PLDR_DATA_TABLE_ENTRY LdrDataTableEntry;
PLDR_DATA_TABLE_ENTRY Entry;
PDLL_INIT_ROUTINE InitRoutine;
LIST_ENTRY LocalUnloadHead;
PLIST_ENTRY Next;
ULONG Cor20HeaderSize;
PIMAGE_COR20_HEADER *Cor20Header;
Peb = NtCurrentPeb();
st = STATUS_SUCCESS;
try {
//
// Grab Peb lock and decrement reference count of all affected DLLs
//
if (!LdrpInLdrInit)
RtlEnterCriticalSection(&LdrpLoaderLock);
LdrpActiveUnloadCount++;
if ( LdrpShutdownInProgress ) {
goto leave_finally;
}
if (!LdrpCheckForLoadedDllHandle(DllHandle, &LdrDataTableEntry)) {
st = STATUS_DLL_NOT_FOUND;
goto leave_finally;
}
//
// Now that we have the data table entry, unload it
//
if ( LdrDataTableEntry->LoadCount != 0xffff ) {
LdrDataTableEntry->LoadCount--;
if ( LdrDataTableEntry->Flags & LDRP_IMAGE_DLL ) {
RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME Frame = { sizeof(Frame), RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER };
RtlActivateActivationContextUnsafeFast(&Frame, LdrDataTableEntry->EntryPointActivationContext);
__try {
LdrpDereferenceLoadedDll(LdrDataTableEntry);
} __finally {
RtlDeactivateActivationContextUnsafeFast(&Frame);
}
}
} else {
//
// if the load count is 0xffff, then we do not need to recurse
// through this DLL's import table.
//
// Additionally, we don't have to scan more LoadCount == 0
// modules since nothing could have happened as a result of a free on this
// DLL.
goto leave_finally;
}
//
// Now process init routines and then in a second pass, unload
// DLLs
//
if (ShowSnaps) {
DbgPrint("LDR: UNINIT LIST\n");
}
if (LdrpActiveUnloadCount == 1 ) {
InitializeListHead(&LdrpUnloadHead);
}
//
// Go in reverse order initialization order and build
// the unload list
//
Next = Peb->Ldr->InInitializationOrderModuleList.Blink;
while ( Next != &Peb->Ldr->InInitializationOrderModuleList) {
LdrDataTableEntry
= (PLDR_DATA_TABLE_ENTRY)
(CONTAINING_RECORD(Next,LDR_DATA_TABLE_ENTRY,InInitializationOrderLinks));
Next = Next->Blink;
LdrDataTableEntry->Flags &= ~LDRP_UNLOAD_IN_PROGRESS;
if (LdrDataTableEntry->LoadCount == 0) {
if (ShowSnaps) {
DbgPrint(" (%d) [%ws] %ws (%lx) deinit %lx\n",
LdrpActiveUnloadCount,
LdrDataTableEntry->BaseDllName.Buffer,
LdrDataTableEntry->FullDllName.Buffer,
(ULONG)LdrDataTableEntry->LoadCount,
LdrDataTableEntry->EntryPoint
);
}
Entry = LdrDataTableEntry;
//
// Shim engine callback. Remove it from the shim list of hooked modules
//
if (g_pfnSE_DllUnloaded != NULL) {
(*g_pfnSE_DllUnloaded)(Entry);
}
RemoveEntryList(&Entry->InInitializationOrderLinks);
RemoveEntryList(&Entry->InMemoryOrderLinks);
RemoveEntryList(&Entry->HashLinks);
if ( LdrpActiveUnloadCount > 1 ) {
LdrpLoadedDllHandleCache = NULL;
Entry->InMemoryOrderLinks.Flink = NULL;
}
InsertTailList(&LdrpUnloadHead,&Entry->HashLinks);
}
}
//
// End of new code
//
//
// We only do init routine call's and module free's at the top level,
// so if the active count is > 1, just return
//
if (LdrpActiveUnloadCount > 1 ) {
goto leave_finally;
}
//
// Now that the unload list is built, walk through the unload
// list in order and call the init routine. The dll must remain
// on the InLoadOrderLinks so that the pctoheader stuff will
// still work
//
InitializeListHead(&LocalUnloadHead);
Entry = NULL;
Next = LdrpUnloadHead.Flink;
while ( Next != &LdrpUnloadHead ) {
top:
if ( Entry ) {
#if defined(_AMD64_) // || defined(_IA64_)
RtlRemoveInvertedFunctionTable(&LdrpInvertedFunctionTable,
Entry->DllBase);
#endif
RemoveEntryList(&(Entry->InLoadOrderLinks));
Entry = NULL;
Next = LdrpUnloadHead.Flink;
if (Next == &LdrpUnloadHead ) {
goto bottom;
}
}
LdrDataTableEntry
= (PLDR_DATA_TABLE_ENTRY)
(CONTAINING_RECORD(Next,LDR_DATA_TABLE_ENTRY,HashLinks));
//
// Remove dll from the global unload list and place
// on the local unload list. This is because the global list
// can change during the callout to the init routine
//
Entry = LdrDataTableEntry;
LdrpLoadedDllHandleCache = NULL;
Entry->InMemoryOrderLinks.Flink = NULL;
RemoveEntryList(&Entry->HashLinks);
InsertTailList(&LocalUnloadHead,&Entry->HashLinks);
//
// If the function has an init routine, call it.
//
InitRoutine = (PDLL_INIT_ROUTINE)LdrDataTableEntry->EntryPoint;
if (InitRoutine && (LdrDataTableEntry->Flags & LDRP_PROCESS_ATTACH_CALLED) ) {
try {
if (ShowSnaps) {
DbgPrint("LDR: Calling deinit %lx\n",InitRoutine);
}
LDRP_ACTIVATE_ACTIVATION_CONTEXT(LdrDataTableEntry);
LdrpCallInitRoutine(InitRoutine,
LdrDataTableEntry->DllBase,
DLL_PROCESS_DETACH,
NULL);
LDRP_DEACTIVATE_ACTIVATION_CONTEXT();
#if defined(_AMD64_) // || defined(_IA64_)
RtlRemoveInvertedFunctionTable(&LdrpInvertedFunctionTable,
Entry->DllBase);
#endif
RemoveEntryList(&Entry->InLoadOrderLinks);
Entry = NULL;
Next = LdrpUnloadHead.Flink;
}
except(LdrpGenericExceptionFilter(GetExceptionInformation(), __FUNCTION__)){
DbgPrintEx(
DPFLTR_LDR_ID,
LDR_ERROR_DPFLTR,
"LDR: %s - exception %08lx caught while sending DLL_PROCESS_DETACH\n",
__FUNCTION__,
GetExceptionCode());
DbgPrintEx(
DPFLTR_LDR_ID,
LDR_ERROR_DPFLTR,
" Dll Name: %wZ\n",
&LdrDataTableEntry->FullDllName);
DbgPrintEx(
DPFLTR_LDR_ID,
LDR_ERROR_DPFLTR,
" InitRoutine: %p\n",
InitRoutine);
goto top;
}
} else {
#if defined(_AMD64_) // || defined(_IA64_)
RtlRemoveInvertedFunctionTable(&LdrpInvertedFunctionTable,
Entry->DllBase);
#endif
RemoveEntryList(&(Entry->InLoadOrderLinks));
Entry = NULL;
Next = LdrpUnloadHead.Flink;
}
}
bottom:
//
// Now, go through the modules and unmap them
//
Next = LocalUnloadHead.Flink;
while ( Next != &LocalUnloadHead ) {
LdrDataTableEntry
= (PLDR_DATA_TABLE_ENTRY)
(CONTAINING_RECORD(Next,LDR_DATA_TABLE_ENTRY,HashLinks));
Next = Next->Flink;
Entry = LdrDataTableEntry;
//
// Now that we called the all the init routines with `detach'
// there is no excuse if we find a live CS in that region.
//
// Note: gdi32.dll's critical sections are deleted only on
// user32.dll'd DllMain( DLL_PROCESS_DETACH ) so we cannot
// do this check prior to this point.
//
RtlpCheckForCriticalSectionsInMemoryRange (LdrDataTableEntry->DllBase,
LdrDataTableEntry->SizeOfImage,
(PVOID)LdrDataTableEntry);
//
// Notify verifier that a dll will be unloaded.
//
if (NtCurrentPeb()->NtGlobalFlag & FLG_APPLICATION_VERIFIER) {
AVrfDllUnloadNotification (LdrDataTableEntry);
}
//
// Unmap this DLL.
//
if (ShowSnaps) {
DbgPrint("LDR: Unmapping [%ws]\n",
LdrDataTableEntry->BaseDllName.Buffer
);
}
Cor20Header = RtlImageDirectoryEntryToData(Entry->DllBase,
TRUE,
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR,
&Cor20HeaderSize);
if (Cor20Header != NULL) {
LdrpCorUnloadImage(Entry->DllBase);
}
if (!(Entry->Flags & LDRP_COR_OWNS_UNMAP)) {
st = NtUnmapViewOfSection(NtCurrentProcess(),Entry->DllBase);
ASSERT(NT_SUCCESS(st));
}
LdrUnloadAlternateResourceModule(Entry->DllBase);
LdrpSendDllUnloadedNotifications(Entry, (LdrpShutdownInProgress ? LDR_DLL_UNLOADED_FLAG_PROCESS_TERMINATION : 0));
LdrpFinalizeAndDeallocateDataTableEntry(Entry);
if ( Entry == LdrpGetModuleHandleCache ) {
LdrpGetModuleHandleCache = NULL;
}
}
leave_finally:;
}
finally {
LdrpActiveUnloadCount--;
if (!LdrpInLdrInit)
RtlLeaveCriticalSection(&LdrpLoaderLock);
}
return st;
}
NTSTATUS
LdrGetProcedureAddress (
IN PVOID DllHandle,
IN CONST ANSI_STRING* ProcedureName OPTIONAL,
IN ULONG ProcedureNumber OPTIONAL,
OUT PVOID *ProcedureAddress
)
{
return LdrpGetProcedureAddress(DllHandle,ProcedureName,ProcedureNumber,ProcedureAddress,TRUE);
}
NTSTATUS
LdrpGetProcedureAddress (
IN PVOID DllHandle,
IN CONST ANSI_STRING* ProcedureName OPTIONAL,
IN ULONG ProcedureNumber OPTIONAL,
OUT PVOID *ProcedureAddress,
IN BOOLEAN RunInitRoutines
)
/*++
Routine Description:
This function locates the address of the specified procedure in the
specified DLL and returns its address.
Arguments:
DllHandle - Supplies a handle to the DLL that the address is being
looked up in.
ProcedureName - Supplies that address of a string that contains the
name of the procedure to lookup in the DLL. If this argument is
not specified, then the ProcedureNumber is used.
ProcedureNumber - Supplies the procedure number to lookup. If
ProcedureName is specified, then this argument is ignored.
Otherwise, it specifies the procedure ordinal number to locate
in the DLL.
ProcedureAddress - Returns the address of the procedure found in
the DLL.
Return Value:
TBD
--*/
{
NTSTATUS st;
UCHAR FunctionNameBuffer[64];
ULONG cb, ExportSize;
PLDR_DATA_TABLE_ENTRY LdrDataTableEntry;
IMAGE_THUNK_DATA Thunk;
PVOID ImageBase;
PIMAGE_IMPORT_BY_NAME FunctionName;
PIMAGE_EXPORT_DIRECTORY ExportDirectory;
PLIST_ENTRY Next;
if (ShowSnaps) {
DbgPrint("LDR: LdrGetProcedureAddress by ");
}
FunctionName = NULL;
if ( ARGUMENT_PRESENT(ProcedureName) ) {
if (ShowSnaps) {
DbgPrint("NAME - %s\n", ProcedureName->Buffer);
}
if (ProcedureName->Length >= sizeof( FunctionNameBuffer )-1 ) {
FunctionName = RtlAllocateHeap(RtlProcessHeap(), MAKE_TAG( TEMP_TAG ),ProcedureName->Length+1+sizeof(USHORT));
if ( !FunctionName ) {
return STATUS_INVALID_PARAMETER;
}
} else {
FunctionName = (PIMAGE_IMPORT_BY_NAME) FunctionNameBuffer;
}
FunctionName->Hint = 0;
cb = ProcedureName->Length;
RtlCopyMemory (FunctionName->Name, ProcedureName->Buffer, cb);
FunctionName->Name[cb] = '\0';
//
// Make sure we don't pass in address with high bit set so we
// can still use it as ordinal flag
//
ImageBase = FunctionName;
Thunk.u1.AddressOfData = 0;
} else {
ImageBase = NULL;
if (ShowSnaps) {
DbgPrint("ORDINAL - %lx\n", ProcedureNumber);
}
if (ProcedureNumber) {
Thunk.u1.Ordinal = ProcedureNumber | IMAGE_ORDINAL_FLAG;
} else {
return STATUS_INVALID_PARAMETER;
}
}
if (!LdrpInLdrInit)
RtlEnterCriticalSection(&LdrpLoaderLock);
try {
if (!LdrpCheckForLoadedDllHandle(DllHandle, &LdrDataTableEntry)) {
st = STATUS_DLL_NOT_FOUND;
return st;
}
ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)RtlImageDirectoryEntryToData(
LdrDataTableEntry->DllBase,
TRUE,
IMAGE_DIRECTORY_ENTRY_EXPORT,
&ExportSize
);
if (!ExportDirectory) {
return STATUS_PROCEDURE_NOT_FOUND;
}
st = LdrpSnapThunk(LdrDataTableEntry->DllBase,
ImageBase,
&Thunk,
&Thunk,
ExportDirectory,
ExportSize,
FALSE,
NULL
);
if ( RunInitRoutines ) {
PLDR_DATA_TABLE_ENTRY LdrInitEntry;
//
// Look at last entry in init order list. If entry processed
// flag is not set, then a forwarded dll was loaded during the
// getprocaddr call and we need to run init routines
//
Next = NtCurrentPeb()->Ldr->InInitializationOrderModuleList.Blink;
LdrInitEntry = CONTAINING_RECORD(Next, LDR_DATA_TABLE_ENTRY, InInitializationOrderLinks);
if ( !(LdrInitEntry->Flags & LDRP_ENTRY_PROCESSED) ) {
//
// Shim engine callback. This is the chance to patch
// dynamically loaded modules.
//
/*
if (g_pfnSE_DllLoaded != NULL) {
(*g_pfnSE_DllLoaded)(NULL);
}
*/
try {
st = LdrpRunInitializeRoutines(NULL);
}
except(LdrpGenericExceptionFilter(GetExceptionInformation(), __FUNCTION__)) {
st = GetExceptionCode();
DbgPrintEx(
DPFLTR_LDR_ID,
LDR_ERROR_DPFLTR,
"LDR: %s - Exception %x thrown by LdrpRunInitializeRoutines\n",
__FUNCTION__,
st);
}
}
}
if ( NT_SUCCESS(st) ) {
*ProcedureAddress = (PVOID)Thunk.u1.Function;
//
// Shim engine callback. Modify the address of the procedure if needed
//
if (g_pfnSE_GetProcAddress != NULL) {
(*g_pfnSE_GetProcAddress)(ProcedureAddress);
}
}
} finally {
if ( FunctionName && (FunctionName != (PIMAGE_IMPORT_BY_NAME) FunctionNameBuffer) ) {
RtlFreeHeap(RtlProcessHeap(),0,FunctionName);
}
if (!LdrpInLdrInit)
RtlLeaveCriticalSection(&LdrpLoaderLock);
}
return st;
}
NTSTATUS
NTAPI
LdrVerifyImageMatchesChecksum (
IN HANDLE ImageFileHandle,
IN PLDR_IMPORT_MODULE_CALLBACK ImportCallbackRoutine OPTIONAL,
IN PVOID ImportCallbackParameter,
OUT PUSHORT ImageCharacteristics OPTIONAL
)
{
NTSTATUS Status;
HANDLE Section;
PVOID ViewBase;
SIZE_T ViewSize;
IO_STATUS_BLOCK IoStatusBlock;
FILE_STANDARD_INFORMATION StandardInfo;
PIMAGE_SECTION_HEADER LastRvaSection;
BOOLEAN b;
BOOLEAN JustDoSideEffects;
//
// stevewo added all sorts of side effects to this API. We want to stop
// doing checksums for known dll's, but really want the sideeffects
// (ImageCharacteristics write, and Import descriptor walk).
//
if ( (UINT_PTR) ImageFileHandle & 1 ) {
JustDoSideEffects = TRUE;
}
else {
JustDoSideEffects = FALSE;
}
Status = NtCreateSection(
&Section,
SECTION_MAP_EXECUTE,
NULL,
NULL,
PAGE_EXECUTE,
SEC_COMMIT,
ImageFileHandle
);
if ( !NT_SUCCESS(Status) ) {
return Status;
}
ViewBase = NULL;
ViewSize = 0;
Status = NtMapViewOfSection(
Section,
NtCurrentProcess(),
(PVOID *)&ViewBase,
0L,
0L,
NULL,
&ViewSize,
ViewShare,
0L,
PAGE_EXECUTE
);
if ( !NT_SUCCESS(Status) ) {
NtClose(Section);
return Status;
}
//
// now the image is mapped as a data file... Calculate it's size and then
// check it's checksum
//
Status = NtQueryInformationFile(
ImageFileHandle,
&IoStatusBlock,
&StandardInfo,
sizeof(StandardInfo),
FileStandardInformation
);
if ( !NT_SUCCESS(Status) ) {
NtUnmapViewOfSection(NtCurrentProcess(),ViewBase);
NtClose(Section);
return Status;
}
try {
if ( JustDoSideEffects ) {
b = TRUE;
}
else {
b = LdrVerifyMappedImageMatchesChecksum(ViewBase,StandardInfo.EndOfFile.LowPart);
}
if (b && ARGUMENT_PRESENT( ImportCallbackRoutine )) {
PIMAGE_NT_HEADERS NtHeaders;
PIMAGE_IMPORT_DESCRIPTOR ImportDescriptor;
ULONG ImportSize;
PCHAR ImportName;
//
// Caller wants to enumerate the import descriptors while we have
// the image mapped. Call back to their routine for each module
// name in the import descriptor table.
//
LastRvaSection = NULL;
NtHeaders = RtlImageNtHeader( ViewBase );
if (ARGUMENT_PRESENT( ImageCharacteristics )) {
*ImageCharacteristics = NtHeaders->FileHeader.Characteristics;
}
ImportDescriptor = (PIMAGE_IMPORT_DESCRIPTOR)
RtlImageDirectoryEntryToData( ViewBase,
FALSE,
IMAGE_DIRECTORY_ENTRY_IMPORT,
&ImportSize
);
if (ImportDescriptor != NULL) {
while (ImportDescriptor->Name) {
ImportName = (PSZ)RtlImageRvaToVa( NtHeaders,
ViewBase,
ImportDescriptor->Name,
&LastRvaSection
);
(*ImportCallbackRoutine)( ImportCallbackParameter, ImportName );
ImportDescriptor += 1;
}
}
}
}
except (LdrpGenericExceptionFilter(GetExceptionInformation(), __FUNCTION__)) {
DbgPrintEx(
DPFLTR_LDR_ID,
LDR_ERROR_DPFLTR,
"LDR: %s - caught exception %08lx while checking image checksums\n",
__FUNCTION__,
GetExceptionCode());
NtUnmapViewOfSection(NtCurrentProcess(),ViewBase);
NtClose(Section);
return STATUS_IMAGE_CHECKSUM_MISMATCH;
}
NtUnmapViewOfSection(NtCurrentProcess(),ViewBase);
NtClose(Section);
if ( !b ) {
Status = STATUS_IMAGE_CHECKSUM_MISMATCH;
}
return Status;
}
NTSTATUS
LdrReadMemory(
IN HANDLE Process OPTIONAL,
IN PVOID BaseAddress,
IN OUT PVOID Buffer,
IN SIZE_T Size)
{
NTSTATUS Status = STATUS_SUCCESS;
if (ARGUMENT_PRESENT( Process )) {
SIZE_T nRead;
Status = NtReadVirtualMemory(Process, BaseAddress, Buffer, Size, &nRead);
if (NT_SUCCESS( Status ) && (Size != nRead)) {
Status = STATUS_UNSUCCESSFUL;
}
}
else {
__try {
RtlCopyMemory(Buffer, BaseAddress, Size);
}
__except(LdrpGenericExceptionFilter(GetExceptionInformation(), __FUNCTION__)) {
DbgPrintEx(
DPFLTR_LDR_ID,
LDR_ERROR_DPFLTR,
"LDR: %s - exception %08lx caught while copying %u bytes from %p to %p\n",
__FUNCTION__,
GetExceptionCode(),
BaseAddress,
Buffer);
if (NT_SUCCESS(Status = GetExceptionCode())) {
Status = STATUS_UNSUCCESSFUL;
}
}
}
return Status;
}
NTSTATUS
LdrGetModuleName(
IN HANDLE Process OPTIONAL,
IN PUNICODE_STRING LdrFullDllName,
IN OUT PRTL_PROCESS_MODULE_INFORMATION ModuleInfo,
IN BOOL Wow64Redirect)
{
NTSTATUS Status;
UNICODE_STRING FullDllName;
ANSI_STRING AnsiString;
PCHAR s;
WCHAR Buffer[ LDR_NUMBER_OF(ModuleInfo->FullPathName) + 1];
USHORT Length = (USHORT)min(LdrFullDllName->Length,
sizeof(Buffer) - sizeof(Buffer[0]));
Status = LdrReadMemory(Process,
LdrFullDllName->Buffer,
Buffer,
Length);
if (!NT_SUCCESS( Status )) {
return Status;
}
Buffer[LDR_NUMBER_OF(Buffer) - 1] = UNICODE_NULL; // Ensure NULL termination
#if defined(_WIN64)
if (Wow64Redirect) {
C_ASSERT( WOW64_SYSTEM_DIRECTORY_U_SIZE ==
(sizeof(L"system32") - sizeof(WCHAR)));
// including preceding '\\' if exists
SIZE_T System32Offset = wcslen(USER_SHARED_DATA->NtSystemRoot);
ASSERT(System32Offset != 0);
if (USER_SHARED_DATA->NtSystemRoot[System32Offset - 1] == L'\\') {
--System32Offset;
}
if (!_wcsnicmp(Buffer, USER_SHARED_DATA->NtSystemRoot, System32Offset) &&
!_wcsnicmp(Buffer + System32Offset,
L"\\system32",
WOW64_SYSTEM_DIRECTORY_U_SIZE / sizeof(WCHAR) + 1)) {
RtlCopyMemory(Buffer + System32Offset + 1,
WOW64_SYSTEM_DIRECTORY_U,
WOW64_SYSTEM_DIRECTORY_U_SIZE);
}
}
#endif // defined(_WIN64)
FullDllName.Buffer = Buffer;
FullDllName.Length = FullDllName.MaximumLength = Length;
AnsiString.Buffer = (PCHAR)ModuleInfo->FullPathName;
AnsiString.Length = 0;
AnsiString.MaximumLength = sizeof( ModuleInfo->FullPathName );
RtlUnicodeStringToAnsiString(&AnsiString,
&FullDllName,
FALSE);
s = AnsiString.Buffer + AnsiString.Length;
while (s > AnsiString.Buffer && *--s) {
if (*s == (UCHAR)OBJ_NAME_PATH_SEPARATOR) {
s++;
break;
}
}
ModuleInfo->OffsetToFileName = (USHORT)(s - AnsiString.Buffer);
return STATUS_SUCCESS;
}
NTSTATUS
LdrQueryProcessPeb(
IN HANDLE Process OPTIONAL,
IN OUT PPEB* Peb)
{
NTSTATUS Status;
if (ARGUMENT_PRESENT( Process )) {
PROCESS_BASIC_INFORMATION BasicInfo;
Status = NtQueryInformationProcess(Process,
ProcessBasicInformation,
&BasicInfo, sizeof(BasicInfo),
NULL);
if (NT_SUCCESS( Status )) {
*Peb = BasicInfo.PebBaseAddress;
}
}
else {
*Peb = NtCurrentPeb();
Status = STATUS_SUCCESS;
}
return Status;
}
NTSTATUS
LdrQueryInLoadOrderModuleList(
IN HANDLE Process OPTIONAL,
IN OUT PLIST_ENTRY* Head,
IN OUT PLIST_ENTRY* InInitOrderHead OPTIONAL)
{
NTSTATUS Status = STATUS_SUCCESS;
PPEB Peb;
PPEB_LDR_DATA Ldr;
Status = LdrQueryProcessPeb( Process, &Peb );
if (!NT_SUCCESS( Status )) {
return Status;
}
if (!Peb) {
return STATUS_UNSUCCESSFUL;
}
//
// Ldr = Peb->Ldr
//
Status = LdrReadMemory( Process,
&Peb->Ldr,
&Ldr, sizeof(Ldr));
if (!NT_SUCCESS( Status )) {
return Status;
}
if (!Ldr) {
if (ARGUMENT_PRESENT( Process )) {
*Head = NULL;
return STATUS_SUCCESS;
}
else {
return STATUS_UNSUCCESSFUL;
}
}
*Head = &Ldr->InLoadOrderModuleList;
if (ARGUMENT_PRESENT( InInitOrderHead )) {
*InInitOrderHead = &Ldr->InInitializationOrderModuleList;
}
return Status;
}
NTSTATUS
LdrQueryNextListEntry(
IN HANDLE Process OPTIONAL,
IN PLIST_ENTRY Head,
IN OUT PLIST_ENTRY* Tail)
{
NTSTATUS Status = STATUS_SUCCESS;
Status = LdrReadMemory(Process,
&Head->Flink,
Tail, sizeof(*Tail));
return Status;
}
NTSTATUS
LdrQueryModuleInfoFromLdrEntry(
IN HANDLE Process OPTIONAL,
IN PRTL_PROCESS_MODULES ModuleInformation,
IN OUT PRTL_PROCESS_MODULE_INFORMATION ModuleInfo,
IN PLIST_ENTRY LdrEntry,
IN PLIST_ENTRY InitOrderList)
{
NTSTATUS Status;
PLDR_DATA_TABLE_ENTRY LdrDataTableEntryPtr;
LDR_DATA_TABLE_ENTRY LdrDataTableEntry;
ANSI_STRING AnsiString;
PCHAR s;
LdrDataTableEntryPtr = CONTAINING_RECORD(LdrEntry,
LDR_DATA_TABLE_ENTRY,
InLoadOrderLinks);
Status = LdrReadMemory(Process,
LdrEntry,
&LdrDataTableEntry,
sizeof(LdrDataTableEntry));
if (!NT_SUCCESS( Status )) {
return Status;
}
ModuleInfo->ImageBase = LdrDataTableEntry.DllBase;
ModuleInfo->ImageSize = LdrDataTableEntry.SizeOfImage;
ModuleInfo->Flags = LdrDataTableEntry.Flags;
ModuleInfo->LoadCount = LdrDataTableEntry.LoadCount;
if (!ARGUMENT_PRESENT( Process )) {
UINT LoopDetectorCount = 10240; // 10K modules max
PLIST_ENTRY Next1 = InitOrderList->Flink;
while ( Next1 != InitOrderList ) {
PLDR_DATA_TABLE_ENTRY Entry1 =
CONTAINING_RECORD(Next1,
LDR_DATA_TABLE_ENTRY,
InInitializationOrderLinks);
ModuleInfo->InitOrderIndex++;
if ((LdrDataTableEntryPtr == Entry1) ||
(!LoopDetectorCount--))
{
break;
}
Next1 = Next1->Flink;
}
}
Status = LdrGetModuleName(Process,
&LdrDataTableEntry.FullDllName,
ModuleInfo,
FALSE);
return Status;
}
PRTL_CRITICAL_SECTION
LdrQueryModuleInfoLocalLoaderLock(VOID)
{
PRTL_CRITICAL_SECTION LoaderLock = NULL;
if (!LdrpInLdrInit) {
LoaderLock = &LdrpLoaderLock;
if (LoaderLock != NULL)
RtlEnterCriticalSection(LoaderLock);
}
return LoaderLock;
}
VOID
LdrQueryModuleInfoLocalLoaderUnlock(
IN PRTL_CRITICAL_SECTION LoaderLock)
{
if (LoaderLock) {
RtlLeaveCriticalSection(LoaderLock);
}
}
#if defined(_WIN64)
NTSTATUS
LdrQueryProcessPeb32(
IN HANDLE Process OPTIONAL,
IN OUT PPEB32* Peb)
{
NTSTATUS Status;
Status = NtQueryInformationProcess(ARGUMENT_PRESENT( Process ) ?
Process : NtCurrentProcess(),
ProcessWow64Information,
Peb, sizeof(*Peb),
NULL);
return Status;
}
NTSTATUS
LdrQueryInLoadOrderModuleList32(
IN HANDLE Process OPTIONAL,
IN OUT PLIST_ENTRY32* Head,
IN OUT PLIST_ENTRY32* InInitOrderHead OPTIONAL)
{
NTSTATUS Status = STATUS_SUCCESS;
PPEB32 Peb;
PPEB_LDR_DATA32 Ldr;
ULONG32 Ptr32;
Status = LdrQueryProcessPeb32( Process, &Peb );
if (!NT_SUCCESS( Status )) {
return Status;
}
if (!Peb) {
//
// May be process just don't have 32bit peb
//
*Head = NULL;
return STATUS_SUCCESS;
}
//
// Ldr = Peb->Ldr
//
Status = LdrReadMemory(Process,
&Peb->Ldr,
&Ptr32, sizeof(Ptr32));
if (!NT_SUCCESS( Status )) {
return Status;
}
Ldr = (PPEB_LDR_DATA32)(ULONG_PTR)Ptr32;
if (!Ldr) {
*Head = NULL;
return STATUS_SUCCESS;
}
*Head = &Ldr->InLoadOrderModuleList;
if (ARGUMENT_PRESENT( InInitOrderHead )) {
*InInitOrderHead = &Ldr->InInitializationOrderModuleList;
}
return Status;
}
NTSTATUS
LdrQueryNextListEntry32(
IN HANDLE Process OPTIONAL,
IN PLIST_ENTRY32 Head,
IN OUT PLIST_ENTRY32* Tail)
{
NTSTATUS Status = STATUS_SUCCESS;
ULONG32 Ptr32;
Status = LdrReadMemory(Process,
&Head->Flink,
&Ptr32, sizeof(Ptr32));
*Tail = (PLIST_ENTRY32)(ULONG_PTR)Ptr32;
return Status;
}
NTSTATUS
LdrQueryModuleInfoFromLdrEntry32(
IN HANDLE Process OPTIONAL,
IN PRTL_PROCESS_MODULES ModuleInformation,
IN OUT PRTL_PROCESS_MODULE_INFORMATION ModuleInfo,
IN PLIST_ENTRY32 LdrEntry,
IN PLIST_ENTRY32 InitOrderList)
{
NTSTATUS Status;
PLDR_DATA_TABLE_ENTRY32 LdrDataTableEntryPtr;
LDR_DATA_TABLE_ENTRY32 LdrDataTableEntry;
UNICODE_STRING FullDllName;
LdrDataTableEntryPtr = CONTAINING_RECORD(LdrEntry,
LDR_DATA_TABLE_ENTRY32,
InLoadOrderLinks);
Status = LdrReadMemory(Process,
LdrEntry,
&LdrDataTableEntry,
sizeof(LdrDataTableEntry));
if (!NT_SUCCESS( Status )) {
return Status;
}
ModuleInfo->ImageBase = (PVOID)(ULONG_PTR)
LdrDataTableEntry.DllBase;
ModuleInfo->ImageSize = LdrDataTableEntry.SizeOfImage;
ModuleInfo->Flags = LdrDataTableEntry.Flags;
ModuleInfo->LoadCount = LdrDataTableEntry.LoadCount;
if (!ARGUMENT_PRESENT( Process )) {
UINT LoopDetectorCount = 500;
PLIST_ENTRY32 Next1 = (PLIST_ENTRY32)(ULONG_PTR)
(InitOrderList->Flink);
while ( Next1 != InitOrderList ) {
PLDR_DATA_TABLE_ENTRY32 Entry1 =
CONTAINING_RECORD(Next1,
LDR_DATA_TABLE_ENTRY32,
InInitializationOrderLinks);
ModuleInfo->InitOrderIndex++;
if ((LdrDataTableEntryPtr == Entry1) ||
(!LoopDetectorCount--))
{
break;
}
Next1 = (PLIST_ENTRY32)(ULONG_PTR)(Next1->Flink);
}
}
FullDllName.Buffer = (PWSTR)(ULONG_PTR)LdrDataTableEntry.FullDllName.Buffer;
FullDllName.Length = LdrDataTableEntry.FullDllName.Length;
FullDllName.MaximumLength = LdrDataTableEntry.FullDllName.MaximumLength;
Status = LdrGetModuleName(Process, &FullDllName, ModuleInfo, TRUE);
return Status;
}
PRTL_CRITICAL_SECTION32
LdrQueryModuleInfoLocalLoaderLock32(VOID)
{
return NULL;
}
VOID
LdrQueryModuleInfoLocalLoaderUnlock32(
PRTL_CRITICAL_SECTION32 LoaderLock)
{
}
#endif // defined(_WIN64)
typedef
NTSTATUS
(*PLDR_QUERY_IN_LOAD_ORDER_MODULE_LIST)(
IN HANDLE Process OPTIONAL,
IN OUT PLIST_ENTRY* Head,
IN OUT PLIST_ENTRY* InInitOrderHead OPTIONAL);
typedef NTSTATUS
(*PLDR_QUERY_NEXT_LIST_ENTRY)(
IN HANDLE Process OPTIONAL,
IN PLIST_ENTRY Head,
IN OUT PLIST_ENTRY* Tail);
typedef
NTSTATUS
(*PLDR_QUERY_MODULE_INFO_FROM_LDR_ENTRY)(
IN HANDLE Process OPTIONAL,
IN PRTL_PROCESS_MODULES ModuleInformation,
IN OUT PRTL_PROCESS_MODULE_INFORMATION ModuleInfo,
IN PLIST_ENTRY LdrEntry,
IN PLIST_ENTRY InitOrderList);
typedef
PRTL_CRITICAL_SECTION
(*PLDR_QUERY_MODULE_INFO_LOCAL_LOADER_LOCK)(VOID);
typedef
VOID
(*PLDR_QUERY_MODULE_INFO_LOCAL_LOADER_UNLOCK)(PRTL_CRITICAL_SECTION);
static struct {
PLDR_QUERY_IN_LOAD_ORDER_MODULE_LIST LdrQueryInLoadOrderModuleList;
PLDR_QUERY_NEXT_LIST_ENTRY LdrQueryNextListEntry;
PLDR_QUERY_MODULE_INFO_FROM_LDR_ENTRY LdrQueryModuleInfoFromLdrEntry;
PLDR_QUERY_MODULE_INFO_LOCAL_LOADER_LOCK LdrQueryModuleInfoLocalLoaderLock;
PLDR_QUERY_MODULE_INFO_LOCAL_LOADER_UNLOCK LdrQueryModuleInfoLocalLoaderUnlock;
} LdrQueryMethods[] = {
{
LdrQueryInLoadOrderModuleList,
LdrQueryNextListEntry,
LdrQueryModuleInfoFromLdrEntry,
LdrQueryModuleInfoLocalLoaderLock,
LdrQueryModuleInfoLocalLoaderUnlock
}
#if defined(_WIN64)
,
{
(PLDR_QUERY_IN_LOAD_ORDER_MODULE_LIST)LdrQueryInLoadOrderModuleList32,
(PLDR_QUERY_NEXT_LIST_ENTRY)LdrQueryNextListEntry32,
(PLDR_QUERY_MODULE_INFO_FROM_LDR_ENTRY)LdrQueryModuleInfoFromLdrEntry32,
(PLDR_QUERY_MODULE_INFO_LOCAL_LOADER_LOCK)LdrQueryModuleInfoLocalLoaderLock32,
(PLDR_QUERY_MODULE_INFO_LOCAL_LOADER_UNLOCK)LdrQueryModuleInfoLocalLoaderUnlock32
}
#endif defined(_WIN64)
};
NTSTATUS
LdrQueryProcessModuleInformationEx(
IN HANDLE Process OPTIONAL,
IN ULONG_PTR Flags OPTIONAL,
OUT PRTL_PROCESS_MODULES ModuleInformation,
IN ULONG ModuleInformationLength,
OUT PULONG ReturnLength OPTIONAL)
{
NTSTATUS Status = STATUS_UNSUCCESSFUL;
PRTL_CRITICAL_SECTION LoaderLock = NULL;
SIZE_T mid;
ULONG RequiredLength = FIELD_OFFSET( RTL_PROCESS_MODULES, Modules );
PLIST_ENTRY List;
PLIST_ENTRY InInitOrderList;
PRTL_PROCESS_MODULE_INFORMATION ModuleInfo;
if (ModuleInformationLength < RequiredLength) {
Status = STATUS_INFO_LENGTH_MISMATCH;
ModuleInfo = NULL;
}
else {
ModuleInformation->NumberOfModules = 0;
ModuleInfo = &ModuleInformation->Modules[ 0 ];
Status = STATUS_SUCCESS;
}
for (mid = 0;
mid < (ARGUMENT_PRESENT( Flags ) ? LDR_NUMBER_OF(LdrQueryMethods) : 1);
++mid)
{
NTSTATUS Status1;
PLIST_ENTRY Entry;
__try {
UINT LoopDetectorCount = 10240; // allow not more than 10K modules
if ( !ARGUMENT_PRESENT( Process )) {
LoaderLock = LdrQueryMethods[mid].LdrQueryModuleInfoLocalLoaderLock();
}
Status1 = LdrQueryMethods[mid].LdrQueryInLoadOrderModuleList(Process, &List, &InInitOrderList);
if (!NT_SUCCESS( Status1 )) {
return Status1;
}
if (!List) {
return Status;
}
Status1 = LdrQueryMethods[mid].LdrQueryNextListEntry(Process,
List,
&Entry);
if (!NT_SUCCESS( Status1 )) {
return Status1;
}
while (Entry != List) {
if (!LoopDetectorCount--) {
return STATUS_FAIL_CHECK;
}
RequiredLength += sizeof( RTL_PROCESS_MODULE_INFORMATION );
if (ModuleInformationLength < RequiredLength) {
Status = STATUS_INFO_LENGTH_MISMATCH;
}
else {
Status1 = LdrQueryMethods[mid].LdrQueryModuleInfoFromLdrEntry(Process,
ModuleInformation,
ModuleInfo,
Entry, InInitOrderList);
if (!NT_SUCCESS( Status1 )) {
return Status1;
}
ModuleInfo++;
}
if (ModuleInformation != NULL) {
ModuleInformation->NumberOfModules++;
}
Status1 = LdrQueryMethods[mid].LdrQueryNextListEntry(Process,
Entry,
&Entry);
if (!NT_SUCCESS( Status1 )) {
return Status1;
}
} // while
}
__finally {
if (LoaderLock) {
LdrQueryMethods[mid].LdrQueryModuleInfoLocalLoaderUnlock(LoaderLock);
}
if (ARGUMENT_PRESENT( ReturnLength )) {
*ReturnLength = RequiredLength;
}
}
} // for
return Status;
}
NTSTATUS
LdrQueryProcessModuleInformation(
OUT PRTL_PROCESS_MODULES ModuleInformation,
IN ULONG ModuleInformationLength,
OUT PULONG ReturnLength OPTIONAL)
{
return LdrQueryProcessModuleInformationEx(NULL,
0,
ModuleInformation,
ModuleInformationLength,
ReturnLength);
}
#if defined(MIPS)
VOID
LdrProcessStarterHelper(
IN PPROCESS_STARTER_ROUTINE ProcessStarter,
IN PVOID RealStartAddress
)
/*++
Routine Description:
This function is used to call the code that calls the initial entry point
of a win32 process. On all other platforms, this wrapper is not used since
they can cope with a process entrypoint being in kernel32 prior to it being
mapped.
Arguments:
ProcessStarter - Supplies the address of the function in Kernel32 that ends up
calling the real process entrypoint
RealStartAddress - Supplies the real start address of the process
.
Return Value:
None.
--*/
{
(ProcessStarter)(RealStartAddress);
NtTerminateProcess(NtCurrentProcess(),0);
}
#endif
NTSTATUS
NTAPI
LdrRegisterDllNotification(
ULONG Flags,
PLDR_DLL_NOTIFICATION_FUNCTION NotificationFunction,
PVOID Context,
PVOID *Cookie
)
{
NTSTATUS Status = STATUS_SUCCESS;
PLDRP_DLL_NOTIFICATION_BLOCK NotificationBlock = NULL;
BOOLEAN HoldingLoaderLock = FALSE;
const BOOLEAN InLdrInit = LdrpInLdrInit;
PVOID LockCookie = NULL;
__try {
if (Cookie != NULL)
*Cookie = NULL;
if ((Flags != 0) ||
(Cookie == NULL) ||
(NotificationFunction == NULL)) {
Status = STATUS_INVALID_PARAMETER;
goto Exit;
}
NotificationBlock = (PLDRP_DLL_NOTIFICATION_BLOCK)
RtlAllocateHeap(RtlProcessHeap(), 0, sizeof(LDRP_DLL_NOTIFICATION_BLOCK));
if (NotificationBlock == NULL) {
Status = STATUS_NO_MEMORY;
goto Exit;
}
NotificationBlock->NotificationFunction = NotificationFunction;
NotificationBlock->Context = Context;
if (!InLdrInit) {
__try {
Status = LdrLockLoaderLock(0, NULL, &LockCookie);
if (!NT_SUCCESS(Status))
goto Exit;
HoldingLoaderLock = TRUE;
} __except (LdrpGenericExceptionFilter(GetExceptionInformation(), __FUNCTION__)) {
Status = GetExceptionCode();
goto Exit;
}
}
InsertTailList(&LdrpDllNotificationList, &NotificationBlock->Links);
*Cookie = (PVOID) NotificationBlock;
NotificationBlock = NULL;
Status = STATUS_SUCCESS;
Exit:
;
} __finally {
if (HoldingLoaderLock) {
LdrUnlockLoaderLock(LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS, LockCookie);
HoldingLoaderLock = FALSE;
}
if (NotificationBlock != NULL)
RtlFreeHeap(RtlProcessHeap(), 0, NotificationBlock);
}
return Status;
}
NTSTATUS
NTAPI
LdrUnregisterDllNotification(
PVOID Cookie
)
{
PLDRP_DLL_NOTIFICATION_BLOCK NotificationBlock = NULL;
NTSTATUS Status = STATUS_SUCCESS;
BOOLEAN HoldingLoaderLock = FALSE;
const BOOLEAN InLdrInit = LdrpInLdrInit;
PVOID LockCookie = NULL;
__try {
if (Cookie == NULL
) {
Status = STATUS_INVALID_PARAMETER;
goto Exit;
}
if (!InLdrInit) {
__try {
Status = LdrLockLoaderLock(0, NULL, &LockCookie);
if (!NT_SUCCESS(Status))
goto Exit;
HoldingLoaderLock = TRUE;
} __except (LdrpGenericExceptionFilter(GetExceptionInformation(), __FUNCTION__)) {
Status = GetExceptionCode();
goto Exit;
}
}
NotificationBlock = CONTAINING_RECORD(LdrpDllNotificationList.Flink, LDRP_DLL_NOTIFICATION_BLOCK, Links);
while (&NotificationBlock->Links != &LdrpDllNotificationList) {
if (NotificationBlock == Cookie)
break;
NotificationBlock = CONTAINING_RECORD(NotificationBlock->Links.Flink, LDRP_DLL_NOTIFICATION_BLOCK, Links);
}
if (&NotificationBlock->Links != &LdrpDllNotificationList) {
RemoveEntryList(&NotificationBlock->Links);
RtlFreeHeap(RtlProcessHeap(), 0, NotificationBlock);
Status = STATUS_SUCCESS;
} else {
Status = STATUS_NOT_FOUND;
}
Exit:
;
} __finally {
if (HoldingLoaderLock) {
LdrUnlockLoaderLock(LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS, LockCookie);
HoldingLoaderLock = FALSE;
}
}
return Status;
}
VOID
LdrpSendDllUnloadedNotifications(
PLDR_DATA_TABLE_ENTRY Entry,
ULONG Flags
)
{
PLIST_ENTRY Next;
LDR_DLL_NOTIFICATION_DATA Data;
Data.Unloaded.Flags = Flags;
Data.Unloaded.FullDllName = &Entry->FullDllName;
Data.Unloaded.BaseDllName = &Entry->BaseDllName;
Data.Unloaded.DllBase = Entry->DllBase;
Data.Unloaded.SizeOfImage = Entry->SizeOfImage;
Next = LdrpDllNotificationList.Flink;
while (Next != &LdrpDllNotificationList) {
PLDRP_DLL_NOTIFICATION_BLOCK Block = CONTAINING_RECORD(Next, LDRP_DLL_NOTIFICATION_BLOCK, Links);
__try {
(*Block->NotificationFunction)(LDR_DLL_NOTIFICATION_REASON_UNLOADED, &Data, Block->Context);
} __except (LdrpGenericExceptionFilter(GetExceptionInformation(), __FUNCTION__)) {
// just go on to the next one...
}
Next = Next->Flink;
}
}
VOID
LdrpSendDllLoadedNotifications(
PLDR_DATA_TABLE_ENTRY Entry,
ULONG Flags
)
{
PLIST_ENTRY Next;
LDR_DLL_NOTIFICATION_DATA Data;
Data.Loaded.Flags = Flags;
Data.Loaded.FullDllName = &Entry->FullDllName;
Data.Loaded.BaseDllName = &Entry->BaseDllName;
Data.Loaded.DllBase = Entry->DllBase;
Data.Loaded.SizeOfImage = Entry->SizeOfImage;
Next = LdrpDllNotificationList.Flink;
while (Next != &LdrpDllNotificationList) {
PLDRP_DLL_NOTIFICATION_BLOCK Block = CONTAINING_RECORD(Next, LDRP_DLL_NOTIFICATION_BLOCK, Links);
__try {
(*Block->NotificationFunction)(LDR_DLL_NOTIFICATION_REASON_LOADED, &Data, Block->Context);
} __except (LdrpGenericExceptionFilter(GetExceptionInformation(), __FUNCTION__)) {
// just go on to the next one...
}
Next = Next->Flink;
}
}
BOOLEAN
NTAPI
RtlDllShutdownInProgress (
VOID
)
/*++
Routine Description:
This routine returns the status of DLL shutdown.
Arguments:
None
Return Value:
BOOLEAN - TRUE: Shutdown is in progress, FALSE: Shutdown is not currently in progress.
--*/
{
if (LdrpShutdownInProgress) {
return TRUE;
} else {
return FALSE;
}
}
NTSTATUS
NTAPI
LdrLockLoaderLock(
ULONG Flags,
ULONG *Disposition,
PVOID *Cookie
)
{
NTSTATUS Status;
PRTL_CRITICAL_SECTION LoaderLock;
const BOOLEAN InLdrInit = LdrpInLdrInit;
if (Disposition != NULL)
*Disposition = LDR_LOCK_LOADER_LOCK_DISPOSITION_INVALID;
if (Cookie != NULL)
*Cookie = NULL;
if ((Flags & ~(LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY | LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS)) != 0) {
if (Flags & LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS)
RtlRaiseStatus(STATUS_INVALID_PARAMETER_1);
Status = STATUS_INVALID_PARAMETER_1;
goto Exit;
}
if (Cookie == NULL) {
if (Flags & LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS)
RtlRaiseStatus(STATUS_INVALID_PARAMETER_3);
Status = STATUS_INVALID_PARAMETER_3;
goto Exit;
}
// If you hit this assertion failure, you specified that you only wanted to
// try acquiring the lock, but you forgot to specify a Disposition out where
// this function could indicate whether the lock was actually acquired.
ASSERT((Disposition != NULL) || !(Flags & LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY));
if ((Flags & LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY) &&
(Disposition == NULL)) {
if (Flags & LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS)
RtlRaiseStatus(STATUS_INVALID_PARAMETER_2);
Status = STATUS_INVALID_PARAMETER_2;
goto Exit;
}
if (InLdrInit) {
Status = STATUS_SUCCESS;
goto Exit;
}
if (Flags & LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS) {
if (Flags & LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY) {
if (RtlTryEnterCriticalSection(&LdrpLoaderLock)) {
*Cookie = (PVOID) MAKE_LOADER_LOCK_COOKIE(LOADER_LOCK_COOKIE_TYPE_NORMAL, InterlockedIncrement(&LdrpLoaderLockAcquisitionCount));
*Disposition = LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED;
} else {
*Disposition = LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_NOT_ACQUIRED;
}
} else {
RtlEnterCriticalSection(&LdrpLoaderLock);
if (Disposition != NULL) {
*Disposition = LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED;
}
*Cookie = (PVOID) MAKE_LOADER_LOCK_COOKIE(LOADER_LOCK_COOKIE_TYPE_NORMAL, InterlockedIncrement(&LdrpLoaderLockAcquisitionCount));
}
} else {
__try {
if (Flags & LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY) {
if (RtlTryEnterCriticalSection(&LdrpLoaderLock)) {
*Disposition = LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED;
*Cookie = (PVOID) MAKE_LOADER_LOCK_COOKIE(LOADER_LOCK_COOKIE_TYPE_NORMAL, InterlockedIncrement(&LdrpLoaderLockAcquisitionCount));
} else {
*Disposition = LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_NOT_ACQUIRED;
}
} else {
RtlEnterCriticalSection(&LdrpLoaderLock);
if (Disposition != NULL) {
*Disposition = LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED;
}
*Cookie = (PVOID) MAKE_LOADER_LOCK_COOKIE(LOADER_LOCK_COOKIE_TYPE_NORMAL, InterlockedIncrement(&LdrpLoaderLockAcquisitionCount));
}
} __except (LdrpGenericExceptionFilter(GetExceptionInformation(), __FUNCTION__)) {
Status = GetExceptionCode();
DbgPrintEx(
DPFLTR_LDR_ID,
LDR_ERROR_DPFLTR,
"LDR: %s - Caught exception %08lx\n",
__FUNCTION__,
Status);
goto Exit;
}
}
Status = STATUS_SUCCESS;
Exit:
return Status;
}
NTSTATUS
NTAPI
LdrUnlockLoaderLock(
ULONG Flags,
PVOID CookieIn
)
{
NTSTATUS Status;
const ULONG_PTR Cookie = (ULONG_PTR) CookieIn;
if ((Flags & ~(LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS)) != 0) {
if (Flags & LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS)
RtlRaiseStatus(STATUS_INVALID_PARAMETER_1);
Status = STATUS_INVALID_PARAMETER_1;
goto Exit;
}
if (CookieIn == NULL) {
Status = STATUS_SUCCESS;
goto Exit;
}
// A little validation on the cookie...
if (EXTRACT_LOADER_LOCK_COOKIE_TYPE(Cookie) != LOADER_LOCK_COOKIE_TYPE_NORMAL) {
if (Flags & LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS)
RtlRaiseStatus(STATUS_INVALID_PARAMETER_2);
Status = STATUS_INVALID_PARAMETER_2;
goto Exit;
}
if (EXTRACT_LOADER_LOCK_COOKIE_TID(Cookie) != (HandleToUlong(NtCurrentTeb()->ClientId.UniqueThread) & LOADER_LOCK_COOKIE_TID_BIT_MASK)) {
if (Flags & LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS)
RtlRaiseStatus(STATUS_INVALID_PARAMETER_2);
Status = STATUS_INVALID_PARAMETER_2;
goto Exit;
}
if (Flags & LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS) {
RtlLeaveCriticalSection(&LdrpLoaderLock);
} else {
__try {
RtlLeaveCriticalSection(&LdrpLoaderLock);
} __except (LdrpGenericExceptionFilter(GetExceptionInformation(), __FUNCTION__)) {
Status = GetExceptionCode();
goto Exit;
}
}
Status = STATUS_SUCCESS;
Exit:
return Status;
}
NTSTATUS
NTAPI
LdrDoesCurrentThreadOwnLoaderLock(
BOOLEAN *DoesOwnLock
)
{
NTSTATUS Status;
PTEB Teb;
if (DoesOwnLock != NULL)
*DoesOwnLock = FALSE;
if (DoesOwnLock == NULL) {
Status = STATUS_INVALID_PARAMETER;
goto Exit;
}
Teb = NtCurrentTeb();
if (LdrpLoaderLock.OwningThread == Teb->ClientId.UniqueThread)
*DoesOwnLock = TRUE;
Status = STATUS_SUCCESS;
Exit:
return Status;
}
NTSTATUS
NTAPI
LdrEnumerateLoadedModules(
ULONG Flags,
PLDR_LOADED_MODULE_ENUMERATION_CALLBACK_FUNCTION CallbackFunction,
PVOID Context
)
{
NTSTATUS Status;
BOOLEAN LoaderLockLocked = FALSE;
PLIST_ENTRY LoadOrderListHead = NULL;
PLIST_ENTRY ListEntry;
BOOLEAN StopEnumeration = FALSE;
PVOID LockCookie = NULL;
if ((Flags != 0) ||
(CallbackFunction == NULL)) {
Status = STATUS_INVALID_PARAMETER;
goto Exit;
}
Status = LdrLockLoaderLock(0, NULL, &LockCookie);
if (!NT_SUCCESS(Status))
goto Exit;
LoaderLockLocked = TRUE;
LoadOrderListHead = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
ListEntry = LoadOrderListHead->Flink;
while (ListEntry != LoadOrderListHead) {
__try {
(*CallbackFunction)(
CONTAINING_RECORD(ListEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks),
Context,
&StopEnumeration);
} __except (LdrpGenericExceptionFilter(GetExceptionInformation(), __FUNCTION__)) {
Status = GetExceptionCode();
goto Exit;
}
if (StopEnumeration)
break;
ListEntry = ListEntry->Flink;
}
Status = LdrUnlockLoaderLock(0, LockCookie);
LoaderLockLocked = FALSE;
if (!NT_SUCCESS(Status))
goto Exit;
Status = STATUS_SUCCESS;
Exit:
if (LoaderLockLocked) {
NTSTATUS Status2 = LdrUnlockLoaderLock(0, LockCookie);
ASSERT(NT_SUCCESS(Status2));
}
return Status;
}
NTSTATUS
NTAPI
LdrAddRefDll(
ULONG Flags,
PVOID DllHandle
)
{
NTSTATUS Status = STATUS_SUCCESS;
PLDR_DATA_TABLE_ENTRY LdrDataTableEntry = NULL;
const BOOLEAN InLdrInit = LdrpInLdrInit;
PVOID LockCookie = NULL;
BOOLEAN HoldingLoaderLock = FALSE;
const ULONG ValidFlags = LDR_ADDREF_DLL_PIN;
__try {
if (Flags & ~ValidFlags
) {
Status = STATUS_INVALID_PARAMETER;
goto Exit;
}
if (!InLdrInit
) {
Status = LdrLockLoaderLock(0, NULL, &LockCookie);
if (!NT_SUCCESS(Status))
goto Exit;
HoldingLoaderLock = TRUE;
}
if (!LdrpCheckForLoadedDllHandle(DllHandle, &LdrDataTableEntry)
) {
Status = STATUS_INVALID_PARAMETER;
goto Exit;
}
if (!RTL_SOFT_VERIFY(LdrDataTableEntry != NULL)
) {
Status = STATUS_INTERNAL_ERROR;
goto Exit;
}
//
// Gross. Everyone inlines the first part..
//
if (LdrDataTableEntry->LoadCount != 0xffff) {
if (Flags & LDR_ADDREF_DLL_PIN
) {
LdrDataTableEntry->LoadCount = 0xffff;
LdrpPinLoadedDll(LdrDataTableEntry);
} else {
LdrDataTableEntry->LoadCount++;
LdrpReferenceLoadedDll(LdrDataTableEntry);
}
LdrpClearLoadInProgress();
}
Exit:
if (LdrpShouldDbgPrintStatus(Status)
) {
DbgPrint("LDR: "__FUNCTION__"(%p) 0x%08lx\n", DllHandle, Status);
}
} __finally {
if (HoldingLoaderLock) {
LdrUnlockLoaderLock(LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS, LockCookie);
HoldingLoaderLock = FALSE;
}
}
return Status;
}
VOID
NTAPI
LdrSetDllManifestProber(
IN PLDR_MANIFEST_PROBER_ROUTINE ManifestProberRoutine
)
{
LdrpManifestProberRoutine = ManifestProberRoutine;
}
NTSTATUS
NTAPI
LdrSetAppCompatDllRedirectionCallback(
IN ULONG Flags,
IN PLDR_APP_COMPAT_DLL_REDIRECTION_CALLBACK_FUNCTION CallbackFunction,
IN PVOID CallbackData
)
/*++
Routine Description:
This routine allows the application compatibility facility to set a callback
function that it can use to redirect DLL loads wherever it wants them to go.
Arguments:
Flags - None defined now; must be zero.
CallbackFunction - Function pointer to function which is called to resolve
path names prior to actually loading the DLL.
CallbackData - PVOID value passed through to the CallbackFunction when it is
called.
Return Value:
NTSTATUS indicating the success/failure of the function.
--*/
{
NTSTATUS st = STATUS_INTERNAL_ERROR;
PVOID LockCookie = NULL;
if (Flags != 0) {
st = STATUS_INVALID_PARAMETER;
goto Exit;
}
LdrLockLoaderLock(LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS, NULL, &LockCookie);
__try {
LdrpAppCompatDllRedirectionCallbackFunction = CallbackFunction;
LdrpAppCompatDllRedirectionCallbackData = CallbackData;
} __finally {
LdrUnlockLoaderLock(LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS, LockCookie);
}
st = STATUS_SUCCESS;
Exit:
return st;
}
PTEB LdrpTopLevelDllBeingLoadedTeb=NULL;
BOOLEAN
RtlIsThreadWithinLoaderCallout (
VOID
)
{
if (LdrpTopLevelDllBeingLoadedTeb == NtCurrentTeb ()) {
return TRUE;
} else {
return FALSE;
}
}
Reference in a new issue View git blame Copy permalink