archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/termsrv/tsappcmp/register.c

1457 lines
38 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1998 Microsoft Corporation
  5. Module Name:
  7. register.c
  9. Abstract:
  11. Terminal server register command support functions
  13. Author:
  16. Revision History:
  18. --*/
  21. #include "precomp.h"
  22. #pragma hdrstop
  24. //
  25. // Terminal Server 4.0 has a feature that allows DLL's to be registered SYSTEM
  26. // global. This means all named objects are in the system name space. Such
  27. // a DLL is identified by a bit set in LoaderFlags in the image header.
  28. //
  29. // This module supports this feature by redirecting WIN32 named object API's
  30. // for DLL's with this bit set to a set of functions inside of
  31. // tsappcmp.dll. These stub functions will process the object name and
  32. // call the real kernel32.dll WIN32 functions.
  33. //
  34. // The redirection is accomplished by updating the Import Address Table (IAT)
  35. // after the loader has snapped its thunks. This results in no modification
  36. // of the underlying program or DLL, just updating of the run time system
  37. // linkage table for this process.
  38. //
  39. // ***This only occurs on Terminal Server, and for applications or DLL's
  40. // with this bit set***
  41. //
  44. // \nt\public\sdk\inc\ntimage.h
  45. // GlobalFlags in image, currently not used
  46. #define IMAGE_LOADER_FLAGS_SYSTEM_GLOBAL 0x01000000
  48. #define GLOBALPATHA "Global\\"
  49. #define GLOBALPATHW L"Global\\"
  50. #define GLOBALPATHSIZE 7 * sizeof( WCHAR );
  53. extern DWORD g_dwFlags;
  55. enum {
  56. Index_Func_CreateEventA = 0,
  57. Index_Func_CreateEventW,
  58. Index_Func_OpenEventA,
  59. Index_Func_OpenEventW,
  60. Index_Func_CreateSemaphoreA,
  61. Index_Func_CreateSemaphoreW,
  62. Index_Func_OpenSemaphoreA,
  63. Index_Func_OpenSemaphoreW,
  64. Index_Func_CreateMutexA,
  65. Index_Func_CreateMutexW,
  66. Index_Func_OpenMutexA,
  67. Index_Func_OpenMutexW,
  68. Index_Func_CreateFileMappingA,
  69. Index_Func_CreateFileMappingW,
  70. Index_Func_OpenFileMappingA,
  71. Index_Func_OpenFileMappingW
  72. };
  74. enum {
  75. Index_Func_LoadLibraryA = 0,
  76. Index_Func_LoadLibraryW ,
  77. Index_Func_LoadLibraryExA ,
  78. Index_Func_LoadLibraryExW
  79. };
  81. typedef struct _LDR_TABLE {
  82. struct _LDR_TABLE *pNext;
  83. PLDR_DATA_TABLE_ENTRY pItem;
  84. } LDR_TABLE;
  86. LDR_TABLE g_LDR_TABLE_LIST_HEAD;
  88. typedef HANDLE ( APIENTRY Func_CreateEventA )( LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCSTR lpName );
  90. HANDLE
  91. APIENTRY
  92. TCreateEventA(
  93. LPSECURITY_ATTRIBUTES lpEventAttributes,
  94. BOOL bManualReset,
  95. BOOL bInitialState,
  96. LPCSTR lpName
  97. );
  99. typedef HANDLE ( APIENTRY Func_CreateEventW) ( LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCWSTR lpName );
  101. HANDLE
  102. APIENTRY
  103. TCreateEventW(
  104. LPSECURITY_ATTRIBUTES lpEventAttributes,
  105. BOOL bManualReset,
  106. BOOL bInitialState,
  107. LPCWSTR lpName
  108. );
  110. typedef HANDLE ( APIENTRY Func_OpenEventA) ( DWORD dwDesiredAccess, BOOL bInheritHandle, LPCSTR lpName );
  112. HANDLE
  113. APIENTRY
  114. TOpenEventA(
  115. DWORD dwDesiredAccess,
  116. BOOL bInheritHandle,
  117. LPCSTR lpName
  118. );
  120. typedef HANDLE ( APIENTRY Func_OpenEventW ) ( DWORD dwDesiredAccess, BOOL bInheritHandle, LPCWSTR lpName );
  122. HANDLE
  123. APIENTRY
  124. TOpenEventW(
  125. DWORD dwDesiredAccess,
  126. BOOL bInheritHandle,
  127. LPCWSTR lpName
  128. );
  130. typedef HANDLE ( APIENTRY Func_CreateSemaphoreA) ( LPSECURITY_ATTRIBUTES lpSemaphoreAttributes, LONG lInitialCount, LONG lMaximumCount, LPCSTR lpName );
  132. HANDLE
  133. APIENTRY
  134. TCreateSemaphoreA(
  135. LPSECURITY_ATTRIBUTES lpSemaphoreAttributes,
  136. LONG lInitialCount,
  137. LONG lMaximumCount,
  138. LPCSTR lpName
  139. );
  141. typedef HANDLE ( APIENTRY Func_CreateSemaphoreW) ( LPSECURITY_ATTRIBUTES lpSemaphoreAttributes, LONG lInitialCount, LONG lMaximumCount, LPCWSTR lpName ) ;
  143. HANDLE
  144. APIENTRY
  145. TCreateSemaphoreW(
  146. LPSECURITY_ATTRIBUTES lpSemaphoreAttributes,
  147. LONG lInitialCount,
  148. LONG lMaximumCount,
  149. LPCWSTR lpName
  150. ) ;
  152. typedef HANDLE ( APIENTRY Func_OpenSemaphoreA) ( DWORD dwDesiredAccess, BOOL bInheritHandle, LPCSTR lpName );
  154. HANDLE
  155. APIENTRY
  156. TOpenSemaphoreA(
  157. DWORD dwDesiredAccess,
  158. BOOL bInheritHandle,
  159. LPCSTR lpName
  160. );
  162. typedef HANDLE ( APIENTRY Func_OpenSemaphoreW ) ( DWORD dwDesiredAccess, BOOL bInheritHandle, LPCWSTR lpName );
  164. HANDLE
  165. APIENTRY
  166. TOpenSemaphoreW(
  167. DWORD dwDesiredAccess,
  168. BOOL bInheritHandle,
  169. LPCWSTR lpName
  170. );
  172. typedef HANDLE ( APIENTRY Func_CreateMutexA ) ( LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCSTR lpName );
  174. HANDLE
  175. APIENTRY
  176. TCreateMutexA(
  177. LPSECURITY_ATTRIBUTES lpMutexAttributes,
  178. BOOL bInitialOwner,
  179. LPCSTR lpName
  180. );
  183. typedef HANDLE ( APIENTRY Func_CreateMutexW) ( LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCWSTR lpName );
  185. HANDLE
  186. APIENTRY
  187. TCreateMutexW(
  188. LPSECURITY_ATTRIBUTES lpMutexAttributes,
  189. BOOL bInitialOwner,
  190. LPCWSTR lpName
  191. );
  194. typedef HANDLE ( APIENTRY Func_OpenMutexA ) ( DWORD dwDesiredAccess, BOOL bInheritHandle, LPCSTR lpName );
  196. HANDLE
  197. APIENTRY
  198. TOpenMutexA(
  199. DWORD dwDesiredAccess,
  200. BOOL bInheritHandle,
  201. LPCSTR lpName
  202. );
  204. typedef HANDLE ( APIENTRY Func_OpenMutexW) ( DWORD dwDesiredAccess, BOOL bInheritHandle, LPCWSTR lpName );
  206. HANDLE
  207. APIENTRY
  208. TOpenMutexW(
  209. DWORD dwDesiredAccess,
  210. BOOL bInheritHandle,
  211. LPCWSTR lpName
  212. );
  214. typedef HANDLE ( APIENTRY Func_CreateFileMappingA) ( HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCSTR lpName );
  216. HANDLE
  217. APIENTRY
  218. TCreateFileMappingA(
  219. HANDLE hFile,
  220. LPSECURITY_ATTRIBUTES lpFileMappingAttributes,
  221. DWORD flProtect,
  222. DWORD dwMaximumSizeHigh,
  223. DWORD dwMaximumSizeLow,
  224. LPCSTR lpName
  225. );
  228. typedef HANDLE ( APIENTRY Func_CreateFileMappingW ) ( HANDLE hFile, LPSECURITY_ATTRIBUTES lpFileMappingAttributes, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, LPCWSTR lpName );
  230. HANDLE
  231. APIENTRY
  232. TCreateFileMappingW(
  233. HANDLE hFile,
  234. LPSECURITY_ATTRIBUTES lpFileMappingAttributes,
  235. DWORD flProtect,
  236. DWORD dwMaximumSizeHigh,
  237. DWORD dwMaximumSizeLow,
  238. LPCWSTR lpName
  239. );
  241. typedef HANDLE ( APIENTRY Func_OpenFileMappingA ) ( DWORD dwDesiredAccess, BOOL bInheritHandle, LPCSTR lpName ) ;
  243. HANDLE
  244. APIENTRY
  245. TOpenFileMappingA(
  246. DWORD dwDesiredAccess,
  247. BOOL bInheritHandle,
  248. LPCSTR lpName
  249. ) ;
  251. typedef HANDLE ( APIENTRY Func_OpenFileMappingW ) ( DWORD dwDesiredAccess, BOOL bInheritHandle, LPCWSTR lpName );
  253. HANDLE
  254. APIENTRY
  255. TOpenFileMappingW(
  256. DWORD dwDesiredAccess,
  257. BOOL bInheritHandle,
  258. LPCWSTR lpName
  259. ) ;
  261. typedef HMODULE ( WINAPI Func_LoadLibraryExA )(LPCSTR , HANDLE , DWORD );
  263. HMODULE
  264. TLoadLibraryExA(
  265. LPCSTR lpLibFileName,
  266. HANDLE hFile,
  267. DWORD dwFlags
  268. );
  271. typedef HMODULE ( WINAPI Func_LoadLibraryExW )( LPCWSTR , HANDLE , DWORD );
  273. HMODULE
  274. TLoadLibraryExW(
  275. LPCWSTR lpwLibFileName,
  276. HANDLE hFile,
  277. DWORD dwFlags
  278. );
  280. typedef HMODULE ( WINAPI Func_LoadLibraryA )( LPCSTR );
  282. HMODULE
  283. TLoadLibraryA(
  284. LPCSTR lpLibFileName
  285. );
  287. typedef HMODULE ( WINAPI Func_LoadLibraryW )( LPCWSTR );
  289. HMODULE
  290. TLoadLibraryW(
  291. LPCWSTR lpwLibFileName
  292. ) ;
  294. typedef struct _TSAPPCMP_API_HOOK_TABLE
  295. {
  296. PVOID orig; // original API to hook
  297. PVOID hook; // new hook for that API
  298. WCHAR name[ 22 * sizeof( WCHAR ) ]; // longest func name
  299. } TSAPPCMP_API_HOOK_TABLE, PTSAPPCMP_API_HOOK_TABLE;
  301. #define NUM_OF_OBJECT_NAME_FUNCS_TO_HOOK 16
  303. TSAPPCMP_API_HOOK_TABLE ObjectNameFuncsToHook[ NUM_OF_OBJECT_NAME_FUNCS_TO_HOOK ] =
  304. {
  305. {NULL, TCreateEventA, L"TCreateEventA" },
  306. {NULL, TCreateEventW, L"TCreateEventW" },
  307. {NULL, TOpenEventA, L"TOpenEventA" },
  308. {NULL, TOpenEventW, L"TOpenEventW" },
  309. {NULL, TCreateSemaphoreA, L"TCreateSemaphoreA" },
  310. {NULL, TCreateSemaphoreW, L"TCreateSemaphoreW" },
  311. {NULL, TOpenSemaphoreA, L"TOpenSemaphoreA" },
  312. {NULL, TOpenSemaphoreW, L"TOpenSemaphoreW" },
  313. {NULL, TCreateMutexA, L"TCreateMutexA" },
  314. {NULL, TCreateMutexW, L"TCreateMutexW" },
  315. {NULL, TOpenMutexA, L"TOpenMutexA" },
  316. {NULL, TOpenMutexW, L"TOpenMutexW" },
  317. {NULL, TCreateFileMappingA, L"TCreateFileMappingA" },
  318. {NULL, TCreateFileMappingW, L"TCreateFileMappingW" },
  319. {NULL, TOpenFileMappingA, L"TOpenFileMappingA" },
  320. {NULL, TOpenFileMappingW, L"TOpenFileMappingW" },
  321. };
  323. #define NUM_OF_LOAD_LIB_FUNCS_TO_HOOK 4
  325. TSAPPCMP_API_HOOK_TABLE LoadLibFuncsToHook[ NUM_OF_LOAD_LIB_FUNCS_TO_HOOK ] =
  326. {
  327. {NULL , TLoadLibraryA , L"TLoadLibraryA" },
  328. {NULL , TLoadLibraryW , L"TLoadLibraryW" },
  329. {NULL , TLoadLibraryExA , L"TLoadLibraryExA" },
  330. {NULL , TLoadLibraryExW , L"TLoadLibraryExW" }
  331. };
  333. BOOL
  334. TsWalkProcessDlls();
  336. //
  337. // we don't want to support the load-lib and object name redirection hack on ia64 machines.
  338. //
  339. BOOLEAN Is_X86_OS()
  340. {
  341. SYSTEM_INFO SystemInfo;
  342. BOOLEAN bReturn = FALSE;
  344. ZeroMemory(&SystemInfo, sizeof(SystemInfo));
  346. GetSystemInfo(&SystemInfo);
  348. if ( SystemInfo.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_INTEL )
  349. {
  350. bReturn = TRUE;
  351. }
  353. return bReturn;
  354. }
  355. // See if pEntry is already in our list, if so, then we have already
  356. // processed this image, return FALSE
  357. // Else, add entry to this list and return TRUE so that it is processed this time around.
  358. BOOLEAN ShouldEntryBeProcessed( PLDR_DATA_TABLE_ENTRY pEntry )
  359. {
  360. LDR_TABLE *pCurrent, *pNew ;
  362. // initialize our pointers to point to the head of the list
  363. pCurrent = g_LDR_TABLE_LIST_HEAD.pNext ;
  365. while (pCurrent)
  366. {
  367. if ( pEntry == pCurrent->pItem)
  368. {
  369. return FALSE;
  370. }
  372. pCurrent = pCurrent->pNext;
  373. }
  375. // we need to add to our list
  377. pNew = LocalAlloc( LMEM_FIXED, sizeof( LDR_TABLE ) );
  379. pCurrent = g_LDR_TABLE_LIST_HEAD.pNext ;
  381. if (pNew)
  382. {
  383. pNew->pItem = pEntry;
  384. pNew->pNext = pCurrent;
  385. g_LDR_TABLE_LIST_HEAD.pNext = pNew; // add to the head
  386. return TRUE;
  387. }
  388. else
  389. {
  390. return FALSE;
  391. }
  393. }
  395. // Free memory allocated for the LDR_TABLE
  396. void FreeLDRTable()
  397. {
  398. LDR_TABLE *pCurrent, *pTmp;
  400. pCurrent = g_LDR_TABLE_LIST_HEAD.pNext ;
  402. while ( pCurrent )
  403. {
  404. pTmp = pCurrent;
  405. pCurrent = pCurrent->pNext;
  406. LocalFree( pTmp );
  407. }
  409. if ( g_dwFlags & DEBUG_IAT )
  410. {
  411. DbgPrint("tsappcmp: done with FreeLDRTable() \n");
  412. }
  413. }
  415. LPSTR
  416. GlobalizePathA(
  417. LPCSTR pPath
  418. )
  420. /*++
  422. Routine Description:
  424. Convert an ANSI path to a GLOBAL path
  426. --*/
  428. {
  429. DWORD Len;
  430. LPSTR pNewPath;
  432. if( pPath == NULL ) {
  433. return( NULL );
  434. }
  436. //
  437. // Add code to determine if per object
  438. // override is in effect and do not globalize
  439. //
  441. Len = strlen(pPath) + GLOBALPATHSIZE + 1;
  443. pNewPath = LocalAlloc(LMEM_FIXED, Len);
  444. if( pNewPath == NULL ) {
  445. return( NULL );
  446. }
  448. strcpy( pNewPath, GLOBALPATHA );
  449. strcat( pNewPath, pPath );
  451. return( pNewPath );
  452. }
  454. LPWSTR
  455. GlobalizePathW(
  456. LPCWSTR pPath
  457. )
  459. /*++
  461. Routine Description:
  463. Convert a WCHAR path to a GLOBAL path
  465. --*/
  467. {
  468. DWORD Len;
  469. LPWSTR pNewPath;
  471. if( pPath == NULL ) {
  472. return( NULL );
  473. }
  475. //
  476. // Add code to determine if per object
  477. // override is in effect and do not globalize.
  478. //
  480. Len = wcslen(pPath) + GLOBALPATHSIZE + 1;
  481. Len *= sizeof(WCHAR);
  483. pNewPath = LocalAlloc(LMEM_FIXED, Len);
  484. if( pNewPath == NULL ) {
  485. return( NULL );
  486. }
  488. wcscpy( pNewPath, GLOBALPATHW );
  489. wcscat( pNewPath, pPath );
  491. return( pNewPath );
  492. }
  494. // Thunks for WIN32 named object functions
  496. HANDLE
  497. APIENTRY
  498. TCreateEventA(
  499. LPSECURITY_ATTRIBUTES lpEventAttributes,
  500. BOOL bManualReset,
  501. BOOL bInitialState,
  502. LPCSTR lpName
  503. )
  505. /*++
  507. Routine Description:
  509. ANSI thunk to CreateEventW
  512. --*/
  513. {
  514. HANDLE h;
  515. LPSTR pNewPath = GlobalizePathA(lpName);
  517. h = ( ( Func_CreateEventA *) ObjectNameFuncsToHook[ Index_Func_CreateEventA ].orig )( lpEventAttributes, bManualReset, bInitialState, pNewPath );
  518. // h = CreateEventA( lpEventAttributes, bManualReset, bInitialState, pNewPath );
  520. if( pNewPath ) LocalFree(pNewPath);
  522. return h;
  523. }
  525. HANDLE
  526. APIENTRY
  527. TCreateEventW(
  528. LPSECURITY_ATTRIBUTES lpEventAttributes,
  529. BOOL bManualReset,
  530. BOOL bInitialState,
  531. LPCWSTR lpName
  532. )
  533. {
  534. HANDLE h;
  535. LPWSTR pNewPath = GlobalizePathW(lpName);
  537. if ( g_dwFlags & DEBUG_IAT )
  538. {
  539. if( pNewPath )
  540. DbgPrint("TCreateEventW: Thunked, New name %ws\n",pNewPath);
  541. }
  543. h = ( ( Func_CreateEventW *) ObjectNameFuncsToHook[ Index_Func_CreateEventW ].orig ) ( lpEventAttributes, bManualReset, bInitialState, pNewPath );
  544. // h = CreateEventW( lpEventAttributes, bManualReset, bInitialState, pNewPath );
  546. if( pNewPath ) LocalFree(pNewPath);
  548. return h;
  549. }
  551. HANDLE
  552. APIENTRY
  553. TOpenEventA(
  554. DWORD dwDesiredAccess,
  555. BOOL bInheritHandle,
  556. LPCSTR lpName
  557. )
  559. /*++
  561. Routine Description:
  563. ANSI thunk to OpenNamedEventW
  565. --*/
  567. {
  568. HANDLE h;
  569. LPSTR pNewPath = GlobalizePathA(lpName);
  571. h = ( ( Func_OpenEventA *) ObjectNameFuncsToHook[ Index_Func_OpenEventA ].orig )( dwDesiredAccess, bInheritHandle, pNewPath );
  572. // h = OpenEventA( dwDesiredAccess, bInheritHandle, pNewPath );
  574. if( pNewPath ) LocalFree(pNewPath);
  576. return h;
  577. }
  579. HANDLE
  580. APIENTRY
  581. TOpenEventW(
  582. DWORD dwDesiredAccess,
  583. BOOL bInheritHandle,
  584. LPCWSTR lpName
  585. )
  586. {
  587. HANDLE h;
  588. LPWSTR pNewPath = GlobalizePathW(lpName);
  590. h = ( ( Func_OpenEventW *) ObjectNameFuncsToHook[ Index_Func_OpenEventW ].orig ) ( dwDesiredAccess, bInheritHandle, pNewPath );
  591. // h = OpenEventW( dwDesiredAccess, bInheritHandle, pNewPath );
  593. if( pNewPath ) LocalFree(pNewPath);
  595. return h;
  596. }
  598. HANDLE
  599. APIENTRY
  600. TCreateSemaphoreA(
  601. LPSECURITY_ATTRIBUTES lpSemaphoreAttributes,
  602. LONG lInitialCount,
  603. LONG lMaximumCount,
  604. LPCSTR lpName
  605. )
  607. /*++
  609. Routine Description:
  611. ANSI thunk to CreateSemaphoreW
  614. --*/
  616. {
  617. HANDLE h;
  618. LPSTR pNewPath = GlobalizePathA(lpName);
  620. h = ( ( Func_CreateSemaphoreA *) ObjectNameFuncsToHook[ Index_Func_CreateSemaphoreA ].orig )( lpSemaphoreAttributes, lInitialCount, lMaximumCount, pNewPath );
  621. // h = CreateSemaphoreA( lpSemaphoreAttributes, lInitialCount, lMaximumCount, pNewPath );
  623. if( pNewPath ) LocalFree(pNewPath);
  625. return h;
  626. }
  628. HANDLE
  629. APIENTRY
  630. TCreateSemaphoreW(
  631. LPSECURITY_ATTRIBUTES lpSemaphoreAttributes,
  632. LONG lInitialCount,
  633. LONG lMaximumCount,
  634. LPCWSTR lpName
  635. )
  636. {
  637. HANDLE h;
  638. LPWSTR pNewPath = GlobalizePathW(lpName);
  640. h = ( ( Func_CreateSemaphoreW *) ObjectNameFuncsToHook[ Index_Func_CreateSemaphoreW ].orig ) ( lpSemaphoreAttributes, lInitialCount, lMaximumCount, pNewPath );
  641. // h = CreateSemaphoreW( lpSemaphoreAttributes, lInitialCount, lMaximumCount, pNewPath );
  643. if( pNewPath ) LocalFree(pNewPath);
  645. return h;
  646. }
  648. HANDLE
  649. APIENTRY
  650. TOpenSemaphoreA(
  651. DWORD dwDesiredAccess,
  652. BOOL bInheritHandle,
  653. LPCSTR lpName
  654. )
  656. /*++
  658. Routine Description:
  660. ANSI thunk to OpenSemaphoreW
  662. --*/
  664. {
  665. HANDLE h;
  666. LPSTR pNewPath = GlobalizePathA(lpName);
  668. h = ( ( Func_OpenSemaphoreA *) ObjectNameFuncsToHook[ Index_Func_OpenSemaphoreA ].orig ) ( dwDesiredAccess, bInheritHandle, pNewPath );
  669. // h = OpenSemaphoreA( dwDesiredAccess, bInheritHandle, pNewPath );
  671. if( pNewPath ) LocalFree(pNewPath);
  673. return h;
  674. }
  676. HANDLE
  677. APIENTRY
  678. TOpenSemaphoreW(
  679. DWORD dwDesiredAccess,
  680. BOOL bInheritHandle,
  681. LPCWSTR lpName
  682. )
  683. {
  684. HANDLE h;
  685. LPWSTR pNewPath = GlobalizePathW(lpName);
  687. h = ( ( Func_OpenSemaphoreW *) ObjectNameFuncsToHook[ Index_Func_OpenSemaphoreW ].orig ) ( dwDesiredAccess, bInheritHandle, pNewPath );
  688. // h = OpenSemaphoreW( dwDesiredAccess, bInheritHandle, pNewPath );
  690. if( pNewPath ) LocalFree(pNewPath);
  692. return h;
  693. }
  695. HANDLE
  696. APIENTRY
  697. TCreateMutexA(
  698. LPSECURITY_ATTRIBUTES lpMutexAttributes,
  699. BOOL bInitialOwner,
  700. LPCSTR lpName
  701. )
  703. /*++
  705. Routine Description:
  707. ANSI thunk to CreateMutexW
  709. --*/
  711. {
  712. HANDLE h;
  713. LPSTR pNewPath = GlobalizePathA(lpName);
  715. h = ( ( Func_CreateMutexA *) ObjectNameFuncsToHook[ Index_Func_CreateMutexA ].orig ) ( lpMutexAttributes, bInitialOwner, pNewPath );
  716. // h = CreateMutexA( lpMutexAttributes, bInitialOwner, pNewPath );
  718. if( pNewPath ) LocalFree(pNewPath);
  720. return h;
  721. }
  723. HANDLE
  724. APIENTRY
  725. TCreateMutexW(
  726. LPSECURITY_ATTRIBUTES lpMutexAttributes,
  727. BOOL bInitialOwner,
  728. LPCWSTR lpName
  729. )
  730. {
  731. HANDLE h;
  732. LPWSTR pNewPath = GlobalizePathW(lpName);
  734. h = ( ( Func_CreateMutexW *) ObjectNameFuncsToHook[ Index_Func_CreateMutexW ].orig ) ( lpMutexAttributes, bInitialOwner, pNewPath );
  735. // h = CreateMutexW( lpMutexAttributes, bInitialOwner, pNewPath );
  737. if( pNewPath ) LocalFree(pNewPath);
  739. return h;
  740. }
  742. HANDLE
  743. APIENTRY
  744. TOpenMutexA(
  745. DWORD dwDesiredAccess,
  746. BOOL bInheritHandle,
  747. LPCSTR lpName
  748. )
  750. /*++
  752. Routine Description:
  754. ANSI thunk to OpenMutexW
  756. --*/
  758. {
  759. HANDLE h;
  760. LPSTR pNewPath = GlobalizePathA(lpName);
  762. h = ( ( Func_OpenMutexA *) ObjectNameFuncsToHook[ Index_Func_OpenMutexA ].orig ) ( dwDesiredAccess, bInheritHandle, pNewPath );
  763. // h = OpenMutexA( dwDesiredAccess, bInheritHandle, pNewPath );
  765. if( pNewPath ) LocalFree(pNewPath);
  767. return h;
  768. }
  770. HANDLE
  771. APIENTRY
  772. TOpenMutexW(
  773. DWORD dwDesiredAccess,
  774. BOOL bInheritHandle,
  775. LPCWSTR lpName
  776. )
  777. {
  778. HANDLE h;
  779. LPWSTR pNewPath = GlobalizePathW(lpName);
  781. h = ( ( Func_OpenMutexW *) ObjectNameFuncsToHook[ Index_Func_OpenMutexW ].orig ) ( dwDesiredAccess, bInheritHandle, pNewPath );
  782. // h = OpenMutexW( dwDesiredAccess, bInheritHandle, pNewPath );
  784. if( pNewPath ) LocalFree(pNewPath);
  786. return h;
  787. }
  789. HANDLE
  790. APIENTRY
  791. TCreateFileMappingA(
  792. HANDLE hFile,
  793. LPSECURITY_ATTRIBUTES lpFileMappingAttributes,
  794. DWORD flProtect,
  795. DWORD dwMaximumSizeHigh,
  796. DWORD dwMaximumSizeLow,
  797. LPCSTR lpName
  798. )
  800. /*++
  802. Routine Description:
  804. ANSI thunk to CreateFileMappingW
  806. --*/
  808. {
  809. HANDLE h;
  810. LPSTR pNewPath = GlobalizePathA(lpName);
  812. h = ( ( Func_CreateFileMappingA *) ObjectNameFuncsToHook[ Index_Func_CreateFileMappingA ].orig )( hFile, lpFileMappingAttributes, flProtect, dwMaximumSizeHigh, dwMaximumSizeLow, pNewPath );
  813. // h = CreateFileMappingA( hFile, lpFileMappingAttributes, flProtect, dwMaximumSizeHigh, dwMaximumSizeLow, pNewPath );
  815. if( pNewPath ) LocalFree(pNewPath);
  817. return h;
  818. }
  820. HANDLE
  821. APIENTRY
  822. TCreateFileMappingW(
  823. HANDLE hFile,
  824. LPSECURITY_ATTRIBUTES lpFileMappingAttributes,
  825. DWORD flProtect,
  826. DWORD dwMaximumSizeHigh,
  827. DWORD dwMaximumSizeLow,
  828. LPCWSTR lpName
  829. )
  830. {
  831. HANDLE h;
  832. LPWSTR pNewPath = GlobalizePathW(lpName);
  834. h = ( ( Func_CreateFileMappingW *) ObjectNameFuncsToHook[ Index_Func_CreateFileMappingW ].orig ) ( hFile, lpFileMappingAttributes, flProtect, dwMaximumSizeHigh, dwMaximumSizeLow, pNewPath );
  835. // h = CreateFileMappingW( hFile, lpFileMappingAttributes, flProtect, dwMaximumSizeHigh, dwMaximumSizeLow, pNewPath );
  837. if( pNewPath ) LocalFree(pNewPath);
  839. return h;
  840. }
  842. HANDLE
  843. APIENTRY
  844. TOpenFileMappingA(
  845. DWORD dwDesiredAccess,
  846. BOOL bInheritHandle,
  847. LPCSTR lpName
  848. )
  850. /*++
  852. Routine Description:
  854. ANSI thunk to OpenFileMappingW
  856. --*/
  858. {
  859. HANDLE h;
  860. LPSTR pNewPath = GlobalizePathA(lpName);
  862. h = ( ( Func_OpenFileMappingA *) ObjectNameFuncsToHook[ Index_Func_OpenFileMappingA ].orig ) ( dwDesiredAccess, bInheritHandle, pNewPath );
  863. // h = OpenFileMappingA( dwDesiredAccess, bInheritHandle, pNewPath );
  865. if( pNewPath ) LocalFree(pNewPath);
  867. return h;
  868. }
  870. HANDLE
  871. APIENTRY
  872. TOpenFileMappingW(
  873. DWORD dwDesiredAccess,
  874. BOOL bInheritHandle,
  875. LPCWSTR lpName
  876. )
  877. {
  878. HANDLE h;
  879. LPWSTR pNewPath = GlobalizePathW(lpName);
  881. h = ( ( Func_OpenFileMappingW *) ObjectNameFuncsToHook[ Index_Func_OpenFileMappingW ].orig ) ( dwDesiredAccess, bInheritHandle, pNewPath );
  882. // h = OpenFileMappingW( dwDesiredAccess, bInheritHandle, pNewPath );
  884. if( pNewPath ) LocalFree(pNewPath);
  886. return h;
  887. }
  891. HMODULE
  892. TLoadLibraryExA(
  893. LPCSTR lpLibFileName,
  894. HANDLE hFile,
  895. DWORD dwFlags
  896. )
  897. {
  898. HMODULE h;
  900. h = ( (Func_LoadLibraryExA *)(LoadLibFuncsToHook[Index_Func_LoadLibraryExA ].orig) )( lpLibFileName, hFile, dwFlags );
  901. // h = LoadLibraryExA( lpLibFileName, hFile, dwFlags );
  903. if( h ) {
  904. if(!TsWalkProcessDlls())
  905. {
  906. FreeLibrary(h);
  907. return NULL;
  908. }
  909. }
  911. return( h );
  912. }
  915. HMODULE TLoadLibraryExW(
  916. LPCWSTR lpwLibFileName,
  917. HANDLE hFile,
  918. DWORD dwFlags
  919. )
  920. {
  921. HMODULE h;
  923. h = ( ( Func_LoadLibraryExW *) LoadLibFuncsToHook[Index_Func_LoadLibraryExW ].orig )( lpwLibFileName, hFile, dwFlags );
  924. // h = LoadLibraryExW( lpwLibFileName, hFile, dwFlags );
  926. if( h ) {
  927. if(!TsWalkProcessDlls())
  928. {
  929. FreeLibrary(h);
  930. return NULL;
  931. }
  932. }
  934. return( h );
  935. }
  938. HMODULE
  939. TLoadLibraryA(
  940. LPCSTR lpLibFileName
  941. )
  943. /*++
  945. Routine Description:
  947. Re-walk all the DLL's in the process since a new set of DLL's may
  948. have been loaded.
  950. We must rewalk all since the new DLL lpLibFileName may bring in
  951. other DLL's by import reference.
  953. --*/
  955. {
  956. HMODULE h;
  958. h = ( ( Func_LoadLibraryA *) LoadLibFuncsToHook[Index_Func_LoadLibraryA ].orig )( lpLibFileName );
  959. // h = LoadLibraryA( lpLibFileName );
  961. if( h ) {
  962. if(!TsWalkProcessDlls())
  963. {
  964. FreeLibrary(h);
  965. return NULL;
  966. }
  967. }
  969. return( h );
  970. }
  974. HMODULE
  975. TLoadLibraryW(
  976. LPCWSTR lpwLibFileName
  977. )
  979. /*++
  981. Routine Description:
  983. Re-walk all the DLL's in the process since a new set of DLL's may
  984. have been loaded.
  986. We must rewalk all since the new DLL lpLibFileName may bring in
  987. other DLL's by import reference.
  989. --*/
  991. {
  992. HMODULE h;
  994. h = ( ( Func_LoadLibraryW * )LoadLibFuncsToHook[Index_Func_LoadLibraryW ].orig )( lpwLibFileName );
  995. // h = LoadLibraryW( lpwLibFileName );
  997. if( h ) {
  998. if(!TsWalkProcessDlls())
  999. {
  1000. FreeLibrary(h);
  1001. return NULL;
  1002. }
  1003. }
  1005. return( h );
  1006. }
  1008. BOOL
  1009. TsRedirectRegisteredImage(
  1010. PLDR_DATA_TABLE_ENTRY LdrDataTableEntry ,
  1011. BOOLEAN redirectObjectNameFunctions,
  1012. BOOLEAN redirectLoadLibraryFunctions
  1013. );
  1016. BOOL
  1017. TsWalkProcessDlls()
  1019. /*++
  1021. Routine Description:
  1023. Walk all the DLL's in the process and redirect WIN32 named object
  1024. functions for any that are registered SYSTEM global.
  1026. This function is intended to be called at tsappcmp.dll init time
  1027. to process all DLL's loaded before us.
  1029. A hook is installed by tsappcmp.dll to process DLL's that load
  1030. after this call.
  1032. --*/
  1034. {
  1035. PLDR_DATA_TABLE_ENTRY Entry;
  1036. PLIST_ENTRY Head,Next;
  1037. PIMAGE_NT_HEADERS NtHeaders;
  1038. UNICODE_STRING ThisDLLName;
  1039. BOOLEAN rc;
  1041. RtlInitUnicodeString( &ThisDLLName, TEXT("TSAPPCMP.DLL")) ;
  1043. RtlEnterCriticalSection((PRTL_CRITICAL_SECTION)NtCurrentPeb()->LoaderLock);
  1044. __try
  1045. {
  1047. Head = &NtCurrentPeb()->Ldr->InLoadOrderModuleList;
  1048. Next = Head->Flink;
  1050. while ( Next != Head )
  1051. {
  1052. Entry = CONTAINING_RECORD(Next, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
  1053. Next = Next->Flink;
  1055. rc = ShouldEntryBeProcessed( Entry );
  1057. if (rc)
  1058. {
  1059. if ( (SSIZE_T)Entry->DllBase < 0 )
  1060. {
  1061. // Not hooking kernel-mode DLL
  1063. if ( g_dwFlags & DEBUG_IAT )
  1064. {
  1065. DbgPrint(" > Not hooking kernel mode DLL : %wZ\n",&Entry->BaseDllName);
  1066. }
  1068. continue;
  1069. }
  1071. if ( g_dwFlags & DEBUG_IAT )
  1072. {
  1073. if( Entry->BaseDllName.Buffer )
  1074. DbgPrint("tsappcmp: examining %wZ\n",&Entry->BaseDllName);
  1075. }
  1077. //
  1078. // when we unload, the memory order links flink field is nulled.
  1079. // this is used to skip the entry pending list removal.
  1080. //
  1082. if ( !Entry->InMemoryOrderLinks.Flink ) {
  1083. continue;
  1084. }
  1086. NtHeaders = RtlImageNtHeader( Entry->DllBase );
  1087. if( NtHeaders == NULL ) {
  1088. continue;
  1089. }
  1091. if( NtHeaders->OptionalHeader.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE)
  1092. {
  1093. if ( g_dwFlags & DEBUG_IAT )
  1094. {
  1095. DbgPrint("tsappcmp: %wZ is ts-aware, we are exiting TsWalkProcessDlls() now\n",&Entry->BaseDllName);
  1096. }
  1097. return TRUE; // we do not mess around with the IAT of TS-aware apps.
  1098. }
  1100. if (Entry->BaseDllName.Buffer && !RtlCompareUnicodeString(&Entry->BaseDllName, &ThisDLLName, TRUE)) {
  1101. continue;
  1102. }
  1104. if( NtHeaders->OptionalHeader.LoaderFlags & IMAGE_LOADER_FLAGS_SYSTEM_GLOBAL )
  1105. {
  1106. // 2nd param is redirectObjectNameFunctions
  1107. // 3rd param is redirectLoadLibraryFunctions
  1108. if(!TsRedirectRegisteredImage( Entry , TRUE, TRUE )) // hooks object name and loadl lib funcs ( all of them )
  1109. {
  1110. return FALSE;
  1111. }
  1112. }
  1113. else
  1114. {
  1115. if (! (g_dwFlags & TERMSRV_COMPAT_DONT_PATCH_IN_LOAD_LIBS ) )
  1116. {
  1117. // 2nd param is redirectObjectNameFunctions
  1118. // 3rd param is redirectLoadLibraryFunctions
  1119. if(!TsRedirectRegisteredImage( Entry , FALSE, TRUE )) // only hook lib funcs ( comment error earlier_)
  1120. {
  1121. return FALSE;
  1122. }
  1123. }
  1124. }
  1125. }
  1126. else
  1127. {
  1128. if ( g_dwFlags & DEBUG_IAT )
  1129. {
  1130. if( Entry->BaseDllName.Buffer )
  1131. DbgPrint("tsappcmp: SKIPPING already walked image : %wZ\n",&Entry->BaseDllName);
  1132. }
  1134. }
  1135. }
  1136. }
  1137. __finally
  1138. {
  1139. RtlLeaveCriticalSection((PRTL_CRITICAL_SECTION)NtCurrentPeb()->LoaderLock);
  1140. }
  1142. return TRUE;
  1143. }
  1146. BOOL ImageIsTsAware()
  1147. {
  1148. PIMAGE_NT_HEADERS NtHeader = RtlImageNtHeader( NtCurrentPeb()->ImageBaseAddress );
  1150. if ((NtHeader) && (NtHeader->OptionalHeader.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE))
  1151. {
  1152. return TRUE;
  1153. }
  1154. else
  1155. {
  1156. return FALSE;
  1157. }
  1158. }
  1160. BOOL
  1161. InitRegisterSupport()
  1162. /*++
  1164. Routine Description:
  1166. Initialize the register command support by walking
  1167. all DLL's and inserting our thunks.
  1169. --*/
  1171. {
  1172. int i;
  1174. g_LDR_TABLE_LIST_HEAD.pNext = NULL;
  1176. if (!Is_X86_OS() )
  1177. {
  1178. DbgPrint("Object name redirection not supported on non-x86 platforms\n");
  1179. return TRUE;
  1180. }
  1182. if ( ! ImageIsTsAware() )
  1183. {
  1184. if ( g_dwFlags & DEBUG_IAT )
  1185. {
  1186. DbgPrint("InitRegisterSupport() called with dwFlags = 0x%lx\n", g_dwFlags);
  1187. }
  1189. LoadLibFuncsToHook[ Index_Func_LoadLibraryA ].orig = LoadLibraryA;
  1190. LoadLibFuncsToHook[ Index_Func_LoadLibraryW ].orig = LoadLibraryW;
  1191. LoadLibFuncsToHook[ Index_Func_LoadLibraryExA ].orig = LoadLibraryExA;
  1192. LoadLibFuncsToHook[ Index_Func_LoadLibraryExW ].orig = LoadLibraryExW;
  1194. ObjectNameFuncsToHook[ Index_Func_CreateEventA ].orig = CreateEventA;
  1195. ObjectNameFuncsToHook[ Index_Func_CreateEventW ].orig = CreateEventW;
  1196. ObjectNameFuncsToHook[ Index_Func_OpenEventA ].orig = OpenEventA;
  1197. ObjectNameFuncsToHook[ Index_Func_OpenEventW ].orig = OpenEventW;
  1198. ObjectNameFuncsToHook[ Index_Func_CreateSemaphoreA ].orig = CreateSemaphoreA;
  1199. ObjectNameFuncsToHook[ Index_Func_CreateSemaphoreW ].orig = CreateSemaphoreW;
  1200. ObjectNameFuncsToHook[ Index_Func_OpenSemaphoreA ].orig = OpenSemaphoreA;
  1201. ObjectNameFuncsToHook[ Index_Func_OpenSemaphoreW ].orig = OpenSemaphoreW;
  1202. ObjectNameFuncsToHook[ Index_Func_CreateMutexA ].orig = CreateMutexA;
  1203. ObjectNameFuncsToHook[ Index_Func_CreateMutexW ].orig = CreateMutexW;
  1204. ObjectNameFuncsToHook[ Index_Func_OpenMutexA ].orig = OpenMutexA;
  1205. ObjectNameFuncsToHook[ Index_Func_OpenMutexW ].orig = OpenMutexW;
  1206. ObjectNameFuncsToHook[ Index_Func_CreateFileMappingA ].orig = CreateFileMappingA;
  1207. ObjectNameFuncsToHook[ Index_Func_CreateFileMappingW ].orig = CreateFileMappingW;
  1208. ObjectNameFuncsToHook[ Index_Func_OpenFileMappingA ].orig = OpenFileMappingA;
  1209. ObjectNameFuncsToHook[ Index_Func_OpenFileMappingW ].orig = OpenFileMappingW;
  1211. if ( g_dwFlags & DEBUG_IAT )
  1212. {
  1213. for (i = 0; i < NUM_OF_LOAD_LIB_FUNCS_TO_HOOK ; ++i)
  1214. {
  1215. DbgPrint(" Use %ws at index = %2d for an indirect call to 0x%lx \n", LoadLibFuncsToHook[i].name, i, LoadLibFuncsToHook[i].orig );
  1216. }
  1218. for (i = 0; i < NUM_OF_OBJECT_NAME_FUNCS_TO_HOOK ; ++i)
  1219. {
  1220. DbgPrint(" Use %ws at index = %2d for an indirect call to 0x%lx \n", ObjectNameFuncsToHook[i].name, i, ObjectNameFuncsToHook[i].orig );
  1221. }
  1222. }
  1223. return TsWalkProcessDlls();
  1224. }
  1225. else
  1226. {
  1227. return TRUE; // nothing to do!
  1228. }
  1229. }
  1231. BOOL
  1232. TsRedirectRegisteredImage(
  1233. PLDR_DATA_TABLE_ENTRY LdrDataTableEntry ,
  1234. BOOLEAN redirectObjectNameFunctions,
  1235. BOOLEAN redirectLoadLibraryFunctions
  1236. )
  1237. {
  1238. /*++
  1240. Routine Description:
  1242. Redirect WIN32 named object functions from kernel32.dll to tsappcmp.dll
  1244. --*/
  1246. PIMAGE_DOS_HEADER pIDH;
  1247. PIMAGE_NT_HEADERS pINTH;
  1248. PIMAGE_IMPORT_DESCRIPTOR pIID;
  1249. PIMAGE_NT_HEADERS NtHeaders;
  1250. PBYTE pDllBase;
  1251. DWORD dwImportTableOffset;
  1252. DWORD dwOldProtect, dwOldProtect2;
  1253. SIZE_T dwProtectSize;
  1254. NTSTATUS status;
  1258. //
  1259. // Determine the location and size of the IAT. If found, scan the
  1260. // IAT address to see if any are pointing to RtlAllocateHeap. If so
  1261. // replace when with a pointer to a unique thunk function that will
  1262. // replace the tag with a unique tag for this image.
  1263. //
  1265. if ( g_dwFlags & DEBUG_IAT )
  1266. {
  1267. if( LdrDataTableEntry->BaseDllName.Buffer )
  1268. DbgPrint("tsappcmp: walking %wZ\n",&LdrDataTableEntry->BaseDllName);
  1269. }
  1271. pDllBase = LdrDataTableEntry->DllBase;
  1272. pIDH = (PIMAGE_DOS_HEADER)pDllBase;
  1274. //
  1275. // Get the import table
  1276. //
  1277. pINTH = (PIMAGE_NT_HEADERS)(pDllBase + pIDH->e_lfanew);
  1279. dwImportTableOffset = pINTH->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
  1281. if (dwImportTableOffset == 0) {
  1282. //
  1283. // No import table found. This is probably ntdll.dll
  1284. //
  1285. return TRUE;
  1286. }
  1288. if ( g_dwFlags & DEBUG_IAT )
  1289. {
  1290. DbgPrint("\n > pDllBase = 0x%lx, IAT offset = 0x%lx \n", pDllBase, dwImportTableOffset );
  1291. }
  1292. pIID = (PIMAGE_IMPORT_DESCRIPTOR)(pDllBase + dwImportTableOffset);
  1294. //
  1295. // Loop through the import table and search for the APIs that we want to patch
  1296. //
  1297. while (TRUE)
  1298. {
  1300. LPSTR pszImportEntryModule;
  1301. PIMAGE_THUNK_DATA pITDA;
  1303. // Return if no first thunk (terminating condition)
  1305. if (pIID->FirstThunk == 0) {
  1306. break;
  1307. }
  1309. if ( g_dwFlags & DEBUG_IAT )
  1310. {
  1311. DbgPrint(" > pIID->FirstThunk = 0x%lx \n", pIID->FirstThunk );
  1312. }
  1314. pszImportEntryModule = (LPSTR)(pDllBase + pIID->Name);
  1316. //
  1317. // We have APIs to hook for this module!
  1318. //
  1319. pITDA = (PIMAGE_THUNK_DATA)(pDllBase + (DWORD)pIID->FirstThunk);
  1321. if ( g_dwFlags & DEBUG_IAT )
  1322. {
  1323. DbgPrint(" >> PITDA = 0x%lx \n", pITDA );
  1324. }
  1326. while (TRUE) {
  1328. DWORD dwDllIndex;
  1329. PVOID dwFuncAddr;
  1330. int i;
  1332. //
  1333. // Done with all the imports from this module? (terminating condition)
  1334. //
  1335. if (pITDA->u1.Ordinal == 0)
  1336. {
  1337. if ( g_dwFlags & DEBUG_IAT )
  1338. {
  1339. DbgPrint(" >> Existing inner loop with PITDA = 0x%lx \n", pITDA );
  1340. }
  1341. break;
  1342. }
  1344. // Make the code page writable and overwrite new function pointer in import table
  1346. dwProtectSize = sizeof(DWORD);
  1348. dwFuncAddr = (PVOID)&pITDA->u1.Function;
  1350. status = NtProtectVirtualMemory(NtCurrentProcess(),
  1351. (PVOID)&dwFuncAddr,
  1352. &dwProtectSize,
  1353. PAGE_READWRITE,
  1354. &dwOldProtect);
  1357. if (NT_SUCCESS(status))
  1358. {
  1359. // hook API of interest.
  1361. if (redirectObjectNameFunctions)
  1362. {
  1363. for (i = 0; i < NUM_OF_OBJECT_NAME_FUNCS_TO_HOOK ; i ++)
  1364. {
  1365. if ( ObjectNameFuncsToHook[i].orig == (PVOID) pITDA->u1.Function )
  1366. {
  1367. (PVOID)pITDA->u1.Function = ObjectNameFuncsToHook[i].hook;
  1369. if ( g_dwFlags & DEBUG_IAT )
  1370. {
  1371. DbgPrint(" > Func was hooked : 0x%lx thru %ws \n", ObjectNameFuncsToHook[i].orig ,
  1372. ObjectNameFuncsToHook[i].name );
  1373. }
  1374. }
  1375. }
  1376. }
  1378. if (redirectLoadLibraryFunctions )
  1379. {
  1380. for (i = 0; i < NUM_OF_LOAD_LIB_FUNCS_TO_HOOK ; i ++)
  1381. {
  1382. if ( LoadLibFuncsToHook[i].orig == (PVOID) pITDA->u1.Function )
  1383. {
  1384. (PVOID)pITDA->u1.Function = LoadLibFuncsToHook[i].hook;
  1386. if ( g_dwFlags & DEBUG_IAT )
  1387. {
  1388. DbgPrint(" > Func was hooked : 0x%lx thru %ws \n", LoadLibFuncsToHook[i].orig ,
  1389. LoadLibFuncsToHook[i].name );
  1390. }
  1391. }
  1392. }
  1394. }
  1396. dwProtectSize = sizeof(DWORD);
  1398. status = NtProtectVirtualMemory(NtCurrentProcess(),
  1399. (PVOID)&dwFuncAddr,
  1400. &dwProtectSize,
  1401. dwOldProtect,
  1402. &dwOldProtect2);
  1403. if (!NT_SUCCESS(status))
  1404. {
  1405. DbgPrint((" > Failed to change back the protection\n"));
  1406. return FALSE;
  1407. }
  1408. }
  1409. else
  1410. {
  1411. DbgPrint(" > Failed 0x%X to change protection to PAGE_READWRITE. Addr 0x%lx \n", status, &(pITDA->u1.Function) );
  1412. return FALSE;
  1413. }
  1414. pITDA++;
  1415. }
  1416. pIID++;
  1417. }
  1418. return TRUE;
  1419. }
  1421. #if 0
  1422. void
  1423. TsLoadDllCallback(
  1424. PLDR_DATA_TABLE_ENTRY Entry
  1425. )
  1427. /*++
  1429. Routine Description:
  1431. This function is called when a new DLL is loaded.
  1432. It is registered as a callback from LDR, same as WX86
  1434. Hook goes into ntos\dll\ldrsnap.c,LdrpRunInitializeRoutines()
  1436. This function is currently not used since a hook on LoadLibrary
  1437. is used instead to avoid modifications to ntdll.dll.
  1439. --*/
  1441. {
  1442. PIMAGE_NT_HEADERS NtHeaders;
  1444. NtHeaders = RtlImageNtHeader( Entry->DllBase );
  1445. if( NtHeaders == NULL ) {
  1446. return;
  1447. }
  1449. if( NtHeaders->OptionalHeader.LoaderFlags & IMAGE_LOADER_FLAGS_SYSTEM_GLOBAL ) {
  1450. TsRedirectRegisteredImage( Entry );
  1451. }
  1453. return;
  1454. }
  1455. #endif