archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/base/ntos/inc/hotpatch.h

297 lines
9.5 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*
  3. Copyright (c) 2001 Microsoft Corporation
  5. File name:
  7. hotpatch.h
  9. Author:
  11. Adrian Marinescu (adrmarin) Nov 15 2001
  12. Tom McGuire (tommcg)
  14. */
  16. #ifndef _HOTPATCH_H
  17. #define _HOTPATCH_H
  19. //
  20. // Patch file format structures
  21. //
  23. //
  24. // The HOTPATCH_HEADER can be found in the hotpatch binary by searching
  25. // the section headers for a section named ".hotp1 " and verifying that
  26. // the first four bytes in that section match the "HOT1" ('1TOH') header
  27. // signature. The .hotp1 section will be marked readonly and discardable.
  28. //
  29. //
  30. // The HOTPATCH_HEADER can be found in the hotpatch binary by searching
  31. // the section headers for a section named ".hotp1 " and verifying that
  32. // the first four bytes in that section match the "HOT1" ('1TOH') header
  33. // signature. The .hotp1 section will be marked readonly and discardable.
  34. //
  37. #define HOTP_SIGNATURE_DWORD ((ULONG) '1TOH' ) // "HOT1"
  38. #define HOTP_HEADER_VERSION_1_0 0x00010000 // 1.0
  39. #define HOTP_SECTION_NAME ".hotp1 " //
  40. #define HOTP_SECTION_NAME_QWORD 0x20203170746F682E // ".hotp1 "
  43. typedef struct _HOTPATCH_HEADER
  44. {
  45. ULONG Signature; // "HOT1" '1TOH'
  46. ULONG Version; // 0x00010000 (1.0)
  48. ULONG FixupRgnCount; // count of HOTPATCH_FIXUP_REGION entries at FixupArrayRva
  49. ULONG FixupRgnRva; // RVA in this image of HOTPATCH_FIXUP_REGION entries
  50. // (if FixupCount zero, FixupListRva also zero)
  52. ULONG ValidationCount; // count of ValidationArray entries
  53. ULONG ValidationArrayRva; // RVA in this image of HOTPATCH_VALIDATION array
  54. // (validation bytes valid after fixups applied)
  56. ULONG HookCount; // count of HOTPATCH_HOOK entries at HookArrayRva
  57. ULONG HookArrayRva; // RVA in this image of HOTPATCH_HOOK entries
  58. // (if HookCount zero, HookArrayRva also zero)
  60. ULONGLONG OrigHotpBaseAddress; // If hotpatch loaded at this address, and
  61. ULONGLONG OrigTargetBaseAddress; // if target is loaded at this address, then
  62. // fixups in hotpatch are not necessary
  64. ULONG TargetNameRva; // RVA of target module name "kernel32.dll"
  65. ULONG ModuleIdMethod; // one of HOTPATCH_MODULE_ID_METHOD
  67. union // content depends on HOTPATCH_MODULE_ID_METHOD
  68. {
  69. ULONGLONG Quad;
  70. GUID Guid;
  72. struct
  73. {
  74. GUID Guid;
  75. ULONG Age;
  76. }
  77. PdbSig;
  79. UCHAR Hash128[ 16 ]; // For MD5, etc.
  80. UCHAR Hash160[ 20 ]; // For SHA, etc.
  81. }
  82. TargetModuleIdValue; // unique ID of target module
  84. }
  85. HOTPATCH_HEADER, *PHOTPATCH_HEADER;
  88. typedef enum _HOTPATCH_MODULE_ID_METHOD
  89. {
  90. HOTP_ID_None = 0x00000000, // No ID verification of target
  92. HOTP_ID_PeHeaderHash1 = 0x00000001,
  94. //
  95. // MD5 hash of "normalized" IMAGE_NT_HEADERS32/64, ignoring certain
  96. // fields that change due to resource localization, rebase, bind,
  97. // sign, winalign, etc.
  98. //
  99. // FileHeader.TimeDateStamp
  100. // OptionalHeader.CheckSum
  101. // OptionalHeader.ImageBase
  102. // OptionalHeader.FileAlignment
  103. // OptionalHeader.SizeOfCode
  104. // OptionalHeader.SizeOfInitializedData
  105. // OptionalHeader.SizeOfUninitializedData
  106. // OptionalHeader.SizeOfImage
  107. // OptionalHeader.SizeOfHeaders
  108. // OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_RESOURCE ]
  109. // OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_SECURITY ]
  110. // OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_BASERELOC ]
  111. // OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT ]
  112. //
  114. HOTP_ID_PeHeaderHash2 = 0x00000002, // 64-bit hash of normalized PE header
  116. HOTP_ID_PeChecksum = 0x00000003, // 32-bit checksum in the PE Optional header
  118. HOTP_ID_PeDebugSignature = 0x00000010, // pdb signature (GUID,Age)
  120. }
  121. HOTPATCH_MODULE_ID_METHOD;
  125. typedef struct _HOTPATCH_FIXUP_REGION
  126. {
  127. ULONG RvaHi:20; // Hi 20 bits of RVA where fixups to be applied
  128. ULONG Count:12; // Number of fixup entries for this region
  129. USHORT Fixup[2]; // Variable length HOTPATCH_FIXUP_ENTRY array
  130. }
  131. HOTPATCH_FIXUP_REGION, *PHOTPATCH_FIXUP_REGION;
  134. typedef struct _HOTPATCH_FIXUP_ENTRY
  135. {
  136. USHORT RvaOffset:12; // Lo 12 bits of RVA where fixup to be applied
  137. USHORT FixupType:4; // Type of fixup to perform at this location
  138. }
  139. HOTPATCH_FIXUP_ENTRY, *PHOTPATCH_FIXUP_ENTRY;
  142. typedef enum _HOTPATCH_FIXUP_TYPE
  143. {
  144. HOTP_Fixup_None = 0x0, // No fixup, ignore this entry (alignment, etc)
  145. HOTP_Fixup_VA32 = 0x1, // 32-bit address in target image
  146. HOTP_Fixup_PC32 = 0x2, // 32-bit x86 pc-rel address to target image
  147. HOTP_Fixup_VA64 = 0x3, // 64-bit address in target image
  148. }
  149. HOTPATCH_FIXUP_TYPE;
  152. typedef struct _HOTPATCH_VALIDATION
  153. {
  154. ULONG SourceRva; // RVA within patch image of validation raw bytes
  155. ULONG TargetRva; // RVA within target image to validate against
  156. USHORT ByteCount; // number of bytes to validate at this RVA pair
  157. USHORT OptionFlags; // combination of HOTPATCH_VALIDATION_OPTIONS
  158. }
  159. HOTPATCH_VALIDATION, *PHOTPATCH_VALIDATION;
  162. typedef enum _HOTPATCH_VALIDATION_OPTIONS
  163. {
  164. HOTP_Valid_Hook_Target = 0x0001, // specific to a HOTPATCH_HOOK entry
  165. }
  166. HOTPATCH_VALIDATION_OPTIONS;
  169. typedef struct _HOTPATCH_HOOK
  170. {
  171. USHORT HookType; // one of HOTPATCH_HOOK_TYPE
  172. USHORT HookOptions; // options specific to HookType
  173. ULONG HookRva; // RVA in target image -- where to insert hook
  174. ULONG HotpRva; // RVA in hotpatch image for redirected target of hook
  175. ULONG ValidationRva; // Optional RVA in hotpatch image of HOTPATCH_VALIDATION
  176. } // specific to this hook location in target image.
  177. HOTPATCH_HOOK, *PHOTPATCH_HOOK;
  180. typedef enum _HOTPATCH_HOOK_TYPE
  181. {
  182. HOTP_Hook_None = 0x0000, // No hook, ignore this entry (continuation values)
  183. HOTP_Hook_VA32 = 0x0001, // 32-bit absolute address of hook target (little endian)
  184. HOTP_Hook_X86_JMP = 0x0002, // x86 E9 jmp with 32-bit pc-relative to hook target
  185. // HookOptions low 4 bits contains original instruction length
  186. // so implementation can pad E9 hook instruction with CC bytes
  187. HOTP_Hook_PCREL32 = 0x0003, // 32-bit x86 pcrelative address of hook target, replacing
  188. // the last four bytes of a call or conditional branch.
  189. // HookOptions low 4 bits contains original instruction length
  190. // so can determine where instruction begins.
  191. HOTP_Hook_X86_JMP2B = 0x0004, // x86 EB jmp with 8-bit displacement to an X86_JMP hook
  192. // HookOptions low 4 bits contains original instruction length
  193. // HotpRva contains the 8-bit displacement
  195. HOTP_Hook_VA64 = 0x0010, // 64-bit absolute address of hook target (little endian)
  196. HOTP_Hook_IA64_BRL = 0x0011, // IA64 brl with 64-bit target address
  197. }
  198. HOTPATCH_HOOK_TYPE;
  200. //
  201. // Information existent in debug directory
  202. //
  204. typedef struct _HOTPATCH_DEBUG_SIGNATURE {
  206. USHORT HotpatchVersion;
  207. USHORT Signature;
  209. } HOTPATCH_DEBUG_SIGNATURE, *PHOTPATCH_DEBUG_SIGNATURE;
  211. typedef struct _HOTPATCH_DEBUG_DATA {
  213. ULONGLONG PEHashData;
  214. ULONGLONG ChecksumData;
  216. } HOTPATCH_DEBUG_DATA, *PHOTPATCH_DEBUG_DATA;
  218. //
  219. // RTL internal patch definitions
  220. //
  222. #ifdef NTOS_KERNEL_RUNTIME
  224. #define PATCH_LDR_DATA_TABLE_ENTRY KLDR_DATA_TABLE_ENTRY
  225. #define PPATCH_LDR_DATA_TABLE_ENTRY PKLDR_DATA_TABLE_ENTRY
  226. #else // ! NTOS_KERNEL_RUNTIME
  228. #define PATCH_LDR_DATA_TABLE_ENTRY LDR_DATA_TABLE_ENTRY
  229. #define PPATCH_LDR_DATA_TABLE_ENTRY PLDR_DATA_TABLE_ENTRY
  230. #endif // NTOS_KERNEL_RUNTIME
  233. typedef struct _RTL_PATCH_HEADER {
  235. LIST_ENTRY PatchList;
  237. PVOID PatchImageBase;
  238. struct _RTL_PATCH_HEADER * NextPatch;
  240. ULONG PatchFlags;
  241. LONG PatchRefCount;
  243. PHOTPATCH_HEADER HotpatchHeader;
  245. UNICODE_STRING TargetDllName;
  246. PVOID TargetDllBase;
  248. PPATCH_LDR_DATA_TABLE_ENTRY TargetLdrDataTableEntry;
  249. PPATCH_LDR_DATA_TABLE_ENTRY PatchLdrDataTableEntry;
  251. PSYSTEM_HOTPATCH_CODE_INFORMATION CodeInfo;
  253. } RTL_PATCH_HEADER, *PRTL_PATCH_HEADER;
  255. NTSTATUS
  256. RtlCreateHotPatch (
  257. OUT PRTL_PATCH_HEADER * RtlPatchData,
  258. IN PHOTPATCH_HEADER Patch,
  259. IN PPATCH_LDR_DATA_TABLE_ENTRY PatchLdrEntry,
  260. IN ULONG PatchFlags
  261. );
  263. NTSTATUS
  264. RtlInitializeHotPatch (
  265. IN PRTL_PATCH_HEADER RtlPatchData,
  266. IN ULONG_PTR PatchOffsetCorrection
  267. );
  269. NTSTATUS
  270. RtlReadHookInformation(
  271. IN PRTL_PATCH_HEADER RtlPatchData
  272. );
  274. VOID
  275. RtlFreeHotPatchData(
  276. IN PRTL_PATCH_HEADER RtlPatchData
  277. );
  279. PHOTPATCH_HEADER
  280. RtlGetHotpatchHeader(
  281. PVOID ImageBase
  282. );
  284. PRTL_PATCH_HEADER
  285. RtlFindRtlPatchHeader(
  286. IN PLIST_ENTRY PatchList,
  287. IN PPATCH_LDR_DATA_TABLE_ENTRY PatchLdrEntry
  288. );
  290. BOOLEAN
  291. RtlpIsSameImage (
  292. IN PRTL_PATCH_HEADER RtlPatchData,
  293. IN PPATCH_LDR_DATA_TABLE_ENTRY LdrDataEntry
  294. );
  296. #endif // _HOTPATCH_H