/*++ Copyright (c) 1989 Microsoft Corporation Module Name: ldrp.h Abstract: Private types... for executive portion of loader Author: Mark Lucovsky (markl) 26-Mar-1990 Revision History: --*/ #ifndef _LDRP_ #define _LDRP_ #pragma warning(disable:4214) // bit field types other than int #pragma warning(disable:4201) // nameless struct/union #pragma warning(disable:4115) // named type definition in parentheses #pragma warning(disable:4127) // condition expression is constant #include #include #include #include #define NOEXTAPI #include "wdbgexts.h" #include #include #if defined(_WIN64) extern INVERTED_FUNCTION_TABLE LdrpInvertedFunctionTable; #endif #if DBG #define LdrpShouldDbgPrintStatus(st) \ (!NT_SUCCESS(st) \ && (ShowSnaps \ || ( (st) != STATUS_NO_SUCH_FILE \ && (st) != STATUS_DLL_NOT_FOUND \ && (st) != STATUS_OBJECT_NAME_NOT_FOUND \ ))) #else #define LdrpShouldDbgPrintStatus(st) (FALSE) #endif #if DBG #define LDR_ERROR_DPFLTR DPFLTR_ERROR_LEVEL #else #define LDR_ERROR_DPFLTR ((ShowSnaps || ShowErrors) ? DPFLTR_ERROR_LEVEL : DPFLTR_INFO_LEVEL) #endif // DBG extern BOOLEAN LdrpImageHasTls; extern UNICODE_STRING LdrpDefaultPath; extern HANDLE LdrpKnownDllObjectDirectory; #define LDRP_MAX_KNOWN_PATH 128 extern WCHAR LdrpKnownDllPathBuffer[LDRP_MAX_KNOWN_PATH]; extern UNICODE_STRING LdrpKnownDllPath; extern PLDR_MANIFEST_PROBER_ROUTINE LdrpManifestProberRoutine; extern PLDR_APP_COMPAT_DLL_REDIRECTION_CALLBACK_FUNCTION LdrpAppCompatDllRedirectionCallbackFunction; extern PVOID LdrpAppCompatDllRedirectionCallbackData; extern PVOID LdrpHeap; extern RTL_CRITICAL_SECTION LdrpLoaderLock; extern PCUNICODE_STRING LdrpTopLevelDllBeingLoaded; extern PTEB LdrpTopLevelDllBeingLoadedTeb; extern BOOLEAN LdrpBreakOnExceptions; extern PLDR_DATA_TABLE_ENTRY LdrpNtDllDataTableEntry; extern PLDR_DATA_TABLE_ENTRY LdrpCurrentDllInitializer; extern BOOLEAN LdrpShowInitRoutines; extern BOOLEAN LdrpShowRecursiveDllLoads; extern BOOLEAN LdrpBreakOnRecursiveDllLoads; extern BOOLEAN LdrpLoaderLockAcquisionCount; extern BOOLEAN g_LdrBreakOnLdrpInitializeProcessFailure; extern PEB_LDR_DATA PebLdr; extern const UNICODE_STRING SlashSystem32SlashMscoreeDllString; extern const UNICODE_STRING SlashSystem32SlashString; extern const UNICODE_STRING MscoreeDllString; #define ASCII_CHAR_IS_N(_ch) (((_ch) == 'n') || ((_ch) == 'N')) #define ASCII_CHAR_IS_T(_ch) (((_ch) == 't') || ((_ch) == 'T')) #define ASCII_CHAR_IS_D(_ch) (((_ch) == 'd') || ((_ch) == 'D')) #define ASCII_CHAR_IS_L(_ch) (((_ch) == 'l') || ((_ch) == 'L')) #define ASCII_CHAR_IS_DOT(_ch) ((_ch) == '.') #define ASCII_STRING_IS_NTDLL(_p) \ ((_p) != NULL) && \ (((_p)->Length == (5 * sizeof(CHAR))) && \ (ASCII_CHAR_IS_N((_p)->Buffer[0]) && \ ASCII_CHAR_IS_T((_p)->Buffer[1]) && \ ASCII_CHAR_IS_D((_p)->Buffer[2]) && \ ASCII_CHAR_IS_L((_p)->Buffer[3]) && \ ASCII_CHAR_IS_L((_p)->Buffer[4])) || \ ((_p)->Length == ((5 + 1 + 3) * sizeof(CHAR))) && \ (ASCII_CHAR_IS_N((_p)->Buffer[0]) && \ ASCII_CHAR_IS_T((_p)->Buffer[1]) && \ ASCII_CHAR_IS_D((_p)->Buffer[2]) && \ ASCII_CHAR_IS_L((_p)->Buffer[3]) && \ ASCII_CHAR_IS_L((_p)->Buffer[4]) && \ ASCII_CHAR_IS_DOT((_p)->Buffer[5]) && \ ASCII_CHAR_IS_D((_p)->Buffer[6]) && \ ASCII_CHAR_IS_L((_p)->Buffer[7]) && \ ASCII_CHAR_IS_L((_p)->Buffer[8]))) // // NOTICE-2002/08/01-JayKrell // + 1 is to preserve that code was using 266 // after explaining why it should be 265. Note // that sizeof("") includes a nul. // DOS_MAX_PATH_LENGTH is 260 (Win32 MAX_PATH) // LDR_MAX_PATH is 266 // We will be removing path length limits in the // ldr in the future. // #define LDR_MAX_PATH (DOS_MAX_PATH_LENGTH + sizeof("\\??\\") + 1) extern LIST_ENTRY RtlpCalloutEntryList; #if defined(_AMD64_) || defined(_IA64_) extern LIST_ENTRY RtlpDynamicFunctionTable; #endif extern RTL_CRITICAL_SECTION RtlpCalloutEntryLock; typedef struct _LDRP_DLL_NOTIFICATION_BLOCK { LIST_ENTRY Links; PLDR_DLL_NOTIFICATION_FUNCTION NotificationFunction; PVOID Context; } LDRP_DLL_NOTIFICATION_BLOCK, *PLDRP_DLL_NOTIFICATION_BLOCK; // // Synchronized via LdrpLoaderLock // extern LIST_ENTRY LdrpDllNotificationList; #define LDR_NUMBER_OF(x) (sizeof(x) / sizeof((x)[0])) #if defined (BUILD_WOW6432) NTSTATUS LdrpWx86FormatVirtualImage( IN PCUNICODE_STRING DosImagePathName OPTIONAL, IN PIMAGE_NT_HEADERS32 NtHeaders, IN PVOID DllBase ); NTSTATUS LdrpWx86ProtectImagePages ( IN PVOID Base, IN BOOLEAN Reset ); NTSTATUS Wx86SetRelocatedSharedProtection ( IN PVOID Base, IN BOOLEAN Reset ); ULONG LdrpWx86RelocatedFixupDiff( IN PUCHAR ImageBase, IN PIMAGE_NT_HEADERS NtHeaders, IN ULONG Offset ); BOOLEAN LdrpWx86DllHasRelocatedSharedSection( IN PUCHAR ImageBase); NTSTATUS RtlpWow64GetNativeSystemInformation( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN PVOID NativeSystemInformation, IN ULONG InformationLength, OUT PULONG ReturnLength OPTIONAL ); #define NATIVE_PAGE_SIZE NativePageSize #define NATIVE_PAGE_SHIFT NativePageShift #define NATIVE_BYTES_TO_PAGES(Size) ((ULONG)((ULONG_PTR)(Size) >> NATIVE_PAGE_SHIFT) + \ (((ULONG)(Size) & (NATIVE_PAGE_SIZE - 1)) != 0)) #else #define NATIVE_PAGE_SIZE PAGE_SIZE #define NATIVE_PAGE_SHIFT PAGE_SHIFT #define NATIVE_BYTES_TO_PAGES(Size) BYTES_TO_PAGES(Size) #endif #if defined(_WIN64) || defined(BUILD_WOW6432) extern ULONG NativePageSize; extern ULONG NativePageShift; #endif VOID RtlpWaitForCriticalSection ( IN PRTL_CRITICAL_SECTION CriticalSection ); VOID RtlpUnWaitCriticalSection ( IN PRTL_CRITICAL_SECTION CriticalSection ); #define LDRP_HASH_TABLE_SIZE 32 #define LDRP_HASH_MASK (LDRP_HASH_TABLE_SIZE-1) #define LDRP_COMPUTE_HASH_INDEX(wch) ( (RtlUpcaseUnicodeChar((wch)) - (WCHAR)'A') & LDRP_HASH_MASK ) extern LIST_ENTRY LdrpHashTable[LDRP_HASH_TABLE_SIZE]; // LDRP_BAD_DLL Sundown: sign-extended value. #define LDRP_BAD_DLL LongToPtr(0xffbadd11) extern LIST_ENTRY LdrpDefaultPathCache; typedef struct _LDRP_PATH_CACHE { LIST_ENTRY Links; UNICODE_STRING Component; HANDLE Directory; } LDRP_PATH_CACHE, *PLDRP_PATH_CACHE; NTSTATUS LdrpSnapIAT( IN PLDR_DATA_TABLE_ENTRY LdrDataTableEntry_Export, IN PLDR_DATA_TABLE_ENTRY LdrDataTableEntry_Import, IN PCIMAGE_IMPORT_DESCRIPTOR ImportDescriptor, IN BOOLEAN SnapForwardersOnly ); NTSTATUS LdrpSnapThunk( IN PVOID DllBase, IN PVOID ImageBase, IN PIMAGE_THUNK_DATA OriginalThunk, IN OUT PIMAGE_THUNK_DATA Thunk, IN PCIMAGE_EXPORT_DIRECTORY ExportDirectory, IN ULONG ExportSize, IN BOOLEAN StaticSnap, IN PCSZ DllName OPTIONAL ); USHORT LdrpNameToOrdinal( IN PCSZ Name, IN ULONG NumberOfNames, IN PVOID DllBase, IN PULONG NameTableBase, IN PUSHORT NameOrdinalTableBase ); PLDR_DATA_TABLE_ENTRY LdrpAllocateDataTableEntry ( IN PVOID DllBase ); __forceinline VOID LdrpDeallocateDataTableEntry ( IN PLDR_DATA_TABLE_ENTRY Entry ) { ASSERT (Entry != NULL); RtlFreeHeap (LdrpHeap, 0, Entry); } VOID LdrpFinalizeAndDeallocateDataTableEntry ( IN PLDR_DATA_TABLE_ENTRY Entry ); BOOLEAN LdrpCheckForLoadedDll( IN PCWSTR DllPath OPTIONAL, IN PCUNICODE_STRING DllName, IN BOOLEAN StaticLink, IN BOOLEAN Redirected, OUT PLDR_DATA_TABLE_ENTRY *LdrDataTableEntry ); BOOLEAN LdrpCheckForLoadedDllHandle( IN PVOID DllHandle, OUT PLDR_DATA_TABLE_ENTRY *LdrDataTableEntry ); NTSTATUS LdrpMapDll( IN PCWSTR DllPath OPTIONAL, IN PCWSTR DllName, IN PULONG DllCharacteristics OPTIONAL, IN BOOLEAN StaticLink, IN BOOLEAN Redirected, OUT PLDR_DATA_TABLE_ENTRY *LdrDataTableEntry ); NTSTATUS LdrpWalkImportDescriptor( IN PCWSTR DllPath OPTIONAL, IN PLDR_DATA_TABLE_ENTRY LdrDataTableEntry ); NTSTATUS LdrpRunInitializeRoutines( IN PCONTEXT Context OPTIONAL ); int LdrpInitializeProcessWrapperFilter( IN const struct _EXCEPTION_POINTERS *ExceptionPointers ); int LdrpGenericExceptionFilter( IN const struct _EXCEPTION_POINTERS *ExceptionPointers, IN PCSZ FunctionName ); // // ISSUE-2000/11/20-mgrier // These functions are VOID because they should really never be able to fail. // // In the current implementation, they do perform ANSI -> UNICODE conversions // which may fail in the current code page (may have been changed since when // the DLL was loaded) and apply Fusion DLL redirection to DLLs which can // require a large filename buffer than is allocated on the stack. // // These cases are ignored for now. Both problems should be fixed by // reworking the LDR_DATA_TABLE_ENTRY to have an array of pointers to the // downstream LDR_DATA_TABLE_ENTRY structs and not have to do any work // later on, but that's a lot of work for now; the ANSI -> UNICODE thing // has been there for ages and in practice, the paths that Fusion // redirects to have to fix in DOS_MAX_PATH_LENGTH, so we'll emit some // debug spew in the failure case, but ignore the failures. // // I started both fixes (returning status or allocating the array // at dll load time) but neither are trivial. Returning a status will just // make FreeLibrary() fail and leave the refcounts of the DLLs after the // one that failed inconsistent. Allocating the array is nontrivial // to do it the right way where the LDR_DATA_TABLE_ENTRY and the array // are allocated in a single allocation, and having the loader make more // even heap allocations seems like the wrong thing to do. // /* VOID LdrpReferenceLoadedDll( IN PLDR_DATA_TABLE_ENTRY LdrDataTableEntry ); VOID LdrpDereferenceLoadedDll( IN PLDR_DATA_TABLE_ENTRY LdrDataTableEntry ); VOID LdrpPinLoadedDll( IN PLDR_DATA_TABLE_ENTRY LdrDataTableEntry ); */ #define LdrpReferenceLoadedDll(LdrDataTableEntry) LdrpUpdateLoadCount2((LdrDataTableEntry), LDRP_UPDATE_LOAD_COUNT_INCREMENT) #define LdrpDereferenceLoadedDll(LdrDataTableEntry) LdrpUpdateLoadCount2((LdrDataTableEntry), LDRP_UPDATE_LOAD_COUNT_DECREMENT) #define LdrpPinLoadedDll(LdrDataTableEntry) LdrpUpdateLoadCount2((LdrDataTableEntry), LDRP_UPDATE_LOAD_COUNT_PIN) #define LDRP_UPDATE_LOAD_COUNT_INCREMENT (1) #define LDRP_UPDATE_LOAD_COUNT_DECREMENT (2) #define LDRP_UPDATE_LOAD_COUNT_PIN (3) VOID LdrpUpdateLoadCount3( IN PLDR_DATA_TABLE_ENTRY LdrDataTableEntry, IN ULONG UpdateCountHow, IN OUT PUNICODE_STRING PreAllocatedRedirectionBuffer OPTIONAL ); VOID LdrpUpdateLoadCount2( IN PLDR_DATA_TABLE_ENTRY LdrDataTableEntry, IN ULONG UpdateCountHow ); NTSTATUS LdrpInitializeProcess( IN PCONTEXT Context OPTIONAL, IN PVOID SystemDllBase ); VOID LdrpInitialize( IN PCONTEXT Context, IN PVOID SystemArgument1, IN PVOID SystemArgument2 ); VOID LdrpInsertMemoryTableEntry( IN PLDR_DATA_TABLE_ENTRY LdrDataTableEntry ); NTSTATUS LdrpResolveDllName( IN PCWSTR DllPath OPTIONAL, IN PCWSTR DllName, IN BOOLEAN Redirected, OUT PUNICODE_STRING FullDllName, OUT PUNICODE_STRING BaseDllName, OUT PHANDLE DllFile ); NTSTATUS LdrpResolveDllNameForAppPrivateRedirection( IN PCUNICODE_STRING DllName, OUT PUNICODE_STRING FullDllName ); NTSTATUS LdrpCreateDllSection( IN PCUNICODE_STRING FullDllName, IN HANDLE DllFile, IN PULONG DllCharacteristics OPTIONAL, OUT PHANDLE SectionHandle ); VOID LdrpInitializePathCache( VOID ); PVOID LdrpFetchAddressOfEntryPoint( IN PVOID Base ); NTSTATUS LdrpCheckForKnownDll( IN PCWSTR DllName, OUT PUNICODE_STRING FullDllName, OUT PUNICODE_STRING BaseDllName, OUT HANDLE *Section ); NTSTATUS LdrpSetProtection ( IN PVOID Base, IN BOOLEAN Reset ); #if DBG extern ULONG LdrpCompareCount; extern ULONG LdrpSnapBypass; extern ULONG LdrpNormalSnap; extern ULONG LdrpSectionOpens; extern ULONG LdrpSectionCreates; extern ULONG LdrpSectionMaps; extern ULONG LdrpSectionRelocates; extern BOOLEAN LdrpDisplayLoadTime; extern LARGE_INTEGER BeginTime, InitcTime, InitbTime, IniteTime, EndTime, ElapsedTime, Interval; #endif // DBG extern BOOLEAN ShowSnaps; extern BOOLEAN ShowErrors; extern BOOLEAN RtlpTimoutDisable; extern LARGE_INTEGER RtlpTimeout; extern ULONG NtGlobalFlag; extern LIST_ENTRY RtlCriticalSectionList; extern RTL_CRITICAL_SECTION RtlCriticalSectionLock; extern BOOLEAN LdrpShutdownInProgress; extern BOOLEAN LdrpInLdrInit; extern BOOLEAN LdrpLdrDatabaseIsSetup; extern BOOLEAN LdrpVerifyDlls; extern BOOLEAN LdrpShutdownInProgress; extern BOOLEAN LdrpImageHasTls; extern PLDR_DATA_TABLE_ENTRY LdrpImageEntry; extern LIST_ENTRY LdrpUnloadHead; extern BOOLEAN LdrpActiveUnloadCount; extern PLDR_DATA_TABLE_ENTRY LdrpGetModuleHandleCache; extern PLDR_DATA_TABLE_ENTRY LdrpLoadedDllHandleCache; extern ULONG LdrpFatalHardErrorCount; extern UNICODE_STRING LdrpDefaultPath; extern RTL_CRITICAL_SECTION FastPebLock; extern HANDLE LdrpShutdownThreadId; extern ULONG LdrpNumberOfProcessors; extern UNICODE_STRING DefaultExtension; extern UNICODE_STRING User32String; extern UNICODE_STRING Kernel32String; typedef struct _LDRP_TLS_ENTRY { LIST_ENTRY Links; IMAGE_TLS_DIRECTORY Tls; } LDRP_TLS_ENTRY, *PLDRP_TLS_ENTRY; extern LIST_ENTRY LdrpTlsList; extern ULONG LdrpNumberOfTlsEntries; NTSTATUS LdrpInitializeTls( VOID ); NTSTATUS LdrpAllocateTls( VOID ); VOID LdrpFreeTls( VOID ); VOID LdrpCallTlsInitializers( PVOID DllBase, ULONG Reason ); NTSTATUS LdrpAllocateUnicodeString( OUT PUNICODE_STRING StringOut, IN USHORT Length ); NTSTATUS LdrpCopyUnicodeString( OUT PUNICODE_STRING StringOut, IN PCUNICODE_STRING StringIn ); VOID LdrpFreeUnicodeString( IN OUT PUNICODE_STRING String ); VOID LdrpEnsureLoaderLockIsHeld( VOID ); #define LDRP_LOAD_DLL_FLAG_DLL_IS_REDIRECTED (0x00000001) NTSTATUS LdrpLoadDll( IN ULONG Flags OPTIONAL, IN PCWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PCUNICODE_STRING DllName, OUT PVOID *DllHandle, IN BOOLEAN RunInitRoutines ); NTSTATUS NTAPI LdrpGetProcedureAddress( IN PVOID DllHandle, IN CONST ANSI_STRING* ProcedureName OPTIONAL, IN ULONG ProcedureNumber OPTIONAL, OUT PVOID *ProcedureAddress, IN BOOLEAN RunInitRoutines ); PLIST_ENTRY RtlpLockProcessHeapsList( VOID ); VOID RtlpUnlockProcessHeapsList( VOID ); BOOLEAN RtlpSerializeHeap( IN PVOID HeapHandle ); ULONG NtdllBaseTag; #define MAKE_TAG( t ) (RTL_HEAP_MAKE_TAG( NtdllBaseTag, (t) )) #define CSR_TAG 0 #define LDR_TAG 1 #define CURDIR_TAG 2 #define TLS_TAG 3 #define DBG_TAG 4 #define SE_TAG 5 #define TEMP_TAG 6 #define ATOM_TAG 7 PVOID LdrpDefineDllTag( PWSTR TagName, PUSHORT TagIndex ); #define LDRP_ACTIVATE_ACTIVATION_CONTEXT(LdrpDllActivateActivationContext_TableEntry) \ { \ RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME LdrpDllActivateActivationContext_ActivationFrame = \ { sizeof(LdrpDllActivateActivationContext_ActivationFrame), \ RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER \ }; \ \ RtlActivateActivationContextUnsafeFast(&LdrpDllActivateActivationContext_ActivationFrame, (LdrpDllActivateActivationContext_TableEntry)->EntryPointActivationContext); \ __try { #define LDRP_DEACTIVATE_ACTIVATION_CONTEXT() \ } __finally { \ RtlDeactivateActivationContextUnsafeFast(&LdrpDllActivateActivationContext_ActivationFrame); \ } \ } #if defined(_X86_) BOOLEAN LdrpCallInitRoutine( IN PDLL_INIT_ROUTINE InitRoutine, IN PVOID DllHandle, IN ULONG Reason, IN PCONTEXT Context OPTIONAL ); #else #define LdrpCallInitRoutine(InitRoutine, DllHandle, Reason, Context) \ (InitRoutine)((DllHandle), (Reason), (Context)) #endif NTSTATUS LdrpCorValidateImage( IN OUT PVOID *pImageBase, IN LPWSTR ImageName ); VOID LdrpCorUnloadImage( IN PVOID ImageBase ); VOID LdrpCorReplaceStartContext( IN PCONTEXT Context ); typedef VOID (*PCOR_EXE_MAIN)(VOID); extern PCOR_EXE_MAIN CorExeMain; VOID LdrpSendDllNotifications ( IN PLDR_DATA_TABLE_ENTRY Entry, IN ULONG NotificationType, IN ULONG Flags ); // // The prototypes for the shim engine callback // typedef void (*PFNSE_INSTALLBEFOREINIT)(PUNICODE_STRING UnicodeImageName, PVOID pShimExeData); typedef BOOLEAN (*PFNSE_INSTALLAFTERINIT)(PUNICODE_STRING UnicodeImageName, PVOID pShimExeData); typedef void (*PFNSE_DLLLOADED)(PLDR_DATA_TABLE_ENTRY LdrEntry); typedef void (*PFNSE_DLLUNLOADED)(PLDR_DATA_TABLE_ENTRY LdrEntry); typedef void (*PFNSE_GETPROCADDRESS)(PVOID* pProcAddress); typedef int (*PFNSE_ISSHIMDLL)(PVOID pDllBase); typedef void (*PFNSE_PROCESSDYING)(void); // // Private function from ntos\rtl\stktrace.c needed to pickup the real address // of a stack trace given an index. // PVOID RtlpGetStackTraceAddress ( USHORT Index ); // // Function defined in ntos\rtl\stktrace.c needed to speedup // RtlCaptureStackContext on x86. // VOID RtlpStkMarkDllRange ( PLDR_DATA_TABLE_ENTRY DllEntry ); // // resource.c // extern BOOLEAN RtlpCriticalSectionVerifier; BOOLEAN RtlpCreateCriticalSectionSem( IN PRTL_CRITICAL_SECTION CriticalSection ); // // Application verifier // #include "avrfp.h" // // Hot-patching // #include "hotpatch.h" NTSTATUS LdrpRundownHotpatchList( PRTL_PATCH_HEADER PatchHead ); typedef NTSTATUS (NTAPI * PKERNEL32_PROCESS_INIT_POST_IMPORT_FUNCTION)(VOID); extern PKERNEL32_PROCESS_INIT_POST_IMPORT_FUNCTION Kernel32ProcessInitPostImportFunction; #endif // _LDRP_