archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/base/tools/pperf/app/thunk.c

868 lines
21 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. #include <nt.h>
  2. #include <ntrtl.h>
  3. #include <nturtl.h>
  4. #include <windows.h>
  5. #include <errno.h>
  6. #include <malloc.h>
  7. #include <stdlib.h>
  8. #include <stdio.h>
  9. #include "pperf.h"
  10. #include "..\pstat.h"
  13. extern HANDLE DriverHandle;
  14. extern UCHAR Buffer[];
  15. #define BufferSize 60000
  17. typedef struct NameList {
  18. struct NameList *Next;
  19. ULONG Parm;
  20. struct NameList *ChildList;
  21. PUCHAR Name;
  22. } NAME_LIST, *PNAME_LIST;
  24. PNAME_LIST DriverList;
  25. PNAME_LIST ActiveThunks;
  27. PNAME_LIST SourceModule, ImportModule;
  29. #define COMBOCMD(a,b) ((a << 16) | b)
  32. NTSTATUS
  33. openfile (
  34. IN PHANDLE filehandle,
  35. IN PUCHAR BasePath,
  36. IN PUCHAR Name
  37. );
  39. VOID
  40. readfile (
  41. HANDLE handle,
  42. ULONG offset,
  43. ULONG len,
  44. PVOID buffer
  45. );
  47. ULONG
  48. ConvertImportAddress (
  49. IN ULONG ImageRelativeAddress,
  50. IN ULONG PoolAddress,
  51. IN PIMAGE_SECTION_HEADER SectionHeader
  52. );
  54. VOID ThunkCreateDriverList (VOID);
  55. #define IMPADDRESS(a) ConvertImportAddress((ULONG)a, (ULONG)Buffer, &SectionHeader)
  57. ULONG HookThunk (PNAME_LIST, PNAME_LIST, PNAME_LIST);
  58. VOID SnapPrivateInfo (PDISPLAY_ITEM);
  59. VOID NameList2ComboBox (HWND hDlg, ULONG id, PNAME_LIST List);
  60. PNAME_LIST AddNameEntry (PNAME_LIST *head, PUCHAR name, ULONG Parm);
  61. VOID FreeNameList (PNAME_LIST List);
  62. PNAME_LIST GetComboSelection (HWND h, ULONG id);
  63. VOID NameList2ListBox (HWND hDlg, ULONG id, PNAME_LIST List);
  64. VOID loadimagedir (PUCHAR, ULONG, PIMAGE_SECTION_HEADER);
  65. VOID RemoveHook (HWND hDlg);
  66. VOID ClearAllHooks (HWND hDlg);
  67. VOID AddThunk (HWND hDlg);
  68. VOID loadexports (PNAME_LIST Driver, PNAME_LIST Item);
  72. //#define IDM_THUNK_LIST 301
  73. //#define IDM_THUNK_SOURCE 302
  74. //#define IDM_THUNK_IMPORT 303
  75. //#define IDM_THUNK_FUNCTION 304
  76. //#define IDM_THUNK_ADD 305
  77. //#define IDM_THUNK_REMOVE 306
  79. BOOL
  80. APIENTRY ThunkDlgProc(
  81. HWND hDlg,
  82. unsigned message,
  83. DWORD wParam,
  84. LONG lParam
  85. )
  86. {
  87. PNAME_LIST Item;
  89. switch (message) {
  90. case WM_INITDIALOG:
  91. SourceModule = NULL;
  92. ImportModule = NULL;
  93. ThunkCreateDriverList ();
  94. NameList2ComboBox (hDlg, IDM_THUNK_SOURCE, DriverList);
  95. NameList2ListBox (hDlg, IDM_THUNK_LIST, ActiveThunks);
  96. return (TRUE);
  98. case WM_COMMAND:
  99. switch(wParam) {
  101. //
  102. // end function
  103. //
  105. case COMBOCMD (CBN_SELCHANGE, IDM_THUNK_SOURCE):
  106. case COMBOCMD (CBN_SELCHANGE, IDM_THUNK_IMPORT):
  107. Item = GetComboSelection (hDlg, IDM_THUNK_SOURCE);
  108. if (Item && Item != SourceModule) {
  109. SourceModule = Item;
  110. NameList2ComboBox (hDlg, IDM_THUNK_IMPORT, Item->ChildList);
  111. }
  113. Item = GetComboSelection (hDlg, IDM_THUNK_IMPORT);
  114. if (Item && Item != ImportModule) {
  115. ImportModule = Item;
  116. NameList2ComboBox (hDlg, IDM_THUNK_FUNCTION, Item->ChildList);
  117. }
  119. break;
  121. case IDM_THUNK_REMOVE:
  122. RemoveHook (hDlg);
  123. break;
  125. case IDM_THUNK_CLEAR_ALL:
  126. ClearAllHooks (hDlg);
  127. break;
  129. case IDM_THUNK_ADD:
  130. AddThunk (hDlg);
  131. break;
  133. case IDOK:
  134. case IDCANCEL:
  135. //DlgThunkData (hDlg);
  136. FreeNameList (DriverList);
  137. DriverList = NULL;
  138. EndDialog(hDlg, DIALOG_SUCCESS);
  139. return (TRUE);
  140. }
  142. }
  143. return (FALSE);
  144. }
  146. VOID AddThunk (HWND hDlg)
  147. {
  148. PDISPLAY_ITEM pPerf;
  149. PNAME_LIST Item;
  150. ULONG id, i;
  151. PUCHAR p;
  152. HWND thunklist;
  154. id = 0;
  155. Item = GetComboSelection (hDlg, IDM_THUNK_FUNCTION);
  156. if (Item && SourceModule && ImportModule) {
  157. id = HookThunk (SourceModule, ImportModule, Item);
  158. }
  160. if (!id) {
  161. MessageBox(hDlg,"Thunk was not hooked","Hook error",MB_OK);
  162. return;
  163. }
  165. pPerf = AllocateDisplayItem();
  167. //
  168. // build name (the hard way?)
  169. //
  171. strcpy (pPerf->PerfName, Item->Name);
  172. strcat (pPerf->PerfName, "(");
  173. strcat (pPerf->PerfName, SourceModule->Name);
  174. for (p=pPerf->PerfName; *p; p++) {
  175. if (*p == '.')
  176. *p = 0;
  177. }
  178. strcat (pPerf->PerfName, ">");
  179. strcat (pPerf->PerfName, ImportModule->Name);
  180. for (p=pPerf->PerfName; *p; p++) {
  181. if (*p == '.')
  182. *p = 0;
  183. }
  184. strcat (pPerf->PerfName, ")");
  186. //
  187. // Add to thunk list
  188. //
  190. Item = malloc (sizeof (NAME_LIST));
  191. if (Item == NULL) {
  192. printf("Memory allocation failed.\n");
  193. exit(1);
  194. }
  196. Item->Name = _strdup (pPerf->PerfName);
  197. Item->Parm = (ULONG) pPerf;
  198. Item->ChildList = NULL;
  199. Item->Next = ActiveThunks;
  200. ActiveThunks = Item;
  201. pPerf->SnapParam2 = id;
  203. // bugbug
  204. NameList2ListBox (hDlg, IDM_THUNK_LIST, ActiveThunks);
  206. //
  207. // Add graph to windows
  208. //
  210. pPerf->SnapData = SnapPrivateInfo; // generic snap
  211. pPerf->SnapParam1 = OFFSET(PSTATS, ThunkCounters[id-1]);
  213. SetDisplayToTrue (pPerf, 99);
  214. RefitWindows(NULL, NULL);
  215. UpdateInternalStats ();
  216. pPerf->SnapData (pPerf);
  217. UpdateInternalStats ();
  218. pPerf->SnapData (pPerf);
  219. }
  221. VOID ClearAllHooks (HWND hDlg)
  222. {
  223. PDISPLAY_ITEM pPerf;
  224. IO_STATUS_BLOCK IOSB;
  225. ULONG id;
  226. PNAME_LIST Item;
  228. while (ActiveThunks) {
  229. pPerf = (PDISPLAY_ITEM) ActiveThunks->Parm;
  230. Item = ActiveThunks;
  231. ActiveThunks = ActiveThunks->Next;
  233. free (Item->Name);
  234. free (Item);
  236. id = pPerf->SnapParam2;
  238. SetDisplayToFalse (pPerf); // remove window
  239. FreeDisplayItem (pPerf);
  241. // notify driver
  242. NtDeviceIoControlFile(
  243. DriverHandle,
  244. (HANDLE) NULL, // event
  245. (PIO_APC_ROUTINE) NULL,
  246. (PVOID) NULL,
  247. &IOSB,
  248. PSTAT_REMOVE_HOOK,
  249. &id, // input buffer
  250. sizeof (ULONG),
  251. NULL, // output buffer
  252. 0
  253. );
  254. }
  256. NameList2ListBox (hDlg, IDM_THUNK_LIST, ActiveThunks);
  257. RefitWindows (NULL, NULL);
  258. }
  260. VOID RemoveHook (HWND hDlg)
  261. {
  262. ULONG i, id;
  263. HWND ListBox;
  264. PNAME_LIST Item, *pp;
  265. PDISPLAY_ITEM pPerf;
  266. IO_STATUS_BLOCK IOSB;
  268. ListBox = GetDlgItem(hDlg, IDM_THUNK_LIST);
  269. i = SendMessage(ListBox, LB_GETCURSEL, 0, 0);
  270. if (i == -1) {
  271. return;
  272. }
  274. pPerf = (PDISPLAY_ITEM) SendMessage(ListBox, LB_GETITEMDATA, i, 0);
  276. Item = NULL;
  277. for (pp = &ActiveThunks; *pp; pp = &(*pp)->Next) {
  278. if ((*pp)->Parm == (ULONG)pPerf) {
  279. Item = *pp;
  280. *pp = (*pp)->Next; // remove from list
  281. break ;
  282. }
  283. }
  285. if (!Item) {
  286. return ;
  287. }
  289. free (Item->Name);
  290. free (Item);
  292. id = pPerf->SnapParam2;
  293. SetDisplayToFalse (pPerf); // remove window
  294. FreeDisplayItem (pPerf);
  296. // notify driver
  297. NtDeviceIoControlFile(
  298. DriverHandle,
  299. (HANDLE) NULL, // event
  300. (PIO_APC_ROUTINE) NULL,
  301. (PVOID) NULL,
  302. &IOSB,
  303. PSTAT_REMOVE_HOOK,
  304. &id, // input buffer
  305. sizeof (ULONG),
  306. NULL, // output buffer
  307. 0
  308. );
  310. NameList2ListBox (hDlg, IDM_THUNK_LIST, ActiveThunks);
  311. RefitWindows (NULL, NULL);
  312. }
  314. VOID
  315. NameList2ListBox (HWND hDlg, ULONG id, PNAME_LIST List)
  316. {
  317. HWND ListBox;
  318. ULONG nIndex;
  320. ListBox = GetDlgItem(hDlg, id);
  321. SendMessage(ListBox, LB_RESETCONTENT, 0, 0);
  322. SendMessage(ListBox, LB_SETITEMDATA, 0L, 0L);
  324. while (List) {
  325. nIndex = SendMessage(ListBox, LB_ADDSTRING, 0, (LPARAM)List->Name);
  326. SendMessage(ListBox, LB_SETITEMDATA, nIndex, List->Parm);
  327. List = List->Next;
  328. }
  329. }
  331. VOID
  332. NameList2ComboBox (HWND hDlg, ULONG id, PNAME_LIST List)
  333. {
  334. HWND ComboList;
  335. ULONG nIndex;
  337. ComboList = GetDlgItem(hDlg, id);
  338. SendMessage(ComboList, CB_RESETCONTENT, 0, 0);
  339. SendMessage(ComboList, CB_SETITEMDATA, 0L, 0L);
  341. while (List) {
  342. nIndex = SendMessage(ComboList, CB_ADDSTRING, 0, (LPARAM)List->Name);
  343. SendMessage(ComboList, CB_SETITEMDATA, nIndex, (ULONG) List);
  344. List = List->Next;
  345. }
  347. SendMessage(ComboList, CB_SETCURSEL, 0, 0L);
  348. }
  350. PNAME_LIST
  351. GetComboSelection (HWND hDlg, ULONG id)
  352. {
  353. ULONG i;
  354. HWND ComboList;
  356. ComboList = GetDlgItem(hDlg, id);
  357. i = SendMessage(ComboList, CB_GETCURSEL, 0, 0);
  358. if (i == -1) {
  359. return NULL;
  360. }
  361. return (PNAME_LIST) SendMessage(ComboList, CB_GETITEMDATA, i, 0);
  362. }
  364. VOID
  365. FreeNameList (PNAME_LIST List)
  366. {
  367. PNAME_LIST p1;
  369. while (List) {
  370. if (List->ChildList)
  371. FreeNameList (List->ChildList);
  373. p1 = List->Next;
  374. free (List->Name);
  375. free (List);
  376. List = p1;
  377. }
  378. }
  381. ULONG
  382. HookThunk (PNAME_LIST HookSource, PNAME_LIST TargetModule, PNAME_LIST Function)
  383. {
  384. PNAME_LIST SourceModule;
  385. IO_STATUS_BLOCK IOSB;
  386. HOOKTHUNK HookData;
  387. ULONG TracerId;
  388. NTSTATUS status;
  391. TracerId = 0;
  392. for (SourceModule=DriverList; SourceModule; SourceModule = SourceModule->Next) {
  393. if (SourceModule->Parm == -1) {
  394. continue;
  395. }
  396. if (SourceModule->Parm != HookSource->Parm &&
  397. HookSource->Parm != -1) {
  398. continue;
  399. }
  401. HookData.SourceModule = SourceModule->Name;
  402. HookData.ImageBase = SourceModule->Parm;
  403. HookData.TargetModule = TargetModule->Name;
  404. HookData.Function = Function->Name;
  405. HookData.TracerId = TracerId;
  407. //
  408. // Ask driver to hook this thunk
  409. //
  411. status = NtDeviceIoControlFile(
  412. DriverHandle,
  413. (HANDLE) NULL, // event
  414. (PIO_APC_ROUTINE) NULL,
  415. (PVOID) NULL,
  416. &IOSB,
  417. PSTAT_HOOK_THUNK,
  418. &HookData, // input buffer
  419. sizeof (HookData),
  420. NULL, // output buffer
  421. 0
  422. );
  424. if (NT_SUCCESS(status)) {
  425. TracerId = HookData.TracerId;
  426. }
  427. }
  429. return TracerId;
  430. }
  432. VOID
  433. ThunkCreateDriverList ()
  434. {
  435. ULONG i;
  436. PRTL_PROCESS_MODULES Modules;
  437. PRTL_PROCESS_MODULE_INFORMATION Module;
  438. NTSTATUS status;
  439. PNAME_LIST Driver, Import, Item, AbortState;
  440. PIMAGE_IMPORT_DESCRIPTOR ImpDescriptor;
  441. IMAGE_SECTION_HEADER SectionHeader;
  442. ULONG ThunkAddr, ThunkData;
  444. //
  445. // Query driver list
  446. //
  448. status = NtQuerySystemInformation (
  449. SystemModuleInformation,
  450. Buffer,
  451. BufferSize,
  452. &i);
  454. if (!NT_SUCCESS(status)) {
  455. return;
  456. }
  458. //
  459. // Add drivers
  460. //
  462. Modules = (PRTL_PROCESS_MODULES) Buffer;
  463. Module = &Modules->Modules[ 0 ];
  464. for (i = 0; i < Modules->NumberOfModules; i++) {
  465. Driver = AddNameEntry (
  466. &DriverList,
  467. Module->FullPathName + Module->OffsetToFileName,
  468. (ULONG) Module->ImageBase
  469. );
  470. Module++;
  471. }
  473. //
  474. // Add imports for each driver
  475. //
  477. for (Driver = DriverList; Driver; Driver = Driver->Next) {
  478. try {
  480. //
  481. // Read in source image's headers
  482. //
  483. AbortState = Driver;
  484. loadimagedir (Driver->Name, IMAGE_DIRECTORY_ENTRY_IMPORT, &SectionHeader);
  486. //
  487. // Go through each import module
  488. //
  490. ImpDescriptor = (PIMAGE_IMPORT_DESCRIPTOR) Buffer;
  491. while (ImpDescriptor->Characteristics) {
  493. AbortState = Driver;
  495. //
  496. // Add this import to driver's list
  497. //
  499. Import = AddNameEntry (
  500. &Driver->ChildList,
  501. (PUCHAR) IMPADDRESS(ImpDescriptor->Name),
  502. 1
  503. );
  505. AbortState = Import;
  507. //
  508. // Go through each function for the import module
  509. //
  511. ThunkAddr = IMPADDRESS (ImpDescriptor->OriginalFirstThunk);
  512. for (; ;) {
  513. ThunkData = (ULONG)((PIMAGE_THUNK_DATA) ThunkAddr)->u1.AddressOfData;
  514. if (ThunkData == 0) {
  515. // end of table
  516. break;
  517. }
  519. //
  520. // Add this function to import list
  521. //
  523. AddNameEntry (
  524. &Import->ChildList,
  525. ((PIMAGE_IMPORT_BY_NAME) IMPADDRESS(ThunkData))->Name,
  526. 0
  527. );
  529. // next thunk
  530. ThunkAddr += sizeof (IMAGE_THUNK_DATA);
  531. }
  533. // next import table
  534. ImpDescriptor++;
  535. }
  537. } except(EXCEPTION_EXECUTE_HANDLER) {
  538. AddNameEntry(&AbortState->ChildList, "* ERROR *", 1);
  539. }
  540. // next driver
  541. }
  543. //
  544. // Add "Any driver" selection
  545. //
  547. Driver = AddNameEntry(&DriverList, "*Any", (ULONG)-1);
  549. //
  550. // For child module list use complete driver list, which is
  551. // now on the next pointer of Driver.
  552. //
  554. for (Item = Driver->Next; Item; Item = Item->Next) {
  556. // bogus compiler - need to make a subfunction here to keep
  557. // the compiler happy
  559. loadexports (Driver, Item);
  560. }
  561. }
  563. VOID loadexports (PNAME_LIST Driver, PNAME_LIST Item)
  564. {
  565. IMAGE_SECTION_HEADER SectionHeader;
  566. PIMAGE_EXPORT_DIRECTORY ExpDirectory;
  567. PULONG ExpNameAddr;
  568. PNAME_LIST Import;
  569. ULONG i;
  572. try {
  573. loadimagedir (
  574. Item->Name,
  575. IMAGE_DIRECTORY_ENTRY_EXPORT,
  576. &SectionHeader
  577. );
  578. } except(EXCEPTION_EXECUTE_HANDLER) {
  579. return ;
  580. }
  582. Import = AddNameEntry (&Driver->ChildList, Item->Name, Item->Parm);
  584. try {
  585. ExpDirectory = (PIMAGE_EXPORT_DIRECTORY) Buffer;
  586. ExpNameAddr = (PULONG)IMPADDRESS (ExpDirectory->AddressOfNames);
  587. for (i=0; i < ExpDirectory->NumberOfNames; i++) {
  588. AddNameEntry (
  589. &Import->ChildList,
  590. (PUCHAR) IMPADDRESS(*ExpNameAddr),
  591. 0
  592. );
  593. ExpNameAddr++;
  594. }
  595. } except(EXCEPTION_EXECUTE_HANDLER) {
  596. AddNameEntry(&Import->ChildList, "* ERROR *", 1);
  597. }
  598. }
  600. VOID
  601. loadimagedir (
  602. IN PUCHAR filename,
  603. IN ULONG dirno,
  604. OUT PIMAGE_SECTION_HEADER SectionHeader
  605. )
  606. {
  607. HANDLE filehandle;
  608. ULONG i, j, Dir;
  609. NTSTATUS status;
  610. IMAGE_DOS_HEADER DosImageHeader;
  611. IMAGE_NT_HEADERS NtImageHeader;
  612. PIMAGE_SECTION_HEADER pSectionHeader;
  614. status = openfile (&filehandle, "\\SystemRoot\\", filename);
  615. if (!NT_SUCCESS(status)) {
  616. status = openfile (&filehandle, "\\SystemRoot\\System32\\", filename);
  617. }
  618. if (!NT_SUCCESS(status)) {
  619. status = openfile (&filehandle, "\\SystemRoot\\System32\\Drivers\\", filename);
  620. }
  622. if (!NT_SUCCESS(status)) {
  623. RtlRaiseStatus (1);
  624. }
  626. try {
  627. readfile (
  628. filehandle,
  629. 0,
  630. sizeof (DosImageHeader),
  631. (PVOID) &DosImageHeader
  632. );
  634. if (DosImageHeader.e_magic != IMAGE_DOS_SIGNATURE) {
  635. RtlRaiseStatus (1);
  636. }
  638. readfile (
  639. filehandle,
  640. DosImageHeader.e_lfanew,
  641. sizeof (NtImageHeader),
  642. (PVOID) &NtImageHeader
  643. );
  645. if (NtImageHeader.Signature != IMAGE_NT_SIGNATURE) {
  646. RtlRaiseStatus (1);
  647. }
  649. //
  650. // read in complete sections headers from image
  651. //
  653. i = NtImageHeader.FileHeader.NumberOfSections
  654. * sizeof (IMAGE_SECTION_HEADER);
  656. j = ((ULONG) IMAGE_FIRST_SECTION (&NtImageHeader)) -
  657. ((ULONG) &NtImageHeader) +
  658. DosImageHeader.e_lfanew;
  660. if (i > BufferSize) {
  661. RtlRaiseStatus (1);
  662. }
  664. readfile (
  665. filehandle,
  666. j, // file offset
  667. i, // length
  668. Buffer
  669. );
  671. //
  672. // Find section with import directory
  673. //
  675. Dir = NtImageHeader.OptionalHeader.DataDirectory[dirno].VirtualAddress;
  676. i = 0;
  677. pSectionHeader = (PIMAGE_SECTION_HEADER)Buffer;
  678. for (; ;) {
  679. if (i >= NtImageHeader.FileHeader.NumberOfSections) {
  680. RtlRaiseStatus (1);
  681. }
  682. if (pSectionHeader->VirtualAddress <= Dir &&
  683. pSectionHeader->VirtualAddress + pSectionHeader->SizeOfRawData > Dir) {
  684. break;
  685. }
  686. i += 1;
  687. pSectionHeader += 1;
  688. }
  690. Dir -= pSectionHeader->VirtualAddress;
  691. pSectionHeader->VirtualAddress += Dir;
  692. pSectionHeader->PointerToRawData += Dir;
  693. pSectionHeader->SizeOfRawData -= Dir;
  695. *SectionHeader = *pSectionHeader;
  697. //
  698. // read in complete export section from image
  699. //
  701. if (SectionHeader->SizeOfRawData > BufferSize) {
  702. RtlRaiseStatus (1);
  703. }
  705. readfile (
  706. filehandle,
  707. SectionHeader->PointerToRawData,
  708. SectionHeader->SizeOfRawData,
  709. Buffer
  710. );
  711. } finally {
  713. //
  714. // Clean up
  715. //
  717. NtClose (filehandle);
  718. }
  719. }
  721. PNAME_LIST
  722. AddNameEntry (PNAME_LIST *head, PUCHAR name, ULONG Parm)
  723. {
  724. PNAME_LIST Entry;
  726. Entry = malloc (sizeof (NAME_LIST));
  727. if (Entry == NULL) {
  728. printf("Memory allocation failed.\n");
  729. exit(1);
  730. }
  732. Entry->Name = _strdup (name);
  733. if (Entry->Name == NULL) {
  734. printf("Memory allocation failed.\n");
  735. exit(1);
  736. }
  738. Entry->Parm = Parm;
  739. Entry->ChildList = NULL;
  741. if (Parm) {
  742. _strlwr (Entry->Name);
  743. }
  745. Entry->Next = *head;
  746. *head = Entry;
  748. return Entry;
  749. }
  751. NTSTATUS
  752. openfile (
  753. IN PHANDLE filehandle,
  754. IN PUCHAR BasePath,
  755. IN PUCHAR Name
  756. )
  757. {
  758. ANSI_STRING AscBasePath, AscName;
  759. UNICODE_STRING UniPathName, UniName;
  760. NTSTATUS status;
  761. OBJECT_ATTRIBUTES ObjA;
  762. IO_STATUS_BLOCK IOSB;
  763. UCHAR StringBuf[500];
  765. //
  766. // Build name
  767. //
  769. UniPathName.Buffer = (PWCHAR)StringBuf;
  770. UniPathName.Length = 0;
  771. UniPathName.MaximumLength = sizeof( StringBuf );
  773. RtlInitString(&AscBasePath, BasePath);
  774. status = RtlAnsiStringToUnicodeString( &UniPathName, &AscBasePath, FALSE );
  775. if (!NT_SUCCESS(status)) {
  776. return status;
  777. }
  779. RtlInitString(&AscName, Name);
  780. status = RtlAnsiStringToUnicodeString( &UniName, &AscName, TRUE );
  781. if (!NT_SUCCESS(status)) {
  782. return status;
  783. }
  785. status = RtlAppendUnicodeStringToString (&UniPathName, &UniName);
  786. if (!NT_SUCCESS(status)) {
  787. RtlFreeUnicodeString (&UniName);
  788. return status;
  789. }
  791. InitializeObjectAttributes(
  792. &ObjA,
  793. &UniPathName,
  794. OBJ_CASE_INSENSITIVE,
  795. 0,
  796. 0 );
  798. //
  799. // open file
  800. //
  802. status = NtOpenFile (
  803. filehandle, // return handle
  804. SYNCHRONIZE | FILE_READ_DATA, // desired access
  805. &ObjA, // Object
  806. &IOSB, // io status block
  807. FILE_SHARE_READ | FILE_SHARE_WRITE, // share access
  808. FILE_SYNCHRONOUS_IO_ALERT // open options
  809. );
  811. RtlFreeUnicodeString (&UniName);
  812. return status;
  813. }
  818. VOID
  819. readfile (
  820. HANDLE handle,
  821. ULONG offset,
  822. ULONG len,
  823. PVOID buffer
  824. )
  825. {
  826. NTSTATUS status;
  827. IO_STATUS_BLOCK iosb;
  828. LARGE_INTEGER foffset;
  830. foffset = RtlConvertUlongToLargeInteger(offset);
  832. status = NtReadFile (
  833. handle,
  834. NULL, // event
  835. NULL, // apc routine
  836. NULL, // apc context
  837. &iosb,
  838. buffer,
  839. len,
  840. &foffset,
  841. NULL
  842. );
  844. if (!NT_SUCCESS(status)) {
  845. RtlRaiseStatus (1);
  846. }
  847. }
  849. ULONG
  850. ConvertImportAddress (
  851. IN ULONG ImageRelativeAddress,
  852. IN ULONG PoolAddress,
  853. IN PIMAGE_SECTION_HEADER SectionHeader
  854. )
  855. {
  856. ULONG EffectiveAddress;
  858. EffectiveAddress = PoolAddress + ImageRelativeAddress -
  859. SectionHeader->VirtualAddress;
  861. if (EffectiveAddress < PoolAddress ||
  862. EffectiveAddress > PoolAddress + SectionHeader->SizeOfRawData) {
  864. RtlRaiseStatus (1);
  865. }
  867. return EffectiveAddress;
  868. }