mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
126 lines
3.9 KiB
126 lines
3.9 KiB
//
|
|
// DelayImp.c
|
|
//
|
|
// define structures and prototypes necessary for delay loading of imports
|
|
//
|
|
|
|
#include "windows.h"
|
|
|
|
typedef IMAGE_THUNK_DATA * PImgThunkData;
|
|
typedef const IMAGE_THUNK_DATA * PCImgThunkData;
|
|
typedef DWORD RVA;
|
|
|
|
typedef struct ImgDelayDescrV2 {
|
|
DWORD grAttrs; // attributes
|
|
RVA rvaDLLName; // RVA to dll name
|
|
RVA rvaHmod; // RVA of module handle
|
|
RVA rvaIAT; // RVA of the IAT
|
|
RVA rvaINT; // RVA of the INT
|
|
RVA rvaBoundIAT; // RVA of the optional bound IAT
|
|
RVA rvaUnloadIAT; // RVA of optional copy of original IAT
|
|
DWORD dwTimeStamp; // 0 if not bound,
|
|
// O.W. date/time stamp of DLL bound to (Old BIND)
|
|
} ImgDelayDescrV2, * PImgDelayDescrV2;
|
|
|
|
typedef ImgDelayDescrV2 ImgDelayDescr;
|
|
typedef PImgDelayDescrV2 PImgDelayDescr;
|
|
|
|
typedef const ImgDelayDescr * PCImgDelayDescr;
|
|
|
|
enum DLAttr { // Delay Load Attributes
|
|
dlattrRva = 0x1, // RVAs are used instead of pointers
|
|
};
|
|
|
|
//
|
|
// Delay load import hook notifications
|
|
//
|
|
enum {
|
|
dliStartProcessing, // used to bypass or note helper only
|
|
dliNotePreLoadLibrary, // called just before LoadLibrary, can
|
|
// override w/ new HMODULE return val
|
|
dliNotePreGetProcAddress, // called just before GetProcAddress, can
|
|
// override w/ new FARPROC return value
|
|
dliFailLoadLib, // failed to load library, fix it by
|
|
// returning a valid HMODULE
|
|
dliFailGetProc, // failed to get proc address, fix it by
|
|
// returning a valid FARPROC
|
|
dliNoteEndProcessing, // called after all processing is done, no
|
|
// no bypass possible at this point except
|
|
// by longjmp()/throw()/RaiseException.
|
|
};
|
|
|
|
typedef struct DelayLoadProc {
|
|
BOOL fImportByName;
|
|
union {
|
|
LPCSTR szProcName;
|
|
DWORD dwOrdinal;
|
|
};
|
|
} DelayLoadProc;
|
|
|
|
typedef struct DelayLoadInfo {
|
|
DWORD cb; // size of structure
|
|
PCImgDelayDescr pidd; // raw form of data (everything is there)
|
|
FARPROC * ppfn; // points to address of function to load
|
|
LPCSTR szDll; // name of dll
|
|
DelayLoadProc dlp; // name or ordinal of procedure
|
|
HMODULE hmodCur; // the hInstance of the library we have loaded
|
|
FARPROC pfnCur; // the actual function that will be called
|
|
DWORD dwLastError;// error received (if an error notification)
|
|
} DelayLoadInfo, * PDelayLoadInfo;
|
|
|
|
typedef FARPROC (WINAPI *PfnDliHook)(
|
|
unsigned dliNotify,
|
|
PDelayLoadInfo pdli
|
|
);
|
|
|
|
IMAGE_DOS_HEADER __ImageBase;
|
|
|
|
//
|
|
// Unload support
|
|
//
|
|
|
|
BOOL
|
|
WINAPI
|
|
__FUnloadDelayLoadedDLL2 (
|
|
LPCSTR szDll
|
|
)
|
|
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
// structure definitions for the list of unload records
|
|
typedef struct UnloadInfo * PUnloadInfo;
|
|
typedef struct UnloadInfo {
|
|
PUnloadInfo puiNext;
|
|
PCImgDelayDescr pidd;
|
|
} UnloadInfo;
|
|
|
|
// the default delay load helper places the unloadinfo records in the list
|
|
// headed by the following pointer.
|
|
|
|
PUnloadInfo __puiHead;
|
|
|
|
//
|
|
// Hook pointers
|
|
//
|
|
|
|
// The "notify hook" gets called for every call to the
|
|
// delay load helper. This allows a user to hook every call and
|
|
// skip the delay load helper entirely.
|
|
//
|
|
// dliNotify == {
|
|
// dliStartProcessing |
|
|
// dliPreLoadLibrary |
|
|
// dliPreGetProc |
|
|
// dliNoteEndProcessing}
|
|
// on this call.
|
|
//
|
|
|
|
PfnDliHook __pfnDliNotifyHook;
|
|
|
|
PfnDliHook __pfnDliNotifyHook2;
|
|
|
|
PfnDliHook __pfnDliFailureHook;
|
|
|
|
PfnDliHook __pfnDliFailureHook2;
|