ldrinit.c File Reference

#include <ntos.h>
#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#include <heap.h>
#include <apcompat.h>
#include "ldrp.h"
#include <ctype.h>

Go to the source code of this file.

Functions
VOID	LdrpRelocateStartContext (IN PCONTEXT Context, IN LONG_PTR Diff)
NTSTATUS	LdrpForkProcess (VOID)
VOID	LdrpInitializeThread (IN PCONTEXT Context)
BOOLEAN	NtdllOkayToLockRoutine (IN PVOID Lock)
VOID	RtlpInitDeferedCriticalSection (VOID)
VOID	LdrQueryApplicationCompatibilityGoo (IN PUNICODE_STRING UnicodeImageName)
NTSTATUS	LdrFindAppCompatVariableInfo (IN ULONG dwTypeSeeking, OUT PAPP_VARIABLE_INFO *AppVariableInfo)
NTSTATUS	LdrpSearchResourceSection_U (IN PVOID DllHandle, IN PULONG_PTR ResourceIdPath, IN ULONG ResourceIdPathLength, IN BOOLEAN FindDirectoryEntry, IN BOOLEAN ExactLangMatchOnly, OUT PVOID *ResourceDirectoryOrData)
NTSTATUS	LdrpAccessResourceData (IN PVOID DllHandle, IN PIMAGE_RESOURCE_DATA_ENTRY ResourceDataEntry, OUT PVOID *Address OPTIONAL, OUT PULONG Size OPTIONAL)
PVOID	NtdllpAllocateStringRoutine (SIZE_T NumberOfBytes)
VOID	NtdllpFreeStringRoutine (PVOID Buffer)
VOID	LdrpInitializationFailure (IN NTSTATUS FailureCode)
VOID	LdrpInitialize (IN PCONTEXT Context, IN PVOID SystemArgument1, IN PVOID SystemArgument2)
NTSTATUS	LdrpInitializeProcess (IN PCONTEXT Context OPTIONAL, IN PVOID SystemDllBase, IN PUNICODE_STRING UnicodeImageName)
VOID	LdrShutdownProcess (VOID)
VOID	LdrShutdownThread (VOID)
NTSTATUS	LdrQueryImageFileExecutionOptions (IN PUNICODE_STRING ImagePathName, IN PWSTR OptionName, IN ULONG Type, OUT PVOID Buffer, IN ULONG BufferSize, OUT PULONG ResultSize OPTIONAL)
NTSTATUS	LdrpInitializeTls (VOID)
NTSTATUS	LdrpAllocateTls (VOID)
VOID	LdrpFreeTls (VOID)
VOID	LdrpCallTlsInitializers (PVOID DllBase, ULONG Reason)
ULONG	GetNextCommaValue (IN OUT WCHAR **p, IN OUT ULONG *len)
Variables
BOOLEAN	LdrpShutdownInProgress = FALSE
BOOLEAN	LdrpImageHasTls = FALSE
BOOLEAN	LdrpVerifyDlls = FALSE
BOOLEAN	LdrpLdrDatabaseIsSetup = FALSE
BOOLEAN	LdrpInLdrInit = FALSE
PVOID	NtDllBase
ULONG	RtlpDisableHeapLookaside
PRTL_ALLOCATE_STRING_ROUTINE	RtlAllocateStringRoutine
PRTL_FREE_STRING_ROUTINE	RtlFreeStringRoutine
RTL_BITMAP	TlsBitMap
RTL_BITMAP	TlsExpansionBitMap
RTL_CRITICAL_SECTION_DEBUG	LoaderLockDebug
RTL_CRITICAL_SECTION	LoaderLock
BOOLEAN	LoaderLockInitialized

---

Function Documentation

ULONG GetNextCommaValue (  IN OUT WCHAR **  p, IN OUT ULONG *  len )

Definition at line 2246 of file ldrinit.c. References L. Referenced by LdrQueryApplicationCompatibilityGoo(). { ULONG Number = 0; while (*len && (UNICODE_NULL != **p) && **p != L',') { // Let's ignore spaces if ( L' ' != **p ) { Number = (Number * 10) + ( (ULONG)**p - L'0' ); } (*p)++; (*len)--; } // // If we're at a comma, get past it for the next call // if ( L',' == **p ) { (*p)++; (*len)--; } return Number; }

NTSTATUS LdrFindAppCompatVariableInfo (  IN ULONG  dwTypeSeeking, OUT PAPP_VARIABLE_INFO *  AppVariableInfo )

Definition at line 2683 of file ldrinit.c. Referenced by LdrQueryApplicationCompatibilityGoo(). 02690 : 02691 02692 This function is used to find a variable length struct by its type. 02693 The caller specifies what type its looking for and this function chews 02694 thru all the variable length structs to find it. If it does it returns 02695 the pointer and TRUE, else FALSE. 02696 02697 Arguments: 02698 02699 dwTypeSeeking - AVT that you are looking for 02700 02701 AppVariableInfo - pointer to pointer of variable info to be returned 02702 02703 Return Value: 02704 02705 TRUE or FALSE if entry is found 02706 02707 --*/ 02708 02709 { 02710 PPEB Peb; 02711 ULONG TotalSize; 02712 ULONG CurOffset; 02713 PAPP_VARIABLE_INFO pCurrentEntry; 02714 02715 Peb = NtCurrentPeb(); 02716 if (Peb->AppCompatInfo) { 02717 02718 // 02719 // Since we're not dealing with a fixed-size structure, TotalSize 02720 // will keep us from running off the end of the data list 02721 // 02722 TotalSize = ((PAPP_COMPAT_INFO) Peb->AppCompatInfo)->dwTotalSize; 02723 02724 // 02725 // The first variable structure (if there is one) will start 02726 // immediately after the fixed stuff 02727 // 02728 CurOffset = sizeof(APP_COMPAT_INFO); 02729 02730 while (CurOffset < TotalSize) { 02731 02732 pCurrentEntry = (PAPP_VARIABLE_INFO) ((PUCHAR)(Peb->AppCompatInfo) + CurOffset); 02733 02734 // 02735 // Have we found what we're looking for? 02736 // 02737 if (dwTypeSeeking == pCurrentEntry->dwVariableType) { 02738 *AppVariableInfo = pCurrentEntry; 02739 return (STATUS_SUCCESS); 02740 } 02741 02742 // 02743 // Let's go look at the next blob 02744 // 02745 CurOffset += (ULONG)(pCurrentEntry->dwVariableInfoSize); 02746 } 02747 02748 } 02749 02750 return (STATUS_NOT_FOUND); 02751 } }

NTSTATUS LdrpAccessResourceData (  IN PVOID  DllHandle, IN PIMAGE_RESOURCE_DATA_ENTRY  ResourceDataEntry, OUT PVOID *Address  OPTIONAL, OUT PULONG Size  OPTIONAL )

Definition at line 96 of file ldrrsrc.c. : This function returns the data necessary to actually examine the contents of a particular resource. Arguments: DllHandle - Supplies a handle to the image file that the resource is contained in. ResourceDataEntry - Supplies a pointer to the resource data entry in the resource data directory of the image file specified by the DllHandle parameter. This pointer should have been one returned by the LdrFindResource function. Address - Optional pointer to a variable that will receive the address of the resource specified by the first two parameters. Size - Optional pointer to a variable that will receive the size of the resource specified by the first two parameters. Return Value: TBD --*/ { PIMAGE_RESOURCE_DIRECTORY ResourceDirectory; ULONG ResourceSize; PIMAGE_NT_HEADERS NtHeaders; ULONG_PTR VirtualAddressOffset; PIMAGE_SECTION_HEADER NtSection; RTL_PAGED_CODE(); #ifndef NTOS_KERNEL_RUNTIME ResourceDirectory = (PIMAGE_RESOURCE_DIRECTORY) RtlImageDirectoryEntryToData(DllHandle, TRUE, IMAGE_DIRECTORY_ENTRY_RESOURCE, &ResourceSize ); if (!ResourceDirectory) { return( STATUS_RESOURCE_DATA_NOT_FOUND ); } if ((ULONG_PTR)ResourceDataEntry < (ULONG_PTR) ResourceDirectory ){ DllHandle = LdrLoadAlternateResourceModule (DllHandle, NULL); } else{ NtHeaders = RtlImageNtHeader( (PVOID)((ULONG_PTR)DllHandle & ~0x00000001) ); if (NtHeaders) { // Find the bounds of the image so we can see if this resource entry is in an alternate // resource dll. ULONG_PTR ImageStart = (ULONG_PTR)DllHandle & ~0x00000001; SIZE_T ImageSize = 0; if ((ULONG_PTR)DllHandle & 0x00000001) { // mapped as datafile. Ask mm for the size NTSTATUS Status; MEMORY_BASIC_INFORMATION MemInfo; Status = NtQueryVirtualMemory( NtCurrentProcess(), (PVOID) ImageStart, MemoryBasicInformation, (PVOID)&MemInfo, sizeof(MemInfo), NULL ); if ( !NT_SUCCESS(Status) ) { ImageSize = 0; } else { ImageSize = MemInfo.RegionSize; } } else { ImageSize = ((PIMAGE_NT_HEADERS32)NtHeaders)->OptionalHeader.SizeOfImage; } if (!(((ULONG_PTR)ResourceDataEntry >= ImageStart) && ((ULONG_PTR)ResourceDataEntry < (ImageStart + ImageSize)))) { // Doesn't fall within the specified image. Must be an alternate dll. DllHandle = LdrLoadAlternateResourceModule (DllHandle, NULL); } } } if (!DllHandle){ return ( STATUS_RESOURCE_DATA_NOT_FOUND ); } #endif try { ResourceDirectory = (PIMAGE_RESOURCE_DIRECTORY) RtlImageDirectoryEntryToData(DllHandle, TRUE, IMAGE_DIRECTORY_ENTRY_RESOURCE, &ResourceSize ); if (!ResourceDirectory) { return( STATUS_RESOURCE_DATA_NOT_FOUND ); } if ((ULONG_PTR)DllHandle & 0x00000001) { ULONG ResourceRVA; DllHandle = (PVOID)((ULONG_PTR)DllHandle & ~0x00000001); NtHeaders = RtlImageNtHeader( DllHandle ); if (NtHeaders->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) { ResourceRVA=((PIMAGE_NT_HEADERS32)NtHeaders)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_RESOURCE ].VirtualAddress; } else if (NtHeaders->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) { ResourceRVA=((PIMAGE_NT_HEADERS64)NtHeaders)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_RESOURCE ].VirtualAddress; } else { ResourceRVA = 0; } if (!ResourceRVA) { return( STATUS_RESOURCE_DATA_NOT_FOUND ); } VirtualAddressOffset = (ULONG_PTR)DllHandle + ResourceRVA - (ULONG_PTR)ResourceDirectory; // // Now, we must check to see if the resource is not in the // same section as the resource table. If it's in .rsrc1, // we've got to adjust the RVA in the ResourceDataEntry // to point to the correct place in the non-VA data file. // NtSection= RtlSectionTableFromVirtualAddress( NtHeaders, DllHandle, ResourceRVA); if (!NtSection) { return( STATUS_RESOURCE_DATA_NOT_FOUND ); } if ( ResourceDataEntry->OffsetToData > NtSection->Misc.VirtualSize ) { ULONG rva; rva = NtSection->VirtualAddress; NtSection= RtlSectionTableFromVirtualAddress(NtHeaders, DllHandle, ResourceDataEntry->OffsetToData ); VirtualAddressOffset += ((ULONG_PTR)NtSection->VirtualAddress - rva) - ((ULONG_PTR)RtlAddressInSectionTable ( NtHeaders, DllHandle, NtSection->VirtualAddress ) - (ULONG_PTR)ResourceDirectory); } } else { VirtualAddressOffset = 0; } if (ARGUMENT_PRESENT( Address )) { *Address = (PVOID)( (PCHAR)DllHandle + (ResourceDataEntry->OffsetToData - VirtualAddressOffset) ); } if (ARGUMENT_PRESENT( Size )) { *Size = ResourceDataEntry->Size; } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } return( STATUS_SUCCESS ); }

NTSTATUS LdrpAllocateTls (  VOID   )

Definition at line 2071 of file ldrinit.c. References DbgPrint, LDRP_TLS_ENTRY, LdrpNumberOfTlsEntries, LdrpTlsList, MAKE_TAG, RtlAllocateHeap, ShowSnaps, _LDRP_TLS_ENTRY::Tls, and TLS_TAG. Referenced by LdrpInitializeThread(), and LdrpInitializeTls(). { PTEB Teb; PLIST_ENTRY Head, Next; PLDRP_TLS_ENTRY TlsEntry; PVOID *TlsVector; Teb = NtCurrentTeb(); // // Allocate the array of thread local storage pointers // if ( LdrpNumberOfTlsEntries ) { TlsVector = RtlAllocateHeap(RtlProcessHeap(),MAKE_TAG( TLS_TAG ),sizeof(PVOID)*LdrpNumberOfTlsEntries); if ( !TlsVector ) { return STATUS_NO_MEMORY; } Teb->ThreadLocalStoragePointer = TlsVector; Head = &LdrpTlsList; Next = Head->Flink; while ( Next != Head ) { TlsEntry = CONTAINING_RECORD(Next, LDRP_TLS_ENTRY, Links); Next = Next->Flink; TlsVector[TlsEntry->Tls.Characteristics] = RtlAllocateHeap( RtlProcessHeap(), MAKE_TAG( TLS_TAG ), TlsEntry->Tls.EndAddressOfRawData - TlsEntry->Tls.StartAddressOfRawData ); if (!TlsVector[TlsEntry->Tls.Characteristics] ) { return STATUS_NO_MEMORY; } if (ShowSnaps) { DbgPrint("LDR: TlsVector %x Index %d = %x copied from %x to %x\n", TlsVector, TlsEntry->Tls.Characteristics, &TlsVector[TlsEntry->Tls.Characteristics], TlsEntry->Tls.StartAddressOfRawData, TlsVector[TlsEntry->Tls.Characteristics] ); } RtlCopyMemory( TlsVector[TlsEntry->Tls.Characteristics], (PVOID)TlsEntry->Tls.StartAddressOfRawData, TlsEntry->Tls.EndAddressOfRawData - TlsEntry->Tls.StartAddressOfRawData ); // // Do the TLS Callouts // } } return STATUS_SUCCESS; }

VOID LdrpCallTlsInitializers (  PVOID  DllBase, ULONG  Reason )

Definition at line 2178 of file ldrinit.c. References DbgPrint, EXCEPTION_EXECUTE_HANDLER, LdrpCallInitRoutine, NULL, RtlImageDirectoryEntryToData(), ShowSnaps, and TRUE. Referenced by LdrpInitializeThread(), LdrpRunInitializeRoutines(), LdrShutdownProcess(), and LdrShutdownThread(). { PIMAGE_TLS_DIRECTORY TlsImage; ULONG TlsSize; PIMAGE_TLS_CALLBACK *CallBackArray; PIMAGE_TLS_CALLBACK InitRoutine; TlsImage = (PIMAGE_TLS_DIRECTORY)RtlImageDirectoryEntryToData( DllBase, TRUE, IMAGE_DIRECTORY_ENTRY_TLS, &TlsSize ); try { if ( TlsImage ) { CallBackArray = (PIMAGE_TLS_CALLBACK *)TlsImage->AddressOfCallBacks; if ( CallBackArray ) { if (ShowSnaps) { DbgPrint( "LDR: Tls Callbacks Found. Imagebase %lx Tls %lx CallBacks %lx\n", DllBase, TlsImage, CallBackArray ); } while(*CallBackArray){ InitRoutine = *CallBackArray++; if (ShowSnaps) { DbgPrint( "LDR: Calling Tls Callback Imagebase %lx Function %lx\n", DllBase, InitRoutine ); } #if defined (WX86) if (!Wx86ProcessInit || LdrpRunWx86DllEntryPoint( (PDLL_INIT_ROUTINE)InitRoutine, NULL, DllBase, Reason, NULL ) == STATUS_IMAGE_MACHINE_TYPE_MISMATCH) #endif { LdrpCallInitRoutine((PDLL_INIT_ROUTINE)InitRoutine, DllBase, Reason, 0); } } } } } except (EXCEPTION_EXECUTE_HANDLER) { ; } }

NTSTATUS LdrpForkProcess (  VOID   )

Definition at line 575 of file ldrinit.c. References FALSE, FastPebLock, LoaderLock, LoaderLockInitialized, NT_SUCCESS, NTSTATUS(), NULL, RtlCreateHeap(), RtlCriticalSectionList, RtlInitializeCriticalSection(), RtlInitializeHeapManager(), RtlpInitDeferedCriticalSection(), RtlRaiseStatus(), and TRUE. Referenced by LdrpInitialize(). { NTSTATUS st; PPEB Peb; Peb = NtCurrentPeb(); // // Initialize the critical section package. // RtlpInitDeferedCriticalSection(); InsertTailList(&RtlCriticalSectionList, &LoaderLock.DebugInfo->ProcessLocksList); LoaderLock.DebugInfo->CriticalSection = &LoaderLock; LoaderLockInitialized = TRUE; st = RtlInitializeCriticalSection(&FastPebLock); if ( !NT_SUCCESS(st) ) { RtlRaiseStatus(st); } Peb->FastPebLock = &FastPebLock; Peb->FastPebLockRoutine = (PVOID)&RtlEnterCriticalSection; Peb->FastPebUnlockRoutine = (PVOID)&RtlLeaveCriticalSection; Peb->InheritedAddressSpace = FALSE; RtlInitializeHeapManager(); Peb->ProcessHeap = RtlCreateHeap( HEAP_GROWABLE, // Flags NULL, // HeapBase 64 * 1024, // ReserveSize 4096, // CommitSize NULL, // Lock to use for serialization NULL // GrowthThreshold ); if (Peb->ProcessHeap == NULL) { return STATUS_NO_MEMORY; } return st; }

VOID LdrpFreeTls (  VOID   )

Definition at line 2134 of file ldrinit.c. References LdrpTlsList, RtlFreeHeap, and _LDRP_TLS_ENTRY::Tls. Referenced by LdrShutdownThread(). { PTEB Teb; PLIST_ENTRY Head, Next; PLDRP_TLS_ENTRY TlsEntry; PVOID *TlsVector; Teb = NtCurrentTeb(); TlsVector = Teb->ThreadLocalStoragePointer; if ( TlsVector ) { Head = &LdrpTlsList; Next = Head->Flink; while ( Next != Head ) { TlsEntry = CONTAINING_RECORD(Next, LDRP_TLS_ENTRY, Links); Next = Next->Flink; // // Do the TLS callouts // if ( TlsVector[TlsEntry->Tls.Characteristics] ) { RtlFreeHeap( RtlProcessHeap(), 0, TlsVector[TlsEntry->Tls.Characteristics] ); } } RtlFreeHeap( RtlProcessHeap(), 0, TlsVector ); } }

VOID LdrpInitializationFailure (  IN NTSTATUS  FailureCode  )

Definition at line 157 of file ldrinit.c. References LdrpFatalHardErrorCount, NtRaiseHardError(), and NTSTATUS(). Referenced by LdrpInitialize(), and LdrpInitializeProcess(). { NTSTATUS ErrorStatus; ULONG_PTR ErrorParameter; ULONG ErrorResponse; if ( LdrpFatalHardErrorCount ) { return; } // // Its error time... // ErrorParameter = (ULONG_PTR)FailureCode; ErrorStatus = NtRaiseHardError( STATUS_APP_INIT_FAILURE, 1, 0, &ErrorParameter, OptionOk, &ErrorResponse ); }

VOID LdrpInitialize (  IN PCONTEXT  Context, IN PVOID  SystemArgument1, IN PVOID  SystemArgument2 )

Definition at line 186 of file ldrinit.c. References DbgPrint, EXCEPTION_EXECUTE_HANDLER, FALSE, L, LdrpForkProcess(), LdrpInitializationFailure(), LdrpInitializeProcess(), LdrpInitializeThread(), LdrpInLdrInit, LdrQueryImageFileExecutionOptions(), LoaderLock, LoaderLockInitialized, NT_SUCCESS, NtDelayExecution(), NtQueryPerformanceCounter(), NtQueryVirtualMemory(), NTSTATUS(), NtTestAlert(), NULL, RtlImageDirectoryEntryToData(), RtlImageNtHeader(), RtlpDebugPageHeap, RtlpDisableHeapLookaside, RtlpDphDllRangeEnd, RtlpDphDllRangeStart, RtlpDphGlobalFlags, RtlpDphRandomProbability, RtlpDphSizeRangeEnd, RtlpDphSizeRangeStart, RtlpDphTargetDlls, RtlRaiseStatus(), and TRUE. : This function is called as a User-Mode APC routine as the first user-mode code executed by a new thread. It's function is to initialize loader context, perform module initialization callouts... Arguments: Context - Supplies an optional context buffer that will be restore after all DLL initialization has been completed. If this parameter is NULL then this is a dynamic snap of this module. Otherwise this is a static snap prior to the user process gaining control. SystemArgument1 - Supplies the base address of the System Dll. SystemArgument2 - not used. Return Value: None. --*/ { NTSTATUS st, InitStatus; PPEB Peb; PTEB Teb; UNICODE_STRING UnicodeImageName; MEMORY_BASIC_INFORMATION MemInfo; BOOLEAN AlreadyFailed; LARGE_INTEGER DelayValue; #if defined(_WIN64) PIMAGE_NT_HEADERS NtHeader; #endif SystemArgument2; AlreadyFailed = FALSE; Peb = NtCurrentPeb(); Teb = NtCurrentTeb(); if (!Peb->Ldr) { #if defined(_ALPHA_) ULONG temp; // // Set GP register // LdrpGpValue = (ULONG_PTR)RtlImageDirectoryEntryToData( Peb->ImageBaseAddress, TRUE, IMAGE_DIRECTORY_ENTRY_GLOBALPTR, &temp ); if (Context != NULL) { LdrpSetGp( LdrpGpValue ); Context->IntGp = LdrpGpValue; } #endif // ALPHA //#if DBG if (TRUE) //#else // if (Peb->BeingDebugged || Peb->ReadImageFileExecOptions) //#endif { PWSTR pw; pw = (PWSTR)Peb->ProcessParameters->ImagePathName.Buffer; if (!(Peb->ProcessParameters->Flags & RTL_USER_PROC_PARAMS_NORMALIZED)) { pw = (PWSTR)((PCHAR)pw + (ULONG_PTR)(Peb->ProcessParameters)); } UnicodeImageName.Buffer = pw; UnicodeImageName.Length = Peb->ProcessParameters->ImagePathName.Length; UnicodeImageName.MaximumLength = UnicodeImageName.Length; // // Hack for NT4 SP4. So we don't overload another GlobalFlag // bit that we have to be "compatible" with for NT5, look for // another value named "DisableHeapLookaside". // LdrQueryImageFileExecutionOptions( &UnicodeImageName, L"DisableHeapLookaside", REG_DWORD, &RtlpDisableHeapLookaside, sizeof( RtlpDisableHeapLookaside ), NULL ); st = LdrQueryImageFileExecutionOptions( &UnicodeImageName, L"GlobalFlag", REG_DWORD, &Peb->NtGlobalFlag, sizeof( Peb->NtGlobalFlag ), NULL ); if (!NT_SUCCESS( st )) { if (Peb->BeingDebugged) { Peb->NtGlobalFlag |= FLG_HEAP_ENABLE_FREE_CHECK | FLG_HEAP_ENABLE_TAIL_CHECK | FLG_HEAP_VALIDATE_PARAMETERS; } } #if defined(_WIN64) NtHeader = RtlImageNtHeader(Peb->ImageBaseAddress); if (NtHeader && NtHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) { UseWOW64 = TRUE; } #endif } if ( Peb->NtGlobalFlag & FLG_HEAP_PAGE_ALLOCS ) { // // We will enable page heap (RtlpDebugPageHeap) only after // all other initializations for page heap are finished. // // // If page heap is enabled we need to disable any flag that // might force creation of debug heaps for normal NT heaps. // This is due to a dependency between page heap and NT heap // where the page heap within PageHeapCreate tries to create // a normal NT heap to accomodate some of the allocations. // If we do not disable these flags we will get an infinite // recursion between RtlpDebugPageHeapCreate and RtlCreateHeap. // Peb->NtGlobalFlag &= ~( FLG_HEAP_ENABLE_TAGGING | FLG_HEAP_ENABLE_TAG_BY_DLL | FLG_HEAP_ENABLE_TAIL_CHECK | FLG_HEAP_ENABLE_FREE_CHECK | FLG_HEAP_VALIDATE_PARAMETERS | FLG_HEAP_VALIDATE_ALL | FLG_USER_STACK_TRACE_DB ); // // Read page heap per process global flags. If we fail // to read a value, the default ones are kept. // LdrQueryImageFileExecutionOptions( &UnicodeImageName, L"PageHeapFlags", REG_DWORD, &RtlpDphGlobalFlags, sizeof(RtlpDphGlobalFlags), NULL ); // // Read several page heap parameters. // LdrQueryImageFileExecutionOptions( &UnicodeImageName, L"PageHeapSizeRangeStart", REG_DWORD, &RtlpDphSizeRangeStart, sizeof(RtlpDphSizeRangeStart), NULL ); LdrQueryImageFileExecutionOptions( &UnicodeImageName, L"PageHeapSizeRangeEnd", REG_DWORD, &RtlpDphSizeRangeEnd, sizeof(RtlpDphSizeRangeEnd), NULL ); LdrQueryImageFileExecutionOptions( &UnicodeImageName, L"PageHeapRandomProbability", REG_DWORD, &RtlpDphRandomProbability, sizeof(RtlpDphRandomProbability), NULL ); // // The two values below should be read as PVOIDs so that // this works on 64-bit architetures. However since this // feature relies on good stack traces and since we can get // reliable stack traces only on X86 architectures we will // leave it as it is. // LdrQueryImageFileExecutionOptions( &UnicodeImageName, L"PageHeapDllRangeStart", REG_DWORD, &RtlpDphDllRangeStart, sizeof(RtlpDphDllRangeStart), NULL ); LdrQueryImageFileExecutionOptions( &UnicodeImageName, L"PageHeapDllRangeEnd", REG_DWORD, &RtlpDphDllRangeEnd, sizeof(RtlpDphDllRangeEnd), NULL ); LdrQueryImageFileExecutionOptions( &UnicodeImageName, L"PageHeapTargetDlls", REG_SZ, &RtlpDphTargetDlls, 512, NULL ); // // Turn on BOOLEAN RtlpDebugPageHeap to indicate that // new heaps should be created with debug page heap manager // when possible. // RtlpDebugPageHeap = TRUE; } } #if defined(_ALPHA_) else if (Context != NULL) { LdrpSetGp( LdrpGpValue ); Context->IntGp = LdrpGpValue; } #endif // ALPHA // // Serialize for here on out // Peb->LoaderLock = (PVOID)&LoaderLock; if ( !RtlTryEnterCriticalSection(&LoaderLock) ) { if ( LoaderLockInitialized ) { RtlEnterCriticalSection(&LoaderLock); } else { // // drop into a 30ms delay loop // DelayValue.QuadPart = Int32x32To64( 30, -10000 ); while ( !LoaderLockInitialized ) { NtDelayExecution(FALSE,&DelayValue); } RtlEnterCriticalSection(&LoaderLock); } } if (Teb->DeallocationStack == NULL) { st = NtQueryVirtualMemory( NtCurrentProcess(), Teb->NtTib.StackLimit, MemoryBasicInformation, (PVOID)&MemInfo, sizeof(MemInfo), NULL ); if ( !NT_SUCCESS(st) ) { LdrpInitializationFailure(st); RtlRaiseStatus(st); return; } else { Teb->DeallocationStack = MemInfo.AllocationBase; #if defined(_IA64_) Teb->DeallocationBStore = (PVOID)((ULONG_PTR)MemInfo.AllocationBase + MemInfo.RegionSize); #endif // defined(_IA64_) } } InitStatus = STATUS_SUCCESS; try { if (!Peb->Ldr) { LdrpInLdrInit = TRUE; #if DBG // // Time the load. // if (LdrpDisplayLoadTime) { NtQueryPerformanceCounter(&BeginTime, NULL); } #endif // DBG try { InitStatus = LdrpInitializeProcess( Context, SystemArgument1, &UnicodeImageName ); } except ( EXCEPTION_EXECUTE_HANDLER ) { InitStatus = GetExceptionCode(); AlreadyFailed = TRUE; LdrpInitializationFailure(GetExceptionCode()); } #if DBG if (LdrpDisplayLoadTime) { NtQueryPerformanceCounter(&EndTime, NULL); NtQueryPerformanceCounter(&ElapsedTime, &Interval); ElapsedTime.QuadPart = EndTime.QuadPart - BeginTime.QuadPart; DbgPrint("\nLoadTime %ld In units of %ld cycles/second \n", ElapsedTime.LowPart, Interval.LowPart ); ElapsedTime.QuadPart = EndTime.QuadPart - InitbTime.QuadPart; DbgPrint("InitTime %ld\n", ElapsedTime.LowPart ); DbgPrint("Compares %d Bypasses %d Normal Snaps %d\nSecOpens %d SecCreates %d Maps %d Relocates %d\n", LdrpCompareCount, LdrpSnapBypass, LdrpNormalSnap, LdrpSectionOpens, LdrpSectionCreates, LdrpSectionMaps, LdrpSectionRelocates ); } #endif // DBG } else { if ( Peb->InheritedAddressSpace ) { InitStatus = LdrpForkProcess(); } else { #if defined (WX86) if (Teb->Vdm) { InitStatus = LdrpInitWx86(Teb->Vdm, Context, TRUE); } #endif #if defined(_WIN64) // // Load in WOW64 if the image is supposed to run simulated // if (UseWOW64) { RtlLeaveCriticalSection(&LoaderLock); (*Wow64LdrpInitialize)(Context); // This never returns. It will destroy the process. } #endif LdrpInitializeThread(Context); } } } finally { LdrpInLdrInit = FALSE; RtlLeaveCriticalSection(&LoaderLock); } NtTestAlert(); if (!NT_SUCCESS(InitStatus)) { if ( AlreadyFailed == FALSE ) { LdrpInitializationFailure(InitStatus); } RtlRaiseStatus(InitStatus); } }

NTSTATUS LdrpInitializeProcess (  IN PCONTEXT Context  OPTIONAL, IN PVOID  SystemDllBase, IN PUNICODE_STRING  UnicodeImageName )

Definition at line 616 of file ldrinit.c. References ASSERT, ATOM_TAG, CommandLine, DbgPrint, FALSE, FastPebLock, HeapParameters, InitTableInfo, L, LDR_TAG, LdrGetProcedureAddress(), LdrLoadDll(), LDRP_HASH_TABLE_SIZE, LdrpAllocateDataTableEntry(), LdrpDefaultPath, LdrpFetchAddressOfEntryPoint(), LdrpHashTable, LdrpImageEntry, LdrpInitializationFailure(), LdrpInitializeTls(), LdrpInsertMemoryTableEntry(), LdrpKnownDllObjectDirectory, LdrpKnownDllPath, LdrpKnownDllPathBuffer, LdrpLdrDatabaseIsSetup, LdrpNumberOfProcessors, LdrpReferenceLoadedDll, LdrpRelocateStartContext(), LdrpRunInitializeRoutines(), LdrpSetProtection(), LdrpVerifyDlls, LdrpWalkImportDescriptor(), LdrQueryApplicationCompatibilityGoo(), LdrQueryImageFileExecutionOptions(), LdrRelocateImage(), LoaderLock, LoaderLockInitialized, MAKE_TAG, NATIVE_PAGE_SIZE, NT_SUCCESS, NtAllocateVirtualMemory(), NtClose(), NtDllBase, NtdllBaseTag, NtdllpAllocateStringRoutine(), NtdllpFreeStringRoutine(), NtFreeVirtualMemory(), NtOpenDirectoryObject(), NtOpenSymbolicLinkObject(), NtQueryPerformanceCounter(), NtQuerySymbolicLinkObject(), NtSetInformationProcess(), NTSTATUS(), NtSystemRoot, NULL, PAGE_SIZE, RtlAllocateHeap, RtlAllocateStringRoutine, RtlAppendUnicodeStringToString(), RtlAppendUnicodeToString(), RtlCreateHeap(), RtlCreateTagHeap(), RtlCriticalSectionList, RtlFreeStringRoutine, RtlFreeUnicodeString(), RtlImageDirectoryEntryToData(), RtlImageNtHeader(), RtlInitAnsiString(), RtlInitializeAtomPackage(), RtlInitializeBitMap(), RtlInitializeCriticalSection(), RtlInitializeHeapManager(), RtlInitNlsTables(), RtlInitUnicodeString(), RtlNormalizeProcessParams(), RtlpDebugPageHeap, RtlpInitDeferedCriticalSection(), RtlpTimeout, RtlpTimoutDisable, RtlRaiseStatus(), RtlResetRtlTranslations(), RtlSetCurrentDirectory_U(), ShowSnaps, TlsBitMap, TlsExpansionBitMap, TRUE, Unicode, and USHORT. Referenced by LdrpInitialize(). : This function initializes the loader for the process. This includes: - Initializing the loader data table - Connecting to the loader subsystem - Initializing all staticly linked DLLs Arguments: Context - Supplies an optional context buffer that will be restore after all DLL initialization has been completed. If this parameter is NULL then this is a dynamic snap of this module. Otherwise this is a static snap prior to the user process gaining control. SystemDllBase - Supplies the base address of the system dll. Return Value: Status value --*/ { PPEB Peb; NTSTATUS st; PWCH p, pp; UNICODE_STRING CurDir; UNICODE_STRING FullImageName; UNICODE_STRING CommandLine; ULONG DebugProcessHeapOnly = 0 ; HANDLE LinkHandle; WCHAR SystemDllPathBuffer[DOS_MAX_PATH_LENGTH]; UNICODE_STRING SystemDllPath; PLDR_DATA_TABLE_ENTRY LdrDataTableEntry; PRTL_USER_PROCESS_PARAMETERS ProcessParameters; UNICODE_STRING Unicode; OBJECT_ATTRIBUTES Obja; BOOLEAN StaticCurDir = FALSE; ULONG i; PIMAGE_NT_HEADERS NtHeader = RtlImageNtHeader( NtCurrentPeb()->ImageBaseAddress ); PIMAGE_LOAD_CONFIG_DIRECTORY ImageConfigData; ULONG ProcessHeapFlags; RTL_HEAP_PARAMETERS HeapParameters; NLSTABLEINFO InitTableInfo; LARGE_INTEGER LongTimeout; UNICODE_STRING NtSystemRoot; LONG_PTR Diff; ULONG_PTR OldBase; NtDllBase = SystemDllBase; if ( #if defined(_WIN64) NtHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC && #endif NtHeader->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_NATIVE ) { // // Native subsystems load slower, but validate their DLLs // This is to help CSR detect bad images faster // LdrpVerifyDlls = TRUE; } Peb = NtCurrentPeb(); #if defined(BUILD_WOW6432) { // // The process is running in WOW64. Sort out the optional header // format and reformat the image if its page size is smaller than // the native page size. // PIMAGE_NT_HEADERS32 NtHeader32 = (PIMAGE_NT_HEADERS32)NtHeader; if (NtHeader32->FileHeader.Machine == IMAGE_FILE_MACHINE_I386 && NtHeader32->OptionalHeader.SectionAlignment < NATIVE_PAGE_SIZE && !NT_SUCCESS(st = LdrpWx86FormatVirtualImage(NtHeader32, NtCurrentPeb()->ImageBaseAddress //bugbug: should be: (PVOID)NtHeader32->OptionalHeader.ImageBase ))) { return st; } } #elif defined (_ALPHA_) && defined (WX86) // // Deal with the native page size which is larger than x86 // This needs to be done before any code reads beyond the file headers. // if (NtHeader->FileHeader.Machine == IMAGE_FILE_MACHINE_I386 && NtHeader->OptionalHeader.SectionAlignment < PAGE_SIZE && !NT_SUCCESS(st = LdrpWx86FormatVirtualImage((PIMAGE_NT_HEADERS32)NtHeader, (PVOID)NtHeader->OptionalHeader.ImageBase ))) { return st; } #endif LdrpNumberOfProcessors = Peb->NumberOfProcessors; RtlpTimeout = Peb->CriticalSectionTimeout; LongTimeout.QuadPart = Int32x32To64( 3600, -10000000 ); if (ProcessParameters = RtlNormalizeProcessParams(Peb->ProcessParameters)) { FullImageName = *(PUNICODE_STRING)&ProcessParameters->ImagePathName; CommandLine = *(PUNICODE_STRING)&ProcessParameters->CommandLine; } else { RtlInitUnicodeString( &FullImageName, NULL ); RtlInitUnicodeString( &CommandLine, NULL ); } RtlInitNlsTables( Peb->AnsiCodePageData, Peb->OemCodePageData, Peb->UnicodeCaseTableData, &InitTableInfo ); RtlResetRtlTranslations(&InitTableInfo); #if defined(_WIN64) if (UseWOW64) { // // Ignore image config data when initializing the 64-bit loader. // The 32-bit loader in ntdll32 will look at the config data // and do the right thing. // ImageConfigData = NULL; } else #endif { ImageConfigData = RtlImageDirectoryEntryToData( Peb->ImageBaseAddress, TRUE, IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &i ); } RtlZeroMemory( &HeapParameters, sizeof( HeapParameters ) ); ProcessHeapFlags = HEAP_GROWABLE | HEAP_CLASS_0; HeapParameters.Length = sizeof( HeapParameters ); if (ImageConfigData != NULL && i == sizeof( *ImageConfigData )) { Peb->NtGlobalFlag &= ~ImageConfigData->GlobalFlagsClear; Peb->NtGlobalFlag |= ImageConfigData->GlobalFlagsSet; if (ImageConfigData->CriticalSectionDefaultTimeout != 0) { // // Convert from milliseconds to NT time scale (100ns) // RtlpTimeout.QuadPart = Int32x32To64( (LONG)ImageConfigData->CriticalSectionDefaultTimeout, -10000 ); } if (ImageConfigData->ProcessHeapFlags != 0) { ProcessHeapFlags = ImageConfigData->ProcessHeapFlags; } if (ImageConfigData->DeCommitFreeBlockThreshold != 0) { HeapParameters.DeCommitFreeBlockThreshold = ImageConfigData->DeCommitFreeBlockThreshold; } if (ImageConfigData->DeCommitTotalFreeThreshold != 0) { HeapParameters.DeCommitTotalFreeThreshold = ImageConfigData->DeCommitTotalFreeThreshold; } if (ImageConfigData->MaximumAllocationSize != 0) { HeapParameters.MaximumAllocationSize = ImageConfigData->MaximumAllocationSize; } if (ImageConfigData->VirtualMemoryThreshold != 0) { HeapParameters.VirtualMemoryThreshold = ImageConfigData->VirtualMemoryThreshold; } } // // // // Check if the image has the fast heap flag set // // // // if (NtHeader->OptionalHeader.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_FAST_HEAP) { // RtlpDisableHeapLookaside = 0; // } else { // RtlpDisableHeapLookaside = 1; // } ShowSnaps = (BOOLEAN)(FLG_SHOW_LDR_SNAPS & Peb->NtGlobalFlag); // // This field is non-zero if the image file that was used to create this // process contained a non-zero value in its image header. If so, then // set the affinity mask for the process using this value. It could also // be non-zero if the parent process created us suspended and poked our // PEB with a non-zero value before resuming. // if (Peb->ImageProcessAffinityMask) { st = NtSetInformationProcess( NtCurrentProcess(), ProcessAffinityMask, &Peb->ImageProcessAffinityMask, sizeof( Peb->ImageProcessAffinityMask ) ); if (NT_SUCCESS( st )) { KdPrint(( "LDR: Using ProcessAffinityMask of 0x%x from image.\n", Peb->ImageProcessAffinityMask )); } else { KdPrint(( "LDR: Failed to set ProcessAffinityMask of 0x%x from image (Status == %08x).\n", Peb->ImageProcessAffinityMask, st )); } } if (RtlpTimeout.QuadPart < LongTimeout.QuadPart) { RtlpTimoutDisable = TRUE; } if (ShowSnaps) { DbgPrint( "LDR: PID: 0x%x started - '%wZ'\n", NtCurrentTeb()->ClientId.UniqueProcess, &CommandLine ); } for(i=0;i<LDRP_HASH_TABLE_SIZE;i++) { InitializeListHead(&LdrpHashTable[i]); } // // Initialize the critical section package. // RtlpInitDeferedCriticalSection(); Peb->TlsBitmap = (PVOID)&TlsBitMap; Peb->TlsExpansionBitmap = (PVOID)&TlsExpansionBitMap; RtlInitializeBitMap ( &TlsBitMap, &Peb->TlsBitmapBits[0], TLS_MINIMUM_AVAILABLE ); RtlInitializeBitMap ( &TlsExpansionBitMap, &Peb->TlsExpansionBitmapBits[0], TLS_EXPANSION_SLOTS ); InsertTailList(&RtlCriticalSectionList, &LoaderLock.DebugInfo->ProcessLocksList); LoaderLock.DebugInfo->CriticalSection = &LoaderLock; LoaderLockInitialized = TRUE; // // Initialize the stack trace data base if requested // #if i386 if (Peb->NtGlobalFlag & FLG_USER_STACK_TRACE_DB) { PVOID BaseAddress = NULL; ULONG ReserveSize = 2 * 1024 * 1024; st = NtAllocateVirtualMemory( NtCurrentProcess(), (PVOID *)&BaseAddress, 0, &ReserveSize, MEM_RESERVE, PAGE_READWRITE ); if ( NT_SUCCESS( st ) ) { st = RtlInitializeStackTraceDataBase( BaseAddress, 0, ReserveSize ); if ( !NT_SUCCESS( st ) ) { NtFreeVirtualMemory( NtCurrentProcess(), (PVOID *)&BaseAddress, &ReserveSize, MEM_RELEASE ); } else { Peb->NtGlobalFlag |= FLG_HEAP_VALIDATE_PARAMETERS; } } } #endif // i386 // // Initialize the loader data based in the PEB. // st = RtlInitializeCriticalSection(&FastPebLock); if ( !NT_SUCCESS(st) ) { return st; } Peb->FastPebLock = &FastPebLock; Peb->FastPebLockRoutine = (PVOID)&RtlEnterCriticalSection; Peb->FastPebUnlockRoutine = (PVOID)&RtlLeaveCriticalSection; RtlInitializeHeapManager(); #if defined(_WIN64) if (UseWOW64) { // // Create a heap using all defaults. The 32-bit process heap // will be created later by ntdll32 using the parameters from the exe. // Peb->ProcessHeap = RtlCreateHeap( ProcessHeapFlags, NULL, 0, 0, NULL, &HeapParameters ); } else #endif { if (NtHeader->OptionalHeader.MajorSubsystemVersion <= 3 && NtHeader->OptionalHeader.MinorSubsystemVersion < 51 ) { ProcessHeapFlags |= HEAP_CREATE_ALIGN_16; } Peb->ProcessHeap = RtlCreateHeap( ProcessHeapFlags, NULL, NtHeader->OptionalHeader.SizeOfHeapReserve, NtHeader->OptionalHeader.SizeOfHeapCommit, NULL, // Lock to use for serialization &HeapParameters ); } if (Peb->ProcessHeap == NULL) { return STATUS_NO_MEMORY; } NtdllBaseTag = RtlCreateTagHeap( Peb->ProcessHeap, 0, L"NTDLL!", L"!Process\0" // Heap Name L"CSRSS Client\0" L"LDR Database\0" L"Current Directory\0" L"TLS Storage\0" L"DBGSS Client\0" L"SE Temporary\0" L"Temporary\0" L"LocalAtom\0" ); RtlAllocateStringRoutine = NtdllpAllocateStringRoutine; RtlFreeStringRoutine = NtdllpFreeStringRoutine; RtlInitializeAtomPackage( MAKE_TAG( ATOM_TAG ) ); // // Allow only the process heap to have page allocations turned on // st = LdrQueryImageFileExecutionOptions( UnicodeImageName, L"DebugProcessHeapOnly", REG_DWORD, &DebugProcessHeapOnly, sizeof( DebugProcessHeapOnly ), NULL ); if (NT_SUCCESS( st )) { if ( RtlpDebugPageHeap && ( DebugProcessHeapOnly != 0 ) ) { RtlpDebugPageHeap = FALSE ; } } SystemDllPath.Buffer = SystemDllPathBuffer; SystemDllPath.Length = 0; SystemDllPath.MaximumLength = sizeof( SystemDllPathBuffer ); RtlInitUnicodeString( &NtSystemRoot, USER_SHARED_DATA->NtSystemRoot ); RtlAppendUnicodeStringToString( &SystemDllPath, &NtSystemRoot ); RtlAppendUnicodeToString( &SystemDllPath, L"\\System32\\" ); RtlInitUnicodeString(&Unicode,L"\\KnownDlls"); InitializeObjectAttributes( &Obja, &Unicode, OBJ_CASE_INSENSITIVE, NULL, NULL ); st = NtOpenDirectoryObject( &LdrpKnownDllObjectDirectory, DIRECTORY_QUERY | DIRECTORY_TRAVERSE, &Obja ); if ( !NT_SUCCESS(st) ) { LdrpKnownDllObjectDirectory = NULL; // KnownDlls directory doesn't exist - assume it's system32. RtlInitUnicodeString(&LdrpKnownDllPath, SystemDllPath.Buffer); LdrpKnownDllPath.Length -= sizeof(WCHAR); // remove trailing '\' } else { // // Open up the known dll pathname link // and query its value // RtlInitUnicodeString(&Unicode,L"KnownDllPath"); InitializeObjectAttributes( &Obja, &Unicode, OBJ_CASE_INSENSITIVE, LdrpKnownDllObjectDirectory, NULL ); st = NtOpenSymbolicLinkObject( &LinkHandle, SYMBOLIC_LINK_QUERY, &Obja ); if (NT_SUCCESS( st )) { LdrpKnownDllPath.Length = 0; LdrpKnownDllPath.MaximumLength = sizeof(LdrpKnownDllPathBuffer); LdrpKnownDllPath.Buffer = LdrpKnownDllPathBuffer; st = NtQuerySymbolicLinkObject( LinkHandle, &LdrpKnownDllPath, NULL ); NtClose(LinkHandle); if ( !NT_SUCCESS(st) ) { return st; } } else { return st; } } if (ProcessParameters) { // // If the process was created with process parameters, // than extract: // // - Library Search Path // // - Starting Current Directory // if (ProcessParameters->DllPath.Length) { LdrpDefaultPath = *(PUNICODE_STRING)&ProcessParameters->DllPath; } else { LdrpInitializationFailure( STATUS_INVALID_PARAMETER ); } StaticCurDir = TRUE; CurDir = ProcessParameters->CurrentDirectory.DosPath; if (CurDir.Buffer == NULL || CurDir.Buffer[ 0 ] == UNICODE_NULL || CurDir.Length == 0) { CurDir.Buffer = (RtlAllocateStringRoutine)( (3+1) * sizeof( WCHAR ) ); ASSERT(CurDir.Buffer != NULL); RtlMoveMemory( CurDir.Buffer, USER_SHARED_DATA->NtSystemRoot, 3 * sizeof( WCHAR ) ); CurDir.Buffer[ 3 ] = UNICODE_NULL; } } // // Make sure the module data base is initialized before we take any // exceptions. // Peb->Ldr = RtlAllocateHeap(Peb->ProcessHeap, MAKE_TAG( LDR_TAG ), sizeof(PEB_LDR_DATA)); if ( !Peb->Ldr ) { RtlRaiseStatus(STATUS_NO_MEMORY); } Peb->Ldr->Length = sizeof(PEB_LDR_DATA); Peb->Ldr->Initialized = TRUE; Peb->Ldr->SsHandle = NULL; InitializeListHead(&Peb->Ldr->InLoadOrderModuleList); InitializeListHead(&Peb->Ldr->InMemoryOrderModuleList); InitializeListHead(&Peb->Ldr->InInitializationOrderModuleList); // // Allocate the first data table entry for the image. Since we // have already mapped this one, we need to do the allocation by hand. // Its characteristics identify it as not a Dll, but it is linked // into the table so that pc correlation searching doesn't have to // be special cased. // LdrDataTableEntry = LdrpImageEntry = LdrpAllocateDataTableEntry(Peb->ImageBaseAddress); LdrDataTableEntry->LoadCount = (USHORT)0xffff; LdrDataTableEntry->EntryPoint = LdrpFetchAddressOfEntryPoint(LdrDataTableEntry->DllBase); LdrDataTableEntry->FullDllName = FullImageName; LdrDataTableEntry->Flags = 0; // p = strrchr(FullImageName, '\\'); pp = UNICODE_NULL; p = FullImageName.Buffer; while (*p) { if (*p++ == (WCHAR)'\\') { pp = p; } } LdrDataTableEntry->FullDllName.Length = (USHORT)((ULONG_PTR)p - (ULONG_PTR)FullImageName.Buffer); LdrDataTableEntry->FullDllName.MaximumLength = LdrDataTableEntry->FullDllName.Length + (USHORT)sizeof(UNICODE_NULL); if (pp) { LdrDataTableEntry->BaseDllName.Length = (USHORT)((ULONG_PTR)p - (ULONG_PTR)pp); LdrDataTableEntry->BaseDllName.MaximumLength = LdrDataTableEntry->BaseDllName.Length + (USHORT)sizeof(UNICODE_NULL); LdrDataTableEntry->BaseDllName.Buffer = RtlAllocateHeap(Peb->ProcessHeap, MAKE_TAG( LDR_TAG ), LdrDataTableEntry->BaseDllName.MaximumLength ); RtlMoveMemory(LdrDataTableEntry->BaseDllName.Buffer, pp, LdrDataTableEntry->BaseDllName.MaximumLength ); } else { LdrDataTableEntry->BaseDllName = LdrDataTableEntry->FullDllName; } LdrpInsertMemoryTableEntry(LdrDataTableEntry); LdrDataTableEntry->Flags |= LDRP_ENTRY_PROCESSED; if (ShowSnaps) { DbgPrint( "LDR: NEW PROCESS\n" ); DbgPrint( " Image Path: %wZ (%wZ)\n", &LdrDataTableEntry->FullDllName, &LdrDataTableEntry->BaseDllName ); DbgPrint( " Current Directory: %wZ\n", &CurDir ); DbgPrint( " Search Path: %wZ\n", &LdrpDefaultPath ); } // // The process references the system DLL, so map this one next. Since // we have already mapped this one, we need to do the allocation by // hand. Since every application will be statically linked to the // system Dll, we'll keep the LoadCount initialized to 0. // LdrDataTableEntry = LdrpAllocateDataTableEntry(SystemDllBase); LdrDataTableEntry->Flags = (USHORT)LDRP_IMAGE_DLL; LdrDataTableEntry->EntryPoint = LdrpFetchAddressOfEntryPoint(LdrDataTableEntry->DllBase); LdrDataTableEntry->LoadCount = (USHORT)0xffff; LdrDataTableEntry->BaseDllName.Length = SystemDllPath.Length; RtlAppendUnicodeToString( &SystemDllPath, L"ntdll.dll" ); LdrDataTableEntry->BaseDllName.Length = SystemDllPath.Length - LdrDataTableEntry->BaseDllName.Length; LdrDataTableEntry->BaseDllName.MaximumLength = LdrDataTableEntry->BaseDllName.Length + sizeof( UNICODE_NULL ); LdrDataTableEntry->FullDllName.Buffer = (RtlAllocateStringRoutine)( SystemDllPath.Length + sizeof( UNICODE_NULL ) ); ASSERT(LdrDataTableEntry->FullDllName.Buffer != NULL); RtlMoveMemory( LdrDataTableEntry->FullDllName.Buffer, SystemDllPath.Buffer, SystemDllPath.Length ); LdrDataTableEntry->FullDllName.Buffer[ SystemDllPath.Length / sizeof( WCHAR ) ] = UNICODE_NULL; LdrDataTableEntry->FullDllName.Length = SystemDllPath.Length; LdrDataTableEntry->FullDllName.MaximumLength = SystemDllPath.Length + sizeof( UNICODE_NULL ); LdrDataTableEntry->BaseDllName.Buffer = (PWSTR) ((PCHAR)(LdrDataTableEntry->FullDllName.Buffer) + LdrDataTableEntry->FullDllName.Length - LdrDataTableEntry->BaseDllName.Length ); LdrpInsertMemoryTableEntry(LdrDataTableEntry); // // Add init routine to list // InsertHeadList(&Peb->Ldr->InInitializationOrderModuleList, &LdrDataTableEntry->InInitializationOrderLinks); // // Inherit the current directory // st = RtlSetCurrentDirectory_U(&CurDir); if (!NT_SUCCESS(st)) { if ( !StaticCurDir ) { RtlFreeUnicodeString(&CurDir); } CurDir = NtSystemRoot; st = RtlSetCurrentDirectory_U(&CurDir); } else { if ( !StaticCurDir ) { RtlFreeUnicodeString(&CurDir); } } #if defined(WX86) // // Load in x86 emulator for risc (Wx86.dll) // if (NtHeader->FileHeader.Machine == IMAGE_FILE_MACHINE_I386) { st = LdrpLoadWx86Dll(Context); if (!NT_SUCCESS(st)) { return st; } } #endif #if defined(_WIN64) // // Load in WOW64 if the image is supposed to run simulated // if (UseWOW64) { UNICODE_STRING Wow64Name; ANSI_STRING ProcName; RtlInitUnicodeString(&Wow64Name, L"wow64.dll"); st = LdrLoadDll(NULL, NULL, &Wow64Name, &Wow64Handle); if (!NT_SUCCESS(st)) { if (ShowSnaps) { DbgPrint("wow64.dll not found. Status=%x\n", st); } return st; } // // Get the entrypoints. They are roughly cloned from ntos\ps\psinit.c // PspInitSystemDll(). // RtlInitAnsiString(&ProcName, "Wow64LdrpInitialize"); st = LdrGetProcedureAddress(Wow64Handle, &ProcName, 0, (PVOID *)&Wow64LdrpInitialize); if (!NT_SUCCESS(st)) { if (ShowSnaps) { DbgPrint("Wow64LdrpInitialize not found. Status=%x\n", st); } return st; } RtlInitAnsiString(&ProcName, "Wow64PrepareForException"); st = LdrGetProcedureAddress(Wow64Handle, &ProcName, 0, (PVOID *)&Wow64PrepareForException); if (!NT_SUCCESS(st)) { if (ShowSnaps) { DbgPrint("Wow64PrepareForException not found. Status=%x\n", st); } return st; } DbgPrint("WARNING: PROCESS HAS BEEN CONVERTED TO WOW64!!!\n"); if (Peb->ProcessParameters) { DbgPrint("CommandLine: %wZ\n", &Peb->ProcessParameters->CommandLine); DbgPrint("ImagePathName: %wZ\n", &Peb->ProcessParameters->ImagePathName); } // // Now that all DLLs are loaded, if the process is being debugged, // signal the debugger with an exception // if ( Peb->BeingDebugged ) { DbgBreakPoint(); } // // Release the loaderlock now - this thread doesn't need it any more. // RtlLeaveCriticalSection(&LoaderLock); // // Call wow64 to load and run 32-bit ntdll.dll. // (*Wow64LdrpInitialize)(Context); // This never returns. It will destroy the process. } #endif st = LdrpWalkImportDescriptor( LdrpDefaultPath.Buffer, LdrpImageEntry ); if ((PVOID)NtHeader->OptionalHeader.ImageBase != NtCurrentPeb()->ImageBaseAddress ) { // // The executable is not at its original address. It must be // relocated now. // PVOID ViewBase; NTSTATUS status; ViewBase = NtCurrentPeb()->ImageBaseAddress; status = LdrpSetProtection(ViewBase, FALSE, TRUE); if (!NT_SUCCESS(status)) { return status; } status = (NTSTATUS)LdrRelocateImage(ViewBase, "LDR", (ULONG)STATUS_SUCCESS, (ULONG)STATUS_CONFLICTING_ADDRESSES, (ULONG)STATUS_INVALID_IMAGE_FORMAT ); if (!NT_SUCCESS(status)) { return status; } // // Update the initial thread context record as per the relocation. // if (Context) { OldBase = NtHeader->OptionalHeader.ImageBase; Diff = (PCHAR)ViewBase - (PCHAR)OldBase; LdrpRelocateStartContext(Context, Diff); } status = LdrpSetProtection(ViewBase, TRUE, TRUE); if (!NT_SUCCESS(status)) { return status; } } #if defined (_ALPHA_) // // Find and apply Alpha architecture fixups for this image // AlphaFindArchitectureFixups(NtHeader, NtCurrentPeb()->ImageBaseAddress, TRUE); #endif LdrpReferenceLoadedDll(LdrpImageEntry); // // Lock the loaded DLLs to prevent dlls that back link to the exe to // cause problems when they are unloaded. // { PLDR_DATA_TABLE_ENTRY Entry; PLIST_ENTRY Head,Next; Head = &NtCurrentPeb()->Ldr->InLoadOrderModuleList; Next = Head->Flink; while ( Next != Head ) { Entry = CONTAINING_RECORD(Next, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks); Entry->LoadCount = 0xffff; Next = Next->Flink; } } // // All static DLLs are now pinned in place. No init routines have been run yet // LdrpLdrDatabaseIsSetup = TRUE; if (!NT_SUCCESS(st)) { #if DBG DbgPrint("LDR: Initialize of image failed. Returning Error Status\n"); #endif return st; } if ( !NT_SUCCESS(LdrpInitializeTls()) ) { return st; } // // Now that all DLLs are loaded, if the process is being debugged, // signal the debugger with an exception // if ( Peb->BeingDebugged ) { DbgBreakPoint(); ShowSnaps = (BOOLEAN)(FLG_SHOW_LDR_SNAPS & Peb->NtGlobalFlag); } #if defined (_X86_) if ( LdrpNumberOfProcessors > 1 ) { LdrpValidateImageForMp(LdrDataTableEntry); } #endif #if DBG if (LdrpDisplayLoadTime) { NtQueryPerformanceCounter(&InitbTime, NULL); } #endif // DBG // // Get all application goo here (hacks, flags, etc.) // LdrQueryApplicationCompatibilityGoo(UnicodeImageName); st = LdrpRunInitializeRoutines(Context); if ( NT_SUCCESS(st) && Peb->PostProcessInitRoutine ) { (Peb->PostProcessInitRoutine)(); } return st; }

VOID LdrpInitializeThread (  IN PCONTEXT  Context  )

Definition at line 1702 of file ldrinit.c. References LdrpAllocateTls(), LdrpCallInitRoutine, LdrpCallTlsInitializers(), LdrpImageHasTls, LdrpShutdownInProgress, and NULL. Referenced by LdrpInitialize(). : This function is called by a thread that is terminating cleanly. It's purpose is to call all of the processes DLLs to notify them that the thread is detaching. Arguments: Context - Context that will be restored after loader initializes. Return Value: None. --*/ { PPEB Peb; PLDR_DATA_TABLE_ENTRY LdrDataTableEntry; PDLL_INIT_ROUTINE InitRoutine; PLIST_ENTRY Next; Peb = NtCurrentPeb(); if ( LdrpShutdownInProgress ) { return; } LdrpAllocateTls(); Next = Peb->Ldr->InMemoryOrderModuleList.Flink; while (Next != &Peb->Ldr->InMemoryOrderModuleList) { LdrDataTableEntry = (PLDR_DATA_TABLE_ENTRY) (CONTAINING_RECORD(Next, LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks)); // // Walk through the entire list looking for // entries. For each entry, that has an init // routine, call it. // if (Peb->ImageBaseAddress != LdrDataTableEntry->DllBase) { if ( !(LdrDataTableEntry->Flags & LDRP_DONT_CALL_FOR_THREADS)) { InitRoutine = (PDLL_INIT_ROUTINE)LdrDataTableEntry->EntryPoint; if (InitRoutine && (LdrDataTableEntry->Flags & LDRP_PROCESS_ATTACH_CALLED) ) { if (LdrDataTableEntry->Flags & LDRP_IMAGE_DLL) { if ( LdrDataTableEntry->TlsIndex ) { if ( !LdrpShutdownInProgress ) { LdrpCallTlsInitializers(LdrDataTableEntry->DllBase,DLL_THREAD_ATTACH); } } #if defined (WX86) if (!Wx86ProcessInit || LdrpRunWx86DllEntryPoint(InitRoutine, NULL, LdrDataTableEntry->DllBase, DLL_THREAD_ATTACH, NULL ) == STATUS_IMAGE_MACHINE_TYPE_MISMATCH) #endif { if ( !LdrpShutdownInProgress ) { LdrpCallInitRoutine(InitRoutine, LdrDataTableEntry->DllBase, DLL_THREAD_ATTACH, NULL); } } } } } } Next = Next->Flink; } // // If the image has tls than call its initializers // if ( LdrpImageHasTls && !LdrpShutdownInProgress ) { LdrpCallTlsInitializers(NtCurrentPeb()->ImageBaseAddress,DLL_THREAD_ATTACH); } }

NTSTATUS LdrpInitializeTls (  VOID   )

Definition at line 1978 of file ldrinit.c. References DbgPrint, FALSE, LdrpAllocateTls(), LdrpImageHasTls, LdrpNumberOfTlsEntries, LdrpTlsList, MAKE_TAG, PLDRP_TLS_ENTRY, RtlAllocateHeap, RtlImageDirectoryEntryToData(), RtlpSerializeHeap(), ShowSnaps, TLS_TAG, TRUE, and USHORT. Referenced by LdrpInitializeProcess(). { PLDR_DATA_TABLE_ENTRY Entry; PLIST_ENTRY Head,Next; PIMAGE_TLS_DIRECTORY TlsImage; PLDRP_TLS_ENTRY TlsEntry; ULONG TlsSize; BOOLEAN FirstTimeThru = TRUE; InitializeListHead(&LdrpTlsList); // // Walk through the loaded modules an look for TLS. If we find TLS, // lock in the module and add to the TLS chain. // Head = &NtCurrentPeb()->Ldr->InLoadOrderModuleList; Next = Head->Flink; while ( Next != Head ) { Entry = CONTAINING_RECORD(Next, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks); Next = Next->Flink; TlsImage = (PIMAGE_TLS_DIRECTORY)RtlImageDirectoryEntryToData( Entry->DllBase, TRUE, IMAGE_DIRECTORY_ENTRY_TLS, &TlsSize ); // // mark whether or not the image file has TLS // if ( FirstTimeThru ) { FirstTimeThru = FALSE; if ( TlsImage && !LdrpImageHasTls) { RtlpSerializeHeap( RtlProcessHeap() ); LdrpImageHasTls = TRUE; } } if ( TlsImage ) { if (ShowSnaps) { DbgPrint( "LDR: Tls Found in %wZ at %lx\n", &Entry->BaseDllName, TlsImage ); } TlsEntry = RtlAllocateHeap(RtlProcessHeap(),MAKE_TAG( TLS_TAG ),sizeof(*TlsEntry)); if ( !TlsEntry ) { return STATUS_NO_MEMORY; } // // Since this DLL has TLS, lock it in // Entry->LoadCount = (USHORT)0xffff; // // Mark this as having thread local storage // Entry->TlsIndex = (USHORT)0xffff; TlsEntry->Tls = *TlsImage; InsertTailList(&LdrpTlsList,&TlsEntry->Links); // // Update the index for this dll's thread local storage // *(PLONG)TlsEntry->Tls.AddressOfIndex = LdrpNumberOfTlsEntries; TlsEntry->Tls.Characteristics = LdrpNumberOfTlsEntries++; } } // // We now have walked through all static DLLs and know // all DLLs that reference thread local storage. Now we // just have to allocate the thread local storage for the current // thread and for all subsequent threads // return LdrpAllocateTls(); }

VOID LdrpRelocateStartContext (  IN PCONTEXT  Context, IN LONG_PTR  Diff )

Definition at line 28 of file alpha/ldrctx.c. Referenced by LdrpInitializeProcess(). 00034 : 00035 00036 This routine relocates the start context to mesh with the 00037 executable that has just been relocated. 00038 00039 Arguments: 00040 00041 Context - Supplies a context that needs editing. 00042 00043 Diff - Supplies the difference from the based address to the relocated 00044 address. 00045 00046 Return Value: 00047 00048 None. 00049 00050 --*/ 00051 { 00052 Context->IntA0 += (ULONGLONG)Diff; 00053 Context->IntGp += (ULONGLONG)Diff; 00054 } }

NTSTATUS LdrpSearchResourceSection_U (  IN PVOID  DllHandle, IN PULONG_PTR  ResourceIdPath, IN ULONG  ResourceIdPathLength, IN BOOLEAN  FindDirectoryEntry, IN BOOLEAN  ExactLangMatchOnly, OUT PVOID *  ResourceDirectoryOrData )

Definition at line 492 of file ldrrsrc.c. : This function locates the address of the specified resource in the specified DLL and returns its address. Arguments: DllHandle - Supplies a handle to the image file that the resource is contained in. ResourceIdPath - Supplies a pointer to an array of 32-bit resource identifiers. Each identifier is either an integer or a pointer to a null terminated string (PSZ) that specifies a resource name. The array is used to traverse the directory structure contained in the resource section in the image file specified by the DllHandle parameter. ResourceIdPathLength - Supplies the number of elements in the ResourceIdPath array. FindDirectoryEntry - Supplies a boolean that is TRUE if caller is searching for a resource directory, otherwise the caller is searching for a resource data entry. ExactLangMatchOnly - Supplies a boolean that is TRUE if caller is searching for a resource with, and only with, the language id specified in ResourceIdPath, otherwise the caller wants the routine to come up with default when specified langid is not found. ResourceDirectoryOrData - Supplies a pointer to a variable that will receive the address of the resource directory or data entry in the resource data section of the image file specified by the DllHandle parameter. Return Value: TBD --*/ { NTSTATUS Status; PIMAGE_RESOURCE_DIRECTORY LanguageResourceDirectory, ResourceDirectory, TopResourceDirectory; PIMAGE_RESOURCE_DIRECTORY_ENTRY ResourceDirEntLow; PIMAGE_RESOURCE_DIRECTORY_ENTRY ResourceDirEntMiddle; PIMAGE_RESOURCE_DIRECTORY_ENTRY ResourceDirEntHigh; PIMAGE_RESOURCE_DATA_ENTRY ResourceEntry; USHORT n, half; LONG dir; ULONG size; ULONG_PTR ResourceIdRetry; ULONG RetryCount; LANGID NewLangId; PULONG_PTR IdPath = ResourceIdPath; ULONG IdPathLength = ResourceIdPathLength; BOOLEAN fIsNeutral = FALSE; LANGID GivenLanguage; #ifndef NTOS_KERNEL_RUNTIME LCID DefaultThreadLocale, DefaultSystemLocale; PVOID AltResourceDllHandle = NULL; ULONG_PTR UIResourceIdPath[3]; #endif RTL_PAGED_CODE(); try { TopResourceDirectory = (PIMAGE_RESOURCE_DIRECTORY) RtlImageDirectoryEntryToData(DllHandle, TRUE, IMAGE_DIRECTORY_ENTRY_RESOURCE, &size ); if (!TopResourceDirectory) { return( STATUS_RESOURCE_DATA_NOT_FOUND ); } ResourceDirectory = TopResourceDirectory; ResourceIdRetry = USE_FIRSTAVAILABLE_LANGID; RetryCount = 0; ResourceEntry = NULL; LanguageResourceDirectory = NULL; while (ResourceDirectory != NULL && ResourceIdPathLength--) { // // If search path includes a language id, then attempt to // match the following language ids in this order: // // (0) use given language id // (1) use primary language of given language id // (2) use id 0 (neutral resource) // (3) use default UI language id // // If the PRIMARY language id is ZERO, then ALSO attempt to // match the following language ids in this order: // // (4) use lang id of TEB if different from user locale // (5) use UI lang from exe resource // (6) use primary UI lang from exe resource // (7) use Install Language // (8) use lang id from user's locale id // (9) use primary language of user's locale id // (10) use lang id from system default locale id // (11) use primary language of system default locale id // (12) use US English lang id // (13) use any lang id that matches requested info // if (ResourceIdPathLength == 0 && IdPathLength == 3) { LanguageResourceDirectory = ResourceDirectory; } if (LanguageResourceDirectory != NULL) { GivenLanguage = (LANGID)IdPath[ 2 ]; fIsNeutral = (PRIMARYLANGID( GivenLanguage ) == LANG_NEUTRAL); TryNextLangId: switch( RetryCount++ ) { #ifdef NTOS_KERNEL_RUNTIME case 0: // Use given language id NewLangId = GivenLanguage; break; case 1: // Use primary language of given language id NewLangId = PRIMARYLANGID( GivenLanguage ); break; case 2: // Use id 0 (neutral resource) NewLangId = 0; break; case 3: // Use user's default UI language NewLangId = (LANGID)ResourceIdRetry; break; case 4: // Use native UI language if ( !fIsNeutral ) { // Stop looking - Not in the neutral case goto ReturnFailure; break; } NewLangId = PsInstallUILanguageId; break; case 5: // Use default system locale NewLangId = LANGIDFROMLCID(PsDefaultSystemLocaleId); break; case 6: // Use US English language NewLangId = MAKELANGID( LANG_ENGLISH, SUBLANG_ENGLISH_US ); break; case 7: // Take any lang id that matches NewLangId = USE_FIRSTAVAILABLE_LANGID; break; #else case 0: // Use given language id NewLangId = GivenLanguage; break; case 1: // Use primary language of given language id if ( ExactLangMatchOnly) { // // Did not find an exact language match. // Stop looking. // goto ReturnFailure; } NewLangId = PRIMARYLANGID( GivenLanguage ); break; case 2: // Use id 0 (neutral resource) NewLangId = 0; break; case 3: // Use user's default UI language if (!UILangId){ Status = NtQueryDefaultUILanguage( &UILangId ); if (!NT_SUCCESS( Status )) { // // Failed reading key. Skip this lookup. // NewLangId = (LANGID)ResourceIdRetry; break; } } NewLangId = UILangId; // // Arabic/Hebrew MUI files may contain resources with LANG ID different than 401/40d. // e.g. Comdlg32.dll has two sets of Arabic/Hebrew resources one mirrored (401/40d) // and one flipped (801/80d). // if( !fIsNeutral && ((PRIMARYLANGID (GivenLanguage) == LANG_ARABIC) || (PRIMARYLANGID (GivenLanguage) == LANG_HEBREW)) && (PRIMARYLANGID (GivenLanguage) == PRIMARYLANGID (NewLangId)) ) { NewLangId = GivenLanguage; } if (fIsNeutral || GivenLanguage == NewLangId){ // // Load alternate resource dll. // AltResourceDllHandle=LdrLoadAlternateResourceModule( DllHandle, NULL); if (!AltResourceDllHandle){ // // Alternate resource dll not available. // Skip this lookup. // NewLangId = (LANGID)ResourceIdRetry; break; } // // Map to alternate resource dll and search // it instead. // UIResourceIdPath[0]=IdPath[0]; UIResourceIdPath[1]=IdPath[1]; UIResourceIdPath[2]=NewLangId; Status = LdrpSearchResourceSection_U( AltResourceDllHandle, UIResourceIdPath, 3, FindDirectoryEntry, TRUE, (PVOID *)ResourceDirectoryOrData ); if (NT_SUCCESS(Status)){ // // We sucessfully found alternate resource, // return it. // return Status; } } // // Caller does not want alternate resource, or // alternate resource not found. // NewLangId = (LANGID)ResourceIdRetry; break; case 4: // Use langid of ThreadLocale if different from user locale if ( !fIsNeutral ) { // Stop looking - Not in the neutral case goto ReturnFailure; break; } // // Try the thread locale language-id if it is different from // user locale. // if (NtCurrentTeb()){ Status = NtQueryDefaultLocale( TRUE, &DefaultThreadLocale ); if (NT_SUCCESS( Status ) && DefaultThreadLocale != NtCurrentTeb()->CurrentLocale) { // // Thread locale is different from // default locale. // NewLangId = LANGIDFROMLCID(NtCurrentTeb()->CurrentLocale); break; } } NewLangId = (LANGID)ResourceIdRetry; break; case 5: // UI language from the executable resource if (!UILangId){ NewLangId = (LANGID)ResourceIdRetry; } else { NewLangId = UILangId; } break; case 6: // Parimary lang of UI language from the executable resource if (!UILangId){ NewLangId = (LANGID)ResourceIdRetry; } else { NewLangId = PRIMARYLANGID( (LANGID) UILangId ); } break; case 7: // Use install -native- language // // Thread locale is the same as the user locale, then let's // try loading the native (install) ui language resources. // if (!InstallLangId){ Status = NtQueryInstallUILanguage(&InstallLangId); if (!NT_SUCCESS( Status )) { // // Failed reading key. Skip this lookup. // NewLangId = (LANGID)ResourceIdRetry; break; } } NewLangId = InstallLangId; break; case 8: // Use lang id from locale in TEB if (SUBLANGID( GivenLanguage ) == SUBLANG_SYS_DEFAULT) { // Skip over all USER locale options DefaultThreadLocale = 0; RetryCount += 2; break; } if (NtCurrentTeb() != NULL) { NewLangId = LANGIDFROMLCID(NtCurrentTeb()->CurrentLocale); } break; case 9: // Use User's default locale Status = NtQueryDefaultLocale( TRUE, &DefaultThreadLocale ); if (NT_SUCCESS( Status )) { NewLangId = LANGIDFROMLCID(DefaultThreadLocale); break; } RetryCount++; break; case 10: // Use primary language of User's default locale NewLangId = PRIMARYLANGID( (LANGID)ResourceIdRetry ); break; case 11: // Use System default locale Status = NtQueryDefaultLocale( FALSE, &DefaultSystemLocale ); if (!NT_SUCCESS( Status )) { RetryCount++; break; } if (DefaultSystemLocale != DefaultThreadLocale) { NewLangId = LANGIDFROMLCID(DefaultSystemLocale); break; } RetryCount += 2; // fall through case 13: // Use US English language NewLangId = MAKELANGID( LANG_ENGLISH, SUBLANG_ENGLISH_US ); break; case 12: // Use primary language of System default locale NewLangId = PRIMARYLANGID( (LANGID)ResourceIdRetry ); break; case 14: // Take any lang id that matches NewLangId = USE_FIRSTAVAILABLE_LANGID; break; #endif default: // No lang ids to match goto ReturnFailure; break; } // // If looking for a specific language id and same as the // one we just looked up, then skip it. // if (NewLangId != USE_FIRSTAVAILABLE_LANGID && NewLangId == ResourceIdRetry ) { goto TryNextLangId; } // // Try this new language Id // ResourceIdRetry = (ULONG_PTR)NewLangId; ResourceIdPath = &ResourceIdRetry; ResourceDirectory = LanguageResourceDirectory; } n = ResourceDirectory->NumberOfNamedEntries; ResourceDirEntLow = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)(ResourceDirectory+1); if (!(*ResourceIdPath & LDR_RESOURCE_ID_NAME_MASK)) { ResourceDirEntLow += n; n = ResourceDirectory->NumberOfIdEntries; } if (!n) { ResourceDirectory = NULL; goto NotFound; } if (LanguageResourceDirectory != NULL && *ResourceIdPath == USE_FIRSTAVAILABLE_LANGID ) { ResourceDirectory = NULL; ResourceIdRetry = ResourceDirEntLow->Name; ResourceEntry = (PIMAGE_RESOURCE_DATA_ENTRY) ((PCHAR)TopResourceDirectory + ResourceDirEntLow->OffsetToData ); break; } ResourceDirectory = NULL; ResourceDirEntHigh = ResourceDirEntLow + n - 1; while (ResourceDirEntLow <= ResourceDirEntHigh) { if ((half = (n >> 1)) != 0) { ResourceDirEntMiddle = ResourceDirEntLow; if (*(PUCHAR)&n & 1) { ResourceDirEntMiddle += half; } else { ResourceDirEntMiddle += half - 1; } dir = LdrpCompareResourceNames_U( *ResourceIdPath, TopResourceDirectory, ResourceDirEntMiddle ); if (!dir) { if (ResourceDirEntMiddle->DataIsDirectory) { ResourceDirectory = (PIMAGE_RESOURCE_DIRECTORY) ((PCHAR)TopResourceDirectory + ResourceDirEntMiddle->OffsetToDirectory ); } else { ResourceDirectory = NULL; ResourceEntry = (PIMAGE_RESOURCE_DATA_ENTRY) ((PCHAR)TopResourceDirectory + ResourceDirEntMiddle->OffsetToData ); } break; } else { if (dir < 0) { ResourceDirEntHigh = ResourceDirEntMiddle - 1; if (*(PUCHAR)&n & 1) { n = half; } else { n = half - 1; } } else { ResourceDirEntLow = ResourceDirEntMiddle + 1; n = half; } } } else { if (n != 0) { dir = LdrpCompareResourceNames_U( *ResourceIdPath, TopResourceDirectory, ResourceDirEntLow ); if (!dir) { if (ResourceDirEntLow->DataIsDirectory) { ResourceDirectory = (PIMAGE_RESOURCE_DIRECTORY) ((PCHAR)TopResourceDirectory + ResourceDirEntLow->OffsetToDirectory ); } else { ResourceEntry = (PIMAGE_RESOURCE_DATA_ENTRY) ((PCHAR)TopResourceDirectory + ResourceDirEntLow->OffsetToData ); } } } break; } } ResourceIdPath++; } if (ResourceEntry != NULL && !FindDirectoryEntry) { *ResourceDirectoryOrData = (PVOID)ResourceEntry; Status = STATUS_SUCCESS; } else if (ResourceDirectory != NULL && FindDirectoryEntry) { *ResourceDirectoryOrData = (PVOID)ResourceDirectory; Status = STATUS_SUCCESS; } else { NotFound: switch( IdPathLength - ResourceIdPathLength) { case 3: Status = STATUS_RESOURCE_LANG_NOT_FOUND; break; case 2: Status = STATUS_RESOURCE_NAME_NOT_FOUND; break; case 1: Status = STATUS_RESOURCE_TYPE_NOT_FOUND; break; default: Status = STATUS_INVALID_PARAMETER; break; } } if (Status == STATUS_RESOURCE_LANG_NOT_FOUND && LanguageResourceDirectory != NULL ) { ResourceEntry = NULL; goto TryNextLangId; ReturnFailure: ; Status = STATUS_RESOURCE_LANG_NOT_FOUND; } } except (EXCEPTION_EXECUTE_HANDLER) { Status = GetExceptionCode(); } return Status; }

VOID LdrQueryApplicationCompatibilityGoo (  IN PUNICODE_STRING  UnicodeImageName  )

Definition at line 2277 of file ldrinit.c. References EXCEPTION_EXECUTE_HANDLER, FALSE, GetNextCommaValue(), L, LdrFindAppCompatVariableInfo(), LdrpAccessResourceData(), LdrpSearchResourceSection_U(), LdrQueryImageFileExecutionOptions(), Name, NT_SUCCESS, NTSTATUS(), NULL, Resource, RtlAllocateHeap, RtlFreeHeap, RtlInitUnicodeString(), RtlQueryEnvironmentVariable_U(), TRUE, and USHORT. Referenced by LdrpInitializeProcess(). : This function is called by LdrpInitialize after its initialized the process. It's purpose is to query any application specific flags, hacks, etc. If any app specific information is found, its hung off the PEB for other components to test against. Besides setting hanging the AppCompatInfo struct off the PEB, the only other action that will occur in here is setting OS version numbers in the PEB if the appropriate Version lie app flag is set. Arguments: UnicodeImageName - Actual image name (including path) Return Value: None. --*/ { PPEB Peb; PVOID ResourceInfo; ULONG TotalGooLength; ULONG AppCompatLength; ULONG ResultSize; ULONG ResourceSize; ULONG InputCompareLength; ULONG OutputCompareLength; LANGID LangId; NTSTATUS st; BOOLEAN bImageContainsVersionResourceInfo; ULONG_PTR IdPath[3]; APP_COMPAT_GOO LocalAppCompatGoo; PAPP_COMPAT_GOO AppCompatGoo; PAPP_COMPAT_INFO AppCompatInfo; PAPP_VARIABLE_INFO AppVariableInfo; PPRE_APP_COMPAT_INFO AppCompatEntry; PIMAGE_RESOURCE_DATA_ENTRY DataEntry; PEFFICIENTOSVERSIONINFOEXW OSVerInfo; UNICODE_STRING EnvName; UNICODE_STRING EnvValue; WCHAR *NewCSDString; WCHAR TempString[ 128 ]; // is the size of szCSDVersion in OSVERSIONINFOW BOOLEAN fNewCSDVersionBuffer = FALSE; struct { USHORT TotalSize; USHORT DataSize; USHORT Type; WCHAR Name[16]; // L"VS_VERSION_INFO" + unicode nul } *Resource; // // Check execution options to see if there's any Goo for this app. // We purposely feed a small struct to LdrQueryImageFileExecOptions, // so that it can come back with success/failure, and if success we see // how much we need to alloc. As the results coming back will be of // variable length. // Peb = NtCurrentPeb(); Peb->AppCompatInfo = NULL; RtlInitUnicodeString(&Peb->CSDVersion, NULL); st = LdrQueryImageFileExecutionOptions( UnicodeImageName, L"ApplicationGoo", REG_BINARY, &LocalAppCompatGoo, sizeof(APP_COMPAT_GOO), &ResultSize ); // // If there's an entry there, we're guaranteed to get overflow error. // if (st == STATUS_BUFFER_OVERFLOW) { // // Something is there, alloc memory for the "Pre" Goo struct right now // AppCompatGoo = \ RtlAllocateHeap(Peb->ProcessHeap, HEAP_ZERO_MEMORY, ResultSize); if (!AppCompatGoo) { return; } // // Now that we've got the memory, hit it again // st = LdrQueryImageFileExecutionOptions( UnicodeImageName, L"ApplicationGoo", REG_BINARY, AppCompatGoo, ResultSize, &ResultSize ); if (!NT_SUCCESS( st )) { RtlFreeHeap(Peb->ProcessHeap, 0, AppCompatGoo); return; } // // Got a hit on this key, however we don't know fer sure that its // an exact match. There could be multiple App Compat entries // within this Goo. So we get the version resource information out // of the Image hdr (if avail) and later we compare it against all of // the entries found within the Goo hoping for a match. // // Need Language Id in order to query the resource info // bImageContainsVersionResourceInfo = FALSE; // NtQueryDefaultUILanguage(&LangId); IdPath[0] = 16; // RT_VERSION IdPath[1] = 1; // VS_VERSION_INFO IdPath[2] = 0; // LangId; // // Search for version resource information // try { st = LdrpSearchResourceSection_U( Peb->ImageBaseAddress, IdPath, 3, FALSE, FALSE, // TRUE, &DataEntry ); } except(EXCEPTION_EXECUTE_HANDLER) { st = STATUS_UNSUCCESSFUL; } if (NT_SUCCESS( st )) { // // Give us a pointer to the resource information // try { st = LdrpAccessResourceData( Peb->ImageBaseAddress, DataEntry, &Resource, &ResourceSize ); } except(EXCEPTION_EXECUTE_HANDLER) { st = STATUS_UNSUCCESSFUL; } if (NT_SUCCESS( st )) { bImageContainsVersionResourceInfo = TRUE; } } // // Now that we either have (or have not) the version resource info, // bounce down each app compat entry looking for a match. If there // wasn't any version resource info in the image hdr, its going to be // an automatic match to an entry that also doesn't have anything for // its version resource info. Obviously there can be only one of these // "empty" entries within the Goo (as the first one will always be // matched first. // st = STATUS_SUCCESS; AppCompatEntry = AppCompatGoo->AppCompatEntry; TotalGooLength = \ AppCompatGoo->dwTotalGooSize - sizeof(AppCompatGoo->dwTotalGooSize); while (TotalGooLength) { try { // // Compare what we're told to by the resource info size. The // ResourceInfo (if avail) is directly behind the AppCompatEntry // InputCompareLength = AppCompatEntry->dwResourceInfoSize; ResourceInfo = AppCompatEntry + 1; if (bImageContainsVersionResourceInfo) { if (InputCompareLength > Resource->TotalSize) { InputCompareLength = Resource->TotalSize; } OutputCompareLength = \ (ULONG)RtlCompareMemory( ResourceInfo, Resource, InputCompareLength ); } // // In this case, we don't have any version resource info in // the image header, so set OutputCompareLength to zero. // If InputCompareLength was set to zero (above) due to the // AppCompatEntry also having no version resource info, then // the test will succeed (below) and we've found our match. // Otherwise, this is not the same app and it won't be a match. // else { OutputCompareLength = 0; } } except(EXCEPTION_EXECUTE_HANDLER) { st = STATUS_UNSUCCESSFUL; } if ((!NT_SUCCESS( st )) || (InputCompareLength != OutputCompareLength)) { // // Wasn't a match for some reason or another, goto next entry // TotalGooLength -= AppCompatEntry->dwEntryTotalSize; (PUCHAR) AppCompatEntry += AppCompatEntry->dwEntryTotalSize; continue; } // // We're a match!!! Now we have to create the final "Post" // app compat structure that will be used by everyone to follow. // This guy hangs off the Peb and it doesn't have the resource // info still lying around in there. // AppCompatLength = AppCompatEntry->dwEntryTotalSize; AppCompatLength -= AppCompatEntry->dwResourceInfoSize; Peb->AppCompatInfo = \ RtlAllocateHeap(Peb->ProcessHeap, HEAP_ZERO_MEMORY, AppCompatLength); if (!Peb->AppCompatInfo) { break; } AppCompatInfo = Peb->AppCompatInfo; AppCompatInfo->dwTotalSize = AppCompatLength; // // Copy what was beyond the resource info to near the top starting at // the Application compat flags. // RtlMoveMemory( &AppCompatInfo->CompatibilityFlags, (PUCHAR) ResourceInfo + AppCompatEntry->dwResourceInfoSize, AppCompatInfo->dwTotalSize - FIELD_OFFSET(APP_COMPAT_INFO, CompatibilityFlags) ); // // Now that we've created the "Post" app compat info struct to be // used by everyone, we need to check if version lying for this // app is requested. If so, we need to stuff the Peb right now. // if (AppCompatInfo->CompatibilityFlags.QuadPart & KACF_VERSIONLIE) { // // Find the variable version lie struct somwhere within // if( STATUS_SUCCESS != LdrFindAppCompatVariableInfo(AVT_OSVERSIONINFO, &AppVariableInfo)) { break; } // // The variable length information itself comes at the end // of the normal struct and could be of any aribitrary length // AppVariableInfo++; OSVerInfo = (PEFFICIENTOSVERSIONINFOEXW) AppVariableInfo; Peb->OSMajorVersion = OSVerInfo->dwMajorVersion; Peb->OSMinorVersion = OSVerInfo->dwMinorVersion; Peb->OSBuildNumber = (USHORT) OSVerInfo->dwBuildNumber; Peb->OSCSDVersion = (OSVerInfo->wServicePackMajor << 8) & 0xFF00; Peb->OSCSDVersion |= OSVerInfo->wServicePackMinor; Peb->OSPlatformId = OSVerInfo->dwPlatformId; Peb->CSDVersion.Length = (USHORT)wcslen(&OSVerInfo->szCSDVersion[0])*sizeof(WCHAR); Peb->CSDVersion.MaximumLength = Peb->CSDVersion.Length + sizeof(WCHAR); Peb->CSDVersion.Buffer = \ RtlAllocateHeap( Peb->ProcessHeap, HEAP_ZERO_MEMORY, Peb->CSDVersion.MaximumLength ); if (!Peb->CSDVersion.Buffer) { break; } wcscpy(Peb->CSDVersion.Buffer, &OSVerInfo->szCSDVersion[0]); fNewCSDVersionBuffer = TRUE; } break; } RtlFreeHeap(Peb->ProcessHeap, 0, AppCompatGoo); } // // Only look at the ENV stuff if haven't already gotten new version info from the registry // if ( FALSE == fNewCSDVersionBuffer ) { // // The format of this string is: // _COMPAT_VER_NNN = MajOSVer, MinOSVer, OSBldNum, MajCSD, MinCSD, PlatformID, CSDString // eg: _COMPAT_VER_NNN=4,0,1381,3,0,2,Service Pack 3 // (for NT 4 SP3) RtlInitUnicodeString(&EnvName, L"_COMPAT_VER_NNN"); EnvValue.Buffer = TempString; EnvValue.Length = 0; EnvValue.MaximumLength = sizeof(TempString); st = RtlQueryEnvironmentVariable_U( NULL, &EnvName, &EnvValue ); // // One of the possible error codes is BUFFER_TOO_SMALL - this indicates a // string that's wacko - they should not be larger than the size we define/expect // In this case, we'll ignore that string // if ( STATUS_SUCCESS == st ) { WCHAR *p = EnvValue.Buffer; WCHAR *NewSPString; ULONG len = EnvValue.Length / sizeof(WCHAR); // (Length is bytes, not chars) // // Ok, someone wants different version info. // Peb->OSMajorVersion = GetNextCommaValue( &p, &len ); Peb->OSMinorVersion = GetNextCommaValue( &p, &len ); Peb->OSBuildNumber = (USHORT)GetNextCommaValue( &p, &len ); Peb->OSCSDVersion = (USHORT)(GetNextCommaValue( &p, &len )) << 8; Peb->OSCSDVersion |= (USHORT)GetNextCommaValue( &p, &len ); Peb->OSPlatformId = GetNextCommaValue( &p, &len ); // // Need to free the old buffer if there is one... // if ( fNewCSDVersionBuffer ) { RtlFreeHeap( Peb->ProcessHeap, 0, Peb->CSDVersion.Buffer ); Peb->CSDVersion.Buffer = NULL; } if ( len ) { NewCSDString = \ RtlAllocateHeap( Peb->ProcessHeap, HEAP_ZERO_MEMORY, ( len + 1 ) * sizeof(WCHAR) ); if ( NULL == NewCSDString ) { return; } // // Now copy the string to memory that we'll keep // // We do a movemem here rather than a string copy because current comments in // RtlQueryEnvironmentVariable() indicate that in an edge case, we might not // have a trailing NULL - berniem 7/7/99 // RtlMoveMemory( NewCSDString, p, len * sizeof(WCHAR) ); } else { NewCSDString = NULL; } RtlInitUnicodeString( &(Peb->CSDVersion), NewCSDString ); } } return; }

NTSTATUS LdrQueryImageFileExecutionOptions (  IN PUNICODE_STRING  ImagePathName, IN PWSTR  OptionName, IN ULONG  Type, OUT PVOID  Buffer, IN ULONG  BufferSize, OUT PULONG ResultSize  OPTIONAL )

Definition at line 1796 of file ldrinit.c. References Buffer, BufferSize, FALSE, KeyPath, KeyPathBuffer, L, MAKE_TAG, NT_SUCCESS, NtClose(), NtOpenKey(), NtQueryValueKey(), NTSTATUS(), NULL, ObjectAttributes, RtlAllocateHeap, RtlAppendUnicodeStringToString(), RtlAppendUnicodeToString(), RtlFreeHeap, RtlInitUnicodeString(), RtlUnicodeStringToInteger(), Status, TEMP_TAG, TRUE, and USHORT. Referenced by LdrpInitialize(), LdrpInitializeProcess(), LdrpRunInitializeRoutines(), and LdrQueryApplicationCompatibilityGoo(). { BOOLEAN bNeedToFree=FALSE; NTSTATUS Status; UNICODE_STRING UnicodeString; PWSTR pw; OBJECT_ATTRIBUTES ObjectAttributes; HANDLE KeyHandle; UNICODE_STRING KeyPath; WCHAR KeyPathBuffer[ DOS_MAX_COMPONENT_LENGTH + 100 ]; ULONG KeyValueBuffer[ 256 ]; PKEY_VALUE_PARTIAL_INFORMATION KeyValueInformation; ULONG AllocLength; ULONG ResultLength; KeyPath.Buffer = KeyPathBuffer; KeyPath.Length = 0; KeyPath.MaximumLength = sizeof( KeyPathBuffer ); RtlAppendUnicodeToString( &KeyPath, L"\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\" ); UnicodeString = *ImagePathName; pw = (PWSTR)((PCHAR)UnicodeString.Buffer + UnicodeString.Length); UnicodeString.MaximumLength = UnicodeString.Length; while (UnicodeString.Length != 0) { if (pw[ -1 ] == OBJ_NAME_PATH_SEPARATOR) { break; } pw--; UnicodeString.Length -= sizeof( *pw ); } UnicodeString.Buffer = pw; UnicodeString.Length = UnicodeString.MaximumLength - UnicodeString.Length; RtlAppendUnicodeStringToString( &KeyPath, &UnicodeString ); InitializeObjectAttributes( &ObjectAttributes, &KeyPath, OBJ_CASE_INSENSITIVE, NULL, NULL ); Status = NtOpenKey( &KeyHandle, GENERIC_READ, &ObjectAttributes ); if (!NT_SUCCESS( Status )) { return Status; } RtlInitUnicodeString( &UnicodeString, OptionName ); KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION)&KeyValueBuffer; Status = NtQueryValueKey( KeyHandle, &UnicodeString, KeyValuePartialInformation, KeyValueInformation, sizeof( KeyValueBuffer ), &ResultLength ); if (Status == STATUS_BUFFER_OVERFLOW) { // // This function can be called before the process heap gets created // therefore we need to protect against this case. The majority of the // code will not hit this code path because they read just strings // containing hex numbers and for this the size of KeyValueBuffer is // more than sufficient. // if (RtlProcessHeap()) { AllocLength = sizeof( *KeyValueInformation ) + KeyValueInformation->DataLength; KeyValueInformation = (PKEY_VALUE_PARTIAL_INFORMATION) RtlAllocateHeap( RtlProcessHeap(), MAKE_TAG( TEMP_TAG ), AllocLength); if (KeyValueInformation == NULL) { Status = STATUS_NO_MEMORY; } else { bNeedToFree = TRUE; Status = NtQueryValueKey( KeyHandle, &UnicodeString, KeyValuePartialInformation, KeyValueInformation, AllocLength, &ResultLength ); } } else { Status = STATUS_NO_MEMORY; } } if (NT_SUCCESS( Status )) { if (KeyValueInformation->Type == REG_BINARY) { if ((Buffer) && (KeyValueInformation->DataLength <= BufferSize)) { RtlMoveMemory( Buffer, &KeyValueInformation->Data, KeyValueInformation->DataLength); } else { Status = STATUS_BUFFER_OVERFLOW; } if (ARGUMENT_PRESENT( ResultSize )) { *ResultSize = KeyValueInformation->DataLength; } } else if (KeyValueInformation->Type == REG_DWORD) { if (Type != REG_DWORD) { Status = STATUS_OBJECT_TYPE_MISMATCH; } else { if ((Buffer) && (BufferSize == sizeof(ULONG)) && (KeyValueInformation->DataLength == BufferSize)) { RtlMoveMemory( Buffer, &KeyValueInformation->Data, KeyValueInformation->DataLength); } else { Status = STATUS_BUFFER_OVERFLOW; } if (ARGUMENT_PRESENT( ResultSize )) { *ResultSize = KeyValueInformation->DataLength; } } } else if (KeyValueInformation->Type != REG_SZ) { Status = STATUS_OBJECT_TYPE_MISMATCH; } else { if (Type == REG_DWORD) { if (BufferSize != sizeof( ULONG )) { BufferSize = 0; Status = STATUS_INFO_LENGTH_MISMATCH; } else { UnicodeString.Buffer = (PWSTR)&KeyValueInformation->Data; UnicodeString.Length = (USHORT) (KeyValueInformation->DataLength - sizeof( UNICODE_NULL )); UnicodeString.MaximumLength = (USHORT)KeyValueInformation->DataLength; Status = RtlUnicodeStringToInteger( &UnicodeString, 0, (PULONG)Buffer ); } } else { if (KeyValueInformation->DataLength > BufferSize) { Status = STATUS_BUFFER_OVERFLOW; } else { BufferSize = KeyValueInformation->DataLength; } RtlMoveMemory( Buffer, &KeyValueInformation->Data, BufferSize ); } if (ARGUMENT_PRESENT( ResultSize )) { *ResultSize = BufferSize; } } } if (bNeedToFree) RtlFreeHeap(RtlProcessHeap(), 0, KeyValueInformation); NtClose( KeyHandle ); return Status; }

VOID LdrShutdownProcess (  VOID   )

Definition at line 1462 of file ldrinit.c. References CommandLine, DbgPrint, LdrpCallInitRoutine, LdrpCallTlsInitializers(), LdrpImageHasTls, LdrpShutdownInProgress, LdrpShutdownThreadId, LoaderLock, NULL, RtlpHeapIsLocked(), RtlValidateProcessHeaps(), ShowSnaps, and TRUE. : This function is called by a process that is terminating cleanly. It's purpose is to call all of the processes DLLs to notify them that the process is detaching. Arguments: None Return Value: None. --*/ { PPEB Peb; PLDR_DATA_TABLE_ENTRY LdrDataTableEntry; PDLL_INIT_ROUTINE InitRoutine; PLIST_ENTRY Next; // // only unload once ! DllTerm routines might call exit process in fatal situations // if ( LdrpShutdownInProgress ) { return; } Peb = NtCurrentPeb(); if (ShowSnaps) { UNICODE_STRING CommandLine; CommandLine = Peb->ProcessParameters->CommandLine; if (!(Peb->ProcessParameters->Flags & RTL_USER_PROC_PARAMS_NORMALIZED)) { CommandLine.Buffer = (PWSTR)((PCHAR)CommandLine.Buffer + (ULONG_PTR)(Peb->ProcessParameters)); } DbgPrint( "LDR: PID: 0x%x finished - '%wZ'\n", NtCurrentTeb()->ClientId.UniqueProcess, &CommandLine ); } LdrpShutdownThreadId = NtCurrentTeb()->ClientId.UniqueThread; LdrpShutdownInProgress = TRUE; RtlEnterCriticalSection(&LoaderLock); try { // // check to see if the heap is locked. If so, do not do ANY // dll processing since it is very likely that a dll will need // to do heap operations, but that the heap is not in good shape. // ExitProcess called in a very active app can leave threads terminated // in the middle of the heap code or in other very bad places. Checking the // heap lock is a good indication that the process was very active when it // called ExitProcess // if ( RtlpHeapIsLocked( RtlProcessHeap() )) { ; } else { if ( Peb->BeingDebugged ) { RtlValidateProcessHeaps(); } // // Go in reverse order initialization order and build // the unload list // Next = Peb->Ldr->InInitializationOrderModuleList.Blink; while ( Next != &Peb->Ldr->InInitializationOrderModuleList) { LdrDataTableEntry = (PLDR_DATA_TABLE_ENTRY) (CONTAINING_RECORD(Next,LDR_DATA_TABLE_ENTRY,InInitializationOrderLinks)); Next = Next->Blink; // // Walk through the entire list looking for // entries. For each entry, that has an init // routine, call it. // if (Peb->ImageBaseAddress != LdrDataTableEntry->DllBase) { InitRoutine = (PDLL_INIT_ROUTINE)LdrDataTableEntry->EntryPoint; if (InitRoutine && (LdrDataTableEntry->Flags & LDRP_PROCESS_ATTACH_CALLED) ) { if (LdrDataTableEntry->Flags) { if ( LdrDataTableEntry->TlsIndex ) { LdrpCallTlsInitializers(LdrDataTableEntry->DllBase,DLL_PROCESS_DETACH); } #if defined (WX86) if (!Wx86ProcessInit || LdrpRunWx86DllEntryPoint(InitRoutine, NULL, LdrDataTableEntry->DllBase, DLL_PROCESS_DETACH, (PVOID)1 ) == STATUS_IMAGE_MACHINE_TYPE_MISMATCH) #endif { LdrpCallInitRoutine(InitRoutine, LdrDataTableEntry->DllBase, DLL_PROCESS_DETACH, (PVOID)1); } } } } } // // If the image has tls than call its initializers // if ( LdrpImageHasTls ) { LdrpCallTlsInitializers(NtCurrentPeb()->ImageBaseAddress,DLL_PROCESS_DETACH); } } } finally { RtlLeaveCriticalSection(&LoaderLock); } }

VOID LdrShutdownThread (  VOID   )

Definition at line 1602 of file ldrinit.c. References LdrpCallInitRoutine, LdrpCallTlsInitializers(), LdrpFreeTls(), LdrpImageHasTls, LoaderLock, and NULL. : This function is called by a thread that is terminating cleanly. It's purpose is to call all of the processes DLLs to notify them that the thread is detaching. Arguments: None Return Value: None. --*/ { PPEB Peb; PLDR_DATA_TABLE_ENTRY LdrDataTableEntry; PDLL_INIT_ROUTINE InitRoutine; PLIST_ENTRY Next; Peb = NtCurrentPeb(); RtlEnterCriticalSection(&LoaderLock); try { // // Go in reverse order initialization order and build // the unload list // Next = Peb->Ldr->InInitializationOrderModuleList.Blink; while ( Next != &Peb->Ldr->InInitializationOrderModuleList) { LdrDataTableEntry = (PLDR_DATA_TABLE_ENTRY) (CONTAINING_RECORD(Next,LDR_DATA_TABLE_ENTRY,InInitializationOrderLinks)); Next = Next->Blink; // // Walk through the entire list looking for // entries. For each entry, that has an init // routine, call it. // if (Peb->ImageBaseAddress != LdrDataTableEntry->DllBase) { if ( !(LdrDataTableEntry->Flags & LDRP_DONT_CALL_FOR_THREADS)) { InitRoutine = (PDLL_INIT_ROUTINE)LdrDataTableEntry->EntryPoint; if (InitRoutine && (LdrDataTableEntry->Flags & LDRP_PROCESS_ATTACH_CALLED) ) { if (LdrDataTableEntry->Flags & LDRP_IMAGE_DLL) { if ( LdrDataTableEntry->TlsIndex ) { LdrpCallTlsInitializers(LdrDataTableEntry->DllBase,DLL_THREAD_DETACH); } #if defined (WX86) if (!Wx86ProcessInit || LdrpRunWx86DllEntryPoint(InitRoutine, NULL, LdrDataTableEntry->DllBase, DLL_THREAD_DETACH, NULL ) == STATUS_IMAGE_MACHINE_TYPE_MISMATCH) #endif { LdrpCallInitRoutine(InitRoutine, LdrDataTableEntry->DllBase, DLL_THREAD_DETACH, NULL); } } } } } } // // If the image has tls than call its initializers // if ( LdrpImageHasTls ) { LdrpCallTlsInitializers(NtCurrentPeb()->ImageBaseAddress,DLL_THREAD_DETACH); } LdrpFreeTls(); } finally { RtlLeaveCriticalSection(&LoaderLock); } }

BOOLEAN NtdllOkayToLockRoutine (  IN PVOID  Lock  )

Definition at line 236 of file dll/resource.c. { return TRUE; }

PVOID NtdllpAllocateStringRoutine (  SIZE_T  NumberOfBytes  )

Definition at line 121 of file ldrinit.c. References RtlAllocateHeap. Referenced by LdrpInitializeProcess(). { return RtlAllocateHeap(RtlProcessHeap(), 0, NumberOfBytes); }

VOID NtdllpFreeStringRoutine (  PVOID  Buffer  )

Definition at line 129 of file ldrinit.c. References Buffer, and RtlFreeHeap. Referenced by LdrpInitializeProcess(). { RtlFreeHeap(RtlProcessHeap(), 0, Buffer); }

VOID RtlpInitDeferedCriticalSection (  VOID   )

Definition at line 211 of file dll/resource.c. References DbgPrint, DeferedCriticalSection, RtlCriticalSectionList, RtlCriticalSectionLock, RtlInitializeCriticalSectionAndSpinCount(), RtlpChainDebugInfo(), RtlpCreateCriticalSectionSem(), RtlpCritSectInitialized, RtlpDebugInfoFreeList, RtlpStaticDebugInfo, and TRUE. { InitializeListHead( &RtlCriticalSectionList ); if (sizeof( RTL_CRITICAL_SECTION_DEBUG ) != sizeof( RTL_RESOURCE_DEBUG )) { DbgPrint( "NTDLL: Critical Section & Resource Debug Info length mismatch.\n" ); return; } RtlpDebugInfoFreeList = RtlpChainDebugInfo( RtlpStaticDebugInfo, sizeof( RtlpStaticDebugInfo ) ); RtlInitializeCriticalSectionAndSpinCount( &RtlCriticalSectionLock, 1000 ); RtlInitializeCriticalSectionAndSpinCount( &DeferedCriticalSection, 1000 ); RtlpCreateCriticalSectionSem(&DeferedCriticalSection); RtlpCritSectInitialized = TRUE; return; }

---

Variable Documentation

BOOLEAN LdrpImageHasTls = FALSE

Definition at line 32 of file ldrinit.c. Referenced by LdrpInitializeThread(), LdrpInitializeTls(), LdrpRunInitializeRoutines(), LdrShutdownProcess(), and LdrShutdownThread().

BOOLEAN LdrpInLdrInit = FALSE

Definition at line 35 of file ldrinit.c. Referenced by LdrDisableThreadCalloutsForDll(), LdrGetDllHandle(), LdrpCreateDllSection(), LdrpGetProcedureAddress(), LdrpInitialize(), LdrpLoadDll(), LdrpMapDll(), LdrpSnapThunk(), LdrQueryProcessModuleInformation(), and LdrUnloadDll().

BOOLEAN LdrpLdrDatabaseIsSetup = FALSE

Definition at line 34 of file ldrinit.c. Referenced by LdrpInitializeProcess(), and LdrpLoadDll().

BOOLEAN LdrpShutdownInProgress = FALSE

Definition at line 31 of file ldrinit.c. Referenced by LdrDisableThreadCalloutsForDll(), LdrpInitializeThread(), LdrShutdownProcess(), LdrUnloadDll(), RtlCheckForOrphanedCriticalSections(), RtlpNotOwnerCriticalSection(), and RtlpWaitForCriticalSection().

BOOLEAN LdrpVerifyDlls = FALSE

Definition at line 33 of file ldrinit.c. Referenced by LdrpInitializeProcess().

RTL_CRITICAL_SECTION LoaderLock

Initial value: { &LoaderLockDebug, -1 } Definition at line 142 of file ldrinit.c. Referenced by LdrDisableThreadCalloutsForDll(), LdrFlushAlternateResourceModules(), LdrGetDllHandle(), LdrLoadAlternateResourceModule(), LdrpForkProcess(), LdrpGetProcedureAddress(), LdrpInitialize(), LdrpInitializeProcess(), LdrpLoadDll(), LdrQueryProcessModuleInformation(), LdrShutdownProcess(), LdrShutdownThread(), LdrUnloadAlternateResourceModule(), LdrUnloadDll(), RtlAddFunctionTable(), RtlDeleteFunctionTable(), RtlLookupDynamicFunctionEntry(), and RtlPcToFileHeader().

RTL_CRITICAL_SECTION_DEBUG LoaderLockDebug

Definition at line 141 of file ldrinit.c.

BOOLEAN LoaderLockInitialized

Definition at line 146 of file ldrinit.c. Referenced by LdrpForkProcess(), LdrpInitialize(), and LdrpInitializeProcess().

PVOID NtDllBase

Definition at line 45 of file ldrinit.c. Referenced by CsrClientConnectToServer(), LdrpInitializeProcess(), and RtlPcToFileHeader().

PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine

Definition at line 136 of file ldrinit.c. Referenced by IoInitSystem(), LdrpInitializeProcess(), RtlAnsiStringToUnicodeString(), RtlCreateUnicodeString(), RtlDowncaseUnicodeString(), RtlFormatCurrentUserKeyPath(), RtlOemStringToCountedUnicodeString(), RtlOemStringToUnicodeString(), RtlUnicodeStringToAnsiString(), RtlUnicodeStringToCountedOemString(), RtlUnicodeStringToOemString(), RtlUpcaseUnicodeString(), RtlUpcaseUnicodeStringToAnsiString(), RtlUpcaseUnicodeStringToCountedOemString(), and RtlUpcaseUnicodeStringToOemString().

PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine

Definition at line 137 of file ldrinit.c. Referenced by CmpSetVersionData(), LdrpInitializeProcess(), RtlAnsiStringToUnicodeString(), RtlFreeAnsiString(), RtlFreeOemString(), RtlFreeUnicodeString(), RtlOemStringToCountedUnicodeString(), RtlOemStringToUnicodeString(), RtlUnicodeStringToAnsiString(), RtlUnicodeStringToCountedOemString(), RtlUnicodeStringToOemString(), RtlUpcaseUnicodeStringToAnsiString(), RtlUpcaseUnicodeStringToCountedOemString(), and RtlUpcaseUnicodeStringToOemString().

ULONG RtlpDisableHeapLookaside

Definition at line 47 of file ldrinit.c. Referenced by LdrpInitialize(), and RtlCreateHeap().

RTL_BITMAP TlsBitMap

Definition at line 138 of file ldrinit.c. Referenced by LdrpInitializeProcess().

RTL_BITMAP TlsExpansionBitMap

Definition at line 139 of file ldrinit.c. Referenced by LdrpInitializeProcess().

---