[ros-diffs] [reactos] 03/03: [RTL] Implement LdrpRecordUnloadEvent

26 Apr 2020

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=d5f0b2b160c11a766aab8…

commit d5f0b2b160c11a766aab87e4773e0a8c64ac8fa8
Author:     Mark Jansen &lt;mark.jansen(a)reactos.org&gt;
AuthorDate: Sat Apr 18 13:53:02 2020 +0200
Commit:     Mark Jansen &lt;mark.jansen(a)reactos.org&gt;
CommitDate: Sun Apr 26 14:35:51 2020 +0200

    [RTL] Implement LdrpRecordUnloadEvent
---
 dll/ntdll/include/ntdllp.h |  3 +++
 dll/ntdll/ldr/ldrapi.c     |  3 +--
 sdk/lib/rtl/trace.c        | 52 +++++++++++++++++++++++++++++++++++++++-------
 3 files changed, 48 insertions(+), 10 deletions(-)

diff --git a/dll/ntdll/include/ntdllp.h b/dll/ntdll/include/ntdllp.h
index 2fe0d778279..2ec4f44d778 100644
--- a/dll/ntdll/include/ntdllp.h
+++ b/dll/ntdll/include/ntdllp.h
@@ -158,6 +158,9 @@ LdrpFetchAddressOfEntryPoint(PVOID ImageBase);
 VOID NTAPI
 LdrpFreeUnicodeString(PUNICODE_STRING String);
 
+VOID NTAPI
+LdrpRecordUnloadEvent(_In_ PLDR_DATA_TABLE_ENTRY LdrEntry);
+
 VOID NTAPI
 LdrpGetShimEngineInterface(VOID);
 
diff --git a/dll/ntdll/ldr/ldrapi.c b/dll/ntdll/ldr/ldrapi.c
index e7fdfec0725..8c968160f30 100644
--- a/dll/ntdll/ldr/ldrapi.c
+++ b/dll/ntdll/ldr/ldrapi.c
@@ -1449,8 +1449,7 @@ LdrUnloadDll(IN PVOID BaseAddress)
         /* Get the current entry */
         LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, HashLinks);
 
-        /* FIXME: Log the Unload Event */
-        //LdrpRecordUnloadEvent(LdrEntry);
+        LdrpRecordUnloadEvent(LdrEntry);
 
         /* Set the entry and clear it from the list */
         CurrentEntry = LdrEntry;
diff --git a/sdk/lib/rtl/trace.c b/sdk/lib/rtl/trace.c
index f0bf4578a01..489bf5be2bf 100644
--- a/sdk/lib/rtl/trace.c
+++ b/sdk/lib/rtl/trace.c
@@ -11,6 +11,7 @@
 #include <debug.h>
 
 static RTL_UNLOAD_EVENT_TRACE RtlpUnloadEventTrace[RTL_UNLOAD_EVENT_TRACE_NUMBER];
+static UINT RtlpUnloadEventTraceIndex = 0;
 
 /* FUNCTIONS ******************************************************************/
 
@@ -22,10 +23,45 @@ RtlGetUnloadEventTrace(VOID)
     return RtlpUnloadEventTrace;
 }
 
+VOID
+NTAPI
+LdrpRecordUnloadEvent(_In_ PLDR_DATA_TABLE_ENTRY LdrEntry)
+{
+    PIMAGE_NT_HEADERS NtHeaders;
+    UINT Sequence = RtlpUnloadEventTraceIndex++;
+    UINT Index = Sequence % RTL_UNLOAD_EVENT_TRACE_NUMBER;
+    USHORT StringLen;
+
+    DPRINT("LdrpRecordUnloadEvent(%wZ, %p - %p)\n",
&LdrEntry->BaseDllName, LdrEntry->DllBase,
+        (ULONG_PTR)LdrEntry->DllBase + LdrEntry->SizeOfImage);
+
+    RtlpUnloadEventTrace[Index].BaseAddress = LdrEntry->DllBase;
+    RtlpUnloadEventTrace[Index].SizeOfImage = LdrEntry->SizeOfImage;
+    RtlpUnloadEventTrace[Index].Sequence = Sequence;
+
+    NtHeaders = RtlImageNtHeader(LdrEntry->DllBase);
+
+    if (NtHeaders)
+    {
+        RtlpUnloadEventTrace[Index].TimeDateStamp =
NtHeaders->FileHeader.TimeDateStamp;
+        RtlpUnloadEventTrace[Index].CheckSum = NtHeaders->OptionalHeader.CheckSum;
+    }
+    else
+    {
+        RtlpUnloadEventTrace[Index].TimeDateStamp = 0;
+        RtlpUnloadEventTrace[Index].CheckSum = 0;
+    }
+
+    StringLen = min(LdrEntry->BaseDllName.Length / sizeof(WCHAR),
RTL_NUMBER_OF(RtlpUnloadEventTrace[Index].ImageName));
+    RtlCopyMemory(RtlpUnloadEventTrace[Index].ImageName, LdrEntry->BaseDllName.Buffer,
StringLen * sizeof(WCHAR));
+    if (StringLen < RTL_NUMBER_OF(RtlpUnloadEventTrace[Index].ImageName))
+        RtlpUnloadEventTrace[Index].ImageName[StringLen] = 0;
+}
+
 BOOLEAN
 NTAPI
-RtlTraceDatabaseAdd(IN PRTL_TRACE_DATABASE Database, 
-                    IN ULONG Count, 
+RtlTraceDatabaseAdd(IN PRTL_TRACE_DATABASE Database,
+                    IN ULONG Count,
                     IN PVOID *Trace,
                     OUT OPTIONAL PRTL_TRACE_BLOCK *TraceBlock)
 {
@@ -35,10 +71,10 @@ RtlTraceDatabaseAdd(IN PRTL_TRACE_DATABASE Database,
 
 PRTL_TRACE_DATABASE
 NTAPI
-RtlTraceDatabaseCreate(IN ULONG Buckets, 
-                       IN OPTIONAL SIZE_T MaximumSize, 
-                       IN ULONG Flags, 
-                       IN ULONG Tag, 
+RtlTraceDatabaseCreate(IN ULONG Buckets,
+                       IN OPTIONAL SIZE_T MaximumSize,
+                       IN ULONG Flags,
+                       IN ULONG Tag,
                        IN OPTIONAL RTL_TRACE_HASH_FUNCTION HashFunction)
 {
     UNIMPLEMENTED;
@@ -55,7 +91,7 @@ RtlTraceDatabaseDestroy(IN PRTL_TRACE_DATABASE Database)
 
 BOOLEAN
 NTAPI
-RtlTraceDatabaseEnumerate(IN PRTL_TRACE_DATABASE Database, 
+RtlTraceDatabaseEnumerate(IN PRTL_TRACE_DATABASE Database,
                           IN PRTL_TRACE_ENUMERATE TraceEnumerate,
                           IN OUT PRTL_TRACE_BLOCK *TraceBlock)
 {
@@ -66,7 +102,7 @@ RtlTraceDatabaseEnumerate(IN PRTL_TRACE_DATABASE Database,
 
 BOOLEAN
 NTAPI
-RtlTraceDatabaseFind(IN PRTL_TRACE_DATABASE Database, 
+RtlTraceDatabaseFind(IN PRTL_TRACE_DATABASE Database,
                      IN ULONG Count,
                      IN PVOID *Trace,
                      OUT OPTIONAL PRTL_TRACE_BLOCK *TraceBlock)


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [reactos] 03/03: [RTL] Implement LdrpRecordUnloadEvent