Author: ion Date: Sat Jul 9 14:52:07 2011 New Revision: 52583

URL: http://svn.reactos.org/svn/reactos?rev=52583&view=rev Log: [NTDLL]: LdrFindEntryForAddress should cehck EntryInProgress first. Also add missing dprint. [NTDLL]: LdrVerifyImageMatchesCheckSum does not actually do the check if the FileHandle is ORed with 1 (this is an optimization for KnownDLLs). Also, use EndOfFile.LowPart for the checksum, not ViewSize. [NTDLL]: LdrpGetProcedureAddress: fix overflows, incorrect constants, incorrect memcopy call, and only run init routines if the thunk was actually snapped.

Modified: trunk/reactos/dll/ntdll/ldr/ldrapi.c trunk/reactos/dll/ntdll/ldr/ldrutils.c

Modified: trunk/reactos/dll/ntdll/ldr/ldrapi.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/ntdll/ldr/ldrapi.c?rev=... ============================================================================== --- trunk/reactos/dll/ntdll/ldr/ldrapi.c [iso-8859-1] (original) +++ trunk/reactos/dll/ntdll/ldr/ldrapi.c [iso-8859-1] Sat Jul 9 14:52:07 2011 @@ -374,6 +374,29 @@

/* Nothing to do */ if (!Ldr) return STATUS_NO_MORE_ENTRIES; + + /* Get the current entry */ + LdrEntry = Ldr->EntryInProgress; + if (LdrEntry) + { + /* Get the NT Headers */ + NtHeader = RtlImageNtHeader(LdrEntry->DllBase); + if (NtHeader) + { + /* Get the Image Base */ + DllBase = (ULONG_PTR)LdrEntry->DllBase; + DllEnd = DllBase + NtHeader->OptionalHeader.SizeOfImage; + + /* Check if they match */ + if (((ULONG_PTR)Address >= DllBase) && + ((ULONG_PTR)Address < DllEnd)) + { + /* Return it */ + *Module = LdrEntry; + return STATUS_SUCCESS; + } + } + }

/* Loop the module list */ ListHead = &Ldr->InMemoryOrderModuleList; @@ -382,7 +405,8 @@ { /* Get the entry and NT Headers */ LdrEntry = CONTAINING_RECORD(NextEntry, LDR_DATA_TABLE_ENTRY, InMemoryOrderModuleList); - if ((NtHeader = RtlImageNtHeader(LdrEntry->DllBase))) + NtHeader = RtlImageNtHeader(LdrEntry->DllBase); + if (NtHeader) { /* Get the Image Base */ DllBase = (ULONG_PTR)LdrEntry->DllBase; @@ -403,6 +427,8 @@ }

/* Nothing found */ + // 85 == DPFLTR_LDR_ID; + DbgPrintEx(85, DPFLTR_WARNING_LEVEL, "LDR: %s() exiting 0x%08lx\n", __FUNCTION__, STATUS_NO_MORE_ENTRIES); return STATUS_NO_MORE_ENTRIES; }

@@ -753,14 +779,16 @@ IO_STATUS_BLOCK IoStatusBlock; PIMAGE_NT_HEADERS NtHeader; HANDLE SectionHandle; - SIZE_T ViewSize = 0; - PVOID ViewBase = NULL; - BOOLEAN Result; + SIZE_T ViewSize; + PVOID ViewBase; + BOOLEAN Result, NoActualCheck; NTSTATUS Status; PVOID ImportName; ULONG Size; - DPRINT("LdrVerifyImageMatchesChecksum() called\n"); + + /* If the handle has the magic KnownDll flag, skip actual checksums */ + NoActualCheck = ((ULONG_PTR)FileHandle & 1);

/* Create the section */ Status = NtCreateSection(&SectionHandle, @@ -777,6 +805,8 @@ }

/* Map the section */ + ViewSize = 0; + ViewBase = NULL; Status = NtMapViewOfSection(SectionHandle, NtCurrentProcess(), &ViewBase, @@ -811,13 +841,22 @@ /* Protect with SEH */ _SEH2_TRY { - /* Verify the checksum */ - Result = LdrVerifyMappedImageMatchesChecksum(ViewBase, - ViewSize, - FileStandardInfo.EndOfFile.LowPart); + /* Check if this is the KnownDll hack */ + if (NoActualCheck) + { + /* Don't actually do it */ + Result = TRUE; + } + else + { + /* Verify the checksum */ + Result = LdrVerifyMappedImageMatchesChecksum(ViewBase, + FileStandardInfo.EndOfFile.LowPart, + FileStandardInfo.EndOfFile.LowPart); + }

/* Check if a callback was supplied */ - if (Result && Callback) + if ((Result) && (Callback)) { /* Get the NT Header */ NtHeader = RtlImageNtHeader(ViewBase); @@ -866,7 +905,7 @@ NtClose(SectionHandle);

/* Return status */ - return !Result ? STATUS_IMAGE_CHECKSUM_MISMATCH : Status; + return Result ? Status : STATUS_IMAGE_CHECKSUM_MISMATCH; }

NTSTATUS

Modified: trunk/reactos/dll/ntdll/ldr/ldrutils.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/ntdll/ldr/ldrutils.c?re... ============================================================================== --- trunk/reactos/dll/ntdll/ldr/ldrutils.c [iso-8859-1] (original) +++ trunk/reactos/dll/ntdll/ldr/ldrutils.c [iso-8859-1] Sat Jul 9 14:52:07 2011 @@ -1671,7 +1671,7 @@ PVOID ImageBase; PIMAGE_IMPORT_BY_NAME ImportName = NULL; PIMAGE_EXPORT_DIRECTORY ExportDir; - ULONG ExportDirSize; + ULONG ExportDirSize, Length; PLIST_ENTRY Entry;

/* Show debug message */ @@ -1684,20 +1684,22 @@ if (ShowSnaps) DbgPrint("NAME - %s\n", Name->Buffer);

/* Make sure it's not too long */ - if ((Name->Length + sizeof(CHAR) + sizeof(USHORT)) > MAXLONG) + Length = Name->Length + + sizeof(CHAR) + + FIELD_OFFSET(IMAGE_IMPORT_BY_NAME, Name); + if (Length > UNICODE_STRING_MAX_BYTES) { /* Won't have enough space to add the hint */ return STATUS_NAME_TOO_LONG; }

/* Check if our buffer is large enough */ - if (Name->Length >= (sizeof(ImportBuffer) - sizeof(CHAR))) + if (Name->Length > sizeof(ImportBuffer)) { /* Allocate from heap, plus 2 bytes for the Hint */ ImportName = RtlAllocateHeap(RtlGetProcessHeap(), - 0, - Name->Length + sizeof(CHAR) + - sizeof(USHORT)); + 0, + Length); } else { @@ -1709,8 +1711,8 @@ ImportName->Hint = 0;

/* Copy the name and null-terminate it */ - RtlMoveMemory(ImportName->Name, Name->Buffer, Name->Length); - ImportName->Name[Name->Length] = 0; + RtlCopyMemory(ImportName->Name, Name->Buffer, Name->Length); + ImportName->Name[Name->Length] = ANSI_NULL;

/* Clear the high bit */ ImageBase = ImportName; @@ -1724,16 +1726,16 @@ /* Show debug message */ if (ShowSnaps) DbgPrint("ORDINAL - %lx\n", Ordinal);

- if (Ordinal) - { - Thunk.u1.Ordinal = Ordinal | IMAGE_ORDINAL_FLAG; - } - else + /* Make sure an ordinal was given */ + if (!Ordinal) { /* No ordinal */ DPRINT1("No ordinal and no name\n"); return STATUS_INVALID_PARAMETER; } + + /* Set the orginal flag in the thunk */ + Thunk.u1.Ordinal = Ordinal | IMAGE_ORDINAL_FLAG; }

/* Acquire lock unless we are initting */ @@ -1774,7 +1776,7 @@ NULL);

/* Finally, see if we're supposed to run the init routines */ - if (ExecuteInit) + if ((NT_SUCCESS(Status)) && (ExecuteInit)) { /* * It's possible a forwarded entry had us load the DLL. In that case,