Google Git
Sign in
android / toolchain / rustc / refs/heads/main / . / vendor / ntapi-0.3.7 / src / ntldr.rs
blob: 1114dd8e2ae2151f1aeb1f898c60381ed741a1e4 [file] [log] [blame] [edit]
use winapi::shared::basetsd::{LONG_PTR, PSIZE_T, SIZE_T, ULONG_PTR};
use winapi::shared::ntdef::{
BOOLEAN, HANDLE, LARGE_INTEGER, LIST_ENTRY, LONG, LONGLONG, NTSTATUS, PANSI_STRING, PCSTR,
PCUNICODE_STRING, PCWSTR, PHANDLE, POBJECT_ATTRIBUTES, PSINGLE_LIST_ENTRY, PSTR, PULONG,
PUNICODE_STRING, PUSHORT, PVOID, PWSTR, RTL_BALANCED_NODE, SINGLE_LIST_ENTRY, UCHAR, ULONG,
UNICODE_STRING, USHORT,
};
use winapi::um::winnt::{
ACCESS_MASK, ACTIVATION_CONTEXT, IMAGE_RESOURCE_DIRECTORY_ENTRY, PCIMAGE_DELAYLOAD_DESCRIPTOR,
PIMAGE_BASE_RELOCATION, PIMAGE_IMPORT_DESCRIPTOR, PIMAGE_RESOURCE_DATA_ENTRY,
PIMAGE_RESOURCE_DIRECTORY, PIMAGE_RESOURCE_DIRECTORY_STRING, PIMAGE_THUNK_DATA,
};
FN!{stdcall PLDR_INIT_ROUTINE(
DllHandle: PVOID,
Reason: ULONG,
Context: PVOID,
) -> BOOLEAN}
STRUCT!{struct LDR_SERVICE_TAG_RECORD {
Next: *mut LDR_SERVICE_TAG_RECORD,
ServiceTag: ULONG,
}}
pub type PLDR_SERVICE_TAG_RECORD = *mut LDR_SERVICE_TAG_RECORD;
STRUCT!{struct LDRP_CSLIST {
Tail: PSINGLE_LIST_ENTRY,
}}
pub type PLDRP_CSLIST = *mut LDRP_CSLIST;
ENUM!{enum LDR_DDAG_STATE {
LdrModulesMerged = -5i32 as u32,
LdrModulesInitError = -4i32 as u32,
LdrModulesSnapError = -3i32 as u32,
LdrModulesUnloaded = -2i32 as u32,
LdrModulesUnloading = -1i32 as u32,
LdrModulesPlaceHolder = 0,
LdrModulesMapping = 1,
LdrModulesMapped = 2,
LdrModulesWaitingForDependencies = 3,
LdrModulesSnapping = 4,
LdrModulesSnapped = 5,
LdrModulesCondensed = 6,
LdrModulesReadyToInit = 7,
LdrModulesInitializing = 8,
LdrModulesReadyToRun = 9,
}}
UNION!{union LDR_DDAG_NODE_u {
Dependencies: LDRP_CSLIST,
RemovalLink: SINGLE_LIST_ENTRY,
}}
STRUCT!{struct LDR_DDAG_NODE {
Modules: LIST_ENTRY,
ServiceTagList: PLDR_SERVICE_TAG_RECORD,
LoadCount: ULONG,
LoadWhileUnloadingCount: ULONG,
LowestLink: ULONG,
u: LDR_DDAG_NODE_u,
IncomingDependencies: LDRP_CSLIST,
State: LDR_DDAG_STATE,
CondenseLink: SINGLE_LIST_ENTRY,
PreorderNumber: ULONG,
}}
pub type PLDR_DDAG_NODE = *mut LDR_DDAG_NODE;
STRUCT!{struct LDR_DEPENDENCY_RECORD {
DependencyLink: SINGLE_LIST_ENTRY,
DependencyNode: PLDR_DDAG_NODE,
IncomingDependencyLink: SINGLE_LIST_ENTRY,
IncomingDependencyNode: PLDR_DDAG_NODE,
}}
pub type PLDR_DEPENDENCY_RECORD = *mut LDR_DEPENDENCY_RECORD;
ENUM!{enum LDR_DLL_LOAD_REASON {
LoadReasonStaticDependency = 0,
LoadReasonStaticForwarderDependency = 1,
LoadReasonDynamicForwarderDependency = 2,
LoadReasonDelayloadDependency = 3,
LoadReasonDynamicLoad = 4,
LoadReasonAsImageLoad = 5,
LoadReasonAsDataLoad = 6,
LoadReasonEnclavePrimary = 7,
LoadReasonEnclaveDependency = 8,
LoadReasonUnknown = -1i32 as u32,
}}
pub type PLDR_DLL_LOAD_REASON = *mut LDR_DLL_LOAD_REASON;
pub const LDRP_PACKAGED_BINARY: ULONG = 0x00000001;
pub const LDRP_STATIC_LINK: ULONG = 0x00000002;
pub const LDRP_IMAGE_DLL: ULONG = 0x00000004;
pub const LDRP_LOAD_IN_PROGRESS: ULONG = 0x00001000;
pub const LDRP_UNLOAD_IN_PROGRESS: ULONG = 0x00002000;
pub const LDRP_ENTRY_PROCESSED: ULONG = 0x00004000;
pub const LDRP_ENTRY_INSERTED: ULONG = 0x00008000;
pub const LDRP_CURRENT_LOAD: ULONG = 0x00010000;
pub const LDRP_FAILED_BUILTIN_LOAD: ULONG = 0x00020000;
pub const LDRP_DONT_CALL_FOR_THREADS: ULONG = 0x00040000;
pub const LDRP_PROCESS_ATTACH_CALLED: ULONG = 0x00080000;
pub const LDRP_DEBUG_SYMBOLS_LOADED: ULONG = 0x00100000;
pub const LDRP_IMAGE_NOT_AT_BASE: ULONG = 0x00200000;
pub const LDRP_COR_IMAGE: ULONG = 0x00400000;
pub const LDRP_DONT_RELOCATE: ULONG = 0x00800000;
pub const LDRP_SYSTEM_MAPPED: ULONG = 0x01000000;
pub const LDRP_IMAGE_VERIFYING: ULONG = 0x02000000;
pub const LDRP_DRIVER_DEPENDENT_DLL: ULONG = 0x04000000;
pub const LDRP_ENTRY_NATIVE: ULONG = 0x08000000;
pub const LDRP_REDIRECTED: ULONG = 0x10000000;
pub const LDRP_NON_PAGED_DEBUG_INFO: ULONG = 0x20000000;
pub const LDRP_MM_LOADED: ULONG = 0x40000000;
pub const LDRP_COMPAT_DATABASE_PROCESSED: ULONG = 0x80000000;
STRUCT!{struct LDRP_LOAD_CONTEXT {
BaseDllName: UNICODE_STRING,
somestruct: PVOID,
Flags: ULONG,
pstatus: *mut NTSTATUS,
ParentEntry: *mut LDR_DATA_TABLE_ENTRY,
Entry: *mut LDR_DATA_TABLE_ENTRY,
WorkQueueListEntry: LIST_ENTRY,
ReplacedEntry: *mut LDR_DATA_TABLE_ENTRY,
pvImports: *mut *mut LDR_DATA_TABLE_ENTRY,
ImportDllCount: ULONG,
TaskCount: LONG,
pvIAT: PVOID,
SizeOfIAT: ULONG,
CurrentDll: ULONG,
piid: PIMAGE_IMPORT_DESCRIPTOR,
OriginalIATProtect: ULONG,
GuardCFCheckFunctionPointer: PVOID,
pGuardCFCheckFunctionPointer: *mut PVOID,
}}
UNION!{union LDR_DATA_TABLE_ENTRY_u1 {
InInitializationOrderLinks: LIST_ENTRY,
InProgressLinks: LIST_ENTRY,
}}
UNION!{union LDR_DATA_TABLE_ENTRY_u2 {
FlagGroup: [UCHAR; 4],
Flags: ULONG,
}}
STRUCT!{struct LDR_DATA_TABLE_ENTRY {
InLoadOrderLinks: LIST_ENTRY,
InMemoryOrderLinks: LIST_ENTRY,
u1: LDR_DATA_TABLE_ENTRY_u1,
DllBase: PVOID,
EntryPoint: PLDR_INIT_ROUTINE,
SizeOfImage: ULONG,
FullDllName: UNICODE_STRING,
BaseDllName: UNICODE_STRING,
u2: LDR_DATA_TABLE_ENTRY_u2,
ObsoleteLoadCount: USHORT,
TlsIndex: USHORT,
HashLinks: LIST_ENTRY,
TimeDateStamp: ULONG,
EntryPointActivationContext: *mut ACTIVATION_CONTEXT,
Lock: PVOID,
DdagNode: PLDR_DDAG_NODE,
NodeModuleLink: LIST_ENTRY,
LoadContext: *mut LDRP_LOAD_CONTEXT,
ParentDllBase: PVOID,
SwitchBackContext: PVOID,
BaseAddressIndexNode: RTL_BALANCED_NODE,
MappingInfoIndexNode: RTL_BALANCED_NODE,
OriginalBase: ULONG_PTR,
LoadTime: LARGE_INTEGER,
BaseNameHashValue: ULONG,
LoadReason: LDR_DLL_LOAD_REASON,
ImplicitPathOptions: ULONG,
ReferenceCount: ULONG,
DependentLoadFlags: ULONG,
SigningLevel: UCHAR,
}}
BITFIELD!{unsafe LDR_DATA_TABLE_ENTRY_u2 Flags: ULONG [
PackagedBinary set_PackagedBinary[0..1],
MarkedForRemoval set_MarkedForRemoval[1..2],
ImageDll set_ImageDll[2..3],
LoadNotificationsSent set_LoadNotificationsSent[3..4],
TelemetryEntryProcessed set_TelemetryEntryProcessed[4..5],
ProcessStaticImport set_ProcessStaticImport[5..6],
InLegacyLists set_InLegacyLists[6..7],
InIndexes set_InIndexes[7..8],
ShimDll set_ShimDll[8..9],
InExceptionTable set_InExceptionTable[9..10],
ReservedFlags1 set_ReservedFlags1[10..12],
LoadInProgress set_LoadInProgress[12..13],
LoadConfigProcessed set_LoadConfigProcessed[13..14],
EntryProcessed set_EntryProcessed[14..15],
ProtectDelayLoad set_ProtectDelayLoad[15..16],
ReservedFlags3 set_ReservedFlags3[16..18],
DontCallForThreads set_DontCallForThreads[18..19],
ProcessAttachCalled set_ProcessAttachCalled[19..20],
ProcessAttachFailed set_ProcessAttachFailed[20..21],
CorDeferredValidate set_CorDeferredValidate[21..22],
CorImage set_CorImage[22..23],
DontRelocate set_DontRelocate[23..24],
CorILOnly set_CorILOnly[24..25],
ReservedFlags5 set_ReservedFlags5[25..28],
Redirected set_Redirected[28..29],
ReservedFlags6 set_ReservedFlags6[29..31],
CompatDatabaseProcessed set_CompatDatabaseProcessed[31..32],
]}
pub type PLDR_DATA_TABLE_ENTRY = *mut LDR_DATA_TABLE_ENTRY;
#[inline]
pub const fn LDR_IS_DATAFILE(DllHandle: ULONG_PTR) -> bool {
DllHandle & 1 != 0
}
#[inline]
pub const fn LDR_IS_IMAGEMAPPING(DllHandle: ULONG_PTR) -> bool {
DllHandle & 2 != 0
}
#[inline]
pub const fn LDR_IS_RESOURCE(DllHandle: ULONG_PTR) -> bool {
(LDR_IS_IMAGEMAPPING(DllHandle) | LDR_IS_DATAFILE(DllHandle)) as u8 != 0 //fixme
}
EXTERN!{extern "system" {
fn LdrLoadDll(
DllPath: PWSTR,
DllCharacteristics: PULONG,
DllName: PUNICODE_STRING,
DllHandle: *mut PVOID,
) -> NTSTATUS;
fn LdrUnloadDll(
DllHandle: PVOID,
) -> NTSTATUS;
fn LdrGetDllHandle(
DllPath: PWSTR,
DllCharacteristics: PULONG,
DllName: PUNICODE_STRING,
DllHandle: *mut PVOID,
) -> NTSTATUS;
}}
pub const LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT: ULONG = 0x00000001;
pub const LDR_GET_DLL_HANDLE_EX_PIN: ULONG = 0x00000002;
EXTERN!{extern "system" {
fn LdrGetDllHandleEx(
Flags: ULONG,
DllPath: PWSTR,
DllCharacteristics: PULONG,
DllName: PUNICODE_STRING,
DllHandle: *mut PVOID,
) -> NTSTATUS;
fn LdrGetDllHandleByMapping(
BaseAddress: PVOID,
DllHandle: *mut PVOID,
) -> NTSTATUS;
fn LdrGetDllHandleByName(
BaseDllName: PUNICODE_STRING,
FullDllName: PUNICODE_STRING,
DllHandle: *mut PVOID,
) -> NTSTATUS;
fn LdrGetDllFullName(
DllHandle: PVOID,
FullDllName: PUNICODE_STRING,
) -> NTSTATUS;
fn LdrGetDllDirectory(
DllDirectory: PUNICODE_STRING,
) -> NTSTATUS;
fn LdrSetDllDirectory(
DllDirectory: PUNICODE_STRING,
) -> NTSTATUS;
}}
pub const LDR_ADDREF_DLL_PIN: ULONG = 0x00000001;
EXTERN!{extern "system" {
fn LdrAddRefDll(
Flags: ULONG,
DllHandle: PVOID,
) -> NTSTATUS;
fn LdrGetProcedureAddress(
DllHandle: PVOID,
ProcedureName: PANSI_STRING,
ProcedureNumber: ULONG,
ProcedureAddress: *mut PVOID,
) -> NTSTATUS;
}}
pub const LDR_GET_PROCEDURE_ADDRESS_DONT_RECORD_FORWARDER: ULONG = 0x00000001;
EXTERN!{extern "system" {
fn LdrGetProcedureAddressEx(
DllHandle: PVOID,
ProcedureName: PANSI_STRING,
ProcedureNumber: ULONG,
ProcedureAddress: *mut PVOID,
Flags: ULONG,
) -> NTSTATUS;
fn LdrGetKnownDllSectionHandle(
DllName: PCWSTR,
KnownDlls32: BOOLEAN,
Section: PHANDLE,
) -> NTSTATUS;
fn LdrGetProcedureAddressForCaller(
DllHandle: PVOID,
ProcedureName: PANSI_STRING,
ProcedureNumber: ULONG,
ProcedureAddress: *mut PVOID,
Flags: ULONG,
Callback: *mut PVOID,
) -> NTSTATUS;
}}
pub const LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS: ULONG = 0x00000001;
pub const LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY: ULONG = 0x00000002;
pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_INVALID: ULONG = 0;
pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED: ULONG = 1;
pub const LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_NOT_ACQUIRED: ULONG = 2;
EXTERN!{extern "system" {
fn LdrLockLoaderLock(
Flags: ULONG,
Disposition: *mut ULONG,
Cookie: *mut PVOID,
) -> NTSTATUS;
}}
pub const LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS: ULONG = 0x00000001;
EXTERN!{extern "system" {
fn LdrUnlockLoaderLock(
Flags: ULONG,
Cookie: PVOID,
) -> NTSTATUS;
fn LdrRelocateImage(
NewBase: PVOID,
LoaderName: PSTR,
Success: NTSTATUS,
Conflict: NTSTATUS,
Invalid: NTSTATUS,
) -> NTSTATUS;
fn LdrRelocateImageWithBias(
NewBase: PVOID,
Bias: LONGLONG,
LoaderName: PSTR,
Success: NTSTATUS,
Conflict: NTSTATUS,
Invalid: NTSTATUS,
) -> NTSTATUS;
fn LdrProcessRelocationBlock(
VA: ULONG_PTR,
SizeOfBlock: ULONG,
NextOffset: PUSHORT,
Diff: LONG_PTR,
) -> PIMAGE_BASE_RELOCATION;
fn LdrVerifyMappedImageMatchesChecksum(
BaseAddress: PVOID,
NumberOfBytes: SIZE_T,
FileLength: ULONG,
) -> BOOLEAN;
}}
FN!{stdcall PLDR_IMPORT_MODULE_CALLBACK(
Parameter: PVOID,
ModuleName: PSTR,
) -> ()}
EXTERN!{extern "system" {
fn LdrVerifyImageMatchesChecksum(
ImageFileHandle: HANDLE,
ImportCallbackRoutine: PLDR_IMPORT_MODULE_CALLBACK,
ImportCallbackParameter: PVOID,
ImageCharacteristics: PUSHORT,
) -> NTSTATUS;
}}
STRUCT!{struct LDR_IMPORT_CALLBACK_INFO {
ImportCallbackRoutine: PLDR_IMPORT_MODULE_CALLBACK,
ImportCallbackParameter: PVOID,
}}
pub type PLDR_IMPORT_CALLBACK_INFO = *mut LDR_IMPORT_CALLBACK_INFO;
STRUCT!{struct LDR_SECTION_INFO {
SectionHandle: HANDLE,
DesiredAccess: ACCESS_MASK,
ObjA: POBJECT_ATTRIBUTES,
SectionPageProtection: ULONG,
AllocationAttributes: ULONG,
}}
pub type PLDR_SECTION_INFO = *mut LDR_SECTION_INFO;
STRUCT!{struct LDR_VERIFY_IMAGE_INFO {
Size: ULONG,
Flags: ULONG,
CallbackInfo: LDR_IMPORT_CALLBACK_INFO,
SectionInfo: LDR_SECTION_INFO,
ImageCharacteristics: USHORT,
}}
pub type PLDR_VERIFY_IMAGE_INFO = *mut LDR_VERIFY_IMAGE_INFO;
EXTERN!{extern "system" {
fn LdrVerifyImageMatchesChecksumEx(
ImageFileHandle: HANDLE,
VerifyInfo: PLDR_VERIFY_IMAGE_INFO,
) -> NTSTATUS;
fn LdrQueryModuleServiceTags(
DllHandle: PVOID,
ServiceTagBuffer: PULONG,
BufferSize: PULONG,
) -> NTSTATUS;
}}
pub const LDR_DLL_NOTIFICATION_REASON_LOADED: ULONG = 1;
pub const LDR_DLL_NOTIFICATION_REASON_UNLOADED: ULONG = 2;
STRUCT!{struct LDR_DLL_LOADED_NOTIFICATION_DATA {
Flags: ULONG,
FullDllName: PUNICODE_STRING,
BaseDllName: PUNICODE_STRING,
DllBase: PVOID,
SizeOfImage: ULONG,
}}
pub type PLDR_DLL_LOADED_NOTIFICATION_DATA = *mut LDR_DLL_LOADED_NOTIFICATION_DATA;
STRUCT!{struct LDR_DLL_UNLOADED_NOTIFICATION_DATA {
Flags: ULONG,
FullDllName: PCUNICODE_STRING,
BaseDllName: PCUNICODE_STRING,
DllBase: PVOID,
SizeOfImage: ULONG,
}}
pub type PLDR_DLL_UNLOADED_NOTIFICATION_DATA = *mut LDR_DLL_UNLOADED_NOTIFICATION_DATA;
UNION!{union LDR_DLL_NOTIFICATION_DATA {
Loaded: LDR_DLL_LOADED_NOTIFICATION_DATA,
Unloaded: LDR_DLL_UNLOADED_NOTIFICATION_DATA,
}}
pub type PLDR_DLL_NOTIFICATION_DATA = *mut LDR_DLL_NOTIFICATION_DATA;
FN!{stdcall PLDR_DLL_NOTIFICATION_FUNCTION(
NotificationReason: ULONG,
NotificationData: PLDR_DLL_NOTIFICATION_DATA,
Context: PVOID,
) -> ()}
EXTERN!{extern "system" {
fn LdrRegisterDllNotification(
Flags: ULONG,
NotificationFunction: PLDR_DLL_NOTIFICATION_FUNCTION,
Context: PVOID,
Cookie: *mut PVOID,
) -> NTSTATUS;
fn LdrUnregisterDllNotification(
Cookie: PVOID,
) -> NTSTATUS;
}}
STRUCT!{struct PS_MITIGATION_OPTIONS_MAP {
Map: [ULONG_PTR; 2],
}}
pub type PPS_MITIGATION_OPTIONS_MAP = *mut PS_MITIGATION_OPTIONS_MAP;
STRUCT!{struct PS_MITIGATION_AUDIT_OPTIONS_MAP {
Map: [ULONG_PTR; 2],
}}
pub type PPS_MITIGATION_AUDIT_OPTIONS_MAP = *mut PS_MITIGATION_AUDIT_OPTIONS_MAP;
STRUCT!{struct PS_SYSTEM_DLL_INIT_BLOCK {
Size: ULONG,
SystemDllWowRelocation: ULONG_PTR,
SystemDllNativeRelocation: ULONG_PTR,
Wow64SharedInformation: [ULONG_PTR; 16],
RngData: ULONG,
Flags: ULONG,
MitigationOptionsMap: PS_MITIGATION_OPTIONS_MAP,
CfgBitMap: ULONG_PTR,
CfgBitMapSize: ULONG_PTR,
Wow64CfgBitMap: ULONG_PTR,
Wow64CfgBitMapSize: ULONG_PTR,
MitigationAuditOptionsMap: PS_MITIGATION_AUDIT_OPTIONS_MAP,
}}
BITFIELD!{PS_SYSTEM_DLL_INIT_BLOCK Flags: ULONG [
CfgOverride set_CfgOverride[0..1],
Reserved set_Reserved[1..32],
]}
pub type PPS_SYSTEM_DLL_INIT_BLOCK = *mut PS_SYSTEM_DLL_INIT_BLOCK;
EXTERN!{extern "system" {
fn LdrSystemDllInitBlock() -> PPS_SYSTEM_DLL_INIT_BLOCK;
fn LdrAddLoadAsDataTable(
Module: PVOID,
FilePath: PWSTR,
Size: SIZE_T,
Handle: HANDLE,
) -> NTSTATUS;
fn LdrRemoveLoadAsDataTable(
InitModule: PVOID,
BaseModule: *mut PVOID,
Size: PSIZE_T,
Flags: ULONG,
) -> NTSTATUS;
fn LdrGetFileNameFromLoadAsDataTable(
Module: PVOID,
pFileNamePrt: *mut PVOID,
) -> NTSTATUS;
fn LdrDisableThreadCalloutsForDll(
DllImageBase: PVOID,
) -> NTSTATUS;
fn LdrAccessResource(
DllHandle: PVOID,
ResourceDataEntry: PIMAGE_RESOURCE_DATA_ENTRY,
ResourceBuffer: *mut PVOID,
ResourceLength: *mut ULONG,
) -> NTSTATUS;
}}
STRUCT!{struct LDR_RESOURCE_INFO {
Type: ULONG_PTR,
Name: ULONG_PTR,
Language: ULONG_PTR,
}}
pub type PLDR_RESOURCE_INFO = *mut LDR_RESOURCE_INFO;
pub const RESOURCE_TYPE_LEVEL: ULONG = 0;
pub const RESOURCE_NAME_LEVEL: ULONG = 1;
pub const RESOURCE_LANGUAGE_LEVEL: ULONG = 2;
pub const RESOURCE_DATA_LEVEL: ULONG = 3;
EXTERN!{extern "system" {
fn LdrFindResource_U(
DllHandle: PVOID,
ResourceInfo: PLDR_RESOURCE_INFO,
Level: ULONG,
ResourceDataEntry: *mut PIMAGE_RESOURCE_DATA_ENTRY,
) -> NTSTATUS;
fn LdrFindResourceDirectory_U(
DllHandle: PVOID,
ResourceInfo: PLDR_RESOURCE_INFO,
Level: ULONG,
ResourceDirectory: *mut PIMAGE_RESOURCE_DIRECTORY,
) -> NTSTATUS;
}}
STRUCT!{struct LDR_ENUM_RESOURCE_ENTRY_Path_s {
Id: USHORT,
NameIsPresent: USHORT,
}}
UNION!{union LDR_ENUM_RESOURCE_ENTRY_Path {
NameOrId: ULONG_PTR,
Name: PIMAGE_RESOURCE_DIRECTORY_STRING,
s: LDR_ENUM_RESOURCE_ENTRY_Path_s,
}}
STRUCT!{struct LDR_ENUM_RESOURCE_ENTRY {
Path: [LDR_ENUM_RESOURCE_ENTRY_Path; 3],
Data: PVOID,
Size: ULONG,
Reserved: ULONG,
}}
pub type PLDR_ENUM_RESOURCE_ENTRY = *mut LDR_ENUM_RESOURCE_ENTRY;
#[inline]
pub unsafe fn NAME_FROM_RESOURCE_ENTRY(
RootDirectory: PIMAGE_RESOURCE_DIRECTORY,
Entry: &IMAGE_RESOURCE_DIRECTORY_ENTRY,
) -> usize {
if Entry.u.s().NameIsString() != 0 {
return RootDirectory as usize + Entry.u.s().NameOffset() as usize;
}
*Entry.u.Id() as usize
}
EXTERN!{extern "system" {
fn LdrEnumResources(
DllHandle: PVOID,
ResourceInfo: PLDR_RESOURCE_INFO,
Level: ULONG,
ResourceCount: *mut ULONG,
Resources: PLDR_ENUM_RESOURCE_ENTRY,
) -> NTSTATUS;
fn LdrFindEntryForAddress(
DllHandle: PVOID,
Entry: *mut PLDR_DATA_TABLE_ENTRY,
) -> NTSTATUS;
}}
STRUCT!{struct RTL_PROCESS_MODULE_INFORMATION {
Section: HANDLE,
MappedBase: PVOID,
ImageBase: PVOID,
ImageSize: ULONG,
Flags: ULONG,
LoadOrderIndex: USHORT,
InitOrderIndex: USHORT,
LoadCount: USHORT,
OffsetToFileName: USHORT,
FullPathName: [UCHAR; 256],
}}
pub type PRTL_PROCESS_MODULE_INFORMATION = *mut RTL_PROCESS_MODULE_INFORMATION;
STRUCT!{struct RTL_PROCESS_MODULES {
NumberOfModules: ULONG,
Modules: [RTL_PROCESS_MODULE_INFORMATION; 1],
}}
pub type PRTL_PROCESS_MODULES = *mut RTL_PROCESS_MODULES;
STRUCT!{struct RTL_PROCESS_MODULE_INFORMATION_EX {
NextOffset: USHORT,
BaseInfo: RTL_PROCESS_MODULE_INFORMATION,
ImageChecksum: ULONG,
TimeDateStamp: ULONG,
DefaultBase: PVOID,
}}
pub type PRTL_PROCESS_MODULE_INFORMATION_EX = *mut RTL_PROCESS_MODULE_INFORMATION_EX;
EXTERN!{extern "system" {
fn LdrQueryProcessModuleInformation(
ModuleInformation: PRTL_PROCESS_MODULES,
Size: ULONG,
ReturnedSize: PULONG,
) -> NTSTATUS;
}}
FN!{stdcall PLDR_ENUM_CALLBACK(
ModuleInformation: PLDR_DATA_TABLE_ENTRY,
Parameter: PVOID,
Stop: *mut BOOLEAN,
) -> ()}
EXTERN!{extern "system" {
fn LdrEnumerateLoadedModules(
ReservedFlag: BOOLEAN,
EnumProc: PLDR_ENUM_CALLBACK,
Context: PVOID,
) -> NTSTATUS;
fn LdrOpenImageFileOptionsKey(
SubKey: PUNICODE_STRING,
Wow64: BOOLEAN,
NewKeyHandle: PHANDLE,
) -> NTSTATUS;
fn LdrQueryImageFileKeyOption(
KeyHandle: HANDLE,
ValueName: PCWSTR,
Type: ULONG,
Buffer: PVOID,
BufferSize: ULONG,
ReturnedLength: PULONG,
) -> NTSTATUS;
fn LdrQueryImageFileExecutionOptions(
SubKey: PUNICODE_STRING,
ValueName: PCWSTR,
ValueSize: ULONG,
Buffer: PVOID,
BufferSize: ULONG,
ReturnedLength: PULONG,
) -> NTSTATUS;
fn LdrQueryImageFileExecutionOptionsEx(
SubKey: PUNICODE_STRING,
ValueName: PCWSTR,
Type: ULONG,
Buffer: PVOID,
BufferSize: ULONG,
ReturnedLength: PULONG,
Wow64: BOOLEAN,
) -> NTSTATUS;
}}
UNION!{union DELAYLOAD_PROC_DESCRIPTOR_Description {
Name: PCSTR,
Ordinal: ULONG,
}}
STRUCT!{struct DELAYLOAD_PROC_DESCRIPTOR {
ImportDescribedByName: ULONG,
Description: DELAYLOAD_PROC_DESCRIPTOR_Description,
}}
pub type PDELAYLOAD_PROC_DESCRIPTOR = *mut DELAYLOAD_PROC_DESCRIPTOR;
STRUCT!{struct DELAYLOAD_INFO {
Size: ULONG,
DelayloadDescriptor: PCIMAGE_DELAYLOAD_DESCRIPTOR,
ThunkAddress: PIMAGE_THUNK_DATA,
TargetDllName: PCSTR,
TargetApiDescriptor: DELAYLOAD_PROC_DESCRIPTOR,
TargetModuleBase: PVOID,
Unused: PVOID,
LastError: ULONG,
}}
pub type PDELAYLOAD_INFO = *mut DELAYLOAD_INFO;
FN!{stdcall PDELAYLOAD_FAILURE_DLL_CALLBACK(
NotificationReason: ULONG,
DelayloadInfo: PDELAYLOAD_INFO,
) -> PVOID}
FN!{stdcall PDELAYLOAD_FAILURE_SYSTEM_ROUTINE(
DllName: PCSTR,
ProcName: PCSTR,
) -> PVOID}
EXTERN!{extern "system" {
fn LdrResolveDelayLoadedAPI(
ParentModuleBase: PVOID,
DelayloadDescriptor: PCIMAGE_DELAYLOAD_DESCRIPTOR,
FailureDllHook: PDELAYLOAD_FAILURE_DLL_CALLBACK,
FailureSystemHook: PDELAYLOAD_FAILURE_SYSTEM_ROUTINE,
ThunkAddress: PIMAGE_THUNK_DATA,
Flags: ULONG,
) -> PVOID;
fn LdrResolveDelayLoadsFromDll(
ParentBase: PVOID,
TargetDllName: PCSTR,
Flags: ULONG,
) -> NTSTATUS;
fn LdrSetDefaultDllDirectories(
DirectoryFlags: ULONG,
) -> NTSTATUS;
fn LdrShutdownProcess() -> NTSTATUS;
fn LdrShutdownThread() -> NTSTATUS;
fn LdrSetImplicitPathOptions(
ImplicitPathOptions: ULONG,
) -> NTSTATUS;
fn LdrControlFlowGuardEnforced() -> BOOLEAN;
}}