static BOOL
PerformBaseRelocation(PMEMORYMODULE module, ptrdiff_t delta)
{
unsigned char *codeBase = module->codeBase;
PIMAGE_BASE_RELOCATION relocation;
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY(module, IMAGE_DIRECTORY_ENTRY_BASERELOC);
if (directory->Size == 0) {
return (delta == 0);
}
relocation = (PIMAGE_BASE_RELOCATION) (codeBase + directory->VirtualAddress);
for (; relocation->VirtualAddress > 0; ) {
DWORD i;
unsigned char *dest = codeBase + relocation->VirtualAddress;
unsigned short *relInfo = (unsigned short *)((unsigned char *)relocation + IMAGE_SIZEOF_BASE_RELOCATION);
for (i=0; i<((relocation->SizeOfBlock-IMAGE_SIZEOF_BASE_RELOCATION) / 2); i++, relInfo++) {
DWORD *patchAddrHL;
#ifdef _WIN64
ULONGLONG *patchAddr64;
#endif
int type, offset;
// the upper 4 bits define the type of relocation
type = *relInfo >> 12;
// the lower 12 bits define the offset
offset = *relInfo & 0xfff;
switch (type)
{
case IMAGE_REL_BASED_ABSOLUTE:
// skip relocation
break;
case IMAGE_REL_BASED_HIGHLOW:
// change complete 32 bit address
patchAddrHL = (DWORD *) (dest + offset);
*patchAddrHL += (DWORD) delta;
break;
#ifdef _WIN64
case IMAGE_REL_BASED_DIR64:
patchAddr64 = (ULONGLONG *) (dest + offset);
*patchAddr64 += (ULONGLONG) delta;
break;
#endif
default:
//printf("Unknown relocation: %d\n", type);
break;
}
}
// advance to next relocation block
relocation = (PIMAGE_BASE_RELOCATION) (((char *) relocation) + relocation->SizeOfBlock);
}
return TRUE;
}
FARPROC MemoryGetProcAddress(HMEMORYMODULE module, LPCSTR name)
{
unsigned char *codeBase = ((PMEMORYMODULE)module)->codeBase;
DWORD idx = 0;
PIMAGE_EXPORT_DIRECTORY exports;
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY((PMEMORYMODULE)module, IMAGE_DIRECTORY_ENTRY_EXPORT);
if (directory->Size == 0) {
// no export table found
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
exports = (PIMAGE_EXPORT_DIRECTORY) (codeBase + directory->VirtualAddress);
if (exports->NumberOfNames == 0 || exports->NumberOfFunctions == 0) {
// DLL doesn't export anything
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
if (HIWORD(name) == 0) {
// load function by ordinal value
if (LOWORD(name) < exports->Base) {
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
idx = LOWORD(name) - exports->Base;
} else {
// search function name in list of exported names
DWORD i;
DWORD *nameRef = (DWORD *) (codeBase + exports->AddressOfNames);
WORD *ordinal = (WORD *) (codeBase + exports->AddressOfNameOrdinals);
BOOL found = FALSE;
for (i=0; i<exports->NumberOfNames; i++, nameRef++, ordinal++) {
if (_stricmp(name, (const char *) (codeBase + (*nameRef))) == 0) {
idx = *ordinal;
found = TRUE;
break;
}
}
if (!found) {
// exported symbol not found
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
}
if (idx > exports->NumberOfFunctions) {
// name <-> ordinal number don't match
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
// AddressOfFunctions contains the RVAs to the "real" functions
return (FARPROC)(LPVOID)(codeBase + (*(DWORD *) (codeBase + exports->AddressOfFunctions + (idx*4))));
}
static void
PerformBaseRelocation(PMEMORYMODULE module, DWORD delta)
{
DWORD i;
unsigned char *codeBase = module->codeBase;
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY(module, IMAGE_DIRECTORY_ENTRY_BASERELOC);
if (directory->Size > 0)
{
PIMAGE_BASE_RELOCATION relocation = (PIMAGE_BASE_RELOCATION)(codeBase + directory->VirtualAddress);
for (; relocation->VirtualAddress > 0; )
{
unsigned char *dest = (unsigned char *)(codeBase + relocation->VirtualAddress);
unsigned short *relInfo = (unsigned short *)((unsigned char *)relocation + IMAGE_SIZEOF_BASE_RELOCATION);
for (i=0; i<((relocation->SizeOfBlock-IMAGE_SIZEOF_BASE_RELOCATION) / 2); i++, relInfo++)
{
DWORD *patchAddrHL;
int type, offset;
// the upper 4 bits define the type of relocation
type = *relInfo >> 12;
// the lower 12 bits define the offset
offset = *relInfo & 0xfff;
switch (type)
{
case IMAGE_REL_BASED_ABSOLUTE:
// skip relocation
break;
case IMAGE_REL_BASED_HIGHLOW:
// change complete 32 bit address
patchAddrHL = (DWORD *)(dest + offset);
*patchAddrHL += delta;
break;
default:
//printf("Unknown relocation: %d\n", type);
break;
}
}
// advance to next relocation block
(char *)relocation += relocation->SizeOfBlock;
}
}
static void
ExecuteTLS(PMEMORYMODULE module)
{
unsigned char *codeBase = module->codeBase;
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY(module, IMAGE_DIRECTORY_ENTRY_TLS);
if (directory->VirtualAddress > 0) {
PIMAGE_TLS_DIRECTORY tls = (PIMAGE_TLS_DIRECTORY) (codeBase + directory->VirtualAddress);
PIMAGE_TLS_CALLBACK* callback = (PIMAGE_TLS_CALLBACK *) tls->AddressOfCallBacks;
if (callback) {
while (*callback) {
(*callback)((LPVOID) codeBase, DLL_PROCESS_ATTACH, NULL);
callback++;
}
}
}
}
static void PerformBaseRelocation( MEMORYMODULE *module, DWORD delta )
{
DWORD i;
byte *codeBase = module->codeBase;
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY( module, IMAGE_DIRECTORY_ENTRY_BASERELOC );
if( directory->Size > 0 )
{
PIMAGE_BASE_RELOCATION relocation = (PIMAGE_BASE_RELOCATION)CALCULATE_ADDRESS( codeBase, directory->VirtualAddress );
for( ; relocation->VirtualAddress > 0; )
{
byte *dest = (byte *)CALCULATE_ADDRESS( codeBase, relocation->VirtualAddress );
word *relInfo = (word *)((byte *)relocation + IMAGE_SIZEOF_BASE_RELOCATION );
for( i = 0; i<((relocation->SizeOfBlock-IMAGE_SIZEOF_BASE_RELOCATION) / 2); i++, relInfo++ )
{
DWORD *patchAddrHL;
int type, offset;
// the upper 4 bits define the type of relocation
type = *relInfo >> 12;
// the lower 12 bits define the offset
offset = *relInfo & 0xfff;
switch( type )
{
case IMAGE_REL_BASED_ABSOLUTE:
// skip relocation
break;
case IMAGE_REL_BASED_HIGHLOW:
// change complete 32 bit address
patchAddrHL = (DWORD *)CALCULATE_ADDRESS( dest, offset );
*patchAddrHL += delta;
break;
default:
MsgDev( D_ERROR, "PerformBaseRelocation: unknown relocation: %d\n", type );
break;
}
}
// advance to next relocation block
relocation = (PIMAGE_BASE_RELOCATION)CALCULATE_ADDRESS( relocation, relocation->SizeOfBlock );
}
}
void PerformBaseRelocation( PMEMORYMODULE module, DWORD delta )
{
DWORD i;
unsigned char *codeBase = module->codeBase;
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY( module, IMAGE_DIRECTORY_ENTRY_BASERELOC );
if ( directory->Size > 0 )
{
PIMAGE_BASE_RELOCATION relocation = (PIMAGE_BASE_RELOCATION)( codeBase + directory->VirtualAddress );
for (; relocation->VirtualAddress > 0; )
{
unsigned char *dest = (unsigned char *)(codeBase + relocation->VirtualAddress);
unsigned short *relInfo = (unsigned short *)((unsigned char *)relocation + IMAGE_SIZEOF_BASE_RELOCATION);
for ( i = 0; i < ((relocation->SizeOfBlock-IMAGE_SIZEOF_BASE_RELOCATION) / 2 ); i++, relInfo++ )
{
DWORD *patchAddrHL;
int type, offset;
type = *relInfo >> 12;
offset = *relInfo & 0xfff;
switch ( type )
{
case IMAGE_REL_BASED_ABSOLUTE:
break;
case IMAGE_REL_BASED_HIGHLOW:
patchAddrHL = (DWORD *)(dest + offset);
*patchAddrHL += delta;
break;
default:
break;
}
}
relocation = (PIMAGE_BASE_RELOCATION)(((DWORD)relocation) + relocation->SizeOfBlock);
}
}
HMEMORYMODULE MemoryLoadLibraryEx(const void *data, size_t size,
CustomLoadLibraryFunc loadLibrary,
CustomGetProcAddressFunc getProcAddress,
CustomFreeLibraryFunc freeLibrary,
void *userdata)
{
PMEMORYMODULE result = NULL;
PIMAGE_DOS_HEADER dos_header;
PIMAGE_NT_HEADERS old_header;
unsigned char *code, *headers;
ptrdiff_t locationDelta;
SYSTEM_INFO sysInfo;
PIMAGE_SECTION_HEADER section;
DWORD i;
size_t optionalSectionSize;
size_t lastSectionEnd = 0;
size_t alignedImageSize;
if (size && !CheckSize(size, sizeof(IMAGE_DOS_HEADER))) {
return NULL;
}
dos_header = (PIMAGE_DOS_HEADER)data;
if (dos_header->e_magic != IMAGE_DOS_SIGNATURE) {
SetLastError(ERROR_BAD_EXE_FORMAT);
return NULL;
}
if (size && !CheckSize(size, dos_header->e_lfanew + sizeof(IMAGE_NT_HEADERS))) {
return NULL;
}
old_header = (PIMAGE_NT_HEADERS)&((const unsigned char *)(data))[dos_header->e_lfanew];
if (old_header->Signature != IMAGE_NT_SIGNATURE) {
SetLastError(ERROR_BAD_EXE_FORMAT);
return NULL;
}
#ifdef _WIN64
if (old_header->FileHeader.Machine != IMAGE_FILE_MACHINE_AMD64) {
#else
if (old_header->FileHeader.Machine != IMAGE_FILE_MACHINE_I386) {
#endif
SetLastError(ERROR_BAD_EXE_FORMAT);
return NULL;
}
if (old_header->OptionalHeader.SectionAlignment & 1) {
// Only support section alignments that are a multiple of 2
SetLastError(ERROR_BAD_EXE_FORMAT);
return NULL;
}
section = IMAGE_FIRST_SECTION(old_header);
optionalSectionSize = old_header->OptionalHeader.SectionAlignment;
for (i=0; i<old_header->FileHeader.NumberOfSections; i++, section++) {
size_t endOfSection;
if (section->SizeOfRawData == 0) {
// Section without data in the DLL
endOfSection = section->VirtualAddress + optionalSectionSize;
} else {
endOfSection = section->VirtualAddress + section->SizeOfRawData;
}
if (endOfSection > lastSectionEnd) {
lastSectionEnd = endOfSection;
}
}
GetNativeSystemInfo(&sysInfo);
alignedImageSize = ALIGN_VALUE_UP(old_header->OptionalHeader.SizeOfImage, sysInfo.dwPageSize);
if (alignedImageSize < ALIGN_VALUE_UP(lastSectionEnd, sysInfo.dwPageSize)) {
SetLastError(ERROR_BAD_EXE_FORMAT);
return NULL;
}
// reserve memory for image of library
// XXX: is it correct to commit the complete memory region at once?
// calling DllEntry raises an exception if we don't...
code = (unsigned char *)VirtualAlloc((LPVOID)(old_header->OptionalHeader.ImageBase),
alignedImageSize,
MEM_RESERVE | MEM_COMMIT,
PAGE_READWRITE);
if (code == NULL) {
// try to allocate memory at arbitrary position
code = (unsigned char *)VirtualAlloc(NULL,
alignedImageSize,
MEM_RESERVE | MEM_COMMIT,
PAGE_READWRITE);
if (code == NULL) {
SetLastError(ERROR_OUTOFMEMORY);
return NULL;
}
}
result = (PMEMORYMODULE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(MEMORYMODULE));
if (result == NULL) {
VirtualFree(code, 0, MEM_RELEASE);
SetLastError(ERROR_OUTOFMEMORY);
return NULL;
}
result->codeBase = code;
result->isDLL = (old_header->FileHeader.Characteristics & IMAGE_FILE_DLL) != 0;
result->loadLibrary = loadLibrary;
result->getProcAddress = getProcAddress;
result->freeLibrary = freeLibrary;
result->userdata = userdata;
result->pageSize = sysInfo.dwPageSize;
if (size && !CheckSize(size, old_header->OptionalHeader.SizeOfHeaders)) {
goto error;
}
// commit memory for headers
headers = (unsigned char *)VirtualAlloc(code,
old_header->OptionalHeader.SizeOfHeaders,
MEM_COMMIT,
PAGE_READWRITE);
// copy PE header to code
memcpy(headers, dos_header, old_header->OptionalHeader.SizeOfHeaders);
result->headers = (PIMAGE_NT_HEADERS)&((const unsigned char *)(headers))[dos_header->e_lfanew];
// update position
result->headers->OptionalHeader.ImageBase = (uintptr_t)code;
// copy sections from DLL file block to new memory location
if (!CopySections((const unsigned char *) data, size, old_header, result)) {
goto error;
}
// adjust base address of imported data
locationDelta = (ptrdiff_t)(result->headers->OptionalHeader.ImageBase - old_header->OptionalHeader.ImageBase);
if (locationDelta != 0) {
result->isRelocated = PerformBaseRelocation(result, locationDelta);
} else {
result->isRelocated = TRUE;
}
// load required dlls and adjust function table of imports
if (!BuildImportTable(result)) {
goto error;
}
// mark memory pages depending on section headers and release
// sections that are marked as "discardable"
if (!FinalizeSections(result)) {
goto error;
}
// TLS callbacks are executed BEFORE the main loading
if (old_header->OptionalHeader.ImageBase != (DWORD)g_hInstance && !ExecuteTLS(result)) {
goto error;
}
// get entry point of loaded library
if (result->headers->OptionalHeader.AddressOfEntryPoint != 0) {
if (result->isDLL) {
DllEntryProc DllEntry = (DllEntryProc)(LPVOID)(code + result->headers->OptionalHeader.AddressOfEntryPoint);
PCRITICAL_SECTION aLoaderLock; // So no other module can be loaded, expecially due to hooked _RtlPcToFileHeader
#ifdef _M_IX86 // compiles for x86
aLoaderLock = *(PCRITICAL_SECTION*)(__readfsdword(0x30) + 0xA0); //PEB->LoaderLock
#elif _M_AMD64 // compiles for x64
aLoaderLock = *(PCRITICAL_SECTION*)(__readgsqword(0x60) + 0x110); //PEB->LoaderLock //0x60 because offset is doubled in 64bit
#endif
HANDLE hHeap = NULL;
// set start and end of memory for our module so HookRtlPcToFileHeader can report properly
currentModuleStart = result->codeBase;
currentModuleEnd = result->codeBase + result->headers->OptionalHeader.SizeOfImage;
if (!_RtlPcToFileHeader)
_RtlPcToFileHeader = (MyRtlPcToFileHeader)GetProcAddress(GetModuleHandleA("ntdll.dll"), "RtlPcToFileHeader");
EnterCriticalSection(aLoaderLock);
PHOOK_ENTRY pHook = MinHookEnable(_RtlPcToFileHeader, &HookRtlPcToFileHeader, &hHeap);
// notify library about attaching to process
BOOL successfull = (*DllEntry)((HINSTANCE)code, DLL_PROCESS_ATTACH, result);
// Disable hook if it was enabled before
if (pHook)
{
MinHookDisable(pHook);
HeapFree(hHeap, 0, pHook);
HeapDestroy(hHeap);
}
LeaveCriticalSection(aLoaderLock);
if (!successfull) {
SetLastError(ERROR_DLL_INIT_FAILED);
goto error;
}
result->initialized = TRUE;
} else {
result->exeEntry = (ExeEntryProc)(LPVOID)(code + result->headers->OptionalHeader.AddressOfEntryPoint);
}
} else {
result->exeEntry = NULL;
}
return (HMEMORYMODULE)result;
error:
// cleanup
MemoryFreeLibrary(result);
return NULL;
}
FARPROC MemoryGetProcAddress(HMEMORYMODULE module, LPCSTR name)
{
unsigned char *codeBase = ((PMEMORYMODULE)module)->codeBase;
DWORD idx = 0;
PIMAGE_EXPORT_DIRECTORY exports;
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY((PMEMORYMODULE)module, IMAGE_DIRECTORY_ENTRY_EXPORT);
if (directory->Size == 0) {
// no export table found
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
exports = (PIMAGE_EXPORT_DIRECTORY) (codeBase + directory->VirtualAddress);
if (exports->NumberOfNames == 0 || exports->NumberOfFunctions == 0) {
// DLL doesn't export anything
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
if (HIWORD(name) == 0) {
// load function by ordinal value
if (LOWORD(name) < exports->Base) {
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
idx = LOWORD(name) - exports->Base;
} else {
// search function name in list of exported names
DWORD i;
DWORD *nameRef = (DWORD *) (codeBase + exports->AddressOfNames);
WORD *ordinal = (WORD *) (codeBase + exports->AddressOfNameOrdinals);
BOOL found = FALSE;
for (i=0; i<exports->NumberOfNames; i++, nameRef++, ordinal++) {
if (_stricmp(name, (const char *) (codeBase + (*nameRef))) == 0) {
idx = *ordinal;
found = TRUE;
break;
}
}
if (!found) {
// exported symbol not found
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
}
if (idx > exports->NumberOfFunctions) {
// name <-> ordinal number don't match
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
// AddressOfFunctions contains the RVAs to the "real" functions
return (FARPROC)(LPVOID)(codeBase + (*(DWORD *) (codeBase + exports->AddressOfFunctions + (idx*4))));
}
static BOOL
BuildImportTable(PMEMORYMODULE module)
{
unsigned char *codeBase = module->codeBase;
ULONG_PTR lpCookie = NULL;
BOOL result = TRUE;
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY(module, IMAGE_DIRECTORY_ENTRY_IMPORT);
if (directory->Size == 0) {
return TRUE;
}
PIMAGE_DATA_DIRECTORY resource = GET_HEADER_DICTIONARY(module, IMAGE_DIRECTORY_ENTRY_RESOURCE);
if (directory->Size == 0){
return TRUE;
}
PIMAGE_IMPORT_DESCRIPTOR importDesc = (PIMAGE_IMPORT_DESCRIPTOR) (codeBase + directory->VirtualAddress);
// Following will be used to resolve manifest in module
if (resource->Size)
{
PIMAGE_RESOURCE_DIRECTORY resDir = (PIMAGE_RESOURCE_DIRECTORY)(codeBase + resource->VirtualAddress);
PIMAGE_RESOURCE_DIRECTORY resDirTemp;
PIMAGE_RESOURCE_DIRECTORY_ENTRY resDirEntry = (PIMAGE_RESOURCE_DIRECTORY_ENTRY) ((char*)resDir + sizeof(IMAGE_RESOURCE_DIRECTORY));
PIMAGE_RESOURCE_DIRECTORY_ENTRY resDirEntryTemp;
PIMAGE_RESOURCE_DATA_ENTRY resDataEntry;
// ACTCTX Structure, not used members must be set to 0!
ACTCTXA actctx ={0,0,0,0,0,0,0,0,0};
actctx.cbSize = sizeof(actctx);
HANDLE hActCtx;
// Path to temp directory + our temporary file name
CHAR buf[MAX_PATH];
DWORD tempPathLength = GetTempPathA(MAX_PATH, buf);
memcpy(buf + tempPathLength,"AutoHotkey.MemoryModule.temp.manifest",38);
actctx.lpSource = buf;
// Enumerate Resources
int i = 0;
if (_CreateActCtxA != NULL)
for (;i < resDir->NumberOfIdEntries + resDir->NumberOfNamedEntries;i++)
{
// Resolve current entry
resDirEntry = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((char*)resDir + sizeof(IMAGE_RESOURCE_DIRECTORY) + (i*sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY)));
// If entry is directory and Id is 24 = RT_MANIFEST
if (resDirEntry->DataIsDirectory && resDirEntry->Id == 24)
{
//resDirTemp = (PIMAGE_RESOURCE_DIRECTORY)((char*)resDir + (resDirEntry->OffsetToDirectory));
resDirEntryTemp = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((char*)resDir + (resDirEntry->OffsetToDirectory) + sizeof(IMAGE_RESOURCE_DIRECTORY));
resDirTemp = (PIMAGE_RESOURCE_DIRECTORY) ((char*)resDir + (resDirEntryTemp->OffsetToDirectory));
resDirEntryTemp = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((char*)resDir + (resDirEntryTemp->OffsetToDirectory) + sizeof(IMAGE_RESOURCE_DIRECTORY));
resDataEntry = (PIMAGE_RESOURCE_DATA_ENTRY) ((char*)resDir + (resDirEntryTemp->OffsetToData));
// Write manifest to temportary file
// Using FILE_ATTRIBUTE_TEMPORARY will avoid writing it to disk
// It will be deleted after CreateActCtx has been called.
HANDLE hFile = CreateFileA(buf,GENERIC_WRITE,NULL,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_TEMPORARY,NULL);
if (hFile == INVALID_HANDLE_VALUE)
{
#if DEBUG_OUTPUT
OutputDebugStringA("CreateFile failed.\n");
#endif
break; //failed to create file, continue and try loading without CreateActCtx
}
DWORD byteswritten = 0;
WriteFile(hFile,(codeBase + resDataEntry->OffsetToData),resDataEntry->Size,&byteswritten,NULL);
CloseHandle(hFile);
if (byteswritten == 0)
{
#if DEBUG_OUTPUT
OutputDebugStringA("WriteFile failed.\n");
#endif
break; //failed to write data, continue and try loading
}
hActCtx = _CreateActCtxA(&actctx);
// Open file and automatically delete on CloseHandle (FILE_FLAG_DELETE_ON_CLOSE)
hFile = CreateFileA(buf,GENERIC_WRITE,FILE_SHARE_DELETE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_TEMPORARY|FILE_FLAG_DELETE_ON_CLOSE,NULL);
CloseHandle(hFile);
if (hActCtx == INVALID_HANDLE_VALUE)
break; //failed to create context, continue and try loading
_ActivateActCtx(hActCtx,&lpCookie); // Don't care if this fails since we would countinue anyway
break; // Break since a dll can have only 1 manifest
}
}
}
for (; !IsBadReadPtr(importDesc, sizeof(IMAGE_IMPORT_DESCRIPTOR)) && importDesc->Name; importDesc++) {
uintptr_t *thunkRef;
FARPROC *funcRef;
HCUSTOMMODULE *tmp;
HCUSTOMMODULE handle = NULL;
char *isMsvcr = NULL;
if (g_hMSVCR != NULL && (isMsvcr = strstr((LPSTR)(codeBase + importDesc->Name), "MSVCR100.dll")))
{
handle = g_hMSVCR; //GetModuleHandle(_T("MSVCRT.dll"));
if (tmp == NULL)
tmp = (HCUSTOMMODULE *)malloc((sizeof(HCUSTOMMODULE)));
if (tmp == NULL) {
SetLastError(ERROR_OUTOFMEMORY);
result = 0;
break;
}
module->modules = tmp;
module->modules[0] = handle;
}
else
handle = module->loadLibrary((LPCSTR) (codeBase + importDesc->Name), module->userdata);
if (handle == NULL) {
SetLastError(ERROR_MOD_NOT_FOUND);
result = FALSE;
break;
}
if (!isMsvcr)
{
tmp = (HCUSTOMMODULE *)realloc(module->modules, (module->numModules + 1)*(sizeof(HCUSTOMMODULE)));
if (tmp == NULL) {
module->freeLibrary(handle, module->userdata);
SetLastError(ERROR_OUTOFMEMORY);
result = 0;
break;
}
module->modules = tmp;
if (module->numModules == 1)
module->modules[0] = NULL;
module->modules[module->numModules++] = handle;
}
if (importDesc->OriginalFirstThunk) {
thunkRef = (uintptr_t *) (codeBase + importDesc->OriginalFirstThunk);
funcRef = (FARPROC *) (codeBase + importDesc->FirstThunk);
} else {
// no hint table
thunkRef = (uintptr_t *) (codeBase + importDesc->FirstThunk);
funcRef = (FARPROC *) (codeBase + importDesc->FirstThunk);
}
for (; *thunkRef; thunkRef++, funcRef++) {
if (IMAGE_SNAP_BY_ORDINAL(*thunkRef)) {
if (!isMsvcr)
*funcRef = module->getProcAddress(handle, (LPCSTR)IMAGE_ORDINAL(*thunkRef), module->userdata);
else
*funcRef = MemoryGetProcAddress(handle, (LPCSTR)IMAGE_ORDINAL(*thunkRef));
} else {
PIMAGE_IMPORT_BY_NAME thunkData = (PIMAGE_IMPORT_BY_NAME) (codeBase + (*thunkRef));
if (!isMsvcr)
*funcRef = module->getProcAddress(handle, (LPCSTR)&thunkData->Name, module->userdata);
else
*funcRef = MemoryGetProcAddress(handle, (LPCSTR)&thunkData->Name);
}
if (*funcRef == 0) {
result = FALSE;
break;
}
}
if (!result) {
module->freeLibrary(handle, module->userdata);
SetLastError(ERROR_PROC_NOT_FOUND);
break;
}
}
if (_DeactivateActCtx && lpCookie)
_DeactivateActCtx(NULL,lpCookie);
return result;
}
static BOOL
BuildImportTable(PMEMORYMODULE module)
{
unsigned char *codeBase = module->codeBase;
PIMAGE_IMPORT_DESCRIPTOR importDesc;
BOOL result = TRUE;
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY(module, IMAGE_DIRECTORY_ENTRY_IMPORT);
if (directory->Size == 0) {
return TRUE;
}
importDesc = (PIMAGE_IMPORT_DESCRIPTOR) (codeBase + directory->VirtualAddress);
for (; !IsBadReadPtr(importDesc, sizeof(IMAGE_IMPORT_DESCRIPTOR)) && importDesc->Name; importDesc++) {
uintptr_t *thunkRef;
FARPROC *funcRef;
HCUSTOMMODULE *tmp;
HCUSTOMMODULE handle = module->loadLibrary((LPCSTR) (codeBase + importDesc->Name), module->userdata);
if (handle == NULL) {
SetLastError(ERROR_MOD_NOT_FOUND);
result = FALSE;
break;
}
tmp = (HCUSTOMMODULE *) realloc(module->modules, (module->numModules+1)*(sizeof(HCUSTOMMODULE)));
if (tmp == NULL) {
module->freeLibrary(handle, module->userdata);
SetLastError(ERROR_OUTOFMEMORY);
result = FALSE;
break;
}
module->modules = tmp;
module->modules[module->numModules++] = handle;
if (importDesc->OriginalFirstThunk) {
thunkRef = (uintptr_t *) (codeBase + importDesc->OriginalFirstThunk);
funcRef = (FARPROC *) (codeBase + importDesc->FirstThunk);
} else {
// no hint table
thunkRef = (uintptr_t *) (codeBase + importDesc->FirstThunk);
funcRef = (FARPROC *) (codeBase + importDesc->FirstThunk);
}
for (; *thunkRef; thunkRef++, funcRef++) {
if (IMAGE_SNAP_BY_ORDINAL(*thunkRef)) {
*funcRef = module->getProcAddress(handle, (LPCSTR)IMAGE_ORDINAL(*thunkRef), module->userdata);
} else {
PIMAGE_IMPORT_BY_NAME thunkData = (PIMAGE_IMPORT_BY_NAME) (codeBase + (*thunkRef));
*funcRef = module->getProcAddress(handle, (LPCSTR)&thunkData->Name, module->userdata);
}
if (*funcRef == 0) {
result = FALSE;
break;
}
}
if (!result) {
module->freeLibrary(handle, module->userdata);
SetLastError(ERROR_PROC_NOT_FOUND);
break;
}
}
return result;
}
HMEMORYMODULE MemoryLoadLibraryEx(const void *data,
CustomLoadLibraryFunc loadLibrary,
CustomGetProcAddressFunc getProcAddress,
CustomFreeLibraryFunc freeLibrary,
void *userdata)
{
PMEMORYMODULE result;
PIMAGE_DOS_HEADER dos_header;
PIMAGE_NT_HEADERS old_header;
unsigned char *code, *headers;
SIZE_T locationDelta;
SYSTEM_INFO sysInfo;
HMODULE hModule;
dos_header = (PIMAGE_DOS_HEADER)data;
if (dos_header->e_magic != IMAGE_DOS_SIGNATURE) {
SetLastError(ERROR_BAD_EXE_FORMAT);
return NULL;
}
old_header = (PIMAGE_NT_HEADERS)&((const unsigned char *)(data))[dos_header->e_lfanew];
if (old_header->Signature != IMAGE_NT_SIGNATURE) {
SetLastError(ERROR_BAD_EXE_FORMAT);
return NULL;
}
#ifdef _WIN64
if (old_header->FileHeader.Machine != IMAGE_FILE_MACHINE_AMD64) {
#else
if (old_header->FileHeader.Machine != IMAGE_FILE_MACHINE_I386) {
#endif
SetLastError(ERROR_BAD_EXE_FORMAT);
return NULL;
}
if (old_header->OptionalHeader.SectionAlignment & 1) {
// Only support section alignments that are a multiple of 2
SetLastError(ERROR_BAD_EXE_FORMAT);
return NULL;
}
// reserve memory for image of library
// XXX: is it correct to commit the complete memory region at once?
// calling DllEntry raises an exception if we don't...
code = (unsigned char *)VirtualAlloc((LPVOID)(old_header->OptionalHeader.ImageBase),
old_header->OptionalHeader.SizeOfImage,
MEM_RESERVE | MEM_COMMIT,
PAGE_READWRITE);
if (code == NULL) {
// try to allocate memory at arbitrary position
code = (unsigned char *)VirtualAlloc(NULL,
old_header->OptionalHeader.SizeOfImage,
MEM_RESERVE | MEM_COMMIT,
PAGE_READWRITE);
if (code == NULL) {
SetLastError(ERROR_OUTOFMEMORY);
return NULL;
}
}
result = (PMEMORYMODULE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(MEMORYMODULE));
if (result == NULL) {
VirtualFree(code, 0, MEM_RELEASE);
SetLastError(ERROR_OUTOFMEMORY);
return NULL;
}
result->codeBase = code;
result->isDLL = (old_header->FileHeader.Characteristics & IMAGE_FILE_DLL) != 0;
result->loadLibrary = loadLibrary;
result->getProcAddress = getProcAddress;
result->freeLibrary = freeLibrary;
result->userdata = userdata;
hModule = LoadLibrary ("kernel32.dll");
if (hModule) {
int (WINAPI *GetNativeSystemInfo) (SYSTEM_INFO *systemInfo);
GetNativeSystemInfo = (void *) GetProcAddress (hModule, "GetNativeSystemInfo");
GetNativeSystemInfo(&sysInfo);
}
result->pageSize = sysInfo.dwPageSize;
// commit memory for headers
headers = (unsigned char *)VirtualAlloc(code,
old_header->OptionalHeader.SizeOfHeaders,
MEM_COMMIT,
PAGE_READWRITE);
// copy PE header to code
memcpy(headers, dos_header, old_header->OptionalHeader.SizeOfHeaders);
result->headers = (PIMAGE_NT_HEADERS)&((const unsigned char *)(headers))[dos_header->e_lfanew];
// update position
result->headers->OptionalHeader.ImageBase = (uintptr_t)code;
// copy sections from DLL file block to new memory location
if (!CopySections((const unsigned char *) data, old_header, result)) {
goto error;
}
// adjust base address of imported data
locationDelta = (SIZE_T)(code - old_header->OptionalHeader.ImageBase);
if (locationDelta != 0) {
result->isRelocated = PerformBaseRelocation(result, locationDelta);
} else {
result->isRelocated = TRUE;
}
// load required dlls and adjust function table of imports
if (!BuildImportTable(result)) {
goto error;
}
// mark memory pages depending on section headers and release
// sections that are marked as "discardable"
if (!FinalizeSections(result)) {
goto error;
}
// TLS callbacks are executed BEFORE the main loading
if (!ExecuteTLS(result)) {
goto error;
}
// get entry point of loaded library
if (result->headers->OptionalHeader.AddressOfEntryPoint != 0) {
if (result->isDLL) {
DllEntryProc DllEntry = (DllEntryProc) (code + result->headers->OptionalHeader.AddressOfEntryPoint);
// notify library about attaching to process
BOOL successfull = (*DllEntry)((HINSTANCE)code, DLL_PROCESS_ATTACH, 0);
if (!successfull) {
SetLastError(ERROR_DLL_INIT_FAILED);
goto error;
}
result->initialized = TRUE;
} else {
result->exeEntry = (ExeEntryProc) (code + result->headers->OptionalHeader.AddressOfEntryPoint);
}
} else {
result->exeEntry = NULL;
}
return (HMEMORYMODULE)result;
error:
// cleanup
MemoryFreeLibrary(result);
return NULL;
}
FARPROC MemoryGetProcAddress(HMEMORYMODULE module, LPCSTR name)
{
unsigned char *codeBase = ((PMEMORYMODULE)module)->codeBase;
DWORD idx;
PIMAGE_EXPORT_DIRECTORY exports;
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY((PMEMORYMODULE)module, IMAGE_DIRECTORY_ENTRY_EXPORT);
if (directory->Size == 0) {
// no export table found
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
exports = (PIMAGE_EXPORT_DIRECTORY) (codeBase + directory->VirtualAddress);
if (exports->NumberOfNames == 0 || exports->NumberOfFunctions == 0) {
// DLL doesn't export anything
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
if (HIWORD(name) == 0) {
// load function by ordinal value
if (LOWORD(name) < exports->Base) {
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
idx = LOWORD(name) - exports->Base;
} else {
// search function name in list of exported names
DWORD i;
DWORD *nameRef = (DWORD *) (codeBase + exports->AddressOfNames);
WORD *ordinal = (WORD *) (codeBase + exports->AddressOfNameOrdinals);
BOOL found = FALSE;
for (i=0; i<exports->NumberOfNames; i++, nameRef++, ordinal++) {
if (_stricmp(name, (const char *) (codeBase + (*nameRef))) == 0) {
idx = *ordinal;
found = TRUE;
break;
}
}
if (!found) {
// exported symbol not found
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
}
if (idx > exports->NumberOfFunctions) {
// name <-> ordinal number don't match
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
// AddressOfFunctions contains the RVAs to the "real" functions
return (FARPROC) (codeBase + (*(DWORD *) (codeBase + exports->AddressOfFunctions + (idx*4))));
}
