/*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: ldrtypes.h Abstract: Type definitions for the Loader. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _LDRTYPES_H #define _LDRTYPES_H // // Dependencies // #include // // Resource Type Levels // #define RESOURCE_TYPE_LEVEL 0 #define RESOURCE_NAME_LEVEL 1 #define RESOURCE_LANGUAGE_LEVEL 2 #define RESOURCE_DATA_LEVEL 3 // // Loader Data Table Entry Flags // #define LDRP_STATIC_LINK 0x00000002 #define LDRP_IMAGE_DLL 0x00000004 #define LDRP_LOAD_IN_PROGRESS 0x00001000 #define LDRP_UNLOAD_IN_PROGRESS 0x00002000 #define LDRP_ENTRY_PROCESSED 0x00004000 #define LDRP_ENTRY_INSERTED 0x00008000 #define LDRP_CURRENT_LOAD 0x00010000 #define LDRP_FAILED_BUILTIN_LOAD 0x00020000 #define LDRP_DONT_CALL_FOR_THREADS 0x00040000 #define LDRP_PROCESS_ATTACH_CALLED 0x00080000 #define LDRP_DEBUG_SYMBOLS_LOADED 0x00100000 #define LDRP_IMAGE_NOT_AT_BASE 0x00200000 #define LDRP_COR_IMAGE 0x00400000 #define LDR_COR_OWNS_UNMAP 0x00800000 #define LDRP_SYSTEM_MAPPED 0x01000000 #define LDRP_IMAGE_VERIFYING 0x02000000 #define LDRP_DRIVER_DEPENDENT_DLL 0x04000000 #define LDRP_ENTRY_NATIVE 0x08000000 #define LDRP_REDIRECTED 0x10000000 #define LDRP_NON_PAGED_DEBUG_INFO 0x20000000 #define LDRP_MM_LOADED 0x40000000 #define LDRP_COMPAT_DATABASE_PROCESSED 0x80000000 // // Dll Characteristics for LdrLoadDll // #define LDR_IGNORE_CODE_AUTHZ_LEVEL 0x00001000 // // LdrAddRef Flags // #define LDR_ADDREF_DLL_PIN 0x00000001 // // LdrLockLoaderLock Flags // #define LDR_LOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS 0x00000001 #define LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY 0x00000002 // // LdrUnlockLoaderLock Flags // #define LDR_UNLOCK_LOADER_LOCK_FLAG_RAISE_ON_ERRORS 0x00000001 // // LdrGetDllHandleEx Flags // #define LDR_GET_DLL_HANDLE_EX_UNCHANGED_REFCOUNT 0x00000001 #define LDR_GET_DLL_HANDLE_EX_PIN 0x00000002 #define LDR_LOCK_LOADER_LOCK_DISPOSITION_INVALID 0 #define LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_ACQUIRED 1 #define LDR_LOCK_LOADER_LOCK_DISPOSITION_LOCK_NOT_ACQUIRED 2 // // FIXME: THIS SHOULD *NOT* BE USED! // #define IMAGE_SCN_TYPE_NOLOAD 0x00000002 // // Loader datafile/imagemapping macros // #define LDR_IS_DATAFILE(handle) (((ULONG_PTR)(handle)) & (ULONG_PTR)1) #define LDR_IS_IMAGEMAPPING(handle) (((ULONG_PTR)(handle)) & (ULONG_PTR)2) #define LDR_IS_RESOURCE(handle) (LDR_IS_IMAGEMAPPING(handle) || LDR_IS_DATAFILE(handle)) // // Activation Context // typedef PVOID PACTIVATION_CONTEXT; // // Loader Data stored in the PEB // typedef struct _PEB_LDR_DATA { ULONG Length; BOOLEAN Initialized; PVOID SsHandle; LIST_ENTRY InLoadOrderModuleList; LIST_ENTRY InMemoryOrderModuleList; LIST_ENTRY InInitializationOrderModuleList; PVOID EntryInProgress; #if (NTDDI_VERSION >= NTDDI_WIN7) UCHAR ShutdownInProgress; PVOID ShutdownThreadId; #endif } PEB_LDR_DATA, *PPEB_LDR_DATA; // // Loader Data Table Entry // // NOTE: The field 'InMemoryOrderLinks' MUST have that name. // It's hard-coded into WinDbg for PEB dumping! // typedef struct _LDR_DATA_TABLE_ENTRY { LIST_ENTRY InLoadOrderLinks; LIST_ENTRY InMemoryOrderLinks; LIST_ENTRY InInitializationOrderLinks; PVOID DllBase; PVOID EntryPoint; ULONG SizeOfImage; UNICODE_STRING FullDllName; UNICODE_STRING BaseDllName; ULONG Flags; USHORT LoadCount; USHORT TlsIndex; union { LIST_ENTRY HashLinks; struct { PVOID SectionPointer; ULONG CheckSum; }; }; union { ULONG TimeDateStamp; PVOID LoadedImports; }; PACTIVATION_CONTEXT EntryPointActivationContext; PVOID PatchInformation; } LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY; // // Loaded Imports Reference Counting in Kernel // typedef struct _LOAD_IMPORTS { SIZE_T Count; PLDR_DATA_TABLE_ENTRY Entry[1]; } LOAD_IMPORTS, *PLOAD_IMPORTS; // // Loader Resource Information // typedef struct _LDR_RESOURCE_INFO { ULONG_PTR Type; ULONG_PTR Name; ULONG_PTR Language; } LDR_RESOURCE_INFO, *PLDR_RESOURCE_INFO; typedef struct _LDR_ENUM_RESOURCE_INFO { ULONG_PTR Type; ULONG_PTR Name; ULONG_PTR Language; PVOID Data; SIZE_T Size; ULONG_PTR Reserved; } LDR_ENUM_RESOURCE_INFO, *PLDR_ENUM_RESOURCE_INFO; // // DLL Notifications // typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA { ULONG Flags; PUNICODE_STRING FullDllName; PUNICODE_STRING BaseDllName; PVOID DllBase; ULONG SizeOfImage; } LDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_LOADED_NOTIFICATION_DATA; typedef VOID (NTAPI *PLDR_DLL_LOADED_NOTIFICATION_CALLBACK)( _In_ BOOLEAN Type, _In_ struct _LDR_DLL_LOADED_NOTIFICATION_DATA *Data ); typedef struct _LDR_DLL_LOADED_NOTIFICATION_ENTRY { LIST_ENTRY NotificationListEntry; PLDR_DLL_LOADED_NOTIFICATION_CALLBACK Callback; } LDR_DLL_LOADED_NOTIFICATION_ENTRY, *PLDR_DLL_LOADED_NOTIFICATION_ENTRY; // // Alternate Resources Support // typedef struct _ALT_RESOURCE_MODULE { LANGID LangId; PVOID ModuleBase; #if (NTDDI_VERSION >= NTDDI_LONGHORN) PVOID ModuleManifest; #endif PVOID AlternateModule; #if (NTDDI_VERSION >= NTDDI_LONGHORN) HANDLE AlternateFileHandle; ULONG ModuleCheckSum; ULONG ErrorCode; #endif } ALT_RESOURCE_MODULE, *PALT_RESOURCE_MODULE; // // Callback function for LdrEnumerateLoadedModules // typedef VOID (NTAPI LDR_ENUM_CALLBACK)(_In_ PLDR_DATA_TABLE_ENTRY ModuleInformation, _In_ PVOID Parameter, _Out_ BOOLEAN *Stop); typedef LDR_ENUM_CALLBACK *PLDR_ENUM_CALLBACK; // // Manifest prober routine set via LdrSetDllManifestProber // typedef NTSTATUS (NTAPI LDR_MANIFEST_PROBER_ROUTINE)(_In_ PVOID DllHandle, _In_ PCWSTR FullDllName, _Out_ PVOID *ActCtx); typedef LDR_MANIFEST_PROBER_ROUTINE *PLDR_MANIFEST_PROBER_ROUTINE; // // DLL Main Routine // typedef BOOLEAN (NTAPI *PDLL_INIT_ROUTINE)( _In_ PVOID DllHandle, _In_ ULONG Reason, _In_opt_ PCONTEXT Context ); #endif