From 8e91ccf95ec9e12b1743cf0746c53b93557cdd48 Mon Sep 17 00:00:00 2001
From: midipix <writeonce@midipix.org>
Date: Fri, 8 Dec 2017 02:39:20 +0000
Subject: __ntapi_ldr_load_system_dll(): added 'downlevel' support...

---
 src/ldr/ntapi_ldr_load_system_dll.c | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/src/ldr/ntapi_ldr_load_system_dll.c b/src/ldr/ntapi_ldr_load_system_dll.c
index 6265cdf..9106395 100644
--- a/src/ldr/ntapi_ldr_load_system_dll.c
+++ b/src/ldr/ntapi_ldr_load_system_dll.c
@@ -17,6 +17,7 @@ int32_t	__stdcall __ntapi_ldr_load_system_dll(
 	__out	void **			image_base)
 {
 	int32_t			status;
+	wchar16_t *		wch;
 	wchar16_t *		sysdir;
 	nt_unicode_string	nt_sysdir;
 	nt_unicode_string	nt_image_name;
@@ -44,6 +45,38 @@ int32_t	__stdcall __ntapi_ldr_load_system_dll(
 	nt_image_name.maxlen = base_name_size;
 	nt_image_name.buffer = base_name;
 
+	status = __ntapi->ldr_load_dll(
+		sysdir,0,
+		&nt_image_name,
+		image_base);
+
+	switch (status) {
+		case NT_STATUS_DLL_NOT_FOUND:
+			break;
+
+		default:
+			return status;
+	}
+
+	/* downlevel */
+	for (wch=sysdir; *wch; wch++)
+		(void)0;
+
+	if (&wch[10] > &sysdir[sizeof(buffer)/sizeof(wchar16_t)])
+		return NT_STATUS_BUFFER_TOO_SMALL;
+
+	*wch++ = 'd';
+	*wch++ = 'o';
+	*wch++ = 'w';
+	*wch++ = 'n';
+	*wch++ = 'l';
+	*wch++ = 'e';
+	*wch++ = 'v';
+	*wch++ = 'e';
+	*wch++ = 'l';
+	*wch++ = '\\';
+	*wch++ = 0;
+
 	return __ntapi->ldr_load_dll(
 		sysdir,0,
 		&nt_image_name,
-- 
cgit v1.2.3