1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
/********************************************************/
/* ntapi: Native API core library */
/* Copyright (C) 2013--2017 Z. Gilboa */
/* Released under GPLv2 and GPLv3; see COPYING.NTAPI. */
/********************************************************/
#include <psxtypes/psxtypes.h>
#include <ntapi/nt_ldr.h>
#include <ntapi/ntapi.h>
#include "ntapi_impl.h"
int32_t __stdcall __ntapi_ldr_load_system_dll(
__in void * hsysdir __optional,
__in wchar16_t * base_name,
__in uint16_t base_name_size,
__in uint32_t * image_flags __optional,
__out void ** image_base)
{
int32_t status;
wchar16_t * wch;
wchar16_t * sysdir;
nt_unicode_string nt_sysdir;
nt_unicode_string nt_image_name;
uintptr_t buffer[0x80];
(void)image_flags;
/* stack buffer */
__ntapi->tt_aligned_block_memset(
buffer,0,sizeof(buffer));
sysdir = (wchar16_t *)buffer;
/* shell-style dos path */
if ((status = __ntapi->tt_get_system_directory_dos_path(
hsysdir,
sysdir,sizeof(buffer),
0,0,&nt_sysdir)))
return status;
sysdir = &sysdir[4];
/* image */
nt_image_name.strlen = base_name_size;
nt_image_name.maxlen = base_name_size;
nt_image_name.buffer = base_name;
status = __ntapi->ldr_load_dll(
sysdir,0,
&nt_image_name,
image_base);
switch (status) {
case NT_STATUS_DLL_NOT_FOUND:
break;
default:
return status;
}
/* downlevel */
for (wch=sysdir; *wch; wch++)
(void)0;
if (&wch[10] > &sysdir[sizeof(buffer)/sizeof(wchar16_t)])
return NT_STATUS_BUFFER_TOO_SMALL;
*wch++ = 'd';
*wch++ = 'o';
*wch++ = 'w';
*wch++ = 'n';
*wch++ = 'l';
*wch++ = 'e';
*wch++ = 'v';
*wch++ = 'e';
*wch++ = 'l';
*wch++ = '\\';
*wch++ = 0;
return __ntapi->ldr_load_dll(
sysdir,0,
&nt_image_name,
image_base);
}
|
