From: Pali Rohár Date: Thu, 21 Nov 2024 23:36:29 +0000 (+0100) Subject: windows: Do not manually load ntdll.dll library X-Git-Tag: v3.14.0~23 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=76c06ea61b0b9555c7fddaaf4c8ef9abd46fa2c5;p=thirdparty%2Fpciutils.git windows: Do not manually load ntdll.dll library Per Windows Internals, Part 1, Image Loader section, the ntdll.dll library is always loaded into every process on all NT systems. So remove code which dynamically loads ntdll.dll library via LoadLibrary() function and remove also code which changes error reporting mode (used just for LoadLibrary) as both are not needed. Also Microsoft C/C++ compilers optimize EXE applications in a way which expects that the ntdll.dll library is loaded as the first module into the process before the main EXE module itself. --- diff --git a/lib/i386-io-windows.h b/lib/i386-io-windows.h index 8f8cffd..898a781 100644 --- a/lib/i386-io-windows.h +++ b/lib/i386-io-windows.h @@ -145,19 +145,11 @@ static BOOL SetProcessUserModeIOPL(VOID) { LPVOID Arg[2]; - UINT prev_error_mode; HMODULE ntdll; BOOL ret; - /* - * Load ntdll.dll library with disabled critical-error-handler and - * file-not-found message box. - * It means that NT kernel does not show unwanted GUI message box to user - * when LoadLibrary() function fails. - */ - prev_error_mode = win32_change_error_mode(SEM_FAILCRITICALERRORS | SEM_NOOPENFILEERRORBOX); - ntdll = LoadLibrary(TEXT("ntdll.dll")); - win32_change_error_mode(prev_error_mode); + /* Ntdll.dll is loaded into every process on all NT systems. */ + ntdll = GetModuleHandle(TEXT("ntdll.dll")); if (!ntdll) { SetLastError(ERROR_INVALID_FUNCTION); @@ -168,7 +160,6 @@ SetProcessUserModeIOPL(VOID) Arg[0] = (LPVOID)GetProcAddress(ntdll, "NtSetInformationProcess"); if (!Arg[0]) { - FreeLibrary(ntdll); SetLastError(ERROR_INVALID_FUNCTION); return FALSE; } @@ -179,8 +170,6 @@ SetProcessUserModeIOPL(VOID) /* Call ProcessUserModeIOPL with Tcb privilege. */ ret = win32_call_func_with_tcb_privilege(SetProcessUserModeIOPLFunc, (LPVOID)&Arg); - FreeLibrary(ntdll); - if (!ret) return FALSE; diff --git a/lib/physmem-windows.c b/lib/physmem-windows.c index 06f094c..b220a78 100644 --- a/lib/physmem-windows.c +++ b/lib/physmem-windows.c @@ -145,7 +145,6 @@ typedef struct _OBJECT_ATTRIBUTES { #define DPMI_PHYSICAL_ADDRESS_MAPPING 0x0800 struct physmem { - HMODULE ntdll; HANDLE section_handle; NTSTATUS (NTAPI *NtOpenSection)(PHANDLE SectionHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes); NTSTATUS (NTAPI *NtMapViewOfSection)(HANDLE SectionHandle, HANDLE ProcessHandle, PVOID *BaseAddress, ULONG_PTR ZeroBits, SIZE_T CommitSize, PLARGE_INTEGER SectionOffset, PSIZE_T ViewSize, SECTION_INHERIT InheritDisposition, ULONG AllocationType, ULONG Win32Protect); @@ -667,49 +666,41 @@ init_physmem_ntdll(struct physmem *physmem, struct pci_access *a, const char *fi wchar_t *wide_filename; UNICODE_STRING unicode_filename; OBJECT_ATTRIBUTES attributes; - UINT prev_error_mode; NTSTATUS status; + HMODULE ntdll; int len; a->debug("resolving section functions from ntdll.dll..."); - prev_error_mode = win32_change_error_mode(SEM_FAILCRITICALERRORS | SEM_NOOPENFILEERRORBOX); - physmem->ntdll = LoadLibrary(TEXT("ntdll.dll")); - win32_change_error_mode(prev_error_mode); - if (!physmem->ntdll) + ntdll = GetModuleHandle(TEXT("ntdll.dll")); + if (!ntdll) { - a->debug("failed: cannot open ntdll.dll library: %s.", win32_strerror(GetLastError())); + a->debug("failed: library ntdll.dll is not present."); errno = ENOENT; return 0; } - physmem->RtlNtStatusToDosError = (LPVOID)GetProcAddress(physmem->ntdll, "RtlNtStatusToDosError"); + physmem->RtlNtStatusToDosError = (LPVOID)GetProcAddress(ntdll, "RtlNtStatusToDosError"); - physmem->NtOpenSection = (LPVOID)GetProcAddress(physmem->ntdll, "NtOpenSection"); + physmem->NtOpenSection = (LPVOID)GetProcAddress(ntdll, "NtOpenSection"); if (!physmem->NtOpenSection) { a->debug("failed: function NtOpenSection() not found."); - FreeLibrary(physmem->ntdll); - physmem->ntdll = NULL; errno = ENOENT; return 0; } - physmem->NtMapViewOfSection = (LPVOID)GetProcAddress(physmem->ntdll, "NtMapViewOfSection"); + physmem->NtMapViewOfSection = (LPVOID)GetProcAddress(ntdll, "NtMapViewOfSection"); if (!physmem->NtMapViewOfSection) { a->debug("failed: function NtMapViewOfSection() not found."); - FreeLibrary(physmem->ntdll); - physmem->ntdll = NULL; errno = ENOENT; return 0; } - physmem->NtUnmapViewOfSection = (LPVOID)GetProcAddress(physmem->ntdll, "NtUnmapViewOfSection"); + physmem->NtUnmapViewOfSection = (LPVOID)GetProcAddress(ntdll, "NtUnmapViewOfSection"); if (!physmem->NtUnmapViewOfSection) { a->debug("failed: function NtUnmapViewOfSection() not found."); - FreeLibrary(physmem->ntdll); - physmem->ntdll = NULL; errno = ENOENT; return 0; } @@ -733,8 +724,6 @@ init_physmem_ntdll(struct physmem *physmem, struct pci_access *a, const char *fi if (len <= 0) { a->debug("Option devmem.path '%s' is invalid multibyte string.", filename); - FreeLibrary(physmem->ntdll); - physmem->ntdll = NULL; errno = EINVAL; return 0; } @@ -745,8 +734,6 @@ init_physmem_ntdll(struct physmem *physmem, struct pci_access *a, const char *fi { a->debug("Option devmem.path '%s' is invalid multibyte string.", filename); pci_mfree(wide_filename); - FreeLibrary(physmem->ntdll); - physmem->ntdll = NULL; errno = EINVAL; return 0; } @@ -762,8 +749,6 @@ init_physmem_ntdll(struct physmem *physmem, struct pci_access *a, const char *fi if (status < 0 || physmem->section_handle == INVALID_HANDLE_VALUE) { - FreeLibrary(physmem->ntdll); - physmem->ntdll = NULL; physmem->section_handle = INVALID_HANDLE_VALUE; if (status == 0) a->debug("failed."); @@ -853,8 +838,6 @@ physmem_close(struct physmem *physmem) { if (physmem->section_handle != INVALID_HANDLE_VALUE) CloseHandle(physmem->section_handle); - if (physmem->ntdll) - FreeLibrary(physmem->ntdll); pci_mfree(physmem); } diff --git a/lib/win32-sysdbg.c b/lib/win32-sysdbg.c index 6847fee..93eeb6d 100644 --- a/lib/win32-sysdbg.c +++ b/lib/win32-sysdbg.c @@ -85,7 +85,6 @@ static BOOL debug_privilege_enabled; static LUID luid_debug_privilege; static BOOL revert_only_privilege; static HANDLE revert_token; -static HMODULE ntdll; static int win32_sysdbg_initialized; @@ -117,20 +116,18 @@ win32_sysdbg_pci_bus_data(BOOL WriteBusData, BYTE BusNumber, BYTE DeviceNumber, static int win32_sysdbg_setup(struct pci_access *a) { - UINT prev_error_mode; NTSTATUS status; + HMODULE ntdll; ULONG ret_len; DWORD id; if (win32_sysdbg_initialized) return 1; - prev_error_mode = win32_change_error_mode(SEM_FAILCRITICALERRORS | SEM_NOOPENFILEERRORBOX); - ntdll = LoadLibrary(TEXT("ntdll.dll")); - win32_change_error_mode(prev_error_mode); + ntdll = GetModuleHandle(TEXT("ntdll.dll")); if (!ntdll) { - a->debug("Cannot open ntdll.dll library."); + a->debug("Library ntdll.dll is not present."); return 0; } @@ -138,8 +135,6 @@ win32_sysdbg_setup(struct pci_access *a) if (!NtSystemDebugControl) { a->debug("Function NtSystemDebugControl() is not supported."); - FreeLibrary(ntdll); - ntdll = NULL; return 0; } @@ -162,8 +157,6 @@ win32_sysdbg_setup(struct pci_access *a) a->debug("NT SysDbg is disabled."); else a->debug("NT SysDbg returned error 0x%lx.", status); - FreeLibrary(ntdll); - ntdll = NULL; NtSystemDebugControl = NULL; return 0; } @@ -173,8 +166,6 @@ win32_sysdbg_setup(struct pci_access *a) if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid_debug_privilege)) { a->debug("Debug privilege is not supported."); - FreeLibrary(ntdll); - ntdll = NULL; NtSystemDebugControl = NULL; return 0; } @@ -182,8 +173,6 @@ win32_sysdbg_setup(struct pci_access *a) if (!win32_enable_privilege(luid_debug_privilege, &revert_token, &revert_only_privilege)) { a->debug("Cannot enable Debug privilege."); - FreeLibrary(ntdll); - ntdll = NULL; NtSystemDebugControl = NULL; return 0; } @@ -201,8 +190,6 @@ win32_sysdbg_setup(struct pci_access *a) revert_token = NULL; revert_only_privilege = FALSE; - FreeLibrary(ntdll); - ntdll = NULL; NtSystemDebugControl = NULL; if (status == STATUS_NOT_IMPLEMENTED || status == STATUS_INVALID_INFO_CLASS) @@ -250,8 +237,6 @@ win32_sysdbg_cleanup(struct pci_access *a UNUSED) debug_privilege_enabled = FALSE; } - FreeLibrary(ntdll); - ntdll = NULL; NtSystemDebugControl = NULL; win32_sysdbg_initialized = 0;