📄 startup.c
字号:
PEPFUNC EntryPoint;
PIMAGE_DOS_HEADER PEDosHeader;
PVOID ImageBase;
PPEB Peb;
PLDR_DATA_TABLE_ENTRY NtModule; // ntdll
NLSTABLEINFO NlsTable;
WCHAR FullNtDllPath[MAX_PATH];
SYSTEM_BASIC_INFORMATION SystemInformation;
NTSTATUS Status;
DPRINT("LdrpInit()\n");
if (NtCurrentPeb()->Ldr == NULL || NtCurrentPeb()->Ldr->Initialized == FALSE)
{
Peb = NtCurrentPeb();
DPRINT("Peb %p\n", Peb);
ImageBase = Peb->ImageBaseAddress;
DPRINT("ImageBase %p\n", ImageBase);
if (ImageBase <= (PVOID)0x1000)
{
DPRINT("ImageBase is null\n");
ZwTerminateProcess(NtCurrentProcess(), STATUS_INVALID_IMAGE_FORMAT);
}
/* If MZ header exists */
PEDosHeader = (PIMAGE_DOS_HEADER) ImageBase;
DPRINT("PEDosHeader %p\n", PEDosHeader);
if (PEDosHeader->e_magic != IMAGE_DOS_SIGNATURE ||
PEDosHeader->e_lfanew == 0L ||
*(PULONG)((PUCHAR)ImageBase + PEDosHeader->e_lfanew) != IMAGE_NT_SIGNATURE)
{
DPRINT1("Image has bad header\n");
ZwTerminateProcess(NtCurrentProcess(), STATUS_INVALID_IMAGE_FORMAT);
}
/* normalize process parameters */
RtlNormalizeProcessParams (Peb->ProcessParameters);
/* Initialize NLS data */
RtlInitNlsTables (Peb->AnsiCodePageData,
Peb->OemCodePageData,
Peb->UnicodeCaseTableData,
&NlsTable);
RtlResetRtlTranslations (&NlsTable);
NTHeaders = (PIMAGE_NT_HEADERS)((ULONG_PTR)ImageBase + PEDosHeader->e_lfanew);
/* Get number of processors */
DPRINT("Here\n");
Status = ZwQuerySystemInformation(SystemBasicInformation,
&SystemInformation,
sizeof(SYSTEM_BASIC_INFORMATION),
NULL);
DPRINT("Here2\n");
if (!NT_SUCCESS(Status))
{
ZwTerminateProcess(NtCurrentProcess(), Status);
}
Peb->NumberOfProcessors = SystemInformation.NumberOfProcessors;
/* Initialize Critical Section Data */
RtlpInitDeferedCriticalSection();
/* create process heap */
RtlInitializeHeapManager();
Peb->ProcessHeap = RtlCreateHeap(HEAP_GROWABLE,
NULL,
NTHeaders->OptionalHeader.SizeOfHeapReserve,
NTHeaders->OptionalHeader.SizeOfHeapCommit,
NULL,
NULL);
if (Peb->ProcessHeap == 0)
{
DPRINT1("Failed to create process heap\n");
ZwTerminateProcess(NtCurrentProcess(), STATUS_INSUFFICIENT_RESOURCES);
}
/* initialized vectored exception handling */
RtlpInitializeVectoredExceptionHandling();
/* initalize peb lock support */
RtlInitializeCriticalSection (&PebLock);
Peb->FastPebLock = &PebLock;
Peb->FastPebLockRoutine = (PPEBLOCKROUTINE)RtlEnterCriticalSection;
Peb->FastPebUnlockRoutine = (PPEBLOCKROUTINE)RtlLeaveCriticalSection;
/* initialize tls bitmap */
RtlInitializeBitMap (&TlsBitMap,
Peb->TlsBitmapBits,
TLS_MINIMUM_AVAILABLE);
Peb->TlsBitmap = &TlsBitMap;
Peb->TlsExpansionCounter = TLS_MINIMUM_AVAILABLE;
/* Initialize table of callbacks for the kernel. */
Peb->KernelCallbackTable =
RtlAllocateHeap(RtlGetProcessHeap(),
0,
sizeof(PVOID) * (USER32_CALLBACK_MAXIMUM + 1));
if (Peb->KernelCallbackTable == NULL)
{
DPRINT1("Failed to create callback table\n");
ZwTerminateProcess(NtCurrentProcess(),STATUS_INSUFFICIENT_RESOURCES);
}
/* initalize loader lock */
RtlInitializeCriticalSection (&LoaderLock);
Peb->LoaderLock = &LoaderLock;
/* create loader information */
Peb->Ldr = (PPEB_LDR_DATA)RtlAllocateHeap (Peb->ProcessHeap,
0,
sizeof(PEB_LDR_DATA));
if (Peb->Ldr == NULL)
{
DPRINT1("Failed to create loader data\n");
ZwTerminateProcess(NtCurrentProcess(), STATUS_INSUFFICIENT_RESOURCES);
}
Peb->Ldr->Length = sizeof(PEB_LDR_DATA);
Peb->Ldr->Initialized = FALSE;
Peb->Ldr->SsHandle = NULL;
InitializeListHead(&Peb->Ldr->InLoadOrderModuleList);
InitializeListHead(&Peb->Ldr->InMemoryOrderModuleList);
InitializeListHead(&Peb->Ldr->InInitializationOrderModuleList);
/* Load compatibility settings */
LoadCompatibilitySettings(Peb);
/* Load execution options */
LoadImageFileExecutionOptions(Peb);
/* Initialize the static teb string */
NtCurrentTeb()->StaticUnicodeString.Length = 0;
NtCurrentTeb()->StaticUnicodeString.MaximumLength = sizeof(NtCurrentTeb()->StaticUnicodeBuffer);
NtCurrentTeb()->StaticUnicodeString.Buffer = NtCurrentTeb()->StaticUnicodeBuffer;
/* build full ntdll path */
wcscpy (FullNtDllPath, SharedUserData->NtSystemRoot);
wcscat (FullNtDllPath, L"\\system32\\ntdll.dll");
/* add entry for ntdll */
NtModule = (PLDR_DATA_TABLE_ENTRY)RtlAllocateHeap (Peb->ProcessHeap,
0,
sizeof(LDR_DATA_TABLE_ENTRY));
if (NtModule == NULL)
{
DPRINT1("Failed to create loader module entry (NTDLL)\n");
ZwTerminateProcess(NtCurrentProcess(), STATUS_INSUFFICIENT_RESOURCES);
}
memset(NtModule, 0, sizeof(LDR_DATA_TABLE_ENTRY));
NtModule->DllBase = (PVOID)&_image_base__;
NtModule->EntryPoint = 0; /* no entry point */
RtlCreateUnicodeString (&NtModule->FullDllName,
FullNtDllPath);
RtlCreateUnicodeString (&NtModule->BaseDllName,
L"ntdll.dll");
NtModule->Flags = LDRP_IMAGE_DLL|LDRP_ENTRY_PROCESSED;
NtModule->LoadCount = -1; /* don't unload */
NtModule->TlsIndex = -1;
NtModule->SectionPointer = NULL;
NtModule->CheckSum = 0;
NTHeaders = RtlImageNtHeader (NtModule->DllBase);
NtModule->SizeOfImage = LdrpGetResidentSize(NTHeaders);
NtModule->TimeDateStamp = NTHeaders->FileHeader.TimeDateStamp;
InsertTailList(&Peb->Ldr->InLoadOrderModuleList,
&NtModule->InLoadOrderLinks);
InsertTailList(&Peb->Ldr->InInitializationOrderModuleList,
&NtModule->InInitializationOrderModuleList);
#if defined(DBG) || defined(KDBG)
LdrpLoadUserModuleSymbols(NtModule);
#endif /* DBG || KDBG */
/* add entry for executable (becomes first list entry) */
ExeModule = (PLDR_DATA_TABLE_ENTRY)RtlAllocateHeap (Peb->ProcessHeap,
0,
sizeof(LDR_DATA_TABLE_ENTRY));
if (ExeModule == NULL)
{
DPRINT1("Failed to create loader module infomation\n");
ZwTerminateProcess(NtCurrentProcess(), STATUS_INSUFFICIENT_RESOURCES);
}
ExeModule->DllBase = Peb->ImageBaseAddress;
if ((Peb->ProcessParameters == NULL) ||
(Peb->ProcessParameters->ImagePathName.Length == 0))
{
DPRINT1("Failed to access the process parameter block\n");
ZwTerminateProcess(NtCurrentProcess(),STATUS_UNSUCCESSFUL);
}
RtlCreateUnicodeString(&ExeModule->FullDllName,
Peb->ProcessParameters->ImagePathName.Buffer);
RtlCreateUnicodeString(&ExeModule->BaseDllName,
wcsrchr(ExeModule->FullDllName.Buffer, L'\\') + 1);
DPRINT("BaseDllName '%wZ' FullDllName '%wZ'\n",
&ExeModule->BaseDllName,
&ExeModule->FullDllName);
ExeModule->Flags = LDRP_ENTRY_PROCESSED;
ExeModule->LoadCount = -1; /* don't unload */
ExeModule->TlsIndex = -1;
ExeModule->SectionPointer = NULL;
ExeModule->CheckSum = 0;
NTHeaders = RtlImageNtHeader (ExeModule->DllBase);
ExeModule->SizeOfImage = LdrpGetResidentSize(NTHeaders);
ExeModule->TimeDateStamp = NTHeaders->FileHeader.TimeDateStamp;
InsertHeadList(&Peb->Ldr->InLoadOrderModuleList,
&ExeModule->InLoadOrderLinks);
LdrpInitLoader();
#if defined(DBG) || defined(KDBG)
LdrpLoadUserModuleSymbols(ExeModule);
#endif /* DBG || KDBG */
EntryPoint = LdrPEStartup((PVOID)ImageBase, NULL, NULL, NULL);
ExeModule->EntryPoint = EntryPoint;
/* all required dlls are loaded now */
Peb->Ldr->Initialized = TRUE;
/* Check before returning that we can run the image safely. */
if (EntryPoint == NULL)
{
DPRINT1("Failed to initialize image\n");
ZwTerminateProcess(NtCurrentProcess(), STATUS_INVALID_IMAGE_FORMAT);
}
}
/* attach the thread */
RtlEnterCriticalSection(NtCurrentPeb()->LoaderLock);
LdrpAttachThread();
RtlLeaveCriticalSection(NtCurrentPeb()->LoaderLock);
}
/* EOF */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -