Name Description Size
Authenticode.cpp 16287
Authenticode.h 939
CacheNtDllThunk.cpp 1739
CacheNtDllThunk.h 658 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ /* vim: set ts=8 sts=2 et sw=2 tw=80: */ /* This file was auto-generated from {0} by */ #ifndef mozilla_{1}_h #define mozilla_{1}_h 25044
LoaderAPIInterfaces.h Notification that a DLL load has begun. @param aContext Outparam that allows this observer to store any context information pertaining to the current load. @param aRequestedDllName The DLL name requested by whatever invoked the loader. This name may not match the effective name of the DLL once the loader has completed its path search. 4418
LoaderObserver.cpp 4127
LoaderObserver.h 1499
ModuleLoadFrame.cpp static 3548
ModuleLoadFrame.h 1306
ModuleLoadInfo.h This constructor is for use by the LdrLoadDll hook. 5738 1994
nsWindowsDllInterceptor.h Simple function interception. We have two separate mechanisms for intercepting a function: We can use the built-in nop space, if it exists, or we can create a detour. Using the built-in nop space works as follows: On x86-32, DLL functions begin with a two-byte nop (mov edi, edi) and are preceeded by five bytes of NOP instructions. When we detect a function with this prelude, we do the following: 1. Write a long jump to our interceptor function into the five bytes of NOPs before the function. 2. Write a short jump -5 into the two-byte nop at the beginning of the function. This mechanism is nice because it's thread-safe. It's even safe to do if another thread is currently running the function we're modifying! When the WindowsDllNopSpacePatcher is destroyed, we overwrite the short jump but not the long jump, so re-intercepting the same function won't work, because its prelude won't match. Unfortunately nop space patching doesn't work on functions which don't have this magic prelude (and in particular, x86-64 never has the prelude). So when we can't use the built-in nop space, we fall back to using a detour, which works as follows: 1. Save first N bytes of OrigFunction to trampoline, where N is a number of bytes >= 5 that are instruction aligned. 2. Replace first 5 bytes of OrigFunction with a jump to the Hook function. 3. After N bytes of the trampoline, add a jump to OrigFunction+N to continue original program flow. 4. Hook function needs to call the trampoline during its execution, to invoke the original function (so address of trampoline is returned). When the WindowsDllDetourPatcher object is destructed, OrigFunction is patched again to jump directly to the trampoline instead of going through the hook function. As such, re-intercepting the same function won't work, as jump instructions are not supported. Note that this is not thread-safe. Sad day. 25522
NtLoaderAPI.h 717
SharedSection.h 1215
WindowsBCryptInitialization.cpp 779
WindowsBCryptInitialization.h 1033
WindowsDllBlocklist.cpp Some versions of Windows call LoadLibraryEx to get the version information for a DLL, which causes our patched LdrLoadDll implementation to re-enter itself and cause infinite recursion and a stack-exhaustion crash. We protect against reentrancy by allowing recursive loads of the same DLL. Note that we don't use __declspec(thread) because that doesn't work in DLLs loaded via LoadLibrary and there can be a limited number of TLS slots, so we roll our own. 23386
WindowsDllBlocklist.h 3332
WindowsDllBlocklistCommon.h 1865 18626
WindowsDllBlocklistInfo.h 3842
WindowsDllServices.h WARNING: This method is called from within an unsafe context that holds multiple locks inside the Windows loader. The only thing that this function should be used for is dispatching the event to our event loop so that it may be handled in a safe context. 7985
WindowsFallbackLoaderAPI.cpp 2786
WindowsFallbackLoaderAPI.h 1468
WindowsMsctfInitialization.cpp 2980
WindowsMsctfInitialization.h 858
WindowsStackWalkInitialization.cpp 2485
WindowsStackWalkInitialization.h 676