| Authenticode.cpp |
|
16287 |
| Authenticode.h |
|
939 |
| CacheNtDllThunk.cpp |
|
1739 |
| CacheNtDllThunk.h |
|
658 |
| gen_dll_blocklist_defs.py |
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This file was auto-generated from {0} by gen_dll_blocklist_data.py. */
#ifndef mozilla_{1}_h
#define mozilla_{1}_h
|
25044 |
| interceptor |
|
|
| LoaderAPIInterfaces.h |
Notification that a DLL load has begun.
@param aContext Outparam that allows this observer to store any context
information pertaining to the current load.
@param aRequestedDllName The DLL name requested by whatever invoked the
loader. This name may not match the effective
name of the DLL once the loader has completed
its path search.
|
4418 |
| LoaderObserver.cpp |
|
4127 |
| LoaderObserver.h |
|
1499 |
| ModuleLoadFrame.cpp |
static |
3548 |
| ModuleLoadFrame.h |
|
1306 |
| ModuleLoadInfo.h |
This constructor is for use by the LdrLoadDll hook.
|
5738 |
| moz.build |
|
1994 |
| nsWindowsDllInterceptor.h |
Simple function interception.
We have two separate mechanisms for intercepting a function: We can use the
built-in nop space, if it exists, or we can create a detour.
Using the built-in nop space works as follows: On x86-32, DLL functions
begin with a two-byte nop (mov edi, edi) and are preceeded by five bytes of
NOP instructions.
When we detect a function with this prelude, we do the following:
1. Write a long jump to our interceptor function into the five bytes of NOPs
before the function.
2. Write a short jump -5 into the two-byte nop at the beginning of the
function.
This mechanism is nice because it's thread-safe. It's even safe to do if
another thread is currently running the function we're modifying!
When the WindowsDllNopSpacePatcher is destroyed, we overwrite the short jump
but not the long jump, so re-intercepting the same function won't work,
because its prelude won't match.
Unfortunately nop space patching doesn't work on functions which don't have
this magic prelude (and in particular, x86-64 never has the prelude). So
when we can't use the built-in nop space, we fall back to using a detour,
which works as follows:
1. Save first N bytes of OrigFunction to trampoline, where N is a
number of bytes >= 5 that are instruction aligned.
2. Replace first 5 bytes of OrigFunction with a jump to the Hook
function.
3. After N bytes of the trampoline, add a jump to OrigFunction+N to
continue original program flow.
4. Hook function needs to call the trampoline during its execution,
to invoke the original function (so address of trampoline is
returned).
When the WindowsDllDetourPatcher object is destructed, OrigFunction is
patched again to jump directly to the trampoline instead of going through
the hook function. As such, re-intercepting the same function won't work, as
jump instructions are not supported.
Note that this is not thread-safe. Sad day.
|
25522 |
| NtLoaderAPI.h |
|
717 |
| SharedSection.h |
|
1215 |
| WindowsBCryptInitialization.cpp |
|
779 |
| WindowsBCryptInitialization.h |
|
1033 |
| WindowsDllBlocklist.cpp |
Some versions of Windows call LoadLibraryEx to get the version information
for a DLL, which causes our patched LdrLoadDll implementation to re-enter
itself and cause infinite recursion and a stack-exhaustion crash. We protect
against reentrancy by allowing recursive loads of the same DLL.
Note that we don't use __declspec(thread) because that doesn't work in DLLs
loaded via LoadLibrary and there can be a limited number of TLS slots, so
we roll our own.
|
23386 |
| WindowsDllBlocklist.h |
|
3332 |
| WindowsDllBlocklistCommon.h |
|
1865 |
| WindowsDllBlocklistDefs.in |
|
18109 |
| WindowsDllBlocklistInfo.h |
|
3842 |
| WindowsDllServices.h |
WARNING: This method is called from within an unsafe context that holds
multiple locks inside the Windows loader. The only thing that
this function should be used for is dispatching the event to our
event loop so that it may be handled in a safe context.
|
7985 |
| WindowsFallbackLoaderAPI.cpp |
|
2786 |
| WindowsFallbackLoaderAPI.h |
|
1468 |
| WindowsMsctfInitialization.cpp |
|
2980 |
| WindowsMsctfInitialization.h |
|
858 |
| WindowsStackWalkInitialization.cpp |
|
2485 |
| WindowsStackWalkInitialization.h |
|
676 |