On Thu Apr 6 12:11:43 2023 +0000, eric pouech wrote:
hmm... some more tests show that loading from a wow64 process c:\windows\syswow64\mydll.dll (with absolute path) ends up with a path reported from system32 in LdrData chain (tested with regular system DLL, but also by adding a dummy DLL in a created subdir of syswow64 => same rewrite to system32 in LdrData) (so this rules out predefined list of dll) (and a main image path from syswow64 actually shows up in the various Ldr* and Rtl* functions, which likely indicates that process image path isn't modified) which means that my initial patch is wrong in changing the default load path, but this looks like that DLLs paths *must* be "unredirected" when being inserted in LdrData (except main module) I'll resubmit with including some of the tests. (and moving "unredirection" logic to ntdll.so will require a new syscall)
any feedback?