[PATCH 0/1] MR8324: kernelbase: Made LoadLibraryExA allocate a new buffer for the module name.
This is necessary if a protection software hooks LdrLoadDll, and then tries to use LoadLibrary[Ex]A from the hook. Yes, this actually happened.
From: Dylan Donnell dylan.donnell@student.griffith.ie
--- dlls/kernelbase/loader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/kernelbase/loader.c b/dlls/kernelbase/loader.c index 7afbe0460eb..c9f96ca7efd 100644 --- a/dlls/kernelbase/loader.c +++ b/dlls/kernelbase/loader.c @@ -534,7 +534,7 @@ HMODULE WINAPI DECLSPEC_HOTPATCH LoadLibraryExA( LPCSTR name, HANDLE file, DWORD { WCHAR *nameW;
- if (!(nameW = file_name_AtoW( name, FALSE ))) return 0; + if (!(nameW = file_name_AtoW( name, TRUE ))) return 0; return LoadLibraryExW( nameW, file, flags ); }
Those copy prohibition schemes never stop being insane, do they?
Probably no big deal to waste some time on an extra allocation (LoadLibrary is a lot slower than a malloc), but you should deallocate the string, at least.
-
Alfred Agrell (@Alcaro) -
Dylan Donnell
-
Dylan Donnell (@dy-tea)