[PATCH v2 0/1] MR8324: kernelbase: Made LoadLibraryExA allocate a new buffer for the module name.
This is necessary if a protection software hooks LdrLoadDll, and then tries to use LoadLibrary[Ex]A from the hook. Yes, this actually happened.
-- v2: kernelbase: Made LoadLibraryExA allocate a new buffer for the module name.
From: Dylan Donnell dylan.donnell@student.griffith.ie
--- dlls/kernelbase/loader.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/dlls/kernelbase/loader.c b/dlls/kernelbase/loader.c index 7afbe0460eb..6d651b0cc9f 100644 --- a/dlls/kernelbase/loader.c +++ b/dlls/kernelbase/loader.c @@ -533,9 +533,16 @@ HMODULE WINAPI DECLSPEC_HOTPATCH LoadLibraryW( LPCWSTR name ) HMODULE WINAPI DECLSPEC_HOTPATCH LoadLibraryExA( LPCSTR name, HANDLE file, DWORD flags ) { WCHAR *nameW; + HMODULE module; + + /* A new allocation is necessary due to TP Shell Service + * calling LoadLibraryExA from an LdrLoadDll hook */ + if (!(nameW = file_name_AtoW( name, TRUE ))) return 0;
- if (!(nameW = file_name_AtoW( name, FALSE ))) return 0; - return LoadLibraryExW( nameW, file, flags ); + module = LoadLibraryExW( nameW, file, flags ); + + HeapFree( GetProcessHeap(), 0, nameW ); + return module; }
-
Dylan Donnell -
Dylan Donnell (@dy-tea)