For a 32bit process, running in the "old" wow64 configuration, the filename of loaded (32 bit) ntdll.dll is reported as ..\system32\ntdll.dll instead of being in the wow64 directory.
This affects: - filename used for image mapping - filename entry in LdrData
(Note all the others DLLs in this configuration are correctly exposed in wow64 directory).
Signed-off-by: Eric Pouech eric.pouech@gmail.com
From: Eric Pouech eric.pouech@gmail.com
For a 32bit process, running in the "old" wow64 configuration, the filename of loaded (32 bit) ntdll.dll is reported as ..\system32\ntdll.dll instead of being in the wow64 directory.
This affects: - filename used for image mapping - filename entry in LdrData
(Note all the others DLLs in this configuration are correctly exposed in wow64 directory).
Signed-off-by: Eric Pouech eric.pouech@gmail.com --- dlls/ntdll/loader.c | 16 +++++++++++++++- dlls/ntdll/unix/loader.c | 11 ++++++++--- 2 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c index 01a30742678..21d19231eb9 100644 --- a/dlls/ntdll/loader.c +++ b/dlls/ntdll/loader.c @@ -2197,8 +2197,22 @@ static void build_ntdll_module( HMODULE module ) { UNICODE_STRING nt_name; WINE_MODREF *wm; + const WCHAR *name = L"\??\C:\windows\system32\ntdll.dll"; + + if (sizeof(void*) == 4 && NtCurrentTeb()->WowTebOffset) + { + switch (RtlImageNtHeader( NtCurrentTeb()->Peb->ImageBaseAddress )->FileHeader.Machine) + { + case IMAGE_FILE_MACHINE_I386: + name = L"\??\C:\windows\syswow64\ntdll.dll"; + break; + case IMAGE_FILE_MACHINE_ARMNT: + name = L"\??\C:\windows\sysarm32\ntdll.dll"; + break; + } + } + RtlInitUnicodeString( &nt_name, name );
- RtlInitUnicodeString( &nt_name, L"\??\C:\windows\system32\ntdll.dll" ); wm = alloc_module( module, &nt_name, TRUE ); assert( wm ); wm->ldr.Flags &= ~LDR_DONT_RESOLVE_REFS; diff --git a/dlls/ntdll/unix/loader.c b/dlls/ntdll/unix/loader.c index 65934acfc36..d5bef605e93 100644 --- a/dlls/ntdll/unix/loader.c +++ b/dlls/ntdll/unix/loader.c @@ -1878,8 +1878,8 @@ NTSTATUS load_start_exe( WCHAR **image, void **module ) */ static void load_ntdll(void) { - static WCHAR path[] = {'\','?','?','\','C',':','\','w','i','n','d','o','w','s','\', - 's','y','s','t','e','m','3','2','\','n','t','d','l','l','.','d','l','l',0}; + static WCHAR ntdll[] = {'n','t','d','l','l','.','d','l','l',0}; + const WCHAR *wow_dir = get_machine_wow64_dir( main_image_info.Machine ); const char *pe_dir = get_pe_dir( current_machine ); unsigned int status; SECTION_IMAGE_INFORMATION info; @@ -1888,8 +1888,12 @@ static void load_ntdll(void) void *module; SIZE_T size = 0; char *name; + WCHAR *imagename;
- init_unicode_string( &str, path ); + imagename = malloc( (wcslen(wow_dir) + ARRAY_SIZE(ntdll)) * sizeof(WCHAR) ); + wcscpy(imagename, wow_dir); + wcscat(imagename, ntdll); + init_unicode_string( &str, imagename ); InitializeObjectAttributes( &attr, &str, 0, 0, NULL );
name = malloc( strlen( ntdll_dir ) + strlen( pe_dir ) + sizeof("/ntdll.dll.so") ); @@ -1904,6 +1908,7 @@ static void load_ntdll(void) if (status == STATUS_IMAGE_NOT_AT_BASE) relocate_ntdll( module ); else if (status) fatal_error( "failed to load %s error %x\n", name, status ); free( name ); + free( imagename ); load_ntdll_functions( module ); ntdll_module = module; }
This affects:
- filename used for image mapping
- filename entry in LdrData
That's not true for LdrData, system32 is correct there.
On Mon Feb 6 10:36:23 2023 +0000, Alexandre Julliard wrote:
This affects:
- filename used for image mapping
- filename entry in LdrData
That's not true for LdrData, system32 is correct there.
closing. more tests needed.
This merge request was closed by eric pouech.
-
Alexandre Julliard (@julliard) -
Eric Pouech
-
eric pouech (@epo)