MmpPostponedTls shuts down gracefully.

Author: bb107

MemoryModule/MmpTlsFiber.cpp

@@ -27,42 +27,48 @@ DWORD WINAPI MmpReleasePostponedTlsWorker(PVOID) {
 
 		EnterCriticalSection(&MmpPostponedTlsLock);
 
-		auto iter = MmpPostponedTlsList->begin();
+		if (MmpPostponedTlsList) {
+			auto iter = MmpPostponedTlsList->begin();
 
-		while (iter != MmpPostponedTlsList->end()) {
-			const auto& item = *iter;
-			GetExitCodeThread(item.hThread, &code);
+			while (iter != MmpPostponedTlsList->end()) {
+				const auto& item = *iter;
+				GetExitCodeThread(item.hThread, &code);
 
-			if (code == STILL_ACTIVE) {
-				++iter;
-			}
-			else {
+				if (code == STILL_ACTIVE) {
+					++iter;
+				}
+				else {
 
-				RtlAcquireSRWLockExclusive(&MmpGlobalDataPtr->MmpTls->MmpTlsListLock);
+					RtlAcquireSRWLockExclusive(&MmpGlobalDataPtr->MmpTls->MmpTlsListLock);
 
-				auto TlspMmpBlock = (PVOID*)item.lpOldTlsVector->ModuleTlsData;
-				auto entry = MmpGlobalDataPtr->MmpTls->MmpTlsList.Flink;
-				while (entry != &MmpGlobalDataPtr->MmpTls->MmpTlsList) {
+					auto TlspMmpBlock = (PVOID*)item.lpOldTlsVector->ModuleTlsData;
+					auto entry = MmpGlobalDataPtr->MmpTls->MmpTlsList.Flink;
+					while (entry != &MmpGlobalDataPtr->MmpTls->MmpTlsList) {
 
-					auto p = CONTAINING_RECORD(entry, TLS_ENTRY, TlsEntryLinks);
-					RtlFreeHeap(RtlProcessHeap(), 0, TlspMmpBlock[p->TlsDirectory.Characteristics]);
+						auto p = CONTAINING_RECORD(entry, TLS_ENTRY, TlsEntryLinks);
+						RtlFreeHeap(RtlProcessHeap(), 0, TlspMmpBlock[p->TlsDirectory.Characteristics]);
 
-					entry = entry->Flink;
-				}
+						entry = entry->Flink;
+					}
 
-				RtlFreeHeap(RtlProcessHeap(), 0, CONTAINING_RECORD(item.lpTlsRecord->TlspLdrBlock, TLS_VECTOR, TLS_VECTOR::ModuleTlsData));
-				RtlFreeHeap(RtlProcessHeap(), 0, item.lpTlsRecord);
-				RtlFreeHeap(RtlProcessHeap(), 0, item.lpOldTlsVector);
+					RtlFreeHeap(RtlProcessHeap(), 0, CONTAINING_RECORD(item.lpTlsRecord->TlspLdrBlock, TLS_VECTOR, TLS_VECTOR::ModuleTlsData));
+					RtlFreeHeap(RtlProcessHeap(), 0, item.lpTlsRecord);
+					RtlFreeHeap(RtlProcessHeap(), 0, item.lpOldTlsVector);
 
-				RtlReleaseSRWLockExclusive(&MmpGlobalDataPtr->MmpTls->MmpTlsListLock);
+					RtlReleaseSRWLockExclusive(&MmpGlobalDataPtr->MmpTls->MmpTlsListLock);
+
+					CloseHandle(item.hThread);
+					iter = MmpPostponedTlsList->erase(iter);
+				}
 
-				CloseHandle(item.hThread);
-				iter = MmpPostponedTlsList->erase(iter);
 			}
 
+			waitTime = MmpPostponedTlsList->empty() ? INFINITE : 1000;
+		}
+		else {
+			LeaveCriticalSection(&MmpPostponedTlsLock);
+			break;
 		}
-
-		waitTime = MmpPostponedTlsList->empty() ? INFINITE : 1000;
 
 		LeaveCriticalSection(&MmpPostponedTlsLock);
 	}
@@ -100,16 +106,35 @@ VOID WINAPI MmpQueuePostponedTls(PMMP_TLSP_RECORD record) {
 
 	EnterCriticalSection(&MmpPostponedTlsLock);
 
-	MmpPostponedTlsList->push_back(item);
-	SetEvent(MmpPostponedTlsEvent);
+	if (MmpPostponedTlsList) {
+		MmpPostponedTlsList->push_back(item);
+		SetEvent(MmpPostponedTlsEvent);
+	}
+	else {
+		RtlFreeHeap(RtlProcessHeap(), 0, item.lpOldTlsVector);
+	}
 
 	LeaveCriticalSection(&MmpPostponedTlsLock);
 }
 
+VOID OnExit() {
+	EnterCriticalSection(&MmpPostponedTlsLock);
+
+	MmpPostponedTlsList->~vector();
+	HeapFree(RtlProcessHeap(), 0, MmpPostponedTlsList);
+	MmpPostponedTlsList = nullptr;
+
+	CloseHandle(MmpPostponedTlsEvent);
+
+	LeaveCriticalSection(&MmpPostponedTlsLock);
+}
+
 VOID MmpTlsFiberInitialize() {
 	InitializeCriticalSection(&MmpPostponedTlsLock);
 	MmpPostponedTlsEvent = CreateEvent(nullptr, FALSE, FALSE, nullptr);
 	MmpPostponedTlsList = new(HeapAlloc(GetProcessHeap(), 0, sizeof(std::vector<MMP_POSTPONED_TLS>))) std::vector<MMP_POSTPONED_TLS>();
+	
+	atexit(OnExit);
 
 	CreateThread(nullptr, 0, MmpReleasePostponedTlsWorker_Wrap, nullptr, 0, nullptr);
 }

test/test.cpp

@@ -62,62 +62,79 @@ PVOID ReadDllFile2(LPCSTR FileName) {
     return nullptr;
 }
 
-#define LIBRARY_PATH "\\\\DESKTOP-1145141919810\\Debug\\"
+int test() {
+    LPVOID buffer = ReadDllFile2("a.vmp.dll");
+
+    HMODULE hModule = nullptr;
+    FARPROC pfn = nullptr;
+    DWORD MemoryModuleFeatures = 0;
+
+    typedef int(*_exception)(int code);
+    _exception exception = nullptr;
+    HRSRC hRsrc;
+    DWORD SizeofRes;
+    HGLOBAL gRes;
+    char str[10];
+
+    LdrQuerySystemMemoryModuleFeatures(&MemoryModuleFeatures);
+    if (MemoryModuleFeatures != MEMORY_FEATURE_ALL) {
+        printf("not support all features on this version of windows.\n");
+    }
+
+    if (!NT_SUCCESS(LdrLoadDllMemoryExW(&hModule, nullptr, 0, buffer, 0, L"kernel64", nullptr))) goto end;
 
-HMODULE WINAPI MyLoadLibrary(LPCSTR lpModuleName) {
-    HMODULE hModule;
-    PVOID buffer;
+    //forward export
+    pfn = (decltype(pfn))(GetProcAddress(hModule, "Socket")); //ws2_32.WSASocketW
+    pfn = (decltype(pfn))(GetProcAddress(hModule, "VerifyTruse")); //wintrust.WinVerifyTrust
 
-    if (0 == _stricmp(lpModuleName, "CTestClassLibrary1.dll")) {
-        buffer = ReadDllFile(LIBRARY_PATH"CTestClassLibrary1.dll");
+    //exception
+    exception = (_exception)GetProcAddress(hModule, "exception");
+    if (exception) {
+        for (int i = 0; i < 5; ++i)exception(i);
     }
-    else if (0 == _stricmp(lpModuleName, "CTestClassLibrary2.dll")) {
-        buffer = ReadDllFile(LIBRARY_PATH"CTestClassLibrary2.dll");
+
+    //tls
+    pfn = GetProcAddress(hModule, "thread");
+    if (pfn && pfn()) {
+        printf("thread test failed.\n");
     }
-    else if (0 == _stricmp(lpModuleName, "CTestClassLibrary1Dep.dll")) {
-        buffer = ReadDllFile(LIBRARY_PATH"CTestClassLibrary1Dep.dll");
+
+    //resource
+    if (!LoadStringA(hModule, 101, str, 10)) {
+        printf("load string failed.\n");
     }
     else {
-        return nullptr;
+        printf("%s\n", str);
     }
-
-    hModule = LoadLibraryMemoryExA(buffer, 0, lpModuleName, nullptr, 0);
-    delete[]buffer;
-    return hModule;
-}
-
-VOID TestImportTableResolver() {
-    
-    //
-    // Register the import table resolver.
-    //
-    HANDLE hResolver = MmRegisterImportTableResolver(MyLoadLibrary, FreeLibraryMemory);
-
-    //
-    //                  |-> CTestClassLibrary1.dll -> CTestClassLibrary1Dep.dll
-    // CTestClient.dll -|
-    //                  |-> CTestClassLibrary2.dll
-    //
-    
-    PVOID Client = ReadDllFile2("CTestClient.dll");
-    HMODULE hm = LoadLibraryMemoryEx(Client, 0, TEXT("CTestClient.dll"), nullptr, 0);
-    delete[]Client;
-
-    if (hm) {
-        auto pfn = GetProcAddress(hm, "TestProc");
-        if (pfn) {
-            pfn();
+    if (!(hRsrc = FindResourceA(hModule, MAKEINTRESOURCEA(102), "BINARY"))) {
+        printf("find binary resource failed.\n");
+    }
+    else {
+        if ((SizeofRes = SizeofResource(hModule, hRsrc)) != 0x10) {
+            printf("invalid res size.\n");
+        }
+        else {
+            if (!(gRes = LoadResource(hModule, hRsrc))) {
+                printf("load res failed.\n");
+            }
+            else {
+                if (!LockResource(gRes))printf("lock res failed.\n");
+                else {
+                    printf("resource test success.\n");
+                }
+            }
         }
-
-        FreeLibraryMemory(hm);
     }
 
-    MmRemoveImportTableResolver(hResolver);
+end:
+    LdrUnloadDllMemory(hModule);
+    delete[]buffer;
+    return 0;
 }
 
 int main() {
     DisplayStatus();
-    TestImportTableResolver();
+    test();
 
     return 0;
 }