37 lines
1.7 KiB
C
37 lines
1.7 KiB
C
|
#pragma once
|
||
|
|
|
||
|
|
#include <windows.h>
|
||
|
|
#include <winternl.h>
|
||
|
|
|
||
|
|
// https://learn.microsoft.com/en-us/windows/win32/devnotes/ldrdllnotification
|
||
|
|
typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA {
|
||
|
|
ULONG Flags; //Reserved.
|
||
|
|
PCUNICODE_STRING FullDllName; //The full path name of the DLL module.
|
||
|
|
PCUNICODE_STRING BaseDllName; //The base file name of the DLL module.
|
||
|
|
PVOID DllBase; //A pointer to the base address for the DLL in memory.
|
||
|
|
ULONG SizeOfImage; //The size of the DLL image, in bytes.
|
||
|
|
} LDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_LOADED_NOTIFICATION_DATA;
|
||
|
|
|
||
|
|
typedef struct _LDR_DLL_UNLOADED_NOTIFICATION_DATA {
|
||
|
|
ULONG Flags; //Reserved.
|
||
|
|
PCUNICODE_STRING FullDllName; //The full path name of the DLL module.
|
||
|
|
PCUNICODE_STRING BaseDllName; //The base file name of the DLL module.
|
||
|
|
PVOID DllBase; //A pointer to the base address for the DLL in memory.
|
||
|
|
ULONG SizeOfImage; //The size of the DLL image, in bytes.
|
||
|
|
} LDR_DLL_UNLOADED_NOTIFICATION_DATA, *PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
|
||
|
|
|
||
|
|
typedef union _LDR_DLL_NOTIFICATION_DATA {
|
||
|
|
LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
|
||
|
|
LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
|
||
|
|
} LDR_DLL_NOTIFICATION_DATA, *PLDR_DLL_NOTIFICATION_DATA;
|
||
|
|
|
||
|
|
typedef void (*LdrDllNotification_t)(ULONG reason, const PLDR_DLL_NOTIFICATION_DATA data, void *context);
|
||
|
|
|
||
|
|
typedef NTSTATUS (*LdrRegisterDllNotification_t)(ULONG flags, LdrDllNotification_t notificationFunction, void *context, void **cookie);
|
||
|
|
typedef NTSTATUS (*LdrUnregisterDllNotification_t)(void *cookie);
|
||
|
|
|
||
|
|
extern LdrRegisterDllNotification_t LdrRegisterDllNotification;
|
||
|
|
extern LdrUnregisterDllNotification_t LdrUnregisterDllNotification;
|
||
|
|
|
||
|
|
void ntdll_link();
|