[NTDLL_VISTA:LDR] Implement DLL Notification (reactos#6795)

Implement DLL Load Notification, an NT6+ feature.
https://learn.microsoft.com/en-us/windows/win32/devnotes/dll-load-notification

- [RTL] Sync `RTL_STATIC_LIST_HEAD` and `RtlFailFast` from XDK to NDK.
- [NTDLL_VISTA] Introduce ntdll_vista_static static library and link both ntdll_vista and ntdll to it.
- [NDK][LDR] Add and fix DLL Notification definitions.
- [NTDLL_VISTA] Code improvements.
- [NTDLL_VISTA:LDR] Implement Dll Notification.
- [NTDLL][NTDLL_APITEST] Add Dll Notification API test.

Author: RatinCN

dll/ntdll/CMakeLists.txt

@@ -65,7 +65,7 @@ set_module_type(ntdll win32dll ENTRYPOINT 0)
 set_subsystem(ntdll console)
 ################# END  HACK #################
 
-target_link_libraries(ntdll etwtrace csrlib rtl rtl_um rtl_vista ntdllsys libcntpr uuid ${PSEH_LIB})
+target_link_libraries(ntdll ntdll_vista_static etwtrace csrlib rtl rtl_um rtl_vista ntdllsys libcntpr uuid ${PSEH_LIB})
 if(DLL_EXPORT_VERSION GREATER_EQUAL 0x600)
     target_link_libraries(ntdll cryptlib)
 endif()

dll/ntdll/def/ntdll.spec

@@ -170,7 +170,7 @@
 @ stdcall LdrQueryImageFileKeyOption(ptr ptr long ptr long ptr)
 @ stdcall -stub -version=0x600+ LdrQueryModuleServiceTags(ptr ptr ptr)
 @ stdcall LdrQueryProcessModuleInformation(ptr long ptr)
-@ stdcall -stub -version=0x600+ LdrRegisterDllNotification(long ptr ptr ptr)
+@ stdcall -version=0x600+ LdrRegisterDllNotification(long ptr ptr ptr)
 @ stdcall -stub -version=0x600+ LdrRemoveLoadAsDataTable(ptr ptr ptr long)
 @ stub -version=0x600+ LdrResFindResource
 @ stub -version=0x600+ LdrResFindResourceDirectory
@@ -185,7 +185,7 @@
 @ stub -version=0x600+ LdrUnloadAlternateResourceModuleEx
 @ stdcall LdrUnloadDll(ptr)
 @ stdcall LdrUnlockLoaderLock(long ptr)
-@ stdcall -stub -version=0x600+ LdrUnregisterDllNotification(ptr)
+@ stdcall -version=0x600+ LdrUnregisterDllNotification(ptr)
 @ stdcall LdrVerifyImageMatchesChecksum(ptr long long long)
 @ stdcall -stub -version=0x600+ LdrVerifyImageMatchesChecksumEx(ptr ptr)
 @ stub -version=0x600+ LdrpResGetMappingSize

dll/ntdll/include/ntdllp.h

@@ -229,6 +229,15 @@ VOID
 NTAPI
 LdrpFinalizeAndDeallocateDataTableEntry(IN PLDR_DATA_TABLE_ENTRY Entry);
 
+#if (_WIN32_WINNT >= _WIN32_WINNT_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA)
+
+VOID
+NTAPI
+LdrpSendDllNotifications(
+    _In_ PLDR_DATA_TABLE_ENTRY DllEntry,
+    _In_ ULONG NotificationReason);
+
+#endif /* (_WIN32_WINNT >= _WIN32_WINNT_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA) */
 
 /* path.c */
 BOOLEAN
@@ -242,6 +251,11 @@ NTAPI
 RtlpInitializeKeyedEvent(
     VOID);
 
+VOID
+NTAPI
+RtlpCloseKeyedEvent(
+    VOID);
+
 VOID
 NTAPI
 RtlpInitializeThreadPooling(

dll/ntdll/ldr/ldrapi.c

@@ -1497,6 +1497,11 @@ LdrUnloadDll(
             DPRINT1("LDR: Unmapping [%ws]\n", LdrEntry->BaseDllName.Buffer);
         }
 
+#if (_WIN32_WINNT >= _WIN32_WINNT_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA)
+        /* Send shutdown notification */
+        LdrpSendDllNotifications(CurrentEntry, LDR_DLL_NOTIFICATION_REASON_UNLOADED);
+#endif
+
         /* Check if this is a .NET executable */
         CorImageData = RtlImageDirectoryEntryToData(LdrEntry->DllBase,
                                                     TRUE,
@@ -1520,9 +1525,6 @@ LdrUnloadDll(
         /* Unload the alternate resource module, if any */
         LdrUnloadAlternateResourceModule(CurrentEntry->DllBase);
 
-        /* FIXME: Send shutdown notification */
-        //LdrpSendDllNotifications(CurrentEntry, 2, LdrpShutdownInProgress);
-
         /* Check if a Hotpatch is active */
         if (LdrEntry->PatchInformation)
         {

dll/ntdll/ldr/ldrinit.c

@@ -56,9 +56,7 @@ ULONG LdrpNumberOfProcessors;
 PVOID NtDllBase;
 extern LARGE_INTEGER RtlpTimeout;
 extern BOOLEAN RtlpTimeoutDisable;
-PVOID LdrpHeap;
 LIST_ENTRY LdrpHashTable[LDR_HASH_TABLE_ENTRIES];
-LIST_ENTRY LdrpDllNotificationList;
 HANDLE LdrpKnownDllObjectDirectory;
 UNICODE_STRING LdrpKnownDllPath;
 WCHAR LdrpKnownDllPathBuffer[128];
@@ -2008,9 +2006,8 @@ LdrpInitializeProcess(IN PCONTEXT Context,
     //Peb->FastPebLockRoutine = (PPEBLOCKROUTINE)RtlEnterCriticalSection;
     //Peb->FastPebUnlockRoutine = (PPEBLOCKROUTINE)RtlLeaveCriticalSection;
 
-    /* Setup Callout Lock and Notification list */
+    /* Setup Callout Lock */
     //RtlInitializeCriticalSection(&RtlpCalloutEntryLock);
-    InitializeListHead(&LdrpDllNotificationList);
 
     /* For old executables, use 16-byte aligned heap */
     if ((NtHeader->OptionalHeader.MajorSubsystemVersion <= 3) &&

dll/ntdll/ldr/ldrutils.c

@@ -1226,7 +1226,12 @@ LdrpMapDll(IN PWSTR SearchPath OPTIONAL,
     /* Insert this entry */
     LdrpInsertMemoryTableEntry(LdrEntry);
 
-    // LdrpSendDllNotifications(LdrEntry, TRUE, Status == STATUS_IMAGE_NOT_AT_BASE)
+#if (_WIN32_WINNT >= _WIN32_WINNT_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA)
+    LdrpSendDllNotifications(LdrEntry, LDR_DLL_NOTIFICATION_REASON_LOADED);
+#if (_WIN32_WINNT >= _WIN32_WINNT_WIN8)
+    LdrEntry->Flags |= LDRP_LOAD_NOTIFICATIONS_SENT; /* LdrEntry->LoadNotificationsSent = TRUE; */
+#endif
+#endif
 
     /* Check for invalid CPU Image */
     if (Status == STATUS_IMAGE_MACHINE_TYPE_MISMATCH)

dll/ntdll/nt_0600/CMakeLists.txt

@@ -11,12 +11,15 @@ include_directories(
     ${REACTOS_SOURCE_DIR}/sdk/include/reactos/subsys)
 
 list(APPEND SOURCE
-    DllMain.c
-    ${CMAKE_CURRENT_BINARY_DIR}/ntdll_vista.def)
+    ldr/ldrinit.c
+    ldr/ldrnotify.c)
 
-add_library(ntdll_vista MODULE ${SOURCE} ntdll_vista.rc)
+add_library(ntdll_vista_static ${SOURCE})
+target_link_libraries(ntdll_vista_static)
+add_dependencies(ntdll_vista_static psdk)
+add_library(ntdll_vista MODULE DllMain.c ${CMAKE_CURRENT_BINARY_DIR}/ntdll_vista.def ntdll_vista.rc)
 set_module_type(ntdll_vista win32dll ENTRYPOINT DllMain 12)
-target_link_libraries(ntdll_vista smlib rtl_vista)
+target_link_libraries(ntdll_vista ntdll_vista_static smlib rtl_vista ${PSEH_LIB})
 if(ARCH STREQUAL "arm")
     target_link_libraries(ntdll_vista chkstk)
 endif()

dll/ntdll/nt_0600/DllMain.c

@@ -1,25 +1,4 @@
-#include <stdarg.h>
-
-#define WIN32_NO_STATUS
-
-#include <windef.h>
-#include <winbase.h>
-#include <winreg.h>
-#include <winuser.h>
-#include <winwlx.h>
-#include <ndk/rtltypes.h>
-#include <ndk/umfuncs.h>
-
-#define NDEBUG
-#include <debug.h>
-
-VOID
-NTAPI
-RtlpInitializeKeyedEvent(VOID);
-
-VOID
-NTAPI
-RtlpCloseKeyedEvent(VOID);
+#include "ntdll_vista.h"
 
 BOOL
 WINAPI

dll/ntdll/nt_0600/ldr/ldrinit.c

@@ -0,0 +1,3 @@
+#include "ntdll_vista.h"
+
+PVOID LdrpHeap;

dll/ntdll/nt_0600/ldr/ldrnotify.c

@@ -0,0 +1,154 @@
+/*
+ * PROJECT:     ReactOS NT Layer/System API
+ * LICENSE:     MIT (https://spdx.org/licenses/MIT)
+ * PURPOSE:     DLL Load Notification Implementation
+ * COPYRIGHT:   Copyright 2024 Ratin Gao <[email protected]>
+ */
+
+#include "ntdll_vista.h"
+
+/* GLOBALS *******************************************************************/
+
+typedef struct _LDR_DLL_NOTIFICATION_ENTRY
+{
+    LIST_ENTRY List;
+    PLDR_DLL_NOTIFICATION_FUNCTION Callback;
+    PVOID Context;
+} LDR_DLL_NOTIFICATION_ENTRY, *PLDR_DLL_NOTIFICATION_ENTRY;
+
+static RTL_STATIC_LIST_HEAD(LdrpDllNotificationList);
+
+/* Initialize critical section statically */
+static RTL_CRITICAL_SECTION LdrpDllNotificationLock;
+static RTL_CRITICAL_SECTION_DEBUG LdrpDllNotificationLockDebug = {
+    .CriticalSection = &LdrpDllNotificationLock
+};
+static RTL_CRITICAL_SECTION LdrpDllNotificationLock = {
+    &LdrpDllNotificationLockDebug,
+    -1,
+    0,
+    0,
+    0,
+    0
+};
+
+/* FUNCTIONS *****************************************************************/
+
+NTSTATUS
+NTAPI
+LdrRegisterDllNotification(
+    _In_ ULONG Flags,
+    _In_ PLDR_DLL_NOTIFICATION_FUNCTION NotificationFunction,
+    _In_opt_ PVOID Context,
+    _Out_ PVOID *Cookie)
+{
+    PLDR_DLL_NOTIFICATION_ENTRY NewEntry;
+
+    /* Check input parameters */
+    if (Flags != 0 || NotificationFunction == NULL || Cookie == NULL)
+    {
+        return STATUS_INVALID_PARAMETER;
+    }
+
+    /* Allocate new entry and assign input values */
+    NewEntry = RtlAllocateHeap(LdrpHeap, 0, sizeof(*NewEntry));
+    if (NewEntry == NULL)
+    {
+        return STATUS_NO_MEMORY;
+    }
+    NewEntry->Callback = NotificationFunction;
+    NewEntry->Context = Context;
+
+    /* Add node to the end of global list */
+    RtlEnterCriticalSection(&LdrpDllNotificationLock);
+    InsertTailList(&LdrpDllNotificationList, &NewEntry->List);
+    RtlLeaveCriticalSection(&LdrpDllNotificationLock);
+
+    /* Cookie is address of the new entry */
+    *Cookie = NewEntry;
+    return STATUS_SUCCESS;
+}
+
+NTSTATUS
+NTAPI
+LdrUnregisterDllNotification(
+    _In_ PVOID Cookie)
+{
+    NTSTATUS Status = STATUS_DLL_NOT_FOUND;
+    PLIST_ENTRY Entry;
+
+    /* Find entry to remove */
+    RtlEnterCriticalSection(&LdrpDllNotificationLock);
+    for (Entry = LdrpDllNotificationList.Flink;
+         Entry != &LdrpDllNotificationList;
+         Entry = Entry->Flink)
+    {
+        if (Entry == Cookie)
+        {
+            RemoveEntryList(Entry);
+            Status = STATUS_SUCCESS;
+            break;
+        }
+    }
+    RtlLeaveCriticalSection(&LdrpDllNotificationLock);
+
+    if (NT_SUCCESS(Status))
+    {
+        RtlFreeHeap(LdrpHeap, 0, Entry);
+    }
+    return Status;
+}
+
+VOID
+NTAPI
+LdrpSendDllNotifications(
+    _In_ PLDR_DATA_TABLE_ENTRY DllEntry,
+    _In_ ULONG NotificationReason)
+{
+    PLIST_ENTRY Entry;
+    PLDR_DLL_NOTIFICATION_ENTRY NotificationEntry;
+    LDR_DLL_NOTIFICATION_DATA NotificationData;
+
+    /*
+     * LDR_DLL_LOADED_NOTIFICATION_DATA and LDR_DLL_UNLOADED_NOTIFICATION_DATA
+     * currently are the same. Use C_ASSERT to ensure it, then fill either of them.
+     */
+#define LdrpAssertDllNotificationDataMember(x)\
+    C_ASSERT(FIELD_OFFSET(LDR_DLL_NOTIFICATION_DATA, Loaded.x) ==\
+             FIELD_OFFSET(LDR_DLL_NOTIFICATION_DATA, Unloaded.x))
+
+    C_ASSERT(sizeof(NotificationData.Loaded) == sizeof(NotificationData.Unloaded));
+    LdrpAssertDllNotificationDataMember(Flags);
+    LdrpAssertDllNotificationDataMember(FullDllName);
+    LdrpAssertDllNotificationDataMember(BaseDllName);
+    LdrpAssertDllNotificationDataMember(DllBase);
+    LdrpAssertDllNotificationDataMember(SizeOfImage);
+
+#undef LdrpAssertDllNotificationDataMember
+
+    NotificationData.Loaded.Flags = 0; /* Reserved and always 0, not DllEntry->Flags */
+    NotificationData.Loaded.FullDllName = &DllEntry->FullDllName;
+    NotificationData.Loaded.BaseDllName = &DllEntry->BaseDllName;
+    NotificationData.Loaded.DllBase = DllEntry->DllBase;
+    NotificationData.Loaded.SizeOfImage = DllEntry->SizeOfImage;
+
+    /* Send notification to all registered callbacks */
+    RtlEnterCriticalSection(&LdrpDllNotificationLock);
+    _SEH2_TRY
+    {
+        for (Entry = LdrpDllNotificationList.Flink;
+             Entry != &LdrpDllNotificationList;
+             Entry = Entry->Flink)
+        {
+            NotificationEntry = CONTAINING_RECORD(Entry, LDR_DLL_NOTIFICATION_ENTRY, List);
+            NotificationEntry->Callback(NotificationReason,
+                                        &NotificationData,
+                                        NotificationEntry->Context);
+        }
+    }
+    _SEH2_FINALLY
+    {
+        RtlLeaveCriticalSection(&LdrpDllNotificationLock);
+    }
+    _SEH2_END;
+}