1// Copyright 2011 The Go Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5package windows 6 7import ( 8 "sync" 9 "sync/atomic" 10 "syscall" 11 "unsafe" 12) 13 14// We need to use LoadLibrary and GetProcAddress from the Go runtime, because 15// the these symbols are loaded by the system linker and are required to 16// dynamically load additional symbols. Note that in the Go runtime, these 17// return syscall.Handle and syscall.Errno, but these are the same, in fact, 18// as windows.Handle and windows.Errno, and we intend to keep these the same. 19 20//go:linkname syscall_loadlibrary syscall.loadlibrary 21func syscall_loadlibrary(filename *uint16) (handle Handle, err Errno) 22 23//go:linkname syscall_getprocaddress syscall.getprocaddress 24func syscall_getprocaddress(handle Handle, procname *uint8) (proc uintptr, err Errno) 25 26// DLLError describes reasons for DLL load failures. 27type DLLError struct { 28 Err error 29 ObjName string 30 Msg string 31} 32 33func (e *DLLError) Error() string { return e.Msg } 34 35// A DLL implements access to a single DLL. 36type DLL struct { 37 Name string 38 Handle Handle 39} 40 41// LoadDLL loads DLL file into memory. 42// 43// Warning: using LoadDLL without an absolute path name is subject to 44// DLL preloading attacks. To safely load a system DLL, use LazyDLL 45// with System set to true, or use LoadLibraryEx directly. 46func LoadDLL(name string) (dll *DLL, err error) { 47 namep, err := UTF16PtrFromString(name) 48 if err != nil { 49 return nil, err 50 } 51 h, e := syscall_loadlibrary(namep) 52 if e != 0 { 53 return nil, &DLLError{ 54 Err: e, 55 ObjName: name, 56 Msg: "Failed to load " + name + ": " + e.Error(), 57 } 58 } 59 d := &DLL{ 60 Name: name, 61 Handle: h, 62 } 63 return d, nil 64} 65 66// MustLoadDLL is like LoadDLL but panics if load operation failes. 67func MustLoadDLL(name string) *DLL { 68 d, e := LoadDLL(name) 69 if e != nil { 70 panic(e) 71 } 72 return d 73} 74 75// FindProc searches DLL d for procedure named name and returns *Proc 76// if found. It returns an error if search fails. 77func (d *DLL) FindProc(name string) (proc *Proc, err error) { 78 namep, err := BytePtrFromString(name) 79 if err != nil { 80 return nil, err 81 } 82 a, e := syscall_getprocaddress(d.Handle, namep) 83 if e != 0 { 84 return nil, &DLLError{ 85 Err: e, 86 ObjName: name, 87 Msg: "Failed to find " + name + " procedure in " + d.Name + ": " + e.Error(), 88 } 89 } 90 p := &Proc{ 91 Dll: d, 92 Name: name, 93 addr: a, 94 } 95 return p, nil 96} 97 98// MustFindProc is like FindProc but panics if search fails. 99func (d *DLL) MustFindProc(name string) *Proc { 100 p, e := d.FindProc(name) 101 if e != nil { 102 panic(e) 103 } 104 return p 105} 106 107// FindProcByOrdinal searches DLL d for procedure by ordinal and returns *Proc 108// if found. It returns an error if search fails. 109func (d *DLL) FindProcByOrdinal(ordinal uintptr) (proc *Proc, err error) { 110 a, e := GetProcAddressByOrdinal(d.Handle, ordinal) 111 name := "#" + itoa(int(ordinal)) 112 if e != nil { 113 return nil, &DLLError{ 114 Err: e, 115 ObjName: name, 116 Msg: "Failed to find " + name + " procedure in " + d.Name + ": " + e.Error(), 117 } 118 } 119 p := &Proc{ 120 Dll: d, 121 Name: name, 122 addr: a, 123 } 124 return p, nil 125} 126 127// MustFindProcByOrdinal is like FindProcByOrdinal but panics if search fails. 128func (d *DLL) MustFindProcByOrdinal(ordinal uintptr) *Proc { 129 p, e := d.FindProcByOrdinal(ordinal) 130 if e != nil { 131 panic(e) 132 } 133 return p 134} 135 136// Release unloads DLL d from memory. 137func (d *DLL) Release() (err error) { 138 return FreeLibrary(d.Handle) 139} 140 141// A Proc implements access to a procedure inside a DLL. 142type Proc struct { 143 Dll *DLL 144 Name string 145 addr uintptr 146} 147 148// Addr returns the address of the procedure represented by p. 149// The return value can be passed to Syscall to run the procedure. 150func (p *Proc) Addr() uintptr { 151 return p.addr 152} 153 154//go:uintptrescapes 155 156// Call executes procedure p with arguments a. It will panic, if more than 15 arguments 157// are supplied. 158// 159// The returned error is always non-nil, constructed from the result of GetLastError. 160// Callers must inspect the primary return value to decide whether an error occurred 161// (according to the semantics of the specific function being called) before consulting 162// the error. The error will be guaranteed to contain windows.Errno. 163func (p *Proc) Call(a ...uintptr) (r1, r2 uintptr, lastErr error) { 164 switch len(a) { 165 case 0: 166 return syscall.Syscall(p.Addr(), uintptr(len(a)), 0, 0, 0) 167 case 1: 168 return syscall.Syscall(p.Addr(), uintptr(len(a)), a[0], 0, 0) 169 case 2: 170 return syscall.Syscall(p.Addr(), uintptr(len(a)), a[0], a[1], 0) 171 case 3: 172 return syscall.Syscall(p.Addr(), uintptr(len(a)), a[0], a[1], a[2]) 173 case 4: 174 return syscall.Syscall6(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], 0, 0) 175 case 5: 176 return syscall.Syscall6(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], 0) 177 case 6: 178 return syscall.Syscall6(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5]) 179 case 7: 180 return syscall.Syscall9(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], 0, 0) 181 case 8: 182 return syscall.Syscall9(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], 0) 183 case 9: 184 return syscall.Syscall9(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8]) 185 case 10: 186 return syscall.Syscall12(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], 0, 0) 187 case 11: 188 return syscall.Syscall12(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], 0) 189 case 12: 190 return syscall.Syscall12(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11]) 191 case 13: 192 return syscall.Syscall15(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], 0, 0) 193 case 14: 194 return syscall.Syscall15(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], a[13], 0) 195 case 15: 196 return syscall.Syscall15(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], a[13], a[14]) 197 default: 198 panic("Call " + p.Name + " with too many arguments " + itoa(len(a)) + ".") 199 } 200} 201 202// A LazyDLL implements access to a single DLL. 203// It will delay the load of the DLL until the first 204// call to its Handle method or to one of its 205// LazyProc's Addr method. 206type LazyDLL struct { 207 Name string 208 209 // System determines whether the DLL must be loaded from the 210 // Windows System directory, bypassing the normal DLL search 211 // path. 212 System bool 213 214 mu sync.Mutex 215 dll *DLL // non nil once DLL is loaded 216} 217 218// Load loads DLL file d.Name into memory. It returns an error if fails. 219// Load will not try to load DLL, if it is already loaded into memory. 220func (d *LazyDLL) Load() error { 221 // Non-racy version of: 222 // if d.dll != nil { 223 if atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(&d.dll))) != nil { 224 return nil 225 } 226 d.mu.Lock() 227 defer d.mu.Unlock() 228 if d.dll != nil { 229 return nil 230 } 231 232 // kernel32.dll is special, since it's where LoadLibraryEx comes from. 233 // The kernel already special-cases its name, so it's always 234 // loaded from system32. 235 var dll *DLL 236 var err error 237 if d.Name == "kernel32.dll" { 238 dll, err = LoadDLL(d.Name) 239 } else { 240 dll, err = loadLibraryEx(d.Name, d.System) 241 } 242 if err != nil { 243 return err 244 } 245 246 // Non-racy version of: 247 // d.dll = dll 248 atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(&d.dll)), unsafe.Pointer(dll)) 249 return nil 250} 251 252// mustLoad is like Load but panics if search fails. 253func (d *LazyDLL) mustLoad() { 254 e := d.Load() 255 if e != nil { 256 panic(e) 257 } 258} 259 260// Handle returns d's module handle. 261func (d *LazyDLL) Handle() uintptr { 262 d.mustLoad() 263 return uintptr(d.dll.Handle) 264} 265 266// NewProc returns a LazyProc for accessing the named procedure in the DLL d. 267func (d *LazyDLL) NewProc(name string) *LazyProc { 268 return &LazyProc{l: d, Name: name} 269} 270 271// NewLazyDLL creates new LazyDLL associated with DLL file. 272func NewLazyDLL(name string) *LazyDLL { 273 return &LazyDLL{Name: name} 274} 275 276// NewLazySystemDLL is like NewLazyDLL, but will only 277// search Windows System directory for the DLL if name is 278// a base name (like "advapi32.dll"). 279func NewLazySystemDLL(name string) *LazyDLL { 280 return &LazyDLL{Name: name, System: true} 281} 282 283// A LazyProc implements access to a procedure inside a LazyDLL. 284// It delays the lookup until the Addr method is called. 285type LazyProc struct { 286 Name string 287 288 mu sync.Mutex 289 l *LazyDLL 290 proc *Proc 291} 292 293// Find searches DLL for procedure named p.Name. It returns 294// an error if search fails. Find will not search procedure, 295// if it is already found and loaded into memory. 296func (p *LazyProc) Find() error { 297 // Non-racy version of: 298 // if p.proc == nil { 299 if atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(&p.proc))) == nil { 300 p.mu.Lock() 301 defer p.mu.Unlock() 302 if p.proc == nil { 303 e := p.l.Load() 304 if e != nil { 305 return e 306 } 307 proc, e := p.l.dll.FindProc(p.Name) 308 if e != nil { 309 return e 310 } 311 // Non-racy version of: 312 // p.proc = proc 313 atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(&p.proc)), unsafe.Pointer(proc)) 314 } 315 } 316 return nil 317} 318 319// mustFind is like Find but panics if search fails. 320func (p *LazyProc) mustFind() { 321 e := p.Find() 322 if e != nil { 323 panic(e) 324 } 325} 326 327// Addr returns the address of the procedure represented by p. 328// The return value can be passed to Syscall to run the procedure. 329// It will panic if the procedure cannot be found. 330func (p *LazyProc) Addr() uintptr { 331 p.mustFind() 332 return p.proc.Addr() 333} 334 335//go:uintptrescapes 336 337// Call executes procedure p with arguments a. It will panic, if more than 15 arguments 338// are supplied. It will also panic if the procedure cannot be found. 339// 340// The returned error is always non-nil, constructed from the result of GetLastError. 341// Callers must inspect the primary return value to decide whether an error occurred 342// (according to the semantics of the specific function being called) before consulting 343// the error. The error will be guaranteed to contain windows.Errno. 344func (p *LazyProc) Call(a ...uintptr) (r1, r2 uintptr, lastErr error) { 345 p.mustFind() 346 return p.proc.Call(a...) 347} 348 349var canDoSearchSystem32Once struct { 350 sync.Once 351 v bool 352} 353 354func initCanDoSearchSystem32() { 355 // https://msdn.microsoft.com/en-us/library/ms684179(v=vs.85).aspx says: 356 // "Windows 7, Windows Server 2008 R2, Windows Vista, and Windows 357 // Server 2008: The LOAD_LIBRARY_SEARCH_* flags are available on 358 // systems that have KB2533623 installed. To determine whether the 359 // flags are available, use GetProcAddress to get the address of the 360 // AddDllDirectory, RemoveDllDirectory, or SetDefaultDllDirectories 361 // function. If GetProcAddress succeeds, the LOAD_LIBRARY_SEARCH_* 362 // flags can be used with LoadLibraryEx." 363 canDoSearchSystem32Once.v = (modkernel32.NewProc("AddDllDirectory").Find() == nil) 364} 365 366func canDoSearchSystem32() bool { 367 canDoSearchSystem32Once.Do(initCanDoSearchSystem32) 368 return canDoSearchSystem32Once.v 369} 370 371func isBaseName(name string) bool { 372 for _, c := range name { 373 if c == ':' || c == '/' || c == '\\' { 374 return false 375 } 376 } 377 return true 378} 379 380// loadLibraryEx wraps the Windows LoadLibraryEx function. 381// 382// See https://msdn.microsoft.com/en-us/library/windows/desktop/ms684179(v=vs.85).aspx 383// 384// If name is not an absolute path, LoadLibraryEx searches for the DLL 385// in a variety of automatic locations unless constrained by flags. 386// See: https://msdn.microsoft.com/en-us/library/ff919712%28VS.85%29.aspx 387func loadLibraryEx(name string, system bool) (*DLL, error) { 388 loadDLL := name 389 var flags uintptr 390 if system { 391 if canDoSearchSystem32() { 392 const LOAD_LIBRARY_SEARCH_SYSTEM32 = 0x00000800 393 flags = LOAD_LIBRARY_SEARCH_SYSTEM32 394 } else if isBaseName(name) { 395 // WindowsXP or unpatched Windows machine 396 // trying to load "foo.dll" out of the system 397 // folder, but LoadLibraryEx doesn't support 398 // that yet on their system, so emulate it. 399 systemdir, err := GetSystemDirectory() 400 if err != nil { 401 return nil, err 402 } 403 loadDLL = systemdir + "\\" + name 404 } 405 } 406 h, err := LoadLibraryEx(loadDLL, 0, flags) 407 if err != nil { 408 return nil, err 409 } 410 return &DLL{Name: name, Handle: h}, nil 411} 412 413type errString string 414 415func (s errString) Error() string { return string(s) } 416