Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Dynamorio on Windows - Determining if Loader Lock is held from drwrap context

50 views
Skip to first unread message

Jack Ullrich

unread,
Nov 20, 2024, 2:16:34 PM11/20/24
to DynamoRIO Users
Hello all,

I am running a client on Windows. The client subscribes to the module load event and for each loaded module, enumerates the exports and creates a pre_func_cb with dr_wrap for every exported function.

One of the pieces of information I would like to be able to collect from the exported functions that are called, is whether or not the loader lock was held at the time of execution.

I have made an attempt to determine whether the loader lock is held from the pre_func_cb.


My code is as follows (called from the pref_func_cb):

static bool is_loader_lock_held() { constexpr ULONG NoWait = 0x2; constexpr ULONG AcquiredLock = 0x1; constexpr ULONG RaiseException = 0x1; ULONG state{ 0 }; ULONG_PTR cookie{ 0 }; if (LdrLockLoaderLock(NoWait, &state, &cookie) < 0L) { // Function failed, unknown state return false; } if (state == AcquiredLock) { // // We were able to acquire the lock // Meaning no other thread had it LdrUnlockLoaderLock(RaiseException, cookie); return false; } return true; }

However, this yielded inaccurate results.
For example: exported functions called from DllMain are determined to have been able to acquire the loader lock.

Any suggestions (or course corrections) would be much appreciated!

Derek Bruening

unread,
Nov 22, 2024, 12:15:29 PM11/22/24
to ma...@jackullri.ch, DynamoRIO Users
Critical sections on Windows allow recursive access so trying to acquire will not tell you whether you yourself already own it.  DR looks at the OwningThread field of the LoaderLock itself to see whether it is owned: https://github.com/DynamoRIO/dynamorio/blob/master/core/win32/module.c#L1142

--
You received this message because you are subscribed to the Google Groups "DynamoRIO Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dynamorio-use...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/dynamorio-users/01fb99fe-56d7-48f4-ae44-07242d5e3499n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages