diff --git a/kphlib/kphdyn.c b/kphlib/kphdyn.c
index 7ff1b4b2bdb5..a7f11e1b0d01 100644
--- a/kphlib/kphdyn.c
+++ b/kphlib/kphdyn.c
@@ -79,7 +79,7 @@ CONST BYTE KphDynConfig[] =
0x79, 0x20, 0x8c, 0xcb, 0xa3, 0xe3, 0x53, 0x4e,
0x8b, 0x2e, 0xc1, 0x9c, 0x0a, 0x53, 0x1a, 0x14,
0x65, 0x71, 0xc4, 0x66, 0x4a, 0x82, 0x8a, 0xf3,
- 0x67, 0x50, 0xfa, 0xb7, 0x3a, 0x25, 0x61, 0x13,
+ 0x67, 0x50, 0xfa, 0xb7, 0x3a, 0x25, 0x61, 0x1f,
0x07, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0x1a,
0x3c, 0x9f, 0x55, 0x00, 0x20, 0x85, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0x7c,
@@ -502,6 +502,8 @@ CONST BYTE KphDynConfig[] =
0x6f, 0xac, 0x66, 0x00, 0xf0, 0x81, 0x00, 0xba,
0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0x43,
0xd3, 0xba, 0x66, 0x00, 0xf0, 0x81, 0x00, 0xba,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0xc7,
+ 0x01, 0xf6, 0x66, 0x00, 0xf0, 0x81, 0x00, 0xba,
0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0x4c,
0xba, 0xcc, 0x58, 0x00, 0x90, 0x88, 0x00, 0x7c,
0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0x7d,
@@ -1912,6 +1914,10 @@ CONST BYTE KphDynConfig[] =
0x46, 0x4f, 0x2a, 0x00, 0x70, 0x04, 0x01, 0x76,
0x02, 0x00, 0x00, 0x01, 0x00, 0x64, 0x86, 0xad,
0x40, 0xc5, 0x4a, 0x00, 0x20, 0x04, 0x01, 0xf2,
+ 0x02, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0xee,
+ 0xd9, 0xba, 0x58, 0x00, 0x70, 0x04, 0x01, 0x76,
+ 0x02, 0x00, 0x00, 0x01, 0x00, 0x64, 0x86, 0x3d,
+ 0x32, 0xba, 0x5c, 0x00, 0x20, 0x04, 0x01, 0xf2,
0x02, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0xf2,
0xf7, 0xe5, 0xc2, 0x00, 0x70, 0x04, 0x01, 0x76,
0x02, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0x07,
@@ -2446,6 +2452,10 @@ CONST BYTE KphDynConfig[] =
0xa9, 0x0f, 0xcb, 0x00, 0xf0, 0x44, 0x01, 0x30,
0x03, 0x00, 0x00, 0x01, 0x00, 0x64, 0x86, 0x2c,
0xa9, 0xfb, 0x1d, 0x00, 0x90, 0x24, 0x01, 0x6e,
+ 0x03, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0xec,
+ 0xac, 0x5a, 0x14, 0x00, 0xf0, 0x44, 0x01, 0x30,
+ 0x03, 0x00, 0x00, 0x01, 0x00, 0x64, 0x86, 0xb3,
+ 0x6f, 0xa3, 0x3e, 0x00, 0x90, 0x24, 0x01, 0x6e,
0x03, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0x63,
0x7d, 0x94, 0x0f, 0x00, 0xe0, 0x44, 0x01, 0x30,
0x03, 0x00, 0x00, 0x01, 0x00, 0x64, 0x86, 0xbc,
@@ -2528,6 +2538,12 @@ CONST BYTE KphDynConfig[] =
0xc7, 0x00, 0x59, 0x00, 0x90, 0x24, 0x01, 0x6e,
0x03, 0x00, 0x00, 0x02, 0x00, 0x64, 0x86, 0x92,
0xe3, 0xf1, 0xbb, 0x00, 0x00, 0x11, 0x00, 0xf8,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0x86, 0x7d,
+ 0xd0, 0x09, 0x42, 0x00, 0xf0, 0x44, 0x01, 0x30,
+ 0x03, 0x00, 0x00, 0x01, 0x00, 0x64, 0x86, 0x16,
+ 0xea, 0xb8, 0x88, 0x00, 0x90, 0x24, 0x01, 0x6e,
+ 0x03, 0x00, 0x00, 0x02, 0x00, 0x64, 0x86, 0x54,
+ 0x18, 0x42, 0x22, 0x00, 0x00, 0x11, 0x00, 0xf8,
0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0x2a,
0x00, 0xf0, 0x59, 0x00, 0xb0, 0x8c, 0x00, 0xac,
0x03, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0x9a,
@@ -3570,6 +3586,8 @@ CONST BYTE KphDynConfig[] =
0x46, 0x4c, 0x17, 0x00, 0xd0, 0x03, 0x01, 0x9c,
0x05, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0xb4,
0x46, 0x4b, 0x2f, 0x00, 0xd0, 0x03, 0x01, 0x9c,
+ 0x05, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0xaa,
+ 0xa5, 0x0d, 0x0f, 0x00, 0xd0, 0x03, 0x01, 0x9c,
0x05, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0xe8,
0xdd, 0xf4, 0xad, 0x00, 0xd0, 0x03, 0x01, 0x9c,
0x05, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0x14,
@@ -3650,6 +3668,8 @@ CONST BYTE KphDynConfig[] =
0xc2, 0x7d, 0xc2, 0x00, 0x90, 0x24, 0x01, 0xda,
0x05, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0x07,
0x7c, 0x31, 0x14, 0x00, 0x90, 0x24, 0x01, 0xda,
+ 0x05, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0xfe,
+ 0xe7, 0x4b, 0x87, 0x00, 0x90, 0x24, 0x01, 0xda,
0x05, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0x74,
0xe6, 0x6b, 0x4b, 0x00, 0x90, 0x24, 0x01, 0xda,
0x05, 0x00, 0x00, 0x02, 0x00, 0x64, 0xaa, 0x27,
@@ -3702,6 +3722,10 @@ CONST BYTE KphDynConfig[] =
0x3c, 0x82, 0xbe, 0x00, 0x90, 0x24, 0x01, 0xda,
0x05, 0x00, 0x00, 0x02, 0x00, 0x64, 0xaa, 0x1a,
0x8e, 0xb9, 0xd2, 0x00, 0xe0, 0x10, 0x00, 0xf8,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0xaa, 0x97,
+ 0x09, 0xda, 0x43, 0x00, 0x90, 0x24, 0x01, 0xda,
+ 0x05, 0x00, 0x00, 0x02, 0x00, 0x64, 0xaa, 0x08,
+ 0xf0, 0x92, 0xf3, 0x00, 0xe0, 0x10, 0x00, 0xf8,
0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x04, 0x20,
0x00, 0x30, 0x00, 0x10, 0x00, 0x28, 0x00, 0x14,
0x00, 0x11, 0x00, 0x10, 0x00, 0x18, 0x00, 0x00,
diff --git a/kphlib/kphdyn.xml b/kphlib/kphdyn.xml
index 0d47628b31d0..19370768c078 100644
--- a/kphlib/kphdyn.xml
+++ b/kphlib/kphdyn.xml
@@ -218,6 +218,7 @@ THIS IS AN AUTOGENERATED FILE, DO NOT MODIFY
10
10
10
+ 10
2
2
2
@@ -923,6 +924,8 @@ THIS IS AN AUTOGENERATED FILE, DO NOT MODIFY
13
8
13
+ 8
+ 13
8
8
13
@@ -1190,6 +1193,8 @@ THIS IS AN AUTOGENERATED FILE, DO NOT MODIFY
26
25
26
+ 25
+ 26
25
26
14
@@ -1231,6 +1236,9 @@ THIS IS AN AUTOGENERATED FILE, DO NOT MODIFY
25
26
14
+ 25
+ 26
+ 14
15
15
15
@@ -1752,6 +1760,7 @@ THIS IS AN AUTOGENERATED FILE, DO NOT MODIFY
22
22
22
+ 22
22
24
14
@@ -1792,6 +1801,7 @@ THIS IS AN AUTOGENERATED FILE, DO NOT MODIFY
24
24
24
+ 24
24
14
24
@@ -1818,6 +1828,8 @@ THIS IS AN AUTOGENERATED FILE, DO NOT MODIFY
14
24
14
+ 24
+ 14
diff --git a/phlib/native.c b/phlib/native.c
index 37ff64b23b16..f455d381fe29 100644
--- a/phlib/native.c
+++ b/phlib/native.c
@@ -10279,6 +10279,7 @@ typedef struct _ENUM_GENERIC_PROCESS_MODULES_CONTEXT
PVOID Context;
ULONG Type;
ULONG LoadOrderIndex;
+ PPH_HASHTABLE BaseAddressHashtable;
} ENUM_GENERIC_PROCESS_MODULES_CONTEXT, *PENUM_GENERIC_PROCESS_MODULES_CONTEXT;
static BOOLEAN EnumGenericProcessModulesCallback(
@@ -10295,6 +10296,11 @@ static BOOLEAN EnumGenericProcessModulesCallback(
Module->DllBase = (PVOID)(ULONG64_MAX - Context->LoadOrderIndex);
}
+ if (PhFindEntryHashtable(Context->BaseAddressHashtable, &Module->DllBase))
+ return TRUE;
+
+ PhAddEntryHashtable(Context->BaseAddressHashtable, &Module->DllBase);
+
RtlZeroMemory(&moduleInfo, sizeof(PH_MODULE_INFO));
moduleInfo.Type = Context->Type;
moduleInfo.BaseAddress = Module->DllBase;
@@ -10332,7 +10338,8 @@ static BOOLEAN EnumGenericProcessModulesCallback(
VOID PhpRtlModulesToGenericModules(
_In_ PRTL_PROCESS_MODULES Modules,
_In_ PPH_ENUM_GENERIC_MODULES_CALLBACK Callback,
- _In_opt_ PVOID Context
+ _In_opt_ PVOID Context,
+ _In_ PPH_HASHTABLE BaseAddressHashtable
)
{
PRTL_PROCESS_MODULE_INFORMATION module;
@@ -10350,6 +10357,11 @@ VOID PhpRtlModulesToGenericModules(
module->ImageBase = (PVOID)(ULONG64_MAX - i);
}
+ if (PhFindEntryHashtable(BaseAddressHashtable, &module->ImageBase))
+ continue;
+
+ PhAddEntryHashtable(BaseAddressHashtable, &module->ImageBase);
+
RtlZeroMemory(&moduleInfo, sizeof(PH_MODULE_INFO));
if ((ULONG_PTR)module->ImageBase <= PhSystemBasicInformation.MaximumUserModeAddress)
@@ -10398,7 +10410,8 @@ VOID PhpRtlModulesToGenericModules(
VOID PhpRtlModulesExToGenericModules(
_In_ PRTL_PROCESS_MODULE_INFORMATION_EX Modules,
_In_ PPH_ENUM_GENERIC_MODULES_CALLBACK Callback,
- _In_opt_ PVOID Context
+ _In_opt_ PVOID Context,
+ _In_ PPH_HASHTABLE BaseAddressHashtable
)
{
PRTL_PROCESS_MODULE_INFORMATION_EX module = Modules;
@@ -10407,14 +10420,19 @@ VOID PhpRtlModulesExToGenericModules(
while (module->NextOffset != 0)
{
- RtlZeroMemory(&moduleInfo, sizeof(PH_MODULE_INFO));
-
if (WindowsVersion >= WINDOWS_11_24H2 && !module->ImageBase)
{
// Assign pseudo address on 24H2 (dmex)
module->ImageBase = (PVOID)(ULONG64_MAX - module->LoadOrderIndex);
}
+ if (PhFindEntryHashtable(BaseAddressHashtable, &module->ImageBase))
+ continue;
+
+ PhAddEntryHashtable(BaseAddressHashtable, &module->ImageBase);
+
+ RtlZeroMemory(&moduleInfo, sizeof(PH_MODULE_INFO));
+
if ((ULONG_PTR)module->ImageBase <= PhSystemBasicInformation.MaximumUserModeAddress)
moduleInfo.Type = PH_MODULE_TYPE_MODULE;
else
@@ -10502,6 +10520,7 @@ typedef struct _PH_ENUM_MAPPED_MODULES_PARAMETERS
BOOLEAN TrackingAllocationBase;
PVOID LastAllocationBase;
SIZE_T AllocationSize;
+ PPH_HASHTABLE BaseAddressHashtable;
} PH_ENUM_MAPPED_MODULES_PARAMETERS, *PPH_ENUM_MAPPED_MODULES_PARAMETERS;
NTSTATUS NTAPI PhpEnumGenericMappedFilesAndImagesBulk(
@@ -10540,18 +10559,23 @@ NTSTATUS NTAPI PhpEnumGenericMappedFilesAndImagesBulk(
{
Parameters->TrackingAllocationBase = FALSE;
- if (NT_SUCCESS(PhGetProcessMappedFileName(ProcessHandle, Parameters->LastAllocationBase, &fileName)))
+ if (!PhFindEntryHashtable(Parameters->BaseAddressHashtable, &Parameters->LastAllocationBase))
{
- if (!PhpCallbackMappedFileOrImage(
- Parameters->LastAllocationBase,
- Parameters->AllocationSize,
- type,
- fileName,
- Parameters->Callback,
- Parameters->Context
- ))
+ PhAddEntryHashtable(Parameters->BaseAddressHashtable, &Parameters->LastAllocationBase);
+
+ if (NT_SUCCESS(PhGetProcessMappedFileName(ProcessHandle, Parameters->LastAllocationBase, &fileName)))
{
- break;
+ if (!PhpCallbackMappedFileOrImage(
+ Parameters->LastAllocationBase,
+ Parameters->AllocationSize,
+ type,
+ fileName,
+ Parameters->Callback,
+ Parameters->Context
+ ))
+ {
+ break;
+ }
}
}
}
@@ -10569,7 +10593,8 @@ VOID PhpEnumGenericMappedFilesAndImages(
_In_ HANDLE ProcessHandle,
_In_ ULONG Flags,
_In_ PPH_ENUM_GENERIC_MODULES_CALLBACK Callback,
- _In_opt_ PVOID Context
+ _In_opt_ PVOID Context,
+ _In_ PPH_HASHTABLE BaseAddressHashtable
)
{
BOOLEAN querySucceeded;
@@ -10580,6 +10605,7 @@ VOID PhpEnumGenericMappedFilesAndImages(
memset(&enumParameters, 0, sizeof(PH_ENUM_MAPPED_MODULES_PARAMETERS));
enumParameters.Callback = Callback;
enumParameters.Context = Context;
+ enumParameters.BaseAddressHashtable = BaseAddressHashtable;
if (NT_SUCCESS(PhEnumVirtualMemoryBulk(
ProcessHandle,
@@ -10654,6 +10680,9 @@ VOID PhpEnumGenericMappedFilesAndImages(
continue;
}
+ if (PhFindEntryHashtable(BaseAddressHashtable, &allocationBase))
+ continue;
+
if (!NT_SUCCESS(PhGetProcessMappedFileName(
ProcessHandle,
allocationBase,
@@ -10695,6 +10724,21 @@ VOID PhpEnumGenericMappedFilesAndImages(
}
}
+BOOLEAN NTAPI PhpBaseAddressHashtableEqualFunction(
+ _In_ PVOID Entry1,
+ _In_ PVOID Entry2
+ )
+{
+ return *(PVOID*)Entry1 == *(PVOID*)Entry2;
+}
+
+ULONG NTAPI PhpBaseAddressHashtableHashFunction(
+ _In_ PVOID Entry
+ )
+{
+ return PhHashIntPtr((ULONG_PTR)*(PVOID*)Entry);
+}
+
/**
* Enumerates the modules loaded by a process.
*
@@ -10717,6 +10761,14 @@ NTSTATUS PhEnumGenericModules(
)
{
NTSTATUS status;
+ PPH_HASHTABLE baseAddressHashtable;
+
+ baseAddressHashtable = PhCreateHashtable(
+ sizeof(PVOID),
+ PhpBaseAddressHashtableEqualFunction,
+ PhpBaseAddressHashtableHashFunction,
+ 100
+ );
if (ProcessId == SYSTEM_PROCESS_ID)
{
@@ -10731,7 +10783,8 @@ NTSTATUS PhEnumGenericModules(
PhpRtlModulesExToGenericModules(
modules,
Callback,
- Context
+ Context,
+ baseAddressHashtable
);
PhFree(modules);
}
@@ -10744,7 +10797,8 @@ NTSTATUS PhEnumGenericModules(
PhpRtlModulesToGenericModules(
modules,
Callback,
- Context
+ Context,
+ baseAddressHashtable
);
PhFree(modules);
}
@@ -10785,6 +10839,7 @@ NTSTATUS PhEnumGenericModules(
context.Callback = Callback;
context.Context = Context;
context.Type = PH_MODULE_TYPE_MODULE;
+ context.BaseAddressHashtable = baseAddressHashtable;
context.LoadOrderIndex = 0;
parameters.Callback = EnumGenericProcessModulesCallback;
@@ -10805,6 +10860,7 @@ NTSTATUS PhEnumGenericModules(
context.Callback = Callback;
context.Context = Context;
context.Type = PH_MODULE_TYPE_WOW64_MODULE;
+ context.BaseAddressHashtable = baseAddressHashtable;
context.LoadOrderIndex = 0;
status = PhEnumProcessModules32Ex(
@@ -10823,7 +10879,8 @@ NTSTATUS PhEnumGenericModules(
ProcessHandle,
Flags,
Callback,
- Context
+ Context,
+ baseAddressHashtable
);
}
@@ -10833,6 +10890,8 @@ NTSTATUS PhEnumGenericModules(
CleanupExit:
+ PhDereferenceObject(baseAddressHashtable);
+
return status;
}
diff --git a/tools/CustomSetupTool/main.c b/tools/CustomSetupTool/main.c
index 70d8597d85ac..0e7cf55da1b6 100644
--- a/tools/CustomSetupTool/main.c
+++ b/tools/CustomSetupTool/main.c
@@ -244,19 +244,27 @@ VOID SetupSilent(
if (PhGetOwnTokenAttributes().Elevated)
{
+ BOOLEAN start;
+
switch (Context->SetupMode)
{
default:
case SetupCommandInstall:
status = SetupProgressThread(Context);
+ start = TRUE;
break;
case SetupCommandUninstall:
status = SetupUninstallBuild(Context);
+ start = FALSE;
break;
case SetupCommandUpdate:
status = SetupUpdateBuild(Context);
+ start = TRUE;
break;
}
+
+ if (start && NT_SUCCESS(status) && Context->ErrorCode == ERROR_SUCCESS)
+ SetupExecuteApplication(Context);
}
else
{