aaaddress1/gist:b19b5b0bfc5235d8d9499eef79dd7b84

## gistfile1.txt
__int64 __fastcall LdrpInitialize(PCONTEXT threadCtx, IMAGE_DOS_HEADER *peImgToFix)
{
  // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]

  currTeb = NtCurrentTeb();
  while ( 1 )
  {
    loadStep = (unsigned int)_InterlockedCompareExchange(&LdrpProcessInitialized, 1, 0);
    if ( (_DWORD)loadStep == 1 && (currTeb->SameTebFlags & 0x2000) == 0 )
      goto done;
    ProcessEnvironmentBlock = currTeb->ProcessEnvironmentBlock;
    if ( !(_DWORD)loadStep )
      break;
    error = 0;
    if ( !ProcessEnvironmentBlock->InheritedAddressSpace )
      goto forkTask;
    LdrpInitCompleteEvent = 0i64;
    if ( _InterlockedCompareExchange(&LdrpProcessInitialized, 1, 2) == 2 )
    {
      if ( ProcessEnvironmentBlock->InheritedAddressSpace )
      {
        currPeb = NtCurrentPeb();
        LdrpForkActiveLock = 0i64;
        LdrpForkConditionVariable = 0i64;
        currPeb->InheritedAddressSpace = 0;
        if ( currPeb->BeingDebugged )
          LdrpDoDebuggerBreak();
      }
      loadStep = LdrpInitializationComplete(&LdrpProcessInitialized, &LdrpInitCompleteEvent, 5252i64);
      error = 0;
forkTask:
      if ( (currTeb->SameTebFlags & 0x40) == 0 )
      {
        if ( LdrpForkInProgress )
        {
          RtlAcquireSRWLockShared(&LdrpForkActiveLock);
          while ( LdrpForkInProgress )
            RtlSleepConditionVariableSRW(&LdrpForkConditionVariable, &LdrpForkActiveLock, 0i64, 1i64);
          RtlReleaseSRWLockShared(&LdrpForkActiveLock);
        }
        if ( UseWOW64 )
          g_LdrpWow64LdrpInitialize(threadCtx);
        loadStep = LdrpInitializeThread(threadCtx);
      }
      goto fatalError;
    }
done:
    LdrpWaitForInitializationComplete(&LdrpProcessInitialized, &LdrpInitCompleteEvent);
  }
  ZwCreateEvent(&LdrpInitCompleteEvent, 0x1F0003i64, 0i64, 0i64, 0);
  currTeb->SameTebFlags |= 0x20u;
  ProcessEnvironmentBlock->LoaderLock = (_RTL_CRITICAL_SECTION *)&LdrpLoaderLock;
  LdrInitState = 0;
  _interlockedbittestandset((volatile signed __int32 *)&ProcessEnvironmentBlock->80, 1u);
  qword_18018F2C0 = (__int64)&RtlpDynamicFunctionTable;
  RtlpDynamicFunctionTable = (__int64)&RtlpDynamicFunctionTable;
  RtlpDynamicFunctionTableLock = 0i64;
  RtlpDynamicFunctionTableTreeMin = 0i64;
  RtlpDynamicFunctionTableTreeMax = 0i64;
  RtlpDynamicCallbackTableTreeMin = 0i64;
  RtlpDynamicCallbackTableTreeMax = 0i64;
  v7 = LdrInitializeMrdata();
  error = v7;
  if ( v7 >= 0 )
  {
    v8 = LdrpDetourExist;
    if ( LdrpIsSecureProcess )
      v8 = 1;
    LdrpDetourExist = v8;
    v9 = LdrpInitializeProcess(threadCtx, peImgToFix);
    error = v9;
    v11 = v9;
    if ( v9 >= 0 )
    {
      LdrpLogDllState(*(_QWORD *)(LdrpImageEntry + 48), LdrpImageEntry + 72, 5294i64);
      if ( ProcessEnvironmentBlock->MinimumStackCommit )
        v11 = LdrpTouchThreadStack();
      LdrInitState = 3;
      _interlockedbittestandreset((volatile signed __int32 *)&ProcessEnvironmentBlock->80, 1u);
      loadStep = RtlInitializeHeapGC(LdrpThreadPool);
      error = v11;
      if ( v11 >= 0 && (!UseWOW64 || LdrpProcessInitialized == 1) )
        loadStep = LdrpInitializationComplete(&LdrpProcessInitialized, &LdrpInitCompleteEvent, 5252i64);
    }
    else
    {
      loadStep = LdrpLogInternal(
                   (unsigned int)"minkernel\\ntdll\\ldrinit.c",
                   2289,
                   (unsigned int)"_LdrpInitialize",
                   0,
                   "Process initialization failed with status 0x%08lx\n",
                   v9);
    }
  }
  else
  {
    loadStep = LdrpLogInternal(
                 (unsigned int)"minkernel\\ntdll\\ldrinit.c",
                 2265,
                 (unsigned int)"_LdrpInitialize",
                 0,
                 "LDR:MRDATA: Process initialization failed with status 0x%08lx\n",
                 v7);
  }
fatalError:
  if ( (error & 0x80000000) != 0 )
  {
    LdrpInitializationFailure(error);
    ZwTerminateProcess(-1i64, error);
    RtlRaiseStatus(error);
    JUMPOUT(0x1800CD937i64);
  }
  if ( (currTeb->SameTebFlags & 0x2000) == 0 )
    return ZwTestAlert();
  return loadStep;
}
	__int64 __fastcall LdrpInitialize(PCONTEXT threadCtx, IMAGE_DOS_HEADER *peImgToFix)
	{
	// [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND]

	currTeb = NtCurrentTeb();
	while ( 1 )
	{
	loadStep = (unsigned int)_InterlockedCompareExchange(&LdrpProcessInitialized, 1, 0);
	if ( (_DWORD)loadStep == 1 && (currTeb->SameTebFlags & 0x2000) == 0 )
	goto done;
	ProcessEnvironmentBlock = currTeb->ProcessEnvironmentBlock;
	if ( !(_DWORD)loadStep )
	break;
	error = 0;
	if ( !ProcessEnvironmentBlock->InheritedAddressSpace )
	goto forkTask;
	LdrpInitCompleteEvent = 0i64;
	if ( _InterlockedCompareExchange(&LdrpProcessInitialized, 1, 2) == 2 )
	{
	if ( ProcessEnvironmentBlock->InheritedAddressSpace )
	{
	currPeb = NtCurrentPeb();
	LdrpForkActiveLock = 0i64;
	LdrpForkConditionVariable = 0i64;
	currPeb->InheritedAddressSpace = 0;
	if ( currPeb->BeingDebugged )
	LdrpDoDebuggerBreak();
	}
	loadStep = LdrpInitializationComplete(&LdrpProcessInitialized, &LdrpInitCompleteEvent, 5252i64);
	error = 0;
	forkTask:
	if ( (currTeb->SameTebFlags & 0x40) == 0 )
	{
	if ( LdrpForkInProgress )
	{
	RtlAcquireSRWLockShared(&LdrpForkActiveLock);
	while ( LdrpForkInProgress )
	RtlSleepConditionVariableSRW(&LdrpForkConditionVariable, &LdrpForkActiveLock, 0i64, 1i64);
	RtlReleaseSRWLockShared(&LdrpForkActiveLock);
	}
	if ( UseWOW64 )
	g_LdrpWow64LdrpInitialize(threadCtx);
	loadStep = LdrpInitializeThread(threadCtx);
	}
	goto fatalError;
	}
	done:
	LdrpWaitForInitializationComplete(&LdrpProcessInitialized, &LdrpInitCompleteEvent);
	}
	ZwCreateEvent(&LdrpInitCompleteEvent, 0x1F0003i64, 0i64, 0i64, 0);
	currTeb->SameTebFlags \|= 0x20u;
	ProcessEnvironmentBlock->LoaderLock = (_RTL_CRITICAL_SECTION *)&LdrpLoaderLock;
	LdrInitState = 0;
	_interlockedbittestandset((volatile signed __int32 *)&ProcessEnvironmentBlock->80, 1u);
	qword_18018F2C0 = (__int64)&RtlpDynamicFunctionTable;
	RtlpDynamicFunctionTable = (__int64)&RtlpDynamicFunctionTable;
	RtlpDynamicFunctionTableLock = 0i64;
	RtlpDynamicFunctionTableTreeMin = 0i64;
	RtlpDynamicFunctionTableTreeMax = 0i64;
	RtlpDynamicCallbackTableTreeMin = 0i64;
	RtlpDynamicCallbackTableTreeMax = 0i64;
	v7 = LdrInitializeMrdata();
	error = v7;
	if ( v7 >= 0 )
	{
	v8 = LdrpDetourExist;
	if ( LdrpIsSecureProcess )
	v8 = 1;
	LdrpDetourExist = v8;
	v9 = LdrpInitializeProcess(threadCtx, peImgToFix);
	error = v9;
	v11 = v9;
	if ( v9 >= 0 )
	{
	LdrpLogDllState((_QWORD )(LdrpImageEntry + 48), LdrpImageEntry + 72, 5294i64);
	if ( ProcessEnvironmentBlock->MinimumStackCommit )
	v11 = LdrpTouchThreadStack();
	LdrInitState = 3;
	_interlockedbittestandreset((volatile signed __int32 *)&ProcessEnvironmentBlock->80, 1u);
	loadStep = RtlInitializeHeapGC(LdrpThreadPool);
	error = v11;
	if ( v11 >= 0 && (!UseWOW64 \|\| LdrpProcessInitialized == 1) )
	loadStep = LdrpInitializationComplete(&LdrpProcessInitialized, &LdrpInitCompleteEvent, 5252i64);
	}
	else
	{
	loadStep = LdrpLogInternal(
	(unsigned int)"minkernel\\ntdll\\ldrinit.c",
	2289,
	(unsigned int)"_LdrpInitialize",
	0,
	"Process initialization failed with status 0x%08lx\n",
	v9);
	}
	}
	else
	{
	loadStep = LdrpLogInternal(
	(unsigned int)"minkernel\\ntdll\\ldrinit.c",
	2265,
	(unsigned int)"_LdrpInitialize",
	0,
	"LDR:MRDATA: Process initialization failed with status 0x%08lx\n",
	v7);
	}
	fatalError:
	if ( (error & 0x80000000) != 0 )
	{
	LdrpInitializationFailure(error);
	ZwTerminateProcess(-1i64, error);
	RtlRaiseStatus(error);
	JUMPOUT(0x1800CD937i64);
	}
	if ( (currTeb->SameTebFlags & 0x2000) == 0 )
	return ZwTestAlert();
	return loadStep;
	}