Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(174)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/sandbox_poc/pocdll/handles.cc

Issue 1168002: Fix the POC and some of unit tests to be build and... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 10 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/sandbox_poc/main_ui_window.cc ('k') | sandbox/sandbox_poc/sandbox.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/sandbox_poc/pocdll/exports.h" 5 #include "sandbox/sandbox_poc/pocdll/exports.h"
6 #include "sandbox/sandbox_poc/pocdll/utils.h" 6 #include "sandbox/sandbox_poc/pocdll/utils.h"
7 #include "sandbox/tools/finder/ntundoc.h" 7 #include "sandbox/tools/finder/ntundoc.h"
8 8
9 // This file contains the tests used to verify the security of handles in 9 // This file contains the tests used to verify the security of handles in
10 // the process 10 // the process
11 11
12 NTQUERYOBJECT NtQueryObject; 12 NTQUERYOBJECT NtQueryObject;
13 NTQUERYINFORMATIONFILE NtQueryInformationFile; 13 NTQUERYINFORMATIONFILE NtQueryInformationFile;
14 NTQUERYSYSTEMINFORMATION NtQuerySystemInformation; 14 NTQUERYSYSTEMINFORMATION NtQuerySystemInformation;
15 15
16 void POCDLL_API TestGetHandle(HANDLE log) { 16 void POCDLL_API TestGetHandle(HANDLE log) {
17 HandleToFile handle2file; 17 HandleToFile handle2file;
18 FILE *output = handle2file.Translate(log, "w"); 18 FILE *output = handle2file.Translate(log, "w");
19 19
20 // Initialize the NTAPI functions we need 20 // Initialize the NTAPI functions we need
21 HMODULE ntdll_handle = ::LoadLibraryA("ntdll.dll"); 21 HMODULE ntdll_handle = ::GetModuleHandle(L"ntdll.dll");
22 if (!ntdll_handle) { 22 if (!ntdll_handle) {
23 fprintf(output, "[ERROR] Cannot load ntdll.dll. Error %d\r\n", 23 fprintf(output, "[ERROR] Cannot load ntdll.dll. Error %d\r\n",
24 ::GetLastError()); 24 ::GetLastError());
25 return; 25 return;
26 } 26 }
27 27
28 NtQueryObject = reinterpret_cast<NTQUERYOBJECT>( 28 NtQueryObject = reinterpret_cast<NTQUERYOBJECT>(
29 GetProcAddress(ntdll_handle, "NtQueryObject")); 29 GetProcAddress(ntdll_handle, "NtQueryObject"));
30 NtQueryInformationFile = reinterpret_cast<NTQUERYINFORMATIONFILE>( 30 NtQueryInformationFile = reinterpret_cast<NTQUERYINFORMATIONFILE>(
31 GetProcAddress(ntdll_handle, "NtQueryInformationFile")); 31 GetProcAddress(ntdll_handle, "NtQueryInformationFile"));
32 NtQuerySystemInformation = reinterpret_cast<NTQUERYSYSTEMINFORMATION>( 32 NtQuerySystemInformation = reinterpret_cast<NTQUERYSYSTEMINFORMATION>(
33 GetProcAddress(ntdll_handle, "NtQuerySystemInformation")); 33 GetProcAddress(ntdll_handle, "NtQuerySystemInformation"));
34 34
35 if (!NtQueryObject || !NtQueryInformationFile || !NtQuerySystemInformation) { 35 if (!NtQueryObject || !NtQueryInformationFile || !NtQuerySystemInformation) {
36 fprintf(output, "[ERROR] Cannot load all NT functions. Error %d\r\n", 36 fprintf(output, "[ERROR] Cannot load all NT functions. Error %d\r\n",
37 ::GetLastError()); 37 ::GetLastError());
38 ::FreeLibrary(ntdll_handle);
39 return; 38 return;
40 } 39 }
41 40
42 // Get the number of handles on the system 41 // Get the number of handles on the system
43 DWORD buffer_size = 0; 42 DWORD buffer_size = 0;
44 SYSTEM_HANDLE_INFORMATION_EX temp_info; 43 SYSTEM_HANDLE_INFORMATION_EX temp_info;
45 NTSTATUS status = NtQuerySystemInformation( 44 NTSTATUS status = NtQuerySystemInformation(
46 SystemHandleInformation, &temp_info, sizeof(temp_info), 45 SystemHandleInformation, &temp_info, sizeof(temp_info),
47 &buffer_size); 46 &buffer_size);
48 if (!buffer_size) { 47 if (!buffer_size) {
49 fprintf(output, "[ERROR] Get the number of handles. Error 0x%X\r\n", 48 fprintf(output, "[ERROR] Get the number of handles. Error 0x%X\r\n",
50 status); 49 status);
51 ::FreeLibrary(ntdll_handle);
52 return; 50 return;
53 } 51 }
54 52
55 SYSTEM_HANDLE_INFORMATION_EX *system_handles = 53 SYSTEM_HANDLE_INFORMATION_EX *system_handles =
56 reinterpret_cast<SYSTEM_HANDLE_INFORMATION_EX*>(new BYTE[buffer_size]); 54 reinterpret_cast<SYSTEM_HANDLE_INFORMATION_EX*>(new BYTE[buffer_size]);
57 55
58 status = NtQuerySystemInformation(SystemHandleInformation, system_handles, 56 status = NtQuerySystemInformation(SystemHandleInformation, system_handles,
59 buffer_size, &buffer_size); 57 buffer_size, &buffer_size);
60 if (STATUS_SUCCESS != status) { 58 if (STATUS_SUCCESS != status) {
61 fprintf(output, "[ERROR] Failed to get the handle list. Error 0x%X\r\n", 59 fprintf(output, "[ERROR] Failed to get the handle list. Error 0x%X\r\n",
62 status); 60 status);
63 ::FreeLibrary(ntdll_handle);
64 delete [] system_handles; 61 delete [] system_handles;
65 return; 62 return;
66 } 63 }
67 64
68 for (unsigned int i = 0; i < system_handles->NumberOfHandles; ++i) { 65 for (ULONG i = 0; i < system_handles->NumberOfHandles; ++i) {
69 USHORT h = system_handles->Information[i].Handle; 66 USHORT h = system_handles->Information[i].Handle;
70 if (system_handles->Information[i].ProcessId != ::GetCurrentProcessId()) 67 if (system_handles->Information[i].ProcessId != ::GetCurrentProcessId())
71 continue; 68 continue;
72 69
73 OBJECT_NAME_INFORMATION *name = NULL; 70 OBJECT_NAME_INFORMATION *name = NULL;
74 ULONG name_size = 0; 71 ULONG name_size = 0;
75 // Query the name information a first time to get the size of the name. 72 // Query the name information a first time to get the size of the name.
76 status = NtQueryObject(reinterpret_cast<HANDLE>(h), 73 status = NtQueryObject(reinterpret_cast<HANDLE>(h),
77 ObjectNameInformation, 74 ObjectNameInformation,
78 name, 75 name,
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
115 112
116 // NtQueryObject cannot return the name for a file. In this case we 113 // NtQueryObject cannot return the name for a file. In this case we
117 // need to ask NtQueryInformationFile 114 // need to ask NtQueryInformationFile
118 FILE_NAME_INFORMATION *file_name = NULL; 115 FILE_NAME_INFORMATION *file_name = NULL;
119 if (type && wcsncmp(L"File", type->TypeName.Buffer, 116 if (type && wcsncmp(L"File", type->TypeName.Buffer,
120 (type->TypeName.Length / 117 (type->TypeName.Length /
121 sizeof(type->TypeName.Buffer[0]))) == 0) { 118 sizeof(type->TypeName.Buffer[0]))) == 0) {
122 // This function does not return the size of the buffer. We need to 119 // This function does not return the size of the buffer. We need to
123 // iterate and always increase the buffer size until the function 120 // iterate and always increase the buffer size until the function
124 // succeeds. (Or at least does not fail with STATUS_BUFFER_OVERFLOW) 121 // succeeds. (Or at least does not fail with STATUS_BUFFER_OVERFLOW)
125 DWORD size_file = MAX_PATH; 122 ULONG size_file = MAX_PATH;
126 IO_STATUS_BLOCK status_block; 123 IO_STATUS_BLOCK status_block = {0};
127 do { 124 do {
128 // Delete the previous buffer create. The buffer was too small 125 // Delete the previous buffer create. The buffer was too small
129 if (file_name) { 126 if (file_name) {
130 delete[] reinterpret_cast<BYTE*>(file_name); 127 delete[] reinterpret_cast<BYTE*>(file_name);
131 file_name = NULL; 128 file_name = NULL;
132 } 129 }
133 130
134 // Increase the buffer and do the call agan 131 // Increase the buffer and do the call agan
135 size_file += MAX_PATH; 132 size_file += MAX_PATH;
136 file_name = reinterpret_cast<FILE_NAME_INFORMATION *>( 133 file_name = reinterpret_cast<FILE_NAME_INFORMATION *>(
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
179 } 176 }
180 177
181 if (name) { 178 if (name) {
182 delete [] name; 179 delete [] name;
183 } 180 }
184 } 181 }
185 182
186 if (system_handles) { 183 if (system_handles) {
187 delete [] system_handles; 184 delete [] system_handles;
188 } 185 }
189
190 ::FreeLibrary(ntdll_handle);
191 } 186 }
OLDNEW
« no previous file with comments | « sandbox/sandbox_poc/main_ui_window.cc ('k') | sandbox/sandbox_poc/sandbox.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698