Add 64-bit support to browser blacklisting

chrome_elf/blacklist/blacklist.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome_elf/blacklist/blacklist.h"
 
 #include <string.h>
 
 #include "base/basictypes.h"
 #include "chrome_elf/blacklist/blacklist_interceptions.h"
@@ skipping 179 matching lines @@
       delete[] g_troublesome_dlls[i];
       g_troublesome_dlls[i] = g_troublesome_dlls[g_troublesome_dlls_cur_index];
       g_troublesome_dlls[g_troublesome_dlls_cur_index] = NULL;
       return true;
     }
   }
   return false;
 }
 
 bool Initialize(bool force) {
-#if defined(_WIN64)
-  // TODO(robertshield): Implement 64-bit support by providing 64-bit
-  //                     interceptors.
-  return false;
-#endif
-
   // Check to see that we found the functions we need in ntdll.
   if (!InitializeInterceptImports())
     return false;
 
   // Check to see if this is a non-browser process, abort if so.
   if (IsNonBrowserProcess())
     return false;
 
   // Check to see if a beacon is present, abort if so.
   if (!force && !CreateBeacon())
     return false;
 
   // Don't try blacklisting on unsupported OS versions.
   OSInfo os_info;
   if (os_info.version() <= VERSION_PRE_XP_SP2)
     return false;
 
   // Pseudo-handle, no need to close.
   HANDLE current_process = ::GetCurrentProcess();
 
   // Tells the resolver to patch already patched functions.
   const bool kRelaxed = true;
 
   // Create a thunk via the appropriate ServiceResolver instance.
   sandbox::ServiceResolverThunk* thunk;
 #if defined(_WIN64)

[robertshield, 2014/01/07 18:30:47]

This looks very similar to the 32-bit code.

Can we remove the contents of the _WIN64 condition and simply surround the
GetWOW64 check below in "#if defined(_WIN64)"?

[csharp, 2014/01/07 20:43:07]

Done.

-  // TODO(robertshield): Use the appropriate thunk for 64-bit support
-  // when said support is implemented.
+  if (os_info.version() >= VERSION_WIN8) {
+    thunk = new sandbox::Win8ResolverThunk(current_process, kRelaxed);
+  } else {
+    thunk = new sandbox::ServiceResolverThunk(current_process, kRelaxed);
+  }
 #else
   if (GetWOW64StatusForCurrentProcess() == WOW64_ENABLED) {
     if (os_info.version() >= VERSION_WIN8)
       thunk = new sandbox::Wow64W8ResolverThunk(current_process, kRelaxed);
     else
       thunk = new sandbox::Wow64ResolverThunk(current_process, kRelaxed);
   } else if (os_info.version() >= VERSION_WIN8) {
     thunk = new sandbox::Win8ResolverThunk(current_process, kRelaxed);
   } else {
     thunk = new sandbox::ServiceResolverThunk(current_process, kRelaxed);
   }
 #endif
 
   BYTE* thunk_storage = reinterpret_cast<BYTE*>(&g_thunk_storage);
 
   // Mark the thunk storage as readable and writeable, since we
   // ready to write to it.
   DWORD old_protect = 0;
   if (!VirtualProtect(&g_thunk_storage,
                       sizeof(g_thunk_storage),
                       PAGE_EXECUTE_READWRITE,
                       &old_protect))
     return false;
 
   thunk->AllowLocalPatches();
 
-  // Get ntdll base, target name, interceptor address,
+  // Replace the default NtMapViewOfSection with our patched version.
+#if defined(_WIN64)
+  NTSTATUS ret = thunk->Setup(::GetModuleHandle(sandbox::kNtdllName),
+                              reinterpret_cast<void*>(&__ImageBase),
+                              "NtMapViewOfSection",
+                              NULL,
+                              &blacklist::BlNtMapViewOfSection64,
+                              thunk_storage,
+                              sizeof(sandbox::ThunkData),
+                              NULL);
+
+  // Keep a pointer to the original code, we don't have enough space to
+  // add it directly to the call.
+  g_nt_map_view_of_section_func = reinterpret_cast<NtMapViewOfSectionFunction>(
+      thunk_storage);
+
+  // Ensure that the pointer to the old function can't be changed.
+  VirtualProtect(&g_nt_map_view_of_section_func,

[robertshield, 2014/01/07 18:30:47]

consider using the result of this as part of the Initialize function's return
value (similar to |page_executable| below).

[csharp, 2014/01/07 20:43:07]

Done.

+                 sizeof(g_nt_map_view_of_section_func),
+                 PAGE_EXECUTE_READ,
+                 &old_protect);
+#else
   NTSTATUS ret = thunk->Setup(::GetModuleHandle(sandbox::kNtdllName),
                               reinterpret_cast<void*>(&__ImageBase),
                               "NtMapViewOfSection",
                               NULL,
                               &blacklist::BlNtMapViewOfSection,
                               thunk_storage,
                               sizeof(sandbox::ThunkData),
                               NULL);
-
+#endif
   delete thunk;
 
   // Mark the thunk storage as executable and prevent any future writes to it.
   BOOL page_executable = VirtualProtect(&g_thunk_storage,
                                         sizeof(g_thunk_storage),
                                         PAGE_EXECUTE_READ,
                                         &old_protect);
 
   return NT_SUCCESS(ret) && page_executable;
 }
 
 }  // namespace blacklist