OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "sandbox/win/src/service_resolver.h" | 5 #include "sandbox/win/src/service_resolver.h" |
6 | 6 |
7 #include "base/memory/scoped_ptr.h" | 7 #include "base/memory/scoped_ptr.h" |
8 #include "sandbox/win/src/sandbox_nt_util.h" | 8 #include "sandbox/win/src/sandbox_nt_util.h" |
9 #include "sandbox/win/src/win_utils.h" | 9 #include "sandbox/win/src/win_utils.h" |
10 | 10 |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
49 // 1c 0f05 syscall | 49 // 1c 0f05 syscall |
50 // 1e c3 ret | 50 // 1e c3 ret |
51 // 1f 90 nop | 51 // 1f 90 nop |
52 | 52 |
53 ULONG64 mov_1; // = 48 89 4C 24 08 48 89 54 | 53 ULONG64 mov_1; // = 48 89 4C 24 08 48 89 54 |
54 ULONG64 mov_2; // = 24 10 4C 89 44 24 18 4C | 54 ULONG64 mov_2; // = 24 10 4C 89 44 24 18 4C |
55 ULONG mov_3; // = 89 4C 24 20 | 55 ULONG mov_3; // = 89 4C 24 20 |
56 ULONG mov_r10_rcx_mov_eax; // = 4C 8B D1 B8 | 56 ULONG mov_r10_rcx_mov_eax; // = 4C 8B D1 B8 |
57 ULONG service_id; | 57 ULONG service_id; |
58 USHORT syscall; // = 0F 05 | 58 USHORT syscall; // = 0F 05 |
59 BYTE ret; // = C2 | 59 BYTE ret; // = C3 |
60 BYTE nop; // = 90 | 60 BYTE nop; // = 90 |
61 }; | 61 }; |
62 | 62 |
63 // We don't have an internal thunk for x64. | 63 // We don't have an internal thunk for x64. |
64 struct ServiceFullThunk { | 64 struct ServiceFullThunk { |
65 union { | 65 union { |
66 ServiceEntry original; | 66 ServiceEntry original; |
67 ServiceEntryW8 original_w8; | 67 ServiceEntryW8 original_w8; |
68 }; | 68 }; |
69 }; | 69 }; |
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
183 bool Wow64ResolverThunk::IsFunctionAService(void* local_thunk) const { | 183 bool Wow64ResolverThunk::IsFunctionAService(void* local_thunk) const { |
184 NOTREACHED_NT(); | 184 NOTREACHED_NT(); |
185 return false; | 185 return false; |
186 } | 186 } |
187 | 187 |
188 bool Win2kResolverThunk::IsFunctionAService(void* local_thunk) const { | 188 bool Win2kResolverThunk::IsFunctionAService(void* local_thunk) const { |
189 NOTREACHED_NT(); | 189 NOTREACHED_NT(); |
190 return false; | 190 return false; |
191 } | 191 } |
192 | 192 |
193 bool Win8ResolverThunk::IsFunctionAService(void* local_thunk) const { | |
robertshield
2014/01/07 18:30:47
The ServiceResolverThunk::IsFunctionAService metho
csharp
2014/01/07 20:43:07
Yes it does. I've removed the win8 specific code f
| |
194 ServiceEntryW8 function_code; | |
195 SIZE_T read; | |
196 if (!::ReadProcessMemory(process_, target_, &function_code, | |
197 sizeof(function_code), &read)) | |
198 return false; | |
199 | |
200 if (sizeof(function_code) != read) | |
201 return false; | |
202 | |
203 if (kMov1 != function_code.mov_1 || kMov2 != function_code.mov_2 || | |
204 kMov3 != function_code.mov_3 || | |
205 kMmovR10EcxMovEax != function_code.mov_r10_rcx_mov_eax || | |
206 kSyscall != function_code.syscall || | |
207 kRetNp != function_code.ret) { | |
208 return false; | |
209 } | |
210 | |
211 // Save the verified code | |
212 memcpy(local_thunk, &function_code, sizeof(function_code)); | |
213 | |
214 return true; | |
215 } | |
216 | |
193 } // namespace sandbox | 217 } // namespace sandbox |
OLD | NEW |