Add 64-bit support to browser blacklisting

sandbox/win/src/service_resolver_64.cc

Index: sandbox/win/src/service_resolver_64.cc
diff --git a/sandbox/win/src/service_resolver_64.cc b/sandbox/win/src/service_resolver_64.cc
index 473ddbc7f16d806f8b1d86fb245959c4ceb4d3d4..e70c31c713bf7cc8ffd2a14910126d22f73b5bf7 100644
--- a/sandbox/win/src/service_resolver_64.cc
+++ b/sandbox/win/src/service_resolver_64.cc
@@ -56,7 +56,7 @@ struct ServiceEntryW8 {
   ULONG mov_r10_rcx_mov_eax;  // = 4C 8B D1 B8
   ULONG service_id;
   USHORT syscall;             // = 0F 05
-  BYTE ret;                   // = C2
+  BYTE ret;                   // = C3
   BYTE nop;                   // = 90
 };
 
@@ -190,4 +190,28 @@ bool Win2kResolverThunk::IsFunctionAService(void* local_thunk) const {
   return false;
 }
 
+bool Win8ResolverThunk::IsFunctionAService(void* local_thunk) const {

[robertshield, 2014/01/07 18:30:47]

The ServiceResolverThunk::IsFunctionAService method above looks like it does
some Win8 checking. Do we need this method as well?

[csharp, 2014/01/07 20:43:07]

Yes it does. I've removed the win8 specific code from ServiceResolverThunk
(since we generally seem to have a separate function for each), but rvargas can
probably tell us what the correct action here is.

+  ServiceEntryW8 function_code;
+  SIZE_T read;
+  if (!::ReadProcessMemory(process_, target_, &function_code,
+                           sizeof(function_code), &read))
+    return false;
+
+  if (sizeof(function_code) != read)
+    return false;
+
+  if (kMov1 != function_code.mov_1 || kMov2 != function_code.mov_2 ||
+      kMov3 != function_code.mov_3 ||
+      kMmovR10EcxMovEax != function_code.mov_r10_rcx_mov_eax ||
+      kSyscall != function_code.syscall ||
+      kRetNp != function_code.ret) {
+    return false;
+  }
+
+  // Save the verified code
+  memcpy(local_thunk, &function_code, sizeof(function_code));
+
+  return true;
+}
+
 }  // namespace sandbox