Add sandbox support for Windows process mitigations

sandbox/win/src/target_process.cc

Index: sandbox/win/src/target_process.cc
===================================================================
--- sandbox/win/src/target_process.cc	(revision 156579)
+++ sandbox/win/src/target_process.cc	(working copy)
@@ -35,29 +35,8 @@
   }
 }
 
-// Reserve a random range at the bottom of the address space in the target
-// process to prevent predictable alocations at low addresses.
-void PoisonLowerAddressRange(HANDLE process) {
-  unsigned int limit;
-  rand_s(&limit);
-  char* ptr = 0;
-  const size_t kMask64k = 0xFFFF;
-  // Random range (512k-16.5mb) in 64k steps.
-  const char* end = ptr + ((((limit % 16384) + 512) * 1024) & ~kMask64k);
-  while (ptr < end) {
-    MEMORY_BASIC_INFORMATION memory_info;
-    if (!::VirtualQueryEx(process, ptr, &memory_info, sizeof(memory_info)))
-      break;
-    size_t size = std::min((memory_info.RegionSize + kMask64k) & ~kMask64k,
-                           static_cast<SIZE_T>(end - ptr));
-    if (ptr && memory_info.State == MEM_FREE)
-      ::VirtualAllocEx(process, ptr, size, MEM_RESERVE, PAGE_NOACCESS);
-    ptr += size;
-  }
 }
 
-}
-
 namespace sandbox {
 
 SANDBOX_INTERCEPT HANDLE g_shared_section;
@@ -168,8 +147,6 @@
   }
   lockdown_token_.Close();
 
-  PoisonLowerAddressRange(process_info.process_handle());
-
   DWORD win_result = ERROR_SUCCESS;
 
   // Assign the suspended target to the windows job object.