| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/safe_browsing/incident_reporting/environment_data_colle
ction_win.h" | 5 #include "chrome/browser/safe_browsing/incident_reporting/environment_data_colle
ction_win.h" |
| 6 | 6 |
| 7 #include <windows.h> | 7 #include <windows.h> |
| 8 #include <set> | 8 #include <set> |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| (...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 123 path_sanitizer.StripHomeDirectory(&dll_name); | 123 path_sanitizer.StripHomeDirectory(&dll_name); |
| 124 process->add_blacklisted_dll(dll_name.AsUTF8Unsafe()); | 124 process->add_blacklisted_dll(dll_name.AsUTF8Unsafe()); |
| 125 } | 125 } |
| 126 } | 126 } |
| 127 | 127 |
| 128 void CollectModuleVerificationData( | 128 void CollectModuleVerificationData( |
| 129 const wchar_t* const modules_to_verify[], | 129 const wchar_t* const modules_to_verify[], |
| 130 size_t num_modules_to_verify, | 130 size_t num_modules_to_verify, |
| 131 ClientIncidentReport_EnvironmentData_Process* process) { | 131 ClientIncidentReport_EnvironmentData_Process* process) { |
| 132 #if !defined(_WIN64) | 132 #if !defined(_WIN64) |
| 133 using ModuleState = ClientIncidentReport_EnvironmentData_Process_ModuleState; |
| 134 |
| 133 for (size_t i = 0; i < num_modules_to_verify; ++i) { | 135 for (size_t i = 0; i < num_modules_to_verify; ++i) { |
| 134 scoped_ptr<ClientIncidentReport_EnvironmentData_Process_ModuleState> | 136 scoped_ptr<ModuleState> module_state(new ModuleState()); |
| 135 module_state( | |
| 136 new ClientIncidentReport_EnvironmentData_Process_ModuleState()); | |
| 137 | 137 |
| 138 VerificationResult result = NewVerifyModule(modules_to_verify[i], | 138 int num_bytes_different = 0; |
| 139 module_state.get()); | 139 bool scan_complete = VerifyModule(modules_to_verify[i], |
| 140 module_state.get(), |
| 141 &num_bytes_different); |
| 140 | 142 |
| 141 std::set<std::string> modified_exports; | 143 if (module_state->modified_state() == ModuleState::MODULE_STATE_UNMODIFIED) |
| 142 int num_bytes = 0; | 144 continue; |
| 143 int modified = VerifyModule(modules_to_verify[i], | |
| 144 &modified_exports, | |
| 145 &num_bytes); | |
| 146 | 145 |
| 147 if (result.state == MODULE_STATE_MODIFIED) { | 146 if (module_state->modified_state() == ModuleState::MODULE_STATE_MODIFIED) { |
| 148 UMA_HISTOGRAM_COUNTS_10000( | 147 UMA_HISTOGRAM_COUNTS_10000( |
| 149 "ModuleIntegrityVerification.BytesModified.WithoutByteSet", | 148 "ModuleIntegrityVerification.BytesModified.WithoutByteSet", |
| 150 result.num_bytes_different); | 149 num_bytes_different); |
| 151 } | 150 } |
| 152 | 151 |
| 153 if (modified == MODULE_STATE_MODIFIED) { | 152 if (!scan_complete) { |
| 154 UMA_HISTOGRAM_COUNTS_10000( | |
| 155 "ModuleIntegrityVerification.BytesModified.WithByteSet", | |
| 156 num_bytes); | |
| 157 } | |
| 158 | |
| 159 if (modified == MODULE_STATE_MODIFIED || | |
| 160 result.state == MODULE_STATE_MODIFIED) { | |
| 161 int difference = abs(result.num_bytes_different - num_bytes); | |
| 162 | |
| 163 if (result.num_bytes_different > num_bytes) { | |
| 164 UMA_HISTOGRAM_COUNTS_10000( | |
| 165 "ModuleIntegrityVerification.Difference.WithoutByteSet", | |
| 166 difference); | |
| 167 } else if (num_bytes > result.num_bytes_different) { | |
| 168 UMA_HISTOGRAM_COUNTS_10000( | |
| 169 "ModuleIntegrityVerification.Difference.WithByteSet", | |
| 170 difference); | |
| 171 } | |
| 172 } | |
| 173 | |
| 174 if (!result.verification_completed) { | |
| 175 UMA_HISTOGRAM_ENUMERATION( | 153 UMA_HISTOGRAM_ENUMERATION( |
| 176 "ModuleIntegrityVerification.RelocationsUnordered", i, | 154 "ModuleIntegrityVerification.RelocationsUnordered", i, |
| 177 num_modules_to_verify); | 155 num_modules_to_verify); |
| 178 } | 156 } |
| 179 | 157 |
| 180 if (modified == MODULE_STATE_UNMODIFIED) | |
| 181 continue; | |
| 182 | |
| 183 module_state->set_name(base::WideToUTF8(modules_to_verify[i])); | |
| 184 // Add 1 to the ModuleState enum to get the corresponding value in the | |
| 185 // protobuf's ModuleState enum. | |
| 186 module_state->set_modified_state(static_cast< | |
| 187 ClientIncidentReport_EnvironmentData_Process_ModuleState_ModifiedState>( | |
| 188 modified + 1)); | |
| 189 for (std::set<std::string>::iterator it = modified_exports.begin(); | |
| 190 it != modified_exports.end(); | |
| 191 ++it) { | |
| 192 module_state->add_modified_export(*it); | |
| 193 } | |
| 194 process->mutable_module_state()->AddAllocated(module_state.release()); | 158 process->mutable_module_state()->AddAllocated(module_state.release()); |
| 195 } | 159 } |
| 196 #endif // _WIN64 | 160 #endif // _WIN64 |
| 197 } | 161 } |
| 198 | 162 |
| 199 void CollectPlatformProcessData( | 163 void CollectPlatformProcessData( |
| 200 ClientIncidentReport_EnvironmentData_Process* process) { | 164 ClientIncidentReport_EnvironmentData_Process* process) { |
| 201 CollectDlls(process); | 165 CollectDlls(process); |
| 202 RecordLspFeature(process); | 166 RecordLspFeature(process); |
| 203 CollectDllBlacklistData(process); | 167 CollectDllBlacklistData(process); |
| 204 CollectModuleVerificationData( | 168 CollectModuleVerificationData( |
| 205 kModulesToVerify, arraysize(kModulesToVerify), process); | 169 kModulesToVerify, arraysize(kModulesToVerify), process); |
| 206 } | 170 } |
| 207 | 171 |
| 208 } // namespace safe_browsing | 172 } // namespace safe_browsing |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1083193007:
Remove legacy Module Verifier. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master