OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome_elf/blacklist/blacklist.h" | 5 #include "chrome_elf/blacklist/blacklist.h" |
6 | 6 |
7 #include <string.h> | 7 #include <string.h> |
8 | 8 |
9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
10 #include "chrome_elf/blacklist/blacklist_interceptions.h" | 10 #include "chrome_elf/blacklist/blacklist_interceptions.h" |
11 #include "sandbox/win/src/interception_internal.h" | 11 #include "sandbox/win/src/interception_internal.h" |
12 #include "sandbox/win/src/internal_types.h" | 12 #include "sandbox/win/src/internal_types.h" |
13 #include "sandbox/win/src/sandbox_utils.h" | 13 #include "sandbox/win/src/sandbox_utils.h" |
14 #include "sandbox/win/src/service_resolver.h" | 14 #include "sandbox/win/src/service_resolver.h" |
15 | 15 |
16 // http://blogs.msdn.com/oldnewthing/archive/2004/10/25/247180.aspx | 16 // http://blogs.msdn.com/oldnewthing/archive/2004/10/25/247180.aspx |
17 extern "C" IMAGE_DOS_HEADER __ImageBase; | 17 extern "C" IMAGE_DOS_HEADER __ImageBase; |
18 | 18 |
19 namespace blacklist{ | 19 namespace blacklist{ |
20 | 20 |
21 const wchar_t* g_troublesome_dlls[kTroublesomeDllsMaxCount] = {}; | 21 const wchar_t* g_troublesome_dlls[kTroublesomeDllsMaxCount] = {}; |
22 int g_troublesome_dlls_cur_index = 0; | 22 int g_troublesome_dlls_cur_index = 0; |
23 | 23 |
24 const wchar_t kRegistryBeaconPath[] = L"SOFTWARE\\Google\\Chrome\\BLBeacon"; | 24 const wchar_t kRegistryBeaconPath[] = L"SOFTWARE\\Google\\Chrome\\BLBeacon"; |
25 const wchar_t kBeaconVersion[] = L"version"; | |
26 const wchar_t kBeaconState[] = L"state"; | |
25 | 27 |
26 } // namespace blacklist | 28 } // namespace blacklist |
27 | 29 |
28 // Allocate storage for thunks in a RWX page of this module to save on doing | 30 // Allocate storage for thunks in a RWX page of this module to save on doing |
29 // an extra allocation at run time. | 31 // an extra allocation at run time. |
30 #if !defined(_WIN64) | 32 #if !defined(_WIN64) |
31 // 64-bit images appear to not support writeable and executable pages. | 33 // 64-bit images appear to not support writeable and executable pages. |
32 // This would yield compile warning C4330. | 34 // This would yield compile warning C4330. |
33 // TODO(robertshield): Add 64 bit support. | 35 // TODO(robertshield): Add 64 bit support. |
34 #pragma section(".crthunk",read,write,execute) | 36 #pragma section(".crthunk",read,write,execute) |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
138 | 140 |
139 bool IsNonBrowserProcess() { | 141 bool IsNonBrowserProcess() { |
140 wchar_t* command_line = GetCommandLine(); | 142 wchar_t* command_line = GetCommandLine(); |
141 return (command_line && wcsstr(command_line, L"--type")); | 143 return (command_line && wcsstr(command_line, L"--type")); |
142 } | 144 } |
143 | 145 |
144 } // namespace | 146 } // namespace |
145 | 147 |
146 namespace blacklist { | 148 namespace blacklist { |
147 | 149 |
148 bool CreateBeacon() { | 150 bool LeaveSetupBeacon() { |
149 HKEY beacon_key = NULL; | 151 DWORD blacklist_state = 0; |
robertshield
2014/01/02 20:42:22
= BLACKLIST_DISABLED;
csharp
2014/01/02 21:57:59
Done.
| |
150 DWORD disposition = 0; | 152 DWORD blacklist_state_size = sizeof(blacklist_state); |
151 LONG result = ::RegCreateKeyEx(HKEY_CURRENT_USER, | 153 ::RegGetValue(HKEY_CURRENT_USER, |
154 kRegistryBeaconPath, | |
155 kBeaconState, | |
156 RRF_RT_REG_DWORD, | |
157 NULL, | |
158 &blacklist_state, | |
159 &blacklist_state_size); | |
robertshield
2014/01/02 20:42:22
Check the return value of RegGetValue and also fai
csharp
2014/01/02 21:57:59
Done.
| |
160 | |
161 if (blacklist_state != BLACKLIST_ENABLED) | |
162 return false; | |
163 | |
164 blacklist_state = BLACKLIST_SETUP_RUNNING; | |
165 LONG result = ::RegSetKeyValue(HKEY_CURRENT_USER, | |
152 kRegistryBeaconPath, | 166 kRegistryBeaconPath, |
153 0, | 167 kBeaconState, |
154 NULL, | 168 REG_DWORD, |
155 0, | 169 &blacklist_state, |
156 KEY_WRITE, | 170 sizeof(blacklist_state)); |
157 NULL, | |
158 &beacon_key, | |
159 &disposition); | |
160 bool success = (result == ERROR_SUCCESS && | |
161 disposition != REG_OPENED_EXISTING_KEY); | |
162 if (result == ERROR_SUCCESS) | |
163 ::RegCloseKey(beacon_key); | |
164 return success; | |
165 } | |
166 | 171 |
167 bool ClearBeacon() { | |
168 LONG result = ::RegDeleteKey(HKEY_CURRENT_USER, kRegistryBeaconPath); | |
169 return (result == ERROR_SUCCESS); | 172 return (result == ERROR_SUCCESS); |
170 } | 173 } |
171 | 174 |
175 bool ResetBeacon() { | |
176 DWORD blacklist_state = BLACKLIST_ENABLED; | |
177 LONG result = ::RegSetKeyValue(HKEY_CURRENT_USER, | |
178 kRegistryBeaconPath, | |
179 kBeaconState, | |
180 REG_DWORD, | |
181 &blacklist_state, | |
182 sizeof(blacklist_state)); | |
183 | |
184 return (result == ERROR_SUCCESS); | |
185 } | |
186 | |
172 bool AddDllToBlacklist(const wchar_t* dll_name) { | 187 bool AddDllToBlacklist(const wchar_t* dll_name) { |
173 if (g_troublesome_dlls_cur_index >= kTroublesomeDllsMaxCount) | 188 if (g_troublesome_dlls_cur_index >= kTroublesomeDllsMaxCount) |
174 return false; | 189 return false; |
175 for (int i = 0; i < g_troublesome_dlls_cur_index; ++i) { | 190 for (int i = 0; i < g_troublesome_dlls_cur_index; ++i) { |
176 if (!wcscmp(g_troublesome_dlls[i], dll_name)) | 191 if (!wcscmp(g_troublesome_dlls[i], dll_name)) |
177 return true; | 192 return true; |
178 } | 193 } |
179 | 194 |
180 // Copy string to blacklist. | 195 // Copy string to blacklist. |
181 wchar_t* str_buffer = new wchar_t[wcslen(dll_name) + 1]; | 196 wchar_t* str_buffer = new wchar_t[wcslen(dll_name) + 1]; |
(...skipping 28 matching lines...) Expand all Loading... | |
210 | 225 |
211 // Check to see that we found the functions we need in ntdll. | 226 // Check to see that we found the functions we need in ntdll. |
212 if (!InitializeInterceptImports()) | 227 if (!InitializeInterceptImports()) |
213 return false; | 228 return false; |
214 | 229 |
215 // Check to see if this is a non-browser process, abort if so. | 230 // Check to see if this is a non-browser process, abort if so. |
216 if (IsNonBrowserProcess()) | 231 if (IsNonBrowserProcess()) |
217 return false; | 232 return false; |
218 | 233 |
219 // Check to see if a beacon is present, abort if so. | 234 // Check to see if a beacon is present, abort if so. |
220 if (!force && !CreateBeacon()) | 235 if (!force && !LeaveSetupBeacon()) |
221 return false; | 236 return false; |
222 | 237 |
223 // Don't try blacklisting on unsupported OS versions. | 238 // Don't try blacklisting on unsupported OS versions. |
224 OSInfo os_info; | 239 OSInfo os_info; |
225 if (os_info.version() <= VERSION_PRE_XP_SP2) | 240 if (os_info.version() <= VERSION_PRE_XP_SP2) |
226 return false; | 241 return false; |
227 | 242 |
228 // Pseudo-handle, no need to close. | 243 // Pseudo-handle, no need to close. |
229 HANDLE current_process = ::GetCurrentProcess(); | 244 HANDLE current_process = ::GetCurrentProcess(); |
230 | 245 |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
265 &blacklist::BlNtMapViewOfSection, | 280 &blacklist::BlNtMapViewOfSection, |
266 thunk_storage, | 281 thunk_storage, |
267 sizeof(sandbox::ThunkData), | 282 sizeof(sandbox::ThunkData), |
268 NULL); | 283 NULL); |
269 | 284 |
270 delete thunk; | 285 delete thunk; |
271 return NT_SUCCESS(ret); | 286 return NT_SUCCESS(ret); |
272 } | 287 } |
273 | 288 |
274 } // namespace blacklist | 289 } // namespace blacklist |
OLD | NEW |