OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome_elf/blacklist/blacklist.h" | 5 #include "chrome_elf/blacklist/blacklist.h" |
6 | 6 |
7 #include <string.h> | 7 #include <string.h> |
8 | 8 |
9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
10 #include "chrome_elf/blacklist/blacklist_interceptions.h" | 10 #include "chrome_elf/blacklist/blacklist_interceptions.h" |
11 #include "sandbox/win/src/interception_internal.h" | 11 #include "sandbox/win/src/interception_internal.h" |
12 #include "sandbox/win/src/internal_types.h" | 12 #include "sandbox/win/src/internal_types.h" |
13 #include "sandbox/win/src/sandbox_utils.h" | 13 #include "sandbox/win/src/sandbox_utils.h" |
14 #include "sandbox/win/src/service_resolver.h" | 14 #include "sandbox/win/src/service_resolver.h" |
15 | 15 |
16 // http://blogs.msdn.com/oldnewthing/archive/2004/10/25/247180.aspx | 16 // http://blogs.msdn.com/oldnewthing/archive/2004/10/25/247180.aspx |
17 extern "C" IMAGE_DOS_HEADER __ImageBase; | 17 extern "C" IMAGE_DOS_HEADER __ImageBase; |
18 | 18 |
19 namespace blacklist{ | 19 namespace blacklist{ |
20 | 20 |
21 const wchar_t* g_troublesome_dlls[kTroublesomeDllsMaxCount] = {}; | 21 const wchar_t* g_troublesome_dlls[kTroublesomeDllsMaxCount] = {}; |
22 int g_troublesome_dlls_cur_index = 0; | 22 int g_troublesome_dlls_cur_index = 0; |
23 | 23 |
24 const wchar_t kRegistryBeaconPath[] = L"SOFTWARE\\Google\\Chrome\\BLBeacon"; | 24 const wchar_t kRegistryBeaconPath[] = L"SOFTWARE\\Google\\Chrome\\BLBeacon"; |
| 25 const wchar_t kBeaconVersion[] = L"version"; |
| 26 const wchar_t kBeaconState[] = L"state"; |
25 | 27 |
26 } // namespace blacklist | 28 } // namespace blacklist |
27 | 29 |
28 // Allocate storage for thunks in a page of this module to save on doing | 30 // Allocate storage for thunks in a page of this module to save on doing |
29 // an extra allocation at run time. | 31 // an extra allocation at run time. |
30 #pragma section(".crthunk",read,execute) | 32 #pragma section(".crthunk",read,execute) |
31 __declspec(allocate(".crthunk")) sandbox::ThunkData g_thunk_storage; | 33 __declspec(allocate(".crthunk")) sandbox::ThunkData g_thunk_storage; |
32 | 34 |
33 namespace { | 35 namespace { |
34 | 36 |
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
133 | 135 |
134 bool IsNonBrowserProcess() { | 136 bool IsNonBrowserProcess() { |
135 wchar_t* command_line = GetCommandLine(); | 137 wchar_t* command_line = GetCommandLine(); |
136 return (command_line && wcsstr(command_line, L"--type")); | 138 return (command_line && wcsstr(command_line, L"--type")); |
137 } | 139 } |
138 | 140 |
139 } // namespace | 141 } // namespace |
140 | 142 |
141 namespace blacklist { | 143 namespace blacklist { |
142 | 144 |
143 bool CreateBeacon() { | 145 bool LeaveSetupBeacon() { |
144 HKEY beacon_key = NULL; | 146 DWORD blacklist_state = BLACKLIST_DISABLED; |
145 DWORD disposition = 0; | 147 DWORD blacklist_state_size = sizeof(blacklist_state); |
146 LONG result = ::RegCreateKeyEx(HKEY_CURRENT_USER, | 148 LONG result = ::RegGetValue(HKEY_CURRENT_USER, |
147 kRegistryBeaconPath, | 149 kRegistryBeaconPath, |
148 0, | 150 kBeaconState, |
149 NULL, | 151 RRF_RT_REG_DWORD, |
150 0, | 152 NULL, |
151 KEY_WRITE, | 153 &blacklist_state, |
152 NULL, | 154 &blacklist_state_size); |
153 &beacon_key, | |
154 &disposition); | |
155 bool success = (result == ERROR_SUCCESS && | |
156 disposition != REG_OPENED_EXISTING_KEY); | |
157 if (result == ERROR_SUCCESS) | |
158 ::RegCloseKey(beacon_key); | |
159 return success; | |
160 } | |
161 | 155 |
162 bool ClearBeacon() { | 156 if (blacklist_state != BLACKLIST_ENABLED || |
163 LONG result = ::RegDeleteKey(HKEY_CURRENT_USER, kRegistryBeaconPath); | 157 result != ERROR_SUCCESS) |
| 158 return false; |
| 159 |
| 160 blacklist_state = BLACKLIST_SETUP_RUNNING; |
| 161 result = ::RegSetKeyValue(HKEY_CURRENT_USER, |
| 162 kRegistryBeaconPath, |
| 163 kBeaconState, |
| 164 REG_DWORD, |
| 165 &blacklist_state, |
| 166 sizeof(blacklist_state)); |
| 167 |
164 return (result == ERROR_SUCCESS); | 168 return (result == ERROR_SUCCESS); |
165 } | 169 } |
166 | 170 |
| 171 bool ResetBeacon() { |
| 172 DWORD blacklist_state = BLACKLIST_ENABLED; |
| 173 LONG result = ::RegSetKeyValue(HKEY_CURRENT_USER, |
| 174 kRegistryBeaconPath, |
| 175 kBeaconState, |
| 176 REG_DWORD, |
| 177 &blacklist_state, |
| 178 sizeof(blacklist_state)); |
| 179 |
| 180 return (result == ERROR_SUCCESS); |
| 181 } |
| 182 |
167 bool AddDllToBlacklist(const wchar_t* dll_name) { | 183 bool AddDllToBlacklist(const wchar_t* dll_name) { |
168 if (g_troublesome_dlls_cur_index >= kTroublesomeDllsMaxCount) | 184 if (g_troublesome_dlls_cur_index >= kTroublesomeDllsMaxCount) |
169 return false; | 185 return false; |
170 for (int i = 0; i < g_troublesome_dlls_cur_index; ++i) { | 186 for (int i = 0; i < g_troublesome_dlls_cur_index; ++i) { |
171 if (!wcscmp(g_troublesome_dlls[i], dll_name)) | 187 if (!wcscmp(g_troublesome_dlls[i], dll_name)) |
172 return true; | 188 return true; |
173 } | 189 } |
174 | 190 |
175 // Copy string to blacklist. | 191 // Copy string to blacklist. |
176 wchar_t* str_buffer = new wchar_t[wcslen(dll_name) + 1]; | 192 wchar_t* str_buffer = new wchar_t[wcslen(dll_name) + 1]; |
(...skipping 28 matching lines...) Expand all Loading... |
205 | 221 |
206 // Check to see that we found the functions we need in ntdll. | 222 // Check to see that we found the functions we need in ntdll. |
207 if (!InitializeInterceptImports()) | 223 if (!InitializeInterceptImports()) |
208 return false; | 224 return false; |
209 | 225 |
210 // Check to see if this is a non-browser process, abort if so. | 226 // Check to see if this is a non-browser process, abort if so. |
211 if (IsNonBrowserProcess()) | 227 if (IsNonBrowserProcess()) |
212 return false; | 228 return false; |
213 | 229 |
214 // Check to see if a beacon is present, abort if so. | 230 // Check to see if a beacon is present, abort if so. |
215 if (!force && !CreateBeacon()) | 231 if (!force && !LeaveSetupBeacon()) |
216 return false; | 232 return false; |
217 | 233 |
218 // Don't try blacklisting on unsupported OS versions. | 234 // Don't try blacklisting on unsupported OS versions. |
219 OSInfo os_info; | 235 OSInfo os_info; |
220 if (os_info.version() <= VERSION_PRE_XP_SP2) | 236 if (os_info.version() <= VERSION_PRE_XP_SP2) |
221 return false; | 237 return false; |
222 | 238 |
223 // Pseudo-handle, no need to close. | 239 // Pseudo-handle, no need to close. |
224 HANDLE current_process = ::GetCurrentProcess(); | 240 HANDLE current_process = ::GetCurrentProcess(); |
225 | 241 |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
272 // Mark the thunk storage as executable and prevent any future writes to it. | 288 // Mark the thunk storage as executable and prevent any future writes to it. |
273 BOOL page_executable = VirtualProtect(&g_thunk_storage, | 289 BOOL page_executable = VirtualProtect(&g_thunk_storage, |
274 sizeof(g_thunk_storage), | 290 sizeof(g_thunk_storage), |
275 PAGE_EXECUTE_READ, | 291 PAGE_EXECUTE_READ, |
276 &old_protect); | 292 &old_protect); |
277 | 293 |
278 return NT_SUCCESS(ret) && page_executable; | 294 return NT_SUCCESS(ret) && page_executable; |
279 } | 295 } |
280 | 296 |
281 } // namespace blacklist | 297 } // namespace blacklist |
OLD | NEW |