sandbox/win/src/process_thread_dispatcher.cc - Issue 1225183003: CreateThread interception, to use CreateRemoteThread

Side by Side Diff: sandbox/win/src/process_thread_dispatcher.cc

Issue 1225183003: CreateThread interception, to use CreateRemoteThread (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: sync to head Created 5 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« sandbox/win/src/process_policy_test.cc ('K') | « sandbox/win/src/process_thread_dispatcher.h ('k') | sandbox/win/src/process_thread_interception.h » ('j') | sandbox/win/src/process_thread_interception.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "sandbox/win/src/process_thread_dispatcher.h"	5 #include "sandbox/win/src/process_thread_dispatcher.h"

6	6

7 #include "base/basictypes.h"	7 #include "base/basictypes.h"

8 #include "base/logging.h"	8 #include "base/logging.h"

9 #include "sandbox/win/src/crosscall_client.h"	9 #include "sandbox/win/src/crosscall_client.h"

10 #include "sandbox/win/src/interception.h"	10 #include "sandbox/win/src/interception.h"

(...skipping 104 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
115 {IPC_NTOPENPROCESSTOKENEX_TAG, {VOIDPTR_TYPE, UINT32_TYPE, UINT32_TYPE}},	115 {IPC_NTOPENPROCESSTOKENEX_TAG, {VOIDPTR_TYPE, UINT32_TYPE, UINT32_TYPE}},

116 reinterpret_cast<CallbackGeneric>(	116 reinterpret_cast<CallbackGeneric>(

117 &ThreadProcessDispatcher::NtOpenProcessTokenEx)};	117 &ThreadProcessDispatcher::NtOpenProcessTokenEx)};

118	118

119 static const IPCCall create_params = {	119 static const IPCCall create_params = {

120 {IPC_CREATEPROCESSW_TAG,	120 {IPC_CREATEPROCESSW_TAG,

121 {WCHAR_TYPE, WCHAR_TYPE, WCHAR_TYPE, INOUTPTR_TYPE}},	121 {WCHAR_TYPE, WCHAR_TYPE, WCHAR_TYPE, INOUTPTR_TYPE}},

122 reinterpret_cast<CallbackGeneric>(	122 reinterpret_cast<CallbackGeneric>(

123 &ThreadProcessDispatcher::CreateProcessW)};	123 &ThreadProcessDispatcher::CreateProcessW)};

124	124

	125 static const IPCCall create_thread_params = {

	126 {IPC_CREATETHREAD_TAG,

	127 // NOTE(liamjm): 2nd param in size_t: Using VOIDPTR_TYPE as a hack.
	Will Harris 2015/12/03 06:41:50 I think this is fine, we only need to support Wind I think this is fine, we only need to support Windows and we know sizeof(size_t) always matches sizeof(void) on that platform. You could put a compile time assert to verify this is always true. liamjm (20p)* 2015/12/03 21:53:29 Done. Show quoted text On 2015/12/03 06:41:50, Will Harris wrote: > I think this is fine, we only need to support Windows and we know sizeof(size_t) > always matches sizeof(void*) on that platform. > > You could put a compile time assert to verify this is always true. Done.
	128 {VOIDPTR_TYPE, VOIDPTR_TYPE, VOIDPTR_TYPE, VOIDPTR_TYPE, UINT32_TYPE}},

	129 reinterpret_cast<CallbackGeneric>(

	130 &ThreadProcessDispatcher::CreateThread)};

	131

125 ipc_calls_.push_back(open_thread);	132 ipc_calls_.push_back(open_thread);

126 ipc_calls_.push_back(open_process);	133 ipc_calls_.push_back(open_process);

127 ipc_calls_.push_back(process_token);	134 ipc_calls_.push_back(process_token);

128 ipc_calls_.push_back(process_tokenex);	135 ipc_calls_.push_back(process_tokenex);

129 ipc_calls_.push_back(create_params);	136 ipc_calls_.push_back(create_params);

	137 ipc_calls_.push_back(create_thread_params);

130 }	138 }

131	139

132 bool ThreadProcessDispatcher::SetupService(InterceptionManager* manager,	140 bool ThreadProcessDispatcher::SetupService(InterceptionManager* manager,

133 int service) {	141 int service) {

134 switch (service) {	142 switch (service) {

135 case IPC_NTOPENTHREAD_TAG:	143 case IPC_NTOPENTHREAD_TAG:

136 case IPC_NTOPENPROCESS_TAG:	144 case IPC_NTOPENPROCESS_TAG:

137 case IPC_NTOPENPROCESSTOKEN_TAG:	145 case IPC_NTOPENPROCESSTOKEN_TAG:

138 case IPC_NTOPENPROCESSTOKENEX_TAG:	146 case IPC_NTOPENPROCESSTOKENEX_TAG:

139 // There is no explicit policy for these services.	147 // There is no explicit policy for these services.

140 NOTREACHED();	148 NOTREACHED();

141 return false;	149 return false;

142	150

143 case IPC_CREATEPROCESSW_TAG:	151 case IPC_CREATEPROCESSW_TAG:

144 return INTERCEPT_EAT(manager, kKerneldllName, CreateProcessW,	152 return INTERCEPT_EAT(manager, kKerneldllName, CreateProcessW,

145 CREATE_PROCESSW_ID, 44) &&	153 CREATE_PROCESSW_ID, 44) &&

146 INTERCEPT_EAT(manager, L"kernel32.dll", CreateProcessA,	154 INTERCEPT_EAT(manager, L"kernel32.dll", CreateProcessA,

147 CREATE_PROCESSA_ID, 44);	155 CREATE_PROCESSA_ID, 44);

148	156

	157 case IPC_CREATETHREAD_TAG:

	158 return INTERCEPT_EAT(manager, kKerneldllName, CreateThread,

	159 CREATE_THREAD_ID, 28);

	160

149 default:	161 default:

150 return false;	162 return false;

151 }	163 }

152 }	164 }

153	165

154 bool ThreadProcessDispatcher::NtOpenThread(IPCInfo* ipc,	166 bool ThreadProcessDispatcher::NtOpenThread(IPCInfo* ipc,

155 uint32 desired_access,	167 uint32 desired_access,

156 uint32 thread_id) {	168 uint32 thread_id) {

157 HANDLE handle;	169 HANDLE handle;

158 NTSTATUS ret = ProcessPolicy::OpenThreadAction(*ipc->client_info,	170 NTSTATUS ret = ProcessPolicy::OpenThreadAction(*ipc->client_info,

(...skipping 76 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
235 // Here we force the app_name to be the one we used for the policy lookup.	247 // Here we force the app_name to be the one we used for the policy lookup.

236 // If our logic was wrong, at least we wont allow create a random process.	248 // If our logic was wrong, at least we wont allow create a random process.

237 DWORD ret = ProcessPolicy::CreateProcessWAction(eval, *ipc->client_info,	249 DWORD ret = ProcessPolicy::CreateProcessWAction(eval, *ipc->client_info,

238 exe_name, *cmd_line,	250 exe_name, *cmd_line,

239 proc_info);	251 proc_info);

240	252

241 ipc->return_info.win32_result = ret;	253 ipc->return_info.win32_result = ret;

242 return true;	254 return true;

243 }	255 }

244	256

	257 bool ThreadProcessDispatcher::CreateThread(

	258 IPCInfo* ipc,

	259 LPSECURITY_ATTRIBUTES thread_attributes,

	260 SIZE_T stack_size,
	Will Harris 2015/12/03 06:41:51 surprised something (maybe clang?) doesn't complai surprised something (maybe clang?) doesn't complain about the void* to size_t conversion happening here? liamjm (20p) 2015/12/03 21:53:29 Acknowledged. Show quoted text On 2015/12/03 06:41:51, Will Harris wrote: > surprised something (maybe clang?) doesn't complain about the void* to size_t > conversion happening here? Acknowledged.
	261 LPTHREAD_START_ROUTINE start_address,

	262 PVOID parameter,

	263 DWORD creation_flags) {

	264 if (!start_address) {

	265 return false;

	266 }

	267

	268 HANDLE handle;

	269 DWORD ret = ProcessPolicy::CreateThreadAction(

	270 GIVE_ALLACCESS, *ipc->client_info, thread_attributes, stack_size,

	271 start_address, parameter, creation_flags, NULL, &handle);

	272

	273 ipc->return_info.nt_status = ret;

	274 ipc->return_info.handle = handle;

	275 return true;

	276 }

	277

245 } // namespace sandbox	278 } // namespace sandbox

OLD	NEW