sandbox/win/src/process_thread_policy.cc - Issue 1225183003: CreateThread interception, to use CreateRemoteThread

Side by Side Diff: sandbox/win/src/process_thread_policy.cc

Issue 1225183003: CreateThread interception, to use CreateRemoteThread (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: some more tweaks, from XP code. Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "sandbox/win/src/process_thread_policy.h"	5 #include "sandbox/win/src/process_thread_policy.h"

6	6

7 #include <stdint.h>	7 #include <stdint.h>

8	8

9 #include <string>	9 #include <string>

10	10

(...skipping 81 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
92 return false;	92 return false;

93 };	93 };

94 }	94 }

95	95

96 if (!process->AddStringMatch(IF, NameBased::NAME, name, CASE_INSENSITIVE)) {	96 if (!process->AddStringMatch(IF, NameBased::NAME, name, CASE_INSENSITIVE)) {

97 return false;	97 return false;

98 }	98 }

99 if (!policy->AddRule(IPC_CREATEPROCESSW_TAG, process.get())) {	99 if (!policy->AddRule(IPC_CREATEPROCESSW_TAG, process.get())) {

100 return false;	100 return false;

101 }	101 }

	102 if (!policy->AddRule(IPC_CREATETHREAD_TAG, process.get())) {

	103 return false;

	104 }

102 return true;	105 return true;

103 }	106 }

104	107

105 NTSTATUS ProcessPolicy::OpenThreadAction(const ClientInfo& client_info,	108 NTSTATUS ProcessPolicy::OpenThreadAction(const ClientInfo& client_info,

106 uint32_t desired_access,	109 uint32_t desired_access,

107 uint32_t thread_id,	110 uint32_t thread_id,

108 HANDLE* handle) {	111 HANDLE* handle) {

109 *handle = NULL;	112 *handle = NULL;

110	113

111 NtOpenThreadFunction NtOpenThread = NULL;	114 NtOpenThreadFunction NtOpenThread = NULL;

(...skipping 119 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
231 BOOL should_give_full_access = (GIVE_ALLACCESS == eval_result);	234 BOOL should_give_full_access = (GIVE_ALLACCESS == eval_result);

232 if (!CreateProcessExWHelper(client_info.process, should_give_full_access,	235 if (!CreateProcessExWHelper(client_info.process, should_give_full_access,

233 app_name.c_str(), cmd_line.get(), NULL, NULL,	236 app_name.c_str(), cmd_line.get(), NULL, NULL,

234 FALSE, 0, NULL, NULL, &startup_info,	237 FALSE, 0, NULL, NULL, &startup_info,

235 process_info)) {	238 process_info)) {

236 return ERROR_ACCESS_DENIED;	239 return ERROR_ACCESS_DENIED;

237 }	240 }

238 return ERROR_SUCCESS;	241 return ERROR_SUCCESS;

239 }	242 }

240	243

	244 DWORD ProcessPolicy::CreateThreadAction(

	245 EvalResult eval_result,

	246 const ClientInfo& client_info,

	247 const SIZE_T stack_size,

	248 const LPTHREAD_START_ROUTINE start_address,

	249 const LPVOID parameter,

	250 const DWORD creation_flags,

	251 LPDWORD thread_id,

	252 HANDLE* handle) {

	253 // The only action supported is ASK_BROKER which means create the thread.

	254 if (GIVE_ALLACCESS != eval_result && GIVE_READONLY != eval_result) {

	255 return ERROR_ACCESS_DENIED;

	256 }

	257 HANDLE local_handle =

	258 CreateRemoteThread(client_info.process, nullptr, stack_size,
	cpu_(ooo_6.6-7.5) 2016/02/04 01:40:52 hmm, what if I pass -1 in client_info.process ?!? hmm, what if I pass -1 in client_info.process ?!? jschuh 2016/02/04 04:49:51 Uh... You're just messing with him here, yes? Show quoted text On 2016/02/04 01:40:52, cpu wrote: > hmm, what if I pass -1 in client_info.process > > ?!? Uh... You're just messing with him here, yes? liamjm (20p) 2016/02/04 21:56:38 As far as I can tell, a user can't control this, i Show quoted text On 2016/02/04 01:40:52, cpu wrote: > hmm, what if I pass -1 in client_info.process > > ?!? As far as I can tell, a user can't control this, it is supplied as part of the IPC mechanism
	259 start_address, parameter, creation_flags, thread_id);
	cpu_(ooo_6.6-7.5) 2016/02/04 01:40:52 use :: for windows API calls use :: for windows API calls liamjm (20p) 2016/02/04 21:56:38 Done. Show quoted text On 2016/02/04 01:40:52, cpu wrote: > use :: for windows API calls Done.
	260 if (!local_handle) {

	261 return ::GetLastError();

	262 }

	263 if (!::DuplicateHandle(::GetCurrentProcess(), local_handle,

	264 client_info.process, handle, 0, FALSE,

	265 DUPLICATE_CLOSE_SOURCE \| DUPLICATE_SAME_ACCESS)) {

	266 return ERROR_ACCESS_DENIED;

	267 }

	268 return ERROR_SUCCESS;

	269 }

	270

241 } // namespace sandbox	271 } // namespace sandbox

OLD	NEW

« sandbox/win/src/process_thread_interception.cc ('K') | « sandbox/win/src/process_thread_policy.h ('k') | sandbox/win/src/sandbox_policy.h » ('j') | no next file with comments »