sandbox/win/src/process_thread_dispatcher.cc - Issue 1225183003: CreateThread interception, to use CreateRemoteThread

Side by Side Diff: sandbox/win/src/process_thread_dispatcher.cc

Issue 1225183003: CreateThread interception, to use CreateRemoteThread (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: fix missing variable from cleanup Created 5 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« sandbox/win/src/process_policy_test.cc ('K') | « sandbox/win/src/process_thread_dispatcher.h ('k') | sandbox/win/src/process_thread_interception.h » ('j') | sandbox/win/src/process_thread_policy.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "sandbox/win/src/process_thread_dispatcher.h"	5 #include "sandbox/win/src/process_thread_dispatcher.h"

6	6

7 #include "base/basictypes.h"	7 #include "base/basictypes.h"

8 #include "base/logging.h"	8 #include "base/logging.h"

9 #include "sandbox/win/src/crosscall_client.h"	9 #include "sandbox/win/src/crosscall_client.h"

10 #include "sandbox/win/src/interception.h"	10 #include "sandbox/win/src/interception.h"

(...skipping 104 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
115 {IPC_NTOPENPROCESSTOKENEX_TAG, {VOIDPTR_TYPE, UINT32_TYPE, UINT32_TYPE}},	115 {IPC_NTOPENPROCESSTOKENEX_TAG, {VOIDPTR_TYPE, UINT32_TYPE, UINT32_TYPE}},

116 reinterpret_cast<CallbackGeneric>(	116 reinterpret_cast<CallbackGeneric>(

117 &ThreadProcessDispatcher::NtOpenProcessTokenEx)};	117 &ThreadProcessDispatcher::NtOpenProcessTokenEx)};

118	118

119 static const IPCCall create_params = {	119 static const IPCCall create_params = {

120 {IPC_CREATEPROCESSW_TAG,	120 {IPC_CREATEPROCESSW_TAG,

121 {WCHAR_TYPE, WCHAR_TYPE, WCHAR_TYPE, INOUTPTR_TYPE}},	121 {WCHAR_TYPE, WCHAR_TYPE, WCHAR_TYPE, INOUTPTR_TYPE}},

122 reinterpret_cast<CallbackGeneric>(	122 reinterpret_cast<CallbackGeneric>(

123 &ThreadProcessDispatcher::CreateProcessW)};	123 &ThreadProcessDispatcher::CreateProcessW)};

124	124

	125 static const IPCCall create_thread_params = {

	126 { IPC_CREATETHREAD_TAG,

	127 // NOTE(liamjm): 2nd param in size_t: Using VOIDPTR_TYPE as a hack.
	Will Harris 2015/09/04 02:41:01 ಠ_ಠ ಠ_ಠ liamjm (20p) 2015/09/04 21:30:39 Acknowledged. Show quoted text On 2015/09/04 02:41:01, Will Harris wrote: > ಠ_ಠ Acknowledged.
	128 { VOIDPTR_TYPE, VOIDPTR_TYPE, VOIDPTR_TYPE, VOIDPTR_TYPE, UINT32_TYPE } },

	129 reinterpret_cast<CallbackGeneric>(

	130 &ThreadProcessDispatcher::CreateThread) };

	131

125 ipc_calls_.push_back(open_thread);	132 ipc_calls_.push_back(open_thread);

126 ipc_calls_.push_back(open_process);	133 ipc_calls_.push_back(open_process);

127 ipc_calls_.push_back(process_token);	134 ipc_calls_.push_back(process_token);

128 ipc_calls_.push_back(process_tokenex);	135 ipc_calls_.push_back(process_tokenex);

129 ipc_calls_.push_back(create_params);	136 ipc_calls_.push_back(create_params);

	137 ipc_calls_.push_back(create_thread_params);

130 }	138 }

131	139

	140

	141
	Will Harris 2015/09/04 02:41:01 nit lines nit lines liamjm (20p) 2015/09/04 21:30:39 Done. Show quoted text On 2015/09/04 02:41:01, Will Harris wrote: > nit lines Done.
132 bool ThreadProcessDispatcher::SetupService(InterceptionManager* manager,	142 bool ThreadProcessDispatcher::SetupService(InterceptionManager* manager,

133 int service) {	143 int service) {

134 switch (service) {	144 switch (service) {

135 case IPC_NTOPENTHREAD_TAG:	145 case IPC_NTOPENTHREAD_TAG:

136 case IPC_NTOPENPROCESS_TAG:	146 case IPC_NTOPENPROCESS_TAG:

137 case IPC_NTOPENPROCESSTOKEN_TAG:	147 case IPC_NTOPENPROCESSTOKEN_TAG:

138 case IPC_NTOPENPROCESSTOKENEX_TAG:	148 case IPC_NTOPENPROCESSTOKENEX_TAG:

139 // There is no explicit policy for these services.	149 // There is no explicit policy for these services.

140 NOTREACHED();	150 NOTREACHED();

141 return false;	151 return false;

142	152

143 case IPC_CREATEPROCESSW_TAG:	153 case IPC_CREATEPROCESSW_TAG:

144 return INTERCEPT_EAT(manager, kKerneldllName, CreateProcessW,	154 return INTERCEPT_EAT(manager, kKerneldllName, CreateProcessW,

145 CREATE_PROCESSW_ID, 44) &&	155 CREATE_PROCESSW_ID, 44) &&

146 INTERCEPT_EAT(manager, L"kernel32.dll", CreateProcessA,	156 INTERCEPT_EAT(manager, L"kernel32.dll", CreateProcessA,

147 CREATE_PROCESSA_ID, 44);	157 CREATE_PROCESSA_ID, 44);

148	158

	159 case IPC_CREATETHREAD_TAG:

	160 return INTERCEPT_EAT(manager, kKerneldllName, CreateThread,

	161 CREATE_THREAD_ID, 28);

	162

149 default:	163 default:

150 return false;	164 return false;

151 }	165 }

152 }	166 }

153	167

154 bool ThreadProcessDispatcher::NtOpenThread(IPCInfo* ipc,	168 bool ThreadProcessDispatcher::NtOpenThread(IPCInfo* ipc,

155 uint32 desired_access,	169 uint32 desired_access,

156 uint32 thread_id) {	170 uint32 thread_id) {

157 HANDLE handle;	171 HANDLE handle;

158 NTSTATUS ret = ProcessPolicy::OpenThreadAction(*ipc->client_info,	172 NTSTATUS ret = ProcessPolicy::OpenThreadAction(*ipc->client_info,

(...skipping 76 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
235 // Here we force the app_name to be the one we used for the policy lookup.	249 // Here we force the app_name to be the one we used for the policy lookup.

236 // If our logic was wrong, at least we wont allow create a random process.	250 // If our logic was wrong, at least we wont allow create a random process.

237 DWORD ret = ProcessPolicy::CreateProcessWAction(eval, *ipc->client_info,	251 DWORD ret = ProcessPolicy::CreateProcessWAction(eval, *ipc->client_info,

238 exe_name, *cmd_line,	252 exe_name, *cmd_line,

239 proc_info);	253 proc_info);

240	254

241 ipc->return_info.win32_result = ret;	255 ipc->return_info.win32_result = ret;

242 return true;	256 return true;

243 }	257 }

244	258

	259 bool ThreadProcessDispatcher::CreateThread(

	260 IPCInfo* ipc,

	261 LPSECURITY_ATTRIBUTES thread_attributes,

	262 SIZE_T stack_size,

	263 LPTHREAD_START_ROUTINE start_address,

	264 PVOID parameter,

	265 DWORD creation_flags) {

	266

	267 if (!start_address) {

	268 return false;

	269 }

	270

	271 HANDLE handle;

	272 DWORD ret = ProcessPolicy::CreateThreadAction(GIVE_ALLACCESS,
	Will Harris 2015/09/04 02:41:01 see comment in process_thread_policy.cc see comment in process_thread_policy.cc liamjm (20p) 2015/09/04 21:30:39 Acknowledged. Show quoted text On 2015/09/04 02:41:01, Will Harris wrote: > see comment in process_thread_policy.cc Acknowledged.
	273 *ipc->client_info,

	274 thread_attributes,

	275 stack_size,

	276 start_address,

	277 parameter,

	278 creation_flags,

	279 NULL,

	280 &handle);

	281

	282 ipc->return_info.nt_status = ret;

	283 ipc->return_info.handle = handle;

	284 return true;

	285 }

	286

245 } // namespace sandbox	287 } // namespace sandbox

OLD	NEW