sandbox/win/src/process_thread_policy.cc - Issue 1225183003: CreateThread interception, to use CreateRemoteThread

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/win/src/process_thread_policy.cc

Issue 1225183003: CreateThread interception, to use CreateRemoteThread (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: some more tweaks, from XP code. Created 4 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/win/src/process_thread_policy.cc

diff --git a/sandbox/win/src/process_thread_policy.cc b/sandbox/win/src/process_thread_policy.cc

index b4976c0bbebeaefc8cfb9cdf57c9533d2c3c0b96..792965a29b1d1f3af8b45d07a71961757d88c71a 100644

--- a/sandbox/win/src/process_thread_policy.cc

+++ b/sandbox/win/src/process_thread_policy.cc

@@ -99,6 +99,9 @@ bool ProcessPolicy::GenerateRules(const wchar_t* name,

if (!policy->AddRule(IPC_CREATEPROCESSW_TAG, process.get())) {

return false;

}

+ if (!policy->AddRule(IPC_CREATETHREAD_TAG, process.get())) {

+ return false;

+ }

return true;

}

@@ -238,4 +241,31 @@ DWORD ProcessPolicy::CreateProcessWAction(EvalResult eval_result,

return ERROR_SUCCESS;

}

+DWORD ProcessPolicy::CreateThreadAction(

+ EvalResult eval_result,

+ const ClientInfo& client_info,

+ const SIZE_T stack_size,

+ const LPTHREAD_START_ROUTINE start_address,

+ const LPVOID parameter,

+ const DWORD creation_flags,

+ LPDWORD thread_id,

+ HANDLE* handle) {

+ // The only action supported is ASK_BROKER which means create the thread.

+ if (GIVE_ALLACCESS != eval_result && GIVE_READONLY != eval_result) {

+ return ERROR_ACCESS_DENIED;

+ }

+ HANDLE local_handle =

+ CreateRemoteThread(client_info.process, nullptr, stack_size,

cpu_(ooo_6.6-7.5) 2016/02/04 01:40:52 hmm, what if I pass -1 in client_info.process ?!?

jschuh 2016/02/04 04:49:51 Uh... You're just messing with him here, yes?

liamjm (20p) 2016/02/04 21:56:38 As far as I can tell, a user can't control this, i

+ start_address, parameter, creation_flags, thread_id);

cpu_(ooo_6.6-7.5) 2016/02/04 01:40:52 use :: for windows API calls

liamjm (20p) 2016/02/04 21:56:38 Done.

+ if (!local_handle) {

+ return ::GetLastError();

+ }

+ if (!::DuplicateHandle(::GetCurrentProcess(), local_handle,

+ client_info.process, handle, 0, FALSE,

+ DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS)) {

+ return ERROR_ACCESS_DENIED;

+ }

+ return ERROR_SUCCESS;

} // namespace sandbox

« sandbox/win/src/process_thread_interception.cc ('K') | « sandbox/win/src/process_thread_policy.h ('k') | sandbox/win/src/sandbox_policy.h » ('j') | no next file with comments »