CreateThread interception, to use CreateRemoteThread

sandbox/win/src/process_thread_dispatcher.cc

Index: sandbox/win/src/process_thread_dispatcher.cc
diff --git a/sandbox/win/src/process_thread_dispatcher.cc b/sandbox/win/src/process_thread_dispatcher.cc
index 8debd1e0fbe02be65e703e4d94fa15d690b0da8b..910757da8809661d7b6d275e62eb953a2bc88272 100644
--- a/sandbox/win/src/process_thread_dispatcher.cc
+++ b/sandbox/win/src/process_thread_dispatcher.cc
@@ -124,11 +124,22 @@ ThreadProcessDispatcher::ThreadProcessDispatcher(PolicyBase* policy_base)
       reinterpret_cast<CallbackGeneric>(
           &ThreadProcessDispatcher::CreateProcessW)};
 
+  // NOTE(liamjm): 2nd param is size_t: Using VOIDPTR_TYPE as they are
+  // the same size on windows.
+  static_assert(sizeof(size_t) == sizeof(void*),
+                "VOIDPTR_TYPE not same size as size_t");
+  static const IPCCall create_thread_params = {
+      {IPC_CREATETHREAD_TAG,
+       {VOIDPTR_TYPE, VOIDPTR_TYPE, VOIDPTR_TYPE, UINT32_TYPE}},
+      reinterpret_cast<CallbackGeneric>(
+          &ThreadProcessDispatcher::CreateThread)};
+
   ipc_calls_.push_back(open_thread);
   ipc_calls_.push_back(open_process);
   ipc_calls_.push_back(process_token);
   ipc_calls_.push_back(process_tokenex);
   ipc_calls_.push_back(create_params);
+  ipc_calls_.push_back(create_thread_params);
 }
 
 bool ThreadProcessDispatcher::SetupService(InterceptionManager* manager,
@@ -148,6 +159,10 @@ bool ThreadProcessDispatcher::SetupService(InterceptionManager* manager,
              INTERCEPT_EAT(manager, L"kernel32.dll", CreateProcessA,
                            CREATE_PROCESSA_ID, 44);
 
+    case IPC_CREATETHREAD_TAG:
+      return INTERCEPT_EAT(manager, kKerneldllName, CreateThread,
+                           CREATE_THREAD_ID, 28);
+
     default:
       return false;
   }
@@ -244,4 +259,23 @@ bool ThreadProcessDispatcher::CreateProcessW(IPCInfo* ipc, base::string16* name,
   return true;
 }
 
+bool ThreadProcessDispatcher::CreateThread(IPCInfo* ipc,
+                                           SIZE_T stack_size,
+                                           LPTHREAD_START_ROUTINE start_address,
+                                           LPVOID parameter,
+                                           DWORD creation_flags) {
+  if (!start_address) {
+    return false;
+  }
+
+  HANDLE handle;
+  DWORD ret = ProcessPolicy::CreateThreadAction(
+      GIVE_ALLACCESS, *ipc->client_info, stack_size, start_address, parameter,
+      creation_flags, NULL, &handle);
+
+  ipc->return_info.nt_status = ret;
+  ipc->return_info.handle = handle;
+  return true;
+}
+
 }  // namespace sandbox