CreateThread interception, to use CreateRemoteThread

sandbox/win/src/policy_broker.cc

Index: sandbox/win/src/policy_broker.cc
diff --git a/sandbox/win/src/policy_broker.cc b/sandbox/win/src/policy_broker.cc
index e6c2b26c6a9a7776b53684f788b0fd1a5fb6ebeb..74a93f0953d672f540873f0e51ba64b91707599f 100644
--- a/sandbox/win/src/policy_broker.cc
+++ b/sandbox/win/src/policy_broker.cc
@@ -96,7 +96,8 @@ bool SetupNtdllImports(TargetProcess *child) {
 #undef INIT_GLOBAL_NT
 #undef INIT_GLOBAL_RTL
 
-bool SetupBasicInterceptions(InterceptionManager* manager) {
+bool SetupBasicInterceptions(InterceptionManager* manager,
+                             bool is_csrss_connected) {
   // Interceptions provided by process_thread_policy, without actual policy.
   if (!INTERCEPT_NT(manager, NtOpenThread, OPEN_THREAD_ID, 20) ||
       !INTERCEPT_NT(manager, NtOpenProcess, OPEN_PROCESS_ID, 20) ||
@@ -116,8 +117,15 @@ bool SetupBasicInterceptions(InterceptionManager* manager) {
                       20))
       return false;
 
-    return INTERCEPT_NT(manager, NtOpenThreadTokenEx, OPEN_THREAD_TOKEN_EX_ID,
-                        24);
+    if (!INTERCEPT_NT(manager, NtOpenThreadTokenEx, OPEN_THREAD_TOKEN_EX_ID,
+                      24))
+      return false;
+  }
+
+  if (!is_csrss_connected) {
+    if (!INTERCEPT_EAT(manager, kKerneldllName, CreateThread, CREATE_THREAD_ID,
+                       28))
+      return false;
   }
 
   return true;