Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1168)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/win/src/process_thread_dispatcher.cc

Issue 1225183003: CreateThread interception, to use CreateRemoteThread (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix missing variable from cleanup Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« sandbox/win/src/process_policy_test.cc ('K') | « sandbox/win/src/process_thread_dispatcher.h ('k') | sandbox/win/src/process_thread_interception.h » ('j') | sandbox/win/src/process_thread_policy.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/win/src/process_thread_dispatcher.cc
diff --git a/sandbox/win/src/process_thread_dispatcher.cc b/sandbox/win/src/process_thread_dispatcher.cc
index 90cad6365f927d2f1aed9fadc3e0d9195ce8c01a..8d33ab16d561d81a571a2444569c466deaaff5ae 100644
--- a/sandbox/win/src/process_thread_dispatcher.cc
+++ b/sandbox/win/src/process_thread_dispatcher.cc
@@ -122,13 +122,23 @@ ThreadProcessDispatcher::ThreadProcessDispatcher(PolicyBase* policy_base)
reinterpret_cast<CallbackGeneric>(
&ThreadProcessDispatcher::CreateProcessW)};
+ static const IPCCall create_thread_params = {
+ { IPC_CREATETHREAD_TAG,
+ // NOTE(liamjm): 2nd param in size_t: Using VOIDPTR_TYPE as a hack.
Will Harris 2015/09/04 02:41:01 ಠ_ಠ
liamjm (20p) 2015/09/04 21:30:39 Acknowledged.
+ { VOIDPTR_TYPE, VOIDPTR_TYPE, VOIDPTR_TYPE, VOIDPTR_TYPE, UINT32_TYPE } },
+ reinterpret_cast<CallbackGeneric>(
+ &ThreadProcessDispatcher::CreateThread) };
+
ipc_calls_.push_back(open_thread);
ipc_calls_.push_back(open_process);
ipc_calls_.push_back(process_token);
ipc_calls_.push_back(process_tokenex);
ipc_calls_.push_back(create_params);
+ ipc_calls_.push_back(create_thread_params);
}
+
+
Will Harris 2015/09/04 02:41:01 nit lines
liamjm (20p) 2015/09/04 21:30:39 Done.
bool ThreadProcessDispatcher::SetupService(InterceptionManager* manager,
int service) {
switch (service) {
@@ -146,6 +156,10 @@ bool ThreadProcessDispatcher::SetupService(InterceptionManager* manager,
INTERCEPT_EAT(manager, L"kernel32.dll", CreateProcessA,
CREATE_PROCESSA_ID, 44);
+ case IPC_CREATETHREAD_TAG:
+ return INTERCEPT_EAT(manager, kKerneldllName, CreateThread,
+ CREATE_THREAD_ID, 28);
+
default:
return false;
}
@@ -242,4 +256,32 @@ bool ThreadProcessDispatcher::CreateProcessW(IPCInfo* ipc, base::string16* name,
return true;
}
+bool ThreadProcessDispatcher::CreateThread(
+ IPCInfo* ipc,
+ LPSECURITY_ATTRIBUTES thread_attributes,
+ SIZE_T stack_size,
+ LPTHREAD_START_ROUTINE start_address,
+ PVOID parameter,
+ DWORD creation_flags) {
+
+ if (!start_address) {
+ return false;
+ }
+
+ HANDLE handle;
+ DWORD ret = ProcessPolicy::CreateThreadAction(GIVE_ALLACCESS,
Will Harris 2015/09/04 02:41:01 see comment in process_thread_policy.cc
liamjm (20p) 2015/09/04 21:30:39 Acknowledged.
+ *ipc->client_info,
+ thread_attributes,
+ stack_size,
+ start_address,
+ parameter,
+ creation_flags,
+ NULL,
+ &handle);
+
+ ipc->return_info.nt_status = ret;
+ ipc->return_info.handle = handle;
+ return true;
+}
+
} // namespace sandbox
« sandbox/win/src/process_policy_test.cc ('K') | « sandbox/win/src/process_thread_dispatcher.h ('k') | sandbox/win/src/process_thread_interception.h » ('j') | sandbox/win/src/process_thread_policy.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698