Index: chrome/browser/chrome_elf_init_win.cc |
diff --git a/chrome/browser/chrome_elf_init_win.cc b/chrome/browser/chrome_elf_init_win.cc |
index 28af7f8228ac565760377242847556ba50506668..f1f5847cec469f87a6cc9ebb81fd68b6e2b7c35b 100644 |
--- a/chrome/browser/chrome_elf_init_win.cc |
+++ b/chrome/browser/chrome_elf_init_win.cc |
@@ -8,6 +8,7 @@ |
#include "base/metrics/sparse_histogram.h" |
#include "base/strings/utf_string_conversions.h" |
#include "base/win/registry.h" |
+#include "base/win/windows_version.h" |
#include "chrome/browser/chrome_elf_init_win.h" |
#include "chrome/common/chrome_version.h" |
#include "chrome_elf/blacklist/blacklist.h" |
@@ -86,6 +87,22 @@ void ReportSuccessfulBlocks() { |
} // namespace |
void InitializeChromeElf() { |
+ if (base::win::GetVersion() >= base::win::VERSION_WIN8 && |
+ base::FieldTrialList::FindFullName("WindowsHookBlocking") != "Disabled") { |
robertshield
2015/11/18 17:51:03
Not sure it's useful to apply the policy here. Thi
jschuh
2015/11/18 18:21:15
Okay, that makes a lot more sense. Because I trace
robertshield
2015/11/18 19:50:29
You can, but there are hoops to jump through and i
|
+ typedef BOOL(WINAPI * SetProcessMitigationPolicyFunction)( |
+ PROCESS_MITIGATION_POLICY mitigation_policy, PVOID buffer, |
+ SIZE_T length); |
+ |
+ PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY policy = {}; |
+ policy.DisableExtensionPoints = true; |
+ SetProcessMitigationPolicyFunction set_process_mitigation_policy = |
+ reinterpret_cast<SetProcessMitigationPolicyFunction>(::GetProcAddress( |
+ ::GetModuleHandleA("kernel32.dll"), "SetProcessMitigationPolicy")); |
+ bool result = !!set_process_mitigation_policy( |
+ ProcessExtensionPointDisablePolicy, &policy, sizeof(policy)); |
+ DCHECK(result); |
+ } |
+ |
if (base::FieldTrialList::FindFullName(kBrowserBlacklistTrialName) == |
kBrowserBlacklistTrialDisabledGroupName) { |
// Disable the blacklist for all future runs by removing the beacon. |