| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/resolver.h" | 5 #include "sandbox/win/src/resolver.h" |
| 6 | 6 |
| 7 // For placement new. This file must not depend on the CRT at runtime, but | 7 // For placement new. This file must not depend on the CRT at runtime, but |
| 8 // placement operator new is inline. | 8 // placement operator new is inline. |
| 9 #include <new> | 9 #include <new> |
| 10 | 10 |
| 11 #include "sandbox/win/src/sandbox_nt_util.h" | 11 #include "sandbox/win/src/sandbox_nt_util.h" |
| 12 | 12 |
| 13 namespace { | 13 namespace { |
| 14 | 14 |
| 15 const BYTE kPushRax = 0x50; | |
| 16 const USHORT kMovRax = 0xB848; | 15 const USHORT kMovRax = 0xB848; |
| 17 const ULONG kMovRspRax = 0x24048948; | 16 const USHORT kJmpRax = 0xe0ff; |
| 18 const BYTE kRetNp = 0xC3; | |
| 19 | 17 |
| 20 #pragma pack(push, 1) | 18 #pragma pack(push, 1) |
| 21 struct InternalThunk { | 19 struct InternalThunk { |
| 22 // This struct contains roughly the following code: | 20 // This struct contains roughly the following code: |
| 23 // 00 50 push rax | |
| 24 // 01 48b8f0debc9a78563412 mov rax,123456789ABCDEF0h | 21 // 01 48b8f0debc9a78563412 mov rax,123456789ABCDEF0h |
| 25 // 0b 48890424 mov qword ptr [rsp],rax | 22 // ff e0 jmp rax |
| 26 // 0f c3 ret | |
| 27 // | 23 // |
| 28 // The code modifies rax, but that should not be an issue for the common | 24 // The code modifies rax, but that's fine for x64 ABI. |
| 29 // calling conventions. | |
| 30 | 25 |
| 31 InternalThunk() { | 26 InternalThunk() { |
| 32 push_rax = kPushRax; | |
| 33 mov_rax = kMovRax; | 27 mov_rax = kMovRax; |
| 28 jmp_rax = kJmpRax; |
| 34 interceptor_function = 0; | 29 interceptor_function = 0; |
| 35 mov_rsp_rax = kMovRspRax; | |
| 36 ret = kRetNp; | |
| 37 }; | 30 }; |
| 38 BYTE push_rax; // = 50 | |
| 39 USHORT mov_rax; // = 48 B8 | 31 USHORT mov_rax; // = 48 B8 |
| 40 ULONG_PTR interceptor_function; | 32 ULONG_PTR interceptor_function; |
| 41 ULONG mov_rsp_rax; // = 48 89 04 24 | 33 USHORT jmp_rax; // = ff e0 |
| 42 BYTE ret; // = C3 | |
| 43 }; | 34 }; |
| 44 #pragma pack(pop) | 35 #pragma pack(pop) |
| 45 | 36 |
| 46 } // namespace. | 37 } // namespace. |
| 47 | 38 |
| 48 namespace sandbox { | 39 namespace sandbox { |
| 49 | 40 |
| 50 size_t ResolverThunk::GetInternalThunkSize() const { | 41 size_t ResolverThunk::GetInternalThunkSize() const { |
| 51 return sizeof(InternalThunk); | 42 return sizeof(InternalThunk); |
| 52 } | 43 } |
| (...skipping 11 matching lines...) Expand all Loading... |
| 64 } | 55 } |
| 65 | 56 |
| 66 NTSTATUS ResolverThunk::ResolveTarget(const void* module, | 57 NTSTATUS ResolverThunk::ResolveTarget(const void* module, |
| 67 const char* function_name, | 58 const char* function_name, |
| 68 void** address) { | 59 void** address) { |
| 69 // We don't support sidestep & co. | 60 // We don't support sidestep & co. |
| 70 return STATUS_NOT_IMPLEMENTED; | 61 return STATUS_NOT_IMPLEMENTED; |
| 71 } | 62 } |
| 72 | 63 |
| 73 } // namespace sandbox | 64 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1504943002:
[Sandbox service resolver hooks] Remove the RET hijacking in ntdll. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master