Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(343)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/service_resolver_64.cc

Issue 1504943002: [Sandbox service resolver hooks] Remove the RET hijacking in ntdll. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/win/src/resolver_64.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/win/src/service_resolver.h" 5 #include "sandbox/win/src/service_resolver.h"
6 6
7 #include "base/memory/scoped_ptr.h" 7 #include "base/memory/scoped_ptr.h"
8 #include "sandbox/win/src/sandbox_nt_util.h" 8 #include "sandbox/win/src/sandbox_nt_util.h"
9 #include "sandbox/win/src/win_utils.h" 9 #include "sandbox/win/src/win_utils.h"
10 10
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after
132 namespace sandbox { 132 namespace sandbox {
133 133
134 NTSTATUS ServiceResolverThunk::Setup(const void* target_module, 134 NTSTATUS ServiceResolverThunk::Setup(const void* target_module,
135 const void* interceptor_module, 135 const void* interceptor_module,
136 const char* target_name, 136 const char* target_name,
137 const char* interceptor_name, 137 const char* interceptor_name,
138 const void* interceptor_entry_point, 138 const void* interceptor_entry_point,
139 void* thunk_storage, 139 void* thunk_storage,
140 size_t storage_bytes, 140 size_t storage_bytes,
141 size_t* storage_used) { 141 size_t* storage_used) {
142 NTSTATUS ret = Init(target_module, interceptor_module, target_name, 142 NTSTATUS ret =
143 interceptor_name, interceptor_entry_point, 143 Init(target_module, interceptor_module, target_name, interceptor_name,
144 thunk_storage, storage_bytes); 144 interceptor_entry_point, thunk_storage, storage_bytes);
145 if (!NT_SUCCESS(ret)) 145 if (!NT_SUCCESS(ret))
146 return ret; 146 return ret;
147 147
148 size_t thunk_bytes = GetThunkSize(); 148 size_t thunk_bytes = GetThunkSize();
149 scoped_ptr<char[]> thunk_buffer(new char[thunk_bytes]); 149 scoped_ptr<char[]> thunk_buffer(new char[thunk_bytes]);
150 ServiceFullThunk* thunk = reinterpret_cast<ServiceFullThunk*>( 150 ServiceFullThunk* thunk = reinterpret_cast<ServiceFullThunk*>(
151 thunk_buffer.get()); 151 thunk_buffer.get());
152 152
153 if (!IsFunctionAService(&thunk->original)) 153 if (!IsFunctionAService(&thunk->original))
154 return STATUS_UNSUCCESSFUL; 154 return STATUS_UNSUCCESSFUL;
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
206 // Save the verified code. 206 // Save the verified code.
207 memcpy(local_thunk, &function_code, sizeof(function_code)); 207 memcpy(local_thunk, &function_code, sizeof(function_code));
208 208
209 return true; 209 return true;
210 } 210 }
211 211
212 NTSTATUS ServiceResolverThunk::PerformPatch(void* local_thunk, 212 NTSTATUS ServiceResolverThunk::PerformPatch(void* local_thunk,
213 void* remote_thunk) { 213 void* remote_thunk) {
214 // Patch the original code. 214 // Patch the original code.
215 ServiceEntry local_service; 215 ServiceEntry local_service;
216 DCHECK_NT(GetInternalThunkSize() >= sizeof(local_service)); 216 DCHECK_NT(GetInternalThunkSize() <= sizeof(local_service));
jschuh 2015/12/08 01:19:42 Heh, that's an interesting one.
217 if (!SetInternalThunk(&local_service, sizeof(local_service), NULL, 217 if (!SetInternalThunk(&local_service, sizeof(local_service), NULL,
218 interceptor_)) 218 interceptor_))
219 return STATUS_UNSUCCESSFUL; 219 return STATUS_UNSUCCESSFUL;
220 220
221 // Copy the local thunk buffer to the child. 221 // Copy the local thunk buffer to the child.
222 SIZE_T actual; 222 SIZE_T actual;
223 if (!::WriteProcessMemory(process_, remote_thunk, local_thunk, 223 if (!::WriteProcessMemory(process_, remote_thunk, local_thunk,
224 sizeof(ServiceFullThunk), &actual)) 224 sizeof(ServiceFullThunk), &actual))
225 return STATUS_UNSUCCESSFUL; 225 return STATUS_UNSUCCESSFUL;
226 226
(...skipping 14 matching lines...) Expand all
241 241
242 return STATUS_SUCCESS; 242 return STATUS_SUCCESS;
243 } 243 }
244 244
245 bool Wow64ResolverThunk::IsFunctionAService(void* local_thunk) const { 245 bool Wow64ResolverThunk::IsFunctionAService(void* local_thunk) const {
246 NOTREACHED_NT(); 246 NOTREACHED_NT();
247 return false; 247 return false;
248 } 248 }
249 249
250 } // namespace sandbox 250 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/win/src/resolver_64.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698