OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // Implementation of NtMapViewOfSection intercept for 32 bit builds. | 5 // Implementation of NtMapViewOfSection intercept for 32 bit builds. |
6 // | 6 // |
7 // TODO(robertshield): Implement the 64 bit intercept. | 7 // TODO(robertshield): Implement the 64 bit intercept. |
8 | 8 |
9 #include "chrome_elf/blacklist/blacklist_interceptions.h" | 9 #include "chrome_elf/blacklist/blacklist_interceptions.h" |
10 | 10 |
11 #include <string> | 11 #include <string> |
12 #include <vector> | 12 #include <vector> |
13 | 13 |
14 // Note that only #includes from base that are either header-only or built into | 14 // Note that only #includes from base that are either header-only or built into |
15 // base_static (see base/base.gyp) are allowed here. | 15 // base_static (see base/base.gyp) are allowed here. |
16 #include "base/basictypes.h" | 16 #include "base/basictypes.h" |
17 #include "base/strings/string16.h" | 17 #include "base/strings/string16.h" |
18 #include "base/win/pe_image.h" | 18 #include "base/win/pe_image.h" |
19 #include "chrome_elf/blacklist/blacklist.h" | 19 #include "chrome_elf/blacklist/blacklist.h" |
20 #include "chrome_elf/breakpad.h" | |
20 #include "sandbox/win/src/internal_types.h" | 21 #include "sandbox/win/src/internal_types.h" |
21 #include "sandbox/win/src/nt_internals.h" | 22 #include "sandbox/win/src/nt_internals.h" |
22 #include "sandbox/win/src/sandbox_nt_util.h" | 23 #include "sandbox/win/src/sandbox_nt_util.h" |
23 #include "sandbox/win/src/sandbox_types.h" | 24 #include "sandbox/win/src/sandbox_types.h" |
24 | 25 |
25 namespace { | 26 namespace { |
26 | 27 |
27 NtQuerySectionFunction g_nt_query_section_func = NULL; | 28 NtQuerySectionFunction g_nt_query_section_func = NULL; |
28 NtQueryVirtualMemoryFunction g_nt_query_virtual_memory_func = NULL; | 29 NtQueryVirtualMemoryFunction g_nt_query_virtual_memory_func = NULL; |
29 NtUnmapViewOfSectionFunction g_nt_unmap_view_of_section_func = NULL; | 30 NtUnmapViewOfSectionFunction g_nt_unmap_view_of_section_func = NULL; |
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
159 base::win::PEImage pe(module); | 160 base::win::PEImage pe(module); |
160 SafeGetImageInfo(pe, &out_name, flags); | 161 SafeGetImageInfo(pe, &out_name, flags); |
161 return base::string16(out_name.begin(), out_name.end()); | 162 return base::string16(out_name.begin(), out_name.end()); |
162 } | 163 } |
163 | 164 |
164 bool IsSameAsCurrentProcess(HANDLE process) { | 165 bool IsSameAsCurrentProcess(HANDLE process) { |
165 return (NtCurrentProcess == process) || | 166 return (NtCurrentProcess == process) || |
166 (::GetProcessId(process) == ::GetCurrentProcessId()); | 167 (::GetProcessId(process) == ::GetCurrentProcessId()); |
167 } | 168 } |
168 | 169 |
169 } // namespace | 170 NTSTATUS BlNtMapViewOfSectionImpl( |
170 | |
171 namespace blacklist { | |
172 | |
173 bool InitializeInterceptImports() { | |
174 g_nt_query_section_func = reinterpret_cast<NtQuerySectionFunction>( | |
175 GetNtDllExportByName("NtQuerySection")); | |
176 g_nt_query_virtual_memory_func = | |
177 reinterpret_cast<NtQueryVirtualMemoryFunction>( | |
178 GetNtDllExportByName("NtQueryVirtualMemory")); | |
179 g_nt_unmap_view_of_section_func = | |
180 reinterpret_cast<NtUnmapViewOfSectionFunction>( | |
181 GetNtDllExportByName("NtUnmapViewOfSection")); | |
182 | |
183 return g_nt_query_section_func && g_nt_query_virtual_memory_func && | |
184 g_nt_unmap_view_of_section_func; | |
185 } | |
186 | |
187 SANDBOX_INTERCEPT NTSTATUS WINAPI BlNtMapViewOfSection( | |
188 NtMapViewOfSectionFunction orig_MapViewOfSection, | 171 NtMapViewOfSectionFunction orig_MapViewOfSection, |
189 HANDLE section, | 172 HANDLE section, |
190 HANDLE process, | 173 HANDLE process, |
191 PVOID *base, | 174 PVOID *base, |
192 ULONG_PTR zero_bits, | 175 ULONG_PTR zero_bits, |
193 SIZE_T commit_size, | 176 SIZE_T commit_size, |
194 PLARGE_INTEGER offset, | 177 PLARGE_INTEGER offset, |
195 PSIZE_T view_size, | 178 PSIZE_T view_size, |
196 SECTION_INHERIT inherit, | 179 SECTION_INHERIT inherit, |
197 ULONG allocation_type, | 180 ULONG allocation_type, |
(...skipping 21 matching lines...) Expand all Loading... | |
219 module_name = ExtractLoadedModuleName(file_name); | 202 module_name = ExtractLoadedModuleName(file_name); |
220 } | 203 } |
221 | 204 |
222 if (!module_name.empty() && DllMatch(module_name)) { | 205 if (!module_name.empty() && DllMatch(module_name)) { |
223 DCHECK_NT(g_nt_unmap_view_of_section_func); | 206 DCHECK_NT(g_nt_unmap_view_of_section_func); |
224 g_nt_unmap_view_of_section_func(process, *base); | 207 g_nt_unmap_view_of_section_func(process, *base); |
225 ret = STATUS_UNSUCCESSFUL; | 208 ret = STATUS_UNSUCCESSFUL; |
226 } | 209 } |
227 } | 210 } |
228 | 211 |
212 | |
robertshield
2014/02/10 18:43:14
nit: extra blank line?
Cait (Slow)
2014/02/12 19:15:41
Done.
| |
213 return ret; | |
214 } | |
215 | |
216 } // namespace | |
217 | |
218 namespace blacklist { | |
219 | |
220 bool InitializeInterceptImports() { | |
221 g_nt_query_section_func = reinterpret_cast<NtQuerySectionFunction>( | |
222 GetNtDllExportByName("NtQuerySection")); | |
223 g_nt_query_virtual_memory_func = | |
224 reinterpret_cast<NtQueryVirtualMemoryFunction>( | |
225 GetNtDllExportByName("NtQueryVirtualMemory")); | |
226 g_nt_unmap_view_of_section_func = | |
227 reinterpret_cast<NtUnmapViewOfSectionFunction>( | |
228 GetNtDllExportByName("NtUnmapViewOfSection")); | |
229 | |
230 return g_nt_query_section_func && g_nt_query_virtual_memory_func && | |
231 g_nt_unmap_view_of_section_func; | |
232 } | |
233 | |
234 SANDBOX_INTERCEPT NTSTATUS WINAPI BlNtMapViewOfSection( | |
235 NtMapViewOfSectionFunction orig_MapViewOfSection, | |
236 HANDLE section, | |
237 HANDLE process, | |
238 PVOID *base, | |
239 ULONG_PTR zero_bits, | |
240 SIZE_T commit_size, | |
241 PLARGE_INTEGER offset, | |
242 PSIZE_T view_size, | |
243 SECTION_INHERIT inherit, | |
244 ULONG allocation_type, | |
245 ULONG protect) { | |
246 NTSTATUS ret = STATUS_UNSUCCESSFUL; | |
247 | |
248 __try { | |
249 ret = BlNtMapViewOfSectionImpl(orig_MapViewOfSection, section, process, | |
250 base, zero_bits, commit_size, offset, | |
251 view_size, inherit, allocation_type, | |
252 protect); | |
253 } __except(GenerateCrashDump(GetExceptionInformation())) { | |
254 } | |
255 | |
229 return ret; | 256 return ret; |
230 } | 257 } |
231 | 258 |
232 #if defined(_WIN64) | 259 #if defined(_WIN64) |
233 NTSTATUS WINAPI BlNtMapViewOfSection64( | 260 NTSTATUS WINAPI BlNtMapViewOfSection64( |
234 HANDLE section, HANDLE process, PVOID *base, ULONG_PTR zero_bits, | 261 HANDLE section, HANDLE process, PVOID *base, ULONG_PTR zero_bits, |
235 SIZE_T commit_size, PLARGE_INTEGER offset, PSIZE_T view_size, | 262 SIZE_T commit_size, PLARGE_INTEGER offset, PSIZE_T view_size, |
236 SECTION_INHERIT inherit, ULONG allocation_type, ULONG protect) { | 263 SECTION_INHERIT inherit, ULONG allocation_type, ULONG protect) { |
237 return BlNtMapViewOfSection(g_nt_map_view_of_section_func, section, process, | 264 return BlNtMapViewOfSection(g_nt_map_view_of_section_func, section, process, |
238 base, zero_bits, commit_size, offset, view_size, | 265 base, zero_bits, commit_size, offset, view_size, |
239 inherit, allocation_type, protect); | 266 inherit, allocation_type, protect); |
240 } | 267 } |
241 #endif | 268 #endif |
242 } // namespace blacklist | 269 } // namespace blacklist |
OLD | NEW |