OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // Implementation of NtMapViewOfSection intercept for 32 bit builds. | 5 // Implementation of NtMapViewOfSection intercept for 32 bit builds. |
6 // | 6 // |
7 // TODO(robertshield): Implement the 64 bit intercept. | 7 // TODO(robertshield): Implement the 64 bit intercept. |
8 | 8 |
9 #include "chrome_elf/blacklist/blacklist_interceptions.h" | 9 #include "chrome_elf/blacklist/blacklist_interceptions.h" |
10 | 10 |
11 #include <string> | 11 #include <string> |
12 #include <vector> | 12 #include <vector> |
13 | 13 |
14 // Note that only #includes from base that are either header-only or built into | 14 // Note that only #includes from base that are either header-only or built into |
15 // base_static (see base/base.gyp) are allowed here. | 15 // base_static (see base/base.gyp) are allowed here. |
16 #include "base/basictypes.h" | 16 #include "base/basictypes.h" |
17 #include "base/strings/string16.h" | 17 #include "base/strings/string16.h" |
18 #include "base/win/pe_image.h" | 18 #include "base/win/pe_image.h" |
19 #include "chrome_elf/blacklist/blacklist.h" | 19 #include "chrome_elf/blacklist/blacklist.h" |
20 #include "chrome_elf/breakpad.h" | |
20 #include "sandbox/win/src/internal_types.h" | 21 #include "sandbox/win/src/internal_types.h" |
21 #include "sandbox/win/src/nt_internals.h" | 22 #include "sandbox/win/src/nt_internals.h" |
22 #include "sandbox/win/src/sandbox_nt_util.h" | 23 #include "sandbox/win/src/sandbox_nt_util.h" |
23 #include "sandbox/win/src/sandbox_types.h" | 24 #include "sandbox/win/src/sandbox_types.h" |
24 | 25 |
25 namespace { | 26 namespace { |
26 | 27 |
27 NtQuerySectionFunction g_nt_query_section_func = NULL; | 28 NtQuerySectionFunction g_nt_query_section_func = NULL; |
28 NtQueryVirtualMemoryFunction g_nt_query_virtual_memory_func = NULL; | 29 NtQueryVirtualMemoryFunction g_nt_query_virtual_memory_func = NULL; |
29 NtUnmapViewOfSectionFunction g_nt_unmap_view_of_section_func = NULL; | 30 NtUnmapViewOfSectionFunction g_nt_unmap_view_of_section_func = NULL; |
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
159 base::win::PEImage pe(module); | 160 base::win::PEImage pe(module); |
160 SafeGetImageInfo(pe, &out_name, flags); | 161 SafeGetImageInfo(pe, &out_name, flags); |
161 return base::string16(out_name.begin(), out_name.end()); | 162 return base::string16(out_name.begin(), out_name.end()); |
162 } | 163 } |
163 | 164 |
164 bool IsSameAsCurrentProcess(HANDLE process) { | 165 bool IsSameAsCurrentProcess(HANDLE process) { |
165 return (NtCurrentProcess == process) || | 166 return (NtCurrentProcess == process) || |
166 (::GetProcessId(process) == ::GetCurrentProcessId()); | 167 (::GetProcessId(process) == ::GetCurrentProcessId()); |
167 } | 168 } |
168 | 169 |
169 } // namespace | 170 NTSTATUS BlNtMapViewOfSectionImpl( |
170 | |
171 namespace blacklist { | |
172 | |
173 bool InitializeInterceptImports() { | |
174 g_nt_query_section_func = reinterpret_cast<NtQuerySectionFunction>( | |
175 GetNtDllExportByName("NtQuerySection")); | |
176 g_nt_query_virtual_memory_func = | |
177 reinterpret_cast<NtQueryVirtualMemoryFunction>( | |
178 GetNtDllExportByName("NtQueryVirtualMemory")); | |
179 g_nt_unmap_view_of_section_func = | |
180 reinterpret_cast<NtUnmapViewOfSectionFunction>( | |
181 GetNtDllExportByName("NtUnmapViewOfSection")); | |
182 | |
183 return g_nt_query_section_func && g_nt_query_virtual_memory_func && | |
184 g_nt_unmap_view_of_section_func; | |
185 } | |
186 | |
187 SANDBOX_INTERCEPT NTSTATUS WINAPI BlNtMapViewOfSection( | |
188 NtMapViewOfSectionFunction orig_MapViewOfSection, | 171 NtMapViewOfSectionFunction orig_MapViewOfSection, |
189 HANDLE section, | 172 HANDLE section, |
190 HANDLE process, | 173 HANDLE process, |
191 PVOID *base, | 174 PVOID *base, |
192 ULONG_PTR zero_bits, | 175 ULONG_PTR zero_bits, |
193 SIZE_T commit_size, | 176 SIZE_T commit_size, |
194 PLARGE_INTEGER offset, | 177 PLARGE_INTEGER offset, |
195 PSIZE_T view_size, | 178 PSIZE_T view_size, |
196 SECTION_INHERIT inherit, | 179 SECTION_INHERIT inherit, |
197 ULONG allocation_type, | 180 ULONG allocation_type, |
(...skipping 24 matching lines...) Expand all Loading... | |
222 if (!module_name.empty() && DllMatch(module_name)) { | 205 if (!module_name.empty() && DllMatch(module_name)) { |
223 DCHECK_NT(g_nt_unmap_view_of_section_func); | 206 DCHECK_NT(g_nt_unmap_view_of_section_func); |
224 g_nt_unmap_view_of_section_func(process, *base); | 207 g_nt_unmap_view_of_section_func(process, *base); |
225 ret = STATUS_UNSUCCESSFUL; | 208 ret = STATUS_UNSUCCESSFUL; |
226 } | 209 } |
227 } | 210 } |
228 | 211 |
229 return ret; | 212 return ret; |
230 } | 213 } |
231 | 214 |
215 } // namespace | |
216 | |
217 namespace blacklist { | |
218 | |
219 bool InitializeInterceptImports() { | |
220 g_nt_query_section_func = reinterpret_cast<NtQuerySectionFunction>( | |
221 GetNtDllExportByName("NtQuerySection")); | |
grt (UTC plus 2)
2014/02/17 20:49:39
nit: either 4-space indent here, or move the reint
Cait (Slow)
2014/02/18 23:03:12
Done.
| |
222 g_nt_query_virtual_memory_func = | |
223 reinterpret_cast<NtQueryVirtualMemoryFunction>( | |
224 GetNtDllExportByName("NtQueryVirtualMemory")); | |
225 g_nt_unmap_view_of_section_func = | |
226 reinterpret_cast<NtUnmapViewOfSectionFunction>( | |
227 GetNtDllExportByName("NtUnmapViewOfSection")); | |
228 | |
229 return g_nt_query_section_func && g_nt_query_virtual_memory_func && | |
230 g_nt_unmap_view_of_section_func; | |
grt (UTC plus 2)
2014/02/17 20:49:39
nit: either 4-space indent, or wrap the whole thin
Cait (Slow)
2014/02/18 23:03:12
Done.
| |
231 } | |
232 | |
233 SANDBOX_INTERCEPT NTSTATUS WINAPI BlNtMapViewOfSection( | |
234 NtMapViewOfSectionFunction orig_MapViewOfSection, | |
235 HANDLE section, | |
236 HANDLE process, | |
237 PVOID *base, | |
238 ULONG_PTR zero_bits, | |
239 SIZE_T commit_size, | |
240 PLARGE_INTEGER offset, | |
241 PSIZE_T view_size, | |
242 SECTION_INHERIT inherit, | |
243 ULONG allocation_type, | |
244 ULONG protect) { | |
245 NTSTATUS ret = STATUS_UNSUCCESSFUL; | |
246 | |
247 __try { | |
248 ret = BlNtMapViewOfSectionImpl(orig_MapViewOfSection, section, process, | |
249 base, zero_bits, commit_size, offset, | |
250 view_size, inherit, allocation_type, | |
251 protect); | |
252 } __except(GenerateCrashDump(GetExceptionInformation())) { | |
253 } | |
254 | |
255 return ret; | |
256 } | |
257 | |
232 #if defined(_WIN64) | 258 #if defined(_WIN64) |
233 NTSTATUS WINAPI BlNtMapViewOfSection64( | 259 NTSTATUS WINAPI BlNtMapViewOfSection64( |
234 HANDLE section, HANDLE process, PVOID *base, ULONG_PTR zero_bits, | 260 HANDLE section, HANDLE process, PVOID *base, ULONG_PTR zero_bits, |
235 SIZE_T commit_size, PLARGE_INTEGER offset, PSIZE_T view_size, | 261 SIZE_T commit_size, PLARGE_INTEGER offset, PSIZE_T view_size, |
236 SECTION_INHERIT inherit, ULONG allocation_type, ULONG protect) { | 262 SECTION_INHERIT inherit, ULONG allocation_type, ULONG protect) { |
237 return BlNtMapViewOfSection(g_nt_map_view_of_section_func, section, process, | 263 return BlNtMapViewOfSection(g_nt_map_view_of_section_func, section, process, |
238 base, zero_bits, commit_size, offset, view_size, | 264 base, zero_bits, commit_size, offset, view_size, |
239 inherit, allocation_type, protect); | 265 inherit, allocation_type, protect); |
240 } | 266 } |
241 #endif | 267 #endif |
242 } // namespace blacklist | 268 } // namespace blacklist |
OLD | NEW |