OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // Implementation of NtMapViewOfSection intercept for 32 bit builds. | 5 // Implementation of NtMapViewOfSection intercept for 32 bit builds. |
6 // | 6 // |
7 // TODO(robertshield): Implement the 64 bit intercept. | 7 // TODO(robertshield): Implement the 64 bit intercept. |
8 | 8 |
9 #include "chrome_elf/blacklist/blacklist_interceptions.h" | 9 #include "chrome_elf/blacklist/blacklist_interceptions.h" |
10 | 10 |
11 #include <string> | 11 #include <string> |
12 #include <vector> | 12 #include <vector> |
13 | 13 |
14 // Note that only #includes from base that are either header-only or built into | 14 // Note that only #includes from base that are either header-only or built into |
15 // base_static (see base/base.gyp) are allowed here. | 15 // base_static (see base/base.gyp) are allowed here. |
16 #include "base/basictypes.h" | 16 #include "base/basictypes.h" |
17 #include "base/strings/string16.h" | 17 #include "base/strings/string16.h" |
18 #include "base/win/pe_image.h" | 18 #include "base/win/pe_image.h" |
19 #include "chrome_elf/blacklist/blacklist.h" | 19 #include "chrome_elf/blacklist/blacklist.h" |
| 20 #include "chrome_elf/breakpad.h" |
20 #include "sandbox/win/src/internal_types.h" | 21 #include "sandbox/win/src/internal_types.h" |
21 #include "sandbox/win/src/nt_internals.h" | 22 #include "sandbox/win/src/nt_internals.h" |
22 #include "sandbox/win/src/sandbox_nt_util.h" | 23 #include "sandbox/win/src/sandbox_nt_util.h" |
23 #include "sandbox/win/src/sandbox_types.h" | 24 #include "sandbox/win/src/sandbox_types.h" |
24 | 25 |
25 namespace { | 26 namespace { |
26 | 27 |
27 NtQuerySectionFunction g_nt_query_section_func = NULL; | 28 NtQuerySectionFunction g_nt_query_section_func = NULL; |
28 NtQueryVirtualMemoryFunction g_nt_query_virtual_memory_func = NULL; | 29 NtQueryVirtualMemoryFunction g_nt_query_virtual_memory_func = NULL; |
29 NtUnmapViewOfSectionFunction g_nt_unmap_view_of_section_func = NULL; | 30 NtUnmapViewOfSectionFunction g_nt_unmap_view_of_section_func = NULL; |
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
159 base::win::PEImage pe(module); | 160 base::win::PEImage pe(module); |
160 SafeGetImageInfo(pe, &out_name, flags); | 161 SafeGetImageInfo(pe, &out_name, flags); |
161 return base::string16(out_name.begin(), out_name.end()); | 162 return base::string16(out_name.begin(), out_name.end()); |
162 } | 163 } |
163 | 164 |
164 bool IsSameAsCurrentProcess(HANDLE process) { | 165 bool IsSameAsCurrentProcess(HANDLE process) { |
165 return (NtCurrentProcess == process) || | 166 return (NtCurrentProcess == process) || |
166 (::GetProcessId(process) == ::GetCurrentProcessId()); | 167 (::GetProcessId(process) == ::GetCurrentProcessId()); |
167 } | 168 } |
168 | 169 |
169 } // namespace | 170 NTSTATUS BlNtMapViewOfSectionImpl( |
170 | |
171 namespace blacklist { | |
172 | |
173 bool InitializeInterceptImports() { | |
174 g_nt_query_section_func = reinterpret_cast<NtQuerySectionFunction>( | |
175 GetNtDllExportByName("NtQuerySection")); | |
176 g_nt_query_virtual_memory_func = | |
177 reinterpret_cast<NtQueryVirtualMemoryFunction>( | |
178 GetNtDllExportByName("NtQueryVirtualMemory")); | |
179 g_nt_unmap_view_of_section_func = | |
180 reinterpret_cast<NtUnmapViewOfSectionFunction>( | |
181 GetNtDllExportByName("NtUnmapViewOfSection")); | |
182 | |
183 return g_nt_query_section_func && g_nt_query_virtual_memory_func && | |
184 g_nt_unmap_view_of_section_func; | |
185 } | |
186 | |
187 SANDBOX_INTERCEPT NTSTATUS WINAPI BlNtMapViewOfSection( | |
188 NtMapViewOfSectionFunction orig_MapViewOfSection, | 171 NtMapViewOfSectionFunction orig_MapViewOfSection, |
189 HANDLE section, | 172 HANDLE section, |
190 HANDLE process, | 173 HANDLE process, |
191 PVOID *base, | 174 PVOID *base, |
192 ULONG_PTR zero_bits, | 175 ULONG_PTR zero_bits, |
193 SIZE_T commit_size, | 176 SIZE_T commit_size, |
194 PLARGE_INTEGER offset, | 177 PLARGE_INTEGER offset, |
195 PSIZE_T view_size, | 178 PSIZE_T view_size, |
196 SECTION_INHERIT inherit, | 179 SECTION_INHERIT inherit, |
197 ULONG allocation_type, | 180 ULONG allocation_type, |
(...skipping 24 matching lines...) Expand all Loading... |
222 if (!module_name.empty() && DllMatch(module_name)) { | 205 if (!module_name.empty() && DllMatch(module_name)) { |
223 DCHECK_NT(g_nt_unmap_view_of_section_func); | 206 DCHECK_NT(g_nt_unmap_view_of_section_func); |
224 g_nt_unmap_view_of_section_func(process, *base); | 207 g_nt_unmap_view_of_section_func(process, *base); |
225 ret = STATUS_UNSUCCESSFUL; | 208 ret = STATUS_UNSUCCESSFUL; |
226 } | 209 } |
227 } | 210 } |
228 | 211 |
229 return ret; | 212 return ret; |
230 } | 213 } |
231 | 214 |
| 215 } // namespace |
| 216 |
| 217 namespace blacklist { |
| 218 |
| 219 bool InitializeInterceptImports() { |
| 220 g_nt_query_section_func = |
| 221 reinterpret_cast<NtQuerySectionFunction>( |
| 222 GetNtDllExportByName("NtQuerySection")); |
| 223 g_nt_query_virtual_memory_func = |
| 224 reinterpret_cast<NtQueryVirtualMemoryFunction>( |
| 225 GetNtDllExportByName("NtQueryVirtualMemory")); |
| 226 g_nt_unmap_view_of_section_func = |
| 227 reinterpret_cast<NtUnmapViewOfSectionFunction>( |
| 228 GetNtDllExportByName("NtUnmapViewOfSection")); |
| 229 |
| 230 return (g_nt_query_section_func && g_nt_query_virtual_memory_func && |
| 231 g_nt_unmap_view_of_section_func); |
| 232 } |
| 233 |
| 234 SANDBOX_INTERCEPT NTSTATUS WINAPI BlNtMapViewOfSection( |
| 235 NtMapViewOfSectionFunction orig_MapViewOfSection, |
| 236 HANDLE section, |
| 237 HANDLE process, |
| 238 PVOID *base, |
| 239 ULONG_PTR zero_bits, |
| 240 SIZE_T commit_size, |
| 241 PLARGE_INTEGER offset, |
| 242 PSIZE_T view_size, |
| 243 SECTION_INHERIT inherit, |
| 244 ULONG allocation_type, |
| 245 ULONG protect) { |
| 246 NTSTATUS ret = STATUS_UNSUCCESSFUL; |
| 247 |
| 248 __try { |
| 249 ret = BlNtMapViewOfSectionImpl(orig_MapViewOfSection, section, process, |
| 250 base, zero_bits, commit_size, offset, |
| 251 view_size, inherit, allocation_type, |
| 252 protect); |
| 253 } __except(GenerateCrashDump(GetExceptionInformation())) { |
| 254 } |
| 255 |
| 256 return ret; |
| 257 } |
| 258 |
232 #if defined(_WIN64) | 259 #if defined(_WIN64) |
233 NTSTATUS WINAPI BlNtMapViewOfSection64( | 260 NTSTATUS WINAPI BlNtMapViewOfSection64( |
234 HANDLE section, HANDLE process, PVOID *base, ULONG_PTR zero_bits, | 261 HANDLE section, HANDLE process, PVOID *base, ULONG_PTR zero_bits, |
235 SIZE_T commit_size, PLARGE_INTEGER offset, PSIZE_T view_size, | 262 SIZE_T commit_size, PLARGE_INTEGER offset, PSIZE_T view_size, |
236 SECTION_INHERIT inherit, ULONG allocation_type, ULONG protect) { | 263 SECTION_INHERIT inherit, ULONG allocation_type, ULONG protect) { |
237 return BlNtMapViewOfSection(g_nt_map_view_of_section_func, section, process, | 264 return BlNtMapViewOfSection(g_nt_map_view_of_section_func, section, process, |
238 base, zero_bits, commit_size, offset, view_size, | 265 base, zero_bits, commit_size, offset, view_size, |
239 inherit, allocation_type, protect); | 266 inherit, allocation_type, protect); |
240 } | 267 } |
241 #endif | 268 #endif |
242 } // namespace blacklist | 269 } // namespace blacklist |
OLD | NEW |