Index: chrome_elf/chrome_elf_util.cc |
diff --git a/chrome_elf/chrome_elf_util.cc b/chrome_elf/chrome_elf_util.cc |
index a3fd727e9d2ebdf54d795bf3bd3b76e0d97bca86..8264c35076b5a1c0c5db6ead99a7c90bc6de3faf 100644 |
--- a/chrome_elf/chrome_elf_util.cc |
+++ b/chrome_elf/chrome_elf_util.cc |
@@ -5,8 +5,9 @@ |
#include "chrome_elf/chrome_elf_util.h" |
#include <assert.h> |
-#include <windows.h> |
#include <stddef.h> |
+#include <windows.h> |
+#include <versionhelpers.h> // windows.h must be before. |
#include "base/macros.h" |
#include "base/strings/string16.h" |
@@ -222,3 +223,26 @@ bool IsNonBrowserProcess() { |
assert(g_process_type != ProcessType::UNINITIALIZED); |
return g_process_type == ProcessType::NON_BROWSER_PROCESS; |
} |
+ |
+typedef decltype(SetProcessMitigationPolicy)* SetProcessMitigationPolicyFunc; |
+ |
+void EarlyBrowserSecurity() { |
+ // This function is called from within DllMain. |
+ // Don't do anything naughty while we have the loader lock. |
+ if (::IsWindows8OrGreater()) { |
+ SetProcessMitigationPolicyFunc set_process_mitigation_policy = |
+ reinterpret_cast<SetProcessMitigationPolicyFunc>(::GetProcAddress( |
+ ::GetModuleHandleW(L"kernel32.dll"), "SetProcessMitigationPolicy")); |
+ if (set_process_mitigation_policy) { |
+ // Disable extension DLLs in this process. |
+ // (Legacy hooking.) |
+ PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY policy = {}; |
+ policy.DisableExtensionPoints = true; |
+ |
+ if (!set_process_mitigation_policy(ProcessExtensionPointDisablePolicy, |
+ &policy, sizeof(policy))) |
robertshield
2016/02/01 22:40:50
It would be nice to UMA this.
Two ways come to m
|
+ __debugbreak(); |
+ } |
+ } |
+ return; |
+} |