| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome_elf/blacklist/blacklist.h" | 5 #include "chrome_elf/blacklist/blacklist.h" |
| 6 | 6 |
| 7 #include <assert.h> |
| 7 #include <string.h> | 8 #include <string.h> |
| 8 | 9 |
| 9 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| 10 #include "chrome_elf/blacklist/blacklist_interceptions.h" | 11 #include "chrome_elf/blacklist/blacklist_interceptions.h" |
| 11 #include "sandbox/win/src/interception_internal.h" | 12 #include "sandbox/win/src/interception_internal.h" |
| 12 #include "sandbox/win/src/internal_types.h" | 13 #include "sandbox/win/src/internal_types.h" |
| 13 #include "sandbox/win/src/sandbox_utils.h" | 14 #include "sandbox/win/src/sandbox_utils.h" |
| 14 #include "sandbox/win/src/service_resolver.h" | 15 #include "sandbox/win/src/service_resolver.h" |
| 15 #include "version.h" // NOLINT | 16 #include "version.h" // NOLINT |
| 16 | 17 |
| 17 // http://blogs.msdn.com/oldnewthing/archive/2004/10/25/247180.aspx | 18 // http://blogs.msdn.com/oldnewthing/archive/2004/10/25/247180.aspx |
| 18 extern "C" IMAGE_DOS_HEADER __ImageBase; | 19 extern "C" IMAGE_DOS_HEADER __ImageBase; |
| 19 | 20 |
| 20 namespace blacklist{ | 21 namespace blacklist{ |
| 21 | 22 |
| 22 const wchar_t* g_troublesome_dlls[kTroublesomeDllsMaxCount] = { | 23 const wchar_t* g_troublesome_dlls[kTroublesomeDllsMaxCount] = { |
| 23 L"datamngr.dll", // Unknown (suspected adware). | 24 L"datamngr.dll", // Unknown (suspected adware). |
| 24 L"hk.dll", // Unknown (keystroke logger). | 25 L"hk.dll", // Unknown (keystroke logger). |
| 25 L"libsvn_tsvn32.dll", // TortoiseSVN. | 26 L"libsvn_tsvn32.dll", // TortoiseSVN. |
| 26 L"lmrn.dll", // Unknown. | 27 L"lmrn.dll", // Unknown. |
| 27 // Keep this null pointer here to mark the end of the list. | 28 // Keep this null pointer here to mark the end of the list. |
| 28 NULL, | 29 NULL, |
| 29 }; | 30 }; |
| 30 | 31 |
| 32 bool g_blocked_dlls[kTroublesomeDllsMaxCount] = {}; |
| 33 int g_num_blocked_dlls = 0; |
| 34 |
| 31 const wchar_t kRegistryBeaconPath[] = L"SOFTWARE\\Google\\Chrome\\BLBeacon"; | 35 const wchar_t kRegistryBeaconPath[] = L"SOFTWARE\\Google\\Chrome\\BLBeacon"; |
| 32 const wchar_t kBeaconVersion[] = L"version"; | 36 const wchar_t kBeaconVersion[] = L"version"; |
| 33 const wchar_t kBeaconState[] = L"state"; | 37 const wchar_t kBeaconState[] = L"state"; |
| 34 | 38 |
| 35 } // namespace blacklist | 39 } // namespace blacklist |
| 36 | 40 |
| 37 // Allocate storage for thunks in a page of this module to save on doing | 41 // Allocate storage for thunks in a page of this module to save on doing |
| 38 // an extra allocation at run time. | 42 // an extra allocation at run time. |
| 39 #pragma section(".crthunk",read,execute) | 43 #pragma section(".crthunk",read,execute) |
| 40 __declspec(allocate(".crthunk")) sandbox::ThunkData g_thunk_storage; | 44 __declspec(allocate(".crthunk")) sandbox::ThunkData g_thunk_storage; |
| (...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 291 for (int i = 0; i < blacklist_size; ++i) { | 295 for (int i = 0; i < blacklist_size; ++i) { |
| 292 if (!_wcsicmp(g_troublesome_dlls[i], dll_name)) | 296 if (!_wcsicmp(g_troublesome_dlls[i], dll_name)) |
| 293 return true; | 297 return true; |
| 294 } | 298 } |
| 295 | 299 |
| 296 // Copy string to blacklist. | 300 // Copy string to blacklist. |
| 297 wchar_t* str_buffer = new wchar_t[wcslen(dll_name) + 1]; | 301 wchar_t* str_buffer = new wchar_t[wcslen(dll_name) + 1]; |
| 298 wcscpy(str_buffer, dll_name); | 302 wcscpy(str_buffer, dll_name); |
| 299 | 303 |
| 300 g_troublesome_dlls[blacklist_size] = str_buffer; | 304 g_troublesome_dlls[blacklist_size] = str_buffer; |
| 305 g_blocked_dlls[blacklist_size] = false; |
| 301 return true; | 306 return true; |
| 302 } | 307 } |
| 303 | 308 |
| 304 bool RemoveDllFromBlacklist(const wchar_t* dll_name) { | 309 bool RemoveDllFromBlacklist(const wchar_t* dll_name) { |
| 305 int blacklist_size = BlacklistSize(); | 310 int blacklist_size = BlacklistSize(); |
| 306 for (int i = 0; i < blacklist_size; ++i) { | 311 for (int i = 0; i < blacklist_size; ++i) { |
| 307 if (!_wcsicmp(g_troublesome_dlls[i], dll_name)) { | 312 if (!_wcsicmp(g_troublesome_dlls[i], dll_name)) { |
| 308 // Found the thing to remove. Delete it then replace it with the last | 313 // Found the thing to remove. Delete it then replace it with the last |
| 309 // element. | 314 // element. |
| 310 delete[] g_troublesome_dlls[i]; | 315 delete[] g_troublesome_dlls[i]; |
| 311 g_troublesome_dlls[i] = g_troublesome_dlls[blacklist_size - 1]; | 316 g_troublesome_dlls[i] = g_troublesome_dlls[blacklist_size - 1]; |
| 312 g_troublesome_dlls[blacklist_size - 1] = NULL; | 317 g_troublesome_dlls[blacklist_size - 1] = NULL; |
| 318 |
| 319 // Also update the stats recording if we have blocked this dll or not. |
| 320 if (g_blocked_dlls[i]) |
| 321 --g_num_blocked_dlls; |
| 322 g_blocked_dlls[i] = g_blocked_dlls[blacklist_size - 1]; |
| 313 return true; | 323 return true; |
| 314 } | 324 } |
| 315 } | 325 } |
| 316 return false; | 326 return false; |
| 317 } | 327 } |
| 318 | 328 |
| 329 // TODO(csharp): Maybe store these values in the registry so we can |
| 330 // still report them if Chrome crashes early. |
| 331 void SuccessfullyBlocked(const wchar_t** blocked_dlls, int* size) { |
| 332 if (size == NULL) |
| 333 return; |
| 334 |
| 335 // If the array isn't valid or big enough, just report the size it needs to |
| 336 // be and return. |
| 337 if (blocked_dlls == NULL && *size < g_num_blocked_dlls) { |
| 338 *size = g_num_blocked_dlls; |
| 339 return; |
| 340 } |
| 341 |
| 342 *size = g_num_blocked_dlls; |
| 343 |
| 344 int strings_to_fill = 0; |
| 345 for (int i = 0; strings_to_fill < g_num_blocked_dlls && g_troublesome_dlls[i]; |
| 346 ++i) { |
| 347 if (g_blocked_dlls[i]) { |
| 348 blocked_dlls[strings_to_fill] = g_troublesome_dlls[i]; |
| 349 ++strings_to_fill; |
| 350 } |
| 351 } |
| 352 } |
| 353 |
| 354 void BlockedDll(size_t blocked_index) { |
| 355 assert(blocked_index < kTroublesomeDllsMaxCount); |
| 356 |
| 357 if (!g_blocked_dlls[blocked_index] && |
| 358 blocked_index < kTroublesomeDllsMaxCount) { |
| 359 ++g_num_blocked_dlls; |
| 360 g_blocked_dlls[blocked_index] = true; |
| 361 } |
| 362 } |
| 363 |
| 319 bool Initialize(bool force) { | 364 bool Initialize(bool force) { |
| 320 // Check to see that we found the functions we need in ntdll. | 365 // Check to see that we found the functions we need in ntdll. |
| 321 if (!InitializeInterceptImports()) | 366 if (!InitializeInterceptImports()) |
| 322 return false; | 367 return false; |
| 323 | 368 |
| 324 // Check to see if this is a non-browser process, abort if so. | 369 // Check to see if this is a non-browser process, abort if so. |
| 325 if (IsNonBrowserProcess()) | 370 if (IsNonBrowserProcess()) |
| 326 return false; | 371 return false; |
| 327 | 372 |
| 328 // Check to see if a beacon is present, abort if so. | 373 // Check to see if a beacon is present, abort if so. |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 444 sizeof(g_thunk_storage), | 489 sizeof(g_thunk_storage), |
| 445 PAGE_EXECUTE_READ, | 490 PAGE_EXECUTE_READ, |
| 446 &old_protect); | 491 &old_protect); |
| 447 | 492 |
| 448 RecordSuccessfulThunkSetup(&key); | 493 RecordSuccessfulThunkSetup(&key); |
| 449 | 494 |
| 450 return NT_SUCCESS(ret) && page_executable; | 495 return NT_SUCCESS(ret) && page_executable; |
| 451 } | 496 } |
| 452 | 497 |
| 453 } // namespace blacklist | 498 } // namespace blacklist |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 174013007:
Add UMA stats to record when DLLs are successfully blocked in the Browser. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master