| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome_elf/blacklist/blacklist.h" | 5 #include "chrome_elf/blacklist/blacklist.h" |
| 6 | 6 |
| 7 #include <assert.h> |
| 7 #include <string.h> | 8 #include <string.h> |
| 8 | 9 |
| 9 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| 10 #include "chrome_elf/blacklist/blacklist_interceptions.h" | 11 #include "chrome_elf/blacklist/blacklist_interceptions.h" |
| 11 #include "chrome_elf/chrome_elf_constants.h" | 12 #include "chrome_elf/chrome_elf_constants.h" |
| 12 #include "chrome_elf/chrome_elf_util.h" | 13 #include "chrome_elf/chrome_elf_util.h" |
| 13 #include "sandbox/win/src/interception_internal.h" | 14 #include "sandbox/win/src/interception_internal.h" |
| 14 #include "sandbox/win/src/internal_types.h" | 15 #include "sandbox/win/src/internal_types.h" |
| 15 #include "sandbox/win/src/sandbox_utils.h" | 16 #include "sandbox/win/src/sandbox_utils.h" |
| 16 #include "sandbox/win/src/service_resolver.h" | 17 #include "sandbox/win/src/service_resolver.h" |
| 17 #include "version.h" // NOLINT | 18 #include "version.h" // NOLINT |
| 18 | 19 |
| 19 // http://blogs.msdn.com/oldnewthing/archive/2004/10/25/247180.aspx | 20 // http://blogs.msdn.com/oldnewthing/archive/2004/10/25/247180.aspx |
| 20 extern "C" IMAGE_DOS_HEADER __ImageBase; | 21 extern "C" IMAGE_DOS_HEADER __ImageBase; |
| 21 | 22 |
| 22 namespace blacklist{ | 23 namespace blacklist{ |
| 23 | 24 |
| 24 const wchar_t* g_troublesome_dlls[kTroublesomeDllsMaxCount] = { | 25 const wchar_t* g_troublesome_dlls[kTroublesomeDllsMaxCount] = { |
| 25 L"datamngr.dll", // Unknown (suspected adware). | 26 L"datamngr.dll", // Unknown (suspected adware). |
| 26 L"hk.dll", // Unknown (keystroke logger). | 27 L"hk.dll", // Unknown (keystroke logger). |
| 27 L"libsvn_tsvn32.dll", // TortoiseSVN. | 28 L"libsvn_tsvn32.dll", // TortoiseSVN. |
| 28 L"lmrn.dll", // Unknown. | 29 L"lmrn.dll", // Unknown. |
| 29 // Keep this null pointer here to mark the end of the list. | 30 // Keep this null pointer here to mark the end of the list. |
| 30 NULL, | 31 NULL, |
| 31 }; | 32 }; |
| 32 | 33 |
| 34 bool g_blocked_dlls[kTroublesomeDllsMaxCount] = {}; |
| 35 int g_num_blocked_dlls = 0; |
| 36 |
| 33 } // namespace blacklist | 37 } // namespace blacklist |
| 34 | 38 |
| 35 // Allocate storage for thunks in a page of this module to save on doing | 39 // Allocate storage for thunks in a page of this module to save on doing |
| 36 // an extra allocation at run time. | 40 // an extra allocation at run time. |
| 37 #pragma section(".crthunk",read,execute) | 41 #pragma section(".crthunk",read,execute) |
| 38 __declspec(allocate(".crthunk")) sandbox::ThunkData g_thunk_storage; | 42 __declspec(allocate(".crthunk")) sandbox::ThunkData g_thunk_storage; |
| 39 | 43 |
| 40 namespace { | 44 namespace { |
| 41 | 45 |
| 42 enum Version { | 46 enum Version { |
| (...skipping 235 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 278 for (int i = 0; i < blacklist_size; ++i) { | 282 for (int i = 0; i < blacklist_size; ++i) { |
| 279 if (!_wcsicmp(g_troublesome_dlls[i], dll_name)) | 283 if (!_wcsicmp(g_troublesome_dlls[i], dll_name)) |
| 280 return true; | 284 return true; |
| 281 } | 285 } |
| 282 | 286 |
| 283 // Copy string to blacklist. | 287 // Copy string to blacklist. |
| 284 wchar_t* str_buffer = new wchar_t[wcslen(dll_name) + 1]; | 288 wchar_t* str_buffer = new wchar_t[wcslen(dll_name) + 1]; |
| 285 wcscpy(str_buffer, dll_name); | 289 wcscpy(str_buffer, dll_name); |
| 286 | 290 |
| 287 g_troublesome_dlls[blacklist_size] = str_buffer; | 291 g_troublesome_dlls[blacklist_size] = str_buffer; |
| 292 g_blocked_dlls[blacklist_size] = false; |
| 288 return true; | 293 return true; |
| 289 } | 294 } |
| 290 | 295 |
| 291 bool RemoveDllFromBlacklist(const wchar_t* dll_name) { | 296 bool RemoveDllFromBlacklist(const wchar_t* dll_name) { |
| 292 int blacklist_size = BlacklistSize(); | 297 int blacklist_size = BlacklistSize(); |
| 293 for (int i = 0; i < blacklist_size; ++i) { | 298 for (int i = 0; i < blacklist_size; ++i) { |
| 294 if (!_wcsicmp(g_troublesome_dlls[i], dll_name)) { | 299 if (!_wcsicmp(g_troublesome_dlls[i], dll_name)) { |
| 295 // Found the thing to remove. Delete it then replace it with the last | 300 // Found the thing to remove. Delete it then replace it with the last |
| 296 // element. | 301 // element. |
| 297 delete[] g_troublesome_dlls[i]; | 302 delete[] g_troublesome_dlls[i]; |
| 298 g_troublesome_dlls[i] = g_troublesome_dlls[blacklist_size - 1]; | 303 g_troublesome_dlls[i] = g_troublesome_dlls[blacklist_size - 1]; |
| 299 g_troublesome_dlls[blacklist_size - 1] = NULL; | 304 g_troublesome_dlls[blacklist_size - 1] = NULL; |
| 305 |
| 306 // Also update the stats recording if we have blocked this dll or not. |
| 307 if (g_blocked_dlls[i]) |
| 308 --g_num_blocked_dlls; |
| 309 g_blocked_dlls[i] = g_blocked_dlls[blacklist_size - 1]; |
| 300 return true; | 310 return true; |
| 301 } | 311 } |
| 302 } | 312 } |
| 303 return false; | 313 return false; |
| 304 } | 314 } |
| 305 | 315 |
| 316 // TODO(csharp): Maybe store these values in the registry so we can |
| 317 // still report them if Chrome crashes early. |
| 318 void SuccessfullyBlocked(const wchar_t** blocked_dlls, int* size) { |
| 319 if (size == NULL) |
| 320 return; |
| 321 |
| 322 // If the array isn't valid or big enough, just report the size it needs to |
| 323 // be and return. |
| 324 if (blocked_dlls == NULL && *size < g_num_blocked_dlls) { |
| 325 *size = g_num_blocked_dlls; |
| 326 return; |
| 327 } |
| 328 |
| 329 *size = g_num_blocked_dlls; |
| 330 |
| 331 int strings_to_fill = 0; |
| 332 for (int i = 0; strings_to_fill < g_num_blocked_dlls && g_troublesome_dlls[i]; |
| 333 ++i) { |
| 334 if (g_blocked_dlls[i]) { |
| 335 blocked_dlls[strings_to_fill] = g_troublesome_dlls[i]; |
| 336 ++strings_to_fill; |
| 337 } |
| 338 } |
| 339 } |
| 340 |
| 341 void BlockedDll(size_t blocked_index) { |
| 342 assert(blocked_index < kTroublesomeDllsMaxCount); |
| 343 |
| 344 if (!g_blocked_dlls[blocked_index] && |
| 345 blocked_index < kTroublesomeDllsMaxCount) { |
| 346 ++g_num_blocked_dlls; |
| 347 g_blocked_dlls[blocked_index] = true; |
| 348 } |
| 349 } |
| 350 |
| 306 bool Initialize(bool force) { | 351 bool Initialize(bool force) { |
| 307 // Check to see that we found the functions we need in ntdll. | 352 // Check to see that we found the functions we need in ntdll. |
| 308 if (!InitializeInterceptImports()) | 353 if (!InitializeInterceptImports()) |
| 309 return false; | 354 return false; |
| 310 | 355 |
| 311 // Check to see if this is a non-browser process, abort if so. | 356 // Check to see if this is a non-browser process, abort if so. |
| 312 if (IsNonBrowserProcess()) | 357 if (IsNonBrowserProcess()) |
| 313 return false; | 358 return false; |
| 314 | 359 |
| 315 // Check to see if a beacon is present, abort if so. | 360 // Check to see if a beacon is present, abort if so. |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 431 sizeof(g_thunk_storage), | 476 sizeof(g_thunk_storage), |
| 432 PAGE_EXECUTE_READ, | 477 PAGE_EXECUTE_READ, |
| 433 &old_protect); | 478 &old_protect); |
| 434 | 479 |
| 435 RecordSuccessfulThunkSetup(&key); | 480 RecordSuccessfulThunkSetup(&key); |
| 436 | 481 |
| 437 return NT_SUCCESS(ret) && page_executable; | 482 return NT_SUCCESS(ret) && page_executable; |
| 438 } | 483 } |
| 439 | 484 |
| 440 } // namespace blacklist | 485 } // namespace blacklist |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 174013007:
Add UMA stats to record when DLLs are successfully blocked in the Browser. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master