Add UMA stats to record when DLLs are successfully blocked in the Browser.

chrome/browser/chrome_elf_init_win.cc

Index: chrome/browser/chrome_elf_init_win.cc
diff --git a/chrome/browser/chrome_elf_init_win.cc b/chrome/browser/chrome_elf_init_win.cc
index 424f533c34090c07e8e58d6aeaa504a016c7a57b..0a372c76285fd4c3c3c0369d532a6e2b53df017c 100644
--- a/chrome/browser/chrome_elf_init_win.cc
+++ b/chrome/browser/chrome_elf_init_win.cc
@@ -2,12 +2,16 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "base/bind.h"
+#include "base/md5.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
+#include "base/metrics/sparse_histogram.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/win/registry.h"
 #include "chrome/browser/chrome_elf_init_win.h"
 #include "chrome_elf/blacklist/blacklist.h"
+#include "content/public/browser/browser_thread.h"
 #include "version.h"  // NOLINT
 
 namespace {
@@ -15,6 +19,10 @@ namespace {
 const char kBrowserBlacklistTrialName[] = "BrowserBlacklist";
 const char kBrowserBlacklistTrialEnabledGroupName[] = "Enabled";
 
+// How long to wait, in seconds, before reporting for the second (and last
+// time), what dlls were blocked from the browser process.
+const int kBlacklistReportingDelaySec = 600;
+
 // This enum is used to define the buckets for an enumerated UMA histogram.
 // Hence,
 //   (a) existing enumerated constants should never be deleted or reordered, and
@@ -46,6 +54,42 @@ void RecordBlacklistSetupEvent(BlacklistSetupEventType blacklist_setup_event) {
                             BLACKLIST_SETUP_EVENT_MAX);
 }
 
+// Report which DLLs were prevented from being loaded.
+void ReportSuccessfulBlocks() {
+  typedef void (*SuccessfullyBlockedPtr)(const wchar_t**, int*);
+  SuccessfullyBlockedPtr successfully_blocked =
+      reinterpret_cast<SuccessfullyBlockedPtr>(GetProcAddress(
+          GetModuleHandle(L"chrome_elf.dll"), "SuccessfullyBlocked"));
+
+  if (!successfully_blocked)
+    return;
+
+  // Figure out how many dlls were blocked.
+  int num_blocked_dlls = 0;
+  successfully_blocked(NULL, &num_blocked_dlls);
+
+  if (num_blocked_dlls == 0)
+    return;
+
+  // Now retrieve the list of blocked dlls.
+  std::vector<const wchar_t*> blocked_dlls(num_blocked_dlls);
+  successfully_blocked(&blocked_dlls[0], &num_blocked_dlls);
+
+  // Send up the hashes of the blocked dlls via UMA.
+  for (size_t i = 0; i < blocked_dlls.size(); ++i) {
+    base::MD5Digest hash;

[csharp, 2014/02/25 15:20:50]

asvitkine@, any hints/tips on a better hash to use? I think this approach work,
but it doesn't seem as clean as I would like.

[Alexei Svitkine (slow), 2014/02/25 15:51:54]

Another histogram uses this one, which is indeed cleaner:

https://code.google.com/p/chromium/codesearch#chromium/src/ppapi/proxy/interf...

+    base::MD5Sum(blocked_dlls[i], wcslen(blocked_dlls[i]), &hash);
+
+    // Convert the md5 hash to an integer. Strip off the signed bit because
+    // UMA doesn't support negative values, but takes a signed int as input.
+    uint32 uma_hash =
+        static_cast<int>(hash.a[0] + (hash.a[1] << 8) + (hash.a[2] << 12) +
+                         ((hash.a[3] * 0x7f) << 16));
+
+    UMA_HISTOGRAM_SPARSE_SLOWLY("Blacklist.Blocked", uma_hash);
+  }
+}
+
 }  // namespace
 
 void InitializeChromeElf() {
@@ -57,6 +101,18 @@ void InitializeChromeElf() {
     base::win::RegKey blacklist_registry_key(HKEY_CURRENT_USER);
     blacklist_registry_key.DeleteKey(blacklist::kRegistryBeaconPath);
   }
+
+  // Report all successful blacklist interceptions.
+  ReportSuccessfulBlocks();
+
+  // Schedule another task to report all sucessful interceptions later.
+  // This time delay should be long enough to catch any dlls that attempt to
+  // inject after Chrome has started up.
+  content::BrowserThread::PostDelayedTask(
+      content::BrowserThread::UI,
+      FROM_HERE,
+      base::Bind(&ReportSuccessfulBlocks),
+      base::TimeDelta::FromSeconds(kBlacklistReportingDelaySec));
 }
 
 void BrowserBlacklistBeaconSetup() {