Make chrome_elf use thunks instead of function pointers.

sandbox/win/src/service_resolver_64.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/win/src/service_resolver.h"
 
 #include "base/memory/scoped_ptr.h"
 #include "sandbox/win/src/sandbox_nt_util.h"
 #include "sandbox/win/src/win_utils.h"
 
@@ skipping 98 matching lines @@
   if (NULL != storage_used)
     *storage_used = thunk_bytes;
 
   return ret;
 }
 
 size_t ServiceResolverThunk::GetThunkSize() const {
   return sizeof(ServiceFullThunk);
 }
 
+NTSTATUS ServiceResolverThunk::CopyThunk(const void* target_module,
+                                         const char* target_name,
+                                         void* thunk_storage,
+                                         size_t storage_bytes,
+                                         size_t* storage_used) {
+  NTSTATUS ret = ResolveTarget(target_module, target_name, &target_);
+  if(!NT_SUCCESS(ret))

[robertshield, 2014/02/28 21:02:22]

space after if

[Cait (Slow), 2014/03/03 20:55:11]

Done.

+    return ret;
+
+  size_t thunk_bytes = GetThunkSize();
+  scoped_ptr<char[]> thunk_buffer(new char[thunk_bytes]);

[robertshield, 2014/02/28 21:02:22]

we use BYTE below for storage and chars here. Should be consistent.

[Cait (Slow), 2014/03/03 20:55:11]

Done.

+  ServiceFullThunk* thunk = reinterpret_cast<ServiceFullThunk*>(
+                                thunk_buffer.get());
+
+  if (!IsFunctionAService(&thunk->original))
+    return STATUS_UNSUCCESSFUL;
+
+  BYTE* thunk_storage_bytes = reinterpret_cast<BYTE*>(thunk_storage);
+
+  // Mark the thunk storage as readable and writeable, since we
+  // ready to write to it.
+  DWORD old_protect = 0;
+  if(!VirtualProtect(thunk_storage,

[robertshield, 2014/02/28 21:02:22]

space after if

[Cait (Slow), 2014/03/03 20:55:11]

Done.

+                     sizeof(thunk_storage),
+                     PAGE_EXECUTE_READWRITE,
+                     &old_protect)) {
+    return STATUS_UNSUCCESSFUL;
+  }
+
+  // copy the local thunk buffer to the child
+  SIZE_T written;

[robertshield, 2014/02/28 21:02:22]

= 0

[Cait (Slow), 2014/03/03 20:55:11]

Done.

+  ret = ::WriteProcessMemory(process_,
+                             thunk_storage_bytes,
+                             reinterpret_cast<void*>(&thunk->original),
+                             thunk_bytes,
+                             &written);
+
+  if (!NT_SUCCESS(ret))
+    return ret;
+
+  if (thunk_bytes != written)
+    return STATUS_UNSUCCESSFUL;
+
+  if (VirtualProtect(thunk_storage,
+                     sizeof(thunk_storage),
+                     PAGE_EXECUTE_READ,
+                     &old_protect)) {
+    return STATUS_UNSUCCESSFUL;
+  }
+
+  if (NULL != storage_used)
+    *storage_used = thunk_bytes;
+
+  return ret;
+}
+
 bool ServiceResolverThunk::IsFunctionAService(void* local_thunk) const {
   ServiceFullThunk function_code;
   SIZE_T read;
   if (!::ReadProcessMemory(process_, target_, &function_code,
                            sizeof(function_code), &read))
     return false;
 
   if (sizeof(function_code) != read)
     return false;
 
@@ skipping 55 matching lines @@
   NOTREACHED_NT();
   return false;
 }
 
 bool Win2kResolverThunk::IsFunctionAService(void* local_thunk) const {
   NOTREACHED_NT();
   return false;
 }
 
 }  // namespace sandbox