OLD | NEW |
| (Empty) |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 // This file contains unit tests for InterceptionManager. | |
6 // The tests require private information so the whole interception.cc file is | |
7 // included from this file. | |
8 | |
9 #include <windows.h> | |
10 #include <stddef.h> | |
11 | |
12 #include <algorithm> | |
13 #include <set> | |
14 | |
15 #include "base/bits.h" | |
16 #include "base/memory/scoped_ptr.h" | |
17 #include "sandbox/win/src/interception.h" | |
18 #include "sandbox/win/src/interception_internal.h" | |
19 #include "sandbox/win/src/interceptors.h" | |
20 #include "sandbox/win/src/target_process.h" | |
21 #include "testing/gtest/include/gtest/gtest.h" | |
22 | |
23 namespace sandbox { | |
24 | |
25 namespace internal { | |
26 size_t GetGranularAlignedRandomOffset(size_t size); | |
27 } | |
28 | |
29 // Walks the settings buffer, verifying that the values make sense and counting | |
30 // objects. | |
31 // Arguments: | |
32 // buffer (in): the buffer to walk. | |
33 // size (in): buffer size | |
34 // num_dlls (out): count of the dlls on the buffer. | |
35 // num_function (out): count of intercepted functions. | |
36 // num_names (out): count of named interceptor functions. | |
37 void WalkBuffer(void* buffer, size_t size, int* num_dlls, int* num_functions, | |
38 int* num_names) { | |
39 ASSERT_TRUE(NULL != buffer); | |
40 ASSERT_TRUE(NULL != num_functions); | |
41 ASSERT_TRUE(NULL != num_names); | |
42 *num_dlls = *num_functions = *num_names = 0; | |
43 SharedMemory *memory = reinterpret_cast<SharedMemory*>(buffer); | |
44 | |
45 ASSERT_GT(size, sizeof(SharedMemory)); | |
46 DllPatchInfo *dll = &memory->dll_list[0]; | |
47 | |
48 for (int i = 0; i < memory->num_intercepted_dlls; i++) { | |
49 ASSERT_NE(0u, wcslen(dll->dll_name)); | |
50 ASSERT_EQ(0u, dll->record_bytes % sizeof(size_t)); | |
51 ASSERT_EQ(0u, dll->offset_to_functions % sizeof(size_t)); | |
52 ASSERT_NE(0, dll->num_functions); | |
53 | |
54 FunctionInfo *function = reinterpret_cast<FunctionInfo*>( | |
55 reinterpret_cast<char*>(dll) + dll->offset_to_functions); | |
56 | |
57 for (int j = 0; j < dll->num_functions; j++) { | |
58 ASSERT_EQ(0u, function->record_bytes % sizeof(size_t)); | |
59 | |
60 char* name = function->function; | |
61 size_t length = strlen(name); | |
62 ASSERT_NE(0u, length); | |
63 name += length + 1; | |
64 | |
65 // look for overflows | |
66 ASSERT_GT(reinterpret_cast<char*>(buffer) + size, name + strlen(name)); | |
67 | |
68 // look for a named interceptor | |
69 if (strlen(name)) { | |
70 (*num_names)++; | |
71 EXPECT_TRUE(NULL == function->interceptor_address); | |
72 } else { | |
73 EXPECT_TRUE(NULL != function->interceptor_address); | |
74 } | |
75 | |
76 (*num_functions)++; | |
77 function = reinterpret_cast<FunctionInfo*>( | |
78 reinterpret_cast<char*>(function) + function->record_bytes); | |
79 } | |
80 | |
81 (*num_dlls)++; | |
82 dll = reinterpret_cast<DllPatchInfo*>(reinterpret_cast<char*>(dll) + | |
83 dll->record_bytes); | |
84 } | |
85 } | |
86 | |
87 TEST(InterceptionManagerTest, GetGranularAlignedRandomOffset) { | |
88 std::set<size_t> sizes; | |
89 | |
90 // 544 is current value of interceptions_.size() * sizeof(ThunkData) + | |
91 // sizeof(DllInterceptionData). | |
92 const size_t kThunkBytes = 544; | |
93 | |
94 // ciel(log2(544)) = 10. | |
95 // Alignment must be 2^10 = 1024. | |
96 const size_t kAlignmentBits = base::bits::Log2Ceiling(kThunkBytes); | |
97 const size_t kAlignment = static_cast<size_t>(1) << kAlignmentBits; | |
98 | |
99 const size_t kAllocGranularity = 65536; | |
100 | |
101 // Generate enough sample data to ensure there is at least one value in each | |
102 // potential bucket. | |
103 for (size_t i = 0; i < 1000000; i++) | |
104 sizes.insert(internal::GetGranularAlignedRandomOffset(kThunkBytes)); | |
105 | |
106 size_t prev_val = 0; | |
107 size_t min_val = kAllocGranularity; | |
108 size_t min_nonzero_val = kAllocGranularity; | |
109 size_t max_val = 0; | |
110 | |
111 for (size_t val : sizes) { | |
112 ASSERT_LT(val, kAllocGranularity); | |
113 if (prev_val) | |
114 ASSERT_EQ(val - prev_val, kAlignment); | |
115 if (val) | |
116 min_nonzero_val = std::min(val, min_nonzero_val); | |
117 min_val = std::min(val, min_val); | |
118 prev_val = val; | |
119 max_val = std::max(val, max_val); | |
120 } | |
121 ASSERT_EQ(max_val, kAllocGranularity - kAlignment); | |
122 ASSERT_EQ(0u, min_val); | |
123 ASSERT_EQ(min_nonzero_val, kAlignment); | |
124 } | |
125 | |
126 TEST(InterceptionManagerTest, BufferLayout1) { | |
127 wchar_t exe_name[MAX_PATH]; | |
128 ASSERT_NE(0u, GetModuleFileName(NULL, exe_name, MAX_PATH - 1)); | |
129 | |
130 TargetProcess *target = MakeTestTargetProcess(::GetCurrentProcess(), | |
131 ::GetModuleHandle(exe_name)); | |
132 | |
133 InterceptionManager interceptions(target, true); | |
134 | |
135 // Any pointer will do for a function pointer. | |
136 void* function = &interceptions; | |
137 | |
138 // We don't care about the interceptor id. | |
139 interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtCreateFile", | |
140 INTERCEPTION_SERVICE_CALL, function, | |
141 OPEN_KEY_ID); | |
142 interceptions.AddToPatchedFunctions(L"kernel32.dll", "CreateFileEx", | |
143 INTERCEPTION_EAT, function, OPEN_KEY_ID); | |
144 interceptions.AddToPatchedFunctions(L"kernel32.dll", "SomeFileEx", | |
145 INTERCEPTION_SMART_SIDESTEP, function, | |
146 OPEN_KEY_ID); | |
147 interceptions.AddToPatchedFunctions(L"user32.dll", "FindWindow", | |
148 INTERCEPTION_EAT, function, OPEN_KEY_ID); | |
149 interceptions.AddToPatchedFunctions(L"kernel32.dll", "CreateMutex", | |
150 INTERCEPTION_EAT, function, OPEN_KEY_ID); | |
151 interceptions.AddToPatchedFunctions(L"user32.dll", "PostMsg", | |
152 INTERCEPTION_EAT, function, OPEN_KEY_ID); | |
153 interceptions.AddToPatchedFunctions(L"user32.dll", "PostMsg", | |
154 INTERCEPTION_EAT, "replacement", | |
155 OPEN_KEY_ID); | |
156 interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg", | |
157 INTERCEPTION_EAT, function, OPEN_KEY_ID); | |
158 interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtClose", | |
159 INTERCEPTION_SERVICE_CALL, function, | |
160 OPEN_KEY_ID); | |
161 interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtOpenFile", | |
162 INTERCEPTION_SIDESTEP, function, | |
163 OPEN_KEY_ID); | |
164 interceptions.AddToPatchedFunctions(L"some.dll", "Superfn", | |
165 INTERCEPTION_EAT, function, OPEN_KEY_ID); | |
166 interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg", | |
167 INTERCEPTION_EAT, "a", OPEN_KEY_ID); | |
168 interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg", | |
169 INTERCEPTION_SIDESTEP, "ab", OPEN_KEY_ID); | |
170 interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg", | |
171 INTERCEPTION_EAT, "abc", OPEN_KEY_ID); | |
172 interceptions.AddToPatchedFunctions(L"a.dll", "p", | |
173 INTERCEPTION_EAT, function, OPEN_KEY_ID); | |
174 interceptions.AddToPatchedFunctions(L"b.dll", | |
175 "TheIncredibleCallToSaveTheWorld", | |
176 INTERCEPTION_EAT, function, OPEN_KEY_ID); | |
177 interceptions.AddToPatchedFunctions(L"a.dll", "BIsLame", | |
178 INTERCEPTION_EAT, function, OPEN_KEY_ID); | |
179 interceptions.AddToPatchedFunctions(L"a.dll", "ARules", | |
180 INTERCEPTION_EAT, function, OPEN_KEY_ID); | |
181 | |
182 // Verify that all interceptions were added | |
183 ASSERT_EQ(18u, interceptions.interceptions_.size()); | |
184 | |
185 size_t buffer_size = interceptions.GetBufferSize(); | |
186 scoped_ptr<BYTE[]> local_buffer(new BYTE[buffer_size]); | |
187 | |
188 ASSERT_TRUE(interceptions.SetupConfigBuffer(local_buffer.get(), | |
189 buffer_size)); | |
190 | |
191 // At this point, the interceptions should have been separated into two | |
192 // groups: one group with the local ("cold") interceptions, consisting of | |
193 // everything from ntdll and stuff set as INTRECEPTION_SERVICE_CALL, and | |
194 // another group with the interceptions belonging to dlls that will be "hot" | |
195 // patched on the client. The second group lives on local_buffer, and the | |
196 // first group remains on the list of interceptions (inside the object | |
197 // "interceptions"). There are 3 local interceptions (of ntdll); the | |
198 // other 15 have to be sent to the child to be performed "hot". | |
199 EXPECT_EQ(3u, interceptions.interceptions_.size()); | |
200 | |
201 int num_dlls, num_functions, num_names; | |
202 WalkBuffer(local_buffer.get(), buffer_size, &num_dlls, &num_functions, | |
203 &num_names); | |
204 | |
205 // The 15 interceptions on the buffer (to the child) should be grouped on 6 | |
206 // dlls. Only four interceptions are using an explicit name for the | |
207 // interceptor function. | |
208 EXPECT_EQ(6, num_dlls); | |
209 EXPECT_EQ(15, num_functions); | |
210 EXPECT_EQ(4, num_names); | |
211 } | |
212 | |
213 TEST(InterceptionManagerTest, BufferLayout2) { | |
214 wchar_t exe_name[MAX_PATH]; | |
215 ASSERT_NE(0u, GetModuleFileName(NULL, exe_name, MAX_PATH - 1)); | |
216 | |
217 TargetProcess *target = MakeTestTargetProcess(::GetCurrentProcess(), | |
218 ::GetModuleHandle(exe_name)); | |
219 | |
220 InterceptionManager interceptions(target, true); | |
221 | |
222 // Any pointer will do for a function pointer. | |
223 void* function = &interceptions; | |
224 interceptions.AddToUnloadModules(L"some01.dll"); | |
225 // We don't care about the interceptor id. | |
226 interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtCreateFile", | |
227 INTERCEPTION_SERVICE_CALL, function, | |
228 OPEN_FILE_ID); | |
229 interceptions.AddToPatchedFunctions(L"kernel32.dll", "CreateFileEx", | |
230 INTERCEPTION_EAT, function, OPEN_FILE_ID); | |
231 interceptions.AddToUnloadModules(L"some02.dll"); | |
232 interceptions.AddToPatchedFunctions(L"kernel32.dll", "SomeFileEx", | |
233 INTERCEPTION_SMART_SIDESTEP, function, | |
234 OPEN_FILE_ID); | |
235 // Verify that all interceptions were added | |
236 ASSERT_EQ(5u, interceptions.interceptions_.size()); | |
237 | |
238 size_t buffer_size = interceptions.GetBufferSize(); | |
239 scoped_ptr<BYTE[]> local_buffer(new BYTE[buffer_size]); | |
240 | |
241 ASSERT_TRUE(interceptions.SetupConfigBuffer(local_buffer.get(), | |
242 buffer_size)); | |
243 | |
244 // At this point, the interceptions should have been separated into two | |
245 // groups: one group with the local ("cold") interceptions, and another | |
246 // group with the interceptions belonging to dlls that will be "hot" | |
247 // patched on the client. The second group lives on local_buffer, and the | |
248 // first group remains on the list of interceptions, in this case just one. | |
249 EXPECT_EQ(1u, interceptions.interceptions_.size()); | |
250 | |
251 int num_dlls, num_functions, num_names; | |
252 WalkBuffer(local_buffer.get(), buffer_size, &num_dlls, &num_functions, | |
253 &num_names); | |
254 | |
255 EXPECT_EQ(3, num_dlls); | |
256 EXPECT_EQ(4, num_functions); | |
257 EXPECT_EQ(0, num_names); | |
258 } | |
259 | |
260 } // namespace sandbox | |
OLD | NEW |