| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 // Wow_helper.exe is a simple Win32 64-bit executable designed to help to | |
| 6 // sandbox a 32 bit application running on a 64 bit OS. The basic idea is to | |
| 7 // perform a 64 bit interception of the target process and notify the 32-bit | |
| 8 // broker process whenever a DLL is being loaded. This allows the broker to | |
| 9 // setup the interceptions (32-bit) properly on the target. | |
| 10 | |
| 11 #include <windows.h> | |
| 12 #include <stddef.h> | |
| 13 | |
| 14 #include <string> | |
| 15 | |
| 16 #include "sandbox/win/wow_helper/service64_resolver.h" | |
| 17 #include "sandbox/win/wow_helper/target_code.h" | |
| 18 | |
| 19 namespace sandbox { | |
| 20 | |
| 21 // Performs the interception of NtMapViewOfSection on the 64-bit version of | |
| 22 // ntdll.dll. 'thunk' is the buffer on the address space of process 'child', | |
| 23 // that will be used to store the information about the patch. | |
| 24 int PatchNtdll(HANDLE child, void* thunk, size_t thunk_bytes) { | |
| 25 wchar_t* ntdll_name = L"ntdll.dll"; | |
| 26 HMODULE ntdll_base = ::GetModuleHandle(ntdll_name); | |
| 27 if (!ntdll_base) | |
| 28 return 100; | |
| 29 | |
| 30 Service64ResolverThunk resolver(child); | |
| 31 size_t used = resolver.GetThunkSize(); | |
| 32 char* code = reinterpret_cast<char*>(thunk) + used; | |
| 33 NTSTATUS ret = resolver.Setup(ntdll_base, NULL, "NtMapViewOfSection", NULL, | |
| 34 code, thunk, thunk_bytes, NULL); | |
| 35 if (!NT_SUCCESS(ret)) | |
| 36 return 101; | |
| 37 | |
| 38 size_t size = reinterpret_cast<char*>(&TargetEnd) - | |
| 39 reinterpret_cast<char*>(&TargetNtMapViewOfSection); | |
| 40 | |
| 41 if (size + used > thunk_bytes) | |
| 42 return 102; | |
| 43 | |
| 44 SIZE_T written; | |
| 45 if (!::WriteProcessMemory(child, code, &TargetNtMapViewOfSection, size, | |
| 46 &written)) | |
| 47 return 103; | |
| 48 | |
| 49 if (size != written) | |
| 50 return 104; | |
| 51 | |
| 52 return 0; | |
| 53 } | |
| 54 | |
| 55 } // namespace sandbox | |
| 56 | |
| 57 // We must receive two arguments: the process id of the target to intercept and | |
| 58 // the address of a page of memory on that process that will be used for the | |
| 59 // interception. We receive the address because the broker will cleanup the | |
| 60 // patch when the work is performed. | |
| 61 // | |
| 62 // It should be noted that we don't wait until the real work is done; this | |
| 63 // program quits as soon as the 64-bit interception is performed. | |
| 64 int wWinMain(HINSTANCE, HINSTANCE, wchar_t* command_line, int) { | |
| 65 static_assert(sizeof(void*) > sizeof(DWORD), "unsupported 32 bits"); | |
| 66 if (!command_line) | |
| 67 return 1; | |
| 68 | |
| 69 wchar_t* next; | |
| 70 DWORD process_id = wcstoul(command_line, &next, 0); | |
| 71 if (!process_id) | |
| 72 return 2; | |
| 73 | |
| 74 DWORD access = PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE; | |
| 75 HANDLE child = ::OpenProcess(access, FALSE, process_id); | |
| 76 if (!child) | |
| 77 return 3; | |
| 78 | |
| 79 DWORD buffer = wcstoul(next, NULL, 0); | |
| 80 if (!buffer) | |
| 81 return 4; | |
| 82 | |
| 83 void* thunk = reinterpret_cast<void*>(static_cast<ULONG_PTR>(buffer)); | |
| 84 | |
| 85 const size_t kPageSize = 4096; | |
| 86 return sandbox::PatchNtdll(child, thunk, kPageSize); | |
| 87 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1851213002:
Remove sandbox on Windows. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master