[chrome_elf] NTRegistry - added wow64 redirection support.

chrome_elf/hook_util/hook_util.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "hook_util.h"
 
 #include <versionhelpers.h>  // windows.h must be before
 
 #include "base/win/pe_image.h"
+#include "chrome_elf/nt_registry/nt_registry.h"  // utils
 #include "sandbox/win/src/interception_internal.h"
 #include "sandbox/win/src/internal_types.h"
 #include "sandbox/win/src/sandbox_utils.h"
 #include "sandbox/win/src/service_resolver.h"
 
 namespace {
 
 //------------------------------------------------------------------------------
 // Common hooking utility functions - LOCAL
 //------------------------------------------------------------------------------
 
-#if !defined(_WIN64)
-// Whether a process is running under WOW64 (the wrapper that allows 32-bit
-// processes to run on 64-bit versions of Windows).  This will return
-// WOW64_DISABLED for both "32-bit Chrome on 32-bit Windows" and "64-bit
-// Chrome on 64-bit Windows".  WOW64_UNKNOWN means "an error occurred", e.g.
-// the process does not have sufficient access rights to determine this.
-enum WOW64Status {
-  WOW64_DISABLED,
-  WOW64_ENABLED,
-  WOW64_UNKNOWN,
-};
-
-WOW64Status GetWOW64StatusForCurrentProcess() {
-  typedef BOOL(WINAPI * IsWow64ProcessFunc)(HANDLE, PBOOL);
-  IsWow64ProcessFunc is_wow64_process = reinterpret_cast<IsWow64ProcessFunc>(
-      GetProcAddress(GetModuleHandle(L"kernel32.dll"), "IsWow64Process"));
-  if (!is_wow64_process)
-    return WOW64_DISABLED;
-  BOOL is_wow64 = FALSE;
-  if (!is_wow64_process(GetCurrentProcess(), &is_wow64))
-    return WOW64_UNKNOWN;
-  return is_wow64 ? WOW64_ENABLED : WOW64_DISABLED;
-}
-#endif  // !defined(_WIN64)
-
 // Change the page protections to writable, copy the data,
 // restore protections. Returns a winerror code.
 DWORD PatchMem(void* target, void* new_bytes, size_t length) {
   if (target == nullptr || new_bytes == nullptr || length == 0)
     return ERROR_INVALID_PARAMETER;
 
   // Preserve executable state.
   MEMORY_BASIC_INFORMATION memory_info = {};
   if (!::VirtualQuery(target, &memory_info, sizeof(memory_info))) {
     return GetLastError();
@@ skipping 183 matching lines @@
     return thunk;
 
   // Pseudo-handle, no need to close.
   HANDLE current_process = ::GetCurrentProcess();
 
 #if defined(_WIN64)
   // ServiceResolverThunk can handle all the formats in 64-bit (instead only
   // handling one like it does in 32-bit versions).
   thunk = new sandbox::ServiceResolverThunk(current_process, relaxed);
 #else
-  if (GetWOW64StatusForCurrentProcess() == WOW64_ENABLED) {
+  if (nt::IsCurrentProcWow64()) {
     if (::IsWindows10OrGreater())
       thunk = new sandbox::Wow64W10ResolverThunk(current_process, relaxed);
     else if (::IsWindows8OrGreater())
       thunk = new sandbox::Wow64W8ResolverThunk(current_process, relaxed);
     else
       thunk = new sandbox::Wow64ResolverThunk(current_process, relaxed);
   } else if (::IsWindows8OrGreater()) {
     thunk = new sandbox::Win8ResolverThunk(current_process, relaxed);
   } else {
     thunk = new sandbox::ServiceResolverThunk(current_process, relaxed);
@@ skipping 53 matching lines @@
       RemoveIATHook(intercept_function_, original_function_, iat_thunk_);
 
   intercept_function_ = nullptr;
   original_function_ = nullptr;
   iat_thunk_ = nullptr;
 
   return winerror;
 }
 
 }  // namespace elf_hook