OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "hook_util.h" | 5 #include "hook_util.h" |
6 | 6 |
7 #include <versionhelpers.h> // windows.h must be before | 7 #include <versionhelpers.h> // windows.h must be before |
8 | 8 |
9 #include "base/win/pe_image.h" | 9 #include "base/win/pe_image.h" |
| 10 #include "chrome_elf/nt_registry/nt_registry.h" // utils |
10 #include "sandbox/win/src/interception_internal.h" | 11 #include "sandbox/win/src/interception_internal.h" |
11 #include "sandbox/win/src/internal_types.h" | 12 #include "sandbox/win/src/internal_types.h" |
12 #include "sandbox/win/src/sandbox_utils.h" | 13 #include "sandbox/win/src/sandbox_utils.h" |
13 #include "sandbox/win/src/service_resolver.h" | 14 #include "sandbox/win/src/service_resolver.h" |
14 | 15 |
15 namespace { | 16 namespace { |
16 | 17 |
17 //------------------------------------------------------------------------------ | 18 //------------------------------------------------------------------------------ |
18 // Common hooking utility functions - LOCAL | 19 // Common hooking utility functions - LOCAL |
19 //------------------------------------------------------------------------------ | 20 //------------------------------------------------------------------------------ |
20 | 21 |
21 #if !defined(_WIN64) | |
22 // Whether a process is running under WOW64 (the wrapper that allows 32-bit | |
23 // processes to run on 64-bit versions of Windows). This will return | |
24 // WOW64_DISABLED for both "32-bit Chrome on 32-bit Windows" and "64-bit | |
25 // Chrome on 64-bit Windows". WOW64_UNKNOWN means "an error occurred", e.g. | |
26 // the process does not have sufficient access rights to determine this. | |
27 enum WOW64Status { | |
28 WOW64_DISABLED, | |
29 WOW64_ENABLED, | |
30 WOW64_UNKNOWN, | |
31 }; | |
32 | |
33 WOW64Status GetWOW64StatusForCurrentProcess() { | |
34 typedef BOOL(WINAPI * IsWow64ProcessFunc)(HANDLE, PBOOL); | |
35 IsWow64ProcessFunc is_wow64_process = reinterpret_cast<IsWow64ProcessFunc>( | |
36 GetProcAddress(GetModuleHandle(L"kernel32.dll"), "IsWow64Process")); | |
37 if (!is_wow64_process) | |
38 return WOW64_DISABLED; | |
39 BOOL is_wow64 = FALSE; | |
40 if (!is_wow64_process(GetCurrentProcess(), &is_wow64)) | |
41 return WOW64_UNKNOWN; | |
42 return is_wow64 ? WOW64_ENABLED : WOW64_DISABLED; | |
43 } | |
44 #endif // !defined(_WIN64) | |
45 | |
46 // Change the page protections to writable, copy the data, | 22 // Change the page protections to writable, copy the data, |
47 // restore protections. Returns a winerror code. | 23 // restore protections. Returns a winerror code. |
48 DWORD PatchMem(void* target, void* new_bytes, size_t length) { | 24 DWORD PatchMem(void* target, void* new_bytes, size_t length) { |
49 if (target == nullptr || new_bytes == nullptr || length == 0) | 25 if (target == nullptr || new_bytes == nullptr || length == 0) |
50 return ERROR_INVALID_PARAMETER; | 26 return ERROR_INVALID_PARAMETER; |
51 | 27 |
52 // Preserve executable state. | 28 // Preserve executable state. |
53 MEMORY_BASIC_INFORMATION memory_info = {}; | 29 MEMORY_BASIC_INFORMATION memory_info = {}; |
54 if (!::VirtualQuery(target, &memory_info, sizeof(memory_info))) { | 30 if (!::VirtualQuery(target, &memory_info, sizeof(memory_info))) { |
55 return GetLastError(); | 31 return GetLastError(); |
(...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
239 return thunk; | 215 return thunk; |
240 | 216 |
241 // Pseudo-handle, no need to close. | 217 // Pseudo-handle, no need to close. |
242 HANDLE current_process = ::GetCurrentProcess(); | 218 HANDLE current_process = ::GetCurrentProcess(); |
243 | 219 |
244 #if defined(_WIN64) | 220 #if defined(_WIN64) |
245 // ServiceResolverThunk can handle all the formats in 64-bit (instead only | 221 // ServiceResolverThunk can handle all the formats in 64-bit (instead only |
246 // handling one like it does in 32-bit versions). | 222 // handling one like it does in 32-bit versions). |
247 thunk = new sandbox::ServiceResolverThunk(current_process, relaxed); | 223 thunk = new sandbox::ServiceResolverThunk(current_process, relaxed); |
248 #else | 224 #else |
249 if (GetWOW64StatusForCurrentProcess() == WOW64_ENABLED) { | 225 if (nt::IsCurrentProcWow64()) { |
250 if (::IsWindows10OrGreater()) | 226 if (::IsWindows10OrGreater()) |
251 thunk = new sandbox::Wow64W10ResolverThunk(current_process, relaxed); | 227 thunk = new sandbox::Wow64W10ResolverThunk(current_process, relaxed); |
252 else if (::IsWindows8OrGreater()) | 228 else if (::IsWindows8OrGreater()) |
253 thunk = new sandbox::Wow64W8ResolverThunk(current_process, relaxed); | 229 thunk = new sandbox::Wow64W8ResolverThunk(current_process, relaxed); |
254 else | 230 else |
255 thunk = new sandbox::Wow64ResolverThunk(current_process, relaxed); | 231 thunk = new sandbox::Wow64ResolverThunk(current_process, relaxed); |
256 } else if (::IsWindows8OrGreater()) { | 232 } else if (::IsWindows8OrGreater()) { |
257 thunk = new sandbox::Win8ResolverThunk(current_process, relaxed); | 233 thunk = new sandbox::Win8ResolverThunk(current_process, relaxed); |
258 } else { | 234 } else { |
259 thunk = new sandbox::ServiceResolverThunk(current_process, relaxed); | 235 thunk = new sandbox::ServiceResolverThunk(current_process, relaxed); |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
313 RemoveIATHook(intercept_function_, original_function_, iat_thunk_); | 289 RemoveIATHook(intercept_function_, original_function_, iat_thunk_); |
314 | 290 |
315 intercept_function_ = nullptr; | 291 intercept_function_ = nullptr; |
316 original_function_ = nullptr; | 292 original_function_ = nullptr; |
317 iat_thunk_ = nullptr; | 293 iat_thunk_ = nullptr; |
318 | 294 |
319 return winerror; | 295 return winerror; |
320 } | 296 } |
321 | 297 |
322 } // namespace elf_hook | 298 } // namespace elf_hook |
OLD | NEW |