| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome_elf/blacklist/blacklist.h" | 5 #include "chrome_elf/blacklist/blacklist.h" |
| 6 | 6 |
| 7 #include <assert.h> | 7 #include <assert.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 94 namespace blacklist { | 94 namespace blacklist { |
| 95 | 95 |
| 96 #if defined(_WIN64) | 96 #if defined(_WIN64) |
| 97 // Allocate storage for the pointer to the old NtMapViewOfSectionFunction. | 97 // Allocate storage for the pointer to the old NtMapViewOfSectionFunction. |
| 98 #pragma section(".oldntmap", write, read) | 98 #pragma section(".oldntmap", write, read) |
| 99 __declspec(allocate(".oldntmap")) | 99 __declspec(allocate(".oldntmap")) |
| 100 NtMapViewOfSectionFunction g_nt_map_view_of_section_func = NULL; | 100 NtMapViewOfSectionFunction g_nt_map_view_of_section_func = NULL; |
| 101 #endif | 101 #endif |
| 102 | 102 |
| 103 bool LeaveSetupBeacon() { | 103 bool LeaveSetupBeacon() { |
| 104 HANDLE key_handle = INVALID_HANDLE_VALUE; | 104 nt::ScopedHANDLE key_handle = nt::CreateRegKey( |
| 105 nt::HKCU, kRegistryBeaconPath, KEY_QUERY_VALUE | KEY_SET_VALUE); |
| 105 | 106 |
| 106 if (!nt::CreateRegKey(nt::HKCU, kRegistryBeaconPath, | 107 if (!key_handle.is_valid()) |
| 107 KEY_QUERY_VALUE | KEY_SET_VALUE, &key_handle)) | |
| 108 return false; | 108 return false; |
| 109 | 109 |
| 110 DWORD blacklist_state = BLACKLIST_STATE_MAX; | 110 DWORD blacklist_state = BLACKLIST_STATE_MAX; |
| 111 if (!nt::QueryRegValueDWORD(key_handle, kBeaconState, &blacklist_state) || | 111 if (!nt::QueryRegValueDWORD(key_handle.get(), kBeaconState, |
| 112 &blacklist_state) || |
| 112 blacklist_state == BLACKLIST_DISABLED) { | 113 blacklist_state == BLACKLIST_DISABLED) { |
| 113 nt::CloseRegKey(key_handle); | |
| 114 return false; | 114 return false; |
| 115 } | 115 } |
| 116 | 116 |
| 117 // Handle attempt count. | 117 // Handle attempt count. |
| 118 // Only return true if BL is enabled and succeeded on previous run. | 118 // Only return true if BL is enabled and succeeded on previous run. |
| 119 bool success = false; | 119 bool success = false; |
| 120 if (blacklist_state == BLACKLIST_ENABLED) { | 120 if (blacklist_state == BLACKLIST_ENABLED) { |
| 121 // If the blacklist succeeded on the previous run reset the failure | 121 // If the blacklist succeeded on the previous run reset the failure |
| 122 // counter. Then update the beacon state. | 122 // counter. Then update the beacon state. |
| 123 if (nt::SetRegValueDWORD(key_handle, kBeaconAttemptCount, | 123 if (nt::SetRegValueDWORD(key_handle.get(), kBeaconAttemptCount, |
| 124 static_cast<DWORD>(0))) { | 124 static_cast<DWORD>(0))) { |
| 125 if (nt::SetRegValueDWORD(key_handle, kBeaconState, | 125 if (nt::SetRegValueDWORD(key_handle.get(), kBeaconState, |
| 126 BLACKLIST_SETUP_RUNNING)) | 126 BLACKLIST_SETUP_RUNNING)) |
| 127 success = true; | 127 success = true; |
| 128 } | 128 } |
| 129 } else { | 129 } else { |
| 130 // Some part of the blacklist setup failed last time. If this has occured | 130 // Some part of the blacklist setup failed last time. If this has occured |
| 131 // blacklist::kBeaconMaxAttempts times in a row we switch the state to | 131 // blacklist::kBeaconMaxAttempts times in a row we switch the state to |
| 132 // failed and skip setting up the blacklist. | 132 // failed and skip setting up the blacklist. |
| 133 DWORD attempt_count = 0; | 133 DWORD attempt_count = 0; |
| 134 | 134 |
| 135 nt::QueryRegValueDWORD(key_handle, blacklist::kBeaconAttemptCount, | 135 nt::QueryRegValueDWORD(key_handle.get(), blacklist::kBeaconAttemptCount, |
| 136 &attempt_count); | 136 &attempt_count); |
| 137 ++attempt_count; | 137 ++attempt_count; |
| 138 nt::SetRegValueDWORD(key_handle, blacklist::kBeaconAttemptCount, | 138 nt::SetRegValueDWORD(key_handle.get(), blacklist::kBeaconAttemptCount, |
| 139 attempt_count); | 139 attempt_count); |
| 140 | 140 |
| 141 if (attempt_count >= blacklist::kBeaconMaxAttempts) { | 141 if (attempt_count >= blacklist::kBeaconMaxAttempts) { |
| 142 blacklist_state = blacklist::BLACKLIST_SETUP_FAILED; | 142 blacklist_state = blacklist::BLACKLIST_SETUP_FAILED; |
| 143 nt::SetRegValueDWORD(key_handle, blacklist::kBeaconState, | 143 nt::SetRegValueDWORD(key_handle.get(), blacklist::kBeaconState, |
| 144 blacklist_state); | 144 blacklist_state); |
| 145 } | 145 } |
| 146 } | 146 } |
| 147 | 147 |
| 148 nt::CloseRegKey(key_handle); | |
| 149 return success; | 148 return success; |
| 150 } | 149 } |
| 151 | 150 |
| 152 bool ResetBeacon() { | 151 bool ResetBeacon() { |
| 153 HANDLE key_handle = INVALID_HANDLE_VALUE; | 152 nt::ScopedHANDLE key_handle = nt::CreateRegKey( |
| 154 | 153 nt::HKCU, kRegistryBeaconPath, KEY_QUERY_VALUE | KEY_SET_VALUE); |
| 155 if (!nt::CreateRegKey(nt::HKCU, kRegistryBeaconPath, | 154 if (!key_handle.is_valid()) |
| 156 KEY_QUERY_VALUE | KEY_SET_VALUE, &key_handle)) | |
| 157 return false; | 155 return false; |
| 158 | 156 |
| 159 DWORD blacklist_state = BLACKLIST_STATE_MAX; | 157 DWORD blacklist_state = BLACKLIST_STATE_MAX; |
| 160 if (!nt::QueryRegValueDWORD(key_handle, kBeaconState, &blacklist_state)) { | 158 if (!nt::QueryRegValueDWORD(key_handle.get(), kBeaconState, &blacklist_state)) |
| 161 nt::CloseRegKey(key_handle); | |
| 162 return false; | 159 return false; |
| 163 } | |
| 164 | 160 |
| 165 // Reaching this point with the setup running state means the setup did not | 161 // Reaching this point with the setup running state means the setup did not |
| 166 // crash, so we reset to enabled. Any other state indicates that setup was | 162 // crash, so we reset to enabled. Any other state indicates that setup was |
| 167 // skipped; in that case we leave the state alone for later recording. | 163 // skipped; in that case we leave the state alone for later recording. |
| 168 if (blacklist_state == BLACKLIST_SETUP_RUNNING) { | 164 if (blacklist_state == BLACKLIST_SETUP_RUNNING) { |
| 169 if (!nt::SetRegValueDWORD(key_handle, kBeaconState, BLACKLIST_ENABLED)) { | 165 if (!nt::SetRegValueDWORD(key_handle.get(), kBeaconState, |
| 170 nt::CloseRegKey(key_handle); | 166 BLACKLIST_ENABLED)) { |
| 171 return false; | 167 return false; |
| 172 } | 168 } |
| 173 } | 169 } |
| 174 | 170 |
| 175 nt::CloseRegKey(key_handle); | |
| 176 return true; | 171 return true; |
| 177 } | 172 } |
| 178 | 173 |
| 179 int BlacklistSize() { | 174 int BlacklistSize() { |
| 180 int size = -1; | 175 int size = -1; |
| 181 while (blacklist::g_troublesome_dlls[++size] != NULL) { | 176 while (blacklist::g_troublesome_dlls[++size] != NULL) { |
| 182 } | 177 } |
| 183 | 178 |
| 184 return size; | 179 return size; |
| 185 } | 180 } |
| (...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 344 | 339 |
| 345 // Mark the thunk storage as executable and prevent any future writes to it. | 340 // Mark the thunk storage as executable and prevent any future writes to it. |
| 346 page_executable = page_executable && | 341 page_executable = page_executable && |
| 347 VirtualProtect(&g_thunk_storage, sizeof(g_thunk_storage), | 342 VirtualProtect(&g_thunk_storage, sizeof(g_thunk_storage), |
| 348 PAGE_EXECUTE_READ, &old_protect); | 343 PAGE_EXECUTE_READ, &old_protect); |
| 349 | 344 |
| 350 return NT_SUCCESS(ret) && page_executable; | 345 return NT_SUCCESS(ret) && page_executable; |
| 351 } | 346 } |
| 352 | 347 |
| 353 } // namespace blacklist | 348 } // namespace blacklist |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2507263002:
Make nt_registry Create/OpenRegKey return a scoped object
