OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/debug/close_handle_hook_win.h" | 5 #include "base/debug/close_handle_hook_win.h" |
6 | 6 |
7 #include <Windows.h> | 7 #include <Windows.h> |
8 #include <psapi.h> | 8 #include <psapi.h> |
9 #include <stddef.h> | 9 #include <stddef.h> |
10 | 10 |
11 #include <algorithm> | 11 #include <algorithm> |
12 #include <memory> | 12 #include <memory> |
13 #include <vector> | 13 #include <vector> |
14 | 14 |
15 #include "base/lazy_instance.h" | |
16 #include "base/macros.h" | 15 #include "base/macros.h" |
17 #include "base/win/iat_patch_function.h" | 16 #include "base/win/iat_patch_function.h" |
18 #include "base/win/pe_image.h" | 17 #include "base/win/pe_image.h" |
19 #include "base/win/scoped_handle.h" | 18 #include "base/win/scoped_handle.h" |
20 #include "build/build_config.h" | 19 #include "build/build_config.h" |
21 | 20 |
22 namespace { | 21 namespace { |
23 | 22 |
24 typedef BOOL (WINAPI* CloseHandleType) (HANDLE handle); | 23 typedef BOOL (WINAPI* CloseHandleType) (HANDLE handle); |
25 | 24 |
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
196 ~HandleHooks() {} | 195 ~HandleHooks() {} |
197 | 196 |
198 void AddIATPatch(HMODULE module); | 197 void AddIATPatch(HMODULE module); |
199 void AddEATPatch(); | 198 void AddEATPatch(); |
200 void Unpatch(); | 199 void Unpatch(); |
201 | 200 |
202 private: | 201 private: |
203 std::vector<base::win::IATPatchFunction*> hooks_; | 202 std::vector<base::win::IATPatchFunction*> hooks_; |
204 DISALLOW_COPY_AND_ASSIGN(HandleHooks); | 203 DISALLOW_COPY_AND_ASSIGN(HandleHooks); |
205 }; | 204 }; |
206 base::LazyInstance<HandleHooks> g_hooks = LAZY_INSTANCE_INITIALIZER; | |
207 | 205 |
208 void HandleHooks::AddIATPatch(HMODULE module) { | 206 void HandleHooks::AddIATPatch(HMODULE module) { |
209 if (!module) | 207 if (!module) |
210 return; | 208 return; |
211 | 209 |
212 base::win::IATPatchFunction* patch = NULL; | 210 base::win::IATPatchFunction* patch = NULL; |
213 patch = IATPatch(module, "CloseHandle", &CloseHandleHook, | 211 patch = IATPatch(module, "CloseHandle", &CloseHandleHook, |
214 reinterpret_cast<void**>(&g_close_function)); | 212 reinterpret_cast<void**>(&g_close_function)); |
215 if (!patch) | 213 if (!patch) |
216 return; | 214 return; |
217 hooks_.push_back(patch); | 215 hooks_.push_back(patch); |
218 | 216 |
219 patch = IATPatch(module, "DuplicateHandle", &DuplicateHandleHook, | 217 patch = IATPatch(module, "DuplicateHandle", &DuplicateHandleHook, |
220 reinterpret_cast<void**>(&g_duplicate_function)); | 218 reinterpret_cast<void**>(&g_duplicate_function)); |
221 if (!patch) | 219 if (!patch) |
222 return; | 220 return; |
223 hooks_.push_back(patch); | 221 hooks_.push_back(patch); |
224 } | 222 } |
225 | 223 |
226 void HandleHooks::AddEATPatch() { | 224 void HandleHooks::AddEATPatch() { |
227 // An attempt to restore the entry on the table at destruction is not safe. | 225 // An attempt to restore the entry on the table at destruction is not safe. |
228 EATPatch(GetModuleHandleA("kernel32.dll"), "CloseHandle", | 226 EATPatch(GetModuleHandleA("kernel32.dll"), "CloseHandle", |
229 &CloseHandleHook, reinterpret_cast<void**>(&g_close_function)); | 227 &CloseHandleHook, reinterpret_cast<void**>(&g_close_function)); |
230 EATPatch(GetModuleHandleA("kernel32.dll"), "DuplicateHandle", | 228 EATPatch(GetModuleHandleA("kernel32.dll"), "DuplicateHandle", |
231 &DuplicateHandleHook, | 229 &DuplicateHandleHook, |
232 reinterpret_cast<void**>(&g_duplicate_function)); | 230 reinterpret_cast<void**>(&g_duplicate_function)); |
233 } | 231 } |
234 | 232 |
235 void HandleHooks::Unpatch() { | 233 void HandleHooks::Unpatch() { |
Mark Mentovai
2017/01/31 18:25:26
Should we lose this dead code now too then?
scottmg
2017/01/31 18:42:02
Done.
| |
236 for (std::vector<base::win::IATPatchFunction*>::iterator it = hooks_.begin(); | 234 for (std::vector<base::win::IATPatchFunction*>::iterator it = hooks_.begin(); |
237 it != hooks_.end(); ++it) { | 235 it != hooks_.end(); ++it) { |
238 (*it)->Unpatch(); | 236 (*it)->Unpatch(); |
239 delete *it; | 237 delete *it; |
240 } | 238 } |
241 } | 239 } |
242 | 240 |
243 void PatchLoadedModules(HandleHooks* hooks) { | 241 void PatchLoadedModules(HandleHooks* hooks) { |
244 const DWORD kSize = 256; | 242 const DWORD kSize = 256; |
245 DWORD returned; | 243 DWORD returned; |
246 std::unique_ptr<HMODULE[]> modules(new HMODULE[kSize]); | 244 std::unique_ptr<HMODULE[]> modules(new HMODULE[kSize]); |
247 if (!EnumProcessModules(GetCurrentProcess(), modules.get(), | 245 if (!EnumProcessModules(GetCurrentProcess(), modules.get(), |
248 kSize * sizeof(HMODULE), &returned)) { | 246 kSize * sizeof(HMODULE), &returned)) { |
249 return; | 247 return; |
250 } | 248 } |
251 returned /= sizeof(HMODULE); | 249 returned /= sizeof(HMODULE); |
252 returned = std::min(kSize, returned); | 250 returned = std::min(kSize, returned); |
253 | 251 |
254 for (DWORD current = 0; current < returned; current++) { | 252 for (DWORD current = 0; current < returned; current++) { |
255 hooks->AddIATPatch(modules[current]); | 253 hooks->AddIATPatch(modules[current]); |
256 } | 254 } |
257 } | 255 } |
258 | 256 |
259 } // namespace | 257 } // namespace |
260 | 258 |
261 void InstallHandleHooks() { | 259 void InstallHandleHooks() { |
262 HandleHooks* hooks = g_hooks.Pointer(); | 260 static HandleHooks* hooks = new HandleHooks(); |
263 | 261 |
264 // Performing EAT interception first is safer in the presence of other | 262 // Performing EAT interception first is safer in the presence of other |
265 // threads attempting to call CloseHandle. | 263 // threads attempting to call CloseHandle. |
266 hooks->AddEATPatch(); | 264 hooks->AddEATPatch(); |
267 PatchLoadedModules(hooks); | 265 PatchLoadedModules(hooks); |
268 } | 266 } |
269 | 267 |
270 void RemoveHandleHooks() { | |
271 // We are partching all loaded modules without forcing them to stay in memory, | |
272 // removing patches is not safe. | |
273 } | |
274 | |
275 } // namespace debug | 268 } // namespace debug |
276 } // namespace base | 269 } // namespace base |
OLD | NEW |