Finch Blacklist is now added to the Hardcoded blacklist.

chrome_elf/blacklist/blacklist.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome_elf/blacklist/blacklist.h"
 
 #include <assert.h>
 #include <string.h>
 
+#include <vector>
+
 #include "base/basictypes.h"
 #include "chrome_elf/blacklist/blacklist_interceptions.h"
 #include "chrome_elf/chrome_elf_constants.h"
 #include "chrome_elf/chrome_elf_util.h"
 #include "chrome_elf/thunk_getter.h"
 #include "sandbox/win/src/interception_internal.h"
 #include "sandbox/win/src/internal_types.h"
 #include "sandbox/win/src/service_resolver.h"
 
 // http://blogs.msdn.com/oldnewthing/archive/2004/10/25/247180.aspx
@@ skipping 315 matching lines @@
   g_blacklist_initialized = NT_SUCCESS(ret);
 
   // Mark the thunk storage as executable and prevent any future writes to it.
   page_executable = page_executable && VirtualProtect(&g_thunk_storage,
                                                       sizeof(g_thunk_storage),
                                                       PAGE_EXECUTE_READ,
                                                       &old_protect);
 
   RecordSuccessfulThunkSetup(&key);
 
+  AddDllsFromRegistryToBlacklist();
+
   return NT_SUCCESS(ret) && page_executable;
 }
 
+bool AddDllsFromRegistryToBlacklist() {
+  HKEY key = NULL;
+  LONG result = ::RegOpenKeyEx(HKEY_CURRENT_USER,
+                               kRegistryFinchListPath,
+                               0,
+                               KEY_QUERY_VALUE | KEY_SET_VALUE,
+                               &key);
+
+  if (result != ERROR_SUCCESS)
+    return false;
+
+  int num_dlls = 0;
+  int longest_name = 0;
+  ::RegQueryInfoKey(key, NULL, NULL, NULL, NULL, NULL, NULL,
+                    reinterpret_cast<DWORD*>(&num_dlls),
+                    reinterpret_cast<DWORD*>(&longest_name),
+                    NULL, NULL, NULL);
+
+  // Collect dlls so that we can delete them after the enumeration.
+  std::vector<std::wstring> dll_names;
+  for (int i = 0; i < num_dlls; ++i) {
+    DWORD name_len = longest_name + 1;
+    DWORD value_len = 0;
+    assert(name_len > 0);
+    std::vector<wchar_t> name_buffer(name_len);
+    result = ::RegEnumValue(
+        key, i, &name_buffer[0], &name_len, NULL, NULL, NULL, &value_len);
+    name_len = name_len + 1;
+    value_len = value_len + 1;
+    assert(value_len > 0);
+    std::vector<wchar_t> value_buffer(value_len);
+    result = ::RegEnumValue(key, i, &name_buffer[0], &name_len, NULL, NULL,

[robertshield, 2014/06/03 03:03:00]

name_len was increased by 1 on line 379, but I don't see name_buffer's size
having been increased. Do you need to increment it at all (it is already set to
longest_name + 1)?

+                            reinterpret_cast<BYTE*>(&value_buffer[0]),
+                            &value_len);
+    value_buffer[value_len] = L'\0';

[robertshield, 2014/06/03 03:03:00]

if value_buffer.size() is value_len, then the last element of value_buffer is
value_buffer[value_len - 1];

[krstnmnlsn, 2014/06/03 19:30:16]

Done.

+
+    if (result == ERROR_SUCCESS) {
+      AddDllToBlacklist(&value_buffer[0]);
+    }
+
+    std::wstring name_str(name_buffer.begin(), name_buffer.end());
+    dll_names.push_back(name_str);

[robertshield, 2014/06/03 03:03:00]

nit:
dll_names.push_back(std::wstring(name_buffer.begin(), name_buffer.end()));

The temporary doesn't increase readability here.

[krstnmnlsn, 2014/06/03 19:30:16]

Done.

+  }
+
+  for (int i = 0; i < num_dlls; ++i) {
+    ::RegDeleteValue(key, dll_names[i].c_str());
+  }
+
+  ::RegCloseKey(key);
+  return true;
+}
+
 }  // namespace blacklist