Changes to module_integrity_verifier.cc that allow the function VerifyModule

chrome/browser/safe_browsing/module_integrity_verifier_unittest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/module_integrity_verifier.h"
 
 #include "base/files/file_path.h"
 #include "base/files/memory_mapped_file.h"
 #include "base/native_library.h"
 #include "base/path_service.h"
 #include "base/scoped_native_library.h"
 #include "base/win/pe_image.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace safe_browsing {
 
 const wchar_t kTestDllName[] = L"verifier_test_dll.dll";
+const char kTestExportName[] = "DummyExport";
 
 class SafeBrowsingModuleVerifierTest : public testing::Test {
  protected:
   SafeBrowsingModuleVerifierTest() {}
   virtual ~SafeBrowsingModuleVerifierTest() {}
 
   base::ScopedNativeLibrary mem_dll_handle_;
   base::MemoryMappedFile disk_dll_handle_;
   scoped_ptr<base::win::PEImageAsData> disk_peimage_ptr_;
   scoped_ptr<base::win::PEImage> mem_peimage_ptr_;
@@ skipping 32 matching lines @@
     WCHAR module_path[MAX_PATH] = {};
     DWORD length =
         GetModuleFileName(module_handle, module_path, arraysize(module_path));
     ASSERT_NE(length, arraysize(module_path));
 
     ASSERT_TRUE(disk_dll_handle_.Initialize(base::FilePath(module_path)));
     *disk_handle =
         reinterpret_cast<HMODULE>(const_cast<uint8*>(disk_dll_handle_.data()));
   }
 
- private:
-  DISALLOW_COPY_AND_ASSIGN(SafeBrowsingModuleVerifierTest);
+  void EditExport(const char* export_name) {
+    HMODULE mem_handle;
+    GetMemModuleHandle(&mem_handle);
+    uint8_t* export_addr =
+        reinterpret_cast<uint8_t*>(GetProcAddress(mem_handle, export_name));
+    EXPECT_TRUE(NULL != export_addr);
+
+    export_addr = export_addr;
+
+    // Edit the first byte of the function.
+    uint8_t new_val = (*export_addr) + 1;
+    SIZE_T bytes_written = 0;
+    WriteProcessMemory(GetCurrentProcess(),
+                       export_addr,
+                       reinterpret_cast<void*>(&new_val),
+                       1,
+                       &bytes_written);
+    EXPECT_EQ(1, bytes_written);
+}
+
+private:
+DISALLOW_COPY_AND_ASSIGN(SafeBrowsingModuleVerifierTest);
 };
 
-TEST_F(SafeBrowsingModuleVerifierTest, CountBytesDiffInPtr) {
-  // Construct test pointers and try with CountBytesDiffInPtr.
-  // The first Bytes differ.
-  uintptr_t num_a = 0xFF;
-  uintptr_t num_b = 0x00;
-
-  // Any inbetween Bytes are identical.
-  int num_bytes_to_add = sizeof(num_a) - 2;
-  for (int i = 0; i < num_bytes_to_add; ++i) {
-    num_a <<= 8;
-    num_b <<= 8;
-    num_a += 0xFF;
-    num_b += 0xFF;
-  }
-
-  // The last Bytes differ.
-  num_a <<= 8;
-  num_b <<= 8;
-  num_a += 0x0F;
-  num_b += 0xFF;
-
-  EXPECT_EQ(2, CountBytesDiffInPtr(num_a, num_b));
-  EXPECT_EQ(2, CountBytesDiffInPtr(num_b, num_a));
-  EXPECT_EQ(0, CountBytesDiffInPtr(num_a, num_a));
-}
-
 TEST_F(SafeBrowsingModuleVerifierTest, VerifyModuleUnmodified) {
+  std::set<std::string> modified_exports;
   // Call VerifyModule before the module has been loaded, should fail.
-  EXPECT_EQ(MODULE_STATE_UNKNOWN, VerifyModule(kTestDllName));
+  EXPECT_EQ(MODULE_STATE_UNKNOWN,
+            VerifyModule(kTestDllName, &modified_exports));
+  EXPECT_EQ(0, modified_exports.size());
 
   // On loading, the module should be identical (up to relocations) in memory as
   // on disk.
   SetUpTestDllAndPEImages();
-  EXPECT_EQ(MODULE_STATE_UNMODIFIED, VerifyModule(kTestDllName));
+  EXPECT_EQ(MODULE_STATE_UNMODIFIED,
+            VerifyModule(kTestDllName, &modified_exports));
+  EXPECT_EQ(0, modified_exports.size());
 }
 
 TEST_F(SafeBrowsingModuleVerifierTest, VerifyModuleModified) {
+  std::set<std::string> modified_exports;
   // Confirm the module is identical in memory as on disk before we begin.
   SetUpTestDllAndPEImages();
-  EXPECT_EQ(MODULE_STATE_UNMODIFIED, VerifyModule(kTestDllName));
+  EXPECT_EQ(MODULE_STATE_UNMODIFIED,
+            VerifyModule(kTestDllName, &modified_exports));
 
   uint8_t* mem_code_addr = NULL;
   uint8_t* disk_code_addr = NULL;
   uint32_t code_size = 0;
   EXPECT_TRUE(GetCodeAddrsAndSize(*mem_peimage_ptr_,
                                   *disk_peimage_ptr_,
                                   &mem_code_addr,
                                   &disk_code_addr,
                                   &code_size));
 
   // Edit the first byte of the code section of the module.
   uint8_t new_val = (*mem_code_addr) + 1;
   SIZE_T bytes_written = 0;
   WriteProcessMemory(GetCurrentProcess(),
                      mem_code_addr,
                      reinterpret_cast<void*>(&new_val),
                      1,
                      &bytes_written);
   EXPECT_EQ(1, bytes_written);
 
   // VerifyModule should detect the change.
-  EXPECT_EQ(MODULE_STATE_MODIFIED, VerifyModule(kTestDllName));
+  EXPECT_EQ(MODULE_STATE_MODIFIED,
+            VerifyModule(kTestDllName, &modified_exports));
+}
+
+TEST_F(SafeBrowsingModuleVerifierTest, VerifyModuleExportModified) {
+  std::set<std::string> modified_exports;
+  // Confirm the module is identical in memory as on disk before we begin.
+  SetUpTestDllAndPEImages();
+  EXPECT_EQ(MODULE_STATE_UNMODIFIED,
+            VerifyModule(kTestDllName, &modified_exports));
+  modified_exports.clear();
+
+  EditExport(kTestExportName);
+  EXPECT_EQ(MODULE_STATE_MODIFIED,
+            VerifyModule(kTestDllName, &modified_exports));
+  EXPECT_EQ(1, modified_exports.size());
 }
 
 }  // namespace safe_browsing