The incident reporting service now calls VerifyModule.

chrome/browser/safe_browsing/environment_data_collection_win_unittest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/environment_data_collection_win.h"
 
 #include <string>
 
 #include "base/base_paths.h"
 #include "base/files/file_path.h"
 #include "base/path_service.h"
 #include "base/scoped_native_library.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/test/test_reg_util_win.h"
 #include "base/win/registry.h"
+#include "chrome/browser/safe_browsing/module_integrity_unittest_util.h"
+#include "chrome/browser/safe_browsing/module_integrity_verifier_win.h"
 #include "chrome/browser/safe_browsing/path_sanitizer.h"
 #include "chrome/common/safe_browsing/csd.pb.h"
 #include "chrome_elf/chrome_elf_constants.h"
 #include "net/base/winsock_init.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace {
 
 const wchar_t test_dll[] = L"test_name.dll";
 
@@ skipping 134 matching lines @@
                                   .Append(FILE_PATH_LITERAL("test_path.dll"))
                                   .AsUTF8Unsafe();
 
   blacklist_registry_key.WriteValue(input_path.c_str(), input_path.c_str());
   safe_browsing::CollectDllBlacklistData(&process_report);
 
   ASSERT_EQ(1, process_report.blacklisted_dll_size());
   std::string process_report_path = process_report.blacklisted_dll(0);
   EXPECT_EQ(path_expected, process_report_path);
 }
+
+TEST(SafeBrowsingEnvironmentDataCollectionWinTest, VerifyLoadedModules) {
+  //  Load the test modules.
+  int test_dlls_count = safe_browsing::TestDllsCount();
+  std::vector<base::ScopedNativeLibrary> test_dlls(test_dlls_count);
+  for (int i = 0; i < test_dlls_count; ++i) {
+    test_dlls[i].Reset(LoadNativeLibrary(
+        base::FilePath(safe_browsing::test_dll_names[i]), NULL));
+  }
+
+  // Edit the first byte of the function exported by the first module.
+  HMODULE module_handle = NULL;
+  EXPECT_TRUE(
+      GetModuleHandleEx(0, safe_browsing::test_dll_names[0], &module_handle));
+  uint8_t* export_addr = reinterpret_cast<uint8_t*>(
+      GetProcAddress(module_handle, safe_browsing::kTestExportName));
+  EXPECT_NE(reinterpret_cast<uint8_t*>(NULL), export_addr);
+
+  uint8_t new_val = (*export_addr) + 1;
+  SIZE_T bytes_written = 0;
+  WriteProcessMemory(GetCurrentProcess(),
+                     export_addr,
+                     reinterpret_cast<void*>(&new_val),
+                     1,
+                     &bytes_written);
+  EXPECT_EQ(1, bytes_written);
+
+  safe_browsing::ClientIncidentReport_EnvironmentData_Process process_report;
+  safe_browsing::RecordModuleVerificationData(safe_browsing::test_dll_names,
+                                              &process_report);
+  EXPECT_EQ(test_dlls_count, process_report.module_state_size());
+
+  //  RecordModuleVerificationData should find the modified exported function

[robertshield, 2014/08/06 13:00:51]

micro nit: one less space between // and R

[krstnmnlsn, 2014/08/06 21:55:11]

I'm beginning to see why you can't handle justified text

+  //  in the first module, and see all others as unmodified.
+  for (int i = 0; i < process_report.module_state_size(); ++i) {
+    if (process_report.module_state(i).name() ==
+        base::WideToUTF8(std::wstring(safe_browsing::test_dll_names[0]))) {
+      EXPECT_EQ(safe_browsing::MODULE_STATE_MODIFIED,
+                process_report.module_state(i).modified_state());
+      EXPECT_EQ(1, process_report.module_state(i).modified_export_size());
+      EXPECT_EQ(std::string(safe_browsing::kTestExportName),
+                process_report.module_state(i).modified_export(0));
+
+    } else {
+      EXPECT_EQ(safe_browsing::MODULE_STATE_UNMODIFIED,
+                process_report.module_state(i).modified_state());
+      EXPECT_EQ(0, process_report.module_state(i).modified_export_size());
+    }
+  }
+}