Chromium Code Reviews Chromium Code Reviews
Issue 440753002:
The incident reporting service now calls VerifyModule. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/safe_browsing/environment_data_collection_win.h" | 5 #include "chrome/browser/safe_browsing/environment_data_collection_win.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/base_paths.h" | 9 #include "base/base_paths.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| 11 #include "base/path_service.h" | 11 #include "base/path_service.h" |
| 12 #include "base/scoped_native_library.h" | 12 #include "base/scoped_native_library.h" |
| 13 #include "base/strings/utf_string_conversions.h" | 13 #include "base/strings/utf_string_conversions.h" |
| 14 #include "base/test/test_reg_util_win.h" | 14 #include "base/test/test_reg_util_win.h" |
| 15 #include "base/win/registry.h" | 15 #include "base/win/registry.h" |
| 16 #include "chrome/browser/safe_browsing/module_integrity_unittest_util_win.h" | |
| 17 #include "chrome/browser/safe_browsing/module_integrity_verifier_win.h" | |
| 16 #include "chrome/browser/safe_browsing/path_sanitizer.h" | 18 #include "chrome/browser/safe_browsing/path_sanitizer.h" |
| 17 #include "chrome/common/safe_browsing/csd.pb.h" | 19 #include "chrome/common/safe_browsing/csd.pb.h" |
| 18 #include "chrome_elf/chrome_elf_constants.h" | 20 #include "chrome_elf/chrome_elf_constants.h" |
| 19 #include "net/base/winsock_init.h" | 21 #include "net/base/winsock_init.h" |
| 20 #include "testing/gtest/include/gtest/gtest.h" | 22 #include "testing/gtest/include/gtest/gtest.h" |
| 21 | 23 |
| 22 namespace { | 24 namespace { |
| 23 | 25 |
| 24 const wchar_t test_dll[] = L"test_name.dll"; | 26 const wchar_t test_dll[] = L"test_name.dll"; |
| 25 | 27 |
| (...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 160 .Append(FILE_PATH_LITERAL("test_path.dll")) | 162 .Append(FILE_PATH_LITERAL("test_path.dll")) |
| 161 .AsUTF8Unsafe(); | 163 .AsUTF8Unsafe(); |
| 162 | 164 |
| 163 blacklist_registry_key.WriteValue(input_path.c_str(), input_path.c_str()); | 165 blacklist_registry_key.WriteValue(input_path.c_str(), input_path.c_str()); |
| 164 safe_browsing::CollectDllBlacklistData(&process_report); | 166 safe_browsing::CollectDllBlacklistData(&process_report); |
| 165 | 167 |
| 166 ASSERT_EQ(1, process_report.blacklisted_dll_size()); | 168 ASSERT_EQ(1, process_report.blacklisted_dll_size()); |
| 167 std::string process_report_path = process_report.blacklisted_dll(0); | 169 std::string process_report_path = process_report.blacklisted_dll(0); |
| 168 EXPECT_EQ(path_expected, process_report_path); | 170 EXPECT_EQ(path_expected, process_report_path); |
| 169 } | 171 } |
| 172 | |
| 173 TEST(SafeBrowsingEnvironmentDataCollectionWinTest, VerifyLoadedModules) { | |
| 174 // Load the test modules. | |
| 175 std::vector<base::ScopedNativeLibrary> test_dlls( | |
| 176 safe_browsing::kTestDllNamesCount); | |
| 177 for (size_t i = 0; i < safe_browsing::kTestDllNamesCount; ++i) { | |
| 178 test_dlls[i].Reset(LoadNativeLibrary( | |
| 179 base::FilePath(safe_browsing::kTestDllNames[i]), NULL)); | |
| 180 } | |
| 181 | |
| 182 // Edit the first byte of the function exported by the first module. | |
| 183 HMODULE module_handle = NULL; | |
| 184 EXPECT_TRUE( | |
| 185 GetModuleHandleEx(0, safe_browsing::kTestDllNames[0], &module_handle)); | |
| 186 uint8_t* export_addr = reinterpret_cast<uint8_t*>( | |
| 187 GetProcAddress(module_handle, safe_browsing::kTestExportName)); | |
| 188 EXPECT_NE(reinterpret_cast<uint8_t*>(NULL), export_addr); | |
| 189 | |
| 190 uint8_t new_val = (*export_addr) + 1; | |
| 191 SIZE_T bytes_written = 0; | |
| 192 WriteProcessMemory(GetCurrentProcess(), | |
| 193 export_addr, | |
| 194 reinterpret_cast<void*>(&new_val), | |
| 195 1, | |
| 196 &bytes_written); | |
| 197 EXPECT_EQ(1, bytes_written); | |
| 198 | |
| 199 safe_browsing::ClientIncidentReport_EnvironmentData_Process process_report; | |
| 200 safe_browsing::CollectModuleVerificationData( | |
| 201 safe_browsing::kTestDllNames, | |
| 202 safe_browsing::kTestDllNamesCount, | |
| 203 &process_report); | |
| 204 EXPECT_EQ(safe_browsing::kTestDllNamesCount, | |
| 205 process_report.module_state_size()); | |
| 206 | |
| 207 // CollectModuleVerificationData should find the modified exported function in | |
| 208 // the first module, and see all others as unmodified. | |
| 209 for (int i = 0; i < process_report.module_state_size(); ++i) { | |
|
csharp
2014/08/07 17:22:11
Right now the order of the modules returned from C
krstnmnlsn
2014/08/07 21:21:22
Done.
| |
| 210 if (process_report.module_state(i).name() == | |
| 211 base::WideToUTF8(std::wstring(safe_browsing::kTestDllNames[0]))) { | |
| 212 EXPECT_EQ(safe_browsing:: | |
| 213 ClientIncidentReport_EnvironmentData_Process_ModuleState:: | |
| 214 MODULE_STATE_MODIFIED, | |
| 215 process_report.module_state(i).modified_state()); | |
| 216 EXPECT_EQ(1, process_report.module_state(i).modified_export_size()); | |
| 217 EXPECT_EQ(std::string(safe_browsing::kTestExportName), | |
| 218 process_report.module_state(i).modified_export(0)); | |
| 219 | |
| 220 } else { | |
| 221 EXPECT_EQ(safe_browsing:: | |
| 222 ClientIncidentReport_EnvironmentData_Process_ModuleState:: | |
| 223 MODULE_STATE_UNMODIFIED, | |
| 224 process_report.module_state(i).modified_state()); | |
| 225 EXPECT_EQ(0, process_report.module_state(i).modified_export_size()); | |
| 226 } | |
| 227 } | |
| 228 } | |
| OLD | NEW |
