The incident reporting service now calls VerifyModule.

chrome/browser/safe_browsing/environment_data_collection_win.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/environment_data_collection_win.h"
 
 #include <windows.h>
 #include <set>
 
 #include "base/i18n/case_conversion.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/win/registry.h"
 #include "chrome/browser/install_verification/win/module_info.h"
 #include "chrome/browser/install_verification/win/module_verification_common.h"
 #include "chrome/browser/net/service_providers_win.h"
+#include "chrome/browser/safe_browsing/module_integrity_verifier_win.h"
 #include "chrome/browser/safe_browsing/path_sanitizer.h"
 #include "chrome/common/safe_browsing/csd.pb.h"
 #include "chrome_elf/chrome_elf_constants.h"
 
 namespace safe_browsing {
 
 namespace {
 
+// The modules on which we will run VerifyModule.
+const wchar_t* const kModulesToVerify[] = {
+    L"chrome.dll",
+    L"chrome_elf.dll",
+    L"ntdll.dll",
+    NULL,

[grt (UTC plus 2), 2014/08/08 01:08:51]

remove NULL

[krstnmnlsn, 2014/08/08 13:18:08]

Done.

+};
+
 // Helper function for expanding all environment variables in |path|.
 std::wstring ExpandEnvironmentVariables(const std::wstring& path) {
   static const DWORD kMaxBuffer = 32 * 1024;  // Max according to MSDN.
   std::wstring path_expanded;
   DWORD path_len = MAX_PATH;
   do {
     DWORD result = ExpandEnvironmentStrings(
         path.c_str(), WriteInto(&path_expanded, path_len), path_len);
     if (!result) {
       // Failed to expand variables. Return the original string.
@@ skipping 60 matching lines @@
   PathSanitizer path_sanitizer;
   base::win::RegistryValueIterator iter(HKEY_CURRENT_USER,
                                         blacklist::kRegistryFinchListPath);
   for (; iter.Valid(); ++iter) {
     base::FilePath dll_name(iter.Value());
     path_sanitizer.StripHomeDirectory(&dll_name);
     process->add_blacklisted_dll(dll_name.AsUTF8Unsafe());
   }
 }
 
+void CollectModuleVerificationData(
+    const wchar_t* const modules_to_verify[],
+    size_t num_modules_to_verify,
+    ClientIncidentReport_EnvironmentData_Process* process) {
+  for (size_t i = 0; i < num_modules_to_verify; ++i) {
+    std::set<std::string> modified_exports;
+    int modified = VerifyModule(modules_to_verify[i], &modified_exports);

[grt (UTC plus 2), 2014/08/08 01:08:51]

should this just continue when this returns MODULE_STATE_UNMODIFIED, or do we
get useful information in this case?

[krstnmnlsn, 2014/08/08 13:18:08]

We don't need to send back the value no.

+
+    ClientIncidentReport_EnvironmentData_Process_ModuleState* module_state =
+        process->add_module_state();
+
+    module_state->set_name(
+        base::WideToUTF8(std::wstring(modules_to_verify[i])));
+    // Add 1 to the ModuleState enum to get the corresponding value in the
+    // protobuf's ModuleState enum.
+    module_state->set_modified_state(static_cast<
+        ClientIncidentReport_EnvironmentData_Process_ModuleState_ModifiedState>(
+        modified + 1));
+    for (std::set<std::string>::iterator it = modified_exports.begin();
+         it != modified_exports.end();
+         ++it) {
+      module_state->add_modified_export(*it);
+    }
+  }
+}
+
 void CollectPlatformProcessData(
     ClientIncidentReport_EnvironmentData_Process* process) {
   CollectDlls(process);
   RecordLspFeature(process);
   CollectDllBlacklistData(process);
+  CollectModuleVerificationData(
+      kModulesToVerify, arraysize(kModulesToVerify), process);
 }
 
 }  // namespace safe_browsing