| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/safe_browsing/module_integrity_verifier_win.h" | 5 #include "chrome/browser/safe_browsing/module_integrity_verifier_win.h" |
| 6 | 6 |
| 7 #include "base/files/file_path.h" | 7 #include "base/files/file_path.h" |
| 8 #include "base/files/memory_mapped_file.h" | 8 #include "base/files/memory_mapped_file.h" |
| 9 #include "base/native_library.h" | 9 #include "base/native_library.h" |
| 10 #include "base/path_service.h" | 10 #include "base/path_service.h" |
| 11 #include "base/scoped_native_library.h" | 11 #include "base/scoped_native_library.h" |
| 12 #include "base/win/pe_image.h" | 12 #include "base/win/pe_image.h" |
| 13 #include "chrome/browser/safe_browsing/module_integrity_unittest_util_win.h" |
| 13 #include "testing/gtest/include/gtest/gtest.h" | 14 #include "testing/gtest/include/gtest/gtest.h" |
| 14 | 15 |
| 15 namespace safe_browsing { | 16 namespace safe_browsing { |
| 16 | 17 |
| 17 namespace { | |
| 18 | |
| 19 const wchar_t kTestDllName[] = L"verifier_test_dll.dll"; | |
| 20 const char kTestExportName[] = "DummyExport"; | |
| 21 | |
| 22 } // namespace | |
| 23 | |
| 24 class SafeBrowsingModuleVerifierWinTest : public testing::Test { | 18 class SafeBrowsingModuleVerifierWinTest : public testing::Test { |
| 25 protected: | 19 protected: |
| 26 void SetUpTestDllAndPEImages() { | 20 void SetUpTestDllAndPEImages() { |
| 27 LoadModule(); | 21 LoadModule(); |
| 28 HMODULE mem_handle; | 22 HMODULE mem_handle; |
| 29 GetMemModuleHandle(&mem_handle); | 23 GetMemModuleHandle(&mem_handle); |
| 30 mem_peimage_ptr_.reset(new base::win::PEImage(mem_handle)); | 24 mem_peimage_ptr_.reset(new base::win::PEImage(mem_handle)); |
| 31 ASSERT_TRUE(mem_peimage_ptr_->VerifyMagic()); | 25 ASSERT_TRUE(mem_peimage_ptr_->VerifyMagic()); |
| 32 | 26 |
| 33 LoadDLLAsFile(); | 27 LoadDLLAsFile(); |
| 34 HMODULE disk_handle; | 28 HMODULE disk_handle; |
| 35 GetDiskModuleHandle(&disk_handle); | 29 GetDiskModuleHandle(&disk_handle); |
| 36 disk_peimage_ptr_.reset(new base::win::PEImageAsData(disk_handle)); | 30 disk_peimage_ptr_.reset(new base::win::PEImageAsData(disk_handle)); |
| 37 ASSERT_TRUE(disk_peimage_ptr_->VerifyMagic()); | 31 ASSERT_TRUE(disk_peimage_ptr_->VerifyMagic()); |
| 38 } | 32 } |
| 39 | 33 |
| 40 void LoadModule() { | 34 void LoadModule() { |
| 41 mem_dll_handle_.Reset( | 35 mem_dll_handle_.Reset( |
| 42 LoadNativeLibrary(base::FilePath(kTestDllName), NULL)); | 36 LoadNativeLibrary(base::FilePath(kTestDllNames[0]), NULL)); |
| 43 ASSERT_TRUE(mem_dll_handle_.is_valid()); | 37 ASSERT_TRUE(mem_dll_handle_.is_valid()); |
| 44 } | 38 } |
| 45 | 39 |
| 46 void GetMemModuleHandle(HMODULE* mem_handle) { | 40 void GetMemModuleHandle(HMODULE* mem_handle) { |
| 47 *mem_handle = GetModuleHandle(kTestDllName); | 41 *mem_handle = GetModuleHandle(kTestDllNames[0]); |
| 48 ASSERT_NE(static_cast<HMODULE>(NULL), *mem_handle); | 42 ASSERT_NE(static_cast<HMODULE>(NULL), *mem_handle); |
| 49 } | 43 } |
| 50 | 44 |
| 51 void LoadDLLAsFile() { | 45 void LoadDLLAsFile() { |
| 52 // Use the module handle to find the it on disk, then load as a file. | 46 // Use the module handle to find the it on disk, then load as a file. |
| 53 HMODULE module_handle; | 47 HMODULE module_handle; |
| 54 GetMemModuleHandle(&module_handle); | 48 GetMemModuleHandle(&module_handle); |
| 55 | 49 |
| 56 WCHAR module_path[MAX_PATH] = {}; | 50 WCHAR module_path[MAX_PATH] = {}; |
| 57 DWORD length = | 51 DWORD length = |
| (...skipping 29 matching lines...) Expand all Loading... |
| 87 base::ScopedNativeLibrary mem_dll_handle_; | 81 base::ScopedNativeLibrary mem_dll_handle_; |
| 88 base::MemoryMappedFile disk_dll_handle_; | 82 base::MemoryMappedFile disk_dll_handle_; |
| 89 scoped_ptr<base::win::PEImageAsData> disk_peimage_ptr_; | 83 scoped_ptr<base::win::PEImageAsData> disk_peimage_ptr_; |
| 90 scoped_ptr<base::win::PEImage> mem_peimage_ptr_; | 84 scoped_ptr<base::win::PEImage> mem_peimage_ptr_; |
| 91 }; | 85 }; |
| 92 | 86 |
| 93 TEST_F(SafeBrowsingModuleVerifierWinTest, VerifyModuleUnmodified) { | 87 TEST_F(SafeBrowsingModuleVerifierWinTest, VerifyModuleUnmodified) { |
| 94 std::set<std::string> modified_exports; | 88 std::set<std::string> modified_exports; |
| 95 // Call VerifyModule before the module has been loaded, should fail. | 89 // Call VerifyModule before the module has been loaded, should fail. |
| 96 EXPECT_EQ(MODULE_STATE_UNKNOWN, | 90 EXPECT_EQ(MODULE_STATE_UNKNOWN, |
| 97 VerifyModule(kTestDllName, &modified_exports)); | 91 VerifyModule(kTestDllNames[0], &modified_exports)); |
| 98 EXPECT_EQ(0, modified_exports.size()); | 92 EXPECT_EQ(0, modified_exports.size()); |
| 99 | 93 |
| 100 // On loading, the module should be identical (up to relocations) in memory as | 94 // On loading, the module should be identical (up to relocations) in memory as |
| 101 // on disk. | 95 // on disk. |
| 102 SetUpTestDllAndPEImages(); | 96 SetUpTestDllAndPEImages(); |
| 103 EXPECT_EQ(MODULE_STATE_UNMODIFIED, | 97 EXPECT_EQ(MODULE_STATE_UNMODIFIED, |
| 104 VerifyModule(kTestDllName, &modified_exports)); | 98 VerifyModule(kTestDllNames[0], &modified_exports)); |
| 105 EXPECT_EQ(0, modified_exports.size()); | 99 EXPECT_EQ(0, modified_exports.size()); |
| 106 } | 100 } |
| 107 | 101 |
| 108 TEST_F(SafeBrowsingModuleVerifierWinTest, VerifyModuleModified) { | 102 TEST_F(SafeBrowsingModuleVerifierWinTest, VerifyModuleModified) { |
| 109 std::set<std::string> modified_exports; | 103 std::set<std::string> modified_exports; |
| 110 // Confirm the module is identical in memory as on disk before we begin. | 104 // Confirm the module is identical in memory as on disk before we begin. |
| 111 SetUpTestDllAndPEImages(); | 105 SetUpTestDllAndPEImages(); |
| 112 EXPECT_EQ(MODULE_STATE_UNMODIFIED, | 106 EXPECT_EQ(MODULE_STATE_UNMODIFIED, |
| 113 VerifyModule(kTestDllName, &modified_exports)); | 107 VerifyModule(kTestDllNames[0], &modified_exports)); |
| 114 | 108 |
| 115 uint8_t* mem_code_addr = NULL; | 109 uint8_t* mem_code_addr = NULL; |
| 116 uint8_t* disk_code_addr = NULL; | 110 uint8_t* disk_code_addr = NULL; |
| 117 uint32_t code_size = 0; | 111 uint32_t code_size = 0; |
| 118 EXPECT_TRUE(GetCodeAddrsAndSize(*mem_peimage_ptr_, | 112 EXPECT_TRUE(GetCodeAddrsAndSize(*mem_peimage_ptr_, |
| 119 *disk_peimage_ptr_, | 113 *disk_peimage_ptr_, |
| 120 &mem_code_addr, | 114 &mem_code_addr, |
| 121 &disk_code_addr, | 115 &disk_code_addr, |
| 122 &code_size)); | 116 &code_size)); |
| 123 | 117 |
| 124 // Edit the first byte of the code section of the module (this may be before | 118 // Edit the first byte of the code section of the module (this may be before |
| 125 // the address of any export). | 119 // the address of any export). |
| 126 uint8_t new_val = (*mem_code_addr) + 1; | 120 uint8_t new_val = (*mem_code_addr) + 1; |
| 127 SIZE_T bytes_written = 0; | 121 SIZE_T bytes_written = 0; |
| 128 WriteProcessMemory(GetCurrentProcess(), | 122 WriteProcessMemory(GetCurrentProcess(), |
| 129 mem_code_addr, | 123 mem_code_addr, |
| 130 reinterpret_cast<void*>(&new_val), | 124 reinterpret_cast<void*>(&new_val), |
| 131 1, | 125 1, |
| 132 &bytes_written); | 126 &bytes_written); |
| 133 EXPECT_EQ(1, bytes_written); | 127 EXPECT_EQ(1, bytes_written); |
| 134 | 128 |
| 135 // VerifyModule should detect the change. | 129 // VerifyModule should detect the change. |
| 136 EXPECT_EQ(MODULE_STATE_MODIFIED, | 130 EXPECT_EQ(MODULE_STATE_MODIFIED, |
| 137 VerifyModule(kTestDllName, &modified_exports)); | 131 VerifyModule(kTestDllNames[0], &modified_exports)); |
| 138 } | 132 } |
| 139 | 133 |
| 140 TEST_F(SafeBrowsingModuleVerifierWinTest, VerifyModuleExportModified) { | 134 TEST_F(SafeBrowsingModuleVerifierWinTest, VerifyModuleExportModified) { |
| 141 std::set<std::string> modified_exports; | 135 std::set<std::string> modified_exports; |
| 142 // Confirm the module is identical in memory as on disk before we begin. | 136 // Confirm the module is identical in memory as on disk before we begin. |
| 143 SetUpTestDllAndPEImages(); | 137 SetUpTestDllAndPEImages(); |
| 144 EXPECT_EQ(MODULE_STATE_UNMODIFIED, | 138 EXPECT_EQ(MODULE_STATE_UNMODIFIED, |
| 145 VerifyModule(kTestDllName, &modified_exports)); | 139 VerifyModule(kTestDllNames[0], &modified_exports)); |
| 146 modified_exports.clear(); | 140 modified_exports.clear(); |
| 147 | 141 |
| 148 // Edit the exported function, VerifyModule should now return the function | 142 // Edit the exported function, VerifyModule should now return the function |
| 149 // name in modified_exports. | 143 // name in modified_exports. |
| 150 EditExport(); | 144 EditExport(); |
| 151 EXPECT_EQ(MODULE_STATE_MODIFIED, | 145 EXPECT_EQ(MODULE_STATE_MODIFIED, |
| 152 VerifyModule(kTestDllName, &modified_exports)); | 146 VerifyModule(kTestDllNames[0], &modified_exports)); |
| 153 EXPECT_EQ(1, modified_exports.size()); | 147 EXPECT_EQ(1, modified_exports.size()); |
| 154 EXPECT_EQ(0, std::string(kTestExportName).compare(*modified_exports.begin())); | 148 EXPECT_EQ(0, std::string(kTestExportName).compare(*modified_exports.begin())); |
| 155 } | 149 } |
| 156 | 150 |
| 157 } // namespace safe_browsing | 151 } // namespace safe_browsing |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 440753002:
The incident reporting service now calls VerifyModule. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master