| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/safe_browsing/module_integrity_verifier_win.h" | 5 #include "chrome/browser/safe_browsing/module_integrity_verifier_win.h" |
| 6 | 6 |
| 7 #include "base/files/file_path.h" | 7 #include "base/files/file_path.h" |
| 8 #include "base/files/memory_mapped_file.h" | 8 #include "base/files/memory_mapped_file.h" |
| 9 #include "base/native_library.h" | 9 #include "base/native_library.h" |
| 10 #include "base/path_service.h" | 10 #include "base/path_service.h" |
| 11 #include "base/scoped_native_library.h" | 11 #include "base/scoped_native_library.h" |
| 12 #include "base/win/pe_image.h" | 12 #include "base/win/pe_image.h" |
| 13 #include "testing/gtest/include/gtest/gtest.h" | 13 #include "testing/gtest/include/gtest/gtest.h" |
| 14 | 14 |
| 15 namespace safe_browsing { | 15 namespace safe_browsing { |
| 16 | 16 |
| 17 namespace { | |
| 18 | |
| 19 const wchar_t kTestDllName[] = L"verifier_test_dll.dll"; | |
| 20 const char kTestExportName[] = "DummyExport"; | |
| 21 | |
| 22 } // namespace | |
| 23 | |
| 24 class SafeBrowsingModuleVerifierTest : public testing::Test { | 17 class SafeBrowsingModuleVerifierTest : public testing::Test { |
| 25 protected: | 18 protected: |
| 26 base::ScopedNativeLibrary mem_dll_handle_; | 19 base::ScopedNativeLibrary mem_dll_handle_; |
| 27 base::MemoryMappedFile disk_dll_handle_; | 20 base::MemoryMappedFile disk_dll_handle_; |
| 28 scoped_ptr<base::win::PEImageAsData> disk_peimage_ptr_; | 21 scoped_ptr<base::win::PEImageAsData> disk_peimage_ptr_; |
| 29 scoped_ptr<base::win::PEImage> mem_peimage_ptr_; | 22 scoped_ptr<base::win::PEImage> mem_peimage_ptr_; |
| 30 | 23 |
| 31 void SetUpTestDllAndPEImages() { | 24 void SetUpTestDllAndPEImages() { |
| 32 LoadModule(); | 25 LoadModule(); |
| 33 HMODULE mem_handle; | 26 HMODULE mem_handle; |
| 34 GetMemModuleHandle(&mem_handle); | 27 GetMemModuleHandle(&mem_handle); |
| 35 mem_peimage_ptr_.reset(new base::win::PEImage(mem_handle)); | 28 mem_peimage_ptr_.reset(new base::win::PEImage(mem_handle)); |
| 36 ASSERT_TRUE(mem_peimage_ptr_->VerifyMagic()); | 29 ASSERT_TRUE(mem_peimage_ptr_->VerifyMagic()); |
| 37 | 30 |
| 38 LoadDLLAsFile(); | 31 LoadDLLAsFile(); |
| 39 HMODULE disk_handle; | 32 HMODULE disk_handle; |
| 40 GetDiskModuleHandle(&disk_handle); | 33 GetDiskModuleHandle(&disk_handle); |
| 41 disk_peimage_ptr_.reset(new base::win::PEImageAsData(disk_handle)); | 34 disk_peimage_ptr_.reset(new base::win::PEImageAsData(disk_handle)); |
| 42 ASSERT_TRUE(disk_peimage_ptr_->VerifyMagic()); | 35 ASSERT_TRUE(disk_peimage_ptr_->VerifyMagic()); |
| 43 } | 36 } |
| 44 | 37 |
| 45 void LoadModule() { | 38 void LoadModule() { |
| 46 mem_dll_handle_.Reset( | 39 mem_dll_handle_.Reset( |
| 47 LoadNativeLibrary(base::FilePath(kTestDllName), NULL)); | 40 LoadNativeLibrary(base::FilePath(test_dll_names[0]), NULL)); |
| 48 ASSERT_TRUE(mem_dll_handle_.is_valid()); | 41 ASSERT_TRUE(mem_dll_handle_.is_valid()); |
| 49 } | 42 } |
| 50 | 43 |
| 51 void GetMemModuleHandle(HMODULE* mem_handle) { | 44 void GetMemModuleHandle(HMODULE* mem_handle) { |
| 52 *mem_handle = GetModuleHandle(kTestDllName); | 45 *mem_handle = GetModuleHandle(test_dll_names[0]); |
| 53 ASSERT_NE(static_cast<HMODULE>(NULL), *mem_handle); | 46 ASSERT_NE(static_cast<HMODULE>(NULL), *mem_handle); |
| 54 } | 47 } |
| 55 | 48 |
| 56 void LoadDLLAsFile() { | 49 void LoadDLLAsFile() { |
| 57 // Use the module handle to find the it on disk, then load as a file. | 50 // Use the module handle to find the it on disk, then load as a file. |
| 58 HMODULE module_handle; | 51 HMODULE module_handle; |
| 59 GetMemModuleHandle(&module_handle); | 52 GetMemModuleHandle(&module_handle); |
| 60 | 53 |
| 61 WCHAR module_path[MAX_PATH] = {}; | 54 WCHAR module_path[MAX_PATH] = {}; |
| 62 DWORD length = | 55 DWORD length = |
| (...skipping 24 matching lines...) Expand all Loading... |
| 87 1, | 80 1, |
| 88 &bytes_written); | 81 &bytes_written); |
| 89 EXPECT_EQ(1, bytes_written); | 82 EXPECT_EQ(1, bytes_written); |
| 90 } | 83 } |
| 91 }; | 84 }; |
| 92 | 85 |
| 93 TEST_F(SafeBrowsingModuleVerifierTest, VerifyModuleUnmodified) { | 86 TEST_F(SafeBrowsingModuleVerifierTest, VerifyModuleUnmodified) { |
| 94 std::set<std::string> modified_exports; | 87 std::set<std::string> modified_exports; |
| 95 // Call VerifyModule before the module has been loaded, should fail. | 88 // Call VerifyModule before the module has been loaded, should fail. |
| 96 EXPECT_EQ(MODULE_STATE_UNKNOWN, | 89 EXPECT_EQ(MODULE_STATE_UNKNOWN, |
| 97 VerifyModule(kTestDllName, &modified_exports)); | 90 VerifyModule(test_dll_names[0], &modified_exports)); |
| 98 EXPECT_EQ(0, modified_exports.size()); | 91 EXPECT_EQ(0, modified_exports.size()); |
| 99 | 92 |
| 100 // On loading, the module should be identical (up to relocations) in memory as | 93 // On loading, the module should be identical (up to relocations) in memory as |
| 101 // on disk. | 94 // on disk. |
| 102 SetUpTestDllAndPEImages(); | 95 SetUpTestDllAndPEImages(); |
| 103 EXPECT_EQ(MODULE_STATE_UNMODIFIED, | 96 EXPECT_EQ(MODULE_STATE_UNMODIFIED, |
| 104 VerifyModule(kTestDllName, &modified_exports)); | 97 VerifyModule(test_dll_names[0], &modified_exports)); |
| 105 EXPECT_EQ(0, modified_exports.size()); | 98 EXPECT_EQ(0, modified_exports.size()); |
| 106 } | 99 } |
| 107 | 100 |
| 108 TEST_F(SafeBrowsingModuleVerifierTest, VerifyModuleModified) { | 101 TEST_F(SafeBrowsingModuleVerifierTest, VerifyModuleModified) { |
| 109 std::set<std::string> modified_exports; | 102 std::set<std::string> modified_exports; |
| 110 // Confirm the module is identical in memory as on disk before we begin. | 103 // Confirm the module is identical in memory as on disk before we begin. |
| 111 SetUpTestDllAndPEImages(); | 104 SetUpTestDllAndPEImages(); |
| 112 EXPECT_EQ(MODULE_STATE_UNMODIFIED, | 105 EXPECT_EQ(MODULE_STATE_UNMODIFIED, |
| 113 VerifyModule(kTestDllName, &modified_exports)); | 106 VerifyModule(test_dll_names[0], &modified_exports)); |
| 114 | 107 |
| 115 uint8_t* mem_code_addr = NULL; | 108 uint8_t* mem_code_addr = NULL; |
| 116 uint8_t* disk_code_addr = NULL; | 109 uint8_t* disk_code_addr = NULL; |
| 117 uint32_t code_size = 0; | 110 uint32_t code_size = 0; |
| 118 EXPECT_TRUE(GetCodeAddrsAndSize(*mem_peimage_ptr_, | 111 EXPECT_TRUE(GetCodeAddrsAndSize(*mem_peimage_ptr_, |
| 119 *disk_peimage_ptr_, | 112 *disk_peimage_ptr_, |
| 120 &mem_code_addr, | 113 &mem_code_addr, |
| 121 &disk_code_addr, | 114 &disk_code_addr, |
| 122 &code_size)); | 115 &code_size)); |
| 123 | 116 |
| 124 // Edit the first byte of the code section of the module (this may be before | 117 // Edit the first byte of the code section of the module (this may be before |
| 125 // the address of any export). | 118 // the address of any export). |
| 126 uint8_t new_val = (*mem_code_addr) + 1; | 119 uint8_t new_val = (*mem_code_addr) + 1; |
| 127 SIZE_T bytes_written = 0; | 120 SIZE_T bytes_written = 0; |
| 128 WriteProcessMemory(GetCurrentProcess(), | 121 WriteProcessMemory(GetCurrentProcess(), |
| 129 mem_code_addr, | 122 mem_code_addr, |
| 130 reinterpret_cast<void*>(&new_val), | 123 reinterpret_cast<void*>(&new_val), |
| 131 1, | 124 1, |
| 132 &bytes_written); | 125 &bytes_written); |
| 133 EXPECT_EQ(1, bytes_written); | 126 EXPECT_EQ(1, bytes_written); |
| 134 | 127 |
| 135 // VerifyModule should detect the change. | 128 // VerifyModule should detect the change. |
| 136 EXPECT_EQ(MODULE_STATE_MODIFIED, | 129 EXPECT_EQ(MODULE_STATE_MODIFIED, |
| 137 VerifyModule(kTestDllName, &modified_exports)); | 130 VerifyModule(test_dll_names[0], &modified_exports)); |
| 138 } | 131 } |
| 139 | 132 |
| 140 TEST_F(SafeBrowsingModuleVerifierTest, VerifyModuleExportModified) { | 133 TEST_F(SafeBrowsingModuleVerifierTest, VerifyModuleExportModified) { |
| 141 std::set<std::string> modified_exports; | 134 std::set<std::string> modified_exports; |
| 142 // Confirm the module is identical in memory as on disk before we begin. | 135 // Confirm the module is identical in memory as on disk before we begin. |
| 143 SetUpTestDllAndPEImages(); | 136 SetUpTestDllAndPEImages(); |
| 144 EXPECT_EQ(MODULE_STATE_UNMODIFIED, | 137 EXPECT_EQ(MODULE_STATE_UNMODIFIED, |
| 145 VerifyModule(kTestDllName, &modified_exports)); | 138 VerifyModule(test_dll_names[0], &modified_exports)); |
| 146 modified_exports.clear(); | 139 modified_exports.clear(); |
| 147 | 140 |
| 148 // Edit the exported function, VerifyModule should now return the function | 141 // Edit the exported function, VerifyModule should now return the function |
| 149 // name in modified_exports. | 142 // name in modified_exports. |
| 150 EditExport(); | 143 EditExport(); |
| 151 EXPECT_EQ(MODULE_STATE_MODIFIED, | 144 EXPECT_EQ(MODULE_STATE_MODIFIED, |
| 152 VerifyModule(kTestDllName, &modified_exports)); | 145 VerifyModule(test_dll_names[0], &modified_exports)); |
| 153 EXPECT_EQ(1, modified_exports.size()); | 146 EXPECT_EQ(1, modified_exports.size()); |
| 154 EXPECT_EQ(0, std::string(kTestExportName).compare(*modified_exports.begin())); | 147 EXPECT_EQ(0, std::string(kTestExportName).compare(*modified_exports.begin())); |
| 155 } | 148 } |
| 156 | 149 |
| 157 } // namespace safe_browsing | 150 } // namespace safe_browsing |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 440753002:
The incident reporting service now calls VerifyModule. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master