The incident reporting service now calls VerifyModule.

chrome/browser/safe_browsing/environment_data_collection_win_unittest.cc

Index: chrome/browser/safe_browsing/environment_data_collection_win_unittest.cc
diff --git a/chrome/browser/safe_browsing/environment_data_collection_win_unittest.cc b/chrome/browser/safe_browsing/environment_data_collection_win_unittest.cc
index 5c9f0b58ca09eb34bd1ea7a1913dc33e5b2a2a9d..6e9f72b9754721b76cf9353abf6e6e1d5b76a38d 100644
--- a/chrome/browser/safe_browsing/environment_data_collection_win_unittest.cc
+++ b/chrome/browser/safe_browsing/environment_data_collection_win_unittest.cc
@@ -13,6 +13,8 @@
 #include "base/strings/utf_string_conversions.h"
 #include "base/test/test_reg_util_win.h"
 #include "base/win/registry.h"
+#include "chrome/browser/safe_browsing/module_integrity_unittest_util.h"
+#include "chrome/browser/safe_browsing/module_integrity_verifier_win.h"
 #include "chrome/browser/safe_browsing/path_sanitizer.h"
 #include "chrome/common/safe_browsing/csd.pb.h"
 #include "chrome_elf/chrome_elf_constants.h"
@@ -167,3 +169,53 @@ TEST(SafeBrowsingEnvironmentDataCollectionWinTest, CollectDllBlacklistData) {
   std::string process_report_path = process_report.blacklisted_dll(0);
   EXPECT_EQ(path_expected, process_report_path);
 }
+
+TEST(SafeBrowsingEnvironmentDataCollectionWinTest, VerifyLoadedModules) {
+  //  Load the test modules.
+  int test_dlls_count = safe_browsing::TestDllsCount();
+  std::vector<base::ScopedNativeLibrary> test_dlls(test_dlls_count);
+  for (int i = 0; i < test_dlls_count; ++i) {
+    test_dlls[i].Reset(LoadNativeLibrary(
+        base::FilePath(safe_browsing::test_dll_names[i]), NULL));
+  }
+
+  // Edit the first byte of the function exported by the first module.
+  HMODULE module_handle = NULL;
+  EXPECT_TRUE(
+      GetModuleHandleEx(0, safe_browsing::test_dll_names[0], &module_handle));
+  uint8_t* export_addr = reinterpret_cast<uint8_t*>(
+      GetProcAddress(module_handle, safe_browsing::kTestExportName));
+  EXPECT_NE(reinterpret_cast<uint8_t*>(NULL), export_addr);
+
+  uint8_t new_val = (*export_addr) + 1;
+  SIZE_T bytes_written = 0;
+  WriteProcessMemory(GetCurrentProcess(),
+                     export_addr,
+                     reinterpret_cast<void*>(&new_val),
+                     1,
+                     &bytes_written);
+  EXPECT_EQ(1, bytes_written);
+
+  safe_browsing::ClientIncidentReport_EnvironmentData_Process process_report;
+  safe_browsing::RecordModuleVerificationData(safe_browsing::test_dll_names,
+                                              &process_report);
+  EXPECT_EQ(test_dlls_count, process_report.module_state_size());
+
+  //  RecordModuleVerificationData should find the modified exported function

[robertshield, 2014/08/06 13:00:51]

micro nit: one less space between // and R

[krstnmnlsn, 2014/08/06 21:55:11]

I'm beginning to see why you can't handle justified text

+  //  in the first module, and see all others as unmodified.
+  for (int i = 0; i < process_report.module_state_size(); ++i) {
+    if (process_report.module_state(i).name() ==
+        base::WideToUTF8(std::wstring(safe_browsing::test_dll_names[0]))) {
+      EXPECT_EQ(safe_browsing::MODULE_STATE_MODIFIED,
+                process_report.module_state(i).modified_state());
+      EXPECT_EQ(1, process_report.module_state(i).modified_export_size());
+      EXPECT_EQ(std::string(safe_browsing::kTestExportName),
+                process_report.module_state(i).modified_export(0));
+
+    } else {
+      EXPECT_EQ(safe_browsing::MODULE_STATE_UNMODIFIED,
+                process_report.module_state(i).modified_state());
+      EXPECT_EQ(0, process_report.module_state(i).modified_export_size());
+    }
+  }
+}