Chromium Code Reviews Chromium Code Reviews
Issue 440753002:
The incident reporting service now calls VerifyModule. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/safe_browsing/environment_data_collection_win_unittest.cc |
| diff --git a/chrome/browser/safe_browsing/environment_data_collection_win_unittest.cc b/chrome/browser/safe_browsing/environment_data_collection_win_unittest.cc |
| index 5c9f0b58ca09eb34bd1ea7a1913dc33e5b2a2a9d..929e2044c956f857ea51a9d588b37187cca3a60a 100644 |
| --- a/chrome/browser/safe_browsing/environment_data_collection_win_unittest.cc |
| +++ b/chrome/browser/safe_browsing/environment_data_collection_win_unittest.cc |
| @@ -13,6 +13,8 @@ |
| #include "base/strings/utf_string_conversions.h" |
| #include "base/test/test_reg_util_win.h" |
| #include "base/win/registry.h" |
| +#include "chrome/browser/safe_browsing/module_integrity_unittest_util_win.h" |
| +#include "chrome/browser/safe_browsing/module_integrity_verifier_win.h" |
| #include "chrome/browser/safe_browsing/path_sanitizer.h" |
| #include "chrome/common/safe_browsing/csd.pb.h" |
| #include "chrome_elf/chrome_elf_constants.h" |
| @@ -167,3 +169,60 @@ TEST(SafeBrowsingEnvironmentDataCollectionWinTest, CollectDllBlacklistData) { |
| std::string process_report_path = process_report.blacklisted_dll(0); |
| EXPECT_EQ(path_expected, process_report_path); |
| } |
| + |
| +TEST(SafeBrowsingEnvironmentDataCollectionWinTest, VerifyLoadedModules) { |
| + // Load the test modules. |
| + std::vector<base::ScopedNativeLibrary> test_dlls( |
| + safe_browsing::kTestDllNamesCount); |
| + for (size_t i = 0; i < safe_browsing::kTestDllNamesCount; ++i) { |
| + test_dlls[i].Reset(LoadNativeLibrary( |
| + base::FilePath(safe_browsing::kTestDllNames[i]), NULL)); |
| + } |
| + |
| + // Edit the first byte of the function exported by the first module. |
| + HMODULE module_handle = NULL; |
| + EXPECT_TRUE( |
| + GetModuleHandleEx(0, safe_browsing::kTestDllNames[0], &module_handle)); |
| + uint8_t* export_addr = reinterpret_cast<uint8_t*>( |
| + GetProcAddress(module_handle, safe_browsing::kTestExportName)); |
| + EXPECT_NE(reinterpret_cast<uint8_t*>(NULL), export_addr); |
| + |
| + uint8_t new_val = (*export_addr) + 1; |
| + SIZE_T bytes_written = 0; |
| + WriteProcessMemory(GetCurrentProcess(), |
| + export_addr, |
| + reinterpret_cast<void*>(&new_val), |
| + 1, |
| + &bytes_written); |
| + EXPECT_EQ(1, bytes_written); |
| + |
| + safe_browsing::ClientIncidentReport_EnvironmentData_Process process_report; |
| + safe_browsing::CollectModuleVerificationData( |
| + safe_browsing::kTestDllNames, |
| + safe_browsing::kTestDllNamesCount, |
| + &process_report); |
| + EXPECT_EQ(safe_browsing::kTestDllNamesCount, |
| + process_report.module_state_size()); |
| + |
| + // CollectModuleVerificationData should find the modified exported function in |
| + // the first module, and see all others as unmodified. |
| + for (int i = 0; i < process_report.module_state_size(); ++i) { |
|
csharp
2014/08/07 17:22:11
Right now the order of the modules returned from C
krstnmnlsn
2014/08/07 21:21:22
Done.
|
| + if (process_report.module_state(i).name() == |
| + base::WideToUTF8(std::wstring(safe_browsing::kTestDllNames[0]))) { |
| + EXPECT_EQ(safe_browsing:: |
| + ClientIncidentReport_EnvironmentData_Process_ModuleState:: |
| + MODULE_STATE_MODIFIED, |
| + process_report.module_state(i).modified_state()); |
| + EXPECT_EQ(1, process_report.module_state(i).modified_export_size()); |
| + EXPECT_EQ(std::string(safe_browsing::kTestExportName), |
| + process_report.module_state(i).modified_export(0)); |
| + |
| + } else { |
| + EXPECT_EQ(safe_browsing:: |
| + ClientIncidentReport_EnvironmentData_Process_ModuleState:: |
| + MODULE_STATE_UNMODIFIED, |
| + process_report.module_state(i).modified_state()); |
| + EXPECT_EQ(0, process_report.module_state(i).modified_export_size()); |
| + } |
| + } |
| +} |
