OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROME_BROWSER_ENUMERATE_MODULES_MODEL_WIN_H_ | 5 #ifndef CHROME_BROWSER_ENUMERATE_MODULES_MODEL_WIN_H_ |
6 #define CHROME_BROWSER_ENUMERATE_MODULES_MODEL_WIN_H_ | 6 #define CHROME_BROWSER_ENUMERATE_MODULES_MODEL_WIN_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <utility> | 9 #include <utility> |
10 #include <vector> | 10 #include <vector> |
(...skipping 12 matching lines...) Expand all Loading... |
23 // A helper class that implements the enumerate module functionality on the File | 23 // A helper class that implements the enumerate module functionality on the File |
24 // thread. | 24 // thread. |
25 class ModuleEnumerator : public base::RefCountedThreadSafe<ModuleEnumerator> { | 25 class ModuleEnumerator : public base::RefCountedThreadSafe<ModuleEnumerator> { |
26 public: | 26 public: |
27 // What type of module we are dealing with. Loaded modules are modules we | 27 // What type of module we are dealing with. Loaded modules are modules we |
28 // detect as loaded in the process at the time of scanning. The others are | 28 // detect as loaded in the process at the time of scanning. The others are |
29 // modules of interest and may or may not be loaded in the process at the | 29 // modules of interest and may or may not be loaded in the process at the |
30 // time of scan. | 30 // time of scan. |
31 enum ModuleType { | 31 enum ModuleType { |
32 LOADED_MODULE, | 32 LOADED_MODULE, |
| 33 SHELL_EXTENSION, |
33 WINSOCK_MODULE_REGISTRATION, | 34 WINSOCK_MODULE_REGISTRATION, |
34 }; | 35 }; |
35 | 36 |
36 // The blacklist status of the module. Suspected Bad modules have been | 37 // The blacklist status of the module. Suspected Bad modules have been |
37 // partially matched (ie. name matches and location, but not description) | 38 // partially matched (ie. name matches and location, but not description) |
38 // whereas Confirmed Bad modules have been identified further (ie. | 39 // whereas Confirmed Bad modules have been identified further (ie. |
39 // AuthentiCode signer matches). | 40 // AuthentiCode signer matches). |
40 enum ModuleStatus { | 41 enum ModuleStatus { |
41 // This is returned by the matching function when comparing against the | 42 // This is returned by the matching function when comparing against the |
42 // blacklist and the module does not match the current entry in the | 43 // blacklist and the module does not match the current entry in the |
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
126 static const BlacklistEntry kModuleBlacklist[]; | 127 static const BlacklistEntry kModuleBlacklist[]; |
127 | 128 |
128 // This function does the actual file scanning work on the FILE thread. It | 129 // This function does the actual file scanning work on the FILE thread. It |
129 // enumerates all loaded modules in the process and other modules of | 130 // enumerates all loaded modules in the process and other modules of |
130 // interest, such as the registered Winsock LSP modules and stores them in | 131 // interest, such as the registered Winsock LSP modules and stores them in |
131 // |enumerated_modules_|. It then normalizes the module info and matches | 132 // |enumerated_modules_|. It then normalizes the module info and matches |
132 // them against a blacklist of known bad modules. Finally, it calls | 133 // them against a blacklist of known bad modules. Finally, it calls |
133 // ReportBack to let the observer know we are done. | 134 // ReportBack to let the observer know we are done. |
134 void ScanOnFileThread(); | 135 void ScanOnFileThread(); |
135 | 136 |
| 137 // Enumerate all modules loaded into the Chrome process. |
| 138 void EnumerateLoadedModules(); |
| 139 |
| 140 // Enumerate all registered Windows shell extensions. |
| 141 void EnumerateShellExtensions(); |
| 142 |
| 143 // Enumerate all registered Winsock LSP modules. |
| 144 void EnumerateWinsockModule(); |
| 145 |
| 146 // Reads the registered shell extensions found under |parent| key in the |
| 147 // registry. |
| 148 void ReadShellExtensions(HKEY parent); |
| 149 |
| 150 // Given a |module|, initializes the structure and loads additional |
| 151 // information using the location field of the module. |
| 152 void PopulateModuleInformation(Module* module); |
| 153 |
136 // Builds up a vector of path values mapping to environment variable, | 154 // Builds up a vector of path values mapping to environment variable, |
137 // with pairs like [c:\windows\, %systemroot%]. This is later used to | 155 // with pairs like [c:\windows\, %systemroot%]. This is later used to |
138 // collapse paths like c:\windows\system32 into %systemroot%\system32, which | 156 // collapse paths like c:\windows\system32 into %systemroot%\system32, which |
139 // we can use for comparison against our blacklist (which uses only env vars). | 157 // we can use for comparison against our blacklist (which uses only env vars). |
140 // NOTE: The vector will not contain an exhaustive list of environment | 158 // NOTE: The vector will not contain an exhaustive list of environment |
141 // variables, only the ones currently found on the blacklist or ones that are | 159 // variables, only the ones currently found on the blacklist or ones that are |
142 // likely to appear there. | 160 // likely to appear there. |
143 void PreparePathMappings(); | 161 void PreparePathMappings(); |
144 | 162 |
145 // For a given |module|, collapse the path from c:\windows to %systemroot%, | 163 // For a given |module|, collapse the path from c:\windows to %systemroot%, |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
250 int confirmed_bad_modules_detected_; | 268 int confirmed_bad_modules_detected_; |
251 | 269 |
252 // The number of suspected bad modules (not including confirmed bad ones) | 270 // The number of suspected bad modules (not including confirmed bad ones) |
253 // found during last scan. | 271 // found during last scan. |
254 int suspected_bad_modules_detected_; | 272 int suspected_bad_modules_detected_; |
255 | 273 |
256 DISALLOW_COPY_AND_ASSIGN(EnumerateModulesModel); | 274 DISALLOW_COPY_AND_ASSIGN(EnumerateModulesModel); |
257 }; | 275 }; |
258 | 276 |
259 #endif // CHROME_BROWSER_ENUMERATE_MODULES_MODEL_WIN_H_ | 277 #endif // CHROME_BROWSER_ENUMERATE_MODULES_MODEL_WIN_H_ |
OLD | NEW |