| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/sandbox_poc/pocdll/exports.h" | 5 #include "sandbox/win/sandbox_poc/pocdll/exports.h" |
| 6 #include "sandbox/win/sandbox_poc/pocdll/utils.h" | 6 #include "sandbox/win/sandbox_poc/pocdll/utils.h" |
| 7 #include "sandbox/win/tools/finder/ntundoc.h" | 7 #include "sandbox/win/tools/finder/ntundoc.h" |
| 8 | 8 |
| 9 // This file contains the tests used to verify the security of handles in | 9 // This file contains the tests used to verify the security of handles in |
| 10 // the process | 10 // the process |
| 11 | 11 |
| 12 NTQUERYOBJECT NtQueryObject; | 12 NTQUERYOBJECT NtQueryObject; |
| 13 NTQUERYINFORMATIONFILE NtQueryInformationFile; | 13 NTQUERYINFORMATIONFILE NtQueryInformationFile; |
| 14 NTQUERYSYSTEMINFORMATION NtQuerySystemInformation; | 14 NTQUERYSYSTEMINFORMATION NtQuerySystemInformation; |
| 15 | 15 |
| 16 void POCDLL_API TestGetHandle(HANDLE log) { | 16 void POCDLL_API TestGetHandle(HANDLE log) { |
| 17 HandleToFile handle2file; | 17 HandleToFile handle2file; |
| 18 FILE *output = handle2file.Translate(log, "w"); | 18 FILE *output = handle2file.Translate(log, "w"); |
| 19 | 19 |
| 20 // Initialize the NTAPI functions we need | 20 // Initialize the NTAPI functions we need |
| 21 HMODULE ntdll_handle = ::GetModuleHandle(L"ntdll.dll"); | 21 HMODULE ntdll_handle = ::GetModuleHandle(L"ntdll.dll"); |
| 22 if (!ntdll_handle) { | 22 if (!ntdll_handle) { |
| 23 fprintf(output, "[ERROR] Cannot load ntdll.dll. Error %d\r\n", | 23 fprintf(output, "[ERROR] Cannot load ntdll.dll. Error %ld\r\n", |
| 24 ::GetLastError()); | 24 ::GetLastError()); |
| 25 return; | 25 return; |
| 26 } | 26 } |
| 27 | 27 |
| 28 NtQueryObject = reinterpret_cast<NTQUERYOBJECT>( | 28 NtQueryObject = reinterpret_cast<NTQUERYOBJECT>( |
| 29 GetProcAddress(ntdll_handle, "NtQueryObject")); | 29 GetProcAddress(ntdll_handle, "NtQueryObject")); |
| 30 NtQueryInformationFile = reinterpret_cast<NTQUERYINFORMATIONFILE>( | 30 NtQueryInformationFile = reinterpret_cast<NTQUERYINFORMATIONFILE>( |
| 31 GetProcAddress(ntdll_handle, "NtQueryInformationFile")); | 31 GetProcAddress(ntdll_handle, "NtQueryInformationFile")); |
| 32 NtQuerySystemInformation = reinterpret_cast<NTQUERYSYSTEMINFORMATION>( | 32 NtQuerySystemInformation = reinterpret_cast<NTQUERYSYSTEMINFORMATION>( |
| 33 GetProcAddress(ntdll_handle, "NtQuerySystemInformation")); | 33 GetProcAddress(ntdll_handle, "NtQuerySystemInformation")); |
| 34 | 34 |
| 35 if (!NtQueryObject || !NtQueryInformationFile || !NtQuerySystemInformation) { | 35 if (!NtQueryObject || !NtQueryInformationFile || !NtQuerySystemInformation) { |
| 36 fprintf(output, "[ERROR] Cannot load all NT functions. Error %d\r\n", | 36 fprintf(output, "[ERROR] Cannot load all NT functions. Error %ld\r\n", |
| 37 ::GetLastError()); | 37 ::GetLastError()); |
| 38 return; | 38 return; |
| 39 } | 39 } |
| 40 | 40 |
| 41 // Get the number of handles on the system | 41 // Get the number of handles on the system |
| 42 DWORD buffer_size = 0; | 42 DWORD buffer_size = 0; |
| 43 SYSTEM_HANDLE_INFORMATION_EX temp_info; | 43 SYSTEM_HANDLE_INFORMATION_EX temp_info; |
| 44 NTSTATUS status = NtQuerySystemInformation( | 44 NTSTATUS status = NtQuerySystemInformation( |
| 45 SystemHandleInformation, &temp_info, sizeof(temp_info), | 45 SystemHandleInformation, &temp_info, sizeof(temp_info), |
| 46 &buffer_size); | 46 &buffer_size); |
| 47 if (!buffer_size) { | 47 if (!buffer_size) { |
| 48 fprintf(output, "[ERROR] Get the number of handles. Error 0x%X\r\n", | 48 fprintf(output, "[ERROR] Get the number of handles. Error 0x%lX\r\n", |
| 49 status); | 49 status); |
| 50 return; | 50 return; |
| 51 } | 51 } |
| 52 | 52 |
| 53 SYSTEM_HANDLE_INFORMATION_EX *system_handles = | 53 SYSTEM_HANDLE_INFORMATION_EX *system_handles = |
| 54 reinterpret_cast<SYSTEM_HANDLE_INFORMATION_EX*>(new BYTE[buffer_size]); | 54 reinterpret_cast<SYSTEM_HANDLE_INFORMATION_EX*>(new BYTE[buffer_size]); |
| 55 | 55 |
| 56 status = NtQuerySystemInformation(SystemHandleInformation, system_handles, | 56 status = NtQuerySystemInformation(SystemHandleInformation, system_handles, |
| 57 buffer_size, &buffer_size); | 57 buffer_size, &buffer_size); |
| 58 if (STATUS_SUCCESS != status) { | 58 if (STATUS_SUCCESS != status) { |
| 59 fprintf(output, "[ERROR] Failed to get the handle list. Error 0x%X\r\n", | 59 fprintf(output, "[ERROR] Failed to get the handle list. Error 0x%lX\r\n", |
| 60 status); | 60 status); |
| 61 delete [] system_handles; | 61 delete [] system_handles; |
| 62 return; | 62 return; |
| 63 } | 63 } |
| 64 | 64 |
| 65 for (ULONG i = 0; i < system_handles->NumberOfHandles; ++i) { | 65 for (ULONG i = 0; i < system_handles->NumberOfHandles; ++i) { |
| 66 USHORT h = system_handles->Information[i].Handle; | 66 USHORT h = system_handles->Information[i].Handle; |
| 67 if (system_handles->Information[i].ProcessId != ::GetCurrentProcessId()) | 67 if (system_handles->Information[i].ProcessId != ::GetCurrentProcessId()) |
| 68 continue; | 68 continue; |
| 69 | 69 |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 145 file_name = NULL; | 145 file_name = NULL; |
| 146 } | 146 } |
| 147 } | 147 } |
| 148 } | 148 } |
| 149 | 149 |
| 150 if (file_name) { | 150 if (file_name) { |
| 151 UNICODE_STRING file_name_string; | 151 UNICODE_STRING file_name_string; |
| 152 file_name_string.Buffer = file_name->FileName; | 152 file_name_string.Buffer = file_name->FileName; |
| 153 file_name_string.Length = (USHORT)file_name->FileNameLength; | 153 file_name_string.Length = (USHORT)file_name->FileNameLength; |
| 154 file_name_string.MaximumLength = (USHORT)file_name->FileNameLength; | 154 file_name_string.MaximumLength = (USHORT)file_name->FileNameLength; |
| 155 fprintf(output, "[GRANTED] Handle 0x%4.4X Access: 0x%8.8X " | 155 fprintf(output, "[GRANTED] Handle 0x%4.4X Access: 0x%8.8lX " |
| 156 "Type: %-13.13wZ Path: %wZ\r\n", | 156 "Type: %-13.13wZ Path: %wZ\r\n", |
| 157 h, | 157 h, |
| 158 system_handles->Information[i].GrantedAccess, | 158 system_handles->Information[i].GrantedAccess, |
| 159 type ? &type->TypeName : NULL, | 159 type ? &type->TypeName : NULL, |
| 160 &file_name_string); | 160 &file_name_string); |
| 161 } else { | 161 } else { |
| 162 fprintf(output, "[GRANTED] Handle 0x%4.4X Access: 0x%8.8X " | 162 fprintf(output, "[GRANTED] Handle 0x%4.4X Access: 0x%8.8lX " |
| 163 "Type: %-13.13wZ Path: %wZ\r\n", | 163 "Type: %-13.13wZ Path: %wZ\r\n", |
| 164 h, | 164 h, |
| 165 system_handles->Information[i].GrantedAccess, | 165 system_handles->Information[i].GrantedAccess, |
| 166 type ? &type->TypeName : NULL, | 166 type ? &type->TypeName : NULL, |
| 167 name ? &name->ObjectName : NULL); | 167 name ? &name->ObjectName : NULL); |
| 168 } | 168 } |
| 169 | 169 |
| 170 if (type) { | 170 if (type) { |
| 171 delete[] type; | 171 delete[] type; |
| 172 } | 172 } |
| 173 | 173 |
| 174 if (file_name) { | 174 if (file_name) { |
| 175 delete[] file_name; | 175 delete[] file_name; |
| 176 } | 176 } |
| 177 | 177 |
| 178 if (name) { | 178 if (name) { |
| 179 delete [] name; | 179 delete [] name; |
| 180 } | 180 } |
| 181 } | 181 } |
| 182 | 182 |
| 183 if (system_handles) { | 183 if (system_handles) { |
| 184 delete [] system_handles; | 184 delete [] system_handles; |
| 185 } | 185 } |
| 186 } | 186 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 543923002:
win/clang: Fix all remaining -Wformat warnings. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master