OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/enumerate_modules_model_win.h" | 5 #include "chrome/browser/enumerate_modules_model_win.h" |
6 | 6 |
7 #include <Tlhelp32.h> | 7 #include <Tlhelp32.h> |
8 #include <wintrust.h> | 8 #include <wintrust.h> |
9 | 9 |
10 #include "app/l10n_util.h" | 10 #include "app/l10n_util.h" |
(...skipping 19 matching lines...) Expand all Loading... |
30 #include "grit/generated_resources.h" | 30 #include "grit/generated_resources.h" |
31 | 31 |
32 // The period of time (in milliseconds) to wait until checking to see if any | 32 // The period of time (in milliseconds) to wait until checking to see if any |
33 // incompatible modules exist. | 33 // incompatible modules exist. |
34 static const int kModuleCheckDelayMs = 60 * 1000; | 34 static const int kModuleCheckDelayMs = 60 * 1000; |
35 | 35 |
36 // The path to the Shell Extension key in the Windows registry. | 36 // The path to the Shell Extension key in the Windows registry. |
37 static const wchar_t kRegPath[] = | 37 static const wchar_t kRegPath[] = |
38 L"Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved"; | 38 L"Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved"; |
39 | 39 |
| 40 // Short-hand for things on the blacklist you should simply get rid of. |
| 41 static const ModuleEnumerator::RecommendedAction kUninstallLink = |
| 42 static_cast<ModuleEnumerator::RecommendedAction>( |
| 43 ModuleEnumerator::UNINSTALL | ModuleEnumerator::SEE_LINK); |
| 44 |
40 // A sort method that sorts by bad modules first, then by full name (including | 45 // A sort method that sorts by bad modules first, then by full name (including |
41 // path). | 46 // path). |
42 static bool ModuleSort(const ModuleEnumerator::Module& a, | 47 static bool ModuleSort(const ModuleEnumerator::Module& a, |
43 const ModuleEnumerator::Module& b) { | 48 const ModuleEnumerator::Module& b) { |
44 if (a.status != b.status) | 49 if (a.status != b.status) |
45 return a.status > b.status; | 50 return a.status > b.status; |
46 | 51 |
47 if (a.location == b.location) | 52 if (a.location == b.location) |
48 return a.name < b.name; | 53 return a.name < b.name; |
49 | 54 |
(...skipping 15 matching lines...) Expand all Loading... |
65 bool operator()(const ModuleEnumerator::Module& module_in) const { | 70 bool operator()(const ModuleEnumerator::Module& module_in) const { |
66 return (module.location == module_in.location) && | 71 return (module.location == module_in.location) && |
67 (module.name == module_in.name); | 72 (module.name == module_in.name); |
68 } | 73 } |
69 | 74 |
70 const ModuleEnumerator::Module& module; | 75 const ModuleEnumerator::Module& module; |
71 }; | 76 }; |
72 | 77 |
73 } | 78 } |
74 | 79 |
75 // The browser process module blacklist. This lists all modules that are known | 80 // The browser process module blacklist. This lists modules that are known |
76 // to cause compatibility issues within the browser process. When adding to this | 81 // to cause compatibility issues within the browser process. When adding to this |
77 // list, make sure that all paths are lower-case, in long pathname form, end | 82 // list, make sure that all paths are lower-case, in long pathname form, end |
78 // with a slash and use environments variables (or just look at one of the | 83 // with a slash and use environments variables (or just look at one of the |
79 // comments below and keep it consistent with that). When adding an entry with | 84 // comments below and keep it consistent with that). When adding an entry with |
80 // an environment variable not currently used in the list below, make sure to | 85 // an environment variable not currently used in the list below, make sure to |
81 // update the list in PreparePathMappings. Filename, Description/Signer, and | 86 // update the list in PreparePathMappings. Filename, Description/Signer, and |
82 // Location must be entered as hashes (see GenerateHash). Filename is mandatory. | 87 // Location must be entered as hashes (see GenerateHash). Filename is mandatory. |
83 // Entries without any Description, Signer info, or Location will never be | 88 // Entries without any Description, Signer info, or Location will never be |
84 // marked as confirmed bad (only as suspicious). | 89 // marked as confirmed bad (only as suspicious). |
85 const ModuleEnumerator::BlacklistEntry ModuleEnumerator::kModuleBlacklist[] = { | 90 const ModuleEnumerator::BlacklistEntry ModuleEnumerator::kModuleBlacklist[] = { |
86 // NOTE: Please keep this list sorted by dll name, then location. | 91 // NOTE: Please keep this list sorted by dll name, then location. |
87 | 92 |
88 // foldersizecolumn.dll. | 93 // apiqq0.dll, "%temp%\\". |
89 {"5ec91bd7", "", "", "", "", NONE}, | 94 { "26134911", "59145acf", "", "", "", kUninstallLink }, |
90 | 95 |
91 // idmmbc.dll, "%programfiles%\\internet download manager\\", "Tonec Inc.". | 96 // arking0.dll, "%systemroot%\\system32\\". |
92 // See: http://crbug.com/26892/. | 97 { "f5d8f549", "23d01d5b", "", "", "", kUninstallLink }, |
93 {"b8dce5c3", "94541bf5", "d33ad640", "", "6.03", UPDATE}, | |
94 | 98 |
95 // imon.dll. See: http://crbug.com/21715. | 99 // arking1.dll, "%systemroot%\\system32\\". |
96 {"8f42f22e", "", "", "", "", NONE}, | 100 { "c60ca062", "23d01d5b", "", "", "", kUninstallLink }, |
97 | 101 |
98 // is3lsp.dll. See: http://crbug.com/26892. | 102 // clickpotatolitesahook.dll, "". Different version each report. |
99 {"7ffbdce9", "", "", "", "", NONE}, | 103 { "0396e037.dll", "", "", "", "", kUninstallLink }, |
100 | 104 |
101 // nvlsp.dll. See: http://crbug.com/22083. | 105 // cvasds0.dll, "%temp%\\". |
102 {"37f907e2", "", "", "", "", NONE}, | 106 { "5ce0037c", "59145acf", "", "", "", kUninstallLink }, |
103 | 107 |
104 // nvshell.dll. See: http://crbug.com/3269. | 108 // cwalsp.dll, "%systemroot%\\system32\\". |
105 {"9290318f", "", "", "", "", NONE}, | 109 { "e579a039", "23d01d5b", "", "", "", kUninstallLink }, |
106 | 110 |
107 // securenet.dll. See: http://crbug.com/5165. | 111 // dsoqq0.dll, "%temp%\\". |
108 {"9b266e1c", "", "", "", "", NONE}, | 112 { "1c4df325", "59145acf", "", "", "", kUninstallLink }, |
109 | 113 |
110 // sgprxy.dll. | 114 // hblitesahook.dll. Each report has different version number in location. |
111 {"005965ea", "", "", "", "", NONE}, | 115 { "5d10b363", "", "", "", "", kUninstallLink }, |
112 | 116 |
113 // vaproxyd.dll. See: http://crbug.com/42445. | 117 // icf.dll, "%systemroot%\\system32\\". |
114 {"0a1c7f81", "", "", "", "", NONE}, | 118 { "303825ed", "23d01d5b", "", "", "", kUninstallLink }, |
115 | 119 |
116 // vlsp.dll. See: http://crbug.com/22826. | 120 // idmmbc.dll (IDM), "%systemroot%\\system32\\". See: http://crbug.com/26892/. |
117 {"2e4eb93d", "", "", "", "", NONE}, | 121 { "b8dce5c3", "23d01d5b", "", "", "6.03", |
| 122 static_cast<RecommendedAction>(UPDATE | DISABLE) }, |
| 123 |
| 124 // imon.dll (NOD32), "%systemroot%\\system32\\". See: http://crbug.com/21715. |
| 125 { "8f42f22e", "23d01d5b", "", "", "4.0", |
| 126 static_cast<RecommendedAction>(UPDATE | DISABLE) }, |
| 127 |
| 128 // is3lsp.dll, "%commonprogramfiles%\\is3\\anti-spyware\\". |
| 129 { "7ffbdce9", "bc5673f2", "", "", "", |
| 130 static_cast<RecommendedAction>(UPDATE | DISABLE) }, |
| 131 |
| 132 // jsi.dll, "%programfiles%\\profilecraze\\". |
| 133 { "f9555eea", "e3548061", "", "", "", kUninstallLink }, |
| 134 |
| 135 // kernel.dll, "%programfiles%\\contentwatch\\internet protection\\modules\\". |
| 136 { "ead2768e", "4e61ce60", "", "", "", kUninstallLink }, |
| 137 |
| 138 // mgking0.dll, "%systemroot%\\system32\\". |
| 139 { "d0893e38", "23d01d5b", "", "", "", kUninstallLink }, |
| 140 |
| 141 // mgking0.dll, "%temp%\\". |
| 142 { "d0893e38", "59145acf", "", "", "", kUninstallLink }, |
| 143 |
| 144 // mgking1.dll, "%systemroot%\\system32\\". |
| 145 { "3e837222", "23d01d5b", "", "", "", kUninstallLink }, |
| 146 |
| 147 // mgking1.dll, "%temp%\\". |
| 148 { "3e837222", "59145acf", "", "", "", kUninstallLink }, |
| 149 |
| 150 // mstcipha.ime, "%systemroot%\\system32\\". |
| 151 { "5523579e", "23d01d5b", "", "", "", kUninstallLink }, |
| 152 |
| 153 // mwtsp.dll, "%systemroot%\\system32\\". |
| 154 { "9830bff6", "23d01d5b", "", "", "", kUninstallLink }, |
| 155 |
| 156 // nodqq0.dll, "%temp%\\". |
| 157 { "b86ce04d", "59145acf", "", "", "", kUninstallLink }, |
| 158 |
| 159 // nvlsp.dll, |
| 160 // "%programfiles%\\nvidia corporation\\networkaccessmanager\\bin32\\". |
| 161 { "37f907e2", "3ad0ff23", "", "", "", kUninstallLink }, |
| 162 |
| 163 // radhslib.dll (Naomi web filter), "%programfiles%\\rnamfler\\". |
| 164 // See http://crbug.com/12517. |
| 165 { "7edcd250", "0733dc3e", "", "", "", kUninstallLink }, |
| 166 |
| 167 // rlls.dll, "%programfiles%\\relevantknowledge\\". |
| 168 { "a1ed94a7", "ea9d6b36", "", "", "", kUninstallLink }, |
| 169 |
| 170 // rooksdol.dll, "%programfiles%\\trusteer\\rapport\\bin\\". |
| 171 { "802aefef", "06120e13", "", "", "", kUninstallLink }, |
| 172 |
| 173 // searchtree.dll, |
| 174 // "%programfiles%\\contentwatch\\internet protection\\modules\\". |
| 175 { "f6915a31", "4e61ce60", "", "", "", kUninstallLink }, |
| 176 |
| 177 // sgprxy.dll, "%commonprogramfiles%\\is3\\anti-spyware\\". |
| 178 { "005965ea", "bc5673f2", "", "", "", |
| 179 static_cast<RecommendedAction>(UPDATE | DISABLE) }, |
| 180 |
| 181 // twking0.dll, "%systemroot%\\system32\\". |
| 182 { "0355549b", "23d01d5b", "", "", "", kUninstallLink }, |
| 183 |
| 184 // twking1.dll, "%systemroot%\\system32\\". |
| 185 { "02e44508", "23d01d5b", "", "", "", kUninstallLink }, |
| 186 |
| 187 // vksaver.dll, "%systemroot%\\system32\\". |
| 188 { "c4a784d5", "23d01d5b", "", "", "", kUninstallLink }, |
| 189 |
| 190 // vlsp.dll, "%systemroot%\\system32\\". |
| 191 { "2e4eb93d", "23d01d5b", "", "", "", kUninstallLink }, |
| 192 |
| 193 // vmn3_1dn.dll, "%appdata%\\roaming\\vmndtxtb\\". |
| 194 { "bba2037d", "9ab68585", "", "", "", kUninstallLink }, |
| 195 |
| 196 // webanalyzer.dll, |
| 197 // "%programfiles%\\contentwatch\\internet protection\\modules\\". |
| 198 { "c70b697d", "4e61ce60", "", "", "", kUninstallLink }, |
| 199 |
| 200 // wowst0.dll, "%systemroot%\\system32\\". |
| 201 { "38ad9963", "23d01d5b", "", "", "", kUninstallLink }, |
| 202 |
| 203 // wxbase28u_vc_cw.dll, "%systemroot%\\system32\\". |
| 204 { "e967210d", "23d01d5b", "", "", "", kUninstallLink }, |
118 }; | 205 }; |
119 | 206 |
120 // Generates an 8 digit hash from the input given. | 207 // Generates an 8 digit hash from the input given. |
121 static void GenerateHash(const std::string& input, std::string* output) { | 208 static void GenerateHash(const std::string& input, std::string* output) { |
122 if (input.empty()) { | 209 if (input.empty()) { |
123 *output = ""; | 210 *output = ""; |
124 return; | 211 return; |
125 } | 212 } |
126 | 213 |
127 uint8 hash[4]; | 214 uint8 hash[4]; |
(...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
417 path_mapping_.clear(); | 504 path_mapping_.clear(); |
418 | 505 |
419 scoped_ptr<base::Environment> environment(base::Environment::Create()); | 506 scoped_ptr<base::Environment> environment(base::Environment::Create()); |
420 std::vector<string16> env_vars; | 507 std::vector<string16> env_vars; |
421 env_vars.push_back(L"LOCALAPPDATA"); | 508 env_vars.push_back(L"LOCALAPPDATA"); |
422 env_vars.push_back(L"ProgramFiles"); | 509 env_vars.push_back(L"ProgramFiles"); |
423 env_vars.push_back(L"USERPROFILE"); | 510 env_vars.push_back(L"USERPROFILE"); |
424 env_vars.push_back(L"SystemRoot"); | 511 env_vars.push_back(L"SystemRoot"); |
425 env_vars.push_back(L"TEMP"); | 512 env_vars.push_back(L"TEMP"); |
426 env_vars.push_back(L"TMP"); | 513 env_vars.push_back(L"TMP"); |
| 514 env_vars.push_back(L"CommonProgramFiles"); |
427 for (std::vector<string16>::const_iterator variable = env_vars.begin(); | 515 for (std::vector<string16>::const_iterator variable = env_vars.begin(); |
428 variable != env_vars.end(); ++variable) { | 516 variable != env_vars.end(); ++variable) { |
429 std::string path; | 517 std::string path; |
430 if (environment->GetVar(WideToASCII(*variable).c_str(), &path)) { | 518 if (environment->GetVar(WideToASCII(*variable).c_str(), &path)) { |
431 path_mapping_.push_back( | 519 path_mapping_.push_back( |
432 std::make_pair(l10n_util::ToLower(UTF8ToWide(path)) + L"\\", | 520 std::make_pair(l10n_util::ToLower(UTF8ToWide(path)) + L"\\", |
433 L"%" + l10n_util::ToLower(*variable) + L"%")); | 521 L"%" + l10n_util::ToLower(*variable) + L"%")); |
434 } | 522 } |
435 } | 523 } |
436 } | 524 } |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
472 if (status != NOT_MATCHED) { | 560 if (status != NOT_MATCHED) { |
473 // We have a match against the blacklist. Mark it as such. | 561 // We have a match against the blacklist. Mark it as such. |
474 module->status = status; | 562 module->status = status; |
475 module->recommended_action = kModuleBlacklist[i].help_tip; | 563 module->recommended_action = kModuleBlacklist[i].help_tip; |
476 break; | 564 break; |
477 } | 565 } |
478 } | 566 } |
479 | 567 |
480 // Modules loaded from these locations are frequently malicious | 568 // Modules loaded from these locations are frequently malicious |
481 // and notorious for changing frequently so they are not good candidates | 569 // and notorious for changing frequently so they are not good candidates |
482 // for blacklising individually. Mark them as suspicious if we haven't | 570 // for blacklisting individually. Mark them as suspicious if we haven't |
483 // classified them as bad yet. | 571 // classified them as bad yet. |
484 if (module->status == NOT_MATCHED || module->status == GOOD) { | 572 if (module->status == NOT_MATCHED || module->status == GOOD) { |
485 if (StartsWith(module->location, L"%temp%", false) || | 573 if (StartsWith(module->location, L"%temp%", false) || |
486 StartsWith(module->location, L"%tmp%", false)) { | 574 StartsWith(module->location, L"%tmp%", false)) { |
487 module->status = SUSPECTED_BAD; | 575 module->status = SUSPECTED_BAD; |
488 } | 576 } |
489 } | 577 } |
490 } | 578 } |
491 } | 579 } |
492 | 580 |
(...skipping 252 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
745 GenerateHash(WideToUTF8(module.name), &filename); | 833 GenerateHash(WideToUTF8(module.name), &filename); |
746 GenerateHash(WideToUTF8(module.location), &location); | 834 GenerateHash(WideToUTF8(module.location), &location); |
747 GenerateHash(WideToUTF8(module.description), &description); | 835 GenerateHash(WideToUTF8(module.description), &description); |
748 GenerateHash(WideToUTF8(module.digital_signer), &signer); | 836 GenerateHash(WideToUTF8(module.digital_signer), &signer); |
749 | 837 |
750 string16 url = l10n_util::GetStringF(IDS_HELP_CENTER_VIEW_CONFLICTS, | 838 string16 url = l10n_util::GetStringF(IDS_HELP_CENTER_VIEW_CONFLICTS, |
751 ASCIIToWide(filename), ASCIIToWide(location), | 839 ASCIIToWide(filename), ASCIIToWide(location), |
752 ASCIIToWide(description), ASCIIToWide(signer)); | 840 ASCIIToWide(description), ASCIIToWide(signer)); |
753 return GURL(WideToUTF8(url)); | 841 return GURL(WideToUTF8(url)); |
754 } | 842 } |
OLD | NEW |