Chromium Code Reviews Chromium Code Reviews
Issue 700373005:
Check within target process for policy match on registry intercepts (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/sandbox_nt_util.h" | 5 #include "sandbox/win/src/sandbox_nt_util.h" |
| 6 | 6 |
| 7 #include "base/win/pe_image.h" | 7 #include "base/win/pe_image.h" |
| 8 #include "sandbox/win/src/sandbox_factory.h" | 8 #include "sandbox/win/src/sandbox_factory.h" |
| 9 #include "sandbox/win/src/target_services.h" | 9 #include "sandbox/win/src/target_services.h" |
| 10 | 10 |
| (...skipping 197 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 208 NTSTATUS CopyData(void* destination, const void* source, size_t bytes) { | 208 NTSTATUS CopyData(void* destination, const void* source, size_t bytes) { |
| 209 NTSTATUS ret = STATUS_SUCCESS; | 209 NTSTATUS ret = STATUS_SUCCESS; |
| 210 __try { | 210 __try { |
| 211 g_nt.memcpy(destination, source, bytes); | 211 g_nt.memcpy(destination, source, bytes); |
| 212 } __except(EXCEPTION_EXECUTE_HANDLER) { | 212 } __except(EXCEPTION_EXECUTE_HANDLER) { |
| 213 ret = GetExceptionCode(); | 213 ret = GetExceptionCode(); |
| 214 } | 214 } |
| 215 return ret; | 215 return ret; |
| 216 } | 216 } |
| 217 | 217 |
| 218 NTSTATUS AllocAndGetFullPath(HANDLE root, | |
| 219 wchar_t* path, | |
| 220 wchar_t** full_path) { | |
| 221 if (!InitHeap()) | |
| 222 return STATUS_NO_MEMORY; | |
| 223 | |
| 224 DCHECK_NT(full_path); | |
| 225 DCHECK_NT(key_name); | |
| 226 *full_path = NULL; | |
| 227 OBJECT_NAME_INFORMATION* handle_name = NULL; | |
| 228 NTSTATUS ret = STATUS_UNSUCCESSFUL; | |
| 229 __try { | |
| 230 do { | |
| 231 NtQueryObjectFunction NtQueryObject = NULL; | |
|
jschuh
2014/11/11 22:16:06
I think it's safe to make this static, and just ch
Will Harris
2014/11/12 00:30:37
Done.
| |
| 232 ResolveNTFunctionPtr("NtQueryObject", &NtQueryObject); | |
| 233 | |
| 234 ULONG size = 0; | |
| 235 // Query the name information a first time to get the size of the name. | |
| 236 ret = NtQueryObject(root, ObjectNameInformation, NULL, 0, &size); | |
| 237 | |
| 238 if (size) { | |
| 239 handle_name = reinterpret_cast<OBJECT_NAME_INFORMATION*>( | |
| 240 new(NT_ALLOC) BYTE[size]); | |
| 241 | |
| 242 // Query the name information a second time to get the name of the | |
| 243 // object referenced by the handle. | |
| 244 ret = NtQueryObject(root, ObjectNameInformation, handle_name, size, | |
| 245 &size); | |
| 246 } | |
| 247 | |
| 248 if (STATUS_SUCCESS != ret) | |
| 249 break; | |
| 250 | |
| 251 // Space for path + '\' + name + '\0'. | |
| 252 size_t name_length = handle_name->ObjectName.Length + | |
| 253 (wcslen(path) + 2) * sizeof(wchar_t); | |
| 254 *full_path = new(NT_ALLOC) wchar_t[name_length/sizeof(wchar_t)]; | |
| 255 if (NULL == *full_path) | |
| 256 break; | |
| 257 wchar_t* off = *full_path; | |
| 258 ret = CopyData(off, handle_name->ObjectName.Buffer, | |
| 259 handle_name->ObjectName.Length); | |
| 260 if (!NT_SUCCESS(ret)) | |
| 261 break; | |
| 262 off += handle_name->ObjectName.Length / sizeof(wchar_t); | |
| 263 *off = L'\\'; | |
| 264 off += 1; | |
| 265 ret = CopyData(off, path, wcslen(path) * sizeof(wchar_t)); | |
| 266 if (!NT_SUCCESS(ret)) | |
| 267 break; | |
| 268 off += wcslen(path); | |
| 269 *off = L'\0'; | |
| 270 } while (false); | |
| 271 } __except(EXCEPTION_EXECUTE_HANDLER) { | |
| 272 ret = GetExceptionCode(); | |
| 273 } | |
| 274 | |
| 275 if (!NT_SUCCESS(ret)) { | |
| 276 if (*full_path) { | |
| 277 operator delete(*full_path, NT_ALLOC); | |
| 278 *full_path = NULL; | |
| 279 } | |
| 280 if (handle_name) { | |
| 281 operator delete(handle_name, NT_ALLOC); | |
| 282 handle_name = NULL; | |
| 283 } | |
| 284 } | |
| 285 | |
| 286 return ret; | |
| 287 } | |
| 288 | |
| 218 // Hacky code... replace with AllocAndCopyObjectAttributes. | 289 // Hacky code... replace with AllocAndCopyObjectAttributes. |
| 219 NTSTATUS AllocAndCopyName(const OBJECT_ATTRIBUTES* in_object, | 290 NTSTATUS AllocAndCopyName(const OBJECT_ATTRIBUTES* in_object, |
| 220 wchar_t** out_name, uint32* attributes, | 291 wchar_t** out_name, uint32* attributes, |
| 221 HANDLE* root) { | 292 HANDLE* root) { |
| 222 if (!InitHeap()) | 293 if (!InitHeap()) |
| 223 return STATUS_NO_MEMORY; | 294 return STATUS_NO_MEMORY; |
| 224 | 295 |
| 225 DCHECK_NT(out_name); | 296 DCHECK_NT(out_name); |
| 226 *out_name = NULL; | 297 *out_name = NULL; |
| 227 NTSTATUS ret = STATUS_UNSUCCESSFUL; | 298 NTSTATUS ret = STATUS_UNSUCCESSFUL; |
| (...skipping 370 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 598 UNREFERENCED_PARAMETER(type); | 669 UNREFERENCED_PARAMETER(type); |
| 599 return buffer; | 670 return buffer; |
| 600 } | 671 } |
| 601 | 672 |
| 602 void __cdecl operator delete(void* memory, void* buffer, | 673 void __cdecl operator delete(void* memory, void* buffer, |
| 603 sandbox::AllocationType type) { | 674 sandbox::AllocationType type) { |
| 604 UNREFERENCED_PARAMETER(memory); | 675 UNREFERENCED_PARAMETER(memory); |
| 605 UNREFERENCED_PARAMETER(buffer); | 676 UNREFERENCED_PARAMETER(buffer); |
| 606 UNREFERENCED_PARAMETER(type); | 677 UNREFERENCED_PARAMETER(type); |
| 607 } | 678 } |
| OLD | NEW |
