• file
• revisions
• annotate
• diff
• comparison
• raw

security/sandbox/win/src/interception_unittest.cc@6474c204b198 (annotated)

security/sandbox/win/src/interception_unittest.cc

Wed, 31 Dec 2014 06:09:35 +0100

author

Michael Schloh von Bennewitz <michael@schloh.com>

date

Wed, 31 Dec 2014 06:09:35 +0100

changeset 0

6474c204b198

permissions

-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

michael@0	1	// Copyright (c) 2011 The Chromium Authors. All rights reserved.
michael@0	2	// Use of this source code is governed by a BSD-style license that can be
michael@0	3	// found in the LICENSE file.
michael@0	4
michael@0	5	// This file contains unit tests for InterceptionManager.
michael@0	6	// The tests require private information so the whole interception.cc file is
michael@0	7	// included from this file.
michael@0	8
michael@0	9	#include <windows.h>
michael@0	10
michael@0	11	#include "base/memory/scoped_ptr.h"
michael@0	12	#include "sandbox/win/src/interception.h"
michael@0	13	#include "sandbox/win/src/interceptors.h"
michael@0	14	#include "sandbox/win/src/interception_internal.h"
michael@0	15	#include "sandbox/win/src/target_process.h"
michael@0	16	#include "testing/gtest/include/gtest/gtest.h"
michael@0	17
michael@0	18	namespace sandbox {
michael@0	19
michael@0	20	// Walks the settings buffer, verifying that the values make sense and counting
michael@0	21	// objects.
michael@0	22	// Arguments:
michael@0	23	// buffer (in): the buffer to walk.
michael@0	24	// size (in): buffer size
michael@0	25	// num_dlls (out): count of the dlls on the buffer.
michael@0	26	// num_function (out): count of intercepted functions.
michael@0	27	// num_names (out): count of named interceptor functions.
michael@0	28	void WalkBuffer(void* buffer, size_t size, int* num_dlls, int* num_functions,
michael@0	29	int* num_names) {
michael@0	30	ASSERT_TRUE(NULL != buffer);
michael@0	31	ASSERT_TRUE(NULL != num_functions);
michael@0	32	ASSERT_TRUE(NULL != num_names);
michael@0	33	*num_dlls = *num_functions = *num_names = 0;
michael@0	34	SharedMemory *memory = reinterpret_cast<SharedMemory*>(buffer);
michael@0	35
michael@0	36	ASSERT_GT(size, sizeof(SharedMemory));
michael@0	37	DllPatchInfo *dll = &memory->dll_list[0];
michael@0	38
michael@0	39	for (int i = 0; i < memory->num_intercepted_dlls; i++) {
michael@0	40	ASSERT_NE(0u, wcslen(dll->dll_name));
michael@0	41	ASSERT_EQ(0u, dll->record_bytes % sizeof(size_t));
michael@0	42	ASSERT_EQ(0u, dll->offset_to_functions % sizeof(size_t));
michael@0	43	ASSERT_NE(0, dll->num_functions);
michael@0	44
michael@0	45	FunctionInfo *function = reinterpret_cast<FunctionInfo*>(
michael@0	46	reinterpret_cast<char*>(dll) + dll->offset_to_functions);
michael@0	47
michael@0	48	for (int j = 0; j < dll->num_functions; j++) {
michael@0	49	ASSERT_EQ(0u, function->record_bytes % sizeof(size_t));
michael@0	50
michael@0	51	char* name = function->function;
michael@0	52	size_t length = strlen(name);
michael@0	53	ASSERT_NE(0u, length);
michael@0	54	name += length + 1;
michael@0	55
michael@0	56	// look for overflows
michael@0	57	ASSERT_GT(reinterpret_cast<char*>(buffer) + size, name + strlen(name));
michael@0	58
michael@0	59	// look for a named interceptor
michael@0	60	if (strlen(name)) {
michael@0	61	(*num_names)++;
michael@0	62	EXPECT_TRUE(NULL == function->interceptor_address);
michael@0	63	} else {
michael@0	64	EXPECT_TRUE(NULL != function->interceptor_address);
michael@0	65	}
michael@0	66
michael@0	67	(*num_functions)++;
michael@0	68	function = reinterpret_cast<FunctionInfo*>(
michael@0	69	reinterpret_cast<char*>(function) + function->record_bytes);
michael@0	70	}
michael@0	71
michael@0	72	(*num_dlls)++;
michael@0	73	dll = reinterpret_cast<DllPatchInfo*>(reinterpret_cast<char*>(dll) +
michael@0	74	dll->record_bytes);
michael@0	75	}
michael@0	76	}
michael@0	77
michael@0	78	TEST(InterceptionManagerTest, BufferLayout1) {
michael@0	79	wchar_t exe_name[MAX_PATH];
michael@0	80	ASSERT_NE(0u, GetModuleFileName(NULL, exe_name, MAX_PATH - 1));
michael@0	81
michael@0	82	TargetProcess *target = MakeTestTargetProcess(::GetCurrentProcess(),
michael@0	83	::GetModuleHandle(exe_name));
michael@0	84
michael@0	85	InterceptionManager interceptions(target, true);
michael@0	86
michael@0	87	// Any pointer will do for a function pointer.
michael@0	88	void* function = &interceptions;
michael@0	89
michael@0	90	// We don't care about the interceptor id.
michael@0	91	interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtCreateFile",
michael@0	92	INTERCEPTION_SERVICE_CALL, function,
michael@0	93	OPEN_KEY_ID);
michael@0	94	interceptions.AddToPatchedFunctions(L"kernel32.dll", "CreateFileEx",
michael@0	95	INTERCEPTION_EAT, function, OPEN_KEY_ID);
michael@0	96	interceptions.AddToPatchedFunctions(L"kernel32.dll", "SomeFileEx",
michael@0	97	INTERCEPTION_SMART_SIDESTEP, function,
michael@0	98	OPEN_KEY_ID);
michael@0	99	interceptions.AddToPatchedFunctions(L"user32.dll", "FindWindow",
michael@0	100	INTERCEPTION_EAT, function, OPEN_KEY_ID);
michael@0	101	interceptions.AddToPatchedFunctions(L"kernel32.dll", "CreateMutex",
michael@0	102	INTERCEPTION_EAT, function, OPEN_KEY_ID);
michael@0	103	interceptions.AddToPatchedFunctions(L"user32.dll", "PostMsg",
michael@0	104	INTERCEPTION_EAT, function, OPEN_KEY_ID);
michael@0	105	interceptions.AddToPatchedFunctions(L"user32.dll", "PostMsg",
michael@0	106	INTERCEPTION_EAT, "replacement",
michael@0	107	OPEN_KEY_ID);
michael@0	108	interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg",
michael@0	109	INTERCEPTION_EAT, function, OPEN_KEY_ID);
michael@0	110	interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtClose",
michael@0	111	INTERCEPTION_SERVICE_CALL, function,
michael@0	112	OPEN_KEY_ID);
michael@0	113	interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtOpenFile",
michael@0	114	INTERCEPTION_SIDESTEP, function,
michael@0	115	OPEN_KEY_ID);
michael@0	116	interceptions.AddToPatchedFunctions(L"some.dll", "Superfn",
michael@0	117	INTERCEPTION_EAT, function, OPEN_KEY_ID);
michael@0	118	interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg",
michael@0	119	INTERCEPTION_EAT, "a", OPEN_KEY_ID);
michael@0	120	interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg",
michael@0	121	INTERCEPTION_SIDESTEP, "ab", OPEN_KEY_ID);
michael@0	122	interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg",
michael@0	123	INTERCEPTION_EAT, "abc", OPEN_KEY_ID);
michael@0	124	interceptions.AddToPatchedFunctions(L"a.dll", "p",
michael@0	125	INTERCEPTION_EAT, function, OPEN_KEY_ID);
michael@0	126	interceptions.AddToPatchedFunctions(L"b.dll",
michael@0	127	"TheIncredibleCallToSaveTheWorld",
michael@0	128	INTERCEPTION_EAT, function, OPEN_KEY_ID);
michael@0	129	interceptions.AddToPatchedFunctions(L"a.dll", "BIsLame",
michael@0	130	INTERCEPTION_EAT, function, OPEN_KEY_ID);
michael@0	131	interceptions.AddToPatchedFunctions(L"a.dll", "ARules",
michael@0	132	INTERCEPTION_EAT, function, OPEN_KEY_ID);
michael@0	133
michael@0	134	// Verify that all interceptions were added
michael@0	135	ASSERT_EQ(18, interceptions.interceptions_.size());
michael@0	136
michael@0	137	size_t buffer_size = interceptions.GetBufferSize();
michael@0	138	scoped_ptr<BYTE[]> local_buffer(new BYTE[buffer_size]);
michael@0	139
michael@0	140	ASSERT_TRUE(interceptions.SetupConfigBuffer(local_buffer.get(),
michael@0	141	buffer_size));
michael@0	142
michael@0	143	// At this point, the interceptions should have been separated into two
michael@0	144	// groups: one group with the local ("cold") interceptions, consisting of
michael@0	145	// everything from ntdll and stuff set as INTRECEPTION_SERVICE_CALL, and
michael@0	146	// another group with the interceptions belonging to dlls that will be "hot"
michael@0	147	// patched on the client. The second group lives on local_buffer, and the
michael@0	148	// first group remains on the list of interceptions (inside the object
michael@0	149	// "interceptions"). There are 3 local interceptions (of ntdll); the
michael@0	150	// other 15 have to be sent to the child to be performed "hot".
michael@0	151	EXPECT_EQ(3, interceptions.interceptions_.size());
michael@0	152
michael@0	153	int num_dlls, num_functions, num_names;
michael@0	154	WalkBuffer(local_buffer.get(), buffer_size, &num_dlls, &num_functions,
michael@0	155	&num_names);
michael@0	156
michael@0	157	// The 15 interceptions on the buffer (to the child) should be grouped on 6
michael@0	158	// dlls. Only four interceptions are using an explicit name for the
michael@0	159	// interceptor function.
michael@0	160	EXPECT_EQ(6, num_dlls);
michael@0	161	EXPECT_EQ(15, num_functions);
michael@0	162	EXPECT_EQ(4, num_names);
michael@0	163	}
michael@0	164
michael@0	165	TEST(InterceptionManagerTest, BufferLayout2) {
michael@0	166	wchar_t exe_name[MAX_PATH];
michael@0	167	ASSERT_NE(0u, GetModuleFileName(NULL, exe_name, MAX_PATH - 1));
michael@0	168
michael@0	169	TargetProcess *target = MakeTestTargetProcess(::GetCurrentProcess(),
michael@0	170	::GetModuleHandle(exe_name));
michael@0	171
michael@0	172	InterceptionManager interceptions(target, true);
michael@0	173
michael@0	174	// Any pointer will do for a function pointer.
michael@0	175	void* function = &interceptions;
michael@0	176	interceptions.AddToUnloadModules(L"some01.dll");
michael@0	177	// We don't care about the interceptor id.
michael@0	178	interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtCreateFile",
michael@0	179	INTERCEPTION_SERVICE_CALL, function,
michael@0	180	OPEN_FILE_ID);
michael@0	181	interceptions.AddToPatchedFunctions(L"kernel32.dll", "CreateFileEx",
michael@0	182	INTERCEPTION_EAT, function, OPEN_FILE_ID);
michael@0	183	interceptions.AddToUnloadModules(L"some02.dll");
michael@0	184	interceptions.AddToPatchedFunctions(L"kernel32.dll", "SomeFileEx",
michael@0	185	INTERCEPTION_SMART_SIDESTEP, function,
michael@0	186	OPEN_FILE_ID);
michael@0	187	// Verify that all interceptions were added
michael@0	188	ASSERT_EQ(5, interceptions.interceptions_.size());
michael@0	189
michael@0	190	size_t buffer_size = interceptions.GetBufferSize();
michael@0	191	scoped_ptr<BYTE[]> local_buffer(new BYTE[buffer_size]);
michael@0	192
michael@0	193	ASSERT_TRUE(interceptions.SetupConfigBuffer(local_buffer.get(),
michael@0	194	buffer_size));
michael@0	195
michael@0	196	// At this point, the interceptions should have been separated into two
michael@0	197	// groups: one group with the local ("cold") interceptions, and another
michael@0	198	// group with the interceptions belonging to dlls that will be "hot"
michael@0	199	// patched on the client. The second group lives on local_buffer, and the
michael@0	200	// first group remains on the list of interceptions, in this case just one.
michael@0	201	EXPECT_EQ(1, interceptions.interceptions_.size());
michael@0	202
michael@0	203	int num_dlls, num_functions, num_names;
michael@0	204	WalkBuffer(local_buffer.get(), buffer_size, &num_dlls, &num_functions,
michael@0	205	&num_names);
michael@0	206
michael@0	207	EXPECT_EQ(3, num_dlls);
michael@0	208	EXPECT_EQ(4, num_functions);
michael@0	209	EXPECT_EQ(0, num_names);
michael@0	210	}
michael@0	211
michael@0	212	} // namespace sandbox