• file
• revisions
• annotate
• diff
• comparison
• raw

security/sandbox/win/src/interceptors_64.h@6474c204b198 (annotated)

security/sandbox/win/src/interceptors_64.h

Wed, 31 Dec 2014 06:09:35 +0100

author

Michael Schloh von Bennewitz <michael@schloh.com>

date

Wed, 31 Dec 2014 06:09:35 +0100

changeset 0

6474c204b198

permissions

-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

michael@0	1	// Copyright (c) 2011 The Chromium Authors. All rights reserved.
michael@0	2	// Use of this source code is governed by a BSD-style license that can be
michael@0	3	// found in the LICENSE file.
michael@0	4
michael@0	5	#include "sandbox/win/src/nt_internals.h"
michael@0	6	#include "sandbox/win/src/sandbox_types.h"
michael@0	7
michael@0	8	#ifndef SANDBOX_SRC_INTERCEPTORS_64_H_
michael@0	9	#define SANDBOX_SRC_INTERCEPTORS_64_H_
michael@0	10
michael@0	11	namespace sandbox {
michael@0	12
michael@0	13	extern "C" {
michael@0	14
michael@0	15	// Interception of NtMapViewOfSection on the child process.
michael@0	16	// It should never be called directly. This function provides the means to
michael@0	17	// detect dlls being loaded, so we can patch them if needed.
michael@0	18	SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtMapViewOfSection64(
michael@0	19	HANDLE section, HANDLE process, PVOID *base, ULONG_PTR zero_bits,
michael@0	20	SIZE_T commit_size, PLARGE_INTEGER offset, PSIZE_T view_size,
michael@0	21	SECTION_INHERIT inherit, ULONG allocation_type, ULONG protect);
michael@0	22
michael@0	23	// Interception of NtUnmapViewOfSection on the child process.
michael@0	24	// It should never be called directly. This function provides the means to
michael@0	25	// detect dlls being unloaded, so we can clean up our interceptions.
michael@0	26	SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtUnmapViewOfSection64(HANDLE process,
michael@0	27	PVOID base);
michael@0	28
michael@0	29	// -----------------------------------------------------------------------
michael@0	30	// Interceptors without IPC.
michael@0	31
michael@0	32	// Interception of NtSetInformationThread on the child process.
michael@0	33	SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtSetInformationThread64(
michael@0	34	HANDLE thread, NT_THREAD_INFORMATION_CLASS thread_info_class,
michael@0	35	PVOID thread_information, ULONG thread_information_bytes);
michael@0	36
michael@0	37	// Interception of NtOpenThreadToken on the child process.
michael@0	38	SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThreadToken64(
michael@0	39	HANDLE thread, ACCESS_MASK desired_access, BOOLEAN open_as_self,
michael@0	40	PHANDLE token);
michael@0	41
michael@0	42	// Interception of NtOpenThreadTokenEx on the child process.
michael@0	43	SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThreadTokenEx64(
michael@0	44	HANDLE thread, ACCESS_MASK desired_access, BOOLEAN open_as_self,
michael@0	45	ULONG handle_attributes, PHANDLE token);
michael@0	46
michael@0	47	// Interception of CreateThread on the child process.
michael@0	48	SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateThread64(
michael@0	49	LPSECURITY_ATTRIBUTES thread_attributes, SIZE_T stack_size,
michael@0	50	LPTHREAD_START_ROUTINE start_address, PVOID parameter,
michael@0	51	DWORD creation_flags, LPDWORD thread_id);
michael@0	52
michael@0	53	// Interception of GetUserDefaultLCID on the child process.
michael@0	54	SANDBOX_INTERCEPT LCID WINAPI TargetGetUserDefaultLCID64();
michael@0	55
michael@0	56	// -----------------------------------------------------------------------
michael@0	57	// Interceptors handled by the file system dispatcher.
michael@0	58
michael@0	59	// Interception of NtCreateFile on the child process.
michael@0	60	SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateFile64(
michael@0	61	PHANDLE file, ACCESS_MASK desired_access,
michael@0	62	POBJECT_ATTRIBUTES object_attributes, PIO_STATUS_BLOCK io_status,
michael@0	63	PLARGE_INTEGER allocation_size, ULONG file_attributes, ULONG sharing,
michael@0	64	ULONG disposition, ULONG options, PVOID ea_buffer, ULONG ea_length);
michael@0	65
michael@0	66	// Interception of NtOpenFile on the child process.
michael@0	67	SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenFile64(
michael@0	68	PHANDLE file, ACCESS_MASK desired_access,
michael@0	69	POBJECT_ATTRIBUTES object_attributes, PIO_STATUS_BLOCK io_status,
michael@0	70	ULONG sharing, ULONG options);
michael@0	71
michael@0	72	// Interception of NtQueryAtttributesFile on the child process.
michael@0	73	SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtQueryAttributesFile64(
michael@0	74	POBJECT_ATTRIBUTES object_attributes,
michael@0	75	PFILE_BASIC_INFORMATION file_attributes);
michael@0	76
michael@0	77	// Interception of NtQueryFullAtttributesFile on the child process.
michael@0	78	SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtQueryFullAttributesFile64(
michael@0	79	POBJECT_ATTRIBUTES object_attributes,
michael@0	80	PFILE_NETWORK_OPEN_INFORMATION file_attributes);
michael@0	81
michael@0	82	// Interception of NtSetInformationFile on the child process.
michael@0	83	SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtSetInformationFile64(
michael@0	84	HANDLE file, PIO_STATUS_BLOCK io_status, PVOID file_information,
michael@0	85	ULONG length, FILE_INFORMATION_CLASS file_information_class);
michael@0	86
michael@0	87	// -----------------------------------------------------------------------
michael@0	88	// Interceptors handled by the named pipe dispatcher.
michael@0	89
michael@0	90	// Interception of CreateNamedPipeW in kernel32.dll
michael@0	91	SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateNamedPipeW64(
michael@0	92	LPCWSTR pipe_name, DWORD open_mode, DWORD pipe_mode, DWORD max_instance,
michael@0	93	DWORD out_buffer_size, DWORD in_buffer_size, DWORD default_timeout,
michael@0	94	LPSECURITY_ATTRIBUTES security_attributes);
michael@0	95
michael@0	96	// -----------------------------------------------------------------------
michael@0	97	// Interceptors handled by the process-thread dispatcher.
michael@0	98
michael@0	99	// Interception of NtOpenThread on the child process.
michael@0	100	SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThread64(
michael@0	101	PHANDLE thread, ACCESS_MASK desired_access,
michael@0	102	POBJECT_ATTRIBUTES object_attributes, PCLIENT_ID client_id);
michael@0	103
michael@0	104	// Interception of NtOpenProcess on the child process.
michael@0	105	SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcess64(
michael@0	106	PHANDLE process, ACCESS_MASK desired_access,
michael@0	107	POBJECT_ATTRIBUTES object_attributes, PCLIENT_ID client_id);
michael@0	108
michael@0	109	// Interception of NtOpenProcessToken on the child process.
michael@0	110	SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessToken64(
michael@0	111	HANDLE process, ACCESS_MASK desired_access, PHANDLE token);
michael@0	112
michael@0	113	// Interception of NtOpenProcessTokenEx on the child process.
michael@0	114	SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessTokenEx64(
michael@0	115	HANDLE process, ACCESS_MASK desired_access, ULONG handle_attributes,
michael@0	116	PHANDLE token);
michael@0	117
michael@0	118	// Interception of CreateProcessW in kernel32.dll.
michael@0	119	SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessW64(
michael@0	120	LPCWSTR application_name, LPWSTR command_line,
michael@0	121	LPSECURITY_ATTRIBUTES process_attributes,
michael@0	122	LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags,
michael@0	123	LPVOID environment, LPCWSTR current_directory, LPSTARTUPINFOW startup_info,
michael@0	124	LPPROCESS_INFORMATION process_information);
michael@0	125
michael@0	126	// Interception of CreateProcessA in kernel32.dll.
michael@0	127	SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessA64(
michael@0	128	LPCSTR application_name, LPSTR command_line,
michael@0	129	LPSECURITY_ATTRIBUTES process_attributes,
michael@0	130	LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags,
michael@0	131	LPVOID environment, LPCSTR current_directory, LPSTARTUPINFOA startup_info,
michael@0	132	LPPROCESS_INFORMATION process_information);
michael@0	133
michael@0	134	// -----------------------------------------------------------------------
michael@0	135	// Interceptors handled by the registry dispatcher.
michael@0	136
michael@0	137	// Interception of NtCreateKey on the child process.
michael@0	138	SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateKey64(
michael@0	139	PHANDLE key, ACCESS_MASK desired_access,
michael@0	140	POBJECT_ATTRIBUTES object_attributes, ULONG title_index,
michael@0	141	PUNICODE_STRING class_name, ULONG create_options, PULONG disposition);
michael@0	142
michael@0	143	// Interception of NtOpenKey on the child process.
michael@0	144	SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKey64(
michael@0	145	PHANDLE key, ACCESS_MASK desired_access,
michael@0	146	POBJECT_ATTRIBUTES object_attributes);
michael@0	147
michael@0	148	// Interception of NtOpenKeyEx on the child process.
michael@0	149	SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKeyEx64(
michael@0	150	PHANDLE key, ACCESS_MASK desired_access,
michael@0	151	POBJECT_ATTRIBUTES object_attributes, ULONG open_options);
michael@0	152
michael@0	153	// -----------------------------------------------------------------------
michael@0	154	// Interceptors handled by the sync dispatcher.
michael@0	155
michael@0	156	// Interception of CreateEventW on the child process.
michael@0	157	SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventW64(
michael@0	158	LPSECURITY_ATTRIBUTES security_attributes, BOOL manual_reset,
michael@0	159	BOOL initial_state, LPCWSTR name);
michael@0	160
michael@0	161	// Interception of OpenEventW on the child process.
michael@0	162	SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventW64(
michael@0	163	ACCESS_MASK desired_access, BOOL inherit_handle, LPCWSTR name);
michael@0	164
michael@0	165	} // extern "C"
michael@0	166
michael@0	167	} // namespace sandbox
michael@0	168
michael@0	169	#endif // SANDBOX_SRC_INTERCEPTORS_64_H_