security/sandbox/win/src/target_interceptions.cc@6474c204b198 (annotated)
security/sandbox/win/src/target_interceptions.cc
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| michael@0 | 2 | // Use of this source code is governed by a BSD-style license that can be |
| michael@0 | 3 | // found in the LICENSE file. |
| michael@0 | 4 | |
| michael@0 | 5 | #include "sandbox/win/src/target_interceptions.h" |
| michael@0 | 6 | |
| michael@0 | 7 | #include "sandbox/win/src/interception_agent.h" |
| michael@0 | 8 | #include "sandbox/win/src/sandbox_factory.h" |
| michael@0 | 9 | #include "sandbox/win/src/sandbox_nt_util.h" |
| michael@0 | 10 | #include "sandbox/win/src/target_services.h" |
| michael@0 | 11 | |
| michael@0 | 12 | namespace sandbox { |
| michael@0 | 13 | |
| michael@0 | 14 | SANDBOX_INTERCEPT NtExports g_nt; |
| michael@0 | 15 | |
| michael@0 | 16 | // Hooks NtMapViewOfSection to detect the load of DLLs. If hot patching is |
| michael@0 | 17 | // required for this dll, this functions patches it. |
| michael@0 | 18 | NTSTATUS WINAPI TargetNtMapViewOfSection( |
| michael@0 | 19 | NtMapViewOfSectionFunction orig_MapViewOfSection, HANDLE section, |
| michael@0 | 20 | HANDLE process, PVOID *base, ULONG_PTR zero_bits, SIZE_T commit_size, |
| michael@0 | 21 | PLARGE_INTEGER offset, PSIZE_T view_size, SECTION_INHERIT inherit, |
| michael@0 | 22 | ULONG allocation_type, ULONG protect) { |
| michael@0 | 23 | NTSTATUS ret = orig_MapViewOfSection(section, process, base, zero_bits, |
| michael@0 | 24 | commit_size, offset, view_size, inherit, |
| michael@0 | 25 | allocation_type, protect); |
| michael@0 | 26 | |
| michael@0 | 27 | static int s_load_count = 0; |
| michael@0 | 28 | if (1 == s_load_count) { |
| michael@0 | 29 | SandboxFactory::GetTargetServices()->GetState()->SetKernel32Loaded(); |
| michael@0 | 30 | s_load_count = 2; |
| michael@0 | 31 | } |
| michael@0 | 32 | |
| michael@0 | 33 | do { |
| michael@0 | 34 | if (!NT_SUCCESS(ret)) |
| michael@0 | 35 | break; |
| michael@0 | 36 | |
| michael@0 | 37 | if (!InitHeap()) |
| michael@0 | 38 | break; |
| michael@0 | 39 | |
| michael@0 | 40 | if (!IsSameProcess(process)) |
| michael@0 | 41 | break; |
| michael@0 | 42 | |
| michael@0 | 43 | if (!IsValidImageSection(section, base, offset, view_size)) |
| michael@0 | 44 | break; |
| michael@0 | 45 | |
| michael@0 | 46 | UINT image_flags; |
| michael@0 | 47 | UNICODE_STRING* module_name = |
| michael@0 | 48 | GetImageInfoFromModule(reinterpret_cast<HMODULE>(*base), &image_flags); |
| michael@0 | 49 | UNICODE_STRING* file_name = GetBackingFilePath(*base); |
| michael@0 | 50 | |
| michael@0 | 51 | if ((!module_name) && (image_flags & MODULE_HAS_CODE)) { |
| michael@0 | 52 | // If the module has no exports we retrieve the module name from the |
| michael@0 | 53 | // full path of the mapped section. |
| michael@0 | 54 | module_name = ExtractModuleName(file_name); |
| michael@0 | 55 | } |
| michael@0 | 56 | |
| michael@0 | 57 | InterceptionAgent* agent = InterceptionAgent::GetInterceptionAgent(); |
| michael@0 | 58 | |
| michael@0 | 59 | if (agent) { |
| michael@0 | 60 | if (!agent->OnDllLoad(file_name, module_name, *base)) { |
| michael@0 | 61 | // Interception agent is demanding to un-map the module. |
| michael@0 | 62 | g_nt.UnmapViewOfSection(process, *base); |
| michael@0 | 63 | ret = STATUS_UNSUCCESSFUL; |
| michael@0 | 64 | } |
| michael@0 | 65 | } |
| michael@0 | 66 | |
| michael@0 | 67 | if (module_name) |
| michael@0 | 68 | operator delete(module_name, NT_ALLOC); |
| michael@0 | 69 | |
| michael@0 | 70 | if (file_name) |
| michael@0 | 71 | operator delete(file_name, NT_ALLOC); |
| michael@0 | 72 | |
| michael@0 | 73 | } while (false); |
| michael@0 | 74 | |
| michael@0 | 75 | if (!s_load_count) |
| michael@0 | 76 | s_load_count = 1; |
| michael@0 | 77 | |
| michael@0 | 78 | return ret; |
| michael@0 | 79 | } |
| michael@0 | 80 | |
| michael@0 | 81 | NTSTATUS WINAPI TargetNtUnmapViewOfSection( |
| michael@0 | 82 | NtUnmapViewOfSectionFunction orig_UnmapViewOfSection, HANDLE process, |
| michael@0 | 83 | PVOID base) { |
| michael@0 | 84 | NTSTATUS ret = orig_UnmapViewOfSection(process, base); |
| michael@0 | 85 | |
| michael@0 | 86 | if (!NT_SUCCESS(ret)) |
| michael@0 | 87 | return ret; |
| michael@0 | 88 | |
| michael@0 | 89 | if (!IsSameProcess(process)) |
| michael@0 | 90 | return ret; |
| michael@0 | 91 | |
| michael@0 | 92 | InterceptionAgent* agent = InterceptionAgent::GetInterceptionAgent(); |
| michael@0 | 93 | |
| michael@0 | 94 | if (agent) |
| michael@0 | 95 | agent->OnDllUnload(base); |
| michael@0 | 96 | |
| michael@0 | 97 | return ret; |
| michael@0 | 98 | } |
| michael@0 | 99 | |
| michael@0 | 100 | } // namespace sandbox |
