The Tor Browser / file comparison
comparison: security/sandbox/win/src/sidestep/preamble_patcher.h
security/sandbox/win/src/sidestep/preamble_patcher.h
- changeset 0
- 6474c204b198
equal
deleted
inserted
replaced
| -1:000000000000 | 0:75587bce454f |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 // Definition of PreamblePatcher | |
| 6 | |
| 7 #ifndef SANDBOX_SRC_SIDESTEP_PREAMBLE_PATCHER_H__ | |
| 8 #define SANDBOX_SRC_SIDESTEP_PREAMBLE_PATCHER_H__ | |
| 9 | |
| 10 #include <stddef.h> | |
| 11 | |
| 12 namespace sidestep { | |
| 13 | |
| 14 // Maximum size of the preamble stub. We overwrite at least the first 5 | |
| 15 // bytes of the function. Considering the worst case scenario, we need 4 | |
| 16 // bytes + the max instruction size + 5 more bytes for our jump back to | |
| 17 // the original code. With that in mind, 32 is a good number :) | |
| 18 const size_t kMaxPreambleStubSize = 32; | |
| 19 | |
| 20 // Possible results of patching/unpatching | |
| 21 enum SideStepError { | |
| 22 SIDESTEP_SUCCESS = 0, | |
| 23 SIDESTEP_INVALID_PARAMETER, | |
| 24 SIDESTEP_INSUFFICIENT_BUFFER, | |
| 25 SIDESTEP_JUMP_INSTRUCTION, | |
| 26 SIDESTEP_FUNCTION_TOO_SMALL, | |
| 27 SIDESTEP_UNSUPPORTED_INSTRUCTION, | |
| 28 SIDESTEP_NO_SUCH_MODULE, | |
| 29 SIDESTEP_NO_SUCH_FUNCTION, | |
| 30 SIDESTEP_ACCESS_DENIED, | |
| 31 SIDESTEP_UNEXPECTED, | |
| 32 }; | |
| 33 | |
| 34 // Implements a patching mechanism that overwrites the first few bytes of | |
| 35 // a function preamble with a jump to our hook function, which is then | |
| 36 // able to call the original function via a specially-made preamble-stub | |
| 37 // that imitates the action of the original preamble. | |
| 38 // | |
| 39 // Note that there are a number of ways that this method of patching can | |
| 40 // fail. The most common are: | |
| 41 // - If there is a jump (jxx) instruction in the first 5 bytes of | |
| 42 // the function being patched, we cannot patch it because in the | |
| 43 // current implementation we do not know how to rewrite relative | |
| 44 // jumps after relocating them to the preamble-stub. Note that | |
| 45 // if you really really need to patch a function like this, it | |
| 46 // would be possible to add this functionality (but at some cost). | |
| 47 // - If there is a return (ret) instruction in the first 5 bytes | |
| 48 // we cannot patch the function because it may not be long enough | |
| 49 // for the jmp instruction we use to inject our patch. | |
| 50 // - If there is another thread currently executing within the bytes | |
| 51 // that are copied to the preamble stub, it will crash in an undefined | |
| 52 // way. | |
| 53 // | |
| 54 // If you get any other error than the above, you're either pointing the | |
| 55 // patcher at an invalid instruction (e.g. into the middle of a multi- | |
| 56 // byte instruction, or not at memory containing executable instructions) | |
| 57 // or, there may be a bug in the disassembler we use to find | |
| 58 // instruction boundaries. | |
| 59 class PreamblePatcher { | |
| 60 public: | |
| 61 // Patches target_function to point to replacement_function using a provided | |
| 62 // preamble_stub of stub_size bytes. | |
| 63 // Returns An error code indicating the result of patching. | |
| 64 template <class T> | |
| 65 static SideStepError Patch(T target_function, T replacement_function, | |
| 66 void* preamble_stub, size_t stub_size) { | |
| 67 return RawPatchWithStub(target_function, replacement_function, | |
| 68 reinterpret_cast<unsigned char*>(preamble_stub), | |
| 69 stub_size, NULL); | |
| 70 } | |
| 71 | |
| 72 private: | |
| 73 | |
| 74 // Patches a function by overwriting its first few bytes with | |
| 75 // a jump to a different function. This is similar to the RawPatch | |
| 76 // function except that it uses the stub allocated by the caller | |
| 77 // instead of allocating it. | |
| 78 // | |
| 79 // To use this function, you first have to call VirtualProtect to make the | |
| 80 // target function writable at least for the duration of the call. | |
| 81 // | |
| 82 // target_function: A pointer to the function that should be | |
| 83 // patched. | |
| 84 // | |
| 85 // replacement_function: A pointer to the function that should | |
| 86 // replace the target function. The replacement function must have | |
| 87 // exactly the same calling convention and parameters as the original | |
| 88 // function. | |
| 89 // | |
| 90 // preamble_stub: A pointer to a buffer where the preamble stub | |
| 91 // should be copied. The size of the buffer should be sufficient to | |
| 92 // hold the preamble bytes. | |
| 93 // | |
| 94 // stub_size: Size in bytes of the buffer allocated for the | |
| 95 // preamble_stub | |
| 96 // | |
| 97 // bytes_needed: Pointer to a variable that receives the minimum | |
| 98 // number of bytes required for the stub. Can be set to NULL if you're | |
| 99 // not interested. | |
| 100 // | |
| 101 // Returns An error code indicating the result of patching. | |
| 102 static SideStepError RawPatchWithStub(void* target_function, | |
| 103 void *replacement_function, | |
| 104 unsigned char* preamble_stub, | |
| 105 size_t stub_size, | |
| 106 size_t* bytes_needed); | |
| 107 }; | |
| 108 | |
| 109 }; // namespace sidestep | |
| 110 | |
| 111 #endif // SANDBOX_SRC_SIDESTEP_PREAMBLE_PATCHER_H__ |
