1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/sandbox/win/src/interception_unittest.cc Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,212 @@
1.4 +// Copyright (c) 2011 The Chromium Authors. All rights reserved.
1.5 +// Use of this source code is governed by a BSD-style license that can be
1.6 +// found in the LICENSE file.
1.7 +
1.8 +// This file contains unit tests for InterceptionManager.
1.9 +// The tests require private information so the whole interception.cc file is
1.10 +// included from this file.
1.11 +
1.12 +#include <windows.h>
1.13 +
1.14 +#include "base/memory/scoped_ptr.h"
1.15 +#include "sandbox/win/src/interception.h"
1.16 +#include "sandbox/win/src/interceptors.h"
1.17 +#include "sandbox/win/src/interception_internal.h"
1.18 +#include "sandbox/win/src/target_process.h"
1.19 +#include "testing/gtest/include/gtest/gtest.h"
1.20 +
1.21 +namespace sandbox {
1.22 +
1.23 +// Walks the settings buffer, verifying that the values make sense and counting
1.24 +// objects.
1.25 +// Arguments:
1.26 +// buffer (in): the buffer to walk.
1.27 +// size (in): buffer size
1.28 +// num_dlls (out): count of the dlls on the buffer.
1.29 +// num_function (out): count of intercepted functions.
1.30 +// num_names (out): count of named interceptor functions.
1.31 +void WalkBuffer(void* buffer, size_t size, int* num_dlls, int* num_functions,
1.32 + int* num_names) {
1.33 + ASSERT_TRUE(NULL != buffer);
1.34 + ASSERT_TRUE(NULL != num_functions);
1.35 + ASSERT_TRUE(NULL != num_names);
1.36 + *num_dlls = *num_functions = *num_names = 0;
1.37 + SharedMemory *memory = reinterpret_cast<SharedMemory*>(buffer);
1.38 +
1.39 + ASSERT_GT(size, sizeof(SharedMemory));
1.40 + DllPatchInfo *dll = &memory->dll_list[0];
1.41 +
1.42 + for (int i = 0; i < memory->num_intercepted_dlls; i++) {
1.43 + ASSERT_NE(0u, wcslen(dll->dll_name));
1.44 + ASSERT_EQ(0u, dll->record_bytes % sizeof(size_t));
1.45 + ASSERT_EQ(0u, dll->offset_to_functions % sizeof(size_t));
1.46 + ASSERT_NE(0, dll->num_functions);
1.47 +
1.48 + FunctionInfo *function = reinterpret_cast<FunctionInfo*>(
1.49 + reinterpret_cast<char*>(dll) + dll->offset_to_functions);
1.50 +
1.51 + for (int j = 0; j < dll->num_functions; j++) {
1.52 + ASSERT_EQ(0u, function->record_bytes % sizeof(size_t));
1.53 +
1.54 + char* name = function->function;
1.55 + size_t length = strlen(name);
1.56 + ASSERT_NE(0u, length);
1.57 + name += length + 1;
1.58 +
1.59 + // look for overflows
1.60 + ASSERT_GT(reinterpret_cast<char*>(buffer) + size, name + strlen(name));
1.61 +
1.62 + // look for a named interceptor
1.63 + if (strlen(name)) {
1.64 + (*num_names)++;
1.65 + EXPECT_TRUE(NULL == function->interceptor_address);
1.66 + } else {
1.67 + EXPECT_TRUE(NULL != function->interceptor_address);
1.68 + }
1.69 +
1.70 + (*num_functions)++;
1.71 + function = reinterpret_cast<FunctionInfo*>(
1.72 + reinterpret_cast<char*>(function) + function->record_bytes);
1.73 + }
1.74 +
1.75 + (*num_dlls)++;
1.76 + dll = reinterpret_cast<DllPatchInfo*>(reinterpret_cast<char*>(dll) +
1.77 + dll->record_bytes);
1.78 + }
1.79 +}
1.80 +
1.81 +TEST(InterceptionManagerTest, BufferLayout1) {
1.82 + wchar_t exe_name[MAX_PATH];
1.83 + ASSERT_NE(0u, GetModuleFileName(NULL, exe_name, MAX_PATH - 1));
1.84 +
1.85 + TargetProcess *target = MakeTestTargetProcess(::GetCurrentProcess(),
1.86 + ::GetModuleHandle(exe_name));
1.87 +
1.88 + InterceptionManager interceptions(target, true);
1.89 +
1.90 + // Any pointer will do for a function pointer.
1.91 + void* function = &interceptions;
1.92 +
1.93 + // We don't care about the interceptor id.
1.94 + interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtCreateFile",
1.95 + INTERCEPTION_SERVICE_CALL, function,
1.96 + OPEN_KEY_ID);
1.97 + interceptions.AddToPatchedFunctions(L"kernel32.dll", "CreateFileEx",
1.98 + INTERCEPTION_EAT, function, OPEN_KEY_ID);
1.99 + interceptions.AddToPatchedFunctions(L"kernel32.dll", "SomeFileEx",
1.100 + INTERCEPTION_SMART_SIDESTEP, function,
1.101 + OPEN_KEY_ID);
1.102 + interceptions.AddToPatchedFunctions(L"user32.dll", "FindWindow",
1.103 + INTERCEPTION_EAT, function, OPEN_KEY_ID);
1.104 + interceptions.AddToPatchedFunctions(L"kernel32.dll", "CreateMutex",
1.105 + INTERCEPTION_EAT, function, OPEN_KEY_ID);
1.106 + interceptions.AddToPatchedFunctions(L"user32.dll", "PostMsg",
1.107 + INTERCEPTION_EAT, function, OPEN_KEY_ID);
1.108 + interceptions.AddToPatchedFunctions(L"user32.dll", "PostMsg",
1.109 + INTERCEPTION_EAT, "replacement",
1.110 + OPEN_KEY_ID);
1.111 + interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg",
1.112 + INTERCEPTION_EAT, function, OPEN_KEY_ID);
1.113 + interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtClose",
1.114 + INTERCEPTION_SERVICE_CALL, function,
1.115 + OPEN_KEY_ID);
1.116 + interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtOpenFile",
1.117 + INTERCEPTION_SIDESTEP, function,
1.118 + OPEN_KEY_ID);
1.119 + interceptions.AddToPatchedFunctions(L"some.dll", "Superfn",
1.120 + INTERCEPTION_EAT, function, OPEN_KEY_ID);
1.121 + interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg",
1.122 + INTERCEPTION_EAT, "a", OPEN_KEY_ID);
1.123 + interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg",
1.124 + INTERCEPTION_SIDESTEP, "ab", OPEN_KEY_ID);
1.125 + interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg",
1.126 + INTERCEPTION_EAT, "abc", OPEN_KEY_ID);
1.127 + interceptions.AddToPatchedFunctions(L"a.dll", "p",
1.128 + INTERCEPTION_EAT, function, OPEN_KEY_ID);
1.129 + interceptions.AddToPatchedFunctions(L"b.dll",
1.130 + "TheIncredibleCallToSaveTheWorld",
1.131 + INTERCEPTION_EAT, function, OPEN_KEY_ID);
1.132 + interceptions.AddToPatchedFunctions(L"a.dll", "BIsLame",
1.133 + INTERCEPTION_EAT, function, OPEN_KEY_ID);
1.134 + interceptions.AddToPatchedFunctions(L"a.dll", "ARules",
1.135 + INTERCEPTION_EAT, function, OPEN_KEY_ID);
1.136 +
1.137 + // Verify that all interceptions were added
1.138 + ASSERT_EQ(18, interceptions.interceptions_.size());
1.139 +
1.140 + size_t buffer_size = interceptions.GetBufferSize();
1.141 + scoped_ptr<BYTE[]> local_buffer(new BYTE[buffer_size]);
1.142 +
1.143 + ASSERT_TRUE(interceptions.SetupConfigBuffer(local_buffer.get(),
1.144 + buffer_size));
1.145 +
1.146 + // At this point, the interceptions should have been separated into two
1.147 + // groups: one group with the local ("cold") interceptions, consisting of
1.148 + // everything from ntdll and stuff set as INTRECEPTION_SERVICE_CALL, and
1.149 + // another group with the interceptions belonging to dlls that will be "hot"
1.150 + // patched on the client. The second group lives on local_buffer, and the
1.151 + // first group remains on the list of interceptions (inside the object
1.152 + // "interceptions"). There are 3 local interceptions (of ntdll); the
1.153 + // other 15 have to be sent to the child to be performed "hot".
1.154 + EXPECT_EQ(3, interceptions.interceptions_.size());
1.155 +
1.156 + int num_dlls, num_functions, num_names;
1.157 + WalkBuffer(local_buffer.get(), buffer_size, &num_dlls, &num_functions,
1.158 + &num_names);
1.159 +
1.160 + // The 15 interceptions on the buffer (to the child) should be grouped on 6
1.161 + // dlls. Only four interceptions are using an explicit name for the
1.162 + // interceptor function.
1.163 + EXPECT_EQ(6, num_dlls);
1.164 + EXPECT_EQ(15, num_functions);
1.165 + EXPECT_EQ(4, num_names);
1.166 +}
1.167 +
1.168 +TEST(InterceptionManagerTest, BufferLayout2) {
1.169 + wchar_t exe_name[MAX_PATH];
1.170 + ASSERT_NE(0u, GetModuleFileName(NULL, exe_name, MAX_PATH - 1));
1.171 +
1.172 + TargetProcess *target = MakeTestTargetProcess(::GetCurrentProcess(),
1.173 + ::GetModuleHandle(exe_name));
1.174 +
1.175 + InterceptionManager interceptions(target, true);
1.176 +
1.177 + // Any pointer will do for a function pointer.
1.178 + void* function = &interceptions;
1.179 + interceptions.AddToUnloadModules(L"some01.dll");
1.180 + // We don't care about the interceptor id.
1.181 + interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtCreateFile",
1.182 + INTERCEPTION_SERVICE_CALL, function,
1.183 + OPEN_FILE_ID);
1.184 + interceptions.AddToPatchedFunctions(L"kernel32.dll", "CreateFileEx",
1.185 + INTERCEPTION_EAT, function, OPEN_FILE_ID);
1.186 + interceptions.AddToUnloadModules(L"some02.dll");
1.187 + interceptions.AddToPatchedFunctions(L"kernel32.dll", "SomeFileEx",
1.188 + INTERCEPTION_SMART_SIDESTEP, function,
1.189 + OPEN_FILE_ID);
1.190 + // Verify that all interceptions were added
1.191 + ASSERT_EQ(5, interceptions.interceptions_.size());
1.192 +
1.193 + size_t buffer_size = interceptions.GetBufferSize();
1.194 + scoped_ptr<BYTE[]> local_buffer(new BYTE[buffer_size]);
1.195 +
1.196 + ASSERT_TRUE(interceptions.SetupConfigBuffer(local_buffer.get(),
1.197 + buffer_size));
1.198 +
1.199 + // At this point, the interceptions should have been separated into two
1.200 + // groups: one group with the local ("cold") interceptions, and another
1.201 + // group with the interceptions belonging to dlls that will be "hot"
1.202 + // patched on the client. The second group lives on local_buffer, and the
1.203 + // first group remains on the list of interceptions, in this case just one.
1.204 + EXPECT_EQ(1, interceptions.interceptions_.size());
1.205 +
1.206 + int num_dlls, num_functions, num_names;
1.207 + WalkBuffer(local_buffer.get(), buffer_size, &num_dlls, &num_functions,
1.208 + &num_names);
1.209 +
1.210 + EXPECT_EQ(3, num_dlls);
1.211 + EXPECT_EQ(4, num_functions);
1.212 + EXPECT_EQ(0, num_names);
1.213 +}
1.214 +
1.215 +} // namespace sandbox
