1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/sandbox/win/src/process_thread_interception.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,101 @@
1.4 +// Copyright (c) 2006-2011 The Chromium Authors. All rights reserved.
1.5 +// Use of this source code is governed by a BSD-style license that can be
1.6 +// found in the LICENSE file.
1.7 +
1.8 +#include "sandbox/win/src/nt_internals.h"
1.9 +#include "sandbox/win/src/sandbox_types.h"
1.10 +
1.11 +#ifndef SANDBOX_SRC_PROCESS_THREAD_INTERCEPTION_H__
1.12 +#define SANDBOX_SRC_PROCESS_THREAD_INTERCEPTION_H__
1.13 +
1.14 +namespace sandbox {
1.15 +
1.16 +extern "C" {
1.17 +
1.18 +typedef BOOL (WINAPI *CreateProcessWFunction)(
1.19 + LPCWSTR lpApplicationName,
1.20 + LPWSTR lpCommandLine,
1.21 + LPSECURITY_ATTRIBUTES lpProcessAttributes,
1.22 + LPSECURITY_ATTRIBUTES lpThreadAttributes,
1.23 + BOOL bInheritHandles,
1.24 + DWORD dwCreationFlags,
1.25 + LPVOID lpEnvironment,
1.26 + LPCWSTR lpCurrentDirectory,
1.27 + LPSTARTUPINFOW lpStartupInfo,
1.28 + LPPROCESS_INFORMATION lpProcessInformation);
1.29 +
1.30 +typedef BOOL (WINAPI *CreateProcessAFunction)(
1.31 + LPCSTR lpApplicationName,
1.32 + LPSTR lpCommandLine,
1.33 + LPSECURITY_ATTRIBUTES lpProcessAttributes,
1.34 + LPSECURITY_ATTRIBUTES lpThreadAttributes,
1.35 + BOOL bInheritHandles,
1.36 + DWORD dwCreationFlags,
1.37 + LPVOID lpEnvironment,
1.38 + LPCSTR lpCurrentDirectory,
1.39 + LPSTARTUPINFOA lpStartupInfo,
1.40 + LPPROCESS_INFORMATION lpProcessInformation);
1.41 +
1.42 +typedef HANDLE (WINAPI *CreateThreadFunction)(
1.43 + LPSECURITY_ATTRIBUTES lpThreadAttributes,
1.44 + SIZE_T dwStackSize,
1.45 + LPTHREAD_START_ROUTINE lpStartAddress,
1.46 + PVOID lpParameter,
1.47 + DWORD dwCreationFlags,
1.48 + LPDWORD lpThreadId);
1.49 +
1.50 +typedef LCID (WINAPI *GetUserDefaultLCIDFunction)();
1.51 +
1.52 +// Interception of NtOpenThread on the child process.
1.53 +SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThread(
1.54 + NtOpenThreadFunction orig_OpenThread, PHANDLE thread,
1.55 + ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes,
1.56 + PCLIENT_ID client_id);
1.57 +
1.58 +// Interception of NtOpenProcess on the child process.
1.59 +SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcess(
1.60 + NtOpenProcessFunction orig_OpenProcess, PHANDLE process,
1.61 + ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes,
1.62 + PCLIENT_ID client_id);
1.63 +
1.64 +// Interception of NtOpenProcessToken on the child process.
1.65 +SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessToken(
1.66 + NtOpenProcessTokenFunction orig_OpenProcessToken, HANDLE process,
1.67 + ACCESS_MASK desired_access, PHANDLE token);
1.68 +
1.69 +// Interception of NtOpenProcessTokenEx on the child process.
1.70 +SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessTokenEx(
1.71 + NtOpenProcessTokenExFunction orig_OpenProcessTokenEx, HANDLE process,
1.72 + ACCESS_MASK desired_access, ULONG handle_attributes, PHANDLE token);
1.73 +
1.74 +// Interception of CreateProcessW and A in kernel32.dll.
1.75 +SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessW(
1.76 + CreateProcessWFunction orig_CreateProcessW, LPCWSTR application_name,
1.77 + LPWSTR command_line, LPSECURITY_ATTRIBUTES process_attributes,
1.78 + LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags,
1.79 + LPVOID environment, LPCWSTR current_directory, LPSTARTUPINFOW startup_info,
1.80 + LPPROCESS_INFORMATION process_information);
1.81 +
1.82 +SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessA(
1.83 + CreateProcessAFunction orig_CreateProcessA, LPCSTR application_name,
1.84 + LPSTR command_line, LPSECURITY_ATTRIBUTES process_attributes,
1.85 + LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags,
1.86 + LPVOID environment, LPCSTR current_directory, LPSTARTUPINFOA startup_info,
1.87 + LPPROCESS_INFORMATION process_information);
1.88 +
1.89 +// Interception of CreateThread in kernel32.dll.
1.90 +SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateThread(
1.91 + CreateThreadFunction orig_CreateThread,
1.92 + LPSECURITY_ATTRIBUTES thread_attributes, SIZE_T stack_size,
1.93 + LPTHREAD_START_ROUTINE start_address, PVOID parameter,
1.94 + DWORD creation_flags, LPDWORD thread_id);
1.95 +
1.96 +// Interception of GetUserDefaultLCID in kernel32.dll.
1.97 +SANDBOX_INTERCEPT LCID WINAPI TargetGetUserDefaultLCID(
1.98 + GetUserDefaultLCIDFunction orig_GetUserDefaultLCID);
1.99 +
1.100 +} // extern "C"
1.101 +
1.102 +} // namespace sandbox
1.103 +
1.104 +#endif // SANDBOX_SRC_PROCESS_THREAD_INTERCEPTION_H__
