1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/sandbox/win/src/target_interceptions.cc Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,100 @@
1.4 +// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
1.5 +// Use of this source code is governed by a BSD-style license that can be
1.6 +// found in the LICENSE file.
1.7 +
1.8 +#include "sandbox/win/src/target_interceptions.h"
1.9 +
1.10 +#include "sandbox/win/src/interception_agent.h"
1.11 +#include "sandbox/win/src/sandbox_factory.h"
1.12 +#include "sandbox/win/src/sandbox_nt_util.h"
1.13 +#include "sandbox/win/src/target_services.h"
1.14 +
1.15 +namespace sandbox {
1.16 +
1.17 +SANDBOX_INTERCEPT NtExports g_nt;
1.18 +
1.19 +// Hooks NtMapViewOfSection to detect the load of DLLs. If hot patching is
1.20 +// required for this dll, this functions patches it.
1.21 +NTSTATUS WINAPI TargetNtMapViewOfSection(
1.22 + NtMapViewOfSectionFunction orig_MapViewOfSection, HANDLE section,
1.23 + HANDLE process, PVOID *base, ULONG_PTR zero_bits, SIZE_T commit_size,
1.24 + PLARGE_INTEGER offset, PSIZE_T view_size, SECTION_INHERIT inherit,
1.25 + ULONG allocation_type, ULONG protect) {
1.26 + NTSTATUS ret = orig_MapViewOfSection(section, process, base, zero_bits,
1.27 + commit_size, offset, view_size, inherit,
1.28 + allocation_type, protect);
1.29 +
1.30 + static int s_load_count = 0;
1.31 + if (1 == s_load_count) {
1.32 + SandboxFactory::GetTargetServices()->GetState()->SetKernel32Loaded();
1.33 + s_load_count = 2;
1.34 + }
1.35 +
1.36 + do {
1.37 + if (!NT_SUCCESS(ret))
1.38 + break;
1.39 +
1.40 + if (!InitHeap())
1.41 + break;
1.42 +
1.43 + if (!IsSameProcess(process))
1.44 + break;
1.45 +
1.46 + if (!IsValidImageSection(section, base, offset, view_size))
1.47 + break;
1.48 +
1.49 + UINT image_flags;
1.50 + UNICODE_STRING* module_name =
1.51 + GetImageInfoFromModule(reinterpret_cast<HMODULE>(*base), &image_flags);
1.52 + UNICODE_STRING* file_name = GetBackingFilePath(*base);
1.53 +
1.54 + if ((!module_name) && (image_flags & MODULE_HAS_CODE)) {
1.55 + // If the module has no exports we retrieve the module name from the
1.56 + // full path of the mapped section.
1.57 + module_name = ExtractModuleName(file_name);
1.58 + }
1.59 +
1.60 + InterceptionAgent* agent = InterceptionAgent::GetInterceptionAgent();
1.61 +
1.62 + if (agent) {
1.63 + if (!agent->OnDllLoad(file_name, module_name, *base)) {
1.64 + // Interception agent is demanding to un-map the module.
1.65 + g_nt.UnmapViewOfSection(process, *base);
1.66 + ret = STATUS_UNSUCCESSFUL;
1.67 + }
1.68 + }
1.69 +
1.70 + if (module_name)
1.71 + operator delete(module_name, NT_ALLOC);
1.72 +
1.73 + if (file_name)
1.74 + operator delete(file_name, NT_ALLOC);
1.75 +
1.76 + } while (false);
1.77 +
1.78 + if (!s_load_count)
1.79 + s_load_count = 1;
1.80 +
1.81 + return ret;
1.82 +}
1.83 +
1.84 +NTSTATUS WINAPI TargetNtUnmapViewOfSection(
1.85 + NtUnmapViewOfSectionFunction orig_UnmapViewOfSection, HANDLE process,
1.86 + PVOID base) {
1.87 + NTSTATUS ret = orig_UnmapViewOfSection(process, base);
1.88 +
1.89 + if (!NT_SUCCESS(ret))
1.90 + return ret;
1.91 +
1.92 + if (!IsSameProcess(process))
1.93 + return ret;
1.94 +
1.95 + InterceptionAgent* agent = InterceptionAgent::GetInterceptionAgent();
1.96 +
1.97 + if (agent)
1.98 + agent->OnDllUnload(base);
1.99 +
1.100 + return ret;
1.101 +}
1.102 +
1.103 +} // namespace sandbox
