security/sandbox/win/src/interceptors_64.h@6474c204b198
security/sandbox/win/src/interceptors_64.h
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sandbox/win/src/nt_internals.h"
6 #include "sandbox/win/src/sandbox_types.h"
8 #ifndef SANDBOX_SRC_INTERCEPTORS_64_H_
9 #define SANDBOX_SRC_INTERCEPTORS_64_H_
11 namespace sandbox {
13 extern "C" {
15 // Interception of NtMapViewOfSection on the child process.
16 // It should never be called directly. This function provides the means to
17 // detect dlls being loaded, so we can patch them if needed.
18 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtMapViewOfSection64(
19 HANDLE section, HANDLE process, PVOID *base, ULONG_PTR zero_bits,
20 SIZE_T commit_size, PLARGE_INTEGER offset, PSIZE_T view_size,
21 SECTION_INHERIT inherit, ULONG allocation_type, ULONG protect);
23 // Interception of NtUnmapViewOfSection on the child process.
24 // It should never be called directly. This function provides the means to
25 // detect dlls being unloaded, so we can clean up our interceptions.
26 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtUnmapViewOfSection64(HANDLE process,
27 PVOID base);
29 // -----------------------------------------------------------------------
30 // Interceptors without IPC.
32 // Interception of NtSetInformationThread on the child process.
33 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtSetInformationThread64(
34 HANDLE thread, NT_THREAD_INFORMATION_CLASS thread_info_class,
35 PVOID thread_information, ULONG thread_information_bytes);
37 // Interception of NtOpenThreadToken on the child process.
38 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThreadToken64(
39 HANDLE thread, ACCESS_MASK desired_access, BOOLEAN open_as_self,
40 PHANDLE token);
42 // Interception of NtOpenThreadTokenEx on the child process.
43 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThreadTokenEx64(
44 HANDLE thread, ACCESS_MASK desired_access, BOOLEAN open_as_self,
45 ULONG handle_attributes, PHANDLE token);
47 // Interception of CreateThread on the child process.
48 SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateThread64(
49 LPSECURITY_ATTRIBUTES thread_attributes, SIZE_T stack_size,
50 LPTHREAD_START_ROUTINE start_address, PVOID parameter,
51 DWORD creation_flags, LPDWORD thread_id);
53 // Interception of GetUserDefaultLCID on the child process.
54 SANDBOX_INTERCEPT LCID WINAPI TargetGetUserDefaultLCID64();
56 // -----------------------------------------------------------------------
57 // Interceptors handled by the file system dispatcher.
59 // Interception of NtCreateFile on the child process.
60 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateFile64(
61 PHANDLE file, ACCESS_MASK desired_access,
62 POBJECT_ATTRIBUTES object_attributes, PIO_STATUS_BLOCK io_status,
63 PLARGE_INTEGER allocation_size, ULONG file_attributes, ULONG sharing,
64 ULONG disposition, ULONG options, PVOID ea_buffer, ULONG ea_length);
66 // Interception of NtOpenFile on the child process.
67 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenFile64(
68 PHANDLE file, ACCESS_MASK desired_access,
69 POBJECT_ATTRIBUTES object_attributes, PIO_STATUS_BLOCK io_status,
70 ULONG sharing, ULONG options);
72 // Interception of NtQueryAtttributesFile on the child process.
73 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtQueryAttributesFile64(
74 POBJECT_ATTRIBUTES object_attributes,
75 PFILE_BASIC_INFORMATION file_attributes);
77 // Interception of NtQueryFullAtttributesFile on the child process.
78 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtQueryFullAttributesFile64(
79 POBJECT_ATTRIBUTES object_attributes,
80 PFILE_NETWORK_OPEN_INFORMATION file_attributes);
82 // Interception of NtSetInformationFile on the child process.
83 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtSetInformationFile64(
84 HANDLE file, PIO_STATUS_BLOCK io_status, PVOID file_information,
85 ULONG length, FILE_INFORMATION_CLASS file_information_class);
87 // -----------------------------------------------------------------------
88 // Interceptors handled by the named pipe dispatcher.
90 // Interception of CreateNamedPipeW in kernel32.dll
91 SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateNamedPipeW64(
92 LPCWSTR pipe_name, DWORD open_mode, DWORD pipe_mode, DWORD max_instance,
93 DWORD out_buffer_size, DWORD in_buffer_size, DWORD default_timeout,
94 LPSECURITY_ATTRIBUTES security_attributes);
96 // -----------------------------------------------------------------------
97 // Interceptors handled by the process-thread dispatcher.
99 // Interception of NtOpenThread on the child process.
100 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThread64(
101 PHANDLE thread, ACCESS_MASK desired_access,
102 POBJECT_ATTRIBUTES object_attributes, PCLIENT_ID client_id);
104 // Interception of NtOpenProcess on the child process.
105 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcess64(
106 PHANDLE process, ACCESS_MASK desired_access,
107 POBJECT_ATTRIBUTES object_attributes, PCLIENT_ID client_id);
109 // Interception of NtOpenProcessToken on the child process.
110 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessToken64(
111 HANDLE process, ACCESS_MASK desired_access, PHANDLE token);
113 // Interception of NtOpenProcessTokenEx on the child process.
114 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessTokenEx64(
115 HANDLE process, ACCESS_MASK desired_access, ULONG handle_attributes,
116 PHANDLE token);
118 // Interception of CreateProcessW in kernel32.dll.
119 SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessW64(
120 LPCWSTR application_name, LPWSTR command_line,
121 LPSECURITY_ATTRIBUTES process_attributes,
122 LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags,
123 LPVOID environment, LPCWSTR current_directory, LPSTARTUPINFOW startup_info,
124 LPPROCESS_INFORMATION process_information);
126 // Interception of CreateProcessA in kernel32.dll.
127 SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessA64(
128 LPCSTR application_name, LPSTR command_line,
129 LPSECURITY_ATTRIBUTES process_attributes,
130 LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags,
131 LPVOID environment, LPCSTR current_directory, LPSTARTUPINFOA startup_info,
132 LPPROCESS_INFORMATION process_information);
134 // -----------------------------------------------------------------------
135 // Interceptors handled by the registry dispatcher.
137 // Interception of NtCreateKey on the child process.
138 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateKey64(
139 PHANDLE key, ACCESS_MASK desired_access,
140 POBJECT_ATTRIBUTES object_attributes, ULONG title_index,
141 PUNICODE_STRING class_name, ULONG create_options, PULONG disposition);
143 // Interception of NtOpenKey on the child process.
144 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKey64(
145 PHANDLE key, ACCESS_MASK desired_access,
146 POBJECT_ATTRIBUTES object_attributes);
148 // Interception of NtOpenKeyEx on the child process.
149 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKeyEx64(
150 PHANDLE key, ACCESS_MASK desired_access,
151 POBJECT_ATTRIBUTES object_attributes, ULONG open_options);
153 // -----------------------------------------------------------------------
154 // Interceptors handled by the sync dispatcher.
156 // Interception of CreateEventW on the child process.
157 SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventW64(
158 LPSECURITY_ATTRIBUTES security_attributes, BOOL manual_reset,
159 BOOL initial_state, LPCWSTR name);
161 // Interception of OpenEventW on the child process.
162 SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventW64(
163 ACCESS_MASK desired_access, BOOL inherit_handle, LPCWSTR name);
165 } // extern "C"
167 } // namespace sandbox
169 #endif // SANDBOX_SRC_INTERCEPTORS_64_H_
