The Tor Browser / file revision

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.

 // Use of this source code is governed by a BSD-style license that can be

 // found in the LICENSE file.

 #include "sandbox/win/src/sidestep_resolver.h"

 #include "base/win/pe_image.h"

 #include "sandbox/win/src/sandbox_nt_util.h"

 #include "sandbox/win/src/sidestep/preamble_patcher.h"

 namespace {

 const size_t kSizeOfSidestepStub = sidestep::kMaxPreambleStubSize;

 struct SidestepThunk {

   char sidestep[kSizeOfSidestepStub];  // Storage for the sidestep stub.

   int internal_thunk;  // Dummy member to the beginning of the internal thunk.

 };

 struct SmartThunk {

   const void* module_base;  // Target module's base.

   const void* interceptor;  // Real interceptor.

   SidestepThunk sidestep;  // Standard sidestep thunk.

 };

 }  // namespace

 namespace sandbox {

 NTSTATUS SidestepResolverThunk::Setup(const void* target_module,

                                       const void* interceptor_module,

                                       const char* target_name,

                                       const char* interceptor_name,

                                       const void* interceptor_entry_point,

                                       void* thunk_storage,

                                       size_t storage_bytes,

                                       size_t* storage_used) {

   NTSTATUS ret = Init(target_module, interceptor_module, target_name,

                       interceptor_name, interceptor_entry_point,

                       thunk_storage, storage_bytes);

   if (!NT_SUCCESS(ret))

     return ret;

   SidestepThunk* thunk = reinterpret_cast<SidestepThunk*>(thunk_storage);

   size_t internal_bytes = storage_bytes - kSizeOfSidestepStub;

   if (!SetInternalThunk(&thunk->internal_thunk, internal_bytes, thunk_storage,

                         interceptor_))

     return STATUS_BUFFER_TOO_SMALL;

   AutoProtectMemory memory;

   ret = memory.ChangeProtection(target_, kSizeOfSidestepStub, PAGE_READWRITE);

   if (!NT_SUCCESS(ret))

     return ret;

   sidestep::SideStepError rv = sidestep::PreamblePatcher::Patch(

       target_, reinterpret_cast<void*>(&thunk->internal_thunk), thunk_storage,

       kSizeOfSidestepStub);

   if (sidestep::SIDESTEP_INSUFFICIENT_BUFFER == rv)

     return STATUS_BUFFER_TOO_SMALL;

   if (sidestep::SIDESTEP_SUCCESS != rv)

     return STATUS_UNSUCCESSFUL;

   if (storage_used)

     *storage_used = GetThunkSize();

   return ret;

 }

 size_t SidestepResolverThunk::GetThunkSize() const {

   return GetInternalThunkSize() + kSizeOfSidestepStub;

 }

 // This is basically a wrapper around the normal sidestep patch that extends

 // the thunk to use a chained interceptor. It uses the fact that

 // SetInternalThunk generates the code to pass as the first parameter whatever

 // it receives as original_function; we let SidestepResolverThunk set this value

 // to its saved code, and then we change it to our thunk data.

 NTSTATUS SmartSidestepResolverThunk::Setup(const void* target_module,

                                            const void* interceptor_module,

                                            const char* target_name,

                                            const char* interceptor_name,

                                            const void* interceptor_entry_point,

                                            void* thunk_storage,

                                            size_t storage_bytes,

                                            size_t* storage_used) {

   if (storage_bytes < GetThunkSize())

     return STATUS_BUFFER_TOO_SMALL;

   SmartThunk* thunk = reinterpret_cast<SmartThunk*>(thunk_storage);

   thunk->module_base = target_module;

   NTSTATUS ret;

   if (interceptor_entry_point) {

     thunk->interceptor = interceptor_entry_point;

   } else {

     ret = ResolveInterceptor(interceptor_module, interceptor_name,

                              &thunk->interceptor);

     if (!NT_SUCCESS(ret))

       return ret;

   }

   // Perform a standard sidestep patch on the last part of the thunk, but point

   // to our internal smart interceptor.

   size_t standard_bytes = storage_bytes - offsetof(SmartThunk, sidestep);

   ret = SidestepResolverThunk::Setup(target_module, interceptor_module,

                                      target_name, NULL, &SmartStub,

                                      &thunk->sidestep, standard_bytes, NULL);

   if (!NT_SUCCESS(ret))

     return ret;

   // Fix the internal thunk to pass the whole buffer to the interceptor.

   SetInternalThunk(&thunk->sidestep.internal_thunk, GetInternalThunkSize(),

                    thunk_storage, &SmartStub);

   if (storage_used)

     *storage_used = GetThunkSize();

   return ret;

 }

 size_t SmartSidestepResolverThunk::GetThunkSize() const {

   return GetInternalThunkSize() + kSizeOfSidestepStub +

          offsetof(SmartThunk, sidestep);

 }

 // This code must basically either call the intended interceptor or skip the

 // call and invoke instead the original function. In any case, we are saving

 // the registers that may be trashed by our c++ code.

 //

 // This function is called with a first parameter inserted by us, that points

 // to our SmartThunk. When we call the interceptor we have to replace this

 // parameter with the one expected by that function (stored inside our

 // structure); on the other hand, when we skip the interceptor we have to remove

 // that extra argument before calling the original function.

 //

 // When we skip the interceptor, the transformation of the stack looks like:

 //  On Entry:                         On Use:                     On Exit:

 //  [param 2] = first real argument   [param 2] (esp+1c)          [param 2]

 //  [param 1] = our SmartThunk        [param 1] (esp+18)          [ret address]

 //  [ret address] = real caller       [ret address] (esp+14)      [xxx]

 //  [xxx]                             [addr to jump to] (esp+10)  [xxx]

 //  [xxx]                             [saved eax]                 [xxx]

 //  [xxx]                             [saved ebx]                 [xxx]

 //  [xxx]                             [saved ecx]                 [xxx]

 //  [xxx]                             [saved edx]                 [xxx]

 __declspec(naked)

 void SmartSidestepResolverThunk::SmartStub() {

   __asm {

     push eax                  // Space for the jump.

     push eax                  // Save registers.

     push ebx

     push ecx

     push edx

     mov ebx, [esp + 0x18]     // First parameter = SmartThunk.

     mov edx, [esp + 0x14]     // Get the return address.

     mov eax, [ebx]SmartThunk.module_base

     push edx

     push eax

     call SmartSidestepResolverThunk::IsInternalCall

     add esp, 8

     test eax, eax

     lea edx, [ebx]SmartThunk.sidestep   // The original function.

     jz call_interceptor

     // Skip this call

     mov ecx, [esp + 0x14]               // Return address.

     mov [esp + 0x18], ecx               // Remove first parameter.

     mov [esp + 0x10], edx

     pop edx                             // Restore registers.

     pop ecx

     pop ebx

     pop eax

     ret 4                               // Jump to original function.

   call_interceptor:

     mov ecx, [ebx]SmartThunk.interceptor

     mov [esp + 0x18], edx               // Replace first parameter.

     mov [esp + 0x10], ecx

     pop edx                             // Restore registers.

     pop ecx

     pop ebx

     pop eax

     ret                                 // Jump to original function.

   }

 }

 bool SmartSidestepResolverThunk::IsInternalCall(const void* base,

                                                 void* return_address) {

   DCHECK_NT(base);

   DCHECK_NT(return_address);

   base::win::PEImage pe(base);

   if (pe.GetImageSectionFromAddr(return_address))

     return true;

   return false;

 }

 }  // namespace sandbox