michael@0: // Copyright (c) 2011 The Chromium Authors. All rights reserved. michael@0: // Use of this source code is governed by a BSD-style license that can be michael@0: // found in the LICENSE file. michael@0: michael@0: // This file contains unit tests for InterceptionManager. michael@0: // The tests require private information so the whole interception.cc file is michael@0: // included from this file. michael@0: michael@0: #include michael@0: michael@0: #include "base/memory/scoped_ptr.h" michael@0: #include "sandbox/win/src/interception.h" michael@0: #include "sandbox/win/src/interceptors.h" michael@0: #include "sandbox/win/src/interception_internal.h" michael@0: #include "sandbox/win/src/target_process.h" michael@0: #include "testing/gtest/include/gtest/gtest.h" michael@0: michael@0: namespace sandbox { michael@0: michael@0: // Walks the settings buffer, verifying that the values make sense and counting michael@0: // objects. michael@0: // Arguments: michael@0: // buffer (in): the buffer to walk. michael@0: // size (in): buffer size michael@0: // num_dlls (out): count of the dlls on the buffer. michael@0: // num_function (out): count of intercepted functions. michael@0: // num_names (out): count of named interceptor functions. michael@0: void WalkBuffer(void* buffer, size_t size, int* num_dlls, int* num_functions, michael@0: int* num_names) { michael@0: ASSERT_TRUE(NULL != buffer); michael@0: ASSERT_TRUE(NULL != num_functions); michael@0: ASSERT_TRUE(NULL != num_names); michael@0: *num_dlls = *num_functions = *num_names = 0; michael@0: SharedMemory *memory = reinterpret_cast(buffer); michael@0: michael@0: ASSERT_GT(size, sizeof(SharedMemory)); michael@0: DllPatchInfo *dll = &memory->dll_list[0]; michael@0: michael@0: for (int i = 0; i < memory->num_intercepted_dlls; i++) { michael@0: ASSERT_NE(0u, wcslen(dll->dll_name)); michael@0: ASSERT_EQ(0u, dll->record_bytes % sizeof(size_t)); michael@0: ASSERT_EQ(0u, dll->offset_to_functions % sizeof(size_t)); michael@0: ASSERT_NE(0, dll->num_functions); michael@0: michael@0: FunctionInfo *function = reinterpret_cast( michael@0: reinterpret_cast(dll) + dll->offset_to_functions); michael@0: michael@0: for (int j = 0; j < dll->num_functions; j++) { michael@0: ASSERT_EQ(0u, function->record_bytes % sizeof(size_t)); michael@0: michael@0: char* name = function->function; michael@0: size_t length = strlen(name); michael@0: ASSERT_NE(0u, length); michael@0: name += length + 1; michael@0: michael@0: // look for overflows michael@0: ASSERT_GT(reinterpret_cast(buffer) + size, name + strlen(name)); michael@0: michael@0: // look for a named interceptor michael@0: if (strlen(name)) { michael@0: (*num_names)++; michael@0: EXPECT_TRUE(NULL == function->interceptor_address); michael@0: } else { michael@0: EXPECT_TRUE(NULL != function->interceptor_address); michael@0: } michael@0: michael@0: (*num_functions)++; michael@0: function = reinterpret_cast( michael@0: reinterpret_cast(function) + function->record_bytes); michael@0: } michael@0: michael@0: (*num_dlls)++; michael@0: dll = reinterpret_cast(reinterpret_cast(dll) + michael@0: dll->record_bytes); michael@0: } michael@0: } michael@0: michael@0: TEST(InterceptionManagerTest, BufferLayout1) { michael@0: wchar_t exe_name[MAX_PATH]; michael@0: ASSERT_NE(0u, GetModuleFileName(NULL, exe_name, MAX_PATH - 1)); michael@0: michael@0: TargetProcess *target = MakeTestTargetProcess(::GetCurrentProcess(), michael@0: ::GetModuleHandle(exe_name)); michael@0: michael@0: InterceptionManager interceptions(target, true); michael@0: michael@0: // Any pointer will do for a function pointer. michael@0: void* function = &interceptions; michael@0: michael@0: // We don't care about the interceptor id. michael@0: interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtCreateFile", michael@0: INTERCEPTION_SERVICE_CALL, function, michael@0: OPEN_KEY_ID); michael@0: interceptions.AddToPatchedFunctions(L"kernel32.dll", "CreateFileEx", michael@0: INTERCEPTION_EAT, function, OPEN_KEY_ID); michael@0: interceptions.AddToPatchedFunctions(L"kernel32.dll", "SomeFileEx", michael@0: INTERCEPTION_SMART_SIDESTEP, function, michael@0: OPEN_KEY_ID); michael@0: interceptions.AddToPatchedFunctions(L"user32.dll", "FindWindow", michael@0: INTERCEPTION_EAT, function, OPEN_KEY_ID); michael@0: interceptions.AddToPatchedFunctions(L"kernel32.dll", "CreateMutex", michael@0: INTERCEPTION_EAT, function, OPEN_KEY_ID); michael@0: interceptions.AddToPatchedFunctions(L"user32.dll", "PostMsg", michael@0: INTERCEPTION_EAT, function, OPEN_KEY_ID); michael@0: interceptions.AddToPatchedFunctions(L"user32.dll", "PostMsg", michael@0: INTERCEPTION_EAT, "replacement", michael@0: OPEN_KEY_ID); michael@0: interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg", michael@0: INTERCEPTION_EAT, function, OPEN_KEY_ID); michael@0: interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtClose", michael@0: INTERCEPTION_SERVICE_CALL, function, michael@0: OPEN_KEY_ID); michael@0: interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtOpenFile", michael@0: INTERCEPTION_SIDESTEP, function, michael@0: OPEN_KEY_ID); michael@0: interceptions.AddToPatchedFunctions(L"some.dll", "Superfn", michael@0: INTERCEPTION_EAT, function, OPEN_KEY_ID); michael@0: interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg", michael@0: INTERCEPTION_EAT, "a", OPEN_KEY_ID); michael@0: interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg", michael@0: INTERCEPTION_SIDESTEP, "ab", OPEN_KEY_ID); michael@0: interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg", michael@0: INTERCEPTION_EAT, "abc", OPEN_KEY_ID); michael@0: interceptions.AddToPatchedFunctions(L"a.dll", "p", michael@0: INTERCEPTION_EAT, function, OPEN_KEY_ID); michael@0: interceptions.AddToPatchedFunctions(L"b.dll", michael@0: "TheIncredibleCallToSaveTheWorld", michael@0: INTERCEPTION_EAT, function, OPEN_KEY_ID); michael@0: interceptions.AddToPatchedFunctions(L"a.dll", "BIsLame", michael@0: INTERCEPTION_EAT, function, OPEN_KEY_ID); michael@0: interceptions.AddToPatchedFunctions(L"a.dll", "ARules", michael@0: INTERCEPTION_EAT, function, OPEN_KEY_ID); michael@0: michael@0: // Verify that all interceptions were added michael@0: ASSERT_EQ(18, interceptions.interceptions_.size()); michael@0: michael@0: size_t buffer_size = interceptions.GetBufferSize(); michael@0: scoped_ptr local_buffer(new BYTE[buffer_size]); michael@0: michael@0: ASSERT_TRUE(interceptions.SetupConfigBuffer(local_buffer.get(), michael@0: buffer_size)); michael@0: michael@0: // At this point, the interceptions should have been separated into two michael@0: // groups: one group with the local ("cold") interceptions, consisting of michael@0: // everything from ntdll and stuff set as INTRECEPTION_SERVICE_CALL, and michael@0: // another group with the interceptions belonging to dlls that will be "hot" michael@0: // patched on the client. The second group lives on local_buffer, and the michael@0: // first group remains on the list of interceptions (inside the object michael@0: // "interceptions"). There are 3 local interceptions (of ntdll); the michael@0: // other 15 have to be sent to the child to be performed "hot". michael@0: EXPECT_EQ(3, interceptions.interceptions_.size()); michael@0: michael@0: int num_dlls, num_functions, num_names; michael@0: WalkBuffer(local_buffer.get(), buffer_size, &num_dlls, &num_functions, michael@0: &num_names); michael@0: michael@0: // The 15 interceptions on the buffer (to the child) should be grouped on 6 michael@0: // dlls. Only four interceptions are using an explicit name for the michael@0: // interceptor function. michael@0: EXPECT_EQ(6, num_dlls); michael@0: EXPECT_EQ(15, num_functions); michael@0: EXPECT_EQ(4, num_names); michael@0: } michael@0: michael@0: TEST(InterceptionManagerTest, BufferLayout2) { michael@0: wchar_t exe_name[MAX_PATH]; michael@0: ASSERT_NE(0u, GetModuleFileName(NULL, exe_name, MAX_PATH - 1)); michael@0: michael@0: TargetProcess *target = MakeTestTargetProcess(::GetCurrentProcess(), michael@0: ::GetModuleHandle(exe_name)); michael@0: michael@0: InterceptionManager interceptions(target, true); michael@0: michael@0: // Any pointer will do for a function pointer. michael@0: void* function = &interceptions; michael@0: interceptions.AddToUnloadModules(L"some01.dll"); michael@0: // We don't care about the interceptor id. michael@0: interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtCreateFile", michael@0: INTERCEPTION_SERVICE_CALL, function, michael@0: OPEN_FILE_ID); michael@0: interceptions.AddToPatchedFunctions(L"kernel32.dll", "CreateFileEx", michael@0: INTERCEPTION_EAT, function, OPEN_FILE_ID); michael@0: interceptions.AddToUnloadModules(L"some02.dll"); michael@0: interceptions.AddToPatchedFunctions(L"kernel32.dll", "SomeFileEx", michael@0: INTERCEPTION_SMART_SIDESTEP, function, michael@0: OPEN_FILE_ID); michael@0: // Verify that all interceptions were added michael@0: ASSERT_EQ(5, interceptions.interceptions_.size()); michael@0: michael@0: size_t buffer_size = interceptions.GetBufferSize(); michael@0: scoped_ptr local_buffer(new BYTE[buffer_size]); michael@0: michael@0: ASSERT_TRUE(interceptions.SetupConfigBuffer(local_buffer.get(), michael@0: buffer_size)); michael@0: michael@0: // At this point, the interceptions should have been separated into two michael@0: // groups: one group with the local ("cold") interceptions, and another michael@0: // group with the interceptions belonging to dlls that will be "hot" michael@0: // patched on the client. The second group lives on local_buffer, and the michael@0: // first group remains on the list of interceptions, in this case just one. michael@0: EXPECT_EQ(1, interceptions.interceptions_.size()); michael@0: michael@0: int num_dlls, num_functions, num_names; michael@0: WalkBuffer(local_buffer.get(), buffer_size, &num_dlls, &num_functions, michael@0: &num_names); michael@0: michael@0: EXPECT_EQ(3, num_dlls); michael@0: EXPECT_EQ(4, num_functions); michael@0: EXPECT_EQ(0, num_names); michael@0: } michael@0: michael@0: } // namespace sandbox