michael@0: // Copyright (c) 2011 The Chromium Authors. All rights reserved. michael@0: // Use of this source code is governed by a BSD-style license that can be michael@0: // found in the LICENSE file. michael@0: michael@0: #include "sandbox/win/src/interceptors_64.h" michael@0: michael@0: #include "sandbox/win/src/interceptors.h" michael@0: #include "sandbox/win/src/filesystem_interception.h" michael@0: #include "sandbox/win/src/named_pipe_interception.h" michael@0: #include "sandbox/win/src/policy_target.h" michael@0: #include "sandbox/win/src/process_thread_interception.h" michael@0: #include "sandbox/win/src/registry_interception.h" michael@0: #include "sandbox/win/src/sandbox_nt_types.h" michael@0: #include "sandbox/win/src/sandbox_types.h" michael@0: #include "sandbox/win/src/sync_interception.h" michael@0: #include "sandbox/win/src/target_interceptions.h" michael@0: michael@0: namespace sandbox { michael@0: michael@0: SANDBOX_INTERCEPT NtExports g_nt; michael@0: SANDBOX_INTERCEPT OriginalFunctions g_originals; michael@0: michael@0: NTSTATUS WINAPI TargetNtMapViewOfSection64( michael@0: HANDLE section, HANDLE process, PVOID *base, ULONG_PTR zero_bits, michael@0: SIZE_T commit_size, PLARGE_INTEGER offset, PSIZE_T view_size, michael@0: SECTION_INHERIT inherit, ULONG allocation_type, ULONG protect) { michael@0: NtMapViewOfSectionFunction orig_fn = reinterpret_cast< michael@0: NtMapViewOfSectionFunction>(g_originals[MAP_VIEW_OF_SECTION_ID]); michael@0: michael@0: return TargetNtMapViewOfSection(orig_fn, section, process, base, zero_bits, michael@0: commit_size, offset, view_size, inherit, michael@0: allocation_type, protect); michael@0: } michael@0: michael@0: NTSTATUS WINAPI TargetNtUnmapViewOfSection64(HANDLE process, PVOID base) { michael@0: NtUnmapViewOfSectionFunction orig_fn = reinterpret_cast< michael@0: NtUnmapViewOfSectionFunction>(g_originals[UNMAP_VIEW_OF_SECTION_ID]); michael@0: return TargetNtUnmapViewOfSection(orig_fn, process, base); michael@0: } michael@0: michael@0: // ----------------------------------------------------------------------- michael@0: michael@0: NTSTATUS WINAPI TargetNtSetInformationThread64( michael@0: HANDLE thread, NT_THREAD_INFORMATION_CLASS thread_info_class, michael@0: PVOID thread_information, ULONG thread_information_bytes) { michael@0: NtSetInformationThreadFunction orig_fn = reinterpret_cast< michael@0: NtSetInformationThreadFunction>(g_originals[SET_INFORMATION_THREAD_ID]); michael@0: return TargetNtSetInformationThread(orig_fn, thread, thread_info_class, michael@0: thread_information, michael@0: thread_information_bytes); michael@0: } michael@0: michael@0: NTSTATUS WINAPI TargetNtOpenThreadToken64( michael@0: HANDLE thread, ACCESS_MASK desired_access, BOOLEAN open_as_self, michael@0: PHANDLE token) { michael@0: NtOpenThreadTokenFunction orig_fn = reinterpret_cast< michael@0: NtOpenThreadTokenFunction>(g_originals[OPEN_THREAD_TOKEN_ID]); michael@0: return TargetNtOpenThreadToken(orig_fn, thread, desired_access, open_as_self, michael@0: token); michael@0: } michael@0: michael@0: NTSTATUS WINAPI TargetNtOpenThreadTokenEx64( michael@0: HANDLE thread, ACCESS_MASK desired_access, BOOLEAN open_as_self, michael@0: ULONG handle_attributes, PHANDLE token) { michael@0: NtOpenThreadTokenExFunction orig_fn = reinterpret_cast< michael@0: NtOpenThreadTokenExFunction>(g_originals[OPEN_THREAD_TOKEN_EX_ID]); michael@0: return TargetNtOpenThreadTokenEx(orig_fn, thread, desired_access, michael@0: open_as_self, handle_attributes, token); michael@0: } michael@0: michael@0: HANDLE WINAPI TargetCreateThread64( michael@0: LPSECURITY_ATTRIBUTES thread_attributes, SIZE_T stack_size, michael@0: LPTHREAD_START_ROUTINE start_address, PVOID parameter, DWORD creation_flags, michael@0: LPDWORD thread_id) { michael@0: CreateThreadFunction orig_fn = reinterpret_cast< michael@0: CreateThreadFunction>(g_originals[CREATE_THREAD_ID]); michael@0: return TargetCreateThread(orig_fn, thread_attributes, stack_size, michael@0: start_address, parameter, creation_flags, michael@0: thread_id); michael@0: } michael@0: michael@0: LCID WINAPI TargetGetUserDefaultLCID64(void) { michael@0: GetUserDefaultLCIDFunction orig_fn = reinterpret_cast< michael@0: GetUserDefaultLCIDFunction>(g_originals[GET_USER_DEFAULT_LCID_ID]); michael@0: return TargetGetUserDefaultLCID(orig_fn); michael@0: } michael@0: michael@0: // ----------------------------------------------------------------------- michael@0: michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateFile64( michael@0: PHANDLE file, ACCESS_MASK desired_access, michael@0: POBJECT_ATTRIBUTES object_attributes, PIO_STATUS_BLOCK io_status, michael@0: PLARGE_INTEGER allocation_size, ULONG file_attributes, ULONG sharing, michael@0: ULONG disposition, ULONG options, PVOID ea_buffer, ULONG ea_length) { michael@0: NtCreateFileFunction orig_fn = reinterpret_cast< michael@0: NtCreateFileFunction>(g_originals[CREATE_FILE_ID]); michael@0: return TargetNtCreateFile(orig_fn, file, desired_access, object_attributes, michael@0: io_status, allocation_size, file_attributes, michael@0: sharing, disposition, options, ea_buffer, michael@0: ea_length); michael@0: } michael@0: michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenFile64( michael@0: PHANDLE file, ACCESS_MASK desired_access, michael@0: POBJECT_ATTRIBUTES object_attributes, PIO_STATUS_BLOCK io_status, michael@0: ULONG sharing, ULONG options) { michael@0: NtOpenFileFunction orig_fn = reinterpret_cast< michael@0: NtOpenFileFunction>(g_originals[OPEN_FILE_ID]); michael@0: return TargetNtOpenFile(orig_fn, file, desired_access, object_attributes, michael@0: io_status, sharing, options); michael@0: } michael@0: michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtQueryAttributesFile64( michael@0: POBJECT_ATTRIBUTES object_attributes, michael@0: PFILE_BASIC_INFORMATION file_attributes) { michael@0: NtQueryAttributesFileFunction orig_fn = reinterpret_cast< michael@0: NtQueryAttributesFileFunction>(g_originals[QUERY_ATTRIB_FILE_ID]); michael@0: return TargetNtQueryAttributesFile(orig_fn, object_attributes, michael@0: file_attributes); michael@0: } michael@0: michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtQueryFullAttributesFile64( michael@0: POBJECT_ATTRIBUTES object_attributes, michael@0: PFILE_NETWORK_OPEN_INFORMATION file_attributes) { michael@0: NtQueryFullAttributesFileFunction orig_fn = reinterpret_cast< michael@0: NtQueryFullAttributesFileFunction>( michael@0: g_originals[QUERY_FULL_ATTRIB_FILE_ID]); michael@0: return TargetNtQueryFullAttributesFile(orig_fn, object_attributes, michael@0: file_attributes); michael@0: } michael@0: michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtSetInformationFile64( michael@0: HANDLE file, PIO_STATUS_BLOCK io_status, PVOID file_information, michael@0: ULONG length, FILE_INFORMATION_CLASS file_information_class) { michael@0: NtSetInformationFileFunction orig_fn = reinterpret_cast< michael@0: NtSetInformationFileFunction>(g_originals[SET_INFO_FILE_ID]); michael@0: return TargetNtSetInformationFile(orig_fn, file, io_status, file_information, michael@0: length, file_information_class); michael@0: } michael@0: michael@0: // ----------------------------------------------------------------------- michael@0: michael@0: SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateNamedPipeW64( michael@0: LPCWSTR pipe_name, DWORD open_mode, DWORD pipe_mode, DWORD max_instance, michael@0: DWORD out_buffer_size, DWORD in_buffer_size, DWORD default_timeout, michael@0: LPSECURITY_ATTRIBUTES security_attributes) { michael@0: CreateNamedPipeWFunction orig_fn = reinterpret_cast< michael@0: CreateNamedPipeWFunction>(g_originals[CREATE_NAMED_PIPE_ID]); michael@0: return TargetCreateNamedPipeW(orig_fn, pipe_name, open_mode, pipe_mode, michael@0: max_instance, out_buffer_size, in_buffer_size, michael@0: default_timeout, security_attributes); michael@0: } michael@0: michael@0: // ----------------------------------------------------------------------- michael@0: michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThread64( michael@0: PHANDLE thread, ACCESS_MASK desired_access, michael@0: POBJECT_ATTRIBUTES object_attributes, PCLIENT_ID client_id) { michael@0: NtOpenThreadFunction orig_fn = reinterpret_cast< michael@0: NtOpenThreadFunction>(g_originals[OPEN_TREAD_ID]); michael@0: return TargetNtOpenThread(orig_fn, thread, desired_access, object_attributes, michael@0: client_id); michael@0: } michael@0: michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcess64( michael@0: PHANDLE process, ACCESS_MASK desired_access, michael@0: POBJECT_ATTRIBUTES object_attributes, PCLIENT_ID client_id) { michael@0: NtOpenProcessFunction orig_fn = reinterpret_cast< michael@0: NtOpenProcessFunction>(g_originals[OPEN_PROCESS_ID]); michael@0: return TargetNtOpenProcess(orig_fn, process, desired_access, michael@0: object_attributes, client_id); michael@0: } michael@0: michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessToken64( michael@0: HANDLE process, ACCESS_MASK desired_access, PHANDLE token) { michael@0: NtOpenProcessTokenFunction orig_fn = reinterpret_cast< michael@0: NtOpenProcessTokenFunction>(g_originals[OPEN_PROCESS_TOKEN_ID]); michael@0: return TargetNtOpenProcessToken(orig_fn, process, desired_access, token); michael@0: } michael@0: michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessTokenEx64( michael@0: HANDLE process, ACCESS_MASK desired_access, ULONG handle_attributes, michael@0: PHANDLE token) { michael@0: NtOpenProcessTokenExFunction orig_fn = reinterpret_cast< michael@0: NtOpenProcessTokenExFunction>(g_originals[OPEN_PROCESS_TOKEN_EX_ID]); michael@0: return TargetNtOpenProcessTokenEx(orig_fn, process, desired_access, michael@0: handle_attributes, token); michael@0: } michael@0: michael@0: SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessW64( michael@0: LPCWSTR application_name, LPWSTR command_line, michael@0: LPSECURITY_ATTRIBUTES process_attributes, michael@0: LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags, michael@0: LPVOID environment, LPCWSTR current_directory, LPSTARTUPINFOW startup_info, michael@0: LPPROCESS_INFORMATION process_information) { michael@0: CreateProcessWFunction orig_fn = reinterpret_cast< michael@0: CreateProcessWFunction>(g_originals[CREATE_PROCESSW_ID]); michael@0: return TargetCreateProcessW(orig_fn, application_name, command_line, michael@0: process_attributes, thread_attributes, michael@0: inherit_handles, flags, environment, michael@0: current_directory, startup_info, michael@0: process_information); michael@0: } michael@0: michael@0: SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessA64( michael@0: LPCSTR application_name, LPSTR command_line, michael@0: LPSECURITY_ATTRIBUTES process_attributes, michael@0: LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags, michael@0: LPVOID environment, LPCSTR current_directory, LPSTARTUPINFOA startup_info, michael@0: LPPROCESS_INFORMATION process_information) { michael@0: CreateProcessAFunction orig_fn = reinterpret_cast< michael@0: CreateProcessAFunction>(g_originals[CREATE_PROCESSA_ID]); michael@0: return TargetCreateProcessA(orig_fn, application_name, command_line, michael@0: process_attributes, thread_attributes, michael@0: inherit_handles, flags, environment, michael@0: current_directory, startup_info, michael@0: process_information); michael@0: } michael@0: michael@0: // ----------------------------------------------------------------------- michael@0: michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateKey64( michael@0: PHANDLE key, ACCESS_MASK desired_access, michael@0: POBJECT_ATTRIBUTES object_attributes, ULONG title_index, michael@0: PUNICODE_STRING class_name, ULONG create_options, PULONG disposition) { michael@0: NtCreateKeyFunction orig_fn = reinterpret_cast< michael@0: NtCreateKeyFunction>(g_originals[CREATE_KEY_ID]); michael@0: return TargetNtCreateKey(orig_fn, key, desired_access, object_attributes, michael@0: title_index, class_name, create_options, michael@0: disposition); michael@0: } michael@0: michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKey64( michael@0: PHANDLE key, ACCESS_MASK desired_access, michael@0: POBJECT_ATTRIBUTES object_attributes) { michael@0: NtOpenKeyFunction orig_fn = reinterpret_cast< michael@0: NtOpenKeyFunction>(g_originals[OPEN_KEY_ID]); michael@0: return TargetNtOpenKey(orig_fn, key, desired_access, object_attributes); michael@0: } michael@0: michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKeyEx64( michael@0: PHANDLE key, ACCESS_MASK desired_access, michael@0: POBJECT_ATTRIBUTES object_attributes, ULONG open_options) { michael@0: NtOpenKeyExFunction orig_fn = reinterpret_cast< michael@0: NtOpenKeyExFunction>(g_originals[OPEN_KEY_EX_ID]); michael@0: return TargetNtOpenKeyEx(orig_fn, key, desired_access, object_attributes, michael@0: open_options); michael@0: } michael@0: michael@0: // ----------------------------------------------------------------------- michael@0: michael@0: SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventW64( michael@0: LPSECURITY_ATTRIBUTES security_attributes, BOOL manual_reset, michael@0: BOOL initial_state, LPCWSTR name) { michael@0: CreateEventWFunction orig_fn = reinterpret_cast< michael@0: CreateEventWFunction>(g_originals[CREATE_EVENT_ID]); michael@0: return TargetCreateEventW(orig_fn, security_attributes, manual_reset, michael@0: initial_state, name); michael@0: } michael@0: michael@0: SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventW64( michael@0: ACCESS_MASK desired_access, BOOL inherit_handle, LPCWSTR name) { michael@0: OpenEventWFunction orig_fn = reinterpret_cast< michael@0: OpenEventWFunction>(g_originals[OPEN_EVENT_ID]); michael@0: return TargetOpenEventW(orig_fn, desired_access, inherit_handle, name); michael@0: } michael@0: michael@0: } // namespace sandbox