michael@0: // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
michael@0: // Use of this source code is governed by a BSD-style license that can be
michael@0: // found in the LICENSE file.
michael@0: 
michael@0: #include "sandbox/win/src/resolver.h"
michael@0: 
michael@0: #include "sandbox/win/src/sandbox_nt_util.h"
michael@0: 
michael@0: namespace {
michael@0: 
michael@0: const BYTE kPushRax = 0x50;
michael@0: const USHORT kMovRax = 0xB848;
michael@0: const ULONG kMovRspRax = 0x24048948;
michael@0: const BYTE kRetNp = 0xC3;
michael@0: 
michael@0: #pragma pack(push, 1)
michael@0: struct InternalThunk {
michael@0:   // This struct contains roughly the following code:
michael@0:   // 00 50                    push  rax
michael@0:   // 01 48b8f0debc9a78563412  mov   rax,123456789ABCDEF0h
michael@0:   // 0b 48890424              mov   qword ptr [rsp],rax
michael@0:   // 0f c3                    ret
michael@0:   //
michael@0:   // The code modifies rax, but that should not be an issue for the common
michael@0:   // calling conventions.
michael@0: 
michael@0:   InternalThunk() {
michael@0:     push_rax = kPushRax;
michael@0:     mov_rax = kMovRax;
michael@0:     interceptor_function = 0;
michael@0:     mov_rsp_rax = kMovRspRax;
michael@0:     ret = kRetNp;
michael@0:   };
michael@0:   BYTE push_rax;        // = 50
michael@0:   USHORT mov_rax;       // = 48 B8
michael@0:   ULONG_PTR interceptor_function;
michael@0:   ULONG mov_rsp_rax;    // = 48 89 04 24
michael@0:   BYTE ret;             // = C3
michael@0: };
michael@0: #pragma pack(pop)
michael@0: 
michael@0: } // namespace.
michael@0: 
michael@0: namespace sandbox {
michael@0: 
michael@0: size_t ResolverThunk::GetInternalThunkSize() const {
michael@0:   return sizeof(InternalThunk);
michael@0: }
michael@0: 
michael@0: bool ResolverThunk::SetInternalThunk(void* storage, size_t storage_bytes,
michael@0:                                      const void* original_function,
michael@0:                                      const void* interceptor) {
michael@0:   if (storage_bytes < sizeof(InternalThunk))
michael@0:     return false;
michael@0: 
michael@0:   InternalThunk* thunk = new(storage, NT_PLACE) InternalThunk;
michael@0:   thunk->interceptor_function = reinterpret_cast<ULONG_PTR>(interceptor);
michael@0: 
michael@0:   return true;
michael@0: }
michael@0: 
michael@0: NTSTATUS ResolverThunk::ResolveTarget(const void* module,
michael@0:                                       const char* function_name,
michael@0:                                       void** address) {
michael@0:   // We don't support sidestep & co.
michael@0:   return STATUS_NOT_IMPLEMENTED;
michael@0: }
michael@0: 
michael@0: }  // namespace sandbox