michael@0: // Copyright (c) 2012 The Chromium Authors. All rights reserved. michael@0: // Use of this source code is governed by a BSD-style license that can be michael@0: // found in the LICENSE file. michael@0: michael@0: #ifndef SANDBOX_SRC_SERVICE_RESOLVER_H__ michael@0: #define SANDBOX_SRC_SERVICE_RESOLVER_H__ michael@0: michael@0: #include "sandbox/win/src/nt_internals.h" michael@0: #include "sandbox/win/src/resolver.h" michael@0: michael@0: namespace sandbox { michael@0: michael@0: // This is the concrete resolver used to perform service-call type functions michael@0: // inside ntdll.dll. michael@0: class ServiceResolverThunk : public ResolverThunk { michael@0: public: michael@0: // The service resolver needs a child process to write to. michael@0: ServiceResolverThunk(HANDLE process, bool relaxed) michael@0: : process_(process), ntdll_base_(NULL), win2k_(false), michael@0: relaxed_(relaxed), relative_jump_(0) {} michael@0: virtual ~ServiceResolverThunk() {} michael@0: michael@0: // Implementation of Resolver::Setup. michael@0: virtual NTSTATUS Setup(const void* target_module, michael@0: const void* interceptor_module, michael@0: const char* target_name, michael@0: const char* interceptor_name, michael@0: const void* interceptor_entry_point, michael@0: void* thunk_storage, michael@0: size_t storage_bytes, michael@0: size_t* storage_used); michael@0: michael@0: // Implementation of Resolver::ResolveInterceptor. michael@0: virtual NTSTATUS ResolveInterceptor(const void* module, michael@0: const char* function_name, michael@0: const void** address); michael@0: michael@0: // Implementation of Resolver::ResolveTarget. michael@0: virtual NTSTATUS ResolveTarget(const void* module, michael@0: const char* function_name, michael@0: void** address); michael@0: michael@0: // Implementation of Resolver::GetThunkSize. michael@0: virtual size_t GetThunkSize() const; michael@0: michael@0: protected: michael@0: // The unit test will use this member to allow local patch on a buffer. michael@0: HMODULE ntdll_base_; michael@0: michael@0: // Handle of the child process. michael@0: HANDLE process_; michael@0: michael@0: protected: michael@0: // Keeps track of a Windows 2000 resolver. michael@0: bool win2k_; michael@0: michael@0: private: michael@0: // Returns true if the code pointer by target_ corresponds to the expected michael@0: // type of function. Saves that code on the first part of the thunk pointed michael@0: // by local_thunk (should be directly accessible from the parent). michael@0: virtual bool IsFunctionAService(void* local_thunk) const; michael@0: michael@0: // Performs the actual patch of target_. michael@0: // local_thunk must be already fully initialized, and the first part must michael@0: // contain the original code. The real type of this buffer is ServiceFullThunk michael@0: // (yes, private). remote_thunk (real type ServiceFullThunk), must be michael@0: // allocated on the child, and will contain the thunk data, after this call. michael@0: // Returns the apropriate status code. michael@0: virtual NTSTATUS PerformPatch(void* local_thunk, void* remote_thunk); michael@0: michael@0: // Provides basically the same functionality as IsFunctionAService but it michael@0: // continues even if it does not recognize the function code. remote_thunk michael@0: // is the address of our memory on the child. michael@0: bool SaveOriginalFunction(void* local_thunk, void* remote_thunk); michael@0: michael@0: // true if we are allowed to patch already-patched functions. michael@0: bool relaxed_; michael@0: ULONG relative_jump_; michael@0: michael@0: DISALLOW_COPY_AND_ASSIGN(ServiceResolverThunk); michael@0: }; michael@0: michael@0: // This is the concrete resolver used to perform service-call type functions michael@0: // inside ntdll.dll on WOW64 (32 bit ntdll on 64 bit Vista). michael@0: class Wow64ResolverThunk : public ServiceResolverThunk { michael@0: public: michael@0: // The service resolver needs a child process to write to. michael@0: Wow64ResolverThunk(HANDLE process, bool relaxed) michael@0: : ServiceResolverThunk(process, relaxed) {} michael@0: virtual ~Wow64ResolverThunk() {} michael@0: michael@0: private: michael@0: virtual bool IsFunctionAService(void* local_thunk) const; michael@0: michael@0: DISALLOW_COPY_AND_ASSIGN(Wow64ResolverThunk); michael@0: }; michael@0: michael@0: // This is the concrete resolver used to perform service-call type functions michael@0: // inside ntdll.dll on WOW64 for Windows 8. michael@0: class Wow64W8ResolverThunk : public ServiceResolverThunk { michael@0: public: michael@0: // The service resolver needs a child process to write to. michael@0: Wow64W8ResolverThunk(HANDLE process, bool relaxed) michael@0: : ServiceResolverThunk(process, relaxed) {} michael@0: virtual ~Wow64W8ResolverThunk() {} michael@0: michael@0: private: michael@0: virtual bool IsFunctionAService(void* local_thunk) const; michael@0: michael@0: DISALLOW_COPY_AND_ASSIGN(Wow64W8ResolverThunk); michael@0: }; michael@0: michael@0: // This is the concrete resolver used to perform service-call type functions michael@0: // inside ntdll.dll on Windows 2000 and XP pre SP2. michael@0: class Win2kResolverThunk : public ServiceResolverThunk { michael@0: public: michael@0: // The service resolver needs a child process to write to. michael@0: Win2kResolverThunk(HANDLE process, bool relaxed) michael@0: : ServiceResolverThunk(process, relaxed) { michael@0: win2k_ = true; michael@0: } michael@0: virtual ~Win2kResolverThunk() {} michael@0: michael@0: private: michael@0: virtual bool IsFunctionAService(void* local_thunk) const; michael@0: michael@0: DISALLOW_COPY_AND_ASSIGN(Win2kResolverThunk); michael@0: }; michael@0: michael@0: // This is the concrete resolver used to perform service-call type functions michael@0: // inside ntdll.dll on Windows 8. michael@0: class Win8ResolverThunk : public ServiceResolverThunk { michael@0: public: michael@0: // The service resolver needs a child process to write to. michael@0: Win8ResolverThunk(HANDLE process, bool relaxed) michael@0: : ServiceResolverThunk(process, relaxed) {} michael@0: virtual ~Win8ResolverThunk() {} michael@0: michael@0: private: michael@0: virtual bool IsFunctionAService(void* local_thunk) const; michael@0: michael@0: DISALLOW_COPY_AND_ASSIGN(Win8ResolverThunk); michael@0: }; michael@0: michael@0: } // namespace sandbox michael@0: michael@0: michael@0: #endif // SANDBOX_SRC_SERVICE_RESOLVER_H__