michael@0: // Copyright (c) 2011 The Chromium Authors. All rights reserved. michael@0: // Use of this source code is governed by a BSD-style license that can be michael@0: // found in the LICENSE file. michael@0: michael@0: #include "sandbox/win/src/nt_internals.h" michael@0: #include "sandbox/win/src/sandbox_types.h" michael@0: michael@0: #ifndef SANDBOX_SRC_INTERCEPTORS_64_H_ michael@0: #define SANDBOX_SRC_INTERCEPTORS_64_H_ michael@0: michael@0: namespace sandbox { michael@0: michael@0: extern "C" { michael@0: michael@0: // Interception of NtMapViewOfSection on the child process. michael@0: // It should never be called directly. This function provides the means to michael@0: // detect dlls being loaded, so we can patch them if needed. michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtMapViewOfSection64( michael@0: HANDLE section, HANDLE process, PVOID *base, ULONG_PTR zero_bits, michael@0: SIZE_T commit_size, PLARGE_INTEGER offset, PSIZE_T view_size, michael@0: SECTION_INHERIT inherit, ULONG allocation_type, ULONG protect); michael@0: michael@0: // Interception of NtUnmapViewOfSection on the child process. michael@0: // It should never be called directly. This function provides the means to michael@0: // detect dlls being unloaded, so we can clean up our interceptions. michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtUnmapViewOfSection64(HANDLE process, michael@0: PVOID base); michael@0: michael@0: // ----------------------------------------------------------------------- michael@0: // Interceptors without IPC. michael@0: michael@0: // Interception of NtSetInformationThread on the child process. michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtSetInformationThread64( michael@0: HANDLE thread, NT_THREAD_INFORMATION_CLASS thread_info_class, michael@0: PVOID thread_information, ULONG thread_information_bytes); michael@0: michael@0: // Interception of NtOpenThreadToken on the child process. michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThreadToken64( michael@0: HANDLE thread, ACCESS_MASK desired_access, BOOLEAN open_as_self, michael@0: PHANDLE token); michael@0: michael@0: // Interception of NtOpenThreadTokenEx on the child process. michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThreadTokenEx64( michael@0: HANDLE thread, ACCESS_MASK desired_access, BOOLEAN open_as_self, michael@0: ULONG handle_attributes, PHANDLE token); michael@0: michael@0: // Interception of CreateThread on the child process. michael@0: SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateThread64( michael@0: LPSECURITY_ATTRIBUTES thread_attributes, SIZE_T stack_size, michael@0: LPTHREAD_START_ROUTINE start_address, PVOID parameter, michael@0: DWORD creation_flags, LPDWORD thread_id); michael@0: michael@0: // Interception of GetUserDefaultLCID on the child process. michael@0: SANDBOX_INTERCEPT LCID WINAPI TargetGetUserDefaultLCID64(); michael@0: michael@0: // ----------------------------------------------------------------------- michael@0: // Interceptors handled by the file system dispatcher. michael@0: michael@0: // Interception of NtCreateFile on the child process. michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateFile64( michael@0: PHANDLE file, ACCESS_MASK desired_access, michael@0: POBJECT_ATTRIBUTES object_attributes, PIO_STATUS_BLOCK io_status, michael@0: PLARGE_INTEGER allocation_size, ULONG file_attributes, ULONG sharing, michael@0: ULONG disposition, ULONG options, PVOID ea_buffer, ULONG ea_length); michael@0: michael@0: // Interception of NtOpenFile on the child process. michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenFile64( michael@0: PHANDLE file, ACCESS_MASK desired_access, michael@0: POBJECT_ATTRIBUTES object_attributes, PIO_STATUS_BLOCK io_status, michael@0: ULONG sharing, ULONG options); michael@0: michael@0: // Interception of NtQueryAtttributesFile on the child process. michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtQueryAttributesFile64( michael@0: POBJECT_ATTRIBUTES object_attributes, michael@0: PFILE_BASIC_INFORMATION file_attributes); michael@0: michael@0: // Interception of NtQueryFullAtttributesFile on the child process. michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtQueryFullAttributesFile64( michael@0: POBJECT_ATTRIBUTES object_attributes, michael@0: PFILE_NETWORK_OPEN_INFORMATION file_attributes); michael@0: michael@0: // Interception of NtSetInformationFile on the child process. michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtSetInformationFile64( michael@0: HANDLE file, PIO_STATUS_BLOCK io_status, PVOID file_information, michael@0: ULONG length, FILE_INFORMATION_CLASS file_information_class); michael@0: michael@0: // ----------------------------------------------------------------------- michael@0: // Interceptors handled by the named pipe dispatcher. michael@0: michael@0: // Interception of CreateNamedPipeW in kernel32.dll michael@0: SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateNamedPipeW64( michael@0: LPCWSTR pipe_name, DWORD open_mode, DWORD pipe_mode, DWORD max_instance, michael@0: DWORD out_buffer_size, DWORD in_buffer_size, DWORD default_timeout, michael@0: LPSECURITY_ATTRIBUTES security_attributes); michael@0: michael@0: // ----------------------------------------------------------------------- michael@0: // Interceptors handled by the process-thread dispatcher. michael@0: michael@0: // Interception of NtOpenThread on the child process. michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThread64( michael@0: PHANDLE thread, ACCESS_MASK desired_access, michael@0: POBJECT_ATTRIBUTES object_attributes, PCLIENT_ID client_id); michael@0: michael@0: // Interception of NtOpenProcess on the child process. michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcess64( michael@0: PHANDLE process, ACCESS_MASK desired_access, michael@0: POBJECT_ATTRIBUTES object_attributes, PCLIENT_ID client_id); michael@0: michael@0: // Interception of NtOpenProcessToken on the child process. michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessToken64( michael@0: HANDLE process, ACCESS_MASK desired_access, PHANDLE token); michael@0: michael@0: // Interception of NtOpenProcessTokenEx on the child process. michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessTokenEx64( michael@0: HANDLE process, ACCESS_MASK desired_access, ULONG handle_attributes, michael@0: PHANDLE token); michael@0: michael@0: // Interception of CreateProcessW in kernel32.dll. michael@0: SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessW64( michael@0: LPCWSTR application_name, LPWSTR command_line, michael@0: LPSECURITY_ATTRIBUTES process_attributes, michael@0: LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags, michael@0: LPVOID environment, LPCWSTR current_directory, LPSTARTUPINFOW startup_info, michael@0: LPPROCESS_INFORMATION process_information); michael@0: michael@0: // Interception of CreateProcessA in kernel32.dll. michael@0: SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessA64( michael@0: LPCSTR application_name, LPSTR command_line, michael@0: LPSECURITY_ATTRIBUTES process_attributes, michael@0: LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags, michael@0: LPVOID environment, LPCSTR current_directory, LPSTARTUPINFOA startup_info, michael@0: LPPROCESS_INFORMATION process_information); michael@0: michael@0: // ----------------------------------------------------------------------- michael@0: // Interceptors handled by the registry dispatcher. michael@0: michael@0: // Interception of NtCreateKey on the child process. michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateKey64( michael@0: PHANDLE key, ACCESS_MASK desired_access, michael@0: POBJECT_ATTRIBUTES object_attributes, ULONG title_index, michael@0: PUNICODE_STRING class_name, ULONG create_options, PULONG disposition); michael@0: michael@0: // Interception of NtOpenKey on the child process. michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKey64( michael@0: PHANDLE key, ACCESS_MASK desired_access, michael@0: POBJECT_ATTRIBUTES object_attributes); michael@0: michael@0: // Interception of NtOpenKeyEx on the child process. michael@0: SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKeyEx64( michael@0: PHANDLE key, ACCESS_MASK desired_access, michael@0: POBJECT_ATTRIBUTES object_attributes, ULONG open_options); michael@0: michael@0: // ----------------------------------------------------------------------- michael@0: // Interceptors handled by the sync dispatcher. michael@0: michael@0: // Interception of CreateEventW on the child process. michael@0: SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateEventW64( michael@0: LPSECURITY_ATTRIBUTES security_attributes, BOOL manual_reset, michael@0: BOOL initial_state, LPCWSTR name); michael@0: michael@0: // Interception of OpenEventW on the child process. michael@0: SANDBOX_INTERCEPT HANDLE WINAPI TargetOpenEventW64( michael@0: ACCESS_MASK desired_access, BOOL inherit_handle, LPCWSTR name); michael@0: michael@0: } // extern "C" michael@0: michael@0: } // namespace sandbox michael@0: michael@0: #endif // SANDBOX_SRC_INTERCEPTORS_64_H_