15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2006-2011 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/src/nt_internals.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/src/sandbox_types.h" 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifndef SANDBOX_SRC_PROCESS_THREAD_INTERCEPTION_H__ 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SANDBOX_SRC_PROCESS_THREAD_INTERCEPTION_H__ 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace sandbox { 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)extern "C" { 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef BOOL (WINAPI *CreateProcessWFunction)( 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPCWSTR lpApplicationName, 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPWSTR lpCommandLine, 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPSECURITY_ATTRIBUTES lpProcessAttributes, 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPSECURITY_ATTRIBUTES lpThreadAttributes, 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) BOOL bInheritHandles, 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DWORD dwCreationFlags, 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPVOID lpEnvironment, 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPCWSTR lpCurrentDirectory, 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPSTARTUPINFOW lpStartupInfo, 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPPROCESS_INFORMATION lpProcessInformation); 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef BOOL (WINAPI *CreateProcessAFunction)( 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPCSTR lpApplicationName, 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPSTR lpCommandLine, 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPSECURITY_ATTRIBUTES lpProcessAttributes, 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPSECURITY_ATTRIBUTES lpThreadAttributes, 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) BOOL bInheritHandles, 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DWORD dwCreationFlags, 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPVOID lpEnvironment, 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPCSTR lpCurrentDirectory, 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPSTARTUPINFOA lpStartupInfo, 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPPROCESS_INFORMATION lpProcessInformation); 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef HANDLE (WINAPI *CreateThreadFunction)( 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPSECURITY_ATTRIBUTES lpThreadAttributes, 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SIZE_T dwStackSize, 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPTHREAD_START_ROUTINE lpStartAddress, 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PVOID lpParameter, 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DWORD dwCreationFlags, 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPDWORD lpThreadId); 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef LCID (WINAPI *GetUserDefaultLCIDFunction)(); 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Interception of NtOpenThread on the child process. 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThread( 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NtOpenThreadFunction orig_OpenThread, PHANDLE thread, 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes, 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PCLIENT_ID client_id); 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Interception of NtOpenProcess on the child process. 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcess( 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NtOpenProcessFunction orig_OpenProcess, PHANDLE process, 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes, 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PCLIENT_ID client_id); 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Interception of NtOpenProcessToken on the child process. 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessToken( 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NtOpenProcessTokenFunction orig_OpenProcessToken, HANDLE process, 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ACCESS_MASK desired_access, PHANDLE token); 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Interception of NtOpenProcessTokenEx on the child process. 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessTokenEx( 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NtOpenProcessTokenExFunction orig_OpenProcessTokenEx, HANDLE process, 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ACCESS_MASK desired_access, ULONG handle_attributes, PHANDLE token); 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Interception of CreateProcessW and A in kernel32.dll. 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessW( 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CreateProcessWFunction orig_CreateProcessW, LPCWSTR application_name, 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPWSTR command_line, LPSECURITY_ATTRIBUTES process_attributes, 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags, 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPVOID environment, LPCWSTR current_directory, LPSTARTUPINFOW startup_info, 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPPROCESS_INFORMATION process_information); 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessA( 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CreateProcessAFunction orig_CreateProcessA, LPCSTR application_name, 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPSTR command_line, LPSECURITY_ATTRIBUTES process_attributes, 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags, 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPVOID environment, LPCSTR current_directory, LPSTARTUPINFOA startup_info, 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPPROCESS_INFORMATION process_information); 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Interception of CreateThread in kernel32.dll. 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateThread( 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CreateThreadFunction orig_CreateThread, 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPSECURITY_ATTRIBUTES thread_attributes, SIZE_T stack_size, 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LPTHREAD_START_ROUTINE start_address, PVOID parameter, 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DWORD creation_flags, LPDWORD thread_id); 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Interception of GetUserDefaultLCID in kernel32.dll. 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SANDBOX_INTERCEPT LCID WINAPI TargetGetUserDefaultLCID( 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) GetUserDefaultLCIDFunction orig_GetUserDefaultLCID); 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // extern "C" 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace sandbox 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif // SANDBOX_SRC_PROCESS_THREAD_INTERCEPTION_H__ 102