1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_INTEGRITY_VERIFIER_WIN_H_ 6#define CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_INTEGRITY_VERIFIER_WIN_H_ 7 8#include <stdint.h> 9 10#include <set> 11#include <string> 12 13namespace base { 14namespace win { 15class PEImage; 16class PEImageAsData; 17} // namespace win 18} // namespace base 19 20namespace safe_browsing { 21 22// This enum defines the possible module states VerifyModule can return. 23enum ModuleState { 24 MODULE_STATE_UNKNOWN, 25 MODULE_STATE_UNMODIFIED, 26 MODULE_STATE_MODIFIED, 27}; 28 29// Helper to grab the addresses and size of the code section of a PEImage. 30// Returns two addresses: one for the dll loaded as a library, the other for the 31// dll loaded as data. 32bool GetCodeAddrsAndSize(const base::win::PEImage& mem_peimage, 33 const base::win::PEImageAsData& disk_peimage, 34 uint8_t** mem_code_addr, 35 uint8_t** disk_code_addr, 36 uint32_t* code_size); 37 38// Examines the code section of the given module in memory and on disk, looking 39// for unexpected differences. Returns a ModuleState and and a set of the 40// possibly modified exports. 41ModuleState VerifyModule(const wchar_t* module_name, 42 std::set<std::string>* modified_exports); 43 44} // namespace safe_browsing 45 46#endif // CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_INTEGRITY_VERIFIER_WIN_H_ 47