15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/sandbox_poc/pocdll/exports.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/sandbox_poc/pocdll/utils.h" 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// This file contains the tests used to verify the security of the registry. 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Tries to open the key hive\path and outputs the result. 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// "output" is the stream used for logging. 121320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tuccivoid TryOpenKey(const HKEY hive, 131320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci const wchar_t* hive_name, 141320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci const wchar_t* path, 151320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci FILE* output) { 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HKEY key; 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LONG err_code = ::RegOpenKeyEx(hive, 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) path, 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 0, // Reserved, must be 0. 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) MAXIMUM_ALLOWED, 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) &key); 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (ERROR_SUCCESS == err_code) { 231320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci fprintf(output, 241320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "[GRANTED] Opening key \"%S\\%S\". Handle 0x%p\r\n", 251320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci hive_name, 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) path, 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) key); 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ::RegCloseKey(key); 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 301320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci fprintf(output, 311320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "[BLOCKED] Opening key \"%S\\%S\". Error %ld\r\n", 321320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci hive_name, 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) path, 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) err_code); 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void POCDLL_API TestRegistry(HANDLE log) { 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HandleToFile handle2file; 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) FILE *output = handle2file.Translate(log, "w"); 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 421320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci TryOpenKey(HKEY_LOCAL_MACHINE, L"HKEY_LOCAL_MACHINE", NULL, output); 431320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci TryOpenKey(HKEY_CURRENT_USER, L"HKEY_CURRENT_USER", NULL, output); 441320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci TryOpenKey(HKEY_USERS, L"HKEY_USERS", NULL, output); 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) TryOpenKey(HKEY_LOCAL_MACHINE, 461320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci L"HKEY_LOCAL_MACHINE", 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) L"Software\\Microsoft\\Windows NT\\CurrentVersion\\WinLogon", 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) output); 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 50