1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "sandbox/win/src/nt_internals.h"
6#include "sandbox/win/src/sandbox_types.h"
7
8#ifndef SANDBOX_SRC_INTERCEPTORS_64_H_
9#define SANDBOX_SRC_INTERCEPTORS_64_H_
10
11namespace sandbox {
12
13extern "C" {
14
15// Interception of NtMapViewOfSection on the child process.
16// It should never be called directly. This function provides the means to
17// detect dlls being loaded, so we can patch them if needed.
18SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtMapViewOfSection64(
19    HANDLE section, HANDLE process, PVOID *base, ULONG_PTR zero_bits,
20    SIZE_T commit_size, PLARGE_INTEGER offset, PSIZE_T view_size,
21    SECTION_INHERIT inherit, ULONG allocation_type, ULONG protect);
22
23// Interception of NtUnmapViewOfSection on the child process.
24// It should never be called directly. This function provides the means to
25// detect dlls being unloaded, so we can clean up our interceptions.
26SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtUnmapViewOfSection64(HANDLE process,
27                                                               PVOID base);
28
29// -----------------------------------------------------------------------
30// Interceptors without IPC.
31
32// Interception of NtSetInformationThread on the child process.
33SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtSetInformationThread64(
34    HANDLE thread, NT_THREAD_INFORMATION_CLASS thread_info_class,
35    PVOID thread_information, ULONG thread_information_bytes);
36
37// Interception of NtOpenThreadToken on the child process.
38SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThreadToken64(
39    HANDLE thread, ACCESS_MASK desired_access, BOOLEAN open_as_self,
40    PHANDLE token);
41
42// Interception of NtOpenThreadTokenEx on the child process.
43SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThreadTokenEx64(
44    HANDLE thread, ACCESS_MASK desired_access, BOOLEAN open_as_self,
45    ULONG handle_attributes, PHANDLE token);
46
47// -----------------------------------------------------------------------
48// Interceptors handled by the file system dispatcher.
49
50// Interception of NtCreateFile on the child process.
51SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateFile64(
52    PHANDLE file, ACCESS_MASK desired_access,
53    POBJECT_ATTRIBUTES object_attributes, PIO_STATUS_BLOCK io_status,
54    PLARGE_INTEGER allocation_size, ULONG file_attributes, ULONG sharing,
55    ULONG disposition, ULONG options, PVOID ea_buffer, ULONG ea_length);
56
57// Interception of NtOpenFile on the child process.
58SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenFile64(
59    PHANDLE file, ACCESS_MASK desired_access,
60    POBJECT_ATTRIBUTES object_attributes, PIO_STATUS_BLOCK io_status,
61    ULONG sharing, ULONG options);
62
63// Interception of NtQueryAtttributesFile on the child process.
64SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtQueryAttributesFile64(
65    POBJECT_ATTRIBUTES object_attributes,
66    PFILE_BASIC_INFORMATION file_attributes);
67
68// Interception of NtQueryFullAtttributesFile on the child process.
69SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtQueryFullAttributesFile64(
70    POBJECT_ATTRIBUTES object_attributes,
71    PFILE_NETWORK_OPEN_INFORMATION file_attributes);
72
73// Interception of NtSetInformationFile on the child process.
74SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtSetInformationFile64(
75    HANDLE file, PIO_STATUS_BLOCK io_status, PVOID file_information,
76    ULONG length, FILE_INFORMATION_CLASS file_information_class);
77
78// -----------------------------------------------------------------------
79// Interceptors handled by the named pipe dispatcher.
80
81// Interception of CreateNamedPipeW in kernel32.dll
82SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateNamedPipeW64(
83    LPCWSTR pipe_name, DWORD open_mode, DWORD pipe_mode, DWORD max_instance,
84    DWORD out_buffer_size, DWORD in_buffer_size, DWORD default_timeout,
85    LPSECURITY_ATTRIBUTES security_attributes);
86
87// -----------------------------------------------------------------------
88// Interceptors handled by the process-thread dispatcher.
89
90// Interception of NtOpenThread on the child process.
91SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThread64(
92    PHANDLE thread, ACCESS_MASK desired_access,
93    POBJECT_ATTRIBUTES object_attributes, PCLIENT_ID client_id);
94
95// Interception of NtOpenProcess on the child process.
96SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcess64(
97    PHANDLE process, ACCESS_MASK desired_access,
98    POBJECT_ATTRIBUTES object_attributes, PCLIENT_ID client_id);
99
100// Interception of NtOpenProcessToken on the child process.
101SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessToken64(
102    HANDLE process, ACCESS_MASK desired_access, PHANDLE token);
103
104// Interception of NtOpenProcessTokenEx on the child process.
105SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessTokenEx64(
106    HANDLE process, ACCESS_MASK desired_access, ULONG handle_attributes,
107    PHANDLE token);
108
109// Interception of CreateProcessW in kernel32.dll.
110SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessW64(
111    LPCWSTR application_name, LPWSTR command_line,
112    LPSECURITY_ATTRIBUTES process_attributes,
113    LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags,
114    LPVOID environment, LPCWSTR current_directory, LPSTARTUPINFOW startup_info,
115    LPPROCESS_INFORMATION process_information);
116
117// Interception of CreateProcessA in kernel32.dll.
118SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessA64(
119    LPCSTR application_name, LPSTR command_line,
120    LPSECURITY_ATTRIBUTES process_attributes,
121    LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags,
122    LPVOID environment, LPCSTR current_directory, LPSTARTUPINFOA startup_info,
123    LPPROCESS_INFORMATION process_information);
124
125// -----------------------------------------------------------------------
126// Interceptors handled by the registry dispatcher.
127
128// Interception of NtCreateKey on the child process.
129SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateKey64(
130    PHANDLE key, ACCESS_MASK desired_access,
131    POBJECT_ATTRIBUTES object_attributes, ULONG title_index,
132    PUNICODE_STRING class_name, ULONG create_options, PULONG disposition);
133
134// Interception of NtOpenKey on the child process.
135SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKey64(
136    PHANDLE key, ACCESS_MASK desired_access,
137    POBJECT_ATTRIBUTES object_attributes);
138
139// Interception of NtOpenKeyEx on the child process.
140SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKeyEx64(
141    PHANDLE key, ACCESS_MASK desired_access,
142    POBJECT_ATTRIBUTES object_attributes, ULONG open_options);
143
144// -----------------------------------------------------------------------
145// Interceptors handled by the sync dispatcher.
146
147// Interception of NtCreateEvent/NtOpenEvent on the child process.
148SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateEvent64(
149    PHANDLE event_handle, ACCESS_MASK desired_access,
150    POBJECT_ATTRIBUTES object_attributes, EVENT_TYPE event_type,
151    BOOLEAN initial_state);
152
153SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenEvent64(
154    PHANDLE event_handle, ACCESS_MASK desired_access,
155    POBJECT_ATTRIBUTES object_attributes);
156
157// -----------------------------------------------------------------------
158// Interceptors handled by the process mitigations win32k lockdown code.
159
160// Interceptor for the GdiDllInitialize function.
161SANDBOX_INTERCEPT BOOL WINAPI TargetGdiDllInitialize64(
162    HANDLE dll,
163    DWORD reason);
164
165// Interceptor for the GetStockObject function.
166SANDBOX_INTERCEPT HGDIOBJ WINAPI TargetGetStockObject64(int object);
167
168// Interceptor for the RegisterClassW function.
169SANDBOX_INTERCEPT ATOM WINAPI TargetRegisterClassW64(const WNDCLASS* wnd_class);
170
171}  // extern "C"
172
173}  // namespace sandbox
174
175#endif  // SANDBOX_SRC_INTERCEPTORS_64_H_
176