15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/src/target_interceptions.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/src/interception_agent.h" 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/src/sandbox_factory.h" 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/src/sandbox_nt_util.h" 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/src/target_services.h" 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace sandbox { 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SANDBOX_INTERCEPT NtExports g_nt; 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Hooks NtMapViewOfSection to detect the load of DLLs. If hot patching is 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// required for this dll, this functions patches it. 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)NTSTATUS WINAPI TargetNtMapViewOfSection( 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NtMapViewOfSectionFunction orig_MapViewOfSection, HANDLE section, 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HANDLE process, PVOID *base, ULONG_PTR zero_bits, SIZE_T commit_size, 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PLARGE_INTEGER offset, PSIZE_T view_size, SECTION_INHERIT inherit, 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ULONG allocation_type, ULONG protect) { 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NTSTATUS ret = orig_MapViewOfSection(section, process, base, zero_bits, 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) commit_size, offset, view_size, inherit, 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) allocation_type, protect); 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) static int s_load_count = 0; 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (1 == s_load_count) { 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SandboxFactory::GetTargetServices()->GetState()->SetKernel32Loaded(); 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) s_load_count = 2; 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) do { 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!NT_SUCCESS(ret)) 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!InitHeap()) 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!IsSameProcess(process)) 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!IsValidImageSection(section, base, offset, view_size)) 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UINT image_flags; 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UNICODE_STRING* module_name = 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) GetImageInfoFromModule(reinterpret_cast<HMODULE>(*base), &image_flags); 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) UNICODE_STRING* file_name = GetBackingFilePath(*base); 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if ((!module_name) && (image_flags & MODULE_HAS_CODE)) { 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // If the module has no exports we retrieve the module name from the 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // full path of the mapped section. 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) module_name = ExtractModuleName(file_name); 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) InterceptionAgent* agent = InterceptionAgent::GetInterceptionAgent(); 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (agent) { 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!agent->OnDllLoad(file_name, module_name, *base)) { 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Interception agent is demanding to un-map the module. 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) g_nt.UnmapViewOfSection(process, *base); 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ret = STATUS_UNSUCCESSFUL; 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (module_name) 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operator delete(module_name, NT_ALLOC); 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (file_name) 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operator delete(file_name, NT_ALLOC); 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } while (false); 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!s_load_count) 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) s_load_count = 1; 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ret; 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)NTSTATUS WINAPI TargetNtUnmapViewOfSection( 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NtUnmapViewOfSectionFunction orig_UnmapViewOfSection, HANDLE process, 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PVOID base) { 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NTSTATUS ret = orig_UnmapViewOfSection(process, base); 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!NT_SUCCESS(ret)) 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ret; 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!IsSameProcess(process)) 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ret; 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) InterceptionAgent* agent = InterceptionAgent::GetInterceptionAgent(); 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (agent) 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) agent->OnDllUnload(base); 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ret; 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace sandbox 101