1// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "sandbox/win/src/restricted_token.h" 6#include "sandbox/win/src/restricted_token_utils.h" 7#include "sandbox/win/tools/finder/finder.h" 8 9Finder::Finder() { 10 file_output_ = NULL; 11 object_type_ = 0; 12 access_type_ = 0; 13 token_handle_ = NULL; 14 memset(filesystem_stats_, 0, sizeof(filesystem_stats_)); 15 memset(registry_stats_, 0, sizeof(registry_stats_)); 16 memset(kernel_object_stats_, 0, sizeof(kernel_object_stats_)); 17} 18 19Finder::~Finder() { 20 if (token_handle_) 21 ::CloseHandle(token_handle_); 22} 23 24DWORD Finder::Init(sandbox::TokenLevel token_type, 25 DWORD object_type, 26 DWORD access_type, 27 FILE *file_output) { 28 DWORD err_code = ERROR_SUCCESS; 29 30 err_code = InitNT(); 31 if (ERROR_SUCCESS != err_code) 32 return err_code; 33 34 object_type_ = object_type; 35 access_type_ = access_type; 36 file_output_ = file_output; 37 38 err_code = sandbox::CreateRestrictedToken(&token_handle_, token_type, 39 sandbox::INTEGRITY_LEVEL_LAST, 40 sandbox::PRIMARY); 41 return err_code; 42} 43 44DWORD Finder::Scan() { 45 if (!token_handle_) { 46 return ERROR_NO_TOKEN; 47 } 48 49 if (object_type_ & kScanRegistry) { 50 ParseRegistry(HKEY_LOCAL_MACHINE, L"HKLM\\"); 51 ParseRegistry(HKEY_USERS, L"HKU\\"); 52 ParseRegistry(HKEY_CURRENT_CONFIG, L"HKCC\\"); 53 } 54 55 if (object_type_ & kScanFileSystem) { 56 ParseFileSystem(L"\\\\?\\C:"); 57 } 58 59 if (object_type_ & kScanKernelObjects) { 60 ParseKernelObjects(L"\\"); 61 } 62 63 return ERROR_SUCCESS; 64} 65