15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2010 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifndef SANDBOX_WOW_HELPER_SERVICE64_RESOLVER_H__ 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define SANDBOX_WOW_HELPER_SERVICE64_RESOLVER_H__ 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/src/nt_internals.h" 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/src/resolver.h" 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace sandbox { 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// This is the concrete resolver used to perform service-call type functions 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// inside ntdll.dll (64-bit). 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class Service64ResolverThunk : public ResolverThunk { 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The service resolver needs a child process to write to. 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) explicit Service64ResolverThunk(HANDLE process) 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) : process_(process), ntdll_base_(NULL) {} 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual ~Service64ResolverThunk() {} 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Implementation of Resolver::Setup. 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual NTSTATUS Setup(const void* target_module, 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const void* interceptor_module, 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char* target_name, 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char* interceptor_name, 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const void* interceptor_entry_point, 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void* thunk_storage, 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) size_t storage_bytes, 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) size_t* storage_used); 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Implementation of Resolver::ResolveInterceptor. 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual NTSTATUS ResolveInterceptor(const void* module, 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char* function_name, 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const void** address); 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Implementation of Resolver::ResolveTarget. 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual NTSTATUS ResolveTarget(const void* module, 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char* function_name, 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void** address); 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Implementation of Resolver::GetThunkSize. 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual size_t GetThunkSize() const; 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) protected: 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The unit test will use this member to allow local patch on a buffer. 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HMODULE ntdll_base_; 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Handle of the child process. 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HANDLE process_; 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) private: 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns true if the code pointer by target_ corresponds to the expected 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // type of function. Saves that code on the first part of the thunk pointed 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // by local_thunk (should be directly accessible from the parent). 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual bool IsFunctionAService(void* local_thunk) const; 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Performs the actual patch of target_. 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // local_thunk must be already fully initialized, and the first part must 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // contain the original code. The real type of this buffer is ServiceFullThunk 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // (yes, private). remote_thunk (real type ServiceFullThunk), must be 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // allocated on the child, and will contain the thunk data, after this call. 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns the apropriate status code. 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual NTSTATUS PerformPatch(void* local_thunk, void* remote_thunk); 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(Service64ResolverThunk); 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace sandbox 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif // SANDBOX_WOW_HELPER_SERVICE64_RESOLVER_H__ 73