search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Roll src/third_party/WebKit 3c1b001:57aef96 (svn 201977:201978)
[chromium-blink-merge.git] / chrome_elf / blacklist / blacklist_interceptions.cc
blob339de1ac749a3df0847a5255550e33bf58a4e1b5
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 //
5 // Implementation of NtMapViewOfSection intercept for 32 bit builds.
6 //
7 // TODO(robertshield): Implement the 64 bit intercept.
8
9 #include "chrome_elf/blacklist/blacklist_interceptions.h"
10
11 #include <string>
12 #include <vector>
13
14 // Note that only #includes from base that are either header-only or built into
15 // base_static (see base/base.gyp) are allowed here.
16 #include "base/basictypes.h"
17 #include "base/strings/string16.h"
18 #include "base/win/pe_image.h"
19 #include "chrome_elf/blacklist/blacklist.h"
20 #include "chrome_elf/breakpad.h"
21 #include "sandbox/win/src/internal_types.h"
22 #include "sandbox/win/src/nt_internals.h"
23 #include "sandbox/win/src/sandbox_nt_util.h"
24 #include "sandbox/win/src/sandbox_types.h"
25
26 namespace {
27
28 NtQuerySectionFunction g_nt_query_section_func = NULL;
29 NtQueryVirtualMemoryFunction g_nt_query_virtual_memory_func = NULL;
30 NtUnmapViewOfSectionFunction g_nt_unmap_view_of_section_func = NULL;
31
32 // TODO(robertshield): Merge with ntdll exports cache.
33 FARPROC GetNtDllExportByName(const char* export_name) {
34 HMODULE ntdll = ::GetModuleHandle(sandbox::kNtdllName);
35 return ::GetProcAddress(ntdll, export_name);
36 }
37
38 int DllMatch(const base::string16& module_name) {
39 if (module_name.empty())
40 return -1;
41
42 for (int i = 0; blacklist::g_troublesome_dlls[i] != NULL; ++i) {
43 if (_wcsicmp(module_name.c_str(), blacklist::g_troublesome_dlls[i]) == 0)
44 return i;
45 }
46 return -1;
47 }
48
49 // TODO(robertshield): Some of the helper functions below overlap somewhat with
50 // code in sandbox_nt_util.cc. See if they can be unified.
51
52 // Native reimplementation of PSAPIs GetMappedFileName.
53 base::string16 GetBackingModuleFilePath(PVOID address) {
54 DCHECK_NT(g_nt_query_virtual_memory_func);
55
56 // We'll start with something close to max_path characters for the name.
57 SIZE_T buffer_bytes = MAX_PATH * 2;
58 std::vector<BYTE> buffer_data(buffer_bytes);
59
60 for (;;) {
61 MEMORY_SECTION_NAME* section_name =
62 reinterpret_cast<MEMORY_SECTION_NAME*>(&buffer_data[0]);
63
64 if (!section_name)
65 break;
66
67 SIZE_T returned_bytes;
68 NTSTATUS ret = g_nt_query_virtual_memory_func(
69 NtCurrentProcess, address, MemorySectionName, section_name,
70 buffer_bytes, &returned_bytes);
71
72 if (STATUS_BUFFER_OVERFLOW == ret) {
73 // Retry the call with the given buffer size.
74 buffer_bytes = returned_bytes + 1;
75 buffer_data.resize(buffer_bytes);
76 section_name = NULL;
77 continue;
78 }
79 if (!NT_SUCCESS(ret))
80 break;
81
82 UNICODE_STRING* section_string =
83 reinterpret_cast<UNICODE_STRING*>(section_name);
84 return base::string16(section_string->Buffer,
85 section_string->Length / sizeof(wchar_t));
86 }
87
88 return base::string16();
89 }
90
91 bool IsModuleValidImageSection(HANDLE section,
92 PVOID *base,
93 PLARGE_INTEGER offset,
94 PSIZE_T view_size) {
95 DCHECK_NT(g_nt_query_section_func);
96
97 if (!section || !base || !view_size || offset)
98 return false;
99
100 SECTION_BASIC_INFORMATION basic_info;
101 SIZE_T bytes_returned;
102 NTSTATUS ret = g_nt_query_section_func(section, SectionBasicInformation,
103 &basic_info, sizeof(basic_info),
104 &bytes_returned);
105
106 if (!NT_SUCCESS(ret) || sizeof(basic_info) != bytes_returned)
107 return false;
108
109 if (!(basic_info.Attributes & SEC_IMAGE))
110 return false;
111
112 return true;
113 }
114
115 base::string16 ExtractLoadedModuleName(const base::string16& module_path) {
116 if (module_path.empty() || module_path[module_path.size() - 1] == L'\\')
117 return base::string16();
118
119 size_t sep = module_path.find_last_of(L'\\');
120 if (sep == base::string16::npos)
121 return module_path;
122 else
123 return module_path.substr(sep+1);
124 }
125
126 // Fills |out_name| with the image name from the given |pe| image and |flags|
127 // with additional info about the image.
128 void SafeGetImageInfo(const base::win::PEImage& pe,
129 std::string* out_name,
130 uint32* flags) {
131 out_name->clear();
132 out_name->reserve(MAX_PATH);
133 *flags = 0;
134 __try {
135 if (pe.VerifyMagic()) {
136 *flags |= sandbox::MODULE_IS_PE_IMAGE;
137
138 PIMAGE_EXPORT_DIRECTORY exports = pe.GetExportDirectory();
139 if (exports) {
140 const char* image_name = reinterpret_cast<const char*>(
141 pe.RVAToAddr(exports->Name));
142 size_t i = 0;
143 for (; i < MAX_PATH && *image_name; ++i, ++image_name)
144 out_name->push_back(*image_name);
145 }
146
147 PIMAGE_NT_HEADERS headers = pe.GetNTHeaders();
148 if (headers) {
149 if (headers->OptionalHeader.AddressOfEntryPoint)
150 *flags |= sandbox::MODULE_HAS_ENTRY_POINT;
151 if (headers->OptionalHeader.SizeOfCode)
152 *flags |= sandbox::MODULE_HAS_CODE;
153 }
154 }
155 } __except((GetExceptionCode() == EXCEPTION_ACCESS_VIOLATION ||
156 GetExceptionCode() == EXCEPTION_GUARD_PAGE ||
157 GetExceptionCode() == EXCEPTION_IN_PAGE_ERROR) ?
158 EXCEPTION_EXECUTE_HANDLER : EXCEPTION_CONTINUE_SEARCH) {
159 out_name->clear();
160 }
161 }
162
163 base::string16 GetImageInfoFromLoadedModule(HMODULE module, uint32* flags) {
164 std::string out_name;
165 base::win::PEImage pe(module);
166 SafeGetImageInfo(pe, &out_name, flags);
167 return base::string16(out_name.begin(), out_name.end());
168 }
169
170 bool IsSameAsCurrentProcess(HANDLE process) {
171 return (NtCurrentProcess == process) ||
172 (::GetProcessId(process) == ::GetCurrentProcessId());
173 }
174
175 NTSTATUS BlNtMapViewOfSectionImpl(
176 NtMapViewOfSectionFunction orig_MapViewOfSection,
177 HANDLE section,
178 HANDLE process,
179 PVOID *base,
180 ULONG_PTR zero_bits,
181 SIZE_T commit_size,
182 PLARGE_INTEGER offset,
183 PSIZE_T view_size,
184 SECTION_INHERIT inherit,
185 ULONG allocation_type,
186 ULONG protect) {
187 NTSTATUS ret = orig_MapViewOfSection(section, process, base, zero_bits,
188 commit_size, offset, view_size, inherit,
189 allocation_type, protect);
190
191 if (!NT_SUCCESS(ret) || !IsSameAsCurrentProcess(process) ||
192 !IsModuleValidImageSection(section, base, offset, view_size)) {
193 return ret;
194 }
195
196 HMODULE module = reinterpret_cast<HMODULE>(*base);
197 if (module) {
198 UINT image_flags;
199
200 base::string16 module_name_from_image(GetImageInfoFromLoadedModule(
201 reinterpret_cast<HMODULE>(*base), &image_flags));
202
203 int blocked_index = DllMatch(module_name_from_image);
204
205 // If the module name isn't blacklisted, see if the file name is different
206 // and blacklisted.
207 if (blocked_index == -1) {
208 base::string16 file_name(GetBackingModuleFilePath(*base));
209 base::string16 module_name_from_file = ExtractLoadedModuleName(file_name);
210
211 if (module_name_from_image != module_name_from_file)
212 blocked_index = DllMatch(module_name_from_file);
213 }
214
215 if (blocked_index != -1) {
216 DCHECK_NT(g_nt_unmap_view_of_section_func);
217 g_nt_unmap_view_of_section_func(process, *base);
218 ret = STATUS_UNSUCCESSFUL;
219
220 blacklist::BlockedDll(blocked_index);
221 }
222 }
223
224 return ret;
225 }
226
227 } // namespace
228
229 namespace blacklist {
230
231 bool InitializeInterceptImports() {
232 g_nt_query_section_func =
233 reinterpret_cast<NtQuerySectionFunction>(
234 GetNtDllExportByName("NtQuerySection"));
235 g_nt_query_virtual_memory_func =
236 reinterpret_cast<NtQueryVirtualMemoryFunction>(
237 GetNtDllExportByName("NtQueryVirtualMemory"));
238 g_nt_unmap_view_of_section_func =
239 reinterpret_cast<NtUnmapViewOfSectionFunction>(
240 GetNtDllExportByName("NtUnmapViewOfSection"));
241
242 return (g_nt_query_section_func && g_nt_query_virtual_memory_func &&
243 g_nt_unmap_view_of_section_func);
244 }
245
246 SANDBOX_INTERCEPT NTSTATUS WINAPI BlNtMapViewOfSection(
247 NtMapViewOfSectionFunction orig_MapViewOfSection,
248 HANDLE section,
249 HANDLE process,
250 PVOID *base,
251 ULONG_PTR zero_bits,
252 SIZE_T commit_size,
253 PLARGE_INTEGER offset,
254 PSIZE_T view_size,
255 SECTION_INHERIT inherit,
256 ULONG allocation_type,
257 ULONG protect) {
258 NTSTATUS ret = STATUS_UNSUCCESSFUL;
259
260 __try {
261 ret = BlNtMapViewOfSectionImpl(orig_MapViewOfSection, section, process,
262 base, zero_bits, commit_size, offset,
263 view_size, inherit, allocation_type,
264 protect);
265 } __except(GenerateCrashDump(GetExceptionInformation())) {
266 }
267
268 return ret;
269 }
270
271 #if defined(_WIN64)
272 NTSTATUS WINAPI BlNtMapViewOfSection64(
273 HANDLE section, HANDLE process, PVOID *base, ULONG_PTR zero_bits,
274 SIZE_T commit_size, PLARGE_INTEGER offset, PSIZE_T view_size,
275 SECTION_INHERIT inherit, ULONG allocation_type, ULONG protect) {
276 return BlNtMapViewOfSection(g_nt_map_view_of_section_func, section, process,
277 base, zero_bits, commit_size, offset, view_size,
278 inherit, allocation_type, protect);
279 }
280 #endif
281 } // namespace blacklist