search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
srpcgen: Use 'const char*' for string parameters
[chromium-blink-merge.git] / chrome_frame / buggy_bho_handling.cc
blob227c99968f74747a553c5b6799c326a01e278b84
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome_frame/buggy_bho_handling.h"
6
7 #include "base/logging.h"
8 #include "base/win/scoped_comptr.h"
9
10 #include "chrome_frame/exception_barrier.h"
11 #include "chrome_frame/function_stub.h"
12 #include "chrome_frame/utils.h"
13 #include "chrome_frame/vtable_patch_manager.h"
14
15 namespace buggy_bho {
16
17 base::ThreadLocalPointer<BuggyBhoTls> BuggyBhoTls::s_bad_object_tls_;
18
19 struct ModuleAndVersion {
20 const char* module_name_;
21 const uint32 major_version_;
22 const uint32 minor_version_;
23 };
24
25 const ModuleAndVersion kBuggyModules[] = {
26 { "askbar.dll", 4, 1 }, // troublemaker: 4.1.0.5.
27 { "gbieh.dll", 3, 8 }, // troublemaker: 3.8.14.12
28 { "gbiehcef.dll", 3, 8 }, // troublemaker: 3.8.11.23
29 { "alot.dll", 2, 5 }, // troublemaker: 2.5.12000.509
30 { "ctbr.dll", 5, 1 }, // troublemaker: 5.1.0.95
31 { "srchbxex.dll", 1, 2 }, // troublemaker: 1.2.123.0
32 { "iedvtool32.dll", 8, 0 }, // troublemaker: 8.0.0.4
33 { "mst164.dll", 9, 1 }, // troublemaker: 9.1.3700.1
34 { "deposit_ie_com.dll", 0, 1 }, // troublemaker: 0.1.0.72
35 { "rpshell32.dll", 6, 0 }, // troublemaker: 6.0.6000.1389
36 { "msgsres.dll", 6, 0 }, // troublemaker: 6.0.6000.1389
37 { "limewireinttb.dll", 4, 1 }, // troublemaker: 4.1.1.1000
38 { "pxsecure.dll", 3, 0 }, // troublemaker: 3.0.5.220
39
40 // These BHOs seem to be out of the same buggy BHO factory
41 { "tbabso.dll", 4, 5 }, // troublemaker: 4.5.156.0
42 { "tbabs0.dll.dll", 4, 5 }, // troublemaker: 4.5.156.0
43 { "tbbes0.dll", 4, 5 }, // troublemaker: 4.5.153.0
44 { "tbfre0.dll", 4, 5 }, // troublemaker: 4.5.181.1
45 { "tbmypl.dll", 4, 5 }, // troublemaker: 4.5.181.3
46 { "tbmul1.dll", 4, 5 }, // troublemaker: 4.5.181.1
47 { "tbdow1.dll", 4, 5 }, // troublemaker: 4.5.167.0
48 { "tbfree.dll", 4, 5 }, // troublemaker: 4.5.178.0
49
50 // Viruses?
51 { "msgsc2.dll", 0xffff, 0xffff }, // troublemaker: 1.2.3000.1
52 { "essclis.dll", 0xffff, 0xffff }, // troublemaker: 4.3.1800.2
53 { "snagwb.dll", 0xffff, 0xffff }, // troublemaker: 2.6.0.28
54 };
55
56 bool IsBuggyBho(HMODULE mod) {
57 DCHECK(mod);
58
59 char path[MAX_PATH * 2] = {0};
60 ::GetModuleFileNameA(mod, path, arraysize(path));
61 const char* file_name = ::PathFindFileNameA(path);
62 for (size_t i = 0; i < arraysize(kBuggyModules); ++i) {
63 if (lstrcmpiA(file_name, kBuggyModules[i].module_name_) == 0) {
64 uint32 version = 0;
65 GetModuleVersion(mod, &version, NULL);
66 const ModuleAndVersion& buggy = kBuggyModules[i];
67 if (HIWORD(version) < buggy.major_version_ ||
68 (HIWORD(version) == buggy.major_version_ &&
69 LOWORD(version) <= buggy.minor_version_)) {
70 return true;
71 }
72 }
73 }
74
75 return false;
76 }
77
78 BuggyBhoTls::BuggyBhoTls()
79 : patched_(false) {
80 DCHECK(s_bad_object_tls_.Get() == NULL);
81 s_bad_object_tls_.Set(this);
82 }
83
84 BuggyBhoTls::~BuggyBhoTls() {
85 DCHECK(BuggyBhoTls::GetInstance() == this);
86 s_bad_object_tls_.Set(NULL);
87 }
88
89 void BuggyBhoTls::AddBuggyObject(IDispatch* obj) {
90 bad_objects_.push_back(obj);
91 }
92
93 bool BuggyBhoTls::ShouldSkipInvoke(IDispatch* obj) const {
94 DCHECK(web_browser2_ != NULL);
95 if (IsChromeFrameDocument(web_browser2_)) {
96 return std::find(bad_objects_.begin(), bad_objects_.end(), obj) !=
97 bad_objects_.end();
98 }
99 return false;
100 }
101
102 // static
103 BuggyBhoTls* BuggyBhoTls::GetInstance() {
104 BuggyBhoTls* tls_instance = s_bad_object_tls_.Get();
105 if (!tls_instance) {
106 tls_instance = new BuggyBhoTls();
107 DCHECK(s_bad_object_tls_.Get() != NULL);
108 }
109 return tls_instance;
110 }
111
112 // static
113 void BuggyBhoTls::DestroyInstance() {
114 BuggyBhoTls* tls_instance = s_bad_object_tls_.Get();
115 if (tls_instance) {
116 delete tls_instance;
117 DCHECK(s_bad_object_tls_.Get() == NULL);
118 }
119 }
120
121 HRESULT BuggyBhoTls::PatchBuggyBHOs(IWebBrowser2* browser) {
122 if (patched_)
123 return S_FALSE;
124
125 DCHECK(browser);
126 DCHECK(web_browser2_ == NULL);
127
128 base::win::ScopedComPtr<IConnectionPointContainer> cpc;
129 HRESULT hr = cpc.QueryFrom(browser);
130 if (SUCCEEDED(hr)) {
131 const GUID sinks[] = { DIID_DWebBrowserEvents2, DIID_DWebBrowserEvents };
132 for (size_t i = 0; i < arraysize(sinks); ++i) {
133 base::win::ScopedComPtr<IConnectionPoint> cp;
134 cpc->FindConnectionPoint(sinks[i], cp.Receive());
135 if (cp) {
136 base::win::ScopedComPtr<IEnumConnections> connections;
137 cp->EnumConnections(connections.Receive());
138 if (connections) {
139 CONNECTDATA cd = {0};
140 DWORD fetched = 0;
141 while (connections->Next(1, &cd, &fetched) == S_OK && fetched) {
142 PatchIfBuggy(cd.pUnk, sinks[i]);
143 cd.pUnk->Release();
144 fetched = 0;
145 }
146 }
147 }
148 }
149 }
150 patched_ = true;
151 web_browser2_ = browser;
152 return hr;
153 }
154
155 bool BuggyBhoTls::PatchIfBuggy(IUnknown* unk, const IID& diid) {
156 DCHECK(unk);
157 PROC* methods = *reinterpret_cast<PROC**>(unk);
158 HMODULE mod = GetModuleFromAddress(methods[0]);
159 if (!IsBuggyBho(mod))
160 return false;
161
162 base::win::ScopedComPtr<IDispatch> disp;
163 HRESULT hr = unk->QueryInterface(diid,
164 reinterpret_cast<void**>(disp.Receive()));
165 if (FAILED(hr)) // Sometimes only IDispatch QI is supported
166 hr = disp.QueryFrom(unk);
167 DCHECK(SUCCEEDED(hr));
168
169 if (SUCCEEDED(hr)) {
170 const int kInvokeIndex = 6;
171 DCHECK(static_cast<IUnknown*>(disp) == unk);
172 if (SUCCEEDED(PatchInvokeMethod(&methods[kInvokeIndex]))) {
173 AddBuggyObject(disp);
174 }
175 }
176 return false;
177 }
178
179 // static
180 STDMETHODIMP BuggyBhoTls::BuggyBhoInvoke(InvokeFunc original, IDispatch* me,
181 DISPID dispid, REFIID riid, LCID lcid,
182 WORD flags, DISPPARAMS* params,
183 VARIANT* result, EXCEPINFO* ei,
184 UINT* err) {
185 DVLOG(1) << __FUNCTION__;
186
187 DCHECK(BuggyBhoTls::GetInstance())
188 << "You must first have an instance of BuggyBhoTls on this thread";
189 if (BuggyBhoTls::GetInstance() &&
190 BuggyBhoTls::GetInstance()->ShouldSkipInvoke(me)) {
191 // Ignore this call and avoid the bug.
192 // TODO(tommi): Maybe we should check a specific list of DISPIDs too?
193 return S_OK;
194 }
195
196 // No need to report crashes in those known-to-be-buggy DLLs.
197 ExceptionBarrierReportOnlyModule barrier;
198 return original(me, dispid, riid, lcid, flags, params, result, ei, err);
199 }
200
201 // static
202 HRESULT BuggyBhoTls::PatchInvokeMethod(PROC* invoke) {
203 CCritSecLock lock(_pAtlModule->m_csStaticDataInitAndTypeInfo.m_sec, true);
204
205 FunctionStub* stub = FunctionStub::FromCode(*invoke);
206 if (stub)
207 return S_FALSE;
208
209 DWORD flags = 0;
210 if (!::VirtualProtect(invoke, sizeof(PROC), PAGE_EXECUTE_READWRITE, &flags))
211 return AtlHresultFromLastError();
212
213 HRESULT hr = S_OK;
214
215 stub = FunctionStub::Create(reinterpret_cast<uintptr_t>(*invoke),
216 BuggyBhoInvoke);
217 if (!stub) {
218 hr = E_OUTOFMEMORY;
219 } else {
220 if (!vtable_patch::internal::ReplaceFunctionPointer(
221 reinterpret_cast<void**>(invoke), stub->code(),
222 reinterpret_cast<void*>(stub->argument()))) {
223 hr = E_UNEXPECTED;
224 FunctionStub::Destroy(stub);
225 } else {
226 PinModule(); // No backing out now.
227 ::FlushInstructionCache(::GetCurrentProcess(), invoke, sizeof(PROC));
228 }
229 }
230 ::VirtualProtect(invoke, sizeof(PROC), flags, &flags);
231 return hr;
232 }
233
234 } // end namespace buggy_bho