chrome/browser/safe_browsing/incident_reporting/module_integrity_verifier_win.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_INTEGRITY_VERIFIER_WIN_H_
   6 #define CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_INTEGRITY_VERIFIER_WIN_H_
   7
   8 #include <stdint.h>
   9
  10 namespace base {
  11 namespace win {
  12 class PEImage;
  13 class PEImageAsData;
  14 }  // namespace win
  15 }  // namespace base
  16
  17 namespace safe_browsing {
  18
  19 class ClientIncidentReport_EnvironmentData_Process_ModuleState;
  20
  21 // Helper to grab the addresses and size of the code section of a PEImage.
  22 // Returns two addresses: one for the dll loaded as a library, the other for the
  23 // dll loaded as data.
  24 bool GetCodeAddrsAndSize(const base::win::PEImage& mem_peimage,
  25                          const base::win::PEImageAsData& disk_peimage,
  26                          uint8_t** mem_code_addr,
  27                          uint8_t** disk_code_addr,
  28                          uint32_t* code_size);
  29
  30 // Examines the code section of the given module in memory and on disk, looking
  31 // for unexpected differences and populating |module_state| in the process.
  32 // Returns true if the entire image was scanned. |num_bytes_different| is
  33 // populated with the number of differing bytes found, even if the scan failed
  34 // to complete.
  35 bool VerifyModule(
  36     const wchar_t* module_name,
  37     ClientIncidentReport_EnvironmentData_Process_ModuleState* module_state,
  38     int* num_bytes_different);
  39
  40 }  // namespace safe_browsing
  41
  42 #endif  // CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_INTEGRITY_VERIFIER_WIN_H_