sandbox/win/tools/finder/finder.cc

   1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "sandbox/win/src/restricted_token.h"
   6 #include "sandbox/win/src/restricted_token_utils.h"
   7 #include "sandbox/win/tools/finder/finder.h"
   8
   9 Finder::Finder() {
  10   file_output_ = NULL;
  11   object_type_ = 0;
  12   access_type_ = 0;
  13   memset(filesystem_stats_, 0, sizeof(filesystem_stats_));
  14   memset(registry_stats_, 0, sizeof(registry_stats_));
  15   memset(kernel_object_stats_, 0, sizeof(kernel_object_stats_));
  16 }
  17
  18 Finder::~Finder() {
  19 }
  20
  21 DWORD Finder::Init(sandbox::TokenLevel token_type,
  22                    DWORD object_type,
  23                    DWORD access_type,
  24                    FILE *file_output) {
  25   DWORD err_code = ERROR_SUCCESS;
  26
  27   err_code = InitNT();
  28   if (ERROR_SUCCESS != err_code)
  29     return err_code;
  30
  31   object_type_ = object_type;
  32   access_type_ = access_type;
  33   file_output_ = file_output;
  34
  35   err_code = sandbox::CreateRestrictedToken(token_type,
  36                                             sandbox::INTEGRITY_LEVEL_LAST,
  37                                             sandbox::PRIMARY, &token_handle_);
  38   return err_code;
  39 }
  40
  41 DWORD Finder::Scan() {
  42   if (!token_handle_.IsValid()) {
  43     return ERROR_NO_TOKEN;
  44   }
  45
  46   if (object_type_ & kScanRegistry) {
  47     ParseRegistry(HKEY_LOCAL_MACHINE, L"HKLM\\");
  48     ParseRegistry(HKEY_USERS, L"HKU\\");
  49     ParseRegistry(HKEY_CURRENT_CONFIG, L"HKCC\\");
  50   }
  51
  52   if (object_type_ & kScanFileSystem) {
  53     ParseFileSystem(L"\\\\?\\C:");
  54   }
  55
  56   if (object_type_ & kScanKernelObjects) {
  57     ParseKernelObjects(L"\\");
  58   }
  59
  60   return ERROR_SUCCESS;
  61 }