chrome/browser/safe_browsing/incident_reporting/module_integrity_verifier_win.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_INTEGRITY_VERIFIER_WIN_H_
   6 #define CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_INTEGRITY_VERIFIER_WIN_H_
   7
   8 #include <stdint.h>
   9
  10 #include <set>
  11 #include <string>
  12
  13 #include "chrome/common/safe_browsing/csd.pb.h"
  14
  15 namespace base {
  16 namespace win {
  17 class PEImage;
  18 class PEImageAsData;
  19 }  // namespace win
  20 }  // namespace base
  21
  22 namespace safe_browsing {
  23
  24 // This enum defines the possible module states VerifyModule can return.
  25 enum ModuleState {
  26   MODULE_STATE_UNKNOWN,
  27   MODULE_STATE_UNMODIFIED,
  28   MODULE_STATE_MODIFIED,
  29 };
  30
  31 struct VerificationResult {
  32   ModuleState state;
  33   // The number of bytes with different values on disk and in memory.
  34   int num_bytes_different;
  35   // True if the relocations were ordered and the verification was fully
  36   // completed.
  37   bool verification_completed;
  38 };
  39
  40 // Helper to grab the addresses and size of the code section of a PEImage.
  41 // Returns two addresses: one for the dll loaded as a library, the other for the
  42 // dll loaded as data.
  43 bool GetCodeAddrsAndSize(const base::win::PEImage& mem_peimage,
  44                          const base::win::PEImageAsData& disk_peimage,
  45                          uint8_t** mem_code_addr,
  46                          uint8_t** disk_code_addr,
  47                          uint32_t* code_size);
  48
  49 // Examines the code section of the given module in memory and on disk, looking
  50 // for unexpected differences.  Returns a ModuleState and and a set of the
  51 // possibly modified exports.
  52 ModuleState VerifyModule(const wchar_t* module_name,
  53                          std::set<std::string>* modified_exports,
  54                          int* num_bytes_different);
  55
  56 // Examines the code section of the given module in memory and on disk, looking
  57 // for unexpected differences and populating |module_state| in the process.
  58 VerificationResult NewVerifyModule(
  59     const wchar_t* module_name,
  60     ClientIncidentReport_EnvironmentData_Process_ModuleState* module_state);
  61
  62 }  // namespace safe_browsing
  63
  64 #endif  // CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_INTEGRITY_VERIFIER_WIN_H_