summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornsylvain@chromium.org <nsylvain@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-02-13 18:07:00 +0000
committernsylvain@chromium.org <nsylvain@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-02-13 18:07:00 +0000
commit8869a5f5c945fd2ce67aea4107c700dda12d150f (patch)
tree43df9e9f9c6fafa9b373394d1f447a56809c59ce
parent91115469ab00e0c314cf547e91e8b473890a90d2 (diff)
downloadchromium_src-8869a5f5c945fd2ce67aea4107c700dda12d150f.zip
chromium_src-8869a5f5c945fd2ce67aea4107c700dda12d150f.tar.gz
chromium_src-8869a5f5c945fd2ce67aea4107c700dda12d150f.tar.bz2
In windows 7 there is a new Reg call that we need to
hook. NtOpenKeyEx. I don't know what the last parameter is. I suspect it's a reserved flag for "options". (As in RegOpenKeyEx). I do not handle the case where this unknown flag is non-zero. The current unit tests covers this code. bug:7611 Review URL: http://codereview.chromium.org/20287 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9762 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--sandbox/src/nt_internals.h6
-rw-r--r--sandbox/src/registry_dispatcher.cc9
-rw-r--r--sandbox/src/registry_interception.cc35
-rw-r--r--sandbox/src/registry_interception.h6
4 files changed, 48 insertions, 8 deletions
diff --git a/sandbox/src/nt_internals.h b/sandbox/src/nt_internals.h
index f02c0cc..4028ca0 100644
--- a/sandbox/src/nt_internals.h
+++ b/sandbox/src/nt_internals.h
@@ -354,6 +354,12 @@ typedef NTSTATUS (WINAPI *NtOpenKeyFunction)(
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes);
+typedef NTSTATUS (WINAPI *NtOpenKeyExFunction)(
+ OUT PHANDLE KeyHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN DWORD unknown); // TODO(nsylvain): define this. bug 7611
+
// -----------------------------------------------------------------------
// Memory
diff --git a/sandbox/src/registry_dispatcher.cc b/sandbox/src/registry_dispatcher.cc
index babf455..37d607d 100644
--- a/sandbox/src/registry_dispatcher.cc
+++ b/sandbox/src/registry_dispatcher.cc
@@ -6,6 +6,7 @@
#include "base/logging.h"
#include "base/scoped_handle_win.h"
+#include "base/win_util.h"
#include "sandbox/src/crosscall_client.h"
#include "sandbox/src/interception.h"
#include "sandbox/src/ipc_tags.h"
@@ -60,8 +61,12 @@ bool RegistryDispatcher::SetupService(InterceptionManager* manager,
if (IPC_NTCREATEKEY_TAG == service)
return INTERCEPT_NT(manager, NtCreateKey, "_TargetNtCreateKey@32");
- if (IPC_NTOPENKEY_TAG == service)
- return INTERCEPT_NT(manager, NtOpenKey, "_TargetNtOpenKey@16");
+ if (IPC_NTOPENKEY_TAG == service) {
+ bool result = INTERCEPT_NT(manager, NtOpenKey, "_TargetNtOpenKey@16");
+ if (win_util::GetWinVersion() >= win_util::WINVERSION_WIN7)
+ result &= INTERCEPT_NT(manager, NtOpenKeyEx, "_TargetNtOpenKeyEx@20");
+ return result;
+ }
return false;
}
diff --git a/sandbox/src/registry_interception.cc b/sandbox/src/registry_interception.cc
index adbbf6e..c4a7bc9 100644
--- a/sandbox/src/registry_interception.cc
+++ b/sandbox/src/registry_interception.cc
@@ -88,14 +88,9 @@ NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey,
return status;
}
-NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key,
+NTSTATUS WINAPI CommonNtOpenKey(NTSTATUS status, PHANDLE key,
ACCESS_MASK desired_access,
POBJECT_ATTRIBUTES object_attributes) {
- // Check if the process can open it first.
- NTSTATUS status = orig_OpenKey(key, desired_access, object_attributes);
- if (NT_SUCCESS(status))
- return status;
-
// We don't trust that the IPC can work this early.
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
return status;
@@ -146,5 +141,33 @@ NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key,
return status;
}
+NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key,
+ ACCESS_MASK desired_access,
+ POBJECT_ATTRIBUTES object_attributes) {
+ // Check if the process can open it first.
+ NTSTATUS status = orig_OpenKey(key, desired_access, object_attributes);
+ if (NT_SUCCESS(status))
+ return status;
+
+ return CommonNtOpenKey(status, key, desired_access, object_attributes);
+}
+
+NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpenKeyExFunction orig_OpenKeyEx,
+ PHANDLE key, ACCESS_MASK desired_access,
+ POBJECT_ATTRIBUTES object_attributes,
+ DWORD unknown) {
+ // Check if the process can open it first.
+ NTSTATUS status = orig_OpenKeyEx(key, desired_access, object_attributes,
+ unknown);
+
+ // TODO(nsylvain): We don't know what the last parameter is. If it's not
+ // zero, we don't attempt to proxy the call. We need to find out what it is!
+ // See bug 7611
+ if (NT_SUCCESS(status) || unknown != 0)
+ return status;
+
+ return CommonNtOpenKey(status, key, desired_access, object_attributes);
+}
+
} // namespace sandbox
diff --git a/sandbox/src/registry_interception.h b/sandbox/src/registry_interception.h
index 08e8234..7731acd 100644
--- a/sandbox/src/registry_interception.h
+++ b/sandbox/src/registry_interception.h
@@ -25,6 +25,12 @@ SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKey(
NtOpenKeyFunction orig_OpenKey, PHANDLE key, ACCESS_MASK desired_access,
POBJECT_ATTRIBUTES object_attributes);
+// Interception of NtOpenKeyEx on the child process.
+// It should never be called directly
+SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKeyEx(
+ NtOpenKeyExFunction orig_OpenKeyEx, PHANDLE key, ACCESS_MASK desired_access,
+ POBJECT_ATTRIBUTES object_attributes, DWORD unknown);
+
} // extern "C"
} // namespace sandbox