diff options
author | nsylvain@chromium.org <nsylvain@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-18 01:47:05 +0000 |
---|---|---|
committer | nsylvain@chromium.org <nsylvain@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-18 01:47:05 +0000 |
commit | ebc4e18bbeb1fc4a4777ca2ac416ba9295df105c (patch) | |
tree | 798d70afeceeabcfcbe1b8fea7d8cbefcf4db795 /sandbox/src | |
parent | aa0f26699ba66418e3d8fd06ba086142d7012377 (diff) | |
download | chromium_src-ebc4e18bbeb1fc4a4777ca2ac416ba9295df105c.zip chromium_src-ebc4e18bbeb1fc4a4777ca2ac416ba9295df105c.tar.gz chromium_src-ebc4e18bbeb1fc4a4777ca2ac416ba9295df105c.tar.bz2 |
Application Verifier hooks GetProcAddress and returns
pointer to functions in its own dll instead. When we
try to patch these functions, we fail because the
appverif dll is not loaded yet.
We need to get the real pointers to the NT functions.
Review URL: http://codereview.chromium.org/11412
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@5591 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/src')
-rw-r--r-- | sandbox/src/interception.cc | 5 | ||||
-rw-r--r-- | sandbox/src/policy_broker.cc | 8 | ||||
-rw-r--r-- | sandbox/src/service_resolver.cc | 4 |
3 files changed, 12 insertions, 5 deletions
diff --git a/sandbox/src/interception.cc b/sandbox/src/interception.cc index 8ee56f4..621a27d 100644 --- a/sandbox/src/interception.cc +++ b/sandbox/src/interception.cc @@ -12,6 +12,7 @@ #include "base/logging.h" #include "base/scoped_ptr.h" #include "sandbox/src/interception_internal.h" +#include "sandbox/src/pe_image.h" #include "sandbox/src/sandbox.h" #include "sandbox/src/sandbox_utils.h" #include "sandbox/src/service_resolver.h" @@ -400,9 +401,11 @@ bool InterceptionManager::PatchClientFunctions(DllInterceptionData* thunks, if (!ntdll_base) return false; + PEImage ntdll_image(ntdll_base); + // Bypass purify's interception. wchar_t* loader_get = reinterpret_cast<wchar_t*>( - ::GetProcAddress(ntdll_base, "LdrGetDllHandle")); + ntdll_image.GetProcAddress("LdrGetDllHandle")); if (loader_get) { if (!GetModuleHandleHelper(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, diff --git a/sandbox/src/policy_broker.cc b/sandbox/src/policy_broker.cc index 82bc300..6e9073a 100644 --- a/sandbox/src/policy_broker.cc +++ b/sandbox/src/policy_broker.cc @@ -9,6 +9,7 @@ #include "base/logging.h" #include "base/win_util.h" #include "sandbox/src/interception.h" +#include "sandbox/src/pe_image.h" #include "sandbox/src/policy_target.h" #include "sandbox/src/process_thread_interception.h" #include "sandbox/src/sandbox.h" @@ -27,22 +28,23 @@ SANDBOX_INTERCEPT NtExports g_nt; #define INIT_GLOBAL_NT(member) \ g_nt.##member = reinterpret_cast<Nt##member##Function>( \ - ::GetProcAddress(ntdll, "Nt" #member)); \ + ntdll_image.GetProcAddress("Nt" #member)); \ if (NULL == g_nt.##member) \ return false #define INIT_GLOBAL_RTL(member) \ g_nt.##member = reinterpret_cast<##member##Function>( \ - ::GetProcAddress(ntdll, #member)); \ + ntdll_image.GetProcAddress(#member)); \ if (NULL == g_nt.##member) \ return false bool SetupNtdllImports(TargetProcess *child) { HMODULE ntdll = ::GetModuleHandle(kNtdllName); + PEImage ntdll_image(ntdll); // Bypass purify's interception. wchar_t* loader_get = reinterpret_cast<wchar_t*>( - ::GetProcAddress(ntdll, "LdrGetDllHandle")); + ntdll_image.GetProcAddress("LdrGetDllHandle")); if (loader_get) { GetModuleHandleHelper(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, diff --git a/sandbox/src/service_resolver.cc b/sandbox/src/service_resolver.cc index 97cb205..6491138 100644 --- a/sandbox/src/service_resolver.cc +++ b/sandbox/src/service_resolver.cc @@ -5,6 +5,7 @@ #include "sandbox/src/service_resolver.h" #include "base/logging.h" +#include "sandbox/src/pe_image.h" #include "sandbox/src/sandbox_types.h" #include "sandbox/src/sandbox_utils.h" @@ -157,7 +158,8 @@ NTSTATUS ServiceResolverThunk::ResolveTarget(const void* module, if (NULL == module) return STATUS_UNSUCCESSFUL; - *address = ::GetProcAddress(bit_cast<HMODULE>(module), function_name); + PEImage module_image(module); + *address = module_image.GetProcAddress(function_name); if (NULL == *address) return STATUS_UNSUCCESSFUL; |