summaryrefslogtreecommitdiffstats
path: root/sandbox/tools/finder
diff options
context:
space:
mode:
authorinitial.commit <initial.commit@0039d316-1c4b-4281-b951-d872f2087c98>2008-07-26 22:41:28 +0000
committerinitial.commit <initial.commit@0039d316-1c4b-4281-b951-d872f2087c98>2008-07-26 22:41:28 +0000
commita814a8d55429605fe6d7045045cd25b6bf624580 (patch)
tree58fcd994d4ce41ef021f6406a6fac32d9ca2d265 /sandbox/tools/finder
parente6c9e14e0dfec2bb156a1f7a107cda3ebee8d392 (diff)
downloadchromium_src-a814a8d55429605fe6d7045045cd25b6bf624580.zip
chromium_src-a814a8d55429605fe6d7045045cd25b6bf624580.tar.gz
chromium_src-a814a8d55429605fe6d7045045cd25b6bf624580.tar.bz2
Add sandbox to the repository.
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@13 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/tools/finder')
-rw-r--r--sandbox/tools/finder/finder.cc89
-rw-r--r--sandbox/tools/finder/finder.h168
-rw-r--r--sandbox/tools/finder/finder.vcproj201
-rw-r--r--sandbox/tools/finder/finder_fs.cc142
-rw-r--r--sandbox/tools/finder/finder_kernel.cc273
-rw-r--r--sandbox/tools/finder/finder_registry.cc118
-rw-r--r--sandbox/tools/finder/main.cc173
-rw-r--r--sandbox/tools/finder/ntundoc.h263
-rw-r--r--sandbox/tools/finder/stdafx.cc33
-rw-r--r--sandbox/tools/finder/stdafx.h44
10 files changed, 1504 insertions, 0 deletions
diff --git a/sandbox/tools/finder/finder.cc b/sandbox/tools/finder/finder.cc
new file mode 100644
index 0000000..e556def
--- /dev/null
+++ b/sandbox/tools/finder/finder.cc
@@ -0,0 +1,89 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "sandbox/src/restricted_token.h"
+#include "sandbox/src/restricted_token_utils.h"
+#include "sandbox/tools/finder/finder.h"
+
+Finder::Finder() {
+ file_output_ = NULL;
+ object_type_ = 0;
+ access_type_ = 0;
+ token_handle_ = NULL;
+ memset(filesystem_stats_, 0, sizeof(filesystem_stats_));
+ memset(registry_stats_, 0, sizeof(registry_stats_));
+ memset(kernel_object_stats_, 0, sizeof(kernel_object_stats_));
+}
+
+Finder::~Finder() {
+ if (token_handle_)
+ ::CloseHandle(token_handle_);
+}
+
+DWORD Finder::Init(sandbox::TokenLevel token_type,
+ DWORD object_type,
+ DWORD access_type,
+ FILE *file_output) {
+ DWORD err_code = ERROR_SUCCESS;
+
+ err_code = InitNT();
+ if (ERROR_SUCCESS != err_code)
+ return err_code;
+
+ object_type_ = object_type;
+ access_type_ = access_type;
+ file_output_ = file_output;
+
+ err_code = sandbox::CreateRestrictedToken(&token_handle_, token_type,
+ sandbox::INTEGRITY_LEVEL_LAST,
+ sandbox::PRIMARY);
+ return err_code;
+}
+
+DWORD Finder::Scan() {
+ if (!token_handle_) {
+ return ERROR_NO_TOKEN;
+ }
+
+ if (object_type_ & kScanRegistry) {
+ ParseRegistry(HKEY_LOCAL_MACHINE, L"HKLM\\");
+ ParseRegistry(HKEY_USERS, L"HKU\\");
+ ParseRegistry(HKEY_CURRENT_CONFIG, L"HKCC\\");
+ }
+
+ if (object_type_ & kScanFileSystem) {
+ ParseFileSystem(L"\\\\?\\C:");
+ }
+
+ if (object_type_ & kScanKernelObjects) {
+ ParseKernelObjects(L"\\");
+ }
+
+ return ERROR_SUCCESS;
+} \ No newline at end of file
diff --git a/sandbox/tools/finder/finder.h b/sandbox/tools/finder/finder.h
new file mode 100644
index 0000000..0bad128
--- /dev/null
+++ b/sandbox/tools/finder/finder.h
@@ -0,0 +1,168 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#ifndef SANDBOX_TOOLS_FINDER_FINDER_H__
+#define SANDBOX_TOOLS_FINDER_FINDER_H__
+
+#include "sandbox/src/restricted_token_utils.h"
+#include "sandbox/tools/finder/ntundoc.h"
+
+// Type of stats that we calculate during the Scan operation
+enum Stats {
+ READ = 0, // Number of objects with read access
+ WRITE, // Number of objects with write access
+ ALL, // Number of objects with r/w access
+ PARSE, // Number of objects parsed
+ BROKEN, // Number of errors while parsing the objects
+ SIZE_STATS // size of the enum
+};
+
+const int kScanRegistry = 0x01;
+const int kScanFileSystem = 0x02;
+const int kScanKernelObjects = 0x04;
+
+const int kTestForRead = 0x01;
+const int kTestForWrite = 0x02;
+const int kTestForAll = 0x04;
+
+#define FS_ERR L"FILE-ERROR"
+#define OBJ_ERR L"OBJ-ERROR"
+#define REG_ERR L"REG_ERROR"
+#define OBJ L"OBJ"
+#define FS L"FILE"
+#define REG L"REG"
+
+// The impersonater class will impersonate a token when the object is created
+// and revert when the object is going out of scope.
+class Impersonater {
+ public:
+ Impersonater(HANDLE token_handle) {
+ if (token_handle)
+ ::ImpersonateLoggedOnUser(token_handle);
+ };
+ ~Impersonater() {
+ ::RevertToSelf();
+ };
+};
+
+// The finder class handles the search of objects (file system, registry, kernel
+// objects) on the system that can be opened by a restricted token. It can
+// support multiple levels of restriction for the restricted token and can check
+// for read, write or r/w access. It outputs the results to a file or stdout.
+class Finder {
+ public:
+ Finder();
+ ~Finder();
+ DWORD Init(sandbox::TokenLevel token_type, DWORD object_type,
+ DWORD access_type, FILE *file_output);
+ DWORD Scan();
+
+ private:
+ // Parses a file system path and perform an access check on all files and
+ // folder found.
+ // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the
+ // win32 error code associated with the error.
+ DWORD ParseFileSystem(ATL::CString path);
+
+ // Parses a registry hive referenced by "key" and performs an access check on
+ // all subkeys found.
+ // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the
+ // win32 error code associated with the error.
+ DWORD ParseRegistry(HKEY key, ATL::CString print_name);
+
+ // Parses the kernel namespace beginning at "path" and performs an access
+ // check on all objects found. However, only some object types are supported,
+ // all non supported objects are ignored.
+ // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the
+ // win32 error code associated with the error.
+ DWORD ParseKernelObjects(ATL::CString path);
+
+ // Checks if "path" can be accessed with the restricted token.
+ // Returns the access granted.
+ DWORD TestFileAccess(ATL::CString path);
+
+ // Checks if the registry key with the path key\name can be accessed with the
+ // restricted token.
+ // print_name is only use for logging purpose.
+ // Returns the access granted.
+ DWORD TestRegAccess(HKEY key, ATL::CString name, ATL::CString print_name);
+
+ // Checks if the kernel object "path" of type "type" can be accessed with
+ // the restricted token.
+ // Returns the access granted.
+ DWORD TestKernelObjectAccess(ATL::CString path, ATL::CString type);
+
+ // Outputs information to the logfile
+ void Output(ATL::CString type, ATL::CString access, ATL::CString info) {
+ fprintf(file_output_, "\n%S;%S;%S", type.GetBuffer(), access.GetBuffer(),
+ info.GetBuffer());
+ };
+
+ // Output information to the log file.
+ void Output(ATL::CString type, DWORD error, ATL::CString info) {
+ fprintf(file_output_, "\n%S;0x%X;%S", type.GetBuffer(), error,
+ info.GetBuffer());
+ };
+
+ // Set func_to_call to the function pointer of the function used to handle
+ // requests for the kernel objects of type "type". If the type is not
+ // supported at the moment the function returns false and the func_to_call
+ // parameter is not modified.
+ bool GetFunctionForType(ATL::CString type, NTGENERICOPEN * func_to_call);
+
+ // Initializes the NT function pointers to be able to use all the needed
+ // functions in NTDDL.
+ // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the
+ // win32 error code associated with the error.
+ DWORD InitNT();
+
+ // Calls func_to_call with the parameters desired_access, object_attributes
+ // and handle. func_to_call is a pointer to a function to open a kernel
+ // object.
+ NTSTATUS NtGenericOpen(ACCESS_MASK desired_access,
+ OBJECT_ATTRIBUTES *object_attributes,
+ NTGENERICOPEN func_to_call,
+ HANDLE *handle);
+
+ // Type of object to check for.
+ DWORD object_type_;
+ // Access to try.
+ DWORD access_type_;
+ // Output file for the results.
+ FILE * file_output_;
+ // Handle to the restricted token.
+ HANDLE token_handle_;
+ // Stats containing the number of operations performed on the different
+ // objects.
+ int filesystem_stats_[SIZE_STATS];
+ int registry_stats_[SIZE_STATS];
+ int kernel_object_stats_[SIZE_STATS];
+};
+
+#endif // SANDBOX_TOOLS_FINDER_FINDER_H__ \ No newline at end of file
diff --git a/sandbox/tools/finder/finder.vcproj b/sandbox/tools/finder/finder.vcproj
new file mode 100644
index 0000000..787c847
--- /dev/null
+++ b/sandbox/tools/finder/finder.vcproj
@@ -0,0 +1,201 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+ ProjectType="Visual C++"
+ Version="8.00"
+ Name="finder"
+ ProjectGUID="{ACDC2E06-0366-41A4-A646-C37E130A605D}"
+ RootNamespace="finder"
+ Keyword="Win32Proj"
+ >
+ <Platforms>
+ <Platform
+ Name="Win32"
+ />
+ </Platforms>
+ <ToolFiles>
+ </ToolFiles>
+ <Configurations>
+ <Configuration
+ Name="Debug|Win32"
+ ConfigurationType="1"
+ InheritedPropertySheets="$(SolutionDir)..\build\debug.vsprops;$(SolutionDir)..\build\common.vsprops"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCustomBuildTool"
+ />
+ <Tool
+ Name="VCXMLDataGeneratorTool"
+ />
+ <Tool
+ Name="VCWebServiceProxyGeneratorTool"
+ />
+ <Tool
+ Name="VCMIDLTool"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ UsePrecompiledHeader="2"
+ ForcedIncludeFiles="stdafx.h"
+ />
+ <Tool
+ Name="VCManagedResourceCompilerTool"
+ />
+ <Tool
+ Name="VCResourceCompilerTool"
+ />
+ <Tool
+ Name="VCPreLinkEventTool"
+ />
+ <Tool
+ Name="VCLinkerTool"
+ />
+ <Tool
+ Name="VCALinkTool"
+ />
+ <Tool
+ Name="VCManifestTool"
+ />
+ <Tool
+ Name="VCXDCMakeTool"
+ />
+ <Tool
+ Name="VCBscMakeTool"
+ />
+ <Tool
+ Name="VCFxCopTool"
+ />
+ <Tool
+ Name="VCAppVerifierTool"
+ />
+ <Tool
+ Name="VCWebDeploymentTool"
+ />
+ <Tool
+ Name="VCPostBuildEventTool"
+ />
+ </Configuration>
+ <Configuration
+ Name="Release|Win32"
+ ConfigurationType="1"
+ InheritedPropertySheets="$(SolutionDir)..\build\release.vsprops;$(SolutionDir)..\build\common.vsprops"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCustomBuildTool"
+ />
+ <Tool
+ Name="VCXMLDataGeneratorTool"
+ />
+ <Tool
+ Name="VCWebServiceProxyGeneratorTool"
+ />
+ <Tool
+ Name="VCMIDLTool"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ UsePrecompiledHeader="0"
+ ForcedIncludeFiles="stdafx.h"
+ />
+ <Tool
+ Name="VCManagedResourceCompilerTool"
+ />
+ <Tool
+ Name="VCResourceCompilerTool"
+ />
+ <Tool
+ Name="VCPreLinkEventTool"
+ />
+ <Tool
+ Name="VCLinkerTool"
+ />
+ <Tool
+ Name="VCALinkTool"
+ />
+ <Tool
+ Name="VCManifestTool"
+ />
+ <Tool
+ Name="VCXDCMakeTool"
+ />
+ <Tool
+ Name="VCBscMakeTool"
+ />
+ <Tool
+ Name="VCFxCopTool"
+ />
+ <Tool
+ Name="VCAppVerifierTool"
+ />
+ <Tool
+ Name="VCWebDeploymentTool"
+ />
+ <Tool
+ Name="VCPostBuildEventTool"
+ />
+ </Configuration>
+ </Configurations>
+ <References>
+ </References>
+ <Files>
+ <File
+ RelativePath=".\finder.cc"
+ >
+ </File>
+ <File
+ RelativePath=".\finder.h"
+ >
+ </File>
+ <File
+ RelativePath=".\finder_fs.cc"
+ >
+ </File>
+ <File
+ RelativePath=".\finder_kernel.cc"
+ >
+ </File>
+ <File
+ RelativePath=".\finder_registry.cc"
+ >
+ </File>
+ <File
+ RelativePath=".\main.cc"
+ >
+ </File>
+ <File
+ RelativePath=".\ntundoc.h"
+ >
+ </File>
+ <File
+ RelativePath=".\stdafx.cc"
+ >
+ <FileConfiguration
+ Name="Debug|Win32"
+ >
+ <Tool
+ Name="VCCLCompilerTool"
+ UsePrecompiledHeader="1"
+ />
+ </FileConfiguration>
+ <FileConfiguration
+ Name="Release|Win32"
+ >
+ <Tool
+ Name="VCCLCompilerTool"
+ UsePrecompiledHeader="0"
+ />
+ </FileConfiguration>
+ </File>
+ <File
+ RelativePath=".\stdafx.h"
+ >
+ </File>
+ </Files>
+ <Globals>
+ </Globals>
+</VisualStudioProject>
diff --git a/sandbox/tools/finder/finder_fs.cc b/sandbox/tools/finder/finder_fs.cc
new file mode 100644
index 0000000..8441011
--- /dev/null
+++ b/sandbox/tools/finder/finder_fs.cc
@@ -0,0 +1,142 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "sandbox/src/restricted_token.h"
+#include "sandbox/src/restricted_token_utils.h"
+#include "sandbox/tools/finder/finder.h"
+
+DWORD Finder::ParseFileSystem(ATL::CString directory) {
+ WIN32_FIND_DATA find_data;
+ HANDLE find;
+
+ //Search for items in the directory.
+ ATL::CString name_to_search = directory + L"\\*";
+ find = ::FindFirstFile(name_to_search, &find_data);
+ if (INVALID_HANDLE_VALUE == find) {
+ DWORD error = ::GetLastError();
+ Output(FS_ERR, error, directory);
+ filesystem_stats_[BROKEN]++;
+ return error;
+ }
+
+ // parse all files or folders.
+ do {
+ if (_tcscmp(find_data.cFileName, L".") == 0 ||
+ _tcscmp(find_data.cFileName, L"..") == 0)
+ continue;
+
+ ATL::CString complete_name = directory + L"\\" + find_data.cFileName;
+ TestFileAccess(complete_name);
+
+ // Call recursively the function if the path found is a directory.
+ if ((find_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != 0) {
+ ParseFileSystem(complete_name);
+ }
+ } while (::FindNextFile(find, &find_data) != 0);
+
+ DWORD err_code = ::GetLastError();
+ ::FindClose(find);
+
+ if (ERROR_NO_MORE_FILES != err_code) {
+ Output(FS_ERR, err_code, directory);
+ filesystem_stats_[BROKEN]++;
+ return err_code;
+ }
+
+ return ERROR_SUCCESS;
+}
+
+DWORD Finder::TestFileAccess(ATL::CString name) {
+ Impersonater impersonate(token_handle_);
+
+ filesystem_stats_[PARSE]++;
+
+ HANDLE file;
+ if (access_type_ & kTestForAll) {
+ file = ::CreateFile(name.GetBuffer(),
+ GENERIC_ALL,
+ FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
+ NULL,
+ OPEN_EXISTING,
+ FILE_ATTRIBUTE_NORMAL,
+ NULL);
+
+ if (file != INVALID_HANDLE_VALUE) {
+ filesystem_stats_[ALL]++;
+ Output(FS, L"R/W", name.GetBuffer());
+ ::CloseHandle(file);
+ return GENERIC_ALL;
+ } else if (::GetLastError() != ERROR_ACCESS_DENIED) {
+ Output(FS_ERR, GetLastError(), name);
+ filesystem_stats_[BROKEN]++;
+ }
+ }
+
+ if (access_type_ & kTestForWrite) {
+ file = ::CreateFile(name.GetBuffer(),
+ GENERIC_WRITE,
+ FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
+ NULL,
+ OPEN_EXISTING,
+ FILE_ATTRIBUTE_NORMAL,
+ NULL);
+
+ if (file != INVALID_HANDLE_VALUE) {
+ filesystem_stats_[WRITE]++;
+ Output(FS, L"W", name);
+ ::CloseHandle(file);
+ return GENERIC_WRITE;
+ } else if (::GetLastError() != ERROR_ACCESS_DENIED) {
+ Output(FS_ERR, ::GetLastError(), name);
+ filesystem_stats_[BROKEN]++;
+ }
+ }
+
+ if (access_type_ & kTestForRead) {
+ file = ::CreateFile(name.GetBuffer(),
+ GENERIC_READ,
+ FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
+ NULL,
+ OPEN_EXISTING,
+ FILE_ATTRIBUTE_NORMAL,
+ NULL);
+
+ if (file != INVALID_HANDLE_VALUE) {
+ filesystem_stats_[READ]++;
+ Output(FS, L"R", name);
+ ::CloseHandle(file);
+ return GENERIC_READ;
+ } else if (::GetLastError() != ERROR_ACCESS_DENIED) {
+ Output(FS_ERR, GetLastError(), name);
+ filesystem_stats_[BROKEN]++;
+ }
+ }
+
+ return 0;
+} \ No newline at end of file
diff --git a/sandbox/tools/finder/finder_kernel.cc b/sandbox/tools/finder/finder_kernel.cc
new file mode 100644
index 0000000..4ab17e7
--- /dev/null
+++ b/sandbox/tools/finder/finder_kernel.cc
@@ -0,0 +1,273 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "sandbox/src/restricted_token.h"
+#include "sandbox/src/restricted_token_utils.h"
+#include "sandbox/tools/finder/finder.h"
+#include "sandbox/tools/finder/ntundoc.h"
+
+#define BUFFER_SIZE 0x800
+#define CHECKPTR(x) if (!x) return ::GetLastError()
+
+// NT API
+NTQUERYDIRECTORYOBJECT NtQueryDirectoryObject;
+NTOPENDIRECTORYOBJECT NtOpenDirectoryObject;
+NTOPENEVENT NtOpenEvent;
+NTOPENJOBOBJECT NtOpenJobObject;
+NTOPENKEYEDEVENT NtOpenKeyedEvent;
+NTOPENMUTANT NtOpenMutant;
+NTOPENSECTION NtOpenSection;
+NTOPENSEMAPHORE NtOpenSemaphore;
+NTOPENSYMBOLICLINKOBJECT NtOpenSymbolicLinkObject;
+NTOPENTIMER NtOpenTimer;
+NTOPENFILE NtOpenFile;
+NTCLOSE NtClose;
+
+DWORD Finder::InitNT() {
+ HMODULE ntdll_handle = ::LoadLibrary(L"ntdll.dll");
+ CHECKPTR(ntdll_handle);
+
+ NtOpenSymbolicLinkObject = (NTOPENSYMBOLICLINKOBJECT) ::GetProcAddress(
+ ntdll_handle, "NtOpenSymbolicLinkObject");
+ CHECKPTR(NtOpenSymbolicLinkObject);
+
+ NtQueryDirectoryObject = (NTQUERYDIRECTORYOBJECT) ::GetProcAddress(
+ ntdll_handle, "NtQueryDirectoryObject");
+ CHECKPTR(NtQueryDirectoryObject);
+
+ NtOpenDirectoryObject = (NTOPENDIRECTORYOBJECT) ::GetProcAddress(
+ ntdll_handle, "NtOpenDirectoryObject");
+ CHECKPTR(NtOpenDirectoryObject);
+
+ NtOpenKeyedEvent = (NTOPENKEYEDEVENT) ::GetProcAddress(
+ ntdll_handle, "NtOpenKeyedEvent");
+ CHECKPTR(NtOpenKeyedEvent);
+
+ NtOpenJobObject = (NTOPENJOBOBJECT) ::GetProcAddress(
+ ntdll_handle, "NtOpenJobObject");
+ CHECKPTR(NtOpenJobObject);
+
+ NtOpenSemaphore = (NTOPENSEMAPHORE) ::GetProcAddress(
+ ntdll_handle, "NtOpenSemaphore");
+ CHECKPTR(NtOpenSemaphore);
+
+ NtOpenSection = (NTOPENSECTION) ::GetProcAddress(
+ ntdll_handle, "NtOpenSection");
+ CHECKPTR(NtOpenSection);
+
+ NtOpenMutant= (NTOPENMUTANT) ::GetProcAddress(ntdll_handle, "NtOpenMutant");
+ CHECKPTR(NtOpenMutant);
+
+ NtOpenEvent = (NTOPENEVENT) ::GetProcAddress(ntdll_handle, "NtOpenEvent");
+ CHECKPTR(NtOpenEvent);
+
+ NtOpenTimer = (NTOPENTIMER) ::GetProcAddress(ntdll_handle, "NtOpenTimer");
+ CHECKPTR(NtOpenTimer);
+
+ NtOpenFile = (NTOPENFILE) ::GetProcAddress(ntdll_handle, "NtOpenFile");
+ CHECKPTR(NtOpenFile);
+
+ NtClose = (NTCLOSE) ::GetProcAddress(ntdll_handle, "NtClose");
+ CHECKPTR(NtClose);
+
+ return ERROR_SUCCESS;
+}
+
+DWORD Finder::ParseKernelObjects(ATL::CString path) {
+ UNICODE_STRING unicode_str;
+ unicode_str.Length = (USHORT)path.GetLength()*2;
+ unicode_str.MaximumLength = (USHORT)path.GetLength()*2+2;
+ unicode_str.Buffer = path.GetBuffer();
+
+ OBJECT_ATTRIBUTES path_attributes;
+ InitializeObjectAttributes(&path_attributes,
+ &unicode_str,
+ 0, // No Attributes
+ NULL, // No Root Directory
+ NULL); // No Security Descriptor
+
+
+ DWORD object_index = 0;
+ DWORD data_written = 0;
+
+ // TODO(nsylvain): Do not use BUFFER_SIZE. Try to get the size
+ // dynamically.
+ OBJDIR_INFORMATION *object_directory_info =
+ (OBJDIR_INFORMATION*) ::HeapAlloc(GetProcessHeap(),
+ 0,
+ BUFFER_SIZE);
+
+ HANDLE file_handle;
+ NTSTATUS status_code = NtOpenDirectoryObject(&file_handle,
+ DIRECTORY_QUERY,
+ &path_attributes);
+ if (status_code != 0)
+ return ERROR_UNIDENTIFIED_ERROR;
+
+ status_code = NtQueryDirectoryObject(file_handle,
+ object_directory_info,
+ BUFFER_SIZE,
+ TRUE, // Get Next Index
+ TRUE, // Ignore Input Index
+ &object_index,
+ &data_written);
+
+ if (status_code != 0)
+ return ERROR_UNIDENTIFIED_ERROR;
+
+ while (NtQueryDirectoryObject(file_handle, object_directory_info,
+ BUFFER_SIZE, TRUE, FALSE, &object_index,
+ &data_written) == 0 ) {
+ ATL::CString cur_path(object_directory_info->ObjectName.Buffer,
+ object_directory_info->ObjectName.Length / sizeof(WCHAR));
+
+ ATL::CString cur_type(object_directory_info->ObjectTypeName.Buffer,
+ object_directory_info->ObjectTypeName.Length / sizeof(WCHAR));
+
+ ATL::CString new_path;
+ if (path == L"\\") {
+ new_path = path + cur_path;
+ } else {
+ new_path = path + L"\\" + cur_path;
+ }
+
+ TestKernelObjectAccess(new_path, cur_type);
+
+ // Call the function recursively for all subdirectories
+ if (cur_type == L"Directory") {
+ ParseKernelObjects(new_path);
+ }
+ }
+
+ NtClose(file_handle);
+ return ERROR_SUCCESS;
+}
+
+DWORD Finder::TestKernelObjectAccess(ATL::CString path, ATL::CString type) {
+ Impersonater impersonate(token_handle_);
+
+ kernel_object_stats_[PARSE]++;
+
+ NTGENERICOPEN func = NULL;
+ GetFunctionForType(type, &func);
+
+ if (!func) {
+ kernel_object_stats_[BROKEN]++;
+ Output(OBJ_ERR, type + L" Unsupported", path);
+ return ERROR_UNSUPPORTED_TYPE;
+ }
+
+ UNICODE_STRING unicode_str;
+ unicode_str.Length = (USHORT)path.GetLength()*2;
+ unicode_str.MaximumLength = (USHORT)path.GetLength()*2+2;
+ unicode_str.Buffer = path.GetBuffer();
+
+ OBJECT_ATTRIBUTES path_attributes;
+ InitializeObjectAttributes(&path_attributes,
+ &unicode_str,
+ 0, // No Attributes
+ NULL, // No Root Directory
+ NULL); // No Security Descriptor
+
+ HANDLE handle;
+ NTSTATUS status_code = 0;
+
+ if (access_type_ & kTestForAll) {
+ status_code = NtGenericOpen(GENERIC_ALL, &path_attributes, func, &handle);
+ if (STATUS_SUCCESS == status_code) {
+ kernel_object_stats_[ALL]++;
+ Output(OBJ, L"R/W", path);
+ NtClose(handle);
+ return GENERIC_ALL;
+ } else if (status_code != EXCEPTION_ACCESS_VIOLATION &&
+ status_code != STATUS_ACCESS_DENIED) {
+ Output(OBJ_ERR, status_code, path);
+ kernel_object_stats_[BROKEN]++;
+ }
+ }
+
+ if (access_type_ & kTestForWrite) {
+ status_code = NtGenericOpen(GENERIC_WRITE, &path_attributes, func, &handle);
+ if (STATUS_SUCCESS == status_code) {
+ kernel_object_stats_[WRITE]++;
+ Output(OBJ, L"W", path);
+ NtClose(handle);
+ return GENERIC_WRITE;
+ } else if (status_code != EXCEPTION_ACCESS_VIOLATION &&
+ status_code != STATUS_ACCESS_DENIED) {
+ Output(OBJ_ERR, status_code, path);
+ kernel_object_stats_[BROKEN]++;
+ }
+ }
+
+ if (access_type_ & kTestForRead) {
+ status_code = NtGenericOpen(GENERIC_READ, &path_attributes, func, &handle);
+ if (STATUS_SUCCESS == status_code) {
+ kernel_object_stats_[READ]++;
+ Output(OBJ, L"R", path);
+ NtClose(handle);
+ return GENERIC_READ;
+ } else if (status_code != EXCEPTION_ACCESS_VIOLATION &&
+ status_code != STATUS_ACCESS_DENIED) {
+ Output(OBJ_ERR, status_code, path);
+ kernel_object_stats_[BROKEN]++;
+ }
+ }
+
+ return 0;
+}
+
+NTSTATUS Finder::NtGenericOpen(ACCESS_MASK desired_access,
+ OBJECT_ATTRIBUTES *object_attributes,
+ NTGENERICOPEN func_to_call,
+ HANDLE *handle) {
+ return func_to_call(handle, desired_access, object_attributes);
+}
+
+bool Finder::GetFunctionForType(ATL::CString type,
+ NTGENERICOPEN * func_to_call) {
+ NTGENERICOPEN func = NULL;
+
+ if (type == L"Event") func = NtOpenEvent;
+ else if (type == L"Job") func = NtOpenJobObject;
+ else if (type == L"KeyedEvent") func = NtOpenKeyedEvent;
+ else if (type == L"Mutant") func = NtOpenMutant;
+ else if (type == L"Section") func = NtOpenSection;
+ else if (type == L"Semaphore") func = NtOpenSemaphore;
+ else if (type == L"Timer") func = NtOpenTimer;
+ else if (type == L"SymbolicLink") func = NtOpenSymbolicLinkObject;
+ else if (type == L"Directory") func = NtOpenDirectoryObject;
+
+ if (func) {
+ *func_to_call = func;
+ return true;
+ }
+
+ return false;
+} \ No newline at end of file
diff --git a/sandbox/tools/finder/finder_registry.cc b/sandbox/tools/finder/finder_registry.cc
new file mode 100644
index 0000000..14bf657
--- /dev/null
+++ b/sandbox/tools/finder/finder_registry.cc
@@ -0,0 +1,118 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "sandbox/src/restricted_token.h"
+#include "sandbox/src/restricted_token_utils.h"
+#include "sandbox/tools/finder/finder.h"
+
+DWORD Finder::ParseRegistry(HKEY key, ATL::CString print_name) {
+ DWORD index = 0;
+ DWORD name_size = 2048;
+ wchar_t buffer[2048] = {0};
+ // TODO(nsylvain): Don't hardcode 2048. Get the key len by calling the
+ // function.
+ LONG err_code = ::RegEnumKey(key, index, buffer, name_size);
+ while (ERROR_SUCCESS == err_code) {
+ ATL::CString name_complete = print_name + buffer + L"\\";
+ TestRegAccess(key, buffer, name_complete);
+
+ // Call the function recursively to parse all subkeys
+ HKEY key_to_parse;
+ err_code = ::RegOpenKeyEx(key, buffer, 0, KEY_ENUMERATE_SUB_KEYS,
+ &key_to_parse);
+ if (ERROR_SUCCESS == err_code) {
+ ParseRegistry(key_to_parse, name_complete);
+ ::RegCloseKey(key_to_parse);
+ } else {
+ registry_stats_[BROKEN]++;
+ Output(REG_ERR, err_code, name_complete);
+ }
+
+ index++;
+ err_code = ::RegEnumKey(key, index, buffer, name_size);
+ }
+
+ if (ERROR_NO_MORE_ITEMS != err_code) {
+ registry_stats_[BROKEN]++;
+ Output(REG_ERR, err_code, print_name);
+ }
+
+ return ERROR_SUCCESS;
+}
+
+DWORD Finder::TestRegAccess(HKEY key, ATL::CString name,
+ ATL::CString print_name) {
+ Impersonater impersonate(token_handle_);
+
+ registry_stats_[PARSE]++;
+
+ HKEY key_res;
+ LONG err_code = 0;
+
+ if (access_type_ & kTestForAll) {
+ err_code = ::RegOpenKeyEx(key, name, 0, GENERIC_ALL, &key_res);
+ if (ERROR_SUCCESS == err_code) {
+ registry_stats_[ALL]++;
+ Output(REG, L"R/W", print_name);
+ ::RegCloseKey(key_res);
+ return GENERIC_ALL;
+ } else if (err_code != ERROR_ACCESS_DENIED) {
+ Output(REG_ERR, err_code, print_name);
+ registry_stats_[BROKEN]++;
+ }
+ }
+
+ if (access_type_ & kTestForWrite) {
+ err_code = ::RegOpenKeyEx(key, name, 0, GENERIC_WRITE, &key_res);
+ if (ERROR_SUCCESS == err_code) {
+ registry_stats_[WRITE]++;
+ Output(REG, L"W", print_name);
+ ::RegCloseKey(key_res);
+ return GENERIC_WRITE;
+ } else if (err_code != ERROR_ACCESS_DENIED) {
+ Output(REG_ERR, err_code, print_name);
+ registry_stats_[BROKEN]++;
+ }
+ }
+
+ if (access_type_ & kTestForRead) {
+ err_code = ::RegOpenKeyEx(key, name, 0, GENERIC_READ, &key_res);
+ if (ERROR_SUCCESS == err_code) {
+ registry_stats_[READ]++;
+ Output(REG, L"R", print_name);
+ ::RegCloseKey(key_res);
+ return GENERIC_READ;
+ } else if (err_code != ERROR_ACCESS_DENIED) {
+ Output(REG_ERR, err_code, print_name);
+ registry_stats_[BROKEN]++;
+ }
+ }
+
+ return 0;
+} \ No newline at end of file
diff --git a/sandbox/tools/finder/main.cc b/sandbox/tools/finder/main.cc
new file mode 100644
index 0000000..7037bfa
--- /dev/null
+++ b/sandbox/tools/finder/main.cc
@@ -0,0 +1,173 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "sandbox/src/restricted_token_utils.h"
+#include "sandbox/tools/finder/finder.h"
+
+#define PARAM_IS(y) (argc > i) && (_wcsicmp(argv[i], y) == 0)
+
+void PrintUsage(wchar_t *application_name) {
+ wprintf(L"\n\nUsage: \n %s --token type --object ob1 [ob2 ob3] "
+ L"--access ac1 [ac2 ac3] [--log filename]", application_name);
+ wprintf(L"\n\n Token Types : \n\tLOCKDOWN \n\tRESTRICTED "
+ L"\n\tLIMITED_USER \n\tINTERACTIVE_USER \n\tNON_ADMIN \n\tUNPROTECTED");
+ wprintf(L"\n Object Types: \n\tREG \n\tFILE \n\tKERNEL");
+ wprintf(L"\n Access Types: \n\tR \n\tW \n\tALL");
+ wprintf(L"\n\nSample: \n %s --token LOCKDOWN --object REG FILE KERNEL "
+ L"--access R W ALL", application_name);
+}
+
+int wmain(int argc, wchar_t* argv[]) {
+ // Extract the filename from the path.
+ wchar_t *app_name = wcsrchr(argv[0], L'\\');
+ if (!app_name) {
+ app_name = argv[0];
+ } else {
+ app_name++;
+ }
+
+ // parameters to read
+ ATL::CString log_file;
+ sandbox::TokenLevel token_type = sandbox::USER_LOCKDOWN;
+ DWORD object_type = 0;
+ DWORD access_type = 0;
+
+ // no arguments
+ if (argc == 1) {
+ PrintUsage(app_name);
+ return -1;
+ }
+
+ // parse command line.
+ for (int i = 1; i < argc; ++i) {
+ if (PARAM_IS(L"--token")) {
+ i++;
+ if (argc > i) {
+ if (PARAM_IS(L"LOCKDOWN")) {
+ token_type = sandbox::USER_LOCKDOWN;
+ } else if (PARAM_IS(L"RESTRICTED")) {
+ token_type = sandbox::USER_RESTRICTED;
+ } else if (PARAM_IS(L"LIMITED_USER")) {
+ token_type = sandbox::USER_LIMITED;
+ } else if (PARAM_IS(L"INTERACTIVE_USER")) {
+ token_type = sandbox::USER_INTERACTIVE;
+ } else if (PARAM_IS(L"NON_ADMIN")) {
+ token_type = sandbox::USER_NON_ADMIN;
+ } else if (PARAM_IS(L"USER_RESTRICTED_SAME_ACCESS")) {
+ token_type = sandbox::USER_RESTRICTED_SAME_ACCESS;
+ } else if (PARAM_IS(L"UNPROTECTED")) {
+ token_type = sandbox::USER_UNPROTECTED;
+ } else {
+ wprintf(L"\nAbord. Invalid token type \"%s\"", argv[i]);
+ PrintUsage(app_name);
+ return -1;
+ }
+ }
+ } else if (PARAM_IS(L"--object")) {
+ bool is_object = true;
+ do {
+ i++;
+ if (PARAM_IS(L"REG")) {
+ object_type |= kScanRegistry;
+ } else if (PARAM_IS(L"FILE")) {
+ object_type |= kScanFileSystem;
+ } else if (PARAM_IS(L"KERNEL")) {
+ object_type |= kScanKernelObjects;
+ } else {
+ is_object = false;
+ }
+ } while(is_object);
+ i--;
+ } else if (PARAM_IS(L"--access")) {
+ bool is_access = true;
+ do {
+ i++;
+ if (PARAM_IS(L"R")) {
+ access_type |= kTestForRead;
+ } else if (PARAM_IS(L"W")) {
+ access_type |= kTestForWrite;
+ } else if (PARAM_IS(L"ALL")) {
+ access_type |= kTestForAll;
+ } else {
+ is_access = false;
+ }
+ } while(is_access);
+ i--;
+ } else if (PARAM_IS(L"--log")) {
+ i++;
+ if (argc > i) {
+ log_file = argv[i];
+ }
+ else {
+ wprintf(L"\nAbord. No log file specified");
+ PrintUsage(app_name);
+ return -1;
+ }
+ } else {
+ wprintf(L"\nAbord. Unrecognized parameter \"%s\"", argv[i]);
+ PrintUsage(app_name);
+ return -1;
+ }
+ }
+
+ // validate parameters
+ if (0 == access_type) {
+ wprintf(L"\nAbord, Access type not specified");
+ PrintUsage(app_name);
+ return -1;
+ }
+
+ if (0 == object_type) {
+ wprintf(L"\nAbord, Object type not specified");
+ PrintUsage(app_name);
+ return -1;
+ }
+
+
+ // Open log file
+ FILE * file_output;
+ if (log_file.GetLength()) {
+ errno_t err = _wfopen_s(&file_output, log_file, L"w");
+ if (err) {
+ wprintf(L"\nAbord, Cannot open file \"%s\"", log_file.GetBuffer());
+ return -1;
+ }
+ } else {
+ file_output = stdout;
+ }
+
+ Finder finder_obj;
+ finder_obj.Init(token_type, object_type, access_type, file_output);
+ finder_obj.Scan();
+
+ fclose(file_output);
+
+ return 0;
+}
+
diff --git a/sandbox/tools/finder/ntundoc.h b/sandbox/tools/finder/ntundoc.h
new file mode 100644
index 0000000..47fdf014
--- /dev/null
+++ b/sandbox/tools/finder/ntundoc.h
@@ -0,0 +1,263 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#ifndef SANDBOX_TOOLS_FINDER_NTUNDOC_H__
+#define SANDBOX_TOOLS_FINDER_NTUNDOC_H__
+
+#define NTSTATUS ULONG
+#define STATUS_SUCCESS 0x00000000
+#define STATUS_ACCESS_DENIED 0xC0000022
+#define STATUS_BUFFER_OVERFLOW 0x80000005
+
+typedef struct _LSA_UNICODE_STRING {
+ USHORT Length;
+ USHORT MaximumLength;
+ PWSTR Buffer;
+} UNICODE_STRING;
+
+typedef struct _OBJDIR_INFORMATION {
+ UNICODE_STRING ObjectName;
+ UNICODE_STRING ObjectTypeName;
+ BYTE Data[1];
+} OBJDIR_INFORMATION;
+
+typedef struct _OBJECT_ATTRIBUTES {
+ ULONG Length;
+ HANDLE RootDirectory;
+ UNICODE_STRING *ObjectName;
+ ULONG Attributes;
+ PVOID SecurityDescriptor;
+ PVOID SecurityQualityOfService;
+} OBJECT_ATTRIBUTES;
+
+typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
+ ULONG Attributes;
+ ACCESS_MASK GrantedAccess;
+ ULONG HandleCount;
+ ULONG PointerCount;
+ ULONG Reserved[10]; // reserved for internal use
+ } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
+
+typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION {
+ UNICODE_STRING TypeName;
+ ULONG Reserved [22]; // reserved for internal use
+} PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION;
+
+typedef struct _OBJECT_NAME_INFORMATION {
+ UNICODE_STRING ObjectName;
+} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
+
+
+typedef enum _OBJECT_INFORMATION_CLASS {
+ ObjectBasicInformation,
+ ObjectNameInformation,
+ ObjectTypeInformation,
+ ObjectAllInformation,
+ ObjectDataInformation
+} OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS;
+
+typedef struct _FILE_NAME_INFORMATION {
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;
+
+typedef enum _FILE_INFORMATION_CLASS {
+ // end_wdm
+ FileDirectoryInformation = 1,
+ FileFullDirectoryInformation, // 2
+ FileBothDirectoryInformation, // 3
+ FileBasicInformation, // 4 wdm
+ FileStandardInformation, // 5 wdm
+ FileInternalInformation, // 6
+ FileEaInformation, // 7
+ FileAccessInformation, // 8
+ FileNameInformation, // 9
+ FileRenameInformation, // 10
+ FileLinkInformation, // 11
+ FileNamesInformation, // 12
+ FileDispositionInformation, // 13
+ FilePositionInformation, // 14 wdm
+ FileFullEaInformation, // 15
+ FileModeInformation, // 16
+ FileAlignmentInformation, // 17
+ FileAllInformation, // 18
+ FileAllocationInformation, // 19
+ FileEndOfFileInformation, // 20 wdm
+ FileAlternateNameInformation, // 21
+ FileStreamInformation, // 22
+ FilePipeInformation, // 23
+ FilePipeLocalInformation, // 24
+ FilePipeRemoteInformation, // 25
+ FileMailslotQueryInformation, // 26
+ FileMailslotSetInformation, // 27
+ FileCompressionInformation, // 28
+ FileObjectIdInformation, // 29
+ FileCompletionInformation, // 30
+ FileMoveClusterInformation, // 31
+ FileQuotaInformation, // 32
+ FileReparsePointInformation, // 33
+ FileNetworkOpenInformation, // 34
+ FileAttributeTagInformation, // 35
+ FileTrackingInformation, // 36
+ FileMaximumInformation
+ // begin_wdm
+} FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
+
+typedef enum _SYSTEM_INFORMATION_CLASS {
+ SystemHandleInformation = 16
+} SYSTEM_INFORMATION_CLASS;
+
+typedef struct
+{
+ NTSTATUS Status;
+ ULONG Information;
+} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
+
+#define InitializeObjectAttributes( p, n, a, r, s ) { \
+ (p)->Length = sizeof( OBJECT_ATTRIBUTES ); \
+ (p)->RootDirectory = r; \
+ (p)->Attributes = a; \
+ (p)->ObjectName = n; \
+ (p)->SecurityDescriptor = s; \
+ (p)->SecurityQualityOfService = NULL; \
+}
+
+typedef struct _SYSTEM_HANDLE_INFORMATION {
+ USHORT ProcessId;
+ USHORT CreatorBackTraceIndex;
+ UCHAR ObjectTypeNumber;
+ UCHAR Flags;
+ USHORT Handle;
+ PVOID Object;
+ ACCESS_MASK GrantedAccess;
+} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
+
+typedef struct _SYSTEM_HANDLE_INFORMATION_EX {
+ ULONG NumberOfHandles;
+ SYSTEM_HANDLE_INFORMATION Information[1];
+} SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX;
+
+#define POBJECT_ATTRIBUTES OBJECT_ATTRIBUTES*
+
+typedef NTSTATUS (WINAPI* NTQUERYDIRECTORYOBJECT)(
+ HANDLE,
+ OBJDIR_INFORMATION*,
+ DWORD,
+ DWORD,
+ DWORD,
+ DWORD*,
+ DWORD*);
+
+typedef NTSTATUS (WINAPI* NTOPENDIRECTORYOBJECT)(
+ HANDLE *,
+ DWORD,
+ OBJECT_ATTRIBUTES* );
+
+typedef NTSTATUS (WINAPI* NTGENERICOPEN) (
+ OUT PHANDLE EventHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes);
+
+typedef NTSTATUS (WINAPI* NTOPENEVENT)(
+ OUT PHANDLE EventHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes);
+
+typedef NTSTATUS (WINAPI* NTOPENJOBOBJECT)(
+ OUT PHANDLE JobHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes);
+
+typedef NTSTATUS (WINAPI* NTOPENKEYEDEVENT)(
+ OUT PHANDLE KeyedEventHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes);
+
+typedef NTSTATUS (WINAPI* NTOPENMUTANT)(
+ OUT PHANDLE MutantHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes);
+
+typedef NTSTATUS (WINAPI* NTOPENSECTION)(
+ OUT PHANDLE SectionHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes);
+
+typedef NTSTATUS (WINAPI* NTOPENSEMAPHORE)(
+ OUT PHANDLE SemaphoreHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes);
+
+typedef NTSTATUS (WINAPI* NTOPENSYMBOLICLINKOBJECT)(
+ OUT PHANDLE SymbolicLinkHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes);
+
+typedef NTSTATUS (WINAPI* NTOPENTIMER)(
+ OUT PHANDLE TimerHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes);
+
+typedef NTSTATUS (WINAPI* NTOPENFILE)(
+ HANDLE *,
+ DWORD,
+ OBJECT_ATTRIBUTES *,
+ IO_STATUS_BLOCK *,
+ DWORD,
+ DWORD);
+
+typedef NTSTATUS (WINAPI* NTQUERYINFORMATIONFILE)(
+ HANDLE,
+ PIO_STATUS_BLOCK,
+ PVOID,
+ ULONG,
+ FILE_INFORMATION_CLASS);
+
+typedef NTSTATUS (WINAPI* NTQUERYSYSTEMINFORMATION)(
+ SYSTEM_INFORMATION_CLASS SystemInformationClass,
+ PVOID SystemInformation,
+ ULONG SystemInformationLength,
+ PULONG ReturnLength);
+
+typedef NTSTATUS (WINAPI* NTQUERYOBJECT)(
+ HANDLE Handle,
+ OBJECT_INFORMATION_CLASS ObjectInformationClass,
+ PVOID ObjectInformation,
+ ULONG ObjectInformationLength,
+ PULONG ReturnLength);
+
+typedef NTSTATUS (WINAPI* NTCLOSE) (HANDLE);
+
+#define DIRECTORY_QUERY 0x0001
+#define DIRECTORY_TRAVERSE 0x0002
+#define DIRECTORY_CREATE_OBJECT 0x0004
+#define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
+#define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)
+
+#endif // SANDBOX_TOOLS_FINDER_NTUNDOC_H__ \ No newline at end of file
diff --git a/sandbox/tools/finder/stdafx.cc b/sandbox/tools/finder/stdafx.cc
new file mode 100644
index 0000000..2330be4
--- /dev/null
+++ b/sandbox/tools/finder/stdafx.cc
@@ -0,0 +1,33 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "sandbox/tools/finder/stdafx.h"
+
+// TODO: reference any additional headers you need in STDAFX.H
+// and not in this file
diff --git a/sandbox/tools/finder/stdafx.h b/sandbox/tools/finder/stdafx.h
new file mode 100644
index 0000000..1c0404d
--- /dev/null
+++ b/sandbox/tools/finder/stdafx.h
@@ -0,0 +1,44 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#ifndef SANDBOX_TOOLS_FINDER_STDAFX_H__
+#define SANDBOX_TOOLS_FINDER_STDAFX_H__
+
+#ifndef _WIN32_WINNT // Allow use of features specific to Windows XP or later.
+#define _WIN32_WINNT 0x0501 // Change this to the appropriate value to target other versions of Windows.
+#endif
+
+#include <stdio.h>
+#include <tchar.h>
+#include <windows.h>
+#define _ATL_NO_EXCEPTIONS
+#include <atlbase.h>
+#include <atlsecurity.h>
+
+#endif // SANDBOX_TOOLS_FINDER_STDAFX_H__ \ No newline at end of file