diff options
| author | nsylvain@chromium.org <nsylvain@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-02-13 18:07:00 +0000 | 
|---|---|---|
| committer | nsylvain@chromium.org <nsylvain@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-02-13 18:07:00 +0000 | 
| commit | 8869a5f5c945fd2ce67aea4107c700dda12d150f (patch) | |
| tree | 43df9e9f9c6fafa9b373394d1f447a56809c59ce /sandbox | |
| parent | 91115469ab00e0c314cf547e91e8b473890a90d2 (diff) | |
| download | chromium_src-8869a5f5c945fd2ce67aea4107c700dda12d150f.zip chromium_src-8869a5f5c945fd2ce67aea4107c700dda12d150f.tar.gz chromium_src-8869a5f5c945fd2ce67aea4107c700dda12d150f.tar.bz2 | |
In windows 7 there is a new Reg call that we need to
hook. NtOpenKeyEx.
I don't know what the last parameter is. I suspect it's
a reserved flag for "options". (As in RegOpenKeyEx).
I do not handle the case where this unknown flag is non-zero.
The current unit tests covers this code.
bug:7611
Review URL: http://codereview.chromium.org/20287
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9762 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
| -rw-r--r-- | sandbox/src/nt_internals.h | 6 | ||||
| -rw-r--r-- | sandbox/src/registry_dispatcher.cc | 9 | ||||
| -rw-r--r-- | sandbox/src/registry_interception.cc | 35 | ||||
| -rw-r--r-- | sandbox/src/registry_interception.h | 6 | 
4 files changed, 48 insertions, 8 deletions
| diff --git a/sandbox/src/nt_internals.h b/sandbox/src/nt_internals.h index f02c0cc..4028ca0 100644 --- a/sandbox/src/nt_internals.h +++ b/sandbox/src/nt_internals.h @@ -354,6 +354,12 @@ typedef NTSTATUS (WINAPI *NtOpenKeyFunction)(    IN ACCESS_MASK DesiredAccess,    IN POBJECT_ATTRIBUTES ObjectAttributes); +typedef NTSTATUS (WINAPI *NtOpenKeyExFunction)( +  OUT PHANDLE KeyHandle, +  IN ACCESS_MASK DesiredAccess, +  IN POBJECT_ATTRIBUTES ObjectAttributes, +  IN DWORD unknown);  // TODO(nsylvain): define this. bug 7611 +  // -----------------------------------------------------------------------  // Memory diff --git a/sandbox/src/registry_dispatcher.cc b/sandbox/src/registry_dispatcher.cc index babf455..37d607d 100644 --- a/sandbox/src/registry_dispatcher.cc +++ b/sandbox/src/registry_dispatcher.cc @@ -6,6 +6,7 @@  #include "base/logging.h"  #include "base/scoped_handle_win.h" +#include "base/win_util.h"  #include "sandbox/src/crosscall_client.h"  #include "sandbox/src/interception.h"  #include "sandbox/src/ipc_tags.h" @@ -60,8 +61,12 @@ bool RegistryDispatcher::SetupService(InterceptionManager* manager,    if (IPC_NTCREATEKEY_TAG == service)      return INTERCEPT_NT(manager, NtCreateKey, "_TargetNtCreateKey@32"); -  if (IPC_NTOPENKEY_TAG == service) -      return INTERCEPT_NT(manager, NtOpenKey, "_TargetNtOpenKey@16"); +  if (IPC_NTOPENKEY_TAG == service) { +    bool result = INTERCEPT_NT(manager, NtOpenKey, "_TargetNtOpenKey@16"); +    if (win_util::GetWinVersion() >= win_util::WINVERSION_WIN7) +      result &= INTERCEPT_NT(manager, NtOpenKeyEx, "_TargetNtOpenKeyEx@20"); +    return result; +  }    return false;  } diff --git a/sandbox/src/registry_interception.cc b/sandbox/src/registry_interception.cc index adbbf6e..c4a7bc9 100644 --- a/sandbox/src/registry_interception.cc +++ b/sandbox/src/registry_interception.cc @@ -88,14 +88,9 @@ NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey,    return status;  } -NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key, +NTSTATUS WINAPI CommonNtOpenKey(NTSTATUS status, PHANDLE key,                                  ACCESS_MASK desired_access,                                  POBJECT_ATTRIBUTES object_attributes) { -  // Check if the process can open it first. -  NTSTATUS status = orig_OpenKey(key, desired_access, object_attributes); -  if (NT_SUCCESS(status)) -    return status; -    // We don't trust that the IPC can work this early.    if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())      return status; @@ -146,5 +141,33 @@ NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key,    return status;  } +NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key, +                                ACCESS_MASK desired_access, +                                POBJECT_ATTRIBUTES object_attributes) { +  // Check if the process can open it first. +  NTSTATUS status = orig_OpenKey(key, desired_access, object_attributes); +  if (NT_SUCCESS(status)) +    return status; + +  return CommonNtOpenKey(status, key, desired_access, object_attributes); +} + +NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpenKeyExFunction orig_OpenKeyEx, +                                  PHANDLE key, ACCESS_MASK desired_access, +                                  POBJECT_ATTRIBUTES object_attributes, +                                  DWORD unknown) { +  // Check if the process can open it first. +  NTSTATUS status = orig_OpenKeyEx(key, desired_access, object_attributes, +                                   unknown); + +  // TODO(nsylvain): We don't know what the last parameter is. If it's not +  // zero, we don't attempt to proxy the call. We need to find out what it is! +  // See bug 7611 +  if (NT_SUCCESS(status) || unknown != 0) +    return status; + +  return CommonNtOpenKey(status, key, desired_access, object_attributes); +} +  }  // namespace sandbox diff --git a/sandbox/src/registry_interception.h b/sandbox/src/registry_interception.h index 08e8234..7731acd 100644 --- a/sandbox/src/registry_interception.h +++ b/sandbox/src/registry_interception.h @@ -25,6 +25,12 @@ SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKey(      NtOpenKeyFunction orig_OpenKey, PHANDLE key, ACCESS_MASK desired_access,      POBJECT_ATTRIBUTES object_attributes); +// Interception of NtOpenKeyEx on the child process. +// It should never be called directly +SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKeyEx( +    NtOpenKeyExFunction orig_OpenKeyEx, PHANDLE key, ACCESS_MASK desired_access, +    POBJECT_ATTRIBUTES object_attributes, DWORD unknown); +  }  // extern "C"  }  // namespace sandbox | 
