diff options
| -rw-r--r-- | chrome/app/chrome_exe.vcproj | 2 | ||||
| -rw-r--r-- | chrome/app/chrome_exe_main.cc | 27 | ||||
| -rw-r--r-- | sandbox/src/dep.cc | 34 |
3 files changed, 9 insertions, 54 deletions
diff --git a/chrome/app/chrome_exe.vcproj b/chrome/app/chrome_exe.vcproj index 1112e5b..b9e8761 100644 --- a/chrome/app/chrome_exe.vcproj +++ b/chrome/app/chrome_exe.vcproj @@ -55,7 +55,6 @@ /> <Tool Name="VCLinkerTool" - AdditionalOptions="/safeseh /dynamicbase /ignore:4199 $(NoInherit)" ImportLibrary="$(OutDir)\lib\$(ProjectName).lib" /> <Tool @@ -122,7 +121,6 @@ /> <Tool Name="VCLinkerTool" - AdditionalOptions="/safeseh /dynamicbase /ignore:4199 $(NoInherit)" ImportLibrary="$(OutDir)\lib\$(ProjectName).lib" /> <Tool diff --git a/chrome/app/chrome_exe_main.cc b/chrome/app/chrome_exe_main.cc index cec04a9..9f21096 100644 --- a/chrome/app/chrome_exe_main.cc +++ b/chrome/app/chrome_exe_main.cc @@ -10,6 +10,7 @@ #include "base/command_line.h" #include "base/debug_on_start.h" #include "base/process_util.h" +#include "base/win_util.h" #include "chrome/app/breakpad.h" #include "chrome/app/client_util.h" #include "chrome/app/google_update_client.h" @@ -25,25 +26,12 @@ int APIENTRY wWinMain(HINSTANCE instance, HINSTANCE prev_instance, // The exit manager is in charge of calling the dtors of singletons. base::AtExitManager exit_manager; - // Note that std::wstring and CommandLine got linked anyway because of - // breakpad. - CommandLine parsed_command_line; - std::wstring process_type = - parsed_command_line.GetSwitchValue(switches::kProcessType); - - const wchar_t* dll_name = L"chrome.dll"; - if (process_type == switches::kPluginProcess) { - // Plugin process. - // For plugins, we enable ATL7 thunking support because we saw old activex - // built with VC2002 in the wild still being used. - sandbox::SetCurrentProcessDEP(sandbox::DEP_ENABLED_ATL7_COMPAT); - } else if (process_type == switches::kRendererProcess) { - // Renderer process. - // For the processes we control, we enforce strong DEP support. - sandbox::SetCurrentProcessDEP(sandbox::DEP_ENABLED); - } else { - // Browser process. - // For the processes we control, we enforce strong DEP support. + win_util::WinVersion win_version = win_util::GetWinVersion(); + if (win_version == win_util::WINVERSION_XP || + win_version == win_util::WINVERSION_SERVER_2003) { + // On Vista, this is unnecessary since it is controlled through the + // /NXCOMPAT linker flag. + // Enforces strong DEP support. sandbox::SetCurrentProcessDEP(sandbox::DEP_ENABLED); } @@ -54,6 +42,7 @@ int APIENTRY wWinMain(HINSTANCE instance, HINSTANCE prev_instance, if (!sandbox_info.broker_services) sandbox_info.target_services = sandbox::SandboxFactory::GetTargetServices(); + const wchar_t* dll_name = L"chrome.dll"; #if defined(GOOGLE_CHROME_BUILD) google_update::GoogleUpdateClient client; diff --git a/sandbox/src/dep.cc b/sandbox/src/dep.cc index 2c771cc..423205b 100644 --- a/sandbox/src/dep.cc +++ b/sandbox/src/dep.cc @@ -23,8 +23,6 @@ namespace { // SetProcessDEPPolicy is declared in the Windows 2008 SDK. typedef BOOL (WINAPI *FnSetProcessDEPPolicy)(DWORD dwFlags); -// Completely undocumented from Microsoft. You can find this information by -// disassembling Vista's SP1 kernel32.dll with your favorite disassembler. enum PROCESS_INFORMATION_CLASS { ProcessExecuteFlags = 0x22, }; @@ -49,38 +47,8 @@ bool SetCurrentProcessDEP(DepEnforcement enforcement) { // DEP is always on in x64. return enforcement != DEP_DISABLED; #endif - - // Try documented ways first. - // Only available on Vista SP1 and Windows 2008. - // http://msdn.microsoft.com/en-us/library/bb736299.aspx - FnSetProcessDEPPolicy SetProcDEP = - reinterpret_cast<FnSetProcessDEPPolicy>( - GetProcAddress(GetModuleHandle(L"kernel32.dll"), - "SetProcessDEPPolicy")); - - if (SetProcDEP) { - ULONG dep_flags; - switch (enforcement) { - case DEP_DISABLED: - dep_flags = 0; - break; - case DEP_ENABLED: - dep_flags = PROCESS_DEP_ENABLE | - PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION; - break; - case DEP_ENABLED_ATL7_COMPAT: - dep_flags = PROCESS_DEP_ENABLE; - break; - default: - NOTREACHED(); - return false; - } - return 0 != SetProcDEP(dep_flags); - } - - // Go in darker areas. // Only available on Windows XP SP2 and Windows Server 2003 SP1. - // http://www.uninformed.org/?v=2&a=4 + // For reference: http://www.uninformed.org/?v=2&a=4 FnNtSetInformationProcess NtSetInformationProc = reinterpret_cast<FnNtSetInformationProcess>( GetProcAddress(GetModuleHandle(L"ntdll.dll"), |