diff options
| -rw-r--r-- | base/win/iat_patch_function.cc | 5 | ||||
| -rw-r--r-- | base/win/iat_patch_function.h | 2 | ||||
| -rw-r--r-- | content/common/sandbox_win.cc | 23 |
3 files changed, 21 insertions, 9 deletions
diff --git a/base/win/iat_patch_function.cc b/base/win/iat_patch_function.cc index 923dc04..21c3995 100644 --- a/base/win/iat_patch_function.cc +++ b/base/win/iat_patch_function.cc @@ -285,5 +285,10 @@ DWORD IATPatchFunction::Unpatch() { return error; } +void* IATPatchFunction::original_function() const { + DCHECK(is_patched()); + return original_function_; +} + } // namespace win } // namespace base diff --git a/base/win/iat_patch_function.h b/base/win/iat_patch_function.h index 3ae1f3c..5026e0e 100644 --- a/base/win/iat_patch_function.h +++ b/base/win/iat_patch_function.h @@ -57,6 +57,8 @@ class BASE_EXPORT IATPatchFunction { return (NULL != intercept_function_); } + void* original_function() const; + private: HMODULE module_handle_; void* intercept_function_; diff --git a/content/common/sandbox_win.cc b/content/common/sandbox_win.cc index a73296c..aea5860 100644 --- a/content/common/sandbox_win.cc +++ b/content/common/sandbox_win.cc @@ -403,13 +403,15 @@ bool ProcessDebugFlags(CommandLine* command_line, bool is_in_sandbox) { #ifndef OFFICIAL_BUILD base::win::IATPatchFunction g_iat_patch_duplicate_handle; -BOOL (WINAPI *g_iat_orig_duplicate_handle)(HANDLE source_process_handle, - HANDLE source_handle, - HANDLE target_process_handle, - LPHANDLE target_handle, - DWORD desired_access, - BOOL inherit_handle, - DWORD options); +typedef BOOL (WINAPI *DuplicateHandleFunctionPtr)(HANDLE source_process_handle, + HANDLE source_handle, + HANDLE target_process_handle, + LPHANDLE target_handle, + DWORD desired_access, + BOOL inherit_handle, + DWORD options); + +DuplicateHandleFunctionPtr g_iat_orig_duplicate_handle; NtQueryObject g_QueryObject = NULL; @@ -547,10 +549,13 @@ bool InitBrokerServices(sandbox::BrokerServices* broker_services) { DWORD result = ::GetModuleFileNameW(module, module_name, MAX_PATH); if (result && (result != MAX_PATH)) { ResolveNTFunctionPtr("NtQueryObject", &g_QueryObject); - g_iat_orig_duplicate_handle = ::DuplicateHandle; - g_iat_patch_duplicate_handle.Patch( + result = g_iat_patch_duplicate_handle.Patch( module_name, "kernel32.dll", "DuplicateHandle", DuplicateHandlePatch); + CHECK(result == 0); + g_iat_orig_duplicate_handle = + reinterpret_cast<DuplicateHandleFunctionPtr>( + g_iat_patch_duplicate_handle.original_function()); } } #endif |