1 files changed, 29 insertions, 6 deletions

diff --git a/sandbox/src/registry_interception.cc b/sandbox/src/registry_interception.cc
index adbbf6e..c4a7bc9 100644
--- a/sandbox/src/registry_interception.cc
+++ b/sandbox/src/registry_interception.cc
@@ -88,14 +88,9 @@ NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey,
   return status;
 }
 
-NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key,
+NTSTATUS WINAPI CommonNtOpenKey(NTSTATUS status, PHANDLE key,
                                 ACCESS_MASK desired_access,
                                 POBJECT_ATTRIBUTES object_attributes) {
-  // Check if the process can open it first.
-  NTSTATUS status = orig_OpenKey(key, desired_access, object_attributes);
-  if (NT_SUCCESS(status))
-    return status;
-
   // We don't trust that the IPC can work this early.
   if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
     return status;
@@ -146,5 +141,33 @@ NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key,
   return status;
 }
 
+NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key,
+                                ACCESS_MASK desired_access,
+                                POBJECT_ATTRIBUTES object_attributes) {
+  // Check if the process can open it first.
+  NTSTATUS status = orig_OpenKey(key, desired_access, object_attributes);
+  if (NT_SUCCESS(status))
+    return status;
+
+  return CommonNtOpenKey(status, key, desired_access, object_attributes);
+}
+
+NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpenKeyExFunction orig_OpenKeyEx,
+                                  PHANDLE key, ACCESS_MASK desired_access,
+                                  POBJECT_ATTRIBUTES object_attributes,
+                                  DWORD unknown) {
+  // Check if the process can open it first.
+  NTSTATUS status = orig_OpenKeyEx(key, desired_access, object_attributes,
+                                   unknown);
+
+  // TODO(nsylvain): We don't know what the last parameter is. If it's not
+  // zero, we don't attempt to proxy the call. We need to find out what it is!
+  // See bug 7611
+  if (NT_SUCCESS(status) || unknown != 0)
+    return status;
+
+  return CommonNtOpenKey(status, key, desired_access, object_attributes);
+}
+
 }  // namespace sandbox