From 35ef51a9b6944dd9c3852f2c78f6be0548fe6e5e Mon Sep 17 00:00:00 2001 From: "maruel@chromium.org" Date: Tue, 4 Nov 2008 18:18:55 +0000 Subject: Enforces strong DEP all the time. Use the /NXCOMPAT linker flag on chrome.exe so there's no need to call anything on Vista and later to activate it. Review URL: http://codereview.chromium.org/9050 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@4609 0039d316-1c4b-4281-b951-d872f2087c98 --- sandbox/src/dep.cc | 34 +--------------------------------- 1 file changed, 1 insertion(+), 33 deletions(-) (limited to 'sandbox') diff --git a/sandbox/src/dep.cc b/sandbox/src/dep.cc index 2c771cc..423205b 100644 --- a/sandbox/src/dep.cc +++ b/sandbox/src/dep.cc @@ -23,8 +23,6 @@ namespace { // SetProcessDEPPolicy is declared in the Windows 2008 SDK. typedef BOOL (WINAPI *FnSetProcessDEPPolicy)(DWORD dwFlags); -// Completely undocumented from Microsoft. You can find this information by -// disassembling Vista's SP1 kernel32.dll with your favorite disassembler. enum PROCESS_INFORMATION_CLASS { ProcessExecuteFlags = 0x22, }; @@ -49,38 +47,8 @@ bool SetCurrentProcessDEP(DepEnforcement enforcement) { // DEP is always on in x64. return enforcement != DEP_DISABLED; #endif - - // Try documented ways first. - // Only available on Vista SP1 and Windows 2008. - // http://msdn.microsoft.com/en-us/library/bb736299.aspx - FnSetProcessDEPPolicy SetProcDEP = - reinterpret_cast( - GetProcAddress(GetModuleHandle(L"kernel32.dll"), - "SetProcessDEPPolicy")); - - if (SetProcDEP) { - ULONG dep_flags; - switch (enforcement) { - case DEP_DISABLED: - dep_flags = 0; - break; - case DEP_ENABLED: - dep_flags = PROCESS_DEP_ENABLE | - PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION; - break; - case DEP_ENABLED_ATL7_COMPAT: - dep_flags = PROCESS_DEP_ENABLE; - break; - default: - NOTREACHED(); - return false; - } - return 0 != SetProcDEP(dep_flags); - } - - // Go in darker areas. // Only available on Windows XP SP2 and Windows Server 2003 SP1. - // http://www.uninformed.org/?v=2&a=4 + // For reference: http://www.uninformed.org/?v=2&a=4 FnNtSetInformationProcess NtSetInformationProc = reinterpret_cast( GetProcAddress(GetModuleHandle(L"ntdll.dll"), -- cgit v1.1