1 // Copyright (c) 2006-2010 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "sandbox/win/src/resolver.h" 6 7 #include "sandbox/win/src/sandbox_nt_util.h" 8 9 namespace { 10 11 const BYTE kPushRax = 0x50; 12 const USHORT kMovRax = 0xB848; 13 const ULONG kMovRspRax = 0x24048948; 14 const BYTE kRetNp = 0xC3; 15 16 #pragma pack(push, 1) 17 struct InternalThunk { 18 // This struct contains roughly the following code: 19 // 00 50 push rax 20 // 01 48b8f0debc9a78563412 mov rax,123456789ABCDEF0h 21 // 0b 48890424 mov qword ptr [rsp],rax 22 // 0f c3 ret 23 // 24 // The code modifies rax, but that should not be an issue for the common 25 // calling conventions. 26 27 InternalThunk() { 28 push_rax = kPushRax; 29 mov_rax = kMovRax; 30 interceptor_function = 0; 31 mov_rsp_rax = kMovRspRax; 32 ret = kRetNp; 33 }; 34 BYTE push_rax; // = 50 35 USHORT mov_rax; // = 48 B8 36 ULONG_PTR interceptor_function; 37 ULONG mov_rsp_rax; // = 48 89 04 24 38 BYTE ret; // = C3 39 }; 40 #pragma pack(pop) 41 42 } // namespace. 43 44 namespace sandbox { 45 46 size_t ResolverThunk::GetInternalThunkSize() const { 47 return sizeof(InternalThunk); 48 } 49 50 bool ResolverThunk::SetInternalThunk(void* storage, size_t storage_bytes, 51 const void* original_function, 52 const void* interceptor) { 53 if (storage_bytes < sizeof(InternalThunk)) 54 return false; 55 56 InternalThunk* thunk = new(storage, NT_PLACE) InternalThunk; 57 thunk->interceptor_function = reinterpret_cast<ULONG_PTR>(interceptor); 58 59 return true; 60 } 61 62 NTSTATUS ResolverThunk::ResolveTarget(const void* module, 63 const char* function_name, 64 void** address) { 65 // We don't support sidestep & co. 66 return STATUS_NOT_IMPLEMENTED; 67 } 68 69 } // namespace sandbox 70
