1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef SANDBOX_SRC_SERVICE_RESOLVER_H__ 6 #define SANDBOX_SRC_SERVICE_RESOLVER_H__ 7 8 #include "sandbox/win/src/nt_internals.h" 9 #include "sandbox/win/src/resolver.h" 10 11 namespace sandbox { 12 13 // This is the concrete resolver used to perform service-call type functions 14 // inside ntdll.dll. 15 class ServiceResolverThunk : public ResolverThunk { 16 public: 17 // The service resolver needs a child process to write to. 18 ServiceResolverThunk(HANDLE process, bool relaxed) 19 : process_(process), ntdll_base_(NULL), win2k_(false), 20 relaxed_(relaxed), relative_jump_(0) {} 21 virtual ~ServiceResolverThunk() {} 22 23 // Implementation of Resolver::Setup. 24 virtual NTSTATUS Setup(const void* target_module, 25 const void* interceptor_module, 26 const char* target_name, 27 const char* interceptor_name, 28 const void* interceptor_entry_point, 29 void* thunk_storage, 30 size_t storage_bytes, 31 size_t* storage_used); 32 33 // Implementation of Resolver::ResolveInterceptor. 34 virtual NTSTATUS ResolveInterceptor(const void* module, 35 const char* function_name, 36 const void** address); 37 38 // Implementation of Resolver::ResolveTarget. 39 virtual NTSTATUS ResolveTarget(const void* module, 40 const char* function_name, 41 void** address); 42 43 // Implementation of Resolver::GetThunkSize. 44 virtual size_t GetThunkSize() const; 45 46 protected: 47 // The unit test will use this member to allow local patch on a buffer. 48 HMODULE ntdll_base_; 49 50 // Handle of the child process. 51 HANDLE process_; 52 53 protected: 54 // Keeps track of a Windows 2000 resolver. 55 bool win2k_; 56 57 private: 58 // Returns true if the code pointer by target_ corresponds to the expected 59 // type of function. Saves that code on the first part of the thunk pointed 60 // by local_thunk (should be directly accessible from the parent). 61 virtual bool IsFunctionAService(void* local_thunk) const; 62 63 // Performs the actual patch of target_. 64 // local_thunk must be already fully initialized, and the first part must 65 // contain the original code. The real type of this buffer is ServiceFullThunk 66 // (yes, private). remote_thunk (real type ServiceFullThunk), must be 67 // allocated on the child, and will contain the thunk data, after this call. 68 // Returns the apropriate status code. 69 virtual NTSTATUS PerformPatch(void* local_thunk, void* remote_thunk); 70 71 // Provides basically the same functionality as IsFunctionAService but it 72 // continues even if it does not recognize the function code. remote_thunk 73 // is the address of our memory on the child. 74 bool SaveOriginalFunction(void* local_thunk, void* remote_thunk); 75 76 // true if we are allowed to patch already-patched functions. 77 bool relaxed_; 78 ULONG relative_jump_; 79 80 DISALLOW_COPY_AND_ASSIGN(ServiceResolverThunk); 81 }; 82 83 // This is the concrete resolver used to perform service-call type functions 84 // inside ntdll.dll on WOW64 (32 bit ntdll on 64 bit Vista). 85 class Wow64ResolverThunk : public ServiceResolverThunk { 86 public: 87 // The service resolver needs a child process to write to. 88 Wow64ResolverThunk(HANDLE process, bool relaxed) 89 : ServiceResolverThunk(process, relaxed) {} 90 virtual ~Wow64ResolverThunk() {} 91 92 private: 93 virtual bool IsFunctionAService(void* local_thunk) const; 94 95 DISALLOW_COPY_AND_ASSIGN(Wow64ResolverThunk); 96 }; 97 98 // This is the concrete resolver used to perform service-call type functions 99 // inside ntdll.dll on WOW64 for Windows 8. 100 class Wow64W8ResolverThunk : public ServiceResolverThunk { 101 public: 102 // The service resolver needs a child process to write to. 103 Wow64W8ResolverThunk(HANDLE process, bool relaxed) 104 : ServiceResolverThunk(process, relaxed) {} 105 virtual ~Wow64W8ResolverThunk() {} 106 107 private: 108 virtual bool IsFunctionAService(void* local_thunk) const; 109 110 DISALLOW_COPY_AND_ASSIGN(Wow64W8ResolverThunk); 111 }; 112 113 // This is the concrete resolver used to perform service-call type functions 114 // inside ntdll.dll on Windows 2000 and XP pre SP2. 115 class Win2kResolverThunk : public ServiceResolverThunk { 116 public: 117 // The service resolver needs a child process to write to. 118 Win2kResolverThunk(HANDLE process, bool relaxed) 119 : ServiceResolverThunk(process, relaxed) { 120 win2k_ = true; 121 } 122 virtual ~Win2kResolverThunk() {} 123 124 private: 125 virtual bool IsFunctionAService(void* local_thunk) const; 126 127 DISALLOW_COPY_AND_ASSIGN(Win2kResolverThunk); 128 }; 129 130 // This is the concrete resolver used to perform service-call type functions 131 // inside ntdll.dll on Windows 8. 132 class Win8ResolverThunk : public ServiceResolverThunk { 133 public: 134 // The service resolver needs a child process to write to. 135 Win8ResolverThunk(HANDLE process, bool relaxed) 136 : ServiceResolverThunk(process, relaxed) {} 137 virtual ~Win8ResolverThunk() {} 138 139 private: 140 virtual bool IsFunctionAService(void* local_thunk) const; 141 142 DISALLOW_COPY_AND_ASSIGN(Win8ResolverThunk); 143 }; 144 145 } // namespace sandbox 146 147 148 #endif // SANDBOX_SRC_SERVICE_RESOLVER_H__ 149
