1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "sandbox/win/src/restricted_token.h" 6 #include "sandbox/win/src/restricted_token_utils.h" 7 #include "sandbox/win/tools/finder/finder.h" 8 9 Finder::Finder() { 10 file_output_ = NULL; 11 object_type_ = 0; 12 access_type_ = 0; 13 token_handle_ = NULL; 14 memset(filesystem_stats_, 0, sizeof(filesystem_stats_)); 15 memset(registry_stats_, 0, sizeof(registry_stats_)); 16 memset(kernel_object_stats_, 0, sizeof(kernel_object_stats_)); 17 } 18 19 Finder::~Finder() { 20 if (token_handle_) 21 ::CloseHandle(token_handle_); 22 } 23 24 DWORD Finder::Init(sandbox::TokenLevel token_type, 25 DWORD object_type, 26 DWORD access_type, 27 FILE *file_output) { 28 DWORD err_code = ERROR_SUCCESS; 29 30 err_code = InitNT(); 31 if (ERROR_SUCCESS != err_code) 32 return err_code; 33 34 object_type_ = object_type; 35 access_type_ = access_type; 36 file_output_ = file_output; 37 38 err_code = sandbox::CreateRestrictedToken(&token_handle_, token_type, 39 sandbox::INTEGRITY_LEVEL_LAST, 40 sandbox::PRIMARY); 41 return err_code; 42 } 43 44 DWORD Finder::Scan() { 45 if (!token_handle_) { 46 return ERROR_NO_TOKEN; 47 } 48 49 if (object_type_ & kScanRegistry) { 50 ParseRegistry(HKEY_LOCAL_MACHINE, L"HKLM\\"); 51 ParseRegistry(HKEY_USERS, L"HKU\\"); 52 ParseRegistry(HKEY_CURRENT_CONFIG, L"HKCC\\"); 53 } 54 55 if (object_type_ & kScanFileSystem) { 56 ParseFileSystem(L"\\\\?\\C:"); 57 } 58 59 if (object_type_ & kScanKernelObjects) { 60 ParseKernelObjects(L"\\"); 61 } 62 63 return ERROR_SUCCESS; 64 } 65
