1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "sandbox/win/src/interceptors_64.h" 6 7 #include "sandbox/win/src/interceptors.h" 8 #include "sandbox/win/src/filesystem_interception.h" 9 #include "sandbox/win/src/named_pipe_interception.h" 10 #include "sandbox/win/src/policy_target.h" 11 #include "sandbox/win/src/process_mitigations_win32k_interception.h" 12 #include "sandbox/win/src/process_thread_interception.h" 13 #include "sandbox/win/src/registry_interception.h" 14 #include "sandbox/win/src/sandbox_nt_types.h" 15 #include "sandbox/win/src/sandbox_types.h" 16 #include "sandbox/win/src/sync_interception.h" 17 #include "sandbox/win/src/target_interceptions.h" 18 19 namespace sandbox { 20 21 SANDBOX_INTERCEPT NtExports g_nt; 22 SANDBOX_INTERCEPT OriginalFunctions g_originals; 23 24 NTSTATUS WINAPI TargetNtMapViewOfSection64( 25 HANDLE section, HANDLE process, PVOID *base, ULONG_PTR zero_bits, 26 SIZE_T commit_size, PLARGE_INTEGER offset, PSIZE_T view_size, 27 SECTION_INHERIT inherit, ULONG allocation_type, ULONG protect) { 28 NtMapViewOfSectionFunction orig_fn = reinterpret_cast< 29 NtMapViewOfSectionFunction>(g_originals[MAP_VIEW_OF_SECTION_ID]); 30 31 return TargetNtMapViewOfSection(orig_fn, section, process, base, zero_bits, 32 commit_size, offset, view_size, inherit, 33 allocation_type, protect); 34 } 35 36 NTSTATUS WINAPI TargetNtUnmapViewOfSection64(HANDLE process, PVOID base) { 37 NtUnmapViewOfSectionFunction orig_fn = reinterpret_cast< 38 NtUnmapViewOfSectionFunction>(g_originals[UNMAP_VIEW_OF_SECTION_ID]); 39 return TargetNtUnmapViewOfSection(orig_fn, process, base); 40 } 41 42 // ----------------------------------------------------------------------- 43 44 NTSTATUS WINAPI TargetNtSetInformationThread64( 45 HANDLE thread, NT_THREAD_INFORMATION_CLASS thread_info_class, 46 PVOID thread_information, ULONG thread_information_bytes) { 47 NtSetInformationThreadFunction orig_fn = reinterpret_cast< 48 NtSetInformationThreadFunction>(g_originals[SET_INFORMATION_THREAD_ID]); 49 return TargetNtSetInformationThread(orig_fn, thread, thread_info_class, 50 thread_information, 51 thread_information_bytes); 52 } 53 54 NTSTATUS WINAPI TargetNtOpenThreadToken64( 55 HANDLE thread, ACCESS_MASK desired_access, BOOLEAN open_as_self, 56 PHANDLE token) { 57 NtOpenThreadTokenFunction orig_fn = reinterpret_cast< 58 NtOpenThreadTokenFunction>(g_originals[OPEN_THREAD_TOKEN_ID]); 59 return TargetNtOpenThreadToken(orig_fn, thread, desired_access, open_as_self, 60 token); 61 } 62 63 NTSTATUS WINAPI TargetNtOpenThreadTokenEx64( 64 HANDLE thread, ACCESS_MASK desired_access, BOOLEAN open_as_self, 65 ULONG handle_attributes, PHANDLE token) { 66 NtOpenThreadTokenExFunction orig_fn = reinterpret_cast< 67 NtOpenThreadTokenExFunction>(g_originals[OPEN_THREAD_TOKEN_EX_ID]); 68 return TargetNtOpenThreadTokenEx(orig_fn, thread, desired_access, 69 open_as_self, handle_attributes, token); 70 } 71 72 // ----------------------------------------------------------------------- 73 74 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateFile64( 75 PHANDLE file, ACCESS_MASK desired_access, 76 POBJECT_ATTRIBUTES object_attributes, PIO_STATUS_BLOCK io_status, 77 PLARGE_INTEGER allocation_size, ULONG file_attributes, ULONG sharing, 78 ULONG disposition, ULONG options, PVOID ea_buffer, ULONG ea_length) { 79 NtCreateFileFunction orig_fn = reinterpret_cast< 80 NtCreateFileFunction>(g_originals[CREATE_FILE_ID]); 81 return TargetNtCreateFile(orig_fn, file, desired_access, object_attributes, 82 io_status, allocation_size, file_attributes, 83 sharing, disposition, options, ea_buffer, 84 ea_length); 85 } 86 87 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenFile64( 88 PHANDLE file, ACCESS_MASK desired_access, 89 POBJECT_ATTRIBUTES object_attributes, PIO_STATUS_BLOCK io_status, 90 ULONG sharing, ULONG options) { 91 NtOpenFileFunction orig_fn = reinterpret_cast< 92 NtOpenFileFunction>(g_originals[OPEN_FILE_ID]); 93 return TargetNtOpenFile(orig_fn, file, desired_access, object_attributes, 94 io_status, sharing, options); 95 } 96 97 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtQueryAttributesFile64( 98 POBJECT_ATTRIBUTES object_attributes, 99 PFILE_BASIC_INFORMATION file_attributes) { 100 NtQueryAttributesFileFunction orig_fn = reinterpret_cast< 101 NtQueryAttributesFileFunction>(g_originals[QUERY_ATTRIB_FILE_ID]); 102 return TargetNtQueryAttributesFile(orig_fn, object_attributes, 103 file_attributes); 104 } 105 106 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtQueryFullAttributesFile64( 107 POBJECT_ATTRIBUTES object_attributes, 108 PFILE_NETWORK_OPEN_INFORMATION file_attributes) { 109 NtQueryFullAttributesFileFunction orig_fn = reinterpret_cast< 110 NtQueryFullAttributesFileFunction>( 111 g_originals[QUERY_FULL_ATTRIB_FILE_ID]); 112 return TargetNtQueryFullAttributesFile(orig_fn, object_attributes, 113 file_attributes); 114 } 115 116 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtSetInformationFile64( 117 HANDLE file, PIO_STATUS_BLOCK io_status, PVOID file_information, 118 ULONG length, FILE_INFORMATION_CLASS file_information_class) { 119 NtSetInformationFileFunction orig_fn = reinterpret_cast< 120 NtSetInformationFileFunction>(g_originals[SET_INFO_FILE_ID]); 121 return TargetNtSetInformationFile(orig_fn, file, io_status, file_information, 122 length, file_information_class); 123 } 124 125 // ----------------------------------------------------------------------- 126 127 SANDBOX_INTERCEPT HANDLE WINAPI TargetCreateNamedPipeW64( 128 LPCWSTR pipe_name, DWORD open_mode, DWORD pipe_mode, DWORD max_instance, 129 DWORD out_buffer_size, DWORD in_buffer_size, DWORD default_timeout, 130 LPSECURITY_ATTRIBUTES security_attributes) { 131 CreateNamedPipeWFunction orig_fn = reinterpret_cast< 132 CreateNamedPipeWFunction>(g_originals[CREATE_NAMED_PIPE_ID]); 133 return TargetCreateNamedPipeW(orig_fn, pipe_name, open_mode, pipe_mode, 134 max_instance, out_buffer_size, in_buffer_size, 135 default_timeout, security_attributes); 136 } 137 138 // ----------------------------------------------------------------------- 139 140 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThread64( 141 PHANDLE thread, ACCESS_MASK desired_access, 142 POBJECT_ATTRIBUTES object_attributes, PCLIENT_ID client_id) { 143 NtOpenThreadFunction orig_fn = reinterpret_cast< 144 NtOpenThreadFunction>(g_originals[OPEN_TREAD_ID]); 145 return TargetNtOpenThread(orig_fn, thread, desired_access, object_attributes, 146 client_id); 147 } 148 149 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcess64( 150 PHANDLE process, ACCESS_MASK desired_access, 151 POBJECT_ATTRIBUTES object_attributes, PCLIENT_ID client_id) { 152 NtOpenProcessFunction orig_fn = reinterpret_cast< 153 NtOpenProcessFunction>(g_originals[OPEN_PROCESS_ID]); 154 return TargetNtOpenProcess(orig_fn, process, desired_access, 155 object_attributes, client_id); 156 } 157 158 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessToken64( 159 HANDLE process, ACCESS_MASK desired_access, PHANDLE token) { 160 NtOpenProcessTokenFunction orig_fn = reinterpret_cast< 161 NtOpenProcessTokenFunction>(g_originals[OPEN_PROCESS_TOKEN_ID]); 162 return TargetNtOpenProcessToken(orig_fn, process, desired_access, token); 163 } 164 165 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessTokenEx64( 166 HANDLE process, ACCESS_MASK desired_access, ULONG handle_attributes, 167 PHANDLE token) { 168 NtOpenProcessTokenExFunction orig_fn = reinterpret_cast< 169 NtOpenProcessTokenExFunction>(g_originals[OPEN_PROCESS_TOKEN_EX_ID]); 170 return TargetNtOpenProcessTokenEx(orig_fn, process, desired_access, 171 handle_attributes, token); 172 } 173 174 SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessW64( 175 LPCWSTR application_name, LPWSTR command_line, 176 LPSECURITY_ATTRIBUTES process_attributes, 177 LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags, 178 LPVOID environment, LPCWSTR current_directory, LPSTARTUPINFOW startup_info, 179 LPPROCESS_INFORMATION process_information) { 180 CreateProcessWFunction orig_fn = reinterpret_cast< 181 CreateProcessWFunction>(g_originals[CREATE_PROCESSW_ID]); 182 return TargetCreateProcessW(orig_fn, application_name, command_line, 183 process_attributes, thread_attributes, 184 inherit_handles, flags, environment, 185 current_directory, startup_info, 186 process_information); 187 } 188 189 SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessA64( 190 LPCSTR application_name, LPSTR command_line, 191 LPSECURITY_ATTRIBUTES process_attributes, 192 LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags, 193 LPVOID environment, LPCSTR current_directory, LPSTARTUPINFOA startup_info, 194 LPPROCESS_INFORMATION process_information) { 195 CreateProcessAFunction orig_fn = reinterpret_cast< 196 CreateProcessAFunction>(g_originals[CREATE_PROCESSA_ID]); 197 return TargetCreateProcessA(orig_fn, application_name, command_line, 198 process_attributes, thread_attributes, 199 inherit_handles, flags, environment, 200 current_directory, startup_info, 201 process_information); 202 } 203 204 // ----------------------------------------------------------------------- 205 206 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateKey64( 207 PHANDLE key, ACCESS_MASK desired_access, 208 POBJECT_ATTRIBUTES object_attributes, ULONG title_index, 209 PUNICODE_STRING class_name, ULONG create_options, PULONG disposition) { 210 NtCreateKeyFunction orig_fn = reinterpret_cast< 211 NtCreateKeyFunction>(g_originals[CREATE_KEY_ID]); 212 return TargetNtCreateKey(orig_fn, key, desired_access, object_attributes, 213 title_index, class_name, create_options, 214 disposition); 215 } 216 217 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKey64( 218 PHANDLE key, ACCESS_MASK desired_access, 219 POBJECT_ATTRIBUTES object_attributes) { 220 NtOpenKeyFunction orig_fn = reinterpret_cast< 221 NtOpenKeyFunction>(g_originals[OPEN_KEY_ID]); 222 return TargetNtOpenKey(orig_fn, key, desired_access, object_attributes); 223 } 224 225 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKeyEx64( 226 PHANDLE key, ACCESS_MASK desired_access, 227 POBJECT_ATTRIBUTES object_attributes, ULONG open_options) { 228 NtOpenKeyExFunction orig_fn = reinterpret_cast< 229 NtOpenKeyExFunction>(g_originals[OPEN_KEY_EX_ID]); 230 return TargetNtOpenKeyEx(orig_fn, key, desired_access, object_attributes, 231 open_options); 232 } 233 234 // ----------------------------------------------------------------------- 235 236 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtCreateEvent64( 237 PHANDLE event_handle, ACCESS_MASK desired_access, 238 POBJECT_ATTRIBUTES object_attributes, EVENT_TYPE event_type, 239 BOOLEAN initial_state) { 240 NtCreateEventFunction orig_fn = reinterpret_cast< 241 NtCreateEventFunction>(g_originals[CREATE_EVENT_ID]); 242 return TargetNtCreateEvent(orig_fn, event_handle, desired_access, 243 object_attributes, event_type, initial_state); 244 } 245 246 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenEvent64( 247 PHANDLE event_handle, ACCESS_MASK desired_access, 248 POBJECT_ATTRIBUTES object_attributes) { 249 NtOpenEventFunction orig_fn = reinterpret_cast< 250 NtOpenEventFunction>(g_originals[OPEN_EVENT_ID]); 251 return TargetNtOpenEvent(orig_fn, event_handle, desired_access, 252 object_attributes); 253 } 254 255 // ----------------------------------------------------------------------- 256 257 SANDBOX_INTERCEPT BOOL WINAPI TargetGdiDllInitialize64( 258 HANDLE dll, 259 DWORD reason) { 260 GdiDllInitializeFunction orig_fn = reinterpret_cast< 261 GdiDllInitializeFunction>(g_originals[GDIINITIALIZE_ID]); 262 return TargetGdiDllInitialize(orig_fn, dll, reason); 263 } 264 265 SANDBOX_INTERCEPT HGDIOBJ WINAPI TargetGetStockObject64(int object) { 266 GetStockObjectFunction orig_fn = reinterpret_cast< 267 GetStockObjectFunction>(g_originals[GETSTOCKOBJECT_ID]); 268 return TargetGetStockObject(orig_fn, object); 269 } 270 271 SANDBOX_INTERCEPT ATOM WINAPI TargetRegisterClassW64( 272 const WNDCLASS* wnd_class) { 273 RegisterClassWFunction orig_fn = reinterpret_cast< 274 RegisterClassWFunction>(g_originals[REGISTERCLASSW_ID]); 275 return TargetRegisterClassW(orig_fn, wnd_class); 276 } 277 278 } // namespace sandbox 279
