1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_INTEGRITY_VERIFIER_WIN_H_ 6 #define CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_INTEGRITY_VERIFIER_WIN_H_ 7 8 #include <stdint.h> 9 10 #include <set> 11 #include <string> 12 13 namespace base { 14 namespace win { 15 class PEImage; 16 class PEImageAsData; 17 } // namespace win 18 } // namespace base 19 20 namespace safe_browsing { 21 22 // This enum defines the possible module states VerifyModule can return. 23 enum ModuleState { 24 MODULE_STATE_UNKNOWN, 25 MODULE_STATE_UNMODIFIED, 26 MODULE_STATE_MODIFIED, 27 }; 28 29 // Helper to grab the addresses and size of the code section of a PEImage. 30 // Returns two addresses: one for the dll loaded as a library, the other for the 31 // dll loaded as data. 32 bool GetCodeAddrsAndSize(const base::win::PEImage& mem_peimage, 33 const base::win::PEImageAsData& disk_peimage, 34 uint8_t** mem_code_addr, 35 uint8_t** disk_code_addr, 36 uint32_t* code_size); 37 38 // Examines the code section of the given module in memory and on disk, looking 39 // for unexpected differences. Returns a ModuleState and and a set of the 40 // possibly modified exports. 41 ModuleState VerifyModule(const wchar_t* module_name, 42 std::set<std::string>* modified_exports); 43 44 } // namespace safe_browsing 45 46 #endif // CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_MODULE_INTEGRITY_VERIFIER_WIN_H_ 47