In windows 7 there is a new Reg call that we need to
hook. NtOpenKeyEx. I don't know what the last parameter is. I suspect it's a reserved flag for "options". (As in RegOpenKeyEx). I do not handle the case where this unknown flag is non-zero. The current unit tests covers this code. bug:7611 Review URL: http://codereview.chromium.org/20287 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9762 0039d316-1c4b-4281-b951-d872f2087c98
This commit is contained in:
@ -354,6 +354,12 @@ typedef NTSTATUS (WINAPI *NtOpenKeyFunction)(
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN POBJECT_ATTRIBUTES ObjectAttributes);
|
||||
|
||||
typedef NTSTATUS (WINAPI *NtOpenKeyExFunction)(
|
||||
OUT PHANDLE KeyHandle,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
||||
IN DWORD unknown); // TODO(nsylvain): define this. bug 7611
|
||||
|
||||
// -----------------------------------------------------------------------
|
||||
// Memory
|
||||
|
||||
|
@ -6,6 +6,7 @@
|
||||
|
||||
#include "base/logging.h"
|
||||
#include "base/scoped_handle_win.h"
|
||||
#include "base/win_util.h"
|
||||
#include "sandbox/src/crosscall_client.h"
|
||||
#include "sandbox/src/interception.h"
|
||||
#include "sandbox/src/ipc_tags.h"
|
||||
@ -60,8 +61,12 @@ bool RegistryDispatcher::SetupService(InterceptionManager* manager,
|
||||
if (IPC_NTCREATEKEY_TAG == service)
|
||||
return INTERCEPT_NT(manager, NtCreateKey, "_TargetNtCreateKey@32");
|
||||
|
||||
if (IPC_NTOPENKEY_TAG == service)
|
||||
return INTERCEPT_NT(manager, NtOpenKey, "_TargetNtOpenKey@16");
|
||||
if (IPC_NTOPENKEY_TAG == service) {
|
||||
bool result = INTERCEPT_NT(manager, NtOpenKey, "_TargetNtOpenKey@16");
|
||||
if (win_util::GetWinVersion() >= win_util::WINVERSION_WIN7)
|
||||
result &= INTERCEPT_NT(manager, NtOpenKeyEx, "_TargetNtOpenKeyEx@20");
|
||||
return result;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
@ -88,14 +88,9 @@ NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey,
|
||||
return status;
|
||||
}
|
||||
|
||||
NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key,
|
||||
NTSTATUS WINAPI CommonNtOpenKey(NTSTATUS status, PHANDLE key,
|
||||
ACCESS_MASK desired_access,
|
||||
POBJECT_ATTRIBUTES object_attributes) {
|
||||
// Check if the process can open it first.
|
||||
NTSTATUS status = orig_OpenKey(key, desired_access, object_attributes);
|
||||
if (NT_SUCCESS(status))
|
||||
return status;
|
||||
|
||||
// We don't trust that the IPC can work this early.
|
||||
if (!SandboxFactory::GetTargetServices()->GetState()->InitCalled())
|
||||
return status;
|
||||
@ -146,5 +141,33 @@ NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key,
|
||||
return status;
|
||||
}
|
||||
|
||||
NTSTATUS WINAPI TargetNtOpenKey(NtOpenKeyFunction orig_OpenKey, PHANDLE key,
|
||||
ACCESS_MASK desired_access,
|
||||
POBJECT_ATTRIBUTES object_attributes) {
|
||||
// Check if the process can open it first.
|
||||
NTSTATUS status = orig_OpenKey(key, desired_access, object_attributes);
|
||||
if (NT_SUCCESS(status))
|
||||
return status;
|
||||
|
||||
return CommonNtOpenKey(status, key, desired_access, object_attributes);
|
||||
}
|
||||
|
||||
NTSTATUS WINAPI TargetNtOpenKeyEx(NtOpenKeyExFunction orig_OpenKeyEx,
|
||||
PHANDLE key, ACCESS_MASK desired_access,
|
||||
POBJECT_ATTRIBUTES object_attributes,
|
||||
DWORD unknown) {
|
||||
// Check if the process can open it first.
|
||||
NTSTATUS status = orig_OpenKeyEx(key, desired_access, object_attributes,
|
||||
unknown);
|
||||
|
||||
// TODO(nsylvain): We don't know what the last parameter is. If it's not
|
||||
// zero, we don't attempt to proxy the call. We need to find out what it is!
|
||||
// See bug 7611
|
||||
if (NT_SUCCESS(status) || unknown != 0)
|
||||
return status;
|
||||
|
||||
return CommonNtOpenKey(status, key, desired_access, object_attributes);
|
||||
}
|
||||
|
||||
} // namespace sandbox
|
||||
|
||||
|
@ -25,6 +25,12 @@ SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKey(
|
||||
NtOpenKeyFunction orig_OpenKey, PHANDLE key, ACCESS_MASK desired_access,
|
||||
POBJECT_ATTRIBUTES object_attributes);
|
||||
|
||||
// Interception of NtOpenKeyEx on the child process.
|
||||
// It should never be called directly
|
||||
SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenKeyEx(
|
||||
NtOpenKeyExFunction orig_OpenKeyEx, PHANDLE key, ACCESS_MASK desired_access,
|
||||
POBJECT_ATTRIBUTES object_attributes, DWORD unknown);
|
||||
|
||||
} // extern "C"
|
||||
|
||||
} // namespace sandbox
|
||||
|
Reference in New Issue
Block a user