forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
1. Automate the selection of the proper channel to enable the verifier. Now the code is enabled at runtime. 2. Switch to a hash_map to track handles. 3. Intercept CloseHandle to detect the code that is closing handles owned by ScopedHandles. The initial implementation only covers chrome.exe/dll, but the plan is to extend that in the future to all modules loaded in the process. BUG=362176 See https://codereview.chromium.org/490043002/ for the initial review. Review URL: https://codereview.chromium.org/510633002 Cr-Commit-Position: refs/heads/master@{#293365}
- Loading branch information
rvargas
authored and
Commit bot
committed
Sep 4, 2014
1 parent
65b063b
commit 86d7c90
Showing
8 changed files
with
261 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,118 @@ | ||
// Copyright 2014 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#include "chrome/app/close_handle_hook_win.h" | ||
|
||
#include <Windows.h> | ||
|
||
#include <vector> | ||
|
||
#include "base/files/file_path.h" | ||
#include "base/lazy_instance.h" | ||
#include "base/strings/string16.h" | ||
#include "base/win/iat_patch_function.h" | ||
#include "base/win/scoped_handle.h" | ||
#include "chrome/common/chrome_version_info.h" | ||
|
||
namespace { | ||
|
||
typedef BOOL (WINAPI* CloseHandleType) (HANDLE handle); | ||
CloseHandleType g_close_function = NULL; | ||
|
||
// The entry point for CloseHandle interception. This function notifies the | ||
// verifier about the handle that is being closed, and calls the original | ||
// function. | ||
BOOL WINAPI CloseHandleHook(HANDLE handle) { | ||
base::win::OnHandleBeingClosed(handle); | ||
return g_close_function(handle); | ||
} | ||
|
||
// Keeps track of all the hooks needed to intercept CloseHandle. | ||
class CloseHandleHooks { | ||
public: | ||
CloseHandleHooks() {} | ||
~CloseHandleHooks() {} | ||
|
||
void AddIATPatch(const base::string16& module); | ||
void Unpatch(); | ||
|
||
private: | ||
std::vector<base::win::IATPatchFunction*> hooks_; | ||
DISALLOW_COPY_AND_ASSIGN(CloseHandleHooks); | ||
}; | ||
base::LazyInstance<CloseHandleHooks> g_hooks = LAZY_INSTANCE_INITIALIZER; | ||
|
||
void CloseHandleHooks::AddIATPatch(const base::string16& module) { | ||
if (module.empty()) | ||
return; | ||
|
||
base::win::IATPatchFunction* patch = new base::win::IATPatchFunction; | ||
patch->Patch(module.c_str(), "kernel32.dll", "CloseHandle", CloseHandleHook); | ||
hooks_.push_back(patch); | ||
if (!g_close_function) { | ||
// Things are probably messed up if each intercepted function points to | ||
// a different place, but we need only one function to call. | ||
g_close_function = | ||
reinterpret_cast<CloseHandleType>(patch->original_function()); | ||
} | ||
} | ||
|
||
void CloseHandleHooks::Unpatch() { | ||
for (std::vector<base::win::IATPatchFunction*>::iterator it = hooks_.begin(); | ||
it != hooks_.end(); ++it) { | ||
(*it)->Unpatch(); | ||
} | ||
} | ||
|
||
bool UseHooks() { | ||
chrome::VersionInfo::Channel channel = chrome::VersionInfo::GetChannel(); | ||
if (channel == chrome::VersionInfo::CHANNEL_CANARY || | ||
channel == chrome::VersionInfo::CHANNEL_DEV) { | ||
return true; | ||
} | ||
|
||
return false; | ||
} | ||
|
||
base::string16 GetModuleName(HMODULE module) { | ||
base::string16 name; | ||
if (!module) | ||
return name; | ||
wchar_t buffer[MAX_PATH]; | ||
int rv = GetModuleFileName(module, buffer, MAX_PATH); | ||
if (rv == MAX_PATH) | ||
return name; | ||
|
||
buffer[MAX_PATH - 1] = L'\0'; | ||
name.assign(buffer); | ||
base::FilePath path(name); | ||
return path.BaseName().AsUTF16Unsafe(); | ||
} | ||
|
||
HMODULE GetChromeDLLModule() { | ||
HMODULE module; | ||
if (!GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | | ||
GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, | ||
reinterpret_cast<wchar_t*>(&GetChromeDLLModule), | ||
&module)) { | ||
return NULL; | ||
} | ||
return module; | ||
} | ||
|
||
} // namespace | ||
|
||
void InstallCloseHandleHooks() { | ||
if (UseHooks()) { | ||
CloseHandleHooks* hooks = g_hooks.Pointer(); | ||
hooks->AddIATPatch(L"chrome.exe"); | ||
hooks->AddIATPatch(GetModuleName(GetChromeDLLModule())); | ||
} else { | ||
base::win::DisableHandleVerifier(); | ||
} | ||
} | ||
|
||
void RemoveCloseHandleHooks() { | ||
g_hooks.Get().Unpatch(); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
// Copyright 2014 The Chromium Authors. All rights reserved. | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#ifndef CHROME_APP_CLOSE_HANDLE_HOOK_WIN_H_ | ||
#define CHROME_APP_CLOSE_HANDLE_HOOK_WIN_H_ | ||
|
||
// Installs the hooks required to debug use of improper handles. | ||
void InstallCloseHandleHooks(); | ||
|
||
// Removes the hooks installed by InstallCloseHandleHooks(). | ||
void RemoveCloseHandleHooks(); | ||
|
||
#endif // CHROME_APP_CLOSE_HANDLE_HOOK_WIN_H_ |
Oops, something went wrong.