• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 // This file contains unit tests for InterceptionManager.
6 // The tests require private information so the whole interception.cc file is
7 // included from this file.
8 
9 #include <windows.h>
10 
11 #include "base/memory/scoped_ptr.h"
12 #include "sandbox/win/src/interception.h"
13 #include "sandbox/win/src/interceptors.h"
14 #include "sandbox/win/src/interception_internal.h"
15 #include "sandbox/win/src/target_process.h"
16 #include "testing/gtest/include/gtest/gtest.h"
17 
18 namespace sandbox {
19 
20 // Walks the settings buffer, verifying that the values make sense and counting
21 // objects.
22 // Arguments:
23 // buffer (in): the buffer to walk.
24 // size (in): buffer size
25 // num_dlls (out): count of the dlls on the buffer.
26 // num_function (out): count of intercepted functions.
27 // num_names (out): count of named interceptor functions.
WalkBuffer(void * buffer,size_t size,int * num_dlls,int * num_functions,int * num_names)28 void WalkBuffer(void* buffer, size_t size, int* num_dlls, int* num_functions,
29                 int* num_names) {
30   ASSERT_TRUE(NULL != buffer);
31   ASSERT_TRUE(NULL != num_functions);
32   ASSERT_TRUE(NULL != num_names);
33   *num_dlls = *num_functions = *num_names = 0;
34   SharedMemory *memory = reinterpret_cast<SharedMemory*>(buffer);
35 
36   ASSERT_GT(size, sizeof(SharedMemory));
37   DllPatchInfo *dll = &memory->dll_list[0];
38 
39   for (int i = 0; i < memory->num_intercepted_dlls; i++) {
40     ASSERT_NE(0u, wcslen(dll->dll_name));
41     ASSERT_EQ(0u, dll->record_bytes % sizeof(size_t));
42     ASSERT_EQ(0u, dll->offset_to_functions % sizeof(size_t));
43     ASSERT_NE(0, dll->num_functions);
44 
45     FunctionInfo *function = reinterpret_cast<FunctionInfo*>(
46       reinterpret_cast<char*>(dll) + dll->offset_to_functions);
47 
48     for (int j = 0; j < dll->num_functions; j++) {
49       ASSERT_EQ(0u, function->record_bytes % sizeof(size_t));
50 
51       char* name = function->function;
52       size_t length = strlen(name);
53       ASSERT_NE(0u, length);
54       name += length + 1;
55 
56       // look for overflows
57       ASSERT_GT(reinterpret_cast<char*>(buffer) + size, name + strlen(name));
58 
59       // look for a named interceptor
60       if (strlen(name)) {
61         (*num_names)++;
62         EXPECT_TRUE(NULL == function->interceptor_address);
63       } else {
64         EXPECT_TRUE(NULL != function->interceptor_address);
65       }
66 
67       (*num_functions)++;
68       function = reinterpret_cast<FunctionInfo*>(
69         reinterpret_cast<char*>(function) + function->record_bytes);
70     }
71 
72     (*num_dlls)++;
73     dll = reinterpret_cast<DllPatchInfo*>(reinterpret_cast<char*>(dll) +
74                                           dll->record_bytes);
75   }
76 }
77 
TEST(InterceptionManagerTest,BufferLayout1)78 TEST(InterceptionManagerTest, BufferLayout1) {
79   wchar_t exe_name[MAX_PATH];
80   ASSERT_NE(0u, GetModuleFileName(NULL, exe_name, MAX_PATH - 1));
81 
82   TargetProcess *target = MakeTestTargetProcess(::GetCurrentProcess(),
83                                                 ::GetModuleHandle(exe_name));
84 
85   InterceptionManager interceptions(target, true);
86 
87   // Any pointer will do for a function pointer.
88   void* function = &interceptions;
89 
90   // We don't care about the interceptor id.
91   interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtCreateFile",
92                                       INTERCEPTION_SERVICE_CALL, function,
93                                       OPEN_KEY_ID);
94   interceptions.AddToPatchedFunctions(L"kernel32.dll", "CreateFileEx",
95                                       INTERCEPTION_EAT, function, OPEN_KEY_ID);
96   interceptions.AddToPatchedFunctions(L"kernel32.dll", "SomeFileEx",
97                                       INTERCEPTION_SMART_SIDESTEP, function,
98                                       OPEN_KEY_ID);
99   interceptions.AddToPatchedFunctions(L"user32.dll", "FindWindow",
100                                       INTERCEPTION_EAT, function, OPEN_KEY_ID);
101   interceptions.AddToPatchedFunctions(L"kernel32.dll", "CreateMutex",
102                                       INTERCEPTION_EAT, function, OPEN_KEY_ID);
103   interceptions.AddToPatchedFunctions(L"user32.dll", "PostMsg",
104                                       INTERCEPTION_EAT, function, OPEN_KEY_ID);
105   interceptions.AddToPatchedFunctions(L"user32.dll", "PostMsg",
106                                       INTERCEPTION_EAT, "replacement",
107                                       OPEN_KEY_ID);
108   interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg",
109                                       INTERCEPTION_EAT, function, OPEN_KEY_ID);
110   interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtClose",
111                                       INTERCEPTION_SERVICE_CALL, function,
112                                       OPEN_KEY_ID);
113   interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtOpenFile",
114                                       INTERCEPTION_SIDESTEP, function,
115                                       OPEN_KEY_ID);
116   interceptions.AddToPatchedFunctions(L"some.dll", "Superfn",
117                                       INTERCEPTION_EAT, function, OPEN_KEY_ID);
118   interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg",
119                                       INTERCEPTION_EAT, "a", OPEN_KEY_ID);
120   interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg",
121                                       INTERCEPTION_SIDESTEP, "ab", OPEN_KEY_ID);
122   interceptions.AddToPatchedFunctions(L"comctl.dll", "SaveAsDlg",
123                                       INTERCEPTION_EAT, "abc", OPEN_KEY_ID);
124   interceptions.AddToPatchedFunctions(L"a.dll", "p",
125                                       INTERCEPTION_EAT, function, OPEN_KEY_ID);
126   interceptions.AddToPatchedFunctions(L"b.dll",
127                                       "TheIncredibleCallToSaveTheWorld",
128                                       INTERCEPTION_EAT, function, OPEN_KEY_ID);
129   interceptions.AddToPatchedFunctions(L"a.dll", "BIsLame",
130                                       INTERCEPTION_EAT, function, OPEN_KEY_ID);
131   interceptions.AddToPatchedFunctions(L"a.dll", "ARules",
132                                       INTERCEPTION_EAT, function, OPEN_KEY_ID);
133 
134   // Verify that all interceptions were added
135   ASSERT_EQ(18, interceptions.interceptions_.size());
136 
137   size_t buffer_size = interceptions.GetBufferSize();
138   scoped_ptr<BYTE[]> local_buffer(new BYTE[buffer_size]);
139 
140   ASSERT_TRUE(interceptions.SetupConfigBuffer(local_buffer.get(),
141                                               buffer_size));
142 
143   // At this point, the interceptions should have been separated into two
144   // groups: one group with the local ("cold") interceptions, consisting of
145   // everything from ntdll and stuff set as INTRECEPTION_SERVICE_CALL, and
146   // another group with the interceptions belonging to dlls that will be "hot"
147   // patched on the client. The second group lives on local_buffer, and the
148   // first group remains on the list of interceptions (inside the object
149   // "interceptions"). There are 3 local interceptions (of ntdll); the
150   // other 15 have to be sent to the child to be performed "hot".
151   EXPECT_EQ(3, interceptions.interceptions_.size());
152 
153   int num_dlls, num_functions, num_names;
154   WalkBuffer(local_buffer.get(), buffer_size, &num_dlls, &num_functions,
155              &num_names);
156 
157   // The 15 interceptions on the buffer (to the child) should be grouped on 6
158   // dlls. Only four interceptions are using an explicit name for the
159   // interceptor function.
160   EXPECT_EQ(6, num_dlls);
161   EXPECT_EQ(15, num_functions);
162   EXPECT_EQ(4, num_names);
163 }
164 
TEST(InterceptionManagerTest,BufferLayout2)165 TEST(InterceptionManagerTest, BufferLayout2) {
166   wchar_t exe_name[MAX_PATH];
167   ASSERT_NE(0u, GetModuleFileName(NULL, exe_name, MAX_PATH - 1));
168 
169   TargetProcess *target = MakeTestTargetProcess(::GetCurrentProcess(),
170                                                 ::GetModuleHandle(exe_name));
171 
172   InterceptionManager interceptions(target, true);
173 
174   // Any pointer will do for a function pointer.
175   void* function = &interceptions;
176   interceptions.AddToUnloadModules(L"some01.dll");
177   // We don't care about the interceptor id.
178   interceptions.AddToPatchedFunctions(L"ntdll.dll", "NtCreateFile",
179                                       INTERCEPTION_SERVICE_CALL, function,
180                                       OPEN_FILE_ID);
181   interceptions.AddToPatchedFunctions(L"kernel32.dll", "CreateFileEx",
182                                       INTERCEPTION_EAT, function, OPEN_FILE_ID);
183   interceptions.AddToUnloadModules(L"some02.dll");
184   interceptions.AddToPatchedFunctions(L"kernel32.dll", "SomeFileEx",
185                                       INTERCEPTION_SMART_SIDESTEP, function,
186                                       OPEN_FILE_ID);
187   // Verify that all interceptions were added
188   ASSERT_EQ(5, interceptions.interceptions_.size());
189 
190   size_t buffer_size = interceptions.GetBufferSize();
191   scoped_ptr<BYTE[]> local_buffer(new BYTE[buffer_size]);
192 
193   ASSERT_TRUE(interceptions.SetupConfigBuffer(local_buffer.get(),
194                                               buffer_size));
195 
196   // At this point, the interceptions should have been separated into two
197   // groups: one group with the local ("cold") interceptions, and another
198   // group with the interceptions belonging to dlls that will be "hot"
199   // patched on the client. The second group lives on local_buffer, and the
200   // first group remains on the list of interceptions, in this case just one.
201   EXPECT_EQ(1, interceptions.interceptions_.size());
202 
203   int num_dlls, num_functions, num_names;
204   WalkBuffer(local_buffer.get(), buffer_size, &num_dlls, &num_functions,
205              &num_names);
206 
207   EXPECT_EQ(3, num_dlls);
208   EXPECT_EQ(4, num_functions);
209   EXPECT_EQ(0, num_names);
210 }
211 
212 }  // namespace sandbox
213