1 // Copyright (c) 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "sandbox/win/src/nt_internals.h" 6 #include "sandbox/win/src/sandbox_types.h" 7 8 #ifndef SANDBOX_SRC_PROCESS_THREAD_INTERCEPTION_H__ 9 #define SANDBOX_SRC_PROCESS_THREAD_INTERCEPTION_H__ 10 11 namespace sandbox { 12 13 extern "C" { 14 15 typedef BOOL (WINAPI *CreateProcessWFunction)( 16 LPCWSTR lpApplicationName, 17 LPWSTR lpCommandLine, 18 LPSECURITY_ATTRIBUTES lpProcessAttributes, 19 LPSECURITY_ATTRIBUTES lpThreadAttributes, 20 BOOL bInheritHandles, 21 DWORD dwCreationFlags, 22 LPVOID lpEnvironment, 23 LPCWSTR lpCurrentDirectory, 24 LPSTARTUPINFOW lpStartupInfo, 25 LPPROCESS_INFORMATION lpProcessInformation); 26 27 typedef BOOL (WINAPI *CreateProcessAFunction)( 28 LPCSTR lpApplicationName, 29 LPSTR lpCommandLine, 30 LPSECURITY_ATTRIBUTES lpProcessAttributes, 31 LPSECURITY_ATTRIBUTES lpThreadAttributes, 32 BOOL bInheritHandles, 33 DWORD dwCreationFlags, 34 LPVOID lpEnvironment, 35 LPCSTR lpCurrentDirectory, 36 LPSTARTUPINFOA lpStartupInfo, 37 LPPROCESS_INFORMATION lpProcessInformation); 38 39 typedef HANDLE (WINAPI *CreateThreadFunction)( 40 LPSECURITY_ATTRIBUTES lpThreadAttributes, 41 SIZE_T dwStackSize, 42 LPTHREAD_START_ROUTINE lpStartAddress, 43 PVOID lpParameter, 44 DWORD dwCreationFlags, 45 LPDWORD lpThreadId); 46 47 typedef LCID (WINAPI *GetUserDefaultLCIDFunction)(); 48 49 // Interception of NtOpenThread on the child process. 50 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenThread( 51 NtOpenThreadFunction orig_OpenThread, PHANDLE thread, 52 ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes, 53 PCLIENT_ID client_id); 54 55 // Interception of NtOpenProcess on the child process. 56 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcess( 57 NtOpenProcessFunction orig_OpenProcess, PHANDLE process, 58 ACCESS_MASK desired_access, POBJECT_ATTRIBUTES object_attributes, 59 PCLIENT_ID client_id); 60 61 // Interception of NtOpenProcessToken on the child process. 62 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessToken( 63 NtOpenProcessTokenFunction orig_OpenProcessToken, HANDLE process, 64 ACCESS_MASK desired_access, PHANDLE token); 65 66 // Interception of NtOpenProcessTokenEx on the child process. 67 SANDBOX_INTERCEPT NTSTATUS WINAPI TargetNtOpenProcessTokenEx( 68 NtOpenProcessTokenExFunction orig_OpenProcessTokenEx, HANDLE process, 69 ACCESS_MASK desired_access, ULONG handle_attributes, PHANDLE token); 70 71 // Interception of CreateProcessW and A in kernel32.dll. 72 SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessW( 73 CreateProcessWFunction orig_CreateProcessW, LPCWSTR application_name, 74 LPWSTR command_line, LPSECURITY_ATTRIBUTES process_attributes, 75 LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags, 76 LPVOID environment, LPCWSTR current_directory, LPSTARTUPINFOW startup_info, 77 LPPROCESS_INFORMATION process_information); 78 79 SANDBOX_INTERCEPT BOOL WINAPI TargetCreateProcessA( 80 CreateProcessAFunction orig_CreateProcessA, LPCSTR application_name, 81 LPSTR command_line, LPSECURITY_ATTRIBUTES process_attributes, 82 LPSECURITY_ATTRIBUTES thread_attributes, BOOL inherit_handles, DWORD flags, 83 LPVOID environment, LPCSTR current_directory, LPSTARTUPINFOA startup_info, 84 LPPROCESS_INFORMATION process_information); 85 86 } // extern "C" 87 88 } // namespace sandbox 89 90 #endif // SANDBOX_SRC_PROCESS_THREAD_INTERCEPTION_H__ 91