| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/src/target_process.h" | 5 #include "sandbox/src/target_process.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
| 9 #include "base/win/pe_image.h" | 9 #include "base/win/pe_image.h" |
| 10 #include "base/win/windows_version.h" | 10 #include "base/win/windows_version.h" |
| (...skipping 29 matching lines...) Expand all Loading... |
| 40 } | 40 } |
| 41 } | 41 } |
| 42 | 42 |
| 43 // Reserve a random range at the bottom of the address space in the target | 43 // Reserve a random range at the bottom of the address space in the target |
| 44 // process to prevent predictable alocations at low addresses. | 44 // process to prevent predictable alocations at low addresses. |
| 45 void PoisonLowerAddressRange(HANDLE process) { | 45 void PoisonLowerAddressRange(HANDLE process) { |
| 46 unsigned int limit; | 46 unsigned int limit; |
| 47 rand_s(&limit); | 47 rand_s(&limit); |
| 48 char* ptr = 0; | 48 char* ptr = 0; |
| 49 const size_t kMask64k = 0xFFFF; | 49 const size_t kMask64k = 0xFFFF; |
| 50 // Random range (512k-4.5mb) in 64k steps. | 50 // Random range (512k-16.5mb) in 64k steps. |
| 51 const char* end = ptr + ((((limit % 4096) + 512) * 1024) & ~kMask64k); | 51 const char* end = ptr + ((((limit % 16384) + 512) * 1024) & ~kMask64k); |
| 52 while (ptr < end) { | 52 while (ptr < end) { |
| 53 MEMORY_BASIC_INFORMATION memory_info; | 53 MEMORY_BASIC_INFORMATION memory_info; |
| 54 if (!::VirtualQueryEx(process, ptr, &memory_info, sizeof(memory_info))) | 54 if (!::VirtualQueryEx(process, ptr, &memory_info, sizeof(memory_info))) |
| 55 break; | 55 break; |
| 56 size_t size = std::min((memory_info.RegionSize + kMask64k) & ~kMask64k, | 56 size_t size = std::min((memory_info.RegionSize + kMask64k) & ~kMask64k, |
| 57 static_cast<SIZE_T>(end - ptr)); | 57 static_cast<SIZE_T>(end - ptr)); |
| 58 if (ptr && memory_info.State == MEM_FREE) | 58 if (ptr && memory_info.State == MEM_FREE) |
| 59 ::VirtualAllocEx(process, ptr, size, MEM_RESERVE, PAGE_NOACCESS); | 59 ::VirtualAllocEx(process, ptr, size, MEM_RESERVE, PAGE_NOACCESS); |
| 60 ptr += size; | 60 ptr += size; |
| 61 } | 61 } |
| (...skipping 288 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 350 | 350 |
| 351 | 351 |
| 352 TargetProcess* MakeTestTargetProcess(HANDLE process, HMODULE base_address) { | 352 TargetProcess* MakeTestTargetProcess(HANDLE process, HMODULE base_address) { |
| 353 TargetProcess* target = new TargetProcess(NULL, NULL, NULL, NULL); | 353 TargetProcess* target = new TargetProcess(NULL, NULL, NULL, NULL); |
| 354 target->sandbox_process_ = process; | 354 target->sandbox_process_ = process; |
| 355 target->base_address_ = base_address; | 355 target->base_address_ = base_address; |
| 356 return target; | 356 return target; |
| 357 } | 357 } |
| 358 | 358 |
| 359 } // namespace sandbox | 359 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10666018:
Add eight more bits of entropy to the sandbox intercept trampoline (Closed)
Base URL: https://src.chromium.org/svn/trunk/src/