sandbox/src/dep.cc

   1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "sandbox/src/dep.h"
   6
   7 #include <windows.h>
   8
   9 #include "base/logging.h"
  10
  11 namespace sandbox {
  12
  13 namespace {
  14
  15 // These values are in the Windows 2008 SDK but not in the previous ones. Define
  16 // the values here until we're sure everyone updated their SDK.
  17 #ifndef PROCESS_DEP_ENABLE
  18 #define PROCESS_DEP_ENABLE                          0x00000001
  19 #endif
  20 #ifndef PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION
  21 #define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION     0x00000002
  22 #endif
  23
  24 // SetProcessDEPPolicy is declared in the Windows 2008 SDK.
  25 typedef BOOL (WINAPI *FnSetProcessDEPPolicy)(DWORD dwFlags);
  26
  27 enum PROCESS_INFORMATION_CLASS {
  28   ProcessExecuteFlags = 0x22,
  29 };
  30
  31 // Flags named as per their usage.
  32 const int MEM_EXECUTE_OPTION_ENABLE = 1;
  33 const int MEM_EXECUTE_OPTION_DISABLE = 2;
  34 const int MEM_EXECUTE_OPTION_ATL7_THUNK_EMULATION = 4;
  35 const int MEM_EXECUTE_OPTION_PERMANENT = 8;
  36
  37 // Not exactly the right signature but that will suffice.
  38 typedef HRESULT (WINAPI *FnNtSetInformationProcess)(
  39     HANDLE ProcessHandle,
  40     PROCESS_INFORMATION_CLASS ProcessInformationClass,
  41     PVOID ProcessInformation,
  42     ULONG ProcessInformationLength);
  43
  44 }  // namespace
  45
  46 bool SetCurrentProcessDEP(DepEnforcement enforcement) {
  47 #ifdef _WIN64
  48   // DEP is always on in x64.
  49   return enforcement != DEP_DISABLED;
  50 #endif
  51   // Only available on Windows XP SP2 and Windows Server 2003 SP1.
  52   // For reference: http://www.uninformed.org/?v=2&a=4
  53   FnNtSetInformationProcess NtSetInformationProc =
  54       reinterpret_cast<FnNtSetInformationProcess>(
  55           GetProcAddress(GetModuleHandle(L"ntdll.dll"),
  56                                          "NtSetInformationProcess"));
  57
  58   if (!NtSetInformationProc)
  59     return false;
  60
  61   // Flags being used as per SetProcessDEPPolicy on Vista SP1.
  62   ULONG dep_flags;
  63   switch (enforcement) {
  64     case DEP_DISABLED:
  65       // 2
  66       dep_flags = MEM_EXECUTE_OPTION_DISABLE;
  67       break;
  68     case DEP_ENABLED:
  69       // 9
  70       dep_flags = MEM_EXECUTE_OPTION_PERMANENT | MEM_EXECUTE_OPTION_ENABLE;
  71       break;
  72     case DEP_ENABLED_ATL7_COMPAT:
  73       // 0xD
  74       dep_flags = MEM_EXECUTE_OPTION_PERMANENT | MEM_EXECUTE_OPTION_ENABLE |
  75                   MEM_EXECUTE_OPTION_ATL7_THUNK_EMULATION;
  76       break;
  77     default:
  78       NOTREACHED();
  79       return false;
  80   }
  81
  82   HRESULT status = NtSetInformationProc(GetCurrentProcess(),
  83                                         ProcessExecuteFlags,
  84                                         &dep_flags,
  85                                         sizeof(dep_flags));
  86   return SUCCEEDED(status);
  87 }
  88
  89 }  // namespace sandbox