1 //===-- asan_win_dll_thunk.cc ---------------------------------------------===//
3 // This file is distributed under the University of Illinois Open Source
4 // License. See LICENSE.TXT for details.
6 //===----------------------------------------------------------------------===//
8 // This file is a part of AddressSanitizer, an address sanity checker.
10 // This file defines a family of thunks that should be statically linked into
11 // the DLLs that have ASan instrumentation in order to delegate the calls to the
12 // shared runtime that lives in the main binary.
13 // See https://github.com/google/sanitizers/issues/209 for the details.
14 //===----------------------------------------------------------------------===//
16 // Only compile this code when building asan_dll_thunk.lib
17 // Using #ifdef rather than relying on Makefiles etc.
18 // simplifies the build procedure.
20 #include "asan_init_version.h"
21 #include "interception/interception.h"
22 #include "sanitizer_common/sanitizer_platform_interceptors.h"
24 // ---------- Function interception helper functions and macros ----------- {{{1
26 void *__stdcall
GetModuleHandleA(const char *module_name
);
27 void *__stdcall
GetProcAddress(void *module
, const char *proc_name
);
31 using namespace __sanitizer
;
33 static uptr
getRealProcAddressOrDie(const char *name
) {
35 __interception::InternalGetProcAddress((void *)GetModuleHandleA(0), name
);
41 // We need to intercept some functions (e.g. ASan interface, memory allocator --
42 // let's call them "hooks") exported by the DLL thunk and forward the hooks to
43 // the runtime in the main module.
44 // However, we don't want to keep two lists of these hooks.
45 // To avoid that, the list of hooks should be defined using the
46 // INTERCEPT_WHEN_POSSIBLE macro. Then, all these hooks can be intercepted
47 // at once by calling INTERCEPT_HOOKS().
49 // Use macro+template magic to automatically generate the list of hooks.
50 // Each hook at line LINE defines a template class with a static
51 // FunctionInterceptor<LINE>::Execute() method intercepting the hook.
52 // The default implementation of FunctionInterceptor<LINE> is to call
53 // the Execute() method corresponding to the previous line.
55 struct FunctionInterceptor
{
56 static void Execute() { FunctionInterceptor
<LINE
-1>::Execute(); }
59 // There shouldn't be any hooks with negative definition line number.
61 struct FunctionInterceptor
<0> {
62 static void Execute() {}
65 #define INTERCEPT_WHEN_POSSIBLE(main_function, dll_function) \
66 template <> struct FunctionInterceptor<__LINE__> { \
67 static void Execute() { \
68 uptr wrapper = getRealProcAddressOrDie(main_function); \
69 if (!__interception::OverrideFunction((uptr)dll_function, wrapper, 0)) \
71 FunctionInterceptor<__LINE__ - 1>::Execute(); \
75 // Special case of hooks -- ASan own interface functions. Those are only called
76 // after __asan_init, thus an empty implementation is sufficient.
77 #define INTERFACE_FUNCTION(name) \
78 extern "C" __declspec(noinline) void name() { \
79 volatile int prevent_icf = (__LINE__ << 8); (void)prevent_icf; \
82 INTERCEPT_WHEN_POSSIBLE(#name, name)
84 // INTERCEPT_HOOKS must be used after the last INTERCEPT_WHEN_POSSIBLE.
85 #define INTERCEPT_HOOKS FunctionInterceptor<__LINE__>::Execute
87 // We can't define our own version of strlen etc. because that would lead to
88 // link-time or even type mismatch errors. Instead, we can declare a function
89 // just to be able to get its address. Me may miss the first few calls to the
90 // functions since it can be called before __asan_init, but that would lead to
91 // false negatives in the startup code before user's global initializers, which
93 #define INTERCEPT_LIBRARY_FUNCTION(name) \
94 extern "C" void name(); \
95 INTERCEPT_WHEN_POSSIBLE(WRAPPER_NAME(name), name)
97 // Disable compiler warnings that show up if we declare our own version
98 // of a compiler intrinsic (e.g. strlen).
99 #pragma warning(disable: 4391)
100 #pragma warning(disable: 4392)
102 static void InterceptHooks();
105 // ---------- Function wrapping helpers ----------------------------------- {{{1
106 #define WRAP_V_V(name) \
107 extern "C" void name() { \
108 typedef void (*fntype)(); \
109 static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
112 INTERCEPT_WHEN_POSSIBLE(#name, name);
114 #define WRAP_V_W(name) \
115 extern "C" void name(void *arg) { \
116 typedef void (*fntype)(void *arg); \
117 static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
120 INTERCEPT_WHEN_POSSIBLE(#name, name);
122 #define WRAP_V_WW(name) \
123 extern "C" void name(void *arg1, void *arg2) { \
124 typedef void (*fntype)(void *, void *); \
125 static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
128 INTERCEPT_WHEN_POSSIBLE(#name, name);
130 #define WRAP_V_WWW(name) \
131 extern "C" void name(void *arg1, void *arg2, void *arg3) { \
132 typedef void *(*fntype)(void *, void *, void *); \
133 static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
134 fn(arg1, arg2, arg3); \
136 INTERCEPT_WHEN_POSSIBLE(#name, name);
138 #define WRAP_W_V(name) \
139 extern "C" void *name() { \
140 typedef void *(*fntype)(); \
141 static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
144 INTERCEPT_WHEN_POSSIBLE(#name, name);
146 #define WRAP_W_W(name) \
147 extern "C" void *name(void *arg) { \
148 typedef void *(*fntype)(void *arg); \
149 static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
152 INTERCEPT_WHEN_POSSIBLE(#name, name);
154 #define WRAP_W_WW(name) \
155 extern "C" void *name(void *arg1, void *arg2) { \
156 typedef void *(*fntype)(void *, void *); \
157 static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
158 return fn(arg1, arg2); \
160 INTERCEPT_WHEN_POSSIBLE(#name, name);
162 #define WRAP_W_WWW(name) \
163 extern "C" void *name(void *arg1, void *arg2, void *arg3) { \
164 typedef void *(*fntype)(void *, void *, void *); \
165 static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
166 return fn(arg1, arg2, arg3); \
168 INTERCEPT_WHEN_POSSIBLE(#name, name);
170 #define WRAP_W_WWWW(name) \
171 extern "C" void *name(void *arg1, void *arg2, void *arg3, void *arg4) { \
172 typedef void *(*fntype)(void *, void *, void *, void *); \
173 static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
174 return fn(arg1, arg2, arg3, arg4); \
176 INTERCEPT_WHEN_POSSIBLE(#name, name);
178 #define WRAP_W_WWWWW(name) \
179 extern "C" void *name(void *arg1, void *arg2, void *arg3, void *arg4, \
181 typedef void *(*fntype)(void *, void *, void *, void *, void *); \
182 static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
183 return fn(arg1, arg2, arg3, arg4, arg5); \
185 INTERCEPT_WHEN_POSSIBLE(#name, name);
187 #define WRAP_W_WWWWWW(name) \
188 extern "C" void *name(void *arg1, void *arg2, void *arg3, void *arg4, \
189 void *arg5, void *arg6) { \
190 typedef void *(*fntype)(void *, void *, void *, void *, void *, void *); \
191 static fntype fn = (fntype)getRealProcAddressOrDie(#name); \
192 return fn(arg1, arg2, arg3, arg4, arg5, arg6); \
194 INTERCEPT_WHEN_POSSIBLE(#name, name);
197 // ----------------- ASan own interface functions --------------------
198 // Don't use the INTERFACE_FUNCTION machinery for this function as we actually
199 // want to call it in the __asan_init interceptor.
200 WRAP_W_V(__asan_should_detect_stack_use_after_return
)
201 WRAP_W_V(__asan_get_shadow_memory_dynamic_address
)
204 int __asan_option_detect_stack_use_after_return
;
205 uptr __asan_shadow_memory_dynamic_address
;
207 // Manually wrap __asan_init as we need to initialize
208 // __asan_option_detect_stack_use_after_return afterwards.
210 typedef void (*fntype
)();
211 static fntype fn
= 0;
212 // __asan_init is expected to be called by only one thread.
215 fn
= (fntype
)getRealProcAddressOrDie("__asan_init");
217 __asan_option_detect_stack_use_after_return
=
218 (__asan_should_detect_stack_use_after_return() != 0);
219 __asan_shadow_memory_dynamic_address
=
220 (uptr
)__asan_get_shadow_memory_dynamic_address();
225 extern "C" void __asan_version_mismatch_check() {
229 INTERFACE_FUNCTION(__asan_handle_no_return
)
231 INTERFACE_FUNCTION(__asan_report_store1
)
232 INTERFACE_FUNCTION(__asan_report_store2
)
233 INTERFACE_FUNCTION(__asan_report_store4
)
234 INTERFACE_FUNCTION(__asan_report_store8
)
235 INTERFACE_FUNCTION(__asan_report_store16
)
236 INTERFACE_FUNCTION(__asan_report_store_n
)
238 INTERFACE_FUNCTION(__asan_report_load1
)
239 INTERFACE_FUNCTION(__asan_report_load2
)
240 INTERFACE_FUNCTION(__asan_report_load4
)
241 INTERFACE_FUNCTION(__asan_report_load8
)
242 INTERFACE_FUNCTION(__asan_report_load16
)
243 INTERFACE_FUNCTION(__asan_report_load_n
)
245 INTERFACE_FUNCTION(__asan_store1
)
246 INTERFACE_FUNCTION(__asan_store2
)
247 INTERFACE_FUNCTION(__asan_store4
)
248 INTERFACE_FUNCTION(__asan_store8
)
249 INTERFACE_FUNCTION(__asan_store16
)
250 INTERFACE_FUNCTION(__asan_storeN
)
252 INTERFACE_FUNCTION(__asan_load1
)
253 INTERFACE_FUNCTION(__asan_load2
)
254 INTERFACE_FUNCTION(__asan_load4
)
255 INTERFACE_FUNCTION(__asan_load8
)
256 INTERFACE_FUNCTION(__asan_load16
)
257 INTERFACE_FUNCTION(__asan_loadN
)
259 INTERFACE_FUNCTION(__asan_memcpy
);
260 INTERFACE_FUNCTION(__asan_memset
);
261 INTERFACE_FUNCTION(__asan_memmove
);
263 INTERFACE_FUNCTION(__asan_set_shadow_00
);
264 INTERFACE_FUNCTION(__asan_set_shadow_f1
);
265 INTERFACE_FUNCTION(__asan_set_shadow_f2
);
266 INTERFACE_FUNCTION(__asan_set_shadow_f3
);
267 INTERFACE_FUNCTION(__asan_set_shadow_f5
);
268 INTERFACE_FUNCTION(__asan_set_shadow_f8
);
270 INTERFACE_FUNCTION(__asan_alloca_poison
);
271 INTERFACE_FUNCTION(__asan_allocas_unpoison
);
273 INTERFACE_FUNCTION(__asan_register_globals
)
274 INTERFACE_FUNCTION(__asan_unregister_globals
)
276 INTERFACE_FUNCTION(__asan_before_dynamic_init
)
277 INTERFACE_FUNCTION(__asan_after_dynamic_init
)
279 INTERFACE_FUNCTION(__asan_poison_stack_memory
)
280 INTERFACE_FUNCTION(__asan_unpoison_stack_memory
)
282 INTERFACE_FUNCTION(__asan_poison_memory_region
)
283 INTERFACE_FUNCTION(__asan_unpoison_memory_region
)
285 INTERFACE_FUNCTION(__asan_address_is_poisoned
)
286 INTERFACE_FUNCTION(__asan_region_is_poisoned
)
288 INTERFACE_FUNCTION(__asan_get_current_fake_stack
)
289 INTERFACE_FUNCTION(__asan_addr_is_in_fake_stack
)
291 INTERFACE_FUNCTION(__asan_stack_malloc_0
)
292 INTERFACE_FUNCTION(__asan_stack_malloc_1
)
293 INTERFACE_FUNCTION(__asan_stack_malloc_2
)
294 INTERFACE_FUNCTION(__asan_stack_malloc_3
)
295 INTERFACE_FUNCTION(__asan_stack_malloc_4
)
296 INTERFACE_FUNCTION(__asan_stack_malloc_5
)
297 INTERFACE_FUNCTION(__asan_stack_malloc_6
)
298 INTERFACE_FUNCTION(__asan_stack_malloc_7
)
299 INTERFACE_FUNCTION(__asan_stack_malloc_8
)
300 INTERFACE_FUNCTION(__asan_stack_malloc_9
)
301 INTERFACE_FUNCTION(__asan_stack_malloc_10
)
303 INTERFACE_FUNCTION(__asan_stack_free_0
)
304 INTERFACE_FUNCTION(__asan_stack_free_1
)
305 INTERFACE_FUNCTION(__asan_stack_free_2
)
306 INTERFACE_FUNCTION(__asan_stack_free_4
)
307 INTERFACE_FUNCTION(__asan_stack_free_5
)
308 INTERFACE_FUNCTION(__asan_stack_free_6
)
309 INTERFACE_FUNCTION(__asan_stack_free_7
)
310 INTERFACE_FUNCTION(__asan_stack_free_8
)
311 INTERFACE_FUNCTION(__asan_stack_free_9
)
312 INTERFACE_FUNCTION(__asan_stack_free_10
)
314 // FIXME: we might want to have a sanitizer_win_dll_thunk?
315 INTERFACE_FUNCTION(__sanitizer_annotate_contiguous_container
)
316 INTERFACE_FUNCTION(__sanitizer_contiguous_container_find_bad_address
)
317 INTERFACE_FUNCTION(__sanitizer_cov
)
318 INTERFACE_FUNCTION(__sanitizer_cov_dump
)
319 INTERFACE_FUNCTION(__sanitizer_cov_indir_call16
)
320 INTERFACE_FUNCTION(__sanitizer_cov_init
)
321 INTERFACE_FUNCTION(__sanitizer_cov_module_init
)
322 INTERFACE_FUNCTION(__sanitizer_cov_trace_basic_block
)
323 INTERFACE_FUNCTION(__sanitizer_cov_trace_func_enter
)
324 INTERFACE_FUNCTION(__sanitizer_cov_with_check
)
325 INTERFACE_FUNCTION(__sanitizer_get_allocated_size
)
326 INTERFACE_FUNCTION(__sanitizer_get_coverage_guards
)
327 INTERFACE_FUNCTION(__sanitizer_get_current_allocated_bytes
)
328 INTERFACE_FUNCTION(__sanitizer_get_estimated_allocated_size
)
329 INTERFACE_FUNCTION(__sanitizer_get_free_bytes
)
330 INTERFACE_FUNCTION(__sanitizer_get_heap_size
)
331 INTERFACE_FUNCTION(__sanitizer_get_ownership
)
332 INTERFACE_FUNCTION(__sanitizer_get_total_unique_caller_callee_pairs
)
333 INTERFACE_FUNCTION(__sanitizer_get_total_unique_coverage
)
334 INTERFACE_FUNCTION(__sanitizer_get_unmapped_bytes
)
335 INTERFACE_FUNCTION(__sanitizer_maybe_open_cov_file
)
336 INTERFACE_FUNCTION(__sanitizer_print_stack_trace
)
337 INTERFACE_FUNCTION(__sanitizer_symbolize_pc
)
338 INTERFACE_FUNCTION(__sanitizer_symbolize_global
)
339 INTERFACE_FUNCTION(__sanitizer_ptr_cmp
)
340 INTERFACE_FUNCTION(__sanitizer_ptr_sub
)
341 INTERFACE_FUNCTION(__sanitizer_report_error_summary
)
342 INTERFACE_FUNCTION(__sanitizer_reset_coverage
)
343 INTERFACE_FUNCTION(__sanitizer_get_number_of_counters
)
344 INTERFACE_FUNCTION(__sanitizer_update_counter_bitset_and_clear_counters
)
345 INTERFACE_FUNCTION(__sanitizer_sandbox_on_notify
)
346 INTERFACE_FUNCTION(__sanitizer_set_death_callback
)
347 INTERFACE_FUNCTION(__sanitizer_set_report_path
)
348 INTERFACE_FUNCTION(__sanitizer_set_report_fd
)
349 INTERFACE_FUNCTION(__sanitizer_unaligned_load16
)
350 INTERFACE_FUNCTION(__sanitizer_unaligned_load32
)
351 INTERFACE_FUNCTION(__sanitizer_unaligned_load64
)
352 INTERFACE_FUNCTION(__sanitizer_unaligned_store16
)
353 INTERFACE_FUNCTION(__sanitizer_unaligned_store32
)
354 INTERFACE_FUNCTION(__sanitizer_unaligned_store64
)
355 INTERFACE_FUNCTION(__sanitizer_verify_contiguous_container
)
356 INTERFACE_FUNCTION(__sanitizer_install_malloc_and_free_hooks
)
357 INTERFACE_FUNCTION(__sanitizer_start_switch_fiber
)
358 INTERFACE_FUNCTION(__sanitizer_finish_switch_fiber
)
360 // TODO(timurrrr): Add more interface functions on the as-needed basis.
362 // ----------------- Memory allocation functions ---------------------
368 WRAP_W_W(_malloc_base
)
369 WRAP_W_WWWW(_malloc_dbg
)
372 WRAP_W_WW(_calloc_base
)
373 WRAP_W_WWWWW(_calloc_dbg
)
374 WRAP_W_WWW(_calloc_impl
)
377 WRAP_W_WW(_realloc_base
)
378 WRAP_W_WWW(_realloc_dbg
)
379 WRAP_W_WWW(_recalloc
)
380 WRAP_W_WWW(_recalloc_base
)
384 WRAP_W_W(_expand_dbg
)
386 // TODO(timurrrr): Might want to add support for _aligned_* allocation
387 // functions to detect a bit more bugs. Those functions seem to wrap malloc().
389 // TODO(timurrrr): Do we need to add _Crt* stuff here? (see asan_malloc_win.cc).
391 INTERCEPT_LIBRARY_FUNCTION(atoi
);
392 INTERCEPT_LIBRARY_FUNCTION(atol
);
395 INTERCEPT_LIBRARY_FUNCTION(__C_specific_handler
);
397 INTERCEPT_LIBRARY_FUNCTION(_except_handler3
);
399 // _except_handler4 checks -GS cookie which is different for each module, so we
400 // can't use INTERCEPT_LIBRARY_FUNCTION(_except_handler4).
401 INTERCEPTOR(int, _except_handler4
, void *a
, void *b
, void *c
, void *d
) {
402 __asan_handle_no_return();
403 return REAL(_except_handler4
)(a
, b
, c
, d
);
407 INTERCEPT_LIBRARY_FUNCTION(frexp
);
408 INTERCEPT_LIBRARY_FUNCTION(longjmp
);
409 #if SANITIZER_INTERCEPT_MEMCHR
410 INTERCEPT_LIBRARY_FUNCTION(memchr
);
412 INTERCEPT_LIBRARY_FUNCTION(memcmp
);
413 INTERCEPT_LIBRARY_FUNCTION(memcpy
);
414 INTERCEPT_LIBRARY_FUNCTION(memmove
);
415 INTERCEPT_LIBRARY_FUNCTION(memset
);
416 INTERCEPT_LIBRARY_FUNCTION(strcat
); // NOLINT
417 INTERCEPT_LIBRARY_FUNCTION(strchr
);
418 INTERCEPT_LIBRARY_FUNCTION(strcmp
);
419 INTERCEPT_LIBRARY_FUNCTION(strcpy
); // NOLINT
420 INTERCEPT_LIBRARY_FUNCTION(strcspn
);
421 INTERCEPT_LIBRARY_FUNCTION(strdup
);
422 INTERCEPT_LIBRARY_FUNCTION(strlen
);
423 INTERCEPT_LIBRARY_FUNCTION(strncat
);
424 INTERCEPT_LIBRARY_FUNCTION(strncmp
);
425 INTERCEPT_LIBRARY_FUNCTION(strncpy
);
426 INTERCEPT_LIBRARY_FUNCTION(strnlen
);
427 INTERCEPT_LIBRARY_FUNCTION(strpbrk
);
428 INTERCEPT_LIBRARY_FUNCTION(strrchr
);
429 INTERCEPT_LIBRARY_FUNCTION(strspn
);
430 INTERCEPT_LIBRARY_FUNCTION(strstr
);
431 INTERCEPT_LIBRARY_FUNCTION(strtol
);
432 INTERCEPT_LIBRARY_FUNCTION(wcslen
);
434 // Must be after all the interceptor declarations due to the way INTERCEPT_HOOKS
436 void InterceptHooks() {
439 INTERCEPT_FUNCTION(_except_handler4
);
443 // We want to call __asan_init before C/C++ initializers/constructors are
444 // executed, otherwise functions like memset might be invoked.
445 // For some strange reason, merely linking in asan_preinit.cc doesn't work
446 // as the callback is never called... Is link.exe doing something too smart?
448 // In DLLs, the callbacks are expected to return 0,
449 // otherwise CRT initialization fails.
450 static int call_asan_init() {
454 #pragma section(".CRT$XIB", long, read) // NOLINT
455 __declspec(allocate(".CRT$XIB")) int (*__asan_preinit
)() = call_asan_init
;
457 #endif // ASAN_DLL_THUNK