Changeset 52387 in vbox for trunk/src/VBox/HostDrivers/Support/win
- Timestamp:
- Aug 14, 2014 8:06:14 PM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/HostDrivers/Support/win/SUPDrv-win.cpp
r52353 r52387 2351 2351 2352 2352 2353 #ifdef VBOX_WITHOUT_DEBUGGER_CHECKS 2354 /** 2355 * Checks if the given process is one of the whitelisted debuggers. 2356 * 2357 * @returns true / false. 2358 * @param pProcess The process to check. 2359 */ 2360 static bool supdrvNtProtectIsWhitelistedDebugger(PEPROCESS pProcess) 2361 { 2362 const char *pszImageFile = (const char *)PsGetProcessImageFileName(pProcess); 2363 if (!pszImageFile) 2364 return false; 2365 2366 if (pszImageFile[0] == 'w' || pszImageFile[0] == 'W') 2367 { 2368 if (RTStrICmp(pszImageFile, "windbg.exe") == 0) 2369 return true; 2370 if (RTStrICmp(pszImageFile, "werfault.exe") == 0) 2371 return true; 2372 if (RTStrICmp(pszImageFile, "werfaultsecure.exe") == 0) 2373 return true; 2374 } 2375 else if (pszImageFile[0] == 'd' || pszImageFile[0] == 'D') 2376 { 2377 if (RTStrICmp(pszImageFile, "drwtsn32.exe") == 0) 2378 return true; 2379 if (RTStrICmp(pszImageFile, "dwwin.exe") == 0) 2380 return true; 2381 } 2382 2383 return false; 2384 } 2385 #endif /* VBOX_WITHOUT_DEBUGGER_CHECKS */ 2386 2387 2353 2388 /** @} */ 2354 2389 … … 2743 2778 PsGetProcessImageFileName(PsGetCurrentProcess()) )); 2744 2779 } 2780 #ifdef VBOX_WITHOUT_DEBUGGER_CHECKS 2781 /* Allow debuggers full access. */ 2782 else if (supdrvNtProtectIsWhitelistedDebugger(PsGetCurrentProcess())) 2783 { 2784 pOpInfo->CallContext = NULL; /* don't assert */ 2785 pNtProtect->fFirstProcessCreateHandle = false; 2786 2787 Log(("vboxdrv/ProcessHandlePre: ctx=%04zx/%p wants %#x to %p in pid=%04zx [%d] %s [debugger]\n", 2788 PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(), 2789 pOpInfo->Parameters->CreateHandleInformation.DesiredAccess, 2790 pOpInfo->Object, pNtProtect->AvlCore.Key, pNtProtect->enmProcessKind, 2791 PsGetProcessImageFileName(PsGetCurrentProcess()) )); 2792 } 2793 #endif 2745 2794 else 2746 2795 { … … 2980 3029 pNtProtect->fFirstThreadCreateHandle = false; 2981 3030 } 3031 #ifdef VBOX_WITHOUT_DEBUGGER_CHECKS 3032 /* Allow debuggers full access. */ 3033 else if (supdrvNtProtectIsWhitelistedDebugger(PsGetCurrentProcess())) 3034 { 3035 Log(("vboxdrv/ThreadHandlePre: ctx=%04zx/%p wants %#x to %p in pid=%04zx [%d] %s [debugger]\n", 3036 PsGetProcessId(PsGetCurrentProcess()), PsGetCurrentProcess(), 3037 pOpInfo->Parameters->CreateHandleInformation.DesiredAccess, 3038 pOpInfo->Object, pNtProtect->AvlCore.Key, pNtProtect->enmProcessKind, 3039 PsGetProcessImageFileName(PsGetCurrentProcess()) )); 3040 pOpInfo->CallContext = NULL; /* don't assert */ 3041 } 3042 #endif 2982 3043 else 2983 3044 { … … 3290 3351 */ 3291 3352 int rc = VINF_SUCCESS; 3353 # ifdef VBOX_WITHOUT_DEBUGGER_CHECKS 3354 HANDLE idLastDebugger = (HANDLE)~(uintptr_t)0; 3355 # endif 3292 3356 3293 3357 uint32_t cCsrssProcessHandles = 0; … … 3363 3427 else 3364 3428 continue; 3429 3430 # ifdef VBOX_WITHOUT_DEBUGGER_CHECKS 3431 /* Ignore whitelisted debuggers. */ 3432 if (pHandleInfo->UniqueProcessId == idLastDebugger) 3433 continue; 3434 PEPROCESS pDbgProc; 3435 NTSTATUS rcNt = PsLookupProcessByProcessId(pHandleInfo->UniqueProcessId, &pDbgProc); 3436 if (NT_SUCCESS(rcNt)) 3437 { 3438 bool fIsDebugger = supdrvNtProtectIsWhitelistedDebugger(pDbgProc); 3439 ObDereferenceObject(pDbgProc); 3440 if (fIsDebugger) 3441 { 3442 idLastDebugger = pHandleInfo->UniqueProcessId; 3443 continue; 3444 } 3445 } 3446 # endif 3365 3447 3366 3448 /* Found evil handle. Currently ignoring on pre-Vista. */
Note:
See TracChangeset
for help on using the changeset viewer.
