Changeset 52529 in vbox for trunk/src/VBox/HostDrivers/Support/win

Timestamp:

Aug 29, 2014 3:03:07 PM (10 years ago)

Author:

vboxsync

Message:

Extended avast cleanup kludge. Added build time option of supporting the application verifier / paged heaps.

Location:

trunk/src/VBox/HostDrivers/Support/win

Files:

• SUPDrv-win.cpp (modified) (1 diff)
• SUPHardenedVerify-win.h (modified) (1 diff)
• SUPHardenedVerifyImage-win.cpp (modified) (1 diff)
• SUPHardenedVerifyProcess-win.cpp (modified) (9 diffs)
• SUPR3HardenedMain-win.cpp (modified) (3 diffs)

trunk/src/VBox/HostDrivers/Support/win/SUPDrv-win.cpp

@@ -3493 +3493 @@
         RTErrInfoInit(&ErrInfo, szErr, sizeof(szErr));
 
-        rc = supHardenedWinVerifyProcess(NtCurrentProcess(), NtCurrentThread(), SUPHARDNTVPKIND_VERIFY_ONLY, &ErrInfo);
+        rc = supHardenedWinVerifyProcess(NtCurrentProcess(), NtCurrentThread(), SUPHARDNTVPKIND_VERIFY_ONLY,
+                                         NULL /*pcFixes*/, &ErrInfo);
         if (RT_FAILURE(rc))
             RTLogWriteDebugger(szErr, strlen(szErr));

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerify-win.h

@@ -54 +54 @@
     SUPHARDNTVPKIND_32BIT_HACK = 0x7fffffff
 } SUPHARDNTVPKIND;
-DECLHIDDEN(int)     supHardenedWinVerifyProcess(HANDLE hProcess, HANDLE hThread, SUPHARDNTVPKIND enmKind, PRTERRINFO pErrInfo);
+DECLHIDDEN(int)     supHardenedWinVerifyProcess(HANDLE hProcess, HANDLE hThread, SUPHARDNTVPKIND enmKind,
+                                                uint32_t *pcFixes, PRTERRINFO pErrInfo);
 
 DECLHIDDEN(bool)    supHardViUniStrPathStartsWithUniStr(UNICODE_STRING const *pUniStrLeft,

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp

@@ -734 +734 @@
         if (supHardViUtf16PathIsEqual(pwsz, "apphelp.dll"))
             return uNtVer < SUP_MAKE_NT_VER_SIMPLE(6, 4) ? VINF_LDRVI_NOT_SIGNED : rc;
+#ifdef VBOX_PERMIT_VERIFIER_DLL
+        if (supHardViUtf16PathIsEqual(pwsz, "verifier.dll"))
+            return uNtVer < SUP_NT_VER_W81 ? VINF_LDRVI_NOT_SIGNED : rc;
+#endif
 #ifdef VBOX_PERMIT_MORE
         if (uNtVer >= SUP_NT_VER_W70) /* hard limit: user32.dll is unwanted prior to w7. */

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyProcess-win.cpp

@@ -131 +131 @@
     /** The result. */
     int                     rcResult;
+    /** Number of fixes we've done.
+     * Only applicable in the purification modes.  */
+    uint32_t                cFixes;
     /** Number of images in aImages. */
     uint32_t                cImages;
@@ -141 +144 @@
      * more so we can get the image name of the first unwanted DLL. */
     SUPHNTVPIMAGE           aImages[1 + 6 + 1
+#ifdef VBOX_PERMIT_VERIFIER_DLL
+                                    + 1
+#endif
 #ifdef VBOX_PERMIT_MORE
                                     + 5
@@ -175 +181 @@
     "apphelp.dll",
     "apisetschema.dll",
+#ifdef VBOX_PERMIT_VERIFIER_DLL
+    "verifier.dll",
+#endif
 #ifdef VBOX_PERMIT_MORE
 # define VBOX_PERMIT_MORE_FIRST_IDX 5
@@ -351 +360 @@
             rcNt = rcNt2;
     }
+    pThis->cFixes++;
     return rcNt;
 }
@@ -1220 +1230 @@
             if (NT_SUCCESS(rcNt))
                 return VINF_OBJECT_DESTROYED;
+            pThis->cFixes++;
             SUP_DPRINTF(("supHardNtVpScanVirtualMemory: NtUnmapViewOfSection(,%p) failed: %#x\n", pMemInfo->AllocationBase, rcNt));
         }
@@ -1362 +1373 @@
     uintptr_t   cbAdvance = 0;
     uintptr_t   uPtrWhere = 0;
+#ifdef VBOX_PERMIT_VERIFIER_DLL
+    for (uint32_t i = 0; i < 10240; i++)
+#else
     for (uint32_t i = 0; i < 1024; i++)
+#endif
     {
         SIZE_T                      cbActual = 0;
@@ -1511 +1526 @@
                                         "Unknown executable memory type %#x at %p/%p LB %#zx",
                                         MemInfo.Type, MemInfo.AllocationBase, MemInfo.BaseAddress, MemInfo.RegionSize);
+                pThis->cFixes++;
             }
             else
@@ -2057 +2073 @@
  * @param   enmKind             The kind of process verification to perform.
  * @param   pErrInfo            Pointer to error info structure. Optional.
- */
-DECLHIDDEN(int) supHardenedWinVerifyProcess(HANDLE hProcess, HANDLE hThread, SUPHARDNTVPKIND enmKind, PRTERRINFO pErrInfo)
-{
+ * @param   pcFixes             Where to return the number of fixes made during
+ *                              purification.  Optional.
+ */
+DECLHIDDEN(int) supHardenedWinVerifyProcess(HANDLE hProcess, HANDLE hThread, SUPHARDNTVPKIND enmKind,
+                                            uint32_t *pcFixes, PRTERRINFO pErrInfo)
+{
+    if (pcFixes)
+        *pcFixes = 0;
+
     /*
      * Some basic checks regarding threads and debuggers. We don't need
@@ -2095 +2117 @@
                 rc = supHardNtVpCheckDlls(pThis, hProcess);
 
+            if (pcFixes)
+                *pcFixes = pThis->cFixes;
+
             /*
              * Clean up the state.

trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp

@@ -2414 +2414 @@
     RTErrInfoInitStatic(&g_ErrInfoStatic);
     int rc = supHardenedWinVerifyProcess(NtCurrentProcess(), NtCurrentThread(),
-                                         SUPHARDNTVPKIND_VERIFY_ONLY, &g_ErrInfoStatic.Core);
+                                         SUPHARDNTVPKIND_VERIFY_ONLY, NULL /*pcFixes*/, &g_ErrInfoStatic.Core);
     if (RT_FAILURE(rc))
         supR3HardenedFatalMsg("supR3HardenedWinVerifyProcess", kSupInitOp_Integrity, rc,
@@ -3376 +3376 @@
         rc = supR3HardNtPuChSanitizePeb(&This);
     if (RT_SUCCESS(rc))
-        rc = supHardenedWinVerifyProcess(hProcess, hThread, SUPHARDNTVPKIND_CHILD_PURIFICATION, pErrInfo);
+        rc = supHardenedWinVerifyProcess(hProcess, hThread, SUPHARDNTVPKIND_CHILD_PURIFICATION, NULL /*pcFixes*/, pErrInfo);
 
     return rc;
@@ -3928 +3928 @@
          * We have to resort to kludge doing yield and sleep fudging for a
          * number of milliseconds and schedulings before we can hope that avast
-         * and similar products have done what they need to do.  Pretty fragile...
+         * and similar products have done what they need to do.  If we do any
+         * fixes, we wait for a while again and redo it until we're clean.
+         *
+         * This is unfortunately kind of fragile.
          */
-        uint32_t    cSleeps = 0;
-        DWORD       dwStart = GetTickCount();
+        uint32_t iLoop = 0;
+        uint32_t cFixes;
         do
         {
-            NtYieldExecution();
-            LARGE_INTEGER Time;
-            Time.QuadPart = -8000000 / 100; /* 8ms in 100ns units, relative time. */
-            NtDelayExecution(FALSE, &Time);
-            cSleeps++;
-        } while (   GetTickCount() - dwStart <= 80
-                 || cSleeps < 8);
-        SUP_DPRINTF(("supR3HardenedWinInit: Startup delay kludge #2: %u ms, %u sleeps\n", GetTickCount() - dwStart, cSleeps));
-
-        supHardenedWinVerifyProcess(NtCurrentProcess(), NtCurrentThread(), SUPHARDNTVPKIND_SELF_PURIFICATION, NULL);
+            uint32_t    cSleeps = 0;
+            DWORD       dwStart = GetTickCount();
+            do
+            {
+                NtYieldExecution();
+                LARGE_INTEGER Time;
+                Time.QuadPart = -8000000 / 100; /* 8ms in 100ns units, relative time. */
+                NtDelayExecution(FALSE, &Time);
+                cSleeps++;
+            } while (   GetTickCount() - dwStart <= 80
+                     || cSleeps < 8);
+            SUP_DPRINTF(("supR3HardenedWinInit: Startup delay kludge #2/%u: %u ms, %u sleeps\n",
+                         iLoop, GetTickCount() - dwStart, cSleeps));
+
+            cFixes = 0;
+            rc = supHardenedWinVerifyProcess(NtCurrentProcess(), NtCurrentThread(), SUPHARDNTVPKIND_SELF_PURIFICATION,
+                                             &cFixes, NULL /*pErrInfo*/);
+        } while (   RT_SUCCESS(rc)
+                 && cFixes > 0
+                 && ++iLoop < 8);
 
         /*