Changeset 53220 in vbox

Timestamp:

Nov 5, 2014 8:51:38 AM (10 years ago)

Author:

vboxsync

Message:

SUP: Relax image architecture restrictions so 32-bit resource DLLs won't cause unnecessary trouble in 64-bit processes. (untested)

Location:

trunk/src/VBox/HostDrivers/Support/win

Files:

• SUPHardenedVerify-win.h (modified) (1 diff)
• SUPHardenedVerifyImage-win.cpp (modified) (1 diff)
• SUPHardenedVerifyProcess-win.cpp (modified) (2 diffs)
• SUPR3HardenedMain-win.cpp (modified) (8 diffs)

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerify-win.h

@@ -133 +133 @@
 /** The file owner must be TrustedInstaller on Vista+. */
 #  define SUPHNTVI_F_TRUSTED_INSTALLER_OWNER        RT_BIT(4)
-/** Resource image, could be any bitness. */
-#  define SUPHNTVI_F_RESOURCE_IMAGE                 RT_BIT(30)
+/** Ignore the image architecture (otherwise it must match the verification
+ * code).  Used with resource images and such. */
+#  define SUPHNTVI_F_IGNORE_ARCHITECTURE            RT_BIT(30)
 /** Raw-mode context image, always 32-bit. */
 #  define SUPHNTVI_F_RC_IMAGE                       RT_BIT(31)

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp

@@ -1235 +1235 @@
         RTLDRMOD hLdrMod;
         RTLDRARCH enmArch = fFlags & SUPHNTVI_F_RC_IMAGE ? RTLDRARCH_X86_32 : RTLDRARCH_HOST;
-        if (fFlags & SUPHNTVI_F_RESOURCE_IMAGE)
+        if (fFlags & SUPHNTVI_F_IGNORE_ARCHITECTURE)
             enmArch = RTLDRARCH_WHATEVER;
         rc = RTLdrOpenWithReader(&pNtViRdr->Core, RTLDR_O_FOR_VALIDATION, enmArch, &hLdrMod, pErrInfo);

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyProcess-win.cpp

@@ -1835 +1835 @@
                     : SUPHNTVI_F_REQUIRE_BUILD_CERT;
     if (f32bitResourceDll)
-        fFlags |= SUPHNTVI_F_RESOURCE_IMAGE;
+        fFlags |= SUPHNTVI_F_IGNORE_ARCHITECTURE;
 
     PSUPHNTVIRDR pNtViRdr;
@@ -1850 +1850 @@
     RTLDRMOD hLdrMod;
     RTLDRARCH enmArch = fFlags & SUPHNTVI_F_RC_IMAGE ? RTLDRARCH_X86_32 : RTLDRARCH_HOST;
-    if (fFlags & SUPHNTVI_F_RESOURCE_IMAGE)
+    if (fFlags & SUPHNTVI_F_IGNORE_ARCHITECTURE)
         enmArch = RTLDRARCH_WHATEVER;
     rc = RTLdrOpenWithReader(&pNtViRdr->Core, RTLDR_O_FOR_VALIDATION, enmArch, &hLdrMod, pErrInfo);

trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp

@@ -369 +369 @@
 *   Internal Functions                                                         *
 *******************************************************************************/
-static NTSTATUS supR3HardenedScreenImage(HANDLE hFile, bool fImage, PULONG pfAccess, PULONG pfProtect,
+static NTSTATUS supR3HardenedScreenImage(HANDLE hFile, bool fImage, bool fIgnoreArch, PULONG pfAccess, PULONG pfProtect,
                                          bool *pfCallRealApi, const char *pszCaller, bool fAvoidWinVerifyTrust,
                                          bool *pfQuiet);
@@ -1052 +1052 @@
                     ULONG fProtect = 0;
                     bool  fCallRealApi = false;
-                    rcNt = supR3HardenedScreenImage(hFile, true /*fImage*/, &fAccess, &fProtect, &fCallRealApi,
-                                                    "Imports", false /*fAvoidWinVerifyTrust*/, NULL /*pfQuiet*/);
+                    rcNt = supR3HardenedScreenImage(hFile, true /*fImage*/, false /*fIgnoreArch*/, &fAccess, &fProtect,
+                                                    &fCallRealApi, "Imports", false /*fAvoidWinVerifyTrust*/, NULL /*pfQuiet*/);
                     NtClose(hFile);
                 }
@@ -1275 +1275 @@
 
 
-static NTSTATUS supR3HardenedScreenImage(HANDLE hFile, bool fImage, PULONG pfAccess, PULONG pfProtect,
+/**
+ * Screens an image file or file mapped with execute access.
+ *
+ * @returns NT status code.
+ * @param   hFile                   The file handle.
+ * @param   fImage                  Set if image file mapping being made
+ *                                  (NtCreateSection thing).
+ * @param   fIgnoreArch             Using the DONT_RESOLVE_DLL_REFERENCES flag,
+ *                                  which also implies that DLL init / term code
+ *                                  isn't called, so the architecture should be
+ *                                  ignored.
+ * @param   pfAccess                Pointer to the NtCreateSection access flags,
+ *                                  so we can modify them if necessary.
+ * @param   pfProtect               Pointer to the NtCreateSection protection
+ *                                  flags, so we can modify them if necessary.
+ * @param   pfCallRealApi           Whether it's ok to go on to the real API.
+ * @param   pszCaller               Who is calling (for debugging / logging).
+ * @param   fAvoidWinVerifyTrust    Whether we should avoid WinVerifyTrust.
+ * @param   pfQuiet                 Where to return whether to be quiet about
+ *                                  this image in the log (i.e. we've seen it
+ *                                  lots of times already).  Optional.
+ */
+static NTSTATUS supR3HardenedScreenImage(HANDLE hFile, bool fImage, bool fIgnoreArch, PULONG pfAccess, PULONG pfProtect,
                                          bool *pfCallRealApi, const char *pszCaller, bool fAvoidWinVerifyTrust, bool *pfQuiet)
 {
@@ -1540 +1562 @@
      * left of the path buffer for an RTERRINFO buffer.
      */
+    if (fIgnoreArch)
+        fFlags |= SUPHNTVI_F_IGNORE_ARCHITECTURE;
     RTERRINFO ErrInfo;
     RTErrInfoInit(&ErrInfo, (char *)&uBuf.abBuffer[cbNameBuf], sizeof(uBuf) - cbNameBuf);
@@ -1610 +1634 @@
     bool  fCallRealApi;
     //SUP_DPRINTF(("supR3HardenedWinVerifyCachePreload: scanning %ls\n", pwszName));
-    supR3HardenedScreenImage(hFile, false, &fAccess, &fProtect, &fCallRealApi, "preload", false /*fAvoidWinVerifyTrust*/,
-                             NULL /*pfQuiet*/);
+    supR3HardenedScreenImage(hFile, false, false /*fIgnoreArch*/, &fAccess, &fProtect, &fCallRealApi, "preload",
+                             false /*fAvoidWinVerifyTrust*/, NULL /*pfQuiet*/);
     //SUP_DPRINTF(("supR3HardenedWinVerifyCachePreload: done %ls\n", pwszName));
 
@@ -1648 +1672 @@
             bool fCallRealApi;
             //SUP_DPRINTF(("supR3HardenedMonitor_NtCreateSection: 1\n"));
-            NTSTATUS rcNt = supR3HardenedScreenImage(hFile, fImage, &fAccess, &fProtect, &fCallRealApi,
+            NTSTATUS rcNt = supR3HardenedScreenImage(hFile, fImage, true /*fIgnoreArch*/, &fAccess, &fProtect, &fCallRealApi,
                                                      "NtCreateSection", true /*fAvoidWinVerifyTrust*/, NULL /*pfQuiet*/);
             //SUP_DPRINTF(("supR3HardenedMonitor_NtCreateSection: 2 rcNt=%#x fCallRealApi=%#x\n", rcNt, fCallRealApi));
@@ -1982 +2006 @@
             ULONG fProtect = 0;
             bool  fCallRealApi = false;
-            rcNt = supR3HardenedScreenImage(hFile, true /*fImage*/, &fAccess, &fProtect, &fCallRealApi,
+            rcNt = supR3HardenedScreenImage(hFile, true /*fImage*/, RT_VALID_PTR(pfFlags) && (*pfFlags & 0x2) /*fIgnoreArch*/,
+                                            &fAccess, &fProtect, &fCallRealApi,
                                             "LdrLoadDll", false /*fAvoidWinVerifyTrust*/, &fQuiet);
             NtClose(hFile);
@@ -2132 +2157 @@
         bool  fCallRealApi = false;
         bool  fQuietFailure = false;
-        rcNt = supR3HardenedScreenImage(hFile, true /*fImage*/, &fAccess, &fProtect, &fCallRealApi,
+        rcNt = supR3HardenedScreenImage(hFile, true /*fImage*/, true /*fIgnoreArch*/, &fAccess, &fProtect, &fCallRealApi,
                                         "LdrLoadDll", true /*fAvoidWinVerifyTrust*/, &fQuietFailure);
         NtClose(hFile);