Changeset 66525 in vbox for trunk/src/VBox/HostDrivers
- Timestamp:
- Apr 12, 2017 10:48:30 AM (8 years ago)
- Location:
- trunk/src/VBox/HostDrivers/Support
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/HostDrivers/Support/Makefile.kmk
r66484 r66525 337 337 $(VBOX_PATH_RUNTIME_SRC)/common/string/RTStrCmp.cpp \ 338 338 $(VBOX_PATH_RUNTIME_SRC)/common/string/RTStrCopy.cpp \ 339 $(VBOX_PATH_RUNTIME_SRC)/common/string/RTStrICmpAscii.cpp \ 339 340 $(VBOX_PATH_RUNTIME_SRC)/common/string/RTStrNCmp.cpp \ 340 341 $(VBOX_PATH_RUNTIME_SRC)/common/string/RTStrNLen.cpp \ -
trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerify-win.h
r62677 r66525 139 139 /** @} */ 140 140 141 /* Array in SUPHardenedVerifyImage-win.cpp */ 142 extern const RTSTRTUPLE g_aSupNtViBlacklistedDlls[]; 143 141 144 /** 142 145 * Loader cache entry. -
trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp
r64883 r66525 140 140 # endif 141 141 #endif /* IN_RING3 && !VBOX_PERMIT_MORE*/ 142 143 /** 144 * Blacklisted DLL names. 145 */ 146 const RTSTRTUPLE g_aSupNtViBlacklistedDlls[] = 147 { 148 { RT_STR_TUPLE("SCROBJ.dll") }, 149 { NULL, 0 } /* terminator entry */ 150 }; 151 142 152 143 153 static union … … 1273 1283 RT_NOREF1(fAvoidWinVerifyTrust); 1274 1284 #endif 1285 1286 /* 1287 * Check for blacklisted DLLs, both internal name and filename. 1288 */ 1289 if (RT_SUCCESS(rc)) 1290 { 1291 size_t const cwcName = RTUtf16Len(pwszName); 1292 char szIntName[64]; 1293 int rc2 = RTLdrQueryProp(hLdrMod, RTLDRPROP_INTERNAL_NAME, szIntName, sizeof(szIntName)); 1294 if (RT_SUCCESS(rc2)) 1295 { 1296 size_t const cchIntName = strlen(szIntName); 1297 for (unsigned i = 0; g_aSupNtViBlacklistedDlls[i].psz != NULL; i++) 1298 if ( cchIntName == g_aSupNtViBlacklistedDlls[i].cch 1299 && RTStrICmpAscii(szIntName, g_aSupNtViBlacklistedDlls[i].psz) == 0) 1300 { 1301 rc = RTErrInfoSetF(pErrInfo, VERR_SUP_VP_UNDESIRABLE_MODULE, 1302 "The image '%ls' is listed as undesirable.", pwszName); 1303 break; 1304 } 1305 } 1306 if (RT_SUCCESS(rc)) 1307 { 1308 for (unsigned i = 0; g_aSupNtViBlacklistedDlls[i].psz != NULL; i++) 1309 if (cwcName >= g_aSupNtViBlacklistedDlls[i].cch) 1310 { 1311 PCRTUTF16 pwszTmp = &pwszName[cwcName - g_aSupNtViBlacklistedDlls[i].cch]; 1312 if ( ( cwcName == g_aSupNtViBlacklistedDlls[i].cch 1313 || pwszTmp[-1] == '\\' 1314 || pwszTmp[-1] == '/') 1315 && RTUtf16ICmpAscii(pwszTmp, g_aSupNtViBlacklistedDlls[i].psz) == 0) 1316 { 1317 rc = RTErrInfoSetF(pErrInfo, VERR_SUP_VP_UNDESIRABLE_MODULE, 1318 "The image '%ls' is listed as undesirable.", pwszName); 1319 break; 1320 } 1321 } 1322 } 1323 } 1275 1324 1276 1325 #ifdef IN_SUP_HARDENED_R3 -
trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp
r66484 r66525 1638 1638 1639 1639 /** 1640 * Helper for supR3HardenedMonitor_LdrLoadDll that compares the name part of the 1641 * input path against a ASCII name string of a given length. 1642 * 1643 * @returns true if the name part matches 1644 * @param pPath The LdrLoadDll input path. 1645 * @param pszName The name to try match it with. 1646 * @param cchName The name length. 1647 */ 1648 static bool supR3HardenedIsFilenameMatchDll(PUNICODE_STRING pPath, const char *pszName, size_t cchName) 1649 { 1650 if (pPath->Length < cchName * 2) 1651 return false; 1652 PCRTUTF16 pwszTmp = &pPath->Buffer[pPath->Length / sizeof(RTUTF16) - cchName]; 1653 if ( pPath->Length != cchName 1654 && pwszTmp[-1] != '\\' 1655 && pwszTmp[-1] != '/') 1656 return false; 1657 return RTUtf16ICmpAscii(pwszTmp, pszName) == 0; 1658 } 1659 1660 1661 /** 1640 1662 * Hooks that intercepts LdrLoadDll calls. 1641 1663 * … … 1714 1736 { RT_STR_TUPLE("PGHook.dll") }, 1715 1737 }; 1716 1717 1738 for (unsigned i = 0; i < RT_ELEMENTS(s_aUnwantedEarlyDlls); i++) 1718 { 1719 if (pName->Length < s_aUnwantedEarlyDlls[i].cch * 2) 1720 continue; 1721 PCRTUTF16 pwszTmp = &pName->Buffer[pName->Length / sizeof(RTUTF16) - s_aUnwantedEarlyDlls[i].cch]; 1722 if ( pName->Length != s_aUnwantedEarlyDlls[i].cch * 2 1723 && pwszTmp[-1] != '\\' 1724 && pwszTmp[-1] != '/') 1725 continue; 1726 if (RTUtf16ICmpAscii(pwszTmp, s_aUnwantedEarlyDlls[i].psz) != 0) 1727 continue; 1728 SUP_DPRINTF(("supR3HardenedMonitor_LdrLoadDll: Refusing to load '%.*ls' as it is expected to create undesirable threads that will upset our respawn checks (returning STATUS_TOO_MANY_THREADS)\n", 1729 pName->Length / sizeof(RTUTF16), pName->Buffer)); 1730 return STATUS_TOO_MANY_THREADS; 1731 } 1739 if (supR3HardenedIsFilenameMatchDll(pName, s_aUnwantedEarlyDlls[i].psz, s_aUnwantedEarlyDlls[i].cch)) 1740 { 1741 SUP_DPRINTF(("supR3HardenedMonitor_LdrLoadDll: Refusing to load '%.*ls' as it is expected to create undesirable threads that will upset our respawn checks (returning STATUS_TOO_MANY_THREADS)\n", 1742 pName->Length / sizeof(RTUTF16), pName->Buffer)); 1743 return STATUS_TOO_MANY_THREADS; 1744 } 1732 1745 } 1733 1746 … … 1909 1922 pName = &ResolvedName; 1910 1923 } 1924 1925 #ifndef IN_SUP_R3_STATIC 1926 /* 1927 * Reject blacklisted DLLs based on input name. 1928 */ 1929 for (unsigned i = 0; g_aSupNtViBlacklistedDlls[i].psz != NULL; i++) 1930 if (supR3HardenedIsFilenameMatchDll(pName, g_aSupNtViBlacklistedDlls[i].psz, g_aSupNtViBlacklistedDlls[i].cch)) 1931 { 1932 SUP_DPRINTF(("supR3HardenedMonitor_LdrLoadDll: Refusing to load blacklisted DLL: '%.*ls'\n", 1933 pName->Length / sizeof(RTUTF16), pName->Buffer)); 1934 RtlRestoreLastWin32Error(dwSavedLastError); 1935 return STATUS_TOO_MANY_THREADS; 1936 } 1937 #endif 1911 1938 1912 1939 bool fQuiet = false;
Note:
See TracChangeset
for help on using the changeset viewer.