VirtualBox

source: vbox/trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMainA-win.asm@ 52523

最後變更 在這個檔案從52523是 52523,由 vboxsync 提交於 11 年 前

SUP: Sabotage thread creation in the stub process and for the initial part of the VM process.
  • 屬性 svn:eol-style 設為 native
  • 屬性 svn:keywords 設為 Author Date Id Revision
檔案大小: 4.7 KB
 
1; $Id: SUPR3HardenedMainA-win.asm 52523 2014-08-29 06:52:04Z vboxsync $
2;; @file
3; VirtualBox Support Library - Hardened main(), Windows assembly bits.
4;
5
6;
7; Copyright (C) 2012-2014 Oracle Corporation
8;
9; This file is part of VirtualBox Open Source Edition (OSE), as
10; available from http://www.alldomusa.eu.org. This file is free software;
11; you can redistribute it and/or modify it under the terms of the GNU
12; General Public License (GPL) as published by the Free Software
13; Foundation, in version 2 as it comes in the "COPYING" file of the
14; VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15; hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16;
17; The contents of this file may alternatively be used under the terms
18; of the Common Development and Distribution License Version 1.0
19; (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20; VirtualBox OSE distribution, in which case the provisions of the
21; CDDL are applicable instead of those of the GPL.
22;
23; You may elect to license modified versions of this file under the
24; terms and conditions of either the GPL or the CDDL or both.
25;
26
27;*******************************************************************************
28;* Header Files *
29;*******************************************************************************
30%define RT_ASM_WITH_SEH64
31%include "iprt/asmdefs.mac"
32
33
34; External data.
35extern NAME(g_pfnNtCreateSectionJmpBack)
36
37
38BEGINCODE
39
40;
41; 64-bit
42;
43%ifdef RT_ARCH_AMD64
44 %macro supR3HardenedJmpBack_NtCreateSection_Xxx 1
45 BEGINPROC supR3HardenedJmpBack_NtCreateSection_ %+ %1
46 SEH64_END_PROLOGUE
47 ; The code we replaced.
48 mov r10, rcx
49 mov eax, %1
50
51 ; Jump back to the original code.
52 jmp [NAME(g_pfnNtCreateSectionJmpBack) wrt RIP]
53 ENDPROC supR3HardenedJmpBack_NtCreateSection_ %+ %1
54 %endm
55 %define SYSCALL(a_Num) supR3HardenedJmpBack_NtCreateSection_Xxx a_Num
56 %include "NtCreateSection-template-amd64-syscall-type-1.h"
57
58%endif
59
60
61;
62; 32-bit.
63;
64%ifdef RT_ARCH_X86
65 %macro supR3HardenedJmpBack_NtCreateSection_Xxx 1
66 BEGINPROC supR3HardenedJmpBack_NtCreateSection_ %+ %1
67 ; The code we replaced.
68 mov eax, %1
69
70 ; Jump back to the original code.
71 jmp [NAME(g_pfnNtCreateSectionJmpBack)]
72 ENDPROC supR3HardenedJmpBack_NtCreateSection_ %+ %1
73 %endm
74 %define SYSCALL(a_Num) supR3HardenedJmpBack_NtCreateSection_Xxx a_Num
75 %include "NtCreateSection-template-x86-syscall-type-1.h"
76
77%endif
78
79;;
80; Composes a standard call name.
81%ifdef RT_ARCH_X86
82 %define SUPHNTIMP_STDCALL_NAME(a,b) _ %+ a %+ @ %+ b
83%else
84 %define SUPHNTIMP_STDCALL_NAME(a,b) NAME(a)
85%endif
86
87
88;;
89; Import data and code for an API call.
90;
91; @param 1 The plain API name.
92; @param 2 The parameter frame size on x86. Multiple of dword.
93; @param 3 Non-zero expression if system call.
94;
95%define SUPHNTIMP_SYSCALL 1
96%macro SupHardNtImport 3
97 ;
98 ; The data.
99 ;
100BEGINDATA
101global __imp_ %+ SUPHNTIMP_STDCALL_NAME(%1,%2) ; The import name used via dllimport.
102__imp_ %+ SUPHNTIMP_STDCALL_NAME(%1,%2):
103GLOBALNAME g_pfn %+ %1 ; The name we like to refer to.
104 RTCCPTR_DEF 0
105%if %3
106GLOBALNAME g_uApiNo %+ %1
107 RTCCPTR_DEF 0
108%endif
109
110 ;
111 ; The code: First a call stub.
112 ;
113BEGINCODE
114global SUPHNTIMP_STDCALL_NAME(%1, %2)
115SUPHNTIMP_STDCALL_NAME(%1, %2):
116 jmp RTCCPTR_PRE [NAME(g_pfn %+ %1) xWrtRIP]
117
118%if %3
119 ;
120 ; Make system calls.
121 ;
122 %ifdef RT_ARCH_AMD64
123BEGINPROC %1 %+ _SyscallType1
124 SEH64_END_PROLOGUE
125 mov eax, [NAME(g_uApiNo %+ %1) xWrtRIP]
126 mov r10, rcx
127 syscall
128 ret
129ENDPROC %1 %+ _SyscallType1
130 %else
131BEGINPROC %1 %+ _SyscallType1
132 mov edx, 07ffe0300h ; SharedUserData!SystemCallStub
133 mov eax, [NAME(g_uApiNo %+ %1) xWrtRIP]
134 call dword [edx]
135 ret %2
136ENDPROC %1 %+ _SyscallType1
137BEGINPROC %1 %+ _SyscallType2
138 push .return
139 mov edx, esp
140 mov eax, [NAME(g_uApiNo %+ %1) xWrtRIP]
141 sysenter
142 add esp, 4
143.return:
144 ret %2
145ENDPROC %1 %+ _SyscallType2
146 %endif
147%endif
148%endmacro
149
150%define SUPHARNT_COMMENT(a_Comment)
151%define SUPHARNT_IMPORT_SYSCALL(a_Name, a_cbParamsX86) SupHardNtImport a_Name, a_cbParamsX86, SUPHNTIMP_SYSCALL
152%define SUPHARNT_IMPORT_STDCALL(a_Name, a_cbParamsX86) SupHardNtImport a_Name, a_cbParamsX86, 0
153%include "import-template-ntdll.h"
154%include "import-template-kernel32.h"
155
156
157;
158; For simplified LdrLoadDll patching we define a special writable, readable and
159; exectuable section of 4KB where we can put jump back code.
160;
161section .rwxpg bss execute read write align=4096
162GLOBALNAME g_abSupHardReadWriteExecPage
163 resb 4096
164
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette