1    :  // Copyright 2015 Google Inc. All Rights Reserved.
   2    :  //
   3    :  // Licensed under the Apache License, Version 2.0 (the "License");
   4    :  // you may not use this file except in compliance with the License.
   5    :  // You may obtain a copy of the License at
   6    :  //
   7    :  //     http://www.apache.org/licenses/LICENSE-2.0
   8    :  //
   9    :  // Unless required by applicable law or agreed to in writing, software
  10    :  // distributed under the License is distributed on an "AS IS" BASIS,
  11    :  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12    :  // See the License for the specific language governing permissions and
  13    :  // limitations under the License.
  14    :  
  15    :  #ifndef SYZYGY_AGENT_ASAN_IAT_PATCHER_H_
  16    :  #define SYZYGY_AGENT_ASAN_IAT_PATCHER_H_
  17    :  
  18    :  #include <stdint.h>
  19    :  #include <windows.h>
  20    :  
  21    :  #include <map>
  22    :  #include "base/strings/string_piece.h"
  23    :  #include "syzygy/agent/asan/scoped_page_protections.h"
  24    :  
  25  m :  namespace agent {
  26  m :  namespace asan {
  27    :  
  28    :  // Possible outcomes of patching. This is a bitmask as multiple reasons
  29    :  // may be encountered at once.
  30  m :  enum PatchResults : uint32_t {
  31    :    // The patch succeeded.
  32  m :    PATCH_SUCCEEDED = 0x00000000,
  33    :    // The patch failed because the given module does not appear to be a
  34    :    // valid image.
  35  m :    PATCH_FAILED_INVALID_IMAGE = 0x00000001,
  36    :    // The patch failed because VirtualProtect failed to unprotect the page
  37    :    // for us.
  38  m :    PATCH_FAILED_UNPROTECT_FAILED = 0x00000002,
  39    :    // The patch failed because of an access violation when writing to the
  40    :    // IAT. This can occur if another thread changes the page protections
  41    :    // from underneath us.
  42  m :    PATCH_FAILED_ACCESS_VIOLATION = 0x00000004,
  43    :    // The patch failed because somebody else was racing us to write to the
  44    :    // same IAT entry.
  45  m :    PATCH_FAILED_RACY_WRITE = 0x00000008,
  46    :    // The patch failed because VirtualProtect failed to unprotect the page
  47    :    // for us.
  48  m :    PATCH_FAILED_REPROTECT_FAILED = 0x00000010,
  49  m :  };
  50  m :  using PatchResult = uint32_t;
  51    :  
  52  m :  typedef void (*FunctionPointer)();
  53    :  // Note this map doesn't copy the strings supplied, it's the caller's
  54    :  // responsibility to ensure their lifetime.
  55  m :  using IATPatchMap = std::map<base::StringPiece, FunctionPointer>;
  56    :  
  57    :  // Testing callback.
  58    :  
  59    :  // Modifies the IAT of @p module such that each function named in @p patch_map
  60    :  // points to the associated function.
  61    :  // @param module the module to patch up.
  62    :  // @param patch_map a map from name to the desired function.
  63    :  // @param on_unprotect Callback function that is invoked as page protections
  64    :  //     are modified. Intended as a testing seam. See scoped_page_protections.h
  65    :  //     for details.
  66    :  // @note this function is BYOL - bring your own locking.
  67    :  // @note IAT patching is inherently racy. It's wise to call this function from
  68    :  //     under a lock that prevents concurrent patching on the same module, and
  69    :  //     the caller must guarantee that the module is not unloaded during
  70    :  //     patching.
  71    :  // TODO(siggi): Should this be scoped to module name also?
  72  m :  PatchResult PatchIATForModule(HMODULE module, const IATPatchMap& patch_map);
  73  m :  PatchResult PatchIATForModule(HMODULE module, const IATPatchMap& patch_map,
  74  m :      ScopedPageProtections::OnUnprotectCallback on_unprotect);
  75    :  
  76  m :  }  // namespace asan
  77  m :  }  // namespace agent
  78    :  
  79    :  #endif  // SYZYGY_AGENT_ASAN_IAT_PATCHER_H_