Changeset 21361 for trunk/src

Timestamp:

Feb 25, 2010, 6:43:10 PM (15 years ago)

Author:

vladest

Message:

KERNEL32:

• Added some security related functions
• removed extra logging

Location:

trunk/src/kernel32

Files:

• KERNEL32.DEF (modified) (1 diff)
• dbgwrap.cpp (modified) (1 diff)
• heap.cpp (modified) (1 diff)
• heapstring.cpp (modified) (2 diffs)
• kernel32dbg.def (modified) (2 diffs)
• virtual.cpp (modified) (2 diffs)

trunk/src/kernel32/KERNEL32.DEF

@@ -1342 +1342 @@
     RasGetTrackHandle           = _RasGetTrackHandle@4               @3528
 
+    DecodePointer              = _DecodePointer@4                 @3529 NONAME
+    EncodePointer              = _EncodePointer@4                 @3530 NONAME
+    RtlUniform                 = _RtlUniform@4                    @3531 NONAME

trunk/src/kernel32/dbgwrap.cpp

@@ -855 +855 @@
 DEBUGWRAP16(VirtualProtect);
 DEBUGWRAP20(VirtualProtectEx);
-DEBUGWRAP12(VirtualQuery);
+//DEBUGWRAP12(VirtualQuery);
 DEBUGWRAP16(VirtualQueryEx);
 DEBUGWRAP8(VirtualUnlock);

trunk/src/kernel32/heap.cpp

@@ -925 +925 @@
 //******************************************************************************
 //******************************************************************************
+
+/*************************************************************************
+ * RtlUniform *
+ * Generates an uniform random number
+ *
+ * PARAMS
+ *  seed [O] The seed of the Random function
+ *
+ * RETURNS
+ *  It returns a random number uniformly distributed over [0..MAXLONG-1].
+ *
+ * NOTES
+ *  Generates an uniform random number using D.H. Lehmer's 1948 algorithm.
+ *  In our case the algorithm is:
+ *
+ *|  result = (*seed * 0x7fffffed + 0x7fffffc3) % MAXLONG;
+ *|
+ *|  *seed = result;
+ *
+ * DIFFERENCES
+ *  The native documentation states that the random number is
+ *  uniformly distributed over [0..MAXLONG]. In reality the native
+ *  function and our function return a random number uniformly
+ *  distributed over [0..MAXLONG-1].
+ */
+ULONG WINAPI RtlUniform (PULONG seed)
+{
+    ULONG result;
+
+   /*
+    * Instead of the algorithm stated above, we use the algorithm
+    * below, which is totally equivalent (see the tests), but does
+    * not use a division and therefore is faster.
+    */
+    result = *seed * 0xffffffed + 0x7fffffc3;
+    if (result == 0xffffffff || result == 0x7ffffffe) {
+        result = (result + 2) & MAXLONG;
+    } else if (result == 0x7fffffff) {
+        result = 0;
+    } else if ((result & 0x80000000) == 0) {
+        result = result + (~result & 1);
+    } else {
+        result = (result + (result & 1)) & MAXLONG;
+    } /* if */
+    *seed = result;
+    return result;
+}
+
+static DWORD_PTR get_pointer_obfuscator( void )
+{
+    static DWORD_PTR pointer_obfuscator;
+
+    if (!pointer_obfuscator)
+    {
+        ULONG seed = GetTickCount();
+        ULONG_PTR rand;
+
+        /* generate a random value for the obfuscator */
+        rand = RtlUniform( &seed );
+
+        /* handle 64bit pointers */
+        rand ^= (ULONG_PTR)RtlUniform( &seed ) << ((sizeof (DWORD_PTR) - sizeof (ULONG))*8);
+
+        /* set the high bits so dereferencing obfuscated pointers will (usually) crash */
+        rand |= (ULONG_PTR)0xc0000000 << ((sizeof (DWORD_PTR) - sizeof (ULONG))*8);
+
+        InterlockedCompareExchange( (PLONG) &pointer_obfuscator, (LONG) rand, NULL );
+    }
+
+    return pointer_obfuscator;
+}
+
+/*************************************************************************
+ * EncodePointer
+ */
+PVOID WINAPI EncodePointer( PVOID ptr )
+{
+    DWORD_PTR ptrval = (DWORD_PTR) ptr;
+    return (PVOID)((ULONG)ptrval ^ (ULONG)get_pointer_obfuscator());
+}
+
+PVOID WINAPI DecodePointer( PVOID ptr )
+{
+    DWORD_PTR ptrval = (DWORD_PTR) ptr;
+    return (PVOID)((ULONG)ptrval ^ (ULONG)get_pointer_obfuscator());
+}
+

trunk/src/kernel32/heapstring.cpp

@@ -573 +573 @@
     if (ascii == NULL)
     {
-        DebugInt3();
+        //DebugInt3();
         if (unicode != NULL) unicode[0] = 0; //CB: set at least end
         return NULL;
@@ -579 +579 @@
 
     if (unicode == NULL) {
-        DebugInt3();
+        //DebugInt3();
         return NULL;  /* garbage in, garbage out ! */
     }

trunk/src/kernel32/kernel32dbg.def

@@ -890 +890 @@
     VirtualProtect             = _DbgVirtualProtect@16          @714
     VirtualProtectEx           = _DbgVirtualProtectEx@20        @715
-    VirtualQuery               = _DbgVirtualQuery@12            @716
+;    VirtualQuery               = _DbgVirtualQuery@12            @716
+    VirtualQuery               = _VirtualQuery@12            @716
     VirtualQueryEx             = _DbgVirtualQueryEx@16          @717
     VirtualUnlock              = _DbgVirtualUnlock@8            @718
@@ -1340 +1341 @@
     RasGetTrackHandle           = _RasGetTrackHandle@4               @3528
 
+    DecodePointer              = _DecodePointer@4                 @3529 NONAME
+    EncodePointer              = _EncodePointer@4                 @3530 NONAME
+    RtlUniform                 = _RtlUniform@4                    @3531 NONAME

trunk/src/kernel32/virtual.cpp

@@ -750 +750 @@
         TranslateOS2PageAttr(dAttr, &pmbiBuffer->AllocationProtect, NULL, NULL);
     }
+#if 0
     dprintf(("Memory region alloc base          0x%08x", pmbiBuffer->AllocationBase));
     dprintf(("Memory region alloc protect flags %x", pmbiBuffer->AllocationProtect));
@@ -757 +758 @@
     dprintf(("Memory region state               0x%08x", pmbiBuffer->State));
     dprintf(("Memory region type                0x%08x", pmbiBuffer->Type));
+#endif
     return sizeof(MEMORY_BASIC_INFORMATION);
 }