Port AMSI scanning for assembly loads (#23231)

* Port AMSI scanning for assembly loads * Define PLATFORM_WINDOWS for Windows build * Remove check for LOAD_LIBRARY_SEARCH_SYSTEM32 support
author: Elinor Fung <47805090+elinor-fung@users.noreply.github.com> 2019-03-15 12:33:43 -0700
committer: Jan Kotas <jkotas@microsoft.com> 2019-03-15 12:33:43 -0700
commit: 3a029763047b5144e9fdca7f4c0d70553ddbf2e8 (patch)
tree: 69571410af99b41c52d000419621628f3a5e3eba /src/vm/peimagelayout.cpp
parent: 66009329a187634dc432854cdd7c893d972156eb (diff)
download: coreclr-3a029763047b5144e9fdca7f4c0d70553ddbf2e8.tar.gz
coreclr-3a029763047b5144e9fdca7f4c0d70553ddbf2e8.tar.bz2
coreclr-3a029763047b5144e9fdca7f4c0d70553ddbf2e8.zip
1 files changed, 50 insertions, 32 deletions
diff --git a/src/vm/peimagelayout.cpp b/src/vm/peimagelayout.cpp
index 5bc4e361c5..e839e8ffb0 100644
--- a/src/vm/peimagelayout.cpp
+++ b/src/vm/peimagelayout.cpp
@@ -3,12 +3,16 @@
 // See the LICENSE file in the project root for more information.
 
 
-// 
+//
 
 #include "common.h"
 #include "peimagelayout.h"
 #include "peimagelayout.inl"
 
+#if defined(PLATFORM_WINDOWS) && !defined(CROSSGEN_COMPILE)
+#include "amsi.h"
+#endif
+
 #ifndef DACCESS_COMPILE
 PEImageLayout* PEImageLayout::CreateFlat(const void *flat, COUNT_T size,PEImage* pOwner)
 {
@@ -67,7 +71,7 @@ PEImageLayout* PEImageLayout::Map(HANDLE hFile, PEImage* pOwner)
         POSTCONDITION(RETVAL->CheckFormat());
     }
     CONTRACT_END;
-    
+
     PEImageLayoutHolder pAlloc(new MappedImageLayout(hFile,pOwner));
     if (pAlloc->GetBase()==NULL)
     {
@@ -81,7 +85,7 @@ PEImageLayout* PEImageLayout::Map(HANDLE hFile, PEImage* pOwner)
     else
         if(!pAlloc->CheckFormat())
             ThrowHR(COR_E_BADIMAGEFORMAT);
-    RETURN pAlloc.Extract();    
+    RETURN pAlloc.Extract();
 }
 
 #ifdef FEATURE_PREJIT
@@ -292,7 +296,7 @@ void PEImageLayout::ApplyBaseRelocations()
 #endif // FEATURE_PREJIT
 
 
-RawImageLayout::RawImageLayout(const void *flat, COUNT_T size,PEImage* pOwner)
+RawImageLayout::RawImageLayout(const void *flat, COUNT_T size, PEImage* pOwner)
 {
     CONTRACTL
     {
@@ -308,14 +312,28 @@ RawImageLayout::RawImageLayout(const void *flat, COUNT_T size,PEImage* pOwner)
 
     if (size)
     {
-        HandleHolder mapping(WszCreateFileMapping(INVALID_HANDLE_VALUE, NULL, 
-                                               PAGE_READWRITE, 0, 
-                                               size, NULL));
+#if defined(PLATFORM_WINDOWS) && !defined(CROSSGEN_COMPILE)
+        if (Amsi::IsBlockedByAmsiScan((void*)flat, size))
+        {
+            // This is required to throw a BadImageFormatException for compatibility, but
+            // use the message from ERROR_VIRUS_INFECTED to give better insight on what's wrong
+            SString virusHrString;
+            GetHRMsg(HRESULT_FROM_WIN32(ERROR_VIRUS_INFECTED), virusHrString);
+            ThrowHR(COR_E_BADIMAGEFORMAT, virusHrString);
+        }
+#endif // defined(PLATFORM_WINDOWS) && !defined(CROSSGEN_COMPILE)
+
+        HandleHolder mapping(WszCreateFileMapping(INVALID_HANDLE_VALUE,
+                                                  NULL,
+                                                  PAGE_READWRITE,
+                                                  0,
+                                                  size,
+                                                  NULL));
         if (mapping==NULL)
             ThrowLastError();
         m_DataCopy.Assign(CLRMapViewOfFile(mapping, FILE_MAP_ALL_ACCESS, 0, 0, 0));
         if(m_DataCopy==NULL)
-            ThrowLastError();    
+            ThrowLastError();
         memcpy(m_DataCopy,flat,size);
         flat=m_DataCopy;
     }
@@ -341,14 +359,14 @@ RawImageLayout::RawImageLayout(const void *mapped, PEImage* pOwner, BOOL bTakeOw
 #ifndef FEATURE_PAL
         PathString wszDllName;
         WszGetModuleFileName((HMODULE)mapped, wszDllName);
-        
+
         m_LibraryHolder=CLRLoadLibraryEx(wszDllName,NULL,GetLoadWithAlteredSearchPathFlag());
 #else // !FEATURE_PAL
         _ASSERTE(!"bTakeOwnership Should not be used on FEATURE_PAL");
 #endif // !FEATURE_PAL
     }
 
-    TESTHOOKCALL(ImageMapped(GetPath(),mapped,bFixedUp?IM_IMAGEMAP|IM_FIXEDUP:IM_IMAGEMAP));    
+    TESTHOOKCALL(ImageMapped(GetPath(),mapped,bFixedUp?IM_IMAGEMAP|IM_FIXEDUP:IM_IMAGEMAP));
     IfFailThrow(Init((void*)mapped,(bool)(bFixedUp!=FALSE)));
 }
 
@@ -360,32 +378,32 @@ ConvertedImageLayout::ConvertedImageLayout(PEImageLayout* source)
         STANDARD_VM_CHECK;
     }
     CONTRACTL_END;
-    m_Layout=LAYOUT_LOADED;    
+    m_Layout=LAYOUT_LOADED;
     m_pOwner=source->m_pOwner;
     _ASSERTE(!source->IsMapped());
-    
+
     if (!source->HasNTHeaders())
         EEFileLoadException::Throw(GetPath(), COR_E_BADIMAGEFORMAT);
     LOG((LF_LOADER, LL_INFO100, "PEImage: Opening manually mapped stream\n"));
 
 
-    m_FileMap.Assign(WszCreateFileMapping(INVALID_HANDLE_VALUE, NULL, 
-                                               PAGE_READWRITE, 0, 
+    m_FileMap.Assign(WszCreateFileMapping(INVALID_HANDLE_VALUE, NULL,
+                                               PAGE_READWRITE, 0,
                                                source->GetVirtualSize(), NULL));
     if (m_FileMap == NULL)
         ThrowLastError();
-        
 
-    m_FileView.Assign(CLRMapViewOfFileEx(m_FileMap, FILE_MAP_ALL_ACCESS, 0, 0, 0, 
+
+    m_FileView.Assign(CLRMapViewOfFileEx(m_FileMap, FILE_MAP_ALL_ACCESS, 0, 0, 0,
                                 (void *) source->GetPreferredBase()));
     if (m_FileView == NULL)
         m_FileView.Assign(CLRMapViewOfFile(m_FileMap, FILE_MAP_ALL_ACCESS, 0, 0, 0));
-    
+
     if (m_FileView == NULL)
         ThrowLastError();
-    
+
     source->LayoutILOnly(m_FileView, TRUE); //@TODO should be false for streams
-    TESTHOOKCALL(ImageMapped(GetPath(),m_FileView,IM_IMAGEMAP));            
+    TESTHOOKCALL(ImageMapped(GetPath(),m_FileView,IM_IMAGEMAP));
     IfFailThrow(Init(m_FileView));
 
 #ifdef CROSSGEN_COMPILE
@@ -420,7 +438,7 @@ MappedImageLayout::MappedImageLayout(HANDLE hFile, PEImage* pOwner)
 #ifndef CROSSGEN_COMPILE
 
         // Capture last error as it may get reset below.
-        
+
         DWORD dwLastError = GetLastError();
         // There is no reflection-only load on CoreCLR and so we can always throw an error here.
         // It is important on Windows Phone. All assemblies that we load must have SEC_IMAGE set
@@ -452,14 +470,14 @@ MappedImageLayout::MappedImageLayout(HANDLE hFile, PEImage* pOwner)
     m_FileView.Assign(CLRMapViewOfFile(m_FileMap, 0, 0, 0, 0));
     if (m_FileView == NULL)
         ThrowLastError();
-    TESTHOOKCALL(ImageMapped(GetPath(),m_FileView,IM_IMAGEMAP));    
+    TESTHOOKCALL(ImageMapped(GetPath(),m_FileView,IM_IMAGEMAP));
     IfFailThrow(Init((void *) m_FileView));
 
 #ifdef CROSSGEN_COMPILE
     //Do base relocation for PE. Unlike LoadLibrary, MapViewOfFile will not do that for us even with SEC_IMAGE
     if (pOwner->IsTrustedNativeImage())
     {
-        // This should never happen in correctly setup system, but do a quick check right anyway to 
+        // This should never happen in correctly setup system, but do a quick check right anyway to
         // avoid running too far with bogus data
 
         if (!HasCorHeader())
@@ -510,7 +528,7 @@ MappedImageLayout::MappedImageLayout(HANDLE hFile, PEImage* pOwner)
 
     if (m_LoadedFile == NULL)
     {
-        // For CoreCLR, try to load all files via LoadLibrary first. If LoadLibrary did not work, retry using 
+        // For CoreCLR, try to load all files via LoadLibrary first. If LoadLibrary did not work, retry using
         // regular mapping - but not for native images.
         if (pOwner->IsTrustedNativeImage())
             ThrowHR(E_FAIL); // we don't have any indication of what kind of failure. Possibly a corrupt image.
@@ -553,14 +571,14 @@ LoadedImageLayout::LoadedImageLayout(PEImage* pOwner, BOOL bNTSafeLoad, BOOL bTh
         PRECONDITION(CheckPointer(pOwner));
     }
     CONTRACTL_END;
-    
-    m_Layout=LAYOUT_LOADED;    
+
+    m_Layout=LAYOUT_LOADED;
     m_pOwner=pOwner;
 
     DWORD dwFlags = GetLoadWithAlteredSearchPathFlag();
     if (bNTSafeLoad)
         dwFlags|=DONT_RESOLVE_DLL_REFERENCES;
-        
+
     m_Module = CLRLoadLibraryEx(pOwner->GetPath(), NULL, dwFlags);
     if (m_Module == NULL)
     {
@@ -584,11 +602,11 @@ FlatImageLayout::FlatImageLayout(HANDLE hFile, PEImage* pOwner)
     {
         CONSTRUCTOR_CHECK;
         STANDARD_VM_CHECK;
-        PRECONDITION(CheckPointer(pOwner));        
+        PRECONDITION(CheckPointer(pOwner));
     }
     CONTRACTL_END;
-    m_Layout=LAYOUT_FLAT;    
-    m_pOwner=pOwner;    
+    m_Layout=LAYOUT_FLAT;
+    m_pOwner=pOwner;
     LOG((LF_LOADER, LL_INFO100, "PEImage: Opening flat %S\n", (LPCWSTR) GetPath()));
 
     COUNT_T size = SafeGetFileSize(hFile, NULL);
@@ -596,9 +614,9 @@ FlatImageLayout::FlatImageLayout(HANDLE hFile, PEImage* pOwner)
     {
         ThrowLastError();
     }
-        
+
     // It's okay if resource files are length zero
-    if (size > 0) 
+    if (size > 0)
     {
         m_FileMap.Assign(WszCreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL));
         if (m_FileMap == NULL)
@@ -608,7 +626,7 @@ FlatImageLayout::FlatImageLayout(HANDLE hFile, PEImage* pOwner)
         if (m_FileView == NULL)
             ThrowLastError();
     }
-    TESTHOOKCALL(ImageMapped(GetPath(),m_FileView,IM_FLAT));    
+    TESTHOOKCALL(ImageMapped(GetPath(),m_FileView,IM_FLAT));
     Init(m_FileView, size);
 }
author	Elinor Fung <47805090+elinor-fung@users.noreply.github.com>	2019-03-15 12:33:43 -0700
committer	Jan Kotas <jkotas@microsoft.com>	2019-03-15 12:33:43 -0700
commit	3a029763047b5144e9fdca7f4c0d70553ddbf2e8 (patch)
tree	69571410af99b41c52d000419621628f3a5e3eba /src/vm/peimagelayout.cpp
parent	66009329a187634dc432854cdd7c893d972156eb (diff)
download	coreclr-3a029763047b5144e9fdca7f4c0d70553ddbf2e8.tar.gz coreclr-3a029763047b5144e9fdca7f4c0d70553ddbf2e8.tar.bz2 coreclr-3a029763047b5144e9fdca7f4c0d70553ddbf2e8.zip