diff options
author | Elinor Fung <47805090+elinor-fung@users.noreply.github.com> | 2019-03-15 12:33:43 -0700 |
---|---|---|
committer | Jan Kotas <jkotas@microsoft.com> | 2019-03-15 12:33:43 -0700 |
commit | 3a029763047b5144e9fdca7f4c0d70553ddbf2e8 (patch) | |
tree | 69571410af99b41c52d000419621628f3a5e3eba /src/vm/peimagelayout.cpp | |
parent | 66009329a187634dc432854cdd7c893d972156eb (diff) | |
download | coreclr-3a029763047b5144e9fdca7f4c0d70553ddbf2e8.tar.gz coreclr-3a029763047b5144e9fdca7f4c0d70553ddbf2e8.tar.bz2 coreclr-3a029763047b5144e9fdca7f4c0d70553ddbf2e8.zip |
Port AMSI scanning for assembly loads (#23231)
* Port AMSI scanning for assembly loads
* Define PLATFORM_WINDOWS for Windows build
* Remove check for LOAD_LIBRARY_SEARCH_SYSTEM32 support
Diffstat (limited to 'src/vm/peimagelayout.cpp')
-rw-r--r-- | src/vm/peimagelayout.cpp | 82 |
1 files changed, 50 insertions, 32 deletions
diff --git a/src/vm/peimagelayout.cpp b/src/vm/peimagelayout.cpp index 5bc4e361c5..e839e8ffb0 100644 --- a/src/vm/peimagelayout.cpp +++ b/src/vm/peimagelayout.cpp @@ -3,12 +3,16 @@ // See the LICENSE file in the project root for more information. -// +// #include "common.h" #include "peimagelayout.h" #include "peimagelayout.inl" +#if defined(PLATFORM_WINDOWS) && !defined(CROSSGEN_COMPILE) +#include "amsi.h" +#endif + #ifndef DACCESS_COMPILE PEImageLayout* PEImageLayout::CreateFlat(const void *flat, COUNT_T size,PEImage* pOwner) { @@ -67,7 +71,7 @@ PEImageLayout* PEImageLayout::Map(HANDLE hFile, PEImage* pOwner) POSTCONDITION(RETVAL->CheckFormat()); } CONTRACT_END; - + PEImageLayoutHolder pAlloc(new MappedImageLayout(hFile,pOwner)); if (pAlloc->GetBase()==NULL) { @@ -81,7 +85,7 @@ PEImageLayout* PEImageLayout::Map(HANDLE hFile, PEImage* pOwner) else if(!pAlloc->CheckFormat()) ThrowHR(COR_E_BADIMAGEFORMAT); - RETURN pAlloc.Extract(); + RETURN pAlloc.Extract(); } #ifdef FEATURE_PREJIT @@ -292,7 +296,7 @@ void PEImageLayout::ApplyBaseRelocations() #endif // FEATURE_PREJIT -RawImageLayout::RawImageLayout(const void *flat, COUNT_T size,PEImage* pOwner) +RawImageLayout::RawImageLayout(const void *flat, COUNT_T size, PEImage* pOwner) { CONTRACTL { @@ -308,14 +312,28 @@ RawImageLayout::RawImageLayout(const void *flat, COUNT_T size,PEImage* pOwner) if (size) { - HandleHolder mapping(WszCreateFileMapping(INVALID_HANDLE_VALUE, NULL, - PAGE_READWRITE, 0, - size, NULL)); +#if defined(PLATFORM_WINDOWS) && !defined(CROSSGEN_COMPILE) + if (Amsi::IsBlockedByAmsiScan((void*)flat, size)) + { + // This is required to throw a BadImageFormatException for compatibility, but + // use the message from ERROR_VIRUS_INFECTED to give better insight on what's wrong + SString virusHrString; + GetHRMsg(HRESULT_FROM_WIN32(ERROR_VIRUS_INFECTED), virusHrString); + ThrowHR(COR_E_BADIMAGEFORMAT, virusHrString); + } +#endif // defined(PLATFORM_WINDOWS) && !defined(CROSSGEN_COMPILE) + + HandleHolder mapping(WszCreateFileMapping(INVALID_HANDLE_VALUE, + NULL, + PAGE_READWRITE, + 0, + size, + NULL)); if (mapping==NULL) ThrowLastError(); m_DataCopy.Assign(CLRMapViewOfFile(mapping, FILE_MAP_ALL_ACCESS, 0, 0, 0)); if(m_DataCopy==NULL) - ThrowLastError(); + ThrowLastError(); memcpy(m_DataCopy,flat,size); flat=m_DataCopy; } @@ -341,14 +359,14 @@ RawImageLayout::RawImageLayout(const void *mapped, PEImage* pOwner, BOOL bTakeOw #ifndef FEATURE_PAL PathString wszDllName; WszGetModuleFileName((HMODULE)mapped, wszDllName); - + m_LibraryHolder=CLRLoadLibraryEx(wszDllName,NULL,GetLoadWithAlteredSearchPathFlag()); #else // !FEATURE_PAL _ASSERTE(!"bTakeOwnership Should not be used on FEATURE_PAL"); #endif // !FEATURE_PAL } - TESTHOOKCALL(ImageMapped(GetPath(),mapped,bFixedUp?IM_IMAGEMAP|IM_FIXEDUP:IM_IMAGEMAP)); + TESTHOOKCALL(ImageMapped(GetPath(),mapped,bFixedUp?IM_IMAGEMAP|IM_FIXEDUP:IM_IMAGEMAP)); IfFailThrow(Init((void*)mapped,(bool)(bFixedUp!=FALSE))); } @@ -360,32 +378,32 @@ ConvertedImageLayout::ConvertedImageLayout(PEImageLayout* source) STANDARD_VM_CHECK; } CONTRACTL_END; - m_Layout=LAYOUT_LOADED; + m_Layout=LAYOUT_LOADED; m_pOwner=source->m_pOwner; _ASSERTE(!source->IsMapped()); - + if (!source->HasNTHeaders()) EEFileLoadException::Throw(GetPath(), COR_E_BADIMAGEFORMAT); LOG((LF_LOADER, LL_INFO100, "PEImage: Opening manually mapped stream\n")); - m_FileMap.Assign(WszCreateFileMapping(INVALID_HANDLE_VALUE, NULL, - PAGE_READWRITE, 0, + m_FileMap.Assign(WszCreateFileMapping(INVALID_HANDLE_VALUE, NULL, + PAGE_READWRITE, 0, source->GetVirtualSize(), NULL)); if (m_FileMap == NULL) ThrowLastError(); - - m_FileView.Assign(CLRMapViewOfFileEx(m_FileMap, FILE_MAP_ALL_ACCESS, 0, 0, 0, + + m_FileView.Assign(CLRMapViewOfFileEx(m_FileMap, FILE_MAP_ALL_ACCESS, 0, 0, 0, (void *) source->GetPreferredBase())); if (m_FileView == NULL) m_FileView.Assign(CLRMapViewOfFile(m_FileMap, FILE_MAP_ALL_ACCESS, 0, 0, 0)); - + if (m_FileView == NULL) ThrowLastError(); - + source->LayoutILOnly(m_FileView, TRUE); //@TODO should be false for streams - TESTHOOKCALL(ImageMapped(GetPath(),m_FileView,IM_IMAGEMAP)); + TESTHOOKCALL(ImageMapped(GetPath(),m_FileView,IM_IMAGEMAP)); IfFailThrow(Init(m_FileView)); #ifdef CROSSGEN_COMPILE @@ -420,7 +438,7 @@ MappedImageLayout::MappedImageLayout(HANDLE hFile, PEImage* pOwner) #ifndef CROSSGEN_COMPILE // Capture last error as it may get reset below. - + DWORD dwLastError = GetLastError(); // There is no reflection-only load on CoreCLR and so we can always throw an error here. // It is important on Windows Phone. All assemblies that we load must have SEC_IMAGE set @@ -452,14 +470,14 @@ MappedImageLayout::MappedImageLayout(HANDLE hFile, PEImage* pOwner) m_FileView.Assign(CLRMapViewOfFile(m_FileMap, 0, 0, 0, 0)); if (m_FileView == NULL) ThrowLastError(); - TESTHOOKCALL(ImageMapped(GetPath(),m_FileView,IM_IMAGEMAP)); + TESTHOOKCALL(ImageMapped(GetPath(),m_FileView,IM_IMAGEMAP)); IfFailThrow(Init((void *) m_FileView)); #ifdef CROSSGEN_COMPILE //Do base relocation for PE. Unlike LoadLibrary, MapViewOfFile will not do that for us even with SEC_IMAGE if (pOwner->IsTrustedNativeImage()) { - // This should never happen in correctly setup system, but do a quick check right anyway to + // This should never happen in correctly setup system, but do a quick check right anyway to // avoid running too far with bogus data if (!HasCorHeader()) @@ -510,7 +528,7 @@ MappedImageLayout::MappedImageLayout(HANDLE hFile, PEImage* pOwner) if (m_LoadedFile == NULL) { - // For CoreCLR, try to load all files via LoadLibrary first. If LoadLibrary did not work, retry using + // For CoreCLR, try to load all files via LoadLibrary first. If LoadLibrary did not work, retry using // regular mapping - but not for native images. if (pOwner->IsTrustedNativeImage()) ThrowHR(E_FAIL); // we don't have any indication of what kind of failure. Possibly a corrupt image. @@ -553,14 +571,14 @@ LoadedImageLayout::LoadedImageLayout(PEImage* pOwner, BOOL bNTSafeLoad, BOOL bTh PRECONDITION(CheckPointer(pOwner)); } CONTRACTL_END; - - m_Layout=LAYOUT_LOADED; + + m_Layout=LAYOUT_LOADED; m_pOwner=pOwner; DWORD dwFlags = GetLoadWithAlteredSearchPathFlag(); if (bNTSafeLoad) dwFlags|=DONT_RESOLVE_DLL_REFERENCES; - + m_Module = CLRLoadLibraryEx(pOwner->GetPath(), NULL, dwFlags); if (m_Module == NULL) { @@ -584,11 +602,11 @@ FlatImageLayout::FlatImageLayout(HANDLE hFile, PEImage* pOwner) { CONSTRUCTOR_CHECK; STANDARD_VM_CHECK; - PRECONDITION(CheckPointer(pOwner)); + PRECONDITION(CheckPointer(pOwner)); } CONTRACTL_END; - m_Layout=LAYOUT_FLAT; - m_pOwner=pOwner; + m_Layout=LAYOUT_FLAT; + m_pOwner=pOwner; LOG((LF_LOADER, LL_INFO100, "PEImage: Opening flat %S\n", (LPCWSTR) GetPath())); COUNT_T size = SafeGetFileSize(hFile, NULL); @@ -596,9 +614,9 @@ FlatImageLayout::FlatImageLayout(HANDLE hFile, PEImage* pOwner) { ThrowLastError(); } - + // It's okay if resource files are length zero - if (size > 0) + if (size > 0) { m_FileMap.Assign(WszCreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL)); if (m_FileMap == NULL) @@ -608,7 +626,7 @@ FlatImageLayout::FlatImageLayout(HANDLE hFile, PEImage* pOwner) if (m_FileView == NULL) ThrowLastError(); } - TESTHOOKCALL(ImageMapped(GetPath(),m_FileView,IM_FLAT)); + TESTHOOKCALL(ImageMapped(GetPath(),m_FileView,IM_FLAT)); Init(m_FileView, size); } |