winprocess_sys.c (1941B)
1 /* Copyright (c) 2018-2021, The Tor Project, Inc. */ 2 /* See LICENSE for licensing information */ 3 4 /** 5 * \file winprocess_sys.c 6 * \brief Subsystem object for windows process setup. 7 **/ 8 9 #include "orconfig.h" 10 #include "lib/subsys/subsys.h" 11 #include "lib/llharden/winprocess_sys.h" 12 13 #include <stdbool.h> 14 #include <stddef.h> 15 16 #ifdef _WIN32 17 #include <windows.h> 18 19 #define WINPROCESS_SYS_ENABLED true 20 21 static int 22 subsys_winprocess_initialize(void) 23 { 24 #ifndef HeapEnableTerminationOnCorruption 25 #define HeapEnableTerminationOnCorruption 1 26 #endif 27 28 /* On heap corruption, just give up; don't try to play along. */ 29 HeapSetInformation(NULL, HeapEnableTerminationOnCorruption, NULL, 0); 30 31 /* SetProcessDEPPolicy is only supported on 32-bit Windows. 32 * (On 64-bit Windows it always fails, and some compilers don't like the 33 * PSETDEP cast.) 34 * 32-bit Windows defines _WIN32. 35 * 64-bit Windows defines _WIN32 and _WIN64. */ 36 #ifndef _WIN64 37 /* Call SetProcessDEPPolicy to permanently enable DEP. 38 The function will not resolve on earlier versions of Windows, 39 and failure is not dangerous. */ 40 HMODULE hMod = GetModuleHandleA("Kernel32.dll"); 41 if (hMod) { 42 typedef BOOL (WINAPI *PSETDEP)(DWORD); 43 PSETDEP setdeppolicy = (PSETDEP)GetProcAddress(hMod, 44 "SetProcessDEPPolicy"); 45 if (setdeppolicy) { 46 /* PROCESS_DEP_ENABLE | PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION */ 47 setdeppolicy(3); 48 } 49 } 50 #endif /* !defined(_WIN64) */ 51 52 return 0; 53 } 54 #else /* !defined(_WIN32) */ 55 #define WINPROCESS_SYS_ENABLED false 56 #define subsys_winprocess_initialize NULL 57 #endif /* defined(_WIN32) */ 58 59 const subsys_fns_t sys_winprocess = { 60 .name = "winprocess", 61 SUBSYS_DECLARE_LOCATION(), 62 /* HeapEnableTerminationOnCorruption and setdeppolicy() are security 63 * features, we want them to run first. */ 64 .level = -100, 65 .supported = WINPROCESS_SYS_ENABLED, 66 .initialize = subsys_winprocess_initialize, 67 };