Don't switch to RtlCreateUserThread until after lockdown.

BUG=91413 TEST=None. Review URL: http://codereview.chromium.org/7552014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@96558 0039d316-1c4b-4281-b951-d872f2087c98

Don't switch to RtlCreateUserThread until after lockdown.
BUG=91413 TEST=None. Review URL: http://codereview.chromium.org/7552014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@96558 0039d316-1c4b-4281-b951-d872f2087c98
8b615de5 · jschuh@chromium.org · e1e4764e · 8b615de5
Commit 8b615de5 authored Aug 12, 2011 by jschuh@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 0 deletions

sandbox/src/process_thread_interception.cc sandbox/src/process_thread_interception.cc +11 -0

No files found.
--- a/sandbox/src/process_thread_interception.cc
+++ b/sandbox/src/process_thread_interception.cc
@@ -407,7 +407,16 @@ HANDLE WINAPI TargetCreateThread(CreateThreadFunction orig_CreateThread,
                                 PVOID parameter,
                                 DWORD creation_flags,
                                 LPDWORD thread_id) {
+// Try the normal CreateThread; switch to RtlCreateUserThread if needed.
+  static bool use_create_thread = true;
  HANDLE thread;
+  if (use_create_thread) {
+    thread = orig_CreateThread(thread_attributes, stack_size, start_address,
+                               parameter, creation_flags, thread_id);
+    if (thread)
+      return thread;
+  }
+
  PSECURITY_DESCRIPTOR sd =
      thread_attributes ? thread_attributes->lpSecurityDescriptor : NULL;
  CLIENT_ID client_id;
@@ -419,6 +428,8 @@ HANDLE WINAPI TargetCreateThread(CreateThreadFunction orig_CreateThread,
  if (!NT_SUCCESS(result))
    return 0;

+  // CSRSS is closed if we got here, so use RtlCreateUserThread from here on.
+  use_create_thread = false;
  if (thread_id)
    *thread_id = HandleToUlong(client_id.UniqueThread);
  return thread;