New issue
Advanced search Search tips

Issue 870083 link

Starred by 1 user
Status: Untriaged
Owner: ----
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

chrome_elf has a few unwanted imports

Project Member Reported by wfh@chromium.org, Aug 1 
Chrome Version: 2de90794289b9 (70.0.3509.0)
OS: Win10

What steps will reproduce the problem?
(1) dumpbin /imports chrome_elf.dll

What is the expected result?

just KERNEL32.dll, VERSION.dll, dbghelp.dll

What happens instead?

KERNEL32.dll, VERSION.dll, dbghelp.dll and also:

WINMM.dll - timeGetTime
ADVAPI32.dll - SystemFunction036

I'm not sure if either of these is needed. The WINMM one is more concerning because it pulls in a load of dependencies including but not limited to winhttp.dll, which means we can be hijacked by bin-planting in Chrome's executable directory. I don't care as much about the advapi32.dll.

WINMM.dll!timeGetTime is called via:

timeGetTime
timeGetTimeWrapper
RolloverProtectedNow
InitializeNowFunctionPointer
InitialNowFunction
base::TimeTicks::Now
base::debug::ThreadActivityTracker::PushActivity
base::debug::ScopedLockAcquireActivity::ScopedLockAcquireActivity
base::internal::LockImpl::Lock
crashpad::CrashpadClient::DumpWithoutCrash

https://cs.chromium.org/chromium/src/third_party/crashpad/crashpad/client/crashpad_client_win.cc?l=740

ADVAPI32.dll!SystemFunction036 is called via:

SystemFunction036
base::RandBytes
crashpad::UUID::InitializeWithNew

https://cs.chromium.org/chromium/src/third_party/crashpad/crashpad/util/misc/uuid.cc?l=104

also, there is another path:

SystemFunction036
base::RandBytes
base::RandInt
crashpad::RandomString
crashpad::anon::CreatePipe
crashpad::CrashpadClient::StartHandler

https://cs.chromium.org/chromium/src/third_party/crashpad/crashpad/client/crashpad_client_win.cc?l=282

Comment 1 by wfh@chromium.org, Aug 2 

I performed a number of bisects, these imports floated around between being delay load (or not) and whether things like rpcrt4.dll was also needed. There was also a Dark Time when advapi32.dll was not delay load...

Anyway, just looking at WINMM.dll...

This dependency was added in https://chromium.googlesource.com/chromium/src/+/d9705964f525c278a5939b6fcd29a10f732149d0 back in 54.0.2826.0

replacing timeGetTimeWrapper's call to timeGetTime() with a call to GetTickCount() [Note: just for testing, this might not be the appropriate solution] removes the WINMM dep from chrome_elf.dll and the DLLs load order changes:

(BEFORE)

ModLoad: 00007ff7`b30a0000 00007ff7`b3242000   chrome.exe
ModLoad: 00007ffd`e8db0000 00007ffd`e8f91000   ntdll.dll
ModLoad: 00007ffd`e84f0000 00007ffd`e85a2000   C:\WINDOWS\System32\KERNEL32.DLL
ModLoad: 00007ffd`e5d70000 00007ffd`e5fe3000   C:\WINDOWS\System32\KERNELBASE.dll
ModLoad: 00007ffd`e2da0000 00007ffd`e2e2b000   C:\WINDOWS\SYSTEM32\apphelp.dll
ModLoad: 00007ffd`e6e70000 00007ffd`e82b0000   C:\WINDOWS\System32\SHELL32.dll
ModLoad: 00007ffd`e8380000 00007ffd`e841e000   C:\WINDOWS\System32\msvcrt.dll
ModLoad: 00007ffd`e51e0000 00007ffd`e5229000   C:\WINDOWS\System32\cfgmgr32.dll
ModLoad: 00007ffd`e5ff0000 00007ffd`e60ea000   C:\WINDOWS\System32\ucrtbase.dll
ModLoad: 00007ffd`e6dc0000 00007ffd`e6e69000   C:\WINDOWS\System32\shcore.dll
ModLoad: 00007ffd`e6c90000 00007ffd`e6db4000   C:\WINDOWS\System32\RPCRT4.dll
ModLoad: 00007ffd`e8a50000 00007ffd`e8d73000   C:\WINDOWS\System32\combase.dll
ModLoad: 00007ffd`e5420000 00007ffd`e549a000   C:\WINDOWS\System32\bcryptPrimitives.dll
ModLoad: 00007ffd`e5640000 00007ffd`e5d4d000   C:\WINDOWS\System32\windows.storage.dll
ModLoad: 00007ffd`e6340000 00007ffd`e63e1000   C:\WINDOWS\System32\advapi32.dll
ModLoad: 00007ffd`e89f0000 00007ffd`e8a4b000   C:\WINDOWS\System32\sechost.dll
ModLoad: 00007ffd`e82b0000 00007ffd`e8301000   C:\WINDOWS\System32\shlwapi.dll
ModLoad: 00007ffd`e6c40000 00007ffd`e6c68000   C:\WINDOWS\System32\GDI32.dll
ModLoad: 00007ffd`e54a0000 00007ffd`e5632000   C:\WINDOWS\System32\gdi32full.dll
ModLoad: 00007ffd`e60f0000 00007ffd`e618f000   C:\WINDOWS\System32\msvcp_win.dll
ModLoad: 00007ffd`e8690000 00007ffd`e8820000   C:\WINDOWS\System32\USER32.dll
ModLoad: 00007ffd`e5d50000 00007ffd`e5d70000   C:\WINDOWS\System32\win32u.dll
ModLoad: 00007ffd`e5130000 00007ffd`e5141000   C:\WINDOWS\System32\kernel.appcore.dll
ModLoad: 00007ffd`e50c0000 00007ffd`e50df000   C:\WINDOWS\System32\profapi.dll
ModLoad: 00007ffd`e50e0000 00007ffd`e512c000   C:\WINDOWS\System32\powrprof.dll
ModLoad: 00007ffd`e5150000 00007ffd`e515a000   C:\WINDOWS\System32\FLTLIB.DLL
ModLoad: 00007ffd`e6c80000 00007ffd`e6c88000   C:\WINDOWS\System32\PSAPI.DLL
ModLoad: 00007ffd`9b320000 00007ffd`9b3c6000   C:\src\gclient\src\out\goma64\chrome_elf.dll
ModLoad: 00007ffd`dfb60000 00007ffd`dfb6a000   C:\WINDOWS\SYSTEM32\VERSION.dll
ModLoad: 00007ffd`e2fe0000 00007ffd`e3003000   C:\WINDOWS\SYSTEM32\WINMM.dll
ModLoad: 00007ffd`e4fc0000 00007ffd`e4fe8000   C:\WINDOWS\SYSTEM32\USERENV.dll
ModLoad: 00007ffd`e0820000 00007ffd`e08fc000   C:\WINDOWS\SYSTEM32\WINHTTP.dll
ModLoad: 00007ffd`e2fb0000 00007ffd`e2fda000   C:\WINDOWS\SYSTEM32\WINMMBASE.dll
ModLoad: 00007ffd`e4af0000 00007ffd`e4afb000   C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL

(AFTER)

ModLoad: 00007ff6`c5040000 00007ff6`c51e2000   chrome.exe
ModLoad: 00007ffd`e8db0000 00007ffd`e8f91000   ntdll.dll
ModLoad: 00007ffd`e84f0000 00007ffd`e85a2000   C:\WINDOWS\System32\KERNEL32.DLL
ModLoad: 00007ffd`e5d70000 00007ffd`e5fe3000   C:\WINDOWS\System32\KERNELBASE.dll
ModLoad: 00007ffd`e2da0000 00007ffd`e2e2b000   C:\WINDOWS\SYSTEM32\apphelp.dll
ModLoad: 00007ffd`e6e70000 00007ffd`e82b0000   C:\WINDOWS\System32\SHELL32.dll
ModLoad: 00007ffd`e8380000 00007ffd`e841e000   C:\WINDOWS\System32\msvcrt.dll
ModLoad: 00007ffd`e51e0000 00007ffd`e5229000   C:\WINDOWS\System32\cfgmgr32.dll
ModLoad: 00007ffd`e5ff0000 00007ffd`e60ea000   C:\WINDOWS\System32\ucrtbase.dll
ModLoad: 00007ffd`e6dc0000 00007ffd`e6e69000   C:\WINDOWS\System32\shcore.dll
ModLoad: 00007ffd`e6c90000 00007ffd`e6db4000   C:\WINDOWS\System32\RPCRT4.dll
ModLoad: 00007ffd`e8a50000 00007ffd`e8d73000   C:\WINDOWS\System32\combase.dll
ModLoad: 00007ffd`e5420000 00007ffd`e549a000   C:\WINDOWS\System32\bcryptPrimitives.dll
ModLoad: 00007ffd`e5640000 00007ffd`e5d4d000   C:\WINDOWS\System32\windows.storage.dll
ModLoad: 00007ffd`e6340000 00007ffd`e63e1000   C:\WINDOWS\System32\advapi32.dll
ModLoad: 00007ffd`e89f0000 00007ffd`e8a4b000   C:\WINDOWS\System32\sechost.dll
ModLoad: 00007ffd`e82b0000 00007ffd`e8301000   C:\WINDOWS\System32\shlwapi.dll
ModLoad: 00007ffd`e6c40000 00007ffd`e6c68000   C:\WINDOWS\System32\GDI32.dll
ModLoad: 00007ffd`e54a0000 00007ffd`e5632000   C:\WINDOWS\System32\gdi32full.dll
ModLoad: 00007ffd`e60f0000 00007ffd`e618f000   C:\WINDOWS\System32\msvcp_win.dll
ModLoad: 00007ffd`e8690000 00007ffd`e8820000   C:\WINDOWS\System32\USER32.dll
ModLoad: 00007ffd`e5d50000 00007ffd`e5d70000   C:\WINDOWS\System32\win32u.dll
ModLoad: 00007ffd`e5130000 00007ffd`e5141000   C:\WINDOWS\System32\kernel.appcore.dll
ModLoad: 00007ffd`e50c0000 00007ffd`e50df000   C:\WINDOWS\System32\profapi.dll
ModLoad: 00007ffd`e50e0000 00007ffd`e512c000   C:\WINDOWS\System32\powrprof.dll
ModLoad: 00007ffd`e5150000 00007ffd`e515a000   C:\WINDOWS\System32\FLTLIB.DLL
ModLoad: 00007ffd`e6c80000 00007ffd`e6c88000   C:\WINDOWS\System32\PSAPI.DLL
ModLoad: 00007ffd`c8c00000 00007ffd`c8ca6000   C:\src\gclient\src\out\goma64\chrome_elf.dll
ModLoad: 00007ffd`dfb60000 00007ffd`dfb6a000   C:\WINDOWS\SYSTEM32\VERSION.dll
ModLoad: 00007ffd`e4fc0000 00007ffd`e4fe8000   C:\WINDOWS\SYSTEM32\USERENV.dll
ModLoad: 00007ffd`e0820000 00007ffd`e08fc000   C:\WINDOWS\SYSTEM32\WINHTTP.dll
ModLoad: 00007ffd`e4af0000 00007ffd`e4afb000   C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL

note: WINMM.dll and WINMMBASE.dll are now gone. shrug. Still loading a lot more than I'd like, and still winhttp.dll. I might see how I can play with this going forward.

Sign in to add a comment