10
edits
Blocklisting/DLL: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 36: | Line 36: | ||
] | ] | ||
=== Parameters === | |||
{| class="wikitable" | {| class="wikitable" | ||
| Line 97: | Line 97: | ||
* '''BLOCK_WIN8_ONLY''' | * '''BLOCK_WIN8_ONLY''' | ||
== How the blocklist blocks a DLL == | |||
Briefly speaking, we make ntdll!NtMapViewOfSection return STATUS_ACCESS_DENIED if a given module is on the blocklist, thereby a third-party’s code, or even Firefox’s legitimate code, which tries to load a DLL in our processes in any way such as LoadLibrary API fails and receives an access-denied error. | Briefly speaking, we make ntdll!NtMapViewOfSection return STATUS_ACCESS_DENIED if a given module is on the blocklist, thereby a third-party’s code, or even Firefox’s legitimate code, which tries to load a DLL in our processes in any way such as LoadLibrary API fails and receives an access-denied error. | ||
== Third-party-module ping == | |||
We’re collecting [https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/data/third-party-modules-ping.html the third-party-module ping] which captures a moment when a third-party module is loaded into the Browser/Tab/RDD process. As it’s asked in the request form, it’s important to check the third-party-module ping and see whether a module we want to block appears in the ping or not. If it appears, you may be able to know how a module is loaded by looking at a callstack in the ping. | We’re collecting [https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/data/third-party-modules-ping.html the third-party-module ping] which captures a moment when a third-party module is loaded into the Browser/Tab/RDD process. As it’s asked in the request form, it’s important to check the third-party-module ping and see whether a module we want to block appears in the ping or not. If it appears, you may be able to know how a module is loaded by looking at a callstack in the ping. | ||
== How to view callstacks in the ping == | |||
# You can run a query on BigQuery console or STMO.<br />(BigQuery console is much faster and can handle larger data.)<br />- BigQuery console (visit here to request access): https://console.cloud.google.com/bigquery<br />- STMO: https://sql.telemetry.mozilla.org/ | # You can run a query on BigQuery console or STMO.<br />(BigQuery console is much faster and can handle larger data.)<br />- BigQuery console (visit here to request access): https://console.cloud.google.com/bigquery<br />- STMO: https://sql.telemetry.mozilla.org/ | ||
| Line 115: | Line 115: | ||
# Click a row in the table to view a callstack | # Click a row in the table to view a callstack | ||
== How to see the versions of a specific module in the ping == | |||
You can use [https://msmania.github.io/assets/mozilla/third-party-modules/query-groupby-template.txt this template] to query which versions of a specific module are captured in the ping. This tells the product versions which are actively used including the crashing versions and the working versions. | You can use [https://msmania.github.io/assets/mozilla/third-party-modules/query-groupby-template.txt this template] to query which versions of a specific module are captured in the ping. This tells the product versions which are actively used including the crashing versions and the working versions. | ||