Sandboxie/SandboxiePlus/SandMan/SbiePlusAPI.cpp

497 lines
13 KiB
C++
Raw Normal View History

2020-06-18 16:44:29 +01:00
#include "stdafx.h"
#include "SbiePlusAPI.h"
2020-07-19 21:09:02 +01:00
#include "..\MiscHelpers\Common\Common.h"
2021-01-26 20:58:43 +00:00
#include <windows.h>
2020-06-18 16:44:29 +01:00
CSbiePlusAPI::CSbiePlusAPI(QObject* parent) : CSbieAPI(parent)
{
}
CSbiePlusAPI::~CSbiePlusAPI()
{
}
CSandBox* CSbiePlusAPI::NewSandBox(const QString& BoxName, class CSbieAPI* pAPI)
{
return new CSandBoxPlus(BoxName, pAPI);
}
2020-11-28 16:20:56 +00:00
CBoxedProcess* CSbiePlusAPI::NewBoxedProcess(quint32 ProcessId, class CSandBox* pBox)
2020-06-18 16:44:29 +01:00
{
2020-11-16 16:15:03 +00:00
return new CSbieProcess(ProcessId, pBox);
2020-06-18 16:44:29 +01:00
}
2020-12-22 14:50:58 +00:00
CBoxedProcessPtr CSbiePlusAPI::OnProcessBoxed(quint32 ProcessId, const QString& Path, const QString& Box, quint32 ParentId)
{
CBoxedProcessPtr pProcess = CSbieAPI::OnProcessBoxed(ProcessId, Path, Box, ParentId);
if (!pProcess.isNull() && pProcess->GetFileName().indexOf(theAPI->GetSbiePath(), 0, Qt::CaseInsensitive) != 0) {
CSandBoxPlus* pBox = pProcess.objectCast<CSbieProcess>()->GetBox();
pBox->m_RecentPrograms.insert(pProcess->GetProcessName());
}
return pProcess;
}
2020-06-18 16:44:29 +01:00
2021-01-26 20:58:43 +00:00
BOOL CALLBACK CSbiePlusAPI__WindowEnum(HWND hwnd, LPARAM lParam)
{
if (GetParent(hwnd) || GetWindow(hwnd, GW_OWNER))
return TRUE;
ULONG style = GetWindowLong(hwnd, GWL_STYLE);
if ((style & (WS_CAPTION | WS_SYSMENU)) != (WS_CAPTION | WS_SYSMENU))
return TRUE;
if (!IsWindowVisible(hwnd))
return TRUE;
/*
if ((style & WS_OVERLAPPEDWINDOW) != WS_OVERLAPPEDWINDOW &&
(style & WS_POPUPWINDOW) != WS_POPUPWINDOW)
return TRUE;
*/
ULONG pid;
GetWindowThreadProcessId(hwnd, &pid);
QMultiMap<quint32, QString>& m_WindowMap = *((QMultiMap<quint32, QString>*)(lParam));
WCHAR title[256];
GetWindowTextW(hwnd, title, 256);
m_WindowMap.insert(pid, QString::fromWCharArray(title));
return TRUE;
}
void CSbiePlusAPI::UpdateWindowMap()
{
m_WindowMap.clear();
EnumWindows(CSbiePlusAPI__WindowEnum, (LPARAM)&m_WindowMap);
}
2021-06-13 17:11:04 +01:00
bool CSbiePlusAPI::IsRunningAsAdmin()
{
if (m_UserSid.left(9) != "S-1-5-21-")
return false;
if (m_UserSid.right(4) != "-500")
return false;
return true;
}
2020-06-18 16:44:29 +01:00
///////////////////////////////////////////////////////////////////////////////
2020-12-23 18:17:24 +00:00
// CSandBoxPlus
2020-06-18 16:44:29 +01:00
//
CSandBoxPlus::CSandBoxPlus(const QString& BoxName, class CSbieAPI* pAPI) : CSandBox(BoxName, pAPI)
{
m_bLogApiFound = false;
2020-07-04 11:07:36 +01:00
m_bINetBlocked = false;
m_bSharesAllowed = false;
m_bDropRights = false;
m_bSecurityRestricted = false;
m_iUnsecureDebugging = 0;
2020-11-28 16:20:56 +00:00
m_SuspendRecovery = false;
2021-08-22 20:20:22 +01:00
m_pOptionsWnd = NULL;
m_pRecoveryWnd = NULL;
2020-06-18 16:44:29 +01:00
}
CSandBoxPlus::~CSandBoxPlus()
{
}
void CSandBoxPlus::UpdateDetails()
{
2021-02-14 19:18:29 +00:00
//m_bLogApiFound = GetTextList("OpenPipePath", false).contains("\\Device\\NamedPipe\\LogAPI");
m_bLogApiFound = false;
QStringList InjectDlls = GetTextList("InjectDll", false);
foreach(const QString & InjectDll, InjectDlls)
{
if (InjectDll.contains("logapi", Qt::CaseInsensitive)) {
m_bLogApiFound = true;
break;
}
}
2020-07-04 11:07:36 +01:00
2020-11-03 15:45:04 +00:00
m_bINetBlocked = false;
2020-11-16 16:15:03 +00:00
foreach(const QString& Entry, GetTextList("ClosedFilePath", false))
2020-11-03 15:45:04 +00:00
{
if (Entry.contains("InternetAccessDevices")) {
m_bINetBlocked = true;
break;
}
}
2020-07-04 11:07:36 +01:00
m_bSharesAllowed = GetBool("BlockNetworkFiles", true) == false;
m_bDropRights = GetBool("DropAdminRights", false);
2020-06-18 16:44:29 +01:00
2021-07-23 08:44:35 +01:00
if (CheckUnsecureConfig())
2020-07-04 11:07:36 +01:00
m_iUnsecureDebugging = 1;
2021-02-21 14:32:20 +00:00
else if(GetBool("ExposeBoxedSystem", false) || GetBool("UnrestrictedSCM", false) /*|| GetBool("RunServicesAsSystem", false)*/)
2020-07-04 11:07:36 +01:00
m_iUnsecureDebugging = 2;
else
m_iUnsecureDebugging = 0;
2020-06-19 22:12:57 +01:00
2020-07-04 11:07:36 +01:00
//GetBool("SandboxieLogon", false)
2021-01-08 17:27:00 +00:00
m_bSecurityRestricted = m_iUnsecureDebugging == 0 && (GetBool("DropAdminRights", false));
2020-06-18 16:44:29 +01:00
CSandBox::UpdateDetails();
2020-07-04 11:07:36 +01:00
}
2020-11-28 16:20:56 +00:00
void CSandBoxPlus::CloseBox()
{
CSandBox::CloseBox();
m_SuspendRecovery = false;
}
2020-07-04 11:07:36 +01:00
QString CSandBoxPlus::GetStatusStr() const
{
2021-01-26 20:58:43 +00:00
if (!m_IsEnabled)
return tr("Disabled");
2020-07-04 11:07:36 +01:00
QStringList Status;
2021-02-14 19:18:29 +00:00
if (IsEmpty())
Status.append(tr("Empty"));
2020-07-04 11:07:36 +01:00
if (m_iUnsecureDebugging == 1)
Status.append(tr("NOT SECURE (Debug Config)"));
else if (m_iUnsecureDebugging == 2)
Status.append(tr("Reduced Isolation"));
else if(m_bSecurityRestricted)
Status.append(tr("Enhanced Isolation"));
if (m_bLogApiFound)
Status.append(tr("API Log"));
if (m_bINetBlocked)
Status.append(tr("No INet"));
if (m_bSharesAllowed)
Status.append(tr("Net Share"));
if (m_bDropRights)
Status.append(tr("No Admin"));
if (Status.isEmpty())
return tr("Normal");
return Status.join(", ");
}
2021-07-23 08:44:35 +01:00
bool CSandBoxPlus::CheckUnsecureConfig() const
2020-07-04 11:07:36 +01:00
{
2020-11-16 16:15:03 +00:00
if (GetBool("OriginalToken", false)) return true;
2020-07-04 11:07:36 +01:00
if (GetBool("OpenToken", false)) return true;
if(GetBool("UnrestrictedToken", false)) return true;
if (!GetBool("AnonymousLogon", true)) return true;
if (GetBool("KeepTokenIntegrity", false)) return true;
if(GetBool("UnfilteredToken", false)) return true;
2021-07-23 08:44:35 +01:00
if (GetBool("DisableFileFilter", false)) return true;
if (GetBool("DisableKeyFilter", false)) return true;
if (GetBool("StripSystemPrivileges", false)) return true;
2020-07-04 11:07:36 +01:00
return false;
}
void CSandBoxPlus::SetLogApi(bool bEnable)
{
if (bEnable)
{
2021-02-14 19:18:29 +00:00
//InsertText("OpenPipePath", "\\Device\\NamedPipe\\LogAPI");
2020-07-04 11:07:36 +01:00
InsertText("InjectDll", "\\LogAPI\\logapi32.dll");
InsertText("InjectDll64", "\\LogAPI\\logapi64.dll");
}
else
{
2021-02-14 19:18:29 +00:00
//DelValue("OpenPipePath", "\\Device\\NamedPipe\\LogAPI");
2020-07-04 11:07:36 +01:00
DelValue("InjectDll", "\\LogAPI\\logapi32.dll");
DelValue("InjectDll64", "\\LogAPI\\logapi64.dll");
}
2021-03-04 20:13:45 +00:00
m_bLogApiFound = bEnable;
2020-07-04 11:07:36 +01:00
}
void CSandBoxPlus::SetINetBlock(bool bEnable)
{
if (bEnable)
2020-11-03 15:45:04 +00:00
InsertText("ClosedFilePath", "!<InternetAccess>,InternetAccessDevices");
2020-07-04 11:07:36 +01:00
else
2020-11-16 16:15:03 +00:00
{
foreach(const QString& Entry, GetTextList("ClosedFilePath", false))
{
if (Entry.contains("InternetAccessDevices"))
DelValue("ClosedFilePath", Entry);
}
}
2020-07-04 11:07:36 +01:00
}
void CSandBoxPlus::SetAllowShares(bool bEnable)
{
2020-07-19 21:09:02 +01:00
SetBool("BlockNetworkFiles", !bEnable);
2020-07-04 11:07:36 +01:00
}
void CSandBoxPlus::SetDropRights(bool bEnable)
{
SetBool("DropAdminRights", bEnable);
}
2020-11-16 16:15:03 +00:00
QStringList::iterator FindInStrList(QStringList& list, const QString& str)
{
QStringList::iterator J = list.begin();
for (; J != list.end(); ++J)
{
if (J->compare(str, Qt::CaseInsensitive) == 0)
break;
}
return J;
}
void SetInStrList(QStringList& list, const QString& str, bool bSet)
{
if (bSet)
list.append(str);
else
{
for (QStringList::iterator J = list.begin(); J != list.end();)
{
if (J->compare(str, Qt::CaseInsensitive) == 0) {
J = list.erase(J);
continue;
}
++J;
}
}
}
2020-12-29 08:54:59 +00:00
bool CSandBoxPlus::TestProgramGroup(const QString& Group, const QString& ProgName)
{
QStringList ProcessGroups = GetTextList("ProcessGroup", false);
foreach(const QString & ProcessGroup, ProcessGroups)
{
StrPair GroupPaths = Split2(ProcessGroup, ",");
if (GroupPaths.first.compare(Group, Qt::CaseInsensitive) == 0)
{
QStringList Programs = SplitStr(GroupPaths.second, ",");
return FindInStrList(Programs, ProgName) != Programs.end();
}
}
return false;
}
void CSandBoxPlus::EditProgramGroup(const QString& Group, const QString& ProgName, bool bSet)
{
QStringList ProcessGroups = GetTextList("ProcessGroup", false);
QStringList Programs;
QStringList::iterator I = ProcessGroups.begin();
for (; I != ProcessGroups.end(); ++I)
{
StrPair GroupPaths = Split2(*I, ",");
if (GroupPaths.first.compare(Group, Qt::CaseInsensitive) == 0)
{
Programs = SplitStr(GroupPaths.second, ",");
break;
}
}
if (I == ProcessGroups.end())
I = ProcessGroups.insert(I, "");
SetInStrList(Programs, ProgName, bSet);
*I = Group + "," + Programs.join(",");
UpdateTextList("ProcessGroup", ProcessGroups, false);
}
2020-11-16 16:15:03 +00:00
void CSandBoxPlus::BlockProgram(const QString& ProgName)
{
bool WhiteList = false;
bool BlackList = false;
foreach(const QString& Entry, GetTextList("ClosedIpcPath", false))
{
StrPair ProgPath = Split2(Entry, ",");
if (ProgPath.second != "*")
continue;
if (ProgPath.first.compare("!<StartRunAccess>", Qt::CaseInsensitive) == 0)
WhiteList = true;
else if (ProgPath.first.compare("<StartRunAccess>", Qt::CaseInsensitive) == 0)
BlackList = true;
else
continue;
break;
}
if (!WhiteList && !BlackList)
{
BlackList = true;
InsertText("ClosedIpcPath", "<StartRunAccess>,*");
}
2020-12-29 08:54:59 +00:00
EditProgramGroup("<StartRunAccess>", ProgName, !WhiteList);
}
2020-11-16 16:15:03 +00:00
2020-12-29 08:54:59 +00:00
void CSandBoxPlus::SetInternetAccess(const QString& ProgName, bool bSet)
{
EditProgramGroup("<InternetAccess>", ProgName, bSet);
}
2020-11-16 16:15:03 +00:00
2020-12-29 08:54:59 +00:00
bool CSandBoxPlus::HasInternetAccess(const QString& ProgName)
{
return TestProgramGroup("<InternetAccess>", ProgName);
}
2020-11-16 16:15:03 +00:00
2020-12-29 08:54:59 +00:00
void CSandBoxPlus::SetForcedProgram(const QString& ProgName, bool bSet)
{
QStringList Programs = GetTextList("ForceProcess", false);
SetInStrList(Programs, ProgName, bSet);
UpdateTextList("ForceProcess", Programs, false);
}
2020-11-16 16:15:03 +00:00
2020-12-29 08:54:59 +00:00
bool CSandBoxPlus::IsForcedProgram(const QString& ProgName)
{
QStringList Programs = GetTextList("ForceProcess", false);
return FindInStrList(Programs, ProgName) != Programs.end();
2020-11-16 16:15:03 +00:00
}
void CSandBoxPlus::SetLingeringProgram(const QString& ProgName, bool bSet)
{
QStringList Programs = GetTextList("LingerProcess", false);
SetInStrList(Programs, ProgName, bSet);
UpdateTextList("LingerProcess", Programs, false);
}
int CSandBoxPlus::IsLingeringProgram(const QString& ProgName)
{
QStringList Programs = GetTextList("LingerProcess", false);
if (FindInStrList(Programs, ProgName) != Programs.end())
return 1;
Programs = GetTextList("LingerProcess", true);
if (FindInStrList(Programs, ProgName) != Programs.end())
return 2;
return 0;
}
void CSandBoxPlus::SetLeaderProgram(const QString& ProgName, bool bSet)
{
QStringList Programs = GetTextList("LeaderProcess", false);
SetInStrList(Programs, ProgName, bSet);
UpdateTextList("LeaderProcess", Programs, false);
}
int CSandBoxPlus::IsLeaderProgram(const QString& ProgName)
{
QStringList Programs = GetTextList("LeaderProcess", false);
return FindInStrList(Programs, ProgName) != Programs.end() ? 1 : 0;
}
2021-07-05 12:37:28 +01:00
CSandBoxPlus::EBoxTypes CSandBoxPlus::GetType() const
{
2021-07-10 09:42:39 +01:00
//if (m_bLogApiFound)
// return eHasLogApi;
2021-07-05 12:37:28 +01:00
if (m_iUnsecureDebugging != 0)
return eInsecure;
if (m_bSecurityRestricted)
return eHardened;
return eDefault;
}
2020-12-23 18:17:24 +00:00
///////////////////////////////////////////////////////////////////////////////
// CSbieProcess
//
2021-06-13 17:11:04 +01:00
QString CSbieProcess::ImageTypeToStr(quint32 type)
{
enum {
UNSPECIFIED = 0,
SANDBOXIE_RPCSS,
SANDBOXIE_DCOMLAUNCH,
SANDBOXIE_CRYPTO,
SANDBOXIE_WUAU,
SANDBOXIE_BITS,
SANDBOXIE_SBIESVC,
MSI_INSTALLER,
TRUSTED_INSTALLER,
WUAUCLT,
SHELL_EXPLORER,
INTERNET_EXPLORER,
MOZILLA_FIREFOX,
WINDOWS_MEDIA_PLAYER,
NULLSOFT_WINAMP,
PANDORA_KMPLAYER,
WINDOWS_LIVE_MAIL,
SERVICE_MODEL_REG,
RUNDLL32,
DLLHOST,
DLLHOST_WININET_CACHE,
WISPTIS,
GOOGLE_CHROME,
GOOGLE_UPDATE,
ACROBAT_READER,
OFFICE_OUTLOOK,
OFFICE_EXCEL,
FLASH_PLAYER_SANDBOX,
PLUGIN_CONTAINER,
OTHER_WEB_BROWSER,
OTHER_MAIL_CLIENT
};
switch (type)
{
case UNSPECIFIED: return tr("");
case SANDBOXIE_RPCSS: return tr("Sbie RpcSs");
case SANDBOXIE_DCOMLAUNCH: return tr("Sbie DcomLaunch");
case SANDBOXIE_CRYPTO: return tr("Sbie Crypto");
2021-07-18 20:14:38 +01:00
case SANDBOXIE_WUAU: return tr("Sbie WuauServ");
2021-06-13 17:11:04 +01:00
case SANDBOXIE_BITS: return tr("Sbie BITS");
case SANDBOXIE_SBIESVC: return tr("Sbie Svc");
case MSI_INSTALLER: return tr("MSI Installer");
2021-06-13 17:11:04 +01:00
case TRUSTED_INSTALLER: return tr("Trusted Installer");
case WUAUCLT: return tr("Windows Update");
case SHELL_EXPLORER: return tr("Windows Explorer");
case INTERNET_EXPLORER: return tr("Internet Explorer");
case MOZILLA_FIREFOX: return tr("Firefox");
2021-06-13 17:11:04 +01:00
case WINDOWS_MEDIA_PLAYER: return tr("Windows Media Player");
case NULLSOFT_WINAMP: return tr("Winamp");
2021-06-14 23:08:48 +01:00
case PANDORA_KMPLAYER: return tr("KMPlayer");
2021-06-13 17:11:04 +01:00
case WINDOWS_LIVE_MAIL: return tr("Windows Live Mail");
case SERVICE_MODEL_REG: return tr("Service Model Reg");
case RUNDLL32: return tr("RunDll32");
case DLLHOST: return tr("DllHost");
case DLLHOST_WININET_CACHE: return tr("DllHost");
case WISPTIS: return tr("Windows Ink Services");
case GOOGLE_CHROME: return tr("Chromium Based");
case GOOGLE_UPDATE: return tr("Google Updater");
case ACROBAT_READER: return tr("Acrobat Reader");
case OFFICE_OUTLOOK: return tr("MS Outlook");
case OFFICE_EXCEL: return tr("MS Excel");
case FLASH_PLAYER_SANDBOX: return tr("Flash Player");
case PLUGIN_CONTAINER: return tr("Firefox Plugin Container");
2021-06-13 17:11:04 +01:00
case OTHER_WEB_BROWSER: return tr("Generic Web Browser");
case OTHER_MAIL_CLIENT: return tr("Generic Mail Client");
default: return tr("");
}
}
2020-12-23 18:17:24 +00:00
QString CSbieProcess::GetStatusStr() const
{
2021-06-13 17:11:04 +01:00
QString Status;
2020-12-23 18:17:24 +00:00
if (m_uTerminated != 0)
2021-06-13 17:11:04 +01:00
Status = tr("Terminated");
//else if (m_bSuspended)
// Status = tr("Suspended");
else
Status = tr("Running");
2021-08-22 20:20:22 +01:00
if(m_SessionId != theAPI->GetSessionID())
Status += tr(" in session %1").arg(m_SessionId);
2021-06-13 17:11:04 +01:00
if (m_bIsWoW64)
Status += " *32";
quint32 ImageType = GetImageType();
if (ImageType != -1) {
QString Type = ImageTypeToStr(ImageType);
if(!Type.isEmpty())
Status += tr(" (%1)").arg(Type);
}
return Status;
2020-12-23 18:17:24 +00:00
}