mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

1.9.4

This commit is contained in:
DavidXanatos 2023-05-21 15:26:56 +02:00
parent 4dc3c5e506
commit 0bccdce86b
1 changed files with 33 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
Sandboxie/core/drv/thread.c
View File

@ -1138,6 +1138,36 @@ finish:
}
//---------------------------------------------------------------------------
// Thread_IsProtectedProcess
//---------------------------------------------------------------------------
NTKERNELAPI BOOLEAN NTAPI PsIsProtectedProcess(_In_ PEPROCESS Process);
_FX BOOLEAN Thread_IsProtectedProcess(HANDLE pid)
{
PEPROCESS ProcessObject;
NTSTATUS status;
BOOLEAN ret = FALSE;
//
// Check if this process is a protected process,
// as protected processes are integral windows processes or trusted antimalware services
// we allow such processes to access even confidential sandboxed programs.
//
status = PsLookupProcessByProcessId(pid, &ProcessObject);
if (NT_SUCCESS(status)) {
ret = PsIsProtectedProcess(ProcessObject);
ObDereferenceObject(ProcessObject);
}
return ret;
}
//---------------------------------------------------------------------------
// Thread_CheckObject_CommonEx
//---------------------------------------------------------------------------
@ -1204,13 +1234,14 @@ _FX ACCESS_MASK Thread_CheckObject_CommonEx(
if (protect_process /*&& MyIsProcessRunningAsSystemAccount(cur_pid)*/) {
if ((_wcsicmp(nptr, SBIESVC_EXE) == 0) || (_wcsicmp(nptr, L"csrss.exe") == 0)
|| (_wcsicmp(nptr, L"conhost.exe") == 0)
|| (_wcsicmp(nptr, L"taskmgr.exe") == 0) || (_wcsicmp(nptr, L"sandman.exe") == 0))
|| (_wcsicmp(nptr, L"taskmgr.exe") == 0) || (_wcsicmp(nptr, L"sandman.exe") == 0)
|| Thread_IsProtectedProcess(cur_pid))
protect_process = FALSE;
}
if (protect_process) {
if (Conf_Get_Boolean(NULL, L"NotifyBoxProtected", 0, TRUE)) {
if (Conf_Get_Boolean(proc2->box->name, L"NotifyBoxProtected", 0, FALSE)) {
//WCHAR msg_str[256];
//RtlStringCbPrintfW(msg_str, sizeof(msg_str), L"Protect boxed processes %s (%d) from %s (%d) requesting 0x%08X", proc2->image_name, (ULONG)pid, nptr, (ULONG)cur_pid, DesiredAccess);