1.8.2
This commit is contained in:
parent
15e5219f34
commit
11eae01335
|
@ -14,10 +14,16 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
- enabled app container compatibility in App Compartment mode
|
||||
-- Note: this should improve Microsoft Edge compatibility
|
||||
- added web browser compatybility tempalte wizard [#2761](https://github.com/sandboxie-plus/Sandboxie/issues/2761)
|
||||
- added a mechanism to dynamically detect chromium and firefox based browsers
|
||||
-- Note: the new mechanism can be disabled using 'DynamicImageDetection=program.exe,n'
|
||||
|
||||
### Changed
|
||||
- renamed 'DropAppContainerTokens=program.exe,n' to 'DropAppContainerToken=program.exe,n'
|
||||
- 'DropAppContainerToken=program.exe,y' can now be used in App Compartment boxes, however it is not recommended security-wise
|
||||
- the desktop security workaround used for Chrome, Firefox and Acrobat is now enabled by defualt, you cn disable it with "UseSbieDeskHack=n"
|
||||
-- Note: this shoudl allow electron apps to run without 'SpecialImages=chrome,program.exe'
|
||||
- disabled old token hacks, as with the new App Container Token handling these seam no longer be required
|
||||
-- Note: in case of issues with msedge, chrome, firefox or acrobat, they can be re enabled using 'DeprecatedTokenHacks=y'
|
||||
|
||||
### Fixed
|
||||
- issue with global settings ini section editing
|
||||
|
@ -26,6 +32,9 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
- recovery window: delete confirmation dialog is no longer shown when no file/folder is selected [#2771](https://github.com/sandboxie-plus/Sandboxie/pull/2771) (thanks Sapour)
|
||||
- fixed WeChat crash issue [#2772](https://github.com/sandboxie-plus/Sandboxie/pull/2772)
|
||||
|
||||
### Removed
|
||||
- removed obsolete workaround for maxthon.exe browser version 4
|
||||
|
||||
|
||||
|
||||
## [1.8.1 / 5.63.1] - 2023-03-12
|
||||
|
|
|
@ -240,7 +240,8 @@ _FX BOOLEAN AdvApi_Init(HMODULE module)
|
|||
// only hook SetSecurityInfo if this is Chrome. Outlook 2013 uses delayed loading and will cause infinite callbacks
|
||||
// Starting with Win 10, we only want to hook ntmarta!SetSecurityInfo. Do NOT hook advapi!SetSecurityInfo. Delay loading for advapi will cause infinite recursion.
|
||||
// Note: the infinite recursion issue has been resolved int 5.43
|
||||
if ((Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX) || (Dll_ImageType == DLL_IMAGE_ACROBAT_READER) || Config_GetSettingsForImageName_bool(L"UseSbieDeskHack", FALSE)) {
|
||||
if (Config_GetSettingsForImageName_bool(L"UseSbieDeskHack", TRUE)
|
||||
|| (Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX) || (Dll_ImageType == DLL_IMAGE_ACROBAT_READER)) {
|
||||
SetSecurityInfo = __sys_SetSecurityInfo;
|
||||
GetSecurityInfo = __sys_GetSecurityInfo;
|
||||
SBIEDLL_HOOK(AdvApi_, SetSecurityInfo);
|
||||
|
@ -533,7 +534,7 @@ _FX DWORD AdvApi_GetSecurityInfo(
|
|||
|
||||
if (rc && ObjectType == SE_WINDOW_OBJECT && SecurityInfo == DACL_SECURITY_INFORMATION) {
|
||||
__sys_EnumWindowStationsW = (P_EnumWindowStations)Ldr_GetProcAddrNew(L"User32.dll", L"EnumWindowStationsW", "EnumWindowStationsW");
|
||||
__sys_OpenWindowStationW = (P_OpenWindowStationW)Ldr_GetProcAddrNew(L"User32.dll", L"OpenWindowStationW", "OpenWindowStationW");
|
||||
__sys_OpenWindowStationW = (P_OpenWindowStationW)Ldr_GetProcAddrNew(L"User32.dll", L"OpenWindowStationW", "OpenWindowStationW"); // used by myEnumWindowStationProc
|
||||
if (!Sandboxie_WinSta) {
|
||||
if (__sys_EnumWindowStationsW) {
|
||||
rc = __sys_EnumWindowStationsW(myEnumWindowStationProc, 0);
|
||||
|
@ -701,7 +702,8 @@ _FX BOOLEAN Ntmarta_Init(HMODULE module)
|
|||
#define GETPROC2(x,s) __sys_Ntmarta_##x##s = (P_##x) Ldr_GetProcAddrNew(DllName_ntmarta, L#x L#s,#x #s);
|
||||
|
||||
GETPROC2(GetSecurityInfo, );
|
||||
if ((Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX) || (Dll_ImageType == DLL_IMAGE_ACROBAT_READER) || Config_GetSettingsForImageName_bool(L"UseSbieDeskHack", FALSE)) {
|
||||
if (Config_GetSettingsForImageName_bool(L"UseSbieDeskHack", TRUE)
|
||||
|| (Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX) || (Dll_ImageType == DLL_IMAGE_ACROBAT_READER)) {
|
||||
|
||||
GetSecurityInfo = __sys_Ntmarta_GetSecurityInfo;
|
||||
if (GetSecurityInfo)
|
||||
|
@ -755,7 +757,7 @@ _FX DWORD Ntmarta_GetSecurityInfo(
|
|||
|
||||
if (rc && ObjectType == SE_WINDOW_OBJECT && SecurityInfo == DACL_SECURITY_INFORMATION) {
|
||||
__sys_EnumWindowStationsW = (P_EnumWindowStations)Ldr_GetProcAddrNew(L"User32.dll", L"EnumWindowStationsW", "EnumWindowStationsW");
|
||||
__sys_OpenWindowStationW = (P_OpenWindowStationW)Ldr_GetProcAddrNew(L"User32.dll", L"OpenWindowStationW", "OpenWindowStationW");
|
||||
__sys_OpenWindowStationW = (P_OpenWindowStationW)Ldr_GetProcAddrNew(L"User32.dll", L"OpenWindowStationW", "OpenWindowStationW"); // used by myEnumWindowStationProc
|
||||
if (!Sandboxie_WinSta) {
|
||||
if (__sys_EnumWindowStationsW) {
|
||||
rc = __sys_EnumWindowStationsW(myEnumWindowStationProc, 0);
|
||||
|
|
|
@ -408,8 +408,9 @@ _FX BOOLEAN Crypt_Init(HMODULE module)
|
|||
CertGetCertificateChain =
|
||||
GetProcAddress(module, "CertGetCertificateChain");
|
||||
|
||||
// $Workaround$ - 3rd party fix
|
||||
if ((! CryptProtectData) && (Dll_OsBuild >= 8400)
|
||||
&& (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX)
|
||||
//&& (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX)
|
||||
&& GetModuleHandle(L"UMEngx86.dll")) {
|
||||
// on Windows 8 with Norton 360, and with the Norton toolbar
|
||||
// activated in Firefox, the GetProcAddress calls above fail,
|
||||
|
|
|
@ -289,6 +289,7 @@ extern BOOLEAN Dll_IsXtAjit;
|
|||
#endif
|
||||
extern BOOLEAN Dll_IsSystemSid;
|
||||
extern BOOLEAN Dll_InitComplete;
|
||||
extern BOOLEAN Dll_EntryComplete;
|
||||
extern BOOLEAN Dll_RestrictedToken;
|
||||
extern BOOLEAN Dll_AppContainerToken;
|
||||
extern BOOLEAN Dll_ChromeSandbox;
|
||||
|
|
|
@ -1186,6 +1186,10 @@ _FX void *SbieDll_Hook(
|
|||
// this way we can intercept also internal function calls within a dll
|
||||
// like CreateProcessInternalW when called from CreateProcessW
|
||||
//
|
||||
// Note: this mechanism is only available during initialization as
|
||||
// at the end of Dll_Ordinal1 we dispose of the syscall/inject data area
|
||||
// there fore any Nt function hooks must be set up from the get go
|
||||
//
|
||||
|
||||
extern ULONG* SbieApi_SyscallPtr;
|
||||
if (module == Dll_Ntdll && *(USHORT*)&SourceFuncName[0] == 'tN' && SbieApi_SyscallPtr) {
|
||||
|
@ -1209,8 +1213,8 @@ _FX void *SbieDll_Hook(
|
|||
else
|
||||
|
||||
//
|
||||
// if module is -1 than we comes from the api redirection in Scm_SecHostDll
|
||||
// as there we hook with other x64 code we use the regular x86 hook routime
|
||||
// if module is -1 than we come from the api redirection in Scm_SecHostDll
|
||||
// as there we hook with other x64 code we use the regular x86 hook routine
|
||||
//
|
||||
|
||||
if (module != (HMODULE)-1) {
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Copyright 2004-2020 Sandboxie Holdings, LLC
|
||||
* Copyright 2020-2022 David Xanatos, xanasoft.com
|
||||
* Copyright 2020-2023 David Xanatos, xanasoft.com
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
@ -98,6 +98,7 @@ BOOLEAN Dll_IsXtAjit = FALSE;
|
|||
#endif
|
||||
BOOLEAN Dll_IsSystemSid = FALSE;
|
||||
BOOLEAN Dll_InitComplete = FALSE;
|
||||
BOOLEAN Dll_EntryComplete = FALSE;
|
||||
BOOLEAN Dll_RestrictedToken = FALSE;
|
||||
BOOLEAN Dll_AppContainerToken = FALSE;
|
||||
BOOLEAN Dll_ChromeSandbox = FALSE;
|
||||
|
@ -596,6 +597,11 @@ _FX void Dll_InitExeEntry(void)
|
|||
//
|
||||
// once we return here the process images entrypoint will be called
|
||||
//
|
||||
|
||||
#ifdef WITH_DEBUG
|
||||
DbgTrace("Dll_InitExeEntry completed");
|
||||
#endif
|
||||
Dll_EntryComplete = TRUE;
|
||||
}
|
||||
|
||||
|
||||
|
@ -855,7 +861,7 @@ _FX ULONG_PTR Dll_Ordinal1(
|
|||
//
|
||||
HANDLE heventProcessStart = 0;
|
||||
|
||||
Dll_InitInjected(); // install required hooks
|
||||
Dll_InitInjected(); // install required hooks (Dll_InitInjected -> Ldr_Init -> Ldr_Inject_Init(FALSE))
|
||||
|
||||
//
|
||||
// notify RPCSS that a new process was created in the current sandbox
|
||||
|
@ -920,7 +926,7 @@ _FX ULONG_PTR Dll_Ordinal1(
|
|||
}
|
||||
else
|
||||
{
|
||||
Ldr_Inject_Init(bHostInject);
|
||||
Ldr_Inject_Init(TRUE);
|
||||
}
|
||||
|
||||
//
|
||||
|
|
|
@ -252,24 +252,15 @@ _FX BOOLEAN File_Init(void)
|
|||
// support for Google Chrome flash plugin process
|
||||
//
|
||||
|
||||
if (Dll_ChromeSandbox) {
|
||||
|
||||
void *GetVolumeInformationW =
|
||||
GetProcAddress(Dll_KernelBase ? Dll_KernelBase : Dll_Kernel32,
|
||||
"GetVolumeInformationW");
|
||||
|
||||
SBIEDLL_HOOK(File_,GetVolumeInformationW);
|
||||
}
|
||||
|
||||
|
||||
if (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX || Dll_ImageType == DLL_IMAGE_MOZILLA_THUNDERBIRD)
|
||||
{
|
||||
void *WriteProcessMemory =
|
||||
GetProcAddress(Dll_KernelBase ? Dll_KernelBase : Dll_Kernel32,
|
||||
"WriteProcessMemory");
|
||||
|
||||
SBIEDLL_HOOK(File_, WriteProcessMemory);
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
|
|
@ -467,7 +467,9 @@ _FX BOOL File_GetVolumeInformationW(
|
|||
// this hook, and automatically return TRUE in this special case.
|
||||
//
|
||||
|
||||
if (lpVolumeNameBuffer == NULL && nVolumeNameSize == 0 &&
|
||||
// $Workaround$ - 3rd party fix
|
||||
if (Dll_ChromeSandbox &&
|
||||
lpVolumeNameBuffer == NULL && nVolumeNameSize == 0 &&
|
||||
lpVolumeSerialNumber == NULL && lpMaximumComponentLength == NULL &&
|
||||
lpFileSystemFlags == NULL &&
|
||||
lpFileSystemNameBuffer == NULL && nFileSystemNameSize == 0) {
|
||||
|
@ -475,14 +477,13 @@ _FX BOOL File_GetVolumeInformationW(
|
|||
SetLastError(ERROR_SUCCESS);
|
||||
return TRUE;
|
||||
|
||||
} else {
|
||||
}
|
||||
|
||||
return __sys_GetVolumeInformationW(
|
||||
lpRootPathName, lpVolumeNameBuffer, nVolumeNameSize,
|
||||
lpVolumeSerialNumber, lpMaximumComponentLength,
|
||||
lpFileSystemFlags, lpFileSystemNameBuffer, nFileSystemNameSize);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
|
@ -521,7 +522,8 @@ BOOL File_WriteProcessMemory(
|
|||
// this function is only hooked when Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX
|
||||
//
|
||||
|
||||
if (lpBaseAddress && lpBaseAddress == GetProcAddress(Dll_Ntdll, "NtSetInformationThread"))
|
||||
if ((Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX || Dll_ImageType == DLL_IMAGE_MOZILLA_THUNDERBIRD) &&
|
||||
lpBaseAddress && lpBaseAddress == GetProcAddress(Dll_Ntdll, "NtSetInformationThread"))
|
||||
//if (RpcRt_TestCallingModule((ULONG_PTR)lpBaseAddress, (ULONG_PTR)Dll_Ntdll))
|
||||
{
|
||||
if (lpNumberOfBytesWritten)
|
||||
|
|
|
@ -191,22 +191,6 @@ _FX BOOLEAN Gui_InitClass(HMODULE module)
|
|||
}
|
||||
}
|
||||
|
||||
//
|
||||
// maxthon 4 locks up during startup if OpenWinClass=#
|
||||
// (i.e. Gui_RenameClasses==FALSE), but we can work around this
|
||||
// by forcing Gui_RenameClasses=TRUE in maxthon child processes
|
||||
//
|
||||
|
||||
// $Workaround$ - 3rd party fix
|
||||
if ((! Gui_OpenAllWinClasses) && (! Gui_RenameClasses)
|
||||
&& Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME
|
||||
&& _wcsicmp(Dll_ImageName, L"maxthon.exe") == 0) {
|
||||
|
||||
const WCHAR *cmd = GetCommandLine();
|
||||
if (wcsstr(cmd, L"-Run"))
|
||||
Gui_RenameClasses = TRUE;
|
||||
}
|
||||
|
||||
//
|
||||
// hook functions
|
||||
//
|
||||
|
|
|
@ -593,7 +593,7 @@ _FX HANDLE Gui_CreateWindowStationW (void *lpwinsta, DWORD dwFlags, ACCESS_MASK
|
|||
return myHandle;
|
||||
|
||||
extern HANDLE Sandboxie_WinSta;
|
||||
if(Sandboxie_WinSta && ((Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX) || Config_GetSettingsForImageName_bool(L"UseSbieWndStation", TRUE)))
|
||||
if(Sandboxie_WinSta && (Config_GetSettingsForImageName_bool(L"UseSbieWndStation", TRUE) || (Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX)))
|
||||
return Sandboxie_WinSta;
|
||||
|
||||
SbieApi_Log(2205, L"CreateWindowStation");
|
||||
|
@ -615,7 +615,7 @@ _FX HANDLE Gui_CreateWindowStationA (void *lpwinsta, DWORD dwFlags, ACCESS_MASK
|
|||
return myHandle;
|
||||
|
||||
extern HANDLE Sandboxie_WinSta;
|
||||
if(Sandboxie_WinSta && ((Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX) || Config_GetSettingsForImageName_bool(L"UseSbieWndStation", TRUE)))
|
||||
if(Sandboxie_WinSta && (Config_GetSettingsForImageName_bool(L"UseSbieWndStation", TRUE) || (Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX)))
|
||||
return Sandboxie_WinSta;
|
||||
|
||||
SbieApi_Log(2205, L"CreateWindowStation");
|
||||
|
@ -637,7 +637,8 @@ _FX HDESK Gui_CreateDesktopW(
|
|||
if (rc)
|
||||
return rc;
|
||||
|
||||
if ((Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX) || (Dll_ImageType == DLL_IMAGE_ACROBAT_READER) || Config_GetSettingsForImageName_bool(L"UseSbieDeskHack", FALSE))
|
||||
if (Config_GetSettingsForImageName_bool(L"UseSbieDeskHack", TRUE)
|
||||
|| (Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX) || (Dll_ImageType == DLL_IMAGE_ACROBAT_READER))
|
||||
{
|
||||
//Call the system CreateDesktopW without a security context.
|
||||
//This works in tandem with the Ntmarta_GetSecurityInfo hook (see in advapi.c).
|
||||
|
@ -647,7 +648,6 @@ _FX HDESK Gui_CreateDesktopW(
|
|||
//the sandboxie restricted token by dropping the security context. This won't
|
||||
//work without the GetSecurityInfo hook.
|
||||
rc = __sys_CreateDesktopW(lpszDesktop, NULL, NULL, dwFlags, dwDesiredAccess, NULL);
|
||||
//if (rc)
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
@ -671,10 +671,10 @@ _FX HDESK Gui_CreateDesktopA(
|
|||
if (rc)
|
||||
return rc;
|
||||
|
||||
if ((Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX) || (Dll_ImageType == DLL_IMAGE_ACROBAT_READER) || Config_GetSettingsForImageName_bool(L"UseSbieDeskHack", FALSE))
|
||||
if (Config_GetSettingsForImageName_bool(L"UseSbieDeskHack", TRUE)
|
||||
|| (Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX) || (Dll_ImageType == DLL_IMAGE_ACROBAT_READER))
|
||||
{
|
||||
rc = __sys_CreateDesktopA(lpszDesktop, NULL, NULL, dwFlags, dwDesiredAccess, NULL);
|
||||
//if (rc)
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
|
|
@ -1076,7 +1076,8 @@ _FX BOOLEAN Ipc_GetName_AdjustSplWow64Path(WCHAR *TruePath, BOOLEAN adj)
|
|||
|
||||
_FX NTSTATUS Ipc_GetName2(
|
||||
OBJECT_ATTRIBUTES *ObjectAttributes,
|
||||
WCHAR **OutTruePath, WCHAR **OutCopyPath)
|
||||
WCHAR **OutTruePath, WCHAR **OutCopyPath,
|
||||
const WCHAR* NtName)
|
||||
{
|
||||
NTSTATUS status;
|
||||
HANDLE RootDirectory;
|
||||
|
@ -1096,6 +1097,13 @@ _FX NTSTATUS Ipc_GetName2(
|
|||
status = Ipc_GetName(
|
||||
RootDirectory, ObjectName, OutTruePath, OutCopyPath, NULL);
|
||||
|
||||
if (NT_SUCCESS(status))
|
||||
{
|
||||
WCHAR msg[1024];
|
||||
Sbie_snwprintf(msg, 1024, L"%s: %s", NtName, *OutTruePath);
|
||||
SbieApi_MonitorPutMsg(MONITOR_IPC | MONITOR_TRACE, msg);
|
||||
}
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
|
@ -1260,7 +1268,7 @@ _FX NTSTATUS Ipc_NtCreatePort(
|
|||
// get the full paths for the true and copy objects
|
||||
//
|
||||
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath, L"CreatePort");
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
|
@ -1635,7 +1643,7 @@ _FX NTSTATUS Ipc_NtAlpcCreatePort(
|
|||
// get the full paths for the true and copy objects
|
||||
//
|
||||
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath, L"AlpcCreatePort");
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
|
@ -2446,7 +2454,7 @@ _FX NTSTATUS Ipc_NtCreateEvent(
|
|||
// get the full paths for the true and copy objects
|
||||
//
|
||||
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath, L"CreateEvent");
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
|
@ -2552,7 +2560,7 @@ _FX NTSTATUS Ipc_NtOpenEvent(
|
|||
// get the full paths for the true and copy objects
|
||||
//
|
||||
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath, L"OpenEvent");
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
|
@ -2673,7 +2681,7 @@ _FX NTSTATUS Ipc_NtCreateMutant(
|
|||
// get the full paths for the true and copy objects
|
||||
//
|
||||
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath, L"CreateMutant");
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
|
@ -2779,7 +2787,7 @@ _FX NTSTATUS Ipc_NtOpenMutant(
|
|||
// get the full paths for the true and copy objects
|
||||
//
|
||||
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath, L"OpenMutant");
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
|
@ -2901,7 +2909,7 @@ _FX NTSTATUS Ipc_NtCreateSemaphore(
|
|||
// get the full paths for the true and copy objects
|
||||
//
|
||||
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath, L"CreateSemaphore");
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
|
@ -3007,7 +3015,7 @@ _FX NTSTATUS Ipc_NtOpenSemaphore(
|
|||
// get the full paths for the true and copy objects
|
||||
//
|
||||
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath, L"OpenSemaphore");
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
|
@ -3141,7 +3149,7 @@ _FX NTSTATUS Ipc_NtCreateSection(
|
|||
// get the full paths for the true and copy objects
|
||||
//
|
||||
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath, L"CreateSection");
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
|
@ -3280,7 +3288,7 @@ _FX NTSTATUS Ipc_NtCreateSectionEx(
|
|||
// get the full paths for the true and copy objects
|
||||
//
|
||||
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath, L"CreateSectionEx");
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
|
@ -3386,7 +3394,7 @@ _FX NTSTATUS Ipc_NtOpenSection(
|
|||
// get the full paths for the true and copy objects
|
||||
//
|
||||
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath, L"OpenSection");
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
|
@ -3511,7 +3519,7 @@ _FX NTSTATUS Ipc_NtCreateSymbolicLinkObject(
|
|||
// get the full paths for the true and copy objects
|
||||
//
|
||||
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath, L"CreateSymbolicLinkObject");
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
|
@ -3617,7 +3625,7 @@ _FX NTSTATUS Ipc_NtOpenSymbolicLinkObject(
|
|||
// get the full paths for the true and copy objects
|
||||
//
|
||||
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath, L"OpenSymbolicLinkObject");
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
|
@ -3742,7 +3750,7 @@ _FX NTSTATUS Ipc_NtCreateDirectoryObject(
|
|||
// get the full paths for the true and copy objects
|
||||
//
|
||||
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath, L"CreateDirectoryObject");
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
|
@ -3858,7 +3866,7 @@ _FX NTSTATUS Ipc_NtCreateDirectoryObjectEx(
|
|||
// get the full paths for the true and copy objects
|
||||
//
|
||||
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath, L"CreateDirectoryObjectEx");
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
|
@ -3960,7 +3968,7 @@ _FX NTSTATUS Ipc_NtOpenDirectoryObject(
|
|||
// get the full paths for the true and copy objects
|
||||
//
|
||||
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath);
|
||||
status = Ipc_GetName2(ObjectAttributes, &TruePath, &CopyPath, L"OpenDirectoryObject");
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
|
@ -3995,7 +4003,7 @@ _FX NTSTATUS Ipc_NtOpenDirectoryObject(
|
|||
|
||||
status = __sys_NtOpenDirectoryObject(DirectoryHandle, DesiredAccess, &objattrs);
|
||||
|
||||
if (status == STATUS_OBJECT_PATH_NOT_FOUND || status == STATUS_OBJECT_NAME_NOT_FOUND) {
|
||||
if (status == STATUS_OBJECT_PATH_NOT_FOUND || status == STATUS_OBJECT_NAME_NOT_FOUND || status == STATUS_OBJECT_NAME_INVALID) {
|
||||
|
||||
//
|
||||
// if the directory does not exist in the sandbox try opening the original one
|
||||
|
|
|
@ -3567,6 +3567,7 @@ _FX NTSTATUS Key_NtQueryValueKey(
|
|||
__leave;
|
||||
}
|
||||
|
||||
// $Workaround$ - 3rd party fix
|
||||
if (Dll_ImageType == DLL_IMAGE_ACROBAT_READER ||
|
||||
Dll_ImageType == DLL_IMAGE_PLUGIN_CONTAINER ||
|
||||
Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME ||
|
||||
|
@ -3795,7 +3796,7 @@ _FX NTSTATUS Key_NtQueryValueKeyFakeForInternetExplorer(
|
|||
// Key_NtQueryValueKeyFakeForAcrobatReader
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
// $Workaround$ - 3rd party fix
|
||||
_FX NTSTATUS Key_NtQueryValueKeyFakeForAcrobatReader(
|
||||
const WCHAR *TruePath,
|
||||
const WCHAR *ValueNameBuf,
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/*
|
||||
* Copyright 2004-2020 Sandboxie Holdings, LLC
|
||||
* Copyright 2021-2023 David Xanatos, xanasoft.com
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
@ -39,7 +40,6 @@
|
|||
|
||||
typedef struct tagDLL {
|
||||
const WCHAR *nameW;
|
||||
const char *nameA;
|
||||
BOOLEAN(*init_func)(HMODULE);
|
||||
int state;
|
||||
} DLL;
|
||||
|
@ -179,69 +179,69 @@ static P_Ldr_CallOneDllCallback __my_Ldr_CallOneDllCallback = NULL;
|
|||
//---------------------------------------------------------------------------
|
||||
|
||||
static DLL Ldr_Dlls[] = {
|
||||
{ L"advapi32.dll", "advapi32.dll", AdvApi_Init, 0},
|
||||
{ L"crypt32.dll", "crypt32.dll", Crypt_Init, 0},
|
||||
{ L"ole32.dll", "ole32.dll", Ole_Init, 0}, // COM, OLE
|
||||
{ L"combase.dll", "combase.dll", Com_Init_ComBase, 0}, // COM
|
||||
{ L"rpcrt4.dll", "rpcrt4.dll", RpcRt_Init, 0}, // RPC, epmapper
|
||||
{ L"sechost.dll", "sechost.dll", Scm_SecHostDll, 0}, // SCM
|
||||
{ L"shell32.dll", "shell32.dll", SH32_Init, 0},
|
||||
{ L"shcore.dll", "shcore.dll", Taskbar_SHCore_Init, 0}, // win 8, [Get/Set]CurrentProcessExplicitAppUserModelID
|
||||
{ L"wtsapi32.dll", "wtsapi32.dll", Terminal_Init_WtsApi, 0},
|
||||
{ L"winsta.dll", "winsta.dll", Terminal_Init_WinSta, 0},
|
||||
{ L"MsCorEE.dll", "MsCorEE.dll", MsCorEE_Init, 0}, // .net framework
|
||||
{ L"win32u.dll", "win32u.dll", Win32_Init, 0},
|
||||
{ L"user32.dll", "user32.dll", Gui_Init, 0},
|
||||
{ L"imm32.dll", "imm32.dll", Gui_Init_IMM32, 0},
|
||||
{ L"gdi32.dll", "gdi32.dll", Gdi_Init, 0},
|
||||
{ L"gdi32full.dll", "gdi32full.dll", Gdi_Full_Init, 0},
|
||||
{ L"d3d9.dll", "d3d9.dll", Gui_Init_D3D9, 0},
|
||||
{ L"sxs.dll", "sxs.dll", Sxs_Init, 0}, // add message to SxsInstallW
|
||||
{ L"ws2_32.dll", "ws2_32.dll", WSA_Init, 0}, // network restrictions
|
||||
{ L"iphlpapi.dll", "iphlpapi.dll", IpHlp_Init, 0}, // ping support
|
||||
{ L"msi.dll", "msi.dll", Scm_MsiDll, 0}, // msi installer
|
||||
{ L"secur32.dll", "secur32.dll", Lsa_Init_Secur32, 0}, // xp, vista - LsaRegisterLogonProcess
|
||||
{ L"sspicli.dll", "sspicli.dll", Lsa_Init_SspiCli, 0}, // win 7 - LsaRegisterLogonProcess
|
||||
{ L"netapi32.dll", "netapi32.dll", NetApi_Init, 0}, // xp, vista - NetUseAdd
|
||||
{ L"wkscli.dll", "wkscli.dll", NetApi_Init_WksCli, 0}, // win 7 - NetUseAdd
|
||||
{ L"pstorec.dll", "pstorec.dll", Pst_Init, 0}, // Protected Storage
|
||||
{ L"winspool.drv", "winspool.drv", Gdi_Init_Spool, 0}, // print spooler workaround for 32 bit
|
||||
{ L"advapi32.dll", AdvApi_Init, 0},
|
||||
{ L"crypt32.dll", Crypt_Init, 0},
|
||||
{ L"ole32.dll", Ole_Init, 0}, // COM, OLE
|
||||
{ L"combase.dll", Com_Init_ComBase, 0}, // COM
|
||||
{ L"rpcrt4.dll", RpcRt_Init, 0}, // RPC, epmapper
|
||||
{ L"sechost.dll", Scm_SecHostDll, 0}, // SCM
|
||||
{ L"shell32.dll", SH32_Init, 0},
|
||||
{ L"shcore.dll", Taskbar_SHCore_Init, 0}, // win 8, [Get/Set]CurrentProcessExplicitAppUserModelID
|
||||
{ L"wtsapi32.dll", Terminal_Init_WtsApi, 0},
|
||||
{ L"winsta.dll", Terminal_Init_WinSta, 0},
|
||||
{ L"MsCorEE.dll", MsCorEE_Init, 0}, // .net framework
|
||||
{ L"win32u.dll", Win32_Init, 0},
|
||||
{ L"user32.dll", Gui_Init, 0},
|
||||
{ L"imm32.dll", Gui_Init_IMM32, 0},
|
||||
{ L"gdi32.dll", Gdi_Init, 0},
|
||||
{ L"gdi32full.dll", Gdi_Full_Init, 0},
|
||||
{ L"d3d9.dll", Gui_Init_D3D9, 0},
|
||||
{ L"sxs.dll", Sxs_Init, 0}, // add message to SxsInstallW
|
||||
{ L"ws2_32.dll", WSA_Init, 0}, // network restrictions
|
||||
{ L"iphlpapi.dll", IpHlp_Init, 0}, // ping support
|
||||
{ L"msi.dll", Scm_MsiDll, 0}, // msi installer
|
||||
{ L"secur32.dll", Lsa_Init_Secur32, 0}, // xp, vista - LsaRegisterLogonProcess
|
||||
{ L"sspicli.dll", Lsa_Init_SspiCli, 0}, // win 7 - LsaRegisterLogonProcess
|
||||
{ L"netapi32.dll", NetApi_Init, 0}, // xp, vista - NetUseAdd
|
||||
{ L"wkscli.dll", NetApi_Init_WksCli, 0}, // win 7 - NetUseAdd
|
||||
{ L"pstorec.dll", Pst_Init, 0}, // Protected Storage
|
||||
{ L"winspool.drv", Gdi_Init_Spool, 0}, // print spooler workaround for 32 bit
|
||||
// Disabled functionality:
|
||||
{ L"userenv.dll", "userenv.dll", UserEnv_Init, 0}, // disable some GPO stuff
|
||||
{ L"sfc_os.dll", "sfc_os.dll", Sfc_Init, 0}, // disable SFC
|
||||
{ L"Pdh.dll", "Pdh.dll", Pdh_Init, 0}, // disable Performance Counters
|
||||
{ L"wevtapi.dll", "wevtapi.dll", EvtApi_Init, 0}, // disable EvtIntAssertConfig
|
||||
{ L"cfgmgr32.dll", "cfgmgr32.dll", Setup_Init_CfgMgr32, 0}, // CM_Add_Driver_PackageW
|
||||
{ L"userenv.dll", UserEnv_Init, 0}, // disable some GPO stuff
|
||||
{ L"sfc_os.dll", Sfc_Init, 0}, // disable SFC
|
||||
{ L"Pdh.dll", Pdh_Init, 0}, // disable Performance Counters
|
||||
{ L"wevtapi.dll", EvtApi_Init, 0}, // disable EvtIntAssertConfig
|
||||
{ L"cfgmgr32.dll", Setup_Init_CfgMgr32, 0}, // CM_Add_Driver_PackageW
|
||||
// Workarounds:
|
||||
{ L"setupapi.dll", "setupapi.dll", Setup_Init_SetupApi, 0}, // VerifyCatalogFile
|
||||
{ L"zipfldr.dll", "zipfldr.dll", SH32_Init_ZipFldr, 0},
|
||||
{ L"uxtheme.dll", "uxtheme.dll", SH32_Init_UxTheme, 0}, // explorere.exe, SetWindowThemeAttribute
|
||||
{ L"hnetcfg.dll", "hnetcfg.dll", HNet_Init, 0}, // firewall workaround
|
||||
{ L"winnsi.dll", "winnsi.dll", NsiRpc_Init, 0}, // WININET workaround
|
||||
{ L"advpack.dll", "advpack.dll", Proc_Init_AdvPack, 0}, // fix for IE
|
||||
{ L"dwrite.dll", "dwrite.dll", Scm_DWriteDll, 0}, // hack for IE 9, make sure FontCache is running
|
||||
{ L"ComDlg32.dll", "ComDlg32.dll", ComDlg32_Init, 0}, // fix for opera.exe
|
||||
{ L"ntmarta.dll", "ntmarta.dll", Ntmarta_Init, 0}, // workaround for chrome and acrobat reader
|
||||
{ L"setupapi.dll", Setup_Init_SetupApi, 0}, // VerifyCatalogFile
|
||||
{ L"zipfldr.dll", SH32_Init_ZipFldr, 0},
|
||||
{ L"uxtheme.dll", SH32_Init_UxTheme, 0}, // explorere.exe, SetWindowThemeAttribute
|
||||
{ L"hnetcfg.dll", HNet_Init, 0}, // firewall workaround
|
||||
{ L"winnsi.dll", NsiRpc_Init, 0}, // WININET workaround
|
||||
{ L"advpack.dll", Proc_Init_AdvPack, 0}, // fix for IE
|
||||
{ L"dwrite.dll", Scm_DWriteDll, 0}, // hack for IE 9, make sure FontCache is running
|
||||
{ L"ComDlg32.dll", ComDlg32_Init, 0}, // fix for opera.exe
|
||||
{ L"ntmarta.dll", Ntmarta_Init, 0}, // workaround for chrome and acrobat reader
|
||||
// Non Windows DLLs:
|
||||
{ L"osppc.dll", "osppc.dll", Scm_OsppcDll, 0}, // ensure osppsvc is running
|
||||
{ L"mso.dll", "mso.dll", File_MsoDll, 0}, // hack for File_IsRecoverable
|
||||
{ L"agcore.dll", "agcore.dll", Custom_SilverlightAgCore, 0}, // msft silverlight - deprecated
|
||||
{ L"osppc.dll", Scm_OsppcDll, 0}, // ensure osppsvc is running
|
||||
{ L"mso.dll", File_MsoDll, 0}, // hack for File_IsRecoverable
|
||||
{ L"agcore.dll", Custom_SilverlightAgCore, 0}, // msft silverlight - deprecated
|
||||
|
||||
// $Workaround$ - 3rd party fix
|
||||
#ifndef _M_ARM64
|
||||
// Non Microsoft DLLs:
|
||||
{ L"acscmonitor.dll", "acscmonitor.dll", Acscmonitor_Init, 0},
|
||||
{ L"IDMIECC.dll", "IDMIECC.dll", Custom_InternetDownloadManager, 0},
|
||||
{ L"snxhk.dll", "snxhk.dll", Custom_Avast_SnxHk, 0},
|
||||
{ L"snxhk64.dll", "snxhk64.dll", Custom_Avast_SnxHk, 0},
|
||||
{ L"sysfer.dll", "sysfer.dll", Custom_SYSFER_DLL, 0},
|
||||
{ L"acscmonitor.dll", Acscmonitor_Init, 0},
|
||||
{ L"IDMIECC.dll", Custom_InternetDownloadManager, 0},
|
||||
{ L"snxhk.dll", Custom_Avast_SnxHk, 0},
|
||||
{ L"snxhk64.dll", Custom_Avast_SnxHk, 0},
|
||||
{ L"sysfer.dll", Custom_SYSFER_DLL, 0},
|
||||
#endif
|
||||
#ifdef _WIN64
|
||||
{ L"dgapi64.dll", "dgapi64.dll", DigitalGuardian_Init, 0},
|
||||
{ L"dgapi64.dll", DigitalGuardian_Init, 0},
|
||||
#else
|
||||
{ L"dgapi.dll", "dgapi.dll", DigitalGuardian_Init, 0},
|
||||
{ L"dgapi.dll", DigitalGuardian_Init, 0},
|
||||
#endif _WIN64
|
||||
{ NULL, NULL , NULL, 0}
|
||||
{ NULL, NULL, 0}
|
||||
};
|
||||
|
||||
static ULONG_PTR *Ldr_Callbacks = 0;
|
||||
|
@ -251,6 +251,8 @@ static void *Ldr_LoadedModules = NULL;
|
|||
static void *LdrLoaderCookie = NULL;
|
||||
static volatile BOOLEAN Ldr_LdrLoadDll_Invoked = FALSE;
|
||||
|
||||
static BOOLEAN Ldr_DynamicImageDetection = FALSE;
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
#include "ldr_init.c"
|
||||
|
@ -431,6 +433,8 @@ _FX BOOLEAN Ldr_Init()
|
|||
// hook entrypoints
|
||||
//
|
||||
|
||||
Ldr_DynamicImageDetection = Config_GetSettingsForImageName_bool(L"DynamicImageDetection", TRUE);
|
||||
|
||||
if (Dll_OsBuild >= 9600) { // Windows 8.1 and later
|
||||
NTSTATUS rc = 0;
|
||||
|
||||
|
@ -1015,35 +1019,81 @@ _FX ULONG_PTR Ldr_NtApphelpCacheControl(
|
|||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Ldr_DetectImageType
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
BOOL Ldr_CheckFirefoxDll(const WCHAR* dll_path)
|
||||
{
|
||||
//_wcsicmp(dll_path, L"xul.dll") == 0;
|
||||
return _wcsicmp(dll_path, L"mozglue.dll") == 0;
|
||||
}
|
||||
|
||||
BOOL Ldr_CheckChromeDll(const WCHAR* dll_path)
|
||||
{
|
||||
if (_wcsicmp(dll_path, L"chrome_elf.dll") == 0)
|
||||
return TRUE;
|
||||
|
||||
//
|
||||
// Some chromium based browsers like msedge or vivaldi rename the dll
|
||||
// from chrome_elf.dll to msedge_elf.dll
|
||||
//
|
||||
|
||||
SIZE_T dll_len = wcslen(dll_path);
|
||||
SIZE_T exe_len = wcslen(Dll_ImageName);
|
||||
if ((dll_len - 8) == (exe_len - 4))
|
||||
return _wcsnicmp(Dll_ImageName, dll_path, exe_len - 4) == 0;
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
_FX void Ldr_DetectImageType(const CHAR *ImageName)
|
||||
{
|
||||
//
|
||||
// Electron apps can have arbitrary names, but need to be threated like the crome browser
|
||||
// hence we try to detect them by the DLL names thay load during runtime
|
||||
//
|
||||
|
||||
if (Ldr_DynamicImageDetection && Dll_ImageType == DLL_IMAGE_UNSPECIFIED) // && !Dll_EntryComplete
|
||||
{
|
||||
if (Ldr_CheckFirefoxDll(ImageName)) {
|
||||
Dll_ImageType = DLL_IMAGE_MOZILLA_FIREFOX;
|
||||
}
|
||||
else if (Ldr_CheckChromeDll(ImageName)) {
|
||||
Dll_ImageType = DLL_IMAGE_GOOGLE_CHROME;
|
||||
}
|
||||
|
||||
if (Dll_ImageType != DLL_IMAGE_UNSPECIFIED) {
|
||||
|
||||
WCHAR msg[128];
|
||||
Sbie_snwprintf(msg, 128, L"Detected web browser image");
|
||||
SbieApi_MonitorPutMsg(MONITOR_IMAGE | MONITOR_TRACE, msg);
|
||||
|
||||
SbieApi_QueryProcessInfoEx(0, 'spit', Dll_ImageType);
|
||||
|
||||
if (Dll_RestrictedToken || Dll_AppContainerToken) {
|
||||
|
||||
Dll_ChromeSandbox = TRUE;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Ldr_MyDllCallbacks (A,W,New)
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX void Ldr_MyDllCallbackA(const CHAR *ImageName, HMODULE ImageBase, BOOL LoadState)
|
||||
_FX void Ldr_MyDllCallbackA(const CHAR *ImageName, HMODULE ImageBase, BOOL LoadState) // Windows Vista, 7, 8.0
|
||||
{
|
||||
//
|
||||
// invoke our sub-modules as necessary
|
||||
//
|
||||
WCHAR ImageNameW[128];
|
||||
Sbie_snwprintf(ImageNameW, ARRAYSIZE(ImageNameW), L"%S", ImageName);
|
||||
|
||||
DLL *dll = Ldr_Dlls;
|
||||
while (dll->nameA) {
|
||||
if (_stricmp(ImageName, dll->nameA) == 0 && (dll->state & 2) == 0) {
|
||||
if (LoadState) {
|
||||
BOOLEAN ok = dll->init_func(ImageBase);
|
||||
if (!ok)
|
||||
SbieApi_Log(2318, dll->nameW);
|
||||
}
|
||||
else {
|
||||
SbieDll_UnHookModule(ImageBase);
|
||||
}
|
||||
break;
|
||||
}
|
||||
++dll;
|
||||
}
|
||||
Ldr_MyDllCallbackW(ImageNameW, ImageBase, LoadState);
|
||||
}
|
||||
|
||||
_FX void Ldr_MyDllCallbackW(const WCHAR *ImageName, HMODULE ImageBase, BOOL LoadState)
|
||||
_FX void Ldr_MyDllCallbackW(const WCHAR *ImageName, HMODULE ImageBase, BOOL LoadState) // Windows XP
|
||||
{
|
||||
//
|
||||
// invoke our sub-modules as necessary
|
||||
|
@ -1064,16 +1114,19 @@ _FX void Ldr_MyDllCallbackW(const WCHAR *ImageName, HMODULE ImageBase, BOOL Load
|
|||
|
||||
++dll;
|
||||
}
|
||||
|
||||
if (LoadState)
|
||||
Ldr_DetectImageType(ImageName);
|
||||
}
|
||||
|
||||
|
||||
_FX void Ldr_MyDllCallbackNew(const WCHAR *ImageName, HMODULE ImageBase, BOOL LoadState)
|
||||
_FX void Ldr_MyDllCallbackNew(const WCHAR *ImageName, HMODULE ImageBase, BOOL LoadState) // Windows 8.1 and later
|
||||
{
|
||||
//
|
||||
// invoke our sub-modules as necessary
|
||||
//
|
||||
DLL *dll = Ldr_Dlls;
|
||||
|
||||
DLL *dll = Ldr_Dlls;
|
||||
while (dll->nameW) {
|
||||
BOOLEAN ok;
|
||||
if (_wcsicmp(ImageName, dll->nameW) == 0 && (dll->state & 2) == 0) {
|
||||
|
@ -1099,6 +1152,9 @@ _FX void Ldr_MyDllCallbackNew(const WCHAR *ImageName, HMODULE ImageBase, BOOL Lo
|
|||
}
|
||||
++dll;
|
||||
}
|
||||
|
||||
if (LoadState)
|
||||
Ldr_DetectImageType(ImageName);
|
||||
}
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Copyright 2004-2020 Sandboxie Holdings, LLC
|
||||
* Copyright 2020 David Xanatos, xanasoft.com
|
||||
* Copyright 2020-2023 David Xanatos, xanasoft.com
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
|
|
@ -869,6 +869,8 @@ _FX BOOL Proc_CreateProcessInternalW(
|
|||
}
|
||||
}
|
||||
|
||||
if(Config_GetSettingsForImageName_bool(L"DeprecatedTokenHacks", FALSE)) // with drop container token, etc this should be obsolete
|
||||
{
|
||||
//
|
||||
// hack: recent versions of Flash Player use the Chrome sandbox
|
||||
// architecture which conflicts with our restricted process model
|
||||
|
@ -901,7 +903,7 @@ _FX BOOL Proc_CreateProcessInternalW(
|
|||
&& wcsstr(lpCommandLine, L"--service-sandbox-type")
|
||||
)
|
||||
hToken = NULL;
|
||||
|
||||
}
|
||||
|
||||
//
|
||||
// use a copy path for the current directory
|
||||
|
|
|
@ -418,10 +418,8 @@ _FX BOOLEAN Secure_Init(void)
|
|||
SBIEDLL_HOOK(Ldr_, NtQueryInformationToken);
|
||||
|
||||
if (Dll_OsBuild >= 9600) { // Windows 8.1 and later
|
||||
if (DLL_IMAGE_GOOGLE_CHROME == Dll_ImageType) {
|
||||
SBIEDLL_HOOK(Ldr_, NtOpenThreadToken);
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// check if this is an Internet Explorer 8 tab process
|
||||
|
@ -1187,7 +1185,7 @@ BOOL Ldr_NtOpenThreadToken(HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAs
|
|||
BOOL rc;
|
||||
|
||||
rc = __sys_NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle);
|
||||
if (rc == STATUS_ACCESS_DENIED && OpenAsSelf) {
|
||||
if (DLL_IMAGE_GOOGLE_CHROME == Dll_ImageType && rc == STATUS_ACCESS_DENIED && OpenAsSelf) {
|
||||
rc = __sys_NtOpenThreadToken(ThreadHandle, DesiredAccess, 0, TokenHandle);
|
||||
}
|
||||
return rc;
|
||||
|
|
|
@ -3223,6 +3223,40 @@ The process match level has a higher priority than the specificity and describes
|
|||
<layout class="QGridLayout" name="gridLayout_63">
|
||||
<item row="0" column="0">
|
||||
<layout class="QGridLayout" name="gridLayout_62">
|
||||
<item row="7" column="1">
|
||||
<spacer name="horizontalSpacer_12">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Horizontal</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>40</width>
|
||||
<height>20</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="2" column="1">
|
||||
<widget class="QCheckBox" name="chkElevateCreateProcessFix">
|
||||
<property name="text">
|
||||
<string>Apply ElevateCreateProcess Workaround (legacy behaviour)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="1" column="1">
|
||||
<widget class="QCheckBox" name="chkPreferExternalManifest">
|
||||
<property name="text">
|
||||
<string>Force usage of custom dummy Manifest files (legacy behaviour)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="5" column="1">
|
||||
<widget class="QCheckBox" name="chkUseSbieWndStation">
|
||||
<property name="text">
|
||||
<string>Emulate sandboxed window station for all processes</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="0" column="0">
|
||||
<widget class="QLabel" name="lblCompatibility">
|
||||
<property name="font">
|
||||
|
@ -3244,14 +3278,7 @@ The process match level has a higher priority than the specificity and describes
|
|||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="1" column="1">
|
||||
<widget class="QCheckBox" name="chkPreferExternalManifest">
|
||||
<property name="text">
|
||||
<string>Force usage of custom dummy Manifest files (legacy behaviour)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="6" column="0">
|
||||
<item row="7" column="0">
|
||||
<spacer name="verticalSpacer_28">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Vertical</enum>
|
||||
|
@ -3264,37 +3291,17 @@ The process match level has a higher priority than the specificity and describes
|
|||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="4" column="1">
|
||||
<widget class="QCheckBox" name="chkUseSbieWndStation">
|
||||
<property name="text">
|
||||
<string>Emulate sandboxed window station for all processes</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="6" column="1">
|
||||
<spacer name="horizontalSpacer_12">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Horizontal</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>40</width>
|
||||
<height>20</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="5" column="1">
|
||||
<widget class="QCheckBox" name="chkComTimeout">
|
||||
<property name="text">
|
||||
<string>Disable the use of RpcMgmtSetComTimeout by default (this may resolve compatibility issues)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="2" column="1">
|
||||
<widget class="QCheckBox" name="chkElevateCreateProcessFix">
|
||||
<item row="4" column="1">
|
||||
<widget class="QCheckBox" name="chkUseSbieDeskHack">
|
||||
<property name="text">
|
||||
<string>Apply ElevateCreateProcess Workaround (legacy behaviour)</string>
|
||||
<string>Use sandbocie desktop object workaround for all processes</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
|
|
|
@ -14,6 +14,7 @@ void COptionsWindow::CreateAdvanced()
|
|||
connect(ui.chkElevateCreateProcessFix, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
|
||||
connect(ui.chkNoWindowRename, SIGNAL(clicked(bool)), this, SLOT(OnNoWindowRename()));
|
||||
connect(ui.chkNestedJobs, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
|
||||
connect(ui.chkUseSbieDeskHack, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
|
||||
connect(ui.chkUseSbieWndStation, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
|
||||
|
||||
connect(ui.chkAddToJob, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
|
||||
|
@ -44,8 +45,8 @@ void COptionsWindow::CreateAdvanced()
|
|||
m_AdvOptions.insert("ExternalManifestHack", SAdvOption{eSpec, QStringList() << "y" << "n", tr("Enable special inconsistent PreferExternalManifest behaviour, as needed for some Edge fixes")});
|
||||
m_AdvOptions.insert("RpcMgmtSetComTimeout", SAdvOption{eSpec, QStringList() << "n" << "y", tr("Set RpcMgmtSetComTimeout usage for specific processes")});
|
||||
m_AdvOptions.insert("CopyBlockDenyWrite", SAdvOption{eSpec, QStringList() << "y" << "n", tr("Makes a write open call to a file that won't be copied fail instead of turning it read-only.")});
|
||||
m_AdvOptions.insert("UseSbieDeskHack", SAdvOption{eSpec, QStringList() << "y" << "n", tr("")});
|
||||
m_AdvOptions.insert("UseSbieWndStation", SAdvOption{eSpec, QStringList() << "n" << "y", tr("")});
|
||||
m_AdvOptions.insert("UseSbieDeskHack", SAdvOption{eOnlySpec, QStringList() << "n" << "y", tr("")});
|
||||
m_AdvOptions.insert("UseSbieWndStation", SAdvOption{eOnlySpec, QStringList() << "n" << "y", tr("")});
|
||||
m_AdvOptions.insert("FakeAdminRights", SAdvOption{eOnlySpec, QStringList() << "y" << "n", tr("Make specified processes think they have admin permissions.")});
|
||||
m_AdvOptions.insert("WaitForDebugger", SAdvOption{eOnlySpec, QStringList() << "y" << "n", tr("Force specified processes to wait for a debugger to attach.")});
|
||||
m_AdvOptions.insert("BoxNameTitle", SAdvOption{eOnlySpec, QStringList() << "y" << "n" << "-", tr("")});
|
||||
|
@ -110,6 +111,7 @@ void COptionsWindow::LoadAdvanced()
|
|||
ui.chkElevateCreateProcessFix->setChecked(m_pBox->GetBool("ApplyElevateCreateProcessFix", false));
|
||||
|
||||
ui.chkNestedJobs->setChecked(m_pBox->GetBool("AllowBoxedJobs", false));
|
||||
ui.chkUseSbieDeskHack->setChecked(m_pBox->GetBool("UseSbieDeskHack", true));
|
||||
ui.chkUseSbieWndStation->setChecked(m_pBox->GetBool("UseSbieWndStation", true));
|
||||
|
||||
ui.chkAddToJob->setChecked(!m_pBox->GetBool("NoAddProcessToJob", false));
|
||||
|
@ -247,6 +249,7 @@ void COptionsWindow::SaveAdvanced()
|
|||
WriteAdvancedCheck(ui.chkPreferExternalManifest, "PreferExternalManifest", "y", "");
|
||||
WriteAdvancedCheck(ui.chkElevateCreateProcessFix, "ApplyElevateCreateProcessFix", "y", "");
|
||||
|
||||
WriteAdvancedCheck(ui.chkUseSbieDeskHack, "UseSbieDeskHack", "", "n");
|
||||
WriteAdvancedCheck(ui.chkUseSbieWndStation, "UseSbieWndStation", "", "n");
|
||||
|
||||
WriteAdvancedCheck(ui.chkAddToJob, "NoAddProcessToJob", "", "y");
|
||||
|
|
Loading…
Reference in New Issue