mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

Merge pull request #3918 from sandboxie-plus/test_x 

exp update
This commit is contained in:
DavidXanatos 2024-05-20 10:16:05 +02:00 committed by GitHub
parent c0458d1555 b577cb6d12
commit 2c29585e5c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
130 changed files with 25372 additions and 12140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
CHANGELOG.md
View File

@ -5,6 +5,39 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.14.? / 5.??.?] - 2024-05-??
### Added
- Add UI for CoverWindows in NewBoxWizard.
- Add UI option to start unsandboxed process but force child processes in SelectBoxWindow.
- Add option "AlertBeforeStart".When it is set,a prompt pops up before launching a new program into the sandbox using "Start.exe" and checks if the program that started "Start.exe" is a Sandboxie component itself,if it is not, a warning pops up.
## [1.14.0 / 5.69.0] - 2024-05-17
### Added
- Add option to limit the memory of sandboxed process and the number of process in single sandbox through job object. (thanks Yeyixiao)
- Use "TotalMemoryLimit"(Number,limit whole sandbox) and "ProcessMemoryLimit"(Number,limit single process) to set memory limit.
- Use "ProcessNumberLimit"(Number) to set process number limit.
- Add ability to modified sandboxed process logic speed (reduced fixed latency, modified single-player speed, etc.) (thanks Yeyixiao)
- Use "UseChangeSpeed=y" to open this feature,use "AddTickSpeed"/"AddSleepSpeed"/"AddTimerSpeed"/"LowTickSpeed"/"LowSleepSpeed"/"LowTimerSpeed"(Number) to set.
- When set "AddSleepSpeed=0",all Sleep funcation call will be skip.
- Added /fcp /force_children commandline option to start.exe it allows to start a program unsandboxed but have all its children sandboxed
- added ability to fore sandboxed processes to use a pre defined socks 5 proxy
- added ability to intercept DNS queries such that thay can be log and/or redirected
- added support for SOCKS5 proxy authentication based on RFC1928 (thanks Deezzir)
- added Test Dialog UI for SOCKS5 proxy (thanks Deezzir)
- added ability to automatically removes template references that begin with “Template_Temp_” in the sandbox.
### Changed
- validated compatybility with windows build 26217 and updated dyn data
### Fixed
- fixed an issue with an early batch of Large Supporter certificates
## [1.13.7 / 5.68.7] - 2024-05-01
### Added
@ -14,7 +47,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- improved checkboxes about DropAdminRights in SandMan [#3851](https://github.com/sandboxie-plus/Sandboxie/pull/3851) (thanks offhub)
### Fixed
- Issue with symbolic linking of files [#3852](https://github.com/sandboxie-plus/Sandboxie/issues/3852)
- fixed symbolic linking of files [#3852](https://github.com/sandboxie-plus/Sandboxie/issues/3852)
- fixed issue with start agent option [#3844](https://github.com/sandboxie-plus/Sandboxie/pull/3844) (thanks offhub)
- fixed issue with Delete V2 introduced in 1.13.5
@ -24,14 +57,14 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.13.6 / 5.68.6] - 2024-04-21
### Added
- added "BlockInterferenceControl=y" option to prevent sandboxed processes from forcing windows on top and moving the mounse pointer (thanks Yeyixiao)
- Note: this option may cause issues in games hence do not enable it for gaming boxes
- added "BlockInterferenceControl=y" option to prevent sandboxed processes from forcing windows on top and moving the mouse pointer (thanks Yeyixiao)
- Note: this option may cause issues in games hence it's not recommended for gaming boxes
- added support for hard links [#3826](https://github.com/sandboxie-plus/Sandboxie/issues/3826)
- added mechanism to terminate stuck sandboxed processes from the driver
- added Make the trigger list editable [#3742](https://github.com/sandboxie-plus/Sandboxie/issues/3742)
- added Optionally extend the screenshot protection to the UI [#3739](https://github.com/sandboxie-plus/Sandboxie/issues/3739)
- added editable trigger list [#3742](https://github.com/sandboxie-plus/Sandboxie/issues/3742)
- added optional extension of the screenshot protection to the UI [#3739](https://github.com/sandboxie-plus/Sandboxie/issues/3739)
- added a button to edit local/custom templates [#3738](https://github.com/sandboxie-plus/Sandboxie/issues/3738)
- added Permanently Re-sizable or Larger "Run Sandboxed" Window [#3697](https://github.com/sandboxie-plus/Sandboxie/issues/3697)
- added adjustable resizing of the "Run Sandboxed" window [#3697](https://github.com/sandboxie-plus/Sandboxie/issues/3697)
- added Notepad++ template [#3836](https://github.com/sandboxie-plus/Sandboxie/pull/3836)
### Changed
@ -41,10 +74,10 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- "IsProtectScreen=>" -> "CoverBoxedWindows=y"
### Fixed
- fixed When I change the BlockDNS and BlockPorts options, the Apply button is not activated [#3807](https://github.com/sandboxie-plus/Sandboxie/issues/3807)
- fixed troubleshooting wizard broke with new Qt [#3810](https://github.com/sandboxie-plus/Sandboxie/discussions/3810)
- fixed Settings dialog now showing the right ram disk letter
- fixed issues with updater broke with new Qt due to missing SSL support [#3810](https://github.com/sandboxie-plus/Sandboxie/discussions/3810)
- fixed inactive apply button when changing BlockDNS or BlockPorts options [#3807](https://github.com/sandboxie-plus/Sandboxie/issues/3807)
- fixed troubleshooting wizard breaking with new Qt [#3810](https://github.com/sandboxie-plus/Sandboxie/discussions/3810)
- fixed Settings dialog now showing the correct RAM drive letter
- fixed broken updater due to missing SSL support in the latest Qt build [#3810](https://github.com/sandboxie-plus/Sandboxie/discussions/3810)
- fixed Enabling "DropAdminRights/FakeAdminRights" adds "BlockInterferePower and ForceProtectionOnMount" to the INI [#3825](https://github.com/sandboxie-plus/Sandboxie/issues/3825)
- fixed KeePass "Out of Memory" crash due to "BlockScreenCapture=y" [#3768](https://github.com/sandboxie-plus/Sandboxie/issues/3768)
- fixed Sandboxie 1.13.4 with IsBlockCapture=y not working on Windows 7 [#3769](https://github.com/sandboxie-plus/Sandboxie/issues/3769)
@ -84,15 +117,15 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- it can be enabled with "IsBlockCapture=y"
- see the sandbox option "Prevent sandboxed processes from using public methods to capture window images" in SandMan UI
- added "LingerExemptWnds=n" to make the lingering process monitor mechanism no longer exempt lingering processes with windows from termination
- Added option 'SharedTemplate' to Box Wizard [#3737](https://github.com/sandboxie-plus/Sandboxie/pull/3737) (thanks offhub)
- Added an option to force the protection of an encrypted sandbox to be enabled. [#3736](https://github.com/sandboxie-plus/Sandboxie/pull/3736) (thanks Yeyixiao)
- Added a menu and button/icon to suspend all processes [#3741] (https://github.com/sandboxie-plus/Sandboxie/issues/3741)
- added option 'SharedTemplate' to Box Wizard [#3737](https://github.com/sandboxie-plus/Sandboxie/pull/3737) (thanks offhub)
- added an option to force the protection of an encrypted sandbox to be enabled [#3736](https://github.com/sandboxie-plus/Sandboxie/pull/3736) (thanks Yeyixiao)
- added a menu and button/icon to suspend all processes [#3741] (https://github.com/sandboxie-plus/Sandboxie/issues/3741)
### Changed
- option "LingerLeniency=n" now also disabled the 5 sec grace period for freshly started lingerers [#1892](https://github.com/sandboxie-plus/Sandboxie/issues/1892)
- option "LingerLeniency=n" now also disabled the 5 second grace period for freshly started lingerers [#1892](https://github.com/sandboxie-plus/Sandboxie/issues/1892)
### Fixed
- fixed issue with symlinks related to startmenu folders
- fixed issue with symlinks related to start menu folders
@ -164,7 +197,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- reworked SCM hooking to improve Windows 10 compatibility
- reworked offset dependent handling of undocumented Windows kernel objects
- the required offsets can be now updated independently from the driver
- the DynData blob is digitally signed, when in testsigning mode the signature is however ignored
- the DynData blob is digitally signed, when in test signing mode the signature is however ignored
- when Sandboxie encounters a yet unsupported kernel build, token based isolation is disabled to prevent system instability
- this safety mechanism is disabled on systems participating in the Windows Insider program
- for systems in the Insider program, the latest known offsets are tried
@ -392,18 +425,18 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Fixed
- fixed subscription certificate recognition issue
- fixed logo cut-off in the About window [#3249](https://github.com/sandboxie-plus/Sandboxie/issues/3249)
- fixed issue with file recovery when using ramdisk [d82b62e](https://github.com/sandboxie-plus/Sandboxie/commit/d82b62ee78d865e21005b9b81dfa9dac9f524b90)
- fixed issue with file recovery when using a RAM drive [d82b62e](https://github.com/sandboxie-plus/Sandboxie/commit/d82b62ee78d865e21005b9b81dfa9dac9f524b90)
## [1.11.1 / 5.66.1] - 2023-08-31
### Added
- added 'RamDiskLetter=R:\' option allowing to mount the ramdisk root to a drive letter [938e0a8](https://github.com/sandboxie-plus/Sandboxie/commit/938e0a8c8d88e3780ece674c6702654d0b4e6ddc)
- added 'RamDiskLetter=R:\' option allowing to mount the RAM drive root to a drive letter [938e0a8](https://github.com/sandboxie-plus/Sandboxie/commit/938e0a8c8d88e3780ece674c6702654d0b4e6ddc)
### Changed
- changed the new option layout to be the default for non-vintage views (can be changed back in the settings) [94c3f5e](https://github.com/sandboxie-plus/Sandboxie/commit/94c3f5e35bf9e7c993557f2c9d4e6e5129e9d1df)
### Fixed
- fixed issue when re-creating a rambox junction [2542351](https://github.com/sandboxie-plus/Sandboxie/commit/254235136fa8b74ad147f03b646d4015208c14be)
- fixed issue when re-creating a RAM sandbox junction [2542351](https://github.com/sandboxie-plus/Sandboxie/commit/254235136fa8b74ad147f03b646d4015208c14be)
- fixed Sandboxie logo scaling in the setup wizards [#3227](https://github.com/sandboxie-plus/Sandboxie/issues/3227)
- fixed text cut-off in box creation wizard [#3226](https://github.com/sandboxie-plus/Sandboxie/issues/3226)
- fixed Windows 7 compatibility issue with ImBox.exe [1f0b2b7](https://github.com/sandboxie-plus/Sandboxie/commit/1f0b2b71ba47436252fd55eece2c3624085b46dc)
@ -417,7 +450,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.11.0 / 5.66.0] - 2023-08-25
### Added
- added ImDisk driver, allowing to create boxes residing in a ramdisk
- added ImDisk driver, allowing to create boxes residing in a RAM drive
- added Encrypted Sandbox support; this creates confidential boxes that do not leak data to the host PC
- using the ImDisk driver and a new ImBox component featuring the cryptographic implementation from [DiskCryptor](https://diskcryptor.org/) the sandbox root folder is stored in an encrypted container file
- using the SbieDrv to prevent processes not belonging to the sandbox from accessing an encrypted sandbox's root folder
@ -493,7 +526,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- fixed UGlobalHotkey library not being compatible with Qt6
### Removed
- removed hardcoded support for LogApiDll
- removed hardcoded support for LogAPI library
- use the Add-On Manager and DLL injection settings
@ -540,7 +573,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- added box scripting engine to make SandMan more flexible
- added scriptable troubleshooting wizard [#1875](https://github.com/sandboxie-plus/Sandboxie/issues/1875)
- added Add-On Manager which helps to install additional and third-party components, available add-ons:
- [ImDisk Toolkit](https://sourceforge.net/projects/imdisk-toolkit/) - used to create RAM Disks and other virtual drives
- [ImDisk Toolkit](https://sourceforge.net/projects/imdisk-toolkit/) - used to create RAM drives and other virtual drives
- [V4 Script Debugger](https://github.com/DavidXanatos/NeoScriptTools) - used to debug troubleshooting scripts
- [Microsoft Debug Help Library](https://learn.microsoft.com/en-us/windows/win32/debug/debug-help-library) - used for the stack trace feature introduced in 1.9.6
- [signcheck.exe](https://learn.microsoft.com/en-us/sysinternals/downloads/sigcheck) - used to scan files on VirusTotal before recovering them
@ -781,7 +814,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Fixed
- fixed issue with the new SBIE2307 message being triggered on media removal
- excluded some old token hacks (for Firefox) from being disabled
- long-standing ping issue with compartment type boxes [#1608](https://github.com/sandboxie-plus/Sandboxie/issues/1608)
- fixed long-standing ping issue with compartment type boxes [#1608](https://github.com/sandboxie-plus/Sandboxie/issues/1608)
@ -1153,7 +1186,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.5.0 / 5.60.0] - 2022-10-19
### Added
- Added support for Windows on ARM64 [#1321](https://github.com/sandboxie-plus/Sandboxie/issues/1321) [#645](https://github.com/sandboxie-plus/Sandboxie/issues/645)
- added support for Windows on ARM64 [#1321](https://github.com/sandboxie-plus/Sandboxie/issues/1321) [#645](https://github.com/sandboxie-plus/Sandboxie/issues/645)
- ported SbieDrv for ARM64
- ported low-level injection mechanism for ARM64/ARM64EC
- ported syscall hooks for ARM64/ARM64EC
@ -1253,8 +1286,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.3.4 / 5.58.4] - 2022-09-19
### Added
- Added NoRenameWinClass to the Plus UI
- Added Windows.UI.* to the list of hardcoded well-known classes to resolve issues with WinUI apps [#2109](https://github.com/sandboxie-plus/Sandboxie/issues/2109)
- added NoRenameWinClass to the Plus UI
- added Windows.UI.* to the list of hardcoded well-known classes to resolve issues with WinUI apps [#2109](https://github.com/sandboxie-plus/Sandboxie/issues/2109)
### Changed
- NoRenameWinClass now supports wildcards
@ -1882,7 +1915,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- fixed possible upgrade issue with Classic installer (by isaak654) [130c43a](https://github.com/sandboxie-plus/Sandboxie/commit/130c43a62c9778b734fa625bf4f46b12d0701719)
- fixed minor issues with Classic installer (by sredna) [#1533](https://github.com/sandboxie-plus/Sandboxie/pull/1533)
- fixed issue with Ldr_FixImagePath_2 [#1507](https://github.com/sandboxie-plus/Sandboxie/issues/1507)
- when using "Run Sandboxed" with SandMan UI and the UI is off, it will stay off.
- when using "Run Sandboxed" with SandMan UI and the UI is off, it will stay off
- fixed issue with Util_GetProcessPidByName that should resolve the driver sometimes failing to start at boot [#1451](https://github.com/sandboxie-plus/Sandboxie/issues/1451)
- SandMan will now run in background like SbieCtrl when starting a boxed process [post506](https://forum.xanasoft.com/viewtopic.php?p=506#p506)
- fixed taskbar not showing with persistent box border in full screen [post474](https://forum.xanasoft.com/viewtopic.php?p=474#p474)
@ -2438,14 +2471,14 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [0.8.9 / 5.50.9] - 2021-07-28 HotFix 2
### Fixed
Fixed issue with registering session leader
- fixed issue with registering session leader
## [0.8.9 / 5.50.9] - 2021-07-28 HotFix 1
### Fixed
Fixed issue with Windows 7
- fixed issue with Windows 7
@ -2776,7 +2809,7 @@ Fixed issue with Windows 7
- improved RPC debugging
- improved IPC handling around RpcMgmtSetComTimeout; "RpcMgmtSetComTimeout=n" is now the default behaviour
- required exceptions have been hard-coded for specific calling DLLs
- the LogApi dll is now using Sbie's tracing facility to log events instead of its own pipe server
- the LogAPI library is now using Sandboxie's tracing facility to log events instead of its own pipe server
### Fixed
- FIXED SECURITY ISSUE ID-11: elevated sandboxed processes could access volumes/disks for reading (thanks hg421)
@ -3245,8 +3278,7 @@ Fixed issue with Windows 7
### Changed
- SbieCtrl no longer auto-shows the tutorial on first start
- when hooking to the trampoline, the migrated section of the original function is no longer noped out
- it caused issues with Unity games
- when hooking to the trampoline, the migrated section of the original function is no longer noped out due to causing issues with Unity games
### Fixed
- fixed colour issue with vertical tabs in dark mode
@ -3283,7 +3315,7 @@ Fixed issue with Windows 7
- fixed issues with the new box settings editor
### Removed
- removes deprecated workaround in the hooking mechanism for an obsolete anti-malware product
- removed deprecated workaround in the hooking mechanism for an obsolete anti-malware product
@ -3320,13 +3352,13 @@ Fixed issue with Windows 7
- added finder to resource log
- added option "HideHostProcess=program.exe" to hide unsandboxed host processes
- Note: Sbie hides by default processes from other boxes, this behaviour can now be controlled with "HideOtherBoxes=n"
- Sandboxed RpcSs and DcomLaunch can now be run as system with the option "ProtectRpcSs=y" however this breaks the sandboxed Windows Explorer and others
- Built-in Clsid whitelist can now be disabled with "OpenDefaultClsid=n"
- Processes can be now terminated with the del key, and require a confirmation
- sandboxed RpcSs and DcomLaunch can now be run as system with the option "ProtectRpcSs=y" however this breaks the sandboxed Windows Explorer and others
- built-in Clsid whitelist can now be disabled with "OpenDefaultClsid=n"
- processes can be now terminated with the del key, and require a confirmation
- added sandboxed window border display to SandMan.exe
- added notification for Sbie log messages
- added Sandbox Presets submenu to quickly change some settings
- Enable/Disable API logging; logapi_dlls are now distributed with SbiePlus
- Enable/Disable API logging; LogAPI DLLs are now distributed with Sandboxie Plus
- Drop admin rights
- Block/Allow internet access
- Block/Allow access to files on the network
@ -3362,8 +3394,8 @@ Fixed issue with Windows 7
- improved debugging around process creation errors in the driver
### Fixed
- fixed some log messages going lost after driver reload
- found a workable fix for the MSI installer issue, see Proc_CreateProcessInternalW_RS5
- fixed log messages getting lost after driver reload
- fixed MSI installer issue, see Proc_CreateProcessInternalW_RS5
@ -3376,7 +3408,7 @@ Fixed issue with Windows 7
- added progress window for async operations that take time
- added DPI awareness [#56](https://github.com/sandboxie-plus/Sandboxie/issues/56)
- the driver file is now obfuscated to avoid false positives
- additional debug options to Sandboxie.ini OpenToken=y that combines UnrestrictedToken=y and UnfilteredToken=y
- additional debug option for Sandboxie.ini named OpenToken=y which combines UnrestrictedToken=y and UnfilteredToken=y
- Note: using these options weakens the sandboxing, they are intended for debugging and may be used for better application virtualization later
### Changed
@ -3385,8 +3417,8 @@ Fixed issue with Windows 7
### Fixed
- IniWatcher did not work in portable mode
- service path fix broke other services, now properly fixed, maybe
- found workaround for the MSI installer issue
- service path fix broke other services
- workaround for the MSI installer issue
@ -3414,7 +3446,7 @@ Fixed issue with Windows 7
### Added
- created a new Qt-based UI named SandMan (Sandboxie Manager)
- Resource Monitor now shows the PID
- added basic API call log using updated BSA LogApiDll
- added basic API call log using updated BSA LogAPI library
### Changed
- reworked Resource Monitor to work with multiple event consumers
@ -3425,8 +3457,8 @@ Fixed issue with Windows 7
## [5.40.1] - 2020-04-10
### Added
- "Other" type for the Resource Access Monitor
- added call to StartService to the logged Resources
- added the new "Other" type for the Resource Access Monitor
- added call to StartService to the logged Resources
### Fixed
- fixed "Windows Installer Service could not be accessed" that got introduced with Windows 1903

1
README.md
View File

@ -44,6 +44,7 @@ Sandboxie Plus has a modern Qt-based UI, which supports all new features that ha
* An Add-on manager to extend or add functionality via additional components
* Protections of sandboxes against the host, including the prevention of taking screenshots
* A trigger system to perform actions, when a sandbox goes through different stages, like initialization, box start, termination or file recovery
* Make a process not sandboxed, but its child processes sandboxed
More features can be spotted by finding the sign `=` through the shortcut key Ctrl+F in the [CHANGELOG.md](./CHANGELOG.md) file.

94
Sandboxie/apps/start/start.cpp
View File

@ -28,6 +28,9 @@
#include "core/svc/SbieIniWire.h"
#include "common/my_version.h"
#include "msgs/msgs.h"
#include "core/drv/api_defs.h"
#include <psapi.h>
#include <Shlwapi.h>
//---------------------------------------------------------------------------
@ -88,6 +91,7 @@ BOOL execute_auto_run = FALSE;
BOOL execute_open_with = FALSE;
BOOL run_elevated_2 = FALSE;
BOOL disable_force_on_this_program = FALSE;
BOOL force_children_on_this_program = FALSE;
BOOL auto_select_default_box = FALSE;
WCHAR *StartMenuSectionName = NULL;
BOOL run_silent = FALSE;
@ -716,6 +720,17 @@ BOOL Parse_Command_Line(void)
disable_force_on_this_program = TRUE;
//
// Command line switch /force_children or /fcp
//
} else if (_wcsnicmp(cmd, L"force_children", 14) == 0 ||
_wcsnicmp(cmd, L"fcp", 3) == 0) {
cmd = Eat_String(cmd);
force_children_on_this_program = TRUE;
//
// Command line switch /hide_window
//
@ -1193,7 +1208,7 @@ int Program_Start(void)
shExecInfo.cbSize = sizeof(SHELLEXECUTEINFO);
shExecInfo.fMask = SEE_MASK_FLAG_NO_UI | SEE_MASK_DOENVSUBST
| SEE_MASK_FLAG_DDEWAIT | SEE_MASK_NOZONECHECKS;
if (wait_for_process || keep_alive)
if (wait_for_process || keep_alive || force_children_on_this_program)
shExecInfo.fMask |= SEE_MASK_NOCLOSEPROCESS;
shExecInfo.hwnd = NULL;
shExecInfo.lpVerb = NULL;
@ -1337,6 +1352,8 @@ int Program_Start(void)
if (ok && (wait_for_process || keep_alive))
hNewProcess = shExecInfo.hProcess;
else if(ok && force_children_on_this_program)
pi.dwProcessId = GetProcessId(shExecInfo.hProcess);
if (! ok) {
@ -1364,9 +1381,16 @@ int Program_Start(void)
// we know for sure that SandboxieRpcSs has opened it
//
if (ok && (! disable_force_on_this_program)) {
if (ok) {
SbieDll_StartCOM(FALSE);
if (force_children_on_this_program) {
SbieApi_Call(API_FORCE_CHILDREN, 2, pi.dwProcessId, BoxName);
} else if (!disable_force_on_this_program) {
SbieDll_StartCOM(FALSE);
}
}
//
@ -1395,7 +1419,9 @@ int Program_Start(void)
}
}
} else if (GetModuleHandle(L"protect.dll")) {
}
// $Workaround$ - 3rd party fix
else if (GetModuleHandle(L"protect.dll")) {
//
// hack for FortKnox firewall -- keep Start.exe around for a few
@ -1636,6 +1662,44 @@ void StartAllAutoRunEntries()
}
//---------------------------------------------------------------------------
// GetParentPIDAndName
//---------------------------------------------------------------------------
extern "C" WINBASEAPI BOOL WINAPI QueryFullProcessImageNameW(HANDLE hProcess, DWORD dwFlags, LPWSTR lpExeName, PDWORD lpdwSize);
DWORD GetParentPIDAndName(DWORD ProcessID, LPTSTR lpszBuffer_Parent_Name)
{
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, ProcessID);
if (!ProcessID)
return 0;
PROCESS_BASIC_INFORMATION pbi;
NTSTATUS status = NtQueryInformationProcess(hProcess, ProcessBasicInformation, (LPVOID)&pbi, sizeof(pbi), NULL);
DWORD dwParentID = 0;
if (NT_SUCCESS(status)) {
dwParentID = (DWORD)pbi.InheritedFromUniqueProcessId;
if (NULL != lpszBuffer_Parent_Name) {
HANDLE hParentProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, dwParentID);
if (hParentProcess) {
DWORD dwSize;
BOOL ret = QueryFullProcessImageNameW(hParentProcess, 0, lpszBuffer_Parent_Name, &dwSize);
CloseHandle(hParentProcess);
}
}
}
CloseHandle(hProcess);
return dwParentID;
}
//---------------------------------------------------------------------------
// RestartInSandbox
//---------------------------------------------------------------------------
@ -1696,6 +1760,25 @@ ULONG RestartInSandbox(void)
SbieApi_GetHomePath(NULL, 0, dir, 1020);
//
//
//
if (SbieApi_QueryConfBool(BoxName, L"AlertBeforeStart", FALSE)) {
WCHAR parent_image[1020] = L"";
GetParentPIDAndName(GetCurrentProcessId(), parent_image);
WCHAR* text = SbieDll_FormatMessage1(MSG_3198, BoxName);
if (MessageBoxW(NULL, text, Sandboxie_Start_Title, MB_YESNO) == IDNO)
return EXIT_FAILURE;
if (_wcsnicmp(parent_image, dir, wcslen(dir)) != 0) {
if (MessageBoxW(NULL, SbieDll_FormatMessage0(3199), Sandboxie_Start_Title, MB_YESNO) == IDNO)
return EXIT_FAILURE;
}
}
//
//
//
@ -1833,8 +1916,9 @@ int __stdcall WinMainCRTStartup(
ULONG NewState = DISABLE_JUST_THIS_PROCESS;
SbieApi_DisableForceProcess(&NewState, NULL);
return die(Program_Start());
}
if (disable_force_on_this_program || force_children_on_this_program)
return die(Program_Start());
}
return die(RestartInSandbox());

4
Sandboxie/common/my_version.h
View File

@ -25,8 +25,8 @@
#define STR(X) STR2(X)
#define VERSION_MJR 5
#define VERSION_MIN 68
#define VERSION_REV 7
#define VERSION_MIN 69
#define VERSION_REV 0
#define VERSION_UPD 0
#if VERSION_UPD > 0

61
Sandboxie/common/my_wsa.h
View File

@ -1,5 +1,5 @@
/*
* Copyright 2021 DavidXanatos, xanasoft.com
* Copyright 2021-2024 DavidXanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -53,6 +53,53 @@
#define IPPROTO_ANY 256
#define SD_RECEIVE 0x00
#define SD_SEND 0x01
#define SD_BOTH 0x02
#define SOCKS_SUCCESS 0
#define SOCKS_GENERAL_FAILURE 1
#define MSG_WAITALL 0x8 /* do not complete until packet is completely filled */
#define FIONBIO 0x8004667e
/*
* WinSock 2 extension -- bit values and indices for FD_XXX network events
*/
#define FD_READ_BIT 0
#define FD_READ (1 << FD_READ_BIT)
#define FD_WRITE_BIT 1
#define FD_WRITE (1 << FD_WRITE_BIT)
#define FD_OOB_BIT 2
#define FD_OOB (1 << FD_OOB_BIT)
#define FD_ACCEPT_BIT 3
#define FD_ACCEPT (1 << FD_ACCEPT_BIT)
#define FD_CONNECT_BIT 4
#define FD_CONNECT (1 << FD_CONNECT_BIT)
#define FD_CLOSE_BIT 5
#define FD_CLOSE (1 << FD_CLOSE_BIT)
#define FD_QOS_BIT 6
#define FD_QOS (1 << FD_QOS_BIT)
#define FD_GROUP_QOS_BIT 7
#define FD_GROUP_QOS (1 << FD_GROUP_QOS_BIT)
#define FD_ROUTING_INTERFACE_CHANGE_BIT 8
#define FD_ROUTING_INTERFACE_CHANGE (1 << FD_ROUTING_INTERFACE_CHANGE_BIT)
#define FD_ADDRESS_LIST_CHANGE_BIT 9
#define FD_ADDRESS_LIST_CHANGE (1 << FD_ADDRESS_LIST_CHANGE_BIT)
#define FD_MAX_EVENTS 10
#define FD_ALL_EVENTS ((1 << FD_MAX_EVENTS) - 1)
//---------------------------------------------------------------------------
// Structures and Types
@ -81,6 +128,13 @@ typedef struct {
};
} SCOPE_ID, *PSCOPE_ID;
typedef struct sockaddr {
ADDRESS_FAMILY sa_family; // Address family.
CHAR sa_data[14]; // Up to 14 bytes of direct address.
} SOCKADDR, *PSOCKADDR, FAR *LPSOCKADDR;
typedef struct sockaddr_in {
ADDRESS_FAMILY sin_family;
@ -109,6 +163,11 @@ typedef struct sockaddr_un {
typedef void (*PIPFORWARD_CHANGE_CALLBACK)
(void *CallerContext, void *Row, ULONG NotificationType);
typedef struct _WSANETWORKEVENTS {
long lNetworkEvents;
int iErrorCode[FD_MAX_EVENTS];
} WSANETWORKEVENTS, FAR * LPWSANETWORKEVENTS;
#endif
//---------------------------------------------------------------------------

33
Sandboxie/common/netfw.c
View File

@ -450,7 +450,7 @@ const WCHAR* wcsnchr(const WCHAR* str, size_t max, WCHAR ch)
int _inet_pton(int af, const wchar_t* src, void* dst);
int _inet_xton(const WCHAR* src, ULONG src_len, IP_ADDRESS *dst)
int _inet_xton(const WCHAR* src, ULONG src_len, IP_ADDRESS *dst, USHORT *type)
{
WCHAR tmp[46 + 1]; // INET6_ADDRSTRLEN
if (src_len > ARRAYSIZE(tmp) - 1) src_len = ARRAYSIZE(tmp) - 1;
@ -460,7 +460,7 @@ int _inet_xton(const WCHAR* src, ULONG src_len, IP_ADDRESS *dst)
USHORT af = wcschr(tmp, L':') != NULL ? AF_INET6 : AF_INET;
//dst->Type = af
int ret = _inet_pton(af, tmp, dst->Data);
if (type) *type = af;
return ret;
}
@ -522,16 +522,16 @@ BOOLEAN NetFw_ParseRule(NETFW_RULE* rule, const WCHAR* found_value)
ULONG ip_len2 = (ULONG)(ip_value - ip_str2);
IP_ADDRESS ip1;
_inet_xton(ip_str1, ip_len1, &ip1);
_inet_xton(ip_str1, ip_len1, &ip1, NULL);
IP_ADDRESS ip2;
_inet_xton(ip_str2, ip_len2, &ip2);
_inet_xton(ip_str2, ip_len2, &ip2, NULL);
NetFw_RuleAddIpRange(&rule->ip_map, &ip1, &ip2, rule->pool);
}
else
{
IP_ADDRESS ip;
_inet_xton(ip_str1, ip_len1, &ip);
_inet_xton(ip_str1, ip_len1, &ip, NULL);
NetFw_RuleAddIpRange(&rule->ip_map, &ip, &ip, rule->pool);
}
}
@ -552,6 +552,29 @@ BOOLEAN NetFw_ParseRule(NETFW_RULE* rule, const WCHAR* found_value)
}
BOOLEAN is_localhost(const struct sockaddr* name)
{
if (name->sa_family == AF_INET) {
const SOCKADDR_IN* v4 = (const SOCKADDR_IN*)name;
return v4->sin_addr.s_net == 0x7f;
}
if (name->sa_family == AF_INET6) {
const SOCKADDR_IN6_LH* v6 = (const SOCKADDR_IN6_LH*)name;
return v6->sin6_addr.u.Word[0] == 0 && v6->sin6_addr.u.Word[1] == 0 &&
v6->sin6_addr.u.Word[2] == 0 && v6->sin6_addr.u.Word[3] == 0 &&
v6->sin6_addr.u.Word[4] == 0 && v6->sin6_addr.u.Word[5] == 0 &&
v6->sin6_addr.u.Word[6] == 0 && v6->sin6_addr.u.Byte[14] == 0 &&
v6->sin6_addr.u.Byte[15] == 1;
}
return FALSE;
}
BOOLEAN is_inet(const struct sockaddr* name)
{
return name->sa_family == AF_INET || name->sa_family == AF_INET6;
}
#include <inaddr.h>
#include <in6addr.h>

8
Sandboxie/common/netfw.h
View File

@ -27,4 +27,12 @@ BOOLEAN NetFw_ParseRule(NETFW_RULE* rule, const WCHAR* RuleStr);
void NetFw_FreeRule(NETFW_RULE* rule);
int _wntoi(const WCHAR* str, ULONG max);
int _inet_pton(int af, const wchar_t* src, void* dst);
int _inet_aton(const wchar_t* from, struct in_addr* in);
int _inet_xton(const WCHAR* src, ULONG max, IP_ADDRESS* dst, USHORT* type);
BOOLEAN is_localhost(const struct sockaddr* name);
BOOLEAN is_inet(const struct sockaddr* name);
#endif

26
Sandboxie/common/pattern.c
View File

@ -58,6 +58,9 @@ struct _PATTERN {
// a value denoting the match level for the process
ULONG level;
// optional auxyliary data to be associated with this pattern
PVOID aux;
// array of pointers to constant parts. the actual number of
// elements is indicate by info.num_cons, and the strings are
// allocated as part of this PATTERN object
@ -308,6 +311,17 @@ _FX ULONG Pattern_Level(PATTERN *pat)
}
//---------------------------------------------------------------------------
// Pattern_Aux
//---------------------------------------------------------------------------
_FX PVOID* Pattern_Aux(PATTERN *pat)
{
return &pat->aux;
}
//---------------------------------------------------------------------------
// Pattern_Wildcards
//---------------------------------------------------------------------------
@ -655,7 +669,7 @@ _FX const WCHAR *Pattern_wcsnstr_ex(
_FX int Pattern_MatchPathList(
WCHAR *path_lwr, ULONG path_len, LIST *list, ULONG* plevel, ULONG* pflags, USHORT* pwildc, const WCHAR** patsrc)
WCHAR *path_lwr, ULONG path_len, LIST *list, ULONG* plevel, ULONG* pflags, USHORT* pwildc, PATTERN **found)
{
PATTERN *pat;
int match_len = 0;
@ -682,7 +696,7 @@ _FX int Pattern_MatchPathList(
level = cur_level;
flags = cur_exact ? MATCH_FLAG_EXACT : 0;
wildc = cur_wildc;
if (patsrc) *patsrc = Pattern_Source(pat);
if (found) *found = pat;
// we need to test all entries to find the best match, so we don't break here
// unless we found an exact match, than there can't be a batter one
@ -705,7 +719,7 @@ _FX int Pattern_MatchPathList(
level = cur_level;
flags = MATCH_FLAG_AUX | (cur_exact ? MATCH_FLAG_EXACT : 0);
wildc = cur_wildc;
if (patsrc) *patsrc = Pattern_Source(pat);
if (found) *found = pat;
}
}
@ -727,7 +741,7 @@ _FX int Pattern_MatchPathList(
_FX BOOLEAN Pattern_MatchPathListEx(WCHAR *path_lwr, ULONG path_len, LIST *list, ULONG* plevel, int* pmatch_len, ULONG* pflags, USHORT* pwildc, const WCHAR** patsrc)
{
const WCHAR* cur_patsrc;
PATTERN* found;
ULONG cur_level;
ULONG cur_flags;
USHORT cur_wildc;
@ -737,7 +751,7 @@ _FX BOOLEAN Pattern_MatchPathListEx(WCHAR *path_lwr, ULONG path_len, LIST *list,
cur_level = *plevel;
cur_flags = *pflags;
cur_wildc = *pwildc;
cur_len = Pattern_MatchPathList(path_lwr, path_len, list, &cur_level, &cur_flags, &cur_wildc, &cur_patsrc);
cur_len = Pattern_MatchPathList(path_lwr, path_len, list, &cur_level, &cur_flags, &cur_wildc, &found);
if (cur_level <= *plevel && (
((*pflags & MATCH_FLAG_EXACT) == 0 && (cur_flags & MATCH_FLAG_EXACT) != 0) || // an exact match overrules any non exact match
((*pflags & MATCH_FLAG_AUX) != 0 && (cur_flags & MATCH_FLAG_AUX) == 0) || // a rule with a primary match overrules auxiliary matches
@ -748,7 +762,7 @@ _FX BOOLEAN Pattern_MatchPathListEx(WCHAR *path_lwr, ULONG path_len, LIST *list,
*pflags = cur_flags;
*pwildc = cur_wildc;
*pmatch_len = cur_len;
if (patsrc) *patsrc = cur_patsrc;
if (patsrc) *patsrc = Pattern_Source(found);
return TRUE;
}

10
Sandboxie/common/pattern.h
View File

@ -71,7 +71,13 @@ const WCHAR *Pattern_Source(PATTERN *pat);
ULONG Pattern_Level(PATTERN *pat);
//
// Pattern_Wildcards: returns count of wildcards in the pattern, not counting the trailing * when present
// Pattern_Aux: returns the associated auxyliary data.
//
PVOID* Pattern_Aux(PATTERN *pat);
//
// Pattern_Wildcards: returns count of wildcards in the pattern, not counting the tailing * when rpresent
//
USHORT Pattern_Wildcards(PATTERN *pat);
@ -99,7 +105,7 @@ int Pattern_MatchX(PATTERN *pat, const WCHAR *string, int string_len);
#define MATCH_FLAG_AUX 0x02
int Pattern_MatchPathList(
WCHAR* path_lwr, ULONG path_len, LIST* list, ULONG* plevel, ULONG* pflags, USHORT* pwildc, const WCHAR** patsrc);
WCHAR* path_lwr, ULONG path_len, LIST* list, ULONG* plevel, ULONG* pflags, USHORT* pwildc, PATTERN **found);
BOOLEAN Pattern_MatchPathListEx(
WCHAR* path_lwr, ULONG path_len, LIST* list, ULONG* plevel, int* pmatch_len, ULONG* pflags, USHORT* pwildc, const WCHAR** patsrc);

110
Sandboxie/common/rc4.c Normal file
View File

@ -0,0 +1,110 @@
/*
* Copyright 2024 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
//---------------------------------------------------------------------------
// Simple INSECURE Encryption Functions
//---------------------------------------------------------------------------
#ifdef RC4_HEADER_ONLY
//---------------------------------------------------------------------------
// Functions
//---------------------------------------------------------------------------
#ifdef __cplusplus
extern "C" {
#endif
void rc4_crypt(const unsigned char *key_ptr, unsigned int key_len, unsigned int stream_pos, unsigned char *buffer_ptr, unsigned int buffer_len);
#ifdef __cplusplus
} // extern "C"
#endif
//---------------------------------------------------------------------------
// Body
//---------------------------------------------------------------------------
#else RC4_HEADER_ONLY
typedef struct rc4_sbox_s
{
unsigned char state[256];
unsigned int x;
unsigned int y;
} rc4_sbox_t;
void rc4_swap(unsigned char &a, unsigned char &b)
{
unsigned char c = a;
a = b;
b = c;
}
void rc4_init(rc4_sbox_t *rc4_sbox, const unsigned char *key_ptr, unsigned int key_len)
{
rc4_sbox->x = 0;
rc4_sbox->y = 0;
// Initialisation of the permutation
unsigned int i;
for (i = 0; i < 256; i++)
rc4_sbox->state[i] = (char)i;
// Mixing permutation
unsigned int j = 0;
unsigned int k;
for (i = 0; i < 256; i++)
{
k = i % key_len;
j = (key_ptr[k] + rc4_sbox->state[i] + j) & 0xff;
rc4_swap(rc4_sbox->state[i], rc4_sbox->state[j]);
}
}
void rc4_transform(rc4_sbox_t *rc4_sbox, unsigned char *buffer_ptr, unsigned int buffer_len)
{
unsigned int i;
for (i = 0; i < buffer_len; i++)
{
// The pseudo-random generation algorithm
rc4_sbox->x = (rc4_sbox->x + 1) & 0xff;
rc4_sbox->y = (rc4_sbox->y + rc4_sbox->state[rc4_sbox->x]) & 0xff;
rc4_swap(rc4_sbox->state[rc4_sbox->x], rc4_sbox->state[rc4_sbox->y]);
unsigned char keyChar = rc4_sbox->state[(rc4_sbox->state[rc4_sbox->x] + rc4_sbox->state[rc4_sbox->y]) & 0xff];
if (buffer_ptr) // NULL when seeking
buffer_ptr[i] ^= keyChar;
}
}
void rc4_crypt(const unsigned char* key_ptr, unsigned int key_len, unsigned int stream_pos, unsigned char* buffer_ptr, unsigned int buffer_len)
{
rc4_sbox_s sbox;
rc4_init(&sbox, key_ptr, key_len);
if(stream_pos) // RC4 is very insecure but the first few kb are espetially insecure
rc4_transform(&sbox, NULL, stream_pos);
rc4_transform(&sbox, buffer_ptr, buffer_len);
}
#endif RC4_HEADER_ONLY

10
Sandboxie/core/dll/SboxDll.vcxproj
View File

@ -622,6 +622,7 @@
<ClCompile Include="iphlp.c" />
<ClCompile Include="ipstore_enum.cpp" />
<ClCompile Include="ipstore_impl.cpp" />
<ClCompile Include="kernel.c" />
<ClCompile Include="key.c" />
<ClCompile Include="key_del.c">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
@ -673,6 +674,7 @@
<ClCompile Include="ole.cpp" />
<ClCompile Include="pdh.c" />
<ClCompile Include="proc.c" />
<ClCompile Include="proxy.c" />
<ClCompile Include="pst.cpp" />
<ClCompile Include="rpcrt.c" />
<ClCompile Include="sbieapi.c" />
@ -787,14 +789,16 @@
<ItemGroup>
<ClInclude Include="..\..\apps\com\common.h" />
<ClInclude Include="..\..\common\arm64_asm.h" />
<ClInclude Include="..\..\common\defines.h" />
<ClInclude Include="..\..\common\Detours\detours.h" />
<ClInclude Include="..\..\common\Detours\detver.h" />
<ClInclude Include="..\..\common\dllimport.h" />
<ClInclude Include="..\..\common\map.h" />
<ClInclude Include="..\..\common\my_version.h" />
<ClInclude Include="..\..\common\my_wsa.h" />
<ClInclude Include="..\..\common\my_xeb.h" />
<ClInclude Include="..\..\common\ntproto.h" />
<ClInclude Include="..\..\common\str_util.h" />
<ClInclude Include="..\..\common\my_wsa.h" />
<ClInclude Include="..\..\common\list.h" />
<ClInclude Include="..\..\common\netfw.h" />
<ClInclude Include="..\..\common\pattern.h" />
@ -805,6 +809,9 @@
<ClInclude Include="advapi.h" />
<ClInclude Include="debug.h" />
<ClInclude Include="dll.h" />
<ClCompile Include="dns_filter.c">
<FileType>CppCode</FileType>
</ClCompile>
<ClInclude Include="dump.h" />
<ClInclude Include="guidlg.h" />
<ClInclude Include="gui_p.h" />
@ -819,6 +826,7 @@
<ClInclude Include="sbiedll.h" />
<ClInclude Include="taskbar.h" />
<ClInclude Include="trace.h" />
<ClInclude Include="wsa_defs.h" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="lowlevel.rc" />

22
Sandboxie/core/dll/SboxDll.vcxproj.filters
View File

@ -256,6 +256,13 @@
<ClCompile Include="..\..\common\hook_util.c">
<Filter>common</Filter>
</ClCompile>
<ClCompile Include="proxy.c">
<Filter>net</Filter>
</ClCompile>
<ClCompile Include="dns_filter.c">
<Filter>net</Filter>
</ClCompile>
<ClCompile Include="kernel.c" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="advapi.h" />
@ -311,9 +318,6 @@
<ClInclude Include="..\..\common\list.h">
<Filter>common</Filter>
</ClInclude>
<ClInclude Include="..\..\common\my_wsa.h">
<Filter>common</Filter>
</ClInclude>
<ClInclude Include="..\..\common\str_util.h">
<Filter>common</Filter>
</ClInclude>
@ -356,6 +360,18 @@
<ClInclude Include="..\..\common\arm64_asm.h">
<Filter>common</Filter>
</ClInclude>
<ClInclude Include="..\..\common\defines.h">
<Filter>common</Filter>
</ClInclude>
<ClInclude Include="wsa_defs.h">
<Filter>net</Filter>
</ClInclude>
<ClInclude Include="..\..\common\my_wsa.h">
<Filter>common</Filter>
</ClInclude>
<ClInclude Include="..\..\common\my_xeb.h">
<Filter>common</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="resource.rc" />

6
Sandboxie/core/dll/config.c
View File

@ -322,14 +322,14 @@ _FX BOOLEAN Config_InitPatternList(const WCHAR* boxname, const WCHAR* setting, L
if (!NT_SUCCESS(status))
break;
++index;
if (dos)
SbieDll_TranslateNtToDosPath(conf_buf);
ULONG level;
WCHAR* value = Config_MatchImageAndGetValue(conf_buf, Dll_ImageName, &level);
if (value)
{
if (dos && *value != L'*')
SbieDll_TranslateNtToDosPath(value);
pat = Pattern_Create(Dll_Pool, value, TRUE, level);
List_Insert_After(list, NULL, pat);

15
Sandboxie/core/dll/dll.h
View File

@ -404,19 +404,6 @@ void SbieDll_ReleaseFilePathLock();
BOOLEAN SbieDll_HasReadableSubPath(WCHAR path_code, const WCHAR* TruePath);
#define PATH_OPEN_FLAG 0x10
#define PATH_CLOSED_FLAG 0x20
#define PATH_WRITE_FLAG 0x40
#define PATH_IS_OPEN(f) (((f) & PATH_OPEN_FLAG) != 0)
#define PATH_NOT_OPEN(f) (((f) & PATH_OPEN_FLAG) == 0)
#define PATH_IS_CLOSED(f) (((f) & PATH_CLOSED_FLAG) != 0)
#define PATH_NOT_CLOSED(f) (((f) & PATH_CLOSED_FLAG) == 0)
#define PATH_IS_WRITE(f) (((f) & PATH_WRITE_FLAG) != 0)
#define PATH_NOT_WRITE(f) (((f) & PATH_WRITE_FLAG) == 0)
//---------------------------------------------------------------------------
// Functions (dllmain)
@ -734,6 +721,8 @@ BOOLEAN SH32_Init_ZipFldr(HMODULE);
BOOLEAN SH32_Init_UxTheme(HMODULE);
BOOLEAN Kernel_Init();
BOOLEAN Gui_Init(HMODULE);
BOOLEAN Gui_Init_IMM32(HMODULE);

3
Sandboxie/core/dll/dllmain.c
View File

@ -496,6 +496,9 @@ _FX void Dll_InitInjected(void)
if (ok)
ok = Proc_Init();
if (ok)
ok = Kernel_Init();
if (ok)
ok = Gui_InitConsole1();

139
Sandboxie/core/dll/dllpath.c
View File

@ -28,7 +28,6 @@
#include "core/drv/api_defs.h"
#include "core/drv/api_flags.h"
#define USE_MATCH_PATH_EX
//---------------------------------------------------------------------------
// Structures and Types
@ -317,20 +316,11 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
LIST *open_list, *closed_list, *write_list;
PATTERN *pat;
#endif
WCHAR *path_lwr;
ULONG path_len;
ULONG mp_flags;
ULONG monflag;
mp_flags = 0;
if (path == (const WCHAR *)-1) {
path = NULL;
path_len = 0;
} else {
path_len = wcslen(path);
if (! path_len)
return 0;
}
if (path_code == L'f') {
@ -446,13 +436,82 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
} else
return 0;
#ifdef USE_MATCH_PATH_EX
BOOLEAN use_rule_specificity = (path_code == L'f' || path_code == L'k' || path_code == L'i') && (Dll_ProcessFlags & SBIE_FLAG_RULE_SPECIFICITY) != 0;
//BOOLEAN use_privacy_mode = (path_code == L'f' || path_code == L'k') && (Dll_ProcessFlags & SBIE_FLAG_PRIVACY_MODE) != 0;
//mp_flags = SbieDll_MatchPathImpl(use_rule_specificity, use_privacy_mode, path, normal_list, open_list, closed_list, write_list, read_list);
mp_flags = SbieDll_MatchPathImpl(use_rule_specificity, path, normal_list, open_list, closed_list, write_list, read_list);
#else
mp_flags = SbieDll_MatchPathImpl(path, open_list, closed_list, write_list);
#endif
if (path_code == L'f')
LeaveCriticalSection(&Dll_FilePathListCritSec);
//
// scan paths list. if the path to match does not already end with
// a backslash character, we will check it twice, second time with
// a suffixing backslash. this will make sure we match C:\X even
// even when {Open,Closed}XxxPath=C:\X\ (with a backslash suffix)
// make sure that Sandboxie resources marked "always in box"
// will not match any OpenIpcPath or ClosedIpcPath settings
//
if (path_code == L'i' && mp_flags && path) {
WCHAR *LastBackSlash = wcsrchr(path, L'\\');
if (LastBackSlash && wcsncmp(LastBackSlash + 1,
SBIE_BOXED_, SBIE_BOXED_LEN) == 0) {
mp_flags = 0;
}
}
//
// log access request in the resource access monitor
//
if (path && monflag) {
if (PATH_IS_CLOSED(mp_flags))
monflag |= MONITOR_DENY;
// If hts file or key it will be logged by the driver's trace facility
// we only have to log closed events as those never reach the driver
// we need to always log to have also logs in compartment mode
//else if (monflag == MONITOR_FILE || monflag == MONITOR_KEY)
// bMonitorLog = FALSE;
else if (PATH_IS_OPEN(mp_flags))
monflag |= MONITOR_OPEN;
if (bMonitorLog)
{
SbieApi_MonitorPut2(monflag, path, bCheckObjectExists);
}
}
return mp_flags;
}
//---------------------------------------------------------------------------
// SbieDll_MatchPath2
//---------------------------------------------------------------------------
#ifdef USE_MATCH_PATH_EX
//_FX ULONG SbieDll_MatchPathImpl(BOOLEAN use_rule_specificity, BOOLEAN use_privacy_mode, const WCHAR* path, LIST* normal_list, LIST* open_list, LIST* closed_list, LIST* write_list, LIST* read_list)
_FX ULONG SbieDll_MatchPathImpl(BOOLEAN use_rule_specificity, const WCHAR* path, LIST* normal_list, LIST* open_list, LIST* closed_list, LIST* write_list, LIST* read_list)
#else
_FX ULONG SbieDll_MatchPathImpl(const WCHAR* path, LIST* open_list, LIST* closed_list, LIST* write_list)
#endif
{
WCHAR *path_lwr;
ULONG path_len = 0;
ULONG mp_flags = 0;
if(path) {
path_len = wcslen(path);
if (! path_len)
return 0;
}
path_lwr = Dll_AllocTemp((path_len + 4) * sizeof(WCHAR));
wmemcpy(path_lwr, path, path_len);
@ -468,8 +527,6 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
ULONG flags;
USHORT wildc;
BOOLEAN use_rule_specificity = (path_code == L'f' || path_code == L'k' || path_code == L'i') && (Dll_ProcessFlags & SBIE_FLAG_RULE_SPECIFICITY) != 0;
//
// set default behaviour
//
@ -506,7 +563,7 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
//
if (Pattern_MatchPathListEx(path_lwr, path_len, read_list, &level, &match_len, &flags, &wildc, NULL)) { //patsrc)) {
mp_flags = PATH_OPEN_FLAG; // say its open and let the driver deny the write access
mp_flags = PATH_READ_FLAG;
if (!use_rule_specificity) goto finish;
}
@ -531,6 +588,14 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
finish:
#else
//
// scan paths list. if the path to match does not already end with
// a backslash character, we will check it twice, second time with
// a suffixing backslash. this will make sure we match C:\X even
// even when {Open,Closed}XxxPath=C:\X\ (with a backslash suffix)
//
//
// ClosedXxxPath
//
@ -621,46 +686,6 @@ finish:
}
#endif
if (path_code == L'f')
LeaveCriticalSection(&Dll_FilePathListCritSec);
//
// make sure that Sandboxie resources marked "always in box"
// will not match any OpenIpcPath or ClosedIpcPath settings
//
if (path_code == L'i' && mp_flags && path) {
WCHAR *LastBackSlash = wcsrchr(path, L'\\');
if (LastBackSlash && wcsncmp(LastBackSlash + 1,
SBIE_BOXED_, SBIE_BOXED_LEN) == 0) {
mp_flags = 0;
}
}
//
// log access request in the resource access monitor
//
if (path && monflag) {
if (PATH_IS_CLOSED(mp_flags))
monflag |= MONITOR_DENY;
// If hts file or key it will be logged by the driver's trace facility
// we only have to log closed events as those never reach the driver
// we need to always log to have also logs in compartment mode
//else if (monflag == MONITOR_FILE || monflag == MONITOR_KEY)
// bMonitorLog = FALSE;
else if (PATH_IS_OPEN(mp_flags))
monflag |= MONITOR_OPEN;
if (bMonitorLog)
{
SbieApi_MonitorPut2(monflag, path, bCheckObjectExists);
}
}
Dll_Free(path_lwr);
return mp_flags;

437
Sandboxie/core/dll/dns_filter.c Normal file
View File

@ -0,0 +1,437 @@
/*
* Copyright 2022 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
//---------------------------------------------------------------------------
// DNS Filter
//---------------------------------------------------------------------------
#define NOGDI
#include "dll.h"
#include <windows.h>
#include <wchar.h>
#include <oleauto.h>
#include "common/my_wsa.h"
#include "common/netfw.h"
#include "common/map.h"
#include "wsa_defs.h"
#include "common/pattern.h"
#include "common/str_util.h"
#include "core/drv/api_defs.h"
#include "core/drv/verify.h"
//---------------------------------------------------------------------------
// Functions
//---------------------------------------------------------------------------
static int WSA_WSALookupServiceBeginW(
LPWSAQUERYSETW lpqsRestrictions,
DWORD dwControlFlags,
LPHANDLE lphLookup);
static int WSA_WSALookupServiceNextW(
HANDLE hLookup,
DWORD dwControlFlags,
LPDWORD lpdwBufferLength,
LPWSAQUERYSETW lpqsResults);
static int WSA_WSALookupServiceEnd(HANDLE hLookup);
BOOLEAN WSA_GetIP(const short* addr, int addrlen, IP_ADDRESS* pIP);
void WSA_DumpIP(ADDRESS_FAMILY af, IP_ADDRESS* pIP, wchar_t* pStr);
//---------------------------------------------------------------------------
static P_WSALookupServiceBeginW __sys_WSALookupServiceBeginW = NULL;
static P_WSALookupServiceNextW __sys_WSALookupServiceNextW = NULL;
static P_WSALookupServiceEnd __sys_WSALookupServiceEnd = NULL;
//---------------------------------------------------------------------------
// Variables
//---------------------------------------------------------------------------
extern POOL* Dll_Pool;
static LIST WSA_FilterList;
static BOOLEAN WSA_FilterEnabled = FALSE;
typedef struct _IP_ENTRY
{
LIST_ELEM list_elem;
USHORT Type;
IP_ADDRESS IP;
} IP_ENTRY;
typedef struct _WSA_LOOKUP {
LIST* pEntries;
BOOLEAN NoMore;
} WSA_LOOKUP;
static HASH_MAP WSA_LookupMap;
static BOOLEAN WSA_DnsTraceFlag = FALSE;
//---------------------------------------------------------------------------
// WSA_GetLookup
//---------------------------------------------------------------------------
_FX WSA_LOOKUP* WSA_GetLookup(HANDLE h, BOOLEAN bCanAdd)
{
WSA_LOOKUP* pLookup = (WSA_LOOKUP*)map_get(&WSA_LookupMap, h);
if (pLookup == NULL && bCanAdd)
pLookup = (WSA_LOOKUP*)map_insert(&WSA_LookupMap, h, NULL, sizeof(WSA_LOOKUP));
return pLookup;
}
//---------------------------------------------------------------------------
// WSA_InitNetDnsFilter
//---------------------------------------------------------------------------
_FX BOOLEAN WSA_InitNetDnsFilter(HMODULE module)
{
P_WSALookupServiceBeginW WSALookupServiceBeginW;
P_WSALookupServiceNextW WSALookupServiceNextW;
P_WSALookupServiceEnd WSALookupServiceEnd;
List_Init(&WSA_FilterList);
//
// Load filter rules
//
WCHAR conf_buf[256];
for (ULONG index = 0; ; ++index) {
NTSTATUS status = SbieApi_QueryConf(
NULL, L"NetworkDnsFilter", index, conf_buf, sizeof(conf_buf) - 16 * sizeof(WCHAR));
if (!NT_SUCCESS(status))
break;
ULONG level = -1;
WCHAR* value = Config_MatchImageAndGetValue(conf_buf, Dll_ImageName, &level);
if (!value)
continue;
WCHAR* domain_ip = wcschr(value, L':');
if (domain_ip)
*domain_ip++ = L'\0';
PATTERN* pat = Pattern_Create(Dll_Pool, value, TRUE, level);
if (domain_ip) {
LIST* entries = (LIST*)Dll_Alloc(sizeof(LIST));
List_Init(entries);
BOOLEAN HasV6 = FALSE;
const WCHAR* ip_value = domain_ip;
ULONG ip_len = wcslen(domain_ip);
for (const WCHAR* ip_end = ip_value + ip_len; ip_value < ip_end;) {
const WCHAR* ip_str1;
ULONG ip_len1;
ip_value = SbieDll_GetTagValue(ip_value, ip_end, &ip_str1, &ip_len1, L';');
IP_ENTRY* entry = (IP_ENTRY*)Dll_Alloc(sizeof(IP_ENTRY));
if (_inet_xton(ip_str1, ip_len1, &entry->IP, &entry->Type) == 1) {
if (entry->Type == AF_INET6)
HasV6 = TRUE;
List_Insert_After(entries, NULL, entry);
}
}
if (!HasV6) {
//
// when there are no IPv6 entries create mapped once from the v4 ips
//
for (IP_ENTRY* entry = (IP_ENTRY*)List_Head(entries); entry && entry->Type == AF_INET; entry = (IP_ENTRY*)List_Next(entry)) {
IP_ENTRY* entry6 = (IP_ENTRY*)Dll_Alloc(sizeof(IP_ENTRY));
entry6->Type = AF_INET6;
entry6->IP = entry->IP;
List_Insert_After(entries, NULL, entry6);
}
}
PVOID* aux = Pattern_Aux(pat);
*aux = entries;
}
List_Insert_After(&WSA_FilterList, NULL, pat);
}
if (WSA_FilterList.count > 0) {
WSA_FilterEnabled = TRUE;
map_init(&WSA_LookupMap, Dll_Pool);
SCertInfo CertInfo = { 0 };
if (!NT_SUCCESS(SbieApi_Call(API_QUERY_DRIVER_INFO, 3, -1, (ULONG_PTR)&CertInfo, sizeof(CertInfo))) || !CERT_IS_LEVEL(CertInfo, eCertAdvanced)) {
const WCHAR* strings[] = { L"NetworkDnsFilter" , NULL };
SbieApi_LogMsgExt(-1, 6009, strings);
WSA_FilterEnabled = FALSE;
}
}
//
// Setup DNS hooks
//
WSALookupServiceBeginW = (P_WSALookupServiceBeginW)GetProcAddress(module, "WSALookupServiceBeginW");
if (WSALookupServiceBeginW) {
SBIEDLL_HOOK(WSA_,WSALookupServiceBeginW);
}
WSALookupServiceNextW = (P_WSALookupServiceNextW)GetProcAddress(module, "WSALookupServiceNextW");
if (WSALookupServiceNextW) {
SBIEDLL_HOOK(WSA_,WSALookupServiceNextW);
}
WSALookupServiceEnd = (P_WSALookupServiceEnd)GetProcAddress(module, "WSALookupServiceEnd");
if (WSALookupServiceEnd) {
SBIEDLL_HOOK(WSA_,WSALookupServiceEnd);
}
// If there are any DnsTrace options set, then output this debug string
WCHAR wsTraceOptions[4];
if (SbieApi_QueryConf(NULL, L"DnsTrace", 0, wsTraceOptions, sizeof(wsTraceOptions)) == STATUS_SUCCESS && wsTraceOptions[0] != L'\0')
WSA_DnsTraceFlag = TRUE;
return TRUE;
}
//---------------------------------------------------------------------------
// WSA_WSALookupServiceBeginW
//---------------------------------------------------------------------------
_FX int WSA_WSALookupServiceBeginW(
LPWSAQUERYSETW lpqsRestrictions,
DWORD dwControlFlags,
LPHANDLE lphLookup)
{
int ret = __sys_WSALookupServiceBeginW(lpqsRestrictions, dwControlFlags, lphLookup);
if (WSA_DnsTraceFlag) {
WCHAR ClsId[64] = { 0 };
if (lpqsRestrictions->lpServiceClassId) {
Sbie_snwprintf(ClsId, 64, L" (ClsId: %08lX-%04hX-%04hX-%02hhX%02hhX-%02hhX%02hhX%02hhX%02hhX%02hhX%02hhX)",
lpqsRestrictions->lpServiceClassId->Data1, lpqsRestrictions->lpServiceClassId->Data2, lpqsRestrictions->lpServiceClassId->Data3,
lpqsRestrictions->lpServiceClassId->Data4[0], lpqsRestrictions->lpServiceClassId->Data4[1], lpqsRestrictions->lpServiceClassId->Data4[2], lpqsRestrictions->lpServiceClassId->Data4[3],
lpqsRestrictions->lpServiceClassId->Data4[4], lpqsRestrictions->lpServiceClassId->Data4[5], lpqsRestrictions->lpServiceClassId->Data4[6], lpqsRestrictions->lpServiceClassId->Data4[7]);
}
WCHAR msg[256];
Sbie_snwprintf(msg, 256, L"DNS Request Begin: %s%s, NS: %d, Hdl: 0x%x, Err: %d)",
lpqsRestrictions->lpszServiceInstanceName ? lpqsRestrictions->lpszServiceInstanceName : L"Unnamed",
ClsId, lpqsRestrictions->dwNameSpace, lphLookup ? *lphLookup : NULL, ret == SOCKET_ERROR ? GetLastError() : 0);
SbieApi_MonitorPutMsg(MONITOR_DNS, msg);
}
if (WSA_FilterEnabled && ret == NO_ERROR) {
if (lpqsRestrictions->lpszServiceInstanceName) {
ULONG path_len = wcslen(lpqsRestrictions->lpszServiceInstanceName);
WCHAR* path_lwr = (WCHAR*)Dll_AllocTemp((path_len + 4) * sizeof(WCHAR));
wmemcpy(path_lwr, lpqsRestrictions->lpszServiceInstanceName, path_len);
path_lwr[path_len] = L'\0';
_wcslwr(path_lwr);
PATTERN* found;
if (Pattern_MatchPathList(path_lwr, path_len, &WSA_FilterList, NULL, NULL, NULL, &found) > 0) {
WCHAR msg[256];
Sbie_snwprintf(msg, 256, L"DNS Request Filtered: %s (Hdl: 0x%x)", Pattern_Source(found), *lphLookup);
SbieApi_MonitorPutMsg(MONITOR_DNS | MONITOR_DENY, msg);
WSA_LOOKUP* pLookup = WSA_GetLookup(*lphLookup, TRUE);
PVOID* aux = Pattern_Aux(found);
if (*aux)
pLookup->pEntries = (LIST*)*aux;
else
pLookup->NoMore = TRUE;
}
}
}
return ret;
}
//---------------------------------------------------------------------------
// WSA_WSALookupServiceNextW
//---------------------------------------------------------------------------
_FX int WSA_WSALookupServiceNextW(
HANDLE hLookup,
DWORD dwControlFlags,
LPDWORD lpdwBufferLength,
LPWSAQUERYSETW lpqsResults)
{
WSA_LOOKUP* pLookup = NULL;
if (WSA_FilterEnabled) {
pLookup = WSA_GetLookup(hLookup, FALSE);
if (pLookup && pLookup->NoMore) {
SetLastError(WSA_E_NO_MORE);
return SOCKET_ERROR;
}
}
int ret = __sys_WSALookupServiceNextW(hLookup, dwControlFlags, lpdwBufferLength, lpqsResults);
if (pLookup && pLookup->pEntries) {
//
// This is a bit a simplified implementation, it assumes that all results are always of the same time
// else it may truncate it early, also it cant return more results the have been found.
//
if (lpqsResults->dwNumberOfCsAddrs > 0) {
IP_ENTRY* entry = (IP_ENTRY*)List_Head(pLookup->pEntries);
for (DWORD i = 0; i < lpqsResults->dwNumberOfCsAddrs; i++) {
USHORT af = lpqsResults->lpcsaBuffer[i].RemoteAddr.lpSockaddr->sa_family;
for (; entry && entry->Type != af; entry = (IP_ENTRY*)List_Next(entry)); // skip to an antry of teh right type
if (!entry) { // no more entries clear remaining results
lpqsResults->dwNumberOfCsAddrs = i;
break;
}
if (af == AF_INET6)
memcpy(((SOCKADDR_IN6_LH*)lpqsResults->lpcsaBuffer[i].RemoteAddr.lpSockaddr)->sin6_addr.u.Byte, entry->IP.Data, 16);
else if (af == AF_INET)
((SOCKADDR_IN*)lpqsResults->lpcsaBuffer[i].RemoteAddr.lpSockaddr)->sin_addr.S_un.S_addr = entry->IP.Data32[3];
entry = (IP_ENTRY*)List_Next(entry);
}
}
if (lpqsResults->lpBlob != NULL) {
IP_ENTRY* entry = (IP_ENTRY*)List_Head(pLookup->pEntries);
HOSTENT* hp = (HOSTENT*)lpqsResults->lpBlob->pBlobData;
if (hp->h_addrtype == AF_INET6 || hp->h_addrtype == AF_INET) {
for (PCHAR* Addr = (PCHAR*)(((UINT_PTR)hp->h_addr_list + (UINT_PTR)hp)); *Addr; Addr++) {
for (; entry && entry->Type != hp->h_addrtype; entry = (IP_ENTRY*)List_Next(entry)); // skip to an antry of teh right type
if (!entry) { // no more entries clear remaining results
*Addr = 0;
continue;
}
PCHAR ptr = (PCHAR)(((UINT_PTR)*Addr + (UINT_PTR)hp));
if (hp->h_addrtype == AF_INET6)
memcpy(ptr, entry->IP.Data, 16);
else if (hp->h_addrtype == AF_INET)
*(DWORD*)ptr = entry->IP.Data32[3];
entry = (IP_ENTRY*)List_Next(entry);
}
}
}
pLookup->NoMore = TRUE;
}
if (WSA_DnsTraceFlag) {
WCHAR msg[2048];
Sbie_snwprintf(msg, 256, L"DNS Request Found: %s (NS: %d, Hdl: 0x%x, Err: %d)",
lpqsResults->lpszServiceInstanceName, lpqsResults->dwNameSpace, hLookup, ret == SOCKET_ERROR ? GetLastError() : 0);
for (DWORD i = 0; i < lpqsResults->dwNumberOfCsAddrs; i++) {
IP_ADDRESS ip;
if (WSA_GetIP(lpqsResults->lpcsaBuffer[i].RemoteAddr.lpSockaddr, lpqsResults->lpcsaBuffer[i].RemoteAddr.iSockaddrLength, &ip))
WSA_DumpIP(lpqsResults->lpcsaBuffer[i].RemoteAddr.lpSockaddr->sa_family, &ip, msg);
}
if (lpqsResults->lpBlob != NULL) {
HOSTENT* hp = (HOSTENT*)lpqsResults->lpBlob->pBlobData;
if (hp->h_addrtype != AF_INET6 && hp->h_addrtype != AF_INET) {
WSA_DumpIP(hp->h_addrtype, NULL, msg);
}
else if (hp->h_addr_list) {
for (PCHAR* Addr = (PCHAR*)(((UINT_PTR)hp->h_addr_list + (UINT_PTR)hp)); *Addr; Addr++) {
PCHAR ptr = (PCHAR)(((UINT_PTR)*Addr + (UINT_PTR)hp));
IP_ADDRESS ip;
if (hp->h_addrtype == AF_INET6)
memcpy(ip.Data, ptr, 16);
else if (hp->h_addrtype == AF_INET)
ip.Data32[3] = *(DWORD*)ptr;
WSA_DumpIP(hp->h_addrtype, &ip, msg);
}
}
}
SbieApi_MonitorPutMsg(MONITOR_DNS, msg);
}
return ret;
}
//---------------------------------------------------------------------------
// WSA_WSALookupServiceEnd
//---------------------------------------------------------------------------
_FX int WSA_WSALookupServiceEnd(HANDLE hLookup)
{
if (WSA_FilterEnabled)
map_remove(&WSA_LookupMap, hLookup);
if (WSA_DnsTraceFlag) {
WCHAR msg[256];
Sbie_snwprintf(msg, 256, L"DNS Request End (Hdl: 0x%x)", hLookup);
SbieApi_MonitorPutMsg(MONITOR_DNS, msg);
}
return __sys_WSALookupServiceEnd(hLookup);
}

1
Sandboxie/core/dll/gui.c
View File

@ -429,6 +429,7 @@ _FX BOOLEAN Gui_Init(HMODULE module)
GUI_IMPORT___(QueryPerformanceCounter);
module = temp;
GUI_IMPORT___(SetTimer);
GUI_IMPORT___(MsgWaitForMultipleObjects);
GUI_IMPORT_AW(PeekMessage);
GUI_IMPORT___(MessageBoxW);

33
Sandboxie/core/dll/gui_p.h
View File

@ -100,26 +100,10 @@ typedef void (*P_SwitchToThisWindow)(HWND hWnd, BOOL fAlt);
typedef HWND(*P_SetActiveWindow)(HWND hWnd);
typedef DWORD(*P_GetTickCount)();
typedef ULONGLONG (*P_GetTickCount64)();
typedef BOOL(*P_QueryUnbiasedInterruptTime)(
PULONGLONG UnbiasedTime
);
typedef void(*P_Sleep)(DWORD dwMiSecond);
typedef DWORD(*P_SleepEx)(DWORD dwMiSecond, BOOL bAlert);
typedef BOOL (*P_QueryPerformanceCounter)(
LARGE_INTEGER* lpPerformanceCount
);
typedef UINT_PTR (*P_SetTimer)(
HWND hWnd,
UINT_PTR nIDEvent,
UINT uElapse,
HWND hWnd,
UINT_PTR nIDEvent,
UINT uElapse,
TIMERPROC lpTimerFunc
);
@ -476,8 +460,6 @@ typedef HBITMAP(*P_CreateCompatibleBitmap)(_In_ HDC hdc, _In_ int cx, _In_ int c
typedef BOOL (*P_ShutdownBlockReasonCreate)(HWND hWnd, LPCWSTR pwszReason);
typedef EXECUTION_STATE (*P_SetThreadExecutionState)(EXECUTION_STATE esFlags);
typedef BOOL (*P_SetThreadDesktop)(HDESK hDesktop);
typedef BOOL (*P_SwitchDesktop)(HDESK hDesktop);
@ -635,18 +617,11 @@ GUI_SYS_VAR_2(SendMessage)
GUI_SYS_VAR_2(SendMessageTimeout)
//GUI_SYS_VAR_2(SendMessageCallback)
GUI_SYS_VAR(ShutdownBlockReasonCreate)
GUI_SYS_VAR(SetThreadExecutionState)
GUI_SYS_VAR_2(SendNotifyMessage)
GUI_SYS_VAR_2(PostMessage)
GUI_SYS_VAR_2(PostThreadMessage)
GUI_SYS_VAR_2(DispatchMessage)
GUI_SYS_VAR(Sleep)
GUI_SYS_VAR(SleepEx)
GUI_SYS_VAR(GetTickCount)
GUI_SYS_VAR(QueryUnbiasedInterruptTime)
GUI_SYS_VAR(GetTickCount64)
GUI_SYS_VAR(QueryPerformanceCounter)
GUI_SYS_VAR(SetTimer)
GUI_SYS_VAR(MapWindowPoints)

62
Sandboxie/core/dll/guimisc.c
View File

@ -119,29 +119,7 @@ static int Gui_ReleaseDC(HWND hWnd, HDC hDc);
static BOOL Gui_ShutdownBlockReasonCreate(HWND hWnd, LPCWSTR pwszReason);
static EXECUTION_STATE Gui_SetThreadExecutionState(EXECUTION_STATE esFlags);
static DWORD Gui_GetTickCount();
static ULONGLONG Gui_GetTickCount64();
static BOOL Gui_QueryUnbiasedInterruptTime(
PULONGLONG UnbiasedTime
);
static void Gui_Sleep(DWORD dwMiSecond);
static DWORD Gui_SleepEx(DWORD dwMiSecond, BOOL bAlert);
static BOOL Gui_QueryPerformanceCounter(
LARGE_INTEGER* lpPerformanceCount
);
static UINT_PTR Gui_SetTimer(
HWND hWnd,
UINT_PTR nIDEvent,
UINT uElapse,
TIMERPROC lpTimerFunc
);
static UINT_PTR Gui_SetTimer(HWND hWnd, UINT_PTR nIDEvent, UINT uElapse, TIMERPROC lpTimerFunc);
//---------------------------------------------------------------------------
@ -311,27 +289,13 @@ _FX BOOLEAN Gui_InitMisc(HMODULE module)
if (SbieApi_QueryConfBool(NULL, L"BlockInterferePower", FALSE)) {
SBIEDLL_HOOK_GUI(ShutdownBlockReasonCreate);
module = Dll_Kernel32;
SBIEDLL_HOOK(Gui_, SetThreadExecutionState);
}
if (SbieApi_QueryConfBool(NULL, L"UseChangeSpeed", FALSE))
{
module = current;
SBIEDLL_HOOK(Gui_, SetTimer);
module = Dll_Kernel32;
SBIEDLL_HOOK(Gui_, GetTickCount);
P_GetTickCount64 GetTickCount64 = Ldr_GetProcAddrNew(Dll_Kernel32, "GetTickCount64", "GetTickCount64");
if (GetTickCount64)
SBIEDLL_HOOK(Gui_, GetTickCount64);
P_QueryUnbiasedInterruptTime QueryUnbiasedInterruptTime = Ldr_GetProcAddrNew(Dll_Kernel32, "QueryUnbiasedInterruptTime", "QueryUnbiasedInterruptTime");
if (QueryUnbiasedInterruptTime)
SBIEDLL_HOOK(Gui_, QueryUnbiasedInterruptTime);
SBIEDLL_HOOK(Gui_, QueryPerformanceCounter);
SBIEDLL_HOOK(Gui_, Sleep);
SBIEDLL_HOOK(Gui_, SleepEx);
if (SbieApi_QueryConfBool(NULL, L"UseChangeSpeed", FALSE)) {
P_SetTimer SetTimer = Ldr_GetProcAddrNew(DllName_user32, "SetTimer", "SetTimer");
if (SetTimer) {
SBIEDLL_HOOK(Gui_, SetTimer);
}
}
return TRUE;
@ -1675,15 +1639,17 @@ _FX BOOL Gui_ShutdownBlockReasonCreate(HWND hWnd, LPCWSTR pwszReason)
//---------------------------------------------------------------------------
// Gui_SetThreadExecutionState
// Gui_SetTimer
//---------------------------------------------------------------------------
_FX EXECUTION_STATE Gui_SetThreadExecutionState(EXECUTION_STATE esFlags)
_FX UINT_PTR Gui_SetTimer(HWND hWnd, UINT_PTR nIDEvent, UINT uElapse, TIMERPROC lpTimerFunc)
{
SetLastError(ERROR_ACCESS_DENIED);
return 0;
//return __sys_SetThreadExecutionState(esFlags);
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddTimerSpeed", 1), low = SbieApi_QueryConfNumber(NULL, L"LowTimerSpeed", 1);
if (add != 0 && low != 0)
return __sys_SetTimer(hWnd, nIDEvent, uElapse * add / low, lpTimerFunc);
else
return 0;
}

206
Sandboxie/core/dll/kernel.c Normal file
View File

@ -0,0 +1,206 @@
/*
* Copyright 2021-2024 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
//---------------------------------------------------------------------------
// Kernel
//---------------------------------------------------------------------------
//#define NOGDI
//#include <windows.h>
//#include "common/win32_ntddk.h"
#include "dll.h"
//---------------------------------------------------------------------------
// Functions Prototypes
//---------------------------------------------------------------------------
typedef EXECUTION_STATE (*P_SetThreadExecutionState)(EXECUTION_STATE esFlags);
typedef DWORD(*P_GetTickCount)();
typedef ULONGLONG (*P_GetTickCount64)();
typedef BOOL(*P_QueryUnbiasedInterruptTime)(PULONGLONG UnbiasedTime);
//typedef void(*P_Sleep)(DWORD dwMiSecond);
typedef DWORD(*P_SleepEx)(DWORD dwMiSecond, BOOL bAlert);
typedef BOOL (*P_QueryPerformanceCounter)(LARGE_INTEGER* lpPerformanceCount);
//---------------------------------------------------------------------------
// Variables
//---------------------------------------------------------------------------
P_SetThreadExecutionState __sys_SetThreadExecutionState = NULL;
//P_Sleep __sys_Sleep = NULL;
P_SleepEx __sys_SleepEx = NULL;
P_GetTickCount __sys_GetTickCount = NULL;
P_GetTickCount64 __sys_GetTickCount64 = NULL;
P_QueryUnbiasedInterruptTime __sys_QueryUnbiasedInterruptTime = NULL;
P_QueryPerformanceCounter __sys_QueryPerformanceCounter = NULL;
//---------------------------------------------------------------------------
// Functions
//---------------------------------------------------------------------------
static EXECUTION_STATE Kernel_SetThreadExecutionState(EXECUTION_STATE esFlags);
static DWORD Kernel_GetTickCount();
static ULONGLONG Kernel_GetTickCount64();
static BOOL Kernel_QueryUnbiasedInterruptTime(PULONGLONG UnbiasedTime);
//static void Kernel_Sleep(DWORD dwMiSecond); // no need hooking sleep as it internally just calls SleepEx
static DWORD Kernel_SleepEx(DWORD dwMiSecond, BOOL bAlert);
static BOOL Kernel_QueryPerformanceCounter(LARGE_INTEGER* lpPerformanceCount);
//---------------------------------------------------------------------------
// Kernel_Init
//---------------------------------------------------------------------------
_FX BOOLEAN Kernel_Init()
{
HMODULE module = Dll_Kernel32;
if (SbieApi_QueryConfBool(NULL, L"BlockInterferePower", FALSE)) {
SBIEDLL_HOOK(Kernel_, SetThreadExecutionState);
}
if (SbieApi_QueryConfBool(NULL, L"UseChangeSpeed", FALSE)) {
SBIEDLL_HOOK(Kernel_, GetTickCount);
P_GetTickCount64 GetTickCount64 = Ldr_GetProcAddrNew(Dll_Kernel32, L"GetTickCount64", "GetTickCount64");
if (GetTickCount64) {
SBIEDLL_HOOK(Kernel_, GetTickCount64);
}
P_QueryUnbiasedInterruptTime QueryUnbiasedInterruptTime = Ldr_GetProcAddrNew(Dll_Kernel32, L"QueryUnbiasedInterruptTime", "QueryUnbiasedInterruptTime");
if (QueryUnbiasedInterruptTime) {
SBIEDLL_HOOK(Kernel_, QueryUnbiasedInterruptTime);
}
SBIEDLL_HOOK(Kernel_, QueryPerformanceCounter);
//SBIEDLL_HOOK(Kernel_, Sleep);
SBIEDLL_HOOK(Kernel_, SleepEx);
}
return TRUE;
}
//---------------------------------------------------------------------------
// Kernel_SetThreadExecutionState
//---------------------------------------------------------------------------
_FX EXECUTION_STATE Kernel_SetThreadExecutionState(EXECUTION_STATE esFlags)
{
SetLastError(ERROR_ACCESS_DENIED);
return 0;
//return __sys_SetThreadExecutionState(esFlags);
}
//---------------------------------------------------------------------------
// Kernel_GetTickCount
//---------------------------------------------------------------------------
_FX DWORD Kernel_GetTickCount()
{
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddTickSpeed", 1);
ULONG low = SbieApi_QueryConfNumber(NULL, L"LowTickSpeed", 1);
if (low != 0)
return __sys_GetTickCount() * add / low;
return __sys_GetTickCount() * add;
}
//---------------------------------------------------------------------------
// Kernel_GetTickCount64
//---------------------------------------------------------------------------
_FX ULONGLONG Kernel_GetTickCount64()
{
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddTickSpeed", 1);
ULONG low = SbieApi_QueryConfNumber(NULL, L"LowTickSpeed", 1);
if (low != 0)
return __sys_GetTickCount64() * add / low;
return __sys_GetTickCount64() * add;
}
//---------------------------------------------------------------------------
// Kernel_QueryUnbiasedInterruptTime
//---------------------------------------------------------------------------
_FX BOOL Kernel_QueryUnbiasedInterruptTime(PULONGLONG UnbiasedTime)
{
BOOL rtn = __sys_QueryUnbiasedInterruptTime(UnbiasedTime);
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddTickSpeed", 1);
ULONG low = SbieApi_QueryConfNumber(NULL, L"LowTickSpeed", 1);
if (low != 0)
*UnbiasedTime *= add / low;
else
*UnbiasedTime *= add;
return rtn;
}
//---------------------------------------------------------------------------
// Kernel_SleepEx
//---------------------------------------------------------------------------
_FX DWORD Kernel_SleepEx(DWORD dwMiSecond, BOOL bAlert)
{
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddSleepSpeed", 1);
ULONG low = SbieApi_QueryConfNumber(NULL, L"LowSleepSpeed", 1);
if (add != 0 && low != 0)
return __sys_SleepEx(dwMiSecond * add / low, bAlert);
return __sys_SleepEx(dwMiSecond, bAlert);
}
//---------------------------------------------------------------------------
// Kernel_QueryPerformanceCounter
//---------------------------------------------------------------------------
_FX BOOL Kernel_QueryPerformanceCounter(LARGE_INTEGER* lpPerformanceCount)
{
BOOL rtn = __sys_QueryPerformanceCounter(lpPerformanceCount);
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddTickSpeed", 1);
ULONG low = SbieApi_QueryConfNumber(NULL, L"LowTickSpeed", 1);
if (add != 0 && low != 0)
lpPerformanceCount->QuadPart = lpPerformanceCount->QuadPart * add / low;
return rtn;
}

1025
Sandboxie/core/dll/net.c
View File

File diff suppressed because it is too large Load Diff

306
Sandboxie/core/dll/proxy.c Normal file
View File

@ -0,0 +1,306 @@
/*
* Copyright 2022 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
//---------------------------------------------------------------------------
// Network Proxy
//---------------------------------------------------------------------------
#include "dll.h"
#include <windows.h>
#include <wchar.h>
#include <oleauto.h>
#include "common/my_wsa.h"
#include "common/netfw.h"
#include "common/map.h"
#include "wsa_defs.h"
#define SOCKS_VERSION 0x05
#define SOCKS_SUBVERSION 0x01
// authentication methods
#define SOCKS_NO_AUTHENTICATION 0x00
#define SOCKS_USERNAME_PASSWORD 0x02
#define SOCKS_METHOD_NONE 0xFF
// response codes
//#define SOCKS_SUCCESS 0x00
#define SOCKS_SERVER_FAILURE 0x01
#define SOCKS_DENIED 0x02
#define SOCKS_NETWORK_UNREACHABLE 0x03
#define SOCKS_HOST_UNREACHABLE 0x04
#define SOCKS_CONNECTION_REFUSED 0x05
#define SOCKS_TTL_EXPIRED 0x06
// address types
#define SOCKS_CONNECT 0x01
#define SOCKS_IPV4 0x01
#define SOCKS_DOMAINNAME 0x03
#define SOCKS_IPV6 0x04
#define SOCKS_RESPONSE_MAX_SIZE 512
#define SOCKS_REQUEST_MAX_SIZE 264
#define SOCKS_AUTH_MAX_SIZE 255
#define HOST_NAME_MAX 256
#define INET_ADDRSTRLEN 16
#define INET6_ADDRSTRLEN 46
extern P_recv __sys_recv;
extern P_send __sys_send;
extern P_inet_ntop __sys_inet_ntop;
#ifdef PROXY_RESOLVE_HOST_NAMES
extern HASH_MAP DNS_LookupMap;
#endif
//---------------------------------------------------------------------------
// socks5_handshake
//---------------------------------------------------------------------------
_FX BOOLEAN socks5_handshake(SOCKET s, BOOLEAN auth, WCHAR login[SOCKS_AUTH_MAX_SIZE], WCHAR pass[SOCKS_AUTH_MAX_SIZE])
{
char req[4] = { SOCKS_VERSION, 1 + auth, SOCKS_NO_AUTHENTICATION, 0 };
if (auth)
req[3] = SOCKS_USERNAME_PASSWORD;
if (__sys_send(s, req, (3 + auth), 0) != (3 + auth))
goto on_error;
char res[2];
if (__sys_recv(s, res, sizeof(res), MSG_WAITALL) != sizeof(res))
goto on_error;
if (res[0] != SOCKS_VERSION) {
SbieApi_Log(2360, L"SOCKS version mismatch: expected '%d', got '%d'", SOCKS_VERSION, res[0]);
goto on_error;
}
switch (res[1]) {
case SOCKS_NO_AUTHENTICATION:
return TRUE;
case SOCKS_USERNAME_PASSWORD:
if (!auth || !login || !pass) {
SbieApi_Log(2360, L"authentication required, but no credentials provided");
goto on_error;
}
char l[SOCKS_AUTH_MAX_SIZE];
char p[SOCKS_AUTH_MAX_SIZE];
size_t login_len = wcstombs(l, login, SOCKS_AUTH_MAX_SIZE);
size_t pass_len = wcstombs(p, pass, SOCKS_AUTH_MAX_SIZE);
size_t auth_buf_len = 1 + 1 + login_len + 1 + pass_len;
char* auth_buf = Dll_AllocTemp(auth_buf_len);
if (!auth_buf) {
SbieApi_Log(2305, NULL);
goto on_error;
}
size_t offset = 0;
auth_buf[offset++] = SOCKS_SUBVERSION;
auth_buf[offset++] = login_len;
memcpy(auth_buf + offset, l, login_len);
offset += login_len;
auth_buf[offset++] = (char)pass_len;
memcpy(auth_buf + offset, p, pass_len);
offset += pass_len;
if (__sys_send(s, auth_buf, auth_buf_len , 0) != auth_buf_len) {
Dll_Free(auth_buf);
goto on_error;
}
Dll_Free(auth_buf);
if (__sys_recv(s, res, sizeof(res), MSG_WAITALL) != sizeof(res))
goto on_error;
if (res[0] != SOCKS_SUBVERSION) {
SbieApi_Log(2360, L"subnegotiation version mismatch: expected '%d', got '%d'", SOCKS_SUBVERSION, res[0]);
goto on_error;
}
if (res[1] != SOCKS_SUCCESS) {
SbieApi_Log(2360, L"authentication failed");
goto on_error;
}
return TRUE;
default:
SbieApi_Log(2360, L"no acceptable authentication method");
break;
}
on_error:
return FALSE;
}
//---------------------------------------------------------------------------
// socks5_request_send
//---------------------------------------------------------------------------
static char socks5_request_send(SOCKET s, char* buf, size_t size)
{
if (__sys_send(s, buf, size, 0) != size)
return SOCKS_GENERAL_FAILURE;
char res[SOCKS_RESPONSE_MAX_SIZE] = { 0 };
if (__sys_recv(s, res, 4, 0) == SOCKET_ERROR)
return SOCKS_GENERAL_FAILURE;
if (res[1] != SOCKS_SUCCESS)
return res[1];
if (res[3] == SOCKS_IPV4) {
if (__sys_recv(s, res + 4, 6, MSG_WAITALL) == SOCKET_ERROR)
return SOCKS_GENERAL_FAILURE;
}
else if (res[3] == SOCKS_IPV6) {
if (__sys_recv(s, res + 4, 18, MSG_WAITALL) == SOCKET_ERROR)
return SOCKS_GENERAL_FAILURE;
}
else {
return SOCKS_GENERAL_FAILURE;
}
return SOCKS_SUCCESS;
}
//---------------------------------------------------------------------------
// socks5_report_error
//---------------------------------------------------------------------------
_FX void socks5_report_error(int code, const char* buf)
{
char* host = NULL;
USHORT port = 0;
if (buf[3] == SOCKS_IPV4) {
host = Dll_AllocTemp(INET_ADDRSTRLEN);
if (!host) return;
const IN_ADDR* v4 = (const IN_ADDR*)(buf + 4);
__sys_inet_ntop(AF_INET, v4, host, INET_ADDRSTRLEN);
port = _ntohs(*((USHORT*)(buf + 8)));
}
else if (buf[3] == SOCKS_IPV6) {
host = Dll_AllocTemp(INET6_ADDRSTRLEN);
if (!host) return;
const IN6_ADDR* v6 = (const IN6_ADDR*)(buf + 4);
__sys_inet_ntop(AF_INET6, v6, host, INET6_ADDRSTRLEN);
port = _ntohs(*((USHORT*)(buf + 20)));
}
else if (buf[3] == SOCKS_DOMAINNAME) {
size_t domain_len = buf[4];
host = Dll_AllocTemp(domain_len + 1);
if (!host) return;
memcpy(host, buf + 5, domain_len);
host[domain_len] = '\0';
port = _ntohs(*((USHORT*)(buf + 5 + domain_len)));
}
if (!host) return;
switch (code) {
case SOCKS_SERVER_FAILURE:
SbieApi_Log(2360, L"general server failure (%s:%hu)", host, port);
break;
case SOCKS_DENIED:
SbieApi_Log(2360, L"connection denied by server ruleset (%s:%hu)", host, port);
break;
case SOCKS_NETWORK_UNREACHABLE:
SbieApi_Log(2360, L"network unreachable (%s:%hu)", host, port);
break;
case SOCKS_HOST_UNREACHABLE:
SbieApi_Log(2360, L"host unreachable (%s:%hu)", host, port);
break;
case SOCKS_CONNECTION_REFUSED:
SbieApi_Log(2360, L"connection refused (%s:%hu)", host, port);
break;
case SOCKS_TTL_EXPIRED:
SbieApi_Log(2360, L"TTL expired (%s:%hu)", host, port);
break;
default:
SbieApi_Log(2360, L"request failed with status %d (%s:%hu)", code, host, port);
break;
}
Dll_Free(host);
}
//---------------------------------------------------------------------------
// socks5_request
//---------------------------------------------------------------------------
_FX char socks5_request(SOCKET s, const SOCKADDR* addr)
{
char req[SOCKS_REQUEST_MAX_SIZE] = { SOCKS_VERSION, SOCKS_CONNECT, 0 };
char* ptr = req + 3;
if (addr->sa_family == AF_INET) {
const SOCKADDR_IN* v4 = (const SOCKADDR_IN*)addr;
#ifdef PROXY_RESOLVE_HOST_NAMES
char* domain = (char*)map_get(&DNS_LookupMap, (void*)v4->sin_addr.s_addr);
if (domain) {
*ptr++ = SOCKS_DOMAINNAME;
*ptr++ = strlen(domain);
memcpy(ptr, domain, strlen(domain));
ptr += strlen(domain);
*((USHORT*)ptr) = v4->sin_port;
ptr += sizeof(USHORT);
}
else
#endif
{
*ptr++ = SOCKS_IPV4;
*((ULONG*)ptr) = v4->sin_addr.s_addr;
ptr += sizeof(ULONG);
*((USHORT*)ptr) = v4->sin_port;
ptr += sizeof(USHORT);
}
}
else if (addr->sa_family == AF_INET6) {
const SOCKADDR_IN6_LH* v6 = (const SOCKADDR_IN6_LH*)addr;
#ifdef PROXY_RESOLVE_HOST_NAMES
char* domain = (char*)map_get(&DNS_LookupMap, (void*)&v6->sin6_addr.s6_addr);
if (domain) {
*ptr++ = SOCKS_DOMAINNAME;
*ptr++ = strlen(domain);
memcpy(ptr, domain, strlen(domain));
ptr += strlen(domain);
*((USHORT*)ptr) = v6->sin6_port;
ptr += sizeof(USHORT);
}
else
#endif
{
*ptr++ = SOCKS_IPV6;
memcpy(ptr, &v6->sin6_addr, sizeof(v6->sin6_addr));
ptr += sizeof(v6->sin6_addr);
*((USHORT*)ptr) = v6->sin6_port;
ptr += sizeof(USHORT);
}
}
else {
return SOCKS_GENERAL_FAILURE;
}
int ret = socks5_request_send(s, req, ptr - req);
if (ret != SOCKS_SUCCESS)
socks5_report_error(ret, req);
return ret;
}

33
Sandboxie/core/dll/sbiedll.h
View File

@ -42,6 +42,7 @@ extern "C" {
// Defines
//---------------------------------------------------------------------------
#define USE_MATCH_PATH_EX
#define TokenElevationTypeNone 99
@ -244,6 +245,38 @@ SBIEDLL_EXPORT PSECURITY_DESCRIPTOR SbieDll_GetPublicSD();
SBIEDLL_EXPORT const WCHAR* SbieDll_FindArgumentEnd(const WCHAR* arguments);
#ifdef USE_MATCH_PATH_EX
//SBIEDLL_EXPORT ULONG SbieDll_MatchPathImpl(BOOLEAN use_rule_specificity, BOOLEAN use_privacy_mode, const WCHAR* path, void* normal_list, void* open_list, void* closed_list, void* write_list, void* read_list);
SBIEDLL_EXPORT ULONG SbieDll_MatchPathImpl(BOOLEAN use_rule_specificity, const WCHAR* path, void* normal_list, void* open_list, void* closed_list, void* write_list, void* read_list);
#else
SBIEDLL_EXPORT ULONG SbieDll_MatchPathImpl(const WCHAR* path, void* open_list, void* closed_list, void* write_list);
#endif
#define PATH_OPEN_FLAG 0x10
#define PATH_CLOSED_FLAG 0x20
#define PATH_WRITE_FLAG 0x40
#define PATH_READ_FLAG 0x80
#ifdef USE_MATCH_PATH_EX
// for read only paths, handle like open and let the driver deny the write access
#define PATH_IS_OPEN(f) ((((f) & PATH_OPEN_FLAG) != 0) || PATH_IS_READ(f))
#define PATH_NOT_OPEN(f) ((((f) & PATH_OPEN_FLAG) == 0) && PATH_NOT_READ(f))
#else
#define PATH_IS_OPEN(f) (((f) & PATH_OPEN_FLAG) != 0)
#define PATH_NOT_OPEN(f) (((f) & PATH_OPEN_FLAG) == 0)
#endif
#define PATH_IS_CLOSED(f) (((f) & PATH_CLOSED_FLAG) != 0)
#define PATH_NOT_CLOSED(f) (((f) & PATH_CLOSED_FLAG) == 0)
#define PATH_IS_WRITE(f) (((f) & PATH_WRITE_FLAG) != 0)
#define PATH_NOT_WRITE(f) (((f) & PATH_WRITE_FLAG) == 0)
#define PATH_IS_READ(f) (((f) & PATH_READ_FLAG) != 0)
#define PATH_NOT_READ(f) (((f) & PATH_READ_FLAG) == 0)
SBIEDLL_EXPORT void DbgPrint(const char* format, ...);
SBIEDLL_EXPORT void DbgTrace(const char* format, ...);

284
Sandboxie/core/dll/wsa_defs.h Normal file
View File

@ -0,0 +1,284 @@
/*
* Copyright 2022 DavidXanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#ifndef _WSA_DEFS_H
#define _WSA_DEFS_H
//---------------------------------------------------------------------------
// Prototypes
//---------------------------------------------------------------------------
typedef int (*P_WSAIoctl)(
SOCKET s,
DWORD dwIoControlCode,
LPVOID lpvInBuffer,
DWORD cbInBuffer,
LPVOID lpvOutBuffer,
DWORD cbOutBuffer,
LPDWORD lpcbBytesReturned,
LPWSAOVERLAPPED lpOverlapped,
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine);
typedef int (*P_ioctlsocket)(
SOCKET s,
long cmd,
ULONG* argp);
typedef int (*P_WSAAsyncSelect)(
SOCKET s,
HWND hWnd,
UINT wMsg,
long lEvent);
typedef int (*P_WSAEventSelect)(
SOCKET s,
void* hEventObject,
long lNetworkEvents);
typedef int (*P_WSAEnumNetworkEvents)(
SOCKET s,
void* hEventObject,
void* lpNetworkEvents
);
typedef int (*P_WSANSPIoctl)(
HANDLE hLookup,
DWORD dwControlCode,
LPVOID lpvInBuffer,
DWORD cbInBuffer,
LPVOID lpvOutBuffer,
DWORD cbOutBuffer,
LPDWORD lpcbBytesReturned,
LPWSACOMPLETION lpCompletion);
typedef int (*P_WSASocketW)(
int af,
int type,
int protocol,
LPWSAPROTOCOL_INFOW lpProtocolInfo,
unsigned int g,
DWORD dwFlags);
typedef int (*P_WSAGetLastError)();
typedef int (*P_WSASetLastError)(int err);
typedef int (*P_bind)(
SOCKET s,
const void *name,
int namelen);
typedef int (*P_connect)(
SOCKET s,
const void *name,
int namelen);
typedef int (*P_WSAConnect)(
SOCKET s,
const void *name,
int namelen,
LPWSABUF lpCallerData,
LPWSABUF lpCalleeData,
LPQOS lpSQOS,
LPQOS lpGQOS);
typedef int (*P_ConnectEx) (
SOCKET s,
const void *name,
int namelen,
PVOID lpSendBuffer,
DWORD dwSendDataLength,
LPDWORD lpdwBytesSent,
LPOVERLAPPED lpOverlapped);
typedef SOCKET (*P_accept)(
SOCKET s,
void *addr,
int *addrlen);
typedef SOCKET (*P_WSAAccept)(
SOCKET s,
void *addr,
LPINT addrlen,
LPCONDITIONPROC lpfnCondition,
DWORD_PTR dwCallbackData);
typedef int (*P_AcceptEx)(
SOCKET sListenSocket,
SOCKET sAcceptSocket,
PVOID lpOutputBuffer,
DWORD dwReceiveDataLength,
DWORD dwLocalAddressLength,
DWORD dwRemoteAddressLength,
LPDWORD lpdwBytesReceived,
LPOVERLAPPED lpOverlapped);
typedef int (*P_recv)(
SOCKET s,
char* buf,
int len,
int flags);
typedef int (*P_send)(
SOCKET s,
const char* buf,
int len,
int flags);
typedef int (*P_sendto)(
SOCKET s,
const char *buf,
int len,
int flags,
const void *to,
int tolen);
typedef int (*P_WSASendTo)(
SOCKET s,
LPWSABUF lpBuffers,
DWORD dwBufferCount,
LPDWORD lpNumberOfBytesSent,
DWORD dwFlags,
const void *lpTo,
int iTolen,
LPWSAOVERLAPPED lpOverlapped,
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine);
typedef int (*P_recvfrom)(
SOCKET s,
char *buf,
int len,
int flags,
void *from,
int *fromlen);
typedef int (*P_WSARecvFrom)(
SOCKET s,
LPWSABUF lpBuffers,
DWORD dwBufferCount,
LPDWORD lpNumberOfBytesRecvd,
LPDWORD lpFlags,
void *lpFrom,
LPINT lpFromlen,
LPWSAOVERLAPPED lpOverlapped,
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine);
typedef int (*P_shutdown)(SOCKET s, int how);
typedef int (*P_closesocket)(SOCKET s);
typedef enum _WSAEcomparator
{
COMP_EQUAL = 0,
COMP_NOTLESS
} WSAECOMPARATOR, *PWSAECOMPARATOR, *LPWSAECOMPARATOR;
typedef struct _WSAVersion
{
DWORD dwVersion;
WSAECOMPARATOR ecHow;
}WSAVERSION, *PWSAVERSION, *LPWSAVERSION;
typedef struct _AFPROTOCOLS {
INT iAddressFamily;
INT iProtocol;
} AFPROTOCOLS, *PAFPROTOCOLS, *LPAFPROTOCOLS;
typedef struct _SOCKET_ADDRESS {
LPSOCKADDR lpSockaddr;
INT iSockaddrLength;
} SOCKET_ADDRESS, *PSOCKET_ADDRESS, *LPSOCKET_ADDRESS;
typedef struct _CSADDR_INFO {
SOCKET_ADDRESS LocalAddr ;
SOCKET_ADDRESS RemoteAddr ;
INT iSocketType ;
INT iProtocol ;
} CSADDR_INFO, *PCSADDR_INFO, FAR * LPCSADDR_INFO ;
typedef struct _WSAQuerySetW
{
DWORD dwSize;
LPWSTR lpszServiceInstanceName;
LPGUID lpServiceClassId;
LPWSAVERSION lpVersion;
LPWSTR lpszComment;
DWORD dwNameSpace;
LPGUID lpNSProviderId;
LPWSTR lpszContext;
DWORD dwNumberOfProtocols;
LPAFPROTOCOLS lpafpProtocols;
LPWSTR lpszQueryString;
DWORD dwNumberOfCsAddrs;
LPCSADDR_INFO lpcsaBuffer;
DWORD dwOutputFlags;
LPBLOB lpBlob;
} WSAQUERYSETW, *PWSAQUERYSETW, *LPWSAQUERYSETW;
struct hostent {
char FAR * h_name; /* official name of host */
char FAR * FAR * h_aliases; /* alias list */
short h_addrtype; /* host address type */
short h_length; /* length of address */
char FAR * FAR * h_addr_list; /* list of addresses */
#define h_addr h_addr_list[0] /* address, for backward compat */
};
typedef struct hostent HOSTENT;
typedef int (*P_WSALookupServiceBeginW)(
LPWSAQUERYSETW lpqsRestrictions,
DWORD dwControlFlags,
LPHANDLE lphLookup);
typedef int (*P_WSALookupServiceNextW)(
HANDLE hLookup,
DWORD dwControlFlags,
LPDWORD lpdwBufferLength,
LPWSAQUERYSETW lpqsResults);
typedef int (*P_WSALookupServiceEnd)(HANDLE hLookup);
typedef struct addrinfoW {
int ai_flags;
int ai_family;
int ai_socktype;
int ai_protocol;
size_t ai_addrlen;
PWSTR ai_canonname;
struct sockaddr *ai_addr;
struct addrinfoW *ai_next;
} ADDRINFOW, *PADDRINFOW;
typedef int (*P_GetAddrInfoW)(
PCWSTR pNodeName,
PCWSTR pServiceName,
const ADDRINFOW *pHints,
PADDRINFOW *ppResult);
typedef PCSTR (*P_inet_ntop)(
int family,
const void *pAddr,
PSTR pStringBuf,
size_t StringBufSize);
#endif _WSA_DEFS_H

6
Sandboxie/core/drv/api.c
View File

@ -1301,11 +1301,6 @@ _FX NTSTATUS Api_QueryDriverInfo(PROCESS* proc, ULONG64* parms)
{
NTSTATUS status = STATUS_SUCCESS;
API_QUERY_DRIVER_INFO_ARGS *args = (API_QUERY_DRIVER_INFO_ARGS *)parms;
if (proc) {
status = STATUS_NOT_IMPLEMENTED;
goto finish;
}
__try {
@ -1385,7 +1380,6 @@ _FX NTSTATUS Api_QueryDriverInfo(PROCESS* proc, ULONG64* parms)
status = GetExceptionCode();
}
finish:
return status;
}

1
Sandboxie/core/drv/api_defs.h
View File

@ -162,6 +162,7 @@ enum {
API_PROTECT_ROOT,
API_UNPROTECT_ROOT,
API_KILL_PROCESS,
API_FORCE_CHILDREN,
API_LAST
};

1
Sandboxie/core/drv/api_flags.h
View File

@ -59,6 +59,7 @@
#define MONITOR_SCM 0x0000000E // Service Control Manager
#define MONITOR_APICALL 0x0000000F
#define MONITOR_RPC 0x00000010
#define MONITOR_DNS 0x00000011
#define MONITOR_TYPE_MASK 0x000000FF
#define MONITOR_RESERVED 0x0000FF00

2
Sandboxie/core/drv/dyn_data.c
View File

@ -34,7 +34,7 @@ const wchar_t Parameters[] = L"\\Parameters";
#define IMAGE_FILE_MACHINE_ARM64 0xAA64 // ARM64 Little-Endian
#endif
#define WIN11_LATEST 26200 // <-----
#define WIN11_LATEST 26217 // <-----
#define SVR2025 26040
#define WIN11_FIRST 22000
#define SVR2022 20348

8
Sandboxie/core/drv/process.c
View File

@ -101,9 +101,11 @@ static NTSTATUS Process_CreateUserProcess(
#ifdef USE_PROCESS_MAP
HASH_MAP Process_Map;
HASH_MAP Process_MapDfp;
HASH_MAP Process_MapFcp;
#else
LIST Process_List;
LIST Process_ListDfp;
LIST Process_ListFcp;
#endif
PERESOURCE Process_ListLock = NULL;
@ -136,9 +138,13 @@ _FX BOOLEAN Process_Init(void)
map_init(&Process_MapDfp, Driver_Pool);
map_resize(&Process_MapDfp, 128); // prepare some buckets for better performance
map_init(&Process_MapFcp, Driver_Pool);
map_resize(&Process_MapFcp, 128); // prepare some buckets for better performance
#else
List_Init(&Process_List);
List_Init(&Process_ListDfp);
List_Init(&Process_ListFcp);
#endif
if (! Mem_GetLockResource(&Process_ListLock, TRUE))
@ -1537,6 +1543,8 @@ _FX void Process_Delete(HANDLE ProcessId)
Process_DfpDelete(ProcessId);
Process_FcpDelete(ProcessId);
ExReleaseResourceLite(Process_ListLock);
KeLowerIrql(irql);

7
Sandboxie/core/drv/process.h
View File

@ -447,6 +447,11 @@ void Process_DfpDelete(HANDLE ProcessId);
BOOLEAN Process_DfpCheck(HANDLE ProcessId, BOOLEAN *silent);
// Force Child Processes
VOID Process_FcpInsert(HANDLE ProcessId, const WCHAR* boxname);
void Process_FcpDelete(HANDLE ProcessId);
BOOLEAN Process_FcpCheck(HANDLE ProcessId, WCHAR* boxname);
// Enumerate or count processes in a sandbox
@ -533,9 +538,11 @@ NTSTATUS Process_Api_Kill(PROCESS *proc, ULONG64 *parms);
#ifdef USE_PROCESS_MAP
extern HASH_MAP Process_Map;
extern HASH_MAP Process_MapDfp;
extern HASH_MAP Process_MapFcp;
#else
extern LIST Process_List;
extern LIST Process_ListDfp;
extern LIST Process_ListFcp;
#endif
extern PERESOURCE Process_ListLock;

213
Sandboxie/core/drv/process_force.c
View File

@ -79,6 +79,16 @@ typedef struct _FORCE_PROCESS_2 {
} FORCE_PROCESS_2;
typedef struct _FORCE_PROCESS_3 {
#ifndef USE_PROCESS_MAP
LIST_ELEM list_elem;
#endif
HANDLE pid;
WCHAR boxname[BOXNAME_COUNT];
} FORCE_PROCESS_3;
//---------------------------------------------------------------------------
// Functions
//---------------------------------------------------------------------------
@ -103,6 +113,8 @@ static BOOLEAN Process_IsWindowsExplorerParent(HANDLE ParentId);
static BOOLEAN Process_IsImmersiveProcess(
PEPROCESS ProcessObject, HANDLE ParentId, ULONG SessionId);
static BOOLEAN Process_IsProcessParent(HANDLE ParentId, WCHAR* Name);
void Process_CreateForceData(
LIST *boxes, const WCHAR *SidString, ULONG SessionId);
@ -114,7 +126,7 @@ static BOX *Process_CheckForceFolder(
LIST *boxes, const WCHAR *path, BOOLEAN alert, ULONG *IsAlert);
static BOX *Process_CheckForceProcess(
LIST *boxes, const WCHAR *name, BOOLEAN alert, ULONG *IsAlert);
LIST *boxes, const WCHAR *name, BOOLEAN alert, ULONG *IsAlert, HANDLE parent);
static void Process_CheckAlertFolder(
LIST *boxes, const WCHAR *path, ULONG *IsAlert);
@ -149,6 +161,7 @@ _FX BOX *Process_GetForcedStartBox(
ULONG alert;
BOOLEAN check_force;
BOOLEAN is_start_exe;
BOOLEAN image_sbie;
BOOLEAN force_alert;
BOOLEAN dfp_already_added;
BOOLEAN same_image_name;
@ -237,7 +250,7 @@ _FX BOX *Process_GetForcedStartBox(
// when the process is start.exe we ignore the CurDir and DocArg
//
Process_IsSbieImage(ImagePath, NULL, &is_start_exe);
Process_IsSbieImage(ImagePath, &image_sbie, &is_start_exe);
if ((! box) && CurDir && !is_start_exe)
box = Process_CheckBoxPath(&boxes, CurDir);
@ -249,7 +262,7 @@ _FX BOX *Process_GetForcedStartBox(
if ((! box) && (! alert)) {
box = Process_CheckForceProcess(
&boxes, ImageName, force_alert, &alert);
&boxes, ImageName, force_alert, &alert, ParentId);
}
if ((! box) && CurDir && !is_start_exe && (! alert)) {
@ -274,6 +287,31 @@ _FX BOX *Process_GetForcedStartBox(
Process_DfpInsert(PROCESS_TERMINATED, ProcessId);
}
//
// Check if the parent process has its children forced to be sandboxes
// exempt sandboxie components from this as start.exe can be used to
// open selected processes in other boxes or set Dfp when desired.
//
// we also must excempt conhost.exe for console applications
//
if (!box && !image_sbie && _wcsicmp(ImageName, L"conhost.exe") != 0) {
WCHAR boxname[BOXNAME_COUNT];
if (Process_FcpCheck(ParentId, boxname)) {
ULONG boxname_len = (wcslen(boxname) + 1) * sizeof(WCHAR);
for (FORCE_BOX* cur_box = List_Head(&boxes); cur_box; cur_box = List_Next(cur_box)) {
if (cur_box->box->name_len == boxname_len
&& _wcsicmp(cur_box->box->name, boxname) == 0) {
box = cur_box->box;
break;
}
}
}
}
if (alert != 1)
force_alert = FALSE;
@ -758,34 +796,43 @@ _FX BOOLEAN Process_IsDcomLaunchParent(HANDLE ParentId)
//---------------------------------------------------------------------------
// Process_IsWindowsExplorerParent
// Process_IsProcessParent
//
// Note: Not used at the moment but leaving in place
// as it may prove to be useful later.
//---------------------------------------------------------------------------
_FX BOOLEAN Process_IsProcessParent(HANDLE ParentId, WCHAR* Name)
{
BOOLEAN retval = FALSE;
void* nbuf;
ULONG nlen;
WCHAR* nptr;
Process_GetProcessName(
Driver_Pool, (ULONG_PTR)ParentId, &nbuf, &nlen, &nptr);
if (nbuf) {
if (_wcsicmp(nptr, Name) == 0) {
retval = TRUE;
}
Mem_Free(nbuf, nlen);
}
return retval;
}
//---------------------------------------------------------------------------
// Process_IsWindowsExplorerParent
//---------------------------------------------------------------------------
_FX BOOLEAN Process_IsWindowsExplorerParent(HANDLE ParentId)
{
BOOLEAN retval = FALSE;
void *nbuf;
ULONG nlen;
WCHAR *nptr;
Process_GetProcessName(
Driver_Pool, (ULONG_PTR)ParentId, &nbuf, &nlen, &nptr);
if (nbuf) {
if (_wcsicmp(nptr, L"explorer.exe") == 0) {
retval = TRUE;
}
Mem_Free(nbuf, nlen);
}
return retval;
return Process_IsProcessParent(ParentId,L"explorer.exe");
}
@ -1370,7 +1417,7 @@ _FX BOOLEAN Process_CheckForceProcessList(
_FX BOX *Process_CheckForceProcess(
LIST *boxes, const WCHAR *name, BOOLEAN alert, ULONG *IsAlert)
LIST *boxes, const WCHAR *name, BOOLEAN alert, ULONG *IsAlert, HANDLE ParentId)
{
FORCE_BOX *box;
@ -1390,6 +1437,11 @@ _FX BOX *Process_CheckForceProcess(
return box->box;
}
//if (Process_IsWindowsExplorerParent(ParentId) && Conf_Get_Boolean(box->box->name, L"ForceExplorerChild", 0, FALSE)) {
// if(_wcsicmp(name,L"Sandman.exe")!=0)
// return box->box;
//}
box = List_Next(box);
}
@ -1745,3 +1797,112 @@ _FX BOOLEAN Process_DfpCheck(HANDLE ProcessId, BOOLEAN *silent)
return found;
}
//---------------------------------------------------------------------------
// Process_FcpInsert
//---------------------------------------------------------------------------
_FX VOID Process_FcpInsert(HANDLE ProcessId, const WCHAR* boxname)
{
FORCE_PROCESS_3 *proc;
KIRQL irql;
//
// called by Session_Api_ForceChildren, process list not locked
//
KeRaiseIrql(APC_LEVEL, &irql);
ExAcquireResourceExclusiveLite(Process_ListLock, TRUE);
Process_FcpDelete(ProcessId);
proc = Mem_Alloc(Driver_Pool, sizeof(FORCE_PROCESS_3));
proc->pid = ProcessId;
wmemcpy(proc->boxname, boxname, BOXNAME_COUNT);
#ifdef USE_PROCESS_MAP
map_insert(&Process_MapFcp, ProcessId, proc, 0);
#else
List_Insert_After(&Process_ListFcp, NULL, proc);
#endif
ExReleaseResourceLite(Process_ListLock);
KeLowerIrql(irql);
}
//---------------------------------------------------------------------------
// Process_FcpDelete
//---------------------------------------------------------------------------
_FX void Process_FcpDelete(HANDLE ProcessId)
{
FORCE_PROCESS_3 *proc;
#ifdef USE_PROCESS_MAP
if(map_take(&Process_MapFcp, ProcessId, &proc, 0))
Mem_Free(proc, sizeof(FORCE_PROCESS_3));
#else
proc = List_Head(&Process_ListFcp);
while (proc) {
if (proc->pid == ProcessId) {
List_Remove(&Process_ListFcp, proc);
Mem_Free(proc, sizeof(FORCE_PROCESS_3));
return;
}
proc = List_Next(proc);
}
#endif
}
//---------------------------------------------------------------------------
// Process_FcpCheck
//---------------------------------------------------------------------------
_FX BOOLEAN Process_FcpCheck(HANDLE ProcessId, WCHAR* boxname)
{
FORCE_PROCESS_3 *proc;
KIRQL irql;
BOOLEAN found = FALSE;
KeRaiseIrql(APC_LEVEL, &irql);
ExAcquireResourceExclusiveLite(Process_ListLock, TRUE);
#ifdef USE_PROCESS_MAP
proc = map_get(&Process_MapFcp, ProcessId);
if (proc) {
#else
proc = List_Head(&Process_ListFcp);
while (proc) {
if (proc->pid == ProcessId) {
#endif
if(boxname)
wmemcpy(boxname, proc->boxname, BOXNAME_COUNT);
found = TRUE;
#ifndef USE_PROCESS_MAP
break;
}
proc = List_Next(proc);
#endif
}
ExReleaseResourceLite(Process_ListLock);
KeLowerIrql(irql);
return found;
}

35
Sandboxie/core/drv/session.c
View File

@ -104,6 +104,8 @@ static NTSTATUS Session_Api_Leader(PROCESS *proc, ULONG64 *parms);
static NTSTATUS Session_Api_DisableForce(PROCESS *proc, ULONG64 *parms);
static NTSTATUS Session_Api_ForceChildren(PROCESS *proc, ULONG64 *parms);
static NTSTATUS Session_Api_MonitorControl(PROCESS *proc, ULONG64 *parms);
//static NTSTATUS Session_Api_MonitorPut(PROCESS *proc, ULONG64 *parms);
@ -141,6 +143,7 @@ _FX BOOLEAN Session_Init(void)
Api_SetFunction(API_SESSION_LEADER, Session_Api_Leader);
Api_SetFunction(API_DISABLE_FORCE_PROCESS, Session_Api_DisableForce);
Api_SetFunction(API_FORCE_CHILDREN, Session_Api_ForceChildren);
Api_SetFunction(API_MONITOR_CONTROL, Session_Api_MonitorControl);
//Api_SetFunction(API_MONITOR_PUT, Session_Api_MonitorPut);
Api_SetFunction(API_MONITOR_PUT2, Session_Api_MonitorPut2);
@ -496,6 +499,38 @@ _FX BOOLEAN Session_IsForceDisabled(ULONG SessionId)
}
//---------------------------------------------------------------------------
// Session_Api_ForceChildren
//---------------------------------------------------------------------------
_FX NTSTATUS Session_Api_ForceChildren(PROCESS *proc, ULONG64 *parms)
{
HANDLE process_id;
WCHAR *user_boxname;
WCHAR boxname[BOXNAME_COUNT];
if (proc)
return STATUS_NOT_IMPLEMENTED;
process_id = (HANDLE)parms[1];
memzero(boxname, sizeof(boxname));
user_boxname = (WCHAR *)parms[2];
if (user_boxname) {
ProbeForRead(user_boxname, sizeof(WCHAR) * (BOXNAME_COUNT - 2), sizeof(UCHAR));
if (user_boxname[0])
wcsncpy(boxname, user_boxname, (BOXNAME_COUNT - 2));
}
if(!process_id || process_id == (HANDLE)-1 || !boxname[0])
return STATUS_INVALID_PARAMETER;
Process_FcpInsert(process_id, boxname);
return STATUS_SUCCESS;
}
//---------------------------------------------------------------------------
// Session_IsLeader
//---------------------------------------------------------------------------

26
Sandboxie/core/drv/verify.c
View File

@ -842,8 +842,13 @@ _FX NTSTATUS KphValidateCertificate()
}
else if (!level || _wcsicmp(level, L"STANDARD") == 0) // not used, default does not have explicit level
Verify_CertInfo.level = eCertStandard;
else if (_wcsicmp(level, L"ADVANCED") == 0)
Verify_CertInfo.level = eCertAdvanced;
else if (_wcsicmp(level, L"ADVANCED") == 0)
{
if(Verify_CertInfo.type == eCertPatreon || Verify_CertInfo.type == eCertEntryPatreon)
Verify_CertInfo.level = eCertAdvanced1;
else
Verify_CertInfo.level = eCertAdvanced;
}
// scheme 1.1 >>>
else if (CERT_IS_TYPE(Verify_CertInfo, eCertPersonal) || CERT_IS_TYPE(Verify_CertInfo, eCertPatreon))
{
@ -851,6 +856,11 @@ _FX NTSTATUS KphValidateCertificate()
Verify_CertInfo.type = eCertEternal;
Verify_CertInfo.level = eCertMaxLevel;
}
else if (_wcsicmp(level, L"LARGE") == 0 && cert_date.QuadPart < KphGetDate(1, 04, 2022)) {
Verify_CertInfo.level = eCertAdvanced1;
expiration_date.QuadPart = -2;
}
// todo: 01.09.2025: remove code for expired case LARGE
else if (_wcsicmp(level, L"LARGE") == 0) { // 2 years - personal
if(CERT_IS_TYPE(Verify_CertInfo, eCertPatreon))
Verify_CertInfo.level = eCertStandard2;
@ -858,15 +868,11 @@ _FX NTSTATUS KphValidateCertificate()
Verify_CertInfo.level = eCertAdvanced;
expiration_date.QuadPart = cert_date.QuadPart + KphGetDateInterval(0, 0, 2); // 2 years
}
// todo: 01.09.2024: remove code for expired case MEDIUM
else if (_wcsicmp(level, L"MEDIUM") == 0) { // 1 year - personal
Verify_CertInfo.level = eCertStandard2;
}
else if (_wcsicmp(level, L"ENTRY") == 0) { // PATREON-ENTRY new patreons get only 3 montgs for start
Verify_CertInfo.level = eCertStandard2;
if(CERT_IS_TYPE(Verify_CertInfo, eCertPatreon))
Verify_CertInfo.type = eCertEntryPatreon;
expiration_date.QuadPart = cert_date.QuadPart + KphGetDateInterval(0, 3, 0);
}
// todo: 01.09.2024: remove code for expired case SMALL
else if (_wcsicmp(level, L"SMALL") == 0) { // 1 year - subscription
Verify_CertInfo.level = eCertStandard2;
Verify_CertInfo.type = eCertHome;
@ -886,7 +892,9 @@ _FX NTSTATUS KphValidateCertificate()
// check if this is a subscription type certificate
BOOLEAN isSubscription = CERT_IS_SUBSCRIPTION(Verify_CertInfo);
if (expiration_date.QuadPart != -1)
if (expiration_date.QuadPart == -2)
Verify_CertInfo.expired = 1; // but not outdated
else if (expiration_date.QuadPart != -1)
{
// check if this certificate is expired
if (expiration_date.QuadPart < LocalTime.QuadPart)

1
Sandboxie/core/drv/verify.h
View File

@ -79,6 +79,7 @@ enum ECertLevel {
eCertNoLevel = 0b000,
eCertStandard = 0b010,
eCertStandard2 = 0b011,
eCertAdvanced1 = 0b100,
eCertAdvanced = 0b101,
eCertMaxLevel = 0b111,
};

19
Sandboxie/core/svc/GuiServer.cpp
View File

@ -1092,11 +1092,26 @@ HANDLE GuiServer::GetJobObjectForAssign(const WCHAR *boxname)
//
if (ok) {
JOBOBJECT_EXTENDED_LIMIT_INFORMATION jobELInfo = {0};
jobELInfo.BasicLimitInformation.LimitFlags = JOB_OBJECT_LIMIT_BREAKAWAY_OK
| JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK;
ok = SetInformationJobObject(hJobObject, JobObjectExtendedLimitInformation, &jobELInfo, sizeof(jobELInfo));
ULONG TotalMemoryLimit = SbieApi_QueryConfNumber(boxname, L"TotalMemoryLimit", 0);
ULONG ProcessNumberLimit = SbieApi_QueryConfNumber(boxname, L"ProcessNumberLimit", 0);
ULONG ProcessMemoryLimit = SbieApi_QueryConfNumber(boxname, L"ProcessMemoryLimit", 0);
if (TotalMemoryLimit != 0) {
jobELInfo.JobMemoryLimit = TotalMemoryLimit;
jobELInfo.BasicLimitInformation.LimitFlags |= JOB_OBJECT_LIMIT_JOB_MEMORY;
}
if (ProcessNumberLimit != 0) {
jobELInfo.BasicLimitInformation.ActiveProcessLimit = ProcessNumberLimit;
jobELInfo.BasicLimitInformation.LimitFlags |= JOB_OBJECT_LIMIT_ACTIVE_PROCESS;
}
if (ProcessMemoryLimit != 0) {
jobELInfo.ProcessMemoryLimit = ProcessMemoryLimit;
jobELInfo.BasicLimitInformation.LimitFlags |= JOB_OBJECT_LIMIT_PROCESS_MEMORY;
}
ok = SetInformationJobObject(hJobObject, JobObjectExtendedLimitInformation, &jobELInfo, sizeof(jobELInfo));
}
}
if (! ok) {

2
Sandboxie/core/svc/MountManager.cpp
View File

@ -997,7 +997,7 @@ bool MountManager::AcquireBoxRoot(const WCHAR* boxname, const WCHAR* reg_root, c
std::wstring TargetNtPath;
SCertInfo CertInfo = { 0 };
if ((UseFileImage || UseRamDisk) && (!NT_SUCCESS(SbieApi_Call(API_QUERY_DRIVER_INFO, 3, -1, (ULONG_PTR)&CertInfo, sizeof(CertInfo))) || !CERT_IS_LEVEL(CertInfo, (UseFileImage ? eCertAdvanced : eCertStandard)))) {
if ((UseFileImage || UseRamDisk) && (!NT_SUCCESS(SbieApi_Call(API_QUERY_DRIVER_INFO, 3, -1, (ULONG_PTR)&CertInfo, sizeof(CertInfo))) || !CERT_IS_LEVEL(CertInfo, (UseFileImage ? eCertAdvanced1 : eCertStandard)))) {
const WCHAR* strings[] = { boxname, UseFileImage ? L"UseFileImage" : L"UseRamDisk" , NULL };
SbieApi_LogMsgExt(session_id, UseFileImage ? 6009 : 6008, strings);
errlvl = 0x66;

10
Sandboxie/core/svc/SboxSvc.vcxproj
View File

@ -373,6 +373,16 @@
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|ARM64EC'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|ARM64'">true</ExcludedFromBuild>
</ClCompile>
<ClCompile Include="..\..\common\rc4.c">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|ARM64EC'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|ARM64EC'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|ARM64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|ARM64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">true</ExcludedFromBuild>
</ClCompile>
<ClCompile Include="..\..\common\stream.c">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">true</ExcludedFromBuild>

3
Sandboxie/core/svc/SboxSvc.vcxproj.filters
View File

@ -85,6 +85,9 @@
<ClCompile Include="MountManagerHelpers.cpp">
<Filter>MountManager</Filter>
</ClCompile>
<ClCompile Include="..\..\common\rc4.c">
<Filter>common</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="misc.h" />

2
Sandboxie/core/svc/includes.cpp
View File

@ -39,6 +39,8 @@ extern "C" {
#define CRC_WITH_ADLER32
#include "common/crc.c"
#include "common/rc4.c"
#define PATTERN XPATTERN
#include "common/pattern.c"

3
Sandboxie/core/svc/msgids.h
View File

@ -100,6 +100,9 @@
#define MSGID_SBIE_INI_GET_VERSION 0x18AA
#define MSGID_SBIE_INI_GET_WAIT_HANDLE 0x18AB
#define MSGID_SBIE_INI_RUN_SBIE_CTRL 0x180A
#define MSGID_SBIE_INI_RC4_CRYPT 0x180F
//#define MSGID_SBIE_MGR 0x1900
#define MSGID_NETAPI 0x1A00
#define MSGID_NETAPI_USE_ADD 0x1A01

53
Sandboxie/core/svc/sbieiniserver.cpp
View File

@ -33,6 +33,9 @@
#include "common/my_version.h"
#define CRC_HEADER_ONLY
#include "common/crc.c"
#define RC4_HEADER_ONLY
#include "common/rc4.c"
#include "core/drv/api_defs.h"
#ifdef NEW_INI_MODE
extern "C" {
@ -147,6 +150,11 @@ MSG_HEADER *SbieIniServer::Handler2(MSG_HEADER *msg)
return RunSbieCtrl(msg, idProcess, NT_SUCCESS(status));
}
if (msg->msgid == MSGID_SBIE_INI_RC4_CRYPT) {
return RC4Crypt(msg, idProcess, NT_SUCCESS(status));
}
if (NT_SUCCESS(status)) // if sandboxed
return SHORT_REPLY(STATUS_NOT_SUPPORTED);
@ -2392,3 +2400,48 @@ MSG_HEADER *SbieIniServer::RunSbieCtrl(MSG_HEADER *msg, HANDLE idProcess, bool i
return SHORT_REPLY(status);
}
//---------------------------------------------------------------------------
// RC4Crypt
//---------------------------------------------------------------------------
MSG_HEADER *SbieIniServer::RC4Crypt(MSG_HEADER *msg, HANDLE idProcess, bool isSandboxed)
{
//
// The purpose of this function is to provide a simple machien bound obfuscation
// for example to store passwords which are required in plain text.
// To this end we use a Random 64 bit key which is generated once and stored in the registry
// as well as the rc4 algorythm for the encryption, applying the same transformation twice
// yealds the original plaintext, hence only one function is sufficient.
//
// Please note that neider the mechanism nor the use rc4 algorythm can be considdered
// cryptographically secure by any means.
// This mechanism is only good for simple obfuscation of non critical data.
//
SBIE_INI_RC4_CRYPT_REQ *req = (SBIE_INI_RC4_CRYPT_REQ *)msg;
if (req->h.length < sizeof(SBIE_INI_RC4_CRYPT_REQ))
return SHORT_REPLY(STATUS_INVALID_PARAMETER);
ULONG rpl_len = sizeof(SBIE_INI_RC4_CRYPT_RPL) + req->value_len;
SBIE_INI_RC4_CRYPT_RPL *rpl = (SBIE_INI_RC4_CRYPT_RPL *)LONG_REPLY(rpl_len);
if (!rpl)
return SHORT_REPLY(STATUS_INSUFFICIENT_RESOURCES);
rpl->value_len = req->value_len;
memcpy(rpl->value, req->value, req->value_len);
ULONG64 RandID = 0;
SbieApi_Call(API_GET_SECURE_PARAM, 3, L"RandID", (ULONG_PTR)&RandID, sizeof(RandID));
if (RandID == 0) {
srand(GetTickCount());
RandID = ULONG64(rand() & 0xFFFF) | (ULONG64(rand() & 0xFFFF) << 16) | (ULONG64(rand() & 0xFFFF) << 32) | (ULONG64(rand() & 0xFFFF) << 48);
SbieApi_Call(API_SET_SECURE_PARAM, 3, L"RandID", (ULONG_PTR)&RandID, sizeof(RandID));
}
rc4_crypt((BYTE*)&RandID, sizeof(RandID), 0x1000, rpl->value, rpl->value_len);
return (MSG_HEADER*)rpl;
}

2
Sandboxie/core/svc/sbieiniserver.h
View File

@ -105,6 +105,8 @@ protected:
MSG_HEADER *RunSbieCtrl(MSG_HEADER *msg, HANDLE idProcess, bool isSandboxed);
MSG_HEADER *RC4Crypt(MSG_HEADER *msg, HANDLE idProcess, bool isSandboxed);
protected:

23
Sandboxie/core/svc/sbieiniwire.h
View File

@ -174,6 +174,29 @@ struct tagSBIE_INI_PASSWORD_REQ
typedef struct tagSBIE_INI_PASSWORD_REQ SBIE_INI_PASSWORD_REQ;
//---------------------------------------------------------------------------
// rc4 Crypt
//---------------------------------------------------------------------------
struct tagSBIE_INI_RC4_CRYPT_REQ
{
MSG_HEADER h;
ULONG value_len;
UCHAR value[1];
};
struct tagSBIE_INI_RC4_CRYPT_RPL
{
MSG_HEADER h;
ULONG value_len;
UCHAR value[1];
};
typedef struct tagSBIE_INI_RC4_CRYPT_REQ SBIE_INI_RC4_CRYPT_REQ;
typedef struct tagSBIE_INI_RC4_CRYPT_RPL SBIE_INI_RC4_CRYPT_RPL;
//---------------------------------------------------------------------------

13
Sandboxie/msgs/Sbie-English-1033.txt
View File

@ -751,6 +751,10 @@ SBIE2332 Cannot access file SbiePst.dat
SBIE2335 Initialization failed for process %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2336;pop;err;01
SBIE2336 Error in GUI server: %2
.
@ -916,6 +920,15 @@ Desktop
Programs
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3202;txt;01
Invalid command line parameter: %2
.

4
Sandboxie/msgs/Text-German-1031.txt
View File

@ -702,6 +702,10 @@ SBIE2337 Konnte Programm nicht starten: %2
SBIE2338 Nicht unterstützte Architektur in Prozess %2 vorgefunden
.
2360;pop;err;01
SBIE2360 Fehler beim Injizieren des SOCKS5-Proxy: %2
.
#----------------------------------------------------------------------------
# SbieSvc
#----------------------------------------------------------------------------

4
Sandboxie/msgs/Text-Korean-1042.txt
View File

@ -751,6 +751,10 @@ SBIE2332 SbiePst.dat 파일에 액세스할 수 없습니다
SBIE2335 %2 프로세스에 대해 초기화하지 못했습니다
.
2360;pop;err;01
SBIE2360 SOCKS5 프록시를 삽입하지 못했습니다: %2
.
2336;pop;err;01
SBIE2336 GUI 서버의 오류: %2
.

4
Sandboxie/msgs/Text-SimpChinese-2052.txt
View File

@ -733,6 +733,10 @@ SBIE2332 无法访问文件 SbiePst.dat
SBIE2335 进程 %2 初始化失败
.
2360;pop;err;01
SBIE2360 注入 SOCKS5 代理失败: %2
.
2336;pop;err;01
SBIE2336 GUI 服务器出错: %2
.

4
Sandboxie/msgs/Text-Turkish-1055.txt
View File

@ -676,6 +676,10 @@ SBIE2332 SbiePst.dat dosyasına erişilemiyor
SBIE2335 %2 işlemi için başlatma başarısız oldu
.
2360;pop;err;01
SBIE2360 SOCKS5 ara sunucusu eklenemedi: %2
.
2336;pop;err;01
SBIE2336 GUI sunucusunda hata: %2
.

13
Sandboxie/msgs/report/Report-Albanian.txt
View File

@ -190,6 +190,10 @@ SBIE2325 Debug: %2
SBIE2335 Initialization failed for process %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2336;pop;err;01
SBIE2336 Error in GUI server: %2
.
@ -218,6 +222,15 @@ Type the name of a program or path to open the following file in the current san
Programs
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

13
Sandboxie/msgs/report/Report-Arabic.txt
View File

@ -186,6 +186,10 @@ SBIE2325 Debug: %2
SBIE2335 Initialization failed for process %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2336;pop;err;01
SBIE2336 Error in GUI server: %2
.
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
Type the name of a program or path to open the following file in the current sandbox:
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

13
Sandboxie/msgs/report/Report-Bulgarian.txt
View File

@ -186,6 +186,10 @@ SBIE2325 Debug: %2
SBIE2335 Initialization failed for process %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2336;pop;err;01
SBIE2336 Error in GUI server: %2
.
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
Type the name of a program or path to open the following file in the current sandbox:
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

13
Sandboxie/msgs/report/Report-Croatian.txt
View File

@ -186,6 +186,10 @@ SBIE2325 Debug: %2
SBIE2335 Initialization failed for process %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2336;pop;err;01
SBIE2336 Error in GUI server: %2
.
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
Type the name of a program or path to open the following file in the current sandbox:
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

13
Sandboxie/msgs/report/Report-Czech.txt
View File

@ -174,6 +174,10 @@ SBIE2302 Process image configuration conflict: %2
SBIE2325 Debug: %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2338;pop;err;01
SBIE2338 Encountered unsupported architecture in process: %2
.
@ -182,6 +186,15 @@ SBIE2338 Encountered unsupported architecture in process: %2
Type the name of a program or path to open the following file in the current sandbox:
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

13
Sandboxie/msgs/report/Report-Danish.txt
View File

@ -222,6 +222,10 @@ SBIE2325 Debug: %2
SBIE2335 Initialization failed for process %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2336;pop;err;01
SBIE2336 Error in GUI server: %2
.
@ -250,6 +254,15 @@ Type the name of a program or path to open the following file in the current san
Programs
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3243;txt;01
Note: The program will continue to execute under the supervision
of Sandboxie, even after Administrator privileges have been granted.

13
Sandboxie/msgs/report/Report-Dutch.txt
View File

@ -142,10 +142,23 @@ SBIE2246 Failed to mount box image, ImBox error %2
SBIE2325 Debug: %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2338;pop;err;01
SBIE2338 Encountered unsupported architecture in process: %2
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

13
Sandboxie/msgs/report/Report-Estonian.txt
View File

@ -222,6 +222,10 @@ SBIE2325 Debug: %2
SBIE2335 Initialization failed for process %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2336;pop;err;01
SBIE2336 Error in GUI server: %2
.
@ -250,6 +254,15 @@ Type the name of a program or path to open the following file in the current san
Programs
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3243;txt;01
Note: The program will continue to execute under the supervision
of Sandboxie, even after Administrator privileges have been granted.

13
Sandboxie/msgs/report/Report-Farsi.txt
View File

@ -174,6 +174,10 @@ SBIE2302 Process image configuration conflict: %2
SBIE2325 Debug: %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2338;pop;err;01
SBIE2338 Encountered unsupported architecture in process: %2
.
@ -182,6 +186,15 @@ SBIE2338 Encountered unsupported architecture in process: %2
Type the name of a program or path to open the following file in the current sandbox:
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

13
Sandboxie/msgs/report/Report-Finnish.txt
View File

@ -186,6 +186,10 @@ SBIE2325 Debug: %2
SBIE2335 Initialization failed for process %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2336;pop;err;01
SBIE2336 Error in GUI server: %2
.
@ -210,6 +214,15 @@ Type the name of a program or path to open the following file in the current san
Programs
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

13
Sandboxie/msgs/report/Report-French.txt
View File

@ -14,7 +14,20 @@ SBIE1206 Your Windows build (%2) is not yet supported by sandboxie, error: %3
SBIE1207 Your Windows build (%2) is not yet supported by Sandboxie, which means applications will run without security isolation!
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
3001;txt;01
&OK
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.

9
Sandboxie/msgs/report/Report-German.txt
View File

@ -2,5 +2,12 @@
* Missing Messages in Text-German-1031.txt
*==========
There are no missing messages.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.

13
Sandboxie/msgs/report/Report-Greek.txt
View File

@ -186,6 +186,10 @@ SBIE2325 Debug: %2
SBIE2335 Initialization failed for process %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2336;pop;err;01
SBIE2336 Error in GUI server: %2
.
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
Type the name of a program or path to open the following file in the current sandbox:
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

13
Sandboxie/msgs/report/Report-Hebrew.txt
View File

@ -174,6 +174,10 @@ SBIE2302 Process image configuration conflict: %2
SBIE2325 Debug: %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2338;pop;err;01
SBIE2338 Encountered unsupported architecture in process: %2
.
@ -182,6 +186,15 @@ SBIE2338 Encountered unsupported architecture in process: %2
Type the name of a program or path to open the following file in the current sandbox:
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

13
Sandboxie/msgs/report/Report-Hungarian.txt
View File

@ -186,6 +186,10 @@ SBIE2325 Debug: %2
SBIE2335 Initialization failed for process %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2336;pop;err;01
SBIE2336 Error in GUI server: %2
.
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
Type the name of a program or path to open the following file in the current sandbox:
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

13
Sandboxie/msgs/report/Report-Indonesian.txt
View File

@ -186,6 +186,10 @@ SBIE2325 Debug: %2
SBIE2335 Initialization failed for process %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2336;pop;err;01
SBIE2336 Error in GUI server: %2
.
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
Type the name of a program or path to open the following file in the current sandbox:
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

13
Sandboxie/msgs/report/Report-Italian.txt
View File

@ -78,6 +78,19 @@ SBIE2244 Failed to mount box image, Password required
SBIE2246 Failed to mount box image, ImBox error %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
6008;pop;err;01
The configuration %3 of box %2 requires a supporter certificate and can not be used without it.
.

13
Sandboxie/msgs/report/Report-Japanese.txt
View File

@ -186,6 +186,10 @@ SBIE2325 Debug: %2
SBIE2335 Initialization failed for process %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2336;pop;err;01
SBIE2336 Error in GUI server: %2
.
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
Type the name of a program or path to open the following file in the current sandbox:
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

9
Sandboxie/msgs/report/Report-Korean.txt
View File

@ -2,5 +2,12 @@
* Missing Messages in Text-Korean-1042.txt
*==========
There are no missing messages.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.

13
Sandboxie/msgs/report/Report-Macedonian.txt
View File

@ -222,6 +222,10 @@ SBIE2325 Debug: %2
SBIE2335 Initialization failed for process %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2336;pop;err;01
SBIE2336 Error in GUI server: %2
.
@ -250,6 +254,15 @@ Type the name of a program or path to open the following file in the current san
Programs
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3243;txt;01
Note: The program will continue to execute under the supervision
of Sandboxie, even after Administrator privileges have been granted.

13
Sandboxie/msgs/report/Report-Polish.txt
View File

@ -18,6 +18,19 @@ SBIE1207 Your Windows build (%2) is not yet supported by Sandboxie, which means
SBIE1222 Error with security token: %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
*==========
* Extraneous Messages in Text-Polish-1045.txt
*==========

13
Sandboxie/msgs/report/Report-Portuguese.txt
View File

@ -186,6 +186,10 @@ SBIE2325 Debug: %2
SBIE2335 Initialization failed for process %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2336;pop;err;01
SBIE2336 Error in GUI server: %2
.
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
Type the name of a program or path to open the following file in the current sandbox:
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

13
Sandboxie/msgs/report/Report-PortugueseBr.txt
View File

@ -114,6 +114,19 @@ SBIE2246 Failed to mount box image, ImBox error %2
SBIE2325 Debug: %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3469;txt;01
What's new in Sandboxie-Plus
.

13
Sandboxie/msgs/report/Report-Russian.txt
View File

@ -14,3 +14,16 @@ SBIE1206 Your Windows build (%2) is not yet supported by sandboxie, error: %3
SBIE1207 Your Windows build (%2) is not yet supported by Sandboxie, which means applications will run without security isolation!
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.

9
Sandboxie/msgs/report/Report-SimpChinese.txt
View File

@ -2,5 +2,12 @@
* Missing Messages in Text-SimpChinese-2052.txt
*==========
There are no missing messages.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.

13
Sandboxie/msgs/report/Report-Slovak.txt
View File

@ -186,6 +186,10 @@ SBIE2325 Debug: %2
SBIE2335 Initialization failed for process %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2336;pop;err;01
SBIE2336 Error in GUI server: %2
.
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
Type the name of a program or path to open the following file in the current sandbox:
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

13
Sandboxie/msgs/report/Report-Spanish.txt
View File

@ -158,6 +158,10 @@ SBIE2302 Process image configuration conflict: %2
SBIE2325 Debug: %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2338;pop;err;01
SBIE2338 Encountered unsupported architecture in process: %2
.
@ -166,6 +170,15 @@ SBIE2338 Encountered unsupported architecture in process: %2
Type the name of a program or path to open the following file in the current sandbox:
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

13
Sandboxie/msgs/report/Report-Swedish.txt
View File

@ -130,10 +130,23 @@ SBIE2246 Failed to mount box image, ImBox error %2
SBIE2325 Debug: %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2338;pop;err;01
SBIE2338 Encountered unsupported architecture in process: %2
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

13
Sandboxie/msgs/report/Report-TradChinese.txt
View File

@ -122,10 +122,23 @@ SBIE2244 Failed to mount box image, Password required
SBIE2246 Failed to mount box image, ImBox error %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2338;pop;err;01
SBIE2338 Encountered unsupported architecture in process: %2
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3505;txt;01
Contribute to Sandboxie
.

9
Sandboxie/msgs/report/Report-Turkish.txt
View File

@ -2,5 +2,12 @@
* Missing Messages in Text-Turkish-1055.txt
*==========
There are no missing messages.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.

13
Sandboxie/msgs/report/Report-Ukrainian.txt
View File

@ -122,10 +122,23 @@ SBIE2244 Failed to mount box image, Password required
SBIE2246 Failed to mount box image, ImBox error %2
.
2360;pop;err;01
SBIE2360 Failed to inject SOCKS5 proxy: %2
.
2338;pop;err;01
SBIE2338 Encountered unsupported architecture in process: %2
.
3198;txt;01
Do you want to start a new program in the %2 sandbox?
You received this message because you set AlertBeforeStart=y.
.
3199;txt;01
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
.
3315;txt;01
Deleting Sandbox contents
.

2
SandboxiePlus/QSbieAPI/Sandboxie/SandBox.cpp
View File

@ -147,7 +147,7 @@ SB_STATUS CSandBox::RunStart(const QString& Command, bool Elevated)
if ((QGuiApplication::queryKeyboardModifiers() & Qt::ControlModifier) != 0)
return RunSandboxed(Command);
#endif
return m_pAPI->RunStart(m_Name, Command, Elevated);
return m_pAPI->RunStart(m_Name, Command, Elevated ? CSbieAPI::eStartElevated : CSbieAPI::eStartDefault);
}
SB_STATUS CSandBox::RunSandboxed(const QString& Command)

30
SandboxiePlus/QSbieAPI/SbieAPI.cpp
View File

@ -1029,14 +1029,17 @@ QString CSbieAPI::GetUserSection(QString* pUserName, bool* pIsAdmin) const
return UserSection;
}
SB_RESULT(quint32) CSbieAPI::RunStart(const QString& BoxName, const QString& Command, bool Elevated, const QString& WorkingDir, QProcess* pProcess)
SB_RESULT(quint32) CSbieAPI::RunStart(const QString& BoxName, const QString& Command, EStartFlags Flags, const QString& WorkingDir, QProcess* pProcess)
{
if (m_SbiePath.isEmpty())
return SB_ERR(SB_PathFail);
QString StartArgs;
if(Elevated)
if (Flags & eStartElevated)
StartArgs += "/elevated ";
if (Flags & eStartFCP)
StartArgs += "/fcp ";
if (!BoxName.isEmpty())
StartArgs += "/box:" + BoxName + " ";
else
@ -1055,7 +1058,7 @@ SB_RESULT(quint32) CSbieAPI::RunStart(const QString& BoxName, const QString& Com
pProcess->setNativeArguments(StartArgs);
pProcess->start();
pid = pProcess->processId();
}
}
else {
QProcess process;
//process.setWorkingDirectory(QString::fromWCharArray(sysPath));
@ -2150,6 +2153,27 @@ void CSbieAPI::ClearPassword()
m->Password.clear();
}
SB_RESULT(QByteArray) CSbieAPI::RC4Crypt(const QByteArray& Data)
{
ULONG req_len = sizeof(SBIE_INI_RC4_CRYPT_REQ) + Data.size();
SScoped<SBIE_INI_RC4_CRYPT_REQ> req(malloc(req_len));
req->h.length = req_len;
req->h.msgid = MSGID_SBIE_INI_RC4_CRYPT;
req->value_len = Data.size();
memcpy(req->value, Data.constData(), req->value_len);
SScoped<SBIE_INI_RC4_CRYPT_RPL> rpl;
SB_STATUS Status = CallServer(&req->h, &rpl);
if (!Status)
return Status;
if (!rpl)
return SB_ERR(ERROR_SERVER_DISABLED);
if (rpl->h.status != 0)
return SB_ERR(rpl->h.status);
return CSbieResult<QByteArray>(QByteArray((char*)rpl->value, rpl->value_len));
}
bool CSbieAPI::GetDriverInfo(quint32 InfoClass, void* pBuffer, size_t Size)
{
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];

11
SandboxiePlus/QSbieAPI/SbieAPI.h
View File

@ -108,6 +108,8 @@ public:
virtual SB_STATUS LockConfig(const QString& NewPassword);
virtual void ClearPassword();
virtual SB_RESULT(QByteArray) RC4Crypt(const QByteArray& Data);
virtual bool GetDriverInfo(quint32 InfoClass, void* pBuffer, size_t Size);
enum EFeatureFlags
@ -151,7 +153,14 @@ public:
virtual QString GetSbieMsgStr(quint32 code, quint32 Lang = 1033);
virtual SB_RESULT(quint32) RunStart(const QString& BoxName, const QString& Command, bool Elevated = false, const QString& WorkingDir = QString(), QProcess* pProcess = NULL);
enum EStartFlags
{
eStartDefault = 0,
eStartElevated = 1,
eStartFCP = 2
};
virtual SB_RESULT(quint32) RunStart(const QString& BoxName, const QString& Command, EStartFlags Flags = eStartDefault, const QString& WorkingDir = QString(), QProcess* pProcess = NULL);
virtual QString GetStartPath() const;
virtual quint32 GetSessionID() const;

3
SandboxiePlus/QSbieAPI/SbieTrace.cpp
View File

@ -113,7 +113,7 @@ QList<quint32> CTraceEntry::AllTypes()
<< MONITOR_KEY << MONITOR_FILE << MONITOR_PIPE
<< MONITOR_IPC << MONITOR_RPC << MONITOR_COMCLASS << MONITOR_RTCLASS
<< MONITOR_WINCLASS << MONITOR_DRIVE << MONITOR_IGNORE << MONITOR_IMAGE
<< MONITOR_NETFW << MONITOR_SCM << MONITOR_OTHER;
<< MONITOR_NETFW << MONITOR_DNS << MONITOR_SCM << MONITOR_OTHER;
}
QString CTraceEntry::GetTypeStr(quint32 Type)
@ -134,6 +134,7 @@ QString CTraceEntry::GetTypeStr(quint32 Type)
case MONITOR_FILE: return "File"; break;
case MONITOR_KEY: return "Key"; break;
case MONITOR_NETFW: return "Socket"; break;
case MONITOR_DNS: return "Dns"; break;
case MONITOR_SCM: return "SCM"; break; // Service Control Manager
case MONITOR_OTHER: return "Debug"; break;
default: return QString();

2
SandboxiePlus/QSbieAPI/SbieUtils.cpp
View File

@ -564,7 +564,7 @@ bool CSbieUtils::GetStartMenuShortcut(CSbieAPI* pApi, QString &BoxName, QString
QString Command = "start_menu:" + QString::fromWCharArray(MapName);
if (!LinkPath.isEmpty())
Command += ":" + LinkPath;
pApi->RunStart(BoxName, Command, false, QString(), &Process);
pApi->RunStart(BoxName, Command, CSbieAPI::eStartDefault, QString(), &Process);
//Process.waitForFinished(-1);
while(Process.state() != QProcess::NotRunning)
QCoreApplication::processEvents(); // keep UI responsive

2
SandboxiePlus/SandMan/Engine/BoxObject.cpp
View File

@ -8,7 +8,7 @@
quint32 CBoxObject::StartTask(const QString& Command, const QVariantMap& Options)
{
SB_RESULT(quint32) result = theGUI->RunStart(getName(), Command, Options["elevalted"].toBool(), Options["directory"].toString());
SB_RESULT(quint32) result = theGUI->RunStart(getName(), Command, Options["elevalted"].toBool() ? CSbieAPI::eStartElevated : CSbieAPI::eStartDefault, Options["directory"].toString());
return result.IsError() ? -1 : result.GetValue();
}

335
SandboxiePlus/SandMan/Forms/OptionsWindow.ui
View File

@ -45,7 +45,7 @@
<enum>QTabWidget::North</enum>
</property>
<property name="currentIndex">
<number>0</number>
<number>7</number>
</property>
<widget class="QWidget" name="tabGeneral">
<attribute name="title">
@ -3090,7 +3090,7 @@ The process match level has a higher priority than the specificity and describes
<item row="1" column="0">
<widget class="QTabWidget" name="tabsInternet">
<property name="currentIndex">
<number>2</number>
<number>3</number>
</property>
<widget class="QWidget" name="tabINet">
<attribute name="title">
@ -3348,20 +3348,276 @@ The process match level has a higher priority than the specificity and describes
</item>
</layout>
</widget>
<widget class="QWidget" name="tabDNS">
<attribute name="title">
<string>DNS Filter</string>
</attribute>
<layout class="QGridLayout" name="gridLayout_66">
<property name="leftMargin">
<number>3</number>
</property>
<property name="rightMargin">
<number>3</number>
</property>
<property name="bottomMargin">
<number>3</number>
</property>
<item row="0" column="0">
<layout class="QGridLayout" name="gridLayout_65">
<item row="1" column="1">
<widget class="QPushButton" name="btnAddDns">
<property name="text">
<string>Add Filter</string>
</property>
</widget>
</item>
<item row="2" column="1">
<spacer name="verticalSpacer_32">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label_19">
<property name="text">
<string>With the DNS filter individual domains can be blocked, on a per process basis. Leave the IP column empty to block or enter an ip to redirect.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QPushButton" name="btnDelDns">
<property name="text">
<string>Remove</string>
</property>
</widget>
</item>
<item row="1" column="0" rowspan="3">
<widget class="QTreeWidget" name="treeDns">
<property name="sortingEnabled">
<bool>true</bool>
</property>
<column>
<property name="text">
<string>Program</string>
</property>
</column>
<column>
<property name="text">
<string>Domain</string>
</property>
</column>
<column>
<property name="text">
<string>IP</string>
</property>
</column>
</widget>
</item>
</layout>
</item>
</layout>
</widget>
<widget class="QWidget" name="tabNetProxy">
<attribute name="title">
<string>Internet Proxy</string>
</attribute>
<layout class="QGridLayout" name="gridLayout_64">
<property name="leftMargin">
<number>3</number>
</property>
<property name="rightMargin">
<number>3</number>
</property>
<property name="bottomMargin">
<number>3</number>
</property>
<item row="0" column="0">
<layout class="QGridLayout" name="gridLayout_15">
<item row="4" column="1">
<layout class="QVBoxLayout" name="verticalLayout_3">
<property name="spacing">
<number>2</number>
</property>
<item>
<layout class="QHBoxLayout" name="horizontalLayout_4">
<item>
<widget class="QPushButton" name="btnMoveProxyUp">
<property name="text">
<string>Move Up</string>
</property>
</widget>
</item>
</layout>
</item>
<item>
<layout class="QHBoxLayout" name="horizontalLayout_5">
<item>
<widget class="QPushButton" name="btnMoveProxyDown">
<property name="text">
<string>Move Down</string>
</property>
</widget>
</item>
</layout>
</item>
</layout>
</item>
<item row="7" column="1">
<widget class="QPushButton" name="btnDelProxy">
<property name="text">
<string>Remove</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QPushButton" name="btnAddProxy">
<property name="text">
<string>Add Proxy</string>
</property>
</widget>
</item>
<item row="5" column="1">
<spacer name="verticalSpacer_41">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label_18">
<property name="text">
<string>Sandboxed programs can be forced to use a preset SOCKS5 proxy.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="6" column="1">
<widget class="QCheckBox" name="chkProxyResolveHostnames">
<property name="text">
<string>Resolve hostnames via proxy</string>
</property>
</widget>
</item>
<item row="1" column="0" rowspan="7">
<widget class="QTreeWidget" name="treeProxy">
<property name="sortingEnabled">
<bool>false</bool>
</property>
<column>
<property name="text">
<string>Program</string>
</property>
</column>
<column>
<property name="text">
<string>IP</string>
</property>
</column>
<column>
<property name="text">
<string>Port</string>
</property>
</column>
<column>
<property name="text">
<string>Auth</string>
</property>
</column>
<column>
<property name="text">
<string>Login</string>
</property>
</column>
<column>
<property name="text">
<string>Password</string>
</property>
</column>
</widget>
</item>
<item row="3" column="1">
<spacer name="verticalSpacer_33">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="2" column="1">
<widget class="QPushButton" name="btnTestProxy">
<property name="text">
<string>Test Proxy</string>
</property>
</widget>
</item>
</layout>
</item>
</layout>
</widget>
<widget class="QWidget" name="tabNetConfig">
<attribute name="title">
<string>Other Options</string>
</attribute>
<layout class="QGridLayout" name="gridLayout_64">
<layout class="QGridLayout" name="gridLayout_81">
<item row="0" column="0">
<layout class="QGridLayout" name="gridLayout_30">
<item row="5" column="1">
<widget class="QCheckBox" name="chkBlockNetParam">
<layout class="QGridLayout" name="gridLayout_80">
<item row="1" column="1">
<widget class="QCheckBox" name="chkBlockSamba">
<property name="text">
<string>Prevent change to network and firewall parameters (user mode)</string>
<string>Block common SAMBA ports</string>
</property>
</widget>
</item>
<item row="4" column="1">
<widget class="QCheckBox" name="chkBlockNetShare">
<property name="text">
<string>Block network files and folders, unless specifically opened.</string>
</property>
</widget>
</item>
<item row="2" column="1">
<widget class="QCheckBox" name="chkBlockDns">
<property name="text">
<string>Block DNS, UDP port 53</string>
</property>
</widget>
</item>
<item row="6" column="0">
<spacer name="verticalSpacer_10">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="0" column="0">
<widget class="QLabel" name="lblPorts">
<property name="font">
@ -3371,20 +3627,23 @@ The process match level has a higher priority than the specificity and describes
<kerning>true</kerning>
</font>
</property>
<property name="toolTip">
<string>Protect the system from sandboxed processes</string>
</property>
<property name="text">
<string>Port Blocking</string>
</property>
</widget>
</item>
<item row="4" column="1">
<widget class="QCheckBox" name="chkBlockNetShare">
<property name="text">
<string>Block network files and folders, unless specifically opened.</string>
<item row="6" column="1">
<spacer name="horizontalSpacer_18">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
</widget>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="3" column="0">
<widget class="QLabel" name="lblNetwork">
@ -3403,43 +3662,10 @@ The process match level has a higher priority than the specificity and describes
</property>
</widget>
</item>
<item row="6" column="0">
<spacer name="verticalSpacer_10">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="1" column="1">
<widget class="QCheckBox" name="chkBlockSamba">
<item row="5" column="1">
<widget class="QCheckBox" name="chkBlockNetParam">
<property name="text">
<string>Block common SAMBA ports</string>
</property>
</widget>
</item>
<item row="6" column="1">
<spacer name="horizontalSpacer_18">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="2" column="1">
<widget class="QCheckBox" name="chkBlockDns">
<property name="text">
<string>Block DNS, UDP port 53</string>
<string>Prevent change to network and firewall parameters (user mode)</string>
</property>
</widget>
</item>
@ -4557,6 +4783,13 @@ Note: Forced Programs and Force Folders settings for a sandbox do not apply to
</property>
</widget>
</item>
<item row="10" column="4">
<widget class="QCheckBox" name="chkDnsTrace">
<property name="text">
<string>DNS Request Logging</string>
</property>
</widget>
</item>
<item row="8" column="1" colspan="2">
<widget class="QCheckBox" name="chkGuiTrace">
<property name="text">

152
SandboxiePlus/SandMan/Forms/SelectBoxWindow.ui
View File

@ -6,8 +6,8 @@
<rect>
<x>0</x>
<y>0</y>
<width>290</width>
<height>430</height>
<width>278</width>
<height>475</height>
</rect>
</property>
<property name="sizePolicy">
@ -31,77 +31,83 @@
<property name="windowTitle">
<string>SandboxiePlus select box</string>
</property>
<layout class="QVBoxLayout" name="verticalLayout_2">
<item>
<layout class="QGridLayout" name="gridLayout">
<item row="5" column="0">
<widget class="Line" name="line">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QRadioButton" name="radBoxed">
<property name="text">
<string>Run Sandboxed</string>
</property>
<property name="checked">
<bool>true</bool>
</property>
</widget>
</item>
<item row="7" column="0">
<widget class="QDialogButtonBox" name="buttonBox">
<property name="standardButtons">
<set>QDialogButtonBox::Cancel|QDialogButtonBox::Ok</set>
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QTreeWidget" name="treeBoxes">
<column>
<property name="text">
<string>Sandbox</string>
</property>
</column>
</widget>
</item>
<item row="4" column="0">
<widget class="QRadioButton" name="radUnBoxed">
<property name="text">
<string>Run Outside the Sandbox</string>
</property>
</widget>
</item>
<item row="6" column="0">
<widget class="QCheckBox" name="chkAdmin">
<property name="text">
<string>Run As UAC Administrator</string>
</property>
</widget>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label">
<property name="text">
<string>Select the sandbox in which to start the program, installer or document.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="3" column="0">
<widget class="QRadioButton" name="radBoxedNew">
<property name="text">
<string>Run in a new Sandbox</string>
</property>
<property name="checked">
<bool>false</bool>
</property>
</widget>
</item>
</layout>
<layout class="QGridLayout" name="gridLayout">
<item row="5" column="0">
<widget class="QRadioButton" name="radUnBoxed">
<property name="text">
<string>Run Outside the Sandbox</string>
</property>
</widget>
</item>
<item row="5" column="1">
<widget class="QCheckBox" name="chkFCP">
<property name="toolTip">
<string>Force direct child to be sandboxed, but does not include indirect child processes that are opened through the DCOM and IPC interface.</string>
</property>
<property name="text">
<string>Force Children</string>
</property>
</widget>
</item>
<item row="3" column="0" colspan="2">
<widget class="QTreeWidget" name="treeBoxes">
<column>
<property name="text">
<string>Sandbox</string>
</property>
</column>
</widget>
</item>
<item row="4" column="0" colspan="2">
<widget class="QRadioButton" name="radBoxedNew">
<property name="text">
<string>Run in a new Sandbox</string>
</property>
<property name="checked">
<bool>false</bool>
</property>
</widget>
</item>
<item row="7" column="0" colspan="2">
<widget class="Line" name="line">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
</widget>
</item>
<item row="8" column="0" colspan="2">
<widget class="QCheckBox" name="chkAdmin">
<property name="text">
<string>Run As UAC Administrator</string>
</property>
</widget>
</item>
<item row="9" column="0" colspan="2">
<widget class="QDialogButtonBox" name="buttonBox">
<property name="standardButtons">
<set>QDialogButtonBox::Cancel|QDialogButtonBox::Ok</set>
</property>
</widget>
</item>
<item row="1" column="0" colspan="2">
<widget class="QRadioButton" name="radBoxed">
<property name="text">
<string>Run Sandboxed</string>
</property>
<property name="checked">
<bool>true</bool>
</property>
</widget>
</item>
<item row="0" column="0" colspan="2">
<widget class="QLabel" name="label">
<property name="text">
<string>Select the sandbox in which to start the program, installer or document.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
</layout>
</widget>

487
SandboxiePlus/SandMan/Forms/TestProxyDialog.ui Normal file
View File

@ -0,0 +1,487 @@
<?xml version="1.0" encoding="UTF-8"?>
<ui version="4.0">
<class>TestProxyDialog</class>
<widget class="QDialog" name="TestProxyDialog">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>680</width>
<height>420</height>
</rect>
</property>
<property name="sizePolicy">
<sizepolicy hsizetype="Fixed" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="windowTitle">
<string>Test Proxy</string>
</property>
<layout class="QVBoxLayout" name="verticalLayout_4">
<item>
<widget class="QStackedWidget" name="stackedWidget">
<property name="enabled">
<bool>true</bool>
</property>
<property name="sizePolicy">
<sizepolicy hsizetype="Expanding" vsizetype="Expanding">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="currentIndex">
<number>0</number>
</property>
<widget class="QWidget" name="testPage">
<layout class="QVBoxLayout" name="verticalLayout_5">
<property name="leftMargin">
<number>0</number>
</property>
<property name="topMargin">
<number>0</number>
</property>
<property name="rightMargin">
<number>0</number>
</property>
<property name="bottomMargin">
<number>0</number>
</property>
<item>
<layout class="QVBoxLayout" name="verticalLayout_1">
<item>
<layout class="QGridLayout" name="gridLayout" columnstretch="3,2">
<item row="0" column="1">
<layout class="QVBoxLayout" name="verticalLayout_2">
<property name="spacing">
<number>6</number>
</property>
<item>
<widget class="QPushButton" name="btnTestCustomize">
<property name="sizePolicy">
<sizepolicy hsizetype="Expanding" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>Test Settings...</string>
</property>
</widget>
</item>
<item>
<widget class="QLabel" name="labelTestResults">
<property name="font">
<font>
<pointsize>12</pointsize>
<bold>true</bold>
</font>
</property>
<property name="text">
<string>Testing...</string>
</property>
<property name="alignment">
<set>Qt::AlignCenter</set>
</property>
</widget>
</item>
</layout>
</item>
<item row="0" column="0">
<layout class="QFormLayout" name="formLayout">
<property name="horizontalSpacing">
<number>25</number>
</property>
<property name="verticalSpacing">
<number>3</number>
</property>
<property name="bottomMargin">
<number>6</number>
</property>
<item row="0" column="0">
<widget class="QLabel" name="label">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Preferred">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="font">
<font>
<pointsize>12</pointsize>
<bold>true</bold>
</font>
</property>
<property name="text">
<string>Proxy Server</string>
</property>
<property name="alignment">
<set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop</set>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="labelAddress">
<property name="text">
<string>Address:</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QLabel" name="labelAddressOut">
<property name="text">
<string>127.0.0.1:80</string>
</property>
<property name="textInteractionFlags">
<set>Qt::LinksAccessibleByMouse|Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QLabel" name="labelProtocol">
<property name="text">
<string>Protocol:</string>
</property>
</widget>
</item>
<item row="2" column="1">
<widget class="QLabel" name="labelProtocolOut">
<property name="text">
<string>SOCKS 5</string>
</property>
</widget>
</item>
<item row="3" column="0">
<widget class="QLabel" name="labelAuth">
<property name="text">
<string>Authentication:</string>
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QLabel" name="labelAuthOut">
<property name="text">
<string>NO</string>
</property>
</widget>
</item>
<item row="4" column="0">
<widget class="QLabel" name="labelUsername">
<property name="text">
<string>Login:</string>
</property>
</widget>
</item>
<item row="4" column="1">
<widget class="QLabel" name="labelUsernameOut">
<property name="text">
<string>username</string>
</property>
</widget>
</item>
</layout>
</item>
</layout>
</item>
<item>
<widget class="QProgressBar" name="progressBar">
<property name="value">
<number>24</number>
</property>
<property name="textVisible">
<bool>false</bool>
</property>
</widget>
</item>
<item>
<widget class="QTextBrowser" name="textBrowser">
<property name="font">
<font>
<family>Courier New</family>
<pointsize>8</pointsize>
</font>
</property>
</widget>
</item>
<item>
<widget class="QDialogButtonBox" name="buttonBoxTest">
<property name="standardButtons">
<set>QDialogButtonBox::Ok|QDialogButtonBox::Retry</set>
</property>
</widget>
</item>
</layout>
</item>
</layout>
</widget>
<widget class="QWidget" name="testSettingsPage">
<layout class="QVBoxLayout" name="verticalLayout_6">
<property name="leftMargin">
<number>0</number>
</property>
<property name="topMargin">
<number>0</number>
</property>
<property name="rightMargin">
<number>0</number>
</property>
<property name="bottomMargin">
<number>0</number>
</property>
<item>
<layout class="QVBoxLayout" name="verticalLayout_3">
<property name="spacing">
<number>6</number>
</property>
<item>
<layout class="QHBoxLayout" name="horizontalLayout_4" stretch="30,30,150">
<item>
<widget class="QLabel" name="labelTimeout">
<property name="text">
<string>Timeout (secs):</string>
</property>
</widget>
</item>
<item>
<widget class="QLineEdit" name="lineEditTimeout">
<property name="text">
<string>5</string>
</property>
</widget>
</item>
<item>
<spacer name="horizontalSpacer">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeType">
<enum>QSizePolicy::Expanding</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
</layout>
</item>
<item>
<widget class="QGroupBox" name="groupBoxTest1">
<property name="title">
<string>Test 1: Connection to the Proxy Server</string>
</property>
<layout class="QHBoxLayout" name="horizontalLayout">
<item>
<widget class="QCheckBox" name="checkBoxTest1">
<property name="text">
<string>Enable this test</string>
</property>
<property name="checked">
<bool>true</bool>
</property>
</widget>
</item>
</layout>
</widget>
</item>
<item>
<widget class="QGroupBox" name="groupBoxTest2">
<property name="title">
<string>Test 2: Connection through the Proxy Server</string>
</property>
<layout class="QVBoxLayout" name="verticalLayout">
<property name="spacing">
<number>6</number>
</property>
<item>
<widget class="QCheckBox" name="checkBoxTest2">
<property name="text">
<string>Enable this test</string>
</property>
<property name="checked">
<bool>true</bool>
</property>
</widget>
</item>
<item>
<spacer name="verticalSpacer">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeType">
<enum>QSizePolicy::Preferred</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>10</height>
</size>
</property>
</spacer>
</item>
<item>
<layout class="QHBoxLayout" name="horizontalLayout_2" stretch="2,6,1,1">
<item>
<widget class="QLabel" name="labelHost">
<property name="text">
<string>Target host:</string>
</property>
<property name="alignment">
<set>Qt::AlignCenter</set>
</property>
</widget>
</item>
<item>
<widget class="QLineEdit" name="lineEditHost">
<property name="text">
<string>www.google.com</string>
</property>
<property name="cursorPosition">
<number>0</number>
</property>
</widget>
</item>
<item>
<widget class="QLabel" name="labelPort">
<property name="text">
<string>Port:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item>
<widget class="QLineEdit" name="lineEditPort">
<property name="text">
<string>80</string>
</property>
</widget>
</item>
</layout>
</item>
<item>
<widget class="QCheckBox" name="checkBoxTest2Load">
<property name="text">
<string>Load a default web page from the host. (There must be a web server running on the host)</string>
</property>
<property name="checked">
<bool>true</bool>
</property>
</widget>
</item>
</layout>
</widget>
</item>
<item>
<widget class="QGroupBox" name="groupBoxTest3">
<property name="title">
<string>Test 3: Proxy Server latency</string>
</property>
<layout class="QVBoxLayout" name="verticalLayout_7">
<item>
<widget class="QCheckBox" name="checkBoxTest3">
<property name="text">
<string>Enable this test</string>
</property>
<property name="checked">
<bool>true</bool>
</property>
</widget>
</item>
<item>
<spacer name="verticalSpacer_2">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeType">
<enum>QSizePolicy::Preferred</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>10</height>
</size>
</property>
</spacer>
</item>
<item>
<layout class="QHBoxLayout" name="horizontalLayout_3" stretch="2,1,7">
<item>
<widget class="QLabel" name="labelPingCount">
<property name="text">
<string>Ping count:</string>
</property>
<property name="alignment">
<set>Qt::AlignCenter</set>
</property>
</widget>
</item>
<item>
<widget class="QSpinBox" name="spinBoxPingCount">
<property name="minimum">
<number>1</number>
</property>
<property name="maximum">
<number>10</number>
</property>
<property name="value">
<number>4</number>
</property>
</widget>
</item>
<item>
<spacer name="horizontalSpacer_2">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeType">
<enum>QSizePolicy::Preferred</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
</layout>
</item>
<item>
<widget class="QLabel" name="label_3">
<property name="text">
<string>Increase ping count to improve the accuracy of the average latency calculation. More pings help to ensure that the average is representative of typical network conditions.</string>
</property>
<property name="alignment">
<set>Qt::AlignJustify|Qt::AlignVCenter</set>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
</layout>
</widget>
</item>
<item>
<widget class="QDialogButtonBox" name="buttonBoxSettings">
<property name="standardButtons">
<set>QDialogButtonBox::Cancel|QDialogButtonBox::Ok|QDialogButtonBox::RestoreDefaults</set>
</property>
</widget>
</item>
</layout>
</item>
</layout>
</widget>
</widget>
</item>
</layout>
</widget>
<resources/>
<connections/>
</ui>

35
SandboxiePlus/SandMan/SandMan.cpp
View File

@ -1671,9 +1671,9 @@ void CSandMan::OnMessage(const QString& MsgData)
BoxName = theAPI->GetGlobalSettings()->GetText("DefaultBox", "DefaultBox");
if (!BoxName.isEmpty())
RunStart(BoxName == "*DFP*" ? "" : BoxName, CmdLine, false, WrkDir);
RunStart(BoxName == "*DFP*" ? "" : BoxName, CmdLine, CSbieAPI::eStartDefault, WrkDir);
else
RunSandboxed(QStringList(CmdLine), BoxName, WrkDir);
RunSandboxed(QStringList(CmdLine), BoxName, WrkDir, true);
}
else if (Message.left(3) == "Op:")
{
@ -1702,27 +1702,28 @@ void CSandMan::dragEnterEvent(QDragEnterEvent* e)
}
}
bool CSandMan::RunSandboxed(const QStringList& Commands, QString BoxName, const QString& WrkDir)
bool CSandMan::RunSandboxed(const QStringList& Commands, QString BoxName, const QString& WrkDir, bool bShowFCP)
{
if (BoxName.isEmpty())
BoxName = theAPI->GetGlobalSettings()->GetText("DefaultBox", "DefaultBox");
CSelectBoxWindow* pSelectBoxWindow = new CSelectBoxWindow(Commands, BoxName, WrkDir, g_GUIParent);
if (bShowFCP) pSelectBoxWindow->ShowFCP();
connect(this, SIGNAL(Closed()), pSelectBoxWindow, SLOT(close()));
//pSelectBoxWindow->show();
return SafeExec(pSelectBoxWindow) == 1;
}
SB_RESULT(quint32) CSandMan::RunStart(const QString& BoxName, const QString& Command, bool Elevated, const QString& WorkingDir, QProcess* pProcess)
SB_RESULT(quint32) CSandMan::RunStart(const QString& BoxName, const QString& Command, CSbieAPI::EStartFlags Flags, const QString& WorkingDir, QProcess* pProcess)
{
auto pBoxEx = theAPI->GetBoxByName(BoxName).objectCast<CSandBoxPlus>();
if (pBoxEx && pBoxEx->UseImageFile() && pBoxEx->GetMountRoot().isEmpty()){
if (pBoxEx && pBoxEx->UseImageFile() && pBoxEx->GetMountRoot().isEmpty()) {
SB_STATUS Status = ImBoxMount(pBoxEx, true);
if (Status.IsError())
return Status;
}
return theAPI->RunStart(BoxName, Command, Elevated, WorkingDir, pProcess);
return theAPI->RunStart(BoxName, Command, Flags, WorkingDir, pProcess);
}
SB_STATUS CSandMan::ImBoxMount(const CSandBoxPtr& pBox, bool bAutoUnmount)
@ -2305,6 +2306,20 @@ void CSandMan::OnBoxClosed(const CSandBoxPtr& pBox)
AddAsyncOp(pProgress, true, tr("Executing OnBoxTerminate: %1").arg(Value2));
}
}
QString tempValPrefix = "Temp_";
QStringList to_delete;
QStringList list = pBox->GetTextList("Template", FALSE);
foreach(const QString& Value, list) {
if (tempValPrefix.compare(Value.left(5)) == 0)
to_delete.append(Value);
}
if (!to_delete.isEmpty()) {
foreach(const QString & Value, to_delete)
list.removeAt(list.indexOf(Value));
pBox->UpdateTextList("Template", list, FALSE);
}
if (!pBox->GetBool("NeverDelete", false))
{
if (pBox->GetBool("AutoDelete", false))
@ -2954,13 +2969,15 @@ void CSandMan::SaveMessageLog(QIODevice* pFile)
bool CSandMan::CheckCertificate(QWidget* pWidget, int iType)
{
QString Message;
if (iType == 1)
if (iType == 1 || iType == 2)
{
if (CERT_IS_LEVEL(g_CertInfo, eCertAdvanced))
if (CERT_IS_LEVEL(g_CertInfo, iType == 1 ? eCertAdvanced1 : eCertAdvanced))
return true;
Message = tr("The selected feature requires an <b>advanced</b> supporter certificate.");
if(g_CertInfo.active)
if (iType == 2 && CERT_IS_TYPE(g_CertInfo, eCertPatreon))
Message.append(tr("<br />you need to be on the Great Patreon level or higher to unlock this feature."));
else if (g_CertInfo.active)
Message.append(tr("<br /><a href=\"https://sandboxie-plus.com/go.php?to=sbie-upgrade-cert\">Upgrade your Certificate</a> to unlock advanced features."));
else
Message.append(tr("<br /><a href=\"https://sandboxie-plus.com/go.php?to=sbie-get-cert\">Become a project supporter</a>, and receive a <a href=\"https://sandboxie-plus.com/go.php?to=sbie-cert\">supporter certificate</a>"));

4
SandboxiePlus/SandMan/SandMan.h
View File

@ -91,8 +91,8 @@ public:
static void SafeShow(QWidget* pWidget);
int SafeExec(QDialog* pDialog);
bool RunSandboxed(const QStringList& Commands, QString BoxName = QString(), const QString& WrkDir = QString());
SB_RESULT(quint32) RunStart(const QString& BoxName, const QString& Command, bool Elevated = false, const QString& WorkingDir = QString(), QProcess* pProcess = NULL);
bool RunSandboxed(const QStringList& Commands, QString BoxName = QString(), const QString& WrkDir = QString(), bool bShowFCP = false);
SB_RESULT(quint32) RunStart(const QString& BoxName, const QString& Command, CSbieAPI::EStartFlags Flags = CSbieAPI::eStartDefault, const QString& WorkingDir = QString(), QProcess* pProcess = NULL);
SB_STATUS ImBoxMount(const CSandBoxPtr& pBox, bool bAutoUnmount = false);
void EditIni(const QString& IniPath, bool bPlus = false);

9
SandboxiePlus/SandMan/SandMan.pri
View File

@ -29,7 +29,8 @@ HEADERS += ./stdafx.h \
./Windows/SettingsWindow.h \
./Windows/OptionsWindow.h \
./Windows/SelectBoxWindow.h \
./Windows/SupportDialog.h\
./Windows/SupportDialog.h \
./Windows/TestProxyDialog.h \
./OnlineUpdater.h \
./Wizards/NewBoxWizard.h \
./Wizards/TemplateWizard.h \
@ -78,7 +79,8 @@ SOURCES += ./main.cpp \
./Windows/SettingsWindow.cpp \
./Windows/SnapshotsWindow.cpp \
./Windows/SelectBoxWindow.cpp \
./Windows/SupportDialog.cpp\
./Windows/SupportDialog.cpp \
./Windows/TestProxyDialog.cpp \
./OnlineUpdater.cpp \
./Wizards/NewBoxWizard.cpp \
./Wizards/TemplateWizard.cpp \
@ -102,7 +104,8 @@ FORMS += ./Forms/SelectBoxWindow.ui \
./Forms/SettingsWindow.ui \
./Forms/SnapshotsWindow.ui \
./Forms/BoxImageWindow.ui \
./Forms/CompressDialog.ui
./Forms/CompressDialog.ui \
./Forms/TestProxyDialog.ui
TRANSLATIONS += sandman_de.ts \
sandman_en.ts \

3
SandboxiePlus/SandMan/SandMan.vcxproj
View File

@ -440,8 +440,10 @@
<ClCompile Include="Wizards\NewBoxWizard.cpp" />
<ClCompile Include="Wizards\SetupWizard.cpp" />
<ClCompile Include="Wizards\TemplateWizard.cpp" />
<ClCompile Include="Windows\TestProxyDialog.cpp" />
</ItemGroup>
<ItemGroup>
<QtMoc Include="Windows\TestProxyDialog.h" />
<QtMoc Include="Windows\CompressDialog.h" />
<QtMoc Include="Wizards\BoxAssistant.h" />
<QtMoc Include="Windows\BoxImageWindow.h" />
@ -508,6 +510,7 @@
<QtUic Include="Forms\SelectBoxWindow.ui" />
<QtUic Include="Forms\SettingsWindow.ui" />
<QtUic Include="Forms\SnapshotsWindow.ui" />
<QtUic Include="Forms\TestProxyDialog.ui" />
</ItemGroup>
<ItemGroup>
<None Include="Resources\finder.cur" />

22
SandboxiePlus/SandMan/SandMan.vcxproj.filters
View File

@ -32,6 +32,9 @@
<Filter Include="Views">
<UniqueIdentifier>{34eca1e5-cd50-4876-9f54-9eec4c393150}</UniqueIdentifier>
</Filter>
<Filter Include="Dialogs">
<UniqueIdentifier>{6accf3ae-da17-4c0f-ba83-214e3874b029}</UniqueIdentifier>
</Filter>
<Filter Include="Helpers">
<UniqueIdentifier>{20d5954b-be86-4a34-948d-00954dcfd07b}</UniqueIdentifier>
</Filter>
@ -183,6 +186,9 @@
<ClCompile Include="Wizards\NewBoxWizard.cpp">
<Filter>Wizards</Filter>
</ClCompile>
<ClCompile Include="Helpers\StorageInfo.cpp">
<Filter>Helpers</Filter>
</ClCompile>
<ClCompile Include="Wizards\TemplateWizard.cpp">
<Filter>Wizards</Filter>
</ClCompile>
@ -225,8 +231,8 @@
<ClCompile Include="Windows\CompressDialog.cpp">
<Filter>Windows</Filter>
</ClCompile>
<ClCompile Include="Helpers\StorageInfo.cpp">
<Filter>Helpers</Filter>
<ClCompile Include="Windows\TestProxyDialog.cpp">
<Filter>Windows</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
@ -260,15 +266,15 @@
<ClInclude Include="Helpers\WinHelper.h">
<Filter>Helpers</Filter>
</ClInclude>
<ClInclude Include="Helpers\StorageInfo.h">
<Filter>Helpers</Filter>
</ClInclude>
<ClInclude Include="Engine\V4ScriptDebuggerApi.h">
<Filter>Engine</Filter>
</ClInclude>
<ClInclude Include="CustomStyles.h">
<Filter>SandMan</Filter>
</ClInclude>
<ClInclude Include="Helpers\StorageInfo.h">
<Filter>Helpers</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<QtMoc Include="SandMan.h">
@ -376,6 +382,9 @@
<QtMoc Include="Windows\CompressDialog.h">
<Filter>Windows</Filter>
</QtMoc>
<QtMoc Include="Windows\TestProxyDialog.h">
<Filter>Windows</Filter>
</QtMoc>
</ItemGroup>
<ItemGroup>
<QtRcc Include="Resources\SandMan.qrc">
@ -418,6 +427,9 @@
<QtUic Include="Forms\CompressDialog.ui">
<Filter>Form Files</Filter>
</QtUic>
<QtUic Include="Forms\TestProxyDialog.ui">
<Filter>Form Files</Filter>
</QtUic>
</ItemGroup>
<ItemGroup>
<None Include="sandman_de.ts">

2
SandboxiePlus/SandMan/SandManRecovery.cpp
View File

@ -357,6 +357,6 @@ void CSandMan::OnRecoveryLog()
{
if (!m_pRecoveryLogWnd->isVisible()) {
m_pRecoveryLogWnd->setWindowFlag(Qt::WindowStaysOnTopHint, theGUI->IsAlwaysOnTop());
SafeShow(m_pRecoveryLogWnd);
CSandMan::SafeShow(m_pRecoveryLogWnd);
}
}

4
SandboxiePlus/SandMan/SbiePlusAPI.cpp
View File

@ -92,11 +92,11 @@ void CSbiePlusAPI::StopMonitor()
m_BoxMonitor->Stop();
}
SB_RESULT(quint32) CSbiePlusAPI::RunStart(const QString& BoxName, const QString& Command, bool Elevated, const QString& WorkingDir, QProcess* pProcess)
SB_RESULT(quint32) CSbiePlusAPI::RunStart(const QString& BoxName, const QString& Command, EStartFlags Flags, const QString& WorkingDir,QProcess* pProcess)
{
if (!pProcess)
pProcess = new QProcess(this);
SB_RESULT(quint32) Status = CSbieAPI::RunStart(BoxName, Command, Elevated, WorkingDir, pProcess);
SB_RESULT(quint32) Status = CSbieAPI::RunStart(BoxName, Command, Flags, WorkingDir, pProcess);
if (pProcess->parent() == this) {
if (!Status.IsError()) {
connect(pProcess, SIGNAL(finished(int, QProcess::ExitStatus)), this, SLOT(OnStartFinished()));

5
SandboxiePlus/SandMan/SbiePlusAPI.h
View File

@ -31,8 +31,7 @@ public:
virtual void StopMonitor();
virtual SB_RESULT(quint32) RunStart(const QString& BoxName, const QString& Command, bool Elevated = false, const QString& WorkingDir = QString(), QProcess* pProcess = NULL);
virtual SB_RESULT(quint32) RunStart(const QString& BoxName, const QString& Command, EStartFlags Flags = eStartDefault, const QString& WorkingDir = QString(), QProcess* pProcess = NULL);
virtual bool IsStarting(qint64 pid) const { return m_PendingStarts.contains(pid); }
private slots:
@ -280,4 +279,4 @@ protected:
void CollectUpdates();
QList<QVariantMap> m_Updates;
};
};

6
SandboxiePlus/SandMan/Views/SbieView.cpp
View File

@ -1216,7 +1216,7 @@ void CSbieView::OnSandBoxAction(QAction* Action, const QList<CSandBoxPtr>& SandB
else if (Action == m_pMenuRunCmd)
Results.append(theGUI->RunStart(SandBoxes.first()->GetName(), "cmd.exe"));
else if (Action == m_pMenuRunCmdAdmin)
Results.append(theGUI->RunStart(SandBoxes.first()->GetName(), "cmd.exe", true));
Results.append(theGUI->RunStart(SandBoxes.first()->GetName(), "cmd.exe", CSbieAPI::eStartElevated));
#ifdef _WIN64
else if (Action == m_pMenuRunCmd32)
Results.append(theGUI->RunStart(SandBoxes.first()->GetName(), "C:\\WINDOWS\\SysWOW64\\cmd.exe"));
@ -1576,10 +1576,10 @@ void CSbieView::OnSandBoxAction(QAction* Action, const QList<CSandBoxPtr>& SandB
QString Command = Action->data().toString();
QString WorkingDir = Action->property("WorkingDir").toString();
if (Command.isEmpty())
Results.append(theGUI->RunStart(SandBoxes.first()->GetName(), "start_menu", false, WorkingDir));
Results.append(theGUI->RunStart(SandBoxes.first()->GetName(), "start_menu", CSbieAPI::eStartDefault, WorkingDir));
else {
auto pBoxEx = SandBoxes.first().objectCast<CSandBoxPlus>();
Results.append(theGUI->RunStart(SandBoxes.first()->GetName(), pBoxEx->GetFullCommand(Command), false, pBoxEx->GetFullCommand(WorkingDir)));
Results.append(theGUI->RunStart(SandBoxes.first()->GetName(), pBoxEx->GetFullCommand(Command), CSbieAPI::eStartDefault, pBoxEx->GetFullCommand(WorkingDir)));
}
}

19
SandboxiePlus/SandMan/Windows/OptionsAccess.cpp
View File

@ -238,10 +238,10 @@ void COptionsWindow::LoadAccessListTmpl(EAccessType Type, bool bChecked, bool bU
}
}
void COptionsWindow::ParseAndAddAccessEntry(EAccessEntry EntryType, const QString& Value, bool disabled, const QString& Template)
QPair<COptionsWindow::EAccessType, COptionsWindow::EAccessMode> COptionsWindow::SplitAccessType(EAccessEntry EntryType)
{
EAccessType Type;
EAccessMode Mode;
EAccessType Type = eMaxAccessType;
EAccessMode Mode = eMaxAccessMode;
switch (EntryType)
{
case eNormalFilePath: Type = eFile; Mode = eNormal; break;
@ -269,11 +269,18 @@ void COptionsWindow::ParseAndAddAccessEntry(EAccessEntry EntryType, const QStrin
case eOpenCOM: Type = eCOM; Mode = eOpen; break;
case eClosedCOM: Type = eCOM; Mode = eClosed; break;
case eClosedCOM_RT: Type = eCOM; Mode = eClosedRT; break;
default: return;
}
ParseAndAddAccessEntry(Type, Mode, Value, disabled, Template);
return qMakePair(Type, Mode);
}
void COptionsWindow::ParseAndAddAccessEntry(EAccessEntry EntryType, const QString& Value, bool disabled, const QString& Template)
{
QPair<EAccessType, EAccessMode> Type = SplitAccessType(EntryType);
if (Type.first == eMaxAccessType || Type.first == eMaxAccessMode)
return;
ParseAndAddAccessEntry(Type.first, Type.second, Value, disabled, Template);
}
void COptionsWindow::ParseAndAddAccessEntry(EAccessType Type, EAccessMode Mode, const QString& Value, bool disabled, const QString& Template)

22
SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
View File

@ -79,6 +79,7 @@ void COptionsWindow::CreateAdvanced()
connect(ui.chkGuiTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkComTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkNetFwTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkDnsTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkHookTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkDbgTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkErrTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
@ -131,7 +132,6 @@ void COptionsWindow::LoadAdvanced()
ui.chkUseSbieDeskHack->setChecked(m_pBox->GetBool("UseSbieDeskHack", true));
ui.chkUseSbieWndStation->setChecked(m_pBox->GetBool("UseSbieWndStation", true));
ui.chkAddToJob->setChecked(!m_pBox->GetBool("NoAddProcessToJob", false));
ui.chkProtectSCM->setChecked(!m_pBox->GetBool("UnrestrictedSCM", false));
ui.chkRestrictServices->setChecked(!m_pBox->GetBool("RunServicesAsSystem", false));
ui.chkElevateRpcss->setChecked(m_pBox->GetBool("RunRpcssAsSystem", false));
@ -205,8 +205,6 @@ void COptionsWindow::LoadAdvanced()
ui.chkHostProtectMsg->setEnabled(ui.chkHostProtect->isChecked());
ui.chkHostProtectMsg->setChecked(m_pBox->GetBool("NotifyImageLoadDenied", true));
ReadGlobalCheck(ui.chkSbieLogon, "SandboxieLogon", false);
LoadOptionList();
bool bGlobalNoMon = m_pBox->GetAPI()->GetGlobalSettings()->GetBool("DisableResourceMonitor", false);
@ -219,6 +217,7 @@ void COptionsWindow::LoadAdvanced()
ReadAdvancedCheck("GuiTrace", ui.chkGuiTrace, "*");
ReadAdvancedCheck("ClsidTrace", ui.chkComTrace, "*");
ReadAdvancedCheck("NetFwTrace", ui.chkNetFwTrace, "*");
ui.chkDnsTrace->setChecked(m_pBox->GetBool("DnsTrace", false));
ui.chkHookTrace->setChecked(m_pBox->GetBool("ApiTrace", false));
ui.chkDbgTrace->setChecked(m_pBox->GetBool("DebugTrace", false));
ui.chkErrTrace->setChecked(m_pBox->GetBool("ErrorTrace", false));
@ -415,8 +414,8 @@ void COptionsWindow::SaveAdvanced()
WriteAdvancedCheck(ui.chkHostProtect, "ProtectHostImages", "y", "");
WriteAdvancedCheck(ui.chkHostProtectMsg, "NotifyImageLoadDenied", "", "n");
WriteGlobalCheck(ui.chkSbieLogon, "SandboxieLogon", false);
bool bGlobalSbieLogon = m_pBox->GetAPI()->GetGlobalSettings()->GetBool("SandboxieLogon", false);
WriteAdvancedCheck(ui.chkSbieLogon, "SandboxieLogon", bGlobalSbieLogon ? "" : "y", bGlobalSbieLogon ? "n" : "");
SaveOptionList();
@ -430,6 +429,7 @@ void COptionsWindow::SaveAdvanced()
WriteAdvancedCheck(ui.chkGuiTrace, "GuiTrace", "*");
WriteAdvancedCheck(ui.chkComTrace, "ClsidTrace", "*");
WriteAdvancedCheck(ui.chkNetFwTrace, "NetFwTrace", "*");
WriteAdvancedCheck(ui.chkDnsTrace, "DnsTrace", "y");
WriteAdvancedCheck(ui.chkHookTrace, "ApiTrace", "y");
WriteAdvancedCheck(ui.chkDbgTrace, "DebugTrace", "y");
WriteAdvancedCheck(ui.chkErrTrace, "ErrorTrace", "y");
@ -556,7 +556,7 @@ void COptionsWindow::UpdateBoxIsolation()
{
ui.chkNoSecurityFiltering->setEnabled(ui.chkNoSecurityIsolation->isChecked());
ui.chkAddToJob->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
ui.chkAddToJob->setEnabled(!IsAccessEntrySet(eWnd, "", eOpen, "*") && !ui.chkNoSecurityIsolation->isChecked());
ui.chkNestedJobs->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
ui.chkOpenDevCMApi->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
@ -582,9 +582,19 @@ void COptionsWindow::UpdateBoxIsolation()
ui.chkCloseForBox->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
ui.chkNoOpenForBox->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
ui.chkSbieLogon->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
if (ui.chkNoSecurityIsolation->isChecked()) {
ui.chkCloseForBox->setChecked(false);
ui.chkNoOpenForBox->setChecked(false);
if (!IsAccessEntrySet(eWnd, "", eOpen, "*"))
ui.chkAddToJob->setChecked(false);
ui.chkSbieLogon->setChecked(false);
}
else {
if (!IsAccessEntrySet(eWnd, "", eOpen, "*"))
ui.chkAddToJob->setChecked(!m_pBox->GetBool("NoAddProcessToJob", false));
ReadGlobalCheck(ui.chkSbieLogon, "SandboxieLogon", false);
}
}

Some files were not shown because too many files have changed in this diff Show More