1.7.3

SandboxiePlus/QSbieAPI/Sandboxie/BoxedProcess.cpp

@@ -217,11 +217,12 @@ QString CBoxedProcess__GetPebString(HANDLE ProcessHandle, PEB_OFFSET Offset)
 
 bool CBoxedProcess::InitProcessInfo()
 {
-	HANDLE ProcessHandle;
-	ProcessHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, (DWORD)m_ProcessId);
-	if (ProcessHandle == INVALID_HANDLE_VALUE) // try with less rights
+	HANDLE ProcessHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, (DWORD)m_ProcessId);
+	if (ProcessHandle == NULL) // try with less rights
 		ProcessHandle = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, (DWORD)m_ProcessId);
-	if (ProcessHandle == INVALID_HANDLE_VALUE)
+	if (ProcessHandle == NULL) // try with even less rights
+		ProcessHandle = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, (DWORD)m_ProcessId);
+	if (ProcessHandle == NULL)
 		return false;
 
 	InitProcessInfoImpl(ProcessHandle);

SandboxiePlus/QSbieAPI/SbieAPI.cpp

@@ -1682,7 +1682,7 @@ quint64 CSbieAPI::QueryProcessInfo(quint32 ProcessId, quint32 InfoClass)
 
 	NTSTATUS status = m->IoControl(parms);
 	if (!NT_SUCCESS(status))
-		return -1;
+		return NULL;
 	return ResultValue;
 }
 

SandboxiePlus/SandMan/SbieProcess.cpp

@@ -138,9 +138,12 @@ void CSbieProcess::InitProcessInfoImpl(void* ProcessHandle)
 {
 	CBoxedProcess::InitProcessInfoImpl(ProcessHandle);
 
-	HANDLE TokenHandle = (HANDLE)m_pBox->Api()->QueryProcessInfo(m_ProcessId, 'ptok');
-	//if (NT_SUCCESS(NtOpenProcessToken(ProcessHandle, TOKEN_QUERY, &TokenHandle)))
-	if (TokenHandle != INVALID_HANDLE_VALUE)
+	HANDLE TokenHandle = NULL;
+	if(m_pBox->GetBool("NoSecurityIsolation") || m_pBox->GetBool("OriginalToken"))
+		NtOpenProcessToken(ProcessHandle, TOKEN_QUERY, &TokenHandle);
+	else
+		TokenHandle = (HANDLE)m_pBox->Api()->QueryProcessInfo(m_ProcessId, 'ptok');
+	if (TokenHandle)
 	{
 		ULONG returnLength;