mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

Merge branch 'master' into master

This commit is contained in:
DavidXanatos 2023-07-23 21:36:02 +02:00 committed by GitHub
parent ff3c94a46e 73b56519c2
commit 2fd586a7d2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
208 changed files with 29209 additions and 24182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@ -6,3 +6,6 @@ contact_links:
- name: LogApiDll (sandboxie-plus/LogApiDll)
url: https://github.com/sandboxie-plus/LogApiDll
about: API logging library that adds a verbose output to Sandboxie's trace log.
- name: Sbiextra (sandboxie-plus/sbiextra)
url: https://github.com/sandboxie-plus/sbiextra
about: A DLL that adds additional user mode restrictions to sandboxed processes.

3
.github/codeql/codeql-config.yml vendored Normal file
View File

@ -0,0 +1,3 @@
query-filters:
- exclude:
id: cpp/incorrect-string-type-conversion

103
.github/workflows/codeql.yml vendored Normal file
View File

@ -0,0 +1,103 @@
name: "CodeQL"
on:
workflow_dispatch:
push:
branches: [ 'master' ]
paths:
- '**.c'
- '**.cpp'
- '**.h'
pull_request:
types:
- opened
# The branches below must be a subset of the branches above.
branches: [ 'master' ]
paths:
- '**.c'
- '**.cpp'
- '**.h'
schedule:
- cron: '33 7 * * 6'
jobs:
analyze:
name: Analyze
if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule'
runs-on: windows-2019
timeout-minutes: 45
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'cpp' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Use only 'java' to analyze code written in Java, Kotlin or both.
# Use only 'javascript' to analyze code written in JavaScript, TypeScript or both.
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
steps:
- name: Cleanup build folder
run: |
rm -r -Force ${{ github.workspace }}\*
- name: Checkout repository
uses: actions/checkout@v3
- name: Setup msbuild
uses: microsoft/setup-msbuild@v1
# Qt 6 is only required for ARM64 build currently.
# - name: Install Qt6 x64
# uses: jurplel/install-qt-action@v3
# with:
# version: '6.3.1'
# arch: 'win64_msvc2019_64'
- name: Install Qt5 x64
uses: jurplel/install-qt-action@v3
with:
version: '5.15.2'
arch: 'win64_msvc2019_64'
cache: true
- name: Installing Jom
run: SandboxiePlus\install_jom.cmd
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql/codeql-config.yml
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
- name: Build Sandboxie x86
run: msbuild /t:build Sandboxie\Sandbox.sln /p:Configuration="SbieRelease" /p:Platform=Win32 -maxcpucount:8
- name: Build Sandboxie x64
run: msbuild /t:build Sandboxie\Sandbox.sln /p:Configuration="SbieRelease" /p:Platform=x64 -maxcpucount:8
- name: Build Sandboxie-Plus x64
run: SandboxiePlus\qmake_plus.cmd x64
- name: Build SbieShell x64
run: msbuild /t:restore,build -p:RestorePackagesConfig=true SandboxiePlus\SbieShell\SbieShell.sln /p:Configuration="Release" /p:Platform=x64
- name: Build Sandboxie-Tools x64
run: msbuild /t:build SandboxieTools\SandboxieTools.sln /p:Configuration="Release" /p:Platform=x64 -maxcpucount:8
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"

19
.github/workflows/codespell.yml vendored
View File

@ -46,6 +46,7 @@ jobs:
echo 'linve->live' >> dictionary.txt
echo 'actuallly->actually' >> dictionary.txt
echo 'asynchroniusly->asynchronously' >> dictionary.txt
echo 'synchroniusly->synchronously' >> dictionary.txt
echo 'seams->seems' >> dictionary.txt
echo 'selelction->selection' >> dictionary.txt
echo 'injectted->injected' >> dictionary.txt
@ -75,15 +76,25 @@ jobs:
echo 'auxyliary->auxiliary' >> dictionary.txt
echo 'squating->squatting' >> dictionary.txt
echo 'suppoter->supporter' >> dictionary.txt
echo 'crome->Chrome' >> dictionary.txt
echo 'chromim->Chromium' >> dictionary.txt
echo 'sandbocie->Sandboxie' >> dictionary.txt
echo 'routime->routine' >> dictionary.txt
echo 'explorere->explorer' >> dictionary.txt
echo 'mein->main' >> dictionary.txt
echo 'trigegred->triggered' >> dictionary.txt
echo 'windoe->window' >> dictionary.txt
echo 'hread->thread' >> dictionary.txt
echo 'tamplete->template' >> dictionary.txt
echo 'prising->praising' >> dictionary.txt
echo 'wi->we, will' >> dictionary.txt
echo 'dayly->daily' >> dictionary.txt
echo 'erdinal->ordinal' >> dictionary.txt
echo 'wizars->wizard' >> dictionary.txt
echo 'crome->Chrome' >> dictionary_code.txt
echo 'chromim->Chromium' >> dictionary_code.txt
echo 'kmdutill->kmdutil' >> dictionary_code.txt
echo 'sandbocie->Sandboxie' >> dictionary_code.txt
echo 'sanboxie->Sandboxie' >> dictionary_code.txt
echo "sandboxies->Sandboxie's, sandboxed" >> dictionary_code.txt
# Only lowercase letters are allowed in --ignore-words-list
codespell --dictionary=dictionary.txt --dictionary=dictionary_rare.txt --dictionary=dictionary_code.txt \
--ignore-words-list="wil,unknwn,tolen,pevent,doubleclick,parm,parms,etcp,ois,ba,ptd,modell,namesd,stdio,uint,errorstring,ontext,atend,deque,ecounter,nmake,namess,inh,daa,varient,lite,uis,emai,ws,slanguage" \
--ignore-words-list="wil,unknwn,tolen,pevent,doubleclick,parm,parms,etcp,ois,ba,ptd,modell,namesd,stdio,uint,errorstring,ontext,atend,deque,ecounter,nmake,namess,inh,daa,varient,lite,uis,emai,ws,slanguage,woh,tne,process'" \
--skip="./.git,./.github/workflows/codespell.yml,./dictionary*.txt,./Sandboxie/msgs/Text-*-*.txt,./Sandboxie/msgs/report/Report-*.txt,./SandboxiePlus/SandMan/*.ts,./Installer/Languages.iss,./Installer/isl/*.isl,./Sandboxie/common/Detours/Makefile,./Sandboxie/common/Detours/disasm.cpp,./Sandboxie/install/build.bat"

6
.github/workflows/lupdate.yml vendored
View File

@ -62,10 +62,10 @@ jobs:
- name: Setup msbuild
uses: microsoft/setup-msbuild@v1.3
- name: Build Sandboxie 64 bit
# This is needed to compile Parse.vcxproj
- name: Build Sandboxie x86
# This step is needed to compile Parse.vcxproj
run: |
msbuild /t:build Sandboxie\Sandbox.sln /p:Configuration="SbieRelease" /p:Platform=x64 -maxcpucount:8
msbuild /t:build Sandboxie\Sandbox.sln /p:Configuration="SbieRelease" /p:Platform=Win32 -maxcpucount:8
cd Sandboxie/msgs/SbieRelease
copy Parse.exe ../

250
.github/workflows/main.yml vendored
View File

@ -9,17 +9,7 @@ on:
branches: [ master ]
jobs:
Build:
#strategy:
# matrix:
# #platform: [Win32, x64]
# #qt-target: [win32_msvc2019, win64_msvc2019_64]
# include:
# - platform: Win32
# qt-target: win32_msvc2019
# - platform: x64
# qt-target: win64_msvc2019_64
Build_x64:
runs-on: windows-2019
timeout-minutes: 45
@ -30,50 +20,123 @@ jobs:
- name: Setup msbuild
uses: microsoft/setup-msbuild@v1.3
# - name: Do Tests
# run: .\TestCI.cmd
# - name: Build Sandboxie
# run: msbuild /t:build Sandboxie\Sandbox.sln /p:Configuration="SbieRelease" /p:Platform=${{ matrix.platform }}
#
# Compile Sandboxie Core
#
- name: Build Sandboxie x86
run: msbuild /t:build Sandboxie\Sandbox.sln /p:Configuration="SbieRelease" /p:Platform=Win32 -maxcpucount:8
- name: Build Sandboxie x86 (dll's & svc)
run: msbuild /t:build Sandboxie\SandboxDll.sln /p:Configuration="SbieRelease" /p:Platform=Win32 -maxcpucount:8
- name: Build Sandboxie x64
- name: Build Sandboxie x64 (all)
run: msbuild /t:build Sandboxie\Sandbox.sln /p:Configuration="SbieRelease" /p:Platform=x64 -maxcpucount:8
- name: Build Sandboxie ARM64
run: msbuild /t:build Sandboxie\Sandbox.sln /p:Configuration="SbieRelease" /p:Platform=ARM64 -maxcpucount:8
- name: Build Sandboxie ARM64EC
run: msbuild /t:build Sandboxie\Sandbox.sln /p:Configuration="SbieRelease" /p:Platform=ARM64EC -maxcpucount:8
#
# Prepare Qt Framework
#
#- name: Cache Qt
# id: cache-qt
# uses: actions/cache@v3
# with:
# path: ${{ runner.workspace }}\Qt
# key: Qt-6.3.1+5.15.2-QtCache
# - name: Install Qt6 x64
# uses: jurplel/install-qt-action@v3
# with:
# # version: '6.2.4'
# version: '6.3.1'
# # dir: ..
# # arch: ${{ matrix.qt-target }}
# arch: 'win64_msvc2019_64'
# # tools: 'tools_qtcreator,4.14.0-0-202012170949,qt.tools.qtcreator'
# cache: true
- name: Install Qt6 x64
- name: Install Qt5 x64
uses: jurplel/install-qt-action@v3
with:
# version: '6.2.4'
version: '6.3.1'
version: '5.15.2'
# dir: ..
# arch: ${{ matrix.qt-target }}
arch: 'win64_msvc2019_64'
# tools: 'tools_qtcreator,4.14.0-0-202012170949,qt.tools.qtcreator'
# cached: ${{ steps.cache-qt.outputs.cache-hit }}
cache: true
- name: Installing Jom
# if: steps.cache-qt.outputs.cache-hit != 'true'
run: SandboxiePlus\install_jom.cmd
#
# Compile Sandboxie Plus
#
- name: Build Sandboxie-Plus x64
run: SandboxiePlus\qmake_plus.cmd x64
- name: Build SbieShell x64
run: msbuild /t:restore,build -p:RestorePackagesConfig=true SandboxiePlus\SbieShell\SbieShell.sln /p:Configuration="Release" /p:Platform=x64
#
# Compile Sandboxie Tools
#
- name: Build Sandboxie-Tools x64
run: msbuild /t:build SandboxieTools\SandboxieTools.sln /p:Configuration="Release" /p:Platform=x64 -maxcpucount:8
#
# Merge everything together
#
# - name: Add Windows 7 compatible Qt6 DLLs
# run: Installer\fix_qt6_win7.cmd
- name: Merging Builds
run: Installer\merge_builds.cmd
- name: Collect installer assets
run: Installer\get_assets.cmd
- name: Upload installer assets
if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request'
uses: actions/upload-artifact@v3
with:
name: Assets
path: |
Installer/Assets/*
retention-days: 60
- name: Upload Sandboxie x64
if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request'
uses: actions/upload-artifact@v3
with:
name: Sandboxie_x64
path: |
Installer/SbiePlus_x64/*
retention-days: 60
Build_ARM64:
runs-on: windows-2019
timeout-minutes: 45
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup msbuild
uses: microsoft/setup-msbuild@v1.3
#
# Compile Sandboxie Core
#
- name: Build Sandboxie x86 (dll's & svc)
run: msbuild /t:build Sandboxie\SandboxDll.sln /p:Configuration="SbieRelease" /p:Platform=Win32 -maxcpucount:8
- name: Build Sandboxie ARM64 (all)
run: msbuild /t:build Sandboxie\Sandbox.sln /p:Configuration="SbieRelease" /p:Platform=ARM64 -maxcpucount:8
- name: Build Sandboxie ARM64EC (dll)
run: msbuild /t:build Sandboxie\SandboxDll.sln /p:Configuration="SbieRelease" /p:Platform=ARM64EC -maxcpucount:8
#
# Prepare Qt Framework
#
- name: Install Qt6 ARM64
uses: jurplel/install-qt-action@v3
with:
@ -85,16 +148,65 @@ jobs:
# tools: 'tools_qtcreator,4.14.0-0-202012170949,qt.tools.qtcreator'
cache: true
- name: Install Qt5 x64
uses: jurplel/install-qt-action@v3
- name: Installing Jom
# if: steps.cache-qt.outputs.cache-hit != 'true'
run: SandboxiePlus\install_jom.cmd
#
# Compile Sandboxie Plus
#
- name: Build Sandboxie-Plus ARM64
run: SandboxiePlus\qmake_plus.cmd ARM64
- name: Build SbieShell ARM64
run: msbuild /t:restore,build -p:RestorePackagesConfig=true SandboxiePlus\SbieShell\SbieShell.sln /p:Configuration="Release" /p:Platform=ARM64
#
# Compile Sandboxie Tools
#
- name: Build Sandboxie-Tools ARM64
run: msbuild /t:build SandboxieTools\SandboxieTools.sln /p:Configuration="Release" /p:Platform=ARM64 -maxcpucount:8
#
# Merge everything together
#
- name: Merging Builds
run: Installer\merge_builds.cmd
- name: Upload Sandboxie ARM64
if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request'
uses: actions/upload-artifact@v3
with:
version: '5.15.2'
# dir: ..
# arch: ${{ matrix.qt-target }}
arch: 'win64_msvc2019_64'
# tools: 'tools_qtcreator,4.14.0-0-202012170949,qt.tools.qtcreator'
# cached: ${{ steps.cache-qt.outputs.cache-hit }}
cache: true
name: Sandboxie_ARM64
path: |
Installer/SbiePlus_a64/*
retention-days: 60
Build_x86:
runs-on: windows-2019
timeout-minutes: 45
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup msbuild
uses: microsoft/setup-msbuild@v1.3
#
# Compile Sandboxie Core
#
- name: Build Sandboxie x86 (all)
run: msbuild /t:build Sandboxie\Sandbox.sln /p:Configuration="SbieRelease" /p:Platform=Win32 -maxcpucount:8
#
# Prepare Qt Framework
#
- name: Install Qt5 x86
uses: jurplel/install-qt-action@v3
@ -115,18 +227,6 @@ jobs:
# Compile Sandboxie Plus
#
- name: Build Sandboxie-Plus x64
run: SandboxiePlus\qmake_plus.cmd x64
- name: Build SbieShell x64
run: msbuild /t:restore,build -p:RestorePackagesConfig=true SandboxiePlus\SbieShell\SbieShell.sln /p:Configuration="Release" /p:Platform=x64
- name: Build Sandboxie-Plus ARM64
run: SandboxiePlus\qmake_plus.cmd ARM64
- name: Build SbieShell ARM64
run: msbuild /t:restore,build -p:RestorePackagesConfig=true SandboxiePlus\SbieShell\SbieShell.sln /p:Configuration="Release" /p:Platform=ARM64
- name: Build Sandboxie-Plus x86
run: SandboxiePlus\qmake_plus.cmd Win32
@ -137,13 +237,6 @@ jobs:
- name: Build Sandboxie-Tools x86
run: msbuild /t:build SandboxieTools\SandboxieTools.sln /p:Configuration="Release" /p:Platform=x86 -maxcpucount:8
- name: Build Sandboxie-Tools x64
run: msbuild /t:build SandboxieTools\SandboxieTools.sln /p:Configuration="Release" /p:Platform=x64 -maxcpucount:8
- name: Build Sandboxie-Tools ARM64
run: msbuild /t:build SandboxieTools\SandboxieTools.sln /p:Configuration="Release" /p:Platform=ARM64 -maxcpucount:8
#
# Merge everything together
#
@ -151,40 +244,11 @@ jobs:
- name: Add missing languages for Qt5 x86 (issue 1528)
run: Installer\fix_qt5_languages.cmd Win32
- name: Add Windows 7 compatible Qt6 DLLs
run: Installer\fix_qt6_win7.cmd
- name: Merging Builds
run: Installer\merge_builds.cmd
- name: Collect installer assets
run: Installer\get_assets.cmd
- name: Upload installer assets
uses: actions/upload-artifact@v3
with:
name: Assets
path: |
Installer/Assets/*
retention-days: 60
- name: Upload Sandboxie x64
uses: actions/upload-artifact@v3
with:
name: Sandboxie_x64
path: |
Installer/SbiePlus_x64/*
retention-days: 60
- name: Upload Sandboxie ARM64
uses: actions/upload-artifact@v3
with:
name: Sandboxie_ARM64
path: |
Installer/SbiePlus_a64/*
retention-days: 60
- name: Upload Sandboxie x86
if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request'
uses: actions/upload-artifact@v3
with:
name: Sandboxie_x86

230
.github/workflows/test.yml vendored
View File

@ -3,10 +3,13 @@ name: TEST
on:
workflow_dispatch:
# push:
# branches: [ master ]
# pull_request:
# branches: [ master ]
jobs:
Build:
Build_x64:
runs-on: windows-2019
timeout-minutes: 45
@ -17,8 +20,72 @@ jobs:
- name: Setup msbuild
uses: microsoft/setup-msbuild@v1.3
- name: Build Sandboxie x86
run: msbuild /t:build Sandboxie\Sandbox.sln /p:Configuration="SbieRelease" /p:Platform=Win32 -maxcpucount:8
#
# Compile Sandboxie Core
#
- name: Build Sandboxie x86 (dll's & svc)
run: msbuild /t:build Sandboxie\SandboxDll.sln /p:Configuration="SbieRelease" /p:Platform=Win32 -maxcpucount:8
- name: Build Sandboxie x64 (all)
run: msbuild /t:build Sandboxie\Sandbox.sln /p:Configuration="SbieRelease" /p:Platform=x64 -maxcpucount:8
#
# Prepare Qt Framework
#
# - name: Install Qt6 x64
# uses: jurplel/install-qt-action@v3
# with:
# # version: '6.2.4'
# version: '6.3.1'
# # dir: ..
# # arch: ${{ matrix.qt-target }}
# arch: 'win64_msvc2019_64'
# # tools: 'tools_qtcreator,4.14.0-0-202012170949,qt.tools.qtcreator'
# cache: true
- name: Install Qt5 x64
uses: jurplel/install-qt-action@v3
with:
version: '5.15.2'
# dir: ..
# arch: ${{ matrix.qt-target }}
arch: 'win64_msvc2019_64'
# tools: 'tools_qtcreator,4.14.0-0-202012170949,qt.tools.qtcreator'
# cached: ${{ steps.cache-qt.outputs.cache-hit }}
cache: true
- name: Installing Jom
# if: steps.cache-qt.outputs.cache-hit != 'true'
run: SandboxiePlus\install_jom.cmd
#
# Compile Sandboxie Plus
#
- name: Build Sandboxie-Plus x64
run: SandboxiePlus\qmake_plus.cmd x64
- name: Build SbieShell x64
run: msbuild /t:restore,build -p:RestorePackagesConfig=true SandboxiePlus\SbieShell\SbieShell.sln /p:Configuration="Release" /p:Platform=x64
#
# Compile Sandboxie Tools
#
- name: Build Sandboxie-Tools x64
run: msbuild /t:build SandboxieTools\SandboxieTools.sln /p:Configuration="Release" /p:Platform=x64 -maxcpucount:8
#
# Merge everything together
#
# - name: Add Windows 7 compatible Qt6 DLLs
# run: Installer\fix_qt6_win7.cmd
- name: Merging Builds
run: Installer\merge_builds.cmd
- name: Collect installer assets
run: Installer\get_assets.cmd
@ -30,3 +97,158 @@ jobs:
path: |
Installer/Assets/*
retention-days: 60
- name: Upload Sandboxie x64
uses: actions/upload-artifact@v3
with:
name: Sandboxie_x64
path: |
Installer/SbiePlus_x64/*
retention-days: 60
Build_ARM64:
runs-on: windows-2019
timeout-minutes: 45
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup msbuild
uses: microsoft/setup-msbuild@v1.3
#
# Compile Sandboxie Core
#
- name: Build Sandboxie x86 (dll's & svc)
run: msbuild /t:build Sandboxie\SandboxDll.sln /p:Configuration="SbieRelease" /p:Platform=Win32 -maxcpucount:8
- name: Build Sandboxie ARM64 (all)
run: msbuild /t:build Sandboxie\Sandbox.sln /p:Configuration="SbieRelease" /p:Platform=ARM64 -maxcpucount:8
- name: Build Sandboxie ARM64EC (dll)
run: msbuild /t:build Sandboxie\SandboxDll.sln /p:Configuration="SbieRelease" /p:Platform=ARM64EC -maxcpucount:8
#
# Prepare Qt Framework
#
- name: Install Qt6 ARM64
uses: jurplel/install-qt-action@v3
with:
# version: '6.2.4'
version: '6.3.1'
# dir: ..
# arch: ${{ matrix.qt-target }}
arch: 'win64_msvc2019_arm64'
# tools: 'tools_qtcreator,4.14.0-0-202012170949,qt.tools.qtcreator'
cache: true
- name: Installing Jom
# if: steps.cache-qt.outputs.cache-hit != 'true'
run: SandboxiePlus\install_jom.cmd
#
# Compile Sandboxie Plus
#
- name: Build Sandboxie-Plus ARM64
run: SandboxiePlus\qmake_plus.cmd ARM64
- name: Build SbieShell ARM64
run: msbuild /t:restore,build -p:RestorePackagesConfig=true SandboxiePlus\SbieShell\SbieShell.sln /p:Configuration="Release" /p:Platform=ARM64
#
# Compile Sandboxie Tools
#
- name: Build Sandboxie-Tools ARM64
run: msbuild /t:build SandboxieTools\SandboxieTools.sln /p:Configuration="Release" /p:Platform=ARM64 -maxcpucount:8
#
# Merge everything together
#
- name: Merging Builds
run: Installer\merge_builds.cmd
- name: Upload Sandboxie ARM64
uses: actions/upload-artifact@v3
with:
name: Sandboxie_ARM64
path: |
Installer/SbiePlus_a64/*
retention-days: 60
Build_x86:
runs-on: windows-2019
timeout-minutes: 45
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup msbuild
uses: microsoft/setup-msbuild@v1.3
#
# Compile Sandboxie Core
#
- name: Build Sandboxie x86 (all)
run: msbuild /t:build Sandboxie\Sandbox.sln /p:Configuration="SbieRelease" /p:Platform=Win32 -maxcpucount:8
#
# Prepare Qt Framework
#
- name: Install Qt5 x86
uses: jurplel/install-qt-action@v3
with:
version: '5.15.2'
# dir: ..
# arch: ${{ matrix.qt-target }}
arch: 'win32_msvc2019'
# tools: 'tools_qtcreator,4.14.0-0-202012170949,qt.tools.qtcreator'
# cached: ${{ steps.cache-qt.outputs.cache-hit }}
cache: true
- name: Installing Jom
# if: steps.cache-qt.outputs.cache-hit != 'true'
run: SandboxiePlus\install_jom.cmd
#
# Compile Sandboxie Plus
#
- name: Build Sandboxie-Plus x86
run: SandboxiePlus\qmake_plus.cmd Win32
#
# Compile Sandboxie Tools
#
- name: Build Sandboxie-Tools x86
run: msbuild /t:build SandboxieTools\SandboxieTools.sln /p:Configuration="Release" /p:Platform=x86 -maxcpucount:8
#
# Merge everything together
#
- name: Add missing languages for Qt5 x86 (issue 1528)
run: Installer\fix_qt5_languages.cmd Win32
- name: Merging Builds
run: Installer\merge_builds.cmd
- name: Upload Sandboxie x86
uses: actions/upload-artifact@v3
with:
name: Sandboxie_x86
path: |
Installer/SbiePlus_x86/*
retention-days: 60

55
CHANGELOG.md
View File

@ -7,11 +7,44 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.10.0 / 5.65.0] - 2023-07-??
## [1.10.1 / 5.65.1] - 2023-07-??
### Added
- added UI option to change ini editor [#3116](https://github.com/sandboxie-plus/Sandboxie/issues/3116)
- added Separate protection against box removal and content deletion [#3104] (https://github.com/sandboxie-plus/Sandboxie/issues/3104)
- added Add "auto scroll" in sbie messages, resource monitor, api call log context menu [#393](https://github.com/sandboxie-plus/Sandboxie/issues/393)
### Changed
- reworked Nt Object Handle handling
- "OpenClipboard=n" now is also implemented in user mode, making it work for green boxes
- changed Delete V2 scheme to use drive letters in FilePaths.dat (remains backwards compatible with using NT Paths) [#3053](https://github.com/sandboxie-plus/Sandboxie/issues/3053)
### Fixed
- fixed "Disable Security Isolation" causes a game to stop playing audio [#2893](https://github.com/sandboxie-plus/Sandboxie/issues/2893)
- fixed NtQueryDirectoryObject not implemented [#2734](https://github.com/sandboxie-plus/Sandboxie/issues/2734)
- fixed issue with working directory for run menu entries
- fixed inpoper global symlink in sandboxed namespace [#3112](https://github.com/sandboxie-plus/Sandboxie/issues/3112)
- fixed 'Addon already installed!' error when clicking 'Show Stack Trace' [#3114](https://github.com/sandboxie-plus/Sandboxie/issues/3114)
- fixed existing BoxNameTitle=process.exe,- removed when toggling other options [#3106](https://github.com/sandboxie-plus/Sandboxie/issues/3106)
- fixed asynchroniusly assigned PCA job not being properly detected [#1919](https://github.com/sandboxie-plus/Sandboxie/issues/1919)
- fixed incompatybility with first windows 10 release [#3117](https://github.com/sandboxie-plus/Sandboxie/issues/3117)
- fixed Remove Sandbox only deletes the contents of the sandbox when an application is running in the sandbox [#3118](https://github.com/sandboxie-plus/Sandboxie/issues/3118)
- fixed crash issue with not peroeprly termianted script engine [#3120](https://github.com/sandboxie-plus/Sandboxie/issues/3120)
- fixed ImDisk under Sandboxie supervision causes SBIE2337 and sometimes BSoD [#1092)(https://github.com/sandboxie-plus/Sandboxie/issues/1092)
- fixed Snapshots don't merge duplicate directory junctions [#3016](https://github.com/sandboxie-plus/Sandboxie/issues/3016)
- fixed Snapshot related issue when using Delete V2 rename functionality
- fixed issue with Delete V2 when using network shares
- fixed issue when using "UseVolumeSerialNumbers=y" with accessing drive roots
- fixed Remove-Snapshot resurrects deleted files when using Delete V2 [#3015](https://github.com/sandboxie-plus/Sandboxie/issues/3015)
## [1.10.0 / 5.65.0] - 2023-07-12
### Added
- added box scripting engine to make SandMan more flexible
- added scriptable troubleshooting wizard [#1875](https://github.com/sandboxie-plus/Sandboxie/issues/1875)
- added addon manager which helps to install additional and third-party components, available addons:
- [ImDisk Toolkit](https://sourceforge.net/projects/imdisk-toolkit/) - used to create RAM Disks and other virtual drives
@ -21,15 +54,31 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- [SbieHide.dll](https://github.com/VeroFess/SbieHide) - a third-party DLL to hide SbieDll.dll
- [LogAPI.dll](https://bsa.isoftware.nl/) - an API logging library used for Buster Sandbox Analyzer
- added option to set the update interval to 1, 7, 14 and 30 days
- added `What's new in Sandboxie-Plus` dialog in SbieCtrl.exe to praise the new features of the Plus UI
- Note: this is shown after the installation of Sandboxie Classic
- added "fixdacls" command to KmdUtil.exe, it repairs broken DACL entries on the Sandboxie folder to fix issues where SbieDll.dll fails to load
- added option to hide Sandboxie's own processes [#3054](https://github.com/sandboxie-plus/Sandboxie/issues/3054)
- added functionality to cache Sandboxie messages within the Plus UI [#2920](https://github.com/sandboxie-plus/Sandboxie/issues/2920)
- added button to invoke troubleshooting wizard directly from the SBIE message popup
### Changed
- setup wizard has now a dedicated update configuration page
- this page will be shown once for all users who do not have updates enabled
- split the support page into Sandboxie Support and Sandboxie Updater tabs
- when the troubleshooting.7z file is available, the script engine will be used to match compatibility templates
- this allows a better granularity in template selection by using the AppCompatibility.js script
- reworked low level code injection mechanism to improve flexibility and debugging
- the main injection detour code is now written in C instead of Assembler and can properly report SbieDll.dll loading errors as SBIE2181
- improved session agent startup to be more flexible
- improved SBIEMSG help handling, the link now contains message details allowing to point to a more exact document (if available)
- updated certificate validation code
### Fixed
- fixed uninstall issue in the Sandboxie Classic installer [d1863ff](https://github.com/sandboxie-plus/Sandboxie/commit/d1863ffadfe105c695de71c9e841c2fd568116fe)
- added workaround for Chrome not starting on Windows 11 with KB5027231 [#3040](https://github.com/sandboxie-plus/Sandboxie/issues/3040)
- improved compatibility with procmon/stack traces for debug builds
- fixed issue with non-standard command lines
- fixed online updater not checking every 7 days, but daily
### Removed
- cleaned up duplicate code (thanks lmou523) [#3067](https://github.com/sandboxie-plus/Sandboxie/pull/3067)

1
Installer/get_assets.cmd
View File

@ -30,6 +30,7 @@ copy %~dp0..\sandboxie\install\ParseVersion.bat %~dp0\Assets\Classic\install\
copy %~dp0..\sandboxie\install\Registry.nsh %~dp0\Assets\Classic\install\
copy %~dp0..\sandboxie\install\SandboxieVS.nsi %~dp0\Assets\Classic\install\
copy %~dp0..\sandboxie\install\Warning.ini %~dp0\Assets\Classic\install\
copy %~dp0..\sandboxie\install\whatsnew.html %~dp0\Assets\Classic\install\
mkdir %~dp0\Assets\Classic\msgs
mkdir %~dp0\Assets\Classic\msgs\SbieRelease
copy %~dp0..\sandboxie\msgs\SbieRelease\NsisText_Albanian.txt %~dp0\Assets\Classic\msgs\SbieRelease\

6
README.md
View File

@ -59,6 +59,7 @@ Sandboxie's functionality can be enhanced with specialized tools like the follow
* [LogApiDll](https://github.com/sandboxie-plus/LogApiDll) - adds a verbose output to Sandboxie's trace log, listing invocations of relevant Windows API functions
* [SbieHide](https://github.com/VeroFess/SbieHide) - attempts to hide the presence of SbieDll.dll from the application being sandboxed
* [SandboxToys2](https://github.com/blap/SandboxToys2) - allows to monitor files and registry changes in a sandbox
* [Sbiextra](https://github.com/sandboxie-plus/sbiextra) - adds additional user mode restrictions to sandboxed processes
## 📌 Project history
@ -107,8 +108,9 @@ If you find Sandboxie useful, then feel free to contribute through our [Contribu
- lmou523 - Code fixes
- sredna - Code fixes for Classic installer
- weihongx9315 - Code fix
- yfdyh000 - Localization support for Plus installer
- jorgectf - CodeQL workflow
- stephtr - CI / Certification
- yfdyh000 - Localization support for Plus installer
- Dyras - Templates additions
- cricri-pingouin - UI fixes
- Valinwolf - UI / Icons
@ -135,7 +137,7 @@ If you find Sandboxie useful, then feel free to contribute through our [Contribu
- JNylson - Portuguese and Brazilian Portuguese
- lufog - Russian
- sebadamus - Spanish
- pb1 - Swedish (provided by email)
- 1FF - Swedish (provided by email)
- xorcan, fmbxnary, offhub - Turkish
- SuperMaxusa, lufog - Ukrainian
- GunGunGun - Vietnamese

146
Sandboxie/SandboxDll.sln Normal file
View File

@ -0,0 +1,146 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.30804.86
MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SboxSvc", "core\svc\SboxSvc.vcxproj", "{2D3DBCAE-883E-54A6-F8F6-11228D989033}"
ProjectSection(ProjectDependencies) = postProject
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4} = {8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SboxMsg", "msgs\SboxMsg.vcxproj", "{63B0DDD2-5E3B-EF38-F711-9652D2EB73B3}"
ProjectSection(ProjectDependencies) = postProject
{7BA01954-12F1-4CEE-BA97-FAD3250D9776} = {7BA01954-12F1-4CEE-BA97-FAD3250D9776}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SboxDll", "core\dll\SboxDll.vcxproj", "{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}"
ProjectSection(ProjectDependencies) = postProject
{63B0DDD2-5E3B-EF38-F711-9652D2EB73B3} = {63B0DDD2-5E3B-EF38-F711-9652D2EB73B3}
{255002EC-9FC7-422E-B497-BE2CC5012B2D} = {255002EC-9FC7-422E-B497-BE2CC5012B2D}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "LowLevel", "core\low\LowLevel.vcxproj", "{255002EC-9FC7-422E-B497-BE2CC5012B2D}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Parse", "msgs\Parse.vcxproj", "{7BA01954-12F1-4CEE-BA97-FAD3250D9776}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SboxHostDll", "SboxHostDll\SboxHostDll.vcxproj", "{3A42A9F3-E0C7-4633-9570-381802D6647D}"
ProjectSection(ProjectDependencies) = postProject
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4} = {8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}
EndProjectSection
EndProject
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "core", "core", "{E9D1318A-FAF0-4EF8-8561-FCB03862AC99}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
SbieDebug|ARM64 = SbieDebug|ARM64
SbieDebug|ARM64EC = SbieDebug|ARM64EC
SbieDebug|Win32 = SbieDebug|Win32
SbieDebug|x64 = SbieDebug|x64
SbieRelease|ARM64 = SbieRelease|ARM64
SbieRelease|ARM64EC = SbieRelease|ARM64EC
SbieRelease|Win32 = SbieRelease|Win32
SbieRelease|x64 = SbieRelease|x64
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{2D3DBCAE-883E-54A6-F8F6-11228D989033}.SbieDebug|ARM64.ActiveCfg = SbieDebug|ARM64
{2D3DBCAE-883E-54A6-F8F6-11228D989033}.SbieDebug|ARM64.Build.0 = SbieDebug|ARM64
{2D3DBCAE-883E-54A6-F8F6-11228D989033}.SbieDebug|ARM64EC.ActiveCfg = SbieDebug|ARM64EC
{2D3DBCAE-883E-54A6-F8F6-11228D989033}.SbieDebug|ARM64EC.Build.0 = SbieDebug|ARM64EC
{2D3DBCAE-883E-54A6-F8F6-11228D989033}.SbieDebug|Win32.ActiveCfg = SbieDebug|Win32
{2D3DBCAE-883E-54A6-F8F6-11228D989033}.SbieDebug|Win32.Build.0 = SbieDebug|Win32
{2D3DBCAE-883E-54A6-F8F6-11228D989033}.SbieDebug|x64.ActiveCfg = SbieDebug|x64
{2D3DBCAE-883E-54A6-F8F6-11228D989033}.SbieDebug|x64.Build.0 = SbieDebug|x64
{2D3DBCAE-883E-54A6-F8F6-11228D989033}.SbieRelease|ARM64.ActiveCfg = SbieRelease|ARM64
{2D3DBCAE-883E-54A6-F8F6-11228D989033}.SbieRelease|ARM64.Build.0 = SbieRelease|ARM64
{2D3DBCAE-883E-54A6-F8F6-11228D989033}.SbieRelease|ARM64EC.ActiveCfg = SbieRelease|ARM64EC
{2D3DBCAE-883E-54A6-F8F6-11228D989033}.SbieRelease|ARM64EC.Build.0 = SbieRelease|ARM64EC
{2D3DBCAE-883E-54A6-F8F6-11228D989033}.SbieRelease|Win32.ActiveCfg = SbieRelease|Win32
{2D3DBCAE-883E-54A6-F8F6-11228D989033}.SbieRelease|Win32.Build.0 = SbieRelease|Win32
{2D3DBCAE-883E-54A6-F8F6-11228D989033}.SbieRelease|x64.ActiveCfg = SbieRelease|x64
{2D3DBCAE-883E-54A6-F8F6-11228D989033}.SbieRelease|x64.Build.0 = SbieRelease|x64
{63B0DDD2-5E3B-EF38-F711-9652D2EB73B3}.SbieDebug|ARM64.ActiveCfg = SbieRelease|ARM64
{63B0DDD2-5E3B-EF38-F711-9652D2EB73B3}.SbieDebug|ARM64.Build.0 = SbieRelease|ARM64
{63B0DDD2-5E3B-EF38-F711-9652D2EB73B3}.SbieDebug|ARM64EC.ActiveCfg = SbieRelease|x64
{63B0DDD2-5E3B-EF38-F711-9652D2EB73B3}.SbieDebug|Win32.ActiveCfg = SbieRelease|Win32
{63B0DDD2-5E3B-EF38-F711-9652D2EB73B3}.SbieDebug|Win32.Build.0 = SbieRelease|Win32
{63B0DDD2-5E3B-EF38-F711-9652D2EB73B3}.SbieDebug|x64.ActiveCfg = SbieRelease|x64
{63B0DDD2-5E3B-EF38-F711-9652D2EB73B3}.SbieDebug|x64.Build.0 = SbieRelease|x64
{63B0DDD2-5E3B-EF38-F711-9652D2EB73B3}.SbieRelease|ARM64.ActiveCfg = SbieRelease|ARM64
{63B0DDD2-5E3B-EF38-F711-9652D2EB73B3}.SbieRelease|ARM64.Build.0 = SbieRelease|ARM64
{63B0DDD2-5E3B-EF38-F711-9652D2EB73B3}.SbieRelease|ARM64EC.ActiveCfg = SbieRelease|x64
{63B0DDD2-5E3B-EF38-F711-9652D2EB73B3}.SbieRelease|Win32.ActiveCfg = SbieRelease|Win32
{63B0DDD2-5E3B-EF38-F711-9652D2EB73B3}.SbieRelease|Win32.Build.0 = SbieRelease|Win32
{63B0DDD2-5E3B-EF38-F711-9652D2EB73B3}.SbieRelease|x64.ActiveCfg = SbieRelease|x64
{63B0DDD2-5E3B-EF38-F711-9652D2EB73B3}.SbieRelease|x64.Build.0 = SbieRelease|x64
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}.SbieDebug|ARM64.ActiveCfg = SbieDebug|ARM64
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}.SbieDebug|ARM64.Build.0 = SbieDebug|ARM64
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}.SbieDebug|ARM64EC.ActiveCfg = SbieDebug|ARM64EC
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}.SbieDebug|ARM64EC.Build.0 = SbieDebug|ARM64EC
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}.SbieDebug|Win32.ActiveCfg = SbieDebug|Win32
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}.SbieDebug|Win32.Build.0 = SbieDebug|Win32
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}.SbieDebug|x64.ActiveCfg = SbieDebug|x64
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}.SbieDebug|x64.Build.0 = SbieDebug|x64
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}.SbieRelease|ARM64.ActiveCfg = SbieRelease|ARM64
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}.SbieRelease|ARM64.Build.0 = SbieRelease|ARM64
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}.SbieRelease|ARM64EC.ActiveCfg = SbieRelease|ARM64EC
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}.SbieRelease|ARM64EC.Build.0 = SbieRelease|ARM64EC
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}.SbieRelease|Win32.ActiveCfg = SbieRelease|Win32
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}.SbieRelease|Win32.Build.0 = SbieRelease|Win32
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}.SbieRelease|x64.ActiveCfg = SbieRelease|x64
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}.SbieRelease|x64.Build.0 = SbieRelease|x64
{255002EC-9FC7-422E-B497-BE2CC5012B2D}.SbieDebug|ARM64.ActiveCfg = SbieRelease|ARM64
{255002EC-9FC7-422E-B497-BE2CC5012B2D}.SbieDebug|ARM64.Build.0 = SbieRelease|ARM64
{255002EC-9FC7-422E-B497-BE2CC5012B2D}.SbieDebug|ARM64EC.ActiveCfg = SbieRelease|ARM64
{255002EC-9FC7-422E-B497-BE2CC5012B2D}.SbieDebug|ARM64EC.Build.0 = SbieRelease|ARM64
{255002EC-9FC7-422E-B497-BE2CC5012B2D}.SbieDebug|Win32.ActiveCfg = SbieRelease|Win32
{255002EC-9FC7-422E-B497-BE2CC5012B2D}.SbieDebug|Win32.Build.0 = SbieRelease|Win32
{255002EC-9FC7-422E-B497-BE2CC5012B2D}.SbieDebug|x64.ActiveCfg = SbieRelease|x64
{255002EC-9FC7-422E-B497-BE2CC5012B2D}.SbieDebug|x64.Build.0 = SbieRelease|x64
{255002EC-9FC7-422E-B497-BE2CC5012B2D}.SbieRelease|ARM64.ActiveCfg = SbieRelease|ARM64
{255002EC-9FC7-422E-B497-BE2CC5012B2D}.SbieRelease|ARM64.Build.0 = SbieRelease|ARM64
{255002EC-9FC7-422E-B497-BE2CC5012B2D}.SbieRelease|ARM64EC.ActiveCfg = SbieRelease|ARM64
{255002EC-9FC7-422E-B497-BE2CC5012B2D}.SbieRelease|ARM64EC.Build.0 = SbieRelease|ARM64
{255002EC-9FC7-422E-B497-BE2CC5012B2D}.SbieRelease|Win32.ActiveCfg = SbieRelease|Win32
{255002EC-9FC7-422E-B497-BE2CC5012B2D}.SbieRelease|Win32.Build.0 = SbieRelease|Win32
{255002EC-9FC7-422E-B497-BE2CC5012B2D}.SbieRelease|x64.ActiveCfg = SbieRelease|x64
{255002EC-9FC7-422E-B497-BE2CC5012B2D}.SbieRelease|x64.Build.0 = SbieRelease|x64
{7BA01954-12F1-4CEE-BA97-FAD3250D9776}.SbieDebug|ARM64.ActiveCfg = SbieRelease|Win32
{7BA01954-12F1-4CEE-BA97-FAD3250D9776}.SbieDebug|ARM64.Build.0 = SbieRelease|Win32
{7BA01954-12F1-4CEE-BA97-FAD3250D9776}.SbieDebug|ARM64EC.ActiveCfg = SbieRelease|Win32
{7BA01954-12F1-4CEE-BA97-FAD3250D9776}.SbieDebug|Win32.ActiveCfg = SbieRelease|Win32
{7BA01954-12F1-4CEE-BA97-FAD3250D9776}.SbieDebug|Win32.Build.0 = SbieRelease|Win32
{7BA01954-12F1-4CEE-BA97-FAD3250D9776}.SbieDebug|x64.ActiveCfg = SbieRelease|Win32
{7BA01954-12F1-4CEE-BA97-FAD3250D9776}.SbieRelease|ARM64.ActiveCfg = SbieRelease|Win32
{7BA01954-12F1-4CEE-BA97-FAD3250D9776}.SbieRelease|ARM64EC.ActiveCfg = SbieRelease|Win32
{7BA01954-12F1-4CEE-BA97-FAD3250D9776}.SbieRelease|Win32.ActiveCfg = SbieRelease|Win32
{7BA01954-12F1-4CEE-BA97-FAD3250D9776}.SbieRelease|Win32.Build.0 = SbieRelease|Win32
{7BA01954-12F1-4CEE-BA97-FAD3250D9776}.SbieRelease|x64.ActiveCfg = SbieRelease|Win32
{7BA01954-12F1-4CEE-BA97-FAD3250D9776}.SbieRelease|x64.Build.0 = SbieRelease|Win32
{3A42A9F3-E0C7-4633-9570-381802D6647D}.SbieDebug|ARM64.ActiveCfg = SbieDebug|ARM64
{3A42A9F3-E0C7-4633-9570-381802D6647D}.SbieDebug|ARM64.Build.0 = SbieDebug|ARM64
{3A42A9F3-E0C7-4633-9570-381802D6647D}.SbieDebug|ARM64EC.ActiveCfg = SbieDebug|x64
{3A42A9F3-E0C7-4633-9570-381802D6647D}.SbieDebug|Win32.ActiveCfg = SbieDebug|Win32
{3A42A9F3-E0C7-4633-9570-381802D6647D}.SbieDebug|Win32.Build.0 = SbieDebug|Win32
{3A42A9F3-E0C7-4633-9570-381802D6647D}.SbieDebug|x64.ActiveCfg = SbieDebug|x64
{3A42A9F3-E0C7-4633-9570-381802D6647D}.SbieDebug|x64.Build.0 = SbieDebug|x64
{3A42A9F3-E0C7-4633-9570-381802D6647D}.SbieRelease|ARM64.ActiveCfg = SbieRelease|ARM64
{3A42A9F3-E0C7-4633-9570-381802D6647D}.SbieRelease|ARM64.Build.0 = SbieRelease|ARM64
{3A42A9F3-E0C7-4633-9570-381802D6647D}.SbieRelease|ARM64EC.ActiveCfg = SbieRelease|x64
{3A42A9F3-E0C7-4633-9570-381802D6647D}.SbieRelease|Win32.ActiveCfg = SbieRelease|Win32
{3A42A9F3-E0C7-4633-9570-381802D6647D}.SbieRelease|Win32.Build.0 = SbieRelease|Win32
{3A42A9F3-E0C7-4633-9570-381802D6647D}.SbieRelease|x64.ActiveCfg = SbieRelease|x64
{3A42A9F3-E0C7-4633-9570-381802D6647D}.SbieRelease|x64.Build.0 = SbieRelease|x64
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(NestedProjects) = preSolution
{2D3DBCAE-883E-54A6-F8F6-11228D989033} = {E9D1318A-FAF0-4EF8-8561-FCB03862AC99}
{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4} = {E9D1318A-FAF0-4EF8-8561-FCB03862AC99}
{255002EC-9FC7-422E-B497-BE2CC5012B2D} = {E9D1318A-FAF0-4EF8-8561-FCB03862AC99}
{3A42A9F3-E0C7-4633-9570-381802D6647D} = {E9D1318A-FAF0-4EF8-8561-FCB03862AC99}
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {8CC68B2E-A32E-409D-8D3F-F68AF524E29C}
EndGlobalSection
EndGlobal

18
Sandboxie/apps/common/RunBrowser.cpp
View File

@ -150,12 +150,22 @@ void CRunBrowser::OpenHelp(CWnd *pParentWnd, const CString &topic)
CRunBrowser x(pParentWnd, GetTopicUrl(topic));
}
//---------------------------------------------------------------------------
// OpenForum
// EscapeForURL
//---------------------------------------------------------------------------
void CRunBrowser::OpenForum(CWnd *pParentWnd)
CString CRunBrowser::EscapeForURL(const CString& value)
{
CRunBrowser x(pParentWnd, L"https://sandboxie-plus.com/go.php?to=sbie-forum");
}
CString escapedValue;
DWORD bufferSize = (DWORD)(value.GetLength() * 3 + 1);
LPWSTR escapedBuffer = new WCHAR[bufferSize];
HRESULT hr = UrlEscapeW(value, escapedBuffer, &bufferSize, URL_ESCAPE_PERCENT | URL_ESCAPE_SEGMENT_ONLY);
if (hr == S_OK)
escapedValue = CString(escapedBuffer, bufferSize);
delete[] escapedBuffer;
return escapedValue;
}

2
Sandboxie/apps/common/RunBrowser.h
View File

@ -65,8 +65,8 @@ public:
static CString GetTopicUrl(const CString &topic);
static void OpenHelp(CWnd *pParentWnd, const CString &topic);
static void OpenForum(CWnd *pParentWnd);
static CString EscapeForURL(const CString& value);
};

22
Sandboxie/apps/common/WebView.c
View File

@ -813,7 +813,7 @@ long DisplayHTMLStr(HWND hwnd, LPCTSTR string)
// We want to get the base address (ie, a pointer) to the IWebBrowser2 object embedded within the browser
// object, so we can call some of the functions in the former's table.
if (!browserObject->lpVtbl->QueryInterface(browserObject, &IID_IWebBrowser2, (void**)&webBrowser2))
if (SUCCEEDED(browserObject->lpVtbl->QueryInterface(browserObject, &IID_IWebBrowser2, (void**)&webBrowser2)))
{
// Ok, now the pointer to our IWebBrowser2 object is in 'webBrowser2', and so its VTable is
// webBrowser2->lpVtbl.
@ -833,11 +833,11 @@ long DisplayHTMLStr(HWND hwnd, LPCTSTR string)
// Call the IWebBrowser2 object's get_Document so we can get its DISPATCH object. I don't know why you
// don't get the DISPATCH object via the browser object's QueryInterface(), but you don't.
if (!webBrowser2->lpVtbl->get_Document(webBrowser2, &lpDispatch))
if (SUCCEEDED(webBrowser2->lpVtbl->get_Document(webBrowser2, &lpDispatch)))
{
// We want to get a pointer to the IHTMLDocument2 object embedded within the DISPATCH
// object, so we can call some of the functions in the former's table.
if (!lpDispatch->lpVtbl->QueryInterface(lpDispatch, &IID_IHTMLDocument2, (void**)&htmlDoc2))
if (SUCCEEDED(lpDispatch->lpVtbl->QueryInterface(lpDispatch, &IID_IHTMLDocument2, (void**)&htmlDoc2)))
{
// Ok, now the pointer to our IHTMLDocument2 object is in 'htmlDoc2', and so its VTable is
// htmlDoc2->lpVtbl.
@ -846,7 +846,7 @@ long DisplayHTMLStr(HWND hwnd, LPCTSTR string)
// array of "VARIENT" structs. So let's create all that.
if ((sfArray = SafeArrayCreate(VT_VARIANT, 1, (SAFEARRAYBOUND *)&ArrayBound)))
{
if (!SafeArrayAccessData(sfArray, (void**)&pVar))
if (SUCCEEDED(SafeArrayAccessData(sfArray, (void**)&pVar)))
{
pVar->vt = VT_BSTR;
#ifndef UNICODE
@ -933,7 +933,7 @@ long DisplayHTMLPage(HWND hwnd, LPTSTR webPageName)
// We want to get the base address (ie, a pointer) to the IWebBrowser2 object embedded within the browser
// object, so we can call some of the functions in the former's table.
if (!browserObject->lpVtbl->QueryInterface(browserObject, &IID_IWebBrowser2, (void**)&webBrowser2))
if (SUCCEEDED(browserObject->lpVtbl->QueryInterface(browserObject, &IID_IWebBrowser2, (void**)&webBrowser2)))
{
// Ok, now the pointer to our IWebBrowser2 object is in 'webBrowser2', and so its VTable is
// webBrowser2->lpVtbl.
@ -1093,7 +1093,7 @@ long EmbedBrowserObject(HWND hwnd)
// _IOleClientSiteEx struct starts with an embedded IOleClientSite. So the browser won't care, and we want
// this extended struct passed to our IOleClientSite functions.
if (!OleCreate(&CLSID_WebBrowser, &IID_IOleObject, OLERENDER_DRAW, 0, (IOleClientSite *)_iOleClientSiteEx, &MyIStorage, (void**)&browserObject))
if (SUCCEEDED(OleCreate(&CLSID_WebBrowser, &IID_IOleObject, OLERENDER_DRAW, 0, (IOleClientSite *)_iOleClientSiteEx, &MyIStorage, (void**)&browserObject)))
{
// Ok, we now have the pointer to the browser object in 'browserObject'. Let's save this in the
// memory block we allocated above, and then save the pointer to that whole thing in our window's
@ -1133,11 +1133,11 @@ long EmbedBrowserObject(HWND hwnd)
GetClientRect(hwnd, &rect);
// Let browser object know that it is embedded in an OLE container.
if (!OleSetContainedObject((struct IUnknown *)browserObject, TRUE) &&
if (SUCCEEDED(OleSetContainedObject((struct IUnknown *)browserObject, TRUE)) &&
// Set the display area of our browser control the same as our window's size
// and actually put the browser object into our window.
!browserObject->lpVtbl->DoVerb(browserObject, OLEIVERB_SHOW, NULL, (IOleClientSite *)_iOleClientSiteEx, -1, hwnd, &rect) &&
SUCCEEDED(browserObject->lpVtbl->DoVerb(browserObject, OLEIVERB_SHOW, NULL, (IOleClientSite *)_iOleClientSiteEx, -1, hwnd, &rect)) &&
// Ok, now things may seem to get even trickier, One of those function pointers in the browser's VTable is
// to the QueryInterface() function. What does this function do? It lets us grab the base address of any
@ -1148,7 +1148,7 @@ long EmbedBrowserObject(HWND hwnd)
// object, so we can call some of the functions in the former's table. For example, one IWebBrowser2 function
// we intend to call below will be Navigate2(). So we call the browser object's QueryInterface to get our
// pointer to the IWebBrowser2 object.
!browserObject->lpVtbl->QueryInterface(browserObject, &IID_IWebBrowser2, (void**)&webBrowser2))
SUCCEEDED(browserObject->lpVtbl->QueryInterface(browserObject, &IID_IWebBrowser2, (void**)&webBrowser2)))
{
// Ok, now the pointer to our IWebBrowser2 object is in 'webBrowser2', and so its VTable is
// webBrowser2->lpVtbl.
@ -1226,7 +1226,7 @@ LRESULT CALLBACK WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
IOleObject *browserObject = *((IOleObject **)GetWindowLongPtr(hwnd, GWL_USERDATA));
IOleWindow *oleWindow;
if (!browserObject->lpVtbl->QueryInterface(browserObject, &IID_IOleWindow, (void**)&oleWindow))
if (SUCCEEDED(browserObject->lpVtbl->QueryInterface(browserObject, &IID_IOleWindow, (void**)&oleWindow)))
{
HWND hwndBrowser = NULL;
oleWindow->lpVtbl->GetWindow(oleWindow, &hwndBrowser);
@ -1357,4 +1357,4 @@ int CALLBACK WinMain(HINSTANCE hInstance, HINSTANCE hInstNULL, LPSTR lpszCmdLine
MessageBox(0, "Can't open OLE!", "ERROR", MB_OK);
return(-1);
}
*/
*/

10
Sandboxie/apps/control/MessageDialog.cpp
View File

@ -644,9 +644,13 @@ void CMessageDialog::DiscardMessages(
void CMessageDialog::OnHelp()
{
CString sbie = GetSBIExxxx(NULL, NULL);
if (! sbie.IsEmpty())
CRunBrowser::OpenHelp(this, sbie);
CString Detail;
CString sbie = GetSBIExxxx(NULL, &Detail);
if (!sbie.IsEmpty()) {
CString url = L"https://sandboxie-plus.com/go.php?to=sbie-" + sbie + "&detail=" + CRunBrowser::EscapeForURL(Detail);
CRunBrowser x(this, url);
//CRunBrowser::OpenHelp(this, sbie);
}
}

5
Sandboxie/apps/control/MyApp.cpp
View File

@ -83,12 +83,15 @@ BOOL CMyApp::InitInstance()
BOOL ForceVisible = FALSE;
BOOL ForceSync = FALSE;
BOOL PostSetup = FALSE;
WCHAR *CommandLine = GetCommandLine();
if (CommandLine) {
if (wcsstr(CommandLine, L"/open"))
ForceVisible = TRUE;
if (wcsstr(CommandLine, L"/sync"))
ForceSync = TRUE;
if (wcsstr(CommandLine, L"/postsetup"))
PostSetup = TRUE;
if (wcsstr(CommandLine, L"/uninstall")) {
CShellDialog::Sync(TRUE);
return TRUE;
@ -259,7 +262,7 @@ BOOL CMyApp::InitInstance()
// create main window
//
m_pMainWnd = new CMyFrame(ForceVisible, ForceSync);
m_pMainWnd = new CMyFrame(ForceVisible, ForceSync, PostSetup);
m_pMainWnd->UpdateWindow();
return TRUE;

57
Sandboxie/apps/control/MyFrame.cpp
View File

@ -147,6 +147,7 @@ BEGIN_MESSAGE_MAP(CMyFrame, CFrameWnd)
ON_COMMAND(ID_HELP_FORUM, OnCmdHelpForum)
ON_COMMAND(ID_HELP_UPDATE, OnCmdHelpUpdate)
ON_COMMAND(ID_HELP_UPGRADE, OnCmdHelpUpgrade)
ON_COMMAND(ID_HELP_WHATSNEW, OnCmdHelpWhatsNew)
ON_COMMAND(ID_HELP_MIGRATION, OnCmdHelpMigrate)
ON_COMMAND(ID_HELP_GET_CERT, OnCmdHelpGetCert)
ON_COMMAND(ID_HELP_SET_CERT, OnCmdHelpSetCert)
@ -196,7 +197,7 @@ IMPLEMENT_MENUXP(CMyFrame, CFrameWnd)
//---------------------------------------------------------------------------
CMyFrame::CMyFrame(BOOL ForceVisible, BOOL ForceSync)
CMyFrame::CMyFrame(BOOL ForceVisible, BOOL ForceSync, BOOL PostSetup)
{
m_mondlg = NULL;
m_msgdlg = NULL;
@ -204,6 +205,7 @@ CMyFrame::CMyFrame(BOOL ForceVisible, BOOL ForceSync)
m_view = m_view_old = 0;
m_hidden = FALSE;
m_ShowWhatsNew = PostSetup;
//CUserSettings::GetInstance().GetBool(_ShowWelcome, m_ShowWelcome, TRUE);
CUserSettings::GetInstance().GetBool(_AlwaysOnTop, m_AlwaysOnTop, FALSE);
@ -998,6 +1000,7 @@ void CMyFrame::OnCmdHelpSupport()
CRunBrowser x(this, L"https://sandboxie-plus.com/go.php?to=donate");
}
//---------------------------------------------------------------------------
// OnCmdHelpContribution
//---------------------------------------------------------------------------
@ -1008,6 +1011,7 @@ void CMyFrame::OnCmdHelpContribution()
CRunBrowser x(this, L"https://sandboxie-plus.com/go.php?to=sbie-contribute");
}
//---------------------------------------------------------------------------
// OnCmdHelpTopics
//---------------------------------------------------------------------------
@ -1018,6 +1022,7 @@ void CMyFrame::OnCmdHelpTopics()
CRunBrowser::OpenHelp(this, L"HelpTopics");
}
//---------------------------------------------------------------------------
// OnCmdHelpTutorial
//---------------------------------------------------------------------------
@ -1039,7 +1044,7 @@ void CMyFrame::OnCmdHelpTutorial()
void CMyFrame::OnCmdHelpForum()
{
CRunBrowser::OpenForum(this);
CRunBrowser x(this, L"https://sandboxie-plus.com/go.php?to=sbie-forum");
}
//---------------------------------------------------------------------------
@ -1063,6 +1068,33 @@ void CMyFrame::OnCmdHelpUpgrade()
CRunBrowser x(this, L"https://sandboxie-plus.com/go.php?to=sbie-plus&tip=upgrade");
}
//---------------------------------------------------------------------------
// OnCmdHelpWhatsNew
//---------------------------------------------------------------------------
extern "C" void OpenWebView(const WCHAR * url, const WCHAR * title);
void CMyFrame::OnCmdHelpWhatsNew()
{
CString url;
url.Format(L"https://sandboxie-plus.com/go.php?to=sbie-whatsnew&language=%d&version=%S", SbieDll_GetLanguage(NULL), MY_VERSION_STRING);
WCHAR path[MAX_PATH];
GetModuleFileName(NULL, path, sizeof(path) / sizeof(WCHAR) - 4);
WCHAR* ptr = wcsrchr(path, L'\\');
if (ptr) ptr[1] = L'\0';
CString file = CString(path) + L"whatsnew.html";
if (PathFileExists(file)) {
file.Replace(L"\\", L"/");
url = L"file:///" + file;
}
CMyMsg text(MSG_3469);
OpenWebView(url, text);
}
//---------------------------------------------------------------------------
// OnCmdHelpMigrate
//---------------------------------------------------------------------------
@ -1073,6 +1105,15 @@ void CMyFrame::OnCmdHelpMigrate()
{
CString url;
url.Format(L"https://sandboxie-plus.com/go.php?to=sbie-migration&language=%d", SbieDll_GetLanguage(NULL));
/*WCHAR path[MAX_PATH];
GetModuleFileName(NULL, path, sizeof(path) / sizeof(WCHAR) - 4);
WCHAR* ptr = wcsrchr(path, L'\\');
if (ptr) ptr[1] = L'\0';
CString url = L"file:///" + CString(path);
url.Replace(L"\\", L"/");
url.Append(L"static/plus-migration.html");*/
CMyMsg text(MSG_3468);
OpenWebView(url, text);
}
@ -2105,6 +2146,18 @@ void CMyFrame::OnTimer(UINT_PTR nIDEvent)
return;
}*/
//
// show what's new
//
if (m_ShowWhatsNew && (! inModalState)) {
m_ShowWhatsNew = FALSE;
OnCmdHelpWhatsNew();
return;
}
//
// resync shortcuts? usually Sandboxie Control does not resync
// the Run Sandboxed shortcuts on startup, except when the

4
Sandboxie/apps/control/MyFrame.h
View File

@ -55,6 +55,7 @@ class CMyFrame : public CFrameWnd
CPoint m_TrayPoint;
BOOL m_hidden;
BOOL m_ShowWhatsNew;
//BOOL m_ShowWelcome;
BOOL m_ReSyncShortcuts;
BOOL m_AutoRunSoftCompat;
@ -126,6 +127,7 @@ class CMyFrame : public CFrameWnd
afx_msg void OnCmdHelpForum();
afx_msg void OnCmdHelpUpdate();
afx_msg void OnCmdHelpUpgrade();
afx_msg void OnCmdHelpWhatsNew();
afx_msg void OnCmdHelpMigrate();
afx_msg void OnCmdHelpGetCert();
afx_msg void OnCmdHelpSetCert();
@ -161,7 +163,7 @@ class CMyFrame : public CFrameWnd
public:
CMyFrame(BOOL ForceVisible, BOOL ForceSync);
CMyFrame(BOOL ForceVisible, BOOL ForceSync, BOOL PostSetup);
~CMyFrame();
static CWnd *m_GettingStartedWindow;

3
Sandboxie/apps/control/SbieControl.rc
View File

@ -128,7 +128,8 @@ BEGIN
MENUITEM SEPARATOR
MENUITEM "3452", ID_HELP_TOPICS
MENUITEM "3453", ID_HELP_TUTORIAL
MENUITEM "3468", ID_HELP_MIGRATION
MENUITEM "3469", ID_HELP_WHATSNEW
//MENUITEM "3468", ID_HELP_MIGRATION
MENUITEM "3457", ID_HELP_FORUM
MENUITEM SEPARATOR
MENUITEM "3454", ID_HELP_UPDATE

57
Sandboxie/apps/control/Updater.cpp
View File

@ -31,7 +31,9 @@
#include "common/my_version.h"
#include "common/json/JSON.h"
#include "common/win32_ntddk.h"
#include "core/drv/api_defs.h"
#define UPDATE_INTERVAL (7 * 24 * 60 * 60)
//---------------------------------------------------------------------------
// Variables
@ -269,10 +271,59 @@ BOOLEAN CUpdater::QueryUpdateData(UPDATER_DATA* Context)
#endif
StrLang, Context->Manual ? L"0" : L"1");
if (!Context->Manual)
Path.AppendFormat(L"&interval=%d", UPDATE_INTERVAL);
CString update_key;
CSbieIni::GetInstance().GetText(_GlobalSettings, L"UpdateKey", update_key);
//CSbieIni::GetInstance().GetText(_GlobalSettings, L"UpdateKey", update_key);
WCHAR CertPath[MAX_PATH];
SbieApi_GetHomePath(NULL, 0, CertPath, MAX_PATH);
wcscat(CertPath, L"\\Certificate.dat");
HANDLE hFile = CreateFile(CertPath, FILE_GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile != INVALID_HANDLE_VALUE) {
char CertData[0x1000];
DWORD bytesRead = 0;
if (ReadFile(hFile, CertData, sizeof(CertData), &bytesRead, NULL)) {
CertData[bytesRead] = 0;
CString sCertData = CString(CertData);
int pos = sCertData.Find(L"UPDATEKEY:");
if (pos != -1) {
pos += 10;
int end = sCertData.Find(L"\n", pos);
if (end == -1) end = sCertData.GetLength();
update_key = sCertData.Mid(pos, end - pos).Trim();
}
}
CloseHandle(hFile);
}
if (!update_key.IsEmpty())
Path += L"&update_key=" + update_key;
update_key += "-";
QWORD RandID = 0;
SbieApi_Call(API_GET_SECURE_PARAM, 3, L"RandID", (ULONG_PTR)&RandID, sizeof(RandID));
if (RandID == 0) {
srand(GetTickCount());
RandID = QWORD(rand() & 0xFFFF) | (QWORD(rand() & 0xFFFF) << 16) | (QWORD(rand() & 0xFFFF) << 32) | (QWORD(rand() & 0xFFFF) << 48);
SbieApi_Call(API_SET_SECURE_PARAM, 3, L"RandID", (ULONG_PTR)&RandID, sizeof(RandID));
}
CString Section;
CString UserName;
BOOL IsAdmin;
CSbieIni::GetInstance().GetUser(Section, UserName, IsAdmin);
DWORD Hash = wcstoul(Section.Mid(13), NULL, 16);
QWORD HashID = RandID ^ (QWORD((Hash & 0xFFFF) ^ ((Hash >> 16) & 0xFFFF)) << 48); // fold the hash in half and xor it with the first 16 bit of RandID
wchar_t sHash[17];
wsprintf(sHash, L"%08X%08X", DWORD(HashID >> 32), DWORD(HashID));
update_key += sHash;
Path += L"&update_key=" + update_key;
if (!DownloadUpdateData(L"sandboxie-plus.com", Path, &jsonString, NULL)) {
Context->ErrorCode = GetLastError();
@ -507,7 +558,7 @@ ULONG CUpdater::UpdaterServiceThread(void *lpParameter)
__int64 NextUpdateCheck;
CUserSettings::GetInstance().GetNum64(_NextUpdateCheck, NextUpdateCheck, 0);
if (NextUpdateCheck != -1)
CUserSettings::GetInstance().SetNum64(_NextUpdateCheck, time(NULL) + 7 * 24 * 60 * 60);
CUserSettings::GetInstance().SetNum64(_NextUpdateCheck, time(NULL) + UPDATE_INTERVAL);
if (pContext->Manual)
CMyApp::MsgBox(NULL, MSG_3629, MB_OK);

1
Sandboxie/apps/control/resource.h
View File

@ -54,6 +54,7 @@
#define ID_HELP_UPDATE 40044
#define ID_HELP_UPGRADE 40046
#define ID_HELP_MIGRATION 40047
#define ID_HELP_WHATSNEW 40049
#define ID_HELP_CONTRIBUTION 40048
#define ID_HELP_GET_CERT 40054
#define ID_HELP_SET_CERT 40055

8
Sandboxie/apps/start/start.cpp
View File

@ -433,6 +433,10 @@ BOOL Parse_Command_Line(void)
if (_wcsnicmp(cmd, L"open_agent:", 11) == 0) {
cmd += 11;
tmp = Eat_String(cmd);
if (*cmd == L'\"') {
cmd++;
tmp--;
}
ULONG len = ULONG(tmp - cmd) * sizeof(WCHAR);
memcpy((WCHAR*)&buffer[req.length], cmd, len);
req.length += len;
@ -1220,8 +1224,8 @@ int Program_Start(void)
WCHAR *parms = Eat_String(cmdline);
if (parms && *parms) {
WCHAR *cmd2 = MyHeapAlloc(cmdline_len * sizeof(WCHAR));
WCHAR *arg2 = MyHeapAlloc(cmdline_len * sizeof(WCHAR));
WCHAR *cmd2 = MyHeapAlloc((cmdline_len + 1) * sizeof(WCHAR));
WCHAR *arg2 = MyHeapAlloc((cmdline_len + 1) * sizeof(WCHAR));
wcsncpy(cmd2, cmdline, parms - cmdline);
cmd2[parms - cmdline] = L'\0';

4
Sandboxie/common/my_version.h
View File

@ -21,8 +21,8 @@
#ifndef _MY_VERSION_H
#define _MY_VERSION_H
#define MY_VERSION_BINARY 5,65,0
#define MY_VERSION_STRING "5.65.0"
#define MY_VERSION_BINARY 5,65,1
#define MY_VERSION_STRING "5.65.1"
#define MY_ABI_VERSION 0x56000
// These #defines are used by either Resource Compiler or NSIS installer

44
Sandboxie/core/dll/com.c
View File

@ -1197,12 +1197,12 @@ _FX HRESULT Com_CoUnmarshalInterface_Common(
if (rpl) {
hr = rpl->h.status;
if (hr)
if (hr != S_OK)
Com_Free(rpl);
} else
hr = RPC_S_SERVER_UNAVAILABLE;
if (hr) {
if (hr != S_OK) {
Com_Trace(TraceType, NULL, riid, 0, hr);
if (hr == RPC_S_SERVER_UNAVAILABLE) {
IStream_Seek(pStream, *seekpos, STREAM_SEEK_SET, &posu);
@ -1278,11 +1278,11 @@ static HRESULT Com_CoMarshalInterface(
if (rpl) {
hr = rpl->h.status;
if (hr)
if (hr != S_OK)
Com_Free(rpl);
} else
hr = RPC_S_SERVER_UNAVAILABLE;
if (hr) {
if (hr != S_OK) {
Com_Trace(TraceType, NULL, riid, 0, hr);
Com_RpcRaiseException(hr);
return E_ABORT;
@ -2106,7 +2106,7 @@ _FX void Com_IUnknown_Add_Ref_Release(COM_IUNKNOWN *This, UCHAR op)
Com_Free(rpl);
} else
hr = RPC_S_SERVER_UNAVAILABLE;
if (hr)
if (hr != S_OK)
Com_RpcRaiseException(hr);
}
@ -2244,12 +2244,12 @@ _FX HRESULT Com_IClassFactory_CreateInstance(
if (rpl) {
hr = rpl->h.status;
if (hr)
if (hr != S_OK)
Com_Free(rpl);
} else
hr = RPC_S_SERVER_UNAVAILABLE;
if (hr) {
if (hr != S_OK) {
Com_Trace(TraceType, &This->Guid, riid, 0, hr);
Com_RpcRaiseException(hr);
return E_ABORT;
@ -2313,7 +2313,7 @@ _FX HRESULT Com_IClassFactory_New(
if (rpl) {
hr = rpl->h.status;
if (hr) {
if (hr != S_OK) {
Com_Free(rpl);
if (hr == ERROR_ELEVATION_REQUIRED && StringGUID) {
SbieApi_Log(2214, StringGUID);
@ -2323,7 +2323,7 @@ _FX HRESULT Com_IClassFactory_New(
}
} else
hr = RPC_S_SERVER_UNAVAILABLE;
if (hr) {
if (hr != S_OK) {
Com_RpcRaiseException(hr);
return E_ABORT;
}
@ -2417,11 +2417,11 @@ _FX HRESULT Com_OuterIUnknown_QueryInterface(
if (rpl) {
hr = rpl->h.status;
if (hr)
if (hr != S_OK)
Com_Free(rpl);
} else
hr = RPC_S_SERVER_UNAVAILABLE;
if (hr) {
if (hr != S_OK) {
Com_Trace(TraceType, &This->Guid, riid, 0, hr);
#ifndef REGHIVE_ALWAYS_MOUNT_NEVER_UNMOUNT // if not sbox build
Com_RpcRaiseException(hr);
@ -2588,13 +2588,13 @@ _FX HRESULT Com_IRpcChannelBuffer_SendReceive(
if (rpl) {
hr = rpl->h.status;
if (hr)
if (hr != S_OK)
Com_Free(rpl);
} else
hr = RPC_S_SERVER_UNAVAILABLE;
if (pStatus)
*pStatus = hr;
if (hr) {
if (hr != S_OK) {
Com_Trace(TraceType, NULL, &This->Guid, ProcNum, hr);
return E_ABORT;
}
@ -2731,11 +2731,11 @@ _FX HRESULT Com_IMarshal_MarshalInterface(
if (rpl) {
hr = rpl->h.status;
if (hr)
if (hr != S_OK)
Com_Free(rpl);
} else
hr = RPC_S_SERVER_UNAVAILABLE;
if (hr) {
if (hr != S_OK) {
Com_Trace(TraceType, NULL, &This->Guid, 0, hr);
Com_RpcRaiseException(hr);
return E_ABORT;
@ -2873,11 +2873,11 @@ _FX HRESULT Com_IClientSecurity_QueryBlanket(
if (rpl) {
hr = rpl->h.status;
if (hr)
if (hr != S_OK)
Com_Free(rpl);
} else
hr = RPC_S_SERVER_UNAVAILABLE;
if (hr) {
if (hr != S_OK) {
Com_Trace(TraceType, NULL, &This->Guid, 0, hr);
Com_RpcRaiseException(hr);
return E_ABORT;
@ -2958,11 +2958,11 @@ _FX HRESULT Com_IClientSecurity_SetBlanket(
if (rpl) {
hr = rpl->h.status;
if (hr)
if (hr != S_OK)
Com_Free(rpl);
} else
hr = RPC_S_SERVER_UNAVAILABLE;
if (hr) {
if (hr != S_OK) {
Com_Trace(TraceType, NULL, &This->Guid, 0, hr);
Com_RpcRaiseException(hr);
return E_ABORT;
@ -2996,11 +2996,11 @@ _FX HRESULT Com_IClientSecurity_CopyProxy(
if (rpl) {
hr = rpl->h.status;
if (hr)
if (hr != S_OK)
Com_Free(rpl);
} else
hr = RPC_S_SERVER_UNAVAILABLE;
if (hr) {
if (hr != S_OK) {
Com_Trace(TraceType, NULL, &This->Guid, 0, hr);
Com_RpcRaiseException(hr);
return E_ABORT;
@ -3608,4 +3608,4 @@ _FX HRESULT Com_IClassFactoryEx_New(
}
return hr;
}
*/
*/

15
Sandboxie/core/dll/dll.h
View File

@ -48,9 +48,10 @@ extern __declspec(dllexport) int __CRTDECL Sbie_snprintf(char *_Buffer, size_t C
#define TRUE_NAME_BUFFER 0
#define COPY_NAME_BUFFER 1
#define TMPL_NAME_BUFFER 2
#define MISC_NAME_BUFFER 3 // 4, 5, 6, 7
#define NAME_BUFFER_COUNT 8
#define NAME_BUFFER_DEPTH 16 // 12
#define NORM_NAME_BUFFER 3
#define MISC_NAME_BUFFER 4 // 5 - 11
#define NAME_BUFFER_COUNT 12
#define NAME_BUFFER_DEPTH 16
#ifdef _WIN64
@ -281,10 +282,10 @@ extern ULONG64 Dll_ProcessFlags;
#ifndef _WIN64
extern BOOLEAN Dll_IsWow64;
#endif
#ifdef _M_X64
#ifdef _M_ARM64EC
extern BOOLEAN Dll_IsArm64ec;
#endif
#ifndef _M_ARM64
#ifndef _WIN64
extern BOOLEAN Dll_IsXtAjit;
#endif
extern BOOLEAN Dll_IsSystemSid;
@ -506,7 +507,7 @@ BOOLEAN File_IsBlockedNetParam(const WCHAR *BoxName);
void File_GetSetDeviceMap(WCHAR *DeviceMap96);
void File_NotifyRecover(HANDLE FileHandle);
void File_NotifyRecover(HANDLE FileHandle, void* CloseParams);
//---------------------------------------------------------------------------
// Functions (key)
@ -520,7 +521,7 @@ NTSTATUS Key_MarkDeletedAndClose(HANDLE KeyHandle);
void Key_DiscardMergeByPath(const WCHAR *TruePath, BOOLEAN Recurse);
void Key_NtClose(HANDLE KeyHandle);
void Key_NtClose(HANDLE KeyHandle, void* CloseParams);
HANDLE Key_GetTrueHandle(HANDLE KeyHandle, BOOLEAN *pIsOpenPath);

96
Sandboxie/core/dll/dllmain.c
View File

@ -90,10 +90,10 @@ ULONG64 Dll_ProcessFlags = 0;
#ifndef _WIN64
BOOLEAN Dll_IsWow64 = FALSE;
#endif
#ifdef _M_X64
#ifdef _M_ARM64EC
BOOLEAN Dll_IsArm64ec = FALSE;
#endif
#ifndef _M_ARM64
#ifndef _WIN64
BOOLEAN Dll_IsXtAjit = FALSE;
#endif
BOOLEAN Dll_IsSystemSid = FALSE;
@ -772,46 +772,20 @@ _FX void Dll_SelectImageType(void)
//---------------------------------------------------------------------------
_FX ULONG_PTR Dll_Ordinal1(
ULONG_PTR arg1, ULONG_PTR arg2, ULONG_PTR arg3,
ULONG_PTR arg4, ULONG_PTR arg5)
_FX VOID Dll_Ordinal1(INJECT_DATA * inject)
{
typedef ULONG_PTR (*P_RtlFindActivationContextSectionString)(
ULONG_PTR arg1, ULONG_PTR arg2, ULONG_PTR arg3,
ULONG_PTR arg4, ULONG_PTR arg5);
P_RtlFindActivationContextSectionString RtlFindActCtx;
#if defined(_M_ARM64) || defined(_M_ARM64EC)
//
// on ARM64 we hook LdrLoadDll instead, using the prototype for
// RtlFindActCtx is fine though as arguments 1-8 are passed in registers
// so if we set x4 or not does not matter in the least
//
#endif
INJECT_DATA *inject;
SBIELOW_DATA *data;
ULONG dummy_prot;
SBIELOW_DATA *data = (SBIELOW_DATA *)inject->sbielow_data;
BOOLEAN bHostInject = FALSE;
extern HANDLE SbieApi_DeviceHandle;
//
// this code is invoked from our RtlFindActivationContextSectionString
// hook in core/low/entry.asm, with a parameter that points to the
// syscall/inject data area. the first ULONG64 in this data area
// includes a pointer to the SbieLow data area
//
inject = (struct _INJECT_DATA *)arg1;
data = (SBIELOW_DATA *)inject->sbielow_data;
SbieApi_data = data;
#ifdef _M_ARM64EC
// get the pointer to sys_call_list in the SYS_CALL_DATA struct
SbieApi_SyscallPtr = (ULONG*)((ULONG64)data->syscall_data + sizeof(ULONG) + sizeof(ULONG) + (NATIVE_FUNCTION_SIZE * NATIVE_FUNCTION_COUNT));
#endif
extern HANDLE SbieApi_DeviceHandle;
SbieApi_DeviceHandle = (HANDLE)data->api_device_handle;
//
// the SbieLow data area includes values that are useful to us
// so we copy them into dedicated variables if we are going to use them more often
@ -820,38 +794,15 @@ _FX ULONG_PTR Dll_Ordinal1(
bHostInject = data->flags.bHostInject == 1;
#ifndef _WIN64
Dll_IsWow64 = data->flags.is_wow64 == 1;
Dll_IsWow64 = data->flags.is_wow64 == 1; // x86 on x64 or arm64
#endif
#ifdef _M_X64
Dll_IsArm64ec = data->flags.is_arm64ec == 1;
#ifdef _M_ARM64EC
Dll_IsArm64ec = data->flags.is_arm64ec == 1; // x64 on arm64
#endif
#ifndef _M_ARM64
Dll_IsXtAjit = data->flags.is_xtajit == 1;
#ifndef _WIN64
Dll_IsXtAjit = data->flags.is_xtajit == 1; // x86 on arm64
#endif
SbieApi_DeviceHandle = (HANDLE)data->api_device_handle;
//
// our RtlFindActivationContextSectionString hook already restored
// the original bytes, but we should still restore the page protection
//
VirtualProtect((void *)(ULONG_PTR)inject->RtlFindActCtx, 5,
inject->RtlFindActCtx_Protect, &dummy_prot);
arg1 = (ULONG_PTR)inject->RtlFindActCtx_SavedArg1;
RtlFindActCtx = (P_RtlFindActivationContextSectionString)
inject->RtlFindActCtx;
//
// make sbielow_data read only, as it contsins required
// nt dll function copies it must stay executive
//
VirtualProtect((void *)data, sizeof(SBIELOW_DATA),
PAGE_EXECUTE_READ, &dummy_prot);
if (!bHostInject)
{
@ -905,7 +856,7 @@ _FX ULONG_PTR Dll_Ordinal1(
}
//
// explorer needs sandboxed COM show warning and terminate when COM is not sandboxies
// explorer needs sandboxed COM to show a warning and terminate when COM is not sandboxed
//
if (Dll_ImageType == DLL_IMAGE_SHELL_EXPLORER && SbieDll_IsOpenCOM()) {
@ -928,25 +879,6 @@ _FX ULONG_PTR Dll_Ordinal1(
{
Ldr_Inject_Init(TRUE);
}
//
// free the syscall/inject data area which is no longer needed
//
#ifdef _M_ARM64EC
SbieApi_SyscallPtr = NULL;
#endif
VirtualFree(inject, 0, MEM_RELEASE);
//
// conclude the detour by passing control back to the original
// RtlFindActivationContextSectionString. the detour code used
// jump rather than call to invoke this function (see entry.asm)
// so RtlFindActivationContextSectionString returns to its caller
//
return RtlFindActCtx(arg1, arg2, arg3, arg4, arg5);
}

2
Sandboxie/core/dll/dllmem.c
View File

@ -338,7 +338,7 @@ ALIGNED WCHAR *Dll_GetTlsNameBuffer(THREAD_DATA *data, ULONG which, ULONG size)
DbgTrace("Dll_GetTlsNameBuffer, %s, %d\r\n", func, which);
#endif
if (which >= NAME_BUFFER_COUNT - 4)
if (which >= NAME_BUFFER_COUNT - 2)
SbieApi_Log(2310, L"%d", which);
if (which >= NAME_BUFFER_COUNT) {
ExitProcess(-1);

27
Sandboxie/core/dll/file.c
View File

@ -189,6 +189,10 @@ static NTSTATUS File_MigrateFile(
const WCHAR *TruePath, const WCHAR *CopyPath,
BOOLEAN IsWritePath, BOOLEAN WithContents);
static NTSTATUS File_MigrateJunction(
const WCHAR *TruePath, const WCHAR *CopyPath,
BOOLEAN IsWritePath);
static NTSTATUS File_CopyShortName(
const WCHAR *TruePath, const WCHAR *CopyPath);
@ -869,8 +873,8 @@ check_sandbox_prefix:
// skip any suffix after the drive letter
if (File_DriveAddSN) {
WCHAR* ptr = wcschr(*OutTruePath + _DriveLen + 1, L'\\');
if (ptr)
len = (ULONG)(ptr - *OutTruePath);
if (!ptr) ptr = wcschr(*OutTruePath + _DriveLen + 1, L'\0');
len = (ULONG)(ptr - *OutTruePath);
}
File_GetName_FixTruePrefix(TlsData,
@ -1255,8 +1259,8 @@ check_sandbox_prefix:
*name = drive_letter;
++name;
if (File_DriveAddSN && *drive->sn)
{
if (File_DriveAddSN && *drive->sn) {
*name = L'~';
++name;
wcscpy(name, drive->sn);
@ -2534,7 +2538,8 @@ _FX NTSTATUS File_NtCreateFileImpl(
// SbieDrv has removed privileges
//
CreateOptions &= ~FILE_OPEN_FOR_BACKUP_INTENT;
if (!Dll_CompartmentMode)
CreateOptions &= ~FILE_OPEN_FOR_BACKUP_INTENT;
//
// get the full paths for the true and copy files.
@ -2912,8 +2917,7 @@ ReparseLoop:
}
}
else if (status == STATUS_OBJECT_NAME_NOT_FOUND ||
status == STATUS_OBJECT_PATH_NOT_FOUND) {
else if (status == STATUS_OBJECT_NAME_NOT_FOUND || status == STATUS_OBJECT_PATH_NOT_FOUND) {
//
// the CopyPath file does not exist, but its parent path may exist
@ -2965,7 +2969,7 @@ ReparseLoop:
// When using Rule specificity we need to create some dummy directories
//
File_CreateBoxedPath(TruePath);
File_CreateBoxedPath(OriginalPath ? OriginalPath : TruePath);
}
else if (OriginalPath) {
@ -3382,7 +3386,12 @@ ReparseLoop:
// write access, or else it would have been handled earlier already)
//
if (CreateDisposition == FILE_OPEN ||
if (FileType & TYPE_REPARSE_POINT) {
status = File_MigrateJunction(
TruePath, CopyPath, IsWritePath);
} else if (CreateDisposition == FILE_OPEN ||
CreateDisposition == FILE_OPEN_IF ||
TruePathColon) {

109
Sandboxie/core/dll/file_copy.c
View File

@ -466,3 +466,112 @@ _FX NTSTATUS File_MigrateFile(
return status;
}
//---------------------------------------------------------------------------
// File_MigrateJunction
//---------------------------------------------------------------------------
_FX NTSTATUS File_MigrateJunction(
const WCHAR* TruePath, const WCHAR* CopyPath,
BOOLEAN IsWritePath)
{
NTSTATUS status;
HANDLE TrueHandle, CopyHandle;
OBJECT_ATTRIBUTES objattrs;
UNICODE_STRING objname;
IO_STATUS_BLOCK IoStatusBlock;
FILE_NETWORK_OPEN_INFORMATION open_info;
InitializeObjectAttributes(
&objattrs, &objname, OBJ_CASE_INSENSITIVE, NULL, Secure_NormalSD);
//
// open TruePath. if we get a sharing violation trying to open it,
// try to get the driver to open it bypassing share access. if even
// this fails, then we can't copy the data, but can still create an
// empty file
//
RtlInitUnicodeString(&objname, TruePath);
status = __sys_NtCreateFile(
&TrueHandle, FILE_GENERIC_READ, &objattrs, &IoStatusBlock,
NULL, 0, FILE_SHARE_VALID_FLAGS,
FILE_OPEN, FILE_OPEN_REPARSE_POINT | FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);
/*if (IsWritePath && status == STATUS_ACCESS_DENIED)
status = STATUS_SHARING_VIOLATION;
if (status == STATUS_SHARING_VIOLATION) {
status = SbieApi_OpenFile(&TrueHandle, TruePath);
}*/
if (!NT_SUCCESS(status))
return status;
//
// query attributes and size of the TruePath file
//
status = __sys_NtQueryInformationFile(
TrueHandle, &IoStatusBlock, &open_info,
sizeof(FILE_NETWORK_OPEN_INFORMATION), FileNetworkOpenInformation);
//
// Get the reparse point data from the source
//
BYTE buf[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; // We need a large buffer
REPARSE_DATA_BUFFER* reparseDataBuffer = (REPARSE_DATA_BUFFER*)buf;
status = __sys_NtFsControlFile(TrueHandle, NULL, NULL, NULL, &IoStatusBlock, FSCTL_GET_REPARSE_POINT, NULL, 0, reparseDataBuffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE);
if (!NT_SUCCESS(status))
return status;
//
// Create the destination file with reparse point data
//
RtlInitUnicodeString(&objname, CopyPath);
status = __sys_NtCreateFile(
&CopyHandle, FILE_GENERIC_WRITE, &objattrs, &IoStatusBlock,
NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_VALID_FLAGS,
FILE_CREATE, FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE | FILE_OPEN_REPARSE_POINT,
NULL, 0);
if (!NT_SUCCESS(status))
return status;
//
// Set the reparse point data to the destination
//
#define REPARSE_MOUNTPOINT_HEADER_SIZE 8
status = __sys_NtFsControlFile(CopyHandle, NULL, NULL, NULL, &IoStatusBlock, FSCTL_SET_REPARSE_POINT, reparseDataBuffer, REPARSE_MOUNTPOINT_HEADER_SIZE + reparseDataBuffer->ReparseDataLength, NULL, 0);
//
// set information on the CopyPath file
//
if (NT_SUCCESS(status)) {
FILE_BASIC_INFORMATION info;
info.CreationTime.QuadPart = open_info.CreationTime.QuadPart;
info.LastAccessTime.QuadPart = open_info.LastAccessTime.QuadPart;
info.LastWriteTime.QuadPart = open_info.LastWriteTime.QuadPart;
info.ChangeTime.QuadPart = open_info.ChangeTime.QuadPart;
info.FileAttributes = open_info.FileAttributes;
status = File_SetAttributes(CopyHandle, CopyPath, &info);
}
NtClose(TrueHandle);
NtClose(CopyHandle);
return status;
}

258
Sandboxie/core/dll/file_del.c
View File

@ -314,6 +314,71 @@ _FX ULONG File_GetPathFlags_internal(LIST* Root, const WCHAR* Path, WCHAR** pRel
}
//---------------------------------------------------------------------------
// File_NormalizePath
//---------------------------------------------------------------------------
_FX const WCHAR* File_NormalizePath(const WCHAR* path, int slot)
{
//
// if we have a path that looks like any of these
// \Device\LanmanRedirector\server\shr\f1.txt
// \Device\LanmanRedirector\;Q:000000000000b09f\server\shr\f1.txt
// \Device\Mup\;LanmanRedirector\server\share\f1.txt
// \Device\Mup\;LanmanRedirector\;Q:000000000000b09f\server\share\f1.txt
// then translate to
// \Device\Mup\server\shr\f1.txt
// and test again. We do this because open/closed paths are
// recorded in the \Device\Mup format. See File_TranslateShares.
//
ULONG PrefixLen;
if (_wcsnicmp(path, File_Redirector, File_RedirectorLen - 1) == 0)
PrefixLen = File_RedirectorLen - 1;
else if (_wcsnicmp(path, File_MupRedir, File_MupRedirLen - 1) == 0)
PrefixLen = File_MupRedirLen - 1;
else if (_wcsnicmp(path, File_DfsClientRedir, File_DfsClientRedirLen - 1) == 0)
PrefixLen = File_DfsClientRedirLen - 1;
else if (_wcsnicmp(path, File_HgfsRedir, File_HgfsRedirLen - 1) == 0)
PrefixLen = File_HgfsRedirLen - 1;
else if (_wcsnicmp(path, File_Mup, File_MupLen - 1) == 0)
PrefixLen = File_MupLen - 1;
else
PrefixLen = 0;
if (PrefixLen && path[PrefixLen] == L'\\' &&
path[PrefixLen + 1] != L'\0') {
const WCHAR* ptr = path + PrefixLen;
if (ptr[1] == L';')
ptr = wcschr(ptr + 2, L'\\');
if (ptr && ptr[0] && ptr[1]) {
//
// the path represents a network share
//
THREAD_DATA *TlsData = Dll_GetTlsData(NULL);
ULONG len1 = wcslen(ptr + 1);
ULONG len2 = (File_MupLen + len1 + 8) * sizeof(WCHAR);
WCHAR* path2 = Dll_GetTlsNameBuffer(TlsData, slot, len2);
wmemcpy(path2, File_Mup, File_MupLen);
path2[File_MupLen] = L'\\';
wmemcpy(path2 + File_MupLen + 1, ptr + 1, len1 + 1);
len1 += File_MupLen + 1;
return path2;
}
}
return path;
}
//---------------------------------------------------------------------------
// File_GetPathFlags
//---------------------------------------------------------------------------
@ -327,7 +392,7 @@ _FX ULONG File_GetPathFlags(const WCHAR* Path, WCHAR** pRelocation)
EnterCriticalSection(File_PathRoot_CritSec);
Flags = File_GetPathFlags_internal(&File_PathRoot, Path, pRelocation, TRUE);
Flags = File_GetPathFlags_internal(&File_PathRoot, File_NormalizePath(Path, NORM_NAME_BUFFER), pRelocation, TRUE);
LeaveCriticalSection(File_PathRoot_CritSec);
@ -340,7 +405,7 @@ _FX ULONG File_GetPathFlags(const WCHAR* Path, WCHAR** pRelocation)
//---------------------------------------------------------------------------
_FX VOID File_SavePathNode_internal(HANDLE hPathsFile, LIST* parent, WCHAR* Path, ULONG Length, ULONG SetFlags)
_FX VOID File_SavePathNode_internal(HANDLE hPathsFile, LIST* parent, WCHAR* Path, ULONG Length, ULONG SetFlags, WCHAR* (*TranslatePath)(const WCHAR *))
{
IO_STATUS_BLOCK IoStatusBlock;
@ -369,7 +434,9 @@ _FX VOID File_SavePathNode_internal(HANDLE hPathsFile, LIST* parent, WCHAR* Path
if ((child->flags & ~SetFlags) != 0 || child->relocation != NULL) {
// write the path
NtWriteFile(hPathsFile, NULL, NULL, NULL, &IoStatusBlock, Path, Path_Len * sizeof(WCHAR), NULL, NULL);
WCHAR* PathEx = TranslatePath ? TranslatePath(Path) : NULL;
NtWriteFile(hPathsFile, NULL, NULL, NULL, &IoStatusBlock, PathEx ? PathEx : Path, wcslen(PathEx ? PathEx : Path) * sizeof(WCHAR), NULL, NULL);
if (PathEx) Dll_Free(PathEx);
// write the flags
_ultow(child->flags, FlagStr + 1, 16);
@ -377,15 +444,19 @@ _FX VOID File_SavePathNode_internal(HANDLE hPathsFile, LIST* parent, WCHAR* Path
// write the relocation
if (child->relocation != NULL) {
NtWriteFile(hPathsFile, NULL, NULL, NULL, &IoStatusBlock, FlagStr, sizeof(WCHAR), NULL, NULL); // write |
NtWriteFile(hPathsFile, NULL, NULL, NULL, &IoStatusBlock, child->relocation, wcslen(child->relocation) * sizeof(WCHAR), NULL, NULL);
WCHAR* RelocationEx = TranslatePath ? TranslatePath(child->relocation) : NULL;
NtWriteFile(hPathsFile, NULL, NULL, NULL, &IoStatusBlock, RelocationEx ? RelocationEx : child->relocation, wcslen(RelocationEx ? RelocationEx : child->relocation) * sizeof(WCHAR), NULL, NULL);
if (RelocationEx) Dll_Free(RelocationEx);
}
// write line ending
NtWriteFile(hPathsFile, NULL, NULL, NULL, &IoStatusBlock, (void*)CrLf, sizeof(CrLf) - sizeof(WCHAR), NULL, NULL);
}
File_SavePathNode_internal(hPathsFile, &child->items, Path, Path_Len, SetFlags | child->flags);
File_SavePathNode_internal(hPathsFile, &child->items, Path, Path_Len, SetFlags | child->flags, TranslatePath);
child = List_Next(child);
}
@ -397,7 +468,7 @@ _FX VOID File_SavePathNode_internal(HANDLE hPathsFile, LIST* parent, WCHAR* Path
//---------------------------------------------------------------------------
_FX VOID File_SavePathTree_internal(LIST* Root, const WCHAR* name)
_FX VOID File_SavePathTree_internal(LIST* Root, const WCHAR* name, WCHAR* (*TranslatePath)(const WCHAR *))
{
WCHAR PathsFile[MAX_PATH] = { 0 };
wcscpy(PathsFile, Dll_BoxFilePath);
@ -412,12 +483,12 @@ _FX VOID File_SavePathTree_internal(LIST* Root, const WCHAR* name)
HANDLE hPathsFile;
IO_STATUS_BLOCK IoStatusBlock;
if (!NT_SUCCESS(NtCreateFile(&hPathsFile, GENERIC_WRITE | SYNCHRONIZE , &objattrs, &IoStatusBlock, NULL, 0, FILE_SHARE_READ, FILE_OVERWRITE_IF, FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE, NULL, 0)))
if (!NT_SUCCESS(NtCreateFile(&hPathsFile, GENERIC_WRITE | SYNCHRONIZE, &objattrs, &IoStatusBlock, NULL, 0, FILE_SHARE_READ, FILE_OVERWRITE_IF, FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE, NULL, 0)))
return;
WCHAR* Path = (WCHAR *)Dll_Alloc((0x7FFF + 1)*sizeof(WCHAR)); // max nt path
File_SavePathNode_internal(hPathsFile, Root, Path, 0, 0);
File_SavePathNode_internal(hPathsFile, Root, Path, 0, 0, TranslatePath);
Dll_Free(Path);
@ -425,6 +496,84 @@ _FX VOID File_SavePathTree_internal(LIST* Root, const WCHAR* name)
}
//---------------------------------------------------------------------------
// File_TranslateNtToDosPath2
//---------------------------------------------------------------------------
_FX WCHAR* File_TranslateNtToDosPath2(const WCHAR *NtPath)
{
WCHAR *DosPath = NULL;
ULONG len_nt;
len_nt = wcslen(NtPath) + 11;
DosPath = Dll_Alloc(len_nt * sizeof(WCHAR));
wcscpy(DosPath, NtPath);
//
// Hack Hack: when we load a drive which does not exist we create an entry like
// L"\\C:\\path" in out tree to not forget it even though the NtPath is unknown
// here we must handle that special case and strip the L'\\'
//
const WCHAR* backslash = wcschr(DosPath+1, L'\\');
if (!backslash) backslash = wcschr(DosPath, L'\0');
if (*(backslash - 1) == L':') {
wmemmove(DosPath, DosPath + 1, wcslen(DosPath)); // -1 (for '\\') + 1 (for '\0')
return DosPath;
}
if (_wcsnicmp(DosPath, File_Mup, File_MupLen) == 0) {
WCHAR *ptr = DosPath + File_MupLen - 1;
wmemmove(DosPath + 1, ptr, wcslen(ptr) + 1);
} else {
const FILE_DRIVE *drive;
ULONG path_len, prefix_len;
path_len = wcslen(DosPath);
drive = File_GetDriveForPath(DosPath, path_len);
if (drive)
prefix_len = drive->len;
else
drive = File_GetDriveForUncPath(DosPath, path_len, &prefix_len);
if (drive) {
WCHAR drive_letter = drive->letter;
WCHAR *ptr = DosPath + prefix_len;
LeaveCriticalSection(File_DrivesAndLinks_CritSec);
if (*ptr == L'\\' || *ptr == L'\0') {
path_len = wcslen(ptr);
wmemmove(DosPath + 2, ptr, path_len + 1);
DosPath[0] = drive_letter;
DosPath[1] = L':';
if (File_DriveAddSN && *drive->sn) {
wmemmove(DosPath + 11, DosPath + 1, path_len + 2);
DosPath[1] = L'~';
wmemcpy(DosPath + 2, drive->sn, 9);
}
}
} else {
Dll_Free(DosPath);
DosPath = NULL;
}
}
return DosPath;
}
//---------------------------------------------------------------------------
// File_SavePathTree
//---------------------------------------------------------------------------
@ -434,7 +583,7 @@ _FX BOOLEAN File_SavePathTree()
{
EnterCriticalSection(File_PathRoot_CritSec);
File_SavePathTree_internal(&File_PathRoot, FILE_PATH_FILE_NAME);
File_SavePathTree_internal(&File_PathRoot, FILE_PATH_FILE_NAME, File_TranslateNtToDosPath2);
File_GetAttributes_internal(FILE_PATH_FILE_NAME, &File_PathsFileSize, &File_PathsFileDate, NULL);
@ -482,7 +631,7 @@ _FX void File_ReleaseMutex(HANDLE hMutex)
//---------------------------------------------------------------------------
_FX BOOLEAN File_LoadPathTree_internal(LIST* Root, const WCHAR* name)
_FX BOOLEAN File_LoadPathTree_internal(LIST* Root, const WCHAR* name, WCHAR* (*TranslatePath)(const WCHAR *))
{
WCHAR PathsFile[MAX_PATH] = { 0 };
wcscpy(PathsFile, Dll_BoxFilePath);
@ -529,16 +678,26 @@ _FX BOOLEAN File_LoadPathTree_internal(LIST* Root, const WCHAR* name)
WCHAR savechar = Line[LineLen];
Line[LineLen] = L'\0';
WCHAR* Path = Line;
WCHAR* Sep = wcschr(Line, L'|');
if (!Sep || Sep > Next) continue; // invalid line, flags field missing
*Sep = L'\0';
WCHAR* Relocation = NULL;
WCHAR* endptr;
ULONG Flags = wcstoul(Sep + 1, &endptr, 16);
if (endptr && *endptr == L'|') endptr++;
else endptr = NULL;
if (endptr && *endptr == L'|')
Relocation = endptr + 1;
File_SetPathFlags_internal(Root, Line, Flags, 0, endptr);
WCHAR* PathEx = TranslatePath ? TranslatePath(Path) : NULL;
WCHAR* RelocationEx = TranslatePath ? TranslatePath(Relocation) : NULL;
File_SetPathFlags_internal(Root, PathEx ? PathEx : Path, Flags, 0, RelocationEx ? RelocationEx : Relocation);
if (PathEx) Dll_Free(PathEx);
if (RelocationEx) Dll_Free(RelocationEx);
*Sep = L'|';
Line[LineLen] = savechar;
@ -552,6 +711,73 @@ _FX BOOLEAN File_LoadPathTree_internal(LIST* Root, const WCHAR* name)
}
//---------------------------------------------------------------------------
// File_TranslateDosToNtPath2
//---------------------------------------------------------------------------
_FX WCHAR *File_TranslateDosToNtPath2(const WCHAR *DosPath)
{
WCHAR *NtPath = NULL;
ULONG len_dos;
if (DosPath && DosPath[0] && DosPath[1]) {
if (DosPath[0] == L'\\' && DosPath[1] == L'\\') {
//
// network path
//
DosPath += 2;
len_dos = wcslen(DosPath) + 1;
NtPath = Dll_Alloc((File_MupLen + len_dos) * sizeof(WCHAR));
wmemcpy(NtPath, File_Mup, File_MupLen);
wmemcpy(NtPath + File_MupLen, DosPath, len_dos);
} else if (DosPath[0] != L'\\') {
const WCHAR* backslash = wcschr(DosPath, L'\\');
if(!backslash) backslash = wcschr(DosPath, L'\0');
if (*(backslash - 1) == L':') {
ULONG path_pos = (ULONG)(backslash - DosPath);
//
// drive-letter path
//
FILE_DRIVE* drive = File_GetDriveForLetter(DosPath[0]);
if (drive) {
if (File_DriveAddSN && *drive->sn) {
//
// if the volume serial numbers dont match return NULL
//
if (_wcsnicmp(DosPath + 2, drive->sn, 9) != 0) {
LeaveCriticalSection(File_DrivesAndLinks_CritSec);
return NULL;
}
}
DosPath += path_pos;
len_dos = wcslen(DosPath) + 1;
NtPath = Dll_Alloc((drive->len + len_dos) * sizeof(WCHAR));
wmemcpy(NtPath, drive->path, drive->len);
wmemcpy(NtPath + drive->len, DosPath, len_dos);
LeaveCriticalSection(File_DrivesAndLinks_CritSec);
}
}
}
}
return NtPath;
}
//---------------------------------------------------------------------------
// File_LoadPathTree
//---------------------------------------------------------------------------
@ -563,7 +789,7 @@ _FX BOOLEAN File_LoadPathTree()
EnterCriticalSection(File_PathRoot_CritSec);
File_LoadPathTree_internal(&File_PathRoot, FILE_PATH_FILE_NAME);
File_LoadPathTree_internal(&File_PathRoot, FILE_PATH_FILE_NAME, File_TranslateDosToNtPath2);
LeaveCriticalSection(File_PathRoot_CritSec);
@ -738,7 +964,7 @@ _FX NTSTATUS File_MarkDeleted_v2(const WCHAR* TruePath)
EnterCriticalSection(File_PathRoot_CritSec);
BOOLEAN bSet = File_MarkDeleted_internal(&File_PathRoot, TruePath);
BOOLEAN bSet = File_MarkDeleted_internal(&File_PathRoot, File_NormalizePath(TruePath, NORM_NAME_BUFFER));
LeaveCriticalSection(File_PathRoot_CritSec);
@ -876,7 +1102,7 @@ _FX NTSTATUS File_SetRelocation(const WCHAR* OldTruePath, const WCHAR* NewTruePa
EnterCriticalSection(File_PathRoot_CritSec);
File_SetRelocation_internal(&File_PathRoot, OldTruePath, NewTruePath);
File_SetRelocation_internal(&File_PathRoot, File_NormalizePath(OldTruePath, NORM_NAME_BUFFER), File_NormalizePath(NewTruePath, MISC_NAME_BUFFER));
LeaveCriticalSection(File_PathRoot_CritSec);

36
Sandboxie/core/dll/file_dir.c
View File

@ -194,7 +194,7 @@ static NTSTATUS File_NtQueryVolumeInformationFile(
NTSTATUS File_NtCloseImpl(HANDLE FileHandle);
VOID File_NtCloseDir(HANDLE FileHandle);
VOID File_NtCloseDir(HANDLE FileHandle, void* CloseParams);
//---------------------------------------------------------------------------
// Variables
@ -484,7 +484,7 @@ _FX NTSTATUS File_Merge(
} else {
Handle_UnRegisterCloseHandler(merge->handle, File_NtCloseDir);
Handle_UnRegisterHandler(merge->handle, File_NtCloseDir, NULL);
List_Remove(&File_DirHandles, merge);
File_MergeFree(merge);
}
@ -528,7 +528,7 @@ _FX NTSTATUS File_Merge(
}
List_Insert_After(&File_DirHandles, NULL, merge);
Handle_RegisterCloseHandler(merge->handle, File_NtCloseDir);
Handle_RegisterHandler(merge->handle, File_NtCloseDir, NULL, FALSE);
}
//
@ -617,8 +617,21 @@ _FX NTSTATUS File_OpenForMerge(
if (FILE_PATH_DELETED(TruePathFlags))
TruePathDeleted = TRUE;
else if (OldTruePath) {
OriginalPath = TruePath;
TruePath = OldTruePath;
if (File_Snapshot != NULL) {
//
// note: File_ResolveTruePath returns a buffer from the TMPL_NAME_BUFFER slot,
// which is reused byFile_MakeSnapshotPath, so we need to make non reusable copy
//
TruePath = Dll_GetTlsNameBuffer(TlsData, MISC_NAME_BUFFER, (wcslen(OldTruePath) + 1) * sizeof(WCHAR));
wcscpy(TruePath, OldTruePath);
}
else
TruePath = OldTruePath;
}
}
else {
@ -1535,7 +1548,7 @@ _FX NTSTATUS File_MergeDummy(
}
if (cmp != 0) { // skip duplicates
if (ins_point)
List_Insert_Before(cache_list, ins_point, cache_file);
else
@ -2267,8 +2280,6 @@ _FX NTSTATUS File_NtCloseImpl(HANDLE FileHandle)
THREAD_DATA *TlsData = Dll_GetTlsData(&LastError);
NTSTATUS status;
ULONG i;
P_CloseHandler CloseHandlers[MAX_CLOSE_HANDLERS];
BOOLEAN DeleteOnClose = FALSE;
UNICODE_STRING uni;
WCHAR *DeletePath = NULL;
@ -2308,13 +2319,7 @@ _FX NTSTATUS File_NtCloseImpl(HANDLE FileHandle)
// and prepare the DeleteOnClose if its set
//
if (Handle_FreeCloseHandler(FileHandle, &CloseHandlers[0], &DeleteOnClose)) {
for (i = 0; i < MAX_CLOSE_HANDLERS; i++) {
if(CloseHandlers[i] != NULL)
CloseHandlers[i](FileHandle);
}
}
Handle_ExecuteCloseHandler(FileHandle, &DeleteOnClose);
//
// prepare delete disposition if set
@ -2397,7 +2402,7 @@ _FX NTSTATUS File_NtCloseImpl(HANDLE FileHandle)
//---------------------------------------------------------------------------
_FX VOID File_NtCloseDir(HANDLE FileHandle)
_FX VOID File_NtCloseDir(HANDLE FileHandle, void* CloseParams)
{
FILE_MERGE *merge;
@ -2407,7 +2412,6 @@ _FX VOID File_NtCloseDir(HANDLE FileHandle)
while (merge) {
FILE_MERGE *next = List_Next(merge);
if (merge->handle == FileHandle) {
Handle_UnRegisterCloseHandler(merge->handle, File_NtCloseDir);
List_Remove(&File_DirHandles, merge);
File_MergeFree(merge);
}

6
Sandboxie/core/dll/file_recovery.c
View File

@ -1,6 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020-2022 David Xanatos, xanasoft.com
* Copyright 2020-2023 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -348,7 +348,7 @@ _FX BOOLEAN File_RecordRecover(HANDLE FileHandle, const WCHAR *TruePath)
//}
if (IsRecoverable != FALSE)
Handle_RegisterCloseHandler(FileHandle, File_NotifyRecover);
Handle_RegisterHandler(FileHandle, File_NotifyRecover, NULL, TRUE);
return IsRecoverable == TRUE;
}
@ -359,7 +359,7 @@ _FX BOOLEAN File_RecordRecover(HANDLE FileHandle, const WCHAR *TruePath)
//---------------------------------------------------------------------------
_FX void File_NotifyRecover(HANDLE FileHandle)
_FX void File_NotifyRecover(HANDLE FileHandle, void* CloseParams)
{
THREAD_DATA *TlsData = Dll_GetTlsData(NULL);

12
Sandboxie/core/dll/file_snapshots.c
View File

@ -36,7 +36,7 @@ typedef struct _FILE_SNAPSHOT {
WCHAR ID[FILE_MAX_SNAPSHOT_ID];
ULONG IDlen;
ULONG ScramKey;
//WCHAR Name[34];
//WCHAR Name[BOXNAME_COUNT];
struct _FILE_SNAPSHOT* Parent;
LIST PathRoot;
} FILE_SNAPSHOT, *PFILE_SNAPSHOT;
@ -278,7 +278,7 @@ _FX ULONG File_GetPathFlagsEx(const WCHAR *TruePath, const WCHAR *CopyPath, WCHA
// check true path relocation and deletion for the active state
//
Flags = File_GetPathFlags_internal(&File_PathRoot, TruePath, &Relocation, TRUE); // this requires a name buffer
Flags = File_GetPathFlags_internal(&File_PathRoot, File_NormalizePath(TruePath, NORM_NAME_BUFFER), &Relocation, TRUE); // this requires a name buffer
if (FILE_PATH_DELETED(Flags))
goto finish;
}
@ -373,7 +373,7 @@ _FX ULONG File_GetPathFlagsEx(const WCHAR *TruePath, const WCHAR *CopyPath, WCHA
//
TmplRelocation = NULL;
Flags = File_GetPathFlags_internal(&Cur_Snapshot->PathRoot, TruePath, &TmplRelocation, TRUE);
Flags = File_GetPathFlags_internal(&Cur_Snapshot->PathRoot, File_NormalizePath(TruePath, NORM_NAME_BUFFER), &TmplRelocation, TRUE);
if(TmplRelocation)
Relocation = TmplRelocation;
if (FILE_PATH_DELETED(Flags))
@ -477,11 +477,11 @@ _FX void File_InitSnapshots(void)
wcscat(PathFile, L"\\");
wcscat(PathFile, FILE_PATH_FILE_NAME);
File_LoadPathTree_internal(&Cur_Snapshot->PathRoot, PathFile);
File_LoadPathTree_internal(&Cur_Snapshot->PathRoot, PathFile, File_TranslateDosToNtPath);
}
//WCHAR SnapshotName[34] = { 0 };
//GetPrivateProfileStringW(SnapshotId, L"Name", L"", SnapshotName, 34, SnapshotsIni);
//WCHAR SnapshotName[BOXNAME_COUNT] = { 0 };
//GetPrivateProfileStringW(SnapshotId, L"Name", L"", SnapshotName, BOXNAME_COUNT, SnapshotsIni);
//wcscpy(Cur_Snapshot->Name, SnapshotName);
GetPrivateProfileStringW(SnapshotId, L"Parent", L"", Snapshot, 16, SnapshotsIni);

6
Sandboxie/core/dll/guimisc.c
View File

@ -789,6 +789,9 @@ _FX HANDLE Gui_GetClipboardData(UINT uFormat)
// clipboard data
//
if (!SbieApi_QueryConfBool(NULL, L"OpenClipboard", TRUE))
return NULL;
hGlobalRet = __sys_GetClipboardData(uFormat);
if (hGlobalRet)
return hGlobalRet;
@ -1058,6 +1061,9 @@ _FX void Gui_GetClipboardData_MF(void *buf, ULONG sz, ULONG fmt)
// create a local HMETAFILE handle
//
if (!SbieApi_QueryConfBool(NULL, L"OpenClipboard", TRUE))
return;
if ((fmt != CF_METAFILEPICT) || (sz != sizeof(METAFILEPICT))) {
SbieApi_Log(2205, L"Clipboard MetaFile (fmt %04X sz %d)", fmt, sz);
return;

115
Sandboxie/core/dll/handle.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2021-2022 David Xanatos, xanasoft.com
* Copyright 2021-2023 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -33,11 +33,24 @@
// Structures and Types
//---------------------------------------------------------------------------
typedef struct _HANDLE_HANDLER
{
LIST_ELEM list_elem;
P_HandlerFunc Close;
void* Param;
BOOL bPropagate; // incompatible with Param, todo: add duplicate handler
} HANDLE_HANDLER;
typedef struct _HANDLE_STATE {
BOOLEAN DeleteOnClose;
P_CloseHandler CloseHandlers[MAX_CLOSE_HANDLERS];
WCHAR* RelocationPath;
LIST CloseHandlers;
WCHAR* RelocationPath;
} HANDLE_STATE;
@ -145,21 +158,17 @@ _FX WCHAR* Handle_GetRelocationPath(HANDLE FileHandle, ULONG ExtraLength)
//---------------------------------------------------------------------------
_FX BOOLEAN Handle_FreeCloseHandler(HANDLE FileHandle, P_CloseHandler* CloseHandlers, BOOLEAN* DeleteOnClose)
_FX VOID Handle_ExecuteCloseHandler(HANDLE FileHandle, BOOLEAN* DeleteOnClose)
{
BOOLEAN HasCloseHandlers = FALSE;
LIST CloseHandlers;
EnterCriticalSection(&Handle_StatusData_CritSec);
HANDLE_STATE* state = (HANDLE_STATE*)map_get(&Handle_StatusData, FileHandle);
if (state) {
HasCloseHandlers = TRUE;
if(CloseHandlers)
memcpy(CloseHandlers, state->CloseHandlers, MAX_CLOSE_HANDLERS * sizeof(P_CloseHandler));
if(DeleteOnClose) *DeleteOnClose = state->DeleteOnClose;
*DeleteOnClose = state->DeleteOnClose;
CloseHandlers = state->CloseHandlers;
if (state->RelocationPath) Dll_Free(state->RelocationPath);
}
@ -167,22 +176,33 @@ _FX BOOLEAN Handle_FreeCloseHandler(HANDLE FileHandle, P_CloseHandler* CloseHand
LeaveCriticalSection(&Handle_StatusData_CritSec);
return HasCloseHandlers;
//
// execute all close handlers
//
if (state) {
while (1) {
HANDLE_HANDLER* handler = List_Head(&CloseHandlers);
if (!handler)
break;
handler->Close(FileHandle, handler->Param);
List_Remove(&CloseHandlers, handler);
Pool_Free(handler, sizeof(HANDLE_HANDLER));
}
}
}
//---------------------------------------------------------------------------
// Handle_RegisterCloseHandler
// Handle_RegisterHandler
//---------------------------------------------------------------------------
_FX BOOLEAN Handle_RegisterCloseHandler(HANDLE FileHandle, P_CloseHandler CloseHandler)
_FX BOOLEAN Handle_RegisterHandler(HANDLE FileHandle, P_HandlerFunc CloseHandler, void* Params, BOOL bPropagate)
{
if (!FileHandle || FileHandle == (HANDLE)-1)
return FALSE;
ULONG i;
EnterCriticalSection(&Handle_StatusData_CritSec);
HANDLE_STATE* state = map_get(&Handle_StatusData, FileHandle);
@ -190,19 +210,30 @@ _FX BOOLEAN Handle_RegisterCloseHandler(HANDLE FileHandle, P_CloseHandler CloseH
state = map_insert(&Handle_StatusData, FileHandle, NULL, sizeof(HANDLE_STATE));
}
for (i = 0; i < MAX_CLOSE_HANDLERS; i++) {
if (state->CloseHandlers[i] == CloseHandler)
HANDLE_HANDLER* handler = List_Head(&state->CloseHandlers);
while (handler)
{
if (handler->Close == CloseHandler)
break; // already registered
if (state->CloseHandlers[i] == NULL) {
state->CloseHandlers[i] = CloseHandler; // set to empty slot
break;
}
handler = List_Next(handler);
}
if (handler == NULL)
{
HANDLE_HANDLER* newNandler = Pool_Alloc(Dll_Pool, sizeof(HANDLE_HANDLER));
memzero(&newNandler->list_elem, sizeof(LIST_ELEM));
newNandler->Close = CloseHandler;
newNandler->Param = Params;
newNandler->bPropagate = bPropagate;
List_Insert_After(&state->CloseHandlers, NULL, newNandler);
}
LeaveCriticalSection(&Handle_StatusData_CritSec);
if (i == MAX_CLOSE_HANDLERS) {
SbieApi_Log(2301, L"No free CloseHandlers slot available");
if (handler != NULL) {
//SbieApi_Log(2301, L"CloseHandlers already registered"); // todo
return FALSE;
}
@ -211,30 +242,31 @@ _FX BOOLEAN Handle_RegisterCloseHandler(HANDLE FileHandle, P_CloseHandler CloseH
//---------------------------------------------------------------------------
// Handle_UnRegisterCloseHandler
// Handle_UnRegisterHandler
//---------------------------------------------------------------------------
_FX BOOLEAN Handle_UnRegisterCloseHandler(HANDLE FileHandle, P_CloseHandler CloseHandler)
_FX VOID Handle_UnRegisterHandler(HANDLE FileHandle, P_HandlerFunc CloseHandler, void** pParams)
{
ULONG i = MAX_CLOSE_HANDLERS;
EnterCriticalSection(&Handle_StatusData_CritSec);
HANDLE_STATE* state = map_get(&Handle_StatusData, FileHandle);
if (state) {
for (i = 0; i < MAX_CLOSE_HANDLERS; i++) {
if (state->CloseHandlers[i] == CloseHandler) {
state->CloseHandlers[i] = NULL; // clear slot
HANDLE_HANDLER* handler = List_Head(&state->CloseHandlers);
while (handler)
{
if (handler->Close == CloseHandler)
{
if (pParams) pParams = handler->Param;
List_Remove(&state->CloseHandlers, handler);
break;
}
handler = List_Next(handler);
}
}
LeaveCriticalSection(&Handle_StatusData_CritSec);
return i != MAX_CLOSE_HANDLERS;
}
@ -245,8 +277,6 @@ _FX BOOLEAN Handle_UnRegisterCloseHandler(HANDLE FileHandle, P_CloseHandler Clos
_FX void Handle_SetupDuplicate(HANDLE OldFileHandle, HANDLE NewFileHandle)
{
ULONG i;
EnterCriticalSection(&Handle_StatusData_CritSec);
HANDLE_STATE* state = map_get(&Handle_StatusData, OldFileHandle);
@ -255,17 +285,16 @@ _FX void Handle_SetupDuplicate(HANDLE OldFileHandle, HANDLE NewFileHandle)
if(state->RelocationPath)
Handle_SetRelocationPath(NewFileHandle, state->RelocationPath);
// todo: add a flag to each CloseHandlers entry to indicate if it should be propagated or not
BOOLEAN found = FALSE;
for (i = 0; i < MAX_CLOSE_HANDLERS; i++) {
if (state->CloseHandlers[i] == File_NotifyRecover) {
found = TRUE;
HANDLE_HANDLER* handler = List_Head(&state->CloseHandlers);
while (handler)
{
if (handler->bPropagate) {
Handle_RegisterHandler(NewFileHandle, handler->Close, NULL, TRUE);
break;
}
handler = List_Next(handler);
}
if(found)
Handle_RegisterCloseHandler(NewFileHandle, File_NotifyRecover);
}
LeaveCriticalSection(&Handle_StatusData_CritSec);
}
}

15
Sandboxie/core/dll/handle.h
View File

@ -1,5 +1,5 @@
/*
* Copyright 2021-2022 David Xanatos, xanasoft.com
* Copyright 2021-2023 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -21,10 +21,11 @@
//---------------------------------------------------------------------------
// Defines
// Structures and Types
//---------------------------------------------------------------------------
#define MAX_CLOSE_HANDLERS 4
typedef void(*P_HandlerFunc)(HANDLE handle, void* param);
//---------------------------------------------------------------------------
@ -32,19 +33,17 @@
//---------------------------------------------------------------------------
typedef void(*P_CloseHandler)(HANDLE handle);
VOID Handle_SetDeleteOnClose(HANDLE FileHandle, BOOLEAN DeleteOnClose);
BOOLEAN Handle_RegisterCloseHandler(HANDLE FileHandle, P_CloseHandler CloseHandler);
BOOLEAN Handle_RegisterHandler(HANDLE FileHandle, P_HandlerFunc CloseHandler, void* Params, BOOL bPropagate);
BOOLEAN Handle_UnRegisterCloseHandler(HANDLE FileHandle, P_CloseHandler CloseHandler);
VOID Handle_UnRegisterHandler(HANDLE FileHandle, P_HandlerFunc CloseHandler, void** pParams);
VOID Handle_SetRelocationPath(HANDLE FileHandle, WCHAR* RelocationPath);
WCHAR* Handle_GetRelocationPath(HANDLE FileHandle, ULONG ExtraLength);
BOOLEAN Handle_FreeCloseHandler(HANDLE FileHandle, P_CloseHandler* CloseHandlers, BOOLEAN* DeleteOnClose);
VOID Handle_ExecuteCloseHandler(HANDLE FileHandle, BOOLEAN* DeleteOnClose);
//---------------------------------------------------------------------------

339
Sandboxie/core/dll/ipc.c
View File

@ -23,6 +23,7 @@
#include "dll.h"
#include "obj.h"
#include "handle.h"
#include <stdio.h>
#include "common/my_version.h"
#include "core/svc/namedpipewire.h"
@ -39,6 +40,32 @@
: 0)
//---------------------------------------------------------------------------
// Structures and Types
//---------------------------------------------------------------------------
typedef struct _IPC_MERGE {
LIST_ELEM list_elem;
HANDLE handle;
LIST objects;
} IPC_MERGE;
typedef struct _IPC_MERGE_ENTRY
{
LIST_ELEM list_elem;
UNICODE_STRING Name;
UNICODE_STRING TypeName;
} IPC_MERGE_ENTRY;
//---------------------------------------------------------------------------
// Functions
//---------------------------------------------------------------------------
@ -356,6 +383,8 @@ LIST Ipc_DynamicPortNames;
BOOLEAN RpcRt_IsDynamicPortOpen(const WCHAR* wszPortName);
static LIST Ipc_Handles;
static CRITICAL_SECTION Ipc_Handles_CritSec;
//---------------------------------------------------------------------------
// IPC (other modules)
@ -374,6 +403,10 @@ _FX BOOLEAN Ipc_Init(void)
{
HMODULE module = Dll_Ntdll;
InitializeCriticalSection(&Ipc_Handles_CritSec);
List_Init(&Ipc_Handles);
void *NtAlpcCreatePort;
void *NtAlpcConnectPort;
void *NtAlpcConnectPortEx;
@ -485,6 +518,7 @@ _FX void Ipc_CreateObjects(void)
WCHAR *backslash;
WCHAR *buffer = NULL;
WCHAR *BNOLINKS = NULL;
WCHAR *GLOBAL = NULL;
WCHAR *buffer2 = NULL;
HANDLE handle;
WCHAR str[64];
@ -598,6 +632,10 @@ _FX void Ipc_CreateObjects(void)
wcscpy(buffer, buffer2);
wcscat(buffer, L"\\Global");
GLOBAL = Dll_Alloc((wcslen(buffer) + 32) * sizeof(WCHAR));
wcscpy(GLOBAL, buffer);
status = SbieApi_CreateDirOrLink(buffer, buffer2);
if (! NT_SUCCESS(status)) {
@ -643,7 +681,7 @@ _FX void Ipc_CreateObjects(void)
wcscpy(buffer, CopyPath);
wcscat(buffer, L"\\Global");
status = SbieApi_CreateDirOrLink(buffer, CopyPath);
status = SbieApi_CreateDirOrLink(buffer, GLOBAL);
if (! NT_SUCCESS(status)) {
errlvl = 41;
@ -680,6 +718,8 @@ finish:
Dll_Free(buffer);
if(BNOLINKS)
Dll_Free(BNOLINKS);
if(GLOBAL)
Dll_Free(GLOBAL);
if(buffer2)
Dll_Free(buffer2);
@ -744,7 +784,7 @@ _FX NTSTATUS Ipc_GetName(
name = Dll_GetTlsNameBuffer(
TlsData, TRUE_NAME_BUFFER, length + objname_len);
if ((! objname_len) || (! *objname_buf)) {
/*if ((! objname_len) || (! *objname_buf)) {
//
// an object handle was specified, but the object name is an
@ -760,7 +800,7 @@ _FX NTSTATUS Ipc_GetName(
return STATUS_SUCCESS;
}
}
}*/
if (objname_len && *objname_buf == L'\\') {
@ -1392,10 +1432,10 @@ _FX NTSTATUS Ipc_NtConnectPort(
ConnectionInfo, ConnectionInfoLength, MaximumMessageLength,
ClientSharedMemory, NULL, ServerSharedMemory);
if (status != STATUS_BAD_INITIAL_PC)
__leave;
if (status == STATUS_BAD_INITIAL_STACK)
goto OpenTruePath;
if (status != STATUS_BAD_INITIAL_PC)
__leave;
//
// if trying to connect to a COM port, start our COM servers first
@ -1520,10 +1560,10 @@ _FX NTSTATUS Ipc_NtSecureConnectPort(
ConnectionInfo, ConnectionInfoLength, MaximumMessageLength,
ClientSharedMemory, ServerSid, ServerSharedMemory);
if (status != STATUS_BAD_INITIAL_PC)
__leave;
if (status == STATUS_BAD_INITIAL_STACK)
goto OpenTruePath;
if (status != STATUS_BAD_INITIAL_PC)
__leave;
//
// if trying to connect to a COM port, start our COM servers first
@ -1772,10 +1812,10 @@ _FX NTSTATUS Ipc_NtAlpcConnectPort(
ConnectionInfo, ConnectionInfoLength, AlpcConnectInfo,
NULL, ServerSid, NULL);
if (status != STATUS_BAD_INITIAL_PC)
__leave;
if (status == STATUS_BAD_INITIAL_STACK)
goto OpenTruePath;
if (status != STATUS_BAD_INITIAL_PC)
__leave;
//
// if trying to connect to a COM port, start our COM servers first
@ -1947,11 +1987,11 @@ _FX NTSTATUS Ipc_NtAlpcConnectPortEx(
PortHandle, TruePath, ConnectionFlags,
ConnectionInfo, ConnectionInfoLength, AlpcConnectInfo,
NULL, ServerSd, NULL);
if (status != STATUS_BAD_INITIAL_PC)
__leave;
if (status == STATUS_BAD_INITIAL_STACK)
goto OpenTruePath;
if (status != STATUS_BAD_INITIAL_PC)
__leave;
//
// if trying to connect to a COM port, start our COM servers first
@ -4051,6 +4091,152 @@ OpenTruePath:
}
//---------------------------------------------------------------------------
// Ipc_MergeFree
//---------------------------------------------------------------------------
_FX void Ipc_MergeFree(IPC_MERGE *merge)
{
while (1) {
IPC_MERGE_ENTRY *entry = List_Head(&merge->objects);
if (! entry)
break;
List_Remove(&merge->objects, entry);
Dll_Free(entry);
}
Dll_Free(merge);
}
//---------------------------------------------------------------------------
// Ipc_NtClose
//---------------------------------------------------------------------------
_FX void Ipc_NtClose(HANDLE IpcHandle, void* CloseParams)
{
IPC_MERGE *merge;
EnterCriticalSection(&Ipc_Handles_CritSec);
merge = List_Head(&Ipc_Handles);
while (merge) {
if (merge->handle == IpcHandle) {
Handle_UnRegisterHandler(merge->handle, Ipc_NtClose, NULL);
List_Remove(&Ipc_Handles, merge);
Ipc_MergeFree(merge);
break;
}
merge = List_Next(merge);
}
LeaveCriticalSection(&Ipc_Handles_CritSec);
}
//---------------------------------------------------------------------------
// Ipc_MergeDirectoryObject
//---------------------------------------------------------------------------
_FX NTSTATUS Ipc_MergeDirectoryObject(IPC_MERGE *merge, WCHAR* path, BOOLEAN join)
{
NTSTATUS status;
HANDLE directoryHandle;
OBJECT_ATTRIBUTES objattrs;
UNICODE_STRING objname;
RtlInitUnicodeString(&objname, path);
InitializeObjectAttributes(
&objattrs, &objname, OBJ_CASE_INSENSITIVE, NULL, NULL);
status = __sys_NtOpenDirectoryObject(&directoryHandle, DIRECTORY_QUERY, &objattrs);
if (!NT_SUCCESS(status))
return status;
ULONG bufferSize = 4096;
PVOID buffer = Dll_Alloc(bufferSize);
BOOLEAN firstTime = TRUE;
ULONG indexCounter = 0;
ULONG returnLength;
while (1)
{
status = __sys_NtQueryDirectoryObject(directoryHandle, buffer, bufferSize, FALSE, firstTime, &indexCounter, &returnLength);
firstTime = FALSE;
if (status == STATUS_NO_MORE_ENTRIES)
break; // done
if (!NT_SUCCESS(status))
break; // error
for (POBJECT_DIRECTORY_INFORMATION directoryInfo = buffer; directoryInfo->Name.Length != 0; directoryInfo++)
{
ULONG len = sizeof(IPC_MERGE_ENTRY) + (directoryInfo->Name.MaximumLength + directoryInfo->TypeName.MaximumLength) * sizeof(WCHAR);
//
// when we are joining we remove the older entries when a duplicate is encountered
//
if (join) {
IPC_MERGE_ENTRY* entry = List_Head(&merge->objects);
while (entry) {
if (entry->Name.Length == directoryInfo->Name.Length && memcmp(entry->Name.Buffer, directoryInfo->Name.Buffer, entry->Name.Length) == 0)
break;
entry = List_Next(entry);
}
if (entry) {
if (entry->TypeName.Length == directoryInfo->TypeName.Length && memcmp(entry->TypeName.Buffer, directoryInfo->TypeName.Buffer, entry->TypeName.Length) == 0)
continue; // identical entry, nothign to do
// same name but different type, remove old entry
List_Remove(&merge->objects, entry);
Dll_Free(entry);
}
}
//
// add new entry
//
IPC_MERGE_ENTRY* entry = Dll_Alloc(len);
WCHAR* ptr = entry + 1;
entry->Name.Length = directoryInfo->Name.Length;
entry->Name.MaximumLength = directoryInfo->Name.MaximumLength;
entry->Name.Buffer = ptr;
memcpy(ptr, directoryInfo->Name.Buffer, directoryInfo->Name.MaximumLength);
ptr += directoryInfo->Name.MaximumLength / sizeof(WCHAR);
entry->TypeName.Length = directoryInfo->TypeName.Length;
entry->TypeName.MaximumLength = directoryInfo->TypeName.MaximumLength;
entry->TypeName.Buffer = ptr;
memcpy(ptr, directoryInfo->TypeName.Buffer, directoryInfo->TypeName.MaximumLength);
//ptr += directoryInfo->TypeName.MaximumLength / sizeof(WCHAR);
List_Insert_After(&merge->objects, NULL, entry);
}
}
Dll_Free(buffer);
extern P_NtClose __sys_NtClose;
__sys_NtClose(directoryHandle);
return status;
}
//---------------------------------------------------------------------------
// Ipc_NtQueryDirectoryObject
//---------------------------------------------------------------------------
@ -4065,8 +4251,133 @@ _FX NTSTATUS Ipc_NtQueryDirectoryObject(
PULONG Context,
PULONG ReturnLength)
{
SbieApi_Log(2205, L"NtQueryDirectoryObject");
return __sys_NtQueryDirectoryObject(DirectoryHandle, Buffer, Length, ReturnSingleEntry, RestartScan, Context, ReturnLength);
IPC_MERGE *merge;
EnterCriticalSection(&Ipc_Handles_CritSec);
merge = List_Head(&Ipc_Handles);
while (merge) {
IPC_MERGE *next = List_Next(merge);
if (merge->handle == DirectoryHandle)
break;
merge = next;
}
if (RestartScan && merge != NULL) {
Handle_UnRegisterHandler(merge->handle, Ipc_NtClose, NULL);
List_Remove(&Ipc_Handles, merge);
Ipc_MergeFree(merge);
merge = NULL;
}
if (! merge) {
merge = Dll_Alloc(sizeof(IPC_MERGE));
memzero(merge, sizeof(IPC_MERGE));
merge->handle = DirectoryHandle;
List_Insert_Before(&Ipc_Handles, NULL, merge);
Handle_RegisterHandler(merge->handle, Ipc_NtClose, NULL, FALSE);
WCHAR *TruePath;
WCHAR *CopyPath;
NTSTATUS status = Ipc_GetName(DirectoryHandle, NULL, &TruePath, &CopyPath, NULL);
if (!NT_SUCCESS(status))
return status;
Ipc_MergeDirectoryObject(merge, TruePath, FALSE);
ULONG len = wcslen(CopyPath); // fix root copy path, remove tailing '\\'
if (CopyPath[len - 1] == L'\\') CopyPath[len - 1] = 0;
Ipc_MergeDirectoryObject(merge, CopyPath, TRUE);
}
//
// goto index, for better performacne we could cache indexes
//
IPC_MERGE_ENTRY* entry = List_Head(&merge->objects);
ULONG indexCounter = 0;
if (Context) {
for (; entry && indexCounter < *Context; indexCounter++)
entry = List_Next(entry);
}
if (!entry)
return STATUS_NO_MORE_ENTRIES;
//
// count the buffer space
//
ULONG CountToGo = 0;
ULONG TotalLength = sizeof(OBJECT_DIRECTORY_INFORMATION);
for (IPC_MERGE_ENTRY* cur = entry; cur; cur = List_Next(cur)) {
ULONG len = sizeof(OBJECT_DIRECTORY_INFORMATION) + (cur->Name.MaximumLength + cur->TypeName.MaximumLength) * sizeof(WCHAR);
if (TotalLength + len > Length)
break; // not enough space for this entry
CountToGo++;
TotalLength += len;
if (ReturnSingleEntry)
break;
}
//
// fill output buffer
//
POBJECT_DIRECTORY_INFORMATION directoryInfo = Buffer;
WCHAR* ptr = directoryInfo + CountToGo + 1;
ULONG EndIndex = indexCounter + CountToGo;
for (; entry && indexCounter < EndIndex; indexCounter++) {
directoryInfo->Name.Length = entry->Name.Length;
directoryInfo->Name.MaximumLength = entry->Name.MaximumLength;
directoryInfo->Name.Buffer = ptr;
memcpy(ptr, entry->Name.Buffer, entry->Name.MaximumLength);
ptr += directoryInfo->Name.MaximumLength / sizeof(WCHAR);
directoryInfo->TypeName.Length = entry->TypeName.Length;
directoryInfo->TypeName.MaximumLength = entry->TypeName.MaximumLength;
directoryInfo->TypeName.Buffer = ptr;
memcpy(ptr, entry->TypeName.Buffer, entry->TypeName.MaximumLength);
ptr += directoryInfo->TypeName.MaximumLength / sizeof(WCHAR);
directoryInfo++;
entry = List_Next(entry);
}
//
// terminate listing with an empty entry
//
directoryInfo->Name.Length = directoryInfo->TypeName.Length = 0;
directoryInfo->Name.MaximumLength = directoryInfo->TypeName.MaximumLength = 0;
directoryInfo->Name.Buffer = directoryInfo->TypeName.Buffer = NULL;
//
// set return values
//
if (ReturnLength) *ReturnLength = TotalLength;
if (Context) *Context = indexCounter;
if (indexCounter < (ULONG)merge->objects.count)
return STATUS_MORE_ENTRIES;
return STATUS_SUCCESS;
}

9
Sandboxie/core/dll/key_del.c
View File

@ -80,11 +80,10 @@ static ULONG Key_IsDeletedEx_v2(const WCHAR* TruePath, const WCHAR* ValueName, B
//
VOID File_ClearPathBranche_internal(LIST* parent);
VOID File_SavePathTree_internal(LIST* Root, const WCHAR* name);
BOOLEAN File_LoadPathTree_internal(LIST* Root, const WCHAR* name);
VOID File_SavePathTree_internal(LIST* Root, const WCHAR* name, WCHAR* (*TranslatePath)(const WCHAR *));
BOOLEAN File_LoadPathTree_internal(LIST* Root, const WCHAR* name, WCHAR* (*TranslatePath)(const WCHAR *));
VOID File_SetPathFlags_internal(LIST* Root, const WCHAR* Path, ULONG setFlags, ULONG clrFlags, const WCHAR* Relocation);
ULONG File_GetPathFlags_internal(LIST* Root, const WCHAR* Path, WCHAR** pRelocation, BOOLEAN CheckChildren);
VOID File_SavePathNode_internal(HANDLE hPathsFile, LIST* parent, WCHAR* Path, ULONG Length, ULONG SetFlags);
BOOLEAN File_MarkDeleted_internal(LIST* Root, const WCHAR* Path);
VOID File_SetRelocation_internal(LIST* Root, const WCHAR* OldTruePath, const WCHAR* NewTruePath);
@ -128,7 +127,7 @@ _FX BOOLEAN Key_SavePathTree()
{
EnterCriticalSection(Key_PathRoot_CritSec);
File_SavePathTree_internal(&Key_PathRoot, KEY_PATH_FILE_NAME);
File_SavePathTree_internal(&Key_PathRoot, KEY_PATH_FILE_NAME, NULL);
File_GetAttributes_internal(KEY_PATH_FILE_NAME, &Key_PathsFileSize, &Key_PathsFileDate, NULL);
@ -151,7 +150,7 @@ _FX BOOLEAN Key_LoadPathTree()
EnterCriticalSection(Key_PathRoot_CritSec);
Key_RegPaths_Loaded = File_LoadPathTree_internal(&Key_PathRoot, KEY_PATH_FILE_NAME);
Key_RegPaths_Loaded = File_LoadPathTree_internal(&Key_PathRoot, KEY_PATH_FILE_NAME, NULL);
LeaveCriticalSection(Key_PathRoot_CritSec);

10
Sandboxie/core/dll/key_merge.c
View File

@ -1,6 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2021-2022 David Xanatos, xanasoft.com
* Copyright 2021-2023 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -206,7 +206,7 @@ _FX NTSTATUS Key_Merge(
// if we got here, we need to discard the stale entry
//
Handle_UnRegisterCloseHandler(merge->handle, Key_NtClose);
Handle_UnRegisterHandler(merge->handle, Key_NtClose, NULL);
List_Remove(&Key_Handles, merge);
Key_MergeFree(merge, TRUE);
@ -234,7 +234,7 @@ _FX NTSTATUS Key_Merge(
memcpy(merge->name, TruePath, TruePath_len + sizeof(WCHAR));
List_Insert_Before(&Key_Handles, NULL, merge);
Handle_RegisterCloseHandler(merge->handle, Key_NtClose);
Handle_RegisterHandler(merge->handle, Key_NtClose, NULL, FALSE);
}
//
@ -1557,7 +1557,7 @@ _FX void Key_DiscardMergeByPath(const WCHAR *TruePath, BOOLEAN Recurse)
}
}
Handle_UnRegisterCloseHandler(merge->handle, Key_NtClose);
Handle_UnRegisterHandler(merge->handle, Key_NtClose, NULL);
List_Remove(&Key_Handles, merge);
Key_MergeFree(merge, TRUE);
}
@ -1605,7 +1605,7 @@ _FX void Key_DiscardMergeByHandle(
//---------------------------------------------------------------------------
_FX void Key_NtClose(HANDLE KeyHandle)
_FX void Key_NtClose(HANDLE KeyHandle, void* CloseParams)
{
KEY_MERGE *merge;

25
Sandboxie/core/dll/ldr.c
View File

@ -282,22 +282,15 @@ void CALLBACK Ldr_LdrDllNotification(ULONG NotificationReason, PLDR_DLL_NOTIFICA
{
ULONG_PTR LdrCookie = 0;
NTSTATUS status = 0;
WCHAR text[4096];
if (NotificationReason == 1) {
status = __sys_LdrLockLoaderLock(0, NULL, &LdrCookie);
Ldr_MyDllCallbackNew(NotificationData->Loaded.BaseDllName->Buffer, (HMODULE)NotificationData->Loaded.DllBase, TRUE);
__sys_LdrUnlockLoaderLock(0, LdrCookie);
Sbie_snwprintf(text, ARRAYSIZE(text), L"%s (loaded)", NotificationData->Loaded.BaseDllName->Buffer);
}
else if (NotificationReason == 2) {
Ldr_MyDllCallbackNew(NotificationData->Unloaded.BaseDllName->Buffer, (HMODULE)NotificationData->Loaded.DllBase, FALSE);
Sbie_snwprintf(text, ARRAYSIZE(text), L"%s (unloaded)", NotificationData->Loaded.BaseDllName->Buffer);
}
SbieApi_MonitorPutMsg(MONITOR_IMAGE, text);
}
//---------------------------------------------------------------------------
@ -1090,19 +1083,25 @@ _FX void Ldr_MyDllCallbackA(const CHAR *ImageName, HMODULE ImageBase, BOOL LoadS
WCHAR ImageNameW[128];
Sbie_snwprintf(ImageNameW, ARRAYSIZE(ImageNameW), L"%S", ImageName);
Ldr_MyDllCallbackW(ImageNameW, ImageBase, LoadState);
Ldr_MyDllCallbackNew(ImageNameW, ImageBase, LoadState);
}
_FX void Ldr_MyDllCallbackW(const WCHAR *ImageName, HMODULE ImageBase, BOOL LoadState) // Windows XP
{
// call new function
Ldr_MyDllCallbackNew(ImageName, ImageBase, LoadState);
Ldr_MyDllCallbackNew(ImageName, ImageBase, LoadState);
}
_FX void Ldr_MyDllCallbackNew(const WCHAR *ImageName, HMODULE ImageBase, BOOL LoadState) // Windows 8.1 and later
{
WCHAR text[4096];
if(LoadState)
Sbie_snwprintf(text, ARRAYSIZE(text), L"%s (loaded)", ImageName);
else
Sbie_snwprintf(text, ARRAYSIZE(text), L"%s (unloaded)", ImageName);
SbieApi_MonitorPutMsg(MONITOR_IMAGE, text);
//
// invoke our sub-modules as necessary
//
@ -1187,12 +1186,12 @@ _FX void *Ldr_GetProcAddrOld(const WCHAR *DllName, const WCHAR *ProcNameW)
_FX void *Ldr_GetProcAddrNew(const WCHAR *DllName, const WCHAR *ProcNameW, char * ProcNameA)
{
NTSTATUS status;
void *proc;
void *proc = NULL;
// char buffer[768];
// sprintf(buffer,"GetProcAddrNew: DllName = %S, ProcW = %S, ProcA = %s\n",DllName,ProcNameW,ProcNameA);
// OutputDebugStringA(buffer);
if (Dll_OsBuild < 9600) {
if (Dll_OsBuild < 9600) { // Windows 8.0 or earlier
proc = Ldr_GetProcAddr_2(DllName, ProcNameW);
if (!proc) {
ULONG_PTR LdrCookie;
@ -1223,7 +1222,7 @@ _FX void *Ldr_GetProcAddrNew(const WCHAR *DllName, const WCHAR *ProcNameW, char
}
}
}
else {
else { // Windows 8.1 and later
HMODULE DllBase;
DllBase = GetModuleHandle(DllName);
if (!DllBase) {

17
Sandboxie/core/dll/ldr_init.c
View File

@ -22,6 +22,7 @@
#include "dll.h"
#include "core/low/lowdata.h"
#include <stdio.h>
@ -880,6 +881,22 @@ _FX void* Ldr_Inject_Entry(ULONG_PTR *pPtr)
{
Ldr_LoadInjectDlls(g_bHostInject);
}
//
// free the syscall/inject data area which is no longer needed
//
#ifdef _M_ARM64EC
extern ULONG* SbieApi_SyscallPtr;
SbieApi_SyscallPtr = NULL;
#endif
extern SBIELOW_DATA* SbieApi_data;
VirtualFree((void*)SbieApi_data->syscall_data, 0, MEM_RELEASE);
//
// return original entry point address to jump to
//
return entrypoint;
}

8
Sandboxie/core/dll/lowlevel.rc
View File

@ -1,4 +1,5 @@
// Copyright 2004-2020 Sandboxie Holdings, LLC
// Copyright 2023 David Xanatos, xanasoft.com
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
@ -54,11 +55,10 @@
#ifdef BUILD_UTILITY_PASS2
#if MY_ARM64_FLAG
LOWLEVEL RCDATA "../low/obj/ARM64/LowLevel.dll"
LOWLEVEL64 RCDATA "../low/obj/ARM64/LowLevel.dll"
#elif MY_WIN64_FLAG
LOWLEVEL RCDATA "../low/obj/amd64/LowLevel.dll"
#else
LOWLEVEL RCDATA "../low/obj/i386/LowLevel.dll"
LOWLEVEL64 RCDATA "../low/obj/amd64/LowLevel.dll"
#endif // MY_WIN64_FLAG
LOWLEVEL32 RCDATA "../low/obj/i386/LowLevel.dll"
#endif // BUILD_UTILITY_PASS2

248
Sandboxie/core/dll/lowlevel_inject.c
View File

@ -1,6 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020-2022 David Xanatos, xanasoft.com
* Copyright 2020-2023 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -48,6 +48,7 @@
typedef struct _MY_TARGETS {
unsigned long long entry;
unsigned long long data;
unsigned long long detour;
} MY_TARGETS;
#ifdef _M_ARM64
@ -85,7 +86,7 @@ typedef PVOID (*P_VirtualAlloc2)(
SBIEDLL_EXPORT HANDLE SbieDll_InjectLow_SendHandle(HANDLE hProcess);
void *SbieDll_InjectLow_CopyCode(
HANDLE hProcess, SIZE_T lowLevel_size, UCHAR *code, ULONG code_len
HANDLE hProcess, SIZE_T total_size, SIZE_T lowLevel_size, const void* lowLevel_ptr
#ifdef _M_ARM64
, BOOLEAN use_arm64ec
#endif
@ -129,11 +130,16 @@ ULONG Hook_GetSysCallFunc(ULONG* aCode, void** pHandleStubHijack);
void *m_sbielow_ptr = NULL;
ULONG m_sbielow_len = 0;
//adding two offsets variables to replace the "head" and "tail" dependency
ULONG m_sbielow_start_offset = 0;
ULONG m_sbielow_data_offset = 0;
ULONG m_sbielow_len = 0;
#ifdef _WIN64
void *m_sbielow32_ptr = NULL;
ULONG m_sbielow32_len = 0;
ULONG m_sbielow32_detour_offset = 0;
#endif
ULONG *m_syscall_data = NULL;
@ -149,19 +155,19 @@ P_VirtualAlloc2 __sys_VirtualAlloc2 = NULL;
#endif
#include "core/low/lowlevel_code.c"
//---------------------------------------------------------------------------
// InjectLow_InitHelper
// SbieDll_InjectLow_LoadLow
//---------------------------------------------------------------------------
_FX ULONG SbieDll_InjectLow_InitHelper()
_FX ULONG SbieDll_InjectLow_LoadLow(BOOLEAN arch_64bit, void **sbielow_ptr, ULONG *sbielow_len, ULONG *start_offset, ULONG* data_offset, ULONG* detour_offset)
{
//
// lock the SbieLow resource (embedded within the SbieSvc executable,
// see lowlevel.rc) and find the offset to executable code, and length
//
IMAGE_DOS_HEADER *dos_hdr = 0;
IMAGE_NT_HEADERS *nt_hdrs = 0;
IMAGE_SECTION_HEADER *section = 0;
@ -171,8 +177,8 @@ _FX ULONG SbieDll_InjectLow_InitHelper()
ULONG errlvl = 0x11;
HRSRC hrsrc = FindResource(Dll_Instance, L"LOWLEVEL", RT_RCDATA);
if (! hrsrc)
HRSRC hrsrc = FindResource(Dll_Instance, arch_64bit ? L"LOWLEVEL64" : L"LOWLEVEL32", RT_RCDATA);
if (! hrsrc)
return errlvl;
ULONG binsize = SizeofResource(Dll_Instance, hrsrc);
@ -193,44 +199,33 @@ _FX ULONG SbieDll_InjectLow_InitHelper()
if (dos_hdr->e_magic == 'MZ' || dos_hdr->e_magic == 'ZM') {
nt_hdrs = (IMAGE_NT_HEADERS *)((UCHAR *)dos_hdr + dos_hdr->e_lfanew);
if (nt_hdrs->Signature == IMAGE_NT_SIGNATURE) { // 'PE\0\0'
#ifndef _WIN64
if (nt_hdrs->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
IMAGE_NT_HEADERS32 *nt_hdrs_32 = (IMAGE_NT_HEADERS32 *)nt_hdrs;
IMAGE_OPTIONAL_HEADER32 *opt_hdr_32 = &nt_hdrs_32->OptionalHeader;
data_dirs = &opt_hdr_32->DataDirectory[0];
imageBase = opt_hdr_32->ImageBase;
}
#else
if (nt_hdrs->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
IMAGE_NT_HEADERS64 *nt_hdrs_64 = (IMAGE_NT_HEADERS64 *)nt_hdrs;
IMAGE_OPTIONAL_HEADER64 *opt_hdr_64 = &nt_hdrs_64->OptionalHeader;
data_dirs = &opt_hdr_64->DataDirectory[0];
imageBase = (ULONG_PTR)opt_hdr_64->ImageBase;
}
#endif
else {
return errlvl;
}
}
else {
if (nt_hdrs->Signature != IMAGE_NT_SIGNATURE) // 'PE\0\0'
return errlvl;
if (nt_hdrs->OptionalHeader.Magic != (arch_64bit ? IMAGE_NT_OPTIONAL_HDR64_MAGIC : IMAGE_NT_OPTIONAL_HDR32_MAGIC))
return errlvl;
if (!arch_64bit) {
IMAGE_NT_HEADERS32 *nt_hdrs_32 = (IMAGE_NT_HEADERS32 *)nt_hdrs;
IMAGE_OPTIONAL_HEADER32 *opt_hdr_32 = &nt_hdrs_32->OptionalHeader;
data_dirs = &opt_hdr_32->DataDirectory[0];
imageBase = opt_hdr_32->ImageBase;
}
else {
IMAGE_NT_HEADERS64 *nt_hdrs_64 = (IMAGE_NT_HEADERS64 *)nt_hdrs;
IMAGE_OPTIONAL_HEADER64 *opt_hdr_64 = &nt_hdrs_64->OptionalHeader;
data_dirs = &opt_hdr_64->DataDirectory[0];
imageBase = (ULONG_PTR)opt_hdr_64->ImageBase;
}
}
ULONG zzzzz;
ULONG zzzzz = 1;
#ifdef _M_ARM64
zzzzz = 4;
#else
if (imageBase != 0) {
return errlvl;
}
zzzzz = 1;
if (arch_64bit)
zzzzz = 4; // ARM64 only
else
#endif
if (imageBase != 0) // x64 or x86
return errlvl;
section = IMAGE_FIRST_SECTION(nt_hdrs);
if (nt_hdrs->FileHeader.NumberOfSections < 2) return errlvl;
@ -241,13 +236,32 @@ _FX ULONG SbieDll_InjectLow_InitHelper()
targets = (MY_TARGETS *)& bindata[section[zzzzz].PointerToRawData];
m_sbielow_start_offset = (ULONG)(targets->entry - imageBase - section[0].VirtualAddress);
m_sbielow_data_offset = (ULONG)(targets->data - imageBase - section[0].VirtualAddress);
if(start_offset) *start_offset = (ULONG)(targets->entry - imageBase - section[0].VirtualAddress);
if(data_offset) *data_offset = (ULONG)(targets->data - imageBase - section[0].VirtualAddress);
if(detour_offset) *detour_offset = (ULONG)(targets->detour - imageBase - section[0].VirtualAddress);
m_sbielow_ptr = bindata + section[0].PointerToRawData; //Old version: head;
m_sbielow_len = section[0].SizeOfRawData; //Old version: (ULONG)(ULONG_PTR)(tail - head);
*sbielow_ptr = bindata + section[0].PointerToRawData; //Old version: head;
*sbielow_len = section[0].SizeOfRawData; //Old version: (ULONG)(ULONG_PTR)(tail - head);
if ((!m_sbielow_start_offset) || (!m_sbielow_data_offset))
return 0;
}
//---------------------------------------------------------------------------
// InjectLow_InitHelper
//---------------------------------------------------------------------------
_FX ULONG SbieDll_InjectLow_InitHelper()
{
#ifdef _WIN64
ULONG errlvl = SbieDll_InjectLow_LoadLow(TRUE, &m_sbielow_ptr, &m_sbielow_len, &m_sbielow_start_offset, &m_sbielow_data_offset, NULL);
if(!errlvl)
errlvl = SbieDll_InjectLow_LoadLow(FALSE, &m_sbielow32_ptr, &m_sbielow32_len, NULL, NULL, &m_sbielow32_detour_offset);
#else
ULONG errlvl = SbieDll_InjectLow_LoadLow(FALSE, &m_sbielow_ptr, &m_sbielow_len, &m_sbielow_start_offset, &m_sbielow_data_offset, NULL);
#endif
if (errlvl)
return errlvl;
//
@ -403,6 +417,10 @@ _FX ULONG SbieDll_InjectLow_InitSyscalls(BOOLEAN drv_init)
// Get the SbieDll Location
//
/*if (1) {
GetSystemDirectory(sbie_home, 512);
}
else */
if (drv_init)
{
status = SbieApi_GetHomePath(NULL, 0, sbie_home, 512);
@ -531,6 +549,15 @@ _FX ULONG SbieDll_InjectLow_InitSyscalls(BOOLEAN drv_init)
extra->LdrGetProcAddr_offset = ULONG_DIFF(ptr, extra);
ptr += 28 / sizeof(WCHAR);
//
// write an ASCII string for NtProtectVirtualMemory
//
strcpy((char *)ptr, "NtProtectVirtualMemory");
extra->NtProtectVirtualMemory_offset = ULONG_DIFF(ptr, extra);
ptr += 28 / sizeof(WCHAR);
//
// write an ASCII string for NtRaiseHardError
//
@ -540,6 +567,15 @@ _FX ULONG SbieDll_InjectLow_InitSyscalls(BOOLEAN drv_init)
extra->NtRaiseHardError_offset = ULONG_DIFF(ptr, extra);
ptr += 20 / sizeof(WCHAR);
//
// write an ASCII string for NtDeviceIoControlFile
//
strcpy((char *)ptr, "NtDeviceIoControlFile");
extra->NtDeviceIoControlFile_offset = ULONG_DIFF(ptr, extra);
ptr += 28 / sizeof(WCHAR);
//
// write an ASCII string for RtlFindActivationContextSectionString
//
@ -615,15 +651,6 @@ _FX ULONG SbieDll_InjectLow_InitSyscalls(BOOLEAN drv_init)
extra->InjectData_offset = ULONG_DIFF(ptr, extra);
#ifdef _WIN64
//
// Copy the required non shell code into INJECT_DATA.DetourCode_*
//
memcpy((UCHAR*)ptr + FIELD_OFFSET(INJECT_DATA, DetourCode_x86), SbieDll_ShellCode_x86, sizeof(SbieDll_ShellCode_x86));
#endif
//
// adjust size of syscall buffer to include path strings
//
@ -852,6 +879,7 @@ _FX ULONG SbieDll_InjectLow(HANDLE hProcess, ULONG init_flags, BOOLEAN dup_drv_h
#endif
lowdata.RealNtDeviceIoControlFile = (ULONG64)GetProcAddress((HMODULE)lowdata.ntdll_base, "NtDeviceIoControlFile");
lowdata.NativeNtProtectVirtualMemory = (ULONG64)GetProcAddress((HMODULE)lowdata.ntdll_base, "NtProtectVirtualMemory");
lowdata.NativeNtRaiseHardError = (ULONG64)GetProcAddress((HMODULE)lowdata.ntdll_base, "NtRaiseHardError");
//
@ -885,16 +913,76 @@ _FX ULONG SbieDll_InjectLow(HANDLE hProcess, ULONG init_flags, BOOLEAN dup_drv_h
#endif
lowLevel_size = m_sbielow_len;
void *remote_addr = SbieDll_InjectLow_CopyCode(hProcess, lowLevel_size, lowdata.LdrInitializeThunk_tramp, sizeof(lowdata.LdrInitializeThunk_tramp)
void *remote_addr = SbieDll_InjectLow_CopyCode(hProcess, lowLevel_size, m_sbielow_len, m_sbielow_ptr
#ifdef _M_ARM64
, (BOOLEAN)lowdata.flags.is_arm64ec
#endif
);
if (remote_addr) {
void* pLdrInitializeThunk = (void*)m_LdrInitializeThunk;
#ifdef _M_ARM64
if (lowdata.flags.is_arm64ec)
pLdrInitializeThunk = (void*)m_LdrInitializeThunkEC;
#endif
//
// copy code at LdrInitializeThunk from new process
//
SIZE_T len1 = sizeof(lowdata.LdrInitializeThunk_tramp);
SIZE_T len2 = 0;
/*
sprintf(buffer,"CopyCode: copy ldr size %d\n",code_len);
OutputDebugStringA(buffer);
*/
BOOL vm_ok = ReadProcessMemory(
hProcess, pLdrInitializeThunk, lowdata.LdrInitializeThunk_tramp,
len1, &len2);
if (!vm_ok || len1 != len2) {
remote_addr = NULL;
}
}
if (!remote_addr) {
errlvl = 0x33;
goto finish;
}
#ifdef _WIN64
void *remote_addr32 = NULL;
if (lowdata.flags.is_wow64) {
//
// when this is a 32 bit process running under WoW64, we need to inject also some 32 bit code
//
remote_addr32 = SbieDll_InjectLow_CopyCode(hProcess, m_sbielow32_len, m_sbielow32_len, m_sbielow32_ptr
#ifdef _M_ARM64
, FALSE
#endif
);
if (remote_addr32) {
ULONG protect;
BOOL vm_ok = VirtualProtectEx(hProcess, remote_addr32, m_sbielow32_len,
PAGE_EXECUTE_READ, &protect);
if (vm_ok) {
lowdata.ptr_32bit_detour = (ULONG64)((UCHAR*)remote_addr32 + m_sbielow32_detour_offset);
}
}
if (!lowdata.ptr_32bit_detour) {
errlvl = 0x88;
goto finish;
}
}
#endif
#ifndef _M_ARM64
#ifdef _WIN64
lowdata.flags.long_diff = 1;
@ -1041,8 +1129,8 @@ _FX void* InjectLow_AllocMemory(HANDLE hProcess, SIZE_T size, BOOLEAN executable
void *remote_addr = NULL;
#ifdef _M_ARM64
if (use_arm64ec && executable)
{
if (use_arm64ec && executable) {
MEM_EXTENDED_PARAMETER Parameter = { 0 };
Parameter.Type = MemExtendedParameterAttributeFlags;
Parameter.ULong64 = MEM_EXTENDED_PARAMETER_EC_CODE;
@ -1051,8 +1139,9 @@ _FX void* InjectLow_AllocMemory(HANDLE hProcess, SIZE_T size, BOOLEAN executable
remote_addr = __sys_VirtualAlloc2(hProcess, (void*)base_addr, region_size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE, &Parameter, 1);
}
return remote_addr;
}
else
#endif
//
@ -1127,20 +1216,13 @@ _FX HANDLE SbieDll_InjectLow_SendHandle(HANDLE hProcess)
//---------------------------------------------------------------------------
_FX void *SbieDll_InjectLow_CopyCode(HANDLE hProcess, SIZE_T lowLevel_size, UCHAR *code, ULONG code_len
_FX void *SbieDll_InjectLow_CopyCode(HANDLE hProcess, SIZE_T total_size, SIZE_T lowLevel_size, const void* lowLevel_ptr
#ifdef _M_ARM64
, BOOLEAN use_arm64ec
#endif
) {
void* remote_addr;
void* pLdrInitializeThunk = (void*)m_LdrInitializeThunk;
#ifdef _M_ARM64
if (use_arm64ec)
pLdrInitializeThunk = (void*)m_LdrInitializeThunkEC;
#endif
remote_addr = InjectLow_AllocMemory(hProcess, lowLevel_size, TRUE
void* remote_addr = InjectLow_AllocMemory(hProcess, total_size, TRUE
#ifdef _M_ARM64
, use_arm64ec
#endif
@ -1152,32 +1234,15 @@ _FX void *SbieDll_InjectLow_CopyCode(HANDLE hProcess, SIZE_T lowLevel_size, UCHA
// copy SbieLow into the allocated region in the new process
//
SIZE_T len1 = m_sbielow_len;
SIZE_T len1 = lowLevel_size;
SIZE_T len2 = 0;
BOOL vm_ok = WriteProcessMemory(
hProcess, remote_addr, m_sbielow_ptr,
hProcess, remote_addr, lowLevel_ptr,
len1, &len2);
if (vm_ok && len1 == len2) {
//
// copy code at LdrInitializeThunk from new process
//
len1 = code_len;
len2 = 0;
/*
sprintf(buffer,"CopyCode: copy ldr size %d\n",code_len);
OutputDebugStringA(buffer);
*/
vm_ok = ReadProcessMemory(
hProcess, pLdrInitializeThunk, code,
len1, &len2);
if (vm_ok && len1 == len2) {
return remote_addr;
}
return remote_addr;
}
}
@ -1356,10 +1421,8 @@ _FX void *SbieDll_InjectLow_CopySyscalls(HANDLE hProcess, BOOLEAN is_wow64
data = m_syscall_data;
SIZE_T region_size = *data;
remote_addr = InjectLow_AllocMemory(hProcess, region_size
, is_wow64 // we copy the detour code into this area, hence executable = TRUE
remote_addr = InjectLow_AllocMemory(hProcess, region_size , FALSE
#ifdef _M_ARM64
//|| use_arm64ec
, FALSE
#endif
);
@ -1406,10 +1469,7 @@ _FX BOOLEAN SbieDll_InjectLow_CopyData(
ULONG protect;
vm_ok = VirtualProtectEx(hProcess, remote_addr, m_sbielow_len,
// we want to be able to pass data from the low level dll we do this here
// we set PAGE_EXECUTE_READ in SbieDll.dll Dll_Ordinal1
PAGE_EXECUTE_READWRITE, &protect);
//PAGE_EXECUTE_READ, &protect);
PAGE_EXECUTE_READ, &protect);
if (vm_ok) {
return TRUE;
}

15
Sandboxie/core/dll/ole.cpp
View File

@ -1066,7 +1066,7 @@ _FX HGLOBAL XDataObject::InitFormatIdList(HGLOBAL hData)
if (! pIdList)
return NULL;
HRESULT hr;
BOOL ok;
HANDLE hFile;
WCHAR *path = (WCHAR *)Dll_AllocTemp(8192);
@ -1083,8 +1083,8 @@ _FX HGLOBAL XDataObject::InitFormatIdList(HGLOBAL hData)
LPCITEMIDLIST pidl = pILCombine(GetPidl(0), GetPidl(count));
if (pidl) {
hr = pSHGetPathFromIDList(pidl, path);
if (SUCCEEDED(hr)) {
ok = pSHGetPathFromIDList(pidl, path);
if (ok) {
hFile = CreateFileW(path,
GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING,
@ -1128,8 +1128,8 @@ _FX HGLOBAL XDataObject::InitFormatIdList(HGLOBAL hData)
// get the pidl for the parent folder in the sandbox
//
hr = pSHGetPathFromIDList(GetPidl(0), path);
if (! SUCCEEDED(hr))
ok = pSHGetPathFromIDList(GetPidl(0), path);
if (!ok)
goto finish;
hFile = CreateFileW(path,
@ -1153,8 +1153,8 @@ _FX HGLOBAL XDataObject::InitFormatIdList(HGLOBAL hData)
LPCITEMIDLIST pidl = pILCombine(GetPidl(0), GetPidl(1));
if (pidl) {
hr = pSHGetPathFromIDList(pidl, path);
if (SUCCEEDED(hr)) {
ok = pSHGetPathFromIDList(pidl, path);
if (ok) {
hFile = CreateFileW(path,
GENERIC_WRITE, FILE_SHARE_VALID_FLAGS, NULL,
@ -1188,6 +1188,7 @@ _FX HGLOBAL XDataObject::InitFormatIdList(HGLOBAL hData)
SbieDll_TranslateNtToDosPath(path);
HRESULT hr;
LPITEMIDLIST pidl;
ULONG flags = 0;
hr = pSHILCreateFromPath(path, &pidl, &flags);

19
Sandboxie/core/dll/proc.c
View File

@ -737,11 +737,11 @@ _FX BOOL Proc_CreateAppContainerToken(
//---------------------------------------------------------------------------
// Proc_FindArgumentEnd
// SbieDll_FindArgumentEnd
//---------------------------------------------------------------------------
_FX const WCHAR* Proc_FindArgumentEnd(const WCHAR* arguments)
_FX const WCHAR* SbieDll_FindArgumentEnd(const WCHAR* arguments)
{
//
// when suplying: "aaaa \"bb cc\"ddd\"e\\"f\" gg hh \\"ii \"jjjj kkkk"
@ -1206,7 +1206,7 @@ _FX BOOL Proc_CreateProcessInternalW(
const WCHAR* lpArguments = NULL;
if (lpCommandLine)
lpArguments = Proc_FindArgumentEnd(lpCommandLine);
lpArguments = SbieDll_FindArgumentEnd(lpCommandLine);
WCHAR *mybuf = Dll_Alloc((wcslen(lpApplicationName) + 2 + (lpArguments ? wcslen(lpArguments) + 8192 : 0) + 1) * sizeof(WCHAR));
if (mybuf) {
@ -1232,7 +1232,7 @@ _FX BOOL Proc_CreateProcessInternalW(
WCHAR* temp = Dll_Alloc(sizeof(WCHAR) * 8192);
for (const WCHAR* ptr = lpArguments; *ptr != L'\0';) {
WCHAR* end = (WCHAR*)Proc_FindArgumentEnd(ptr);
WCHAR* end = (WCHAR*)SbieDll_FindArgumentEnd(ptr);
ULONG len = (ULONG)(end - ptr);
if (len > 0) {
WCHAR savechar = *end;
@ -2271,7 +2271,14 @@ _FX NTSTATUS Proc_NtCreateUserProcess(
if (TlsData->proc_image_path && ProcessParameters && ProcessParameters->CommandLine.Buffer) {
Proc_FixBatchCommandLine(TlsData, ProcessParameters->CommandLine.Buffer, TlsData->proc_image_path);
//Proc_FixBatchCommandLine(TlsData, ProcessParameters->CommandLine.Buffer, TlsData->proc_image_path);
WCHAR *cmd = Dll_Alloc(ProcessParameters->CommandLine.Length + sizeof(WCHAR));
wcscpy(cmd, ProcessParameters->CommandLine.Buffer);
if (TlsData->proc_command_line)
Dll_Free(TlsData->proc_command_line);
TlsData->proc_command_line = cmd;
}
NtClose(FileHandle);
@ -2391,7 +2398,7 @@ _FX BOOLEAN SbieDll_RunFromHome(
len = MAX_PATH * 2 + wcslen(pgmName);
if (pgmArgs)
len += wcslen(pgmArgs);
len += 1 + wcslen(pgmArgs);
path = Dll_AllocTemp(len * sizeof(WCHAR));
ptr = wcsrchr(pgmName, L'.');

10
Sandboxie/core/dll/sbieapi.c
View File

@ -667,7 +667,7 @@ _FX ULONG64 SbieApi_QueryProcessInfoEx(
_FX LONG SbieApi_QueryBoxPath(
const WCHAR *box_name, // WCHAR [34]
const WCHAR *box_name, // WCHAR [BOXNAME_COUNT]
WCHAR *out_file_path,
WCHAR *out_key_path,
WCHAR *out_ipc_path,
@ -828,7 +828,7 @@ _FX LONG SbieApi_QueryPathList(
_FX LONG SbieApi_EnumProcessEx(
const WCHAR *box_name, // WCHAR [34]
const WCHAR *box_name, // WCHAR [BOXNAME_COUNT]
BOOLEAN all_sessions,
ULONG which_session, // -1 for current session
ULONG *boxed_pids, // ULONG [512]
@ -1432,7 +1432,7 @@ _FX ULONG SbieApi_QueryConfNumber(
_FX LONG SbieApi_EnumBoxes(
LONG index, // initialize to -1
WCHAR *box_name) // WCHAR [34]
WCHAR *box_name) // WCHAR [BOXNAME_COUNT]
{
return SbieApi_EnumBoxesEx(index, box_name, FALSE);
}
@ -1445,7 +1445,7 @@ _FX LONG SbieApi_EnumBoxes(
_FX LONG SbieApi_EnumBoxesEx(
LONG index, // initialize to -1
WCHAR *box_name, // WCHAR [34]
WCHAR *box_name, // WCHAR [BOXNAME_COUNT]
BOOLEAN return_all_sections)
{
LONG rc;
@ -1738,7 +1738,7 @@ _FX LONG SbieApi_SessionLeader(HANDLE TokenHandle, HANDLE *ProcessId)
_FX LONG SbieApi_IsBoxEnabled(
const WCHAR *box_name) // WCHAR [34]
const WCHAR *box_name) // WCHAR [BOXNAME_COUNT]
{
NTSTATUS status;
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];

2
Sandboxie/core/dll/sbiedll.h
View File

@ -233,6 +233,8 @@ SBIEDLL_EXPORT BOOLEAN SbieDll_GetBorderColor(const WCHAR* box_name, COLORREF*
SBIEDLL_EXPORT BOOLEAN SbieDll_IsReservedFileName(const WCHAR* name);
SBIEDLL_EXPORT const WCHAR* SbieDll_FindArgumentEnd(const WCHAR* arguments);
SBIEDLL_EXPORT void DbgPrint(const char* format, ...);
SBIEDLL_EXPORT void DbgTrace(const char* format, ...);

8
Sandboxie/core/dll/scm_msi.c
View File

@ -1,6 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020-2021 David Xanatos, xanasoft.com
* Copyright 2020-2023 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -219,7 +219,7 @@ _FX HANDLE Scm_CreateWaitableTimerW(
//---------------------------------------------------------------------------
_FX VOID Scm_TokenCloseHandler(HANDLE Handle)
_FX VOID Scm_TokenCloseHandler(HANDLE Handle, void* CloseParams)
{
THREAD_DATA *TlsData = Dll_GetTlsData(NULL);
@ -241,7 +241,7 @@ _FX BOOL Scm_OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE
if (NT_SUCCESS(status) && ProcessHandle == GetCurrentProcess()) {
Handle_RegisterCloseHandler(*phTokenOut, Scm_TokenCloseHandler);
Handle_RegisterHandler(*phTokenOut, Scm_TokenCloseHandler, NULL, FALSE);
TlsData->scm_last_own_token = *phTokenOut;
}
@ -262,7 +262,7 @@ _FX BOOL Scm_OpenThreadToken(HANDLE ThreadHandle, DWORD DesiredAccess, BOOL Open
if (NT_SUCCESS(status) && ThreadHandle == GetCurrentThread()) {
Handle_RegisterCloseHandler(*phTokenOut, Scm_TokenCloseHandler);
Handle_RegisterHandler(*phTokenOut, Scm_TokenCloseHandler, NULL, FALSE);
TlsData->scm_last_own_token = *phTokenOut;
}

3
Sandboxie/core/dll/secure.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020-2023 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -738,7 +739,7 @@ _FX NTSTATUS Secure_NtDuplicateObject(
}
if (SourceHandle)
Key_NtClose(SourceHandle);
Key_NtClose(SourceHandle, NULL);
}
//

4
Sandboxie/core/dll/trace.c
View File

@ -105,10 +105,6 @@ _FX int Trace_Init(void)
OutputDebugString(L"SbieDll injected...\n");
for (int i = 0; i < 16; i++) {
if (SbieApi_data->DebugData[i] != 0)
DbgPrint("DebugData[%d]: %p\n", i, (UINT_PTR)SbieApi_data->DebugData[i]);
}
}
//

8
Sandboxie/core/drv/api.c
View File

@ -30,6 +30,7 @@
#include "session.h"
#include "common/my_version.h"
#include "log_buff.h"
#include "verify.h"
//---------------------------------------------------------------------------
@ -1325,7 +1326,7 @@ _FX NTSTATUS Api_QueryDriverInfo(PROCESS* proc, ULONG64* parms)
FeatureFlags |= SBIE_FEATURE_FLAG_WIN32K_HOOK;
#endif
if (Driver_Certified) {
if (CERT_IS_LEVEL(Verify_CertInfo, eCertStandard)) {
FeatureFlags |= SBIE_FEATURE_FLAG_CERTIFIED;
@ -1342,14 +1343,13 @@ _FX NTSTATUS Api_QueryDriverInfo(PROCESS* proc, ULONG64* parms)
}
else if (args->info_class.val == -1) {
extern ULONGLONG Verify_CertInfo;
if (args->info_len.val >= sizeof(ULONGLONG)) {
ULONGLONG* data = args->info_data.val;
*data = Verify_CertInfo;
*data = Verify_CertInfo.State;
}
else if (args->info_len.val == sizeof(ULONG)) {
ULONG* data = args->info_data.val;
*data = (ULONG)(Verify_CertInfo & 0xFFFFFFFF); // drop optional data
*data = (ULONG)(Verify_CertInfo.State & 0xFFFFFFFF); // drop optional data
}
else
status = STATUS_BUFFER_TOO_SMALL;

2
Sandboxie/core/drv/conf.c
View File

@ -1508,7 +1508,7 @@ _FX NTSTATUS Conf_Api_Reload(PROCESS *proc, ULONG64 *parms)
/*
#ifdef HOOK_WIN32K
// must be windows 10 or later
if (Driver_OsBuild >= 10041) {
if (Driver_OsBuild >= 14393) {
extern ULONG Syscall_MaxIndex32;
if (Conf_Get_Boolean(NULL, L"EnableWin32kHooks", 0, FALSE) && Syscall_MaxIndex32 == 0) {
if(Syscall_Init_List32()){

5
Sandboxie/core/drv/process.c
View File

@ -38,6 +38,7 @@
#include "thread.h"
#include "wfp.h"
#include "common/my_version.h"
#include "verify.h"
//---------------------------------------------------------------------------
@ -755,7 +756,7 @@ _FX PROCESS *Process_Create(
// check certificate
//
if (!Driver_Certified && !proc->image_sbie) {
if (!CERT_IS_LEVEL(Verify_CertInfo, eCertStandard) && !proc->image_sbie) {
const WCHAR* exclusive_setting = NULL;
if (proc->use_security_mode)
@ -1209,7 +1210,7 @@ _FX BOOLEAN Process_NotifyProcess_Create(
BOX* breakout_box = NULL;
if (box && Process_IsBreakoutProcess(box, ImagePath)) {
if(!Driver_Certified)
if(!CERT_IS_LEVEL(Verify_CertInfo, eCertStandard))
Log_Msg_Process(MSG_6004, box->name, L"BreakoutProcess", box->session_id, CallerId);
else {
UNICODE_STRING image_uni;

16
Sandboxie/core/drv/process_api.c
View File

@ -212,9 +212,23 @@ _FX NTSTATUS Process_Api_Query(PROCESS *proc, ULONG64 *parms)
// this is the first SbieApi call by SbieDll
//
if (proc)
if (proc && !proc->sbiedll_loaded) {
proc->sbiedll_loaded = TRUE;
//
// On windows 10 it was observed that the PCA service is assigning its job
// after sandboxie's job was already assigned, so we re check here,
// and when needed restart the process from the sbiedll outside a PCA job.
//
if (proc->forced_process && Driver_OsVersion >= DRIVER_WINDOWS_10) {
if (Process_IsInPcaJob(proc->pid))
proc->in_pca_job = TRUE;
}
}
//
// if a ProcessId was specified, then locate and lock the matching
// process. ProcessId must be specified if the caller is not sandboxed

4
Sandboxie/core/drv/syscall.c
View File

@ -147,7 +147,7 @@ _FX BOOLEAN Syscall_Init(void)
return FALSE;
#ifdef HOOK_WIN32K
if (Driver_OsBuild >= 10041 && Conf_Get_Boolean(NULL, L"EnableWin32kHooks", 0, TRUE)) {
if (Driver_OsBuild >= 14393 && Conf_Get_Boolean(NULL, L"EnableWin32kHooks", 0, TRUE)) {
if (!Syscall_Init_List32())
return FALSE;
@ -711,7 +711,7 @@ _FX NTSTATUS Syscall_Api_Invoke(PROCESS *proc, ULONG64 *parms)
if (pTrapFrame) {
ret = pTrapFrame->Rip;
UserStack = pTrapFrame->Rsp;
pTrapFrame->Rsp = pTrapFrame->Rbp; //*pRbp;
pTrapFrame->Rsp = pTrapFrame->Rdi; //*pRbp;
pTrapFrame->Rip = pTrapFrame->Rbx; //*pRbx;
}
}

2
Sandboxie/core/drv/syscall_win32.c
View File

@ -554,7 +554,7 @@ _FX NTSTATUS Syscall_Api_Invoke32(PROCESS* proc, ULONG64* parms)
if (pTrapFrame) {
ret = pTrapFrame->Rip;
UserStack = pTrapFrame->Rsp;
pTrapFrame->Rsp = pTrapFrame->Rbp; //*pRbp;
pTrapFrame->Rsp = pTrapFrame->Rdi; //*pRbp;
pTrapFrame->Rip = pTrapFrame->Rbx; //*pRbx;
}
}

4
Sandboxie/core/drv/util.c
View File

@ -377,16 +377,12 @@ _FX BOOLEAN MyIsCallerSigned(void)
// MyValidateCertificate
//---------------------------------------------------------------------------
BOOLEAN Driver_Certified = FALSE;
NTSTATUS KphValidateCertificate();
_FX NTSTATUS MyValidateCertificate(void)
{
NTSTATUS status = KphValidateCertificate();
Driver_Certified = NT_SUCCESS(status);
if (status == STATUS_ACCOUNT_EXPIRED)
status = STATUS_SUCCESS;

2
Sandboxie/core/drv/util.h
View File

@ -124,6 +124,4 @@ ULONG Util_CaptureStack(_Out_ PVOID* Frames, _In_ ULONG Count);
//---------------------------------------------------------------------------
extern BOOLEAN Driver_Certified;
#endif // _MY_UTIL_H

198
Sandboxie/core/drv/verify.c
View File

@ -1,6 +1,6 @@
/*
* Copyright (C) 2016 wj32
* Copyright (C) 2021 David Xanatos, xanasoft.com
* Copyright (C) 2021-2023 David Xanatos, xanasoft.com
*
* Process Hacker is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -481,27 +481,11 @@ _FX LONGLONG KphGetDateInterval(CSHORT days, CSHORT months, CSHORT years)
return ((LONGLONG)days + (LONGLONG)months * 30ll + (LONGLONG)years * 365ll) * 24ll * 3600ll * 10000000ll; // 100ns steps -> 1sec
}
#define SOFTWARE_NAME L"Sandboxie-Plus"
#include "verify.h"
union _SCertInfo {
ULONGLONG State;
struct {
ULONG
valid : 1, // certificate is active
expired : 1, // certificate is expired but may be active
outdated : 1, // certificate is expired, not anymore valid for the current build
business : 1, // certificate is suitable for business use
evaluation: 1, // evaluation certificate
grace_period: 1, // the certificate is expired and or outdated but we keep it valid for 1 extra month to allof wor a seamless renewal
reservd_1 : 2,
reservd_2 : 8,
reservd_3 : 8,
reservd_4 : 8;
ULONG expirers_in_sec;
};
} Verify_CertInfo = {0};
SCertInfo Verify_CertInfo = { 0 };
_FX NTSTATUS KphValidateCertificate(void)
_FX NTSTATUS KphValidateCertificate()
{
BOOLEAN CertDbg = FALSE;
@ -689,7 +673,7 @@ _FX NTSTATUS KphValidateCertificate(void)
if (NT_SUCCESS(status)) {
Verify_CertInfo.valid = 1;
Verify_CertInfo.active = 1;
if(CertDbg) DbgPrint("Sbie Cert type: %S-%S\n", type, level);
@ -722,89 +706,115 @@ _FX NTSTATUS KphValidateCertificate(void)
level = NULL;
}
// Checks if the certificate is within its validity period, otherwise it has no effect except for UI notification
#define TEST_CERT_DATE(days, months, years) \
if ((cert_date.QuadPart + KphGetDateInterval(days, months, years)) < LocalTime.QuadPart){ \
Verify_CertInfo.expired = 1; \
} \
Verify_CertInfo.expirers_in_sec = (ULONG)(((cert_date.QuadPart + KphGetDateInterval(days, months, years)) - LocalTime.QuadPart) / 10000000ll); // 100ns steps -> 1sec
LARGE_INTEGER expiration_date = { 0 };
// certs with a validity >= 3 months get 1 extra month of functionality
#define TEST_GRACE_PERIODE(days, months, years) \
if (months >= 3 || years > 0){ \
if ((cert_date.QuadPart + KphGetDateInterval(days, months + 1, years)) >= LocalTime.QuadPart) \
Verify_CertInfo.grace_period = 1; \
} \
// Check if the certificate is valid for the current build, failing this locks features out
#define TEST_VALIDITY(days, months, years) \
TEST_CERT_DATE(days, months, years) \
if ((cert_date.QuadPart + KphGetDateInterval(days, months, years)) < BuildDate.QuadPart){ \
Verify_CertInfo.outdated = 1; \
TEST_GRACE_PERIODE(days, months, years) \
if(!Verify_CertInfo.grace_period){ \
Verify_CertInfo.valid = 0; \
status = STATUS_ACCOUNT_EXPIRED; \
} \
}
// Check if the certificate is expired, failing this locks features out
#define TEST_EXPIRATION(days, months, years) \
TEST_CERT_DATE(days, months, years) \
if(Verify_CertInfo.expired == 1) { \
TEST_GRACE_PERIODE(days, months, years) \
if(!Verify_CertInfo.grace_period){ \
Verify_CertInfo.valid = 0; \
status = STATUS_ACCOUNT_EXPIRED; \
} \
}
if (type && _wcsicmp(type, L"CONTRIBUTOR") == 0) {
// forever - nothing to check here
if (!type) // type is mandatory
;
else if (_wcsicmp(type, L"CONTRIBUTOR") == 0) {
Verify_CertInfo.type = eCertContributor;
Verify_CertInfo.level = eCertMaxLevel;
} else if (_wcsicmp(type, L"ETERNAL") == 0) {
Verify_CertInfo.type = eCertEternal;
Verify_CertInfo.level = eCertMaxLevel;
} else if (_wcsicmp(type, L"BUSINESS") == 0)
Verify_CertInfo.type = eCertBusiness;
else if (_wcsicmp(type, L"EVALUATION") == 0 || _wcsicmp(type, L"TEST") == 0)
Verify_CertInfo.type = eCertEvaluation;
else if (_wcsicmp(type, L"SUBSCRIPTION") == 0)
Verify_CertInfo.type = eCertSubscription;
else if (_wcsicmp(type, L"FAMILY") == 0)
Verify_CertInfo.type = eCertFamily;
// patreon >>>
else if (wcsstr(type, L"PATREON") != NULL) // TYPE: [CLASS]_PATREON-[LEVEL]
{
if(_wcsnicmp(type, L"GREAT", 5) == 0)
Verify_CertInfo.type = eCertGreatPatreon;
else if (_wcsnicmp(type, L"ENTRY", 5) == 0) { // new patreons get only 3 montgs for start
Verify_CertInfo.type = eCertEntryPatreon;
expiration_date.QuadPart = cert_date.QuadPart + KphGetDateInterval(0, 3, 0);
} else
Verify_CertInfo.type = eCertPatreon;
}
else if (type && _wcsicmp(type, L"BUSINESS") == 0) {
Verify_CertInfo.business = 1;
if (level) { // in months
TEST_EXPIRATION(0, (CSHORT)_wtoi(level), 0);
}
else { // 1 year default
TEST_EXPIRATION(0, 0, 1);
}
// <<< patreon
else //if (_wcsicmp(type, L"PERSONAL") == 0 || _wcsicmp(type, L"SUPPORTER") == 0)
{
Verify_CertInfo.type = eCertPersonal;
}
else if (type && _wcsicmp(type, L"EVALUATION") == 0) {
Verify_CertInfo.evaluation = 1;
// evaluation
if (level) { // in days
TEST_EXPIRATION((CSHORT)_wtoi(level), 0, 0);
}
else { // 5 days default
TEST_EXPIRATION(5, 0, 0);
}
if(CertDbg) DbgPrint("Sbie Cert type: %X\n", Verify_CertInfo.type);
if (CERT_IS_TYPE(Verify_CertInfo, eCertEvaluation))
{
expiration_date.QuadPart = cert_date.QuadPart + KphGetDateInterval((CSHORT)(level ? _wtoi(level) : 7), 0, 0); // x days, default 7
Verify_CertInfo.level = eCertAdvanced;
}
else /*if (!type || _wcsicmp(type, L"PERSONAL") == 0 || _wcsicmp(type, L"PATREON") == 0 || _wcsicmp(type, L"SUPPORTER") == 0) */ {
// persistent
else if (level && _wcsicmp(type, L"STANDARD") == 0)
Verify_CertInfo.level = eCertStandard;
else if (level && _wcsicmp(type, L"ADVANCED") == 0)
Verify_CertInfo.level = eCertAdvanced;
// scheme 1.1 >>>
else if (CERT_IS_TYPE(Verify_CertInfo, eCertPersonal) || CERT_IS_TYPE(Verify_CertInfo, eCertPatreon))
{
if (level && _wcsicmp(level, L"HUGE") == 0) {
//
}
else if (level && _wcsicmp(level, L"LARGE") == 0 && cert_date.QuadPart < KphGetDate(1,04,2022)) { // valid for all builds released with 2 years
TEST_CERT_DATE(0, 0, 2); // no real expiration just ui reminder - old certs
Verify_CertInfo.type = eCertEternal;
Verify_CertInfo.level = eCertMaxLevel;
}
else if (level && _wcsicmp(level, L"LARGE") == 0) { // valid for all builds released with 2 years
TEST_VALIDITY(0, 0, 2);
else if (level && _wcsicmp(level, L"LARGE") == 0) { // 2 years - personal
Verify_CertInfo.level = eCertAdvanced;
expiration_date.QuadPart = cert_date.QuadPart + KphGetDateInterval(0, 0, 2); // 2 years
}
else if (level && _wcsicmp(level, L"MEDIUM") == 0) { // valid for all builds released with 1 year
TEST_VALIDITY(0, 0, 1);
else if (level && _wcsicmp(level, L"MEDIUM") == 0) { // 1 year - personal
Verify_CertInfo.level = eCertStandard;
}
// subscriptions
else if (level && _wcsicmp(level, L"TEST") == 0) { // test certificate 5 days only
TEST_EXPIRATION(5, 0, 0);
else if (level && _wcsicmp(level, L"ENTRY") == 0) { // PATREON-ENTRY new patreons get only 3 montgs for start
Verify_CertInfo.level = eCertStandard;
if(CERT_IS_TYPE(Verify_CertInfo, eCertPatreon))
Verify_CertInfo.type = eCertEntryPatreon;
expiration_date.QuadPart = cert_date.QuadPart + KphGetDateInterval(0, 3, 0);
}
else if (level && _wcsicmp(level, L"ENTRY") == 0) { // patreon entry level, first 3 months, later longer
TEST_EXPIRATION(0, 3, 0);
else if (level && _wcsicmp(level, L"SMALL") == 0) { // 1 year - subscription
Verify_CertInfo.level = eCertStandard;
Verify_CertInfo.type = eCertSubscription;
}
else /*if (!level || _wcsicmp(level, L"SMALL") == 0)*/ { // valid for 1 year
TEST_EXPIRATION(0, 0, 1);
else
Verify_CertInfo.level = eCertStandard;
}
// <<< scheme 1.1
if(CertDbg) DbgPrint("Sbie Cert level: %X\n", Verify_CertInfo.level);
if (CERT_IS_TYPE(Verify_CertInfo, eCertEternal))
expiration_date.QuadPart = -1; // at the end of time (never)
else if(!expiration_date.QuadPart)
expiration_date.QuadPart = cert_date.QuadPart + KphGetDateInterval(0, 0, 1); // default 1 year, unless set differently already
// check if this is a subscription type certificate
BOOLEAN isSubscription = CERT_IS_SUBSCRIPTION(Verify_CertInfo);
if (expiration_date.QuadPart != -1)
{
// check if this certificate is expired
if (expiration_date.QuadPart < LocalTime.QuadPart)
Verify_CertInfo.expired = 1;
Verify_CertInfo.expirers_in_sec = (ULONG)((expiration_date.QuadPart - LocalTime.QuadPart) / 10000000ll); // 100ns steps -> 1sec
// check if a non subscription type certificate is valid for the current build
if (!isSubscription && expiration_date.QuadPart < BuildDate.QuadPart)
Verify_CertInfo.outdated = 1;
}
// check if the certificate is valid
if (isSubscription ? Verify_CertInfo.expired : Verify_CertInfo.outdated)
{
if (!CERT_IS_TYPE(Verify_CertInfo, eCertEvaluation)) { // non eval certs get 1 month extra
if (expiration_date.QuadPart + KphGetDateInterval(0, 1, 0) >= LocalTime.QuadPart)
Verify_CertInfo.grace_period = 1;
}
if (!Verify_CertInfo.grace_period) {
Verify_CertInfo.active = 0;
status = STATUS_ACCOUNT_EXPIRED;
}
}
}

90
Sandboxie/core/drv/verify.h Normal file
View File

@ -0,0 +1,90 @@
/*
* Copyright (C) 2021-2023 David Xanatos, xanasoft.com
*
* Process Hacker is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Process Hacker is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Process Hacker. If not, see <http://www.gnu.org/licenses/>.
*/
#define SOFTWARE_NAME L"Sandboxie-Plus"
typedef union _SCertInfo {
unsigned long long State;
struct {
unsigned long
active : 1, // certificate is active
expired : 1, // certificate is expired but may be active
outdated : 1, // certificate is expired, not anymore valid for the current build
unused_1 : 2, // DEPRECATED
grace_period: 1, // the certificate is expired and or outdated but we keep it valid for 1 extra month to allof wor a seamless renewal
reservd_2 : 2,
type : 5,
level : 3,
reservd_3 : 8,
reservd_4 : 8;
unsigned long expirers_in_sec;
};
} SCertInfo;
enum ECertType {
eCertNoType = 0b00000,
eCertEternal = 0b00100,
eCertContributor = 0b00101,
// eCert = 0b00110,
// eCert = 0b00111,
eCertBusiness = 0b01000,
// eCert = 0b01001,
// eCert = 0b01010,
// eCert = 0b01011,
eCertPersonal = 0b01100,
// eCert = 0b01101,
// eCert = 0b01110,
// eCert = 0b01111,
eCertSubscription = 0b10000,
eCertFamily = 0b10001,
// eCert = 0b10010,
// eCert = 0b10011,
// eCertOther = 0b10100,
// eCert = 0b10101,
// eCert = 0b10110,
// eCert = 0b10111,
eCertPatreon = 0b11000,
eCertGreatPatreon = 0b11001,
eCertEntryPatreon = 0b11010,
// eCert = 0b11011,
eCertEvaluation = 0b11100
};
enum ECertLevel {
eCertNoLevel = 0b000,
eCertStandard = 0b010,
eCertAdvanced = 0b100,
eCertMaxLevel = 0b111,
};
#define CERT_IS_TYPE(cert,t) ((cert.type & 0b11100) == t)
#define CERT_IS_SUBSCRIPTION(cert) (CERT_IS_TYPE(cert, eCertBusiness) || CERT_IS_TYPE(cert, eCertSubscription) || cert.type == eCertEntryPatreon || CERT_IS_TYPE(cert, eCertEvaluation))
#define CERT_IS_INSIDER(cert) (CERT_IS_TYPE(cert, eCertEternal) || cert.type == eCertGreatPatreon)
#define CERT_IS_LEVEL(cert,l) (Verify_CertInfo.active && cert.level >= l)
extern SCertInfo Verify_CertInfo;

5
Sandboxie/core/low/LowLevel.vcxproj
View File

@ -159,11 +159,6 @@
<ItemGroup>
<ClCompile Include="init.c" />
<ClCompile Include="inject.c" />
<ClCompile Include="lowlevel_code.c">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|ARM64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">true</ExcludedFromBuild>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="lowdata.h" />

286
Sandboxie/core/low/entry_arm.asm
View File

@ -1,5 +1,5 @@
;------------------------------------------------------------------------
; Copyright 2022 David Xanatos, xanasoft.com
; Copyright 2022-2023 David Xanatos, xanasoft.com
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
@ -19,6 +19,8 @@
IMPORT EntrypointC
IMPORT DetourFunc
;EXPORT ServiceDataPtr
EXPORT SystemServiceARM64
@ -251,7 +253,7 @@ DeviceIoControlSvc
;----------------------------------------------------------------------------
; RtlFindActivationContextSectionString detour code
; detour code loading SbieDll.dll
;----------------------------------------------------------------------------
@ -272,103 +274,26 @@ DetourCodeARM64 PROC
ldr x19, InjectDataPtr ; x19 -> inject data area
;
; reatore RtlFindActCtx, copy 16 bytes
;
add x8, x19, #0x20 ; [x19].InjectData.RtlFindActCtx
ldr x9, [x8]
ldp w10, w11, [x19, #0x2C] ; [x19].InjectData.RtlFindActCtx_Bytes
stp w10, w11, [x9, #0x00]
ldp w10, w11, [x19, #0x34] ; [x19].InjectData.RtlFindActCtx_Bytes + 8
stp w10, w11, [x9, #0x08]
ldr x0, =0xFFFFFFFFFFFFFFFF ; ProcessHandle
mov x1, x9 ; BaseAddress
mov x2, #0x10 ; NumberOfBytesToFlush
;ldr x8, [x19, 0x70] ; [x19].InjectData.NtFlushInstructionCache
ldr x9, [x19] ; [x19].InjectData.SBIELOW_DATA
add x8, x9, 0xA0 ; SBIELOW_DATA.NtFlushInstructionCache_code
blr x8
;
; call LdrLoadDll for kernel32
; call DetourFunc
;
mov x20, #0x10 ; retry count
mov x0, x19 ; [x19].InjectData
bl DetourFunc
LdrLoadRetry
mov x0, #0x00 ; PathToFile
mov x1, #0x00 ; Flags
add x2, x19, 0x40 ; [x19].InjectData.KernelDll_Unicode
add x3, x19, 0x60 ; [x19].InjectData.ModuleHandle
ldr x8, [x19, 0x08] ; [x19].InjectData.LdrLoadDll
blr x8
cmp x0, #0x00
beq LdrLoadGood
sub x20, x20, #0x01
cmp x20, #0x00
bne LdrLoadRetry
b RtlFindActivationContextSectionStringError
LdrLoadGood
;
; call LdrLoadDll for sbiedll
;
mov x0, #0x00 ; PathToFile
mov x1, #0x00 ; Flags
add x2, x19, 0x50 ; [x19].InjectData.SbieDll_Unicode
add x3, x19, 0x60 ; [x19].InjectData.ModuleHandle
ldr x8, [x19, 0x08] ; [x19].InjectData.LdrLoadDll
blr x8
cmp x0, #0x00
bne RtlFindActivationContextSectionStringError
; cmp x0, #0x00
; bne DetourError
;
; call the custom MyGetProcedureAddress implemented in c
; which calls LdrGetProcedureAddress for sbiedll ordinal 1,
; this forces ntdll to initialize sbiedll and returns the address to call
;
; in ARM64EC mode it returns the native function address instead of the FFS sequence
; resume execution or original function
;
ldr x0, [x19, 0x60] ; [x19].InjectData.ModuleHandle
mov x1, #0x00 ; FunctionName
mov x2, #0x01 ; Ordinal
add x3, x19, 0x68 ; [x19].InjectData.SbieDllOrdinal1
mov x4, x19 ; [x19].InjectData
;ldr x8, [x19, 0x10] ; [x19].InjectData.LdrGetProcAddr
ldr x8, [x19, 0x70] ; [x19].InjectData.MyGetProcAddr
blr x8
cmp x0, #0x00
bne RtlFindActivationContextSectionStringError
;
; pass control to ordinal 1, which will free the inject
; data area, and pass control to the original function
; RtlFindActivationContextSectionString
;
; note that we need to pass the address of the inject
; data area to ordinal 1, which we do by overwriting the
; first argument. the original argument is saved in
; the inject data area
;
ldr x8, [sp, #0x00]
str x8, [x19, 0x08] ; [x19].InjectData.LdrLoadDll
mov x0, x19
ldr x1, [sp, #0x08]
ldp x0, x1, [sp, #0x00]
ldp x2, x3, [sp, #0x10]
ldp x4, x5, [sp, #0x20]
ldp x6, x7, [sp, #0x30]
ldr x8, [x19, 0x68] ; [x19].InjectData.SbieDllOrdinal1
ldr x8, [x19, 0x08] ; [x19].InjectData.RtlFindActCtx
add sp, sp, #0x40
ldp x19, x20, [sp], #0x10
@ -376,34 +301,170 @@ LdrLoadGood
br x8
RtlFindActivationContextSectionStringError
str x0, [sp, #0x38] ; save ntstatus
add x8, x19, 0x50 ; [x19].InjectData.SbieDll_Unicode
str x8, [x19, 0x08] ; [x19].InjectData.LdrLoadDll
add x5, x19, 0x10 ; out_response - [x19].InjectData.LdrGetProcAddr
mov x4, #0x01 ; response_buttons - ERROR_OK
mov x3, x8 ; list_of_pointers_to_parameters
mov x2, #0x01 ; mask_of_strings_in_list
mov x1, #0x01 ; number_of_parameters_in_list
ldr x0, =0xD0000142 ; ntstatus_message_code - (STATUS_DLL_INIT_FAILED or FORCE_ERROR_MESSAGE_BOX)
ldr x8, [x19, 0x18] ; [x19].InjectData.LdrGetProcAddr
blr x8
ldr x0, [sp, #0x38] ; restore ntstatus
add sp, sp, #0x40
ldp x19, x20, [sp], #0x10
ldp fp, lr, [sp], #0x10
ret
;DetourError
;
; add sp, sp, #0x40
; ldp x19, x20, [sp], #0x10
; ldp fp, lr, [sp], #0x10
;
; ret
ENDP
;;----------------------------------------------------------------------------
;; RtlFindActivationContextSectionString detour code
;;----------------------------------------------------------------------------
;
;
;InjectDataPtr
; DCQ 0
;DetourCodeARM64 PROC
;
; ;brk #0xF000
;
; stp fp, lr, [sp, #-0x10]!
; stp x19, x20, [sp, #-0x10]!
; sub sp, sp, #0x40
;
; stp x0, x1, [sp, #0x00]
; stp x2, x3, [sp, #0x10]
; stp x4, x5, [sp, #0x20]
; stp x6, x7, [sp, #0x30]
;
; ldr x19, InjectDataPtr ; x19 -> inject data area
;
; ;
; ; reatore RtlFindActCtx, copy 16 bytes
; ;
;
; add x8, x19, #0x20 ; [x19].InjectData.RtlFindActCtx
; ldr x9, [x8]
; ldp w10, w11, [x19, #0x2C] ; [x19].InjectData.RtlFindActCtx_Bytes
; stp w10, w11, [x9, #0x00]
; ldp w10, w11, [x19, #0x34] ; [x19].InjectData.RtlFindActCtx_Bytes + 8
; stp w10, w11, [x9, #0x08]
;
; ldr x0, =0xFFFFFFFFFFFFFFFF ; ProcessHandle
; mov x1, x9 ; BaseAddress
; mov x2, #0x10 ; NumberOfBytesToFlush
;
; ;ldr x8, [x19, 0x70] ; [x19].InjectData.NtFlushInstructionCache
; ldr x9, [x19] ; [x19].InjectData.SBIELOW_DATA
; add x8, x9, 0xA0 ; SBIELOW_DATA.NtFlushInstructionCache_code
; blr x8
;
; ;
; ; call LdrLoadDll for kernel32
; ;
;
; mov x20, #0x10 ; retry count
;
;LdrLoadRetry
; mov x0, #0x00 ; PathToFile
; mov x1, #0x00 ; Flags
; add x2, x19, 0x40 ; [x19].InjectData.KernelDll_Unicode
; add x3, x19, 0x60 ; [x19].InjectData.ModuleHandle
;
; ldr x8, [x19, 0x08] ; [x19].InjectData.LdrLoadDll
; blr x8
;
; cmp x0, #0x00
; beq LdrLoadGood
; sub x20, x20, #0x01
; cmp x20, #0x00
; bne LdrLoadRetry
; b RtlFindActivationContextSectionStringError
;
;LdrLoadGood
; ;
; ; call LdrLoadDll for sbiedll
; ;
;
; mov x0, #0x00 ; PathToFile
; mov x1, #0x00 ; Flags
; add x2, x19, 0x50 ; [x19].InjectData.SbieDll_Unicode
; add x3, x19, 0x60 ; [x19].InjectData.ModuleHandle
;
; ldr x8, [x19, 0x08] ; [x19].InjectData.LdrLoadDll
; blr x8
; cmp x0, #0x00
; bne RtlFindActivationContextSectionStringError
;
; ;
; ; call the custom MyGetProcedureAddress implemented in c
; ; which calls LdrGetProcedureAddress for sbiedll ordinal 1,
; ; this forces ntdll to initialize sbiedll and returns the address to call
; ;
; ; in ARM64EC mode it returns the native function address instead of the FFS sequence
; ;
;
; ldr x0, [x19, 0x60] ; [x19].InjectData.ModuleHandle
; mov x1, #0x00 ; FunctionName
; mov x2, #0x01 ; Ordinal
; add x3, x19, 0x68 ; [x19].InjectData.SbieDllOrdinal1
; mov x4, x19 ; [x19].InjectData
;
; ;ldr x8, [x19, 0x10] ; [x19].InjectData.LdrGetProcAddr
; ldr x8, [x19, 0x70] ; [x19].InjectData.MyGetProcAddr
; blr x8
; cmp x0, #0x00
; bne RtlFindActivationContextSectionStringError
;
; ;
; ; pass control to ordinal 1, which will free the inject
; ; data area, and pass control to the original function
; ; RtlFindActivationContextSectionString
; ;
; ; note that we need to pass the address of the inject
; ; data area to ordinal 1, which we do by overwriting the
; ; first argument. the original argument is saved in
; ; the inject data area
; ;
;
; ldr x8, [sp, #0x00]
; str x8, [x19, 0x08] ; [x19].InjectData.LdrLoadDll
; mov x0, x19
; ldr x1, [sp, #0x08]
; ldp x2, x3, [sp, #0x10]
; ldp x4, x5, [sp, #0x20]
; ldp x6, x7, [sp, #0x30]
;
; ldr x8, [x19, 0x68] ; [x19].InjectData.SbieDllOrdinal1
;
; add sp, sp, #0x40
; ldp x19, x20, [sp], #0x10
; ldp fp, lr, [sp], #0x10
;
; br x8
;
;RtlFindActivationContextSectionStringError
;
; str x0, [sp, #0x38] ; save ntstatus
;
; add x8, x19, 0x50 ; [x19].InjectData.SbieDll_Unicode
; str x8, [x19, 0x08] ; [x19].InjectData.LdrLoadDll
;
; add x5, x19, 0x10 ; out_response - [x19].InjectData.LdrGetProcAddr
; mov x4, #0x01 ; response_buttons - ERROR_OK
; mov x3, x8 ; list_of_pointers_to_parameters
; mov x2, #0x01 ; mask_of_strings_in_list
; mov x1, #0x01 ; number_of_parameters_in_list
; ldr x0, =0xD0000142 ; ntstatus_message_code - (STATUS_DLL_INIT_FAILED or FORCE_ERROR_MESSAGE_BOX)
;
; ldr x8, [x19, 0x18] ; [x19].InjectData.LdrGetProcAddr
; blr x8
;
; ldr x0, [sp, #0x38] ; restore ntstatus
;
; add sp, sp, #0x40
; ldp x19, x20, [sp], #0x10
; ldp fp, lr, [sp], #0x10
;
; ret
;
; ENDP
;----------------------------------------------------------------------------
; Parameters stored by SbieSvc
@ -433,8 +494,9 @@ SbieLowData
DCQ Start ; entry point for the detour
DCQ SbieLowData ; data location
DCQ DetourCodeARM64 ; detour code location
;----------------------------------------------------------------------------
END
END

634
Sandboxie/core/low/entry_asm.asm
View File

@ -1,6 +1,6 @@
;------------------------------------------------------------------------
; Copyright 2004-2020 Sandboxie Holdings, LLC
; Copyright 2021-2022 David Xanatos, xanasoft.com
; Copyright 2021-2023 David Xanatos, xanasoft.com
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
@ -74,16 +74,14 @@ _001: pop rcx
; removed hard coded position dependency
; key symbols are now passed as arguments to EntrypointC
; 64 bit version takes 4 arguments
; _EntrypointC(SbieLowData,_RtlFindActivationContextSectionString,_SystemService,_RtlFindActivationContextSectionString64)
; _EntrypointC(SbieLowData,_DetourCode,_SystemService)
mov rbx,rcx
add rcx, offset SbieLowData - _001
mov rdx,rbx
add rdx, offset _RtlFindActivationContextSectionString64 - _001
add rdx, offset _DetourCode - _001
mov r8,rbx
add r8, offset _SystemService - _001
;mov r9,rbx
;add r9, offset _RtlFindActivationContextSectionString - _001
call EntrypointC
@ -99,21 +97,24 @@ else ; 32-bit
EXTERN _EntrypointC@12 : PROC
_Start:
call $+5
_001: pop eax
mov edx,eax
_001: pop eax
mov edx,eax
; removed hard coded position dependency
; key symbols are now passed as arguments to EntrypointC
; 32 bit version takes 3 arguments
;_EntrypointC(SbieLowData,_RtlFindActivationContextSectionString,_SystemService)
;_EntrypointC(SbieLowData,_DetourCode,_SystemService)
add eax, offset _SystemService - _001 ;old + 96 offset
push eax
mov eax,edx
add eax, offset _RtlFindActivationContextSectionString - _001; old + 256 offset
add eax, offset _DetourCode - _001; old + 256 offset
push eax
mov eax, edx
add eax, offset SbieLowData - _001
push eax
call _EntrypointC@12
jmp eax ; jump to LdrInitializeThunk trampoline
endif ; 32-bit or 64-bit
@ -126,7 +127,6 @@ endif ; 32-bit or 64-bit
_SystemService:
;----------------------------------------------------------------------------
ifdef _WIN64 ; 64-bit
myService Proc
db 48h, 0B8h ; rax -> SbieLowData
@ -141,17 +141,17 @@ myService Proc
; because of x64 calling convention.
;
push rbp; target rsp
push rdi; target rsp
push rbx; target rip
mov r11,[rax + 0e0h] ; SbieLow.RealNtDeviceIoControlFile
add r11b,0fh
add r11b,0fh
mov rbx, r11 ; pass new rip in rbx
mov r11, rsp ; restore stack in r11
mov rbx, r11 ; pass new rip in rbx
mov r11, rsp ; restore stack in r11
add r11, 10h
mov rbp, r11 ; pass stack frame in rbp
mov rdi, r11 ; pass stack frame in rbp
API_NUM_ARGS = 8
sub rsp, (API_NUM_ARGS + 1 + 2 + 10) * 8
@ -225,17 +225,16 @@ myService Proc
mov qword ptr [rsp+8*8], rdx
mov qword ptr [rsp+9*8], rdx
lea r10, [r10+80h] ; r10 -> SbieLow.NtDeviceIoControlFile
lea r10, [r10+80h] ; r10 -> SbieLow.NtDeviceIoControlFile_code
call r10
add rsp, (API_NUM_ARGS + 1 + 2 + 10) * 8
pop rbx
pop rbp
pop rdi
ret
myService ENDP
;----------------------------------------------------------------------------
else ; 32-bit
@ -297,7 +296,7 @@ else ; 32-bit
push 0
push [edx+2*8] ; push SbieLow.api_device_handle
lea eax, [edx+80h] ; eax -> SbieLow.NtDeviceIoControlFile
lea eax, [edx+80h] ; eax -> SbieLow.NtDeviceIoControlFile_code
call eax
;
@ -316,160 +315,25 @@ else ; 32-bit
neg ecx
mov ecx, [esp+ecx]
jmp ecx ; return to caller
endif ; 32-bit or 64-bit
;----------------------------------------------------------------------------
; Inject Data Area for our RtlFindActivationContextSectionString
; detour code
;----------------------------------------------------------------------------
InjectData struct ; keep in sync with inject.c
dq ? ; 0x00
LdrLoadDll dq ? ; 0x08
LdrGetProcAddr dq ? ; 0x10
NtRaiseHardError dq ? ; 0x18
RtlFindActCtx dq ? ; 0x20
RtlFindActCtx_Protect dd ? ; 0x28
RtlFindActCtx_Bytes db 20 dup (?) ; 0x2C
KernelDll_Unicode dq 2 dup (?) ; 0x40
SbieDll_Unicode dq 2 dup (?) ; 0x50
ModuleHandle dq ? ; 0x60
SbieDllOrdinal1 dq ? ; 0x68
sbielow_data dq ? ; 0x00
RtlFindActCtx dq ? ; 0x08
InjectData ends
;----------------------------------------------------------------------------
; 32-bit RtlFindActivationContextSectionString detour code
;----------------------------------------------------------------------------
_RtlFindActivationContextSectionString:
ifndef _WIN64 ; 32-bit
mov edx, 0 ; edx -> inject data area
push esi
mov esi, edx ; esi -> inject data area
mov eax, dword ptr [esi].InjectData.RtlFindActCtx
mov dl, byte ptr [esi].InjectData.RtlFindActCtx_Bytes
mov byte ptr [eax], dl
mov edx, dword ptr [esi].InjectData.RtlFindActCtx_Bytes+1
mov dword ptr [eax+1], edx
;
; call LdrLoadDll for kernel32
;
mov ecx, 10h ;number of retries
LdrLoadDll_Retry:
push ecx
lea eax, [esi].InjectData.ModuleHandle
push eax
lea eax, [esi].InjectData.KernelDll_Unicode
push eax
push 0
push 0
call dword ptr [esi].InjectData.LdrLoadDll
pop ecx
test eax, eax
jz LdrLoadDll_Good
loop LdrLoadDll_Retry
; retry failed 16 times: raise error
jmp RtlFindActivationContextSectionStringError
LdrLoadDll_Good:
;
; call LdrLoadDll for sbiedll
;
lea eax, [esi].InjectData.ModuleHandle
push eax
lea eax, [esi].InjectData.SbieDll_Unicode
push eax
push 0
push 0
call dword ptr [esi].InjectData.LdrLoadDll
test eax, eax
jnz RtlFindActivationContextSectionStringError
;
; call LdrGetProcedureAddress for sbiedll ordinal 1,
; which forces ntdll to initialize sbiedll
;
lea eax, [esi].InjectData.SbieDllOrdinal1
push eax
push 1
push 0
push dword ptr [esi].InjectData.ModuleHandle
call dword ptr [esi].InjectData.LdrGetProcAddr
test eax, eax
jnz RtlFindActivationContextSectionStringError
;
; pass control to ordinal 1, which will free the inject
; data area, and pass control to the original function
; RtlFindActivationContextSectionString
;
; note that we need to pass the address of the inject
; data area to ordinal 1, which we do by overwriting the
; first argument. the original argument is saved in
; the inject data area
;
mov eax, esi
xchg eax, dword ptr [esp+4*2]
mov dword ptr [esi].InjectData.LdrLoadDll, eax
mov eax, esi
pop esi
jmp dword ptr [eax].InjectData.SbieDllOrdinal1
;
; display error message, invoke NtRaiseHardError(
; NTSTATUS ntstatus_message_code,
; ULONG number_of_parameters_in_list,
; ULONG mask_of_strings_in_list,
; ULONG_PTR *list_of_pointers_to_parameters,
; ULONG response_buttons,
; ULONG *out_response)
;
RtlFindActivationContextSectionStringError:
STATUS_DLL_INIT_FAILED = 0C0000142h
FORCE_ERROR_MESSAGE_BOX = 010000000h
push eax ; save ntstatus
lea edx, [esi].InjectData.SbieDll_Unicode
mov dword ptr [esi].InjectData.LdrLoadDll, edx
lea edx, [esi].InjectData.LdrGetProcAddr
push edx ; out_response
push 1 ; response_buttons - ERROR_OK
lea edx, [esi].InjectData.LdrLoadDll
push edx ; list_of_pointers_to_parameters
push 1 ; mask_of_strings_in_list
push 1 ; number_of_parameters_in_list
push (STATUS_DLL_INIT_FAILED or FORCE_ERROR_MESSAGE_BOX)
call dword ptr [esi].InjectData.NtRaiseHardError
pop eax ; pop error ntstatus to return
pop esi
ret 14h ; return to caller with error
endif ; 32-bit or 64-bit
;----------------------------------------------------------------------------
; 64-bit RtlFindActivationContextSectionString detour code
;----------------------------------------------------------------------------
ifdef _WIN64 ; 64-bit
dq 0h ;inject data area address
_RtlFindActivationContextSectionString64:
EXTERN DetourFunc : PROC
dq 0h ;inject data area address
_DetourCode:
mov rax, qword ptr [$-8] ; rax -> inject data area
push rsi ; save rsi, and align stack
@ -482,134 +346,367 @@ dq 0h ;inject data area address
mov rsi, rax ; rsi -> inject data area
mov rax, qword ptr [rsi].InjectData.RtlFindActCtx
;replace 12bytes
mov rdx, qword ptr [rsi].InjectData.RtlFindActCtx_Bytes
mov qword ptr [rax], rdx
mov edx, dword ptr [rsi].InjectData.RtlFindActCtx_Bytes + 8
mov dword ptr [rax+8], edx
;
; call LdrLoadDll for kernel32
;
;; retry loop
mov qword ptr [rsi].InjectData.RtlFindActCtx_Bytes, rbx
mov rbx, 010h
LdrLoadRetry:
xor rcx, rcx
xor rdx, rdx
lea r8, [rsi].InjectData.KernelDll_Unicode
lea r9, [rsi].InjectData.ModuleHandle
;cmp rbx,1
;jnz LdrTestLoop
call qword ptr [rsi].InjectData.LdrLoadDll
test eax, eax
jz LdrLoadGood
;LdrTestLoop:
dec rbx
test rbx, rbx
jnz LdrLoadRetry ;loop LdrLoadRetry
jmp RtlFindActivationContextSectionStringError
LdrLoadGood:
mov rbx, qword ptr [rsi].InjectData.RtlFindActCtx_Bytes
;
; call LdrLoadDll for sbiedll
; call DetourFunc
;
xor rcx, rcx
xor rdx, rdx
lea r8, [rsi].InjectData.SbieDll_Unicode
lea r9, [rsi].InjectData.ModuleHandle
call qword ptr [rsi].InjectData.LdrLoadDll
test eax, eax
jnz RtlFindActivationContextSectionStringError
;
; call LdrGetProcedureAddress for sbiedll ordinal 1,
; which forces ntdll to initialize sbiedll
;
mov rcx, qword ptr [rsi].InjectData.ModuleHandle
mov rcx, rsi
xor rdx, rdx
xor r8, r8
inc r8
lea r9, [rsi].InjectData.SbieDllOrdinal1
call qword ptr [rsi].InjectData.LdrGetProcAddr
xor r9, r9
call DetourFunc
test eax, eax
jnz RtlFindActivationContextSectionStringError
; test eax, eax
; jnz DetourError
;
; pass control to ordinal 1, which will free the inject
; data area, and pass control to the original function
; RtlFindActivationContextSectionString
;
; note that we need to pass the address of the inject
; data area to ordinal 1, which we do by overwriting the
; first argument. the original argument is saved in
; the inject data area
; resume execution or original function
;
mov rax, qword ptr [rsp+4*8]
mov qword ptr [rsi].InjectData.LdrLoadDll, rax
mov rcx, rsi
mov rcx, qword ptr [rsp+4*8]
mov rdx, qword ptr [rsp+5*8]
mov r8, qword ptr [rsp+6*8]
mov r9, qword ptr [rsp+7*8]
add rsp, 8*8
mov rax, qword ptr [rsi].InjectData.RtlFindActCtx
pop rsi
jmp qword ptr [rcx].InjectData.SbieDllOrdinal1
jmp rax
;DetourError:
;
; add rsp, 8*8
; pop rsi
; ret ; return to caller with error
else ; 32-bit
EXTERN _DetourFunc@4 : PROC
_DetourCode:
mov edx, 0 ; edx -> inject data area
push esi
mov esi, edx ; esi -> inject data area
;
; display error message, invoke NtRaiseHardError(
; NTSTATUS ntstatus_message_code,
; ULONG number_of_parameters_in_list,
; ULONG mask_of_strings_in_list,
; ULONG_PTR *list_of_pointers_to_parameters,
; ULONG response_buttons,
; ULONG *out_response)
; call DetourFunc
;
push esi
call _DetourFunc@4
; test eax, eax
; jnz DetourError
;
; resume execution or original function
;
RtlFindActivationContextSectionStringError:
STATUS_DLL_INIT_FAILED = 0C0000142h
FORCE_ERROR_MESSAGE_BOX = 010000000h
mov qword ptr [rsp+7*8], rax ; save ntstatus
mov ecx, \ ; ntstatus_message_code
(STATUS_DLL_INIT_FAILED or FORCE_ERROR_MESSAGE_BOX)
mov eax, dword ptr [esi].InjectData.RtlFindActCtx
pop esi
jmp eax
xor rdx, rdx ; number_of_parameters_in_list
inc rdx
;DetourError:
;
; pop esi
; ret 14h ; return to caller with error
mov r8, rdx ; mask_of_strings_in_list
endif ; 32-bit or 64-bit
lea r9, \ ; list_of_pointers_to_parameters
[esi].InjectData.LdrLoadDll
lea rax, [rsi].InjectData.SbieDll_Unicode
mov qword ptr [r9], rax
mov \ ; response_buttons - ERROR_OK
qword ptr [rsp+4*8], rdx
lea rax, [rsi].InjectData.LdrGetProcAddr
mov \ ; out_response
qword ptr [rsp+5*8], rax
call qword ptr [rsi].InjectData.NtRaiseHardError
mov rax, qword ptr [rsp+7*8] ; restore ntstatus
add rsp, 8*8
pop rsi
ret ; return to caller with error
endif ; 64-bit
;;----------------------------------------------------------------------------
;; Inject Data Area for our RtlFindActivationContextSectionString
;;----------------------------------------------------------------------------
;
;
;InjectData struct ; keep in sync with inject.c
; dq ? ; 0x00
;LdrLoadDll dq ? ; 0x08
;LdrGetProcAddr dq ? ; 0x10
;NtRaiseHardError dq ? ; 0x18
;RtlFindActCtx dq ? ; 0x20
;RtlFindActCtx_Protect dd ? ; 0x28
;RtlFindActCtx_Bytes db 20 dup (?) ; 0x2C
;KernelDll_Unicode dq 2 dup (?) ; 0x40
;SbieDll_Unicode dq 2 dup (?) ; 0x50
;ModuleHandle dq ? ; 0x60
;SbieDllOrdinal1 dq ? ; 0x68
;InjectData ends
;
;
;;----------------------------------------------------------------------------
;; 32-bit RtlFindActivationContextSectionString detour code
;;----------------------------------------------------------------------------
;
;_RtlFindActivationContextSectionString:
;ifndef _WIN64 ; 32-bit
;
; mov edx, 0 ; edx -> inject data area
;
; push esi
; mov esi, edx ; esi -> inject data area
;
; mov eax, dword ptr [esi].InjectData.RtlFindActCtx
; mov dl, byte ptr [esi].InjectData.RtlFindActCtx_Bytes
; mov byte ptr [eax], dl
; mov edx, dword ptr [esi].InjectData.RtlFindActCtx_Bytes+1
; mov dword ptr [eax+1], edx
;
; ;
; ; call LdrLoadDll for kernel32
; ;
; mov ecx, 10h ;number of retries
;LdrLoadDll_Retry:
; push ecx
; lea eax, [esi].InjectData.ModuleHandle
; push eax
; lea eax, [esi].InjectData.KernelDll_Unicode
; push eax
; push 0
; push 0
; call dword ptr [esi].InjectData.LdrLoadDll
; pop ecx
; test eax, eax
; jz LdrLoadDll_Good
; loop LdrLoadDll_Retry
; ; retry failed 16 times: raise error
; jmp RtlFindActivationContextSectionStringError
;LdrLoadDll_Good:
; ;
; ; call LdrLoadDll for sbiedll
; ;
;
; lea eax, [esi].InjectData.ModuleHandle
; push eax
; lea eax, [esi].InjectData.SbieDll_Unicode
; push eax
; push 0
; push 0
; call dword ptr [esi].InjectData.LdrLoadDll
;
; test eax, eax
; jnz RtlFindActivationContextSectionStringError
;
; ;
; ; call LdrGetProcedureAddress for sbiedll ordinal 1,
; ; which forces ntdll to initialize sbiedll
; ;
;
; lea eax, [esi].InjectData.SbieDllOrdinal1
; push eax
; push 1
; push 0
; push dword ptr [esi].InjectData.ModuleHandle
; call dword ptr [esi].InjectData.LdrGetProcAddr
;
; test eax, eax
; jnz RtlFindActivationContextSectionStringError
;
; ;
; ; pass control to ordinal 1, which will free the inject
; ; data area, and pass control to the original function
; ; RtlFindActivationContextSectionString
; ;
; ; note that we need to pass the address of the inject
; ; data area to ordinal 1, which we do by overwriting the
; ; first argument. the original argument is saved in
; ; the inject data area
; ;
;
; mov eax, esi
; xchg eax, dword ptr [esp+4*2]
; mov dword ptr [esi].InjectData.LdrLoadDll, eax
; mov eax, esi
; pop esi
; jmp dword ptr [eax].InjectData.SbieDllOrdinal1
;
; ;
; ; display error message, invoke NtRaiseHardError(
; ; NTSTATUS ntstatus_message_code,
; ; ULONG number_of_parameters_in_list,
; ; ULONG mask_of_strings_in_list,
; ; ULONG_PTR *list_of_pointers_to_parameters,
; ; ULONG response_buttons,
; ; ULONG *out_response)
; ;
;
;RtlFindActivationContextSectionStringError:
;
; STATUS_DLL_INIT_FAILED = 0C0000142h
; FORCE_ERROR_MESSAGE_BOX = 010000000h
;
; push eax ; save ntstatus
;
; lea edx, [esi].InjectData.SbieDll_Unicode
; mov dword ptr [esi].InjectData.LdrLoadDll, edx
;
; lea edx, [esi].InjectData.LdrGetProcAddr
; push edx ; out_response
; push 1 ; response_buttons - ERROR_OK
; lea edx, [esi].InjectData.LdrLoadDll
; push edx ; list_of_pointers_to_parameters
; push 1 ; mask_of_strings_in_list
; push 1 ; number_of_parameters_in_list
; push (STATUS_DLL_INIT_FAILED or FORCE_ERROR_MESSAGE_BOX)
; call dword ptr [esi].InjectData.NtRaiseHardError
;
; pop eax ; pop error ntstatus to return
; pop esi
; ret 14h ; return to caller with error
;
;endif ; 32-bit or 64-bit
;
;
;;----------------------------------------------------------------------------
;; 64-bit RtlFindActivationContextSectionString detour code
;;----------------------------------------------------------------------------
;
;
;ifdef _WIN64 ; 64-bit
;dq 0h ;inject data area address
; _RtlFindActivationContextSectionString64:
; mov rax, qword ptr [$-8] ; rax -> inject data area
;
; push rsi ; save rsi, and align stack
; sub rsp, 8*8 ; set up local stack
;
; mov qword ptr [rsp+4*8], rcx
; mov qword ptr [rsp+5*8], rdx
; mov qword ptr [rsp+6*8], r8
; mov qword ptr [rsp+7*8], r9
;
; mov rsi, rax ; rsi -> inject data area
;
; mov rax, qword ptr [rsi].InjectData.RtlFindActCtx
;
; ;replace 12bytes
; mov rdx, qword ptr [rsi].InjectData.RtlFindActCtx_Bytes
; mov qword ptr [rax], rdx
; mov edx, dword ptr [rsi].InjectData.RtlFindActCtx_Bytes + 8
; mov dword ptr [rax+8], edx
;
; ;
; ; call LdrLoadDll for kernel32
; ;
; ;; retry loop
; mov qword ptr [rsi].InjectData.RtlFindActCtx_Bytes, rbx
; mov rbx, 010h
;
;LdrLoadRetry:
; xor rcx, rcx
; xor rdx, rdx
; lea r8, [rsi].InjectData.KernelDll_Unicode
; lea r9, [rsi].InjectData.ModuleHandle
; ;cmp rbx,1
; ;jnz LdrTestLoop
; call qword ptr [rsi].InjectData.LdrLoadDll
; test eax, eax
; jz LdrLoadGood
;;LdrTestLoop:
; dec rbx
; test rbx, rbx
; jnz LdrLoadRetry ;loop LdrLoadRetry
; jmp RtlFindActivationContextSectionStringError
;LdrLoadGood:
; mov rbx, qword ptr [rsi].InjectData.RtlFindActCtx_Bytes
;
; ;
; ; call LdrLoadDll for sbiedll
; ;
;
; xor rcx, rcx
; xor rdx, rdx
; lea r8, [rsi].InjectData.SbieDll_Unicode
; lea r9, [rsi].InjectData.ModuleHandle
; call qword ptr [rsi].InjectData.LdrLoadDll
;
; test eax, eax
; jnz RtlFindActivationContextSectionStringError
;
; ;
; ; call LdrGetProcedureAddress for sbiedll ordinal 1,
; ; which forces ntdll to initialize sbiedll
; ;
;
; mov rcx, qword ptr [rsi].InjectData.ModuleHandle
; xor rdx, rdx
; xor r8, r8
; inc r8
; lea r9, [rsi].InjectData.SbieDllOrdinal1
; call qword ptr [rsi].InjectData.LdrGetProcAddr
;
; test eax, eax
; jnz RtlFindActivationContextSectionStringError
;
; ;
; ; pass control to ordinal 1, which will free the inject
; ; data area, and pass control to the original function
; ; RtlFindActivationContextSectionString
; ;
; ; note that we need to pass the address of the inject
; ; data area to ordinal 1, which we do by overwriting the
; ; first argument. the original argument is saved in
; ; the inject data area
; ;
;
; mov rax, qword ptr [rsp+4*8]
; mov qword ptr [rsi].InjectData.LdrLoadDll, rax
; mov rcx, rsi
; mov rdx, qword ptr [rsp+5*8]
; mov r8, qword ptr [rsp+6*8]
; mov r9, qword ptr [rsp+7*8]
;
; add rsp, 8*8
; pop rsi
; jmp qword ptr [rcx].InjectData.SbieDllOrdinal1
;
; ;
; ; display error message, invoke NtRaiseHardError(
; ; NTSTATUS ntstatus_message_code,
; ; ULONG number_of_parameters_in_list,
; ; ULONG mask_of_strings_in_list,
; ; ULONG_PTR *list_of_pointers_to_parameters,
; ; ULONG response_buttons,
; ; ULONG *out_response)
; ;
;
;RtlFindActivationContextSectionStringError:
;
; STATUS_DLL_INIT_FAILED = 0C0000142h
; FORCE_ERROR_MESSAGE_BOX = 010000000h
;
; mov qword ptr [rsp+7*8], rax ; save ntstatus
;
; mov ecx, \ ; ntstatus_message_code
; (STATUS_DLL_INIT_FAILED or FORCE_ERROR_MESSAGE_BOX)
;
; xor rdx, rdx ; number_of_parameters_in_list
; inc rdx
;
; mov r8, rdx ; mask_of_strings_in_list
;
; lea r9, \ ; list_of_pointers_to_parameters
; [esi].InjectData.LdrLoadDll
; lea rax, [rsi].InjectData.SbieDll_Unicode
; mov qword ptr [r9], rax
;
; mov \ ; response_buttons - ERROR_OK
; qword ptr [rsp+4*8], rdx
;
; lea rax, [rsi].InjectData.LdrGetProcAddr
; mov \ ; out_response
; qword ptr [rsp+5*8], rax
;
; call qword ptr [rsi].InjectData.NtRaiseHardError
;
; mov rax, qword ptr [rsp+7*8] ; restore ntstatus
; add rsp, 8*8
; pop rsi
; ret ; return to caller with error
;
;endif ; 64-bit
;----------------------------------------------------------------------------
@ -631,6 +728,7 @@ SbieLowData LABEL QWORD
dq _Start
dq SbieLowData
dq _DetourCode
;----------------------------------------------------------------------------
end

153
Sandboxie/core/low/init.c
View File

@ -148,11 +148,11 @@ _FX NTSTATUS SbieApi_Ioctl(SBIELOW_DATA *data, void *parms)
//---------------------------------------------------------------------------
// SbieApi_DebugPrint
// SbieApi_LogMsg
//---------------------------------------------------------------------------
_FX NTSTATUS SbieApi_DebugPrint(SBIELOW_DATA *data, const WCHAR *text)
_FX NTSTATUS SbieApi_LogMsg(ULONG64 pNtDeviceIoControlFile, ULONG64 api_device_handle, ULONG code, const WCHAR *text)
{
NTSTATUS status = 0;
__declspec(align(8)) UNICODE_STRING64 msgtext;
@ -170,9 +170,18 @@ _FX NTSTATUS SbieApi_DebugPrint(SBIELOW_DATA *data, const WCHAR *text)
memzero(parms, sizeof(parms));
args->func_code = API_LOG_MESSAGE;
args->session_id.val = -1;
args->msgid.val = 1122;
args->msgid.val = code;
args->msgtext.val = &msgtext;
status = SbieApi_Ioctl(data, parms);
//status = SbieApi_Ioctl(data, parms);
IO_STATUS_BLOCK MyIoStatusBlock;
#ifdef _WIN64
ULONG MyIoStatusBlock32[2];
*(ULONG_PTR *)&MyIoStatusBlock = (ULONG_PTR)MyIoStatusBlock32;
#endif _WIN64
return ((P_NtDeviceIoControlFile)pNtDeviceIoControlFile)(
(HANDLE)api_device_handle, NULL, NULL, NULL, &MyIoStatusBlock,
API_SBIEDRV_CTLCODE, parms, sizeof(ULONG64) * 8, NULL, 0);
return status;
}
@ -196,7 +205,7 @@ _FX NTSTATUS SbieApi_DebugError(SBIELOW_DATA* data, ULONG error)
for(int i=28; i >= 0; i-=4)
*ptr++ = table[(error >> i) & 0xF];
return SbieApi_DebugPrint(data, text);
return SbieApi_LogMsg(data->NtDeviceIoControlFile, data->api_device_handle, 2180, text);
}
@ -223,9 +232,42 @@ _FX void WaitForDebugger(SBIELOW_DATA *data)
__debugbreak();
}
#endif
//---------------------------------------------------------------------------
// WriteMemorySafe
//---------------------------------------------------------------------------
_FX void WriteMemorySafe(SBIELOW_DATA* data, void *Address, SIZE_T Size, void *Data)
{
void *RegionBase = Address;
SIZE_T RegionSize = Size;
ULONG OldProtect;
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
PAGE_EXECUTE_READWRITE, &OldProtect);
// memcopy is not available, lets do our own
switch (Size) {
case 1: *(UCHAR*)Address = *(UCHAR*)Data; break;
case 2: *(USHORT*)Address = *(USHORT*)Data; break;
case 4: *(ULONG*)Address = *(ULONG*)Data; break;
case 8: *(ULONG64*)Address = *(ULONG64*)Data; break;
default:
for (SIZE_T i = 0; i < Size; i++)
((UCHAR*)Address)[i] = ((UCHAR*)Data)[i];
}
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
OldProtect, &OldProtect);
}
//---------------------------------------------------------------------------
// PrepSyscalls
//---------------------------------------------------------------------------
@ -233,11 +275,6 @@ _FX void WaitForDebugger(SBIELOW_DATA *data)
_FX void PrepSyscalls(SBIELOW_DATA *data, void * SystemService)
{
UCHAR *SystemServiceAsm;
void *RegionBase;
SIZE_T RegionSize;
ULONG OldProtect;
#ifdef _M_ARM64
if (data->flags.is_arm64ec) {
@ -248,7 +285,8 @@ _FX void PrepSyscalls(SBIELOW_DATA *data, void * SystemService)
// a replica of the #NtDeviceIoControlFile EC variant
//
data->NtDeviceIoControlFile = (ULONG64)&NtDeviceIoControlFileEC;
ULONG64 pNtDeviceIoControlFileEC = (ULONG64)&NtDeviceIoControlFileEC;
WriteMemorySafe(data, &data->NtDeviceIoControlFile, sizeof(ULONG64), &pNtDeviceIoControlFileEC);
//
@ -260,9 +298,9 @@ _FX void PrepSyscalls(SBIELOW_DATA *data, void * SystemService)
// we can just copy the ULONG strait out of the native function
//
DeviceIoControlSvc = *(ULONG*)&data->NtDeviceIoControlFile_code[0];
WriteMemorySafe(data, &DeviceIoControlSvc, sizeof(ULONG), &data->NtDeviceIoControlFile_code[0]);
//
// get the EcExitThunkPtr which points to
// __os_arm64x_dispatch_call_no_redirect
@ -275,11 +313,15 @@ _FX void PrepSyscalls(SBIELOW_DATA *data, void * SystemService)
ULONG* syscall_ec_data = (ULONG*)data->syscall_data;
EcExitThunkPtr = *(ULONG64*)((UINT_PTR)syscall_ec_data + syscall_ec_data[1] - 8);
UINT_PTR pEcExitThunkPtr = *(UINT_PTR*)((UINT_PTR)syscall_ec_data + syscall_ec_data[1] - 8);
WriteMemorySafe(data, &EcExitThunkPtr, sizeof(UINT_PTR), &pEcExitThunkPtr);
}
else
#endif
data->NtDeviceIoControlFile = (ULONG64)&data->NtDeviceIoControlFile_code[0];
{
ULONG64 pNtDeviceIoControlFile = (ULONG64)&data->NtDeviceIoControlFile_code[0];
WriteMemorySafe(data, &data->NtDeviceIoControlFile, sizeof(ULONG64), &pNtDeviceIoControlFile);
}
const LONG OFFSET_ULONG_PTR =
#ifdef _M_ARM64
@ -295,21 +337,14 @@ _FX void PrepSyscalls(SBIELOW_DATA *data, void * SystemService)
// to include the data area pointer
//
SystemServiceAsm = (UCHAR *)SystemService;
RegionBase = (void *)(SystemServiceAsm + OFFSET_ULONG_PTR);
RegionSize = sizeof(ULONG_PTR);
WriteMemorySafe(data, ((UCHAR *)SystemService) + OFFSET_ULONG_PTR, sizeof(ULONG_PTR), &data);
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
PAGE_EXECUTE_READWRITE, &OldProtect);
//
// store the SystemService address in pSystemService
//
*(ULONG_PTR *)(SystemServiceAsm + OFFSET_ULONG_PTR) = (ULONG_PTR)data;
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
OldProtect, &OldProtect);
data->pSystemService = (ULONG64)SystemServiceAsm;
ULONG64 SystemServicePtr = (ULONG64)SystemService;
WriteMemorySafe(data, &data->pSystemService, sizeof(ULONG64), &SystemServicePtr);
}
@ -597,33 +632,29 @@ _FX void DisableCHPE(SBIELOW_DATA* data)
if (!RtlImageOptionsEx)
return;
//
// backup bytes for trampoline
//
ULONG DetourSize = 28;
memcpy(data->RtlImageOptionsEx_tramp, RtlImageOptionsEx, DetourSize);
//
// make target writable & create detour
//
void *RegionBase;
SIZE_T RegionSize;
ULONG OldProtect;
ULONG* aCode;
RegionBase = (void*)RtlImageOptionsEx;
RegionSize = DetourSize; // 16;
//
// backup target & create simple trampoline
//
RegionBase = (void*)data->RtlImageOptionsEx_tramp;
RegionSize = sizeof(data->RtlImageOptionsEx_tramp);
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
PAGE_EXECUTE_READWRITE, &OldProtect);
ULONG* aCode = (ULONG*)RtlImageOptionsEx;
aCode[0] = 0x580000a7; // ldr x7, 20 - data
aCode[1] = 0x58000048; // ldr x8, 8 - MyImageOptionsEx
aCode[2] = 0xD61F0100; // br x8
*(DWORD64*)&aCode[3] = (DWORD64)MyImageOptionsEx;
*(DWORD64*)&aCode[5] = (DWORD64)data;
ULONG DetourSize = 28;
memcpy(data->RtlImageOptionsEx_tramp, RtlImageOptionsEx, DetourSize);
aCode = (ULONG*)(data->RtlImageOptionsEx_tramp + DetourSize); // 28
aCode[0] = 0x58000048; // ldr x8, 8 - Rest of RtlImageOptionsEx
aCode[1] = 0xD61F0100; // br x8
*(DWORD64*)&aCode[2] = (DWORD64)RtlImageOptionsEx + DetourSize;
// 44
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
@ -633,13 +664,29 @@ _FX void DisableCHPE(SBIELOW_DATA* data)
NtCurrentProcess(), RegionBase, (ULONG)RegionSize);
//
// create simple trampoline
// make target writable & create detour
//
aCode = (ULONG*)(data->RtlImageOptionsEx_tramp + DetourSize);
aCode[0] = 0x58000048; // ldr x8, 8 - Rest of RtlImageOptionsEx
aCode[1] = 0xD61F0100; // br x8
*(DWORD64*)&aCode[2] = (DWORD64)RtlImageOptionsEx + DetourSize;
RegionBase = (void*)RtlImageOptionsEx;
RegionSize = DetourSize;
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
PAGE_EXECUTE_READWRITE, &OldProtect);
aCode = (ULONG*)RtlImageOptionsEx;
aCode[0] = 0x580000a7; // ldr x7, 20 - data
aCode[1] = 0x58000048; // ldr x8, 8 - MyImageOptionsEx
aCode[2] = 0xD61F0100; // br x8
*(DWORD64*)&aCode[3] = (DWORD64)MyImageOptionsEx;
*(DWORD64*)&aCode[5] = (DWORD64)data;
//28
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
OldProtect, &OldProtect);
SBIELOW_CALL(NtFlushInstructionCache)(
NtCurrentProcess(), RegionBase, (ULONG)RegionSize);
}
#endif
@ -745,7 +792,7 @@ ULONG_PTR EntrypointC(SBIELOW_DATA *data, void *DetourCode, void *SystemService)
// WaitForDebugger(data);
//wchar_t text[] = { 't','e','s','t',0 };
//SbieApi_DebugPrint(data, text);
//SbieApi_LogMsg(data->NtDeviceIoControlFile, data->api_device_handle, 1122, text);
PrepSyscalls(data, SystemService);
if (!data->flags.bHostInject && !data->flags.bNoSysHooks)

537
Sandboxie/core/low/inject.c
View File

@ -1,6 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020-2022 David Xanatos, xanasoft.com
* Copyright 2020-2023 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -17,7 +17,7 @@
*/
//---------------------------------------------------------------------------
// Functions
// inject
//---------------------------------------------------------------------------
#include <ntstatus.h>
@ -28,12 +28,13 @@ typedef long NTSTATUS;
#include "common/win32_ntddk.h"
#include "common/defines.h"
#include "lowdata.h"
#include "core/drv/api_defs.h"
//---------------------------------------------------------------------------
// Functions
//---------------------------------------------------------------------------
_FX NTSTATUS SbieApi_LogMsg(ULONG64 pNtDeviceIoControlFile, ULONG64 api_device_handle, ULONG code, const WCHAR* text);
_FX NTSTATUS SbieApi_DebugError(SBIELOW_DATA* data, ULONG error);
UCHAR *FindDllExport(void *DllBase, const UCHAR *ProcName, ULONG *pErr);
@ -45,10 +46,27 @@ static UCHAR *FindDllExport2(
void* Hook_GetFFSTarget(UCHAR* SourceFunc);
#endif
static void InitInjectWow64(SBIELOW_DATA *data);
//static void InitInjectWow64(SBIELOW_DATA *data);
//---------------------------------------------------------------------------
typedef NTSTATUS(*P_LdrLoadDll)(
WCHAR *PathString, ULONG *DllFlags,
UNICODE_STRING *ModuleName, HANDLE *ModuleHandle);
typedef NTSTATUS (*P_LdrGetProcedureAddress)(
HANDLE ModuleHandle, ANSI_STRING *ProcName, ULONG ProcNum,
ULONG_PTR *Address);
typedef NTSTATUS (*P_NtProtectVirtualMemory)(
HANDLE ProcessHandle, PVOID *BaseAddress,
PSIZE_T RegionSize, ULONG NewProtect, PULONG OldProtect);
typedef NTSTATUS (*P_NtRaiseHardError)(
NTSTATUS ErrorStatus, ULONG NumberOfParameters, ULONG UnicodeBitMask,
ULONG_PTR *Parameters, ULONG ErrorOption, ULONG *ErrorReturn);
//---------------------------------------------------------------------------
#define SBIELOW_CALL(x) ((P_##x)&data->x##_code)
@ -176,34 +194,135 @@ _FX UCHAR *FindDllExport2(
return proc;
}
#ifdef _M_ARM64
//---------------------------------------------------------------------------
// MyGetProcedureAddress
// DetourFunc
//---------------------------------------------------------------------------
_FX NTSTATUS MyGetProcedureAddress(HMODULE ModuleHandle, PANSI_STRING FunctionName, WORD Ordinal, PVOID*FunctionAddress, INJECT_DATA *inject)
ULONG_PTR DetourFunc(INJECT_DATA *inject)
{
SBIELOW_DATA* data = (SBIELOW_DATA*)*(ULONG64*)inject;
typedef (*P_LdrGetProcedureAddress)(HMODULE, PANSI_STRING, WORD, PVOID*);
NTSTATUS status = ((P_LdrGetProcedureAddress)inject->LdrGetProcAddr)(ModuleHandle, FunctionName, Ordinal, FunctionAddress);
//
// in ARM64EC mode unwrap the FFS and return the native function
// Note: this function is invoked from the detour code, hence when running in WoW64,
// the used instance of this function will be from the 32 bit version,
// in which case we are unable to use SBIELOW_CALL and need to have a
// pointer to the appropriate 32 bit function
//
// Furthermore, on ARM64 the SBIELOW_DATA will be allocated past the 4 GB boundary
// hence in 32 bit mode we can not access it, only INJECT_DATA is available
//
if (data->flags.is_arm64ec && status >= 0) {
*FunctionAddress = Hook_GetFFSTarget(*FunctionAddress);
if (!*FunctionAddress)
return STATUS_ENTRYPOINT_NOT_FOUND;
NTSTATUS status;
UNICODE_STRING* pDllPath;
HANDLE ModuleHandle;
typedef VOID(*P_Dll_Ordinal1)(INJECT_DATA* inject);
P_Dll_Ordinal1 SbieDllOrdinal1;
void *RegionBase;
SIZE_T RegionSize;
ULONG OldProtect;
#ifdef _WIN64
SBIELOW_DATA* data = (SBIELOW_DATA*)inject->sbielow_data;
#endif
//
// restore original function
//
RegionBase = (void*)inject->RtlFindActCtx;
#ifdef _WIN64
#ifdef _M_ARM64
RegionSize = 16;
memcpy((void*)inject->RtlFindActCtx, inject->RtlFindActCtx_Bytes, 16);
SBIELOW_CALL(NtFlushInstructionCache)(
NtCurrentProcess(), (void*)inject->RtlFindActCtx, 16);
#else
RegionSize = 12;
memcpy((void*)inject->RtlFindActCtx, inject->RtlFindActCtx_Bytes, 12);
#endif
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
inject->RtlFindActCtx_Protect, &OldProtect);
#else
RegionSize = 5;
memcpy((void*)inject->RtlFindActCtx, inject->RtlFindActCtx_Bytes, 5);
((P_NtProtectVirtualMemory)inject->NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
inject->RtlFindActCtx_Protect, &OldProtect);
#endif
//
// load kernel32.dll
//
pDllPath = (UNICODE_STRING*)&inject->KernelDll;
status = ((P_LdrLoadDll)inject->LdrLoadDll)(NULL, 0, pDllPath, &ModuleHandle);
//
// load sbiedll.dll
//
if (status == 0) {
pDllPath = (UNICODE_STRING*)&inject->SbieDll;
status = ((P_LdrLoadDll)inject->LdrLoadDll)(NULL, 0, pDllPath, &ModuleHandle);
}
//
// get ordinal 1 from sbiedll
//
if (status == 0) {
status = ((P_LdrGetProcedureAddress)inject->LdrGetProcAddr)(ModuleHandle, NULL, 1, (ULONG_PTR*)&SbieDllOrdinal1);
#ifdef _M_ARM64
//
// on ARM64EC we hook the native code, hence we need to obtain the address of the native ordinal 1 from our SbieDll.dll
// instead of the FFS sequence as given by NtGetProcedureAddress when in ARM64EC mode
//
if (data->flags.is_arm64ec && status >= 0) {
SbieDllOrdinal1 = (P_Dll_Ordinal1)Hook_GetFFSTarget((UCHAR*)SbieDllOrdinal1);
//if (!SbieDllOrdinal1)
// status = STATUS_ENTRYPOINT_NOT_FOUND;
}
#endif
}
//
// call ordinal 1 of sbiedll.dll
//
if (status == 0) {
SbieDllOrdinal1(inject);
}
//
// or report error if one occurred instead
//
else {
wchar_t text[] = { 0 };
SbieApi_LogMsg(inject->NtDeviceIoControlFile, inject->api_device_handle, 2181, text);
status = 0xC0000142; // = STATUS_DLL_INIT_FAILED
ULONG_PTR Parameters[1] = { (ULONG_PTR)pDllPath };
ULONG ErrorReturn;
((P_NtRaiseHardError)inject->NtRaiseHardError)(
status | 0x10000000, // | FORCE_ERROR_MESSAGE_BOX
1, 1, Parameters, 1, &ErrorReturn);
}
return status;
}
#endif
//---------------------------------------------------------------------------
// InitInject
@ -216,7 +335,7 @@ _FX void InitInject(SBIELOW_DATA *data, void *DetourCode)
SYSCALL_DATA* syscall_data;
INJECT_DATA *inject;
SBIELOW_EXTRA_DATA *extra;
UCHAR *LdrCode, *MyHookCode;
UCHAR *HookTarget, *HookCode;
void *RegionBase;
SIZE_T RegionSize;
ULONG OldProtect;
@ -264,12 +383,12 @@ _FX void InitInject(SBIELOW_DATA *data, void *DetourCode)
//ntdll_base = (void *)(ULONG_PTR)ntdll32_base;
//
// (prior to Windows 8, the base address of ntdll32 is recorded
// (Prior to Windows 8, the base address of ntdll32 is recorded
// in offset 0x036C of the KUSER_SHARED_DATA structure, which always
// has a fixed base address of 0x7FFE0000. this is not available
// has a fixed base address of 0x7FFE0000. This is not available
// in Windows 8, so we have to rely on the driver to track this
// base address via Process_NotifyImage in core/drv/process.c.
// so we might as well use this approach for all 64-bit Windows.)
// So we might as well use this approach for all 64-bit Windows.)
//
//ULONG ntdll32_base = *(ULONG *)(0x7FFE0000 + 0x036C);
//ntdll_base = (void *)(ULONG_PTR)ntdll32_base;
@ -284,67 +403,65 @@ _FX void InitInject(SBIELOW_DATA *data, void *DetourCode)
// and RtlFindActivationContextSectionString
//
LdrCode = FindDllExport(ntdll_base,
(UCHAR *)extra + extra->LdrLoadDll_offset, &uError);
if (!LdrCode) {
inject->LdrLoadDll = (ULONG_PTR)FindDllExport(ntdll_base,
(UCHAR *)extra + extra->LdrLoadDll_offset, &uError);
#ifdef _M_ARM64
if (inject->LdrLoadDll && data->flags.is_arm64ec)
inject->LdrLoadDll = (ULONG_PTR)Hook_GetFFSTarget((UCHAR*)inject->LdrLoadDll);
#endif
if (!inject->LdrLoadDll) {
SbieApi_DebugError(data, (0x01 << 4) | uError);
return;
}
#ifdef _M_ARM64
if (data->flags.is_arm64ec)
LdrCode = Hook_GetFFSTarget(LdrCode);
#endif
if (!LdrCode) {
SbieApi_DebugError(data, 0x01d);
return;
}
inject->LdrLoadDll = (ULONG_PTR)LdrCode;
LdrCode = FindDllExport(ntdll_base,
(UCHAR *)extra + extra->LdrGetProcAddr_offset, &uError);
if (!LdrCode) {
inject->LdrGetProcAddr = (ULONG_PTR)FindDllExport(ntdll_base,
(UCHAR *)extra + extra->LdrGetProcAddr_offset, &uError);
#ifdef _M_ARM64
if (inject->LdrGetProcAddr && data->flags.is_arm64ec)
inject->LdrGetProcAddr = (ULONG_PTR)Hook_GetFFSTarget((UCHAR*)inject->LdrGetProcAddr);
#endif
if (!inject->LdrGetProcAddr) {
SbieApi_DebugError(data, (0x02 << 4) | uError);
return;
}
#ifdef _M_ARM64
if (data->flags.is_arm64ec)
LdrCode = Hook_GetFFSTarget(LdrCode);
#endif
if (!LdrCode) {
SbieApi_DebugError(data, 0x02d);
return;
}
inject->LdrGetProcAddr = (ULONG_PTR)LdrCode;
#ifdef _M_ARM64
//
// on ARM64EC we hook the native code hence we need the custom MyGetProcedureAddress
// to obtain the address of the native original 1 from our SbieDll.dll
// instead of the FFS sequence as given by NtGetProcedureAddress
//
inject->MyGetProcAddr = (ULONG_PTR)MyGetProcedureAddress;
#endif
#ifdef _WIN64
if (data->flags.is_wow64) {
LdrCode = FindDllExport(ntdll_base,
(UCHAR*)extra + extra->NtRaiseHardError_offset, &uError);
if (!LdrCode) {
inject->NtProtectVirtualMemory = (ULONG_PTR)FindDllExport(ntdll_base,
(UCHAR*)extra + extra->NtProtectVirtualMemory_offset, &uError);
if (!inject->NtProtectVirtualMemory) {
SbieApi_DebugError(data, (0x03 << 4) | uError);
return;
}
inject->NtRaiseHardError = (ULONG_PTR)LdrCode;
inject->NtRaiseHardError = (ULONG_PTR)FindDllExport(ntdll_base,
(UCHAR*)extra + extra->NtRaiseHardError_offset, &uError);
if (!inject->NtRaiseHardError) {
SbieApi_DebugError(data, (0x04 << 4) | uError);
return;
}
inject->NtDeviceIoControlFile = (ULONG_PTR)FindDllExport(ntdll_base,
(UCHAR*)extra + extra->NtDeviceIoControlFile_offset, &uError);
if (!inject->NtDeviceIoControlFile) {
SbieApi_DebugError(data, (0x05 << 4) | uError);
return;
}
}
else
#endif
{
//
// for ARM64EC we need native functions, FindDllExport can manage FFS
// however this does not work for syscalls, hence we use the native function directly
//
//
// for ARM64EC we need native functions, FindDllExport can manage FFS's
// however this does not work for syscalls, hence we use the native function directly
//
inject->NtProtectVirtualMemory = data->NativeNtProtectVirtualMemory;
inject->NtRaiseHardError = data->NativeNtRaiseHardError;
inject->NtDeviceIoControlFile = data->NtDeviceIoControlFile;
}
inject->api_device_handle = data->api_device_handle;
#ifdef _M_ARM64
@ -355,226 +472,168 @@ _FX void InitInject(SBIELOW_DATA *data, void *DetourCode)
//
if (!data->flags.is_wow64)
LdrCode = (UCHAR*)inject->LdrLoadDll;
HookTarget = (UCHAR*)inject->LdrLoadDll;
else
#endif
{
LdrCode = FindDllExport(ntdll_base,
HookTarget = FindDllExport(ntdll_base,
(UCHAR *)extra + extra->RtlFindActCtx_offset, &uError);
if (!LdrCode) {
SbieApi_DebugError(data, (0x04 << 4) | uError);
if (!HookTarget) {
SbieApi_DebugError(data, (0x05 << 4) | uError);
return;
}
}
inject->RtlFindActCtx = (ULONG_PTR)LdrCode;
inject->RtlFindActCtx = (ULONG_PTR)HookTarget;
//
// prepare unicode strings
//
inject->KernelDll_Length = (USHORT)extra->KernelDll_length;
inject->KernelDll_MaxLen = inject->KernelDll_Length + sizeof(WCHAR);
inject->KerneDll_Buf32 =
inject->KernelDll.Length = (USHORT)extra->KernelDll_length;
inject->KernelDll.MaxLen = inject->KernelDll.Length + sizeof(WCHAR);
inject->KernelDll.Buf32 =
(ULONG)((ULONG_PTR)extra + extra->KernelDll_offset);
inject->KerneDll_Buf64 =
(ULONG64)((ULONG_PTR)extra + extra->KernelDll_offset);
#ifdef _WIN64
if (data->flags.is_wow64) {
inject->KernelDll.Buf64 =
(ULONG64)((ULONG_PTR)extra + extra->KernelDll_offset);
#endif
InitInjectWow64(data);
return;
}
#endif _WIN64
//
// select the right version of SbieDll.dll
//
#ifdef _M_ARM64
if (data->flags.is_arm64ec) {
inject->SbieDll_Length = (SHORT)extra->Arm64ecSbieDll_length;
inject->SbieDll_MaxLen = inject->SbieDll_Length + sizeof(WCHAR);
inject->SbieDll_Buf64 =
inject->SbieDll.Length = (SHORT)extra->Arm64ecSbieDll_length;
inject->SbieDll.MaxLen = inject->SbieDll.Length + sizeof(WCHAR);
inject->SbieDll.Buf64 =
(ULONG64)((ULONG_PTR)extra + extra->Arm64ecSbieDll_offset);
}
else
#endif
#ifdef _WIN64
if (data->flags.is_wow64)
{
inject->SbieDll_Length = (SHORT)extra->NativeSbieDll_length;
inject->SbieDll_MaxLen = inject->SbieDll_Length + sizeof(WCHAR);
inject->SbieDll_Buf32 =
(ULONG)((ULONG_PTR)extra + extra->NativeSbieDll_offset);
inject->SbieDll_Buf64 =
inject->SbieDll.Length = (SHORT)extra->Wow64SbieDll_length;
inject->SbieDll.MaxLen = inject->SbieDll.Length + sizeof(WCHAR);
inject->SbieDll.Buf32 =
(ULONG)((ULONG_PTR)extra + extra->Wow64SbieDll_offset);
}
else
#endif
{
inject->SbieDll.Length = (SHORT)extra->NativeSbieDll_length;
inject->SbieDll.MaxLen = inject->SbieDll.Length + sizeof(WCHAR);
#ifdef _WIN64
inject->SbieDll.Buf64 =
(ULONG64)((ULONG_PTR)extra + extra->NativeSbieDll_offset);
#else
inject->SbieDll.Buf32 =
(ULONG)((ULONG_PTR)extra + extra->NativeSbieDll_offset);
#endif
}
//
// select version of RtlFindActivationContextSectionString detour code:
// because both the 32-bit and 64-bit versions of this SbieLow code must
// handle 32-bit programs, both versions include the 32-bit detour code.
// (see entry.asm)
// modify our detour code in entry.asm to include a hard coded pointer to the inject data area.
//
//
// modify our RtlFindActivationContextSectionString detour code in
// entry.asm to include a hard coded pointer to the inject data area.
#ifdef _WIN64
if (!data->flags.is_wow64) {
#ifdef _M_ARM64
MyHookCode = (UCHAR *) DetourCode;
RegionBase = (void *)(MyHookCode - 8);
RegionSize = sizeof(ULONG_PTR);
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
PAGE_EXECUTE_READWRITE, &OldProtect);
HookCode = (UCHAR*)DetourCode;
RegionBase = (void*)(HookCode - 8);
RegionSize = sizeof(ULONG_PTR);
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
PAGE_EXECUTE_READWRITE, &OldProtect);
*(ULONG_PTR *)(MyHookCode - 8) = (ULONG_PTR)inject;
*(ULONG_PTR*)(HookCode - 8) = (ULONG_PTR)inject;
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
OldProtect, &OldProtect);
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
OldProtect, &OldProtect);
RegionBase = (void *)&LdrCode[0]; // RtlFindActCtx
RegionSize = 16;
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
PAGE_EXECUTE_READWRITE, &inject->RtlFindActCtx_Protect);
memcpy(&inject->RtlFindActCtx_Bytes, LdrCode, 16);
RegionBase = (void*)&HookTarget[0]; // RtlFindActCtx
RegionSize = 16;
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
PAGE_EXECUTE_READWRITE, &inject->RtlFindActCtx_Protect);
memcpy(inject->RtlFindActCtx_Bytes, HookTarget, 16);
ULONG* aCode = (ULONG*)LdrCode;
*aCode++ = 0x58000048; // ldr x8, 8
*aCode++ = 0xD61F0100; // br x8
*(DWORD64*)aCode = (DWORD64)MyHookCode;
ULONG* aCode = (ULONG*)HookTarget;
*aCode++ = 0x58000048; // ldr x8, 8
*aCode++ = 0xD61F0100; // br x8
*(DWORD64*)aCode = (DWORD64)HookCode;
SBIELOW_CALL(NtFlushInstructionCache)(
NtCurrentProcess(), RegionBase, (ULONG)RegionSize);
#elif _WIN64
MyHookCode = (UCHAR *) DetourCode;
RegionBase = (void *)(MyHookCode - 8);
RegionSize = sizeof(ULONG_PTR);
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
PAGE_EXECUTE_READWRITE, &OldProtect);
*(ULONG_PTR *)(MyHookCode - 8) = (ULONG_PTR)inject;
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
OldProtect, &OldProtect);
RegionBase = (void *)&LdrCode[0]; // RtlFindActCtx
RegionSize = 12;
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
PAGE_EXECUTE_READWRITE, &inject->RtlFindActCtx_Protect);
memcpy(&inject->RtlFindActCtx_Bytes, LdrCode, 12);
LdrCode[0] = 0x48;
LdrCode[1] = 0xb8;
*(ULONG_PTR *)&LdrCode[2] = (ULONG_PTR)MyHookCode;
LdrCode[10] = 0xff;
LdrCode[11] = 0xe0;
SBIELOW_CALL(NtFlushInstructionCache)(
NtCurrentProcess(), RegionBase, (ULONG)RegionSize);
#else
MyHookCode = (UCHAR *)DetourCode;
RegionBase = (void *)(MyHookCode + 1);
RegionSize = sizeof(ULONG_PTR);
HookCode = (UCHAR*)DetourCode;
RegionBase = (void*)(HookCode - 8);
RegionSize = sizeof(ULONG_PTR);
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
PAGE_EXECUTE_READWRITE, &OldProtect);
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
PAGE_EXECUTE_READWRITE, &OldProtect);
*(ULONG_PTR*)(HookCode - 8) = (ULONG_PTR)inject;
*(ULONG *)(MyHookCode + 1) = (ULONG)(ULONG_PTR)inject;
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
OldProtect, &OldProtect);
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
OldProtect, &OldProtect);
RegionBase = (void*)&HookTarget[0]; // RtlFindActCtx
RegionSize = 12;
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
PAGE_EXECUTE_READWRITE, &inject->RtlFindActCtx_Protect);
memcpy(inject->RtlFindActCtx_Bytes, HookTarget, 12);
RegionBase = (void *)LdrCode; // RtlFindActCtx
RegionSize = 5;
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
PAGE_EXECUTE_READWRITE, &inject->RtlFindActCtx_Protect);
memcpy(&inject->RtlFindActCtx_Bytes, LdrCode, 5);
LdrCode[0] = 0xE9;
*(ULONG *)&LdrCode[1] = (ULONG)(MyHookCode - (LdrCode + 5));
HookTarget[0] = 0x48;
HookTarget[1] = 0xb8;
*(ULONG_PTR*)&HookTarget[2] = (ULONG_PTR)HookCode;
HookTarget[10] = 0xff;
HookTarget[11] = 0xe0;
#endif
}
else
{
HookCode = (UCHAR*)data->ptr_32bit_detour;
#else
{
HookCode = (UCHAR*)DetourCode;
#endif
RegionBase = (void*)(HookCode + 1);
RegionSize = sizeof(ULONG_PTR);
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
PAGE_EXECUTE_READWRITE, &OldProtect);
*(ULONG*)(HookCode + 1) = (ULONG)(ULONG_PTR)inject;
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
OldProtect, &OldProtect);
RegionBase = (void*)HookTarget; // RtlFindActCtx
RegionSize = 5;
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
PAGE_EXECUTE_READWRITE, &inject->RtlFindActCtx_Protect);
memcpy(inject->RtlFindActCtx_Bytes, HookTarget, 5);
HookTarget[0] = 0xE9;
*(ULONG*)&HookTarget[1] = (ULONG)(HookCode - (HookTarget + 5));
}
}
//---------------------------------------------------------------------------
// InitInjectWow64
//---------------------------------------------------------------------------
#ifdef _WIN64
_FX void InitInjectWow64(SBIELOW_DATA *data)
{
SYSCALL_DATA* syscall_data;
INJECT_DATA *inject;
SBIELOW_EXTRA_DATA *extra;
UCHAR *LdrCode, *MyCode;
void *RegionBase;
SIZE_T RegionSize;
//
// find inject and extra data areas, same as in InitInject()
//
syscall_data = (SYSCALL_DATA *)data->syscall_data;
extra = (SBIELOW_EXTRA_DATA *) (data->syscall_data + syscall_data->extra_data_offset);
inject = (INJECT_DATA *) ((UCHAR *)extra + extra->InjectData_offset);
//
// prepare unicode strings
//
inject->SbieDll_Length = (SHORT)extra->Wow64SbieDll_length;
inject->SbieDll_MaxLen = inject->SbieDll_Length + sizeof(WCHAR);
inject->SbieDll_Buf32 =
(ULONG)((ULONG_PTR)extra + extra->Wow64SbieDll_offset);
//
// the service fills INJECT_DATA.DetourCode_x86 with the right non native code
//
MyCode = inject->DetourCode_x86;
//
// modify our copied detour code to include a hard coded pointer to
// the inject data area (which is the syscall data area)
//
*(ULONG *)(MyCode + 1) = (ULONG)(ULONG_PTR)inject;
//
// hook the top of RtlFindActivationContextSectionString
// to jump to our copied detour
//
LdrCode = (UCHAR *)inject->RtlFindActCtx;
RegionBase = (void *)LdrCode;
RegionSize = 5;
SBIELOW_CALL(NtProtectVirtualMemory)(
NtCurrentProcess(), &RegionBase, &RegionSize,
PAGE_EXECUTE_READWRITE, &inject->RtlFindActCtx_Protect);
memcpy(&inject->RtlFindActCtx_Bytes, LdrCode, 5);
LdrCode[0] = 0xE9;
*(ULONG *)&LdrCode[1] = (ULONG)(MyCode - (LdrCode + 5));
}
#endif _WIN64

64
Sandboxie/core/low/lowdata.h
View File

@ -1,6 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020-2022 David Xanatos, xanasoft.com
* Copyright 2020-2023 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -103,16 +103,16 @@ typedef struct _SBIELOW_DATA {
ULONG64 RealNtDeviceIoControlFile; // offset 224
ULONG64 NtDeviceIoControlFile; // for ARM64 // offset 232
ULONG64 NativeNtRaiseHardError; // offset 240
ULONG64 NativeNtProtectVirtualMemory; // offset 240
ULONG64 NativeNtRaiseHardError; // offset 248
ULONG64 pSystemService;
ULONG64 DebugData[16];
#ifdef _WIN64
SBIELOW_J_TABLE * Sbie64bitJumpTable;
ULONG64 ntdll_wow64_base;
ULONG64 ptr_32bit_detour;
#endif
#ifdef _M_ARM64
@ -142,7 +142,9 @@ typedef struct _SBIELOW_EXTRA_DATA {
ULONG LdrLoadDll_offset;
ULONG LdrGetProcAddr_offset;
ULONG NtProtectVirtualMemory_offset;
ULONG NtRaiseHardError_offset;
ULONG NtDeviceIoControlFile_offset;
ULONG RtlFindActCtx_offset;
#ifdef _M_ARM64
ULONG RtlImageOptionsEx_offset;
@ -206,51 +208,45 @@ typedef struct _SYSCALL_DATA32 { // win32u.dll
} SYSCALL_DATA32;
//
// UNICIDE_STRING compatible with 32 and 64 bit API
//
typedef struct _UNIVERSAL_STRING {
USHORT Length;
USHORT MaxLen;
ULONG Buf32;
ULONG64 Buf64;
} UNIVERSAL_STRING;
//
// temporary data used by the Detour Code any changed to
// this structure must be synchronized with all 3 versions of the
// Detour Code as well as with the binary copies of the x86 and x64 code
//
// entry_asm.asm, entry_arm.asm and lowlevel_code.c
// in entry_asm.asm and entry_arm.asm
//
typedef struct _INJECT_DATA {
ULONG64 sbielow_data; // 0
union {
ULONG64 LdrLoadDll; // 8
ULONG64 RtlFindActCtx_SavedArg1; // todo: split this
};
ULONG64 LdrGetProcAddr; // 16
ULONG64 NtRaiseHardError; // 24
ULONG64 RtlFindActCtx; // 32
ULONG64 RtlFindActCtx; // 8
ULONG RtlFindActCtx_Protect;
UCHAR RtlFindActCtx_Bytes[20];
ULONG RtlFindActCtx_Protect; // 40
UCHAR RtlFindActCtx_Bytes[20]; // 44
ULONG64 LdrLoadDll;
ULONG64 LdrGetProcAddr;
ULONG64 NtProtectVirtualMemory;
ULONG64 NtRaiseHardError;
ULONG64 NtDeviceIoControlFile;
ULONG64 api_device_handle;
USHORT KernelDll_Length; // 64
USHORT KernelDll_MaxLen;
ULONG KerneDll_Buf32;
ULONG64 KerneDll_Buf64;
USHORT SbieDll_Length; // 80
USHORT SbieDll_MaxLen;
ULONG SbieDll_Buf32;
ULONG64 SbieDll_Buf64;
ULONG64 ModuleHandle; // 96
ULONG64 SbieDllOrdinal1; // 104
ULONG64 MyGetProcAddr; // 112
#ifdef _WIN64
UCHAR DetourCode_x86[128]; // 120
#endif _WIN64
UNIVERSAL_STRING KernelDll;
UNIVERSAL_STRING SbieDll;
} INJECT_DATA;
//---------------------------------------------------------------------------

279
Sandboxie/core/low/lowlevel_code.c
View File

@ -1,279 +0,0 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020-2022 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#ifdef _WIN64
//
// we need the 32-bit version of RtlFindActivationContextSectionString
// on both 32-bit and 64-bit versions of SbieLow, because of wow64
//
// it will not compile correctly as assembly on 64-bit, so we simply
// dump the machine code bytes here
//
UCHAR SbieDll_ShellCode_x86[] =
{
0xBA, 0, 0, 0, 0, // mov edx, 0 ; edx -> inject data area
//0xCC, // int3
0x56, // push esi
0x8B, 0xF2, // mov esi, edx ; esi -> inject data area
//
// restore bytes
//
0x8B, 0x46, 0x20, // mov eax,dword ptr [esi+20h] ; ... [esi].InjectData.RtlFindActCtx
0x8A, 0x56, 0x2C, // mov dl,byte ptr [esi+2Ch] ; ... [esi].InjectData.RtlFindActCtx_Bytes
0x88, 0x10, // mov byte ptr [eax],dl
0x8B, 0x56, 0x2D, // mov edx,dword ptr [esi+2Dh] ; ... [esi].InjectData.RtlFindActCtx_Bytes+1
0x89, 0x50, 0x01, // mov dword ptr [eax+1],edx
//
// call LdrLoadDll for kernel32
//
0xb9, 0x10, 0, 0, 0, // mov ecx, 10h
// LdrLoadDll_Retry:
//for(i = 0; i < 0x10; i++) {
0x51, // push ecx
0x8D, 0x46, 0x60, // lea eax,[esi+60h] ; ... [esi].InjectData.ModuleHandle
0x50, // push eax
0x8D, 0x46, 0x40, // lea eax,[esi+40h] ; ... [esi].InjectData.KernelDll_Unicode
0x50, // push eax
0x6A, 0x00, // push 0
0x6A, 0x00, // push 0
0xFF, 0x56, 0x08, // call dword ptr [esi+8] ; ... [esi].InjectData.LdrLoadDll
0x59, // pop ecx
0x85, 0xC0, // test eax,eax
0x74, 0x04, // jz LdrLoadDll_Good
//}
0xE2, 0xE9, // loop LdrLoadDll_Retry
0xEB, 0x34, // jmp error
// LdrLoadDll_Good:
//
// call LdrLoadDll for sbiedll
//
0x8D, 0x46, 0x60, // lea eax,[esi+60h] ; ... [esi].InjectData.ModuleHandle
0x50, // push eax
0x8D, 0x46, 0x50, // lea eax,[esi+50h] ; ... [esi].InjectData.SbieDll_Unicode
0x50, // push eax
0x6A, 0x00, // push 0
0x6A, 0x00, // push 0
0xFF, 0x56, 0x08, // call dword ptr [esi+8] ; ... [esi].InjectData.LdrLoadDll
0x85, 0xC0, // test eax,eax
0x75, 0x21, // jnz RtlFindActivationContextSectionStringError
//
// call LdrGetProcedureAddress for sbiedll ordinal 1,
// which forces ntdll to initialize sbiedll
//
0x8D, 0x46, 0x68, // lea eax,[esi+68h] ; ... [esi].InjectData.SbieDllOrdinal1
0x50, // push eax
0x6A, 0x01, // push 1
0x6A, 0x00, // push 0
0xFF, 0x76, 0x60, // push dword ptr [esi+60h] ; ... [esi].InjectData.ModuleHandle
0xFF, 0x56, 0x10, // call dword ptr [esi+10h] ; ... [esi].InjectData.LdrGetProcAddr
0x85, 0xC0, // test eax,eax
0x75, 0x0F, // jnz RtlFindActivationContextSectionStringError
//
// pass control to ordinal 1 ...
//
0x8B, 0xC6, // mov eax, esi
0x87, 0x44, 0x24, 0x08, // xchg eax, dword ptr [esp+8]
0x89, 0x46, 0x08, // mov dword ptr [esi+8],eax ; ... [esi].InjectData.LdrLoadDll ...
0x8B, 0xC6, // mov eax, esi
0x5E, // pop esi
0xFF, 0x60, 0x68, // jmp dword ptr [eax+68h] ; ... [eax].InjectData.SbieDllOrdinal1
//
// display error message ...
//
// RtlFindActivationContextSectionStringError:
0x50, // push eax
0x8D, 0x56, 0x50, // lea edx,[esi+50h] ; ... [esi].InjectData.SbieDll_Unicode
0x89, 0x56, 0x08, // mov dword ptr [esi+8],edx ; ... [esi].InjectData.LdrLoadDll ...
0x8d, 0x56, 0x10, // lea edx,[esi+10h] ; ... [esi].InjectData.LdrGetProcAddr
0x52, // push edx
0x6A, 0x01, // push 1
0x8D, 0x56, 0x08, // lea edx,[esi+8] ; ... [esi].InjectData.LdrLoadDll
0x52, // push edx
0x6A, 0x01, // push 1
0x6A, 0x01, // push 1
0x68, 0x42, 0x01, 0x00, 0xD0, // push 0D0000142h
0xFF, 0x56, 0x18, // call dword ptr [esi+18h] ; ... [esi].InjectData.NtRaiseHardError
0x58, // pop eax
0x5E, // pop esi
0xC2, 0x14, 0 // ret 14h
};
#endif
#ifdef _M_ARM64
//
// we need the x64 version of RtlFindActivationContextSectionString
//
// it will not compile correctly as assembly on arm64, so we simply
// dump the machine code bytes here
//
//UCHAR SbieDll_ShellCode_x64[] =
//{
//
// 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // inject data area address
//
// 0x48, 0x8B, 0x05, 0xF1, 0xFF, 0xFF, 0xFF, // mov rax, qword ptr [rip - 0xf] ; rax -> inject data area
//
// // 0xCC, // int3
//
// 0x56, // push rsi ; save rsi, and align stack
// 0x48, 0x83, 0xEC, 0x40, // sub rsp, 0x40 ; set up local stack
//
// 0x48, 0x89, 0x4C, 0x24, 0x20, // mov qword ptr [rsp + 0x20], rcx
// 0x48, 0x89, 0x54, 0x24, 0x28, // mov qword ptr [rsp + 0x28], rdx
// 0x4C, 0x89, 0x44, 0x24, 0x30, // mov qword ptr [rsp + 0x30], r8
// 0x4C, 0x89, 0x4C, 0x24, 0x38, // mov qword ptr [rsp + 0x38], r9
//
// 0x48, 0x8B, 0xF0, // mov rsi, rax ; rsi -> inject data area
//
// 0x48, 0x8B, 0x46, 0x20, // mov rax, qword ptr [rsi + 0x20] ; ... [rsi].InjectData.RtlFindActCtx
//
// // replace 12bytes
// 0x48, 0x8B, 0x56, 0x2C, // mov rdx, qword ptr [rsi + 0x2c] ; ... [rsi].InjectData.RtlFindActCtx_Bytes
// 0x48, 0x89, 0x10, // mov qword ptr [rax], rdx
// 0x8B, 0x56, 0x34, // mov edx, dword ptr [rsi + 0x34] ; ... [rsi].InjectData.RtlFindActCtx_Bytes + 8
// 0x89, 0x50, 0x08, // mov dword ptr [rax + 8], edx
//
// //
// // call LdrLoadDll for kernel32
// //
// //// retry loop
// 0x48, 0x89, 0x5E, 0x2C, // mov qword ptr [rsi + 0x2c], rbx ; ... [rsi].InjectData.RtlFindActCtx_Bytes ...
// 0x48, 0xC7, 0xC3, 0x10, 0x00, 0x00, 0x00, // mov rbx, 0x10
//
// // LdrLoadRetry:
// 0x48, 0x33, 0xC9, // xor rcx, rcx
// 0x48, 0x33, 0xD2, // xor rdx, rdx
// 0x4C, 0x8D, 0x46, 0x40, // lea r8, [rsi + 0x40] ; ... [rsi].InjectData.KernelDll_Unicode
// 0x4C, 0x8D, 0x4E, 0x60, // lea r9, [rsi + 0x60] ; ... [rsi].InjectData.ModuleHandle
// //cmp rbx,1
// //jnz LdrTestLoop
// 0xFF, 0x56, 0x08, // call qword ptr [rsi + 8] ; ... [rsi].InjectData.LdrLoadDll
// 0x85, 0xC0, // test eax, eax
// 0x74, 0x0A, // je 0x5e ; LdrLoadGood
// ////LdrTestLoop:
// 0x48, 0xFF, 0xCB, // dec rbx
// 0x48, 0x85, 0xDB, // test rbx, rbx
// 0x75, 0xE3, // jne 0x3f ; ;loop LdrLoadRetry
// 0xEB, 0x54, // jmp 0xb2 ; RtlFindActivationContextSectionStringError
//
// //
// // call LdrLoadDll for sbiedll
// //
// // LdrLoadGood:
// 0x48, 0x8B, 0x5E, 0x2C, // mov rbx, qword ptr [rsi + 0x2c] ; ... [rsi].InjectData.RtlFindActCtx_Bytes
// 0x48, 0x33, 0xC9, // xor rcx, rcx
// 0x48, 0x33, 0xD2, // xor rdx, rdx
// 0x4C, 0x8D, 0x46, 0x50, // lea r8, [rsi + 0x50] ; ... [rsi].InjectData.SbieDll_Unicode
// 0x4C, 0x8D, 0x4E, 0x60, // lea r9, [rsi + 0x60] ; ... [rsi].InjectData.ModuleHandle
// 0xFF, 0x56, 0x08, // call qword ptr [rsi + 8] ; ... [rsi].InjectData.LdrLoadDll
//
// 0x85, 0xC0, // test eax, eax
// 0x75, 0x3B, // jne 0xb2 ; RtlFindActivationContextSectionStringError
//
// //
// // call LdrGetProcedureAddress for sbiedll ordinal 1,
// // which forces ntdll to initialize sbiedll
// //
//
// 0x48, 0x8B, 0x4E, 0x60, // mov rcx, qword ptr [rsi + 0x60] ; ... [rsi].InjectData.ModuleHandle
// 0x48, 0x33, 0xD2, // xor rdx, rdx
// 0x4D, 0x33, 0xC0, // xor r8, r8
// 0x49, 0xFF, 0xC0, // inc r8
// 0x4C, 0x8D, 0x4E, 0x68, // lea r9, [rsi + 0x68] ; ... [rsi].InjectData.SbieDllOrdinal1
// 0xFF, 0x56, 0x10, // call qword ptr [rsi + 0x10] ; ... [rsi].InjectData.LdrGetProcAddr
//
// 0x85, 0xC0, // test eax, eax
// 0x75, 0x23, // jne 0xb2 ; RtlFindActivationContextSectionStringError
//
// //
// // pass control to ordinal 1, which will free the inject
// // data area, and pass control to the original function
// // RtlFindActivationContextSectionString
// //
// // note that we need to pass the address of the inject
// // data area to ordinal 1, which we do by overwriting the
// // first argument. the original argument is saved in
// // the inject data area
// //
//
// 0x48, 0x8B, 0x44, 0x24, 0x20, // mov rax, qword ptr [rsp + 0x20]
// 0x48, 0x89, 0x46, 0x08, // mov qword ptr [rsi + 8], rax ; ... [rsi].InjectData.LdrLoadDll ...
// 0x48, 0x8B, 0xCE, // mov rcx, rsi
// 0x48, 0x8B, 0x54, 0x24, 0x28, // mov rdx, qword ptr [rsp + 0x28]
// 0x4C, 0x8B, 0x44, 0x24, 0x30, // mov r8, qword ptr [rsp + 0x30]
// 0x4C, 0x8B, 0x4C, 0x24, 0x38, // mov r9, qword ptr [rsp + 0x38]
//
// 0x48, 0x83, 0xC4, 0x40, // add rsp, 0x40
// 0x5E, // pop rsi
// 0xFF, 0x61, 0x68, // jmp qword ptr [rcx + 0x68] ; [rcx].InjectData.SbieDllOrdinal1
//
// //
// // display error message, invoke NtRaiseHardError(
// // NTSTATUS ntstatus_message_code,
// // ULONG number_of_parameters_in_list,
// // ULONG mask_of_strings_in_list,
// // ULONG_PTR *list_of_pointers_to_parameters,
// // ULONG response_buttons,
// // ULONG *out_response)
// //
//
// //RtlFindActivationContextSectionStringError:
//
// 0x48, 0x89, 0x44, 0x24, 0x38, // mov qword ptr [rsp + 0x38], rax ; save ntstatus
// 0xB9, 0x42, 0x01, 0x00, 0xD0, // mov ecx, 0xd0000142 ; ntstatus_message_code
// 0x48, 0x33, 0xD2, // xor rdx, rdx ; number_of_parameters_in_list
// 0x48, 0xFF, 0xC2, // inc rdx
// 0x4C, 0x8B, 0xC2, // mov r8, rdx ; mask_of_strings_in_list
// 0x67, 0x4C, 0x8D, 0x4E, 0x08, // lea r9, [esi + 8] ; ... [esi].InjectData.LdrLoadDll ; list_of_pointers_to_parameters
// 0x48, 0x8D, 0x46, 0x50, // lea rax, [rsi + 0x50] ; ... [rsi].InjectData.SbieDll_Unicode
// 0x49, 0x89, 0x01, // mov qword ptr [r9], rax
// 0x48, 0x89, 0x54, 0x24, 0x20, // mov qword ptr [rsp + 0x20], rdx ; response_buttons - ERROR_OK
// 0x48, 0x8D, 0x46, 0x10, // lea rax, [rsi + 0x10] ; ... [rsi].InjectData.LdrGetProcAddr
// 0x48, 0x89, 0x44, 0x24, 0x28, // mov qword ptr [rsp + 0x28], rax ; out_response
// 0xFF, 0x56, 0x18, // call qword ptr [rsi + 0x18] ; ... [rsi].InjectData.NtRaiseHardError
// 0x48, 0x8B, 0x4C, 0x24, 0x38, // mov rcx, qword ptr [rsp + 0x38] ; restore ntstatus
// 0x48, 0x83, 0xC4, 0x40, // add rsp, 0x40
// 0x5E, // pop rsi
// 0xC3 // ret ; return to caller with error
//};
#endif

33
Sandboxie/core/svc/sbieiniserver.cpp
View File

@ -2237,7 +2237,7 @@ MSG_HEADER *SbieIniServer::RunSbieCtrl(MSG_HEADER *msg, HANDLE idProcess, bool i
NTSTATUS status = STATUS_UNSUCCESSFUL;
HANDLE hToken = NULL;
BOOL ok = TRUE;
WCHAR ctrlName[64] = { 0 };
WCHAR ctrlCmd[128] = { 0 };
//
// get token from caller session or caller process. note that on
@ -2311,19 +2311,19 @@ MSG_HEADER *SbieIniServer::RunSbieCtrl(MSG_HEADER *msg, HANDLE idProcess, bool i
bool ok2 = SetUserSettingsSectionName(hToken);
if (ok2) {
SbieApi_QueryConfAsIs(
m_sectionname, _Setting2, 0, ctrlName, sizeof(ctrlName) - 2);
m_sectionname, _Setting2, 0, ctrlCmd, sizeof(ctrlCmd) - 2);
}
else {
wcscpy(m_sectionname + 13, L"Default"); // UserSettings_Default
SbieApi_QueryConfAsIs(
m_sectionname, _Setting2, 0, ctrlName, sizeof(ctrlName) - 2);
m_sectionname, _Setting2, 0, ctrlCmd, sizeof(ctrlCmd) - 2);
}
} else if (msg->length > sizeof(MSG_HEADER)) {
ULONG len = (ULONG)(msg->length - sizeof(MSG_HEADER));
memcpy(ctrlName, (UCHAR*)msg + sizeof(MSG_HEADER), len);
ctrlName[len / sizeof(WCHAR)] = L'\0';
memcpy(ctrlCmd, (UCHAR*)msg + sizeof(MSG_HEADER), len);
ctrlCmd[len / sizeof(WCHAR)] = L'\0';
}
//
@ -2334,17 +2334,24 @@ MSG_HEADER *SbieIniServer::RunSbieCtrl(MSG_HEADER *msg, HANDLE idProcess, bool i
STARTUPINFO si;
PROCESS_INFORMATION pi;
WCHAR *args = NULL;
if (isSandboxed) {
if (*ctrlName)
args = L" -autorun";
} else {
if (!*ctrlName)
args = L" /open /sync";
//
// split the agent executable name from the arguments
//
WCHAR* end = (WCHAR*)SbieDll_FindArgumentEnd(ctrlCmd);
if (*end) {
*end++ = 0;
args = end;
}
if (SbieDll_RunFromHome(*ctrlName ? ctrlName : SBIECTRL_EXE, args, &si, NULL)) {
//
// run the agent executable from the sbie home directory,
// when none was specified fallback to SBIECTRL_EXE
//
if (SbieDll_RunFromHome(*ctrlCmd ? ctrlCmd : SBIECTRL_EXE, args, &si, NULL)) {
WCHAR *CmdLine = (WCHAR *)si.lpReserved;

4
Sandboxie/install/LICENSE.TXT
View File

@ -1,5 +1,5 @@
Copyright 2020 2023 David Xanatos (xanasoft.com)
Copyright 2004 2020 Sandboxie Holdings, LLC
Copyright 2020 - 2023 David Xanatos (xanasoft.com)
Copyright 2004 - 2020 Sandboxie Holdings, LLC
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by

7
Sandboxie/install/SandboxieVS.nsi
View File

@ -1092,6 +1092,8 @@ WriteLoop:
File /oname=${SBIEINI_EXE} "${BIN_ROOT}\SbieIni.exe"
File "whatsnew.html"
;File "${BIN_ROOT}\License.exe"
File "LICENSE.TXT"
@ -1210,6 +1212,8 @@ Function DeleteProgramFiles
Delete "$INSTDIR\${SBIEINI_EXE}"
Delete "$INSTDIR\${SBIEINI_EXE}.sig" ; leftover
Delete "$INSTDIR\whatsnew.html"
Delete "$INSTDIR\LICENSE.EXE"
Delete "$INSTDIR\LICENSE.TXT"
@ -1680,7 +1684,8 @@ Function .onGUIEnd
StrCmp $LaunchControl "Y" 0 Done
ExecWait '"$INSTDIR\${START_EXE}" run_sbie_ctrl' $0
; ExecWait '"$INSTDIR\${START_EXE}" run_sbie_ctrl' $0
ExecWait '"$INSTDIR\${START_EXE}" open_agent:"${SBIECTRL_EXE} /open /sync /postsetup"' $0
Done:

18
Sandboxie/install/Templates.ini
View File

@ -150,6 +150,9 @@ OpenFilePath=\Device\NamedPipe\XTIERRPCPIPE
# is a security attack, and must be closed
ClosedFilePath=\Device\LanmanRedirector
ClosedFilePath=\Device\Mup
#
# Block access to imdisk, force terminated proxy processes can result in a BSOD
ClosedFilePath=\Device\ImDiskCtl
# IPC
OpenIpcPath=\Windows\ApiPort
@ -3556,16 +3559,6 @@ ForceRestart=PicoTorrent.exe
# Download Managers
#
[Template_InternetDownloadManager]
Tmpl.Title=Internet Download Manager
Tmpl.Class=Download
Tmpl.Url=http://www.internetdownloadmanager.com/
Tmpl.Scan=s
# Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}
Tmpl.ScanProduct=Internet Download Manager
OpenClsid={AC746233-E9D3-49CD-862F-068F7B7CCCA4}
# prevent access to host port
# BlockPort=1001
[Template_FreeDownloadManager]
Tmpl.Title=Free Download Manager
@ -3669,9 +3662,8 @@ Tmpl.Class=Security
OpenIpcPath=\RPC Control\keysvc
[Template_Chrome_KB5027231_fix]
Tmpl.Title=Chromium fix for windows 11 with KB5027231
Tmpl.Title=Chromium fix for Windows 11 with KB5027231
Tmpl.Class=WebBrowser
Tmpl.Scan=x
#Tmpl.Scan=u
#Tmpl.ScanUpd=KB5027231
Tmpl.ScanScript=if(system.version().major != 11) return false; return system.checkUpdates("KB5027231");
@ -4175,3 +4167,5 @@ Tmpl.Entry=StrokeIt | StrokeIt
[Template_VPNTunnel]
[Template_Edge_Win11Fix]
[Template_InternetDownloadManager]

215
Sandboxie/install/kmdutil/fixdacls.cpp Normal file
View File

@ -0,0 +1,215 @@
/*
* Copyright 2023 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include "stdafx.h"
#include <stdio.h>
#include <Windows.h>
#include <AclAPI.h>
#include <Sddl.h>
#include "common/defines.h"
#include "common/my_version.h"
#include "core/dll/sbieapi.h"
#include <string>
#include <map>
extern "C" void Display_Error(PWSTR SubFuncName, DWORD LastError);
struct SDaclEntry
{
SDaclEntry() : pSid(NULL), AllowMask(0),DenyMask(0) {}
BYTE bSid[68];
PSID pSid;
ACCESS_MASK AllowMask;
ACCESS_MASK DenyMask;
};
std::map<std::wstring, SDaclEntry> ListFolderDACLs(const wchar_t* folderPath)
{
std::map<std::wstring, SDaclEntry> map;
PSECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
DWORD result = GetNamedSecurityInfoW(folderPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSecurityDescriptor);
if (result != ERROR_SUCCESS) {
Display_Error(L"GetNamedSecurityInfoW", result);
return map;
}
BOOL ok;
PACL pDacl = NULL;
BOOL bDaclPresent = FALSE;
BOOL bDaclDefaulted = FALSE;
ok = GetSecurityDescriptorDacl(pSecurityDescriptor, &bDaclPresent, &pDacl, &bDaclDefaulted);
if (!ok) {
Display_Error(L"GetSecurityDescriptorDacl", 0);
return map;
}
if (!bDaclPresent)
return map; // empty not an error
for (DWORD i = 0; i < pDacl->AceCount; ++i) {
PACE_HEADER pAceHeader = NULL;
if (!GetAce(pDacl, i, (LPVOID*)&pAceHeader)) {
//Display_Error(L"GetAce", 0);
continue;
}
PSID pSid = NULL;
ACCESS_MASK AllowMask = 0;
ACCESS_MASK DenyMask = 0;
switch (pAceHeader->AceType) {
case ACCESS_ALLOWED_ACE_TYPE: {
PACCESS_ALLOWED_ACE pAce = (PACCESS_ALLOWED_ACE)pAceHeader;
pSid = (PSID)&pAce->SidStart;
AllowMask = pAce->Mask;
break;
}
case ACCESS_DENIED_ACE_TYPE: {
PACCESS_DENIED_ACE pAce = (PACCESS_DENIED_ACE)pAceHeader;
pSid = (PSID)&pAce->SidStart;
DenyMask = pAce->Mask;
break;
}
}
if (pSid) {
LPWSTR pSidString = NULL;
if (ConvertSidToStringSidW(pSid, &pSidString)) {
SDaclEntry& entry = map[pSidString];
if (!entry.pSid) {
CopySid(sizeof(entry.bSid), entry.bSid, pSid);
entry.pSid = entry.bSid;
}
entry.AllowMask |= AllowMask;
entry.DenyMask |= DenyMask;
LocalFree(pSidString);
}
}
}
LocalFree(pSecurityDescriptor);
return map;
}
BOOL UpdateFolderDACLs(const wchar_t* folderPath, EXPLICIT_ACCESS *ea)
{
PSECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
DWORD result = GetNamedSecurityInfoW(folderPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSecurityDescriptor);
if (result != ERROR_SUCCESS) {
Display_Error(L"GetNamedSecurityInfoW", result);
return FALSE;
}
BOOL ok;
PACL pDacl = NULL;
BOOL bDaclPresent = FALSE;
BOOL bDaclDefaulted = FALSE;
ok = GetSecurityDescriptorDacl(pSecurityDescriptor, &bDaclPresent, &pDacl, &bDaclDefaulted);
if (!ok) {
Display_Error(L"GetSecurityDescriptorDacl", 0);
return FALSE;
}
if (!bDaclPresent) {
Display_Error(L"GetSecurityDescriptorDacl", ERROR_INVALID_ACCESS);
return FALSE;
}
result = SetEntriesInAclW(1, ea, pDacl, &pDacl);
if (result != ERROR_SUCCESS)
Display_Error(L"SetEntriesInAclW", result);
else {
result = SetNamedSecurityInfoW((LPWSTR)folderPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pDacl, NULL);
if (result != ERROR_SUCCESS)
Display_Error(L"SetNamedSecurityInfoW", result);
}
LocalFree(pSecurityDescriptor);
return result == ERROR_SUCCESS;
}
//---------------------------------------------------------------------------
// Kmd_FixDacls
//---------------------------------------------------------------------------
extern "C" BOOL Kmd_FixDacls()
{
WCHAR HomePath[MAX_PATH];
SbieApi_GetHomePath(NULL, 0, HomePath, MAX_PATH);
if (!*HomePath) // sbie not installed or not running
return FALSE;
//
// remove problematic permissions created when the
// win 11 shell extension was registered
// for a folder not being under program files
//
std::map<std::wstring, SDaclEntry> map = ListFolderDACLs(HomePath);
for (auto I = map.begin(); I != map.end(); ++I) {
if (I->first.length() > 44 && (
(I->first.substr(0, 13) == L"S-1-15-3-1024")
|| (I->first.substr(0, 8) == L"S-1-15-2") )) {
EXPLICIT_ACCESS ea_clear =
{
GENERIC_ALL,
REVOKE_ACCESS,
SUB_CONTAINERS_AND_OBJECTS_INHERIT,
{
NULL,
NO_MULTIPLE_TRUSTEE,
TRUSTEE_IS_SID,
TRUSTEE_IS_GROUP,
reinterpret_cast<LPTSTR>(I->second.pSid)
}
};
UpdateFolderDACLs(HomePath, &ea_clear);
}
}
//
// add read access for ALL_APP_PACKAGES
//
PSID pSid = NULL; // ALL_APP_PACKAGES
ConvertStringSidToSidW(L"S-1-15-2-1", &pSid);
EXPLICIT_ACCESS ea_set =
{
GENERIC_READ | GENERIC_EXECUTE,
SET_ACCESS,
SUB_CONTAINERS_AND_OBJECTS_INHERIT,
{
NULL,
NO_MULTIPLE_TRUSTEE,
TRUSTEE_IS_SID,
TRUSTEE_IS_GROUP,
reinterpret_cast<LPTSTR>(pSid)
}
};
UpdateFolderDACLs(HomePath, &ea_set);
LocalFree(pSid);
return TRUE;
}

23
Sandboxie/install/kmdutil/kmdutil.c
View File

@ -30,6 +30,8 @@
extern void Kmd_ScanDll(BOOLEAN silent);
extern BOOL Kmd_FixDacls();
//---------------------------------------------------------------------------
// Defines
@ -43,7 +45,8 @@ typedef enum _COMMAND {
CMD_STOP,
CMD_SCANDLL,
CMD_SCANDLL_SILENT,
CMD_MESSAGE
CMD_MESSAGE,
CMD_FIXDACLS
} COMMAND;
typedef enum _OPTIONS {
@ -224,6 +227,10 @@ BOOL Parse_Command_Line(
*Command = CMD_MESSAGE;
num_args_needed = 2;
} else if (_wcsicmp(args[1], L"fixdacls") == 0) {
*Command = CMD_FIXDACLS;
num_args_needed = 0;
} else {
*Command = CMD_ERROR;
MessageBox(NULL, L"Invalid command", L"KmdUtil",
@ -761,6 +768,16 @@ int __stdcall WinMain(
&Options))
return EXIT_FAILURE;
if (Command == CMD_MESSAGE) {
ok = Kmd_Show_Message(Driver_Name, Driver_Path);
goto finish;
}
if (Command == CMD_FIXDACLS) {
ok = Kmd_FixDacls();
goto finish;
}
ScMgr = OpenSCManager(
NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_CREATE_SERVICE);
@ -803,9 +820,7 @@ int __stdcall WinMain(
if (Command == CMD_STOP)
ok = Kmd_Stop_Service(Driver_Name);
if (Command == CMD_MESSAGE)
ok = Kmd_Show_Message(Driver_Name, Driver_Path);
finish:
if (! ok)
return EXIT_FAILURE;

14
Sandboxie/install/kmdutil/kmdutil.vcxproj
View File

@ -183,6 +183,20 @@
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="fixdacls.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">NotUsing</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">NotUsing</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieRelease|ARM64'">NotUsing</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieDebug|ARM64'">NotUsing</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">NotUsing</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">NotUsing</PrecompiledHeader>
<ExceptionHandling Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">Sync</ExceptionHandling>
<ExceptionHandling Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">Sync</ExceptionHandling>
<ExceptionHandling Condition="'$(Configuration)|$(Platform)'=='SbieRelease|ARM64'">Sync</ExceptionHandling>
<ExceptionHandling Condition="'$(Configuration)|$(Platform)'=='SbieDebug|ARM64'">Sync</ExceptionHandling>
<ExceptionHandling Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">Sync</ExceptionHandling>
<ExceptionHandling Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">Sync</ExceptionHandling>
</ClCompile>
<ClCompile Include="KmdUtil.c" />
<ClCompile Include="sbiedrv.c" />
<ClCompile Include="scandll.c" />

209
Sandboxie/install/whatsnew.html Normal file
View File

File diff suppressed because one or more lines are too long

14
Sandboxie/msgs/Sbie-English-1033.txt
View File

@ -386,6 +386,14 @@ SBIE2114 File is too large to copy into sandbox, denying access - %2
SBIE2115 File is too large to copy into sandbox, opening in read only - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll error %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll detour failed to load SbieDll.dll into target process.
.
# %2 = Mozilla Firefox
2191;pop;inf;01
SBIE2191 %2 should not be updated while running under Sandboxie.
@ -1351,6 +1359,10 @@ Upgrade to Sandboxie-Plus
Sandboxie-Plus Migration Guide
.
3469;txt;01
What's new in Sandboxie-Plus
.
3471;txt;01
&Terminate Programs
.
@ -4097,7 +4109,7 @@ Select NO to delete the Sandboxie.ini file and lose your configuration settings.
.
8055;ins;01
There is an online update of the Templates.ini and/or the translations for this version of sandboxie available, do you want to install it?
There is an online update of the Templates.ini and/or the translations for this version of Sandboxie available, do you want to install it?
.
#----------------------------------------------------------------------------

4
Sandboxie/msgs/Text-Czech-1029.txt
View File

@ -707,7 +707,7 @@ Zadejte název programu nebo složky a Sandboxie je pro Vás otevře.
.
3104;txt;01
Zadejte . (cílový charakter) k prozkoumání plochy Sanboxie.
Zadejte . (cílový charakter) k prozkoumání plochy Sandboxie.
.
3105;txt;01
@ -1495,7 +1495,7 @@ Kontrola aktualizace
.
3622;txt;01
Chcete se připojit na web Sanboxie a zjistit, zda je k dispozici nová verze programu?
Chcete se připojit na web Sandboxie a zjistit, zda je k dispozici nová verze programu?
.
3623;txt;01

2
Sandboxie/msgs/Text-Dutch-1043.txt
View File

@ -3476,7 +3476,7 @@ Wilt u Sandboxie-Plus nu downloaden?
.
6002;txt;01
Bezoek <a ID="whats_new">sandboxie-plus.com</a> voor meer informatie over de nieuwe functies van Sanboxie-Plus,
Bezoek <a ID="whats_new">sandboxie-plus.com</a> voor meer informatie over de nieuwe functies van Sandboxie-Plus,
of klik <a ID="upgrade">hier</a> om de laatste versie van het Sandboxie-Plus-installatiebestand te downloaden.
.

2
Sandboxie/msgs/Text-French-1036.txt
View File

@ -1208,7 +1208,7 @@ Re&charger la configuration
.
3505;txt;01
Contribuer à Sanboxie
Contribuer à Sandboxie
.
3451;txt;01

12
Sandboxie/msgs/Text-German-1031.txt
View File

@ -338,6 +338,14 @@ SBIE2114 Die Datei ist zu groß, um sie in die Sandbox zu kopieren, verweigere Z
SBIE2115 Die Datei ist zu groß, um sie in die Sandbox zu kopieren, öffne Datei nur schreibgeschützt - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll Fehler %2
.
2181;pop;inf;01
SBIE2181 Die LowLevel.dll Umleitung konnte SbieDll.dll nicht in den Zielprozess laden.
.
2191;pop;inf;01
SBIE2191 %2 sollte nicht aktualisiert werden, wenn es mit Sandboxie ausgeführt wird.
.
@ -1184,6 +1192,10 @@ Upgrade zu Sandboxie-Plus
Sandboxie-Plus Migrationsanleitung
.
3469;txt;01
Was ist neu in Sandboxie-Plus
.
3471;txt;01
Programme &beenden
.

2
Sandboxie/msgs/Text-Japanese-1041.txt
View File

@ -821,7 +821,7 @@ Sandboxie の個人使用は、期間を定めることなく、無償で許諾
.
3235;txt;01
この制限は、送金頂いたバージョンの Sanboxie では解除されます。
この制限は、送金頂いたバージョンの Sandboxie では解除されます。
.
3236;txt;01

14
Sandboxie/msgs/Text-Korean-1042.txt
View File

@ -386,6 +386,14 @@ SBIE2114 파일이 너무 커서 샌드박스에 복사할 수 없으므로 액
SBIE2115 파일이 너무 커서 샌드박스에 복사할 수 없으므로 읽기 전용으로 열림니다 - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll 오류 %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll 우회가 SbieDll.dll을 대상 프로세스로 로드하지 못했습니다.
.
# %2 = Mozilla Firefox
2191;pop;inf;01
SBIE2191 %2은(는) Sandboxie에서 실행되는 동안에는 업데이트하면 안됩니다.
@ -1351,6 +1359,10 @@ Sandboxie-Plus로 업그레이드
Sandboxie-Plus 마이그레이션 안내
.
3469;txt;01
Sandboxie-Plus의 새로운 기능
.
3471;txt;01
프로그램 끝내기(&T)
.
@ -3973,7 +3985,7 @@ Sandboxie의 기본 설정은 완전한 보호를 제공하지만 Sandboxie 제
.
8012;ins;01
Sanboxie 시스템 수준 드라이버를 설치하고 활성화하려면 다음을 누르십시오. 이 드라이버는 Sanboxie 응용 프로그램의 핵심입니다.
Sandboxie 시스템 수준 드라이버를 설치하고 활성화하려면 다음을 누르십시오. 이 드라이버는 Sandboxie 응용 프로그램의 핵심입니다.
.
8013;ins;01

10
Sandboxie/msgs/Text-SimpChinese-2052.txt
View File

@ -386,6 +386,14 @@ SBIE2114 文件太大无法复制到沙箱, 拒绝访问 - %2
SBIE2115 文件太大无法复制到沙箱, 以只读模式打开 - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll 错误 %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll 绕行无法将 SbieDll.dll 加载到目标进程中。
.
# %2 = Mozilla Firefox
2191;pop;inf;01
SBIE2191 不建议更新在沙盒中运行的 %2
@ -4054,7 +4062,7 @@ Sandboxie 控制程序正在运行。
.
8055;ins;01
有可用的 Templates.ini 和/或此版本沙盒的翻译的在线更新,您要安装它吗?
有可用的 Templates.ini 和/或此版本 Sandboxie 的翻译的在线更新,您要安装它吗?
.
#----------------------------------------------------------------------------

4
Sandboxie/msgs/Text-Turkish-1055.txt
View File

@ -1160,6 +1160,10 @@ Sandboxie-Plus'a Yükseltin
Sandboxie-Plus Taşıma Kılavuzu
.
3469;txt;01
Sandboxie-Plus'taki Yenilikler
.
3471;txt;01
Programları &Kapat
.

12
Sandboxie/msgs/report/Report-Albanian.txt
View File

@ -62,6 +62,14 @@ SBIE2114 File is too large to copy into sandbox, denying access - %2
SBIE2115 File is too large to copy into sandbox, opening in read only - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll error %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll detour failed to load SbieDll.dll into target process.
.
2194;pop;inf;01
SBIE2194 MSI installer requires %2 option to be set in the ini, what however weakens the isolation.
.
@ -198,6 +206,10 @@ Upgrade to Sandboxie-Plus
Sandboxie-Plus Migration Guide
.
3469;txt;01
What's new in Sandboxie-Plus
.
3484;txt;01
Resource Access
.

12
Sandboxie/msgs/report/Report-Arabic.txt
View File

@ -58,6 +58,14 @@ SBIE2114 File is too large to copy into sandbox, denying access - %2
SBIE2115 File is too large to copy into sandbox, opening in read only - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll error %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll detour failed to load SbieDll.dll into target process.
.
2194;pop;inf;01
SBIE2194 MSI installer requires %2 option to be set in the ini, what however weakens the isolation.
.
@ -178,6 +186,10 @@ Upgrade to Sandboxie-Plus
Sandboxie-Plus Migration Guide
.
3469;txt;01
What's new in Sandboxie-Plus
.
3484;txt;01
Resource Access
.

12
Sandboxie/msgs/report/Report-Bulgarian.txt
View File

@ -58,6 +58,14 @@ SBIE2114 File is too large to copy into sandbox, denying access - %2
SBIE2115 File is too large to copy into sandbox, opening in read only - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll error %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll detour failed to load SbieDll.dll into target process.
.
2194;pop;inf;01
SBIE2194 MSI installer requires %2 option to be set in the ini, what however weakens the isolation.
.
@ -178,6 +186,10 @@ Upgrade to Sandboxie-Plus
Sandboxie-Plus Migration Guide
.
3469;txt;01
What's new in Sandboxie-Plus
.
3484;txt;01
Resource Access
.

12
Sandboxie/msgs/report/Report-Croatian.txt
View File

@ -58,6 +58,14 @@ SBIE2114 File is too large to copy into sandbox, denying access - %2
SBIE2115 File is too large to copy into sandbox, opening in read only - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll error %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll detour failed to load SbieDll.dll into target process.
.
2194;pop;inf;01
SBIE2194 MSI installer requires %2 option to be set in the ini, what however weakens the isolation.
.
@ -178,6 +186,10 @@ Upgrade to Sandboxie-Plus
Sandboxie-Plus Migration Guide
.
3469;txt;01
What's new in Sandboxie-Plus
.
3484;txt;01
Resource Access
.

12
Sandboxie/msgs/report/Report-Czech.txt
View File

@ -50,6 +50,14 @@ SBIE2114 File is too large to copy into sandbox, denying access - %2
SBIE2115 File is too large to copy into sandbox, opening in read only - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll error %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll detour failed to load SbieDll.dll into target process.
.
2194;pop;inf;01
SBIE2194 MSI installer requires %2 option to be set in the ini, what however weakens the isolation.
.
@ -154,6 +162,10 @@ Upgrade to Sandboxie-Plus
Sandboxie-Plus Migration Guide
.
3469;txt;01
What's new in Sandboxie-Plus
.
3484;txt;01
Resource Access
.

12
Sandboxie/msgs/report/Report-Danish.txt
View File

@ -78,6 +78,14 @@ SBIE2114 File is too large to copy into sandbox, denying access - %2
SBIE2115 File is too large to copy into sandbox, opening in read only - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll error %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll detour failed to load SbieDll.dll into target process.
.
2194;pop;inf;01
SBIE2194 MSI installer requires %2 option to be set in the ini, what however weakens the isolation.
.
@ -255,6 +263,10 @@ Upgrade to Sandboxie-Plus
Sandboxie-Plus Migration Guide
.
3469;txt;01
What's new in Sandboxie-Plus
.
3484;txt;01
Resource Access
.

12
Sandboxie/msgs/report/Report-Dutch.txt
View File

@ -34,6 +34,14 @@ SBIE2114 File is too large to copy into sandbox, denying access - %2
SBIE2115 File is too large to copy into sandbox, opening in read only - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll error %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll detour failed to load SbieDll.dll into target process.
.
2195;pop;inf;01
SBIE2195 To run Explorer.exe sandboxed, the access for COM infrastructure must not be Open.
.
@ -94,6 +102,10 @@ Apply Supporter Certificate
Sandboxie-Plus Migration Guide
.
3469;txt;01
What's new in Sandboxie-Plus
.
4342;txt;01
Enable %2 compatibility workaround
.

12
Sandboxie/msgs/report/Report-Estonian.txt
View File

@ -78,6 +78,14 @@ SBIE2114 File is too large to copy into sandbox, denying access - %2
SBIE2115 File is too large to copy into sandbox, opening in read only - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll error %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll detour failed to load SbieDll.dll into target process.
.
2194;pop;inf;01
SBIE2194 MSI installer requires %2 option to be set in the ini, what however weakens the isolation.
.
@ -260,6 +268,10 @@ Upgrade to Sandboxie-Plus
Sandboxie-Plus Migration Guide
.
3469;txt;01
What's new in Sandboxie-Plus
.
3484;txt;01
Resource Access
.

12
Sandboxie/msgs/report/Report-Farsi.txt
View File

@ -50,6 +50,14 @@ SBIE2114 File is too large to copy into sandbox, denying access - %2
SBIE2115 File is too large to copy into sandbox, opening in read only - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll error %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll detour failed to load SbieDll.dll into target process.
.
2194;pop;inf;01
SBIE2194 MSI installer requires %2 option to be set in the ini, what however weakens the isolation.
.
@ -154,6 +162,10 @@ Upgrade to Sandboxie-Plus
Sandboxie-Plus Migration Guide
.
3469;txt;01
What's new in Sandboxie-Plus
.
3484;txt;01
Resource Access
.

12
Sandboxie/msgs/report/Report-Finnish.txt
View File

@ -58,6 +58,14 @@ SBIE2114 File is too large to copy into sandbox, denying access - %2
SBIE2115 File is too large to copy into sandbox, opening in read only - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll error %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll detour failed to load SbieDll.dll into target process.
.
2194;pop;inf;01
SBIE2194 MSI installer requires %2 option to be set in the ini, what however weakens the isolation.
.
@ -186,6 +194,10 @@ Upgrade to Sandboxie-Plus
Sandboxie-Plus Migration Guide
.
3469;txt;01
What's new in Sandboxie-Plus
.
3484;txt;01
Resource Access
.

12
Sandboxie/msgs/report/Report-French.txt
View File

@ -22,6 +22,14 @@ SBIE2114 File is too large to copy into sandbox, denying access - %2
SBIE2115 File is too large to copy into sandbox, opening in read only - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll error %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll detour failed to load SbieDll.dll into target process.
.
2196;pop;inf;01
SBIE2196 To run the MSI Installer sandboxed, the access for COM infrastructure must not be Open.
.
@ -38,6 +46,10 @@ Get Supporter Certificate
Apply Supporter Certificate
.
3469;txt;01
What's new in Sandboxie-Plus
.
7988;txt;01
Your Supporter Certificate is valid, Thank You :-)
.

12
Sandboxie/msgs/report/Report-Greek.txt
View File

@ -58,6 +58,14 @@ SBIE2114 File is too large to copy into sandbox, denying access - %2
SBIE2115 File is too large to copy into sandbox, opening in read only - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll error %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll detour failed to load SbieDll.dll into target process.
.
2194;pop;inf;01
SBIE2194 MSI installer requires %2 option to be set in the ini, what however weakens the isolation.
.
@ -178,6 +186,10 @@ Upgrade to Sandboxie-Plus
Sandboxie-Plus Migration Guide
.
3469;txt;01
What's new in Sandboxie-Plus
.
3484;txt;01
Resource Access
.

12
Sandboxie/msgs/report/Report-Hebrew.txt
View File

@ -50,6 +50,14 @@ SBIE2114 File is too large to copy into sandbox, denying access - %2
SBIE2115 File is too large to copy into sandbox, opening in read only - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll error %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll detour failed to load SbieDll.dll into target process.
.
2194;pop;inf;01
SBIE2194 MSI installer requires %2 option to be set in the ini, what however weakens the isolation.
.
@ -154,6 +162,10 @@ Upgrade to Sandboxie-Plus
Sandboxie-Plus Migration Guide
.
3469;txt;01
What's new in Sandboxie-Plus
.
3484;txt;01
Resource Access
.

12
Sandboxie/msgs/report/Report-Hungarian.txt
View File

@ -58,6 +58,14 @@ SBIE2114 File is too large to copy into sandbox, denying access - %2
SBIE2115 File is too large to copy into sandbox, opening in read only - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll error %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll detour failed to load SbieDll.dll into target process.
.
2194;pop;inf;01
SBIE2194 MSI installer requires %2 option to be set in the ini, what however weakens the isolation.
.
@ -178,6 +186,10 @@ Upgrade to Sandboxie-Plus
Sandboxie-Plus Migration Guide
.
3469;txt;01
What's new in Sandboxie-Plus
.
3484;txt;01
Resource Access
.

12
Sandboxie/msgs/report/Report-Indonesian.txt
View File

@ -58,6 +58,14 @@ SBIE2114 File is too large to copy into sandbox, denying access - %2
SBIE2115 File is too large to copy into sandbox, opening in read only - %2
.
2180;pop;inf;01
SBIE2180 LowLevel.dll error %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll detour failed to load SbieDll.dll into target process.
.
2194;pop;inf;01
SBIE2194 MSI installer requires %2 option to be set in the ini, what however weakens the isolation.
.
@ -178,6 +186,10 @@ Upgrade to Sandboxie-Plus
Sandboxie-Plus Migration Guide
.
3469;txt;01
What's new in Sandboxie-Plus
.
3484;txt;01
Resource Access
.

12
Sandboxie/msgs/report/Report-Italian.txt
View File

@ -2,5 +2,15 @@
* Missing Messages in Text-Italian-1040.txt
*==========
There are no missing messages.
2180;pop;inf;01
SBIE2180 LowLevel.dll error %2
.
2181;pop;inf;01
SBIE2181 LowLevel.dll detour failed to load SbieDll.dll into target process.
.
3469;txt;01
What's new in Sandboxie-Plus
.

Some files were not shown because too many files have changed in this diff Show More