1.0.17
This commit is contained in:
parent
f75cae0bb4
commit
32132affb6
12
CHANGELOG.md
12
CHANGELOG.md
|
@ -3,6 +3,18 @@ All notable changes to this project will be documented in this file.
|
|||
This project adheres to [Semantic Versioning](http://semver.org/).
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## [1.0.17 / 5.55.17] - 2022-04-??
|
||||
|
||||
### Fixed
|
||||
- Fixed crash issue with the new monitor mode
|
||||
|
||||
|
||||
|
||||
|
||||
## [1.0.16 / 5.55.16] - 2022-04-02
|
||||
|
||||
### Added
|
||||
|
|
|
@ -21,8 +21,8 @@
|
|||
#ifndef _MY_VERSION_H
|
||||
#define _MY_VERSION_H
|
||||
|
||||
#define MY_VERSION_BINARY 5,55,16
|
||||
#define MY_VERSION_STRING "5.55.16"
|
||||
#define MY_VERSION_BINARY 5,55,17
|
||||
#define MY_VERSION_STRING "5.55.17"
|
||||
#define MY_VERSION_COMPAT "5.55.0" // this refers to the driver ABI compatibility
|
||||
|
||||
// These #defines are used by either Resource Compiler or NSIS installer
|
||||
|
|
|
@ -192,6 +192,16 @@ _FX NTSTATUS Syscall_CheckObject(
|
|||
status = syscall_entry->handler2_func(
|
||||
proc, OpenedObject, &Name->Name, HandleInfo->GrantedAccess);
|
||||
|
||||
//
|
||||
// process/thread access has an own loggin routine
|
||||
//
|
||||
|
||||
if ((syscall_entry->name_len == 11 && memcmp(syscall_entry->name, "OpenProcess", 11) == 0) ||
|
||||
(syscall_entry->name_len == 10 && memcmp(syscall_entry->name, "OpenThread", 10) == 0) ||
|
||||
(syscall_entry->name_len == 21 && memcmp(syscall_entry->name, "AlpcOpenSenderProcess", 21) == 0) ||
|
||||
(syscall_entry->name_len == 20 && memcmp(syscall_entry->name, "AlpcOpenSenderThread", 20) == 0))
|
||||
goto skip_log;
|
||||
|
||||
if ((status != STATUS_SUCCESS)
|
||||
&& (status != STATUS_BAD_INITIAL_PC)) {
|
||||
|
||||
|
@ -200,9 +210,10 @@ _FX NTSTATUS Syscall_CheckObject(
|
|||
|
||||
WCHAR msg[256];
|
||||
RtlStringCbPrintfW(msg, sizeof(msg), L"%S (%08X) access=%08X initialized=%d", syscall_entry->name, status, HandleInfo->GrantedAccess, proc->initialized);
|
||||
Log_Msg_Process(MSG_2101, msg, puName != NULL ? puName->Buffer : L"Unnamed object", -1, proc->pid);
|
||||
Log_Msg_Process(MSG_2112, msg, puName != NULL ? puName->Buffer : L"Unnamed object", -1, proc->pid);
|
||||
}
|
||||
|
||||
skip_log:
|
||||
if (Name != &Obj_Unnamed)
|
||||
Mem_Free(Name, NameLength);
|
||||
}
|
||||
|
|
|
@ -979,7 +979,7 @@ _FX NTSTATUS Thread_CheckThreadObject(
|
|||
_FX NTSTATUS Thread_CheckObject_Common(
|
||||
PROCESS *proc, PEPROCESS ProcessObject,
|
||||
ACCESS_MASK GrantedAccess, BOOLEAN EntireProcess,
|
||||
BOOLEAN AllowTerminating)
|
||||
BOOLEAN ExplicitAccess)
|
||||
{
|
||||
ULONG_PTR pid;
|
||||
const WCHAR *pSetting;
|
||||
|
@ -988,6 +988,11 @@ _FX NTSTATUS Thread_CheckObject_Common(
|
|||
ACCESS_MASK WriteAccess;
|
||||
ACCESS_MASK ReadAccess;
|
||||
|
||||
BOOLEAN ShouldMonitorAccess = FALSE;
|
||||
void *nbuf;
|
||||
ULONG nlen;
|
||||
WCHAR *nptr;
|
||||
|
||||
if (EntireProcess) {
|
||||
Letter1 = L'P';
|
||||
WriteAccess = (GrantedAccess & PROCESS_DENIED_ACCESS_MASK);
|
||||
|
@ -1033,7 +1038,7 @@ _FX NTSTATUS Thread_CheckObject_Common(
|
|||
// (e.g. VS2012 MSBuild.exe does this with the csc.exe compiler)
|
||||
//
|
||||
|
||||
if (AllowTerminating && PsGetProcessExitProcessCalled(ProcessObject))
|
||||
if (ExplicitAccess && PsGetProcessExitProcessCalled(ProcessObject))
|
||||
goto finish;
|
||||
|
||||
|
||||
|
@ -1061,37 +1066,28 @@ _FX NTSTATUS Thread_CheckObject_Common(
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// log the cross-sandbox access attempt, based on the status code
|
||||
//
|
||||
|
||||
if (Session_MonitorCount && !proc->disable_monitor) {
|
||||
|
||||
void *nbuf;
|
||||
ULONG nlen;
|
||||
WCHAR *nptr;
|
||||
|
||||
Process_GetProcessName(proc->pool, pid, &nbuf, &nlen, &nptr);
|
||||
if (nbuf) {
|
||||
|
||||
ULONG mon_type = MONITOR_IPC;
|
||||
if (NT_SUCCESS(status))
|
||||
mon_type |= MONITOR_OPEN;
|
||||
else
|
||||
mon_type |= MONITOR_DENY;
|
||||
|
||||
--nptr; *nptr = L':';
|
||||
--nptr; *nptr = L'$';
|
||||
|
||||
Session_MonitorPut(mon_type, nptr, proc->pid);
|
||||
|
||||
Mem_Free(nbuf, nlen);
|
||||
}
|
||||
}
|
||||
ShouldMonitorAccess = TRUE;
|
||||
|
||||
finish:
|
||||
|
||||
Process_GetProcessName(proc->pool, pid, &nbuf, &nlen, &nptr);
|
||||
if (nbuf) {
|
||||
--nptr; *nptr = L':';
|
||||
--nptr; *nptr = L'$';
|
||||
}
|
||||
|
||||
ULONG mon_type = MONITOR_IPC;
|
||||
if(!NT_SUCCESS(status))
|
||||
mon_type |= MONITOR_DENY;
|
||||
else if (WriteAccess || ReadAccess)
|
||||
mon_type |= MONITOR_OPEN;
|
||||
if (!ShouldMonitorAccess)
|
||||
mon_type |= MONITOR_TRACE;
|
||||
|
||||
//
|
||||
// trace
|
||||
//
|
||||
|
@ -1111,9 +1107,23 @@ finish:
|
|||
if (Letter2) {
|
||||
RtlStringCbPrintfW(str, sizeof(str), L"(%c%c) %08X %06d",
|
||||
Letter1, Letter2, GrantedAccess, (int)pid);
|
||||
Log_Debug_Msg(MONITOR_IPC | MONITOR_TRACE, str, Driver_Empty);
|
||||
Log_Debug_Msg(mon_type, str, nptr ? nptr : Driver_Empty);
|
||||
}
|
||||
}
|
||||
else if (ShouldMonitorAccess && Session_MonitorCount && !proc->disable_monitor && nbuf != NULL) {
|
||||
|
||||
Session_MonitorPut(mon_type, nptr, proc->pid);
|
||||
}
|
||||
|
||||
if (ExplicitAccess && (status != STATUS_SUCCESS) && (status != STATUS_BAD_INITIAL_PC)) {
|
||||
|
||||
WCHAR msg[256];
|
||||
RtlStringCbPrintfW(msg, sizeof(msg), L"%s (%08X) access=%08X initialized=%d", EntireProcess ? L"OpenProcess" : L"OpenThread", status, GrantedAccess, proc->initialized);
|
||||
Log_Msg_Process(MSG_2111, msg, nptr != NULL ? nptr : L"Unnamed process", -1, proc->pid);
|
||||
}
|
||||
|
||||
if (nbuf)
|
||||
Mem_Free(nbuf, nlen);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
|
|
@ -97,7 +97,7 @@ THREAD *Thread_GetByThreadId(PROCESS *proc, HANDLE tid);
|
|||
NTSTATUS Thread_CheckObject_Common(
|
||||
PROCESS *proc, PEPROCESS ProcessObject,
|
||||
ACCESS_MASK GrantedAccess, BOOLEAN EntireProcess,
|
||||
BOOLEAN AllowTerminating);
|
||||
BOOLEAN ExplicitAccess);
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
|
|
@ -354,6 +354,14 @@ SBIE2108 Faking successful completion for program '%2'
|
|||
# SBIE2110 Preparing WinSxS dependencies for '%2'
|
||||
# .
|
||||
|
||||
2111;pop;inf;01
|
||||
SBIE2111 Process is not accessible: %3, call %2
|
||||
.
|
||||
|
||||
2112;pop;inf;01
|
||||
SBIE2112 Object is not accessible: %3, call %2
|
||||
.
|
||||
|
||||
# %2 = Mozilla Firefox
|
||||
2191;pop;inf;01
|
||||
SBIE2191 %2 should not be updated while running under Sandboxie.
|
||||
|
|
|
@ -135,7 +135,10 @@ SB_STATUS CSandBox::RunSandboxed(const QString& Command)
|
|||
|
||||
SB_STATUS CSandBox::TerminateAll()
|
||||
{
|
||||
return m_pAPI->TerminateAll(m_Name);
|
||||
SB_STATUS Status = m_pAPI->TerminateAll(m_Name);
|
||||
if(!Status.IsError())
|
||||
m_ActiveProcessCount = 0;
|
||||
return Status;
|
||||
}
|
||||
|
||||
bool CSandBox::IsEmpty() const
|
||||
|
|
|
@ -2412,8 +2412,6 @@ bool CSbieAPI::GetMonitor()
|
|||
QStringList LogData;
|
||||
for (size_t pos = 0; pos < log_buffer.Length; ) {
|
||||
size_t len = wcslen((WCHAR*)(log_buffer.Buffer + pos));
|
||||
if (len == 0)
|
||||
break;
|
||||
LogData.append(QString::fromWCharArray((WCHAR*)(log_buffer.Buffer + pos), len));
|
||||
pos += (len + 1) * sizeof(WCHAR);
|
||||
}
|
||||
|
|
|
@ -63,7 +63,7 @@ CTraceEntry::CTraceEntry(quint32 ProcessId, quint32 ThreadId, quint32 Type, cons
|
|||
{
|
||||
m_ProcessId = ProcessId;
|
||||
m_ThreadId = ThreadId;
|
||||
m_Name = LogData.first();
|
||||
m_Name = LogData.length() > 0 ? LogData.at(0) : QString("(empty)");
|
||||
m_Message = LogData.length() > 1 ? LogData.at(1) : QString();
|
||||
m_Type.Flags = Type;
|
||||
|
||||
|
|
|
@ -229,8 +229,6 @@ void COptionsWindow::ParseAndAddAccessEntry(EAccessEntry EntryType, const QStrin
|
|||
QStringList Values = Value.split(",");
|
||||
if (Values.count() >= 2)
|
||||
AddAccessEntry(Type, Mode, Values[0], Values[1], disabled, Template);
|
||||
else if (Values[0].left(2) == "$:") // special cases
|
||||
AddAccessEntry(Type, Mode, Values[0].mid(2), "$", disabled, Template);
|
||||
else // all programs
|
||||
AddAccessEntry(Type, Mode, "", Values[0], disabled, Template);
|
||||
}
|
||||
|
@ -571,9 +569,7 @@ void COptionsWindow::SaveAccessList()
|
|||
int Mode = pItem->data(2, Qt::UserRole).toInt();
|
||||
QString Program = pItem->data(1, Qt::UserRole).toString();
|
||||
QString Value = pItem->data(3, Qt::UserRole).toString();
|
||||
if (Value == "$") // special cases
|
||||
Value = "$:" + Program;
|
||||
else if (!Program.isEmpty())
|
||||
if (!Program.isEmpty())
|
||||
Value.prepend(Program + ",");
|
||||
|
||||
QString AccessStr = MakeAccessStr((EAccessType)Type, (EAccessMode)Mode);
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
#define VERSION_MJR 1
|
||||
#define VERSION_MIN 0
|
||||
#define VERSION_REV 16
|
||||
#define VERSION_REV 17
|
||||
#define VERSION_UPD 0
|
||||
|
||||
#ifndef STR
|
||||
|
|
Loading…
Reference in New Issue