mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

1.3.3

This commit is contained in:
DavidXanatos 2022-09-02 14:05:26 +02:00
parent 4d3e630fdc
commit 38b79b6d94
3 changed files with 86 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -7,6 +7,10 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.3.3 / 5.58.3] - 2022-08-??
### Added
- added user name option to sbie log as a workaround for feature request [#2207](https://github.com/sandboxie-plus/Sandboxie/issues/2207)
-- usage: in "HKLM\SYSTEM\CurrentControlSet\Services\SbieSvc" add REG_SZ "LogFile" with "3;[path]\Sandboxie.log"
### Changed
- improved sandman settings behavioure for non admin users [#2123](https://github.com/sandboxie-plus/Sandboxie/issues/2123)

2
Sandboxie/core/svc/DriverAssist.h
View File

@ -99,7 +99,7 @@ private:
void LogMessage();
void LogMessage_Single(ULONG code, wchar_t* data);
void LogMessage_Single(ULONG code, wchar_t* data, ULONG pid);
void LogMessage_Multi(ULONG msgid, const WCHAR *path, const WCHAR *text);
void LogMessage_Write(const WCHAR *path, const WCHAR *text);

97
Sandboxie/core/svc/DriverAssistLog.cpp
View File

@ -16,6 +16,8 @@
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include <lmcons.h>
//---------------------------------------------------------------------------
// Driver Assistant, log messages
//---------------------------------------------------------------------------
@ -26,10 +28,40 @@
//---------------------------------------------------------------------------
typedef struct WORK_ITEM {
ULONG type;
ULONG data[1];
} WORK_ITEM;
//typedef struct WORK_ITEM {
// ULONG type;
// ULONG data[1];
//} WORK_ITEM;
//---------------------------------------------------------------------------
// GetUserNameFromProcess
//---------------------------------------------------------------------------
bool GetUserNameFromProcess(DWORD pid, WCHAR* user, DWORD userSize, WCHAR* domain, DWORD domainSize)
{
bool bRet = false;
HANDLE hToken = (HANDLE)SbieApi_QueryProcessInfo((HANDLE)pid, 'ptok');
if(hToken != NULL)
{
BYTE data[64]; // needed 44 = sizeof(TOKEN_USER) + sizeof(SID_AND_ATTRIBUTES) + sizeof(SID)
DWORD tokenSize = sizeof(data);
if(GetTokenInformation(hToken, TokenUser, data, tokenSize, &tokenSize))
{
TOKEN_USER* pUser = (TOKEN_USER*)data;
PSID pSID = pUser->User.Sid;
SID_NAME_USE sidName;
if (LookupAccountSid(NULL, pSID, user, &userSize, domain, &domainSize, &sidName)) {
user[userSize] = L'\0';
domain[domainSize] = L'\0';
bRet = true;
}
}
CloseHandle(hToken);
}
return bRet;
}
//---------------------------------------------------------------------------
@ -67,7 +99,22 @@ void DriverAssist::LogMessage()
break; // error or no more entries
m_last_message_number = message_number;
LogMessage_Single(code, (wchar_t*)m_workItemBuf);
//
// Skip hacky messages
//
if (code == MSG_2199) // Auto Recovery notification
continue;
if (code == MSG_2198) // File Migration progress notifications
continue;
if (code == MSG_1399) // Process Start notification
continue;
//
// Add to log
//
LogMessage_Single(code, (wchar_t*)m_workItemBuf, pid);
}
if (m_workItemBuf)
@ -82,7 +129,7 @@ void DriverAssist::LogMessage()
//---------------------------------------------------------------------------
void DriverAssist::LogMessage_Single(ULONG code, wchar_t* data)
void DriverAssist::LogMessage_Single(ULONG code, wchar_t* data, ULONG pid)
{
//
// check if logging is enabled
@ -99,8 +146,8 @@ void DriverAssist::LogMessage_Single(ULONG code, wchar_t* data)
return;
WCHAR *path = (WCHAR *)u.info.Data;
WCHAR LogVer = *path;
if (LogVer != L'1' && LogVer != L'2')
int LogVer = *path - L'0';
if (LogVer < 0 || LogVer > 9 )
return;
++path;
if (*path != L';')
@ -111,13 +158,6 @@ void DriverAssist::LogMessage_Single(ULONG code, wchar_t* data)
// get log message
//
if (code == MSG_2199)
return;
if (code == MSG_2198)
return;
if (code == MSG_1399)
return;
WCHAR *str1 = data;
ULONG str1_len = wcslen(str1);
WCHAR *str2 = str1 + str1_len + 1;
@ -131,7 +171,7 @@ void DriverAssist::LogMessage_Single(ULONG code, wchar_t* data)
// log version 2, add timestamp
//
if (LogVer == L'2') {
if (LogVer >= 2) {
WCHAR *text2 = (WCHAR *)LocalAlloc(
LMEM_FIXED, (wcslen(text) + 64) * sizeof(WCHAR));
@ -152,6 +192,28 @@ void DriverAssist::LogMessage_Single(ULONG code, wchar_t* data)
text = text2;
}
//
// log version 3, add user name
//
if (LogVer >= 3) {
WCHAR user[UNLEN + 1];
WCHAR domain[DNLEN + 1];
if (GetUserNameFromProcess(pid, user, UNLEN + 1, domain, DNLEN + 1)) {
WCHAR *text2 = (WCHAR *)LocalAlloc(
LMEM_FIXED, (wcslen(text) + UNLEN + DNLEN + 10) * sizeof(WCHAR));
if (text2) {
wsprintf(text2, L"%s (%s/%s)", text, user, domain);
LocalFree(text);
text = text2;
}
}
}
//
// write message to main log file and secondary log files
//
@ -182,6 +244,7 @@ void DriverAssist::LogMessage_Multi(
if (u.info.Type != REG_SZ || u.info.DataLength >= sizeof(u))
return;
// go through a ',' or ';' separated list of messge ID's, return message id is not listed
WCHAR *ptr = (WCHAR *)u.info.Data;
while (*ptr) {
if (_wtoi(ptr) == (msgid & 0xFFFF))
@ -193,6 +256,7 @@ void DriverAssist::LogMessage_Multi(
++ptr;
}
// get box name
WCHAR *ptr2 = (WCHAR*)wcsrchr(text, L']');
if (! ptr2)
return;
@ -209,6 +273,7 @@ void DriverAssist::LogMessage_Multi(
if (rc != STATUS_SUCCESS && rc != STATUS_ACCOUNT_RESTRICTION)
return;
// append _boxname to log file name
ptr = wcsrchr((WCHAR*)path, L'.');
if (! ptr)
return;