mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

Merge pull request #4126 from love-code-yeyixiao/HddSpoof 

DiskSerialNumber Spoof And ProductId Spoof
This commit is contained in:
DavidXanatos 2024-08-18 10:12:08 +02:00 committed by GitHub
parent 55140a2acd b3e6f61437
commit 3add63a7d3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 272 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGELOG.md
View File

@ -2,6 +2,12 @@
All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/).
## [1.14.7 / 5.69.7] - 2024-0x-xx
### Added
- added "RandomRegUID"(bool) which could modify Windows Product Id in the registry to a rand value-
- added "HideDiskSerialNumber"(bool) return random value when applications tries to get disk serial number
## [1.14.6 / 5.69.6] - 2024-07-30
@ -15,6 +21,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.14.5 / 5.69.5] - 2024-07-23
### Added

204
Sandboxie/core/dll/custom.c
View File

@ -24,7 +24,7 @@
#include "dll.h"
#include "common/my_version.h"
#include <stdio.h>
#include <objbase.h>
//---------------------------------------------------------------------------
// Functions
@ -49,6 +49,7 @@ static HANDLE OpenExplorerKey(
HANDLE ParentKey, const WCHAR *SubkeyName, ULONG *error);
static void DeleteShellAssocKeys(ULONG Wow64);
static void AutoExec(void);
static BOOLEAN Custom_ProductID(void);
//---------------------------------------------------------------------------
@ -91,6 +92,7 @@ _FX BOOLEAN CustomizeSandbox(void)
DisableEdgeBoost();
Custom_EnableBrowseNewProcess();
DeleteShellAssocKeys(0);
Custom_ProductID();
Custom_DisableBHOs();
if (Dll_OsBuild >= 8400) // only on win 8 and later
Custom_OpenWith();
@ -1338,7 +1340,7 @@ _FX void Custom_ComServer(void)
// NsiRpc_Init
//---------------------------------------------------------------------------
#include <objbase.h>
//#include <objbase.h>
typedef RPC_STATUS (*P_NsiRpcRegisterChangeNotification)(
LPVOID p1, LPVOID p2, LPVOID p3, LPVOID p4, LPVOID p5, LPVOID p6, LPVOID p7);
@ -1534,7 +1536,205 @@ _FX BOOLEAN Custom_OsppcDll(HMODULE module)
NtClose(hOfficeKey);
return TRUE;
}
/*static wchar_t GetCharFromInt(int a) {
switch (a) {
case 0:
return L'0';
break;
case 1:
return L'1';
break;
case 2:
return L'2';
break;
case 3:
return L'3';
break;
case 4:
return L'4';
break;
case 5:
return L'5';
break;
case 6:
return L'6';
break;
case 7:
return L'7';
break;
case 8:
return L'8';
break;
case 9:
return L'9';
break;
}
return 0;
}
static int GetIntLen(DWORD n) {
int count = 0;
while (n != 0)
{
n = n / 10;
count++;
}
return count;
}*/
static unsigned long seed = 1;
int my_rand(void)
{
seed = (seed * 214013L
+ 2531011L) >> 16;
return((unsigned)seed & 0x7fff);
}
/*char* my_itoa(int num, char* str, int radix)
{
char index[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
unsigned unum;
int i = 0, j, k;
if (radix == 10 && num < 0)
{
unum = (unsigned)-num;
str[i++] = '-';
}
else unum = (unsigned)num;
do
{
str[i++] = index[unum % (unsigned)radix];
unum /= radix;
} while (unum);
str[i] = '\0';
if (str[0] == '-') k = 1;
else k = 0;
char temp;
for (j = k; j <= (i - 1) / 2; j++)
{
temp = str[j];
str[j] = str[i - 1 + k - j];
str[i - 1 + k - j] = temp;
}
return str;
}*/
wchar_t* GuidToString(const GUID guid)
{
static wchar_t buf[64] = {0};
Sbie_snwprintf(buf, sizeof(buf),
L"%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X",
guid.Data1, guid.Data2, guid.Data3,
guid.Data4[0], guid.Data4[1], guid.Data4[2], guid.Data4[3],
guid.Data4[4], guid.Data4[5], guid.Data4[6], guid.Data4[7]);
return buf;
}
_FX BOOLEAN Custom_ProductID(void) {
if (SbieApi_QueryConfBool(NULL, L"RandomRegUID", FALSE)) {
NTSTATUS status;
UNICODE_STRING uni;
OBJECT_ATTRIBUTES objattrs;
HANDLE hKey;
InitializeObjectAttributes(
&objattrs, &uni, OBJ_CASE_INSENSITIVE, NULL, NULL);
RtlInitUnicodeString(&uni,
L"\\registry\\Machine\\Software\\"
L"\\Microsoft\\Windows NT\\CurrentVersion");
status = Key_OpenIfBoxed(&hKey, KEY_SET_VALUE, &objattrs);
if (NT_SUCCESS(status)) {
//UNICODE_STRING buf;
//RtlInitUnicodeString(&buf, tmp);
/*if (GetIntLen(dwTick) == 1) {
//DWORD last = dwTick - (dwTick / 10) * 10;
DWORD last = dwTick;
WCHAR chr = GetCharFromInt((int)last);
Sleep(0);
DWORD dwTick2 = GetTickCount(),last2=0;
if (GetIntLen(dwTick) == 1)
last2 = dwTick2;
else
last2 = dwTick2 - (dwTick2 / 10) * 10;
WCHAR chr2= GetCharFromInt((int)last2);
wcscpy_s(tmp, 1, chr2);
wcscat_s(tmp, 1, chr2);
for(int i=0;i<=2;i++)
wcscat_s(tmp, 1, chr);
}*/
WCHAR tmp[34] = { 0 };
RtlInitUnicodeString(&uni, L"ProductId");
seed = GetTickCount();
int chain1 = my_rand() % 10000 + 9999,
chain2 = my_rand() % 10000 + 9999,
chain3 = my_rand() % 10000 + 9999,
chain4 = my_rand() % 10000 + 9999
;
Sbie_snwprintf(tmp, 34, L"%05d-%05d-%05d-%05d", chain1, chain2, chain3, chain4);
status = NtSetValueKey(
hKey, &uni, 0, REG_SZ, tmp, sizeof(tmp)+1);
NtClose(hKey);
}
RtlInitUnicodeString(&uni,
L"\\registry\\Machine\\Software\\"
L"\\Microsoft\\Cryptography");
typedef HRESULT(*P_CoCreateGuid)(
GUID* pguid
);
P_CoCreateGuid CoCreateGuid2 = (P_CoCreateGuid)Ldr_GetProcAddrNew(DllName_ole32, L"CoCreateGuid", "CoCreateGuid");
status = Key_OpenIfBoxed(&hKey, KEY_SET_VALUE, &objattrs);
if (NT_SUCCESS(status)&&CoCreateGuid2) {
GUID guid;
HRESULT h = CoCreateGuid2(&guid);
WCHAR buf[64] = { 0 };
if (h == S_OK) {
WCHAR* pChar = GuidToString(guid);
lstrcpy(buf, pChar);
RtlInitUnicodeString(&uni, L"MachineGuid");
status = NtSetValueKey(
hKey, &uni, 0, REG_SZ, buf, sizeof(buf) + 1);
}
}
NtClose(hKey);
RtlInitUnicodeString(&uni,
L"\\registry\\Machine\\Software\\"
L"\\Microsoft\\SQMClient");
status = Key_OpenIfBoxed(&hKey, KEY_SET_VALUE, &objattrs);
if (NT_SUCCESS(status)&&CoCreateGuid2) {
GUID guid;
HRESULT h = CoCreateGuid2(&guid);
WCHAR buf[64] = L"{";
if (h == S_OK) {
WCHAR* pChar = GuidToString(guid);
lstrcat(buf, pChar);
lstrcat(buf, L"}");
RtlInitUnicodeString(&uni, L"MachineId");
status = NtSetValueKey(
hKey, &uni, 0, REG_SZ, buf, sizeof(buf) + 1);
}
}
NtClose(hKey);
return TRUE;
}
return TRUE;
}
#ifndef _M_ARM64
//---------------------------------------------------------------------------

67
Sandboxie/core/dll/kernel.c
View File

@ -69,6 +69,17 @@ typedef LCID (*P_GetSystemDefaultLCID)();
typedef LANGID (*P_GetSystemDefaultLangID)();
typedef BOOL (*P_GetVolumeInformationByHandleW)(
HANDLE hFile,
LPWSTR lpVolumeNameBuffer,
DWORD nVolumeNameSize,
LPDWORD lpVolumeSerialNumber,
LPDWORD lpMaximumComponentLength,
LPDWORD lpFileSystemFlags,
LPWSTR lpFileSystemNameBuffer,
DWORD nFileSystemNameSize
);
//typedef int (*P_GetLocaleInfoEx)(LPCWSTR lpLocaleName, LCTYPE LCType, LPWSTR lpLCData, int cchData);
//typedef int (*P_GetLocaleInfoA)(LCID Locale, LCTYPE LCType, LPSTR lpLCData, int cchData);
@ -98,12 +109,13 @@ P_QueryPerformanceCounter __sys_QueryPerformanceCounter = NULL;
P_GetUserDefaultUILanguage __sys_GetUserDefaultUILanguage = NULL;
P_GetUserDefaultLocaleName __sys_GetUserDefaultLocaleName = NULL;
P_GetUserDefaultLCID __sys_GetUserDefaultLCID = NULL;
P_GetUserDefaultLangID __sys_GetUserDefaultLangID = NULL;
P_GetUserDefaultLangID __sys_GetUserDefaultLangID = NULL;
P_GetUserDefaultGeoName __sys_GetUserDefaultGeoName = NULL;
P_GetSystemDefaultUILanguage __sys_GetSystemDefaultUILanguage = NULL;
P_GetSystemDefaultLocaleName __sys_GetSystemDefaultLocaleName = NULL;
P_GetSystemDefaultLCID __sys_GetSystemDefaultLCID = NULL;
P_GetSystemDefaultLCID __sys_GetSystemDefaultLCID = NULL;
P_GetSystemDefaultLangID __sys_GetSystemDefaultLangID = NULL;
P_GetVolumeInformationByHandleW __sys_GetVolumeInformationByHandleW = NULL;
LCID Kernel_CustomLCID = 0;
@ -148,7 +160,16 @@ static LCID Kernel_GetSystemDefaultLCID();
static LANGID Kernel_GetSystemDefaultLangID();
static BOOL Kernel_GetVolumeInformationByHandleW(
HANDLE hFile,
LPWSTR lpVolumeNameBuffer,
DWORD nVolumeNameSize,
LPDWORD lpVolumeSerialNumber,
LPDWORD lpMaximumComponentLength,
LPDWORD lpFileSystemFlags,
LPWSTR lpFileSystemNameBuffer,
DWORD nFileSystemNameSize
);
//---------------------------------------------------------------------------
// Kernel_Init
//---------------------------------------------------------------------------
@ -246,7 +267,13 @@ _FX BOOLEAN Kernel_Init()
SBIEDLL_HOOK(Kernel_, GetSystemDefaultLCID);
SBIEDLL_HOOK(Kernel_, GetSystemDefaultLangID);
}
if (SbieApi_QueryConfBool(NULL, L"HideDiskSerialNumber", FALSE))
{
void* GetVolumeInformationByHandleW = GetProcAddress(Dll_KernelBase ? Dll_KernelBase : Dll_Kernel32, "GetVolumeInformationByHandleW");
if (GetVolumeInformationByHandleW) {
SBIEDLL_HOOK(Kernel_, GetVolumeInformationByHandleW);
}
}
return TRUE;
}
@ -488,3 +515,35 @@ _FX LANGID Kernel_GetSystemDefaultLangID()
{
return (LANGID)Kernel_CustomLCID;
}
static unsigned long Kernel_seed = 1;
int Kernel_rand(void)
{
Kernel_seed = (Kernel_seed * 214013L
+ 2531011L) >> 16;
return((unsigned)Kernel_seed & 0x7fff);
}
//----------------------------------------------------------------------------
//Kernel_GetVolumeInformationByHandleW
//----------------------------------------------------------------------------
_FX BOOL Kernel_GetVolumeInformationByHandleW(
HANDLE hFile,
LPWSTR lpVolumeNameBuffer,
DWORD nVolumeNameSize,
LPDWORD lpVolumeSerialNumber,
LPDWORD lpMaximumComponentLength,
LPDWORD lpFileSystemFlags,
LPWSTR lpFileSystemNameBuffer,
DWORD nFileSystemNameSize
) {
DWORD ourSerialNumber = 0;
BOOL rtn = __sys_GetVolumeInformationByHandleW(hFile, lpVolumeNameBuffer, nVolumeNameSize, &ourSerialNumber, lpMaximumComponentLength, lpFileSystemFlags, lpFileSystemNameBuffer, nFileSystemNameSize);
if (lpVolumeSerialNumber == NULL)
return rtn;
else {
Kernel_seed = __sys_GetTickCount();
*lpVolumeSerialNumber = Kernel_rand()%0x10000;
return rtn;
}
}