mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

Build 0.2.2 / 5.41.2

This commit is contained in:
DavidXanatos 2020-06-19 23:12:57 +02:00
parent 61124974bc
commit 3bb41c465b
24 changed files with 194 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
CHANGELOG.md
View File

@ -2,6 +2,19 @@
All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/).
## [0.2.2 / 5.41.2] - 2020-06-19
### Added
- added option SeparateUserFolders=n to no longer have the user profile files stored separately in the sandbox
- added SandboxieLogon=y it makes processes run under the SID of the "Sandboxie" user instead of the Anonymous user
-- Note: the global option AllowSandboxieLogon=y must be enabled, the "Sandboxie" user account must be manually created first and the driver reloaded, else process start will fail
- improved debugging around process creation errors in the driver
### Fixed
- fixed some log messages going lost after driver reload
- found a workable fix for the MSI installer issue, see Proc_CreateProcessInternalW_RS5
## [0.2.1 / 5.41.1] - 2020-06-18

4
Sandboxie/common/my_version.h
View File

@ -22,7 +22,7 @@
#define MY_VERSION_BINARY 5,41
#define MY_VERSION_STRING "5.41"
#define MY_VERSION_STRING_EX "5.41.1"
#define MY_VERSION_STRING_EX "5.41.2"
// These #defines are used by either Resource Compiler, or by NSIC installer
#define SBIE_INSTALLER_PATH "..\\Bin\\"
@ -36,6 +36,8 @@
#define SANDBOXIE L"Sandboxie"
#define SBIE L"SBIE"
#define SANDBOXIE_USER L"Sandboxie"
#define SBIE_BOXED_ SBIE L"_BOXED_"
#define SBIE_BOXED_LEN (4 + 7)

15
Sandboxie/core/dll/file.c
View File

@ -368,6 +368,7 @@ _FX NTSTATUS File_GetName(
static const ULONG _ShareLen = 7;
static const WCHAR *_Drive = L"\\drive\\";
static const ULONG _DriveLen = 7;
static const WCHAR *_User = L"\\user";
static const ULONG _UserLen = 5;
static const WCHAR *_UserAll = L"\\user\\all";
@ -376,7 +377,7 @@ _FX NTSTATUS File_GetName(
static const ULONG _UserCurrentLen = 13;
static const WCHAR *_UserPublic = L"\\user\\public";
static const ULONG _UserPublicLen = 12;
THREAD_DATA *TlsData = Dll_GetTlsData(NULL);
NTSTATUS status;
@ -791,7 +792,8 @@ check_sandbox_prefix:
// that's ok because it hasn't been initialized yet
//
else if (length >= _UserLen &&
else if (//SbieApi_QueryConfBool(NULL, L"SeparateUserFolders", TRUE) && // if we disable File_InitUsers we dont need to do it here and below
length >= _UserLen &&
_wcsnicmp(*OutTruePath, _User, _UserLen) == 0) {
if (File_AllUsersLen && length >= _UserAllLen &&
@ -1045,7 +1047,8 @@ check_sandbox_prefix:
// "\user\current", respectively
//
else if (File_AllUsersLen && length >= File_AllUsersLen &&
else if (//SbieApi_QueryConfBool(NULL, L"SeparateUserFolders", TRUE) &&
File_AllUsersLen && length >= File_AllUsersLen &&
0 == Dll_NlsStrCmp(
TruePath, File_AllUsers, File_AllUsersLen))
{
@ -1057,7 +1060,8 @@ check_sandbox_prefix:
}
else if (File_CurrentUserLen && length >= File_CurrentUserLen &&
else if (//SbieApi_QueryConfBool(NULL, L"SeparateUserFolders", TRUE) &&
File_CurrentUserLen && length >= File_CurrentUserLen &&
0 == Dll_NlsStrCmp(
TruePath, File_CurrentUser, File_CurrentUserLen))
{
@ -1069,7 +1073,8 @@ check_sandbox_prefix:
}
else if (File_PublicUserLen && length >= File_PublicUserLen &&
else if (//SbieApi_QueryConfBool(NULL, L"SeparateUserFolders", TRUE) &&
File_PublicUserLen && length >= File_PublicUserLen &&
0 == Dll_NlsStrCmp(
TruePath, File_PublicUser, File_PublicUserLen))
{

6
Sandboxie/core/dll/file_init.c
View File

@ -144,8 +144,10 @@ _FX BOOLEAN File_Init(void)
if (! File_InitDrives(0xFFFFFFFF))
return FALSE;
if (! File_InitUsers())
return FALSE;
if (SbieApi_QueryConfBool(NULL, L"SeparateUserFolders", TRUE)) {
if (!File_InitUsers())
return FALSE;
}
File_InitRecoverFolders();

5
Sandboxie/core/dll/gui.c
View File

@ -952,11 +952,6 @@ _FX BOOLEAN Gui_ConnectToWindowStationAndDesktop(HMODULE User32)
rc = (ULONG_PTR)NtCurrentThread();
// OpenBox1 BEGIN
if (SbieApi_QueryConfBool(NULL, L"OriginalToken", FALSE))
rc = 0;
else
// OpenBox1 END
if (__sys_NtSetInformationThread)
{
rc = __sys_NtSetInformationThread(NtCurrentThread(),

8
Sandboxie/core/dll/proc.c
View File

@ -1085,6 +1085,11 @@ _FX BOOL Proc_CreateProcessInternalW_RS5(
lpApplicationName = TlsData->proc_image_path;
}
if (Dll_OsBuild >= 17763) {
// Fix-Me: this is a workaround for the MSI installer to work properly
lpProcessAttributes = NULL;
}
ok = __sys_CreateProcessInternalW_RS5(
NULL, lpApplicationName, lpCommandLine,
lpProcessAttributes, lpThreadAttributes, bInheritHandles,
@ -1106,9 +1111,6 @@ _FX BOOL Proc_CreateProcessInternalW_RS5(
err = GetLastError();
}
// OpenBox1 BEGIN
if (!SbieApi_QueryConfBool(NULL, L"OriginalToken", FALSE))
// OpenBox1 END
if (ok) {
//

3
Sandboxie/core/dll/scm_create.c
View File

@ -1305,9 +1305,6 @@ _FX BOOL Scm_StartServiceCtrlDispatcherX(
}
if (_wcsicmp(ServiceName, Scm_MsiServer) == 0) {
if (Dll_OsBuild >= 17763 && SbieApi_QueryConfBool(NULL, L"AnonymousLogon", TRUE) == TRUE) {
SbieApi_Log(2194, L"");
}
Scm_IsMsiServer = TRUE;
}

8
Sandboxie/core/drv/SboxDrv.vcxproj
View File

@ -105,7 +105,7 @@
</ClCompile>
<Link>
<SubSystem>Native</SubSystem>
<AdditionalDependencies>ntoskrnl.lib;hal.lib;wmilib.lib;fltmgr.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>ntoskrnl.lib;hal.lib;wmilib.lib;fltmgr.lib;Ksecdd.lib;%(AdditionalDependencies)</AdditionalDependencies>
<EntryPointSymbol>DriverEntry</EntryPointSymbol>
<RandomizedBaseAddress>
</RandomizedBaseAddress>
@ -135,7 +135,7 @@
</ClCompile>
<Link>
<SubSystem>Native</SubSystem>
<AdditionalDependencies>ntoskrnl.lib;hal.lib;wmilib.lib;fltmgr.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>ntoskrnl.lib;hal.lib;wmilib.lib;fltmgr.lib;Ksecdd.lib;%(AdditionalDependencies)</AdditionalDependencies>
<EntryPointSymbol>DriverEntry</EntryPointSymbol>
<RandomizedBaseAddress>
</RandomizedBaseAddress>
@ -173,7 +173,7 @@
</ClCompile>
<Link>
<SubSystem>Native</SubSystem>
<AdditionalDependencies>ntoskrnl.lib;hal.lib;wmilib.lib;fltmgr.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>ntoskrnl.lib;hal.lib;wmilib.lib;fltmgr.lib;Ksecdd.lib;%(AdditionalDependencies)</AdditionalDependencies>
<EntryPointSymbol>DriverEntry</EntryPointSymbol>
<RandomizedBaseAddress>
</RandomizedBaseAddress>
@ -201,7 +201,7 @@
</ClCompile>
<Link>
<SubSystem>Native</SubSystem>
<AdditionalDependencies>ntoskrnl.lib;hal.lib;wmilib.lib;fltmgr.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>ntoskrnl.lib;hal.lib;wmilib.lib;fltmgr.lib;Ksecdd.lib;%(AdditionalDependencies)</AdditionalDependencies>
<EntryPointSymbol>DriverEntry</EntryPointSymbol>
<RandomizedBaseAddress>
</RandomizedBaseAddress>

50
Sandboxie/core/drv/process.c
View File

@ -1166,7 +1166,7 @@ _FX void Process_NotifyImage(
{
static const WCHAR *_Ntdll32 = L"\\syswow64\\ntdll.dll"; // 19 chars
PROCESS *proc;
BOOLEAN ok;
ULONG fail = 0;
//
// the notify routine is invoked for any image mapped for any purpose.
@ -1216,56 +1216,58 @@ _FX void Process_NotifyImage(
// create the sandbox space
//
ok = TRUE;
if (!proc->bHostInject)
{
if (ok)
ok = File_CreateBoxPath(proc);
if (!fail && !File_CreateBoxPath(proc))
fail = 0x01;
if (ok)
ok = Ipc_CreateBoxPath(proc);
if (!fail && !Ipc_CreateBoxPath(proc))
fail = 0x02;
if (ok)
ok = Key_MountHive(proc);
if (!fail && !Key_MountHive(proc))
fail = 0x03;
//
// initialize the filtering components
//
if (ok)
ok = File_InitProcess(proc);
if (!fail && !File_InitProcess(proc))
fail = 0x04;
if (ok)
ok = Key_InitProcess(proc);
if (!fail && !Key_InitProcess(proc))
fail = 0x05;
if (ok)
ok = Ipc_InitProcess(proc);
if (!fail && !Ipc_InitProcess(proc))
fail = 0x06;
if (ok)
ok = Gui_InitProcess(proc);
if (!fail && !Gui_InitProcess(proc))
fail = 0x07;
if (ok)
ok = Process_Low_InitConsole(proc);
if (!fail && !Process_Low_InitConsole(proc))
fail = 0x08;
if (ok)
ok = Token_ReplacePrimary(proc);
if (!fail && !Token_ReplacePrimary(proc))
fail = 0x09;
if (ok)
ok = Thread_InitProcess(proc);
if (!fail && !Thread_InitProcess(proc))
fail = 0x0A;
}
//
// terminate process if initialization failed
//
if (ok) {
if (!fail) {
proc->initialized = TRUE;
} else {
Log_Status_Ex_Session(
MSG_1231, fail, STATUS_UNSUCCESSFUL, NULL, proc->box->session_id);
proc->terminated = TRUE;
proc->reason = 0xA0 + fail;
Process_CancelProcess(proc);
}

4
Sandboxie/core/drv/syscall_open.c
View File

@ -644,9 +644,9 @@ _FX NTSTATUS Syscall_DuplicateHandle_2(
// thread_token.c has a function for this specific case.
//
// OpenBox2 BEGIN
// OpenToken BEGIN
if (!(Conf_Get_Boolean(proc->box->name, L"OpenToken", 0, FALSE) || Conf_Get_Boolean(proc->box->name, L"UnfilteredToken", 0, FALSE)))
// OpenBox2 END
// OpenToken END
status = Thread_CheckTokenObject(
proc, OpenedObject, HandleInfo.GrantedAccess);
}

4
Sandboxie/core/drv/thread_token.c
View File

@ -1243,9 +1243,9 @@ _FX NTSTATUS Thread_SetInformationThread_ImpersonationToken(
MyTokenHandle, TOKEN_IMPERSONATE,
*SeTokenObjectType, UserMode, &TokenObject, NULL);
// OpenBox2 BEGIN
// OpenToken BEGIN
if (!(Conf_Get_Boolean(proc->box->name, L"OpenToken", 0, FALSE) || Conf_Get_Boolean(proc->box->name, L"UnfilteredToken", 0, FALSE)))
// OpenBox2 END
// OpenToken END
if (NT_SUCCESS(status)) {
status = Thread_CheckTokenForImpersonation(

109
Sandboxie/core/drv/token.c
View File

@ -24,6 +24,7 @@
#include "process.h"
#include "conf.h"
#include "api.h"
#include "util.h"
#include "common/my_version.h"
@ -142,6 +143,15 @@ static UCHAR AnonymousLogonSid[12] = {
SECURITY_ANONYMOUS_LOGON_RID,0,0,0 // SubAuthority
};
static UCHAR SandboxieLogonSid[SECURITY_MAX_SID_SIZE] = { 0 }; // SbieLogin
static UCHAR SystemLogonSid[12] = {
1, // Revision
1, // SubAuthorityCount
0,0,0,0,0,5, // SECURITY_NT_AUTHORITY // IdentifierAuthority
SECURITY_LOCAL_SYSTEM_RID,0,0,0 // SubAuthority
};
UCHAR Sbie_Token_SourceName[5] = { 's', 'b', 'o', 'x', 0 };
#define ProcessMitigationPolicy 52
@ -204,6 +214,32 @@ _FX BOOLEAN Token_Init(void)
#undef MySetGroup
//
// find the sid of the sandboxie user if present
//
// SbieLogin BEGIN
if (Conf_Get_Boolean(NULL, L"AllowSandboxieLogon", 0, FALSE))
{
WCHAR AccountBuffer[64]; // DNLEN + 1 + sizeof(SANDBOXIE_USER) + reserve
UNICODE_STRING AccountName = { 0, sizeof(AccountBuffer), AccountBuffer }; // Note: max valid length is (DNLEN (15) + 1) * sizeof(WCHAR), length is in bytes leave half empty
if (GetRegString(RTL_REGISTRY_ABSOLUTE, L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName", L"ComputerName", &AccountName) && AccountName.Length < 64)
{
wcscpy(AccountName.Buffer + (AccountName.Length / sizeof(WCHAR)), L"\\" SANDBOXIE_USER);
AccountName.Length += (1 + wcslen(SANDBOXIE_USER)) * sizeof(WCHAR);
//DbgPrint("Sbie, AccountName: %S\n", AccountName.Buffer);
SID_NAME_USE use;
ULONG userSize = sizeof(SandboxieLogonSid), domainSize = 0;
WCHAR DomainBuff[20]; // doesn't work without this
UNICODE_STRING DomainName = { 0, sizeof(DomainBuff), DomainBuff };
SecLookupAccountName(&AccountName, &userSize, (PSID)SandboxieLogonSid, &use, &domainSize, &DomainName);
//DbgPrint("Sbie, SecLookupAccountName: %x; size:%d %d\n", status, userSize, domainSize);
}
}
// SbieLogin END
//
// find SepFilterToken for Token_RestrictHelper1
//
@ -433,11 +469,11 @@ _FX void *Token_FilterPrimary(PROCESS *proc, void *ProcessObject)
return NULL;
}
// OpenBox2 BEGIN
// OpenToken BEGIN
if (Conf_Get_Boolean(proc->box->name, L"OpenToken", 0, FALSE) || Conf_Get_Boolean(proc->box->name, L"UnfilteredToken", 0, FALSE)) {
return PrimaryToken;
}
// OpenBox2 END
// OpenToken END
// DbgPrint(" Process Token %08X - %d <%S>\n", PrimaryToken, proc->pid, proc->image_name);
@ -782,14 +818,14 @@ _FX void *Token_Restrict(
TOKEN_USER *user;
void *NewTokenObject;
// OpenBox2 BEGIN
// OpenToken BEGIN
if (Conf_Get_Boolean(proc->box->name, L"OpenToken", 0, FALSE) || Conf_Get_Boolean(proc->box->name, L"UnrestrictedToken", 0, FALSE)) {
SeFilterToken(TokenObject, 0, NULL, NULL, NULL, &NewTokenObject);
return NewTokenObject;
//ObReferenceObject(TokenObject);
//return TokenObject;
}
// OpenBox2 END
// OpenToken END
groups = Token_Query(TokenObject, TokenGroups, proc->box->session_id);
privs = Token_Query(TokenObject, TokenPrivileges, proc->box->session_id);
@ -904,17 +940,19 @@ _FX BOOLEAN Token_ResetPrimary(PROCESS *proc)
((ULONG_PTR)TokenObject + UserAndGroups_offset);
// Windows 8.1 update
if (SidAndAttrsInToken->Sid == (PSID)AnonymousLogonSid)
if (SidAndAttrsInToken->Sid == (PSID)AnonymousLogonSid || SidAndAttrsInToken->Sid == (PSID)SandboxieLogonSid)
{
//DbgPrint("Sbie, restore token pointer\n");
SidAndAttrsInTokenOrig = *(SID_AND_ATTRIBUTES **)
((ULONG_PTR)(proc->primary_token) + UserAndGroups_offset);
SidAndAttrsInToken->Sid = SidAndAttrsInTokenOrig->Sid;
ok = TRUE;
}
}
PsDereferencePrimaryToken(TokenObject);
ok = TRUE;
}
ObDereferenceObject(ProcessObject);
@ -1163,29 +1201,52 @@ _FX void *Token_RestrictHelper1(
UCHAR *SidInToken = (UCHAR *)SidAndAttrsInToken->Sid;
if (SidInToken && SidInToken[1] >= 1) { // SubAuthorityCount >= 1
// In windows 8.1 Sid can be in two difference places. One is relative to SidAndAttrsInToken.
// By debugger, the offset is 0xf0 after SidAndAttrsInToken. The other one is with KB2919355,
// Sid is not relative to SidAndAttrsInToken, it is shared with other processes and it doesn't
// have its own memory inside the token. We can't call memcpy on this shared memory. Workaround is
// to assign Sandbox's AnonymousLogonSid to it.
PSID NewSid = NULL;
// If user sid points to the end of token's UserAndGroups, the sid is not shared.
// SbieLogin BEGIN
if (Conf_Get_Boolean(proc->box->name, L"SandboxieLogon", 0, FALSE))
{
if (SandboxieLogonSid[0] != 0)
NewSid = (PSID)SandboxieLogonSid;
else
status = STATUS_UNSUCCESSFUL;
}
else
// SbieLogin END
// debug tip. To disable anonymous logon, set AnonymousLogon=n
if (Conf_Get_Boolean(proc->box->name, L"AnonymousLogon", 0, TRUE))
{
if (Driver_OsVersion >= DRIVER_WINDOWS_8
&& Driver_OsVersion <= DRIVER_WINDOWS_10
&& Token_IsSharedSid_W8(NewTokenObject)) {
SidAndAttrsInToken->Sid = (PSID)AnonymousLogonSid;
}
else {
memcpy(SidInToken, AnonymousLogonSid, sizeof(AnonymousLogonSid));
}
NewSid = (PSID)AnonymousLogonSid;
}
if (NewSid != NULL)
{
// In windows 8.1 Sid can be in two difference places. One is relative to SidAndAttrsInToken.
// By debugger, the offset is 0xf0 after SidAndAttrsInToken. The other one is with KB2919355,
// Sid is not relative to SidAndAttrsInToken, it is shared with other processes and it doesn't
// have its own memory inside the token. We can't call memcpy on this shared memory. Workaround is
// to assign Sandbox's AnonymousLogonSid to it.
// If user sid points to the end of token's UserAndGroups, the sid is not shared.
if ((Driver_OsVersion >= DRIVER_WINDOWS_8
&& Driver_OsVersion <= DRIVER_WINDOWS_10
&& Token_IsSharedSid_W8(NewTokenObject))
// When trying apply the SbieLogin token to a system process there is not enough space in the SID
// so we need to use a workaround not unlike the one for win 8
|| (RtlLengthSid(SidInToken) < RtlLengthSid(NewSid))
) {
//DbgPrint("Sbie, hack token pointer\n");
SidAndAttrsInToken->Sid = (PSID)NewSid;
}
else {
memcpy(SidInToken, NewSid, RtlLengthSid(NewSid));
}
}
}
else
status = STATUS_UNKNOWN_REVISION;
@ -1333,6 +1394,7 @@ _FX void *Token_RestrictHelper3(
BOOLEAN UserSidAlreadyInGroups = FALSE;
BOOLEAN AnonymousLogonSidAlreadyInGroups = FALSE;
// todo: should we do somethign with SandboxieLogonSid here?
n = 0;
@ -1663,11 +1725,6 @@ _FX BOOLEAN Token_ReplacePrimary(PROCESS *proc)
NTSTATUS status;
BOOLEAN ok = FALSE;
// OpenBox1 BEGIN
if (Conf_Get_Boolean(proc->box->name, L"OriginalToken", 0, FALSE))
return TRUE;
// OpenBox1 END
//
// lookup the process object to get the old primary token
//

21
Sandboxie/core/drv/util.c
View File

@ -257,6 +257,27 @@ BOOLEAN DoesRegValueExist(ULONG RelativeTo, WCHAR *Path, WCHAR *ValueName)
return (status == STATUS_SUCCESS);
}
BOOLEAN GetRegString(ULONG RelativeTo, WCHAR *Path, WCHAR *ValueName, UNICODE_STRING* pData)
{
NTSTATUS status;
RTL_QUERY_REGISTRY_TABLE qrt[2];
memzero(qrt, sizeof(qrt));
qrt[0].Flags = RTL_QUERY_REGISTRY_REQUIRED |
RTL_QUERY_REGISTRY_DIRECT |
RTL_QUERY_REGISTRY_NOVALUE |
RTL_QUERY_REGISTRY_NOEXPAND;
qrt[0].Name = ValueName;
qrt[0].EntryContext = pData;
qrt[0].DefaultType = REG_NONE;
status = RtlQueryRegistryValues(
RelativeTo, Path, qrt, NULL, NULL);
return (status == STATUS_SUCCESS);
}
void *memmem(const void *pSearchBuf,
size_t nBufSize,
const void *pPattern,

1
Sandboxie/core/drv/util.h
View File

@ -88,6 +88,7 @@ WCHAR *SearchUnicodeString(PCUNICODE_STRING pString1, PWCHAR pString2, BOOLEAN b
BOOLEAN UnicodeStringStartsWith(PCUNICODE_STRING pString1, PWCHAR pString2, BOOLEAN boolCaseInSensitive);
BOOLEAN UnicodeStringEndsWith(PCUNICODE_STRING pString1, PWCHAR pString2, BOOLEAN boolCaseInSensitive);
BOOLEAN DoesRegValueExist(ULONG RelativeTo, WCHAR *Path, WCHAR *ValueName);
BOOLEAN GetRegString(ULONG RelativeTo, WCHAR *Path, WCHAR *ValueName, UNICODE_STRING* pData);
void *memmem(const void *pSearchBuf, size_t nBufSize, const void *pPattern, size_t nPatternSize);
//---------------------------------------------------------------------------

13
Sandboxie/core/svc/ProcessServer.cpp
View File

@ -719,19 +719,6 @@ HANDLE ProcessServer::RunSandboxedGetToken(
CloseHandle(ThreadHandle);
// OpenBox1 BEGIN
if (!ok && SbieApi_QueryConfBool(NULL, L"OriginalToken", FALSE))
{
ThreadHandle = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE,
PipeServer::GetCallerProcessId());
ok = OpenProcessToken(
ThreadHandle, TOKEN_RIGHTS, &OldTokenHandle);
CloseHandle(ThreadHandle);
}
// OpenBox1 END
if (! ok) {
SetLastError(LastError);
return NULL;

BIN
Sandboxie/msgs/Sbie-English-1033.txt
View File

Binary file not shown.

BIN
Sandboxie/msgs/Text-German-1031.txt
View File

Binary file not shown.

3
SandboxiePlus/QSbieAPI/SbieAPI.cpp
View File

@ -159,6 +159,9 @@ SB_STATUS CSbieAPI::Connect(bool takeOver, bool andLoad)
m_SbiePath = GetSbieHome();
m->SbieMsgDll = LoadLibraryEx((m_SbiePath.toStdWString() + L"\\" SBIEMSG_DLL).c_str(), NULL, LOAD_LIBRARY_AS_DATAFILE);
m->lastMessageNum = 0;
m->lastRecordNum = 0;
m_bTerminate = false;
start();

5
SandboxiePlus/SandMan/Models/SbieModel.cpp
View File

@ -105,8 +105,11 @@ QList<QVariant> CSbieModel::Sync(const QMap<QString, CSandBoxPtr>& BoxList)
bool HasActive = Sync(pBox, ProcessList, New, Old, Added);
int inUse = (HasActive ? 1 : 0);
int boxType = pBoxEx && pBoxEx->HasLogApi() ? eLogApi : eNormal;
if (pBoxEx && pBoxEx->IsOpenBox())
if (pBoxEx && pBoxEx->NoAnonymousLogon())
boxType = eCyan;
if (pBoxEx && pBoxEx->HasOpenToken())
boxType = eOpenBox;// : eOpenInSys;
if (pNode->inUse != inUse || pNode->boxType != boxType)
{
pNode->inUse = inUse;

2
SandboxiePlus/SandMan/Models/SbieModel.h
View File

@ -67,7 +67,7 @@ private:
eNormal = eYelow,
eLogApi = eRed,
eOpenLogApi = eCyan,
// = eCyan,
eOpenBox = eGreen,
// = eMagenta,
// = eOrang,

4
SandboxiePlus/SandMan/SandMan.cpp
View File

@ -285,7 +285,7 @@ CSandMan::CSandMan(QWidget *parent)
m_pToolBar->addSeparator();
/*QWidget* pSpacer = new QWidget();
QWidget* pSpacer = new QWidget();
pSpacer->setSizePolicy(QSizePolicy::Expanding, QSizePolicy::Expanding);
m_pToolBar->addWidget(pSpacer);
@ -297,7 +297,7 @@ CSandMan::CSandMan(QWidget *parent)
pSupport->setTextInteractionFlags(Qt::TextBrowserInteraction);
connect(pSupport, SIGNAL(linkActivated(const QString&)), this, SLOT(OnAbout()));
m_pToolBar->addWidget(pSupport);
m_pToolBar->addWidget(new QLabel(" "));*/
m_pToolBar->addWidget(new QLabel(" "));

2
SandboxiePlus/SandMan/SandMan.h
View File

@ -10,7 +10,7 @@
#define VERSION_MJR 0
#define VERSION_MIN 2
#define VERSION_REV 1
#define VERSION_REV 2
#define VERSION_UPD 0

7
SandboxiePlus/SandMan/SbiePlusAPI.cpp
View File

@ -29,7 +29,8 @@ CBoxedProcess* CSbiePlusAPI::NewBoxedProcess(quint64 ProcessId, class CSandBox*
CSandBoxPlus::CSandBoxPlus(const QString& BoxName, class CSbieAPI* pAPI) : CSandBox(BoxName, pAPI)
{
m_bLogApiFound = false;
m_bIsOpenBox = false;
m_bNoAnonymousLogon = false;
m_bHasOpenToken = false;
}
CSandBoxPlus::~CSandBoxPlus()
@ -41,7 +42,9 @@ void CSandBoxPlus::UpdateDetails()
QStringList List = GetTextList("OpenPipePath");
m_bLogApiFound = List.contains("\\Device\\NamedPipe\\LogAPI");
m_bIsOpenBox = GetBool("OpenToken") || GetBool("UnrestrictedToken") || GetBool("UnfilteredToken") || GetBool("OriginalToken");
m_bNoAnonymousLogon = GetBool("AnonymousLogon", true) == false;
m_bHasOpenToken = GetBool("OpenToken") || GetBool("UnrestrictedToken") || GetBool("UnfilteredToken");
CSandBox::UpdateDetails();
}

6
SandboxiePlus/SandMan/SbiePlusAPI.h
View File

@ -31,10 +31,12 @@ public:
virtual void UpdateDetails();
virtual bool HasLogApi() const { return m_bLogApiFound; }
virtual bool IsOpenBox() const { return m_bIsOpenBox; }
virtual bool NoAnonymousLogon() const { return m_bNoAnonymousLogon; }
virtual bool HasOpenToken() const { return m_bHasOpenToken; }
protected:
bool m_bLogApiFound;
bool m_bIsOpenBox;
bool m_bNoAnonymousLogon;
bool m_bHasOpenToken;
};