Merge pull request #1 from sandboxie-plus/master

Update fork
2021-02-15 21:40:17 +01:00 · 2021-02-15 21:40:17 +01:00 · 3d5e098d40
parent b087d64c21 dd69d80a62
commit 3d5e098d40
96 changed files with 6672 additions and 4903 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,17 +9,45 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ## [0.7.0 / 5.48.0] - 2021-02-14
 ### Added
 - sandboxed indicator for tray icons, the tooltip now contains [#] if enabled
 - the trace log buffer can now be adjusted with "TraceBufferPages=2560"
 -- the value denotes the count of 4K large pages to be used; here for a total of 10 MB
 - new functionality for the list finder
 ### Changed
 - improved RPC debugging
 - improved IPC handling around RpcMgmtSetComTimeout; "RpcMgmtSetComTimeout=n" is now the default behaviour
 -- required exceptions have been hard-coded for specific calling DLLs
 - the LogApi dll is now using Sbie's tracing facility to log events instead of its own pipe server
 ### Fixed
 - FIXED SECURITY ISSUE: elevated sandboxed processes could access volumes/disks for reading (thanks hg421)
 - fixed crash issue around SetCurrentProcessExplicitAppUserModelID observed with GoogleUpdate.exe
 - fixed issue with resource monitor sort by timestamp
 - FIXED SECURITY ISSUE: a race condition in the driver allowed to obtain an elevated rights handle to a process (thanks typpos)
 - FIXED SECURITY ISSUE: "\RPC Control\samss lpc" is now filtered by the driver (thanks hg421)
 -- this allowed elevated processes to change passwords, delete users and alike; to disable filtering use "OpenSamEndpoint=y"
 - FIXED SECURITY ISSUE: "\Device\DeviceApi\CMApi" is now filtered by the driver (thanks hg421)
 -- this allowed elevated processes to change hardware configuration; to disable filtering use "OpenDevCMApi=y"
 ## [0.6.7 / 5.47.1] - 2021-02-01
 ### Added
- added UI Language auto detection
+- added UI language auto-detection
 ### Fixed
- fixed brave.exe is now properly recognized as chrome based not firefox based
+- fixed Brave.exe now being properly recognized as Chrome-, not Firefox-based
- fixed issue introduced in 0.6.5 with recent edge builds
+- fixed issue introduced in 0.6.5 with recent Edge builds
-- the 0.6.5 behavioure can be set ona per process basis using "RpcMgmtSetComTimeout=POPPeeper.exe,n"
+-- the 0.6.5 behaviour can be set on a per-process basis using "RpcMgmtSetComTimeout=POPPeeper.exe,n"
 - fixed grouping issues
- fixed main windows restore state from tray
+- fixed main window restore state from tray
@ -123,7 +151,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 - refactored some IPC code in the driver
 ### Fixed
- fixed issue allowing to bypass the registry isolation, present since Windows 10 Creators Update 
+- FIXED SECURITY ISSUE: the registry isolation could be bypassed, present since Windows 10 Creators Update
 - fixed creation time not always being properly updated in the SandMan UI
@ -163,12 +191,12 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ## [0.5.4 / 5.46.0] - 2021-01-06
 ### Added
- Sandboxie now strips particularly problematic privileges from sandboxed system tokens
+- FIXED SECURITY ISSUE: Sandboxie now strips particularly problematic privileges from sandboxed system tokens
 -- with those a process could attempt to bypass the sandbox isolation (thanks Diversenok)
 -- old legacy behaviour can be enabled with "StripSystemPrivileges=n" (absolutely NOT Recommended) 
 - added new isolation options "ClosePrintSpooler=y" and "OpenSmartCard=n" 
 -- those resources are open by default but for a hardened box it’s desired to close them
- added print spooler filter to prevent printers from being set up outside the sandbox
+- FIXED SECURITY ISSUE: added print spooler filter to prevent printers from being set up outside the sandbox
 -- the filter can be disabled with "OpenPrintSpooler=y"
 - added overwrite prompt when recovering an already existing file
 - added "StartProgram=", "StartService=" and "AutoExec=" options to the SandMan UI
@ -184,10 +212,10 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 - Improved Resource Monitor status strings
 ### Fixed
- fixed a critical issue that allowed to create processes outside the sandbox (thanks Diversenok)
+- FIXED SECURITY ISSUE: processes could spawn processes outside the sandbox (thanks Diversenok)
- fixed issues with dynamic IPC port handling that allowed to bypass IPC isolation
+- FIXED SECURITY ISSUE: bug in the dynamic IPC port handling allowed to bypass IPC isolation
 - fixed issue with IPC tracing
- fixed CVE-2019-13502 "\RPC Control\LSARPC_ENDPOINT" is now filtered by the driver (thanks Diversenok)
+- FIXED SECURITY ISSUE: CVE-2019-13502 "\RPC Control\LSARPC_ENDPOINT" is now filtered by the driver (thanks Diversenok)
 -- this allowed some system options to be changed, to disable filtering use "OpenLsaEndpoint=y"
 - fixed hooking issues SBIE2303 with Chrome, Edge and possibly others
 - fixed failed check for running processes when performing snapshot operations
@ -552,9 +580,9 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ### Fixed
 - added missing PreferExternalManifest initialization to portable mode
- fixed permission issues with sandboxed system processes
+- FIXED SECURITY ISSUE: fixed permission issues with sandboxed system processes
 -- Note: you can use "ExposeBoxedSystem=y" for the old behaviour (debug option)
- fixed missing SCM access check for sandboxed services
+- FIXED SECURITY ISSUE: fixed missing SCM access check for sandboxed services (thanks Diversenok)
 -- Note: to disable the access check use "UnrestrictedSCM=y" (debug option)
 - fixed missing initialization in service server that caused sandboxed programs to crash when querying service status
 - fixed many bugs that caused the SbieDrv.sys to BSOD when run with MSFT Driver Verifier active
@ -613,7 +641,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 - Sbie driver now first checks the home path for the Sbie ini before checking SystemRoot
 ### Fixed
- Fixed a resource leak when running sandboxed
+- FIXED SECURITY ISSUE: sandboxed processes could obtain a write handle on non sandboxed processes (thanks Diversenok)
 -- this allowed to inject code in non sandboxed processes
 - Fixed issue boxed services not starting when the path contained a space
 - NtQueryInformationProcess now returns the proper sandboxed path for sandboxed processes
@ -641,3 +670,4 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ### Fixed
 - fixed "Windows Installer Service could not be accessed" that got introduced with Windows 1903
--- a/Sandboxie/apps/common/Common.vcxproj
+++ b/Sandboxie/apps/common/Common.vcxproj
@ -103,6 +103,7 @@
  <ItemGroup>
  </ItemGroup>
  <ItemGroup>
    <ClCompile Include="..\..\common\my_ntdll.c" />
    <ClCompile Include="BoxOrder.c" />
    <ClCompile Include="DlgTmplRtl.cpp" />
    <ClCompile Include="MyFileOp.c" />
@ -110,7 +111,9 @@
    <ClCompile Include="MyMsgBox.c" />
  </ItemGroup>
  <ItemGroup>
    <ClInclude Include="..\..\common\my_shlwapi.h" />
    <ClInclude Include="..\..\common\my_version.h" />
    <ClInclude Include="..\..\common\my_xeb.h" />
    <ClInclude Include="BoxOrder.h" />
    <ClInclude Include="CommonUtils.h" />
    <ClInclude Include="MyGdi.h" />
--- a/Sandboxie/apps/control/AppPage.cpp
+++ b/Sandboxie/apps/control/AppPage.cpp
@ -148,11 +148,11 @@ CAppPage::CAppPage(TMPL_INFO *info, const CString &BoxName)
        if (m_tmpl_info.ClassModifier & MODIF_IEXPLORE)
            m_titleForPage = L"Internet Explorer";
        if (m_tmpl_info.ClassModifier & MODIF_EDGE)
-            m_titleForPage = "Microsoft Edge";
+            m_titleForPage = L"Microsoft Edge";
        if (m_tmpl_info.ClassModifier & MODIF_FIREFOX)
-            m_titleForPage = L"Firefox";
+            m_titleForPage = L"Mozilla Firefox";
        if (m_tmpl_info.ClassModifier & MODIF_CHROME)
-            m_titleForPage = "Google Chrome";
+            m_titleForPage = L"Google Chrome";
        if (m_tmpl_info.ClassModifier & MODIF_OTHERWB)
            m_titleForPage = CMyMsg(MSG_4357);
@ -1002,7 +1002,7 @@ void CAppPage::AddPages(CPropertySheet &sheet, const CString &BoxName)
    m_app_pages.AddTail(new CAppPage(&info, BoxName));
    info.ClassModifier = MODIF_EDGE;                    // Microsoft Edge
    m_app_pages.AddTail(new CAppPage(&info, BoxName));
-    info.ClassModifier = MODIF_FIREFOX;                 // Firefox
+    info.ClassModifier = MODIF_FIREFOX;                 // Mozilla Firefox
    m_app_pages.AddTail(new CAppPage(&info, BoxName));
    info.WithLink = TRUE;
    info.ClassModifier |= MODIF_ADDONS;                 // Firefox Add-ons
@ -1135,7 +1135,7 @@ void CAppPage::UpdateTemplates(CBox &box)
    UpdateEmailTemplates(box);
    //
-    // finaly, enable default templates
+    // finally, enable default templates
    //
    SetDefaultTemplates6(box);
@ -1169,38 +1169,49 @@ void CAppPage::UpdateWebTemplates(CBox &box)
    // find and remove:
    //      OpenFilePath=seamonkey.exe,%AppData%\Mozilla\Profiles\*\bookmark*
    //      OpenFilePath=seamonkey.exe,%AppData%\Mozilla\Profiles\*\places*
    //      OpenFilePath=seamon~1.exe,%AppData%\Mozilla\Profiles\*\bookmark*
    //      OpenFilePath=seamon~1.exe,%AppData%\Mozilla\Profiles\*\places*
    //
    // replace with:    Template=SeaMonkey_Bookmarks_DirectAccess
    //
-    //const CString &SeaMonkeyTemplate(L"SeaMonkey_Bookmarks_DirectAccess");
+    const CString &SeaMonkeyTemplate(L"SeaMonkey_Bookmarks_DirectAccess");
-    //const CString &SeaMonkeyPath1(
+    const CString &SeaMonkeyPath1(
-    //    L"%AppData%\\Mozilla\\Profiles\\*\\bookmark*");
+        L"%AppData%\\Mozilla\\SeaMonkey\\Profiles\\*\\bookmark*");
-    //const CString &SeaMonkeyPath2(
+    const CString &SeaMonkeyPath2(
-    //    L"%AppData%\\Mozilla\\Profiles\\*\\places*");
+        L"%AppData%\\Mozilla\\SeaMonkey\\Profiles\\*\\places*");
-    //UpdateTemplates2(
+    UpdateTemplates2(
-    //    box, L"seamonkey.exe", SeaMonkeyTemplate,
+        box, L"seamonkey.exe", SeaMonkeyTemplate,
-    //    SeaMonkeyPath1, SeaMonkeyPath2);
+        SeaMonkeyPath1, SeaMonkeyPath2);
    //UpdateTemplates2(
    //    box, L"seamon~1.exe", SeaMonkeyTemplate,
    //    SeaMonkeyPath1, SeaMonkeyPath2);
    //
    // find and remove:
-    //      OpenFilePath=opera.exe,%AppData%\Opera\Opera\Profile\opera6.adr
+    //      OpenFilePath=opera.exe,%AppData%\Opera Software\Opera Stable\Bookmarks
-    //      OpenFilePath=opera.exe,%AppData%\Opera\Opera\Profile\notes.adr
+    //      OpenFilePath=opera.exe,%AppData%\Opera Software\Opera Stable\Bookmarks.bak
    //      OpenFilePath=opera.exe,%AppData%\Opera Software\Opera Stable\BookmarksExtras
    //
-    // replace with:    Template=SeaMonkey_Bookmarks_DirectAccess
+    // replace with:    Template=Opera_Bookmarks_DirectAccess
    //
-    //UpdateTemplates2(
+    const CString &OperaBookmarksTmpl(L"Opera_Bookmarks_DirectAccess");
-    //    box, L"opera.exe", L"Opera_Bookmarks_DirectAccess",
+    const CString &OperaBookmarks1(L"%AppData%\\Opera Software\\Opera Stable\\Bookmarks");
-    //    L"%AppData%\\Opera\\Opera\\Profile\\opera6.adr",
+    const CString &OperaBookmarks2(L"%AppData%\\Opera Software\\Opera Stable\\Bookmarks.bak");
-    //    L"%AppData%\\Opera\\Opera\\Profile\\notes.adr");
+    const CString &OperaBookmarks3(L"%AppData%\\Opera Software\\Opera Stable\\BookmarksExtras");
    UpdateTemplates2(
        box, L"opera.exe", OperaBookmarksTmpl, OperaBookmarks1, OperaBookmarks2);
    UpdateTemplates2(
        box, L"opera.exe", OperaBookmarksTmpl, OperaBookmarks3, OperaBookmarks3);
    //
    // find and remove invalid OpenFilePath reference:
    //      OpenFilePath=bookmarks.exe,bookmarks*
    //
    const CString &InvalidEntry1(L"bookmarks*");
    UpdateTemplates2(
        box, L"bookmarks.exe", L'\0', InvalidEntry1, InvalidEntry1);
 }
@ -1211,51 +1222,6 @@ void CAppPage::UpdateWebTemplates(CBox &box)
 void CAppPage::UpdateEmailTemplates(CBox &box)
 {
    //
    // find and remove:
    //      OpenFilePath=msimn.exe,%AppData%\Identities
    //      OpenFilePath=msimn.exe,%Local AppData%\Identities
    //      OpenFilePath=msimn.exe,%AppData%\Microsoft\Address Book
    //      OpenFilePath=msimn.exe,*.eml
    //
    // replace with:    Template=Outlook_Express
    //
    // discard:
    //      OpenKeyPath=msimn.exe,HKEY_CURRENT_USER\Identities
    //      OpenKeyPath=msimn.exe,
    //          HKEY_CURRENT_USER\Software\Microsoft\Outlook Express
    //      OpenKeyPath=msimn.exe,
    //          HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager
    //      OpenKeyPath=msimn.exe,
    //          HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express
    //      OpenKeyPath=msimn.exe,
    //          HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\
    //          Outlook Express
    //
    //CStringList _OutlookExpressFiles;
    //CStringList _OutlookExpressKeys;
    //_OutlookExpressFiles.AddTail(L"%AppData%\\Identities");
    //_OutlookExpressFiles.AddTail(L"%Local AppData%\\Identities");
    //_OutlookExpressFiles.AddTail(L"%AppData%\\Microsoft\\Address Book");
    //_OutlookExpressFiles.AddTail(L"*.eml");
    //_OutlookExpressKeys.AddTail(L"HKEY_CURRENT_USER\\Identities");
    //_OutlookExpressKeys.AddTail(
    //    L"HKEY_CURRENT_USER\\Software\\Microsoft\\Outlook Express");
    //_OutlookExpressKeys.AddTail(
    //    L"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Account Manager");
    //_OutlookExpressKeys.AddTail(
    //    L"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Outlook Express");
    //_OutlookExpressKeys.AddTail(
    //    L"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\"
    //    L"Microsoft\\Outlook Express");
    //UpdateTemplates3(
    //    box, L"msimn.exe", L"Outlook_Express",
    //    _OutlookExpressFiles, _OutlookExpressKeys);
    //
    // find and remove:
    //      OpenFilePath=outlook.exe,%AppData%\Microsoft\Outlook
@ -1383,15 +1349,10 @@ void CAppPage::UpdateEmailTemplates(CBox &box)
        box, L"thunderbird.exe", _Thunderbird,
        _ThunderbirdFiles, _ThunderbirdKeys);
    //UpdateTemplates3(
    //    box, L"thunde~1.exe", _Thunderbird,
    //    _ThunderbirdFiles, _ThunderbirdKeys);
    //
    // find and remove:
    //      OpenFilePath=seamonkey.exe,%AppData%\Mozilla\Profiles\*\Mail*
-    //      OpenFilePath=seamonkey.exe,
+    //      OpenFilePath=seamonkey.exe,%Local AppData%\Mozilla\Profiles\*\Mail*
    //          %Local AppData%\Mozilla\Profiles\*\Mail*
    //
    // replace with:    Template=SeaMonkey
    //
@ -1423,10 +1384,6 @@ void CAppPage::UpdateEmailTemplates(CBox &box)
        box, L"seamonkey.exe", _SeaMonkey,
        _SeaMonkeyFiles, _SeaMonkeyKeys);
    //UpdateTemplates3(
    //    box, L"seamon~1.exe", _SeaMonkey,
    //    _SeaMonkeyFiles, _SeaMonkeyKeys);
    //
    // find and remove:
    //      OpenFilePath=opera.exe,%AppData%\Opera\Opera\mail
@ -1434,10 +1391,10 @@ void CAppPage::UpdateEmailTemplates(CBox &box)
    // replace with:    Template=Opera_Mail
    //
-    CString _OperaPath1(L"%AppData%\\Opera\\Opera\\mail");
+    CString _OperaMailPath1(L"%AppData%\\Opera\\Opera\\mail");
    UpdateTemplates2(
-        box, L"opera.exe", L"Opera_Mail", _OperaPath1, _OperaPath1);
+        box, L"opera.exe", L"Opera_Mail", _OperaMailPath1, _OperaMailPath1);
 }
@ -1582,6 +1539,6 @@ void CAppPage::SetDefaultTemplates7(CBox &box)
 void CAppPage::SetDefaultTemplates8(CBox& box)
 {
-    box.EnableTemplate(L"FileCppy", TRUE);
+    box.EnableTemplate(L"FileCopy", TRUE);
    box.EnableTemplate(L"SkipHook", TRUE);
 }
--- a/Sandboxie/apps/control/BorderGuard.cpp
+++ b/Sandboxie/apps/control/BorderGuard.cpp
@ -38,6 +38,7 @@ struct BoxBorderParms {
    WCHAR boxname[48];
    COLORREF color;
    BOOL title;
    int width;
 };
@ -468,12 +469,13 @@ void CBorderGuard::RefreshBorder(
    else
        ah += desktop->bottom;
-    int bb = 6;
+    //int bb = 6;
-    if (rect->left   <= desktop->left &&
+    //if (rect->left   <= desktop->left &&
-        rect->top    <= desktop->top  &&
+    //    rect->top    <= desktop->top  &&
-        rect->right  >= desktop->right &&
+    //    rect->right  >= desktop->right &&
-        rect->bottom >= desktop->bottom)
+    //    rect->bottom >= desktop->bottom)
-        bb = 4;
+    //    bb = 4;
    int bb = boxparm->width;
    //
    // don't display the border if any of it would be obscured by
@ -594,12 +596,14 @@ void CBorderGuard::RefreshConf2()
        if (! box.GetName().IsEmpty()) {
            COLORREF color;
            BOOL title;
-            BOOL enabled = box.GetBorder(&color, &title);
+            int width;
            BOOL enabled = box.GetBorder(&color, &title, &width);
            if (enabled) {
                boxparm = new BoxBorderParms;
                wcscpy(boxparm->boxname, box.GetName());
                boxparm->color = color;
                boxparm->title = title;
                boxparm->width = width;
                m_boxes.Add(boxparm);
            }
        }
--- a/Sandboxie/apps/control/Box.cpp
+++ b/Sandboxie/apps/control/Box.cpp
@ -77,8 +77,8 @@ static const CString _NotifyInternetAccessDenied(
 static const CString _NotifyStartRunAccessDenied(
                                            L"NotifyStartRunAccessDenied");
-static const WCHAR *BorderColor_off = L",off";
+//static const WCHAR *BorderColor_off = L",off";
-static const WCHAR *BorderColor_ttl = L",ttl";
+//static const WCHAR *BorderColor_ttl = L",ttl";
 //---------------------------------------------------------------------------
@ -278,7 +278,7 @@ void CBox::SetDefaultSettings()
    }
    if (ok)
-        ok = SetBorder(TRUE, RGB(255,255,0), TRUE);
+        ok = SetBorder(TRUE, RGB(255,255,0), TRUE, 6);
 done:
@ -1226,9 +1226,9 @@ BOOL CBox::SetBoxNameTitle(UCHAR enabled)
 //---------------------------------------------------------------------------
-BOOL CBox::GetBorder(COLORREF *color, BOOL *title)
+BOOL CBox::GetBorder(COLORREF *color, BOOL *title, int* width)
 {
-    *color = RGB(255,255,0);
+    /*color = RGB(255,255,0);
    *title = FALSE;
    CString text;
@ -1253,7 +1253,9 @@ BOOL CBox::GetBorder(COLORREF *color, BOOL *title)
    } else if (text.Mid(7).CompareNoCase(BorderColor_off) == 0)
        return FALSE;
-    return TRUE;
+    return TRUE;*/
    return SbieDll_GetBorderColor(m_name, color, title, width);
 }
@ -1262,14 +1264,17 @@ BOOL CBox::GetBorder(COLORREF *color, BOOL *title)
 //---------------------------------------------------------------------------
-BOOL CBox::SetBorder(BOOL enabled, COLORREF color, BOOL title)
+BOOL CBox::SetBorder(BOOL enabled, COLORREF color, BOOL title, int width)
 {
    WCHAR text[32];
-    swprintf(text, L"#%06X", color);
+    swprintf(text, L"#%06X,%s,%d", color, !enabled ? L"off" : (title ? L"ttl" : L"on"), width);
    /*swprintf(text, L"#%06X", color);
    if (title)
        wcscat(text, BorderColor_ttl);
    if (! enabled)
-        wcscat(text, BorderColor_off);
+        wcscat(text, BorderColor_off);*/
    CSbieIni &ini = CSbieIni::GetInstance();
    return ini.SetText(m_name, _BorderColor, text);
 }
--- a/Sandboxie/apps/control/Box.h
+++ b/Sandboxie/apps/control/Box.h
@ -104,8 +104,8 @@ public:
    UCHAR GetBoxNameTitle() const;
    BOOL SetBoxNameTitle(UCHAR enabled);
-    BOOL GetBorder(COLORREF *color, BOOL *title);
+    BOOL GetBorder(COLORREF *color, BOOL *title, int *width);
-    BOOL SetBorder(BOOL enabled, COLORREF color, BOOL title);
+    BOOL SetBorder(BOOL enabled, COLORREF color, BOOL title, int width);
    BOOL GetSetBlock(WCHAR type, BOOL set, BOOL newval = FALSE);
--- a/Sandboxie/apps/control/BoxPage.cpp
+++ b/Sandboxie/apps/control/BoxPage.cpp
@ -96,6 +96,7 @@ BEGIN_MESSAGE_MAP(CBoxPage, CPropertyPage)
    ON_COMMAND(ID_SHOW_BORDER,                  Appearance_OnShowBorder)
    ON_COMMAND(ID_BORDER_COLOR,                 Appearance_OnBorderColor)
    ON_COMMAND(ID_BORDER_TITLE,                 Appearance_OnBorderTitle)
    ON_CONTROL(EN_CHANGE, ID_BORDER_WIDTH,      OnModified)
    ON_COMMAND(ID_DELETE_AUTO,                  AutoDelete_OnAuto)
    ON_COMMAND(ID_DELETE_NEVER,                 AutoDelete_OnNever)
@ -920,9 +921,17 @@ void CBoxPage::Appearance_OnInitDialog(CBox &box)
    }
    BOOL title;
-    BOOL enabled = box.GetBorder(&Appearance_BorderColor, &title);
+    int width;
    BOOL enabled = box.GetBorder(&Appearance_BorderColor, &title, &width);
    if (! enabled)
        GetDlgItem(ID_BORDER_COLOR)->ShowWindow(SW_HIDE);
    CEdit* edit = (CEdit*)GetDlgItem(ID_BORDER_WIDTH);
    edit->SetLimitText(3);
    CString str;
    str.Format(L"%d", width);
    edit->SetWindowText(str);
    Appearance_SetBorderColor();
    CButton *pCheckBox3 = (CButton *)GetDlgItem(ID_SHOW_BORDER);
@ -956,7 +965,10 @@ void CBoxPage::Appearance_OnOK(CBox &box)
        CButton *pCheckBox4 = (CButton *)GetDlgItem(ID_BORDER_TITLE);
        BOOL enable = (pCheckBox3->GetCheck() == BST_CHECKED ? TRUE : FALSE);
        BOOL title  = (pCheckBox4->GetCheck() == BST_CHECKED ? TRUE : FALSE);
-        ok = box.SetBorder(enable, Appearance_BorderColor, title);
+        CString str;
        GetDlgItem(ID_MIGRATE_KB)->GetWindowText(str);
        int width = _wtoi(str);
        ok = box.SetBorder(enable, Appearance_BorderColor, title, width);
    }
    if (ok)
--- a/Sandboxie/apps/control/MonitorDialog.cpp
+++ b/Sandboxie/apps/control/MonitorDialog.cpp
@ -117,7 +117,8 @@ void CMonitorDialog::OnIdle()
 		ULONG seq_num = m_last_entry_seq_num;
        USHORT type;
 		ULONG64 pid;
-        ULONG status = SbieApi_MonitorGetEx(&seq_num, &type, &pid, &name[12]);
+        ULONG64 tid;
        ULONG status = SbieApi_MonitorGetEx(&seq_num, &type, &pid, &tid, &name[12]);
 		if (status != 0)
 			break; // error or no more entries
--- a/Sandboxie/apps/control/SbieControl.rc
+++ b/Sandboxie/apps/control/SbieControl.rc
--- a/Sandboxie/apps/control/resource.h
+++ b/Sandboxie/apps/control/resource.h
@ -15,6 +15,7 @@
 #define ID_SANDBOX_RUN_MENU             11
 #define ID_SANDBOX_RUN_EXPLORER         13
 #define ID_SANDBOX_MENU_SIZE            15
 #define ID_BORDER_WIDTH                 1001
 #define ID_SANDBOX_REVEAL               9990
 #define ID_SANDBOX_SET_LAYOUT           9997
 #define ID_SANDBOX_SET_FOLDER           9998
@ -249,9 +250,9 @@
 // 
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
-#define _APS_NEXT_RESOURCE_VALUE        104
+#define _APS_NEXT_RESOURCE_VALUE        105
 #define _APS_NEXT_COMMAND_VALUE         40013
-#define _APS_NEXT_CONTROL_VALUE         1001
+#define _APS_NEXT_CONTROL_VALUE         1002
 #define _APS_NEXT_SYMED_VALUE           103
 #endif
 #endif
--- a/Sandboxie/common/my_version.h
+++ b/Sandboxie/common/my_version.h
@ -21,9 +21,9 @@
 #ifndef _MY_VERSION_H
 #define _MY_VERSION_H
-#define MY_VERSION_BINARY       5,47,1
+#define MY_VERSION_BINARY       5,48,0
-#define MY_VERSION_STRING       "5.47.1"
+#define MY_VERSION_STRING       "5.48.0"
-#define MY_VERSION_COMPAT		"5.46.0" // this refers to the driver ABI compatibility
+#define MY_VERSION_COMPAT		"5.48.0" // this refers to the driver ABI compatibility
 // These #defines are used by either Resource Compiler, or by NSIC installer
 #define SBIE_INSTALLER_PATH		"..\\Bin\\"
--- a/Sandboxie/common/my_xeb.h
+++ b/Sandboxie/common/my_xeb.h
@ -0,0 +1,388 @@
 /*
 * Copyright 2020-2021 DavidXanatos, xanasoft.com
 *
 * This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation, either version 3 of the License, or
 *   (at your option) any later version.
 *
 *   This program is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 #ifndef _XEB_
 #define _XEB_
 #define GDI_HANDLE_BUFFER_SIZE32  34
 #define GDI_HANDLE_BUFFER_SIZE64  60
 #if !defined(_M_X64)
 #define GDI_HANDLE_BUFFER_SIZE      GDI_HANDLE_BUFFER_SIZE32
 #else
 #define GDI_HANDLE_BUFFER_SIZE      GDI_HANDLE_BUFFER_SIZE64
 #endif
 typedef ULONG GDI_HANDLE_BUFFER32[GDI_HANDLE_BUFFER_SIZE32];
 typedef ULONG GDI_HANDLE_BUFFER64[GDI_HANDLE_BUFFER_SIZE64];
 typedef ULONG GDI_HANDLE_BUFFER[GDI_HANDLE_BUFFER_SIZE];
 typedef struct _PEB_LDR_DATA
 {
 	ULONG Length;
 	BOOLEAN Initialized;
 	HANDLE SsHandle;
 	LIST_ENTRY InLoadOrderModuleList;
 	LIST_ENTRY InMemoryOrderModuleList;
 	LIST_ENTRY InInitializationOrderModuleList;
 	PVOID EntryInProgress;
 	BOOLEAN ShutdownInProgress;
 	HANDLE ShutdownThreadId;
 } PEB_LDR_DATA, *PPEB_LDR_DATA;
 typedef struct _PEB
 {
 	BOOLEAN InheritedAddressSpace;
 	BOOLEAN ReadImageFileExecOptions;
 	BOOLEAN BeingDebugged;
 	union
 	{
 		BOOLEAN BitField;
 		struct
 		{
 			BOOLEAN ImageUsesLargePages : 1;
 			BOOLEAN IsProtectedProcess : 1;
 			BOOLEAN IsLegacyProcess : 1;
 			BOOLEAN IsImageDynamicallyRelocated : 1;
 			BOOLEAN SkipPatchingUser32Forwarders : 1;
 			BOOLEAN SpareBits : 3;
 		};
 	};
 	HANDLE Mutant;
 	PVOID ImageBaseAddress;
 	PPEB_LDR_DATA Ldr;
 	PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
 	PVOID SubSystemData;
 	PVOID ProcessHeap;
 	PRTL_CRITICAL_SECTION FastPebLock;
 	PVOID AtlThunkSListPtr;
 	PVOID IFEOKey;
 	union
 	{
 		ULONG CrossProcessFlags;
 		struct
 		{
 			ULONG ProcessInJob : 1;
 			ULONG ProcessInitializing : 1;
 			ULONG ProcessUsingVEH : 1;
 			ULONG ProcessUsingVCH : 1;
 			ULONG ProcessUsingFTH : 1;
 			ULONG ReservedBits0 : 27;
 		};
 		ULONG EnvironmentUpdateCount;
 	};
 	union
 	{
 		PVOID KernelCallbackTable;
 		PVOID UserSharedInfoPtr;
 	};
 	ULONG SystemReserved[1];
 	ULONG AtlThunkSListPtr32;
 	PVOID ApiSetMap;
 	ULONG TlsExpansionCounter;
 	PVOID TlsBitmap;
 	ULONG TlsBitmapBits[2];
 	PVOID ReadOnlySharedMemoryBase;
 	PVOID HotpatchInformation;
 	PVOID *ReadOnlyStaticServerData;
 	PVOID AnsiCodePageData;
 	PVOID OemCodePageData;
 	PVOID UnicodeCaseTableData;
 	ULONG NumberOfProcessors;
 	ULONG NtGlobalFlag;
 	LARGE_INTEGER CriticalSectionTimeout;
 	SIZE_T HeapSegmentReserve;
 	SIZE_T HeapSegmentCommit;
 	SIZE_T HeapDeCommitTotalFreeThreshold;
 	SIZE_T HeapDeCommitFreeBlockThreshold;
 	ULONG NumberOfHeaps;
 	ULONG MaximumNumberOfHeaps;
 	PVOID *ProcessHeaps;
 	PVOID GdiSharedHandleTable;
 	PVOID ProcessStarterHelper;
 	ULONG GdiDCAttributeList;
 	PRTL_CRITICAL_SECTION LoaderLock;
 	ULONG OSMajorVersion;
 	ULONG OSMinorVersion;
 	USHORT OSBuildNumber;
 	USHORT OSCSDVersion;
 	ULONG OSPlatformId;
 	ULONG ImageSubsystem;
 	ULONG ImageSubsystemMajorVersion;
 	ULONG ImageSubsystemMinorVersion;
 	ULONG_PTR ImageProcessAffinityMask;
 	GDI_HANDLE_BUFFER GdiHandleBuffer;
 	PVOID PostProcessInitRoutine;
 	PVOID TlsExpansionBitmap;
 	ULONG TlsExpansionBitmapBits[32];
 	ULONG SessionId;
 	ULARGE_INTEGER AppCompatFlags;
 	ULARGE_INTEGER AppCompatFlagsUser;
 	PVOID pShimData;
 	PVOID AppCompatInfo;
 	UNICODE_STRING CSDVersion;
 	PVOID ActivationContextData;
 	PVOID ProcessAssemblyStorageMap;
 	PVOID SystemDefaultActivationContextData;
 	PVOID SystemAssemblyStorageMap;
 	SIZE_T MinimumStackCommit;
 	PVOID *FlsCallback;
 	LIST_ENTRY FlsListHead;
 	PVOID FlsBitmap;
 	ULONG FlsBitmapBits[FLS_MAXIMUM_AVAILABLE / (sizeof(ULONG) * 8)];
 	ULONG FlsHighIndex;
 	PVOID WerRegistrationData;
 	PVOID WerShipAssertPtr;
 	PVOID pContextData;
 	PVOID pImageHeaderHash;
 	union
 	{
 		ULONG TracingFlags;
 		struct
 		{
 			ULONG HeapTracingEnabled : 1;
 			ULONG CritSecTracingEnabled : 1;
 			ULONG SpareTracingBits : 30;
 		};
 	};
 } PEB, *PPEB;
 #define GDI_BATCH_BUFFER_SIZE 310
 typedef struct _GDI_TEB_BATCH {
 	ULONG	Offset;
 	UCHAR	Alignment[4];
 	ULONG_PTR HDC;
 	ULONG	Buffer[GDI_BATCH_BUFFER_SIZE];
 } GDI_TEB_BATCH, *PGDI_TEB_BATCH;
 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
 {
 	ULONG Flags;
 	PSTR FrameName;
 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
 // 17/3/2011 updated
 typedef struct _TEB_ACTIVE_FRAME
 {
 	ULONG Flags;
 	struct _TEB_ACTIVE_FRAME *Previous;
 	PTEB_ACTIVE_FRAME_CONTEXT Context;
 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
 typedef struct _TEB
 {
 	NT_TIB NtTib;
 	PVOID EnvironmentPointer;
 	CLIENT_ID ClientId;
 	PVOID ActiveRpcHandle;
 	PVOID ThreadLocalStoragePointer;
 	PPEB ProcessEnvironmentBlock;
 	ULONG LastErrorValue;
 	ULONG CountOfOwnedCriticalSections;
 	PVOID CsrClientThread;
 	PVOID Win32ThreadInfo;
 	ULONG User32Reserved[26];
 	ULONG UserReserved[5];
 	PVOID WOW32Reserved;
 	LCID CurrentLocale;
 	ULONG FpSoftwareStatusRegister;
 	PVOID SystemReserved1[54];
 	NTSTATUS ExceptionCode;
 	PVOID ActivationContextStackPointer;
 #if defined(_M_X64)
 	UCHAR SpareBytes[24];
 #else
 	UCHAR SpareBytes[36];
 #endif
 	ULONG TxFsContext;
 	GDI_TEB_BATCH GdiTebBatch;
 	CLIENT_ID RealClientId;
 	HANDLE GdiCachedProcessHandle;
 	ULONG GdiClientPID;
 	ULONG GdiClientTID;
 	PVOID GdiThreadLocalInfo;
 	ULONG_PTR Win32ClientInfo[62];
 	PVOID glDispatchTable[233];
 	ULONG_PTR glReserved1[29];
 	PVOID glReserved2;
 	PVOID glSectionInfo;
 	PVOID glSection;
 	PVOID glTable;
 	PVOID glCurrentRC;
 	PVOID glContext;
 	NTSTATUS LastStatusValue;
 	UNICODE_STRING StaticUnicodeString;
 	WCHAR StaticUnicodeBuffer[261];
 	PVOID DeallocationStack;
 	PVOID TlsSlots[64];
 	LIST_ENTRY TlsLinks;
 	PVOID Vdm;
 	PVOID ReservedForNtRpc;
 	PVOID DbgSsReserved[2];
 	ULONG HardErrorMode;
 #if defined(_M_X64)
 	PVOID Instrumentation[11];
 #else
 	PVOID Instrumentation[9];
 #endif
 	GUID ActivityId;
 	PVOID SubProcessTag;
 	PVOID EtwLocalData;
 	PVOID EtwTraceData;
 	PVOID WinSockData;
 	ULONG GdiBatchCount;
 	union
 	{
 		PROCESSOR_NUMBER CurrentIdealProcessor;
 		ULONG IdealProcessorValue;
 		struct
 		{
 			UCHAR ReservedPad0;
 			UCHAR ReservedPad1;
 			UCHAR ReservedPad2;
 			UCHAR IdealProcessor;
 		};
 	};
 	ULONG GuaranteedStackBytes;
 	PVOID ReservedForPerf;
 	PVOID ReservedForOle;
 	ULONG WaitingOnLoaderLock;
 	PVOID SavedPriorityState;
 	ULONG_PTR SoftPatchPtr1;
 	PVOID ThreadPoolData;
 	PVOID *TlsExpansionSlots;
 #if defined(_M_X64)
 	PVOID DeallocationBStore;
 	PVOID BStoreLimit;
 #endif
 	ULONG MuiGeneration;
 	ULONG IsImpersonating;
 	PVOID NlsCache;
 	PVOID pShimData;
 	ULONG HeapVirtualAffinity;
 	HANDLE CurrentTransactionHandle;
 	PTEB_ACTIVE_FRAME ActiveFrame;
 	PVOID FlsData;
 	PVOID PreferredLanguages;
 	PVOID UserPrefLanguages;
 	PVOID MergedPrefLanguages;
 	ULONG MuiImpersonation;
 	union
 	{
 		USHORT CrossTebFlags;
 		USHORT SpareCrossTebBits : 16;
 	};
 	union
 	{
 		USHORT SameTebFlags;
 		struct
 		{
 			USHORT SafeThunkCall : 1;
 			USHORT InDebugPrint : 1;
 			USHORT HasFiberData : 1;
 			USHORT SkipThreadAttach : 1;
 			USHORT WerInShipAssertCode : 1;
 			USHORT RanProcessInit : 1;
 			USHORT ClonedThread : 1;
 			USHORT SuppressDebugMsg : 1;
 			USHORT DisableUserStackWalk : 1;
 			USHORT RtlExceptionAttached : 1;
 			USHORT InitialThread : 1;
 			USHORT SpareSameTebBits : 1;
 		};
 	};
 	PVOID TxnScopeEnterCallback;
 	PVOID TxnScopeExitCallback;
 	PVOID TxnScopeContext;
 	ULONG LockCount;
 	ULONG SpareUlong0;
 	PVOID ResourceRetValue;
 } TEB, *PTEB;
 typedef struct _LDR_DATA_TABLE_ENTRY
 {
 	LIST_ENTRY InLoadOrderLinks;
 	LIST_ENTRY InMemoryOrderLinks;
 	LIST_ENTRY InInitializationOrderLinks;
 	PVOID DllBase;
 	PVOID EntryPoint;
 	ULONG SizeOfImage;
 	UNICODE_STRING FullDllName;
 	UNICODE_STRING BaseDllName;
 	ULONG Flags;
 	USHORT LoadCount;
 	USHORT TlsIndex;
 	union
 	{
 		LIST_ENTRY HashLinks;
 		struct
 		{
 			PVOID SectionPointer;
 			ULONG CheckSum;
 		};
 	};
 	union
 	{
 		ULONG TimeDateStamp;
 		PVOID LoadedImports;
 	};
 	PVOID EntryPointActivationContext;
 	PVOID PatchInformation;
 	LIST_ENTRY ForwarderLinks;
 	LIST_ENTRY ServiceTagLinks;
 	LIST_ENTRY StaticLinks;
 	PVOID ContextInformation;
 	ULONG_PTR OriginalBase;
 	LARGE_INTEGER LoadTime;
 } LDR_DATA_TABLE_ENTRY, * PLDR_DATA_TABLE_ENTRY;
 #ifndef NtCurrentPeb
 __inline struct _PEB * NtCurrentPeb() { return NtCurrentTeb()->ProcessEnvironmentBlock; }
 #endif 
 #endif // _XEB_
--- a/Sandboxie/core/dll/SboxDll32.def
+++ b/Sandboxie/core/dll/SboxDll32.def
@ -35,7 +35,7 @@ SbieApi_IsBoxEnabled=_SbieApi_IsBoxEnabled@4
 SbieApi_MonitorControl=_SbieApi_MonitorControl@8
 SbieApi_MonitorGet=_SbieApi_MonitorGet@8
-SbieApi_MonitorGetEx=_SbieApi_MonitorGetEx@16
+SbieApi_MonitorGetEx=_SbieApi_MonitorGetEx@20
 SbieApi_MonitorPut=_SbieApi_MonitorPut@8
 SbieApi_MonitorPut2=_SbieApi_MonitorPut2@12
--- a/Sandboxie/core/dll/config.c
+++ b/Sandboxie/core/dll/config.c
@ -343,3 +343,59 @@ _FX NTSTATUS Config_GetSettingsForImageName(
    return STATUS_SUCCESS;
 }
 //---------------------------------------------------------------------------
 // SbieDll_GetBorderColor
 //---------------------------------------------------------------------------
 BOOLEAN SbieDll_GetBorderColor(const WCHAR* box_name, COLORREF* color, BOOL* title, int* width)
 {
 #ifndef RGB
 #define RGB(r,g,b)          ((COLORREF)(((BYTE)(r)|((WORD)((BYTE)(g))<<8))|(((DWORD)(BYTE)(b))<<16)))
 #endif //RGB
    *color = RGB(255, 255, 0);
    if (title) *title = FALSE;
    if (width) *width = 6;
    NTSTATUS status;
    WCHAR str[32];
    status = SbieApi_QueryConfAsIs(box_name, L"BorderColor", 0, str, sizeof(str) - sizeof(WCHAR)); // BorderColor=#00ffff,ttl,6
    if (!NT_SUCCESS(status) || wcslen(str) < 7 || str[0] != L'#')
        return FALSE;
    WCHAR* ptr = str;
    WCHAR* tmp = wcschr(ptr, L',');
    if (tmp != NULL) *tmp = L'\0';
    WCHAR* endptr;
    *color = wcstol(ptr + 1, &endptr, 16);
    if (*endptr != L'\0') {
        *color = RGB(255, 255, 0);
        return FALSE;
    }
    if (tmp == NULL) return TRUE;
    ptr = tmp + 1;
    tmp = wcschr(ptr, L',');
    if (tmp != NULL) *tmp = L'\0';
    if (_wcsicmp(ptr, L"ttl") == 0)
    {
        if (title) *title = TRUE;
    }
    else if (_wcsicmp(ptr, L"off") == 0)
        return FALSE;
    if (tmp == NULL) return TRUE;
    ptr = tmp + 1;
    tmp = wcschr(ptr, L',');
    if (tmp != NULL) *tmp = L'\0';
    if (width) *width = _wtoi(ptr);
    return TRUE;
 }
--- a/Sandboxie/core/dll/file.c
+++ b/Sandboxie/core/dll/file.c
@ -2306,6 +2306,37 @@ _FX NTSTATUS File_NtCreateFile(
 // File_NtCreateFileImpl
 //---------------------------------------------------------------------------
 /*static P_NtCreateFile               __sys_NtCreateFile_ = NULL;
 _FX NTSTATUS File_MyCreateFile(
    HANDLE* FileHandle,
    ACCESS_MASK DesiredAccess,
    OBJECT_ATTRIBUTES* ObjectAttributes,
    IO_STATUS_BLOCK* IoStatusBlock,
    LARGE_INTEGER* AllocationSize,
    ULONG FileAttributes,
    ULONG ShareAccess,
    ULONG CreateDisposition,
    ULONG CreateOptions,
    void* EaBuffer,
    ULONG EaLength)
 {
    NTSTATUS status = __sys_NtCreateFile_(
        FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock,
        AllocationSize, FileAttributes, ShareAccess, CreateDisposition,
        CreateOptions, EaBuffer, EaLength);
    if (ObjectAttributes && ObjectAttributes->ObjectName && ObjectAttributes->ObjectName->Buffer
        && _wcsicmp(ObjectAttributes->ObjectName->Buffer, L"\\??\\C:") == 0)
    {
        DebugBreak();
    }
    status = StopTailCallOptimization(status);
    return status;
 }*/
 _FX NTSTATUS File_NtCreateFileImpl(
    HANDLE *FileHandle,
@ -2345,6 +2376,12 @@ _FX NTSTATUS File_NtCreateFileImpl(
    //  //   __debugbreak();
    //}
    //if (__sys_NtCreateFile_ == NULL)
    //{
    //    __sys_NtCreateFile_ = __sys_NtCreateFile;
    //    __sys_NtCreateFile = File_MyCreateFile;
    //}
    //
    // if this is a recursive invocation of NtCreateFile,
    // then pass it as-is down the chain
@ -2471,6 +2508,22 @@ ReparseLoop:
                    CreateOptions &= ~FILE_DELETE_ON_CLOSE;
                    DesiredAccess &= ~FILE_DENIED_ACCESS;
                    //
                    // If this is an access on a raw disk device, adapt the requested permissions to what the drivers permits
                    //
                    if (ObjectAttributes->ObjectName && &ObjectAttributes->ObjectName->Buffer != NULL && ObjectAttributes->ObjectName->Length > (4 * sizeof(WCHAR))
                        && wcsncmp(ObjectAttributes->ObjectName->Buffer, L"\\??\\", 4) == 0
                        && (DesiredAccess & ~(SYNCHRONIZE | READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES)) != 0)
                    {
                        if ((ObjectAttributes->ObjectName->Length == (6 * sizeof(WCHAR)) && ObjectAttributes->ObjectName->Buffer[5] == L':') // \??\C:
                            || wcsncmp(&ObjectAttributes->ObjectName->Buffer[4], L"PhysicalDrive", 13) == 0 // \??\PhysicalDrive1
                            || wcsncmp(&ObjectAttributes->ObjectName->Buffer[4], L"Volume", 6) == 0) // \??\Volume{2b985816-4b6f-11ea-bd33-48a4725d5bbe}
                        {
                            DesiredAccess &= (SYNCHRONIZE | READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES);
                        }
                    }
                    status = __sys_NtCreateFile(
                        FileHandle, DesiredAccess, ObjectAttributes,
                        IoStatusBlock, AllocationSize, FileAttributes,
--- a/Sandboxie/core/dll/file_copy.c
+++ b/Sandboxie/core/dll/file_copy.c
@ -49,7 +49,7 @@ static LIST File_MigrationOptions[NUM_COPY_MODES];
 static BOOLEAN File_MigrationDenyWrite = FALSE;
-static ULONG File_CopyLimitKb = (80 * 1024);        // 80 MB
+static ULONGLONG File_CopyLimitKb = (80 * 1024);        // 80 MB
 static BOOLEAN File_CopyLimitSilent = FALSE;
 //---------------------------------------------------------------------------
@ -128,7 +128,7 @@ found_match:
    // if tere is no configuration for this file type/path decide based on the file size
    //
-    if (File_CopyLimitKb == -1 || file_size < (File_CopyLimitKb * 1024))
+    if (File_CopyLimitKb == -1 || file_size < ((ULONGLONG)File_CopyLimitKb * 1024))
        return FILE_COPY_CONTENT;
    //
@ -223,7 +223,7 @@ _FX void File_InitCopyLimit(void)
    if (NT_SUCCESS(status)) {
        ULONGLONG num = _wtoi64(str);
        if (num)
-            File_CopyLimitKb = (num > 0x000000007fffffff) ? -1 : (ULONG)num;
+            File_CopyLimitKb = (num > 0x000000007fffffff) ? -1 : num;
        else
            SbieApi_Log(2207, _CopyLimitKb);
    }
--- a/Sandboxie/core/dll/gui_p.h
+++ b/Sandboxie/core/dll/gui_p.h
@ -454,6 +454,8 @@ extern BOOLEAN Gui_RenameClasses;
 extern BOOLEAN Gui_OpenAllWinClasses;   // not running in a restricted job
 extern BOOLEAN Gui_DisableTitle;
 extern ULONG Gui_BoxNameTitleLen;
 extern WCHAR* Gui_BoxNameTitleW;
 extern ATOM Gui_DropTargetProp_Atom;
 extern ATOM Gui_WindowProcOldW_Atom;
--- a/Sandboxie/core/dll/guititle.c
+++ b/Sandboxie/core/dll/guititle.c
@ -51,7 +51,7 @@ const UCHAR *Gui_TitleSuffixA = TITLE_SUFFIX_A;
 static ULONG Gui_TitleSuffixA_len = 0;
 ULONG Gui_BoxNameTitleLen = 0;
-static WCHAR *Gui_BoxNameTitleW = NULL;
+WCHAR *Gui_BoxNameTitleW = NULL;
 static ANSI_STRING Gui_BoxNameTitleA;
--- a/Sandboxie/core/dll/proc.c
+++ b/Sandboxie/core/dll/proc.c
@ -395,9 +395,6 @@ _FX BOOLEAN Proc_Init(void)
            SBIEDLL_HOOK(Proc_, SetProcessMitigationPolicy);
    }
 	// OriginalToken BEGIN
 	if (!SbieApi_QueryConfBool(NULL, L"OriginalToken", FALSE))
 	// OriginalToken END
    if(Dll_OsBuild < 17677) {
        SBIEDLL_HOOK(Proc_,CreateProcessInternalW);
@ -752,6 +749,21 @@ _FX BOOL Proc_CreateProcessInternalW(
        }
    }
    // OriginalToken BEGIN
    if (SbieApi_QueryConfBool(NULL, L"OriginalToken", FALSE))
    {
        ok = __sys_CreateProcessInternalW(
            hToken, lpApplicationName, lpCommandLine,
            lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags,
            lpEnvironment, lpCurrentDirectory,
            lpStartupInfo, lpProcessInformation, hNewToken);
        err = GetLastError();
        goto finish;
    }
    // OriginalToken END
    //
    // create the new process
    //
@ -1208,6 +1220,21 @@ _FX BOOL Proc_CreateProcessInternalW_RS5(
        }
    }
    // OriginalToken BEGIN
    if (SbieApi_QueryConfBool(NULL, L"OriginalToken", FALSE))
    {
        ok = __sys_CreateProcessInternalW_RS5(
            hToken, lpApplicationName, lpCommandLine,
            lpProcessAttributes, lpThreadAttributes, bInheritHandles,
            dwCreationFlags, lpEnvironment, lpCurrentDirectory,
            lpStartupInfo, lpProcessInformation, hNewToken);
        err = GetLastError();
        goto finish;
    }
    // OriginalToken END
    if (!(dwCreationFlags & CREATE_SUSPENDED))
        resume_thread = TRUE;
    dwCreationFlags |= CREATE_SUSPENDED;
@ -1338,6 +1365,8 @@ _FX BOOL Proc_CreateProcessInternalW_RS5(
    // handle CreateProcessInternal returning ERROR_ELEVATION_REQUIRED
    //
 finish:
    --TlsData->proc_create_process;
    if ((!ok) && (err == ERROR_ELEVATION_REQUIRED)) {
--- a/Sandboxie/core/dll/rpcrt.c
+++ b/Sandboxie/core/dll/rpcrt.c
@ -29,7 +29,7 @@
 #include <psapi.h>
 #define INITGUID
 #include <guiddef.h>
-
+#include "trace.h"
 //---------------------------------------------------------------------------
 // Functions
@ -61,17 +61,23 @@ int Scm_Start_Sppsvc();
 #ifdef _WIN64
 extern ULONG_PTR __cdecl RpcRt_NdrClientCall2(
    PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING  pFormat, ...);
 extern ULONG_PTR __cdecl RpcRt_NdrClientCall3(
    MIDL_STUBLESS_PROXY_INFO* pProxyInfo, ULONG nProcNum, void* pReturnValue, ...);
 #else
-//extern ULONG_PTR __cdecl RpcRt_NdrClientCall3(
+extern ULONG_PTR __cdecl RpcRt_NdrClientCall(
-//    MIDL_STUBLESS_PROXY_INFO* pProxyInfo, ULONG nProcNum, void* pReturnValue, ULONG_PTR* Args);
+    PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING  pFormat, ULONG_PTR* Args);
 extern ULONG_PTR __cdecl RpcRt_NdrClientCall2(
    PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING  pFormat, ULONG_PTR* Args);
 extern ULONG_PTR __cdecl RpcRt_NdrClientCall4(
    PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING  pFormat, ULONG_PTR* Args);
 #endif _WIN64
@ -112,12 +118,12 @@ typedef RPC_STATUS (*P_RpcMgmtSetComTimeout)(RPC_BINDING_HANDLE Binding, unsigne
 typedef BOOL(WINAPI* P_GetModuleInformation)(_In_ HANDLE hProcess, _In_ HMODULE hModule, _Out_ LPMODULEINFO lpmodinfo, _In_ DWORD cb);
 typedef ULONG_PTR(__cdecl* P_NdrClientCallX)(
    PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING  pFormat, ...);
 typedef ULONG_PTR(__cdecl* P_NdrClientCall3)(
    MIDL_STUBLESS_PROXY_INFO* pProxyInfo, ULONG nProcNum, void* pReturnValue, ...);
 typedef ULONG_PTR(__cdecl* P_NdrClientCall2)(
    PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING  pFormat, ...);
 //---------------------------------------------------------------------------
@ -133,6 +139,7 @@ P_RpcBindingCreateW __sys_RpcBindingCreateW = NULL;
 P_RpcMgmtSetComTimeout __sys_RpcMgmtSetComTimeout = NULL;
 #define RPC_C_BINDING_TIMEOUT   4
 BOOLEAN __use_RpcMgmtSetComTimeout = FALSE;
 P_UuidToStringW __sys_UuidToStringW = NULL;
@ -141,13 +148,17 @@ P_RpcStringFreeW __sys_RpcStringFreeW = NULL;
 P_GetModuleInformation __sys_GetModuleInformation = NULL;
 #ifdef _WIN64
 P_NdrClientCallX  __sys_NdrClientCall2 = NULL;
 P_NdrClientCall3  __sys_NdrClientCall3 = NULL;
 #else
-P_NdrClientCall2  __sys_NdrClientCall2 = NULL;
+P_NdrClientCallX  __sys_NdrClientCall = NULL;
 P_NdrClientCallX  __sys_NdrClientCall2 = NULL;
 P_NdrClientCallX  __sys_NdrClientCall4 = NULL;
 #endif
 extern WCHAR* g_Ipc_DynamicPortNames[NUM_DYNAMIC_PORTS];
 BOOLEAN g_rpc_client_hooks = FALSE;
 //---------------------------------------------------------------------------
 // RpcRt_Init
@ -188,26 +199,51 @@ _FX BOOLEAN RpcRt_Init(HMODULE module)
        SBIEDLL_HOOK(RpcRt_, RpcBindingCreateW);
        if(Config_GetSettingsForImageName_bool(L"RpcMgmtSetComTimeout", TRUE))
        __sys_RpcMgmtSetComTimeout = (P_RpcMgmtSetComTimeout)Ldr_GetProcAddrNew(DllName_rpcrt4, L"RpcMgmtSetComTimeout", "RpcMgmtSetComTimeout");
        __use_RpcMgmtSetComTimeout = Config_GetSettingsForImageName_bool(L"RpcMgmtSetComTimeout", FALSE);
    }
    WCHAR   wsTraceOptions[4];
    if ((Dll_OsBuild >= 8400) // win8 and above
    && SbieApi_QueryConf(NULL, L"IpcTrace", 0, wsTraceOptions, sizeof(wsTraceOptions)) == STATUS_SUCCESS && wsTraceOptions[0] != L'\0')
    {
        g_rpc_client_hooks = TRUE;
 #ifdef _WIN64
        P_NdrClientCallX NdrClientCall2;
        NdrClientCall2 = (P_NdrClientCallX)Ldr_GetProcAddrNew(DllName_rpcrt4, L"NdrClientCall2", "NdrClientCall2");
        SBIEDLL_HOOK(RpcRt_, NdrClientCall2);
        P_NdrClientCall3 NdrClientCall3;
        NdrClientCall3 = (P_NdrClientCall3)Ldr_GetProcAddrNew(DllName_rpcrt4, L"NdrClientCall3", "NdrClientCall3");
        SBIEDLL_HOOK(RpcRt_, NdrClientCall3);
        //Ndr64AsyncServerCall64(PRPC_MESSAGE pRpcMsg)
        //Ndr64AsyncServerCallAll(PRPC_MESSAGE pRpcMsg)
        //NdrAsyncServerCall(PRPC_MESSAGE pRpcMsg)
        //NdrServerCall2(PRPC_MESSAGE pRpcMsg)
        //NdrServerCallAll(PRPC_MESSAGE pRpcMsg)
        //NdrServerCallNdr64(PRPC_MESSAGE pRpcMsg)
 #else
-        P_NdrClientCall2 NdrClientCall2;
+        P_NdrClientCallX NdrClientCall;
-        NdrClientCall2 = (P_NdrClientCall2)Ldr_GetProcAddrNew(DllName_rpcrt4, L"NdrClientCall2", "NdrClientCall2");
+        NdrClientCall = (P_NdrClientCallX)Ldr_GetProcAddrNew(DllName_rpcrt4, L"NdrClientCall", "NdrClientCall");
        SBIEDLL_HOOK(RpcRt_, NdrClientCall);
        P_NdrClientCallX NdrClientCall2;
        NdrClientCall2 = (P_NdrClientCallX)Ldr_GetProcAddrNew(DllName_rpcrt4, L"NdrClientCall2", "NdrClientCall2");
        SBIEDLL_HOOK(RpcRt_, NdrClientCall2);
        P_NdrClientCallX NdrClientCall4;
        NdrClientCall4 = (P_NdrClientCallX)Ldr_GetProcAddrNew(DllName_rpcrt4, L"NdrClientCall4", "NdrClientCall4");
        SBIEDLL_HOOK(RpcRt_, NdrClientCall4);
        //NdrAsyncServerCall(PRPC_MESSAGE pRpcMsg)
        //NdrServerCall2(PRPC_MESSAGE pRpcMsg)
        //NdrServerCall(PRPC_MESSAGE pRpcMsg)
 #endif
    }
@ -357,9 +393,6 @@ WCHAR* GetDynamicLpcPortName(ENUM_DYNAMIC_PORT_TYPE portType)
 _FX ULONG RpcRt_RpcBindingFromStringBindingW(
    const WCHAR *StringBinding, void **OutBinding)
 {
    static const WCHAR *_old =
        L"ncalrpc:[,Security=Impersonation Dynamic False]";
    //
    // printing functions in winspool.drv talk to the Spooler service
    // (process spoolsv.exe).  prior to Windows 8.1, the service was
@ -395,13 +428,19 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
        return RPC_S_INVALID_ARG;
    }
    static const WCHAR* dynamicFalse = L"ncalrpc:[,Security=Impersonation Dynamic False]";
    static const WCHAR* dynamicTrue = L"ncalrpc:[,Security=Impersonation Dynamic True]";
    BOOLEAN use_RpcMgmtSetComTimeout = __use_RpcMgmtSetComTimeout;
    ULONG_PTR pRetAddr = (ULONG_PTR)_ReturnAddress();
    WCHAR wstrPortName[DYNAMIC_PORT_NAME_CHARS];
    memset(wstrPortName, 0, sizeof(wstrPortName));
-    if (_wcsicmp(StringBinding, _old) == 0) {
+    if (_wcsicmp(StringBinding, dynamicFalse) == 0) {
        ULONG_PTR pWinSpool = (ULONG_PTR)GetModuleHandle(L"winspool.drv");
        ULONG_PTR pRetAddr = (ULONG_PTR)_ReturnAddress();
        if (RpcRt_TestCallingModule(pRetAddr, pWinSpool)) {
@ -412,10 +451,9 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
            wcscpy(wstrPortName, L"ncalrpc:[");
            wcscpy(wstrPortName + 9, pwszTempPortName);
-            wcscat(wstrPortName, _old + 9);
+            wcscat(wstrPortName, dynamicFalse + 9);
        }
    }
    else if (_wcsicmp(StringBinding, L"ncalrpc:") == 0) {
        WCHAR pwszEmpty[] = L"";
@ -423,7 +461,6 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
        ULONG_PTR hWinHttp = (ULONG_PTR)GetModuleHandle(L"WinHttp.dll");
        ULONG_PTR hBtApi = (ULONG_PTR)GetModuleHandle(L"BluetoothApis.dll");
        ULONG_PTR pRetAddr = (ULONG_PTR)_ReturnAddress();
        if (RpcRt_TestCallingModule(pRetAddr, hWinHttp))
        {
@ -446,6 +483,26 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
            wcscat(wstrPortName, L"]");
        }
    } 
    else if (_wcsicmp(StringBinding, dynamicTrue) == 0) {
        ULONG_PTR pWINNSI = (ULONG_PTR)GetModuleHandle(L"WINNSI.DLL");
        if (RpcRt_TestCallingModule(pRetAddr, pWINNSI)) {
            use_RpcMgmtSetComTimeout = FALSE;
        }
    }
    else if (_wcsicmp(StringBinding, L"0497b57d-2e66-424f-a0c6-157cd5d41700@ncalrpc:") == 0) {
        ULONG_PTR pkernel32 = (ULONG_PTR)GetModuleHandle(L"kernel32.dll");
        // kernel32.dll!AicpCreateBindingHandle
        // kernel32.dll!AicGetPackageActivationTokenForSxS
        // KernelBase.dll!CreateProcessInternalW
        // SbieDll.dll!Proc_CreateProcessInternalW_RS5
        if (RpcRt_TestCallingModule(pRetAddr, pkernel32)) {
            use_RpcMgmtSetComTimeout = TRUE;
        }
    }
    RPC_STATUS  status;
@ -456,18 +513,27 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
    {
        WCHAR msg[512];
        WCHAR* CallingModule = Trace_FindModuleByAddress((void*)pRetAddr);
        //Sbie_snwprintf(msg, 512, L"SBIE p=%06d t=%06d RpcBindingFromStringBindingW StringBinding = '%s', BindingHandle = 0x%X, status = 0x%X\n", GetCurrentProcessId(), GetCurrentThreadId(),
-        Sbie_snwprintf(msg, 512, L"StringBinding = '%s', wstrPortName = '%s', BindingHandle = 0x%X, status = 0x%08X",
+        Sbie_snwprintf(msg, 512, L"StringBinding = '%s', wstrPortName = '%s', BindingHandle = 0x%X, status = 0x%08X, timeout = %d, caller = '%s'",
-            StringBinding, wstrPortName, OutBinding, status);
+            StringBinding, wstrPortName, OutBinding, status, use_RpcMgmtSetComTimeout,
            CallingModule ? CallingModule : L"unknown");
        //OutputDebugString(msg);
        SbieApi_MonitorPut2(MONITOR_IPC | MONITOR_TRACE, msg, FALSE);
    }
-    if(__sys_RpcMgmtSetComTimeout) __sys_RpcMgmtSetComTimeout(*OutBinding, RPC_C_BINDING_TIMEOUT); 
+
    if(use_RpcMgmtSetComTimeout) __sys_RpcMgmtSetComTimeout(*OutBinding, RPC_C_BINDING_TIMEOUT);
    return status;
 }
 //---------------------------------------------------------------------------
 // RpcRt_RpcBindingCreateW
 //---------------------------------------------------------------------------
 DEFINE_GUID(
    EMPTY_UUID,
    0x00000000, 0x0000, 0x0000, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00);
@ -483,6 +549,8 @@ _FX RPC_STATUS RpcRt_RpcBindingCreateW(
    __in_opt RPC_BINDING_HANDLE_OPTIONS_V1 * Options,
    __out RPC_BINDING_HANDLE * Binding)
 {
    ULONG_PTR pRetAddr = (ULONG_PTR)_ReturnAddress();
    if ( (memcmp(&Template->ObjectUuid, &MSDTC_UUID, sizeof(GUID)) == 0) && RPC_PROTSEQ_LRPC == Template->ProtocolSequence && !Template->StringEndpoint)
    {
        Template->StringEndpoint = (unsigned short*)L"samss lpc";
@ -494,7 +562,6 @@ _FX RPC_STATUS RpcRt_RpcBindingCreateW(
    {
        ULONG_PTR hWinSCard = (ULONG_PTR)GetModuleHandle(L"WinSCard.dll");
        ULONG_PTR hResourcePolicyClient = (ULONG_PTR)GetModuleHandle(L"resourcepolicyclient.dll");
        ULONG_PTR pRetAddr = (ULONG_PTR)_ReturnAddress();
        if (RpcRt_TestCallingModule(pRetAddr, hWinSCard))
        {
@ -517,21 +584,29 @@ _FX RPC_STATUS RpcRt_RpcBindingCreateW(
        WCHAR msg[512];
        RPC_CSTR   StringUuid;
        WCHAR* CallingModule = Trace_FindModuleByAddress((void*)pRetAddr);
        __sys_UuidToStringW(&Template->ObjectUuid, &StringUuid);
        //Sbie_snwprintf(msg, 512, L"SBIE p=%06d t=%06d RpcBindingCreateW Endpoint = '%s', UUID = %s, status = 0x%X\n", GetCurrentProcessId(), GetCurrentThreadId(),
-        Sbie_snwprintf(msg, 512, L"Endpoint = '%s', UUID = %s, status = 0x%08X", 
+        Sbie_snwprintf(msg, 512, L"Endpoint = '%s', UUID = %s, status = 0x%08X, timeout = %d, caller = '%s'", 
            Template && Template->StringEndpoint ? Template->StringEndpoint : L"null",
-            StringUuid, status);
+            StringUuid, status, __use_RpcMgmtSetComTimeout,
            CallingModule ? CallingModule : L"unknown");
        __sys_RpcStringFreeW(&StringUuid);
        //OutputDebugString(msg);
        SbieApi_MonitorPut2(MONITOR_IPC | MONITOR_TRACE, msg, FALSE);
    }
-    if (__sys_RpcMgmtSetComTimeout) __sys_RpcMgmtSetComTimeout(*Binding, RPC_C_BINDING_TIMEOUT);
+    if (__use_RpcMgmtSetComTimeout) __sys_RpcMgmtSetComTimeout(*Binding, RPC_C_BINDING_TIMEOUT);
    return status;
 }
 //---------------------------------------------------------------------------
 // RpcRt_RpcStringBindingComposeW
 //---------------------------------------------------------------------------
 #define UUID_UserMgrCli L"B18FBAB6-56F8-4702-84E0-41053293A869"
 RPC_STATUS RPC_ENTRY RpcRt_RpcStringBindingComposeW(TCHAR *ObjUuid,TCHAR *ProtSeq,TCHAR *NetworkAddr,TCHAR *EndPoint,TCHAR *Options,TCHAR **StringBinding) {
@ -551,36 +626,81 @@ RPC_STATUS RPC_ENTRY RpcRt_RpcStringBindingComposeW(TCHAR *ObjUuid,TCHAR *ProtSe
    return __sys_RpcStringBindingComposeW(ObjUuid,ProtSeq,NetworkAddr,EndPoint,Options,StringBinding);
 }
 //---------------------------------------------------------------------------
 // RpcRt_NdrClientCallX
 //---------------------------------------------------------------------------
 void Sbie_StringFromGUID(const GUID* guid, WCHAR* str);
-#ifdef _WIN64
+void RpcRt_NdrClientCallX(const WCHAR* Function, void* ReturnAddress,PMIDL_STUB_DESC pStubDescriptor)
 ULONG_PTR RpcRt_NdrClientCall3_x64(
    MIDL_STUBLESS_PROXY_INFO* pProxyInfo, ULONG nProcNum, void* pReturnValue, va_list vl
 )
 {
-    void* ReturnAddress = (void*)*(__int64*)(vl - (4 * 8));
+    WCHAR text[512] = L"RpcRt_NdrClientCallX";
    __try
    {
-        PRPC_CLIENT_INTERFACE rpcInterface = (PRPC_CLIENT_INTERFACE)pProxyInfo->pStubDesc->RpcInterfaceInformation;
+        const WCHAR* CallingModule = Trace_FindModuleByAddress(ReturnAddress);
        if (!CallingModule)
            CallingModule = L"unknown";
        PRPC_CLIENT_INTERFACE rpcInterface = (PRPC_CLIENT_INTERFACE)pStubDescriptor->RpcInterfaceInformation;
        if (rpcInterface)
        {
            WCHAR interfaceID[48];
            Sbie_StringFromGUID(&rpcInterface->InterfaceId.SyntaxGUID, interfaceID);
-        WCHAR text[130];
+            Sbie_snwprintf(text, 512, L"Calling %s for interface %s}, %d.%d by %s", Function, interfaceID,
-        Sbie_snwprintf(text, 130, L"Calling NdrClientCall3 for interface %s}, %d.%d", interfaceID,
+                rpcInterface->InterfaceId.SyntaxVersion.MajorVersion, rpcInterface->InterfaceId.SyntaxVersion.MinorVersion, CallingModule);
-            rpcInterface->InterfaceId.SyntaxVersion.MajorVersion, rpcInterface->InterfaceId.SyntaxVersion.MinorVersion);
+        }
-
+        else
-        SbieApi_MonitorPut2(MONITOR_IPC | MONITOR_TRACE, text, FALSE);
+        {
            Sbie_snwprintf(text, 512, L"Calling %s by %s", Function, CallingModule);
        }
    }
    __except (EXCEPTION_EXECUTE_HANDLER) {}
    SbieApi_MonitorPut2(MONITOR_IPC | MONITOR_TRACE, text, FALSE);
 }
 #ifdef _WIN64
 ULONG_PTR RpcRt_NdrClientCall2_x64(
    PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, va_list vl)
 {
    void* ReturnAddress = (void*)*(__int64*)(vl - (3 * 8));
    RpcRt_NdrClientCallX(L"NdrClientCall2", ReturnAddress, pStubDescriptor);
    return FALSE; // return TRUE to not call the trampoline upon return
 }
 ULONG_PTR RpcRt_NdrClientCall3_x64(
    MIDL_STUBLESS_PROXY_INFO* pProxyInfo, ULONG nProcNum, void* pReturnValue, va_list vl)
 {
    void* ReturnAddress = (void*)*(__int64*)(vl - (4 * 8));
    __try {
        RpcRt_NdrClientCallX(L"NdrClientCall3", ReturnAddress, pProxyInfo->pStubDesc);
    }__except (EXCEPTION_EXECUTE_HANDLER) {}
    return FALSE; // return TRUE to not call the trampoline upon return
 }
 #else
 ULONG_PTR __cdecl RpcRt_NdrClientCall_x86(
    void* ReturnAddress,
    PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...)
 {
    //va_list vl;
    //va_start(vl, pFormat);
    RpcRt_NdrClientCallX(L"NdrClientCall", ReturnAddress, pStubDescriptor);
    //va_end(vl);
    return FALSE; // return TRUE to not call the trampoline upon return
 }
 ULONG_PTR __cdecl RpcRt_NdrClientCall2_x86(
    void* ReturnAddress,
    PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...)
@ -588,20 +708,21 @@ ULONG_PTR __cdecl RpcRt_NdrClientCall2_x86(
    //va_list vl;
    //va_start(vl, pFormat);
-    __try
+    RpcRt_NdrClientCallX(L"NdrClientCall2", ReturnAddress, pStubDescriptor);
    {
        PRPC_CLIENT_INTERFACE rpcInterface = (PRPC_CLIENT_INTERFACE)pStubDescriptor->RpcInterfaceInformation;
-        WCHAR interfaceID[48];
+    //va_end(vl);
        Sbie_StringFromGUID(&rpcInterface->InterfaceId.SyntaxGUID, interfaceID);
-        WCHAR text[130];
+    return FALSE; // return TRUE to not call the trampoline upon return
        Sbie_snwprintf(text, 130, L"Calling NdrClientCall2 for interface %s}, %d.%d", interfaceID,
            rpcInterface->InterfaceId.SyntaxVersion.MajorVersion, rpcInterface->InterfaceId.SyntaxVersion.MinorVersion);
        SbieApi_MonitorPut2(MONITOR_IPC | MONITOR_TRACE, text, FALSE);
 }
-    __except (EXCEPTION_EXECUTE_HANDLER) {}
+
 ULONG_PTR __cdecl RpcRt_NdrClientCall4_x86(
    void* ReturnAddress,
    PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...)
 {
    //va_list vl;
    //va_start(vl, pFormat);
    RpcRt_NdrClientCallX(L"NdrClientCall4", ReturnAddress, pStubDescriptor);
    //va_end(vl);
--- a/Sandboxie/core/dll/sbieapi.c
+++ b/Sandboxie/core/dll/sbieapi.c
@ -1479,6 +1479,7 @@ _FX LONG SbieApi_MonitorGetEx(
 	ULONG *SeqNum,
 	USHORT *Type,
 	ULONG64 *Pid,
    ULONG64 *Tid,
 	WCHAR *Name)                    // WCHAR [256]
 {
 	NTSTATUS status;
@ -1489,6 +1490,7 @@ _FX LONG SbieApi_MonitorGetEx(
 	args->log_seq.val64 = (ULONG64)(ULONG_PTR)SeqNum;
 	args->log_type.val64 = (ULONG64)(ULONG_PTR)Type;
 	args->log_pid.val64 = (ULONG64)(ULONG_PTR)Pid;
    args->log_tid.val64 = (ULONG64)(ULONG_PTR)Tid;
 	args->log_len.val64 = 256 * sizeof(WCHAR);
 	args->log_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
 	status = SbieApi_Ioctl(parms);
--- a/Sandboxie/core/dll/sbieapi.h
+++ b/Sandboxie/core/dll/sbieapi.h
@ -215,6 +215,7 @@ LONG SbieApi_MonitorGetEx(
 	ULONG *SeqNum,
 	USHORT *Type,
 	ULONG64 *Pid,
    ULONG64 *Tid,
 	WCHAR *Name);                   // WCHAR [256]
--- a/Sandboxie/core/dll/sbiedll.h
+++ b/Sandboxie/core/dll/sbiedll.h
@ -204,6 +204,8 @@ SBIEDLL_EXPORT  BOOLEAN SbieDll_MatchImage(const WCHAR* pat_str, const WCHAR* te
 SBIEDLL_EXPORT  BOOLEAN SbieDll_CheckStringInList(const WCHAR* string, const WCHAR* boxname, const WCHAR* setting);
 SBIEDLL_EXPORT  BOOLEAN SbieDll_GetBorderColor(const WCHAR* box_name, COLORREF* color, BOOL* title, int* width);
 //---------------------------------------------------------------------------
--- a/Sandboxie/core/dll/secure.c
+++ b/Sandboxie/core/dll/secure.c
@ -1220,6 +1220,13 @@ extern ULONG_PTR __cdecl Secure_NdrAsyncClientCall(
 #endif _WIN64
 #ifdef _WIN64
 BOOLEAN __cdecl Secure_CheckElevation64(
    PVOID* pProxyInfo, ULONG nProcNum, void* pReturnValue, va_list vl);
 #endif _WIN64
 BOOLEAN __cdecl Secure_CheckElevation(
    void *ReturnAddressFromNdrAsyncClientCall,
    void *pStubDescriptor, void *pFormat, SECURE_UAC_ARGS *Args);
@ -1302,6 +1309,12 @@ _FX BOOLEAN Secure_Init_Elevation(HMODULE module)
    SBIEDLL_HOOK(Secure_,Ndr64AsyncClientCall);
    //NdrAsyncClientCall(PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...)
    //Ndr64AsyncClientCall(MIDL_STUBLESS_PROXY_INFO* pProxyInfo, unsigned int nProcNum, void* pReturnValue, ...) <- hook
    //NdrDcomAsyncClientCall(PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...)
    //Ndr64DcomAsyncClientCall(MIDL_STUBLESS_PROXY_INFO* pProxyInfo, unsigned int nProcNum, void* pReturnValue, ...)
 #else ! _WIN64
    NdrAsyncClientCall = (P_NdrAsyncClientCall)
@ -1309,6 +1322,12 @@ _FX BOOLEAN Secure_Init_Elevation(HMODULE module)
    SBIEDLL_HOOK(Secure_,NdrAsyncClientCall);
    //NdrAsyncClientCall(PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...) <- hook
    //NdrAsyncClientCall2(PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...) -> NdrAsyncClientCall
    //NdrDcomAsyncClientCall(PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...)
    //NdrDcomAsyncClientCall2(PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...)->NdrDcomAsyncClientCall
 #endif _WIN64
    SBIEDLL_HOOK(Secure_,RpcAsyncCompleteCall);
@ -1321,11 +1340,38 @@ _FX BOOLEAN Secure_Init_Elevation(HMODULE module)
 // Secure_CheckElevation
 //---------------------------------------------------------------------------
 #ifdef _WIN64
 ALIGNED BOOLEAN __cdecl Secure_CheckElevation64(
    PVOID* pProxyInfo, ULONG nProcNum, void* pReturnValue, va_list vl)
 {
    void* ReturnAddress = NULL;
    void* pStubDescriptor = NULL;
    __try {
        ReturnAddress = *(__int64**)(vl - (4 * 8));
        pStubDescriptor = *pProxyInfo;
    } __except (EXCEPTION_EXECUTE_HANDLER) {}
    return Secure_CheckElevation(ReturnAddress, pStubDescriptor, NULL, vl);
 }
 #endif _WIN64
 extern BOOLEAN g_rpc_client_hooks;
 void RpcRt_NdrClientCallX(const WCHAR* Function, void* ReturnAddress, VOID* pStubDescriptor);
 ALIGNED BOOLEAN __cdecl Secure_CheckElevation(
    void *ReturnAddressFromNdrAsyncClientCall,
    void *pStubDescriptor, void *pFormat, SECURE_UAC_ARGS *Args)
 {
    if (g_rpc_client_hooks) {
 #ifdef _WIN64
        RpcRt_NdrClientCallX(L"Ndr64AsyncClientCall", ReturnAddressFromNdrAsyncClientCall, pStubDescriptor);
 #else
        RpcRt_NdrClientCallX(L"NdrAsyncClientCall", ReturnAddressFromNdrAsyncClientCall, pStubDescriptor);
 #endif
    }
    static UCHAR elevation_binding_1[16] = {
        0x9A, 0xF9, 0x1E, 0x20, 0xA0, 0x7F, 0x4C, 0x44,
        0x93, 0x99, 0x19, 0xBA, 0x84, 0xF1, 0x2A, 0x1A };
--- a/Sandboxie/core/dll/setup.c
+++ b/Sandboxie/core/dll/setup.c
@ -34,6 +34,21 @@
 static ULONG Setup_VerifyCatalogFile(const WCHAR *CatalogFullPath);
 /*static BOOL Setup_SetupDiCallClassInstaller(
    _In_ DI_FUNCTION InstallFunction,
    _In_ HDEVINFO DeviceInfoSet,
    _In_opt_ PSP_DEVINFO_DATA DeviceInfoData);*/
 /*static BOOL Setup_SetupDiRemoveDevice(
    HDEVINFO         DeviceInfoSet,
    PSP_DEVINFO_DATA DeviceInfoData);*/
 /*static BOOL Setup_DiUninstallDriverW(
    HWND    hwndParent,
    LPCWSTR InfPath,
    DWORD   Flags,
    PBOOL   NeedReboot);*/
 static ULONG Setup_CM_Add_Driver_PackageW(
    ULONG_PTR Unknown1, ULONG_PTR Unknown2, ULONG_PTR Unknown3,
    ULONG_PTR Unknown4, ULONG_PTR Unknown5, ULONG_PTR Unknown6,
@ -46,12 +61,38 @@ static ULONG Setup_CM_Add_Driver_Package_ExW(
    ULONG_PTR Unknown7, ULONG_PTR Unknown8, ULONG_PTR Unknown9,
    ULONG_PTR Unknown10, ULONG_PTR Unknown11);
 /*static ULONG Setup_CM_Query_And_Remove_SubTreeW(
    PVOID          dnAncestor, // DEVINST
    PVOID          pVetoType, // PPNP_VETO_TYPE
    LPWSTR         pszVetoName,
    ULONG          ulNameLength,
    ULONG          ulFlags);*/
 /*static ULONG Setup_CM_Uninstall_DevNode(
    PVOID   dnDevInst, // DEVNODE
    ULONG   ulFlags);*/
 //---------------------------------------------------------------------------
 typedef ULONG (*P_VerifyCatalogFile)(const WCHAR *CatalogFullPath);
 /*typedef BOOL (*P_SetupDiCallClassInstaller)(
    _In_ DI_FUNCTION InstallFunction,
    _In_ HDEVINFO DeviceInfoSet,
    _In_opt_ PSP_DEVINFO_DATA DeviceInfoData);*/
 /*typedef BOOL (*P_SetupDiRemoveDevice)(
    HDEVINFO         DeviceInfoSet,
    PSP_DEVINFO_DATA DeviceInfoData);*/
 /*typedef BOOL (*P_DiUninstallDriverW)(
    HWND    hwndParent,
    LPCWSTR InfPath,
    DWORD   Flags,
    PBOOL   NeedReboot);*/
 typedef ULONG (*P_CM_Add_Driver_PackageW)(
    ULONG_PTR Unknown1, ULONG_PTR Unknown2, ULONG_PTR Unknown3,
    ULONG_PTR Unknown4, ULONG_PTR Unknown5, ULONG_PTR Unknown6,
@ -64,15 +105,31 @@ typedef ULONG (*P_CM_Add_Driver_Package_ExW)(
    ULONG_PTR Unknown7, ULONG_PTR Unknown8, ULONG_PTR Unknown9,
    ULONG_PTR Unknown10, ULONG_PTR Unknown11);
 /*typedef ULONG (*P_CM_Query_And_Remove_SubTreeW)(
    PVOID          dnAncestor, // DEVINST
    PVOID          pVetoType, // PPNP_VETO_TYPE
    LPWSTR         pszVetoName,
    ULONG          ulNameLength,
    ULONG          ulFlags);*/
 /*typedef ULONG (*P_CM_Uninstall_DevNode)(
    PVOID   dnDevInst, // DEVNODE
    ULONG   ulFlags);*/
 //---------------------------------------------------------------------------
 static P_VerifyCatalogFile              __sys_VerifyCatalogFile = NULL;
 //static P_SetupDiCallClassInstaller      __sys_SetupDiCallClassInstaller = NULL;
 //static P_SetupDiRemoveDevice            __sys_SetupDiRemoveDevice = NULL;
 //static P_DiUninstallDriverW     __sys_DiUninstallDriverW = NULL;
 static P_CM_Add_Driver_PackageW     __sys_CM_Add_Driver_PackageW    = NULL;
 static P_CM_Add_Driver_Package_ExW  __sys_CM_Add_Driver_Package_ExW = NULL;
 //static P_CM_Query_And_Remove_SubTreeW __sys_CM_Query_And_Remove_SubTreeW = NULL;
 //static P_CM_Uninstall_DevNode       __sys_CM_Uninstall_DevNode = NULL;
 //---------------------------------------------------------------------------
 // Defines for initialization
@ -103,9 +160,12 @@ static P_CM_Add_Driver_Package_ExW  __sys_CM_Add_Driver_Package_ExW = NULL;
 _FX BOOLEAN Setup_Init_SetupApi(HMODULE module)
 {
    FIND_EP(VerifyCatalogFile);
    //FIND_EP(SetupDiCallClassInstaller);
    //FIND_EP(SetupDiRemoveDevice);
    DO_CALL_HOOK(VerifyCatalogFile,Setup_VerifyCatalogFile);
-
+    //DO_CALL_HOOK(SetupDiCallClassInstaller,Setup_SetupDiCallClassInstaller);
    //DO_CALL_HOOK(SetupDiRemoveDevice, Setup_SetupDiRemoveDevice);
    return TRUE;
 }
@ -127,6 +187,57 @@ _FX ULONG Setup_VerifyCatalogFile(const WCHAR *CatalogFullPath)
 }
 //---------------------------------------------------------------------------
 // Setup_SetupDiCallClassInstaller
 //---------------------------------------------------------------------------
 /*_FX BOOL Setup_SetupDiCallClassInstaller(
    _In_ DI_FUNCTION InstallFunction,
    _In_ HDEVINFO DeviceInfoSet,
    _In_opt_ PSP_DEVINFO_DATA DeviceInfoData)
 {
    return __sys_SetupDiCallClassInstaller(InstallFunction, DeviceInfoSet, DeviceInfoData);
 }*/
 //---------------------------------------------------------------------------
 // Setup_SetupDiRemoveDevice
 //---------------------------------------------------------------------------
 /*static BOOL Setup_SetupDiRemoveDevice(
    HDEVINFO         DeviceInfoSet,
    PSP_DEVINFO_DATA DeviceInfoData)
 {
    return TRUE;
 }*/
 //---------------------------------------------------------------------------
 // Setup_Init_NewDev
 //---------------------------------------------------------------------------
 /*_FX BOOLEAN Setup_Init_NewDev(HMODULE module)
 {
    FIND_EP(DiUninstallDriverW);
    DO_CALL_HOOK(DiUninstallDriverW,Setup_DiUninstallDriverW);
    return TRUE;
 }
 static BOOL Setup_DiUninstallDriverW(
    HWND    hwndParent,
    LPCWSTR InfPath,
    DWORD   Flags,
    PBOOL   NeedReboot)
 {
    return TRUE;
 }*/
 //---------------------------------------------------------------------------
 // Setup_Init_CfgMgr32
 //---------------------------------------------------------------------------
@ -136,7 +247,9 @@ _FX BOOLEAN Setup_Init_CfgMgr32(HMODULE module)
 {
    FIND_EP(CM_Add_Driver_PackageW);
    FIND_EP(CM_Add_Driver_Package_ExW);
-
+    // Note: When the Add_Driver_Package is not hooked it will atempt to contact the deviceinstall service,
    // which uses a dynamic rpc port, heence as long as there is no blank OpenIpcPath=* this call will fail
    // We hook these two functions only to provide the user a SBIE2205 informing, that drivers cant be installed.
    if (__sys_CM_Add_Driver_PackageW) {
        DO_CALL_HOOK(
            CM_Add_Driver_PackageW,Setup_CM_Add_Driver_PackageW);
@ -146,6 +259,19 @@ _FX BOOLEAN Setup_Init_CfgMgr32(HMODULE module)
            CM_Add_Driver_Package_ExW,Setup_CM_Add_Driver_Package_ExW);
    }
    //FIND_EP(CM_Query_And_Remove_SubTreeW);
    //FIND_EP(CM_Uninstall_DevNode);
    // Note: most of the CM_ functions use the "\Device\DeviceApi\CMApi" device/file for communication,
    // these requests are filtered by the driver and we let them silently fail.
    /*if (__sys_CM_Query_And_Remove_SubTreeW) {
        DO_CALL_HOOK(
            CM_Query_And_Remove_SubTreeW,Setup_CM_Query_And_Remove_SubTreeW);
    }*/
    /*if (__sys_CM_Uninstall_DevNode) {
        DO_CALL_HOOK(
            CM_Uninstall_DevNode,Setup_CM_Uninstall_DevNode);
    }*/
    return TRUE;
 }
@ -180,3 +306,34 @@ _FX ULONG Setup_CM_Add_Driver_Package_ExW(
    SbieApi_Log(2205, L"CM Add Driver Package Ex");
    return 0;
 }
 //---------------------------------------------------------------------------
 // Setup_CM_Add_Driver_Package_ExW
 //---------------------------------------------------------------------------
 /*static ULONG Setup_CM_Query_And_Remove_SubTreeW(
    PVOID          dnAncestor, // DEVINST
    PVOID          pVetoType, // PPNP_VETO_TYPE
    LPWSTR         pszVetoName,
    ULONG          ulNameLength,
    ULONG          ulFlags)
 {
    return __sys_CM_Query_And_Remove_SubTreeW(dnAncestor, pVetoType, pszVetoName, ulNameLength, ulFlags);
 }*/
 //---------------------------------------------------------------------------
 // Setup_CM_Add_Driver_Package_ExW
 //---------------------------------------------------------------------------
 /*static ULONG Setup_CM_Uninstall_DevNode(
    PVOID   dnDevInst, // DEVNODE
    ULONG   ulFlags)
 {
    LONG ret = __sys_CM_Uninstall_DevNode(dnDevInst, ulFlags);
    return ret;
 }*/
--- a/Sandboxie/core/dll/sh.c
+++ b/Sandboxie/core/dll/sh.c
@ -31,7 +31,7 @@
 #include "common/win32_ntddk.h"
 #include "common/my_shlwapi.h"
 #include "msgs/msgs.h"
-
+#include "gui_p.h"
 //---------------------------------------------------------------------------
 // Functions
@ -46,6 +46,9 @@ static HKEY SbieDll_AssocQueryKeyWow64(const WCHAR *subj);
 static BOOL SH32_ShellExecuteExW(SHELLEXECUTEINFOW *lpExecInfo);
 static BOOL SH32_Shell_NotifyIconW(
    DWORD dwMessage, PNOTIFYICONDATAW lpData);
 static WCHAR *SbieDll_AssocQueryCommandInternal(
    const WCHAR *subj, const WCHAR *verb);
@ -80,6 +83,9 @@ static ULONG SH_WindowMonitorThread(void *lpParameter);
 typedef BOOL (*P_ShellExecuteEx)(
    void *lpExecInfo);
 typedef BOOL (*P_Shell_NotifyIconW)(
    DWORD dwMessage, PNOTIFYICONDATAW lpData);
 typedef ULONG (*P_SHChangeNotifyRegister)(
    HWND hwnd, int fSources, LONG fEvents, UINT wMsg,
    int cEntries, SHChangeNotifyEntry *pfsne);
@ -104,6 +110,8 @@ typedef HRESULT (*P_SHGetFolderLocation)(
 static P_ShellExecuteEx         __sys_ShellExecuteExW               = NULL;
 static P_Shell_NotifyIconW      __sys_Shell_NotifyIconW             = NULL;
 static P_SHChangeNotifyRegister __sys_SHChangeNotifyRegister        = NULL;
 static P_SHOpenFolderAndSelectItems
@ -403,6 +411,159 @@ _FX BOOL SH32_ShellExecuteExW(SHELLEXECUTEINFOW *lpExecInfo)
 }
 //---------------------------------------------------------------------------
 // SH32_BornderToIcon
 //---------------------------------------------------------------------------
 HICON SH32_BorderToIcon(HICON hIcon, COLORREF color)
 {
    typedef HDC(*P_GetDC)(HWND hWnd);
    typedef int(*P_ReleaseDC)(HWND hWnd, HDC hDC);
    typedef BOOL(*P_GetIconInfo)(HICON hIcon, PICONINFO piconinfo);
    typedef HICON(*P_CreateIconIndirect)(PICONINFO piconinfo);
    typedef HDC(*P_CreateCompatibleDC)(HDC hdc);
    typedef HGDIOBJ(*P_SelectObject)(HDC hdc, HGDIOBJ h);
    typedef COLORREF(*P_GetPixel)(HDC hdc, int x, int y);
    typedef COLORREF(*P_SetPixel)(HDC hdc, int x, int y, COLORREF color);
    typedef BOOL(*P_DeleteObject)(HGDIOBJ ho);
    typedef BOOL(*P_DeleteDC)(HDC hdc);
 #define GET_WIN_API(name, lib) \
    P_##name name = Ldr_GetProcAddrNew(lib, #name, #name); \
    if(!name) return NULL;
    GET_WIN_API(GetDC, DllName_user32);
    GET_WIN_API(ReleaseDC, DllName_user32);
    GET_WIN_API(GetIconInfo, DllName_user32);
    GET_WIN_API(CreateIconIndirect, DllName_user32);
    GET_WIN_API(CreateCompatibleDC, DllName_gdi32);
    GET_WIN_API(SelectObject, DllName_gdi32);
    GET_WIN_API(GetPixel, DllName_gdi32);
    GET_WIN_API(SetPixel, DllName_gdi32);
    GET_WIN_API(DeleteObject, DllName_gdi32);
    GET_WIN_API(DeleteDC, DllName_gdi32);
    HICON       hNewIcon = NULL;
    HDC         hMainDC = NULL, hMemDC1 = NULL, hMemDC3 = NULL;
    HBITMAP     hOldBmp1 = NULL, hOldBmp3 = NULL;
    ICONINFO    csII;
    if (!GetIconInfo(hIcon, &csII)) return NULL;
    hMainDC = GetDC(NULL);
    hMemDC1 = CreateCompatibleDC(hMainDC);
    hMemDC3 = CreateCompatibleDC(hMainDC);
    if (hMainDC == NULL || hMemDC1 == NULL || hMemDC3 == NULL) return NULL;
    DWORD   dwWidth = csII.xHotspot * 2;
    DWORD   dwHeight = csII.yHotspot * 2;
    hOldBmp1 = (HBITMAP)SelectObject(hMemDC1, csII.hbmColor);
    hOldBmp3 = (HBITMAP)SelectObject(hMemDC3, csII.hbmMask);
    DWORD    dwLoopY = 0, dwLoopX = 0;
    COLORREF crPixel = 0;
    for (dwLoopY = 0; dwLoopY < dwHeight; dwLoopY++)
    {
        for (dwLoopX = 0; dwLoopX < dwWidth; dwLoopX++)
        {
            crPixel = GetPixel(hMemDC1, dwLoopX, dwLoopY);
            if (dwLoopY == 0 || dwLoopX == 0 || dwLoopY + 1 == dwHeight || dwLoopX + 1 == dwWidth)
                crPixel = color; // RGB(255, 255, 0);
            SetPixel(hMemDC1, dwLoopX, dwLoopY, crPixel);
            crPixel = GetPixel(hMemDC3, dwLoopX, dwLoopY);
            if (dwLoopY == 0 || dwLoopX == 0 || dwLoopY + 1 == dwHeight || dwLoopX + 1 == dwWidth)
                crPixel = 0;
            SetPixel(hMemDC3, dwLoopX, dwLoopY, crPixel);
        }
    }
    SelectObject(hMemDC1, hOldBmp1);
    SelectObject(hMemDC3, hOldBmp3);
    hNewIcon = CreateIconIndirect(&csII);
    DeleteObject(csII.hbmColor);
    DeleteObject(csII.hbmMask);
    DeleteDC(hMemDC1);
    DeleteDC(hMemDC3);
    ReleaseDC(NULL, hMainDC);
    return hNewIcon;
 }
 //---------------------------------------------------------------------------
 // SH32_Shell_NotifyIconW
 //---------------------------------------------------------------------------
 _FX BOOL SH32_Shell_NotifyIconW(
    DWORD dwMessage, PNOTIFYICONDATAW lpData)
 {
    BOOL ret;
    HICON icon = NULL;
    if (dwMessage == NIM_ADD || dwMessage == NIM_MODIFY)
    {
        if (!Gui_DisableTitle && lpData && lpData->cbSize >= sizeof(PNOTIFYICONDATAW))
        {
            ULONG len = wcslen(lpData->szTip);
            if (Gui_BoxNameTitleLen != 0 && (len + Gui_BoxNameTitleLen + 2) <= 127)
            {
                wmemmove(lpData->szTip + Gui_BoxNameTitleLen + 2, lpData->szTip, len + 1);
                wmemcpy(lpData->szTip, Gui_BoxNameTitleW, Gui_BoxNameTitleLen);
                wmemcpy(lpData->szTip + Gui_BoxNameTitleLen, L"\r\n", 2);
            }
            else
            {
                if (len + 8 > 127) {
                    lpData->szTip[127 - 8 - 3] = L'\0';
                    wcscat(lpData->szTip, L"...");
                    len = 127 - 8;
                }
                wmemmove(lpData->szTip + 4, lpData->szTip, len + 1);
                wmemcpy(lpData->szTip, L"[#] ", 4);
                wcscat(lpData->szTip, L" [#]");
            }
        }
        COLORREF color;
        if (SbieDll_GetBorderColor(NULL, &color, NULL, NULL))
        {
            HICON newIcon = SH32_BorderToIcon(lpData->hIcon, color);
            if (newIcon) {
                icon = lpData->hIcon;
                lpData->hIcon = newIcon;
            }
        }
    }
    ret = __sys_Shell_NotifyIconW(dwMessage, lpData);
    if (icon) 
    {
        typedef BOOL(*P_DestroyIcon)(HICON hIcon);
        P_DestroyIcon DestroyIcon = Ldr_GetProcAddrNew(DllName_user32, L"DestroyIcon", "DestroyIcon");
        DestroyIcon(lpData->hIcon);
        lpData->hIcon = icon;
    }
    return ret;
 }
 //---------------------------------------------------------------------------
 // SH32_SHChangeNotifyRegister
 //---------------------------------------------------------------------------
@ -789,6 +950,7 @@ _FX NTSTATUS SH32_LdrGetDllHandleEx(
 _FX BOOLEAN SH32_Init(HMODULE module)
 {
    P_ShellExecuteEx ShellExecuteExW;
    P_Shell_NotifyIconW Shell_NotifyIconW;
    P_SHChangeNotifyRegister SHChangeNotifyRegister;
    void *SHGetItemFromObject;
    P_SHOpenFolderAndSelectItems SHOpenFolderAndSelectItems;
@ -806,6 +968,9 @@ _FX BOOLEAN SH32_Init(HMODULE module)
    ShellExecuteExW = (P_ShellExecuteEx)
        GetProcAddress(module, "ShellExecuteExW");
    Shell_NotifyIconW = (P_Shell_NotifyIconW)
        GetProcAddress(module, "Shell_NotifyIconW");
    SHChangeNotifyRegister = (P_SHChangeNotifyRegister)
        GetProcAddress(module, "SHChangeNotifyRegister");
@ -816,6 +981,8 @@ _FX BOOLEAN SH32_Init(HMODULE module)
    SBIEDLL_HOOK(SH32_,ShellExecuteExW);
    SBIEDLL_HOOK(SH32_,Shell_NotifyIconW);
    if (SHChangeNotifyRegister && SHGetItemFromObject) {
        //
--- a/Sandboxie/core/dll/taskbar.c
+++ b/Sandboxie/core/dll/taskbar.c
@ -377,6 +377,24 @@ _FX BOOLEAN Taskbar_ShouldOverrideAppUserModelId(void)
 // Taskbar_SetCurrentProcessExplicitAppUserModelID
 //---------------------------------------------------------------------------
 _FX HRESULT Taskbar_SetCurrentProcessExplicitAppUserModelID_hack(
    const WCHAR* AppId)
 {
    // ToDo
    // Fix-Me: BUG when ProcessParms->WindowTitle is already set LocalFree 
    // performed by SetCurrentProcessExplicitAppUserModelID crashes, WTF why?!
    //
    // To work around this issue, we clear the flag that indicates this value being set
    // this way we trade a memory leak for an crash
    //
    // HACK ALERT! if we clear 0x5000 the WindowTitle buffer will not be freed
    RTL_USER_PROCESS_PARAMETERS* ProcessParms = Proc_GetRtlUserProcessParameters();
    ProcessParms->WindowFlags &= ~0x5000;
    return __sys_SetCurrentProcessExplicitAppUserModelID(AppId);
 }
 _FX HRESULT Taskbar_SetCurrentProcessExplicitAppUserModelID(
    const WCHAR *AppId)
@ -385,7 +403,9 @@ _FX HRESULT Taskbar_SetCurrentProcessExplicitAppUserModelID(
    WCHAR *NewId;
    if (! Taskbar_ShouldOverrideAppUserModelId())
-        return __sys_SetCurrentProcessExplicitAppUserModelID(AppId);
+        return Taskbar_SetCurrentProcessExplicitAppUserModelID_hack(AppId);
    hr = E_FAIL;
    if (Taskbar_SavedAppUserModelId) {
        Dll_Free(Taskbar_SavedAppUserModelId);
@ -399,14 +419,14 @@ _FX HRESULT Taskbar_SetCurrentProcessExplicitAppUserModelID(
        wmemcpy(Taskbar_SavedAppUserModelId, AppId, len + 1);
        NewId = Taskbar_CreateAppUserModelId(AppId);
        if (NewId == NULL)
            return hr;
-    } else
+        hr = Taskbar_SetCurrentProcessExplicitAppUserModelID_hack(NewId);
        NewId = NULL;
-    hr = __sys_SetCurrentProcessExplicitAppUserModelID(NewId);
+        if (NewId != AppId)
    if (NewId && NewId != AppId)
            Dll_Free(NewId);
    }   
    return hr;
 }
--- a/Sandboxie/core/dll/trace.c
+++ b/Sandboxie/core/dll/trace.c
@ -19,9 +19,8 @@
 // Trace Helper
 //---------------------------------------------------------------------------
 #include "trace.h"
 #include "dll.h"
 #include "trace.h"
 //---------------------------------------------------------------------------
@ -70,9 +69,11 @@ _FX int Trace_Init(void)
    // intercept NTDLL entry points
    //
    if (SbieApi_QueryConfBool(NULL, L"ErrorTrace", FALSE)) {
        RtlSetLastWin32Error = (P_RtlSetLastWin32Error)
            GetProcAddress(Dll_Ntdll, "RtlSetLastWin32Error");
        SBIEDLL_HOOK(Trace_, RtlSetLastWin32Error);
    }
    //
    // intercept KERNEL32 entry points
@ -132,3 +133,40 @@ ALIGNED void Trace_OutputDebugStringA(const UCHAR *strA)
    __sys_OutputDebugStringA(strA);
 }
 //---------------------------------------------------------------------------
 // Trace_FindModuleByAddress
 //---------------------------------------------------------------------------
 #include "../../common/my_xeb.h"
 WCHAR* Trace_FindModuleByAddress(void* address)
 {
    WCHAR* found = NULL;
    PLIST_ENTRY Head, Next;
    PLDR_DATA_TABLE_ENTRY Entry;
    PPEB peb = (PPEB)NtCurrentPeb();
    EnterCriticalSection((PRTL_CRITICAL_SECTION)peb->LoaderLock);
    Head = &peb->Ldr->InLoadOrderModuleList;
    Next = Head->Flink;
    while (Next != Head)
    {
        Entry = CONTAINING_RECORD(Next, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
        if (Entry->DllBase < address && (UINT_PTR)Entry->DllBase + Entry->SizeOfImage > (UINT_PTR)address)
        {
            found = Entry->BaseDllName.Buffer;
            break;
        }
        Next = Next->Flink;
    }
    LeaveCriticalSection((PRTL_CRITICAL_SECTION)peb->LoaderLock);
    return found;
 }
--- a/Sandboxie/core/dll/trace.h
+++ b/Sandboxie/core/dll/trace.h
@ -29,6 +29,8 @@
 int Trace_Init(void);
 WCHAR* Trace_FindModuleByAddress(void* address);
 //---------------------------------------------------------------------------
--- a/Sandboxie/core/dll/util_32.asm
+++ b/Sandboxie/core/dll/util_32.asm
@ -224,6 +224,33 @@ Gui_MsgWaitForMultipleObjects@20    ENDP
 PUBLIC C Gui_MsgWaitForMultipleObjects@20
 ;----------------------------------------------------------------------------
 ; RpcRt_NdrClientCall
 ;----------------------------------------------------------------------------
 EXTERN C RpcRt_NdrClientCall_x86    : PROC
 ;EXTERN C RpcRt_NdrClientCall_...   : PROC
 EXTERN C __sys_NdrClientCall : DWORD
 RpcRt_NdrClientCall   PROC C PUBLIC
        call RpcRt_NdrClientCall_x86
        test al,al
        jnz CancelCall
        jmp dword ptr [__sys_NdrClientCall]
 CancelCall:
 ;        jmp RpcRt_NdrClientCall_...
 		ret
 RpcRt_NdrClientCall   ENDP
 PUBLIC C RpcRt_NdrClientCall
 ;----------------------------------------------------------------------------
 ; RpcRt_NdrClientCall2
 ;----------------------------------------------------------------------------
@ -237,11 +264,11 @@ RpcRt_NdrClientCall2   PROC C PUBLIC
        call RpcRt_NdrClientCall2_x86
        test al,al
-        jnz CancelCall
+        jnz CancelCall2
        jmp dword ptr [__sys_NdrClientCall2]
-CancelCall:
+CancelCall2:
 ;        jmp RpcRt_NdrClientCall2_...
 		ret
@ -250,3 +277,29 @@ RpcRt_NdrClientCall2   ENDP
 PUBLIC C RpcRt_NdrClientCall2
 ;----------------------------------------------------------------------------
 ; RpcRt_NdrClientCall4
 ;----------------------------------------------------------------------------
 EXTERN C RpcRt_NdrClientCall4_x86    : PROC
 ;EXTERN C RpcRt_NdrClientCall4_...   : PROC
 EXTERN C __sys_NdrClientCall4 : DWORD
 RpcRt_NdrClientCall4   PROC C PUBLIC
        call RpcRt_NdrClientCall4_x86
        test al,al
        jnz CancelCall4
        jmp dword ptr [__sys_NdrClientCall4]
 CancelCall4:
 ;        jmp RpcRt_NdrClientCall4_...
 		ret
 RpcRt_NdrClientCall4   ENDP
 PUBLIC C RpcRt_NdrClientCall4
--- a/Sandboxie/core/dll/util_64.asm
+++ b/Sandboxie/core/dll/util_64.asm
@ -81,7 +81,7 @@ ProtectCall4            ENDP
 ; Secure_Ndr64AsyncClientCall
 ;----------------------------------------------------------------------------
-EXTERN Secure_CheckElevation      : PROC
+EXTERN Secure_CheckElevation64    : PROC
 EXTERN Secure_HandleElevation     : PROC
 EXTERN __sys_Ndr64AsyncClientCall : QWORD
@ -94,11 +94,12 @@ Secure_Ndr64AsyncClientCall PROC
    mov [rax+4*8],r9    ; spill first variadic parameter
    sub rsp,8+(4*8)
-    xor rcx,rcx     ; clear ReturnAddressFromNdrAsyncClientCall
+;;    xor rcx,rcx     ; clear pProxyInfo
-    xor rdx,rdx     ; clear pStubDescriptor
+;;    xor rdx,rdx     ; clear nProcNum
-    xor r8,r8       ; clear pFormat
+;;    xor r8,r8       ; clear pReturnValue
 ;	mov r8,[rsp + 8+(4*8)]			; return poitner
    lea r9,[rsp + 8+(4*8) + 4*8]    ; setup Args -> SECURE_UAC_ARGS
-    call Secure_CheckElevation
+    call Secure_CheckElevation64
        test al,al
        jnz WeHandleElevation
@ -191,6 +192,56 @@ l02:    ret
 Gui_FixupCallbackPointers   ENDP
 ;----------------------------------------------------------------------------
 ; RpcRt_NdrClientCall2
 ;----------------------------------------------------------------------------
 EXTERN RpcRt_NdrClientCall2_x64      : PROC
 ;EXTERN Secure_HandleElevation     : PROC
 EXTERN __sys_NdrClientCall2 : QWORD
 RpcRt_NdrClientCall2 PROC
    mov rax,rsp
    mov [rax+1*8],rcx   ; spill pStubDescriptor
    mov [rax+2*8],rdx   ; spill pFormat
    mov [rax+3*8],r8    ; spill first variadic parameter
    mov [rax+4*8],r9    ; spill second variadic parameter
    sub rsp,8+(4*8)
 ;;    xor rcx,rcx     ; clear pStubDescriptor
 ;;    xor rdx,rdx     ; clear pFormat
 ;	mov r8,[rsp + 8+(4*8)]			; return poitner
    lea r8,[rsp + 8+(4*8) + 3*8]    ; Args
    call RpcRt_NdrClientCall2_x64
    test al,al
    jnz CancelCall2
    lea rax,[rsp+8+(4*8)]
    mov rcx,[rax+1*8]   ; restore pStubDescriptor
    mov rdx,[rax+2*8]   ; restore pFormat
    mov r8,[rax+3*8]    ; restore first variadic parameter
    mov r9,[rax+4*8]    ; restore second variadic parameter
    add rsp,8+(4*8)
    jmp [__sys_NdrClientCall2]
 CancelCall2:
 ;;;    xor rcx,rcx     ; clear pProxyInfo
 ;;;    xor rdx,rdx     ; clear nProcNum
 ;;;    xor r8,r8       ; clear pReturnValue
 ;;	 mov r8,[rsp + 8+(4*8)]			 ; return poitner
 ;    lea r8,[rsp + 8+(4*8) + 3*8]    ; Args
 ;    call RpcRt_NdrClientCall2_...
    add rsp,8+(4*8)
    ret
 RpcRt_NdrClientCall2 ENDP
 ;----------------------------------------------------------------------------
 ; RpcRt_NdrClientCall3
 ;----------------------------------------------------------------------------
@ -216,7 +267,7 @@ RpcRt_NdrClientCall3 PROC
    lea r9,[rsp + 8+(4*8) + 4*8]    ; Args
    call RpcRt_NdrClientCall3_x64
    test al,al
-    jnz CancelCall
+    jnz CancelCall3
    lea rax,[rsp+8+(4*8)]
    mov rcx,[rax+1*8]   ; restore pProxyInfo
@ -227,7 +278,7 @@ RpcRt_NdrClientCall3 PROC
    add rsp,8+(4*8)
    jmp [__sys_NdrClientCall3]
-CancelCall:
+CancelCall3:
 ;;;    xor rcx,rcx     ; clear pProxyInfo
 ;;;    xor rdx,rdx     ; clear nProcNum
--- a/Sandboxie/core/drv/SboxDrv.vcxproj
+++ b/Sandboxie/core/drv/SboxDrv.vcxproj
@ -285,6 +285,12 @@
    <ClCompile Include="dll.c" />
    <ClCompile Include="driver.c" />
    <ClCompile Include="file.c" />
    <ClCompile Include="file_ctrl.c">
      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">true</ExcludedFromBuild>
      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">true</ExcludedFromBuild>
      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">true</ExcludedFromBuild>
    </ClCompile>
    <ClCompile Include="file_flt.c">
      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">true</ExcludedFromBuild>
      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
@ -321,6 +327,7 @@
    <ClCompile Include="ipc.c" />
    <ClCompile Include="ipc_lsa.c" />
    <ClCompile Include="ipc_port.c" />
    <ClCompile Include="ipc_sam.c" />
    <ClCompile Include="ipc_spl.c" />
    <ClCompile Include="key.c" />
    <ClCompile Include="key_flt.c">
--- a/Sandboxie/core/drv/SboxDrv.vcxproj.filters
+++ b/Sandboxie/core/drv/SboxDrv.vcxproj.filters
@ -118,6 +118,12 @@
    <ClCompile Include="..\..\common\stream.c">
      <Filter>common</Filter>
    </ClCompile>
    <ClCompile Include="ipc_sam.c">
      <Filter>ipc</Filter>
    </ClCompile>
    <ClCompile Include="file_ctrl.c">
      <Filter>file</Filter>
    </ClCompile>
  </ItemGroup>
  <ItemGroup>
    <ClInclude Include="api.h" />
--- a/Sandboxie/core/drv/api_defs.h
+++ b/Sandboxie/core/drv/api_defs.h
@ -316,6 +316,7 @@ API_ARGS_CLOSE(API_DISABLE_FORCE_PROCESS_ARGS)
 API_ARGS_BEGIN(API_MONITOR_CONTROL_ARGS)
 API_ARGS_FIELD(ULONG *,set_flag)
 API_ARGS_FIELD(ULONG *,get_flag)
 //API_ARGS_FIELD(ULONG *,get_used)
 API_ARGS_CLOSE(API_MONITOR_CONTROL_ARGS)
@ -329,6 +330,7 @@ API_ARGS_BEGIN(API_MONITOR_GET_EX_ARGS)
 API_ARGS_FIELD(ULONG *, log_seq)
 API_ARGS_FIELD(USHORT *, log_type)
 API_ARGS_FIELD(ULONG64 *, log_pid)
 API_ARGS_FIELD(ULONG64 *, log_tid)
 API_ARGS_FIELD(ULONG, log_len)
 API_ARGS_FIELD(WCHAR *, log_ptr)
 API_ARGS_CLOSE(API_MONITOR_GET_EX_ARGS)
--- a/Sandboxie/core/drv/file.c
+++ b/Sandboxie/core/drv/file.c
@ -879,6 +879,8 @@ _FX BOOLEAN File_InitProcess(PROCESS *proc)
                    proc->box->name, L"NotifyDirectDiskAccess", 0, FALSE);
    }
    proc->file_open_devapi_cmapi = Conf_Get_Boolean(proc->box->name, L"OpenDevCMApi", 0, FALSE);
    if (ok && proc->image_path && (! proc->image_sbie)) {
        //
--- a/Sandboxie/core/drv/file_ctrl.c
+++ b/Sandboxie/core/drv/file_ctrl.c
@ -0,0 +1,130 @@
 /*
 * Copyright 2021 David Xanatos, xanasoft.com
 *
 * This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation, either version 3 of the License, or
 *   (at your option) any later version.
 *
 *   This program is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 //---------------------------------------------------------------------------
 // DeviceIoControlFile filter
 //---------------------------------------------------------------------------
 //#define CTL_CODE( DeviceType, Function, Method, Access ) (((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method))
 #define DEVICE_TYPE_FROM_CTL_CODE(ctrlCode)     (((ULONG)(ctrlCode & 0xffff0000)) >> 16)
 #define FUNCTION_FROM_CTL_CODE(ctrlCode)        (((ULONG)(ctrlCode & 0x3ffc)) >> 2)
 #define METHOD_FROM_CTL_CODE(ctrlCode)          ((ULONG)(ctrlCode & 3))
 _FX NTSTATUS Syscall_DeviceIoControlFile(
    PROCESS *proc, SYSCALL_ENTRY *syscall_entry, ULONG_PTR *user_args)
 {
    // filter out dangerous driver calls
    ULONG IoControlCode = (ULONG)user_args[5];
    if (DEVICE_TYPE_FROM_CTL_CODE(IoControlCode) == 0x6d)    //MOUNTMGRCONTROLTYPE 'm'   \Device\MountPointManager
    {
        ULONG function;
        function = FUNCTION_FROM_CTL_CODE(IoControlCode);
        //DbgPrint("DeviceIoContoleFile, func = %d, p=%06d t=%06d, %S\n", function, PsGetCurrentProcessId(), PsGetCurrentThreadId(), proc->image_name);
        if (function == 0 ||        // IOCTL_MOUNTMGR_CREATE_POINT
            function == 1 ||        // IOCTL_MOUNTMGR_DELETE_POINTS (DeleteVolumeMountPoint())
            function == 3 ||        // IOCTL_MOUNTMGR_DELETE_POINTS_DBONLY
            function == 6 ||        // IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED
            function == 7 ||        // IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED
            function == 9)          // IOCTL_MOUNTMGR_KEEP_LINKS_WHEN_OFFLINE
            return STATUS_ACCESS_DENIED;
    }
    if (DEVICE_TYPE_FROM_CTL_CODE(IoControlCode) == 0x47)    //CMApi(?)CONTROLTYPE 0x47   \Device\DeviceApi\CMApi
    {
        if (!proc->file_open_devapi_cmapi)
        {
            ULONG function = FUNCTION_FROM_CTL_CODE(IoControlCode);
            /*WCHAR path[256] = { 0 };
            FILE_OBJECT* object;
            NTSTATUS status = ObReferenceObjectByHandle((HANDLE)user_args[0], 0, *IoFileObjectType, UserMode, &object, NULL);
            if (NT_SUCCESS(status))
            {
                memcpy(path, object->FileName.Buffer, object->FileName.Length);
                path[object->FileName.Length / sizeof(WCHAR)] = 0;
                ObDereferenceObject(object);
            }*/
            BOOLEAN filter = FALSE;
            switch (function)
            {
            //case 0x0: 
            //case 0x100: //?SwDeviceCreate - Initiates the enumeration of a software device.
            case 0x101: //?SwDevicePropertySet
            case 0x102: //?SwDeviceInterfaceRegister
            case 0x103: //?SwDeviceInterfaceSetState
            case 0x104: //?SwDeviceInterfacePropertySet
            case 0x105: //?SwDeviceSetLifetime
            //case 0x106: //?SwDeviceGetLifetime
            //case 0x200: //?CMP_Register_Notification,CM_Get_Device_ID_List,CM_Get_Device_ID_List_Size
            //case 0x201: //?CmNotifyWnfNotificationCallback,CM_Get_Device_Interface_List_Size
            //case 0x202: //?ProcessPlugPlayEventCallback,CM_Enumerate_Classes,CM_Enumerate_Enumerators
            //case 0x203: //?UnregisterClient,CM_Get_Class_Property_Keys,CM_Get_DevNode_Property_Keys,CM_Get_Device_Interface_Property_Keys
            //case 0x204: //GetObjectProperty,GetObjectProperty
            case 0x205: //CM_Set_DevNode_Property,CM_Set_Device_Interface_Property,CM_Set_Class_Property
            //case 0x206: //GetRegistryProperty,GetRegistryProperty
            case 0x207: //CM_Set_Class_Registry_Property,CM_Set_DevNode_Registry_Property
            //case 0x209: //CM_Get_DevNode_Status
            //case 0x20a: //CM_Get_Depth
            case 0x20b: //CM_Set_DevNode_Problem
            case 0x20c: //CM_Disable_DevNode,CM_Query_And_Remove_SubTree
            case 0x20d: //CM_Register_Device_Interface
            case 0x20e: //CM_Unregister_Device_Interface
            //case 0x20f: //CM_Get_Device_Interface_Alias
            //case 0x210: //Validate_Device_Instance
            case 0x211: //CM_Create_DevNode
            case 0x212: //CM_Uninstall_DevNode
            //case 0x213: //CM_Reenumerate_DevNode,CM_Setup_DevNode
            case 0x214: //CM_Open_Device_Interface_Key
            case 0x215: //CM_Delete_Device_Interface_Key
            case 0x216: //OpenLogConfKey,OpenLogConfKey,CM_Open_DevNode_Key,CM_Get_DevNode_Custom_Property,OpenDeviceHwProfileKey
            case 0x217: //CM_Delete_DevNode_Key
            case 0x218: //CM_Open_Class_Key
            case 0x219: //CM_Delete_Class_Key
                filter = TRUE;
            }
            /*
            WCHAR msg_str[240];
            swprintf(msg_str, L"DeviceIoContoleFile, CMApi, func = 0x%X, filter=%d, p=%06d t=%06d, %s\n",
                function, filter, PsGetCurrentProcessId(), PsGetCurrentThreadId(), proc->image_name);
            const WCHAR* strings[2] = { msg_str, NULL };
            Session_MonitorPutEx(MONITOR_OTHER | MONITOR_TRACE, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());*/
            if(filter)
                return STATUS_ACCESS_DENIED;
        }
    }
    return NtDeviceIoControlFile(
        (HANDLE)user_args[0],       // FileHandle
        (HANDLE)user_args[1],       // Event
        (PIO_APC_ROUTINE)user_args[2],  // ApcRoutine
        (PVOID)user_args[3],        // ApcContext
        (PIO_STATUS_BLOCK)user_args[4], // IoStatusBlock
        (ULONG)user_args[5],        // IoControlCode
        (PVOID)user_args[6],        // InputBuffer
        (ULONG)user_args[7],        // InputBufferLength
        (PVOID)user_args[8],        // OutBuffer
        (ULONG)user_args[9]);       // OutputBufferLength
 }
--- a/Sandboxie/core/drv/ipc.c
+++ b/Sandboxie/core/drv/ipc.c
@ -652,6 +652,9 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS *proc)
    proc->ipc_open_lsa_endpoint =
        Conf_Get_Boolean(proc->box->name, L"OpenLsaEndpoint", 0, FALSE);
    proc->ipc_open_sam_endpoint =
        Conf_Get_Boolean(proc->box->name, L"OpenSamEndpoint", 0, FALSE);
    proc->ipc_allowSpoolerPrintToFile =
        Conf_Get_Boolean(proc->box->name, L"AllowSpoolerPrintToFile", 0, FALSE);
@ -1164,13 +1167,10 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
        status = NtDuplicateObject(
                        SourceProcessHandle, SourceHandle,
-                        TargetProcessHandle, TargetHandle,
+                        TargetProcessHandle, &TargetHandleValue,
                        DesiredAccess, HandleAttributes,
                        Options & ~DUPLICATE_CLOSE_SOURCE);
        TargetHandleValue = *TargetHandle;
        *TargetHandle = NULL;
        if (NT_SUCCESS(status)) {
            status = Ipc_CheckObjectName(TargetHandleValue);
@ -1185,12 +1185,11 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
            status = NtDuplicateObject(
                SourceProcessHandle, SourceHandle,
-                TargetProcessHandle, TargetHandle,
+                TargetProcessHandle, &TargetHandleValue,
                DesiredAccess, HandleAttributes, Options);
            TargetHandleValue = *TargetHandle;
        }
        *TargetHandle = NULL;
        if (NT_SUCCESS(status))
            *TargetHandle = TargetHandleValue;
--- a/Sandboxie/core/drv/ipc_lsa.c
+++ b/Sandboxie/core/drv/ipc_lsa.c
@ -343,7 +343,7 @@ _FX BOOLEAN Ipc_Filter_Lsa_Ep_Msg(PROCESS* proc, UCHAR uMsg)
            WCHAR msg_str[24];
            swprintf(msg_str, L" Msg: %02X", (ULONG)uMsg);
            const WCHAR* strings[3] = { L"\\RPC Control\\LSARPC_ENDPOINT", msg_str, NULL };
-            Session_MonitorPutEx(mon_type, strings, NULL, PsGetCurrentProcessId());
+            Session_MonitorPutEx(mon_type, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
        }
    }
--- a/Sandboxie/core/drv/ipc_port.c
+++ b/Sandboxie/core/drv/ipc_port.c
@ -25,6 +25,7 @@
 #include "obj.h"
 #include "api.h"
 #include "thread.h"
 #include "session.h"
 //---------------------------------------------------------------------------
@ -122,6 +123,9 @@ NTSTATUS Ipc_CheckPortRequest_Lsa(
 NTSTATUS Ipc_CheckPortRequest_LsaEP(
    PROCESS* proc, OBJECT_NAME_INFORMATION* Name, PORT_MESSAGE* msg);
 NTSTATUS Ipc_CheckPortRequest_Sam(
    PROCESS* proc, OBJECT_NAME_INFORMATION* Name, PORT_MESSAGE* msg);
 NTSTATUS Ipc_CheckPortRequest_PowerManagement(
    PROCESS *proc, OBJECT_NAME_INFORMATION *Name, PORT_MESSAGE *msg);
@ -235,6 +239,8 @@ _FX NTSTATUS Ipc_CheckPortRequest(
        status = Ipc_CheckPortRequest_Lsa(proc, Name, msg);
    if (status == STATUS_BAD_INITIAL_PC)
        status = Ipc_CheckPortRequest_LsaEP(proc, Name, msg);
    if (status == STATUS_BAD_INITIAL_PC)
        status = Ipc_CheckPortRequest_Sam(proc, Name, msg);
    if (status == STATUS_BAD_INITIAL_PC)
        status = Ipc_CheckPortRequest_PowerManagement(proc, Name, msg);
    if (status == STATUS_BAD_INITIAL_PC)
@ -247,6 +253,14 @@ _FX NTSTATUS Ipc_CheckPortRequest(
        //DbgPrint("Status <%08X> on Port <%*.*S>\n", status, Name->Name.Length/sizeof(WCHAR), Name->Name.Length/sizeof(WCHAR), Name->Name.Buffer);
    //}
    /*if (Session_MonitorCount)// && (proc->ipc_trace & (TRACE_ALLOW | TRACE_DENY))) 
    {
        WCHAR msg_str[256];
        swprintf(msg_str, L"CheckPortRequest, Status <%08X> on Port <%*.*s>\n", status, Name->Name.Length / sizeof(WCHAR), Name->Name.Length / sizeof(WCHAR), Name->Name.Buffer);
        const WCHAR* strings[2] = { msg_str, NULL };
        Session_MonitorPutEx(MONITOR_IPC, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
    }*/
    //
    // finish
    //
--- a/Sandboxie/core/drv/ipc_sam.c
+++ b/Sandboxie/core/drv/ipc_sam.c
@ -0,0 +1,190 @@
 /*
 * Copyright 2021 David Xanatos, xanasoft.com
 *
 * This program is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation, either version 3 of the License, or
 *   (at your option) any later version.
 *
 *   This program is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 //---------------------------------------------------------------------------
 // Inter-Process Communication
 //---------------------------------------------------------------------------
 #include "ipc.h"
 #include "obj.h"
 #include "api.h"
 #include "util.h"
 #include "session.h"
 //---------------------------------------------------------------------------
 // Functions
 //---------------------------------------------------------------------------
 _FX BOOLEAN Ipc_Filter_Sam_Msg(PROCESS* proc, UCHAR uMsg);
 //---------------------------------------------------------------------------
 // Ipc_CheckPortRequest_Sam
 //---------------------------------------------------------------------------
 _FX NTSTATUS Ipc_CheckPortRequest_Sam(
    PROCESS* proc, OBJECT_NAME_INFORMATION* Name, PORT_MESSAGE* msg)
 {
    NTSTATUS status;
    if (proc->ipc_open_sam_endpoint)
        return STATUS_BAD_INITIAL_PC;
    if (Name->Name.Length == 22 * sizeof(WCHAR)) {
        if (_wcsicmp(Name->Name.Buffer, L"\\RPC Control\\samss lpc") != 0)
            return STATUS_BAD_INITIAL_PC;
    }
    else
        return STATUS_BAD_INITIAL_PC;
    //
    // examine message
    //
    status = STATUS_SUCCESS;
    __try {
        ProbeForRead(msg, sizeof(PORT_MESSAGE), sizeof(ULONG_PTR));
        if (Driver_OsVersion >= DRIVER_WINDOWS_7) {
            ULONG  len = msg->u1.s1.DataLength;
            UCHAR* ptr = (UCHAR*)((UCHAR*)msg + sizeof(PORT_MESSAGE));
            int i = 0;
            int rc = -2;
            ProbeForRead(ptr, len, sizeof(WCHAR));
            if (Ipc_Filter_Sam_Msg(proc, ptr[20]))
                status = STATUS_ACCESS_DENIED;
            //DbgPrint("\\RPC Control\\samss lpc message ID: %d\n", (int)ptr[20]);
        }
    }
    __except (EXCEPTION_EXECUTE_HANDLER) {
        status = GetExceptionCode();
    }
    return status;
 }
 //---------------------------------------------------------------------------
 // Ipc_Filter_Sam_Msg
 //---------------------------------------------------------------------------
 _FX BOOLEAN Ipc_Filter_Sam_Msg(PROCESS* proc, UCHAR uMsg)
 {
    BOOLEAN filter = FALSE;
    switch (uMsg)
    {
    //case 0x00: //SamConnect
    //case 0x01: //SamCloseHandle
    case 0x02: //SamSetSecurityObject
    //case 0x03: //SamQuerySecurityObject
    //case 0x05: //SamLookupDomainInSamServer
    //case 0x06: //SamEnumerateDomainsInSamServer
    //case 0x07: //SamOpenDomain
    //case 0x08: //SamQueryInformationDomain
    case 0x09: //SamSetInformationDomain
    case 0x0A: //SamCreateGroupInDomain
    //case 0x0B: //SamEnumerateGroupsInDomain
    case 0x0C: //SamCreateUserInDomain
    //case 0x0D: //SamiEnumerateUsersInDomain
    case 0x0E: //SamCreateAliasInDomain
    //case 0x0F: //SamEnumerateAliasesInDomain
    //case 0x10: //SamGetAliasMembership
    //case 0x11: //SamiLookupNamesInDomain
    //case 0x12: //SampLookupIdsInDomain
    //case 0x13: //SamOpenGroup
    //case 0x14: //SamQueryInformationGroup
    case 0x15: //SamSetInformationGroup
    case 0x17: //SamDeleteGroup
    case 0x18: //SamRemoveMemberFromGroup
    //case 0x19: //SamGetMembersInGroup
    //case 0x1A: //SamSetMemberAttributesOfGroup
    //case 0x1B: //SamOpenAlias
    //case 0x1C: //SamQueryInformationAlias
    case 0x1D: //SamSetInformationAlias
    case 0x1E: //SamDeleteAlias
    case 0x1F: //SamAddMemberToAlias
    case 0x20: //SamRemoveMemberFromAlias
    //case 0x21: //SamGetMembersInAlias
    //case 0x22: //SamOpenUser
    case 0x23: //SamDeleteUser
    //case 0x24: //SamQueryInformationUser
    case 0x25: //SamSetInformationUser
    case 0x26: //SamiLmChangePasswordUser, SamiLmChangePasswordUser
    //case 0x27: //SamGetGroupsForUser
    //case 0x28: //SamQueryDisplayInformation
    //case 0x29: //SamGetDisplayEnumerationIndex
    //case 0x2C: //SampCheckPasswordRestrictions
    case 0x2D: //SamRemoveMemberFromForeignDomain
    //case 0x2E: //SamQueryInformationDomain
    //case 0x30: //SamQueryDisplayInformation
    //case 0x31: //SamGetDisplayEnumerationIndex
    case 0x32: //SamCreateUser2InDomain
    //case 0x33: //SamQueryDisplayInformation
    case 0x35: //SamRemoveMultipleMembersFromAlias
    case 0x37: //SamiChangePasswordUser2
    case 0x38: //SamiChangePasswordUser2
    //case 0x39: //SamConnect
    case 0x3A: //SampSetInfoUserUseOldInfoClass
    case 0x3B: //SamiSetBootKeyInformation
    //case 0x3E: //SamConnect
    //case 0x40: //SamConnect
    //case 0x41: //SamRidToSid
    case 0x42: //SampSetDSRMPassword
    //case 0x43: //SamValidatePassword
    //case 0x44: //SamQueryLocalizableAccountsInDomain
    //case 0x45: //SamPerformGenericOperation
    case 0x46: //SamiSyncDSRMPasswordFromAccount
    //case 0x47: //SamiLookupNamesInDomain
    //case 0x48: //SamiEnumerateUsersInDomain
    //case 0xEF:    //Unknown
        filter = TRUE;
    }
    if (Session_MonitorCount && (proc->ipc_trace & (TRACE_ALLOW | TRACE_DENY))) {
        USHORT mon_type = MONITOR_IPC;
        if (filter && (proc->ipc_trace & TRACE_DENY))
            mon_type |= MONITOR_DENY;
        else if (!filter && (proc->ipc_trace & TRACE_ALLOW))
            mon_type |= MONITOR_OPEN;
        else
            mon_type = 0;
        if (mon_type) {
            WCHAR msg_str[24];
            swprintf(msg_str, L" Msg: %02X", (ULONG)uMsg);
            const WCHAR* strings[3] = { L"\\RPC Control\\samss lpc", msg_str, NULL };
            Session_MonitorPutEx(mon_type, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
        }
    }
    return filter;
 }
--- a/Sandboxie/core/drv/ipc_spl.c
+++ b/Sandboxie/core/drv/ipc_spl.c
@ -312,7 +312,7 @@ _FX BOOLEAN Ipc_Filter_Spooler_Msg(PROCESS* proc, UCHAR uMsg)
            WCHAR msg_str[24];
            swprintf(msg_str, L" Msg: %02X", (ULONG)uMsg);
            const WCHAR* strings[3] = { L"\\RPC Control\\spoolss", msg_str, NULL };
-            Session_MonitorPutEx(mon_type, strings, NULL, PsGetCurrentProcessId());
+            Session_MonitorPutEx(mon_type, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
        }
    }
--- a/Sandboxie/core/drv/log.c
+++ b/Sandboxie/core/drv/log.c
@ -337,6 +337,6 @@ _FX void Log_Debug_Msg(USHORT type, const WCHAR *string1, const WCHAR *string2)
 	if (Session_MonitorCount) {
 		const WCHAR* strings[4] = { string1, L" ", string2, NULL };
-		Session_MonitorPutEx(type, strings, NULL, PsGetCurrentProcessId());
+		Session_MonitorPutEx(type, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
 	}
 }
--- a/Sandboxie/core/drv/process.h
+++ b/Sandboxie/core/drv/process.h
@ -136,6 +136,7 @@ struct _PROCESS {
    BOOLEAN file_warn_internet;
    BOOLEAN file_warn_direct_access;
 	BOOLEAN AllowInternetAccess;
    BOOLEAN file_open_devapi_cmapi;
    // key-related
@ -156,6 +157,7 @@ struct _PROCESS {
    BOOLEAN ipc_warn_startrun;
    BOOLEAN ipc_block_password;
    BOOLEAN ipc_open_lsa_endpoint;
    BOOLEAN ipc_open_sam_endpoint;
    BOOLEAN ipc_allowSpoolerPrintToFile;
    BOOLEAN ipc_openPrintSpooler;
--- a/Sandboxie/core/drv/session.c
+++ b/Sandboxie/core/drv/session.c
@ -579,7 +579,7 @@ _FX BOOLEAN Session_IsForceDisabled(ULONG SessionId)
 _FX void Session_MonitorPut(USHORT type, const WCHAR *name, HANDLE pid)
 {
 	const WCHAR* strings[2] = { name, NULL };
-	Session_MonitorPutEx(type, strings, NULL, pid);
+	Session_MonitorPutEx(type, strings, NULL, pid, PsGetCurrentThreadId());
 }
@ -588,7 +588,7 @@ _FX void Session_MonitorPut(USHORT type, const WCHAR *name, HANDLE pid)
 //---------------------------------------------------------------------------
-_FX void Session_MonitorPutEx(USHORT type, const WCHAR** strings, ULONG* lengths, HANDLE pid)
+_FX void Session_MonitorPutEx(USHORT type, const WCHAR** strings, ULONG* lengths, HANDLE pid, HANDLE tid)
 {
    SESSION *session;
    KIRQL irql;
@ -600,17 +600,20 @@ _FX void Session_MonitorPutEx(USHORT type, const WCHAR** strings, ULONG* lengths
    if (session->monitor_log && *strings[0]) {
 		ULONG64 pid64 = (ULONG64)pid;
        ULONG64 tid64 = (ULONG64)tid;
 		SIZE_T data_len = 0;
 		for(int i=0; strings[i] != NULL; i++)
 			data_len += (lengths ? lengths [i] : wcslen(strings[i])) * sizeof(WCHAR);
-		//[Type 2][PID 8][Data n*2]
+		//[Type 2][PID 8][TID 8][Data n*2]
-		SIZE_T entry_size = 2 + 8 + data_len;
+		SIZE_T entry_size = 2 + 8 + 8 + data_len;
 		CHAR* write_ptr = log_buffer_push_entry((LOG_BUFFER_SIZE_T)entry_size, session->monitor_log);
 		if (write_ptr) {
 			log_buffer_push_bytes((CHAR*)&type, 2, &write_ptr, session->monitor_log);
 			log_buffer_push_bytes((CHAR*)&pid64, 8, &write_ptr, session->monitor_log);
            log_buffer_push_bytes((CHAR*)&tid64, 8, &write_ptr, session->monitor_log);
 			// join strings seamlessly
            for (int i = 0; strings[i] != NULL; i++)
@ -634,6 +637,7 @@ _FX NTSTATUS Session_Api_MonitorControl(PROCESS *proc, ULONG64 *parms)
    API_MONITOR_CONTROL_ARGS *args = (API_MONITOR_CONTROL_ARGS *)parms;
    ULONG *in_flag;
    ULONG *out_flag;
    ULONG *out_used;
    SESSION *session;
    KIRQL irql;
    BOOLEAN EnableMonitor;
@ -657,6 +661,18 @@ _FX NTSTATUS Session_Api_MonitorControl(PROCESS *proc, ULONG64 *parms)
        }
    }
    //out_used = args->get_used.val;
    //if (out_used) {
    //    ProbeForWrite(out_used, sizeof(ULONG), sizeof(ULONG));
    //    *out_used = 0;
    //    session = Session_Get(FALSE, -1, &irql);
    //    if (session) {
    //        if (session->monitor_log)
    //            *out_used = (ULONG)session->monitor_log->buffer_used;
    //        Session_Unlock(irql);
    //    }
    //}
    //
    // set status
    //
@ -679,7 +695,14 @@ _FX NTSTATUS Session_Api_MonitorControl(PROCESS *proc, ULONG64 *parms)
            if (EnableMonitor && (! session->monitor_log)) {
                ULONG BuffSize = Conf_Get_Number(NULL, L"TraceBufferPages", 0, 256) * PAGE_SIZE;
 				session->monitor_log = log_buffer_init(BuffSize * sizeof(WCHAR));
                if (!session->monitor_log) {
                    Log_Msg0(MSG_1201);
                    session->monitor_log = log_buffer_init(SESSION_MONITOR_BUF_SIZE * sizeof(WCHAR));
                }
                if (session->monitor_log) {
                    InterlockedIncrement(&Session_MonitorCount);
                } else
@ -925,6 +948,7 @@ _FX NTSTATUS Session_Api_MonitorGetEx(PROCESS *proc, ULONG64 *parms)
 	ULONG *seq_num;
    USHORT *log_type;
 	ULONG64 *log_pid;
    ULONG64* log_tid;
    ULONG log_len;
    WCHAR *log_data;
    SESSION *session;
@ -946,6 +970,10 @@ _FX NTSTATUS Session_Api_MonitorGetEx(PROCESS *proc, ULONG64 *parms)
 	if (log_pid != NULL)
 		ProbeForWrite(log_pid, sizeof(ULONG64), sizeof(ULONG64));
    log_tid = args->log_tid.val;
    if (log_tid != NULL)
        ProbeForWrite(log_tid, sizeof(ULONG64), sizeof(ULONG64));
 	log_len = args->log_len.val / sizeof(WCHAR);
    if (!log_len)
        return STATUS_INVALID_PARAMETER;
@ -992,17 +1020,23 @@ _FX NTSTATUS Session_Api_MonitorGetEx(PROCESS *proc, ULONG64 *parms)
 		//	__leave;
 		//}
-		//[Type 2][PID 8][Data n*2]
+		//[Type 2][PID 8][PID 8][Data n*2]
 		log_buffer_get_bytes((CHAR*)log_type, 2, &read_ptr, session->monitor_log);
 		ULONG64 pid64;
 		log_buffer_get_bytes((CHAR*)&pid64, 8, &read_ptr, session->monitor_log);
 		if (log_pid != NULL)
 			*log_pid = pid64;
        ULONG64 tid64;
        log_buffer_get_bytes((CHAR*)&tid64, 8, &read_ptr, session->monitor_log);
        if (log_tid != NULL)
            *log_tid = tid64;
 		log_len -= sizeof(WCHAR); // reserve room for the termination character
-		if (log_len > entry_size - (2 + 8))
+		if (log_len > entry_size - (2 + 8 + 8))
-			log_len = entry_size - (2 + 8);
+			log_len = entry_size - (2 + 8 + 8);
 		log_buffer_get_bytes((CHAR*)log_data, log_len, &read_ptr, session->monitor_log);
 		// add required termination character
--- a/Sandboxie/core/drv/session.h
+++ b/Sandboxie/core/drv/session.h
@ -44,7 +44,7 @@ BOOLEAN Session_IsForceDisabled(ULONG SessionId);
 void Session_MonitorPut(USHORT type, const WCHAR *name, HANDLE pid);
-void Session_MonitorPutEx(USHORT type, const WCHAR** strings, ULONG* lengths, HANDLE pid);
+void Session_MonitorPutEx(USHORT type, const WCHAR** strings, ULONG* lengths, HANDLE pid, HANDLE tid);
 //---------------------------------------------------------------------------
--- a/Sandboxie/core/drv/syscall.c
+++ b/Sandboxie/core/drv/syscall.c
@ -857,13 +857,12 @@ _FX NTSTATUS Syscall_Api_Invoke(PROCESS *proc, ULONG64 *parms)
            if (hConnection)
            {
                WCHAR trace_str[128];
-                swprintf(trace_str, L"[syscall] t=%06d - %.*S, status = 0x%X, handle = %X; ", //59 chars + entry->name
+                swprintf(trace_str, L"[syscall] %.*S, status = 0x%X, handle = %X; ", //59 chars + entry->name
                    PsGetCurrentThreadId(),
                    max(strlen(entry->name), 64), entry->name,
                    status, hConnection);
                const WCHAR* strings[3] = { trace_str, puStr ? puStr->Buffer : NULL, NULL };
                ULONG lengths[3] = { wcslen(trace_str), puStr ? puStr->Length / 2 : 0, 0 };
-                Session_MonitorPutEx(MONITOR_IPC | MONITOR_TRACE, strings, lengths, PsGetCurrentProcessId());
+                Session_MonitorPutEx(MONITOR_IPC | MONITOR_TRACE, strings, lengths, PsGetCurrentProcessId(), PsGetCurrentThreadId());
                traced = TRUE;
            }
        }
@ -871,12 +870,11 @@ _FX NTSTATUS Syscall_Api_Invoke(PROCESS *proc, ULONG64 *parms)
        if (!traced && ((proc->call_trace & TRACE_ALLOW) || ((status != STATUS_SUCCESS) && (proc->call_trace & TRACE_DENY))))
        {
            WCHAR trace_str[128];
-            swprintf(trace_str, L"[syscall] t=%06d - %.*S, status = 0x%X", //59 chars + entry->name
+            swprintf(trace_str, L"[syscall] %.*S, status = 0x%X", //59 chars + entry->name
                PsGetCurrentThreadId(),
                max(strlen(entry->name), 64), entry->name,
                status);
            const WCHAR* strings[2] = { trace_str, NULL };
-            Session_MonitorPutEx(MONITOR_SYSCALL | MONITOR_TRACE, strings, NULL, PsGetCurrentProcessId());
+            Session_MonitorPutEx(MONITOR_SYSCALL | MONITOR_TRACE, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
        }
 #ifdef _WIN64
--- a/Sandboxie/core/drv/syscall_open.c
+++ b/Sandboxie/core/drv/syscall_open.c
@ -244,6 +244,51 @@ _FX NTSTATUS Syscall_OpenHandle(
        }
    }
    PUNICODE_STRING puName = NULL;
    __try {
        if ((strcmp(syscall_entry->name, "ConnectPort") == 0) ||
            (strcmp(syscall_entry->name, "AlpcConnectPort") == 0))
        {
            puName = (UNICODE_STRING*)user_args[1];
        }
        else if ((strcmp(syscall_entry->name, "CreateFile") == 0) ||
            (strcmp(syscall_entry->name, "OpenFile") == 0))
        {
            POBJECT_ATTRIBUTES pObj = (POBJECT_ATTRIBUTES)user_args[2];
            if (pObj && pObj->ObjectName)
            {
                puName = pObj->ObjectName;
                ACCESS_MASK DesiredAccess = (ACCESS_MASK)user_args[1];
                if(!Conf_Get_Boolean(proc->box->name, L"AllowRawDiskRead", 0, FALSE))
                if (puName->Buffer != NULL && puName->Length > (4 * sizeof(WCHAR)) && wcsncmp(puName->Buffer, L"\\??\\", 4) == 0
                    && (DesiredAccess & ~(SYNCHRONIZE | READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES)) != 0)
                {
                    if ((puName->Length == (6 * sizeof(WCHAR)) && puName->Buffer[5] == L':') // \??\C:
                        || wcsncmp(&puName->Buffer[4], L"PhysicalDrive", 13) == 0 // \??\PhysicalDrive1
                        || wcsncmp(&puName->Buffer[4], L"Volume", 6) == 0) // \??\Volume{2b985816-4b6f-11ea-bd33-48a4725d5bbe}
                    {
                        WCHAR access_str[24];
                        swprintf(access_str, L"(DD) %08X", DesiredAccess);
                        Log_Debug_Msg(MONITOR_DRIVE | MONITOR_DENY, access_str, puName->Buffer);
                        if (proc->file_warn_direct_access) {
                            //Log_MsgP1(MSG_BLOCKED_DIRECT_DISK_ACCESS, proc->image_name, proc->pid);
                            Process_LogMessage(proc, MSG_BLOCKED_DIRECT_DISK_ACCESS);
                        }
                        return STATUS_ACCESS_DENIED;
                    }
                }
            }
        }
    }
    __except (EXCEPTION_EXECUTE_HANDLER) {}
    //
    // replace the address of the handle in the user stack
    //
@ -296,14 +341,6 @@ _FX NTSTATUS Syscall_OpenHandle(
    if (NT_SUCCESS(status)) {        
        PUNICODE_STRING puName = NULL;
        if ((strcmp(syscall_entry->name, "ConnectPort") == 0) ||
            (strcmp(syscall_entry->name, "AlpcConnectPort") == 0))
        {
            puName = (UNICODE_STRING*)user_args[1];
        }
        //
        // check the access that was granted to the object
        //
@ -373,39 +410,9 @@ _FX NTSTATUS Syscall_GetNextProcess(
 // Syscall_DeviceIoControlFile
 //---------------------------------------------------------------------------
 #define FUNCTION_FROM_CTL_CODE(ctrlCode)     (((ULONG)(ctrlCode & 0x3f)) >> 2)
-_FX NTSTATUS Syscall_DeviceIoControlFile(
+#include "file_ctrl.c"
    PROCESS *proc, SYSCALL_ENTRY *syscall_entry, ULONG_PTR *user_args)
 {
    // filter out dangerous driver calls
    if (DEVICE_TYPE_FROM_CTL_CODE(user_args[5]) == 0x6d)    //MOUNTMGRCONTROLTYPE 'm'   \Device\MountPointManager
    {
        ULONG function;
        function = FUNCTION_FROM_CTL_CODE(user_args[5]);
        //DbgPrint("DeviceIoContoleFile, func = %d, p=%06d t=%06d, %S\n", function, PsGetCurrentProcessId(), PsGetCurrentThreadId(), proc->image_name);
        if (function == 0 ||        // IOCTL_MOUNTMGR_CREATE_POINT
            function == 1 ||        // IOCTL_MOUNTMGR_DELETE_POINTS (DeleteVolumeMountPoint())
            function == 3 ||        // IOCTL_MOUNTMGR_DELETE_POINTS_DBONLY
            function == 6 ||        // IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED
            function == 7 ||        // IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED
            function == 9)          // IOCTL_MOUNTMGR_KEEP_LINKS_WHEN_OFFLINE
            return STATUS_ACCESS_DENIED;
    }
    return NtDeviceIoControlFile(
        (HANDLE)user_args[0],       // FileHandle
        (HANDLE)user_args[1],       // Event
        (PIO_APC_ROUTINE)user_args[2],  // ApcRoutine
        (PVOID)user_args[3],        // ApcContext
        (PIO_STATUS_BLOCK)user_args[4], // IoStatusBlock
        (ULONG)user_args[5],        // IoControlCode
        (PVOID)user_args[6],        // InputBuffer
        (ULONG)user_args[7],        // InputBufferLength
        (PVOID)user_args[8],        // OutBuffer
        (ULONG)user_args[9]);       // OutputBufferLength
 }
 //---------------------------------------------------------------------------
 // Syscall_DuplicateHandle
@ -423,7 +430,6 @@ _FX NTSTATUS Syscall_DuplicateHandle(
    HANDLE NewHandle;
    void *TargetProcessObject;
    //
    // if there is a target process handle, keep a record of the
    // associated process object so we can check it later
--- a/Sandboxie/core/svc/EpMapperServer.cpp
+++ b/Sandboxie/core/svc/EpMapperServer.cpp
@ -184,7 +184,7 @@ MSG_HEADER *EpMapperServer::EpmapperGetPortNameHandler(MSG_HEADER *msg)
    {
        //
        // Note: it seams that chrome.exe resolves GAME_CONFIG_STORE_PORT in one process and accesses from an other
-        // so since here we onlyonly a fre non critical ports we will use PID 0 to open it gloally
+        // so since here we only open non critical ports we will use PID 0 to open them globally
        // instead of only for the one process. Todo: make it per sandbox instead
        //
--- a/Sandboxie/core/svc/sbieiniserver.cpp
+++ b/Sandboxie/core/svc/sbieiniserver.cpp
@ -1462,8 +1462,9 @@ ULONG SbieIniServer::RefreshConf()
    char* text_utf8 = NULL;
    if (IsUTF8)
    {
-        text_utf8 = (char*)HeapAlloc(GetProcessHeap(), 0, lenToWrite + 16);
+        ULONG utf8_len = WideCharToMultiByte(CP_UTF8, 0, m_text_base, lenToWrite / sizeof(WCHAR), NULL, 0, NULL, NULL);
-        lenToWrite = WideCharToMultiByte(CP_UTF8, 0, m_text_base, lenToWrite / sizeof(WCHAR), text_utf8, lenToWrite + 16, NULL, NULL);
+        text_utf8 = (char*)HeapAlloc(GetProcessHeap(), 0, utf8_len);
        lenToWrite = WideCharToMultiByte(CP_UTF8, 0, m_text_base, lenToWrite / sizeof(WCHAR), text_utf8, utf8_len, NULL, NULL);
    }
    ULONG lenWritten = 0;
@ -1735,6 +1736,8 @@ MSG_HEADER *SbieIniServer::RunSbieCtrl(HANDLE idProcess, bool isSandboxed)
        WCHAR *args;
        if (isSandboxed)
            args = NULL;
        else if (*ctrlName)
            args = L" -autorun";
        else
            args = L" /open /sync";
--- a/Sandboxie/install/Templates.ini
+++ b/Sandboxie/install/Templates.ini
--- a/Sandboxie/msgs/Sbie-English-1033.txt
+++ b/Sandboxie/msgs/Sbie-English-1033.txt
@ -1223,6 +1223,10 @@ Allow direct access to Windows Font Cache
 Allow direct access to qWave driver (Google Hangouts)
 .
 3460;txt;01
 Function hooking customizations
 .
 3461;txt;01
 &Run Sandboxed
 .
--- a/Sandboxie/msgs/Text-Italian-1040.txt
+++ b/Sandboxie/msgs/Text-Italian-1040.txt
@ -2232,7 +2232,7 @@ I file e le cartelle di rete sono normalmente visibili alle applicazioni present
 .
 3957;txt;01
-Per impedire alle applicazioni presenti nell'area virtuale di accedere a file e cartelle di rete, è possibile attivare questa impostazione. I file e le cartelle di rete possono essere aperti per le applicazioni dell'area virtuale, aggiungendoli sotto Accesso alle risorse -> Accesso ai file.
+Per impedire alle applicazioni presenti nell'area virtuale di accedere a file e cartelle di rete, è possibile attivare questa funzione. I file e le cartelle di rete possono essere aperti alle applicazioni dell'area virtuale nella sezione Accesso alle risorse -> Accesso ai file.
 .
 3958;txt;01
--- a/SandboxiePlus/MiscHelpers/Common/Finder.cpp
+++ b/SandboxiePlus/MiscHelpers/Common/Finder.cpp
@ -21,7 +21,7 @@ CFinder::CFinder(QObject* pFilterTarget, QWidget *parent, bool HighLightOption)
 :QWidget(parent)
 {
 	m_pSearchLayout = new QHBoxLayout();
-	m_pSearchLayout->setMargin(3);
+	m_pSearchLayout->setMargin(0);
 	m_pSearchLayout->setSpacing(3);
 	m_pSearchLayout->setAlignment(Qt::AlignLeft);
@ -29,8 +29,8 @@ CFinder::CFinder(QObject* pFilterTarget, QWidget *parent, bool HighLightOption)
 	m_pSearch->setMinimumWidth(150);
 	m_pSearch->setMaximumWidth(350);
 	m_pSearchLayout->addWidget(m_pSearch);
-	QObject::connect(m_pSearch, SIGNAL(textChanged(QString)), this, SLOT(OnUpdate()));
+	QObject::connect(m_pSearch, SIGNAL(textChanged(QString)), this, SLOT(OnText()));
-    //QObject::connect(m_pSearch, SIGNAL(returnPressed()), this, SLOT(_q_next()));
+    QObject::connect(m_pSearch, SIGNAL(returnPressed()), this, SLOT(OnReturn()));
 	m_pCaseSensitive = new QCheckBox(tr("Case Sensitive"));
 	m_pSearchLayout->addWidget(m_pCaseSensitive);
@ -48,6 +48,7 @@ CFinder::CFinder(QObject* pFilterTarget, QWidget *parent, bool HighLightOption)
 	if (HighLightOption)
 	{
 		m_pHighLight = new QCheckBox(tr("Highlight"));
 		m_pHighLight->setChecked(true);
 		m_pSearchLayout->addWidget(m_pHighLight);
 		connect(m_pHighLight, SIGNAL(stateChanged(int)), this, SLOT(OnUpdate()));
 	}
@ -67,7 +68,9 @@ CFinder::CFinder(QObject* pFilterTarget, QWidget *parent, bool HighLightOption)
 	setLayout(m_pSearchLayout);
-	setMaximumHeight(30);
+	setSizePolicy(QSizePolicy::Expanding, QSizePolicy::Fixed);
 	//setMaximumHeight(30);
 	hide();
@ -81,14 +84,34 @@ CFinder::CFinder(QObject* pFilterTarget, QWidget *parent, bool HighLightOption)
 	}
 	m_pSortProxy = qobject_cast<QSortFilterProxyModel*>(pFilterTarget);
-	if (pFilterTarget)
+	if (pFilterTarget) {
 		QObject::connect(this, SIGNAL(SetFilter(const QRegExp&, bool, int)), pFilterTarget, SLOT(SetFilter(const QRegExp&, bool, int)));
 		QObject::connect(this, SIGNAL(SelectNext()), pFilterTarget, SLOT(SelectNext()));
 	}
 	m_pTimer = new QTimer(this);
 	m_pTimer->setSingleShot(true);
 	m_pTimer->setInterval(500);
 	connect(m_pTimer, SIGNAL(timeout()), SLOT(OnUpdate()));
 	this->installEventFilter(this);
 }
 CFinder::~CFinder()
 {
 }
 bool CFinder::eventFilter(QObject* source, QEvent* event)
 {
 	if (event->type() == QEvent::KeyPress && ((QKeyEvent*)event)->key() == Qt::Key_Escape
 		&& ((QKeyEvent*)event)->modifiers() == Qt::NoModifier)
 	{
 		Close();
 		return true; // cancel event
 	}
 	return QWidget::eventFilter(source, event);
 }
 void CFinder::Open()
 {
@ -115,9 +138,23 @@ QRegExp CFinder::GetRegExp() const
 void CFinder::OnUpdate()
 {
 	m_pTimer->stop();
 	emit SetFilter(GetRegExp(), GetHighLight(), GetColumn());
 }
 void CFinder::OnText()
 {
 	m_pTimer->stop();
 	m_pTimer->start();
 }
 void CFinder::OnReturn()
 {
 	OnUpdate();
 	if (m_pHighLight->isChecked())
 		emit SelectNext();
 }
 void CFinder::Close()
 {
 	emit SetFilter(QRegExp());
--- a/SandboxiePlus/MiscHelpers/Common/Finder.h
+++ b/SandboxiePlus/MiscHelpers/Common/Finder.h
@ -18,12 +18,20 @@ public:
 signals:
 	void				SetFilter(const QRegExp& Exp, bool bHighLight = false, int Column = -1);
 	void				SelectNext();
 public slots:
 	void				Open();
 	void				OnUpdate();
 	void				Close();
 private slots:
 	void				OnUpdate();
 	void				OnText();
 	void				OnReturn();
 protected:
 	bool				eventFilter(QObject* source, QEvent* event);
 private:
 	QHBoxLayout*		m_pSearchLayout;
@ -35,4 +43,6 @@ private:
 	QCheckBox*			m_pHighLight;
 	QSortFilterProxyModel* m_pSortProxy;
 	QTimer*				m_pTimer;
 };
--- a/SandboxiePlus/MiscHelpers/Common/PanelView.h
+++ b/SandboxiePlus/MiscHelpers/Common/PanelView.h
@ -152,6 +152,8 @@ public:
 		m_pSortProxy->setDynamicSortFilter(true);
 		m_pTreeList->setModel(m_pSortProxy);
 		((CSortFilterProxyModel*)m_pSortProxy)->setView(m_pTreeList);
 		m_pTreeList->setSelectionMode(QAbstractItemView::ExtendedSelection);
 #ifdef WIN32
--- a/SandboxiePlus/MiscHelpers/Common/SortFilterProxyModel.h
+++ b/SandboxiePlus/MiscHelpers/Common/SortFilterProxyModel.h
@ -1,6 +1,8 @@
 #pragma once
 #include "../mischelpers_global.h"
 #include <QSortFilterProxyModel>
 #include <QTreeView>
 class MISCHELPERS_EXPORT CSortFilterProxyModel: public QSortFilterProxyModel
 {
@ -11,10 +13,17 @@ public:
 	{
 		m_bAlternate = bAlternate;
 		m_bHighLight = false;
 		m_iColumn = 0;
 		m_pView = NULL;
 		this->setSortCaseSensitivity(Qt::CaseInsensitive);
 	}
 	void setView(QTreeView* pView)
 	{
 		m_pView = pView;
 	}
 	bool filterAcceptsRow(int source_row, const QModelIndex & source_parent) const
 	{
 		if (m_bHighLight)
@ -73,12 +82,126 @@ public:
 public slots:
 	void SetFilter(const QRegExp& Exp, bool bHighLight = false, int Col = -1) // -1 = any
 	{
 		QModelIndex idx;
 		if (m_pView) idx = m_pView->currentIndex();
 		m_iColumn = Col;
 		m_bHighLight = bHighLight;
 		setFilterKeyColumn(Col); 
 		setFilterRegExp(Exp);
 		if (m_pView) m_pView->setCurrentIndex(idx);
 		if (m_bHighLight)
 			emit layoutChanged();
 	}
 	void SelectNext()
 	{
 		if (!m_pView)
 			return;
 		bool next = true;
 		QModelIndex idx = m_pView->currentIndex();
 		if (!(next = idx.isValid()))
 			idx = index(0, 0);
 		//if (QApplication::keyboardModifiers() & Qt::ControlModifier)
 		if (QApplication::keyboardModifiers() & Qt::ShiftModifier)
 			idx = FindPrev(idx, next);
 		else
 			idx = FindNext(idx, next);
 		if (idx.isValid())
 			m_pView->setCurrentIndex(idx);
 		else
 			QApplication::beep();
 	}
 protected:
 	bool		m_bAlternate;
 	bool		m_bHighLight;
 	int			m_iColumn;
 	QTreeView*	m_pView;
 	bool		MatchCell(QModelIndex idx, int column)
 	{
 		QModelIndex tmp = idx.sibling(idx.row(), column);
 		QString str = data(tmp, filterRole()).toString();
 		if (str.contains(filterRegExp()))
 			return true;
 		return false;
 	}
 	bool		MatchRow(QModelIndex idx)
 	{
 		if (m_iColumn != -1)
 			return MatchCell(idx, m_iColumn);
 		for(int col = 0; col < columnCount(idx); col++) {
 			if (MatchCell(idx, col))
 				return true;
 		}
 		return false;
 	}
 	QModelIndex	FindNext(QModelIndex idx, bool next = false)
 	{
 		if (MatchRow(idx) && !next)
 			return idx;
 		if (hasChildren(idx))
 		{
 			int numRows = rowCount(idx);
 			for (int count = 0; count < numRows; count++) {
 				QModelIndex tmp = FindNext(index(count, 0, idx));
 				if (tmp.isValid())
 					return tmp;
 			}
 		}
 		do {
 			QModelIndex par = parent(idx);
 			int numRows = rowCount(par);
 			for (int count = idx.row() + 1; count < numRows; count++) {
 				QModelIndex tmp = FindNext(index(count, 0, par));
 				if (tmp.isValid())
 					return tmp;
 			}
 			idx = par;
 		} while (idx.isValid());
 		return QModelIndex();
 	}
 	QModelIndex	FindPrev(QModelIndex idx, bool next = false)
 	{
 		if (MatchRow(idx) && !next)
 			return idx;
 		if (hasChildren(idx))
 		{
 			int numRows = rowCount(idx);
 			for (int count = numRows-1; count >= 0; count++) {
 				QModelIndex tmp = FindNext(index(count, 0, idx));
 				if (tmp.isValid())
 					return tmp;
 			}
 		}
 		do {
 			QModelIndex par = parent(idx);
 			int numRows = rowCount(par);
 			for (int count = idx.row() - 1; count >= 0; count--) {
 				QModelIndex tmp = FindNext(index(count, 0, par));
 				if (tmp.isValid())
 					return tmp;
 			}
 			idx = par;
 		} while (idx.isValid());
 		return QModelIndex();
 	}
 };
--- a/SandboxiePlus/QSbieAPI/QSbieAPI.pri
+++ b/SandboxiePlus/QSbieAPI/QSbieAPI.pri
@ -9,6 +9,7 @@ HEADERS += ./qsbieapi_global.h \
    ./SbieDefs.h \
    ./SbieUtils.h \
    ./SbieAPI.h \
    ./SbieTrace.h \
    ./SbieStatus.h \
    ./Sandboxie/BoxedProcess.h \
    ./Sandboxie/SandBox.h \
@ -19,6 +20,7 @@ HEADERS += ./qsbieapi_global.h \
 SOURCES += ./stdafx.cpp \
    ./SbieAPI.cpp \
    ./SbieTrace.cpp \
    ./SbieUtils.cpp \
    ./Sandboxie/BoxBorder.cpp \
    ./Sandboxie/BoxedProcess.cpp \
--- a/SandboxiePlus/QSbieAPI/QSbieAPI.qc.pro
+++ b/SandboxiePlus/QSbieAPI/QSbieAPI.qc.pro
@ -33,3 +33,6 @@ DEPENDPATH += .
 include(QSbieAPI.pri)
 win32:RC_FILE = QSbieAPI.rc
--- a/SandboxiePlus/QSbieAPI/QSbieAPI.rc
+++ b/SandboxiePlus/QSbieAPI/QSbieAPI.rc
@ -0,0 +1,68 @@
 // Microsoft Visual C++ generated resource script.
 //
 #include "resource.h"
 /////////////////////////////////////////////////////////////////////////////
 // German (Austria) resources
 #include "winres.h"
 #include "../version.h"
 #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_DEA)
 LANGUAGE LANG_GERMAN, SUBLANG_GERMAN_AUSTRIAN
 #pragma code_page(1252)
 /////////////////////////////////////////////////////////////////////////////
 //
 // Version
 //
 VS_VERSION_INFO VERSIONINFO
 FILEVERSION VERSION_BIN
 PRODUCTVERSION VERSION_BIN
 FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
 FILEFLAGS 0x1L
 #else
 FILEFLAGS 0x0L
 #endif
 FILEOS 0x40004L
 FILETYPE 0x1L
 FILESUBTYPE 0x0L
 BEGIN
    BLOCK "StringFileInfo"
    BEGIN
        BLOCK "0c0704b0"
        BEGIN
            VALUE "CompanyName", MY_COMPANY_NAME_STRING
            VALUE "FileDescription", "Sandboxie API for Qt"
            VALUE "FileVersion", VERSION_STR
            VALUE "InternalName", "QSbieAPI.dll"
            VALUE "LegalCopyright", MY_COPYRIGHT_STRING
            VALUE "OriginalFilename", "QSbieAPI.dll"
            VALUE "ProductName", MY_PRODUCT_NAME_STRING
            VALUE "ProductVersion", VERSION_STR
        END
    END
    BLOCK "VarFileInfo"
    BEGIN
        VALUE "Translation", 0xc07, 1200
    END
 END
 #endif    // German (Austria) resources
 /////////////////////////////////////////////////////////////////////////////
 #ifndef APSTUDIO_INVOKED
 /////////////////////////////////////////////////////////////////////////////
 //
 // Generated from the TEXTINCLUDE 3 resource.
 //
 /////////////////////////////////////////////////////////////////////////////
 #endif    // not APSTUDIO_INVOKED
--- a/SandboxiePlus/QSbieAPI/QSbieAPI.vcxproj
+++ b/SandboxiePlus/QSbieAPI/QSbieAPI.vcxproj
@ -196,6 +196,7 @@
    <ClCompile Include="Sandboxie\SbieIni.cpp" />
    <ClCompile Include="Sandboxie\SbieTemplates.cpp" />
    <ClCompile Include="SbieAPI.cpp" />
    <ClCompile Include="SbieTrace.cpp" />
    <ClCompile Include="SbieUtils.cpp" />
    <ClCompile Include="stdafx.cpp">
      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
@ -214,11 +215,16 @@
    <QtMoc Include="Sandboxie\SbieIni.h" />
    <QtMoc Include="Sandboxie\BoxBorder.h" />
    <QtMoc Include="Sandboxie\SbieTemplates.h" />
    <ClInclude Include="resource.h" />
    <ClInclude Include="SbieDefs.h" />
    <QtMoc Include="SbieStatus.h" />
    <ClInclude Include="SbieTrace.h" />
    <ClInclude Include="SbieUtils.h" />
    <ClInclude Include="stdafx.h" />
  </ItemGroup>
  <ItemGroup>
    <ResourceCompile Include="QSbieAPI.rc" />
  </ItemGroup>
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
  <ImportGroup Condition="Exists('$(QtMsBuild)\qt.targets')">
    <Import Project="$(QtMsBuild)\qt.targets" />
--- a/SandboxiePlus/QSbieAPI/QSbieAPI.vcxproj.filters
+++ b/SandboxiePlus/QSbieAPI/QSbieAPI.vcxproj.filters
@ -57,6 +57,9 @@
    <ClCompile Include="Helpers\NtIO.cpp">
      <Filter>Helpers</Filter>
    </ClCompile>
    <ClCompile Include="SbieTrace.cpp">
      <Filter>SbieAPI</Filter>
    </ClCompile>
  </ItemGroup>
  <ItemGroup>
    <ClInclude Include="stdafx.h">
@ -74,6 +77,12 @@
    <ClInclude Include="Helpers\NtIO.h">
      <Filter>Helpers</Filter>
    </ClInclude>
    <ClInclude Include="resource.h">
      <Filter>Resource Files</Filter>
    </ClInclude>
    <ClInclude Include="SbieTrace.h">
      <Filter>SbieAPI</Filter>
    </ClInclude>
  </ItemGroup>
  <ItemGroup>
    <ClInclude Include="qsbieapi_global.h">
@ -103,4 +112,9 @@
      <Filter>Sandboxie</Filter>
    </QtMoc>
  </ItemGroup>
  <ItemGroup>
    <ResourceCompile Include="QSbieAPI.rc">
      <Filter>Resource Files</Filter>
    </ResourceCompile>
  </ItemGroup>
 </Project>
--- a/SandboxiePlus/QSbieAPI/Sandboxie/SandBox.cpp
+++ b/SandboxiePlus/QSbieAPI/Sandboxie/SandBox.cpp
@ -81,7 +81,7 @@ CSandBox::CSandBox(const QString& BoxName, class CSbieAPI* pAPI) : CSbieIni(BoxN
 	if (cfglvl < 8)
 	{
 		// templates L8
-		InsertText("Template", "FileCppy");
+		InsertText("Template", "FileCopy");
 		InsertText("Template", "SkipHook");
 	}
@ -96,9 +96,9 @@ void CSandBox::UpdateDetails()
 {
 }
-SB_STATUS CSandBox::RunStart(const QString& Command)
+SB_STATUS CSandBox::RunStart(const QString& Command, bool Elevated)
 {
-	return m_pAPI->RunStart(m_Name, Command);
+	return m_pAPI->RunStart(m_Name, Command, NULL, Elevated);
 }
 SB_STATUS CSandBox::RunSandboxed(const QString& Command)
@ -111,7 +111,7 @@ SB_STATUS CSandBox::TerminateAll()
 	return m_pAPI->TerminateAll(m_Name);
 }
-bool CSandBox::IsEmpty()
+bool CSandBox::IsEmpty() const
 {
 	return !QDir(m_FilePath).exists();
 }
--- a/SandboxiePlus/QSbieAPI/Sandboxie/SandBox.h
+++ b/SandboxiePlus/QSbieAPI/Sandboxie/SandBox.h
@ -50,15 +50,15 @@ public:
 	virtual int						GetActiveProcessCount() const { return m_ActiveProcessCount; }
-	virtual SB_STATUS				RunStart(const QString& Command);
+	virtual SB_STATUS				RunStart(const QString& Command, bool Elevated = false);
 	virtual SB_STATUS				RunSandboxed(const QString& Command);
 	virtual SB_STATUS				TerminateAll();
 	virtual void					CloseBox() {}
-	virtual bool					IsEnabled() { return m_IsEnabled; }
+	virtual bool					IsEnabled() const  { return m_IsEnabled; }
-	virtual bool					IsEmpty();
+	virtual bool					IsEmpty() const;
 	virtual SB_PROGRESS				CleanBox();
 	virtual SB_STATUS				RenameBox(const QString& NewName);
 	virtual SB_STATUS				RemoveBox();
--- a/SandboxiePlus/QSbieAPI/SbieAPI.cpp
+++ b/SandboxiePlus/QSbieAPI/SbieAPI.cpp
@ -282,7 +282,7 @@ SB_STATUS CSbieAPI::Connect(bool withQueue)
 #ifndef _DEBUG
 	// Note: this lib is not using all functions hence it can be compatible with multiple driver ABI revisions
-	QStringList CompatVersions = QStringList () << "5.45.0" << "5.46.0";
+	QStringList CompatVersions = QStringList () << "5.48.0";
 	QString CurVersion = GetVersion();
 	if (!CompatVersions.contains(CurVersion))
 	{
@ -900,12 +900,12 @@ QString CSbieAPI::GetUserSection() const
 	return UserSection;
 }
-SB_STATUS CSbieAPI::RunStart(const QString& BoxName, const QString& Command, QProcess* pProcess)
+SB_STATUS CSbieAPI::RunStart(const QString& BoxName, const QString& Command, QProcess* pProcess, bool Elevated)
 {
 	if (m_SbiePath.isEmpty())
 		return SB_ERR(SB_PathFail);
-	QString StartCmd = "\"" + GetStartPath() + "\" /box:" + BoxName + " " + Command;
+	QString StartCmd = "\"" + GetStartPath() + "\"" + (Elevated ? " /elevated" : "" ) + " /box:" + BoxName + " " + Command;
 	if (pProcess)
 		pProcess->start(StartCmd);
 	else
@ -1864,6 +1864,8 @@ bool CSbieAPI::AreForceProcessDisabled()
 SB_STATUS CSbieAPI__MonitorControl(SSbieAPI* m, ULONG *NewState, ULONG *OldState)
 {
 	//ULONG Used = 0;
    __declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
    API_MONITOR_CONTROL_ARGS* args	= (API_MONITOR_CONTROL_ARGS*)parms;
@ -1871,10 +1873,14 @@ SB_STATUS CSbieAPI__MonitorControl(SSbieAPI* m, ULONG *NewState, ULONG *OldState
    args->func_code = API_MONITOR_CONTROL;
    args->set_flag.val = NewState;
    args->get_flag.val = OldState;
 	//args->get_used.val = &Used;
 	NTSTATUS status = m->IoControl(parms);
 	if (!NT_SUCCESS(status))
 		return SB_ERR(status);
 	//qDebug() << "used bytes" << (quint32)Used;
 	return SB_OK;
 }
@ -1896,7 +1902,8 @@ bool CSbieAPI::GetMonitor()
 	const int max_len = 1024;
 	USHORT type;
-	ULONG64 pid;
+	ULONG64 pid = 0;
 	ULONG64 tid = 0;
 	WCHAR data[max_len + 1] = { 0 };
 	ULONG RecordNum = m->lastRecordNum;
@ -1906,9 +1913,10 @@ bool CSbieAPI::GetMonitor()
 	memset(parms, 0, sizeof(parms));
    args->func_code	= API_MONITOR_GET_EX;
-	args->log_seq.val = &RecordNum;
+	args->log_seq.val = &RecordNum; // set this to NULL for record clearing
    args->log_type.val = &type;
 	args->log_pid.val = &pid;
 	args->log_tid.val = &tid;
    args->log_len.val = max_len * sizeof(WCHAR);
    args->log_ptr.val = data;
@ -1936,15 +1944,22 @@ bool CSbieAPI::GetMonitor()
 			return true;
 	}
-	CResLogEntryPtr LogEntry = CResLogEntryPtr(new CResLogEntry(pid, type, Data));
+	CTraceEntryPtr LogEntry = CTraceEntryPtr(new CTraceEntry(pid, tid, type, Data));
 	AddTraceEntry(LogEntry, true);
 	QWriteLocker Lock(&m_ResLogMutex); 
 	if (!m_ResLogList.isEmpty() && m_ResLogList.last()->Equals(LogEntry)) {
 		m_ResLogList.last()->Merge(LogEntry);
 	return true;
 }
-	m_ResLogList.append(LogEntry);
+
-	return true;
+void CSbieAPI::AddTraceEntry(const CTraceEntryPtr& LogEntry, bool bCanMerge)
 {
 	QWriteLocker Lock(&m_TraceMutex);
 	if (bCanMerge && !m_TraceList.isEmpty() && m_TraceList.last()->Equals(LogEntry)) {
 		m_TraceList.last()->Merge(LogEntry);
 		return;
 	}
 	m_TraceList.append(LogEntry);
 }
 ///////////////////////////////////////////////////////////////////////////////
@ -1961,105 +1976,3 @@ QString CSbieAPI::GetSbieMsgStr(quint32 code, quint32 Lang)
 	LocalFree(ret_str);
 	return qStr.trimmed(); // note messages may have \r\n at the end
 }
 ///////////////////////////////////////////////////////////////////////////////
 // 
 //
 QString ErrorString(qint32 err)
 {
 	QString Error;
 	HMODULE handle = NULL; //err < 0 ? GetModuleHandle(L"NTDLL.DLL") : NULL;
 	DWORD flags = 0; //err < 0 ? FORMAT_MESSAGE_FROM_HMODULE : 0;
 	LPTSTR s;
 	if (::FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | flags, handle, err, 0, (LPTSTR)&s, 0, NULL) > 0)
 	{
 		LPTSTR p = wcschr(s, L'\r');
 		if (p != NULL) *p = L'\0';
 		Error = QString::fromWCharArray(s);
 		::LocalFree(s);
 	} 
 	return Error;
 }
 CResLogEntry::CResLogEntry(quint32 ProcessId, quint32 Type, const QString& Value)
 {
 	m_ProcessId = ProcessId;
 	m_Name = Value;
 	m_Type.Flags = Type;
 	m_TimeStamp = QDateTime::currentDateTime(); // ms resolution
 	m_Counter = 0;
 	// if this is a set error, then get the actual error string
 	if (m_Type.Type == MONITOR_OTHER && Value.indexOf("SetError:") == 0)
 	{
 		auto tmp = Value.split(":");
 		if (tmp.length() >= 2)
 		{
 			qint32 errCode = tmp[1].trimmed().toInt();
 			QString Error = ErrorString(errCode);
 			if(!Error.isEmpty())
 			m_Name += " (" + Error + ")";
 		}
 	}
 	static atomic<quint64> uid = 0;
 	m_uid = uid.fetch_add(1);
 }
 QString CResLogEntry::GetTypeStr() const
 {
 	switch (m_Type.Type)
 	{
 	case MONITOR_SYSCALL:		return "SysCall";
 	case MONITOR_PIPE:			return "Pipe"; 
 	case MONITOR_IPC:			return "Ipc"; 
 	case MONITOR_WINCLASS:		return "WinClass"; 
 	case MONITOR_DRIVE:			return "Drive"; 
 	case MONITOR_COMCLASS:		return "ComClass"; 
 	case MONITOR_IGNORE:		return "Ignore"; 
 	case MONITOR_IMAGE:			return "Image"; 
 	case MONITOR_FILE:			return "File"; 
 	case MONITOR_KEY:			return "Key";
 	case MONITOR_OTHER:			return "Debug"; 
 	default:					return "Unknown: " + QString::number(m_Type.Type);
 	}
 }
 QString CResLogEntry::GetStautsStr() const
 {
 	QString Status;
 	if (m_Type.Open)
 		Status.append("Open ");
 	if (m_Type.Deny)
 		Status.append("Closed ");
 	if (m_Type.Trace)
 		Status.append("Trace ");
 	if (m_Counter > 1)
 		Status.append(QString("(%1)").arg(m_Counter));
 	return Status;
 }
 ///////////////////////////////////////////////////////////////////////////////
 // 
 //
 QString GetLastErrorAsString()
 {
 	DWORD errorMessageID = ::GetLastError();
 	if (errorMessageID == 0)
 		return QString();
 	char* messageBuffer = NULL;
 	FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
 		NULL, errorMessageID, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPSTR)&messageBuffer, 0, NULL);
 	QString message(messageBuffer);
 	LocalFree(messageBuffer);
 	return message;
 }
--- a/SandboxiePlus/QSbieAPI/SbieAPI.h
+++ b/SandboxiePlus/QSbieAPI/SbieAPI.h
@ -24,57 +24,11 @@
 #include "SbieStatus.h"
 #include "SbieTrace.h"
 #include "./Sandboxie/SandBox.h"
 #include "./Sandboxie/BoxedProcess.h"
 class QSBIEAPI_EXPORT CResLogEntry : public QSharedData
 {
 public:
 	CResLogEntry(quint32 ProcessId, quint32 Type, const QString& Value);
 	quint32				GetProcessId() const { return m_ProcessId; }
 	QDateTime			GetTimeStamp() const { return m_TimeStamp; }
 	quint16				GetType() const { return m_Type.Flags; }
 	QString				GetValue() const { return m_Name; }
 	QString				GetTypeStr() const;
 	QString				GetStautsStr() const;
 	int					GetCount() const { return m_Counter; }
 	bool				Equals(const QSharedDataPointer<CResLogEntry>& pOther) const {
 							return pOther->m_ProcessId == this->m_ProcessId
 								//&& pOther->m_Type.Flags == this->m_Type.Flags
 								&& pOther->m_Name == this->m_Name;
 						}
 	void				Merge(const QSharedDataPointer<CResLogEntry>& pOther) { m_Counter++; this->m_Type.Flags |= pOther->m_Type.Flags; }
 	quint64				GetUID() const { return m_uid; }
 protected:
 	QString m_Name;
 	quint32 m_ProcessId;
 	QDateTime m_TimeStamp;
 	union
 	{
 		quint16 Flags;
 		struct
 		{
 			quint16
 				Type : 12,
 				Open : 1,
 				Deny : 1,
 				Reserved : 1,
 				Trace : 1;
 		};
 	} m_Type;
 	int m_Counter;
 	quint64 m_uid;
 };
 typedef QSharedDataPointer<CResLogEntry> CResLogEntryPtr;
 class QSBIEAPI_EXPORT CSbieAPI : public QThread
 {
@ -153,13 +107,14 @@ public:
 	virtual SB_STATUS		EnableMonitor(bool Enable);
 	virtual bool			IsMonitoring();
-	virtual QList<CResLogEntryPtr> GetResLog() const { QReadLocker Lock(&m_ResLogMutex); return m_ResLogList; }
+	virtual void			AddTraceEntry(const CTraceEntryPtr& LogEntry, bool bCanMerge = false);
-	virtual void			ClearResLog() { QWriteLocker Lock(&m_ResLogMutex); m_ResLogList.clear(); }
+	virtual QList<CTraceEntryPtr> GetTrace() const { QReadLocker Lock(&m_TraceMutex); return m_TraceList; }
 	virtual void			ClearTrace() { QWriteLocker Lock(&m_TraceMutex); m_TraceList.clear(); }
 	// Other
 	virtual QString			GetSbieMsgStr(quint32 code, quint32 Lang = 1033);
-	virtual SB_STATUS		RunStart(const QString& BoxName, const QString& Command, QProcess* pProcess = NULL);
+	virtual SB_STATUS		RunStart(const QString& BoxName, const QString& Command, QProcess* pProcess = NULL, bool Elevated = false);
 	virtual QString			GetStartPath() const;
 	enum ESbieQueuedRequests
@ -225,8 +180,8 @@ protected:
 	QMap<QString, CSandBoxPtr> m_SandBoxes;
 	QMap<quint32, CBoxedProcessPtr> m_BoxedProxesses;
-	mutable QReadWriteLock	m_ResLogMutex;
+	mutable QReadWriteLock	m_TraceMutex;
-	QList<CResLogEntryPtr>	m_ResLogList;
+	QList<CTraceEntryPtr>	m_TraceList;
 	mutable QReadWriteLock	m_DriveLettersMutex;
 	QMap<QString, QString>	m_DriveLetters;
--- a/SandboxiePlus/QSbieAPI/SbieTrace.cpp
+++ b/SandboxiePlus/QSbieAPI/SbieTrace.cpp
@ -0,0 +1,151 @@
 /*
 *
 * Copyright (c) 2020, David Xanatos
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #include "stdafx.h"
 #include <QDebug>
 #include <QStandardPaths>
 #include "SbieTrace.h"
 #include <ntstatus.h>
 #define WIN32_NO_STATUS
 typedef long NTSTATUS;
 #include <windows.h>
 #include "SbieDefs.h"
 #include "..\..\Sandboxie\common\win32_ntddk.h"
 #include "..\..\Sandboxie\core\drv\api_defs.h"
 #include "..\..\Sandboxie\core\svc\msgids.h"
 #include "..\..\Sandboxie\core\svc\ProcessWire.h"
 #include "..\..\Sandboxie\core\svc\sbieiniwire.h"
 #include "..\..\Sandboxie\core\svc\QueueWire.h"
 #include "..\..\Sandboxie\core\svc\InteractiveWire.h"
 ///////////////////////////////////////////////////////////////////////////////
 // 
 //
 QString ErrorString(qint32 err)
 {
 	QString Error;
 	HMODULE handle = NULL; //err < 0 ? GetModuleHandle(L"NTDLL.DLL") : NULL;
 	DWORD flags = 0; //err < 0 ? FORMAT_MESSAGE_FROM_HMODULE : 0;
 	LPTSTR s;
 	if (::FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | flags, handle, err, 0, (LPTSTR)&s, 0, NULL) > 0)
 	{
 		LPTSTR p = wcschr(s, L'\r');
 		if (p != NULL) *p = L'\0';
 		Error = QString::fromWCharArray(s);
 		::LocalFree(s);
 	}
 	return Error;
 }
 CTraceEntry::CTraceEntry(quint32 ProcessId, quint32 ThreadId, quint32 Type, const QString& Message)
 {
 	m_ProcessId = ProcessId;
 	m_ThreadId = ThreadId;
 	m_Message = Message;
 	m_Type.Flags = Type;
 	m_TimeStamp = QDateTime::currentDateTime(); // ms resolution
 	static atomic<quint64> uid = 0;
 	m_uid = uid.fetch_add(1);
 	m_Counter = 0;
 	m_Message = m_Message.replace("\r", "").replace("\n", " ");
 	// if this is a set error, then get the actual error string
 	if (m_Type.Type == MONITOR_OTHER && Message.indexOf("SetError:") == 0)
 	{
 		auto tmp = Message.split(":");
 		if (tmp.length() >= 2)
 		{
 			QString temp = tmp[1].trimmed();
 			int endPos = temp.indexOf(QRegExp("[ \r\n]"));
 			if (endPos != -1)
 				temp.truncate(endPos);
 			qint32 errCode = temp.toInt();
 			QString Error = ErrorString(errCode);
 			if (!Error.isEmpty())
 				m_Message += " (" + Error + ")";
 		}
 	}
 }
 QString CTraceEntry::GetTypeStr() const
 {
 	switch (m_Type.Type)
 	{
 	case MONITOR_APICALL:		return "ApiCall";
 	case MONITOR_SYSCALL:		return "SysCall";
 	case MONITOR_PIPE:			return "Pipe";
 	case MONITOR_IPC:			return "Ipc";
 	case MONITOR_WINCLASS:		return "WinClass";
 	case MONITOR_DRIVE:			return "Drive";
 	case MONITOR_COMCLASS:		return "ComClass";
 	case MONITOR_IGNORE:		return "Ignore";
 	case MONITOR_IMAGE:			return "Image";
 	case MONITOR_FILE:			return "File";
 	case MONITOR_KEY:			return "Key";
 	case MONITOR_OTHER:			return "Debug";
 	default:					return "Unknown: " + QString::number(m_Type.Type);
 	}
 }
 QString CTraceEntry::GetStautsStr() const
 {
 	QString Status;
 	if (m_Type.Open)
 		Status.append("Open ");
 	if (m_Type.Deny)
 		Status.append("Closed ");
 	if (m_Type.Trace)
 		Status.append("Trace ");
 	if (m_Counter > 1)
 		Status.append(QString("(%1)").arg(m_Counter));
 	return Status;
 }
 ///////////////////////////////////////////////////////////////////////////////
 // 
 //
 QString GetLastErrorAsString()
 {
 	DWORD errorMessageID = ::GetLastError();
 	if (errorMessageID == 0)
 		return QString();
 	char* messageBuffer = NULL;
 	FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
 		NULL, errorMessageID, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPSTR)&messageBuffer, 0, NULL);
 	QString message(messageBuffer);
 	LocalFree(messageBuffer);
 	return message;
 }
--- a/SandboxiePlus/QSbieAPI/SbieTrace.h
+++ b/SandboxiePlus/QSbieAPI/SbieTrace.h
@ -0,0 +1,79 @@
 /*
 *
 * Copyright (c) 2020, David Xanatos
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #pragma once
 #include <QThread>
 #include "qsbieapi_global.h"
 #include "SbieStatus.h"
 #define MONITOR_APICALL				0x000A
 class QSBIEAPI_EXPORT CTraceEntry : public QSharedData
 {
 public:
 	CTraceEntry(quint32 ProcessId, quint32 ThreadId, quint32 Type, const QString& Message);
 	virtual QString		GetMessage() const { return m_Message; }
 	virtual quint32		GetProcessId() const { return m_ProcessId; }
 	virtual quint32		GetThreadId() const { return m_ThreadId; }
 	virtual QDateTime	GetTimeStamp() const { return m_TimeStamp; }
 	virtual quint16		GetType() const { return m_Type.Flags; }
 	virtual QString		GetTypeStr() const;
 	virtual QString		GetStautsStr() const;
 	virtual int			GetCount() const { return m_Counter; }
 	virtual bool		Equals(const QSharedDataPointer<CTraceEntry>& pOther) const {
 			return pOther->m_ProcessId == this->m_ProcessId && pOther->m_ThreadId == this->m_ThreadId
 			&& pOther->m_Message == this->m_Message;
 	}
 	virtual void		Merge(const QSharedDataPointer<CTraceEntry>& pOther) {
 		m_Counter++; this->m_Type.Flags |= pOther->m_Type.Flags;
 	}
 	quint64				GetUID() const { return m_uid; }
 protected:
 	QString m_Message;
 	quint32 m_ProcessId;
 	quint32 m_ThreadId;
 	QDateTime m_TimeStamp;
 	union
 	{
 		quint16 Flags;
 		struct
 		{
 			quint16
 				Type : 12,
 				Open : 1,
 				Deny : 1,
 				Reserved : 1,
 				Trace : 1;
 		};
 	} m_Type;
 	quint64 m_uid;
 	int m_Counter;
 };
 typedef QSharedDataPointer<CTraceEntry> CTraceEntryPtr;
--- a/SandboxiePlus/QSbieAPI/resource.h
+++ b/SandboxiePlus/QSbieAPI/resource.h
@ -0,0 +1,17 @@
 //{{NO_DEPENDENCIES}}
 // Microsoft Visual C++ generated include file.
 // Used by SandMan.rc
 //
 #define VS_VERSION_INFO                 1
 #define IDC_STATIC                      -1
 // Next default values for new objects
 // 
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NEXT_RESOURCE_VALUE        101
 #define _APS_NEXT_COMMAND_VALUE         40001
 #define _APS_NEXT_CONTROL_VALUE         1000
 #define _APS_NEXT_SYMED_VALUE           101
 #endif
 #endif
--- a/SandboxiePlus/SandMan/ApiLog.cpp
+++ b/SandboxiePlus/SandMan/ApiLog.cpp
@ -1,103 +0,0 @@
 #include "stdafx.h"
 #include "ApiLog.h"
 #include <Windows.h>
 CApiLogEntry::CApiLogEntry(quint64 ProcessId, const QString& Message)
 {
 	m_ProcessId = ProcessId;
 	m_Message = Message;
 	m_TimeStamp = QDateTime::currentDateTime(); // ms resolution
 	static atomic<quint64> uid = 0;
 	m_uid = uid.fetch_add(1);
 }
 ///////////////////////////////////////////////////////////////////////////////
 // 
 //
 CApiLog::CApiLog(QObject* parent) : QThread(parent)
 {
 	m_pServer = NULL;
 	start();
 }
 CApiLog::~CApiLog()
 {
 	quit();
 	if (!wait(10 * 1000))
 		terminate();
 }
 void CApiLog::run()
 {
 	qDebug() << "LogAPI server started";
 	m_pServer = new CApiLogServer();
 	QThread::run(); // run messge loop
 	m_pServer->deleteLater();
 	qDebug() << "LogAPI server stopped";
 }
 /////////////////////////////////////////////////////////////////////////////////////
 //
 CApiLogServer::CApiLogServer()
 {
 	m_pServer = new QLocalServer(this);
 	m_pServer->setSocketOptions(QLocalServer::WorldAccessOption);
 	if (!m_pServer->listen("LogAPI")) {
 		qDebug() << "Not able to open Server Pipe";
 		return;
 	}
 	connect(m_pServer, SIGNAL(newConnection()), this, SLOT(OnPipe()));
 	m_pApiLog = qobject_cast<CApiLog*>(thread());
 }
 void CApiLogServer::OnPipe()
 {
 	QLocalSocket *pSocket = m_pServer->nextPendingConnection();
 	connect(pSocket, SIGNAL(readyRead()), this, SLOT(OnData()));
 	connect(pSocket, SIGNAL(disconnected()), this, SLOT(OnClose()));
 	ULONG ClientProcessId = 0;
 	GetNamedPipeClientProcessId((HANDLE)pSocket->socketDescriptor(), &ClientProcessId);
 	m_pClients.insert(pSocket, new SApiLog(ClientProcessId));
 }
 void CApiLogServer::OnData()
 {
 	QLocalSocket* pSocket = qobject_cast<QLocalSocket*>(sender());
 	SApiLog* ApiLog = m_pClients.value(pSocket);
 	if (!ApiLog)
 		return;
 	ApiLog->Buffer.append(pSocket->readAll());
 	for (;;)
 	{
 		int endPos = ApiLog->Buffer.indexOf('\0');
 		if (endPos == -1)
 			break;
 		CApiLogEntryPtr LogEntry = CApiLogEntryPtr(new CApiLogEntry(ApiLog->ProcessId, QString(ApiLog->Buffer.data())));
 		ApiLog->Buffer.remove(0, endPos + 1);
 		QWriteLocker Lock(&m_pApiLog->m_ApiLogMutex);
 		m_pApiLog->m_ApiLogList.append(LogEntry);
 	}
 }
 void CApiLogServer::OnClose()
 {
 	QLocalSocket* pSocket = qobject_cast<QLocalSocket*>(sender());
 	delete m_pClients.take(pSocket);
 	pSocket->deleteLater();
 }
--- a/SandboxiePlus/SandMan/ApiLog.h
+++ b/SandboxiePlus/SandMan/ApiLog.h
@ -1,74 +0,0 @@
 #pragma once
 class CApiLogEntry : public QSharedData
 {
 public:
 	CApiLogEntry(quint64 ProcessId, const QString& Message);
 	quint64				GetProcessId() const { return m_ProcessId; }
 	QDateTime			GetTimeStamp() const { return m_TimeStamp; }
 	QString				GetMessage() const { return m_Message; }
 	quint64				GetUID() const { return m_uid; }
 protected:
 	quint64 m_ProcessId;
 	QDateTime m_TimeStamp;
 	QString m_Message;
 	quint64 m_uid;
 };
 typedef QSharedDataPointer<CApiLogEntry> CApiLogEntryPtr;
 class CApiLog : public QThread
 {
 	Q_OBJECT
 public:
 	CApiLog(QObject* parent = 0);
 	virtual ~CApiLog();
 	virtual QList<CApiLogEntryPtr> GetApiLog() const { QReadLocker Lock(&m_ApiLogMutex); return m_ApiLogList; }
 	virtual void		ClearApiLog() { QWriteLocker Lock(&m_ApiLogMutex); m_ApiLogList.clear(); }
 protected:
 	friend class CApiLogServer;
 	virtual void		run();
 	mutable QReadWriteLock	m_ApiLogMutex;
 	QList<CApiLogEntryPtr>	m_ApiLogList;
 	CApiLogServer*		m_pServer;
 };
 /////////////////////////////////////////////////////////////////////////////////////
 //
 class CApiLogServer : public QObject
 {
 	Q_OBJECT
 protected:
 	CApiLogServer();
 public slots:
 	void				OnPipe();
 	void				OnData();
 	void				OnClose();
 protected:
 	friend class CApiLog;
 	struct SApiLog
 	{
 		SApiLog(quint64 pid) { ProcessId = pid; }
 		QByteArray Buffer;
 		quint64 ProcessId;
 	};
 	QLocalServer*       m_pServer;
 	QMap<QLocalSocket*, SApiLog*> m_pClients;
 	CApiLog*			m_pApiLog;
 };
--- a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
+++ b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
@ -6,7 +6,7 @@
   <rect>
    <x>0</x>
    <y>0</y>
-    <width>622</width>
+    <width>682</width>
    <height>473</height>
   </rect>
  </property>
@ -45,7 +45,7 @@
        <enum>QTabWidget::West</enum>
       </property>
       <property name="currentIndex">
-        <number>8</number>
+        <number>0</number>
       </property>
       <widget class="QWidget" name="tabGeneral">
        <attribute name="title">
@ -1637,40 +1637,6 @@ Note:  Forced Programs and Force Folders settings for a sandbox do not apply to
              <layout class="QGridLayout" name="gridLayout_34">
               <item row="0" column="0">
                <layout class="QGridLayout" name="gridLayout_32">
                 <item row="10" column="2">
                  <spacer name="horizontalSpacer">
                   <property name="orientation">
                    <enum>Qt::Horizontal</enum>
                   </property>
                   <property name="sizeHint" stdset="0">
                    <size>
                     <width>40</width>
                     <height>20</height>
                    </size>
                   </property>
                  </spacer>
                 </item>
                 <item row="7" column="1">
                  <widget class="QCheckBox" name="chkGuiTrace">
                   <property name="text">
                    <string>GUI Trace</string>
                   </property>
                  </widget>
                 </item>
                 <item row="6" column="1">
                  <widget class="QCheckBox" name="chkIpcTrace">
                   <property name="text">
                    <string>IPC Trace</string>
                   </property>
                  </widget>
                 </item>
                 <item row="4" column="1">
                  <widget class="QCheckBox" name="chkPipeTrace">
                   <property name="text">
                    <string>Pipe Trace</string>
                   </property>
                  </widget>
                 </item>
                 <item row="2" column="0">
                  <widget class="QLabel" name="label_19">
                   <property name="font">
@ -1684,14 +1650,14 @@ Note:  Forced Programs and Force Folders settings for a sandbox do not apply to
                   </property>
                  </widget>
                 </item>
-                 <item row="9" column="1" colspan="2">
+                 <item row="10" column="2" colspan="2">
-                  <widget class="QCheckBox" name="chkDbgTrace">
+                  <widget class="QCheckBox" name="chkErrTrace">
                   <property name="text">
-                    <string>Log Debug Output to the Trace Log</string>
+                    <string>Log all SetError's to Trace log</string>
                   </property>
                  </widget>
                 </item>
-                 <item row="10" column="1">
+                 <item row="11" column="1">
                  <spacer name="verticalSpacer_2">
                   <property name="orientation">
                    <enum>Qt::Vertical</enum>
@ -1704,21 +1670,35 @@ Note:  Forced Programs and Force Folders settings for a sandbox do not apply to
                   </property>
                  </spacer>
                 </item>
-                 <item row="3" column="1">
+                 <item row="8" column="3">
                  <widget class="QLabel" name="label_28">
                   <property name="text">
                    <string>&lt;- for this one the above does not apply</string>
                   </property>
                  </widget>
                 </item>
                 <item row="9" column="1" colspan="3">
                  <widget class="QCheckBox" name="chkDbgTrace">
                   <property name="text">
                    <string>Log Debug Output to the Trace Log</string>
                   </property>
                  </widget>
                 </item>
                 <item row="3" column="1" colspan="2">
                  <widget class="QCheckBox" name="chkFileTrace">
                   <property name="text">
                    <string>File Trace</string>
                   </property>
                  </widget>
                 </item>
-                 <item row="5" column="1">
+                 <item row="5" column="1" colspan="2">
                  <widget class="QCheckBox" name="chkKeyTrace">
                   <property name="text">
                    <string>Key Trace</string>
                   </property>
                  </widget>
                 </item>
-                 <item row="3" column="2" rowspan="5">
+                 <item row="3" column="3" rowspan="5">
                  <widget class="QLabel" name="label_26">
                   <property name="text">
                    <string>Log all access events as seen by the driver to the resource access log.
@ -1738,20 +1718,60 @@ instead of &quot;*&quot;.</string>
                   </property>
                  </widget>
                 </item>
-                 <item row="8" column="1">
+                 <item row="7" column="1" colspan="2">
                  <widget class="QCheckBox" name="chkGuiTrace">
                   <property name="text">
                    <string>GUI Trace</string>
                   </property>
                  </widget>
                 </item>
                 <item row="6" column="1" colspan="2">
                  <widget class="QCheckBox" name="chkIpcTrace">
                   <property name="text">
                    <string>IPC Trace</string>
                   </property>
                  </widget>
                 </item>
                 <item row="8" column="1" colspan="2">
                  <widget class="QCheckBox" name="chkComTrace">
                   <property name="text">
                    <string>COM Class Trace</string>
                   </property>
                  </widget>
                 </item>
-                 <item row="8" column="2">
+                 <item row="4" column="1" colspan="2">
-                  <widget class="QLabel" name="label_28">
+                  <widget class="QCheckBox" name="chkPipeTrace">
                   <property name="text">
-                    <string>&lt;- for this one the above does not apply</string>
+                    <string>Pipe Trace</string>
                   </property>
                  </widget>
                 </item>
                 <item row="11" column="4">
                  <spacer name="horizontalSpacer_3">
                   <property name="orientation">
                    <enum>Qt::Horizontal</enum>
                   </property>
                   <property name="sizeHint" stdset="0">
                    <size>
                     <width>40</width>
                     <height>20</height>
                    </size>
                   </property>
                  </spacer>
                 </item>
                 <item row="11" column="2" colspan="2">
                  <spacer name="horizontalSpacer">
                   <property name="orientation">
                    <enum>Qt::Horizontal</enum>
                   </property>
                   <property name="sizeHint" stdset="0">
                    <size>
                     <width>40</width>
                     <height>20</height>
                    </size>
                   </property>
                  </spacer>
                 </item>
                </layout>
               </item>
              </layout>
--- a/SandboxiePlus/SandMan/Models/ApiMonModel.cpp
+++ b/SandboxiePlus/SandMan/Models/ApiMonModel.cpp
@ -1,144 +0,0 @@
 #include "stdafx.h"
 #include "ApiMonModel.h"
 #include "../MiscHelpers/Common/Common.h"
 CApiMonModel::CApiMonModel(QObject *parent)
 :CListItemModel(parent)
 {
 }
 CApiMonModel::~CApiMonModel()
 {
 }
 void CApiMonModel::Sync(const QList<CApiLogEntryPtr>& List, QSet<quint64> PIDs)
 {
 	QList<SListNode*> New;
 	QHash<QVariant, SListNode*> Old = m_Map;
 	int i = 0;
 	if (List.count() >= m_List.count() && m_List.count() > 0)
 	{
 		i = m_List.count() - 1;
 		if (m_List.at(i)->ID == List.at(i)->GetUID())
 		{
 			i++;
 			Old.clear();
 		}
 		else
 			i = 0;
 	}
 	for (; i < List.count(); i++)
 	{
 		CApiLogEntryPtr pEntry = List.at(i);
 		QVariant ID = pEntry->GetUID();
 		if (!PIDs.isEmpty() && !PIDs.contains(pEntry->GetProcessId()))
 			continue;
 		int Row = -1;
 		QHash<QVariant, SListNode*>::iterator I = Old.find(ID);
 		SApiLogNode* pNode = I != Old.end() ? static_cast<SApiLogNode*>(I.value()) : NULL;
 		if(!pNode)
 		{
 			pNode = static_cast<SApiLogNode*>(MkNode(ID));
 			pNode->Values.resize(columnCount());
 			pNode->pEntry = pEntry;
 			New.append(pNode);
 		}
 		else
 		{
 			I.value() = NULL;
 			Row = GetRow(pNode);
 		}
 		int Col = 0;
 		bool State = false;
 		int Changed = 0;
 		/*int RowColor = CTaskExplorer::eNone;
 		if (pGDI->IsMarkedForRemoval() && CTaskExplorer::UseListColor(CTaskExplorer::eToBeRemoved))		RowColor = CTaskExplorer::eToBeRemoved;
 		else if (pGDI->IsNewlyCreated() && CTaskExplorer::UseListColor(CTaskExplorer::eAdded))			RowColor = CTaskExplorer::eAdded;
 		if (pNode->iColor != RowColor) {
 			pNode->iColor = RowColor;
 			pNode->Color = CTaskExplorer::GetListColor(RowColor);
 			Changed = 2;
 		}*/
 		for(int section = 0; section < columnCount(); section++)
 		{
 			if (!m_Columns.contains(section))
 				continue; // ignore columns which are hidden
 			QVariant Value;
 			switch(section)
 			{
 				case eProcess:			Value = pEntry->GetProcessId(); break;
 				case eTimeStamp:		Value = pEntry->GetTimeStamp(); break;
 				case eMessage:			Value = pEntry->GetMessage(); break;
 			}
 			SApiLogNode::SValue& ColValue = pNode->Values[section];
 			if (ColValue.Raw != Value)
 			{
 				if(Changed == 0)
 					Changed = 1;
 				ColValue.Raw = Value;
 				switch (section)
 				{
 					case eProcess:			ColValue.Formated = QString::number(pEntry->GetProcessId()); break;
 					case eTimeStamp:		ColValue.Formated = pEntry->GetTimeStamp().toString("hh:mm:ss.zzz"); break;
 					//case eType:			ColValue.Formated = ; break;
 					//case eValue:			ColValue.Formated = ; break;
 				}
 			}
 			if(State != (Changed != 0))
 			{
 				if(State && Row != -1)
 					emit dataChanged(createIndex(Row, Col), createIndex(Row, section-1));
 				State = (Changed != 0);
 				Col = section;
 			}
 			if(Changed == 1)
 				Changed = 0;
 		}
 		if(State && Row != -1)
 			emit dataChanged(createIndex(Row, Col, pNode), createIndex(Row, columnCount()-1, pNode));
 	}
 	CListItemModel::Sync(New, Old);
 }
 CApiLogEntryPtr CApiMonModel::GetEntry(const QModelIndex &index) const
 {
 	if (!index.isValid())
        return CApiLogEntryPtr();
 	SApiLogNode* pNode = static_cast<SApiLogNode*>(index.internalPointer());
 	return pNode->pEntry;
 }
 int CApiMonModel::columnCount(const QModelIndex &parent) const
 {
 	return eCount;
 }
 QVariant CApiMonModel::headerData(int section, Qt::Orientation orientation, int role) const
 {
    if (orientation == Qt::Horizontal && role == Qt::DisplayRole)
 	{
 		switch(section)
 		{
 			case eProcess:			return tr("Process");
 			case eTimeStamp:		return tr("Time Stamp");
 			case eMessage:			return tr("Message");
 		}
 	}
    return QVariant();
 }
--- a/SandboxiePlus/SandMan/Models/ApiMonModel.h
+++ b/SandboxiePlus/SandMan/Models/ApiMonModel.h
@ -1,40 +0,0 @@
 #pragma once
 #include <qwidget.h>
 #include "../ApiLog.h"
 #include "../../MiscHelpers/Common/ListItemModel.h"
 class CApiMonModel : public CListItemModel
 {
    Q_OBJECT
 public:
    CApiMonModel(QObject *parent = 0);
 	~CApiMonModel();
 	void			Sync(const QList<CApiLogEntryPtr>& List, QSet<quint64> PIDs);
 	CApiLogEntryPtr	GetEntry(const QModelIndex &index) const;
    int				columnCount(const QModelIndex &parent = QModelIndex()) const;
    QVariant		headerData(int section, Qt::Orientation orientation, int role = Qt::DisplayRole) const;
 	enum EColumns
 	{
 		eProcess = 0,
 		eTimeStamp,
 		eMessage,
 		eCount
 	};
 protected:
 	struct SApiLogNode: SListNode
 	{
 		SApiLogNode(const QVariant& Id) : SListNode(Id), iColor(0) {}
 		CApiLogEntryPtr		pEntry;
 		int					iColor;
 	};
 	virtual SListNode* MkNode(const QVariant& Id) { return new SApiLogNode(Id); }
 };
--- a/SandboxiePlus/SandMan/Models/ResMonModel.cpp
+++ b/SandboxiePlus/SandMan/Models/ResMonModel.cpp
@ -12,7 +12,8 @@ CResMonModel::~CResMonModel()
 {
 }
-void CResMonModel::Sync(const QList<CResLogEntryPtr>& List, QSet<quint64> PIDs)
+//void CResMonModel::Sync(const QList<CTraceEntryPtr>& List, QSet<quint64> PIDs)
 void CResMonModel::Sync(const QList<CTraceEntryPtr>& List)
 {
 	QList<SListNode*> New;
 	QHash<QVariant, SListNode*> Old = m_Map;
@ -32,19 +33,19 @@ void CResMonModel::Sync(const QList<CResLogEntryPtr>& List, QSet<quint64> PIDs)
 	for(; i < List.count(); i++)
 	{
-		CResLogEntryPtr pEntry = List.at(i);
+		CTraceEntryPtr pEntry = List.at(i);
 		QVariant ID = pEntry->GetUID();
-		if (!PIDs.isEmpty() && !PIDs.contains(pEntry->GetProcessId()))
+		//if (!PIDs.isEmpty() && !PIDs.contains(pEntry->GetProcessId()))
-			continue;
+		//	continue;
 		int Row = -1;
 		QHash<QVariant, SListNode*>::iterator I = Old.find(ID);
-		SResLogNode* pNode = I != Old.end() ? static_cast<SResLogNode*>(I.value()) : NULL;
+		STraceNode* pNode = I != Old.end() ? static_cast<STraceNode*>(I.value()) : NULL;
 		if(!pNode)
 		{
-			pNode = static_cast<SResLogNode*>(MkNode(ID));
+			pNode = static_cast<STraceNode*>(MkNode(ID));
 			pNode->Values.resize(columnCount());
 			pNode->pEntry = pEntry;
 			New.append(pNode);
@ -78,13 +79,13 @@ void CResMonModel::Sync(const QList<CResLogEntryPtr>& List, QSet<quint64> PIDs)
 			switch(section)
 			{
 				case eProcess:			Value = pEntry->GetProcessId(); break;
-				case eTimeStamp:		Value = pEntry->GetTimeStamp(); break;
+				case eTimeStamp:		Value = pEntry->GetUID(); break;
 				case eType:				Value = pEntry->GetTypeStr(); break;
 				case eStatus:			Value = pEntry->GetStautsStr(); break;
-				case eValue:			Value = pEntry->GetValue(); break;
+				case eValue:			Value = pEntry->GetMessage(); break;
 			}
-			SResLogNode::SValue& ColValue = pNode->Values[section];
+			STraceNode::SValue& ColValue = pNode->Values[section];
 			if (ColValue.Raw != Value)
 			{
@ -97,7 +98,7 @@ void CResMonModel::Sync(const QList<CResLogEntryPtr>& List, QSet<quint64> PIDs)
 					case eProcess:			
 					{
 						CBoxedProcessPtr pProcess = theAPI->GetProcessById(pEntry->GetProcessId());
-						ColValue.Formated = QString("%1 (%2)").arg(pProcess.isNull() ? tr("Unknown") : pProcess->GetProcessName()).arg(pEntry->GetProcessId());
+						ColValue.Formated = QString("%1 (%2, %3)").arg(pProcess.isNull() ? tr("Unknown") : pProcess->GetProcessName()).arg(pEntry->GetProcessId()).arg(pEntry->GetThreadId());
 						break;
 					}
 					case eTimeStamp:		ColValue.Formated = pEntry->GetTimeStamp().toString("hh:mm:ss.zzz"); break;
@ -124,12 +125,12 @@ void CResMonModel::Sync(const QList<CResLogEntryPtr>& List, QSet<quint64> PIDs)
 	CListItemModel::Sync(New, Old);
 }
-CResLogEntryPtr CResMonModel::GetEntry(const QModelIndex &index) const
+CTraceEntryPtr CResMonModel::GetEntry(const QModelIndex &index) const
 {
 	if (!index.isValid())
-        return CResLogEntryPtr();
+        return CTraceEntryPtr();
-	SResLogNode* pNode = static_cast<SResLogNode*>(index.internalPointer());
+	STraceNode* pNode = static_cast<STraceNode*>(index.internalPointer());
 	return pNode->pEntry;
 }
--- a/SandboxiePlus/SandMan/Models/ResMonModel.h
+++ b/SandboxiePlus/SandMan/Models/ResMonModel.h
@ -11,9 +11,10 @@ public:
    CResMonModel(QObject *parent = 0);
 	~CResMonModel();
-	void			Sync(const QList<CResLogEntryPtr>& List, QSet<quint64> PIDs);
+	//void			Sync(const QList<CTraceEntryPtr>& List, QSet<quint64> PIDs);
 	void			Sync(const QList<CTraceEntryPtr>& List);
-	CResLogEntryPtr	GetEntry(const QModelIndex &index) const;
+	CTraceEntryPtr	GetEntry(const QModelIndex &index) const;
    int				columnCount(const QModelIndex &parent = QModelIndex()) const;
    QVariant		headerData(int section, Qt::Orientation orientation, int role = Qt::DisplayRole) const;
@ -29,14 +30,14 @@ public:
 	};
 protected:
-	struct SResLogNode: SListNode
+	struct STraceNode: SListNode
 	{
-		SResLogNode(const QVariant& Id) : SListNode(Id), iColor(0) {}
+		STraceNode(const QVariant& Id) : SListNode(Id), iColor(0) {}
-		CResLogEntryPtr		pEntry;
+		CTraceEntryPtr		pEntry;
 		int					iColor;
 	};
-	virtual SListNode* MkNode(const QVariant& Id) { return new SResLogNode(Id); }
+	virtual SListNode* MkNode(const QVariant& Id) { return new STraceNode(Id); }
 };
--- a/SandboxiePlus/SandMan/Models/SbieModel.cpp
+++ b/SandboxiePlus/SandMan/Models/SbieModel.cpp
@ -86,17 +86,21 @@ QString CSbieModel::FindParent(const QVariant& Name, const QMap<QString, QString
 	return QString();
 }
-QList<QVariant>	CSbieModel::MakeBoxPath(const QVariant& Name, const QMap<QString, QStringList>& Groups)
+void CSbieModel::MakeBoxPath(const QVariant& Name, const QMap<QString, QStringList>& Groups, QList<QVariant>& Path)
 {
 	QString ParentID = FindParent(Name, Groups);
-	QList<QVariant> Path;
+	if (!ParentID.isEmpty() && ParentID != Name && !Path.contains(ParentID))
 	if (!ParentID.isEmpty() && ParentID != Name 
 	 && !Groups.value(CSbieModel__RemoveGroupMark(Name.toString())).contains(CSbieModel__RemoveGroupMark(ParentID)))
 	{
-		Path = MakeBoxPath(ParentID, Groups);
+		Path.prepend(ParentID);
-		Path.append(ParentID);
+		MakeBoxPath(ParentID, Groups, Path);
 	}
 }
 QList<QVariant>	CSbieModel::MakeBoxPath(const QVariant& Name, const QMap<QString, QStringList>& Groups)
 {
 	QList<QVariant> Path;
 	MakeBoxPath(Name, Groups, Path);
 	return Path;
 }
--- a/SandboxiePlus/SandMan/Models/SbieModel.h
+++ b/SandboxiePlus/SandMan/Models/SbieModel.h
@ -63,6 +63,7 @@ protected:
 	QString					FindParent(const QVariant& Name, const QMap<QString, QStringList>& Groups);
 	QList<QVariant>			MakeBoxPath(const QVariant& Name, const QMap<QString, QStringList>& Groups);
 	void					MakeBoxPath(const QVariant& Name, const QMap<QString, QStringList>& Groups, QList<QVariant>& Path);
 	//virtual QVariant		GetDefaultIcon() const;
--- a/SandboxiePlus/SandMan/SandMan.cpp
+++ b/SandboxiePlus/SandMan/SandMan.cpp
@ -6,7 +6,7 @@
 #include "Views/SbieView.h"
 #include "../MiscHelpers/Common/CheckableMessageBox.h"
 #include <QWinEventNotifier>
-#include "ApiLog.h"
+//#include "ApiLog.h"
 #include "./Dialogs/MultiErrorDialog.h"
 #include "../QSbieAPI/SbieUtils.h"
 #include "../QSbieAPI/Sandboxie/BoxBorder.h"
@ -89,6 +89,10 @@ CSandMan::CSandMan(QWidget *parent)
 	theGUI = this;
 	const char version[] = VERSION_STR;
 	QDesktopServices::setUrlHandler("http", this, "OpenUrl");
 	QDesktopServices::setUrlHandler("https", this, "OpenUrl");
 	QDesktopServices::setUrlHandler("sbie", this, "OpenUrl");
@ -117,7 +121,7 @@ CSandMan::CSandMan(QWidget *parent)
 	m_SbieTemplates = new CSbieTemplates(theAPI, this);
-	m_ApiLog = NULL;
+	//m_ApiLog = NULL;
 	m_bConnectPending = false;
 	m_bStopPending = false;
@ -184,17 +188,17 @@ CSandMan::CSandMan(QWidget *parent)
 	//
 	// Api Log
-	m_pApiMonModel = new CApiMonModel();
+	//m_pApiMonModel = new CApiMonModel();
-	//m_pApiMonModel->SetUseIcons(true);
+	////m_pApiMonModel->SetUseIcons(true);
-
+	//
-	m_pApiCallLog = new CPanelViewEx(m_pApiMonModel);
+	//m_pApiCallLog = new CPanelViewEx(m_pApiMonModel);
-
+	//
-	//m_pApiCallLog->GetView()->setItemDelegate(theGUI->GetItemDelegate());
+	////m_pApiCallLog->GetView()->setItemDelegate(theGUI->GetItemDelegate());
-
+	//
-	m_pApiCallLog->GetView()->setSelectionMode(QAbstractItemView::ExtendedSelection);
+	//m_pApiCallLog->GetView()->setSelectionMode(QAbstractItemView::ExtendedSelection);
-
+	//
-	m_pLogTabs->addTab(m_pApiCallLog, tr("Api Call Log"));
+	//m_pLogTabs->addTab(m_pApiCallLog, tr("Api Call Log"));
-	m_pApiCallLog->setEnabled(false);
+	//m_pApiCallLog->setEnabled(false);
 	//
@ -315,11 +319,11 @@ void CSandMan::LoadState()
 		((QTreeViewEx*)m_pResourceLog->GetView())->OnResetColumns();
 	else
 		((QTreeViewEx*)m_pResourceLog->GetView())->restoreState(Columns);
-	Columns = theConf->GetBlob("MainWindow/ApiLogList_Columns");
+	//Columns = theConf->GetBlob("MainWindow/ApiLogList_Columns");
-	if (!Columns.isEmpty())
+	//if (!Columns.isEmpty())
-		((QTreeViewEx*)m_pApiCallLog->GetView())->OnResetColumns();
+	//	((QTreeViewEx*)m_pApiCallLog->GetView())->OnResetColumns();
-	else
+	//else
-		((QTreeViewEx*)m_pApiCallLog->GetView())->restoreState(Columns);
+	//	((QTreeViewEx*)m_pApiCallLog->GetView())->restoreState(Columns);
 	m_pLogSplitter->restoreState(theConf->GetBlob("MainWindow/Log_Splitter"));
 	m_pPanelSplitter->restoreState(theConf->GetBlob("MainWindow/Panel_Splitter"));
 	m_pLogTabs->setCurrentIndex(theConf->GetInt("MainWindow/LogTab", 0));
@ -331,7 +335,7 @@ void CSandMan::StoreState()
 	//theConf->SetBlob("MainWindow/BoxTree_Columns", m_pBoxTree->saveState());
 	theConf->SetBlob("MainWindow/LogList_Columns", m_pMessageLog->GetView()->header()->saveState());
 	theConf->SetBlob("MainWindow/ResMonList_Columns", m_pResourceLog->GetView()->header()->saveState());
-	theConf->SetBlob("MainWindow/ApiLogList_Columns", m_pApiCallLog->GetView()->header()->saveState());
+	//theConf->SetBlob("MainWindow/ApiLogList_Columns", m_pApiCallLog->GetView()->header()->saveState());
 	theConf->SetBlob("MainWindow/Log_Splitter", m_pLogSplitter->saveState());
 	theConf->SetBlob("MainWindow/Panel_Splitter", m_pPanelSplitter->saveState());
 	theConf->SetValue("MainWindow/LogTab", m_pLogTabs->currentIndex());
@ -399,8 +403,9 @@ void CSandMan::CreateMenus()
 			m_pCleanUpProcesses = m_pCleanUpMenu->addAction(tr("Cleanup Processes"), this, SLOT(OnCleanUp()));
 			m_pCleanUpMenu->addSeparator();
 			m_pCleanUpMsgLog = m_pCleanUpMenu->addAction(tr("Cleanup Message Log"), this, SLOT(OnCleanUp()));
-			m_pCleanUpResLog = m_pCleanUpMenu->addAction(tr("Cleanup Resource Log"), this, SLOT(OnCleanUp()));
+			m_pCleanUpTrace = m_pCleanUpMenu->addAction(tr("Cleanup Trace Log"), this, SLOT(OnCleanUp()));
-			m_pCleanUpApiLog = m_pCleanUpMenu->addAction(tr("Cleanup Api Call Log"), this, SLOT(OnCleanUp()));
+			//m_pCleanUpTrace = m_pCleanUpMenu->addAction(tr("Cleanup Resource Log"), this, SLOT(OnCleanUp()));
 			//m_pCleanUpApiLog = m_pCleanUpMenu->addAction(tr("Cleanup Api Call Log"), this, SLOT(OnCleanUp()));
 		m_pKeepTerminated = m_pMenuView->addAction(CSandMan::GetIcon("Keep"), tr("Keep terminated"), this, SLOT(OnSetKeep()));
 		m_pKeepTerminated->setCheckable(true);
@ -415,8 +420,8 @@ void CSandMan::CreateMenus()
 		m_pEnableMonitoring = m_pMenuOptions->addAction(CSandMan::GetIcon("SetLogging"), tr("Resource Logging"), this, SLOT(OnSetMonitoring()));
 		m_pEnableMonitoring->setCheckable(true);
 		m_pMenuOptions->addSeparator();
-		m_pEnableLogging = m_pMenuOptions->addAction(CSandMan::GetIcon("LogAPI"), tr("API Call Logging"), this, SLOT(OnSetLogging()));
+		//m_pEnableLogging = m_pMenuOptions->addAction(CSandMan::GetIcon("LogAPI"), tr("API Call Logging"), this, SLOT(OnSetLogging()));
-		m_pEnableLogging->setCheckable(true);
+		//m_pEnableLogging->setCheckable(true);
 	m_pMenuHelp = menuBar()->addMenu(tr("&Help"));
@ -459,7 +464,7 @@ void CSandMan::CreateToolBar()
 	m_pToolBar->addAction(m_pEditIni);
 	m_pToolBar->addSeparator();
 	m_pToolBar->addAction(m_pEnableMonitoring);
-	m_pToolBar->addAction(m_pEnableLogging);
+	//m_pToolBar->addAction(m_pEnableLogging);
 	m_pToolBar->addSeparator();
@ -611,6 +616,8 @@ void CSandMan::timerEvent(QTimerEvent* pEvent)
 	if (pEvent->timerId() != m_uTimerID)
 		return;
 	bool bForceProcessDisabled = false;
 	if (theAPI->IsConnected())
 	{
 		SB_STATUS Status = theAPI->ReloadBoxes();
@ -622,14 +629,20 @@ void CSandMan::timerEvent(QTimerEvent* pEvent)
 		theAPI->UpdateProcesses(m_pKeepTerminated->isChecked());
-		m_pDisableForce->setChecked(theAPI->AreForceProcessDisabled());
+		bForceProcessDisabled = theAPI->AreForceProcessDisabled();
-		m_pDisableForce2->setChecked(theAPI->AreForceProcessDisabled());
+		m_pDisableForce->setChecked(bForceProcessDisabled);
 		m_pDisableForce2->setChecked(bForceProcessDisabled);
 		bool bIsMonitoring = theAPI->IsMonitoring();
 		m_pResourceLog->setEnabled(bIsMonitoring);
 		m_pEnableMonitoring->setChecked(bIsMonitoring);
 	}
-	if (m_bIconEmpty != (theAPI->TotalProcesses() == 0) || m_bIconDisabled != theAPI->AreForceProcessDisabled())
+	if (m_bIconEmpty != (theAPI->TotalProcesses() == 0) || m_bIconDisabled != bForceProcessDisabled)
 	{
 		m_bIconEmpty = (theAPI->TotalProcesses() == 0);
-		m_bIconDisabled = theAPI->AreForceProcessDisabled();
+		m_bIconDisabled = bForceProcessDisabled;
 		QString IconFile = ":/SandMan";
 		if (m_bIconEmpty)
@ -755,17 +768,18 @@ void CSandMan::OnSelectionChanged()
 			Processes.append(pBox->GetProcessList().values());
 	}*/
-	QSet<quint64> Pids;
+	//QSet<quint64> Pids;
-	foreach(const CBoxedProcessPtr& pProcess, Processes)
+	//foreach(const CBoxedProcessPtr& pProcess, Processes)
-		Pids.insert(pProcess->GetProcessId());
+	//	Pids.insert(pProcess->GetProcessId());
-	QList<CResLogEntryPtr> ResourceLog = theAPI->GetResLog();
+	QList<CTraceEntryPtr> ResourceLog = theAPI->GetTrace();
-	m_pResMonModel->Sync(ResourceLog, Pids);
+	//m_pResMonModel->Sync(ResourceLog, Pids);
 	m_pResMonModel->Sync(ResourceLog);
-	if (m_ApiLog) {
+	//if (m_ApiLog) {
-		QList<CApiLogEntryPtr> ApiCallLog = m_ApiLog->GetApiLog();
+	//	QList<CApiLogEntryPtr> ApiCallLog = m_ApiLog->GetApiLog();
-		m_pApiMonModel->Sync(ApiCallLog, Pids);
+	//	m_pApiMonModel->Sync(ApiCallLog, Pids);
-	}
+	//}
 }
 void CSandMan::OnStatusChanged()
@ -850,7 +864,7 @@ void CSandMan::OnStatusChanged()
 	m_pEditIni->setEnabled(isConnected);
 	m_pReloadIni->setEnabled(isConnected);
 	m_pEnableMonitoring->setEnabled(isConnected);
-	m_pEnableLogging->setEnabled(isConnected);
+	//m_pEnableLogging->setEnabled(isConnected);
 }
 void CSandMan::OnMenuHover(QAction* action)
@ -1148,10 +1162,6 @@ SB_STATUS CSandMan::ConnectSbieImpl()
 	if (!Status)
 		return Status;
 	bool bIsMonitoring = theAPI->IsMonitoring();
 	m_pResourceLog->setEnabled(bIsMonitoring);
 	m_pEnableMonitoring->setChecked(bIsMonitoring);
 	return SB_OK;
 }
@ -1275,11 +1285,11 @@ void CSandMan::OnCleanUp()
 	if (sender() == m_pCleanUpMsgLog || sender() == m_pCleanUpButton)
 		m_pMessageLog->GetTree()->clear();
-	if (sender() == m_pCleanUpResLog || sender() == m_pCleanUpButton)
+	if (sender() == m_pCleanUpTrace || sender() == m_pCleanUpButton)
-		theAPI->ClearResLog();
+		theAPI->ClearTrace();
-	if (sender() == m_pCleanUpApiLog || sender() == m_pCleanUpButton)
+	//if (sender() == m_pCleanUpApiLog || sender() == m_pCleanUpButton)
-		if(m_ApiLog) m_ApiLog->ClearApiLog();
+	//	if(m_ApiLog) m_ApiLog->ClearApiLog();
 	if (sender() == m_pCleanUpProcesses || sender() == m_pCleanUpButton)
 		theAPI->UpdateProcesses(false);
@ -1335,7 +1345,7 @@ void CSandMan::OnResetMsgs()
 		theConf->SetValue("Options/CheckForUpdates", 2);
 		theConf->SetValue("Options/NoEditInfo", true);
-		theConf->SetValue("Options/ApiLogInfo", true);
+		//theConf->SetValue("Options/ApiLogInfo", true);
 		theConf->SetValue("Options/BoxedExplorerInfo", true);
 		theConf->SetValue("Options/ExplorerInfo", true);
@ -1415,40 +1425,40 @@ void CSandMan::OnSetMonitoring()
 	m_pResourceLog->setEnabled(m_pEnableMonitoring->isChecked());
 }
-void CSandMan::OnSetLogging()
+//void CSandMan::OnSetLogging()
-{
+//{
-	if (m_pEnableLogging->isChecked())
+//	if (m_pEnableLogging->isChecked())
-	{
+//	{
-		if (theConf->GetBool("Options/ApiLogInfo", true))
+//		if (theConf->GetBool("Options/ApiLogInfo", true))
-		{
+//		{
-			QString Message = tr("To use API logging you must first set up the LogApiDll from https://github.com/sandboxie-plus/LogApiDll with one or more sandboxes.\n"
+//			QString Message = tr("To use API logging you must first set up the LogApiDll from https://github.com/sandboxie-plus/LogApiDll with one or more sandboxes.\n"
-				"Please download the latest release and set it up with the Sandboxie.ini as instructed in the README.md of the project.");
+//				"Please download the latest release and set it up with the Sandboxie.ini as instructed in the README.md of the project.");
-
+//
-			bool State = false;
+//			bool State = false;
-			CCheckableMessageBox::question(this, "Sandboxie-Plus", Message
+//			CCheckableMessageBox::question(this, "Sandboxie-Plus", Message
-				, tr("Don't show this message again."), &State, QDialogButtonBox::Ok, QDialogButtonBox::Ok, QMessageBox::Information);
+//				, tr("Don't show this message again."), &State, QDialogButtonBox::Ok, QDialogButtonBox::Ok, QMessageBox::Information);
-
+//
-			if (State)
+//			if (State)
-				theConf->SetValue("Options/ApiLogInfo", false);
+//				theConf->SetValue("Options/ApiLogInfo", false);
-		}
+//		}
-
+//
-		if (!m_pToolBar->isVisible())
+//		if (!m_pToolBar->isVisible())
-			m_pLogTabs->show();
+//			m_pLogTabs->show();
-
+//
-		if (!m_ApiLog) {
+//		if (!m_ApiLog) {
-			m_ApiLog = new CApiLog();
+//			m_ApiLog = new CApiLog();
-			m_pApiCallLog->setEnabled(true);
+//			//m_pApiCallLog->setEnabled(true);
-		}
+//		}
-	}
+//	}
-	else
+//	else
-	{
+//	{
-		if (m_ApiLog) {
+//		if (m_ApiLog) {
-			m_pApiCallLog->setEnabled(false);
+//			//m_pApiCallLog->setEnabled(false);
-			m_ApiLog->deleteLater();
+//			m_ApiLog->deleteLater();
-			m_ApiLog = NULL;
+//			m_ApiLog = NULL;
-		}
+//		}
-	}
+//	}
-}
+//}
 void CSandMan::AddAsyncOp(const CSbieProgressPtr& pProgress)
 {
@ -1993,7 +2003,7 @@ void CSandMan::LoadLanguage()
 		m_LanguageId = LocaleNameToLCID(Lang.toStdWString().c_str(), 0);
 		QString LangAux = Lang; // Short version as fallback
-		LangAux.truncate(LangAux.lastIndexOf('_'));
+		LangAux.truncate(LangAux.lastIndexOf('-'));
 		QString LangPath = QApplication::applicationDirPath() + "/translations/sandman_";
 		bool bAux = false;
--- a/SandboxiePlus/SandMan/SandMan.h
+++ b/SandboxiePlus/SandMan/SandMan.h
@ -8,21 +8,18 @@
 #include "../MiscHelpers/Common/ProgressDialog.h"
 #include "../MiscHelpers/Common/NetworkAccessManager.h"
 #include "Models/ResMonModel.h"
-#include "Models/ApiMonModel.h"
+//#include "Models/ApiMonModel.h"
 #include <QTranslator>
 #include "Windows/PopUpWindow.h"
-#define VERSION_MJR		0
+#include "../version.h"
 #define VERSION_MIN 	6
 #define VERSION_REV 	7
 #define VERSION_UPD 	0
 //#include "../QSbieAPI/SbieAPI.h"
 #include "SbiePlusAPI.h"
 class CSbieView;
-class CApiLog;
+//class CApiLog;
 class CBoxBorder;
 class CSbieTemplates;
@ -70,7 +67,7 @@ protected:
 	CBoxBorder*			m_pBoxBorder;
 	CSbieTemplates*		m_SbieTemplates;
-	CApiLog*			m_ApiLog;
+	//CApiLog*			m_ApiLog;
 	QMap<CSbieProgress*, CSbieProgressPtr> m_pAsyncProgress;
@ -132,7 +129,7 @@ private slots:
 	void				OnEditIni();
 	void				OnReloadIni();
 	void				OnSetMonitoring();
-	void				OnSetLogging();
+	//void				OnSetLogging();
 	void				OnExit();
 	void				OnHelp();
@ -171,8 +168,8 @@ private:
 	CPanelWidgetEx*		m_pMessageLog;
 	CPanelViewEx*		m_pResourceLog;
 	CResMonModel*		m_pResMonModel;
-	CPanelViewEx*		m_pApiCallLog;
+	//CPanelViewEx*		m_pApiCallLog;
-	CApiMonModel*		m_pApiMonModel;
+	//CApiMonModel*		m_pApiMonModel;
 	QMenu*				m_pMenuFile;
@ -204,8 +201,8 @@ private:
 	QMenu*				m_pCleanUpMenu;
 	QAction*			m_pCleanUpProcesses;
 	QAction*			m_pCleanUpMsgLog;
-	QAction*			m_pCleanUpResLog;
+	QAction*			m_pCleanUpTrace;
-	QAction*			m_pCleanUpApiLog;
+	//QAction*			m_pCleanUpApiLog;
 	QToolButton*		m_pCleanUpButton;
 	QAction*			m_pKeepTerminated;
@ -215,7 +212,7 @@ private:
 	QAction*			m_pEditIni;
 	QAction*			m_pReloadIni;
 	QAction*			m_pEnableMonitoring;
-	QAction*			m_pEnableLogging;
+	//QAction*			m_pEnableLogging;
 	QMenu*				m_pMenuHelp;
 	QAction*			m_pSupport;
--- a/SandboxiePlus/SandMan/SandMan.pri
+++ b/SandboxiePlus/SandMan/SandMan.pri
@ -5,11 +5,9 @@
 HEADERS += ./stdafx.h \
    ./SandMan.h \
    ./ApiLog.h \
    ./SbiePlusAPI.h \
    ./Models/SbieModel.h \
    ./Models/ResMonModel.h \
    ./Models/ApiMonModel.h \
    ./Views/SbieView.h \
    ./Dialogs/MultiErrorDialog.h \
    ./Helpers/FindTool.h \
@ -23,10 +21,8 @@ HEADERS += ./stdafx.h \
 SOURCES += ./main.cpp \
    ./stdafx.cpp \
    ./ApiLog.cpp \
    ./SandMan.cpp \
    ./SbiePlusAPI.cpp \
    ./Models/ApiMonModel.cpp \
    ./Models/ResMonModel.cpp \
    ./Models/SbieModel.cpp \
    ./Views/SbieView.cpp \
@ -48,11 +44,12 @@ FORMS += ./Forms/NewBoxWindow.ui \
    ./Forms/SettingsWindow.ui \
    ./Forms/SnapshotsWindow.ui
-TRANSLATIONS += ./sandman_de.ts \
+TRANSLATIONS += sandman_de.ts \
-    ./sandman_pt.ts \
+    sandman_pt.ts \
-    ./sandman_ru.ts \
+    sandman_ru.ts \
-    ./sandman_tr.ts \
+    sandman_pl.ts \
-    ./sandman_zh.ts \
+    sandman_tr.ts \
-    ./sandman_zh-TW.ts
+    sandman_zh-CN.ts \
    sandman_zh-TW.ts
 RESOURCES += Resources/SandMan.qrc
--- a/SandboxiePlus/SandMan/SandMan.qc.pro
+++ b/SandboxiePlus/SandMan/SandMan.qc.pro
@ -34,12 +34,7 @@ RCC_DIR += .
 include(SandMan.pri)
 win32:RC_FILE = SandMan.rc
-TRANSLATIONS += sandman_de.ts \
+
    sandman_pt.ts \
    sandman_ru.ts \
    sandman_pl.ts \
    sandman_tr.ts \
    sandman_zh.ts \
    sandman_zh-TW.ts
--- a/SandboxiePlus/SandMan/SandMan.rc
+++ b/SandboxiePlus/SandMan/SandMan.rc
@ -6,6 +6,8 @@
 #include "winres.h"
 #include "../version.h"
 #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_DEA)
 LANGUAGE LANG_GERMAN, SUBLANG_GERMAN_AUSTRIAN
 #pragma code_page(1252)
@ -69,8 +71,8 @@ FINDER_CURSOR           CURSOR                  "./resources/finder.cur"
 //
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 0,6,5,0
+ FILEVERSION VERSION_BIN
- PRODUCTVERSION 0,6,5,0
+ PRODUCTVERSION VERSION_BIN
 FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
 FILEFLAGS 0x1L
@ -85,14 +87,14 @@ BEGIN
    BEGIN
        BLOCK "0c0704b0"
        BEGIN
-            //VALUE "CompanyName", "xanasoft.net"
+            VALUE "CompanyName", MY_COMPANY_NAME_STRING
            VALUE "FileDescription", "SandBox Manager"
-            VALUE "FileVersion", "0.6.5.0"
+            VALUE "FileVersion", VERSION_STR
            VALUE "InternalName", "SandMan.exe"
-            VALUE "LegalCopyright", "Copyright (C) 2020-2021 by David Xanatos (xanasoft.com)"
+            VALUE "LegalCopyright", MY_COPYRIGHT_STRING
            VALUE "OriginalFilename", "SandMan.exe"
-            VALUE "ProductName", "SandBox Manager"
+            VALUE "ProductName", MY_PRODUCT_NAME_STRING
-            VALUE "ProductVersion", "0.6.5.0"
+            VALUE "ProductVersion", VERSION_STR
        END
    END
    BLOCK "VarFileInfo"
--- a/SandboxiePlus/SandMan/SandMan.vcxproj
+++ b/SandboxiePlus/SandMan/SandMan.vcxproj
@ -195,13 +195,11 @@
    </Link>
  </ItemDefinitionGroup>
  <ItemGroup>
    <ClCompile Include="ApiLog.cpp" />
    <ClCompile Include="Dialogs\MultiErrorDialog.cpp" />
    <ClCompile Include="Helpers\FindTool.cpp" />
    <ClCompile Include="Helpers\WinAdmin.cpp" />
    <ClCompile Include="Helpers\WindowFromPointEx.cpp" />
    <ClCompile Include="main.cpp" />
    <ClCompile Include="Models\ApiMonModel.cpp" />
    <ClCompile Include="Models\ResMonModel.cpp" />
    <ClCompile Include="Models\SbieModel.cpp" />
    <ClCompile Include="SandMan.cpp" />
@ -231,9 +229,7 @@
    <QtMoc Include="SandMan.h" />
    <QtMoc Include="Models\SbieModel.h" />
    <QtMoc Include="Models\ResMonModel.h" />
    <QtMoc Include="ApiLog.h" />
    <QtMoc Include="Dialogs\MultiErrorDialog.h" />
    <QtMoc Include="Models\ApiMonModel.h" />
    <ClInclude Include="Helpers\FindTool.h" />
    <ClInclude Include="Helpers\WinAdmin.h" />
    <ClInclude Include="resource.h" />
@ -264,7 +260,7 @@
    <None Include="sandman_ru.ts" />
    <None Include="sandman_tr.ts" />
    <None Include="sandman_zh-TW.ts" />
-    <None Include="sandman_zh.ts" />
+    <None Include="sandman_zh-CN.ts" />
  </ItemGroup>
  <ItemGroup>
    <ResourceCompile Include="SandMan.rc" />
--- a/SandboxiePlus/SandMan/SandMan.vcxproj.filters
+++ b/SandboxiePlus/SandMan/SandMan.vcxproj.filters
@ -66,18 +66,12 @@
    <ClCompile Include="Models\ResMonModel.cpp">
      <Filter>Models</Filter>
    </ClCompile>
    <ClCompile Include="ApiLog.cpp">
      <Filter>SandMan</Filter>
    </ClCompile>
    <ClCompile Include="Dialogs\MultiErrorDialog.cpp">
      <Filter>Dialogs</Filter>
    </ClCompile>
    <ClCompile Include="SbiePlusAPI.cpp">
      <Filter>SandMan</Filter>
    </ClCompile>
    <ClCompile Include="Models\ApiMonModel.cpp">
      <Filter>Models</Filter>
    </ClCompile>
    <ClCompile Include="Helpers\WinAdmin.cpp">
      <Filter>Helpers</Filter>
    </ClCompile>
@ -133,18 +127,12 @@
    <QtMoc Include="Models\ResMonModel.h">
      <Filter>Models</Filter>
    </QtMoc>
    <QtMoc Include="ApiLog.h">
      <Filter>SandMan</Filter>
    </QtMoc>
    <QtMoc Include="Dialogs\MultiErrorDialog.h">
      <Filter>Dialogs</Filter>
    </QtMoc>
    <QtMoc Include="SbiePlusAPI.h">
      <Filter>SandMan</Filter>
    </QtMoc>
    <QtMoc Include="Models\ApiMonModel.h">
      <Filter>Models</Filter>
    </QtMoc>
    <QtMoc Include="Windows\OptionsWindow.h">
      <Filter>Windows</Filter>
    </QtMoc>
@ -210,9 +198,6 @@
    <None Include="sandman_ru.ts">
      <Filter>Translation Files</Filter>
    </None>
    <None Include="sandman_zh.ts">
      <Filter>Translation Files</Filter>
    </None>
    <None Include="Resources\finder.cur">
      <Filter>Resource Files</Filter>
    </None>
@ -225,6 +210,9 @@
    <None Include="sandman_pl.ts">
      <Filter>Translation Files</Filter>
    </None>
    <None Include="sandman_zh-CN.ts">
      <Filter>Translation Files</Filter>
    </None>
  </ItemGroup>
  <ItemGroup>
    <ResourceCompile Include="SandMan.rc">
--- a/SandboxiePlus/SandMan/SbiePlusAPI.cpp
+++ b/SandboxiePlus/SandMan/SbiePlusAPI.cpp
@ -89,7 +89,16 @@ CSandBoxPlus::~CSandBoxPlus()
 void CSandBoxPlus::UpdateDetails()
 {
-	m_bLogApiFound = GetTextList("OpenPipePath", false).contains("\\Device\\NamedPipe\\LogAPI");
+	//m_bLogApiFound = GetTextList("OpenPipePath", false).contains("\\Device\\NamedPipe\\LogAPI");
 	m_bLogApiFound = false;
 	QStringList InjectDlls = GetTextList("InjectDll", false);
 	foreach(const QString & InjectDll, InjectDlls)
 	{
 		if (InjectDll.contains("logapi", Qt::CaseInsensitive)) {
 			m_bLogApiFound = true;
 			break;
 		}
 	}
 	m_bINetBlocked = false;
 	foreach(const QString& Entry, GetTextList("ClosedFilePath", false))
@ -132,6 +141,9 @@ QString CSandBoxPlus::GetStatusStr() const
 	QStringList Status;
 	if (IsEmpty())
 		Status.append(tr("Empty"));
 	if (m_iUnsecureDebugging == 1)
 		Status.append(tr("NOT SECURE (Debug Config)"));
 	else if (m_iUnsecureDebugging == 2)
@ -168,13 +180,13 @@ void CSandBoxPlus::SetLogApi(bool bEnable)
 {
 	if (bEnable)
 	{
-		InsertText("OpenPipePath", "\\Device\\NamedPipe\\LogAPI");
+		//InsertText("OpenPipePath", "\\Device\\NamedPipe\\LogAPI");
 		InsertText("InjectDll", "\\LogAPI\\logapi32.dll");
 		InsertText("InjectDll64", "\\LogAPI\\logapi64.dll");
 	}
 	else
 	{
-		DelValue("OpenPipePath", "\\Device\\NamedPipe\\LogAPI");
+		//DelValue("OpenPipePath", "\\Device\\NamedPipe\\LogAPI");
 		DelValue("InjectDll", "\\LogAPI\\logapi32.dll");
 		DelValue("InjectDll64", "\\LogAPI\\logapi64.dll");
 	}
--- a/SandboxiePlus/SandMan/Views/SbieView.cpp
+++ b/SandboxiePlus/SandMan/Views/SbieView.cpp
@ -39,6 +39,7 @@ CSbieView::CSbieView(QWidget* parent) : CPanelView(parent)
 	//m_pSbieTree->setItemDelegate(theGUI->GetItemDelegate());
 	m_pSbieTree->setModel(m_pSortProxy);
 	((CSortFilterProxyModel*)m_pSortProxy)->setView(m_pSbieTree);
 	m_pSbieTree->setSelectionMode(QAbstractItemView::ExtendedSelection);
 	m_pSbieTree->setSortingEnabled(true);
@ -71,6 +72,7 @@ CSbieView::CSbieView(QWidget* parent) : CPanelView(parent)
 		m_pMenuRunMailer = m_pMenuRun->addAction(CSandMan::GetIcon("Email"), tr("Run eMail Client"), this, SLOT(OnSandBoxAction()));
 		m_pMenuRunExplorer = m_pMenuRun->addAction(CSandMan::GetIcon("Explore"), tr("Run Explorer"), this, SLOT(OnSandBoxAction()));
 		m_pMenuRunCmd = m_pMenuRun->addAction(CSandMan::GetIcon("Cmd"), tr("Run Cmd.exe"), this, SLOT(OnSandBoxAction()));
 		m_pMenuRunCmdAdmin = m_pMenuRun->addAction(CSandMan::GetIcon("Cmd"), tr("Run Cmd.exe as Admin"), this, SLOT(OnSandBoxAction()));
 		m_pMenuRun->addSeparator();
 		m_iMenuRun = m_pMenuRun->actions().count();
 	m_pMenuEmptyBox = m_pMenu->addAction(CSandMan::GetIcon("EmptyAll"), tr("Terminate All Programs"), this, SLOT(OnSandBoxAction()));
@ -377,6 +379,26 @@ QString CSbieView__SerializeGroup(QMap<QString, QStringList>& m_Groups, const QS
 	return Grouping.join(",");
 }
 QString CSbieView::FindParent(const QString& Name)
 {
 	for (auto I = m_Groups.begin(); I != m_Groups.end(); ++I)
 	{
 		if (I.value().contains(Name, Qt::CaseInsensitive))
 			return I.key();
 	}
 	return QString();
 }
 bool CSbieView::IsParentOf(const QString& Name, const QString& Group)
 {
 	QString Parent = FindParent(Group);
 	if (Parent == Name)
 		return true;
 	if (Parent.isEmpty())
 		return false;
 	return IsParentOf(Name, Parent);
 }
 void CSbieView::OnGroupAction()
 {
 	QAction* Action = qobject_cast<QAction*>(sender());
@ -453,7 +475,7 @@ void CSbieView::OnGroupAction()
 			if (Name.isEmpty())
 				continue;
-			if (Name == Group || m_Groups.value(Name).contains(Group)) {
+			if (Name == Group || IsParentOf(Name, Group)) {
 				QMessageBox("Sandboxie-Plus", tr("A group can not be its own parent."), QMessageBox::Critical, QMessageBox::Ok, QMessageBox::NoButton, QMessageBox::NoButton, this).exec();
 				continue;
 			}
@ -528,6 +550,8 @@ void CSbieView::OnSandBoxAction()
 	}
 	else if (Action == m_pMenuRunCmd)
 		Results.append(SandBoxes.first()->RunStart("cmd.exe"));
 	else if (Action == m_pMenuRunCmdAdmin)
 		Results.append(SandBoxes.first()->RunStart("cmd.exe", true));
 	else if (Action == m_pMenuPresetsLogApi)
 		SandBoxes.first().objectCast<CSandBoxPlus>()->SetLogApi(m_pMenuPresetsLogApi->isChecked());
 	else if (Action == m_pMenuPresetsINet)
--- a/SandboxiePlus/SandMan/Views/SbieView.h
+++ b/SandboxiePlus/SandMan/Views/SbieView.h
@ -51,6 +51,9 @@ private:
 	void					UpdateGroupMenu();
 	QString					FindParent(const QString& Name);
 	bool					IsParentOf(const QString& Name, const QString& Group);
 	QVBoxLayout*			m_pMainLayout;
 	QTreeViewEx*			m_pSbieTree;
@ -68,6 +71,7 @@ private:
 	QAction*				m_pMenuRunMailer;
 	QAction*				m_pMenuRunExplorer;
 	QAction*				m_pMenuRunCmd;
 	QAction*				m_pMenuRunCmdAdmin;
 	QAction*				m_pMenuMkLink;
 	QMenu*					m_pMenuPresets;
 	QAction*				m_pMenuPresetsLogApi;
--- a/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp
+++ b/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp
@ -276,6 +276,7 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
 	connect(ui.chkGuiTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
 	connect(ui.chkComTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
 	connect(ui.chkDbgTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
 	connect(ui.chkErrTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
 	connect(ui.btnAddAutoExec, SIGNAL(clicked(bool)), this, SLOT(OnAddAutoExec()));
 	connect(ui.btnDelAutoExec, SIGNAL(clicked(bool)), this, SLOT(OnDelAutoExec()));
@ -512,6 +513,7 @@ void COptionsWindow::LoadConfig()
 		ReadAdvancedCheck("GuiTrace", ui.chkGuiTrace, "*");
 		ReadAdvancedCheck("ClsidTrace", ui.chkComTrace, "*");
 		ui.chkDbgTrace->setChecked(m_pBox->GetBool("DebugTrace", false));
 		ui.chkErrTrace->setChecked(m_pBox->GetBool("ErrorTrace", false));
 		ui.chkHideOtherBoxes->setChecked(m_pBox->GetBool("HideOtherBoxes", false));
 		QStringList Processes = m_pBox->GetTextList("HideHostProcess", m_Template);
@ -679,6 +681,7 @@ void COptionsWindow::SaveConfig()
 		WriteAdvancedCheck(ui.chkGuiTrace, "GuiTrace", "*");
 		WriteAdvancedCheck(ui.chkComTrace, "ClsidTrace", "*");
 		WriteAdvancedCheck(ui.chkDbgTrace, "DebugTrace", "y");
 		WriteAdvancedCheck(ui.chkErrTrace, "ErrorTrace", "y");
 		WriteAdvancedCheck(ui.chkHideOtherBoxes, "HideOtherBoxes");
--- a/SandboxiePlus/SandMan/sandman_de.ts
+++ b/SandboxiePlus/SandMan/sandman_de.ts
--- a/SandboxiePlus/SandMan/sandman_pl.ts
+++ b/SandboxiePlus/SandMan/sandman_pl.ts
--- a/SandboxiePlus/SandMan/sandman_pt.ts
+++ b/SandboxiePlus/SandMan/sandman_pt.ts
--- a/SandboxiePlus/SandMan/sandman_ru.ts
+++ b/SandboxiePlus/SandMan/sandman_ru.ts
@ -5,15 +5,15 @@
    <name>CApiMonModel</name>
    <message>
        <source>Message</source>
-        <translation>Сообщение</translation>
+        <translation type="vanished">Сообщение</translation>
    </message>
    <message>
        <source>Time Stamp</source>
-        <translation>Временная метка</translation>
+        <translation type="vanished">Временная метка</translation>
    </message>
    <message>
        <source>Process</source>
-        <translation>Процесс</translation>
+        <translation type="vanished">Процесс</translation>
    </message>
 </context>
 <context>
@ -235,51 +235,51 @@
    </message>
    <message>
        <source>Direct</source>
-        <translation type="unfinished"></translation>
+        <translation>Прямой</translation>
    </message>
    <message>
        <source>Direct All</source>
-        <translation type="unfinished"></translation>
+        <translation>Прямой для всех</translation>
    </message>
    <message>
        <source>Closed</source>
-        <translation type="unfinished"></translation>
+        <translation>Закрытый</translation>
    </message>
    <message>
        <source>Closed RT</source>
-        <translation type="unfinished"></translation>
+        <translation>Закрытый RT</translation>
    </message>
    <message>
        <source>Read Only</source>
-        <translation type="unfinished"></translation>
+        <translation>Только чтение</translation>
    </message>
    <message>
        <source>Hidden</source>
-        <translation type="unfinished"></translation>
+        <translation>Скрытый</translation>
    </message>
    <message>
        <source>Unknown</source>
-        <translation type="unfinished">Неизвестно</translation>
+        <translation>Неизвестно</translation>
    </message>
    <message>
        <source>File/Folder</source>
-        <translation type="unfinished"></translation>
+        <translation>Файл/Папка</translation>
    </message>
    <message>
        <source>Registry</source>
-        <translation type="unfinished"></translation>
+        <translation>Реестр</translation>
    </message>
    <message>
        <source>IPC Path</source>
-        <translation type="unfinished"></translation>
+        <translation>Путь IPC</translation>
    </message>
    <message>
        <source>Wnd Class</source>
-        <translation type="unfinished"></translation>
+        <translation>Wnd класс</translation>
    </message>
    <message>
        <source>COM Object</source>
-        <translation type="unfinished"></translation>
+        <translation>COM объект</translation>
    </message>
 </context>
 <context>
@ -569,6 +569,10 @@ Full path: %4</source>
        <source>Disabled</source>
        <translation>Отключено</translation>
    </message>
    <message>
        <source>Empty</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
 <context>
    <name>CSandMan</name>
@ -646,7 +650,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Cleanup Api Call Log</source>
-        <translation>Очистить журнал вызовов API</translation>
+        <translation type="vanished">Очистить журнал вызовов API</translation>
    </message>
    <message>
        <source>Simple View</source>
@ -714,7 +718,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Api Call Log</source>
-        <translation>Журнал вызовов API</translation>
+        <translation type="vanished">Журнал вызовов API</translation>
    </message>
    <message>
        <source>Stop Driver</source>
@ -800,7 +804,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>API Call Logging</source>
-        <translation>Ведение журнала вызовов API</translation>
+        <translation type="vanished">Ведение журнала вызовов API</translation>
    </message>
    <message>
        <source>Loaded Config: %1</source>
@ -960,7 +964,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Cleanup Resource Log</source>
-        <translation>Очистить журнал ресурсов</translation>
+        <translation type="vanished">Очистить журнал ресурсов</translation>
    </message>
    <message>
        <source>Cleanup Message Log</source>
@ -1085,7 +1089,7 @@ Full path: %4</source>
    <message>
        <source>To use API logging you must first set up the LogApiDll from https://github.com/sandboxie-plus/LogApiDll with one or more sandboxes.
 Please download the latest release and set it up with the Sandboxie.ini as instructed in the README.md of the project.</source>
-        <translation>Чтобы использовать ведение журнала API, вы должны сначала настроить LogApiDll из https://github.com/sandboxie-plus/LogApiDll с одной или несколькими песочницами.
+        <translation type="vanished">Чтобы использовать ведение журнала API, вы должны сначала настроить LogApiDll из https://github.com/sandboxie-plus/LogApiDll с одной или несколькими песочницами.
 Загрузите последний выпуск и настройте его с помощью Sandboxie.ini, как указано в README.md проекта.</translation>
    </message>
    <message>
@ -1158,14 +1162,18 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
    </message>
    <message>
        <source>Default sandbox not found; creating: %1</source>
-        <translation type="unfinished"></translation>
+        <translation>Песочница по умолчанию не найдена; создание: %1</translation>
    </message>
    <message>
        <source>&lt;p&gt;Do you want to go to the &lt;a href=&quot;%1&quot;&gt;info page&lt;/a&gt;?&lt;/p&gt;</source>
-        <translation type="unfinished"></translation>
+        <translation>&lt;p&gt;Вы хотите перейти на &lt;a href=&quot;%1&quot;&gt;страницу с информацией&lt;/a&gt;?&lt;/p&gt;</translation>
    </message>
    <message>
        <source>Don&apos;t show this message anymore.</source>
        <translation>Больше не показывать это сообщение.</translation>
    </message>
    <message>
        <source>Cleanup Trace Log</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
@ -1428,10 +1436,14 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
    </message>
    <message>
        <source>This Sandbox is empty.</source>
-        <translation type="unfinished"></translation>
+        <translation>Эта песочница пуста.</translation>
    </message>
    <message>
        <source>A group can not be its own parent.</source>
        <translation>Группа не может быть собственным родителем.</translation>
    </message>
    <message>
        <source>Run Cmd.exe as Admin</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
@ -1483,7 +1495,7 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
    </message>
    <message>
        <source>Auto Detection</source>
-        <translation type="unfinished"></translation>
+        <translation>Автоопределение</translation>
    </message>
 </context>
 <context>
@ -2085,6 +2097,10 @@ Note:  Forced Programs and Force Folders settings for a sandbox do not apply to
    </message>
    <message>
        <source>Allow access to Bluetooth</source>
        <translation>Разрешить доступ к Bluetooth</translation>
    </message>
    <message>
        <source>Log all SetError&apos;s to Trace log</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
@ -2165,7 +2181,7 @@ Note:  Forced Programs and Force Folders settings for a sandbox do not apply to
    </message>
    <message>
        <source>SandboxiePlus - Recovery</source>
-        <translation type="unfinished"></translation>
+        <translation>SandboxiePlus - Восстановление</translation>
    </message>
 </context>
 <context>
@ -2383,7 +2399,7 @@ Note:  Forced Programs and Force Folders settings for a sandbox do not apply to
    </message>
    <message>
        <source>SandboxiePlus - Snapshots</source>
-        <translation type="unfinished"></translation>
+        <translation>SandboxiePlus - Снимки</translation>
    </message>
 </context>
 </TS>
--- a/SandboxiePlus/SandMan/sandman_tr.ts
+++ b/SandboxiePlus/SandMan/sandman_tr.ts
@ -5,15 +5,15 @@
    <name>CApiMonModel</name>
    <message>
        <source>Message</source>
-        <translation>Mesaj</translation>
+        <translation type="vanished">Mesaj</translation>
    </message>
    <message>
        <source>Time Stamp</source>
-        <translation>Zaman Damgası</translation>
+        <translation type="vanished">Zaman Damgası</translation>
    </message>
    <message>
        <source>Process</source>
-        <translation>İşlem</translation>
+        <translation type="vanished">İşlem</translation>
    </message>
 </context>
 <context>
@ -41,17 +41,13 @@
        <source>Default</source>
        <translation>Öntanımlı</translation>
    </message>
    <message>
        <source>Legacy (old sbie behaviour)</source>
        <translation type="vanished">Eski (eski sbie davranışı)</translation>
    </message>
    <message>
        <source>Sandboxie-Plus - Create New Box</source>
-        <translation type="unfinished"></translation>
+        <translation>Sandboxie-Plus - Yeni KumKutusu</translation>
    </message>
    <message>
        <source>Legacy Sandboxie Behaviour</source>
-        <translation type="unfinished"></translation>
+        <translation>Eski Sandboxie Davranışı</translation>
    </message>
 </context>
 <context>
@ -239,51 +235,51 @@
    </message>
    <message>
        <source>Direct</source>
-        <translation type="unfinished"></translation>
+        <translation>Yönlendir</translation>
    </message>
    <message>
        <source>Direct All</source>
-        <translation type="unfinished"></translation>
+        <translation>Tümünü Yönlendir</translation>
    </message>
    <message>
        <source>Closed</source>
-        <translation type="unfinished"></translation>
+        <translation>Kapalı</translation>
    </message>
    <message>
        <source>Closed RT</source>
-        <translation type="unfinished"></translation>
+        <translation>Kapalı RT</translation>
    </message>
    <message>
        <source>Read Only</source>
-        <translation type="unfinished"></translation>
+        <translation>Salt Okunur</translation>
    </message>
    <message>
        <source>Hidden</source>
-        <translation type="unfinished"></translation>
+        <translation>Gizli</translation>
    </message>
    <message>
        <source>Unknown</source>
-        <translation type="unfinished">Bilinmeyen</translation>
+        <translation>Bilinmeyen</translation>
    </message>
    <message>
        <source>File/Folder</source>
-        <translation type="unfinished"></translation>
+        <translation>Dosya/Dizin</translation>
    </message>
    <message>
        <source>Registry</source>
-        <translation type="unfinished"></translation>
+        <translation>Kayıt</translation>
    </message>
    <message>
        <source>IPC Path</source>
-        <translation type="unfinished"></translation>
+        <translation>IPC Yolu</translation>
    </message>
    <message>
        <source>Wnd Class</source>
-        <translation type="unfinished"></translation>
+        <translation>Wnd Sınıfı</translation>
    </message>
    <message>
        <source>COM Object</source>
-        <translation type="unfinished"></translation>
+        <translation>COM Objesi</translation>
    </message>
 </context>
 <context>
@ -571,6 +567,10 @@ Full path: %4</source>
    </message>
    <message>
        <source>Disabled</source>
        <translation>Devre dışı</translation>
    </message>
    <message>
        <source>Empty</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
@ -610,7 +610,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>About Sandboxie-Plus</source>
-        <translation>Sandboxie-Plus Hakkında</translation>
+        <translation>Sandboxie-Plus hakkında</translation>
    </message>
    <message>
        <source>Driver version: %1</source>
@ -638,7 +638,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Visit Support Forum</source>
-        <translation>Destek Forumu&apos;tnu ziyaret et</translation>
+        <translation>Destek Forumu&apos;nu ziyaret et</translation>
    </message>
    <message>
        <source>Failed to copy configuration from sandbox %1: %2</source>
@ -650,7 +650,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Cleanup Api Call Log</source>
-        <translation>Api Çağrı Günlüğünü Temizle</translation>
+        <translation type="vanished">Api Çağrı Günlüğünü Temizle</translation>
    </message>
    <message>
        <source>Simple View</source>
@ -718,7 +718,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Api Call Log</source>
-        <translation>Api Çağrı Günlüğü</translation>
+        <translation type="vanished">Api Çağrı Günlüğü</translation>
    </message>
    <message>
        <source>Stop Driver</source>
@ -804,7 +804,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>API Call Logging</source>
-        <translation>API Çağrı Günlüğü</translation>
+        <translation type="vanished">API Çağrı Günlüğü</translation>
    </message>
    <message>
        <source>Loaded Config: %1</source>
@ -840,7 +840,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>&lt;h3&gt;About Sandboxie-Plus&lt;/h3&gt;&lt;p&gt;Version %1&lt;/p&gt;&lt;p&gt;Copyright (c) 2020-2021 by DavidXanatos&lt;/p&gt;</source>
-        <translation>&lt;h3&gt;Sandboxie-Plus Hakkında&lt;/h3&gt;&lt;p&gt;Sürüm %1&lt;/p&gt;&lt;p&gt;Telif hakkı (c) 2020-2021 DavidXanatos&lt;/p&gt;</translation>
+        <translation>&lt;h3&gt;Sandboxie-Plus hakkında&lt;/h3&gt;&lt;p&gt;Sürüm %1&lt;/p&gt;&lt;p&gt;Telif hakkı (c) 2020-2021 DavidXanatos&lt;/p&gt;</translation>
    </message>
    <message>
        <source>Cleanup</source>
@ -915,8 +915,8 @@ Full path: %4</source>
        <translation>%1: %2 korumalı kutusu silinemedi</translation>
    </message>
    <message>
-        <source>&lt;p&gt;İndirme sayfasına &lt;a href=&quot;%1&quot;&gt;gitmek ister misiniz&lt;/a&gt;?&lt;/p&gt;</source>
+        <source>&lt;p&gt;Do you want to go to the &lt;a href=&quot;%1&quot;&gt;download page&lt;/a&gt;?&lt;/p&gt;</source>
-        <translation type="vanished">&lt;p&gt;Вы хотите перейти на &lt;a href=&quot;%1&quot;&gt;страницу загрузки&lt;/a&gt;?&lt;/p&gt;</translation>
+        <translation>&lt;p&gt;İndirme sayfasına &lt;a href=&quot;%1&quot;&gt;gitmek ister misiniz&lt;/a&gt;?&lt;/p&gt;</translation>
    </message>
    <message>
        <source>Maintenance operation Successful</source>
@ -964,7 +964,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Cleanup Resource Log</source>
-        <translation>Kaynak Günlüğünü Temizle</translation>
+        <translation type="vanished">Kaynak Günlüğünü Temizle</translation>
    </message>
    <message>
        <source>Cleanup Message Log</source>
@ -988,7 +988,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Reset all hidden messages</source>
-        <translation>Tüm gizli mesajları sıfırla</translation>
+        <translation>Tüm gizlenmiş mesajları sıfırla</translation>
    </message>
    <message>
        <source>   -   NOT connected</source>
@ -1089,7 +1089,7 @@ Full path: %4</source>
    <message>
        <source>To use API logging you must first set up the LogApiDll from https://github.com/sandboxie-plus/LogApiDll with one or more sandboxes.
 Please download the latest release and set it up with the Sandboxie.ini as instructed in the README.md of the project.</source>
-        <translation>API günlüğünü kullanmak için önce https://github.com/sandboxie-plus/LogApiDll adresinden bir veya daha fazla korumalı kutu ile LogApiDll&apos;yi kurmanız gerekir.
+        <translation type="vanished">API günlüğünü kullanmak için önce https://github.com/sandboxie-plus/LogApiDll adresinden bir veya daha fazla korumalı kutu ile LogApiDll&apos;yi kurmanız gerekir.
        Lütfen en son sürümü indirin ve projenin README.md dosyasında belirtildiği gibi Sandboxie.ini ile kurun.</translation>
    </message>
    <message>
@ -1104,14 +1104,6 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
        <source>Always on Top</source>
        <translation>Her zaman üstte</translation>
    </message>
    <message>
        <source>Sellect box:</source>
        <translation type="vanished">Kutu Seç:</translation>
    </message>
    <message>
        <source>Some compatybility templates (%1) are missing, probably deleted, do you want to remove them from all boxes?</source>
        <translation type="vanished">Bazı uyumluluk şablonları (%1) eksik, büyük olasılıkla silinmiş, bunları tüm kutulardan kaldırmak istiyor musunuz?</translation>
    </message>
    <message>
        <source>Cleaned up removed templates...</source>
        <translation>Kaldırılan şablonlar temizlendi...</translation>
@ -1126,62 +1118,62 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
    </message>
    <message>
        <source>Reset Columns</source>
-        <translation type="unfinished"></translation>
+        <translation>Sütunları Sıfırla</translation>
    </message>
    <message>
        <source>Window Finder</source>
-        <translation type="unfinished"></translation>
+        <translation>Pencere Bulucu</translation>
    </message>
    <message>
        <source>Show Hidden Boxes</source>
-        <translation type="unfinished"></translation>
+        <translation>Gizli Kutuları Göster</translation>
    </message>
    <message>
        <source>Select box:</source>
-        <translation type="unfinished"></translation>
+        <translation>Kutu seç:</translation>
    </message>
    <message>
        <source>Default sandbox not found; creating: %1</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>Some compatibility templates (%1) are missing, probably deleted, do you want to remove them from all boxes?</source>
-        <translation type="unfinished"></translation>
+        <translation>Bazı uyumluluk şablonları (%1) eksik, büyük olasılıkla silinmiş, bunları tüm kutulardan kaldırmak istiyor musunuz?</translation>
    </message>
    <message>
        <source>Do you want to terminate all processes in all sandboxes?</source>
-        <translation type="unfinished"></translation>
+        <translation>Tüm korumalı kutulardaki tüm işlemleri sonlandırmak istiyor musunuz?</translation>
    </message>
    <message>
        <source>Terminate all without asking</source>
-        <translation type="unfinished"></translation>
+        <translation>Hepsini sormadan sonlandır</translation>
    </message>
    <message>
        <source>&lt;p&gt;Do you want to go to the &lt;a href=&quot;%1&quot;&gt;info page&lt;/a&gt;?&lt;/p&gt;</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>&lt;p&gt;Do you want to go to the &lt;a href=&quot;%1&quot;&gt;download page&lt;/a&gt;?&lt;/p&gt;</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>Don&apos;t show this message anymore.</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>The selected window is running as part of program %1 in sandbox %2</source>
-        <translation type="unfinished"></translation>
+        <translation>Seçilen pencere %2 kutusunda %1 programının bir parçası olarak çalışıyor</translation>
    </message>
    <message>
        <source>The selected window is not running as part of any sandboxed program.</source>
-        <translation type="unfinished"></translation>
+        <translation>Seçilen pencere, herhangi bir kutudaki programın parçası olarak çalışmıyor.</translation>
    </message>
    <message>
        <source>Drag the Finder Tool over a window to select it, then release the mouse to check if the window is sandboxed.</source>
-        <translation type="unfinished"></translation>
+        <translation>Bulucu Aracını seçmek için bir pencerenin üzerine sürükleyin, ardından pencerenin kumkutusunda olup olmadığını kontrol etmek için fareyi bırakın.</translation>
    </message>
    <message>
        <source>Sandboxie-Plus - Window Finder</source>
        <translation>Sandboxie-Plus - Pencere Bulucu</translation>
    </message>
    <message>
        <source>Default sandbox not found; creating: %1</source>
        <translation>Öntanımlı kumkutusu bulunamadı; oluşturuluyor: %1</translation>
    </message>
    <message>
        <source>&lt;p&gt;Do you want to go to the &lt;a href=&quot;%1&quot;&gt;info page&lt;/a&gt;?&lt;/p&gt;</source>
        <translation>&lt;p&gt;Bilgi sayfasına &lt;a href=&quot;%1&quot;&gt;ister misiniz&lt;/a&gt;?&lt;/p&gt;</translation>
    </message>
    <message>
        <source>Don&apos;t show this message anymore.</source>
        <translation>Artık bu mesajı gösterme.</translation>
    </message>
    <message>
        <source>Cleanup Trace Log</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
@ -1213,7 +1205,7 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
    </message>
    <message>
        <source>Title</source>
-        <translation type="unfinished"></translation>
+        <translation>Başlık</translation>
    </message>
 </context>
 <context>
@ -1245,7 +1237,7 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
    </message>
    <message>
        <source>Drop Admin Rights</source>
-        <translation>Yönetici haklarını bırak</translation>
+        <translation>Yönetici haklarını kaldır</translation>
    </message>
    <message>
        <source>Run eMail Client</source>
@ -1434,20 +1426,24 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
        <source>Do you really want to delete the content of multiple sandboxes?</source>
        <translation>Birden çok korumalı kutunun içeriğini gerçekten silmek istiyor musunuz?</translation>
    </message>
    <message>
        <source>This Sandbox is empty.</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>Do you want to terminate all processes in the selected sandbox(es)?</source>
-        <translation type="unfinished"></translation>
+        <translation>Seçili kutu(lar)daki tüm işlemleri sonlandırmak istiyor musunuz?</translation>
    </message>
    <message>
        <source>This sandbox is disabled, do you want to enable it?</source>
-        <translation type="unfinished"></translation>
+        <translation>Bu kutu devre dışı, etkinleştirmek istiyor musunuz?</translation>
    </message>
    <message>
        <source>This Sandbox is empty.</source>
        <translation>Bu kumkutusu boş.</translation>
    </message>
    <message>
        <source>A group can not be its own parent.</source>
        <translation>Bir grup kendi ebeveyni olamaz.</translation>
    </message>
    <message>
        <source>Run Cmd.exe as Admin</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
@ -1499,7 +1495,7 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
    </message>
    <message>
        <source>Auto Detection</source>
-        <translation type="unfinished"></translation>
+        <translation>Otomatik Algıla</translation>
    </message>
 </context>
 <context>
@ -1547,13 +1543,9 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
        <source>SandboxiePlus new box</source>
        <translation>SandboxiePlus yeni kutu</translation>
    </message>
    <message>
        <source>Enter a name for the new box:</source>
        <translation type="vanished">Yeni kutu için bir ad girin:</translation>
    </message>
    <message>
        <source>Sandbox Name:</source>
-        <translation type="unfinished"></translation>
+        <translation>KumKutusu Adı:</translation>
    </message>
 </context>
 <context>
@ -1932,7 +1924,7 @@ Bu seçenekler olay maskesini &quot;*&quot; olarak ayarlar - Tüm erişim olayla
    </message>
    <message>
        <source>Add sandboxed processes to job objects (recommended)</source>
-        <translation>İş nesnelerine KumKutu&apos;lu süreçler ekleyin (önerilir)</translation>
+        <translation>İş nesnelerine KumKutu&apos;lu (korumalı kutu) süreçler ekle (önerilir)</translation>
    </message>
    <message>
        <source>Remove Program</source>
@ -2037,7 +2029,7 @@ Not: Bir korumalı kutuya ilişkin Zorlanmış Programlar ve Zorlanmış Dizinle
    </message>
    <message>
        <source>Prevent change to network and firewall parameters</source>
-        <translation>Ağ ve güvenlik duvarı parametrelerinde değişikliği önleyin</translation>
+        <translation>Ağ ve güvenlik duvarı parametrelerinde değişikliği önle</translation>
    </message>
    <message>
        <source>COM Class Trace</source>
@ -2045,7 +2037,7 @@ Not: Bir korumalı kutuya ilişkin Zorlanmış Programlar ve Zorlanmış Dizinle
    </message>
    <message>
        <source>&lt;- for this one the above does not apply</source>
-        <translation>&lt;- bunun için yukarıdakiler geçerli değildir</translation>
+        <translation>&lt;- yukarıdakiler bunun için geçerli değildir</translation>
    </message>
    <message>
        <source>Block access to the printer spooler</source>
@ -2105,6 +2097,10 @@ Not: Bir korumalı kutuya ilişkin Zorlanmış Programlar ve Zorlanmış Dizinle
    </message>
    <message>
        <source>Allow access to Bluetooth</source>
        <translation>Bluetooth erişimine izin ver</translation>
    </message>
    <message>
        <source>Log all SetError&apos;s to Trace log</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
@ -2185,7 +2181,7 @@ Not: Bir korumalı kutuya ilişkin Zorlanmış Programlar ve Zorlanmış Dizinle
    </message>
    <message>
        <source>SandboxiePlus - Recovery</source>
-        <translation type="unfinished"></translation>
+        <translation>SandboxiePlus - Kurtarma</translation>
    </message>
 </context>
 <context>
@ -2316,7 +2312,7 @@ Not: Bir korumalı kutuya ilişkin Zorlanmış Programlar ve Zorlanmış Dizinle
    </message>
    <message>
        <source>Prevent the listed programs from starting on this system</source>
-        <translation>Listelenen programların bu sistemde başlamasını önleyin</translation>
+        <translation>Listelenen programların bu sistemde başlamasını önle</translation>
    </message>
    <message>
        <source>Only Administrator user accounts can use Disable Forced Programs command</source>
@ -2328,7 +2324,7 @@ Not: Bir korumalı kutuya ilişkin Zorlanmış Programlar ve Zorlanmış Dizinle
    </message>
    <message>
        <source>Open urls from this ui sandboxed</source>
-        <translation>Bu kullanıcı arayüzündeki linkleri korumalı kutuda aç</translation>
+        <translation>Bu kullanıcı arayüzündeki (ui) linkleri korumalı kutuda aç</translation>
    </message>
    <message>
        <source>Sandbox &lt;a href=&quot;sbie://docs/filerootpath&quot;&gt;file system root&lt;/a&gt;: </source>
@ -2348,11 +2344,11 @@ Not: Bir korumalı kutuya ilişkin Zorlanmış Programlar ve Zorlanmış Dizinle
    </message>
    <message>
        <source>Start UI with Windows</source>
-        <translation>Windows başlangıcında kullanıcı arayüzünü başlat</translation>
+        <translation>Windows başlangıcında kullanıcı arayüzünü (ui) başlat</translation>
    </message>
    <message>
        <source>Start UI when a sandboxed process is started</source>
-        <translation>Korumalı kutuda bir işlem başladığında kullanıcı arayüzünü başlat</translation>
+        <translation>Korumalı kutuda bir işlem başladığında kullanıcı arayüzünü (ui) başlat</translation>
    </message>
    <message>
        <source>Show first recovery window when emptying sandboxes</source>
@ -2403,7 +2399,7 @@ Not: Bir korumalı kutuya ilişkin Zorlanmış Programlar ve Zorlanmış Dizinle
    </message>
    <message>
        <source>SandboxiePlus - Snapshots</source>
-        <translation type="unfinished"></translation>
+        <translation>SandboxiePlus - Anlık Görüntüler</translation>
    </message>
 </context>
 </TS>
--- a/SandboxiePlus/SandMan/sandman_zh-CN.ts
+++ b/SandboxiePlus/SandMan/sandman_zh-CN.ts
@ -5,15 +5,15 @@
    <name>CApiMonModel</name>
    <message>
        <source>Message</source>
-        <translation>信息</translation>
+        <translation type="vanished">信息</translation>
    </message>
    <message>
        <source>Time Stamp</source>
-        <translation>时间戳</translation>
+        <translation type="vanished">时间戳</translation>
    </message>
    <message>
        <source>Process</source>
-        <translation>进程</translation>
+        <translation type="vanished">进程</translation>
    </message>
 </context>
 <context>
@ -234,51 +234,51 @@
    </message>
    <message>
        <source>Direct</source>
-        <translation type="unfinished"></translation>
+        <translation>直接访问</translation>
    </message>
    <message>
        <source>Direct All</source>
-        <translation type="unfinished"></translation>
+        <translation>直接访问全部</translation>
    </message>
    <message>
        <source>Closed</source>
-        <translation type="unfinished"></translation>
+        <translation>关闭</translation>
    </message>
    <message>
        <source>Closed RT</source>
-        <translation type="unfinished"></translation>
+        <translation>关闭RT</translation>
    </message>
    <message>
        <source>Read Only</source>
-        <translation type="unfinished"></translation>
+        <translation>只读</translation>
    </message>
    <message>
        <source>Hidden</source>
-        <translation type="unfinished"></translation>
+        <translation>隐藏</translation>
    </message>
    <message>
        <source>Unknown</source>
-        <translation type="unfinished">未知</translation>
+        <translation>未知</translation>
    </message>
    <message>
        <source>File/Folder</source>
-        <translation type="unfinished"></translation>
+        <translation>文件/文件夹</translation>
    </message>
    <message>
        <source>Registry</source>
-        <translation type="unfinished"></translation>
+        <translation>注册表</translation>
    </message>
    <message>
        <source>IPC Path</source>
-        <translation type="unfinished"></translation>
+        <translation>IPC路径</translation>
    </message>
    <message>
        <source>Wnd Class</source>
-        <translation type="unfinished"></translation>
+        <translation>窗口类</translation>
    </message>
    <message>
        <source>COM Object</source>
-        <translation type="unfinished"></translation>
+        <translation>COM组件</translation>
    </message>
 </context>
 <context>
@ -568,6 +568,10 @@ Full path: %4</source>
        <source>Disabled</source>
        <translation>禁用</translation>
    </message>
    <message>
        <source>Empty</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
 <context>
    <name>CSandMan</name>
@ -645,7 +649,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Cleanup Api Call Log</source>
-        <translation>清理Api调用日志</translation>
+        <translation type="vanished">清理Api调用日志</translation>
    </message>
    <message>
        <source>Simple View</source>
@ -721,7 +725,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Api Call Log</source>
-        <translation>Api调用日志</translation>
+        <translation type="vanished">Api调用日志</translation>
    </message>
    <message>
        <source>The sandbox name can not be longer than 32 characters.</source>
@ -827,7 +831,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>API Call Logging</source>
-        <translation>API调用记录</translation>
+        <translation type="vanished">API调用记录</translation>
    </message>
    <message>
        <source>Loaded Config: %1</source>
@ -1027,7 +1031,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Cleanup Resource Log</source>
-        <translation>清理资源日志</translation>
+        <translation type="vanished">清理资源日志</translation>
    </message>
    <message>
        <source>Cleanup Message Log</source>
@ -1084,7 +1088,7 @@ Full path: %4</source>
    <message>
        <source>To use API logging you must first set up the LogApiDll from https://github.com/sandboxie-plus/LogApiDll with one or more sandboxes.
 Please download the latest release and set it up with the Sandboxie.ini as instructed in the README.md of the project.</source>
-        <translation>要使用API记录日志首先必须从 https://github.com/sandboxie-plus/LogApiDll 下载LogApiDll，并用沙盒来建立.
+        <translation type="vanished">要使用API记录日志首先必须从 https://github.com/sandboxie-plus/LogApiDll 下载LogApiDll，并用沙盒来建立.
 请下载最新发布版，并用sandboxie.ini安装，详情请参考README.md里此项的说明.</translation>
    </message>
    <message>
@ -1157,14 +1161,18 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
    </message>
    <message>
        <source>Default sandbox not found; creating: %1</source>
-        <translation type="unfinished"></translation>
+        <translation>默认沙盒未发现，正在创建: %1</translation>
    </message>
    <message>
        <source>&lt;p&gt;Do you want to go to the &lt;a href=&quot;%1&quot;&gt;info page&lt;/a&gt;?&lt;/p&gt;</source>
-        <translation type="unfinished"></translation>
+        <translation>&lt;p&gt;您确定前往 &lt; &quot;%1&quot;&gt;信息页&lt;/a&gt;?&lt;/p&gt;</translation>
    </message>
    <message>
        <source>Don&apos;t show this message anymore.</source>
        <translation>不再显示此信息</translation>
    </message>
    <message>
        <source>Cleanup Trace Log</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
@ -1426,10 +1434,14 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
    </message>
    <message>
        <source>A group can not be its own parent.</source>
-        <translation type="unfinished"></translation>
+        <translation>组不能是自己的父级</translation>
    </message>
    <message>
        <source>This Sandbox is empty.</source>
        <translation>此沙盒是空的</translation>
    </message>
    <message>
        <source>Run Cmd.exe as Admin</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
@ -1481,7 +1493,7 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
    </message>
    <message>
        <source>Auto Detection</source>
-        <translation type="unfinished"></translation>
+        <translation>自动检测</translation>
    </message>
 </context>
 <context>
@ -2082,6 +2094,10 @@ instead of &quot;*&quot;.</source>
    </message>
    <message>
        <source>Allow access to Bluetooth</source>
        <translation>允许访问蓝牙</translation>
    </message>
    <message>
        <source>Log all SetError&apos;s to Trace log</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
@ -2162,7 +2178,7 @@ instead of &quot;*&quot;.</source>
    </message>
    <message>
        <source>SandboxiePlus - Recovery</source>
-        <translation type="unfinished"></translation>
+        <translation>SandboxiePlus - 恢复</translation>
    </message>
 </context>
 <context>
@ -2380,7 +2396,7 @@ instead of &quot;*&quot;.</source>
    </message>
    <message>
        <source>SandboxiePlus - Snapshots</source>
-        <translation type="unfinished"></translation>
+        <translation>SandboxiePlus - 快照</translation>
    </message>
 </context>
 </TS>
--- a/SandboxiePlus/SandMan/sandman_zh-TW.ts
+++ b/SandboxiePlus/SandMan/sandman_zh-TW.ts
@ -5,15 +5,15 @@
    <name>CApiMonModel</name>
    <message>
        <source>Message</source>
-        <translation>訊息</translation>
+        <translation type="vanished">訊息</translation>
    </message>
    <message>
        <source>Time Stamp</source>
-        <translation>時間標記</translation>
+        <translation type="vanished">時間標記</translation>
    </message>
    <message>
        <source>Process</source>
-        <translation>處理程序</translation>
+        <translation type="vanished">處理程序</translation>
    </message>
 </context>
 <context>
@ -278,7 +278,7 @@
    </message>
    <message>
        <source>Wnd Class</source>
-        <translation type="unfinished"></translation>
+        <translation>Wnd 元件</translation>
    </message>
    <message>
        <source>COM Object</source>
@ -374,7 +374,7 @@
    </message>
    <message>
        <source>Recover the file to original location</source>
-        <translation>恢復檔案到原始位址</translation>
+        <translation>恢復檔案到原始路徑</translation>
    </message>
    <message>
        <source>Recover &amp;&amp; Explore</source>
@ -441,7 +441,7 @@ File name: %3</source>
        <source>Do you want to allow %1 (%2) access to the internet?
 Full path: %3</source>
        <translation type="vanished">您確定允許 %1 (%2) 訪問網路嗎？
-完整位址: %3</translation>
+完整路徑: %3</translation>
    </message>
    <message>
        <source>%1 is eligible for quick recovery from %2.
@ -453,7 +453,7 @@ The file was written by: %3</source>
        <source>Migrating a large file %1 into the sandbox %2, %3 left.
 Full path: %4</source>
        <translation type="vanished">移動大檔案 %1 至沙盤 %2，%3 遺留。
-完整位址: %4</translation>
+完整路徑: %4</translation>
    </message>
    <message>
        <source>Do you want to allow %4 (%5) to copy a %1 large file into sandbox: %2?
@ -488,7 +488,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Full Path</source>
-        <translation>詳細位址</translation>
+        <translation>詳細路徑</translation>
    </message>
    <message>
        <source>Select Directory</source>
@ -572,6 +572,10 @@ Full path: %4</source>
        <source>Disabled</source>
        <translation>禁用</translation>
    </message>
    <message>
        <source>Empty</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
 <context>
    <name>CSandMan</name>
@ -649,7 +653,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Cleanup Api Call Log</source>
-        <translation>清理 API 呼叫日誌</translation>
+        <translation type="vanished">清理 API 呼叫日誌</translation>
    </message>
    <message>
        <source>Simple View</source>
@ -725,7 +729,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Api Call Log</source>
-        <translation>API 呼叫日誌</translation>
+        <translation type="vanished">API 呼叫日誌</translation>
    </message>
    <message>
        <source>The sandbox name can not be longer than 32 characters.</source>
@ -831,7 +835,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>API Call Logging</source>
-        <translation>API 呼叫日誌</translation>
+        <translation type="vanished">API 呼叫日誌</translation>
    </message>
    <message>
        <source>Loaded Config: %1</source>
@ -911,7 +915,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Can&apos;t find Sandboxie installation path.</source>
-        <translation>無法找到 Sandboxie 安裝位址。</translation>
+        <translation>無法找到 Sandboxie 安裝路徑。</translation>
    </message>
    <message>
        <source>Delete protection is enabled for the sandbox</source>
@ -987,7 +991,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Do you also want to reset hidden message boxes (yes), or only all log messages (no)?</source>
-        <translation>確定連隱藏訊息視窗一起重置 (是) 或僅用於所有日誌訊息 (否)？</translation>
+        <translation>你是否要重置已隱藏訊息視窗 (是) ，或僅用於所有日誌訊息 (否)？</translation>
    </message>
    <message>
        <source>You are not authorized to update configuration in section &apos;%1&apos;</source>
@ -1015,7 +1019,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Error merging snapshot directories &apos;%1&apos; with &apos;%2&apos;, the snapshot has not been fully merged.</source>
-        <translation>合併快照目錄 &apos;%1&apos; 和 &apos;%2&apos; 錯誤，快照沒有全部合併。</translation>
+        <translation>合併快照目錄 &apos;%1&apos; 和 &apos;%2&apos; 錯誤，快照沒有被完全合併。</translation>
    </message>
    <message>
        <source>Edit ini file</source>
@ -1031,7 +1035,7 @@ Full path: %4</source>
    </message>
    <message>
        <source>Cleanup Resource Log</source>
-        <translation>清理資源日誌</translation>
+        <translation type="vanished">清理資源日誌</translation>
    </message>
    <message>
        <source>Cleanup Message Log</source>
@ -1088,7 +1092,7 @@ Full path: %4</source>
    <message>
        <source>To use API logging you must first set up the LogApiDll from https://github.com/sandboxie-plus/LogApiDll with one or more sandboxes.
 Please download the latest release and set it up with the Sandboxie.ini as instructed in the README.md of the project.</source>
-        <translation>要使用 API 記錄日誌首先必須從 https://github.com/sandboxie-plus/LogApiDll 下載 LogApiDll，並為一個或更多沙盤設定。
+        <translation type="vanished">要使用 API 記錄日誌首先必須從 https://github.com/sandboxie-plus/LogApiDll 下載 LogApiDll，並為一個或更多沙盤設定。
 請下載最新發布版本，並使用 sandboxie.ini 安裝，更多內容請參考 README.md 中此項目的說明。</translation>
    </message>
    <message>
@ -1169,14 +1173,18 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
    </message>
    <message>
        <source>Default sandbox not found; creating: %1</source>
-        <translation type="unfinished"></translation>
+        <translation>未找到預設沙盤; 建立中: %1</translation>
    </message>
    <message>
        <source>&lt;p&gt;Do you want to go to the &lt;a href=&quot;%1&quot;&gt;info page&lt;/a&gt;?&lt;/p&gt;</source>
-        <translation type="unfinished"></translation>
+        <translation>&lt;p&gt;你是否想要前往 &lt;a href=&quot;%1&quot;&gt;資訊頁面&lt;/a&gt;？&lt;/p&gt;</translation>
    </message>
    <message>
        <source>Don&apos;t show this message anymore.</source>
        <translation>不再顯示此訊息。</translation>
    </message>
    <message>
        <source>Cleanup Trace Log</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
@ -1196,7 +1204,7 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
    </message>
    <message>
        <source>Path / Command Line</source>
-        <translation>位址 / 命令列</translation>
+        <translation>路徑 / 命令列</translation>
    </message>
    <message>
        <source>Start Time</source>
@ -1438,10 +1446,14 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
    </message>
    <message>
        <source>This Sandbox is empty.</source>
-        <translation type="unfinished"></translation>
+        <translation>此沙盤為空。</translation>
    </message>
    <message>
        <source>A group can not be its own parent.</source>
        <translation>群組不能作為其本身的上級群組。</translation>
    </message>
    <message>
        <source>Run Cmd.exe as Admin</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
@ -1493,7 +1505,7 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
    </message>
    <message>
        <source>Auto Detection</source>
-        <translation type="unfinished"></translation>
+        <translation>自動偵測</translation>
    </message>
 </context>
 <context>
@ -1558,7 +1570,7 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
    </message>
    <message>
        <source>Path</source>
-        <translation>位址</translation>
+        <translation>路徑</translation>
    </message>
    <message>
        <source>Save</source>
@ -1624,7 +1636,7 @@ For files access you can use &apos;Direct All&apos; instead to make it apply to
        <translation>配置處理程序所訪問的資源。雙擊進入編輯。
 &apos;管理&apos; 檔案和機碼僅適用於沙盤外的程式二進位制檔案。
 注意所有關閉的...=!&lt;程式&gt;,... 例外也有相同限制。
-想要管理檔案訪問可使用 &apos;管理全部&apos; 使其套用至至全部程式。</translation>
+想要管理檔案訪問可使用 &apos;管理全部&apos; 使其套用至全部程式。</translation>
    </message>
    <message>
        <source>Log Debug Output to the Trace Log</source>
@ -1688,7 +1700,7 @@ If leader processes are defined, all others are treated as lingering processes.<
    </message>
    <message>
        <source>These options are intended for debugging compatibility issues, please do not use them in production use. </source>
-        <translation>這些選項是計劃除錯裝置而設計的，在日常使用時請不要使用。</translation>
+        <translation>這些選項是為除錯相容性問題而設計的，在日常使用時請不要開啟。</translation>
    </message>
    <message>
        <source>Text Filter</source>
@ -1700,7 +1712,7 @@ If leader processes are defined, all others are treated as lingering processes.<
    </message>
    <message>
        <source>Restrict Resource Access monitor to administrators only</source>
-        <translation>限制資源訪問監視器僅限管理員使用</translation>
+        <translation>限制資源訪問監視器使其僅限管理員使用</translation>
    </message>
    <message>
        <source>Protect the sandbox integrity itself</source>
@ -1720,7 +1732,7 @@ If leader processes are defined, all others are treated as lingering processes.<
    </message>
    <message>
        <source>Limit access to the emulated service control manager to privileged processes</source>
-        <translation>限制訪問模擬服務控制管理員來提權處理程序</translation>
+        <translation>限制訪問模擬服務控制管理員以提權處理程序</translation>
    </message>
    <message>
        <source>Remove</source>
@ -1732,11 +1744,11 @@ If leader processes are defined, all others are treated as lingering processes.<
    </message>
    <message>
        <source>Block internet access for all programs except those added to the list.</source>
-        <translation>禁止所有程式訪問網路，除了這些新增至清單中的。</translation>
+        <translation>禁止所有程式訪問網路，除了已新增至清單中的。</translation>
    </message>
    <message>
        <source>Issue message 1307 when a program is denied internet access</source>
-        <translation>當程式被拒絕訪問網路時提示 1307 訊息</translation>
+        <translation>當程式被拒絕訪問網路時提示錯誤代碼 1307</translation>
    </message>
    <message>
        <source>Compatibility</source>
@ -1776,7 +1788,7 @@ If leader processes are defined, all others are treated as lingering processes.<
    </message>
    <message>
        <source>Issue message 2102 when a file is too large</source>
-        <translation>當檔案過大時提示 2102 訊息</translation>
+        <translation>當檔案過大時提示錯誤代碼 2102</translation>
    </message>
    <message>
        <source>File Recovery</source>
@ -1980,7 +1992,7 @@ Note:  Forced Programs and Force Folders settings for a sandbox do not apply to
    </message>
    <message>
        <source>Issue message 1308 when a program fails to start</source>
-        <translation>當程式啟動失敗時提示 1308 訊息</translation>
+        <translation>當程式啟動失敗時提示錯誤代碼 1308</translation>
    </message>
    <message>
        <source>Resource Access</source>
@ -2076,7 +2088,7 @@ Note:  Forced Programs and Force Folders settings for a sandbox do not apply to
    </message>
    <message>
        <source>Here you can specify a list of commands that are executed every time the sandbox is initially populated.</source>
-        <translation>這裡您可以指定每次沙盤啟動被執行的命令清單。</translation>
+        <translation>此處您可以指定每次沙盤啟動時將被執行的命令清單。</translation>
    </message>
    <message>
        <source>Log all access events as seen by the driver to the resource access log.
@ -2100,6 +2112,10 @@ instead of &quot;*&quot;.</source>
        <source>Allow access to Bluetooth</source>
        <translation>允許訪問藍牙</translation>
    </message>
    <message>
        <source>Log all SetError&apos;s to Trace log</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
 <context>
    <name>PopUpWindow</name>
@ -2178,7 +2194,7 @@ instead of &quot;*&quot;.</source>
    </message>
    <message>
        <source>SandboxiePlus - Recovery</source>
-        <translation type="unfinished"></translation>
+        <translation>SandboxiePlus - 恢復</translation>
    </message>
 </context>
 <context>
@ -2189,7 +2205,7 @@ instead of &quot;*&quot;.</source>
    </message>
    <message>
        <source>Path</source>
-        <translation>位址</translation>
+        <translation>路徑</translation>
    </message>
    <message>
        <source>Change Password</source>
@ -2225,7 +2241,7 @@ instead of &quot;*&quot;.</source>
    </message>
    <message>
        <source>Tray options</source>
-        <translation>磁碟選項</translation>
+        <translation>工作列選項</translation>
    </message>
    <message>
        <source>Use Dark Theme</source>
@ -2269,7 +2285,7 @@ instead of &quot;*&quot;.</source>
    </message>
    <message>
        <source>Open urls from this ui sandboxed</source>
-        <translation>沙盤化在此 UI 開啟的連結</translation>
+        <translation>沙盤化從此 UI 開啟的連結</translation>
    </message>
    <message>
        <source>In the future, don&apos;t check software compatibility</source>
@ -2281,7 +2297,7 @@ instead of &quot;*&quot;.</source>
    </message>
    <message>
        <source>When any of the following programs is launched outside any sandbox, Sandboxie will issue message SBIE1301.</source>
-        <translation>當下列程式在任意沙盤之外啟動時，Sandboxie 將提示 SBIE1301 訊息。</translation>
+        <translation>當下列程式在任意沙盤之外啟動時，Sandboxie 將提示錯誤代碼 SBIE1301。</translation>
    </message>
    <message>
        <source>Remove Program</source>
@ -2301,7 +2317,7 @@ instead of &quot;*&quot;.</source>
    </message>
    <message>
        <source>Issue message 1308 when a program fails to start</source>
-        <translation>當程式啟動失敗時提示 1308 訊息</translation>
+        <translation>當程式啟動失敗時提示錯誤代碼 1308</translation>
    </message>
    <message>
        <source>Sandbox default</source>
@ -2345,7 +2361,7 @@ instead of &quot;*&quot;.</source>
    </message>
    <message>
        <source>Start UI when a sandboxed process is started</source>
-        <translation>當沙盤化處理程序啟動時啟動 UI</translation>
+        <translation>當有沙盤化處理程序啟動時開啟 UI</translation>
    </message>
    <message>
        <source>Show first recovery window when emptying sandboxes</source>
@ -2396,7 +2412,7 @@ instead of &quot;*&quot;.</source>
    </message>
    <message>
        <source>SandboxiePlus - Snapshots</source>
-        <translation type="unfinished"></translation>
+        <translation>SandboxiePlus - 快照</translation>
    </message>
 </context>
 </TS>
--- a/SandboxiePlus/version.h
+++ b/SandboxiePlus/version.h
@ -0,0 +1,19 @@
 #pragma once
 #define VERSION_MJR		0
 #define VERSION_MIN 	7
 #define VERSION_REV 	0
 #define VERSION_UPD 	0
 #ifndef STR
 #define STR2(X) #X
 #define STR(X) STR2(X)
 #endif
 #define VERSION_BIN VERSION_MJR,VERSION_MIN,VERSION_REV,VERSION_UPD
 #define VERSION_STR STR(VERSION_MJR.VERSION_MIN.VERSION_REV.VERSION_UPD)
 #define MY_PRODUCT_NAME_STRING  "Sandboxie-Plus"
 #define MY_COMPANY_NAME_STRING  "sandboxie-plus.com"
 #define MY_COPYRIGHT_STRING     "Copyright (C) 2020-2021 by David Xanatos (xanasoft.com)"
`@ -33,3 +33,6 @@ DEPENDPATH += .`


	`include(QSbieAPI.pri)`	`include(QSbieAPI.pri)`

		`win32:RC_FILE = QSbieAPI.rc`