From 48168984b056742f977795ddf679124d4ddff2bd Mon Sep 17 00:00:00 2001 From: DavidXanatos Date: Sun, 12 Dec 2021 18:09:26 +0100 Subject: [PATCH] 1.0.3 --- Sandboxie/core/drv/syscall.c | 28 +++++++++++++--------------- Sandboxie/core/drv/syscall_win32.c | 10 +++++----- 2 files changed, 18 insertions(+), 20 deletions(-) diff --git a/Sandboxie/core/drv/syscall.c b/Sandboxie/core/drv/syscall.c index 1f0bf3d4..50aa7ee0 100644 --- a/Sandboxie/core/drv/syscall.c +++ b/Sandboxie/core/drv/syscall.c @@ -282,10 +282,10 @@ _FX BOOLEAN Syscall_Init_List(void) // preapre the enabled/disabled lists // - //LIST enabled_hooks; - //LIST disabled_hooks; - //Syscall_LoadHookMap(L"EnableNtDllHook", &enabled_hooks); - //Syscall_LoadHookMap(L"DisableNtDllHook", &disabled_hooks); + LIST enabled_hooks; + LIST disabled_hooks; + Syscall_LoadHookMap(L"EnableNtDllHook", &enabled_hooks); + Syscall_LoadHookMap(L"DisableNtDllHook", &disabled_hooks); // // scan each ZwXxx export in NTDLL @@ -337,12 +337,11 @@ _FX BOOLEAN Syscall_Init_List(void) goto next_zwxxx; } - //BOOLEAN default_action = TRUE; + BOOLEAN install_hook = TRUE; // ICD-10607 - McAfee uses it to pass its own data in the stack. The call is not important to us. if ( IS_PROC_NAME(14, "YieldExecution")) - goto next_zwxxx; - // default_action = FALSE; + install_hook = FALSE; // // the Google Chrome "wow_helper" process expects NtMapViewOfSection @@ -352,17 +351,16 @@ _FX BOOLEAN Syscall_Init_List(void) // if ( IS_PROC_NAME(16, "MapViewOfSection")) - goto next_zwxxx; - // default_action = FALSE; + install_hook = FALSE; // // check our custom map // - //if (!Syscall_TestHookMap(name, name_len, &enabled_hooks, &disabled_hooks, default_action)) { - // //DbgPrint(" NtDll Hook disabled for %s\n", name); - // goto next_zwxxx; - //} + if (!Syscall_TestHookMap(name, name_len, &enabled_hooks, &disabled_hooks, install_hook)) { + //DbgPrint(" NtDll Hook disabled for %s\n", name); + goto next_zwxxx; + } //DbgPrint(" NtDll Hook enabled for %s\n", name); // @@ -451,8 +449,8 @@ next_zwxxx: finish: - //Syscall_FreeHookMap(&enabled_hooks); - //Syscall_FreeHookMap(&disabled_hooks); + Syscall_FreeHookMap(&enabled_hooks); + Syscall_FreeHookMap(&disabled_hooks); return success; } diff --git a/Sandboxie/core/drv/syscall_win32.c b/Sandboxie/core/drv/syscall_win32.c index 5a0b8265..0d8272fe 100644 --- a/Sandboxie/core/drv/syscall_win32.c +++ b/Sandboxie/core/drv/syscall_win32.c @@ -148,7 +148,7 @@ _FX BOOLEAN Syscall_Init_List32(void) Syscall_LoadHookMap(L"EnableWin32Hook", &enabled_hooks); Syscall_LoadHookMap(L"DisableWin32Hook", &disabled_hooks); - //BOOLEAN ignore_hook_blacklist = Conf_Get_Boolean(NULL, L"IgnoreHookBlacklist", 0, FALSE); + BOOLEAN ignore_hook_blacklist = Conf_Get_Boolean(NULL, L"IgnoreWin32HookBlacklist", 0, FALSE); // // get the syscall table @@ -237,7 +237,7 @@ _FX BOOLEAN Syscall_Init_List32(void) #define IS_PROC_NAME(ln,nm) (name_len == ln && memcmp(name, nm, ln) == 0) - //if(!ignore_hook_blacklist) + if (!ignore_hook_blacklist) if ( IS_PROC_NAME(18, "UserCreateWindowEx") || IS_PROC_NAME( 7, "GdiInit") // bsod @@ -256,12 +256,12 @@ _FX BOOLEAN Syscall_Init_List32(void) // // Chrome and msedge need GdiDdDDI to be hooked in order for - // the HW acceleration to work + // the HW acceleration to work. // - BOOLEAN default_action = IS_PROC_PREFIX(8, "GdiDdDDI"); + BOOLEAN install_hook = IS_PROC_PREFIX(8, "GdiDdDDI"); - if (!Syscall_TestHookMap(name, name_len, &enabled_hooks, &disabled_hooks, default_action)) { + if (!Syscall_TestHookMap(name, name_len, &enabled_hooks, &disabled_hooks, install_hook)) { //DbgPrint(" Win32k Hook disabled for %s\n", name); goto next_ntxxx; }