mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

build 0.7.2 / 5.49.0

This commit is contained in:
DavidXanatos 2021-03-04 21:13:45 +01:00
parent 9150daf6ec
commit 48488dfec1
76 changed files with 2083 additions and 1111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
CHANGELOG.md
View File

@ -13,6 +13,31 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [0.7.2 / 5.49.0] - 2021-03-04
### Added
- added option to alter reported windows version "OverrideOsBuild=7601" for window s7 sp1
- the trace log can now be structures like a tree with process es as root items and threads as brnaches
### Changed
- SandboxieCrypto how always migrates the CatRoot2 files in order to prevent locking of real files
- greately improved trace log performance
- MSI Server can now run with the "FakeAdminRights=y" and "DropAdminRights=y" options
-- Special service allowance for the MSI Server can be disabled with "MsiInstallerExemptions=n"
- Changed SCM access check behavioure non elevated users can now start services with a user token
-- Elevation now is only required to start services with a system token
- Reworked the trace log mechanism to be more verbose
- Reworked RPC mechanism to be more flexible
### Fixed
- fixed issues with some intallers introduced in 5.48.0
- fixed add user to sandbox in the plus ui
- FIXED SECURITY ISSUE: the HostInjectDll mechanism allowed for local privilege escalation (thanks hg421)
- classic ui no longer allows to create a sandbox with an invalid or reserved device name
## [0.7.1 / 5.48.5] - 2021-02-21
### Added

17
Sandboxie/apps/com/Crypto/crypto.c
View File

@ -158,6 +158,23 @@ ALIGNED HANDLE my_CreateFileW(
dwDesiredAccess = 0;
}
//
// issue #561 Sandbox with some apps directly uses catdb than blocks access to it
// to prevent our instance form locking the real file we request write access
// that forces the file to be migrated and our sandboxed copy opened
//
WCHAR* CatRoot = wcsstr(lpFileName, L"\\system32\\CatRoot2\\");
if (CatRoot) { // L"C:\\WINDOWS\\system32\\CatRoot2\\{00000000-0000-0000-0000-000000000000}\\catdb"
WCHAR win_dir[MAX_PATH + 64];
GetWindowsDirectory(win_dir, MAX_PATH);
if (_wcsnicmp(win_dir, lpFileName, CatRoot - lpFileName) == 0) {
if (dwDesiredAccess == GENERIC_READ)
dwDesiredAccess |= GENERIC_WRITE;
}
}
return ((P_CreateFileW)__sys_CreateFileW)(lpFileName, dwDesiredAccess, dwShareMode,
lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}

36
Sandboxie/apps/com/common.h
View File

@ -493,7 +493,41 @@ BOOL my_QueryServiceStatusEx(
// expect the service to NOT be stopped or stop-pending.
// without this, MSI server gets CO_E_WRONG_SERVER_IDENTITY.
buf->dwProcessId = FindProcessId(_msiexec, TRUE);
//buf->dwProcessId = FindProcessId(_msiexec, TRUE);
WCHAR keyname[128];
wcscpy(keyname, L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Services\\");
wcscat(keyname, L"MSIServer");
UNICODE_STRING objname;
RtlInitUnicodeString(&objname, keyname);
HANDLE hkey;
OBJECT_ATTRIBUTES objattrs;
InitializeObjectAttributes(&objattrs, &objname, OBJ_CASE_INSENSITIVE, NULL, NULL);
if (NT_SUCCESS(NtOpenKey(&hkey, KEY_QUERY_VALUE, &objattrs))) {
NTSTATUS status;
ULONG len;
UNICODE_STRING uni;
union {
KEY_VALUE_PARTIAL_INFORMATION info;
WCHAR info_space[256];
} u;
RtlInitUnicodeString(&uni, SBIE L"_ProcessId");
status = NtQueryValueKey(hkey, &uni, KeyValuePartialInformation, &u.info, sizeof(u), &len);
if (NT_SUCCESS(status) && u.info.Type == REG_DWORD && u.info.DataLength == 4) {
ULONG pid;
pid = *(ULONG*)u.info.Data;
buf->dwProcessId = pid;
}
NtClose(hkey);
}
}
else if (hService == SC_HANDLE_EVENTSYSTEM) {

20
Sandboxie/apps/control/CreateDialog.cpp
View File

@ -175,6 +175,26 @@ void CCreateDialog::OnOK()
errmsg = MSG_3668;
}
if (!errmsg && len <= 8) {
static const WCHAR* deviceNames[] = {
L"aux", L"clock$", L"con", L"nul", L"prn",
L"com1", L"com2", L"com3", L"com4", L"com5",
L"com6", L"com7", L"com8", L"com9",
L"lpt1", L"lpt2", L"lpt3", L"lpt4", L"lpt5",
L"lpt6", L"lpt7", L"lpt8", L"lpt9",
NULL
};
for (ULONG devNum = 0; deviceNames[devNum]; ++devNum) {
const WCHAR* devName = deviceNames[devNum];
ULONG devNameLen = wcslen(devName);
if (_wcsnicmp(name, devName, devNameLen) == 0) {
errmsg = MSG_3667;
break;
}
}
}
if (errmsg) {
GetDlgItem(ID_CREATE_ERROR)->SetWindowText(CMyMsg(errmsg));

10
Sandboxie/apps/control/MonitorDialog.cpp
View File

@ -115,9 +115,9 @@ void CMonitorDialog::OnIdle()
while (1) {
ULONG seq_num = m_last_entry_seq_num;
USHORT type;
ULONG64 pid;
ULONG64 tid;
ULONG type;
ULONG pid;
ULONG tid;
ULONG status = SbieApi_MonitorGetEx(&seq_num, &type, &pid, &tid, &name[12]);
if (status != 0)
break; // error or no more entries
@ -146,7 +146,7 @@ void CMonitorDialog::OnIdle()
} else if (type & MONITOR_DENY) {
name[9] = L'X';
}
type &= 0x0FFF;
type &= MONITOR_TYPE_MASK;
const WCHAR *PrefixPtr = _Unknown;
if (type == MONITOR_SYSCALL)
@ -171,7 +171,7 @@ void CMonitorDialog::OnIdle()
PrefixPtr = _Other;
wcsncpy(name, PrefixPtr, 9);
wsprintf(&name[wcslen(name)], L"; PID: %I64u", pid);
wsprintf(&name[wcslen(name)], L"; PID: %d", pid);
int index = listbox->AddString(name);

17
Sandboxie/common/defines.h
View File

@ -52,6 +52,8 @@
#endif
#define DYNAMIC_PORT_NAME_CHARS 96 // number of wchars in an Epmapper dynamic endpoint port name
#define DYNAMIC_PORT_ID_CHARS 81
//---------------------------------------------------------------------------
@ -86,15 +88,12 @@
//#define wmemchr(mem,c, len) memchr((mem), (c), (len)*sizeof(WCHAR))
typedef enum {
SPOOLER_PORT,
WPAD_PORT,
GAME_CONFIG_STORE_PORT,
SMART_CARD_PORT,
BT_PORT,
SSDP_PORT,
NUM_DYNAMIC_PORTS
} ENUM_DYNAMIC_PORT_TYPE;
#define SPOOLER_PORT_ID L"Spooler"
#define WPAD_PORT_ID L"WPAD"
#define GAME_CONFIG_STORE_PORT_ID L"GamePort"
#define SMART_CARD_PORT_ID L"SmartCard"
#define BT_PORT_ID L"bthserv"
#define SSDP_PORT_ID L"ssdpsrv"
//---------------------------------------------------------------------------

6
Sandboxie/common/my_version.h
View File

@ -21,9 +21,9 @@
#ifndef _MY_VERSION_H
#define _MY_VERSION_H
#define MY_VERSION_BINARY 5,48,5
#define MY_VERSION_STRING "5.48.5"
#define MY_VERSION_COMPAT "5.48.5" // this refers to the driver ABI compatibility
#define MY_VERSION_BINARY 5,49,0
#define MY_VERSION_STRING "5.49.0"
#define MY_VERSION_COMPAT "5.49.0" // this refers to the driver ABI compatibility
// These #defines are used by either Resource Compiler, or by NSIC installer
#define SBIE_INSTALLER_PATH "..\\Bin\\"

10
Sandboxie/core/dll/SboxDll.vcxproj
View File

@ -99,7 +99,6 @@
<Link>
<AdditionalDependencies>ntdll.lib;uuid.lib;kernel32.lib</AdditionalDependencies>
<ModuleDefinitionFile>SboxDll32.def</ModuleDefinitionFile>
<BaseAddress>0x7D220000</BaseAddress>
<EntryPointSymbol>DllMain</EntryPointSymbol>
<IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
<OptimizeReferences>false</OptimizeReferences>
@ -118,7 +117,6 @@
</ClCompile>
<Link>
<AdditionalDependencies>ntdll.lib;uuid.lib;kernel32.lib</AdditionalDependencies>
<BaseAddress>0x7D220000</BaseAddress>
<EntryPointSymbol>DllMain</EntryPointSymbol>
<ModuleDefinitionFile>SboxDll64.def</ModuleDefinitionFile>
<IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
@ -140,7 +138,6 @@
<Link>
<AdditionalDependencies>ntdll.lib;uuid.lib;kernel32.lib</AdditionalDependencies>
<ModuleDefinitionFile>SboxDll32.def</ModuleDefinitionFile>
<BaseAddress>0x7D220000</BaseAddress>
<EntryPointSymbol>DllMain</EntryPointSymbol>
<IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
<OptimizeReferences>false</OptimizeReferences>
@ -158,7 +155,6 @@
</ClCompile>
<Link>
<AdditionalDependencies>ntdll.lib;uuid.lib;kernel32.lib</AdditionalDependencies>
<BaseAddress>0x7D220000</BaseAddress>
<EntryPointSymbol>DllMain</EntryPointSymbol>
<ModuleDefinitionFile>SboxDll64.def</ModuleDefinitionFile>
<IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
@ -324,6 +320,12 @@
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">true</ExcludedFromBuild>
</ClCompile>
<ClCompile Include="scm_msi.c">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">true</ExcludedFromBuild>
</ClCompile>
<ClCompile Include="scm_notify.c">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>

3
Sandboxie/core/dll/SboxDll.vcxproj.filters
View File

@ -180,6 +180,9 @@
<ClCompile Include="file_copy.c">
<Filter>file</Filter>
</ClCompile>
<ClCompile Include="scm_msi.c">
<Filter>scm</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="advapi.h" />

2
Sandboxie/core/dll/SboxDll32.def
View File

@ -34,7 +34,7 @@ SbieApi_HookTramp=_SbieApi_HookTramp@8
SbieApi_IsBoxEnabled=_SbieApi_IsBoxEnabled@4
SbieApi_MonitorControl=_SbieApi_MonitorControl@8
SbieApi_MonitorGet=_SbieApi_MonitorGet@8
;;; SbieApi_MonitorGet=_SbieApi_MonitorGet@8
SbieApi_MonitorGetEx=_SbieApi_MonitorGetEx@20
SbieApi_MonitorPut=_SbieApi_MonitorPut@8
SbieApi_MonitorPut2=_SbieApi_MonitorPut2@12

23
Sandboxie/core/dll/com.c
View File

@ -156,9 +156,9 @@ static void Com_Trace(
static void Com_Trace2(
const WCHAR* TraceType, REFCLSID rclsid, REFIID riid,
ULONG ProcNum, ULONG clsctx, HRESULT hr, USHORT monflag);
ULONG ProcNum, ULONG clsctx, HRESULT hr, ULONG monflag);
static void Com_Monitor(REFCLSID rclsid, USHORT monflag);
static void Com_Monitor(REFCLSID rclsid, ULONG monflag);
#define HSTRING void*
static HRESULT Com_RoGetActivationFactory(HSTRING activatableClassId, REFIID iid, void** factory);
@ -569,7 +569,7 @@ _FX HRESULT Com_CoGetClassObject(
{
static const WCHAR *TraceType = L"GETCLS";
HRESULT hr;
USHORT monflag = 0;
ULONG monflag = 0;
// debug tip. You can stop the debugger on a COM object load (instantiation) by uncommenting lines below.
@ -620,7 +620,7 @@ _FX HRESULT Com_CoGetObject(
GUID clsid;
HRESULT hr;
IClassFactory *pFactory;
USHORT monflag = 0;
ULONG monflag = 0;
BOOLEAN IsOpenClsid = FALSE;
if (_wcsnicmp(pszName, L"Elevation:Administrator!new:", 28) == 0) {
@ -669,7 +669,7 @@ _FX HRESULT Com_CoCreateInstance(
static const WCHAR *TraceType = L"CRE-IN";
HRESULT hr;
IClassFactory *pFactory;
USHORT monflag = 0;
ULONG monflag = 0;
if (Com_IsClosedClsid(rclsid)) {
*ppv = NULL;
@ -739,7 +739,7 @@ _FX HRESULT Com_CoCreateInstanceEx(
HRESULT hr;
IClassFactory *pFactory;
ULONG i;
USHORT monflag = 0;
ULONG monflag = 0;
//
// special cases
@ -3316,7 +3316,7 @@ _FX void Com_Trace(
_FX void Com_Trace2(
const WCHAR* TraceType, REFCLSID rclsid, REFIID riid,
ULONG ProcNum, ULONG clsctx, HRESULT hr, USHORT monflag)
ULONG ProcNum, ULONG clsctx, HRESULT hr, ULONG monflag)
{
WCHAR *text;
WCHAR *ptr;
@ -3363,7 +3363,7 @@ _FX void Com_Trace2(
//---------------------------------------------------------------------------
_FX void Com_Monitor(REFCLSID rclsid, USHORT monflag)
_FX void Com_Monitor(REFCLSID rclsid, ULONG monflag)
{
if (Dll_BoxName) {
@ -3465,12 +3465,17 @@ _FX BOOLEAN Com_IsClosedRT(const wchar_t* strClassId)
return TRUE;
}
//
// this seams to be broken as well
//if (wcscmp(strClassId, L"Windows.UI.Notifications.ToastNotificationManager") == 0)
// return TRUE;
static const WCHAR* setting = L"ClosedRT";
Com_LoadRTList(setting, &Com_ClosedRT);
for (const WCHAR* pName = Com_ClosedRT; pName && *pName; pName += wcslen(pName) + 1) {
if (wcscmp(strClassId, pName) == 0)
if (wcscmp(strClassId, pName) == 0 || wcscmp(pName, L"*") == 0)
return TRUE;
}

101
Sandboxie/core/dll/config.c
View File

@ -39,15 +39,6 @@
extern POOL* Dll_Pool;
extern POOL* Dll_PoolTemp;
static BOOLEAN Config_MatchImageGroup(
const WCHAR* group, ULONG group_len, const WCHAR* test_str,
ULONG depth);
static BOOLEAN Config_MatchImage(
const WCHAR* pat_str, ULONG pat_len, const WCHAR* test_str,
ULONG depth);
//---------------------------------------------------------------------------
// Config_MatchImage
//---------------------------------------------------------------------------
@ -210,7 +201,7 @@ _FX BOOLEAN Config_MatchImageGroup(
//---------------------------------------------------------------------------
_FX WCHAR* Config_MatchImageAndGetValue(WCHAR* value, ULONG* pMode)
_FX WCHAR* Config_MatchImageAndGetValue(WCHAR* value, const WCHAR* ImageName, ULONG* pMode)
{
//
// if the setting indicates an image name followed by a comma,
@ -233,15 +224,19 @@ _FX WCHAR* Config_MatchImageAndGetValue(WCHAR* value, ULONG* pMode)
else
inv = FALSE;
if (pMode) *pMode = inv ? 1 : 0; // 1 - match by negation, 0 - exact match
ULONG len = (ULONG)(tmp - value);
if (len) {
match = Config_MatchImage(value, len, Dll_ImageName, 1);
match = Config_MatchImage(value, len, ImageName, 1);
if (inv)
match = !match;
if (!match)
tmp = NULL;
else if (pMode) {
if (len == 1 && *value == L'*')
*pMode = 2; // 2 - match all
else
*pMode = inv ? 1 : 0; // 1 - match by negation, 0 - exact match
}
}
value = tmp ? tmp + 1 : NULL;
@ -292,7 +287,7 @@ _FX BOOLEAN Config_InitPatternList(const WCHAR* setting, LIST* list)
break;
++index;
WCHAR* value = Config_MatchImageAndGetValue(conf_buf, NULL);
WCHAR* value = Config_MatchImageAndGetValue(conf_buf, Dll_ImageName, NULL);
if (value)
{
pat = Pattern_Create(Dll_Pool, value, TRUE);
@ -326,7 +321,7 @@ _FX NTSTATUS Config_GetSettingsForImageName(
++index;
ULONG mode = -1;
WCHAR* found_value = Config_MatchImageAndGetValue(conf_buf, &mode);
WCHAR* found_value = Config_MatchImageAndGetValue(conf_buf, Dll_ImageName, &mode);
if (!found_value || mode > found_mode)
continue;
//if (found_value) {
@ -539,3 +534,79 @@ SBIEDLL_EXPORT BOOLEAN SbieDll_GetBoolForStringFromList(const WCHAR* string, co
}
return not_found;
}
//---------------------------------------------------------------------------
// Config_GetTagValue
//---------------------------------------------------------------------------
WCHAR* Config_GetTagValue(WCHAR* str, WCHAR** value, ULONG* len, WCHAR sep)
{
*value = NULL;
*len = 0;
// skip whitespace
//while (*str == L' ' || *str == L'\t') str++;
WCHAR* tmp;
BOOLEAN alt;
// check if tag contains a string in quotations
if ((alt = (*str == L'\"')) || (*str == L'\''))
{
WCHAR* end = wcschr(str + 1, alt ? L'\"' : L'\'');
if (!end)
return NULL; // error invalid string
*value = str + 1;
*len = (ULONG)(end - *value);
end++;
tmp = wcschr(end, sep);
if (!tmp) tmp = wcschr(end, L'\0');
}
// else just look for separator
else
{
tmp = wcschr(str, sep);
if (!tmp) tmp = wcschr(str, L'\0');
*value = str;
*len = (ULONG)(tmp - *value);
}
if (tmp && *tmp) tmp++; // skip separator
return tmp;
}
//---------------------------------------------------------------------------
// Config_FindTagValue
//---------------------------------------------------------------------------
BOOLEAN Config_FindTagValue(WCHAR* string, const WCHAR* tag_name, WCHAR* value, ULONG value_size, const WCHAR* deftext, WCHAR sep)
{
ULONG tag_len = wcslen(tag_name);
WCHAR* temp = string;
WCHAR* tmp;
WCHAR* name;
ULONG len;
WCHAR* found_value;
ULONG found_len;
while(*temp)
{
tmp = wcschr(temp, L'=');
if (!tmp)
break;
name = temp;
len = (ULONG)(tmp - temp);
temp = Config_GetTagValue(tmp + 1, &found_value, &found_len, sep);
if (tag_len == len && _wcsnicmp(tag_name, name, len) == 0)
{
wcsncpy_s(value, value_size / sizeof(WCHAR), found_value, found_len);
return TRUE;
}
}
return FALSE;
}

15
Sandboxie/core/dll/dll.h
View File

@ -697,6 +697,8 @@ BOOLEAN Secure_Init_Elevation(HMODULE);
BOOLEAN UserEnv_Init(HMODULE);
BOOLEAN UserEnv_InitVer(HMODULE);
BOOLEAN Scm_OsppcDll(HMODULE);
BOOLEAN Scm_DWriteDll(HMODULE);
@ -746,6 +748,15 @@ BOOLEAN ComDlg32_Init(HMODULE);
// Functions (Config)
//---------------------------------------------------------------------------
BOOLEAN Config_MatchImageGroup(
const WCHAR* group, ULONG group_len, const WCHAR* test_str,
ULONG depth);
BOOLEAN Config_MatchImage(
const WCHAR* pat_str, ULONG pat_len, const WCHAR* test_str,
ULONG depth);
WCHAR* Config_MatchImageAndGetValue(WCHAR* value, const WCHAR* ImageName, ULONG* pMode);
BOOLEAN Config_InitPatternList(const WCHAR* setting, LIST* list);
@ -754,6 +765,10 @@ NTSTATUS Config_GetSettingsForImageName(
BOOLEAN Config_GetSettingsForImageName_bool(const WCHAR* setting, BOOLEAN defval);
WCHAR* Config_GetTagValue(WCHAR* str, WCHAR** value, ULONG* len, WCHAR sep);
BOOLEAN Config_FindTagValue(WCHAR* string, const WCHAR* name, WCHAR* value, ULONG value_size, const WCHAR* deftext, WCHAR sep);
//---------------------------------------------------------------------------

2
Sandboxie/core/dll/dllmain.c
View File

@ -477,6 +477,8 @@ _FX void Dll_InitExeEntry(void)
Custom_Load_UxTheme();
UserEnv_InitVer(Dll_OsBuild >= 7600 ? Dll_KernelBase : Dll_Kernel32); // in KernelBase since win 7
//
// Windows 8.1: hook UserEnv-related entrypoint in KernelBase
//

4
Sandboxie/core/dll/dllpath.c
View File

@ -215,7 +215,7 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
WCHAR *path_lwr;
ULONG path_len;
ULONG mp_flags;
USHORT monflag;
ULONG monflag;
mp_flags = 0;
@ -240,6 +240,8 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
if (path && path[0] == L'\\' && path[1] == L'K'
&& (wcsncmp(path, L"\\KnownDlls", 10) == 0)) // this will be traced by the driver
monflag = 0;
} else if (path_code == L'w') {
monflag = MONITOR_WINCLASS;
} else
monflag = MONITOR_OTHER;

4
Sandboxie/core/dll/file_pipe.c
View File

@ -675,7 +675,7 @@ _FX NTSTATUS File_NtCreateFilePipe(
status == STATUS_OBJECT_NAME_NOT_FOUND ||
status == STATUS_OBJECT_PATH_NOT_FOUND) {
USHORT monflag = MONITOR_PIPE;
ULONG monflag = MONITOR_PIPE;
if (status == STATUS_ACCESS_DENIED)
monflag |= MONITOR_DENY;
SbieApi_MonitorPut(monflag, TruePath);
@ -1279,7 +1279,7 @@ _FX NTSTATUS File_WaitNamedPipe(
if (mp_flags) {
USHORT monflag = MONITOR_PIPE;
ULONG monflag = MONITOR_PIPE;
if (PATH_IS_CLOSED(mp_flags))
monflag |= MONITOR_DENY;
else

16
Sandboxie/core/dll/guienum.c
View File

@ -111,9 +111,9 @@ static HWND Gui_FindWindowExA(
//---------------------------------------------------------------------------
static void Gui_MonitorW(const WCHAR *clsnm, USHORT monflag, HWND hwnd);
static void Gui_MonitorW(const WCHAR *clsnm, ULONG monflag, HWND hwnd);
static void Gui_MonitorA(const UCHAR *clsnm, USHORT monflag, HWND hwnd);
static void Gui_MonitorA(const UCHAR *clsnm, ULONG monflag, HWND hwnd);
//---------------------------------------------------------------------------
@ -722,7 +722,7 @@ _FX HWND Gui_FindWindowW(
WCHAR *clsnm;
WCHAR *winnm;
HWND hwndResult;
USHORT monflag = 0;
ULONG monflag = 0;
#ifdef DEBUG_FINDWINDOW
WCHAR txt[256];
@ -781,7 +781,7 @@ _FX HWND Gui_FindWindowA(
UCHAR *clsnm;
UCHAR *winnm;
HWND hwndResult;
USHORT monflag = 0;
ULONG monflag = 0;
#ifdef DEBUG_FINDWINDOW
WCHAR txt[256];
@ -840,7 +840,7 @@ _FX HWND Gui_FindWindowExW(
WCHAR *clsnm;
WCHAR *winnm;
HWND hwndResult;
USHORT monflag = 0;
ULONG monflag = 0;
#ifdef DEBUG_FINDWINDOW
WCHAR txt[256];
@ -901,7 +901,7 @@ _FX HWND Gui_FindWindowExA(
UCHAR *clsnm;
UCHAR *winnm;
HWND hwndResult;
USHORT monflag = 0;
ULONG monflag = 0;
#ifdef DEBUG_FINDWINDOW
WCHAR txt[256];
@ -955,7 +955,7 @@ _FX HWND Gui_FindWindowExA(
//---------------------------------------------------------------------------
_FX void Gui_MonitorW(const WCHAR *clsnm, USHORT monflag, HWND hwnd)
_FX void Gui_MonitorW(const WCHAR *clsnm, ULONG monflag, HWND hwnd)
{
WCHAR text[130];
if (((ULONG_PTR)clsnm & (LONG_PTR)0xFFFF0000) != 0) {
@ -974,7 +974,7 @@ _FX void Gui_MonitorW(const WCHAR *clsnm, USHORT monflag, HWND hwnd)
//---------------------------------------------------------------------------
_FX void Gui_MonitorA(const UCHAR *clsnm, USHORT monflag, HWND hwnd)
_FX void Gui_MonitorA(const UCHAR *clsnm, ULONG monflag, HWND hwnd)
{
if (((ULONG_PTR)clsnm & (LONG_PTR)0xFFFF0000) != 0) {
NTSTATUS status;

30
Sandboxie/core/dll/ipc.c
View File

@ -289,8 +289,9 @@ const WCHAR *Ipc_actkernel = L"\\RPC Control\\actkernel";
extern const WCHAR *File_BQQB;
WCHAR *g_Ipc_DynamicPortNames[NUM_DYNAMIC_PORTS];
LIST Ipc_DynamicPortNames;
BOOLEAN RpcRt_IsDynamicPortOpen(const WCHAR* wszPortName);
//---------------------------------------------------------------------------
@ -370,14 +371,7 @@ _FX BOOLEAN Ipc_Init(void)
Ipc_CreateObjects();
g_Ipc_DynamicPortNames[SPOOLER_PORT] = Dll_Alloc(DYNAMIC_PORT_NAME_CHARS * sizeof(WCHAR));
g_Ipc_DynamicPortNames[WPAD_PORT] = Dll_Alloc(DYNAMIC_PORT_NAME_CHARS * sizeof(WCHAR));
g_Ipc_DynamicPortNames[SMART_CARD_PORT] = Dll_Alloc(DYNAMIC_PORT_NAME_CHARS * sizeof(WCHAR));
g_Ipc_DynamicPortNames[BT_PORT] = Dll_Alloc(DYNAMIC_PORT_NAME_CHARS * sizeof(WCHAR));
g_Ipc_DynamicPortNames[SSDP_PORT] = Dll_Alloc(DYNAMIC_PORT_NAME_CHARS * sizeof(WCHAR));
g_Ipc_DynamicPortNames[GAME_CONFIG_STORE_PORT] = Dll_Alloc(DYNAMIC_PORT_NAME_CHARS * sizeof(WCHAR));
List_Init(&Ipc_DynamicPortNames);
return TRUE;
}
@ -1478,7 +1472,6 @@ _FX NTSTATUS Ipc_NtAlpcConnectPort(
WCHAR *TruePath;
WCHAR *CopyPath;
ULONG mp_flags;
int i;
Dll_PushTlsNameBuffer(TlsData);
@ -1507,14 +1500,8 @@ _FX NTSTATUS Ipc_NtAlpcConnectPort(
goto OpenTruePath;
// Is this a dynamic RPC port that we need to open?
for (i = 0; i < NUM_DYNAMIC_PORTS; i++)
{
if ( g_Ipc_DynamicPortNames[i] && *g_Ipc_DynamicPortNames[i]
&& (_wcsicmp(TruePath, g_Ipc_DynamicPortNames[i]) == 0) )
// see also RpcBindingFromStringBindingW in core/dll/rpcrt.c
// and core/drv/ipc_spl.c
if(RpcRt_IsDynamicPortOpen(TruePath))
goto OpenTruePath;
}
//
// check for proxy LPC port
@ -1651,7 +1638,6 @@ _FX NTSTATUS Ipc_NtAlpcConnectPortEx(
WCHAR *TruePath;
WCHAR *CopyPath;
ULONG mp_flags;
int i;
Dll_PushTlsNameBuffer(TlsData);
@ -1688,14 +1674,8 @@ _FX NTSTATUS Ipc_NtAlpcConnectPortEx(
// and Ipc_NtAlpcConnectPort can be merged to eliminate code duplication.
// Is this a dynamic RPC port that we need to open?
for (i = 0; i < NUM_DYNAMIC_PORTS; i++)
{
if ( g_Ipc_DynamicPortNames[i] && *g_Ipc_DynamicPortNames[i]
&& (_wcsicmp(TruePath, g_Ipc_DynamicPortNames[i]) == 0) )
// see also RpcBindingFromStringBindingW in core/dll/rpcrt.c
// and core/drv/ipc_spl.c
if(RpcRt_IsDynamicPortOpen(TruePath))
goto OpenTruePath;
}
//
// check for proxy LPC port

8
Sandboxie/core/dll/ldr_init.c
View File

@ -211,6 +211,14 @@ _FX void Ldr_LoadInjectDlls(BOOLEAN bHostInject)
wmemcpy(dllname, path, wcslen(path));
}
//
// For security reasons we don't allow HostInjectDll to use an absolute path
// Dll's to be injected into host processes must be located in sbies install dir
//
else if (bHostInject)
continue;
//
// we have to prevent invocation of Ldr_CallDllCallbacks while

12
Sandboxie/core/dll/proc.c
View File

@ -970,6 +970,12 @@ finish:
TlsData->proc_command_line = NULL;
}
{
WCHAR msg[512];
Sbie_snwprintf(msg, 512, L"CreateProcess: %s (%s); err=%d", lpApplicationName ? lpApplicationName : L"[noName]", lpCommandLine ? lpCommandLine : L"[noCmd]", ok ? 0 : err);
SbieApi_MonitorPut2(MONITOR_OTHER | MONITOR_TRACE, msg, FALSE);
}
SetLastError(err);
return ok;
}
@ -1397,6 +1403,12 @@ finish:
TlsData->proc_command_line = NULL;
}
{
WCHAR msg[512];
Sbie_snwprintf(msg, 512, L"CreateProcess: %s (%s); err=%d", lpApplicationName ? lpApplicationName : L"[noName]", lpCommandLine ? lpCommandLine : L"[noCmd]", ok ? 0 : err);
SbieApi_MonitorPut2(MONITOR_OTHER | MONITOR_TRACE, msg, FALSE);
}
SetLastError(err);
return ok;
}

207
Sandboxie/core/dll/rpcrt.c
View File

@ -177,7 +177,14 @@ P_NdrClientCallX __sys_NdrClientCall2 = NULL;
P_NdrClientCallX __sys_NdrClientCall4 = NULL;
#endif
extern WCHAR* g_Ipc_DynamicPortNames[NUM_DYNAMIC_PORTS];
extern LIST Ipc_DynamicPortNames;
typedef struct _IPC_DYNAMIC_PORT {
LIST_ELEM list_elem;
WCHAR wstrPortId[DYNAMIC_PORT_ID_CHARS];
WCHAR wstrPortName[DYNAMIC_PORT_NAME_CHARS];
} IPC_DYNAMIC_PORT;
BOOLEAN g_rpc_client_hooks = FALSE;
@ -376,12 +383,70 @@ BOOLEAN RpcRt_TestCallingModule(ULONG_PTR pRetAddr, ULONG_PTR hModule)
}
//---------------------------------------------------------------------------
// RpcRt_FindModulePreset
//---------------------------------------------------------------------------
/*
_FX NTSTATUS RpcRt_FindModulePreset(
const WCHAR* CallingModule, const WCHAR* Identifier, WCHAR* value, ULONG value_size)
{
WCHAR conf_buf[2048];
ULONG found_mode = -1;
ULONG index = 0;
while (1) {
NTSTATUS status = SbieApi_QueryConf(
NULL, L"RpcPortBinding", index, conf_buf, sizeof(conf_buf) - 16 * sizeof(WCHAR));
if (!NT_SUCCESS(status))
break;
++index;
//
// examples:
//
// RpcPortBinding=winspool.drv,'ncalrpc:[,Security=Impersonation Dynamic False]',Resolve=Spooler
// RpcPortBinding=WinHttp.dll,ncalrpc:,Resolve=WinHttpAutoProxySvc,TimeOut=y
//
// RpcPortBinding=WinSCard.dll,{00000000-0000-0000-0000-000000000000},Resolve=SCard
// RpcPortBindingIfId=SCard,{C6B5235A-E413-481D-9AC8-31681B1FAAF5}
//
ULONG mode = -1;
WCHAR* found_value = Config_MatchImageAndGetValue(conf_buf, CallingModule, &mode);
if (!found_value || mode > found_mode)
continue;
WCHAR* test_value = NULL;
ULONG test_len = 0;
found_value = Config_GetTagValue(found_value, &test_value, &test_len, L',');
if (!test_value || !found_value || !*found_value) {
SbieApi_Log(2207, L"RpcPortBinding");
continue;
}
//test_value[test_len] = L'\0';
if (!Config_MatchImage(test_value, test_len, Identifier, 1))
continue;
wcscpy_s(value, value_size / sizeof(WCHAR), found_value);
found_mode = mode;
}
if (found_mode == -1)
return STATUS_NO_MORE_ENTRIES;
return STATUS_SUCCESS;
}*/
//---------------------------------------------------------------------------
// GetDynamicLpcPortName
//---------------------------------------------------------------------------
WCHAR* GetDynamicLpcPortName(ENUM_DYNAMIC_PORT_TYPE portType)
WCHAR* GetDynamicLpcPortName(const WCHAR* wszPortId)
{
EPMAPPER_GET_PORT_NAME_REQ req;
EPMAPPER_GET_PORT_NAME_RPL* rpl;
@ -389,7 +454,7 @@ WCHAR* GetDynamicLpcPortName(ENUM_DYNAMIC_PORT_TYPE portType)
memset(&req, 0, sizeof(req));
req.h.length = sizeof(EPMAPPER_GET_PORT_NAME_REQ);
req.h.msgid = MSGID_EPMAPPER_GET_PORT_NAME;
req.portType = portType;
wcscpy(req.wszPortId, wszPortId);
rpl = (EPMAPPER_GET_PORT_NAME_RPL*)SbieDll_CallServer(&req.h);
@ -399,25 +464,72 @@ WCHAR* GetDynamicLpcPortName(ENUM_DYNAMIC_PORT_TYPE portType)
WCHAR text[130];
if (rpl && NT_SUCCESS(rpl->h.status))
Sbie_snwprintf(text, 130, L"Resolved dynamic port: %d; endpoint: %s", req.portType, rpl->wszPortName);
Sbie_snwprintf(text, 130, L"Resolved dynamic port: %s; endpoint: %s", req.wszPortId, rpl->wszPortName);
else
Sbie_snwprintf(text, 130, L"Failed to resolve dynamic port: %d; status: %08X", req.portType, rpl ? rpl->h.status : 0);
Sbie_snwprintf(text, 130, L"Failed to resolve dynamic port: %s; status: %08X", req.wszPortId, rpl ? rpl->h.status : 0);
SbieApi_MonitorPut2(MONITOR_IPC | MONITOR_TRACE, text, FALSE);
}
if (rpl && NT_SUCCESS(rpl->h.status))
{
wcsncpy(g_Ipc_DynamicPortNames[portType], rpl->wszPortName, DYNAMIC_PORT_NAME_CHARS);
IPC_DYNAMIC_PORT* port = List_Head(&Ipc_DynamicPortNames);
while (port)
{
if (_wcsicmp(req.wszPortId, port->wstrPortId) == 0)
{
wmemcpy(port->wstrPortName, rpl->wszPortName, DYNAMIC_PORT_NAME_CHARS);
break;
}
port = List_Next(port);
}
if (port == NULL)
{
port = (IPC_DYNAMIC_PORT*)Dll_Alloc(sizeof(IPC_DYNAMIC_PORT));
if (port)
{
wmemcpy(port->wstrPortId, req.wszPortId, DYNAMIC_PORT_ID_CHARS);
wmemcpy(port->wstrPortName, rpl->wszPortName, DYNAMIC_PORT_NAME_CHARS);
List_Insert_After(&Ipc_DynamicPortNames, NULL, port);
}
}
Dll_Free(rpl);
return g_Ipc_DynamicPortNames[portType] + 13; // skip "\\RPC Control\\"
if(port)
return port->wstrPortName + 13; // skip "\\RPC Control\\"
}
return NULL;
}
//---------------------------------------------------------------------------
// RpcRt_IsDynamicPortOpen
//---------------------------------------------------------------------------
_FX BOOLEAN RpcRt_IsDynamicPortOpen(const WCHAR* wszPortName)
{
IPC_DYNAMIC_PORT* port = List_Head(&Ipc_DynamicPortNames);
while (port)
{
if (_wcsicmp(wszPortName, port->wstrPortName) == 0)
{
// see also RpcBindingFromStringBindingW in core/dll/rpcrt.c
// and core/drv/ipc_spl.c
return TRUE;
}
port = List_Next(port);
}
return FALSE;
}
//---------------------------------------------------------------------------
// RpcRt_RpcBindingFromStringBindingA
//---------------------------------------------------------------------------
@ -484,9 +596,6 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
return RPC_S_INVALID_ARG;
}
static const WCHAR* dynamicFalse = L"ncalrpc:[,Security=Impersonation Dynamic False]";
static const WCHAR* dynamicTrue = L"ncalrpc:[,Security=Impersonation Dynamic True]";
BOOLEAN use_RpcMgmtSetComTimeout = __use_RpcMgmtSetComTimeout;
THREAD_DATA* TlsData = Dll_GetTlsData(NULL);
@ -496,13 +605,16 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
WCHAR wstrPortName[DYNAMIC_PORT_NAME_CHARS];
memset(wstrPortName, 0, sizeof(wstrPortName));
static const WCHAR* dynamicFalse = L"ncalrpc:[,Security=Impersonation Dynamic False]";
static const WCHAR* dynamicTrue = L"ncalrpc:[,Security=Impersonation Dynamic True]";
if (_wcsicmp(StringBinding, dynamicFalse) == 0) {
ULONG_PTR pWinSpool = (ULONG_PTR)GetModuleHandle(L"winspool.drv");
if (RpcRt_TestCallingModule(pRetAddr, pWinSpool)) {
WCHAR* pwszTempPortName = GetDynamicLpcPortName(SPOOLER_PORT);
WCHAR* pwszTempPortName = GetDynamicLpcPortName(SPOOLER_PORT_ID);
if (pwszTempPortName == NULL)
return RPC_S_ACCESS_DENIED;
@ -524,17 +636,17 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
if (RpcRt_TestCallingModule(pRetAddr, hWinHttp))
{
// WPAD (Windows Proxy Auto Discovery) uses dynamic RPC endpoints starting in Win 10 Anniv.
pwszTempPortName = GetDynamicLpcPortName(WPAD_PORT);
pwszTempPortName = GetDynamicLpcPortName(WPAD_PORT_ID);
}
else if (RpcRt_TestCallingModule(pRetAddr, hBtApi))
{
// Bluetooth support service
pwszTempPortName = GetDynamicLpcPortName(BT_PORT);
pwszTempPortName = GetDynamicLpcPortName(BT_PORT_ID);
}
else if (RpcRt_TestCallingModule(pRetAddr, hSsdpApi))
{
// Simple Service Discovery Protocol API
pwszTempPortName = GetDynamicLpcPortName(SSDP_PORT);
pwszTempPortName = GetDynamicLpcPortName(SSDP_PORT_ID);
}
if (pwszTempPortName != pwszEmpty) {
@ -570,10 +682,40 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
WCHAR* CallingModule = Trace_FindModuleByAddress((void*)pRetAddr);
if (CallingModule)
{
/*WCHAR ModulePreset[256];
if (NT_SUCCESS(RpcRt_FindModulePreset(CallingModule, StringBinding, ModulePreset, sizeof(ModulePreset)))) {
WCHAR tagValue[96];
if (Config_FindTagValue(ModulePreset, L"Resolve", tagValue, sizeof(tagValue), NULL, L','))
{
WCHAR* pwszTempPortName = GetDynamicLpcPortName(tagValue);
if (pwszTempPortName == NULL)
return RPC_S_ACCESS_DENIED;
wcscpy(wstrPortName, L"ncalrpc:[");
wcscpy(wstrPortName + 9, pwszTempPortName);
wcscat(wstrPortName, L"]");
//wcscat(wstrPortName, dynamicFalse + 9);
}
if (Config_FindTagValue(ModulePreset, L"TimeOut", tagValue, sizeof(tagValue), NULL, L','))
{
if (*tagValue == L'y' || *tagValue == L'Y')
use_RpcMgmtSetComTimeout = TRUE;
else if (*tagValue == L'n' || *tagValue == L'N')
use_RpcMgmtSetComTimeout = FALSE;
}
}*/
use_RpcMgmtSetComTimeout = SbieDll_GetBoolForStringFromList(CallingModule, NULL, L"UseRpcMgmtSetComTimeout", TRUE, use_RpcMgmtSetComTimeout);
}
RPC_STATUS status;
status = __sys_RpcBindingFromStringBindingW(*wstrPortName ? wstrPortName : StringBinding, OutBinding);
// If there are any IpcTrace options set, then output this debug string
WCHAR wsTraceOptions[4];
if (SbieApi_QueryConf(NULL, L"IpcTrace", 0, wsTraceOptions, sizeof(wsTraceOptions)) == STATUS_SUCCESS && wsTraceOptions[0] != L'\0')
@ -632,6 +774,7 @@ DEFINE_GUID(
MSDTC_UUID,
0x906B0CE0, 0xC70B, 0x1067, 0xB3, 0x17, 0x00, 0xDD, 0x01, 0x06, 0x62, 0xDA);
_FX RPC_STATUS RpcRt_RpcBindingCreateW(
__in RPC_BINDING_HANDLE_TEMPLATE_V1_W * Template,
__in_opt RPC_BINDING_HANDLE_SECURITY_V1_W * Security,
@ -659,12 +802,12 @@ _FX RPC_STATUS RpcRt_RpcBindingCreateW(
if (RpcRt_TestCallingModule(pRetAddr, hWinSCard))
{
// smart card interface {C6B5235A-E413-481D-9AC8-31681B1FAAF5}
Template->StringEndpoint = GetDynamicLpcPortName(SMART_CARD_PORT);
Template->StringEndpoint = GetDynamicLpcPortName(SMART_CARD_PORT_ID);
}
else if (RpcRt_TestCallingModule(pRetAddr, hResourcePolicyClient))
{
// Win 10 AU WinRT interface - {88ABCBC3-34EA-76AE-8215-767520655A23}
Template->StringEndpoint = GetDynamicLpcPortName(GAME_CONFIG_STORE_PORT);
Template->StringEndpoint = GetDynamicLpcPortName(GAME_CONFIG_STORE_PORT_ID);
}
else
{
@ -678,16 +821,45 @@ _FX RPC_STATUS RpcRt_RpcBindingCreateW(
WCHAR* CallingModule = Trace_FindModuleByAddress((void*)pRetAddr);
if (CallingModule)
{
/*WCHAR ModulePreset[256];
if (NT_SUCCESS(RpcRt_FindModulePreset(CallingModule, StringUuid, ModulePreset, sizeof(ModulePreset)))) {
WCHAR tagValue[96];
if (RPC_PROTSEQ_LRPC == Template->ProtocolSequence && !Template->StringEndpoint)
{
if (Config_FindTagValue(ModulePreset, L"Resolve", tagValue, sizeof(tagValue), NULL, L','))
{
Template->StringEndpoint = GetDynamicLpcPortName(tagValue);
}
else if (Config_FindTagValue(ModulePreset, L"IpcPort", tagValue, sizeof(tagValue), NULL, L','))
{
Template->StringEndpoint = (unsigned short*)...;
}
}
if (Config_FindTagValue(ModulePreset, L"TimeOut", tagValue, sizeof(tagValue), NULL, L','))
{
if (*tagValue == L'y' || *tagValue == L'Y')
use_RpcMgmtSetComTimeout = TRUE;
else if (*tagValue == L'n' || *tagValue == L'N')
use_RpcMgmtSetComTimeout = FALSE;
}
}*/
use_RpcMgmtSetComTimeout = SbieDll_GetBoolForStringFromList(CallingModule, NULL, L"UseRpcMgmtSetComTimeout", TRUE, use_RpcMgmtSetComTimeout);
}
RPC_STATUS status;
status = __sys_RpcBindingCreateW(Template, Security, Options, Binding);
// If there are any IpcTrace options set, then output this debug string
WCHAR wsTraceOptions[4];
if (SbieApi_QueryConf(NULL, L"IpcTrace", 0, wsTraceOptions, sizeof(wsTraceOptions)) == STATUS_SUCCESS && wsTraceOptions[0] != L'\0')
{
WCHAR msg[512];
RPC_CSTR StringUuid;
RPC_WSTR StringUuid;
__sys_UuidToStringW(&Template->ObjectUuid, &StringUuid);
//Sbie_snwprintf(msg, 512, L"SBIE p=%06d t=%06d RpcBindingCreateW Endpoint = '%s', UUID = %s, status = 0x%X\n", GetCurrentProcessId(), GetCurrentThreadId(),
@ -700,6 +872,7 @@ _FX RPC_STATUS RpcRt_RpcBindingCreateW(
//OutputDebugString(msg);
SbieApi_MonitorPut2(MONITOR_IPC | MONITOR_TRACE, msg, FALSE);
}
if (use_RpcMgmtSetComTimeout) __sys_RpcMgmtSetComTimeout(*Binding, RPC_C_BINDING_TIMEOUT);
return status;
}

94
Sandboxie/core/dll/sbieapi.c
View File

@ -1423,21 +1423,23 @@ _FX LONG SbieApi_MonitorControl(
_FX LONG SbieApi_MonitorPut(
USHORT Type,
ULONG Type,
const WCHAR *Name)
{
NTSTATUS status;
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_MONITOR_GET_PUT_ARGS *args = (API_MONITOR_GET_PUT_ARGS *)parms;
//NTSTATUS status;
//__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
//API_MONITOR_GET_PUT_ARGS *args = (API_MONITOR_GET_PUT_ARGS *)parms;
memset(parms, 0, sizeof(parms));
args->func_code = API_MONITOR_PUT;
args->log_type.val64 = (ULONG64)(ULONG_PTR)&Type;
args->log_len.val64 = wcslen(Name) * sizeof(WCHAR);
args->log_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
status = SbieApi_Ioctl(parms);
//memset(parms, 0, sizeof(parms));
//args->func_code = API_MONITOR_PUT;
//args->log_type.val = Type;
//args->log_len.val64 = wcslen(Name) * sizeof(WCHAR);
//args->log_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
//status = SbieApi_Ioctl(parms);
return status;
//return status;
return SbieApi_MonitorPut2(Type, Name, TRUE);
}
//---------------------------------------------------------------------------
@ -1446,7 +1448,7 @@ _FX LONG SbieApi_MonitorPut(
_FX LONG SbieApi_MonitorPut2(
USHORT Type,
ULONG Type,
const WCHAR *Name,
BOOLEAN bCheckObjectExists)
{
@ -1456,7 +1458,7 @@ _FX LONG SbieApi_MonitorPut2(
memset(parms, 0, sizeof(parms));
args->func_code = API_MONITOR_PUT2;
args->log_type.val64 = (ULONG64)(ULONG_PTR)&Type;
args->log_type.val = Type;
args->log_len.val64 = wcslen(Name) * sizeof(WCHAR);
args->log_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
args->check_object_exists.val64 = bCheckObjectExists;
@ -1471,30 +1473,30 @@ _FX LONG SbieApi_MonitorPut2(
//---------------------------------------------------------------------------
_FX LONG SbieApi_MonitorGet(
USHORT *Type,
WCHAR *Name) // WCHAR [256]
{
NTSTATUS status;
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_MONITOR_GET_PUT_ARGS *args = (API_MONITOR_GET_PUT_ARGS *)parms;
memset(parms, 0, sizeof(parms));
args->func_code = API_MONITOR_GET;
args->log_type.val64 = (ULONG64)(ULONG_PTR)Type;
args->log_len.val64 = 256 * sizeof(WCHAR);
args->log_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
status = SbieApi_Ioctl(parms);
if (! NT_SUCCESS(status)) {
if (Type)
*Type = 0;
if (Name)
*Name = L'\0';
}
return status;
}
//_FX LONG SbieApi_MonitorGet(
// ULONG *Type,
// WCHAR *Name) // WCHAR [256]
//{
// NTSTATUS status;
// __declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
// API_MONITOR_GET_PUT_ARGS *args = (API_MONITOR_GET_PUT_ARGS *)parms;
//
// memset(parms, 0, sizeof(parms));
// args->func_code = API_MONITOR_GET;
// args->log_type.val64 = (ULONG64)(ULONG_PTR)Type;
// args->log_len.val64 = 256 * sizeof(WCHAR);
// args->log_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
// status = SbieApi_Ioctl(parms);
//
// if (! NT_SUCCESS(status)) {
// if (Type)
// *Type = 0;
// if (Name)
// *Name = L'\0';
// }
//
// return status;
//}
//---------------------------------------------------------------------------
@ -1504,23 +1506,23 @@ _FX LONG SbieApi_MonitorGet(
_FX LONG SbieApi_MonitorGetEx(
ULONG *SeqNum,
USHORT *Type,
ULONG64 *Pid,
ULONG64 *Tid,
ULONG *Type,
ULONG *Pid,
ULONG *Tid,
WCHAR *Name) // WCHAR [256]
{
NTSTATUS status;
__declspec(align(8)) UNICODE_STRING64 log_buffer = { 0, (USHORT)(256 * sizeof(WCHAR)), (ULONG64)Name };
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_MONITOR_GET_EX_ARGS *args = (API_MONITOR_GET_EX_ARGS *)parms;
memset(parms, 0, sizeof(parms));
args->func_code = API_MONITOR_GET_EX;
args->log_seq.val64 = (ULONG64)(ULONG_PTR)SeqNum;
args->log_type.val64 = (ULONG64)(ULONG_PTR)Type;
args->log_pid.val64 = (ULONG64)(ULONG_PTR)Pid;
args->log_tid.val64 = (ULONG64)(ULONG_PTR)Tid;
args->log_len.val64 = 256 * sizeof(WCHAR);
args->log_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
args->log_seq.val = SeqNum;
args->log_type.val = Type;
args->log_pid.val = Pid;
args->log_tid.val = Tid;
args->log_data.val = &log_buffer;
status = SbieApi_Ioctl(parms);
if (!NT_SUCCESS(status)) {

18
Sandboxie/core/dll/sbieapi.h
View File

@ -203,26 +203,26 @@ LONG SbieApi_MonitorControl(
SBIEAPI_EXPORT
LONG SbieApi_MonitorPut(
USHORT Type,
ULONG Type,
const WCHAR *Name);
SBIEAPI_EXPORT
LONG SbieApi_MonitorPut2(
USHORT Type,
ULONG Type,
const WCHAR *Name,
BOOLEAN bCheckObjectExists);
SBIEAPI_EXPORT
LONG SbieApi_MonitorGet(
USHORT *Type,
WCHAR *Name); // WCHAR [256]
//SBIEAPI_EXPORT
//LONG SbieApi_MonitorGet(
// ULONG *Type,
// WCHAR *Name); // WCHAR [256]
SBIEAPI_EXPORT
LONG SbieApi_MonitorGetEx(
ULONG *SeqNum,
USHORT *Type,
ULONG64 *Pid,
ULONG64 *Tid,
ULONG *Type,
ULONG *Pid,
ULONG *Tid,
WCHAR *Name); // WCHAR [256]

4
Sandboxie/core/dll/scm.c
View File

@ -336,9 +336,6 @@ static P_CloseEventLog __sys_CloseEventLog = NULL;
static const WCHAR *Scm_ServicesKeyPath =
L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Services\\";
static const WCHAR *_MsiServerInUseEventName =
SBIE L"_WindowsInstallerInUse";
static const WCHAR *Scm_MsiServer = L"MSIServer";
const WCHAR *Scm_CryptSvc = L"cryptsvc";
@ -394,6 +391,7 @@ static const WCHAR *_TrustedInstaller = L"TrustedInstaller";
#include "scm_query.c"
#include "scm_msi.c"
#include "scm_create.c"
#include "scm_event.c"
#include "scm_notify.c"

52
Sandboxie/core/dll/scm_create.c
View File

@ -136,16 +136,14 @@ static void Scm_DeletePermissions(const WCHAR *AppIdGuid);
static HANDLE Scm_ServiceKey = NULL;
static HANDLE Msi_ServerInUseEvent = NULL;
static LPHANDLER_FUNCTION Scm_Handler = NULL;
static LPHANDLER_FUNCTION_EX Scm_HandlerEx = NULL;
static void *Scm_HandlerContext = NULL;
//static volatile WCHAR* Scm_ServiceName = NULL;
static volatile BOOLEAN Scm_Started = FALSE;
static volatile BOOLEAN Scm_Stopped = FALSE;
static volatile BOOLEAN Scm_IsMsiServer = FALSE;
//---------------------------------------------------------------------------
@ -1146,41 +1144,22 @@ _FX BOOL Scm_StartServiceA(
_FX ULONG Scm_ServiceMainThread(ULONG_PTR *args)
{
WCHAR text[130];
Sbie_snwprintf(text, 130, L"ServiceMainThread; begin");
SbieApi_MonitorPut(MONITOR_OTHER, text);
typedef void (*P_Main)(ULONG argc, void **argv);
((P_Main)args[0])(1, (void **)&args[1]);
Sbie_snwprintf(text, 130, L"ServiceMainThread; end");
SbieApi_MonitorPut(MONITOR_OTHER, text);
//
// if this is the MSI Server, then wait for all our callers to end
//
if (! Scm_IsMsiServer)
return 0;
//
// release our hold on the MSI Server in-use flag
//
if (Msi_ServerInUseEvent) {
CloseHandle(Msi_ServerInUseEvent);
Msi_ServerInUseEvent = NULL;
}
//
// end the service as soon as the in-use flag is gone
//
while (1) {
HANDLE hEvent = OpenEvent(
EVENT_MODIFY_STATE, FALSE, _MsiServerInUseEventName);
if (! hEvent) {
ExitProcess(0);
break;
}
CloseHandle(hEvent);
Sleep(2000);
if (Scm_IsMsiServer) {
Scm_SetupMsiWaiter();
}
return 0;
@ -1199,7 +1178,7 @@ _FX BOOL Scm_StartServiceCtrlDispatcherX(
L"00000000_" SBIE L"_SERVICE_NAME";
WCHAR *ServiceName;
WCHAR *Buffer;
UNICODE_STRING uni; // fix-me: this mustbe freed !
UNICODE_STRING uni;
void *args[3];
ULONG ThreadId;
HANDLE hEvent;
@ -1306,7 +1285,9 @@ _FX BOOL Scm_StartServiceCtrlDispatcherX(
}
if (_wcsicmp(ServiceName, Scm_MsiServer) == 0) {
Scm_IsMsiServer = TRUE;
Scm_SetupMsiHooks();
}
HANDLE ThreadHandle = CreateThread(NULL, 0, Scm_ServiceMainThread, args, 0, &ThreadId);
@ -1380,6 +1361,9 @@ _FX BOOL Scm_StartServiceCtrlDispatcherX(
// if the service never started, report error
//
Sbie_snwprintf(text, 130, L"StartServiceCtrlDispatcher; result: %s", Scm_Started ? L"sucess" : L"failure");
SbieApi_MonitorPut(MONITOR_OTHER, text);
if (! Scm_Started) {
SbieApi_Log(2211, ServiceName);
return FALSE;
@ -1513,6 +1497,10 @@ _FX BOOL Scm_SetServiceStatus_Internal(
return FALSE;
}
WCHAR text[130];
Sbie_snwprintf(text, 130, L"SetServiceStatus; status: <%08X>", lpServiceStatus->dwCurrentState);
SbieApi_MonitorPut(MONITOR_OTHER, text);
#define MySetValueKey() \
NtSetValueKey(ServiceKeyHandle, &uni, \
0, REG_DWORD, (BYTE *)&val, sizeof(ULONG))

40
Sandboxie/core/dll/scm_misc.c
View File

@ -308,43 +308,3 @@ _FX BOOLEAN Scm_DWriteDll(HMODULE module)
return Scm_DllHack(module, L"FontCache");
}
//---------------------------------------------------------------------------
// Scm_MsiDll
//---------------------------------------------------------------------------
_FX BOOLEAN Scm_MsiDll(HMODULE module)
{
//
// MSI library unloading
// XXX - Ldr module no longer does unload notifications
// so we might rely on MsiCloseHandle instead
//
/* if (! module) {
if (Msi_ServerInUseEvent) {
CloseHandle(Msi_ServerInUseEvent);
Msi_ServerInUseEvent = FALSE;
}
return TRUE;
}*/
//
// indicate we are one more process that is using the MSI Server
//
if (Dll_ImageType != DLL_IMAGE_SANDBOXIE_RPCSS &&
Dll_ImageType != DLL_IMAGE_SANDBOXIE_DCOMLAUNCH) {
if ((! Msi_ServerInUseEvent) && (! Scm_IsMsiServer)) {
Msi_ServerInUseEvent = CreateEvent(
NULL, TRUE, FALSE, _MsiServerInUseEventName);
}
}
return TRUE;
}

194
Sandboxie/core/dll/scm_msi.c Normal file
View File

@ -0,0 +1,194 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020-2021 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
//---------------------------------------------------------------------------
// Service Control Manager
//---------------------------------------------------------------------------
//#define ErrorMessageBox(txt)
//
//#define HOOK_WIN32(func) { \
// const char *FuncName = #func; \
// void *SourceFunc = Ldr_GetProcAddrNew(DllName_advapi32, L#func, #func); \
// if (!SourceFunc && Dll_KernelBase) { \
// SourceFunc = GetProcAddress(Dll_KernelBase, FuncName); \
// } \
// __sys_##func = \
// (ULONG_PTR)SbieDll_Hook(FuncName, SourceFunc, my_##func); \
// if (! __sys_##func) \
// hook_success = FALSE; \
// }
//
//
//#include "../../apps/com/privs.h"
//---------------------------------------------------------------------------
// Functions
//---------------------------------------------------------------------------
static HANDLE Scm_CreateWaitableTimerW(
LPSECURITY_ATTRIBUTES lpTimerAttributes,
BOOL bManualReset, LPCWSTR lpTimerName);
//---------------------------------------------------------------------------
// Prototypes
//---------------------------------------------------------------------------
typedef HANDLE (*P_CreateWaitableTimerW)(
LPSECURITY_ATTRIBUTES lpTimerAttributes,
BOOL bManualReset, LPCWSTR lpTimerName);
//---------------------------------------------------------------------------
// Pointers
//---------------------------------------------------------------------------
static P_CreateWaitableTimerW __sys_CreateWaitableTimerW = NULL;
//---------------------------------------------------------------------------
// Variables
//---------------------------------------------------------------------------
static volatile BOOLEAN Scm_IsMsiServer = FALSE;
static const WCHAR *_MsiServerInUseEventName = SBIE L"_WindowsInstallerInUse";
static HANDLE Msi_ServerInUseEvent = NULL;
//---------------------------------------------------------------------------
// Scm_SetupMsiHooks
//---------------------------------------------------------------------------
_FX BOOLEAN Scm_SetupMsiHooks()
{
//while (!IsDebuggerPresent())
// Sleep(500);
//__debugbreak();
P_CreateWaitableTimerW CreateWaitableTimerW = (P_CreateWaitableTimerW)GetProcAddress(Dll_Kernel32, "CreateWaitableTimerW");
SBIEDLL_HOOK(Scm_, CreateWaitableTimerW);
//// hook privilege-related functions
//if (!Hook_Privilege())
// return FALSE;
return TRUE;
}
//---------------------------------------------------------------------------
// Scm_CreateWaitableTimerW
//---------------------------------------------------------------------------
_FX HANDLE Scm_CreateWaitableTimerW(
LPSECURITY_ATTRIBUTES lpTimerAttributes,
BOOL bManualReset, LPCWSTR lpTimerName)
{
//
// When MsiServer is not started as system (missing the admin groupe) this call fails
//
lpTimerAttributes = NULL;
return __sys_CreateWaitableTimerW(lpTimerAttributes, bManualReset, lpTimerName);
}
//---------------------------------------------------------------------------
// Scm_SetupMsiWaiter
//---------------------------------------------------------------------------
_FX void Scm_SetupMsiWaiter()
{
//
// release our hold on the MSI Server in-use flag
//
if (Msi_ServerInUseEvent) {
CloseHandle(Msi_ServerInUseEvent);
Msi_ServerInUseEvent = NULL;
}
//
// end the service as soon as the in-use flag is gone
//
while (1) {
HANDLE hEvent = OpenEvent(
EVENT_MODIFY_STATE, FALSE, _MsiServerInUseEventName);
if (!hEvent) {
ExitProcess(0);
break;
}
CloseHandle(hEvent);
Sleep(2000);
}
}
//---------------------------------------------------------------------------
// Scm_MsiDll
//---------------------------------------------------------------------------
_FX BOOLEAN Scm_MsiDll(HMODULE module)
{
//
// MSI library unloading
// XXX - Ldr module no longer does unload notifications
// so we might rely on MsiCloseHandle instead
//
/* if (! module) {
if (Msi_ServerInUseEvent) {
CloseHandle(Msi_ServerInUseEvent);
Msi_ServerInUseEvent = FALSE;
}
return TRUE;
}*/
//
// indicate we are one more process that is using the MSI Server
//
if (Dll_ImageType != DLL_IMAGE_SANDBOXIE_RPCSS &&
Dll_ImageType != DLL_IMAGE_SANDBOXIE_DCOMLAUNCH) {
if ((!Msi_ServerInUseEvent) && (!Scm_IsMsiServer)) {
Msi_ServerInUseEvent = CreateEvent(
NULL, TRUE, FALSE, _MsiServerInUseEventName);
}
}
return TRUE;
}

128
Sandboxie/core/dll/userenv.c
View File

@ -36,6 +36,7 @@ static ULONG UserEnv_GetAppliedGPOList(
ULONG dwFlags, const WCHAR *pMachineName, PSID pSidUser,
GUID *pGuidExtension, void *ppGPOList);
static NTSTATUS UserEnv_RtlGetVersion(LPOSVERSIONINFOEXW lpVersionInfo);
static BOOL UserEnv_GetVersionExW(LPOSVERSIONINFOEXW lpVersionInfo);
static BOOL UserEnv_GetVersionExA(LPOSVERSIONINFOEXA lpVersionInfo);
@ -50,18 +51,54 @@ typedef ULONG (*P_GetAppliedGPOList)(
ULONG dwFlags, const WCHAR *pMachineName, PSID pSidUser,
GUID *pGuidExtension, void *ppGPOList);
typedef NTSTATUS(*P_RtlGetVersion)(LPOSVERSIONINFOEXW);
typedef BOOL (*P_GetVersionExW)(LPOSVERSIONINFOEXW lpVersionInfo);
typedef BOOL (*P_GetVersionExA)(LPOSVERSIONINFOEXA lpVersionInfo);
//---------------------------------------------------------------------------
static P_RegisterGPNotification __sys_RegisterGPNotification = NULL;
static P_UnregisterGPNotification __sys_UnregisterGPNotification = NULL;
static P_GetAppliedGPOList __sys_GetAppliedGPOList = NULL;
static P_RtlGetVersion __sys_RtlGetVersion = NULL;
static P_GetVersionExW __sys_GetVersionExW = NULL;
static P_GetVersionExA __sys_GetVersionExA = NULL;
static DWORD UserEnv_dwBuildNumber = 0;
//---------------------------------------------------------------------------
// UserEnv_Init
//---------------------------------------------------------------------------
_FX BOOLEAN UserEnv_InitVer(HMODULE module)
{
void* RtlGetVersion;
void* GetVersionExW;
void* GetVersionExA;
WCHAR str[32];
NTSTATUS status = Config_GetSettingsForImageName("OverrideOsBuild", str, sizeof(str), NULL);
if (NT_SUCCESS(status))
UserEnv_dwBuildNumber = _wtoi(str);
if (UserEnv_dwBuildNumber == 0 && Dll_OsBuild < 9600)
return TRUE; // don't hook if not needed or its windows 8 or earlier
RtlGetVersion = GetProcAddress(GetModuleHandleW(L"ntdll"), "RtlGetVersion");
GetVersionExW = (P_GetVersionExW)GetProcAddress(module, "GetVersionExW");
GetVersionExA = (P_GetVersionExA)GetProcAddress(module, "GetVersionExA");
SBIEDLL_HOOK(UserEnv_, RtlGetVersion);
SBIEDLL_HOOK(UserEnv_, GetVersionExW);
SBIEDLL_HOOK(UserEnv_, GetVersionExA);
return TRUE;
}
//---------------------------------------------------------------------------
// UserEnv_Init
@ -75,8 +112,6 @@ _FX BOOLEAN UserEnv_Init(HMODULE module)
void *GetAppliedGPOList;
if (module == Dll_KernelBase) {
void *GetVersionExW;
void *GetVersionExA;
//
// on Windows 8.1, UserEnv!GetAppliedGPOList calls
@ -88,11 +123,6 @@ _FX BOOLEAN UserEnv_Init(HMODULE module)
SBIEDLL_HOOK(UserEnv_,GetAppliedGPOList);
GetVersionExW = (P_GetVersionExW) GetProcAddress(module, "GetVersionExW");
GetVersionExA = (P_GetVersionExA) GetProcAddress(module, "GetVersionExA");
SBIEDLL_HOOK(UserEnv_,GetVersionExW);
SBIEDLL_HOOK(UserEnv_,GetVersionExA);
} else {
//
@ -151,6 +181,75 @@ ULONG UserEnv_GetAppliedGPOList(
return ERROR_PROC_NOT_FOUND;
}
//---------------------------------------------------------------------------
// UserEnv_RtlGetVersion
//---------------------------------------------------------------------------
_FX void UserEnv_MkVersionEx(DWORD* dwBuildNumber, DWORD* dwMajorVersion, DWORD* dwMinorVersion, WORD* wServicePackMajor, WORD* wServicePackMinor)
{
*dwBuildNumber = UserEnv_dwBuildNumber;
*wServicePackMajor = 0;
*wServicePackMinor = 0;
if (UserEnv_dwBuildNumber <= 2600) { // xp sp3
*dwMajorVersion = 5;
*dwMinorVersion = 1;
*wServicePackMajor = 3;
}
else if (UserEnv_dwBuildNumber <= 3790) { // 2003 sp2
*dwMajorVersion = 5;
*dwMinorVersion = 2;
*wServicePackMajor = 2;
}
else if (UserEnv_dwBuildNumber <= 6000) { // vista
*dwMajorVersion = 6;
*dwMinorVersion = 0;
}
else if (UserEnv_dwBuildNumber <= 6001) { // vista sp1
*dwMajorVersion = 6;
*dwMinorVersion = 0;
*wServicePackMajor = 1;
}
else if (UserEnv_dwBuildNumber <= 6002) { // vista sp2
*dwMajorVersion = 6;
*dwMinorVersion = 0;
*wServicePackMajor = 2;
}
else if (UserEnv_dwBuildNumber <= 7600) { // 7
*dwMajorVersion = 6;
*dwMinorVersion = 1;
}
else if (UserEnv_dwBuildNumber <= 7601) { // 7 sp1
*dwMajorVersion = 6;
*dwMinorVersion = 1;
*wServicePackMajor = 1;
}
else if (UserEnv_dwBuildNumber <= 9200) { // 8
*dwMajorVersion = 6;
*dwMinorVersion = 2;
}
else if (UserEnv_dwBuildNumber <= 9600) { // 8.1
*dwMajorVersion = 6;
*dwMinorVersion = 3;
}
else { // windows 10
*dwMajorVersion = 10;
*dwMinorVersion = 0;
}
}
_FX NTSTATUS UserEnv_RtlGetVersion(LPOSVERSIONINFOEXW lpVersionInfo)
{
NTSTATUS status = __sys_RtlGetVersion(lpVersionInfo);
if (UserEnv_dwBuildNumber) {
UserEnv_MkVersionEx(&lpVersionInfo->dwBuildNumber,
&lpVersionInfo->dwMajorVersion, &lpVersionInfo->dwMinorVersion,
&lpVersionInfo->wServicePackMajor, &lpVersionInfo->wServicePackMinor);
}
return status;
}
//---------------------------------------------------------------------------
// UserEnv_GetVersionExW
//---------------------------------------------------------------------------
@ -158,12 +257,8 @@ ULONG UserEnv_GetAppliedGPOList(
_FX BOOL UserEnv_GetVersionExW(LPOSVERSIONINFOEXW lpVersionInfo)
{
// Get the version from the kernel
NTSTATUS (WINAPI *RtlGetVersion)(LPOSVERSIONINFOEXW);
*(FARPROC*)&RtlGetVersion = GetProcAddress(GetModuleHandleW(L"ntdll"), "RtlGetVersion");
if (RtlGetVersion != NULL)
{
RtlGetVersion(lpVersionInfo);
if (__sys_RtlGetVersion != NULL) {
__sys_RtlGetVersion(lpVersionInfo);
// RtlGetVersion always returns STATUS_SUCCESS
return TRUE;
@ -179,5 +274,12 @@ _FX BOOL UserEnv_GetVersionExA(LPOSVERSIONINFOEXA lpVersionInfo)
rc = __sys_GetVersionExA(lpVersionInfo);
lpVersionInfo->dwMajorVersion = GET_PEB_MAJOR_VERSION;
lpVersionInfo->dwMinorVersion = GET_PEB_MINOR_VERSION;
if (UserEnv_dwBuildNumber) {
UserEnv_MkVersionEx(&lpVersionInfo->dwBuildNumber,
&lpVersionInfo->dwMajorVersion, &lpVersionInfo->dwMinorVersion,
&lpVersionInfo->wServicePackMajor, &lpVersionInfo->wServicePackMinor);
}
return rc;
}

162
Sandboxie/core/drv/api.c
View File

@ -63,7 +63,7 @@ static NTSTATUS Api_LogMessage(PROCESS *proc, ULONG64 *parms);
static NTSTATUS Api_GetMessage(PROCESS *proc, ULONG64 *parms);
static NTSTATUS Api_GetWork(PROCESS *proc, ULONG64 *parms);
//static NTSTATUS Api_GetWork(PROCESS *proc, ULONG64 *parms);
static NTSTATUS Api_GetHomePath(PROCESS *proc, ULONG64 *parms);
@ -179,7 +179,7 @@ _FX BOOLEAN Api_Init(void)
//
Api_SetFunction(API_GET_VERSION, Api_GetVersion);
Api_SetFunction(API_GET_WORK, Api_GetWork);
//Api_SetFunction(API_GET_WORK, Api_GetWork);
Api_SetFunction(API_LOG_MESSAGE, Api_LogMessage);
Api_SetFunction(API_GET_MESSAGE, Api_GetMessage);
Api_SetFunction(API_GET_HOME_PATH, Api_GetHomePath);
@ -933,89 +933,89 @@ _FX BOOLEAN Api_SendServiceMessage(ULONG msgid, ULONG data_len, void *data)
// Api_GetWork
//---------------------------------------------------------------------------
_FX NTSTATUS Api_GetWork(PROCESS *proc, ULONG64 *parms)
{
return STATUS_NOT_IMPLEMENTED;
/*API_GET_WORK_ARGS *args = (API_GET_WORK_ARGS *)parms;
NTSTATUS status;
void *buffer_ptr;
ULONG buffer_len;
ULONG *result_len;
ULONG length;
API_WORK_ITEM *work_item;
KIRQL irql;
//
// caller must not be sandboxed, and caller has to be SbieSvc
// if session parameter is -1
//_FX NTSTATUS Api_GetWork(PROCESS *proc, ULONG64 *parms)
//{
// return STATUS_NOT_IMPLEMENTED;
//
if (proc)
return STATUS_NOT_IMPLEMENTED;
if (args->session_id.val == -1 &&
PsGetCurrentProcessId() != Api_ServiceProcessId)
return STATUS_ACCESS_DENIED;
// /*API_GET_WORK_ARGS *args = (API_GET_WORK_ARGS *)parms;
// NTSTATUS status;
// void *buffer_ptr;
// ULONG buffer_len;
// ULONG *result_len;
// ULONG length;
// API_WORK_ITEM *work_item;
// KIRQL irql;
//
// find next work/log item for the session
// //
// // caller must not be sandboxed, and caller has to be SbieSvc
// // if session parameter is -1
// //
//
buffer_ptr = args->buffer.val;
buffer_len = args->buffer_len.val;
result_len = args->result_len_ptr.val;
irql = Api_EnterCriticalSection();
work_item = List_Head(&Api_WorkList);
while (work_item) {
if (work_item->session_id == args->session_id.val)
break;
work_item = List_Next(work_item);
}
__try {
if (! work_item) {
status = STATUS_NO_MORE_ENTRIES;
} else {
if (work_item->length <= buffer_len) {
length = work_item->length
- FIELD_OFFSET(API_WORK_ITEM, type);
ProbeForWrite(buffer_ptr, length, sizeof(UCHAR));
memcpy(buffer_ptr, &work_item->type, length);
status = STATUS_SUCCESS;
} else {
length = work_item->length;
status = STATUS_BUFFER_TOO_SMALL;
}
if (result_len) {
ProbeForWrite(result_len, sizeof(ULONG), sizeof(ULONG));
*result_len = length;
}
if (status == STATUS_SUCCESS)
Api_DelWork(work_item);
}
} __except (EXCEPTION_EXECUTE_HANDLER) {
status = GetExceptionCode();
}
Api_LeaveCriticalSection(irql);
return status;*/
}
// if (proc)
// return STATUS_NOT_IMPLEMENTED;
//
// if (args->session_id.val == -1 &&
// PsGetCurrentProcessId() != Api_ServiceProcessId)
// return STATUS_ACCESS_DENIED;
//
// //
// // find next work/log item for the session
// //
//
// buffer_ptr = args->buffer.val;
// buffer_len = args->buffer_len.val;
// result_len = args->result_len_ptr.val;
//
// irql = Api_EnterCriticalSection();
//
// work_item = List_Head(&Api_WorkList);
// while (work_item) {
// if (work_item->session_id == args->session_id.val)
// break;
// work_item = List_Next(work_item);
// }
//
// __try {
//
// if (! work_item) {
//
// status = STATUS_NO_MORE_ENTRIES;
//
// } else {
//
// if (work_item->length <= buffer_len) {
//
// length = work_item->length
// - FIELD_OFFSET(API_WORK_ITEM, type);
// ProbeForWrite(buffer_ptr, length, sizeof(UCHAR));
// memcpy(buffer_ptr, &work_item->type, length);
//
// status = STATUS_SUCCESS;
//
// } else {
//
// length = work_item->length;
// status = STATUS_BUFFER_TOO_SMALL;
// }
//
// if (result_len) {
// ProbeForWrite(result_len, sizeof(ULONG), sizeof(ULONG));
// *result_len = length;
// }
//
// if (status == STATUS_SUCCESS)
// Api_DelWork(work_item);
// }
//
// } __except (EXCEPTION_EXECUTE_HANDLER) {
// status = GetExceptionCode();
// }
//
// Api_LeaveCriticalSection(irql);
//
// return status;*/
//}
//---------------------------------------------------------------------------

55
Sandboxie/core/drv/api_defs.h
View File

@ -87,7 +87,7 @@ enum {
API_FIRST = 0x12340000L,
API_GET_VERSION,
API_GET_WORK,
API_GET_WORK_DEPRECATED, // deprecated
API_LOG_MESSAGE,
API_GET_LICENSE_PRE_V3_48_DEPRECATED, // deprecated
API_SET_LICENSE_PRE_V3_48_DEPRECATED, // deprecated
@ -98,8 +98,8 @@ enum {
API_QUERY_PATH_LIST,
API_ENUM_PROCESSES,
API_DISABLE_FORCE_PROCESS,
API_HOOK_TRAMP, // deprecated
API_UNMOUNT_HIVES, // deprecated
API_HOOK_TRAMP_DEPRECATED, // deprecated
API_UNMOUNT_HIVES_DEPRECATED, // deprecated
API_QUERY_CONF,
API_RELOAD_CONF,
API_CREATE_DIR_OR_LINK,
@ -113,8 +113,8 @@ enum {
API_SESSION_SET_LEADER_DEPRECATED, // deprecated
API_GLOBAL_FORCE_PROCESS_DEPRECATED, // deprecated
API_MONITOR_CONTROL,
API_MONITOR_PUT,
API_MONITOR_GET,
API_MONITOR_PUT_DEPRECATED, // deprecated
API_MONITOR_GET_DEPRECATED, // deprecated
API_GET_UNMOUNT_HIVE,
API_GET_FILE_NAME,
API_REFRESH_FILE_PATH_LIST,
@ -144,10 +144,10 @@ enum {
API_ALLOW_SPOOLER_PRINT_TO_FILE_DEPRECATED, // deprecated
API_RELOAD_CONF2,
API_MONITOR_PUT2,
API_GET_SPOOLER_PORT, // deprecated
API_GET_WPAD_PORT, // deprecated
API_SET_GAME_CONFIG_STORE_PORT, // deprecated
API_SET_SMART_CARD_PORT, // deprecated
API_GET_SPOOLER_PORT_DEPRECATED, // deprecated
API_GET_WPAD_PORT_DEPRECATED, // deprecated
API_SET_GAME_CONFIG_STORE_PORT_DEPRECATED, // deprecated
API_SET_SMART_CARD_PORT_DEPRECATED, // deprecated
API_MONITOR_GET_EX,
API_GET_MESSAGE,
API_PROCESS_EXEMPTION_CONTROL,
@ -207,7 +207,7 @@ API_ARGS_BEGIN(API_LOG_MESSAGE_ARGS)
API_ARGS_FIELD(ULONG, session_id)
API_ARGS_FIELD(ULONG, msgid)
API_ARGS_FIELD(UNICODE_STRING64 *, msgtext)
API_ARGS_FIELD(ULONG *, process_id)
API_ARGS_FIELD(ULONG, process_id)
API_ARGS_CLOSE(API_LOG_MESSAGE_ARGS)
API_ARGS_BEGIN(API_GET_MESSAGE_ARGS)
@ -287,11 +287,11 @@ API_ARGS_FIELD(HANDLE *,process_handle)
API_ARGS_CLOSE(API_OPEN_PROCESS_ARGS)
API_ARGS_BEGIN(API_GET_INJECT_SAVE_AREA_ARGS)
API_ARGS_FIELD(ULONG64 *,save_area_base)
API_ARGS_FIELD(ULONG *,save_area_len)
API_ARGS_FIELD(UCHAR *,save_area_ptr)
API_ARGS_CLOSE(API_GET_INJECT_SAVE_AREA_ARGS)
//API_ARGS_BEGIN(API_GET_INJECT_SAVE_AREA_ARGS)
//API_ARGS_FIELD(ULONG64 *,save_area_base)
//API_ARGS_FIELD(ULONG *,save_area_len)
//API_ARGS_FIELD(UCHAR *,save_area_ptr)
//API_ARGS_CLOSE(API_GET_INJECT_SAVE_AREA_ARGS)
API_ARGS_BEGIN(API_RENAME_FILE_ARGS)
@ -321,26 +321,27 @@ API_ARGS_FIELD(ULONG *,get_flag)
API_ARGS_CLOSE(API_MONITOR_CONTROL_ARGS)
API_ARGS_BEGIN(API_MONITOR_GET_PUT_ARGS)
API_ARGS_FIELD(USHORT *,log_type)
API_ARGS_FIELD(ULONG, log_len)
API_ARGS_FIELD(WCHAR *, log_ptr)
API_ARGS_CLOSE(API_MONITOR_GET_PUT_ARGS)
//API_ARGS_BEGIN(API_MONITOR_GET_PUT_ARGS)
//API_ARGS_FIELD(ULONG, log_type)
//API_ARGS_FIELD(ULONG, log_len)
//API_ARGS_FIELD(WCHAR *, log_ptr)
//API_ARGS_CLOSE(API_MONITOR_GET_PUT_ARGS)
API_ARGS_BEGIN(API_MONITOR_GET_EX_ARGS)
API_ARGS_FIELD(ULONG *, log_seq)
API_ARGS_FIELD(USHORT *, log_type)
API_ARGS_FIELD(ULONG64 *, log_pid)
API_ARGS_FIELD(ULONG64 *, log_tid)
API_ARGS_FIELD(ULONG, log_len)
API_ARGS_FIELD(WCHAR *, log_ptr)
API_ARGS_FIELD(ULONG *, log_type)
API_ARGS_FIELD(UNICODE_STRING64*, log_data)
API_ARGS_FIELD(ULONG*, log_pid)
API_ARGS_FIELD(ULONG*, log_tid)
//API_ARGS_FIELD(ULONG*, log_aux)
API_ARGS_CLOSE(API_MONITOR_GET_EX_ARGS)
API_ARGS_BEGIN(API_MONITOR_PUT2_ARGS)
API_ARGS_FIELD(USHORT *, log_type)
API_ARGS_FIELD(ULONG, log_type)
API_ARGS_FIELD(ULONG, log_len)
API_ARGS_FIELD(WCHAR *, log_ptr)
API_ARGS_FIELD(BOOLEAN,check_object_exists)
//API_ARGS_FIELD(ULONG, log_aux)
API_ARGS_CLOSE(API_MONITOR_PUT2_ARGS)
API_ARGS_BEGIN(API_GET_UNMOUNT_HIVE_ARGS)
@ -445,7 +446,7 @@ API_ARGS_CLOSE(API_PROCESS_EXEMPTION_CONTROL_ARGS)
API_ARGS_BEGIN(API_OPEN_DYNAMIC_PORT_ARGS)
API_ARGS_FIELD(WCHAR*,port_name)
API_ARGS_FIELD(HANDLE,process_id)
API_ARGS_FIELD(ULONG,port_type)
API_ARGS_FIELD(WCHAR*,port_id)
API_ARGS_CLOSE(API_OPEN_DYNAMIC_PORT_ARGS)

55
Sandboxie/core/drv/api_flags.h
View File

@ -41,26 +41,41 @@
#define DUPLICATE_INHERIT 0x00040000
#define DUPLICATE_INTO_OTHER 0x00080000 // otherwise DUP_FROM_OTHER
#define MONITOR_SYSCALL 0x000B
#define MONITOR_PIPE 0x011B
#define MONITOR_IPC 0x022B
#define MONITOR_WINCLASS 0x033B
#define MONITOR_DRIVE 0x044B
#define MONITOR_COMCLASS 0x055B
#define MONITOR_IGNORE 0x066B
#define MONITOR_IMAGE 0x077B
#define MONITOR_FILE 0x088B
#define MONITOR_KEY 0x099B
#define MONITOR_OTHER 0x0AAB
//#define MONITOR_ 0x0BBB
//#define MONITOR_ 0x0CCB
//#define MONITOR_ 0x0DDB
//#define MONITOR_ 0x0EEB
//#define MONITOR_ 0x0FFB
#define MONITOR_OPEN 0x1000
#define MONITOR_DENY 0x2000
#define MONITOR_USER 0x4000
#define MONITOR_TRACE 0x8000
#define MONITOR_SYSCALL 0x00000001
#define MONITOR_PIPE 0x00000002
#define MONITOR_IPC 0x00000003
#define MONITOR_WINCLASS 0x00000004
#define MONITOR_DRIVE 0x00000005
#define MONITOR_COMCLASS 0x00000006
#define MONITOR_RTCLASS 0x00000007
#define MONITOR_IGNORE 0x00000008
#define MONITOR_IMAGE 0x00000009
#define MONITOR_FILE 0x0000000A
#define MONITOR_KEY 0x0000000B
#define MONITOR_OTHER 0x0000000C
#define MONITOR_OTHER1 0x0000000D
#define MONITOR_OTHER2 0x0000000E
#define MONITOR_APICALL 0x0000000F // needs the logapi.dll
#define MONITOR_TYPE_MASK 0x000000FF
#define MONITOR_RESERVED 0x0000FF00
#define MONITOR_OPEN 0x00010000
#define MONITOR_DENY 0x00020000 // CLOSED
#define MONITOR_DISPOSITION_MASK 0x000F0000
#define MONITOR_ALLOWED 0x00100000
#define MONITOR_DENIDED 0x00200000
#define MONITOR_SUCCESS 0x00400000
#define MONITOR_FAILURE 0x00800000
#define MONITOR_RESULT_MASK 0x00F00000
#define MONITOR_UNUSED 0x3F000000
#define MONITOR_TRACE 0x40000000
#define MONITOR_USER 0x80000000
#define DISABLE_JUST_THIS_PROCESS 0x0123ABC0

6
Sandboxie/core/drv/file.c
View File

@ -1501,7 +1501,7 @@ skip_due_to_home_folder:
if (letter) {
USHORT mon_type = IsPipeDevice ? MONITOR_PIPE : MONITOR_FILE;
ULONG mon_type = IsPipeDevice ? MONITOR_PIPE : MONITOR_FILE;
if (!IsBoxedPath) {
if (ShouldMonitorAccess == TRUE)
mon_type |= MONITOR_DENY;
@ -1520,7 +1520,7 @@ skip_due_to_home_folder:
else if (IsPipeDevice && Session_MonitorCount) {
USHORT mon_type = MONITOR_PIPE;
ULONG mon_type = MONITOR_PIPE;
WCHAR *mon_name = Name->Name.Buffer;
if (MonitorPrefixLen && MonitorSuffixPtr) {
@ -2244,7 +2244,7 @@ _FX NTSTATUS File_Api_Open(PROCESS *proc, ULONG64 *parms)
if (letter) {
USHORT mon_type = MONITOR_FILE;
ULONG mon_type = MONITOR_FILE;
mon_type |= MONITOR_TRACE;
swprintf(access_str, L"(F%c) %08X.%02X.%08X",

8
Sandboxie/core/drv/file_ctrl.c
View File

@ -108,12 +108,11 @@ _FX NTSTATUS Syscall_DeviceIoControlFile(
WCHAR msg_str[240];
swprintf(msg_str, L"DeviceIoContoleFile, CMApi, func = 0x%X, filter=%d, p=%06d t=%06d, %s\n",
function, filter, PsGetCurrentProcessId(), PsGetCurrentThreadId(), proc->image_name);
const WCHAR* strings[2] = { msg_str, NULL };
Session_MonitorPutEx(MONITOR_OTHER | MONITOR_TRACE, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());*/
Log_Debug_Msg(MONITOR_OTHER | MONITOR_TRACE, msg_str, NULL);*/
if (Session_MonitorCount && (proc->ipc_trace & (TRACE_ALLOW | TRACE_DENY))) {
USHORT mon_type = MONITOR_IPC;
ULONG mon_type = MONITOR_IPC;
if (filter && (proc->ipc_trace & TRACE_DENY))
mon_type |= MONITOR_DENY;
@ -125,8 +124,7 @@ _FX NTSTATUS Syscall_DeviceIoControlFile(
if (mon_type) {
WCHAR msg_str[24];
swprintf(msg_str, L"Func: %02X", (ULONG)function);
const WCHAR* strings[3] = { L"\\Device\\DeviceApi\\CMApi", msg_str, NULL };
Session_MonitorPutEx(mon_type, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
Log_Debug_Msg(mon_type, L"\\Device\\DeviceApi\\CMApi", msg_str);
}
}

2
Sandboxie/core/drv/gui_xp.c
View File

@ -1326,7 +1326,7 @@ _FX ULONG_PTR Gui_NtUserPostThreadMessage(
proc->pool, idProcess, &nbuf, &nlen, &nptr);
if (nbuf) {
USHORT mon_type = MONITOR_WINCLASS;
ULONG mon_type = MONITOR_WINCLASS;
if (NT_SUCCESS(status))
mon_type |= MONITOR_OPEN;
else

112
Sandboxie/core/drv/ipc.c
View File

@ -61,7 +61,7 @@ static NTSTATUS Ipc_CheckJobObject(
PROCESS *proc, void *Object, UNICODE_STRING *Name,
ACCESS_MASK GrantedAccess);
static NTSTATUS Ipc_CheckObjectName(HANDLE handle);
static NTSTATUS Ipc_CheckObjectName(HANDLE handle, KPROCESSOR_MODE mode);
//---------------------------------------------------------------------------
@ -204,16 +204,13 @@ _FX BOOLEAN Ipc_Init(void)
Api_SetFunction(API_GET_DYNAMIC_PORT_FROM_PID, Ipc_Api_GetDynamicPortFromPid);
Api_SetFunction(API_OPEN_DYNAMIC_PORT, Ipc_Api_OpenDynamicPort);
//
// prepare dynamic ports
if (!Mem_GetLockResource(&Ipc_Dynamic_Ports[WPAD_PORT].pPortLock, TRUE)
|| !Mem_GetLockResource(&Ipc_Dynamic_Ports[SMART_CARD_PORT].pPortLock, TRUE)
|| !Mem_GetLockResource(&Ipc_Dynamic_Ports[BT_PORT].pPortLock, TRUE)
|| !Mem_GetLockResource(&Ipc_Dynamic_Ports[SSDP_PORT].pPortLock, TRUE)
// since Windows 8
|| !Mem_GetLockResource(&Ipc_Dynamic_Ports[SPOOLER_PORT].pPortLock, TRUE)
// since Windows 10
|| !Mem_GetLockResource(&Ipc_Dynamic_Ports[GAME_CONFIG_STORE_PORT].pPortLock, TRUE)
) return FALSE;
//
if (!Mem_GetLockResource(&Ipc_Dynamic_Ports.pPortLock, TRUE))
return FALSE;
List_Init(&Ipc_Dynamic_Ports.Ports);
//
// finish
@ -877,29 +874,27 @@ _FX NTSTATUS Ipc_CheckGenericObject(
else if (!is_open && !is_closed)
{
int i;
for (i = 0; i < NUM_DYNAMIC_PORTS; i++)
{
if (Ipc_Dynamic_Ports[i].pPortLock)
if (Ipc_Dynamic_Ports.pPortLock)
{
KeEnterCriticalRegion();
ExAcquireResourceSharedLite(Ipc_Dynamic_Ports[i].pPortLock, TRUE);
ExAcquireResourceSharedLite(Ipc_Dynamic_Ports.pPortLock, TRUE);
if (*Ipc_Dynamic_Ports[i].wstrPortName
&& (Name->Length >= 32 * sizeof(WCHAR))
&& _wcsicmp(Name->Buffer, Ipc_Dynamic_Ports[i].wstrPortName) == 0)
IPC_DYNAMIC_PORT* port = List_Head(&Ipc_Dynamic_Ports.Ports);
while (port)
{
if (_wcsicmp(Name->Buffer, port->wstrPortName) == 0)
{
// dynamic version of RPC ports, see also ipc_spl.c
// and RpcBindingFromStringBindingW in core/dll/rpcrt.c
is_open = TRUE;
}
ExReleaseResourceLite(Ipc_Dynamic_Ports[i].pPortLock);
KeLeaveCriticalRegion();
if (is_open)
break;
}
port = List_Next(port);
}
ExReleaseResourceLite(Ipc_Dynamic_Ports.pPortLock);
KeLeaveCriticalRegion();
}
}
@ -939,7 +934,7 @@ _FX NTSTATUS Ipc_CheckGenericObject(
if (letter) {
USHORT mon_type = MONITOR_IPC;
ULONG mon_type = MONITOR_IPC;
if (!IsBoxedPath) {
if (NT_SUCCESS(status))
mon_type |= MONITOR_OPEN;
@ -954,7 +949,7 @@ _FX NTSTATUS Ipc_CheckGenericObject(
else if (Session_MonitorCount) {
USHORT mon_type = MONITOR_IPC;
ULONG mon_type = MONITOR_IPC;
WCHAR *mon_name = Name->Buffer;
if (IsBoxedPath)
mon_name += proc->box->ipc_path_len / sizeof(WCHAR) - 1;
@ -1031,7 +1026,7 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
HANDLE SourceHandle;
HANDLE TargetProcessHandle;
HANDLE *TargetHandle;
HANDLE TargetHandleValue;
HANDLE TestHandle;
ULONG DesiredAccess;
ULONG HandleAttributes;
ULONG Options;
@ -1148,15 +1143,7 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
if (IS_ARG_CURRENT_PROCESS(SourceProcessHandle)) {
status = Ipc_CheckObjectName(SourceHandle);
if (NT_SUCCESS(status)) {
status = NtDuplicateObject(
SourceProcessHandle, SourceHandle,
TargetProcessHandle, TargetHandle,
DesiredAccess, HandleAttributes, Options);
}
status = Ipc_CheckObjectName(SourceHandle, UserMode);
//
// if the source handle is in another process, we have to duplicate
@ -1166,37 +1153,39 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
} else if (IS_ARG_CURRENT_PROCESS(TargetProcessHandle)) {
status = NtDuplicateObject(
//
// we duplicate the handle into kernel space such that that user
// wont be able to grab it while we are evaluaiting it
//
status = ZwDuplicateObject(
SourceProcessHandle, SourceHandle,
TargetProcessHandle, &TargetHandleValue,
TargetProcessHandle, &TestHandle,
DesiredAccess, HandleAttributes,
Options & ~DUPLICATE_CLOSE_SOURCE);
if (NT_SUCCESS(status)) {
status = Ipc_CheckObjectName(TargetHandleValue);
status = Ipc_CheckObjectName(TestHandle, KernelMode);
if (! NT_SUCCESS(status))
NtClose(TargetHandleValue);
ZwClose(TestHandle);
}
if (NT_SUCCESS(status) && (Options & DUPLICATE_CLOSE_SOURCE)) {
NtClose(TargetHandleValue);
status = NtDuplicateObject(
SourceProcessHandle, SourceHandle,
TargetProcessHandle, &TargetHandleValue,
DesiredAccess, HandleAttributes, Options);
}
*TargetHandle = NULL;
if (NT_SUCCESS(status))
*TargetHandle = TargetHandleValue;
} else
status = STATUS_INVALID_HANDLE;
//
// if all checks were passed duplicate the handle
//
if (NT_SUCCESS(status)) {
status = NtDuplicateObject(
SourceProcessHandle, SourceHandle,
TargetProcessHandle, TargetHandle,
DesiredAccess, HandleAttributes, Options);
}
//
// end exception block and close OtherProcessHandle
//
@ -1216,7 +1205,7 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
//---------------------------------------------------------------------------
_FX NTSTATUS Ipc_CheckObjectName(HANDLE handle)
_FX NTSTATUS Ipc_CheckObjectName(HANDLE handle, KPROCESSOR_MODE mode)
{
NTSTATUS status;
OBJECT_TYPE *object;
@ -1224,7 +1213,7 @@ _FX NTSTATUS Ipc_CheckObjectName(HANDLE handle)
WCHAR *TypeBuffer;
status = ObReferenceObjectByHandle(
handle, 0, NULL, UserMode, &object, NULL);
handle, 0, NULL, mode, &object, NULL);
if (! NT_SUCCESS(status))
return status;
@ -1646,11 +1635,6 @@ _FX NTSTATUS Ipc_Api_QuerySymbolicLink(PROCESS *proc, ULONG64 *parms)
_FX void Ipc_Unload(void)
{
int i;
for (i = 0; i < NUM_DYNAMIC_PORTS; i++)
{
if (Ipc_Dynamic_Ports[i].pPortLock)
Mem_FreeLockResource(&Ipc_Dynamic_Ports[i].pPortLock);
}
if (Ipc_Dynamic_Ports.pPortLock)
Mem_FreeLockResource(&Ipc_Dynamic_Ports.pPortLock);
}

13
Sandboxie/core/drv/ipc.h
View File

@ -29,13 +29,22 @@
#include "syscall.h"
typedef struct _IPC_DYNAMIC_PORT {
LIST_ELEM list_elem;
WCHAR wstrPortId[DYNAMIC_PORT_ID_CHARS];
WCHAR wstrPortName[DYNAMIC_PORT_NAME_CHARS];
} IPC_DYNAMIC_PORT;
typedef struct _IPC_DYNAMIC_PORTS {
PERESOURCE pPortLock;
WCHAR wstrPortName[DYNAMIC_PORT_NAME_CHARS];
LIST Ports;
IPC_DYNAMIC_PORT* pSpoolerPort;
} IPC_DYNAMIC_PORTS;
extern IPC_DYNAMIC_PORTS Ipc_Dynamic_Ports[];
extern IPC_DYNAMIC_PORTS Ipc_Dynamic_Ports;
//---------------------------------------------------------------------------

5
Sandboxie/core/drv/ipc_lsa.c
View File

@ -330,7 +330,7 @@ _FX BOOLEAN Ipc_Filter_Lsa_Ep_Msg(PROCESS* proc, UCHAR uMsg)
if (Session_MonitorCount && (proc->ipc_trace & (TRACE_ALLOW | TRACE_DENY))) {
USHORT mon_type = MONITOR_IPC;
ULONG mon_type = MONITOR_IPC;
if (filter && (proc->ipc_trace & TRACE_DENY))
mon_type |= MONITOR_DENY;
@ -342,8 +342,7 @@ _FX BOOLEAN Ipc_Filter_Lsa_Ep_Msg(PROCESS* proc, UCHAR uMsg)
if (mon_type) {
WCHAR msg_str[24];
swprintf(msg_str, L"Msg: %02X", (ULONG)uMsg);
const WCHAR* strings[3] = { L"\\RPC Control\\LSARPC_ENDPOINT", msg_str, NULL };
Session_MonitorPutEx(mon_type, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
Log_Debug_Msg(mon_type, L"\\RPC Control\\LSARPC_ENDPOINT", msg_str);
}
}

58
Sandboxie/core/drv/ipc_port.c
View File

@ -142,7 +142,7 @@ static NTSTATUS Ipc_Api_GetRpcPortName_2(
//---------------------------------------------------------------------------
IPC_DYNAMIC_PORTS Ipc_Dynamic_Ports[NUM_DYNAMIC_PORTS];
IPC_DYNAMIC_PORTS Ipc_Dynamic_Ports;
static const WCHAR* _rpc_control = L"\\RPC Control";
@ -257,8 +257,7 @@ _FX NTSTATUS Ipc_CheckPortRequest(
{
WCHAR msg_str[256];
swprintf(msg_str, L"CheckPortRequest, Status <%08X> on Port <%*.*s>\n", status, Name->Name.Length / sizeof(WCHAR), Name->Name.Length / sizeof(WCHAR), Name->Name.Buffer);
const WCHAR* strings[2] = { msg_str, NULL };
Session_MonitorPutEx(MONITOR_IPC, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
Log_Debug_Msg(MONITOR_IPC, msg_str, NULL);
}*/
//
@ -587,7 +586,7 @@ _FX NTSTATUS Ipc_AlpcSendWaitReceivePort(
// Param 1 is dynamic port name (e.g. "\RPC Control\LRPC-f760d5b40689a98168"), WCHAR[DYNAMIC_PORT_NAME_CHARS]
// Param 2 is the process PID for which to open the port, can be 0 when port is special
// Param 3 is the port type/identifier, can be -1 indicating non special port
// Param 3 is the port type/identifier
_FX NTSTATUS Ipc_Api_OpenDynamicPort(PROCESS* proc, ULONG64* parms)
{
@ -595,6 +594,7 @@ _FX NTSTATUS Ipc_Api_OpenDynamicPort(PROCESS* proc, ULONG64* parms)
//KIRQL irql;
API_OPEN_DYNAMIC_PORT_ARGS* pArgs = (API_OPEN_DYNAMIC_PORT_ARGS*)parms;
WCHAR portName[DYNAMIC_PORT_NAME_CHARS];
WCHAR portId[DYNAMIC_PORT_ID_CHARS];
if (proc) // is caller sandboxed?
return STATUS_ACCESS_DENIED;
@ -602,21 +602,18 @@ _FX NTSTATUS Ipc_Api_OpenDynamicPort(PROCESS* proc, ULONG64* parms)
//if (PsGetCurrentProcessId() != Api_ServiceProcessId)
// return STATUS_ACCESS_DENIED;
ENUM_DYNAMIC_PORT_TYPE ePortType = NUM_DYNAMIC_PORTS;
//if (pArgs->port_type.val == -1)
// ePortType = NUM_DYNAMIC_PORTS;
//else
if (pArgs->port_type.val <= NUM_DYNAMIC_PORTS)
ePortType = (ENUM_DYNAMIC_PORT_TYPE)pArgs->port_type.val;
//else
// return STATUS_INVALID_PARAMETER;
if (pArgs->port_name.val == NULL)
return STATUS_INVALID_PARAMETER;
try {
ProbeForRead(pArgs->port_name.val, sizeof(WCHAR) * DYNAMIC_PORT_NAME_CHARS, sizeof(WCHAR));
wmemcpy(portName, pArgs->port_name.val, DYNAMIC_PORT_NAME_CHARS - 1);
portName[DYNAMIC_PORT_NAME_CHARS - 1] = L'\0';
if (pArgs->port_id.val == NULL)
__leave;
ProbeForRead(pArgs->port_id.val, sizeof(WCHAR) * DYNAMIC_PORT_ID_CHARS, sizeof(WCHAR));
wmemcpy(portId, pArgs->port_id.val, DYNAMIC_PORT_ID_CHARS - 1);
portId[DYNAMIC_PORT_ID_CHARS - 1] = L'\0';
}
__except (EXCEPTION_EXECUTE_HANDLER) {
status = GetExceptionCode();
@ -628,14 +625,41 @@ _FX NTSTATUS Ipc_Api_OpenDynamicPort(PROCESS* proc, ULONG64* parms)
// When this is a special port save it our global Ipc_Dynamic_Ports structure
//
if (ePortType != NUM_DYNAMIC_PORTS && Ipc_Dynamic_Ports[ePortType].pPortLock)
if (pArgs->port_id.val != NULL && Ipc_Dynamic_Ports.pPortLock)
{
KeEnterCriticalRegion();
ExAcquireResourceExclusiveLite(Ipc_Dynamic_Ports[ePortType].pPortLock, TRUE);
ExAcquireResourceExclusiveLite(Ipc_Dynamic_Ports.pPortLock, TRUE);
wmemcpy(Ipc_Dynamic_Ports[ePortType].wstrPortName, portName, DYNAMIC_PORT_NAME_CHARS);
IPC_DYNAMIC_PORT* port = List_Head(&Ipc_Dynamic_Ports.Ports);
while (port)
{
if (_wcsicmp(portId, port->wstrPortId) == 0)
{
wmemcpy(port->wstrPortName, portName, DYNAMIC_PORT_NAME_CHARS);
break;
}
ExReleaseResourceLite(Ipc_Dynamic_Ports[ePortType].pPortLock);
port = List_Next(port);
}
if (port == NULL)
{
port = Mem_AllocEx(Driver_Pool, sizeof(IPC_DYNAMIC_PORT), TRUE);
if (!port)
Log_Msg0(MSG_1104);
else
{
wmemcpy(port->wstrPortId, portId, DYNAMIC_PORT_ID_CHARS);
wmemcpy(port->wstrPortName, portName, DYNAMIC_PORT_NAME_CHARS);
if (_wcsicmp(port->wstrPortId, L"spooler") == 0)
Ipc_Dynamic_Ports.pSpoolerPort = port;
List_Insert_After(&Ipc_Dynamic_Ports.Ports, NULL, port);
}
}
ExReleaseResourceLite(Ipc_Dynamic_Ports.pPortLock);
KeLeaveCriticalRegion();
}

5
Sandboxie/core/drv/ipc_sam.c
View File

@ -169,7 +169,7 @@ _FX BOOLEAN Ipc_Filter_Sam_Msg(PROCESS* proc, UCHAR uMsg)
if (Session_MonitorCount && (proc->ipc_trace & (TRACE_ALLOW | TRACE_DENY))) {
USHORT mon_type = MONITOR_IPC;
ULONG mon_type = MONITOR_IPC;
if (filter && (proc->ipc_trace & TRACE_DENY))
mon_type |= MONITOR_DENY;
@ -181,8 +181,7 @@ _FX BOOLEAN Ipc_Filter_Sam_Msg(PROCESS* proc, UCHAR uMsg)
if (mon_type) {
WCHAR msg_str[24];
swprintf(msg_str, L"Msg: %02X", (ULONG)uMsg);
const WCHAR* strings[3] = { L"\\RPC Control\\samss lpc", msg_str, NULL };
Session_MonitorPutEx(mon_type, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
Log_Debug_Msg(mon_type, L"\\RPC Control\\samss lpc", msg_str);
}
}

14
Sandboxie/core/drv/ipc_spl.c
View File

@ -82,19 +82,20 @@ _FX NTSTATUS Ipc_CheckPortRequest_SpoolerPort(
BOOLEAN is_spooler = FALSE;
if (Ipc_Dynamic_Ports[SPOOLER_PORT].pPortLock)
if (Ipc_Dynamic_Ports.pPortLock)
{
KeEnterCriticalRegion();
ExAcquireResourceSharedLite(Ipc_Dynamic_Ports[SPOOLER_PORT].pPortLock, TRUE);
ExAcquireResourceSharedLite(Ipc_Dynamic_Ports.pPortLock, TRUE);
if (_wcsicmp(Name->Name.Buffer, Ipc_Dynamic_Ports[SPOOLER_PORT].wstrPortName) == 0)
if (Ipc_Dynamic_Ports.pSpoolerPort
&& _wcsicmp(Name->Name.Buffer, Ipc_Dynamic_Ports.pSpoolerPort->wstrPortName) == 0)
{
// dynamic version of RPC ports, see also ipc_spl.c
// and RpcBindingFromStringBindingW in core/dll/rpcrt.c
is_spooler = TRUE;
}
ExReleaseResourceLite(Ipc_Dynamic_Ports[SPOOLER_PORT].pPortLock);
ExReleaseResourceLite(Ipc_Dynamic_Ports.pPortLock);
KeLeaveCriticalRegion();
}
@ -299,7 +300,7 @@ _FX BOOLEAN Ipc_Filter_Spooler_Msg(PROCESS* proc, UCHAR uMsg)
if (Session_MonitorCount && (proc->ipc_trace & (TRACE_ALLOW | TRACE_DENY))) {
USHORT mon_type = MONITOR_IPC;
ULONG mon_type = MONITOR_IPC;
if (filter && (proc->ipc_trace & TRACE_DENY))
mon_type |= MONITOR_DENY;
@ -311,8 +312,7 @@ _FX BOOLEAN Ipc_Filter_Spooler_Msg(PROCESS* proc, UCHAR uMsg)
if (mon_type) {
WCHAR msg_str[24];
swprintf(msg_str, L"Msg: %02X", (ULONG)uMsg);
const WCHAR* strings[3] = { L"\\RPC Control\\spoolss", msg_str, NULL };
Session_MonitorPutEx(mon_type, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
Log_Debug_Msg(mon_type, L"\\RPC Control\\spoolss", msg_str);
}
}

2
Sandboxie/core/drv/key.c
View File

@ -464,7 +464,7 @@ _FX NTSTATUS Key_MyParseProc_2(OBJ_PARSE_PROC_ARGS_2)
if (letter) {
USHORT mon_type = MONITOR_KEY;
ULONG mon_type = MONITOR_KEY;
if (!IsBoxedPath) {
if (ShouldMonitorAccess == TRUE)
mon_type |= MONITOR_DENY;

4
Sandboxie/core/drv/log.c
View File

@ -330,13 +330,13 @@ _FX void Log_Status_Ex_Process(
//---------------------------------------------------------------------------
_FX void Log_Debug_Msg(USHORT type, const WCHAR *string1, const WCHAR *string2)
_FX void Log_Debug_Msg(ULONG type, const WCHAR *string1, const WCHAR *string2)
{
//DbgPrint("(%06d) SBIE %S %S\n",
// PsGetCurrentProcessId(), string1, string2);
if (Session_MonitorCount) {
const WCHAR* strings[4] = { string1, L" ", string2, NULL };
const WCHAR* strings[4] = { string1, string2 ? L" " : NULL, string2, NULL };
Session_MonitorPutEx(type, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
}
}

2
Sandboxie/core/drv/log.h
View File

@ -172,7 +172,7 @@ void Log_Status_Ex_Process(
#define Log_Status(error_code,error_subcode,ntstatus) \
Log_Status_Ex(error_code, error_subcode, ntstatus, NULL)
void Log_Debug_Msg(USHORT type, const WCHAR *string1, const WCHAR *string2);
void Log_Debug_Msg(ULONG type, const WCHAR *string1, const WCHAR *string2);
//---------------------------------------------------------------------------

175
Sandboxie/core/drv/session.c
View File

@ -104,11 +104,11 @@ static NTSTATUS Session_Api_DisableForce(PROCESS *proc, ULONG64 *parms);
static NTSTATUS Session_Api_MonitorControl(PROCESS *proc, ULONG64 *parms);
static NTSTATUS Session_Api_MonitorPut(PROCESS *proc, ULONG64 *parms);
//static NTSTATUS Session_Api_MonitorPut(PROCESS *proc, ULONG64 *parms);
static NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms);
static NTSTATUS Session_Api_MonitorGet(PROCESS *proc, ULONG64 *parms);
//static NTSTATUS Session_Api_MonitorGet(PROCESS *proc, ULONG64 *parms);
static NTSTATUS Session_Api_MonitorGetEx(PROCESS *proc, ULONG64 *parms);
@ -149,9 +149,9 @@ _FX BOOLEAN Session_Init(void)
Api_SetFunction(API_SESSION_LEADER, Session_Api_Leader);
Api_SetFunction(API_DISABLE_FORCE_PROCESS, Session_Api_DisableForce);
Api_SetFunction(API_MONITOR_CONTROL, Session_Api_MonitorControl);
Api_SetFunction(API_MONITOR_PUT, Session_Api_MonitorPut);
//Api_SetFunction(API_MONITOR_PUT, Session_Api_MonitorPut);
Api_SetFunction(API_MONITOR_PUT2, Session_Api_MonitorPut2);
Api_SetFunction(API_MONITOR_GET, Session_Api_MonitorGet);
//Api_SetFunction(API_MONITOR_GET, Session_Api_MonitorGet);
Api_SetFunction(API_MONITOR_GET_EX, Session_Api_MonitorGetEx);
//
@ -577,7 +577,7 @@ _FX BOOLEAN Session_IsForceDisabled(ULONG SessionId)
//---------------------------------------------------------------------------
_FX void Session_MonitorPut(USHORT type, const WCHAR *name, HANDLE pid)
_FX void Session_MonitorPut(ULONG type, const WCHAR *name, HANDLE pid)
{
const WCHAR* strings[2] = { name, NULL };
Session_MonitorPutEx(type, strings, NULL, pid, PsGetCurrentThreadId());
@ -589,7 +589,7 @@ _FX void Session_MonitorPut(USHORT type, const WCHAR *name, HANDLE pid)
//---------------------------------------------------------------------------
_FX void Session_MonitorPutEx(USHORT type, const WCHAR** strings, ULONG* lengths, HANDLE pid, HANDLE tid)
_FX void Session_MonitorPutEx(ULONG type, const WCHAR** strings, ULONG* lengths, HANDLE hpid, HANDLE htid)
{
SESSION *session;
KIRQL irql;
@ -600,21 +600,22 @@ _FX void Session_MonitorPutEx(USHORT type, const WCHAR** strings, ULONG* lengths
if (session->monitor_log && *strings[0]) {
ULONG64 pid64 = (ULONG64)pid;
ULONG64 tid64 = (ULONG64)tid;
ULONG pid = (ULONG)hpid;
ULONG tid = (ULONG)htid;
SIZE_T data_len = 0;
for(int i=0; strings[i] != NULL; i++)
data_len += (lengths ? lengths [i] : wcslen(strings[i])) * sizeof(WCHAR);
//[Type 2][PID 8][TID 8][Data n*2]
SIZE_T entry_size = 2 + 8 + 8 + data_len;
//[Type 4][PID 4][TID 4][Data n*2]
SIZE_T entry_size = 4 + 4 + 4 + data_len;
CHAR* write_ptr = log_buffer_push_entry((LOG_BUFFER_SIZE_T)entry_size, session->monitor_log);
if (write_ptr) {
log_buffer_push_bytes((CHAR*)&type, 2, &write_ptr, session->monitor_log);
log_buffer_push_bytes((CHAR*)&pid64, 8, &write_ptr, session->monitor_log);
log_buffer_push_bytes((CHAR*)&tid64, 8, &write_ptr, session->monitor_log);
log_buffer_push_bytes((CHAR*)&type, 4, &write_ptr, session->monitor_log);
log_buffer_push_bytes((CHAR*)&pid, 4, &write_ptr, session->monitor_log);
log_buffer_push_bytes((CHAR*)&tid, 4, &write_ptr, session->monitor_log);
// join strings seamlessly
for (int i = 0; strings[i] != NULL; i++)
@ -729,13 +730,14 @@ _FX NTSTATUS Session_Api_MonitorControl(PROCESS *proc, ULONG64 *parms)
//---------------------------------------------------------------------------
_FX NTSTATUS Session_Api_MonitorPut(PROCESS *proc, ULONG64 *parms)
{
API_MONITOR_GET_PUT_ARGS *args = (API_MONITOR_GET_PUT_ARGS *)parms;
API_MONITOR_PUT2_ARGS args2 = { args->func_code, args->log_type.val64, args->log_len.val64, args->log_ptr.val64, TRUE };
//_FX NTSTATUS Session_Api_MonitorPut(PROCESS *proc, ULONG64 *parms)
//{
// API_MONITOR_GET_PUT_ARGS *args = (API_MONITOR_GET_PUT_ARGS *)parms;
// API_MONITOR_PUT2_ARGS args2 = { args->func_code, args->log_type.val64, args->log_len.val64, args->log_ptr.val64, TRUE, 0 };
//
// return Session_Api_MonitorPut2(proc, (ULONG64*)&args2);
//}
return Session_Api_MonitorPut2(proc, (ULONG64*)&args2);
}
//---------------------------------------------------------------------------
// Session_Api_MonitorPut
@ -745,12 +747,11 @@ _FX NTSTATUS Session_Api_MonitorPut(PROCESS *proc, ULONG64 *parms)
_FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
{
API_MONITOR_PUT2_ARGS *args = (API_MONITOR_PUT2_ARGS *)parms;
USHORT *log_type;
ULONG log_type;
WCHAR *log_data;
WCHAR *name;
NTSTATUS status;
ULONG log_len;
USHORT type;
if (! proc)
return STATUS_NOT_IMPLEMENTED;
@ -759,20 +760,31 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
return STATUS_SUCCESS;
log_type = args->log_type.val;
ProbeForRead(log_type, sizeof(USHORT), sizeof(USHORT));
type = *log_type;
if (! type)
if (!log_type)
return STATUS_INVALID_PARAMETER;
log_len = args->log_len.val / sizeof(WCHAR);
if (!log_len)
return STATUS_INVALID_PARAMETER;
if (log_len > 1024) // truncate as we only have 1028 in buffer
log_len = 1024;
log_data = args->log_ptr.val;
ProbeForRead(log_data, log_len * sizeof(WCHAR), sizeof(WCHAR));
name = Mem_Alloc(proc->pool, 1028 * sizeof(WCHAR)); // todo: should we increase this ?
//
// if we dont need to check_object_exists we can use a shortcut
//
if (!args->check_object_exists.val64){
const WCHAR* strings[2] = { log_data, NULL };
ULONG lengths[2] = { log_len, 0 };
Session_MonitorPutEx(log_type | MONITOR_USER, strings, lengths, proc->pid, PsGetCurrentThreadId());
return STATUS_SUCCESS;
}
const ULONG max_buff = 2048;
if (log_len > max_buff) // truncate as we only have 1028 in buffer
log_len = max_buff;
name = Mem_Alloc(proc->pool, (max_buff + 4) * sizeof(WCHAR)); // todo: should we increase this ?
if (! name)
return STATUS_INSUFFICIENT_RESOURCES;
@ -788,7 +800,7 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
status = STATUS_SUCCESS;
if (args->check_object_exists.val64 && ((type & MONITOR_TRACE) == 0)) { // do not check objects if this is a trace entry
if (args->check_object_exists.val64 && ((log_type & MONITOR_TRACE) == 0)) { // do not check objects if this is a trace entry
UNICODE_STRING objname;
void* object = NULL;
@ -798,7 +810,7 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
// to get the name assigned to it at time of creation
//
if ((type & 0xFFF) == MONITOR_IPC) {
if ((log_type & MONITOR_TYPE_MASK) == MONITOR_IPC) {
ULONG i;
@ -827,7 +839,7 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
// to get the name assigned to it at time of creation
//
if ((type & 0xFFF) == MONITOR_PIPE) {
if ((log_type & MONITOR_TYPE_MASK) == MONITOR_PIPE) {
OBJECT_ATTRIBUTES objattrs;
IO_STATUS_BLOCK IoStatusBlock;
@ -884,8 +896,8 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
if (NT_SUCCESS(status)) {
log_len = Name->Name.Length / sizeof(WCHAR);
if (log_len > 1024) // truncate as we only have 1028 in buffer
log_len = 1024;
if (log_len > max_buff) // truncate as we only have 1028 in buffer
log_len = max_buff;
wmemcpy(name, Name->Name.Buffer, log_len);
name[log_len] = L'\0';
@ -917,10 +929,11 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
name[1] = L'\0';
}
Session_MonitorPut(type | MONITOR_USER, name, proc->pid);
const WCHAR* strings[2] = { name, NULL };
Session_MonitorPutEx(log_type | MONITOR_USER, strings, NULL, proc->pid, PsGetCurrentThreadId());
}
Mem_Free(name, 260 * sizeof(WCHAR));
Mem_Free(name, (max_buff + 4) * sizeof(WCHAR));
return STATUS_SUCCESS;
}
@ -930,13 +943,13 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
// Session_Api_MonitorGet
//---------------------------------------------------------------------------
_FX NTSTATUS Session_Api_MonitorGet(PROCESS *proc, ULONG64 *parms)
{
API_MONITOR_GET_PUT_ARGS *args = (API_MONITOR_GET_PUT_ARGS *)parms;
API_MONITOR_GET_EX_ARGS args2 = { args->func_code, 0, args->log_type.val64, 0, args->log_len.val64, args->log_ptr.val64 };
return Session_Api_MonitorGetEx(proc, (ULONG64*)&args2);
}
//_FX NTSTATUS Session_Api_MonitorGet(PROCESS *proc, ULONG64 *parms)
//{
// API_MONITOR_GET_PUT_ARGS *args = (API_MONITOR_GET_PUT_ARGS *)parms;
// API_MONITOR_GET_EX_ARGS args2 = { args->func_code, 0, args->log_type.val64, 0, args->log_len.val64, args->log_ptr.val64 };
//
// return Session_Api_MonitorGetEx(proc, (ULONG64*)&args2);
//}
//---------------------------------------------------------------------------
// Session_Api_MonitorGetEx
@ -947,11 +960,11 @@ _FX NTSTATUS Session_Api_MonitorGetEx(PROCESS *proc, ULONG64 *parms)
API_MONITOR_GET_EX_ARGS* args = (API_MONITOR_GET_EX_ARGS*)parms;
NTSTATUS status;
ULONG* seq_num;
USHORT *log_type;
ULONG64 *log_pid;
ULONG64* log_tid;
ULONG log_len;
WCHAR *log_data;
ULONG* log_type;
ULONG* log_pid;
ULONG* log_tid;
UNICODE_STRING64* log_data;
WCHAR* log_buffer;
SESSION* session;
KIRQL irql;
@ -965,26 +978,31 @@ _FX NTSTATUS Session_Api_MonitorGetEx(PROCESS *proc, ULONG64 *parms)
}
log_type = args->log_type.val;
ProbeForWrite(log_type, sizeof(USHORT), sizeof(USHORT));
ProbeForWrite(log_type, sizeof(ULONG), sizeof(ULONG));
*log_type = 0;
log_pid = args->log_pid.val;
if (log_pid != NULL)
ProbeForWrite(log_pid, sizeof(ULONG64), sizeof(ULONG64));
if (log_pid != NULL) {
ProbeForWrite(log_pid, sizeof(ULONG), sizeof(ULONG));
*log_pid = 0;
}
log_tid = args->log_tid.val;
if (log_tid != NULL)
ProbeForWrite(log_tid, sizeof(ULONG64), sizeof(ULONG64));
if (log_tid != NULL) {
ProbeForWrite(log_tid, sizeof(ULONG), sizeof(ULONG));
*log_tid = 0;
}
log_len = args->log_len.val / sizeof(WCHAR);
if (!log_len)
log_data = args->log_data.val;
if (!log_data)
return STATUS_INVALID_PARAMETER;
ProbeForRead(log_data, sizeof(UNICODE_STRING64), sizeof(ULONG));
ProbeForWrite(log_data, sizeof(UNICODE_STRING64), sizeof(ULONG));
log_buffer = (WCHAR*)log_data->Buffer;
if (!log_buffer)
return STATUS_INVALID_PARAMETER;
log_data = args->log_ptr.val;
ProbeForWrite(log_data, log_len * sizeof(WCHAR), sizeof(WCHAR));
*log_type = 0;
if (log_pid != NULL)
*log_pid = 0;
*log_data = L'\0';
status = STATUS_SUCCESS;
session = Session_Get(FALSE, -1, &irql);
@ -1021,36 +1039,41 @@ _FX NTSTATUS Session_Api_MonitorGetEx(PROCESS *proc, ULONG64 *parms)
// __leave;
//}
//[Type 2][PID 8][PID 8][Data n*2]
//[Type 4][PID 4][TID 4][Data n*2]
log_buffer_get_bytes((CHAR*)log_type, 2, &read_ptr, session->monitor_log);
log_buffer_get_bytes((CHAR*)log_type, 4, &read_ptr, session->monitor_log);
ULONG64 pid64;
log_buffer_get_bytes((CHAR*)&pid64, 8, &read_ptr, session->monitor_log);
ULONG pid;
log_buffer_get_bytes((CHAR*)&pid, 4, &read_ptr, session->monitor_log);
if (log_pid != NULL)
*log_pid = pid64;
*log_pid = pid;
ULONG64 tid64;
log_buffer_get_bytes((CHAR*)&tid64, 8, &read_ptr, session->monitor_log);
ULONG tid;
log_buffer_get_bytes((CHAR*)&tid, 4, &read_ptr, session->monitor_log);
if (log_tid != NULL)
*log_tid = tid64;
*log_tid = tid;
ULONG data_len = (entry_size - (2 + 8 + 8)) / sizeof(WCHAR);
log_len -= 1; // reserve room for the termination character
if (log_len > data_len)
log_len = data_len;
log_buffer_get_bytes((CHAR*)log_data, log_len * sizeof(WCHAR), &read_ptr, session->monitor_log);
ULONG data_size = (entry_size - (4 + 4 + 4));
if ((USHORT)data_size > (log_data->MaximumLength - 1))
{
data_size = (log_data->MaximumLength - 1);
status = STATUS_BUFFER_TOO_SMALL;
}
log_data->Length = (USHORT)data_size;
ProbeForWrite(log_buffer, data_size + 1, sizeof(WCHAR));
memcpy(log_buffer, read_ptr, data_size);
log_buffer[data_size / sizeof(wchar_t)] = L'\0';
// add required termination character
log_data[log_len] = L'\0';
if (seq_num != NULL)
*seq_num = seq_number;
else // for compatibility with older versions we fall back to clearing the returned entry
log_buffer_pop_entry(session->monitor_log);
} __except (EXCEPTION_EXECUTE_HANDLER) {
}
__except (EXCEPTION_EXECUTE_HANDLER) {
status = GetExceptionCode();
}

4
Sandboxie/core/drv/session.h
View File

@ -42,9 +42,9 @@ void Session_Cancel(HANDLE ProcessId);
BOOLEAN Session_IsForceDisabled(ULONG SessionId);
void Session_MonitorPut(USHORT type, const WCHAR *name, HANDLE pid);
void Session_MonitorPut(ULONG type, const WCHAR *name, HANDLE pid);
void Session_MonitorPutEx(USHORT type, const WCHAR** strings, ULONG* lengths, HANDLE pid, HANDLE tid);
void Session_MonitorPutEx(ULONG type, const WCHAR** strings, ULONG* lengths, HANDLE pid, HANDLE tid);
//---------------------------------------------------------------------------

2
Sandboxie/core/drv/thread.c
View File

@ -1040,7 +1040,7 @@ _FX NTSTATUS Thread_CheckObject_Common(
Process_GetProcessName(proc->pool, pid, &nbuf, &nlen, &nptr);
if (nbuf) {
USHORT mon_type = MONITOR_IPC;
ULONG mon_type = MONITOR_IPC;
if (NT_SUCCESS(status))
mon_type |= MONITOR_OPEN;
else

61
Sandboxie/core/svc/EpMapperServer.cpp
View File

@ -75,35 +75,44 @@ MSG_HEADER *EpMapperServer::EpmapperGetPortNameHandler(MSG_HEADER *msg)
const WCHAR* wstrWPAD = L"WinHttpAutoProxySvc";
//const WCHAR* wstrBT = L"bthserv";
//const WCHAR* wstrSSDP = L"ssdpsrv";
RPC_IF_ID ifidGCS = { {0x88abcbc3, 0x34EA, 0x76AE, { 0x82, 0x15, 0x76, 0x75, 0x20, 0x65, 0x5A, 0x23 }}, 0, 0 };
RPC_IF_ID ifidSmartCard = { {0xC6B5235A, 0xE413, 0x481D, { 0x9A, 0xC8, 0x31, 0x68, 0x1B, 0x1F, 0xAA, 0xF5 }}, 1, 1 };
RPC_IF_ID ifidBluetooth = { {0x2ACB9D68, 0xB434, 0x4B3E, { 0xB9, 0x66, 0xE0, 0x6B, 0x4B, 0x3A, 0x84, 0xCB }}, 1, 0 };
RPC_IF_ID ifidSSDP = { {0x4B112204, 0x0E19, 0x11D3, { 0xB4, 0x2B, 0x00, 0x00, 0xF8, 0x1F, 0xEB, 0x9F }}, 1, 0 };
RPC_IF_ID ifidGCS = { {0x88abcbc3, 0x34EA, 0x76AE, { 0x82, 0x15, 0x76, 0x75, 0x20, 0x65, 0x5A, 0x23 }}, 0, 0 }; // {88ABCBC3-34EA-76AE-8215-767520655A23}
RPC_IF_ID ifidSmartCard = { {0xC6B5235A, 0xE413, 0x481D, { 0x9A, 0xC8, 0x31, 0x68, 0x1B, 0x1F, 0xAA, 0xF5 }}, 1, 1 }; // {C6B5235A-E413-481D-9AC8-31681B1FAAF5}
RPC_IF_ID ifidBluetooth = { {0x2ACB9D68, 0xB434, 0x4B3E, { 0xB9, 0x66, 0xE0, 0x6B, 0x4B, 0x3A, 0x84, 0xCB }}, 1, 0 }; // {2ACB9D68-B434-4B3E-B966-E06B4B3A84CB}
RPC_IF_ID ifidSSDP = { {0x4B112204, 0x0E19, 0x11D3, { 0xB4, 0x2B, 0x00, 0x00, 0xF8, 0x1F, 0xEB, 0x9F }}, 1, 0 }; // {4B112204-0E19-11D3-B42B-0000F81FEB9F}
RPC_IF_ID ifidRequest;
const WCHAR* pwszServiceName = NULL;
switch (req->portType)
{
case SPOOLER_PORT: if (SbieApi_QueryConfBool(boxname, L"ClosePrintSpooler", FALSE)) return SHORT_REPLY(E_ACCESSDENIED);
pwszServiceName = wstrSpooler; break;
case WPAD_PORT: pwszServiceName = wstrWPAD; break;
case BT_PORT: if (!SbieApi_QueryConfBool(boxname, L"OpenBluetooth", FALSE)) return SHORT_REPLY(E_ACCESSDENIED);
//pwszServiceName = wstrBT; break;
memcpy(&ifidRequest, &ifidBluetooth, sizeof(RPC_IF_ID)); break;
case SSDP_PORT: if (!SbieApi_QueryConfBool(boxname, L"OpenUPnP", FALSE)) return SHORT_REPLY(E_ACCESSDENIED);
//pwszServiceName = wstrSSDP; break;
memcpy(&ifidRequest, &ifidSSDP, sizeof(RPC_IF_ID)); break;
case GAME_CONFIG_STORE_PORT: memcpy(&ifidRequest, &ifidGCS, sizeof(RPC_IF_ID)); break;
case SMART_CARD_PORT: if (!SbieApi_QueryConfBool(boxname, L"OpenSmartCard", TRUE)) return SHORT_REPLY(E_ACCESSDENIED);
memcpy(&ifidRequest, &ifidSmartCard, sizeof(RPC_IF_ID)); break;
default: return SHORT_REPLY(E_INVALIDARG);
if (_wcsicmp(req->wszPortId, SPOOLER_PORT_ID) == 0) {
if (SbieApi_QueryConfBool(boxname, L"ClosePrintSpooler", FALSE))
return SHORT_REPLY(E_ACCESSDENIED);
pwszServiceName = wstrSpooler;
}
else if (_wcsicmp(req->wszPortId, WPAD_PORT_ID) == 0) {
pwszServiceName = wstrWPAD;
}
else if (_wcsicmp(req->wszPortId, BT_PORT_ID) == 0) {
if (!SbieApi_QueryConfBool(boxname, L"OpenBluetooth", FALSE))
return SHORT_REPLY(E_ACCESSDENIED);
//pwszServiceName = wstrBT;
memcpy(&ifidRequest, &ifidBluetooth, sizeof(RPC_IF_ID));
}
else if (_wcsicmp(req->wszPortId, SSDP_PORT_ID) == 0) {
if (!SbieApi_QueryConfBool(boxname, L"OpenUPnP", FALSE))
return SHORT_REPLY(E_ACCESSDENIED);
//pwszServiceName = wstrSSDP;
memcpy(&ifidRequest, &ifidSSDP, sizeof(RPC_IF_ID));
}
else if (_wcsicmp(req->wszPortId, GAME_CONFIG_STORE_PORT_ID) == 0) {
memcpy(&ifidRequest, &ifidGCS, sizeof(RPC_IF_ID));
}
else if (_wcsicmp(req->wszPortId, SMART_CARD_PORT_ID) == 0) {
if (!SbieApi_QueryConfBool(boxname, L"OpenSmartCard", TRUE))
return SHORT_REPLY(E_ACCESSDENIED);
memcpy(&ifidRequest, &ifidSmartCard, sizeof(RPC_IF_ID));
}
else
return SHORT_REPLY(E_INVALIDARG);
EPMAPPER_GET_PORT_NAME_RPL *rpl = (EPMAPPER_GET_PORT_NAME_RPL *)LONG_REPLY(sizeof(EPMAPPER_GET_PORT_NAME_RPL));
if (rpl == NULL)
@ -196,11 +205,11 @@ MSG_HEADER *EpMapperServer::EpmapperGetPortNameHandler(MSG_HEADER *msg)
// Param 1 is dynamic port name (e.g. "LRPC-f760d5b40689a98168"), WCHAR[DYNAMIC_PORT_NAME_CHARS]
// Param 2 is the process PID for which to open the port, can be 0 when port is special
// Param 3 is the port type/identifier, can be -1 indicating non special port
// Param 3 is the port type/identifier
rpl->h.status = SbieApi_CallThree(API_OPEN_DYNAMIC_PORT,
(ULONG_PTR)rpl->wszPortName,
(ULONG_PTR)0,
(ULONG_PTR)req->portType);
(ULONG_PTR)req->wszPortId);
}
return (MSG_HEADER *)rpl;

2
Sandboxie/core/svc/EpMapperWire.h
View File

@ -39,7 +39,7 @@
struct tagEPMAPPER_GET_PORT_NAME_REQ
{
MSG_HEADER h;
ULONG portType;
WCHAR wszPortId[DYNAMIC_PORT_ID_CHARS];
};
struct tagEPMAPPER_GET_PORT_NAME_RPL

2
Sandboxie/core/svc/serviceserver.h
View File

@ -59,6 +59,8 @@ private:
static bool CanAccessSCM(HANDLE idProcess);
static int RunServiceAsSystem(const WCHAR* svcname, const WCHAR* boxname);
static void ReportError2218(HANDLE idProcess, ULONG errlvl);
static WCHAR *BuildPathForStartExe(

49
Sandboxie/core/svc/serviceserver2.cpp
View File

@ -47,27 +47,40 @@ bool ServiceServer::CanCallerDoElevation(
WCHAR boxname[48];
WCHAR exename[99];
if (0 != SbieApi_QueryProcess(
idProcess, boxname, exename, NULL, pSessionId))
if (0 != SbieApi_QueryProcess(idProcess, boxname, exename, NULL, pSessionId))
return false;
bool DropRights = CheckDropRights(boxname);
if (ServiceName) {
if (!DropRights) {
bool SvcAsSystem = RunServiceAsSystem(ServiceName, boxname) == 1; // false for special case MSIServer, ret value 2
if (SvcAsSystem)
{
//
// If this service is to be started with a SYSTEM token,
// we check if the caller has the right to do so
//
if (!CanAccessSCM(idProcess))
if (!DropRights && !CanAccessSCM(idProcess))
DropRights = true;
}
else
{
//
// If admin permission emulation is active and this service will
// not be started with a system token allow it to be start
//
if (DropRights) {
if (DropRights && SbieApi_QueryConfBool(boxname, L"FakeAdminRights", FALSE))
DropRights = false;
//
// if this service is configured to be started on box initialization
// by SandboxieRpcSs.exe then allow it to be started
// by SandboxieRpcSs.exe allow it to be started
//
if (SbieDll_CheckStringInList(ServiceName, boxname, L"StartService"))
if (DropRights && SbieDll_CheckStringInList(ServiceName, boxname, L"StartService"))
DropRights = false;
}
}
@ -265,25 +278,25 @@ MSG_HEADER *ServiceServer::RunHandler(MSG_HEADER *msg, HANDLE idProcess)
//---------------------------------------------------------------------------
// ServiceServer__RunServiceAsSystem
// RunServiceAsSystem
//---------------------------------------------------------------------------
bool ServiceServer__RunServiceAsSystem(const WCHAR* svcname, const WCHAR* boxname)
int ServiceServer::RunServiceAsSystem(const WCHAR* svcname, const WCHAR* boxname)
{
// exception for MSIServer, see also core/drv/thread_token.c
if (svcname && _wcsicmp(svcname, L"MSIServer") == 0 && SbieApi_QueryConfBool(boxname, L"MsiInstallerExemptions", TRUE))
return 2;
// legacy behavioure option
if (SbieApi_QueryConfBool(boxname, L"RunServicesAsSystem", FALSE) == TRUE)
return true;
if (SbieApi_QueryConfBool(boxname, L"RunServicesAsSystem", FALSE))
return 1;
if (!svcname)
return false;
// exception for MSIServer, see also core/drv/thread_token.c
if (_wcsicmp(svcname, L"MSIServer") == 0)
return true;
return 0;
// check exception list
return SbieDll_CheckStringInList(svcname, boxname, L"RunServiceAsSystem");
return SbieDll_CheckStringInList(svcname, boxname, L"RunServiceAsSystem") ? 1 : 0;
}
@ -325,7 +338,7 @@ ULONG ServiceServer::RunHandler2(
if (ok) {
errlvl = 0x22;
if (ServiceServer__RunServiceAsSystem(svcname, boxname)) {
if (RunServiceAsSystem(svcname, boxname)) {
// use our system token
ok = OpenProcessToken(GetCurrentProcess(), TOKEN_RIGHTS, &hOldToken);
}

15
Sandboxie/install/Templates.ini
View File

@ -2883,3 +2883,18 @@ Tmpl.Entry=Norton Security | NS
[Template_FireFix_for_Win7]
[Template_FileCppy]
Tmpl.Title=#4295
Tmpl.Class=Misc
DontCopy=*.url
CopyEmpty=*\microsoft\windows\explorer\thumbcache_*
CopyEmpty=*\microsoft\windows\explorer\iconcache_*
# firefox
CopyAlways=*\places.sqlite
CopyAlways=*\xul.mfl
# windows installer etc
CopyAlways=*\qmgr0.dat
CopyAlways=*\qmgr1.dat
CopyAlways=*\infcache.1
CopyAlways=*\cbs.log
# internet explorer 10 web cache
CopyAlways=*\webcachev*.dat

2
SandboxiePlus/MiscHelpers/Common/PanelView.h
View File

@ -85,6 +85,8 @@ public:
virtual QTreeView* GetView() { return m_pTreeList; }
virtual QAbstractItemModel* GetModel() { return m_pTreeList->model(); }
virtual QVBoxLayout* GetLayout() { return m_pMainLayout; }
protected:
QVBoxLayout* m_pMainLayout;

4
SandboxiePlus/MiscHelpers/Common/SortFilterProxyModel.h
View File

@ -83,12 +83,12 @@ public slots:
void SetFilter(const QRegExp& Exp, bool bHighLight = false, int Col = -1) // -1 = any
{
QModelIndex idx;
if (m_pView) idx = m_pView->currentIndex();
//if (m_pView) idx = m_pView->currentIndex();
m_iColumn = Col;
m_bHighLight = bHighLight;
setFilterKeyColumn(Col);
setFilterRegExp(Exp);
if (m_pView) m_pView->setCurrentIndex(idx);
//if (m_pView) m_pView->setCurrentIndex(idx);
if (m_bHighLight)
emit layoutChanged();
}

45
SandboxiePlus/MiscHelpers/Common/TreeItemModel.cpp
View File

@ -130,7 +130,7 @@ void CSimpleTreeModel::Sync(const QMap<QVariant, QVariantMap>& List)
CTreeItemModel::Sync(New, Old);
}
void CTreeItemModel::Sync(QMap<QList<QVariant>, QList<STreeNode*> >& New, QHash<QVariant, STreeNode*>& Old)
void CTreeItemModel::Sync(QMap<QList<QVariant>, QList<STreeNode*> >& New, QHash<QVariant, STreeNode*>& Old, QList<QVariant>* pAdded)
{
Purge(m_Root, QModelIndex(), Old);
@ -140,7 +140,7 @@ void CTreeItemModel::Sync(QMap<QList<QVariant>, QList<STreeNode*> >& New, QHash<
//foreach(const QString& Path, New.uniqueKeys())
for(QMap<QList<QVariant>, QList<STreeNode*> >::const_iterator I = New.begin(); I != New.end(); I++)
Fill(m_Root, QModelIndex(), I.key(), 0, I.value(), I.key());
Fill(m_Root, QModelIndex(), I.key(), 0, I.value(), I.key(), pAdded);
emit layoutChanged();
}
@ -165,6 +165,15 @@ int CTreeItemModel::CountItems(STreeNode* pRoot)
return Counter;
}*/
CTreeItemModel::STreeNode* CTreeItemModel::MkVirtualNode(const QVariant& Id, STreeNode* pParent)
{
STreeNode* pNode = MkNode(Id);
pNode->Parent = pParent;
pNode->Virtual = true;
pNode->Values.resize(columnCount());
return pNode;
}
void CTreeItemModel::Purge(STreeNode* pParent, const QModelIndex &parent, QHash<QVariant, STreeNode*> &Old)
{
int Removed = 0;
@ -178,7 +187,7 @@ void CTreeItemModel::Purge(STreeNode* pParent, const QModelIndex &parent, QHash<
Purge(pNode, index(i, 0, parent), Old);
bool bRemove = false;
if(pNode && (pNode->ID.isNull() || (bRemove = Old.value(pNode->ID) != NULL)) && pNode->Children.isEmpty()) // remove it
if(pNode && (pNode->Virtual || pNode->ID.isNull() || (bRemove = Old.value(pNode->ID) != NULL)) && pNode->Children.isEmpty()) // remove it
{
//m_Map.remove(pNode->ID, pNode);
m_Map.remove(pNode->ID);
@ -227,7 +236,7 @@ void CTreeItemModel::Purge(STreeNode* pParent, const QModelIndex &parent, QHash<
}
}
void CTreeItemModel::Fill(STreeNode* pParent, const QModelIndex &parent, const QList<QVariant>& Paths, int PathsIndex, const QList<STreeNode*>& New, const QList<QVariant>& Path)
void CTreeItemModel::Fill(STreeNode* pParent, const QModelIndex &parent, const QList<QVariant>& Paths, int PathsIndex, const QList<STreeNode*>& New, const QList<QVariant>& Path, QList<QVariant>* pAdded)
{
if(Paths.size() > PathsIndex)
{
@ -239,9 +248,9 @@ void CTreeItemModel::Fill(STreeNode* pParent, const QModelIndex &parent, const Q
else
{
i = 0;
pNode = MkNode(QVariant());
pNode->Parent = pParent;
pNode->Values.resize(columnCount());
pNode = MkVirtualNode(CurPath, pParent);
pAdded->append(CurPath);
m_Map.insert(CurPath, pNode);
//int Count = pParent->Children.count();
//beginInsertRows(parent, Count, Count);
@ -250,7 +259,7 @@ void CTreeItemModel::Fill(STreeNode* pParent, const QModelIndex &parent, const Q
pParent->Children.append(pNode);
//endInsertRows();
}
Fill(pNode, index(i, 0, parent), Paths, PathsIndex + 1, New, Path);
Fill(pNode, index(i, 0, parent), Paths, PathsIndex + 1, New, Path, pAdded);
}
else
{
@ -342,6 +351,16 @@ bool CTreeItemModel::setData(const QModelIndex &index, const QVariant &value, in
return false;
}
QVariant CTreeItemModel::GetItemID(const QModelIndex& index) const
{
if (!index.isValid())
return QVariant();
STreeNode* pNode = static_cast<STreeNode*>(index.internalPointer());
return pNode->ID;
}
QVariant CTreeItemModel::Data(const QModelIndex &index, int role, int section) const
{
if (!index.isValid())
@ -492,16 +511,6 @@ int CTreeItemModel::rowCount(const QModelIndex &parent) const
return pNode->Children.count();
}
QVariant CSimpleTreeModel::GetItemID(const QModelIndex &index) const
{
if (!index.isValid())
return QVariant();
STreeNode* pNode = static_cast<STreeNode*>(index.internalPointer());
return pNode->ID;
}
int CSimpleTreeModel::columnCount(const QModelIndex &parent) const
{
return m_ColumnKeys.count();

14
SandboxiePlus/MiscHelpers/Common/TreeItemModel.h
View File

@ -20,6 +20,8 @@ public:
QModelIndex FindIndex(const QVariant& ID);
void RemoveIndex(const QModelIndex &index);
QVariant GetItemID(const QModelIndex& index) const;
QVariant Data(const QModelIndex &index, int role, int section) const;
// derived functions
@ -33,7 +35,7 @@ public:
virtual QVariant headerData(int section, Qt::Orientation orientation, int role = Qt::DisplayRole) const = 0;
public slots:
void Clear();
virtual void Clear();
signals:
void CheckChanged(const QVariant& ID, bool State);
@ -49,6 +51,8 @@ protected:
Row = 0;
//AllChildren = 0;
Virtual = false;
IsBold = false;
IsGray = false;
}
@ -65,6 +69,7 @@ protected:
QList<STreeNode*> Children;
//int AllChildren;
QMap<QVariant, int> Aux;
bool Virtual;
QVariant Icon;
bool IsBold;
@ -82,10 +87,11 @@ protected:
virtual QVariant NodeData(STreeNode* pNode, int role, int section) const;
virtual STreeNode* MkNode(const QVariant& Id) = 0; // { return new STreeNode(Id); }
virtual STreeNode* MkVirtualNode(const QVariant& Id, STreeNode* pParent);
void Sync(QMap<QList<QVariant>, QList<STreeNode*> >& New, QHash<QVariant, STreeNode*>& Old);
void Sync(QMap<QList<QVariant>, QList<STreeNode*> >& New, QHash<QVariant, STreeNode*>& Old, QList<QVariant>* pAdded = NULL);
void Purge(STreeNode* pParent, const QModelIndex &parent, QHash<QVariant, STreeNode*>& Old);
void Fill(STreeNode* pParent, const QModelIndex &parent, const QList<QVariant>& Paths, int PathsIndex, const QList<STreeNode*>& New, const QList<QVariant>& Path);
void Fill(STreeNode* pParent, const QModelIndex &parent, const QList<QVariant>& Paths, int PathsIndex, const QList<STreeNode*>& New, const QList<QVariant>& Path, QList<QVariant>* pAdded);
QModelIndex Find(STreeNode* pParent, STreeNode* pNode);
//int CountItems(STreeNode* pRoot);
@ -108,8 +114,6 @@ public:
void Sync(const QMap<QVariant, QVariantMap>& List);
QVariant GetItemID(const QModelIndex &index) const;
void AddColumn(const QString& Name, const QString& Key) { m_ColumnKeys.append(qMakePair(Name, Key)); }
virtual int columnCount(const QModelIndex &parent = QModelIndex()) const;

21
SandboxiePlus/QSbieAPI/SbieAPI.cpp
View File

@ -281,7 +281,7 @@ SB_STATUS CSbieAPI::Connect(bool withQueue)
m->lastRecordNum = 0;
// Note: this lib is not using all functions hence it can be compatible with multiple driver ABI revisions
QStringList CompatVersions = QStringList () << "5.48.5";
QStringList CompatVersions = QStringList () << "5.49.0";
QString CurVersion = GetVersion();
if (!CompatVersions.contains(CurVersion))
{
@ -1899,15 +1899,15 @@ bool CSbieAPI::IsMonitoring()
bool CSbieAPI::GetMonitor()
{
const int max_len = 1024;
USHORT type;
ULONG64 pid = 0;
ULONG64 tid = 0;
WCHAR data[max_len + 1] = { 0 };
ULONG type;
ULONG pid = 0;
ULONG tid = 0;
wchar_t* Buffer[4 * 1024];
ULONG Length = ARRAYSIZE(Buffer);
ULONG RecordNum = m->lastRecordNum;
__declspec(align(8)) UNICODE_STRING64 log_buffer = { 0, (USHORT)Length, (ULONG64)Buffer };
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_MONITOR_GET_EX_ARGS* args = (API_MONITOR_GET_EX_ARGS*)parms;
@ -1917,8 +1917,7 @@ bool CSbieAPI::GetMonitor()
args->log_type.val = &type;
args->log_pid.val = &pid;
args->log_tid.val = &tid;
args->log_len.val = max_len * sizeof(WCHAR);
args->log_ptr.val = data;
args->log_data.val = &log_buffer;
if (!NT_SUCCESS(m->IoControl(parms)))
return false; // error or no more entries
@ -1933,8 +1932,8 @@ bool CSbieAPI::GetMonitor()
if (m->clearingBuffers)
return true;
QString Data = QString::fromWCharArray(data);
if (Data.length() == max_len - 1) // if we got exactly the max length assume data were truncated and indicate accordingly...
QString Data = QString::fromWCharArray((wchar_t*)log_buffer.Buffer, log_buffer.Length / sizeof(wchar_t));
if (Data.length() == Length - 1) // if we got exactly the max length assume data were truncated and indicate accordingly...
Data += "...";
// cleanup debug output strings and drop empty once.

4
SandboxiePlus/QSbieAPI/SbieTrace.cpp
View File

@ -123,9 +123,9 @@ QString CTraceEntry::GetTypeStr() const
QString CTraceEntry::GetStautsStr() const
{
QString Status;
if (m_Type.Open)
if ((m_Type.Flags & MONITOR_DISPOSITION_MASK) == MONITOR_OPEN)
Status.append("Open ");
if (m_Type.Deny)
if ((m_Type.Flags & MONITOR_DISPOSITION_MASK) == MONITOR_DENY)
Status.append("Closed ");
if (m_Type.Trace)

74
SandboxiePlus/QSbieAPI/SbieTrace.h
View File

@ -23,58 +23,6 @@
#include "SbieStatus.h"
#define MONITOR_APICALL 0x000A
/*
// Log Event
#define TRACE_LOG_SYSCALL 0x00000001
#define TRACE_LOG_PIPE 0x00000002
#define TRACE_LOG_IPC 0x00000003
#define TRACE_LOG_WINCLASS 0x00000004
#define TRACE_LOG_DRIVE 0x00000005
#define TRACE_LOG_COMCLASS 0x00000006
#define TRACE_LOG_IGNORE 0x00000007
#define TRACE_LOG_IMAGE 0x00000008
#define TRACE_LOG_FILE 0x00000009
#define TRACE_LOG_KEY 0x0000000A
#define TRACE_LOG_OTHER1 0x0000000B
#define TRACE_LOG_OTHER2 0x0000000C
#define TRACE_LOG_OTHER3 0x0000000D
#define TRACE_LOG_OTHER4 0x0000000E
#define TRACE_LOG_APICALL 0x0000000F // needs the logapi.dll
#define TRACE_LOG_EVENT_MASK 0x000000FF
// Event States
#define TRACE_LOG_ALLOWED 0x00000100
#define TRACE_LOG_DENIED 0x00000200
#define TRACE_LOG_STATE_MASK 0x00000F00
// Event Results
#define TRACE_LOG_SUCCESS 0x00001000
#define TRACE_LOG_FAILED 0x00002000
#define TRACE_LOG_RESULT_MASK 0x0000F000
// Reserved
#define TRACE_LOG_RESERVED_MASK 0x00FFFF00
// Event Presets
#define TRACE_LOG_OPEN 0x01000000
#define TRACE_LOG_CLOSED 0x02000000
#define TRACE_LOG_READONLY 0x03000000
#define TRACE_LOG_HIDDEN 0x04000000
#define TRACE_LOG_REDIRECTED 0x05000000
#define TRACE_LOG_TYPE_MASK 0x0F000000
// Event Sources
#define TRACE_LOG_DLL 0x10000000
#define TRACE_LOG_DRV 0x20000000
#define TRACE_LOG_SVC 0x30000000
#define TRACE_LOG_TRACE 0x40000000
#define TRACE_LOG_SOURCE_MASK 0xF0000000
*/
class QSBIEAPI_EXPORT CTraceEntry : public QSharedData
{
@ -110,15 +58,23 @@ protected:
union
{
quint16 Flags;
quint32 Flags;
struct
{
quint16
Type : 12,
Open : 1,
Deny : 1,
User : 1,
Trace : 1;
quint32
Type : 8,
SubType : 8,
Disposition : 4,
Allowed : 1,
Denided : 1,
Success : 1,
Failed : 1,
Reserved : 6,
Trace : 1,
User : 1;
};
} m_Type;

39
SandboxiePlus/SandMan/Forms/SettingsWindow.ui
View File

@ -6,8 +6,8 @@
<rect>
<x>0</x>
<y>0</y>
<width>576</width>
<height>451</height>
<width>579</width>
<height>402</height>
</rect>
</property>
<property name="sizePolicy">
@ -80,16 +80,6 @@
<item row="0" column="1">
<widget class="QComboBox" name="uiLang"/>
</item>
<item row="1" column="1">
<widget class="QCheckBox" name="chkDarkTheme">
<property name="text">
<string>Use Dark Theme</string>
</property>
<property name="tristate">
<bool>true</bool>
</property>
</widget>
</item>
<item row="10" column="1">
<widget class="QCheckBox" name="chkShowTray">
<property name="text">
@ -114,26 +104,13 @@
</property>
</widget>
</item>
<item row="12" column="0">
<spacer name="horizontalSpacer_9">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="0" column="2">
<widget class="QLabel" name="label">
<property name="text">
<string>Restart required (!)</string>
</property>
<property name="alignment">
<set>Qt::AlignCenter</set>
<set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter</set>
</property>
</widget>
</item>
@ -204,6 +181,16 @@
</property>
</widget>
</item>
<item row="1" column="1" colspan="2">
<widget class="QCheckBox" name="chkDarkTheme">
<property name="text">
<string>Use Dark Theme (fully applied after a restart)</string>
</property>
<property name="tristate">
<bool>true</bool>
</property>
</widget>
</item>
</layout>
</item>
</layout>

156
SandboxiePlus/SandMan/Models/ResMonModel.cpp
View File

@ -1,156 +0,0 @@
#include "stdafx.h"
#include "ResMonModel.h"
#include "../MiscHelpers/Common/Common.h"
#include "../SbiePlusAPI.h"
CResMonModel::CResMonModel(QObject *parent)
:CListItemModel(parent)
{
}
CResMonModel::~CResMonModel()
{
}
//void CResMonModel::Sync(const QList<CTraceEntryPtr>& List, QSet<quint64> PIDs)
void CResMonModel::Sync(const QList<CTraceEntryPtr>& List)
{
QList<SListNode*> New;
QHash<QVariant, SListNode*> Old = m_Map;
int i = 0;
if (List.count() >= m_List.count() && m_List.count() > 0)
{
i = m_List.count() - 1;
if (m_List.at(i)->ID == List.at(i)->GetUID())
{
i++;
Old.clear();
}
else
i = 0;
}
for(; i < List.count(); i++)
{
CTraceEntryPtr pEntry = List.at(i);
QVariant ID = pEntry->GetUID();
//if (!PIDs.isEmpty() && !PIDs.contains(pEntry->GetProcessId()))
// continue;
int Row = -1;
QHash<QVariant, SListNode*>::iterator I = Old.find(ID);
STraceNode* pNode = I != Old.end() ? static_cast<STraceNode*>(I.value()) : NULL;
if(!pNode)
{
pNode = static_cast<STraceNode*>(MkNode(ID));
pNode->Values.resize(columnCount());
pNode->pEntry = pEntry;
New.append(pNode);
}
else
{
I.value() = NULL;
Row = GetRow(pNode);
}
int Col = 0;
bool State = false;
int Changed = 0;
/*int RowColor = CTaskExplorer::eNone;
if (pGDI->IsMarkedForRemoval() && CTaskExplorer::UseListColor(CTaskExplorer::eToBeRemoved)) RowColor = CTaskExplorer::eToBeRemoved;
else if (pGDI->IsNewlyCreated() && CTaskExplorer::UseListColor(CTaskExplorer::eAdded)) RowColor = CTaskExplorer::eAdded;
if (pNode->iColor != RowColor) {
pNode->iColor = RowColor;
pNode->Color = CTaskExplorer::GetListColor(RowColor);
Changed = 2;
}*/
for(int section = 0; section < columnCount(); section++)
{
if (!m_Columns.contains(section))
continue; // ignore columns which are hidden
QVariant Value;
switch(section)
{
case eProcess: Value = pEntry->GetProcessId(); break;
case eTimeStamp: Value = pEntry->GetUID(); break;
case eType: Value = pEntry->GetTypeStr(); break;
case eStatus: Value = pEntry->GetStautsStr(); break;
case eValue: Value = pEntry->GetMessage(); break;
}
STraceNode::SValue& ColValue = pNode->Values[section];
if (ColValue.Raw != Value)
{
if(Changed == 0)
Changed = 1;
ColValue.Raw = Value;
switch (section)
{
case eProcess:
{
CBoxedProcessPtr pProcess = theAPI->GetProcessById(pEntry->GetProcessId());
ColValue.Formated = QString("%1 (%2, %3)").arg(pProcess.isNull() ? tr("Unknown") : pProcess->GetProcessName()).arg(pEntry->GetProcessId()).arg(pEntry->GetThreadId());
break;
}
case eTimeStamp: ColValue.Formated = pEntry->GetTimeStamp().toString("hh:mm:ss.zzz"); break;
//case eType: ColValue.Formated = ; break;
//case eValue: ColValue.Formated = ; break;
}
}
if(State != (Changed != 0))
{
if(State && Row != -1)
emit dataChanged(createIndex(Row, Col), createIndex(Row, section-1));
State = (Changed != 0);
Col = section;
}
if(Changed == 1)
Changed = 0;
}
if(State && Row != -1)
emit dataChanged(createIndex(Row, Col, pNode), createIndex(Row, columnCount()-1, pNode));
}
CListItemModel::Sync(New, Old);
}
CTraceEntryPtr CResMonModel::GetEntry(const QModelIndex &index) const
{
if (!index.isValid())
return CTraceEntryPtr();
STraceNode* pNode = static_cast<STraceNode*>(index.internalPointer());
return pNode->pEntry;
}
int CResMonModel::columnCount(const QModelIndex &parent) const
{
return eCount;
}
QVariant CResMonModel::headerData(int section, Qt::Orientation orientation, int role) const
{
if (orientation == Qt::Horizontal && role == Qt::DisplayRole)
{
switch(section)
{
case eProcess: return tr("Process");
case eTimeStamp: return tr("Time Stamp");
case eType: return tr("Type");
case eStatus: return tr("Status");
case eValue: return tr("Value");
}
}
return QVariant();
}

43
SandboxiePlus/SandMan/Models/ResMonModel.h
View File

@ -1,43 +0,0 @@
#pragma once
#include <qwidget.h>
#include "../../QSbieAPI/SbieAPI.h"
#include "../../MiscHelpers/Common/ListItemModel.h"
class CResMonModel : public CListItemModel
{
Q_OBJECT
public:
CResMonModel(QObject *parent = 0);
~CResMonModel();
//void Sync(const QList<CTraceEntryPtr>& List, QSet<quint64> PIDs);
void Sync(const QList<CTraceEntryPtr>& List);
CTraceEntryPtr GetEntry(const QModelIndex &index) const;
int columnCount(const QModelIndex &parent = QModelIndex()) const;
QVariant headerData(int section, Qt::Orientation orientation, int role = Qt::DisplayRole) const;
enum EColumns
{
eProcess = 0,
eTimeStamp,
eType,
eStatus,
eValue,
eCount
};
protected:
struct STraceNode: SListNode
{
STraceNode(const QVariant& Id) : SListNode(Id), iColor(0) {}
CTraceEntryPtr pEntry;
int iColor;
};
virtual SListNode* MkNode(const QVariant& Id) { return new STraceNode(Id); }
};

285
SandboxiePlus/SandMan/Models/TraceModel.cpp Normal file
View File

@ -0,0 +1,285 @@
#include "stdafx.h"
#include "TraceModel.h"
#include "../MiscHelpers/Common/Common.h"
#include "../SbiePlusAPI.h"
CTraceModel::CTraceModel(QObject* parent)
:CTreeItemModel(parent)
{
m_Root = MkNode(QVariant());
m_LastCount = 0;
}
CTraceModel::~CTraceModel()
{
}
/*QList<QVariant> CTraceModel::MakePath(const CTraceEntryPtr& pEntry, const QList<CTraceEntryPtr>& EntryList)
{
quint64 ParentID = pEntry->GetParentWnd();
CTraceEntryPtr pParent = EntryList.value(ParentID);
QList<QVariant> Path;
if (!pParent.isNull() && ParentID != pEntry->GetHWnd())
{
Path = MakeWndPath(pParent, EntryList);
Path.append(ParentID);
}
return Path;
}
bool CTraceModel::TestPath(const QList<QVariant>& Path, const CTraceEntryPtr& pEntry, const QList<CTraceEntryPtr>& EntryList, int Index)
{
quint64 ParentID = pEntry->GetParentWnd();
CTraceEntryPtr pParent = EntryList.value(ParentID);
if (!pParent.isNull() && ParentID != pEntry->GetHWnd())
{
if (Index >= Path.size() || Path[Path.size() - Index - 1] != ParentID)
return false;
return TestWndPath(Path, pParent, EntryList, Index + 1);
}
return Path.size() == Index;
}*/
QList<QVariant> CTraceModel::Sync(const QList<CTraceEntryPtr>& EntryList)
{
QList<QVariant> Added;
QMap<QList<QVariant>, QList<STreeNode*> > New;
QHash<QVariant, STreeNode*> Old = m_Map;
// Note: since this is a log and we ever always only add entries we save cpu time by always skipping the already know portion of the list
int i = 0;
if (EntryList.count() >= m_LastCount && m_LastCount > 0)
{
i = m_LastCount - 1;
if (m_LastID == EntryList.at(i)->GetUID())
{
i++;
Old.clear();
}
else
i = 0;
}
for (; i < EntryList.count(); i++)
{
CTraceEntryPtr pEntry = EntryList.at(i);
quint64 ID = pEntry->GetUID();
QModelIndex Index;
QHash<QVariant, STreeNode*>::iterator I = Old.find(ID);
STraceNode* pNode = I != Old.end() ? static_cast<STraceNode*>(I.value()) : NULL;
if (!pNode /*|| (m_bTree ? !TestPath(pNode->Path, pEntry, EntryList) : !pNode->Path.isEmpty())*/)
{
pNode = static_cast<STraceNode*>(MkNode(ID));
pNode->Values.resize(columnCount());
if (m_bTree) {
pNode->Path.append(QString("pid_%1").arg(pEntry->GetProcessId()));
pNode->Path.append(QString("tid_%1").arg(pEntry->GetThreadId()));
//pNode->Path = MakePath(pEntry, EntryList);
}
pNode->pEntry = pEntry;
New[pNode->Path].append(pNode);
//Added.append(ID);
}
else
{
I.value() = NULL;
Index = Find(m_Root, pNode);
}
//if(Index.isValid()) // this is to slow, be more precise
// emit dataChanged(createIndex(Index.row(), 0, pNode), createIndex(Index.row(), columnCount()-1, pNode));
int Col = 0;
bool State = false;
int Changed = 0;
// Note: icons are loaded asynchroniusly
/*if (m_bUseIcons && !pNode->Icon.isValid() && m_Columns.contains(eHandle))
{
QPixmap Icon = pNode->pEntry->GetFileIcon();
if (!Icon.isNull()) {
Changed = true; // set change for first column
pNode->Icon = Icon;
}
}*/
for (int section = 0; section < columnCount(); section++)
{
if (!m_Columns.contains(section))
continue; // ignore columns which are hidden
QVariant Value;
switch (section)
{
//case eProcess: Value = pEntry->GetProcessId(); break;
//case eTimeStamp: Value = pEntry->GetUID(); break;
case eProcess: Value = pEntry->GetUID(); break;
case eType: Value = pEntry->GetTypeStr(); break;
case eStatus: Value = pEntry->GetStautsStr(); break;
case eValue: Value = pEntry->GetMessage(); break;
}
STraceNode::SValue& ColValue = pNode->Values[section];
if (ColValue.Raw != Value)
{
if (Changed == 0)
Changed = 1;
ColValue.Raw = Value;
switch (section)
{
/*case eProcess:
{
CBoxedProcessPtr pProcess = theAPI->GetProcessById(pEntry->GetProcessId());
ColValue.Formated = QString("%1 (%2, %3)").arg(pProcess.isNull() ? tr("Unknown") : pProcess->GetProcessName()).arg(pEntry->GetProcessId()).arg(pEntry->GetThreadId());
break;
}
case eTimeStamp: ColValue.Formated = pEntry->GetTimeStamp().toString("hh:mm:ss.zzz"); break;*/
case eProcess:
if(!m_bTree) {
QString Name = GetProcessName(pEntry->GetProcessId(), pEntry->GetThreadId());
ColValue.Formated = QString("%1 (%2, %3) - %4").arg(Name.isEmpty() ? tr("Unknown") : Name)
.arg(pEntry->GetProcessId()).arg(pEntry->GetThreadId()).arg(pEntry->GetTimeStamp().toString("hh:mm:ss.zzz"));
} else
ColValue.Formated = pEntry->GetTimeStamp().toString("hh:mm:ss.zzz");
break;
//case eType: ColValue.Formated = ; break;
//case eValue: ColValue.Formated = ; break;
}
}
if (State != (Changed != 0))
{
if (State && Index.isValid())
emit dataChanged(createIndex(Index.row(), Col, pNode), createIndex(Index.row(), section - 1, pNode));
State = (Changed != 0);
Col = section;
}
if (Changed == 1)
Changed = 0;
}
if (State && Index.isValid())
emit dataChanged(createIndex(Index.row(), Col, pNode), createIndex(Index.row(), columnCount() - 1, pNode));
}
m_LastCount = EntryList.count();
if(m_LastCount)
m_LastID = EntryList.last()->GetUID();
CTreeItemModel::Sync(New, Old, &Added);
return Added;
}
void CTraceModel::Clear()
{
m_LastCount = 0;
m_LastID.clear();
foreach(quint32 pid, m_PidMap.uniqueKeys()) {
SProgInfo& Info = m_PidMap[pid];
Info.Dirty = true;
Info.Threads.clear();
}
CTreeItemModel::Clear();
}
QString CTraceModel::GetProcessName(quint32 pid, quint32 tid)
{
SProgInfo& Info = m_PidMap[pid];
if (Info.Dirty) {
CBoxedProcessPtr pProcess = theAPI->GetProcessById(pid);
if(pProcess)
Info.Name = pProcess->GetProcessName();
}
if (tid && !Info.Threads.contains(tid)) {
Info.Threads.insert(tid);
Info.Dirty = true;
}
if (Info.Dirty) {
Info.Dirty = false;
emit NewBranche();
}
return Info.Name;
}
void CTraceModel::LogThreadId(quint32 pid, quint32 tid)
{
SProgInfo& Info = m_PidMap[pid];
if (!Info.Threads.contains(tid)) {
Info.Threads.insert(tid);
emit NewBranche();
}
}
CTraceModel::STreeNode* CTraceModel::MkVirtualNode(const QVariant& Id, STreeNode* pParent)
{
STreeNode* pNode = CTreeItemModel::MkVirtualNode(Id, pParent);
StrPair typeId = Split2(Id.toString(), "_");
if (typeId.first == "pid")
{
quint32 pid = typeId.second.toUInt();
QString Name = GetProcessName(pid);
pNode->Values[0].Raw = pid;
if(!Name.isEmpty())
pNode->Values[0].Formated = tr("%1 (%2)").arg(Name).arg(pid);
else
pNode->Values[0].Formated = tr("Process %1").arg(pid);
}
else // if (typeId.first == "tid")
{
quint32 tid = typeId.second.toUInt();
quint32 pid = Split2(pParent->ID.toString(), "_").second.toUInt();
LogThreadId(pid, tid);
pNode->Values[0].Raw = tid;
pNode->Values[0].Formated = tr("Thread %1").arg(tid);
}
return pNode;
}
CTraceEntryPtr CTraceModel::GetEntry(const QModelIndex& index) const
{
if (!index.isValid())
return CTraceEntryPtr();
STraceNode* pNode = static_cast<STraceNode*>(index.internalPointer());
ASSERT(pNode);
return pNode->pEntry;
}
int CTraceModel::columnCount(const QModelIndex& parent) const
{
return eCount;
}
QVariant CTraceModel::headerData(int section, Qt::Orientation orientation, int role) const
{
if (orientation == Qt::Horizontal && role == Qt::DisplayRole)
{
switch (section)
{
case eProcess: return tr("Process");
//case eTimeStamp: return tr("Time Stamp");
case eType: return tr("Type");
case eStatus: return tr("Status");
case eValue: return tr("Value");
}
}
return QVariant();
}

65
SandboxiePlus/SandMan/Models/TraceModel.h Normal file
View File

@ -0,0 +1,65 @@
#pragma once
#include <qwidget.h>
#include "../../QSbieAPI/SbieAPI.h"
#include "../../MiscHelpers/Common/TreeItemModel.h"
class CTraceModel : public CTreeItemModel
{
Q_OBJECT
public:
CTraceModel(QObject* parent = 0);
~CTraceModel();
QList<QVariant> Sync(const QList<CTraceEntryPtr>& EntryList);
CTraceEntryPtr GetEntry(const QModelIndex& index) const;
int columnCount(const QModelIndex& parent = QModelIndex()) const;
QVariant headerData(int section, Qt::Orientation orientation, int role = Qt::DisplayRole) const;
void Clear();
enum EColumns
{
eProcess = 0,
//eTimeStamp,
eType,
eStatus,
eValue,
eCount
};
struct SProgInfo
{
SProgInfo() { Dirty = true; }
QString Name;
bool Dirty;
QSet<quint32> Threads;
};
QMap<quint32, SProgInfo>GetPids() { return m_PidMap; }
signals:
void NewBranche();
protected:
struct STraceNode : STreeNode
{
STraceNode(const QVariant& Id) : STreeNode(Id) {}
CTraceEntryPtr pEntry;
};
QVariant m_LastID;
int m_LastCount;
virtual STreeNode* MkNode(const QVariant& Id) { return new STraceNode(Id); }
virtual STreeNode* MkVirtualNode(const QVariant& Id, STreeNode* pParent);
/*QList<QVariant> MakePath(const CTraceEntryPtr& pEntry, const QList<CTraceEntryPtr>& EntryList);
bool TestPath(const QList<QVariant>& Path, const CTraceEntryPtr& pEntry, const QList<CTraceEntryPtr>& EntryList, int Index = 0);*/
QString GetProcessName(quint32 pid, quint32 tid = 0);
void LogThreadId(quint32 pid, quint32 tid);
QMap<quint32, SProgInfo>m_PidMap;
};

1
SandboxiePlus/SandMan/Resources/SandMan.qrc
View File

@ -46,6 +46,7 @@
<file>SandMan2N.png</file>
<file>SandManN.png</file>
<file>Actions/finder.png</file>
<file>Actions/Tree.png</file>
</qresource>
<qresource prefix="/Boxes">
<file alias="Empty3">Boxes/sandbox-b-empty.png</file>

112
SandboxiePlus/SandMan/SandMan.cpp
View File

@ -6,7 +6,6 @@
#include "Views/SbieView.h"
#include "../MiscHelpers/Common/CheckableMessageBox.h"
#include <QWinEventNotifier>
//#include "ApiLog.h"
#include "./Dialogs/MultiErrorDialog.h"
#include "../QSbieAPI/SbieUtils.h"
#include "../QSbieAPI/Sandboxie/BoxBorder.h"
@ -17,7 +16,9 @@
#include "../MiscHelpers/Common/SettingsWidgets.h"
#include "Windows/OptionsWindow.h"
#include <QProxyStyle>
#include "../MiscHelpers/Common/TreeItemModel.h"
#include "../MiscHelpers/Common/ListItemModel.h"
#include "Views/TraceView.h"
CSbiePlusAPI* theAPI = NULL;
@ -121,7 +122,6 @@ CSandMan::CSandMan(QWidget *parent)
m_SbieTemplates = new CSbieTemplates(theAPI, this);
//m_ApiLog = NULL;
m_bConnectPending = false;
m_bStopPending = false;
@ -174,32 +174,8 @@ CSandMan::CSandMan(QWidget *parent)
m_pLogTabs->addTab(m_pMessageLog, tr("Sbie Messages"));
//
// Res Log
m_pResMonModel = new CResMonModel();
//m_pResMonModel->SetUseIcons(true);
m_pResourceLog = new CPanelViewEx(m_pResMonModel);
//m_pResourceLog->GetView()->setItemDelegate(theGUI->GetItemDelegate());
m_pResourceLog->GetView()->setSelectionMode(QAbstractItemView::ExtendedSelection);
m_pLogTabs->addTab(m_pResourceLog, tr("Resource Monitor"));
//
// Api Log
//m_pApiMonModel = new CApiMonModel();
////m_pApiMonModel->SetUseIcons(true);
//
//m_pApiCallLog = new CPanelViewEx(m_pApiMonModel);
//
////m_pApiCallLog->GetView()->setItemDelegate(theGUI->GetItemDelegate());
//
//m_pApiCallLog->GetView()->setSelectionMode(QAbstractItemView::ExtendedSelection);
//
//m_pLogTabs->addTab(m_pApiCallLog, tr("Api Call Log"));
//m_pApiCallLog->setEnabled(false);
//
m_pTraceView = new CTraceView(this);
m_pLogTabs->addTab(m_pTraceView, tr("Trace Log"));
// Tray
@ -314,16 +290,6 @@ void CSandMan::LoadState()
restoreGeometry(theConf->GetBlob("MainWindow/Window_Geometry"));
//m_pBoxTree->restoreState(theConf->GetBlob("MainWindow/BoxTree_Columns"));
m_pMessageLog->GetView()->header()->restoreState(theConf->GetBlob("MainWindow/LogList_Columns"));
QByteArray Columns = theConf->GetBlob("MainWindow/ResMonList_Columns");
if (!Columns.isEmpty())
((QTreeViewEx*)m_pResourceLog->GetView())->OnResetColumns();
else
((QTreeViewEx*)m_pResourceLog->GetView())->restoreState(Columns);
//Columns = theConf->GetBlob("MainWindow/ApiLogList_Columns");
//if (!Columns.isEmpty())
// ((QTreeViewEx*)m_pApiCallLog->GetView())->OnResetColumns();
//else
// ((QTreeViewEx*)m_pApiCallLog->GetView())->restoreState(Columns);
m_pLogSplitter->restoreState(theConf->GetBlob("MainWindow/Log_Splitter"));
m_pPanelSplitter->restoreState(theConf->GetBlob("MainWindow/Panel_Splitter"));
m_pLogTabs->setCurrentIndex(theConf->GetInt("MainWindow/LogTab", 0));
@ -334,8 +300,6 @@ void CSandMan::StoreState()
theConf->SetBlob("MainWindow/Window_Geometry", saveGeometry());
//theConf->SetBlob("MainWindow/BoxTree_Columns", m_pBoxTree->saveState());
theConf->SetBlob("MainWindow/LogList_Columns", m_pMessageLog->GetView()->header()->saveState());
theConf->SetBlob("MainWindow/ResMonList_Columns", m_pResourceLog->GetView()->header()->saveState());
//theConf->SetBlob("MainWindow/ApiLogList_Columns", m_pApiCallLog->GetView()->header()->saveState());
theConf->SetBlob("MainWindow/Log_Splitter", m_pLogSplitter->saveState());
theConf->SetBlob("MainWindow/Panel_Splitter", m_pPanelSplitter->saveState());
theConf->SetValue("MainWindow/LogTab", m_pLogTabs->currentIndex());
@ -404,8 +368,6 @@ void CSandMan::CreateMenus()
m_pCleanUpMenu->addSeparator();
m_pCleanUpMsgLog = m_pCleanUpMenu->addAction(tr("Cleanup Message Log"), this, SLOT(OnCleanUp()));
m_pCleanUpTrace = m_pCleanUpMenu->addAction(tr("Cleanup Trace Log"), this, SLOT(OnCleanUp()));
//m_pCleanUpTrace = m_pCleanUpMenu->addAction(tr("Cleanup Resource Log"), this, SLOT(OnCleanUp()));
//m_pCleanUpApiLog = m_pCleanUpMenu->addAction(tr("Cleanup Api Call Log"), this, SLOT(OnCleanUp()));
m_pKeepTerminated = m_pMenuView->addAction(CSandMan::GetIcon("Keep"), tr("Keep terminated"), this, SLOT(OnSetKeep()));
m_pKeepTerminated->setCheckable(true);
@ -417,11 +379,8 @@ void CSandMan::CreateMenus()
m_pEditIni = m_pMenuOptions->addAction(CSandMan::GetIcon("EditIni"), tr("Edit ini file"), this, SLOT(OnEditIni()));
m_pReloadIni = m_pMenuOptions->addAction(CSandMan::GetIcon("ReloadIni"), tr("Reload ini file"), this, SLOT(OnReloadIni()));
m_pMenuOptions->addSeparator();
m_pEnableMonitoring = m_pMenuOptions->addAction(CSandMan::GetIcon("SetLogging"), tr("Resource Logging"), this, SLOT(OnSetMonitoring()));
m_pEnableMonitoring = m_pMenuOptions->addAction(CSandMan::GetIcon("SetLogging"), tr("Trace Logging"), this, SLOT(OnSetMonitoring()));
m_pEnableMonitoring->setCheckable(true);
m_pMenuOptions->addSeparator();
//m_pEnableLogging = m_pMenuOptions->addAction(CSandMan::GetIcon("LogAPI"), tr("API Call Logging"), this, SLOT(OnSetLogging()));
//m_pEnableLogging->setCheckable(true);
m_pMenuHelp = menuBar()->addMenu(tr("&Help"));
@ -464,7 +423,6 @@ void CSandMan::CreateToolBar()
m_pToolBar->addAction(m_pEditIni);
m_pToolBar->addSeparator();
m_pToolBar->addAction(m_pEnableMonitoring);
//m_pToolBar->addAction(m_pEnableLogging);
m_pToolBar->addSeparator();
@ -635,7 +593,7 @@ void CSandMan::timerEvent(QTimerEvent* pEvent)
bool bIsMonitoring = theAPI->IsMonitoring();
m_pResourceLog->setEnabled(bIsMonitoring);
m_pTraceView->setEnabled(bIsMonitoring);
m_pEnableMonitoring->setChecked(bIsMonitoring);
}
@ -661,6 +619,7 @@ void CSandMan::timerEvent(QTimerEvent* pEvent)
theAPI->UpdateWindowMap();
m_pBoxView->Refresh();
m_pTraceView->Refresh();
OnSelectionChanged();
@ -760,7 +719,7 @@ void CSandMan::OnBoxClosed(const QString& BoxName)
void CSandMan::OnSelectionChanged()
{
QList<CBoxedProcessPtr> Processes = m_pBoxView->GetSelectedProcesses();
//QList<CBoxedProcessPtr> Processes = m_pBoxView->GetSelectedProcesses();
/*if (Processes.isEmpty())
{
QList<CSandBoxPtr>Boxes = m_pBoxView->GetSelectedBoxes();
@ -771,15 +730,6 @@ void CSandMan::OnSelectionChanged()
//QSet<quint64> Pids;
//foreach(const CBoxedProcessPtr& pProcess, Processes)
// Pids.insert(pProcess->GetProcessId());
QList<CTraceEntryPtr> ResourceLog = theAPI->GetTrace();
//m_pResMonModel->Sync(ResourceLog, Pids);
m_pResMonModel->Sync(ResourceLog);
//if (m_ApiLog) {
// QList<CApiLogEntryPtr> ApiCallLog = m_ApiLog->GetApiLog();
// m_pApiMonModel->Sync(ApiCallLog, Pids);
//}
}
void CSandMan::OnStatusChanged()
@ -864,7 +814,6 @@ void CSandMan::OnStatusChanged()
m_pEditIni->setEnabled(isConnected);
m_pReloadIni->setEnabled(isConnected);
m_pEnableMonitoring->setEnabled(isConnected);
//m_pEnableLogging->setEnabled(isConnected);
}
void CSandMan::OnMenuHover(QAction* action)
@ -1286,10 +1235,7 @@ void CSandMan::OnCleanUp()
m_pMessageLog->GetTree()->clear();
if (sender() == m_pCleanUpTrace || sender() == m_pCleanUpButton)
theAPI->ClearTrace();
//if (sender() == m_pCleanUpApiLog || sender() == m_pCleanUpButton)
// if(m_ApiLog) m_ApiLog->ClearApiLog();
m_pTraceView->Clear();
if (sender() == m_pCleanUpProcesses || sender() == m_pCleanUpButton)
theAPI->UpdateProcesses(false);
@ -1345,7 +1291,6 @@ void CSandMan::OnResetMsgs()
theConf->SetValue("Options/CheckForUpdates", 2);
theConf->SetValue("Options/NoEditInfo", true);
//theConf->SetValue("Options/ApiLogInfo", true);
theConf->SetValue("Options/BoxedExplorerInfo", true);
theConf->SetValue("Options/ExplorerInfo", true);
@ -1422,44 +1367,9 @@ void CSandMan::OnSetMonitoring()
if(m_pEnableMonitoring->isChecked() && !m_pToolBar->isVisible())
m_pLogTabs->show();
m_pResourceLog->setEnabled(m_pEnableMonitoring->isChecked());
m_pTraceView->setEnabled(m_pEnableMonitoring->isChecked());
}
//void CSandMan::OnSetLogging()
//{
// if (m_pEnableLogging->isChecked())
// {
// if (theConf->GetBool("Options/ApiLogInfo", true))
// {
// QString Message = tr("To use API logging you must first set up the LogApiDll from https://github.com/sandboxie-plus/LogApiDll with one or more sandboxes.\n"
// "Please download the latest release and set it up with the Sandboxie.ini as instructed in the README.md of the project.");
//
// bool State = false;
// CCheckableMessageBox::question(this, "Sandboxie-Plus", Message
// , tr("Don't show this message again."), &State, QDialogButtonBox::Ok, QDialogButtonBox::Ok, QMessageBox::Information);
//
// if (State)
// theConf->SetValue("Options/ApiLogInfo", false);
// }
//
// if (!m_pToolBar->isVisible())
// m_pLogTabs->show();
//
// if (!m_ApiLog) {
// m_ApiLog = new CApiLog();
// //m_pApiCallLog->setEnabled(true);
// }
// }
// else
// {
// if (m_ApiLog) {
// //m_pApiCallLog->setEnabled(false);
// m_ApiLog->deleteLater();
// m_ApiLog = NULL;
// }
// }
//}
void CSandMan::AddAsyncOp(const CSbieProgressPtr& pProgress)
{
m_pAsyncProgress.insert(pProgress.data(), pProgress);

14
SandboxiePlus/SandMan/SandMan.h
View File

@ -7,7 +7,7 @@
#include "../MiscHelpers/Common/PanelView.h"
#include "../MiscHelpers/Common/ProgressDialog.h"
#include "../MiscHelpers/Common/NetworkAccessManager.h"
#include "Models/ResMonModel.h"
#include "Models/TraceModel.h"
//#include "Models/ApiMonModel.h"
#include <QTranslator>
#include "Windows/PopUpWindow.h"
@ -19,9 +19,9 @@
#include "SbiePlusAPI.h"
class CSbieView;
//class CApiLog;
class CBoxBorder;
class CSbieTemplates;
class CTraceView;
class CSandMan : public QMainWindow
{
@ -67,8 +67,6 @@ protected:
CBoxBorder* m_pBoxBorder;
CSbieTemplates* m_SbieTemplates;
//CApiLog* m_ApiLog;
QMap<CSbieProgress*, CSbieProgressPtr> m_pAsyncProgress;
CNetworkAccessManager* m_RequestManager;
@ -129,7 +127,6 @@ private slots:
void OnEditIni();
void OnReloadIni();
void OnSetMonitoring();
//void OnSetLogging();
void OnExit();
void OnHelp();
@ -166,10 +163,7 @@ private:
QTabWidget* m_pLogTabs;
CPanelWidgetEx* m_pMessageLog;
CPanelViewEx* m_pResourceLog;
CResMonModel* m_pResMonModel;
//CPanelViewEx* m_pApiCallLog;
//CApiMonModel* m_pApiMonModel;
CTraceView* m_pTraceView;
QMenu* m_pMenuFile;
@ -202,7 +196,6 @@ private:
QAction* m_pCleanUpProcesses;
QAction* m_pCleanUpMsgLog;
QAction* m_pCleanUpTrace;
//QAction* m_pCleanUpApiLog;
QToolButton* m_pCleanUpButton;
QAction* m_pKeepTerminated;
@ -212,7 +205,6 @@ private:
QAction* m_pEditIni;
QAction* m_pReloadIni;
QAction* m_pEnableMonitoring;
//QAction* m_pEnableLogging;
QMenu* m_pMenuHelp;
QAction* m_pSupport;

8
SandboxiePlus/SandMan/SandMan.pri
View File

@ -7,8 +7,9 @@ HEADERS += ./stdafx.h \
./SandMan.h \
./SbiePlusAPI.h \
./Models/SbieModel.h \
./Models/ResMonModel.h \
./Models/TraceModel.h \
./Views/SbieView.h \
./Views/TraceView.h \
./Dialogs/MultiErrorDialog.h \
./Helpers/FindTool.h \
./Helpers/WinAdmin.h \
@ -23,9 +24,10 @@ SOURCES += ./main.cpp \
./stdafx.cpp \
./SandMan.cpp \
./SbiePlusAPI.cpp \
./Models/ResMonModel.cpp \
./Models/TraceModel.cpp \
./Models/SbieModel.cpp \
./Views/SbieView.cpp \
./Views/TraceView.cpp \
./Dialogs/MultiErrorDialog.cpp \
./Helpers/FindTool.cpp \
./Helpers/WinAdmin.cpp \
@ -45,6 +47,8 @@ FORMS += ./Forms/NewBoxWindow.ui \
./Forms/SnapshotsWindow.ui
TRANSLATIONS += sandman_de.ts \
sandman_es.ts \
sandman_it.ts \
sandman_pt.ts \
sandman_ru.ts \
sandman_pl.ts \

7
SandboxiePlus/SandMan/SandMan.vcxproj
View File

@ -200,7 +200,7 @@
<ClCompile Include="Helpers\WinAdmin.cpp" />
<ClCompile Include="Helpers\WindowFromPointEx.cpp" />
<ClCompile Include="main.cpp" />
<ClCompile Include="Models\ResMonModel.cpp" />
<ClCompile Include="Models\TraceModel.cpp" />
<ClCompile Include="Models\SbieModel.cpp" />
<ClCompile Include="SandMan.cpp" />
<ClCompile Include="SbiePlusAPI.cpp" />
@ -211,6 +211,7 @@
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
</ClCompile>
<ClCompile Include="Views\SbieView.cpp" />
<ClCompile Include="Views\TraceView.cpp" />
<ClCompile Include="Windows\NewBoxWindow.cpp" />
<ClCompile Include="Windows\OptionsWindow.cpp" />
<ClCompile Include="Windows\PopUpWindow.cpp" />
@ -219,6 +220,7 @@
<ClCompile Include="Windows\SnapshotsWindow.cpp" />
</ItemGroup>
<ItemGroup>
<QtMoc Include="Views\TraceView.h" />
<QtMoc Include="Windows\NewBoxWindow.h" />
<QtMoc Include="Windows\RecoveryWindow.h" />
<QtMoc Include="Windows\PopUpWindow.h" />
@ -228,7 +230,7 @@
<QtMoc Include="Views\SbieView.h" />
<QtMoc Include="SandMan.h" />
<QtMoc Include="Models\SbieModel.h" />
<QtMoc Include="Models\ResMonModel.h" />
<QtMoc Include="Models\TraceModel.h" />
<QtMoc Include="Dialogs\MultiErrorDialog.h" />
<ClInclude Include="Helpers\FindTool.h" />
<ClInclude Include="Helpers\WinAdmin.h" />
@ -256,6 +258,7 @@
<None Include="Resources\finder.cur" />
<None Include="sandman_de.ts" />
<None Include="sandman_es.ts" />
<None Include="sandman_it.ts" />
<None Include="sandman_pl.ts" />
<None Include="sandman_pt.ts" />
<None Include="sandman_ru.ts" />

21
SandboxiePlus/SandMan/SandMan.vcxproj.filters
View File

@ -63,9 +63,6 @@
<ClCompile Include="Views\SbieView.cpp">
<Filter>Views</Filter>
</ClCompile>
<ClCompile Include="Models\ResMonModel.cpp">
<Filter>Models</Filter>
</ClCompile>
<ClCompile Include="Dialogs\MultiErrorDialog.cpp">
<Filter>Dialogs</Filter>
</ClCompile>
@ -99,6 +96,12 @@
<ClCompile Include="Helpers\WindowFromPointEx.cpp">
<Filter>Helpers</Filter>
</ClCompile>
<ClCompile Include="Models\TraceModel.cpp">
<Filter>Models</Filter>
</ClCompile>
<ClCompile Include="Views\TraceView.cpp">
<Filter>Views</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="stdafx.h">
@ -124,9 +127,6 @@
<QtMoc Include="Views\SbieView.h">
<Filter>Views</Filter>
</QtMoc>
<QtMoc Include="Models\ResMonModel.h">
<Filter>Models</Filter>
</QtMoc>
<QtMoc Include="Dialogs\MultiErrorDialog.h">
<Filter>Dialogs</Filter>
</QtMoc>
@ -151,6 +151,12 @@
<QtMoc Include="Windows\NewBoxWindow.h">
<Filter>Windows</Filter>
</QtMoc>
<QtMoc Include="Models\TraceModel.h">
<Filter>Models</Filter>
</QtMoc>
<QtMoc Include="Views\TraceView.h">
<Filter>Views</Filter>
</QtMoc>
</ItemGroup>
<ItemGroup>
<QtRcc Include="Resources\SandMan.qrc">
@ -216,6 +222,9 @@
<None Include="sandman_es.ts">
<Filter>Translation Files</Filter>
</None>
<None Include="sandman_it.ts">
<Filter>Translation Files</Filter>
</None>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="SandMan.rc">

1
SandboxiePlus/SandMan/SbiePlusAPI.cpp
View File

@ -190,6 +190,7 @@ void CSandBoxPlus::SetLogApi(bool bEnable)
DelValue("InjectDll", "\\LogAPI\\logapi32.dll");
DelValue("InjectDll64", "\\LogAPI\\logapi64.dll");
}
m_bLogApiFound = bEnable;
}
void CSandBoxPlus::SetINetBlock(bool bEnable)

1
SandboxiePlus/SandMan/Views/SbieView.h
View File

@ -1,3 +1,4 @@
#pragma once
#include "../../MiscHelpers/Common/PanelView.h"
#include "../../MiscHelpers/Common/TreeviewEx.h"

200
SandboxiePlus/SandMan/Views/TraceView.cpp Normal file
View File

@ -0,0 +1,200 @@
#include "stdafx.h"
#include "TraceView.h"
#include "..\SandMan.h"
#include "../QSbieAPI/SbieAPI.h"
#include "..\Models\TraceModel.h"
#include "..\..\MiscHelpers\Common\Common.h"
class CTraceFilterProxyModel : public CSortFilterProxyModel
{
public:
CTraceFilterProxyModel(QObject* parrent = 0) : CSortFilterProxyModel(false, parrent)
{
m_FilterPid = 0;
m_FilterTid = 0;
}
bool filterAcceptsRow(int source_row, const QModelIndex& source_parent) const
{
CTraceModel* pTraceModel = (CTraceModel*)sourceModel();
QModelIndex index = pTraceModel->index(source_row, 0, source_parent);
//CTraceEntryPtr pEntry = pTraceModel->GetEntry(index);
//if (pEntry.data() == NULL)
{
QVariant Id = pTraceModel->GetItemID(index);
StrPair typeId = Split2(Id.toString(), "_");
if (m_FilterPid != 0 && typeId.first == "pid") {
if (m_FilterPid != typeId.second.toUInt())
return false;
}
if (m_FilterTid != 0 && typeId.first == "tid") {
if (m_FilterTid != typeId.second.toUInt())
return false;
}
}
return CSortFilterProxyModel::filterAcceptsRow(source_row, source_parent);
}
quint32 m_FilterPid;
quint32 m_FilterTid;
};
CTraceView::CTraceView(QWidget* parent) : CPanelWidget<QTreeViewEx>(parent)
{
//m_pTreeList->setItemDelegate(theGUI->GetItemDelegate());
m_pTreeList->setSelectionMode(QAbstractItemView::ExtendedSelection);
m_pTraceToolBar = new QToolBar();
m_pTraceTree = m_pTraceToolBar->addAction(CSandMan::GetIcon("Tree"), tr("Show as task tree"), this, SLOT(OnSetTree()));
m_pTraceTree->setCheckable(true);
m_pTraceTree->setChecked(theConf->GetBool("Options/UseLogTree"));
m_pTraceToolBar->addSeparator();
m_pTraceToolBar->layout()->setSpacing(3);
m_pTraceToolBar->addWidget(new QLabel(tr("PID:")));
m_pTracePid = new QComboBox();
m_pTracePid->addItem(tr("[All]"), 0);
m_pTracePid->setMinimumWidth(225);
connect(m_pTracePid, SIGNAL(currentIndexChanged(int)), this, SLOT(OnSetPidFilter()));
m_pTraceToolBar->addWidget(m_pTracePid);
m_pTraceToolBar->addWidget(new QLabel(tr("TID:")));
m_pTraceTid = new QComboBox();
m_pTraceTid->addItem(tr("[All]"), 0);
m_pTraceTid->setMinimumWidth(75);
connect(m_pTraceTid, SIGNAL(currentIndexChanged(int)), this, SLOT(OnSetTidFilter()));
m_pTraceToolBar->addWidget(m_pTraceTid);
m_pMainLayout->setSpacing(0);
m_pMainLayout->insertWidget(0, m_pTraceToolBar);
m_pTraceModel = new CTraceModel();
m_pTraceModel->SetTree(m_pTraceTree->isChecked());
connect(m_pTraceModel, SIGNAL(NewBranche()), this, SLOT(UpdateFilters()));
m_pSortProxy = new CTraceFilterProxyModel(this);
m_pSortProxy->setSortRole(Qt::EditRole);
m_pSortProxy->setSourceModel(m_pTraceModel);
m_pSortProxy->setDynamicSortFilter(true);
m_pTreeList->setModel(m_pSortProxy);
m_pSortProxy->setView(m_pTreeList);
m_pTreeList->setSelectionMode(QAbstractItemView::ExtendedSelection);
#ifdef WIN32
QStyle* pStyle = QStyleFactory::create("windows");
m_pTreeList->setStyle(pStyle);
#endif
m_pTreeList->setExpandsOnDoubleClick(false);
m_pTreeList->setSortingEnabled(true);
m_pTreeList->setContextMenuPolicy(Qt::CustomContextMenu);
connect(m_pTreeList, SIGNAL(customContextMenuRequested(const QPoint&)), this, SLOT(OnMenu(const QPoint&)));
m_pTreeList->setColumnReset(1);
//connect(m_pTreeList, SIGNAL(ResetColumns()), m_pTreeList, SLOT(OnResetColumns()));
//connect(m_pBoxTree, SIGNAL(ColumnChanged(int, bool)), this, SLOT(OnColumnsChanged()));
m_pMainLayout->addWidget(CFinder::AddFinder(m_pTreeList, m_pSortProxy));
QByteArray Columns = theConf->GetBlob("MainWindow/TraceLog_Columns");
if (!Columns.isEmpty())
((QTreeViewEx*)GetView())->OnResetColumns();
else
((QTreeViewEx*)GetView())->restoreState(Columns);
}
CTraceView::~CTraceView()
{
theConf->SetBlob("MainWindow/TraceLog_Columns", GetView()->header()->saveState());
}
void CTraceView::Refresh()
{
QList<CTraceEntryPtr> ResourceLog = theAPI->GetTrace();
//m_pTraceModel->Sync(ResourceLog, Pids);
QList<QVariant> Added = m_pTraceModel->Sync(ResourceLog);
if (m_pTraceModel->IsTree())
{
QTimer::singleShot(100, this, [this, Added]() {
CSortFilterProxyModel* pSortProxy = (CSortFilterProxyModel*)GetModel();
foreach(const QVariant ID, Added) {
m_pTreeList->expand(pSortProxy->mapFromSource(m_pTraceModel->FindIndex(ID)));
}
});
}
}
void CTraceView::Clear()
{
m_pTracePid->clear();
m_pTracePid->addItem(tr("[All]"), 0);
m_pTraceTid->clear();
m_pTraceTid->addItem(tr("[All]"), 0);
theAPI->ClearTrace();
m_pTraceModel->Clear();
}
void CTraceView::OnSetTree()
{
m_pTraceModel->SetTree(m_pTraceTree->isChecked());
m_pTraceModel->Clear();
theConf->SetValue("Options/UseLogTree", m_pTraceTree->isChecked());
}
void CTraceView::UpdateFilters()
{
quint32 cur_pid = m_pTracePid->currentData().toUInt();
QMap<quint32, CTraceModel::SProgInfo> pids = m_pTraceModel->GetPids();
foreach(quint32 pid, pids.uniqueKeys()) {
CTraceModel::SProgInfo& Info = pids[pid];
if(m_pTracePid->findData(pid) == -1)
m_pTracePid->addItem(tr("%1 (%2)").arg(Info.Name).arg(pid), pid);
if (cur_pid != 0 && cur_pid != pid)
continue;
foreach(quint32 tid, Info.Threads) {
if (m_pTraceTid->findData(tid) == -1)
m_pTraceTid->addItem(tr("%1").arg(tid), tid);
}
}
}
void CTraceView::OnSetPidFilter()
{
m_pSortProxy->m_FilterPid = m_pTracePid->currentData().toUInt();
m_pSortProxy->m_FilterTid = 0;
QTimer::singleShot(100, this, [this]() {
m_pTraceTid->clear();
m_pTraceTid->addItem(tr("[All]"), 0);
UpdateFilters();
});
m_pSortProxy->setFilterKeyColumn(m_pSortProxy->filterKeyColumn());
m_pTreeList->expandAll();
}
void CTraceView::OnSetTidFilter()
{
m_pSortProxy->m_FilterTid = m_pTraceTid->currentData().toUInt();
m_pSortProxy->setFilterKeyColumn(m_pSortProxy->filterKeyColumn());
m_pTreeList->expandAll();
}

37
SandboxiePlus/SandMan/Views/TraceView.h Normal file
View File

@ -0,0 +1,37 @@
#pragma once
#include "../../MiscHelpers/Common/PanelView.h"
#include "../../MiscHelpers/Common/TreeviewEx.h"
#include "../Models/SbieModel.h"
class CTraceFilterProxyModel;
class CTraceModel;
class CTraceView : public CPanelWidget<QTreeViewEx>
{
Q_OBJECT
public:
CTraceView(QWidget* parent = 0);
~CTraceView();
void Refresh();
void Clear();
public slots:
void OnSetTree();
void OnSetPidFilter();
void OnSetTidFilter();
private slots:
void UpdateFilters();
protected:
CTraceModel* m_pTraceModel;
CTraceFilterProxyModel* m_pSortProxy;
QToolBar* m_pTraceToolBar;
QAction* m_pTraceTree;
QComboBox* m_pTracePid;
QComboBox* m_pTraceTid;
};

3
SandboxiePlus/SandMan/Windows/OptionsWindow.cpp
View File

@ -156,6 +156,7 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
connect(ui.chkBlockNetShare, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkBlockNetParam, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkDropRights, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkFakeElevation, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkBlockSpooler, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkOpenSpooler, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
@ -2078,6 +2079,8 @@ void COptionsWindow::OnAddUser()
return;
ui.lstUsers->addItems(Users);
m_AdvancedChanged = true;
}
void COptionsWindow::OnDelUser()

2
SandboxiePlus/SandMan/Windows/SettingsWindow.cpp
View File

@ -360,7 +360,7 @@ void CSettingsWindow::OnTab()
QTreeWidgetItem* pItem = new QTreeWidgetItem();
pItem->setText(0, pTemplate->GetText("Tmpl.Title"));
pItem->setData(0, Qt::UserRole, I.key());
pItem->setCheckState(0, (I.value() & CSbieTemplates::eEnabled) ? Qt::Checked : Qt::Unchecked);
pItem->setCheckState(0, (I.value() & CSbieTemplates::eDisabled) == 0 ? Qt::Checked : Qt::Unchecked);
ui.treeCompat->addTopLevelItem(pItem);
}

2
SandboxiePlus/version.h
View File

@ -2,7 +2,7 @@
#define VERSION_MJR 0
#define VERSION_MIN 7
#define VERSION_REV 1
#define VERSION_REV 2
#define VERSION_UPD 0
#ifndef STR