This commit is contained in:
DavidXanatos 2024-05-12 15:39:15 +02:00
parent 7bf2c03dea
commit 4cca2a4c0f
2 changed files with 23 additions and 2 deletions

View File

@ -161,6 +161,7 @@ _FX BOX *Process_GetForcedStartBox(
ULONG alert;
BOOLEAN check_force;
BOOLEAN is_start_exe;
BOOLEAN image_sbie;
BOOLEAN force_alert;
BOOLEAN dfp_already_added;
BOOLEAN same_image_name;
@ -248,7 +249,7 @@ _FX BOX *Process_GetForcedStartBox(
// when the process is start.exe we ignore the CurDir and DocArg
//
Process_IsSbieImage(ImagePath, NULL, &is_start_exe);
Process_IsSbieImage(ImagePath, &image_sbie, &is_start_exe);
if ((! box) && CurDir && !is_start_exe)
box = Process_CheckBoxPath(&boxes, CurDir);
@ -284,7 +285,15 @@ _FX BOX *Process_GetForcedStartBox(
Process_DfpInsert(PROCESS_TERMINATED, ProcessId);
}
if (!box) {
//
// Check if the parent process has its children forced to be sandboxes
// exempt sandboxie components from this as start.exe can be used to
// open selected processes in other boxes or set Dfp when desired.
//
// we also must Excempt conhost.exe for console applications
//
if (!box && !image_sbie && _wcsicmp(ImageName, L"conhost.exe") != 0) {
WCHAR boxname[BOXNAME_COUNT];

View File

@ -2409,6 +2409,18 @@ MSG_HEADER *SbieIniServer::RunSbieCtrl(MSG_HEADER *msg, HANDLE idProcess, bool i
MSG_HEADER *SbieIniServer::RC4Crypt(MSG_HEADER *msg, HANDLE idProcess, bool isSandboxed)
{
//
// The purpose of this function is to provide a simple machien bound obfuscation
// for example to store passwords which are required in plain text.
// To this end we use a Random 64 bit key which is generated once and stored in the registry
// as well as the rc4 algorythm for the encryption, applying the same transformation twice
// yealds the original plaintext, hence only one function is sufficient.
//
// Please note that neider the mechanism nor the use rc4 algorythm can be considdered
// cryptographically secure by any means.
// This mechanism is only good for simple obfuscation of non critical data.
//
SBIE_INI_RC4_CRYPT_REQ *req = (SBIE_INI_RC4_CRYPT_REQ *)msg;
if (req->h.length < sizeof(SBIE_INI_RC4_CRYPT_REQ))
return SHORT_REPLY(STATUS_INVALID_PARAMETER);