From 4fcdc5fee3e5b4b971cdeba9b82a3fb8bd2c680c Mon Sep 17 00:00:00 2001 From: DavidXanatos Date: Wed, 4 Nov 2020 10:18:57 +0100 Subject: [PATCH] SbieLdr --- Sandboxie/apps/ldr/SbieLdr.vcxproj | 8 ++--- Sandboxie/apps/ldr/global.h | 6 +++- Sandboxie/apps/ldr/main.c | 58 +++++++++++++++++++++++++++--- 3 files changed, 62 insertions(+), 10 deletions(-) diff --git a/Sandboxie/apps/ldr/SbieLdr.vcxproj b/Sandboxie/apps/ldr/SbieLdr.vcxproj index 19038ec9..fed2a7d4 100644 --- a/Sandboxie/apps/ldr/SbieLdr.vcxproj +++ b/Sandboxie/apps/ldr/SbieLdr.vcxproj @@ -101,7 +101,7 @@ Console - SbieDll.lib;%(AdditionalDependencies) + SbieDll.lib;ntdll.lib;%(AdditionalDependencies) @@ -114,7 +114,7 @@ Console - SbieDll.lib;%(AdditionalDependencies) + SbieDll.lib;ntdll.lib;%(AdditionalDependencies) @@ -128,7 +128,7 @@ Console - SbieDll.lib;%(AdditionalDependencies) + SbieDll.lib;ntdll.lib;%(AdditionalDependencies) @@ -142,7 +142,7 @@ Console - SbieDll.lib;%(AdditionalDependencies) + SbieDll.lib;ntdll.lib;%(AdditionalDependencies) diff --git a/Sandboxie/apps/ldr/global.h b/Sandboxie/apps/ldr/global.h index 8b9286d2..26eeedda 100644 --- a/Sandboxie/apps/ldr/global.h +++ b/Sandboxie/apps/ldr/global.h @@ -15,8 +15,12 @@ * along with this program. If not, see . */ +#include +#define WIN32_NO_STATUS +typedef long NTSTATUS; + #include #include #include "core/dll/sbiedll.h" - +#include "common/win32_ntddk.h" diff --git a/Sandboxie/apps/ldr/main.c b/Sandboxie/apps/ldr/main.c index 24ee533a..ad605945 100644 --- a/Sandboxie/apps/ldr/main.c +++ b/Sandboxie/apps/ldr/main.c @@ -20,16 +20,64 @@ #include "common/my_version.h" #include "msgs/msgs.h" -int __cdecl wmain(int argc, char **argv) +int __cdecl wmain(int argc, wchar_t **argv) { - int errlvl = SbieDll_InjectLow_InitHelper(); + STARTUPINFOW si = { 0 }; + PROCESS_INFORMATION pi = { 0 }; + BOOLEAN isWow64 = FALSE; + ULONG errlvl; + if (argc < 2) { + fprintf(stderr, "Usage: SbieLdr EXE\n"); + fprintf(stderr, "Inject a SbieDll.dll into a process during start up.\n"); + return 1; + } + + errlvl = SbieDll_InjectLow_InitHelper(); if (errlvl) { - //LogEvent(MSG_9234, 0x9241, errlvl); + fprintf(stderr, "Failed to initialize helper 0x%08X.\n", errlvl); return errlvl; } - SbieDll_InjectLow_InitSyscalls(FALSE); + errlvl = SbieDll_InjectLow_InitSyscalls(FALSE); + if (errlvl) { + fprintf(stderr, "Failed to initialize syscalls 0x%08X.\n", errlvl); + return errlvl; + } - return 0; + si.cb = sizeof(STARTUPINFO); + if (!CreateProcessW(NULL, argv[1], NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &si, &pi)) { + fprintf(stderr, "CreateProcess(\"%S\") failed; error code = 0x%08X\n", argv[1], GetLastError()); + return 1; + } + +#ifdef _WIN64 + ULONG_PTR peb32; + if (!NT_SUCCESS(NtQueryInformationProcess(pi.hProcess, ProcessWow64Information, &peb32, sizeof(ULONG_PTR), NULL))) { + fprintf(stderr, "NtQueryInformationProcess failed; error code = 0x%08X\n", GetLastError()); + errlvl = 1; + goto finish; + } + isWow64 = !!peb32; +#endif + + errlvl = SbieDll_InjectLow(pi.hProcess, isWow64, 2, FALSE); + if (errlvl) { + fprintf(stderr, "inject failed 0x%08X, prcess terminate.\n", errlvl); + goto finish; + } + + if (ResumeThread(pi.hThread) == -1) { + fprintf(stderr, "ResumeThread failed; error code = 0x%08X\n", GetLastError()); + errlvl = 1; + goto finish; + } + +finish: + if(errlvl) + TerminateProcess(pi.hProcess, -1); + + CloseHandle(pi.hProcess); + + return errlvl; }