From 5305777215e3915739b15ba984ad6d95975e8156 Mon Sep 17 00:00:00 2001
From: love-code-yeyixiao <188240888@qq.com>
Date: Sat, 2 Mar 2024 15:50:29 +0800
Subject: [PATCH] Added ability to prevent image capture of windows in a
sandbox.
---
Sandboxie/core/dll/gui.c | 25 ++
SandboxiePlus/SandMan/Forms/OptionsWindow.ui | 349 +++++++++---------
.../SandMan/Windows/OptionsAdvanced.cpp | 4 +
3 files changed, 205 insertions(+), 173 deletions(-)
diff --git a/Sandboxie/core/dll/gui.c b/Sandboxie/core/dll/gui.c
index 89579605..0cdd497e 100644
--- a/Sandboxie/core/dll/gui.c
+++ b/Sandboxie/core/dll/gui.c
@@ -1629,6 +1629,8 @@ _FX LRESULT Gui_WindowProcA(
if (uMsg == WM_SETTEXT && Gui_ShouldCreateTitle(hWnd))
new_lParam = (LPARAM)Gui_CreateTitleA((UCHAR *)lParam);
+ if (uMsg == WM_CREATE)
+ ProtectScreen(hWnd);
else
new_lParam = lParam;
@@ -2702,3 +2704,26 @@ _FX BOOLEAN ComDlg32_Init(HMODULE module)
return TRUE;
}
+
+_FX VOID ProtectScreen(HWND hWnd) {
+ WCHAR buffer[BOXNAME_COUNT] = { L"\0" };
+ SbieApi_QueryProcess(GetCurrentProcess(), buffer, 0, 0, 0);
+ if (SbieApi_QueryConfBool(buffer, L"IsProtectScreen", FALSE)) {
+ OSVERSIONINFOEX os;
+ os.dwOSVersionInfoSize = sizeof(os);
+ if (GetVersionEx(&os))
+ {
+ if (os.dwMajorVersion == 6) {
+ HMODULE hDll = GetModuleHandleW(L"user32.dll");
+ if (hDll != NULL && hDll != INVALID_HANDLE_VALUE) {
+ typedef BOOL(*LPSETWINDOWDISPLAYAFFINITY)(HWND, DWORD);
+ LPSETWINDOWDISPLAYAFFINITY swda = GetProcAddress(hDll, "SetWindowDisplayAffinity");
+ if (swda) {
+ swda(hWnd, 0x00000001);
+ }
+
+ }
+ }
+ }
+ }
+}
diff --git a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
index c4f2beb9..86f2958a 100644
--- a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
+++ b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
@@ -45,7 +45,7 @@
QTabWidget::North
- 10
+ 1
@@ -1004,7 +1004,7 @@
-
- 0
+ 2
@@ -1346,176 +1346,179 @@
Box Protection
-
-
-
-
-
-
-
-
- Qt::Horizontal
-
-
-
- 40
- 20
-
-
-
-
- -
-
-
- Deny Process
-
-
-
- -
-
-
- Qt::Vertical
-
-
-
- 20
- 40
-
-
-
-
- -
-
-
- Remove
-
-
-
- -
-
-
- Issue message 1318/1317 when a host process tries to access a sandboxed process/the box root
-
-
-
- -
-
-
- true
-
-
-
- Process
-
-
-
-
- Action
-
-
-
-
-
-
-
-
-
- -
-
-
- Qt::Vertical
-
-
-
- 20
- 40
-
-
-
-
- -
-
-
- Show Templates
-
-
-
- -
-
-
-
- 75
- true
- true
-
-
-
- Protect the sandbox integrity itself
-
-
- Box Protection
-
-
-
- -
-
-
- Sandboxie-Plus is able to create confidential sandboxes that provide robust protection against unauthorized surveillance or tampering by host processes. By utilizing an encrypted sandbox image, this feature delivers the highest level of operational confidentiality, ensuring the safety and integrity of sandboxed processes.
-
-
- true
-
-
-
- -
-
-
- Allow Process
-
-
-
- -
-
-
- Protect processes in this box from being accessed by specified unsandboxed host processes.
-
-
- false
-
-
-
- -
-
-
-
- 20
- 0
-
-
-
-
- 20
- 16777215
-
-
-
-
-
-
-
- -
-
-
- Allow useful Windows processes access to protected processes
-
-
-
- -
-
-
- Protect processes within this box from host processes
-
-
-
-
+
+ -
+
+
+ Sandboxie-Plus is able to create confidential sandboxes that provide robust protection against unauthorized surveillance or tampering by host processes. By utilizing an encrypted sandbox image, this feature delivers the highest level of operational confidentiality, ensuring the safety and integrity of sandboxed processes.
+
+
+ true
+
+
+
+ -
+
+
+ Protect processes within this box from host processes
+
+
+
+ -
+
+
+ Deny Process
+
+
+
+ -
+
+
+ Issue message 1318/1317 when a host process tries to access a sandboxed process/the box root
+
+
+
+ -
+
+
+ Allow useful Windows processes access to protected processes
+
+
+
+ -
+
+
+ Qt::Horizontal
+
+
+
+ 471
+ 20
+
+
+
+
+ -
+
+
+ Qt::Vertical
+
+
+
+ 20
+ 40
+
+
+
+
+ -
+
+
+ Qt::Vertical
+
+
+
+ 20
+ 76
+
+
+
+
+ -
+
+
+ Remove
+
+
+
+ -
+
+
+ Allow Process
+
+
+
+ -
+
+
+ Protect processes in this box from being accessed by specified unsandboxed host processes.
+
+
+ false
+
+
+
+ -
+
+
+
+ 20
+ 0
+
+
+
+
+ 20
+ 16777215
+
+
+
+
+
+
+
+ -
+
+
+ Show Templates
+
+
+
+ -
+
+
+ true
+
+
+
+ Process
+
+
+
+
+ Action
+
+
+
+
+
+
+
+
+
+ -
+
+
+
+ 75
+ true
+ true
+
+
+
+ Protect the sandbox integrity itself
+
+
+ Box Protection
+
+
+
+ -
+
+
+ Prevents getting an image of the window in the sandbox.
+
+
@@ -4505,7 +4508,7 @@ instead of "*".
0
0
- 92
+ 75
16
diff --git a/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp b/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
index cc764f06..15ff45ac 100644
--- a/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
+++ b/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
@@ -104,6 +104,7 @@ void COptionsWindow::CreateAdvanced()
connect(ui.chkShowHostProcTmpl, SIGNAL(clicked(bool)), this, SLOT(OnShowHostProcTmpl()));
connect(ui.chkConfidential, SIGNAL(clicked(bool)), this, SLOT(OnConfidentialChanged()));
connect(ui.chkLessConfidential, SIGNAL(clicked(bool)), this, SLOT(OnLessConfidentialChanged()));
+ connect(ui.chkProtectWindow, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkNotifyProtect, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.treeInjectDll, SIGNAL(itemChanged(QTreeWidgetItem *, int)), this, SLOT(OnToggleInjectDll(QTreeWidgetItem *, int)));
@@ -260,6 +261,7 @@ void COptionsWindow::LoadAdvanced()
ui.chkLessConfidential->setChecked(m_BoxTemplates.contains("LessConfidentialBox"));
ui.chkNotifyProtect->setChecked(m_pBox->GetBool("NotifyBoxProtected", false));
+ ui.chkProtectWindow->setChecked(m_pBox->GetBool("IsProtectScreen"));
QStringList Users = m_pBox->GetText("Enabled").split(",");
ui.lstUsers->clear();
@@ -463,6 +465,8 @@ void COptionsWindow::SaveAdvanced()
WriteAdvancedCheck(ui.chkConfidential, "ConfidentialBox", "y", "");
WriteAdvancedCheck(ui.chkNotifyProtect, "NotifyBoxProtected", "y", "");
+ WriteAdvancedCheck(ui.chkProtectWindow, "IsProtectScreen", "y", "n");
+
QStringList Users;
for (int i = 0; i < ui.lstUsers->count(); i++)
Users.append(ui.lstUsers->item(i)->text());