From 5b9a2ea4a0852d8f29c42c4ed7b299b9b9eb81b2 Mon Sep 17 00:00:00 2001 From: DavidXanatos <3890945+DavidXanatos@users.noreply.github.com> Date: Sun, 16 Jun 2024 13:29:05 +0200 Subject: [PATCH] 1.14.2 --- CHANGELOG.md | 8 ++-- Sandboxie/core/dll/kernel.c | 67 +++++++++++++++++++++++++++++++++ Sandboxie/install/Templates.ini | 1 + 3 files changed, 72 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2d120949..99925bd3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,15 +11,15 @@ This project adheres to [Semantic Versioning](http://semver.org/). - added SbieIni option to modify password-protected configs [#3903](https://github.com/sandboxie-plus/Sandboxie/issues/3903) - usage: set|append|insert|delete [/passwd:********]
- note: use /passwd without the password to have SbieIni prompot for the password on the console, this hides the password from view and from bing captured with the command line +- added checkbox for PromptForInternetAccess option to the New Box Wizard ### Fixed - fixed security issue with the newly introduced experimental "UseCreateToken=y" machanism - fixed issue with "UseCreateToken=y" when using a MSFT online account - fixed Export sandbox not containing hidden files [#3980](https://github.com/sandboxie-plus/Sandboxie/issues/3980) (thanks L4cache) - -### Added -- added checkbox for PromptForInternetAccess option to the New Box Wizard - +- fixed Chrome stopped printing [#3926](https://github.com/sandboxie-plus/Sandboxie/issues/3926) + - Sandboxie will add CustomChromiumFlags=--disable-features=PrintCompositorLPAC to chrome based browsers command line + - Note: Less Privileged App Container (LPAC) don't work with sandboxie currently diff --git a/Sandboxie/core/dll/kernel.c b/Sandboxie/core/dll/kernel.c index 76bc7fae..62f4390b 100644 --- a/Sandboxie/core/dll/kernel.c +++ b/Sandboxie/core/dll/kernel.c @@ -24,11 +24,15 @@ //#include "common/win32_ntddk.h" #include "dll.h" +#define CONF_LINE_LEN 2000 // keep in sync with drv/conf.c //--------------------------------------------------------------------------- // Functions Prototypes //--------------------------------------------------------------------------- +typedef LPWSTR (*P_GetCommandLineW)(VOID); + +typedef LPSTR (*P_GetCommandLineA)(VOID); typedef EXECUTION_STATE (*P_SetThreadExecutionState)(EXECUTION_STATE esFlags); @@ -50,6 +54,12 @@ typedef BOOL (*P_QueryPerformanceCounter)(LARGE_INTEGER* lpPerformanceCount); //--------------------------------------------------------------------------- +P_GetCommandLineW __sys_GetCommandLineW = NULL; +P_GetCommandLineA __sys_GetCommandLineA = NULL; + +UNICODE_STRING Kernel_CommandLineW = { 0 }; +ANSI_STRING Kernel_CommandLineA = { 0 }; + P_SetThreadExecutionState __sys_SetThreadExecutionState = NULL; //P_Sleep __sys_Sleep = NULL; P_SleepEx __sys_SleepEx = NULL; @@ -63,6 +73,9 @@ P_QueryPerformanceCounter __sys_QueryPerformanceCounter = NULL; // Functions //--------------------------------------------------------------------------- +static LPWSTR Kernel_GetCommandLineW(VOID); + +static LPSTR Kernel_GetCommandLineA(VOID); static EXECUTION_STATE Kernel_SetThreadExecutionState(EXECUTION_STATE esFlags); @@ -88,6 +101,36 @@ _FX BOOLEAN Kernel_Init() { HMODULE module = Dll_Kernel32; + if (Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) { + + RTL_USER_PROCESS_PARAMETERS* ProcessParms = Proc_GetRtlUserProcessParameters(); + + if (!wcsstr(ProcessParms->CommandLine.Buffer, L" --type=")) { // don't add flags to child processes + + NTSTATUS status; + WCHAR CustomChromiumFlags[CONF_LINE_LEN]; + status = SbieApi_QueryConfAsIs(NULL, L"CustomChromiumFlags", 0, CustomChromiumFlags, ARRAYSIZE(CustomChromiumFlags)); + if (NT_SUCCESS(status)) { + + Kernel_CommandLineW.MaximumLength = ProcessParms->CommandLine.MaximumLength + (CONF_LINE_LEN + 8) * sizeof(WCHAR); + Kernel_CommandLineW.Buffer = LocalAlloc(LMEM_FIXED,Kernel_CommandLineW.MaximumLength); + wcscpy(Kernel_CommandLineW.Buffer, ProcessParms->CommandLine.Buffer); + if(Kernel_CommandLineW.Buffer[ProcessParms->CommandLine.Length/sizeof(WCHAR) - 1] != L' ') + wcscat(Kernel_CommandLineW.Buffer, L" "); + wcscat(Kernel_CommandLineW.Buffer, CustomChromiumFlags); + Kernel_CommandLineW.Length = wcslen(Kernel_CommandLineW.Buffer) * sizeof(WCHAR); + + RtlUnicodeStringToAnsiString(&Kernel_CommandLineA, &Kernel_CommandLineW, TRUE); + + void* GetCommandLineW = GetProcAddress(Dll_KernelBase ? Dll_KernelBase : Dll_Kernel32, "GetCommandLineW"); + SBIEDLL_HOOK(Kernel_, GetCommandLineW); + + void* GetCommandLineA = GetProcAddress(Dll_KernelBase ? Dll_KernelBase : Dll_Kernel32, "GetCommandLineA"); + SBIEDLL_HOOK(Kernel_, GetCommandLineA); + } + } + } + if (SbieApi_QueryConfBool(NULL, L"BlockInterferePower", FALSE)) { SBIEDLL_HOOK(Kernel_, SetThreadExecutionState); @@ -114,6 +157,30 @@ _FX BOOLEAN Kernel_Init() } +//--------------------------------------------------------------------------- +// Kernel_GetCommandLineW +//--------------------------------------------------------------------------- + + +_FX LPWSTR Kernel_GetCommandLineW(VOID) +{ + return Kernel_CommandLineW.Buffer; + //return __sys_GetCommandLineW(); +} + + +//--------------------------------------------------------------------------- +// Kernel_GetCommandLineA +//--------------------------------------------------------------------------- + + +_FX LPSTR Kernel_GetCommandLineA(VOID) +{ + return Kernel_CommandLineA.Buffer; + //return __sys_GetCommandLineA(); +} + + //--------------------------------------------------------------------------- // Kernel_SetThreadExecutionState //--------------------------------------------------------------------------- diff --git a/Sandboxie/install/Templates.ini b/Sandboxie/install/Templates.ini index 51b07d76..f48b5f0a 100644 --- a/Sandboxie/install/Templates.ini +++ b/Sandboxie/install/Templates.ini @@ -538,6 +538,7 @@ SpecialImage=chrome,Amazon Music.exe PreferExternalManifest=spotify.exe,y +CustomChromiumFlags=--disable-features=PrintCompositorLPAC #