1.15.1

2024-10-21 16:51:13 +02:00 · 2024-10-21 16:51:13 +02:00 · 5f248c4779
parent d6976196c1
commit 5f248c4779
5 changed files with 76 additions and 36 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -8,7 +8,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).

 ### Fixed
 - fixed Sandboxie crypto fails to start in red boxes
-
+- fixed issue with breakout process when usign explorer.exe



--- a/Sandboxie/core/dll/dll.h
+++ b/Sandboxie/core/dll/dll.h
@ -603,6 +603,8 @@ ULONG_PTR ProtectCall4(
    void *CallAddress,
    ULONG_PTR Arg1, ULONG_PTR Arg2, ULONG_PTR Arg3, ULONG_PTR Arg4);

+BOOL SH32_BreakoutDocument(const WCHAR* path, ULONG len);
+
 BOOL SH32_DoRunAs(
    const WCHAR *CmdLine, const WCHAR *WorkDir,
    PROCESS_INFORMATION *pi, BOOL *cancelled);
--- a/Sandboxie/core/dll/proc.c
+++ b/Sandboxie/core/dll/proc.c
@ -1307,6 +1307,28 @@ _FX BOOL Proc_CreateProcessInternalW(
            }
        }
    }
+
+    //
+    // Explorer does not use ShellExecuteExW, so for explorer we set BreakoutDocumentProcess=explorer.exe,y 
+    // in the Tempaltes.ini and check whenever explorer wants to start a process
+    //
+
+    if (lpCommandLine && Config_GetSettingsForImageName_bool(L"BreakoutDocumentProcess", FALSE))
+    {
+        const WCHAR* temp = lpCommandLine;
+        if (*temp == L'"') temp = wcschr(temp + 1, L'"');
+        else temp = wcschr(temp, L' ');
+        if (temp) while (*++temp == L' ');
+
+        const WCHAR* arg1 = temp;
+        const WCHAR* arg1_end = NULL;
+        if (*arg1 == L'"') temp = wcschr(arg1 + 1, L'"');
+        if (!arg1_end) arg1_end = wcschr(arg1, L'\0');
+        
+        if (arg1 && arg1 != arg1_end && SH32_BreakoutDocument(arg1, (ULONG)(arg1_end - arg1)))
+            return TRUE;
+    }
+
 #endif

    //
--- a/Sandboxie/core/dll/sh.c
+++ b/Sandboxie/core/dll/sh.c
@ -303,6 +303,54 @@ _FX WCHAR *SH32_AdjustPath(WCHAR *src, WCHAR **pArgs)
 }


+//---------------------------------------------------------------------------
+// SH32_BreakoutDocument
+//---------------------------------------------------------------------------
+
+
+_FX BOOL SH32_BreakoutDocument(const WCHAR* path, ULONG len)
+{
+    if (SbieDll_CheckPatternInList(path, len, NULL, L"BreakoutDocument")) {
+
+        NTSTATUS status;
+        static WCHAR* _QueueName = NULL;
+
+        if (!_QueueName) {
+            _QueueName = Dll_Alloc(32 * sizeof(WCHAR));
+            Sbie_snwprintf(_QueueName, 32, L"*USERPROXY_%08X", Dll_SessionId);
+        }
+
+        ULONG path_len = (len + 1) * sizeof(WCHAR);
+        ULONG req_len = sizeof(USER_SHELL_EXEC_REQ) + path_len;
+        ULONG path_pos = sizeof(USER_SHELL_EXEC_REQ);
+
+        USER_SHELL_EXEC_REQ* req = (USER_SHELL_EXEC_REQ*)Dll_AllocTemp(req_len);
+
+        WCHAR* path_buff = ((UCHAR*)req) + path_pos;
+        memcpy(path_buff, path, path_len);
+
+        req->msgid = USER_SHELL_EXEC;
+
+        req->FileNameOffset = path_pos;
+
+        ULONG* rpl = SbieDll_CallProxySvr(_QueueName, req, req_len, sizeof(*rpl), 100);
+        if (!rpl)
+            status = STATUS_INTERNAL_ERROR;
+        else {
+            status = rpl[0];
+
+            Dll_Free(rpl);
+        }
+
+        Dll_Free(req);
+
+        return TRUE;
+    }
+
+    return FALSE;
+}
+
+
 //---------------------------------------------------------------------------
 // SH32_ShellExecuteExW
 //---------------------------------------------------------------------------
@ -324,42 +372,9 @@ _FX BOOL SH32_ShellExecuteExW(SHELLEXECUTEINFOW *lpExecInfo)
    //

    if (lpExecInfo->lpFile) {
-        if (SbieDll_CheckPatternInList(lpExecInfo->lpFile, (ULONG)wcslen(lpExecInfo->lpFile), NULL, L"BreakoutDocument")) {

-            NTSTATUS status;
-            static WCHAR* _QueueName = NULL;
-
-            if (!_QueueName) {
-                _QueueName = Dll_Alloc(32 * sizeof(WCHAR));
-                Sbie_snwprintf(_QueueName, 32, L"*USERPROXY_%08X", Dll_SessionId);
-            }
-
-            ULONG path_len = (wcslen(lpExecInfo->lpFile) + 1) * sizeof(WCHAR);
-            ULONG req_len = sizeof(USER_SHELL_EXEC_REQ) + path_len;
-            ULONG path_pos = sizeof(USER_SHELL_EXEC_REQ);
-
-            USER_SHELL_EXEC_REQ *req = (USER_SHELL_EXEC_REQ *)Dll_AllocTemp(req_len);
-
-            WCHAR* path_buff = ((UCHAR*)req) + path_pos;
-            memcpy(path_buff, lpExecInfo->lpFile, path_len);
-
-            req->msgid = USER_SHELL_EXEC;
-
-            req->FileNameOffset = path_pos;
-
-            ULONG *rpl = SbieDll_CallProxySvr(_QueueName, req, req_len, sizeof(*rpl), 100);
-            if (!rpl)
-                status = STATUS_INTERNAL_ERROR;
-            else {
-                status = rpl[0];
-
-                Dll_Free(rpl);
-            }
-
-            Dll_Free(req);
-
-            return NT_SUCCESS(status);
-        }
+        if (SH32_BreakoutDocument(lpExecInfo->lpFile, wcslen(lpExecInfo->lpFile)))
+            return TRUE;
    }

    //
--- a/Sandboxie/install/Templates.ini
+++ b/Sandboxie/install/Templates.ini
@ -592,6 +592,7 @@ ClosedClsid={C2F03A33-21F5-47FA-B4BB-156362A2F239}
 ClosedClsid={470C0EBD-5D73-4D58-9CED-E91E22E23282}
 # never fake admin rights for explorer.exe (issue 3516)
 FakeAdminRights=explorer.exe,n
+BreakoutDocumentProcess=explorer.exe,y

 [Template_ThirdPartyIsolation]
 # block VMNet0 virtual network configuration (issue 1102)