1.1.0
This commit is contained in:
parent
28135c638b
commit
6db5f65097
|
@ -629,8 +629,14 @@ BOOLEAN Handle_Init(void);
|
|||
|
||||
BOOLEAN Key_Init(void);
|
||||
|
||||
extern BOOLEAN Key_Delete_v2;
|
||||
BOOLEAN Key_InitDelete_v2();
|
||||
|
||||
BOOLEAN File_Init(void);
|
||||
|
||||
extern BOOLEAN File_Delete_v2;
|
||||
BOOLEAN File_InitDelete_v2();
|
||||
|
||||
BOOLEAN Ipc_Init(void);
|
||||
|
||||
BOOLEAN Secure_Init(void);
|
||||
|
|
|
@ -276,6 +276,21 @@ _FX void Dll_InitInjected(void)
|
|||
|
||||
Dll_SidStringLen = wcslen(Dll_SidString);
|
||||
|
||||
|
||||
//
|
||||
// break for the debugger, as soon as we have Dll_ImageName
|
||||
//
|
||||
|
||||
if (SbieDll_CheckStringInList(Dll_ImageName, NULL, L"WaitForDebugger")) {
|
||||
//if (SbieDll_GetSettingsForName_bool(NULL, Dll_ImageName, L"WaitForDebugger", FALSE)) {
|
||||
//if (SbieApi_QueryConfBool(NULL, L"WaitForDebuggerAll", FALSE)) {
|
||||
while (!IsDebuggerPresent()) {
|
||||
OutputDebugString(L"Waiting for Debugger\n");
|
||||
Sleep(500);
|
||||
} __debugbreak();
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// query Sandboxie home folder
|
||||
//
|
||||
|
@ -447,6 +462,12 @@ _FX void Dll_InitInjected(void)
|
|||
if (ok)
|
||||
ok = Gui_InitConsole1();
|
||||
|
||||
// we need ipc stuff to be up hance we initialize delete stuff second to last
|
||||
if (ok && File_Delete_v2)
|
||||
File_InitDelete_v2();
|
||||
if (ok && Key_Delete_v2)
|
||||
Key_InitDelete_v2();
|
||||
|
||||
if (ok) // Note: Ldr_Init may cause rpcss to be started early
|
||||
ok = Ldr_Init(); // last to initialize
|
||||
|
||||
|
@ -464,46 +485,10 @@ _FX void Dll_InitInjected(void)
|
|||
ExitProcess(-1);
|
||||
}
|
||||
|
||||
extern BOOLEAN File_Delete_v2;
|
||||
extern BOOLEAN File_InitDelete_v2();
|
||||
if (File_Delete_v2)
|
||||
File_InitDelete_v2();
|
||||
|
||||
extern BOOLEAN Key_Delete_v2;
|
||||
extern BOOLEAN Key_InitDelete_v2();
|
||||
if (Key_Delete_v2)
|
||||
Key_InitDelete_v2();
|
||||
|
||||
Dll_InitComplete = TRUE;
|
||||
|
||||
if (! Dll_RestrictedToken)
|
||||
CustomizeSandbox();
|
||||
|
||||
/*while (! IsDebuggerPresent()) {
|
||||
OutputDebugString(L"BREAK\n");
|
||||
Sleep(500);
|
||||
}
|
||||
__debugbreak();*/
|
||||
|
||||
/*if (_wcsicmp(Dll_ImageName, L"iexplore.exe") == 0) {
|
||||
WCHAR *cmd = GetCommandLine();
|
||||
if (wcsstr(cmd, L"SCODEF")) {
|
||||
|
||||
while (! IsDebuggerPresent()) {
|
||||
OutputDebugString(L"BREAK\n");
|
||||
Sleep(500);
|
||||
}
|
||||
__debugbreak();
|
||||
}
|
||||
}*/
|
||||
|
||||
/*if (_wcsicmp(Dll_ImageName, L"dllhost.exe") == 0) {
|
||||
while (! IsDebuggerPresent()) {
|
||||
OutputDebugString(L"BREAK\n");
|
||||
Sleep(500);
|
||||
}
|
||||
__debugbreak();
|
||||
}*/
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -184,7 +184,6 @@ _FX BOOLEAN Hook_Tramp_CountBytes(
|
|||
void *SysProc, ULONG *ByteCount, BOOLEAN is64, BOOLEAN probe)
|
||||
{
|
||||
UCHAR *addr = (UCHAR *)SysProc;
|
||||
//ULONG needlen = (is64 == 9 ? 13 : (is64 ? 12 : (File_TrusteerLoaded()?6:5)));
|
||||
ULONG needlen = (is64 ? 12 : 5);
|
||||
ULONG copylen = 0;
|
||||
|
||||
|
|
|
@ -45,12 +45,6 @@ static NTSTATUS Obj_NtQueryVirtualMemory(
|
|||
SIZE_T Length,
|
||||
SIZE_T *ResultLength);
|
||||
|
||||
static NTSTATUS Obj_NtQueryInformationProcess(
|
||||
HANDLE ProcessHandle,
|
||||
PROCESSINFOCLASS ProcessInformationClass,
|
||||
PVOID ProcessInformation,
|
||||
ULONG ProcessInformationLength,
|
||||
PULONG ReturnLength);
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Variables
|
||||
|
@ -61,8 +55,6 @@ static P_NtQueryObject __sys_NtQueryObject = NULL;
|
|||
|
||||
P_NtQueryVirtualMemory __sys_NtQueryVirtualMemory = NULL;
|
||||
|
||||
P_NtQueryInformationProcess __sys_NtQueryInformationProcess = NULL;
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Obj_Init
|
||||
|
@ -76,7 +68,6 @@ _FX BOOLEAN Obj_Init(void)
|
|||
#else
|
||||
SBIEDLL_HOOK(Obj_,NtQueryObject);
|
||||
SBIEDLL_HOOK(Obj_,NtQueryVirtualMemory);
|
||||
SBIEDLL_HOOK(Obj_,NtQueryInformationProcess);
|
||||
#endif
|
||||
return TRUE;
|
||||
}
|
||||
|
@ -411,42 +402,3 @@ finish:
|
|||
SetLastError(LastError);
|
||||
return status;
|
||||
}
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Obj_NtQueryVirtualMemory
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX NTSTATUS Obj_NtQueryInformationProcess(
|
||||
HANDLE ProcessHandle,
|
||||
PROCESSINFOCLASS ProcessInformationClass,
|
||||
PVOID ProcessInformation,
|
||||
ULONG ProcessInformationLength,
|
||||
PULONG ReturnLength)
|
||||
{
|
||||
NTSTATUS status;
|
||||
ULONG outlen;
|
||||
|
||||
status = __sys_NtQueryInformationProcess(
|
||||
ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, &outlen);
|
||||
|
||||
if (ProcessInformationClass == ProcessImageFileName && ProcessInformation != NULL)
|
||||
{
|
||||
//
|
||||
// since file paths are always shorter without the sandbox prefix we can keep this simple
|
||||
//
|
||||
|
||||
ULONG tmplen;
|
||||
PUNICODE_STRING fileName = (PUNICODE_STRING)ProcessInformation;
|
||||
|
||||
tmplen = File_NtQueryObjectName(fileName, fileName->MaximumLength);
|
||||
|
||||
if (tmplen)
|
||||
outlen = sizeof(UNICODE_STRING) + tmplen;
|
||||
}
|
||||
|
||||
if (ReturnLength)
|
||||
*ReturnLength = outlen;
|
||||
|
||||
return status;
|
||||
}
|
|
@ -291,7 +291,7 @@ static P_WinExec __sys_WinExec = NULL;
|
|||
static P_RunSetupCommandW __sys_RunSetupCommandW = NULL;
|
||||
|
||||
static P_NtSetInformationProcess __sys_NtSetInformationProcess = NULL;
|
||||
static P_NtQueryInformationProcess __sys_NtQueryInformationProcess = NULL;
|
||||
P_NtQueryInformationProcess __sys_NtQueryInformationProcess = NULL;
|
||||
|
||||
static P_NtCreateProcessEx __sys_NtCreateProcessEx = NULL;
|
||||
|
||||
|
@ -2766,6 +2766,17 @@ _FX NTSTATUS Proc_NtQueryInformationProcess(
|
|||
}
|
||||
}
|
||||
|
||||
/*if (ProcessInformationClass == ProcessImageFileName && ProcessInformation != NULL) {
|
||||
|
||||
ULONG tmplen;
|
||||
PUNICODE_STRING fileName = (PUNICODE_STRING)ProcessInformation;
|
||||
|
||||
tmplen = File_NtQueryObjectName(fileName, fileName->MaximumLength);
|
||||
|
||||
if (tmplen)
|
||||
outlen = sizeof(UNICODE_STRING) + tmplen;
|
||||
}*/
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
|
|
|
@ -82,7 +82,6 @@ const ULONG tzuk = 'xobs';
|
|||
// WinMain
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
ULONG Dll_Windows = 0;
|
||||
|
||||
int WinMain(
|
||||
HINSTANCE hInstance,
|
||||
|
@ -97,9 +96,6 @@ int WinMain(
|
|||
_Ntdll = GetModuleHandle(L"ntdll.dll");
|
||||
_Kernel32 = GetModuleHandle(L"kernel32.dll");
|
||||
GetSystemInfo(&_SystemInfo);
|
||||
if (GetProcAddress(_Ntdll, "LdrFastFailInLoaderCallout")) {
|
||||
Dll_Windows = 10;
|
||||
}
|
||||
|
||||
WCHAR *cmdline = GetCommandLine();
|
||||
if (cmdline) {
|
||||
|
|
Loading…
Reference in New Issue