1.7.3
This commit is contained in:
parent
504bdcd03d
commit
7249835ba6
16
CHANGELOG.md
16
CHANGELOG.md
|
@ -5,6 +5,22 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [1.7.3 / 5.62.3] - 2023-02-??
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
- 'OpenProtectedStorage=y' has been replaced with a template
|
||||||
|
- moved all built in access rules to a set of default tempaltes
|
||||||
|
- moved WinInetCache controll to a tempalte OpenWinInetCache, 'CloseWinInetCache=y' is now obsolete
|
||||||
|
- added hook for CreateAppContainerToken, should also improve compatybility with other apps
|
||||||
|
-- note: Template_Edge_Fix is no longer required
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
- added AppContainer support for Compartment type boxes
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## [1.7.2 / 5.62.2] - 2023-02-05
|
## [1.7.2 / 5.62.2] - 2023-02-05
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
|
@ -21,8 +21,8 @@
|
||||||
#ifndef _MY_VERSION_H
|
#ifndef _MY_VERSION_H
|
||||||
#define _MY_VERSION_H
|
#define _MY_VERSION_H
|
||||||
|
|
||||||
#define MY_VERSION_BINARY 5,62,2
|
#define MY_VERSION_BINARY 5,62,3
|
||||||
#define MY_VERSION_STRING "5.62.2"
|
#define MY_VERSION_STRING "5.62.3"
|
||||||
#define MY_ABI_VERSION 0x56000
|
#define MY_ABI_VERSION 0x56000
|
||||||
|
|
||||||
// These #defines are used by either Resource Compiler or NSIS installer
|
// These #defines are used by either Resource Compiler or NSIS installer
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2004-2020 Sandboxie Holdings, LLC
|
* Copyright 2004-2020 Sandboxie Holdings, LLC
|
||||||
* Copyright 2020-2021 David Xanatos, xanasoft.com
|
* Copyright 2020-2023 David Xanatos, xanasoft.com
|
||||||
*
|
*
|
||||||
* This program is free software: you can redistribute it and/or modify
|
* This program is free software: you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License as published by
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
@ -426,10 +426,6 @@ _FX BOOLEAN SbieDll_IsOpenClsid(
|
||||||
0x3480A401, 0xBDE9, 0x4407,
|
0x3480A401, 0xBDE9, 0x4407,
|
||||||
{ 0xBC, 0x02, 0x79, 0x8A, 0x86, 0x6A, 0xC0, 0x51 } };
|
{ 0xBC, 0x02, 0x79, 0x8A, 0x86, 0x6A, 0xC0, 0x51 } };
|
||||||
|
|
||||||
static const GUID CLSID_WinInetCache = {
|
|
||||||
0x0358B920, 0x0AC7, 0x461F,
|
|
||||||
{ 0x98, 0xF4, 0x58, 0xE3, 0x2C, 0xD8, 0x91, 0x48 } };
|
|
||||||
|
|
||||||
//
|
//
|
||||||
// open the null clsid to open all
|
// open the null clsid to open all
|
||||||
//
|
//
|
||||||
|
@ -455,15 +451,6 @@ _FX BOOLEAN SbieDll_IsOpenClsid(
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
|
||||||
// Sbie builds after 5.27-1 broke IE's source view and cache,
|
|
||||||
// by opening WinInetCache here and in Ipc_InitPaths.
|
|
||||||
// with CloseWinInetCache=y this change can be undone
|
|
||||||
//
|
|
||||||
|
|
||||||
if (((Dll_OsBuild >= 10240) && memcmp(rclsid, &CLSID_WinInetCache, sizeof(GUID)) == 0) && !SbieApi_QueryConfBool(NULL, L"CloseWinInetCache", FALSE)) // this breaks IE view source
|
|
||||||
return TRUE;
|
|
||||||
|
|
||||||
//
|
//
|
||||||
// initialize list of user-configured CLSID exclusions
|
// initialize list of user-configured CLSID exclusions
|
||||||
//
|
//
|
||||||
|
|
|
@ -146,8 +146,6 @@ DEFINE_GUID(GUID_SANDBOXIE,
|
||||||
static const WCHAR *Cred_SimpleCred = L"SimpleCred-";
|
static const WCHAR *Cred_SimpleCred = L"SimpleCred-";
|
||||||
static const WCHAR *Cred_DomainCred = L"DomainCred-";
|
static const WCHAR *Cred_DomainCred = L"DomainCred-";
|
||||||
|
|
||||||
extern const WCHAR *Pst_OpenProtectedStorage;
|
|
||||||
|
|
||||||
|
|
||||||
//static BOOLEAN Cred_Trace = FALSE;
|
//static BOOLEAN Cred_Trace = FALSE;
|
||||||
|
|
||||||
|
@ -177,7 +175,8 @@ _FX BOOLEAN Cred_Init_AdvApi(HMODULE module)
|
||||||
// don't hook anything
|
// don't hook anything
|
||||||
//
|
//
|
||||||
|
|
||||||
if (SbieApi_QueryConfBool(NULL, Pst_OpenProtectedStorage, FALSE))
|
ULONG mp_flags = SbieDll_MatchPath(L'i', L"\\RPC Control\\protected_storage");
|
||||||
|
if (PATH_IS_OPEN(mp_flags))
|
||||||
return TRUE;
|
return TRUE;
|
||||||
|
|
||||||
if (SbieApi_QueryConfBool(NULL, L"OpenCredentials", FALSE))
|
if (SbieApi_QueryConfBool(NULL, L"OpenCredentials", FALSE))
|
||||||
|
|
|
@ -64,6 +64,10 @@ static BOOL Proc_SetProcessMitigationPolicy(
|
||||||
_In_reads_bytes_(dwLength) PVOID lpBuffer,
|
_In_reads_bytes_(dwLength) PVOID lpBuffer,
|
||||||
_In_ SIZE_T dwLength);
|
_In_ SIZE_T dwLength);
|
||||||
|
|
||||||
|
static BOOL Proc_CreateAppContainerToken(
|
||||||
|
HANDLE TokenHandle,
|
||||||
|
PSECURITY_CAPABILITIES SecurityCapabilities,
|
||||||
|
PHANDLE OutToken);
|
||||||
|
|
||||||
static BOOL Proc_AlternateCreateProcess(
|
static BOOL Proc_AlternateCreateProcess(
|
||||||
const WCHAR *lpApplicationName, WCHAR *lpCommandLine,
|
const WCHAR *lpApplicationName, WCHAR *lpCommandLine,
|
||||||
|
@ -292,6 +296,12 @@ typedef BOOL (*P_SetProcessMitigationPolicy)(
|
||||||
_In_reads_bytes_(dwLength) PVOID lpBuffer,
|
_In_reads_bytes_(dwLength) PVOID lpBuffer,
|
||||||
_In_ SIZE_T dwLength);
|
_In_ SIZE_T dwLength);
|
||||||
|
|
||||||
|
typedef BOOL(*P_CreateAppContainerToken)(
|
||||||
|
HANDLE TokenHandle,
|
||||||
|
PSECURITY_CAPABILITIES SecurityCapabilities,
|
||||||
|
PHANDLE OutToken);
|
||||||
|
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
@ -329,6 +339,8 @@ static P_UpdateProcThreadAttribute __sys_UpdateProcThreadAttribute = NULL;
|
||||||
|
|
||||||
static P_SetProcessMitigationPolicy __sys_SetProcessMitigationPolicy = NULL;
|
static P_SetProcessMitigationPolicy __sys_SetProcessMitigationPolicy = NULL;
|
||||||
|
|
||||||
|
static P_CreateAppContainerToken __sys_CreateAppContainerToken = NULL;
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
// Variables
|
// Variables
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
@ -354,7 +366,7 @@ _FX BOOLEAN Proc_Init(void)
|
||||||
ANSI_STRING ansi;
|
ANSI_STRING ansi;
|
||||||
NTSTATUS status;
|
NTSTATUS status;
|
||||||
|
|
||||||
if(!Dll_CompartmentMode)
|
if (!Dll_CompartmentMode)
|
||||||
Dll_ElectronWorkaround = Config_GetSettingsForImageName_bool(L"UseElectronWorkaround", FALSE);
|
Dll_ElectronWorkaround = Config_GetSettingsForImageName_bool(L"UseElectronWorkaround", FALSE);
|
||||||
|
|
||||||
//
|
//
|
||||||
|
@ -417,7 +429,7 @@ _FX BOOLEAN Proc_Init(void)
|
||||||
// SetProcessMitigationPolicy
|
// SetProcessMitigationPolicy
|
||||||
//
|
//
|
||||||
|
|
||||||
// fox for SBIE2303 Could not hook ... (33, 1655) due to mitigation policies
|
// fix for SBIE2303 Could not hook ... (33, 1655) due to mitigation policies
|
||||||
if (Dll_OsBuild >= 8400) // win8
|
if (Dll_OsBuild >= 8400) // win8
|
||||||
{
|
{
|
||||||
void* SetProcessMitigationPolicy = NULL;
|
void* SetProcessMitigationPolicy = NULL;
|
||||||
|
@ -428,6 +440,25 @@ _FX BOOLEAN Proc_Init(void)
|
||||||
SBIEDLL_HOOK(Proc_, SetProcessMitigationPolicy);
|
SBIEDLL_HOOK(Proc_, SetProcessMitigationPolicy);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// When not in Compartment mode, windows AppContainer isolation is not supported
|
||||||
|
// hook the CreateAppContainerToken and return a regular token
|
||||||
|
// we hook CreateAppContainerToken rather then NtCreateLowBoxToken
|
||||||
|
// as we dont waht CreateAppContainerToken to fail when
|
||||||
|
// \Sessions\*\AppContainerNamedObjects\* is not open
|
||||||
|
//
|
||||||
|
|
||||||
|
if (!Dll_CompartmentMode)
|
||||||
|
if (Dll_OsBuild >= 9600) // Windows 8.1 and later
|
||||||
|
{
|
||||||
|
void* CreateAppContainerToken = NULL;
|
||||||
|
RtlInitString(&ansi, "CreateAppContainerToken");
|
||||||
|
status = LdrGetProcedureAddress(
|
||||||
|
Dll_KernelBase, &ansi, 0, (void**)&CreateAppContainerToken);
|
||||||
|
if (NT_SUCCESS(status))
|
||||||
|
SBIEDLL_HOOK(Proc_, CreateAppContainerToken);
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// CreateProcessInternal
|
// CreateProcessInternal
|
||||||
//
|
//
|
||||||
|
@ -632,6 +663,36 @@ _FX BOOL Proc_SetProcessMitigationPolicy(
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
//---------------------------------------------------------------------------
|
||||||
|
// Proc_CreateAppContainerToken
|
||||||
|
//---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
_FX BOOL Proc_CreateAppContainerToken(
|
||||||
|
HANDLE TokenHandle,
|
||||||
|
PSECURITY_CAPABILITIES SecurityCapabilities,
|
||||||
|
PHANDLE OutToken)
|
||||||
|
{
|
||||||
|
#if 1
|
||||||
|
OBJECT_ATTRIBUTES objattrs;
|
||||||
|
SECURITY_QUALITY_OF_SERVICE QoS;
|
||||||
|
|
||||||
|
InitializeObjectAttributes(&objattrs, NULL, 0, NULL, NULL);
|
||||||
|
QoS.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
|
||||||
|
QoS.ImpersonationLevel = SecurityIdentification;
|
||||||
|
QoS.ContextTrackingMode = SECURITY_STATIC_TRACKING;
|
||||||
|
QoS.EffectiveOnly = FALSE;
|
||||||
|
objattrs.SecurityQualityOfService = &QoS;
|
||||||
|
|
||||||
|
NTSTATUS status = NtDuplicateToken(TokenHandle, MAXIMUM_ALLOWED, &objattrs, FALSE, TokenPrimary, OutToken);
|
||||||
|
return NT_SUCCESS(status);
|
||||||
|
#else
|
||||||
|
BOOL ret = __sys_CreateAppContainerToken(TokenHandle, SecurityCapabilities, OutToken);
|
||||||
|
return ret;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
// Proc_FindArgumentEnd
|
// Proc_FindArgumentEnd
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
@ -1070,6 +1131,7 @@ _FX BOOL Proc_CreateProcessInternalW(
|
||||||
|
|
||||||
// const wchar_t* imageName = L"DcomLaunch.exe";
|
// const wchar_t* imageName = L"DcomLaunch.exe";
|
||||||
// if ((lpApplicationName && wcsstr(lpApplicationName,imageName) != NULL) || (lpCommandLine && wcsstr(lpCommandLine,imageName) != NULL)) {
|
// if ((lpApplicationName && wcsstr(lpApplicationName,imageName) != NULL) || (lpCommandLine && wcsstr(lpCommandLine,imageName) != NULL)) {
|
||||||
|
//if(wcsstr(lpCommandLine, L"renderer")) {
|
||||||
// while (!IsDebuggerPresent())
|
// while (!IsDebuggerPresent())
|
||||||
// Sleep(500);
|
// Sleep(500);
|
||||||
// __debugbreak();
|
// __debugbreak();
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2004-2020 Sandboxie Holdings, LLC
|
* Copyright 2004-2020 Sandboxie Holdings, LLC
|
||||||
|
* Copyright 2021-2023 David Xanatos, xanasoft.com
|
||||||
*
|
*
|
||||||
* This program is free software: you can redistribute it and/or modify
|
* This program is free software: you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License as published by
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
@ -48,8 +49,6 @@ static void *__sys_CoTaskMemAlloc = NULL;
|
||||||
|
|
||||||
static const char *Pst_PStoreCreateInstanceProcName = "PStoreCreateInstance";
|
static const char *Pst_PStoreCreateInstanceProcName = "PStoreCreateInstance";
|
||||||
|
|
||||||
extern "C" const WCHAR *Pst_OpenProtectedStorage = L"OpenProtectedStorage";
|
|
||||||
|
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
// PStoreCreateInstance
|
// PStoreCreateInstance
|
||||||
|
@ -86,7 +85,8 @@ extern "C" _FX BOOLEAN Pst_Init(HMODULE module)
|
||||||
// if OpenProtectedStorage is specified, don't hook anything
|
// if OpenProtectedStorage is specified, don't hook anything
|
||||||
//
|
//
|
||||||
|
|
||||||
if (SbieApi_QueryConfBool(NULL, Pst_OpenProtectedStorage, FALSE))
|
ULONG mp_flags = SbieDll_MatchPath(L'i', L"\\RPC Control\\protected_storage");
|
||||||
|
if (PATH_IS_OPEN(mp_flags))
|
||||||
return TRUE;
|
return TRUE;
|
||||||
|
|
||||||
//
|
//
|
||||||
|
|
|
@ -101,7 +101,7 @@ const WCHAR *Driver_Sandbox = L"\\Sandbox";
|
||||||
|
|
||||||
const WCHAR *Driver_Empty = L"";
|
const WCHAR *Driver_Empty = L"";
|
||||||
|
|
||||||
const WCHAR *Driver_OpenProtectedStorage = L"OpenProtectedStorage";
|
//const WCHAR *Driver_OpenProtectedStorage = L"OpenProtectedStorage";
|
||||||
|
|
||||||
WCHAR *Driver_RegistryPath;
|
WCHAR *Driver_RegistryPath;
|
||||||
|
|
||||||
|
|
|
@ -71,6 +71,8 @@
|
||||||
|
|
||||||
#define USE_MATCH_PATH_EX
|
#define USE_MATCH_PATH_EX
|
||||||
|
|
||||||
|
#define USE_TEMPLATE_PATHS
|
||||||
|
|
||||||
#define HOOK_WIN32K
|
#define HOOK_WIN32K
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
@ -148,7 +150,7 @@ extern const WCHAR *Driver_Sandbox;
|
||||||
|
|
||||||
extern const WCHAR *Driver_Empty;
|
extern const WCHAR *Driver_Empty;
|
||||||
|
|
||||||
extern const WCHAR *Driver_OpenProtectedStorage;
|
//extern const WCHAR *Driver_OpenProtectedStorage;
|
||||||
|
|
||||||
extern PSECURITY_DESCRIPTOR Driver_PublicSd;
|
extern PSECURITY_DESCRIPTOR Driver_PublicSd;
|
||||||
extern PACL Driver_PublicAcl;
|
extern PACL Driver_PublicAcl;
|
||||||
|
|
|
@ -564,6 +564,8 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
||||||
static const WCHAR *_ClosedPath = L"ClosedFilePath";
|
static const WCHAR *_ClosedPath = L"ClosedFilePath";
|
||||||
static const WCHAR *_ReadPath = L"ReadFilePath";
|
static const WCHAR *_ReadPath = L"ReadFilePath";
|
||||||
static const WCHAR *_WritePath = L"WriteFilePath";
|
static const WCHAR *_WritePath = L"WriteFilePath";
|
||||||
|
|
||||||
|
#ifndef USE_TEMPLATE_PATHS
|
||||||
#ifdef USE_MATCH_PATH_EX
|
#ifdef USE_MATCH_PATH_EX
|
||||||
static const WCHAR *normalpaths[] = {
|
static const WCHAR *normalpaths[] = {
|
||||||
L"%SystemRoot%\\*",
|
L"%SystemRoot%\\*",
|
||||||
|
@ -676,6 +678,7 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
||||||
L"\\Device\\SrpDevice", // Smart App Control
|
L"\\Device\\SrpDevice", // Smart App Control
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
#endif
|
||||||
static const WCHAR* drive_devices[] = {
|
static const WCHAR* drive_devices[] = {
|
||||||
L"\\Device\\Floppy*\\*",
|
L"\\Device\\Floppy*\\*",
|
||||||
L"\\Device\\CdRom*\\*",
|
L"\\Device\\CdRom*\\*",
|
||||||
|
@ -693,14 +696,19 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
||||||
// normal paths
|
// normal paths
|
||||||
//
|
//
|
||||||
|
|
||||||
ok = Process_GetPaths(proc, normal_file_paths, _NormalPath, TRUE);
|
ok = Process_GetPaths(proc, normal_file_paths, proc->box->name, _NormalPath, TRUE);
|
||||||
|
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
if (ok)
|
||||||
|
ok = Process_GetTemplatePaths(proc, normal_file_paths, _NormalPath);
|
||||||
|
#else
|
||||||
if (ok && proc->use_privacy_mode) {
|
if (ok && proc->use_privacy_mode) {
|
||||||
for (i = 0; normalpaths[i] && ok; ++i) {
|
for (i = 0; normalpaths[i] && ok; ++i) {
|
||||||
ok = Process_AddPath(
|
ok = Process_AddPath(
|
||||||
proc, normal_file_paths, NULL, TRUE, normalpaths[i], FALSE);
|
proc, normal_file_paths, NULL, TRUE, normalpaths[i], FALSE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (! ok) {
|
if (! ok) {
|
||||||
Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
|
Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
|
||||||
|
@ -712,7 +720,7 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
||||||
// open paths
|
// open paths
|
||||||
//
|
//
|
||||||
|
|
||||||
ok = Process_GetPaths(proc, open_file_paths, _OpenPipe, TRUE);
|
ok = Process_GetPaths(proc, open_file_paths, proc->box->name, _OpenPipe, TRUE);
|
||||||
if (! ok) {
|
if (! ok) {
|
||||||
Log_MsgP1(MSG_INIT_PATHS, _OpenPipe, proc->pid);
|
Log_MsgP1(MSG_INIT_PATHS, _OpenPipe, proc->pid);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
@ -720,7 +728,7 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
||||||
|
|
||||||
if (! proc->dont_open_for_boxed || ! proc->image_from_box) {
|
if (! proc->dont_open_for_boxed || ! proc->image_from_box) {
|
||||||
|
|
||||||
ok = Process_GetPaths(proc, open_file_paths, _OpenFile, TRUE);
|
ok = Process_GetPaths(proc, open_file_paths, proc->box->name, _OpenFile, TRUE);
|
||||||
|
|
||||||
if (! ok) {
|
if (! ok) {
|
||||||
Log_MsgP1(MSG_INIT_PATHS, _OpenFile, proc->pid);
|
Log_MsgP1(MSG_INIT_PATHS, _OpenFile, proc->pid);
|
||||||
|
@ -728,16 +736,25 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ok && Conf_Get_Boolean(
|
//if (ok && Conf_Get_Boolean(
|
||||||
proc->box->name, Driver_OpenProtectedStorage, 0, FALSE)) {
|
// proc->box->name, Driver_OpenProtectedStorage, 0, FALSE)) {
|
||||||
|
//
|
||||||
static const WCHAR *_PstPipe =
|
// static const WCHAR *_PstPipe =
|
||||||
L"\\Device\\NamedPipe\\protected_storage";
|
// L"\\Device\\NamedPipe\\protected_storage";
|
||||||
|
//
|
||||||
ok = Process_AddPath(
|
// ok = Process_AddPath(
|
||||||
proc, open_file_paths, NULL, TRUE, _PstPipe, FALSE);
|
// proc, open_file_paths, NULL, TRUE, _PstPipe, FALSE);
|
||||||
}
|
//}
|
||||||
|
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
if (ok) {
|
||||||
|
ok = Process_GetTemplatePaths(proc, open_file_paths, _OpenFile);
|
||||||
|
if (! ok) {
|
||||||
|
Log_MsgP1(MSG_INIT_PATHS, _OpenFile, proc->pid);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#else
|
||||||
for (i = 0; openpipes[i] && ok; ++i) {
|
for (i = 0; openpipes[i] && ok; ++i) {
|
||||||
ok = Process_AddPath(
|
ok = Process_AddPath(
|
||||||
proc, open_file_paths, NULL, TRUE, openpipes[i], FALSE);
|
proc, open_file_paths, NULL, TRUE, openpipes[i], FALSE);
|
||||||
|
@ -749,6 +766,7 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
||||||
proc, open_file_paths, NULL, TRUE, openPipesCM[i], FALSE);
|
proc, open_file_paths, NULL, TRUE, openPipesCM[i], FALSE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (! ok) {
|
if (! ok) {
|
||||||
Log_MsgP1(MSG_INIT_PATHS, _OpenPipe, proc->pid);
|
Log_MsgP1(MSG_INIT_PATHS, _OpenPipe, proc->pid);
|
||||||
|
@ -759,7 +777,12 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
||||||
// closed paths
|
// closed paths
|
||||||
//
|
//
|
||||||
|
|
||||||
ok = Process_GetPaths(proc, closed_file_paths, _ClosedPath, TRUE);
|
ok = Process_GetPaths(proc, closed_file_paths, proc->box->name, _ClosedPath, TRUE);
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
if (ok)
|
||||||
|
ok = Process_GetTemplatePaths(proc, closed_file_paths, _ClosedPath);
|
||||||
|
#else
|
||||||
|
|
||||||
if (ok) {
|
if (ok) {
|
||||||
// the LanmanRedirector/Mup devices (when accessed without extra paths)
|
// the LanmanRedirector/Mup devices (when accessed without extra paths)
|
||||||
// is a security attack, and must be closed
|
// is a security attack, and must be closed
|
||||||
|
@ -775,6 +798,7 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
||||||
for (i = 0; strWinRMFiles[i] && ok; ++i) {
|
for (i = 0; strWinRMFiles[i] && ok; ++i) {
|
||||||
ok = Process_AddPath(proc, closed_file_paths, _ClosedPath, TRUE, strWinRMFiles[i], FALSE);
|
ok = Process_AddPath(proc, closed_file_paths, _ClosedPath, TRUE, strWinRMFiles[i], FALSE);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (! ok) {
|
if (! ok) {
|
||||||
Log_MsgP1(MSG_INIT_PATHS, _ClosedPath, proc->pid);
|
Log_MsgP1(MSG_INIT_PATHS, _ClosedPath, proc->pid);
|
||||||
|
@ -786,10 +810,16 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
||||||
//
|
//
|
||||||
|
|
||||||
#ifndef USE_MATCH_PATH_EX
|
#ifndef USE_MATCH_PATH_EX
|
||||||
ok = Process_GetPaths(proc, open_file_paths, _ReadPath, TRUE);
|
ok = Process_GetPaths(proc, open_file_paths, proc->box->name, _ReadPath, TRUE);
|
||||||
if (ok)
|
if (ok)
|
||||||
#endif
|
#endif
|
||||||
ok = Process_GetPaths(proc, read_file_paths, _ReadPath, TRUE);
|
ok = Process_GetPaths(proc, read_file_paths, proc->box->name, _ReadPath, TRUE);
|
||||||
|
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
if (ok)
|
||||||
|
ok = Process_GetTemplatePaths(proc, read_file_paths, _ReadPath);
|
||||||
|
#endif
|
||||||
|
|
||||||
if (! ok) {
|
if (! ok) {
|
||||||
Log_MsgP1(MSG_INIT_PATHS, _ReadPath, proc->pid);
|
Log_MsgP1(MSG_INIT_PATHS, _ReadPath, proc->pid);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
@ -800,7 +830,12 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
||||||
//
|
//
|
||||||
|
|
||||||
#ifdef USE_MATCH_PATH_EX
|
#ifdef USE_MATCH_PATH_EX
|
||||||
ok = Process_GetPaths(proc, write_file_paths, _WritePath, TRUE);
|
ok = Process_GetPaths(proc, write_file_paths, proc->box->name, _WritePath, TRUE);
|
||||||
|
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
if (ok)
|
||||||
|
ok = Process_GetTemplatePaths(proc, write_file_paths, _WritePath);
|
||||||
|
#endif
|
||||||
|
|
||||||
if (ok && proc->use_privacy_mode) { // in privacy mode all drive paths are set to "write"
|
if (ok && proc->use_privacy_mode) { // in privacy mode all drive paths are set to "write"
|
||||||
for (i = 0; drive_devices[i] && ok; ++i) {
|
for (i = 0; drive_devices[i] && ok; ++i) {
|
||||||
|
@ -814,7 +849,7 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
||||||
_WritePath, TRUE);
|
_WritePath, TRUE);
|
||||||
if (ok) {
|
if (ok) {
|
||||||
ok = Process_GetPaths(
|
ok = Process_GetPaths(
|
||||||
proc, closed_file_paths, _WritePath, TRUE);
|
proc, closed_file_paths, proc->box->name, _WritePath, TRUE);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if (! ok) {
|
if (! ok) {
|
||||||
|
@ -841,16 +876,32 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
||||||
&is_open, &is_closed);
|
&is_open, &is_closed);
|
||||||
|
|
||||||
if (is_closed && !proc->AllowInternetAccess) {
|
if (is_closed && !proc->AllowInternetAccess) {
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
ok = Process_GetPaths(proc, closed_file_paths, L"TemplateNetworkPaths", _ClosedPath, FALSE);
|
||||||
|
if (! ok) {
|
||||||
|
Log_MsgP1(MSG_INIT_PATHS, _ClosedPath, proc->pid);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
#else
|
||||||
for (i = 0; closedNetPipes[i] && ok; ++i) {
|
for (i = 0; closedNetPipes[i] && ok; ++i) {
|
||||||
ok = Process_AddPath(
|
ok = Process_AddPath(
|
||||||
proc, closed_file_paths, NULL, TRUE, closedNetPipes[i], FALSE);
|
proc, closed_file_paths, NULL, TRUE, closedNetPipes[i], FALSE);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
ok = Process_GetPaths(proc, open_file_paths, L"TemplateNetworkPaths", _OpenFile, FALSE);
|
||||||
|
if (! ok) {
|
||||||
|
Log_MsgP1(MSG_INIT_PATHS, _OpenFile, proc->pid);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
#else
|
||||||
for (i = 0; openNetPipes[i] && ok; ++i) {
|
for (i = 0; openNetPipes[i] && ok; ++i) {
|
||||||
ok = Process_AddPath(
|
ok = Process_AddPath(
|
||||||
proc, open_file_paths, NULL, TRUE, openNetPipes[i], FALSE);
|
proc, open_file_paths, NULL, TRUE, openNetPipes[i], FALSE);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -867,6 +918,7 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
||||||
// so we close all typical endpoints except a selected few.
|
// so we close all typical endpoints except a selected few.
|
||||||
//
|
//
|
||||||
|
|
||||||
|
#ifndef USE_TEMPLATE_PATHS
|
||||||
ok = Process_AddPath(proc, closed_file_paths, NULL, FALSE, File_Device, TRUE);
|
ok = Process_AddPath(proc, closed_file_paths, NULL, FALSE, File_Device, TRUE);
|
||||||
|
|
||||||
if (ok) {
|
if (ok) {
|
||||||
|
@ -875,6 +927,7 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
||||||
proc, normal_file_paths, NULL, FALSE, approved_devices[i], FALSE);
|
proc, normal_file_paths, NULL, FALSE, approved_devices[i], FALSE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (ok && !proc->use_privacy_mode) { // when not in privacy mode we need to set drive paths to "normal"
|
if (ok && !proc->use_privacy_mode) { // when not in privacy mode we need to set drive paths to "normal"
|
||||||
for (i = 0; drive_devices[i] && ok; ++i) {
|
for (i = 0; drive_devices[i] && ok; ++i) {
|
||||||
|
|
|
@ -163,6 +163,7 @@ _FX BOOLEAN Gui_InitProcess(PROCESS *proc)
|
||||||
{
|
{
|
||||||
//static const WCHAR *_OpenClass = L"OpenWinClass";
|
//static const WCHAR *_OpenClass = L"OpenWinClass";
|
||||||
//static const WCHAR *_Asterisk = L"*";
|
//static const WCHAR *_Asterisk = L"*";
|
||||||
|
#ifndef USE_TEMPLATE_PATHS
|
||||||
static const WCHAR *openclasses[] = {
|
static const WCHAR *openclasses[] = {
|
||||||
L"Shell_TrayWnd",
|
L"Shell_TrayWnd",
|
||||||
L"TrayNotifyWnd",
|
L"TrayNotifyWnd",
|
||||||
|
@ -191,12 +192,18 @@ _FX BOOLEAN Gui_InitProcess(PROCESS *proc)
|
||||||
L"MdiClass", // PowerPoint
|
L"MdiClass", // PowerPoint
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
ULONG i;
|
ULONG i;
|
||||||
BOOLEAN ok;
|
BOOLEAN ok;
|
||||||
|
|
||||||
ok = Process_GetPaths(
|
ok = Process_GetPaths(
|
||||||
proc, &proc->open_win_classes, Gui_OpenClass_Name, FALSE);
|
proc, &proc->open_win_classes, proc->box->name, Gui_OpenClass_Name, FALSE);
|
||||||
|
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
if (ok)
|
||||||
|
ok = Process_GetTemplatePaths(proc, &proc->open_win_classes, Gui_OpenClass_Name);
|
||||||
|
#else
|
||||||
if (ok) {
|
if (ok) {
|
||||||
for (i = 0; openclasses[i] && ok; ++i) {
|
for (i = 0; openclasses[i] && ok; ++i) {
|
||||||
ok = Process_AddPath(proc, &proc->open_win_classes, NULL,
|
ok = Process_AddPath(proc, &proc->open_win_classes, NULL,
|
||||||
|
@ -211,15 +218,19 @@ _FX BOOLEAN Gui_InitProcess(PROCESS *proc)
|
||||||
proc, &proc->open_win_classes, NULL,
|
proc, &proc->open_win_classes, NULL,
|
||||||
TRUE, L"Sandbox:*:ConsoleWindowClass", FALSE);
|
TRUE, L"Sandbox:*:ConsoleWindowClass", FALSE);
|
||||||
AddMSTaskSwWClass = TRUE;
|
AddMSTaskSwWClass = TRUE;
|
||||||
} else if ((! proc->image_from_box) &&
|
}
|
||||||
|
#ifdef XP_SUPPORT
|
||||||
|
else if ((! proc->image_from_box) &&
|
||||||
( _wcsicmp(proc->image_name, L"excel.exe") == 0
|
( _wcsicmp(proc->image_name, L"excel.exe") == 0
|
||||||
|| _wcsicmp(proc->image_name, L"powerpnt.exe") == 0))
|
|| _wcsicmp(proc->image_name, L"powerpnt.exe") == 0))
|
||||||
AddMSTaskSwWClass = TRUE;
|
AddMSTaskSwWClass = TRUE;
|
||||||
|
#endif
|
||||||
if (ok && AddMSTaskSwWClass) {
|
if (ok && AddMSTaskSwWClass) {
|
||||||
ok = Process_AddPath(proc, &proc->open_win_classes, NULL,
|
ok = Process_AddPath(proc, &proc->open_win_classes, NULL,
|
||||||
TRUE, L"MSTaskSwWClass", FALSE);
|
TRUE, L"MSTaskSwWClass", FALSE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/*if (ok) {
|
/*if (ok) {
|
||||||
BOOLEAN is_closed;
|
BOOLEAN is_closed;
|
||||||
|
|
|
@ -422,6 +422,8 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
|
||||||
static const WCHAR* _OpenPath = L"OpenIpcPath";
|
static const WCHAR* _OpenPath = L"OpenIpcPath";
|
||||||
static const WCHAR* _ClosedPath = L"ClosedIpcPath";
|
static const WCHAR* _ClosedPath = L"ClosedIpcPath";
|
||||||
static const WCHAR* _ReadPath = L"ReadIpcPath";
|
static const WCHAR* _ReadPath = L"ReadIpcPath";
|
||||||
|
|
||||||
|
#ifndef USE_TEMPLATE_PATHS
|
||||||
static const WCHAR* openpaths[] = {
|
static const WCHAR* openpaths[] = {
|
||||||
L"\\Windows\\ApiPort",
|
L"\\Windows\\ApiPort",
|
||||||
L"\\Sessions\\*\\Windows\\ApiPort",
|
L"\\Sessions\\*\\Windows\\ApiPort",
|
||||||
|
@ -627,6 +629,7 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
|
||||||
L"$:explorer.exe",
|
L"$:explorer.exe",
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
ULONG i;
|
ULONG i;
|
||||||
BOOLEAN ok;
|
BOOLEAN ok;
|
||||||
|
@ -636,14 +639,19 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
|
||||||
//
|
//
|
||||||
|
|
||||||
#ifdef USE_MATCH_PATH_EX
|
#ifdef USE_MATCH_PATH_EX
|
||||||
ok = Process_GetPaths(proc, &proc->normal_ipc_paths, _NormalPath, FALSE);
|
ok = Process_GetPaths(proc, &proc->normal_ipc_paths, proc->box->name, _NormalPath, FALSE);
|
||||||
|
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
if (ok)
|
||||||
|
ok = Process_GetTemplatePaths(proc, &proc->normal_ipc_paths, _NormalPath);
|
||||||
|
#else
|
||||||
//if (ok && proc->use_privacy_mode) {
|
//if (ok && proc->use_privacy_mode) {
|
||||||
// for (i = 0; normalpaths[i] && ok; ++i) {
|
// for (i = 0; normalpaths[i] && ok; ++i) {
|
||||||
// ok = Process_AddPath(proc, &proc->normal_ipc_paths, NULL,
|
// ok = Process_AddPath(proc, &proc->normal_ipc_paths, NULL,
|
||||||
// TRUE, normalpaths[i], FALSE);
|
// TRUE, normalpaths[i], FALSE);
|
||||||
// }
|
// }
|
||||||
//}
|
//}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (!ok) {
|
if (!ok) {
|
||||||
Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
|
Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
|
||||||
|
@ -655,28 +663,33 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
|
||||||
// open paths
|
// open paths
|
||||||
//
|
//
|
||||||
|
|
||||||
ok = Process_GetPaths(proc, &proc->open_ipc_paths, _OpenPath, FALSE);
|
ok = Process_GetPaths(proc, &proc->open_ipc_paths, proc->box->name, _OpenPath, FALSE);
|
||||||
|
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
if (ok)
|
||||||
|
ok = Process_GetTemplatePaths(proc, &proc->open_ipc_paths, _OpenPath);
|
||||||
|
#else
|
||||||
|
|
||||||
//
|
//
|
||||||
// if configuration option OpenProtectedStorage applies,
|
// if configuration option OpenProtectedStorage applies,
|
||||||
// then allow access to ProtectedStorage objects
|
// then allow access to ProtectedStorage objects
|
||||||
//
|
//
|
||||||
|
|
||||||
if (ok && Conf_Get_Boolean(
|
//if (ok && Conf_Get_Boolean(
|
||||||
proc->box->name, Driver_OpenProtectedStorage, 0, FALSE)) {
|
// proc->box->name, Driver_OpenProtectedStorage, 0, FALSE)) {
|
||||||
|
//
|
||||||
static const WCHAR *_PstEvent =
|
// static const WCHAR *_PstEvent =
|
||||||
L"*\\BaseNamedObjects*\\PS_SERVICE_STARTED";
|
// L"*\\BaseNamedObjects*\\PS_SERVICE_STARTED";
|
||||||
static const WCHAR *_PstPort =
|
// static const WCHAR *_PstPort =
|
||||||
L"\\RPC Control\\protected_storage";
|
// L"\\RPC Control\\protected_storage";
|
||||||
|
//
|
||||||
ok = Process_AddPath(
|
// ok = Process_AddPath(
|
||||||
proc, &proc->open_ipc_paths, NULL, TRUE, _PstEvent, FALSE);
|
// proc, &proc->open_ipc_paths, NULL, TRUE, _PstEvent, FALSE);
|
||||||
if (ok) {
|
// if (ok) {
|
||||||
ok = Process_AddPath(
|
// ok = Process_AddPath(
|
||||||
proc, &proc->open_ipc_paths, NULL, TRUE, _PstPort, FALSE);
|
// proc, &proc->open_ipc_paths, NULL, TRUE, _PstPort, FALSE);
|
||||||
}
|
// }
|
||||||
}
|
//}
|
||||||
|
|
||||||
//
|
//
|
||||||
// add default/built-in open paths
|
// add default/built-in open paths
|
||||||
|
@ -720,17 +733,8 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
|
||||||
ok = Process_AddPath(proc, &proc->open_ipc_paths, NULL,
|
ok = Process_AddPath(proc, &proc->open_ipc_paths, NULL,
|
||||||
TRUE, openpaths_windows10[i], FALSE);
|
TRUE, openpaths_windows10[i], FALSE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!Conf_Get_Boolean(proc->box->name, L"CloseWinInetCache", 0, FALSE)) { // this breaks IE view source, see SbieDll_IsOpenClsid
|
|
||||||
|
|
||||||
static const WCHAR* webcache_ = L"\\RPC Control\\webcache_*";
|
|
||||||
static const WCHAR* windows_webcache_counters_ = L"*\\BaseNamedObjects\\windows_webcache_counters_*";
|
|
||||||
if (ok) ok = Process_AddPath(proc, &proc->open_ipc_paths, NULL,
|
|
||||||
FALSE, webcache_, FALSE);
|
|
||||||
if (ok) ok = Process_AddPath(proc, &proc->open_ipc_paths, NULL,
|
|
||||||
FALSE, windows_webcache_counters_, FALSE);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (! ok) {
|
if (! ok) {
|
||||||
Log_MsgP1(MSG_INIT_PATHS, _OpenPath, proc->pid);
|
Log_MsgP1(MSG_INIT_PATHS, _OpenPath, proc->pid);
|
||||||
|
@ -741,7 +745,13 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
|
||||||
// closed paths
|
// closed paths
|
||||||
//
|
//
|
||||||
|
|
||||||
ok = Process_GetPaths(proc, &proc->closed_ipc_paths, _ClosedPath, FALSE);
|
ok = Process_GetPaths(proc, &proc->closed_ipc_paths, proc->box->name, _ClosedPath, FALSE);
|
||||||
|
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
if (ok)
|
||||||
|
ok = Process_GetTemplatePaths(proc, &proc->closed_ipc_paths, _ClosedPath);
|
||||||
|
#endif
|
||||||
|
|
||||||
if (! ok) {
|
if (! ok) {
|
||||||
Log_MsgP1(MSG_INIT_PATHS, _ClosedPath, proc->pid);
|
Log_MsgP1(MSG_INIT_PATHS, _ClosedPath, proc->pid);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
@ -751,8 +761,12 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
|
||||||
// read-only paths
|
// read-only paths
|
||||||
//
|
//
|
||||||
|
|
||||||
ok = Process_GetPaths(proc, &proc->read_ipc_paths, _ReadPath, FALSE);
|
ok = Process_GetPaths(proc, &proc->read_ipc_paths, proc->box->name, _ReadPath, FALSE);
|
||||||
|
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
if (ok)
|
||||||
|
ok = Process_GetTemplatePaths(proc, &proc->read_ipc_paths, _ReadPath);
|
||||||
|
#else
|
||||||
if (ok) {
|
if (ok) {
|
||||||
|
|
||||||
for (i = 0; readpaths[i] && ok; ++i) {
|
for (i = 0; readpaths[i] && ok; ++i) {
|
||||||
|
@ -760,6 +774,7 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
|
||||||
TRUE, readpaths[i], FALSE);
|
TRUE, readpaths[i], FALSE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (! ok) {
|
if (! ok) {
|
||||||
Log_MsgP1(MSG_INIT_PATHS, _ReadPath, proc->pid);
|
Log_MsgP1(MSG_INIT_PATHS, _ReadPath, proc->pid);
|
||||||
|
|
|
@ -240,12 +240,10 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
|
||||||
static const WCHAR *_ClosedPath = L"ClosedKeyPath";
|
static const WCHAR *_ClosedPath = L"ClosedKeyPath";
|
||||||
static const WCHAR *_ReadPath = L"ReadKeyPath";
|
static const WCHAR *_ReadPath = L"ReadKeyPath";
|
||||||
static const WCHAR *_WritePath = L"WriteKeyPath";
|
static const WCHAR *_WritePath = L"WriteKeyPath";
|
||||||
|
|
||||||
|
#ifndef USE_TEMPLATE_PATHS
|
||||||
#ifdef USE_MATCH_PATH_EX
|
#ifdef USE_MATCH_PATH_EX
|
||||||
static const WCHAR *normalpaths[] = {
|
static const WCHAR *normalpaths[] = {
|
||||||
//L"HKEY_LOCAL_MACHINE\\*",
|
|
||||||
//L"HKEY_CURRENT_USER\\software\\Microsoft\\*",
|
|
||||||
//L"HKEY_CURRENT_USER\\software\\WOW6432Node\\Microsoft\\*",
|
|
||||||
//L"\\REGISTRY\\USER\\*_Classes\\*",
|
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
static const WCHAR *writepaths[] = {
|
static const WCHAR *writepaths[] = {
|
||||||
|
@ -260,6 +258,7 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
|
||||||
L"\\REGISTRY\\A\\*",
|
L"\\REGISTRY\\A\\*",
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
BOOLEAN ok;
|
BOOLEAN ok;
|
||||||
|
|
||||||
|
@ -270,14 +269,19 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
|
||||||
// normal paths
|
// normal paths
|
||||||
//
|
//
|
||||||
|
|
||||||
ok = Process_GetPaths(proc, &proc->normal_key_paths, _NormalPath, TRUE);
|
ok = Process_GetPaths(proc, &proc->normal_key_paths, proc->box->name, _NormalPath, TRUE);
|
||||||
|
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
if (ok)
|
||||||
|
ok = Process_GetTemplatePaths(proc, &proc->normal_key_paths, _NormalPath);
|
||||||
|
#else
|
||||||
if (ok && proc->use_privacy_mode) {
|
if (ok && proc->use_privacy_mode) {
|
||||||
for (i = 0; normalpaths[i] && ok; ++i) {
|
for (i = 0; normalpaths[i] && ok; ++i) {
|
||||||
ok = Process_AddPath(proc, &proc->normal_key_paths, NULL,
|
ok = Process_AddPath(proc, &proc->normal_key_paths, NULL,
|
||||||
TRUE, normalpaths[i], FALSE);
|
TRUE, normalpaths[i], FALSE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (!ok) {
|
if (!ok) {
|
||||||
Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
|
Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
|
||||||
|
@ -289,7 +293,7 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
|
||||||
// open paths
|
// open paths
|
||||||
//
|
//
|
||||||
|
|
||||||
ok = Process_GetPaths(proc, &proc->open_key_paths, _OpenConf, TRUE);
|
ok = Process_GetPaths(proc, &proc->open_key_paths, proc->box->name, _OpenConf, TRUE);
|
||||||
if (! ok) {
|
if (! ok) {
|
||||||
Log_MsgP1(MSG_INIT_PATHS, _OpenConf, proc->pid);
|
Log_MsgP1(MSG_INIT_PATHS, _OpenConf, proc->pid);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
@ -297,21 +301,22 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
|
||||||
|
|
||||||
if (! proc->dont_open_for_boxed || ! proc->image_from_box) {
|
if (! proc->dont_open_for_boxed || ! proc->image_from_box) {
|
||||||
|
|
||||||
ok = Process_GetPaths(proc, &proc->open_key_paths, _OpenPath, TRUE);
|
ok = Process_GetPaths(proc, &proc->open_key_paths, proc->box->name, _OpenPath, TRUE);
|
||||||
|
|
||||||
if (! ok) {
|
|
||||||
Log_MsgP1(MSG_INIT_PATHS, _OpenPath, proc->pid);
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
if (ok)
|
||||||
|
ok = Process_GetTemplatePaths(proc, &proc->open_key_paths, _OpenPath);
|
||||||
|
#else
|
||||||
for (i = 0; openkeys[i] && ok; ++i) {
|
for (i = 0; openkeys[i] && ok; ++i) {
|
||||||
ok = Process_AddPath(
|
ok = Process_AddPath(
|
||||||
proc, &proc->open_key_paths, NULL, TRUE, openkeys[i], FALSE);
|
proc, &proc->open_key_paths, NULL, TRUE, openkeys[i], FALSE);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (! ok) {
|
if (! ok) {
|
||||||
Log_MsgP1(MSG_INIT_PATHS, _OpenConf, proc->pid);
|
Log_MsgP1(MSG_INIT_PATHS, _OpenPath, proc->pid);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -319,7 +324,13 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
|
||||||
// closed paths
|
// closed paths
|
||||||
//
|
//
|
||||||
|
|
||||||
ok = Process_GetPaths(proc, &proc->closed_key_paths, _ClosedPath, TRUE);
|
ok = Process_GetPaths(proc, &proc->closed_key_paths, proc->box->name, _ClosedPath, TRUE);
|
||||||
|
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
if (ok)
|
||||||
|
ok = Process_GetTemplatePaths(proc, &proc->closed_key_paths, _ClosedPath);
|
||||||
|
#endif
|
||||||
|
|
||||||
if (! ok) {
|
if (! ok) {
|
||||||
Log_MsgP1(MSG_INIT_PATHS, _ClosedPath, proc->pid);
|
Log_MsgP1(MSG_INIT_PATHS, _ClosedPath, proc->pid);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
@ -330,10 +341,16 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
|
||||||
//
|
//
|
||||||
|
|
||||||
#ifndef USE_MATCH_PATH_EX
|
#ifndef USE_MATCH_PATH_EX
|
||||||
ok = Process_GetPaths(proc, &proc->open_key_paths, _ReadPath, TRUE);
|
ok = Process_GetPaths(proc, &proc->open_key_paths, proc->box->name, _ReadPath, TRUE);
|
||||||
if (ok)
|
if (ok)
|
||||||
#endif
|
#endif
|
||||||
ok = Process_GetPaths(proc, &proc->read_key_paths, _ReadPath, TRUE);
|
ok = Process_GetPaths(proc, &proc->read_key_paths, proc->box->name, _ReadPath, TRUE);
|
||||||
|
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
if (ok)
|
||||||
|
ok = Process_GetTemplatePaths(proc, &proc->read_key_paths, _ReadPath);
|
||||||
|
#endif
|
||||||
|
|
||||||
if (! ok) {
|
if (! ok) {
|
||||||
Log_MsgP1(MSG_INIT_PATHS, _ReadPath, proc->pid);
|
Log_MsgP1(MSG_INIT_PATHS, _ReadPath, proc->pid);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
@ -344,21 +361,27 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
|
||||||
//
|
//
|
||||||
|
|
||||||
#ifdef USE_MATCH_PATH_EX
|
#ifdef USE_MATCH_PATH_EX
|
||||||
ok = Process_GetPaths(proc, &proc->write_key_paths, _WritePath, TRUE);
|
ok = Process_GetPaths(proc, &proc->write_key_paths, proc->box->name, _WritePath, TRUE);
|
||||||
|
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
if (ok)
|
||||||
|
ok = Process_GetTemplatePaths(proc, &proc->write_key_paths, _WritePath);
|
||||||
|
#else
|
||||||
if (ok && proc->use_privacy_mode) {
|
if (ok && proc->use_privacy_mode) {
|
||||||
for (i = 0; writepaths[i] && ok; ++i) {
|
for (i = 0; writepaths[i] && ok; ++i) {
|
||||||
ok = Process_AddPath(proc, &proc->write_key_paths, NULL,
|
ok = Process_AddPath(proc, &proc->write_key_paths, NULL,
|
||||||
TRUE, writepaths[i], FALSE);
|
TRUE, writepaths[i], FALSE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#else
|
#else
|
||||||
ok = Process_GetPaths2(
|
ok = Process_GetPaths2(
|
||||||
proc, &proc->write_key_paths, &proc->closed_key_paths,
|
proc, &proc->write_key_paths, &proc->closed_key_paths,
|
||||||
_WritePath, TRUE);
|
_WritePath, TRUE);
|
||||||
if (ok) {
|
if (ok) {
|
||||||
ok = Process_GetPaths(
|
ok = Process_GetPaths(
|
||||||
proc, &proc->closed_key_paths, _WritePath, TRUE);
|
proc, &proc->closed_key_paths, proc->box->name, _WritePath, TRUE);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -442,7 +442,7 @@ _FX BOOLEAN Process_GetConf_bool(PROCESS* proc, const WCHAR* setting, BOOLEAN de
|
||||||
|
|
||||||
|
|
||||||
_FX BOOLEAN Process_GetPaths(
|
_FX BOOLEAN Process_GetPaths(
|
||||||
PROCESS *proc, LIST *list, const WCHAR *setting_name, BOOLEAN AddStar)
|
PROCESS *proc, LIST *list, const WCHAR *section_name, const WCHAR *setting_name, BOOLEAN AddStar)
|
||||||
{
|
{
|
||||||
ULONG index;
|
ULONG index;
|
||||||
const WCHAR *value;
|
const WCHAR *value;
|
||||||
|
@ -461,7 +461,7 @@ _FX BOOLEAN Process_GetPaths(
|
||||||
// get next configuration setting for this path list
|
// get next configuration setting for this path list
|
||||||
//
|
//
|
||||||
|
|
||||||
value = Conf_Get(proc->box->name, setting_name, index);
|
value = Conf_Get(section_name, setting_name, index);
|
||||||
if (! value)
|
if (! value)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -499,6 +499,7 @@ _FX BOOLEAN Process_GetPaths(
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef USE_MATCH_PATH_EX
|
||||||
_FX BOOLEAN Process_GetPaths2(
|
_FX BOOLEAN Process_GetPaths2(
|
||||||
PROCESS *proc, LIST *list, LIST *list2,
|
PROCESS *proc, LIST *list, LIST *list2,
|
||||||
const WCHAR *setting_name, BOOLEAN AddStar)
|
const WCHAR *setting_name, BOOLEAN AddStar)
|
||||||
|
@ -554,6 +555,33 @@ _FX BOOLEAN Process_GetPaths2(
|
||||||
|
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
//---------------------------------------------------------------------------
|
||||||
|
// Process_GetTemplatePaths
|
||||||
|
//---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef USE_TEMPLATE_PATHS
|
||||||
|
BOOLEAN Process_GetTemplatePaths(PROCESS *proc, LIST *list, const WCHAR *setting_name)
|
||||||
|
{
|
||||||
|
BOOLEAN ok;
|
||||||
|
|
||||||
|
ok = Process_GetPaths(proc, list, L"TemplateDefaultPaths", setting_name, FALSE);
|
||||||
|
|
||||||
|
if (ok && proc->restrict_devices)
|
||||||
|
ok = Process_GetPaths(proc, list, L"TemplateSModPaths", setting_name, FALSE);
|
||||||
|
|
||||||
|
if (ok && proc->use_privacy_mode)
|
||||||
|
ok = Process_GetPaths(proc, list, L"TemplatePModPaths", setting_name, FALSE);
|
||||||
|
|
||||||
|
if (ok && proc->bAppCompartment)
|
||||||
|
ok = Process_GetPaths(proc, list, L"TemplateAppCPaths", setting_name, FALSE);
|
||||||
|
|
||||||
|
return ok;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
@ -578,7 +606,7 @@ _FX BOOLEAN Process_AddPath(
|
||||||
// if this is a file setting, also check the path for reparse points
|
// if this is a file setting, also check the path for reparse points
|
||||||
//
|
//
|
||||||
|
|
||||||
if (setting_name) {
|
if (setting_name && AddStar) {
|
||||||
|
|
||||||
const WCHAR *setting_name_ptr = setting_name;
|
const WCHAR *setting_name_ptr = setting_name;
|
||||||
if (_wcsnicmp(setting_name, Process_Normal, 6) == 0 ||
|
if (_wcsnicmp(setting_name, Process_Normal, 6) == 0 ||
|
||||||
|
@ -594,10 +622,11 @@ _FX BOOLEAN Process_AddPath(
|
||||||
|
|
||||||
if (setting_name_ptr) {
|
if (setting_name_ptr) {
|
||||||
|
|
||||||
if (_wcsnicmp(setting_name_ptr, L"Key", 3) == 0)
|
if (_wcsnicmp(setting_name_ptr, L"Key", 3) == 0
|
||||||
|
|| _wcsnicmp(setting_name_ptr, L"Conf", 4) == 0) {
|
||||||
RemoveBackslashes = TRUE;
|
RemoveBackslashes = TRUE;
|
||||||
|
|
||||||
else if (_wcsnicmp(setting_name_ptr, L"File", 4) == 0
|
} else if (_wcsnicmp(setting_name_ptr, L"File", 4) == 0
|
||||||
|| _wcsnicmp(setting_name_ptr, L"Pipe", 4) == 0) {
|
|| _wcsnicmp(setting_name_ptr, L"Pipe", 4) == 0) {
|
||||||
|
|
||||||
RemoveBackslashes = TRUE;
|
RemoveBackslashes = TRUE;
|
||||||
|
|
|
@ -65,6 +65,8 @@ Template=COM
|
||||||
Template=WindowsExplorer
|
Template=WindowsExplorer
|
||||||
Template=ThirdPartyIsolation
|
Template=ThirdPartyIsolation
|
||||||
Template=BlockSoftwareUpdaters
|
Template=BlockSoftwareUpdaters
|
||||||
|
Template=BlockWinRM
|
||||||
|
Template=OpenWinInetCache
|
||||||
|
|
||||||
|
|
||||||
[TemplateSettings]
|
[TemplateSettings]
|
||||||
|
@ -113,6 +115,376 @@ Tmpl.RoboForm=%Personal%\My RoboForm Data
|
||||||
Tmpl.KasperskyDataRoot=%AllUsersProfile%\Kaspersky Lab
|
Tmpl.KasperskyDataRoot=%AllUsersProfile%\Kaspersky Lab
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Default access rules
|
||||||
|
#
|
||||||
|
|
||||||
|
[TemplateDefaultPaths]
|
||||||
|
|
||||||
|
# Key
|
||||||
|
# Application Hives
|
||||||
|
OpenKeyPath=\REGISTRY\A\*
|
||||||
|
|
||||||
|
# File
|
||||||
|
# named pipe root
|
||||||
|
OpenFilePath=\Device\NamedPipe\
|
||||||
|
# mail slot root
|
||||||
|
OpenFilePath=\Device\MailSlot\
|
||||||
|
# Windows 7 fault-tolerant heap
|
||||||
|
OpenFilePath=\Device\NamedPipe\ProtectedPrefix\LocalService\FTHPIPE
|
||||||
|
# printer
|
||||||
|
OpenFilePath=\Device\NamedPipe\spoolss
|
||||||
|
OpenFilePath=\Device\NamedPipe\spooler*
|
||||||
|
OpenFilePath=%DefaultSpoolDirectory%\*
|
||||||
|
OpenFilePath=%DefaultSpoolDirectory2%\*
|
||||||
|
# doPDF
|
||||||
|
OpenFilePath=\Device\NamedPipe\*_doPDF*
|
||||||
|
# multimedia
|
||||||
|
OpenFilePath=\Device\NamedPipe\AudioSrv
|
||||||
|
# third-party software
|
||||||
|
OpenFilePath=\Device\NamedPipe\Adobe LM Service*
|
||||||
|
# Novell NetIdentity
|
||||||
|
OpenFilePath=\Device\NamedPipe\XTIERRPCPIPE
|
||||||
|
#
|
||||||
|
# the LanmanRedirector/Mup devices (when accessed without extra paths)
|
||||||
|
# is a security attack, and must be closed
|
||||||
|
ClosedFilePath=\Device\LanmanRedirector
|
||||||
|
ClosedFilePath=\Device\Mup
|
||||||
|
|
||||||
|
# IPC
|
||||||
|
OpenIpcPath=\Windows\ApiPort
|
||||||
|
OpenIpcPath=\Sessions\*\Windows\ApiPort
|
||||||
|
OpenIpcPath=\Sessions\*\Windows\SharedSection
|
||||||
|
# bSession0
|
||||||
|
OpenIpcPath=\Windows\SharedSection
|
||||||
|
# now required by Chromium browsers
|
||||||
|
OpenIpcPath=\Sessions\*\BaseNamedObjects\CrSharedMem_*
|
||||||
|
OpenIpcPath=\ThemeApiPort
|
||||||
|
OpenIpcPath=\KnownDlls\*
|
||||||
|
# _WIN64
|
||||||
|
OpenIpcPath=\KnownDlls32\*
|
||||||
|
# _M_ARM64
|
||||||
|
OpenIpcPath=\KnownDllsChpe32\*
|
||||||
|
OpenIpcPath=\NLS\*
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\ShimCacheMutex
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\ShimSharedMemory
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\SHIMLIB_LOG_MUTEX
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\msgina: ReturnToWelcome
|
||||||
|
OpenIpcPath=\Security\LSA_AUTHENTICATION_INITIALIZED
|
||||||
|
OpenIpcPath=\LsaAuthenticationPort
|
||||||
|
OpenIpcPath=\NlsCacheMutant
|
||||||
|
OpenIpcPath=\KernelObjects\*
|
||||||
|
# misc services
|
||||||
|
OpenIpcPath=\NLAPublicPort
|
||||||
|
OpenIpcPath=\RPC Control\nlaapi
|
||||||
|
OpenIpcPath=\RPC Control\tapsrvlpc
|
||||||
|
OpenIpcPath=\RPC Control\senssvc
|
||||||
|
OpenIpcPath=\RPC Control\samss lpc
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\SENS Information Cache
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\TabletHardwarePresent
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\userenv: * Group Policy has been applied
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\TermSrvReadyEvent
|
||||||
|
# network
|
||||||
|
OpenIpcPath=\RPC Control\dhcpcsvc
|
||||||
|
OpenIpcPath=\RPC Control\dhcpcsvc6
|
||||||
|
OpenIpcPath=\RPC Control\DNSResolver
|
||||||
|
OpenIpcPath=\RPC Control\RasmanRpc
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\WininetStartupMutex
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\WininetConnectionMutex
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\WininetProxyRegistryMutex
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\RasPbFile
|
||||||
|
# cicero multi-language subsystem
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\CTF.*
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\MSCTF.*
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\MSUIM.*
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\CtfmonInstMutex*
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\CiceroSharedMemDefault*
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\CicLoadWinStaWinSta*
|
||||||
|
# sysinternals dbgview
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\DBWinMutex
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\DBWIN_BUFFER
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\DBWIN_BUFFER_READY
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\DBWIN_DATA_READY
|
||||||
|
# multimedia
|
||||||
|
OpenIpcPath=\RPC Control\AudioSrv
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\mmGlobalPnpInfo
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\Guard*mmGlobalPnpInfoGuard
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\MidiMapper_modLongMessage_RefCnt
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\MidiMapper_Configure
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\SsiMidiDllCs
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\StaccatoSynthCore11Mutex
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\WDMAUD_Callbacks
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\DirectSound*
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\AMResourceMutex*
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\AMResourceMapping*
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\VideoRenderer
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\VIDEOMEMORY
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\mxrapi
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\mixercallback
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\hardwaremixercallback
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\DINPUTWINMM
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\DDrawDriverObjectListMutex
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\__DDrawExclMode__
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\__DDrawCheckExclMode__
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\DDrawWindowListMutex
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\DDrawCheckFullscreenSemaphore
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\D3D9CheckFullscreenSemaphore
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\WinMMConsoleAudioEvent
|
||||||
|
# AudioDg
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\SYSTEM_AUDIO_STREAM_*
|
||||||
|
# following resource is needed on Windows Vista and later,
|
||||||
|
# but also provided by the SRS Audio Sandbox program
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\AudioEngineDuplicateHandleApiPort*
|
||||||
|
# nComputing audio server/driver ?
|
||||||
|
OpenIpcPath=\RPC Control\NCWTSAudioServer
|
||||||
|
# printer
|
||||||
|
OpenIpcPath=\RPC Control\spoolss
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\EPSON-PrgMtr-*
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\RouterPreInitEvent
|
||||||
|
# sandboxie service
|
||||||
|
OpenIpcPath=\RPC Control\SbieSvcPort
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\Sandboxie_StartMenu_WorkArea_*
|
||||||
|
# objects in an unnamed directory
|
||||||
|
OpenIpcPath=\...\*
|
||||||
|
# misc services (vista)
|
||||||
|
# licensing
|
||||||
|
OpenIpcPath=\RPC Control\SLCTransportEndpoint-*
|
||||||
|
# parental controls
|
||||||
|
OpenIpcPath=\RPC Control\wpcsvc
|
||||||
|
#firewall
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\BFE_Notify_Event_*
|
||||||
|
# multimedia (vista)
|
||||||
|
OpenIpcPath=\UxSmsApiPort
|
||||||
|
OpenIpcPath=\MmcssApiPort
|
||||||
|
# aero
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\Dwm-*-ApiPort-*
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\DwmDxBltEvent*
|
||||||
|
OpenIpcPath=\RPC Control\AudioClientRpc
|
||||||
|
# _WIN64
|
||||||
|
# 64-bit spooler for 32-bit programs
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\WinSpl64To32Mutex*_0
|
||||||
|
OpenIpcPath=\RPC Control\splwow64_*_0
|
||||||
|
OpenIpcPath=\RPC Control\umpdproxy_*_0
|
||||||
|
#
|
||||||
|
OpenIpcPath=\ConsoleEvent-0x*
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\ConsoleEvent-0x*
|
||||||
|
OpenIpcPath=\RPC Control\console-0x*-lpc-handle
|
||||||
|
OpenIpcPath=\RPC Control\ConsoleEvent-0x*
|
||||||
|
OpenIpcPath=\RPC Control\ConsoleLPC-0x*
|
||||||
|
OpenIpcPath=\RPC Control\lsapolicylookup
|
||||||
|
OpenIpcPath=\RPC Control\lsasspirpc
|
||||||
|
OpenIpcPath=\RPC Control\LSARPC_ENDPOINT
|
||||||
|
OpenIpcPath=\RPC Control\umpo
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\FlipEx*
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\FontCachePort
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\FntCache-*
|
||||||
|
# windows8
|
||||||
|
OpenIpcPath=\Windows\Theme*
|
||||||
|
OpenIpcPath=\Sessions\*\Windows\Theme*
|
||||||
|
OpenIpcPath=\Sessions\*\Windows\DwmApiPort
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\DWM_DX_FULLSCREEN_TRANSITION_EVENT
|
||||||
|
# _WIN64
|
||||||
|
# 64-bit spooler for 32-bit programs
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\WinSpl64To32Mutex*_2000
|
||||||
|
OpenIpcPath=\RPC Control\splwow64_*_2000
|
||||||
|
OpenIpcPath=\RPC Control\umpdproxy_*_2000
|
||||||
|
#
|
||||||
|
# windows10
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\CoreMessagingRegistrar
|
||||||
|
OpenIpcPath=*\BaseNamedObjects\[CoreUI]-*
|
||||||
|
# open paths 11
|
||||||
|
# 22449.1000 accesses this before sbiedll load
|
||||||
|
OpenIpcPath=*\BaseNamedObjects\SM*:WilStaging_*
|
||||||
|
# _M_ARM64 22621.819 used by emulated processes
|
||||||
|
OpenIpcPath=\{BEC19D6F-D7B2-41A8-860C-8787BB964F2D}
|
||||||
|
#
|
||||||
|
ReadIpcPath=\??\pipe\*
|
||||||
|
ReadIpcPath=$:explorer.exe
|
||||||
|
|
||||||
|
OpenWinClass=Shell_TrayWnd
|
||||||
|
OpenWinClass=TrayNotifyWnd
|
||||||
|
# Power Meter dialog box:
|
||||||
|
OpenWinClass=SystemTray_Main
|
||||||
|
OpenWinClass=Connections Tray
|
||||||
|
OpenWinClass=MS_WebcheckMonitor
|
||||||
|
OpenWinClass=PrintTray_Notify_WndClass
|
||||||
|
OpenWinClass=CicLoaderWndClass
|
||||||
|
OpenWinClass=CicMarshalWndClass
|
||||||
|
OpenWinClass=Credential Dialog Xaml Host
|
||||||
|
# windows 7
|
||||||
|
OpenWinClass=Sandbox:*:ConsoleWindowClass
|
||||||
|
OpenWinClass=MSTaskSwWClass
|
||||||
|
|
||||||
|
#
|
||||||
|
# third party
|
||||||
|
#
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\ATITRAY_SMEM
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\ATITRAY_OSDM
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\AMCreateListenSock*
|
||||||
|
# Ad Muncher
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\AMIPC_*
|
||||||
|
# DevLdr32 sound card driver
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\devldr32
|
||||||
|
# ThreatFire
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\ThreatfireApiHookIpc2Map
|
||||||
|
# third party - key-logger-related
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\00MemoryShareKeyloggerHunter
|
||||||
|
# hardware - wacom tablet
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\WacomNewFrontAppEventName
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\WacomTouchingAppNameMutexName
|
||||||
|
|
||||||
|
OpenWinClass=CTouchPadSynchronizer
|
||||||
|
OpenWinClass=Type32_Main_Window
|
||||||
|
OpenWinClass=TForm_AshampooFirewall
|
||||||
|
# Tight VNC
|
||||||
|
OpenWinClass=WinVNC desktop sink
|
||||||
|
# Download Accelerator Plus
|
||||||
|
OpenWinClass=Afx:400000:0
|
||||||
|
# nVidia nView
|
||||||
|
OpenWinClass=NVIDIA TwinView Window
|
||||||
|
OpenWinClass=SWFlash_PlaceHolderX
|
||||||
|
# PowerPoint
|
||||||
|
OpenWinClass=MdiClass
|
||||||
|
# joystick
|
||||||
|
OpenWinClass=Logitech Wingman Internal Message Router
|
||||||
|
# devldr32 sound card driver
|
||||||
|
OpenWinClass=devldr
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Network access rules
|
||||||
|
# depanding on preset eider the "Open" or the "Close" directives are applied
|
||||||
|
#
|
||||||
|
|
||||||
|
[TemplateNetworkPaths]
|
||||||
|
OpenFilePath=\Device\NamedPipe\ROUTER
|
||||||
|
OpenFilePath=\Device\NamedPipe\ShimViewer
|
||||||
|
OpenFilePath=\Device\Afd
|
||||||
|
OpenFilePath=\Device\Afd\Endpoint
|
||||||
|
OpenFilePath=\Device\Afd\AsyncConnectHlp
|
||||||
|
OpenFilePath=\Device\Afd\AsyncSelectHlp
|
||||||
|
OpenFilePath=\Device\Afd\ROUTER
|
||||||
|
OpenFilePath=\Device\Afd\Mio
|
||||||
|
OpenFilePath=\Device\WS2IFSL
|
||||||
|
OpenFilePath=\Device\WS2IFSL\NifsPvd
|
||||||
|
OpenFilePath=\Device\WS2IFSL\NifsSct
|
||||||
|
OpenFilePath=\Device\Tcp
|
||||||
|
OpenFilePath=\Device\Tcp6
|
||||||
|
OpenFilePath=\Device\Ip
|
||||||
|
OpenFilePath=\Device\Ip6
|
||||||
|
OpenFilePath=\Device\Udp
|
||||||
|
OpenFilePath=\Device\Udp6
|
||||||
|
OpenFilePath=\Device\RawIp
|
||||||
|
OpenFilePath=\Device\RawIp6
|
||||||
|
OpenFilePath=\Device\NetBT_Tcpip_*
|
||||||
|
OpenFilePath=\Device\Http\*
|
||||||
|
OpenFilePath=\Device\Nsi
|
||||||
|
ClosedFilePath=\Device\afd*
|
||||||
|
ClosedFilePath=\Device\ip
|
||||||
|
ClosedFilePath=\Device\ip6
|
||||||
|
ClosedFilePath=\Device\udp
|
||||||
|
ClosedFilePath=\Device\udp6
|
||||||
|
ClosedFilePath=\Device\tcp
|
||||||
|
ClosedFilePath=\Device\tcp6
|
||||||
|
ClosedFilePath=\Device\http\*
|
||||||
|
ClosedFilePath=\Device\rawip
|
||||||
|
ClosedFilePath=\Device\rawip6
|
||||||
|
ClosedFilePath=\Device\nsi
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Access rules for device restricted boxes
|
||||||
|
#
|
||||||
|
|
||||||
|
[TemplateSModPaths]
|
||||||
|
ClosedFilePath=\Device\*
|
||||||
|
NormalFilePath=\Device\NamedPipe\*
|
||||||
|
NormalFilePath=\Device\CNG
|
||||||
|
NormalFilePath=\Device\ConDrv\*
|
||||||
|
NormalFilePath=\Device\DeviceApi*
|
||||||
|
NormalFilePath=\Device\DfsClient
|
||||||
|
NormalFilePath=\Device\KsecDD
|
||||||
|
NormalFilePath=\Device\MountPointManager
|
||||||
|
NormalFilePath=\Device\Ndis
|
||||||
|
NormalFilePath=\Device\PcwDrv
|
||||||
|
#Smart App Control
|
||||||
|
NormalFilePath=\Device\SrpDevice
|
||||||
|
|
||||||
|
#
|
||||||
|
# Access rules for privacy enhanced boxes
|
||||||
|
#
|
||||||
|
|
||||||
|
[TemplatePModPaths]
|
||||||
|
#NormalKeyPath=HKEY_LOCAL_MACHINE\*
|
||||||
|
#NormalKeyPath=HKEY_CURRENT_USER\software\Microsoft\*
|
||||||
|
#NormalKeyPath=HKEY_CURRENT_USER\software\WOW6432Node\Microsoft\*
|
||||||
|
#NormalKeyPath=\REGISTRY\USER\*_Classes\*
|
||||||
|
WriteKeyPath=\REGISTRY\USER\*
|
||||||
|
#
|
||||||
|
NormalFilePath=%SystemRoot%\*
|
||||||
|
NormalFilePath=%SbieHome%\*
|
||||||
|
NormalFilePath=%ProgramFiles%\*
|
||||||
|
NormalFilePath=%ProgramFiles% (x86)\*
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Access rules for app compartment boxes
|
||||||
|
#
|
||||||
|
|
||||||
|
[TemplateAppCPaths]
|
||||||
|
# open those in compartment mode as do not use the de-administrator-ize proxy in File_NtCreateFilePipe
|
||||||
|
OpenFilePath=\device\*pipe\lsarpc
|
||||||
|
OpenFilePath=\device\*pipe\srvsvc
|
||||||
|
OpenFilePath=\device\*pipe\wkssvc
|
||||||
|
OpenFilePath=\device\*pipe\samr
|
||||||
|
OpenFilePath=\device\*pipe\netlogon
|
||||||
|
# enable AppContainer isolation support
|
||||||
|
OpenIpcPath=\Sessions\*\AppContainerNamedObjects\*
|
||||||
|
OpenFilePath=\Device\NamedPipe\Sessions\*\AppContainerNamedObjects\*
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Sbie builds after 5.27-1 opens this (it breaks IE's source view and cache though)
|
||||||
|
#
|
||||||
|
|
||||||
|
[Template_OpenWinInetCache]
|
||||||
|
OpenClsid={0358B920-0AC7-461F-98F4-58E32CD89148}
|
||||||
|
OpenIpcPath=\RPC Control\webcache_*
|
||||||
|
OpenIpcPath=*\BaseNamedObjects\windows_webcache_counters_*
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Windows Remote Management (WinRM) is a large security hole.
|
||||||
|
# A sandboxed app running in an elevated cmd shell can send any admin command to the host.
|
||||||
|
# Block the WinRS.exe and the automation dlls to make it very difficult for someone to use.
|
||||||
|
# See ICD-10136 "Sandboxie security hole allows guest to run any command in host as admin"
|
||||||
|
#
|
||||||
|
|
||||||
|
[Template_BlockWinRM]
|
||||||
|
ClosedFilePath=|%SystemRoot%\System32\wsmsvc.dll
|
||||||
|
ClosedFilePath=|%SystemRoot%\System32\wsmauto.dll
|
||||||
|
ClosedFilePath=|%SystemRoot%\System32\winrs.exe
|
||||||
|
ClosedFilePath=|%SystemRoot%\SysWoW64\wsmsvc.dll
|
||||||
|
ClosedFilePath=|%SystemRoot%\SysWoW64\wsmauto.dll
|
||||||
|
ClosedFilePath=|%SystemRoot%\SysWoW64\winrs.exe
|
||||||
|
ClosedFilePath=|%SystemRoot%\SysArm32\wsmsvc.dll
|
||||||
|
ClosedFilePath=|%SystemRoot%\SysArm32\wsmauto.dll
|
||||||
|
ClosedFilePath=|%SystemRoot%\SysArm32\winrs.exe
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# this template replaces OpenProtectedStorage=y
|
||||||
|
#
|
||||||
|
|
||||||
|
[Template_OpenProtectedStorage]
|
||||||
|
Tmpl.Title=Open Protected Storage
|
||||||
|
Tmpl.Class=Misc
|
||||||
|
#FuncSkipHook=PStoreCreateInstance
|
||||||
|
OpenFilePath=|\Device\NamedPipe\protected_storage
|
||||||
|
OpenIpcPath=*\BaseNamedObjects*\PS_SERVICE_STARTED
|
||||||
|
OpenIpcPath=\RPC Control\protected_storage
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Custom handling for special images
|
# Custom handling for special images
|
||||||
#
|
#
|
||||||
|
@ -123,6 +495,7 @@ Tmpl.KasperskyDataRoot=%AllUsersProfile%\Kaspersky Lab
|
||||||
|
|
||||||
SpecialImage=chrome,chrome.exe
|
SpecialImage=chrome,chrome.exe
|
||||||
SpecialImage=chrome,msedge.exe
|
SpecialImage=chrome,msedge.exe
|
||||||
|
SpecialImage=chrome,msedgewebview2.exe
|
||||||
SpecialImage=chrome,iron.exe
|
SpecialImage=chrome,iron.exe
|
||||||
SpecialImage=chrome,dragon.exe
|
SpecialImage=chrome,dragon.exe
|
||||||
SpecialImage=chrome,opera.exe
|
SpecialImage=chrome,opera.exe
|
||||||
|
@ -641,19 +1014,19 @@ OpenFilePath=msedge.exe,%Tmpl.Edge%\*
|
||||||
|
|
||||||
[Template_Edge_Fix]
|
[Template_Edge_Fix]
|
||||||
# SBIE fix for Windows 11 KB5014019 update (May 2022)
|
# SBIE fix for Windows 11 KB5014019 update (May 2022)
|
||||||
Tmpl.Title=#4342,Microsoft Edge
|
Tmpl.Title=#4342,Microsoft Edge (obsolete)
|
||||||
Tmpl.Class=WebBrowser
|
#Tmpl.Class=WebBrowser
|
||||||
Tmpl.Url=https://www.microsoft.com/en-us/edge
|
#Tmpl.Url=https://www.microsoft.com/en-us/edge
|
||||||
Tmpl.Scan=s
|
#Tmpl.Scan=s
|
||||||
Tmpl.ScanProduct=Microsoft Edge
|
#Tmpl.ScanProduct=Microsoft Edge
|
||||||
Tmpl.ScanService=edgeupdate
|
#Tmpl.ScanService=edgeupdate
|
||||||
# ExternalManifest breaks MSEdge 111.0.1633.0
|
# ExternalManifest breaks MSEdge 111.0.1633.0
|
||||||
#ExternalManifestHack=msedge.exe,y
|
#ExternalManifestHack=msedge.exe,y
|
||||||
# SBIE fix for MS Edge 106.x also for Windows 10
|
# SBIE fix for MS Edge 106.x also for Windows 10
|
||||||
OpenIpcPath=msedge.exe,\Sessions\*\AppContainerNamedObjects\*
|
#OpenIpcPath=msedge.exe,\Sessions\*\AppContainerNamedObjects\*
|
||||||
OpenFilePath=msedge.exe,\Device\NamedPipe\Sessions\*\AppContainerNamedObjects\*
|
#OpenFilePath=msedge.exe,\Device\NamedPipe\Sessions\*\AppContainerNamedObjects\*
|
||||||
# SBIE fix for MS Edge WebView2
|
# SBIE fix for MS Edge WebView2
|
||||||
ExternalManifestHack=msedgewebview2.exe,y
|
#ExternalManifestHack=msedgewebview2.exe,y
|
||||||
|
|
||||||
#
|
#
|
||||||
# Vivaldi
|
# Vivaldi
|
||||||
|
|
|
@ -242,7 +242,8 @@ void COptionsWindow::LoadGeneral()
|
||||||
ui.chkOpenSpooler->setChecked(m_pBox->GetBool("OpenPrintSpooler", false));
|
ui.chkOpenSpooler->setChecked(m_pBox->GetBool("OpenPrintSpooler", false));
|
||||||
ui.chkPrintToFile->setChecked(m_pBox->GetBool("AllowSpoolerPrintToFile", false));
|
ui.chkPrintToFile->setChecked(m_pBox->GetBool("AllowSpoolerPrintToFile", false));
|
||||||
|
|
||||||
ui.chkOpenProtectedStorage->setChecked(m_pBox->GetBool("OpenProtectedStorage", false));
|
//ui.chkOpenProtectedStorage->setChecked(m_pBox->GetBool("OpenProtectedStorage", false));
|
||||||
|
ui.chkOpenProtectedStorage->setChecked(m_BoxTemplates.contains("OpenProtectedStorage"));
|
||||||
ui.chkOpenCredentials->setChecked(!ui.chkOpenCredentials->isEnabled() || m_pBox->GetBool("OpenCredentials", false));
|
ui.chkOpenCredentials->setChecked(!ui.chkOpenCredentials->isEnabled() || m_pBox->GetBool("OpenCredentials", false));
|
||||||
ui.chkCloseClipBoard->setChecked(!m_pBox->GetBool("OpenClipboard", true));
|
ui.chkCloseClipBoard->setChecked(!m_pBox->GetBool("OpenClipboard", true));
|
||||||
ui.chkVmReadNotify->setChecked(m_pBox->GetBool("NotifyProcessAccessDenied", false));
|
ui.chkVmReadNotify->setChecked(m_pBox->GetBool("NotifyProcessAccessDenied", false));
|
||||||
|
@ -352,7 +353,8 @@ void COptionsWindow::SaveGeneral()
|
||||||
WriteAdvancedCheck(ui.chkOpenSpooler, "OpenPrintSpooler", "y", "");
|
WriteAdvancedCheck(ui.chkOpenSpooler, "OpenPrintSpooler", "y", "");
|
||||||
WriteAdvancedCheck(ui.chkPrintToFile, "AllowSpoolerPrintToFile", "y", "");
|
WriteAdvancedCheck(ui.chkPrintToFile, "AllowSpoolerPrintToFile", "y", "");
|
||||||
|
|
||||||
WriteAdvancedCheck(ui.chkOpenProtectedStorage, "OpenProtectedStorage", "y", "");
|
//WriteAdvancedCheck(ui.chkOpenProtectedStorage, "OpenProtectedStorage", "y", "");
|
||||||
|
SetTemplate("OpenProtectedStorage", ui.chkOpenProtectedStorage->isChecked());
|
||||||
if (ui.chkOpenCredentials->isEnabled())
|
if (ui.chkOpenCredentials->isEnabled())
|
||||||
WriteAdvancedCheck(ui.chkOpenCredentials, "OpenCredentials", "y", "");
|
WriteAdvancedCheck(ui.chkOpenCredentials, "OpenCredentials", "y", "");
|
||||||
WriteAdvancedCheck(ui.chkCloseClipBoard, "OpenClipboard", "n", "");
|
WriteAdvancedCheck(ui.chkCloseClipBoard, "OpenClipboard", "n", "");
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
#define VERSION_MJR 1
|
#define VERSION_MJR 1
|
||||||
#define VERSION_MIN 7
|
#define VERSION_MIN 7
|
||||||
#define VERSION_REV 2
|
#define VERSION_REV 3
|
||||||
#define VERSION_UPD 0
|
#define VERSION_UPD 0
|
||||||
|
|
||||||
#ifndef STR
|
#ifndef STR
|
||||||
|
|
Loading…
Reference in New Issue