mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

1.9.3

This commit is contained in:
DavidXanatos 2023-05-07 22:00:01 +02:00
parent 51d2ca4063
commit 8391574061
5 changed files with 52 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Sandboxie/core/drv/process_low.c
View File

@ -99,7 +99,7 @@ _FX BOOLEAN Process_Low_Inject(
SVC_PROCESS_MSG msg;
ULONG_PTR is_wow64 = 0;
NTSTATUS status = STATUS_SUCCESS;
BOOLEAN sbielow_loaded = FALSE;
BOOLEAN done = FALSE;
KIRQL irql;
//
@ -179,7 +179,7 @@ _FX BOOLEAN Process_Low_Inject(
if (proc && proc->create_time == create_time) {
sbielow_loaded = proc->sbielow_loaded;
done = proc->sbielow_loaded || proc->terminated;
if (! is_wow64)
proc->ntdll32_base = -1;
@ -188,7 +188,7 @@ _FX BOOLEAN Process_Low_Inject(
ExReleaseResourceLite(Process_ListLock);
KeLowerIrql(irql);
if (sbielow_loaded)
if (done)
break;
time.QuadPart = -(SECONDS(1) / 4); // 250ms*40 = 10s
@ -197,7 +197,7 @@ _FX BOOLEAN Process_Low_Inject(
++retries;
}
if (! sbielow_loaded) // if no response from SbieSvc
if (! done) // if no response from SbieSvc
status = STATUS_TIMEOUT;
}
@ -254,14 +254,14 @@ _FX NTSTATUS Process_Low_Api_InjectComplete(PROCESS *proc, ULONG64 *parms)
KIRQL irql;
PROCESS *proc = Process_Find(ProcessId, &irql);
if (proc)
proc->sbielow_loaded = TRUE;
ExReleaseResourceLite(Process_ListLock);
KeLowerIrql(irql);
if (proc) {
ULONG error = (ULONG)parms[3];
if (error)
Process_SetTerminated(proc, 3);
else
proc->sbielow_loaded = TRUE;
//
// the service dynamically allocates a per box SID to be used,
// if no SID is provided this feature is either disabled or failed
@ -284,6 +284,12 @@ _FX NTSTATUS Process_Low_Api_InjectComplete(PROCESS *proc, ULONG64 *parms)
} __except (EXCEPTION_EXECUTE_HANDLER) {
status = GetExceptionCode();
}
}
ExReleaseResourceLite(Process_ListLock);
KeLowerIrql(irql);
if (proc) {
KeSetEvent(Process_Low_Event, 0, FALSE);
status = STATUS_SUCCESS;

41
Sandboxie/core/drv/syscall.c
View File

@ -68,8 +68,10 @@ static NTSTATUS Syscall_DeviceIoControlFile(
static NTSTATUS Syscall_DuplicateHandle(
PROCESS *proc, SYSCALL_ENTRY *syscall_entry, ULONG_PTR *user_args);
#ifdef _M_AMD64
static BOOLEAN Syscall_QuerySystemInfo_SupportProcmonStack(
PROCESS *proc, SYSCALL_ENTRY *syscall_entry, ULONG_PTR *user_args);
#endif
//---------------------------------------------------------------------------
@ -169,8 +171,10 @@ _FX BOOLEAN Syscall_Init(void)
if (!Syscall_Set1("DeviceIoControlFile", Syscall_DeviceIoControlFile))
return FALSE;
#ifdef _M_AMD64
if (!Syscall_Set3("QuerySystemInformation", Syscall_QuerySystemInfo_SupportProcmonStack))
return FALSE;
#endif
//
// set API handlers
@ -338,7 +342,9 @@ _FX BOOLEAN Syscall_Init_List(void)
entry->ntos_func = ntos_addr;
entry->handler1_func = NULL;
entry->handler2_func = NULL;
#ifdef _M_AMD64
entry->handler3_func_support_procmon = NULL;
#endif
entry->approved = (Syscall_HookMapMatch(name, name_len, &approved_syscalls) != 0);
entry->name_len = (USHORT)name_len;
memcpy(entry->name, name, name_len);
@ -526,7 +532,7 @@ _FX BOOLEAN Syscall_Set1(const UCHAR *name, P_Syscall_Handler1 handler_func)
// Syscall_Set3
//---------------------------------------------------------------------------
#ifdef _M_AMD64
_FX BOOLEAN Syscall_Set3(const UCHAR *name, P_Syscall_Handler3_Support_Procmon_Stack handler_func)
{
SYSCALL_ENTRY *entry = Syscall_GetByName(name);
@ -535,7 +541,7 @@ _FX BOOLEAN Syscall_Set3(const UCHAR *name, P_Syscall_Handler3_Support_Procmon_S
entry->handler3_func_support_procmon = handler_func;
return TRUE;
}
#endif
//---------------------------------------------------------------------------
// Syscall_ErrorForAsciiName
@ -598,7 +604,7 @@ _FX NTSTATUS Syscall_Api_Invoke(PROCESS *proc, ULONG64 *parms)
SYSCALL_ENTRY *entry;
ULONG syscall_index;
NTSTATUS status;
#ifdef _WIN64
#ifdef _M_AMD64
volatile ULONG_PTR ret = 0;
volatile ULONG_PTR UserStack = 0;
@ -690,7 +696,10 @@ _FX NTSTATUS Syscall_Api_Invoke(PROCESS *proc, ULONG64 *parms)
const ULONG args_len = entry->param_count * sizeof(ULONG_PTR);
#ifdef _WIN64
ProbeForRead(user_args, args_len, sizeof(ULONG_PTR));
#else ! _WIN64
ProbeForRead(user_args, args_len, sizeof(UCHAR));
#endif _WIN64
#ifdef _M_AMD64
// default - support procmon stack if handler3_func_support_procmon is null.
if (!entry->handler3_func_support_procmon
|| entry->handler3_func_support_procmon(proc, entry, user_args)
@ -700,17 +709,10 @@ _FX NTSTATUS Syscall_Api_Invoke(PROCESS *proc, ULONG64 *parms)
pTrapFrame = (PKTRAP_FRAME) *(ULONG_PTR*)((UCHAR*)pThread + g_TrapFrameOffset);
if (pTrapFrame) {
#ifdef _M_ARM64
//ret = pTrapFrame->Pc;
//UserStack = pTrapFrame->Sp;
//pTrapFrame->Sp = pTrapFrame->Fp;
//pTrapFrame->Pc = pTrapFrame->X27;
#else
ret = pTrapFrame->Rip;
UserStack = pTrapFrame->Rsp;
pTrapFrame->Rsp = pTrapFrame->Rbp; //*pRbp;
pTrapFrame->Rip = pTrapFrame->Rbx; //*pRbx;
#endif
}
}
else
@ -722,11 +724,7 @@ _FX NTSTATUS Syscall_Api_Invoke(PROCESS *proc, ULONG64 *parms)
{
pTrapFrame = NULL;
}
#else ! _WIN64
ProbeForRead(user_args, args_len, sizeof(UCHAR));
#endif _WIN64
#endif
//if (proc->ipc_trace & (TRACE_ALLOW | TRACE_DENY))
//{
@ -846,16 +844,11 @@ _FX NTSTATUS Syscall_Api_Invoke(PROCESS *proc, ULONG64 *parms)
}
}
#ifdef _WIN64
#ifdef _M_AMD64
if (g_TrapFrameOffset) {
if (pTrapFrame) {
#ifdef _M_ARM64
//pTrapFrame->Pc = ret;
//pTrapFrame->Sp = UserStack;
#else
pTrapFrame->Rip = ret;
pTrapFrame->Rsp = UserStack;
#endif
}
}
#endif
@ -1040,7 +1033,7 @@ _FX void Syscall_Update_Lockdown()
// Syscall_QuerySystemInfo_SupportProcmonStack
//---------------------------------------------------------------------------
#ifdef _M_AMD64
_FX BOOLEAN Syscall_QuerySystemInfo_SupportProcmonStack(
PROCESS *proc, SYSCALL_ENTRY *syscall_entry, ULONG_PTR *user_args)
{
@ -1066,7 +1059,7 @@ _FX BOOLEAN Syscall_QuerySystemInfo_SupportProcmonStack(
return bRet;
}
#endif
//---------------------------------------------------------------------------
// 32-bit and 64-bit code

6
Sandboxie/core/drv/syscall.h
View File

@ -53,8 +53,10 @@ typedef NTSTATUS (*P_Syscall_Handler2)(
PROCESS *proc, void *Object, UNICODE_STRING *Name,
ULONG Operation, ACCESS_MASK GrantedAccess);
#ifdef _M_AMD64
typedef BOOLEAN (*P_Syscall_Handler3_Support_Procmon_Stack)(
PROCESS *proc, SYSCALL_ENTRY *syscall_entry, ULONG_PTR *user_args);
#endif
struct _SYSCALL_ENTRY {
@ -66,7 +68,9 @@ struct _SYSCALL_ENTRY {
void *ntos_func;
P_Syscall_Handler1 handler1_func;
P_Syscall_Handler2 handler2_func;
#ifdef _M_AMD64
P_Syscall_Handler3_Support_Procmon_Stack handler3_func_support_procmon;
#endif
UCHAR approved;
USHORT name_len;
UCHAR name[1];
@ -89,7 +93,9 @@ BOOLEAN Syscall_Set1(const UCHAR *name, P_Syscall_Handler1 handler_func);
BOOLEAN Syscall_Set2(const UCHAR *name, P_Syscall_Handler2 handler_func);
#ifdef _M_AMD64
BOOLEAN Syscall_Set3(const UCHAR *name, P_Syscall_Handler3_Support_Procmon_Stack handler_func);
#endif
NTSTATUS Syscall_Invoke(SYSCALL_ENTRY *entry, ULONG_PTR *stack);

26
Sandboxie/core/drv/syscall_win32.c
View File

@ -363,7 +363,9 @@ _FX BOOLEAN Syscall_Init_List32(void)
entry->ntos_func = ntos_addr;
entry->handler1_func = NULL;
entry->handler2_func = NULL;
#ifdef _M_AMD64
entry->handler3_func_support_procmon = NULL;
#endif
entry->approved = (Syscall_HookMapMatch(name, name_len, &approved_syscalls) != 0);
entry->name_len = (USHORT)name_len;
memcpy(entry->name, name, name_len);
@ -470,7 +472,7 @@ _FX NTSTATUS Syscall_Api_Invoke32(PROCESS* proc, ULONG64* parms)
SYSCALL_ENTRY *entry;
ULONG syscall_index;
NTSTATUS status;
#ifdef _WIN64
#ifdef _M_AMD64
volatile ULONG_PTR ret = 0;
volatile ULONG_PTR UserStack = 0;
@ -537,7 +539,10 @@ _FX NTSTATUS Syscall_Api_Invoke32(PROCESS* proc, ULONG64* parms)
const ULONG args_len = entry->param_count * sizeof(ULONG_PTR);
#ifdef _WIN64
ProbeForRead(user_args, args_len, sizeof(ULONG_PTR));
#else ! _WIN64
ProbeForRead(user_args, args_len, sizeof(UCHAR));
#endif _WIN64
#ifdef _M_AMD64
// default - support procmon stack if handler3_func_support_procmon is null.
if (!entry->handler3_func_support_procmon
|| entry->handler3_func_support_procmon(proc, entry, user_args)
@ -547,15 +552,10 @@ _FX NTSTATUS Syscall_Api_Invoke32(PROCESS* proc, ULONG64* parms)
pTrapFrame = (PKTRAP_FRAME) *(ULONG_PTR*)((UCHAR*)pThread + g_TrapFrameOffset);
if (pTrapFrame) {
#ifdef _M_ARM64
ret = pTrapFrame->Pc;
UserStack = pTrapFrame->Sp;
#else
ret = pTrapFrame->Rip;
UserStack = pTrapFrame->Rsp;
pTrapFrame->Rsp = pTrapFrame->Rbp; //*pRbp;
pTrapFrame->Rip = pTrapFrame->Rbx; //*pRbx;
#endif
}
}
else
@ -567,10 +567,7 @@ _FX NTSTATUS Syscall_Api_Invoke32(PROCESS* proc, ULONG64* parms)
{
pTrapFrame = NULL;
}
#else ! _WIN64
ProbeForRead(user_args, args_len, sizeof(UCHAR));
#endif _WIN64
#endif
if (entry->handler1_func) {
@ -607,16 +604,11 @@ _FX NTSTATUS Syscall_Api_Invoke32(PROCESS* proc, ULONG64* parms)
strings, lengths, PsGetCurrentProcessId(), PsGetCurrentThreadId());
}
#ifdef _WIN64
#ifdef _M_AMD64
if (g_TrapFrameOffset) {
if (pTrapFrame) {
#ifdef _M_ARM64
pTrapFrame->Pc = ret;
pTrapFrame->Sp = UserStack;
#else
pTrapFrame->Rip = ret;
pTrapFrame->Rsp = UserStack;
#endif
}
}
#endif

6
Sandboxie/core/svc/DriverAssistInject.cpp
View File

@ -150,8 +150,10 @@ finish:
if (hProcess) {
if (errlvl)
TerminateProcess(hProcess, 1);
if (errlvl) {
SbieApi_Call(API_INJECT_COMPLETE, 3, (ULONG_PTR)msg->process_id, NULL, errlvl);
//TerminateProcess(hProcess, 1);
}
CloseHandle(hProcess);
}