From 839cb832e40bca9de492c2f3a9b2f5d015c5c6ba Mon Sep 17 00:00:00 2001 From: DavidXanatos Date: Sun, 12 Dec 2021 21:32:12 +0100 Subject: [PATCH] 1.0.3 --- CHANGELOG.md | 5 +++-- Sandboxie/core/dll/Win32.c | 45 +++++++++++++++++++++++++++++++++---- Sandboxie/core/dll/config.c | 17 ++++++++++++++ Sandboxie/core/dll/dll.h | 2 ++ 4 files changed, 63 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 64b4a262..7c9ae1f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,9 +8,10 @@ This project adheres to [Semantic Versioning](http://semver.org/). ### Added - added mechanism to hook Win32 system calls on windows 10 and later, this should resolve the issue with Chromium HW acceleration +-- Note: this mechanism does not, yet, work for 32 bit applications running under WoW64 -- to enable it, add "EnableWin32kHooks=y" to the global ini section, this feature is highly experimental (!) -- the hooks will be automatically applied to Chromium GPU processes --- to force Win32k hooks for all processes in a selected box add "AlwaysUseWin32kHooks=y" [#1261](https://github.com/sandboxie-plus/Sandboxie/issues/1261) [#1395](https://github.com/sandboxie-plus/Sandboxie/issues/1395) +-- to force Win32k hooks for all processes in a selected box add "AlwaysUseWin32kHooks=program.exe,y" [#1261](https://github.com/sandboxie-plus/Sandboxie/issues/1261) [#1395](https://github.com/sandboxie-plus/Sandboxie/issues/1395) ### Fixed - fixed bug in GetVersionExW making "OverrideOsBuild=..." not working [#605](https://github.com/sandboxie-plus/Sandboxie/issues/605) [#1426](https://github.com/sandboxie-plus/Sandboxie/issues/1426) @@ -58,7 +59,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). - added new "App Compartment" mode of operation, it is enabled by adding "NoSecurityIsolation=y" to the box configuration -- in this mode, security is traded in for compatibility, it should not be used for untrusted applications --- note: in this mode, file and registry filtering are still in place, hence processes run without administrative privileges +-- Note: in this mode, file and registry filtering are still in place, hence processes run without administrative privileges -- it is reasonably safe, all filtering can be disabled with "NoSecurityFiltering=y" - added experimental use of ObRegisterCallbacks to filter object creation and duplication diff --git a/Sandboxie/core/dll/Win32.c b/Sandboxie/core/dll/Win32.c index 4c8ff2bc..69fd312b 100644 --- a/Sandboxie/core/dll/Win32.c +++ b/Sandboxie/core/dll/Win32.c @@ -20,10 +20,15 @@ //--------------------------------------------------------------------------- +#define NOGDI #include "dll.h" +#include "common\pattern.h" + #define HOOK_WIN32K +//#define WOW64_EXPERIMEN + #ifdef HOOK_WIN32K #include "core/drv/api_defs.h" @@ -146,6 +151,7 @@ _FX BOOLEAN SbieDll_HookWin32SysCalls(HMODULE win32u_base) } #ifndef _WIN64 +#ifdef WOW64_EXPERIMEN _FX NTSTATUS SbieDll_WoW64SysCall(ULONG syscall, ULONG* args) { extern HANDLE SbieApi_DeviceHandle; @@ -210,7 +216,7 @@ _FX BOOLEAN SbieDll_HookWoW64SysCalls(HMODULE win32u_base) void *RegionBase; SIZE_T RegionSize; ULONG OldProtect; - + SystemServiceAsm = (UCHAR*)SbieDll_WoW64SysCallProc; UCHAR* syscall_data = (UCHAR *)HeapAlloc(GetProcessHeap(), 0, 144000); // enough room for 2000 syscalls with names @@ -224,6 +230,10 @@ _FX BOOLEAN SbieDll_HookWoW64SysCalls(HMODULE win32u_base) return FALSE; } + LIST DisabledHookList; + List_Init(&DisabledHookList); + Config_InitPatternList(L"SkipWin32Hook", &DisabledHookList); + SyscallPtr = (ULONG *)(syscall_data + sizeof(ULONG)); // size of buffer @@ -233,8 +243,24 @@ _FX BOOLEAN SbieDll_HookWoW64SysCalls(HMODULE win32u_base) strcpy(FuncName + 2, (char*)&SyscallPtr[2]); ZwXxxPtr = (UCHAR*)GetProcAddress(win32u_base, FuncName); if (!ZwXxxPtr) - return FALSE; + goto next; + { + ULONG len = strlen((char*)&SyscallPtr[2]); + WCHAR wname[68]; + for (ULONG i = 0; i < len; i++) + wname[i] = ((char*)&SyscallPtr[2])[i]; + wname[len] = 0; + + PATTERN* pat = List_Head(&DisabledHookList); + while (pat) + { + if (Pattern_Match(pat, _wcslwr(wname), len)) + goto next; + + pat = List_Next(pat); + } + } RegionBase = ZwXxxPtr; RegionSize = 10; @@ -253,14 +279,17 @@ _FX BOOLEAN SbieDll_HookWoW64SysCalls(HMODULE win32u_base) NtCurrentProcess(), &RegionBase, &RegionSize, OldProtect, &OldProtect); - + next: SyscallPtr += 2 + 16; } + Config_FreePatternList(&DisabledHookList); + HeapFree(GetProcessHeap(), 0, syscall_data); return TRUE; } #endif +#endif #endif @@ -276,6 +305,12 @@ _FX BOOLEAN Win32_Init(HMODULE hmodule) return TRUE; // NoSysCallHooks END +#ifndef WOW64_EXPERIMEN + // ToDo: add no WoW64 support + if (! Dll_IsWow64) + return TRUE; +#endif + // disable Electron Workaround when we are ready to hook the required win32k syscalls extern BOOL Dll_ElectronWorkaround; Dll_ElectronWorkaround = FALSE; @@ -287,12 +322,14 @@ _FX BOOLEAN Win32_Init(HMODULE hmodule) WCHAR* cmdline = GetCommandLine(); if ((wcsstr(cmdline, L"--type=gpu-process") != NULL && wcsstr(cmdline, L"--gpu-preferences=") != NULL) - || SbieApi_QueryConfBool(NULL, L"AlwaysUseWin32kHooks", FALSE)) { + || SbieDll_GetSettingsForName_bool(NULL, Dll_ImageName, L"AlwaysUseWin32kHooks", FALSE)) { #ifndef _WIN64 +#ifdef WOW64_EXPERIMEN if (Dll_IsWow64) SbieDll_HookWoW64SysCalls(hmodule); else +#endif #endif SbieDll_HookWin32SysCalls(hmodule); } diff --git a/Sandboxie/core/dll/config.c b/Sandboxie/core/dll/config.c index 7ad3b7af..c8cc32b9 100644 --- a/Sandboxie/core/dll/config.c +++ b/Sandboxie/core/dll/config.c @@ -329,6 +329,23 @@ _FX BOOLEAN Config_InitPatternList(const WCHAR* setting, LIST* list) } +//--------------------------------------------------------------------------- +// Config_FreePatternList +//--------------------------------------------------------------------------- + +_FX VOID Config_FreePatternList(LIST *list) +{ + PATTERN* pat; + while (1) { + pat = List_Head(list); + if (! pat) + break; + List_Remove(list, pat); + Pattern_Free(pat); + } +} + + //--------------------------------------------------------------------------- // SbieDll_GetSettingsForName //--------------------------------------------------------------------------- diff --git a/Sandboxie/core/dll/dll.h b/Sandboxie/core/dll/dll.h index 58c6969a..5d78bec0 100644 --- a/Sandboxie/core/dll/dll.h +++ b/Sandboxie/core/dll/dll.h @@ -779,6 +779,8 @@ WCHAR* Config_MatchImageAndGetValue(WCHAR* value, const WCHAR* ImageName, ULONG* BOOLEAN Config_InitPatternList(const WCHAR* setting, LIST* list); +VOID Config_FreePatternList(LIST* list); + BOOLEAN Config_String2Bool(const WCHAR* value, BOOLEAN defval); BOOLEAN Config_GetSettingsForImageName_bool(const WCHAR* setting, BOOLEAN defval);