Merge pull request #13 from love-code-yeyixiao/DiskSerialNumber

Merge
This commit is contained in:
爱编程的叶一笑 2024-07-28 19:51:11 +08:00 committed by GitHub
commit 8e0602a847
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
34 changed files with 11790 additions and 11115 deletions

View File

@ -2,37 +2,47 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/). This project adheres to [Semantic Versioning](http://semver.org/).
## [1.1x.x / 5.xx.x] - 2024-07-0x
## [1.14.6 / 5.69.6] - 2024-07-??
### Fixed
- fixed issue with Windows 7 caused by the new CustomLCID option [#4117](https://github.com/sandboxie-plus/Sandboxie/issues/4117)
### Added ### Added
- added alias for a sandbox [#4112](https://github.com/sandboxie-plus/Sandboxie/issues/4112)
- added UI options for "ForceRestartAll" and "UseCreateToken" in OptionWindow - added UI options for "ForceRestartAll" and "UseCreateToken" in OptionWindow
- added an optional context menu option to make folder/file forced quickly - added an optional context menu option to make folder/file forced quickly
- Note: You can also use "Sandman.exe /add_force program_path" to do it - Note: You can also use "Sandman.exe /add_force program_path" to do it
- added a feature which could modify Windows Product Id in the registry to a rand value - added a feature which could modify Windows Product Id in the registry to a rand value
## [1.14.5 / 5.69.5] - 2024-07-?
## [1.14.5 / 5.69.5] - 2024-07-23
### Added ### Added
- added hwid display - added HwID display
- added Language Spoof "CustomLCID=1033" [#4024](https://github.com/sandboxie-plus/Sandboxie/pull/4024) (thanks Yeyixiao) - added Language Spoof "CustomLCID=1033" [#4024](https://github.com/sandboxie-plus/Sandboxie/pull/4024) (thanks Yeyixiao)
- added option to always run the sandman UI as admin [#4090](https://github.com/sandboxie-plus/Sandboxie/issues/4090) - added option to always run the sandman UI as admin [#4090](https://github.com/sandboxie-plus/Sandboxie/issues/4090)
- added Proxy exclusion [#4036](https://github.com/sandboxie-plus/Sandboxie/issues/4036) - added Proxy exclusion [#4036](https://github.com/sandboxie-plus/Sandboxie/issues/4036)
- added "ForceChildren=Program.exe" [#4070](https://github.com/sandboxie-plus/Sandboxie/issues/4070) - added "ForceChildren=Program.exe" [#4070](https://github.com/sandboxie-plus/Sandboxie/issues/4070)
- added UI options for "ForceRestartAll" and "UseCreateToken" in OptionWindow
- added an optional context menu option to make folder/file forced quickly
- Note: you can also use "Sandman.exe /add_force program_path" to do it
### Changed
- the certificate format can now take an explicit validity days specification, needed for gapless certificate renewal
### Fixed ### Fixed
- fixed two supporter certificate popping up every time a Sandboxes' settings are opened [#4074](https://github.com/sandboxie-plus/Sandboxie/issues/4074) - fixed two supporter certificate popping up every time a Sandboxes' settings are opened [#4074](https://github.com/sandboxie-plus/Sandboxie/issues/4074)
- fixed issue with HwID-bound serial keys failing when no HwID could be obtained - fixed issue with HwID-bound serial keys failing when no HwID could be obtained
- fixed issue with "UseChangeSpeed=y" - fixed issue with "UseChangeSpeed=y"
- fixed broken "HideFirmwareInfo=y" implementation. - fixed broken "HideFirmwareInfo=y" implementation
- changed reg path to key "HKCU\\System\\SbieCustom", value: "SMBiosTable" - changed reg path to key "HKCU\\System\\SbieCustom", value: "SMBiosTable"
- added UI options - added UI options
- fixed schannel error SEC_E_SECPKG_NOT_FOUND in encrypted sandboxes [#4081](https://github.com/sandboxie-plus/Sandboxie/issues/4081) - fixed schannel error SEC_E_SECPKG_NOT_FOUND in encrypted sandboxes [#4081](https://github.com/sandboxie-plus/Sandboxie/issues/4081)
- fixed The name of the sandbox is too long, causing an error in sbie2327 [#4064](https://github.com/sandboxie-plus/Sandboxie/issues/4064) - fixed The name of the sandbox is too long, causing an error in sbie2327 [#4064](https://github.com/sandboxie-plus/Sandboxie/issues/4064)
- fixed Job objects cannot be assigned memory limits greater than 4 GB [#4096](https://github.com/sandboxie-plus/Sandboxie/issues/4096) - fixed Job objects cannot be assigned memory limits greater than 4 GB [#4096](https://github.com/sandboxie-plus/Sandboxie/issues/4096)
### Changed
- the certificate format can now take an explicit validity days specification, needed for gapless certificate renewal
## [1.14.4 / 5.69.4] - 2024-07-13 ## [1.14.4 / 5.69.4] - 2024-07-13
@ -46,7 +56,6 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.14.3 / 5.69.3] - 2024-07-01 ## [1.14.3 / 5.69.3] - 2024-07-01
### Changed ### Changed
@ -79,7 +88,6 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- Usage: "RpcPortFilter=Port,ID,Label" label is optional - Usage: "RpcPortFilter=Port,ID,Label" label is optional
- added "Job Object" Options page to collect all job object-related options - added "Job Object" Options page to collect all job object-related options
### Changed ### Changed
- extended "Temp Template" to make it could delete local template section - extended "Temp Template" to make it could delete local template section
@ -165,7 +173,6 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.13.6 / 5.68.6] - 2024-04-21 ## [1.13.6 / 5.68.6] - 2024-04-21
### Added ### Added
@ -489,7 +496,6 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.11.4 / 5.66.4] - 2023-10-06 ## [1.11.4 / 5.66.4] - 2023-10-06
### Changed ### Changed
- improved behaviour with Lock All Encrypted Boxes option [#3350](https://github.com/sandboxie-plus/Sandboxie/issues/3350) - improved behaviour with Lock All Encrypted Boxes option [#3350](https://github.com/sandboxie-plus/Sandboxie/issues/3350)
- fixed typo: 'NoRestartOnPAC' option becomes 'NoRestartOnPCA' [0e175ee](https://github.com/sandboxie-plus/Sandboxie/commit/0e175eedfde50198a3fa7bdef3a91fdbad5f5226) - fixed typo: 'NoRestartOnPAC' option becomes 'NoRestartOnPCA' [0e175ee](https://github.com/sandboxie-plus/Sandboxie/commit/0e175eedfde50198a3fa7bdef3a91fdbad5f5226)
@ -539,6 +545,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- fixed logo cut-off in the About window [#3249](https://github.com/sandboxie-plus/Sandboxie/issues/3249) - fixed logo cut-off in the About window [#3249](https://github.com/sandboxie-plus/Sandboxie/issues/3249)
- fixed issue with file recovery when using a RAM drive [d82b62e](https://github.com/sandboxie-plus/Sandboxie/commit/d82b62ee78d865e21005b9b81dfa9dac9f524b90) - fixed issue with file recovery when using a RAM drive [d82b62e](https://github.com/sandboxie-plus/Sandboxie/commit/d82b62ee78d865e21005b9b81dfa9dac9f524b90)
## [1.11.1 / 5.66.1] - 2023-08-31 ## [1.11.1 / 5.66.1] - 2023-08-31
### Added ### Added
@ -1061,7 +1069,6 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.7.0 / 5.62.0] - 2023-01-27 ## [1.7.0 / 5.62.0] - 2023-01-27
### Added ### Added
- added OnFileRecovery trigger allowing to check files before recovering them [#2202](https://github.com/sandboxie-plus/Sandboxie/issues/2202) - added OnFileRecovery trigger allowing to check files before recovering them [#2202](https://github.com/sandboxie-plus/Sandboxie/issues/2202)
- added more presets to sandbox options - added more presets to sandbox options
@ -1096,7 +1103,6 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.6.6 / 5.61.6] - 2023-01-16 ## [1.6.6 / 5.61.6] - 2023-01-16
### Changed ### Changed
- reworked trace log retrieval for vastly improved performance - reworked trace log retrieval for vastly improved performance
- improved list/tree finder - improved list/tree finder

View File

@ -26,7 +26,7 @@
#define VERSION_MJR 5 #define VERSION_MJR 5
#define VERSION_MIN 69 #define VERSION_MIN 69
#define VERSION_REV 5 #define VERSION_REV 6
#define VERSION_UPD 0 #define VERSION_UPD 0
#if VERSION_UPD > 0 #if VERSION_UPD > 0

View File

@ -71,13 +71,21 @@ _FX BOOLEAN Gui_InitTitle(HMODULE module)
SbieDll_GetSettingsForName(NULL, Dll_ImageName, L"BoxNameTitle", buf, sizeof(buf), NULL); SbieDll_GetSettingsForName(NULL, Dll_ImageName, L"BoxNameTitle", buf, sizeof(buf), NULL);
if (*buf == L'y' || *buf == L'Y') { // indicator + box name if (*buf == L'y' || *buf == L'Y') { // indicator + box name
const WCHAR* BoxName = Dll_BoxName;
NTSTATUS status;
WCHAR BoxAlias[MAX_PATH];
status = SbieApi_QueryConfAsIs(NULL, L"BoxAlias", 0, BoxAlias, ARRAYSIZE(BoxAlias));
if (NT_SUCCESS(status) && *BoxAlias)
BoxName = BoxAlias;
UNICODE_STRING uni; UNICODE_STRING uni;
Gui_BoxNameTitleLen = wcslen(Dll_BoxName) + 3; Gui_BoxNameTitleLen = wcslen(BoxName) + 3;
Gui_BoxNameTitleW = Gui_BoxNameTitleW =
Dll_Alloc((Gui_BoxNameTitleLen + 3) * sizeof(WCHAR)); Dll_Alloc((Gui_BoxNameTitleLen + 3) * sizeof(WCHAR));
Gui_BoxNameTitleW[0] = Gui_TitleSuffixW[1]; // L'[' Gui_BoxNameTitleW[0] = Gui_TitleSuffixW[1]; // L'['
wcscpy(&Gui_BoxNameTitleW[1], Dll_BoxName); wcscpy(&Gui_BoxNameTitleW[1], BoxName);
wcscat(Gui_BoxNameTitleW, &Gui_TitleSuffixW[3]); // L"]" wcscat(Gui_BoxNameTitleW, &Gui_TitleSuffixW[3]); // L"]"
wcscat(Gui_BoxNameTitleW, L" "); wcscat(Gui_BoxNameTitleW, L" ");

View File

@ -234,7 +234,10 @@ _FX BOOLEAN Kernel_Init()
} }
SBIEDLL_HOOK(Kernel_, GetUserDefaultLCID); SBIEDLL_HOOK(Kernel_, GetUserDefaultLCID);
SBIEDLL_HOOK(Kernel_, GetUserDefaultLangID); SBIEDLL_HOOK(Kernel_, GetUserDefaultLangID);
SBIEDLL_HOOK(Kernel_, GetUserDefaultGeoName); void* GetUserDefaultGeoName = GetProcAddress(Dll_KernelBase ? Dll_KernelBase : Dll_Kernel32, "GetUserDefaultGeoName");
if (GetUserDefaultGeoName) {
SBIEDLL_HOOK(Kernel_, GetUserDefaultGeoName);
}
SBIEDLL_HOOK(Kernel_, GetSystemDefaultUILanguage); SBIEDLL_HOOK(Kernel_, GetSystemDefaultUILanguage);
void* GetSystemDefaultLocaleName = GetProcAddress(Dll_KernelBase ? Dll_KernelBase : Dll_Kernel32, "GetSystemDefaultLocaleName"); void* GetSystemDefaultLocaleName = GetProcAddress(Dll_KernelBase ? Dll_KernelBase : Dll_Kernel32, "GetSystemDefaultLocaleName");
if (GetSystemDefaultLocaleName) { if (GetSystemDefaultLocaleName) {

View File

@ -295,7 +295,8 @@ static BOOLEAN WSA_WFPisBlocking = FALSE;
static BOOLEAN WSA_TraceFlag = FALSE; static BOOLEAN WSA_TraceFlag = FALSE;
static BOOLEAN WSA_ProxyEnabled = FALSE; static BOOLEAN WSA_ProxyEnabled = FALSE;
static NETPROXY_RULE* WSA_Proxy = NULL; static NETPROXY_RULE* WSA_Proxy4 = NULL;
static NETPROXY_RULE* WSA_Proxy6 = NULL;
#ifdef PROXY_RESOLVE_HOST_NAMES #ifdef PROXY_RESOLVE_HOST_NAMES
HASH_MAP DNS_LookupMap; HASH_MAP DNS_LookupMap;
#endif #endif
@ -759,7 +760,7 @@ _FX int WSA_IsBlockedTraffic(const short *addr, int addrlen, int protocol)
ULONG NetFw_MatchAddress(rbtree_t* ip_map, IP_ADDRESS* ip); ULONG NetFw_MatchAddress(rbtree_t* ip_map, IP_ADDRESS* ip);
_FX BOOLEAN WSA_GetProxy(const short *addr, int addrlen, void** proxy, int* proxylen) _FX BOOLEAN WSA_GetProxyImpl(NETPROXY_RULE* WSA_Proxy, const short *addr, int addrlen, void** proxy, int* proxylen)
{ {
if (!WSA_Proxy) if (!WSA_Proxy)
return FALSE; return FALSE;
@ -787,6 +788,19 @@ _FX BOOLEAN WSA_GetProxy(const short *addr, int addrlen, void** proxy, int* prox
return TRUE; return TRUE;
} }
_FX BOOLEAN WSA_GetProxy(const short *addr, int addrlen, void** proxy, int* proxylen, NETPROXY_RULE** pWSA_Proxy)
{
if (WSA_GetProxyImpl(WSA_Proxy4, addr, addrlen, proxy, proxylen)) {
*pWSA_Proxy = WSA_Proxy4;
return TRUE;
}
if (WSA_GetProxyImpl(WSA_Proxy6, addr, addrlen, proxy, proxylen)) {
*pWSA_Proxy = WSA_Proxy6;
return TRUE;
}
return FALSE;
}
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
// WSA_begin_connect // WSA_begin_connect
@ -869,7 +883,9 @@ _FX int WSA_connect(
void* proxy; void* proxy;
int proxylen; int proxylen;
if (WSA_ProxyEnabled && !is_localhost(name) && WSA_GetProxy(name, namelen, &proxy, &proxylen)) { NETPROXY_RULE* WSA_Proxy;
if (WSA_ProxyEnabled && !is_localhost(name) && WSA_GetProxy(name, namelen, &proxy, &proxylen, &WSA_Proxy)) {
WSA_SOCK* pSock = WSA_GetSock(s, FALSE); WSA_SOCK* pSock = WSA_GetSock(s, FALSE);
if (pSock) WSA_begin_connect(pSock, s); if (pSock) WSA_begin_connect(pSock, s);
@ -918,7 +934,9 @@ _FX int WSA_WSAConnect(
void* proxy; void* proxy;
int proxylen; int proxylen;
if (WSA_ProxyEnabled && !is_localhost(name) && WSA_GetProxy(name, namelen, &proxy, &proxylen)) { NETPROXY_RULE* WSA_Proxy;
if (WSA_ProxyEnabled && !is_localhost(name) && WSA_GetProxy(name, namelen, &proxy, &proxylen, &WSA_Proxy)) {
WSA_SOCK* pSock = WSA_GetSock(s, FALSE); WSA_SOCK* pSock = WSA_GetSock(s, FALSE);
if (pSock) WSA_begin_connect(pSock, s); if (pSock) WSA_begin_connect(pSock, s);
@ -967,7 +985,9 @@ _FX int WSA_ConnectEx(
void* proxy; void* proxy;
int proxylen; int proxylen;
if (WSA_ProxyEnabled && !is_localhost(name) && WSA_GetProxy(name, namelen, &proxy, &proxylen)) { NETPROXY_RULE* WSA_Proxy;
if (WSA_ProxyEnabled && !is_localhost(name) && WSA_GetProxy(name, namelen, &proxy, &proxylen, &WSA_Proxy)) {
WSA_SOCK* pSock = WSA_GetSock(s, FALSE); WSA_SOCK* pSock = WSA_GetSock(s, FALSE);
if (pSock) WSA_begin_connect(pSock, s); if (pSock) WSA_begin_connect(pSock, s);
@ -1356,13 +1376,7 @@ int NetFw_IpCmp(const void* l, const void* r);
_FX BOOLEAN WSA_InitNetProxy() _FX BOOLEAN WSA_InitNetProxy()
{ {
WCHAR proxy_buf[2048]; WCHAR proxy_buf[2048];
WSA_Proxy = Dll_Alloc(sizeof(NETPROXY_RULE));
memset(WSA_Proxy, 0, sizeof(NETPROXY_RULE));
rbtree_init(&WSA_Proxy->ip_map, NetFw_IpCmp);
BOOLEAN ok = FALSE;
for (ULONG index = 0; ; ++index) { for (ULONG index = 0; ; ++index) {
NTSTATUS status = SbieApi_QueryConf( NTSTATUS status = SbieApi_QueryConf(
NULL, L"NetworkUseProxy", index, proxy_buf, sizeof(proxy_buf) - 16 * sizeof(WCHAR)); NULL, L"NetworkUseProxy", index, proxy_buf, sizeof(proxy_buf) - 16 * sizeof(WCHAR));
@ -1374,16 +1388,31 @@ _FX BOOLEAN WSA_InitNetProxy()
if (!value || (level != NETPROXY_MATCH_EXACT && level != NETPROXY_MATCH_GLOBAL)) if (!value || (level != NETPROXY_MATCH_EXACT && level != NETPROXY_MATCH_GLOBAL))
continue; continue;
ok = WSA_ParseNetProxy(WSA_Proxy, value); NETPROXY_RULE* WSA_Proxy = Dll_Alloc(sizeof(NETPROXY_RULE));
if (ok) memset(WSA_Proxy, 0, sizeof(NETPROXY_RULE));
break; rbtree_init(&WSA_Proxy->ip_map, NetFw_IpCmp);
if (WSA_ParseNetProxy(WSA_Proxy, value)) {
if (WSA_Proxy->af == AF_INET) {
if (WSA_Proxy4 == NULL) {
WSA_Proxy4 = WSA_Proxy;
WSA_Proxy = NULL;
}
}
else if (WSA_Proxy->af == AF_INET6) {
if (WSA_Proxy6 == NULL) {
WSA_Proxy6 = WSA_Proxy;
WSA_Proxy = NULL;
}
}
}
if(WSA_Proxy)
Dll_Free(WSA_Proxy);
} }
if (!ok) { if (!WSA_Proxy4 && !WSA_Proxy6)
Dll_Free(WSA_Proxy);
WSA_Proxy = NULL;
return FALSE; return FALSE;
}
SCertInfo CertInfo = { 0 }; SCertInfo CertInfo = { 0 };
if (!NT_SUCCESS(SbieApi_Call(API_QUERY_DRIVER_INFO, 3, -1, (ULONG_PTR)&CertInfo, sizeof(CertInfo))) || !CERT_IS_LEVEL(CertInfo, eCertAdvanced)) { if (!NT_SUCCESS(SbieApi_Call(API_QUERY_DRIVER_INFO, 3, -1, (ULONG_PTR)&CertInfo, sizeof(CertInfo))) || !CERT_IS_LEVEL(CertInfo, eCertAdvanced)) {

View File

@ -1312,7 +1312,7 @@ QString CSbieAPI::SbieIniGet2(const QString& Section, const QString& Setting, qu
SB_STATUS CSbieAPI::ValidateName(const QString& BoxName) SB_STATUS CSbieAPI::ValidateName(const QString& BoxName)
{ {
if (BoxName.length() > (BOXNAME_COUNT - 2)) if (BoxName.length() > (BOXNAME_COUNT - 2) || BoxName.isEmpty())
return SB_ERR(SB_NameLenLimit); return SB_ERR(SB_NameLenLimit);
/* invalid file name characters on windows /* invalid file name characters on windows

View File

@ -429,7 +429,7 @@
<item row="6" column="2" colspan="4"> <item row="6" column="2" colspan="4">
<widget class="QLabel" name="lblCrypto"> <widget class="QLabel" name="lblCrypto">
<property name="text"> <property name="text">
<string>When &lt;a href=&quot;sbie://docs/boxencryption&quot;&gt;Box Encryption&lt;/a&gt; is enabled the boxs root folder, including its registry hive, is stored in an encrypted disk image, using &lt;a href=&quot;https://diskcryptor.org&quot;&gt;Disk Cryptor's&lt;/a&gt; AES-XTS implementation.</string> <string>When &lt;a href=&quot;sbie://docs/boxencryption&quot;&gt;Box Encryption&lt;/a&gt; is enabled the box's root folder, including its registry hive, is stored in an encrypted disk image, using &lt;a href=&quot;https://diskcryptor.org&quot;&gt;Disk Cryptor's&lt;/a&gt; AES-XTS implementation.</string>
</property> </property>
<property name="wordWrap"> <property name="wordWrap">
<bool>true</bool> <bool>true</bool>
@ -1095,7 +1095,7 @@
<item row="0" column="0"> <item row="0" column="0">
<widget class="QTabWidget" name="tabsSecurity"> <widget class="QTabWidget" name="tabsSecurity">
<property name="currentIndex"> <property name="currentIndex">
<number>3</number> <number>4</number>
</property> </property>
<widget class="QWidget" name="tabHarden"> <widget class="QWidget" name="tabHarden">
<attribute name="title"> <attribute name="title">
@ -1374,7 +1374,7 @@
<item row="3" column="2"> <item row="3" column="2">
<widget class="QLabel" name="label_60"> <widget class="QLabel" name="label_60">
<property name="text"> <property name="text">
<string>Security Isolation through the usage of a heavily restricted process token is Sandboxie's primary means of enforcing sandbox restrictions, when this is disabled the box is operated in the application compartment mode, i.e. its no longer providing reliable security, just simple application compartmentalization.</string> <string>Security Isolation through the usage of a heavily restricted process token is Sandboxie's primary means of enforcing sandbox restrictions, when this is disabled the box is operated in the application compartment mode, i.e. it's no longer providing reliable security, just simple application compartmentalization.</string>
</property> </property>
<property name="wordWrap"> <property name="wordWrap">
<bool>true</bool> <bool>true</bool>
@ -1922,9 +1922,16 @@
</item> </item>
<item row="9" column="1" colspan="4"> <item row="9" column="1" colspan="4">
<widget class="QCheckBox" name="chkCreateToken"> <widget class="QCheckBox" name="chkCreateToken">
<property name="toolTip">
<string>Checked: A local group will also be added to the newly created sandboxed token, which allows addressing all sandboxes at once. Would be useful for auditing policies.
Partially checked: No groups will be added to the newly created sandboxed token.</string>
</property>
<property name="text"> <property name="text">
<string>Create a new sandboxed token instead of stripping down the original token</string> <string>Create a new sandboxed token instead of stripping down the original token</string>
</property> </property>
<property name="tristate">
<bool>true</bool>
</property>
</widget> </widget>
</item> </item>
</layout> </layout>
@ -4293,7 +4300,7 @@ The process match level has a higher priority than the specificity and describes
<item row="4" column="1" colspan="2"> <item row="4" column="1" colspan="2">
<widget class="QCheckBox" name="chkHostProtect"> <widget class="QCheckBox" name="chkHostProtect">
<property name="toolTip"> <property name="toolTip">
<string>Sandboxies resource access rules often discriminate against program binaries located inside the sandbox. OpenFilePath and OpenKeyPath work only for application binaries located on the host natively. In order to define a rule without this restriction, OpenPipePath or OpenConfPath must be used. Likewise, all Closed(File|Key|Ipc)Path directives which are defined by negation e.g. ClosedFilePath=! iexplore.exe,C:Users* will be always closed for binaries located inside a sandbox. Both restriction policies can be disabled on the “Access policies” page. <string>Sandboxie's resource access rules often discriminate against program binaries located inside the sandbox. OpenFilePath and OpenKeyPath work only for application binaries located on the host natively. In order to define a rule without this restriction, OpenPipePath or OpenConfPath must be used. Likewise, all Closed(File|Key|Ipc)Path directives which are defined by negation e.g. 'ClosedFilePath=!iexplore.exe,C:Users*' will be always closed for binaries located inside a sandbox. Both restriction policies can be disabled on the &quot;Access policies&quot; page.
This is done to prevent rogue processes inside the sandbox from creating a renamed copy of themselves and accessing protected resources. Another exploit vector is the injection of a library into an authorized process to get access to everything it is allowed to access. Using Host Image Protection, this can be prevented by blocking applications (installed on the host) running inside a sandbox from loading libraries from the sandbox itself.</string> This is done to prevent rogue processes inside the sandbox from creating a renamed copy of themselves and accessing protected resources. Another exploit vector is the injection of a library into an authorized process to get access to everything it is allowed to access. Using Host Image Protection, this can be prevented by blocking applications (installed on the host) running inside a sandbox from loading libraries from the sandbox itself.</string>
</property> </property>
<property name="text"> <property name="text">
@ -4766,7 +4773,7 @@ This is done to prevent rogue processes inside the sandbox from creating a renam
<string/> <string/>
</property> </property>
<property name="text"> <property name="text">
<string>Hide Firmware Informations</string> <string>Hide Firmware Information</string>
</property> </property>
</widget> </widget>
</item> </item>
@ -4796,10 +4803,10 @@ This is done to prevent rogue processes inside the sandbox from creating a renam
<item row="12" column="0" colspan="5"> <item row="12" column="0" colspan="5">
<widget class="QCheckBox" name="chkBlockWMI"> <widget class="QCheckBox" name="chkBlockWMI">
<property name="toolTip"> <property name="toolTip">
<string>Some programs read system deatils through WMI(A Windows built-in database) instead of normal ways. For example,&quot;tasklist.exe&quot; could get full processes list even if &quot;HideOtherBoxes&quot; is opened through accessing WMI. Enable this option to stop these heavior.</string> <string>Some programs read system details through WMI (a Windows built-in database) instead of normal ways. For example, &quot;tasklist.exe&quot; could get full processes list through accessing WMI, even if &quot;HideOtherBoxes&quot; is used. Enable this option to stop this behaviour.</string>
</property> </property>
<property name="text"> <property name="text">
<string>Prevent sandboxed processes from accessing system deatils through WMI (see tooltip for more Info)</string> <string>Prevent sandboxed processes from accessing system details through WMI (see tooltip for more info)</string>
</property> </property>
</widget> </widget>
</item> </item>
@ -4909,7 +4916,7 @@ This is done to prevent rogue processes inside the sandbox from creating a renam
<item row="1" column="4"> <item row="1" column="4">
<widget class="QToolButton" name="btnDumpFW"> <widget class="QToolButton" name="btnDumpFW">
<property name="toolTip"> <property name="toolTip">
<string>Dump the current Firmare Tables to HKCU\System\SbieCustom</string> <string>Dump the current Firmware Tables to HKCU\System\SbieCustom</string>
</property> </property>
<property name="text"> <property name="text">
<string>Dump FW Tables</string> <string>Dump FW Tables</string>

View File

@ -640,7 +640,7 @@
<item row="7" column="2" colspan="2"> <item row="7" column="2" colspan="2">
<widget class="QCheckBox" name="chkShellMenu3"> <widget class="QCheckBox" name="chkShellMenu3">
<property name="text"> <property name="text">
<string>Add Set Force in Sandbox' to the context menu</string> <string>Add 'Set Force in Sandbox' to the context menu</string>
</property> </property>
</widget> </widget>
</item> </item>

View File

@ -327,8 +327,10 @@ QList<QVariant> CSbieModel::Sync(const QMap<QString, CSandBoxPtr>& BoxList, cons
QVariant Value; QVariant Value;
switch(section) switch(section)
{ {
case eName: Value = pBox->GetName(); break; case eName: Value = pBoxEx->GetDisplayName(); break;
//case eName: Value = pBox->GetName(); break;
case eStatus: Value = pBox.objectCast<CSandBoxPlus>()->GetStatusStr(); break; case eStatus: Value = pBox.objectCast<CSandBoxPlus>()->GetStatusStr(); break;
case eTitle: break;
case eInfo: Value = pBox.objectCast<CSandBoxPlus>()->IsEmptyCached() ? -2 : (bWatchSize ? pBox.objectCast<CSandBoxPlus>()->GetSize() : 0); break; case eInfo: Value = pBox.objectCast<CSandBoxPlus>()->IsEmptyCached() ? -2 : (bWatchSize ? pBox.objectCast<CSandBoxPlus>()->GetSize() : 0); break;
case ePath: Value = pBox->GetFileRoot(); break; case ePath: Value = pBox->GetFileRoot(); break;
} }
@ -343,7 +345,7 @@ QList<QVariant> CSbieModel::Sync(const QMap<QString, CSandBoxPtr>& BoxList, cons
switch (section) switch (section)
{ {
case eName: ColValue.Formatted = Value.toString().replace("_", " "); break; //case eName: ColValue.Formatted = Value.toString().replace("_", " "); break;
case eInfo: ColValue.Formatted = Value.toULongLong() == -2 ? tr("Empty") : (Value.toULongLong() > 0 ? FormatSize(Value.toULongLong()) : ""); break; case eInfo: ColValue.Formatted = Value.toULongLong() == -2 ? tr("Empty") : (Value.toULongLong() > 0 ? FormatSize(Value.toULongLong()) : ""); break;
} }
} }

View File

@ -1639,23 +1639,32 @@ void CSandMan::OnMessage(const QString& MsgData)
else if (Message.left(9) == "AddForce:") else if (Message.left(9) == "AddForce:")
{ {
QString response = QInputDialog::getText(g_GUIParent, tr("Which box you want to add in?"), tr("Type the box name which you are going to set:")); QString response = QInputDialog::getText(g_GUIParent, tr("Which box you want to add in?"), tr("Type the box name which you are going to set:"));
if(!response.isEmpty()) if (!response.isEmpty())
{ {
if (theAPI->GetBoxByName(response) != NULL) { if (theAPI->GetBoxByName(response) != NULL) {
if (Message.right(1)=="\\"||!Message.contains(".", Qt::CaseInsensitive)) { QString dirOrFile = Message.mid(9).replace("\"", "").trimmed();
theAPI->GetBoxByName(response)->AppendText("ForceFolder", Message.mid(9).replace("\"","")); QFileInfo fileInfo(dirOrFile);
if (Message.right(1) == "\\" || !Message.contains(".", Qt::CaseInsensitive)) {
theAPI->GetBoxByName(response)->AppendText("ForceFolder", dirOrFile);
} }
else { else {
theAPI->GetBoxByName(response)->AppendText("ForceProcess", Message.mid(9).replace("\"", "").mid(Message.mid(9).replace("\"", "").lastIndexOf("\\")+1)); if (fileInfo.exists() && fileInfo.isDir()) {
theAPI->GetBoxByName(response)->AppendText("ForceFolder", dirOrFile);
}
else if (fileInfo.exists() && fileInfo.isExecutable()) {
theAPI->GetBoxByName(response)->AppendText("ForceProcess", dirOrFile.mid(dirOrFile.lastIndexOf("\\") + 1));
}
else {
QMessageBox::warning(g_GUIParent, tr("Sandboxie-Plus Warning"), tr("The value is not an existing directory or executable."), QMessageBox::Ok, 0);
}
} }
} }
else { else {
QMessageBox::warning(g_GUIParent, tr("Sandboxie-Plus Warning"), tr("You typed a wrong box name!Nothing was changed."), QMessageBox::Ok, 0); QMessageBox::warning(g_GUIParent, tr("Sandboxie-Plus Warning"), tr("You typed a wrong box name! Nothing was changed."), QMessageBox::Ok, 0);
} }
} }
else { else {
QMessageBox::warning(g_GUIParent, tr("Sandboxie-Plus Warning"), tr("Users canceled this operation."), QMessageBox::Yes, 0); QMessageBox::warning(g_GUIParent, tr("Sandboxie-Plus Warning"), tr("User canceled this operation."), QMessageBox::Yes, 0);
} }
} }
else if (Message.left(8) == "AddOpen:") else if (Message.left(8) == "AddOpen:")
@ -1667,11 +1676,11 @@ void CSandMan::OnMessage(const QString& MsgData)
theAPI->GetBoxByName(response)->AppendText("OpenFilePath", Message.mid(8).replace("\"", "")); theAPI->GetBoxByName(response)->AppendText("OpenFilePath", Message.mid(8).replace("\"", ""));
} }
else { else {
QMessageBox::warning(g_GUIParent, tr("Sandboxie-Plus Warning"), tr("You typed a wrong box name!Nothing was changed."), QMessageBox::Ok, 0); QMessageBox::warning(g_GUIParent, tr("Sandboxie-Plus Warning"), tr("You typed a wrong box name! Nothing was changed."), QMessageBox::Ok, 0);
} }
} }
else { else {
QMessageBox::warning(g_GUIParent, tr("Sandboxie-Plus Warning"), tr("Users canceled this operation."), QMessageBox::Yes, 0); QMessageBox::warning(g_GUIParent, tr("Sandboxie-Plus Warning"), tr("User canceled this operation."), QMessageBox::Yes, 0);
} }
} }
else if (Message.left(4) == "Run:") else if (Message.left(4) == "Run:")

View File

@ -410,6 +410,15 @@ void CSandBoxPlus::UpdateDetails()
QStringList BorderCfg = GetText("BorderColor").split(","); QStringList BorderCfg = GetText("BorderColor").split(",");
m_BoxColor = QColor("#" + BorderCfg[0].mid(5, 2) + BorderCfg[0].mid(3, 2) + BorderCfg[0].mid(1, 2)).rgb(); m_BoxColor = QColor("#" + BorderCfg[0].mid(5, 2) + BorderCfg[0].mid(3, 2) + BorderCfg[0].mid(1, 2)).rgb();
m_BoxAlias = GetText("BoxAlias");
}
QString CSandBoxPlus::GetDisplayName() const
{
if (!m_BoxAlias.isEmpty())
return m_BoxAlias;
return GetName().replace("_", " ");
} }
bool CSandBoxPlus::IsBoxexPath(const QString& Path) bool CSandBoxPlus::IsBoxexPath(const QString& Path)

View File

@ -72,6 +72,8 @@ public:
CSandBoxPlus(const QString& BoxName, class CSbieAPI* pAPI); CSandBoxPlus(const QString& BoxName, class CSbieAPI* pAPI);
virtual ~CSandBoxPlus(); virtual ~CSandBoxPlus();
virtual QString GetDisplayName() const;
SB_PROGRESS ExportBox(const QString& FileName, const QString& Password = "", int Level = 5, bool Solid = false); SB_PROGRESS ExportBox(const QString& FileName, const QString& Password = "", int Level = 5, bool Solid = false);
SB_PROGRESS ImportBox(const QString& FileName, const QString& Password = ""); SB_PROGRESS ImportBox(const QString& FileName, const QString& Password = "");
@ -256,6 +258,7 @@ protected:
bool m_BoxDel; bool m_BoxDel;
bool m_NoForce; bool m_NoForce;
QRgb m_BoxColor; QRgb m_BoxColor;
QString m_BoxAlias;
}; };
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////

View File

@ -1411,21 +1411,39 @@ void CSbieView::OnSandBoxAction(QAction* Action, const QList<CSandBoxPtr>& SandB
} }
else if (Action == m_pMenuRename) else if (Action == m_pMenuRename)
{ {
QString OldValue = SandBoxes.first()->GetName().replace("_", " "); auto pBox = SandBoxes.first();
QString Value = QInputDialog::getText(this, "Sandboxie-Plus", tr("Please enter a new name for the Sandbox."), QLineEdit::Normal, OldValue); QString OldValue = pBox->GetName().replace("_", " ");
if (Value.isEmpty() || Value == OldValue) QString Alias = pBox->GetText("BoxAlias");
bool bAlias = false;
if (bAlias = !Alias.isEmpty())
OldValue = Alias;
bool bOk = false;
QString Value = QInputDialog::getText(this, "Sandboxie-Plus", bAlias ? tr("Please enter a new alias for the Sandbox.") : tr("Please enter a new name for the Sandbox."), QLineEdit::Normal, OldValue, &bOk);
if (!bOk || Value == OldValue)
return; return;
if (!TestNameAndWarn(Value)) if (!Value.isEmpty() && !TestNameAndWarn(Value))
return; return;
SB_STATUS Status = SandBoxes.first()->RenameBox(Value.replace(" ", "_")); bool bError = false;
if (!Status.IsError()) if (bAlias || (bError = CSbieAPI::ValidateName(QString(Value).replace(" ", "_")).IsError()))
{ {
RenameItem(OldValue.replace(" ", "_"), Value.replace(" ", "_")); if (!bAlias && QMessageBox::question(this, "Sandboxie-Plus", tr("The entered name is not valid, do you want to set it as an alias instead?"), QMessageBox::Yes, QMessageBox::No) != QMessageBox::Yes)
if (theAPI->GetGlobalSettings()->GetText("DefaultBox", "DefaultBox").compare(OldValue.replace(" ", "_"), Qt::CaseInsensitive) == 0) return;
theAPI->GetGlobalSettings()->SetText("DefaultBox", Value.replace(" ", "_")); if (Value.isEmpty()) pBox->DelValue("BoxAlias");
else pBox->SetText("BoxAlias", Value);
pBox->UpdateDetails();
}
else
{
SB_STATUS Status = pBox->RenameBox(Value.replace(" ", "_"));
if (!Status.IsError())
{
RenameItem(OldValue.replace(" ", "_"), Value.replace(" ", "_"));
if (theAPI->GetGlobalSettings()->GetText("DefaultBox", "DefaultBox").compare(OldValue.replace(" ", "_"), Qt::CaseInsensitive) == 0)
theAPI->GetGlobalSettings()->SetText("DefaultBox", Value.replace(" ", "_"));
}
Results.append(Status);
} }
Results.append(Status);
SaveBoxGrouping(); SaveBoxGrouping();
} }
@ -1720,7 +1738,7 @@ void CSbieView::ShowOptions(const CSandBoxPtr& pBox)
{ {
auto pBoxEx = pBox.objectCast<CSandBoxPlus>(); auto pBoxEx = pBox.objectCast<CSandBoxPlus>();
if (pBoxEx->m_pOptionsWnd == NULL) { if (pBoxEx->m_pOptionsWnd == NULL) {
pBoxEx->m_pOptionsWnd = new COptionsWindow(pBox, pBox->GetName()); pBoxEx->m_pOptionsWnd = new COptionsWindow(pBox, pBoxEx->GetDisplayName());
connect(theGUI, SIGNAL(Closed()), pBoxEx->m_pOptionsWnd, SLOT(close())); connect(theGUI, SIGNAL(Closed()), pBoxEx->m_pOptionsWnd, SLOT(close()));
connect(pBoxEx->m_pOptionsWnd, &COptionsWindow::Closed, [pBoxEx]() { connect(pBoxEx->m_pOptionsWnd, &COptionsWindow::Closed, [pBoxEx]() {
pBoxEx->m_pOptionsWnd = NULL; pBoxEx->m_pOptionsWnd = NULL;
@ -1786,10 +1804,8 @@ void CSbieView::OnDoubleClicked(const CSandBoxPtr &pBox)
if (!pBox->IsEnabled()) if (!pBox->IsEnabled())
{ {
if (QMessageBox("Sandboxie-Plus", tr("This sandbox is disabled or restricted to a group/user, do you want to edit it?"), QMessageBox::Question, QMessageBox::Yes, QMessageBox::No | QMessageBox::Default | QMessageBox::Escape, QMessageBox::NoButton, this).exec() != QMessageBox::Yes) if (QMessageBox("Sandboxie-Plus", tr("This sandbox is currently disabled or restricted to specific groups or users. Would you like to allow access for everyone?"), QMessageBox::Question, QMessageBox::Yes, QMessageBox::No | QMessageBox::Default | QMessageBox::Escape, QMessageBox::NoButton, this).exec() != QMessageBox::Yes)
return; pBox->SetText("Enabled", "y");// Fix #3999
pBox->SetText("Enabled", "y");
return;
} }
QString Action = pBox->GetText("DblClickAction"); QString Action = pBox->GetText("DblClickAction");

View File

@ -479,7 +479,19 @@ void COptionsWindow::SaveAdvanced()
WriteAdvancedCheck(ui.chkSbieLogon, "SandboxieLogon", bGlobalSbieLogon ? "" : "y", bGlobalSbieLogon ? "n" : ""); WriteAdvancedCheck(ui.chkSbieLogon, "SandboxieLogon", bGlobalSbieLogon ? "" : "y", bGlobalSbieLogon ? "n" : "");
bool bGlobalSandboxGroup = m_pBox->GetAPI()->GetGlobalSettings()->GetBool("SandboxieAllGroup", false); bool bGlobalSandboxGroup = m_pBox->GetAPI()->GetGlobalSettings()->GetBool("SandboxieAllGroup", false);
WriteAdvancedCheck(ui.chkCreateToken, "UseCreateToken", bGlobalSandboxGroup ? "" : "y", ""); bool bGlobalCreateToken = m_pBox->GetAPI()->GetGlobalSettings()->GetBool("UseCreateToken", false);
if (ui.chkCreateToken->checkState() == Qt::Checked) {
WriteAdvancedCheck(ui.chkCreateToken, "SandboxieAllGroup", bGlobalSandboxGroup ? "" : "y");
m_pBox->DelValue("UseCreateToken");
}
else if (ui.chkCreateToken->checkState() == Qt::PartiallyChecked) {
m_pBox->SetText("SandboxieAllGroup", "n");
m_pBox->SetText("UseCreateToken", "y");
}
else {
WriteAdvancedCheck(ui.chkCreateToken, "SandboxieAllGroup", bGlobalSandboxGroup ? "" : "y", bGlobalSandboxGroup ? "n" : "");
WriteAdvancedCheck(ui.chkCreateToken, "UseCreateToken", bGlobalCreateToken ? "" : "y", bGlobalCreateToken ? "n" : "");
}
SaveOptionList(); SaveOptionList();
@ -664,10 +676,13 @@ void COptionsWindow::UpdateBoxIsolation()
} }
else { else {
ReadGlobalCheck(ui.chkSbieLogon, "SandboxieLogon", false); ReadGlobalCheck(ui.chkSbieLogon, "SandboxieLogon", false);
ReadGlobalCheck(ui.chkCreateToken, "UseCreateToken", false);
bool bGlobalSandboxGroup = m_pBox->GetAPI()->GetGlobalSettings()->GetBool("SandboxieAllGroup", false); if (m_pBox->GetBool("SandboxieAllGroup", false, true))
if (bGlobalSandboxGroup) ui.chkCreateToken->setCheckState(Qt::Checked);
ui.chkCreateToken->setEnabled(false); else if (m_pBox->GetBool("UseCreateToken", false, true))
ui.chkCreateToken->setCheckState(Qt::PartiallyChecked);
else
ui.chkCreateToken->setCheckState(Qt::Unchecked);
} }
} }

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -2,7 +2,7 @@
#define VERSION_MJR 1 #define VERSION_MJR 1
#define VERSION_MIN 14 #define VERSION_MIN 14
#define VERSION_REV 5 #define VERSION_REV 6
#define VERSION_UPD 0 #define VERSION_UPD 0
#ifndef STR #ifndef STR