From 98ea5bf6c45f97e0e15df4ded014fbaf72028eb0 Mon Sep 17 00:00:00 2001
From: DavidXanatos <3890945+DavidXanatos@users.noreply.github.com>
Date: Sun, 21 Jul 2024 14:33:05 +0200
Subject: [PATCH] 1.14.5
---
Sandboxie/core/dll/sysinfo.c | 24 ++-
SandboxiePlus/SandMan/Forms/OptionsWindow.ui | 182 +++++++++---------
.../SandMan/Windows/OptionsAdvanced.cpp | 64 +++++-
3 files changed, 175 insertions(+), 95 deletions(-)
diff --git a/Sandboxie/core/dll/sysinfo.c b/Sandboxie/core/dll/sysinfo.c
index dfd13db8..a5df709a 100644
--- a/Sandboxie/core/dll/sysinfo.c
+++ b/Sandboxie/core/dll/sysinfo.c
@@ -221,28 +221,36 @@ _FX NTSTATUS SysInfo_NtQuerySystemInformation(
typedef LSTATUS(*ROK)(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult);
typedef LSTATUS(*RQVEW)(HKEY hKey, LPCWSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData);
typedef LSTATUS(*RCK)(HKEY hKey);
- ROK RegOpenKeyExW = (ROK)GetProcAddress(GetModuleHandle(DllName_advapi32), "RegOpenKeyExW");
- RQVEW RegQueryValueExW = (RQVEW)GetProcAddress(GetModuleHandle(DllName_advapi32), "RegQueryValueExW");
- RCK RegCloseKey = (RCK)GetProcAddress(GetModuleHandle(DllName_advapi32), "RegCloseKey");
+ ROK RegOpenKeyExW = (ROK)GetProcAddress(LoadLibraryW(DllName_advapi32), "RegOpenKeyExW");
+ RQVEW RegQueryValueExW = (RQVEW)GetProcAddress(LoadLibraryW(DllName_advapi32), "RegQueryValueExW");
+ RCK RegCloseKey = (RCK)GetProcAddress(LoadLibraryW(DllName_advapi32), "RegCloseKey");
HKEY hKey = NULL;
- PVOID lpData = NULL;
- DWORD dwLen = 0;
+ DWORD dwLen = 0x10000;
+ PVOID lpData = Dll_AllocTemp(dwLen);
DWORD type;
+ if (!lpData)
+ return STATUS_UNSUCCESSFUL;
// if not set we return no information, 0 length
- if (RegOpenKeyExW && RegOpenKeyExW(HKEY_CURRENT_USER, L"System\\SbieCustom\\", 0, KEY_READ, &hKey)) {
+ if (RegOpenKeyExW && RegOpenKeyExW(HKEY_CURRENT_USER, L"System\\SbieCustom", 0, KEY_READ, &hKey) == 0) {
+
RegQueryValueExW(hKey, L"SMBiosTable", 0, &type, lpData, &dwLen);
+
RegCloseKey(hKey);
}
*ReturnLength = dwLen;
if (dwLen > 0) {
- if (dwLen > BufferLength)
+ if (dwLen + sizeof(PSYSTEM_FIRMWARE_TABLE_INFORMATION) > BufferLength)
return STATUS_BUFFER_TOO_SMALL;
- memcpy(Buffer, lpData, dwLen);
+
+ firmwareTableInfo->TableBufferLength = dwLen;
+ memcpy(firmwareTableInfo->TableBuffer, lpData, dwLen);
}
+ Dll_Free(lpData);
+
return STATUS_SUCCESS;
}
}
diff --git a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
index 09e93d15..e7962ff9 100644
--- a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
+++ b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
@@ -4687,16 +4687,6 @@ This is done to prevent rogue processes inside the sandbox from creating a renam
Privacy
- -
-
-
- -
-
-
- Show Templates
-
-
-
-
@@ -4707,50 +4697,13 @@ This is done to prevent rogue processes inside the sandbox from creating a renam
- -
-
+
-
+
- Add Process
+ Hide host processes from processes running in the sandbox.
-
-
- -
-
-
-
- true
- true
-
-
-
- Process Hiding
-
-
-
- -
-
-
- Use a custom Locale/LangID
-
-
-
- -
-
-
- Qt::Vertical
-
-
-
- 20
- 40
-
-
-
-
- -
-
-
- Don't allow sandboxed processes to see processes running outside any boxes
+
+ true
@@ -4767,40 +4720,20 @@ This is done to prevent rogue processes inside the sandbox from creating a renam
- -
-
+
-
+
+
+ Some programs read system deatils through WMI(A Windows built-in database) instead of normal ways. For example,"tasklist.exe" could get full processes list even if "HideOtherBoxes" is opened through accessing WMI. Enable this option to stop these heavior.
+
- Remove
+ Prevent sandboxed processes from accessing system deatils through WMI (see tooltip for more Info)
- -
-
+
-
+
- Hide host processes from processes running in the sandbox.
-
-
- true
-
-
-
- -
-
-
- Don't allow sandboxed processes to see processes running in other boxes
-
-
-
- -
-
-
-
- true
- true
-
-
-
- Data Protection
+ Don't allow sandboxed processes to see processes running outside any boxes
@@ -4821,13 +4754,90 @@ This is done to prevent rogue processes inside the sandbox from creating a renam
- -
-
-
- Some programs read system deatils through WMI(A Windows built-in database) instead of normal ways. For example,"tasklist.exe" could get full processes list even if "HideOtherBoxes" is opened through accessing WMI. Enable this option to stop these heavior.
+
-
+
+
+
+ true
+ true
+
- Prevent sandboxed processes from accessing system deatils through WMI (see tooltip for more Info)
+ Process Hiding
+
+
+
+ -
+
+
+ Add Process
+
+
+
+ -
+
+
+ Use a custom Locale/LangID
+
+
+
+ -
+
+
+ Remove
+
+
+
+ -
+
+
+
+ true
+ true
+
+
+
+ Data Protection
+
+
+
+ -
+
+
+ -
+
+
+ Show Templates
+
+
+
+ -
+
+
+ Qt::Vertical
+
+
+
+ 20
+ 40
+
+
+
+
+ -
+
+
+ Don't allow sandboxed processes to see processes running in other boxes
+
+
+
+ -
+
+
+ Dump the current Firmare Tables to HKCU\System\SbieCustom
+
+
+ Dump FW Tables
diff --git a/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp b/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
index 639e0975..d9d4a5c7 100644
--- a/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
+++ b/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
@@ -100,6 +100,7 @@ void COptionsWindow::CreateAdvanced()
connect(ui.chkHideFirmware, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.cmbLangID, SIGNAL(currentIndexChanged(int)), this, SLOT(OnAdvancedChanged()));
+ connect(ui.btnDumpFW, SIGNAL(clicked(bool)), this, SLOT(OnDumpFW()));
connect(ui.chkHideOtherBoxes, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkHideNonSystemProcesses, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
@@ -266,7 +267,7 @@ void COptionsWindow::LoadAdvanced()
ShowTriggersTmpl();
//
- ui.chkHideFirmware->setChecked(m_pBox->GetBool("HideFirmwareInfo", true));
+ ui.chkHideFirmware->setChecked(m_pBox->GetBool("HideFirmwareInfo", false));
ui.cmbLangID->setCurrentIndex(ui.cmbLangID->findData(m_pBox->GetNum("CustomLCID", 0)));
@@ -1341,6 +1342,67 @@ void COptionsWindow::SaveDebug()
}
}
+#define WIN32_NO_STATUS
+typedef long NTSTATUS;
+
+#include "..\..\Sandboxie\common\win32_ntddk.h"
+
+typedef struct _SYSTEM_FIRMWARE_TABLE_INFORMATION {
+ ULONG ProviderSignature;
+ ULONG Action;
+ ULONG TableID;
+ ULONG TableBufferLength;
+ UCHAR TableBuffer[ANYSIZE_ARRAY];
+} SYSTEM_FIRMWARE_TABLE_INFORMATION, *PSYSTEM_FIRMWARE_TABLE_INFORMATION;
+
+#define FIRMWARE_TABLE_PROVIDER_ACPI 'ACPI'
+#define FIRMWARE_TABLE_PROVIDER_SMBIOS 'RSMB'
+
+typedef enum _SYSTEM_FIRMWARE_TABLE_ACTION {
+ SystemFirmwareTable_Enumerate,
+ SystemFirmwareTable_Get
+} SYSTEM_FIRMWARE_TABLE_ACTION;
+
+void COptionsWindow::OnDumpFW()
+{
+ ULONG returnLength = 0;
+ NTSTATUS status;
+ SYSTEM_FIRMWARE_TABLE_INFORMATION* firmwareTableInfo;
+ ULONG firmwareTableSize = sizeof(SYSTEM_FIRMWARE_TABLE_INFORMATION) + 0x10000; // Initial size
+
+retry:
+ firmwareTableInfo = (SYSTEM_FIRMWARE_TABLE_INFORMATION*)malloc(firmwareTableSize);
+ firmwareTableInfo->ProviderSignature = FIRMWARE_TABLE_PROVIDER_SMBIOS;
+ firmwareTableInfo->Action = SystemFirmwareTable_Get;
+ firmwareTableInfo->TableID = 0;
+ firmwareTableInfo->TableBufferLength = firmwareTableSize - sizeof(SYSTEM_FIRMWARE_TABLE_INFORMATION);
+
+ status = NtQuerySystemInformation(SystemFirmwareTableInformation, firmwareTableInfo, firmwareTableSize, &returnLength);
+
+ if (status == 0xC0000023L/*STATUS_BUFFER_TOO_SMALL*/) {
+ free(firmwareTableInfo);
+ firmwareTableSize += 0x10000;
+ goto retry;
+ }
+
+ if (!NT_SUCCESS(status))
+ CSandMan::ShowMessageBox(this, QMessageBox::Critical, tr("Failed to retrieve firmware table information."));
+ else if(firmwareTableInfo->TableBufferLength)
+ {
+ HKEY hKey;
+ DWORD disposition;
+ if(RegCreateKeyExW(HKEY_CURRENT_USER, L"System\\SbieCustom", 0, 0, 0, KEY_WRITE, NULL, &hKey, &disposition) == 0)
+ {
+ if(RegSetValueExW(hKey, L"SMBiosTable", 0, REG_BINARY, firmwareTableInfo->TableBuffer, firmwareTableInfo->TableBufferLength) == 0)
+ CSandMan::ShowMessageBox(this, QMessageBox::Information, tr("Firmware table saved successfully to host registry: HKEY_CURRENT_USER\\System\\SbieCustom
you can copy it to the sandboxed registry to have a different value for each box."));
+
+ RegCloseKey(hKey);
+ }
+ }
+
+ free(firmwareTableInfo);
+}
+
void COptionsWindow::InitLangID()
{
// Note: list by ChatGPT