mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

Build 0.8.0

This commit is contained in:
DavidXanatos 2021-06-13 18:11:04 +02:00
parent e08e9b0fd5
commit 9c6687183e
81 changed files with 12454 additions and 8851 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
CHANGELOG.md
View File

@ -4,17 +4,34 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [0.8.0 / 5.50.0] - 2021-06-13
### Added
- sandboxie by default applies "Close...=!<program>,..." directives to non excluded images if thay are located in a sandbox
-- added 'AlwaysCloseForBoxed=n' to disable this behavioure as it may not be always desired, and it doesn't provide extra security
- added process image informations to samdman UI
- localized template categories in the plus ui
- added "DisableResourceMonitor=y" to disable resource access monitor for selected boxes
- added option to show trace entries only for the sellected sandbox
- added "UseVolumeSerialNumbers=y" when set, in the \drive\ sandbox location the drive letters are sufixed with the volume SN
-- helps to avoid mengling of files on multiple pendrives usign the same letter
-- note: this option is not compatible with the recovery function of the classic UI, only SandMan ui is fully compatible
### Changed
- portable cleanup messge now has y/n/c options
- consolidated Proc_CreateProcessInternalW and Proc_CreateProcessInternalW_RS5 to remove duplicate code
- the ElevateCreateProcess fix as sometimes applyed by the PCA will no longer be emulated by default
-- use 'ApplyElevateCreateProcessFix=y' or 'ApplyElevateCreateProcessFix=program.exe,y' to enable it
- trace log gets only disabled when it has no entries and the logging is stopped
### Fixed
- fixed APC issue with the new global hook emulation mechanism and WoW64 processes
- fixed ipv6 issues with BlockPort options
- fixed an issue with cheet engine when "OpenWinClass=*" was specified
- fixed memory corruption in SbieDrv
- fixed crash issue with process elevation on Create Process Calls
- fixed pocess elevation when running in the built in administrator account
- fixed template preview reseting unsaved entries in box options window

2
Sandboxie/apps/com/RpcSs/linger.c
View File

@ -489,6 +489,8 @@ int DoLingerLeader(void)
// is_local_system_sid would be TRUE and we would not
// reach this point.)
//
// fix-me: services are no longer startes by default as system
//
ULONG64 ProcessFlags =
SbieApi_QueryProcessInfo(pids_i, 0);

10
Sandboxie/apps/com/privs.h
View File

@ -166,6 +166,16 @@ ALIGNED BOOL my_SetThreadToken(PHANDLE Thread, HANDLE Token)
if (Thread == NULL) {
//typedef BOOL(*P_OpenProcessToken)(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle);
//typedef BOOL(*P_DuplicateToken)(HANDLE ExistingTokenHandle, SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, PHANDLE DuplicateTokenHandle);
//static P_OpenProcessToken _OpenProcessToken = NULL;
//static P_DuplicateToken _DuplicateToken = NULL;
//if (_OpenProcessToken == NULL || _DuplicateToken == NULL) {
// HMODULE advapi_dll = LoadLibrary(L"advapi32.dll");
// *(FARPROC*)&_OpenProcessToken = GetProcAddress(advapi_dll, "OpenProcessToken");
// *(FARPROC*)&_DuplicateToken = GetProcAddress(advapi_dll, "DuplicateToken");
//}
HANDLE PriToken;
ok = OpenProcessToken(
NtCurrentProcess(), TOKEN_ALL_ACCESS, &PriToken);

6
Sandboxie/common/my_version.h
View File

@ -21,9 +21,9 @@
#ifndef _MY_VERSION_H
#define _MY_VERSION_H
#define MY_VERSION_BINARY 5,49,8
#define MY_VERSION_STRING "5.49.8"
#define MY_VERSION_COMPAT "5.49.0" // this refers to the driver ABI compatibility
#define MY_VERSION_BINARY 5,50,0
#define MY_VERSION_STRING "5.50.0"
#define MY_VERSION_COMPAT "5.50.0" // this refers to the driver ABI compatibility
// These #defines are used by either Resource Compiler, or by NSIC installer
#define SBIE_INSTALLER_PATH "..\\Bin\\"

69
Sandboxie/common/pattern.c
View File

@ -71,13 +71,12 @@ struct _PATTERN {
// Functions
//---------------------------------------------------------------------------
static BOOLEAN Pattern_Match2(
static int Pattern_Match2(
PATTERN *pat,
const WCHAR *string, int string_len,
int str_index, int con_index);
static BOOLEAN Pattern_Match3(
static int Pattern_Match3(
PATTERN *pat,
const WCHAR *string, int string_len,
int str_index, int con_index);
@ -290,6 +289,20 @@ _FX const WCHAR *Pattern_Source(PATTERN *pat)
_FX BOOLEAN Pattern_Match(
PATTERN *pat, const WCHAR *string, int string_len)
{
if (Pattern_MatchX(pat, string, string_len) != 0)
return TRUE;
return FALSE;
}
//---------------------------------------------------------------------------
// Pattern_MatchX
//---------------------------------------------------------------------------
_FX int Pattern_MatchX(
PATTERN *pat, const WCHAR *string, int string_len)
{
//
// short-circuits: if string is NULL, or if the pattern is NULL,
@ -298,30 +311,30 @@ _FX BOOLEAN Pattern_Match(
//
if (! string)
return FALSE;
return 0;
if (pat->info.f.star_missing) {
if (pat->info.num_cons == 0)
return FALSE;
return 0;
if (string_len != pat->cons[0].len)
return FALSE;
return 0;
if (pat->info.f.have_a_qmark) {
const WCHAR *x = Pattern_wcsnstr(
string, pat->cons[0].ptr, pat->cons[0].len);
if (x != string)
return FALSE;
return 0;
} else {
ULONG x = wmemcmp(string, pat->cons[0].ptr, pat->cons[0].len);
if (x != 0)
return FALSE;
return 0;
}
return TRUE;
return string_len;
}
//
@ -337,12 +350,12 @@ _FX BOOLEAN Pattern_Match(
//---------------------------------------------------------------------------
_FX BOOLEAN Pattern_Match2(
_FX int Pattern_Match2(
PATTERN *pat,
const WCHAR *string, int string_len,
int str_index, int con_index)
{
BOOLEAN ok = TRUE;
int match;
if (con_index < pat->info.num_cons) {
@ -359,27 +372,27 @@ _FX BOOLEAN Pattern_Match2(
if (! ptr) {
if (pat->cons[con_index].hex) {
ok = Pattern_Match3(
match = Pattern_Match3(
pat, string, string_len, str_index, con_index);
} else
ok = FALSE;
match = 0;
break;
}
if (str_index == 0 && ptr > string &&
(! pat->info.f.star_at_head)) {
ok = FALSE;
match = 0;
break;
}
str_index = (ULONG)(ptr - string) + pat->cons[con_index].len;
ok = Pattern_Match2(
match = Pattern_Match2(
pat, string, string_len, str_index, con_index + 1);
if (ok)
if (match)
break;
}
} else if (ok) {
} else {
//
// if we think we have a match, just make sure there aren't
@ -387,10 +400,12 @@ _FX BOOLEAN Pattern_Match2(
//
if (str_index != string_len && (! pat->info.f.star_at_tail))
ok = FALSE;
match = 0;
else
match = str_index;
}
return ok;
return match;
}
@ -399,7 +414,7 @@ _FX BOOLEAN Pattern_Match2(
//---------------------------------------------------------------------------
_FX BOOLEAN Pattern_Match3(
_FX int Pattern_Match3(
PATTERN *pat,
const WCHAR *string, int string_len,
int str_index, int con_index)
@ -418,7 +433,7 @@ _FX BOOLEAN Pattern_Match3(
conptr = pat->cons[con_index].ptr;
seqptr = Pattern_wcsnstr(conptr, Pattern_Hex, 5);
if (! seqptr)
return FALSE;
return 0;
restart1:
@ -426,9 +441,9 @@ restart1:
if (con_len) {
if (string_len - str_index < con_len)
return FALSE;
return 0;
if (Pattern_wcsnstr(srcptr, conptr, con_len) != srcptr)
return FALSE;
return 0;
srcptr += con_len;
}
@ -452,10 +467,10 @@ restart1:
}
if (*seqptr != L'_')
return FALSE;
return 0;
++seqptr;
if (*seqptr != L'_')
return FALSE;
return 0;
++seqptr;
//
@ -492,7 +507,7 @@ restart2:
}
}
return FALSE;
return 0;
}
//
@ -517,7 +532,7 @@ restart2:
if (con_len) {
if (Pattern_wcsnstr(srcptr, seqptr, con_len) != srcptr)
return FALSE;
return 0;
}
str_index = (int)(ULONG_PTR)(srcptr + con_len - string);

2
Sandboxie/common/pattern.h
View File

@ -71,7 +71,7 @@ const WCHAR *Pattern_Source(PATTERN *pat);
//
BOOLEAN Pattern_Match(PATTERN *pat, const WCHAR *string, int string_len);
int Pattern_MatchX(PATTERN *pat, const WCHAR *string, int string_len);
//---------------------------------------------------------------------------

2
Sandboxie/core/dll/SboxDll.vcxproj
View File

@ -95,6 +95,7 @@
<CompileAs>Default</CompileAs>
<OmitFramePointers />
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<TreatWarningAsError>false</TreatWarningAsError>
</ClCompile>
<Link>
<AdditionalDependencies>ntdll.lib;uuid.lib;kernel32.lib</AdditionalDependencies>
@ -115,6 +116,7 @@
<RuntimeTypeInfo>false</RuntimeTypeInfo>
<CompileAs>Default</CompileAs>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<TreatWarningAsError>false</TreatWarningAsError>
</ClCompile>
<Link>
<AdditionalDependencies>ntdll.lib;uuid.lib;kernel32.lib</AdditionalDependencies>

5
Sandboxie/core/dll/SboxDll32.def
View File

@ -8,13 +8,10 @@ EXPORTS
Dll_Ordinal1 @1 NONAME
;;;
;;; SbieApi
;;; SbieApiSbieApi_LogEx
;;;
SbieApi_CallZero=_SbieApi_CallZero@4
SbieApi_CallOne=_SbieApi_CallOne@8
SbieApi_CallTwo=_SbieApi_CallTwo@12
SbieApi_CheckInternetAccess=_SbieApi_CheckInternetAccess@12
SbieApi_DisableForceProcess=_SbieApi_DisableForceProcess@8

3
Sandboxie/core/dll/dll.h
View File

@ -493,6 +493,9 @@ void Sxs_ActivateDefaultManifest(void *ImageBase);
ULONG Sxs_CheckManifestForCreateProcess(const WCHAR *DosPath);
ULONG Sxs_CheckManifestForElevation(const WCHAR* DosPath,
BOOLEAN* pAsInvoker, BOOLEAN* pRequireAdministrator, BOOLEAN* pHighestAvailable);
BOOLEAN Sxs_KeyCallback(const WCHAR *path, HANDLE *out_handle);
BOOLEAN Sxs_FileCallback(const WCHAR *path, HANDLE *out_handle);

18
Sandboxie/core/dll/dllmain.c
View File

@ -664,6 +664,8 @@ _FX void Dll_SelectImageType(void)
if (Dll_ImageType == DLL_IMAGE_LAST)
Dll_ImageType = DLL_IMAGE_UNSPECIFIED;
SbieApi_QueryProcessInfoEx(0, 'spit', Dll_ImageType);
//
// we have some special cases for programs running under a restricted
// token, such as a Chromium sandbox processes, or Microsoft Office 2010
@ -780,7 +782,21 @@ _FX ULONG_PTR Dll_Ordinal1(
// see also Proc_RestartProcessOutOfPcaJob
//
if (Dll_ProcessFlags & SBIE_FLAG_PROCESS_IN_PCA_JOB) {
int MustRestartProcess = 0;
if(Dll_ProcessFlags & SBIE_FLAG_PROCESS_IN_PCA_JOB)
MustRestartProcess = 1;
else if (Dll_ProcessFlags & SBIE_FLAG_FORCED_PROCESS) {
if (SbieApi_QueryConfBool(NULL, L"ForceRestartAll", FALSE)
|| SbieDll_CheckStringInList(Dll_ImageName, NULL, L"ForceRestart"))
MustRestartProcess = 2;
}
if (MustRestartProcess) {
WCHAR text[128];
Sbie_snwprintf(text, 128, L"Cleanly restarting forced process, reason %d", MustRestartProcess);
SbieApi_MonitorPut(MONITOR_OTHER, text);
extern void Proc_RestartProcessOutOfPcaJob(void);
Proc_RestartProcessOutOfPcaJob();

2
Sandboxie/core/dll/dllpath.c
View File

@ -461,7 +461,7 @@ _FX void Dll_RefreshPathList(void)
EnterCriticalSection(&Dll_FilePathListCritSec);
if (SbieApi_CallZero(API_REFRESH_FILE_PATH_LIST) == STATUS_SUCCESS) {
if (SbieApi_Call(API_REFRESH_FILE_PATH_LIST, 0) == STATUS_SUCCESS) {
LIST open_paths, closed_paths, write_paths;

22
Sandboxie/core/dll/file.c
View File

@ -354,6 +354,8 @@ static ULONG File_PublicUserLen = 0;
static WCHAR *File_HomeNtPath = NULL;
static ULONG File_HomeNtPathLen = 0;
static BOOLEAN File_DriveAddSN = FALSE;
static BOOLEAN File_Windows2000 = FALSE;
static WCHAR *File_AltBoxPath = NULL;
@ -819,8 +821,17 @@ check_sandbox_prefix:
return STATUS_BAD_INITIAL_PC;
}
ULONG len = _DriveLen + 1; /* drive letter */
// skip any sufix after the drive letter
if (File_DriveAddSN) {
WCHAR* ptr = wcschr(*OutTruePath + _DriveLen + 1, L'\\');
if (ptr)
len = (ULONG)(ptr - *OutTruePath);
}
File_GetName_FixTruePrefix(TlsData,
OutTruePath, &length, _DriveLen + 1 /* drive letter */,
OutTruePath, &length, len,
drive->path, drive->len);
convert_links_again = TRUE;
@ -1160,6 +1171,15 @@ check_sandbox_prefix:
name += _DriveLen;
*name = drive_letter;
++name;
if (File_DriveAddSN && *drive->sn)
{
*name = L'~';
++name;
wcscpy(name, drive->sn);
name += 9;
}
*name = L'\0';
if (length == drive_len) {

8
Sandboxie/core/dll/file_dir.c
View File

@ -3536,7 +3536,13 @@ _FX void File_DoAutoRecover_2(BOOLEAN force, ULONG ticks)
if (send2199) {
WCHAR *colon = wcschr(rec->path, L':');
if (!colon) {
const WCHAR* strings[] = { Dll_BoxName, rec->path, NULL };
UNICODE_STRING uni;
WCHAR *TruePath, *CopyPath;
RtlInitUnicodeString(&uni, rec->path);
status = File_GetName(NULL, &uni, &TruePath, &CopyPath, NULL);
const WCHAR* strings[] = { Dll_BoxName, rec->path, CopyPath, NULL };
SbieApi_LogMsgExt(2199, strings);
}
List_Remove(&File_RecPaths, rec);

64
Sandboxie/core/dll/file_init.c
View File

@ -142,6 +142,8 @@ _FX BOOLEAN File_Init(void)
File_InitPathList();
File_DriveAddSN = SbieApi_QueryConfBool(NULL, L"UseVolumeSerialNumbers", FALSE);
if (! File_InitDrives(0xFFFFFFFF))
return FALSE;
@ -310,6 +312,62 @@ _FX void File_InitPathList(void)
}
//---------------------------------------------------------------------------
// File_GetVolumeSN
//---------------------------------------------------------------------------
typedef struct _FILE_FS_VOLUME_INFORMATION {
LARGE_INTEGER VolumeCreationTime;
ULONG VolumeSerialNumber;
ULONG VolumeLabelLength;
BOOLEAN SupportsObjects;
WCHAR VolumeLabel[1];
} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
_FX ULONG File_GetVolumeSN(const FILE_DRIVE *drive)
{
ULONG sn = 0;
HANDLE handle;
IO_STATUS_BLOCK iosb;
UNICODE_STRING objname;
objname.Buffer = Dll_Alloc((drive->len + 4) * sizeof(WCHAR));
wmemcpy(objname.Buffer, drive->path, drive->len);
objname.Buffer[drive->len ] = L'\\';
objname.Buffer[drive->len + 1] = L'\0';
objname.Length = (USHORT)(drive->len + 1) * sizeof(WCHAR);
objname.MaximumLength = objname.Length + sizeof(WCHAR);
OBJECT_ATTRIBUTES objattrs;
InitializeObjectAttributes(
&objattrs, &objname, OBJ_CASE_INSENSITIVE, NULL, NULL);
NTSTATUS status = NtCreateFile(
&handle, GENERIC_READ | SYNCHRONIZE, &objattrs,
&iosb, NULL, 0, FILE_SHARE_VALID_FLAGS,
FILE_OPEN,
FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT,
NULL, 0);
Dll_Free(objname.Buffer);
if (NT_SUCCESS(status))
{
union {
FILE_FS_VOLUME_INFORMATION volumeInfo;
BYTE volumeInfoBuff[64];
} u;
if (NT_SUCCESS(NtQueryVolumeInformationFile(handle, &iosb, &u.volumeInfo, sizeof(u), FileFsVolumeInformation)))
sn = u.volumeInfo.VolumeSerialNumber;
NtClose(handle);
}
return sn;
}
//---------------------------------------------------------------------------
// File_InitDrives
//---------------------------------------------------------------------------
@ -559,6 +617,12 @@ _FX BOOLEAN File_InitDrives(ULONG DriveMask)
file_drive->subst = subst;
file_drive->len = path_len;
wcscpy(file_drive->path, path);
*file_drive->sn = 0;
if (File_DriveAddSN) {
ULONG sn = File_GetVolumeSN(file_drive);
if(sn != 0)
Sbie_snwprintf(file_drive->sn, 10, L"%04X-%04X", HIWORD(sn), LOWORD(sn));
}
File_Drives[drive] = file_drive;

1
Sandboxie/core/dll/file_link.c
View File

@ -28,6 +28,7 @@
struct _FILE_DRIVE {
WCHAR letter;
WCHAR sn[10];
BOOLEAN subst;
ULONG len; // in characters, excluding NULL
WCHAR path[0];

10
Sandboxie/core/dll/gui.c
View File

@ -1232,14 +1232,14 @@ _FX HWND Gui_CreateWindowExW(
//
// under Sandboxie 4 the Chrome sandbox child process gets confused
// (reason not known) and creates some top level windows, for which it
// does not process messages. This causes DDE message broadcast to
// hang for several seconds. To workaround this, we cause the windows
// does not process messages. this causes DDE message broadcast to
// hang for several seconds. to workaround this, we cause the windows
// to be created as message-only windows
//
// note: the desktop window was made accessible in early v4 builds
// but this code is still here to handle any other parent windows
//
// note: this code breaks Chrome hw acceleration, so it's no longer used
// note: this code breaks chrome hw acceleration, so its no longer used
//
/*if (Dll_ChromeSandbox) {
@ -1310,7 +1310,7 @@ _FX HWND Gui_CreateWindowExW(
// replace window procedure
//
if (hwndResult) {
if (hwndResult && !Gui_RenameClasses) {
Gui_SetWindowProc(hwndResult, FALSE);
@ -1418,7 +1418,7 @@ _FX HWND Gui_CreateWindowExA(
// replace window procedure
//
if (hwndResult) {
if (hwndResult && !Gui_RenameClasses) {
Gui_SetWindowProc(hwndResult, FALSE);

2
Sandboxie/core/dll/lowlevel_inject.c
View File

@ -255,7 +255,7 @@ _FX ULONG SbieDll_InjectLow_InitSyscalls(BOOLEAN drv_init)
// Get a full sys call list from the driver
//
status = SbieApi_CallOne(API_QUERY_SYSCALLS, (ULONG_PTR)syscall_data);
status = SbieApi_Call(API_QUERY_SYSCALLS, 1, (ULONG_PTR)syscall_data);
if (status != 0)
return status;

3
Sandboxie/core/dll/net.c
View File

@ -116,6 +116,7 @@ _FX BOOLEAN HNet_Init(HMODULE module)
#define WSA_IO_PENDING (ERROR_IO_PENDING)
#define AF_INET 2 /* internetwork: UDP, TCP, etc. */
#define AF_INET6 10 /* internetwork v6: UDP, TCP, etc. */
#define SOCKET ULONG_PTR
@ -224,7 +225,7 @@ _FX int WSA_WSANSPIoctl(
_FX int WSA_IsBlockedPort(const short *addr, int addrlen)
{
if (addrlen >= sizeof(USHORT) * 2 && addr && addr[0] == AF_INET) {
if (addrlen >= sizeof(USHORT) * 2 && addr && (addr[0] == AF_INET || addr[0] == AF_INET6)) {
USHORT portnum = ((addr[1] & 0xFF) << 8) | ((addr[1] & 0xFF00) >> 8);
ULONG index = portnum / 512;

1043
Sandboxie/core/dll/proc.c
View File

File diff suppressed because it is too large Load Diff

75
Sandboxie/core/dll/sbieapi.c
View File

@ -138,84 +138,27 @@ _FX NTSTATUS SbieApi_Ioctl(ULONG64 *parms)
//---------------------------------------------------------------------------
// SbieApi_CallZero
// SbieApi_CallFunc
//---------------------------------------------------------------------------
_FX LONG SbieApi_CallZero(ULONG api_code)
_FX LONG SbieApi_Call(ULONG api_code, LONG arg_num, ...)
{
va_list valist;
NTSTATUS status;
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
memzero(parms, sizeof(parms));
parms[0] = api_code;
status = SbieApi_Ioctl(parms);
if (NT_SUCCESS(status)) {
if (api_code == API_UNLOAD_DRIVER) {
NtClose(SbieApi_DeviceHandle);
SbieApi_DeviceHandle = INVALID_HANDLE_VALUE;
}
}
if (arg_num >= (API_NUM_ARGS - 1))
return STATUS_INVALID_PARAMETER;
return status;
}
va_start(valist, arg_num);
for (LONG i = 1; i <= arg_num; i++)
parms[i] = (ULONG64)va_arg(valist, ULONG_PTR);
va_end(valist);
//---------------------------------------------------------------------------
// SbieApi_CallOne
//---------------------------------------------------------------------------
_FX LONG SbieApi_CallOne(ULONG api_code, ULONG_PTR arg)
{
NTSTATUS status;
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
memzero(parms, sizeof(parms));
parms[0] = api_code;
parms[1] = (ULONG64)arg;
status = SbieApi_Ioctl(parms);
return status;
}
//---------------------------------------------------------------------------
// SbieApi_CallTwo
//---------------------------------------------------------------------------
_FX LONG SbieApi_CallTwo(ULONG api_code, ULONG_PTR arg1, ULONG_PTR arg2)
{
NTSTATUS status;
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
memzero(parms, sizeof(parms));
parms[0] = api_code;
parms[1] = (ULONG64)arg1;
parms[2] = (ULONG64)arg2;
status = SbieApi_Ioctl(parms);
return status;
}
//---------------------------------------------------------------------------
// SbieApi_CallThree
//---------------------------------------------------------------------------
_FX LONG SbieApi_CallThree(ULONG api_code, ULONG_PTR arg1, ULONG_PTR arg2, ULONG_PTR arg3)
{
NTSTATUS status;
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
memzero(parms, sizeof(parms));
parms[0] = api_code;
parms[1] = (ULONG64)arg1;
parms[2] = (ULONG64)arg2;
parms[3] = (ULONG64)arg3;
status = SbieApi_Ioctl(parms);
return status;

11
Sandboxie/core/dll/sbieapi.h
View File

@ -49,16 +49,7 @@ extern "C" {
SBIEAPI_EXPORT
LONG SbieApi_CallZero(ULONG api_code);
SBIEAPI_EXPORT
LONG SbieApi_CallOne(ULONG api_code, ULONG_PTR arg);
SBIEAPI_EXPORT
LONG SbieApi_CallTwo(ULONG api_code, ULONG_PTR arg1, ULONG_PTR arg2);
SBIEAPI_EXPORT
LONG SbieApi_CallThree(ULONG api_code, ULONG_PTR arg1, ULONG_PTR arg2, ULONG_PTR arg3);
LONG SbieApi_Call(ULONG api_code, LONG arg_num, ...);
SBIEAPI_EXPORT LONG SbieApi_GetVersion(
WCHAR *version_string); // WCHAR [16]

20
Sandboxie/core/dll/secure.c
View File

@ -96,6 +96,7 @@ static NTSTATUS Secure_RtlCheckTokenMembershipEx(
static BOOLEAN Secure_IsSameBox(HANDLE idProcess);
static BOOLEAN Secure_IsBuiltInAdmin();
//---------------------------------------------------------------------------
@ -281,9 +282,10 @@ _FX BOOLEAN Secure_Init(void)
//
// install hooks to fake administrator privileges
// note: when running as the built in administrator we should always act as if we have admin rights
//
Secure_FakeAdmin = Config_GetSettingsForImageName_bool(L"FakeAdminRights", FALSE);
Secure_FakeAdmin = Config_GetSettingsForImageName_bool(L"FakeAdminRights", Secure_IsBuiltInAdmin());
RtlQueryElevationFlags =
GetProcAddress(Dll_Ntdll, "RtlQueryElevationFlags");
@ -1181,6 +1183,22 @@ _FX BOOLEAN Secure_IsSameBox(HANDLE idProcess)
}
//---------------------------------------------------------------------------
// Secure_IsBuiltInAdmin
//---------------------------------------------------------------------------
_FX BOOLEAN Secure_IsBuiltInAdmin()
{
// Check if this is the built in administrator account its SID is always: S-1-5-21-domain-500
if (_wcsnicmp(Dll_SidString, L"S-1-5-21-", 9) != 0)
return FALSE;
if (Dll_SidStringLen < 4 || _wcsnicmp(Dll_SidString + Dll_SidStringLen - 4, L"-500", 4) != 0)
return FALSE;
return TRUE;
}
//---------------------------------------------------------------------------
//
// Support for UAC Elevation

3
Sandboxie/core/dll/sh.c
View File

@ -779,6 +779,9 @@ _FX BOOL SH32_DoRunAs(
// remove any quotes around the program name.
//
if (CmdLine == NULL)
return FALSE;
if (CmdLine[0] == L'\"') {
++CmdLine;
arg = wcschr(CmdLine, L'\"');

91
Sandboxie/core/dll/sxs.c
View File

@ -1862,6 +1862,64 @@ _FX void Sxs_ActivateDefaultManifest(void *ImageBase)
}
//---------------------------------------------------------------------------
// Sxs_CheckManifestForElevation
//---------------------------------------------------------------------------
_FX ULONG Sxs_CheckManifestForElevation(
const WCHAR* DosPath,
BOOLEAN *pAsInvoker,
BOOLEAN *pRequireAdministrator,
BOOLEAN *pHighestAvailable)
{
ACTCTX ActCtx;
SXS_ARGS args;
ULONG rc;
if (Dll_OsBuild < 6000)
return STATUS_NOT_IMPLEMENTED;
//
// invoke Sxs_GetPathAndText to get the manifest text
//
memzero(&args, sizeof(args));
if (! Sxs_AllocOrFreeBuffers(&args, TRUE))
return STATUS_INSUFFICIENT_RESOURCES;
memzero(&ActCtx, sizeof(ACTCTX));
ActCtx.cbSize = sizeof(ACTCTX);
ActCtx.lpSource = DosPath;
rc = STATUS_UNSUCCESSFUL;
if (Sxs_GetPathAndText(&ActCtx, &args)) {
rc = STATUS_SUCCESS; // manifest found
_strlwr(args.ManifestText);
if (strstr(args.ManifestText, "level='asinvoker'")
|| strstr(args.ManifestText, "level=\"asinvoker\""))
if (pAsInvoker) *pAsInvoker = TRUE;
if (strstr(args.ManifestText, "level='requireadministrator'")
|| strstr(args.ManifestText, "level=\"requireadministrator\""))
if (pRequireAdministrator) *pRequireAdministrator = TRUE;
if (strstr(args.ManifestText, "level='highestavailable'")
|| strstr(args.ManifestText, "level=\"highestavailable\""))
if (pHighestAvailable) *pHighestAvailable = TRUE;
}
Sxs_AllocOrFreeBuffers(&args, FALSE);
return rc;
}
//---------------------------------------------------------------------------
// Sxs_CheckManifestForCreateProcess
//---------------------------------------------------------------------------
@ -1870,9 +1928,8 @@ _FX void Sxs_ActivateDefaultManifest(void *ImageBase)
_FX ULONG Sxs_CheckManifestForCreateProcess(const WCHAR *DosPath)
{
THREAD_DATA *TlsData = Dll_GetTlsData(NULL);
ACTCTX ActCtx;
SXS_ARGS args;
ULONG rc, ElvType;
BOOLEAN AsInvoker, RequireAdministrator, HighestAvailable;
//
// Windows Vista UAC auto-elevates program names that includes words
@ -1905,24 +1962,9 @@ _FX ULONG Sxs_CheckManifestForCreateProcess(const WCHAR *DosPath)
return 0;
}
//
// invoke Sxs_GetPathAndText to get the manifest text
//
rc = Sxs_CheckManifestForElevation(DosPath, &AsInvoker, &RequireAdministrator, &HighestAvailable);
memzero(&args, sizeof(args));
if (! Sxs_AllocOrFreeBuffers(&args, TRUE))
return STATUS_INSUFFICIENT_RESOURCES;
memzero(&ActCtx, sizeof(ACTCTX));
ActCtx.cbSize = sizeof(ACTCTX);
ActCtx.lpSource = DosPath;
rc = 0;
if (Sxs_GetPathAndText(&ActCtx, &args)) {
UCHAR *RequireAdministrator, *HighestAvailable;
if (NT_SUCCESS(rc)) {
//
// asInvoker means to use alternate manifest files in
@ -1932,16 +1974,9 @@ _FX ULONG Sxs_CheckManifestForCreateProcess(const WCHAR *DosPath)
// our Proc_CreateProcess caller to use SH32_DoRunAs
//
_strlwr(args.ManifestText);
if (strstr(args.ManifestText, "level=\"asinvoker\""))
if (AsInvoker)
TlsData->proc_create_process_as_invoker = TRUE;
RequireAdministrator =
strstr(args.ManifestText, "level=\"requireadministrator\"");
HighestAvailable =
strstr(args.ManifestText, "level=\"highestavailable\"");
if (RequireAdministrator ||
(HighestAvailable && ElvType != TokenElevationTypeDefault)) {
@ -1961,8 +1996,6 @@ _FX ULONG Sxs_CheckManifestForCreateProcess(const WCHAR *DosPath)
}
}
Sxs_AllocOrFreeBuffers(&args, FALSE);
return rc;
}

6
Sandboxie/core/drv/api_defs.h
View File

@ -230,9 +230,9 @@ API_ARGS_CLOSE(API_QUERY_PROCESS_ARGS)
API_ARGS_BEGIN(API_QUERY_PROCESS_INFO_ARGS)
API_ARGS_FIELD(HANDLE,process_id)
API_ARGS_FIELD(ULONG,info_type)
API_ARGS_FIELD(ULONG64 *,info_data)
API_ARGS_FIELD(ULONG64, ext_data)
API_ARGS_FIELD(ULONG,info_type) // in
API_ARGS_FIELD(ULONG64 *,info_data) // out
API_ARGS_FIELD(ULONG64, ext_data) // opt in
API_ARGS_CLOSE(API_QUERY_PROCESS_INFO_ARGS)

28
Sandboxie/core/drv/conf.c
View File

@ -1340,13 +1340,33 @@ _FX NTSTATUS Conf_Api_Query(PROCESS *proc, ULONG64 *parms)
if (proc)
value2 = Conf_Expand(proc->box->expand_args, value1, setting);
else {
BOX *box = Box_Create(Driver_Pool, boxname, FALSE);
if (! box) {
CONF_EXPAND_ARGS *expand_args = Mem_Alloc(Driver_Pool, sizeof(CONF_EXPAND_ARGS));
if (! expand_args) {
status = STATUS_UNSUCCESSFUL;
goto release_and_return;
}
value2 = Conf_Expand(box->expand_args, value1, setting);
Box_Free(box);
expand_args->pool = Driver_Pool;
expand_args->sandbox = boxname;
UNICODE_STRING SidString;
ULONG SessionId;
status = Process_GetSidStringAndSessionId(NtCurrentProcess(), NULL, &SidString, &SessionId);
if (!NT_SUCCESS(status)) {
Mem_Free(expand_args, sizeof(CONF_EXPAND_ARGS));
status = STATUS_UNSUCCESSFUL;
goto release_and_return;
}
expand_args->sid = SidString.Buffer;
expand_args->session = &SessionId;
value2 = Conf_Expand(expand_args, value1, setting);
RtlFreeUnicodeString(&SidString);
Mem_Free(expand_args, sizeof(CONF_EXPAND_ARGS));
}
if (! value2) {

16
Sandboxie/core/drv/file.c
View File

@ -868,6 +868,14 @@ _FX BOOLEAN File_BlockInternetAccess2(
_FX BOOLEAN File_InitProcess(PROCESS *proc)
{
//
// by default Close[...]=!<program>,path includes all boxed images
// use AlwaysCloseInBox=n to disable this behavioure
//
proc->always_close_for_boxed = Conf_Get_Boolean(proc->box->name, L"AlwaysCloseForBoxed", 0, TRUE);
BOOLEAN ok = File_InitPaths(proc, &proc->open_file_paths,
&proc->closed_file_paths,
&proc->read_file_paths,
@ -1002,7 +1010,7 @@ _FX NTSTATUS File_Generic_MyParseProc(
if (proc->file_trace & TRACE_IGNORE)
Log_Debug_Msg(MONITOR_IGNORE, ignore_str, Driver_Empty);
else if (Session_MonitorCount &&
else if (Session_MonitorCount && !proc->disable_monitor &&
device_type != FILE_DEVICE_PHYSICAL_NETCARD)
Session_MonitorPut(MONITOR_IGNORE, ignore_str + 4, proc->pid);
@ -1518,7 +1526,7 @@ skip_due_to_home_folder:
}
}
else if (IsPipeDevice && Session_MonitorCount) {
else if (IsPipeDevice && Session_MonitorCount && !proc->disable_monitor) {
ULONG mon_type = MONITOR_PIPE;
WCHAR *mon_name = Name->Name.Buffer;
@ -1532,7 +1540,7 @@ skip_due_to_home_folder:
mon_type |= MONITOR_DENY;
Session_MonitorPut(mon_type, mon_name, proc->pid);
} else if (ShouldMonitorAccess) {
} else if (ShouldMonitorAccess && Session_MonitorCount && !proc->disable_monitor) {
Session_MonitorPut(MONITOR_FILE | MONITOR_DENY, Name->Name.Buffer, proc->pid);
@ -2253,7 +2261,7 @@ _FX NTSTATUS File_Api_Open(PROCESS *proc, ULONG64 *parms)
Log_Debug_Msg(mon_type, access_str, path);
}
}
else if (is_closed) {
else if (is_closed && Session_MonitorCount && !proc->disable_monitor) {
Session_MonitorPut(MONITOR_FILE | MONITOR_DENY, path, proc->pid);
}

2
Sandboxie/core/drv/gui_xp.c
View File

@ -1316,7 +1316,7 @@ _FX ULONG_PTR Gui_NtUserPostThreadMessage(
proc, &proc->open_win_classes, idProcess, NULL);
}
if (Session_MonitorCount) {
if (Session_MonitorCount && !proc->disable_monitor) {
void *nbuf;
ULONG nlen;

2
Sandboxie/core/drv/ipc.c
View File

@ -947,7 +947,7 @@ _FX NTSTATUS Ipc_CheckGenericObject(
}
}
else if (Session_MonitorCount) {
else if (Session_MonitorCount && !proc->disable_monitor) {
ULONG mon_type = MONITOR_IPC;
WCHAR *mon_name = Name->Buffer;

4
Sandboxie/core/drv/key.c
View File

@ -72,8 +72,6 @@ struct _KEY_MOUNT {
//---------------------------------------------------------------------------
static BOOLEAN Key_InitPaths(PROCESS *proc);
static NTSTATUS Key_MyParseProc_2(OBJ_PARSE_PROC_ARGS_2);
static BOOLEAN Key_MountHive2(PROCESS *proc, KEY_MOUNT *mount);
@ -480,7 +478,7 @@ _FX NTSTATUS Key_MyParseProc_2(OBJ_PARSE_PROC_ARGS_2)
}
}
else if (ShouldMonitorAccess) {
else if (ShouldMonitorAccess && Session_MonitorCount && !proc->disable_monitor) {
Session_MonitorPut(MONITOR_KEY | MONITOR_DENY, Name->Name.Buffer, proc->pid);
}

4
Sandboxie/core/drv/process.c
View File

@ -606,6 +606,8 @@ _FX PROCESS *Process_Create(
proc->integrity_level = tzuk; // default to no integrity level
proc->detected_image_type = -1; // indicate non initialized
//
// initialize image name from image path
//
@ -691,6 +693,8 @@ _FX PROCESS *Process_Create(
return NULL;
}
proc->disable_monitor = Conf_Get_Boolean(proc->box->name, L"DisableResourceMonitor", 0, FALSE);
//
// initialize trace flags
//

5
Sandboxie/core/drv/process.h
View File

@ -85,6 +85,8 @@ struct _PROCESS {
ULONG ntdll32_base;
ULONG detected_image_type;
// original process primary access token
void *primary_token;
@ -121,6 +123,8 @@ struct _PROCESS {
UCHAR create_console_flag;
BOOLEAN disable_monitor;
ULONG call_trace;
// file-related
@ -130,6 +134,7 @@ struct _PROCESS {
LIST closed_file_paths; // PATTERN elements
LIST read_file_paths; // PATTERN elements
LIST write_file_paths; // PATTERN elements
BOOLEAN always_close_for_boxed;
LIST blocked_dlls;
ULONG file_trace;
ULONG pipe_trace;

16
Sandboxie/core/drv/process_api.c
View File

@ -426,6 +426,18 @@ _FX NTSTATUS Process_Api_QueryInfo(PROCESS *proc, ULONG64 *parms)
ObDereferenceObject(object);
}
} else if (args->info_type.val == 'spit') { // set process image type
if (ProcessId != 0)
status = STATUS_ACCESS_DENIED;
proc->detected_image_type = (ULONG)(args->ext_data.val);
*data = 0;
} else if (args->info_type.val == 'gpit') { // get process image type
*data = proc->detected_image_type;
} else
status = STATUS_INVALID_INFO_CLASS;
@ -637,8 +649,8 @@ _FX NTSTATUS Process_Api_QueryPathList(PROCESS *proc, ULONG64 *parms)
} else {
if (! MyIsCurrentProcessRunningAsLocalSystem())
return STATUS_NOT_IMPLEMENTED;
//if (! MyIsCurrentProcessRunningAsLocalSystem())
// return STATUS_NOT_IMPLEMENTED;
proc = Process_Find(args->process_id.val, &irql);

4
Sandboxie/core/drv/process_util.c
View File

@ -350,10 +350,12 @@ _FX BOOLEAN Process_GetPaths(
if (closed && (*value == L'!')) {
// dont close paths for sbie components
if (closed_ipc && proc->image_sbie)
continue;
if (proc->image_from_box) {
// for all other advance to the path and apply the block for all sandboxed images
if (proc->image_from_box && proc->always_close_for_boxed) {
value = wcschr(value, L',');
if (! value)

2
Sandboxie/core/drv/session.c
View File

@ -756,7 +756,7 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
if (! proc)
return STATUS_NOT_IMPLEMENTED;
if (! Session_MonitorCount)
if (! Session_MonitorCount || proc->disable_monitor)
return STATUS_SUCCESS;
log_type = args->log_type.val;

2
Sandboxie/core/drv/thread.c
View File

@ -1033,7 +1033,7 @@ _FX NTSTATUS Thread_CheckObject_Common(
// log the cross-sandbox access attempt, based on the status code
//
if (Session_MonitorCount) {
if (Session_MonitorCount && !proc->disable_monitor) {
void *nbuf;
ULONG nlen;

2
Sandboxie/core/svc/DriverAssistInject.cpp
View File

@ -107,7 +107,7 @@ void DriverAssist::InjectLow(void *_msg)
// notify driver that we successfully injected the lowlevel code
//
if (SbieApi_CallOne(API_INJECT_COMPLETE, msg->process_id) == 0)
if (SbieApi_Call(API_INJECT_COMPLETE, 1, msg->process_id) == 0)
errlvl = 0;
else
errlvl = 0x99;

9
Sandboxie/core/svc/DriverAssistStart.cpp
View File

@ -150,8 +150,7 @@ driver_started:
//
if (ok) {
rc = SbieApi_CallOne(
API_SET_SERVICE_PORT, (ULONG_PTR)m_instance->m_PortHandle);
rc = SbieApi_Call(API_SET_SERVICE_PORT, 1, (ULONG_PTR)m_instance->m_PortHandle);
if (rc != 0) {
LogEvent(MSG_9234, 0x9361, rc);
ok = false;
@ -173,7 +172,7 @@ driver_started:
InitClipboard();
}
rc = SbieApi_CallZero(API_INIT_GUI);
rc = SbieApi_Call(API_INIT_GUI, 0);
if (rc != 0) {
LogEvent(MSG_9234, 0x9156, rc);
@ -205,7 +204,7 @@ driver_started:
LsaHandle, &AuthPkgName, &AuthPkgNum);
if (rc == 0)
SbieApi_CallOne(API_SET_LSA_AUTH_PKG, AuthPkgNum);
SbieApi_Call(API_SET_LSA_AUTH_PKG, 1, AuthPkgNum);
LsaDeregisterLogonProcess(LsaHandle);
}
@ -286,7 +285,7 @@ void DriverAssist::InitClipboard()
SetClipboardData(0x333333, hGlobal2);
SetClipboardData(0x444444, hGlobal2);
SbieApi_CallOne(API_GUI_CLIPBOARD, -1);
SbieApi_Call(API_GUI_CLIPBOARD, 1, -1);
EmptyClipboard();
CloseClipboard();

6
Sandboxie/core/svc/EpMapperServer.cpp
View File

@ -173,8 +173,8 @@ MSG_HEADER *EpMapperServer::EpmapperGetPortNameHandler(MSG_HEADER *msg)
{
// Param 1 is the service PID
// Param 2 will return the port name with "\RPC Control\" prepended
rpl->h.status = SbieApi_CallTwo(
API_GET_DYNAMIC_PORT_FROM_PID,
rpl->h.status = SbieApi_Call(
API_GET_DYNAMIC_PORT_FROM_PID, 2,
(ULONG_PTR)hPid,
(ULONG_PTR)rpl->wszPortName);
}
@ -227,7 +227,7 @@ MSG_HEADER *EpMapperServer::EpmapperGetPortNameHandler(MSG_HEADER *msg)
// Param 1 is dynamic port name (e.g. "LRPC-f760d5b40689a98168"), WCHAR[DYNAMIC_PORT_NAME_CHARS]
// Param 2 is the process PID for which to open the port, can be 0 when port is special
// Param 3 is the port type/identifier
rpl->h.status = SbieApi_CallThree(API_OPEN_DYNAMIC_PORT,
rpl->h.status = SbieApi_Call(API_OPEN_DYNAMIC_PORT, 3,
(ULONG_PTR)rpl->wszPortName,
(ULONG_PTR)0,
(ULONG_PTR)req->wszPortId);

38
Sandboxie/core/svc/GuiServer.cpp
View File

@ -69,6 +69,9 @@ typedef struct _WND_HOOK {
LIST_ELEM list_elem;
ULONG pid;
#ifdef _WIN64
bool isWoW64;
#endif _WIN64
DWORD hthread;
ULONG64 hproc;
int HookCount;
@ -2364,7 +2367,7 @@ ULONG GuiServer::CloseClipboardSlave(SlaveArgs *args)
ULONG fmt = 0;
while (1) {
status = SbieApi_CallOne(API_GUI_CLIPBOARD, 0x4000);
status = SbieApi_Call(API_GUI_CLIPBOARD, 1, 0x4000);
if (status != 0)
break;
fmt = EnumClipboardFormats(fmt);
@ -2390,8 +2393,7 @@ ULONG GuiServer::CloseClipboardSlave(SlaveArgs *args)
// always fails. so we want clip_il to stay 0x4000
//
status = SbieApi_CallOne(
API_GUI_CLIPBOARD, caller_il);
status = SbieApi_Call(API_GUI_CLIPBOARD, 1, caller_il);
}*/
CloseClipboard();
@ -2458,7 +2460,7 @@ ULONG GuiServer::GetClipboardDataSlave(SlaveArgs *args)
// then we can't get it, see more in CloseClipboardSlave above.
// work around that by setting IL to 0x4000
//
if (SbieApi_CallOne(API_GUI_CLIPBOARD, 0x4000) == 0) {
if (SbieApi_Call(API_GUI_CLIPBOARD, 1, 0x4000) == 0) {
mem_handle = GetClipboardData(req->format);
rpl->error = GetLastError();
}
@ -3471,6 +3473,7 @@ ULONG GuiServer::GetRawInputDeviceInfoSlave(SlaveArgs *args)
// WndHookNotifySlave
//---------------------------------------------------------------------------
ULONG GuiServer::WndHookNotifySlave(SlaveArgs *args)
{
GUI_WND_HOOK_NOTIFY_REQ *req = (GUI_WND_HOOK_NOTIFY_REQ *)args->req_buf;
@ -3489,7 +3492,29 @@ ULONG GuiServer::WndHookNotifySlave(SlaveArgs *args)
HANDLE hThread = OpenThread(THREAD_SET_CONTEXT, FALSE, (DWORD)whk->hthread);
if (hThread)
{
QueueUserAPC((PAPCFUNC)whk->hproc, hThread, (ULONG_PTR)req->threadid);
#ifdef _WIN64
if (whk->isWoW64)
{
//
// Calling APC's in a 32 bit process from within a 64 bit process needs some trickery
// see: https://repnz.github.io/posts/apc/wow64-user-apc/ for details
//
#define EncodeWow64ApcRoutine(ApcRoutine) ((ULONG64)((-(INT64)ApcRoutine) << 2));
typedef VOID (NTAPI *PPS_APC_ROUTINE)(PVOID SystemArgument1, PVOID SystemArgument2, PVOID SystemArgument3);
PPS_APC_ROUTINE ApcRoutine = (PPS_APC_ROUTINE)EncodeWow64ApcRoutine((ULONG64)whk->hproc);
typedef NTSTATUS (NTAPI* PNT_QUEUE_APC_THREAD)(HANDLE ThreadHandle, PPS_APC_ROUTINE ApcRoutine, PVOID SystemArgument1, PVOID SystemArgument2, PVOID SystemArgument3);
static PNT_QUEUE_APC_THREAD pNtQueueApcThread = NULL;
if(!pNtQueueApcThread)
pNtQueueApcThread = (PNT_QUEUE_APC_THREAD)GetProcAddress(_Ntdll, "NtQueueApcThread");
pNtQueueApcThread(hThread, ApcRoutine, (PVOID)whk->hthread , NULL, NULL);
}
else
#endif _WIN64
QueueUserAPC((PAPCFUNC)whk->hproc, hThread, (ULONG_PTR)req->threadid);
CloseHandle(hThread);
@ -3549,6 +3574,9 @@ ULONG GuiServer::WndHookRegisterSlave(SlaveArgs* args)
whk->hthread = req->hthread;
whk->hproc = req->hproc;
whk->HookCount = 0;
#ifdef _WIN64
whk->isWoW64 = IsProcessWoW64((HANDLE)whk->pid);
#endif _WIN64
List_Insert_After(&m_WndHooks, NULL, whk);
}

2
Sandboxie/core/svc/ProcessServer.cpp
View File

@ -1090,7 +1090,7 @@ BOOL ProcessServer::RunSandboxedStartProcess(
if (ok && StartProgramInSandbox) {
LONG rc = SbieApi_CallTwo(API_START_PROCESS,
LONG rc = SbieApi_Call(API_START_PROCESS, 2,
BoxNameOrModelPid, pi->dwProcessId);
if (rc != 0) {

41
Sandboxie/core/svc/comserver.cpp
View File

@ -135,8 +135,6 @@ typedef struct _COM_OBJECT {
//---------------------------------------------------------------------------
typedef BOOL (*P_IsWow64Process)(HANDLE, BOOL *);
//---------------------------------------------------------------------------
// Variables
@ -156,8 +154,6 @@ static const GUID IID_IWbemClassObject = {
0xDC12A681, 0x737F, 0x11CF,
{ 0x88, 0x4D, 0x00, 0xAA, 0x00, 0x4B, 0x2E, 0x24 } };
P_IsWow64Process pIsWow64Process = NULL;
//---------------------------------------------------------------------------
// Constructor
@ -171,13 +167,6 @@ ComServer::ComServer(PipeServer *pipeServer)
InitializeCriticalSection(&m_SlavesLock);
List_Init(&m_SlavesList);
#ifdef _WIN64
pIsWow64Process = (P_IsWow64Process)
GetProcAddress(_Kernel32, "IsWow64Process");
#endif _WIN64
pipeServer->Register(MSGID_COM, this, Handler);
}
@ -707,36 +696,12 @@ void *ComServer::LockSlave(HANDLE idProcess, ULONG msgid)
#ifdef _WIN64
if (pIsWow64Process) {
HANDLE hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION,
FALSE, (ULONG)(ULONG_PTR)idProcess);
if (hProcess) {
BOOL xwow64 = FALSE;
if (pIsWow64Process(hProcess, &xwow64) && xwow64) {
IsWow64 = TRUE;
}
CloseHandle(hProcess);
IsWow64 = IsProcessWoW64(idProcess);
#ifdef DEBUG_COMSERVER
WCHAR txt[256]; wsprintf(txt, L"LockSlave idProcess=%d Wow64=%d msgid=%X\n", idProcess, IsWow64, msgid);
OutputDebugString(txt);
WCHAR txt[256]; wsprintf(txt, L"LockSlave idProcess=%d Wow64=%d msgid=%X\n", idProcess, IsWow64, msgid);
OutputDebugString(txt);
#endif
}
#ifdef DEBUG_COMSERVER
else {
WCHAR txt[256]; wsprintf(txt, L"LockSlave Cannot determine wow64ness for idProcess=%d\n", idProcess);
OutputDebugString(txt);
}
#endif
}
#endif _WIN64
//

41
Sandboxie/core/svc/main.cpp
View File

@ -491,3 +491,44 @@ bool CheckDropRights(const WCHAR *BoxName)
return true;
return false;
}
//---------------------------------------------------------------------------
// CheckDropRights
//---------------------------------------------------------------------------
bool IsProcessWoW64(HANDLE pid)
{
typedef BOOL (*P_IsWow64Process)(HANDLE, BOOL *);
static P_IsWow64Process pIsWow64Process = NULL;
if(!pIsWow64Process)
pIsWow64Process = (P_IsWow64Process)GetProcAddress(_Kernel32, "IsWow64Process");
if (!pIsWow64Process)
return false;
bool IsWow64 = false;
HANDLE hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION,
FALSE, (ULONG)(ULONG_PTR)pid);
if (hProcess) {
BOOL xwow64 = FALSE;
if (pIsWow64Process && pIsWow64Process(hProcess, &xwow64) && xwow64) {
IsWow64 = true;
}
CloseHandle(hProcess);
}
#ifdef DEBUG_COMSERVER
else {
WCHAR txt[256]; wsprintf(txt, L"Cannot determine wow64ness for idProcess=%d\n", idProcess);
OutputDebugString(txt);
}
#endif
return IsWow64;
}

2
Sandboxie/core/svc/misc.h
View File

@ -25,7 +25,7 @@ void AbortServer(void);
bool RestrictToken(void);
bool CheckDropRights(const WCHAR *BoxName);
SECURITY_ATTRIBUTES *GetSecurityAttributes(ACCESS_MASK EveryoneAccess);
bool IsProcessWoW64(HANDLE pid);
extern HMODULE _Ntdll;
extern HMODULE _Kernel32;

16
Sandboxie/install/Templates.ini
View File

@ -146,10 +146,10 @@ OpenProtectedStorage=y
OpenKeyPath=iexplore.exe,HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms
OpenKeyPath=iexplore.exe,HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
[Template_IExplore_Credentials]
Tmpl.Title=#4330
Tmpl.Class=WebBrowser
OpenCredentials=y
# [Template_IExplore_Credentials]
# Tmpl.Title=#4330
# Tmpl.Class=WebBrowser
# OpenCredentials=y
#
# Firefox / Waterfox / PaleMoon / SeaMonkey
@ -2796,6 +2796,12 @@ Tmpl.Title=#4338,Popcorn Time (popcorntime.app)
Tmpl.Class=TorrentClient
OpenFilePath=Popcorn-Time.exe,%Local AppData%\popcorn-time
[Template_PicoTorrent_Force]
Tmpl.Title=#4323,Pico Torrent
Tmpl.Class=TorrentClient
ForceProcess=PicoTorrent.exe
ForceRestart=PicoTorrent.exe
#
# Download Managers
#
@ -2808,6 +2814,8 @@ Tmpl.Scan=s
# Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}
Tmpl.ScanProduct=Internet Download Manager
OpenClsid={AC746233-E9D3-49CD-862F-068F7B7CCCA4}
# prevetn access to host port
BlockPort=1001
[Template_SothinkWebVideoDownloader]
Tmpl.Title=Sothink Web Video Downloader Stand-alone

6
Sandboxie/install/kmdutil/sbiedrv.c
View File

@ -82,14 +82,14 @@ ALIGNED BOOLEAN Kmd_Stop_SbieDrv(void)
rc = SbieApi_GetVersion(driver_version);
if (rc == 0) {
rc = SbieApi_CallZero(API_UNLOAD_DRIVER);
rc = SbieApi_Call(API_UNLOAD_DRIVER, 0);
if (rc == STATUS_CONNECTION_IN_USE) {
Sleep(2500);
rc = SbieApi_CallZero(API_UNLOAD_DRIVER);
rc = SbieApi_Call(API_UNLOAD_DRIVER, 0);
}
if (rc == STATUS_CONNECTION_IN_USE) {
Sleep(2500);
rc = SbieApi_CallZero(API_UNLOAD_DRIVER);
rc = SbieApi_Call(API_UNLOAD_DRIVER, 0);
}
}

17
SandboxiePlus/QSbieAPI/Sandboxie/BoxedProcess.cpp
View File

@ -45,8 +45,12 @@ CBoxedProcess::CBoxedProcess(quint32 ProcessId, class CSandBox* pBox)
m_ParendPID = 0;
m_SessionId = 0;
m_ImageType = -1;
m_uTerminated = 0;
//m_bSuspended = IsSuspended();
m_bIsWoW64 = false;
}
CBoxedProcess::~CBoxedProcess()
@ -172,6 +176,10 @@ bool CBoxedProcess::InitProcessInfo()
if (DWORD size = GetModuleFileNameEx(ProcessHandle, NULL, filename, MAX_PATH))
m_ImagePath = QString::fromWCharArray(filename);
BOOL isTargetWow64Process = FALSE;
IsWow64Process(ProcessHandle, &isTargetWow64Process);
m_bIsWoW64 = isTargetWow64Process;
if (1) // windows 8.1 and later // todo add os version check
{
#define ProcessCommandLineInformation ((PROCESSINFOCLASS)60)
@ -194,6 +202,15 @@ bool CBoxedProcess::InitProcessInfo()
}
NtClose(ProcessHandle);
return true;
}
bool CBoxedProcess::InitProcessInfoEx()
{
if(m_ImageType == -1)
m_ImageType = m_pBox->Api()->GetImageType(m_ProcessId);
return true;
}

7
SandboxiePlus/QSbieAPI/Sandboxie/BoxedProcess.h
View File

@ -30,6 +30,7 @@ public:
virtual ~CBoxedProcess();
virtual bool InitProcessInfo();
virtual bool InitProcessInfoEx();
virtual quint32 GetProcessId() const { return m_ProcessId; }
virtual quint32 GetParendPID() const { return m_ParendPID; }
@ -37,6 +38,7 @@ public:
virtual QString GetCommandLine() const { return m_CommandLine; }
virtual QString GetFileName() const { return m_ImagePath; }
virtual QDateTime GetTimeStamp() const { return m_StartTime; }
virtual quint32 GetImageType() const { return m_ImageType; }
virtual SB_STATUS Terminate();
virtual bool IsTerminated(quint64 forMs = 0) const;
@ -45,7 +47,10 @@ public:
//virtual SB_STATUS SetSuspend(bool bSet);
//virtual bool IsSuspended() const;
virtual bool IsWoW64() const { return m_bIsWoW64; }
virtual QString GetBoxName() const;
virtual class CSandBox* GetBoxPtr() const { return m_pBox; }
protected:
friend class CSbieAPI;
@ -54,11 +59,13 @@ protected:
quint32 m_ParendPID;
QString m_ImageName;
QString m_ImagePath;
quint32 m_ImageType;
QString m_CommandLine;
quint32 m_SessionId;
QDateTime m_StartTime;
quint64 m_uTerminated;
//bool m_bSuspended;
bool m_bIsWoW64;
class CSandBox* m_pBox;

196
SandboxiePlus/QSbieAPI/SbieAPI.cpp
View File

@ -127,6 +127,8 @@ CSbieAPI::CSbieAPI(QObject* parent) : QThread(parent)
m_bReloadPending = false;
m_LastTraceEntry = 0;
connect(&m_IniWatcher, SIGNAL(fileChanged(const QString&)), this, SLOT(OnIniChanged(const QString&)));
connect(this, SIGNAL(ProcessBoxed(quint32, const QString&, const QString&, quint32)), this, SLOT(OnProcessBoxed(quint32, const QString&, const QString&, quint32)));
}
@ -235,6 +237,8 @@ void CSbieAPI::GetUserPaths()
if (CSbieAPI__GetCurrentSidString(&objname))
{
m_UserSid = QString::fromWCharArray(objname.Buffer);
InitializeObjectAttributes(&objattrs, &objname, OBJ_CASE_INSENSITIVE, hProfileKey, NULL);
HANDLE hSidKey;
@ -788,6 +792,58 @@ void CSbieAPI::OnReloadConfig()
ReloadConfig();
}
typedef struct _FILE_FS_VOLUME_INFORMATION {
LARGE_INTEGER VolumeCreationTime;
ULONG VolumeSerialNumber;
ULONG VolumeLabelLength;
BOOLEAN SupportsObjects;
WCHAR VolumeLabel[1];
} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
ULONG CSbieAPI__GetVolumeSN(wchar_t* path)
{
ULONG sn = 0;
HANDLE handle;
IO_STATUS_BLOCK iosb;
UNICODE_STRING objname;
size_t path_len = wcslen(path);
objname.Buffer = new wchar_t[path_len + 2];
wmemcpy(objname.Buffer, path, path_len);
objname.Buffer[path_len ] = L'\\';
objname.Buffer[path_len + 1] = L'\0';
objname.Length = (USHORT)(path_len + 1) * sizeof(WCHAR);
objname.MaximumLength = objname.Length + sizeof(WCHAR);
OBJECT_ATTRIBUTES objattrs;
InitializeObjectAttributes(
&objattrs, &objname, OBJ_CASE_INSENSITIVE, NULL, NULL);
NTSTATUS status = NtCreateFile(
&handle, GENERIC_READ | SYNCHRONIZE, &objattrs,
&iosb, NULL, 0, FILE_SHARE_VALID_FLAGS,
FILE_OPEN,
FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT,
NULL, 0);
delete [] objname.Buffer;
if (NT_SUCCESS(status))
{
union {
FILE_FS_VOLUME_INFORMATION volumeInfo;
BYTE volumeInfoBuff[64];
} u;
if (NT_SUCCESS(NtQueryVolumeInformationFile(handle, &iosb, &u.volumeInfo, sizeof(u), FileFsVolumeInformation)))
sn = u.volumeInfo.VolumeSerialNumber;
NtClose(handle);
}
return sn;
}
void CSbieAPI::UpdateDriveLetters()
{
QWriteLocker Lock(&m_DriveLettersMutex);
@ -807,28 +863,45 @@ void CSbieAPI::UpdateDriveLetters()
uint size = QueryDosDevice(drv, lpTargetPath, MAX_PATH);
if (size > 0)
{
SDrive Drive;
QString Key = QString::fromWCharArray(lpTargetPath);
QStringList Chunks = Key.split("\\");
if (Chunks.count() >= 5 && Chunks[2].compare("LanmanRedirector", Qt::CaseInsensitive) == 0) {
Drive.Type = SDrive::EShare;
Chunks.removeAt(3);
Key = Chunks.join("\\");
Drive.Aux = Chunks.mid(3).join("\\");
}
else {
Drive.Type = SDrive::EVolume;
if (ULONG sn = CSbieAPI__GetVolumeSN(lpTargetPath))
Drive.Aux = QString("%1-%2").arg((ushort)HIWORD(sn), 4, 16, QChar('0')).arg((ushort)LOWORD(sn), 4, 16, QChar('0')).toUpper();
}
Key.append("\\");
m_DriveLetters.insert(Key, QString::fromWCharArray(drv) + "\\");
Drive.Letter = QString::fromWCharArray(drv) + "\\";
Drive.NtPath = Key;
m_DriveLetters.insert(Drive.Letter, Drive);
}
}
}
QString CSbieAPI::Nt2DosPath(QString NtPath) const
QString CSbieAPI::Nt2DosPath(QString NtPath, bool* pOk) const
{
QReadLocker Lock(&m_DriveLettersMutex);
for (QMap<QString, QString>::const_iterator I = m_DriveLetters.begin(); I != m_DriveLetters.end(); ++I)
if (NtPath.indexOf("\\device\\mup", 0, Qt::CaseInsensitive) == 0)
NtPath = "\\Device\\LanmanRedirector" + NtPath.mid(11);
for (QMap<QString, SDrive>::const_iterator I = m_DriveLetters.begin(); I != m_DriveLetters.end(); ++I)
{
const QString& Key = I.key();
if (Key.compare(NtPath.left(Key.length()), Qt::CaseInsensitive) == 0)
return NtPath.replace(0, Key.length(), I.value());
const SDrive& Drive = I.value();
if (Drive.NtPath.compare(NtPath.left(Drive.NtPath.length()), Qt::CaseInsensitive) == 0) {
if(pOk) *pOk = true;
return NtPath.replace(0, Drive.NtPath.length(), Drive.Letter);
}
}
if(pOk) *pOk = false;
return NtPath;
}
@ -1137,7 +1210,7 @@ SB_STATUS CSbieAPI::UpdateProcesses(bool bKeep, const CSandBoxPtr& pBox)
pProcess->InitProcessInfo();
}
// todo:
pProcess->InitProcessInfoEx();
}
foreach(const CBoxedProcessPtr& pProcess, OldProcessList)
@ -1269,6 +1342,26 @@ CBoxedProcessPtr CSbieAPI::GetProcessById(quint32 ProcessId) const
return m_BoxedProxesses.value(ProcessId);
}
quint32 CSbieAPI::GetImageType(quint32 ProcessId)
{
__declspec(align(8)) ULONG64 ResultValue;
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_QUERY_PROCESS_INFO_ARGS *args = (API_QUERY_PROCESS_INFO_ARGS *)parms;
memset(parms, 0, sizeof(parms));
args->func_code = API_QUERY_PROCESS_INFO;
args->process_id.val64 = (ULONG64)(ULONG_PTR)ProcessId;
args->info_type.val64 = (ULONG64)(ULONG_PTR)'gpit';
args->info_data.val64 = (ULONG64)(ULONG_PTR)&ResultValue;
args->ext_data.val64 = (ULONG64)(ULONG_PTR)0;
NTSTATUS status = m->IoControl(parms);
if (!NT_SUCCESS(status))
return -1;
return ResultValue;
}
SB_STATUS CSbieAPI::TerminateAll(const QString& BoxName)
{
PROCESS_KILL_ALL_REQ req;
@ -1533,12 +1626,20 @@ QString CSbieAPI::GetBoxedPath(const QString& BoxName, const QString& Path)
return GetBoxedPath(pBox, Path);
}
//#pragma comment(lib, "mpr.lib")
QString CSbieAPI::GetBoxedPath(const CSandBoxPtr& pBox, const QString& Path)
{
QString BoxRoot = pBox->m_FilePath;
if (Path.indexOf("\\device\\mup", 0, Qt::CaseInsensitive) == 0)
return BoxRoot + "\\share" + Path.mid(11);
//WCHAR Buffer[4096];
//DWORD dwBufferLength = sizeof(Buffer)/sizeof(WCHAR );
//UNIVERSAL_NAME_INFO * unameinfo = (UNIVERSAL_NAME_INFO *) &Buffer;
//if (WNetGetUniversalName(Path.toStdWString().c_str(), UNIVERSAL_NAME_INFO_LEVEL, (LPVOID)unameinfo, &dwBufferLength) == NO_ERROR)
// return BoxRoot + "\\share" + QString::fromWCharArray(unameinfo->lpUniversalName).mid(1);
//if (Path.indexOf("\\device\\mup", 0, Qt::CaseInsensitive) == 0)
// return QStringList(BoxRoot + "\\share" + Path.mid(11));
if (pBox->GetBool("SeparateUserFolders", true))
{
@ -1553,7 +1654,35 @@ QString CSbieAPI::GetBoxedPath(const CSandBoxPtr& pBox, const QString& Path)
if (Path.length() < 3 || Path.at(1) != ':')
return QString();
QReadLocker Lock(&m_DriveLettersMutex);
QMap<QString, SDrive>::const_iterator I = m_DriveLetters.find(Path.left(3).toUpper());
if (I != m_DriveLetters.end())
{
if (I->Type == SDrive::EShare)
return BoxRoot + "\\share\\" + I->Aux + Path.mid(2);
else if (pBox->GetBool("UseVolumeSerialNumbers", false) && !I->Aux.isEmpty())
return BoxRoot + "\\drive\\" + Path.at(0) + "~" + I->Aux + Path.mid(2);
}
return BoxRoot + "\\drive\\" + Path.at(0) + Path.mid(2);
/*QStringList Paths;
// todo: include snapshot locations
if (pBox->GetBool("UseVolumeSerialNumbers", false))
{
QDir Dir(BoxRoot + "\\drive\\");
foreach(const QFileInfo & Info, Dir.entryInfoList(QDir::Dirs | QDir::NoDotAndDotDot))
{
if (Info.fileName().left(1).compare(Path.at(0), Qt::CaseInsensitive) == 0)
Paths.append(BoxRoot + "\\drive\\" + Info.fileName() + Path.mid(2));
}
}
if(Paths.isEmpty())
Paths = QStringList(BoxRoot + "\\drive\\" + Path.at(0) + Path.mid(2));
return Paths;*/
}
QString CSbieAPI::GetRealPath(const CSandBoxPtr& pBox, const QString& Path)
@ -1563,27 +1692,39 @@ QString CSbieAPI::GetRealPath(const CSandBoxPtr& pBox, const QString& Path)
if (BoxRoot.right(1) == "\\") BoxRoot.truncate(BoxRoot.length() - 1);
if (Path.length() < BoxRoot.length())
return RealPath;
return QString();;
RealPath = Path.mid(BoxRoot.length());
if (RealPath.left(6) == "\\share")
RealPath = "\\device\\mup" + RealPath.mid(6);
{
QString Temp = RealPath.mid(6);
bool bBs = false;
if ((bBs = (Temp.count("\\") < 3))) Temp += "\\";
bool bOk;
Temp = Nt2DosPath("\\Device\\LanmanRedirector" + Temp, &bOk);
if (!bOk) return QString();
if (bBs) Temp.truncate(Temp.length() - 1);
return Temp;
}
if (RealPath.left(5) == "\\user")
{
if (RealPath.mid(5, 8) == "\\current")
RealPath = m_UserDir + RealPath.mid(5 + 8);
return m_UserDir + RealPath.mid(5 + 8);
else if (RealPath.mid(5, 4) == "\\all")
RealPath = m_ProgramDataDir + RealPath.mid(5 + 4);
return m_ProgramDataDir + RealPath.mid(5 + 4);
else if (RealPath.mid(5, 7) == "\\public")
RealPath = m_PublicDir + RealPath.mid(5 + 7);
return m_PublicDir + RealPath.mid(5 + 7);
}
if (RealPath.left(6) == "\\drive")
RealPath = RealPath.mid(7, 1) + ":" + RealPath.mid(8);
{
int pos = RealPath.indexOf("\\", 7);
return RealPath.mid(7, 1) + ":" + (pos != -1 ? RealPath.mid(pos) : "");
}
return RealPath;
return QString();
}
///////////////////////////////////////////////////////////////////////////////
@ -1784,7 +1925,9 @@ bool CSbieAPI::GetLog()
if ((MsgCode & 0xFFFF) == 2199) // Auto Recovery notification
{
emit FileToRecover(MsgData[1], Nt2DosPath(MsgData[2]), ProcessId);
QString FilePath = Nt2DosPath(MsgData[2]);
QString BoxPath = MsgData.length() >= 4 ? Nt2DosPath(MsgData[3]) : QString();
emit FileToRecover(MsgData[1], FilePath, BoxPath, ProcessId);
return true;
}
@ -1966,6 +2109,25 @@ void CSbieAPI::AddTraceEntry(const CTraceEntryPtr& LogEntry, bool bCanMerge)
m_TraceList.append(LogEntry);
}
QList<CTraceEntryPtr> CSbieAPI::GetTrace() const
{
QReadLocker Lock(&m_TraceMutex);
if (m_TraceList.count() >= m_LastTraceEntry) {
for (int i = m_LastTraceEntry; i < m_TraceList.count(); i++) {
const CTraceEntryPtr& pEntry = m_TraceList[i];
if (CBoxedProcessPtr proc = m_BoxedProxesses.value(pEntry->GetProcessId())) {
((CTraceEntry*)pEntry.data())->SetProcessName(proc->GetProcessName());
((CTraceEntry*)pEntry.data())->SetBoxPtr(proc->GetBoxPtr());
}
}
((CSbieAPI*)this)->m_LastTraceEntry = m_TraceList.count();
}
return m_TraceList;
}
///////////////////////////////////////////////////////////////////////////////
// Other
//

26
SandboxiePlus/QSbieAPI/SbieAPI.h
View File

@ -53,7 +53,7 @@ public:
virtual QString GetIniPath() const { return m_IniPath; }
virtual void UpdateDriveLetters();
virtual QString Nt2DosPath(QString NtPath) const;
virtual QString Nt2DosPath(QString NtPath, bool* pOk = NULL) const;
virtual SB_STATUS ReloadBoxes(bool bFullUpdate = false);
static SB_STATUS ValidateName(const QString& BoxName);
@ -95,6 +95,7 @@ public:
virtual CSbieIni* GetGlobalSettings() const { return m_pGlobalSection; }
virtual CSbieIni* GetUserSettings() const { return m_pUserSection; }
virtual QString GetCurrentUserName() const { return m_UserName; }
virtual QString GetCurrentUserSid() const { return m_UserSid; }
virtual bool IsConfigLocked();
virtual SB_STATUS UnlockConfig(const QString& Password);
virtual SB_STATUS LockConfig(const QString& NewPassword);
@ -109,8 +110,8 @@ public:
virtual bool IsMonitoring();
virtual void AddTraceEntry(const CTraceEntryPtr& LogEntry, bool bCanMerge = false);
virtual QList<CTraceEntryPtr> GetTrace() const { QReadLocker Lock(&m_TraceMutex); return m_TraceList; }
virtual void ClearTrace() { QWriteLocker Lock(&m_TraceMutex); m_TraceList.clear(); }
virtual QList<CTraceEntryPtr> GetTrace() const;
virtual void ClearTrace() { QWriteLocker Lock(&m_TraceMutex); m_TraceList.clear(); m_LastTraceEntry = 0; }
// Other
virtual QString GetSbieMsgStr(quint32 code, quint32 Lang = 1033);
@ -135,7 +136,7 @@ signals:
//void LogMessage(const QString& Message, bool bNotify = true);
void LogSbieMessage(quint32 MsgCode, const QStringList& MsgData, quint32 ProcessId);
void ProcessBoxed(quint32 ProcessId, const QString& Path, const QString& Box, quint32 ParentId);
void FileToRecover(const QString& BoxName, const QString& FilePath, quint32 ProcessId);
void FileToRecover(const QString& BoxName, const QString& FilePath, const QString& BoxPath, quint32 ProcessId);
void BoxClosed(const QString& BoxName);
void NotAuthorized(bool bLoginRequired, bool &bRetry);
void QueuedRequest(quint32 ClientPid, quint32 ClientTid, quint32 RequestId, const QVariantMap& Data);
@ -163,6 +164,8 @@ protected:
virtual bool GetLog();
virtual bool GetMonitor();
virtual quint32 GetImageType(quint32 ProcessId);
virtual SB_STATUS TerminateAll(const QString& BoxName);
virtual SB_STATUS Terminate(quint32 ProcessId);
@ -183,9 +186,21 @@ protected:
mutable QReadWriteLock m_TraceMutex;
QList<CTraceEntryPtr> m_TraceList;
int m_LastTraceEntry;
mutable QReadWriteLock m_DriveLettersMutex;
QMap<QString, QString> m_DriveLetters;
struct SDrive
{
QString Letter;
QString NtPath;
enum EType
{
EVolume = 0,
EShare
} Type;
QString Aux;
};
QMap<QString, SDrive> m_DriveLetters;
QString m_SbiePath;
QString m_IniPath;
@ -199,6 +214,7 @@ protected:
CSbieIni* m_pGlobalSection;
CSbieIni* m_pUserSection;
QString m_UserName;
QString m_UserSid;
QString m_ProgramDataDir;
QString m_PublicDir;

2
SandboxiePlus/QSbieAPI/SbieTrace.cpp
View File

@ -68,6 +68,8 @@ CTraceEntry::CTraceEntry(quint32 ProcessId, quint32 ThreadId, quint32 Type, cons
m_TimeStamp = QDateTime::currentDateTime(); // ms resolution
m_BoxPtr = 0;
static atomic<quint64> uid = 0;
m_uid = uid.fetch_add(1);

8
SandboxiePlus/QSbieAPI/SbieTrace.h
View File

@ -38,6 +38,12 @@ public:
virtual QString GetTypeStr() const;
virtual QString GetStautsStr() const;
virtual void SetProcessName(const QString& name) { m_ProcessName = name; }
virtual QString GetProcessName() const { return m_ProcessName; }
virtual void SetBoxPtr(void* ptr) { m_BoxPtr = ptr; }
virtual void* GetBoxPtr() const { return m_BoxPtr; }
virtual int GetCount() const { return m_Counter; }
virtual bool Equals(const QSharedDataPointer<CTraceEntry>& pOther) const {
@ -55,6 +61,8 @@ protected:
quint32 m_ProcessId;
quint32 m_ThreadId;
QDateTime m_TimeStamp;
QString m_ProcessName;
void* m_BoxPtr;
union
{

484
SandboxiePlus/SandMan/Forms/OptionsWindow.ui
View File

@ -45,7 +45,7 @@
<enum>QTabWidget::West</enum>
</property>
<property name="currentIndex">
<number>0</number>
<number>8</number>
</property>
<widget class="QWidget" name="tabGeneral">
<attribute name="title">
@ -64,59 +64,6 @@
<layout class="QGridLayout" name="gridLayout_27">
<item row="1" column="0">
<layout class="QGridLayout" name="gridLayout_8">
<item row="10" column="2" colspan="5">
<spacer name="horizontalSpacer_2">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label_7">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
</font>
</property>
<property name="text">
<string>Appearance</string>
</property>
</widget>
</item>
<item row="2" column="5">
<widget class="QToolButton" name="btnBorderColor">
<property name="text">
<string/>
</property>
</widget>
</item>
<item row="2" column="6">
<widget class="QSpinBox" name="spinBorderWidth">
<property name="minimum">
<number>1</number>
</property>
<property name="maximum">
<number>10</number>
</property>
<property name="value">
<number>1</number>
</property>
</widget>
</item>
<item row="9" column="1" colspan="6">
<widget class="QCheckBox" name="chkBlockNetParam">
<property name="text">
<string>Prevent change to network and firewall parameters</string>
</property>
</widget>
</item>
<item row="2" column="7">
<widget class="QLabel" name="label_14">
<property name="text">
@ -127,16 +74,6 @@
</property>
</widget>
</item>
<item row="1" column="0" colspan="3">
<widget class="QLabel" name="label_20">
<property name="text">
<string>Sandbox Indicator in title:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="2" column="0" colspan="3">
<widget class="QLabel" name="label_21">
<property name="text">
@ -147,8 +84,18 @@
</property>
</widget>
</item>
<item row="1" column="3" colspan="2">
<widget class="QComboBox" name="cmbBoxIndicator"/>
<item row="11" column="2" colspan="5">
<spacer name="horizontalSpacer_2">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="3" column="0" colspan="3">
<widget class="QLabel" name="label_10">
@ -166,6 +113,101 @@
</property>
</widget>
</item>
<item row="9" column="1" colspan="6">
<widget class="QCheckBox" name="chkBlockNetShare">
<property name="text">
<string>Block network files and folders, unless specifically opened.</string>
</property>
</widget>
</item>
<item row="2" column="3" colspan="2">
<widget class="QComboBox" name="cmbBoxBorder"/>
</item>
<item row="4" column="1" colspan="6">
<widget class="QLabel" name="label_35">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
</font>
</property>
<property name="text">
<string>Security note: Elevated applications running under the supervision of Sandboxie, with an admin token, have more opportunities to bypass isolation and modify the system outside the sandbox.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="8" column="0" colspan="3">
<widget class="QLabel" name="label_34">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
</font>
</property>
<property name="toolTip">
<string>Protect the system from sandboxed processes</string>
</property>
<property name="text">
<string>Network restrictions</string>
</property>
</widget>
</item>
<item row="1" column="3" colspan="2">
<widget class="QComboBox" name="cmbBoxIndicator"/>
</item>
<item row="5" column="1" colspan="5">
<widget class="QCheckBox" name="chkDropRights">
<property name="text">
<string>Drop rights from Administrators and Power Users groups</string>
</property>
</widget>
</item>
<item row="1" column="0" colspan="3">
<widget class="QLabel" name="label_20">
<property name="text">
<string>Sandbox Indicator in title:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="5" column="6" colspan="2">
<widget class="QLabel" name="label_40">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
</font>
</property>
<property name="text">
<string>(Recommended)</string>
</property>
</widget>
</item>
<item row="6" column="2" colspan="6">
<widget class="QCheckBox" name="chkFakeElevation">
<property name="text">
<string>Make applications think they are running elevated (allows to run installers safely)</string>
</property>
</widget>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label_7">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
</font>
</property>
<property name="text">
<string>Appearance</string>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QLabel" name="label_30">
<property name="sizePolicy">
@ -185,14 +227,7 @@
</property>
</widget>
</item>
<item row="8" column="1" colspan="6">
<widget class="QCheckBox" name="chkBlockNetShare">
<property name="text">
<string>Block network files and folders, unless specifically opened.</string>
</property>
</widget>
</item>
<item row="10" column="1">
<item row="11" column="1">
<spacer name="verticalSpacer_17">
<property name="orientation">
<enum>Qt::Vertical</enum>
@ -205,41 +240,35 @@
</property>
</spacer>
</item>
<item row="2" column="3" colspan="2">
<widget class="QComboBox" name="cmbBoxBorder"/>
</item>
<item row="6" column="2" colspan="6">
<widget class="QCheckBox" name="chkFakeElevation">
<item row="2" column="5">
<widget class="QToolButton" name="btnBorderColor">
<property name="text">
<string>Make applications think they are running elevated (allows to run installers safely)</string>
<string/>
</property>
</widget>
</item>
<item row="7" column="0" colspan="3">
<widget class="QLabel" name="label_34">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
</font>
</property>
<property name="toolTip">
<string>Protect the system from sandboxed processes</string>
</property>
<item row="10" column="1" colspan="6">
<widget class="QCheckBox" name="chkBlockNetParam">
<property name="text">
<string>Network restrictions</string>
<string>Prevent change to network and firewall parameters</string>
</property>
</widget>
</item>
<item row="5" column="1" colspan="5">
<widget class="QCheckBox" name="chkDropRights">
<property name="text">
<string>Drop rights from Administrators and Power Users groups</string>
<item row="2" column="6">
<widget class="QSpinBox" name="spinBorderWidth">
<property name="minimum">
<number>1</number>
</property>
<property name="maximum">
<number>10</number>
</property>
<property name="value">
<number>1</number>
</property>
</widget>
</item>
<item row="5" column="6" colspan="2">
<widget class="QLabel" name="label_40">
<item row="7" column="1" colspan="6">
<widget class="QLabel" name="lblAdmin">
<property name="font">
<font>
<weight>75</weight>
@ -247,20 +276,7 @@
</font>
</property>
<property name="text">
<string>(Recommended)</string>
</property>
</widget>
</item>
<item row="4" column="1" colspan="6">
<widget class="QLabel" name="label_35">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
</font>
</property>
<property name="text">
<string>Security note: Elevated applications running under the supervision of Sandboxie, with an admin token, have more opportunities to bypass isolation and modify the system outside the sandbox.</string>
<string>CAUTION: When running under the built in administrator, processes can not drop administrative privileges.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
@ -1168,6 +1184,109 @@ If leader processes are defined, all others are treated as lingering processes.<
<layout class="QGridLayout" name="gridLayout_11">
<item row="0" column="0">
<layout class="QGridLayout" name="gridLayout_7">
<item row="1" column="1">
<widget class="QToolButton" name="btnAddFile">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="minimumSize">
<size>
<width>0</width>
<height>23</height>
</size>
</property>
<property name="text">
<string>Add File/Folder</string>
</property>
</widget>
</item>
<item row="4" column="1">
<widget class="QToolButton" name="btnAddWnd">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="minimumSize">
<size>
<width>0</width>
<height>23</height>
</size>
</property>
<property name="text">
<string>Add Wnd Class</string>
</property>
</widget>
</item>
<item row="8" column="1">
<widget class="QPushButton" name="btnMoveDown">
<property name="text">
<string>Move Down</string>
</property>
</widget>
</item>
<item row="9" column="1">
<spacer name="verticalSpacer_11">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="3" column="1">
<widget class="QToolButton" name="btnAddIPC">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="minimumSize">
<size>
<width>0</width>
<height>23</height>
</size>
</property>
<property name="text">
<string>Add IPC Path</string>
</property>
</widget>
</item>
<item row="10" column="1">
<widget class="QCheckBox" name="chkShowAccessTmpl">
<property name="text">
<string>Show Templates</string>
</property>
</widget>
</item>
<item row="2" column="1">
<widget class="QToolButton" name="btnAddKey">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="minimumSize">
<size>
<width>0</width>
<height>23</height>
</size>
</property>
<property name="text">
<string>Add Reg Key</string>
</property>
</widget>
</item>
<item row="1" column="0" rowspan="11">
<widget class="QTreeWidget" name="treeAccess">
<property name="sortingEnabled">
@ -1195,44 +1314,6 @@ If leader processes are defined, all others are treated as lingering processes.<
</column>
</widget>
</item>
<item row="2" column="1">
<widget class="QToolButton" name="btnAddKey">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="minimumSize">
<size>
<width>0</width>
<height>23</height>
</size>
</property>
<property name="text">
<string>Add Reg Key</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QToolButton" name="btnAddFile">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="minimumSize">
<size>
<width>0</width>
<height>23</height>
</size>
</property>
<property name="text">
<string>Add File/Folder</string>
</property>
</widget>
</item>
<item row="11" column="1">
<widget class="QPushButton" name="btnDelAccess">
<property name="text">
@ -1240,25 +1321,6 @@ If leader processes are defined, all others are treated as lingering processes.<
</property>
</widget>
</item>
<item row="4" column="1">
<widget class="QToolButton" name="btnAddWnd">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="minimumSize">
<size>
<width>0</width>
<height>23</height>
</size>
</property>
<property name="text">
<string>Add Wnd Class</string>
</property>
</widget>
</item>
<item row="5" column="1">
<widget class="QToolButton" name="btnAddCOM">
<property name="sizePolicy">
@ -1278,22 +1340,10 @@ If leader processes are defined, all others are treated as lingering processes.<
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QToolButton" name="btnAddIPC">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="minimumSize">
<size>
<width>0</width>
<height>23</height>
</size>
</property>
<item row="7" column="1">
<widget class="QPushButton" name="btnMoveUp">
<property name="text">
<string>Add IPC Path</string>
<string>Move Up</string>
</property>
</widget>
</item>
@ -1310,50 +1360,22 @@ If leader processes are defined, all others are treated as lingering processes.<
</property>
</spacer>
</item>
<item row="7" column="1">
<widget class="QPushButton" name="btnMoveUp">
<property name="text">
<string>Move Up</string>
</property>
</widget>
</item>
<item row="8" column="1">
<widget class="QPushButton" name="btnMoveDown">
<property name="text">
<string>Move Down</string>
</property>
</widget>
</item>
<item row="9" column="1">
<spacer name="verticalSpacer_11">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="10" column="1">
<widget class="QCheckBox" name="chkShowAccessTmpl">
<property name="text">
<string>Show Templates</string>
</property>
</widget>
</item>
<item row="0" column="0" colspan="2">
<widget class="QLabel" name="lblResources">
<property name="text">
<string>Configure which processes can access what resources. Double click on an entry to edit it.
'Direct' File and Key access only applies to program binaries located outside the sandbox.
Note that all Close...=!&lt;program&gt;,... exclusions have the same limitations.
For files access you can use 'Direct All' instead to make it apply to all programs.</string>
</property>
</widget>
</item>
<item row="12" column="0">
<widget class="QCheckBox" name="chkCloseForBox">
<property name="text">
<string>Apply Close...=!&lt;program&gt;,... directives also to all binaries located in the sandboxed.</string>
</property>
</widget>
</item>
</layout>
</item>
</layout>
@ -2058,6 +2080,26 @@ instead of &quot;*&quot;.</string>
</property>
</widget>
</item>
<item row="1" column="1" colspan="4">
<widget class="QCheckBox" name="chkDisableMonitor">
<property name="text">
<string>Disable Resource Access Monitor</string>
</property>
</widget>
</item>
<item row="0" column="0" colspan="2">
<widget class="QLabel" name="label_47">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
</font>
</property>
<property name="text">
<string>Resource Access Monitor</string>
</property>
</widget>
</item>
</layout>
</item>
</layout>
@ -2083,8 +2125,8 @@ instead of &quot;*&quot;.</string>
<rect>
<x>0</x>
<y>0</y>
<width>98</width>
<height>28</height>
<width>63</width>
<height>16</height>
</rect>
</property>
<layout class="QGridLayout" name="dbgLayout">

28
SandboxiePlus/SandMan/Models/TraceModel.cpp
View File

@ -11,6 +11,7 @@ CTraceModel::CTraceModel(QObject* parent)
m_Root = MkNode(QVariant());
m_LastCount = 0;
m_LastBoxPtr = NULL;
}
CTraceModel::~CTraceModel()
@ -47,7 +48,7 @@ bool CTraceModel::TestPath(const QList<QVariant>& Path, const CTraceEntryPtr& pE
return Path.size() == Index;
}*/
QList<QVariant> CTraceModel::Sync(const QList<CTraceEntryPtr>& EntryList)
QList<QVariant> CTraceModel::Sync(const QList<CTraceEntryPtr>& EntryList, void* BoxPtr)
{
QList<QVariant> Added;
QMap<QList<QVariant>, QList<STreeNode*> > New;
@ -56,7 +57,7 @@ QList<QVariant> CTraceModel::Sync(const QList<CTraceEntryPtr>& EntryList)
// Note: since this is a log and we ever always only add entries we save cpu time by always skipping the already know portion of the list
int i = 0;
if (EntryList.count() >= m_LastCount && m_LastCount > 0)
if (EntryList.count() >= m_LastCount && m_LastCount > 0 && m_LastBoxPtr == BoxPtr)
{
i = m_LastCount - 1;
if (m_LastID == EntryList.at(i)->GetUID())
@ -67,11 +68,15 @@ QList<QVariant> CTraceModel::Sync(const QList<CTraceEntryPtr>& EntryList)
else
i = 0;
}
m_LastBoxPtr = BoxPtr;
for (; i < EntryList.count(); i++)
{
CTraceEntryPtr pEntry = EntryList.at(i);
if (BoxPtr && pEntry->GetBoxPtr() != BoxPtr)
continue;
quint64 ID = pEntry->GetUID();
QModelIndex Index;
@ -90,6 +95,7 @@ QList<QVariant> CTraceModel::Sync(const QList<CTraceEntryPtr>& EntryList)
pNode->pEntry = pEntry;
New[pNode->Path].append(pNode);
//Added.append(ID);
SetProcessName(pEntry->GetProcessName(), pEntry->GetProcessId(), pEntry->GetThreadId());
}
else
{
@ -149,7 +155,7 @@ QList<QVariant> CTraceModel::Sync(const QList<CTraceEntryPtr>& EntryList)
case eTimeStamp: ColValue.Formated = pEntry->GetTimeStamp().toString("hh:mm:ss.zzz"); break;*/
case eProcess:
if(!m_bTree) {
QString Name = GetProcessName(pEntry->GetProcessId(), pEntry->GetThreadId());
QString Name = pEntry->GetProcessName();
ColValue.Formated = QString("%1 (%2, %3) - %4").arg(Name.isEmpty() ? tr("Unknown") : Name)
.arg(pEntry->GetProcessId()).arg(pEntry->GetThreadId()).arg(pEntry->GetTimeStamp().toString("hh:mm:ss.zzz"));
} else
@ -194,18 +200,15 @@ void CTraceModel::Clear()
Info.Dirty = true;
Info.Threads.clear();
}
m_PidMap.clear();
CTreeItemModel::Clear();
}
QString CTraceModel::GetProcessName(quint32 pid, quint32 tid)
void CTraceModel::SetProcessName(const QString& Name, quint32 pid, quint32 tid)
{
SProgInfo& Info = m_PidMap[pid];
if (Info.Dirty) {
CBoxedProcessPtr pProcess = theAPI->GetProcessById(pid);
if(pProcess)
Info.Name = pProcess->GetProcessName();
}
if (tid && !Info.Threads.contains(tid)) {
Info.Name = Name;
if (!Info.Threads.contains(tid)) {
Info.Threads.insert(tid);
Info.Dirty = true;
}
@ -213,6 +216,11 @@ QString CTraceModel::GetProcessName(quint32 pid, quint32 tid)
Info.Dirty = false;
emit NewBranche();
}
}
QString CTraceModel::GetProcessName(quint32 pid)
{
SProgInfo& Info = m_PidMap[pid];
return Info.Name;
}

6
SandboxiePlus/SandMan/Models/TraceModel.h
View File

@ -11,7 +11,7 @@ public:
CTraceModel(QObject* parent = 0);
~CTraceModel();
QList<QVariant> Sync(const QList<CTraceEntryPtr>& EntryList);
QList<QVariant> Sync(const QList<CTraceEntryPtr>& EntryList, void* BoxPtr);
CTraceEntryPtr GetEntry(const QModelIndex& index) const;
@ -52,6 +52,7 @@ protected:
QVariant m_LastID;
int m_LastCount;
void* m_LastBoxPtr;
virtual STreeNode* MkNode(const QVariant& Id) { return new STraceNode(Id); }
virtual STreeNode* MkVirtualNode(const QVariant& Id, STreeNode* pParent);
@ -59,7 +60,8 @@ protected:
/*QList<QVariant> MakePath(const CTraceEntryPtr& pEntry, const QList<CTraceEntryPtr>& EntryList);
bool TestPath(const QList<QVariant>& Path, const CTraceEntryPtr& pEntry, const QList<CTraceEntryPtr>& EntryList, int Index = 0);*/
QString GetProcessName(quint32 pid, quint32 tid = 0);
void SetProcessName(const QString& Name, quint32 pid, quint32 tid);
QString GetProcessName(quint32 pid);
void LogThreadId(quint32 pid, quint32 tid);
QMap<quint32, SProgInfo>m_PidMap;
};

BIN
SandboxiePlus/SandMan/Resources/SandMan2N.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 10 KiB

After

Width:  |  Height:  |  Size: 12 KiB

BIN
SandboxiePlus/SandMan/Resources/SandManN.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 12 KiB

After

Width:  |  Height:  |  Size: 14 KiB

23
SandboxiePlus/SandMan/SandMan.cpp
View File

@ -253,7 +253,7 @@ CSandMan::CSandMan(QWidget *parent)
connect(theAPI, SIGNAL(LogSbieMessage(quint32, const QStringList&, quint32)), this, SLOT(OnLogSbieMessage(quint32, const QStringList&, quint32)));
connect(theAPI, SIGNAL(NotAuthorized(bool, bool&)), this, SLOT(OnNotAuthorized(bool, bool&)), Qt::DirectConnection);
connect(theAPI, SIGNAL(QueuedRequest(quint32, quint32, quint32, const QVariantMap&)), this, SLOT(OnQueuedRequest(quint32, quint32, quint32, const QVariantMap&)), Qt::QueuedConnection);
connect(theAPI, SIGNAL(FileToRecover(const QString&, const QString&, quint32)), this, SLOT(OnFileToRecover(const QString&, const QString&, quint32)), Qt::QueuedConnection);
connect(theAPI, SIGNAL(FileToRecover(const QString&, const QString&, const QString&, quint32)), this, SLOT(OnFileToRecover(const QString&, const QString&, const QString&, quint32)), Qt::QueuedConnection);
connect(theAPI, SIGNAL(ConfigReloaded()), this, SLOT(OnIniReloaded()));
m_uTimerID = startTimer(250);
@ -480,20 +480,23 @@ void CSandMan::closeEvent(QCloseEvent *e)
if (PortableStop == -1)
{
bool State = false;
PortableStop = CCheckableMessageBox::question(this, "Sandboxie-Plus", tr("Sandboxie-Plus was running in portable mode, now it has to clean up the created services. This will prompt for administrative privileges.")
, tr("Don't show this message again."), &State, QDialogButtonBox::Ok | QDialogButtonBox::Cancel, QDialogButtonBox::Ok, QMessageBox::Information) == QDialogButtonBox::Ok ? 1 : 0;
auto Ret = CCheckableMessageBox::question(this, "Sandboxie-Plus", tr("Sandboxie-Plus was running in portable mode, now it has to clean up the created services. This will prompt for administrative privileges.\r\n\r\nDo you want to do the clean up?")
, tr("Don't show this message again."), &State, QDialogButtonBox::Yes | QDialogButtonBox::No | QDialogButtonBox::Cancel, QDialogButtonBox::Yes, QMessageBox::Question);
if (!PortableStop)
if (Ret == QDialogButtonBox::Cancel)
{
e->ignore();
return;
}
PortableStop = (Ret == QDialogButtonBox::Yes) ? 1 : 0;
if (State)
theConf->SetValue("Options/PortableStop", PortableStop);
}
StopSbie(true);
if(PortableStop == 1)
StopSbie(true);
}
QApplication::quit();
@ -600,8 +603,10 @@ void CSandMan::timerEvent(QTimerEvent* pEvent)
bool bIsMonitoring = theAPI->IsMonitoring();
m_pTraceView->setEnabled(bIsMonitoring);
m_pEnableMonitoring->setChecked(bIsMonitoring);
if (!bIsMonitoring) // don't disable the view as logn as there are entries shown
bIsMonitoring = !theAPI->GetTrace().isEmpty();
m_pTraceView->setEnabled(bIsMonitoring);
}
if (m_bIconEmpty != (theAPI->TotalProcesses() == 0) || m_bIconDisabled != bForceProcessDisabled)
@ -909,9 +914,9 @@ void CSandMan::OnQueuedRequest(quint32 ClientPid, quint32 ClientTid, quint32 Req
m_pPopUpWindow->AddUserPrompt(RequestId, Data, ClientPid);
}
void CSandMan::OnFileToRecover(const QString& BoxName, const QString& FilePath, quint32 ProcessId)
void CSandMan::OnFileToRecover(const QString& BoxName, const QString& FilePath, const QString& BoxPath, quint32 ProcessId)
{
m_pPopUpWindow->AddFileToRecover(FilePath, BoxName, ProcessId);
m_pPopUpWindow->AddFileToRecover(FilePath, BoxPath, BoxName, ProcessId);
}
void CSandMan::OpenRecovery(const QString& BoxName)
@ -1374,7 +1379,7 @@ void CSandMan::OnSetMonitoring()
if(m_pEnableMonitoring->isChecked() && !m_pToolBar->isVisible())
m_pLogTabs->show();
m_pTraceView->setEnabled(m_pEnableMonitoring->isChecked());
//m_pTraceView->setEnabled(m_pEnableMonitoring->isChecked());
}
void CSandMan::AddAsyncOp(const CSbieProgressPtr& pProgress)

4
SandboxiePlus/SandMan/SandMan.h
View File

@ -47,6 +47,8 @@ public:
bool IsShowHidden() { return m_pShowHidden->isChecked(); }
CSbieView* GetBoxView() { return m_pBoxView; }
protected:
SB_STATUS ConnectSbie();
SB_STATUS ConnectSbieImpl();
@ -84,7 +86,7 @@ public slots:
void OnNotAuthorized(bool bLoginRequired, bool& bRetry);
void OnQueuedRequest(quint32 ClientPid, quint32 ClientTid, quint32 RequestId, const QVariantMap& Data);
void OnFileToRecover(const QString& BoxName, const QString& FilePath, quint32 ProcessId);
void OnFileToRecover(const QString& BoxName, const QString& FilePath, const QString& BoxPath, quint32 ProcessId);
void OpenRecovery(const QString& BoxName);

1
SandboxiePlus/SandMan/SandMan.vcxproj
View File

@ -259,6 +259,7 @@
<None Include="sandman_de.ts" />
<None Include="sandman_es.ts" />
<None Include="sandman_it.ts" />
<None Include="sandman_nl.ts" />
<None Include="sandman_pl.ts" />
<None Include="sandman_pt.ts" />
<None Include="sandman_ru.ts" />

3
SandboxiePlus/SandMan/SandMan.vcxproj.filters
View File

@ -225,6 +225,9 @@
<None Include="sandman_it.ts">
<Filter>Translation Files</Filter>
</None>
<None Include="sandman_nl.ts">
<Filter>Translation Files</Filter>
</None>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="SandMan.rc">

104
SandboxiePlus/SandMan/SbiePlusAPI.cpp
View File

@ -65,6 +65,15 @@ void CSbiePlusAPI::UpdateWindowMap()
EnumWindows(CSbiePlusAPI__WindowEnum, (LPARAM)&m_WindowMap);
}
bool CSbiePlusAPI::IsRunningAsAdmin()
{
if (m_UserSid.left(9) != "S-1-5-21-")
return false;
if (m_UserSid.right(4) != "-500")
return false;
return true;
}
///////////////////////////////////////////////////////////////////////////////
// CSandBoxPlus
//
@ -370,11 +379,98 @@ int CSandBoxPlus::IsLeaderProgram(const QString& ProgName)
// CSbieProcess
//
QString CSbieProcess::ImageTypeToStr(quint32 type)
{
enum {
UNSPECIFIED = 0,
SANDBOXIE_RPCSS,
SANDBOXIE_DCOMLAUNCH,
SANDBOXIE_CRYPTO,
SANDBOXIE_WUAU,
SANDBOXIE_BITS,
SANDBOXIE_SBIESVC,
MSI_INSTALLER,
TRUSTED_INSTALLER,
WUAUCLT,
SHELL_EXPLORER,
INTERNET_EXPLORER,
MOZILLA_FIREFOX,
WINDOWS_MEDIA_PLAYER,
NULLSOFT_WINAMP,
PANDORA_KMPLAYER,
WINDOWS_LIVE_MAIL,
SERVICE_MODEL_REG,
RUNDLL32,
DLLHOST,
DLLHOST_WININET_CACHE,
WISPTIS,
GOOGLE_CHROME,
GOOGLE_UPDATE,
ACROBAT_READER,
OFFICE_OUTLOOK,
OFFICE_EXCEL,
FLASH_PLAYER_SANDBOX,
PLUGIN_CONTAINER,
OTHER_WEB_BROWSER,
OTHER_MAIL_CLIENT
};
switch (type)
{
case UNSPECIFIED: return tr("");
case SANDBOXIE_RPCSS: return tr("Sbie RpcSs");
case SANDBOXIE_DCOMLAUNCH: return tr("Sbie DcomLaunch");
case SANDBOXIE_CRYPTO: return tr("Sbie Crypto");
case SANDBOXIE_WUAU: return tr("Sbie WuAu Svc");
case SANDBOXIE_BITS: return tr("Sbie BITS");
case SANDBOXIE_SBIESVC: return tr("Sbie Svc");
case MSI_INSTALLER: return tr("Msi Installer");
case TRUSTED_INSTALLER: return tr("Trusted Installer");
case WUAUCLT: return tr("Windows Update");
case SHELL_EXPLORER: return tr("Windows Explorer");
case INTERNET_EXPLORER: return tr("Internet Explorer");
case MOZILLA_FIREFOX: return tr("FireFox");
case WINDOWS_MEDIA_PLAYER: return tr("Windows Media Player");
case NULLSOFT_WINAMP: return tr("WinAmp");
case PANDORA_KMPLAYER: return tr("KM Player");
case WINDOWS_LIVE_MAIL: return tr("Windows Live Mail");
case SERVICE_MODEL_REG: return tr("Service Model Reg");
case RUNDLL32: return tr("RunDll32");
case DLLHOST: return tr("DllHost");
case DLLHOST_WININET_CACHE: return tr("DllHost");
case WISPTIS: return tr("Windows Ink Services");
case GOOGLE_CHROME: return tr("Chromium Based");
case GOOGLE_UPDATE: return tr("Google Updater");
case ACROBAT_READER: return tr("Acrobat Reader");
case OFFICE_OUTLOOK: return tr("MS Outlook");
case OFFICE_EXCEL: return tr("MS Excel");
case FLASH_PLAYER_SANDBOX: return tr("Flash Player");
case PLUGIN_CONTAINER: return tr("FireFox Plugin Container");
case OTHER_WEB_BROWSER: return tr("Generic Web Browser");
case OTHER_MAIL_CLIENT: return tr("Generic Mail Client");
default: return tr("");
}
}
QString CSbieProcess::GetStatusStr() const
{
QString Status;
if (m_uTerminated != 0)
return tr("Terminated");
//if (m_bSuspended)
// return tr("Suspended");
return tr("Running");
Status = tr("Terminated");
//else if (m_bSuspended)
// Status = tr("Suspended");
else
Status = tr("Running");
if (m_bIsWoW64)
Status += " *32";
quint32 ImageType = GetImageType();
if (ImageType != -1) {
QString Type = ImageTypeToStr(ImageType);
if(!Type.isEmpty())
Status += tr(" (%1)").arg(Type);
}
return Status;
}

4
SandboxiePlus/SandMan/SbiePlusAPI.h
View File

@ -14,6 +14,8 @@ public:
virtual QString GetProcessTitle(quint32 pid) { return m_WindowMap.value(pid); }
virtual bool IsRunningAsAdmin();
protected:
virtual CSandBox* NewSandBox(const QString& BoxName, class CSbieAPI* pAPI);
virtual CBoxedProcess* NewBoxedProcess(quint32 ProcessId, class CSandBox* pBox);
@ -117,6 +119,8 @@ public:
virtual int GetRememberedAction(int Action) { return m_RememberedActions.value(Action, -1); }
virtual void SetRememberedAction(int Action, int retval) { m_RememberedActions.insert(Action, retval); }
static QString ImageTypeToStr(quint32 type);
protected:
QMap<int, int> m_RememberedActions;
};

4
SandboxiePlus/SandMan/Views/SbieView.cpp
View File

@ -90,6 +90,10 @@ CSbieView::CSbieView(QWidget* parent) : CPanelView(parent)
m_pMenuPresetsShowUAC = MakeAction(m_pMenuPresetsAdmin, m_pMenuPresets, tr("Ask for UAC Elevation"), 0);
m_pMenuPresetsNoAdmin = MakeAction(m_pMenuPresetsAdmin, m_pMenuPresets, tr("Drop Admin Rights"), 1);
m_pMenuPresetsFakeAdmin = MakeAction(m_pMenuPresetsAdmin, m_pMenuPresets, tr("Emulate Admin Rights"), 1 | 2);
if (theAPI->IsRunningAsAdmin()) {
m_pMenuPresetsNoAdmin->setEnabled(false);
m_pMenuPresetsFakeAdmin->setEnabled(false);
}
connect(m_pMenuPresetsAdmin, SIGNAL(triggered(QAction*)), this, SLOT(OnSandBoxAction(QAction*)));
m_pMenuPresets->addSeparator();

10
SandboxiePlus/SandMan/Views/TraceView.cpp
View File

@ -4,6 +4,7 @@
#include "../QSbieAPI/SbieAPI.h"
#include "..\Models\TraceModel.h"
#include "..\..\MiscHelpers\Common\Common.h"
#include "SbieView.h"
class CTraceFilterProxyModel : public CSortFilterProxyModel
{
@ -70,6 +71,9 @@ CTraceView::CTraceView(QWidget* parent) : CPanelWidget<QTreeViewEx>(parent)
connect(m_pTraceTid, SIGNAL(currentIndexChanged(int)), this, SLOT(OnSetTidFilter()));
m_pTraceToolBar->addWidget(m_pTraceTid);
m_pOnlyCurrent = new QCheckBox(tr("Show only sellectes box"));
m_pTraceToolBar->addWidget(m_pOnlyCurrent);
m_pMainLayout->setSpacing(0);
m_pMainLayout->insertWidget(0, m_pTraceToolBar);
@ -119,9 +123,13 @@ CTraceView::~CTraceView()
void CTraceView::Refresh()
{
QList<CSandBoxPtr>Boxes;
if(m_pOnlyCurrent->isChecked())
Boxes = theGUI->GetBoxView()->GetSelectedBoxes();
QList<CTraceEntryPtr> ResourceLog = theAPI->GetTrace();
//m_pTraceModel->Sync(ResourceLog, Pids);
QList<QVariant> Added = m_pTraceModel->Sync(ResourceLog);
QList<QVariant> Added = m_pTraceModel->Sync(ResourceLog, Boxes.count() == 1 ? Boxes.first().data() : NULL);
if (m_pTraceModel->IsTree())
{

1
SandboxiePlus/SandMan/Views/TraceView.h
View File

@ -31,6 +31,7 @@ protected:
QToolBar* m_pTraceToolBar;
QAction* m_pTraceTree;
QCheckBox* m_pOnlyCurrent;
QComboBox* m_pTracePid;
QComboBox* m_pTraceTid;

202
SandboxiePlus/SandMan/Windows/OptionsWindow.cpp
View File

@ -118,6 +118,7 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
ui.chkShowForceTmpl->setEnabled(false);
ui.chkShowStopTmpl->setEnabled(false);
ui.chkShowAccessTmpl->setEnabled(false);
ui.chkShowRecoveryTmpl->setEnabled(false);
//ui.chkWithTemplates->setEnabled(false);
}
@ -256,6 +257,10 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
connect(ui.treeAccess, SIGNAL(itemSelectionChanged()), this, SLOT(OnAccessSelectionChanged()));
//
// Resource Access
connect(ui.chkCloseForBox, SIGNAL(clicked(bool)), this, SLOT(OnAccessChanged()));
//
// Recovery
connect(ui.chkAutoRecovery, SIGNAL(clicked(bool)), this, SLOT(OnRecoveryChanged()));
connect(ui.btnAddRecovery, SIGNAL(clicked(bool)), this, SLOT(OnAddRecFolder()));
@ -282,6 +287,8 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
connect(ui.chkAddToJob, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkDisableMonitor, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkCallTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkFileTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkPipeTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
@ -328,12 +335,21 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
connect(ui.buttonBox->button(QDialogButtonBox::Apply), SIGNAL(clicked(bool)), this, SLOT(apply()));
connect(ui.buttonBox, SIGNAL(rejected()), this, SLOT(close()));
if (ReadOnly) {
if (ReadOnly)
{
ui.btnEditIni->setEnabled(false);
ui.buttonBox->button(QDialogButtonBox::Ok)->setEnabled(false);
ui.buttonBox->button(QDialogButtonBox::Apply)->setEnabled(false);
}
if (theAPI->IsRunningAsAdmin())
{
ui.chkDropRights->setEnabled(false);
ui.chkFakeElevation->setEnabled(false);
}
else
ui.lblAdmin->setVisible(false);
OnTab(); // -> LoadConfig();
ui.treeAccess->viewport()->installEventFilter(this);
@ -538,20 +554,21 @@ void COptionsWindow::LoadConfig()
ui.lstAutoExec->clear();
ui.lstAutoExec->addItems(AutoExec);
bool bGlobalNoMon = m_pBox->GetAPI()->GetGlobalSettings()->GetBool("DisableResourceMonitor", false);
ui.chkDisableMonitor->setChecked(m_pBox->GetBool("DisableResourceMonitor", bGlobalNoMon));
ReadAdvancedCheck("CallTrace", ui.chkCallTrace, "*");
ReadAdvancedCheck("FileTrace", ui.chkFileTrace, "*");
ReadAdvancedCheck("PipeTrace", ui.chkPipeTrace, "*");
ReadAdvancedCheck("KeyTrace", ui.chkKeyTrace, "*");
ReadAdvancedCheck("IpcTrace", ui.chkIpcTrace, "*");
ReadAdvancedCheck("GuiTrace", ui.chkGuiTrace, "*");
ReadAdvancedCheck("ClsidTrace", ui.chkComTrace, "*");
ui.chkDbgTrace->setChecked(m_pBox->GetBool("DebugTrace", false));
ui.chkErrTrace->setChecked(m_pBox->GetBool("ErrorTrace", false));
QSharedPointer<CSandBoxPlus> pBoxPlus = m_pBox.objectCast<CSandBoxPlus>();
if (pBoxPlus)
{
ReadAdvancedCheck("CallTrace", ui.chkCallTrace, "*");
ReadAdvancedCheck("FileTrace", ui.chkFileTrace, "*");
ReadAdvancedCheck("PipeTrace", ui.chkPipeTrace, "*");
ReadAdvancedCheck("KeyTrace", ui.chkKeyTrace, "*");
ReadAdvancedCheck("IpcTrace", ui.chkIpcTrace, "*");
ReadAdvancedCheck("GuiTrace", ui.chkGuiTrace, "*");
ReadAdvancedCheck("ClsidTrace", ui.chkComTrace, "*");
ui.chkDbgTrace->setChecked(m_pBox->GetBool("DebugTrace", false));
ui.chkErrTrace->setChecked(m_pBox->GetBool("ErrorTrace", false));
ui.chkApiTrace->setChecked(pBoxPlus->HasLogApi());
}
ui.chkHideOtherBoxes->setChecked(m_pBox->GetBool("HideOtherBoxes", false));
QStringList Processes = m_pBox->GetTextList("HideHostProcess", m_Template);
@ -710,10 +727,10 @@ void COptionsWindow::SaveConfig()
WriteAdvancedCheck(ui.chkRestrictServices, "RunServicesAsSystem", "", "y");
WriteAdvancedCheck(ui.chkProtectSystem, "ExposeBoxedSystem", "", "y");
WriteAdvancedCheck(ui.chkOpenDevCMApi, "OpenDevCMApi", "n", "");
WriteAdvancedCheck(ui.chkOpenDevCMApi, "OpenDevCMApi", "y", "");
WriteAdvancedCheck(ui.chkOpenLsaSSPI, "BlockPassword", "n", ""); // OpenLsaSSPI
WriteAdvancedCheck(ui.chkOpenSamEndpoint, "OpenSamEndpoint", "n", "");
WriteAdvancedCheck(ui.chkOpenLsaEndpoint, "OpenLsaEndpoint", "n", "");
WriteAdvancedCheck(ui.chkOpenSamEndpoint, "OpenSamEndpoint", "y", "");
WriteAdvancedCheck(ui.chkOpenLsaEndpoint, "OpenLsaEndpoint", "y", "");
WriteAdvancedCheck(ui.chkAddToJob, "NoAddProcessToJob", "", "y");
@ -722,21 +739,20 @@ void COptionsWindow::SaveConfig()
AutoExec.append(ui.lstAutoExec->item(i)->text());
m_pBox->UpdateTextList("AutoExec", AutoExec, m_Template);
bool bGlobalNoMon = m_pBox->GetAPI()->GetGlobalSettings()->GetBool("DisableResourceMonitor", false);
WriteAdvancedCheck(ui.chkDisableMonitor, "DisableResourceMonitor", bGlobalNoMon ? "" : "y", bGlobalNoMon ? "n" : "");
WriteAdvancedCheck(ui.chkCallTrace, "CallTrace", "*");
WriteAdvancedCheck(ui.chkFileTrace, "FileTrace", "*");
WriteAdvancedCheck(ui.chkPipeTrace, "PipeTrace", "*");
WriteAdvancedCheck(ui.chkKeyTrace, "KeyTrace", "*");
WriteAdvancedCheck(ui.chkIpcTrace, "IpcTrace", "*");
WriteAdvancedCheck(ui.chkGuiTrace, "GuiTrace", "*");
WriteAdvancedCheck(ui.chkComTrace, "ClsidTrace", "*");
WriteAdvancedCheck(ui.chkDbgTrace, "DebugTrace", "y");
WriteAdvancedCheck(ui.chkErrTrace, "ErrorTrace", "y");
QSharedPointer<CSandBoxPlus> pBoxPlus = m_pBox.objectCast<CSandBoxPlus>();
if (pBoxPlus)
{
WriteAdvancedCheck(ui.chkCallTrace, "CallTrace", "*");
WriteAdvancedCheck(ui.chkFileTrace, "FileTrace", "*");
WriteAdvancedCheck(ui.chkPipeTrace, "PipeTrace", "*");
WriteAdvancedCheck(ui.chkKeyTrace, "KeyTrace", "*");
WriteAdvancedCheck(ui.chkIpcTrace, "IpcTrace", "*");
WriteAdvancedCheck(ui.chkGuiTrace, "GuiTrace", "*");
WriteAdvancedCheck(ui.chkComTrace, "ClsidTrace", "*");
WriteAdvancedCheck(ui.chkDbgTrace, "DebugTrace", "y");
WriteAdvancedCheck(ui.chkErrTrace, "ErrorTrace", "y");
pBoxPlus->SetLogApi(ui.chkApiTrace->isChecked());
}
WriteAdvancedCheck(ui.chkHideOtherBoxes, "HideOtherBoxes");
@ -1142,6 +1158,13 @@ void COptionsWindow::LoadForced()
foreach(const QString& Value, m_pBox->GetTextList("ForceFolder", m_Template))
AddForcedEntry(Value, 2);
LoadForcedTmpl();
m_ForcedChanged = false;
}
void COptionsWindow::LoadForcedTmpl(bool bUpdate)
{
if (ui.chkShowForceTmpl->isChecked())
{
foreach(const QString& Template, m_pBox->GetTemplates())
@ -1153,8 +1176,19 @@ void COptionsWindow::LoadForced()
AddForcedEntry(Value, 2, Template);
}
}
m_ForcedChanged = false;
else if (bUpdate)
{
for (int i = 0; i < ui.treeForced->topLevelItemCount(); )
{
QTreeWidgetItem* pItem = ui.treeForced->topLevelItem(i);
int Type = pItem->data(0, Qt::UserRole).toInt();
if (Type == -1) {
delete pItem;
continue; // entry from template
}
i++;
}
}
}
void COptionsWindow::AddForcedEntry(const QString& Name, int type, const QString& Template)
@ -1223,19 +1257,37 @@ void COptionsWindow::LoadStop()
foreach(const QString& Value, m_pBox->GetTextList("LeaderProcess", m_Template))
AddStopEntry(Value, 2);
LoadStopTmpl();
m_StopChanged = false;
}
void COptionsWindow::LoadStopTmpl(bool bUpdate)
{
if (ui.chkShowStopTmpl->isChecked())
{
foreach(const QString& Template, m_pBox->GetTemplates())
foreach(const QString & Template, m_pBox->GetTemplates())
{
foreach(const QString& Value, m_pBox->GetTextListTmpl("LingerProcess", Template))
foreach(const QString & Value, m_pBox->GetTextListTmpl("LingerProcess", Template))
AddStopEntry(Value, 1, Template);
foreach(const QString& Value, m_pBox->GetTextListTmpl("LeaderProcess", Template))
foreach(const QString & Value, m_pBox->GetTextListTmpl("LeaderProcess", Template))
AddStopEntry(Value, 2, Template);
}
}
m_StopChanged = false;
else if (bUpdate)
{
for (int i = 0; i < ui.treeStop->topLevelItemCount(); )
{
QTreeWidgetItem* pItem = ui.treeStop->topLevelItem(i);
int Type = pItem->data(0, Qt::UserRole).toInt();
if (Type == -1) {
delete pItem;
continue; // entry from template
}
i++;
}
}
}
void COptionsWindow::AddStopEntry(const QString& Name, int type, const QString& Template)
@ -1481,6 +1533,8 @@ QString COptionsWindow::AccessTypeToName(EAccessEntry Type)
void COptionsWindow::LoadAccessList()
{
ui.chkCloseForBox->setChecked(m_pBox->GetBool("AlwaysCloseForBoxed", true));
ui.treeAccess->clear();
for (int i = 0; i < eMaxAccessType; i++)
@ -1489,6 +1543,13 @@ void COptionsWindow::LoadAccessList()
ParseAndAddAccessEntry((EAccessEntry)i, Value);
}
LoadAccessListTmpl();
m_AccessChanged = false;
}
void COptionsWindow::LoadAccessListTmpl(bool bUpdate)
{
if (ui.chkShowAccessTmpl->isChecked())
{
foreach(const QString& Template, m_pBox->GetTemplates())
@ -1500,8 +1561,19 @@ void COptionsWindow::LoadAccessList()
}
}
}
m_AccessChanged = false;
else if (bUpdate)
{
for (int i = 0; i < ui.treeAccess->topLevelItemCount(); )
{
QTreeWidgetItem* pItem = ui.treeAccess->topLevelItem(i);
int Type = pItem->data(0, Qt::UserRole).toInt();
if (Type == -1) {
delete pItem;
continue; // entry from template
}
i++;
}
}
}
void COptionsWindow::ParseAndAddAccessEntry(EAccessEntry EntryType, const QString& Value, const QString& Template)
@ -1839,6 +1911,8 @@ void COptionsWindow::OnDelAccess()
void COptionsWindow::SaveAccessList()
{
WriteAdvancedCheck(ui.chkCloseForBox, "AlwaysCloseForBoxed", "", "n");
CloseAccessEdit(true);
QStringList Keys = QStringList() << "OpenFilePath" << "OpenPipePath" << "ClosedFilePath" << "ReadFilePath" << "WriteFilePath"
@ -1878,6 +1952,15 @@ void COptionsWindow::LoadRecoveryList()
foreach(const QString& Value, m_pBox->GetTextList("AutoRecoverIgnore", m_Template))
AddRecoveryEntry(Value, 2);
LoadRecoveryListTmpl();
ui.chkAutoRecovery->setChecked(m_pBox->GetBool("AutoRecover", false));
m_RecoveryChanged = false;
}
void COptionsWindow::LoadRecoveryListTmpl(bool bUpdate)
{
if (ui.chkShowRecoveryTmpl->isChecked())
{
foreach(const QString& Template, m_pBox->GetTemplates())
@ -1889,10 +1972,19 @@ void COptionsWindow::LoadRecoveryList()
AddRecoveryEntry(Value, 2, Template);
}
}
ui.chkAutoRecovery->setChecked(m_pBox->GetBool("AutoRecover", false));
m_RecoveryChanged = false;
else if (bUpdate)
{
for (int i = 0; i < ui.treeRecovery->topLevelItemCount(); )
{
QTreeWidgetItem* pItem = ui.treeRecovery->topLevelItem(i);
int Type = pItem->data(0, Qt::UserRole).toInt();
if (Type == -1) {
delete pItem;
continue; // entry from template
}
i++;
}
}
}
void COptionsWindow::AddRecoveryEntry(const QString& Name, int type, const QString& Template)
@ -2165,7 +2257,7 @@ void COptionsWindow::LoadTemplates()
{
if (Category.isEmpty())
continue;
ui.cmbCategories->addItem(Category, Category);
ui.cmbCategories->addItem(GetCategoryName(Category), Category);
}
}
@ -2188,25 +2280,43 @@ void COptionsWindow::OnScreenReaders()
m_TemplatesChanged = true;
}
QString COptionsWindow::GetCategoryName(const QString& Category)
{
if (Category.compare("Local", Qt::CaseInsensitive) == 0) return tr("Custom Templates");
if (Category.compare("EmailReader", Qt::CaseInsensitive) == 0) return tr("Email Reader");
if (Category.compare("Print", Qt::CaseInsensitive) == 0) return tr("PDF/Print");
if (Category.compare("Security", Qt::CaseInsensitive) == 0) return tr("Security/Privacy");
if (Category.compare("Desktop", Qt::CaseInsensitive) == 0) return tr("Desktop Utilities");
if (Category.compare("Download", Qt::CaseInsensitive) == 0) return tr("Download Managers");
if (Category.compare("Misc", Qt::CaseInsensitive) == 0) return tr("Miscellaneous");
if (Category.compare("WebBrowser", Qt::CaseInsensitive) == 0) return tr("Web Browser");
if (Category.compare("MediaPlayer", Qt::CaseInsensitive) == 0) return tr("Media Player");
if (Category.compare("TorrentClient", Qt::CaseInsensitive) == 0) return tr("Torrent Client");
return Category;
}
void COptionsWindow::ShowTemplates()
{
ui.treeTemplates->clear();
QString Category = ui.cmbCategories->currentData().toString();
QString Filter = ui.txtTemplates->text();
QString CategoryFilter = ui.cmbCategories->currentData().toString();
QString TextFilter = ui.txtTemplates->text();
for (QMultiMap<QString, QPair<QString, QString>>::iterator I = m_AllTemplates.begin(); I != m_AllTemplates.end(); ++I)
{
if (!Category.isEmpty() && I.key().compare(Category, Qt::CaseInsensitive) != 0)
if (!CategoryFilter.isEmpty() && I.key().compare(CategoryFilter, Qt::CaseInsensitive) != 0)
continue;
QString Name = I.value().first.mid(9);
if (!Name.isEmpty() && Name.indexOf(Filter, 0, Qt::CaseInsensitive) == -1)
if (!Name.isEmpty() && Name.indexOf(TextFilter, 0, Qt::CaseInsensitive) == -1)
continue;
if (I.key().isEmpty())
continue; // dont show templates without a category (these are usually deprecated templates)
QTreeWidgetItem* pItem = new QTreeWidgetItem();
pItem->setText(0, I.key());
pItem->setText(0, GetCategoryName(I.key()));
pItem->setData(1, Qt::UserRole, I.value().first);
pItem->setText(1, I.value().second);
//pItem->setFlags(pItem->flags() | Qt::ItemIsUserCheckable);

15
SandboxiePlus/SandMan/Windows/OptionsWindow.h
View File

@ -45,12 +45,12 @@ private slots:
void OnForceProg();
void OnForceDir();
void OnDelForce();
void OnShowForceTmpl() { LoadForced(); }
void OnShowForceTmpl() { LoadForcedTmpl(true); }
void OnAddLingering();
void OnAddLeader();
void OnDelStopProg();
void OnShowStopTmpl() { LoadStop(); }
void OnShowStopTmpl() { LoadStopTmpl(true); }
void OnRestrictStart();
void OnAddStartProg();
@ -72,13 +72,13 @@ private slots:
void OnAddWnd() { AddAccessEntry(eWnd, eDirect, "", ""); }
void OnAddCOM() { AddAccessEntry(eCOM, eDirect, "", ""); }
void OnDelAccess();
void OnShowAccessTmpl() { LoadAccessList(); }
void OnShowAccessTmpl() { LoadAccessListTmpl(true); }
void OnAddRecFolder();
void OnAddRecIgnore();
void OnAddRecIgnoreExt();
void OnDelRecEntry();
void OnShowRecoveryTmpl() { LoadRecoveryList(); }
void OnShowRecoveryTmpl() { LoadRecoveryListTmpl(true); }
void OnAddAutoExec();
void OnDelAutoExec();
@ -106,6 +106,7 @@ private slots:
//void OnRestrictionChanged() { m_RestrictionChanged = true; }
void OnINetBlockChanged() { m_INetBlockChanged = true; }
void OnRecoveryChanged() { m_RecoveryChanged = true; }
void OnAccessChanged() { m_AccessChanged = true; }
void OnAdvancedChanged();
void OnDebugChanged();
@ -186,15 +187,18 @@ protected:
void SaveGroups();
void LoadForced();
void LoadForcedTmpl(bool bUpdate = false);
void AddForcedEntry(const QString& Name, int type, const QString& Template = QString());
void SaveForced();
void LoadStop();
void LoadStopTmpl(bool bUpdate = false);
void AddStopEntry(const QString& Name, int type, const QString& Template = QString());
void SaveStop();
QString AccessTypeToName(EAccessEntry Type);
void LoadAccessList();
void LoadAccessListTmpl(bool bUpdate = false);
QString GetAccessTypeStr(EAccessType Type);
QString GetAccessModeStr(EAccessMode Mode);
void ParseAndAddAccessEntry(EAccessEntry EntryType, const QString& Value, const QString& Template = QString());
@ -208,6 +212,7 @@ protected:
void CloseAccessEdit(QTreeWidgetItem* pItem, bool bSave = true);
void LoadRecoveryList();
void LoadRecoveryListTmpl(bool bUpdate = false);
void AddRecoveryEntry(const QString& Name, int type, const QString& Template = QString());
void SaveRecoveryList();
@ -222,6 +227,8 @@ protected:
void LoadIniSection();
void SaveIniSection();
QString GetCategoryName(const QString& Category);
bool m_ConfigDirty;
QColor m_BorderColor;

11
SandboxiePlus/SandMan/Windows/PopUpWindow.cpp
View File

@ -287,7 +287,7 @@ void CPopUpWindow::SendPromptResult(CPopUpPrompt* pEntry, int retval)
pEntry->m_pProcess.objectCast<CSbieProcess>()->SetRememberedAction(pEntry->m_Result["id"].toInt(), retval);
}
void CPopUpWindow::AddFileToRecover(const QString& FilePath, const QString& BoxName, quint32 ProcessId)
void CPopUpWindow::AddFileToRecover(const QString& FilePath, QString BoxPath, const QString& BoxName, quint32 ProcessId)
{
CSandBoxPtr pBox = theAPI->GetBoxByName(BoxName);
if (!pBox.isNull() && pBox.objectCast<CSandBoxPlus>()->IsRecoverySuspended())
@ -299,7 +299,10 @@ void CPopUpWindow::AddFileToRecover(const QString& FilePath, const QString& BoxN
.arg(FilePath.mid(FilePath.lastIndexOf("\\") + 1)).arg(QString(BoxName).replace("_", " "))
.arg(pProcess.isNull() ? tr("an UNKNOWN process.") : tr("%1 (%2)").arg(pProcess->GetProcessName()).arg(pProcess->GetProcessId()));
CPopUpRecovery* pEntry = new CPopUpRecovery(Message, FilePath, BoxName, this);
if (BoxPath.isEmpty()) // legacy case, no BoxName, no support for driver serial numbers
BoxPath = theAPI->GetBoxedPath(BoxName, FilePath);
CPopUpRecovery* pEntry = new CPopUpRecovery(Message, FilePath, BoxPath, BoxName, this);
QStringList RecoverTargets = theAPI->GetUserSettings()->GetTextList("SbieCtrl_RecoverTarget", true);
pEntry->m_pTarget->insertItems(pEntry->m_pTarget->count()-1, RecoverTargets);
@ -352,10 +355,10 @@ void CPopUpWindow::OnRecoverFile(int Action)
}
QString FileName = pEntry->m_FilePath.mid(pEntry->m_FilePath.lastIndexOf("\\") + 1);
QString BoxedFilePath = theAPI->GetBoxedPath(pEntry->m_BoxName, pEntry->m_FilePath);
//QString BoxedFilePath = theAPI->GetBoxedPath(pEntry->m_BoxName, pEntry->m_FilePath); // pEntry->m_BoxPath
QList<QPair<QString, QString>> FileList;
FileList.append(qMakePair(BoxedFilePath, RecoveryFolder + "\\" + FileName));
FileList.append(qMakePair(pEntry->m_BoxPath, RecoveryFolder + "\\" + FileName));
SB_PROGRESS Status = theGUI->RecoverFiles(FileList, Action);
if (Status.GetStatus() == OP_ASYNC)

6
SandboxiePlus/SandMan/Windows/PopUpWindow.h
View File

@ -215,10 +215,11 @@ class CPopUpRecovery : public CPopUpEntry
{
Q_OBJECT
public:
CPopUpRecovery(const QString& Message, const QString& FilePath, const QString& BoxName, QWidget* parent = 0) : CPopUpEntry(Message, parent)
CPopUpRecovery(const QString& Message, const QString& FilePath, const QString& BoxPath, const QString& BoxName, QWidget* parent = 0) : CPopUpEntry(Message, parent)
{
m_BoxName = BoxName;
m_FilePath = FilePath;
m_BoxPath = BoxPath;
QLabel* pLabel = new QLabel(Message);
pLabel->setToolTip(Message);
@ -323,6 +324,7 @@ protected:
}
QString m_FilePath;
QString m_BoxPath;
QString m_BoxName;
QComboBox* m_pTarget;
int m_LastTargetIndex;
@ -416,7 +418,7 @@ public:
virtual void AddLogMessage(const QString& Message, quint32 MsgCode, const QStringList& MsgData, quint32 ProcessId);
virtual void AddUserPrompt(quint32 RequestId, const QVariantMap& Data, quint32 ProcessId);
virtual void AddFileToRecover(const QString& FilePath, const QString& BoxName, quint32 ProcessId);
virtual void AddFileToRecover(const QString& FilePath, QString BoxPath, const QString& BoxName, quint32 ProcessId);
virtual void ShowProgress(quint32 MsgCode, const QStringList& MsgData, quint32 ProcessId);
static void SetDarkMode(bool bDark) { extern bool CPopUpWindow__DarkMode; CPopUpWindow__DarkMode = bDark; }

45
SandboxiePlus/SandMan/Windows/RecoveryWindow.cpp
View File

@ -78,8 +78,10 @@ CRecoveryWindow::CRecoveryWindow(const CSandBoxPtr& pBox, QWidget *parent)
foreach(const QString& NtFolder, m_pBox->GetTextList("RecoverFolder", true, true))
{
QString Folder = theAPI->Nt2DosPath(NtFolder);
m_RecoveryFolders.append(Folder);
bool bOk;
QString Folder = theAPI->Nt2DosPath(NtFolder, &bOk);
if(bOk)
m_RecoveryFolders.append(Folder);
}
}
@ -137,14 +139,24 @@ int CRecoveryWindow::FindFiles()
if (ui.chkShowAll->isChecked())
{
for(char drive = 'A'; drive <= 'Z'; drive++)
Count += FindBoxFiles("\\drive\\" + QString(drive));
//for(char drive = 'A'; drive <= 'Z'; drive++)
QDir Dir(m_pBox->GetFileRoot() + "\\drive\\");
foreach(const QFileInfo & Info, Dir.entryInfoList(QDir::Dirs | QDir::NoDotAndDotDot))
Count += FindBoxFiles("\\drive\\" + Info.fileName());
if (m_pBox->GetBool("SeparateUserFolders", true)) {
Count += FindBoxFiles("\\user\\current");
Count += FindBoxFiles("\\user\\all");
Count += FindBoxFiles("\\user\\public");
}
Count += FindBoxFiles("\\share");
//Count += FindBoxFiles("\\share");
QDir DirSvr(m_pBox->GetFileRoot() + "\\share\\");
foreach(const QFileInfo & InfoSrv, DirSvr.entryInfoList(QDir::Dirs | QDir::NoDotAndDotDot)) {
QDir DirPub(m_pBox->GetFileRoot() + "\\share\\" + InfoSrv.fileName());
foreach(const QFileInfo & InfoPub, DirPub.entryInfoList(QDir::Dirs | QDir::NoDotAndDotDot))
Count += FindBoxFiles("\\share\\" + InfoSrv.fileName() + "\\" + InfoPub.fileName());
}
}
else
{
@ -159,12 +171,19 @@ int CRecoveryWindow::FindFiles()
int CRecoveryWindow::FindFiles(const QString& Folder)
{
//int Count = 0;
//foreach(const QString & Path, theAPI->GetBoxedPath(m_pBox, Folder))
// Count += FindFiles(Folder, Path, Folder);
//return Count;
return FindFiles(Folder, theAPI->GetBoxedPath(m_pBox, Folder), Folder);
}
int CRecoveryWindow::FindBoxFiles(const QString& Folder)
{
return FindFiles(Folder, m_pBox->GetFileRoot() + Folder, theAPI->GetRealPath(m_pBox, m_pBox->GetFileRoot() + Folder));
QString RealFolder = theAPI->GetRealPath(m_pBox, m_pBox->GetFileRoot() + Folder);
if (RealFolder.isEmpty())
return 0;
return FindFiles(Folder, m_pBox->GetFileRoot() + Folder, RealFolder);
}
int CRecoveryWindow::FindFiles(const QString& RecParent, const QString& BoxedFolder, const QString& RealFolder)
@ -225,7 +244,7 @@ int CRecoveryWindow::FindFiles(const QString& RecParent, const QString& BoxedFol
void CRecoveryWindow::RecoverFiles(bool bBrowse)
{
bool HasShare = false;
//bool HasShare = false;
QMap<QString, QString> FileMap;
foreach(const QModelIndex& Index, ui.treeFiles->selectionModel()->selectedIndexes())
{
@ -239,8 +258,8 @@ void CRecoveryWindow::RecoverFiles(bool bBrowse)
if (!File["ParentID"].isNull())
{
if (File["DiskPath"].toString().indexOf("\\device\\mup", 0, Qt::CaseInsensitive) == 0)
HasShare = true;
//if (File["DiskPath"].toString().indexOf("\\device\\mup", 0, Qt::CaseInsensitive) == 0)
// HasShare = true;
FileMap[File["BoxPath"].toString()] = File["DiskPath"].toString();