This commit is contained in:
DavidXanatos 2022-02-06 18:28:13 +01:00
parent 392cde4282
commit 9d8ef41fb5
7 changed files with 200 additions and 131 deletions

View File

@ -6,11 +6,10 @@ This project adheres to [Semantic Versioning](http://semver.org/).
# [1.1.0 / 5.56.0] - 2022-01-??
# [1.1.0 / 5.56.0] - 2022-01-06
### Added
- added support for NtRenameKey (this requires UseRegDeleteV2=y) [#205](https://github.com/sandboxie-plus/Sandboxie/issues/205)
- added options menu command to reset the GUI [#1589](https://github.com/sandboxie-plus/Sandboxie/issues/1589)
### Changed
- reworked the mechanism sandboxie uses to mark host files as deleted
@ -25,12 +24,12 @@ This project adheres to [Semantic Versioning](http://semver.org/).
# [1.0.10 / 5.55.10] - 2022-01-??
# [1.0.10 / 5.55.10] - 2022-01-06
### Added
- added option to show only boxes in tray with runnign processes [#1186](https://github.com/sandboxie-plus/Sandboxie/issues/1186)
-- additional option show only pinned bixes, in box options a bix can be set to be always shown in theay list (Pinned)
- add reset ui option
- added options menu command to reset the GUI [#1589](https://github.com/sandboxie-plus/Sandboxie/issues/1589)
- added 'Run Un-Sandboxed' context menu option
- added new trigger "OnBoxDelete" that allows to specify a command that is run UNBOXED just before the box content gets deleted
-- note: this can be used as a replacemetn to the DeleteCommand [#591](https://github.com/sandboxie-plus/Sandboxie/issues/591)
@ -55,6 +54,11 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- fixed issues canceling box deletion operations didn't working [1061](https://github.com/sandboxie-plus/Sandboxie/issues/1061)
- fixed issue with DPI scalling and color picker dialog [#803](https://github.com/sandboxie-plus/Sandboxie/issues/803)
### Removed
- removed UseRpcMgmtSetComTimeout=AppXDeploymentClient.dll,y used for free download manager as it broke other things
-- when using free download manager ad the line manually to your sandboxie.ini
## [1.0.9 / 5.55.9] - 2022-01-31

View File

@ -37,8 +37,15 @@
// Functions
//---------------------------------------------------------------------------
static OBJECT_TYPE* Obj_GetObjectType(const WCHAR* TypeName);
static BOOLEAN Obj_AddObjectType(const WCHAR *TypeName);
//---------------------------------------------------------------------------
#ifdef ALLOC_PRAGMA
#pragma alloc_text (INIT, Obj_GetObjectType)
#pragma alloc_text (INIT, Obj_AddObjectType)
#pragma alloc_text (INIT, Obj_Init)
#endif // ALLOC_PRAGMA
@ -47,6 +54,7 @@
// Variables
//---------------------------------------------------------------------------
POBJECT_TYPE *Obj_ObjectTypes = NULL;
static const WCHAR Obj_Unnamed_Name = L'\0';
@ -75,6 +83,54 @@ P_ObQueryNameInfo pObQueryNameInfo = NULL;
#endif _WIN64
#endif
//
// kernel object types (w8 64bit):
//
// AlpcPortObjectType
// CmKeyObjectType Exported
// DbgkDebugObjectType
// EtwpRealTimeConnectionObjectType
// EtwpRegistrationObjectType
// ExCallbackObjectType
// ExCompositionSurfaceObjectType Exported
// ExDesktopObjectType Exported
// ExEventObjectType Exported
// ExEventPairObjectType
// ExMutantObjectType
// ExProfileObjectType
// ExSemaphoreObjectType Exported
// ExTimerObjectType
// ExWindowStationObjectType Exported
// ExpIRTimerObjectType
// ExpKeyedEventObjectType
// ExpWorkerFactoryObjectType
// IoAdapterObjectType Exported
// IoCompletionObjectType
// IoControllerObjectType
// IoDeviceHandlerObjectType Exported
// IoDeviceObjectType Exported
// IoDriverObjectType Exported
// IoFileObjectType Exported
// IopWaitCompletionPacketObjectType
// LpcPortObjectType Exported
// LpcWaitablePortObjectType
// MmSectionObjectType Exported
// MmSessionObjectType
// ObpDirectoryObjectType
// ObpSymbolicLinkObjectType
// ObpTypeObjectType
// PopPowerRequestObjectType
// PsProcessType Exported
// PsThreadType Exported
// PsJobType Exported
// SeTokenObjectType Exported
// TmEnlistmentObjectType Exported
// TmResourceManagerObjectType Exported
// TmTransactionManagerObjectType Exported
// TmTransactionObjectType Exported
// WmipGuidObjectType
//
//---------------------------------------------------------------------------
// Obj_Init
@ -83,16 +139,6 @@ P_ObQueryNameInfo pObQueryNameInfo = NULL;
_FX BOOLEAN Obj_Init(void)
{
//
// prepare object filter callback registration on Vista SP1 and later
//
if (Driver_OsVersion > DRIVER_WINDOWS_VISTA) {
if (!Obj_Init_Filter())
return FALSE;
}
if (Driver_OsVersion >= DRIVER_WINDOWS_7) {
//
@ -121,6 +167,49 @@ _FX BOOLEAN Obj_Init(void)
pObGetObjectType = (P_ObGetObjectType)ptr;
}
//
// initialize set of recognized objects types
//
Obj_ObjectTypes = Mem_AllocEx(
Driver_Pool, sizeof(POBJECT_TYPE) * 9, TRUE);
if (! Obj_ObjectTypes)
return FALSE;
memzero(Obj_ObjectTypes, sizeof(POBJECT_TYPE) * 9);
if (! Obj_AddObjectType(L"Job")) // PsJobType
return FALSE;
if (! Obj_AddObjectType(L"Event")) // ExEventObjectType
return FALSE;
if (! Obj_AddObjectType(L"Mutant")) // ExMutantObjectType - not exported
return FALSE;
if (! Obj_AddObjectType(L"Semaphore")) // ExSemaphoreObjectType
return FALSE;
if (! Obj_AddObjectType(L"Section")) // MmSectionObjectType
return FALSE;
#ifdef XP_SUPPORT
if (Driver_OsVersion < DRIVER_WINDOWS_VISTA) {
if (! Obj_AddObjectType(L"Port")) // LpcPortObjectType
return FALSE;
} else
#endif
{
if (! Obj_AddObjectType(L"ALPC Port")) // AlpcPortObjectType - not exported
return FALSE;
}
//DbgPrint("JobObject; Known: %p; Found: %p\r\n", *PsJobType, Obj_ObjectTypes[0]);
//
// prepare object filter callback registration on Vista SP1 and later
//
if (Driver_OsVersion > DRIVER_WINDOWS_VISTA) {
if (!Obj_Init_Filter())
return FALSE;
}
return TRUE;
}
@ -615,3 +704,76 @@ _FX POBJECT_TYPE Obj_GetTypeObjectType(void)
return _TypeObjectType;
}
//---------------------------------------------------------------------------
// Obj_GetObjectType
//---------------------------------------------------------------------------
_FX OBJECT_TYPE* Obj_GetObjectType(const WCHAR *TypeName)
{
NTSTATUS status;
WCHAR ObjectName[64];
UNICODE_STRING uni;
OBJECT_ATTRIBUTES objattrs;
HANDLE handle;
OBJECT_TYPE *object;
wcscpy(ObjectName, L"\\ObjectTypes\\");
wcscat(ObjectName, TypeName);
RtlInitUnicodeString(&uni, ObjectName);
InitializeObjectAttributes(&objattrs,
&uni, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
//
// Windows 7 requires that we pass ObjectType in the second parameter
// below, while earlier versions of Windows do not require this.
// Obj_GetTypeObjectType() returns ObjectType on Windows 7, and
// NULL on earlier versions of Windows
//
status = ObOpenObjectByName(
&objattrs, Obj_GetTypeObjectType(), KernelMode,
NULL, 0, NULL, &handle);
if (! NT_SUCCESS(status)) {
Log_Status_Ex(MSG_OBJ_HOOK_ANY_PROC, 0x44, status, TypeName);
return NULL;
}
status = ObReferenceObjectByHandle(
handle, 0, NULL, KernelMode, &object, NULL);
ZwClose(handle);
if (! NT_SUCCESS(status)) {
Log_Status_Ex(MSG_OBJ_HOOK_ANY_PROC, 0x55, status, TypeName);
return NULL;
}
ObDereferenceObject(object);
return object;
}
//---------------------------------------------------------------------------
// Obj_AddObjectType
//---------------------------------------------------------------------------
_FX BOOLEAN Obj_AddObjectType(const WCHAR *TypeName)
{
OBJECT_TYPE* object;
ULONG i;
object = Obj_GetObjectType(TypeName);
if (object == NULL)
return FALSE;
for (i = 0; Obj_ObjectTypes[i]; ++i)
;
Obj_ObjectTypes[i] = object;
return TRUE;
}

View File

@ -84,6 +84,7 @@ BOOLEAN Obj_HookParseProc(
// Variables
//---------------------------------------------------------------------------
extern POBJECT_TYPE *Obj_ObjectTypes;
extern const OBJECT_NAME_INFORMATION Obj_Unnamed;

View File

@ -97,24 +97,24 @@ _FX BOOLEAN Obj_Load_Filter(void)
//
// The types handled by the Syscall_DuplicateHandle are as follows
//
// "Process" -> Thread_CheckProcessObject
// "Thread" -> Thread_CheckThreadObject
// "Process" -> Thread_CheckProcessObject <- PsProcessType
// "Thread" -> Thread_CheckThreadObject <- PsThreadType
//
// "File" -> File_CheckFileObject <- given the the note above why do we double filter for files ???
// "File" -> File_CheckFileObject <- IoFileObjectType // given the the note above why do we double filter for files ???
//
// "Event" -> Ipc_CheckGenericObject
// "EventPair" -> Ipc_CheckGenericObject <- ExEventPairObjectType not exported
// "KeyedEvent" -> Ipc_CheckGenericObject <- ExpKeyedEventObjectType not exported
// "Mutant" -> Ipc_CheckGenericObject <- ExMutantObjectType not exported
// "Semaphore" -> Ipc_CheckGenericObject
// "Section" -> Ipc_CheckGenericObject
// "Semaphore" -> Ipc_CheckGenericObject <- ExSemaphoreObjectType
// "Section" -> Ipc_CheckGenericObject <- MmSectionObjectType
//
// "JobObject" -> Ipc_CheckJobObject
// "JobObject" -> Ipc_CheckJobObject <- PsJobType
//
// "Port" / "ALPC Port" -> Ipc_CheckPortObject <- AlpcPortObjectType and LpcWaitablePortObjectType not exported, LpcPortObjectType exported
// Note: proper IPC isolation requires filering of NtRequestPort, NtRequestWaitReplyPort, and NtAlpcSendWaitReceivePort calls
// Note: proper IPC isolation requires filtering of NtRequestPort, NtRequestWaitReplyPort, and NtAlpcSendWaitReceivePort calls
//
// "Token" -> Thread_CheckTokenObject
// "Token" -> Thread_CheckTokenObject <- SeTokenObjectType
//
if (!pObRegisterCallbacks || !pObUnRegisterCallbacks)

View File

@ -87,8 +87,6 @@ typedef struct _SESSION SESSION;
//---------------------------------------------------------------------------
static BOOLEAN Session_AddObjectType(const WCHAR *TypeName);
static void Session_Unlock(KIRQL irql);
static SESSION *Session_Get(
@ -115,14 +113,6 @@ static NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms);
static NTSTATUS Session_Api_MonitorGetEx(PROCESS *proc, ULONG64 *parms);
//---------------------------------------------------------------------------
#ifdef ALLOC_PRAGMA
#pragma alloc_text (INIT, Session_AddObjectType)
#endif // ALLOC_PRAGMA
//---------------------------------------------------------------------------
// Variables
//---------------------------------------------------------------------------
@ -133,8 +123,6 @@ PERESOURCE Session_ListLock = NULL;
volatile LONG Session_MonitorCount = 0;
static POBJECT_TYPE *Session_ObjectTypes = NULL;
//---------------------------------------------------------------------------
// Session_Init
@ -156,36 +144,6 @@ _FX BOOLEAN Session_Init(void)
//Api_SetFunction(API_MONITOR_GET, Session_Api_MonitorGet);
Api_SetFunction(API_MONITOR_GET_EX, Session_Api_MonitorGetEx);
//
// initialize set of recognized objects types for Session_Api_MonitorPut
//
Session_ObjectTypes = Mem_AllocEx(
Driver_Pool, sizeof(POBJECT_TYPE) * 9, TRUE);
if (! Session_ObjectTypes)
return FALSE;
memzero(Session_ObjectTypes, sizeof(POBJECT_TYPE) * 9);
if (! Session_AddObjectType(L"Job"))
return FALSE;
if (! Session_AddObjectType(L"Event"))
return FALSE;
if (! Session_AddObjectType(L"Mutant"))
return FALSE;
if (! Session_AddObjectType(L"Semaphore"))
return FALSE;
if (! Session_AddObjectType(L"Section"))
return FALSE;
#ifdef XP_SUPPORT
if (Driver_OsVersion < DRIVER_WINDOWS_VISTA) {
if (! Session_AddObjectType(L"Port"))
return FALSE;
} else
#endif
{
if (! Session_AddObjectType(L"ALPC Port"))
return FALSE;
}
return TRUE;
}
@ -206,62 +164,6 @@ _FX void Session_Unload(void)
}
//---------------------------------------------------------------------------
// Session_AddObjectType
//---------------------------------------------------------------------------
_FX BOOLEAN Session_AddObjectType(const WCHAR *TypeName)
{
NTSTATUS status;
WCHAR ObjectName[64];
UNICODE_STRING uni;
OBJECT_ATTRIBUTES objattrs;
HANDLE handle;
OBJECT_TYPE *object;
ULONG i;
wcscpy(ObjectName, L"\\ObjectTypes\\");
wcscat(ObjectName, TypeName);
RtlInitUnicodeString(&uni, ObjectName);
InitializeObjectAttributes(&objattrs,
&uni, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
//
// Windows 7 requires that we pass ObjectType in the second parameter
// below, while earlier versions of Windows do not require this.
// Obj_GetTypeObjectType() returns ObjectType on Windows 7, and
// NULL on earlier versions of Windows
//
status = ObOpenObjectByName(
&objattrs, Obj_GetTypeObjectType(), KernelMode,
NULL, 0, NULL, &handle);
if (! NT_SUCCESS(status)) {
Log_Status_Ex(MSG_OBJ_HOOK_ANY_PROC, 0x44, status, TypeName);
return FALSE;
}
status = ObReferenceObjectByHandle(
handle, 0, NULL, KernelMode, &object, NULL);
ZwClose(handle);
if (! NT_SUCCESS(status)) {
Log_Status_Ex(MSG_OBJ_HOOK_ANY_PROC, 0x55, status, TypeName);
return FALSE;
}
ObDereferenceObject(object);
for (i = 0; Session_ObjectTypes[i]; ++i)
;
Session_ObjectTypes[i] = object;
return TRUE;
}
//---------------------------------------------------------------------------
// Session_Unlock
//---------------------------------------------------------------------------
@ -867,7 +769,7 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
RtlInitUnicodeString(&objname, name);
for (i = 0; Session_ObjectTypes[i]; ++i) {
for (i = 0; Obj_ObjectTypes[i]; ++i) {
// ObReferenceObjectByName needs a non-zero ObjectType
// so we have to keep going through all possible object
@ -875,7 +777,7 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
status = ObReferenceObjectByName(
&objname, OBJ_CASE_INSENSITIVE, NULL, 0,
Session_ObjectTypes[i], KernelMode, NULL,
Obj_ObjectTypes[i], KernelMode, NULL,
&object);
if (status != STATUS_OBJECT_TYPE_MISMATCH)

View File

@ -160,14 +160,14 @@ SpecialImage=browser,PuffinSecureBrowser.exe
#
# updater blockage
# updater blockage, usage:
#SoftwareUpdater=starting_image.exe,updater_path\updater_image.exe
#
[Template_BlockSoftwareUpdaters]
BlockSoftwareUpdaters=y
#SoftwareUpdater=starting_image,updater_path
#Tmpl.Title=#xxxx
#Tmpl.Class=Misc
#BlockSoftwareUpdaters=y
SoftwareUpdater=firefox.exe,*\mozilla firefox\updater.exe
SoftwareUpdater=firefox.exe,*\mozilla firefox\updates\*updater.exe
@ -3413,7 +3413,7 @@ RpcPortBinding=apisethost.appexecutionalias.dll,'0497b57d-2e66-424f-a0c6-157cd5d
# RpcMgmtSetComTimeout presets
UseRpcMgmtSetComTimeout=AppXDeploymentClient.dll,y
#UseRpcMgmtSetComTimeout=AppXDeploymentClient.dll,y
UseRpcMgmtSetComTimeout=WINNSI.DLL,n
# windows proxy auto discovery

View File

@ -15,8 +15,8 @@ CPopUpWindow::CPopUpWindow(QWidget* parent) : QMainWindow(parent)
flags |= Qt::CustomizeWindowHint;
//flags &= ~Qt::WindowContextHelpButtonHint;
//flags &= ~Qt::WindowSystemMenuHint;
flags &= ~Qt::WindowMinMaxButtonsHint;
//flags &= ~Qt::WindowMinimizeButtonHint;
//flags &= ~Qt::WindowMinMaxButtonsHint;
flags &= ~Qt::WindowMaximizeButtonHint;
//flags &= ~Qt::WindowCloseButtonHint;
setWindowFlags(flags);
@ -26,7 +26,7 @@ CPopUpWindow::CPopUpWindow(QWidget* parent) : QMainWindow(parent)
ui.setupUi(centralWidget);
this->setCentralWidget(centralWidget);
setWindowFlags(Qt::Tool);
//setWindowFlags(Qt::Tool);
ui.table->verticalHeader()->hide();
ui.table->horizontalHeader()->hide();