From 9d8ef41fb59bd926161507293be5295cae0def4e Mon Sep 17 00:00:00 2001 From: DavidXanatos Date: Sun, 6 Feb 2022 18:28:13 +0100 Subject: [PATCH] 1.1.0 --- CHANGELOG.md | 12 +- Sandboxie/core/drv/obj.c | 182 +++++++++++++++++- Sandboxie/core/drv/obj.h | 1 + Sandboxie/core/drv/obj_flt.c | 16 +- Sandboxie/core/drv/session.c | 102 +--------- Sandboxie/install/Templates.ini | 12 +- SandboxiePlus/SandMan/Windows/PopUpWindow.cpp | 6 +- 7 files changed, 200 insertions(+), 131 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8280c0c7..d8cf876c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,11 +6,10 @@ This project adheres to [Semantic Versioning](http://semver.org/). -# [1.1.0 / 5.56.0] - 2022-01-?? +# [1.1.0 / 5.56.0] - 2022-01-06 ### Added - added support for NtRenameKey (this requires UseRegDeleteV2=y) [#205](https://github.com/sandboxie-plus/Sandboxie/issues/205) -- added options menu command to reset the GUI [#1589](https://github.com/sandboxie-plus/Sandboxie/issues/1589) ### Changed - reworked the mechanism sandboxie uses to mark host files as deleted @@ -25,12 +24,12 @@ This project adheres to [Semantic Versioning](http://semver.org/). -# [1.0.10 / 5.55.10] - 2022-01-?? +# [1.0.10 / 5.55.10] - 2022-01-06 ### Added - added option to show only boxes in tray with runnign processes [#1186](https://github.com/sandboxie-plus/Sandboxie/issues/1186) -- additional option show only pinned bixes, in box options a bix can be set to be always shown in theay list (Pinned) -- add reset ui option +- added options menu command to reset the GUI [#1589](https://github.com/sandboxie-plus/Sandboxie/issues/1589) - added 'Run Un-Sandboxed' context menu option - added new trigger "OnBoxDelete" that allows to specify a command that is run UNBOXED just before the box content gets deleted -- note: this can be used as a replacemetn to the DeleteCommand [#591](https://github.com/sandboxie-plus/Sandboxie/issues/591) @@ -55,6 +54,11 @@ This project adheres to [Semantic Versioning](http://semver.org/). - fixed issues canceling box deletion operations didn't working [1061](https://github.com/sandboxie-plus/Sandboxie/issues/1061) - fixed issue with DPI scalling and color picker dialog [#803](https://github.com/sandboxie-plus/Sandboxie/issues/803) +### Removed +- removed UseRpcMgmtSetComTimeout=AppXDeploymentClient.dll,y used for free download manager as it broke other things +-- when using free download manager ad the line manually to your sandboxie.ini + + ## [1.0.9 / 5.55.9] - 2022-01-31 diff --git a/Sandboxie/core/drv/obj.c b/Sandboxie/core/drv/obj.c index ecfe6392..7168ef67 100644 --- a/Sandboxie/core/drv/obj.c +++ b/Sandboxie/core/drv/obj.c @@ -37,8 +37,15 @@ // Functions //--------------------------------------------------------------------------- +static OBJECT_TYPE* Obj_GetObjectType(const WCHAR* TypeName); + +static BOOLEAN Obj_AddObjectType(const WCHAR *TypeName); + +//--------------------------------------------------------------------------- #ifdef ALLOC_PRAGMA +#pragma alloc_text (INIT, Obj_GetObjectType) +#pragma alloc_text (INIT, Obj_AddObjectType) #pragma alloc_text (INIT, Obj_Init) #endif // ALLOC_PRAGMA @@ -47,6 +54,7 @@ // Variables //--------------------------------------------------------------------------- +POBJECT_TYPE *Obj_ObjectTypes = NULL; static const WCHAR Obj_Unnamed_Name = L'\0'; @@ -75,6 +83,54 @@ P_ObQueryNameInfo pObQueryNameInfo = NULL; #endif _WIN64 #endif +// +// kernel object types (w8 64bit): +// +// AlpcPortObjectType +// CmKeyObjectType Exported +// DbgkDebugObjectType +// EtwpRealTimeConnectionObjectType +// EtwpRegistrationObjectType +// ExCallbackObjectType +// ExCompositionSurfaceObjectType Exported +// ExDesktopObjectType Exported +// ExEventObjectType Exported +// ExEventPairObjectType +// ExMutantObjectType +// ExProfileObjectType +// ExSemaphoreObjectType Exported +// ExTimerObjectType +// ExWindowStationObjectType Exported +// ExpIRTimerObjectType +// ExpKeyedEventObjectType +// ExpWorkerFactoryObjectType +// IoAdapterObjectType Exported +// IoCompletionObjectType +// IoControllerObjectType +// IoDeviceHandlerObjectType Exported +// IoDeviceObjectType Exported +// IoDriverObjectType Exported +// IoFileObjectType Exported +// IopWaitCompletionPacketObjectType +// LpcPortObjectType Exported +// LpcWaitablePortObjectType +// MmSectionObjectType Exported +// MmSessionObjectType +// ObpDirectoryObjectType +// ObpSymbolicLinkObjectType +// ObpTypeObjectType +// PopPowerRequestObjectType +// PsProcessType Exported +// PsThreadType Exported +// PsJobType Exported +// SeTokenObjectType Exported +// TmEnlistmentObjectType Exported +// TmResourceManagerObjectType Exported +// TmTransactionManagerObjectType Exported +// TmTransactionObjectType Exported +// WmipGuidObjectType +// + //--------------------------------------------------------------------------- // Obj_Init @@ -83,16 +139,6 @@ P_ObQueryNameInfo pObQueryNameInfo = NULL; _FX BOOLEAN Obj_Init(void) { - // - // prepare object filter callback registration on Vista SP1 and later - // - - if (Driver_OsVersion > DRIVER_WINDOWS_VISTA) { - - if (!Obj_Init_Filter()) - return FALSE; - } - if (Driver_OsVersion >= DRIVER_WINDOWS_7) { // @@ -121,6 +167,49 @@ _FX BOOLEAN Obj_Init(void) pObGetObjectType = (P_ObGetObjectType)ptr; } + // + // initialize set of recognized objects types + // + + Obj_ObjectTypes = Mem_AllocEx( + Driver_Pool, sizeof(POBJECT_TYPE) * 9, TRUE); + if (! Obj_ObjectTypes) + return FALSE; + memzero(Obj_ObjectTypes, sizeof(POBJECT_TYPE) * 9); + + if (! Obj_AddObjectType(L"Job")) // PsJobType + return FALSE; + if (! Obj_AddObjectType(L"Event")) // ExEventObjectType + return FALSE; + if (! Obj_AddObjectType(L"Mutant")) // ExMutantObjectType - not exported + return FALSE; + if (! Obj_AddObjectType(L"Semaphore")) // ExSemaphoreObjectType + return FALSE; + if (! Obj_AddObjectType(L"Section")) // MmSectionObjectType + return FALSE; +#ifdef XP_SUPPORT + if (Driver_OsVersion < DRIVER_WINDOWS_VISTA) { + if (! Obj_AddObjectType(L"Port")) // LpcPortObjectType + return FALSE; + } else +#endif + { + if (! Obj_AddObjectType(L"ALPC Port")) // AlpcPortObjectType - not exported + return FALSE; + } + + //DbgPrint("JobObject; Known: %p; Found: %p\r\n", *PsJobType, Obj_ObjectTypes[0]); + + // + // prepare object filter callback registration on Vista SP1 and later + // + + if (Driver_OsVersion > DRIVER_WINDOWS_VISTA) { + + if (!Obj_Init_Filter()) + return FALSE; + } + return TRUE; } @@ -615,3 +704,76 @@ _FX POBJECT_TYPE Obj_GetTypeObjectType(void) return _TypeObjectType; } + + +//--------------------------------------------------------------------------- +// Obj_GetObjectType +//--------------------------------------------------------------------------- + + +_FX OBJECT_TYPE* Obj_GetObjectType(const WCHAR *TypeName) +{ + NTSTATUS status; + WCHAR ObjectName[64]; + UNICODE_STRING uni; + OBJECT_ATTRIBUTES objattrs; + HANDLE handle; + OBJECT_TYPE *object; + + wcscpy(ObjectName, L"\\ObjectTypes\\"); + wcscat(ObjectName, TypeName); + RtlInitUnicodeString(&uni, ObjectName); + InitializeObjectAttributes(&objattrs, + &uni, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL); + + // + // Windows 7 requires that we pass ObjectType in the second parameter + // below, while earlier versions of Windows do not require this. + // Obj_GetTypeObjectType() returns ObjectType on Windows 7, and + // NULL on earlier versions of Windows + // + + status = ObOpenObjectByName( + &objattrs, Obj_GetTypeObjectType(), KernelMode, + NULL, 0, NULL, &handle); + if (! NT_SUCCESS(status)) { + Log_Status_Ex(MSG_OBJ_HOOK_ANY_PROC, 0x44, status, TypeName); + return NULL; + } + + status = ObReferenceObjectByHandle( + handle, 0, NULL, KernelMode, &object, NULL); + + ZwClose(handle); + + if (! NT_SUCCESS(status)) { + Log_Status_Ex(MSG_OBJ_HOOK_ANY_PROC, 0x55, status, TypeName); + return NULL; + } + + ObDereferenceObject(object); + + return object; +} + + +//--------------------------------------------------------------------------- +// Obj_AddObjectType +//--------------------------------------------------------------------------- + + +_FX BOOLEAN Obj_AddObjectType(const WCHAR *TypeName) +{ + OBJECT_TYPE* object; + ULONG i; + + object = Obj_GetObjectType(TypeName); + if (object == NULL) + return FALSE; + + for (i = 0; Obj_ObjectTypes[i]; ++i) + ; + Obj_ObjectTypes[i] = object; + + return TRUE; +} \ No newline at end of file diff --git a/Sandboxie/core/drv/obj.h b/Sandboxie/core/drv/obj.h index d4978dc6..b2cef3f1 100644 --- a/Sandboxie/core/drv/obj.h +++ b/Sandboxie/core/drv/obj.h @@ -84,6 +84,7 @@ BOOLEAN Obj_HookParseProc( // Variables //--------------------------------------------------------------------------- +extern POBJECT_TYPE *Obj_ObjectTypes; extern const OBJECT_NAME_INFORMATION Obj_Unnamed; diff --git a/Sandboxie/core/drv/obj_flt.c b/Sandboxie/core/drv/obj_flt.c index 669d670a..4182de0c 100644 --- a/Sandboxie/core/drv/obj_flt.c +++ b/Sandboxie/core/drv/obj_flt.c @@ -97,24 +97,24 @@ _FX BOOLEAN Obj_Load_Filter(void) // // The types handled by the Syscall_DuplicateHandle are as follows // - // "Process" -> Thread_CheckProcessObject - // "Thread" -> Thread_CheckThreadObject + // "Process" -> Thread_CheckProcessObject <- PsProcessType + // "Thread" -> Thread_CheckThreadObject <- PsThreadType // - // "File" -> File_CheckFileObject <- given the the note above why do we double filter for files ??? + // "File" -> File_CheckFileObject <- IoFileObjectType // given the the note above why do we double filter for files ??? // // "Event" -> Ipc_CheckGenericObject // "EventPair" -> Ipc_CheckGenericObject <- ExEventPairObjectType not exported // "KeyedEvent" -> Ipc_CheckGenericObject <- ExpKeyedEventObjectType not exported // "Mutant" -> Ipc_CheckGenericObject <- ExMutantObjectType not exported - // "Semaphore" -> Ipc_CheckGenericObject - // "Section" -> Ipc_CheckGenericObject + // "Semaphore" -> Ipc_CheckGenericObject <- ExSemaphoreObjectType + // "Section" -> Ipc_CheckGenericObject <- MmSectionObjectType // - // "JobObject" -> Ipc_CheckJobObject + // "JobObject" -> Ipc_CheckJobObject <- PsJobType // // "Port" / "ALPC Port" -> Ipc_CheckPortObject <- AlpcPortObjectType and LpcWaitablePortObjectType not exported, LpcPortObjectType exported - // Note: proper IPC isolation requires filering of NtRequestPort, NtRequestWaitReplyPort, and NtAlpcSendWaitReceivePort calls + // Note: proper IPC isolation requires filtering of NtRequestPort, NtRequestWaitReplyPort, and NtAlpcSendWaitReceivePort calls // - // "Token" -> Thread_CheckTokenObject + // "Token" -> Thread_CheckTokenObject <- SeTokenObjectType // if (!pObRegisterCallbacks || !pObUnRegisterCallbacks) diff --git a/Sandboxie/core/drv/session.c b/Sandboxie/core/drv/session.c index 27ac8ec0..eb568177 100644 --- a/Sandboxie/core/drv/session.c +++ b/Sandboxie/core/drv/session.c @@ -87,8 +87,6 @@ typedef struct _SESSION SESSION; //--------------------------------------------------------------------------- -static BOOLEAN Session_AddObjectType(const WCHAR *TypeName); - static void Session_Unlock(KIRQL irql); static SESSION *Session_Get( @@ -115,14 +113,6 @@ static NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms); static NTSTATUS Session_Api_MonitorGetEx(PROCESS *proc, ULONG64 *parms); -//--------------------------------------------------------------------------- - - -#ifdef ALLOC_PRAGMA -#pragma alloc_text (INIT, Session_AddObjectType) -#endif // ALLOC_PRAGMA - - //--------------------------------------------------------------------------- // Variables //--------------------------------------------------------------------------- @@ -133,8 +123,6 @@ PERESOURCE Session_ListLock = NULL; volatile LONG Session_MonitorCount = 0; -static POBJECT_TYPE *Session_ObjectTypes = NULL; - //--------------------------------------------------------------------------- // Session_Init @@ -156,36 +144,6 @@ _FX BOOLEAN Session_Init(void) //Api_SetFunction(API_MONITOR_GET, Session_Api_MonitorGet); Api_SetFunction(API_MONITOR_GET_EX, Session_Api_MonitorGetEx); - // - // initialize set of recognized objects types for Session_Api_MonitorPut - // - - Session_ObjectTypes = Mem_AllocEx( - Driver_Pool, sizeof(POBJECT_TYPE) * 9, TRUE); - if (! Session_ObjectTypes) - return FALSE; - memzero(Session_ObjectTypes, sizeof(POBJECT_TYPE) * 9); - - if (! Session_AddObjectType(L"Job")) - return FALSE; - if (! Session_AddObjectType(L"Event")) - return FALSE; - if (! Session_AddObjectType(L"Mutant")) - return FALSE; - if (! Session_AddObjectType(L"Semaphore")) - return FALSE; - if (! Session_AddObjectType(L"Section")) - return FALSE; -#ifdef XP_SUPPORT - if (Driver_OsVersion < DRIVER_WINDOWS_VISTA) { - if (! Session_AddObjectType(L"Port")) - return FALSE; - } else -#endif - { - if (! Session_AddObjectType(L"ALPC Port")) - return FALSE; - } return TRUE; } @@ -206,62 +164,6 @@ _FX void Session_Unload(void) } -//--------------------------------------------------------------------------- -// Session_AddObjectType -//--------------------------------------------------------------------------- - - -_FX BOOLEAN Session_AddObjectType(const WCHAR *TypeName) -{ - NTSTATUS status; - WCHAR ObjectName[64]; - UNICODE_STRING uni; - OBJECT_ATTRIBUTES objattrs; - HANDLE handle; - OBJECT_TYPE *object; - ULONG i; - - wcscpy(ObjectName, L"\\ObjectTypes\\"); - wcscat(ObjectName, TypeName); - RtlInitUnicodeString(&uni, ObjectName); - InitializeObjectAttributes(&objattrs, - &uni, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL); - - // - // Windows 7 requires that we pass ObjectType in the second parameter - // below, while earlier versions of Windows do not require this. - // Obj_GetTypeObjectType() returns ObjectType on Windows 7, and - // NULL on earlier versions of Windows - // - - status = ObOpenObjectByName( - &objattrs, Obj_GetTypeObjectType(), KernelMode, - NULL, 0, NULL, &handle); - if (! NT_SUCCESS(status)) { - Log_Status_Ex(MSG_OBJ_HOOK_ANY_PROC, 0x44, status, TypeName); - return FALSE; - } - - status = ObReferenceObjectByHandle( - handle, 0, NULL, KernelMode, &object, NULL); - - ZwClose(handle); - - if (! NT_SUCCESS(status)) { - Log_Status_Ex(MSG_OBJ_HOOK_ANY_PROC, 0x55, status, TypeName); - return FALSE; - } - - ObDereferenceObject(object); - - for (i = 0; Session_ObjectTypes[i]; ++i) - ; - Session_ObjectTypes[i] = object; - - return TRUE; -} - - //--------------------------------------------------------------------------- // Session_Unlock //--------------------------------------------------------------------------- @@ -867,7 +769,7 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms) RtlInitUnicodeString(&objname, name); - for (i = 0; Session_ObjectTypes[i]; ++i) { + for (i = 0; Obj_ObjectTypes[i]; ++i) { // ObReferenceObjectByName needs a non-zero ObjectType // so we have to keep going through all possible object @@ -875,7 +777,7 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms) status = ObReferenceObjectByName( &objname, OBJ_CASE_INSENSITIVE, NULL, 0, - Session_ObjectTypes[i], KernelMode, NULL, + Obj_ObjectTypes[i], KernelMode, NULL, &object); if (status != STATUS_OBJECT_TYPE_MISMATCH) diff --git a/Sandboxie/install/Templates.ini b/Sandboxie/install/Templates.ini index 82320c55..143af548 100644 --- a/Sandboxie/install/Templates.ini +++ b/Sandboxie/install/Templates.ini @@ -160,14 +160,14 @@ SpecialImage=browser,PuffinSecureBrowser.exe # -# updater blockage +# updater blockage, usage: +#SoftwareUpdater=starting_image.exe,updater_path\updater_image.exe # [Template_BlockSoftwareUpdaters] - -BlockSoftwareUpdaters=y - -#SoftwareUpdater=starting_image,updater_path +#Tmpl.Title=#xxxx +#Tmpl.Class=Misc +#BlockSoftwareUpdaters=y SoftwareUpdater=firefox.exe,*\mozilla firefox\updater.exe SoftwareUpdater=firefox.exe,*\mozilla firefox\updates\*updater.exe @@ -3413,7 +3413,7 @@ RpcPortBinding=apisethost.appexecutionalias.dll,'0497b57d-2e66-424f-a0c6-157cd5d # RpcMgmtSetComTimeout presets -UseRpcMgmtSetComTimeout=AppXDeploymentClient.dll,y +#UseRpcMgmtSetComTimeout=AppXDeploymentClient.dll,y UseRpcMgmtSetComTimeout=WINNSI.DLL,n # windows proxy auto discovery diff --git a/SandboxiePlus/SandMan/Windows/PopUpWindow.cpp b/SandboxiePlus/SandMan/Windows/PopUpWindow.cpp index ecea5237..cfe6f92d 100644 --- a/SandboxiePlus/SandMan/Windows/PopUpWindow.cpp +++ b/SandboxiePlus/SandMan/Windows/PopUpWindow.cpp @@ -15,8 +15,8 @@ CPopUpWindow::CPopUpWindow(QWidget* parent) : QMainWindow(parent) flags |= Qt::CustomizeWindowHint; //flags &= ~Qt::WindowContextHelpButtonHint; //flags &= ~Qt::WindowSystemMenuHint; - flags &= ~Qt::WindowMinMaxButtonsHint; - //flags &= ~Qt::WindowMinimizeButtonHint; + //flags &= ~Qt::WindowMinMaxButtonsHint; + flags &= ~Qt::WindowMaximizeButtonHint; //flags &= ~Qt::WindowCloseButtonHint; setWindowFlags(flags); @@ -26,7 +26,7 @@ CPopUpWindow::CPopUpWindow(QWidget* parent) : QMainWindow(parent) ui.setupUi(centralWidget); this->setCentralWidget(centralWidget); - setWindowFlags(Qt::Tool); + //setWindowFlags(Qt::Tool); ui.table->verticalHeader()->hide(); ui.table->horizontalHeader()->hide();