From a2745b32c2094a61040e069d8d62dda4a81173bd Mon Sep 17 00:00:00 2001
From: DavidXanatos <xanatosdavid@gmail.com>
Date: Thu, 3 Feb 2022 19:17:15 +0100
Subject: [PATCH] 1.0.10

---
 CHANGELOG.md              |   3 +-
 Sandboxie/core/dll/proc.c | 163 +++++++++++++++++++-------------------
 2 files changed, 85 insertions(+), 81 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 85ffe90b..ab1fb828 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@ todo:- add reset ui ooption
 
 ### Changed
 - HideHostProcess=program.exe can now be used to hide sandboxie services [#1336](https://github.com/sandboxie-plus/Sandboxie/issues/1336)
+- updater blocking is now done using a template with BlockSoftwareUpdaters
 
 ### Fixed
 - fixed a couple issues with the new breakout process feature and improved security (thanks Diversenok)
@@ -21,7 +22,7 @@ todo:- add reset ui ooption
 - fixed issue handling commandline invokation [#1133](https://github.com/sandboxie-plus/Sandboxie/issues/1133)
 - fixed ui issue with main window state when switching always on top attribute [#1169](https://github.com/sandboxie-plus/Sandboxie/issues/1169)
 - fixed issue with box context menu in tray list [1106](https://github.com/sandboxie-plus/Sandboxie/issues/1106)
-- fixed firefox updates not being properly blocked
+
 
 
 
diff --git a/Sandboxie/core/dll/proc.c b/Sandboxie/core/dll/proc.c
index 4cf08c47..1125f5e0 100644
--- a/Sandboxie/core/dll/proc.c
+++ b/Sandboxie/core/dll/proc.c
@@ -131,7 +131,7 @@ static BOOLEAN Proc_CheckMailer(const WCHAR *ImagePath, BOOLEAN IsBoxedPath);
 
 static BOOLEAN Proc_IsSoftwareUpdateW(const WCHAR *path);
 
-static BOOLEAN Proc_IsProcessRunning(const WCHAR *ImageToFind);
+//static BOOLEAN Proc_IsProcessRunning(const WCHAR *ImageToFind);
 
 static BOOLEAN Proc_IsSplWow64(
     const WCHAR *lpApplicationName, const WCHAR *lpCommandLine,
@@ -2275,8 +2275,8 @@ _FX BOOLEAN Proc_CheckMailer(const WCHAR *ImagePath, BOOLEAN IsBoxedPath)
 
 _FX BOOLEAN Proc_IsSoftwareUpdateW(const WCHAR *path)
 {
-    WCHAR *MatchExe, **MatchDirs, *SoftName;
-    WCHAR *backslash;
+    //WCHAR *MatchExe, **MatchDirs, *SoftName;
+    //WCHAR *backslash;
     ULONG mp_flags;
     BOOLEAN IsUpdate;
 
@@ -2300,61 +2300,63 @@ _FX BOOLEAN Proc_IsSoftwareUpdateW(const WCHAR *path)
     // which was not installed into the sandbox
     //
 
-    if (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX) {
-
-        MatchExe = L"updater.exe";
-        static WCHAR* Dirs[] = { L"\\mozilla firefox\\updates\\" , L"\\mozilla\\updates\\", L"\\mozilla firefox\\", L""};
-        MatchDirs = Dirs;
-        SoftName = L"Mozilla Firefox";
-
-    } else if (Dll_ImageType == DLL_IMAGE_GOOGLE_UPDATE) {
-
-        if (! Proc_IsProcessRunning(L"chrome.exe"))
-            return FALSE;
-
-        MatchExe = L"chrome_installer.exe";
-        static WCHAR* Dirs[] = { L"\\google\\update\\", L""};
-        MatchDirs = Dirs;
-        SoftName = L"Google Chrome";
-
-    } else if (Dll_ImageType == DLL_IMAGE_SANDBOXIE_DCOMLAUNCH) {
-
-        if (! Proc_IsProcessRunning(L"msedge.exe"))
-            return FALSE;
-
-        MatchExe = L"microsoftedgeupdatebroker.exe";
-        static WCHAR* Dirs[] = { L"\\microsoft\\edgeupdate", L""};
-        MatchDirs = Dirs;
-        SoftName = L"Microsoft Edge";
-
-    } else
-        return FALSE;
+    //if (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX) {
+    //
+    //    MatchExe = L"updater.exe";
+    //    static WCHAR* Dirs[] = { L"\\mozilla firefox\\updates\\" , L"\\mozilla\\updates\\", L"\\mozilla firefox\\", L""};
+    //    MatchDirs = Dirs;
+    //    SoftName = L"Mozilla Firefox";
+    //
+    //} else if (Dll_ImageType == DLL_IMAGE_GOOGLE_UPDATE) {
+    //
+    //    if (! Proc_IsProcessRunning(L"chrome.exe"))
+    //        return FALSE;
+    //
+    //    MatchExe = L"chrome_installer.exe";
+    //    static WCHAR* Dirs[] = { L"\\google\\update\\", L""};
+    //    MatchDirs = Dirs;
+    //    SoftName = L"Google Chrome";
+    //
+    //} else if (Dll_ImageType == DLL_IMAGE_SANDBOXIE_DCOMLAUNCH) {
+    //
+    //    if (! Proc_IsProcessRunning(L"msedge.exe"))
+    //        return FALSE;
+    //
+    //    MatchExe = L"microsoftedgeupdatebroker.exe";
+    //    static WCHAR* Dirs[] = { L"\\microsoft\\edgeupdate", L""};
+    //    MatchDirs = Dirs;
+    //    SoftName = L"Microsoft Edge";
+    //
+    //} else
+    //    return FALSE;
 
     //
     // check if launching an update process
     //
 
-    IsUpdate = FALSE;
+    //IsUpdate = FALSE;
+    //
+    //backslash = wcsrchr(path, L'\\');
+    //if (backslash && _wcsnicmp(backslash + 1, MatchExe, wcslen(MatchExe)) == 0) {
+    //
+    //    ULONG len = wcslen(path) + 1;
+    //    WCHAR *path2 = Dll_AllocTemp(len * sizeof(WCHAR));
+    //    wmemcpy(path2, path, len);
+    //    _wcslwr(path2);
+    //
+    //    for (WCHAR** MatchDir = MatchDirs; (*MatchDir)[0] != L'\0'; MatchDir++) {
+    //
+    //        if (wcsstr(path2, *MatchDir)) {
+    //
+    //            IsUpdate = TRUE;
+    //            break;
+    //        }
+    //    }
+    //
+    //    Dll_Free(path2);
+    //}
 
-    backslash = wcsrchr(path, L'\\');
-    if (backslash && _wcsnicmp(backslash + 1, MatchExe, wcslen(MatchExe)) == 0) {
-
-        ULONG len = wcslen(path) + 1;
-        WCHAR *path2 = Dll_AllocTemp(len * sizeof(WCHAR));
-        wmemcpy(path2, path, len);
-        _wcslwr(path2);
-
-        for (WCHAR** MatchDir = MatchDirs; (*MatchDir)[0] != L'\0'; MatchDir++) {
-
-            if (wcsstr(path2, *MatchDir)) {
-
-                IsUpdate = TRUE;
-                break;
-            }
-        }
-
-        Dll_Free(path2);
-    }
+    IsUpdate = SbieDll_CheckPatternInList(path, wcslen(path), NULL, L"SoftwareUpdater");
 
     //
     // issue message and return
@@ -2362,7 +2364,8 @@ _FX BOOLEAN Proc_IsSoftwareUpdateW(const WCHAR *path)
 
     if (IsUpdate) {
 
-        SbieApi_Log(2191, SoftName);
+        //SbieApi_Log(2191, SoftName);
+        SbieApi_Log(2191, Dll_ImageName);
         SbieApi_Log(2192, NULL);
         SbieApi_Log(2193, NULL);
     }
@@ -2376,33 +2379,33 @@ _FX BOOLEAN Proc_IsSoftwareUpdateW(const WCHAR *path)
 //---------------------------------------------------------------------------
 
 
-_FX BOOLEAN Proc_IsProcessRunning(const WCHAR *ImageToFind)
-{
-    ULONG *pids, i;
-    BOOLEAN found = FALSE;
-
-    ULONG pid_count = 0;
-    SbieApi_EnumProcessEx(NULL, FALSE, -1, NULL, &pid_count); // query count
-    pid_count += 128;
-
-    pids = Dll_AllocTemp(sizeof(ULONG) * pid_count);
-    SbieApi_EnumProcessEx(NULL, FALSE, -1, pids, &pid_count); // query pids
-
-    for (i = 0; i < pid_count; ++i) {
-
-        WCHAR image[128];
-        HANDLE pids_i = (HANDLE) (ULONG_PTR) pids[i];
-        SbieApi_QueryProcess(pids_i, NULL, image, NULL, NULL);
-        if (_wcsicmp(image, ImageToFind) == 0) {
-
-            found = TRUE;
-            break;
-        }
-    }
-
-    Dll_Free(pids);
-    return found;
-}
+//_FX BOOLEAN Proc_IsProcessRunning(const WCHAR *ImageToFind)
+//{
+//    ULONG *pids, i;
+//    BOOLEAN found = FALSE;
+//
+//    ULONG pid_count = 0;
+//    SbieApi_EnumProcessEx(NULL, FALSE, -1, NULL, &pid_count); // query count
+//    pid_count += 128;
+//
+//    pids = Dll_AllocTemp(sizeof(ULONG) * pid_count);
+//    SbieApi_EnumProcessEx(NULL, FALSE, -1, pids, &pid_count); // query pids
+//
+//    for (i = 0; i < pid_count; ++i) {
+//
+//        WCHAR image[128];
+//        HANDLE pids_i = (HANDLE) (ULONG_PTR) pids[i];
+//        SbieApi_QueryProcess(pids_i, NULL, image, NULL, NULL);
+//        if (_wcsicmp(image, ImageToFind) == 0) {
+//
+//            found = TRUE;
+//            break;
+//        }
+//    }
+//
+//    Dll_Free(pids);
+//    return found;
+//}
 
 
 //---------------------------------------------------------------------------