diff --git a/Sandboxie/apps/start/aboutdlg.cpp b/Sandboxie/apps/start/aboutdlg.cpp index b33d1c2f..3c1b05c3 100644 --- a/Sandboxie/apps/start/aboutdlg.cpp +++ b/Sandboxie/apps/start/aboutdlg.cpp @@ -317,8 +317,7 @@ bool DoAboutDialog(bool bReminder) if (NT_SUCCESS(SbieApi_Call(API_GET_SECURE_PARAM, 3, L"ReminderShedule", (ULONG_PTR)&ReminderShedule, sizeof(ReminderShedule)))) { for (USHORT* Cur = ReminderShedule; (ULONG_PTR)Cur < (ULONG_PTR)ReminderShedule + sizeof(ReminderShedule) && *Cur != 0; Cur += 2) { if (Days > Cur[0]) { - if (Interval > Cur[1]) - Interval = Cur[1]; + if (Cur[1] < Interval) Interval = Cur[1]; break; } } diff --git a/Sandboxie/apps/start/start.cpp b/Sandboxie/apps/start/start.cpp index a4e2376b..dffca311 100644 --- a/Sandboxie/apps/start/start.cpp +++ b/Sandboxie/apps/start/start.cpp @@ -789,7 +789,7 @@ BOOL Parse_Command_Line(void) return TRUE; - // show abouth dialog + // show about dialog } else if (wcsncmp(cmd, about_dialog, wcslen(about_dialog)) == 0) { diff --git a/Sandboxie/common/my_version.h b/Sandboxie/common/my_version.h index 44a0b55b..1917ce8d 100644 --- a/Sandboxie/common/my_version.h +++ b/Sandboxie/common/my_version.h @@ -72,8 +72,6 @@ #define MY_AUTOPLAY_CLSID 0x7E950284, 0xE123, 0x49F4, \ { 0xB3, 0x2B, 0xA8,0x06, 0xC0, 0x90, 0xD7, 0x47 } -#define SBIECTRL_LOGO_IMAGE "../res/MastheadLogo.jpg" - #define TITLE_SUFFIX_W L" [#]" #define TITLE_SUFFIX_A " [#]" diff --git a/Sandboxie/common/ntproto.h b/Sandboxie/common/ntproto.h index 76192b96..feb7e036 100644 --- a/Sandboxie/common/ntproto.h +++ b/Sandboxie/common/ntproto.h @@ -186,8 +186,8 @@ typedef NTSTATUS (*P_NtCreateKeyTransacted)( IN ULONG TitleIndex, IN PUNICODE_STRING Class OPTIONAL, IN ULONG CreateOptions, - OUT PULONG Disposition OPTIONAL, - IN PVOID Transaction); + IN PVOID Transaction, + OUT PULONG Disposition OPTIONAL); typedef NTSTATUS (*P_NtCreateMutant)( OUT PHANDLE MutantHandle, @@ -648,6 +648,13 @@ typedef NTSTATUS (*P_NtOpenKeyTransacted)( IN POBJECT_ATTRIBUTES ObjectAttributes, IN PVOID Transaction); +typedef NTSTATUS (*P_NtOpenKeyTransactedEx)( + OUT PHANDLE KeyHandle, + IN ACCESS_MASK DesiredAccess, + IN POBJECT_ATTRIBUTES ObjectAttributes, + IN ULONG OpenOptions, + IN PVOID Transaction); + typedef NTSTATUS (*P_NtOpenMutant)( OUT PHANDLE MutantHandle, IN ACCESS_MASK DesiredAccess, diff --git a/Sandboxie/common/win32_ntddk.h b/Sandboxie/common/win32_ntddk.h index 2d6dc3a6..511de73b 100644 --- a/Sandboxie/common/win32_ntddk.h +++ b/Sandboxie/common/win32_ntddk.h @@ -306,6 +306,14 @@ NtCreateDirectoryObject( IN POBJECT_ATTRIBUTES ObjectAttributes ); +__declspec(dllimport) NTSTATUS __stdcall +NtCreateDirectoryObjectEx( + OUT PHANDLE DirectoryHandle, + IN ACCESS_MASK DesiredAccess, + IN POBJECT_ATTRIBUTES ObjectAttributes, + IN HANDLE ShadowDirectoryHandle, + IN ULONG Flags); + __declspec(dllimport) NTSTATUS __stdcall NtOpenDirectoryObject( OUT PHANDLE DirectoryHandle, @@ -1988,6 +1996,11 @@ __declspec(dllimport) NTSTATUS __stdcall NtLoadKey( POBJECT_ATTRIBUTES TargetObjectAttributes, POBJECT_ATTRIBUTES SourceObjectAttributes); +__declspec(dllimport) NTSTATUS __stdcall NtLoadKey2( + POBJECT_ATTRIBUTES TargetObjectAttributes, + POBJECT_ATTRIBUTES SourceObjectAttributes, + ULONG Flags); + __declspec(dllimport) NTSTATUS __stdcall NtSaveKey( HANDLE KeyHandle, HANDLE FileHandle); diff --git a/Sandboxie/core/dll/com.c b/Sandboxie/core/dll/com.c index 23e13bb4..19439251 100644 --- a/Sandboxie/core/dll/com.c +++ b/Sandboxie/core/dll/com.c @@ -105,9 +105,6 @@ static HRESULT __fastcall Com_CoUnmarshalInterface_W81( ULONG_PTR StreamAddr, ULONG zero, REFIID riid, void **ppv); #endif -static HRESULT Com_CoUnmarshalInterface_W10( - ULONG_PTR StreamAddr, REFIID riid,void **ppv); - static HRESULT Com_CoUnmarshalInterface( IStream *pStream, REFIID riid, void **ppv); @@ -197,8 +194,6 @@ typedef ULONG (__fastcall *P_CoUnmarshalInterface_W8)( typedef ULONG (__fastcall *P_CoUnmarshalInterface_W81)( ULONG_PTR StreamAddr, ULONG zero, REFIID riid, void **ppv); -typedef ULONG(*P_CoUnmarshalInterface_W10)( - ULONG_PTR StreamAddr, REFIID riid,void **ppv ); typedef ULONG (*P_CoMarshalInterface)( IStream *pStream, REFIID riid, IUnknown *pUnknown, @@ -239,7 +234,6 @@ P_CoUnmarshalInterface __sys_CoUnmarshalInterface = NULL; P_CoUnmarshalInterface_W8 __sys_CoUnmarshalInterface_W8 = NULL; P_CoUnmarshalInterface_W81 __sys_CoUnmarshalInterface_W81 = NULL; #endif -P_CoUnmarshalInterface_W10 __sys_CoUnmarshalInterface_W10 = NULL; P_CoMarshalInterface __sys_CoMarshalInterface = NULL; P_CoGetPSClsid __sys_CoGetPSClsid = NULL; @@ -898,12 +892,6 @@ _FX BOOLEAN Com_Hook_CoUnmarshalInterface_W8(UCHAR *code, HMODULE module) // have to do some __fastcall magic. see Com_CoUnmarshalInterface_W8 // - P_CoUnmarshalInterface_W10 CoUnmarshalInterface_W10 = (P_CoUnmarshalInterface_W10)GetProcAddress(GetModuleHandle(L"combase.dll"), "CoUnmarshalInterface"); - if (CoUnmarshalInterface_W10) { - SBIEDLL_HOOK(Com_, CoUnmarshalInterface_W10); - return TRUE; - } - #ifdef _WIN64 if (Dll_OsBuild >= 15002) { // Windows 10 1703 preview @@ -1114,50 +1102,8 @@ _FX HRESULT __fastcall Com_CoUnmarshalInterface_W81( return Com_CoUnmarshalInterface_Common(pStream, riid, ppv, &posl); } - - -_FX HRESULT Com_CoUnmarshalInterface_W10( - ULONG_PTR StreamAddr, REFIID riid, void **ppv) -{ - const HRESULT HR_OR_INVALID_OXID = - MAKE_HRESULT(SEVERITY_ERROR, FACILITY_WIN32, OR_INVALID_OXID); - HRESULT hr; - LARGE_INTEGER posl; - ULARGE_INTEGER posu; - // - // on 32-bit Windows 8.1, combase!_CoUnmarshalInterface is a true - // fastcall function which gets its second argument in edx. this is - // unlike the Windows 8 version which gets the second argument on the - // stack, which requires a small trick with ULONG64 (see above) - // - - IStream *pStream = (IStream *)StreamAddr; - - // - // first invoke the COM unmarshaller. it returns OR_INVALID_OXID - // when the interface was marshalled in SbieSvc, because SbieSvc - // uses a different epmapper than the sandboxed epmapper - // - - posl.QuadPart = 0; - hr = IStream_Seek(pStream, posl, STREAM_SEEK_CUR, &posu); - if (FAILED(hr)) - return hr; - - hr = __sys_CoUnmarshalInterface_W10(StreamAddr, riid, ppv); - if (hr != HR_OR_INVALID_OXID) - return hr; - - posl.QuadPart = posu.QuadPart; - hr = IStream_Seek(pStream, posl, STREAM_SEEK_SET, &posu); - if (FAILED(hr)) - return hr; - - return Com_CoUnmarshalInterface_Common(pStream, riid, ppv, &posl); -} #endif - //--------------------------------------------------------------------------- // Com_CoUnmarshalInterface //--------------------------------------------------------------------------- diff --git a/Sandboxie/core/dll/config.c b/Sandboxie/core/dll/config.c index 4b3dd604..b37f2b8a 100644 --- a/Sandboxie/core/dll/config.c +++ b/Sandboxie/core/dll/config.c @@ -23,7 +23,7 @@ #define NOGDI #include "dll.h" #include "common/pool.h" -#include "common\pattern.h" +#include "common/pattern.h" #include "core/svc/SbieIniWire.h" //--------------------------------------------------------------------------- diff --git a/Sandboxie/core/dll/custom.c b/Sandboxie/core/dll/custom.c index d67c4c44..5c40a32e 100644 --- a/Sandboxie/core/dll/custom.c +++ b/Sandboxie/core/dll/custom.c @@ -1463,9 +1463,7 @@ _FX BOOLEAN Custom_OsppcDll(HMODULE module) InitializeObjectAttributes( &objattrs, &uni, OBJ_CASE_INSENSITIVE, NULL, NULL); - RtlInitUnicodeString(&uni, - L"\\registry\\user\\current\\software" - L"\\Microsoft\\Office\\14.0"); + RtlInitUnicodeString(&uni, L"\\registry\\user\\current\\software\\Microsoft\\Office\\14.0"); status = Key_OpenIfBoxed(&hOfficeKey, KEY_ALL_ACCESS | Wow64, &objattrs); if (! NT_SUCCESS(status)) diff --git a/Sandboxie/core/dll/dllmain.c b/Sandboxie/core/dll/dllmain.c index 578a8f4c..623890a0 100644 --- a/Sandboxie/core/dll/dllmain.c +++ b/Sandboxie/core/dll/dllmain.c @@ -309,7 +309,9 @@ _FX void Dll_InitInjected(void) while (!IsDebuggerPresent()) { OutputDebugString(L"Waiting for Debugger\n"); Sleep(500); - } __debugbreak(); + } + if(!SbieApi_QueryConfBool(NULL, L"WaitForDebuggerSilent", TRUE)) + __debugbreak(); } diff --git a/Sandboxie/core/dll/key.c b/Sandboxie/core/dll/key.c index 3267d619..feca0596 100644 --- a/Sandboxie/core/dll/key.c +++ b/Sandboxie/core/dll/key.c @@ -419,12 +419,12 @@ _FX BOOLEAN Key_Init(void) SBIEDLL_HOOK(Key_,NtNotifyChangeMultipleKeys); void* NtRenameKey = GetProcAddress(Dll_Ntdll, "NtRenameKey"); - if (NtRenameKey) { + if (NtRenameKey) { // Windows XP SBIEDLL_HOOK(Key_,NtRenameKey); } void* NtOpenKeyEx = GetProcAddress(Dll_Ntdll, "NtOpenKeyEx"); - if (NtOpenKeyEx) { + if (NtOpenKeyEx) { // windows server 2008 R2 SBIEDLL_HOOK(Key_, NtOpenKeyEx); } @@ -432,22 +432,20 @@ _FX BOOLEAN Key_Init(void) SBIEDLL_HOOK(Key_, NtSaveKey); void* NtSaveKeyEx = GetProcAddress(Dll_Ntdll, "NtSaveKeyEx"); - if (NtSaveKeyEx) { + if (NtSaveKeyEx) { // Windows XP SBIEDLL_HOOK(Key_,NtSaveKeyEx); } SBIEDLL_HOOK(Key_, NtLoadKey); + SBIEDLL_HOOK(Key_, NtLoadKey2); - void* NtLoadKey2 = GetProcAddress(Dll_Ntdll, "NtLoadKey2"); - if (NtLoadKey2) { - SBIEDLL_HOOK(Key_,NtLoadKey2); - } void* NtLoadKey3 = GetProcAddress(Dll_Ntdll, "NtLoadKey3"); - if (NtLoadKey3) { + if (NtLoadKey3) { // Windows 10 2004 SBIEDLL_HOOK(Key_,NtLoadKey3); } + void* NtLoadKeyEx = GetProcAddress(Dll_Ntdll, "NtLoadKeyEx"); - if (NtLoadKeyEx) { + if (NtLoadKeyEx) { // Windows Server 2003 SBIEDLL_HOOK(Key_,NtLoadKeyEx); } @@ -2869,6 +2867,7 @@ _FX NTSTATUS Key_NtQueryKeyImpl( KeyInformationClass != KeyCachedInformation) { status = STATUS_INVALID_PARAMETER; + SbieApi_Log(2205, L"NtQueryKeyImpl KeyInfo: %d", KeyInformationClass); __leave; } @@ -3046,6 +3045,7 @@ _FX NTSTATUS Key_NtEnumerateKey( KeyInformationClass != KeyNodeInformation && KeyInformationClass != KeyFullInformation) { + SbieApi_Log(2205, L"NtEnumerateKey KeyInfo: %d", KeyInformationClass); status = STATUS_INVALID_PARAMETER; __leave; } diff --git a/Sandboxie/core/drv/process_api.c b/Sandboxie/core/drv/process_api.c index 3a066c15..33da09f8 100644 --- a/Sandboxie/core/drv/process_api.c +++ b/Sandboxie/core/drv/process_api.c @@ -434,34 +434,33 @@ _FX NTSTATUS Process_Api_QueryInfo(PROCESS *proc, ULONG64 *parms) if(is_caller_sandboxed || (args->info_type.val == 'itok' && !Session_CheckAdminAccess(TRUE))) status = STATUS_ACCESS_DENIED; + else if(!proc->threads_lock) + status = STATUS_NOT_FOUND; else { HANDLE tid = (HANDLE)(args->ext_data.val); - THREAD *thrd = Thread_GetByThreadId(proc, tid); + KIRQL irql2; + KeRaiseIrql(APC_LEVEL, &irql2); + ExAcquireResourceExclusiveLite(proc->threads_lock, TRUE); + + THREAD *thrd = Thread_GetOrCreate(proc, tid, FALSE); if (thrd) { if (args->info_type.val == 'ttok') { *data = thrd->token_object ? TRUE : FALSE; } - else + else //if (args->info_type.val == 'itok') { - KIRQL irql2; void* ImpersonationTokenObject; - KeRaiseIrql(APC_LEVEL, &irql2); - ExAcquireResourceExclusiveLite(proc->threads_lock, TRUE); - ImpersonationTokenObject = thrd->token_object; if (ImpersonationTokenObject) { ObReferenceObject(ImpersonationTokenObject); } - ExReleaseResourceLite(proc->threads_lock); - KeLowerIrql(irql2); - if (ImpersonationTokenObject) { HANDLE MyTokenHandle; @@ -474,9 +473,14 @@ _FX NTSTATUS Process_Api_QueryInfo(PROCESS *proc, ULONG64 *parms) else status = STATUS_NO_IMPERSONATION_TOKEN; } + //else + // status = STATUS_INVALID_PARAMETER; } else status = STATUS_NOT_FOUND; + + ExReleaseResourceLite(proc->threads_lock); + KeLowerIrql(irql2); } } else if (args->info_type.val == 'ippt') { // is primary process token diff --git a/Sandboxie/core/drv/thread.c b/Sandboxie/core/drv/thread.c index 131f600a..c3a8ea92 100644 --- a/Sandboxie/core/drv/thread.c +++ b/Sandboxie/core/drv/thread.c @@ -41,7 +41,7 @@ static void Thread_Notify(HANDLE ProcessId, HANDLE ThreadId, BOOLEAN Create); static PROCESS *Thread_FindAndInitProcess( PROCESS *proc1, void *ProcessObject2, KIRQL *out_irql); -static THREAD *Thread_GetOrCreate(PROCESS *proc, HANDLE tid, BOOLEAN create); +THREAD *Thread_GetOrCreate(PROCESS *proc, HANDLE tid, BOOLEAN create); static NTSTATUS Thread_MyImpersonateClient( PETHREAD ThreadObject, void *TokenObject, diff --git a/Sandboxie/core/drv/thread.h b/Sandboxie/core/drv/thread.h index 9df467f1..6f2ada46 100644 --- a/Sandboxie/core/drv/thread.h +++ b/Sandboxie/core/drv/thread.h @@ -93,6 +93,7 @@ NTSTATUS Thread_CheckTokenObject( PROCESS *proc, void *Object, ACCESS_MASK GrantedAccess); THREAD *Thread_GetByThreadId(PROCESS *proc, HANDLE tid); +THREAD *Thread_GetOrCreate(PROCESS *proc, HANDLE tid, BOOLEAN create); NTSTATUS Thread_CheckObject_Common( PROCESS *proc, PEPROCESS ProcessObject, diff --git a/Sandboxie/core/drv/verify.c b/Sandboxie/core/drv/verify.c index f3199a28..55aa65f6 100644 --- a/Sandboxie/core/drv/verify.c +++ b/Sandboxie/core/drv/verify.c @@ -17,6 +17,7 @@ */ #include "driver.h" +#include "util.h" #include @@ -482,7 +483,7 @@ _FX LONGLONG KphGetDateInterval(CSHORT days, CSHORT months, CSHORT years) #define SOFTWARE_NAME L"Sandboxie-Plus" -union SCertInfo { +union _SCertInfo { ULONGLONG State; struct { ULONG @@ -490,7 +491,8 @@ union SCertInfo { expired : 1, // certificate is expired but may be active outdated : 1, // certificate is expired, not anymore valid for the current build business : 1, // certificate is siutable for business use - reservd_1 : 4, + evaluation: 1, // evaluation certificate + reservd_1 : 3, reservd_2 : 8, reservd_3 : 8, reservd_4 : 8; @@ -524,6 +526,8 @@ _FX NTSTATUS KphValidateCertificate(void) //WCHAR* key = NULL; LARGE_INTEGER cert_date = { 0 }; + Verify_CertInfo.State = 0; // clear + if(!NT_SUCCESS(status = MyInitHash(&hashObj))) goto CleanupExit; @@ -682,7 +686,6 @@ _FX NTSTATUS KphValidateCertificate(void) status = KphVerifySignature(hash, hashSize, signature, signatureSize); - Verify_CertInfo.State = 0; // clear if (NT_SUCCESS(status)) { Verify_CertInfo.valid = 1; @@ -722,8 +725,8 @@ _FX NTSTATUS KphValidateCertificate(void) #define TEST_CERT_DATE(days, months, years) \ if ((cert_date.QuadPart + KphGetDateInterval(days, months, years)) < LocalTime.QuadPart){ \ Verify_CertInfo.expired = 1; \ - } else \ - Verify_CertInfo.expirers_in_sec = (ULONG)(((cert_date.QuadPart + KphGetDateInterval(0, 0, 1)) - LocalTime.QuadPart) / 10000000ll); // 100ns steps -> 1sec + } \ + Verify_CertInfo.expirers_in_sec = (ULONG)(((cert_date.QuadPart + KphGetDateInterval(days, months, years)) - LocalTime.QuadPart) / 10000000ll); // 100ns steps -> 1sec // Check if the certificate is valid for the current build, failing this locks features out #define TEST_VALIDITY(days, months, years) \ @@ -756,6 +759,7 @@ _FX NTSTATUS KphValidateCertificate(void) } } else if (type && _wcsicmp(type, L"EVALUATION") == 0) { + Verify_CertInfo.evaluation = 1; // evaluation if (level) { // in days TEST_EXPIRATION((CSHORT)_wtoi(level), 0, 0); diff --git a/Sandboxie/core/svc/sbieiniserver.cpp b/Sandboxie/core/svc/sbieiniserver.cpp index c985e3ff..7860a88f 100644 --- a/Sandboxie/core/svc/sbieiniserver.cpp +++ b/Sandboxie/core/svc/sbieiniserver.cpp @@ -938,7 +938,7 @@ finish: // set a ini header with a descriptive comment m_pConfigIni->Sections.push_back(SIniSection{ L"" }); m_pConfigIni->Sections.back().Entries.push_back(SIniEntry{ L"", L"#" }); - m_pConfigIni->Sections.back().Entries.push_back(SIniEntry{ L"", L"# Sandboxie-Plus configuration file" }); + m_pConfigIni->Sections.back().Entries.push_back(SIniEntry{ L"", L"# Sandboxie configuration file" }); m_pConfigIni->Sections.back().Entries.push_back(SIniEntry{ L"", L"#" }); m_pConfigIni->Sections.push_back(SIniSection{ L"GlobalSettings" });