1.5.0
This commit is contained in:
parent
e00cacb0b9
commit
a5629b36b4
|
@ -317,8 +317,7 @@ bool DoAboutDialog(bool bReminder)
|
|||
if (NT_SUCCESS(SbieApi_Call(API_GET_SECURE_PARAM, 3, L"ReminderShedule", (ULONG_PTR)&ReminderShedule, sizeof(ReminderShedule)))) {
|
||||
for (USHORT* Cur = ReminderShedule; (ULONG_PTR)Cur < (ULONG_PTR)ReminderShedule + sizeof(ReminderShedule) && *Cur != 0; Cur += 2) {
|
||||
if (Days > Cur[0]) {
|
||||
if (Interval > Cur[1])
|
||||
Interval = Cur[1];
|
||||
if (Cur[1] < Interval) Interval = Cur[1];
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -789,7 +789,7 @@ BOOL Parse_Command_Line(void)
|
|||
|
||||
return TRUE;
|
||||
|
||||
// show abouth dialog
|
||||
// show about dialog
|
||||
|
||||
} else if (wcsncmp(cmd, about_dialog, wcslen(about_dialog)) == 0) {
|
||||
|
||||
|
|
|
@ -72,8 +72,6 @@
|
|||
#define MY_AUTOPLAY_CLSID 0x7E950284, 0xE123, 0x49F4, \
|
||||
{ 0xB3, 0x2B, 0xA8,0x06, 0xC0, 0x90, 0xD7, 0x47 }
|
||||
|
||||
#define SBIECTRL_LOGO_IMAGE "../res/MastheadLogo.jpg"
|
||||
|
||||
#define TITLE_SUFFIX_W L" [#]"
|
||||
#define TITLE_SUFFIX_A " [#]"
|
||||
|
||||
|
|
|
@ -186,8 +186,8 @@ typedef NTSTATUS (*P_NtCreateKeyTransacted)(
|
|||
IN ULONG TitleIndex,
|
||||
IN PUNICODE_STRING Class OPTIONAL,
|
||||
IN ULONG CreateOptions,
|
||||
OUT PULONG Disposition OPTIONAL,
|
||||
IN PVOID Transaction);
|
||||
IN PVOID Transaction,
|
||||
OUT PULONG Disposition OPTIONAL);
|
||||
|
||||
typedef NTSTATUS (*P_NtCreateMutant)(
|
||||
OUT PHANDLE MutantHandle,
|
||||
|
@ -648,6 +648,13 @@ typedef NTSTATUS (*P_NtOpenKeyTransacted)(
|
|||
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
||||
IN PVOID Transaction);
|
||||
|
||||
typedef NTSTATUS (*P_NtOpenKeyTransactedEx)(
|
||||
OUT PHANDLE KeyHandle,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
||||
IN ULONG OpenOptions,
|
||||
IN PVOID Transaction);
|
||||
|
||||
typedef NTSTATUS (*P_NtOpenMutant)(
|
||||
OUT PHANDLE MutantHandle,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
|
|
|
@ -306,6 +306,14 @@ NtCreateDirectoryObject(
|
|||
IN POBJECT_ATTRIBUTES ObjectAttributes
|
||||
);
|
||||
|
||||
__declspec(dllimport) NTSTATUS __stdcall
|
||||
NtCreateDirectoryObjectEx(
|
||||
OUT PHANDLE DirectoryHandle,
|
||||
IN ACCESS_MASK DesiredAccess,
|
||||
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
||||
IN HANDLE ShadowDirectoryHandle,
|
||||
IN ULONG Flags);
|
||||
|
||||
__declspec(dllimport) NTSTATUS __stdcall
|
||||
NtOpenDirectoryObject(
|
||||
OUT PHANDLE DirectoryHandle,
|
||||
|
@ -1988,6 +1996,11 @@ __declspec(dllimport) NTSTATUS __stdcall NtLoadKey(
|
|||
POBJECT_ATTRIBUTES TargetObjectAttributes,
|
||||
POBJECT_ATTRIBUTES SourceObjectAttributes);
|
||||
|
||||
__declspec(dllimport) NTSTATUS __stdcall NtLoadKey2(
|
||||
POBJECT_ATTRIBUTES TargetObjectAttributes,
|
||||
POBJECT_ATTRIBUTES SourceObjectAttributes,
|
||||
ULONG Flags);
|
||||
|
||||
__declspec(dllimport) NTSTATUS __stdcall NtSaveKey(
|
||||
HANDLE KeyHandle,
|
||||
HANDLE FileHandle);
|
||||
|
|
|
@ -105,9 +105,6 @@ static HRESULT __fastcall Com_CoUnmarshalInterface_W81(
|
|||
ULONG_PTR StreamAddr, ULONG zero, REFIID riid, void **ppv);
|
||||
#endif
|
||||
|
||||
static HRESULT Com_CoUnmarshalInterface_W10(
|
||||
ULONG_PTR StreamAddr, REFIID riid,void **ppv);
|
||||
|
||||
static HRESULT Com_CoUnmarshalInterface(
|
||||
IStream *pStream, REFIID riid, void **ppv);
|
||||
|
||||
|
@ -197,8 +194,6 @@ typedef ULONG (__fastcall *P_CoUnmarshalInterface_W8)(
|
|||
typedef ULONG (__fastcall *P_CoUnmarshalInterface_W81)(
|
||||
ULONG_PTR StreamAddr, ULONG zero, REFIID riid, void **ppv);
|
||||
|
||||
typedef ULONG(*P_CoUnmarshalInterface_W10)(
|
||||
ULONG_PTR StreamAddr, REFIID riid,void **ppv );
|
||||
|
||||
typedef ULONG (*P_CoMarshalInterface)(
|
||||
IStream *pStream, REFIID riid, IUnknown *pUnknown,
|
||||
|
@ -239,7 +234,6 @@ P_CoUnmarshalInterface __sys_CoUnmarshalInterface = NULL;
|
|||
P_CoUnmarshalInterface_W8 __sys_CoUnmarshalInterface_W8 = NULL;
|
||||
P_CoUnmarshalInterface_W81 __sys_CoUnmarshalInterface_W81 = NULL;
|
||||
#endif
|
||||
P_CoUnmarshalInterface_W10 __sys_CoUnmarshalInterface_W10 = NULL;
|
||||
P_CoMarshalInterface __sys_CoMarshalInterface = NULL;
|
||||
|
||||
P_CoGetPSClsid __sys_CoGetPSClsid = NULL;
|
||||
|
@ -898,12 +892,6 @@ _FX BOOLEAN Com_Hook_CoUnmarshalInterface_W8(UCHAR *code, HMODULE module)
|
|||
// have to do some __fastcall magic. see Com_CoUnmarshalInterface_W8
|
||||
//
|
||||
|
||||
P_CoUnmarshalInterface_W10 CoUnmarshalInterface_W10 = (P_CoUnmarshalInterface_W10)GetProcAddress(GetModuleHandle(L"combase.dll"), "CoUnmarshalInterface");
|
||||
if (CoUnmarshalInterface_W10) {
|
||||
SBIEDLL_HOOK(Com_, CoUnmarshalInterface_W10);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
#ifdef _WIN64
|
||||
|
||||
if (Dll_OsBuild >= 15002) { // Windows 10 1703 preview
|
||||
|
@ -1114,50 +1102,8 @@ _FX HRESULT __fastcall Com_CoUnmarshalInterface_W81(
|
|||
|
||||
return Com_CoUnmarshalInterface_Common(pStream, riid, ppv, &posl);
|
||||
}
|
||||
|
||||
|
||||
_FX HRESULT Com_CoUnmarshalInterface_W10(
|
||||
ULONG_PTR StreamAddr, REFIID riid, void **ppv)
|
||||
{
|
||||
const HRESULT HR_OR_INVALID_OXID =
|
||||
MAKE_HRESULT(SEVERITY_ERROR, FACILITY_WIN32, OR_INVALID_OXID);
|
||||
HRESULT hr;
|
||||
LARGE_INTEGER posl;
|
||||
ULARGE_INTEGER posu;
|
||||
//
|
||||
// on 32-bit Windows 8.1, combase!_CoUnmarshalInterface is a true
|
||||
// fastcall function which gets its second argument in edx. this is
|
||||
// unlike the Windows 8 version which gets the second argument on the
|
||||
// stack, which requires a small trick with ULONG64 (see above)
|
||||
//
|
||||
|
||||
IStream *pStream = (IStream *)StreamAddr;
|
||||
|
||||
//
|
||||
// first invoke the COM unmarshaller. it returns OR_INVALID_OXID
|
||||
// when the interface was marshalled in SbieSvc, because SbieSvc
|
||||
// uses a different epmapper than the sandboxed epmapper
|
||||
//
|
||||
|
||||
posl.QuadPart = 0;
|
||||
hr = IStream_Seek(pStream, posl, STREAM_SEEK_CUR, &posu);
|
||||
if (FAILED(hr))
|
||||
return hr;
|
||||
|
||||
hr = __sys_CoUnmarshalInterface_W10(StreamAddr, riid, ppv);
|
||||
if (hr != HR_OR_INVALID_OXID)
|
||||
return hr;
|
||||
|
||||
posl.QuadPart = posu.QuadPart;
|
||||
hr = IStream_Seek(pStream, posl, STREAM_SEEK_SET, &posu);
|
||||
if (FAILED(hr))
|
||||
return hr;
|
||||
|
||||
return Com_CoUnmarshalInterface_Common(pStream, riid, ppv, &posl);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Com_CoUnmarshalInterface
|
||||
//---------------------------------------------------------------------------
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
#define NOGDI
|
||||
#include "dll.h"
|
||||
#include "common/pool.h"
|
||||
#include "common\pattern.h"
|
||||
#include "common/pattern.h"
|
||||
#include "core/svc/SbieIniWire.h"
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
|
|
|
@ -1463,9 +1463,7 @@ _FX BOOLEAN Custom_OsppcDll(HMODULE module)
|
|||
InitializeObjectAttributes(
|
||||
&objattrs, &uni, OBJ_CASE_INSENSITIVE, NULL, NULL);
|
||||
|
||||
RtlInitUnicodeString(&uni,
|
||||
L"\\registry\\user\\current\\software"
|
||||
L"\\Microsoft\\Office\\14.0");
|
||||
RtlInitUnicodeString(&uni, L"\\registry\\user\\current\\software\\Microsoft\\Office\\14.0");
|
||||
|
||||
status = Key_OpenIfBoxed(&hOfficeKey, KEY_ALL_ACCESS | Wow64, &objattrs);
|
||||
if (! NT_SUCCESS(status))
|
||||
|
|
|
@ -309,7 +309,9 @@ _FX void Dll_InitInjected(void)
|
|||
while (!IsDebuggerPresent()) {
|
||||
OutputDebugString(L"Waiting for Debugger\n");
|
||||
Sleep(500);
|
||||
} __debugbreak();
|
||||
}
|
||||
if(!SbieApi_QueryConfBool(NULL, L"WaitForDebuggerSilent", TRUE))
|
||||
__debugbreak();
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -419,12 +419,12 @@ _FX BOOLEAN Key_Init(void)
|
|||
SBIEDLL_HOOK(Key_,NtNotifyChangeMultipleKeys);
|
||||
|
||||
void* NtRenameKey = GetProcAddress(Dll_Ntdll, "NtRenameKey");
|
||||
if (NtRenameKey) {
|
||||
if (NtRenameKey) { // Windows XP
|
||||
SBIEDLL_HOOK(Key_,NtRenameKey);
|
||||
}
|
||||
|
||||
void* NtOpenKeyEx = GetProcAddress(Dll_Ntdll, "NtOpenKeyEx");
|
||||
if (NtOpenKeyEx) {
|
||||
if (NtOpenKeyEx) { // windows server 2008 R2
|
||||
SBIEDLL_HOOK(Key_, NtOpenKeyEx);
|
||||
}
|
||||
|
||||
|
@ -432,22 +432,20 @@ _FX BOOLEAN Key_Init(void)
|
|||
SBIEDLL_HOOK(Key_, NtSaveKey);
|
||||
|
||||
void* NtSaveKeyEx = GetProcAddress(Dll_Ntdll, "NtSaveKeyEx");
|
||||
if (NtSaveKeyEx) {
|
||||
if (NtSaveKeyEx) { // Windows XP
|
||||
SBIEDLL_HOOK(Key_,NtSaveKeyEx);
|
||||
}
|
||||
|
||||
SBIEDLL_HOOK(Key_, NtLoadKey);
|
||||
SBIEDLL_HOOK(Key_, NtLoadKey2);
|
||||
|
||||
void* NtLoadKey2 = GetProcAddress(Dll_Ntdll, "NtLoadKey2");
|
||||
if (NtLoadKey2) {
|
||||
SBIEDLL_HOOK(Key_,NtLoadKey2);
|
||||
}
|
||||
void* NtLoadKey3 = GetProcAddress(Dll_Ntdll, "NtLoadKey3");
|
||||
if (NtLoadKey3) {
|
||||
if (NtLoadKey3) { // Windows 10 2004
|
||||
SBIEDLL_HOOK(Key_,NtLoadKey3);
|
||||
}
|
||||
|
||||
void* NtLoadKeyEx = GetProcAddress(Dll_Ntdll, "NtLoadKeyEx");
|
||||
if (NtLoadKeyEx) {
|
||||
if (NtLoadKeyEx) { // Windows Server 2003
|
||||
SBIEDLL_HOOK(Key_,NtLoadKeyEx);
|
||||
}
|
||||
|
||||
|
@ -2869,6 +2867,7 @@ _FX NTSTATUS Key_NtQueryKeyImpl(
|
|||
KeyInformationClass != KeyCachedInformation)
|
||||
{
|
||||
status = STATUS_INVALID_PARAMETER;
|
||||
SbieApi_Log(2205, L"NtQueryKeyImpl KeyInfo: %d", KeyInformationClass);
|
||||
__leave;
|
||||
}
|
||||
|
||||
|
@ -3046,6 +3045,7 @@ _FX NTSTATUS Key_NtEnumerateKey(
|
|||
KeyInformationClass != KeyNodeInformation &&
|
||||
KeyInformationClass != KeyFullInformation)
|
||||
{
|
||||
SbieApi_Log(2205, L"NtEnumerateKey KeyInfo: %d", KeyInformationClass);
|
||||
status = STATUS_INVALID_PARAMETER;
|
||||
__leave;
|
||||
}
|
||||
|
|
|
@ -434,34 +434,33 @@ _FX NTSTATUS Process_Api_QueryInfo(PROCESS *proc, ULONG64 *parms)
|
|||
|
||||
if(is_caller_sandboxed || (args->info_type.val == 'itok' && !Session_CheckAdminAccess(TRUE)))
|
||||
status = STATUS_ACCESS_DENIED;
|
||||
else if(!proc->threads_lock)
|
||||
status = STATUS_NOT_FOUND;
|
||||
else
|
||||
{
|
||||
HANDLE tid = (HANDLE)(args->ext_data.val);
|
||||
|
||||
THREAD *thrd = Thread_GetByThreadId(proc, tid);
|
||||
KIRQL irql2;
|
||||
KeRaiseIrql(APC_LEVEL, &irql2);
|
||||
ExAcquireResourceExclusiveLite(proc->threads_lock, TRUE);
|
||||
|
||||
THREAD *thrd = Thread_GetOrCreate(proc, tid, FALSE);
|
||||
if (thrd)
|
||||
{
|
||||
if (args->info_type.val == 'ttok')
|
||||
{
|
||||
*data = thrd->token_object ? TRUE : FALSE;
|
||||
}
|
||||
else
|
||||
else //if (args->info_type.val == 'itok')
|
||||
{
|
||||
KIRQL irql2;
|
||||
void* ImpersonationTokenObject;
|
||||
|
||||
KeRaiseIrql(APC_LEVEL, &irql2);
|
||||
ExAcquireResourceExclusiveLite(proc->threads_lock, TRUE);
|
||||
|
||||
ImpersonationTokenObject = thrd->token_object;
|
||||
|
||||
if (ImpersonationTokenObject) {
|
||||
ObReferenceObject(ImpersonationTokenObject);
|
||||
}
|
||||
|
||||
ExReleaseResourceLite(proc->threads_lock);
|
||||
KeLowerIrql(irql2);
|
||||
|
||||
if (ImpersonationTokenObject)
|
||||
{
|
||||
HANDLE MyTokenHandle;
|
||||
|
@ -474,9 +473,14 @@ _FX NTSTATUS Process_Api_QueryInfo(PROCESS *proc, ULONG64 *parms)
|
|||
else
|
||||
status = STATUS_NO_IMPERSONATION_TOKEN;
|
||||
}
|
||||
//else
|
||||
// status = STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
else
|
||||
status = STATUS_NOT_FOUND;
|
||||
|
||||
ExReleaseResourceLite(proc->threads_lock);
|
||||
KeLowerIrql(irql2);
|
||||
}
|
||||
|
||||
} else if (args->info_type.val == 'ippt') { // is primary process token
|
||||
|
|
|
@ -41,7 +41,7 @@ static void Thread_Notify(HANDLE ProcessId, HANDLE ThreadId, BOOLEAN Create);
|
|||
static PROCESS *Thread_FindAndInitProcess(
|
||||
PROCESS *proc1, void *ProcessObject2, KIRQL *out_irql);
|
||||
|
||||
static THREAD *Thread_GetOrCreate(PROCESS *proc, HANDLE tid, BOOLEAN create);
|
||||
THREAD *Thread_GetOrCreate(PROCESS *proc, HANDLE tid, BOOLEAN create);
|
||||
|
||||
static NTSTATUS Thread_MyImpersonateClient(
|
||||
PETHREAD ThreadObject, void *TokenObject,
|
||||
|
|
|
@ -93,6 +93,7 @@ NTSTATUS Thread_CheckTokenObject(
|
|||
PROCESS *proc, void *Object, ACCESS_MASK GrantedAccess);
|
||||
|
||||
THREAD *Thread_GetByThreadId(PROCESS *proc, HANDLE tid);
|
||||
THREAD *Thread_GetOrCreate(PROCESS *proc, HANDLE tid, BOOLEAN create);
|
||||
|
||||
NTSTATUS Thread_CheckObject_Common(
|
||||
PROCESS *proc, PEPROCESS ProcessObject,
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
*/
|
||||
|
||||
#include "driver.h"
|
||||
#include "util.h"
|
||||
|
||||
#include <bcrypt.h>
|
||||
|
||||
|
@ -482,7 +483,7 @@ _FX LONGLONG KphGetDateInterval(CSHORT days, CSHORT months, CSHORT years)
|
|||
|
||||
#define SOFTWARE_NAME L"Sandboxie-Plus"
|
||||
|
||||
union SCertInfo {
|
||||
union _SCertInfo {
|
||||
ULONGLONG State;
|
||||
struct {
|
||||
ULONG
|
||||
|
@ -490,7 +491,8 @@ union SCertInfo {
|
|||
expired : 1, // certificate is expired but may be active
|
||||
outdated : 1, // certificate is expired, not anymore valid for the current build
|
||||
business : 1, // certificate is siutable for business use
|
||||
reservd_1 : 4,
|
||||
evaluation: 1, // evaluation certificate
|
||||
reservd_1 : 3,
|
||||
reservd_2 : 8,
|
||||
reservd_3 : 8,
|
||||
reservd_4 : 8;
|
||||
|
@ -524,6 +526,8 @@ _FX NTSTATUS KphValidateCertificate(void)
|
|||
//WCHAR* key = NULL;
|
||||
LARGE_INTEGER cert_date = { 0 };
|
||||
|
||||
Verify_CertInfo.State = 0; // clear
|
||||
|
||||
if(!NT_SUCCESS(status = MyInitHash(&hashObj)))
|
||||
goto CleanupExit;
|
||||
|
||||
|
@ -682,7 +686,6 @@ _FX NTSTATUS KphValidateCertificate(void)
|
|||
|
||||
status = KphVerifySignature(hash, hashSize, signature, signatureSize);
|
||||
|
||||
Verify_CertInfo.State = 0; // clear
|
||||
if (NT_SUCCESS(status)) {
|
||||
|
||||
Verify_CertInfo.valid = 1;
|
||||
|
@ -722,8 +725,8 @@ _FX NTSTATUS KphValidateCertificate(void)
|
|||
#define TEST_CERT_DATE(days, months, years) \
|
||||
if ((cert_date.QuadPart + KphGetDateInterval(days, months, years)) < LocalTime.QuadPart){ \
|
||||
Verify_CertInfo.expired = 1; \
|
||||
} else \
|
||||
Verify_CertInfo.expirers_in_sec = (ULONG)(((cert_date.QuadPart + KphGetDateInterval(0, 0, 1)) - LocalTime.QuadPart) / 10000000ll); // 100ns steps -> 1sec
|
||||
} \
|
||||
Verify_CertInfo.expirers_in_sec = (ULONG)(((cert_date.QuadPart + KphGetDateInterval(days, months, years)) - LocalTime.QuadPart) / 10000000ll); // 100ns steps -> 1sec
|
||||
|
||||
// Check if the certificate is valid for the current build, failing this locks features out
|
||||
#define TEST_VALIDITY(days, months, years) \
|
||||
|
@ -756,6 +759,7 @@ _FX NTSTATUS KphValidateCertificate(void)
|
|||
}
|
||||
}
|
||||
else if (type && _wcsicmp(type, L"EVALUATION") == 0) {
|
||||
Verify_CertInfo.evaluation = 1;
|
||||
// evaluation
|
||||
if (level) { // in days
|
||||
TEST_EXPIRATION((CSHORT)_wtoi(level), 0, 0);
|
||||
|
|
|
@ -938,7 +938,7 @@ finish:
|
|||
// set a ini header with a descriptive comment
|
||||
m_pConfigIni->Sections.push_back(SIniSection{ L"" });
|
||||
m_pConfigIni->Sections.back().Entries.push_back(SIniEntry{ L"", L"#" });
|
||||
m_pConfigIni->Sections.back().Entries.push_back(SIniEntry{ L"", L"# Sandboxie-Plus configuration file" });
|
||||
m_pConfigIni->Sections.back().Entries.push_back(SIniEntry{ L"", L"# Sandboxie configuration file" });
|
||||
m_pConfigIni->Sections.back().Entries.push_back(SIniEntry{ L"", L"#" });
|
||||
|
||||
m_pConfigIni->Sections.push_back(SIniSection{ L"GlobalSettings" });
|
||||
|
|
Loading…
Reference in New Issue