Fix some spelling errors
This commit is contained in:
parent
40c4ef298f
commit
a809f59f9e
|
@ -219,9 +219,9 @@ _FX BIGNUM BigNum_ShiftRight(POOL *pool, BIGNUM BigNumA, ULONG Bits)
|
|||
{
|
||||
//
|
||||
// shift an input bignum by the specified number of bits. calculate
|
||||
// the number of words in the result as the number of signficant words
|
||||
// the number of words in the result as the number of significant words
|
||||
// in the input, minus the number of shift bits divided by the size of
|
||||
// a bignum word. if the new length is zero or one words, then use a
|
||||
// a bignum word. If the new length is zero or one words, then use a
|
||||
// zero value or the value of the highest word, respectively, to create
|
||||
// a single word bignum. otherwise right-shift each two consecutive
|
||||
// words from the input bignum into a single word in the result bignum.
|
||||
|
@ -292,12 +292,12 @@ _FX BIGNUM BigNum_ShiftLeft(
|
|||
{
|
||||
//
|
||||
// shift an input bignum by the specified number of bits and 'or' the
|
||||
// last parameter into the resulting low order word. if the number of
|
||||
// signficant words in the input is zero, the create a single word
|
||||
// bignum using the 'or' value. otherwise calculatevthe number of
|
||||
// words in the result as the number of signficant words in the input,
|
||||
// last parameter into the resulting low order word. If the number of
|
||||
// significant words in the input is zero, the create a single word
|
||||
// bignum using the 'or' value. Otherwise calculate the number of
|
||||
// words in the result as the number of significant words in the input,
|
||||
// plus the number of shift bits divided by the size of a bignum word.
|
||||
// left-shift each two consecutive words from the input bignum into a
|
||||
// Left-shift each two consecutive words from the input bignum into a
|
||||
// single word in the result bignum.
|
||||
//
|
||||
|
||||
|
|
|
@ -37,10 +37,10 @@ WCHAR* Ini_Prep_ConfigLine(WCHAR* iniDataPtr, WCHAR* &line, WCHAR* &end)
|
|||
while (*line == L' ' || *line == L'\t' || *line == L'\r') line++;
|
||||
// find the line ending
|
||||
end = wcschr(line, L'\n');
|
||||
// if there is no line ending its teh last line so fine the sring termiantor
|
||||
// it is the last line if there is no line ending, so find the string terminator
|
||||
if (end == NULL) iniDataPtr = end = wcschr(line, L'\0');
|
||||
else iniDataPtr = end + 1;
|
||||
// trim tailing whitespaces
|
||||
// trim trailing whitespaces
|
||||
while (end > line && (*(end-1) == L' ' || *(end-1) == L'\t' || *(end-1) == L'\r')) end--;
|
||||
// return pointer to next line
|
||||
return iniDataPtr;
|
||||
|
|
|
@ -298,7 +298,7 @@ JSONValue *JSONValue::Parse(const wchar_t **data)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
// Ran out of possibilites, it's bad!
|
||||
// Ran out of possibilities, it's bad!
|
||||
else
|
||||
{
|
||||
return NULL;
|
||||
|
|
|
@ -96,7 +96,7 @@ void map_init(map_base_t* m, void* pool)
|
|||
m->func_free = &map_free;
|
||||
m->func_hash_key = &map_hash;
|
||||
m->func_key_size = NULL; // use key by value not by reference
|
||||
m->func_match_key = NULL; // use memcmp by defualt
|
||||
m->func_match_key = NULL; // use memcmp by default
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ typedef long NTSTATUS;
|
|||
// As more recent versions of ntdll.lib are not offering many CRT functions we have to create own libs.
|
||||
// See NtCRT_x64.def and NtCRT_x86.def respectively for the functions, we use a custom build step
|
||||
// "lib /def:%(FullPath) /out:$(SolutionDir)Bin\$(PlatformName)\$(Configuration)\NtCRT.lib /machine:x64"
|
||||
// on the apropriate def file, for x86 we use the switch /machine:x86 instead.
|
||||
// on the appropriate def file, for x86 we use the switch /machine:x86 instead.
|
||||
//
|
||||
// For the x86 build we also need _except_handler3 which we have recreated in except_handler3.asm
|
||||
//
|
||||
|
|
|
@ -30,12 +30,12 @@ enum {
|
|||
ASSOCF_OPEN_BYEXENAME = 0x00000002, // executable is being passed in
|
||||
ASSOCF_INIT_DEFAULTTOSTAR = 0x00000004, // treat "*" as the BaseClass
|
||||
ASSOCF_INIT_DEFAULTTOFOLDER = 0x00000008, // treat "Folder" as the BaseClass
|
||||
ASSOCF_NOUSERSETTINGS = 0x00000010, // dont use HKCU
|
||||
ASSOCF_NOTRUNCATE = 0x00000020, // dont truncate the return string
|
||||
ASSOCF_NOUSERSETTINGS = 0x00000010, // don't use HKCU
|
||||
ASSOCF_NOTRUNCATE = 0x00000020, // don't truncate the return string
|
||||
ASSOCF_VERIFY = 0x00000040, // verify data is accurate (DISK HITS)
|
||||
ASSOCF_REMAPRUNDLL = 0x00000080, // actually gets info about rundlls target if applicable
|
||||
ASSOCF_NOFIXUPS = 0x00000100, // attempt to fix errors if found
|
||||
ASSOCF_IGNOREBASECLASS = 0x00000200, // dont recurse into the baseclass
|
||||
ASSOCF_IGNOREBASECLASS = 0x00000200, // don't recurse into the baseclass
|
||||
};
|
||||
|
||||
typedef DWORD ASSOCF;
|
||||
|
|
|
@ -136,7 +136,7 @@ BOOLEAN NetFw_MergePortMaps(rbtree_t* dst, rbtree_t* src, POOL* pool)
|
|||
{
|
||||
//
|
||||
// search for overlaps, and if found abort
|
||||
// we merge only non overlaping ranges as single entries vs ranges have a different priority
|
||||
// we merge only non overlapping ranges as single entries vs ranges have a different priority
|
||||
//
|
||||
|
||||
for (NETFW_PORTS* src_node = (NETFW_PORTS*)rbtree_first(src); ((rbnode_t*)src_node) != RBTREE_NULL; src_node = (NETFW_PORTS*)rbtree_next((rbnode_t*)src_node)) {
|
||||
|
@ -224,7 +224,7 @@ BOOLEAN NetFw_MergeIPMaps(rbtree_t* dst, rbtree_t* src, POOL* pool)
|
|||
{
|
||||
//
|
||||
// search for overlaps, and if found abort
|
||||
// we merge only non overlaping ranges as single entries vs ranges have a different priority
|
||||
// we merge only non overlapping ranges as single entries vs ranges have a different priority
|
||||
//
|
||||
|
||||
for (NETFW_IPS* src_node = (NETFW_IPS*)rbtree_first(src); ((rbnode_t*)src_node) != RBTREE_NULL; src_node = (NETFW_IPS*)rbtree_next((rbnode_t*)src_node)) {
|
||||
|
@ -302,7 +302,7 @@ void NetFw_AddRule(LIST* list, NETFW_RULE* new_rule)
|
|||
goto next; // must be same protocol
|
||||
|
||||
//
|
||||
// seams we might be able to marge these rules
|
||||
// it seems we might be able to merge these rules
|
||||
// now we check the convoluted case when rules havs ip's and port's set
|
||||
//
|
||||
|
||||
|
@ -653,7 +653,7 @@ static int delimchar(int c)
|
|||
|
||||
int _inet_pton(int af, const wchar_t *src, void *dst) // ip is always in network order !!!
|
||||
{
|
||||
int i, elipsis = 0;
|
||||
int i, ellipsis = 0;
|
||||
unsigned char *to;
|
||||
unsigned long x;
|
||||
const wchar_t *p, *op;
|
||||
|
@ -691,9 +691,9 @@ int _inet_pton(int af, const wchar_t *src, void *dst) // ip is always in network
|
|||
to[i+1] = (unsigned char)x;
|
||||
if(*p == L':'){
|
||||
if(*++p == L':'){ /* :: is elided zero short(s) */
|
||||
if (elipsis)
|
||||
if (ellipsis)
|
||||
return 0; /* second :: */
|
||||
elipsis = i+2;
|
||||
ellipsis = i+2;
|
||||
p++;
|
||||
}
|
||||
} else if (p == op) /* strtoul made no progress? */
|
||||
|
@ -702,8 +702,8 @@ int _inet_pton(int af, const wchar_t *src, void *dst) // ip is always in network
|
|||
if (p == src || !delimchar(*p))
|
||||
return 0; /* parse error */
|
||||
if(i < 16){
|
||||
memmove(&to[elipsis+16-i], &to[elipsis], i-elipsis);
|
||||
memset(&to[elipsis], 0, 16-i);
|
||||
memmove(&to[ellipsis+16-i], &to[ellipsis], i-ellipsis);
|
||||
memset(&to[ellipsis], 0, 16-i);
|
||||
}
|
||||
return 1;
|
||||
}
|
|
@ -933,7 +933,7 @@ ALIGNED void Pool_Free_Cells(void *ptr, ULONG size)
|
|||
POOL_LOCK(pages_lock);
|
||||
|
||||
// if after de-allocation, a full page crosses threshold in reverse,
|
||||
// we move it to the list of usuable pages
|
||||
// we move it to the list of usable pages
|
||||
|
||||
if (page->num_free < FULL_PAGE_THRESHOLD &&
|
||||
page->num_free + size >= FULL_PAGE_THRESHOLD) {
|
||||
|
|
|
@ -68,7 +68,7 @@ static void rbtree_insert_fixup(rbtree_t *rbtree, rbnode_t *node);
|
|||
static void rbtree_delete_fixup(rbtree_t* rbtree, rbnode_t* child, rbnode_t* child_parent);
|
||||
|
||||
/*
|
||||
* Intializes a new red black tree.
|
||||
* Initializes a new red black tree.
|
||||
*
|
||||
*/
|
||||
void
|
||||
|
|
|
@ -391,9 +391,9 @@ ULONG Read_BOM(UCHAR** data, ULONG* len)
|
|||
else
|
||||
{
|
||||
// If there is no BOM/Signature try to detect the file type
|
||||
// Unicode Litle Endian (windows wchar_t) will have the n*2+1 bytes 0 as long, as no higher unicode chrakters are used
|
||||
// Unicode Little Endian (windows wchar_t) will have the n*2+1 bytes 0 as long, as no higher unicode characters are used
|
||||
BOOLEAN LooksUnicodeLE = TRUE;
|
||||
// similrly Unicode Big Endian (byte swaped) will have the n*2 bytes 0 as long
|
||||
// similrly Unicode Big Endian (byte swapped) will have the n*2 bytes 0 as long
|
||||
BOOLEAN LooksUnicodeBE = TRUE;
|
||||
// UTF-8 shouldn't have null bytes
|
||||
for (ULONG pos = 0; (pos + 1) < min(*len, 16); pos += 2) // check first 8 char16's
|
||||
|
@ -457,7 +457,7 @@ NTSTATUS Stream_Read_Wchar(
|
|||
IN STREAM* stream,
|
||||
OUT USHORT* v)
|
||||
{
|
||||
if (stream->encoding == 0) // Unicode Litle Endian
|
||||
if (stream->encoding == 0) // Unicode Little Endian
|
||||
{
|
||||
UCHAR* b = (UCHAR*)v;
|
||||
STREAM_GET_BYTE(b[0]);
|
||||
|
|
|
@ -561,7 +561,7 @@ _FX BOOLEAN Com_IsClosedClsid(REFCLSID rclsid)
|
|||
|
||||
//
|
||||
// initialize list of user-configured CLSID blocks
|
||||
// Note: the service threads everythign not explicitly open as closed anyways
|
||||
// Note: the service threads everything not explicitly open as closed anyways
|
||||
//
|
||||
|
||||
static const WCHAR* setting = L"ClosedClsid";
|
||||
|
@ -1441,7 +1441,7 @@ _FX BOOLEAN Com_Init_Ole32(HMODULE module)
|
|||
//
|
||||
// on Windows 8, core COM functions are in combase.dll which is
|
||||
// initialized separately. on earlier versions of Windows, the
|
||||
// core COM fuctions are part of ole32.dll
|
||||
// core COM functions are part of ole32.dll
|
||||
//
|
||||
|
||||
if (! Com_Init_ComBase(module))
|
||||
|
@ -3506,7 +3506,7 @@ _FX void Com_LoadRTList(const WCHAR* setting, WCHAR** pNames)
|
|||
_FX BOOLEAN Com_IsClosedRT(const wchar_t* strClassId)
|
||||
{
|
||||
//
|
||||
// Even in compartment mode thes things don't work only incombination with open COM its functional
|
||||
// Even in compartment mode, these things are functional only in combination with open COM
|
||||
//
|
||||
|
||||
if (!(Ipc_OpenCOM && Dll_CompartmentMode) && !SbieApi_QueryConfBool(NULL, L"DisableRTBlacklist", FALSE)) {
|
||||
|
@ -3524,7 +3524,7 @@ _FX BOOLEAN Com_IsClosedRT(const wchar_t* strClassId)
|
|||
}
|
||||
|
||||
//
|
||||
// ToastNotificationManager requirers open com and original token, with boxed com this causes in a dead lock
|
||||
// ToastNotificationManager requires open com and original token, with boxed com this causes a deadlock
|
||||
//
|
||||
|
||||
if (wcscmp(strClassId, L"Windows.UI.Notifications.ToastNotificationManager") == 0)
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Fuctions
|
||||
// Functions
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
|
@ -1136,7 +1136,7 @@ _FX BOOLEAN SbieDll_ExpandAndRunProgram(const WCHAR *Command)
|
|||
wmemcpy(ptr2, ptr, length);
|
||||
ptr2 += len;
|
||||
}
|
||||
wcscpy(ptr2, ptr1); // copy whats left
|
||||
wcscpy(ptr2, ptr1); // copy what's left
|
||||
|
||||
Dll_Free(cmdline);
|
||||
|
||||
|
|
|
@ -54,7 +54,7 @@ typedef struct _VECTOR_TABLE {
|
|||
|
||||
BOOL bVTableEable = TRUE;
|
||||
#define NUM_VTABLES 0x10
|
||||
#define VTABLE_SIZE 0x4000 //16k enough for 2048 8 byte entrys
|
||||
#define VTABLE_SIZE 0x4000 //16k enough for 2048 8 byte entries
|
||||
|
||||
VECTOR_TABLE SbieDllVectorTable[NUM_VTABLES] = {
|
||||
{0,0,0},{0,0,0},{0,0,0},{0,0,0},
|
||||
|
@ -203,7 +203,7 @@ skip_e9_rewrite: ;
|
|||
|
||||
//
|
||||
// DX: this simplification fails for delay loaded libraries, see comments about SetSecurityInfo,
|
||||
// resulting in an endless loop, so just dont do that
|
||||
// resulting in an endless loop, so just don't do that
|
||||
//
|
||||
|
||||
#if 0
|
||||
|
@ -331,7 +331,7 @@ skip_e9_rewrite: ;
|
|||
//
|
||||
// on windows 7 hooking NdrClientCall2 in 32bit (WoW64) mode fails
|
||||
// because the memory area starts at -6 and not -8
|
||||
// this area could be a hot patch reagion which we dont use
|
||||
// this area could be a hot patch reagion which we don't use
|
||||
// hence if that fails just start at the exact offset and try again
|
||||
//
|
||||
|
||||
|
|
|
@ -807,7 +807,7 @@ _FX ULONG_PTR Dll_Ordinal1(
|
|||
Dll_InitInjected(); // install required hooks
|
||||
|
||||
//
|
||||
// notify RPCSS that a new proces was created in the current sandbox
|
||||
// notify RPCSS that a new process was created in the current sandbox
|
||||
//
|
||||
|
||||
if (Dll_ImageType != DLL_IMAGE_SANDBOXIE_RPCSS) {
|
||||
|
|
|
@ -351,7 +351,7 @@ ALIGNED WCHAR *Dll_GetTlsNameBuffer(
|
|||
|
||||
//
|
||||
// debug checks: the name buffer is allocated at least 64 bytes
|
||||
// more than needed. fill these with 0xCC, andd check that later
|
||||
// more than needed. fill these with 0xCC, and check that later
|
||||
//
|
||||
|
||||
#ifdef DEBUG_MEMORY
|
||||
|
@ -408,7 +408,7 @@ _FX void Dll_PopTlsNameBuffer(THREAD_DATA *data)
|
|||
|
||||
//
|
||||
// debug checks: the name buffer is allocated at least 64 bytes
|
||||
// more than needed. fill these with 0xCC, andd check that later
|
||||
// more than needed. fill these with 0xCC, and check that later
|
||||
//
|
||||
|
||||
#ifdef DEBUG_MEMORY
|
||||
|
|
|
@ -324,7 +324,7 @@ _FX int Process_MatchPathList(
|
|||
level = cur_level;
|
||||
if (patsrc) *patsrc = Pattern_Source(pat);
|
||||
|
||||
// we need to test all entries to find the best match, so we dont break here
|
||||
// we need to test all entries to find the best match, so we don't break here
|
||||
}
|
||||
|
||||
//
|
||||
|
@ -599,7 +599,7 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
|
|||
//if (patsrc) *patsrc = curpat;
|
||||
|
||||
mp_flags = 0;
|
||||
// dont goto finish as open can overwrite this
|
||||
// don't goto finish as open can overwrite this
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -56,7 +56,7 @@ static HMODULE Dump_DbgHelpMod;
|
|||
MiniDumpWithProcessThreadData | \
|
||||
MiniDumpWithoutOptionalData | \
|
||||
MiniDumpIgnoreInaccessibleMemory | \
|
||||
MiniDumpFilterTriage //0x001205a4 thats what WerFault.exe uses
|
||||
MiniDumpFilterTriage //0x001205a4 that's what WerFault.exe uses
|
||||
|
||||
#define DUMP_FLAGS_EXTENDED MiniDumpWithFullMemory | \
|
||||
MiniDumpWithHandleData | \
|
||||
|
@ -95,7 +95,7 @@ static LONG __stdcall Dump_CrashHandlerExceptionFilter(EXCEPTION_POINTERS* pEx)
|
|||
#ifdef _M_IX86
|
||||
if (pEx->ExceptionRecord->ExceptionCode == EXCEPTION_STACK_OVERFLOW)
|
||||
{
|
||||
// be sure that we have enought space...
|
||||
// be sure that we have enough space...
|
||||
static char MyStack[1024 * 128];
|
||||
// it assumes that DS and SS are the same!!! (this is the case for Win32)
|
||||
// change the stack only if the selectors are the same (this is the case for Win32)
|
||||
|
@ -207,7 +207,7 @@ _FX int Dump_Init(void)
|
|||
if (Dump_DbgHelpMod != NULL)
|
||||
return 2;
|
||||
|
||||
// Initialize the member, so we do not load the dll after the exception has occured
|
||||
// Initialize the member, so we do not load the dll after the exception has occurred
|
||||
// which might be not possible anymore...
|
||||
Dump_DbgHelpMod = LoadLibrary(L"dbghelp.dll");
|
||||
if (!Dump_DbgHelpMod )
|
||||
|
|
|
@ -817,7 +817,7 @@ check_sandbox_prefix:
|
|||
|
||||
//
|
||||
// If its a sandboxed file, check if its in the current image or in a snapshot
|
||||
// If its in a snapshot remove teh snapshot prefix
|
||||
// If its in a snapshot remove the snapshot prefix
|
||||
//
|
||||
|
||||
if (is_boxed_path) {
|
||||
|
@ -899,7 +899,7 @@ check_sandbox_prefix:
|
|||
// that's ok because it hasn't been initialized yet
|
||||
//
|
||||
|
||||
else if (//SbieApi_QueryConfBool(NULL, L"SeparateUserFolders", TRUE) && // if we disable File_InitUsers we dont need to do it here and below
|
||||
else if (//SbieApi_QueryConfBool(NULL, L"SeparateUserFolders", TRUE) && // if we disable File_InitUsers we don't need to do it here and below
|
||||
length >= _UserLen &&
|
||||
_wcsnicmp(*OutTruePath, _User, _UserLen) == 0) {
|
||||
|
||||
|
@ -1606,7 +1606,7 @@ _FX NTSTATUS File_GetName_ExpandShortNames2(
|
|||
if (Cur_Snapshot && Cur_Snapshot->ScramKey && wcslen(&Path[backslash_index + 1]) <= 12)
|
||||
{
|
||||
//
|
||||
// If we are checking in a snapshot we ned to unscramble the short name
|
||||
// If we are checking in a snapshot we need to unscramble the short name
|
||||
//
|
||||
|
||||
wcscpy(ShortName, &Path[backslash_index + 1]);
|
||||
|
@ -2225,7 +2225,7 @@ _FX ULONG File_MatchPath2(const WCHAR *path, ULONG *FileFlags, BOOLEAN bCheckObj
|
|||
goto finish;
|
||||
|
||||
//
|
||||
// if path references a mount point, wee see it as the mount location
|
||||
// if path references a mount point, we see it as the mount location
|
||||
// \Device\HarddiskVolume1\MOUNT but the driver sees it as the target
|
||||
// location \Device\HarddiskVolume2, so check for this case
|
||||
//
|
||||
|
@ -2587,7 +2587,7 @@ _FX NTSTATUS File_NtCreateFileImpl(
|
|||
if (status == STATUS_OBJECT_PATH_SYNTAX_BAD) {
|
||||
|
||||
//
|
||||
// teh driver usually blocks this anyways so try only in app mode
|
||||
// the driver usually blocks this anyways so try only in app mode
|
||||
//
|
||||
|
||||
if (Dll_CompartmentMode){
|
||||
|
@ -2985,7 +2985,7 @@ ReparseLoop:
|
|||
if (use_rule_specificity && SbieDll_HasReadableSubPath(L'f', TruePath)){
|
||||
|
||||
//
|
||||
// When using Rule specificity we need to create some dummy directrories
|
||||
// When using Rule specificity we need to create some dummy directories
|
||||
//
|
||||
|
||||
File_CreateBoxedPath(TruePath);
|
||||
|
@ -4950,7 +4950,7 @@ _FX NTSTATUS File_NtQueryFullAttributesFileImpl(
|
|||
if (use_rule_specificity && SbieDll_HasReadableSubPath(L'f', TruePath)){
|
||||
|
||||
//
|
||||
// When using Rule specificity we need to create some dummy directrories
|
||||
// When using Rule specificity we need to create some dummy directories
|
||||
//
|
||||
|
||||
File_CreateBoxedPath(TruePath);
|
||||
|
@ -5090,7 +5090,7 @@ _FX NTSTATUS File_NtQueryInformationFile(
|
|||
// that the file can be opened by it without unscrambling
|
||||
// (see also File_GetName_FromFileId)
|
||||
//
|
||||
// the reason for this is the possibily of files on both C:
|
||||
// the reason for this is the possibly of files on both C:
|
||||
// and D: drives having the same FileId. the program may
|
||||
// wish to open use a handle on drive C: to open using the
|
||||
// FileId by might end up using a sandbox handle like
|
||||
|
@ -6137,7 +6137,7 @@ _FX NTSTATUS File_SetDisposition(
|
|||
|
||||
//
|
||||
// check if the call to File_NtDeleteFileImpl from the delete handler is expected to fail
|
||||
// and return the apropriate error
|
||||
// and return the appropriate error
|
||||
//
|
||||
|
||||
FILE_NETWORK_OPEN_INFORMATION info;
|
||||
|
@ -6536,7 +6536,7 @@ _FX NTSTATUS File_RenameFile(
|
|||
if (! info2->ReplaceIfExists) {
|
||||
|
||||
//
|
||||
// if caller did not explictly ask to replace, but the
|
||||
// if caller did not explicitly ask to replace, but the
|
||||
// destination path name is marked deleted, then we also
|
||||
// physically delete the destination
|
||||
//
|
||||
|
|
|
@ -100,7 +100,7 @@ _FX ULONG File_MigrateFile_GetMode(const WCHAR* TruePath, ULONGLONG file_size)
|
|||
path_len = wcslen(path_lwr);
|
||||
|
||||
//
|
||||
// Check what preset applyes to this file type/path
|
||||
// Check what preset applies to this file type/path
|
||||
//
|
||||
|
||||
for (ULONG i = 0; i < NUM_COPY_MODES; i++)
|
||||
|
@ -158,7 +158,7 @@ found_match:
|
|||
}
|
||||
|
||||
//
|
||||
// issue apropriate message if so configured, and user wasn't asked
|
||||
// issue appropriate message if so configured, and user wasn't asked
|
||||
//
|
||||
|
||||
else if (!File_CopyLimitSilent)
|
||||
|
|
|
@ -521,7 +521,7 @@ _FX BOOLEAN File_InitDrives(ULONG DriveMask)
|
|||
|
||||
//
|
||||
// if the object is a valid symbolic link but we don't have
|
||||
// acccess rights to open the symbolic link then we ask the
|
||||
// access rights to open the symbolic link then we ask the
|
||||
// driver to query the link for us
|
||||
//
|
||||
|
||||
|
|
|
@ -366,8 +366,8 @@ _FX BOOLEAN Gui_Init(HMODULE module)
|
|||
// NoSbieDesk BEGIN
|
||||
|
||||
//
|
||||
// Sandboxie is routing many gui related things through teh service,
|
||||
// when we operate in app mode we dont need to do that hence
|
||||
// Sandboxie is routing many gui related things through the service,
|
||||
// when we operate in app mode we don't need to do that hence
|
||||
// disable the use of the gui proxy
|
||||
//
|
||||
|
||||
|
|
|
@ -85,7 +85,7 @@ _FX BOOLEAN Gui_InitConsole1(void)
|
|||
//
|
||||
// We need to set Gui_ConsoleHwnd in order for Gui_InitConsole2 to start up properly,
|
||||
// this functions starts a thread which listens for WM_DEVICECHANGE which we need
|
||||
// we could go for a different signaling method in future but for now we stick to this methos
|
||||
// we could go for a different signaling method in future but for now we stick to this method
|
||||
//
|
||||
|
||||
Gui_ConsoleHwnd = GetConsoleWindow();
|
||||
|
|
|
@ -78,11 +78,11 @@
|
|||
//
|
||||
// that proxy window in SbieSvc will actually send the WM_DDE_ACK
|
||||
// to the client, and will present itself as the server for the
|
||||
// DDE conversation, so it can recieve any posted WM_DDE_EXECUTE
|
||||
// DDE conversation, so it can receive any posted WM_DDE_EXECUTE
|
||||
// messages without IL limitations (per the introduction above).
|
||||
//
|
||||
// 4. the proxy window in SbieSvc GUI Proxy receives the WM_DDE_EXECUTE
|
||||
// message, extracts the command text gived in the message LPARAM,
|
||||
// message, extracts the command text given in the message LPARAM,
|
||||
// and sends a WM_COPYDATA to the server window in the sandbox.
|
||||
// the Gui_DDE_COPYDATA_Received function gets this message through
|
||||
// the Gui_CanForwardMsg function.
|
||||
|
|
|
@ -255,7 +255,7 @@ void *GUI_CreateDialogTemplate(
|
|||
}
|
||||
|
||||
for (i = 0; i < tmpl->cDlgItems; ++i) {
|
||||
// every dialog item begins on a DWORD boundry
|
||||
// every dialog item begins on a DWORD boundary
|
||||
memzero(out, sizeof(ULONG));
|
||||
out = (UCHAR *)((((SIZE_T)out) + 3) & (~3));
|
||||
ptr = (UCHAR *)((((SIZE_T)ptr) + 3) & (~3));
|
||||
|
|
|
@ -289,7 +289,7 @@ ULONG CALLBACK Gui_HookHelperProc(LPVOID lpParam)
|
|||
// by the service worker for each session, see GuiServer::WndHookNotifySlave
|
||||
//
|
||||
// whenever a window is created the service gets notified and instructs
|
||||
// the hooking pocess to hook the window's thread this is done using QueueUserAPC
|
||||
// the hooking process to hook the window's thread this is done using QueueUserAPC
|
||||
// targeting this helper thread, whenever a APC is scheduled the thread
|
||||
// will resume and execute it, it being Gui_NotifyWinHooksAPC
|
||||
//
|
||||
|
|
|
@ -348,7 +348,7 @@ _FX BOOL Gui_ClipCursor(const RECT *lpRect)
|
|||
_FX void Gui_ResetClipCursor(void)
|
||||
{
|
||||
//
|
||||
// progams that set a clip cursor (e.g. full screen games) tend to
|
||||
// programs that set a clip cursor (e.g. full screen games) tend to
|
||||
// remove the clip on alt-tab switch, but do not remove the clip when
|
||||
// terminating. and the clip remains in effect probably because the
|
||||
// sandboxed process does not have WINSTA_WRITEATTRIBUTES access.
|
||||
|
|
|
@ -343,7 +343,7 @@ _FX LRESULT Gui_SendMessageTimeoutW(
|
|||
// the window of the owner of the clipboard data, in order
|
||||
// to test if the window is not hung, and display or hide
|
||||
// the Paste menu command accordingly. make sure the
|
||||
// command is displayed even for windows ouside the sandbox
|
||||
// command is displayed even for windows outside the sandbox
|
||||
//
|
||||
|
||||
if (hWnd == __sys_GetClipboardOwner()) {
|
||||
|
|
|
@ -581,7 +581,7 @@ ALIGNED UCHAR *Hook_Analyze_Prefix(UCHAR *addr, BOOLEAN is64, ULONG *flags)
|
|||
// an instruction actually encodes full 64-bits of information:
|
||||
//
|
||||
// - moving to/from accum register: opcodes A0..A3
|
||||
// - this is the default, unless overriden
|
||||
// - this is the default, unless overridden
|
||||
// by prefix 67
|
||||
//
|
||||
// - moving immediate value to any register: opcodes B8..BF
|
||||
|
|
|
@ -190,7 +190,7 @@ _FX BOOLEAN IpHlp_Init(HMODULE module)
|
|||
void *NotifyRouteChange2;
|
||||
void *CancelMibChangeNotify2;
|
||||
|
||||
if (Dll_CompartmentMode || Dll_OsBuild < 6000) { // in compartment mode we have a full token so no need to hook anythign here
|
||||
if (Dll_CompartmentMode || Dll_OsBuild < 6000) { // in compartment mode we have a full token so no need to hook anything here
|
||||
|
||||
//
|
||||
// earlier than Windows Vista, don't hook
|
||||
|
|
|
@ -590,7 +590,7 @@ _FX NTSTATUS Key_MergeCache(
|
|||
//
|
||||
// this function returns (possibly first creating) a cached KEY_MERGE
|
||||
// which represents only the true key for a particular key path.
|
||||
// this makes a noticable performance difference, because most true
|
||||
// this makes a noticeable performance difference, because most true
|
||||
// keys don't change during the lifetime of a sandboxed process,
|
||||
// but they still need to be repeatedly merged with copy keys
|
||||
//
|
||||
|
@ -1023,9 +1023,9 @@ TrueHandleFinish:
|
|||
;
|
||||
|
||||
//
|
||||
// next, get the subkeys from CopyHandle. subkeys that are
|
||||
// marked deleted are removed from the merge. other subkeys
|
||||
// are insterted in sorted alphabetical order
|
||||
// next, get the subkeys from CopyHandle. Subkeys that are
|
||||
// marked as deleted are removed from the merge. Other subkeys
|
||||
// are inserted in sorted alphabetical order
|
||||
//
|
||||
|
||||
index = 0;
|
||||
|
@ -1184,7 +1184,7 @@ TrueHandleFinish:
|
|||
//
|
||||
// next, get the values from CopyHandle. values that are
|
||||
// marked deleted are removed from the merge. other values
|
||||
// are insterted in sorted alphabetical order
|
||||
// are inserted in sorted alphabetical order
|
||||
//
|
||||
|
||||
index = 0;
|
||||
|
|
|
@ -223,7 +223,7 @@ static DLL Ldr_Dlls[] = {
|
|||
{ L"ComDlg32.dll", "ComDlg32.dll", ComDlg32_Init, 0}, // fix for opera.exe
|
||||
{ L"ntmarta.dll", "ntmarta.dll", Ntmarta_Init, 0}, // workaround for chrome and acrobat reader
|
||||
// Non Windows DLLs:
|
||||
{ L"osppc.dll", "osppc.dll", Scm_OsppcDll, 0}, // ensure osppsvc is tunning
|
||||
{ L"osppc.dll", "osppc.dll", Scm_OsppcDll, 0}, // ensure osppsvc is running
|
||||
{ L"mso.dll", "mso.dll", File_MsoDll, 0}, // hack for File_IsRecoverable
|
||||
{ L"agcore.dll", "agcore.dll", Custom_SilverlightAgCore, 0}, // msft silverlight - deprecated
|
||||
// Non Microsoft DLLs:
|
||||
|
|
|
@ -495,7 +495,7 @@ _FX WCHAR *Ldr_FixImagePath_2(void)
|
|||
|
||||
//
|
||||
// Windows is caching loaded modules, when after being run a binary is moved
|
||||
// and run again, NtQueryVirtualMemory wil return the original location
|
||||
// and run again, NtQueryVirtualMemory will return the original location
|
||||
// and not the valid up to date current location.
|
||||
// Hence we use NtQueryInformationProcess instead it also returns the reparsed path
|
||||
//
|
||||
|
|
|
@ -495,7 +495,7 @@ _FX ULONG SbieDll_InjectLow(HANDLE hProcess, ULONG init_flags, BOOLEAN dup_drv_h
|
|||
}
|
||||
|
||||
//
|
||||
// prepare the lowdata paramters area to copy into target process
|
||||
// prepare the lowdata parameters area to copy into target process
|
||||
//
|
||||
|
||||
SBIELOW_DATA lowdata;
|
||||
|
@ -771,7 +771,7 @@ _FX BOOLEAN SbieDll_InjectLow_BuildTramp(
|
|||
|
||||
//
|
||||
// skip past several bytes in the code copied from the top of the
|
||||
// LdrInitializeThunk fuction, where we will inject a jmp sequence.
|
||||
// LdrInitializeThunk function, where we will inject a jmp sequence.
|
||||
//
|
||||
// a simple E9 relative JMP five byte instruction in most cases,
|
||||
// a slightly longer seven byte version in case there is a long
|
||||
|
|
|
@ -57,7 +57,7 @@ _FX DWORD MsCorEE__CorExeMain()
|
|||
}
|
||||
|
||||
|
||||
// Load inject dlls in .Net process' entry (_CorExeMain).
|
||||
// Load inject dlls in .Net process's entry (_CorExeMain).
|
||||
_FX BOOLEAN MsCorEE_Init(HMODULE hmodule)
|
||||
{
|
||||
|
||||
|
|
|
@ -203,7 +203,7 @@ _FX BOOLEAN NetApi_Hook_NetUseAdd(HMODULE module)
|
|||
}
|
||||
|
||||
//
|
||||
// In in app mode we have a full token and this wil be successfull, hence no need for a hook
|
||||
// In in app mode we have a full token and this will be successful, hence no need for a hook
|
||||
//
|
||||
|
||||
if (Dll_CompartmentMode) // NoServiceAssist
|
||||
|
|
|
@ -809,7 +809,7 @@ _FX BOOL Proc_CreateProcessInternalW(
|
|||
}*/
|
||||
|
||||
//
|
||||
// invoke the real CreateProcessInternal so it can record acurate
|
||||
// invoke the real CreateProcessInternal so it can record accurate
|
||||
//
|
||||
|
||||
TlsData->proc_create_process_capture_image = TRUE;
|
||||
|
@ -861,7 +861,7 @@ _FX BOOL Proc_CreateProcessInternalW(
|
|||
else { // xp, 7, 8 and 10 before RS5
|
||||
|
||||
//
|
||||
// invoke the real CreateProcessInternal so it can record acurate
|
||||
// invoke the real CreateProcessInternal so it can record accurate
|
||||
// paths in NtCreateSection/Proc_SectionCallback, and then fail.
|
||||
//
|
||||
|
||||
|
@ -1022,7 +1022,7 @@ _FX BOOL Proc_CreateProcessInternalW(
|
|||
//
|
||||
// The breakout request is validated by the service, hence we need a clean and complete
|
||||
// application path and not a just a command line where the binary may be missing the .exe
|
||||
// and or be only relative to the workign directory, or worse the path variable.
|
||||
// and or be only relative to the working directory, or worse the path variable.
|
||||
//
|
||||
|
||||
wcscpy(mybuf, L"\"");
|
||||
|
@ -1117,7 +1117,7 @@ _FX BOOL Proc_CreateProcessInternalW(
|
|||
|
||||
|
||||
//
|
||||
// in compartment mode we dont mess around just create the process
|
||||
// in compartment mode we don't mess around just create the process
|
||||
//
|
||||
|
||||
// OriginalToken BEGIN
|
||||
|
|
|
@ -90,7 +90,7 @@ extern "C" _FX BOOLEAN Pst_Init(HMODULE module)
|
|||
return TRUE;
|
||||
|
||||
//
|
||||
// in app mode we dont need these hooks as we have a full token
|
||||
// in app mode we don't need these hooks as we have a full token
|
||||
//
|
||||
|
||||
if (Dll_CompartmentMode)
|
||||
|
|
|
@ -922,7 +922,7 @@ RPC_STATUS RPC_ENTRY RpcRt_RpcStringBindingComposeW(TCHAR *ObjUuid,TCHAR *ProtSe
|
|||
Scm_Start_Sppsvc();
|
||||
}
|
||||
// we must block this in Win 10 to prevent r-click context menu hang in Explorer
|
||||
// note: this breaks otehr things but we need it,
|
||||
// note: this breaks other things but we need it,
|
||||
// so instead we block the {470C0EBD-5D73-4D58-9CED-E91E22E23282} Pin To Start Screen verb handler;
|
||||
// inside Com_CoCreateInstance
|
||||
//else if (ObjUuid && (!_wcsicmp(ObjUuid, UUID_UserMgrCli)))
|
||||
|
|
|
@ -132,7 +132,7 @@ _FX BOOLEAN Scm_SecHostDll(HMODULE module)
|
|||
//
|
||||
// support for Windows 7 SecHost:
|
||||
// for every function that our AdvApi32 module hooks,
|
||||
// we route the correspoding function in SecHost to AdvApi32
|
||||
// we route the corresponding function in SecHost to AdvApi32
|
||||
//
|
||||
|
||||
advapi = LoadLibrary(DllName_advapi32);
|
||||
|
|
|
@ -988,8 +988,8 @@ _FX NTSTATUS Ldr_NtQueryInformationToken(
|
|||
TokenInformation, TokenInformationLength, ReturnLength);
|
||||
|
||||
//
|
||||
// To make the process think we need to chage here a few values
|
||||
// we also ensure that tha token belongs to the current process
|
||||
// To make the process think we need to change here a few values
|
||||
// we also ensure that the token belongs to the current process
|
||||
//
|
||||
|
||||
if (Secure_FakeAdmin && (SbieApi_QueryProcessInfoEx(0, 'ippt', (LONG_PTR)(hTokenReal ? hTokenReal : TokenHandle))))
|
||||
|
|
|
@ -247,9 +247,9 @@ _FX BOOLEAN Setup_Init_CfgMgr32(HMODULE module)
|
|||
{
|
||||
FIND_EP(CM_Add_Driver_PackageW);
|
||||
FIND_EP(CM_Add_Driver_Package_ExW);
|
||||
// Note: When the Add_Driver_Package is not hooked it will atempt to contact the deviceinstall service,
|
||||
// Note: When the Add_Driver_Package is not hooked it will attempt to contact the deviceinstall service,
|
||||
// which uses a dynamic rpc port, heence as long as there is no blank OpenIpcPath=* this call will fail
|
||||
// We hook these two functions only to provide the user a SBIE2205 informing, that drivers cant be installed.
|
||||
// We hook these two functions only to provide the user a SBIE2205 informing, that drivers can't be installed.
|
||||
if (__sys_CM_Add_Driver_PackageW) {
|
||||
DO_CALL_HOOK(
|
||||
CM_Add_Driver_PackageW,Setup_CM_Add_Driver_PackageW);
|
||||
|
|
|
@ -1426,7 +1426,7 @@ _FX ULONG SH_GetInternetExplorerVersion(void)
|
|||
//
|
||||
// Code running in Explorer (both Windows and Internet) may AddRef() on the
|
||||
// host process using SHGetInstanceExplorer and then forget to Release().
|
||||
// This causes a sandboxed IE or Explorer to go on running indefinately.
|
||||
// This causes a sandboxed IE or Explorer to go on running indefinitely.
|
||||
// To work around this, we have a thread that monitors the number of open
|
||||
// windows, and forces Explorer to close when there are no more windows.
|
||||
//
|
||||
|
|
|
@ -97,7 +97,7 @@ RpcRt_Ndr64AsyncClientCall PROC
|
|||
;; xor rcx,rcx ; clear pProxyInfo
|
||||
;; xor rdx,rdx ; clear nProcNum
|
||||
;; xor r8,r8 ; clear pReturnValue
|
||||
; mov r8,[rsp + 8+(4*8)] ; return poitner
|
||||
; mov r8,[rsp + 8+(4*8)] ; return pointer
|
||||
lea r9,[rsp + 8+(4*8) + 4*8] ; setup Args -> SECURE_UAC_ARGS
|
||||
call RpcRt_Ndr64AsyncClientCall_x64
|
||||
test al,al
|
||||
|
@ -211,7 +211,7 @@ RpcRt_NdrAsyncClientCall PROC
|
|||
|
||||
;; xor rcx,rcx ; clear pStubDescriptor
|
||||
;; xor rdx,rdx ; clear pFormat
|
||||
; mov r8,[rsp + 8+(4*8)] ; return poitner
|
||||
; mov r8,[rsp + 8+(4*8)] ; return pointer
|
||||
lea r8,[rsp + 8+(4*8) + 3*8] ; Args
|
||||
call RpcRt_NdrAsyncClientCall_x64
|
||||
test al,al
|
||||
|
@ -231,7 +231,7 @@ CancelCallA:
|
|||
;;; xor rcx,rcx ; clear pProxyInfo
|
||||
;;; xor rdx,rdx ; clear nProcNum
|
||||
;;; xor r8,r8 ; clear pReturnValue
|
||||
;; mov r8,[rsp + 8+(4*8)] ; return poitner
|
||||
;; mov r8,[rsp + 8+(4*8)] ; return pointer
|
||||
; lea r8,[rsp + 8+(4*8) + 3*8] ; Args
|
||||
; call RpcRt_NdrAsyncClientCall_...
|
||||
|
||||
|
@ -260,7 +260,7 @@ RpcRt_NdrClientCall2 PROC
|
|||
|
||||
;; xor rcx,rcx ; clear pStubDescriptor
|
||||
;; xor rdx,rdx ; clear pFormat
|
||||
; mov r8,[rsp + 8+(4*8)] ; return poitner
|
||||
; mov r8,[rsp + 8+(4*8)] ; return pointer
|
||||
lea r8,[rsp + 8+(4*8) + 3*8] ; Args
|
||||
call RpcRt_NdrClientCall2_x64
|
||||
test al,al
|
||||
|
@ -280,7 +280,7 @@ CancelCall2:
|
|||
;;; xor rcx,rcx ; clear pProxyInfo
|
||||
;;; xor rdx,rdx ; clear nProcNum
|
||||
;;; xor r8,r8 ; clear pReturnValue
|
||||
;; mov r8,[rsp + 8+(4*8)] ; return poitner
|
||||
;; mov r8,[rsp + 8+(4*8)] ; return pointer
|
||||
; lea r8,[rsp + 8+(4*8) + 3*8] ; Args
|
||||
; call RpcRt_NdrClientCall2_...
|
||||
|
||||
|
@ -311,7 +311,7 @@ RpcRt_NdrClientCall3 PROC
|
|||
;; xor rcx,rcx ; clear pProxyInfo
|
||||
;; xor rdx,rdx ; clear nProcNum
|
||||
;; xor r8,r8 ; clear pReturnValue
|
||||
; mov r8,[rsp + 8+(4*8)] ; return poitner
|
||||
; mov r8,[rsp + 8+(4*8)] ; return pointer
|
||||
lea r9,[rsp + 8+(4*8) + 4*8] ; Args
|
||||
call RpcRt_NdrClientCall3_x64
|
||||
test al,al
|
||||
|
@ -331,7 +331,7 @@ CancelCall3:
|
|||
;;; xor rcx,rcx ; clear pProxyInfo
|
||||
;;; xor rdx,rdx ; clear nProcNum
|
||||
;;; xor r8,r8 ; clear pReturnValue
|
||||
;; mov r8,[rsp + 8+(4*8)] ; return poitner
|
||||
;; mov r8,[rsp + 8+(4*8)] ; return pointer
|
||||
; lea r9,[rsp + 8+(4*8) + 4*8] ; Args
|
||||
; call RpcRt_NdrClientCall3_...
|
||||
|
||||
|
|
|
@ -694,7 +694,7 @@ _FX void Api_AddMessage(
|
|||
}
|
||||
}
|
||||
// else // this can only happen when the entire buffer is to small to hold this entire entry
|
||||
// if loging fails we can't log this error :/
|
||||
// if logging fails we can't log this error :/
|
||||
|
||||
Api_LeaveCriticalSection(irql);
|
||||
}
|
||||
|
|
|
@ -54,7 +54,7 @@
|
|||
// Note: we want to preserver the order of the settings when enumerating
|
||||
// hence we can not replace the list with a hash map entierly
|
||||
// instead we use booth, here the hash map ise used only for lookups
|
||||
// the keys in the map are only pointers to the name fileds in the list entries
|
||||
// the keys in the map are only pointers to the name fields in the list entries
|
||||
//
|
||||
|
||||
typedef struct _CONF_DATA {
|
||||
|
@ -65,7 +65,7 @@ typedef struct _CONF_DATA {
|
|||
HASH_MAP sections_map;
|
||||
#endif
|
||||
BOOLEAN home; // TRUE if configuration read from Driver_Home_Path
|
||||
ULONG encoding; // 0 - unicode, 1 - utf8, 2 - unicode (byte swaped)
|
||||
ULONG encoding; // 0 - unicode, 1 - utf8, 2 - unicode (byte swapped)
|
||||
volatile ULONG use_count;
|
||||
|
||||
} CONF_DATA;
|
||||
|
|
|
@ -643,7 +643,7 @@ _FX BOOLEAN Driver_FindMissingServices(void)
|
|||
#endif
|
||||
|
||||
//
|
||||
// Retrive some unexported kernel functions that may be usefull
|
||||
// Retrieve some unexported kernel functions that may be useful
|
||||
//
|
||||
|
||||
ZwCreateToken = (P_NtCreateToken) Driver_FindMissingService("ZwCreateToken", 13);
|
||||
|
|
|
@ -658,7 +658,7 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
|||
NULL
|
||||
};
|
||||
static const WCHAR* openPipesCM[] = {
|
||||
// open thos in compartment mode as do not use the de-administrator-ize proxy in File_NtCreateFilePipe
|
||||
// open those in compartment mode as do not use the de-administrator-ize proxy in File_NtCreateFilePipe
|
||||
//
|
||||
L"\\device\\*pipe\\lsarpc",
|
||||
L"\\device\\*pipe\\srvsvc",
|
||||
|
@ -833,7 +833,7 @@ _FX BOOLEAN File_BlockInternetAccess(PROCESS *proc)
|
|||
BOOLEAN ok;
|
||||
|
||||
//
|
||||
// is this process excempted from the blocade
|
||||
// is this process exempted from the blockade
|
||||
//
|
||||
|
||||
if (proc->AllowInternetAccess)
|
||||
|
@ -1416,7 +1416,7 @@ _FX NTSTATUS File_Generic_MyParseProc(
|
|||
|
||||
#ifdef USE_MATCH_PATH_EX
|
||||
//
|
||||
// if this is not a atribute or sync request update the permissions for the network path
|
||||
// if this is not a attribute or sync request update the permissions for the network path
|
||||
//
|
||||
|
||||
if (proc->use_rule_specificity ||
|
||||
|
@ -2562,7 +2562,7 @@ _FX NTSTATUS File_Api_CheckInternetAccess(PROCESS *proc, ULONG64 *parms)
|
|||
wmemcpy(device_name + 8, user_devname, 32);
|
||||
device_name[8+32] = L'\0';
|
||||
|
||||
/* this check is now done in unser mode
|
||||
/* this check is now done in user mode
|
||||
//
|
||||
// convert the device name to lowercase, stop at the first backslash
|
||||
//
|
||||
|
|
|
@ -461,7 +461,7 @@ _FX FLT_PREOP_CALLBACK_STATUS File_PreOperation(
|
|||
}
|
||||
else
|
||||
{
|
||||
// if the file is to be created in the same directroy as the original file, we check if the original file is in a sandboxed location
|
||||
// if the file is to be created in the same directory as the original file, we check if the original file is in a sandboxed location
|
||||
if(!Box_IsBoxedPath(proc->box, file, &pTargetFileNameInfo->Name)) {
|
||||
status = STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
|
|
@ -1508,7 +1508,7 @@ _FX ULONG_PTR Gui_NtUserSetWindowsHookEx(
|
|||
if (HookType == WH_JOURNALRECORD || HookType == WH_JOURNALPLAYBACK ||
|
||||
HookType == WH_KEYBOARD_LL || HookType == WH_MOUSE_LL) {
|
||||
|
||||
// MSDN explictly says these hooks are NOT injected into the target
|
||||
// MSDN explicitly says these hooks are NOT injected into the target
|
||||
|
||||
status = STATUS_SUCCESS;
|
||||
|
||||
|
|
|
@ -1270,7 +1270,7 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
|
|||
|
||||
//
|
||||
// we duplicate the handle into kernel space such that that user
|
||||
// wont be able to grab it while we are evaluaiting it
|
||||
// won't be able to grab it while we are evaluaiting it
|
||||
//
|
||||
|
||||
HANDLE SourceProcessKernelHandle;
|
||||
|
@ -1282,7 +1282,7 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
|
|||
//
|
||||
// driver verifier wants us to provide a kernel handle as process handles
|
||||
// but the source handle must be a user handle and the ZwDuplicateObject
|
||||
// function creates an otehr user handle hence NtClose
|
||||
// function creates another user handle hence NtClose
|
||||
//
|
||||
|
||||
status = ZwDuplicateObject(
|
||||
|
|
|
@ -930,7 +930,7 @@ _FX BOOLEAN Key_MountHive3(
|
|||
InitializeObjectAttributes(&objattrs,
|
||||
&uni, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
|
||||
|
||||
// ZwLoadKey can fail with device path if current process' devicemap is null
|
||||
// ZwLoadKey can fail with device path if current process's devicemap is null
|
||||
// One workaround is to call ObOpenObjectByName and it will trigger devicemap
|
||||
// to be initialized. Note, Using C: is not necessary. The disk volume doesn't
|
||||
// need to be there.L"\\??\\A:" works in the tests.
|
||||
|
|
|
@ -141,7 +141,7 @@ CHAR* log_buffer_get_next(LOG_BUFFER_SEQ_T seq_number, LOG_BUFFER* ptr_buffer)
|
|||
}
|
||||
|
||||
if (ptr_buffer->buffer_used != 0)
|
||||
return ptr_buffer->buffer_start_ptr; // we havn't found the next entry and we have entries, so return the first entry
|
||||
return ptr_buffer->buffer_start_ptr; // we haven't found the next entry and we have entries, so return the first entry
|
||||
return NULL; // the buffer is apparently empty, return NULL
|
||||
}
|
||||
|
||||
|
|
|
@ -1015,7 +1015,7 @@ typedef struct _FLT_CONTEXT_REGISTRATION {
|
|||
// allocation of that entry.
|
||||
//
|
||||
// NOTE: These fields are ignored if Allocate & Free routines are
|
||||
// specifed.
|
||||
// specified.
|
||||
//
|
||||
|
||||
SIZE_T Size;
|
||||
|
@ -1371,7 +1371,7 @@ typedef ULONG FLT_FILE_NAME_OPTIONS;
|
|||
//
|
||||
// This flag is to be used by name provider filters to specify that a name
|
||||
// query request they are making should be redirected to their filter rather
|
||||
// than being satified by the name providers lower in the stack.
|
||||
// than being satisfied by the name providers lower in the stack.
|
||||
//
|
||||
#define FLT_FILE_NAME_REQUEST_FROM_CURRENT_PROVIDER 0x01000000
|
||||
|
||||
|
|
|
@ -225,7 +225,7 @@ _FX OB_PREOP_CALLBACK_STATUS Obj_PreOperationCallback(
|
|||
InitialDesiredAccess = *DesiredAccess;
|
||||
|
||||
//
|
||||
// Based on the object type apply the apropriate filter
|
||||
// Based on the object type apply the appropriate filter
|
||||
//
|
||||
|
||||
if (PreInfo->ObjectType == *PsProcessType) {
|
||||
|
|
|
@ -543,7 +543,7 @@ _FX void Process_CreateTerminated(HANDLE ProcessId, ULONG SessionId)
|
|||
PROCESS *proc;
|
||||
KIRQL irql;
|
||||
|
||||
if (SessionId != -1) { // for StartRunAlertDenied, dont log in this case
|
||||
if (SessionId != -1) { // for StartRunAlertDenied, don't log in this case
|
||||
|
||||
pid_str.Length = 10 * sizeof(WCHAR);
|
||||
pid_str.MaximumLength = pid_str.Length + sizeof(WCHAR);
|
||||
|
@ -762,7 +762,7 @@ _FX PROCESS *Process_Create(
|
|||
//Process_CreateTerminated(ProcessId, box->session_id);
|
||||
//return NULL;
|
||||
|
||||
// allow the process to run for a sort while to allow the features to be avaluated
|
||||
// allow the process to run for a sort while to allow the features to be evaluated
|
||||
Process_ScheduleKill(proc, 5*60*1000); // 5 minutes
|
||||
}
|
||||
}
|
||||
|
@ -912,7 +912,7 @@ _FX void Process_NotifyProcess(
|
|||
if (Create) {
|
||||
|
||||
//
|
||||
// it is possible to specify the parrent process when calling RtlCreateUserProcess
|
||||
// it is possible to specify the parent process when calling RtlCreateUserProcess
|
||||
// this is for example done by the appinfo service running under svchost.exe
|
||||
// to start LocalBridge.exe with RuntimeBroker.exe as parent
|
||||
// hence we take for our purposes the ID of the process calling RtlCreateUserProcess instead
|
||||
|
@ -999,7 +999,7 @@ _FX void Process_NotifyProcessEx(
|
|||
if (CreateInfo != NULL) {
|
||||
|
||||
//
|
||||
// it is possible to specify the parrent process when calling RtlCreateUserProcess
|
||||
// it is possible to specify the parent process when calling RtlCreateUserProcess
|
||||
// this is for example done by the appinfo service running under svchost.exe
|
||||
// to start LocalBridge.exe with RuntimeBroker.exe as parent
|
||||
// hence we take for our purposes the ID of the process calling RtlCreateUserProcess instead
|
||||
|
@ -1093,7 +1093,7 @@ _FX BOOLEAN Process_NotifyProcess_Create(
|
|||
// there are a couple of scenarios here
|
||||
// a. CallerId == ParentId boring, all's fine
|
||||
// b. Caller is sandboxed designated Parent is NOT sandboxed,
|
||||
// possible sandbox escape atempt
|
||||
// possible sandbox escape attempt
|
||||
// c. Caller is not sandboxed, designated Parent IS sandboxed,
|
||||
// service trying to start something on the behalf of a sandboxed process
|
||||
// eg. seclogon reacting to a runas request
|
||||
|
@ -1187,7 +1187,7 @@ _FX BOOLEAN Process_NotifyProcess_Create(
|
|||
RtlInitUnicodeString(&image_uni, ImagePath);
|
||||
if (!Box_IsBoxedPath(box, file, &image_uni)) {
|
||||
|
||||
check_forced_program = TRUE; // the break out process of one box may be the forced process of an otehr
|
||||
check_forced_program = TRUE; // the breakout process of one box may be the forced process of another
|
||||
breakout_box = box;
|
||||
box = NULL;
|
||||
}
|
||||
|
@ -1344,8 +1344,8 @@ _FX BOOLEAN Process_NotifyProcess_Create(
|
|||
else if (Driver_OsVersion >= DRIVER_WINDOWS_8) {
|
||||
|
||||
//
|
||||
// on windows 8 and later we can have nested jobs so asigning a
|
||||
// boxed job to a process will not interfear with the job assigned by SbieSvc
|
||||
// on windows 8 and later we can have nested jobs so assigning a
|
||||
// boxed job to a process will not interfere with the job assigned by SbieSvc
|
||||
//
|
||||
|
||||
new_proc->can_use_jobs = Conf_Get_Boolean(new_proc->box->name, L"AllowBoxedJobs", 0, FALSE);
|
||||
|
@ -1623,11 +1623,11 @@ _FX void Process_NotifyImage(
|
|||
void Process_SetTerminated(PROCESS *proc, ULONG reason)
|
||||
{
|
||||
//
|
||||
// This function markes a process for termination, this causes File_PreOperation
|
||||
// This function marks a process for termination, this causes File_PreOperation
|
||||
// and Key_Callback to return STATUS_PROCESS_IS_TERMINATING which prevents
|
||||
// the process form accessing the file system and the registry
|
||||
//
|
||||
// Note: if this is set during process creation the process wont be able to start at all
|
||||
// Note: if this is set during process creation the process won't be able to start at all
|
||||
//
|
||||
|
||||
if (!proc->terminated)
|
||||
|
|
|
@ -325,7 +325,7 @@ ULONG Process_MatchPathEx(
|
|||
LIST *read_list, LIST *write_list,
|
||||
const WCHAR** patsrc);
|
||||
|
||||
// Process_GetConf: retrives a configuration data value for a given process
|
||||
// Process_GetConf: retrieves a configuration data value for a given process
|
||||
// use with Conf_AdjustUseCount to make sure the returned pointer is valid
|
||||
|
||||
const WCHAR* Process_GetConf(PROCESS* proc, const WCHAR* setting);
|
||||
|
|
|
@ -83,7 +83,7 @@ _FX NTSTATUS Process_Api_Start(PROCESS *proc, ULONG64 *parms)
|
|||
if (user_box_parm < 0) {
|
||||
|
||||
//
|
||||
// if paramter is negative, it specifies the pid number for a
|
||||
// if parameter is negative, it specifies the pid number for a
|
||||
// process, from which we copy the box information, including
|
||||
// SID and session
|
||||
//
|
||||
|
@ -947,7 +947,7 @@ _FX NTSTATUS Process_Enumerate(
|
|||
#ifdef USE_PROCESS_MAP
|
||||
|
||||
//
|
||||
// quick shortcut for global count retrival
|
||||
// quick shortcut for global count retrieval
|
||||
//
|
||||
|
||||
if (pids == NULL && (! boxname[0]) && all_sessions) { // no pids, all boxes, all sessions
|
||||
|
|
|
@ -284,7 +284,7 @@ _FX BOX *Process_GetForcedStartBox(
|
|||
}
|
||||
|
||||
//
|
||||
// check if proces should be injected
|
||||
// check if process should be injected
|
||||
//
|
||||
|
||||
if ((! box) && (alert != 1) && pHostInject != NULL) {
|
||||
|
|
|
@ -445,7 +445,7 @@ _FX BOOLEAN Process_GetPaths(
|
|||
|
||||
if (closed && (*value == L'!')) {
|
||||
|
||||
// dont close paths for sbie components
|
||||
// don't close paths for sbie components
|
||||
if (closed_ipc && proc->image_sbie)
|
||||
continue;
|
||||
|
||||
|
@ -878,7 +878,7 @@ _FX int Process_MatchPathList(
|
|||
level = cur_level;
|
||||
if (patsrc) *patsrc = Pattern_Source(pat);
|
||||
|
||||
// we need to test all entries to find the best match, so we dont break here
|
||||
// we need to test all entries to find the best match, so we don't break here
|
||||
}
|
||||
|
||||
//
|
||||
|
@ -990,7 +990,7 @@ _FX ULONG Process_MatchPathEx(
|
|||
// and read access to user data must be explicityl grated,
|
||||
// also all writes are redirected to the sandbox
|
||||
//
|
||||
// To enable privacy enchanced mode add UsePrivacyMode=y
|
||||
// To enable privacy enhanced mode add UsePrivacyMode=y
|
||||
//
|
||||
|
||||
mp_flags = TRUE_PATH_CLOSED_FLAG | COPY_PATH_OPEN_FLAG; // write path mode
|
||||
|
@ -1016,7 +1016,7 @@ _FX ULONG Process_MatchPathEx(
|
|||
|
||||
//
|
||||
// write path list, behaved on the driver side like closed path list
|
||||
// these paths allow read acces to true location and read/write access to copy location
|
||||
// these paths allow read access to true location and read/write access to copy location
|
||||
//
|
||||
|
||||
if (write_list) {
|
||||
|
@ -1034,7 +1034,7 @@ _FX ULONG Process_MatchPathEx(
|
|||
|
||||
//
|
||||
// read path list behaves in the kernel like the default normal behavioure
|
||||
// these paths allow read only acces to true path and copy locations
|
||||
// these paths allow read only access to true path and copy locations
|
||||
//
|
||||
|
||||
if (read_list) {
|
||||
|
@ -1064,7 +1064,7 @@ _FX ULONG Process_MatchPathEx(
|
|||
if (patsrc) *patsrc = curpat;
|
||||
|
||||
mp_flags = TRUE_PATH_READ_FLAG | COPY_PATH_OPEN_FLAG;
|
||||
// dont goto finish as open can overwrite this
|
||||
// don't goto finish as open can overwrite this
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1530,7 +1530,7 @@ _FX BOOLEAN Process_ScheduleKill(PROCESS *proc, LONG delay_ms)
|
|||
|
||||
if (proc->reason == 0)
|
||||
RtlStringCbPrintfW(text, len, L"%s", proc->image_name);
|
||||
else if (proc->reason != -1) // in this case we have SBIE1308 and dont want any other messages
|
||||
else if (proc->reason != -1) // in this case we have SBIE1308 and don't want any other messages
|
||||
RtlStringCbPrintfW(text, len, L"%s [%d]", proc->image_name, proc->reason);
|
||||
else
|
||||
*text = 0;
|
||||
|
|
|
@ -727,7 +727,7 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
|
|||
ProbeForRead(log_data, log_len * sizeof(WCHAR), sizeof(WCHAR));
|
||||
|
||||
//
|
||||
// if we dont need to check_object_exists we can use a shortcut
|
||||
// if we don't need to check_object_exists we can use a shortcut
|
||||
//
|
||||
|
||||
if (!args->check_object_exists.val64){
|
||||
|
|
|
@ -193,7 +193,7 @@ _FX NTSTATUS Syscall_CheckObject(
|
|||
proc, OpenedObject, &Name->Name, HandleInfo->GrantedAccess);
|
||||
|
||||
//
|
||||
// process/thread access has an own loggin routine
|
||||
// process/thread access has its own logging routine
|
||||
//
|
||||
|
||||
if ((syscall_entry->name_len == 11 && memcmp(syscall_entry->name, "OpenProcess", 11) == 0) ||
|
||||
|
@ -470,7 +470,7 @@ next:
|
|||
}
|
||||
|
||||
//
|
||||
// always close the old handle we were nto allowed to access
|
||||
// always close the old handle we were not allowed to access
|
||||
//
|
||||
|
||||
if (OldHandle != (HANDLE)user_args[0]) {
|
||||
|
@ -501,7 +501,7 @@ next:
|
|||
if (!NT_SUCCESS(status)) {
|
||||
|
||||
//
|
||||
// if we are not alowed to open this process, try the next one, don't forget to close this handle!
|
||||
// if we are not allowed to open this process, try the next one, don't forget to close this handle!
|
||||
//
|
||||
|
||||
user_args[0] = (ULONG_PTR)NewHandle;
|
||||
|
|
|
@ -153,7 +153,7 @@ _FX BOOLEAN Syscall_Init_List32(void)
|
|||
List_Init(&Syscall_List32);
|
||||
|
||||
//
|
||||
// preapre the enabled/disabled lists
|
||||
// prepare the enabled/disabled lists
|
||||
//
|
||||
|
||||
LIST enabled_hooks;
|
||||
|
@ -253,8 +253,8 @@ _FX BOOLEAN Syscall_Init_List32(void)
|
|||
|
||||
//
|
||||
// we don't hook UserCreateWindowEx as it uses callbacks into
|
||||
// user space from teh kernel, for ocne this does not play well
|
||||
// with out sys call interface, but also it would be a security issue
|
||||
// user space from the kernel, for once this does not play well
|
||||
// with our system call interface, but it would also be a security issue
|
||||
// to allow user code execution while we have restored the original token
|
||||
//
|
||||
// also some hooks cause BSOD's for now we just blacklist them
|
||||
|
|
|
@ -414,7 +414,7 @@ _FX BOOLEAN Thread_AdjustGrantedAccess(void)
|
|||
|
||||
//
|
||||
// on Windows XP, the kernel caches a granted access value for use
|
||||
// with the psuedo handle NtCurrentThread(), but this value is
|
||||
// with the pseudo handle NtCurrentThread(), but this value is
|
||||
// computed using the real primary token which is highly restricted.
|
||||
// we have to fix this value
|
||||
//
|
||||
|
@ -1014,7 +1014,7 @@ _FX NTSTATUS Thread_CheckObject_Common(
|
|||
}
|
||||
|
||||
//
|
||||
// if an error occured and can't find pid, then don't allow
|
||||
// if an error occurred and can't find pid, then don't allow
|
||||
//
|
||||
|
||||
pid = (ULONG_PTR)PsGetProcessId(ProcessObject);
|
||||
|
|
|
@ -1594,7 +1594,7 @@ _FX NTSTATUS Thread_CheckTokenObject(
|
|||
//
|
||||
// this function is called from Syscall_DuplicateHandle_2 to check
|
||||
// access granted to a token object. if none of the special permissions
|
||||
// were requested, we can immmediately approve the request
|
||||
// were requested, we can immediately approve the request
|
||||
//
|
||||
|
||||
if (! (GrantedAccess & TOKEN_DENIED_ACCESS_MASK))
|
||||
|
|
|
@ -1452,7 +1452,7 @@ _FX void *Token_RestrictHelper3(
|
|||
|
||||
BOOLEAN UserSidAlreadyInGroups = FALSE;
|
||||
BOOLEAN AnonymousLogonSidAlreadyInGroups = FALSE;
|
||||
// todo: should we do somethign with SandboxieLogonSid here?
|
||||
// todo: should we do something with SandboxieLogonSid here?
|
||||
BOOLEAN KeepUserGroup = Conf_Get_Boolean(proc->box->name, L"KeepUserGroup", 0, FALSE);
|
||||
|
||||
n = 0;
|
||||
|
@ -2159,7 +2159,7 @@ _FX void *Token_DuplicateToken(void *TokenObject, PROCESS *proc)
|
|||
|
||||
//
|
||||
// This just duplicates a token starting with an object instead of a handle
|
||||
// using SepDuplicateToken would be more convinient but its unexported :/
|
||||
// using SepDuplicateToken would be more convenient but it is unexported :/
|
||||
//
|
||||
|
||||
HANDLE OldTokenHandle;
|
||||
|
@ -2258,7 +2258,7 @@ _FX void* Token_CreateNew(void* TokenObject, PROCESS* proc)
|
|||
SECURITY_QUALITY_OF_SERVICE SecurityQos;
|
||||
|
||||
//
|
||||
// Gether informations from the original token
|
||||
// Gather information from the original token
|
||||
//
|
||||
|
||||
if ( !NT_SUCCESS(SeQueryInformationToken(TokenObject, TokenStatistics, &LocalStatistics))
|
||||
|
|
|
@ -233,7 +233,7 @@ BOOLEAN UnicodeStringEndsWith(PCUNICODE_STRING pString1, PWCHAR pString2, BOOLEA
|
|||
|
||||
BOOLEAN DoesRegValueExist(ULONG RelativeTo, WCHAR *Path, WCHAR *ValueName)
|
||||
{
|
||||
WCHAR DummyBuffer[1] = {0}; // if we provide a NULL buffer this wil cause a memory pool leak someware in the kernel
|
||||
WCHAR DummyBuffer[1] = {0}; // if we provide a NULL buffer, this will cause a memory pool leak somewhere in the kernel
|
||||
UNICODE_STRING Dummy = { 0, sizeof(DummyBuffer), DummyBuffer };
|
||||
return GetRegString(RelativeTo, Path, ValueName, &Dummy);
|
||||
}
|
||||
|
|
|
@ -718,7 +718,7 @@ _FX NTSTATUS KphValidateCertificate(void)
|
|||
level = NULL;
|
||||
}
|
||||
|
||||
// Checks if the certi if within its validity periode, failing that has no effect except ui notification
|
||||
// Checks if the certificate is within its validity period, otherwise it has no effect except for UI notification
|
||||
#define TEST_CERT_DATE(days, months, years) \
|
||||
if ((cert_date.QuadPart + KphGetDateInterval(days, months, years)) < LocalTime.QuadPart){ \
|
||||
Verify_CertInfo.expired = 1; \
|
||||
|
@ -768,7 +768,7 @@ _FX NTSTATUS KphValidateCertificate(void)
|
|||
else if (level && _wcsicmp(level, L"TEST") == 0) { // test certificate 5 days only
|
||||
TEST_EXPIRATION(5, 0, 0);
|
||||
}
|
||||
else if (level && _wcsicmp(level, L"ENTRY") == 0) { // patreon entry level, first 3 monts, later longer
|
||||
else if (level && _wcsicmp(level, L"ENTRY") == 0) { // patreon entry level, first 3 months, later longer
|
||||
TEST_EXPIRATION(0, 3, 0);
|
||||
}
|
||||
else /*if (!level || _wcsicmp(level, L"SMALL") == 0)*/ { // valid for 1 year
|
||||
|
|
|
@ -396,7 +396,7 @@ _FX BOOLEAN WFP_Install_Callbacks(void)
|
|||
status = WFP_RegisterCallout(&WPF_RECV_CALLOUT_GUID_V6, &FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6, &WFP_recv_callout_id_v6, &WFP_recv_filter_id_v6);
|
||||
stage = 0x44; if (!NT_SUCCESS(status)) goto Exit;
|
||||
|
||||
// note: we could also setup FWPM_LAYER_ALE_AUTH_LISTEN_V4 but since we block all accepts we dont have to
|
||||
// note: we could also setup FWPM_LAYER_ALE_AUTH_LISTEN_V4 but since we block all accepts we don't have to
|
||||
|
||||
|
||||
// Commit transaction to the Filter Engine
|
||||
|
@ -535,7 +535,7 @@ NTSTATUS WFP_RegisterCallout(const GUID* calloutKey, const GUID* applicableLayer
|
|||
FWPM_FILTER filter = { 0 };
|
||||
filter.displayData.name = WFP_FILTER_NAME;
|
||||
filter.displayData.description = WFP_FILTER_DESCRIPTION;
|
||||
filter.action.type = FWP_ACTION_CALLOUT_TERMINATING; // Says this filter's callout MUST make a block/permit decission
|
||||
filter.action.type = FWP_ACTION_CALLOUT_TERMINATING; // Says this filter's callout MUST make a block/permit decision
|
||||
filter.subLayerKey = WFP_SUBLAYER_GUID;
|
||||
filter.weight.type = FWP_UINT8;
|
||||
filter.weight.uint8 = 0xf; // The weight of this filter within its sublayer
|
||||
|
@ -640,7 +640,7 @@ BOOLEAN WFP_InitProcess(PROCESS* proc)
|
|||
#endif
|
||||
|
||||
if(map_get(&WFP_Processes, wfp_proc->ProcessId) != NULL)
|
||||
ok = FALSE; // that woudl be a duplicate, should not happen, but in case
|
||||
ok = FALSE; // that would be a duplicate, should not happen, but in case
|
||||
else if (!map_insert(&WFP_Processes, wfp_proc->ProcessId, wfp_proc, 0))
|
||||
ok = FALSE;
|
||||
|
||||
|
@ -871,13 +871,13 @@ void WFP_classify(
|
|||
char trace_strA[256];
|
||||
if (v6) {
|
||||
RtlStringCbPrintfA(trace_strA, sizeof(trace_strA), "%s Network Traffic; Port: %u; Prot: %u; IPv6: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x",
|
||||
send ? "Outgoing " : "Incomming ", remote_port, protocol,
|
||||
send ? "Outgoing " : "Incoming ", remote_port, protocol,
|
||||
remote_ip.Data[0], remote_ip.Data[1], remote_ip.Data[2], remote_ip.Data[3], remote_ip.Data[4], remote_ip.Data[5], remote_ip.Data[6], remote_ip.Data[7],
|
||||
remote_ip.Data[8], remote_ip.Data[9], remote_ip.Data[10], remote_ip.Data[11], remote_ip.Data[12], remote_ip.Data[13], remote_ip.Data[14], remote_ip.Data[15]);
|
||||
}
|
||||
else {
|
||||
RtlStringCbPrintfA(trace_strA, sizeof(trace_strA), "%s Network Traffic; Port: %u; Prot: %u; IPv4: %d.%d.%d.%d",
|
||||
send ? "Outgoing " : "Incomming ", remote_port, protocol,
|
||||
send ? "Outgoing " : "Incoming ", remote_port, protocol,
|
||||
remote_ip.Data[12], remote_ip.Data[13], remote_ip.Data[14], remote_ip.Data[15]);
|
||||
}
|
||||
|
||||
|
|
|
@ -299,8 +299,8 @@ void DriverAssist::MsgWorkerThread(void *MyMsg)
|
|||
#ifdef NEW_INI_MODE
|
||||
|
||||
//
|
||||
// in case the ini was edited externaly, i.e. by notepad.exe
|
||||
// we update the ini cache each time the deriver reloads the ini file
|
||||
// in case the ini was edited externally, i.e. by notepad.exe
|
||||
// we update the ini cache each time the driver reloads the ini file
|
||||
//
|
||||
|
||||
SbieIniServer::NotifyConfigReloaded();
|
||||
|
@ -474,7 +474,7 @@ void DriverAssist::CancelProcess(void *_msg)
|
|||
|
||||
if (msg->reason == 0)
|
||||
SbieApi_LogEx(msg->session_id, 2314, msg->process_name);
|
||||
else if (msg->reason != -1) // in this case we have SBIE1308 and dont want any other messages
|
||||
else if (msg->reason != -1) // in this case we have SBIE1308 and don't want any other messages
|
||||
SbieApi_LogEx(msg->session_id, 2314, L"%S [%d / %d]", msg->process_name, msg->process_id, msg->reason);
|
||||
}
|
||||
|
||||
|
|
|
@ -1646,7 +1646,7 @@ ULONG GuiServer::CreateConsoleSlave(SlaveArgs *args)
|
|||
}
|
||||
|
||||
//
|
||||
// prepare commnand line for console helper process
|
||||
// prepare command line for console helper process
|
||||
//
|
||||
|
||||
cmdline = (WCHAR *)HeapAlloc(
|
||||
|
@ -3432,7 +3432,7 @@ BOOL CALLBACK EnumThreadWndProc(HWND hwnd, LPARAM lParam)
|
|||
GUI_REMOVE_HOST_WINDOW_RPL* pRpl = (GUI_REMOVE_HOST_WINDOW_RPL*)lParam; // pRpl is from caller's stack.
|
||||
|
||||
// thread window should from guest process. We only need check the first window's process.
|
||||
// Note, GetWindowThreadProcessId is not availabe in XP.
|
||||
// Note, GetWindowThreadProcessId is not available in XP.
|
||||
if (pRpl->status == STATUS_UNSUCCESSFUL)
|
||||
{
|
||||
if (isGuestProcessWindow(hwnd))
|
||||
|
@ -4340,7 +4340,7 @@ void GuiServer::RunConsoleSlave(const WCHAR *evtname)
|
|||
}
|
||||
}
|
||||
|
||||
//HeapFree(GetProcessHeap(), 0, pids); // dont bother we ExitProcess aynways
|
||||
//HeapFree(GetProcessHeap(), 0, pids); // don't bother we ExitProcess aynways
|
||||
}
|
||||
|
||||
ExitProcess(0);
|
||||
|
|
|
@ -550,7 +550,7 @@ MSG_HEADER *ProcessServer::RunSandboxedHandler(MSG_HEADER *msg)
|
|||
if (lpProgram) {
|
||||
|
||||
//
|
||||
// check if the process/directory is configued for breakout
|
||||
// check if the process/directory is configured for breakout
|
||||
// if its a BreakoutProcess we must also test if the path is not in the sandbox itself
|
||||
//
|
||||
|
||||
|
@ -559,14 +559,14 @@ MSG_HEADER *ProcessServer::RunSandboxedHandler(MSG_HEADER *msg)
|
|||
|| SbieDll_CheckPatternInList(lpApplicationName, (ULONG)(lpProgram - lpApplicationName), boxname, L"BreakoutFolder")) {
|
||||
|
||||
//
|
||||
// this is a break out process, its alowed to leave teh sandbox
|
||||
// this is a breakout process, it is allowed to leave the sandbox
|
||||
//
|
||||
|
||||
BoxNameOrModelPid = 0;
|
||||
FilterHandles = TRUE;
|
||||
|
||||
//
|
||||
// check if it shoudl en up in an other box
|
||||
// check if it should end up in another box
|
||||
//
|
||||
|
||||
WCHAR BoxName[34];
|
||||
|
@ -580,7 +580,7 @@ MSG_HEADER *ProcessServer::RunSandboxedHandler(MSG_HEADER *msg)
|
|||
|| SbieDll_CheckPatternInList(lpApplicationName, (ULONG)(lpProgram - lpApplicationName), BoxName, L"ForceFolder")) {
|
||||
|
||||
//
|
||||
// check if the breakout process is suposed to end in the box its trying to break out of
|
||||
// check if the breakout process is supposed to end in the box it is trying to break out of
|
||||
// and deny the breakout in that case, to take the normal process creation route
|
||||
//
|
||||
// this happens when a break out is configured globally
|
||||
|
@ -593,7 +593,7 @@ MSG_HEADER *ProcessServer::RunSandboxedHandler(MSG_HEADER *msg)
|
|||
}
|
||||
|
||||
//
|
||||
// set otehr box
|
||||
// set other box
|
||||
//
|
||||
|
||||
BoxNameOrModelPid = (LONG_PTR)boxname;
|
||||
|
@ -615,7 +615,7 @@ MSG_HEADER *ProcessServer::RunSandboxedHandler(MSG_HEADER *msg)
|
|||
if (PrimaryTokenHandle) {
|
||||
|
||||
//
|
||||
// copy STARTUPINFO paramters from caller
|
||||
// copy STARTUPINFO parameters from caller
|
||||
//
|
||||
|
||||
STARTUPINFO si;
|
||||
|
@ -793,7 +793,7 @@ bool ProcessServer__RunRpcssAsSystem(const WCHAR* boxname)
|
|||
// OriginalToken END
|
||||
|
||||
//
|
||||
// if we run MSIServer as system we need to run the sandboxed Rpcss as system to or else it wil fail
|
||||
// if we run MSIServer as system we need to run the sandboxed Rpcss as system to or else it will fail
|
||||
//
|
||||
|
||||
if (SbieApi_QueryConfBool(boxname, L"MsiInstallerExemptions", FALSE) || SbieApi_QueryConfBool(boxname, L"RunServicesAsSystem", FALSE))
|
||||
|
@ -1101,7 +1101,7 @@ BOOL ProcessServer::RunSandboxedStripPrivilege(HANDLE NewTokenHandle, LPCWSTR lp
|
|||
|
||||
NTSTATUS status = NtAdjustPrivilegesToken(NewTokenHandle, FALSE, &NewState, sizeof(NewState), (PTOKEN_PRIVILEGES)NULL, 0);
|
||||
|
||||
return NT_SUCCESS(status); // STATUS_SUCCESS or STATUS_NOT_ALL_ASSIGNED when the privilege wasnt there in the first palce, which is also passes NT_SUCCESS
|
||||
return NT_SUCCESS(status); // STATUS_SUCCESS or STATUS_NOT_ALL_ASSIGNED when the privilege wasn't there in the first place, which is also passes NT_SUCCESS
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -1718,7 +1718,7 @@ void ComServer::GetClassObjectSlave(void *_map, LIST *ObjectsList,
|
|||
|
||||
//
|
||||
// elevate using CoGetObject
|
||||
// this is primarily inteded for the firewall object
|
||||
// this is primarily intended for the firewall object
|
||||
//
|
||||
|
||||
typedef struct tagBIND_OPTS3 {
|
||||
|
|
|
@ -347,7 +347,7 @@ _FX void ComServer_RestartProgram(const WCHAR *arg)
|
|||
*ptr = L'\0';
|
||||
|
||||
#ifdef COMSERVER_DEBUG
|
||||
OutputDebugString(L"ComServer Restart Commmand Line:\n");
|
||||
OutputDebugString(L"ComServer Restart Command Line:\n");
|
||||
OutputDebugString(cmd);
|
||||
#endif
|
||||
|
||||
|
|
|
@ -686,7 +686,7 @@ _FX HRESULT IEServer_IHTMLWindow2_NotImpl(IHTMLWindow2 *This)
|
|||
_FX void IEServer_RestartProgram(const WCHAR *arg)
|
||||
{
|
||||
#ifdef COMSERVER_DEBUG
|
||||
OutputDebugString(L"IEServer Restart Commmand Line:\n");
|
||||
OutputDebugString(L"IEServer Restart Command Line:\n");
|
||||
OutputDebugString(arg);
|
||||
#endif
|
||||
|
||||
|
|
|
@ -488,7 +488,7 @@ finish:
|
|||
bool CheckDropRights(const WCHAR *BoxName)
|
||||
{
|
||||
if (SbieApi_QueryConfBool(BoxName, L"NoSecurityIsolation", FALSE))
|
||||
return false; // if we are not swaping the token we can not drop admin rights so keep this consistent
|
||||
return false; // if we are not swapping the token we can not drop admin rights so keep this consistent
|
||||
if (SbieApi_QueryConfBool(BoxName, L"DropAdminRights", FALSE))
|
||||
return true;
|
||||
return false;
|
||||
|
@ -559,7 +559,7 @@ bool IsHostPath(HANDLE idProcess, WCHAR* dos_path)
|
|||
ULONG len = 0;
|
||||
|
||||
//
|
||||
// get the final file path by opening it and retreiving it from the handle
|
||||
// get the final file path by opening it and retrieving it from the handle
|
||||
//
|
||||
|
||||
handle = CreateFileW(dos_path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
|
||||
|
|
|
@ -75,7 +75,7 @@ SbieIniServer::SbieIniServer(PipeServer *pipeServer)
|
|||
|
||||
SbieIniServer::~SbieIniServer()
|
||||
{
|
||||
m_instance = this; // fix-me: potential race condition, but this does nto mater as we dont use teh destructor anyways
|
||||
m_instance = this; // fix-me: potential race condition, but this does not matter as we don't use the destructor anyways
|
||||
|
||||
EnterCriticalSection(&m_instance->m_critsec);
|
||||
|
||||
|
@ -1014,7 +1014,7 @@ MSG_HEADER *SbieIniServer::GetSetting(MSG_HEADER *msg)
|
|||
}
|
||||
|
||||
//
|
||||
// preapre the reply
|
||||
// prepare the reply
|
||||
//
|
||||
|
||||
ULONG rpl_len = sizeof(SBIE_INI_SETTING_RPL) + (iniData.size() + 1) * sizeof(WCHAR);
|
||||
|
@ -1074,7 +1074,7 @@ ULONG SbieIniServer::SetSetting(MSG_HEADER* msg)
|
|||
|
||||
WCHAR* iniDataPtr = req->value;
|
||||
Ini_Read_ConfigSection(iniDataPtr, entries);
|
||||
if (*iniDataPtr != L'\0') // there must be no sections inside an otehr section
|
||||
if (*iniDataPtr != L'\0') // there must be no sections inside another section
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
|
||||
pSection->Entries = entries;
|
||||
|
@ -1177,7 +1177,7 @@ ULONG SbieIniServer::AddSetting(MSG_HEADER* msg, bool insert)
|
|||
if(!insert || pos == pSection->Entries.end())
|
||||
pos = I;
|
||||
if (_wcsicmp(I->Value.c_str(), req->value) == 0) {
|
||||
// this value is already present, so lets abbort right here
|
||||
// this value is already present, so let's abort right here
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
}
|
||||
|
@ -2007,7 +2007,7 @@ ULONG SbieIniServer::RefreshConf()
|
|||
|
||||
//
|
||||
// rebuild the ini from the cache with new values, if present,
|
||||
// and keeping coments and most of the formating
|
||||
// and keeping comments and most of the formatting
|
||||
//
|
||||
|
||||
for (auto I = m_pConfigIni->Sections.begin(); I != m_pConfigIni->Sections.end(); ++I)
|
||||
|
|
|
@ -549,8 +549,8 @@ MSG_HEADER *TerminalServer::GetUserToken(MSG_HEADER *msg)
|
|||
&& !SbieApi_QueryConfBool(boxname, L"UnfilteredToken", FALSE))
|
||||
// UnfilteredToken END
|
||||
{
|
||||
// of one of the above is true we handle unfiltered tokens
|
||||
// if not we need to filter the token or else security checks in the driver wil fail!
|
||||
// if one of the above is true, we handle unfiltered tokens
|
||||
// if not, we need to filter the token, otherwise security checks in the driver will fail!
|
||||
|
||||
if (!NT_SUCCESS(SbieApi_Call(API_FILTER_TOKEN, 3, (ULONG_PTR)idProcess, (ULONG_PTR)hToken, (ULONG_PTR)&hFilteredToken)))
|
||||
goto fail;
|
||||
|
|
Loading…
Reference in New Issue