mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

Fix some spelling errors

This commit is contained in:
Aleksey Smirnov 2022-04-15 00:46:50 +03:00 committed by GitHub
parent 40c4ef298f
commit a809f59f9e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
77 changed files with 184 additions and 184 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Sandboxie/common/bignum.c
View File

@ -219,9 +219,9 @@ _FX BIGNUM BigNum_ShiftRight(POOL *pool, BIGNUM BigNumA, ULONG Bits)
{ {
// //
// shift an input bignum by the specified number of bits. calculate // shift an input bignum by the specified number of bits. calculate
// the number of words in the result as the number of signficant words // the number of words in the result as the number of significant words
// in the input, minus the number of shift bits divided by the size of // in the input, minus the number of shift bits divided by the size of
// a bignum word. if the new length is zero or one words, then use a // a bignum word. If the new length is zero or one words, then use a
// zero value or the value of the highest word, respectively, to create // zero value or the value of the highest word, respectively, to create
// a single word bignum. otherwise right-shift each two consecutive // a single word bignum. otherwise right-shift each two consecutive
// words from the input bignum into a single word in the result bignum. // words from the input bignum into a single word in the result bignum.
@ -292,12 +292,12 @@ _FX BIGNUM BigNum_ShiftLeft(
{ {
// //
// shift an input bignum by the specified number of bits and 'or' the // shift an input bignum by the specified number of bits and 'or' the
// last parameter into the resulting low order word. if the number of // last parameter into the resulting low order word. If the number of
// signficant words in the input is zero, the create a single word // significant words in the input is zero, the create a single word
// bignum using the 'or' value. otherwise calculatevthe number of // bignum using the 'or' value. Otherwise calculate the number of
// words in the result as the number of signficant words in the input, // words in the result as the number of significant words in the input,
// plus the number of shift bits divided by the size of a bignum word. // plus the number of shift bits divided by the size of a bignum word.
// left-shift each two consecutive words from the input bignum into a // Left-shift each two consecutive words from the input bignum into a
// single word in the result bignum. // single word in the result bignum.
// //

4
Sandboxie/common/ini.cpp
View File

@ -37,10 +37,10 @@ WCHAR* Ini_Prep_ConfigLine(WCHAR* iniDataPtr, WCHAR* &line, WCHAR* &end)
while (*line == L' ' || *line == L'\t' || *line == L'\r') line++; while (*line == L' ' || *line == L'\t' || *line == L'\r') line++;
// find the line ending // find the line ending
end = wcschr(line, L'\n'); end = wcschr(line, L'\n');
// if there is no line ending its teh last line so fine the sring termiantor // it is the last line if there is no line ending, so find the string terminator
if (end == NULL) iniDataPtr = end = wcschr(line, L'\0'); if (end == NULL) iniDataPtr = end = wcschr(line, L'\0');
else iniDataPtr = end + 1; else iniDataPtr = end + 1;
// trim tailing whitespaces // trim trailing whitespaces
while (end > line && (*(end-1) == L' ' || *(end-1) == L'\t' || *(end-1) == L'\r')) end--; while (end > line && (*(end-1) == L' ' || *(end-1) == L'\t' || *(end-1) == L'\r')) end--;
// return pointer to next line // return pointer to next line
return iniDataPtr; return iniDataPtr;

2
Sandboxie/common/json/JSONValue.cpp
View File

@ -298,7 +298,7 @@ JSONValue *JSONValue::Parse(const wchar_t **data)
return NULL; return NULL;
} }
// Ran out of possibilites, it's bad! // Ran out of possibilities, it's bad!
else else
{ {
return NULL; return NULL;

2
Sandboxie/common/map.c
View File

@ -96,7 +96,7 @@ void map_init(map_base_t* m, void* pool)
m->func_free = &map_free; m->func_free = &map_free;
m->func_hash_key = &map_hash; m->func_hash_key = &map_hash;
m->func_key_size = NULL; // use key by value not by reference m->func_key_size = NULL; // use key by value not by reference
m->func_match_key = NULL; // use memcmp by defualt m->func_match_key = NULL; // use memcmp by default
} }

2
Sandboxie/common/my_ntdll.c
View File

@ -30,7 +30,7 @@ typedef long NTSTATUS;
// As more recent versions of ntdll.lib are not offering many CRT functions we have to create own libs. // As more recent versions of ntdll.lib are not offering many CRT functions we have to create own libs.
// See NtCRT_x64.def and NtCRT_x86.def respectively for the functions, we use a custom build step // See NtCRT_x64.def and NtCRT_x86.def respectively for the functions, we use a custom build step
// "lib /def:%(FullPath) /out:$(SolutionDir)Bin\$(PlatformName)\$(Configuration)\NtCRT.lib /machine:x64" // "lib /def:%(FullPath) /out:$(SolutionDir)Bin\$(PlatformName)\$(Configuration)\NtCRT.lib /machine:x64"
// on the apropriate def file, for x86 we use the switch /machine:x86 instead. // on the appropriate def file, for x86 we use the switch /machine:x86 instead.
// //
// For the x86 build we also need _except_handler3 which we have recreated in except_handler3.asm // For the x86 build we also need _except_handler3 which we have recreated in except_handler3.asm
// //

6
Sandboxie/common/my_shlwapi.h
View File

@ -30,12 +30,12 @@ enum {
ASSOCF_OPEN_BYEXENAME = 0x00000002, // executable is being passed in ASSOCF_OPEN_BYEXENAME = 0x00000002, // executable is being passed in
ASSOCF_INIT_DEFAULTTOSTAR = 0x00000004, // treat "*" as the BaseClass ASSOCF_INIT_DEFAULTTOSTAR = 0x00000004, // treat "*" as the BaseClass
ASSOCF_INIT_DEFAULTTOFOLDER = 0x00000008, // treat "Folder" as the BaseClass ASSOCF_INIT_DEFAULTTOFOLDER = 0x00000008, // treat "Folder" as the BaseClass
ASSOCF_NOUSERSETTINGS = 0x00000010, // dont use HKCU ASSOCF_NOUSERSETTINGS = 0x00000010, // don't use HKCU
ASSOCF_NOTRUNCATE = 0x00000020, // dont truncate the return string ASSOCF_NOTRUNCATE = 0x00000020, // don't truncate the return string
ASSOCF_VERIFY = 0x00000040, // verify data is accurate (DISK HITS) ASSOCF_VERIFY = 0x00000040, // verify data is accurate (DISK HITS)
ASSOCF_REMAPRUNDLL = 0x00000080, // actually gets info about rundlls target if applicable ASSOCF_REMAPRUNDLL = 0x00000080, // actually gets info about rundlls target if applicable
ASSOCF_NOFIXUPS = 0x00000100, // attempt to fix errors if found ASSOCF_NOFIXUPS = 0x00000100, // attempt to fix errors if found
ASSOCF_IGNOREBASECLASS = 0x00000200, // dont recurse into the baseclass ASSOCF_IGNOREBASECLASS = 0x00000200, // don't recurse into the baseclass
}; };
typedef DWORD ASSOCF; typedef DWORD ASSOCF;

16
Sandboxie/common/netfw.c
View File

@ -136,7 +136,7 @@ BOOLEAN NetFw_MergePortMaps(rbtree_t* dst, rbtree_t* src, POOL* pool)
{ {
// //
// search for overlaps, and if found abort // search for overlaps, and if found abort
// we merge only non overlaping ranges as single entries vs ranges have a different priority // we merge only non overlapping ranges as single entries vs ranges have a different priority
// //
for (NETFW_PORTS* src_node = (NETFW_PORTS*)rbtree_first(src); ((rbnode_t*)src_node) != RBTREE_NULL; src_node = (NETFW_PORTS*)rbtree_next((rbnode_t*)src_node)) { for (NETFW_PORTS* src_node = (NETFW_PORTS*)rbtree_first(src); ((rbnode_t*)src_node) != RBTREE_NULL; src_node = (NETFW_PORTS*)rbtree_next((rbnode_t*)src_node)) {
@ -224,7 +224,7 @@ BOOLEAN NetFw_MergeIPMaps(rbtree_t* dst, rbtree_t* src, POOL* pool)
{ {
// //
// search for overlaps, and if found abort // search for overlaps, and if found abort
// we merge only non overlaping ranges as single entries vs ranges have a different priority // we merge only non overlapping ranges as single entries vs ranges have a different priority
// //
for (NETFW_IPS* src_node = (NETFW_IPS*)rbtree_first(src); ((rbnode_t*)src_node) != RBTREE_NULL; src_node = (NETFW_IPS*)rbtree_next((rbnode_t*)src_node)) { for (NETFW_IPS* src_node = (NETFW_IPS*)rbtree_first(src); ((rbnode_t*)src_node) != RBTREE_NULL; src_node = (NETFW_IPS*)rbtree_next((rbnode_t*)src_node)) {
@ -302,7 +302,7 @@ void NetFw_AddRule(LIST* list, NETFW_RULE* new_rule)
goto next; // must be same protocol goto next; // must be same protocol
// //
// seams we might be able to marge these rules // it seems we might be able to merge these rules
// now we check the convoluted case when rules havs ip's and port's set // now we check the convoluted case when rules havs ip's and port's set
// //
@ -653,7 +653,7 @@ static int delimchar(int c)
int _inet_pton(int af, const wchar_t *src, void *dst) // ip is always in network order !!! int _inet_pton(int af, const wchar_t *src, void *dst) // ip is always in network order !!!
{ {
int i, elipsis = 0; int i, ellipsis = 0;
unsigned char *to; unsigned char *to;
unsigned long x; unsigned long x;
const wchar_t *p, *op; const wchar_t *p, *op;
@ -691,9 +691,9 @@ int _inet_pton(int af, const wchar_t *src, void *dst) // ip is always in network
to[i+1] = (unsigned char)x; to[i+1] = (unsigned char)x;
if(*p == L':'){ if(*p == L':'){
if(*++p == L':'){ /* :: is elided zero short(s) */ if(*++p == L':'){ /* :: is elided zero short(s) */
if (elipsis) if (ellipsis)
return 0; /* second :: */ return 0; /* second :: */
elipsis = i+2; ellipsis = i+2;
p++; p++;
} }
} else if (p == op) /* strtoul made no progress? */ } else if (p == op) /* strtoul made no progress? */
@ -702,8 +702,8 @@ int _inet_pton(int af, const wchar_t *src, void *dst) // ip is always in network
if (p == src || !delimchar(*p)) if (p == src || !delimchar(*p))
return 0; /* parse error */ return 0; /* parse error */
if(i < 16){ if(i < 16){
memmove(&to[elipsis+16-i], &to[elipsis], i-elipsis); memmove(&to[ellipsis+16-i], &to[ellipsis], i-ellipsis);
memset(&to[elipsis], 0, 16-i); memset(&to[ellipsis], 0, 16-i);
} }
return 1; return 1;
} }

2
Sandboxie/common/pool.c
View File

@ -933,7 +933,7 @@ ALIGNED void Pool_Free_Cells(void *ptr, ULONG size)
POOL_LOCK(pages_lock); POOL_LOCK(pages_lock);
// if after de-allocation, a full page crosses threshold in reverse, // if after de-allocation, a full page crosses threshold in reverse,
// we move it to the list of usuable pages // we move it to the list of usable pages
if (page->num_free < FULL_PAGE_THRESHOLD && if (page->num_free < FULL_PAGE_THRESHOLD &&
page->num_free + size >= FULL_PAGE_THRESHOLD) { page->num_free + size >= FULL_PAGE_THRESHOLD) {

2
Sandboxie/common/rbtree.c
View File

@ -68,7 +68,7 @@ static void rbtree_insert_fixup(rbtree_t *rbtree, rbnode_t *node);
static void rbtree_delete_fixup(rbtree_t* rbtree, rbnode_t* child, rbnode_t* child_parent); static void rbtree_delete_fixup(rbtree_t* rbtree, rbnode_t* child, rbnode_t* child_parent);
/* /*
* Intializes a new red black tree. * Initializes a new red black tree.
* *
*/ */
void void

6
Sandboxie/common/stream.c
View File

@ -391,9 +391,9 @@ ULONG Read_BOM(UCHAR** data, ULONG* len)
else else
{ {
// If there is no BOM/Signature try to detect the file type // If there is no BOM/Signature try to detect the file type
// Unicode Litle Endian (windows wchar_t) will have the n*2+1 bytes 0 as long, as no higher unicode chrakters are used // Unicode Little Endian (windows wchar_t) will have the n*2+1 bytes 0 as long, as no higher unicode characters are used
BOOLEAN LooksUnicodeLE = TRUE; BOOLEAN LooksUnicodeLE = TRUE;
// similrly Unicode Big Endian (byte swaped) will have the n*2 bytes 0 as long // similrly Unicode Big Endian (byte swapped) will have the n*2 bytes 0 as long
BOOLEAN LooksUnicodeBE = TRUE; BOOLEAN LooksUnicodeBE = TRUE;
// UTF-8 shouldn't have null bytes // UTF-8 shouldn't have null bytes
for (ULONG pos = 0; (pos + 1) < min(*len, 16); pos += 2) // check first 8 char16's for (ULONG pos = 0; (pos + 1) < min(*len, 16); pos += 2) // check first 8 char16's
@ -457,7 +457,7 @@ NTSTATUS Stream_Read_Wchar(
IN STREAM* stream, IN STREAM* stream,
OUT USHORT* v) OUT USHORT* v)
{ {
if (stream->encoding == 0) // Unicode Litle Endian if (stream->encoding == 0) // Unicode Little Endian
{ {
UCHAR* b = (UCHAR*)v; UCHAR* b = (UCHAR*)v;
STREAM_GET_BYTE(b[0]); STREAM_GET_BYTE(b[0]);

8
Sandboxie/core/dll/com.c
View File

@ -561,7 +561,7 @@ _FX BOOLEAN Com_IsClosedClsid(REFCLSID rclsid)
// //
// initialize list of user-configured CLSID blocks // initialize list of user-configured CLSID blocks
// Note: the service threads everythign not explicitly open as closed anyways // Note: the service threads everything not explicitly open as closed anyways
// //
static const WCHAR* setting = L"ClosedClsid"; static const WCHAR* setting = L"ClosedClsid";
@ -1441,7 +1441,7 @@ _FX BOOLEAN Com_Init_Ole32(HMODULE module)
// //
// on Windows 8, core COM functions are in combase.dll which is // on Windows 8, core COM functions are in combase.dll which is
// initialized separately. on earlier versions of Windows, the // initialized separately. on earlier versions of Windows, the
// core COM fuctions are part of ole32.dll // core COM functions are part of ole32.dll
// //
if (! Com_Init_ComBase(module)) if (! Com_Init_ComBase(module))
@ -3506,7 +3506,7 @@ _FX void Com_LoadRTList(const WCHAR* setting, WCHAR** pNames)
_FX BOOLEAN Com_IsClosedRT(const wchar_t* strClassId) _FX BOOLEAN Com_IsClosedRT(const wchar_t* strClassId)
{ {
// //
// Even in compartment mode thes things don't work only incombination with open COM its functional // Even in compartment mode, these things are functional only in combination with open COM
// //
if (!(Ipc_OpenCOM && Dll_CompartmentMode) && !SbieApi_QueryConfBool(NULL, L"DisableRTBlacklist", FALSE)) { if (!(Ipc_OpenCOM && Dll_CompartmentMode) && !SbieApi_QueryConfBool(NULL, L"DisableRTBlacklist", FALSE)) {
@ -3524,7 +3524,7 @@ _FX BOOLEAN Com_IsClosedRT(const wchar_t* strClassId)
} }
// //
// ToastNotificationManager requirers open com and original token, with boxed com this causes in a dead lock // ToastNotificationManager requires open com and original token, with boxed com this causes a deadlock
// //
if (wcscmp(strClassId, L"Windows.UI.Notifications.ToastNotificationManager") == 0) if (wcscmp(strClassId, L"Windows.UI.Notifications.ToastNotificationManager") == 0)

4
Sandboxie/core/dll/custom.c
View File

@ -27,7 +27,7 @@
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
// Fuctions // Functions
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
@ -1136,7 +1136,7 @@ _FX BOOLEAN SbieDll_ExpandAndRunProgram(const WCHAR *Command)
wmemcpy(ptr2, ptr, length); wmemcpy(ptr2, ptr, length);
ptr2 += len; ptr2 += len;
} }
wcscpy(ptr2, ptr1); // copy whats left wcscpy(ptr2, ptr1); // copy what's left
Dll_Free(cmdline); Dll_Free(cmdline);

6
Sandboxie/core/dll/dllhook.c
View File

@ -54,7 +54,7 @@ typedef struct _VECTOR_TABLE {
BOOL bVTableEable = TRUE; BOOL bVTableEable = TRUE;
#define NUM_VTABLES 0x10 #define NUM_VTABLES 0x10
#define VTABLE_SIZE 0x4000 //16k enough for 2048 8 byte entrys #define VTABLE_SIZE 0x4000 //16k enough for 2048 8 byte entries
VECTOR_TABLE SbieDllVectorTable[NUM_VTABLES] = { VECTOR_TABLE SbieDllVectorTable[NUM_VTABLES] = {
{0,0,0},{0,0,0},{0,0,0},{0,0,0}, {0,0,0},{0,0,0},{0,0,0},{0,0,0},
@ -203,7 +203,7 @@ skip_e9_rewrite: ;
// //
// DX: this simplification fails for delay loaded libraries, see comments about SetSecurityInfo, // DX: this simplification fails for delay loaded libraries, see comments about SetSecurityInfo,
// resulting in an endless loop, so just dont do that // resulting in an endless loop, so just don't do that
// //
#if 0 #if 0
@ -331,7 +331,7 @@ skip_e9_rewrite: ;
// //
// on windows 7 hooking NdrClientCall2 in 32bit (WoW64) mode fails // on windows 7 hooking NdrClientCall2 in 32bit (WoW64) mode fails
// because the memory area starts at -6 and not -8 // because the memory area starts at -6 and not -8
// this area could be a hot patch reagion which we dont use // this area could be a hot patch reagion which we don't use
// hence if that fails just start at the exact offset and try again // hence if that fails just start at the exact offset and try again
// //

2
Sandboxie/core/dll/dllmain.c
View File

@ -807,7 +807,7 @@ _FX ULONG_PTR Dll_Ordinal1(
Dll_InitInjected(); // install required hooks Dll_InitInjected(); // install required hooks
// //
// notify RPCSS that a new proces was created in the current sandbox // notify RPCSS that a new process was created in the current sandbox
// //
if (Dll_ImageType != DLL_IMAGE_SANDBOXIE_RPCSS) { if (Dll_ImageType != DLL_IMAGE_SANDBOXIE_RPCSS) {

4
Sandboxie/core/dll/dllmem.c
View File

@ -351,7 +351,7 @@ ALIGNED WCHAR *Dll_GetTlsNameBuffer(
// //
// debug checks: the name buffer is allocated at least 64 bytes // debug checks: the name buffer is allocated at least 64 bytes
// more than needed. fill these with 0xCC, andd check that later // more than needed. fill these with 0xCC, and check that later
// //
#ifdef DEBUG_MEMORY #ifdef DEBUG_MEMORY
@ -408,7 +408,7 @@ _FX void Dll_PopTlsNameBuffer(THREAD_DATA *data)
// //
// debug checks: the name buffer is allocated at least 64 bytes // debug checks: the name buffer is allocated at least 64 bytes
// more than needed. fill these with 0xCC, andd check that later // more than needed. fill these with 0xCC, and check that later
// //
#ifdef DEBUG_MEMORY #ifdef DEBUG_MEMORY

4
Sandboxie/core/dll/dllpath.c
View File

@ -324,7 +324,7 @@ _FX int Process_MatchPathList(
level = cur_level; level = cur_level;
if (patsrc) *patsrc = Pattern_Source(pat); if (patsrc) *patsrc = Pattern_Source(pat);
// we need to test all entries to find the best match, so we dont break here // we need to test all entries to find the best match, so we don't break here
} }
// //
@ -599,7 +599,7 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
//if (patsrc) *patsrc = curpat; //if (patsrc) *patsrc = curpat;
mp_flags = 0; mp_flags = 0;
// dont goto finish as open can overwrite this // don't goto finish as open can overwrite this
} }
} }

6
Sandboxie/core/dll/dump.c
View File

@ -56,7 +56,7 @@ static HMODULE Dump_DbgHelpMod;
MiniDumpWithProcessThreadData | \ MiniDumpWithProcessThreadData | \
MiniDumpWithoutOptionalData | \ MiniDumpWithoutOptionalData | \
MiniDumpIgnoreInaccessibleMemory | \ MiniDumpIgnoreInaccessibleMemory | \
MiniDumpFilterTriage //0x001205a4 thats what WerFault.exe uses MiniDumpFilterTriage //0x001205a4 that's what WerFault.exe uses
#define DUMP_FLAGS_EXTENDED MiniDumpWithFullMemory | \ #define DUMP_FLAGS_EXTENDED MiniDumpWithFullMemory | \
MiniDumpWithHandleData | \ MiniDumpWithHandleData | \
@ -95,7 +95,7 @@ static LONG __stdcall Dump_CrashHandlerExceptionFilter(EXCEPTION_POINTERS* pEx)
#ifdef _M_IX86 #ifdef _M_IX86
if (pEx->ExceptionRecord->ExceptionCode == EXCEPTION_STACK_OVERFLOW) if (pEx->ExceptionRecord->ExceptionCode == EXCEPTION_STACK_OVERFLOW)
{ {
// be sure that we have enought space... // be sure that we have enough space...
static char MyStack[1024 * 128]; static char MyStack[1024 * 128];
// it assumes that DS and SS are the same!!! (this is the case for Win32) // it assumes that DS and SS are the same!!! (this is the case for Win32)
// change the stack only if the selectors are the same (this is the case for Win32) // change the stack only if the selectors are the same (this is the case for Win32)
@ -207,7 +207,7 @@ _FX int Dump_Init(void)
if (Dump_DbgHelpMod != NULL) if (Dump_DbgHelpMod != NULL)
return 2; return 2;
// Initialize the member, so we do not load the dll after the exception has occured // Initialize the member, so we do not load the dll after the exception has occurred
// which might be not possible anymore... // which might be not possible anymore...
Dump_DbgHelpMod = LoadLibrary(L"dbghelp.dll"); Dump_DbgHelpMod = LoadLibrary(L"dbghelp.dll");
if (!Dump_DbgHelpMod ) if (!Dump_DbgHelpMod )

20
Sandboxie/core/dll/file.c
View File

@ -817,7 +817,7 @@ check_sandbox_prefix:
// //
// If its a sandboxed file, check if its in the current image or in a snapshot // If its a sandboxed file, check if its in the current image or in a snapshot
// If its in a snapshot remove teh snapshot prefix // If its in a snapshot remove the snapshot prefix
// //
if (is_boxed_path) { if (is_boxed_path) {
@ -899,7 +899,7 @@ check_sandbox_prefix:
// that's ok because it hasn't been initialized yet // that's ok because it hasn't been initialized yet
// //
else if (//SbieApi_QueryConfBool(NULL, L"SeparateUserFolders", TRUE) && // if we disable File_InitUsers we dont need to do it here and below else if (//SbieApi_QueryConfBool(NULL, L"SeparateUserFolders", TRUE) && // if we disable File_InitUsers we don't need to do it here and below
length >= _UserLen && length >= _UserLen &&
_wcsnicmp(*OutTruePath, _User, _UserLen) == 0) { _wcsnicmp(*OutTruePath, _User, _UserLen) == 0) {
@ -1606,7 +1606,7 @@ _FX NTSTATUS File_GetName_ExpandShortNames2(
if (Cur_Snapshot && Cur_Snapshot->ScramKey && wcslen(&Path[backslash_index + 1]) <= 12) if (Cur_Snapshot && Cur_Snapshot->ScramKey && wcslen(&Path[backslash_index + 1]) <= 12)
{ {
// //
// If we are checking in a snapshot we ned to unscramble the short name // If we are checking in a snapshot we need to unscramble the short name
// //
wcscpy(ShortName, &Path[backslash_index + 1]); wcscpy(ShortName, &Path[backslash_index + 1]);
@ -2225,7 +2225,7 @@ _FX ULONG File_MatchPath2(const WCHAR *path, ULONG *FileFlags, BOOLEAN bCheckObj
goto finish; goto finish;
// //
// if path references a mount point, wee see it as the mount location // if path references a mount point, we see it as the mount location
// \Device\HarddiskVolume1\MOUNT but the driver sees it as the target // \Device\HarddiskVolume1\MOUNT but the driver sees it as the target
// location \Device\HarddiskVolume2, so check for this case // location \Device\HarddiskVolume2, so check for this case
// //
@ -2587,7 +2587,7 @@ _FX NTSTATUS File_NtCreateFileImpl(
if (status == STATUS_OBJECT_PATH_SYNTAX_BAD) { if (status == STATUS_OBJECT_PATH_SYNTAX_BAD) {
// //
// teh driver usually blocks this anyways so try only in app mode // the driver usually blocks this anyways so try only in app mode
// //
if (Dll_CompartmentMode){ if (Dll_CompartmentMode){
@ -2985,7 +2985,7 @@ ReparseLoop:
if (use_rule_specificity && SbieDll_HasReadableSubPath(L'f', TruePath)){ if (use_rule_specificity && SbieDll_HasReadableSubPath(L'f', TruePath)){
// //
// When using Rule specificity we need to create some dummy directrories // When using Rule specificity we need to create some dummy directories
// //
File_CreateBoxedPath(TruePath); File_CreateBoxedPath(TruePath);
@ -4950,7 +4950,7 @@ _FX NTSTATUS File_NtQueryFullAttributesFileImpl(
if (use_rule_specificity && SbieDll_HasReadableSubPath(L'f', TruePath)){ if (use_rule_specificity && SbieDll_HasReadableSubPath(L'f', TruePath)){
// //
// When using Rule specificity we need to create some dummy directrories // When using Rule specificity we need to create some dummy directories
// //
File_CreateBoxedPath(TruePath); File_CreateBoxedPath(TruePath);
@ -5090,7 +5090,7 @@ _FX NTSTATUS File_NtQueryInformationFile(
// that the file can be opened by it without unscrambling // that the file can be opened by it without unscrambling
// (see also File_GetName_FromFileId) // (see also File_GetName_FromFileId)
// //
// the reason for this is the possibily of files on both C: // the reason for this is the possibly of files on both C:
// and D: drives having the same FileId. the program may // and D: drives having the same FileId. the program may
// wish to open use a handle on drive C: to open using the // wish to open use a handle on drive C: to open using the
// FileId by might end up using a sandbox handle like // FileId by might end up using a sandbox handle like
@ -6137,7 +6137,7 @@ _FX NTSTATUS File_SetDisposition(
// //
// check if the call to File_NtDeleteFileImpl from the delete handler is expected to fail // check if the call to File_NtDeleteFileImpl from the delete handler is expected to fail
// and return the apropriate error // and return the appropriate error
// //
FILE_NETWORK_OPEN_INFORMATION info; FILE_NETWORK_OPEN_INFORMATION info;
@ -6536,7 +6536,7 @@ _FX NTSTATUS File_RenameFile(
if (! info2->ReplaceIfExists) { if (! info2->ReplaceIfExists) {
// //
// if caller did not explictly ask to replace, but the // if caller did not explicitly ask to replace, but the
// destination path name is marked deleted, then we also // destination path name is marked deleted, then we also
// physically delete the destination // physically delete the destination
// //

4
Sandboxie/core/dll/file_copy.c
View File

@ -100,7 +100,7 @@ _FX ULONG File_MigrateFile_GetMode(const WCHAR* TruePath, ULONGLONG file_size)
path_len = wcslen(path_lwr); path_len = wcslen(path_lwr);
// //
// Check what preset applyes to this file type/path // Check what preset applies to this file type/path
// //
for (ULONG i = 0; i < NUM_COPY_MODES; i++) for (ULONG i = 0; i < NUM_COPY_MODES; i++)
@ -158,7 +158,7 @@ found_match:
} }
// //
// issue apropriate message if so configured, and user wasn't asked // issue appropriate message if so configured, and user wasn't asked
// //
else if (!File_CopyLimitSilent) else if (!File_CopyLimitSilent)

2
Sandboxie/core/dll/file_init.c
View File

@ -521,7 +521,7 @@ _FX BOOLEAN File_InitDrives(ULONG DriveMask)
// //
// if the object is a valid symbolic link but we don't have // if the object is a valid symbolic link but we don't have
// acccess rights to open the symbolic link then we ask the // access rights to open the symbolic link then we ask the
// driver to query the link for us // driver to query the link for us
// //

4
Sandboxie/core/dll/gui.c
View File

@ -366,8 +366,8 @@ _FX BOOLEAN Gui_Init(HMODULE module)
// NoSbieDesk BEGIN // NoSbieDesk BEGIN
// //
// Sandboxie is routing many gui related things through teh service, // Sandboxie is routing many gui related things through the service,
// when we operate in app mode we dont need to do that hence // when we operate in app mode we don't need to do that hence
// disable the use of the gui proxy // disable the use of the gui proxy
// //

2
Sandboxie/core/dll/guicon.c
View File

@ -85,7 +85,7 @@ _FX BOOLEAN Gui_InitConsole1(void)
// //
// We need to set Gui_ConsoleHwnd in order for Gui_InitConsole2 to start up properly, // We need to set Gui_ConsoleHwnd in order for Gui_InitConsole2 to start up properly,
// this functions starts a thread which listens for WM_DEVICECHANGE which we need // this functions starts a thread which listens for WM_DEVICECHANGE which we need
// we could go for a different signaling method in future but for now we stick to this methos // we could go for a different signaling method in future but for now we stick to this method
// //
Gui_ConsoleHwnd = GetConsoleWindow(); Gui_ConsoleHwnd = GetConsoleWindow();

4
Sandboxie/core/dll/guidde.c
View File

@ -78,11 +78,11 @@
// //
// that proxy window in SbieSvc will actually send the WM_DDE_ACK // that proxy window in SbieSvc will actually send the WM_DDE_ACK
// to the client, and will present itself as the server for the // to the client, and will present itself as the server for the
// DDE conversation, so it can recieve any posted WM_DDE_EXECUTE // DDE conversation, so it can receive any posted WM_DDE_EXECUTE
// messages without IL limitations (per the introduction above). // messages without IL limitations (per the introduction above).
// //
// 4. the proxy window in SbieSvc GUI Proxy receives the WM_DDE_EXECUTE // 4. the proxy window in SbieSvc GUI Proxy receives the WM_DDE_EXECUTE
// message, extracts the command text gived in the message LPARAM, // message, extracts the command text given in the message LPARAM,
// and sends a WM_COPYDATA to the server window in the sandbox. // and sends a WM_COPYDATA to the server window in the sandbox.
// the Gui_DDE_COPYDATA_Received function gets this message through // the Gui_DDE_COPYDATA_Received function gets this message through
// the Gui_CanForwardMsg function. // the Gui_CanForwardMsg function.

2
Sandboxie/core/dll/guidlg.h
View File

@ -255,7 +255,7 @@ void *GUI_CreateDialogTemplate(
} }
for (i = 0; i < tmpl->cDlgItems; ++i) { for (i = 0; i < tmpl->cDlgItems; ++i) {
// every dialog item begins on a DWORD boundry // every dialog item begins on a DWORD boundary
memzero(out, sizeof(ULONG)); memzero(out, sizeof(ULONG));
out = (UCHAR *)((((SIZE_T)out) + 3) & (~3)); out = (UCHAR *)((((SIZE_T)out) + 3) & (~3));
ptr = (UCHAR *)((((SIZE_T)ptr) + 3) & (~3)); ptr = (UCHAR *)((((SIZE_T)ptr) + 3) & (~3));

2
Sandboxie/core/dll/guihook.c
View File

@ -289,7 +289,7 @@ ULONG CALLBACK Gui_HookHelperProc(LPVOID lpParam)
// by the service worker for each session, see GuiServer::WndHookNotifySlave // by the service worker for each session, see GuiServer::WndHookNotifySlave
// //
// whenever a window is created the service gets notified and instructs // whenever a window is created the service gets notified and instructs
// the hooking pocess to hook the window's thread this is done using QueueUserAPC // the hooking process to hook the window's thread this is done using QueueUserAPC
// targeting this helper thread, whenever a APC is scheduled the thread // targeting this helper thread, whenever a APC is scheduled the thread
// will resume and execute it, it being Gui_NotifyWinHooksAPC // will resume and execute it, it being Gui_NotifyWinHooksAPC
// //

2
Sandboxie/core/dll/guimisc.c
View File

@ -348,7 +348,7 @@ _FX BOOL Gui_ClipCursor(const RECT *lpRect)
_FX void Gui_ResetClipCursor(void) _FX void Gui_ResetClipCursor(void)
{ {
// //
// progams that set a clip cursor (e.g. full screen games) tend to // programs that set a clip cursor (e.g. full screen games) tend to
// remove the clip on alt-tab switch, but do not remove the clip when // remove the clip on alt-tab switch, but do not remove the clip when
// terminating. and the clip remains in effect probably because the // terminating. and the clip remains in effect probably because the
// sandboxed process does not have WINSTA_WRITEATTRIBUTES access. // sandboxed process does not have WINSTA_WRITEATTRIBUTES access.

2
Sandboxie/core/dll/guimsg.c
View File

@ -343,7 +343,7 @@ _FX LRESULT Gui_SendMessageTimeoutW(
// the window of the owner of the clipboard data, in order // the window of the owner of the clipboard data, in order
// to test if the window is not hung, and display or hide // to test if the window is not hung, and display or hide
// the Paste menu command accordingly. make sure the // the Paste menu command accordingly. make sure the
// command is displayed even for windows ouside the sandbox // command is displayed even for windows outside the sandbox
// //
if (hWnd == __sys_GetClipboardOwner()) { if (hWnd == __sys_GetClipboardOwner()) {

2
Sandboxie/core/dll/hook_inst.c
View File

@ -581,7 +581,7 @@ ALIGNED UCHAR *Hook_Analyze_Prefix(UCHAR *addr, BOOLEAN is64, ULONG *flags)
// an instruction actually encodes full 64-bits of information: // an instruction actually encodes full 64-bits of information:
// //
// - moving to/from accum register: opcodes A0..A3 // - moving to/from accum register: opcodes A0..A3
// - this is the default, unless overriden // - this is the default, unless overridden
// by prefix 67 // by prefix 67
// //
// - moving immediate value to any register: opcodes B8..BF // - moving immediate value to any register: opcodes B8..BF

2
Sandboxie/core/dll/iphlp.c
View File

@ -190,7 +190,7 @@ _FX BOOLEAN IpHlp_Init(HMODULE module)
void *NotifyRouteChange2; void *NotifyRouteChange2;
void *CancelMibChangeNotify2; void *CancelMibChangeNotify2;
if (Dll_CompartmentMode || Dll_OsBuild < 6000) { // in compartment mode we have a full token so no need to hook anythign here if (Dll_CompartmentMode || Dll_OsBuild < 6000) { // in compartment mode we have a full token so no need to hook anything here
// //
// earlier than Windows Vista, don't hook // earlier than Windows Vista, don't hook

10
Sandboxie/core/dll/key_merge.c
View File

@ -590,7 +590,7 @@ _FX NTSTATUS Key_MergeCache(
// //
// this function returns (possibly first creating) a cached KEY_MERGE // this function returns (possibly first creating) a cached KEY_MERGE
// which represents only the true key for a particular key path. // which represents only the true key for a particular key path.
// this makes a noticable performance difference, because most true // this makes a noticeable performance difference, because most true
// keys don't change during the lifetime of a sandboxed process, // keys don't change during the lifetime of a sandboxed process,
// but they still need to be repeatedly merged with copy keys // but they still need to be repeatedly merged with copy keys
// //
@ -1023,9 +1023,9 @@ TrueHandleFinish:
; ;
// //
// next, get the subkeys from CopyHandle. subkeys that are // next, get the subkeys from CopyHandle. Subkeys that are
// marked deleted are removed from the merge. other subkeys // marked as deleted are removed from the merge. Other subkeys
// are insterted in sorted alphabetical order // are inserted in sorted alphabetical order
// //
index = 0; index = 0;
@ -1184,7 +1184,7 @@ TrueHandleFinish:
// //
// next, get the values from CopyHandle. values that are // next, get the values from CopyHandle. values that are
// marked deleted are removed from the merge. other values // marked deleted are removed from the merge. other values
// are insterted in sorted alphabetical order // are inserted in sorted alphabetical order
// //
index = 0; index = 0;

2
Sandboxie/core/dll/ldr.c
View File

@ -223,7 +223,7 @@ static DLL Ldr_Dlls[] = {
{ L"ComDlg32.dll", "ComDlg32.dll", ComDlg32_Init, 0}, // fix for opera.exe { L"ComDlg32.dll", "ComDlg32.dll", ComDlg32_Init, 0}, // fix for opera.exe
{ L"ntmarta.dll", "ntmarta.dll", Ntmarta_Init, 0}, // workaround for chrome and acrobat reader { L"ntmarta.dll", "ntmarta.dll", Ntmarta_Init, 0}, // workaround for chrome and acrobat reader
// Non Windows DLLs: // Non Windows DLLs:
{ L"osppc.dll", "osppc.dll", Scm_OsppcDll, 0}, // ensure osppsvc is tunning { L"osppc.dll", "osppc.dll", Scm_OsppcDll, 0}, // ensure osppsvc is running
{ L"mso.dll", "mso.dll", File_MsoDll, 0}, // hack for File_IsRecoverable { L"mso.dll", "mso.dll", File_MsoDll, 0}, // hack for File_IsRecoverable
{ L"agcore.dll", "agcore.dll", Custom_SilverlightAgCore, 0}, // msft silverlight - deprecated { L"agcore.dll", "agcore.dll", Custom_SilverlightAgCore, 0}, // msft silverlight - deprecated
// Non Microsoft DLLs: // Non Microsoft DLLs:

2
Sandboxie/core/dll/ldr_init.c
View File

@ -495,7 +495,7 @@ _FX WCHAR *Ldr_FixImagePath_2(void)
// //
// Windows is caching loaded modules, when after being run a binary is moved // Windows is caching loaded modules, when after being run a binary is moved
// and run again, NtQueryVirtualMemory wil return the original location // and run again, NtQueryVirtualMemory will return the original location
// and not the valid up to date current location. // and not the valid up to date current location.
// Hence we use NtQueryInformationProcess instead it also returns the reparsed path // Hence we use NtQueryInformationProcess instead it also returns the reparsed path
// //

4
Sandboxie/core/dll/lowlevel_inject.c
View File

@ -495,7 +495,7 @@ _FX ULONG SbieDll_InjectLow(HANDLE hProcess, ULONG init_flags, BOOLEAN dup_drv_h
} }
// //
// prepare the lowdata paramters area to copy into target process // prepare the lowdata parameters area to copy into target process
// //
SBIELOW_DATA lowdata; SBIELOW_DATA lowdata;
@ -771,7 +771,7 @@ _FX BOOLEAN SbieDll_InjectLow_BuildTramp(
// //
// skip past several bytes in the code copied from the top of the // skip past several bytes in the code copied from the top of the
// LdrInitializeThunk fuction, where we will inject a jmp sequence. // LdrInitializeThunk function, where we will inject a jmp sequence.
// //
// a simple E9 relative JMP five byte instruction in most cases, // a simple E9 relative JMP five byte instruction in most cases,
// a slightly longer seven byte version in case there is a long // a slightly longer seven byte version in case there is a long

2
Sandboxie/core/dll/mscoree.c
View File

@ -57,7 +57,7 @@ _FX DWORD MsCorEE__CorExeMain()
} }
// Load inject dlls in .Net process' entry (_CorExeMain). // Load inject dlls in .Net process's entry (_CorExeMain).
_FX BOOLEAN MsCorEE_Init(HMODULE hmodule) _FX BOOLEAN MsCorEE_Init(HMODULE hmodule)
{ {

2
Sandboxie/core/dll/netapi.c
View File

@ -203,7 +203,7 @@ _FX BOOLEAN NetApi_Hook_NetUseAdd(HMODULE module)
} }
// //
// In in app mode we have a full token and this wil be successfull, hence no need for a hook // In in app mode we have a full token and this will be successful, hence no need for a hook
// //
if (Dll_CompartmentMode) // NoServiceAssist if (Dll_CompartmentMode) // NoServiceAssist

8
Sandboxie/core/dll/proc.c
View File

@ -809,7 +809,7 @@ _FX BOOL Proc_CreateProcessInternalW(
}*/ }*/
// //
// invoke the real CreateProcessInternal so it can record acurate // invoke the real CreateProcessInternal so it can record accurate
// //
TlsData->proc_create_process_capture_image = TRUE; TlsData->proc_create_process_capture_image = TRUE;
@ -861,7 +861,7 @@ _FX BOOL Proc_CreateProcessInternalW(
else { // xp, 7, 8 and 10 before RS5 else { // xp, 7, 8 and 10 before RS5
// //
// invoke the real CreateProcessInternal so it can record acurate // invoke the real CreateProcessInternal so it can record accurate
// paths in NtCreateSection/Proc_SectionCallback, and then fail. // paths in NtCreateSection/Proc_SectionCallback, and then fail.
// //
@ -1022,7 +1022,7 @@ _FX BOOL Proc_CreateProcessInternalW(
// //
// The breakout request is validated by the service, hence we need a clean and complete // The breakout request is validated by the service, hence we need a clean and complete
// application path and not a just a command line where the binary may be missing the .exe // application path and not a just a command line where the binary may be missing the .exe
// and or be only relative to the workign directory, or worse the path variable. // and or be only relative to the working directory, or worse the path variable.
// //
wcscpy(mybuf, L"\""); wcscpy(mybuf, L"\"");
@ -1117,7 +1117,7 @@ _FX BOOL Proc_CreateProcessInternalW(
// //
// in compartment mode we dont mess around just create the process // in compartment mode we don't mess around just create the process
// //
// OriginalToken BEGIN // OriginalToken BEGIN

2
Sandboxie/core/dll/pst.cpp
View File

@ -90,7 +90,7 @@ extern "C" _FX BOOLEAN Pst_Init(HMODULE module)
return TRUE; return TRUE;
// //
// in app mode we dont need these hooks as we have a full token // in app mode we don't need these hooks as we have a full token
// //
if (Dll_CompartmentMode) if (Dll_CompartmentMode)

2
Sandboxie/core/dll/rpcrt.c
View File

@ -922,7 +922,7 @@ RPC_STATUS RPC_ENTRY RpcRt_RpcStringBindingComposeW(TCHAR *ObjUuid,TCHAR *ProtSe
Scm_Start_Sppsvc(); Scm_Start_Sppsvc();
} }
// we must block this in Win 10 to prevent r-click context menu hang in Explorer // we must block this in Win 10 to prevent r-click context menu hang in Explorer
// note: this breaks otehr things but we need it, // note: this breaks other things but we need it,
// so instead we block the {470C0EBD-5D73-4D58-9CED-E91E22E23282} Pin To Start Screen verb handler; // so instead we block the {470C0EBD-5D73-4D58-9CED-E91E22E23282} Pin To Start Screen verb handler;
// inside Com_CoCreateInstance // inside Com_CoCreateInstance
//else if (ObjUuid && (!_wcsicmp(ObjUuid, UUID_UserMgrCli))) //else if (ObjUuid && (!_wcsicmp(ObjUuid, UUID_UserMgrCli)))

2
Sandboxie/core/dll/scm_misc.c
View File

@ -132,7 +132,7 @@ _FX BOOLEAN Scm_SecHostDll(HMODULE module)
// //
// support for Windows 7 SecHost: // support for Windows 7 SecHost:
// for every function that our AdvApi32 module hooks, // for every function that our AdvApi32 module hooks,
// we route the correspoding function in SecHost to AdvApi32 // we route the corresponding function in SecHost to AdvApi32
// //
advapi = LoadLibrary(DllName_advapi32); advapi = LoadLibrary(DllName_advapi32);

4
Sandboxie/core/dll/secure.c
View File

@ -988,8 +988,8 @@ _FX NTSTATUS Ldr_NtQueryInformationToken(
TokenInformation, TokenInformationLength, ReturnLength); TokenInformation, TokenInformationLength, ReturnLength);
// //
// To make the process think we need to chage here a few values // To make the process think we need to change here a few values
// we also ensure that tha token belongs to the current process // we also ensure that the token belongs to the current process
// //
if (Secure_FakeAdmin && (SbieApi_QueryProcessInfoEx(0, 'ippt', (LONG_PTR)(hTokenReal ? hTokenReal : TokenHandle)))) if (Secure_FakeAdmin && (SbieApi_QueryProcessInfoEx(0, 'ippt', (LONG_PTR)(hTokenReal ? hTokenReal : TokenHandle))))

4
Sandboxie/core/dll/setup.c
View File

@ -247,9 +247,9 @@ _FX BOOLEAN Setup_Init_CfgMgr32(HMODULE module)
{ {
FIND_EP(CM_Add_Driver_PackageW); FIND_EP(CM_Add_Driver_PackageW);
FIND_EP(CM_Add_Driver_Package_ExW); FIND_EP(CM_Add_Driver_Package_ExW);
// Note: When the Add_Driver_Package is not hooked it will atempt to contact the deviceinstall service, // Note: When the Add_Driver_Package is not hooked it will attempt to contact the deviceinstall service,
// which uses a dynamic rpc port, heence as long as there is no blank OpenIpcPath=* this call will fail // which uses a dynamic rpc port, heence as long as there is no blank OpenIpcPath=* this call will fail
// We hook these two functions only to provide the user a SBIE2205 informing, that drivers cant be installed. // We hook these two functions only to provide the user a SBIE2205 informing, that drivers can't be installed.
if (__sys_CM_Add_Driver_PackageW) { if (__sys_CM_Add_Driver_PackageW) {
DO_CALL_HOOK( DO_CALL_HOOK(
CM_Add_Driver_PackageW,Setup_CM_Add_Driver_PackageW); CM_Add_Driver_PackageW,Setup_CM_Add_Driver_PackageW);

2
Sandboxie/core/dll/sh.c
View File

@ -1426,7 +1426,7 @@ _FX ULONG SH_GetInternetExplorerVersion(void)
// //
// Code running in Explorer (both Windows and Internet) may AddRef() on the // Code running in Explorer (both Windows and Internet) may AddRef() on the
// host process using SHGetInstanceExplorer and then forget to Release(). // host process using SHGetInstanceExplorer and then forget to Release().
// This causes a sandboxed IE or Explorer to go on running indefinately. // This causes a sandboxed IE or Explorer to go on running indefinitely.
// To work around this, we have a thread that monitors the number of open // To work around this, we have a thread that monitors the number of open
// windows, and forces Explorer to close when there are no more windows. // windows, and forces Explorer to close when there are no more windows.
// //

14
Sandboxie/core/dll/util_64.asm
View File

@ -97,7 +97,7 @@ RpcRt_Ndr64AsyncClientCall PROC
;; xor rcx,rcx ; clear pProxyInfo ;; xor rcx,rcx ; clear pProxyInfo
;; xor rdx,rdx ; clear nProcNum ;; xor rdx,rdx ; clear nProcNum
;; xor r8,r8 ; clear pReturnValue ;; xor r8,r8 ; clear pReturnValue
; mov r8,[rsp + 8+(4*8)] ; return poitner ; mov r8,[rsp + 8+(4*8)] ; return pointer
lea r9,[rsp + 8+(4*8) + 4*8] ; setup Args -> SECURE_UAC_ARGS lea r9,[rsp + 8+(4*8) + 4*8] ; setup Args -> SECURE_UAC_ARGS
call RpcRt_Ndr64AsyncClientCall_x64 call RpcRt_Ndr64AsyncClientCall_x64
test al,al test al,al
@ -211,7 +211,7 @@ RpcRt_NdrAsyncClientCall PROC
;; xor rcx,rcx ; clear pStubDescriptor ;; xor rcx,rcx ; clear pStubDescriptor
;; xor rdx,rdx ; clear pFormat ;; xor rdx,rdx ; clear pFormat
; mov r8,[rsp + 8+(4*8)] ; return poitner ; mov r8,[rsp + 8+(4*8)] ; return pointer
lea r8,[rsp + 8+(4*8) + 3*8] ; Args lea r8,[rsp + 8+(4*8) + 3*8] ; Args
call RpcRt_NdrAsyncClientCall_x64 call RpcRt_NdrAsyncClientCall_x64
test al,al test al,al
@ -231,7 +231,7 @@ CancelCallA:
;;; xor rcx,rcx ; clear pProxyInfo ;;; xor rcx,rcx ; clear pProxyInfo
;;; xor rdx,rdx ; clear nProcNum ;;; xor rdx,rdx ; clear nProcNum
;;; xor r8,r8 ; clear pReturnValue ;;; xor r8,r8 ; clear pReturnValue
;; mov r8,[rsp + 8+(4*8)] ; return poitner ;; mov r8,[rsp + 8+(4*8)] ; return pointer
; lea r8,[rsp + 8+(4*8) + 3*8] ; Args ; lea r8,[rsp + 8+(4*8) + 3*8] ; Args
; call RpcRt_NdrAsyncClientCall_... ; call RpcRt_NdrAsyncClientCall_...
@ -260,7 +260,7 @@ RpcRt_NdrClientCall2 PROC
;; xor rcx,rcx ; clear pStubDescriptor ;; xor rcx,rcx ; clear pStubDescriptor
;; xor rdx,rdx ; clear pFormat ;; xor rdx,rdx ; clear pFormat
; mov r8,[rsp + 8+(4*8)] ; return poitner ; mov r8,[rsp + 8+(4*8)] ; return pointer
lea r8,[rsp + 8+(4*8) + 3*8] ; Args lea r8,[rsp + 8+(4*8) + 3*8] ; Args
call RpcRt_NdrClientCall2_x64 call RpcRt_NdrClientCall2_x64
test al,al test al,al
@ -280,7 +280,7 @@ CancelCall2:
;;; xor rcx,rcx ; clear pProxyInfo ;;; xor rcx,rcx ; clear pProxyInfo
;;; xor rdx,rdx ; clear nProcNum ;;; xor rdx,rdx ; clear nProcNum
;;; xor r8,r8 ; clear pReturnValue ;;; xor r8,r8 ; clear pReturnValue
;; mov r8,[rsp + 8+(4*8)] ; return poitner ;; mov r8,[rsp + 8+(4*8)] ; return pointer
; lea r8,[rsp + 8+(4*8) + 3*8] ; Args ; lea r8,[rsp + 8+(4*8) + 3*8] ; Args
; call RpcRt_NdrClientCall2_... ; call RpcRt_NdrClientCall2_...
@ -311,7 +311,7 @@ RpcRt_NdrClientCall3 PROC
;; xor rcx,rcx ; clear pProxyInfo ;; xor rcx,rcx ; clear pProxyInfo
;; xor rdx,rdx ; clear nProcNum ;; xor rdx,rdx ; clear nProcNum
;; xor r8,r8 ; clear pReturnValue ;; xor r8,r8 ; clear pReturnValue
; mov r8,[rsp + 8+(4*8)] ; return poitner ; mov r8,[rsp + 8+(4*8)] ; return pointer
lea r9,[rsp + 8+(4*8) + 4*8] ; Args lea r9,[rsp + 8+(4*8) + 4*8] ; Args
call RpcRt_NdrClientCall3_x64 call RpcRt_NdrClientCall3_x64
test al,al test al,al
@ -331,7 +331,7 @@ CancelCall3:
;;; xor rcx,rcx ; clear pProxyInfo ;;; xor rcx,rcx ; clear pProxyInfo
;;; xor rdx,rdx ; clear nProcNum ;;; xor rdx,rdx ; clear nProcNum
;;; xor r8,r8 ; clear pReturnValue ;;; xor r8,r8 ; clear pReturnValue
;; mov r8,[rsp + 8+(4*8)] ; return poitner ;; mov r8,[rsp + 8+(4*8)] ; return pointer
; lea r9,[rsp + 8+(4*8) + 4*8] ; Args ; lea r9,[rsp + 8+(4*8) + 4*8] ; Args
; call RpcRt_NdrClientCall3_... ; call RpcRt_NdrClientCall3_...

2
Sandboxie/core/drv/api.c
View File

@ -694,7 +694,7 @@ _FX void Api_AddMessage(
} }
} }
// else // this can only happen when the entire buffer is to small to hold this entire entry // else // this can only happen when the entire buffer is to small to hold this entire entry
// if loging fails we can't log this error :/ // if logging fails we can't log this error :/
Api_LeaveCriticalSection(irql); Api_LeaveCriticalSection(irql);
} }

4
Sandboxie/core/drv/conf.c
View File

@ -54,7 +54,7 @@
// Note: we want to preserver the order of the settings when enumerating // Note: we want to preserver the order of the settings when enumerating
// hence we can not replace the list with a hash map entierly // hence we can not replace the list with a hash map entierly
// instead we use booth, here the hash map ise used only for lookups // instead we use booth, here the hash map ise used only for lookups
// the keys in the map are only pointers to the name fileds in the list entries // the keys in the map are only pointers to the name fields in the list entries
// //
typedef struct _CONF_DATA { typedef struct _CONF_DATA {
@ -65,7 +65,7 @@ typedef struct _CONF_DATA {
HASH_MAP sections_map; HASH_MAP sections_map;
#endif #endif
BOOLEAN home; // TRUE if configuration read from Driver_Home_Path BOOLEAN home; // TRUE if configuration read from Driver_Home_Path
ULONG encoding; // 0 - unicode, 1 - utf8, 2 - unicode (byte swaped) ULONG encoding; // 0 - unicode, 1 - utf8, 2 - unicode (byte swapped)
volatile ULONG use_count; volatile ULONG use_count;
} CONF_DATA; } CONF_DATA;

2
Sandboxie/core/drv/driver.c
View File

@ -643,7 +643,7 @@ _FX BOOLEAN Driver_FindMissingServices(void)
#endif #endif
// //
// Retrive some unexported kernel functions that may be usefull // Retrieve some unexported kernel functions that may be useful
// //
ZwCreateToken = (P_NtCreateToken) Driver_FindMissingService("ZwCreateToken", 13); ZwCreateToken = (P_NtCreateToken) Driver_FindMissingService("ZwCreateToken", 13);

8
Sandboxie/core/drv/file.c
View File

@ -658,7 +658,7 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
NULL NULL
}; };
static const WCHAR* openPipesCM[] = { static const WCHAR* openPipesCM[] = {
// open thos in compartment mode as do not use the de-administrator-ize proxy in File_NtCreateFilePipe // open those in compartment mode as do not use the de-administrator-ize proxy in File_NtCreateFilePipe
// //
L"\\device\\*pipe\\lsarpc", L"\\device\\*pipe\\lsarpc",
L"\\device\\*pipe\\srvsvc", L"\\device\\*pipe\\srvsvc",
@ -833,7 +833,7 @@ _FX BOOLEAN File_BlockInternetAccess(PROCESS *proc)
BOOLEAN ok; BOOLEAN ok;
// //
// is this process excempted from the blocade // is this process exempted from the blockade
// //
if (proc->AllowInternetAccess) if (proc->AllowInternetAccess)
@ -1416,7 +1416,7 @@ _FX NTSTATUS File_Generic_MyParseProc(
#ifdef USE_MATCH_PATH_EX #ifdef USE_MATCH_PATH_EX
// //
// if this is not a atribute or sync request update the permissions for the network path // if this is not a attribute or sync request update the permissions for the network path
// //
if (proc->use_rule_specificity || if (proc->use_rule_specificity ||
@ -2562,7 +2562,7 @@ _FX NTSTATUS File_Api_CheckInternetAccess(PROCESS *proc, ULONG64 *parms)
wmemcpy(device_name + 8, user_devname, 32); wmemcpy(device_name + 8, user_devname, 32);
device_name[8+32] = L'\0'; device_name[8+32] = L'\0';
/* this check is now done in unser mode /* this check is now done in user mode
// //
// convert the device name to lowercase, stop at the first backslash // convert the device name to lowercase, stop at the first backslash
// //

2
Sandboxie/core/drv/file_flt.c
View File

@ -461,7 +461,7 @@ _FX FLT_PREOP_CALLBACK_STATUS File_PreOperation(
} }
else else
{ {
// if the file is to be created in the same directroy as the original file, we check if the original file is in a sandboxed location // if the file is to be created in the same directory as the original file, we check if the original file is in a sandboxed location
if(!Box_IsBoxedPath(proc->box, file, &pTargetFileNameInfo->Name)) { if(!Box_IsBoxedPath(proc->box, file, &pTargetFileNameInfo->Name)) {
status = STATUS_ACCESS_DENIED; status = STATUS_ACCESS_DENIED;
} }

2
Sandboxie/core/drv/gui_xp.c
View File

@ -1508,7 +1508,7 @@ _FX ULONG_PTR Gui_NtUserSetWindowsHookEx(
if (HookType == WH_JOURNALRECORD || HookType == WH_JOURNALPLAYBACK || if (HookType == WH_JOURNALRECORD || HookType == WH_JOURNALPLAYBACK ||
HookType == WH_KEYBOARD_LL || HookType == WH_MOUSE_LL) { HookType == WH_KEYBOARD_LL || HookType == WH_MOUSE_LL) {
// MSDN explictly says these hooks are NOT injected into the target // MSDN explicitly says these hooks are NOT injected into the target
status = STATUS_SUCCESS; status = STATUS_SUCCESS;

4
Sandboxie/core/drv/ipc.c
View File

@ -1270,7 +1270,7 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
// //
// we duplicate the handle into kernel space such that that user // we duplicate the handle into kernel space such that that user
// wont be able to grab it while we are evaluaiting it // won't be able to grab it while we are evaluaiting it
// //
HANDLE SourceProcessKernelHandle; HANDLE SourceProcessKernelHandle;
@ -1282,7 +1282,7 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
// //
// driver verifier wants us to provide a kernel handle as process handles // driver verifier wants us to provide a kernel handle as process handles
// but the source handle must be a user handle and the ZwDuplicateObject // but the source handle must be a user handle and the ZwDuplicateObject
// function creates an otehr user handle hence NtClose // function creates another user handle hence NtClose
// //
status = ZwDuplicateObject( status = ZwDuplicateObject(

2
Sandboxie/core/drv/key.c
View File

@ -930,7 +930,7 @@ _FX BOOLEAN Key_MountHive3(
InitializeObjectAttributes(&objattrs, InitializeObjectAttributes(&objattrs,
&uni, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL); &uni, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
// ZwLoadKey can fail with device path if current process' devicemap is null // ZwLoadKey can fail with device path if current process's devicemap is null
// One workaround is to call ObOpenObjectByName and it will trigger devicemap // One workaround is to call ObOpenObjectByName and it will trigger devicemap
// to be initialized. Note, Using C: is not necessary. The disk volume doesn't // to be initialized. Note, Using C: is not necessary. The disk volume doesn't
// need to be there.L"\\??\\A:" works in the tests. // need to be there.L"\\??\\A:" works in the tests.

2
Sandboxie/core/drv/log_buff.c
View File

@ -141,7 +141,7 @@ CHAR* log_buffer_get_next(LOG_BUFFER_SEQ_T seq_number, LOG_BUFFER* ptr_buffer)
} }
if (ptr_buffer->buffer_used != 0) if (ptr_buffer->buffer_used != 0)
return ptr_buffer->buffer_start_ptr; // we havn't found the next entry and we have entries, so return the first entry return ptr_buffer->buffer_start_ptr; // we haven't found the next entry and we have entries, so return the first entry
return NULL; // the buffer is apparently empty, return NULL return NULL; // the buffer is apparently empty, return NULL
} }

4
Sandboxie/core/drv/my_fltkernel.h
View File

@ -1015,7 +1015,7 @@ typedef struct _FLT_CONTEXT_REGISTRATION {
// allocation of that entry. // allocation of that entry.
// //
// NOTE: These fields are ignored if Allocate & Free routines are // NOTE: These fields are ignored if Allocate & Free routines are
// specifed. // specified.
// //
SIZE_T Size; SIZE_T Size;
@ -1371,7 +1371,7 @@ typedef ULONG FLT_FILE_NAME_OPTIONS;
// //
// This flag is to be used by name provider filters to specify that a name // This flag is to be used by name provider filters to specify that a name
// query request they are making should be redirected to their filter rather // query request they are making should be redirected to their filter rather
// than being satified by the name providers lower in the stack. // than being satisfied by the name providers lower in the stack.
// //
#define FLT_FILE_NAME_REQUEST_FROM_CURRENT_PROVIDER 0x01000000 #define FLT_FILE_NAME_REQUEST_FROM_CURRENT_PROVIDER 0x01000000

2
Sandboxie/core/drv/obj_flt.c
View File

@ -225,7 +225,7 @@ _FX OB_PREOP_CALLBACK_STATUS Obj_PreOperationCallback(
InitialDesiredAccess = *DesiredAccess; InitialDesiredAccess = *DesiredAccess;
// //
// Based on the object type apply the apropriate filter // Based on the object type apply the appropriate filter
// //
if (PreInfo->ObjectType == *PsProcessType) { if (PreInfo->ObjectType == *PsProcessType) {

20
Sandboxie/core/drv/process.c
View File

@ -543,7 +543,7 @@ _FX void Process_CreateTerminated(HANDLE ProcessId, ULONG SessionId)
PROCESS *proc; PROCESS *proc;
KIRQL irql; KIRQL irql;
if (SessionId != -1) { // for StartRunAlertDenied, dont log in this case if (SessionId != -1) { // for StartRunAlertDenied, don't log in this case
pid_str.Length = 10 * sizeof(WCHAR); pid_str.Length = 10 * sizeof(WCHAR);
pid_str.MaximumLength = pid_str.Length + sizeof(WCHAR); pid_str.MaximumLength = pid_str.Length + sizeof(WCHAR);
@ -762,7 +762,7 @@ _FX PROCESS *Process_Create(
//Process_CreateTerminated(ProcessId, box->session_id); //Process_CreateTerminated(ProcessId, box->session_id);
//return NULL; //return NULL;
// allow the process to run for a sort while to allow the features to be avaluated // allow the process to run for a sort while to allow the features to be evaluated
Process_ScheduleKill(proc, 5*60*1000); // 5 minutes Process_ScheduleKill(proc, 5*60*1000); // 5 minutes
} }
} }
@ -912,7 +912,7 @@ _FX void Process_NotifyProcess(
if (Create) { if (Create) {
// //
// it is possible to specify the parrent process when calling RtlCreateUserProcess // it is possible to specify the parent process when calling RtlCreateUserProcess
// this is for example done by the appinfo service running under svchost.exe // this is for example done by the appinfo service running under svchost.exe
// to start LocalBridge.exe with RuntimeBroker.exe as parent // to start LocalBridge.exe with RuntimeBroker.exe as parent
// hence we take for our purposes the ID of the process calling RtlCreateUserProcess instead // hence we take for our purposes the ID of the process calling RtlCreateUserProcess instead
@ -999,7 +999,7 @@ _FX void Process_NotifyProcessEx(
if (CreateInfo != NULL) { if (CreateInfo != NULL) {
// //
// it is possible to specify the parrent process when calling RtlCreateUserProcess // it is possible to specify the parent process when calling RtlCreateUserProcess
// this is for example done by the appinfo service running under svchost.exe // this is for example done by the appinfo service running under svchost.exe
// to start LocalBridge.exe with RuntimeBroker.exe as parent // to start LocalBridge.exe with RuntimeBroker.exe as parent
// hence we take for our purposes the ID of the process calling RtlCreateUserProcess instead // hence we take for our purposes the ID of the process calling RtlCreateUserProcess instead
@ -1093,7 +1093,7 @@ _FX BOOLEAN Process_NotifyProcess_Create(
// there are a couple of scenarios here // there are a couple of scenarios here
// a. CallerId == ParentId boring, all's fine // a. CallerId == ParentId boring, all's fine
// b. Caller is sandboxed designated Parent is NOT sandboxed, // b. Caller is sandboxed designated Parent is NOT sandboxed,
// possible sandbox escape atempt // possible sandbox escape attempt
// c. Caller is not sandboxed, designated Parent IS sandboxed, // c. Caller is not sandboxed, designated Parent IS sandboxed,
// service trying to start something on the behalf of a sandboxed process // service trying to start something on the behalf of a sandboxed process
// eg. seclogon reacting to a runas request // eg. seclogon reacting to a runas request
@ -1187,7 +1187,7 @@ _FX BOOLEAN Process_NotifyProcess_Create(
RtlInitUnicodeString(&image_uni, ImagePath); RtlInitUnicodeString(&image_uni, ImagePath);
if (!Box_IsBoxedPath(box, file, &image_uni)) { if (!Box_IsBoxedPath(box, file, &image_uni)) {
check_forced_program = TRUE; // the break out process of one box may be the forced process of an otehr check_forced_program = TRUE; // the breakout process of one box may be the forced process of another
breakout_box = box; breakout_box = box;
box = NULL; box = NULL;
} }
@ -1344,8 +1344,8 @@ _FX BOOLEAN Process_NotifyProcess_Create(
else if (Driver_OsVersion >= DRIVER_WINDOWS_8) { else if (Driver_OsVersion >= DRIVER_WINDOWS_8) {
// //
// on windows 8 and later we can have nested jobs so asigning a // on windows 8 and later we can have nested jobs so assigning a
// boxed job to a process will not interfear with the job assigned by SbieSvc // boxed job to a process will not interfere with the job assigned by SbieSvc
// //
new_proc->can_use_jobs = Conf_Get_Boolean(new_proc->box->name, L"AllowBoxedJobs", 0, FALSE); new_proc->can_use_jobs = Conf_Get_Boolean(new_proc->box->name, L"AllowBoxedJobs", 0, FALSE);
@ -1623,11 +1623,11 @@ _FX void Process_NotifyImage(
void Process_SetTerminated(PROCESS *proc, ULONG reason) void Process_SetTerminated(PROCESS *proc, ULONG reason)
{ {
// //
// This function markes a process for termination, this causes File_PreOperation // This function marks a process for termination, this causes File_PreOperation
// and Key_Callback to return STATUS_PROCESS_IS_TERMINATING which prevents // and Key_Callback to return STATUS_PROCESS_IS_TERMINATING which prevents
// the process form accessing the file system and the registry // the process form accessing the file system and the registry
// //
// Note: if this is set during process creation the process wont be able to start at all // Note: if this is set during process creation the process won't be able to start at all
// //
if (!proc->terminated) if (!proc->terminated)

2
Sandboxie/core/drv/process.h
View File

@ -325,7 +325,7 @@ ULONG Process_MatchPathEx(
LIST *read_list, LIST *write_list, LIST *read_list, LIST *write_list,
const WCHAR** patsrc); const WCHAR** patsrc);
// Process_GetConf: retrives a configuration data value for a given process // Process_GetConf: retrieves a configuration data value for a given process
// use with Conf_AdjustUseCount to make sure the returned pointer is valid // use with Conf_AdjustUseCount to make sure the returned pointer is valid
const WCHAR* Process_GetConf(PROCESS* proc, const WCHAR* setting); const WCHAR* Process_GetConf(PROCESS* proc, const WCHAR* setting);

4
Sandboxie/core/drv/process_api.c
View File

@ -83,7 +83,7 @@ _FX NTSTATUS Process_Api_Start(PROCESS *proc, ULONG64 *parms)
if (user_box_parm < 0) { if (user_box_parm < 0) {
// //
// if paramter is negative, it specifies the pid number for a // if parameter is negative, it specifies the pid number for a
// process, from which we copy the box information, including // process, from which we copy the box information, including
// SID and session // SID and session
// //
@ -947,7 +947,7 @@ _FX NTSTATUS Process_Enumerate(
#ifdef USE_PROCESS_MAP #ifdef USE_PROCESS_MAP
// //
// quick shortcut for global count retrival // quick shortcut for global count retrieval
// //
if (pids == NULL && (! boxname[0]) && all_sessions) { // no pids, all boxes, all sessions if (pids == NULL && (! boxname[0]) && all_sessions) { // no pids, all boxes, all sessions

2
Sandboxie/core/drv/process_force.c
View File

@ -284,7 +284,7 @@ _FX BOX *Process_GetForcedStartBox(
} }
// //
// check if proces should be injected // check if process should be injected
// //
if ((! box) && (alert != 1) && pHostInject != NULL) { if ((! box) && (alert != 1) && pHostInject != NULL) {

14
Sandboxie/core/drv/process_util.c
View File

@ -445,7 +445,7 @@ _FX BOOLEAN Process_GetPaths(
if (closed && (*value == L'!')) { if (closed && (*value == L'!')) {
// dont close paths for sbie components // don't close paths for sbie components
if (closed_ipc && proc->image_sbie) if (closed_ipc && proc->image_sbie)
continue; continue;
@ -878,7 +878,7 @@ _FX int Process_MatchPathList(
level = cur_level; level = cur_level;
if (patsrc) *patsrc = Pattern_Source(pat); if (patsrc) *patsrc = Pattern_Source(pat);
// we need to test all entries to find the best match, so we dont break here // we need to test all entries to find the best match, so we don't break here
} }
// //
@ -990,7 +990,7 @@ _FX ULONG Process_MatchPathEx(
// and read access to user data must be explicityl grated, // and read access to user data must be explicityl grated,
// also all writes are redirected to the sandbox // also all writes are redirected to the sandbox
// //
// To enable privacy enchanced mode add UsePrivacyMode=y // To enable privacy enhanced mode add UsePrivacyMode=y
// //
mp_flags = TRUE_PATH_CLOSED_FLAG | COPY_PATH_OPEN_FLAG; // write path mode mp_flags = TRUE_PATH_CLOSED_FLAG | COPY_PATH_OPEN_FLAG; // write path mode
@ -1016,7 +1016,7 @@ _FX ULONG Process_MatchPathEx(
// //
// write path list, behaved on the driver side like closed path list // write path list, behaved on the driver side like closed path list
// these paths allow read acces to true location and read/write access to copy location // these paths allow read access to true location and read/write access to copy location
// //
if (write_list) { if (write_list) {
@ -1034,7 +1034,7 @@ _FX ULONG Process_MatchPathEx(
// //
// read path list behaves in the kernel like the default normal behavioure // read path list behaves in the kernel like the default normal behavioure
// these paths allow read only acces to true path and copy locations // these paths allow read only access to true path and copy locations
// //
if (read_list) { if (read_list) {
@ -1064,7 +1064,7 @@ _FX ULONG Process_MatchPathEx(
if (patsrc) *patsrc = curpat; if (patsrc) *patsrc = curpat;
mp_flags = TRUE_PATH_READ_FLAG | COPY_PATH_OPEN_FLAG; mp_flags = TRUE_PATH_READ_FLAG | COPY_PATH_OPEN_FLAG;
// dont goto finish as open can overwrite this // don't goto finish as open can overwrite this
} }
} }
@ -1530,7 +1530,7 @@ _FX BOOLEAN Process_ScheduleKill(PROCESS *proc, LONG delay_ms)
if (proc->reason == 0) if (proc->reason == 0)
RtlStringCbPrintfW(text, len, L"%s", proc->image_name); RtlStringCbPrintfW(text, len, L"%s", proc->image_name);
else if (proc->reason != -1) // in this case we have SBIE1308 and dont want any other messages else if (proc->reason != -1) // in this case we have SBIE1308 and don't want any other messages
RtlStringCbPrintfW(text, len, L"%s [%d]", proc->image_name, proc->reason); RtlStringCbPrintfW(text, len, L"%s [%d]", proc->image_name, proc->reason);
else else
*text = 0; *text = 0;

2
Sandboxie/core/drv/session.c
View File

@ -727,7 +727,7 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
ProbeForRead(log_data, log_len * sizeof(WCHAR), sizeof(WCHAR)); ProbeForRead(log_data, log_len * sizeof(WCHAR), sizeof(WCHAR));
// //
// if we dont need to check_object_exists we can use a shortcut // if we don't need to check_object_exists we can use a shortcut
// //
if (!args->check_object_exists.val64){ if (!args->check_object_exists.val64){

6
Sandboxie/core/drv/syscall_open.c
View File

@ -193,7 +193,7 @@ _FX NTSTATUS Syscall_CheckObject(
proc, OpenedObject, &Name->Name, HandleInfo->GrantedAccess); proc, OpenedObject, &Name->Name, HandleInfo->GrantedAccess);
// //
// process/thread access has an own loggin routine // process/thread access has its own logging routine
// //
if ((syscall_entry->name_len == 11 && memcmp(syscall_entry->name, "OpenProcess", 11) == 0) || if ((syscall_entry->name_len == 11 && memcmp(syscall_entry->name, "OpenProcess", 11) == 0) ||
@ -470,7 +470,7 @@ next:
} }
// //
// always close the old handle we were nto allowed to access // always close the old handle we were not allowed to access
// //
if (OldHandle != (HANDLE)user_args[0]) { if (OldHandle != (HANDLE)user_args[0]) {
@ -501,7 +501,7 @@ next:
if (!NT_SUCCESS(status)) { if (!NT_SUCCESS(status)) {
// //
// if we are not alowed to open this process, try the next one, don't forget to close this handle! // if we are not allowed to open this process, try the next one, don't forget to close this handle!
// //
user_args[0] = (ULONG_PTR)NewHandle; user_args[0] = (ULONG_PTR)NewHandle;

6
Sandboxie/core/drv/syscall_win32.c
View File

@ -153,7 +153,7 @@ _FX BOOLEAN Syscall_Init_List32(void)
List_Init(&Syscall_List32); List_Init(&Syscall_List32);
// //
// preapre the enabled/disabled lists // prepare the enabled/disabled lists
// //
LIST enabled_hooks; LIST enabled_hooks;
@ -253,8 +253,8 @@ _FX BOOLEAN Syscall_Init_List32(void)
// //
// we don't hook UserCreateWindowEx as it uses callbacks into // we don't hook UserCreateWindowEx as it uses callbacks into
// user space from teh kernel, for ocne this does not play well // user space from the kernel, for once this does not play well
// with out sys call interface, but also it would be a security issue // with our system call interface, but it would also be a security issue
// to allow user code execution while we have restored the original token // to allow user code execution while we have restored the original token
// //
// also some hooks cause BSOD's for now we just blacklist them // also some hooks cause BSOD's for now we just blacklist them

4
Sandboxie/core/drv/thread.c
View File

@ -414,7 +414,7 @@ _FX BOOLEAN Thread_AdjustGrantedAccess(void)
// //
// on Windows XP, the kernel caches a granted access value for use // on Windows XP, the kernel caches a granted access value for use
// with the psuedo handle NtCurrentThread(), but this value is // with the pseudo handle NtCurrentThread(), but this value is
// computed using the real primary token which is highly restricted. // computed using the real primary token which is highly restricted.
// we have to fix this value // we have to fix this value
// //
@ -1014,7 +1014,7 @@ _FX NTSTATUS Thread_CheckObject_Common(
} }
// //
// if an error occured and can't find pid, then don't allow // if an error occurred and can't find pid, then don't allow
// //
pid = (ULONG_PTR)PsGetProcessId(ProcessObject); pid = (ULONG_PTR)PsGetProcessId(ProcessObject);

2
Sandboxie/core/drv/thread_token.c
View File

@ -1594,7 +1594,7 @@ _FX NTSTATUS Thread_CheckTokenObject(
// //
// this function is called from Syscall_DuplicateHandle_2 to check // this function is called from Syscall_DuplicateHandle_2 to check
// access granted to a token object. if none of the special permissions // access granted to a token object. if none of the special permissions
// were requested, we can immmediately approve the request // were requested, we can immediately approve the request
// //
if (! (GrantedAccess & TOKEN_DENIED_ACCESS_MASK)) if (! (GrantedAccess & TOKEN_DENIED_ACCESS_MASK))

6
Sandboxie/core/drv/token.c
View File

@ -1452,7 +1452,7 @@ _FX void *Token_RestrictHelper3(
BOOLEAN UserSidAlreadyInGroups = FALSE; BOOLEAN UserSidAlreadyInGroups = FALSE;
BOOLEAN AnonymousLogonSidAlreadyInGroups = FALSE; BOOLEAN AnonymousLogonSidAlreadyInGroups = FALSE;
// todo: should we do somethign with SandboxieLogonSid here? // todo: should we do something with SandboxieLogonSid here?
BOOLEAN KeepUserGroup = Conf_Get_Boolean(proc->box->name, L"KeepUserGroup", 0, FALSE); BOOLEAN KeepUserGroup = Conf_Get_Boolean(proc->box->name, L"KeepUserGroup", 0, FALSE);
n = 0; n = 0;
@ -2159,7 +2159,7 @@ _FX void *Token_DuplicateToken(void *TokenObject, PROCESS *proc)
// //
// This just duplicates a token starting with an object instead of a handle // This just duplicates a token starting with an object instead of a handle
// using SepDuplicateToken would be more convinient but its unexported :/ // using SepDuplicateToken would be more convenient but it is unexported :/
// //
HANDLE OldTokenHandle; HANDLE OldTokenHandle;
@ -2258,7 +2258,7 @@ _FX void* Token_CreateNew(void* TokenObject, PROCESS* proc)
SECURITY_QUALITY_OF_SERVICE SecurityQos; SECURITY_QUALITY_OF_SERVICE SecurityQos;
// //
// Gether informations from the original token // Gather information from the original token
// //
if ( !NT_SUCCESS(SeQueryInformationToken(TokenObject, TokenStatistics, &LocalStatistics)) if ( !NT_SUCCESS(SeQueryInformationToken(TokenObject, TokenStatistics, &LocalStatistics))

2
Sandboxie/core/drv/util.c
View File

@ -233,7 +233,7 @@ BOOLEAN UnicodeStringEndsWith(PCUNICODE_STRING pString1, PWCHAR pString2, BOOLEA
BOOLEAN DoesRegValueExist(ULONG RelativeTo, WCHAR *Path, WCHAR *ValueName) BOOLEAN DoesRegValueExist(ULONG RelativeTo, WCHAR *Path, WCHAR *ValueName)
{ {
WCHAR DummyBuffer[1] = {0}; // if we provide a NULL buffer this wil cause a memory pool leak someware in the kernel WCHAR DummyBuffer[1] = {0}; // if we provide a NULL buffer, this will cause a memory pool leak somewhere in the kernel
UNICODE_STRING Dummy = { 0, sizeof(DummyBuffer), DummyBuffer }; UNICODE_STRING Dummy = { 0, sizeof(DummyBuffer), DummyBuffer };
return GetRegString(RelativeTo, Path, ValueName, &Dummy); return GetRegString(RelativeTo, Path, ValueName, &Dummy);
} }

4
Sandboxie/core/drv/verify.c
View File

@ -718,7 +718,7 @@ _FX NTSTATUS KphValidateCertificate(void)
level = NULL; level = NULL;
} }
// Checks if the certi if within its validity periode, failing that has no effect except ui notification // Checks if the certificate is within its validity period, otherwise it has no effect except for UI notification
#define TEST_CERT_DATE(days, months, years) \ #define TEST_CERT_DATE(days, months, years) \
if ((cert_date.QuadPart + KphGetDateInterval(days, months, years)) < LocalTime.QuadPart){ \ if ((cert_date.QuadPart + KphGetDateInterval(days, months, years)) < LocalTime.QuadPart){ \
Verify_CertInfo.expired = 1; \ Verify_CertInfo.expired = 1; \
@ -768,7 +768,7 @@ _FX NTSTATUS KphValidateCertificate(void)
else if (level && _wcsicmp(level, L"TEST") == 0) { // test certificate 5 days only else if (level && _wcsicmp(level, L"TEST") == 0) { // test certificate 5 days only
TEST_EXPIRATION(5, 0, 0); TEST_EXPIRATION(5, 0, 0);
} }
else if (level && _wcsicmp(level, L"ENTRY") == 0) { // patreon entry level, first 3 monts, later longer else if (level && _wcsicmp(level, L"ENTRY") == 0) { // patreon entry level, first 3 months, later longer
TEST_EXPIRATION(0, 3, 0); TEST_EXPIRATION(0, 3, 0);
} }
else /*if (!level || _wcsicmp(level, L"SMALL") == 0)*/ { // valid for 1 year else /*if (!level || _wcsicmp(level, L"SMALL") == 0)*/ { // valid for 1 year

10
Sandboxie/core/drv/wfp.c
View File

@ -396,7 +396,7 @@ _FX BOOLEAN WFP_Install_Callbacks(void)
status = WFP_RegisterCallout(&WPF_RECV_CALLOUT_GUID_V6, &FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6, &WFP_recv_callout_id_v6, &WFP_recv_filter_id_v6); status = WFP_RegisterCallout(&WPF_RECV_CALLOUT_GUID_V6, &FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6, &WFP_recv_callout_id_v6, &WFP_recv_filter_id_v6);
stage = 0x44; if (!NT_SUCCESS(status)) goto Exit; stage = 0x44; if (!NT_SUCCESS(status)) goto Exit;
// note: we could also setup FWPM_LAYER_ALE_AUTH_LISTEN_V4 but since we block all accepts we dont have to // note: we could also setup FWPM_LAYER_ALE_AUTH_LISTEN_V4 but since we block all accepts we don't have to
// Commit transaction to the Filter Engine // Commit transaction to the Filter Engine
@ -535,7 +535,7 @@ NTSTATUS WFP_RegisterCallout(const GUID* calloutKey, const GUID* applicableLayer
FWPM_FILTER filter = { 0 }; FWPM_FILTER filter = { 0 };
filter.displayData.name = WFP_FILTER_NAME; filter.displayData.name = WFP_FILTER_NAME;
filter.displayData.description = WFP_FILTER_DESCRIPTION; filter.displayData.description = WFP_FILTER_DESCRIPTION;
filter.action.type = FWP_ACTION_CALLOUT_TERMINATING; // Says this filter's callout MUST make a block/permit decission filter.action.type = FWP_ACTION_CALLOUT_TERMINATING; // Says this filter's callout MUST make a block/permit decision
filter.subLayerKey = WFP_SUBLAYER_GUID; filter.subLayerKey = WFP_SUBLAYER_GUID;
filter.weight.type = FWP_UINT8; filter.weight.type = FWP_UINT8;
filter.weight.uint8 = 0xf; // The weight of this filter within its sublayer filter.weight.uint8 = 0xf; // The weight of this filter within its sublayer
@ -640,7 +640,7 @@ BOOLEAN WFP_InitProcess(PROCESS* proc)
#endif #endif
if(map_get(&WFP_Processes, wfp_proc->ProcessId) != NULL) if(map_get(&WFP_Processes, wfp_proc->ProcessId) != NULL)
ok = FALSE; // that woudl be a duplicate, should not happen, but in case ok = FALSE; // that would be a duplicate, should not happen, but in case
else if (!map_insert(&WFP_Processes, wfp_proc->ProcessId, wfp_proc, 0)) else if (!map_insert(&WFP_Processes, wfp_proc->ProcessId, wfp_proc, 0))
ok = FALSE; ok = FALSE;
@ -871,13 +871,13 @@ void WFP_classify(
char trace_strA[256]; char trace_strA[256];
if (v6) { if (v6) {
RtlStringCbPrintfA(trace_strA, sizeof(trace_strA), "%s Network Traffic; Port: %u; Prot: %u; IPv6: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x", RtlStringCbPrintfA(trace_strA, sizeof(trace_strA), "%s Network Traffic; Port: %u; Prot: %u; IPv6: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x",
send ? "Outgoing " : "Incomming ", remote_port, protocol, send ? "Outgoing " : "Incoming ", remote_port, protocol,
remote_ip.Data[0], remote_ip.Data[1], remote_ip.Data[2], remote_ip.Data[3], remote_ip.Data[4], remote_ip.Data[5], remote_ip.Data[6], remote_ip.Data[7], remote_ip.Data[0], remote_ip.Data[1], remote_ip.Data[2], remote_ip.Data[3], remote_ip.Data[4], remote_ip.Data[5], remote_ip.Data[6], remote_ip.Data[7],
remote_ip.Data[8], remote_ip.Data[9], remote_ip.Data[10], remote_ip.Data[11], remote_ip.Data[12], remote_ip.Data[13], remote_ip.Data[14], remote_ip.Data[15]); remote_ip.Data[8], remote_ip.Data[9], remote_ip.Data[10], remote_ip.Data[11], remote_ip.Data[12], remote_ip.Data[13], remote_ip.Data[14], remote_ip.Data[15]);
} }
else { else {
RtlStringCbPrintfA(trace_strA, sizeof(trace_strA), "%s Network Traffic; Port: %u; Prot: %u; IPv4: %d.%d.%d.%d", RtlStringCbPrintfA(trace_strA, sizeof(trace_strA), "%s Network Traffic; Port: %u; Prot: %u; IPv4: %d.%d.%d.%d",
send ? "Outgoing " : "Incomming ", remote_port, protocol, send ? "Outgoing " : "Incoming ", remote_port, protocol,
remote_ip.Data[12], remote_ip.Data[13], remote_ip.Data[14], remote_ip.Data[15]); remote_ip.Data[12], remote_ip.Data[13], remote_ip.Data[14], remote_ip.Data[15]);
} }

6
Sandboxie/core/svc/DriverAssist.cpp
View File

@ -299,8 +299,8 @@ void DriverAssist::MsgWorkerThread(void *MyMsg)
#ifdef NEW_INI_MODE #ifdef NEW_INI_MODE
// //
// in case the ini was edited externaly, i.e. by notepad.exe // in case the ini was edited externally, i.e. by notepad.exe
// we update the ini cache each time the deriver reloads the ini file // we update the ini cache each time the driver reloads the ini file
// //
SbieIniServer::NotifyConfigReloaded(); SbieIniServer::NotifyConfigReloaded();
@ -474,7 +474,7 @@ void DriverAssist::CancelProcess(void *_msg)
if (msg->reason == 0) if (msg->reason == 0)
SbieApi_LogEx(msg->session_id, 2314, msg->process_name); SbieApi_LogEx(msg->session_id, 2314, msg->process_name);
else if (msg->reason != -1) // in this case we have SBIE1308 and dont want any other messages else if (msg->reason != -1) // in this case we have SBIE1308 and don't want any other messages
SbieApi_LogEx(msg->session_id, 2314, L"%S [%d / %d]", msg->process_name, msg->process_id, msg->reason); SbieApi_LogEx(msg->session_id, 2314, L"%S [%d / %d]", msg->process_name, msg->process_id, msg->reason);
} }

6
Sandboxie/core/svc/GuiServer.cpp
View File

@ -1646,7 +1646,7 @@ ULONG GuiServer::CreateConsoleSlave(SlaveArgs *args)
} }
// //
// prepare commnand line for console helper process // prepare command line for console helper process
// //
cmdline = (WCHAR *)HeapAlloc( cmdline = (WCHAR *)HeapAlloc(
@ -3432,7 +3432,7 @@ BOOL CALLBACK EnumThreadWndProc(HWND hwnd, LPARAM lParam)
GUI_REMOVE_HOST_WINDOW_RPL* pRpl = (GUI_REMOVE_HOST_WINDOW_RPL*)lParam; // pRpl is from caller's stack. GUI_REMOVE_HOST_WINDOW_RPL* pRpl = (GUI_REMOVE_HOST_WINDOW_RPL*)lParam; // pRpl is from caller's stack.
// thread window should from guest process. We only need check the first window's process. // thread window should from guest process. We only need check the first window's process.
// Note, GetWindowThreadProcessId is not availabe in XP. // Note, GetWindowThreadProcessId is not available in XP.
if (pRpl->status == STATUS_UNSUCCESSFUL) if (pRpl->status == STATUS_UNSUCCESSFUL)
{ {
if (isGuestProcessWindow(hwnd)) if (isGuestProcessWindow(hwnd))
@ -4340,7 +4340,7 @@ void GuiServer::RunConsoleSlave(const WCHAR *evtname)
} }
} }
//HeapFree(GetProcessHeap(), 0, pids); // dont bother we ExitProcess aynways //HeapFree(GetProcessHeap(), 0, pids); // don't bother we ExitProcess aynways
} }
ExitProcess(0); ExitProcess(0);

16
Sandboxie/core/svc/ProcessServer.cpp
View File

@ -550,7 +550,7 @@ MSG_HEADER *ProcessServer::RunSandboxedHandler(MSG_HEADER *msg)
if (lpProgram) { if (lpProgram) {
// //
// check if the process/directory is configued for breakout // check if the process/directory is configured for breakout
// if its a BreakoutProcess we must also test if the path is not in the sandbox itself // if its a BreakoutProcess we must also test if the path is not in the sandbox itself
// //
@ -559,14 +559,14 @@ MSG_HEADER *ProcessServer::RunSandboxedHandler(MSG_HEADER *msg)
|| SbieDll_CheckPatternInList(lpApplicationName, (ULONG)(lpProgram - lpApplicationName), boxname, L"BreakoutFolder")) { || SbieDll_CheckPatternInList(lpApplicationName, (ULONG)(lpProgram - lpApplicationName), boxname, L"BreakoutFolder")) {
// //
// this is a break out process, its alowed to leave teh sandbox // this is a breakout process, it is allowed to leave the sandbox
// //
BoxNameOrModelPid = 0; BoxNameOrModelPid = 0;
FilterHandles = TRUE; FilterHandles = TRUE;
// //
// check if it shoudl en up in an other box // check if it should end up in another box
// //
WCHAR BoxName[34]; WCHAR BoxName[34];
@ -580,7 +580,7 @@ MSG_HEADER *ProcessServer::RunSandboxedHandler(MSG_HEADER *msg)
|| SbieDll_CheckPatternInList(lpApplicationName, (ULONG)(lpProgram - lpApplicationName), BoxName, L"ForceFolder")) { || SbieDll_CheckPatternInList(lpApplicationName, (ULONG)(lpProgram - lpApplicationName), BoxName, L"ForceFolder")) {
// //
// check if the breakout process is suposed to end in the box its trying to break out of // check if the breakout process is supposed to end in the box it is trying to break out of
// and deny the breakout in that case, to take the normal process creation route // and deny the breakout in that case, to take the normal process creation route
// //
// this happens when a break out is configured globally // this happens when a break out is configured globally
@ -593,7 +593,7 @@ MSG_HEADER *ProcessServer::RunSandboxedHandler(MSG_HEADER *msg)
} }
// //
// set otehr box // set other box
// //
BoxNameOrModelPid = (LONG_PTR)boxname; BoxNameOrModelPid = (LONG_PTR)boxname;
@ -615,7 +615,7 @@ MSG_HEADER *ProcessServer::RunSandboxedHandler(MSG_HEADER *msg)
if (PrimaryTokenHandle) { if (PrimaryTokenHandle) {
// //
// copy STARTUPINFO paramters from caller // copy STARTUPINFO parameters from caller
// //
STARTUPINFO si; STARTUPINFO si;
@ -793,7 +793,7 @@ bool ProcessServer__RunRpcssAsSystem(const WCHAR* boxname)
// OriginalToken END // OriginalToken END
// //
// if we run MSIServer as system we need to run the sandboxed Rpcss as system to or else it wil fail // if we run MSIServer as system we need to run the sandboxed Rpcss as system to or else it will fail
// //
if (SbieApi_QueryConfBool(boxname, L"MsiInstallerExemptions", FALSE) || SbieApi_QueryConfBool(boxname, L"RunServicesAsSystem", FALSE)) if (SbieApi_QueryConfBool(boxname, L"MsiInstallerExemptions", FALSE) || SbieApi_QueryConfBool(boxname, L"RunServicesAsSystem", FALSE))
@ -1101,7 +1101,7 @@ BOOL ProcessServer::RunSandboxedStripPrivilege(HANDLE NewTokenHandle, LPCWSTR lp
NTSTATUS status = NtAdjustPrivilegesToken(NewTokenHandle, FALSE, &NewState, sizeof(NewState), (PTOKEN_PRIVILEGES)NULL, 0); NTSTATUS status = NtAdjustPrivilegesToken(NewTokenHandle, FALSE, &NewState, sizeof(NewState), (PTOKEN_PRIVILEGES)NULL, 0);
return NT_SUCCESS(status); // STATUS_SUCCESS or STATUS_NOT_ALL_ASSIGNED when the privilege wasnt there in the first palce, which is also passes NT_SUCCESS return NT_SUCCESS(status); // STATUS_SUCCESS or STATUS_NOT_ALL_ASSIGNED when the privilege wasn't there in the first place, which is also passes NT_SUCCESS
} }

2
Sandboxie/core/svc/comserver.cpp
View File

@ -1718,7 +1718,7 @@ void ComServer::GetClassObjectSlave(void *_map, LIST *ObjectsList,
// //
// elevate using CoGetObject // elevate using CoGetObject
// this is primarily inteded for the firewall object // this is primarily intended for the firewall object
// //
typedef struct tagBIND_OPTS3 { typedef struct tagBIND_OPTS3 {

2
Sandboxie/core/svc/comserver9.c
View File

@ -347,7 +347,7 @@ _FX void ComServer_RestartProgram(const WCHAR *arg)
*ptr = L'\0'; *ptr = L'\0';
#ifdef COMSERVER_DEBUG #ifdef COMSERVER_DEBUG
OutputDebugString(L"ComServer Restart Commmand Line:\n"); OutputDebugString(L"ComServer Restart Command Line:\n");
OutputDebugString(cmd); OutputDebugString(cmd);
#endif #endif

2
Sandboxie/core/svc/comserver9_ie.c
View File

@ -686,7 +686,7 @@ _FX HRESULT IEServer_IHTMLWindow2_NotImpl(IHTMLWindow2 *This)
_FX void IEServer_RestartProgram(const WCHAR *arg) _FX void IEServer_RestartProgram(const WCHAR *arg)
{ {
#ifdef COMSERVER_DEBUG #ifdef COMSERVER_DEBUG
OutputDebugString(L"IEServer Restart Commmand Line:\n"); OutputDebugString(L"IEServer Restart Command Line:\n");
OutputDebugString(arg); OutputDebugString(arg);
#endif #endif

4
Sandboxie/core/svc/main.cpp
View File

@ -488,7 +488,7 @@ finish:
bool CheckDropRights(const WCHAR *BoxName) bool CheckDropRights(const WCHAR *BoxName)
{ {
if (SbieApi_QueryConfBool(BoxName, L"NoSecurityIsolation", FALSE)) if (SbieApi_QueryConfBool(BoxName, L"NoSecurityIsolation", FALSE))
return false; // if we are not swaping the token we can not drop admin rights so keep this consistent return false; // if we are not swapping the token we can not drop admin rights so keep this consistent
if (SbieApi_QueryConfBool(BoxName, L"DropAdminRights", FALSE)) if (SbieApi_QueryConfBool(BoxName, L"DropAdminRights", FALSE))
return true; return true;
return false; return false;
@ -559,7 +559,7 @@ bool IsHostPath(HANDLE idProcess, WCHAR* dos_path)
ULONG len = 0; ULONG len = 0;
// //
// get the final file path by opening it and retreiving it from the handle // get the final file path by opening it and retrieving it from the handle
// //
handle = CreateFileW(dos_path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL); handle = CreateFileW(dos_path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);

10
Sandboxie/core/svc/sbieiniserver.cpp
View File

@ -75,7 +75,7 @@ SbieIniServer::SbieIniServer(PipeServer *pipeServer)
SbieIniServer::~SbieIniServer() SbieIniServer::~SbieIniServer()
{ {
m_instance = this; // fix-me: potential race condition, but this does nto mater as we dont use teh destructor anyways m_instance = this; // fix-me: potential race condition, but this does not matter as we don't use the destructor anyways
EnterCriticalSection(&m_instance->m_critsec); EnterCriticalSection(&m_instance->m_critsec);
@ -1014,7 +1014,7 @@ MSG_HEADER *SbieIniServer::GetSetting(MSG_HEADER *msg)
} }
// //
// preapre the reply // prepare the reply
// //
ULONG rpl_len = sizeof(SBIE_INI_SETTING_RPL) + (iniData.size() + 1) * sizeof(WCHAR); ULONG rpl_len = sizeof(SBIE_INI_SETTING_RPL) + (iniData.size() + 1) * sizeof(WCHAR);
@ -1074,7 +1074,7 @@ ULONG SbieIniServer::SetSetting(MSG_HEADER* msg)
WCHAR* iniDataPtr = req->value; WCHAR* iniDataPtr = req->value;
Ini_Read_ConfigSection(iniDataPtr, entries); Ini_Read_ConfigSection(iniDataPtr, entries);
if (*iniDataPtr != L'\0') // there must be no sections inside an otehr section if (*iniDataPtr != L'\0') // there must be no sections inside another section
return STATUS_INVALID_PARAMETER; return STATUS_INVALID_PARAMETER;
pSection->Entries = entries; pSection->Entries = entries;
@ -1177,7 +1177,7 @@ ULONG SbieIniServer::AddSetting(MSG_HEADER* msg, bool insert)
if(!insert || pos == pSection->Entries.end()) if(!insert || pos == pSection->Entries.end())
pos = I; pos = I;
if (_wcsicmp(I->Value.c_str(), req->value) == 0) { if (_wcsicmp(I->Value.c_str(), req->value) == 0) {
// this value is already present, so lets abbort right here // this value is already present, so let's abort right here
return STATUS_SUCCESS; return STATUS_SUCCESS;
} }
} }
@ -2007,7 +2007,7 @@ ULONG SbieIniServer::RefreshConf()
// //
// rebuild the ini from the cache with new values, if present, // rebuild the ini from the cache with new values, if present,
// and keeping coments and most of the formating // and keeping comments and most of the formatting
// //
for (auto I = m_pConfigIni->Sections.begin(); I != m_pConfigIni->Sections.end(); ++I) for (auto I = m_pConfigIni->Sections.begin(); I != m_pConfigIni->Sections.end(); ++I)

4
Sandboxie/core/svc/terminalserver.cpp
View File

@ -549,8 +549,8 @@ MSG_HEADER *TerminalServer::GetUserToken(MSG_HEADER *msg)
&& !SbieApi_QueryConfBool(boxname, L"UnfilteredToken", FALSE)) && !SbieApi_QueryConfBool(boxname, L"UnfilteredToken", FALSE))
// UnfilteredToken END // UnfilteredToken END
{ {
// of one of the above is true we handle unfiltered tokens // if one of the above is true, we handle unfiltered tokens
// if not we need to filter the token or else security checks in the driver wil fail! // if not, we need to filter the token, otherwise security checks in the driver will fail!
if (!NT_SUCCESS(SbieApi_Call(API_FILTER_TOKEN, 3, (ULONG_PTR)idProcess, (ULONG_PTR)hToken, (ULONG_PTR)&hFilteredToken))) if (!NT_SUCCESS(SbieApi_Call(API_FILTER_TOKEN, 3, (ULONG_PTR)idProcess, (ULONG_PTR)hToken, (ULONG_PTR)&hFilteredToken)))
goto fail; goto fail;