This commit is contained in:
parent
64d0363322
commit
b3c28d120c
|
@ -16,6 +16,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
- added option to hide installed programs [#4139](https://github.com/sandboxie-plus/Sandboxie/issues/4139)
|
||||
- added Hide Tray Icon [#4075](https://github.com/sandboxie-plus/Sandboxie/issues/4075)
|
||||
- added improved trace logging filtering [#4338](https://github.com/sandboxie-plus/Sandboxie/issues/4338)
|
||||
- added EventLog monitoring for SbieMessages [#4113](https://github.com/sandboxie-plus/Sandboxie/issues/4113)
|
||||
- add 'LogMessageEvents=y' to the global settings to log all sbie events to the system event log
|
||||
|
||||
### Fixed
|
||||
- fixed Sign the .tmp file that gets dropped when installing or updating Sandboxie Plus [#2643](https://github.com/sandboxie-plus/Sandboxie/issues/2643) [#4343](https://github.com/sandboxie-plus/Sandboxie/issues/4343)
|
||||
|
|
|
@ -57,8 +57,6 @@ static BOOLEAN Api_FastIo_DEVICE_CONTROL(
|
|||
ULONG IoControlCode, IO_STATUS_BLOCK *IoStatus,
|
||||
DEVICE_OBJECT *DeviceObject);
|
||||
|
||||
//static void Api_DelWork(API_WORK_ITEM *work_item);
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
@ -69,8 +67,6 @@ static NTSTATUS Api_LogMessage(PROCESS *proc, ULONG64 *parms);
|
|||
|
||||
static NTSTATUS Api_GetMessage(PROCESS *proc, ULONG64 *parms);
|
||||
|
||||
//static NTSTATUS Api_GetWork(PROCESS *proc, ULONG64 *parms);
|
||||
|
||||
static NTSTATUS Api_GetHomePath(PROCESS *proc, ULONG64 *parms);
|
||||
|
||||
static NTSTATUS Api_SetServicePort(PROCESS *proc, ULONG64 *parms);
|
||||
|
@ -110,8 +106,7 @@ volatile HANDLE Api_ServiceProcessId = NULL;
|
|||
|
||||
static PERESOURCE Api_LockResource = NULL;
|
||||
|
||||
//static LIST Api_WorkList;
|
||||
static BOOLEAN Api_WorkListInitialized = FALSE;
|
||||
static BOOLEAN Api_Initialized = FALSE;
|
||||
|
||||
static LOG_BUFFER* Api_LogBuffer = NULL;
|
||||
|
||||
|
@ -137,15 +132,13 @@ _FX BOOLEAN Api_Init(void)
|
|||
Api_LogBuffer = log_buffer_init(8 * 8 * 1024);
|
||||
|
||||
//
|
||||
// initialize work list
|
||||
// initialize lock
|
||||
//
|
||||
|
||||
//List_Init(&Api_WorkList);
|
||||
|
||||
if (! Mem_GetLockResource(&Api_LockResource, TRUE))
|
||||
return FALSE;
|
||||
|
||||
Api_WorkListInitialized = TRUE;
|
||||
Api_Initialized = TRUE;
|
||||
|
||||
//
|
||||
// initialize Fast IO dispatch pointers
|
||||
|
@ -193,7 +186,6 @@ _FX BOOLEAN Api_Init(void)
|
|||
//
|
||||
|
||||
Api_SetFunction(API_GET_VERSION, Api_GetVersion);
|
||||
//Api_SetFunction(API_GET_WORK, Api_GetWork);
|
||||
Api_SetFunction(API_LOG_MESSAGE, Api_LogMessage);
|
||||
Api_SetFunction(API_GET_MESSAGE, Api_GetMessage);
|
||||
Api_SetFunction(API_GET_HOME_PATH, Api_GetHomePath);
|
||||
|
@ -240,24 +232,16 @@ _FX void Api_Unload(void)
|
|||
Api_FastIoDispatch = NULL;
|
||||
}
|
||||
|
||||
if (Api_WorkListInitialized) {
|
||||
if (Api_Initialized) {
|
||||
|
||||
if (Api_LogBuffer) {
|
||||
log_buffer_free(Api_LogBuffer);
|
||||
Api_LogBuffer = NULL;
|
||||
}
|
||||
|
||||
/*API_WORK_ITEM *work_item;
|
||||
while (1) {
|
||||
work_item = List_Head(&Api_WorkList);
|
||||
if (! work_item)
|
||||
break;
|
||||
Api_DelWork(work_item);
|
||||
}*/
|
||||
|
||||
Mem_FreeLockResource(&Api_LockResource);
|
||||
|
||||
Api_WorkListInitialized = FALSE;
|
||||
Api_Initialized = FALSE;
|
||||
}
|
||||
|
||||
if (Api_ServicePortObject) {
|
||||
|
@ -682,11 +666,11 @@ _FX void Api_AddMessage(
|
|||
{
|
||||
KIRQL irql;
|
||||
|
||||
if (!Api_WorkListInitialized) // if (!Api_LogBuffer)
|
||||
if (!Api_Initialized)
|
||||
return;
|
||||
|
||||
//
|
||||
// add work at the end of the work list
|
||||
// add message
|
||||
//
|
||||
|
||||
irql = Api_EnterCriticalSection();
|
||||
|
@ -922,140 +906,6 @@ _FX BOOLEAN Api_SendServiceMessage(ULONG msgid, ULONG data_len, void *data)
|
|||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Api_AddWork
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
/*_FX BOOLEAN Api_AddWork(API_WORK_ITEM *work_item)
|
||||
{
|
||||
KIRQL irql;
|
||||
|
||||
if (! Api_WorkListInitialized)
|
||||
return FALSE;
|
||||
|
||||
//
|
||||
// add work at the end of the work list
|
||||
//
|
||||
|
||||
irql = Api_EnterCriticalSection();
|
||||
|
||||
List_Insert_After(&Api_WorkList, NULL, work_item);
|
||||
|
||||
Api_LeaveCriticalSection(irql);
|
||||
|
||||
//
|
||||
// set the work event so SbieSvc wakes up
|
||||
//
|
||||
|
||||
if (work_item->session_id != -1)
|
||||
return TRUE;
|
||||
|
||||
return TRUE;
|
||||
}*/
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Api_DelWork
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
/*_FX void Api_DelWork(API_WORK_ITEM *work_item)
|
||||
{
|
||||
// this assumes Api_WorkList is already locked using Api_Lock
|
||||
|
||||
List_Remove(&Api_WorkList, work_item);
|
||||
Mem_Free(work_item, work_item->length);
|
||||
}*/
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Api_GetWork
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
/*_FX NTSTATUS Api_GetWork(PROCESS *proc, ULONG64 *parms)
|
||||
{
|
||||
API_GET_WORK_ARGS *args = (API_GET_WORK_ARGS *)parms;
|
||||
NTSTATUS status;
|
||||
void *buffer_ptr;
|
||||
ULONG buffer_len;
|
||||
ULONG *result_len;
|
||||
ULONG length;
|
||||
API_WORK_ITEM *work_item;
|
||||
KIRQL irql;
|
||||
|
||||
//
|
||||
// caller must not be sandboxed, and caller has to be SbieSvc
|
||||
// if session parameter is -1
|
||||
//
|
||||
|
||||
if (proc)
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
|
||||
if (args->session_id.val == -1 &&
|
||||
PsGetCurrentProcessId() != Api_ServiceProcessId)
|
||||
return STATUS_ACCESS_DENIED;
|
||||
|
||||
//
|
||||
// find next work/log item for the session
|
||||
//
|
||||
|
||||
buffer_ptr = args->buffer.val;
|
||||
buffer_len = args->buffer_len.val;
|
||||
result_len = args->result_len_ptr.val;
|
||||
|
||||
irql = Api_EnterCriticalSection();
|
||||
|
||||
work_item = List_Head(&Api_WorkList);
|
||||
while (work_item) {
|
||||
if (work_item->session_id == args->session_id.val)
|
||||
break;
|
||||
work_item = List_Next(work_item);
|
||||
}
|
||||
|
||||
__try {
|
||||
|
||||
if (! work_item) {
|
||||
|
||||
status = STATUS_NO_MORE_ENTRIES;
|
||||
|
||||
} else {
|
||||
|
||||
if (work_item->length <= buffer_len) {
|
||||
|
||||
length = work_item->length
|
||||
- FIELD_OFFSET(API_WORK_ITEM, type);
|
||||
ProbeForWrite(buffer_ptr, length, sizeof(UCHAR));
|
||||
memcpy(buffer_ptr, &work_item->type, length);
|
||||
|
||||
status = STATUS_SUCCESS;
|
||||
|
||||
} else {
|
||||
|
||||
length = work_item->length;
|
||||
status = STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
if (result_len) {
|
||||
ProbeForWrite(result_len, sizeof(ULONG), sizeof(ULONG));
|
||||
*result_len = length;
|
||||
}
|
||||
|
||||
if (status == STATUS_SUCCESS)
|
||||
Api_DelWork(work_item);
|
||||
}
|
||||
|
||||
} __except (EXCEPTION_EXECUTE_HANDLER) {
|
||||
status = GetExceptionCode();
|
||||
}
|
||||
|
||||
Api_LeaveCriticalSection(irql);
|
||||
|
||||
return status;
|
||||
}*/
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Api_GetHomePath
|
||||
//---------------------------------------------------------------------------
|
||||
|
|
|
@ -39,17 +39,6 @@
|
|||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
/*typedef struct _API_WORK_ITEM {
|
||||
|
||||
LIST_ELEM list_elem;
|
||||
ULONG length; // length includes both header and data
|
||||
ULONG session_id;
|
||||
ULONG type;
|
||||
|
||||
ULONG data[1];
|
||||
|
||||
} API_WORK_ITEM;*/
|
||||
|
||||
typedef struct _Sbie_SeFilterTokenArg
|
||||
{
|
||||
PACCESS_TOKEN ExistingToken;
|
||||
|
@ -106,14 +95,6 @@ void Api_ResetServiceProcess(void);
|
|||
|
||||
BOOLEAN Api_SendServiceMessage(ULONG msgid, ULONG data_len, void *data);
|
||||
|
||||
//
|
||||
// Publish WORK_ITEM to be consumed by SandboxieService. Caller must
|
||||
// allocate work_item from Driver_Pool, and initialize type, length and data
|
||||
//
|
||||
|
||||
//BOOLEAN Api_AddWork(API_WORK_ITEM *work_item);
|
||||
|
||||
|
||||
//
|
||||
// Add message to log buffer
|
||||
//
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
#include "api.h"
|
||||
#include "util.h"
|
||||
#include "session.h"
|
||||
#include "conf.h"
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Functions
|
||||
|
@ -37,12 +38,6 @@ static void Log_Event_Msg(
|
|||
const WCHAR *string1,
|
||||
const WCHAR *string2);
|
||||
|
||||
/*static void Log_Popup_Msg_2(
|
||||
NTSTATUS error_code,
|
||||
const WCHAR *string1, ULONG string1_len,
|
||||
const WCHAR *string2, ULONG string2_len,
|
||||
ULONG session_id);*/
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Log_Event_Msg
|
||||
|
@ -151,9 +146,6 @@ _FX void Log_Popup_MsgEx(
|
|||
if ((Driver_OsVersion >= DRIVER_WINDOWS_VISTA) && (session_id == 0))
|
||||
session_id = 1;
|
||||
|
||||
//Log_Popup_Msg_2(
|
||||
// error_code, string1, string1_len, string2, string2_len, session_id, (ULONG)pid);
|
||||
|
||||
const WCHAR* strings[3] = { string1, string2, NULL };
|
||||
ULONG lengths[3] = { string1_len, string2_len, 0 };
|
||||
Api_AddMessage(error_code, strings, lengths, session_id, (ULONG)pid);
|
||||
|
@ -162,71 +154,17 @@ _FX void Log_Popup_MsgEx(
|
|||
// log message to SbieSvc and trigger SbieSvc to wake up and collect it
|
||||
//
|
||||
|
||||
//Log_Popup_Msg_2(
|
||||
// error_code, string1, string1_len, string2, string2_len, -1, (ULONG)pid);
|
||||
ULONG data = 0;
|
||||
|
||||
if (Conf_Get_Boolean(NULL, L"LogMessageEvents", 0, FALSE))
|
||||
data |= 0x01;
|
||||
|
||||
ULONG data = 0;
|
||||
Api_SendServiceMessage(SVC_LOG_MESSAGE, sizeof(ULONG), &data);
|
||||
|
||||
// DbgPrint("POPUP %04d %S %S\n", error_code & 0xFFFF, string1, string2);
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Log_Popup_Msg_2
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
/*_FX void Log_Popup_Msg_2(
|
||||
NTSTATUS error_code,
|
||||
const WCHAR *string1, ULONG string1_len,
|
||||
const WCHAR *string2, ULONG string2_len,
|
||||
ULONG session_id)
|
||||
{
|
||||
API_WORK_ITEM *work_item;
|
||||
ULONG length;
|
||||
WCHAR *ptr;
|
||||
|
||||
length = sizeof(API_WORK_ITEM)
|
||||
+ sizeof(ULONG) // msgid
|
||||
+ (string1_len + 1) * sizeof(WCHAR)
|
||||
+ (string2_len + 1) * sizeof(WCHAR);
|
||||
|
||||
//
|
||||
// prepare work item
|
||||
//
|
||||
|
||||
work_item = Mem_Alloc(Driver_Pool, length);
|
||||
if (work_item) {
|
||||
|
||||
work_item->length = length;
|
||||
|
||||
work_item->session_id = session_id;
|
||||
|
||||
work_item->type = API_LOG_MESSAGE;
|
||||
|
||||
work_item->data[0] = error_code;
|
||||
|
||||
ptr = (WCHAR *)&work_item->data[1];
|
||||
|
||||
if (string1_len) {
|
||||
wmemcpy(ptr, string1, string1_len);
|
||||
ptr += string1_len;
|
||||
}
|
||||
*ptr = L'\0';
|
||||
++ptr;
|
||||
|
||||
if (string2_len) {
|
||||
wmemcpy(ptr, string2, string2_len);
|
||||
ptr += string2_len;
|
||||
}
|
||||
*ptr = L'\0';
|
||||
|
||||
Api_AddWork(work_item);
|
||||
}
|
||||
}*/
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Log_Msg
|
||||
//---------------------------------------------------------------------------
|
||||
|
|
|
@ -303,7 +303,7 @@ void DriverAssist::MsgWorkerThread(void *MyMsg)
|
|||
}
|
||||
else if (msgid == SVC_LOG_MESSAGE) {
|
||||
|
||||
LogMessage();
|
||||
LogMessage(data_ptr);
|
||||
|
||||
}
|
||||
else if (msgid == SVC_CONFIG_UPDATED) {
|
||||
|
|
|
@ -103,7 +103,7 @@ private:
|
|||
// log messages to file
|
||||
//
|
||||
|
||||
void LogMessage();
|
||||
void LogMessage(void *_msg);
|
||||
|
||||
void LogMessage_Single(ULONG code, wchar_t* data, ULONG pid);
|
||||
void LogMessage_Multi(ULONG msgid, const WCHAR *path, const WCHAR *text);
|
||||
|
|
|
@ -69,29 +69,33 @@ bool GetUserNameFromProcess(DWORD pid, WCHAR* user, DWORD userSize, WCHAR* domai
|
|||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
void DriverAssist::LogMessage()
|
||||
void DriverAssist::LogMessage(void *_msg)
|
||||
{
|
||||
ULONG data = _msg ? *(ULONG*)_msg : 0;
|
||||
|
||||
bool LogMessageEvents = (data & 0x01) != 0;
|
||||
|
||||
EnterCriticalSection(&m_LogMessage_CritSec);
|
||||
|
||||
ULONG m_workItemLen = 4096;
|
||||
void *m_workItemBuf = NULL;
|
||||
ULONG m_MessageLen = 4096;
|
||||
void *m_MessageBuf = NULL;
|
||||
|
||||
while (1) {
|
||||
|
||||
m_workItemBuf = HeapAlloc(GetProcessHeap(), 0, m_workItemLen);
|
||||
if (! m_workItemBuf)
|
||||
m_MessageBuf = HeapAlloc(GetProcessHeap(), 0, m_MessageLen);
|
||||
if (! m_MessageBuf)
|
||||
break;
|
||||
|
||||
ULONG len = m_workItemLen;
|
||||
ULONG len = m_MessageLen;
|
||||
ULONG message_number = m_last_message_number;
|
||||
ULONG code = -1;
|
||||
ULONG pid = 0;
|
||||
ULONG status = SbieApi_GetMessage(&message_number, -1, &code, &pid, (wchar_t*)m_workItemBuf, len);
|
||||
ULONG status = SbieApi_GetMessage(&message_number, -1, &code, &pid, (wchar_t*)m_MessageBuf, len);
|
||||
|
||||
if (status == STATUS_BUFFER_TOO_SMALL) {
|
||||
HeapFree(GetProcessHeap(), 0, m_workItemBuf);
|
||||
m_workItemBuf = NULL;
|
||||
m_workItemLen += 4096;
|
||||
HeapFree(GetProcessHeap(), 0, m_MessageBuf);
|
||||
m_MessageBuf = NULL;
|
||||
m_MessageLen += 4096;
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -111,14 +115,21 @@ void DriverAssist::LogMessage()
|
|||
continue;
|
||||
|
||||
//
|
||||
// Add to log
|
||||
// Add to event log
|
||||
//
|
||||
|
||||
LogMessage_Single(code, (wchar_t*)m_workItemBuf, pid);
|
||||
if (LogMessageEvents)
|
||||
LogMessage_Event(code, (wchar_t*)m_MessageBuf, pid);
|
||||
|
||||
//
|
||||
// Add to log file
|
||||
//
|
||||
|
||||
LogMessage_Single(code, (wchar_t*)m_MessageBuf, pid);
|
||||
}
|
||||
|
||||
if (m_workItemBuf)
|
||||
HeapFree(GetProcessHeap(), 0, m_workItemBuf);
|
||||
if (m_MessageBuf)
|
||||
HeapFree(GetProcessHeap(), 0, m_MessageBuf);
|
||||
|
||||
LeaveCriticalSection(&m_LogMessage_CritSec);
|
||||
}
|
||||
|
|
|
@ -45,6 +45,8 @@ NTSTATUS LsaLookupAuthenticationPackage(
|
|||
|
||||
ULONG DriverAssist::StartDriverAsync(void *arg)
|
||||
{
|
||||
DriverAssist* This = (DriverAssist*)arg;
|
||||
|
||||
//
|
||||
// get windows version
|
||||
//
|
||||
|
@ -309,7 +311,7 @@ driver_started:
|
|||
// messages that were logged while the driver was starting
|
||||
//
|
||||
|
||||
m_instance->LogMessage();
|
||||
m_instance->LogMessage(NULL);
|
||||
|
||||
m_instance->m_DriverReady = true;
|
||||
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
#include "stdafx.h"
|
||||
|
||||
#include <Sddl.h>
|
||||
#include <lmcons.h>
|
||||
#include "MountManager.h"
|
||||
#include "DriverAssist.h"
|
||||
#include "PipeServer.h"
|
||||
|
@ -336,6 +337,61 @@ void LogEvent(ULONG msgid, ULONG level, ULONG detail)
|
|||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// LogMessage_Event
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
void LogMessage_Event(ULONG code, wchar_t* data, ULONG pid)
|
||||
{
|
||||
//
|
||||
// get log message
|
||||
//
|
||||
|
||||
WCHAR *str1 = data;
|
||||
ULONG str1_len = wcslen(str1);
|
||||
WCHAR *str2 = str1 + str1_len + 1;
|
||||
ULONG str2_len = wcslen(str2);
|
||||
|
||||
WCHAR *text = SbieDll_FormatMessage2(code, str1, str2);
|
||||
if (! text)
|
||||
return;
|
||||
|
||||
//
|
||||
// add user name
|
||||
//
|
||||
/*
|
||||
WCHAR user[UNLEN + 1];
|
||||
WCHAR domain[DNLEN + 1];
|
||||
bool GetUserNameFromProcess(DWORD pid, WCHAR * user, DWORD userSize, WCHAR * domain, DWORD domainSize);
|
||||
if (GetUserNameFromProcess(pid, user, UNLEN + 1, domain, DNLEN + 1)) {
|
||||
|
||||
WCHAR *text2 = (WCHAR *)LocalAlloc(
|
||||
LMEM_FIXED, (wcslen(text) + UNLEN + DNLEN + 10) * sizeof(WCHAR));
|
||||
if (text2) {
|
||||
|
||||
wsprintf(text2, L"%s (%s\\%s)", text, domain, user);
|
||||
|
||||
LocalFree(text);
|
||||
text = text2;
|
||||
}
|
||||
}*/
|
||||
|
||||
//
|
||||
// add event
|
||||
//
|
||||
|
||||
const WCHAR* ptr_extra[2] = { text, NULL };
|
||||
USHORT num_extra = 1;
|
||||
|
||||
if (EventLog) {
|
||||
ReportEvent(EventLog, EVENTLOG_INFORMATION_TYPE, 0, code, NULL, num_extra, 0, ptr_extra, NULL);
|
||||
}
|
||||
|
||||
LocalFree(text);
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// AbortServer
|
||||
//---------------------------------------------------------------------------
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
#include "msgs/msgs.h"
|
||||
|
||||
void LogEvent(ULONG msgid, ULONG level, ULONG detail);
|
||||
void LogMessage_Event(ULONG code, wchar_t* data, ULONG pid);
|
||||
void AbortServer(void);
|
||||
bool RestrictToken(void);
|
||||
bool CheckDropRights(const WCHAR *BoxName, const WCHAR *ExeName);
|
||||
|
|
Loading…
Reference in New Issue