mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

1.15.0

This commit is contained in:
DavidXanatos 2024-10-18 13:42:24 +02:00
parent f11f9116f3
commit c0eded3b02
15 changed files with 227 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
Sandboxie/core/dll/advapi.c
View File

@ -244,8 +244,9 @@ _FX BOOLEAN AdvApi_Init(HMODULE module)
// only hook SetSecurityInfo if this is Chrome. Outlook 2013 uses delayed loading and will cause infinite callbacks
// Starting with Win 10, we only want to hook ntmarta!SetSecurityInfo. Do NOT hook advapi!SetSecurityInfo. Delay loading for advapi will cause infinite recursion.
// Note: the infinite recursion issue has been resolved int 5.43
if (Config_GetSettingsForImageName_bool(L"UseSbieDeskHack", TRUE)
|| (Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX) || (Dll_ImageType == DLL_IMAGE_ACROBAT_READER)) {
if ((Config_GetSettingsForImageName_bool(L"UseSbieDeskHack", TRUE)
|| (Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX) || (Dll_ImageType == DLL_IMAGE_ACROBAT_READER))
&& !SbieApi_QueryConfBool(NULL, L"OpenWndStation", FALSE)) {
SetSecurityInfo = __sys_SetSecurityInfo;
GetSecurityInfo = __sys_GetSecurityInfo;
SBIEDLL_HOOK(AdvApi_, SetSecurityInfo);
@ -494,28 +495,9 @@ _FX ULONG AdvApi_CreateRestrictedToken(
}
HANDLE Sandboxie_WinSta = 0;
BOOL CALLBACK myEnumWindowStationProc(
_In_ LPTSTR lpszWindowStation,
_In_ LPARAM lParam);
// Get Sandbox Dummy WindowStation Handle
BOOL CALLBACK myEnumWindowStationProc(
_In_ LPTSTR lpszWindowStation,
_In_ LPARAM lParam)
{
if ((!lpszWindowStation) || (!__sys_OpenWindowStationW)) {
return FALSE;
}
if (!_wcsnicmp(lpszWindowStation, L"Sandbox", 7)) {
Sandboxie_WinSta = __sys_OpenWindowStationW(lpszWindowStation, 1, WINSTA_ALL_ACCESS | STANDARD_RIGHTS_REQUIRED);
return FALSE;
}
return TRUE;
}
//---------------------------------------------------------------------------
// AdvApi_GetSecurityInfo
//---------------------------------------------------------------------------
// Chrome 52+ now needs to be able to create a WindowStation and Desktop for its sandbox
// GetSecurityInfo will fail when chrome tries to do a DACL read on the default WindowStation.
@ -536,16 +518,10 @@ _FX DWORD AdvApi_GetSecurityInfo(
DWORD rc = 0;
rc = __sys_GetSecurityInfo(handle, ObjectType, SecurityInfo, psidOwner, psidGroup, pDacl, pSacl, ppSecurityDescriptor);
if (rc && ObjectType == SE_WINDOW_OBJECT && SecurityInfo == DACL_SECURITY_INFORMATION) {
__sys_EnumWindowStationsW = (P_EnumWindowStations)Ldr_GetProcAddrNew(L"User32.dll", L"EnumWindowStationsW", "EnumWindowStationsW");
__sys_OpenWindowStationW = (P_OpenWindowStationW)Ldr_GetProcAddrNew(L"User32.dll", L"OpenWindowStationW", "OpenWindowStationW"); // used by myEnumWindowStationProc
if (!Sandboxie_WinSta) {
if (__sys_EnumWindowStationsW) {
rc = __sys_EnumWindowStationsW(myEnumWindowStationProc, 0);
}
}
rc = __sys_GetSecurityInfo(Sandboxie_WinSta, ObjectType, SecurityInfo, psidOwner, psidGroup, pDacl, pSacl, ppSecurityDescriptor);
}
extern HWINSTA Gui_Dummy_WinSta;
if (rc && ObjectType == SE_WINDOW_OBJECT && SecurityInfo == DACL_SECURITY_INFORMATION && Gui_Dummy_WinSta)
rc = __sys_GetSecurityInfo(Gui_Dummy_WinSta, ObjectType, SecurityInfo, psidOwner, psidGroup, pDacl, pSacl, ppSecurityDescriptor);
return rc;
}
@ -681,6 +657,7 @@ _FX ULONG AdvApi_GetEffectiveRightsFromAclW(
//---------------------------------------------------------------------------
// Ntmarta_Init
//---------------------------------------------------------------------------
DWORD Ntmarta_GetSecurityInfo(
HANDLE handle,
SE_OBJECT_TYPE ObjectType,
@ -706,8 +683,9 @@ _FX BOOLEAN Ntmarta_Init(HMODULE module)
#define GETPROC2(x,s) __sys_Ntmarta_##x##s = (P_##x) Ldr_GetProcAddrNew(DllName_ntmarta, L#x L#s,#x #s);
GETPROC2(GetSecurityInfo, );
if (Config_GetSettingsForImageName_bool(L"UseSbieDeskHack", TRUE)
|| (Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX) || (Dll_ImageType == DLL_IMAGE_ACROBAT_READER)) {
if ((Config_GetSettingsForImageName_bool(L"UseSbieDeskHack", TRUE)
|| (Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX) || (Dll_ImageType == DLL_IMAGE_ACROBAT_READER))
&& !SbieApi_QueryConfBool(NULL, L"OpenWndStation", FALSE)) {
GetSecurityInfo = __sys_Ntmarta_GetSecurityInfo;
if (GetSecurityInfo)
@ -746,6 +724,12 @@ _FX BOOLEAN Ntmarta_Init(HMODULE module)
return TRUE;
}
//---------------------------------------------------------------------------
// Ntmarta_GetSecurityInfo
//---------------------------------------------------------------------------
_FX DWORD Ntmarta_GetSecurityInfo(
HANDLE handle,
SE_OBJECT_TYPE ObjectType,
@ -759,16 +743,10 @@ _FX DWORD Ntmarta_GetSecurityInfo(
DWORD rc = 0;
rc = __sys_Ntmarta_GetSecurityInfo(handle, ObjectType, SecurityInfo, psidOwner, psidGroup, pDacl, pSacl, ppSecurityDescriptor);
if (rc && ObjectType == SE_WINDOW_OBJECT && SecurityInfo == DACL_SECURITY_INFORMATION) {
__sys_EnumWindowStationsW = (P_EnumWindowStations)Ldr_GetProcAddrNew(L"User32.dll", L"EnumWindowStationsW", "EnumWindowStationsW");
__sys_OpenWindowStationW = (P_OpenWindowStationW)Ldr_GetProcAddrNew(L"User32.dll", L"OpenWindowStationW", "OpenWindowStationW"); // used by myEnumWindowStationProc
if (!Sandboxie_WinSta) {
if (__sys_EnumWindowStationsW) {
rc = __sys_EnumWindowStationsW(myEnumWindowStationProc, 0);
}
}
rc = __sys_Ntmarta_GetSecurityInfo(Sandboxie_WinSta, ObjectType, SecurityInfo, psidOwner, psidGroup, pDacl, pSacl, ppSecurityDescriptor);
}
extern HWINSTA Gui_Dummy_WinSta;
if (rc && ObjectType == SE_WINDOW_OBJECT && SecurityInfo == DACL_SECURITY_INFORMATION && Gui_Dummy_WinSta)
rc = __sys_Ntmarta_GetSecurityInfo(Gui_Dummy_WinSta, ObjectType, SecurityInfo, psidOwner, psidGroup, pDacl, pSacl, ppSecurityDescriptor);
return rc;
}

4
Sandboxie/core/dll/dll.h
View File

@ -110,7 +110,7 @@ enum {
DLL_IMAGE_ACROBAT_READER,
DLL_IMAGE_OFFICE_OUTLOOK,
DLL_IMAGE_OFFICE_EXCEL,
DLL_IMAGE_FLASH_PLAYER_SANDBOX,
DLL_IMAGE_FLASH_PLAYER_SANDBOX, // obsolete
DLL_IMAGE_PLUGIN_CONTAINER,
DLL_IMAGE_OTHER_WEB_BROWSER,
DLL_IMAGE_OTHER_MAIL_CLIENT,
@ -794,6 +794,8 @@ BOOLEAN Pdh_Init(HMODULE hmodule);
BOOLEAN NsiRpc_Init(HMODULE);
//BOOLEAN Wininet_Init(HMODULE);
BOOLEAN Nsi_Init(HMODULE);
BOOLEAN Ntmarta_Init(HMODULE);

10
Sandboxie/core/dll/dllmain.c
View File

@ -733,9 +733,9 @@ _FX void Dll_SelectImageType(void)
{
Dll_ImageType = Dll_GetImageType(Dll_ImageName);
if (Dll_ImageType == DLL_IMAGE_UNSPECIFIED &&
_wcsnicmp(Dll_ImageName, L"FlashPlayerPlugin_", 18) == 0)
Dll_ImageType = DLL_IMAGE_FLASH_PLAYER_SANDBOX;
//if (Dll_ImageType == DLL_IMAGE_UNSPECIFIED &&
// _wcsnicmp(Dll_ImageName, L"FlashPlayerPlugin_", 18) == 0)
// Dll_ImageType = DLL_IMAGE_FLASH_PLAYER_SANDBOX;
if (Dll_ImageType == DLL_IMAGE_DLLHOST) {
@ -773,8 +773,8 @@ _FX void Dll_SelectImageType(void)
if (Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME ||
Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX ||
Dll_ImageType == DLL_IMAGE_ACROBAT_READER ||
Dll_ImageType == DLL_IMAGE_FLASH_PLAYER_SANDBOX) {
//Dll_ImageType == DLL_IMAGE_FLASH_PLAYER_SANDBOX
Dll_ImageType == DLL_IMAGE_ACROBAT_READER) {
Dll_ChromeSandbox = TRUE;
}

2
Sandboxie/core/dll/dns_filter.c
View File

@ -194,7 +194,7 @@ _FX BOOLEAN WSA_InitNetDnsFilter(HMODULE module)
map_init(&WSA_LookupMap, Dll_Pool);
SCertInfo CertInfo = { 0 };
if (!NT_SUCCESS(SbieApi_Call(API_QUERY_DRIVER_INFO, 3, -1, (ULONG_PTR)&CertInfo, sizeof(CertInfo))) || !CERT_IS_LEVEL(CertInfo, eCertAdvanced)) {
if (!NT_SUCCESS(SbieApi_QueryDrvInfo(-1, &CertInfo, sizeof(CertInfo))) || !CertInfo.opt_net) {
const WCHAR* strings[] = { L"NetworkDnsFilter" , NULL };
SbieApi_LogMsgExt(-1, 6009, strings);

11
Sandboxie/core/dll/file_init.c
View File

@ -285,12 +285,13 @@ _FX BOOLEAN File_Init(void)
//
// support for Google Chrome flash plugin process
//
// $Workaround$ - 3rd party fix
//void *GetVolumeInformationW =
// GetProcAddress(Dll_KernelBase ? Dll_KernelBase : Dll_Kernel32,
// "GetVolumeInformationW");
//SBIEDLL_HOOK(File_,GetVolumeInformationW);
void *GetVolumeInformationW =
GetProcAddress(Dll_KernelBase ? Dll_KernelBase : Dll_Kernel32,
"GetVolumeInformationW");
SBIEDLL_HOOK(File_,GetVolumeInformationW);
// $Workaround$ - 3rd party fix
void *WriteProcessMemory =
GetProcAddress(Dll_KernelBase ? Dll_KernelBase : Dll_Kernel32,
"WriteProcessMemory");

58
Sandboxie/core/dll/file_misc.c
View File

@ -453,37 +453,37 @@ _FX NTSTATUS File_CreateBoxedPath(const WCHAR *PathToCreate)
//---------------------------------------------------------------------------
_FX BOOL File_GetVolumeInformationW(
const WCHAR *lpRootPathName,
WCHAR *lpVolumeNameBuffer, ULONG nVolumeNameSize,
ULONG *lpVolumeSerialNumber, ULONG *lpMaximumComponentLength,
ULONG *lpFileSystemFlags,
WCHAR *lpFileSystemNameBuffer, ULONG nFileSystemNameSize)
{
//_FX BOOL File_GetVolumeInformationW(
// const WCHAR *lpRootPathName,
// WCHAR *lpVolumeNameBuffer, ULONG nVolumeNameSize,
// ULONG *lpVolumeSerialNumber, ULONG *lpMaximumComponentLength,
// ULONG *lpFileSystemFlags,
// WCHAR *lpFileSystemNameBuffer, ULONG nFileSystemNameSize)
//{
// //
// // the flash plugin process of Google Chrome issues a special form
// // of GetVolumeInformationW with all-NULL parameters. this fails
// // with an access denied error. to work around this, we install
// // this hook, and automatically return TRUE in this special case.
// //
//
// the flash plugin process of Google Chrome issues a special form
// of GetVolumeInformationW with all-NULL parameters. this fails
// with an access denied error. to work around this, we install
// this hook, and automatically return TRUE in this special case.
// // $Workaround$ - 3rd party fix
// if (Dll_ChromeSandbox &&
// lpVolumeNameBuffer == NULL && nVolumeNameSize == 0 &&
// lpVolumeSerialNumber == NULL && lpMaximumComponentLength == NULL &&
// lpFileSystemFlags == NULL &&
// lpFileSystemNameBuffer == NULL && nFileSystemNameSize == 0) {
//
// $Workaround$ - 3rd party fix
if (Dll_ChromeSandbox &&
lpVolumeNameBuffer == NULL && nVolumeNameSize == 0 &&
lpVolumeSerialNumber == NULL && lpMaximumComponentLength == NULL &&
lpFileSystemFlags == NULL &&
lpFileSystemNameBuffer == NULL && nFileSystemNameSize == 0) {
SetLastError(ERROR_SUCCESS);
return TRUE;
}
return __sys_GetVolumeInformationW(
lpRootPathName, lpVolumeNameBuffer, nVolumeNameSize,
lpVolumeSerialNumber, lpMaximumComponentLength,
lpFileSystemFlags, lpFileSystemNameBuffer, nFileSystemNameSize);
}
// SetLastError(ERROR_SUCCESS);
// return TRUE;
//
// }
//
// return __sys_GetVolumeInformationW(
// lpRootPathName, lpVolumeNameBuffer, nVolumeNameSize,
// lpVolumeSerialNumber, lpMaximumComponentLength,
// lpFileSystemFlags, lpFileSystemNameBuffer, nFileSystemNameSize);
//}
//---------------------------------------------------------------------------

20
Sandboxie/core/dll/gui.c
View File

@ -44,6 +44,8 @@ void* SbieDll_Hook_arm(const char* SourceFuncName, void* SourceFunc, void* Detou
BOOLEAN Gui_UseProxyService = TRUE;
HWINSTA Gui_Dummy_WinSta = NULL;
//---------------------------------------------------------------------------
// Function Pointers in USER32.DLL
@ -389,7 +391,7 @@ _FX BOOLEAN Gui_Init(HMODULE module)
// disable the use of the gui proxy
//
Gui_UseProxyService = !Dll_CompartmentMode && !SbieApi_QueryConfBool(NULL, L"NoSandboxieDesktop", FALSE);
Gui_UseProxyService = !(Dll_CompartmentMode || SbieApi_QueryConfBool(NULL, L"NoSandboxieDesktop", FALSE));
// NoSbieDesk END
GUI_IMPORT___(PrintWindow);
@ -970,6 +972,10 @@ _FX BOOLEAN Gui_ConnectToWindowStationAndDesktop(HMODULE User32)
errlvl = 2;
else {
if (SbieApi_QueryConfBool(NULL, L"OpenWndStation", FALSE))
_ProcessDesktop = (HDESK)-1;
else {
//
// locate windowstation and desktop functions in user32 dll
//
@ -978,6 +984,10 @@ _FX BOOLEAN Gui_ConnectToWindowStationAndDesktop(HMODULE User32)
(P_SetProcessWindowStation)
GetProcAddress(User32, "SetProcessWindowStation");
P_GetProcessWindowStation _GetProcessWindowStation =
(P_GetProcessWindowStation)
GetProcAddress(User32, "GetProcessWindowStation");
if (!__sys_SetThreadDesktop) {
// in the special case when USER32 is loaded before GDI32, as
// discussed in Gdi_InitZero, SetThreadDesktop is still zero
@ -1081,6 +1091,8 @@ _FX BOOLEAN Gui_ConnectToWindowStationAndDesktop(HMODULE User32)
ThreadImpersonationToken, &rc, sizeof(rc));
}
Gui_Dummy_WinSta = _GetProcessWindowStation();
if (rc != 0)
errlvl = 4;
@ -1097,7 +1109,8 @@ _FX BOOLEAN Gui_ConnectToWindowStationAndDesktop(HMODULE User32)
errlvl = 5;
rc = GetLastError();
} else
}
else
_ProcessDesktop = (HDESK)rpl->hdesk;
//
@ -1113,6 +1126,7 @@ _FX BOOLEAN Gui_ConnectToWindowStationAndDesktop(HMODULE User32)
}
#endif ! _WIN64
}
}
Dll_Free(rpl);
}
@ -1128,7 +1142,7 @@ _FX BOOLEAN Gui_ConnectToWindowStationAndDesktop(HMODULE User32)
ConnectThread:
if (errlvl == 0) {
if (errlvl == 0 && _ProcessDesktop != (HDESK)-1) {
if (! __sys_SetThreadDesktop(_ProcessDesktop)) {
errlvl = 6;

15
Sandboxie/core/dll/guienum.c
View File

@ -234,6 +234,9 @@ _FX BOOLEAN Gui_InitEnum(HMODULE module)
// hook desktop APIs
//
if (SbieApi_QueryConfBool(NULL, L"OpenWndStation", FALSE))
return TRUE;
SBIEDLL_HOOK_GUI(EnumDesktopsW);
SBIEDLL_HOOK_GUI(EnumDesktopsA);
SBIEDLL_HOOK_GUI(OpenDesktopW);
@ -592,9 +595,9 @@ _FX HANDLE Gui_CreateWindowStationW (void *lpwinsta, DWORD dwFlags, ACCESS_MASK
if (myHandle)
return myHandle;
extern HANDLE Sandboxie_WinSta;
if(Sandboxie_WinSta && (Config_GetSettingsForImageName_bool(L"UseSbieWndStation", TRUE) || (Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX)))
return Sandboxie_WinSta;
extern HANDLE Gui_Dummy_WinSta;
if(Gui_Dummy_WinSta && (Config_GetSettingsForImageName_bool(L"UseSbieWndStation", TRUE) || (Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX)))
return Gui_Dummy_WinSta;
SbieApi_Log(2205, L"CreateWindowStation");
return 0;
@ -614,9 +617,9 @@ _FX HANDLE Gui_CreateWindowStationA (void *lpwinsta, DWORD dwFlags, ACCESS_MASK
if (myHandle)
return myHandle;
extern HANDLE Sandboxie_WinSta;
if(Sandboxie_WinSta && (Config_GetSettingsForImageName_bool(L"UseSbieWndStation", TRUE) || (Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX)))
return Sandboxie_WinSta;
extern HANDLE Gui_Dummy_WinSta;
if(Gui_Dummy_WinSta && (Config_GetSettingsForImageName_bool(L"UseSbieWndStation", TRUE) || (Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) || (Dll_ImageType == DLL_IMAGE_MOZILLA_FIREFOX)))
return Gui_Dummy_WinSta;
SbieApi_Log(2205, L"CreateWindowStation");
return 0;

2
Sandboxie/core/dll/net.c
View File

@ -1415,7 +1415,7 @@ _FX BOOLEAN WSA_InitNetProxy()
return FALSE;
SCertInfo CertInfo = { 0 };
if (!NT_SUCCESS(SbieApi_Call(API_QUERY_DRIVER_INFO, 3, -1, (ULONG_PTR)&CertInfo, sizeof(CertInfo))) || !CERT_IS_LEVEL(CertInfo, eCertAdvanced)) {
if (!NT_SUCCESS(SbieApi_QueryDrvInfo(-1, &CertInfo, sizeof(CertInfo))) || !CertInfo.opt_net) {
const WCHAR* strings[] = { L"NetworkUseProxy" , NULL };
SbieApi_LogMsgExt(-1, 6009, strings);

2
Sandboxie/core/dll/proc.c
View File

@ -908,7 +908,7 @@ _FX BOOL Proc_CreateProcessInternalW(
// architecture which conflicts with our restricted process model
//
if (Dll_ImageType == DLL_IMAGE_FLASH_PLAYER_SANDBOX ||
if (//Dll_ImageType == DLL_IMAGE_FLASH_PLAYER_SANDBOX ||
Dll_ImageType == DLL_IMAGE_ACROBAT_READER ||
Dll_ImageType == DLL_IMAGE_PLUGIN_CONTAINER)
hToken = NULL;

2
Sandboxie/core/dll/sxs.c
View File

@ -1,6 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
* Copyright 2020-2023 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

7
Sandboxie/core/drv/process_force.c
View File

@ -221,8 +221,15 @@ _FX BOX *Process_GetForcedStartBox(
return NULL;
}
//
// initialize ParentName but only if the parrent is not a system process
//
if (!MyIsProcessRunningAsSystemAccount(ParentId)) {
Process_GetProcessName(
Driver_Pool, (ULONG_PTR)ParentId, &nbuf, &nlen, &ParentName);
}
//
// initialize some more state before checking process

2
Sandboxie/core/drv/verify.h
View File

@ -95,7 +95,7 @@ enum ECertLevel {
#define CERT_IS_TYPE(cert,t) ((cert.type & 0b11100) == (unsigned long)(t))
#define CERT_IS_SUBSCRIPTION(cert) (CERT_IS_TYPE(cert, eCertBusiness) || CERT_IS_TYPE(cert, eCertHome) || cert.type == eCertEntryPatreon || CERT_IS_TYPE(cert, eCertEvaluation))
#define CERT_IS_INSIDER(cert) (CERT_IS_TYPE(cert, eCertEternal) || cert.type == eCertGreatPatreon)
#define CERT_IS_LEVEL(cert,l) (cert.active && cert.level >= (unsigned long)(l))
//#define CERT_IS_LEVEL(cert,l) (cert.active && cert.level >= (unsigned long)(l))
#ifdef KERNEL_MODE
extern SCertInfo Verify_CertInfo;

2
Sandboxie/core/svc/DriverAssistInject.cpp
View File

@ -133,7 +133,7 @@ void DriverAssist::InjectLow(void *_msg)
//
// NoSbieDesk BEGIN
if (!CompartmentMode && !SbieApi_QueryConfBool(boxname, L"NoSandboxieDesktop", FALSE))
if (!(CompartmentMode || SbieApi_QueryConfBool(boxname, L"NoSandboxieDesktop", FALSE)))
// NoSbieDesk END
if (!msg->bHostInject)
{

2
Sandboxie/core/svc/MountManager.cpp
View File

@ -997,7 +997,7 @@ bool MountManager::AcquireBoxRoot(const WCHAR* boxname, const WCHAR* reg_root, c
std::wstring TargetNtPath;
SCertInfo CertInfo = { 0 };
if ((UseFileImage || UseRamDisk) && (!NT_SUCCESS(SbieApi_Call(API_QUERY_DRIVER_INFO, 3, -1, (ULONG_PTR)&CertInfo, sizeof(CertInfo))) || !CERT_IS_LEVEL(CertInfo, (UseFileImage ? eCertAdvanced1 : eCertStandard)))) {
if ((UseFileImage || UseRamDisk) && (!NT_SUCCESS(SbieApi_QueryDrvInfo(-1, &CertInfo, sizeof(CertInfo))) || !(UseFileImage ? CertInfo.opt_enc : CertInfo.active))) {
const WCHAR* strings[] = { boxname, UseFileImage ? L"UseFileImage" : L"UseRamDisk" , NULL };
SbieApi_LogMsgExt(session_id, UseFileImage ? 6009 : 6008, strings);
errlvl = 0x66;