From c30ec207c347547320648eb493f5cc9fe3e4c95a Mon Sep 17 00:00:00 2001 From: DavidXanatos Date: Sun, 5 Jun 2022 13:02:46 +0200 Subject: [PATCH] 1.2.0 --- CHANGELOG.md | 12 ++ Sandboxie/SboxHostDll/SboxHostDll.cpp | 4 +- Sandboxie/apps/com/common.h | 2 +- Sandboxie/common/lsalookupi_ddk.h | 150 ++++++++++++++ Sandboxie/common/my_version.h | 6 +- Sandboxie/core/dll/advapi.c | 5 +- Sandboxie/core/dll/com.c | 6 +- Sandboxie/core/dll/cred.c | 2 +- Sandboxie/core/dll/crypt.c | 1 + Sandboxie/core/dll/debug.c | 2 + Sandboxie/core/dll/dll.h | 2 +- Sandboxie/core/dll/dllhook.c | 217 +++++++++++++++++---- Sandboxie/core/dll/dllmain.c | 11 +- Sandboxie/core/dll/dump.c | 2 + Sandboxie/core/dll/file_init.c | 2 + Sandboxie/core/dll/gdi.c | 4 +- Sandboxie/core/dll/gui.c | 38 ++-- Sandboxie/core/dll/gui_p.h | 20 +- Sandboxie/core/dll/guiclass.c | 2 +- Sandboxie/core/dll/guicon.c | 2 + Sandboxie/core/dll/guidde.c | 2 +- Sandboxie/core/dll/guidlg.c | 2 +- Sandboxie/core/dll/guienum.c | 8 +- Sandboxie/core/dll/guihook.c | 2 +- Sandboxie/core/dll/guimisc.c | 2 +- Sandboxie/core/dll/guimsg.c | 8 +- Sandboxie/core/dll/guiprop.c | 14 +- Sandboxie/core/dll/guititle.c | 2 +- Sandboxie/core/dll/ipc.c | 2 + Sandboxie/core/dll/key.c | 2 + Sandboxie/core/dll/ldr.c | 100 +++++----- Sandboxie/core/dll/lsa.c | 8 +- Sandboxie/core/dll/mscoree.c | 2 +- Sandboxie/core/dll/obj.c | 2 + Sandboxie/core/dll/pdh.c | 6 +- Sandboxie/core/dll/proc.c | 2 + Sandboxie/core/dll/sbiedll.h | 7 +- Sandboxie/core/dll/scm.c | 12 +- Sandboxie/core/dll/scm_misc.c | 2 +- Sandboxie/core/dll/scm_msi.c | 1 + Sandboxie/core/dll/secure.c | 2 + Sandboxie/core/dll/setup.c | 10 +- Sandboxie/core/dll/sh.c | 2 +- Sandboxie/core/dll/sysinfo.c | 2 + Sandboxie/core/dll/trace.c | 2 + Sandboxie/core/drv/api.c | 4 +- Sandboxie/core/drv/conf.c | 6 - Sandboxie/core/drv/log.c | 2 - Sandboxie/core/drv/process.h | 2 + Sandboxie/core/drv/process_low.c | 17 ++ Sandboxie/core/drv/token.c | 133 +++++-------- Sandboxie/core/svc/DriverAssist.cpp | 2 + Sandboxie/core/svc/DriverAssist.h | 8 + Sandboxie/core/svc/DriverAssistInject.cpp | 9 +- Sandboxie/core/svc/DriverAssistSid.cpp | 154 +++++++++++++++ Sandboxie/core/svc/ProcessServer.cpp | 16 +- Sandboxie/core/svc/SboxSvc.vcxproj | 1 + Sandboxie/core/svc/SboxSvc.vcxproj.filters | 3 + SandboxiePlus/version.h | 4 +- 59 files changed, 779 insertions(+), 276 deletions(-) create mode 100644 Sandboxie/common/lsalookupi_ddk.h create mode 100644 Sandboxie/core/svc/DriverAssistSid.cpp diff --git a/CHANGELOG.md b/CHANGELOG.md index e9bdb7bd..a1cce32e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,18 @@ This project adheres to [Semantic Versioning](http://semver.org/). +## [1.2.0 / 5.57.0] - 2022-01-?? + +### Added +- Reenginiered "SandboxieLogon=y" and set it on by default, now every sandbox gets its own SID +-- Note: this enforces the isolation of individual sandboxes from each other. + +### Changed +- reworked hook management, now unloaded dll'f are properly unhooked [#1243](https://github.com/sandboxie-plus/Sandboxie/issues/1243) + + + + ## [1.1.1 / 5.56.1] - 2022-05-30 diff --git a/Sandboxie/SboxHostDll/SboxHostDll.cpp b/Sandboxie/SboxHostDll/SboxHostDll.cpp index 00e3d918..6576320b 100644 --- a/Sandboxie/SboxHostDll/SboxHostDll.cpp +++ b/Sandboxie/SboxHostDll/SboxHostDll.cpp @@ -131,9 +131,9 @@ BOOLEAN InitHook( HINSTANCE hSbieDll ) { if (hSbieDll) { - HMODULE hAdvapi32 = GetModuleHandle(L"Advapi32.dll"); + HMODULE module = GetModuleHandle(L"Advapi32.dll"); - void *OpenProcessToken = (P_OpenProcessToken)GetProcAddress(hAdvapi32, "OpenProcessToken"); + void *OpenProcessToken = (P_OpenProcessToken)GetProcAddress(module, "OpenProcessToken"); if (OpenProcessToken) SBIEDLL_HOOK(SboxHostDll_, OpenProcessToken); diff --git a/Sandboxie/apps/com/common.h b/Sandboxie/apps/com/common.h index 424f3d49..dbdf513b 100644 --- a/Sandboxie/apps/com/common.h +++ b/Sandboxie/apps/com/common.h @@ -57,7 +57,7 @@ static BOOLEAN IsWindows81 = FALSE; SourceFunc = (void *)func; \ } \ __sys_##func = \ - (ULONG_PTR)SbieDll_Hook(FuncName, SourceFunc, my_##func); \ + (ULONG_PTR)SbieDll_Hook(FuncName, SourceFunc, my_##func, KernelBase); \ if (! __sys_##func) \ hook_success = FALSE; \ } diff --git a/Sandboxie/common/lsalookupi_ddk.h b/Sandboxie/common/lsalookupi_ddk.h new file mode 100644 index 00000000..cd00e4e1 --- /dev/null +++ b/Sandboxie/common/lsalookupi_ddk.h @@ -0,0 +1,150 @@ +/*++ + +Copyright (c) Microsoft Corporation, 1992 - + +Module Name: + + lsalookupi.h + +Abstract: + + LSA Policy Lookup internal API + +--*/ + +#ifndef _LSALOOKUPI_ +#define _LSALOOKUPI_ + +#ifdef MIDL_PASS +#define SIZE_IS(x) [size_is(x)] +#define SWITCH_IS(x) [switch_is(x)] +#define SWITCH_TYPE(x) [switch_type(x)] +#define CASE(x) [case(x)] +#define RANGE(x,y) [range(x,y)] +#define VAR_SIZE_ARRAY +#define SID_POINTER PISID +#define REF [ref] +#else +#define SIZE_IS(x) +#define SWITCH_IS(x) +#define SWITCH_TYPE(x) +#define CASE(x) +#define RANGE(x,y) __in_range(x,y) +#define VAR_SIZE_ARRAY (1) +#define SID_POINTER PSID +#define REF +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +// +// Generic negative values for unknown IDs, inapplicable indices etc. +// + +#define LSA_UNKNOWN_ID ((ULONG) 0xFFFFFFFFL) +#define LSA_UNKNOWN_INDEX ((LONG) -1) + +typedef enum _LSA_SID_NAME_MAPPING_OPERATION_TYPE { + + LsaSidNameMappingOperation_Add, + LsaSidNameMappingOperation_Remove, + LsaSidNameMappingOperation_AddMultiple, + +} LSA_SID_NAME_MAPPING_OPERATION_TYPE, *PLSA_SID_NAME_MAPPING_OPERATION_TYPE; + +#define LSA_MAXIMUM_NUMBER_OF_CHARACTERS_IN_NAMES_FOR_SNMC 0x400 + +typedef struct _LSA_SID_NAME_MAPPING_OPERATION_ADD_INPUT { + + UNICODE_STRING DomainName; + UNICODE_STRING AccountName; + REF SID_POINTER Sid; + ULONG Flags; + +} LSA_SID_NAME_MAPPING_OPERATION_ADD_INPUT, *PLSA_SID_NAME_MAPPING_OPERATION_ADD_INPUT; + +typedef struct _LSA_SID_NAME_MAPPING_OPERATION_REMOVE_INPUT { + + UNICODE_STRING DomainName; + UNICODE_STRING AccountName; + +} LSA_SID_NAME_MAPPING_OPERATION_REMOVE_INPUT, *PLSA_SID_NAME_MAPPING_OPERATION_REMOVE_INPUT; + +#define LSA_MAXIMUM_NUMBER_OF_MAPPINGS_IN_ADD_MULTIPLE_INPUT 0x1000 + +typedef struct _LSA_SID_NAME_MAPPING_OPERATION_ADD_MULTIPLE_INPUT { + + RANGE( 1, LSA_MAXIMUM_NUMBER_OF_MAPPINGS_IN_ADD_MULTIPLE_INPUT ) + ULONG Count; + REF SIZE_IS( Count ) PLSA_SID_NAME_MAPPING_OPERATION_ADD_INPUT Mappings; + +} LSA_SID_NAME_MAPPING_OPERATION_ADD_MULTIPLE_INPUT, *PLSA_SID_NAME_MAPPING_OPERATION_ADD_MULTIPLE_INPUT; + +typedef SWITCH_TYPE( LSA_SID_NAME_MAPPING_OPERATION_TYPE ) union _LSA_SID_NAME_MAPPING_OPERATION_INPUT { + + CASE( LsaSidNameMappingOperation_Add ) + LSA_SID_NAME_MAPPING_OPERATION_ADD_INPUT AddInput; + CASE( LsaSidNameMappingOperation_Remove ) + LSA_SID_NAME_MAPPING_OPERATION_REMOVE_INPUT RemoveInput; + CASE( LsaSidNameMappingOperation_AddMultiple ) + LSA_SID_NAME_MAPPING_OPERATION_ADD_MULTIPLE_INPUT AddMultipleInput; + +} LSA_SID_NAME_MAPPING_OPERATION_INPUT, *PLSA_SID_NAME_MAPPING_OPERATION_INPUT; + +typedef enum _LSA_SID_NAME_MAPPING_OPERATION_ERROR { + + LsaSidNameMappingOperation_Success, + LsaSidNameMappingOperation_NonMappingError, + LsaSidNameMappingOperation_NameCollision, + LsaSidNameMappingOperation_SidCollision, + LsaSidNameMappingOperation_DomainNotFound, + LsaSidNameMappingOperation_DomainSidPrefixMismatch, + LsaSidNameMappingOperation_MappingNotFound, + +} LSA_SID_NAME_MAPPING_OPERATION_ERROR, *PLSA_SID_NAME_MAPPING_OPERATION_ERROR; + +typedef struct _LSA_SID_NAME_MAPPING_OPERATION_GENERIC_OUTPUT { + + LSA_SID_NAME_MAPPING_OPERATION_ERROR ErrorCode; + +} LSA_SID_NAME_MAPPING_OPERATION_GENERIC_OUTPUT, *PLSA_SID_NAME_MAPPING_OPERATION_GENERIC_OUTPUT; + +typedef LSA_SID_NAME_MAPPING_OPERATION_GENERIC_OUTPUT LSA_SID_NAME_MAPPING_OPERATION_ADD_OUTPUT, *PLSA_SID_NAME_MAPPING_OPERATION_ADD_OUTPUT; +typedef LSA_SID_NAME_MAPPING_OPERATION_GENERIC_OUTPUT LSA_SID_NAME_MAPPING_OPERATION_REMOVE_OUTPUT, *PLSA_SID_NAME_MAPPING_OPERATION_REMOVE_OUTPUT; +typedef LSA_SID_NAME_MAPPING_OPERATION_GENERIC_OUTPUT LSA_SID_NAME_MAPPING_OPERATION_ADD_MULTIPLE_OUTPUT, *PLSA_SID_NAME_MAPPING_OPERATION_ADD_MULTIPLE_OUTPUT; + +typedef SWITCH_TYPE( LSA_SID_NAME_MAPPING_OPERATION_TYPE ) union _LSA_SID_NAME_MAPPING_OPERATION_OUTPUT { + + CASE( LsaSidNameMappingOperation_Add ) + LSA_SID_NAME_MAPPING_OPERATION_ADD_OUTPUT AddOutput; + CASE( LsaSidNameMappingOperation_Remove ) + LSA_SID_NAME_MAPPING_OPERATION_REMOVE_OUTPUT RemoveOutput; + CASE( LsaSidNameMappingOperation_AddMultiple ) + LSA_SID_NAME_MAPPING_OPERATION_ADD_MULTIPLE_OUTPUT AddMultipleOutput; + +} LSA_SID_NAME_MAPPING_OPERATION_OUTPUT, *PLSA_SID_NAME_MAPPING_OPERATION_OUTPUT; + +NTSTATUS +LsaLookupManageSidNameMapping( + __in LSA_SID_NAME_MAPPING_OPERATION_TYPE OperationType, + __in PLSA_SID_NAME_MAPPING_OPERATION_INPUT OperationInput, + __out PLSA_SID_NAME_MAPPING_OPERATION_OUTPUT *OperationOutput + ); + +#ifdef __cplusplus +} +#endif + +#undef SIZE_IS +#undef SWITCH_IS +#undef SWITCH_TYPE +#undef CASE +#undef RANGE +#undef VAR_SIZE_ARRAY +#undef SID_POINTER +#undef REF + +#endif // _LSALOOKUPI_ + diff --git a/Sandboxie/common/my_version.h b/Sandboxie/common/my_version.h index 8406b174..30764128 100644 --- a/Sandboxie/common/my_version.h +++ b/Sandboxie/common/my_version.h @@ -21,9 +21,9 @@ #ifndef _MY_VERSION_H #define _MY_VERSION_H -#define MY_VERSION_BINARY 5,56,1 -#define MY_VERSION_STRING "5.56.1" -#define MY_VERSION_COMPAT "5.55.0" // this refers to the driver ABI compatibility +#define MY_VERSION_BINARY 5,57,0 +#define MY_VERSION_STRING "5.57.0" +#define MY_VERSION_COMPAT "5.57.0" // this refers to the driver ABI compatibility // These #defines are used by either Resource Compiler or NSIS installer #define SBIE_INSTALLER_PATH "..\\Bin\\" diff --git a/Sandboxie/core/dll/advapi.c b/Sandboxie/core/dll/advapi.c index c32b97ca..fc0451a1 100644 --- a/Sandboxie/core/dll/advapi.c +++ b/Sandboxie/core/dll/advapi.c @@ -663,9 +663,10 @@ _FX BOOLEAN AdvApi_EnableDisableSRP(BOOLEAN Enable) if (! AdvApi_Module) return FALSE; if (! __sys_SaferComputeTokenFromLevel) { + HMODULE module = AdvApi_Module; P_SaferComputeTokenFromLevel SaferComputeTokenFromLevel = (P_SaferComputeTokenFromLevel)GetProcAddress( - AdvApi_Module, "SaferComputeTokenFromLevel"); + module, "SaferComputeTokenFromLevel"); if (SaferComputeTokenFromLevel) { SBIEDLL_HOOK(AdvApi_,SaferComputeTokenFromLevel); } @@ -718,7 +719,7 @@ DWORD Ntmarta_GetSecurityInfo( #define SBIEDLL_HOOK2(pfx,proc) \ *(ULONG_PTR *)&__sys_##pfx##proc = (ULONG_PTR) \ - SbieDll_Hook(#proc, proc, pfx##proc); \ + SbieDll_Hook(#proc, proc, pfx##proc, module); \ if (! __sys_##pfx##proc) return FALSE; _FX BOOLEAN Ntmarta_Init(HMODULE module) diff --git a/Sandboxie/core/dll/com.c b/Sandboxie/core/dll/com.c index 2b9cdad8..5dbe6e71 100644 --- a/Sandboxie/core/dll/com.c +++ b/Sandboxie/core/dll/com.c @@ -93,7 +93,7 @@ static HRESULT Com_CoCreateInstanceEx( REFCLSID rclsid, void *pUnkOuter, ULONG clsctx, void *pServerInfo, ULONG cmq, MULTI_QI *pmqs); -static BOOLEAN Com_Hook_CoUnmarshalInterface_W8(UCHAR *code); +static BOOLEAN Com_Hook_CoUnmarshalInterface_W8(UCHAR *code, HMODULE module); static HRESULT __fastcall Com_CoUnmarshalInterface_W8( ULONG_PTR StreamAddr, ULONG64 zero, REFIID riid, void **ppv); @@ -866,7 +866,7 @@ _FX HRESULT Com_CoCreateInstanceEx( //--------------------------------------------------------------------------- -_FX BOOLEAN Com_Hook_CoUnmarshalInterface_W8(UCHAR *code) +_FX BOOLEAN Com_Hook_CoUnmarshalInterface_W8(UCHAR *code, HMODULE module) { // @@ -1399,7 +1399,7 @@ _FX BOOLEAN Com_Init_ComBase(HMODULE module) if (!Ipc_OpenCOM) { if (Dll_OsBuild >= 8400) { if (!Com_Hook_CoUnmarshalInterface_W8( - (UCHAR*)CoUnmarshalInterface)) + (UCHAR*)CoUnmarshalInterface, module)) return FALSE; } else { diff --git a/Sandboxie/core/dll/cred.c b/Sandboxie/core/dll/cred.c index 64d7ab5f..3c4a0394 100644 --- a/Sandboxie/core/dll/cred.c +++ b/Sandboxie/core/dll/cred.c @@ -160,7 +160,7 @@ extern const WCHAR *Pst_OpenProtectedStorage; *(ULONG_PTR *)&__sys_##proc = (ULONG_PTR)Ldr_GetProcAddrNew(DllName_advapi32, L#proc, #proc); \ if (*(ULONG_PTR *)&__sys_##proc) { \ *(ULONG_PTR *)&__sys_##proc = (ULONG_PTR) \ - SbieDll_Hook(#proc, __sys_##proc, Cred_##proc); \ + SbieDll_Hook(#proc, __sys_##proc, Cred_##proc, module); \ if (! __sys_##proc) return FALSE; \ } diff --git a/Sandboxie/core/dll/crypt.c b/Sandboxie/core/dll/crypt.c index 184c5ad3..28655c68 100644 --- a/Sandboxie/core/dll/crypt.c +++ b/Sandboxie/core/dll/crypt.c @@ -464,6 +464,7 @@ int Crypt_GetKeyStorageInterface(void * a, void *data, void *c) ClassPtr = (KeyInterfaceClass*)(*(ULONG_PTR *)data); if (__sys_CryptClassErrorHandler != ClassPtr->ErrorHandler) { + HMODULE module = NULL; // fix-me: CryptClassErrorHandler = (P_CryptClassErrorHandler)ClassPtr->ErrorHandler; SBIEDLL_HOOK(Crypt_, CryptClassErrorHandler); } diff --git a/Sandboxie/core/dll/debug.c b/Sandboxie/core/dll/debug.c index 7fb9c053..e0211dcc 100644 --- a/Sandboxie/core/dll/debug.c +++ b/Sandboxie/core/dll/debug.c @@ -119,6 +119,8 @@ __declspec(dllimport) NTSTATUS LdrGetDllHandle( _FX int Debug_Init(void) { + HMODULE module = NULL; // fix-me + P_OutputDebugString OutputDebugStringW; P_OutputDebugString OutputDebugStringA; P_RtlSetLastWin32Error RtlSetLastWin32Error; diff --git a/Sandboxie/core/dll/dll.h b/Sandboxie/core/dll/dll.h index b00e7ba0..efed68f9 100644 --- a/Sandboxie/core/dll/dll.h +++ b/Sandboxie/core/dll/dll.h @@ -569,7 +569,7 @@ void Gui_AllowSetForegroundWindow(void); void Gdi_SplWow64(BOOLEAN Register); -BOOLEAN Gdi_InitZero(void); +BOOLEAN Gdi_InitZero(HMODULE module); void Gui_ResetClipCursor(void); diff --git a/Sandboxie/core/dll/dllhook.c b/Sandboxie/core/dll/dllhook.c index 6229b564..a36e1d32 100644 --- a/Sandboxie/core/dll/dllhook.c +++ b/Sandboxie/core/dll/dllhook.c @@ -49,26 +49,59 @@ BOOLEAN SbieDll_FuncSkipHook(const char* func); #ifdef _WIN64 typedef struct _VECTOR_TABLE { + + LIST_ELEM list_elem; + void * offset; int index; int maxEntries; } VECTOR_TABLE; -BOOL bVTableEable = TRUE; -#define NUM_VTABLES 0x10 -#define VTABLE_SIZE 0x4000 //16k enough for 2048 8 byte entries +//BOOL bVTableEable = TRUE; +//#define NUM_VTABLES 0x10 +#define VTABLE_SIZE 0x4000 //16k enough for 2048 8 byte entrys -VECTOR_TABLE SbieDllVectorTable[NUM_VTABLES] = { - {0,0,0},{0,0,0},{0,0,0},{0,0,0}, - {0,0,0},{0,0,0},{0,0,0},{0,0,0}, - {0,0,0},{0,0,0},{0,0,0},{0,0,0}, - {0,0,0},{0,0,0},{0,0,0},{0,0,0} -}; +//VECTOR_TABLE SbieDllVectorTable[NUM_VTABLES] = { +// {0,0,0},{0,0,0},{0,0,0},{0,0,0}, +// {0,0,0},{0,0,0},{0,0,0},{0,0,0}, +// {0,0,0},{0,0,0},{0,0,0},{0,0,0}, +// {0,0,0},{0,0,0},{0,0,0},{0,0,0} +//}; -extern CRITICAL_SECTION VT_CriticalSection; +//CRITICAL_SECTION VT_CriticalSection; #endif _WIN64 extern ULONG Dll_Windows; +typedef struct _MODULE_HOOK { + + LIST_ELEM list_elem; + + HMODULE module; + POOL* pool; +#ifdef _WIN64 + LIST vTables; +#endif +} MODULE_HOOK; + +LIST Dll_ModuleHooks; +CRITICAL_SECTION Dll_ModuleHooks_CritSec; + + +//--------------------------------------------------------------------------- +// SbieApi_HookInit +//--------------------------------------------------------------------------- + + +_FX void SbieDll_HookInit() +{ +//#ifdef _WIN64 +// InitializeCriticalSection(&VT_CriticalSection); +//#endif + InitializeCriticalSection(&Dll_ModuleHooks_CritSec); + List_Init(&Dll_ModuleHooks); +} + + //--------------------------------------------------------------------------- // SbieApi_HookTramp //--------------------------------------------------------------------------- @@ -98,11 +131,11 @@ _FX LONG SbieApi_HookTramp(void *Source, void *Trampoline) _FX void *SbieDll_Hook( - const char *SourceFuncName, void *SourceFunc, void *DetourFunc) + const char *SourceFuncName, void *SourceFunc, void *DetourFunc, HMODULE module) { static const WCHAR *_fmt1 = L"%s (%d)"; static const WCHAR *_fmt2 = L"%s (%d, %d)"; - UCHAR *tramp, *func; + UCHAR *tramp, *func = NULL; void* RegionBase; SIZE_T RegionSize; ULONG prot, dummy_prot; @@ -254,6 +287,45 @@ skip_e9_rewrite: ; #endif _WIN64 + + // + // Get the module hook resource for this module, if module is NULL + // its NTDLL or a special case + // + + EnterCriticalSection(&Dll_ModuleHooks_CritSec); + + MODULE_HOOK* mod_hook = List_Head(&Dll_ModuleHooks); + while (mod_hook) { + + if (mod_hook->module == module) + break; + + mod_hook = List_Next(mod_hook); + } + + if (!mod_hook) { + mod_hook = Dll_Alloc(sizeof(MODULE_HOOK)); + if (!mod_hook) { + SbieApi_Log(2303, _fmt1, SourceFuncName, 51); + goto finish; + } + mod_hook->module = module; + mod_hook->pool = NULL; +#ifdef _WIN64 + List_Init(&mod_hook->vTables); +#endif + List_Insert_Before(&Dll_ModuleHooks, NULL, mod_hook); // insert first as we probably will use it often in the next few calls + } + if (!mod_hook->pool) { + mod_hook->pool = Pool_CreateTagged(tzuk | 0xFF); + if (!mod_hook->pool) { + SbieApi_Log(2303, _fmt1, SourceFuncName, 52); + goto finish; + } + } + + // // 64-bit only: if the function begins with 'call qword ptr [x]' // (6 bytes) then overwrite at the call target address. @@ -268,7 +340,12 @@ skip_e9_rewrite: ; // to remove this qword before calling our detour function // - UCHAR *NewDetour = Dll_AllocCode128(); + //UCHAR *NewDetour = Dll_AllocCode128(); + UCHAR *NewDetour = Pool_Alloc(mod_hook->pool, 128); + if (! NewDetour) { + SbieApi_Log(2305, NULL); + goto finish; + } NewDetour[0] = 0x58; // pop rax NewDetour[1] = 0x48; // mov rax, DetourFunc @@ -309,14 +386,19 @@ skip_e9_rewrite: ; #endif _WIN64 // - // invoke the driver to create a trampoline + // create the trampoline // - tramp = Dll_AllocCode128(); + //tramp = Dll_AllocCode128(); + tramp = Pool_Alloc(mod_hook->pool, 128); + if (! tramp) { + SbieApi_Log(2305, NULL); + goto finish; + } if (SbieApi_HookTramp(SourceFunc, tramp) != 0) { SbieApi_Log(2303, _fmt1, SourceFuncName, 2); - return NULL; + goto finish; } //ULONG ByteCount = *(ULONG*)(tramp + 80); @@ -346,7 +428,8 @@ skip_e9_rewrite: ; if (!VirtualProtect(RegionBase, RegionSize, PAGE_EXECUTE_READWRITE, &prot)) { ULONG err = GetLastError(); SbieApi_Log(2303, _fmt2, SourceFuncName, 33, err); - return NULL; + func = NULL; + goto finish; } } @@ -389,15 +472,17 @@ skip_e9_rewrite: ; BOOLEAN hookset = FALSE; BOOLEAN defaultRange = FALSE; - int i; - EnterCriticalSection(&VT_CriticalSection); + //int i; + //EnterCriticalSection(&VT_CriticalSection); - if (bVTableEable) { - VECTOR_TABLE *ptrVTable = SbieDllVectorTable; + //if (bVTableEable) { + //VECTOR_TABLE *ptrVTable = SbieDllVectorTable; //default step size - - for (i = 0; i < NUM_VTABLES && !hookset; i++, ptrVTable++) { - if (!ptrVTable->offset) { // if the vtable is not yet initialized initialize it + //for (i = 0; i < NUM_VTABLES && !hookset; i++, ptrVTable++) { + VECTOR_TABLE* ptrVTable = List_Head(&mod_hook->vTables); + do { + //if (!ptrVTable->offset) { // if the vtable is not yet initialized initialize it + if (!ptrVTable || !ptrVTable->offset) { // if there is no vtable create it ULONG_PTR tempAddr; ULONG_PTR step = 0x20000;// + VTABLE_SIZE; ULONG_PTR max_attempts = 0x4000000 / step; @@ -425,16 +510,31 @@ skip_e9_rewrite: ; tempAddr -= 0x20000000; } + if (!ptrVTable) { + + ptrVTable = Pool_Alloc(mod_hook->pool, sizeof(VECTOR_TABLE)); + if (!ptrVTable) { + SbieApi_Log(2303, _fmt1, SourceFuncName, 53); + goto finish; + } + + memset(ptrVTable, 0, sizeof(VECTOR_TABLE)); + + List_Insert_After(&mod_hook->vTables, NULL, ptrVTable); + } + for (; !ptrVTable->offset && max_attempts; tempAddr -= step, max_attempts--) { - ptrVTable->offset = VirtualAlloc((void *)tempAddr, VTABLE_SIZE, MEM_COMMIT | MEM_RESERVE | MEM_TOP_DOWN, PAGE_READWRITE); + ptrVTable->offset = VirtualAlloc((void*)tempAddr, VTABLE_SIZE, MEM_COMMIT | MEM_RESERVE | MEM_TOP_DOWN, PAGE_READWRITE); // sprintf(buffer,"VTable Offset: func = %p, offset = %p, tryAddress = %p, attempt = 0x%x\n",func,ptrVTable->offset,tempAddr,max_attempts); // OutputDebugStringA(buffer); } ptrVTable->index = 0; - ptrVTable->maxEntries = VTABLE_SIZE / sizeof(void *); + ptrVTable->maxEntries = VTABLE_SIZE / sizeof(void*); } - if (ptrVTable->offset) { // check if we have an nitialized vtable + + //if (ptrVTable->offset) { // check if we have an initialized vtable + if (ptrVTable && ptrVTable->offset) { // check if we have a vtable target = (ULONG_PTR)&func[6]; diff = (ULONG_PTR) &((ULONG_PTR *)ptrVTable->offset)[ptrVTable->index]; diff = diff - target; @@ -452,19 +552,25 @@ skip_e9_rewrite: ; } } else { // fail and disable vtable if it could not be initialized - bVTableEable = FALSE; + //bVTableEable = FALSE; SbieApi_Log(2303, _fmt1, SourceFuncName, 888); - LeaveCriticalSection(&VT_CriticalSection); - return NULL; + //LeaveCriticalSection(&VT_CriticalSection); + func = NULL; + goto finish; } - } - } - LeaveCriticalSection(&VT_CriticalSection); + ptrVTable = List_Next(ptrVTable); + + } while (!hookset); + //} + //} + + //LeaveCriticalSection(&VT_CriticalSection); if (!hookset) { // OutputDebugStringA("Memory alloc failed: 12 Byte Patch Disabled\n"); SbieApi_Log(2303, _fmt1, SourceFuncName, 999); - return NULL; + func = NULL; + goto finish; } } @@ -501,10 +607,53 @@ skip_e9_rewrite: ; #endif _WIN64 +finish: + LeaveCriticalSection(&Dll_ModuleHooks_CritSec); + return func; } +//--------------------------------------------------------------------------- +// SbieDll_UnHookModule +//--------------------------------------------------------------------------- + + +_FX void SbieDll_UnHookModule(HMODULE module) +{ + EnterCriticalSection(&Dll_ModuleHooks_CritSec); + + MODULE_HOOK* mod_hook = List_Head(&Dll_ModuleHooks); + while (mod_hook) { + + if (mod_hook->module == module) { + + List_Remove(&Dll_ModuleHooks, mod_hook); + +#ifdef _WIN64 + VECTOR_TABLE* ptrVTable = List_Head(&mod_hook->vTables); + while (ptrVTable) { + + if (ptrVTable->offset) + VirtualFree(ptrVTable->offset, 0, MEM_RELEASE); + + ptrVTable = List_Next(ptrVTable); + } +#endif + + Pool_Delete(mod_hook->pool); + Dll_Free(mod_hook); + + break; + } + + mod_hook = List_Next(mod_hook); + } + + LeaveCriticalSection(&Dll_ModuleHooks_CritSec); +} + + //--------------------------------------------------------------------------- // SbieDll_Hook_CheckChromeHook //--------------------------------------------------------------------------- diff --git a/Sandboxie/core/dll/dllmain.c b/Sandboxie/core/dll/dllmain.c index 05024161..232f9fc6 100644 --- a/Sandboxie/core/dll/dllmain.c +++ b/Sandboxie/core/dll/dllmain.c @@ -94,10 +94,6 @@ ULONG Dll_ImageType = DLL_IMAGE_UNSPECIFIED; ULONG Dll_OsBuild = 0; // initialized by Key module ULONG Dll_Windows = 0; -#ifdef _WIN64 -CRITICAL_SECTION VT_CriticalSection; -#endif - const UCHAR *SbieDll_Version = MY_VERSION_COMPAT; BOOLEAN Dll_SbieTrace = FALSE; @@ -155,7 +151,6 @@ _FX BOOL WINAPI DllMain( } else if (dwReason == DLL_PROCESS_ATTACH) { #ifdef _WIN64 - InitializeCriticalSection(&VT_CriticalSection); Dll_DigitalGuardian = GetModuleHandleA("DgApi64.dll"); #else Dll_DigitalGuardian = GetModuleHandleA("DgApi.dll"); @@ -167,6 +162,7 @@ _FX BOOL WINAPI DllMain( Dll_Windows = 8; } Dll_InitGeneric(hInstance); + SbieDll_HookInit(); } else if (dwReason == DLL_PROCESS_DETACH) { @@ -176,11 +172,6 @@ _FX BOOL WINAPI DllMain( Gui_ResetClipCursor(); } -//#ifdef _WIN64 -// // cleanup CS -// DeleteCriticalSection(&VT_CriticalSection); -//#endif - } return TRUE; diff --git a/Sandboxie/core/dll/dump.c b/Sandboxie/core/dll/dump.c index 8319ec2b..4100d771 100644 --- a/Sandboxie/core/dll/dump.c +++ b/Sandboxie/core/dll/dump.c @@ -204,6 +204,8 @@ ALIGNED LPTOP_LEVEL_EXCEPTION_FILTER Dump_SetUnhandledExceptionFilter( _FX int Dump_Init(void) { + HMODULE module = NULL; // fix-me + if (Dump_DbgHelpMod != NULL) return 2; diff --git a/Sandboxie/core/dll/file_init.c b/Sandboxie/core/dll/file_init.c index 25982c6d..e8ecd56e 100644 --- a/Sandboxie/core/dll/file_init.c +++ b/Sandboxie/core/dll/file_init.c @@ -127,6 +127,8 @@ static const WCHAR *File_DeviceMap_EnvVar = ENV_VAR_PFX L"DEVICE_MAP"; _FX BOOLEAN File_Init(void) { + HMODULE module = NULL; + void *RtlGetFullPathName_UEx; void *GetTempPathW; void *NtQueryDirectoryFileEx = NULL; diff --git a/Sandboxie/core/dll/gdi.c b/Sandboxie/core/dll/gdi.c index 65d9f11c..66636e12 100644 --- a/Sandboxie/core/dll/gdi.c +++ b/Sandboxie/core/dll/gdi.c @@ -720,7 +720,7 @@ _FX int Gdi_EnumFontFamiliesExW( //--------------------------------------------------------------------------- -_FX BOOLEAN Gdi_InitZero(void) +_FX BOOLEAN Gdi_InitZero(HMODULE module) { static void *Saved_GdiDllInitialize = NULL; void *GdiDllInitialize; @@ -784,7 +784,7 @@ _FX BOOLEAN Gdi_Full_Init_impl(HMODULE module, BOOLEAN full) InitializeCriticalSection(&Gdi_CritSec); - if (!Gdi_InitZero()) + if (!Gdi_InitZero(module)) return FALSE; // diff --git a/Sandboxie/core/dll/gui.c b/Sandboxie/core/dll/gui.c index fc886c89..e86c5b26 100644 --- a/Sandboxie/core/dll/gui.c +++ b/Sandboxie/core/dll/gui.c @@ -213,9 +213,9 @@ BOOLEAN Gui_UseProxyService = TRUE; //--------------------------------------------------------------------------- -static BOOLEAN Gui_Init2(void); +static BOOLEAN Gui_Init2(HMODULE module); -static BOOLEAN Gui_Init3(void); +static BOOLEAN Gui_Init3(HMODULE module); static BOOL Gui_SetThreadDesktop(HDESK hDesktop); @@ -360,7 +360,7 @@ _FX BOOLEAN Gui_Init(HMODULE module) const UCHAR *ProcName; - if (! Gdi_InitZero()) // only if Gdi_Init was not called yet + if (! Gdi_InitZero(module)) // only if Gdi_Init was not called yet return FALSE; // NoSbieDesk BEGIN @@ -530,33 +530,33 @@ import_fail: ok = TRUE; if (ok) - ok = Gui_InitClass(); + ok = Gui_InitClass(module); if (ok) - ok = Gui_InitTitle(); + ok = Gui_InitTitle(module); if (ok) - ok = Gui_Init2(); + ok = Gui_Init2(module); if (ok) - ok = Gui_InitEnum(); + ok = Gui_InitEnum(module); if (ok) - ok = Gui_InitProp(); + ok = Gui_InitProp(module); if (ok) - ok = Gui_InitMsg(); + ok = Gui_InitMsg(module); if (ok) - ok = Gui_InitDlgTmpl(); + ok = Gui_InitDlgTmpl(module); if (ok) - ok = Gui_Init3(); + ok = Gui_Init3(module); if (Gui_UseProxyService) { if (ok) - ok = Gui_InitWinHooks(); + ok = Gui_InitWinHooks(module); SBIEDLL_HOOK_GUI(AttachThreadInput); } @@ -570,7 +570,7 @@ import_fail: //--------------------------------------------------------------------------- -_FX BOOLEAN Gui_Init2(void) +_FX BOOLEAN Gui_Init2(HMODULE module) { SBIEDLL_HOOK_GUI(ExitWindowsEx); SBIEDLL_HOOK_GUI(EndTask); @@ -633,10 +633,10 @@ _FX BOOLEAN Gui_Init2(void) SBIEDLL_HOOK_GUI(ActivateKeyboardLayout); } - if (! Gui_InitMisc()) + if (! Gui_InitMisc(module)) return FALSE; - if (! Gui_DDE_Init()) + if (! Gui_DDE_Init(module)) return FALSE; return TRUE; @@ -648,7 +648,7 @@ _FX BOOLEAN Gui_Init2(void) //--------------------------------------------------------------------------- -_FX BOOLEAN Gui_Init3(void) +_FX BOOLEAN Gui_Init3(HMODULE module) { // // expect that both RegisterDeviceNotificationA and @@ -754,7 +754,7 @@ _FX void Gui_InitWindows7(void) } *pSourceFunc = (ULONG_PTR)SbieDll_Hook( - FuncName, (void *)(*pSourceFunc), DetourFunc); + FuncName, (void *)(*pSourceFunc), DetourFunc, NULL); // fix-me: module } } } @@ -2651,11 +2651,11 @@ _FX NTSTATUS ComDlg32_GetOpenFileNameW(LPVOID lpofn) return bRet; } -_FX BOOLEAN ComDlg32_Init(HMODULE hModule) +_FX BOOLEAN ComDlg32_Init(HMODULE module) { //if (_wcsicmp(Dll_ImageName, L"opera.exe") == 0) //{ - void *GetOpenFileNameW = GetProcAddress(hModule, "GetOpenFileNameW"); + void *GetOpenFileNameW = GetProcAddress(module, "GetOpenFileNameW"); SBIEDLL_HOOK(ComDlg32_, GetOpenFileNameW); //} diff --git a/Sandboxie/core/dll/gui_p.h b/Sandboxie/core/dll/gui_p.h index e3a14a85..f94336c9 100644 --- a/Sandboxie/core/dll/gui_p.h +++ b/Sandboxie/core/dll/gui_p.h @@ -740,7 +740,7 @@ extern P_LoadString __sys_LoadStringW; #define SBIEDLL_HOOK_GUI(proc) \ *(ULONG_PTR *)&__sys_##proc = (ULONG_PTR) \ - SbieDll_Hook(#proc, __sys_##proc, Gui_##proc); \ + SbieDll_Hook(#proc, __sys_##proc, Gui_##proc, module); \ if (! __sys_##proc) return FALSE; @@ -764,7 +764,7 @@ LRESULT Gui_WindowProcA( //--------------------------------------------------------------------------- -BOOLEAN Gui_InitClass(void); +BOOLEAN Gui_InitClass(HMODULE module); void Gui_Hook_CREATESTRUCT_Handler(void); @@ -784,7 +784,7 @@ void Gui_CREATESTRUCT_Restore(LPARAM lParam); //--------------------------------------------------------------------------- -BOOLEAN Gui_InitTitle(void); +BOOLEAN Gui_InitTitle(HMODULE module); BOOLEAN Gui_ShouldCreateTitle(HWND hWnd); @@ -800,13 +800,13 @@ int Gui_FixTitleA(HWND hWnd, UCHAR *lpWindowTitle, int len); //--------------------------------------------------------------------------- -BOOLEAN Gui_InitEnum(void); +BOOLEAN Gui_InitEnum(HMODULE module); //--------------------------------------------------------------------------- -BOOLEAN Gui_InitProp(void); +BOOLEAN Gui_InitProp(HMODULE module); void Gui_SetWindowProc(HWND hWnd, BOOLEAN force); @@ -814,13 +814,13 @@ void Gui_SetWindowProc(HWND hWnd, BOOLEAN force); //--------------------------------------------------------------------------- -BOOLEAN Gui_InitMsg(void); +BOOLEAN Gui_InitMsg(HMODULE module); //--------------------------------------------------------------------------- -BOOLEAN Gui_InitWinHooks(void); +BOOLEAN Gui_InitWinHooks(HMODULE module); LRESULT Gui_RegisterWinHook(DWORD dwThreadId, ULONG64 ghk); @@ -830,7 +830,7 @@ LRESULT Gui_NotifyWinHooks(void); //--------------------------------------------------------------------------- -BOOLEAN Gui_InitDlgTmpl(void); +BOOLEAN Gui_InitDlgTmpl(HMODULE module); //--------------------------------------------------------------------------- @@ -842,7 +842,7 @@ BOOLEAN Ole_DoDragDrop(HWND hWnd, WPARAM wParam, LPARAM lParam); //--------------------------------------------------------------------------- -BOOLEAN Gui_InitMisc(void); +BOOLEAN Gui_InitMisc(HMODULE module); //--------------------------------------------------------------------------- @@ -859,7 +859,7 @@ void *Gui_CallProxyEx( //--------------------------------------------------------------------------- -BOOLEAN Gui_DDE_Init(void); +BOOLEAN Gui_DDE_Init(HMODULE module); WPARAM Gui_DDE_INITIATE_Received(HWND hWnd, WPARAM wParam); diff --git a/Sandboxie/core/dll/guiclass.c b/Sandboxie/core/dll/guiclass.c index 2743865f..30e1b1df 100644 --- a/Sandboxie/core/dll/guiclass.c +++ b/Sandboxie/core/dll/guiclass.c @@ -122,7 +122,7 @@ BOOLEAN Gui_OpenAllWinClasses = FALSE; //--------------------------------------------------------------------------- -_FX BOOLEAN Gui_InitClass(void) +_FX BOOLEAN Gui_InitClass(HMODULE module) { static const WCHAR *Sandbox = L"Sandbox"; ULONG len; diff --git a/Sandboxie/core/dll/guicon.c b/Sandboxie/core/dll/guicon.c index 4d659e02..109bfc7b 100644 --- a/Sandboxie/core/dll/guicon.c +++ b/Sandboxie/core/dll/guicon.c @@ -79,6 +79,8 @@ static P_GetMessage __sys_GetMessageW = NULL; _FX BOOLEAN Gui_InitConsole1(void) { + HMODULE module = NULL; // fix-me + // NoSbieCons BEGIN if (Dll_CompartmentMode || SbieApi_QueryConfBool(NULL, L"NoSandboxieConsole", FALSE)) { diff --git a/Sandboxie/core/dll/guidde.c b/Sandboxie/core/dll/guidde.c index 85916300..9680dbe3 100644 --- a/Sandboxie/core/dll/guidde.c +++ b/Sandboxie/core/dll/guidde.c @@ -160,7 +160,7 @@ static ULONG Gui_DDE_REQ_Len; //--------------------------------------------------------------------------- -_FX BOOLEAN Gui_DDE_Init(void) +_FX BOOLEAN Gui_DDE_Init(HMODULE module) { __sys_PackDDElParam = Ldr_GetProcAddrNew(DllName_user32, L"PackDDElParam","PackDDElParam"); diff --git a/Sandboxie/core/dll/guidlg.c b/Sandboxie/core/dll/guidlg.c index 2dc76286..732dd48b 100644 --- a/Sandboxie/core/dll/guidlg.c +++ b/Sandboxie/core/dll/guidlg.c @@ -127,7 +127,7 @@ static LRESULT Gui_MyDialogProc2( //--------------------------------------------------------------------------- -_FX BOOLEAN Gui_InitDlgTmpl(void) +_FX BOOLEAN Gui_InitDlgTmpl(HMODULE module) { if (! Gui_RenameClasses) return TRUE; diff --git a/Sandboxie/core/dll/guienum.c b/Sandboxie/core/dll/guienum.c index 30a62f62..f02f1c5e 100644 --- a/Sandboxie/core/dll/guienum.c +++ b/Sandboxie/core/dll/guienum.c @@ -44,7 +44,7 @@ typedef struct _GUI_ENUM_PROC_PARM { //--------------------------------------------------------------------------- -static BOOLEAN Gui_HookQueryWindow(void); +static BOOLEAN Gui_HookQueryWindow(HMODULE module); static ULONG_PTR Gui_NtUserQueryWindow(HWND hWnd, ULONG_PTR type); @@ -182,7 +182,7 @@ static BOOLEAN Winsta_Hack = FALSE; //--------------------------------------------------------------------------- -_FX BOOLEAN Gui_InitEnum(void) +_FX BOOLEAN Gui_InitEnum(HMODULE module) { // // hook EnumWindow* and FindWindow* family of functions @@ -190,7 +190,7 @@ _FX BOOLEAN Gui_InitEnum(void) if (! Gui_OpenAllWinClasses) { - if (Gui_UseProxyService && !Gui_HookQueryWindow()) + if (Gui_UseProxyService && !Gui_HookQueryWindow(module)) return FALSE; if (Gui_UseProxyService && !Dll_SkipHook(L"enumwin")) { @@ -260,7 +260,7 @@ _FX BOOLEAN Gui_InitEnum(void) //--------------------------------------------------------------------------- -_FX BOOLEAN Gui_HookQueryWindow(void) +_FX BOOLEAN Gui_HookQueryWindow(HMODULE module) { static const WCHAR *_ProcName = L"IsHungAppWindow"; static char *_ProcNameA = "IsHungAppWindow"; diff --git a/Sandboxie/core/dll/guihook.c b/Sandboxie/core/dll/guihook.c index 042c0ff6..76f11dd4 100644 --- a/Sandboxie/core/dll/guihook.c +++ b/Sandboxie/core/dll/guihook.c @@ -103,7 +103,7 @@ static BOOLEAN Gui_HookInit = FALSE; //--------------------------------------------------------------------------- -_FX BOOLEAN Gui_InitWinHooks(void) +_FX BOOLEAN Gui_InitWinHooks(HMODULE module) { InitializeCriticalSection(&Gui_HooksCritSec); List_Init(&Gui_Hooks); diff --git a/Sandboxie/core/dll/guimisc.c b/Sandboxie/core/dll/guimisc.c index 21960247..0639c7d6 100644 --- a/Sandboxie/core/dll/guimisc.c +++ b/Sandboxie/core/dll/guimisc.c @@ -153,7 +153,7 @@ static HANDLE Gui_DummyInputDesktopHandle = NULL; //--------------------------------------------------------------------------- -_FX BOOLEAN Gui_InitMisc(void) +_FX BOOLEAN Gui_InitMisc(HMODULE module) { if (! Gui_OpenAllWinClasses) { diff --git a/Sandboxie/core/dll/guimsg.c b/Sandboxie/core/dll/guimsg.c index 24cb9e9c..49094780 100644 --- a/Sandboxie/core/dll/guimsg.c +++ b/Sandboxie/core/dll/guimsg.c @@ -132,7 +132,7 @@ static LRESULT Gui_SendMessageA_MdiCreate(HWND hWnd, LPARAM lParam); static LRESULT Gui_DispatchMessage8(const MSG *lpmsg, ULONG IsAscii); -static BOOLEAN Gui_Hook_DispatchMessage8(void); +static BOOLEAN Gui_Hook_DispatchMessage8(HMODULE module); static P_DispatchMessage8 __sys_DispatchMessage8 = 0; @@ -160,7 +160,7 @@ BOOLEAN Gui_DispatchMessageCalled = FALSE; //--------------------------------------------------------------------------- -_FX BOOLEAN Gui_InitMsg(void) +_FX BOOLEAN Gui_InitMsg(HMODULE module) { // // hook SendMessage and PostMessage family of functions @@ -211,7 +211,7 @@ _FX BOOLEAN Gui_InitMsg(void) SBIEDLL_HOOK_GUI(DispatchMessageA); SBIEDLL_HOOK_GUI(DispatchMessageW); - } else if (! Gui_Hook_DispatchMessage8()) + } else if (! Gui_Hook_DispatchMessage8(module)) return FALSE; #endif _WIN64 @@ -852,7 +852,7 @@ _FX LRESULT Gui_DispatchMessage8(const MSG *lpmsg, ULONG IsAscii) //--------------------------------------------------------------------------- -_FX BOOLEAN Gui_Hook_DispatchMessage8(void) +_FX BOOLEAN Gui_Hook_DispatchMessage8(HMODULE module) { // // on Windows 8, the DispatchMessageA and DispatchMessageW functions diff --git a/Sandboxie/core/dll/guiprop.c b/Sandboxie/core/dll/guiprop.c index f59cdf28..e21447af 100644 --- a/Sandboxie/core/dll/guiprop.c +++ b/Sandboxie/core/dll/guiprop.c @@ -72,7 +72,7 @@ static ULONG Gui_SetWindowLongA(HWND hWnd, int nIndex, ULONG dwNew); static ULONG_PTR Gui_SetWindowLong8( HWND hWnd, int nIndex, ULONG_PTR dwNew, ULONG IsAscii); -static BOOLEAN Gui_Hook_SetWindowLong8(void); +static BOOLEAN Gui_Hook_SetWindowLong8(HMODULE module); static ULONG Gui_GetClassLongW(HWND hWnd, int nIndex); @@ -93,7 +93,7 @@ static ULONG_PTR Gui_SetWindowLongPtrA( static ULONG_PTR Gui_SetWindowLongPtr8( HWND hWnd, int nIndex, ULONG_PTR dwNew, ULONG IsAscii); -static BOOLEAN Gui_Hook_SetWindowLongPtr8(void); +static BOOLEAN Gui_Hook_SetWindowLongPtr8(HMODULE module); static ULONG_PTR Gui_GetClassLongPtrW(HWND hWnd, int nIndex); @@ -134,7 +134,7 @@ static P_SetWindowLongPtr8 __sys_SetWindowLongPtr8 = 0; //--------------------------------------------------------------------------- -_FX BOOLEAN Gui_InitProp(void) +_FX BOOLEAN Gui_InitProp(HMODULE module) { // // initialize our Drag-n-Drop atoms @@ -180,7 +180,7 @@ _FX BOOLEAN Gui_InitProp(void) SBIEDLL_HOOK_GUI(SetWindowLongA); SBIEDLL_HOOK_GUI(SetWindowLongW); - } else if (! Gui_Hook_SetWindowLong8()) + } else if (! Gui_Hook_SetWindowLong8(module)) return FALSE; #else ! _WIN64 @@ -204,7 +204,7 @@ _FX BOOLEAN Gui_InitProp(void) SBIEDLL_HOOK_GUI(SetWindowLongPtrA); SBIEDLL_HOOK_GUI(SetWindowLongPtrW); - } else if (! Gui_Hook_SetWindowLongPtr8()) + } else if (! Gui_Hook_SetWindowLongPtr8(module)) return FALSE; SBIEDLL_HOOK_GUI(GetClassLongPtrA); @@ -1053,7 +1053,7 @@ _FX ULONG_PTR Gui_SetWindowLong8( //--------------------------------------------------------------------------- -_FX BOOLEAN Gui_Hook_SetWindowLong8(void) +_FX BOOLEAN Gui_Hook_SetWindowLong8(HMODULE module) { // // on Windows 8.1, the SetWindowLongA and SetWindowLongW functions @@ -1153,7 +1153,7 @@ _FX ULONG_PTR Gui_SetWindowLongPtr8( //--------------------------------------------------------------------------- -_FX BOOLEAN Gui_Hook_SetWindowLongPtr8(void) +_FX BOOLEAN Gui_Hook_SetWindowLongPtr8(HMODULE module) { // // on Windows 8, the SetWindowLongPtrA and SetWindowLongPtrW functions diff --git a/Sandboxie/core/dll/guititle.c b/Sandboxie/core/dll/guititle.c index 56df53be..455b3bd8 100644 --- a/Sandboxie/core/dll/guititle.c +++ b/Sandboxie/core/dll/guititle.c @@ -60,7 +60,7 @@ static ANSI_STRING Gui_BoxNameTitleA; //--------------------------------------------------------------------------- -_FX BOOLEAN Gui_InitTitle(void) +_FX BOOLEAN Gui_InitTitle(HMODULE module) { WCHAR buf[10]; diff --git a/Sandboxie/core/dll/ipc.c b/Sandboxie/core/dll/ipc.c index 299cd894..df0ed29b 100644 --- a/Sandboxie/core/dll/ipc.c +++ b/Sandboxie/core/dll/ipc.c @@ -326,6 +326,8 @@ BOOLEAN RpcRt_IsDynamicPortOpen(const WCHAR* wszPortName); _FX BOOLEAN Ipc_Init(void) { + HMODULE module = NULL; + void *NtAlpcCreatePort; void *NtAlpcConnectPort; void *NtAlpcConnectPortEx; diff --git a/Sandboxie/core/dll/key.c b/Sandboxie/core/dll/key.c index 89f30f2b..f9b7e724 100644 --- a/Sandboxie/core/dll/key.c +++ b/Sandboxie/core/dll/key.c @@ -353,6 +353,8 @@ BOOLEAN Key_Delete_v2 = FALSE; _FX BOOLEAN Key_Init(void) { + HMODULE module = NULL; + void *NtRenameKey; void *NtOpenKeyEx; diff --git a/Sandboxie/core/dll/ldr.c b/Sandboxie/core/dll/ldr.c index 8b024e72..2df94e1f 100644 --- a/Sandboxie/core/dll/ldr.c +++ b/Sandboxie/core/dll/ldr.c @@ -70,8 +70,8 @@ typedef union _LDR_DLL_NOTIFICATION_DATA { //--------------------------------------------------------------------------- -static void Ldr_CallOneDllCallback(const UCHAR *ImageNameA, ULONG_PTR ImageBase); -static void Ldr_CallOneDllCallbackXP(const UCHAR *ImageNameA, ULONG_PTR ImageBase); +static void Ldr_CallOneDllCallback(const UCHAR *ImageNameA, ULONG_PTR ImageBase, BOOL LoadState); +static void Ldr_CallOneDllCallbackXP(const UCHAR *ImageNameA, ULONG_PTR ImageBase, BOOL LoadState); static void Ldr_CallDllCallbacks(void); static NTSTATUS Ldr_LdrLoadDll(WCHAR *PathString, ULONG *DllFlags, UNICODE_STRING *ModuleName, HANDLE *ModuleHandle); @@ -90,9 +90,9 @@ static NTSTATUS Ldr_LdrQueryImageFileExecutionOptions( static ULONG_PTR Ldr_NtApphelpCacheControl( ULONG_PTR Unknown1, ULONG_PTR Unknown2); -void Ldr_MyDllCallbackA(const CHAR *ImageName, HMODULE ImageBase); -void Ldr_MyDllCallbackW(const WCHAR *ImageName, HMODULE ImageBase); -void Ldr_MyDllCallbackNew(const WCHAR *ImageName, HMODULE ImageBase); +void Ldr_MyDllCallbackA(const CHAR *ImageName, HMODULE ImageBase, BOOL LoadState); +void Ldr_MyDllCallbackW(const WCHAR *ImageName, HMODULE ImageBase, BOOL LoadState); +void Ldr_MyDllCallbackNew(const WCHAR *ImageName, HMODULE ImageBase, BOOL LoadState); static void *Ldr_GetProcAddr_2(const WCHAR *DllName, const WCHAR *ProcName); @@ -145,9 +145,9 @@ typedef NTSTATUS(*P_NtTerminateProcess)(HANDLE ProcessHandle, NTSTATUS ExitStatu typedef NTSTATUS(*P_NtLoadDriver)(UNICODE_STRING *RegistryPath); -typedef void(*P_LdrDllCallback)(const UCHAR *ImageName, HMODULE ImageBase); -typedef void(*P_LdrDllCallbackW)(const WCHAR *ImageName, HMODULE ImageBase); -typedef void(*P_Ldr_CallOneDllCallback)(const UCHAR *ImageNameA, ULONG_PTR ImageBase); +typedef void(*P_LdrDllCallback)(const UCHAR *ImageName, HMODULE ImageBase, BOOL LoadState); +typedef void(*P_LdrDllCallbackW)(const WCHAR *ImageName, HMODULE ImageBase, BOOL LoadState); +typedef void(*P_Ldr_CallOneDllCallback)(const UCHAR *ImageNameA, ULONG_PTR ImageBase, BOOL LoadState); //--------------------------------------------------------------------------- @@ -280,13 +280,13 @@ void CALLBACK Ldr_LdrDllNotification(ULONG NotificationReason, PLDR_DLL_NOTIFICA if (NotificationReason == 1) { status = __sys_LdrLockLoaderLock(0, NULL, &LdrCookie); - Ldr_MyDllCallbackNew(NotificationData->Loaded.BaseDllName->Buffer, (HMODULE)NotificationData->Loaded.DllBase); + Ldr_MyDllCallbackNew(NotificationData->Loaded.BaseDllName->Buffer, (HMODULE)NotificationData->Loaded.DllBase, TRUE); __sys_LdrUnlockLoaderLock(0, LdrCookie); return; } else if (NotificationReason == 2) { - Ldr_MyDllCallbackNew(NotificationData->Unloaded.BaseDllName->Buffer, 0); + Ldr_MyDllCallbackNew(NotificationData->Unloaded.BaseDllName->Buffer, (HMODULE)NotificationData->Loaded.DllBase, FALSE); } return; } @@ -382,6 +382,8 @@ BOOL LdrCheckImmersive() _FX BOOLEAN Ldr_Init() { + HMODULE module = NULL; + UCHAR *ReadImageFileExecOptions; // @@ -547,7 +549,7 @@ _FX BOOLEAN SbieDll_RegisterDllCallback(void *Callback) // Ldr_CallOneDllCallback //--------------------------------------------------------------------------- -_FX void Ldr_CallOneDllCallback(const UCHAR *ImageNameA, ULONG_PTR ImageBase) +_FX void Ldr_CallOneDllCallback(const UCHAR *ImageNameA, ULONG_PTR ImageBase, BOOL LoadState) { ULONG i; @@ -556,7 +558,7 @@ _FX void Ldr_CallOneDllCallback(const UCHAR *ImageNameA, ULONG_PTR ImageBase) if (!callback) break; __try { - ((P_LdrDllCallback)callback)(ImageNameA, (HMODULE)ImageBase); + ((P_LdrDllCallback)callback)(ImageNameA, (HMODULE)ImageBase, LoadState); } __except (EXCEPTION_EXECUTE_HANDLER) { } @@ -564,7 +566,7 @@ _FX void Ldr_CallOneDllCallback(const UCHAR *ImageNameA, ULONG_PTR ImageBase) } -_FX void Ldr_CallOneDllCallbackXP(const UCHAR *ImageNameA, ULONG_PTR ImageBase) +_FX void Ldr_CallOneDllCallbackXP(const UCHAR *ImageNameA, ULONG_PTR ImageBase, BOOL LoadState) { ULONG i; @@ -581,7 +583,7 @@ _FX void Ldr_CallOneDllCallbackXP(const UCHAR *ImageNameA, ULONG_PTR ImageBase) break; __try { - ((P_LdrDllCallbackW)callback)(ImageNameW, (HMODULE)ImageBase); + ((P_LdrDllCallbackW)callback)(ImageNameW, (HMODULE)ImageBase, LoadState); } __except (EXCEPTION_EXECUTE_HANDLER) { } @@ -678,7 +680,8 @@ _FX void Ldr_CallDllCallbacks(void) if (!found) { - __my_Ldr_CallOneDllCallback(pOld->Path + pOld->NameOffset, 0); + __my_Ldr_CallOneDllCallback(pOld->Path + pOld->NameOffset, + pNew->ImageBaseAddress, FALSE); } } } @@ -724,7 +727,7 @@ _FX void Ldr_CallDllCallbacks(void) RtlFreeUnicodeString(&uni); __my_Ldr_CallOneDllCallback(pNew->Path + pNew->NameOffset, - pNew->ImageBaseAddress); + pNew->ImageBaseAddress, TRUE); if (OldState) Ldr_SetDdagState_W8(pNew->ImageBaseAddress, OldState); @@ -968,50 +971,54 @@ _FX ULONG_PTR Ldr_NtApphelpCacheControl( //--------------------------------------------------------------------------- -_FX void Ldr_MyDllCallbackA(const CHAR *ImageName, HMODULE ImageBase) +_FX void Ldr_MyDllCallbackA(const CHAR *ImageName, HMODULE ImageBase, BOOL LoadState) { // // invoke our sub-modules as necessary // - if (ImageBase) { - DLL *dll = Ldr_Dlls; - while (dll->nameA) { - if (_stricmp(ImageName, dll->nameA) == 0 && (dll->state & 2) == 0) { + DLL *dll = Ldr_Dlls; + while (dll->nameA) { + if (_stricmp(ImageName, dll->nameA) == 0 && (dll->state & 2) == 0) { + if (LoadState) { BOOLEAN ok = dll->init_func(ImageBase); if (!ok) SbieApi_Log(2318, dll->nameW); - break; } - ++dll; + else { + SbieDll_UnHookModule(ImageBase); + } + break; } + ++dll; } } -_FX void Ldr_MyDllCallbackW(const WCHAR *ImageName, HMODULE ImageBase) +_FX void Ldr_MyDllCallbackW(const WCHAR *ImageName, HMODULE ImageBase, BOOL LoadState) { // // invoke our sub-modules as necessary // - if (ImageBase) { - DLL *dll = Ldr_Dlls; - while (dll->nameW) { - if (_wcsicmp(ImageName, dll->nameW) == 0 && (dll->state & 2) == 0) { + DLL *dll = Ldr_Dlls; + while (dll->nameW) { + if (_wcsicmp(ImageName, dll->nameW) == 0 && (dll->state & 2) == 0) { + if (LoadState) { BOOLEAN ok = dll->init_func(ImageBase); if (!ok) SbieApi_Log(2318, dll->nameW); - - break; + } else { + SbieDll_UnHookModule(ImageBase); } - - ++dll; + break; } + + ++dll; } } -_FX void Ldr_MyDllCallbackNew(const WCHAR *ImageName, HMODULE ImageBase) +_FX void Ldr_MyDllCallbackNew(const WCHAR *ImageName, HMODULE ImageBase, BOOL LoadState) { // // invoke our sub-modules as necessary @@ -1021,20 +1028,25 @@ _FX void Ldr_MyDllCallbackNew(const WCHAR *ImageName, HMODULE ImageBase) while (dll->nameW) { BOOLEAN ok; if (_wcsicmp(ImageName, dll->nameW) == 0 && (dll->state & 2) == 0) { - if (ImageBase && !dll->state) { - EnterCriticalSection(&Ldr_LoadedModules_CritSec); - dll->state = 1; - LeaveCriticalSection(&Ldr_LoadedModules_CritSec); - ok = dll->init_func(ImageBase); - if (!ok) - SbieApi_Log(2318, dll->nameW); - break; + if (LoadState) { + if (!dll->state) { + EnterCriticalSection(&Ldr_LoadedModules_CritSec); + dll->state = 1; + LeaveCriticalSection(&Ldr_LoadedModules_CritSec); + ok = dll->init_func(ImageBase); + if (!ok) + SbieApi_Log(2318, dll->nameW); + } } else { - EnterCriticalSection(&Ldr_LoadedModules_CritSec); - dll->state = 0; - LeaveCriticalSection(&Ldr_LoadedModules_CritSec); + if (dll->state) { + SbieDll_UnHookModule(ImageBase); + EnterCriticalSection(&Ldr_LoadedModules_CritSec); + dll->state = 0; + LeaveCriticalSection(&Ldr_LoadedModules_CritSec); + } } + break; } ++dll; } diff --git a/Sandboxie/core/dll/lsa.c b/Sandboxie/core/dll/lsa.c index c46c52d9..b5167b9d 100644 --- a/Sandboxie/core/dll/lsa.c +++ b/Sandboxie/core/dll/lsa.c @@ -28,7 +28,7 @@ //--------------------------------------------------------------------------- -static BOOLEAN Lsa_Init_Common(const WCHAR *DllName); +static BOOLEAN Lsa_Init_Common(const WCHAR *DllName, HMODULE module); static NTSTATUS Lsa_LsaRegisterLogonProcess( void *LogonProcessName, HANDLE *LsaHandle, void *SecurityMode); @@ -59,7 +59,7 @@ static P_LsaRegisterLogonProcess __sys_LsaRegisterLogonProcess = NULL; //--------------------------------------------------------------------------- -_FX BOOLEAN Lsa_Init_Common(const WCHAR *DllName) +_FX BOOLEAN Lsa_Init_Common(const WCHAR *DllName, HMODULE module) { void *LsaRegisterLogonProcess; @@ -111,7 +111,7 @@ _FX BOOLEAN Lsa_Init_Secur32(HMODULE module) return TRUE; } - return Lsa_Init_Common(DllName_secur32); + return Lsa_Init_Common(DllName_secur32, module); } @@ -132,5 +132,5 @@ _FX BOOLEAN Lsa_Init_SspiCli(HMODULE module) return TRUE; } - return Lsa_Init_Common(DllName_sspicli); + return Lsa_Init_Common(DllName_sspicli, module); } diff --git a/Sandboxie/core/dll/mscoree.c b/Sandboxie/core/dll/mscoree.c index 96dcacc4..7261eecb 100644 --- a/Sandboxie/core/dll/mscoree.c +++ b/Sandboxie/core/dll/mscoree.c @@ -58,7 +58,7 @@ _FX DWORD MsCorEE__CorExeMain() // Load inject dlls in .Net process's entry (_CorExeMain). -_FX BOOLEAN MsCorEE_Init(HMODULE hmodule) +_FX BOOLEAN MsCorEE_Init(HMODULE module) { // Use the code from AdvApi_Init diff --git a/Sandboxie/core/dll/obj.c b/Sandboxie/core/dll/obj.c index e1fb0a38..8af80449 100644 --- a/Sandboxie/core/dll/obj.c +++ b/Sandboxie/core/dll/obj.c @@ -63,6 +63,8 @@ static P_NtQueryObject __sys_NtQueryObject = NULL; _FX BOOLEAN Obj_Init(void) { + HMODULE module = NULL; + #if 0 __sys_NtQueryObject = NtQueryObject; #else diff --git a/Sandboxie/core/dll/pdh.c b/Sandboxie/core/dll/pdh.c index cb07c787..17f58384 100644 --- a/Sandboxie/core/dll/pdh.c +++ b/Sandboxie/core/dll/pdh.c @@ -47,16 +47,16 @@ static P_PdhLookupPerfNameByIndexW __sys_PdhLookupPerfNameByIndexW = NULL; // Pdh_Init //--------------------------------------------------------------------------- -_FX BOOLEAN Pdh_Init(HMODULE hDll) +_FX BOOLEAN Pdh_Init(HMODULE module) { void * PdhConnectMachineW; void * PdhLookupPerfNameByIndexW; - PdhConnectMachineW = (void*)GetProcAddress(hDll, "PdhConnectMachineW"); + PdhConnectMachineW = (void*)GetProcAddress(module, "PdhConnectMachineW"); if (PdhConnectMachineW == NULL) return FALSE; - PdhLookupPerfNameByIndexW = (void*)GetProcAddress(hDll, "PdhLookupPerfNameByIndexW"); + PdhLookupPerfNameByIndexW = (void*)GetProcAddress(module, "PdhLookupPerfNameByIndexW"); if (PdhLookupPerfNameByIndexW == NULL) return FALSE; diff --git a/Sandboxie/core/dll/proc.c b/Sandboxie/core/dll/proc.c index 5e00998c..5627e268 100644 --- a/Sandboxie/core/dll/proc.c +++ b/Sandboxie/core/dll/proc.c @@ -324,6 +324,8 @@ BOOL Dll_ElectronWorkaround = FALSE; _FX BOOLEAN Proc_Init(void) { + HMODULE module = NULL; + P_CreateProcessInternal CreateProcessInternalW; ANSI_STRING ansi; NTSTATUS status; diff --git a/Sandboxie/core/dll/sbiedll.h b/Sandboxie/core/dll/sbiedll.h index 486c9ac6..8f608b31 100644 --- a/Sandboxie/core/dll/sbiedll.h +++ b/Sandboxie/core/dll/sbiedll.h @@ -66,15 +66,18 @@ PROCESS_DATA *my_findProcessData(WCHAR *name,int createNew); // Functions (DllMain) //--------------------------------------------------------------------------- +SBIEDLL_EXPORT void SbieDll_HookInit(); SBIEDLL_EXPORT void *SbieDll_Hook( - const char *SourceFuncName, void *SourceFunc, void *DetourFunc); + const char *SourceFuncName, void *SourceFunc, void *DetourFunc, HMODULE module); #define SBIEDLL_HOOK(pfx,proc) \ *(ULONG_PTR *)&__sys_##proc = (ULONG_PTR) \ - SbieDll_Hook(#proc, proc, pfx##proc); \ + SbieDll_Hook(#proc, proc, pfx##proc, module); \ if (! __sys_##proc) return FALSE; +SBIEDLL_EXPORT void SbieDll_UnHookModule(HMODULE module); + SBIEDLL_EXPORT void SbieDll_DeviceChange(WPARAM wParam, LPARAM lParam); SBIEDLL_EXPORT const WCHAR *SbieDll_GetDrivePath(ULONG DriveIndex); diff --git a/Sandboxie/core/dll/scm.c b/Sandboxie/core/dll/scm.c index 5688faea..6e807d8b 100644 --- a/Sandboxie/core/dll/scm.c +++ b/Sandboxie/core/dll/scm.c @@ -48,7 +48,7 @@ //--------------------------------------------------------------------------- -static BOOLEAN Scm_HookRegisterServiceCtrlHandler(void); +static BOOLEAN Scm_HookRegisterServiceCtrlHandler(HMODULE module); //--------------------------------------------------------------------------- @@ -379,9 +379,9 @@ static const WCHAR *_TrustedInstaller = L"TrustedInstaller"; //--------------------------------------------------------------------------- -#define SBIEDLL_HOOK_SCM(proc) \ - *(ULONG_PTR *)&__sys_##proc = (ULONG_PTR) \ - SbieDll_Hook(#proc, __sys_##proc, Scm_##proc); \ +#define SBIEDLL_HOOK_SCM(proc) \ + *(ULONG_PTR *)&__sys_##proc = (ULONG_PTR) \ + SbieDll_Hook(#proc, __sys_##proc, Scm_##proc, module); \ if (! __sys_##proc) return FALSE; @@ -609,7 +609,7 @@ _FX BOOLEAN Scm_Init_AdvApi(HMODULE module) Scm_Notify_Init(module); - return Scm_HookRegisterServiceCtrlHandler(); + return Scm_HookRegisterServiceCtrlHandler(module); } @@ -618,7 +618,7 @@ _FX BOOLEAN Scm_Init_AdvApi(HMODULE module) //--------------------------------------------------------------------------- -BOOLEAN Scm_HookRegisterServiceCtrlHandler(void) +BOOLEAN Scm_HookRegisterServiceCtrlHandler(HMODULE module) { static const UCHAR PrologW[] = { 0x45, 0x33, 0xC9, // xor r9d,r9d diff --git a/Sandboxie/core/dll/scm_misc.c b/Sandboxie/core/dll/scm_misc.c index 55c6ea5c..52e73cd3 100644 --- a/Sandboxie/core/dll/scm_misc.c +++ b/Sandboxie/core/dll/scm_misc.c @@ -156,7 +156,7 @@ _FX BOOLEAN Scm_SecHostDll(HMODULE module) return FALSE; } - ResPtr = SbieDll_Hook((char *)funcNamesAW[i].FuncNameA, SecPtr, AdvPtr); + ResPtr = SbieDll_Hook((char *)funcNamesAW[i].FuncNameA, SecPtr, AdvPtr, module); if (! ResPtr) return FALSE; } diff --git a/Sandboxie/core/dll/scm_msi.c b/Sandboxie/core/dll/scm_msi.c index b8109afe..c4e9012b 100644 --- a/Sandboxie/core/dll/scm_msi.c +++ b/Sandboxie/core/dll/scm_msi.c @@ -130,6 +130,7 @@ static HANDLE Msi_ServerInUseEvent = NULL; _FX BOOLEAN Scm_SetupMsiHooks() { + HMODULE module = NULL; //while (!IsDebuggerPresent()) // Sleep(500); diff --git a/Sandboxie/core/dll/secure.c b/Sandboxie/core/dll/secure.c index 83184066..c5f25870 100644 --- a/Sandboxie/core/dll/secure.c +++ b/Sandboxie/core/dll/secure.c @@ -362,6 +362,8 @@ void Secure_InitSecurityDescriptors(void) _FX BOOLEAN Secure_Init(void) { + HMODULE module = NULL; + void *RtlQueryElevationFlags; void *RtlCheckTokenMembershipEx; diff --git a/Sandboxie/core/dll/setup.c b/Sandboxie/core/dll/setup.c index b3fb135d..48b87706 100644 --- a/Sandboxie/core/dll/setup.c +++ b/Sandboxie/core/dll/setup.c @@ -136,15 +136,15 @@ static P_CM_Add_Driver_Package_ExW __sys_CM_Add_Driver_Package_ExW = NULL; //--------------------------------------------------------------------------- -#define DO_CALL_HOOK(name,devName) \ - __sys_##name = SbieDll_Hook(#name, __sys_##name, devName); \ +#define DO_CALL_HOOK(name,devName) \ + __sys_##name = SbieDll_Hook(#name, __sys_##name, devName, module); \ if (! __sys_##name) return FALSE; -#define HOOK_AW(func) \ - DO_CALL_HOOK(func##A,Dev_##func##A); \ +#define HOOK_AW(func) \ + DO_CALL_HOOK(func##A,Dev_##func##A); \ DO_CALL_HOOK(func##W,Dev_##func##W); -#define HOOK(func) \ +#define HOOK(func) \ DO_CALL_HOOK(func,Dev_##func); #define FIND_EP(x) __sys_##x = (P_##x) GetProcAddress(module, #x) diff --git a/Sandboxie/core/dll/sh.c b/Sandboxie/core/dll/sh.c index bf0c50d9..b908d9ba 100644 --- a/Sandboxie/core/dll/sh.c +++ b/Sandboxie/core/dll/sh.c @@ -1046,7 +1046,7 @@ _FX BOOLEAN SH32_Init(HMODULE module) *(ULONG_PTR *)&__sys_LdrGetDllHandleEx = (ULONG_PTR) SbieDll_Hook("LdrGetDllHandleEx", - __sys_LdrGetDllHandleEx, SH32_LdrGetDllHandleEx); + __sys_LdrGetDllHandleEx, SH32_LdrGetDllHandleEx, module); } // diff --git a/Sandboxie/core/dll/sysinfo.c b/Sandboxie/core/dll/sysinfo.c index 5b4babe8..5b7575ed 100644 --- a/Sandboxie/core/dll/sysinfo.c +++ b/Sandboxie/core/dll/sysinfo.c @@ -122,6 +122,8 @@ BOOLEAN SysInfo_CanUseJobs = FALSE; _FX BOOLEAN SysInfo_Init(void) { + HMODULE module = NULL; + void *NtTraceEvent; if (! Dll_SkipHook(L"ntqsi")) { diff --git a/Sandboxie/core/dll/trace.c b/Sandboxie/core/dll/trace.c index 06fb1023..abcb9851 100644 --- a/Sandboxie/core/dll/trace.c +++ b/Sandboxie/core/dll/trace.c @@ -61,6 +61,8 @@ static P_OutputDebugString __sys_OutputDebugStringA = NULL; _FX int Trace_Init(void) { + HMODULE module = NULL; // fix-me + P_RtlSetLastWin32Error RtlSetLastWin32Error; P_OutputDebugString OutputDebugStringW; P_OutputDebugString OutputDebugStringA; diff --git a/Sandboxie/core/drv/api.c b/Sandboxie/core/drv/api.c index ea904fdd..ac6bdcc3 100644 --- a/Sandboxie/core/drv/api.c +++ b/Sandboxie/core/drv/api.c @@ -1301,9 +1301,7 @@ _FX NTSTATUS Api_QueryDriverInfo(PROCESS* proc, ULONG64* parms) if (Obj_CallbackInstalled) FeatureFlags |= SBIE_FEATURE_FLAG_OB_CALLBACKS; - extern UCHAR SandboxieLogonSid[SECURITY_MAX_SID_SIZE]; - if (SandboxieLogonSid[0] != 0) - FeatureFlags |= SBIE_FEATURE_FLAG_SBIE_LOGIN; + FeatureFlags |= SBIE_FEATURE_FLAG_SBIE_LOGIN; #ifdef HOOK_WIN32K extern ULONG Syscall_MaxIndex32; diff --git a/Sandboxie/core/drv/conf.c b/Sandboxie/core/drv/conf.c index b9dac864..7df9647f 100644 --- a/Sandboxie/core/drv/conf.c +++ b/Sandboxie/core/drv/conf.c @@ -1468,12 +1468,6 @@ _FX NTSTATUS Conf_Api_Reload(PROCESS *proc, ULONG64 *parms) } } - extern UCHAR SandboxieLogonSid[SECURITY_MAX_SID_SIZE]; - if (Conf_Get_Boolean(NULL, L"AllowSandboxieLogon", 0, FALSE) && SandboxieLogonSid[0] == 0) { - extern BOOLEAN Token_Init_SbieLogin(void); - Token_Init_SbieLogin(); - } - /* #ifdef HOOK_WIN32K // must be windows 10 or later diff --git a/Sandboxie/core/drv/log.c b/Sandboxie/core/drv/log.c index a25b42fd..ce98c23a 100644 --- a/Sandboxie/core/drv/log.c +++ b/Sandboxie/core/drv/log.c @@ -267,8 +267,6 @@ _FX void Log_Msg_Process( ULONG session_id, HANDLE process_id) { - DbgPrint("Sbie MSG_%d: %S; %S\r\n", (error_code & 0xFFFF), string1, string2); - ULONG facility = (error_code >> 16) & 0x0F; if (facility & MSG_FACILITY_EVENT) Log_Event_Msg(error_code, string1, string2); diff --git a/Sandboxie/core/drv/process.h b/Sandboxie/core/drv/process.h index 83ebacfd..f35d542b 100644 --- a/Sandboxie/core/drv/process.h +++ b/Sandboxie/core/drv/process.h @@ -96,6 +96,8 @@ struct _PROCESS { void *primary_token; + PSID *SandboxieLogonSid; + // thread data PERESOURCE threads_lock; diff --git a/Sandboxie/core/drv/process_low.c b/Sandboxie/core/drv/process_low.c index a74ee158..f30a2793 100644 --- a/Sandboxie/core/drv/process_low.c +++ b/Sandboxie/core/drv/process_low.c @@ -262,6 +262,23 @@ _FX NTSTATUS Process_Low_Api_InjectComplete(PROCESS *proc, ULONG64 *parms) if (proc) { + __try { + + PSID pSID = (PSID)(ULONG_PTR)parms[2]; + + if (pSID) { + + ProbeForRead(pSID, SECURITY_MAX_SID_SIZE, sizeof(UCHAR)); + + ULONG sid_length = RtlLengthSid(pSID); + proc->SandboxieLogonSid = Mem_Alloc(proc->pool, sid_length); + memcpy(proc->SandboxieLogonSid, pSID, sid_length); + } + + } __except (EXCEPTION_EXECUTE_HANDLER) { + status = GetExceptionCode(); + } + KeSetEvent(Process_Low_Event, 0, FALSE); status = STATUS_SUCCESS; diff --git a/Sandboxie/core/drv/token.c b/Sandboxie/core/drv/token.c index 3ff59532..01777735 100644 --- a/Sandboxie/core/drv/token.c +++ b/Sandboxie/core/drv/token.c @@ -51,8 +51,6 @@ NTSTATUS Sbie_SepFilterToken_KernelMode( void **NewToken ); -BOOLEAN Token_Init_SbieLogin(void); - static BOOLEAN Token_Init_SepFilterToken(void); static void *Token_FilterPrimary(PROCESS *proc, void *ProcessObject); @@ -150,7 +148,7 @@ static UCHAR AnonymousLogonSid[12] = { SECURITY_ANONYMOUS_LOGON_RID,0,0,0 // SubAuthority }; -UCHAR SandboxieLogonSid[SECURITY_MAX_SID_SIZE] = { 0 }; // SbieLogin +//UCHAR SandboxieLogonSid[SECURITY_MAX_SID_SIZE] = { 0 }; // SbieLogin static UCHAR SystemLogonSid[12] = { 1, // Revision @@ -221,15 +219,6 @@ _FX BOOLEAN Token_Init(void) #undef MySetGroup - // - // find the sid of the sandboxie user if present - // - - // SbieLogin BEGIN - if (Conf_Get_Boolean(NULL, L"AllowSandboxieLogon", 0, FALSE)) - Token_Init_SbieLogin(); - // SbieLogin END - // // find SepFilterToken for Token_RestrictHelper1 // @@ -252,27 +241,27 @@ _FX BOOLEAN Token_Init(void) //--------------------------------------------------------------------------- -_FX BOOLEAN Token_Init_SbieLogin(void) -{ - WCHAR AccountBuffer[64]; // DNLEN + 1 + sizeof(SANDBOXIE_USER) + reserve - UNICODE_STRING AccountName = { 0, sizeof(AccountBuffer), AccountBuffer }; // Note: max valid length is (DNLEN (15) + 1) * sizeof(WCHAR), length is in bytes leave half empty - if (GetRegString(RTL_REGISTRY_ABSOLUTE, L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName", L"ComputerName", &AccountName) && AccountName.Length < 64) - { - wcscpy(AccountName.Buffer + (AccountName.Length / sizeof(WCHAR)), L"\\" SANDBOXIE_USER); - AccountName.Length += (1 + wcslen(SANDBOXIE_USER)) * sizeof(WCHAR); - //DbgPrint("Sbie, AccountName: %S\n", AccountName.Buffer); - - SID_NAME_USE use; - ULONG userSize = sizeof(SandboxieLogonSid), domainSize = 0; - WCHAR DomainBuff[20]; // doesn't work without this - UNICODE_STRING DomainName = { 0, sizeof(DomainBuff), DomainBuff }; - - SecLookupAccountName(&AccountName, &userSize, (PSID)SandboxieLogonSid, &use, &domainSize, &DomainName); - //DbgPrint("Sbie, SecLookupAccountName: %x; size:%d %d\n", status, userSize, domainSize); - } - - return TRUE; -} +//_FX BOOLEAN Token_Init_SbieLogin(void) +//{ +// WCHAR AccountBuffer[64]; // DNLEN + 1 + sizeof(SANDBOXIE_USER) + reserve +// UNICODE_STRING AccountName = { 0, sizeof(AccountBuffer), AccountBuffer }; // Note: max valid length is (DNLEN (15) + 1) * sizeof(WCHAR), length is in bytes leave half empty +// if (NT_SUCCESS(GetRegString(RTL_REGISTRY_ABSOLUTE, L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName", L"ComputerName", &AccountName)) && AccountName.Length < 64) +// { +// wcscpy(AccountName.Buffer + (AccountName.Length / sizeof(WCHAR)), L"\\" SANDBOXIE_USER); +// AccountName.Length += (1 + wcslen(SANDBOXIE_USER)) * sizeof(WCHAR); +// //DbgPrint("Sbie, AccountName: %S\n", AccountName.Buffer); +// +// SID_NAME_USE use; +// ULONG userSize = sizeof(SandboxieLogonSid), domainSize = 0; +// WCHAR DomainBuff[20]; // doesn't work without this +// UNICODE_STRING DomainName = { 0, sizeof(DomainBuff), DomainBuff }; +// +// SecLookupAccountName(&AccountName, &userSize, (PSID)SandboxieLogonSid, &use, &domainSize, &DomainName); +// //DbgPrint("Sbie, SecLookupAccountName: %x; size:%d %d\n", status, userSize, domainSize); +// } +// +// return TRUE; +//} //--------------------------------------------------------------------------- @@ -1009,7 +998,7 @@ _FX BOOLEAN Token_ResetPrimary(PROCESS *proc) ((ULONG_PTR)TokenObject + UserAndGroups_offset); // Windows 8.1 update - if (SidAndAttrsInToken->Sid == (PSID)AnonymousLogonSid || SidAndAttrsInToken->Sid == (PSID)SandboxieLogonSid) + if (SidAndAttrsInToken->Sid == (PSID)proc->SandboxieLogonSid) { //DbgPrint("Sbie, restore token pointer\n"); @@ -1270,27 +1259,12 @@ _FX void *Token_RestrictHelper1( UCHAR *SidInToken = (UCHAR *)SidAndAttrsInToken->Sid; if (SidInToken && SidInToken[1] >= 1) { // SubAuthorityCount >= 1 - PSID NewSid = NULL; - - // SbieLogin BEGIN - if (Conf_Get_Boolean(proc->box->name, L"SandboxieLogon", 0, FALSE)) - { - if (SandboxieLogonSid[0] != 0) - NewSid = (PSID)SandboxieLogonSid; - else - status = STATUS_UNSUCCESSFUL; - } - else - // SbieLogin END - - // debug tip. To disable anonymous logon, set AnonymousLogon=n - - if (Conf_Get_Boolean(proc->box->name, L"AnonymousLogon", 0, TRUE)) + if (!proc->SandboxieLogonSid && Conf_Get_Boolean(proc->box->name, L"AnonymousLogon", 0, TRUE)) { - NewSid = (PSID)AnonymousLogonSid; + proc->SandboxieLogonSid = (PSID)AnonymousLogonSid; } - if (NewSid != NULL) + if (proc->SandboxieLogonSid) { // In windows 8.1 Sid can be in two difference places. One is relative to SidAndAttrsInToken. // By debugger, the offset is 0xf0 after SidAndAttrsInToken. The other one is with KB2919355, @@ -1306,14 +1280,14 @@ _FX void *Token_RestrictHelper1( // When trying apply the SbieLogin token to a system process there is not enough space in the SID // so we need to use a workaround not unlike the one for win 8 - || (RtlLengthSid(SidInToken) < RtlLengthSid(NewSid)) + || (RtlLengthSid(SidInToken) < RtlLengthSid(proc->SandboxieLogonSid)) ) { //DbgPrint("Sbie, hack token pointer\n"); - SidAndAttrsInToken->Sid = (PSID)NewSid; + SidAndAttrsInToken->Sid = proc->SandboxieLogonSid; } else { - memcpy(SidInToken, NewSid, RtlLengthSid(NewSid)); + memcpy(SidInToken, proc->SandboxieLogonSid, RtlLengthSid(proc->SandboxieLogonSid)); } } } @@ -2250,15 +2224,15 @@ _FX void* Token_CreateNew(void* TokenObject, PROCESS* proc) PTOKEN_SOURCE LocalSource = NULL; PTOKEN_DEFAULT_DACL NewDefaultDacl = NULL; - ULONG DefaultDacl_Length = 0; - PACL Dacl = NULL; - PSID Sid = NULL; + PTOKEN_OWNER NewOwner = NULL; + ULONG DefaultDacl_Length = 0; + PACL NewDacl = NULL; OBJECT_ATTRIBUTES ObjectAttributes; SECURITY_QUALITY_OF_SERVICE SecurityQos; // - // Gather information from the original token + // Gether informations from the original token // if ( !NT_SUCCESS(SeQueryInformationToken(TokenObject, TokenStatistics, &LocalStatistics)) @@ -2283,26 +2257,14 @@ _FX void* Token_CreateNew(void* TokenObject, PROCESS* proc) // Change the SID // - // SbieLogin BEGIN - if (Conf_Get_Boolean(proc->box->name, L"SandboxieLogon", 0, FALSE)) - { - if (SandboxieLogonSid[0] != 0) - Sid = (PSID)SandboxieLogonSid; - else { - Log_Status_Ex_Process(MSG_1222, 0xA6, status, NULL, proc->box->session_id, proc->pid); - goto finish; - } - } - else - // SbieLogin END - if (Conf_Get_Boolean(proc->box->name, L"AnonymousLogon", 0, TRUE)) + if (!proc->SandboxieLogonSid && Conf_Get_Boolean(proc->box->name, L"AnonymousLogon", 0, TRUE)) { - Sid = (PSID)AnonymousLogonSid; + proc->SandboxieLogonSid = (PSID)AnonymousLogonSid; } - if (Sid != NULL) + if (proc->SandboxieLogonSid) { - memcpy(LocalUser->User.Sid, Sid, RtlLengthSid(Sid)); + memcpy(LocalUser->User.Sid, proc->SandboxieLogonSid, RtlLengthSid(proc->SandboxieLogonSid)); } // @@ -2324,6 +2286,8 @@ _FX void* Token_CreateNew(void* TokenObject, PROCESS* proc) NULL ); + //LUID AuthenticationId = ANONYMOUS_LOGON_LUID; + status = SbieCreateToken( &TokenHandle, TOKEN_ALL_ACCESS, @@ -2350,7 +2314,7 @@ _FX void* Token_CreateNew(void* TokenObject, PROCESS* proc) // Retry with new DACLs on error // - if (Sid && status == STATUS_INVALID_OWNER) + if (proc->SandboxieLogonSid && status == STATUS_INVALID_OWNER) { DefaultDacl_Length = LocalDefaultDacl->DefaultDacl->AclSize; @@ -2364,11 +2328,13 @@ _FX void* Token_CreateNew(void* TokenObject, PROCESS* proc) memcpy(NewDefaultDacl, LocalDefaultDacl, DefaultDacl_Length); - NewDefaultDacl->DefaultDacl = Dacl = (PACL)((ULONG_PTR)NewDefaultDacl + sizeof(TOKEN_DEFAULT_DACL)); + NewDefaultDacl->DefaultDacl = NewDacl = (PACL)((ULONG_PTR)NewDefaultDacl + sizeof(TOKEN_DEFAULT_DACL)); NewDefaultDacl->DefaultDacl->AclSize += 128; - Sid = LocalUser->User.Sid; - RtlAddAccessAllowedAce(Dacl, ACL_REVISION2, GENERIC_ALL, Sid); + NewOwner = (PTOKEN_OWNER)ExAllocatePoolWithTag(PagedPool, sizeof(TOKEN_OWNER), tzuk); + NewOwner->Owner = LocalUser->User.Sid; + + RtlAddAccessAllowedAce(NewDacl, ACL_REVISION2, GENERIC_ALL, NewOwner->Owner); status = SbieCreateToken( &TokenHandle, @@ -2386,7 +2352,7 @@ _FX void* Token_CreateNew(void* TokenObject, PROCESS* proc) 0, //DeviceGroups, MandatoryPolicy, - (PTOKEN_OWNER)&Sid, + NewOwner, LocalPrimaryGroup, NewDefaultDacl, LocalSource @@ -2398,9 +2364,9 @@ _FX void* Token_CreateNew(void* TokenObject, PROCESS* proc) goto finish; } - Token_SetHandleDacl(NtCurrentProcess(), Dacl); - Token_SetHandleDacl(NtCurrentThread(), Dacl); - Token_SetHandleDacl(TokenHandle, Dacl); + Token_SetHandleDacl(NtCurrentProcess(), NewDacl); + Token_SetHandleDacl(NtCurrentThread(), NewDacl); + Token_SetHandleDacl(TokenHandle, NewDacl); } else if (!NT_SUCCESS(status)) { @@ -2467,6 +2433,7 @@ finish: if (LocalSource) ExFreePool((PVOID)LocalSource); if (NewDefaultDacl) ExFreePool((PVOID)NewDefaultDacl); + if (NewOwner) ExFreePool((PVOID)NewOwner); // diff --git a/Sandboxie/core/svc/DriverAssist.cpp b/Sandboxie/core/svc/DriverAssist.cpp index a8b75c69..fb933eff 100644 --- a/Sandboxie/core/svc/DriverAssist.cpp +++ b/Sandboxie/core/svc/DriverAssist.cpp @@ -234,6 +234,8 @@ void DriverAssist::ShutdownPortAndThreads() if (PortHandle) NtClose(PortHandle); + + CleanUpSIDs(); } diff --git a/Sandboxie/core/svc/DriverAssist.h b/Sandboxie/core/svc/DriverAssist.h index 52356d7c..46ed5ab7 100644 --- a/Sandboxie/core/svc/DriverAssist.h +++ b/Sandboxie/core/svc/DriverAssist.h @@ -112,6 +112,14 @@ private: void InjectLow(void *_msg); HANDLE InjectLow_OpenProcess(void *_msg); + // + // SbieLogin + // + + bool GetSandboxieSID(const WCHAR* boxname, UCHAR* SandboxieLogonSid, DWORD dwSidSize); + + void CleanUpSIDs(); + // // data // diff --git a/Sandboxie/core/svc/DriverAssistInject.cpp b/Sandboxie/core/svc/DriverAssistInject.cpp index b8a7b4fd..f368ae00 100644 --- a/Sandboxie/core/svc/DriverAssistInject.cpp +++ b/Sandboxie/core/svc/DriverAssistInject.cpp @@ -55,7 +55,9 @@ void DriverAssist::InjectLow(void *_msg) { SVC_PROCESS_MSG *msg = (SVC_PROCESS_MSG *)_msg; + NTSTATUS status = 0; ULONG errlvl = 0; + UCHAR SandboxieLogonSid[SECURITY_MAX_SID_SIZE] = { 0 }; // // open new process and verify process creation time @@ -115,7 +117,12 @@ void DriverAssist::InjectLow(void *_msg) // notify driver that we successfully injected the lowlevel code // - if (SbieApi_Call(API_INJECT_COMPLETE, 1, (ULONG_PTR)msg->process_id) == 0) + if (GetSandboxieSID(boxname, SandboxieLogonSid, sizeof(SandboxieLogonSid))) + status = SbieApi_Call(API_INJECT_COMPLETE, 2, (ULONG_PTR)msg->process_id, SandboxieLogonSid); + else // if that fails or is not enabled we fall back to using the anonymous logon token + status = SbieApi_Call(API_INJECT_COMPLETE, 1, (ULONG_PTR)msg->process_id); + + if (status == 0) errlvl = 0; else errlvl = 0x99; diff --git a/Sandboxie/core/svc/DriverAssistSid.cpp b/Sandboxie/core/svc/DriverAssistSid.cpp new file mode 100644 index 00000000..357f70b8 --- /dev/null +++ b/Sandboxie/core/svc/DriverAssistSid.cpp @@ -0,0 +1,154 @@ +/* + * Copyright 2022 David Xanatos, xanasoft.com + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +//--------------------------------------------------------------------------- +// Driver Assistant +//--------------------------------------------------------------------------- + +#include "stdafx.h" + +#include "DriverAssist.h" +#include +#include "common/lsalookupi_ddk.h" +#include "common/my_Version.h" + +extern "C" { + + NTSTATUS WINAPI LsaManageSidNameMapping( + _In_ LSA_SID_NAME_MAPPING_OPERATION_TYPE OpType, + _In_ PLSA_SID_NAME_MAPPING_OPERATION_INPUT OpInput, + _Out_ PLSA_SID_NAME_MAPPING_OPERATION_OUTPUT* OpOutput + ); + + NTSTATUS NTAPI RtlCreateVirtualAccountSid( + _In_ PUNICODE_STRING Name, + _In_ ULONG BaseSubAuthority, + _Out_ PSID Sid, + _Inout_ PULONG SidLength + ); + + __declspec(dllimport) NTSTATUS __stdcall RtlInitUnicodeString( + PUNICODE_STRING DestinationString, + const WCHAR* SourceString + ); + + #define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0) +} + +NTSTATUS AddSidName(PSID pSID, const WCHAR* domain, const WCHAR* user) +{ + NTSTATUS status; + LSA_SID_NAME_MAPPING_OPERATION_ADD_INPUT add_input; + memset(&add_input, 0, sizeof(LSA_SID_NAME_MAPPING_OPERATION_ADD_INPUT)); + PLSA_SID_NAME_MAPPING_OPERATION_INPUT input = (PLSA_SID_NAME_MAPPING_OPERATION_INPUT)&add_input; + PLSA_SID_NAME_MAPPING_OPERATION_OUTPUT output = NULL; + + add_input.Sid = pSID; + add_input.Flags = 0; + RtlInitUnicodeString(&add_input.DomainName, domain); + if(user != NULL) + RtlInitUnicodeString(&add_input.AccountName, user); + + status = LsaManageSidNameMapping(LsaSidNameMappingOperation_Add, input, &output); + + if(output) + LsaFreeMemory(output); + + return status; +} + +NTSTATUS RemoveSidName(const WCHAR* domain, const WCHAR* user) +{ + NTSTATUS status; + _LSA_SID_NAME_MAPPING_OPERATION_REMOVE_INPUT add_input; + memset(&add_input, 0, sizeof(_LSA_SID_NAME_MAPPING_OPERATION_REMOVE_INPUT)); + PLSA_SID_NAME_MAPPING_OPERATION_INPUT input = (PLSA_SID_NAME_MAPPING_OPERATION_INPUT)&add_input; + PLSA_SID_NAME_MAPPING_OPERATION_OUTPUT output = NULL; + + RtlInitUnicodeString(&add_input.DomainName, domain); + if(user != NULL) + RtlInitUnicodeString(&add_input.AccountName, user); + + status = LsaManageSidNameMapping(LsaSidNameMappingOperation_Add, input, &output); + + if(output) + LsaFreeMemory(output); + + return status; +} + +#define SBIE_RID 100 // must be between 80 and 111 inclusive + +UCHAR SandboxieSid[12] = { + 1, // Revision + 1, // SubAuthorityCount + 0,0,0,0,0,5, // SECURITY_NT_AUTHORITY // IdentifierAuthority + SBIE_RID,0,0,0 // SubAuthority +}; + + +//--------------------------------------------------------------------------- +// GetSandboxieSID +//--------------------------------------------------------------------------- + + +bool DriverAssist::GetSandboxieSID(const WCHAR* boxname, UCHAR* pSID, DWORD dwSidSize) +{ + if (!SbieApi_QueryConfBool(boxname, L"SandboxieLogon", TRUE)) + return false; + + WCHAR szUserName[256], szDomainName[256]; + DWORD dwDomainSize = ARRAYSIZE(szDomainName); + SID_NAME_USE snu = SidTypeInvalid; + + wcscpy(szUserName, SANDBOXIE L"\\"); + wcscat(szUserName, boxname); + + if (LookupAccountName(NULL, szUserName, pSID, &dwSidSize, szDomainName, &dwDomainSize, &snu)) + return true; + + // + // add Sandboxie domain "Sandboxie" + // + + static bool SbieAdded = false; + if (!SbieAdded) { + AddSidName(SandboxieSid, SANDBOXIE, NULL); + SbieAdded = true; + } + + // + // add Sandboxie box user "Sandboxie\\DefaultBox" + // + + UNICODE_STRING Name; + RtlInitUnicodeString(&Name, boxname); + RtlCreateVirtualAccountSid(&Name, SBIE_RID, pSID, &dwSidSize); + + return NT_SUCCESS(AddSidName(pSID, SANDBOXIE, boxname)); +} + + +//--------------------------------------------------------------------------- +// CleanUpSIDs +//--------------------------------------------------------------------------- + + +void DriverAssist::CleanUpSIDs() +{ + RemoveSidName(SANDBOXIE, NULL); +} \ No newline at end of file diff --git a/Sandboxie/core/svc/ProcessServer.cpp b/Sandboxie/core/svc/ProcessServer.cpp index aabf6a0b..d39fb4de 100644 --- a/Sandboxie/core/svc/ProcessServer.cpp +++ b/Sandboxie/core/svc/ProcessServer.cpp @@ -967,6 +967,8 @@ BOOL ProcessServer::RunSandboxedSetDacl( SECURITY_ANONYMOUS_LOGON_RID,0,0,0 // SubAuthority }; + extern UCHAR SandboxieSid[12]; + ULONG LastError; HANDLE hToken; ULONG len; @@ -1006,7 +1008,7 @@ BOOL ProcessServer::RunSandboxedSetDacl( ok = GetTokenInformation(hToken, TokenUser, pUser, 512, &len); LastError = GetLastError(); - if (idProcess != NULL) // this is used when starting a service + if (ok && idProcess != NULL) // this is used when starting a service { // // in Sandboxie version 4, the primary process token is going to be @@ -1014,8 +1016,16 @@ BOOL ProcessServer::RunSandboxedSetDacl( // textual SID string and convert it into a SID value // - if (ok && memcmp(pUser->User.Sid, AnonymousLogonSid, - sizeof(AnonymousLogonSid)) == 0) { + // + // in Sandboxie version 5.57 instead of using the anonymous SID + // we can use box specific custom SIDs, + // when comparing we skip the revision and the SubAuthorityCount + // also we conpare only teh domain portion of the SID as the rest + // will be different for each box + // + + if (memcmp(pUser->User.Sid, AnonymousLogonSid, sizeof(AnonymousLogonSid)) == 0 + || memcmp(((UCHAR*)pUser->User.Sid) + 2, SandboxieSid, 10) == 0) { PSID TempSid; WCHAR SidString[96]; diff --git a/Sandboxie/core/svc/SboxSvc.vcxproj b/Sandboxie/core/svc/SboxSvc.vcxproj index 547f6136..385135e1 100644 --- a/Sandboxie/core/svc/SboxSvc.vcxproj +++ b/Sandboxie/core/svc/SboxSvc.vcxproj @@ -245,6 +245,7 @@ true true + true true diff --git a/Sandboxie/core/svc/SboxSvc.vcxproj.filters b/Sandboxie/core/svc/SboxSvc.vcxproj.filters index 5bcd2ded..97015aa6 100644 --- a/Sandboxie/core/svc/SboxSvc.vcxproj.filters +++ b/Sandboxie/core/svc/SboxSvc.vcxproj.filters @@ -75,6 +75,9 @@ ComProxy + + DriverAssist + diff --git a/SandboxiePlus/version.h b/SandboxiePlus/version.h index 643e9735..bdb3fc50 100644 --- a/SandboxiePlus/version.h +++ b/SandboxiePlus/version.h @@ -1,8 +1,8 @@ #pragma once #define VERSION_MJR 1 -#define VERSION_MIN 1 -#define VERSION_REV 1 +#define VERSION_MIN 2 +#define VERSION_REV 0 #define VERSION_UPD 0 #ifndef STR