Merge branch 'AdminConf' of https://github.com/love-code-yeyixiao/Sandboxie into AdminConf
This commit is contained in:
commit
cfc88a3f12
|
@ -125,5 +125,5 @@ jobs:
|
|||
echo 'tailing->trailing' >> dictionary_code.txt
|
||||
# Only lowercase letters are allowed in --ignore-words-list
|
||||
codespell --dictionary=dictionary.txt --dictionary=dictionary_rare.txt --dictionary=dictionary_code.txt \
|
||||
--ignore-words-list="wil,unknwn,tolen,pevent,doubleclick,parm,parms,etcp,ois,ba,ptd,modell,namesd,stdio,uint,errorstring,ontext,atend,deque,ecounter,nmake,namess,inh,daa,varient,lite,uis,emai,ws,slanguage,woh,tne,typpos,enew,shft,seh,ser,servent,socio-economic,rime" \
|
||||
--ignore-words-list="wil,unknwn,tolen,pevent,doubleclick,parm,parms,etcp,ois,ba,ptd,modell,namesd,stdio,uint,errorstring,ontext,atend,deque,ecounter,nmake,namess,inh,daa,varient,lite,uis,emai,ws,slanguage,woh,tne,typpos,enew,shft,seh,ser,servent,socio-economic,rime,falt,infor" \
|
||||
--skip="./.git,./.github/workflows/codespell.yml,./dictionary*.txt,./Sandboxie/msgs/Text-*-*.txt,./Sandboxie/msgs/report/Report-*.txt,./SandboxiePlus/SandMan/*.ts,./Installer/Languages.iss,./Installer/isl/*.isl,./Sandboxie/common/Detours/Makefile,./Sandboxie/common/Detours/disasm.cpp,./Sandboxie/install/build.bat,./SandboxieTools/ImBox/dc/crypto_fast/xts_fast.c,./Sandboxie/apps/control/TreePropSheet.h,./Sandboxie/apps/control/PropPageFrame.h,./Sandboxie/apps/control/PropPageFrameDefault.h,./SandboxiePlus/SandMan/Troubleshooting/lang_*.json"
|
||||
|
|
166
CHANGELOG.md
166
CHANGELOG.md
|
@ -3,28 +3,99 @@ All notable changes to this project will be documented in this file.
|
|||
This project adheres to [Semantic Versioning](http://semver.org/).
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## [1.13.6 / 5.68.6] - 2024-04-
|
||||
## [1.14.1 / 5.69.1] - 2024-05-??
|
||||
|
||||
### Added
|
||||
- added "BlockInterferenceControl=y" option to prevent sandboxed processes from forcing windows on top and moving the mounse pointer (thanks Yeyixiao)
|
||||
- Note: this option may cause issues in games hence do not enable it for gaming boxes.
|
||||
- added support for hardlinks [#3826](https://github.com/sandboxie-plus/Sandboxie/issues/3826)
|
||||
- Add "Sandboxie\All Sandboxes" SID into token with SandboxieLogon [#3191](https://github.com/sandboxie-plus/Sandboxie/issues/3191)
|
||||
- To use this feature SandboxieAllGroup=y must be enabled
|
||||
- Note: that this fundamentaly changes the mechanism Sbie uses for token creation, the new mechanism can be enabled separately with "UseCreateToken=y"
|
||||
- Added "EditAdminOnly=y" can now be configured per box
|
||||
- Add UI for CoverWindows in NewBoxWizard.
|
||||
- Add UI option to start unsandboxed process but force child processes in SelectBoxWindow.
|
||||
- Add option "AlertBeforeStart".When it is set,a prompt pops up before launching a new program into the sandbox using "Start.exe" and checks if the program that started "Start.exe" is a Sandboxie component itself,if it is not, a warning pops up.
|
||||
|
||||
### Changed
|
||||
- split the advanced new box wizard page in two
|
||||
- reorganized box options a bit
|
||||
|
||||
### Fixed
|
||||
- fixed issue with proxy authentication setting
|
||||
- fixed memory leak in sbiesvc
|
||||
- fixed issue with inconsistent WFP option application [#3900](https://github.com/sandboxie-plus/Sandboxie/issues/3900)
|
||||
|
||||
|
||||
|
||||
|
||||
## [1.14.0 / 5.69.0] - 2024-05-17
|
||||
|
||||
### Added
|
||||
- Add option to limit the memory of sandboxed process and the number of process in single sandbox through job object. (thanks Yeyixiao)
|
||||
- Use "TotalMemoryLimit"(Number,limit whole sandbox) and "ProcessMemoryLimit"(Number,limit single process) to set memory limit.
|
||||
- Use "ProcessNumberLimit"(Number) to set process number limit.
|
||||
- Add ability to modified sandboxed process logic speed (reduced fixed latency, modified single-player speed, etc.) (thanks Yeyixiao)
|
||||
- Use "UseChangeSpeed=y" to open this feature,use "AddTickSpeed"/"AddSleepSpeed"/"AddTimerSpeed"/"LowTickSpeed"/"LowSleepSpeed"/"LowTimerSpeed"(Number) to set.
|
||||
- When set "AddSleepSpeed=0",all Sleep funcation call will be skip.
|
||||
- Added /fcp /force_children commandline option to start.exe it allows to start a program unsandboxed but have all its children sandboxed
|
||||
|
||||
- added ability to fore sandboxed processes to use a pre defined socks 5 proxy
|
||||
- added ability to intercept DNS queries such that thay can be log and/or redirected
|
||||
- added support for SOCKS5 proxy authentication based on RFC1928 (thanks Deezzir)
|
||||
- added Test Dialog UI for SOCKS5 proxy (thanks Deezzir)
|
||||
- added ability to automatically removes template references that begin with “Template_Temp_” in the sandbox.
|
||||
|
||||
### Changed
|
||||
- validated compatybility with windows build 26217 and updated dyn data
|
||||
|
||||
### Fixed
|
||||
- fixed an issue with an early batch of Large Supporter certificates
|
||||
|
||||
|
||||
|
||||
## [1.13.7 / 5.68.7] - 2024-05-01
|
||||
|
||||
### Added
|
||||
- added file version information for SbieDll.dll and SbieSvc.exe in the Sandboxie Plus About dialog
|
||||
|
||||
### Changed
|
||||
- improved checkboxes about DropAdminRights in SandMan [#3851](https://github.com/sandboxie-plus/Sandboxie/pull/3851) (thanks offhub)
|
||||
|
||||
### Fixed
|
||||
- fixed symbolic linking of files [#3852](https://github.com/sandboxie-plus/Sandboxie/issues/3852)
|
||||
- fixed issue with start agent option [#3844](https://github.com/sandboxie-plus/Sandboxie/pull/3844) (thanks offhub)
|
||||
- fixed issue with Delete V2 introduced in 1.13.5
|
||||
|
||||
|
||||
|
||||
|
||||
## [1.13.6 / 5.68.6] - 2024-04-21
|
||||
|
||||
### Added
|
||||
- added "BlockInterferenceControl=y" option to prevent sandboxed processes from forcing windows on top and moving the mouse pointer (thanks Yeyixiao)
|
||||
- Note: this option may cause issues in games hence it's not recommended for gaming boxes
|
||||
- added support for hard links [#3826](https://github.com/sandboxie-plus/Sandboxie/issues/3826)
|
||||
- added mechanism to terminate stuck sandboxed processes from the driver
|
||||
- added editable trigger list [#3742](https://github.com/sandboxie-plus/Sandboxie/issues/3742)
|
||||
- added optional extension of the screenshot protection to the UI [#3739](https://github.com/sandboxie-plus/Sandboxie/issues/3739)
|
||||
- added a button to edit local/custom templates [#3738](https://github.com/sandboxie-plus/Sandboxie/issues/3738)
|
||||
- added adjustable resizing of the "Run Sandboxed" window [#3697](https://github.com/sandboxie-plus/Sandboxie/issues/3697)
|
||||
- added Notepad++ template [#3836](https://github.com/sandboxie-plus/Sandboxie/pull/3836)
|
||||
|
||||
### Changed
|
||||
- improved Avast template [#3777](https://github.com/sandboxie-plus/Sandboxie/pull/3777)
|
||||
- renamed a bunch of experimental options and marked them as experimental in the UI
|
||||
- "IsBlockCapture=y" -> "BlockScreenCapture=y"
|
||||
- "IsProtectScreen=>" -> "CoverBoxedWindows=y"
|
||||
|
||||
### Fixed
|
||||
- fixed When I change the BlockDNS and BlockPorts options, the Apply button is not activated [#3807](https://github.com/sandboxie-plus/Sandboxie/issues/3807)
|
||||
- fixed troubleshooting wizard broke with new qt [#3810](https://github.com/sandboxie-plus/Sandboxie/discussions/3810)
|
||||
- fixed Settings dialog now showing the right ram disk letter
|
||||
- fixed issues with updater broke with new qt due to missing SSL support [3810](https://github.com/sandboxie-plus/Sandboxie/discussions/3810)
|
||||
- fixed inactive apply button when changing BlockDNS or BlockPorts options [#3807](https://github.com/sandboxie-plus/Sandboxie/issues/3807)
|
||||
- fixed troubleshooting wizard breaking with new Qt [#3810](https://github.com/sandboxie-plus/Sandboxie/discussions/3810)
|
||||
- fixed Settings dialog now showing the correct RAM drive letter
|
||||
- fixed broken updater due to missing SSL support in the latest Qt build [#3810](https://github.com/sandboxie-plus/Sandboxie/discussions/3810)
|
||||
- fixed Enabling "DropAdminRights/FakeAdminRights" adds "BlockInterferePower and ForceProtectionOnMount" to the INI [#3825](https://github.com/sandboxie-plus/Sandboxie/issues/3825)
|
||||
- fixed KeePass "Out of Memory" crash due to "BlockScreenCapture=y" [#3768](https://github.com/sandboxie-plus/Sandboxie/issues/3768)
|
||||
- fixed Sandboxie 1.13.4 with IsBlockCapture=y not working on Windows 7 [#3769](https://github.com/sandboxie-plus/Sandboxie/issues/3769)
|
||||
- fixed explorer.exe issue "FakeAdminRights=y" [#3638](https://github.com/sandboxie-plus/Sandboxie/issues/3638)
|
||||
- fixed Make it possible to disable forced folder warning [#3569](https://github.com/sandboxie-plus/Sandboxie/issues/3569)
|
||||
|
||||
|
||||
|
||||
|
@ -59,15 +130,15 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
- it can be enabled with "IsBlockCapture=y"
|
||||
- see the sandbox option "Prevent sandboxed processes from using public methods to capture window images" in SandMan UI
|
||||
- added "LingerExemptWnds=n" to make the lingering process monitor mechanism no longer exempt lingering processes with windows from termination
|
||||
- Added option 'SharedTemplate' to Box Wizard [#3737](https://github.com/sandboxie-plus/Sandboxie/pull/3737) (thanks offhub)
|
||||
- Added an option to force the protection of an encrypted sandbox to be enabled. [#3736](https://github.com/sandboxie-plus/Sandboxie/pull/3736) (thanks Yeyixiao)
|
||||
- Added a menu and button/icon to suspend all processes [#3741] (https://github.com/sandboxie-plus/Sandboxie/issues/3741)
|
||||
- added option 'SharedTemplate' to Box Wizard [#3737](https://github.com/sandboxie-plus/Sandboxie/pull/3737) (thanks offhub)
|
||||
- added an option to force the protection of an encrypted sandbox to be enabled [#3736](https://github.com/sandboxie-plus/Sandboxie/pull/3736) (thanks Yeyixiao)
|
||||
- added a menu and button/icon to suspend all processes [#3741] (https://github.com/sandboxie-plus/Sandboxie/issues/3741)
|
||||
|
||||
### Changed
|
||||
- option "LingerLeniency=n" now also disabled the 5 sec grace period for freshly started lingerers [#1892](https://github.com/sandboxie-plus/Sandboxie/issues/1892)
|
||||
- option "LingerLeniency=n" now also disabled the 5 second grace period for freshly started lingerers [#1892](https://github.com/sandboxie-plus/Sandboxie/issues/1892)
|
||||
|
||||
### Fixed
|
||||
- fixed issue with symlinks related to startmenu folders
|
||||
- fixed issue with symlinks related to start menu folders
|
||||
|
||||
|
||||
|
||||
|
@ -139,7 +210,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
- reworked SCM hooking to improve Windows 10 compatibility
|
||||
- reworked offset dependent handling of undocumented Windows kernel objects
|
||||
- the required offsets can be now updated independently from the driver
|
||||
- the DynData blob is digitally signed, when in testsigning mode the signature is however ignored
|
||||
- the DynData blob is digitally signed, when in test signing mode the signature is however ignored
|
||||
- when Sandboxie encounters a yet unsupported kernel build, token based isolation is disabled to prevent system instability
|
||||
- this safety mechanism is disabled on systems participating in the Windows Insider program
|
||||
- for systems in the Insider program, the latest known offsets are tried
|
||||
|
@ -367,18 +438,18 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
### Fixed
|
||||
- fixed subscription certificate recognition issue
|
||||
- fixed logo cut-off in the About window [#3249](https://github.com/sandboxie-plus/Sandboxie/issues/3249)
|
||||
- fixed issue with file recovery when using ramdisk [d82b62e](https://github.com/sandboxie-plus/Sandboxie/commit/d82b62ee78d865e21005b9b81dfa9dac9f524b90)
|
||||
- fixed issue with file recovery when using a RAM drive [d82b62e](https://github.com/sandboxie-plus/Sandboxie/commit/d82b62ee78d865e21005b9b81dfa9dac9f524b90)
|
||||
|
||||
## [1.11.1 / 5.66.1] - 2023-08-31
|
||||
|
||||
### Added
|
||||
- added 'RamDiskLetter=R:\' option allowing to mount the ramdisk root to a drive letter [938e0a8](https://github.com/sandboxie-plus/Sandboxie/commit/938e0a8c8d88e3780ece674c6702654d0b4e6ddc)
|
||||
- added 'RamDiskLetter=R:\' option allowing to mount the RAM drive root to a drive letter [938e0a8](https://github.com/sandboxie-plus/Sandboxie/commit/938e0a8c8d88e3780ece674c6702654d0b4e6ddc)
|
||||
|
||||
### Changed
|
||||
- changed the new option layout to be the default for non-vintage views (can be changed back in the settings) [94c3f5e](https://github.com/sandboxie-plus/Sandboxie/commit/94c3f5e35bf9e7c993557f2c9d4e6e5129e9d1df)
|
||||
|
||||
### Fixed
|
||||
- fixed issue when re-creating a rambox junction [2542351](https://github.com/sandboxie-plus/Sandboxie/commit/254235136fa8b74ad147f03b646d4015208c14be)
|
||||
- fixed issue when re-creating a RAM sandbox junction [2542351](https://github.com/sandboxie-plus/Sandboxie/commit/254235136fa8b74ad147f03b646d4015208c14be)
|
||||
- fixed Sandboxie logo scaling in the setup wizards [#3227](https://github.com/sandboxie-plus/Sandboxie/issues/3227)
|
||||
- fixed text cut-off in box creation wizard [#3226](https://github.com/sandboxie-plus/Sandboxie/issues/3226)
|
||||
- fixed Windows 7 compatibility issue with ImBox.exe [1f0b2b7](https://github.com/sandboxie-plus/Sandboxie/commit/1f0b2b71ba47436252fd55eece2c3624085b46dc)
|
||||
|
@ -392,7 +463,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
## [1.11.0 / 5.66.0] - 2023-08-25
|
||||
|
||||
### Added
|
||||
- added ImDisk driver, allowing to create boxes residing in a ramdisk
|
||||
- added ImDisk driver, allowing to create boxes residing in a RAM drive
|
||||
- added Encrypted Sandbox support; this creates confidential boxes that do not leak data to the host PC
|
||||
- using the ImDisk driver and a new ImBox component featuring the cryptographic implementation from [DiskCryptor](https://diskcryptor.org/) the sandbox root folder is stored in an encrypted container file
|
||||
- using the SbieDrv to prevent processes not belonging to the sandbox from accessing an encrypted sandbox's root folder
|
||||
|
@ -468,7 +539,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
- fixed UGlobalHotkey library not being compatible with Qt6
|
||||
|
||||
### Removed
|
||||
- removed hardcoded support for LogApiDll
|
||||
- removed hardcoded support for LogAPI library
|
||||
- use the Add-On Manager and DLL injection settings
|
||||
|
||||
|
||||
|
@ -515,7 +586,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
- added box scripting engine to make SandMan more flexible
|
||||
- added scriptable troubleshooting wizard [#1875](https://github.com/sandboxie-plus/Sandboxie/issues/1875)
|
||||
- added Add-On Manager which helps to install additional and third-party components, available add-ons:
|
||||
- [ImDisk Toolkit](https://sourceforge.net/projects/imdisk-toolkit/) - used to create RAM Disks and other virtual drives
|
||||
- [ImDisk Toolkit](https://sourceforge.net/projects/imdisk-toolkit/) - used to create RAM drives and other virtual drives
|
||||
- [V4 Script Debugger](https://github.com/DavidXanatos/NeoScriptTools) - used to debug troubleshooting scripts
|
||||
- [Microsoft Debug Help Library](https://learn.microsoft.com/en-us/windows/win32/debug/debug-help-library) - used for the stack trace feature introduced in 1.9.6
|
||||
- [signcheck.exe](https://learn.microsoft.com/en-us/sysinternals/downloads/sigcheck) - used to scan files on VirusTotal before recovering them
|
||||
|
@ -756,7 +827,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
### Fixed
|
||||
- fixed issue with the new SBIE2307 message being triggered on media removal
|
||||
- excluded some old token hacks (for Firefox) from being disabled
|
||||
- long-standing ping issue with compartment type boxes [#1608](https://github.com/sandboxie-plus/Sandboxie/issues/1608)
|
||||
- fixed long-standing ping issue with compartment type boxes [#1608](https://github.com/sandboxie-plus/Sandboxie/issues/1608)
|
||||
|
||||
|
||||
|
||||
|
@ -1128,7 +1199,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
## [1.5.0 / 5.60.0] - 2022-10-19
|
||||
|
||||
### Added
|
||||
- Added support for Windows on ARM64 [#1321](https://github.com/sandboxie-plus/Sandboxie/issues/1321) [#645](https://github.com/sandboxie-plus/Sandboxie/issues/645)
|
||||
- added support for Windows on ARM64 [#1321](https://github.com/sandboxie-plus/Sandboxie/issues/1321) [#645](https://github.com/sandboxie-plus/Sandboxie/issues/645)
|
||||
- ported SbieDrv for ARM64
|
||||
- ported low-level injection mechanism for ARM64/ARM64EC
|
||||
- ported syscall hooks for ARM64/ARM64EC
|
||||
|
@ -1228,8 +1299,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
## [1.3.4 / 5.58.4] - 2022-09-19
|
||||
|
||||
### Added
|
||||
- Added NoRenameWinClass to the Plus UI
|
||||
- Added Windows.UI.* to the list of hardcoded well-known classes to resolve issues with WinUI apps [#2109](https://github.com/sandboxie-plus/Sandboxie/issues/2109)
|
||||
- added NoRenameWinClass to the Plus UI
|
||||
- added Windows.UI.* to the list of hardcoded well-known classes to resolve issues with WinUI apps [#2109](https://github.com/sandboxie-plus/Sandboxie/issues/2109)
|
||||
|
||||
### Changed
|
||||
- NoRenameWinClass now supports wildcards
|
||||
|
@ -1857,7 +1928,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
- fixed possible upgrade issue with Classic installer (by isaak654) [130c43a](https://github.com/sandboxie-plus/Sandboxie/commit/130c43a62c9778b734fa625bf4f46b12d0701719)
|
||||
- fixed minor issues with Classic installer (by sredna) [#1533](https://github.com/sandboxie-plus/Sandboxie/pull/1533)
|
||||
- fixed issue with Ldr_FixImagePath_2 [#1507](https://github.com/sandboxie-plus/Sandboxie/issues/1507)
|
||||
- when using "Run Sandboxed" with SandMan UI and the UI is off, it will stay off.
|
||||
- when using "Run Sandboxed" with SandMan UI and the UI is off, it will stay off
|
||||
- fixed issue with Util_GetProcessPidByName that should resolve the driver sometimes failing to start at boot [#1451](https://github.com/sandboxie-plus/Sandboxie/issues/1451)
|
||||
- SandMan will now run in background like SbieCtrl when starting a boxed process [post506](https://forum.xanasoft.com/viewtopic.php?p=506#p506)
|
||||
- fixed taskbar not showing with persistent box border in full screen [post474](https://forum.xanasoft.com/viewtopic.php?p=474#p474)
|
||||
|
@ -2413,14 +2484,14 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
## [0.8.9 / 5.50.9] - 2021-07-28 HotFix 2
|
||||
|
||||
### Fixed
|
||||
Fixed issue with registering session leader
|
||||
- fixed issue with registering session leader
|
||||
|
||||
|
||||
|
||||
## [0.8.9 / 5.50.9] - 2021-07-28 HotFix 1
|
||||
|
||||
### Fixed
|
||||
Fixed issue with Windows 7
|
||||
- fixed issue with Windows 7
|
||||
|
||||
|
||||
|
||||
|
@ -2751,7 +2822,7 @@ Fixed issue with Windows 7
|
|||
- improved RPC debugging
|
||||
- improved IPC handling around RpcMgmtSetComTimeout; "RpcMgmtSetComTimeout=n" is now the default behaviour
|
||||
- required exceptions have been hard-coded for specific calling DLLs
|
||||
- the LogApi dll is now using Sbie's tracing facility to log events instead of its own pipe server
|
||||
- the LogAPI library is now using Sandboxie's tracing facility to log events instead of its own pipe server
|
||||
|
||||
### Fixed
|
||||
- FIXED SECURITY ISSUE ID-11: elevated sandboxed processes could access volumes/disks for reading (thanks hg421)
|
||||
|
@ -3220,8 +3291,7 @@ Fixed issue with Windows 7
|
|||
|
||||
### Changed
|
||||
- SbieCtrl no longer auto-shows the tutorial on first start
|
||||
- when hooking to the trampoline, the migrated section of the original function is no longer noped out
|
||||
- it caused issues with Unity games
|
||||
- when hooking to the trampoline, the migrated section of the original function is no longer noped out due to causing issues with Unity games
|
||||
|
||||
### Fixed
|
||||
- fixed colour issue with vertical tabs in dark mode
|
||||
|
@ -3258,7 +3328,7 @@ Fixed issue with Windows 7
|
|||
- fixed issues with the new box settings editor
|
||||
|
||||
### Removed
|
||||
- removes deprecated workaround in the hooking mechanism for an obsolete anti-malware product
|
||||
- removed deprecated workaround in the hooking mechanism for an obsolete anti-malware product
|
||||
|
||||
|
||||
|
||||
|
@ -3295,13 +3365,13 @@ Fixed issue with Windows 7
|
|||
- added finder to resource log
|
||||
- added option "HideHostProcess=program.exe" to hide unsandboxed host processes
|
||||
- Note: Sbie hides by default processes from other boxes, this behaviour can now be controlled with "HideOtherBoxes=n"
|
||||
- Sandboxed RpcSs and DcomLaunch can now be run as system with the option "ProtectRpcSs=y" however this breaks the sandboxed Windows Explorer and others
|
||||
- Built-in Clsid whitelist can now be disabled with "OpenDefaultClsid=n"
|
||||
- Processes can be now terminated with the del key, and require a confirmation
|
||||
- sandboxed RpcSs and DcomLaunch can now be run as system with the option "ProtectRpcSs=y" however this breaks the sandboxed Windows Explorer and others
|
||||
- built-in Clsid whitelist can now be disabled with "OpenDefaultClsid=n"
|
||||
- processes can be now terminated with the del key, and require a confirmation
|
||||
- added sandboxed window border display to SandMan.exe
|
||||
- added notification for Sbie log messages
|
||||
- added Sandbox Presets submenu to quickly change some settings
|
||||
- Enable/Disable API logging; logapi_dlls are now distributed with SbiePlus
|
||||
- Enable/Disable API logging; LogAPI DLLs are now distributed with Sandboxie Plus
|
||||
- Drop admin rights
|
||||
- Block/Allow internet access
|
||||
- Block/Allow access to files on the network
|
||||
|
@ -3337,8 +3407,8 @@ Fixed issue with Windows 7
|
|||
- improved debugging around process creation errors in the driver
|
||||
|
||||
### Fixed
|
||||
- fixed some log messages going lost after driver reload
|
||||
- found a workable fix for the MSI installer issue, see Proc_CreateProcessInternalW_RS5
|
||||
- fixed log messages getting lost after driver reload
|
||||
- fixed MSI installer issue, see Proc_CreateProcessInternalW_RS5
|
||||
|
||||
|
||||
|
||||
|
@ -3351,7 +3421,7 @@ Fixed issue with Windows 7
|
|||
- added progress window for async operations that take time
|
||||
- added DPI awareness [#56](https://github.com/sandboxie-plus/Sandboxie/issues/56)
|
||||
- the driver file is now obfuscated to avoid false positives
|
||||
- additional debug options to Sandboxie.ini OpenToken=y that combines UnrestrictedToken=y and UnfilteredToken=y
|
||||
- additional debug option for Sandboxie.ini named OpenToken=y which combines UnrestrictedToken=y and UnfilteredToken=y
|
||||
- Note: using these options weakens the sandboxing, they are intended for debugging and may be used for better application virtualization later
|
||||
|
||||
### Changed
|
||||
|
@ -3360,8 +3430,8 @@ Fixed issue with Windows 7
|
|||
|
||||
### Fixed
|
||||
- IniWatcher did not work in portable mode
|
||||
- service path fix broke other services, now properly fixed, maybe
|
||||
- found workaround for the MSI installer issue
|
||||
- service path fix broke other services
|
||||
- workaround for the MSI installer issue
|
||||
|
||||
|
||||
|
||||
|
@ -3389,7 +3459,7 @@ Fixed issue with Windows 7
|
|||
### Added
|
||||
- created a new Qt-based UI named SandMan (Sandboxie Manager)
|
||||
- Resource Monitor now shows the PID
|
||||
- added basic API call log using updated BSA LogApiDll
|
||||
- added basic API call log using updated BSA LogAPI library
|
||||
|
||||
### Changed
|
||||
- reworked Resource Monitor to work with multiple event consumers
|
||||
|
@ -3400,8 +3470,8 @@ Fixed issue with Windows 7
|
|||
## [5.40.1] - 2020-04-10
|
||||
|
||||
### Added
|
||||
- "Other" type for the Resource Access Monitor
|
||||
- added call to StartService to the logged Resources
|
||||
- added the new "Other" type for the Resource Access Monitor
|
||||
- added call to StartService to the logged Resources
|
||||
|
||||
### Fixed
|
||||
- fixed "Windows Installer Service could not be accessed" that got introduced with Windows 1903
|
||||
|
|
|
@ -44,6 +44,7 @@ Sandboxie Plus has a modern Qt-based UI, which supports all new features that ha
|
|||
* An Add-on manager to extend or add functionality via additional components
|
||||
* Protections of sandboxes against the host, including the prevention of taking screenshots
|
||||
* A trigger system to perform actions, when a sandbox goes through different stages, like initialization, box start, termination or file recovery
|
||||
* Make a process not sandboxed, but its child processes sandboxed
|
||||
|
||||
More features can be spotted by finding the sign `=` through the shortcut key Ctrl+F in the [CHANGELOG.md](./CHANGELOG.md) file.
|
||||
|
||||
|
|
|
@ -28,6 +28,9 @@
|
|||
#include "core/svc/SbieIniWire.h"
|
||||
#include "common/my_version.h"
|
||||
#include "msgs/msgs.h"
|
||||
#include "core/drv/api_defs.h"
|
||||
#include <psapi.h>
|
||||
#include <Shlwapi.h>
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
|
@ -88,6 +91,7 @@ BOOL execute_auto_run = FALSE;
|
|||
BOOL execute_open_with = FALSE;
|
||||
BOOL run_elevated_2 = FALSE;
|
||||
BOOL disable_force_on_this_program = FALSE;
|
||||
BOOL force_children_on_this_program = FALSE;
|
||||
BOOL auto_select_default_box = FALSE;
|
||||
WCHAR *StartMenuSectionName = NULL;
|
||||
BOOL run_silent = FALSE;
|
||||
|
@ -716,6 +720,17 @@ BOOL Parse_Command_Line(void)
|
|||
|
||||
disable_force_on_this_program = TRUE;
|
||||
|
||||
//
|
||||
// Command line switch /force_children or /fcp
|
||||
//
|
||||
|
||||
} else if (_wcsnicmp(cmd, L"force_children", 14) == 0 ||
|
||||
_wcsnicmp(cmd, L"fcp", 3) == 0) {
|
||||
|
||||
cmd = Eat_String(cmd);
|
||||
|
||||
force_children_on_this_program = TRUE;
|
||||
|
||||
//
|
||||
// Command line switch /hide_window
|
||||
//
|
||||
|
@ -1193,7 +1208,7 @@ int Program_Start(void)
|
|||
shExecInfo.cbSize = sizeof(SHELLEXECUTEINFO);
|
||||
shExecInfo.fMask = SEE_MASK_FLAG_NO_UI | SEE_MASK_DOENVSUBST
|
||||
| SEE_MASK_FLAG_DDEWAIT | SEE_MASK_NOZONECHECKS;
|
||||
if (wait_for_process || keep_alive)
|
||||
if (wait_for_process || keep_alive || force_children_on_this_program)
|
||||
shExecInfo.fMask |= SEE_MASK_NOCLOSEPROCESS;
|
||||
shExecInfo.hwnd = NULL;
|
||||
shExecInfo.lpVerb = NULL;
|
||||
|
@ -1337,6 +1352,8 @@ int Program_Start(void)
|
|||
|
||||
if (ok && (wait_for_process || keep_alive))
|
||||
hNewProcess = shExecInfo.hProcess;
|
||||
else if(ok && force_children_on_this_program)
|
||||
pi.dwProcessId = GetProcessId(shExecInfo.hProcess);
|
||||
|
||||
if (! ok) {
|
||||
|
||||
|
@ -1364,9 +1381,16 @@ int Program_Start(void)
|
|||
// we know for sure that SandboxieRpcSs has opened it
|
||||
//
|
||||
|
||||
if (ok && (! disable_force_on_this_program)) {
|
||||
if (ok) {
|
||||
|
||||
SbieDll_StartCOM(FALSE);
|
||||
if (force_children_on_this_program) {
|
||||
|
||||
SbieApi_Call(API_FORCE_CHILDREN, 2, pi.dwProcessId, BoxName);
|
||||
|
||||
} else if (!disable_force_on_this_program) {
|
||||
|
||||
SbieDll_StartCOM(FALSE);
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
|
@ -1395,7 +1419,9 @@ int Program_Start(void)
|
|||
}
|
||||
}
|
||||
|
||||
} else if (GetModuleHandle(L"protect.dll")) {
|
||||
}
|
||||
// $Workaround$ - 3rd party fix
|
||||
else if (GetModuleHandle(L"protect.dll")) {
|
||||
|
||||
//
|
||||
// hack for FortKnox firewall -- keep Start.exe around for a few
|
||||
|
@ -1636,6 +1662,44 @@ void StartAllAutoRunEntries()
|
|||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// GetParentPIDAndName
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
extern "C" WINBASEAPI BOOL WINAPI QueryFullProcessImageNameW(HANDLE hProcess, DWORD dwFlags, LPWSTR lpExeName, PDWORD lpdwSize);
|
||||
|
||||
DWORD GetParentPIDAndName(DWORD ProcessID, LPTSTR lpszBuffer_Parent_Name)
|
||||
{
|
||||
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, ProcessID);
|
||||
if (!ProcessID)
|
||||
return 0;
|
||||
|
||||
PROCESS_BASIC_INFORMATION pbi;
|
||||
NTSTATUS status = NtQueryInformationProcess(hProcess, ProcessBasicInformation, (LPVOID)&pbi, sizeof(pbi), NULL);
|
||||
|
||||
DWORD dwParentID = 0;
|
||||
if (NT_SUCCESS(status)) {
|
||||
|
||||
dwParentID = (DWORD)pbi.InheritedFromUniqueProcessId;
|
||||
|
||||
if (NULL != lpszBuffer_Parent_Name) {
|
||||
|
||||
HANDLE hParentProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, dwParentID);
|
||||
if (hParentProcess) {
|
||||
|
||||
DWORD dwSize;
|
||||
BOOL ret = QueryFullProcessImageNameW(hParentProcess, 0, lpszBuffer_Parent_Name, &dwSize);
|
||||
|
||||
CloseHandle(hParentProcess);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
CloseHandle(hProcess);
|
||||
return dwParentID;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// RestartInSandbox
|
||||
//---------------------------------------------------------------------------
|
||||
|
@ -1696,6 +1760,25 @@ ULONG RestartInSandbox(void)
|
|||
|
||||
SbieApi_GetHomePath(NULL, 0, dir, 1020);
|
||||
|
||||
//
|
||||
//
|
||||
//
|
||||
|
||||
if (SbieApi_QueryConfBool(BoxName, L"AlertBeforeStart", FALSE)) {
|
||||
|
||||
WCHAR parent_image[1020] = L"";
|
||||
GetParentPIDAndName(GetCurrentProcessId(), parent_image);
|
||||
|
||||
WCHAR* text = SbieDll_FormatMessage1(MSG_3198, BoxName);
|
||||
if (MessageBoxW(NULL, text, Sandboxie_Start_Title, MB_YESNO) == IDNO)
|
||||
return EXIT_FAILURE;
|
||||
|
||||
if (_wcsnicmp(parent_image, dir, wcslen(dir)) != 0) {
|
||||
if (MessageBoxW(NULL, SbieDll_FormatMessage0(3199), Sandboxie_Start_Title, MB_YESNO) == IDNO)
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
//
|
||||
//
|
||||
|
@ -1833,8 +1916,9 @@ int __stdcall WinMainCRTStartup(
|
|||
|
||||
ULONG NewState = DISABLE_JUST_THIS_PROCESS;
|
||||
SbieApi_DisableForceProcess(&NewState, NULL);
|
||||
return die(Program_Start());
|
||||
}
|
||||
if (disable_force_on_this_program || force_children_on_this_program)
|
||||
return die(Program_Start());
|
||||
}
|
||||
|
||||
return die(RestartInSandbox());
|
||||
|
|
|
@ -21,9 +21,22 @@
|
|||
#ifndef _MY_VERSION_H
|
||||
#define _MY_VERSION_H
|
||||
|
||||
#define MY_VERSION_BINARY 5,68,6
|
||||
#define MY_VERSION_STRING "5.68.6"
|
||||
#define MY_ABI_VERSION 0x56800
|
||||
#define STR2(X) #X
|
||||
#define STR(X) STR2(X)
|
||||
|
||||
#define VERSION_MJR 5
|
||||
#define VERSION_MIN 69
|
||||
#define VERSION_REV 1
|
||||
#define VERSION_UPD 0
|
||||
|
||||
#if VERSION_UPD > 0
|
||||
#define MY_VERSION_BINARY VERSION_MJR,VERSION_MIN,VERSION_REV,VERSION_UPD
|
||||
#define MY_VERSION_STRING STR(VERSION_MJR.VERSION_MIN.VERSION_REV.VERSION_UPD)
|
||||
#else
|
||||
#define MY_VERSION_BINARY VERSION_MJR,VERSION_MIN,VERSION_REV
|
||||
#define MY_VERSION_STRING STR(VERSION_MJR.VERSION_MIN.VERSION_REV)
|
||||
#endif
|
||||
#define MY_ABI_VERSION 0x56800
|
||||
|
||||
// These #defines are used by either Resource Compiler or NSIS installer
|
||||
#define SBIE_INSTALLER_PATH "..\\Bin\\"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2021 DavidXanatos, xanasoft.com
|
||||
* Copyright 2021-2024 DavidXanatos, xanasoft.com
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
@ -53,6 +53,53 @@
|
|||
|
||||
#define IPPROTO_ANY 256
|
||||
|
||||
#define SD_RECEIVE 0x00
|
||||
#define SD_SEND 0x01
|
||||
#define SD_BOTH 0x02
|
||||
|
||||
#define SOCKS_SUCCESS 0
|
||||
#define SOCKS_GENERAL_FAILURE 1
|
||||
|
||||
#define MSG_WAITALL 0x8 /* do not complete until packet is completely filled */
|
||||
|
||||
#define FIONBIO 0x8004667e
|
||||
|
||||
|
||||
/*
|
||||
* WinSock 2 extension -- bit values and indices for FD_XXX network events
|
||||
*/
|
||||
#define FD_READ_BIT 0
|
||||
#define FD_READ (1 << FD_READ_BIT)
|
||||
|
||||
#define FD_WRITE_BIT 1
|
||||
#define FD_WRITE (1 << FD_WRITE_BIT)
|
||||
|
||||
#define FD_OOB_BIT 2
|
||||
#define FD_OOB (1 << FD_OOB_BIT)
|
||||
|
||||
#define FD_ACCEPT_BIT 3
|
||||
#define FD_ACCEPT (1 << FD_ACCEPT_BIT)
|
||||
|
||||
#define FD_CONNECT_BIT 4
|
||||
#define FD_CONNECT (1 << FD_CONNECT_BIT)
|
||||
|
||||
#define FD_CLOSE_BIT 5
|
||||
#define FD_CLOSE (1 << FD_CLOSE_BIT)
|
||||
|
||||
#define FD_QOS_BIT 6
|
||||
#define FD_QOS (1 << FD_QOS_BIT)
|
||||
|
||||
#define FD_GROUP_QOS_BIT 7
|
||||
#define FD_GROUP_QOS (1 << FD_GROUP_QOS_BIT)
|
||||
|
||||
#define FD_ROUTING_INTERFACE_CHANGE_BIT 8
|
||||
#define FD_ROUTING_INTERFACE_CHANGE (1 << FD_ROUTING_INTERFACE_CHANGE_BIT)
|
||||
|
||||
#define FD_ADDRESS_LIST_CHANGE_BIT 9
|
||||
#define FD_ADDRESS_LIST_CHANGE (1 << FD_ADDRESS_LIST_CHANGE_BIT)
|
||||
|
||||
#define FD_MAX_EVENTS 10
|
||||
#define FD_ALL_EVENTS ((1 << FD_MAX_EVENTS) - 1)
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Structures and Types
|
||||
|
@ -81,6 +128,13 @@ typedef struct {
|
|||
};
|
||||
} SCOPE_ID, *PSCOPE_ID;
|
||||
|
||||
typedef struct sockaddr {
|
||||
|
||||
ADDRESS_FAMILY sa_family; // Address family.
|
||||
|
||||
CHAR sa_data[14]; // Up to 14 bytes of direct address.
|
||||
} SOCKADDR, *PSOCKADDR, FAR *LPSOCKADDR;
|
||||
|
||||
typedef struct sockaddr_in {
|
||||
|
||||
ADDRESS_FAMILY sin_family;
|
||||
|
@ -109,6 +163,11 @@ typedef struct sockaddr_un {
|
|||
typedef void (*PIPFORWARD_CHANGE_CALLBACK)
|
||||
(void *CallerContext, void *Row, ULONG NotificationType);
|
||||
|
||||
typedef struct _WSANETWORKEVENTS {
|
||||
long lNetworkEvents;
|
||||
int iErrorCode[FD_MAX_EVENTS];
|
||||
} WSANETWORKEVENTS, FAR * LPWSANETWORKEVENTS;
|
||||
|
||||
#endif
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
|
|
|
@ -450,7 +450,7 @@ const WCHAR* wcsnchr(const WCHAR* str, size_t max, WCHAR ch)
|
|||
|
||||
int _inet_pton(int af, const wchar_t* src, void* dst);
|
||||
|
||||
int _inet_xton(const WCHAR* src, ULONG src_len, IP_ADDRESS *dst)
|
||||
int _inet_xton(const WCHAR* src, ULONG src_len, IP_ADDRESS *dst, USHORT *type)
|
||||
{
|
||||
WCHAR tmp[46 + 1]; // INET6_ADDRSTRLEN
|
||||
if (src_len > ARRAYSIZE(tmp) - 1) src_len = ARRAYSIZE(tmp) - 1;
|
||||
|
@ -460,7 +460,7 @@ int _inet_xton(const WCHAR* src, ULONG src_len, IP_ADDRESS *dst)
|
|||
USHORT af = wcschr(tmp, L':') != NULL ? AF_INET6 : AF_INET;
|
||||
//dst->Type = af
|
||||
int ret = _inet_pton(af, tmp, dst->Data);
|
||||
|
||||
if (type) *type = af;
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -522,16 +522,16 @@ BOOLEAN NetFw_ParseRule(NETFW_RULE* rule, const WCHAR* found_value)
|
|||
ULONG ip_len2 = (ULONG)(ip_value - ip_str2);
|
||||
|
||||
IP_ADDRESS ip1;
|
||||
_inet_xton(ip_str1, ip_len1, &ip1);
|
||||
_inet_xton(ip_str1, ip_len1, &ip1, NULL);
|
||||
IP_ADDRESS ip2;
|
||||
_inet_xton(ip_str2, ip_len2, &ip2);
|
||||
_inet_xton(ip_str2, ip_len2, &ip2, NULL);
|
||||
|
||||
NetFw_RuleAddIpRange(&rule->ip_map, &ip1, &ip2, rule->pool);
|
||||
}
|
||||
else
|
||||
{
|
||||
IP_ADDRESS ip;
|
||||
_inet_xton(ip_str1, ip_len1, &ip);
|
||||
_inet_xton(ip_str1, ip_len1, &ip, NULL);
|
||||
NetFw_RuleAddIpRange(&rule->ip_map, &ip, &ip, rule->pool);
|
||||
}
|
||||
}
|
||||
|
@ -552,6 +552,29 @@ BOOLEAN NetFw_ParseRule(NETFW_RULE* rule, const WCHAR* found_value)
|
|||
}
|
||||
|
||||
|
||||
BOOLEAN is_localhost(const struct sockaddr* name)
|
||||
{
|
||||
if (name->sa_family == AF_INET) {
|
||||
const SOCKADDR_IN* v4 = (const SOCKADDR_IN*)name;
|
||||
return v4->sin_addr.s_net == 0x7f;
|
||||
}
|
||||
if (name->sa_family == AF_INET6) {
|
||||
const SOCKADDR_IN6_LH* v6 = (const SOCKADDR_IN6_LH*)name;
|
||||
return v6->sin6_addr.u.Word[0] == 0 && v6->sin6_addr.u.Word[1] == 0 &&
|
||||
v6->sin6_addr.u.Word[2] == 0 && v6->sin6_addr.u.Word[3] == 0 &&
|
||||
v6->sin6_addr.u.Word[4] == 0 && v6->sin6_addr.u.Word[5] == 0 &&
|
||||
v6->sin6_addr.u.Word[6] == 0 && v6->sin6_addr.u.Byte[14] == 0 &&
|
||||
v6->sin6_addr.u.Byte[15] == 1;
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
BOOLEAN is_inet(const struct sockaddr* name)
|
||||
{
|
||||
return name->sa_family == AF_INET || name->sa_family == AF_INET6;
|
||||
}
|
||||
|
||||
|
||||
|
||||
#include <inaddr.h>
|
||||
#include <in6addr.h>
|
||||
|
|
|
@ -27,4 +27,12 @@ BOOLEAN NetFw_ParseRule(NETFW_RULE* rule, const WCHAR* RuleStr);
|
|||
|
||||
void NetFw_FreeRule(NETFW_RULE* rule);
|
||||
|
||||
|
||||
int _wntoi(const WCHAR* str, ULONG max);
|
||||
int _inet_pton(int af, const wchar_t* src, void* dst);
|
||||
int _inet_aton(const wchar_t* from, struct in_addr* in);
|
||||
int _inet_xton(const WCHAR* src, ULONG max, IP_ADDRESS* dst, USHORT* type);
|
||||
BOOLEAN is_localhost(const struct sockaddr* name);
|
||||
BOOLEAN is_inet(const struct sockaddr* name);
|
||||
|
||||
#endif
|
|
@ -58,6 +58,9 @@ struct _PATTERN {
|
|||
// a value denoting the match level for the process
|
||||
ULONG level;
|
||||
|
||||
// optional auxyliary data to be associated with this pattern
|
||||
PVOID aux;
|
||||
|
||||
// array of pointers to constant parts. the actual number of
|
||||
// elements is indicate by info.num_cons, and the strings are
|
||||
// allocated as part of this PATTERN object
|
||||
|
@ -308,6 +311,17 @@ _FX ULONG Pattern_Level(PATTERN *pat)
|
|||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Pattern_Aux
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX PVOID* Pattern_Aux(PATTERN *pat)
|
||||
{
|
||||
return &pat->aux;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Pattern_Wildcards
|
||||
//---------------------------------------------------------------------------
|
||||
|
@ -655,7 +669,7 @@ _FX const WCHAR *Pattern_wcsnstr_ex(
|
|||
|
||||
|
||||
_FX int Pattern_MatchPathList(
|
||||
WCHAR *path_lwr, ULONG path_len, LIST *list, ULONG* plevel, ULONG* pflags, USHORT* pwildc, const WCHAR** patsrc)
|
||||
WCHAR *path_lwr, ULONG path_len, LIST *list, ULONG* plevel, ULONG* pflags, USHORT* pwildc, PATTERN **found)
|
||||
{
|
||||
PATTERN *pat;
|
||||
int match_len = 0;
|
||||
|
@ -682,7 +696,7 @@ _FX int Pattern_MatchPathList(
|
|||
level = cur_level;
|
||||
flags = cur_exact ? MATCH_FLAG_EXACT : 0;
|
||||
wildc = cur_wildc;
|
||||
if (patsrc) *patsrc = Pattern_Source(pat);
|
||||
if (found) *found = pat;
|
||||
|
||||
// we need to test all entries to find the best match, so we don't break here
|
||||
// unless we found an exact match, than there can't be a batter one
|
||||
|
@ -705,7 +719,7 @@ _FX int Pattern_MatchPathList(
|
|||
level = cur_level;
|
||||
flags = MATCH_FLAG_AUX | (cur_exact ? MATCH_FLAG_EXACT : 0);
|
||||
wildc = cur_wildc;
|
||||
if (patsrc) *patsrc = Pattern_Source(pat);
|
||||
if (found) *found = pat;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -727,7 +741,7 @@ _FX int Pattern_MatchPathList(
|
|||
|
||||
_FX BOOLEAN Pattern_MatchPathListEx(WCHAR *path_lwr, ULONG path_len, LIST *list, ULONG* plevel, int* pmatch_len, ULONG* pflags, USHORT* pwildc, const WCHAR** patsrc)
|
||||
{
|
||||
const WCHAR* cur_patsrc;
|
||||
PATTERN* found;
|
||||
ULONG cur_level;
|
||||
ULONG cur_flags;
|
||||
USHORT cur_wildc;
|
||||
|
@ -737,7 +751,7 @@ _FX BOOLEAN Pattern_MatchPathListEx(WCHAR *path_lwr, ULONG path_len, LIST *list,
|
|||
cur_level = *plevel;
|
||||
cur_flags = *pflags;
|
||||
cur_wildc = *pwildc;
|
||||
cur_len = Pattern_MatchPathList(path_lwr, path_len, list, &cur_level, &cur_flags, &cur_wildc, &cur_patsrc);
|
||||
cur_len = Pattern_MatchPathList(path_lwr, path_len, list, &cur_level, &cur_flags, &cur_wildc, &found);
|
||||
if (cur_level <= *plevel && (
|
||||
((*pflags & MATCH_FLAG_EXACT) == 0 && (cur_flags & MATCH_FLAG_EXACT) != 0) || // an exact match overrules any non exact match
|
||||
((*pflags & MATCH_FLAG_AUX) != 0 && (cur_flags & MATCH_FLAG_AUX) == 0) || // a rule with a primary match overrules auxiliary matches
|
||||
|
@ -748,7 +762,7 @@ _FX BOOLEAN Pattern_MatchPathListEx(WCHAR *path_lwr, ULONG path_len, LIST *list,
|
|||
*pflags = cur_flags;
|
||||
*pwildc = cur_wildc;
|
||||
*pmatch_len = cur_len;
|
||||
if (patsrc) *patsrc = cur_patsrc;
|
||||
if (patsrc) *patsrc = Pattern_Source(found);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
|
|
@ -71,7 +71,13 @@ const WCHAR *Pattern_Source(PATTERN *pat);
|
|||
ULONG Pattern_Level(PATTERN *pat);
|
||||
|
||||
//
|
||||
// Pattern_Wildcards: returns count of wildcards in the pattern, not counting the trailing * when present
|
||||
// Pattern_Aux: returns the associated auxyliary data.
|
||||
//
|
||||
|
||||
PVOID* Pattern_Aux(PATTERN *pat);
|
||||
|
||||
//
|
||||
// Pattern_Wildcards: returns count of wildcards in the pattern, not counting the tailing * when rpresent
|
||||
//
|
||||
|
||||
USHORT Pattern_Wildcards(PATTERN *pat);
|
||||
|
@ -99,7 +105,7 @@ int Pattern_MatchX(PATTERN *pat, const WCHAR *string, int string_len);
|
|||
#define MATCH_FLAG_AUX 0x02
|
||||
|
||||
int Pattern_MatchPathList(
|
||||
WCHAR* path_lwr, ULONG path_len, LIST* list, ULONG* plevel, ULONG* pflags, USHORT* pwildc, const WCHAR** patsrc);
|
||||
WCHAR* path_lwr, ULONG path_len, LIST* list, ULONG* plevel, ULONG* pflags, USHORT* pwildc, PATTERN **found);
|
||||
BOOLEAN Pattern_MatchPathListEx(
|
||||
WCHAR* path_lwr, ULONG path_len, LIST* list, ULONG* plevel, int* pmatch_len, ULONG* pflags, USHORT* pwildc, const WCHAR** patsrc);
|
||||
|
||||
|
|
|
@ -0,0 +1,110 @@
|
|||
/*
|
||||
* Copyright 2024 David Xanatos, xanasoft.com
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Simple INSECURE Encryption Functions
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
#ifdef RC4_HEADER_ONLY
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Functions
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
void rc4_crypt(const unsigned char *key_ptr, unsigned int key_len, unsigned int stream_pos, unsigned char *buffer_ptr, unsigned int buffer_len);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} // extern "C"
|
||||
#endif
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Body
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
#else RC4_HEADER_ONLY
|
||||
|
||||
typedef struct rc4_sbox_s
|
||||
{
|
||||
unsigned char state[256];
|
||||
unsigned int x;
|
||||
unsigned int y;
|
||||
} rc4_sbox_t;
|
||||
|
||||
void rc4_swap(unsigned char &a, unsigned char &b)
|
||||
{
|
||||
unsigned char c = a;
|
||||
a = b;
|
||||
b = c;
|
||||
}
|
||||
|
||||
void rc4_init(rc4_sbox_t *rc4_sbox, const unsigned char *key_ptr, unsigned int key_len)
|
||||
{
|
||||
rc4_sbox->x = 0;
|
||||
rc4_sbox->y = 0;
|
||||
|
||||
// Initialisation of the permutation
|
||||
unsigned int i;
|
||||
for (i = 0; i < 256; i++)
|
||||
rc4_sbox->state[i] = (char)i;
|
||||
|
||||
// Mixing permutation
|
||||
unsigned int j = 0;
|
||||
unsigned int k;
|
||||
for (i = 0; i < 256; i++)
|
||||
{
|
||||
k = i % key_len;
|
||||
|
||||
j = (key_ptr[k] + rc4_sbox->state[i] + j) & 0xff;
|
||||
rc4_swap(rc4_sbox->state[i], rc4_sbox->state[j]);
|
||||
}
|
||||
}
|
||||
|
||||
void rc4_transform(rc4_sbox_t *rc4_sbox, unsigned char *buffer_ptr, unsigned int buffer_len)
|
||||
{
|
||||
unsigned int i;
|
||||
for (i = 0; i < buffer_len; i++)
|
||||
{
|
||||
// The pseudo-random generation algorithm
|
||||
rc4_sbox->x = (rc4_sbox->x + 1) & 0xff;
|
||||
rc4_sbox->y = (rc4_sbox->y + rc4_sbox->state[rc4_sbox->x]) & 0xff;
|
||||
rc4_swap(rc4_sbox->state[rc4_sbox->x], rc4_sbox->state[rc4_sbox->y]);
|
||||
unsigned char keyChar = rc4_sbox->state[(rc4_sbox->state[rc4_sbox->x] + rc4_sbox->state[rc4_sbox->y]) & 0xff];
|
||||
|
||||
if (buffer_ptr) // NULL when seeking
|
||||
buffer_ptr[i] ^= keyChar;
|
||||
}
|
||||
}
|
||||
|
||||
void rc4_crypt(const unsigned char* key_ptr, unsigned int key_len, unsigned int stream_pos, unsigned char* buffer_ptr, unsigned int buffer_len)
|
||||
{
|
||||
rc4_sbox_s sbox;
|
||||
rc4_init(&sbox, key_ptr, key_len);
|
||||
if(stream_pos) // RC4 is very insecure but the first few kb are espetially insecure
|
||||
rc4_transform(&sbox, NULL, stream_pos);
|
||||
rc4_transform(&sbox, buffer_ptr, buffer_len);
|
||||
}
|
||||
|
||||
#endif RC4_HEADER_ONLY
|
|
@ -622,6 +622,7 @@
|
|||
<ClCompile Include="iphlp.c" />
|
||||
<ClCompile Include="ipstore_enum.cpp" />
|
||||
<ClCompile Include="ipstore_impl.cpp" />
|
||||
<ClCompile Include="kernel.c" />
|
||||
<ClCompile Include="key.c" />
|
||||
<ClCompile Include="key_del.c">
|
||||
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
|
||||
|
@ -673,6 +674,7 @@
|
|||
<ClCompile Include="ole.cpp" />
|
||||
<ClCompile Include="pdh.c" />
|
||||
<ClCompile Include="proc.c" />
|
||||
<ClCompile Include="proxy.c" />
|
||||
<ClCompile Include="pst.cpp" />
|
||||
<ClCompile Include="rpcrt.c" />
|
||||
<ClCompile Include="sbieapi.c" />
|
||||
|
@ -787,14 +789,16 @@
|
|||
<ItemGroup>
|
||||
<ClInclude Include="..\..\apps\com\common.h" />
|
||||
<ClInclude Include="..\..\common\arm64_asm.h" />
|
||||
<ClInclude Include="..\..\common\defines.h" />
|
||||
<ClInclude Include="..\..\common\Detours\detours.h" />
|
||||
<ClInclude Include="..\..\common\Detours\detver.h" />
|
||||
<ClInclude Include="..\..\common\dllimport.h" />
|
||||
<ClInclude Include="..\..\common\map.h" />
|
||||
<ClInclude Include="..\..\common\my_version.h" />
|
||||
<ClInclude Include="..\..\common\my_wsa.h" />
|
||||
<ClInclude Include="..\..\common\my_xeb.h" />
|
||||
<ClInclude Include="..\..\common\ntproto.h" />
|
||||
<ClInclude Include="..\..\common\str_util.h" />
|
||||
<ClInclude Include="..\..\common\my_wsa.h" />
|
||||
<ClInclude Include="..\..\common\list.h" />
|
||||
<ClInclude Include="..\..\common\netfw.h" />
|
||||
<ClInclude Include="..\..\common\pattern.h" />
|
||||
|
@ -805,6 +809,9 @@
|
|||
<ClInclude Include="advapi.h" />
|
||||
<ClInclude Include="debug.h" />
|
||||
<ClInclude Include="dll.h" />
|
||||
<ClCompile Include="dns_filter.c">
|
||||
<FileType>CppCode</FileType>
|
||||
</ClCompile>
|
||||
<ClInclude Include="dump.h" />
|
||||
<ClInclude Include="guidlg.h" />
|
||||
<ClInclude Include="gui_p.h" />
|
||||
|
@ -819,6 +826,7 @@
|
|||
<ClInclude Include="sbiedll.h" />
|
||||
<ClInclude Include="taskbar.h" />
|
||||
<ClInclude Include="trace.h" />
|
||||
<ClInclude Include="wsa_defs.h" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ResourceCompile Include="lowlevel.rc" />
|
||||
|
|
|
@ -256,6 +256,13 @@
|
|||
<ClCompile Include="..\..\common\hook_util.c">
|
||||
<Filter>common</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="proxy.c">
|
||||
<Filter>net</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="dns_filter.c">
|
||||
<Filter>net</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="kernel.c" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="advapi.h" />
|
||||
|
@ -311,9 +318,6 @@
|
|||
<ClInclude Include="..\..\common\list.h">
|
||||
<Filter>common</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="..\..\common\my_wsa.h">
|
||||
<Filter>common</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="..\..\common\str_util.h">
|
||||
<Filter>common</Filter>
|
||||
</ClInclude>
|
||||
|
@ -356,6 +360,18 @@
|
|||
<ClInclude Include="..\..\common\arm64_asm.h">
|
||||
<Filter>common</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="..\..\common\defines.h">
|
||||
<Filter>common</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="wsa_defs.h">
|
||||
<Filter>net</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="..\..\common\my_wsa.h">
|
||||
<Filter>common</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="..\..\common\my_xeb.h">
|
||||
<Filter>common</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ResourceCompile Include="resource.rc" />
|
||||
|
|
|
@ -48,6 +48,8 @@ SbieApi_QueryProcessEx=_SbieApi_QueryProcessEx@24
|
|||
SbieApi_QueryProcessInfo=_SbieApi_QueryProcessInfo@8
|
||||
SbieApi_QueryProcessPath=_SbieApi_QueryProcessPath@28
|
||||
|
||||
SbieApi_QueryDrvInfo=_SbieApi_QueryDrvInfo@12
|
||||
|
||||
SbieApi_ReloadConf=_SbieApi_ReloadConf@8
|
||||
|
||||
SbieApi_SessionLeader=_SbieApi_SessionLeader@8
|
||||
|
|
|
@ -322,14 +322,14 @@ _FX BOOLEAN Config_InitPatternList(const WCHAR* boxname, const WCHAR* setting, L
|
|||
if (!NT_SUCCESS(status))
|
||||
break;
|
||||
++index;
|
||||
|
||||
if (dos)
|
||||
SbieDll_TranslateNtToDosPath(conf_buf);
|
||||
|
||||
ULONG level;
|
||||
WCHAR* value = Config_MatchImageAndGetValue(conf_buf, Dll_ImageName, &level);
|
||||
if (value)
|
||||
{
|
||||
if (dos && *value != L'*')
|
||||
SbieDll_TranslateNtToDosPath(value);
|
||||
|
||||
pat = Pattern_Create(Dll_Pool, value, TRUE, level);
|
||||
|
||||
List_Insert_After(list, NULL, pat);
|
||||
|
|
|
@ -200,6 +200,7 @@ typedef struct _THREAD_DATA {
|
|||
BOOLEAN proc_create_process_capture_image;
|
||||
BOOLEAN proc_create_process_force_elevate;
|
||||
BOOLEAN proc_create_process_as_invoker;
|
||||
BOOLEAN proc_create_process_fake_admin;
|
||||
BOOLEAN proc_image_is_copy;
|
||||
WCHAR *proc_image_path;
|
||||
WCHAR *proc_command_line;
|
||||
|
@ -281,6 +282,7 @@ extern ULONG Dll_SidStringLen;
|
|||
extern ULONG Dll_ProcessId;
|
||||
extern ULONG Dll_SessionId;
|
||||
|
||||
extern ULONG Dll_DriverFlags;
|
||||
extern ULONG64 Dll_ProcessFlags;
|
||||
|
||||
#ifndef _WIN64
|
||||
|
@ -310,6 +312,8 @@ extern ULONG Dll_Windows;
|
|||
extern PSECURITY_DESCRIPTOR Secure_NormalSD;
|
||||
extern PSECURITY_DESCRIPTOR Secure_EveryoneSD;
|
||||
|
||||
extern BOOLEAN Secure_FakeAdmin;
|
||||
|
||||
extern BOOLEAN Ldr_BoxedImage;
|
||||
|
||||
extern WCHAR *Ldr_ImageTruePath;
|
||||
|
@ -401,19 +405,6 @@ void SbieDll_ReleaseFilePathLock();
|
|||
|
||||
BOOLEAN SbieDll_HasReadableSubPath(WCHAR path_code, const WCHAR* TruePath);
|
||||
|
||||
#define PATH_OPEN_FLAG 0x10
|
||||
#define PATH_CLOSED_FLAG 0x20
|
||||
#define PATH_WRITE_FLAG 0x40
|
||||
|
||||
#define PATH_IS_OPEN(f) (((f) & PATH_OPEN_FLAG) != 0)
|
||||
#define PATH_NOT_OPEN(f) (((f) & PATH_OPEN_FLAG) == 0)
|
||||
|
||||
#define PATH_IS_CLOSED(f) (((f) & PATH_CLOSED_FLAG) != 0)
|
||||
#define PATH_NOT_CLOSED(f) (((f) & PATH_CLOSED_FLAG) == 0)
|
||||
|
||||
#define PATH_IS_WRITE(f) (((f) & PATH_WRITE_FLAG) != 0)
|
||||
#define PATH_NOT_WRITE(f) (((f) & PATH_WRITE_FLAG) == 0)
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Functions (dllmain)
|
||||
|
@ -731,6 +722,8 @@ BOOLEAN SH32_Init_ZipFldr(HMODULE);
|
|||
|
||||
BOOLEAN SH32_Init_UxTheme(HMODULE);
|
||||
|
||||
BOOLEAN Kernel_Init();
|
||||
|
||||
BOOLEAN Gui_Init(HMODULE);
|
||||
|
||||
BOOLEAN Gui_Init_IMM32(HMODULE);
|
||||
|
|
|
@ -89,6 +89,7 @@ ULONG Dll_SidStringLen = 0;
|
|||
ULONG Dll_ProcessId = 0;
|
||||
ULONG Dll_SessionId = 0;
|
||||
|
||||
ULONG Dll_DriverFlags = 0;
|
||||
ULONG64 Dll_ProcessFlags = 0;
|
||||
|
||||
#ifndef _WIN64
|
||||
|
@ -312,6 +313,12 @@ _FX void Dll_InitInjected(void)
|
|||
Dll_HomeNtPathLen = wcslen(Dll_HomeNtPath);
|
||||
//Dll_HomeDosPathLen = wcslen(Dll_HomeDosPath);
|
||||
|
||||
//
|
||||
// get features flags
|
||||
//
|
||||
|
||||
SbieApi_QueryDrvInfo(0, &Dll_DriverFlags, sizeof(Dll_DriverFlags));
|
||||
|
||||
//
|
||||
// get process type and flags
|
||||
//
|
||||
|
@ -496,6 +503,9 @@ _FX void Dll_InitInjected(void)
|
|||
if (ok)
|
||||
ok = Proc_Init();
|
||||
|
||||
if (ok)
|
||||
ok = Kernel_Init();
|
||||
|
||||
if (ok)
|
||||
ok = Gui_InitConsole1();
|
||||
|
||||
|
|
|
@ -28,7 +28,6 @@
|
|||
#include "core/drv/api_defs.h"
|
||||
#include "core/drv/api_flags.h"
|
||||
|
||||
#define USE_MATCH_PATH_EX
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Structures and Types
|
||||
|
@ -317,20 +316,11 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
|
|||
LIST *open_list, *closed_list, *write_list;
|
||||
PATTERN *pat;
|
||||
#endif
|
||||
WCHAR *path_lwr;
|
||||
ULONG path_len;
|
||||
ULONG mp_flags;
|
||||
ULONG monflag;
|
||||
|
||||
mp_flags = 0;
|
||||
|
||||
if (path == (const WCHAR *)-1) {
|
||||
path = NULL;
|
||||
path_len = 0;
|
||||
} else {
|
||||
path_len = wcslen(path);
|
||||
if (! path_len)
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (path_code == L'f') {
|
||||
|
@ -446,13 +436,82 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
|
|||
} else
|
||||
return 0;
|
||||
|
||||
#ifdef USE_MATCH_PATH_EX
|
||||
BOOLEAN use_rule_specificity = (path_code == L'f' || path_code == L'k' || path_code == L'i') && (Dll_ProcessFlags & SBIE_FLAG_RULE_SPECIFICITY) != 0;
|
||||
//BOOLEAN use_privacy_mode = (path_code == L'f' || path_code == L'k') && (Dll_ProcessFlags & SBIE_FLAG_PRIVACY_MODE) != 0;
|
||||
|
||||
//mp_flags = SbieDll_MatchPathImpl(use_rule_specificity, use_privacy_mode, path, normal_list, open_list, closed_list, write_list, read_list);
|
||||
mp_flags = SbieDll_MatchPathImpl(use_rule_specificity, path, normal_list, open_list, closed_list, write_list, read_list);
|
||||
#else
|
||||
mp_flags = SbieDll_MatchPathImpl(path, open_list, closed_list, write_list);
|
||||
#endif
|
||||
|
||||
if (path_code == L'f')
|
||||
LeaveCriticalSection(&Dll_FilePathListCritSec);
|
||||
|
||||
//
|
||||
// scan paths list. if the path to match does not already end with
|
||||
// a backslash character, we will check it twice, second time with
|
||||
// a suffixing backslash. this will make sure we match C:\X even
|
||||
// even when {Open,Closed}XxxPath=C:\X\ (with a backslash suffix)
|
||||
// make sure that Sandboxie resources marked "always in box"
|
||||
// will not match any OpenIpcPath or ClosedIpcPath settings
|
||||
//
|
||||
|
||||
if (path_code == L'i' && mp_flags && path) {
|
||||
|
||||
WCHAR *LastBackSlash = wcsrchr(path, L'\\');
|
||||
if (LastBackSlash && wcsncmp(LastBackSlash + 1,
|
||||
SBIE_BOXED_, SBIE_BOXED_LEN) == 0) {
|
||||
|
||||
mp_flags = 0;
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// log access request in the resource access monitor
|
||||
//
|
||||
|
||||
if (path && monflag) {
|
||||
|
||||
if (PATH_IS_CLOSED(mp_flags))
|
||||
monflag |= MONITOR_DENY;
|
||||
// If hts file or key it will be logged by the driver's trace facility
|
||||
// we only have to log closed events as those never reach the driver
|
||||
// we need to always log to have also logs in compartment mode
|
||||
//else if (monflag == MONITOR_FILE || monflag == MONITOR_KEY)
|
||||
// bMonitorLog = FALSE;
|
||||
else if (PATH_IS_OPEN(mp_flags))
|
||||
monflag |= MONITOR_OPEN;
|
||||
|
||||
if (bMonitorLog)
|
||||
{
|
||||
SbieApi_MonitorPut2(monflag, path, bCheckObjectExists);
|
||||
}
|
||||
}
|
||||
|
||||
return mp_flags;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// SbieDll_MatchPath2
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
#ifdef USE_MATCH_PATH_EX
|
||||
//_FX ULONG SbieDll_MatchPathImpl(BOOLEAN use_rule_specificity, BOOLEAN use_privacy_mode, const WCHAR* path, LIST* normal_list, LIST* open_list, LIST* closed_list, LIST* write_list, LIST* read_list)
|
||||
_FX ULONG SbieDll_MatchPathImpl(BOOLEAN use_rule_specificity, const WCHAR* path, LIST* normal_list, LIST* open_list, LIST* closed_list, LIST* write_list, LIST* read_list)
|
||||
#else
|
||||
_FX ULONG SbieDll_MatchPathImpl(const WCHAR* path, LIST* open_list, LIST* closed_list, LIST* write_list)
|
||||
#endif
|
||||
{
|
||||
WCHAR *path_lwr;
|
||||
ULONG path_len = 0;
|
||||
ULONG mp_flags = 0;
|
||||
|
||||
if(path) {
|
||||
path_len = wcslen(path);
|
||||
if (! path_len)
|
||||
return 0;
|
||||
}
|
||||
|
||||
path_lwr = Dll_AllocTemp((path_len + 4) * sizeof(WCHAR));
|
||||
|
||||
wmemcpy(path_lwr, path, path_len);
|
||||
|
@ -468,8 +527,6 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
|
|||
ULONG flags;
|
||||
USHORT wildc;
|
||||
|
||||
BOOLEAN use_rule_specificity = (path_code == L'f' || path_code == L'k' || path_code == L'i') && (Dll_ProcessFlags & SBIE_FLAG_RULE_SPECIFICITY) != 0;
|
||||
|
||||
//
|
||||
// set default behaviour
|
||||
//
|
||||
|
@ -506,7 +563,7 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
|
|||
//
|
||||
|
||||
if (Pattern_MatchPathListEx(path_lwr, path_len, read_list, &level, &match_len, &flags, &wildc, NULL)) { //patsrc)) {
|
||||
mp_flags = PATH_OPEN_FLAG; // say its open and let the driver deny the write access
|
||||
mp_flags = PATH_READ_FLAG;
|
||||
if (!use_rule_specificity) goto finish;
|
||||
}
|
||||
|
||||
|
@ -531,6 +588,14 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
|
|||
finish:
|
||||
|
||||
#else
|
||||
|
||||
//
|
||||
// scan paths list. if the path to match does not already end with
|
||||
// a backslash character, we will check it twice, second time with
|
||||
// a suffixing backslash. this will make sure we match C:\X even
|
||||
// even when {Open,Closed}XxxPath=C:\X\ (with a backslash suffix)
|
||||
//
|
||||
|
||||
//
|
||||
// ClosedXxxPath
|
||||
//
|
||||
|
@ -621,46 +686,6 @@ finish:
|
|||
}
|
||||
#endif
|
||||
|
||||
if (path_code == L'f')
|
||||
LeaveCriticalSection(&Dll_FilePathListCritSec);
|
||||
|
||||
//
|
||||
// make sure that Sandboxie resources marked "always in box"
|
||||
// will not match any OpenIpcPath or ClosedIpcPath settings
|
||||
//
|
||||
|
||||
if (path_code == L'i' && mp_flags && path) {
|
||||
|
||||
WCHAR *LastBackSlash = wcsrchr(path, L'\\');
|
||||
if (LastBackSlash && wcsncmp(LastBackSlash + 1,
|
||||
SBIE_BOXED_, SBIE_BOXED_LEN) == 0) {
|
||||
|
||||
mp_flags = 0;
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// log access request in the resource access monitor
|
||||
//
|
||||
|
||||
if (path && monflag) {
|
||||
|
||||
if (PATH_IS_CLOSED(mp_flags))
|
||||
monflag |= MONITOR_DENY;
|
||||
// If hts file or key it will be logged by the driver's trace facility
|
||||
// we only have to log closed events as those never reach the driver
|
||||
// we need to always log to have also logs in compartment mode
|
||||
//else if (monflag == MONITOR_FILE || monflag == MONITOR_KEY)
|
||||
// bMonitorLog = FALSE;
|
||||
else if (PATH_IS_OPEN(mp_flags))
|
||||
monflag |= MONITOR_OPEN;
|
||||
|
||||
if (bMonitorLog)
|
||||
{
|
||||
SbieApi_MonitorPut2(monflag, path, bCheckObjectExists);
|
||||
}
|
||||
}
|
||||
|
||||
Dll_Free(path_lwr);
|
||||
|
||||
return mp_flags;
|
||||
|
|
|
@ -0,0 +1,437 @@
|
|||
/*
|
||||
* Copyright 2022 David Xanatos, xanasoft.com
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// DNS Filter
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
#define NOGDI
|
||||
#include "dll.h"
|
||||
|
||||
#include <windows.h>
|
||||
#include <wchar.h>
|
||||
#include <oleauto.h>
|
||||
#include "common/my_wsa.h"
|
||||
#include "common/netfw.h"
|
||||
#include "common/map.h"
|
||||
#include "wsa_defs.h"
|
||||
#include "common/pattern.h"
|
||||
#include "common/str_util.h"
|
||||
#include "core/drv/api_defs.h"
|
||||
#include "core/drv/verify.h"
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Functions
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
static int WSA_WSALookupServiceBeginW(
|
||||
LPWSAQUERYSETW lpqsRestrictions,
|
||||
DWORD dwControlFlags,
|
||||
LPHANDLE lphLookup);
|
||||
|
||||
static int WSA_WSALookupServiceNextW(
|
||||
HANDLE hLookup,
|
||||
DWORD dwControlFlags,
|
||||
LPDWORD lpdwBufferLength,
|
||||
LPWSAQUERYSETW lpqsResults);
|
||||
|
||||
static int WSA_WSALookupServiceEnd(HANDLE hLookup);
|
||||
|
||||
|
||||
BOOLEAN WSA_GetIP(const short* addr, int addrlen, IP_ADDRESS* pIP);
|
||||
void WSA_DumpIP(ADDRESS_FAMILY af, IP_ADDRESS* pIP, wchar_t* pStr);
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
static P_WSALookupServiceBeginW __sys_WSALookupServiceBeginW = NULL;
|
||||
static P_WSALookupServiceNextW __sys_WSALookupServiceNextW = NULL;
|
||||
static P_WSALookupServiceEnd __sys_WSALookupServiceEnd = NULL;
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Variables
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
extern POOL* Dll_Pool;
|
||||
|
||||
static LIST WSA_FilterList;
|
||||
static BOOLEAN WSA_FilterEnabled = FALSE;
|
||||
|
||||
typedef struct _IP_ENTRY
|
||||
{
|
||||
LIST_ELEM list_elem;
|
||||
|
||||
USHORT Type;
|
||||
IP_ADDRESS IP;
|
||||
} IP_ENTRY;
|
||||
|
||||
typedef struct _WSA_LOOKUP {
|
||||
LIST* pEntries;
|
||||
BOOLEAN NoMore;
|
||||
} WSA_LOOKUP;
|
||||
|
||||
static HASH_MAP WSA_LookupMap;
|
||||
|
||||
static BOOLEAN WSA_DnsTraceFlag = FALSE;
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// WSA_GetLookup
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX WSA_LOOKUP* WSA_GetLookup(HANDLE h, BOOLEAN bCanAdd)
|
||||
{
|
||||
WSA_LOOKUP* pLookup = (WSA_LOOKUP*)map_get(&WSA_LookupMap, h);
|
||||
if (pLookup == NULL && bCanAdd)
|
||||
pLookup = (WSA_LOOKUP*)map_insert(&WSA_LookupMap, h, NULL, sizeof(WSA_LOOKUP));
|
||||
return pLookup;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// WSA_InitNetDnsFilter
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX BOOLEAN WSA_InitNetDnsFilter(HMODULE module)
|
||||
{
|
||||
P_WSALookupServiceBeginW WSALookupServiceBeginW;
|
||||
P_WSALookupServiceNextW WSALookupServiceNextW;
|
||||
P_WSALookupServiceEnd WSALookupServiceEnd;
|
||||
|
||||
List_Init(&WSA_FilterList);
|
||||
|
||||
//
|
||||
// Load filter rules
|
||||
//
|
||||
|
||||
WCHAR conf_buf[256];
|
||||
for (ULONG index = 0; ; ++index) {
|
||||
|
||||
NTSTATUS status = SbieApi_QueryConf(
|
||||
NULL, L"NetworkDnsFilter", index, conf_buf, sizeof(conf_buf) - 16 * sizeof(WCHAR));
|
||||
if (!NT_SUCCESS(status))
|
||||
break;
|
||||
|
||||
ULONG level = -1;
|
||||
WCHAR* value = Config_MatchImageAndGetValue(conf_buf, Dll_ImageName, &level);
|
||||
if (!value)
|
||||
continue;
|
||||
|
||||
WCHAR* domain_ip = wcschr(value, L':');
|
||||
if (domain_ip)
|
||||
*domain_ip++ = L'\0';
|
||||
|
||||
PATTERN* pat = Pattern_Create(Dll_Pool, value, TRUE, level);
|
||||
|
||||
if (domain_ip) {
|
||||
|
||||
LIST* entries = (LIST*)Dll_Alloc(sizeof(LIST));
|
||||
List_Init(entries);
|
||||
|
||||
BOOLEAN HasV6 = FALSE;
|
||||
|
||||
const WCHAR* ip_value = domain_ip;
|
||||
ULONG ip_len = wcslen(domain_ip);
|
||||
for (const WCHAR* ip_end = ip_value + ip_len; ip_value < ip_end;) {
|
||||
const WCHAR* ip_str1;
|
||||
ULONG ip_len1;
|
||||
ip_value = SbieDll_GetTagValue(ip_value, ip_end, &ip_str1, &ip_len1, L';');
|
||||
|
||||
IP_ENTRY* entry = (IP_ENTRY*)Dll_Alloc(sizeof(IP_ENTRY));
|
||||
if (_inet_xton(ip_str1, ip_len1, &entry->IP, &entry->Type) == 1) {
|
||||
if (entry->Type == AF_INET6)
|
||||
HasV6 = TRUE;
|
||||
List_Insert_After(entries, NULL, entry);
|
||||
}
|
||||
}
|
||||
|
||||
if (!HasV6) {
|
||||
|
||||
//
|
||||
// when there are no IPv6 entries create mapped once from the v4 ips
|
||||
//
|
||||
|
||||
for (IP_ENTRY* entry = (IP_ENTRY*)List_Head(entries); entry && entry->Type == AF_INET; entry = (IP_ENTRY*)List_Next(entry)) {
|
||||
|
||||
IP_ENTRY* entry6 = (IP_ENTRY*)Dll_Alloc(sizeof(IP_ENTRY));
|
||||
entry6->Type = AF_INET6;
|
||||
entry6->IP = entry->IP;
|
||||
List_Insert_After(entries, NULL, entry6);
|
||||
}
|
||||
}
|
||||
|
||||
PVOID* aux = Pattern_Aux(pat);
|
||||
*aux = entries;
|
||||
}
|
||||
|
||||
List_Insert_After(&WSA_FilterList, NULL, pat);
|
||||
}
|
||||
|
||||
if (WSA_FilterList.count > 0) {
|
||||
|
||||
WSA_FilterEnabled = TRUE;
|
||||
|
||||
map_init(&WSA_LookupMap, Dll_Pool);
|
||||
|
||||
SCertInfo CertInfo = { 0 };
|
||||
if (!NT_SUCCESS(SbieApi_Call(API_QUERY_DRIVER_INFO, 3, -1, (ULONG_PTR)&CertInfo, sizeof(CertInfo))) || !CERT_IS_LEVEL(CertInfo, eCertAdvanced)) {
|
||||
|
||||
const WCHAR* strings[] = { L"NetworkDnsFilter" , NULL };
|
||||
SbieApi_LogMsgExt(-1, 6009, strings);
|
||||
|
||||
WSA_FilterEnabled = FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// Setup DNS hooks
|
||||
//
|
||||
|
||||
WSALookupServiceBeginW = (P_WSALookupServiceBeginW)GetProcAddress(module, "WSALookupServiceBeginW");
|
||||
if (WSALookupServiceBeginW) {
|
||||
SBIEDLL_HOOK(WSA_,WSALookupServiceBeginW);
|
||||
}
|
||||
|
||||
WSALookupServiceNextW = (P_WSALookupServiceNextW)GetProcAddress(module, "WSALookupServiceNextW");
|
||||
if (WSALookupServiceNextW) {
|
||||
SBIEDLL_HOOK(WSA_,WSALookupServiceNextW);
|
||||
}
|
||||
|
||||
WSALookupServiceEnd = (P_WSALookupServiceEnd)GetProcAddress(module, "WSALookupServiceEnd");
|
||||
if (WSALookupServiceEnd) {
|
||||
SBIEDLL_HOOK(WSA_,WSALookupServiceEnd);
|
||||
}
|
||||
|
||||
// If there are any DnsTrace options set, then output this debug string
|
||||
WCHAR wsTraceOptions[4];
|
||||
if (SbieApi_QueryConf(NULL, L"DnsTrace", 0, wsTraceOptions, sizeof(wsTraceOptions)) == STATUS_SUCCESS && wsTraceOptions[0] != L'\0')
|
||||
WSA_DnsTraceFlag = TRUE;
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// WSA_WSALookupServiceBeginW
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX int WSA_WSALookupServiceBeginW(
|
||||
LPWSAQUERYSETW lpqsRestrictions,
|
||||
DWORD dwControlFlags,
|
||||
LPHANDLE lphLookup)
|
||||
{
|
||||
int ret = __sys_WSALookupServiceBeginW(lpqsRestrictions, dwControlFlags, lphLookup);
|
||||
|
||||
if (WSA_DnsTraceFlag) {
|
||||
|
||||
WCHAR ClsId[64] = { 0 };
|
||||
if (lpqsRestrictions->lpServiceClassId) {
|
||||
Sbie_snwprintf(ClsId, 64, L" (ClsId: %08lX-%04hX-%04hX-%02hhX%02hhX-%02hhX%02hhX%02hhX%02hhX%02hhX%02hhX)",
|
||||
lpqsRestrictions->lpServiceClassId->Data1, lpqsRestrictions->lpServiceClassId->Data2, lpqsRestrictions->lpServiceClassId->Data3,
|
||||
lpqsRestrictions->lpServiceClassId->Data4[0], lpqsRestrictions->lpServiceClassId->Data4[1], lpqsRestrictions->lpServiceClassId->Data4[2], lpqsRestrictions->lpServiceClassId->Data4[3],
|
||||
lpqsRestrictions->lpServiceClassId->Data4[4], lpqsRestrictions->lpServiceClassId->Data4[5], lpqsRestrictions->lpServiceClassId->Data4[6], lpqsRestrictions->lpServiceClassId->Data4[7]);
|
||||
}
|
||||
|
||||
WCHAR msg[256];
|
||||
Sbie_snwprintf(msg, 256, L"DNS Request Begin: %s%s, NS: %d, Hdl: 0x%x, Err: %d)",
|
||||
lpqsRestrictions->lpszServiceInstanceName ? lpqsRestrictions->lpszServiceInstanceName : L"Unnamed",
|
||||
ClsId, lpqsRestrictions->dwNameSpace, lphLookup ? *lphLookup : NULL, ret == SOCKET_ERROR ? GetLastError() : 0);
|
||||
SbieApi_MonitorPutMsg(MONITOR_DNS, msg);
|
||||
}
|
||||
|
||||
if (WSA_FilterEnabled && ret == NO_ERROR) {
|
||||
|
||||
if (lpqsRestrictions->lpszServiceInstanceName) {
|
||||
|
||||
ULONG path_len = wcslen(lpqsRestrictions->lpszServiceInstanceName);
|
||||
WCHAR* path_lwr = (WCHAR*)Dll_AllocTemp((path_len + 4) * sizeof(WCHAR));
|
||||
wmemcpy(path_lwr, lpqsRestrictions->lpszServiceInstanceName, path_len);
|
||||
path_lwr[path_len] = L'\0';
|
||||
_wcslwr(path_lwr);
|
||||
|
||||
PATTERN* found;
|
||||
if (Pattern_MatchPathList(path_lwr, path_len, &WSA_FilterList, NULL, NULL, NULL, &found) > 0) {
|
||||
|
||||
WCHAR msg[256];
|
||||
Sbie_snwprintf(msg, 256, L"DNS Request Filtered: %s (Hdl: 0x%x)", Pattern_Source(found), *lphLookup);
|
||||
SbieApi_MonitorPutMsg(MONITOR_DNS | MONITOR_DENY, msg);
|
||||
|
||||
WSA_LOOKUP* pLookup = WSA_GetLookup(*lphLookup, TRUE);
|
||||
|
||||
PVOID* aux = Pattern_Aux(found);
|
||||
if (*aux)
|
||||
pLookup->pEntries = (LIST*)*aux;
|
||||
else
|
||||
pLookup->NoMore = TRUE;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// WSA_WSALookupServiceNextW
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX int WSA_WSALookupServiceNextW(
|
||||
HANDLE hLookup,
|
||||
DWORD dwControlFlags,
|
||||
LPDWORD lpdwBufferLength,
|
||||
LPWSAQUERYSETW lpqsResults)
|
||||
{
|
||||
WSA_LOOKUP* pLookup = NULL;
|
||||
|
||||
if (WSA_FilterEnabled) {
|
||||
|
||||
pLookup = WSA_GetLookup(hLookup, FALSE);
|
||||
|
||||
if (pLookup && pLookup->NoMore) {
|
||||
|
||||
SetLastError(WSA_E_NO_MORE);
|
||||
return SOCKET_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
int ret = __sys_WSALookupServiceNextW(hLookup, dwControlFlags, lpdwBufferLength, lpqsResults);
|
||||
|
||||
if (pLookup && pLookup->pEntries) {
|
||||
|
||||
//
|
||||
// This is a bit a simplified implementation, it assumes that all results are always of the same time
|
||||
// else it may truncate it early, also it cant return more results the have been found.
|
||||
//
|
||||
|
||||
if (lpqsResults->dwNumberOfCsAddrs > 0) {
|
||||
|
||||
IP_ENTRY* entry = (IP_ENTRY*)List_Head(pLookup->pEntries);
|
||||
|
||||
for (DWORD i = 0; i < lpqsResults->dwNumberOfCsAddrs; i++) {
|
||||
|
||||
USHORT af = lpqsResults->lpcsaBuffer[i].RemoteAddr.lpSockaddr->sa_family;
|
||||
for (; entry && entry->Type != af; entry = (IP_ENTRY*)List_Next(entry)); // skip to an antry of teh right type
|
||||
if (!entry) { // no more entries clear remaining results
|
||||
lpqsResults->dwNumberOfCsAddrs = i;
|
||||
break;
|
||||
}
|
||||
|
||||
if (af == AF_INET6)
|
||||
memcpy(((SOCKADDR_IN6_LH*)lpqsResults->lpcsaBuffer[i].RemoteAddr.lpSockaddr)->sin6_addr.u.Byte, entry->IP.Data, 16);
|
||||
else if (af == AF_INET)
|
||||
((SOCKADDR_IN*)lpqsResults->lpcsaBuffer[i].RemoteAddr.lpSockaddr)->sin_addr.S_un.S_addr = entry->IP.Data32[3];
|
||||
|
||||
entry = (IP_ENTRY*)List_Next(entry);
|
||||
}
|
||||
}
|
||||
|
||||
if (lpqsResults->lpBlob != NULL) {
|
||||
|
||||
IP_ENTRY* entry = (IP_ENTRY*)List_Head(pLookup->pEntries);
|
||||
|
||||
HOSTENT* hp = (HOSTENT*)lpqsResults->lpBlob->pBlobData;
|
||||
if (hp->h_addrtype == AF_INET6 || hp->h_addrtype == AF_INET) {
|
||||
|
||||
for (PCHAR* Addr = (PCHAR*)(((UINT_PTR)hp->h_addr_list + (UINT_PTR)hp)); *Addr; Addr++) {
|
||||
|
||||
for (; entry && entry->Type != hp->h_addrtype; entry = (IP_ENTRY*)List_Next(entry)); // skip to an antry of teh right type
|
||||
if (!entry) { // no more entries clear remaining results
|
||||
*Addr = 0;
|
||||
continue;
|
||||
}
|
||||
|
||||
PCHAR ptr = (PCHAR)(((UINT_PTR)*Addr + (UINT_PTR)hp));
|
||||
if (hp->h_addrtype == AF_INET6)
|
||||
memcpy(ptr, entry->IP.Data, 16);
|
||||
else if (hp->h_addrtype == AF_INET)
|
||||
*(DWORD*)ptr = entry->IP.Data32[3];
|
||||
|
||||
entry = (IP_ENTRY*)List_Next(entry);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pLookup->NoMore = TRUE;
|
||||
}
|
||||
|
||||
if (WSA_DnsTraceFlag) {
|
||||
|
||||
WCHAR msg[2048];
|
||||
Sbie_snwprintf(msg, 256, L"DNS Request Found: %s (NS: %d, Hdl: 0x%x, Err: %d)",
|
||||
lpqsResults->lpszServiceInstanceName, lpqsResults->dwNameSpace, hLookup, ret == SOCKET_ERROR ? GetLastError() : 0);
|
||||
|
||||
for (DWORD i = 0; i < lpqsResults->dwNumberOfCsAddrs; i++) {
|
||||
IP_ADDRESS ip;
|
||||
if (WSA_GetIP(lpqsResults->lpcsaBuffer[i].RemoteAddr.lpSockaddr, lpqsResults->lpcsaBuffer[i].RemoteAddr.iSockaddrLength, &ip))
|
||||
WSA_DumpIP(lpqsResults->lpcsaBuffer[i].RemoteAddr.lpSockaddr->sa_family, &ip, msg);
|
||||
}
|
||||
|
||||
if (lpqsResults->lpBlob != NULL) {
|
||||
|
||||
HOSTENT* hp = (HOSTENT*)lpqsResults->lpBlob->pBlobData;
|
||||
if (hp->h_addrtype != AF_INET6 && hp->h_addrtype != AF_INET) {
|
||||
WSA_DumpIP(hp->h_addrtype, NULL, msg);
|
||||
}
|
||||
else if (hp->h_addr_list) {
|
||||
for (PCHAR* Addr = (PCHAR*)(((UINT_PTR)hp->h_addr_list + (UINT_PTR)hp)); *Addr; Addr++) {
|
||||
|
||||
PCHAR ptr = (PCHAR)(((UINT_PTR)*Addr + (UINT_PTR)hp));
|
||||
|
||||
IP_ADDRESS ip;
|
||||
if (hp->h_addrtype == AF_INET6)
|
||||
memcpy(ip.Data, ptr, 16);
|
||||
else if (hp->h_addrtype == AF_INET)
|
||||
ip.Data32[3] = *(DWORD*)ptr;
|
||||
WSA_DumpIP(hp->h_addrtype, &ip, msg);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
SbieApi_MonitorPutMsg(MONITOR_DNS, msg);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// WSA_WSALookupServiceEnd
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX int WSA_WSALookupServiceEnd(HANDLE hLookup)
|
||||
{
|
||||
if (WSA_FilterEnabled)
|
||||
map_remove(&WSA_LookupMap, hLookup);
|
||||
|
||||
if (WSA_DnsTraceFlag) {
|
||||
|
||||
WCHAR msg[256];
|
||||
Sbie_snwprintf(msg, 256, L"DNS Request End (Hdl: 0x%x)", hLookup);
|
||||
SbieApi_MonitorPutMsg(MONITOR_DNS, msg);
|
||||
}
|
||||
|
||||
return __sys_WSALookupServiceEnd(hLookup);
|
||||
}
|
|
@ -118,6 +118,9 @@ SBIEDLL_EXPORT NTSTATUS File_GetName(
|
|||
HANDLE RootDirectory, UNICODE_STRING *ObjectName,
|
||||
WCHAR **OutTruePath, WCHAR **OutCopyPath, ULONG *OutFlags);
|
||||
|
||||
static WCHAR *File_TranslateDosToNtPath2(
|
||||
const WCHAR *DosPath, ULONG DosPathLen);
|
||||
|
||||
static WCHAR *File_GetName_TranslateSymlinks(
|
||||
THREAD_DATA *TlsData, const WCHAR *objname_buf, ULONG objname_len,
|
||||
BOOLEAN *translated);
|
||||
|
@ -262,6 +265,15 @@ static NTSTATUS File_NtDeleteFile(OBJECT_ATTRIBUTES *ObjectAttributes);
|
|||
|
||||
static NTSTATUS File_NtDeleteFileImpl(OBJECT_ATTRIBUTES *ObjectAttributes);
|
||||
|
||||
static WCHAR *File_ConcatPath2(
|
||||
const WCHAR *Path1, ULONG Path1Len, const WCHAR *Path2, ULONG Path2Len);
|
||||
|
||||
static WCHAR* File_CanonizePath(
|
||||
const wchar_t* absolute_path, ULONG abs_path_len, const wchar_t* relative_path, ULONG rel_path_len);
|
||||
|
||||
static NTSTATUS File_OpenForRenameFile(
|
||||
HANDLE* pSourceHandle, const WCHAR *TruePath);
|
||||
|
||||
static NTSTATUS File_RenameFile(
|
||||
HANDLE FileHandle, void *info, BOOLEAN LinkOp);
|
||||
|
||||
|
@ -6659,6 +6671,63 @@ _FX LONG File_RenameOpenFile(
|
|||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// File_OpenForRenameFile
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX NTSTATUS File_OpenForRenameFile(
|
||||
HANDLE* pSourceHandle, const WCHAR *TruePath)
|
||||
{
|
||||
THREAD_DATA *TlsData = Dll_GetTlsData(NULL);
|
||||
|
||||
NTSTATUS status;
|
||||
OBJECT_ATTRIBUTES objattrs;
|
||||
UNICODE_STRING objname;
|
||||
IO_STATUS_BLOCK IoStatusBlock;
|
||||
|
||||
InitializeObjectAttributes(
|
||||
&objattrs, &objname, OBJ_CASE_INSENSITIVE, NULL, Secure_NormalSD);
|
||||
|
||||
//
|
||||
// open the file for write access. this should cause the file
|
||||
// to be migrated into the sandbox, including its parent directories
|
||||
//
|
||||
|
||||
RtlInitUnicodeString(&objname, TruePath);
|
||||
|
||||
++TlsData->file_dont_strip_write_access;
|
||||
|
||||
status = NtCreateFile(
|
||||
pSourceHandle, FILE_GENERIC_WRITE | DELETE, &objattrs,
|
||||
&IoStatusBlock, NULL, 0, FILE_SHARE_VALID_FLAGS,
|
||||
FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);
|
||||
|
||||
if (status == STATUS_SHARING_VIOLATION ||
|
||||
status == STATUS_ACCESS_DENIED) {
|
||||
|
||||
//
|
||||
// Windows Mail opens *.eml files with a combination of
|
||||
// FILE_SHARE_READ | FILE_SHARE_DELETE, but not FILE_SHARE_WRITE,
|
||||
// which means we can't open them with FILE_GENERIC_WRITE
|
||||
// during rename processing here
|
||||
//
|
||||
// also, for read-only files, we get an error when we open them
|
||||
// for FILE_GENERIC_WRITE, but just DELETE should also work
|
||||
//
|
||||
|
||||
status = NtCreateFile(
|
||||
pSourceHandle, SYNCHRONIZE | DELETE, &objattrs,
|
||||
&IoStatusBlock, NULL, 0, FILE_SHARE_VALID_FLAGS,
|
||||
FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);
|
||||
}
|
||||
|
||||
--TlsData->file_dont_strip_write_access;
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// File_RenameFile
|
||||
//---------------------------------------------------------------------------
|
||||
|
@ -6718,52 +6787,23 @@ _FX NTSTATUS File_RenameFile(
|
|||
__leave;
|
||||
|
||||
//
|
||||
// open the file for write access. this should cause the file
|
||||
// to be migrated into the sandbox, including its parent directories
|
||||
// migrate into the sandbox, including its parent directories
|
||||
//
|
||||
|
||||
RtlInitUnicodeString(&objname, TruePath);
|
||||
status = File_OpenForRenameFile(&SourceHandle, TruePath);
|
||||
|
||||
++TlsData->file_dont_strip_write_access;
|
||||
//
|
||||
// if we still get STATUS_SHARING_VIOLATION, give up on trying
|
||||
// to make sure the file is migrated into the sandbox, and hope
|
||||
// that the input FileHandle is suitable for a rename operation
|
||||
//
|
||||
|
||||
status = NtCreateFile(
|
||||
&SourceHandle, FILE_GENERIC_WRITE | DELETE, &objattrs,
|
||||
&IoStatusBlock, NULL, 0, FILE_SHARE_VALID_FLAGS,
|
||||
FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);
|
||||
if (status == STATUS_SHARING_VIOLATION) {
|
||||
|
||||
if (status == STATUS_SHARING_VIOLATION ||
|
||||
status == STATUS_ACCESS_DENIED) {
|
||||
|
||||
//
|
||||
// Windows Mail opens *.eml files with a combination of
|
||||
// FILE_SHARE_READ | FILE_SHARE_DELETE, but not FILE_SHARE_WRITE,
|
||||
// which means we can't open them with FILE_GENERIC_WRITE
|
||||
// during rename processing here
|
||||
//
|
||||
// also, for read-only files, we get an error when we open them
|
||||
// for FILE_GENERIC_WRITE, but just DELETE should also work
|
||||
//
|
||||
|
||||
status = NtCreateFile(
|
||||
&SourceHandle, SYNCHRONIZE | DELETE, &objattrs,
|
||||
&IoStatusBlock, NULL, 0, FILE_SHARE_VALID_FLAGS,
|
||||
FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);
|
||||
|
||||
//
|
||||
// if we still get STATUS_SHARING_VIOLATION, give up on trying
|
||||
// to make sure the file is migrated into the sandbox, and hope
|
||||
// that the input FileHandle is suitable for a rename operation
|
||||
//
|
||||
|
||||
if (status == STATUS_SHARING_VIOLATION) {
|
||||
|
||||
SourceHandle = FileHandle;
|
||||
status = STATUS_SUCCESS;
|
||||
}
|
||||
SourceHandle = FileHandle;
|
||||
status = STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
--TlsData->file_dont_strip_write_access;
|
||||
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
|
|
|
@ -549,11 +549,11 @@ _FX VOID File_SavePathTree_internal(LIST* Root, const WCHAR* name, WCHAR* (*Tran
|
|||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// File_TranslateNtToDosPath2
|
||||
// File_TranslateNtToDosPathForDatFile
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX WCHAR* File_TranslateNtToDosPath2(const WCHAR *NtPath)
|
||||
_FX WCHAR* File_TranslateNtToDosPathForDatFile(const WCHAR *NtPath)
|
||||
{
|
||||
WCHAR *DosPath = NULL;
|
||||
ULONG len_nt;
|
||||
|
@ -635,7 +635,7 @@ _FX BOOLEAN File_SavePathTree()
|
|||
{
|
||||
EnterCriticalSection(File_PathRoot_CritSec);
|
||||
|
||||
File_SavePathTree_internal(&File_PathRoot, FILE_PATH_FILE_NAME, File_TranslateNtToDosPath2);
|
||||
File_SavePathTree_internal(&File_PathRoot, FILE_PATH_FILE_NAME, File_TranslateNtToDosPathForDatFile);
|
||||
|
||||
File_GetAttributes_internal(FILE_PATH_FILE_NAME, &File_PathsFileSize, &File_PathsFileDate, NULL);
|
||||
|
||||
|
@ -764,14 +764,13 @@ _FX BOOLEAN File_LoadPathTree_internal(LIST* Root, const WCHAR* name, WCHAR* (*T
|
|||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// File_TranslateDosToNtPath2
|
||||
// File_TranslateDosToNtPathForDatFile
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX WCHAR *File_TranslateDosToNtPath2(const WCHAR *DosPath)
|
||||
_FX WCHAR *File_TranslateDosToNtPathForDatFile(const WCHAR *DosPath)
|
||||
{
|
||||
WCHAR *NtPath = NULL;
|
||||
ULONG len_dos;
|
||||
|
||||
if (DosPath && DosPath[0] && DosPath[1]) {
|
||||
|
||||
|
@ -782,10 +781,7 @@ _FX WCHAR *File_TranslateDosToNtPath2(const WCHAR *DosPath)
|
|||
//
|
||||
|
||||
DosPath += 2;
|
||||
len_dos = wcslen(DosPath) + 1;
|
||||
NtPath = Dll_Alloc((File_MupLen + len_dos) * sizeof(WCHAR));
|
||||
wmemcpy(NtPath, File_Mup, File_MupLen);
|
||||
wmemcpy(NtPath + File_MupLen, DosPath, len_dos);
|
||||
NtPath = File_ConcatPath2(File_Mup, File_MupLen, DosPath, wcslen(DosPath));
|
||||
|
||||
} else if (DosPath[0] != L'\\') {
|
||||
|
||||
|
@ -815,10 +811,7 @@ _FX WCHAR *File_TranslateDosToNtPath2(const WCHAR *DosPath)
|
|||
}
|
||||
|
||||
DosPath += path_pos;
|
||||
len_dos = wcslen(DosPath) + 1;
|
||||
NtPath = Dll_Alloc((drive->len + len_dos) * sizeof(WCHAR));
|
||||
wmemcpy(NtPath, drive->path, drive->len);
|
||||
wmemcpy(NtPath + drive->len, DosPath, len_dos);
|
||||
NtPath = File_ConcatPath2(drive->path, drive->len, DosPath, wcslen(DosPath));
|
||||
|
||||
LeaveCriticalSection(File_DrivesAndLinks_CritSec);
|
||||
}
|
||||
|
@ -841,7 +834,7 @@ _FX BOOLEAN File_LoadPathTree()
|
|||
|
||||
EnterCriticalSection(File_PathRoot_CritSec);
|
||||
|
||||
File_LoadPathTree_internal(&File_PathRoot, FILE_PATH_FILE_NAME, File_TranslateDosToNtPath2);
|
||||
File_LoadPathTree_internal(&File_PathRoot, FILE_PATH_FILE_NAME, File_TranslateDosToNtPathForDatFile);
|
||||
|
||||
LeaveCriticalSection(File_PathRoot_CritSec);
|
||||
|
||||
|
@ -1038,7 +1031,7 @@ _FX NTSTATUS File_MarkDeleted_v2(const WCHAR* TruePath)
|
|||
HANDLE hPathsFile;
|
||||
if (File_OpenDataFile(FILE_PATH_FILE_NAME, &hPathsFile, TRUE))
|
||||
{
|
||||
File_AppendPathEntry_internal(hPathsFile, Path, FILE_DELETED_FLAG, NULL, File_TranslateNtToDosPath2);
|
||||
File_AppendPathEntry_internal(hPathsFile, Path, FILE_DELETED_FLAG, NULL, File_TranslateNtToDosPathForDatFile);
|
||||
|
||||
NtClose(hPathsFile);
|
||||
|
||||
|
|
|
@ -3162,6 +3162,59 @@ _FX NTSTATUS File_NtQueryVolumeInformationFile(
|
|||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// File_CanonizePath
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
WCHAR* File_CanonizePath(const wchar_t* absolute_path, ULONG abs_path_len, const wchar_t* relative_path, ULONG rel_path_len)
|
||||
{
|
||||
ULONG i, j;
|
||||
|
||||
while(absolute_path[abs_path_len-1] == L'\\')
|
||||
abs_path_len--;
|
||||
|
||||
WCHAR* result = Dll_Alloc((abs_path_len + rel_path_len + 1) * sizeof(wchar_t));
|
||||
if (!result) return NULL;
|
||||
wcsncpy(result, absolute_path, abs_path_len);
|
||||
result[abs_path_len] = 0;
|
||||
|
||||
for (i = 0; i < rel_path_len; ) {
|
||||
|
||||
if (relative_path[i] == L'.' && relative_path[i + 1] == L'.' && (relative_path[i + 2] == L'\\' || relative_path[i + 2] == L'\0')) {
|
||||
|
||||
for (j = abs_path_len - 1; j >= 0 && result[j] != L'\\'; --j)
|
||||
result[j] = L'\0';
|
||||
if (j >= 0)
|
||||
result[j] = L'\0';
|
||||
|
||||
abs_path_len = j;
|
||||
|
||||
i += 3;
|
||||
|
||||
} else if (relative_path[i] == L'.') {
|
||||
|
||||
i += 2;
|
||||
|
||||
} else {
|
||||
|
||||
for (j = i; j < rel_path_len && relative_path[j] != L'\\' && relative_path[j] != L'\0'; ++j)
|
||||
;
|
||||
|
||||
result[abs_path_len] = L'\\';
|
||||
wcsncpy(result + abs_path_len + 1, &relative_path[i], j - i);
|
||||
result[abs_path_len + j - i + 1] = L'\0';
|
||||
|
||||
abs_path_len += j - i + 1;
|
||||
|
||||
i = j + 1;
|
||||
}
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// File_SetReparsePoint
|
||||
//---------------------------------------------------------------------------
|
||||
|
@ -3170,23 +3223,27 @@ _FX NTSTATUS File_NtQueryVolumeInformationFile(
|
|||
_FX NTSTATUS File_SetReparsePoint(
|
||||
HANDLE FileHandle, PREPARSE_DATA_BUFFER Data, ULONG DataLen)
|
||||
{
|
||||
THREAD_DATA *TlsData;
|
||||
THREAD_DATA *TlsData = Dll_GetTlsData(NULL);
|
||||
|
||||
NTSTATUS status;
|
||||
UNICODE_STRING objname;
|
||||
OBJECT_ATTRIBUTES objattrs;
|
||||
WCHAR *TruePath, *CopyPath;
|
||||
//WCHAR *SourcePath = NULL, *TargetPath = NULL;
|
||||
WCHAR* AbsolutePath = NULL;
|
||||
ULONG FileFlags, mp_flags;
|
||||
PREPARSE_DATA_BUFFER NewData = NULL;
|
||||
ULONG NewDataLen;
|
||||
IO_STATUS_BLOCK MyIoStatusBlock;
|
||||
BOOLEAN MigrateTarget = FALSE;
|
||||
|
||||
if (! Data)
|
||||
return STATUS_BAD_INITIAL_PC;
|
||||
|
||||
//
|
||||
// get paths to source and target directories
|
||||
//
|
||||
|
||||
TlsData = Dll_GetTlsData(NULL);
|
||||
|
||||
Dll_PushTlsNameBuffer(TlsData);
|
||||
|
||||
__try {
|
||||
|
@ -3194,39 +3251,13 @@ _FX NTSTATUS File_SetReparsePoint(
|
|||
WCHAR* SubstituteNameBuffer;
|
||||
USHORT PrintNameLength;
|
||||
WCHAR* PrintNameBuffer;
|
||||
//BOOLEAN RelativePath = FALSE;
|
||||
|
||||
if (! Data)
|
||||
return STATUS_BAD_INITIAL_PC;
|
||||
|
||||
if (Data->ReparseTag == IO_REPARSE_TAG_SYMLINK)
|
||||
{
|
||||
SubstituteNameLength = Data->SymbolicLinkReparseBuffer.SubstituteNameLength;
|
||||
SubstituteNameBuffer = &Data->SymbolicLinkReparseBuffer.PathBuffer[Data->SymbolicLinkReparseBuffer.SubstituteNameOffset/sizeof(WCHAR)];
|
||||
PrintNameLength = Data->SymbolicLinkReparseBuffer.PrintNameLength;
|
||||
PrintNameBuffer = &Data->SymbolicLinkReparseBuffer.PathBuffer[Data->SymbolicLinkReparseBuffer.PrintNameOffset/sizeof(WCHAR)];
|
||||
if (Data->SymbolicLinkReparseBuffer.Flags & SYMLINK_FLAG_RELATIVE)
|
||||
return STATUS_BAD_INITIAL_PC; //RelativePath = TRUE; // let it be done normally
|
||||
|
||||
NewDataLen = (UFIELD_OFFSET(REPARSE_DATA_BUFFER, SymbolicLinkReparseBuffer.PathBuffer) - UFIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer));
|
||||
}
|
||||
else if (Data->ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
|
||||
{
|
||||
SubstituteNameLength = Data->MountPointReparseBuffer.SubstituteNameLength;
|
||||
SubstituteNameBuffer = &Data->MountPointReparseBuffer.PathBuffer[Data->MountPointReparseBuffer.SubstituteNameOffset/sizeof(WCHAR)];
|
||||
PrintNameLength = Data->MountPointReparseBuffer.PrintNameLength;
|
||||
PrintNameBuffer = &Data->MountPointReparseBuffer.PathBuffer[Data->MountPointReparseBuffer.PrintNameOffset/sizeof(WCHAR)];
|
||||
|
||||
NewDataLen = (UFIELD_OFFSET(REPARSE_DATA_BUFFER, MountPointReparseBuffer.PathBuffer) - UFIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer));
|
||||
}
|
||||
else
|
||||
return STATUS_BAD_INITIAL_PC;
|
||||
|
||||
//
|
||||
// get copy path of reparse source
|
||||
//
|
||||
|
||||
RtlInitUnicodeString(&objname, L"");
|
||||
|
||||
InitializeObjectAttributes(
|
||||
&objattrs, &objname, OBJ_CASE_INSENSITIVE, NULL, NULL);
|
||||
|
||||
|
@ -3251,6 +3282,38 @@ _FX NTSTATUS File_SetReparsePoint(
|
|||
__leave;
|
||||
}
|
||||
|
||||
//
|
||||
// get the absolute reparse target path
|
||||
//
|
||||
|
||||
if (Data->ReparseTag == IO_REPARSE_TAG_SYMLINK)
|
||||
{
|
||||
SubstituteNameLength = Data->SymbolicLinkReparseBuffer.SubstituteNameLength;
|
||||
SubstituteNameBuffer = &Data->SymbolicLinkReparseBuffer.PathBuffer[Data->SymbolicLinkReparseBuffer.SubstituteNameOffset/sizeof(WCHAR)];
|
||||
PrintNameLength = Data->SymbolicLinkReparseBuffer.PrintNameLength;
|
||||
PrintNameBuffer = &Data->SymbolicLinkReparseBuffer.PathBuffer[Data->SymbolicLinkReparseBuffer.PrintNameOffset/sizeof(WCHAR)];
|
||||
if (Data->SymbolicLinkReparseBuffer.Flags & SYMLINK_FLAG_RELATIVE) {
|
||||
|
||||
WCHAR* LinkName = wcsrchr(TruePath, L'\\');
|
||||
AbsolutePath = File_CanonizePath(TruePath, (ULONG)(LinkName - TruePath), SubstituteNameBuffer, SubstituteNameLength / sizeof(wchar_t));
|
||||
}
|
||||
|
||||
NewDataLen = (UFIELD_OFFSET(REPARSE_DATA_BUFFER, SymbolicLinkReparseBuffer.PathBuffer) - UFIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer));
|
||||
}
|
||||
else if (Data->ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
|
||||
{
|
||||
SubstituteNameLength = Data->MountPointReparseBuffer.SubstituteNameLength;
|
||||
SubstituteNameBuffer = &Data->MountPointReparseBuffer.PathBuffer[Data->MountPointReparseBuffer.SubstituteNameOffset/sizeof(WCHAR)];
|
||||
PrintNameLength = Data->MountPointReparseBuffer.PrintNameLength;
|
||||
PrintNameBuffer = &Data->MountPointReparseBuffer.PathBuffer[Data->MountPointReparseBuffer.PrintNameOffset/sizeof(WCHAR)];
|
||||
|
||||
NewDataLen = (UFIELD_OFFSET(REPARSE_DATA_BUFFER, MountPointReparseBuffer.PathBuffer) - UFIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer));
|
||||
}
|
||||
else {
|
||||
status = STATUS_BAD_INITIAL_PC;
|
||||
__leave;
|
||||
}
|
||||
|
||||
//if (File_Snapshot != NULL){
|
||||
// WCHAR* TmplName = File_FindSnapshotPath(CopyPath);
|
||||
// if (TmplName) CopyPath = TmplName;
|
||||
|
@ -3263,20 +3326,44 @@ _FX NTSTATUS File_SetReparsePoint(
|
|||
// get copy path of reparse target
|
||||
//
|
||||
|
||||
objname.Length = SubstituteNameLength;
|
||||
if (AbsolutePath) {
|
||||
objname.Length = wcslen(AbsolutePath) * sizeof(wchar_t);
|
||||
objname.Buffer = AbsolutePath;
|
||||
} else {
|
||||
objname.Length = SubstituteNameLength;
|
||||
objname.Buffer = SubstituteNameBuffer;
|
||||
}
|
||||
objname.MaximumLength = objname.Length;
|
||||
objname.Buffer = SubstituteNameBuffer;
|
||||
|
||||
status = File_GetName(NULL, &objname, &TruePath, &CopyPath, NULL);
|
||||
if (! NT_SUCCESS(status))
|
||||
__leave;
|
||||
|
||||
if (AbsolutePath) {
|
||||
|
||||
//
|
||||
// We can allow for a relative path in the box but must ensure the hatget gets migrated
|
||||
//
|
||||
|
||||
MigrateTarget = TRUE;
|
||||
status = STATUS_BAD_INITIAL_PC;
|
||||
__leave;
|
||||
}
|
||||
|
||||
//TargetPath = Dll_Alloc((wcslen(CopyPath) + 4) * sizeof(WCHAR));
|
||||
//wcscpy(TargetPath, CopyPath);
|
||||
|
||||
WCHAR* NewSubstituteNameBuffer = CopyPath;
|
||||
WCHAR* OldPrintNameBuffer = PrintNameBuffer; // we don't need to change the display name
|
||||
|
||||
if (Data->ReparseTag == IO_REPARSE_TAG_SYMLINK) {
|
||||
|
||||
SubstituteNameLength = wcslen(CopyPath) * sizeof(WCHAR);
|
||||
SbieDll_TranslateNtToDosPath(NewSubstituteNameBuffer);
|
||||
memmove(NewSubstituteNameBuffer + 4, NewSubstituteNameBuffer, (wcslen(NewSubstituteNameBuffer) + 1) * sizeof(wchar_t));
|
||||
wcsncpy(NewSubstituteNameBuffer, L"\\??\\", 4);
|
||||
}
|
||||
|
||||
SubstituteNameLength = wcslen(NewSubstituteNameBuffer) * sizeof(WCHAR);
|
||||
|
||||
NewDataLen += SubstituteNameLength + sizeof(WCHAR) + PrintNameLength + sizeof(WCHAR) + 8;
|
||||
NewData = Dll_Alloc(NewDataLen);
|
||||
|
@ -3306,7 +3393,7 @@ _FX NTSTATUS File_SetReparsePoint(
|
|||
PrintNameBuffer = &NewData->MountPointReparseBuffer.PathBuffer[NewData->MountPointReparseBuffer.PrintNameOffset/sizeof(WCHAR)];
|
||||
}
|
||||
|
||||
memcpy(SubstituteNameBuffer, CopyPath, SubstituteNameLength + sizeof(WCHAR));
|
||||
memcpy(SubstituteNameBuffer, NewSubstituteNameBuffer, SubstituteNameLength + sizeof(WCHAR));
|
||||
memcpy(PrintNameBuffer, OldPrintNameBuffer, PrintNameLength + sizeof(WCHAR));
|
||||
|
||||
} __except (EXCEPTION_EXECUTE_HANDLER) {
|
||||
|
@ -3320,17 +3407,14 @@ _FX NTSTATUS File_SetReparsePoint(
|
|||
|
||||
if (NT_SUCCESS(status)) {
|
||||
|
||||
File_CreateBoxedPath(TruePath);
|
||||
|
||||
status = __sys_NtFsControlFile(
|
||||
FileHandle, NULL, NULL, NULL,
|
||||
&MyIoStatusBlock, FSCTL_SET_REPARSE_POINT,
|
||||
NewData, NewDataLen,
|
||||
NULL, 0);
|
||||
}
|
||||
|
||||
if (NewData)
|
||||
Dll_Free(NewData);
|
||||
MigrateTarget = NT_SUCCESS(status);
|
||||
}
|
||||
|
||||
/*
|
||||
//
|
||||
|
@ -3378,6 +3462,25 @@ _FX NTSTATUS File_SetReparsePoint(
|
|||
if (TargetPath)
|
||||
Dll_Free(TargetPath);*/
|
||||
|
||||
if (MigrateTarget) {
|
||||
|
||||
//
|
||||
// We must migrate the file or directory into the sandbox as the path reparsing by NtCreateFile
|
||||
// is done by the kernel and we do not "manually" reparse the path before invoking it,
|
||||
// hence there must be the expected file at the path we are linking to.
|
||||
//
|
||||
|
||||
HANDLE SourceHandle;
|
||||
if (NT_SUCCESS(File_OpenForRenameFile(&SourceHandle, TruePath)))
|
||||
NtClose(SourceHandle);
|
||||
}
|
||||
|
||||
if (AbsolutePath)
|
||||
Dll_Free(AbsolutePath);
|
||||
|
||||
if (NewData)
|
||||
Dll_Free(NewData);
|
||||
|
||||
Dll_PopTlsNameBuffer(TlsData);
|
||||
|
||||
return status;
|
||||
|
|
|
@ -1665,14 +1665,29 @@ _FX WCHAR *File_AllocAndInitEnvironment_2(
|
|||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// File_TranslateDosToNtPath
|
||||
// File_ConcatPath2
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX WCHAR *File_TranslateDosToNtPath(const WCHAR *DosPath)
|
||||
_FX WCHAR *File_ConcatPath2(const WCHAR *Path1, ULONG Path1Len, const WCHAR *Path2, ULONG Path2Len)
|
||||
{
|
||||
ULONG Length = Path1Len + Path2Len;
|
||||
WCHAR* Path = Dll_Alloc((Length + 1) * sizeof(WCHAR));
|
||||
wmemcpy(Path, Path1, Path1Len);
|
||||
wmemcpy(Path + Path1Len, Path2, Path2Len);
|
||||
Path[Length] = L'\0';
|
||||
return Path;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// File_TranslateDosToNtPath2
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX WCHAR *File_TranslateDosToNtPath2(const WCHAR *DosPath, ULONG DosPathLen)
|
||||
{
|
||||
WCHAR *NtPath = NULL;
|
||||
ULONG len_dos;
|
||||
|
||||
if (DosPath && DosPath[0] && DosPath[1]) {
|
||||
|
||||
|
@ -1682,11 +1697,7 @@ _FX WCHAR *File_TranslateDosToNtPath(const WCHAR *DosPath)
|
|||
// network path
|
||||
//
|
||||
|
||||
DosPath += 2;
|
||||
len_dos = wcslen(DosPath) + 1;
|
||||
NtPath = Dll_Alloc((File_MupLen + len_dos) * sizeof(WCHAR));
|
||||
wmemcpy(NtPath, File_Mup, File_MupLen);
|
||||
wmemcpy(NtPath + File_MupLen, DosPath, len_dos);
|
||||
NtPath = File_ConcatPath2(File_Mup, File_MupLen, DosPath + 2, DosPathLen - 2);
|
||||
|
||||
} else if (DosPath[1] == L':' &&
|
||||
(DosPath[2] == L'\\' || DosPath[2] == L'\0')) {
|
||||
|
@ -1698,11 +1709,7 @@ _FX WCHAR *File_TranslateDosToNtPath(const WCHAR *DosPath)
|
|||
FILE_DRIVE *drive = File_GetDriveForLetter(DosPath[0]);
|
||||
if (drive) {
|
||||
|
||||
DosPath += 2;
|
||||
len_dos = wcslen(DosPath) + 1;
|
||||
NtPath = Dll_Alloc((drive->len + len_dos) * sizeof(WCHAR));
|
||||
wmemcpy(NtPath, drive->path, drive->len);
|
||||
wmemcpy(NtPath + drive->len, DosPath, len_dos);
|
||||
NtPath = File_ConcatPath2(drive->path, drive->len, DosPath + 2, DosPathLen - 2);
|
||||
|
||||
LeaveCriticalSection(File_DrivesAndLinks_CritSec);
|
||||
}
|
||||
|
@ -1713,6 +1720,17 @@ _FX WCHAR *File_TranslateDosToNtPath(const WCHAR *DosPath)
|
|||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// File_TranslateDosToNtPath
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX WCHAR *File_TranslateDosToNtPath(const WCHAR *DosPath)
|
||||
{
|
||||
return File_TranslateDosToNtPath2(DosPath, DosPath ? wcslen(DosPath) : 0);
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// File_GetSetDeviceMap
|
||||
//---------------------------------------------------------------------------
|
||||
|
|
|
@ -322,35 +322,45 @@ _FX FILE_GUID *File_GetLinkForGuid(const WCHAR* guid_str)
|
|||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// File_TranslateGuidToNtPath2
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX WCHAR* File_TranslateGuidToNtPath2(const WCHAR* GuidPath, ULONG GuidPathLen)
|
||||
{
|
||||
WCHAR* NtPath = NULL;
|
||||
|
||||
if (GuidPath && GuidPathLen >= 48 && _wcsnicmp(GuidPath, L"\\??\\Volume{", 11) == 0) {
|
||||
|
||||
//
|
||||
// guid path
|
||||
//
|
||||
|
||||
FILE_GUID* guid = File_GetLinkForGuid(&GuidPath[10]);
|
||||
if (guid) {
|
||||
|
||||
File_ConcatPath2(guid->path, guid->len, GuidPath + 48, GuidPathLen - 48);
|
||||
|
||||
LeaveCriticalSection(File_DrivesAndLinks_CritSec);
|
||||
}
|
||||
}
|
||||
|
||||
return NtPath;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// File_TranslateGuidToNtPath
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
_FX WCHAR* File_TranslateGuidToNtPath(const WCHAR* input_str)
|
||||
|
||||
_FX WCHAR* File_TranslateGuidToNtPath(const WCHAR* GuidPath)
|
||||
{
|
||||
ULONG len;
|
||||
WCHAR* NtPath;
|
||||
|
||||
if (_wcsnicmp(input_str, L"\\??\\Volume{", 11) != 0)
|
||||
return NULL;
|
||||
|
||||
FILE_GUID* guid = File_GetLinkForGuid(&input_str[10]);
|
||||
if (guid) {
|
||||
|
||||
input_str += 48;
|
||||
len = wcslen(input_str) + 1;
|
||||
NtPath = Dll_Alloc((guid->len + len) * sizeof(WCHAR));
|
||||
wmemcpy(NtPath, guid->path, guid->len);
|
||||
wmemcpy(NtPath + guid->len, input_str, len);
|
||||
|
||||
LeaveCriticalSection(File_DrivesAndLinks_CritSec);
|
||||
|
||||
return NtPath;
|
||||
}
|
||||
|
||||
return NULL;
|
||||
return File_TranslateGuidToNtPath2(GuidPath, GuidPath ? wcslen(GuidPath) : 0);
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// File_AddLink
|
||||
//---------------------------------------------------------------------------
|
||||
|
@ -962,7 +972,7 @@ _FX NTSTATUS File_OpenForAddTempLink(HANDLE* handle, WCHAR *path, BOOLEAN OpenRe
|
|||
handle, (OpenReparsePoint ? FILE_GENERIC_READ : FILE_READ_ATTRIBUTES) | SYNCHRONIZE, &objattrs,
|
||||
&IoStatusBlock, NULL, 0, FILE_SHARE_VALID_FLAGS,
|
||||
FILE_OPEN,
|
||||
FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT | (OpenReparsePoint ? FILE_OPEN_REPARSE_POINT : 0),
|
||||
/*FILE_DIRECTORY_FILE |*/ FILE_SYNCHRONOUS_IO_NONALERT | (OpenReparsePoint ? FILE_OPEN_REPARSE_POINT : 0),
|
||||
NULL, 0);
|
||||
|
||||
Dll_PopTlsNameBuffer(TlsData);
|
||||
|
@ -983,7 +993,7 @@ _FX NTSTATUS File_OpenForAddTempLink(HANDLE* handle, WCHAR *path, BOOLEAN OpenRe
|
|||
handle, (OpenReparsePoint ? FILE_GENERIC_READ : FILE_READ_ATTRIBUTES) | SYNCHRONIZE, &objattrs,
|
||||
&IoStatusBlock, NULL, 0, FILE_SHARE_VALID_FLAGS,
|
||||
FILE_OPEN,
|
||||
FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT | (OpenReparsePoint ? FILE_OPEN_REPARSE_POINT : 0),
|
||||
/*FILE_DIRECTORY_FILE |*/ FILE_SYNCHRONOUS_IO_NONALERT | (OpenReparsePoint ? FILE_OPEN_REPARSE_POINT : 0),
|
||||
NULL, 0);
|
||||
}
|
||||
|
||||
|
@ -1036,47 +1046,49 @@ _FX FILE_LINK *File_AddTempLink(WCHAR *path)
|
|||
if (NT_SUCCESS(status)) {
|
||||
|
||||
WCHAR* SubstituteNameBuffer = NULL;
|
||||
//WCHAR* PrintNameBuffer = NULL;
|
||||
ULONG SubstituteNameLength = 0;
|
||||
BOOL RelativePath = FALSE;
|
||||
|
||||
if (reparseDataBuffer->ReparseTag == IO_REPARSE_TAG_SYMLINK)
|
||||
{
|
||||
if (reparseDataBuffer->ReparseTag == IO_REPARSE_TAG_SYMLINK) {
|
||||
|
||||
SubstituteNameBuffer = &reparseDataBuffer->SymbolicLinkReparseBuffer.PathBuffer[reparseDataBuffer->SymbolicLinkReparseBuffer.SubstituteNameOffset/sizeof(WCHAR)];
|
||||
if (reparseDataBuffer->SymbolicLinkReparseBuffer.Flags & SYMLINK_FLAG_RELATIVE)
|
||||
RelativePath = TRUE;
|
||||
SubstituteNameBuffer[reparseDataBuffer->SymbolicLinkReparseBuffer.SubstituteNameLength / sizeof(WCHAR)] = 0;
|
||||
}
|
||||
else if (reparseDataBuffer->ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
|
||||
{
|
||||
SubstituteNameLength = reparseDataBuffer->SymbolicLinkReparseBuffer.SubstituteNameLength;
|
||||
|
||||
} else if (reparseDataBuffer->ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) {
|
||||
|
||||
SubstituteNameBuffer = &reparseDataBuffer->MountPointReparseBuffer.PathBuffer[reparseDataBuffer->MountPointReparseBuffer.SubstituteNameOffset/sizeof(WCHAR)];
|
||||
SubstituteNameBuffer[reparseDataBuffer->MountPointReparseBuffer.SubstituteNameLength / sizeof(WCHAR)] = 0;
|
||||
SubstituteNameLength = reparseDataBuffer->MountPointReparseBuffer.SubstituteNameLength;
|
||||
}
|
||||
|
||||
if (SubstituteNameBuffer)
|
||||
{
|
||||
if (RelativePath)
|
||||
{
|
||||
// todo RelativePath - for now we fall back to the old method
|
||||
}
|
||||
else
|
||||
{
|
||||
WCHAR* input_str = SubstituteNameBuffer;
|
||||
if (SubstituteNameBuffer) {
|
||||
|
||||
WCHAR* input_str = NULL;
|
||||
if (RelativePath) {
|
||||
|
||||
WCHAR* LinkName = wcsrchr(path, L'\\');
|
||||
input_str = File_CanonizePath(path, (ULONG)(LinkName - path), SubstituteNameBuffer, SubstituteNameLength / sizeof(WCHAR));
|
||||
|
||||
} else {
|
||||
|
||||
input_str = SubstituteNameBuffer;
|
||||
if (_wcsnicmp(input_str, L"\\??\\Volume{", 11) == 0)
|
||||
input_str = File_TranslateGuidToNtPath(SubstituteNameBuffer);
|
||||
input_str = File_TranslateGuidToNtPath2(SubstituteNameBuffer, SubstituteNameLength / sizeof(WCHAR));
|
||||
else if (_wcsnicmp(input_str, File_BQQB, 4) == 0)
|
||||
input_str = File_TranslateDosToNtPath(SubstituteNameBuffer + 4);
|
||||
input_str = File_TranslateDosToNtPath2(SubstituteNameBuffer + 4, (SubstituteNameLength / sizeof(WCHAR)) - 4);
|
||||
}
|
||||
|
||||
if (input_str) {
|
||||
if (input_str) {
|
||||
|
||||
ULONG input_len = wcslen(input_str);
|
||||
while (input_len > 0 && input_str[input_len - 1] == L'\\')
|
||||
input_len -= 1; // remove trailing backslash
|
||||
ULONG input_len = wcslen(input_str);
|
||||
while (input_len > 0 && input_str[input_len - 1] == L'\\')
|
||||
input_len -= 1; // remove trailing backslash
|
||||
|
||||
newpath = File_TranslateTempLinks_2(input_str, input_len);
|
||||
newpath = File_TranslateTempLinks_2(input_str, input_len);
|
||||
|
||||
if (input_str != SubstituteNameBuffer)
|
||||
Dll_Free(input_str);
|
||||
}
|
||||
if (input_str != SubstituteNameBuffer)
|
||||
Dll_Free(input_str);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -312,7 +312,7 @@ _FX BOOL Gdi_DeleteDC(HDC hdc)
|
|||
// HDC hdcSrc, int x1, int y1, DWORD rop
|
||||
//) {
|
||||
// int ret = __sys_BitBlt(hdc, x, y, cx, cy, hdcSrc, x1, y1, rop);
|
||||
// /*if (SbieApi_QueryConfBool(NULL, L"IsBlockCapture", FALSE)) {
|
||||
// /*if (Gui_UseBlockCapture) {
|
||||
//
|
||||
// typedef int (*P_GetDeviceCaps)(_In_opt_ HDC hdc, _In_ int index);
|
||||
// P_GetDeviceCaps GetDeviceCaps = Ldr_GetProcAddrNew(DllName_gdi32, "GetDeviceCaps", "GetDeviceCaps"); if (!GetDeviceCaps) return ret;
|
||||
|
@ -337,7 +337,7 @@ _FX BOOL Gdi_DeleteDC(HDC hdc)
|
|||
//)
|
||||
//{
|
||||
// int ret = __sys_StretchBlt(hdcDest, xDest, yDest, wDest, hDest, hdcSrc, xSrc, ySrc, wSrc, hSrc, rop);
|
||||
// /*if (SbieApi_QueryConfBool(NULL, L"IsBlockCapture", FALSE)) {
|
||||
// /*if (Gui_UseBlockCapture) {
|
||||
//
|
||||
// typedef int (*P_GetDeviceCaps)(_In_opt_ HDC hdc, _In_ int index);
|
||||
// P_GetDeviceCaps GetDeviceCaps = Ldr_GetProcAddrNew(DllName_gdi32, "GetDeviceCaps", "GetDeviceCaps"); if (!GetDeviceCaps) return ret;
|
||||
|
@ -922,7 +922,7 @@ _FX BOOLEAN Gdi_Full_Init_impl(HMODULE module, BOOLEAN full)
|
|||
|
||||
InitializeCriticalSection(&Gdi_CritSec);
|
||||
|
||||
Gui_UseBlockCapture = SbieApi_QueryConfBool(NULL, L"IsBlockCapture", FALSE);
|
||||
Gui_UseBlockCapture = SbieApi_QueryConfBool(NULL, L"BlockScreenCapture", FALSE);
|
||||
if (Gui_UseBlockCapture)
|
||||
Gdi_InitDCCache();
|
||||
|
||||
|
@ -1112,7 +1112,6 @@ static CRITICAL_SECTION Gui_DCCache_CritSec;
|
|||
|
||||
typedef struct _DUMMY_DC{
|
||||
|
||||
BOOLEAN bDelete;
|
||||
HBITMAP hBmp;
|
||||
|
||||
} DUMMY_DC;
|
||||
|
@ -1157,13 +1156,6 @@ _FX HDC Gdi_GetDummyDC(HDC dc, HWND hWnd)
|
|||
if (!dummy)
|
||||
dummy = map_insert(&Gui_DCCache, ret, NULL, sizeof(DUMMY_DC));
|
||||
|
||||
//
|
||||
// Note: GetDC GetDCEx GetWindowDC must use ReleaseDC, while CreateDC must use DeleteDC
|
||||
// We set bDelete = TRUE to make Gdi_OnFreeDC delete the DC and return NULL
|
||||
// then Gui_ReleaseDC will not call __sys_ReleaseDC
|
||||
//
|
||||
|
||||
dummy->bDelete = !!hWnd;
|
||||
dummy->hBmp = bmp;
|
||||
|
||||
LeaveCriticalSection(&Gui_DCCache_CritSec);
|
||||
|
@ -1190,10 +1182,8 @@ _FX HDC Gdi_OnFreeDC(HDC dc)
|
|||
|
||||
DeleteObject(dummy->hBmp);
|
||||
|
||||
if (dummy->bDelete) {
|
||||
__sys_DeleteDC(dc);
|
||||
ret = NULL;
|
||||
}
|
||||
__sys_DeleteDC(dc);
|
||||
ret = NULL; // we return NULL to notify the caller that there is nothing left to do
|
||||
|
||||
map_remove(&Gui_DCCache, dc);
|
||||
}
|
||||
|
|
|
@ -372,9 +372,9 @@ _FX BOOLEAN Gui_Init(HMODULE module)
|
|||
|
||||
const UCHAR *ProcName;
|
||||
|
||||
Gui_UseProtectScreen = SbieApi_QueryConfBool(NULL, L"IsProtectScreen", FALSE);
|
||||
Gui_UseProtectScreen = SbieApi_QueryConfBool(NULL, L"CoverBoxedWindows", FALSE);
|
||||
|
||||
Gui_UseBlockCapture = SbieApi_QueryConfBool(NULL, L"IsBlockCapture", FALSE);
|
||||
Gui_UseBlockCapture = SbieApi_QueryConfBool(NULL, L"BlockScreenCapture", FALSE);
|
||||
if (Gui_UseBlockCapture)
|
||||
Gdi_InitDCCache();
|
||||
|
||||
|
@ -416,19 +416,9 @@ _FX BOOLEAN Gui_Init(HMODULE module)
|
|||
GUI_IMPORT___(ClipCursor);
|
||||
GUI_IMPORT___(GetClipCursor);
|
||||
GUI_IMPORT___(GetCursorPos);
|
||||
GUI_IMPORT___(SetCursorPos);
|
||||
GUI_IMPORT___(SetCursorPos);
|
||||
|
||||
GUI_IMPORT___(SetTimer);
|
||||
HMODULE temp = module;
|
||||
module = Dll_Kernel32;
|
||||
GUI_IMPORT___(Sleep);
|
||||
GUI_IMPORT___(SleepEx);
|
||||
GUI_IMPORT___(GetTickCount);
|
||||
GUI_IMPORT___(GetTickCount64);
|
||||
GUI_IMPORT___(QueryUnbiasedInterruptTime);
|
||||
GUI_IMPORT___(QueryPerformanceCounter);
|
||||
module = temp;
|
||||
|
||||
GUI_IMPORT___(MsgWaitForMultipleObjects);
|
||||
GUI_IMPORT_AW(PeekMessage);
|
||||
GUI_IMPORT___(MessageBoxW);
|
||||
|
|
|
@ -57,7 +57,7 @@
|
|||
#define WM_DDE_LAST (WM_DDE_FIRST+8)
|
||||
|
||||
#define GET_WIN_API(name, lib) \
|
||||
P_##name name = Ldr_GetProcAddrNew(lib, #name, #name); \
|
||||
P_##name name = Ldr_GetProcAddrNew(lib, L#name, #name); \
|
||||
if(!name) return NULL;
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
|
@ -100,26 +100,10 @@ typedef void (*P_SwitchToThisWindow)(HWND hWnd, BOOL fAlt);
|
|||
|
||||
typedef HWND(*P_SetActiveWindow)(HWND hWnd);
|
||||
|
||||
typedef DWORD(*P_GetTickCount)();
|
||||
|
||||
typedef ULONGLONG (*P_GetTickCount64)();
|
||||
|
||||
typedef BOOL(*P_QueryUnbiasedInterruptTime)(
|
||||
PULONGLONG UnbiasedTime
|
||||
);
|
||||
|
||||
typedef void(*P_Sleep)(DWORD dwMiSecond);
|
||||
|
||||
typedef DWORD(*P_SleepEx)(DWORD dwMiSecond, BOOL bAlert);
|
||||
|
||||
typedef BOOL (*P_QueryPerformanceCounter)(
|
||||
LARGE_INTEGER* lpPerformanceCount
|
||||
);
|
||||
|
||||
typedef UINT_PTR (*P_SetTimer)(
|
||||
HWND hWnd,
|
||||
UINT_PTR nIDEvent,
|
||||
UINT uElapse,
|
||||
HWND hWnd,
|
||||
UINT_PTR nIDEvent,
|
||||
UINT uElapse,
|
||||
TIMERPROC lpTimerFunc
|
||||
);
|
||||
|
||||
|
@ -476,8 +460,6 @@ typedef HBITMAP(*P_CreateCompatibleBitmap)(_In_ HDC hdc, _In_ int cx, _In_ int c
|
|||
|
||||
typedef BOOL (*P_ShutdownBlockReasonCreate)(HWND hWnd, LPCWSTR pwszReason);
|
||||
|
||||
typedef EXECUTION_STATE (*P_SetThreadExecutionState)(EXECUTION_STATE esFlags);
|
||||
|
||||
typedef BOOL (*P_SetThreadDesktop)(HDESK hDesktop);
|
||||
|
||||
typedef BOOL (*P_SwitchDesktop)(HDESK hDesktop);
|
||||
|
@ -635,18 +617,11 @@ GUI_SYS_VAR_2(SendMessage)
|
|||
GUI_SYS_VAR_2(SendMessageTimeout)
|
||||
//GUI_SYS_VAR_2(SendMessageCallback)
|
||||
GUI_SYS_VAR(ShutdownBlockReasonCreate)
|
||||
GUI_SYS_VAR(SetThreadExecutionState)
|
||||
GUI_SYS_VAR_2(SendNotifyMessage)
|
||||
GUI_SYS_VAR_2(PostMessage)
|
||||
GUI_SYS_VAR_2(PostThreadMessage)
|
||||
GUI_SYS_VAR_2(DispatchMessage)
|
||||
|
||||
GUI_SYS_VAR(Sleep)
|
||||
GUI_SYS_VAR(SleepEx)
|
||||
GUI_SYS_VAR(GetTickCount)
|
||||
GUI_SYS_VAR(QueryUnbiasedInterruptTime)
|
||||
GUI_SYS_VAR(GetTickCount64)
|
||||
GUI_SYS_VAR(QueryPerformanceCounter)
|
||||
GUI_SYS_VAR(SetTimer)
|
||||
|
||||
GUI_SYS_VAR(MapWindowPoints)
|
||||
|
|
|
@ -193,7 +193,7 @@ _FX BOOLEAN Gui_InitClass(HMODULE module)
|
|||
}
|
||||
}
|
||||
|
||||
Gui_UseProtectScreen = SbieApi_QueryConfBool(NULL, L"IsProtectScreen", FALSE);
|
||||
Gui_UseProtectScreen = SbieApi_QueryConfBool(NULL, L"CoverBoxedWindows", FALSE);
|
||||
|
||||
//
|
||||
// hook functions
|
||||
|
|
|
@ -119,29 +119,7 @@ static int Gui_ReleaseDC(HWND hWnd, HDC hDc);
|
|||
|
||||
static BOOL Gui_ShutdownBlockReasonCreate(HWND hWnd, LPCWSTR pwszReason);
|
||||
|
||||
static EXECUTION_STATE Gui_SetThreadExecutionState(EXECUTION_STATE esFlags);
|
||||
|
||||
static DWORD Gui_GetTickCount();
|
||||
|
||||
static ULONGLONG Gui_GetTickCount64();
|
||||
|
||||
static BOOL Gui_QueryUnbiasedInterruptTime(
|
||||
PULONGLONG UnbiasedTime
|
||||
);
|
||||
|
||||
static void Gui_Sleep(DWORD dwMiSecond);
|
||||
|
||||
static DWORD Gui_SleepEx(DWORD dwMiSecond, BOOL bAlert);
|
||||
|
||||
static BOOL Gui_QueryPerformanceCounter(
|
||||
LARGE_INTEGER* lpPerformanceCount
|
||||
);
|
||||
static UINT_PTR Gui_SetTimer(
|
||||
HWND hWnd,
|
||||
UINT_PTR nIDEvent,
|
||||
UINT uElapse,
|
||||
TIMERPROC lpTimerFunc
|
||||
);
|
||||
static UINT_PTR Gui_SetTimer(HWND hWnd, UINT_PTR nIDEvent, UINT uElapse, TIMERPROC lpTimerFunc);
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
@ -307,33 +285,17 @@ _FX BOOLEAN Gui_InitMisc(HMODULE module)
|
|||
__sys_GetThreadDpiAwarenessContext = (P_GetThreadDpiAwarenessContext)
|
||||
Ldr_GetProcAddrNew(DllName_user32, L"GetThreadDpiAwarenessContext","GetThreadDpiAwarenessContext");
|
||||
|
||||
HMODULE current = module;
|
||||
|
||||
if (SbieApi_QueryConfBool(NULL, L"BlockInterferePower", FALSE)) {
|
||||
|
||||
SBIEDLL_HOOK_GUI(ShutdownBlockReasonCreate);
|
||||
|
||||
module = Dll_Kernel32;
|
||||
|
||||
SBIEDLL_HOOK(Gui_, SetThreadExecutionState);
|
||||
}
|
||||
if (SbieApi_QueryConfBool(NULL, L"UseChangeSpeed", FALSE))
|
||||
{
|
||||
module = current;
|
||||
|
||||
if (SbieApi_QueryConfBool(NULL, L"UseChangeSpeed", FALSE)) {
|
||||
P_SetTimer SetTimer = Ldr_GetProcAddrNew(DllName_user32, "SetTimer", "SetTimer");
|
||||
if (SetTimer)
|
||||
SBIEDLL_HOOK(Gui_, SetTimer);
|
||||
module = Dll_Kernel32;
|
||||
SBIEDLL_HOOK(Gui_, GetTickCount);
|
||||
P_GetTickCount64 GetTickCount64 = Ldr_GetProcAddrNew(Dll_Kernel32, "GetTickCount64", "GetTickCount64");
|
||||
if (GetTickCount64)
|
||||
SBIEDLL_HOOK(Gui_, GetTickCount64);
|
||||
P_QueryUnbiasedInterruptTime QueryUnbiasedInterruptTime = Ldr_GetProcAddrNew(Dll_Kernel32, "QueryUnbiasedInterruptTime", "QueryUnbiasedInterruptTime");
|
||||
if (QueryUnbiasedInterruptTime)
|
||||
SBIEDLL_HOOK(Gui_, QueryUnbiasedInterruptTime);
|
||||
SBIEDLL_HOOK(Gui_, QueryPerformanceCounter);
|
||||
SBIEDLL_HOOK(Gui_, Sleep);
|
||||
SBIEDLL_HOOK(Gui_, SleepEx);
|
||||
|
||||
if (SetTimer) {
|
||||
SBIEDLL_HOOK(Gui_, SetTimer);
|
||||
}
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
|
@ -1677,15 +1639,17 @@ _FX BOOL Gui_ShutdownBlockReasonCreate(HWND hWnd, LPCWSTR pwszReason)
|
|||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Gui_SetThreadExecutionState
|
||||
// Gui_SetTimer
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX EXECUTION_STATE Gui_SetThreadExecutionState(EXECUTION_STATE esFlags)
|
||||
_FX UINT_PTR Gui_SetTimer(HWND hWnd, UINT_PTR nIDEvent, UINT uElapse, TIMERPROC lpTimerFunc)
|
||||
{
|
||||
SetLastError(ERROR_ACCESS_DENIED);
|
||||
return 0;
|
||||
//return __sys_SetThreadExecutionState(esFlags);
|
||||
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddTimerSpeed", 1), low = SbieApi_QueryConfNumber(NULL, L"LowTimerSpeed", 1);
|
||||
if (add != 0 && low != 0)
|
||||
return __sys_SetTimer(hWnd, nIDEvent, uElapse * add / low, lpTimerFunc);
|
||||
else
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
@ -1739,70 +1703,3 @@ _FX void Gui_SwitchToThisWindow(HWND hWnd, BOOL fAlt)
|
|||
return;
|
||||
__sys_SwitchToThisWindow(hWnd, fAlt);
|
||||
}
|
||||
|
||||
_FX DWORD Gui_GetTickCount() {
|
||||
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddTickSpeed", 1), low = SbieApi_QueryConfNumber(NULL, L"LowTickSpeed", 1);
|
||||
if (low != 0)
|
||||
return __sys_GetTickCount() * add / low;
|
||||
else
|
||||
return __sys_GetTickCount() * add;
|
||||
}
|
||||
|
||||
_FX ULONGLONG Gui_GetTickCount64() {
|
||||
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddTickSpeed", 1), low = SbieApi_QueryConfNumber(NULL, L"LowTickSpeed", 1);
|
||||
if (low != 0)
|
||||
return __sys_GetTickCount64() * add / low;
|
||||
else
|
||||
return __sys_GetTickCount64() * add;
|
||||
}
|
||||
|
||||
_FX BOOL Gui_QueryUnbiasedInterruptTime(
|
||||
PULONGLONG UnbiasedTime
|
||||
) {
|
||||
BOOL rtn = __sys_QueryUnbiasedInterruptTime(UnbiasedTime);
|
||||
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddTickSpeed", 1), low = SbieApi_QueryConfNumber(NULL, L"LowTickSpeed", 1);
|
||||
if (low != 0)
|
||||
*UnbiasedTime *= add / low;
|
||||
else
|
||||
*UnbiasedTime *= add;
|
||||
|
||||
return rtn;
|
||||
}
|
||||
|
||||
_FX void Gui_Sleep(DWORD dwMiSecond) {
|
||||
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddSleepSpeed", 1), low = SbieApi_QueryConfNumber(NULL, L"LowSleepSpeed", 1);
|
||||
if (add != 0 && low != 0)
|
||||
__sys_Sleep(dwMiSecond * add / low);
|
||||
}
|
||||
|
||||
_FX DWORD Gui_SleepEx(DWORD dwMiSecond, BOOL bAlert) {
|
||||
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddSleepSpeed", 1), low = SbieApi_QueryConfNumber(NULL, L"LowSleepSpeed", 1);
|
||||
if (add != 0 && low != 0)
|
||||
return __sys_SleepEx(dwMiSecond * add / low, bAlert);
|
||||
else
|
||||
return 0;
|
||||
}
|
||||
|
||||
_FX BOOL Gui_QueryPerformanceCounter(
|
||||
LARGE_INTEGER* lpPerformanceCount
|
||||
) {
|
||||
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddTickSpeed", 1),low= SbieApi_QueryConfNumber(NULL, L"LowTickSpeed", 1);
|
||||
BOOL rtn = __sys_QueryPerformanceCounter(lpPerformanceCount);
|
||||
if(add!=0&&low!=0)
|
||||
lpPerformanceCount->QuadPart = lpPerformanceCount->QuadPart*add /low ;
|
||||
return rtn;
|
||||
}
|
||||
|
||||
_FX UINT_PTR Gui_SetTimer(
|
||||
HWND hWnd,
|
||||
UINT_PTR nIDEvent,
|
||||
UINT uElapse,
|
||||
TIMERPROC lpTimerFunc
|
||||
)
|
||||
{
|
||||
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddTimerSpeed", 1), low = SbieApi_QueryConfNumber(NULL, L"LowTimerSpeed", 1);
|
||||
if (add != 0 && low != 0)
|
||||
return __sys_SetTimer(hWnd, nIDEvent, uElapse * add / low, lpTimerFunc);
|
||||
else
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,206 @@
|
|||
/*
|
||||
* Copyright 2021-2024 David Xanatos, xanasoft.com
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Kernel
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
//#define NOGDI
|
||||
//#include <windows.h>
|
||||
//#include "common/win32_ntddk.h"
|
||||
#include "dll.h"
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Functions Prototypes
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
typedef EXECUTION_STATE (*P_SetThreadExecutionState)(EXECUTION_STATE esFlags);
|
||||
|
||||
typedef DWORD(*P_GetTickCount)();
|
||||
|
||||
typedef ULONGLONG (*P_GetTickCount64)();
|
||||
|
||||
typedef BOOL(*P_QueryUnbiasedInterruptTime)(PULONGLONG UnbiasedTime);
|
||||
|
||||
//typedef void(*P_Sleep)(DWORD dwMiSecond);
|
||||
|
||||
typedef DWORD(*P_SleepEx)(DWORD dwMiSecond, BOOL bAlert);
|
||||
|
||||
typedef BOOL (*P_QueryPerformanceCounter)(LARGE_INTEGER* lpPerformanceCount);
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Variables
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
P_SetThreadExecutionState __sys_SetThreadExecutionState = NULL;
|
||||
//P_Sleep __sys_Sleep = NULL;
|
||||
P_SleepEx __sys_SleepEx = NULL;
|
||||
P_GetTickCount __sys_GetTickCount = NULL;
|
||||
P_GetTickCount64 __sys_GetTickCount64 = NULL;
|
||||
P_QueryUnbiasedInterruptTime __sys_QueryUnbiasedInterruptTime = NULL;
|
||||
P_QueryPerformanceCounter __sys_QueryPerformanceCounter = NULL;
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Functions
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
static EXECUTION_STATE Kernel_SetThreadExecutionState(EXECUTION_STATE esFlags);
|
||||
|
||||
static DWORD Kernel_GetTickCount();
|
||||
|
||||
static ULONGLONG Kernel_GetTickCount64();
|
||||
|
||||
static BOOL Kernel_QueryUnbiasedInterruptTime(PULONGLONG UnbiasedTime);
|
||||
|
||||
//static void Kernel_Sleep(DWORD dwMiSecond); // no need hooking sleep as it internally just calls SleepEx
|
||||
|
||||
static DWORD Kernel_SleepEx(DWORD dwMiSecond, BOOL bAlert);
|
||||
|
||||
static BOOL Kernel_QueryPerformanceCounter(LARGE_INTEGER* lpPerformanceCount);
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Kernel_Init
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX BOOLEAN Kernel_Init()
|
||||
{
|
||||
HMODULE module = Dll_Kernel32;
|
||||
|
||||
if (SbieApi_QueryConfBool(NULL, L"BlockInterferePower", FALSE)) {
|
||||
|
||||
SBIEDLL_HOOK(Kernel_, SetThreadExecutionState);
|
||||
}
|
||||
|
||||
if (SbieApi_QueryConfBool(NULL, L"UseChangeSpeed", FALSE)) {
|
||||
|
||||
SBIEDLL_HOOK(Kernel_, GetTickCount);
|
||||
P_GetTickCount64 GetTickCount64 = Ldr_GetProcAddrNew(Dll_Kernel32, L"GetTickCount64", "GetTickCount64");
|
||||
if (GetTickCount64) {
|
||||
SBIEDLL_HOOK(Kernel_, GetTickCount64);
|
||||
}
|
||||
P_QueryUnbiasedInterruptTime QueryUnbiasedInterruptTime = Ldr_GetProcAddrNew(Dll_Kernel32, L"QueryUnbiasedInterruptTime", "QueryUnbiasedInterruptTime");
|
||||
if (QueryUnbiasedInterruptTime) {
|
||||
SBIEDLL_HOOK(Kernel_, QueryUnbiasedInterruptTime);
|
||||
}
|
||||
SBIEDLL_HOOK(Kernel_, QueryPerformanceCounter);
|
||||
//SBIEDLL_HOOK(Kernel_, Sleep);
|
||||
SBIEDLL_HOOK(Kernel_, SleepEx);
|
||||
}
|
||||
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Kernel_SetThreadExecutionState
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX EXECUTION_STATE Kernel_SetThreadExecutionState(EXECUTION_STATE esFlags)
|
||||
{
|
||||
SetLastError(ERROR_ACCESS_DENIED);
|
||||
return 0;
|
||||
//return __sys_SetThreadExecutionState(esFlags);
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Kernel_GetTickCount
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX DWORD Kernel_GetTickCount()
|
||||
{
|
||||
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddTickSpeed", 1);
|
||||
ULONG low = SbieApi_QueryConfNumber(NULL, L"LowTickSpeed", 1);
|
||||
if (low != 0)
|
||||
return __sys_GetTickCount() * add / low;
|
||||
return __sys_GetTickCount() * add;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Kernel_GetTickCount64
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX ULONGLONG Kernel_GetTickCount64()
|
||||
{
|
||||
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddTickSpeed", 1);
|
||||
ULONG low = SbieApi_QueryConfNumber(NULL, L"LowTickSpeed", 1);
|
||||
if (low != 0)
|
||||
return __sys_GetTickCount64() * add / low;
|
||||
return __sys_GetTickCount64() * add;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Kernel_QueryUnbiasedInterruptTime
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX BOOL Kernel_QueryUnbiasedInterruptTime(PULONGLONG UnbiasedTime)
|
||||
{
|
||||
BOOL rtn = __sys_QueryUnbiasedInterruptTime(UnbiasedTime);
|
||||
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddTickSpeed", 1);
|
||||
ULONG low = SbieApi_QueryConfNumber(NULL, L"LowTickSpeed", 1);
|
||||
if (low != 0)
|
||||
*UnbiasedTime *= add / low;
|
||||
else
|
||||
*UnbiasedTime *= add;
|
||||
return rtn;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Kernel_SleepEx
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX DWORD Kernel_SleepEx(DWORD dwMiSecond, BOOL bAlert)
|
||||
{
|
||||
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddSleepSpeed", 1);
|
||||
ULONG low = SbieApi_QueryConfNumber(NULL, L"LowSleepSpeed", 1);
|
||||
if (add != 0 && low != 0)
|
||||
return __sys_SleepEx(dwMiSecond * add / low, bAlert);
|
||||
return __sys_SleepEx(dwMiSecond, bAlert);
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Kernel_QueryPerformanceCounter
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX BOOL Kernel_QueryPerformanceCounter(LARGE_INTEGER* lpPerformanceCount)
|
||||
{
|
||||
BOOL rtn = __sys_QueryPerformanceCounter(lpPerformanceCount);
|
||||
ULONG add = SbieApi_QueryConfNumber(NULL, L"AddTickSpeed", 1);
|
||||
ULONG low = SbieApi_QueryConfNumber(NULL, L"LowTickSpeed", 1);
|
||||
if (add != 0 && low != 0)
|
||||
lpPerformanceCount->QuadPart = lpPerformanceCount->QuadPart * add / low;
|
||||
return rtn;
|
||||
}
|
|
@ -266,11 +266,13 @@ _FX NTSTATUS Key_MarkDeletedEx_v2(const WCHAR* TruePath, const WCHAR* ValueName)
|
|||
|
||||
NtClose(hPathsFile);
|
||||
|
||||
Key_PathsVersion++;
|
||||
|
||||
File_GetAttributes_internal(KEY_PATH_FILE_NAME, &Key_PathsFileSize, &Key_PathsFileDate, NULL);
|
||||
}
|
||||
}
|
||||
else
|
||||
Key_SavePathTree();
|
||||
Key_SavePathTree();
|
||||
}
|
||||
|
||||
File_ReleaseMutex(hMutex);
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1335,12 +1335,16 @@ _FX BOOL Proc_CreateProcessInternalW(
|
|||
lpProcessAttributes = NULL;
|
||||
}
|
||||
|
||||
TlsData->proc_create_process_fake_admin = (Secure_FakeAdmin == FALSE && SbieApi_QueryConfBool(NULL, L"FakeAdminRights", FALSE));
|
||||
|
||||
ok = __sys_CreateProcessInternalW(
|
||||
hToken, lpApplicationName, lpCommandLine,
|
||||
lpProcessAttributes, lpThreadAttributes, bInheritHandles,
|
||||
dwCreationFlags, lpEnvironment, lpCurrentDirectory,
|
||||
lpStartupInfo, lpProcessInformation, hNewToken);
|
||||
|
||||
TlsData->proc_create_process_fake_admin = FALSE;
|
||||
|
||||
err = GetLastError();
|
||||
|
||||
goto finish;
|
||||
|
@ -1410,6 +1414,7 @@ _FX BOOL Proc_CreateProcessInternalW(
|
|||
}
|
||||
}
|
||||
|
||||
TlsData->proc_create_process_fake_admin = (Secure_FakeAdmin == FALSE && SbieApi_QueryConfBool(NULL, L"FakeAdminRights", FALSE));
|
||||
|
||||
ok = __sys_CreateProcessInternalW(
|
||||
NULL, lpApplicationName, lpCommandLine,
|
||||
|
@ -1419,6 +1424,7 @@ _FX BOOL Proc_CreateProcessInternalW(
|
|||
|
||||
err = GetLastError();
|
||||
|
||||
TlsData->proc_create_process_fake_admin = FALSE;
|
||||
|
||||
//
|
||||
// restore the original owner pointers in the security descriptors
|
||||
|
|
|
@ -0,0 +1,306 @@
|
|||
/*
|
||||
* Copyright 2022 David Xanatos, xanasoft.com
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Network Proxy
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
#include "dll.h"
|
||||
|
||||
#include <windows.h>
|
||||
#include <wchar.h>
|
||||
#include <oleauto.h>
|
||||
#include "common/my_wsa.h"
|
||||
#include "common/netfw.h"
|
||||
#include "common/map.h"
|
||||
#include "wsa_defs.h"
|
||||
|
||||
|
||||
#define SOCKS_VERSION 0x05
|
||||
#define SOCKS_SUBVERSION 0x01
|
||||
|
||||
// authentication methods
|
||||
#define SOCKS_NO_AUTHENTICATION 0x00
|
||||
#define SOCKS_USERNAME_PASSWORD 0x02
|
||||
#define SOCKS_METHOD_NONE 0xFF
|
||||
|
||||
// response codes
|
||||
//#define SOCKS_SUCCESS 0x00
|
||||
#define SOCKS_SERVER_FAILURE 0x01
|
||||
#define SOCKS_DENIED 0x02
|
||||
#define SOCKS_NETWORK_UNREACHABLE 0x03
|
||||
#define SOCKS_HOST_UNREACHABLE 0x04
|
||||
#define SOCKS_CONNECTION_REFUSED 0x05
|
||||
#define SOCKS_TTL_EXPIRED 0x06
|
||||
|
||||
// address types
|
||||
#define SOCKS_CONNECT 0x01
|
||||
#define SOCKS_IPV4 0x01
|
||||
#define SOCKS_DOMAINNAME 0x03
|
||||
#define SOCKS_IPV6 0x04
|
||||
|
||||
#define SOCKS_RESPONSE_MAX_SIZE 512
|
||||
#define SOCKS_REQUEST_MAX_SIZE 264
|
||||
#define SOCKS_AUTH_MAX_SIZE 255
|
||||
|
||||
#define HOST_NAME_MAX 256
|
||||
#define INET_ADDRSTRLEN 16
|
||||
#define INET6_ADDRSTRLEN 46
|
||||
|
||||
extern P_recv __sys_recv;
|
||||
extern P_send __sys_send;
|
||||
extern P_inet_ntop __sys_inet_ntop;
|
||||
#ifdef PROXY_RESOLVE_HOST_NAMES
|
||||
extern HASH_MAP DNS_LookupMap;
|
||||
#endif
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// socks5_handshake
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX BOOLEAN socks5_handshake(SOCKET s, BOOLEAN auth, WCHAR login[SOCKS_AUTH_MAX_SIZE], WCHAR pass[SOCKS_AUTH_MAX_SIZE])
|
||||
{
|
||||
char req[4] = { SOCKS_VERSION, 1 + auth, SOCKS_NO_AUTHENTICATION, 0 };
|
||||
|
||||
if (auth)
|
||||
req[3] = SOCKS_USERNAME_PASSWORD;
|
||||
|
||||
if (__sys_send(s, req, (3 + auth), 0) != (3 + auth))
|
||||
goto on_error;
|
||||
|
||||
char res[2];
|
||||
if (__sys_recv(s, res, sizeof(res), MSG_WAITALL) != sizeof(res))
|
||||
goto on_error;
|
||||
|
||||
if (res[0] != SOCKS_VERSION) {
|
||||
SbieApi_Log(2360, L"SOCKS version mismatch: expected '%d', got '%d'", SOCKS_VERSION, res[0]);
|
||||
goto on_error;
|
||||
}
|
||||
|
||||
switch (res[1]) {
|
||||
case SOCKS_NO_AUTHENTICATION:
|
||||
return TRUE;
|
||||
case SOCKS_USERNAME_PASSWORD:
|
||||
if (!auth || !login || !pass) {
|
||||
SbieApi_Log(2360, L"authentication required, but no credentials provided");
|
||||
goto on_error;
|
||||
}
|
||||
char l[SOCKS_AUTH_MAX_SIZE];
|
||||
char p[SOCKS_AUTH_MAX_SIZE];
|
||||
size_t login_len = wcstombs(l, login, SOCKS_AUTH_MAX_SIZE);
|
||||
size_t pass_len = wcstombs(p, pass, SOCKS_AUTH_MAX_SIZE);
|
||||
|
||||
size_t auth_buf_len = 1 + 1 + login_len + 1 + pass_len;
|
||||
char* auth_buf = Dll_AllocTemp(auth_buf_len);
|
||||
if (!auth_buf) {
|
||||
SbieApi_Log(2305, NULL);
|
||||
goto on_error;
|
||||
}
|
||||
|
||||
size_t offset = 0;
|
||||
auth_buf[offset++] = SOCKS_SUBVERSION;
|
||||
auth_buf[offset++] = login_len;
|
||||
memcpy(auth_buf + offset, l, login_len);
|
||||
offset += login_len;
|
||||
auth_buf[offset++] = (char)pass_len;
|
||||
memcpy(auth_buf + offset, p, pass_len);
|
||||
offset += pass_len;
|
||||
|
||||
if (__sys_send(s, auth_buf, auth_buf_len , 0) != auth_buf_len) {
|
||||
Dll_Free(auth_buf);
|
||||
goto on_error;
|
||||
}
|
||||
Dll_Free(auth_buf);
|
||||
|
||||
if (__sys_recv(s, res, sizeof(res), MSG_WAITALL) != sizeof(res))
|
||||
goto on_error;
|
||||
|
||||
if (res[0] != SOCKS_SUBVERSION) {
|
||||
SbieApi_Log(2360, L"subnegotiation version mismatch: expected '%d', got '%d'", SOCKS_SUBVERSION, res[0]);
|
||||
goto on_error;
|
||||
}
|
||||
|
||||
if (res[1] != SOCKS_SUCCESS) {
|
||||
SbieApi_Log(2360, L"authentication failed");
|
||||
goto on_error;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
default:
|
||||
SbieApi_Log(2360, L"no acceptable authentication method");
|
||||
break;
|
||||
}
|
||||
|
||||
on_error:
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// socks5_request_send
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
static char socks5_request_send(SOCKET s, char* buf, size_t size)
|
||||
{
|
||||
if (__sys_send(s, buf, size, 0) != size)
|
||||
return SOCKS_GENERAL_FAILURE;
|
||||
|
||||
char res[SOCKS_RESPONSE_MAX_SIZE] = { 0 };
|
||||
if (__sys_recv(s, res, 4, 0) == SOCKET_ERROR)
|
||||
return SOCKS_GENERAL_FAILURE;
|
||||
|
||||
if (res[1] != SOCKS_SUCCESS)
|
||||
return res[1];
|
||||
|
||||
if (res[3] == SOCKS_IPV4) {
|
||||
if (__sys_recv(s, res + 4, 6, MSG_WAITALL) == SOCKET_ERROR)
|
||||
return SOCKS_GENERAL_FAILURE;
|
||||
}
|
||||
else if (res[3] == SOCKS_IPV6) {
|
||||
if (__sys_recv(s, res + 4, 18, MSG_WAITALL) == SOCKET_ERROR)
|
||||
return SOCKS_GENERAL_FAILURE;
|
||||
}
|
||||
else {
|
||||
return SOCKS_GENERAL_FAILURE;
|
||||
}
|
||||
|
||||
return SOCKS_SUCCESS;
|
||||
}
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// socks5_report_error
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
_FX void socks5_report_error(int code, const char* buf)
|
||||
{
|
||||
char* host = NULL;
|
||||
USHORT port = 0;
|
||||
if (buf[3] == SOCKS_IPV4) {
|
||||
host = Dll_AllocTemp(INET_ADDRSTRLEN);
|
||||
if (!host) return;
|
||||
const IN_ADDR* v4 = (const IN_ADDR*)(buf + 4);
|
||||
__sys_inet_ntop(AF_INET, v4, host, INET_ADDRSTRLEN);
|
||||
port = _ntohs(*((USHORT*)(buf + 8)));
|
||||
}
|
||||
else if (buf[3] == SOCKS_IPV6) {
|
||||
host = Dll_AllocTemp(INET6_ADDRSTRLEN);
|
||||
if (!host) return;
|
||||
const IN6_ADDR* v6 = (const IN6_ADDR*)(buf + 4);
|
||||
__sys_inet_ntop(AF_INET6, v6, host, INET6_ADDRSTRLEN);
|
||||
port = _ntohs(*((USHORT*)(buf + 20)));
|
||||
}
|
||||
else if (buf[3] == SOCKS_DOMAINNAME) {
|
||||
size_t domain_len = buf[4];
|
||||
host = Dll_AllocTemp(domain_len + 1);
|
||||
if (!host) return;
|
||||
memcpy(host, buf + 5, domain_len);
|
||||
host[domain_len] = '\0';
|
||||
port = _ntohs(*((USHORT*)(buf + 5 + domain_len)));
|
||||
}
|
||||
if (!host) return;
|
||||
|
||||
switch (code) {
|
||||
case SOCKS_SERVER_FAILURE:
|
||||
SbieApi_Log(2360, L"general server failure (%s:%hu)", host, port);
|
||||
break;
|
||||
case SOCKS_DENIED:
|
||||
SbieApi_Log(2360, L"connection denied by server ruleset (%s:%hu)", host, port);
|
||||
break;
|
||||
case SOCKS_NETWORK_UNREACHABLE:
|
||||
SbieApi_Log(2360, L"network unreachable (%s:%hu)", host, port);
|
||||
break;
|
||||
case SOCKS_HOST_UNREACHABLE:
|
||||
SbieApi_Log(2360, L"host unreachable (%s:%hu)", host, port);
|
||||
break;
|
||||
case SOCKS_CONNECTION_REFUSED:
|
||||
SbieApi_Log(2360, L"connection refused (%s:%hu)", host, port);
|
||||
break;
|
||||
case SOCKS_TTL_EXPIRED:
|
||||
SbieApi_Log(2360, L"TTL expired (%s:%hu)", host, port);
|
||||
break;
|
||||
default:
|
||||
SbieApi_Log(2360, L"request failed with status %d (%s:%hu)", code, host, port);
|
||||
break;
|
||||
}
|
||||
|
||||
Dll_Free(host);
|
||||
}
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// socks5_request
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
_FX char socks5_request(SOCKET s, const SOCKADDR* addr)
|
||||
{
|
||||
char req[SOCKS_REQUEST_MAX_SIZE] = { SOCKS_VERSION, SOCKS_CONNECT, 0 };
|
||||
|
||||
char* ptr = req + 3;
|
||||
if (addr->sa_family == AF_INET) {
|
||||
const SOCKADDR_IN* v4 = (const SOCKADDR_IN*)addr;
|
||||
#ifdef PROXY_RESOLVE_HOST_NAMES
|
||||
char* domain = (char*)map_get(&DNS_LookupMap, (void*)v4->sin_addr.s_addr);
|
||||
if (domain) {
|
||||
*ptr++ = SOCKS_DOMAINNAME;
|
||||
*ptr++ = strlen(domain);
|
||||
memcpy(ptr, domain, strlen(domain));
|
||||
ptr += strlen(domain);
|
||||
*((USHORT*)ptr) = v4->sin_port;
|
||||
ptr += sizeof(USHORT);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
*ptr++ = SOCKS_IPV4;
|
||||
*((ULONG*)ptr) = v4->sin_addr.s_addr;
|
||||
ptr += sizeof(ULONG);
|
||||
*((USHORT*)ptr) = v4->sin_port;
|
||||
ptr += sizeof(USHORT);
|
||||
}
|
||||
}
|
||||
else if (addr->sa_family == AF_INET6) {
|
||||
const SOCKADDR_IN6_LH* v6 = (const SOCKADDR_IN6_LH*)addr;
|
||||
#ifdef PROXY_RESOLVE_HOST_NAMES
|
||||
char* domain = (char*)map_get(&DNS_LookupMap, (void*)&v6->sin6_addr.s6_addr);
|
||||
if (domain) {
|
||||
*ptr++ = SOCKS_DOMAINNAME;
|
||||
*ptr++ = strlen(domain);
|
||||
memcpy(ptr, domain, strlen(domain));
|
||||
ptr += strlen(domain);
|
||||
*((USHORT*)ptr) = v6->sin6_port;
|
||||
ptr += sizeof(USHORT);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
*ptr++ = SOCKS_IPV6;
|
||||
memcpy(ptr, &v6->sin6_addr, sizeof(v6->sin6_addr));
|
||||
ptr += sizeof(v6->sin6_addr);
|
||||
*((USHORT*)ptr) = v6->sin6_port;
|
||||
ptr += sizeof(USHORT);
|
||||
}
|
||||
}
|
||||
else {
|
||||
return SOCKS_GENERAL_FAILURE;
|
||||
}
|
||||
|
||||
int ret = socks5_request_send(s, req, ptr - req);
|
||||
if (ret != SOCKS_SUCCESS)
|
||||
socks5_report_error(ret, req);
|
||||
return ret;
|
||||
}
|
|
@ -1348,6 +1348,27 @@ _FX LONG SbieApi_QuerySymbolicLink(
|
|||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// SbieApi_QueryDrvInfo
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX LONG SbieApi_QueryDrvInfo(ULONG info_class, VOID* info_data, ULONG info_size)
|
||||
{
|
||||
NTSTATUS status;
|
||||
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
|
||||
|
||||
memset(parms, 0, sizeof(parms));
|
||||
parms[0] = API_QUERY_DRIVER_INFO;
|
||||
parms[1] = info_class;
|
||||
parms[2] = (ULONG64)(ULONG_PTR)info_data;
|
||||
parms[3] = info_size;
|
||||
status = SbieApi_Ioctl(parms);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// SbieApi_ReloadConf
|
||||
//---------------------------------------------------------------------------
|
||||
|
|
|
@ -332,6 +332,14 @@ LONG SbieApi_QuerySymbolicLink(
|
|||
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
SBIEAPI_EXPORT
|
||||
LONG SbieApi_QueryDrvInfo(
|
||||
ULONG info_class,
|
||||
VOID* info_data,
|
||||
ULONG info_size);
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
SBIEAPI_EXPORT
|
||||
LONG SbieApi_ReloadConf(ULONG session_id, ULONG flags);
|
||||
|
|
|
@ -42,6 +42,7 @@ extern "C" {
|
|||
// Defines
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
#define USE_MATCH_PATH_EX
|
||||
|
||||
#define TokenElevationTypeNone 99
|
||||
|
||||
|
@ -244,6 +245,38 @@ SBIEDLL_EXPORT PSECURITY_DESCRIPTOR SbieDll_GetPublicSD();
|
|||
|
||||
SBIEDLL_EXPORT const WCHAR* SbieDll_FindArgumentEnd(const WCHAR* arguments);
|
||||
|
||||
#ifdef USE_MATCH_PATH_EX
|
||||
//SBIEDLL_EXPORT ULONG SbieDll_MatchPathImpl(BOOLEAN use_rule_specificity, BOOLEAN use_privacy_mode, const WCHAR* path, void* normal_list, void* open_list, void* closed_list, void* write_list, void* read_list);
|
||||
SBIEDLL_EXPORT ULONG SbieDll_MatchPathImpl(BOOLEAN use_rule_specificity, const WCHAR* path, void* normal_list, void* open_list, void* closed_list, void* write_list, void* read_list);
|
||||
#else
|
||||
SBIEDLL_EXPORT ULONG SbieDll_MatchPathImpl(const WCHAR* path, void* open_list, void* closed_list, void* write_list);
|
||||
#endif
|
||||
|
||||
#define PATH_OPEN_FLAG 0x10
|
||||
#define PATH_CLOSED_FLAG 0x20
|
||||
#define PATH_WRITE_FLAG 0x40
|
||||
#define PATH_READ_FLAG 0x80
|
||||
|
||||
#ifdef USE_MATCH_PATH_EX
|
||||
// for read only paths, handle like open and let the driver deny the write access
|
||||
#define PATH_IS_OPEN(f) ((((f) & PATH_OPEN_FLAG) != 0) || PATH_IS_READ(f))
|
||||
#define PATH_NOT_OPEN(f) ((((f) & PATH_OPEN_FLAG) == 0) && PATH_NOT_READ(f))
|
||||
#else
|
||||
#define PATH_IS_OPEN(f) (((f) & PATH_OPEN_FLAG) != 0)
|
||||
#define PATH_NOT_OPEN(f) (((f) & PATH_OPEN_FLAG) == 0)
|
||||
#endif
|
||||
|
||||
#define PATH_IS_CLOSED(f) (((f) & PATH_CLOSED_FLAG) != 0)
|
||||
#define PATH_NOT_CLOSED(f) (((f) & PATH_CLOSED_FLAG) == 0)
|
||||
|
||||
#define PATH_IS_WRITE(f) (((f) & PATH_WRITE_FLAG) != 0)
|
||||
#define PATH_NOT_WRITE(f) (((f) & PATH_WRITE_FLAG) == 0)
|
||||
|
||||
#define PATH_IS_READ(f) (((f) & PATH_READ_FLAG) != 0)
|
||||
#define PATH_NOT_READ(f) (((f) & PATH_READ_FLAG) == 0)
|
||||
|
||||
|
||||
|
||||
SBIEDLL_EXPORT void DbgPrint(const char* format, ...);
|
||||
SBIEDLL_EXPORT void DbgTrace(const char* format, ...);
|
||||
|
||||
|
|
|
@ -1003,8 +1003,9 @@ _FX NTSTATUS Ldr_NtQueryInformationToken(
|
|||
ULONG TokenInformationLength,
|
||||
ULONG *ReturnLength)
|
||||
{
|
||||
THREAD_DATA *TlsData = Dll_GetTlsData(NULL);
|
||||
|
||||
NTSTATUS status = 0;
|
||||
THREAD_DATA *TlsData = NULL;
|
||||
HANDLE hTokenReal = NULL;
|
||||
BOOLEAN FakeAdmin = FALSE;
|
||||
|
||||
|
@ -1019,7 +1020,7 @@ _FX NTSTATUS Ldr_NtQueryInformationToken(
|
|||
// we also ensure that the token belongs to the current process
|
||||
//
|
||||
|
||||
if (Secure_FakeAdmin && (SbieApi_QueryProcessInfoEx(0, 'ippt', (LONG_PTR)(hTokenReal ? hTokenReal : TokenHandle))))
|
||||
if ((Secure_FakeAdmin || TlsData->proc_create_process_fake_admin) && (SbieApi_QueryProcessInfoEx(0, 'ippt', (LONG_PTR)(hTokenReal ? hTokenReal : TokenHandle))))
|
||||
{
|
||||
FakeAdmin = TRUE;
|
||||
}
|
||||
|
@ -1039,8 +1040,6 @@ _FX NTSTATUS Ldr_NtQueryInformationToken(
|
|||
// we are running as Administrator
|
||||
//
|
||||
|
||||
TlsData = Dll_GetTlsData(NULL);
|
||||
|
||||
if (Secure_Is_IE_NtQueryInformationToken && !TlsData->proc_create_process)
|
||||
{
|
||||
FakeAdmin = TRUE;
|
||||
|
@ -1150,10 +1149,12 @@ NTSTATUS Ldr_NtAccessCheckByType(PSECURITY_DESCRIPTOR SecurityDescriptor, PSID P
|
|||
|
||||
_FX NTSTATUS Ldr_NtAccessCheck(PSECURITY_DESCRIPTOR SecurityDescriptor, HANDLE ClientToken, ACCESS_MASK DesiredAccess, PGENERIC_MAPPING GenericMapping, PPRIVILEGE_SET RequiredPrivilegesBuffer, PULONG BufferLength, PACCESS_MASK GrantedAccess, PNTSTATUS AccessStatus)
|
||||
{
|
||||
THREAD_DATA *TlsData = Dll_GetTlsData(NULL);
|
||||
|
||||
NTSTATUS status = 0;
|
||||
HANDLE hTokenReal = NULL;
|
||||
|
||||
if (Secure_FakeAdmin && SecurityDescriptor) {
|
||||
if ((Secure_FakeAdmin || TlsData->proc_create_process_fake_admin) && SecurityDescriptor) {
|
||||
BOOLEAN Fake = FALSE;
|
||||
|
||||
PSID Group, Owner;
|
||||
|
@ -1352,7 +1353,7 @@ _FX NTSTATUS Secure_RtlQueryElevationFlags(ULONG *Flags)
|
|||
|
||||
BOOLEAN fake = FALSE;
|
||||
|
||||
if (Secure_FakeAdmin)
|
||||
if (Secure_FakeAdmin || TlsData->proc_create_process_fake_admin)
|
||||
{
|
||||
fake = TRUE;
|
||||
}
|
||||
|
@ -1446,7 +1447,9 @@ NTSTATUS Secure_RtlCheckTokenMembershipEx(
|
|||
DWORD flags,
|
||||
PUCHAR isMember)
|
||||
{
|
||||
if (Secure_FakeAdmin && RtlEqualSid(sidToCheck, AdministratorsSid)) {
|
||||
THREAD_DATA *TlsData = Dll_GetTlsData(NULL);
|
||||
|
||||
if ((Secure_FakeAdmin || TlsData->proc_create_process_fake_admin) && RtlEqualSid(sidToCheck, AdministratorsSid)) {
|
||||
if (isMember) *isMember = TRUE;
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,284 @@
|
|||
/*
|
||||
* Copyright 2022 DavidXanatos, xanasoft.com
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _WSA_DEFS_H
|
||||
#define _WSA_DEFS_H
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Prototypes
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
typedef int (*P_WSAIoctl)(
|
||||
SOCKET s,
|
||||
DWORD dwIoControlCode,
|
||||
LPVOID lpvInBuffer,
|
||||
DWORD cbInBuffer,
|
||||
LPVOID lpvOutBuffer,
|
||||
DWORD cbOutBuffer,
|
||||
LPDWORD lpcbBytesReturned,
|
||||
LPWSAOVERLAPPED lpOverlapped,
|
||||
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine);
|
||||
|
||||
typedef int (*P_ioctlsocket)(
|
||||
SOCKET s,
|
||||
long cmd,
|
||||
ULONG* argp);
|
||||
|
||||
typedef int (*P_WSAAsyncSelect)(
|
||||
SOCKET s,
|
||||
HWND hWnd,
|
||||
UINT wMsg,
|
||||
long lEvent);
|
||||
|
||||
typedef int (*P_WSAEventSelect)(
|
||||
SOCKET s,
|
||||
void* hEventObject,
|
||||
long lNetworkEvents);
|
||||
|
||||
typedef int (*P_WSAEnumNetworkEvents)(
|
||||
SOCKET s,
|
||||
void* hEventObject,
|
||||
void* lpNetworkEvents
|
||||
);
|
||||
|
||||
typedef int (*P_WSANSPIoctl)(
|
||||
HANDLE hLookup,
|
||||
DWORD dwControlCode,
|
||||
LPVOID lpvInBuffer,
|
||||
DWORD cbInBuffer,
|
||||
LPVOID lpvOutBuffer,
|
||||
DWORD cbOutBuffer,
|
||||
LPDWORD lpcbBytesReturned,
|
||||
LPWSACOMPLETION lpCompletion);
|
||||
|
||||
typedef int (*P_WSASocketW)(
|
||||
int af,
|
||||
int type,
|
||||
int protocol,
|
||||
LPWSAPROTOCOL_INFOW lpProtocolInfo,
|
||||
unsigned int g,
|
||||
DWORD dwFlags);
|
||||
|
||||
typedef int (*P_WSAGetLastError)();
|
||||
|
||||
typedef int (*P_WSASetLastError)(int err);
|
||||
|
||||
typedef int (*P_bind)(
|
||||
SOCKET s,
|
||||
const void *name,
|
||||
int namelen);
|
||||
|
||||
typedef int (*P_connect)(
|
||||
SOCKET s,
|
||||
const void *name,
|
||||
int namelen);
|
||||
|
||||
typedef int (*P_WSAConnect)(
|
||||
SOCKET s,
|
||||
const void *name,
|
||||
int namelen,
|
||||
LPWSABUF lpCallerData,
|
||||
LPWSABUF lpCalleeData,
|
||||
LPQOS lpSQOS,
|
||||
LPQOS lpGQOS);
|
||||
|
||||
typedef int (*P_ConnectEx) (
|
||||
SOCKET s,
|
||||
const void *name,
|
||||
int namelen,
|
||||
PVOID lpSendBuffer,
|
||||
DWORD dwSendDataLength,
|
||||
LPDWORD lpdwBytesSent,
|
||||
LPOVERLAPPED lpOverlapped);
|
||||
|
||||
typedef SOCKET (*P_accept)(
|
||||
SOCKET s,
|
||||
void *addr,
|
||||
int *addrlen);
|
||||
|
||||
typedef SOCKET (*P_WSAAccept)(
|
||||
SOCKET s,
|
||||
void *addr,
|
||||
LPINT addrlen,
|
||||
LPCONDITIONPROC lpfnCondition,
|
||||
DWORD_PTR dwCallbackData);
|
||||
|
||||
typedef int (*P_AcceptEx)(
|
||||
SOCKET sListenSocket,
|
||||
SOCKET sAcceptSocket,
|
||||
PVOID lpOutputBuffer,
|
||||
DWORD dwReceiveDataLength,
|
||||
DWORD dwLocalAddressLength,
|
||||
DWORD dwRemoteAddressLength,
|
||||
LPDWORD lpdwBytesReceived,
|
||||
LPOVERLAPPED lpOverlapped);
|
||||
|
||||
typedef int (*P_recv)(
|
||||
SOCKET s,
|
||||
char* buf,
|
||||
int len,
|
||||
int flags);
|
||||
|
||||
typedef int (*P_send)(
|
||||
SOCKET s,
|
||||
const char* buf,
|
||||
int len,
|
||||
int flags);
|
||||
|
||||
typedef int (*P_sendto)(
|
||||
SOCKET s,
|
||||
const char *buf,
|
||||
int len,
|
||||
int flags,
|
||||
const void *to,
|
||||
int tolen);
|
||||
|
||||
typedef int (*P_WSASendTo)(
|
||||
SOCKET s,
|
||||
LPWSABUF lpBuffers,
|
||||
DWORD dwBufferCount,
|
||||
LPDWORD lpNumberOfBytesSent,
|
||||
DWORD dwFlags,
|
||||
const void *lpTo,
|
||||
int iTolen,
|
||||
LPWSAOVERLAPPED lpOverlapped,
|
||||
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine);
|
||||
|
||||
typedef int (*P_recvfrom)(
|
||||
SOCKET s,
|
||||
char *buf,
|
||||
int len,
|
||||
int flags,
|
||||
void *from,
|
||||
int *fromlen);
|
||||
|
||||
typedef int (*P_WSARecvFrom)(
|
||||
SOCKET s,
|
||||
LPWSABUF lpBuffers,
|
||||
DWORD dwBufferCount,
|
||||
LPDWORD lpNumberOfBytesRecvd,
|
||||
LPDWORD lpFlags,
|
||||
void *lpFrom,
|
||||
LPINT lpFromlen,
|
||||
LPWSAOVERLAPPED lpOverlapped,
|
||||
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine);
|
||||
|
||||
typedef int (*P_shutdown)(SOCKET s, int how);
|
||||
|
||||
typedef int (*P_closesocket)(SOCKET s);
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
typedef enum _WSAEcomparator
|
||||
{
|
||||
COMP_EQUAL = 0,
|
||||
COMP_NOTLESS
|
||||
} WSAECOMPARATOR, *PWSAECOMPARATOR, *LPWSAECOMPARATOR;
|
||||
|
||||
typedef struct _WSAVersion
|
||||
{
|
||||
DWORD dwVersion;
|
||||
WSAECOMPARATOR ecHow;
|
||||
}WSAVERSION, *PWSAVERSION, *LPWSAVERSION;
|
||||
|
||||
typedef struct _AFPROTOCOLS {
|
||||
INT iAddressFamily;
|
||||
INT iProtocol;
|
||||
} AFPROTOCOLS, *PAFPROTOCOLS, *LPAFPROTOCOLS;
|
||||
|
||||
typedef struct _SOCKET_ADDRESS {
|
||||
LPSOCKADDR lpSockaddr;
|
||||
INT iSockaddrLength;
|
||||
} SOCKET_ADDRESS, *PSOCKET_ADDRESS, *LPSOCKET_ADDRESS;
|
||||
|
||||
typedef struct _CSADDR_INFO {
|
||||
SOCKET_ADDRESS LocalAddr ;
|
||||
SOCKET_ADDRESS RemoteAddr ;
|
||||
INT iSocketType ;
|
||||
INT iProtocol ;
|
||||
} CSADDR_INFO, *PCSADDR_INFO, FAR * LPCSADDR_INFO ;
|
||||
|
||||
typedef struct _WSAQuerySetW
|
||||
{
|
||||
DWORD dwSize;
|
||||
LPWSTR lpszServiceInstanceName;
|
||||
LPGUID lpServiceClassId;
|
||||
LPWSAVERSION lpVersion;
|
||||
LPWSTR lpszComment;
|
||||
DWORD dwNameSpace;
|
||||
LPGUID lpNSProviderId;
|
||||
LPWSTR lpszContext;
|
||||
DWORD dwNumberOfProtocols;
|
||||
LPAFPROTOCOLS lpafpProtocols;
|
||||
LPWSTR lpszQueryString;
|
||||
DWORD dwNumberOfCsAddrs;
|
||||
LPCSADDR_INFO lpcsaBuffer;
|
||||
DWORD dwOutputFlags;
|
||||
LPBLOB lpBlob;
|
||||
} WSAQUERYSETW, *PWSAQUERYSETW, *LPWSAQUERYSETW;
|
||||
|
||||
struct hostent {
|
||||
char FAR * h_name; /* official name of host */
|
||||
char FAR * FAR * h_aliases; /* alias list */
|
||||
short h_addrtype; /* host address type */
|
||||
short h_length; /* length of address */
|
||||
char FAR * FAR * h_addr_list; /* list of addresses */
|
||||
#define h_addr h_addr_list[0] /* address, for backward compat */
|
||||
};
|
||||
|
||||
typedef struct hostent HOSTENT;
|
||||
|
||||
typedef int (*P_WSALookupServiceBeginW)(
|
||||
LPWSAQUERYSETW lpqsRestrictions,
|
||||
DWORD dwControlFlags,
|
||||
LPHANDLE lphLookup);
|
||||
|
||||
typedef int (*P_WSALookupServiceNextW)(
|
||||
HANDLE hLookup,
|
||||
DWORD dwControlFlags,
|
||||
LPDWORD lpdwBufferLength,
|
||||
LPWSAQUERYSETW lpqsResults);
|
||||
|
||||
typedef int (*P_WSALookupServiceEnd)(HANDLE hLookup);
|
||||
|
||||
typedef struct addrinfoW {
|
||||
int ai_flags;
|
||||
int ai_family;
|
||||
int ai_socktype;
|
||||
int ai_protocol;
|
||||
size_t ai_addrlen;
|
||||
PWSTR ai_canonname;
|
||||
struct sockaddr *ai_addr;
|
||||
struct addrinfoW *ai_next;
|
||||
} ADDRINFOW, *PADDRINFOW;
|
||||
|
||||
typedef int (*P_GetAddrInfoW)(
|
||||
PCWSTR pNodeName,
|
||||
PCWSTR pServiceName,
|
||||
const ADDRINFOW *pHints,
|
||||
PADDRINFOW *ppResult);
|
||||
|
||||
typedef PCSTR (*P_inet_ntop)(
|
||||
int family,
|
||||
const void *pAddr,
|
||||
PSTR pStringBuf,
|
||||
size_t StringBufSize);
|
||||
|
||||
#endif _WSA_DEFS_H
|
|
@ -1301,11 +1301,6 @@ _FX NTSTATUS Api_QueryDriverInfo(PROCESS* proc, ULONG64* parms)
|
|||
{
|
||||
NTSTATUS status = STATUS_SUCCESS;
|
||||
API_QUERY_DRIVER_INFO_ARGS *args = (API_QUERY_DRIVER_INFO_ARGS *)parms;
|
||||
|
||||
if (proc) {
|
||||
status = STATUS_NOT_IMPLEMENTED;
|
||||
goto finish;
|
||||
}
|
||||
|
||||
__try {
|
||||
|
||||
|
@ -1385,7 +1380,6 @@ _FX NTSTATUS Api_QueryDriverInfo(PROCESS* proc, ULONG64* parms)
|
|||
status = GetExceptionCode();
|
||||
}
|
||||
|
||||
finish:
|
||||
return status;
|
||||
}
|
||||
|
||||
|
|
|
@ -162,6 +162,7 @@ enum {
|
|||
API_PROTECT_ROOT,
|
||||
API_UNPROTECT_ROOT,
|
||||
API_KILL_PROCESS,
|
||||
API_FORCE_CHILDREN,
|
||||
|
||||
API_LAST
|
||||
};
|
||||
|
|
|
@ -59,6 +59,7 @@
|
|||
#define MONITOR_SCM 0x0000000E // Service Control Manager
|
||||
#define MONITOR_APICALL 0x0000000F
|
||||
#define MONITOR_RPC 0x00000010
|
||||
#define MONITOR_DNS 0x00000011
|
||||
#define MONITOR_TYPE_MASK 0x000000FF
|
||||
|
||||
#define MONITOR_RESERVED 0x0000FF00
|
||||
|
|
|
@ -98,7 +98,8 @@ extern P_NtSetInformationToken ZwSetInformationToken;
|
|||
#endif // OLD_DDK
|
||||
|
||||
#ifdef _M_ARM64
|
||||
NTSTATUS Sbie_CallZwServiceFunction_asm(UINT_PTR arg1, UINT_PTR arg2, UINT_PTR arg3, UINT_PTR arg4, UINT_PTR arg5, UINT_PTR arg6, UINT_PTR arg7, UINT_PTR arg8,
|
||||
NTSTATUS Sbie_CallZwServiceFunction_asm(
|
||||
UINT_PTR arg1, UINT_PTR arg2, UINT_PTR arg3, UINT_PTR arg4, UINT_PTR arg5, UINT_PTR arg6, UINT_PTR arg7, UINT_PTR arg8,
|
||||
UINT_PTR arg9, UINT_PTR arg10, UINT_PTR arg11, UINT_PTR arg12, UINT_PTR arg13, UINT_PTR arg14, UINT_PTR arg15, UINT_PTR arg16, UINT_PTR arg17, UINT_PTR arg18, UINT_PTR arg19,
|
||||
UINT_PTR svc_num);
|
||||
|
||||
|
@ -106,6 +107,11 @@ extern void* Driver_KiServiceInternal;
|
|||
extern USHORT ZwCreateToken_num;
|
||||
extern USHORT ZwCreateTokenEx_num;
|
||||
#else
|
||||
#ifdef _WIN64
|
||||
NTSTATUS Sbie_CallFunction_asm(VOID* func,
|
||||
UINT_PTR arg1, UINT_PTR arg2, UINT_PTR arg3, UINT_PTR arg4, UINT_PTR arg5, UINT_PTR arg6, UINT_PTR arg7, UINT_PTR arg8,
|
||||
UINT_PTR arg9, UINT_PTR arg10, UINT_PTR arg11, UINT_PTR arg12, UINT_PTR arg13, UINT_PTR arg14, UINT_PTR arg15, UINT_PTR arg16, UINT_PTR arg17, UINT_PTR arg18, UINT_PTR arg19);
|
||||
#endif
|
||||
extern P_NtCreateToken ZwCreateToken;
|
||||
extern P_NtCreateTokenEx ZwCreateTokenEx;
|
||||
#endif
|
||||
|
|
|
@ -34,7 +34,7 @@ const wchar_t Parameters[] = L"\\Parameters";
|
|||
#define IMAGE_FILE_MACHINE_ARM64 0xAA64 // ARM64 Little-Endian
|
||||
#endif
|
||||
|
||||
#define WIN11_LATEST 26200 // <-----
|
||||
#define WIN11_LATEST 26217 // <-----
|
||||
#define SVR2025 26040
|
||||
#define WIN11_FIRST 22000
|
||||
#define SVR2022 20348
|
||||
|
|
|
@ -101,9 +101,11 @@ static NTSTATUS Process_CreateUserProcess(
|
|||
#ifdef USE_PROCESS_MAP
|
||||
HASH_MAP Process_Map;
|
||||
HASH_MAP Process_MapDfp;
|
||||
HASH_MAP Process_MapFcp;
|
||||
#else
|
||||
LIST Process_List;
|
||||
LIST Process_ListDfp;
|
||||
LIST Process_ListFcp;
|
||||
#endif
|
||||
PERESOURCE Process_ListLock = NULL;
|
||||
|
||||
|
@ -136,9 +138,13 @@ _FX BOOLEAN Process_Init(void)
|
|||
|
||||
map_init(&Process_MapDfp, Driver_Pool);
|
||||
map_resize(&Process_MapDfp, 128); // prepare some buckets for better performance
|
||||
|
||||
map_init(&Process_MapFcp, Driver_Pool);
|
||||
map_resize(&Process_MapFcp, 128); // prepare some buckets for better performance
|
||||
#else
|
||||
List_Init(&Process_List);
|
||||
List_Init(&Process_ListDfp);
|
||||
List_Init(&Process_ListFcp);
|
||||
#endif
|
||||
|
||||
if (! Mem_GetLockResource(&Process_ListLock, TRUE))
|
||||
|
@ -1537,6 +1543,8 @@ _FX void Process_Delete(HANDLE ProcessId)
|
|||
|
||||
Process_DfpDelete(ProcessId);
|
||||
|
||||
Process_FcpDelete(ProcessId);
|
||||
|
||||
ExReleaseResourceLite(Process_ListLock);
|
||||
KeLowerIrql(irql);
|
||||
|
||||
|
|
|
@ -447,6 +447,11 @@ void Process_DfpDelete(HANDLE ProcessId);
|
|||
|
||||
BOOLEAN Process_DfpCheck(HANDLE ProcessId, BOOLEAN *silent);
|
||||
|
||||
// Force Child Processes
|
||||
|
||||
VOID Process_FcpInsert(HANDLE ProcessId, const WCHAR* boxname);
|
||||
void Process_FcpDelete(HANDLE ProcessId);
|
||||
BOOLEAN Process_FcpCheck(HANDLE ProcessId, WCHAR* boxname);
|
||||
|
||||
// Enumerate or count processes in a sandbox
|
||||
|
||||
|
@ -533,9 +538,11 @@ NTSTATUS Process_Api_Kill(PROCESS *proc, ULONG64 *parms);
|
|||
#ifdef USE_PROCESS_MAP
|
||||
extern HASH_MAP Process_Map;
|
||||
extern HASH_MAP Process_MapDfp;
|
||||
extern HASH_MAP Process_MapFcp;
|
||||
#else
|
||||
extern LIST Process_List;
|
||||
extern LIST Process_ListDfp;
|
||||
extern LIST Process_ListFcp;
|
||||
#endif
|
||||
extern PERESOURCE Process_ListLock;
|
||||
|
||||
|
|
|
@ -79,6 +79,16 @@ typedef struct _FORCE_PROCESS_2 {
|
|||
} FORCE_PROCESS_2;
|
||||
|
||||
|
||||
typedef struct _FORCE_PROCESS_3 {
|
||||
|
||||
#ifndef USE_PROCESS_MAP
|
||||
LIST_ELEM list_elem;
|
||||
#endif
|
||||
HANDLE pid;
|
||||
WCHAR boxname[BOXNAME_COUNT];
|
||||
|
||||
} FORCE_PROCESS_3;
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Functions
|
||||
//---------------------------------------------------------------------------
|
||||
|
@ -103,6 +113,8 @@ static BOOLEAN Process_IsWindowsExplorerParent(HANDLE ParentId);
|
|||
static BOOLEAN Process_IsImmersiveProcess(
|
||||
PEPROCESS ProcessObject, HANDLE ParentId, ULONG SessionId);
|
||||
|
||||
static BOOLEAN Process_IsProcessParent(HANDLE ParentId, WCHAR* Name);
|
||||
|
||||
void Process_CreateForceData(
|
||||
LIST *boxes, const WCHAR *SidString, ULONG SessionId);
|
||||
|
||||
|
@ -114,7 +126,7 @@ static BOX *Process_CheckForceFolder(
|
|||
LIST *boxes, const WCHAR *path, BOOLEAN alert, ULONG *IsAlert);
|
||||
|
||||
static BOX *Process_CheckForceProcess(
|
||||
LIST *boxes, const WCHAR *name, BOOLEAN alert, ULONG *IsAlert);
|
||||
LIST *boxes, const WCHAR *name, BOOLEAN alert, ULONG *IsAlert, HANDLE parent);
|
||||
|
||||
static void Process_CheckAlertFolder(
|
||||
LIST *boxes, const WCHAR *path, ULONG *IsAlert);
|
||||
|
@ -149,6 +161,7 @@ _FX BOX *Process_GetForcedStartBox(
|
|||
ULONG alert;
|
||||
BOOLEAN check_force;
|
||||
BOOLEAN is_start_exe;
|
||||
BOOLEAN image_sbie;
|
||||
BOOLEAN force_alert;
|
||||
BOOLEAN dfp_already_added;
|
||||
BOOLEAN same_image_name;
|
||||
|
@ -236,7 +249,7 @@ _FX BOX *Process_GetForcedStartBox(
|
|||
// when the process is start.exe we ignore the CurDir and DocArg
|
||||
//
|
||||
|
||||
Process_IsSbieImage(ImagePath, NULL, &is_start_exe);
|
||||
Process_IsSbieImage(ImagePath, &image_sbie, &is_start_exe);
|
||||
|
||||
if ((! box) && CurDir && !is_start_exe)
|
||||
box = Process_CheckBoxPath(&boxes, CurDir);
|
||||
|
@ -248,7 +261,7 @@ _FX BOX *Process_GetForcedStartBox(
|
|||
|
||||
if ((! box) && (! alert)) {
|
||||
box = Process_CheckForceProcess(
|
||||
&boxes, ImageName, force_alert, &alert);
|
||||
&boxes, ImageName, force_alert, &alert, ParentId);
|
||||
}
|
||||
|
||||
if ((! box) && CurDir && !is_start_exe && (! alert)) {
|
||||
|
@ -272,6 +285,31 @@ _FX BOX *Process_GetForcedStartBox(
|
|||
Process_DfpInsert(PROCESS_TERMINATED, ProcessId);
|
||||
}
|
||||
|
||||
//
|
||||
// Check if the parent process has its children forced to be sandboxes
|
||||
// exempt sandboxie components from this as start.exe can be used to
|
||||
// open selected processes in other boxes or set Dfp when desired.
|
||||
//
|
||||
// we also must excempt conhost.exe for console applications
|
||||
//
|
||||
|
||||
if (!box && !image_sbie && _wcsicmp(ImageName, L"conhost.exe") != 0) {
|
||||
|
||||
WCHAR boxname[BOXNAME_COUNT];
|
||||
|
||||
if (Process_FcpCheck(ParentId, boxname)) {
|
||||
|
||||
ULONG boxname_len = (wcslen(boxname) + 1) * sizeof(WCHAR);
|
||||
for (FORCE_BOX* cur_box = List_Head(&boxes); cur_box; cur_box = List_Next(cur_box)) {
|
||||
if (cur_box->box->name_len == boxname_len
|
||||
&& _wcsicmp(cur_box->box->name, boxname) == 0) {
|
||||
box = cur_box->box;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (alert != 1)
|
||||
force_alert = FALSE;
|
||||
|
||||
|
@ -756,34 +794,43 @@ _FX BOOLEAN Process_IsDcomLaunchParent(HANDLE ParentId)
|
|||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Process_IsWindowsExplorerParent
|
||||
// Process_IsProcessParent
|
||||
//
|
||||
// Note: Not used at the moment but leaving in place
|
||||
// as it may prove to be useful later.
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX BOOLEAN Process_IsProcessParent(HANDLE ParentId, WCHAR* Name)
|
||||
{
|
||||
BOOLEAN retval = FALSE;
|
||||
|
||||
void* nbuf;
|
||||
ULONG nlen;
|
||||
WCHAR* nptr;
|
||||
|
||||
Process_GetProcessName(
|
||||
Driver_Pool, (ULONG_PTR)ParentId, &nbuf, &nlen, &nptr);
|
||||
if (nbuf) {
|
||||
|
||||
if (_wcsicmp(nptr, Name) == 0) {
|
||||
|
||||
retval = TRUE;
|
||||
}
|
||||
|
||||
Mem_Free(nbuf, nlen);
|
||||
}
|
||||
|
||||
return retval;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Process_IsWindowsExplorerParent
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX BOOLEAN Process_IsWindowsExplorerParent(HANDLE ParentId)
|
||||
{
|
||||
BOOLEAN retval = FALSE;
|
||||
|
||||
void *nbuf;
|
||||
ULONG nlen;
|
||||
WCHAR *nptr;
|
||||
|
||||
Process_GetProcessName(
|
||||
Driver_Pool, (ULONG_PTR)ParentId, &nbuf, &nlen, &nptr);
|
||||
if (nbuf) {
|
||||
|
||||
if (_wcsicmp(nptr, L"explorer.exe") == 0) {
|
||||
|
||||
retval = TRUE;
|
||||
}
|
||||
|
||||
Mem_Free(nbuf, nlen);
|
||||
}
|
||||
|
||||
return retval;
|
||||
return Process_IsProcessParent(ParentId,L"explorer.exe");
|
||||
}
|
||||
|
||||
|
||||
|
@ -1368,7 +1415,7 @@ _FX BOOLEAN Process_CheckForceProcessList(
|
|||
|
||||
|
||||
_FX BOX *Process_CheckForceProcess(
|
||||
LIST *boxes, const WCHAR *name, BOOLEAN alert, ULONG *IsAlert)
|
||||
LIST *boxes, const WCHAR *name, BOOLEAN alert, ULONG *IsAlert, HANDLE ParentId)
|
||||
{
|
||||
FORCE_BOX *box;
|
||||
|
||||
|
@ -1388,6 +1435,11 @@ _FX BOX *Process_CheckForceProcess(
|
|||
return box->box;
|
||||
}
|
||||
|
||||
//if (Process_IsWindowsExplorerParent(ParentId) && Conf_Get_Boolean(box->box->name, L"ForceExplorerChild", 0, FALSE)) {
|
||||
// if(_wcsicmp(name,L"Sandman.exe")!=0)
|
||||
// return box->box;
|
||||
//}
|
||||
|
||||
box = List_Next(box);
|
||||
}
|
||||
|
||||
|
@ -1743,3 +1795,112 @@ _FX BOOLEAN Process_DfpCheck(HANDLE ProcessId, BOOLEAN *silent)
|
|||
|
||||
return found;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Process_FcpInsert
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX VOID Process_FcpInsert(HANDLE ProcessId, const WCHAR* boxname)
|
||||
{
|
||||
FORCE_PROCESS_3 *proc;
|
||||
KIRQL irql;
|
||||
|
||||
//
|
||||
// called by Session_Api_ForceChildren, process list not locked
|
||||
//
|
||||
|
||||
KeRaiseIrql(APC_LEVEL, &irql);
|
||||
ExAcquireResourceExclusiveLite(Process_ListLock, TRUE);
|
||||
|
||||
Process_FcpDelete(ProcessId);
|
||||
|
||||
proc = Mem_Alloc(Driver_Pool, sizeof(FORCE_PROCESS_3));
|
||||
proc->pid = ProcessId;
|
||||
wmemcpy(proc->boxname, boxname, BOXNAME_COUNT);
|
||||
|
||||
#ifdef USE_PROCESS_MAP
|
||||
map_insert(&Process_MapFcp, ProcessId, proc, 0);
|
||||
#else
|
||||
List_Insert_After(&Process_ListFcp, NULL, proc);
|
||||
#endif
|
||||
|
||||
ExReleaseResourceLite(Process_ListLock);
|
||||
KeLowerIrql(irql);
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Process_FcpDelete
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX void Process_FcpDelete(HANDLE ProcessId)
|
||||
{
|
||||
FORCE_PROCESS_3 *proc;
|
||||
|
||||
#ifdef USE_PROCESS_MAP
|
||||
if(map_take(&Process_MapFcp, ProcessId, &proc, 0))
|
||||
Mem_Free(proc, sizeof(FORCE_PROCESS_3));
|
||||
#else
|
||||
proc = List_Head(&Process_ListFcp);
|
||||
while (proc) {
|
||||
|
||||
if (proc->pid == ProcessId) {
|
||||
|
||||
List_Remove(&Process_ListFcp, proc);
|
||||
|
||||
Mem_Free(proc, sizeof(FORCE_PROCESS_3));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
proc = List_Next(proc);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Process_FcpCheck
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX BOOLEAN Process_FcpCheck(HANDLE ProcessId, WCHAR* boxname)
|
||||
{
|
||||
FORCE_PROCESS_3 *proc;
|
||||
KIRQL irql;
|
||||
BOOLEAN found = FALSE;
|
||||
|
||||
KeRaiseIrql(APC_LEVEL, &irql);
|
||||
ExAcquireResourceExclusiveLite(Process_ListLock, TRUE);
|
||||
|
||||
#ifdef USE_PROCESS_MAP
|
||||
proc = map_get(&Process_MapFcp, ProcessId);
|
||||
if (proc) {
|
||||
#else
|
||||
proc = List_Head(&Process_ListFcp);
|
||||
while (proc) {
|
||||
|
||||
if (proc->pid == ProcessId) {
|
||||
#endif
|
||||
if(boxname)
|
||||
wmemcpy(boxname, proc->boxname, BOXNAME_COUNT);
|
||||
|
||||
found = TRUE;
|
||||
#ifndef USE_PROCESS_MAP
|
||||
break;
|
||||
}
|
||||
|
||||
proc = List_Next(proc);
|
||||
#endif
|
||||
}
|
||||
|
||||
ExReleaseResourceLite(Process_ListLock);
|
||||
KeLowerIrql(irql);
|
||||
|
||||
return found;
|
||||
}
|
|
@ -104,6 +104,8 @@ static NTSTATUS Session_Api_Leader(PROCESS *proc, ULONG64 *parms);
|
|||
|
||||
static NTSTATUS Session_Api_DisableForce(PROCESS *proc, ULONG64 *parms);
|
||||
|
||||
static NTSTATUS Session_Api_ForceChildren(PROCESS *proc, ULONG64 *parms);
|
||||
|
||||
static NTSTATUS Session_Api_MonitorControl(PROCESS *proc, ULONG64 *parms);
|
||||
|
||||
//static NTSTATUS Session_Api_MonitorPut(PROCESS *proc, ULONG64 *parms);
|
||||
|
@ -141,6 +143,7 @@ _FX BOOLEAN Session_Init(void)
|
|||
|
||||
Api_SetFunction(API_SESSION_LEADER, Session_Api_Leader);
|
||||
Api_SetFunction(API_DISABLE_FORCE_PROCESS, Session_Api_DisableForce);
|
||||
Api_SetFunction(API_FORCE_CHILDREN, Session_Api_ForceChildren);
|
||||
Api_SetFunction(API_MONITOR_CONTROL, Session_Api_MonitorControl);
|
||||
//Api_SetFunction(API_MONITOR_PUT, Session_Api_MonitorPut);
|
||||
Api_SetFunction(API_MONITOR_PUT2, Session_Api_MonitorPut2);
|
||||
|
@ -496,6 +499,38 @@ _FX BOOLEAN Session_IsForceDisabled(ULONG SessionId)
|
|||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Session_Api_ForceChildren
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX NTSTATUS Session_Api_ForceChildren(PROCESS *proc, ULONG64 *parms)
|
||||
{
|
||||
HANDLE process_id;
|
||||
WCHAR *user_boxname;
|
||||
WCHAR boxname[BOXNAME_COUNT];
|
||||
|
||||
if (proc)
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
|
||||
process_id = (HANDLE)parms[1];
|
||||
|
||||
memzero(boxname, sizeof(boxname));
|
||||
user_boxname = (WCHAR *)parms[2];
|
||||
if (user_boxname) {
|
||||
ProbeForRead(user_boxname, sizeof(WCHAR) * (BOXNAME_COUNT - 2), sizeof(UCHAR));
|
||||
if (user_boxname[0])
|
||||
wcsncpy(boxname, user_boxname, (BOXNAME_COUNT - 2));
|
||||
}
|
||||
if(!process_id || process_id == (HANDLE)-1 || !boxname[0])
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
|
||||
Process_FcpInsert(process_id, boxname);
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Session_IsLeader
|
||||
//---------------------------------------------------------------------------
|
||||
|
|
|
@ -78,7 +78,7 @@ static BOOLEAN Token_AssignPrimary(
|
|||
|
||||
static void *Token_DuplicateToken(void *TokenObject, PROCESS *proc);
|
||||
|
||||
static void *Token_CreateNew(void *TokenObject, PROCESS *proc);
|
||||
static void *Token_CreateToken(void *TokenObject, PROCESS *proc);
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
@ -153,6 +153,14 @@ static UCHAR AnonymousLogonSid[12] = {
|
|||
|
||||
//UCHAR SandboxieLogonSid[SECURITY_MAX_SID_SIZE] = { 0 }; // SbieLogin
|
||||
|
||||
UCHAR SandboxieAllSid[16] = { // S-1-5-100-0
|
||||
1, // Revision
|
||||
2, // SubAuthorityCount
|
||||
0,0,0,0,0,5, // SECURITY_NT_AUTHORITY // IdentifierAuthority
|
||||
100,0,0,0, // SubAuthority[0] = SBIE_RID
|
||||
0,0,0,0 // SubAuthority[1] = 0
|
||||
};
|
||||
|
||||
static UCHAR SystemLogonSid[12] = {
|
||||
1, // Revision
|
||||
1, // SubAuthorityCount
|
||||
|
@ -880,14 +888,16 @@ _FX void *Token_Restrict(
|
|||
// Create a heavily restricted primary token
|
||||
//
|
||||
|
||||
if (Conf_Get_Boolean(proc->box->name, L"CreateToken", 0, FALSE)) {
|
||||
|
||||
if (Conf_Get_Boolean(proc->box->name, L"UseCreateToken", 0, FALSE) ||
|
||||
Conf_Get_Boolean(proc->box->name, L"SandboxieAllGroup", 0, FALSE)) {
|
||||
|
||||
//
|
||||
// Create a new token from scratch, experimental
|
||||
// Create a custom restricted token from scratch
|
||||
//
|
||||
|
||||
FixedTokenObject = Token_CreateNew(TokenObject, proc);
|
||||
}
|
||||
return Token_CreateToken(TokenObject, proc);
|
||||
}
|
||||
|
||||
else {
|
||||
|
||||
//
|
||||
|
@ -1272,6 +1282,8 @@ _FX NTSTATUS Token_RestrictHelper2(
|
|||
if (Driver_OsVersion < DRIVER_WINDOWS_VISTA)
|
||||
return STATUS_SUCCESS;
|
||||
|
||||
BOOLEAN NoUntrustedToken = Conf_Get_Boolean(proc->box->name, L"NoUntrustedToken", 0, FALSE);
|
||||
|
||||
label = (ULONG)(ULONG_PTR)Token_Query(
|
||||
TokenObject, TokenIntegrityLevel, proc->box->session_id);
|
||||
|
||||
|
@ -1297,7 +1309,10 @@ _FX NTSTATUS Token_RestrictHelper2(
|
|||
LabelSid[1] = 0x10000000;
|
||||
// debug tip. You can change the sandboxed process's integrity level below
|
||||
//LabelSid[2] = SECURITY_MANDATORY_HIGH_RID;
|
||||
LabelSid[2] = SECURITY_MANDATORY_UNTRUSTED_RID;
|
||||
if(NoUntrustedToken)
|
||||
LabelSid[2] = SECURITY_MANDATORY_LOW_RID;
|
||||
else
|
||||
LabelSid[2] = SECURITY_MANDATORY_UNTRUSTED_RID;
|
||||
LabelSid[3] = 0;
|
||||
SidAndAttrs.Sid = LabelSid;
|
||||
SidAndAttrs.Attributes = 0;
|
||||
|
@ -1369,6 +1384,7 @@ _FX void *Token_RestrictHelper3(
|
|||
BOOLEAN AnonymousLogonSidAlreadyInGroups = FALSE;
|
||||
|
||||
BOOLEAN KeepUserGroup = Conf_Get_Boolean(proc->box->name, L"KeepUserGroup", 0, FALSE);
|
||||
BOOLEAN KeepLogonSession = Conf_Get_Boolean(proc->box->name, L"KeepLogonSession", 0, FALSE);
|
||||
|
||||
n = 0;
|
||||
|
||||
|
@ -1377,6 +1393,9 @@ _FX void *Token_RestrictHelper3(
|
|||
if (Groups->Groups[i].Attributes & SE_GROUP_INTEGRITY)
|
||||
continue;
|
||||
|
||||
if (KeepLogonSession && (Groups->Groups[i].Attributes & SE_GROUP_LOGON_ID))
|
||||
continue;
|
||||
|
||||
if (RtlEqualSid(Groups->Groups[i].Sid, UserSid)) {
|
||||
if (KeepUserGroup)
|
||||
continue;
|
||||
|
@ -1703,7 +1722,7 @@ _FX BOOLEAN Token_ReplacePrimary(PROCESS *proc)
|
|||
|
||||
#ifdef _WIN64
|
||||
// OpenToken BEGIN
|
||||
if (!Conf_Get_Boolean(proc->box->name, L"CreateToken", 0, FALSE)
|
||||
if (!Conf_Get_Boolean(proc->box->name, L"ReplicateToken", 0, FALSE)
|
||||
&& !Conf_Get_Boolean(proc->box->name, L"UnrestrictedToken", 0, FALSE)
|
||||
&& Conf_Get_Boolean(proc->box->name, L"AnonymousLogon", 0, TRUE))
|
||||
// OpenToken END
|
||||
|
@ -2095,15 +2114,28 @@ _FX NTSTATUS SbieCreateToken(PHANDLE TokenHandle, ACCESS_MASK DesiredAccess, POB
|
|||
ZwCreateToken_num);
|
||||
#else
|
||||
if (ZwCreateTokenEx) { // Win 8+
|
||||
#ifdef _WIN64
|
||||
return Sbie_CallFunction_asm(ZwCreateTokenEx, (UINT_PTR)TokenHandle, (UINT_PTR)DesiredAccess, (UINT_PTR)ObjectAttributes,
|
||||
(UINT_PTR)Type, (UINT_PTR)AuthenticationId, (UINT_PTR)ExpirationTime, (UINT_PTR)User, (UINT_PTR)Groups, (UINT_PTR)Privileges,
|
||||
(UINT_PTR)UserAttributes, (UINT_PTR)DeviceAttributes, (UINT_PTR)DeviceGroups, (UINT_PTR)MandatoryPolicy,
|
||||
(UINT_PTR)Owner, (UINT_PTR)PrimaryGroup, (UINT_PTR)DefaultDacl, (UINT_PTR)Source, 0, 0);
|
||||
#else
|
||||
return ZwCreateTokenEx(TokenHandle, DesiredAccess, ObjectAttributes,
|
||||
Type, AuthenticationId, ExpirationTime, User, Groups, Privileges,
|
||||
UserAttributes, DeviceAttributes, DeviceGroups, MandatoryPolicy,
|
||||
Owner, PrimaryGroup, DefaultDacl, Source);
|
||||
#endif
|
||||
}
|
||||
if (ZwCreateToken) {
|
||||
NTSTATUS status = ZwCreateToken(TokenHandle, DesiredAccess, ObjectAttributes,
|
||||
#ifdef _WIN64
|
||||
NTSTATUS status = Sbie_CallFunction_asm(ZwCreateToken, (UINT_PTR)TokenHandle, (UINT_PTR)DesiredAccess, (UINT_PTR)ObjectAttributes,
|
||||
(UINT_PTR)Type, (UINT_PTR)AuthenticationId, (UINT_PTR)ExpirationTime, (UINT_PTR)User, (UINT_PTR)Groups, (UINT_PTR)Privileges,
|
||||
(UINT_PTR)Owner, (UINT_PTR)PrimaryGroup, (UINT_PTR)DefaultDacl, (UINT_PTR)Source, 0, 0, 0, 0, 0, 0);
|
||||
#else
|
||||
NTSTATUS status = ZwCreateToken(TokenHandle, DesiredAccess, ObjectAttributes,
|
||||
Type, AuthenticationId, ExpirationTime, User, Groups, Privileges,
|
||||
Owner, PrimaryGroup, DefaultDacl, Source);
|
||||
#endif
|
||||
#endif
|
||||
if (NT_SUCCESS(status)) {
|
||||
if(MandatoryPolicy)
|
||||
|
@ -2116,11 +2148,11 @@ _FX NTSTATUS SbieCreateToken(PHANDLE TokenHandle, ACCESS_MASK DesiredAccess, POB
|
|||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Token_CreateNew
|
||||
// Token_CreateToken
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX void* Token_CreateNew(void* TokenObject, PROCESS* proc)
|
||||
_FX void* Token_CreateToken(void* TokenObject, PROCESS* proc)
|
||||
{
|
||||
HANDLE TokenHandle = NULL;
|
||||
NTSTATUS status = STATUS_UNSUCCESSFUL;
|
||||
|
@ -2128,6 +2160,7 @@ _FX void* Token_CreateNew(void* TokenObject, PROCESS* proc)
|
|||
PTOKEN_STATISTICS LocalStatistics = NULL;
|
||||
PTOKEN_USER LocalUser = NULL;
|
||||
PTOKEN_GROUPS LocalGroups = NULL;
|
||||
PTOKEN_GROUPS OldLocalGroups = NULL;
|
||||
PTOKEN_PRIVILEGES LocalPrivileges = NULL;
|
||||
|
||||
//PTOKEN_SECURITY_ATTRIBUTES_INFORMATION UserAttributes = NULL;
|
||||
|
@ -2141,15 +2174,19 @@ _FX void* Token_CreateNew(void* TokenObject, PROCESS* proc)
|
|||
PTOKEN_SOURCE LocalSource = NULL;
|
||||
|
||||
PTOKEN_DEFAULT_DACL NewDefaultDacl = NULL;
|
||||
PTOKEN_OWNER NewOwner = NULL;
|
||||
ULONG DefaultDacl_Length = 0;
|
||||
PACL NewDacl = NULL;
|
||||
|
||||
OBJECT_ATTRIBUTES ObjectAttributes;
|
||||
|
||||
TOKEN_TYPE TokenType = TokenPrimary;
|
||||
LUID AuthenticationId = ANONYMOUS_LOGON_LUID;
|
||||
LARGE_INTEGER ExpirationTime;
|
||||
|
||||
OBJECT_ATTRIBUTES ObjectAttributes;
|
||||
SECURITY_QUALITY_OF_SERVICE SecurityQos;
|
||||
|
||||
//
|
||||
// Get the information from the original token
|
||||
// Gether informations from the original token
|
||||
//
|
||||
|
||||
if ( !NT_SUCCESS(SeQueryInformationToken(TokenObject, TokenStatistics, &LocalStatistics))
|
||||
|
@ -2170,6 +2207,80 @@ _FX void* Token_CreateNew(void* TokenObject, PROCESS* proc)
|
|||
MandatoryPolicy = (PTOKEN_MANDATORY_POLICY)ExAllocatePoolWithTag(PagedPool, sizeof(TOKEN_MANDATORY_POLICY), tzuk);
|
||||
if (MandatoryPolicy) MandatoryPolicy->Policy = TOKEN_MANDATORY_POLICY_NO_WRITE_UP;
|
||||
|
||||
//
|
||||
// Create a new token from scratch
|
||||
//
|
||||
|
||||
InitializeObjectAttributes(&ObjectAttributes, NULL, OBJ_CASE_INSENSITIVE, NULL, NULL);
|
||||
|
||||
SecurityQos.Length = sizeof(SecurityQos);
|
||||
SecurityQos.ContextTrackingMode = SECURITY_STATIC_TRACKING;
|
||||
SecurityQos.EffectiveOnly = FALSE;
|
||||
ObjectAttributes.SecurityQualityOfService = &SecurityQos;
|
||||
|
||||
if (Conf_Get_Boolean(proc->box->name, L"ReplicateToken", 0, FALSE))
|
||||
{
|
||||
SecurityQos.ImpersonationLevel = LocalStatistics->ImpersonationLevel;
|
||||
|
||||
TokenType = LocalStatistics->TokenType;
|
||||
AuthenticationId = LocalStatistics->AuthenticationId;
|
||||
ExpirationTime = LocalStatistics->ExpirationTime;
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
SecurityQos.ImpersonationLevel = SecurityAnonymous;
|
||||
|
||||
ExpirationTime.QuadPart = 0x7FFFFFFFFFFFFFFF;
|
||||
|
||||
if (!Conf_Get_Boolean(proc->box->name, L"UnstrippedToken", 0, FALSE))
|
||||
{
|
||||
BOOLEAN NoUntrustedToken = Conf_Get_Boolean(proc->box->name, L"NoUntrustedToken", 0, FALSE);
|
||||
BOOLEAN KeepUserGroup = Conf_Get_Boolean(proc->box->name, L"KeepUserGroup", 0, FALSE);
|
||||
BOOLEAN KeepLogonSession = Conf_Get_Boolean(proc->box->name, L"KeepLogonSession", 0, FALSE);
|
||||
|
||||
for (ULONG i = 0; i < LocalGroups->GroupCount; i++) {
|
||||
|
||||
if (LocalGroups->Groups[i].Attributes & SE_GROUP_INTEGRITY) {
|
||||
if (!Conf_Get_Boolean(proc->box->name, L"KeepTokenIntegrity", 0, FALSE)) {
|
||||
if(NoUntrustedToken)
|
||||
*RtlSubAuthoritySid(LocalGroups->Groups[i].Sid, 0) = SECURITY_MANDATORY_LOW_RID;
|
||||
else
|
||||
*RtlSubAuthoritySid(LocalGroups->Groups[i].Sid, 0) = SECURITY_MANDATORY_UNTRUSTED_RID;
|
||||
}
|
||||
continue;
|
||||
}
|
||||
|
||||
if (KeepLogonSession && (LocalGroups->Groups[i].Attributes & SE_GROUP_LOGON_ID))
|
||||
continue;
|
||||
|
||||
if (RtlEqualSid(LocalGroups->Groups[i].Sid, LocalUser->User.Sid)) {
|
||||
if (KeepUserGroup)
|
||||
continue;
|
||||
}
|
||||
|
||||
LocalGroups->Groups[i].Attributes = 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (Conf_Get_Boolean(proc->box->name, L"SandboxieAllGroup", 0, FALSE)) // & Driver_SandboxieSid)
|
||||
{
|
||||
OldLocalGroups = LocalGroups;
|
||||
|
||||
ULONG NewGroupCount = OldLocalGroups->GroupCount + 1;
|
||||
SIZE_T NewSize = FIELD_OFFSET(TOKEN_GROUPS, Groups) + NewGroupCount * sizeof(SID_AND_ATTRIBUTES);
|
||||
|
||||
LocalGroups = (PTOKEN_GROUPS)ExAllocatePoolWithTag(PagedPool, NewSize, tzuk);
|
||||
RtlZeroMemory(LocalGroups, NewSize);
|
||||
|
||||
LocalGroups->Groups[0].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT;
|
||||
LocalGroups->Groups[0].Sid = SandboxieAllSid; // Driver_SandboxieSid;
|
||||
|
||||
RtlCopyMemory(&LocalGroups->Groups[1], OldLocalGroups->Groups, OldLocalGroups->GroupCount * sizeof(SID_AND_ATTRIBUTES));
|
||||
LocalGroups->GroupCount = NewGroupCount;
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// Change the SID
|
||||
//
|
||||
|
@ -2181,37 +2292,28 @@ _FX void* Token_CreateNew(void* TokenObject, PROCESS* proc)
|
|||
|
||||
if (proc->SandboxieLogonSid)
|
||||
{
|
||||
//
|
||||
// free old user and create a new one with the new SID
|
||||
//
|
||||
|
||||
ULONG Attributes = LocalUser->User.Attributes;
|
||||
|
||||
ExFreePool((PVOID)LocalUser);
|
||||
LocalUser = ExAllocatePoolWithTag(PagedPool, sizeof(TOKEN_USER) + RtlLengthSid(proc->SandboxieLogonSid), tzuk);
|
||||
|
||||
LocalUser->User.Attributes = Attributes;
|
||||
LocalUser->User.Sid = ((UCHAR*)LocalUser) + sizeof(TOKEN_USER);
|
||||
|
||||
memcpy(LocalUser->User.Sid, proc->SandboxieLogonSid, RtlLengthSid(proc->SandboxieLogonSid));
|
||||
}
|
||||
|
||||
//
|
||||
// Create a new token from scratch
|
||||
//
|
||||
|
||||
SecurityQos.Length = sizeof(SecurityQos);
|
||||
SecurityQos.ImpersonationLevel = LocalStatistics->ImpersonationLevel;
|
||||
SecurityQos.ContextTrackingMode = SECURITY_STATIC_TRACKING;
|
||||
SecurityQos.EffectiveOnly = FALSE;
|
||||
|
||||
ObjectAttributes.SecurityQualityOfService = &SecurityQos;
|
||||
|
||||
InitializeObjectAttributes(
|
||||
&ObjectAttributes,
|
||||
NULL,
|
||||
OBJ_CASE_INSENSITIVE,
|
||||
NULL,
|
||||
NULL
|
||||
);
|
||||
|
||||
//LUID AuthenticationId = ANONYMOUS_LOGON_LUID;
|
||||
|
||||
|
||||
status = SbieCreateToken(
|
||||
&TokenHandle,
|
||||
TOKEN_ALL_ACCESS,
|
||||
&ObjectAttributes,
|
||||
LocalStatistics->TokenType,
|
||||
&LocalStatistics->AuthenticationId,
|
||||
&LocalStatistics->ExpirationTime,
|
||||
TokenType,
|
||||
&AuthenticationId,
|
||||
&ExpirationTime,
|
||||
LocalUser,
|
||||
LocalGroups,
|
||||
LocalPrivileges,
|
||||
|
@ -2248,18 +2350,19 @@ _FX void* Token_CreateNew(void* TokenObject, PROCESS* proc)
|
|||
NewDefaultDacl->DefaultDacl = NewDacl = (PACL)((ULONG_PTR)NewDefaultDacl + sizeof(TOKEN_DEFAULT_DACL));
|
||||
NewDefaultDacl->DefaultDacl->AclSize += 128;
|
||||
|
||||
NewOwner = (PTOKEN_OWNER)ExAllocatePoolWithTag(PagedPool, sizeof(TOKEN_OWNER), tzuk);
|
||||
NewOwner->Owner = LocalUser->User.Sid;
|
||||
ExFreePool((PVOID)LocalOwner);
|
||||
LocalOwner = (PTOKEN_OWNER)ExAllocatePoolWithTag(PagedPool, sizeof(TOKEN_OWNER), tzuk);
|
||||
LocalOwner->Owner = LocalUser->User.Sid;
|
||||
|
||||
RtlAddAccessAllowedAce(NewDacl, ACL_REVISION2, GENERIC_ALL, NewOwner->Owner);
|
||||
RtlAddAccessAllowedAce(NewDacl, ACL_REVISION2, GENERIC_ALL, LocalOwner->Owner);
|
||||
|
||||
status = SbieCreateToken(
|
||||
&TokenHandle,
|
||||
TOKEN_ALL_ACCESS,
|
||||
&ObjectAttributes,
|
||||
LocalStatistics->TokenType,
|
||||
&LocalStatistics->AuthenticationId,
|
||||
&LocalStatistics->ExpirationTime,
|
||||
TokenType,
|
||||
&AuthenticationId,
|
||||
&ExpirationTime,
|
||||
LocalUser,
|
||||
LocalGroups,
|
||||
LocalPrivileges,
|
||||
|
@ -2269,7 +2372,7 @@ _FX void* Token_CreateNew(void* TokenObject, PROCESS* proc)
|
|||
0, //DeviceGroups,
|
||||
MandatoryPolicy,
|
||||
|
||||
NewOwner,
|
||||
LocalOwner,
|
||||
LocalPrimaryGroup,
|
||||
NewDefaultDacl,
|
||||
LocalSource
|
||||
|
@ -2294,17 +2397,16 @@ _FX void* Token_CreateNew(void* TokenObject, PROCESS* proc)
|
|||
ULONG virtualizationAllowed = 1;
|
||||
status = ZwSetInformationToken(TokenHandle, TokenVirtualizationAllowed, &virtualizationAllowed, sizeof(ULONG));
|
||||
|
||||
if (Conf_Get_Boolean(proc->box->name, L"CopyTokenAttributes", 0, FALSE))
|
||||
{
|
||||
HANDLE OldTokenHandle;
|
||||
status = ObOpenObjectByPointer(
|
||||
TokenObject, OBJ_KERNEL_HANDLE, NULL, TOKEN_ALL_ACCESS,
|
||||
*SeTokenObjectType, KernelMode, &OldTokenHandle);
|
||||
if (NT_SUCCESS(status))
|
||||
{
|
||||
void* ptr = ExAllocatePoolWithTag(PagedPool, PAGE_SIZE, tzuk);
|
||||
|
||||
/*HANDLE OldTokenHandle;
|
||||
status = ObOpenObjectByPointer(
|
||||
TokenObject, OBJ_KERNEL_HANDLE, NULL, TOKEN_ALL_ACCESS,
|
||||
*SeTokenObjectType, KernelMode, &OldTokenHandle);
|
||||
if (NT_SUCCESS(status)) {
|
||||
|
||||
__try {
|
||||
|
||||
void* ptr = ExAllocatePoolWithTag(PagedPool, PAGE_SIZE, tzuk);
|
||||
if (ptr) {
|
||||
ULONG len = 0;
|
||||
status = ZwQueryInformationToken(OldTokenHandle, TokenSecurityAttributes, ptr, PAGE_SIZE, &len);
|
||||
if (NT_SUCCESS(status)) {
|
||||
|
@ -2320,23 +2422,18 @@ _FX void* Token_CreateNew(void* TokenObject, PROCESS* proc)
|
|||
|
||||
status = ZwSetInformationToken(TokenHandle, TokenSecurityAttributes, data, len);
|
||||
}
|
||||
|
||||
ExFreePool(ptr);
|
||||
|
||||
ZwClose(OldTokenHandle);
|
||||
}
|
||||
if (ptr)ExFreePool(ptr);
|
||||
|
||||
|
||||
} __except (EXCEPTION_EXECUTE_HANDLER) {
|
||||
status = GetExceptionCode() + 0x01000000;
|
||||
}
|
||||
|
||||
DbgPrint("TokenSecurityAttributes %08x", status);
|
||||
|
||||
ZwClose(OldTokenHandle);
|
||||
}*/
|
||||
}
|
||||
|
||||
finish:
|
||||
if (LocalStatistics) ExFreePool((PVOID)LocalStatistics);
|
||||
if (LocalUser) ExFreePool((PVOID)LocalUser);
|
||||
if (LocalGroups) ExFreePool((PVOID)LocalGroups);
|
||||
if (OldLocalGroups) ExFreePool((PVOID)OldLocalGroups);
|
||||
if (LocalPrivileges) ExFreePool((PVOID)LocalPrivileges);
|
||||
|
||||
//if (UserAttributes) ExFreePool((PVOID)UserAttributes);
|
||||
|
@ -2350,8 +2447,6 @@ finish:
|
|||
if (LocalSource) ExFreePool((PVOID)LocalSource);
|
||||
|
||||
if (NewDefaultDacl) ExFreePool((PVOID)NewDefaultDacl);
|
||||
if (NewOwner) ExFreePool((PVOID)NewOwner);
|
||||
|
||||
|
||||
//
|
||||
// get the actual token object from the handle
|
||||
|
|
|
@ -228,6 +228,43 @@ endif
|
|||
|
||||
;----------------------------------------------------------------------------
|
||||
|
||||
ifdef _WIN64
|
||||
Sbie_CallFunction_asm PROC FRAME
|
||||
|
||||
mov qword ptr [rsp+20h],r9
|
||||
mov qword ptr [rsp+18h],r8
|
||||
mov qword ptr [rsp+10h],rdx
|
||||
mov qword ptr [rsp+8],rcx
|
||||
|
||||
push rsi
|
||||
.pushreg rsi
|
||||
push rdi
|
||||
.pushreg rdi
|
||||
sub rsp,0A8h
|
||||
.allocstack 0A8h
|
||||
.endprolog
|
||||
|
||||
lea rsi, [rsp+0E8h]
|
||||
lea rdi, [rsp+020h]
|
||||
mov rcx, 15
|
||||
rep movsq
|
||||
|
||||
mov r9,qword ptr [rsp+0E0h]
|
||||
mov r8,qword ptr [rsp+0D8h]
|
||||
mov rdx,qword ptr [rsp+0D0h]
|
||||
mov rcx,qword ptr [rsp+0C8h]
|
||||
call qword ptr [rsp+0C0h]
|
||||
|
||||
add rsp,0A8h
|
||||
pop rdi
|
||||
pop rsi
|
||||
ret
|
||||
|
||||
Sbie_CallFunction_asm ENDP
|
||||
endif
|
||||
|
||||
;----------------------------------------------------------------------------
|
||||
|
||||
ifdef _WIN64
|
||||
|
||||
EXTERN Token_SepFilterToken : QWORD
|
||||
|
@ -237,9 +274,9 @@ Sbie_SepFilterTokenHandler_asm PROC FRAME
|
|||
mov qword ptr [rsp+20h],r9
|
||||
mov qword ptr [rsp+18h],r8
|
||||
mov qword ptr [rsp+10h],rdx
|
||||
mov qword ptr [rsp+8],rcx
|
||||
mov qword ptr [rsp+8],rcx
|
||||
|
||||
sub rsp,78h
|
||||
sub rsp,78h ; 8 * 15 - reserve stack space
|
||||
.allocstack 78h
|
||||
.endprolog
|
||||
|
||||
|
@ -259,7 +296,7 @@ Sbie_SepFilterTokenHandler_asm PROC FRAME
|
|||
mov r8d,0
|
||||
mov edx,0
|
||||
mov rcx,qword ptr [rsp+080h] ; TokenObject
|
||||
call Token_SepFilterToken
|
||||
call Token_SepFilterToken ; 11 arguments
|
||||
|
||||
add rsp,78h
|
||||
|
||||
|
|
|
@ -842,8 +842,13 @@ _FX NTSTATUS KphValidateCertificate()
|
|||
}
|
||||
else if (!level || _wcsicmp(level, L"STANDARD") == 0) // not used, default does not have explicit level
|
||||
Verify_CertInfo.level = eCertStandard;
|
||||
else if (_wcsicmp(level, L"ADVANCED") == 0)
|
||||
Verify_CertInfo.level = eCertAdvanced;
|
||||
else if (_wcsicmp(level, L"ADVANCED") == 0)
|
||||
{
|
||||
if(Verify_CertInfo.type == eCertPatreon || Verify_CertInfo.type == eCertEntryPatreon)
|
||||
Verify_CertInfo.level = eCertAdvanced1;
|
||||
else
|
||||
Verify_CertInfo.level = eCertAdvanced;
|
||||
}
|
||||
// scheme 1.1 >>>
|
||||
else if (CERT_IS_TYPE(Verify_CertInfo, eCertPersonal) || CERT_IS_TYPE(Verify_CertInfo, eCertPatreon))
|
||||
{
|
||||
|
@ -851,6 +856,11 @@ _FX NTSTATUS KphValidateCertificate()
|
|||
Verify_CertInfo.type = eCertEternal;
|
||||
Verify_CertInfo.level = eCertMaxLevel;
|
||||
}
|
||||
else if (_wcsicmp(level, L"LARGE") == 0 && cert_date.QuadPart < KphGetDate(1, 04, 2022)) {
|
||||
Verify_CertInfo.level = eCertAdvanced1;
|
||||
expiration_date.QuadPart = -2;
|
||||
}
|
||||
// todo: 01.09.2025: remove code for expired case LARGE
|
||||
else if (_wcsicmp(level, L"LARGE") == 0) { // 2 years - personal
|
||||
if(CERT_IS_TYPE(Verify_CertInfo, eCertPatreon))
|
||||
Verify_CertInfo.level = eCertStandard2;
|
||||
|
@ -858,15 +868,11 @@ _FX NTSTATUS KphValidateCertificate()
|
|||
Verify_CertInfo.level = eCertAdvanced;
|
||||
expiration_date.QuadPart = cert_date.QuadPart + KphGetDateInterval(0, 0, 2); // 2 years
|
||||
}
|
||||
// todo: 01.09.2024: remove code for expired case MEDIUM
|
||||
else if (_wcsicmp(level, L"MEDIUM") == 0) { // 1 year - personal
|
||||
Verify_CertInfo.level = eCertStandard2;
|
||||
}
|
||||
else if (_wcsicmp(level, L"ENTRY") == 0) { // PATREON-ENTRY new patreons get only 3 montgs for start
|
||||
Verify_CertInfo.level = eCertStandard2;
|
||||
if(CERT_IS_TYPE(Verify_CertInfo, eCertPatreon))
|
||||
Verify_CertInfo.type = eCertEntryPatreon;
|
||||
expiration_date.QuadPart = cert_date.QuadPart + KphGetDateInterval(0, 3, 0);
|
||||
}
|
||||
// todo: 01.09.2024: remove code for expired case SMALL
|
||||
else if (_wcsicmp(level, L"SMALL") == 0) { // 1 year - subscription
|
||||
Verify_CertInfo.level = eCertStandard2;
|
||||
Verify_CertInfo.type = eCertHome;
|
||||
|
@ -886,7 +892,9 @@ _FX NTSTATUS KphValidateCertificate()
|
|||
// check if this is a subscription type certificate
|
||||
BOOLEAN isSubscription = CERT_IS_SUBSCRIPTION(Verify_CertInfo);
|
||||
|
||||
if (expiration_date.QuadPart != -1)
|
||||
if (expiration_date.QuadPart == -2)
|
||||
Verify_CertInfo.expired = 1; // but not outdated
|
||||
else if (expiration_date.QuadPart != -1)
|
||||
{
|
||||
// check if this certificate is expired
|
||||
if (expiration_date.QuadPart < LocalTime.QuadPart)
|
||||
|
|
|
@ -79,6 +79,7 @@ enum ECertLevel {
|
|||
eCertNoLevel = 0b000,
|
||||
eCertStandard = 0b010,
|
||||
eCertStandard2 = 0b011,
|
||||
eCertAdvanced1 = 0b100,
|
||||
eCertAdvanced = 0b101,
|
||||
eCertMaxLevel = 0b111,
|
||||
};
|
||||
|
|
|
@ -119,6 +119,8 @@ bool DriverAssist::InitializePortAndThreads()
|
|||
PSECURITY_DESCRIPTOR sd;
|
||||
ULONG i, n;
|
||||
|
||||
InitSIDs();
|
||||
|
||||
//
|
||||
// create a security descriptor with a limited DACL
|
||||
// owner:system, group:system, dacl(allow;generic_all;system)
|
||||
|
|
|
@ -122,6 +122,8 @@ private:
|
|||
// SbieLogin
|
||||
//
|
||||
|
||||
void InitSIDs();
|
||||
|
||||
bool GetSandboxieSID(const WCHAR* boxname, UCHAR* SandboxieLogonSid, DWORD dwSidSize);
|
||||
|
||||
void CleanUpSIDs();
|
||||
|
|
|
@ -93,13 +93,42 @@ NTSTATUS RemoveSidName(const WCHAR* domain, const WCHAR* user)
|
|||
|
||||
#define SBIE_RID 100 // must be between 80 and 111 inclusive
|
||||
|
||||
UCHAR SandboxieSid[12] = { // S-1-5-100-
|
||||
UCHAR SandboxieSid[12] = { // S-1-5-100
|
||||
1, // Revision
|
||||
1, // SubAuthorityCount
|
||||
0,0,0,0,0,5, // SECURITY_NT_AUTHORITY // IdentifierAuthority
|
||||
SBIE_RID,0,0,0 // SubAuthority
|
||||
SBIE_RID,0,0,0 // SubAuthority[0]
|
||||
};
|
||||
|
||||
UCHAR SandboxieAllSid[16] = { // S-1-5-100-0
|
||||
1, // Revision
|
||||
2, // SubAuthorityCount
|
||||
0,0,0,0,0,5, // SECURITY_NT_AUTHORITY // IdentifierAuthority
|
||||
SBIE_RID,0,0,0, // SubAuthority[0]
|
||||
0,0,0,0 // SubAuthority[1]
|
||||
};
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// InitSIDs
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
void DriverAssist::InitSIDs()
|
||||
{
|
||||
//
|
||||
// add Sandboxie domain "Sandboxie"
|
||||
//
|
||||
|
||||
AddSidName(SandboxieSid, SANDBOXIE, NULL);
|
||||
|
||||
//
|
||||
// add Sandboxie box user "Sandboxie\\All Sandboxes"
|
||||
//
|
||||
|
||||
AddSidName(SandboxieAllSid, SANDBOXIE, L"All Sandboxes");
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// GetSandboxieSID
|
||||
|
@ -108,35 +137,28 @@ UCHAR SandboxieSid[12] = { // S-1-5-100-
|
|||
|
||||
bool DriverAssist::GetSandboxieSID(const WCHAR* boxname, UCHAR* pSID, DWORD dwSidSize)
|
||||
{
|
||||
if (!SbieApi_QueryConfBool(boxname, L"SandboxieLogon", FALSE))
|
||||
if (boxname && !SbieApi_QueryConfBool(boxname, L"SandboxieLogon", FALSE))
|
||||
return false;
|
||||
|
||||
WCHAR szUserName[256], szDomainName[256];
|
||||
DWORD dwDomainSize = ARRAYSIZE(szDomainName);
|
||||
SID_NAME_USE snu = SidTypeInvalid;
|
||||
|
||||
wcscpy(szUserName, SANDBOXIE L"\\");
|
||||
wcscat(szUserName, boxname);
|
||||
wcscpy(szUserName, SANDBOXIE);
|
||||
if (boxname) {
|
||||
wcscat(szUserName, L"\\");
|
||||
wcscat(szUserName, boxname);
|
||||
}
|
||||
|
||||
if (LookupAccountName(NULL, szUserName, pSID, &dwSidSize, szDomainName, &dwDomainSize, &snu))
|
||||
return true;
|
||||
|
||||
//
|
||||
// add Sandboxie domain "Sandboxie"
|
||||
//
|
||||
|
||||
static bool SbieAdded = false;
|
||||
if (!SbieAdded) {
|
||||
AddSidName(SandboxieSid, SANDBOXIE, NULL);
|
||||
SbieAdded = true;
|
||||
}
|
||||
|
||||
//
|
||||
// add Sandboxie box user "Sandboxie\\DefaultBox"
|
||||
// add Sandboxie box user "Sandboxie\\[BoxName]"
|
||||
//
|
||||
|
||||
UNICODE_STRING Name;
|
||||
RtlInitUnicodeString(&Name, boxname);
|
||||
RtlInitUnicodeString(&Name, boxname ? boxname : SANDBOXIE);
|
||||
RtlCreateVirtualAccountSid(&Name, SBIE_RID, pSID, &dwSidSize);
|
||||
|
||||
return NT_SUCCESS(AddSidName(pSID, SANDBOXIE, boxname));
|
||||
|
|
|
@ -1092,11 +1092,26 @@ HANDLE GuiServer::GetJobObjectForAssign(const WCHAR *boxname)
|
|||
//
|
||||
|
||||
if (ok) {
|
||||
|
||||
JOBOBJECT_EXTENDED_LIMIT_INFORMATION jobELInfo = {0};
|
||||
jobELInfo.BasicLimitInformation.LimitFlags = JOB_OBJECT_LIMIT_BREAKAWAY_OK
|
||||
| JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK;
|
||||
|
||||
ok = SetInformationJobObject(hJobObject, JobObjectExtendedLimitInformation, &jobELInfo, sizeof(jobELInfo));
|
||||
ULONG TotalMemoryLimit = SbieApi_QueryConfNumber(boxname, L"TotalMemoryLimit", 0);
|
||||
ULONG ProcessNumberLimit = SbieApi_QueryConfNumber(boxname, L"ProcessNumberLimit", 0);
|
||||
ULONG ProcessMemoryLimit = SbieApi_QueryConfNumber(boxname, L"ProcessMemoryLimit", 0);
|
||||
if (TotalMemoryLimit != 0) {
|
||||
jobELInfo.JobMemoryLimit = TotalMemoryLimit;
|
||||
jobELInfo.BasicLimitInformation.LimitFlags |= JOB_OBJECT_LIMIT_JOB_MEMORY;
|
||||
}
|
||||
if (ProcessNumberLimit != 0) {
|
||||
jobELInfo.BasicLimitInformation.ActiveProcessLimit = ProcessNumberLimit;
|
||||
jobELInfo.BasicLimitInformation.LimitFlags |= JOB_OBJECT_LIMIT_ACTIVE_PROCESS;
|
||||
}
|
||||
if (ProcessMemoryLimit != 0) {
|
||||
jobELInfo.ProcessMemoryLimit = ProcessMemoryLimit;
|
||||
jobELInfo.BasicLimitInformation.LimitFlags |= JOB_OBJECT_LIMIT_PROCESS_MEMORY;
|
||||
}
|
||||
ok = SetInformationJobObject(hJobObject, JobObjectExtendedLimitInformation, &jobELInfo, sizeof(jobELInfo));
|
||||
}
|
||||
}
|
||||
if (! ok) {
|
||||
|
@ -1344,6 +1359,9 @@ bool GuiServer::GetWindowStationAndDesktopName(WCHAR *out_name)
|
|||
}
|
||||
}
|
||||
|
||||
if(label_sd != NULL)
|
||||
LocalFree(label_sd);
|
||||
|
||||
ReportError2336(-1, errlvl, GetLastError());
|
||||
return false;
|
||||
}
|
||||
|
|
|
@ -997,7 +997,7 @@ bool MountManager::AcquireBoxRoot(const WCHAR* boxname, const WCHAR* reg_root, c
|
|||
std::wstring TargetNtPath;
|
||||
|
||||
SCertInfo CertInfo = { 0 };
|
||||
if ((UseFileImage || UseRamDisk) && (!NT_SUCCESS(SbieApi_Call(API_QUERY_DRIVER_INFO, 3, -1, (ULONG_PTR)&CertInfo, sizeof(CertInfo))) || !CERT_IS_LEVEL(CertInfo, (UseFileImage ? eCertAdvanced : eCertStandard)))) {
|
||||
if ((UseFileImage || UseRamDisk) && (!NT_SUCCESS(SbieApi_Call(API_QUERY_DRIVER_INFO, 3, -1, (ULONG_PTR)&CertInfo, sizeof(CertInfo))) || !CERT_IS_LEVEL(CertInfo, (UseFileImage ? eCertAdvanced1 : eCertStandard)))) {
|
||||
const WCHAR* strings[] = { boxname, UseFileImage ? L"UseFileImage" : L"UseRamDisk" , NULL };
|
||||
SbieApi_LogMsgExt(session_id, UseFileImage ? 6009 : 6008, strings);
|
||||
errlvl = 0x66;
|
||||
|
|
|
@ -373,6 +373,16 @@
|
|||
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|ARM64EC'">true</ExcludedFromBuild>
|
||||
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|ARM64'">true</ExcludedFromBuild>
|
||||
</ClCompile>
|
||||
<ClCompile Include="..\..\common\rc4.c">
|
||||
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|ARM64EC'">true</ExcludedFromBuild>
|
||||
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|ARM64EC'">true</ExcludedFromBuild>
|
||||
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
|
||||
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">true</ExcludedFromBuild>
|
||||
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|ARM64'">true</ExcludedFromBuild>
|
||||
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|ARM64'">true</ExcludedFromBuild>
|
||||
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">true</ExcludedFromBuild>
|
||||
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">true</ExcludedFromBuild>
|
||||
</ClCompile>
|
||||
<ClCompile Include="..\..\common\stream.c">
|
||||
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
|
||||
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">true</ExcludedFromBuild>
|
||||
|
|
|
@ -84,6 +84,9 @@
|
|||
<ClCompile Include="MountManagerHelpers.cpp">
|
||||
<Filter>MountManager</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="..\..\common\rc4.c">
|
||||
<Filter>common</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="misc.h" />
|
||||
|
|
|
@ -39,6 +39,8 @@ extern "C" {
|
|||
#define CRC_WITH_ADLER32
|
||||
#include "common/crc.c"
|
||||
|
||||
#include "common/rc4.c"
|
||||
|
||||
#define PATTERN XPATTERN
|
||||
#include "common/pattern.c"
|
||||
|
||||
|
|
|
@ -100,6 +100,9 @@
|
|||
#define MSGID_SBIE_INI_GET_VERSION 0x18AA
|
||||
#define MSGID_SBIE_INI_GET_WAIT_HANDLE 0x18AB
|
||||
#define MSGID_SBIE_INI_RUN_SBIE_CTRL 0x180A
|
||||
#define MSGID_SBIE_INI_RC4_CRYPT 0x180F
|
||||
|
||||
//#define MSGID_SBIE_MGR 0x1900
|
||||
|
||||
#define MSGID_NETAPI 0x1A00
|
||||
#define MSGID_NETAPI_USE_ADD 0x1A01
|
||||
|
|
|
@ -33,6 +33,9 @@
|
|||
#include "common/my_version.h"
|
||||
#define CRC_HEADER_ONLY
|
||||
#include "common/crc.c"
|
||||
#define RC4_HEADER_ONLY
|
||||
#include "common/rc4.c"
|
||||
#include "core/drv/api_defs.h"
|
||||
|
||||
#ifdef NEW_INI_MODE
|
||||
extern "C" {
|
||||
|
@ -147,6 +150,11 @@ MSG_HEADER *SbieIniServer::Handler2(MSG_HEADER *msg)
|
|||
return RunSbieCtrl(msg, idProcess, NT_SUCCESS(status));
|
||||
}
|
||||
|
||||
if (msg->msgid == MSGID_SBIE_INI_RC4_CRYPT) {
|
||||
|
||||
return RC4Crypt(msg, idProcess, NT_SUCCESS(status));
|
||||
}
|
||||
|
||||
if (NT_SUCCESS(status)) // if sandboxed
|
||||
return SHORT_REPLY(STATUS_NOT_SUPPORTED);
|
||||
|
||||
|
@ -363,7 +371,7 @@ MSG_HEADER *SbieIniServer::GetUser(MSG_HEADER *msg)
|
|||
bool ok2 = SetUserSettingsSectionName(hToken);
|
||||
|
||||
BOOLEAN admin = FALSE;
|
||||
if (ok2 && TokenIsAdmin(hToken))
|
||||
if (ok2 && TokenIsAdmin(hToken, true))
|
||||
admin = TRUE;
|
||||
|
||||
CloseHandle(hToken);
|
||||
|
@ -461,7 +469,7 @@ ULONG SbieIniServer::CheckRequest(MSG_HEADER *msg)
|
|||
|
||||
} else {
|
||||
|
||||
ULONG status = IsCallerAuthorized(hToken, req->password);
|
||||
ULONG status = IsCallerAuthorized(hToken, req->password, req->section);
|
||||
if (status != 0)
|
||||
return status;
|
||||
}
|
||||
|
@ -710,7 +718,7 @@ finish:
|
|||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
ULONG SbieIniServer::IsCallerAuthorized(HANDLE hToken, const WCHAR *Password)
|
||||
ULONG SbieIniServer::IsCallerAuthorized(HANDLE hToken, const WCHAR *Password, const WCHAR *Section)
|
||||
{
|
||||
WCHAR buf[42], buf2[42];
|
||||
|
||||
|
@ -718,9 +726,9 @@ ULONG SbieIniServer::IsCallerAuthorized(HANDLE hToken, const WCHAR *Password)
|
|||
// check for Administrator-only access
|
||||
//
|
||||
|
||||
if (SbieApi_QueryConfBool(NULL, L"EditAdminOnly", FALSE)) {
|
||||
if (SbieApi_QueryConfBool(Section, L"EditAdminOnly", FALSE)) {
|
||||
|
||||
if (! TokenIsAdmin(hToken)) {
|
||||
if (! TokenIsAdmin(hToken, true)) {
|
||||
CloseHandle(hToken);
|
||||
return STATUS_LOGON_NOT_GRANTED;
|
||||
}
|
||||
|
@ -2392,3 +2400,48 @@ MSG_HEADER *SbieIniServer::RunSbieCtrl(MSG_HEADER *msg, HANDLE idProcess, bool i
|
|||
|
||||
return SHORT_REPLY(status);
|
||||
}
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// RC4Crypt
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
MSG_HEADER *SbieIniServer::RC4Crypt(MSG_HEADER *msg, HANDLE idProcess, bool isSandboxed)
|
||||
{
|
||||
//
|
||||
// The purpose of this function is to provide a simple machien bound obfuscation
|
||||
// for example to store passwords which are required in plain text.
|
||||
// To this end we use a Random 64 bit key which is generated once and stored in the registry
|
||||
// as well as the rc4 algorythm for the encryption, applying the same transformation twice
|
||||
// yealds the original plaintext, hence only one function is sufficient.
|
||||
//
|
||||
// Please note that neider the mechanism nor the use rc4 algorythm can be considdered
|
||||
// cryptographically secure by any means.
|
||||
// This mechanism is only good for simple obfuscation of non critical data.
|
||||
//
|
||||
|
||||
SBIE_INI_RC4_CRYPT_REQ *req = (SBIE_INI_RC4_CRYPT_REQ *)msg;
|
||||
if (req->h.length < sizeof(SBIE_INI_RC4_CRYPT_REQ))
|
||||
return SHORT_REPLY(STATUS_INVALID_PARAMETER);
|
||||
|
||||
ULONG rpl_len = sizeof(SBIE_INI_RC4_CRYPT_RPL) + req->value_len;
|
||||
SBIE_INI_RC4_CRYPT_RPL *rpl = (SBIE_INI_RC4_CRYPT_RPL *)LONG_REPLY(rpl_len);
|
||||
if (!rpl)
|
||||
return SHORT_REPLY(STATUS_INSUFFICIENT_RESOURCES);
|
||||
|
||||
rpl->value_len = req->value_len;
|
||||
memcpy(rpl->value, req->value, req->value_len);
|
||||
|
||||
ULONG64 RandID = 0;
|
||||
SbieApi_Call(API_GET_SECURE_PARAM, 3, L"RandID", (ULONG_PTR)&RandID, sizeof(RandID));
|
||||
if (RandID == 0) {
|
||||
srand(GetTickCount());
|
||||
RandID = ULONG64(rand() & 0xFFFF) | (ULONG64(rand() & 0xFFFF) << 16) | (ULONG64(rand() & 0xFFFF) << 32) | (ULONG64(rand() & 0xFFFF) << 48);
|
||||
SbieApi_Call(API_SET_SECURE_PARAM, 3, L"RandID", (ULONG_PTR)&RandID, sizeof(RandID));
|
||||
}
|
||||
|
||||
rc4_crypt((BYTE*)&RandID, sizeof(RandID), 0x1000, rpl->value, rpl->value_len);
|
||||
|
||||
return (MSG_HEADER*)rpl;
|
||||
}
|
|
@ -95,7 +95,7 @@ protected:
|
|||
bool GetIniPath(WCHAR **IniPath,
|
||||
BOOLEAN *IsHomePath = NULL, BOOLEAN* IsUTF8 = NULL);
|
||||
|
||||
ULONG IsCallerAuthorized(HANDLE hToken, const WCHAR *Password);
|
||||
ULONG IsCallerAuthorized(HANDLE hToken, const WCHAR *Password, const WCHAR *Section = NULL);
|
||||
|
||||
void LockConf(WCHAR *IniPath);
|
||||
|
||||
|
@ -105,6 +105,8 @@ protected:
|
|||
|
||||
MSG_HEADER *RunSbieCtrl(MSG_HEADER *msg, HANDLE idProcess, bool isSandboxed);
|
||||
|
||||
MSG_HEADER *RC4Crypt(MSG_HEADER *msg, HANDLE idProcess, bool isSandboxed);
|
||||
|
||||
|
||||
protected:
|
||||
|
||||
|
|
|
@ -174,6 +174,29 @@ struct tagSBIE_INI_PASSWORD_REQ
|
|||
typedef struct tagSBIE_INI_PASSWORD_REQ SBIE_INI_PASSWORD_REQ;
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// rc4 Crypt
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
struct tagSBIE_INI_RC4_CRYPT_REQ
|
||||
{
|
||||
MSG_HEADER h;
|
||||
ULONG value_len;
|
||||
UCHAR value[1];
|
||||
};
|
||||
|
||||
struct tagSBIE_INI_RC4_CRYPT_RPL
|
||||
{
|
||||
MSG_HEADER h;
|
||||
ULONG value_len;
|
||||
UCHAR value[1];
|
||||
};
|
||||
|
||||
typedef struct tagSBIE_INI_RC4_CRYPT_REQ SBIE_INI_RC4_CRYPT_REQ;
|
||||
typedef struct tagSBIE_INI_RC4_CRYPT_RPL SBIE_INI_RC4_CRYPT_RPL;
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
|
|
|
@ -1034,6 +1034,7 @@ Tmpl.ScanService=edgeupdate
|
|||
# SBIE fix for MS Edge WebView2
|
||||
#ExternalManifestHack=msedgewebview2.exe,y
|
||||
NormalFilePath=msedge.exe,%LocalAppData%\Microsoft\Edge\User Data\Default\Secure Preferences
|
||||
FakeAdminRights=msedge.exe,n
|
||||
|
||||
#
|
||||
# Vivaldi
|
||||
|
@ -3692,6 +3693,13 @@ ClosedKeyPath=<Template_Chromes>,HKEY_CURRENT_USER\Software\Microsoft\Windows\Sh
|
|||
ClosedKeyPath=<Template_Chromes>,HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
|
||||
ProcessGroup=<Template_Chromes>,chrome.exe
|
||||
|
||||
[Template_NotepadPlusPlus_fix]
|
||||
Tmpl.Title=#4342,Notepad++
|
||||
Tmpl.Class=Misc
|
||||
Tmpl.Url=https://github.com/search?q=repo%3Asandboxie-plus%2FSandboxie+NppShell.dll&type=issues
|
||||
Tmpl.ScanScript=if(system.version().major != 11) return false; return system.checkRegKey("\\REGISTRY\\MACHINE\\SOFTWARE\\CLASSES\\CLSID\\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}")
|
||||
ClosedFilePath=explorer.exe,*\contextMenu\NppShell.dll
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -751,6 +751,10 @@ SBIE2332 Cannot access file SbiePst.dat
|
|||
SBIE2335 Initialization failed for process %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 Error in GUI server: %2
|
||||
.
|
||||
|
@ -916,6 +920,15 @@ Desktop
|
|||
Programs
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3202;txt;01
|
||||
Invalid command line parameter: %2
|
||||
.
|
||||
|
|
|
@ -702,6 +702,10 @@ SBIE2337 Konnte Programm nicht starten: %2
|
|||
SBIE2338 Nicht unterstützte Architektur in Prozess %2 vorgefunden
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Fehler beim Injizieren des SOCKS5-Proxy: %2
|
||||
.
|
||||
|
||||
#----------------------------------------------------------------------------
|
||||
# SbieSvc
|
||||
#----------------------------------------------------------------------------
|
||||
|
@ -806,12 +810,21 @@ Sandboxie Startmenü - %2 %0
|
|||
Desktop
|
||||
.
|
||||
|
||||
3113;txt;01
|
||||
(Ordner öffnen)
|
||||
.
|
||||
|
||||
3114;txt;01
|
||||
Programme
|
||||
.
|
||||
|
||||
3113;txt;01
|
||||
(Ordner öffnen)
|
||||
3198;txt;01
|
||||
Möchten Sie ein neues Programm in der Sandbox %2 starten?
|
||||
Sie haben diese Meldung erhalten, weil Sie AlertBeforeStart=y gesetzt haben.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
Diese Startanforderung scheint nicht von der SANDBOXIE-Komponente aufgerufen zu werden. Sind Sie sicher, dass Sie sie ausführen wollen? Wenn dies Ihre Aktion ist, können Sie es ignorieren und Ja wählen.
|
||||
.
|
||||
|
||||
3202;txt;01
|
||||
|
|
|
@ -751,6 +751,10 @@ SBIE2332 SbiePst.dat 파일에 액세스할 수 없습니다
|
|||
SBIE2335 %2 프로세스에 대해 초기화하지 못했습니다
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 SOCKS5 프록시를 삽입하지 못했습니다: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 GUI 서버의 오류: %2
|
||||
.
|
||||
|
@ -916,6 +920,15 @@ Sandboxie 시작
|
|||
프로그램
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
%2 샌드박스에서 새 프로그램을 시작하시겠습니까?
|
||||
시작하기 전에 Alert BeforeStart=y를 설정했기 때문에 이 메시지를 수신했습니다.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
이 시작 요청은 SANDBOXIE 구성 요소에 의해 호출되지 않은 것으로 보입니다. 실행하시겠습니까? 만약 이것이 당신의 행동이라면, 당신은 그것을 무시하고 예를 선택할 수 있습니다.
|
||||
.
|
||||
|
||||
3202;txt;01
|
||||
잘못된 명령줄 매개 변수: %2
|
||||
.
|
||||
|
|
|
@ -733,6 +733,10 @@ SBIE2332 无法访问文件 SbiePst.dat
|
|||
SBIE2335 进程 %2 初始化失败
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 注入 SOCKS5 代理失败: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 GUI 服务器出错: %2
|
||||
.
|
||||
|
@ -898,6 +902,15 @@ Sandboxie 启动
|
|||
程序
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
您想在 %2 沙盒中启动新程序吗?
|
||||
您收到此消息是因为您设置了 AlertBeforeStart=y。
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
该启动请求似乎未被 SANDBOXIE 组件调用。你确定要运行它吗?如果这是您的操作,您可以忽略它并选择“是”。
|
||||
.
|
||||
|
||||
3202;txt;01
|
||||
无效的命令行参数: %2
|
||||
.
|
||||
|
|
|
@ -676,6 +676,10 @@ SBIE2332 SbiePst.dat dosyasına erişilemiyor
|
|||
SBIE2335 %2 işlemi için başlatma başarısız oldu
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 SOCKS5 ara sunucusu eklenemedi: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 GUI sunucusunda hata: %2
|
||||
.
|
||||
|
|
|
@ -190,6 +190,10 @@ SBIE2325 Debug: %2
|
|||
SBIE2335 Initialization failed for process %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 Error in GUI server: %2
|
||||
.
|
||||
|
@ -218,6 +222,15 @@ Type the name of a program or path to open the following file in the current san
|
|||
Programs
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -186,6 +186,10 @@ SBIE2325 Debug: %2
|
|||
SBIE2335 Initialization failed for process %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 Error in GUI server: %2
|
||||
.
|
||||
|
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
|
|||
Type the name of a program or path to open the following file in the current sandbox:
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -186,6 +186,10 @@ SBIE2325 Debug: %2
|
|||
SBIE2335 Initialization failed for process %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 Error in GUI server: %2
|
||||
.
|
||||
|
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
|
|||
Type the name of a program or path to open the following file in the current sandbox:
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -186,6 +186,10 @@ SBIE2325 Debug: %2
|
|||
SBIE2335 Initialization failed for process %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 Error in GUI server: %2
|
||||
.
|
||||
|
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
|
|||
Type the name of a program or path to open the following file in the current sandbox:
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -174,6 +174,10 @@ SBIE2302 Process image configuration conflict: %2
|
|||
SBIE2325 Debug: %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2338;pop;err;01
|
||||
SBIE2338 Encountered unsupported architecture in process: %2
|
||||
.
|
||||
|
@ -182,6 +186,15 @@ SBIE2338 Encountered unsupported architecture in process: %2
|
|||
Type the name of a program or path to open the following file in the current sandbox:
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -222,6 +222,10 @@ SBIE2325 Debug: %2
|
|||
SBIE2335 Initialization failed for process %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 Error in GUI server: %2
|
||||
.
|
||||
|
@ -250,6 +254,15 @@ Type the name of a program or path to open the following file in the current san
|
|||
Programs
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3243;txt;01
|
||||
Note: The program will continue to execute under the supervision
|
||||
of Sandboxie, even after Administrator privileges have been granted.
|
||||
|
|
|
@ -142,10 +142,23 @@ SBIE2246 Failed to mount box image, ImBox error %2
|
|||
SBIE2325 Debug: %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2338;pop;err;01
|
||||
SBIE2338 Encountered unsupported architecture in process: %2
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -222,6 +222,10 @@ SBIE2325 Debug: %2
|
|||
SBIE2335 Initialization failed for process %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 Error in GUI server: %2
|
||||
.
|
||||
|
@ -250,6 +254,15 @@ Type the name of a program or path to open the following file in the current san
|
|||
Programs
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3243;txt;01
|
||||
Note: The program will continue to execute under the supervision
|
||||
of Sandboxie, even after Administrator privileges have been granted.
|
||||
|
|
|
@ -174,6 +174,10 @@ SBIE2302 Process image configuration conflict: %2
|
|||
SBIE2325 Debug: %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2338;pop;err;01
|
||||
SBIE2338 Encountered unsupported architecture in process: %2
|
||||
.
|
||||
|
@ -182,6 +186,15 @@ SBIE2338 Encountered unsupported architecture in process: %2
|
|||
Type the name of a program or path to open the following file in the current sandbox:
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -186,6 +186,10 @@ SBIE2325 Debug: %2
|
|||
SBIE2335 Initialization failed for process %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 Error in GUI server: %2
|
||||
.
|
||||
|
@ -210,6 +214,15 @@ Type the name of a program or path to open the following file in the current san
|
|||
Programs
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -14,7 +14,20 @@ SBIE1206 Your Windows build (%2) is not yet supported by sandboxie, error: %3
|
|||
SBIE1207 Your Windows build (%2) is not yet supported by Sandboxie, which means applications will run without security isolation!
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
3001;txt;01
|
||||
&OK
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
|
|
|
@ -186,6 +186,10 @@ SBIE2325 Debug: %2
|
|||
SBIE2335 Initialization failed for process %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 Error in GUI server: %2
|
||||
.
|
||||
|
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
|
|||
Type the name of a program or path to open the following file in the current sandbox:
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -174,6 +174,10 @@ SBIE2302 Process image configuration conflict: %2
|
|||
SBIE2325 Debug: %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2338;pop;err;01
|
||||
SBIE2338 Encountered unsupported architecture in process: %2
|
||||
.
|
||||
|
@ -182,6 +186,15 @@ SBIE2338 Encountered unsupported architecture in process: %2
|
|||
Type the name of a program or path to open the following file in the current sandbox:
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -186,6 +186,10 @@ SBIE2325 Debug: %2
|
|||
SBIE2335 Initialization failed for process %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 Error in GUI server: %2
|
||||
.
|
||||
|
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
|
|||
Type the name of a program or path to open the following file in the current sandbox:
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -186,6 +186,10 @@ SBIE2325 Debug: %2
|
|||
SBIE2335 Initialization failed for process %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 Error in GUI server: %2
|
||||
.
|
||||
|
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
|
|||
Type the name of a program or path to open the following file in the current sandbox:
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -78,6 +78,19 @@ SBIE2244 Failed to mount box image, Password required
|
|||
SBIE2246 Failed to mount box image, ImBox error %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
6008;pop;err;01
|
||||
The configuration %3 of box %2 requires a supporter certificate and can not be used without it.
|
||||
.
|
||||
|
|
|
@ -186,6 +186,10 @@ SBIE2325 Debug: %2
|
|||
SBIE2335 Initialization failed for process %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 Error in GUI server: %2
|
||||
.
|
||||
|
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
|
|||
Type the name of a program or path to open the following file in the current sandbox:
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -222,6 +222,10 @@ SBIE2325 Debug: %2
|
|||
SBIE2335 Initialization failed for process %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 Error in GUI server: %2
|
||||
.
|
||||
|
@ -250,6 +254,15 @@ Type the name of a program or path to open the following file in the current san
|
|||
Programs
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3243;txt;01
|
||||
Note: The program will continue to execute under the supervision
|
||||
of Sandboxie, even after Administrator privileges have been granted.
|
||||
|
|
|
@ -18,6 +18,19 @@ SBIE1207 Your Windows build (%2) is not yet supported by Sandboxie, which means
|
|||
SBIE1222 Error with security token: %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
*==========
|
||||
* Extraneous Messages in Text-Polish-1045.txt
|
||||
*==========
|
||||
|
|
|
@ -186,6 +186,10 @@ SBIE2325 Debug: %2
|
|||
SBIE2335 Initialization failed for process %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 Error in GUI server: %2
|
||||
.
|
||||
|
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
|
|||
Type the name of a program or path to open the following file in the current sandbox:
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -114,6 +114,19 @@ SBIE2246 Failed to mount box image, ImBox error %2
|
|||
SBIE2325 Debug: %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3469;txt;01
|
||||
What's new in Sandboxie-Plus
|
||||
.
|
||||
|
|
|
@ -14,3 +14,16 @@ SBIE1206 Your Windows build (%2) is not yet supported by sandboxie, error: %3
|
|||
SBIE1207 Your Windows build (%2) is not yet supported by Sandboxie, which means applications will run without security isolation!
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
|
|
|
@ -186,6 +186,10 @@ SBIE2325 Debug: %2
|
|||
SBIE2335 Initialization failed for process %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2336;pop;err;01
|
||||
SBIE2336 Error in GUI server: %2
|
||||
.
|
||||
|
@ -206,6 +210,15 @@ SBIE9234 Service startup error %2
|
|||
Type the name of a program or path to open the following file in the current sandbox:
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -158,6 +158,10 @@ SBIE2302 Process image configuration conflict: %2
|
|||
SBIE2325 Debug: %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2338;pop;err;01
|
||||
SBIE2338 Encountered unsupported architecture in process: %2
|
||||
.
|
||||
|
@ -166,6 +170,15 @@ SBIE2338 Encountered unsupported architecture in process: %2
|
|||
Type the name of a program or path to open the following file in the current sandbox:
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -130,10 +130,23 @@ SBIE2246 Failed to mount box image, ImBox error %2
|
|||
SBIE2325 Debug: %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2338;pop;err;01
|
||||
SBIE2338 Encountered unsupported architecture in process: %2
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -122,10 +122,23 @@ SBIE2244 Failed to mount box image, Password required
|
|||
SBIE2246 Failed to mount box image, ImBox error %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2338;pop;err;01
|
||||
SBIE2338 Encountered unsupported architecture in process: %2
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3505;txt;01
|
||||
Contribute to Sandboxie
|
||||
.
|
||||
|
|
|
@ -2,5 +2,12 @@
|
|||
* Missing Messages in Text-Turkish-1055.txt
|
||||
*==========
|
||||
|
||||
There are no missing messages.
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
|
|
|
@ -122,10 +122,23 @@ SBIE2244 Failed to mount box image, Password required
|
|||
SBIE2246 Failed to mount box image, ImBox error %2
|
||||
.
|
||||
|
||||
2360;pop;err;01
|
||||
SBIE2360 Failed to inject SOCKS5 proxy: %2
|
||||
.
|
||||
|
||||
2338;pop;err;01
|
||||
SBIE2338 Encountered unsupported architecture in process: %2
|
||||
.
|
||||
|
||||
3198;txt;01
|
||||
Do you want to start a new program in the %2 sandbox?
|
||||
You received this message because you set AlertBeforeStart=y.
|
||||
.
|
||||
|
||||
3199;txt;01
|
||||
This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.
|
||||
.
|
||||
|
||||
3315;txt;01
|
||||
Deleting Sandbox contents
|
||||
.
|
||||
|
|
|
@ -617,16 +617,16 @@ bool InitConsole(bool bCreateIfNeeded)
|
|||
// avoid flashing a bright white window when in dark mode
|
||||
//
|
||||
|
||||
void SafeShow(QWidget* pWidget) {
|
||||
static bool Lock = false;
|
||||
pWidget->setProperty("windowOpacity", 0.0);
|
||||
if (Lock == false) {
|
||||
Lock = true;
|
||||
pWidget->show();
|
||||
QApplication::processEvents(QEventLoop::ExcludeSocketNotifiers);
|
||||
Lock = false;
|
||||
} else
|
||||
pWidget->show();
|
||||
pWidget->setProperty("windowOpacity", 1.0);
|
||||
}
|
||||
//void SafeShow(QWidget* pWidget) {
|
||||
// static bool Lock = false;
|
||||
// pWidget->setProperty("windowOpacity", 0.0);
|
||||
// if (Lock == false) {
|
||||
// Lock = true;
|
||||
// pWidget->show();
|
||||
// QApplication::processEvents(QEventLoop::ExcludeSocketNotifiers);
|
||||
// Lock = false;
|
||||
// } else
|
||||
// pWidget->show();
|
||||
// pWidget->setProperty("windowOpacity", 1.0);
|
||||
//}
|
||||
|
||||
|
|
|
@ -115,7 +115,7 @@ MISCHELPERS_EXPORT void SetPaleteTexture(QPalette& palette, QPalette::ColorRole
|
|||
MISCHELPERS_EXPORT bool InitConsole(bool bCreateIfNeeded = true);
|
||||
#endif
|
||||
|
||||
MISCHELPERS_EXPORT void SafeShow(QWidget* pWidget);
|
||||
//MISCHELPERS_EXPORT void SafeShow(QWidget* pWidget);
|
||||
|
||||
template <typename T>
|
||||
QSet<T> ListToSet(const QList<T>& qList) { return QSet<T>(qList.begin(), qList.end()); }
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue