mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

Build 0.7.0

This commit is contained in:
DavidXanatos 2021-02-14 20:18:29 +01:00
parent 9cef944b18
commit d34ba4d9a6
88 changed files with 11135 additions and 9378 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
CHANGELOG.md
View File

@ -9,6 +9,34 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [0.7.0 / 5.48.0] - 2021-02-14
### Added
- sandboxed indicator for tray icons, the tooltip now contains [#] if enabled
- the trace log buffer can now be adjusted with "TraceBufferPages=2560"
-- the value denotes the count of 4k large pages to be used, here for a total of 10 MB
- new functionality to the list finder
### Changed
- improved RPC debugging
- improved IPC handling around RpcMgmtSetComTimeout, "RpcMgmtSetComTimeout=n" is now the default behavioure
-- required exceptions have been hard coded for specific calling dll's
- the LogApi dll is now using Sbies tracing facility to logg events instead of an own pipe server
### Fixed
- FIXED SECURITY ISSUE: elevated sandboxed processes could access volumes/disks for reading (thanks hg421)
- fixed crash issue around SetCurrentProcessExplicitAppUserModelID observed with GoogleUpdate.exe
- fixed issue with resource monitor sort by timestamp
- FIXED SECURITY ISSUE: a race condition in the driver allowed to obtain a elevated rights handle to a process (thanks typpos)
- FIXED SECURITY ISSUE: "\RPC Control\samss lpc" is now filtered by the driver (thanks hg421)
-- this allowed elevated processes to change passwords, delete users and alike, to disable filtering use "OpenSamEndpoint=y"
- FIXED SECURITY ISSUE: "\Device\DeviceApi\CMApi" is now filtered by the driver (thanks hg421)
-- this allowed elevated processes to change hardware configuration, to disable filtering use "OpenDevCMApi=y"
## [0.6.7 / 5.47.1] - 2021-02-01
### Added
@ -123,7 +151,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- refactored some IPC code in the driver
### Fixed
- fixed issue allowing to bypass the registry isolation, present since Windows 10 Creators Update
- FIXED SECURITY ISSUE: the registry isolation could be bypassed, present since Windows 10 Creators Update
- fixed creation time not always being properly updated in the SandMan UI
@ -163,12 +191,12 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [0.5.4 / 5.46.0] - 2021-01-06
### Added
- Sandboxie now strips particularly problematic privileges from sandboxed system tokens
- FIXED SECURITY ISSUE: Sandboxie now strips particularly problematic privileges from sandboxed system tokens
-- with those a process could attempt to bypass the sandbox isolation (thanks Diversenok)
-- old legacy behaviour can be enabled with "StripSystemPrivileges=n" (absolutely NOT Recommended)
- added new isolation options "ClosePrintSpooler=y" and "OpenSmartCard=n"
-- those resources are open by default but for a hardened box its desired to close them
- added print spooler filter to prevent printers from being set up outside the sandbox
- FIXED SECURITY ISSUE: added print spooler filter to prevent printers from being set up outside the sandbox
-- the filter can be disabled with "OpenPrintSpooler=y"
- added overwrite prompt when recovering an already existing file
- added "StartProgram=", "StartService=" and "AutoExec=" options to the SandMan UI
@ -184,10 +212,10 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- Improved Resource Monitor status strings
### Fixed
- fixed a critical issue that allowed to create processes outside the sandbox (thanks Diversenok)
- fixed issues with dynamic IPC port handling that allowed to bypass IPC isolation
- FIXED SECURITY ISSUE: processes could spawn processes outside the sandbox (thanks Diversenok)
- FIXED SECURITY ISSUE: bug in the dynamic IPC port handling allowed to bypass IPC isolation
- fixed issue with IPC tracing
- fixed CVE-2019-13502 "\RPC Control\LSARPC_ENDPOINT" is now filtered by the driver (thanks Diversenok)
- FIXED SECURITY ISSUE: CVE-2019-13502 "\RPC Control\LSARPC_ENDPOINT" is now filtered by the driver (thanks Diversenok)
-- this allowed some system options to be changed, to disable filtering use "OpenLsaEndpoint=y"
- fixed hooking issues SBIE2303 with Chrome, Edge and possibly others
- fixed failed check for running processes when performing snapshot operations
@ -552,9 +580,9 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Fixed
- added missing PreferExternalManifest initialization to portable mode
- fixed permission issues with sandboxed system processes
- FIXED SECURITY ISSUE: fixed permission issues with sandboxed system processes
-- Note: you can use "ExposeBoxedSystem=y" for the old behaviour (debug option)
- fixed missing SCM access check for sandboxed services
- FIXED SECURITY ISSUE: fixed missing SCM access check for sandboxed services (thanks Diversenok)
-- Note: to disable the access check use "UnrestrictedSCM=y" (debug option)
- fixed missing initialization in service server that caused sandboxed programs to crash when querying service status
- fixed many bugs that caused the SbieDrv.sys to BSOD when run with MSFT Driver Verifier active
@ -613,7 +641,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- Sbie driver now first checks the home path for the Sbie ini before checking SystemRoot
### Fixed
- Fixed a resource leak when running sandboxed
- FIXED SECURITY ISSUE: sandboxed processes could obtain a write handle on non sandboxed processes (thanks Diversenok)
-- this allowed to inject code in non sandboxed processes
- Fixed issue boxed services not starting when the path contained a space
- NtQueryInformationProcess now returns the proper sandboxed path for sandboxed processes
@ -641,3 +670,4 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Fixed
- fixed "Windows Installer Service could not be accessed" that got introduced with Windows 1903

3
Sandboxie/apps/common/Common.vcxproj
View File

@ -103,6 +103,7 @@
<ItemGroup>
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\common\my_ntdll.c" />
<ClCompile Include="BoxOrder.c" />
<ClCompile Include="DlgTmplRtl.cpp" />
<ClCompile Include="MyFileOp.c" />
@ -110,7 +111,9 @@
<ClCompile Include="MyMsgBox.c" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\common\my_shlwapi.h" />
<ClInclude Include="..\..\common\my_version.h" />
<ClInclude Include="..\..\common\my_xeb.h" />
<ClInclude Include="BoxOrder.h" />
<ClInclude Include="CommonUtils.h" />
<ClInclude Include="MyGdi.h" />

2
Sandboxie/apps/control/AppPage.cpp
View File

@ -1539,6 +1539,6 @@ void CAppPage::SetDefaultTemplates7(CBox &box)
void CAppPage::SetDefaultTemplates8(CBox& box)
{
box.EnableTemplate(L"FileCppy", TRUE);
box.EnableTemplate(L"FileCopy", TRUE);
box.EnableTemplate(L"SkipHook", TRUE);
}

18
Sandboxie/apps/control/BorderGuard.cpp
View File

@ -38,6 +38,7 @@ struct BoxBorderParms {
WCHAR boxname[48];
COLORREF color;
BOOL title;
int width;
};
@ -468,12 +469,13 @@ void CBorderGuard::RefreshBorder(
else
ah += desktop->bottom;
int bb = 6;
if (rect->left <= desktop->left &&
rect->top <= desktop->top &&
rect->right >= desktop->right &&
rect->bottom >= desktop->bottom)
bb = 4;
//int bb = 6;
//if (rect->left <= desktop->left &&
// rect->top <= desktop->top &&
// rect->right >= desktop->right &&
// rect->bottom >= desktop->bottom)
// bb = 4;
int bb = boxparm->width;
//
// don't display the border if any of it would be obscured by
@ -594,12 +596,14 @@ void CBorderGuard::RefreshConf2()
if (! box.GetName().IsEmpty()) {
COLORREF color;
BOOL title;
BOOL enabled = box.GetBorder(&color, &title);
int width;
BOOL enabled = box.GetBorder(&color, &title, &width);
if (enabled) {
boxparm = new BoxBorderParms;
wcscpy(boxparm->boxname, box.GetName());
boxparm->color = color;
boxparm->title = title;
boxparm->width = width;
m_boxes.Add(boxparm);
}
}

23
Sandboxie/apps/control/Box.cpp
View File

@ -77,8 +77,8 @@ static const CString _NotifyInternetAccessDenied(
static const CString _NotifyStartRunAccessDenied(
L"NotifyStartRunAccessDenied");
static const WCHAR *BorderColor_off = L",off";
static const WCHAR *BorderColor_ttl = L",ttl";
//static const WCHAR *BorderColor_off = L",off";
//static const WCHAR *BorderColor_ttl = L",ttl";
//---------------------------------------------------------------------------
@ -278,7 +278,7 @@ void CBox::SetDefaultSettings()
}
if (ok)
ok = SetBorder(TRUE, RGB(255,255,0), TRUE);
ok = SetBorder(TRUE, RGB(255,255,0), TRUE, 6);
done:
@ -1226,9 +1226,9 @@ BOOL CBox::SetBoxNameTitle(UCHAR enabled)
//---------------------------------------------------------------------------
BOOL CBox::GetBorder(COLORREF *color, BOOL *title)
BOOL CBox::GetBorder(COLORREF *color, BOOL *title, int* width)
{
*color = RGB(255,255,0);
/*color = RGB(255,255,0);
*title = FALSE;
CString text;
@ -1253,7 +1253,9 @@ BOOL CBox::GetBorder(COLORREF *color, BOOL *title)
} else if (text.Mid(7).CompareNoCase(BorderColor_off) == 0)
return FALSE;
return TRUE;
return TRUE;*/
return SbieDll_GetBorderColor(m_name, color, title, width);
}
@ -1262,14 +1264,17 @@ BOOL CBox::GetBorder(COLORREF *color, BOOL *title)
//---------------------------------------------------------------------------
BOOL CBox::SetBorder(BOOL enabled, COLORREF color, BOOL title)
BOOL CBox::SetBorder(BOOL enabled, COLORREF color, BOOL title, int width)
{
WCHAR text[32];
swprintf(text, L"#%06X", color);
swprintf(text, L"#%06X,%s,%d", color, !enabled ? L"off" : (title ? L"ttl" : L"on"), width);
/*swprintf(text, L"#%06X", color);
if (title)
wcscat(text, BorderColor_ttl);
if (! enabled)
wcscat(text, BorderColor_off);
wcscat(text, BorderColor_off);*/
CSbieIni &ini = CSbieIni::GetInstance();
return ini.SetText(m_name, _BorderColor, text);
}

4
Sandboxie/apps/control/Box.h
View File

@ -104,8 +104,8 @@ public:
UCHAR GetBoxNameTitle() const;
BOOL SetBoxNameTitle(UCHAR enabled);
BOOL GetBorder(COLORREF *color, BOOL *title);
BOOL SetBorder(BOOL enabled, COLORREF color, BOOL title);
BOOL GetBorder(COLORREF *color, BOOL *title, int *width);
BOOL SetBorder(BOOL enabled, COLORREF color, BOOL title, int width);
BOOL GetSetBlock(WCHAR type, BOOL set, BOOL newval = FALSE);

16
Sandboxie/apps/control/BoxPage.cpp
View File

@ -96,6 +96,7 @@ BEGIN_MESSAGE_MAP(CBoxPage, CPropertyPage)
ON_COMMAND(ID_SHOW_BORDER, Appearance_OnShowBorder)
ON_COMMAND(ID_BORDER_COLOR, Appearance_OnBorderColor)
ON_COMMAND(ID_BORDER_TITLE, Appearance_OnBorderTitle)
ON_CONTROL(EN_CHANGE, ID_BORDER_WIDTH, OnModified)
ON_COMMAND(ID_DELETE_AUTO, AutoDelete_OnAuto)
ON_COMMAND(ID_DELETE_NEVER, AutoDelete_OnNever)
@ -920,9 +921,17 @@ void CBoxPage::Appearance_OnInitDialog(CBox &box)
}
BOOL title;
BOOL enabled = box.GetBorder(&Appearance_BorderColor, &title);
int width;
BOOL enabled = box.GetBorder(&Appearance_BorderColor, &title, &width);
if (! enabled)
GetDlgItem(ID_BORDER_COLOR)->ShowWindow(SW_HIDE);
CEdit* edit = (CEdit*)GetDlgItem(ID_BORDER_WIDTH);
edit->SetLimitText(3);
CString str;
str.Format(L"%d", width);
edit->SetWindowText(str);
Appearance_SetBorderColor();
CButton *pCheckBox3 = (CButton *)GetDlgItem(ID_SHOW_BORDER);
@ -956,7 +965,10 @@ void CBoxPage::Appearance_OnOK(CBox &box)
CButton *pCheckBox4 = (CButton *)GetDlgItem(ID_BORDER_TITLE);
BOOL enable = (pCheckBox3->GetCheck() == BST_CHECKED ? TRUE : FALSE);
BOOL title = (pCheckBox4->GetCheck() == BST_CHECKED ? TRUE : FALSE);
ok = box.SetBorder(enable, Appearance_BorderColor, title);
CString str;
GetDlgItem(ID_MIGRATE_KB)->GetWindowText(str);
int width = _wtoi(str);
ok = box.SetBorder(enable, Appearance_BorderColor, title, width);
}
if (ok)

3
Sandboxie/apps/control/MonitorDialog.cpp
View File

@ -117,7 +117,8 @@ void CMonitorDialog::OnIdle()
ULONG seq_num = m_last_entry_seq_num;
USHORT type;
ULONG64 pid;
ULONG status = SbieApi_MonitorGetEx(&seq_num, &type, &pid, &name[12]);
ULONG64 tid;
ULONG status = SbieApi_MonitorGetEx(&seq_num, &type, &pid, &tid, &name[12]);
if (status != 0)
break; // error or no more entries

BIN
Sandboxie/apps/control/SbieControl.rc
View File

Binary file not shown.

5
Sandboxie/apps/control/resource.h
View File

@ -15,6 +15,7 @@
#define ID_SANDBOX_RUN_MENU 11
#define ID_SANDBOX_RUN_EXPLORER 13
#define ID_SANDBOX_MENU_SIZE 15
#define ID_BORDER_WIDTH 1001
#define ID_SANDBOX_REVEAL 9990
#define ID_SANDBOX_SET_LAYOUT 9997
#define ID_SANDBOX_SET_FOLDER 9998
@ -249,9 +250,9 @@
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 104
#define _APS_NEXT_RESOURCE_VALUE 105
#define _APS_NEXT_COMMAND_VALUE 40013
#define _APS_NEXT_CONTROL_VALUE 1001
#define _APS_NEXT_CONTROL_VALUE 1002
#define _APS_NEXT_SYMED_VALUE 103
#endif
#endif

6
Sandboxie/common/my_version.h
View File

@ -21,9 +21,9 @@
#ifndef _MY_VERSION_H
#define _MY_VERSION_H
#define MY_VERSION_BINARY 5,47,1
#define MY_VERSION_STRING "5.47.1"
#define MY_VERSION_COMPAT "5.46.0" // this refers to the driver ABI compatibility
#define MY_VERSION_BINARY 5,48,0
#define MY_VERSION_STRING "5.48.0"
#define MY_VERSION_COMPAT "5.48.0" // this refers to the driver ABI compatibility
// These #defines are used by either Resource Compiler, or by NSIC installer
#define SBIE_INSTALLER_PATH "..\\Bin\\"

388
Sandboxie/common/my_xeb.h Normal file
View File

@ -0,0 +1,388 @@
/*
* Copyright 2020-2021 DavidXanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#ifndef _XEB_
#define _XEB_
#define GDI_HANDLE_BUFFER_SIZE32 34
#define GDI_HANDLE_BUFFER_SIZE64 60
#if !defined(_M_X64)
#define GDI_HANDLE_BUFFER_SIZE GDI_HANDLE_BUFFER_SIZE32
#else
#define GDI_HANDLE_BUFFER_SIZE GDI_HANDLE_BUFFER_SIZE64
#endif
typedef ULONG GDI_HANDLE_BUFFER32[GDI_HANDLE_BUFFER_SIZE32];
typedef ULONG GDI_HANDLE_BUFFER64[GDI_HANDLE_BUFFER_SIZE64];
typedef ULONG GDI_HANDLE_BUFFER[GDI_HANDLE_BUFFER_SIZE];
typedef struct _PEB_LDR_DATA
{
ULONG Length;
BOOLEAN Initialized;
HANDLE SsHandle;
LIST_ENTRY InLoadOrderModuleList;
LIST_ENTRY InMemoryOrderModuleList;
LIST_ENTRY InInitializationOrderModuleList;
PVOID EntryInProgress;
BOOLEAN ShutdownInProgress;
HANDLE ShutdownThreadId;
} PEB_LDR_DATA, *PPEB_LDR_DATA;
typedef struct _PEB
{
BOOLEAN InheritedAddressSpace;
BOOLEAN ReadImageFileExecOptions;
BOOLEAN BeingDebugged;
union
{
BOOLEAN BitField;
struct
{
BOOLEAN ImageUsesLargePages : 1;
BOOLEAN IsProtectedProcess : 1;
BOOLEAN IsLegacyProcess : 1;
BOOLEAN IsImageDynamicallyRelocated : 1;
BOOLEAN SkipPatchingUser32Forwarders : 1;
BOOLEAN SpareBits : 3;
};
};
HANDLE Mutant;
PVOID ImageBaseAddress;
PPEB_LDR_DATA Ldr;
PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
PVOID SubSystemData;
PVOID ProcessHeap;
PRTL_CRITICAL_SECTION FastPebLock;
PVOID AtlThunkSListPtr;
PVOID IFEOKey;
union
{
ULONG CrossProcessFlags;
struct
{
ULONG ProcessInJob : 1;
ULONG ProcessInitializing : 1;
ULONG ProcessUsingVEH : 1;
ULONG ProcessUsingVCH : 1;
ULONG ProcessUsingFTH : 1;
ULONG ReservedBits0 : 27;
};
ULONG EnvironmentUpdateCount;
};
union
{
PVOID KernelCallbackTable;
PVOID UserSharedInfoPtr;
};
ULONG SystemReserved[1];
ULONG AtlThunkSListPtr32;
PVOID ApiSetMap;
ULONG TlsExpansionCounter;
PVOID TlsBitmap;
ULONG TlsBitmapBits[2];
PVOID ReadOnlySharedMemoryBase;
PVOID HotpatchInformation;
PVOID *ReadOnlyStaticServerData;
PVOID AnsiCodePageData;
PVOID OemCodePageData;
PVOID UnicodeCaseTableData;
ULONG NumberOfProcessors;
ULONG NtGlobalFlag;
LARGE_INTEGER CriticalSectionTimeout;
SIZE_T HeapSegmentReserve;
SIZE_T HeapSegmentCommit;
SIZE_T HeapDeCommitTotalFreeThreshold;
SIZE_T HeapDeCommitFreeBlockThreshold;
ULONG NumberOfHeaps;
ULONG MaximumNumberOfHeaps;
PVOID *ProcessHeaps;
PVOID GdiSharedHandleTable;
PVOID ProcessStarterHelper;
ULONG GdiDCAttributeList;
PRTL_CRITICAL_SECTION LoaderLock;
ULONG OSMajorVersion;
ULONG OSMinorVersion;
USHORT OSBuildNumber;
USHORT OSCSDVersion;
ULONG OSPlatformId;
ULONG ImageSubsystem;
ULONG ImageSubsystemMajorVersion;
ULONG ImageSubsystemMinorVersion;
ULONG_PTR ImageProcessAffinityMask;
GDI_HANDLE_BUFFER GdiHandleBuffer;
PVOID PostProcessInitRoutine;
PVOID TlsExpansionBitmap;
ULONG TlsExpansionBitmapBits[32];
ULONG SessionId;
ULARGE_INTEGER AppCompatFlags;
ULARGE_INTEGER AppCompatFlagsUser;
PVOID pShimData;
PVOID AppCompatInfo;
UNICODE_STRING CSDVersion;
PVOID ActivationContextData;
PVOID ProcessAssemblyStorageMap;
PVOID SystemDefaultActivationContextData;
PVOID SystemAssemblyStorageMap;
SIZE_T MinimumStackCommit;
PVOID *FlsCallback;
LIST_ENTRY FlsListHead;
PVOID FlsBitmap;
ULONG FlsBitmapBits[FLS_MAXIMUM_AVAILABLE / (sizeof(ULONG) * 8)];
ULONG FlsHighIndex;
PVOID WerRegistrationData;
PVOID WerShipAssertPtr;
PVOID pContextData;
PVOID pImageHeaderHash;
union
{
ULONG TracingFlags;
struct
{
ULONG HeapTracingEnabled : 1;
ULONG CritSecTracingEnabled : 1;
ULONG SpareTracingBits : 30;
};
};
} PEB, *PPEB;
#define GDI_BATCH_BUFFER_SIZE 310
typedef struct _GDI_TEB_BATCH {
ULONG Offset;
UCHAR Alignment[4];
ULONG_PTR HDC;
ULONG Buffer[GDI_BATCH_BUFFER_SIZE];
} GDI_TEB_BATCH, *PGDI_TEB_BATCH;
typedef struct _TEB_ACTIVE_FRAME_CONTEXT
{
ULONG Flags;
PSTR FrameName;
} TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
// 17/3/2011 updated
typedef struct _TEB_ACTIVE_FRAME
{
ULONG Flags;
struct _TEB_ACTIVE_FRAME *Previous;
PTEB_ACTIVE_FRAME_CONTEXT Context;
} TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
typedef struct _TEB
{
NT_TIB NtTib;
PVOID EnvironmentPointer;
CLIENT_ID ClientId;
PVOID ActiveRpcHandle;
PVOID ThreadLocalStoragePointer;
PPEB ProcessEnvironmentBlock;
ULONG LastErrorValue;
ULONG CountOfOwnedCriticalSections;
PVOID CsrClientThread;
PVOID Win32ThreadInfo;
ULONG User32Reserved[26];
ULONG UserReserved[5];
PVOID WOW32Reserved;
LCID CurrentLocale;
ULONG FpSoftwareStatusRegister;
PVOID SystemReserved1[54];
NTSTATUS ExceptionCode;
PVOID ActivationContextStackPointer;
#if defined(_M_X64)
UCHAR SpareBytes[24];
#else
UCHAR SpareBytes[36];
#endif
ULONG TxFsContext;
GDI_TEB_BATCH GdiTebBatch;
CLIENT_ID RealClientId;
HANDLE GdiCachedProcessHandle;
ULONG GdiClientPID;
ULONG GdiClientTID;
PVOID GdiThreadLocalInfo;
ULONG_PTR Win32ClientInfo[62];
PVOID glDispatchTable[233];
ULONG_PTR glReserved1[29];
PVOID glReserved2;
PVOID glSectionInfo;
PVOID glSection;
PVOID glTable;
PVOID glCurrentRC;
PVOID glContext;
NTSTATUS LastStatusValue;
UNICODE_STRING StaticUnicodeString;
WCHAR StaticUnicodeBuffer[261];
PVOID DeallocationStack;
PVOID TlsSlots[64];
LIST_ENTRY TlsLinks;
PVOID Vdm;
PVOID ReservedForNtRpc;
PVOID DbgSsReserved[2];
ULONG HardErrorMode;
#if defined(_M_X64)
PVOID Instrumentation[11];
#else
PVOID Instrumentation[9];
#endif
GUID ActivityId;
PVOID SubProcessTag;
PVOID EtwLocalData;
PVOID EtwTraceData;
PVOID WinSockData;
ULONG GdiBatchCount;
union
{
PROCESSOR_NUMBER CurrentIdealProcessor;
ULONG IdealProcessorValue;
struct
{
UCHAR ReservedPad0;
UCHAR ReservedPad1;
UCHAR ReservedPad2;
UCHAR IdealProcessor;
};
};
ULONG GuaranteedStackBytes;
PVOID ReservedForPerf;
PVOID ReservedForOle;
ULONG WaitingOnLoaderLock;
PVOID SavedPriorityState;
ULONG_PTR SoftPatchPtr1;
PVOID ThreadPoolData;
PVOID *TlsExpansionSlots;
#if defined(_M_X64)
PVOID DeallocationBStore;
PVOID BStoreLimit;
#endif
ULONG MuiGeneration;
ULONG IsImpersonating;
PVOID NlsCache;
PVOID pShimData;
ULONG HeapVirtualAffinity;
HANDLE CurrentTransactionHandle;
PTEB_ACTIVE_FRAME ActiveFrame;
PVOID FlsData;
PVOID PreferredLanguages;
PVOID UserPrefLanguages;
PVOID MergedPrefLanguages;
ULONG MuiImpersonation;
union
{
USHORT CrossTebFlags;
USHORT SpareCrossTebBits : 16;
};
union
{
USHORT SameTebFlags;
struct
{
USHORT SafeThunkCall : 1;
USHORT InDebugPrint : 1;
USHORT HasFiberData : 1;
USHORT SkipThreadAttach : 1;
USHORT WerInShipAssertCode : 1;
USHORT RanProcessInit : 1;
USHORT ClonedThread : 1;
USHORT SuppressDebugMsg : 1;
USHORT DisableUserStackWalk : 1;
USHORT RtlExceptionAttached : 1;
USHORT InitialThread : 1;
USHORT SpareSameTebBits : 1;
};
};
PVOID TxnScopeEnterCallback;
PVOID TxnScopeExitCallback;
PVOID TxnScopeContext;
ULONG LockCount;
ULONG SpareUlong0;
PVOID ResourceRetValue;
} TEB, *PTEB;
typedef struct _LDR_DATA_TABLE_ENTRY
{
LIST_ENTRY InLoadOrderLinks;
LIST_ENTRY InMemoryOrderLinks;
LIST_ENTRY InInitializationOrderLinks;
PVOID DllBase;
PVOID EntryPoint;
ULONG SizeOfImage;
UNICODE_STRING FullDllName;
UNICODE_STRING BaseDllName;
ULONG Flags;
USHORT LoadCount;
USHORT TlsIndex;
union
{
LIST_ENTRY HashLinks;
struct
{
PVOID SectionPointer;
ULONG CheckSum;
};
};
union
{
ULONG TimeDateStamp;
PVOID LoadedImports;
};
PVOID EntryPointActivationContext;
PVOID PatchInformation;
LIST_ENTRY ForwarderLinks;
LIST_ENTRY ServiceTagLinks;
LIST_ENTRY StaticLinks;
PVOID ContextInformation;
ULONG_PTR OriginalBase;
LARGE_INTEGER LoadTime;
} LDR_DATA_TABLE_ENTRY, * PLDR_DATA_TABLE_ENTRY;
#ifndef NtCurrentPeb
__inline struct _PEB * NtCurrentPeb() { return NtCurrentTeb()->ProcessEnvironmentBlock; }
#endif
#endif // _XEB_

2
Sandboxie/core/dll/SboxDll32.def
View File

@ -35,7 +35,7 @@ SbieApi_IsBoxEnabled=_SbieApi_IsBoxEnabled@4
SbieApi_MonitorControl=_SbieApi_MonitorControl@8
SbieApi_MonitorGet=_SbieApi_MonitorGet@8
SbieApi_MonitorGetEx=_SbieApi_MonitorGetEx@16
SbieApi_MonitorGetEx=_SbieApi_MonitorGetEx@20
SbieApi_MonitorPut=_SbieApi_MonitorPut@8
SbieApi_MonitorPut2=_SbieApi_MonitorPut2@12

56
Sandboxie/core/dll/config.c
View File

@ -342,4 +342,60 @@ _FX NTSTATUS Config_GetSettingsForImageName(
}
return STATUS_SUCCESS;
}
//---------------------------------------------------------------------------
// SbieDll_GetBorderColor
//---------------------------------------------------------------------------
BOOLEAN SbieDll_GetBorderColor(const WCHAR* box_name, COLORREF* color, BOOL* title, int* width)
{
#ifndef RGB
#define RGB(r,g,b) ((COLORREF)(((BYTE)(r)|((WORD)((BYTE)(g))<<8))|(((DWORD)(BYTE)(b))<<16)))
#endif //RGB
*color = RGB(255, 255, 0);
if (title) *title = FALSE;
if (width) *width = 6;
NTSTATUS status;
WCHAR str[32];
status = SbieApi_QueryConfAsIs(box_name, L"BorderColor", 0, str, sizeof(str) - sizeof(WCHAR)); // BorderColor=#00ffff,ttl,6
if (!NT_SUCCESS(status) || wcslen(str) < 7 || str[0] != L'#')
return FALSE;
WCHAR* ptr = str;
WCHAR* tmp = wcschr(ptr, L',');
if (tmp != NULL) *tmp = L'\0';
WCHAR* endptr;
*color = wcstol(ptr + 1, &endptr, 16);
if (*endptr != L'\0') {
*color = RGB(255, 255, 0);
return FALSE;
}
if (tmp == NULL) return TRUE;
ptr = tmp + 1;
tmp = wcschr(ptr, L',');
if (tmp != NULL) *tmp = L'\0';
if (_wcsicmp(ptr, L"ttl") == 0)
{
if (title) *title = TRUE;
}
else if (_wcsicmp(ptr, L"off") == 0)
return FALSE;
if (tmp == NULL) return TRUE;
ptr = tmp + 1;
tmp = wcschr(ptr, L',');
if (tmp != NULL) *tmp = L'\0';
if (width) *width = _wtoi(ptr);
return TRUE;
}

53
Sandboxie/core/dll/file.c
View File

@ -2306,6 +2306,37 @@ _FX NTSTATUS File_NtCreateFile(
// File_NtCreateFileImpl
//---------------------------------------------------------------------------
/*static P_NtCreateFile __sys_NtCreateFile_ = NULL;
_FX NTSTATUS File_MyCreateFile(
HANDLE* FileHandle,
ACCESS_MASK DesiredAccess,
OBJECT_ATTRIBUTES* ObjectAttributes,
IO_STATUS_BLOCK* IoStatusBlock,
LARGE_INTEGER* AllocationSize,
ULONG FileAttributes,
ULONG ShareAccess,
ULONG CreateDisposition,
ULONG CreateOptions,
void* EaBuffer,
ULONG EaLength)
{
NTSTATUS status = __sys_NtCreateFile_(
FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock,
AllocationSize, FileAttributes, ShareAccess, CreateDisposition,
CreateOptions, EaBuffer, EaLength);
if (ObjectAttributes && ObjectAttributes->ObjectName && ObjectAttributes->ObjectName->Buffer
&& _wcsicmp(ObjectAttributes->ObjectName->Buffer, L"\\??\\C:") == 0)
{
DebugBreak();
}
status = StopTailCallOptimization(status);
return status;
}*/
_FX NTSTATUS File_NtCreateFileImpl(
HANDLE *FileHandle,
@ -2345,6 +2376,12 @@ _FX NTSTATUS File_NtCreateFileImpl(
// // __debugbreak();
//}
//if (__sys_NtCreateFile_ == NULL)
//{
// __sys_NtCreateFile_ = __sys_NtCreateFile;
// __sys_NtCreateFile = File_MyCreateFile;
//}
//
// if this is a recursive invocation of NtCreateFile,
// then pass it as-is down the chain
@ -2471,6 +2508,22 @@ ReparseLoop:
CreateOptions &= ~FILE_DELETE_ON_CLOSE;
DesiredAccess &= ~FILE_DENIED_ACCESS;
//
// If this is an access on a raw disk device, adapt the requested permissions to what the drivers permits
//
if (ObjectAttributes->ObjectName && &ObjectAttributes->ObjectName->Buffer != NULL && ObjectAttributes->ObjectName->Length > (4 * sizeof(WCHAR))
&& wcsncmp(ObjectAttributes->ObjectName->Buffer, L"\\??\\", 4) == 0
&& (DesiredAccess & ~(SYNCHRONIZE | READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES)) != 0)
{
if ((ObjectAttributes->ObjectName->Length == (6 * sizeof(WCHAR)) && ObjectAttributes->ObjectName->Buffer[5] == L':') // \??\C:
|| wcsncmp(&ObjectAttributes->ObjectName->Buffer[4], L"PhysicalDrive", 13) == 0 // \??\PhysicalDrive1
|| wcsncmp(&ObjectAttributes->ObjectName->Buffer[4], L"Volume", 6) == 0) // \??\Volume{2b985816-4b6f-11ea-bd33-48a4725d5bbe}
{
DesiredAccess &= (SYNCHRONIZE | READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES);
}
}
status = __sys_NtCreateFile(
FileHandle, DesiredAccess, ObjectAttributes,
IoStatusBlock, AllocationSize, FileAttributes,

6
Sandboxie/core/dll/file_copy.c
View File

@ -49,7 +49,7 @@ static LIST File_MigrationOptions[NUM_COPY_MODES];
static BOOLEAN File_MigrationDenyWrite = FALSE;
static ULONG File_CopyLimitKb = (80 * 1024); // 80 MB
static ULONGLONG File_CopyLimitKb = (80 * 1024); // 80 MB
static BOOLEAN File_CopyLimitSilent = FALSE;
//---------------------------------------------------------------------------
@ -125,7 +125,7 @@ found_match:
return mode;
//
// if there is no configuration for this file type/path, then decide based on the file size
// if tere is no configuration for this file type/path decide based on the file size
//
if (File_CopyLimitKb == -1 || file_size < ((ULONGLONG)File_CopyLimitKb * 1024))
@ -223,7 +223,7 @@ _FX void File_InitCopyLimit(void)
if (NT_SUCCESS(status)) {
ULONGLONG num = _wtoi64(str);
if (num)
File_CopyLimitKb = (num > 0x000000007fffffff) ? -1 : (ULONG)num;
File_CopyLimitKb = (num > 0x000000007fffffff) ? -1 : num;
else
SbieApi_Log(2207, _CopyLimitKb);
}

2
Sandboxie/core/dll/gui_p.h
View File

@ -454,6 +454,8 @@ extern BOOLEAN Gui_RenameClasses;
extern BOOLEAN Gui_OpenAllWinClasses; // not running in a restricted job
extern BOOLEAN Gui_DisableTitle;
extern ULONG Gui_BoxNameTitleLen;
extern WCHAR* Gui_BoxNameTitleW;
extern ATOM Gui_DropTargetProp_Atom;
extern ATOM Gui_WindowProcOldW_Atom;

2
Sandboxie/core/dll/guititle.c
View File

@ -51,7 +51,7 @@ const UCHAR *Gui_TitleSuffixA = TITLE_SUFFIX_A;
static ULONG Gui_TitleSuffixA_len = 0;
ULONG Gui_BoxNameTitleLen = 0;
static WCHAR *Gui_BoxNameTitleW = NULL;
WCHAR *Gui_BoxNameTitleW = NULL;
static ANSI_STRING Gui_BoxNameTitleA;

35
Sandboxie/core/dll/proc.c
View File

@ -395,9 +395,6 @@ _FX BOOLEAN Proc_Init(void)
SBIEDLL_HOOK(Proc_, SetProcessMitigationPolicy);
}
// OriginalToken BEGIN
if (!SbieApi_QueryConfBool(NULL, L"OriginalToken", FALSE))
// OriginalToken END
if(Dll_OsBuild < 17677) {
SBIEDLL_HOOK(Proc_,CreateProcessInternalW);
@ -752,6 +749,21 @@ _FX BOOL Proc_CreateProcessInternalW(
}
}
// OriginalToken BEGIN
if (SbieApi_QueryConfBool(NULL, L"OriginalToken", FALSE))
{
ok = __sys_CreateProcessInternalW(
hToken, lpApplicationName, lpCommandLine,
lpProcessAttributes, lpThreadAttributes, bInheritHandles, dwCreationFlags,
lpEnvironment, lpCurrentDirectory,
lpStartupInfo, lpProcessInformation, hNewToken);
err = GetLastError();
goto finish;
}
// OriginalToken END
//
// create the new process
//
@ -1208,6 +1220,21 @@ _FX BOOL Proc_CreateProcessInternalW_RS5(
}
}
// OriginalToken BEGIN
if (SbieApi_QueryConfBool(NULL, L"OriginalToken", FALSE))
{
ok = __sys_CreateProcessInternalW_RS5(
hToken, lpApplicationName, lpCommandLine,
lpProcessAttributes, lpThreadAttributes, bInheritHandles,
dwCreationFlags, lpEnvironment, lpCurrentDirectory,
lpStartupInfo, lpProcessInformation, hNewToken);
err = GetLastError();
goto finish;
}
// OriginalToken END
if (!(dwCreationFlags & CREATE_SUSPENDED))
resume_thread = TRUE;
dwCreationFlags |= CREATE_SUSPENDED;
@ -1338,6 +1365,8 @@ _FX BOOL Proc_CreateProcessInternalW_RS5(
// handle CreateProcessInternal returning ERROR_ELEVATION_REQUIRED
//
finish:
--TlsData->proc_create_process;
if ((!ok) && (err == ERROR_ELEVATION_REQUIRED)) {

231
Sandboxie/core/dll/rpcrt.c
View File

@ -29,7 +29,7 @@
#include <psapi.h>
#define INITGUID
#include <guiddef.h>
#include "trace.h"
//---------------------------------------------------------------------------
// Functions
@ -61,17 +61,23 @@ int Scm_Start_Sppsvc();
#ifdef _WIN64
extern ULONG_PTR __cdecl RpcRt_NdrClientCall2(
PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...);
extern ULONG_PTR __cdecl RpcRt_NdrClientCall3(
MIDL_STUBLESS_PROXY_INFO* pProxyInfo, ULONG nProcNum, void* pReturnValue, ...);
#else
//extern ULONG_PTR __cdecl RpcRt_NdrClientCall3(
// MIDL_STUBLESS_PROXY_INFO* pProxyInfo, ULONG nProcNum, void* pReturnValue, ULONG_PTR* Args);
extern ULONG_PTR __cdecl RpcRt_NdrClientCall(
PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ULONG_PTR* Args);
extern ULONG_PTR __cdecl RpcRt_NdrClientCall2(
PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ULONG_PTR* Args);
extern ULONG_PTR __cdecl RpcRt_NdrClientCall4(
PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ULONG_PTR* Args);
#endif _WIN64
@ -112,12 +118,12 @@ typedef RPC_STATUS (*P_RpcMgmtSetComTimeout)(RPC_BINDING_HANDLE Binding, unsigne
typedef BOOL(WINAPI* P_GetModuleInformation)(_In_ HANDLE hProcess, _In_ HMODULE hModule, _Out_ LPMODULEINFO lpmodinfo, _In_ DWORD cb);
typedef ULONG_PTR(__cdecl* P_NdrClientCallX)(
PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...);
typedef ULONG_PTR(__cdecl* P_NdrClientCall3)(
MIDL_STUBLESS_PROXY_INFO* pProxyInfo, ULONG nProcNum, void* pReturnValue, ...);
typedef ULONG_PTR(__cdecl* P_NdrClientCall2)(
PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...);
//---------------------------------------------------------------------------
@ -133,6 +139,7 @@ P_RpcBindingCreateW __sys_RpcBindingCreateW = NULL;
P_RpcMgmtSetComTimeout __sys_RpcMgmtSetComTimeout = NULL;
#define RPC_C_BINDING_TIMEOUT 4
BOOLEAN __use_RpcMgmtSetComTimeout = FALSE;
P_UuidToStringW __sys_UuidToStringW = NULL;
@ -141,13 +148,17 @@ P_RpcStringFreeW __sys_RpcStringFreeW = NULL;
P_GetModuleInformation __sys_GetModuleInformation = NULL;
#ifdef _WIN64
P_NdrClientCallX __sys_NdrClientCall2 = NULL;
P_NdrClientCall3 __sys_NdrClientCall3 = NULL;
#else
P_NdrClientCall2 __sys_NdrClientCall2 = NULL;
P_NdrClientCallX __sys_NdrClientCall = NULL;
P_NdrClientCallX __sys_NdrClientCall2 = NULL;
P_NdrClientCallX __sys_NdrClientCall4 = NULL;
#endif
extern WCHAR* g_Ipc_DynamicPortNames[NUM_DYNAMIC_PORTS];
BOOLEAN g_rpc_client_hooks = FALSE;
//---------------------------------------------------------------------------
// RpcRt_Init
@ -188,26 +199,51 @@ _FX BOOLEAN RpcRt_Init(HMODULE module)
SBIEDLL_HOOK(RpcRt_, RpcBindingCreateW);
if(Config_GetSettingsForImageName_bool(L"RpcMgmtSetComTimeout", TRUE))
__sys_RpcMgmtSetComTimeout = (P_RpcMgmtSetComTimeout)Ldr_GetProcAddrNew(DllName_rpcrt4, L"RpcMgmtSetComTimeout", "RpcMgmtSetComTimeout");
__sys_RpcMgmtSetComTimeout = (P_RpcMgmtSetComTimeout)Ldr_GetProcAddrNew(DllName_rpcrt4, L"RpcMgmtSetComTimeout", "RpcMgmtSetComTimeout");
__use_RpcMgmtSetComTimeout = Config_GetSettingsForImageName_bool(L"RpcMgmtSetComTimeout", FALSE);
}
WCHAR wsTraceOptions[4];
if ((Dll_OsBuild >= 8400) // win8 and above
&& SbieApi_QueryConf(NULL, L"IpcTrace", 0, wsTraceOptions, sizeof(wsTraceOptions)) == STATUS_SUCCESS && wsTraceOptions[0] != L'\0')
{
g_rpc_client_hooks = TRUE;
#ifdef _WIN64
P_NdrClientCallX NdrClientCall2;
NdrClientCall2 = (P_NdrClientCallX)Ldr_GetProcAddrNew(DllName_rpcrt4, L"NdrClientCall2", "NdrClientCall2");
SBIEDLL_HOOK(RpcRt_, NdrClientCall2);
P_NdrClientCall3 NdrClientCall3;
NdrClientCall3 = (P_NdrClientCall3)Ldr_GetProcAddrNew(DllName_rpcrt4, L"NdrClientCall3", "NdrClientCall3");
SBIEDLL_HOOK(RpcRt_, NdrClientCall3);
#else
//Ndr64AsyncServerCall64(PRPC_MESSAGE pRpcMsg)
//Ndr64AsyncServerCallAll(PRPC_MESSAGE pRpcMsg)
//NdrAsyncServerCall(PRPC_MESSAGE pRpcMsg)
//NdrServerCall2(PRPC_MESSAGE pRpcMsg)
//NdrServerCallAll(PRPC_MESSAGE pRpcMsg)
//NdrServerCallNdr64(PRPC_MESSAGE pRpcMsg)
P_NdrClientCall2 NdrClientCall2;
NdrClientCall2 = (P_NdrClientCall2)Ldr_GetProcAddrNew(DllName_rpcrt4, L"NdrClientCall2", "NdrClientCall2");
#else
P_NdrClientCallX NdrClientCall;
NdrClientCall = (P_NdrClientCallX)Ldr_GetProcAddrNew(DllName_rpcrt4, L"NdrClientCall", "NdrClientCall");
SBIEDLL_HOOK(RpcRt_, NdrClientCall);
P_NdrClientCallX NdrClientCall2;
NdrClientCall2 = (P_NdrClientCallX)Ldr_GetProcAddrNew(DllName_rpcrt4, L"NdrClientCall2", "NdrClientCall2");
SBIEDLL_HOOK(RpcRt_, NdrClientCall2);
P_NdrClientCallX NdrClientCall4;
NdrClientCall4 = (P_NdrClientCallX)Ldr_GetProcAddrNew(DllName_rpcrt4, L"NdrClientCall4", "NdrClientCall4");
SBIEDLL_HOOK(RpcRt_, NdrClientCall4);
//NdrAsyncServerCall(PRPC_MESSAGE pRpcMsg)
//NdrServerCall2(PRPC_MESSAGE pRpcMsg)
//NdrServerCall(PRPC_MESSAGE pRpcMsg)
#endif
}
@ -357,9 +393,6 @@ WCHAR* GetDynamicLpcPortName(ENUM_DYNAMIC_PORT_TYPE portType)
_FX ULONG RpcRt_RpcBindingFromStringBindingW(
const WCHAR *StringBinding, void **OutBinding)
{
static const WCHAR *_old =
L"ncalrpc:[,Security=Impersonation Dynamic False]";
//
// printing functions in winspool.drv talk to the Spooler service
// (process spoolsv.exe). prior to Windows 8.1, the service was
@ -395,13 +428,19 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
return RPC_S_INVALID_ARG;
}
static const WCHAR* dynamicFalse = L"ncalrpc:[,Security=Impersonation Dynamic False]";
static const WCHAR* dynamicTrue = L"ncalrpc:[,Security=Impersonation Dynamic True]";
BOOLEAN use_RpcMgmtSetComTimeout = __use_RpcMgmtSetComTimeout;
ULONG_PTR pRetAddr = (ULONG_PTR)_ReturnAddress();
WCHAR wstrPortName[DYNAMIC_PORT_NAME_CHARS];
memset(wstrPortName, 0, sizeof(wstrPortName));
if (_wcsicmp(StringBinding, _old) == 0) {
if (_wcsicmp(StringBinding, dynamicFalse) == 0) {
ULONG_PTR pWinSpool = (ULONG_PTR)GetModuleHandle(L"winspool.drv");
ULONG_PTR pRetAddr = (ULONG_PTR)_ReturnAddress();
if (RpcRt_TestCallingModule(pRetAddr, pWinSpool)) {
@ -412,10 +451,9 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
wcscpy(wstrPortName, L"ncalrpc:[");
wcscpy(wstrPortName + 9, pwszTempPortName);
wcscat(wstrPortName, _old + 9);
wcscat(wstrPortName, dynamicFalse + 9);
}
}
else if (_wcsicmp(StringBinding, L"ncalrpc:") == 0) {
WCHAR pwszEmpty[] = L"";
@ -423,7 +461,6 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
ULONG_PTR hWinHttp = (ULONG_PTR)GetModuleHandle(L"WinHttp.dll");
ULONG_PTR hBtApi = (ULONG_PTR)GetModuleHandle(L"BluetoothApis.dll");
ULONG_PTR pRetAddr = (ULONG_PTR)_ReturnAddress();
if (RpcRt_TestCallingModule(pRetAddr, hWinHttp))
{
@ -445,6 +482,26 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
wcscpy(wstrPortName + 9, pwszTempPortName);
wcscat(wstrPortName, L"]");
}
}
else if (_wcsicmp(StringBinding, dynamicTrue) == 0) {
ULONG_PTR pWINNSI = (ULONG_PTR)GetModuleHandle(L"WINNSI.DLL");
if (RpcRt_TestCallingModule(pRetAddr, pWINNSI)) {
use_RpcMgmtSetComTimeout = FALSE;
}
}
else if (_wcsicmp(StringBinding, L"0497b57d-2e66-424f-a0c6-157cd5d41700@ncalrpc:") == 0) {
ULONG_PTR pkernel32 = (ULONG_PTR)GetModuleHandle(L"kernel32.dll");
// kernel32.dll!AicpCreateBindingHandle
// kernel32.dll!AicGetPackageActivationTokenForSxS
// KernelBase.dll!CreateProcessInternalW
// SbieDll.dll!Proc_CreateProcessInternalW_RS5
if (RpcRt_TestCallingModule(pRetAddr, pkernel32)) {
use_RpcMgmtSetComTimeout = TRUE;
}
}
@ -456,18 +513,27 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
{
WCHAR msg[512];
WCHAR* CallingModule = Trace_FindModuleByAddress((void*)pRetAddr);
//Sbie_snwprintf(msg, 512, L"SBIE p=%06d t=%06d RpcBindingFromStringBindingW StringBinding = '%s', BindingHandle = 0x%X, status = 0x%X\n", GetCurrentProcessId(), GetCurrentThreadId(),
Sbie_snwprintf(msg, 512, L"StringBinding = '%s', wstrPortName = '%s', BindingHandle = 0x%X, status = 0x%08X",
StringBinding, wstrPortName, OutBinding, status);
Sbie_snwprintf(msg, 512, L"StringBinding = '%s', wstrPortName = '%s', BindingHandle = 0x%X, status = 0x%08X, timeout = %d, caller = '%s'",
StringBinding, wstrPortName, OutBinding, status, use_RpcMgmtSetComTimeout,
CallingModule ? CallingModule : L"unknown");
//OutputDebugString(msg);
SbieApi_MonitorPut2(MONITOR_IPC | MONITOR_TRACE, msg, FALSE);
}
if(__sys_RpcMgmtSetComTimeout) __sys_RpcMgmtSetComTimeout(*OutBinding, RPC_C_BINDING_TIMEOUT);
if(use_RpcMgmtSetComTimeout) __sys_RpcMgmtSetComTimeout(*OutBinding, RPC_C_BINDING_TIMEOUT);
return status;
}
//---------------------------------------------------------------------------
// RpcRt_RpcBindingCreateW
//---------------------------------------------------------------------------
DEFINE_GUID(
EMPTY_UUID,
0x00000000, 0x0000, 0x0000, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00);
@ -483,6 +549,8 @@ _FX RPC_STATUS RpcRt_RpcBindingCreateW(
__in_opt RPC_BINDING_HANDLE_OPTIONS_V1 * Options,
__out RPC_BINDING_HANDLE * Binding)
{
ULONG_PTR pRetAddr = (ULONG_PTR)_ReturnAddress();
if ( (memcmp(&Template->ObjectUuid, &MSDTC_UUID, sizeof(GUID)) == 0) && RPC_PROTSEQ_LRPC == Template->ProtocolSequence && !Template->StringEndpoint)
{
Template->StringEndpoint = (unsigned short*)L"samss lpc";
@ -494,7 +562,6 @@ _FX RPC_STATUS RpcRt_RpcBindingCreateW(
{
ULONG_PTR hWinSCard = (ULONG_PTR)GetModuleHandle(L"WinSCard.dll");
ULONG_PTR hResourcePolicyClient = (ULONG_PTR)GetModuleHandle(L"resourcepolicyclient.dll");
ULONG_PTR pRetAddr = (ULONG_PTR)_ReturnAddress();
if (RpcRt_TestCallingModule(pRetAddr, hWinSCard))
{
@ -517,21 +584,29 @@ _FX RPC_STATUS RpcRt_RpcBindingCreateW(
WCHAR msg[512];
RPC_CSTR StringUuid;
WCHAR* CallingModule = Trace_FindModuleByAddress((void*)pRetAddr);
__sys_UuidToStringW(&Template->ObjectUuid, &StringUuid);
//Sbie_snwprintf(msg, 512, L"SBIE p=%06d t=%06d RpcBindingCreateW Endpoint = '%s', UUID = %s, status = 0x%X\n", GetCurrentProcessId(), GetCurrentThreadId(),
Sbie_snwprintf(msg, 512, L"Endpoint = '%s', UUID = %s, status = 0x%08X",
Sbie_snwprintf(msg, 512, L"Endpoint = '%s', UUID = %s, status = 0x%08X, timeout = %d, caller = '%s'",
Template && Template->StringEndpoint ? Template->StringEndpoint : L"null",
StringUuid, status);
StringUuid, status, __use_RpcMgmtSetComTimeout,
CallingModule ? CallingModule : L"unknown");
__sys_RpcStringFreeW(&StringUuid);
//OutputDebugString(msg);
SbieApi_MonitorPut2(MONITOR_IPC | MONITOR_TRACE, msg, FALSE);
}
if (__sys_RpcMgmtSetComTimeout) __sys_RpcMgmtSetComTimeout(*Binding, RPC_C_BINDING_TIMEOUT);
if (__use_RpcMgmtSetComTimeout) __sys_RpcMgmtSetComTimeout(*Binding, RPC_C_BINDING_TIMEOUT);
return status;
}
//---------------------------------------------------------------------------
// RpcRt_RpcStringBindingComposeW
//---------------------------------------------------------------------------
#define UUID_UserMgrCli L"B18FBAB6-56F8-4702-84E0-41053293A869"
RPC_STATUS RPC_ENTRY RpcRt_RpcStringBindingComposeW(TCHAR *ObjUuid,TCHAR *ProtSeq,TCHAR *NetworkAddr,TCHAR *EndPoint,TCHAR *Options,TCHAR **StringBinding) {
@ -551,57 +626,103 @@ RPC_STATUS RPC_ENTRY RpcRt_RpcStringBindingComposeW(TCHAR *ObjUuid,TCHAR *ProtSe
return __sys_RpcStringBindingComposeW(ObjUuid,ProtSeq,NetworkAddr,EndPoint,Options,StringBinding);
}
//---------------------------------------------------------------------------
// RpcRt_NdrClientCallX
//---------------------------------------------------------------------------
void Sbie_StringFromGUID(const GUID* guid, WCHAR* str);
void RpcRt_NdrClientCallX(const WCHAR* Function, void* ReturnAddress,PMIDL_STUB_DESC pStubDescriptor)
{
WCHAR text[512] = L"RpcRt_NdrClientCallX";
__try
{
const WCHAR* CallingModule = Trace_FindModuleByAddress(ReturnAddress);
if (!CallingModule)
CallingModule = L"unknown";
PRPC_CLIENT_INTERFACE rpcInterface = (PRPC_CLIENT_INTERFACE)pStubDescriptor->RpcInterfaceInformation;
if (rpcInterface)
{
WCHAR interfaceID[48];
Sbie_StringFromGUID(&rpcInterface->InterfaceId.SyntaxGUID, interfaceID);
Sbie_snwprintf(text, 512, L"Calling %s for interface %s}, %d.%d by %s", Function, interfaceID,
rpcInterface->InterfaceId.SyntaxVersion.MajorVersion, rpcInterface->InterfaceId.SyntaxVersion.MinorVersion, CallingModule);
}
else
{
Sbie_snwprintf(text, 512, L"Calling %s by %s", Function, CallingModule);
}
}
__except (EXCEPTION_EXECUTE_HANDLER) {}
SbieApi_MonitorPut2(MONITOR_IPC | MONITOR_TRACE, text, FALSE);
}
#ifdef _WIN64
ULONG_PTR RpcRt_NdrClientCall2_x64(
PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, va_list vl)
{
void* ReturnAddress = (void*)*(__int64*)(vl - (3 * 8));
RpcRt_NdrClientCallX(L"NdrClientCall2", ReturnAddress, pStubDescriptor);
return FALSE; // return TRUE to not call the trampoline upon return
}
ULONG_PTR RpcRt_NdrClientCall3_x64(
MIDL_STUBLESS_PROXY_INFO* pProxyInfo, ULONG nProcNum, void* pReturnValue, va_list vl
)
MIDL_STUBLESS_PROXY_INFO* pProxyInfo, ULONG nProcNum, void* pReturnValue, va_list vl)
{
void* ReturnAddress = (void*)*(__int64*)(vl - (4 * 8));
__try
{
PRPC_CLIENT_INTERFACE rpcInterface = (PRPC_CLIENT_INTERFACE)pProxyInfo->pStubDesc->RpcInterfaceInformation;
WCHAR interfaceID[48];
Sbie_StringFromGUID(&rpcInterface->InterfaceId.SyntaxGUID, interfaceID);
WCHAR text[130];
Sbie_snwprintf(text, 130, L"Calling NdrClientCall3 for interface %s}, %d.%d", interfaceID,
rpcInterface->InterfaceId.SyntaxVersion.MajorVersion, rpcInterface->InterfaceId.SyntaxVersion.MinorVersion);
SbieApi_MonitorPut2(MONITOR_IPC | MONITOR_TRACE, text, FALSE);
}
__except (EXCEPTION_EXECUTE_HANDLER) {}
__try {
RpcRt_NdrClientCallX(L"NdrClientCall3", ReturnAddress, pProxyInfo->pStubDesc);
}__except (EXCEPTION_EXECUTE_HANDLER) {}
return FALSE; // return TRUE to not call the trampoline upon return
}
#else
ULONG_PTR __cdecl RpcRt_NdrClientCall_x86(
void* ReturnAddress,
PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...)
{
//va_list vl;
//va_start(vl, pFormat);
RpcRt_NdrClientCallX(L"NdrClientCall", ReturnAddress, pStubDescriptor);
//va_end(vl);
return FALSE; // return TRUE to not call the trampoline upon return
}
ULONG_PTR __cdecl RpcRt_NdrClientCall2_x86(
void* ReturnAddress,
PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...)
{
//va_list vl;
//va_start(vl, pFormat);
__try
{
PRPC_CLIENT_INTERFACE rpcInterface = (PRPC_CLIENT_INTERFACE)pStubDescriptor->RpcInterfaceInformation;
WCHAR interfaceID[48];
Sbie_StringFromGUID(&rpcInterface->InterfaceId.SyntaxGUID, interfaceID);
RpcRt_NdrClientCallX(L"NdrClientCall2", ReturnAddress, pStubDescriptor);
WCHAR text[130];
Sbie_snwprintf(text, 130, L"Calling NdrClientCall2 for interface %s}, %d.%d", interfaceID,
rpcInterface->InterfaceId.SyntaxVersion.MajorVersion, rpcInterface->InterfaceId.SyntaxVersion.MinorVersion);
//va_end(vl);
SbieApi_MonitorPut2(MONITOR_IPC | MONITOR_TRACE, text, FALSE);
}
__except (EXCEPTION_EXECUTE_HANDLER) {}
return FALSE; // return TRUE to not call the trampoline upon return
}
ULONG_PTR __cdecl RpcRt_NdrClientCall4_x86(
void* ReturnAddress,
PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...)
{
//va_list vl;
//va_start(vl, pFormat);
RpcRt_NdrClientCallX(L"NdrClientCall4", ReturnAddress, pStubDescriptor);
//va_end(vl);

8
Sandboxie/core/dll/sbieapi.c
View File

@ -1430,9 +1430,9 @@ _FX LONG SbieApi_MonitorPut2(
API_MONITOR_PUT2_ARGS *args = (API_MONITOR_PUT2_ARGS *)parms;
args->func_code = API_MONITOR_PUT2;
args->log_type.val64 = (ULONG64)(ULONG_PTR)&Type;
args->log_len.val64 = wcslen(Name) * sizeof(WCHAR);
args->log_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
args->log_type.val64 = (ULONG64)(ULONG_PTR)&Type;
args->log_len.val64 = wcslen(Name) * sizeof(WCHAR);
args->log_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
args->check_object_exists.val64 = bCheckObjectExists;
status = SbieApi_Ioctl(parms);
@ -1479,6 +1479,7 @@ _FX LONG SbieApi_MonitorGetEx(
ULONG *SeqNum,
USHORT *Type,
ULONG64 *Pid,
ULONG64 *Tid,
WCHAR *Name) // WCHAR [256]
{
NTSTATUS status;
@ -1489,6 +1490,7 @@ _FX LONG SbieApi_MonitorGetEx(
args->log_seq.val64 = (ULONG64)(ULONG_PTR)SeqNum;
args->log_type.val64 = (ULONG64)(ULONG_PTR)Type;
args->log_pid.val64 = (ULONG64)(ULONG_PTR)Pid;
args->log_tid.val64 = (ULONG64)(ULONG_PTR)Tid;
args->log_len.val64 = 256 * sizeof(WCHAR);
args->log_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
status = SbieApi_Ioctl(parms);

1
Sandboxie/core/dll/sbieapi.h
View File

@ -215,6 +215,7 @@ LONG SbieApi_MonitorGetEx(
ULONG *SeqNum,
USHORT *Type,
ULONG64 *Pid,
ULONG64 *Tid,
WCHAR *Name); // WCHAR [256]

2
Sandboxie/core/dll/sbiedll.h
View File

@ -204,6 +204,8 @@ SBIEDLL_EXPORT BOOLEAN SbieDll_MatchImage(const WCHAR* pat_str, const WCHAR* te
SBIEDLL_EXPORT BOOLEAN SbieDll_CheckStringInList(const WCHAR* string, const WCHAR* boxname, const WCHAR* setting);
SBIEDLL_EXPORT BOOLEAN SbieDll_GetBorderColor(const WCHAR* box_name, COLORREF* color, BOOL* title, int* width);
//---------------------------------------------------------------------------

46
Sandboxie/core/dll/secure.c
View File

@ -1220,6 +1220,13 @@ extern ULONG_PTR __cdecl Secure_NdrAsyncClientCall(
#endif _WIN64
#ifdef _WIN64
BOOLEAN __cdecl Secure_CheckElevation64(
PVOID* pProxyInfo, ULONG nProcNum, void* pReturnValue, va_list vl);
#endif _WIN64
BOOLEAN __cdecl Secure_CheckElevation(
void *ReturnAddressFromNdrAsyncClientCall,
void *pStubDescriptor, void *pFormat, SECURE_UAC_ARGS *Args);
@ -1302,6 +1309,12 @@ _FX BOOLEAN Secure_Init_Elevation(HMODULE module)
SBIEDLL_HOOK(Secure_,Ndr64AsyncClientCall);
//NdrAsyncClientCall(PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...)
//Ndr64AsyncClientCall(MIDL_STUBLESS_PROXY_INFO* pProxyInfo, unsigned int nProcNum, void* pReturnValue, ...) <- hook
//NdrDcomAsyncClientCall(PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...)
//Ndr64DcomAsyncClientCall(MIDL_STUBLESS_PROXY_INFO* pProxyInfo, unsigned int nProcNum, void* pReturnValue, ...)
#else ! _WIN64
NdrAsyncClientCall = (P_NdrAsyncClientCall)
@ -1309,6 +1322,12 @@ _FX BOOLEAN Secure_Init_Elevation(HMODULE module)
SBIEDLL_HOOK(Secure_,NdrAsyncClientCall);
//NdrAsyncClientCall(PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...) <- hook
//NdrAsyncClientCall2(PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...) -> NdrAsyncClientCall
//NdrDcomAsyncClientCall(PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...)
//NdrDcomAsyncClientCall2(PMIDL_STUB_DESC pStubDescriptor, PFORMAT_STRING pFormat, ...)->NdrDcomAsyncClientCall
#endif _WIN64
SBIEDLL_HOOK(Secure_,RpcAsyncCompleteCall);
@ -1321,11 +1340,38 @@ _FX BOOLEAN Secure_Init_Elevation(HMODULE module)
// Secure_CheckElevation
//---------------------------------------------------------------------------
#ifdef _WIN64
ALIGNED BOOLEAN __cdecl Secure_CheckElevation64(
PVOID* pProxyInfo, ULONG nProcNum, void* pReturnValue, va_list vl)
{
void* ReturnAddress = NULL;
void* pStubDescriptor = NULL;
__try {
ReturnAddress = *(__int64**)(vl - (4 * 8));
pStubDescriptor = *pProxyInfo;
} __except (EXCEPTION_EXECUTE_HANDLER) {}
return Secure_CheckElevation(ReturnAddress, pStubDescriptor, NULL, vl);
}
#endif _WIN64
extern BOOLEAN g_rpc_client_hooks;
void RpcRt_NdrClientCallX(const WCHAR* Function, void* ReturnAddress, VOID* pStubDescriptor);
ALIGNED BOOLEAN __cdecl Secure_CheckElevation(
void *ReturnAddressFromNdrAsyncClientCall,
void *pStubDescriptor, void *pFormat, SECURE_UAC_ARGS *Args)
{
if (g_rpc_client_hooks) {
#ifdef _WIN64
RpcRt_NdrClientCallX(L"Ndr64AsyncClientCall", ReturnAddressFromNdrAsyncClientCall, pStubDescriptor);
#else
RpcRt_NdrClientCallX(L"NdrAsyncClientCall", ReturnAddressFromNdrAsyncClientCall, pStubDescriptor);
#endif
}
static UCHAR elevation_binding_1[16] = {
0x9A, 0xF9, 0x1E, 0x20, 0xA0, 0x7F, 0x4C, 0x44,
0x93, 0x99, 0x19, 0xBA, 0x84, 0xF1, 0x2A, 0x1A };

163
Sandboxie/core/dll/setup.c
View File

@ -34,6 +34,21 @@
static ULONG Setup_VerifyCatalogFile(const WCHAR *CatalogFullPath);
/*static BOOL Setup_SetupDiCallClassInstaller(
_In_ DI_FUNCTION InstallFunction,
_In_ HDEVINFO DeviceInfoSet,
_In_opt_ PSP_DEVINFO_DATA DeviceInfoData);*/
/*static BOOL Setup_SetupDiRemoveDevice(
HDEVINFO DeviceInfoSet,
PSP_DEVINFO_DATA DeviceInfoData);*/
/*static BOOL Setup_DiUninstallDriverW(
HWND hwndParent,
LPCWSTR InfPath,
DWORD Flags,
PBOOL NeedReboot);*/
static ULONG Setup_CM_Add_Driver_PackageW(
ULONG_PTR Unknown1, ULONG_PTR Unknown2, ULONG_PTR Unknown3,
ULONG_PTR Unknown4, ULONG_PTR Unknown5, ULONG_PTR Unknown6,
@ -46,12 +61,38 @@ static ULONG Setup_CM_Add_Driver_Package_ExW(
ULONG_PTR Unknown7, ULONG_PTR Unknown8, ULONG_PTR Unknown9,
ULONG_PTR Unknown10, ULONG_PTR Unknown11);
/*static ULONG Setup_CM_Query_And_Remove_SubTreeW(
PVOID dnAncestor, // DEVINST
PVOID pVetoType, // PPNP_VETO_TYPE
LPWSTR pszVetoName,
ULONG ulNameLength,
ULONG ulFlags);*/
/*static ULONG Setup_CM_Uninstall_DevNode(
PVOID dnDevInst, // DEVNODE
ULONG ulFlags);*/
//---------------------------------------------------------------------------
typedef ULONG (*P_VerifyCatalogFile)(const WCHAR *CatalogFullPath);
/*typedef BOOL (*P_SetupDiCallClassInstaller)(
_In_ DI_FUNCTION InstallFunction,
_In_ HDEVINFO DeviceInfoSet,
_In_opt_ PSP_DEVINFO_DATA DeviceInfoData);*/
/*typedef BOOL (*P_SetupDiRemoveDevice)(
HDEVINFO DeviceInfoSet,
PSP_DEVINFO_DATA DeviceInfoData);*/
/*typedef BOOL (*P_DiUninstallDriverW)(
HWND hwndParent,
LPCWSTR InfPath,
DWORD Flags,
PBOOL NeedReboot);*/
typedef ULONG (*P_CM_Add_Driver_PackageW)(
ULONG_PTR Unknown1, ULONG_PTR Unknown2, ULONG_PTR Unknown3,
ULONG_PTR Unknown4, ULONG_PTR Unknown5, ULONG_PTR Unknown6,
@ -64,15 +105,31 @@ typedef ULONG (*P_CM_Add_Driver_Package_ExW)(
ULONG_PTR Unknown7, ULONG_PTR Unknown8, ULONG_PTR Unknown9,
ULONG_PTR Unknown10, ULONG_PTR Unknown11);
/*typedef ULONG (*P_CM_Query_And_Remove_SubTreeW)(
PVOID dnAncestor, // DEVINST
PVOID pVetoType, // PPNP_VETO_TYPE
LPWSTR pszVetoName,
ULONG ulNameLength,
ULONG ulFlags);*/
/*typedef ULONG (*P_CM_Uninstall_DevNode)(
PVOID dnDevInst, // DEVNODE
ULONG ulFlags);*/
//---------------------------------------------------------------------------
static P_VerifyCatalogFile __sys_VerifyCatalogFile = NULL;
static P_VerifyCatalogFile __sys_VerifyCatalogFile = NULL;
//static P_SetupDiCallClassInstaller __sys_SetupDiCallClassInstaller = NULL;
//static P_SetupDiRemoveDevice __sys_SetupDiRemoveDevice = NULL;
//static P_DiUninstallDriverW __sys_DiUninstallDriverW = NULL;
static P_CM_Add_Driver_PackageW __sys_CM_Add_Driver_PackageW = NULL;
static P_CM_Add_Driver_Package_ExW __sys_CM_Add_Driver_Package_ExW = NULL;
//static P_CM_Query_And_Remove_SubTreeW __sys_CM_Query_And_Remove_SubTreeW = NULL;
//static P_CM_Uninstall_DevNode __sys_CM_Uninstall_DevNode = NULL;
//---------------------------------------------------------------------------
// Defines for initialization
@ -103,9 +160,12 @@ static P_CM_Add_Driver_Package_ExW __sys_CM_Add_Driver_Package_ExW = NULL;
_FX BOOLEAN Setup_Init_SetupApi(HMODULE module)
{
FIND_EP(VerifyCatalogFile);
//FIND_EP(SetupDiCallClassInstaller);
//FIND_EP(SetupDiRemoveDevice);
DO_CALL_HOOK(VerifyCatalogFile,Setup_VerifyCatalogFile);
//DO_CALL_HOOK(SetupDiCallClassInstaller,Setup_SetupDiCallClassInstaller);
//DO_CALL_HOOK(SetupDiRemoveDevice, Setup_SetupDiRemoveDevice);
return TRUE;
}
@ -127,6 +187,57 @@ _FX ULONG Setup_VerifyCatalogFile(const WCHAR *CatalogFullPath)
}
//---------------------------------------------------------------------------
// Setup_SetupDiCallClassInstaller
//---------------------------------------------------------------------------
/*_FX BOOL Setup_SetupDiCallClassInstaller(
_In_ DI_FUNCTION InstallFunction,
_In_ HDEVINFO DeviceInfoSet,
_In_opt_ PSP_DEVINFO_DATA DeviceInfoData)
{
return __sys_SetupDiCallClassInstaller(InstallFunction, DeviceInfoSet, DeviceInfoData);
}*/
//---------------------------------------------------------------------------
// Setup_SetupDiRemoveDevice
//---------------------------------------------------------------------------
/*static BOOL Setup_SetupDiRemoveDevice(
HDEVINFO DeviceInfoSet,
PSP_DEVINFO_DATA DeviceInfoData)
{
return TRUE;
}*/
//---------------------------------------------------------------------------
// Setup_Init_NewDev
//---------------------------------------------------------------------------
/*_FX BOOLEAN Setup_Init_NewDev(HMODULE module)
{
FIND_EP(DiUninstallDriverW);
DO_CALL_HOOK(DiUninstallDriverW,Setup_DiUninstallDriverW);
return TRUE;
}
static BOOL Setup_DiUninstallDriverW(
HWND hwndParent,
LPCWSTR InfPath,
DWORD Flags,
PBOOL NeedReboot)
{
return TRUE;
}*/
//---------------------------------------------------------------------------
// Setup_Init_CfgMgr32
//---------------------------------------------------------------------------
@ -136,7 +247,9 @@ _FX BOOLEAN Setup_Init_CfgMgr32(HMODULE module)
{
FIND_EP(CM_Add_Driver_PackageW);
FIND_EP(CM_Add_Driver_Package_ExW);
// Note: When the Add_Driver_Package is not hooked it will atempt to contact the deviceinstall service,
// which uses a dynamic rpc port, heence as long as there is no blank OpenIpcPath=* this call will fail
// We hook these two functions only to provide the user a SBIE2205 informing, that drivers cant be installed.
if (__sys_CM_Add_Driver_PackageW) {
DO_CALL_HOOK(
CM_Add_Driver_PackageW,Setup_CM_Add_Driver_PackageW);
@ -146,6 +259,19 @@ _FX BOOLEAN Setup_Init_CfgMgr32(HMODULE module)
CM_Add_Driver_Package_ExW,Setup_CM_Add_Driver_Package_ExW);
}
//FIND_EP(CM_Query_And_Remove_SubTreeW);
//FIND_EP(CM_Uninstall_DevNode);
// Note: most of the CM_ functions use the "\Device\DeviceApi\CMApi" device/file for communication,
// these requests are filtered by the driver and we let them silently fail.
/*if (__sys_CM_Query_And_Remove_SubTreeW) {
DO_CALL_HOOK(
CM_Query_And_Remove_SubTreeW,Setup_CM_Query_And_Remove_SubTreeW);
}*/
/*if (__sys_CM_Uninstall_DevNode) {
DO_CALL_HOOK(
CM_Uninstall_DevNode,Setup_CM_Uninstall_DevNode);
}*/
return TRUE;
}
@ -180,3 +306,34 @@ _FX ULONG Setup_CM_Add_Driver_Package_ExW(
SbieApi_Log(2205, L"CM Add Driver Package Ex");
return 0;
}
//---------------------------------------------------------------------------
// Setup_CM_Add_Driver_Package_ExW
//---------------------------------------------------------------------------
/*static ULONG Setup_CM_Query_And_Remove_SubTreeW(
PVOID dnAncestor, // DEVINST
PVOID pVetoType, // PPNP_VETO_TYPE
LPWSTR pszVetoName,
ULONG ulNameLength,
ULONG ulFlags)
{
return __sys_CM_Query_And_Remove_SubTreeW(dnAncestor, pVetoType, pszVetoName, ulNameLength, ulFlags);
}*/
//---------------------------------------------------------------------------
// Setup_CM_Add_Driver_Package_ExW
//---------------------------------------------------------------------------
/*static ULONG Setup_CM_Uninstall_DevNode(
PVOID dnDevInst, // DEVNODE
ULONG ulFlags)
{
LONG ret = __sys_CM_Uninstall_DevNode(dnDevInst, ulFlags);
return ret;
}*/

169
Sandboxie/core/dll/sh.c
View File

@ -31,7 +31,7 @@
#include "common/win32_ntddk.h"
#include "common/my_shlwapi.h"
#include "msgs/msgs.h"
#include "gui_p.h"
//---------------------------------------------------------------------------
// Functions
@ -46,6 +46,9 @@ static HKEY SbieDll_AssocQueryKeyWow64(const WCHAR *subj);
static BOOL SH32_ShellExecuteExW(SHELLEXECUTEINFOW *lpExecInfo);
static BOOL SH32_Shell_NotifyIconW(
DWORD dwMessage, PNOTIFYICONDATAW lpData);
static WCHAR *SbieDll_AssocQueryCommandInternal(
const WCHAR *subj, const WCHAR *verb);
@ -80,6 +83,9 @@ static ULONG SH_WindowMonitorThread(void *lpParameter);
typedef BOOL (*P_ShellExecuteEx)(
void *lpExecInfo);
typedef BOOL (*P_Shell_NotifyIconW)(
DWORD dwMessage, PNOTIFYICONDATAW lpData);
typedef ULONG (*P_SHChangeNotifyRegister)(
HWND hwnd, int fSources, LONG fEvents, UINT wMsg,
int cEntries, SHChangeNotifyEntry *pfsne);
@ -104,6 +110,8 @@ typedef HRESULT (*P_SHGetFolderLocation)(
static P_ShellExecuteEx __sys_ShellExecuteExW = NULL;
static P_Shell_NotifyIconW __sys_Shell_NotifyIconW = NULL;
static P_SHChangeNotifyRegister __sys_SHChangeNotifyRegister = NULL;
static P_SHOpenFolderAndSelectItems
@ -403,6 +411,159 @@ _FX BOOL SH32_ShellExecuteExW(SHELLEXECUTEINFOW *lpExecInfo)
}
//---------------------------------------------------------------------------
// SH32_BornderToIcon
//---------------------------------------------------------------------------
HICON SH32_BorderToIcon(HICON hIcon, COLORREF color)
{
typedef HDC(*P_GetDC)(HWND hWnd);
typedef int(*P_ReleaseDC)(HWND hWnd, HDC hDC);
typedef BOOL(*P_GetIconInfo)(HICON hIcon, PICONINFO piconinfo);
typedef HICON(*P_CreateIconIndirect)(PICONINFO piconinfo);
typedef HDC(*P_CreateCompatibleDC)(HDC hdc);
typedef HGDIOBJ(*P_SelectObject)(HDC hdc, HGDIOBJ h);
typedef COLORREF(*P_GetPixel)(HDC hdc, int x, int y);
typedef COLORREF(*P_SetPixel)(HDC hdc, int x, int y, COLORREF color);
typedef BOOL(*P_DeleteObject)(HGDIOBJ ho);
typedef BOOL(*P_DeleteDC)(HDC hdc);
#define GET_WIN_API(name, lib) \
P_##name name = Ldr_GetProcAddrNew(lib, #name, #name); \
if(!name) return NULL;
GET_WIN_API(GetDC, DllName_user32);
GET_WIN_API(ReleaseDC, DllName_user32);
GET_WIN_API(GetIconInfo, DllName_user32);
GET_WIN_API(CreateIconIndirect, DllName_user32);
GET_WIN_API(CreateCompatibleDC, DllName_gdi32);
GET_WIN_API(SelectObject, DllName_gdi32);
GET_WIN_API(GetPixel, DllName_gdi32);
GET_WIN_API(SetPixel, DllName_gdi32);
GET_WIN_API(DeleteObject, DllName_gdi32);
GET_WIN_API(DeleteDC, DllName_gdi32);
HICON hNewIcon = NULL;
HDC hMainDC = NULL, hMemDC1 = NULL, hMemDC3 = NULL;
HBITMAP hOldBmp1 = NULL, hOldBmp3 = NULL;
ICONINFO csII;
if (!GetIconInfo(hIcon, &csII)) return NULL;
hMainDC = GetDC(NULL);
hMemDC1 = CreateCompatibleDC(hMainDC);
hMemDC3 = CreateCompatibleDC(hMainDC);
if (hMainDC == NULL || hMemDC1 == NULL || hMemDC3 == NULL) return NULL;
DWORD dwWidth = csII.xHotspot * 2;
DWORD dwHeight = csII.yHotspot * 2;
hOldBmp1 = (HBITMAP)SelectObject(hMemDC1, csII.hbmColor);
hOldBmp3 = (HBITMAP)SelectObject(hMemDC3, csII.hbmMask);
DWORD dwLoopY = 0, dwLoopX = 0;
COLORREF crPixel = 0;
for (dwLoopY = 0; dwLoopY < dwHeight; dwLoopY++)
{
for (dwLoopX = 0; dwLoopX < dwWidth; dwLoopX++)
{
crPixel = GetPixel(hMemDC1, dwLoopX, dwLoopY);
if (dwLoopY == 0 || dwLoopX == 0 || dwLoopY + 1 == dwHeight || dwLoopX + 1 == dwWidth)
crPixel = color; // RGB(255, 255, 0);
SetPixel(hMemDC1, dwLoopX, dwLoopY, crPixel);
crPixel = GetPixel(hMemDC3, dwLoopX, dwLoopY);
if (dwLoopY == 0 || dwLoopX == 0 || dwLoopY + 1 == dwHeight || dwLoopX + 1 == dwWidth)
crPixel = 0;
SetPixel(hMemDC3, dwLoopX, dwLoopY, crPixel);
}
}
SelectObject(hMemDC1, hOldBmp1);
SelectObject(hMemDC3, hOldBmp3);
hNewIcon = CreateIconIndirect(&csII);
DeleteObject(csII.hbmColor);
DeleteObject(csII.hbmMask);
DeleteDC(hMemDC1);
DeleteDC(hMemDC3);
ReleaseDC(NULL, hMainDC);
return hNewIcon;
}
//---------------------------------------------------------------------------
// SH32_Shell_NotifyIconW
//---------------------------------------------------------------------------
_FX BOOL SH32_Shell_NotifyIconW(
DWORD dwMessage, PNOTIFYICONDATAW lpData)
{
BOOL ret;
HICON icon = NULL;
if (dwMessage == NIM_ADD || dwMessage == NIM_MODIFY)
{
if (!Gui_DisableTitle && lpData && lpData->cbSize >= sizeof(PNOTIFYICONDATAW))
{
ULONG len = wcslen(lpData->szTip);
if (Gui_BoxNameTitleLen != 0 && (len + Gui_BoxNameTitleLen + 2) <= 127)
{
wmemmove(lpData->szTip + Gui_BoxNameTitleLen + 2, lpData->szTip, len + 1);
wmemcpy(lpData->szTip, Gui_BoxNameTitleW, Gui_BoxNameTitleLen);
wmemcpy(lpData->szTip + Gui_BoxNameTitleLen, L"\r\n", 2);
}
else
{
if (len + 8 > 127) {
lpData->szTip[127 - 8 - 3] = L'\0';
wcscat(lpData->szTip, L"...");
len = 127 - 8;
}
wmemmove(lpData->szTip + 4, lpData->szTip, len + 1);
wmemcpy(lpData->szTip, L"[#] ", 4);
wcscat(lpData->szTip, L" [#]");
}
}
COLORREF color;
if (SbieDll_GetBorderColor(NULL, &color, NULL, NULL))
{
HICON newIcon = SH32_BorderToIcon(lpData->hIcon, color);
if (newIcon) {
icon = lpData->hIcon;
lpData->hIcon = newIcon;
}
}
}
ret = __sys_Shell_NotifyIconW(dwMessage, lpData);
if (icon)
{
typedef BOOL(*P_DestroyIcon)(HICON hIcon);
P_DestroyIcon DestroyIcon = Ldr_GetProcAddrNew(DllName_user32, L"DestroyIcon", "DestroyIcon");
DestroyIcon(lpData->hIcon);
lpData->hIcon = icon;
}
return ret;
}
//---------------------------------------------------------------------------
// SH32_SHChangeNotifyRegister
//---------------------------------------------------------------------------
@ -789,6 +950,7 @@ _FX NTSTATUS SH32_LdrGetDllHandleEx(
_FX BOOLEAN SH32_Init(HMODULE module)
{
P_ShellExecuteEx ShellExecuteExW;
P_Shell_NotifyIconW Shell_NotifyIconW;
P_SHChangeNotifyRegister SHChangeNotifyRegister;
void *SHGetItemFromObject;
P_SHOpenFolderAndSelectItems SHOpenFolderAndSelectItems;
@ -806,6 +968,9 @@ _FX BOOLEAN SH32_Init(HMODULE module)
ShellExecuteExW = (P_ShellExecuteEx)
GetProcAddress(module, "ShellExecuteExW");
Shell_NotifyIconW = (P_Shell_NotifyIconW)
GetProcAddress(module, "Shell_NotifyIconW");
SHChangeNotifyRegister = (P_SHChangeNotifyRegister)
GetProcAddress(module, "SHChangeNotifyRegister");
@ -816,6 +981,8 @@ _FX BOOLEAN SH32_Init(HMODULE module)
SBIEDLL_HOOK(SH32_,ShellExecuteExW);
SBIEDLL_HOOK(SH32_,Shell_NotifyIconW);
if (SHChangeNotifyRegister && SHGetItemFromObject) {
//

34
Sandboxie/core/dll/taskbar.c
View File

@ -377,6 +377,24 @@ _FX BOOLEAN Taskbar_ShouldOverrideAppUserModelId(void)
// Taskbar_SetCurrentProcessExplicitAppUserModelID
//---------------------------------------------------------------------------
_FX HRESULT Taskbar_SetCurrentProcessExplicitAppUserModelID_hack(
const WCHAR* AppId)
{
// ToDo
// Fix-Me: BUG when ProcessParms->WindowTitle is already set LocalFree
// performed by SetCurrentProcessExplicitAppUserModelID crashes, WTF why?!
//
// To work around this issue, we clear the flag that indicates this value being set
// this way we trade a memory leak for an crash
//
// HACK ALERT! if we clear 0x5000 the WindowTitle buffer will not be freed
RTL_USER_PROCESS_PARAMETERS* ProcessParms = Proc_GetRtlUserProcessParameters();
ProcessParms->WindowFlags &= ~0x5000;
return __sys_SetCurrentProcessExplicitAppUserModelID(AppId);
}
_FX HRESULT Taskbar_SetCurrentProcessExplicitAppUserModelID(
const WCHAR *AppId)
@ -385,7 +403,9 @@ _FX HRESULT Taskbar_SetCurrentProcessExplicitAppUserModelID(
WCHAR *NewId;
if (! Taskbar_ShouldOverrideAppUserModelId())
return __sys_SetCurrentProcessExplicitAppUserModelID(AppId);
return Taskbar_SetCurrentProcessExplicitAppUserModelID_hack(AppId);
hr = E_FAIL;
if (Taskbar_SavedAppUserModelId) {
Dll_Free(Taskbar_SavedAppUserModelId);
@ -399,14 +419,14 @@ _FX HRESULT Taskbar_SetCurrentProcessExplicitAppUserModelID(
wmemcpy(Taskbar_SavedAppUserModelId, AppId, len + 1);
NewId = Taskbar_CreateAppUserModelId(AppId);
if (NewId == NULL)
return hr;
} else
NewId = NULL;
hr = Taskbar_SetCurrentProcessExplicitAppUserModelID_hack(NewId);
hr = __sys_SetCurrentProcessExplicitAppUserModelID(NewId);
if (NewId && NewId != AppId)
Dll_Free(NewId);
if (NewId != AppId)
Dll_Free(NewId);
}
return hr;
}

48
Sandboxie/core/dll/trace.c
View File

@ -19,9 +19,8 @@
// Trace Helper
//---------------------------------------------------------------------------
#include "trace.h"
#include "dll.h"
#include "trace.h"
//---------------------------------------------------------------------------
@ -70,9 +69,11 @@ _FX int Trace_Init(void)
// intercept NTDLL entry points
//
RtlSetLastWin32Error = (P_RtlSetLastWin32Error)
GetProcAddress(Dll_Ntdll, "RtlSetLastWin32Error");
SBIEDLL_HOOK(Trace_,RtlSetLastWin32Error);
if (SbieApi_QueryConfBool(NULL, L"ErrorTrace", FALSE)) {
RtlSetLastWin32Error = (P_RtlSetLastWin32Error)
GetProcAddress(Dll_Ntdll, "RtlSetLastWin32Error");
SBIEDLL_HOOK(Trace_, RtlSetLastWin32Error);
}
//
// intercept KERNEL32 entry points
@ -132,3 +133,40 @@ ALIGNED void Trace_OutputDebugStringA(const UCHAR *strA)
__sys_OutputDebugStringA(strA);
}
//---------------------------------------------------------------------------
// Trace_FindModuleByAddress
//---------------------------------------------------------------------------
#include "../../common/my_xeb.h"
WCHAR* Trace_FindModuleByAddress(void* address)
{
WCHAR* found = NULL;
PLIST_ENTRY Head, Next;
PLDR_DATA_TABLE_ENTRY Entry;
PPEB peb = (PPEB)NtCurrentPeb();
EnterCriticalSection((PRTL_CRITICAL_SECTION)peb->LoaderLock);
Head = &peb->Ldr->InLoadOrderModuleList;
Next = Head->Flink;
while (Next != Head)
{
Entry = CONTAINING_RECORD(Next, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
if (Entry->DllBase < address && (UINT_PTR)Entry->DllBase + Entry->SizeOfImage > (UINT_PTR)address)
{
found = Entry->BaseDllName.Buffer;
break;
}
Next = Next->Flink;
}
LeaveCriticalSection((PRTL_CRITICAL_SECTION)peb->LoaderLock);
return found;
}

2
Sandboxie/core/dll/trace.h
View File

@ -29,6 +29,8 @@
int Trace_Init(void);
WCHAR* Trace_FindModuleByAddress(void* address);
//---------------------------------------------------------------------------

57
Sandboxie/core/dll/util_32.asm
View File

@ -224,6 +224,33 @@ Gui_MsgWaitForMultipleObjects@20 ENDP
PUBLIC C Gui_MsgWaitForMultipleObjects@20
;----------------------------------------------------------------------------
; RpcRt_NdrClientCall
;----------------------------------------------------------------------------
EXTERN C RpcRt_NdrClientCall_x86 : PROC
;EXTERN C RpcRt_NdrClientCall_... : PROC
EXTERN C __sys_NdrClientCall : DWORD
RpcRt_NdrClientCall PROC C PUBLIC
call RpcRt_NdrClientCall_x86
test al,al
jnz CancelCall
jmp dword ptr [__sys_NdrClientCall]
CancelCall:
; jmp RpcRt_NdrClientCall_...
ret
RpcRt_NdrClientCall ENDP
PUBLIC C RpcRt_NdrClientCall
;----------------------------------------------------------------------------
; RpcRt_NdrClientCall2
;----------------------------------------------------------------------------
@ -237,11 +264,11 @@ RpcRt_NdrClientCall2 PROC C PUBLIC
call RpcRt_NdrClientCall2_x86
test al,al
jnz CancelCall
jnz CancelCall2
jmp dword ptr [__sys_NdrClientCall2]
CancelCall:
CancelCall2:
; jmp RpcRt_NdrClientCall2_...
ret
@ -250,3 +277,29 @@ RpcRt_NdrClientCall2 ENDP
PUBLIC C RpcRt_NdrClientCall2
;----------------------------------------------------------------------------
; RpcRt_NdrClientCall4
;----------------------------------------------------------------------------
EXTERN C RpcRt_NdrClientCall4_x86 : PROC
;EXTERN C RpcRt_NdrClientCall4_... : PROC
EXTERN C __sys_NdrClientCall4 : DWORD
RpcRt_NdrClientCall4 PROC C PUBLIC
call RpcRt_NdrClientCall4_x86
test al,al
jnz CancelCall4
jmp dword ptr [__sys_NdrClientCall4]
CancelCall4:
; jmp RpcRt_NdrClientCall4_...
ret
RpcRt_NdrClientCall4 ENDP
PUBLIC C RpcRt_NdrClientCall4

65
Sandboxie/core/dll/util_64.asm
View File

@ -81,7 +81,7 @@ ProtectCall4 ENDP
; Secure_Ndr64AsyncClientCall
;----------------------------------------------------------------------------
EXTERN Secure_CheckElevation : PROC
EXTERN Secure_CheckElevation64 : PROC
EXTERN Secure_HandleElevation : PROC
EXTERN __sys_Ndr64AsyncClientCall : QWORD
@ -94,11 +94,12 @@ Secure_Ndr64AsyncClientCall PROC
mov [rax+4*8],r9 ; spill first variadic parameter
sub rsp,8+(4*8)
xor rcx,rcx ; clear ReturnAddressFromNdrAsyncClientCall
xor rdx,rdx ; clear pStubDescriptor
xor r8,r8 ; clear pFormat
;; xor rcx,rcx ; clear pProxyInfo
;; xor rdx,rdx ; clear nProcNum
;; xor r8,r8 ; clear pReturnValue
; mov r8,[rsp + 8+(4*8)] ; return poitner
lea r9,[rsp + 8+(4*8) + 4*8] ; setup Args -> SECURE_UAC_ARGS
call Secure_CheckElevation
call Secure_CheckElevation64
test al,al
jnz WeHandleElevation
@ -191,6 +192,56 @@ l02: ret
Gui_FixupCallbackPointers ENDP
;----------------------------------------------------------------------------
; RpcRt_NdrClientCall2
;----------------------------------------------------------------------------
EXTERN RpcRt_NdrClientCall2_x64 : PROC
;EXTERN Secure_HandleElevation : PROC
EXTERN __sys_NdrClientCall2 : QWORD
RpcRt_NdrClientCall2 PROC
mov rax,rsp
mov [rax+1*8],rcx ; spill pStubDescriptor
mov [rax+2*8],rdx ; spill pFormat
mov [rax+3*8],r8 ; spill first variadic parameter
mov [rax+4*8],r9 ; spill second variadic parameter
sub rsp,8+(4*8)
;; xor rcx,rcx ; clear pStubDescriptor
;; xor rdx,rdx ; clear pFormat
; mov r8,[rsp + 8+(4*8)] ; return poitner
lea r8,[rsp + 8+(4*8) + 3*8] ; Args
call RpcRt_NdrClientCall2_x64
test al,al
jnz CancelCall2
lea rax,[rsp+8+(4*8)]
mov rcx,[rax+1*8] ; restore pStubDescriptor
mov rdx,[rax+2*8] ; restore pFormat
mov r8,[rax+3*8] ; restore first variadic parameter
mov r9,[rax+4*8] ; restore second variadic parameter
add rsp,8+(4*8)
jmp [__sys_NdrClientCall2]
CancelCall2:
;;; xor rcx,rcx ; clear pProxyInfo
;;; xor rdx,rdx ; clear nProcNum
;;; xor r8,r8 ; clear pReturnValue
;; mov r8,[rsp + 8+(4*8)] ; return poitner
; lea r8,[rsp + 8+(4*8) + 3*8] ; Args
; call RpcRt_NdrClientCall2_...
add rsp,8+(4*8)
ret
RpcRt_NdrClientCall2 ENDP
;----------------------------------------------------------------------------
; RpcRt_NdrClientCall3
;----------------------------------------------------------------------------
@ -216,7 +267,7 @@ RpcRt_NdrClientCall3 PROC
lea r9,[rsp + 8+(4*8) + 4*8] ; Args
call RpcRt_NdrClientCall3_x64
test al,al
jnz CancelCall
jnz CancelCall3
lea rax,[rsp+8+(4*8)]
mov rcx,[rax+1*8] ; restore pProxyInfo
@ -227,7 +278,7 @@ RpcRt_NdrClientCall3 PROC
add rsp,8+(4*8)
jmp [__sys_NdrClientCall3]
CancelCall:
CancelCall3:
;;; xor rcx,rcx ; clear pProxyInfo
;;; xor rdx,rdx ; clear nProcNum

7
Sandboxie/core/drv/SboxDrv.vcxproj
View File

@ -285,6 +285,12 @@
<ClCompile Include="dll.c" />
<ClCompile Include="driver.c" />
<ClCompile Include="file.c" />
<ClCompile Include="file_ctrl.c">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">true</ExcludedFromBuild>
</ClCompile>
<ClCompile Include="file_flt.c">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
@ -321,6 +327,7 @@
<ClCompile Include="ipc.c" />
<ClCompile Include="ipc_lsa.c" />
<ClCompile Include="ipc_port.c" />
<ClCompile Include="ipc_sam.c" />
<ClCompile Include="ipc_spl.c" />
<ClCompile Include="key.c" />
<ClCompile Include="key_flt.c">

6
Sandboxie/core/drv/SboxDrv.vcxproj.filters
View File

@ -118,6 +118,12 @@
<ClCompile Include="..\..\common\stream.c">
<Filter>common</Filter>
</ClCompile>
<ClCompile Include="ipc_sam.c">
<Filter>ipc</Filter>
</ClCompile>
<ClCompile Include="file_ctrl.c">
<Filter>file</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="api.h" />

2
Sandboxie/core/drv/api_defs.h
View File

@ -316,6 +316,7 @@ API_ARGS_CLOSE(API_DISABLE_FORCE_PROCESS_ARGS)
API_ARGS_BEGIN(API_MONITOR_CONTROL_ARGS)
API_ARGS_FIELD(ULONG *,set_flag)
API_ARGS_FIELD(ULONG *,get_flag)
//API_ARGS_FIELD(ULONG *,get_used)
API_ARGS_CLOSE(API_MONITOR_CONTROL_ARGS)
@ -329,6 +330,7 @@ API_ARGS_BEGIN(API_MONITOR_GET_EX_ARGS)
API_ARGS_FIELD(ULONG *, log_seq)
API_ARGS_FIELD(USHORT *, log_type)
API_ARGS_FIELD(ULONG64 *, log_pid)
API_ARGS_FIELD(ULONG64 *, log_tid)
API_ARGS_FIELD(ULONG, log_len)
API_ARGS_FIELD(WCHAR *, log_ptr)
API_ARGS_CLOSE(API_MONITOR_GET_EX_ARGS)

2
Sandboxie/core/drv/file.c
View File

@ -879,6 +879,8 @@ _FX BOOLEAN File_InitProcess(PROCESS *proc)
proc->box->name, L"NotifyDirectDiskAccess", 0, FALSE);
}
proc->file_open_devapi_cmapi = Conf_Get_Boolean(proc->box->name, L"OpenDevCMApi", 0, FALSE);
if (ok && proc->image_path && (! proc->image_sbie)) {
//

130
Sandboxie/core/drv/file_ctrl.c Normal file
View File

@ -0,0 +1,130 @@
/*
* Copyright 2021 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
//---------------------------------------------------------------------------
// DeviceIoControlFile filter
//---------------------------------------------------------------------------
//#define CTL_CODE( DeviceType, Function, Method, Access ) (((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method))
#define DEVICE_TYPE_FROM_CTL_CODE(ctrlCode) (((ULONG)(ctrlCode & 0xffff0000)) >> 16)
#define FUNCTION_FROM_CTL_CODE(ctrlCode) (((ULONG)(ctrlCode & 0x3ffc)) >> 2)
#define METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3))
_FX NTSTATUS Syscall_DeviceIoControlFile(
PROCESS *proc, SYSCALL_ENTRY *syscall_entry, ULONG_PTR *user_args)
{
// filter out dangerous driver calls
ULONG IoControlCode = (ULONG)user_args[5];
if (DEVICE_TYPE_FROM_CTL_CODE(IoControlCode) == 0x6d) //MOUNTMGRCONTROLTYPE 'm' \Device\MountPointManager
{
ULONG function;
function = FUNCTION_FROM_CTL_CODE(IoControlCode);
//DbgPrint("DeviceIoContoleFile, func = %d, p=%06d t=%06d, %S\n", function, PsGetCurrentProcessId(), PsGetCurrentThreadId(), proc->image_name);
if (function == 0 || // IOCTL_MOUNTMGR_CREATE_POINT
function == 1 || // IOCTL_MOUNTMGR_DELETE_POINTS (DeleteVolumeMountPoint())
function == 3 || // IOCTL_MOUNTMGR_DELETE_POINTS_DBONLY
function == 6 || // IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED
function == 7 || // IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED
function == 9) // IOCTL_MOUNTMGR_KEEP_LINKS_WHEN_OFFLINE
return STATUS_ACCESS_DENIED;
}
if (DEVICE_TYPE_FROM_CTL_CODE(IoControlCode) == 0x47) //CMApi(?)CONTROLTYPE 0x47 \Device\DeviceApi\CMApi
{
if (!proc->file_open_devapi_cmapi)
{
ULONG function = FUNCTION_FROM_CTL_CODE(IoControlCode);
/*WCHAR path[256] = { 0 };
FILE_OBJECT* object;
NTSTATUS status = ObReferenceObjectByHandle((HANDLE)user_args[0], 0, *IoFileObjectType, UserMode, &object, NULL);
if (NT_SUCCESS(status))
{
memcpy(path, object->FileName.Buffer, object->FileName.Length);
path[object->FileName.Length / sizeof(WCHAR)] = 0;
ObDereferenceObject(object);
}*/
BOOLEAN filter = FALSE;
switch (function)
{
//case 0x0:
//case 0x100: //?SwDeviceCreate - Initiates the enumeration of a software device.
case 0x101: //?SwDevicePropertySet
case 0x102: //?SwDeviceInterfaceRegister
case 0x103: //?SwDeviceInterfaceSetState
case 0x104: //?SwDeviceInterfacePropertySet
case 0x105: //?SwDeviceSetLifetime
//case 0x106: //?SwDeviceGetLifetime
//case 0x200: //?CMP_Register_Notification,CM_Get_Device_ID_List,CM_Get_Device_ID_List_Size
//case 0x201: //?CmNotifyWnfNotificationCallback,CM_Get_Device_Interface_List_Size
//case 0x202: //?ProcessPlugPlayEventCallback,CM_Enumerate_Classes,CM_Enumerate_Enumerators
//case 0x203: //?UnregisterClient,CM_Get_Class_Property_Keys,CM_Get_DevNode_Property_Keys,CM_Get_Device_Interface_Property_Keys
//case 0x204: //GetObjectProperty,GetObjectProperty
case 0x205: //CM_Set_DevNode_Property,CM_Set_Device_Interface_Property,CM_Set_Class_Property
//case 0x206: //GetRegistryProperty,GetRegistryProperty
case 0x207: //CM_Set_Class_Registry_Property,CM_Set_DevNode_Registry_Property
//case 0x209: //CM_Get_DevNode_Status
//case 0x20a: //CM_Get_Depth
case 0x20b: //CM_Set_DevNode_Problem
case 0x20c: //CM_Disable_DevNode,CM_Query_And_Remove_SubTree
case 0x20d: //CM_Register_Device_Interface
case 0x20e: //CM_Unregister_Device_Interface
//case 0x20f: //CM_Get_Device_Interface_Alias
//case 0x210: //Validate_Device_Instance
case 0x211: //CM_Create_DevNode
case 0x212: //CM_Uninstall_DevNode
//case 0x213: //CM_Reenumerate_DevNode,CM_Setup_DevNode
case 0x214: //CM_Open_Device_Interface_Key
case 0x215: //CM_Delete_Device_Interface_Key
case 0x216: //OpenLogConfKey,OpenLogConfKey,CM_Open_DevNode_Key,CM_Get_DevNode_Custom_Property,OpenDeviceHwProfileKey
case 0x217: //CM_Delete_DevNode_Key
case 0x218: //CM_Open_Class_Key
case 0x219: //CM_Delete_Class_Key
filter = TRUE;
}
/*
WCHAR msg_str[240];
swprintf(msg_str, L"DeviceIoContoleFile, CMApi, func = 0x%X, filter=%d, p=%06d t=%06d, %s\n",
function, filter, PsGetCurrentProcessId(), PsGetCurrentThreadId(), proc->image_name);
const WCHAR* strings[2] = { msg_str, NULL };
Session_MonitorPutEx(MONITOR_OTHER | MONITOR_TRACE, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());*/
if(filter)
return STATUS_ACCESS_DENIED;
}
}
return NtDeviceIoControlFile(
(HANDLE)user_args[0], // FileHandle
(HANDLE)user_args[1], // Event
(PIO_APC_ROUTINE)user_args[2], // ApcRoutine
(PVOID)user_args[3], // ApcContext
(PIO_STATUS_BLOCK)user_args[4], // IoStatusBlock
(ULONG)user_args[5], // IoControlCode
(PVOID)user_args[6], // InputBuffer
(ULONG)user_args[7], // InputBufferLength
(PVOID)user_args[8], // OutBuffer
(ULONG)user_args[9]); // OutputBufferLength
}

10
Sandboxie/core/drv/ipc.c
View File

@ -652,6 +652,9 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS *proc)
proc->ipc_open_lsa_endpoint =
Conf_Get_Boolean(proc->box->name, L"OpenLsaEndpoint", 0, FALSE);
proc->ipc_open_sam_endpoint =
Conf_Get_Boolean(proc->box->name, L"OpenSamEndpoint", 0, FALSE);
proc->ipc_allowSpoolerPrintToFile =
Conf_Get_Boolean(proc->box->name, L"AllowSpoolerPrintToFile", 0, FALSE);
@ -1168,8 +1171,6 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
DesiredAccess, HandleAttributes,
Options & ~DUPLICATE_CLOSE_SOURCE);
*TargetHandle = NULL;
if (NT_SUCCESS(status)) {
status = Ipc_CheckObjectName(TargetHandleValue);
@ -1184,12 +1185,11 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
status = NtDuplicateObject(
SourceProcessHandle, SourceHandle,
TargetProcessHandle, TargetHandle,
TargetProcessHandle, &TargetHandleValue,
DesiredAccess, HandleAttributes, Options);
TargetHandleValue = *TargetHandle;
}
*TargetHandle = NULL;
if (NT_SUCCESS(status))
*TargetHandle = TargetHandleValue;

2
Sandboxie/core/drv/ipc_lsa.c
View File

@ -343,7 +343,7 @@ _FX BOOLEAN Ipc_Filter_Lsa_Ep_Msg(PROCESS* proc, UCHAR uMsg)
WCHAR msg_str[24];
swprintf(msg_str, L" Msg: %02X", (ULONG)uMsg);
const WCHAR* strings[3] = { L"\\RPC Control\\LSARPC_ENDPOINT", msg_str, NULL };
Session_MonitorPutEx(mon_type, strings, NULL, PsGetCurrentProcessId());
Session_MonitorPutEx(mon_type, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
}
}

14
Sandboxie/core/drv/ipc_port.c
View File

@ -25,6 +25,7 @@
#include "obj.h"
#include "api.h"
#include "thread.h"
#include "session.h"
//---------------------------------------------------------------------------
@ -122,6 +123,9 @@ NTSTATUS Ipc_CheckPortRequest_Lsa(
NTSTATUS Ipc_CheckPortRequest_LsaEP(
PROCESS* proc, OBJECT_NAME_INFORMATION* Name, PORT_MESSAGE* msg);
NTSTATUS Ipc_CheckPortRequest_Sam(
PROCESS* proc, OBJECT_NAME_INFORMATION* Name, PORT_MESSAGE* msg);
NTSTATUS Ipc_CheckPortRequest_PowerManagement(
PROCESS *proc, OBJECT_NAME_INFORMATION *Name, PORT_MESSAGE *msg);
@ -235,6 +239,8 @@ _FX NTSTATUS Ipc_CheckPortRequest(
status = Ipc_CheckPortRequest_Lsa(proc, Name, msg);
if (status == STATUS_BAD_INITIAL_PC)
status = Ipc_CheckPortRequest_LsaEP(proc, Name, msg);
if (status == STATUS_BAD_INITIAL_PC)
status = Ipc_CheckPortRequest_Sam(proc, Name, msg);
if (status == STATUS_BAD_INITIAL_PC)
status = Ipc_CheckPortRequest_PowerManagement(proc, Name, msg);
if (status == STATUS_BAD_INITIAL_PC)
@ -247,6 +253,14 @@ _FX NTSTATUS Ipc_CheckPortRequest(
//DbgPrint("Status <%08X> on Port <%*.*S>\n", status, Name->Name.Length/sizeof(WCHAR), Name->Name.Length/sizeof(WCHAR), Name->Name.Buffer);
//}
/*if (Session_MonitorCount)// && (proc->ipc_trace & (TRACE_ALLOW | TRACE_DENY)))
{
WCHAR msg_str[256];
swprintf(msg_str, L"CheckPortRequest, Status <%08X> on Port <%*.*s>\n", status, Name->Name.Length / sizeof(WCHAR), Name->Name.Length / sizeof(WCHAR), Name->Name.Buffer);
const WCHAR* strings[2] = { msg_str, NULL };
Session_MonitorPutEx(MONITOR_IPC, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
}*/
//
// finish
//

190
Sandboxie/core/drv/ipc_sam.c Normal file
View File

@ -0,0 +1,190 @@
/*
* Copyright 2021 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
//---------------------------------------------------------------------------
// Inter-Process Communication
//---------------------------------------------------------------------------
#include "ipc.h"
#include "obj.h"
#include "api.h"
#include "util.h"
#include "session.h"
//---------------------------------------------------------------------------
// Functions
//---------------------------------------------------------------------------
_FX BOOLEAN Ipc_Filter_Sam_Msg(PROCESS* proc, UCHAR uMsg);
//---------------------------------------------------------------------------
// Ipc_CheckPortRequest_Sam
//---------------------------------------------------------------------------
_FX NTSTATUS Ipc_CheckPortRequest_Sam(
PROCESS* proc, OBJECT_NAME_INFORMATION* Name, PORT_MESSAGE* msg)
{
NTSTATUS status;
if (proc->ipc_open_sam_endpoint)
return STATUS_BAD_INITIAL_PC;
if (Name->Name.Length == 22 * sizeof(WCHAR)) {
if (_wcsicmp(Name->Name.Buffer, L"\\RPC Control\\samss lpc") != 0)
return STATUS_BAD_INITIAL_PC;
}
else
return STATUS_BAD_INITIAL_PC;
//
// examine message
//
status = STATUS_SUCCESS;
__try {
ProbeForRead(msg, sizeof(PORT_MESSAGE), sizeof(ULONG_PTR));
if (Driver_OsVersion >= DRIVER_WINDOWS_7) {
ULONG len = msg->u1.s1.DataLength;
UCHAR* ptr = (UCHAR*)((UCHAR*)msg + sizeof(PORT_MESSAGE));
int i = 0;
int rc = -2;
ProbeForRead(ptr, len, sizeof(WCHAR));
if (Ipc_Filter_Sam_Msg(proc, ptr[20]))
status = STATUS_ACCESS_DENIED;
//DbgPrint("\\RPC Control\\samss lpc message ID: %d\n", (int)ptr[20]);
}
}
__except (EXCEPTION_EXECUTE_HANDLER) {
status = GetExceptionCode();
}
return status;
}
//---------------------------------------------------------------------------
// Ipc_Filter_Sam_Msg
//---------------------------------------------------------------------------
_FX BOOLEAN Ipc_Filter_Sam_Msg(PROCESS* proc, UCHAR uMsg)
{
BOOLEAN filter = FALSE;
switch (uMsg)
{
//case 0x00: //SamConnect
//case 0x01: //SamCloseHandle
case 0x02: //SamSetSecurityObject
//case 0x03: //SamQuerySecurityObject
//case 0x05: //SamLookupDomainInSamServer
//case 0x06: //SamEnumerateDomainsInSamServer
//case 0x07: //SamOpenDomain
//case 0x08: //SamQueryInformationDomain
case 0x09: //SamSetInformationDomain
case 0x0A: //SamCreateGroupInDomain
//case 0x0B: //SamEnumerateGroupsInDomain
case 0x0C: //SamCreateUserInDomain
//case 0x0D: //SamiEnumerateUsersInDomain
case 0x0E: //SamCreateAliasInDomain
//case 0x0F: //SamEnumerateAliasesInDomain
//case 0x10: //SamGetAliasMembership
//case 0x11: //SamiLookupNamesInDomain
//case 0x12: //SampLookupIdsInDomain
//case 0x13: //SamOpenGroup
//case 0x14: //SamQueryInformationGroup
case 0x15: //SamSetInformationGroup
case 0x17: //SamDeleteGroup
case 0x18: //SamRemoveMemberFromGroup
//case 0x19: //SamGetMembersInGroup
//case 0x1A: //SamSetMemberAttributesOfGroup
//case 0x1B: //SamOpenAlias
//case 0x1C: //SamQueryInformationAlias
case 0x1D: //SamSetInformationAlias
case 0x1E: //SamDeleteAlias
case 0x1F: //SamAddMemberToAlias
case 0x20: //SamRemoveMemberFromAlias
//case 0x21: //SamGetMembersInAlias
//case 0x22: //SamOpenUser
case 0x23: //SamDeleteUser
//case 0x24: //SamQueryInformationUser
case 0x25: //SamSetInformationUser
case 0x26: //SamiLmChangePasswordUser, SamiLmChangePasswordUser
//case 0x27: //SamGetGroupsForUser
//case 0x28: //SamQueryDisplayInformation
//case 0x29: //SamGetDisplayEnumerationIndex
//case 0x2C: //SampCheckPasswordRestrictions
case 0x2D: //SamRemoveMemberFromForeignDomain
//case 0x2E: //SamQueryInformationDomain
//case 0x30: //SamQueryDisplayInformation
//case 0x31: //SamGetDisplayEnumerationIndex
case 0x32: //SamCreateUser2InDomain
//case 0x33: //SamQueryDisplayInformation
case 0x35: //SamRemoveMultipleMembersFromAlias
case 0x37: //SamiChangePasswordUser2
case 0x38: //SamiChangePasswordUser2
//case 0x39: //SamConnect
case 0x3A: //SampSetInfoUserUseOldInfoClass
case 0x3B: //SamiSetBootKeyInformation
//case 0x3E: //SamConnect
//case 0x40: //SamConnect
//case 0x41: //SamRidToSid
case 0x42: //SampSetDSRMPassword
//case 0x43: //SamValidatePassword
//case 0x44: //SamQueryLocalizableAccountsInDomain
//case 0x45: //SamPerformGenericOperation
case 0x46: //SamiSyncDSRMPasswordFromAccount
//case 0x47: //SamiLookupNamesInDomain
//case 0x48: //SamiEnumerateUsersInDomain
//case 0xEF: //Unknown
filter = TRUE;
}
if (Session_MonitorCount && (proc->ipc_trace & (TRACE_ALLOW | TRACE_DENY))) {
USHORT mon_type = MONITOR_IPC;
if (filter && (proc->ipc_trace & TRACE_DENY))
mon_type |= MONITOR_DENY;
else if (!filter && (proc->ipc_trace & TRACE_ALLOW))
mon_type |= MONITOR_OPEN;
else
mon_type = 0;
if (mon_type) {
WCHAR msg_str[24];
swprintf(msg_str, L" Msg: %02X", (ULONG)uMsg);
const WCHAR* strings[3] = { L"\\RPC Control\\samss lpc", msg_str, NULL };
Session_MonitorPutEx(mon_type, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
}
}
return filter;
}

2
Sandboxie/core/drv/ipc_spl.c
View File

@ -312,7 +312,7 @@ _FX BOOLEAN Ipc_Filter_Spooler_Msg(PROCESS* proc, UCHAR uMsg)
WCHAR msg_str[24];
swprintf(msg_str, L" Msg: %02X", (ULONG)uMsg);
const WCHAR* strings[3] = { L"\\RPC Control\\spoolss", msg_str, NULL };
Session_MonitorPutEx(mon_type, strings, NULL, PsGetCurrentProcessId());
Session_MonitorPutEx(mon_type, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
}
}

2
Sandboxie/core/drv/log.c
View File

@ -337,6 +337,6 @@ _FX void Log_Debug_Msg(USHORT type, const WCHAR *string1, const WCHAR *string2)
if (Session_MonitorCount) {
const WCHAR* strings[4] = { string1, L" ", string2, NULL };
Session_MonitorPutEx(type, strings, NULL, PsGetCurrentProcessId());
Session_MonitorPutEx(type, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
}
}

2
Sandboxie/core/drv/process.h
View File

@ -136,6 +136,7 @@ struct _PROCESS {
BOOLEAN file_warn_internet;
BOOLEAN file_warn_direct_access;
BOOLEAN AllowInternetAccess;
BOOLEAN file_open_devapi_cmapi;
// key-related
@ -156,6 +157,7 @@ struct _PROCESS {
BOOLEAN ipc_warn_startrun;
BOOLEAN ipc_block_password;
BOOLEAN ipc_open_lsa_endpoint;
BOOLEAN ipc_open_sam_endpoint;
BOOLEAN ipc_allowSpoolerPrintToFile;
BOOLEAN ipc_openPrintSpooler;

50
Sandboxie/core/drv/session.c
View File

@ -579,7 +579,7 @@ _FX BOOLEAN Session_IsForceDisabled(ULONG SessionId)
_FX void Session_MonitorPut(USHORT type, const WCHAR *name, HANDLE pid)
{
const WCHAR* strings[2] = { name, NULL };
Session_MonitorPutEx(type, strings, NULL, pid);
Session_MonitorPutEx(type, strings, NULL, pid, PsGetCurrentThreadId());
}
@ -588,7 +588,7 @@ _FX void Session_MonitorPut(USHORT type, const WCHAR *name, HANDLE pid)
//---------------------------------------------------------------------------
_FX void Session_MonitorPutEx(USHORT type, const WCHAR** strings, ULONG* lengths, HANDLE pid)
_FX void Session_MonitorPutEx(USHORT type, const WCHAR** strings, ULONG* lengths, HANDLE pid, HANDLE tid)
{
SESSION *session;
KIRQL irql;
@ -600,17 +600,20 @@ _FX void Session_MonitorPutEx(USHORT type, const WCHAR** strings, ULONG* lengths
if (session->monitor_log && *strings[0]) {
ULONG64 pid64 = (ULONG64)pid;
ULONG64 tid64 = (ULONG64)tid;
SIZE_T data_len = 0;
for(int i=0; strings[i] != NULL; i++)
data_len += (lengths ? lengths [i] : wcslen(strings[i])) * sizeof(WCHAR);
//[Type 2][PID 8][Data n*2]
SIZE_T entry_size = 2 + 8 + data_len;
//[Type 2][PID 8][TID 8][Data n*2]
SIZE_T entry_size = 2 + 8 + 8 + data_len;
CHAR* write_ptr = log_buffer_push_entry((LOG_BUFFER_SIZE_T)entry_size, session->monitor_log);
if (write_ptr) {
log_buffer_push_bytes((CHAR*)&type, 2, &write_ptr, session->monitor_log);
log_buffer_push_bytes((CHAR*)&pid64, 8, &write_ptr, session->monitor_log);
log_buffer_push_bytes((CHAR*)&tid64, 8, &write_ptr, session->monitor_log);
// join strings seamlessly
for (int i = 0; strings[i] != NULL; i++)
@ -634,6 +637,7 @@ _FX NTSTATUS Session_Api_MonitorControl(PROCESS *proc, ULONG64 *parms)
API_MONITOR_CONTROL_ARGS *args = (API_MONITOR_CONTROL_ARGS *)parms;
ULONG *in_flag;
ULONG *out_flag;
ULONG *out_used;
SESSION *session;
KIRQL irql;
BOOLEAN EnableMonitor;
@ -657,6 +661,18 @@ _FX NTSTATUS Session_Api_MonitorControl(PROCESS *proc, ULONG64 *parms)
}
}
//out_used = args->get_used.val;
//if (out_used) {
// ProbeForWrite(out_used, sizeof(ULONG), sizeof(ULONG));
// *out_used = 0;
// session = Session_Get(FALSE, -1, &irql);
// if (session) {
// if (session->monitor_log)
// *out_used = (ULONG)session->monitor_log->buffer_used;
// Session_Unlock(irql);
// }
//}
//
// set status
//
@ -679,7 +695,14 @@ _FX NTSTATUS Session_Api_MonitorControl(PROCESS *proc, ULONG64 *parms)
if (EnableMonitor && (! session->monitor_log)) {
session->monitor_log = log_buffer_init(SESSION_MONITOR_BUF_SIZE * sizeof(WCHAR));
ULONG BuffSize = Conf_Get_Number(NULL, L"TraceBufferPages", 0, 256) * PAGE_SIZE;
session->monitor_log = log_buffer_init(BuffSize * sizeof(WCHAR));
if (!session->monitor_log) {
Log_Msg0(MSG_1201);
session->monitor_log = log_buffer_init(SESSION_MONITOR_BUF_SIZE * sizeof(WCHAR));
}
if (session->monitor_log) {
InterlockedIncrement(&Session_MonitorCount);
} else
@ -925,6 +948,7 @@ _FX NTSTATUS Session_Api_MonitorGetEx(PROCESS *proc, ULONG64 *parms)
ULONG *seq_num;
USHORT *log_type;
ULONG64 *log_pid;
ULONG64* log_tid;
ULONG log_len;
WCHAR *log_data;
SESSION *session;
@ -946,6 +970,10 @@ _FX NTSTATUS Session_Api_MonitorGetEx(PROCESS *proc, ULONG64 *parms)
if (log_pid != NULL)
ProbeForWrite(log_pid, sizeof(ULONG64), sizeof(ULONG64));
log_tid = args->log_tid.val;
if (log_tid != NULL)
ProbeForWrite(log_tid, sizeof(ULONG64), sizeof(ULONG64));
log_len = args->log_len.val / sizeof(WCHAR);
if (!log_len)
return STATUS_INVALID_PARAMETER;
@ -992,17 +1020,23 @@ _FX NTSTATUS Session_Api_MonitorGetEx(PROCESS *proc, ULONG64 *parms)
// __leave;
//}
//[Type 2][PID 8][Data n*2]
//[Type 2][PID 8][PID 8][Data n*2]
log_buffer_get_bytes((CHAR*)log_type, 2, &read_ptr, session->monitor_log);
ULONG64 pid64;
log_buffer_get_bytes((CHAR*)&pid64, 8, &read_ptr, session->monitor_log);
if (log_pid != NULL)
*log_pid = pid64;
ULONG64 tid64;
log_buffer_get_bytes((CHAR*)&tid64, 8, &read_ptr, session->monitor_log);
if (log_tid != NULL)
*log_tid = tid64;
log_len -= sizeof(WCHAR); // reserve room for the termination character
if (log_len > entry_size - (2 + 8))
log_len = entry_size - (2 + 8);
if (log_len > entry_size - (2 + 8 + 8))
log_len = entry_size - (2 + 8 + 8);
log_buffer_get_bytes((CHAR*)log_data, log_len, &read_ptr, session->monitor_log);
// add required termination character

2
Sandboxie/core/drv/session.h
View File

@ -44,7 +44,7 @@ BOOLEAN Session_IsForceDisabled(ULONG SessionId);
void Session_MonitorPut(USHORT type, const WCHAR *name, HANDLE pid);
void Session_MonitorPutEx(USHORT type, const WCHAR** strings, ULONG* lengths, HANDLE pid);
void Session_MonitorPutEx(USHORT type, const WCHAR** strings, ULONG* lengths, HANDLE pid, HANDLE tid);
//---------------------------------------------------------------------------

10
Sandboxie/core/drv/syscall.c
View File

@ -857,13 +857,12 @@ _FX NTSTATUS Syscall_Api_Invoke(PROCESS *proc, ULONG64 *parms)
if (hConnection)
{
WCHAR trace_str[128];
swprintf(trace_str, L"[syscall] t=%06d - %.*S, status = 0x%X, handle = %X; ", //59 chars + entry->name
PsGetCurrentThreadId(),
swprintf(trace_str, L"[syscall] %.*S, status = 0x%X, handle = %X; ", //59 chars + entry->name
max(strlen(entry->name), 64), entry->name,
status, hConnection);
const WCHAR* strings[3] = { trace_str, puStr ? puStr->Buffer : NULL, NULL };
ULONG lengths[3] = { wcslen(trace_str), puStr ? puStr->Length / 2 : 0, 0 };
Session_MonitorPutEx(MONITOR_IPC | MONITOR_TRACE, strings, lengths, PsGetCurrentProcessId());
Session_MonitorPutEx(MONITOR_IPC | MONITOR_TRACE, strings, lengths, PsGetCurrentProcessId(), PsGetCurrentThreadId());
traced = TRUE;
}
}
@ -871,12 +870,11 @@ _FX NTSTATUS Syscall_Api_Invoke(PROCESS *proc, ULONG64 *parms)
if (!traced && ((proc->call_trace & TRACE_ALLOW) || ((status != STATUS_SUCCESS) && (proc->call_trace & TRACE_DENY))))
{
WCHAR trace_str[128];
swprintf(trace_str, L"[syscall] t=%06d - %.*S, status = 0x%X", //59 chars + entry->name
PsGetCurrentThreadId(),
swprintf(trace_str, L"[syscall] %.*S, status = 0x%X", //59 chars + entry->name
max(strlen(entry->name), 64), entry->name,
status);
const WCHAR* strings[2] = { trace_str, NULL };
Session_MonitorPutEx(MONITOR_SYSCALL | MONITOR_TRACE, strings, NULL, PsGetCurrentProcessId());
Session_MonitorPutEx(MONITOR_SYSCALL | MONITOR_TRACE, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
}
#ifdef _WIN64

88
Sandboxie/core/drv/syscall_open.c
View File

@ -244,6 +244,51 @@ _FX NTSTATUS Syscall_OpenHandle(
}
}
PUNICODE_STRING puName = NULL;
__try {
if ((strcmp(syscall_entry->name, "ConnectPort") == 0) ||
(strcmp(syscall_entry->name, "AlpcConnectPort") == 0))
{
puName = (UNICODE_STRING*)user_args[1];
}
else if ((strcmp(syscall_entry->name, "CreateFile") == 0) ||
(strcmp(syscall_entry->name, "OpenFile") == 0))
{
POBJECT_ATTRIBUTES pObj = (POBJECT_ATTRIBUTES)user_args[2];
if (pObj && pObj->ObjectName)
{
puName = pObj->ObjectName;
ACCESS_MASK DesiredAccess = (ACCESS_MASK)user_args[1];
if(!Conf_Get_Boolean(proc->box->name, L"AllowRawDiskRead", 0, FALSE))
if (puName->Buffer != NULL && puName->Length > (4 * sizeof(WCHAR)) && wcsncmp(puName->Buffer, L"\\??\\", 4) == 0
&& (DesiredAccess & ~(SYNCHRONIZE | READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES)) != 0)
{
if ((puName->Length == (6 * sizeof(WCHAR)) && puName->Buffer[5] == L':') // \??\C:
|| wcsncmp(&puName->Buffer[4], L"PhysicalDrive", 13) == 0 // \??\PhysicalDrive1
|| wcsncmp(&puName->Buffer[4], L"Volume", 6) == 0) // \??\Volume{2b985816-4b6f-11ea-bd33-48a4725d5bbe}
{
WCHAR access_str[24];
swprintf(access_str, L"(DD) %08X", DesiredAccess);
Log_Debug_Msg(MONITOR_DRIVE | MONITOR_DENY, access_str, puName->Buffer);
if (proc->file_warn_direct_access) {
//Log_MsgP1(MSG_BLOCKED_DIRECT_DISK_ACCESS, proc->image_name, proc->pid);
Process_LogMessage(proc, MSG_BLOCKED_DIRECT_DISK_ACCESS);
}
return STATUS_ACCESS_DENIED;
}
}
}
}
}
__except (EXCEPTION_EXECUTE_HANDLER) {}
//
// replace the address of the handle in the user stack
//
@ -294,15 +339,7 @@ _FX NTSTATUS Syscall_OpenHandle(
status = ObReferenceObjectByHandle(
NewHandle, 0, NULL, UserMode, &OpenedObject, &HandleInfo);
if (NT_SUCCESS(status)) {
PUNICODE_STRING puName = NULL;
if ((strcmp(syscall_entry->name, "ConnectPort") == 0) ||
(strcmp(syscall_entry->name, "AlpcConnectPort") == 0))
{
puName = (UNICODE_STRING*)user_args[1];
}
if (NT_SUCCESS(status)) {
//
// check the access that was granted to the object
@ -373,39 +410,9 @@ _FX NTSTATUS Syscall_GetNextProcess(
// Syscall_DeviceIoControlFile
//---------------------------------------------------------------------------
#define FUNCTION_FROM_CTL_CODE(ctrlCode) (((ULONG)(ctrlCode & 0x3f)) >> 2)
_FX NTSTATUS Syscall_DeviceIoControlFile(
PROCESS *proc, SYSCALL_ENTRY *syscall_entry, ULONG_PTR *user_args)
{
// filter out dangerous driver calls
#include "file_ctrl.c"
if (DEVICE_TYPE_FROM_CTL_CODE(user_args[5]) == 0x6d) //MOUNTMGRCONTROLTYPE 'm' \Device\MountPointManager
{
ULONG function;
function = FUNCTION_FROM_CTL_CODE(user_args[5]);
//DbgPrint("DeviceIoContoleFile, func = %d, p=%06d t=%06d, %S\n", function, PsGetCurrentProcessId(), PsGetCurrentThreadId(), proc->image_name);
if (function == 0 || // IOCTL_MOUNTMGR_CREATE_POINT
function == 1 || // IOCTL_MOUNTMGR_DELETE_POINTS (DeleteVolumeMountPoint())
function == 3 || // IOCTL_MOUNTMGR_DELETE_POINTS_DBONLY
function == 6 || // IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED
function == 7 || // IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED
function == 9) // IOCTL_MOUNTMGR_KEEP_LINKS_WHEN_OFFLINE
return STATUS_ACCESS_DENIED;
}
return NtDeviceIoControlFile(
(HANDLE)user_args[0], // FileHandle
(HANDLE)user_args[1], // Event
(PIO_APC_ROUTINE)user_args[2], // ApcRoutine
(PVOID)user_args[3], // ApcContext
(PIO_STATUS_BLOCK)user_args[4], // IoStatusBlock
(ULONG)user_args[5], // IoControlCode
(PVOID)user_args[6], // InputBuffer
(ULONG)user_args[7], // InputBufferLength
(PVOID)user_args[8], // OutBuffer
(ULONG)user_args[9]); // OutputBufferLength
}
//---------------------------------------------------------------------------
// Syscall_DuplicateHandle
@ -423,7 +430,6 @@ _FX NTSTATUS Syscall_DuplicateHandle(
HANDLE NewHandle;
void *TargetProcessObject;
//
// if there is a target process handle, keep a record of the
// associated process object so we can check it later

2
Sandboxie/core/svc/EpMapperServer.cpp
View File

@ -184,7 +184,7 @@ MSG_HEADER *EpMapperServer::EpmapperGetPortNameHandler(MSG_HEADER *msg)
{
//
// Note: it seams that chrome.exe resolves GAME_CONFIG_STORE_PORT in one process and accesses from an other
// so since here we onlyonly a fre non critical ports we will use PID 0 to open it gloally
// so since here we only open non critical ports we will use PID 0 to open them globally
// instead of only for the one process. Todo: make it per sandbox instead
//

2
Sandboxie/core/svc/sbieiniserver.cpp
View File

@ -1736,6 +1736,8 @@ MSG_HEADER *SbieIniServer::RunSbieCtrl(HANDLE idProcess, bool isSandboxed)
WCHAR *args;
if (isSandboxed)
args = NULL;
else if (*ctrlName)
args = L" -autorun";
else
args = L" /open /sync";

BIN
Sandboxie/install/Templates.ini
View File

Binary file not shown.

4
Sandboxie/msgs/Sbie-English-1033.txt
View File

@ -1223,6 +1223,10 @@ Allow direct access to Windows Font Cache
Allow direct access to qWave driver (Google Hangouts)
.
3460;txt;01
Function hooking customizations
.
3461;txt;01
&Run Sandboxed
.

47
SandboxiePlus/MiscHelpers/Common/Finder.cpp
View File

@ -21,7 +21,7 @@ CFinder::CFinder(QObject* pFilterTarget, QWidget *parent, bool HighLightOption)
:QWidget(parent)
{
m_pSearchLayout = new QHBoxLayout();
m_pSearchLayout->setMargin(3);
m_pSearchLayout->setMargin(0);
m_pSearchLayout->setSpacing(3);
m_pSearchLayout->setAlignment(Qt::AlignLeft);
@ -29,8 +29,8 @@ CFinder::CFinder(QObject* pFilterTarget, QWidget *parent, bool HighLightOption)
m_pSearch->setMinimumWidth(150);
m_pSearch->setMaximumWidth(350);
m_pSearchLayout->addWidget(m_pSearch);
QObject::connect(m_pSearch, SIGNAL(textChanged(QString)), this, SLOT(OnUpdate()));
//QObject::connect(m_pSearch, SIGNAL(returnPressed()), this, SLOT(_q_next()));
QObject::connect(m_pSearch, SIGNAL(textChanged(QString)), this, SLOT(OnText()));
QObject::connect(m_pSearch, SIGNAL(returnPressed()), this, SLOT(OnReturn()));
m_pCaseSensitive = new QCheckBox(tr("Case Sensitive"));
m_pSearchLayout->addWidget(m_pCaseSensitive);
@ -48,6 +48,7 @@ CFinder::CFinder(QObject* pFilterTarget, QWidget *parent, bool HighLightOption)
if (HighLightOption)
{
m_pHighLight = new QCheckBox(tr("Highlight"));
m_pHighLight->setChecked(true);
m_pSearchLayout->addWidget(m_pHighLight);
connect(m_pHighLight, SIGNAL(stateChanged(int)), this, SLOT(OnUpdate()));
}
@ -67,7 +68,9 @@ CFinder::CFinder(QObject* pFilterTarget, QWidget *parent, bool HighLightOption)
setLayout(m_pSearchLayout);
setMaximumHeight(30);
setSizePolicy(QSizePolicy::Expanding, QSizePolicy::Fixed);
//setMaximumHeight(30);
hide();
@ -81,14 +84,34 @@ CFinder::CFinder(QObject* pFilterTarget, QWidget *parent, bool HighLightOption)
}
m_pSortProxy = qobject_cast<QSortFilterProxyModel*>(pFilterTarget);
if (pFilterTarget)
if (pFilterTarget) {
QObject::connect(this, SIGNAL(SetFilter(const QRegExp&, bool, int)), pFilterTarget, SLOT(SetFilter(const QRegExp&, bool, int)));
QObject::connect(this, SIGNAL(SelectNext()), pFilterTarget, SLOT(SelectNext()));
}
m_pTimer = new QTimer(this);
m_pTimer->setSingleShot(true);
m_pTimer->setInterval(500);
connect(m_pTimer, SIGNAL(timeout()), SLOT(OnUpdate()));
this->installEventFilter(this);
}
CFinder::~CFinder()
{
}
bool CFinder::eventFilter(QObject* source, QEvent* event)
{
if (event->type() == QEvent::KeyPress && ((QKeyEvent*)event)->key() == Qt::Key_Escape
&& ((QKeyEvent*)event)->modifiers() == Qt::NoModifier)
{
Close();
return true; // cancel event
}
return QWidget::eventFilter(source, event);
}
void CFinder::Open()
{
@ -115,9 +138,23 @@ QRegExp CFinder::GetRegExp() const
void CFinder::OnUpdate()
{
m_pTimer->stop();
emit SetFilter(GetRegExp(), GetHighLight(), GetColumn());
}
void CFinder::OnText()
{
m_pTimer->stop();
m_pTimer->start();
}
void CFinder::OnReturn()
{
OnUpdate();
if (m_pHighLight->isChecked())
emit SelectNext();
}
void CFinder::Close()
{
emit SetFilter(QRegExp());

12
SandboxiePlus/MiscHelpers/Common/Finder.h
View File

@ -18,12 +18,20 @@ public:
signals:
void SetFilter(const QRegExp& Exp, bool bHighLight = false, int Column = -1);
void SelectNext();
public slots:
void Open();
void OnUpdate();
void Close();
private slots:
void OnUpdate();
void OnText();
void OnReturn();
protected:
bool eventFilter(QObject* source, QEvent* event);
private:
QHBoxLayout* m_pSearchLayout;
@ -35,4 +43,6 @@ private:
QCheckBox* m_pHighLight;
QSortFilterProxyModel* m_pSortProxy;
QTimer* m_pTimer;
};

2
SandboxiePlus/MiscHelpers/Common/PanelView.h
View File

@ -152,6 +152,8 @@ public:
m_pSortProxy->setDynamicSortFilter(true);
m_pTreeList->setModel(m_pSortProxy);
((CSortFilterProxyModel*)m_pSortProxy)->setView(m_pTreeList);
m_pTreeList->setSelectionMode(QAbstractItemView::ExtendedSelection);
#ifdef WIN32

123
SandboxiePlus/MiscHelpers/Common/SortFilterProxyModel.h
View File

@ -1,6 +1,8 @@
#pragma once
#include "../mischelpers_global.h"
#include <QSortFilterProxyModel>
#include <QTreeView>
class MISCHELPERS_EXPORT CSortFilterProxyModel: public QSortFilterProxyModel
{
@ -11,10 +13,17 @@ public:
{
m_bAlternate = bAlternate;
m_bHighLight = false;
m_iColumn = 0;
m_pView = NULL;
this->setSortCaseSensitivity(Qt::CaseInsensitive);
}
void setView(QTreeView* pView)
{
m_pView = pView;
}
bool filterAcceptsRow(int source_row, const QModelIndex & source_parent) const
{
if (m_bHighLight)
@ -73,12 +82,126 @@ public:
public slots:
void SetFilter(const QRegExp& Exp, bool bHighLight = false, int Col = -1) // -1 = any
{
QModelIndex idx;
if (m_pView) idx = m_pView->currentIndex();
m_iColumn = Col;
m_bHighLight = bHighLight;
setFilterKeyColumn(Col);
setFilterRegExp(Exp);
if (m_pView) m_pView->setCurrentIndex(idx);
if (m_bHighLight)
emit layoutChanged();
}
void SelectNext()
{
if (!m_pView)
return;
bool next = true;
QModelIndex idx = m_pView->currentIndex();
if (!(next = idx.isValid()))
idx = index(0, 0);
//if (QApplication::keyboardModifiers() & Qt::ControlModifier)
if (QApplication::keyboardModifiers() & Qt::ShiftModifier)
idx = FindPrev(idx, next);
else
idx = FindNext(idx, next);
if (idx.isValid())
m_pView->setCurrentIndex(idx);
else
QApplication::beep();
}
protected:
bool m_bAlternate;
bool m_bHighLight;
int m_iColumn;
QTreeView* m_pView;
bool MatchCell(QModelIndex idx, int column)
{
QModelIndex tmp = idx.sibling(idx.row(), column);
QString str = data(tmp, filterRole()).toString();
if (str.contains(filterRegExp()))
return true;
return false;
}
bool MatchRow(QModelIndex idx)
{
if (m_iColumn != -1)
return MatchCell(idx, m_iColumn);
for(int col = 0; col < columnCount(idx); col++) {
if (MatchCell(idx, col))
return true;
}
return false;
}
QModelIndex FindNext(QModelIndex idx, bool next = false)
{
if (MatchRow(idx) && !next)
return idx;
if (hasChildren(idx))
{
int numRows = rowCount(idx);
for (int count = 0; count < numRows; count++) {
QModelIndex tmp = FindNext(index(count, 0, idx));
if (tmp.isValid())
return tmp;
}
}
do {
QModelIndex par = parent(idx);
int numRows = rowCount(par);
for (int count = idx.row() + 1; count < numRows; count++) {
QModelIndex tmp = FindNext(index(count, 0, par));
if (tmp.isValid())
return tmp;
}
idx = par;
} while (idx.isValid());
return QModelIndex();
}
QModelIndex FindPrev(QModelIndex idx, bool next = false)
{
if (MatchRow(idx) && !next)
return idx;
if (hasChildren(idx))
{
int numRows = rowCount(idx);
for (int count = numRows-1; count >= 0; count++) {
QModelIndex tmp = FindNext(index(count, 0, idx));
if (tmp.isValid())
return tmp;
}
}
do {
QModelIndex par = parent(idx);
int numRows = rowCount(par);
for (int count = idx.row() - 1; count >= 0; count--) {
QModelIndex tmp = FindNext(index(count, 0, par));
if (tmp.isValid())
return tmp;
}
idx = par;
} while (idx.isValid());
return QModelIndex();
}
};

2
SandboxiePlus/QSbieAPI/QSbieAPI.vcxproj
View File

@ -196,6 +196,7 @@
<ClCompile Include="Sandboxie\SbieIni.cpp" />
<ClCompile Include="Sandboxie\SbieTemplates.cpp" />
<ClCompile Include="SbieAPI.cpp" />
<ClCompile Include="SbieTrace.cpp" />
<ClCompile Include="SbieUtils.cpp" />
<ClCompile Include="stdafx.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
@ -217,6 +218,7 @@
<ClInclude Include="resource.h" />
<ClInclude Include="SbieDefs.h" />
<QtMoc Include="SbieStatus.h" />
<ClInclude Include="SbieTrace.h" />
<ClInclude Include="SbieUtils.h" />
<ClInclude Include="stdafx.h" />
</ItemGroup>

6
SandboxiePlus/QSbieAPI/QSbieAPI.vcxproj.filters
View File

@ -57,6 +57,9 @@
<ClCompile Include="Helpers\NtIO.cpp">
<Filter>Helpers</Filter>
</ClCompile>
<ClCompile Include="SbieTrace.cpp">
<Filter>SbieAPI</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="stdafx.h">
@ -77,6 +80,9 @@
<ClInclude Include="resource.h">
<Filter>Resource Files</Filter>
</ClInclude>
<ClInclude Include="SbieTrace.h">
<Filter>SbieAPI</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ClInclude Include="qsbieapi_global.h">

8
SandboxiePlus/QSbieAPI/Sandboxie/SandBox.cpp
View File

@ -81,7 +81,7 @@ CSandBox::CSandBox(const QString& BoxName, class CSbieAPI* pAPI) : CSbieIni(BoxN
if (cfglvl < 8)
{
// templates L8
InsertText("Template", "FileCppy");
InsertText("Template", "FileCopy");
InsertText("Template", "SkipHook");
}
@ -96,9 +96,9 @@ void CSandBox::UpdateDetails()
{
}
SB_STATUS CSandBox::RunStart(const QString& Command)
SB_STATUS CSandBox::RunStart(const QString& Command, bool Elevated)
{
return m_pAPI->RunStart(m_Name, Command);
return m_pAPI->RunStart(m_Name, Command, NULL, Elevated);
}
SB_STATUS CSandBox::RunSandboxed(const QString& Command)
@ -111,7 +111,7 @@ SB_STATUS CSandBox::TerminateAll()
return m_pAPI->TerminateAll(m_Name);
}
bool CSandBox::IsEmpty()
bool CSandBox::IsEmpty() const
{
return !QDir(m_FilePath).exists();
}

6
SandboxiePlus/QSbieAPI/Sandboxie/SandBox.h
View File

@ -50,15 +50,15 @@ public:
virtual int GetActiveProcessCount() const { return m_ActiveProcessCount; }
virtual SB_STATUS RunStart(const QString& Command);
virtual SB_STATUS RunStart(const QString& Command, bool Elevated = false);
virtual SB_STATUS RunSandboxed(const QString& Command);
virtual SB_STATUS TerminateAll();
virtual void CloseBox() {}
virtual bool IsEnabled() { return m_IsEnabled; }
virtual bool IsEnabled() const { return m_IsEnabled; }
virtual bool IsEmpty();
virtual bool IsEmpty() const;
virtual SB_PROGRESS CleanBox();
virtual SB_STATUS RenameBox(const QString& NewName);
virtual SB_STATUS RemoveBox();

139
SandboxiePlus/QSbieAPI/SbieAPI.cpp
View File

@ -900,12 +900,12 @@ QString CSbieAPI::GetUserSection() const
return UserSection;
}
SB_STATUS CSbieAPI::RunStart(const QString& BoxName, const QString& Command, QProcess* pProcess)
SB_STATUS CSbieAPI::RunStart(const QString& BoxName, const QString& Command, QProcess* pProcess, bool Elevated)
{
if (m_SbiePath.isEmpty())
return SB_ERR(SB_PathFail);
QString StartCmd = "\"" + GetStartPath() + "\" /box:" + BoxName + " " + Command;
QString StartCmd = "\"" + GetStartPath() + "\"" + (Elevated ? " /elevated" : "" ) + " /box:" + BoxName + " " + Command;
if (pProcess)
pProcess->start(StartCmd);
else
@ -1864,6 +1864,8 @@ bool CSbieAPI::AreForceProcessDisabled()
SB_STATUS CSbieAPI__MonitorControl(SSbieAPI* m, ULONG *NewState, ULONG *OldState)
{
//ULONG Used = 0;
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_MONITOR_CONTROL_ARGS* args = (API_MONITOR_CONTROL_ARGS*)parms;
@ -1871,10 +1873,14 @@ SB_STATUS CSbieAPI__MonitorControl(SSbieAPI* m, ULONG *NewState, ULONG *OldState
args->func_code = API_MONITOR_CONTROL;
args->set_flag.val = NewState;
args->get_flag.val = OldState;
//args->get_used.val = &Used;
NTSTATUS status = m->IoControl(parms);
if (!NT_SUCCESS(status))
return SB_ERR(status);
//qDebug() << "used bytes" << (quint32)Used;
return SB_OK;
}
@ -1896,7 +1902,8 @@ bool CSbieAPI::GetMonitor()
const int max_len = 1024;
USHORT type;
ULONG64 pid;
ULONG64 pid = 0;
ULONG64 tid = 0;
WCHAR data[max_len + 1] = { 0 };
ULONG RecordNum = m->lastRecordNum;
@ -1906,9 +1913,10 @@ bool CSbieAPI::GetMonitor()
memset(parms, 0, sizeof(parms));
args->func_code = API_MONITOR_GET_EX;
args->log_seq.val = &RecordNum;
args->log_seq.val = &RecordNum; // set this to NULL for record clearing
args->log_type.val = &type;
args->log_pid.val = &pid;
args->log_tid.val = &tid;
args->log_len.val = max_len * sizeof(WCHAR);
args->log_ptr.val = data;
@ -1936,17 +1944,24 @@ bool CSbieAPI::GetMonitor()
return true;
}
CResLogEntryPtr LogEntry = CResLogEntryPtr(new CResLogEntry(pid, type, Data));
CTraceEntryPtr LogEntry = CTraceEntryPtr(new CTraceEntry(pid, tid, type, Data));
AddTraceEntry(LogEntry, true);
QWriteLocker Lock(&m_ResLogMutex);
if (!m_ResLogList.isEmpty() && m_ResLogList.last()->Equals(LogEntry)) {
m_ResLogList.last()->Merge(LogEntry);
return true;
}
m_ResLogList.append(LogEntry);
return true;
}
void CSbieAPI::AddTraceEntry(const CTraceEntryPtr& LogEntry, bool bCanMerge)
{
QWriteLocker Lock(&m_TraceMutex);
if (bCanMerge && !m_TraceList.isEmpty() && m_TraceList.last()->Equals(LogEntry)) {
m_TraceList.last()->Merge(LogEntry);
return;
}
m_TraceList.append(LogEntry);
}
///////////////////////////////////////////////////////////////////////////////
// Other
//
@ -1961,105 +1976,3 @@ QString CSbieAPI::GetSbieMsgStr(quint32 code, quint32 Lang)
LocalFree(ret_str);
return qStr.trimmed(); // note messages may have \r\n at the end
}
///////////////////////////////////////////////////////////////////////////////
//
//
QString ErrorString(qint32 err)
{
QString Error;
HMODULE handle = NULL; //err < 0 ? GetModuleHandle(L"NTDLL.DLL") : NULL;
DWORD flags = 0; //err < 0 ? FORMAT_MESSAGE_FROM_HMODULE : 0;
LPTSTR s;
if (::FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | flags, handle, err, 0, (LPTSTR)&s, 0, NULL) > 0)
{
LPTSTR p = wcschr(s, L'\r');
if (p != NULL) *p = L'\0';
Error = QString::fromWCharArray(s);
::LocalFree(s);
}
return Error;
}
CResLogEntry::CResLogEntry(quint32 ProcessId, quint32 Type, const QString& Value)
{
m_ProcessId = ProcessId;
m_Name = Value;
m_Type.Flags = Type;
m_TimeStamp = QDateTime::currentDateTime(); // ms resolution
m_Counter = 0;
// if this is a set error, then get the actual error string
if (m_Type.Type == MONITOR_OTHER && Value.indexOf("SetError:") == 0)
{
auto tmp = Value.split(":");
if (tmp.length() >= 2)
{
qint32 errCode = tmp[1].trimmed().toInt();
QString Error = ErrorString(errCode);
if(!Error.isEmpty())
m_Name += " (" + Error + ")";
}
}
static atomic<quint64> uid = 0;
m_uid = uid.fetch_add(1);
}
QString CResLogEntry::GetTypeStr() const
{
switch (m_Type.Type)
{
case MONITOR_SYSCALL: return "SysCall";
case MONITOR_PIPE: return "Pipe";
case MONITOR_IPC: return "Ipc";
case MONITOR_WINCLASS: return "WinClass";
case MONITOR_DRIVE: return "Drive";
case MONITOR_COMCLASS: return "ComClass";
case MONITOR_IGNORE: return "Ignore";
case MONITOR_IMAGE: return "Image";
case MONITOR_FILE: return "File";
case MONITOR_KEY: return "Key";
case MONITOR_OTHER: return "Debug";
default: return "Unknown: " + QString::number(m_Type.Type);
}
}
QString CResLogEntry::GetStautsStr() const
{
QString Status;
if (m_Type.Open)
Status.append("Open ");
if (m_Type.Deny)
Status.append("Closed ");
if (m_Type.Trace)
Status.append("Trace ");
if (m_Counter > 1)
Status.append(QString("(%1)").arg(m_Counter));
return Status;
}
///////////////////////////////////////////////////////////////////////////////
//
//
QString GetLastErrorAsString()
{
DWORD errorMessageID = ::GetLastError();
if (errorMessageID == 0)
return QString();
char* messageBuffer = NULL;
FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, errorMessageID, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPSTR)&messageBuffer, 0, NULL);
QString message(messageBuffer);
LocalFree(messageBuffer);
return message;
}

61
SandboxiePlus/QSbieAPI/SbieAPI.h
View File

@ -24,57 +24,11 @@
#include "SbieStatus.h"
#include "SbieTrace.h"
#include "./Sandboxie/SandBox.h"
#include "./Sandboxie/BoxedProcess.h"
class QSBIEAPI_EXPORT CResLogEntry : public QSharedData
{
public:
CResLogEntry(quint32 ProcessId, quint32 Type, const QString& Value);
quint32 GetProcessId() const { return m_ProcessId; }
QDateTime GetTimeStamp() const { return m_TimeStamp; }
quint16 GetType() const { return m_Type.Flags; }
QString GetValue() const { return m_Name; }
QString GetTypeStr() const;
QString GetStautsStr() const;
int GetCount() const { return m_Counter; }
bool Equals(const QSharedDataPointer<CResLogEntry>& pOther) const {
return pOther->m_ProcessId == this->m_ProcessId
//&& pOther->m_Type.Flags == this->m_Type.Flags
&& pOther->m_Name == this->m_Name;
}
void Merge(const QSharedDataPointer<CResLogEntry>& pOther) { m_Counter++; this->m_Type.Flags |= pOther->m_Type.Flags; }
quint64 GetUID() const { return m_uid; }
protected:
QString m_Name;
quint32 m_ProcessId;
QDateTime m_TimeStamp;
union
{
quint16 Flags;
struct
{
quint16
Type : 12,
Open : 1,
Deny : 1,
Reserved : 1,
Trace : 1;
};
} m_Type;
int m_Counter;
quint64 m_uid;
};
typedef QSharedDataPointer<CResLogEntry> CResLogEntryPtr;
class QSBIEAPI_EXPORT CSbieAPI : public QThread
{
@ -153,13 +107,14 @@ public:
virtual SB_STATUS EnableMonitor(bool Enable);
virtual bool IsMonitoring();
virtual QList<CResLogEntryPtr> GetResLog() const { QReadLocker Lock(&m_ResLogMutex); return m_ResLogList; }
virtual void ClearResLog() { QWriteLocker Lock(&m_ResLogMutex); m_ResLogList.clear(); }
virtual void AddTraceEntry(const CTraceEntryPtr& LogEntry, bool bCanMerge = false);
virtual QList<CTraceEntryPtr> GetTrace() const { QReadLocker Lock(&m_TraceMutex); return m_TraceList; }
virtual void ClearTrace() { QWriteLocker Lock(&m_TraceMutex); m_TraceList.clear(); }
// Other
virtual QString GetSbieMsgStr(quint32 code, quint32 Lang = 1033);
virtual SB_STATUS RunStart(const QString& BoxName, const QString& Command, QProcess* pProcess = NULL);
virtual SB_STATUS RunStart(const QString& BoxName, const QString& Command, QProcess* pProcess = NULL, bool Elevated = false);
virtual QString GetStartPath() const;
enum ESbieQueuedRequests
@ -225,8 +180,8 @@ protected:
QMap<QString, CSandBoxPtr> m_SandBoxes;
QMap<quint32, CBoxedProcessPtr> m_BoxedProxesses;
mutable QReadWriteLock m_ResLogMutex;
QList<CResLogEntryPtr> m_ResLogList;
mutable QReadWriteLock m_TraceMutex;
QList<CTraceEntryPtr> m_TraceList;
mutable QReadWriteLock m_DriveLettersMutex;
QMap<QString, QString> m_DriveLetters;

151
SandboxiePlus/QSbieAPI/SbieTrace.cpp Normal file
View File

@ -0,0 +1,151 @@
/*
*
* Copyright (c) 2020, David Xanatos
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "stdafx.h"
#include <QDebug>
#include <QStandardPaths>
#include "SbieTrace.h"
#include <ntstatus.h>
#define WIN32_NO_STATUS
typedef long NTSTATUS;
#include <windows.h>
#include "SbieDefs.h"
#include "..\..\Sandboxie\common\win32_ntddk.h"
#include "..\..\Sandboxie\core\drv\api_defs.h"
#include "..\..\Sandboxie\core\svc\msgids.h"
#include "..\..\Sandboxie\core\svc\ProcessWire.h"
#include "..\..\Sandboxie\core\svc\sbieiniwire.h"
#include "..\..\Sandboxie\core\svc\QueueWire.h"
#include "..\..\Sandboxie\core\svc\InteractiveWire.h"
///////////////////////////////////////////////////////////////////////////////
//
//
QString ErrorString(qint32 err)
{
QString Error;
HMODULE handle = NULL; //err < 0 ? GetModuleHandle(L"NTDLL.DLL") : NULL;
DWORD flags = 0; //err < 0 ? FORMAT_MESSAGE_FROM_HMODULE : 0;
LPTSTR s;
if (::FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | flags, handle, err, 0, (LPTSTR)&s, 0, NULL) > 0)
{
LPTSTR p = wcschr(s, L'\r');
if (p != NULL) *p = L'\0';
Error = QString::fromWCharArray(s);
::LocalFree(s);
}
return Error;
}
CTraceEntry::CTraceEntry(quint32 ProcessId, quint32 ThreadId, quint32 Type, const QString& Message)
{
m_ProcessId = ProcessId;
m_ThreadId = ThreadId;
m_Message = Message;
m_Type.Flags = Type;
m_TimeStamp = QDateTime::currentDateTime(); // ms resolution
static atomic<quint64> uid = 0;
m_uid = uid.fetch_add(1);
m_Counter = 0;
m_Message = m_Message.replace("\r", "").replace("\n", " ");
// if this is a set error, then get the actual error string
if (m_Type.Type == MONITOR_OTHER && Message.indexOf("SetError:") == 0)
{
auto tmp = Message.split(":");
if (tmp.length() >= 2)
{
QString temp = tmp[1].trimmed();
int endPos = temp.indexOf(QRegExp("[ \r\n]"));
if (endPos != -1)
temp.truncate(endPos);
qint32 errCode = temp.toInt();
QString Error = ErrorString(errCode);
if (!Error.isEmpty())
m_Message += " (" + Error + ")";
}
}
}
QString CTraceEntry::GetTypeStr() const
{
switch (m_Type.Type)
{
case MONITOR_APICALL: return "ApiCall";
case MONITOR_SYSCALL: return "SysCall";
case MONITOR_PIPE: return "Pipe";
case MONITOR_IPC: return "Ipc";
case MONITOR_WINCLASS: return "WinClass";
case MONITOR_DRIVE: return "Drive";
case MONITOR_COMCLASS: return "ComClass";
case MONITOR_IGNORE: return "Ignore";
case MONITOR_IMAGE: return "Image";
case MONITOR_FILE: return "File";
case MONITOR_KEY: return "Key";
case MONITOR_OTHER: return "Debug";
default: return "Unknown: " + QString::number(m_Type.Type);
}
}
QString CTraceEntry::GetStautsStr() const
{
QString Status;
if (m_Type.Open)
Status.append("Open ");
if (m_Type.Deny)
Status.append("Closed ");
if (m_Type.Trace)
Status.append("Trace ");
if (m_Counter > 1)
Status.append(QString("(%1)").arg(m_Counter));
return Status;
}
///////////////////////////////////////////////////////////////////////////////
//
//
QString GetLastErrorAsString()
{
DWORD errorMessageID = ::GetLastError();
if (errorMessageID == 0)
return QString();
char* messageBuffer = NULL;
FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, errorMessageID, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPSTR)&messageBuffer, 0, NULL);
QString message(messageBuffer);
LocalFree(messageBuffer);
return message;
}

79
SandboxiePlus/QSbieAPI/SbieTrace.h Normal file
View File

@ -0,0 +1,79 @@
/*
*
* Copyright (c) 2020, David Xanatos
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <QThread>
#include "qsbieapi_global.h"
#include "SbieStatus.h"
#define MONITOR_APICALL 0x000A
class QSBIEAPI_EXPORT CTraceEntry : public QSharedData
{
public:
CTraceEntry(quint32 ProcessId, quint32 ThreadId, quint32 Type, const QString& Message);
virtual QString GetMessage() const { return m_Message; }
virtual quint32 GetProcessId() const { return m_ProcessId; }
virtual quint32 GetThreadId() const { return m_ThreadId; }
virtual QDateTime GetTimeStamp() const { return m_TimeStamp; }
virtual quint16 GetType() const { return m_Type.Flags; }
virtual QString GetTypeStr() const;
virtual QString GetStautsStr() const;
virtual int GetCount() const { return m_Counter; }
virtual bool Equals(const QSharedDataPointer<CTraceEntry>& pOther) const {
return pOther->m_ProcessId == this->m_ProcessId && pOther->m_ThreadId == this->m_ThreadId
&& pOther->m_Message == this->m_Message;
}
virtual void Merge(const QSharedDataPointer<CTraceEntry>& pOther) {
m_Counter++; this->m_Type.Flags |= pOther->m_Type.Flags;
}
quint64 GetUID() const { return m_uid; }
protected:
QString m_Message;
quint32 m_ProcessId;
quint32 m_ThreadId;
QDateTime m_TimeStamp;
union
{
quint16 Flags;
struct
{
quint16
Type : 12,
Open : 1,
Deny : 1,
Reserved : 1,
Trace : 1;
};
} m_Type;
quint64 m_uid;
int m_Counter;
};
typedef QSharedDataPointer<CTraceEntry> CTraceEntryPtr;

103
SandboxiePlus/SandMan/ApiLog.cpp
View File

@ -1,103 +0,0 @@
#include "stdafx.h"
#include "ApiLog.h"
#include <Windows.h>
CApiLogEntry::CApiLogEntry(quint64 ProcessId, const QString& Message)
{
m_ProcessId = ProcessId;
m_Message = Message;
m_TimeStamp = QDateTime::currentDateTime(); // ms resolution
static atomic<quint64> uid = 0;
m_uid = uid.fetch_add(1);
}
///////////////////////////////////////////////////////////////////////////////
//
//
CApiLog::CApiLog(QObject* parent) : QThread(parent)
{
m_pServer = NULL;
start();
}
CApiLog::~CApiLog()
{
quit();
if (!wait(10 * 1000))
terminate();
}
void CApiLog::run()
{
qDebug() << "LogAPI server started";
m_pServer = new CApiLogServer();
QThread::run(); // run messge loop
m_pServer->deleteLater();
qDebug() << "LogAPI server stopped";
}
/////////////////////////////////////////////////////////////////////////////////////
//
CApiLogServer::CApiLogServer()
{
m_pServer = new QLocalServer(this);
m_pServer->setSocketOptions(QLocalServer::WorldAccessOption);
if (!m_pServer->listen("LogAPI")) {
qDebug() << "Not able to open Server Pipe";
return;
}
connect(m_pServer, SIGNAL(newConnection()), this, SLOT(OnPipe()));
m_pApiLog = qobject_cast<CApiLog*>(thread());
}
void CApiLogServer::OnPipe()
{
QLocalSocket *pSocket = m_pServer->nextPendingConnection();
connect(pSocket, SIGNAL(readyRead()), this, SLOT(OnData()));
connect(pSocket, SIGNAL(disconnected()), this, SLOT(OnClose()));
ULONG ClientProcessId = 0;
GetNamedPipeClientProcessId((HANDLE)pSocket->socketDescriptor(), &ClientProcessId);
m_pClients.insert(pSocket, new SApiLog(ClientProcessId));
}
void CApiLogServer::OnData()
{
QLocalSocket* pSocket = qobject_cast<QLocalSocket*>(sender());
SApiLog* ApiLog = m_pClients.value(pSocket);
if (!ApiLog)
return;
ApiLog->Buffer.append(pSocket->readAll());
for (;;)
{
int endPos = ApiLog->Buffer.indexOf('\0');
if (endPos == -1)
break;
CApiLogEntryPtr LogEntry = CApiLogEntryPtr(new CApiLogEntry(ApiLog->ProcessId, QString(ApiLog->Buffer.data())));
ApiLog->Buffer.remove(0, endPos + 1);
QWriteLocker Lock(&m_pApiLog->m_ApiLogMutex);
m_pApiLog->m_ApiLogList.append(LogEntry);
}
}
void CApiLogServer::OnClose()
{
QLocalSocket* pSocket = qobject_cast<QLocalSocket*>(sender());
delete m_pClients.take(pSocket);
pSocket->deleteLater();
}

74
SandboxiePlus/SandMan/ApiLog.h
View File

@ -1,74 +0,0 @@
#pragma once
class CApiLogEntry : public QSharedData
{
public:
CApiLogEntry(quint64 ProcessId, const QString& Message);
quint64 GetProcessId() const { return m_ProcessId; }
QDateTime GetTimeStamp() const { return m_TimeStamp; }
QString GetMessage() const { return m_Message; }
quint64 GetUID() const { return m_uid; }
protected:
quint64 m_ProcessId;
QDateTime m_TimeStamp;
QString m_Message;
quint64 m_uid;
};
typedef QSharedDataPointer<CApiLogEntry> CApiLogEntryPtr;
class CApiLog : public QThread
{
Q_OBJECT
public:
CApiLog(QObject* parent = 0);
virtual ~CApiLog();
virtual QList<CApiLogEntryPtr> GetApiLog() const { QReadLocker Lock(&m_ApiLogMutex); return m_ApiLogList; }
virtual void ClearApiLog() { QWriteLocker Lock(&m_ApiLogMutex); m_ApiLogList.clear(); }
protected:
friend class CApiLogServer;
virtual void run();
mutable QReadWriteLock m_ApiLogMutex;
QList<CApiLogEntryPtr> m_ApiLogList;
CApiLogServer* m_pServer;
};
/////////////////////////////////////////////////////////////////////////////////////
//
class CApiLogServer : public QObject
{
Q_OBJECT
protected:
CApiLogServer();
public slots:
void OnPipe();
void OnData();
void OnClose();
protected:
friend class CApiLog;
struct SApiLog
{
SApiLog(quint64 pid) { ProcessId = pid; }
QByteArray Buffer;
quint64 ProcessId;
};
QLocalServer* m_pServer;
QMap<QLocalSocket*, SApiLog*> m_pClients;
CApiLog* m_pApiLog;
};

114
SandboxiePlus/SandMan/Forms/OptionsWindow.ui
View File

@ -6,7 +6,7 @@
<rect>
<x>0</x>
<y>0</y>
<width>622</width>
<width>682</width>
<height>473</height>
</rect>
</property>
@ -45,7 +45,7 @@
<enum>QTabWidget::West</enum>
</property>
<property name="currentIndex">
<number>8</number>
<number>0</number>
</property>
<widget class="QWidget" name="tabGeneral">
<attribute name="title">
@ -1637,40 +1637,6 @@ Note: Forced Programs and Force Folders settings for a sandbox do not apply to
<layout class="QGridLayout" name="gridLayout_34">
<item row="0" column="0">
<layout class="QGridLayout" name="gridLayout_32">
<item row="10" column="2">
<spacer name="horizontalSpacer">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="7" column="1">
<widget class="QCheckBox" name="chkGuiTrace">
<property name="text">
<string>GUI Trace</string>
</property>
</widget>
</item>
<item row="6" column="1">
<widget class="QCheckBox" name="chkIpcTrace">
<property name="text">
<string>IPC Trace</string>
</property>
</widget>
</item>
<item row="4" column="1">
<widget class="QCheckBox" name="chkPipeTrace">
<property name="text">
<string>Pipe Trace</string>
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QLabel" name="label_19">
<property name="font">
@ -1684,14 +1650,14 @@ Note: Forced Programs and Force Folders settings for a sandbox do not apply to
</property>
</widget>
</item>
<item row="9" column="1" colspan="2">
<widget class="QCheckBox" name="chkDbgTrace">
<item row="10" column="2" colspan="2">
<widget class="QCheckBox" name="chkErrTrace">
<property name="text">
<string>Log Debug Output to the Trace Log</string>
<string>Log all SetError's to Trace log</string>
</property>
</widget>
</item>
<item row="10" column="1">
<item row="11" column="1">
<spacer name="verticalSpacer_2">
<property name="orientation">
<enum>Qt::Vertical</enum>
@ -1704,21 +1670,35 @@ Note: Forced Programs and Force Folders settings for a sandbox do not apply to
</property>
</spacer>
</item>
<item row="3" column="1">
<item row="8" column="3">
<widget class="QLabel" name="label_28">
<property name="text">
<string>&lt;- for this one the above does not apply</string>
</property>
</widget>
</item>
<item row="9" column="1" colspan="3">
<widget class="QCheckBox" name="chkDbgTrace">
<property name="text">
<string>Log Debug Output to the Trace Log</string>
</property>
</widget>
</item>
<item row="3" column="1" colspan="2">
<widget class="QCheckBox" name="chkFileTrace">
<property name="text">
<string>File Trace</string>
</property>
</widget>
</item>
<item row="5" column="1">
<item row="5" column="1" colspan="2">
<widget class="QCheckBox" name="chkKeyTrace">
<property name="text">
<string>Key Trace</string>
</property>
</widget>
</item>
<item row="3" column="2" rowspan="5">
<item row="3" column="3" rowspan="5">
<widget class="QLabel" name="label_26">
<property name="text">
<string>Log all access events as seen by the driver to the resource access log.
@ -1738,20 +1718,60 @@ instead of &quot;*&quot;.</string>
</property>
</widget>
</item>
<item row="8" column="1">
<item row="7" column="1" colspan="2">
<widget class="QCheckBox" name="chkGuiTrace">
<property name="text">
<string>GUI Trace</string>
</property>
</widget>
</item>
<item row="6" column="1" colspan="2">
<widget class="QCheckBox" name="chkIpcTrace">
<property name="text">
<string>IPC Trace</string>
</property>
</widget>
</item>
<item row="8" column="1" colspan="2">
<widget class="QCheckBox" name="chkComTrace">
<property name="text">
<string>COM Class Trace</string>
</property>
</widget>
</item>
<item row="8" column="2">
<widget class="QLabel" name="label_28">
<item row="4" column="1" colspan="2">
<widget class="QCheckBox" name="chkPipeTrace">
<property name="text">
<string>&lt;- for this one the above does not apply</string>
<string>Pipe Trace</string>
</property>
</widget>
</item>
<item row="11" column="4">
<spacer name="horizontalSpacer_3">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="11" column="2" colspan="2">
<spacer name="horizontalSpacer">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
</layout>
</item>
</layout>

144
SandboxiePlus/SandMan/Models/ApiMonModel.cpp
View File

@ -1,144 +0,0 @@
#include "stdafx.h"
#include "ApiMonModel.h"
#include "../MiscHelpers/Common/Common.h"
CApiMonModel::CApiMonModel(QObject *parent)
:CListItemModel(parent)
{
}
CApiMonModel::~CApiMonModel()
{
}
void CApiMonModel::Sync(const QList<CApiLogEntryPtr>& List, QSet<quint64> PIDs)
{
QList<SListNode*> New;
QHash<QVariant, SListNode*> Old = m_Map;
int i = 0;
if (List.count() >= m_List.count() && m_List.count() > 0)
{
i = m_List.count() - 1;
if (m_List.at(i)->ID == List.at(i)->GetUID())
{
i++;
Old.clear();
}
else
i = 0;
}
for (; i < List.count(); i++)
{
CApiLogEntryPtr pEntry = List.at(i);
QVariant ID = pEntry->GetUID();
if (!PIDs.isEmpty() && !PIDs.contains(pEntry->GetProcessId()))
continue;
int Row = -1;
QHash<QVariant, SListNode*>::iterator I = Old.find(ID);
SApiLogNode* pNode = I != Old.end() ? static_cast<SApiLogNode*>(I.value()) : NULL;
if(!pNode)
{
pNode = static_cast<SApiLogNode*>(MkNode(ID));
pNode->Values.resize(columnCount());
pNode->pEntry = pEntry;
New.append(pNode);
}
else
{
I.value() = NULL;
Row = GetRow(pNode);
}
int Col = 0;
bool State = false;
int Changed = 0;
/*int RowColor = CTaskExplorer::eNone;
if (pGDI->IsMarkedForRemoval() && CTaskExplorer::UseListColor(CTaskExplorer::eToBeRemoved)) RowColor = CTaskExplorer::eToBeRemoved;
else if (pGDI->IsNewlyCreated() && CTaskExplorer::UseListColor(CTaskExplorer::eAdded)) RowColor = CTaskExplorer::eAdded;
if (pNode->iColor != RowColor) {
pNode->iColor = RowColor;
pNode->Color = CTaskExplorer::GetListColor(RowColor);
Changed = 2;
}*/
for(int section = 0; section < columnCount(); section++)
{
if (!m_Columns.contains(section))
continue; // ignore columns which are hidden
QVariant Value;
switch(section)
{
case eProcess: Value = pEntry->GetProcessId(); break;
case eTimeStamp: Value = pEntry->GetTimeStamp(); break;
case eMessage: Value = pEntry->GetMessage(); break;
}
SApiLogNode::SValue& ColValue = pNode->Values[section];
if (ColValue.Raw != Value)
{
if(Changed == 0)
Changed = 1;
ColValue.Raw = Value;
switch (section)
{
case eProcess: ColValue.Formated = QString::number(pEntry->GetProcessId()); break;
case eTimeStamp: ColValue.Formated = pEntry->GetTimeStamp().toString("hh:mm:ss.zzz"); break;
//case eType: ColValue.Formated = ; break;
//case eValue: ColValue.Formated = ; break;
}
}
if(State != (Changed != 0))
{
if(State && Row != -1)
emit dataChanged(createIndex(Row, Col), createIndex(Row, section-1));
State = (Changed != 0);
Col = section;
}
if(Changed == 1)
Changed = 0;
}
if(State && Row != -1)
emit dataChanged(createIndex(Row, Col, pNode), createIndex(Row, columnCount()-1, pNode));
}
CListItemModel::Sync(New, Old);
}
CApiLogEntryPtr CApiMonModel::GetEntry(const QModelIndex &index) const
{
if (!index.isValid())
return CApiLogEntryPtr();
SApiLogNode* pNode = static_cast<SApiLogNode*>(index.internalPointer());
return pNode->pEntry;
}
int CApiMonModel::columnCount(const QModelIndex &parent) const
{
return eCount;
}
QVariant CApiMonModel::headerData(int section, Qt::Orientation orientation, int role) const
{
if (orientation == Qt::Horizontal && role == Qt::DisplayRole)
{
switch(section)
{
case eProcess: return tr("Process");
case eTimeStamp: return tr("Time Stamp");
case eMessage: return tr("Message");
}
}
return QVariant();
}

40
SandboxiePlus/SandMan/Models/ApiMonModel.h
View File

@ -1,40 +0,0 @@
#pragma once
#include <qwidget.h>
#include "../ApiLog.h"
#include "../../MiscHelpers/Common/ListItemModel.h"
class CApiMonModel : public CListItemModel
{
Q_OBJECT
public:
CApiMonModel(QObject *parent = 0);
~CApiMonModel();
void Sync(const QList<CApiLogEntryPtr>& List, QSet<quint64> PIDs);
CApiLogEntryPtr GetEntry(const QModelIndex &index) const;
int columnCount(const QModelIndex &parent = QModelIndex()) const;
QVariant headerData(int section, Qt::Orientation orientation, int role = Qt::DisplayRole) const;
enum EColumns
{
eProcess = 0,
eTimeStamp,
eMessage,
eCount
};
protected:
struct SApiLogNode: SListNode
{
SApiLogNode(const QVariant& Id) : SListNode(Id), iColor(0) {}
CApiLogEntryPtr pEntry;
int iColor;
};
virtual SListNode* MkNode(const QVariant& Id) { return new SApiLogNode(Id); }
};

27
SandboxiePlus/SandMan/Models/ResMonModel.cpp
View File

@ -12,7 +12,8 @@ CResMonModel::~CResMonModel()
{
}
void CResMonModel::Sync(const QList<CResLogEntryPtr>& List, QSet<quint64> PIDs)
//void CResMonModel::Sync(const QList<CTraceEntryPtr>& List, QSet<quint64> PIDs)
void CResMonModel::Sync(const QList<CTraceEntryPtr>& List)
{
QList<SListNode*> New;
QHash<QVariant, SListNode*> Old = m_Map;
@ -32,19 +33,19 @@ void CResMonModel::Sync(const QList<CResLogEntryPtr>& List, QSet<quint64> PIDs)
for(; i < List.count(); i++)
{
CResLogEntryPtr pEntry = List.at(i);
CTraceEntryPtr pEntry = List.at(i);
QVariant ID = pEntry->GetUID();
if (!PIDs.isEmpty() && !PIDs.contains(pEntry->GetProcessId()))
continue;
//if (!PIDs.isEmpty() && !PIDs.contains(pEntry->GetProcessId()))
// continue;
int Row = -1;
QHash<QVariant, SListNode*>::iterator I = Old.find(ID);
SResLogNode* pNode = I != Old.end() ? static_cast<SResLogNode*>(I.value()) : NULL;
STraceNode* pNode = I != Old.end() ? static_cast<STraceNode*>(I.value()) : NULL;
if(!pNode)
{
pNode = static_cast<SResLogNode*>(MkNode(ID));
pNode = static_cast<STraceNode*>(MkNode(ID));
pNode->Values.resize(columnCount());
pNode->pEntry = pEntry;
New.append(pNode);
@ -78,13 +79,13 @@ void CResMonModel::Sync(const QList<CResLogEntryPtr>& List, QSet<quint64> PIDs)
switch(section)
{
case eProcess: Value = pEntry->GetProcessId(); break;
case eTimeStamp: Value = pEntry->GetTimeStamp(); break;
case eTimeStamp: Value = pEntry->GetUID(); break;
case eType: Value = pEntry->GetTypeStr(); break;
case eStatus: Value = pEntry->GetStautsStr(); break;
case eValue: Value = pEntry->GetValue(); break;
case eValue: Value = pEntry->GetMessage(); break;
}
SResLogNode::SValue& ColValue = pNode->Values[section];
STraceNode::SValue& ColValue = pNode->Values[section];
if (ColValue.Raw != Value)
{
@ -97,7 +98,7 @@ void CResMonModel::Sync(const QList<CResLogEntryPtr>& List, QSet<quint64> PIDs)
case eProcess:
{
CBoxedProcessPtr pProcess = theAPI->GetProcessById(pEntry->GetProcessId());
ColValue.Formated = QString("%1 (%2)").arg(pProcess.isNull() ? tr("Unknown") : pProcess->GetProcessName()).arg(pEntry->GetProcessId());
ColValue.Formated = QString("%1 (%2, %3)").arg(pProcess.isNull() ? tr("Unknown") : pProcess->GetProcessName()).arg(pEntry->GetProcessId()).arg(pEntry->GetThreadId());
break;
}
case eTimeStamp: ColValue.Formated = pEntry->GetTimeStamp().toString("hh:mm:ss.zzz"); break;
@ -124,12 +125,12 @@ void CResMonModel::Sync(const QList<CResLogEntryPtr>& List, QSet<quint64> PIDs)
CListItemModel::Sync(New, Old);
}
CResLogEntryPtr CResMonModel::GetEntry(const QModelIndex &index) const
CTraceEntryPtr CResMonModel::GetEntry(const QModelIndex &index) const
{
if (!index.isValid())
return CResLogEntryPtr();
return CTraceEntryPtr();
SResLogNode* pNode = static_cast<SResLogNode*>(index.internalPointer());
STraceNode* pNode = static_cast<STraceNode*>(index.internalPointer());
return pNode->pEntry;
}

13
SandboxiePlus/SandMan/Models/ResMonModel.h
View File

@ -11,9 +11,10 @@ public:
CResMonModel(QObject *parent = 0);
~CResMonModel();
void Sync(const QList<CResLogEntryPtr>& List, QSet<quint64> PIDs);
//void Sync(const QList<CTraceEntryPtr>& List, QSet<quint64> PIDs);
void Sync(const QList<CTraceEntryPtr>& List);
CResLogEntryPtr GetEntry(const QModelIndex &index) const;
CTraceEntryPtr GetEntry(const QModelIndex &index) const;
int columnCount(const QModelIndex &parent = QModelIndex()) const;
QVariant headerData(int section, Qt::Orientation orientation, int role = Qt::DisplayRole) const;
@ -29,14 +30,14 @@ public:
};
protected:
struct SResLogNode: SListNode
struct STraceNode: SListNode
{
SResLogNode(const QVariant& Id) : SListNode(Id), iColor(0) {}
STraceNode(const QVariant& Id) : SListNode(Id), iColor(0) {}
CResLogEntryPtr pEntry;
CTraceEntryPtr pEntry;
int iColor;
};
virtual SListNode* MkNode(const QVariant& Id) { return new SResLogNode(Id); }
virtual SListNode* MkNode(const QVariant& Id) { return new STraceNode(Id); }
};

20
SandboxiePlus/SandMan/Models/SbieModel.cpp
View File

@ -86,17 +86,21 @@ QString CSbieModel::FindParent(const QVariant& Name, const QMap<QString, QString
return QString();
}
QList<QVariant> CSbieModel::MakeBoxPath(const QVariant& Name, const QMap<QString, QStringList>& Groups)
void CSbieModel::MakeBoxPath(const QVariant& Name, const QMap<QString, QStringList>& Groups, QList<QVariant>& Path)
{
QString ParentID = FindParent(Name, Groups);
QList<QVariant> Path;
if (!ParentID.isEmpty() && ParentID != Name
&& !Groups.value(CSbieModel__RemoveGroupMark(Name.toString())).contains(CSbieModel__RemoveGroupMark(ParentID)))
if (!ParentID.isEmpty() && ParentID != Name && !Path.contains(ParentID))
{
Path = MakeBoxPath(ParentID, Groups);
Path.append(ParentID);
Path.prepend(ParentID);
MakeBoxPath(ParentID, Groups, Path);
}
}
QList<QVariant> CSbieModel::MakeBoxPath(const QVariant& Name, const QMap<QString, QStringList>& Groups)
{
QList<QVariant> Path;
MakeBoxPath(Name, Groups, Path);
return Path;
}
@ -118,8 +122,8 @@ QList<QVariant> CSbieModel::Sync(const QMap<QString, CSandBoxPtr>& BoxList, cons
{
pNode = static_cast<SSandBoxNode*>(MkNode(ID));
pNode->Values.resize(columnCount());
if (m_bTree)
pNode->Path = MakeBoxPath(ID, Groups);
if (m_bTree)
pNode->Path = MakeBoxPath(ID, Groups);
pNode->pBox = NULL;
New[pNode->Path].append(pNode);
Added.append(ID);

1
SandboxiePlus/SandMan/Models/SbieModel.h
View File

@ -63,6 +63,7 @@ protected:
QString FindParent(const QVariant& Name, const QMap<QString, QStringList>& Groups);
QList<QVariant> MakeBoxPath(const QVariant& Name, const QMap<QString, QStringList>& Groups);
void MakeBoxPath(const QVariant& Name, const QMap<QString, QStringList>& Groups, QList<QVariant>& Path);
//virtual QVariant GetDefaultIcon() const;

174
SandboxiePlus/SandMan/SandMan.cpp
View File

@ -6,7 +6,7 @@
#include "Views/SbieView.h"
#include "../MiscHelpers/Common/CheckableMessageBox.h"
#include <QWinEventNotifier>
#include "ApiLog.h"
//#include "ApiLog.h"
#include "./Dialogs/MultiErrorDialog.h"
#include "../QSbieAPI/SbieUtils.h"
#include "../QSbieAPI/Sandboxie/BoxBorder.h"
@ -89,6 +89,10 @@ CSandMan::CSandMan(QWidget *parent)
theGUI = this;
const char version[] = VERSION_STR;
QDesktopServices::setUrlHandler("http", this, "OpenUrl");
QDesktopServices::setUrlHandler("https", this, "OpenUrl");
QDesktopServices::setUrlHandler("sbie", this, "OpenUrl");
@ -117,7 +121,7 @@ CSandMan::CSandMan(QWidget *parent)
m_SbieTemplates = new CSbieTemplates(theAPI, this);
m_ApiLog = NULL;
//m_ApiLog = NULL;
m_bConnectPending = false;
m_bStopPending = false;
@ -184,17 +188,17 @@ CSandMan::CSandMan(QWidget *parent)
//
// Api Log
m_pApiMonModel = new CApiMonModel();
//m_pApiMonModel->SetUseIcons(true);
m_pApiCallLog = new CPanelViewEx(m_pApiMonModel);
//m_pApiCallLog->GetView()->setItemDelegate(theGUI->GetItemDelegate());
m_pApiCallLog->GetView()->setSelectionMode(QAbstractItemView::ExtendedSelection);
m_pLogTabs->addTab(m_pApiCallLog, tr("Api Call Log"));
m_pApiCallLog->setEnabled(false);
//m_pApiMonModel = new CApiMonModel();
////m_pApiMonModel->SetUseIcons(true);
//
//m_pApiCallLog = new CPanelViewEx(m_pApiMonModel);
//
////m_pApiCallLog->GetView()->setItemDelegate(theGUI->GetItemDelegate());
//
//m_pApiCallLog->GetView()->setSelectionMode(QAbstractItemView::ExtendedSelection);
//
//m_pLogTabs->addTab(m_pApiCallLog, tr("Api Call Log"));
//m_pApiCallLog->setEnabled(false);
//
@ -315,11 +319,11 @@ void CSandMan::LoadState()
((QTreeViewEx*)m_pResourceLog->GetView())->OnResetColumns();
else
((QTreeViewEx*)m_pResourceLog->GetView())->restoreState(Columns);
Columns = theConf->GetBlob("MainWindow/ApiLogList_Columns");
if (!Columns.isEmpty())
((QTreeViewEx*)m_pApiCallLog->GetView())->OnResetColumns();
else
((QTreeViewEx*)m_pApiCallLog->GetView())->restoreState(Columns);
//Columns = theConf->GetBlob("MainWindow/ApiLogList_Columns");
//if (!Columns.isEmpty())
// ((QTreeViewEx*)m_pApiCallLog->GetView())->OnResetColumns();
//else
// ((QTreeViewEx*)m_pApiCallLog->GetView())->restoreState(Columns);
m_pLogSplitter->restoreState(theConf->GetBlob("MainWindow/Log_Splitter"));
m_pPanelSplitter->restoreState(theConf->GetBlob("MainWindow/Panel_Splitter"));
m_pLogTabs->setCurrentIndex(theConf->GetInt("MainWindow/LogTab", 0));
@ -331,7 +335,7 @@ void CSandMan::StoreState()
//theConf->SetBlob("MainWindow/BoxTree_Columns", m_pBoxTree->saveState());
theConf->SetBlob("MainWindow/LogList_Columns", m_pMessageLog->GetView()->header()->saveState());
theConf->SetBlob("MainWindow/ResMonList_Columns", m_pResourceLog->GetView()->header()->saveState());
theConf->SetBlob("MainWindow/ApiLogList_Columns", m_pApiCallLog->GetView()->header()->saveState());
//theConf->SetBlob("MainWindow/ApiLogList_Columns", m_pApiCallLog->GetView()->header()->saveState());
theConf->SetBlob("MainWindow/Log_Splitter", m_pLogSplitter->saveState());
theConf->SetBlob("MainWindow/Panel_Splitter", m_pPanelSplitter->saveState());
theConf->SetValue("MainWindow/LogTab", m_pLogTabs->currentIndex());
@ -399,8 +403,9 @@ void CSandMan::CreateMenus()
m_pCleanUpProcesses = m_pCleanUpMenu->addAction(tr("Cleanup Processes"), this, SLOT(OnCleanUp()));
m_pCleanUpMenu->addSeparator();
m_pCleanUpMsgLog = m_pCleanUpMenu->addAction(tr("Cleanup Message Log"), this, SLOT(OnCleanUp()));
m_pCleanUpResLog = m_pCleanUpMenu->addAction(tr("Cleanup Resource Log"), this, SLOT(OnCleanUp()));
m_pCleanUpApiLog = m_pCleanUpMenu->addAction(tr("Cleanup Api Call Log"), this, SLOT(OnCleanUp()));
m_pCleanUpTrace = m_pCleanUpMenu->addAction(tr("Cleanup Trace Log"), this, SLOT(OnCleanUp()));
//m_pCleanUpTrace = m_pCleanUpMenu->addAction(tr("Cleanup Resource Log"), this, SLOT(OnCleanUp()));
//m_pCleanUpApiLog = m_pCleanUpMenu->addAction(tr("Cleanup Api Call Log"), this, SLOT(OnCleanUp()));
m_pKeepTerminated = m_pMenuView->addAction(CSandMan::GetIcon("Keep"), tr("Keep terminated"), this, SLOT(OnSetKeep()));
m_pKeepTerminated->setCheckable(true);
@ -415,8 +420,8 @@ void CSandMan::CreateMenus()
m_pEnableMonitoring = m_pMenuOptions->addAction(CSandMan::GetIcon("SetLogging"), tr("Resource Logging"), this, SLOT(OnSetMonitoring()));
m_pEnableMonitoring->setCheckable(true);
m_pMenuOptions->addSeparator();
m_pEnableLogging = m_pMenuOptions->addAction(CSandMan::GetIcon("LogAPI"), tr("API Call Logging"), this, SLOT(OnSetLogging()));
m_pEnableLogging->setCheckable(true);
//m_pEnableLogging = m_pMenuOptions->addAction(CSandMan::GetIcon("LogAPI"), tr("API Call Logging"), this, SLOT(OnSetLogging()));
//m_pEnableLogging->setCheckable(true);
m_pMenuHelp = menuBar()->addMenu(tr("&Help"));
@ -459,7 +464,7 @@ void CSandMan::CreateToolBar()
m_pToolBar->addAction(m_pEditIni);
m_pToolBar->addSeparator();
m_pToolBar->addAction(m_pEnableMonitoring);
m_pToolBar->addAction(m_pEnableLogging);
//m_pToolBar->addAction(m_pEnableLogging);
m_pToolBar->addSeparator();
@ -611,6 +616,8 @@ void CSandMan::timerEvent(QTimerEvent* pEvent)
if (pEvent->timerId() != m_uTimerID)
return;
bool bForceProcessDisabled = false;
if (theAPI->IsConnected())
{
SB_STATUS Status = theAPI->ReloadBoxes();
@ -622,14 +629,20 @@ void CSandMan::timerEvent(QTimerEvent* pEvent)
theAPI->UpdateProcesses(m_pKeepTerminated->isChecked());
m_pDisableForce->setChecked(theAPI->AreForceProcessDisabled());
m_pDisableForce2->setChecked(theAPI->AreForceProcessDisabled());
bForceProcessDisabled = theAPI->AreForceProcessDisabled();
m_pDisableForce->setChecked(bForceProcessDisabled);
m_pDisableForce2->setChecked(bForceProcessDisabled);
bool bIsMonitoring = theAPI->IsMonitoring();
m_pResourceLog->setEnabled(bIsMonitoring);
m_pEnableMonitoring->setChecked(bIsMonitoring);
}
if (m_bIconEmpty != (theAPI->TotalProcesses() == 0) || m_bIconDisabled != theAPI->AreForceProcessDisabled())
if (m_bIconEmpty != (theAPI->TotalProcesses() == 0) || m_bIconDisabled != bForceProcessDisabled)
{
m_bIconEmpty = (theAPI->TotalProcesses() == 0);
m_bIconDisabled = theAPI->AreForceProcessDisabled();
m_bIconDisabled = bForceProcessDisabled;
QString IconFile = ":/SandMan";
if (m_bIconEmpty)
@ -755,17 +768,18 @@ void CSandMan::OnSelectionChanged()
Processes.append(pBox->GetProcessList().values());
}*/
QSet<quint64> Pids;
foreach(const CBoxedProcessPtr& pProcess, Processes)
Pids.insert(pProcess->GetProcessId());
//QSet<quint64> Pids;
//foreach(const CBoxedProcessPtr& pProcess, Processes)
// Pids.insert(pProcess->GetProcessId());
QList<CResLogEntryPtr> ResourceLog = theAPI->GetResLog();
m_pResMonModel->Sync(ResourceLog, Pids);
QList<CTraceEntryPtr> ResourceLog = theAPI->GetTrace();
//m_pResMonModel->Sync(ResourceLog, Pids);
m_pResMonModel->Sync(ResourceLog);
if (m_ApiLog) {
QList<CApiLogEntryPtr> ApiCallLog = m_ApiLog->GetApiLog();
m_pApiMonModel->Sync(ApiCallLog, Pids);
}
//if (m_ApiLog) {
// QList<CApiLogEntryPtr> ApiCallLog = m_ApiLog->GetApiLog();
// m_pApiMonModel->Sync(ApiCallLog, Pids);
//}
}
void CSandMan::OnStatusChanged()
@ -850,7 +864,7 @@ void CSandMan::OnStatusChanged()
m_pEditIni->setEnabled(isConnected);
m_pReloadIni->setEnabled(isConnected);
m_pEnableMonitoring->setEnabled(isConnected);
m_pEnableLogging->setEnabled(isConnected);
//m_pEnableLogging->setEnabled(isConnected);
}
void CSandMan::OnMenuHover(QAction* action)
@ -1148,10 +1162,6 @@ SB_STATUS CSandMan::ConnectSbieImpl()
if (!Status)
return Status;
bool bIsMonitoring = theAPI->IsMonitoring();
m_pResourceLog->setEnabled(bIsMonitoring);
m_pEnableMonitoring->setChecked(bIsMonitoring);
return SB_OK;
}
@ -1275,11 +1285,11 @@ void CSandMan::OnCleanUp()
if (sender() == m_pCleanUpMsgLog || sender() == m_pCleanUpButton)
m_pMessageLog->GetTree()->clear();
if (sender() == m_pCleanUpResLog || sender() == m_pCleanUpButton)
theAPI->ClearResLog();
if (sender() == m_pCleanUpTrace || sender() == m_pCleanUpButton)
theAPI->ClearTrace();
if (sender() == m_pCleanUpApiLog || sender() == m_pCleanUpButton)
if(m_ApiLog) m_ApiLog->ClearApiLog();
//if (sender() == m_pCleanUpApiLog || sender() == m_pCleanUpButton)
// if(m_ApiLog) m_ApiLog->ClearApiLog();
if (sender() == m_pCleanUpProcesses || sender() == m_pCleanUpButton)
theAPI->UpdateProcesses(false);
@ -1335,7 +1345,7 @@ void CSandMan::OnResetMsgs()
theConf->SetValue("Options/CheckForUpdates", 2);
theConf->SetValue("Options/NoEditInfo", true);
theConf->SetValue("Options/ApiLogInfo", true);
//theConf->SetValue("Options/ApiLogInfo", true);
theConf->SetValue("Options/BoxedExplorerInfo", true);
theConf->SetValue("Options/ExplorerInfo", true);
@ -1415,40 +1425,40 @@ void CSandMan::OnSetMonitoring()
m_pResourceLog->setEnabled(m_pEnableMonitoring->isChecked());
}
void CSandMan::OnSetLogging()
{
if (m_pEnableLogging->isChecked())
{
if (theConf->GetBool("Options/ApiLogInfo", true))
{
QString Message = tr("To use API logging you must first set up the LogApiDll from https://github.com/sandboxie-plus/LogApiDll with one or more sandboxes.\n"
"Please download the latest release and set it up with the Sandboxie.ini as instructed in the README.md of the project.");
bool State = false;
CCheckableMessageBox::question(this, "Sandboxie-Plus", Message
, tr("Don't show this message again."), &State, QDialogButtonBox::Ok, QDialogButtonBox::Ok, QMessageBox::Information);
if (State)
theConf->SetValue("Options/ApiLogInfo", false);
}
if (!m_pToolBar->isVisible())
m_pLogTabs->show();
if (!m_ApiLog) {
m_ApiLog = new CApiLog();
m_pApiCallLog->setEnabled(true);
}
}
else
{
if (m_ApiLog) {
m_pApiCallLog->setEnabled(false);
m_ApiLog->deleteLater();
m_ApiLog = NULL;
}
}
}
//void CSandMan::OnSetLogging()
//{
// if (m_pEnableLogging->isChecked())
// {
// if (theConf->GetBool("Options/ApiLogInfo", true))
// {
// QString Message = tr("To use API logging you must first set up the LogApiDll from https://github.com/sandboxie-plus/LogApiDll with one or more sandboxes.\n"
// "Please download the latest release and set it up with the Sandboxie.ini as instructed in the README.md of the project.");
//
// bool State = false;
// CCheckableMessageBox::question(this, "Sandboxie-Plus", Message
// , tr("Don't show this message again."), &State, QDialogButtonBox::Ok, QDialogButtonBox::Ok, QMessageBox::Information);
//
// if (State)
// theConf->SetValue("Options/ApiLogInfo", false);
// }
//
// if (!m_pToolBar->isVisible())
// m_pLogTabs->show();
//
// if (!m_ApiLog) {
// m_ApiLog = new CApiLog();
// //m_pApiCallLog->setEnabled(true);
// }
// }
// else
// {
// if (m_ApiLog) {
// //m_pApiCallLog->setEnabled(false);
// m_ApiLog->deleteLater();
// m_ApiLog = NULL;
// }
// }
//}
void CSandMan::AddAsyncOp(const CSbieProgressPtr& pProgress)
{
@ -1993,7 +2003,7 @@ void CSandMan::LoadLanguage()
m_LanguageId = LocaleNameToLCID(Lang.toStdWString().c_str(), 0);
QString LangAux = Lang; // Short version as fallback
LangAux.truncate(LangAux.lastIndexOf('_'));
LangAux.truncate(LangAux.lastIndexOf('-'));
QString LangPath = QApplication::applicationDirPath() + "/translations/sandman_";
bool bAux = false;

23
SandboxiePlus/SandMan/SandMan.h
View File

@ -8,21 +8,18 @@
#include "../MiscHelpers/Common/ProgressDialog.h"
#include "../MiscHelpers/Common/NetworkAccessManager.h"
#include "Models/ResMonModel.h"
#include "Models/ApiMonModel.h"
//#include "Models/ApiMonModel.h"
#include <QTranslator>
#include "Windows/PopUpWindow.h"
#define VERSION_MJR 0
#define VERSION_MIN 6
#define VERSION_REV 7
#define VERSION_UPD 0
#include "version.h"
//#include "../QSbieAPI/SbieAPI.h"
#include "SbiePlusAPI.h"
class CSbieView;
class CApiLog;
//class CApiLog;
class CBoxBorder;
class CSbieTemplates;
@ -70,7 +67,7 @@ protected:
CBoxBorder* m_pBoxBorder;
CSbieTemplates* m_SbieTemplates;
CApiLog* m_ApiLog;
//CApiLog* m_ApiLog;
QMap<CSbieProgress*, CSbieProgressPtr> m_pAsyncProgress;
@ -132,7 +129,7 @@ private slots:
void OnEditIni();
void OnReloadIni();
void OnSetMonitoring();
void OnSetLogging();
//void OnSetLogging();
void OnExit();
void OnHelp();
@ -171,8 +168,8 @@ private:
CPanelWidgetEx* m_pMessageLog;
CPanelViewEx* m_pResourceLog;
CResMonModel* m_pResMonModel;
CPanelViewEx* m_pApiCallLog;
CApiMonModel* m_pApiMonModel;
//CPanelViewEx* m_pApiCallLog;
//CApiMonModel* m_pApiMonModel;
QMenu* m_pMenuFile;
@ -204,8 +201,8 @@ private:
QMenu* m_pCleanUpMenu;
QAction* m_pCleanUpProcesses;
QAction* m_pCleanUpMsgLog;
QAction* m_pCleanUpResLog;
QAction* m_pCleanUpApiLog;
QAction* m_pCleanUpTrace;
//QAction* m_pCleanUpApiLog;
QToolButton* m_pCleanUpButton;
QAction* m_pKeepTerminated;
@ -215,7 +212,7 @@ private:
QAction* m_pEditIni;
QAction* m_pReloadIni;
QAction* m_pEnableMonitoring;
QAction* m_pEnableLogging;
//QAction* m_pEnableLogging;
QMenu* m_pMenuHelp;
QAction* m_pSupport;

4
SandboxiePlus/SandMan/SandMan.vcxproj
View File

@ -195,13 +195,11 @@
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="ApiLog.cpp" />
<ClCompile Include="Dialogs\MultiErrorDialog.cpp" />
<ClCompile Include="Helpers\FindTool.cpp" />
<ClCompile Include="Helpers\WinAdmin.cpp" />
<ClCompile Include="Helpers\WindowFromPointEx.cpp" />
<ClCompile Include="main.cpp" />
<ClCompile Include="Models\ApiMonModel.cpp" />
<ClCompile Include="Models\ResMonModel.cpp" />
<ClCompile Include="Models\SbieModel.cpp" />
<ClCompile Include="SandMan.cpp" />
@ -231,9 +229,7 @@
<QtMoc Include="SandMan.h" />
<QtMoc Include="Models\SbieModel.h" />
<QtMoc Include="Models\ResMonModel.h" />
<QtMoc Include="ApiLog.h" />
<QtMoc Include="Dialogs\MultiErrorDialog.h" />
<QtMoc Include="Models\ApiMonModel.h" />
<ClInclude Include="Helpers\FindTool.h" />
<ClInclude Include="Helpers\WinAdmin.h" />
<ClInclude Include="resource.h" />

12
SandboxiePlus/SandMan/SandMan.vcxproj.filters
View File

@ -66,18 +66,12 @@
<ClCompile Include="Models\ResMonModel.cpp">
<Filter>Models</Filter>
</ClCompile>
<ClCompile Include="ApiLog.cpp">
<Filter>SandMan</Filter>
</ClCompile>
<ClCompile Include="Dialogs\MultiErrorDialog.cpp">
<Filter>Dialogs</Filter>
</ClCompile>
<ClCompile Include="SbiePlusAPI.cpp">
<Filter>SandMan</Filter>
</ClCompile>
<ClCompile Include="Models\ApiMonModel.cpp">
<Filter>Models</Filter>
</ClCompile>
<ClCompile Include="Helpers\WinAdmin.cpp">
<Filter>Helpers</Filter>
</ClCompile>
@ -133,18 +127,12 @@
<QtMoc Include="Models\ResMonModel.h">
<Filter>Models</Filter>
</QtMoc>
<QtMoc Include="ApiLog.h">
<Filter>SandMan</Filter>
</QtMoc>
<QtMoc Include="Dialogs\MultiErrorDialog.h">
<Filter>Dialogs</Filter>
</QtMoc>
<QtMoc Include="SbiePlusAPI.h">
<Filter>SandMan</Filter>
</QtMoc>
<QtMoc Include="Models\ApiMonModel.h">
<Filter>Models</Filter>
</QtMoc>
<QtMoc Include="Windows\OptionsWindow.h">
<Filter>Windows</Filter>
</QtMoc>

18
SandboxiePlus/SandMan/SbiePlusAPI.cpp
View File

@ -89,7 +89,16 @@ CSandBoxPlus::~CSandBoxPlus()
void CSandBoxPlus::UpdateDetails()
{
m_bLogApiFound = GetTextList("OpenPipePath", false).contains("\\Device\\NamedPipe\\LogAPI");
//m_bLogApiFound = GetTextList("OpenPipePath", false).contains("\\Device\\NamedPipe\\LogAPI");
m_bLogApiFound = false;
QStringList InjectDlls = GetTextList("InjectDll", false);
foreach(const QString & InjectDll, InjectDlls)
{
if (InjectDll.contains("logapi", Qt::CaseInsensitive)) {
m_bLogApiFound = true;
break;
}
}
m_bINetBlocked = false;
foreach(const QString& Entry, GetTextList("ClosedFilePath", false))
@ -132,6 +141,9 @@ QString CSandBoxPlus::GetStatusStr() const
QStringList Status;
if (IsEmpty())
Status.append(tr("Empty"));
if (m_iUnsecureDebugging == 1)
Status.append(tr("NOT SECURE (Debug Config)"));
else if (m_iUnsecureDebugging == 2)
@ -168,13 +180,13 @@ void CSandBoxPlus::SetLogApi(bool bEnable)
{
if (bEnable)
{
InsertText("OpenPipePath", "\\Device\\NamedPipe\\LogAPI");
//InsertText("OpenPipePath", "\\Device\\NamedPipe\\LogAPI");
InsertText("InjectDll", "\\LogAPI\\logapi32.dll");
InsertText("InjectDll64", "\\LogAPI\\logapi64.dll");
}
else
{
DelValue("OpenPipePath", "\\Device\\NamedPipe\\LogAPI");
//DelValue("OpenPipePath", "\\Device\\NamedPipe\\LogAPI");
DelValue("InjectDll", "\\LogAPI\\logapi32.dll");
DelValue("InjectDll64", "\\LogAPI\\logapi64.dll");
}

26
SandboxiePlus/SandMan/Views/SbieView.cpp
View File

@ -39,6 +39,7 @@ CSbieView::CSbieView(QWidget* parent) : CPanelView(parent)
//m_pSbieTree->setItemDelegate(theGUI->GetItemDelegate());
m_pSbieTree->setModel(m_pSortProxy);
((CSortFilterProxyModel*)m_pSortProxy)->setView(m_pSbieTree);
m_pSbieTree->setSelectionMode(QAbstractItemView::ExtendedSelection);
m_pSbieTree->setSortingEnabled(true);
@ -71,6 +72,7 @@ CSbieView::CSbieView(QWidget* parent) : CPanelView(parent)
m_pMenuRunMailer = m_pMenuRun->addAction(CSandMan::GetIcon("Email"), tr("Run eMail Client"), this, SLOT(OnSandBoxAction()));
m_pMenuRunExplorer = m_pMenuRun->addAction(CSandMan::GetIcon("Explore"), tr("Run Explorer"), this, SLOT(OnSandBoxAction()));
m_pMenuRunCmd = m_pMenuRun->addAction(CSandMan::GetIcon("Cmd"), tr("Run Cmd.exe"), this, SLOT(OnSandBoxAction()));
m_pMenuRunCmdAdmin = m_pMenuRun->addAction(CSandMan::GetIcon("Cmd"), tr("Run Cmd.exe as Admin"), this, SLOT(OnSandBoxAction()));
m_pMenuRun->addSeparator();
m_iMenuRun = m_pMenuRun->actions().count();
m_pMenuEmptyBox = m_pMenu->addAction(CSandMan::GetIcon("EmptyAll"), tr("Terminate All Programs"), this, SLOT(OnSandBoxAction()));
@ -377,6 +379,26 @@ QString CSbieView__SerializeGroup(QMap<QString, QStringList>& m_Groups, const QS
return Grouping.join(",");
}
QString CSbieView::FindParent(const QString& Name)
{
for (auto I = m_Groups.begin(); I != m_Groups.end(); ++I)
{
if (I.value().contains(Name, Qt::CaseInsensitive))
return I.key();
}
return QString();
}
bool CSbieView::IsParentOf(const QString& Name, const QString& Group)
{
QString Parent = FindParent(Group);
if (Parent == Name)
return true;
if (Parent.isEmpty())
return false;
return IsParentOf(Name, Parent);
}
void CSbieView::OnGroupAction()
{
QAction* Action = qobject_cast<QAction*>(sender());
@ -453,7 +475,7 @@ void CSbieView::OnGroupAction()
if (Name.isEmpty())
continue;
if (Name == Group || m_Groups.value(Name).contains(Group)) {
if (Name == Group || IsParentOf(Name, Group)) {
QMessageBox("Sandboxie-Plus", tr("A group can not be its own parent."), QMessageBox::Critical, QMessageBox::Ok, QMessageBox::NoButton, QMessageBox::NoButton, this).exec();
continue;
}
@ -528,6 +550,8 @@ void CSbieView::OnSandBoxAction()
}
else if (Action == m_pMenuRunCmd)
Results.append(SandBoxes.first()->RunStart("cmd.exe"));
else if (Action == m_pMenuRunCmdAdmin)
Results.append(SandBoxes.first()->RunStart("cmd.exe", true));
else if (Action == m_pMenuPresetsLogApi)
SandBoxes.first().objectCast<CSandBoxPlus>()->SetLogApi(m_pMenuPresetsLogApi->isChecked());
else if (Action == m_pMenuPresetsINet)

4
SandboxiePlus/SandMan/Views/SbieView.h
View File

@ -51,6 +51,9 @@ private:
void UpdateGroupMenu();
QString FindParent(const QString& Name);
bool IsParentOf(const QString& Name, const QString& Group);
QVBoxLayout* m_pMainLayout;
QTreeViewEx* m_pSbieTree;
@ -68,6 +71,7 @@ private:
QAction* m_pMenuRunMailer;
QAction* m_pMenuRunExplorer;
QAction* m_pMenuRunCmd;
QAction* m_pMenuRunCmdAdmin;
QAction* m_pMenuMkLink;
QMenu* m_pMenuPresets;
QAction* m_pMenuPresetsLogApi;

3
SandboxiePlus/SandMan/Windows/OptionsWindow.cpp
View File

@ -276,6 +276,7 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
connect(ui.chkGuiTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkComTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkDbgTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkErrTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.btnAddAutoExec, SIGNAL(clicked(bool)), this, SLOT(OnAddAutoExec()));
connect(ui.btnDelAutoExec, SIGNAL(clicked(bool)), this, SLOT(OnDelAutoExec()));
@ -512,6 +513,7 @@ void COptionsWindow::LoadConfig()
ReadAdvancedCheck("GuiTrace", ui.chkGuiTrace, "*");
ReadAdvancedCheck("ClsidTrace", ui.chkComTrace, "*");
ui.chkDbgTrace->setChecked(m_pBox->GetBool("DebugTrace", false));
ui.chkErrTrace->setChecked(m_pBox->GetBool("ErrorTrace", false));
ui.chkHideOtherBoxes->setChecked(m_pBox->GetBool("HideOtherBoxes", false));
QStringList Processes = m_pBox->GetTextList("HideHostProcess", m_Template);
@ -679,6 +681,7 @@ void COptionsWindow::SaveConfig()
WriteAdvancedCheck(ui.chkGuiTrace, "GuiTrace", "*");
WriteAdvancedCheck(ui.chkComTrace, "ClsidTrace", "*");
WriteAdvancedCheck(ui.chkDbgTrace, "DebugTrace", "y");
WriteAdvancedCheck(ui.chkErrTrace, "ErrorTrace", "y");
WriteAdvancedCheck(ui.chkHideOtherBoxes, "HideOtherBoxes");

5947
SandboxiePlus/SandMan/sandman_de.ts
View File

File diff suppressed because it is too large Load Diff

676
SandboxiePlus/SandMan/sandman_pl.ts
View File

File diff suppressed because it is too large Load Diff

691
SandboxiePlus/SandMan/sandman_pt.ts
View File

File diff suppressed because it is too large Load Diff

70
SandboxiePlus/SandMan/sandman_ru.ts
View File

@ -5,15 +5,15 @@
<name>CApiMonModel</name>
<message>
<source>Message</source>
<translation>Сообщение</translation>
<translation type="vanished">Сообщение</translation>
</message>
<message>
<source>Time Stamp</source>
<translation>Временная метка</translation>
<translation type="vanished">Временная метка</translation>
</message>
<message>
<source>Process</source>
<translation>Процесс</translation>
<translation type="vanished">Процесс</translation>
</message>
</context>
<context>
@ -431,27 +431,47 @@
<message>
<source>Do you want to allow %4 (%5) to copy a %1 large file into sandbox: %2?
File name: %3</source>
<translation>Разрешить%4 (%5) копировать большой файл %1 в песочницу:%2?
<translation type="vanished">Разрешить%4 (%5) копировать большой файл %1 в песочницу:%2?
Имя файла:%3</translation>
</message>
<message>
<source>Do you want to allow %1 (%2) access to the internet?
Full path: %3</source>
<translation>Вы хотите разрешить %1 (%2) доступ к Интернету?
<translation type="vanished">Вы хотите разрешить %1 (%2) доступ к Интернету?
Полный путь: %3</translation>
</message>
<message>
<source>%1 is eligible for quick recovery from %2.
The file was written by: %3</source>
<translation>%1 имеет право на быстрое восстановление с %2.
<translation type="vanished">%1 имеет право на быстрое восстановление с %2.
Файл был записан: %3</translation>
</message>
<message>
<source>Migrating a large file %1 into the sandbox %2, %3 left.
Full path: %4</source>
<translation>Перенос большого файла %1 в песочницу %2, осталось %3.
<translation type="vanished">Перенос большого файла %1 в песочницу %2, осталось %3.
Полный путь: %4</translation>
</message>
<message>
<source>Do you want to allow %4 (%5) to copy a %1 large file into sandbox: %2?
File name: %3</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Do you want to allow %1 (%2) access to the internet?
Full path: %3</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>%1 is eligible for quick recovery from %2.
The file was written by: %3</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Migrating a large file %1 into the sandbox %2, %3 left.
Full path: %4</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>CRecoveryWindow</name>
@ -549,6 +569,10 @@ Full path: %4</source>
<source>Disabled</source>
<translation>Отключено</translation>
</message>
<message>
<source>Empty</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>CSandMan</name>
@ -626,7 +650,7 @@ Full path: %4</source>
</message>
<message>
<source>Cleanup Api Call Log</source>
<translation>Очистить журнал вызовов API</translation>
<translation type="vanished">Очистить журнал вызовов API</translation>
</message>
<message>
<source>Simple View</source>
@ -694,7 +718,7 @@ Full path: %4</source>
</message>
<message>
<source>Api Call Log</source>
<translation>Журнал вызовов API</translation>
<translation type="vanished">Журнал вызовов API</translation>
</message>
<message>
<source>Stop Driver</source>
@ -780,7 +804,7 @@ Full path: %4</source>
</message>
<message>
<source>API Call Logging</source>
<translation>Ведение журнала вызовов API</translation>
<translation type="vanished">Ведение журнала вызовов API</translation>
</message>
<message>
<source>Loaded Config: %1</source>
@ -940,7 +964,7 @@ Full path: %4</source>
</message>
<message>
<source>Cleanup Resource Log</source>
<translation>Очистить журнал ресурсов</translation>
<translation type="vanished">Очистить журнал ресурсов</translation>
</message>
<message>
<source>Cleanup Message Log</source>
@ -1065,7 +1089,7 @@ Full path: %4</source>
<message>
<source>To use API logging you must first set up the LogApiDll from https://github.com/sandboxie-plus/LogApiDll with one or more sandboxes.
Please download the latest release and set it up with the Sandboxie.ini as instructed in the README.md of the project.</source>
<translation>Чтобы использовать ведение журнала API, вы должны сначала настроить LogApiDll из https://github.com/sandboxie-plus/LogApiDll с одной или несколькими песочницами.
<translation type="vanished">Чтобы использовать ведение журнала API, вы должны сначала настроить LogApiDll из https://github.com/sandboxie-plus/LogApiDll с одной или несколькими песочницами.
Загрузите последний выпуск и настройте его с помощью Sandboxie.ini, как указано в README.md проекта.</translation>
</message>
<message>
@ -1148,6 +1172,10 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
<source>Don&apos;t show this message anymore.</source>
<translation>Больше не показывать это сообщение.</translation>
</message>
<message>
<source>Cleanup Trace Log</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>CSbieModel</name>
@ -1414,6 +1442,10 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
<source>A group can not be its own parent.</source>
<translation>Группа не может быть собственным родителем.</translation>
</message>
<message>
<source>Run Cmd.exe as Admin</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>CSettingsWindow</name>
@ -2067,6 +2099,10 @@ Note: Forced Programs and Force Folders settings for a sandbox do not apply to
<source>Allow access to Bluetooth</source>
<translation>Разрешить доступ к Bluetooth</translation>
</message>
<message>
<source>Log all SetError&apos;s to Trace log</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>PopUpWindow</name>
@ -2086,23 +2122,23 @@ Note: Forced Programs and Force Folders settings for a sandbox do not apply to
<name>QPlatformTheme</name>
<message>
<source>Cancel</source>
<translation>Отмена</translation>
<translation type="vanished">Отмена</translation>
</message>
<message>
<source>Apply</source>
<translation>Применить</translation>
<translation type="vanished">Применить</translation>
</message>
<message>
<source>OK</source>
<translation>ОК</translation>
<translation type="vanished">ОК</translation>
</message>
<message>
<source>&amp;Yes</source>
<translation>&amp;Да</translation>
<translation type="vanished">&amp;Да</translation>
</message>
<message>
<source>&amp;No</source>
<translation>&amp;Нет</translation>
<translation type="vanished">&amp;Нет</translation>
</message>
</context>
<context>

72
SandboxiePlus/SandMan/sandman_tr.ts
View File

@ -5,15 +5,15 @@
<name>CApiMonModel</name>
<message>
<source>Message</source>
<translation>Mesaj</translation>
<translation type="vanished">Mesaj</translation>
</message>
<message>
<source>Time Stamp</source>
<translation>Zaman Damgası</translation>
<translation type="vanished">Zaman Damgası</translation>
</message>
<message>
<source>Process</source>
<translation>İşlem</translation>
<translation type="vanished">İşlem</translation>
</message>
</context>
<context>
@ -431,27 +431,47 @@
<message>
<source>Do you want to allow %4 (%5) to copy a %1 large file into sandbox: %2?
File name: %3</source>
<translation>%4 (%5)&apos;in %1 büyük bir dosyayı %2 korumalı kutusuna kopyalamasına izin vermek istiyor musunuz?
<translation type="vanished">%4 (%5)&apos;in %1 büyük bir dosyayı %2 korumalı kutusuna kopyalamasına izin vermek istiyor musunuz?
Dosya adı: %3</translation>
</message>
<message>
<source>Do you want to allow %1 (%2) access to the internet?
Full path: %3</source>
<translation>%1 (%2)&apos;in internet erişimine izin vermek istiyor musunuz?
<translation type="vanished">%1 (%2)&apos;in internet erişimine izin vermek istiyor musunuz?
Tam yol: %3</translation>
</message>
<message>
<source>%1 is eligible for quick recovery from %2.
The file was written by: %3</source>
<translation>%1, %2&apos;den hızlı kurtarma için uygun.
<translation type="vanished">%1, %2&apos;den hızlı kurtarma için uygun.
Dosyayı yazan: %3</translation>
</message>
<message>
<source>Migrating a large file %1 into the sandbox %2, %3 left.
Full path: %4</source>
<translation>Büyük bir dosya %1, %2 korumalı kutusuna taşınıyor, %3 kaldı.
<translation type="vanished">Büyük bir dosya %1, %2 korumalı kutusuna taşınıyor, %3 kaldı.
Tam yol: %4</translation>
</message>
<message>
<source>Do you want to allow %4 (%5) to copy a %1 large file into sandbox: %2?
File name: %3</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Do you want to allow %1 (%2) access to the internet?
Full path: %3</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>%1 is eligible for quick recovery from %2.
The file was written by: %3</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Migrating a large file %1 into the sandbox %2, %3 left.
Full path: %4</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>CRecoveryWindow</name>
@ -549,6 +569,10 @@ Tam yol: %4</translation>
<source>Disabled</source>
<translation>Devre dışı</translation>
</message>
<message>
<source>Empty</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>CSandMan</name>
@ -626,7 +650,7 @@ Tam yol: %4</translation>
</message>
<message>
<source>Cleanup Api Call Log</source>
<translation>Api Çağrı Günlüğünü Temizle</translation>
<translation type="vanished">Api Çağrı Günlüğünü Temizle</translation>
</message>
<message>
<source>Simple View</source>
@ -694,7 +718,7 @@ Tam yol: %4</translation>
</message>
<message>
<source>Api Call Log</source>
<translation>Api Çağrı Günlüğü</translation>
<translation type="vanished">Api Çağrı Günlüğü</translation>
</message>
<message>
<source>Stop Driver</source>
@ -780,7 +804,7 @@ Tam yol: %4</translation>
</message>
<message>
<source>API Call Logging</source>
<translation>API Çağrı Günlüğü</translation>
<translation type="vanished">API Çağrı Günlüğü</translation>
</message>
<message>
<source>Loaded Config: %1</source>
@ -940,7 +964,7 @@ Tam yol: %4</translation>
</message>
<message>
<source>Cleanup Resource Log</source>
<translation>Kaynak Günlüğünü Temizle</translation>
<translation type="vanished">Kaynak Günlüğünü Temizle</translation>
</message>
<message>
<source>Cleanup Message Log</source>
@ -1065,7 +1089,7 @@ Tam yol: %4</translation>
<message>
<source>To use API logging you must first set up the LogApiDll from https://github.com/sandboxie-plus/LogApiDll with one or more sandboxes.
Please download the latest release and set it up with the Sandboxie.ini as instructed in the README.md of the project.</source>
<translation>API günlüğünü kullanmak için önce https://github.com/sandboxie-plus/LogApiDll adresinden bir veya daha fazla korumalı kutu ile LogApiDll&apos;yi kurmanız gerekir.
<translation type="vanished">API günlüğünü kullanmak için önce https://github.com/sandboxie-plus/LogApiDll adresinden bir veya daha fazla korumalı kutu ile LogApiDll&apos;yi kurmanız gerekir.
Lütfen en son sürümü indirin ve projenin README.md dosyasında belirtildiği gibi Sandboxie.ini ile kurun.</translation>
</message>
<message>
@ -1121,7 +1145,7 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
<translation>Hepsini sormadan sonlandır</translation>
</message>
<message>
<source>The selected window is running as part of program %1 in sandbox %2</source>
<source>The selected window is running as part of program %1 in sandbox %2</source>
<translation>Seçilen pencere %2 kutusunda %1 programının bir parçası olarak çalışıyor</translation>
</message>
<message>
@ -1148,6 +1172,10 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
<source>Don&apos;t show this message anymore.</source>
<translation>Artık bu mesajı gösterme.</translation>
</message>
<message>
<source>Cleanup Trace Log</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>CSbieModel</name>
@ -1414,6 +1442,10 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
<source>A group can not be its own parent.</source>
<translation>Bir grup kendi ebeveyni olamaz.</translation>
</message>
<message>
<source>Run Cmd.exe as Admin</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>CSettingsWindow</name>
@ -2067,6 +2099,10 @@ Not: Bir korumalı kutuya ilişkin Zorlanmış Programlar ve Zorlanmış Dizinle
<source>Allow access to Bluetooth</source>
<translation>Bluetooth erişimine izin ver</translation>
</message>
<message>
<source>Log all SetError&apos;s to Trace log</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>PopUpWindow</name>
@ -2086,23 +2122,23 @@ Not: Bir korumalı kutuya ilişkin Zorlanmış Programlar ve Zorlanmış Dizinle
<name>QPlatformTheme</name>
<message>
<source>Cancel</source>
<translation>İptal</translation>
<translation type="vanished">İptal</translation>
</message>
<message>
<source>Apply</source>
<translation>Uygula</translation>
<translation type="vanished">Uygula</translation>
</message>
<message>
<source>OK</source>
<translation>TAMAM</translation>
<translation type="vanished">TAMAM</translation>
</message>
<message>
<source>&amp;Yes</source>
<translation>&amp;Evet</translation>
<translation type="vanished">&amp;Evet</translation>
</message>
<message>
<source>&amp;No</source>
<translation>&amp;Hayır</translation>
<translation type="vanished">&amp;Hayır</translation>
</message>
</context>
<context>

4780
SandboxiePlus/SandMan/sandman_zh-CN.ts
View File

File diff suppressed because it is too large Load Diff

4812
SandboxiePlus/SandMan/sandman_zh-TW.ts
View File

File diff suppressed because it is too large Load Diff

4
SandboxiePlus/version.h
View File

@ -1,8 +1,8 @@
#pragma once
#define VERSION_MJR 0
#define VERSION_MIN 6
#define VERSION_REV 7
#define VERSION_MIN 7
#define VERSION_REV 0
#define VERSION_UPD 0
#ifndef STR