mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

vs 1029 compatybility update

This commit is contained in:
DavidXanatos 2021-06-03 17:00:04 +02:00
parent 207e650bbb
commit d45feba10b
29 changed files with 92 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Sandboxie/core/drv/SboxDrv.vcxproj
View File

@ -185,7 +185,7 @@
</ClCompile>
<Link>
<SubSystem>Native</SubSystem>
<AdditionalDependencies>ntoskrnl.lib;hal.lib;wmilib.lib;fltmgr.lib;Ksecdd.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>ntoskrnl.lib;hal.lib;wmilib.lib;fltmgr.lib;Ksecdd.lib;ntstrsafe.lib;%(AdditionalDependencies)</AdditionalDependencies>
<EntryPointSymbol>DriverEntry</EntryPointSymbol>
<RandomizedBaseAddress>
</RandomizedBaseAddress>
@ -215,7 +215,7 @@
</ClCompile>
<Link>
<SubSystem>Native</SubSystem>
<AdditionalDependencies>ntoskrnl.lib;hal.lib;wmilib.lib;fltmgr.lib;Ksecdd.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>ntoskrnl.lib;hal.lib;wmilib.lib;fltmgr.lib;Ksecdd.lib;ntstrsafe.lib;%(AdditionalDependencies)</AdditionalDependencies>
<EntryPointSymbol>DriverEntry</EntryPointSymbol>
<RandomizedBaseAddress>
</RandomizedBaseAddress>

2
Sandboxie/core/drv/box.c
View File

@ -333,7 +333,7 @@ _FX BOOLEAN Box_InitPaths(POOL *pool, BOX *box)
}
// sometimes we get here without a user temp var being set. Check first to avoid an error popup.
swprintf(KeyPath, L"\\REGISTRY\\USER\\%.184s\\Environment", box->sid);
RtlStringCbPrintfW(KeyPath, sizeof(KeyPath), L"\\REGISTRY\\USER\\%.184s\\Environment", box->sid);
if (DoesRegValueExist(RTL_REGISTRY_ABSOLUTE, KeyPath, L"temp"))
Box_ExpandString(box, L"%temp%", L"", &box->user_temp_path, &box->user_temp_path_len);

8
Sandboxie/core/drv/conf.c
View File

@ -205,7 +205,7 @@ _FX NTSTATUS Conf_Read(ULONG session_id)
//
path_home = TRUE; // = FALSE;
swprintf(path, path_sandboxie, Driver_HomePathDos); // , SystemRoot);
RtlStringCbPrintfW(path, path_len, path_sandboxie, Driver_HomePathDos); // , SystemRoot);
status = Stream_Open(
&stream, path, FILE_GENERIC_READ, 0, FILE_SHARE_READ, FILE_OPEN, 0);
@ -213,7 +213,7 @@ _FX NTSTATUS Conf_Read(ULONG session_id)
if (status == STATUS_OBJECT_NAME_NOT_FOUND) {
path_home = FALSE; // = TRUE;
swprintf(path, path_sandboxie, SystemRoot); // , Driver_HomePathDos);
RtlStringCbPrintfW(path, path_len, path_sandboxie, SystemRoot); // , Driver_HomePathDos);
status = Stream_Open(
&stream, path,
@ -270,7 +270,7 @@ _FX NTSTATUS Conf_Read(ULONG session_id)
if (NT_SUCCESS(status)) {
swprintf(path, path_templates, Driver_HomePathDos);
RtlStringCbPrintfW(path, path_len, path_templates, Driver_HomePathDos);
status = Stream_Open(
&stream, path,
@ -350,7 +350,7 @@ _FX NTSTATUS Conf_Read(ULONG session_id)
//
if (! NT_SUCCESS(status)) {
swprintf(linenum_str, L"%d", linenum);
RtlStringCbPrintfW(linenum_str, sizeof(linenum_str), L"%d", linenum);
//DbgPrint("Conf error %X at line %d (%S)\n", status, linenum, linenum_str);
if (status == STATUS_BUFFER_OVERFLOW) {
Log_Msg_Session(

2
Sandboxie/core/drv/conf_expand.c
View File

@ -249,7 +249,7 @@ _FX NTSTATUS Conf_Expand_Template(
varname2 = Mem_Alloc(args->pool, varname2_len);
if (! varname2)
return STATUS_INSUFFICIENT_RESOURCES;
swprintf(varname2, L"%s.%s", varname, varvalue);
RtlStringCbPrintfW(varname2, varname2_len, L"%s.%s", varname, varvalue);
Conf_AdjustUseCount(TRUE);

10
Sandboxie/core/drv/dll.c
View File

@ -86,9 +86,9 @@ _FX BOOLEAN Dll_Init(void)
List_Init(&Dll_List);
Dll_List_Initialized = TRUE;
if (! Dll_Load(Dll_NTDLL))
if (! Dll_Load(Dll_NTDLL)) // ntoskrnl.exe - ntdll.dll
return FALSE;
if (! Dll_Load(Dll_USER))
if (! Dll_Load(Dll_USER)) // win32k.sys - w10: win32u.dll - w7: user32.dll & gdi32.dll
return FALSE;
return TRUE;
@ -174,7 +174,7 @@ _FX DLL_ENTRY *Dll_Load(const WCHAR *DllBaseName)
// open the dll file and query its on-disk size
//
swprintf(path, L"\\SystemRoot\\System32\\%s%s", DllBaseName, _DotDll);
RtlStringCbPrintfW(path, sizeof(path), L"\\SystemRoot\\System32\\%s%s", DllBaseName, _DotDll);
#ifdef _WIN64
@ -358,7 +358,7 @@ _FX void *Dll_GetProc(
if (! proc) {
WCHAR dll_proc_name[96];
swprintf(dll_proc_name, L"%s.%S", DllName, ProcName);
RtlStringCbPrintfW(dll_proc_name, sizeof(dll_proc_name), L"%s.%S", DllName, ProcName);
Log_Msg1(MSG_DLL_GET_PROC, dll_proc_name);
}
@ -400,7 +400,7 @@ _FX ULONG Dll_GetNextProc(
if (! dll_offset) {
WCHAR dll_proc_name[96];
swprintf(dll_proc_name, L"%s.%S", dll->name, SearchName);
RtlStringCbPrintfW(dll_proc_name, sizeof(dll_proc_name), L"%s.%S", dll->name, SearchName);
Log_Msg1(MSG_1112, dll_proc_name);
}

6
Sandboxie/core/drv/driver.c
View File

@ -284,6 +284,8 @@ _FX BOOLEAN Driver_CheckOsVersion(void)
( MajorVersion == MajorVersionMin
&& MinorVersion >= MinorVersionMin)) {
// Hard Offset Dependency
if (MajorVersion == 10) {
Driver_OsVersion = DRIVER_WINDOWS_10;
#ifdef _WIN64
@ -332,7 +334,7 @@ _FX BOOLEAN Driver_CheckOsVersion(void)
return TRUE;
}
swprintf(str, L"%d.%d (%d)", MajorVersion, MinorVersion, Driver_OsBuild);
RtlStringCbPrintfW(str, sizeof(str), L"%d.%d (%d)", MajorVersion, MinorVersion, Driver_OsBuild);
Log_Msg(MSG_1105, str, NULL);
return FALSE;
}
@ -605,7 +607,7 @@ _FX BOOLEAN Driver_FindHomePath(UNICODE_STRING *RegistryPath)
return FALSE; \
if (! Hook_GetService( \
ptr, NULL, prmcnt, NULL, (void **)&svc)) { \
swprintf(err_txt, L"%s.%S", Dll_NTDLL, ProcName); \
RtlStringCbPrintfW(err_txt, szieof(err_txt), L"%s.%S", Dll_NTDLL, ProcName); \
Log_Msg1(MSG_1108, err_txt); \
return FALSE; \
} \

2
Sandboxie/core/drv/driver.h
View File

@ -42,6 +42,8 @@
#include "log.h"
#include "mem.h"
#define NTSTRSAFE_LIB
#include <ntstrsafe.h>
//---------------------------------------------------------------------------
// Defines

8
Sandboxie/core/drv/file.c
View File

@ -403,7 +403,7 @@ _FX void File_CreateBoxPath_2(HANDLE FileHandle)
File_DesktopIniText = Mem_Alloc(Driver_Pool, 768);
if (File_DesktopIniText) {
sprintf(File_DesktopIniText,
RtlStringCbPrintfA(File_DesktopIniText, 768,
"[.ShellClassInfo]\r\n"
"IconFile=%S\\%S\r\n"
"IconIndex=9\r\n"
@ -996,7 +996,7 @@ _FX NTSTATUS File_Generic_MyParseProc(
ignore_str = Mem_Alloc(proc->pool, ignore_str_len);
if (ignore_str) {
swprintf(ignore_str,
RtlStringCbPrintfW(ignore_str, ignore_str_len,
L"(FI) %08X %s", device_type, device_name_ptr);
if (proc->file_trace & TRACE_IGNORE)
@ -1511,7 +1511,7 @@ skip_due_to_home_folder:
if(!IsPipeDevice && !ShouldMonitorAccess)
mon_type |= MONITOR_TRACE;
swprintf(access_str, L"(F%c) %08X.%02X.%08X",
RtlStringCbPrintfW(access_str, sizeof(access_str), L"(F%c) %08X.%02X.%08X",
letter, DesiredAccess,
CreateDisposition & 0x0F, CreateOptions);
Log_Debug_Msg(mon_type, access_str, Name->Name.Buffer);
@ -2247,7 +2247,7 @@ _FX NTSTATUS File_Api_Open(PROCESS *proc, ULONG64 *parms)
ULONG mon_type = MONITOR_FILE;
mon_type |= MONITOR_TRACE;
swprintf(access_str, L"(F%c) %08X.%02X.%08X",
RtlStringCbPrintfW(access_str, sizeof(access_str), L"(F%c) %08X.%02X.%08X",
letter, DesiredAccess,
0 & 0x0F, CreateOptions);
Log_Debug_Msg(mon_type, access_str, path);

4
Sandboxie/core/drv/file_ctrl.c
View File

@ -106,7 +106,7 @@ _FX NTSTATUS Syscall_DeviceIoControlFile(
/*
WCHAR msg_str[240];
swprintf(msg_str, L"DeviceIoContoleFile, CMApi, func = 0x%X, filter=%d, p=%06d t=%06d, %s\n",
RtlStringCbPrintfW(msg_str, sizeof(msg_str), L"DeviceIoContoleFile, CMApi, func = 0x%X, filter=%d, p=%06d t=%06d, %s\n",
function, filter, PsGetCurrentProcessId(), PsGetCurrentThreadId(), proc->image_name);
Log_Debug_Msg(MONITOR_OTHER | MONITOR_TRACE, msg_str, NULL);*/
@ -123,7 +123,7 @@ _FX NTSTATUS Syscall_DeviceIoControlFile(
if (mon_type) {
WCHAR msg_str[24];
swprintf(msg_str, L"Func: %02X", (ULONG)function);
RtlStringCbPrintfW(msg_str, sizeof(msg_str), L"Func: %02X", (ULONG)function);
Log_Debug_Msg(mon_type, L"\\Device\\DeviceApi\\CMApi", msg_str);
}
}

2
Sandboxie/core/drv/file_flt.c
View File

@ -397,7 +397,7 @@ _FX FLT_PREOP_CALLBACK_STATUS File_PreOperation(
WCHAR wcPid[32];
status = STATUS_ACCESS_DENIED; // disallow the call
swprintf(wcPid, L"[%d]", ulOwnerPid);
RtlStringCbPrintfW(wcPid, sizeof(wcPid), L"[%d]", ulOwnerPid);
// create a string for the sandboxed proc name plus the blocked file name (plus a L", " plus NULL = 6)
len = proc->image_name_len + pTargetFileNameInfo->Name.Length + 6;

2
Sandboxie/core/drv/gui.c
View File

@ -314,6 +314,8 @@ _FX GUI_CLIPBOARD *Gui_GetClipboard(void)
ULONG Clipboard_Offset = 0;
// Hard Offset Dependency
#ifdef _WIN64
if (Driver_OsVersion <= DRIVER_WINDOWS_7) {
Clipboard_Offset = 0x58;

10
Sandboxie/core/drv/gui_xp.c
View File

@ -188,7 +188,7 @@ static ULONG_PTR __jmp_NtRequestWaitReplyPort = 0;
return FALSE; \
svc_num = Hook_GetServiceIndex(ptr, SkipIndexes); \
if (svc_num <= 0 || (svc_num & 0xF000) != range) { \
swprintf(err_txt, L"%s.%S", dllname, ProcName); \
RtlStringCbPrintfW(err_txt, 128*sizeof(WCHAR), L"%s.%S", dllname, ProcName); \
Log_Msg1(MSG_1108, err_txt); \
return FALSE; \
} \
@ -1346,7 +1346,7 @@ _FX ULONG_PTR Gui_NtUserPostThreadMessage(
if (proc->gui_trace & TRACE_DENY) {
WCHAR access_str[80];
swprintf(access_str,
RtlStringCbPrintfW(access_str, sizeof(access_str),
L"(GD) ThrdMessage %05d (%04X) to tid=%06d pid=%06d",
Msg, Msg, idThread, idProcess);
Log_Debug_Msg(MONITOR_WINCLASS, access_str, Driver_Empty);
@ -1441,7 +1441,7 @@ _FX ULONG_PTR Gui_NtUserSendInput(
if (letter) {
swprintf(access_str, L"(G%c) SendInput", letter);
RtlStringCbPrintfW(access_str, sizeof(access_str), L"(G%c) SendInput", letter);
Log_Debug_Msg(MONITOR_WINCLASS | MONITOR_TRACE, access_str, Driver_Empty);
}
}
@ -1535,7 +1535,7 @@ _FX ULONG_PTR Gui_NtUserSetWindowsHookEx(
if (letter) {
swprintf(access_str,
RtlStringCbPrintfW(access_str, sizeof(access_str),
L"(G%c) WinHook %04d on tid=%06d pid=%06d",
letter, HookType, idThread, idProcess);
Log_Debug_Msg(MONITOR_WINCLASS | MONITOR_TRACE, access_str, Driver_Empty);
@ -1593,7 +1593,7 @@ _FX ULONG_PTR Gui_NtUserSetWinEventHook(
if (letter) {
swprintf(access_str, L"(G%c) AccHook on tid=%06d pid=%06d",
RtlStringCbPrintfW(access_str, sizeof(access_str), L"(G%c) AccHook on tid=%06d pid=%06d",
letter, idThread, idProcess);
Log_Debug_Msg(MONITOR_WINCLASS | MONITOR_TRACE, access_str, Driver_Empty);
}

2
Sandboxie/core/drv/hook_32.c
View File

@ -112,7 +112,7 @@ _FX void *Hook_GetZwServiceInternal(ULONG ServiceIndex)
subcode = Hook_Find_ZwRoutine_2(ServiceIndex, &routine);
if (subcode != 0) {
WCHAR err[8];
swprintf(err, L"0x%X", subcode);
RtlStringCbPrintfW(err, sizeof(err), L"0x%X", subcode);
Log_Msg1(MSG_HOOK_ZW_SERVICE, err);
routine = NULL;
}

2
Sandboxie/core/drv/hook_64.c
View File

@ -141,7 +141,7 @@ _FX void *Hook_GetZwServiceInternal(ULONG ServiceIndex)
subcode = Hook_Find_ZwRoutine(ServiceIndex, &routine);
if (subcode != 0) {
WCHAR err[8];
swprintf(err, L"%d", subcode);
RtlStringCbPrintfW(err, sizeof(err), L"%d", subcode);
Log_Msg1(MSG_HOOK_ZW_SERVICE, err);
routine = NULL;
}

2
Sandboxie/core/drv/ipc.c
View File

@ -942,7 +942,7 @@ _FX NTSTATUS Ipc_CheckGenericObject(
mon_type |= MONITOR_DENY;
}
swprintf(access_str, L"(I%c) %08X", letter, GrantedAccess);
RtlStringCbPrintfW(access_str, sizeof(access_str), L"(I%c) %08X", letter, GrantedAccess);
Log_Debug_Msg(mon_type, access_str, Name->Buffer);
}
}

2
Sandboxie/core/drv/ipc_lsa.c
View File

@ -341,7 +341,7 @@ _FX BOOLEAN Ipc_Filter_Lsa_Ep_Msg(PROCESS* proc, UCHAR uMsg)
if (mon_type) {
WCHAR msg_str[24];
swprintf(msg_str, L"Msg: %02X", (ULONG)uMsg);
RtlStringCbPrintfW(msg_str, sizeof(msg_str), L"Msg: %02X", (ULONG)uMsg);
Log_Debug_Msg(mon_type, L"\\RPC Control\\LSARPC_ENDPOINT", msg_str);
}
}

4
Sandboxie/core/drv/ipc_port.c
View File

@ -256,7 +256,7 @@ _FX NTSTATUS Ipc_CheckPortRequest(
/*if (Session_MonitorCount)// && (proc->ipc_trace & (TRACE_ALLOW | TRACE_DENY)))
{
WCHAR msg_str[256];
swprintf(msg_str, L"CheckPortRequest, Status <%08X> on Port <%*.*s>\n", status, Name->Name.Length / sizeof(WCHAR), Name->Name.Length / sizeof(WCHAR), Name->Name.Buffer);
RtlStringCbPrintfW(msg_str, sizeof(msg_str), L"CheckPortRequest, Status <%08X> on Port <%*.*s>\n", status, Name->Name.Length / sizeof(WCHAR), Name->Name.Length / sizeof(WCHAR), Name->Name.Buffer);
Log_Debug_Msg(MONITOR_IPC, msg_str, NULL);
}*/
@ -825,7 +825,7 @@ _FX NTSTATUS Ipc_Api_GetRpcPortName_2(PEPROCESS ProcessObject, WCHAR* pDstPortNa
(ObjName->Length < 64 * sizeof(WCHAR)) &&
_wcsnicmp(ObjName->Buffer, L"LRPC-", 5) == 0) {
swprintf(name, L"%s\\%s", _rpc_control, ObjName->Buffer);
RtlStringCbPrintfW(name, sizeof(name), L"%s\\%s", _rpc_control, ObjName->Buffer);
RtlInitUnicodeString(&objname, name);

4
Sandboxie/core/drv/ipc_sam.c
View File

@ -101,7 +101,7 @@ _FX BOOLEAN Ipc_Filter_Sam_Msg(PROCESS* proc, UCHAR uMsg)
{
//case 0x00: //SamConnect
//case 0x01: //SamCloseHandle
case 0x02: //SamSetSecurityObject
case 0x02: //SamSetSecurityObject // fixme: SandboxieCrypto.exe needs this some times #740 //if(proc->image_sbie) break;
//case 0x03: //SamQuerySecurityObject
//case 0x05: //SamLookupDomainInSamServer
//case 0x06: //SamEnumerateDomainsInSamServer
@ -180,7 +180,7 @@ _FX BOOLEAN Ipc_Filter_Sam_Msg(PROCESS* proc, UCHAR uMsg)
if (mon_type) {
WCHAR msg_str[24];
swprintf(msg_str, L"Msg: %02X", (ULONG)uMsg);
RtlStringCbPrintfW(msg_str, sizeof(msg_str), L"Msg: %02X", (ULONG)uMsg);
Log_Debug_Msg(mon_type, L"\\RPC Control\\samss lpc", msg_str);
}
}

2
Sandboxie/core/drv/ipc_spl.c
View File

@ -311,7 +311,7 @@ _FX BOOLEAN Ipc_Filter_Spooler_Msg(PROCESS* proc, UCHAR uMsg)
if (mon_type) {
WCHAR msg_str[24];
swprintf(msg_str, L"Msg: %02X", (ULONG)uMsg);
RtlStringCbPrintfW(msg_str, sizeof(msg_str), L"Msg: %02X", (ULONG)uMsg);
Log_Debug_Msg(mon_type, L"\\RPC Control\\spoolss", msg_str);
}
}

2
Sandboxie/core/drv/key.c
View File

@ -474,7 +474,7 @@ _FX NTSTATUS Key_MyParseProc_2(OBJ_PARSE_PROC_ARGS_2)
if (!ShouldMonitorAccess)
mon_type |= MONITOR_TRACE;
swprintf(access_str, L"(K%c) %08X",
RtlStringCbPrintfW(access_str, sizeof(access_str), L"(K%c) %08X",
letter, AccessState->OriginalDesiredAccess);
Log_Debug_Msg(mon_type, access_str, Name->Name.Buffer);
}

4
Sandboxie/core/drv/log.c
View File

@ -317,9 +317,9 @@ _FX void Log_Status_Ex_Process(
WCHAR str[100];
if (error_subcode)
swprintf(str, L"[%08X / %02X]", nt_status, error_subcode);
RtlStringCbPrintfW(str, sizeof(str), L"[%08X / %02X]", nt_status, error_subcode);
else
swprintf(str, L"[%08X]", nt_status);
RtlStringCbPrintfW(str, sizeof(str), L"[%08X]", nt_status);
Log_Msg_Process(error_code, str, string2, session_id, process_id);
}

4
Sandboxie/core/drv/my_winnt.h
View File

@ -84,9 +84,7 @@ NTOS_API(ULONG) SeTokenImpersonationLevel(
// Misc
// ------------------------------------------------------------------
ULONG __cdecl sprintf(char *buffer, const char *format, ...);
//ULONG __cdecl sprintf(char *buffer, const char *format, ...);
//ULONG __cdecl swprintf(wchar_t *buffer, const wchar_t *format, ...);
NTOS_NTSTATUS ZwYieldExecution(void);

3
Sandboxie/core/drv/process.c
View File

@ -1054,7 +1054,8 @@ _FX void Process_NotifyProcess_Create(
if (! bHostInject)
{
WCHAR msg[48], *buf = msg;
buf += swprintf(buf, L"%s%c%d", new_proc->box->name, L'\0', (ULONG)ParentId) + 1;
RtlStringCbPrintfW(buf, sizeof(msg), L"%s%c%d", new_proc->box->name, L'\0', (ULONG)ParentId);
buf += wcslen(buf) + 1;
Log_Popup_MsgEx(MSG_1399, new_proc->image_path, wcslen(new_proc->image_path), msg, (ULONG)(buf - msg), new_proc->box->session_id, ProcessId);
if (! add_process_to_job)

2
Sandboxie/core/drv/process_util.c
View File

@ -972,7 +972,7 @@ _FX void Process_LogMessage(PROCESS *proc, ULONG msgid)
BOX *box = proc->box;
ULONG len = proc->image_name_len + box->name_len + 8 * sizeof(WCHAR);
WCHAR *text = Mem_Alloc(proc->pool, len);
swprintf(text, L"%s [%s]", proc->image_name, box->name);
RtlStringCbPrintfW(text, len, L"%s [%s]", proc->image_name, box->name);
if (proc->image_from_box)
wcscat(text, L" *");
Log_MsgP1(msgid, text, proc->pid);

6
Sandboxie/core/drv/syscall.c
View File

@ -253,6 +253,8 @@ _FX BOOLEAN Syscall_Init_List(void)
for (name_len = 0; (name_len < 64) && name[name_len]; ++name_len)
;
//DbgPrint(" Found SysCall %s\n", name);
entry = NULL;
//
@ -857,7 +859,7 @@ _FX NTSTATUS Syscall_Api_Invoke(PROCESS *proc, ULONG64 *parms)
if (hConnection)
{
WCHAR trace_str[128];
swprintf(trace_str, L"[syscall] %.*S, status = 0x%X, handle = %X; ", //59 chars + entry->name
RtlStringCbPrintfW(trace_str, sizeof(trace_str), L"[syscall] %.*S, status = 0x%X, handle = %X; ", //59 chars + entry->name
max(strlen(entry->name), 64), entry->name,
status, hConnection);
const WCHAR* strings[3] = { trace_str, puStr ? puStr->Buffer : NULL, NULL };
@ -870,7 +872,7 @@ _FX NTSTATUS Syscall_Api_Invoke(PROCESS *proc, ULONG64 *parms)
if (!traced && ((proc->call_trace & TRACE_ALLOW) || ((status != STATUS_SUCCESS) && (proc->call_trace & TRACE_DENY))))
{
WCHAR trace_str[128];
swprintf(trace_str, L"[syscall] %.*S, status = 0x%X", //59 chars + entry->name
RtlStringCbPrintfW(trace_str, sizeof(trace_str), L"[syscall] %.*S, status = 0x%X", //59 chars + entry->name
max(strlen(entry->name), 64), entry->name,
status);
const WCHAR* strings[2] = { trace_str, NULL };

2
Sandboxie/core/drv/syscall_64.c
View File

@ -298,6 +298,8 @@ _FX void *Syscall_GetServiceTable(void)
if (ShadowTable)
return ShadowTable;
// Hard Offset Dependency
//
// the shadow table should be 0x40 bytes before the master table,
// on Windows XP (64-bit),

12
Sandboxie/core/drv/syscall_open.c
View File

@ -198,7 +198,7 @@ _FX NTSTATUS Syscall_CheckObject(
puName = &Name->Name;
WCHAR msg[256];
swprintf(msg, L"%S (%08X) access=%08X initialized=%d", syscall_entry->name, status, HandleInfo->GrantedAccess, proc->initialized);
RtlStringCbPrintfW(msg, sizeof(msg), L"%S (%08X) access=%08X initialized=%d", syscall_entry->name, status, HandleInfo->GrantedAccess, proc->initialized);
Log_Msg_Process(MSG_2101, msg, puName != NULL ? puName->Buffer : L"Unnamed object", -1, proc->pid);
}
@ -270,7 +270,7 @@ _FX NTSTATUS Syscall_OpenHandle(
|| wcsncmp(&puName->Buffer[4], L"Volume", 6) == 0) // \??\Volume{2b985816-4b6f-11ea-bd33-48a4725d5bbe}
{
WCHAR access_str[24];
swprintf(access_str, L"(DD) %08X", DesiredAccess);
RtlStringCbPrintfW(access_str, sizeof(access_str), L"(DD) %08X", DesiredAccess);
Log_Debug_Msg(MONITOR_DRIVE | MONITOR_DENY, access_str, puName->Buffer);
if (proc->file_warn_direct_access) {
@ -318,7 +318,7 @@ _FX NTSTATUS Syscall_OpenHandle(
if (! NewHandle) {
//WCHAR trace_str[128];
//swprintf(trace_str, L"Syscall %.*S security violation terminating process", max(strlen(syscall_entry->name), 64), syscall_entry->name);
//RtlStringCbPrintfW(trace_str, sizeof(trace_str), L"Syscall %.*S security violation terminating process", max(strlen(syscall_entry->name), 64), syscall_entry->name);
//Session_MonitorPut(MONITOR_OTHER, trace_str, PsGetCurrentProcessId());
Process_SetTerminated(proc, 6);
@ -385,7 +385,7 @@ _FX NTSTATUS Syscall_OpenHandle(
if (!NT_SUCCESS(status)) {
//WCHAR trace_str[128];
//swprintf(trace_str, L"Syscall %.*S security violation, status = 0x%X, terminating process", max(strlen(syscall_entry->name), 64), syscall_entry->name, status);
//RtlStringCbPrintfW(trace_str, sizeof(trace_str), L"Syscall %.*S security violation, status = 0x%X, terminating process", max(strlen(syscall_entry->name), 64), syscall_entry->name, status);
//Session_MonitorPut(MONITOR_OTHER, trace_str, PsGetCurrentProcessId());
Process_SetTerminated(proc, 7);
@ -478,7 +478,7 @@ _FX NTSTATUS Syscall_DuplicateHandle(
if (! NewHandle) {
//WCHAR trace_str[128];
//swprintf(trace_str, L"Syscall %.*S security violation terminating process", max(strlen(syscall_entry->name), 64), syscall_entry->name);
//RtlStringCbPrintfW(trace_str, sizeof(trace_str), L"Syscall %.*S security violation terminating process", max(strlen(syscall_entry->name), 64), syscall_entry->name);
//Session_MonitorPut(MONITOR_OTHER, trace_str, PsGetCurrentProcessId());
Process_SetTerminated(proc, 8);
@ -542,7 +542,7 @@ _FX NTSTATUS Syscall_DuplicateHandle(
// }
//
// //WCHAR trace_str[128];
// //swprintf(trace_str, L"Syscall %.*S security violation terminating process", max(strlen(syscall_entry->name), 64), syscall_entry->name);
// //RtlStringCbPrintfW(trace_str, sizeof(trace_str), L"Syscall %.*S security violation terminating process", max(strlen(syscall_entry->name), 64), syscall_entry->name);
// //Session_MonitorPut(MONITOR_OTHER, trace_str, PsGetCurrentProcessId());
//
// Process_SetTerminated(proc, 9);

4
Sandboxie/core/drv/thread.c
View File

@ -579,6 +579,8 @@ _FX NTSTATUS Thread_MyImpersonateClient(
NTSTATUS status = PsImpersonateClient(ThreadObject, TokenObject,
CopyOnOpen, EffectiveOnly, SecurityIdentification);
// Hard Offset Dependency
// ***** ImpersonationInfo_offset is the offset of ClientSecurity field in nt!ETHREAD structure *****
if (NT_SUCCESS(status) && TokenObject) {
@ -1074,7 +1076,7 @@ trace:
Letter2 = 0;
if (Letter2) {
swprintf(str, L"(%c%c) %08X %06d",
RtlStringCbPrintfW(str, sizeof(str), L"(%c%c) %08X %06d",
Letter1, Letter2, GrantedAccess, (int)pid);
Log_Debug_Msg(MONITOR_IPC | MONITOR_TRACE, str, Driver_Empty);
}

29
Sandboxie/core/drv/token.c
View File

@ -483,6 +483,15 @@ _FX void *Token_FilterPrimary(PROCESS *proc, void *ProcessObject)
DropRights = (proc->drop_rights ? -1 : 0);
//
// special allowance for MSIServer - does not seam to be needed with the CreateWaitableTimerW hook
//
//if (DropRights && !proc->image_from_box && _wcsicmp(proc->image_name, L"msiexec.exe") == 0
// && Conf_Get_Boolean(proc->box->name, L"MsiInstallerExemptions", 0, FALSE))
//{
// DropRights = 0;
//}
// DbgPrint(" Drop rights %d - %d <%S>\n", proc->drop_rights, proc->pid, proc->image_name);
ReturnToken = Token_Filter(
@ -1238,7 +1247,19 @@ _FX void *Token_RestrictHelper1(
PSID NewSid = NULL;
// SbieLogin BEGIN
//
// Alternative (less secure) workaround for msi issue started with windows 17763
// the workaround in Proc_CreateProcessInternalW_RS5 makes solves thsi usse well
//
//if (!proc->image_from_box && _wcsicmp(proc->image_name, L"msiexec.exe") == 0
// && RtlEqualSid(SidInToken, SystemLogonSid)
// && Conf_Get_Boolean(proc->box->name, L"MsiInstallerExemptions", 0, FALSE))
//{
// //DbgPrint("Sbie, MsiServer was allowed to keep its system token\n");
//}
//else
// SbieLogin BEGIN
if (Conf_Get_Boolean(proc->box->name, L"SandboxieLogon", 0, FALSE))
{
if (SandboxieLogonSid[0] != 0)
@ -1558,6 +1579,8 @@ _FX NTSTATUS Token_AssignPrimaryHandle(
// on Windows Vista and later, we need to clear the PrimaryTokenFrozen
// bit in the EPROCESS structure before we can replace the primary token
// Hard Offset Dependency
// dt nt!_eprocess
if (Driver_OsVersion >= DRIVER_WINDOWS_VISTA) {
@ -1647,6 +1670,10 @@ _FX NTSTATUS Token_AssignPrimaryHandle(
}
/*WCHAR msg[256];
swprintf(msg, L"BAM: Flags2_Offset=%d MitigationFlags_Offset=%d SignatureLevel_Offset=%d\n", Flags2_Offset, MitigationFlags_Offset, SignatureLevel_Offset);
Session_MonitorPut(MONITOR_OTHER, msg, PsGetCurrentProcessId());*/
#endif _WIN64
PtrPrimaryTokenFrozen = (ULONG *)((UCHAR *)ProcessObject + Flags2_Offset);