mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

Merge pull request #2 from sandboxie-plus/master 

update
This commit is contained in:
Sebastian G 2021-02-22 17:58:47 +01:00 committed by GitHub
parent b1ee122771 9317448c97
commit d8c01f1304
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
57 changed files with 8443 additions and 4360 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
CHANGELOG.md
View File

@ -11,6 +11,36 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [0.7.1 / 5.48.5] - 2021-02-21
### Added
- enhanced RpcMgmtSetComTimeout handing with "UseRpcMgmtSetComTimeout=some.dll,n"
-- this option allows to specify if RpcMgmtSetComTimeout should be used or not for each individual dll
-- this setting takes precedence over hard-coded and per-process presets
-- "UseRpcMgmtSetComTimeout=some.dll" and "UseRpcMgmtSetComTimeout=some.dll,y" are equivalent
- added "FakeAdminRights=y" option that makes processes in a given box think they have admin permissions
-- this option is recommended to be used in combination with "DropAdminRights=y" to improve security
-- with "FakeAdminRights=y" and "DropAdminRights=y" installers should still work
- added RPC support for SSDP API (the Simple Service Discovery Protocol), Enable with "OpenUPnP=y"
### Changed
- SbieCrypto no longer triggers message 1313
- changed enum process API; now more than 511 processes per box can be enumerated (no limit)
- reorganized box settings a bit
- made COM tracing more verbose
- "RpcMgmtSetComTimeout=y" is now again the default behaviour, seams to cause less issues overall
### Fixed
- fixed issues with webcam access when the DevCMApi filtering is in place
- fixed issue with free download manager for 'AppXDeploymentClient.dll' RpcMgmtSetComTimeout=y is used
- fixed not all WinRM files were blocked by the driver, with "BlockWinRM=n" this file block can be disabled
## [0.7.0 / 5.48.0] - 2021-02-14
### Added
@ -27,8 +57,9 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Fixed
- FIXED SECURITY ISSUE: elevated sandboxed processes could access volumes/disks for reading (thanks hg421)
-- this protection option can be disabled by using "AllowRawDiskRead=y"
- fixed crash issue around SetCurrentProcessExplicitAppUserModelID observed with GoogleUpdate.exe
- fixed issue with resource monitor sort by timestamp
- fixed issue with Resource Monitor sort by timestamp
- FIXED SECURITY ISSUE: a race condition in the driver allowed to obtain an elevated rights handle to a process (thanks typpos)
- FIXED SECURITY ISSUE: "\RPC Control\samss lpc" is now filtered by the driver (thanks hg421)
-- this allowed elevated processes to change passwords, delete users and alike; to disable filtering use "OpenSamEndpoint=y"
@ -208,8 +239,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
-- Note: sandboxed services with a system token are still sandboxed and restricted
-- However not granting them a system token in the first place removes possible exploit vectors
-- Note: this option is not compatible with "ProtectRpcSs=y" and takes precedence!
- Reworked dynamic IPC port handling
- Improved Resource Monitor status strings
- reworked dynamic IPC port handling
- improved Resource Monitor status strings
### Fixed
- FIXED SECURITY ISSUE: processes could spawn processes outside the sandbox (thanks Diversenok)
@ -239,7 +270,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- fixed a few issues with group handling
- fixed issue with GetRawInputDeviceInfo when running a 32 bit program on a 64 bit system
- fixed issue when pressing apply in the "Resource Access" tab; the last edited value was not always applied
- fixed issue merging entries in resource access monitor
- fixed issue merging entries in Resource Access Monitor
@ -417,10 +448,10 @@ This project adheres to [Semantic Versioning](http://semver.org/).
-- Note: without an unrestricted token with this option applications won't be able to start
- added debug option "NoSysCallHooks=y" it disables the sys call processing by the driver
-- Note: without an unrestricted token with this option applications won't be able to start
- added ability to record verbose access traces to the resource monitor
- added ability to record verbose access traces to the Resource Monitor
-- use ini options "FileTrace=*", "PipeTrace=*", "KeyTrace=*", "IpcTrace=*", "GuiTrace=*" to record all events
-- replace "*" to log only: "A" - allowed, "D" - denied, or "I" - ignore events
- added ability to record debug output strings to the resource monitor,
- added ability to record debug output strings to the Resource Monitor
-- use ini option DebugTrace=y to enable
### Changed
@ -507,7 +538,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
-- filesystem is saved incrementally, the snapshots built upon each other
-- each snapshot gets a full copy of the box registry for now
-- each snapshot can have multiple children snapshots
- added access status to resource monitor
- added access status to Resource Monitor
- added setting to change border width
- added snapshot manager UI to SandMan
- added template to enable authentication with an Yubikey or comparable 2FA device
@ -531,7 +562,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [0.3.5 / 5.42.1] - 2020-07-19
### Added
- Added settings window
- added settings window
- added translation support
- added dark theme
- added auto start option
@ -555,27 +586,27 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Added
- API_QUERY_PROCESS_INFO can be now used to get the original process token of sandboxed processes
-- Note: this capability is used by TaskExplorer to allow inspecting sandbox internal tokens
- Added option "KeepTokenIntegrity=y" to make the Sbie token keep its initial integrity level (debug option)
- added option "KeepTokenIntegrity=y" to make the Sbie token keep its initial integrity level (debug option)
-- Note: Do NOT USE Debug Options if you don't know their security implications (!)
- Added process id to log messages very useful for debugging
- Added finder to resource log
- Added option to hide host processes "HideHostProcess=[name]"
- added process id to log messages very useful for debugging
- added finder to resource log
- added option to hide host processes "HideHostProcess=[name]"
-- Note: Sbie hides by default processes from other boxes, this behaviour can now be controlled with "HideOtherBoxes=n"
- Sandboxed RpcSs and DcomLaunch can now be run as system with the option "ProtectRpcSs=y" however this breaks sandboxed explorer and other
- Built In Clsid whitelist can now be disabled with "OpenDefaultClsid=n"
- Processes can be now terminated with the del key, and require a confirmation
- Added sandboxed window border display to SandMan.exe
- Added notification for Sbie log messages
- Added Sandbox Presets sub menu allowing to quickly change some settings
- added sandboxed window border display to SandMan.exe
- added notification for Sbie log messages
- added Sandbox Presets sub menu allowing to quickly change some settings
-- Enable/Disable API logging, logapi_dll's are now distributed with SbiePlus
-- And other: Drop admin rights; Block/Allow internet access; Block/Allow access to files on the network
- Added more info to the sandbox status column
- Added path column to SbieModel
- Added info tooltips in SbieView
- added more info to the sandbox status column
- added path column to SbieModel
- added info tooltips in SbieView
### Changed
- Reworked ApiLog, added PID and PID filter
- Auto config reload on in change is now delayed by 500ms to not reload multiple times on incremental changes
- reworked ApiLog, added PID and PID filter
- auto config reload on in change is now delayed by 500ms to not reload multiple times on incremental changes
- Sandbox names now replace "_" with " " for display allowing to use names that are made of separated words
### Fixed
@ -611,8 +642,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Added
- added different sandbox icons for different types
-- Red LogAPI/BSA enabled
-- More to come :D
- Added progress window for async operations that take time
-- more to come :D
- added progress window for async operations that take time
- added DPI awareness
- the driver file is now obfuscated to avoid false positives
- additional debug options to Sandboxie.ini OpenToken=y that combines UnrestrictedToken=y and UnfilteredToken=y
@ -633,9 +664,9 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Added
- IniWatcher, no more clicking reload, the ini is now reloaded automatically every time it changes
- Added Maintenance menu to the Sandbox menu, allowing to install/uninstall and start/stop Sandboxie driver, service
- added Maintenance menu to the Sandbox menu, allowing to install/uninstall and start/stop Sandboxie driver, service
- SandMan.exe now is packed with Sbie files and when no Sbie is installed acts as a portable installation
- Added option to clean up logs
- added option to clean up logs
### Changed
- Sbie driver now first checks the home path for the Sbie ini before checking SystemRoot
@ -643,7 +674,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Fixed
- FIXED SECURITY ISSUE: sandboxed processes could obtain a write handle on non sandboxed processes (thanks Diversenok)
-- this allowed to inject code in non sandboxed processes
- Fixed issue boxed services not starting when the path contained a space
- fixed issue boxed services not starting when the path contained a space
- NtQueryInformationProcess now returns the proper sandboxed path for sandboxed processes
@ -651,13 +682,13 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [0.1 / 5.40.2] - 2020-06-01
### Added
- Created a new Qt based UI names SandMan (Sandboxie Manager)
- Resource monitor now shows the PID
- Added basic API call log using updated BSA LogApiDll
- created a new Qt based UI names SandMan (Sandboxie Manager)
- Resource Monitor now shows the PID
- added basic API call log using updated BSA LogApiDll
### Changed
- reworked resource monitor to work with multiple event consumers
- reworked Resource Monitor to work with multiple event consumers
- reworked log to work with multiple event consumers
@ -670,4 +701,3 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Fixed
- fixed "Windows Installer Service could not be accessed" that got introduced with Windows 1903

2
Sandboxie/apps/com/BITS/bits.c
View File

@ -125,6 +125,8 @@ int __stdcall WinMain(
BOOL hook_success = TRUE;
BOOL ok;
Check_Windows_7();
SetupExceptionHandler();
HOOK_WIN32(CoImpersonateClient);

40
Sandboxie/apps/com/Crypto/crypto.c
View File

@ -47,6 +47,7 @@ const WCHAR *ServiceTitle = SANDBOXIE L" Crypto";
static ULONG_PTR __sys_DuplicateHandle = 0;
static ULONG_PTR __sys_CreateFileW = 0;
//---------------------------------------------------------------------------
@ -126,6 +127,41 @@ ALIGNED BOOL my_DuplicateHandle(
}
//---------------------------------------------------------------------------
// my_CreateFileW
//---------------------------------------------------------------------------
ALIGNED HANDLE my_CreateFileW(
LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile)
{
typedef HANDLE(*P_CreateFileW)(
LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile);
//
// prevent SBIE1313, dont even try to access the block devcie for raw reading
//
if (_wcsnicmp(lpFileName, L"\\\\.\\PhysicalDrive", 17) == 0 && wcschr(lpFileName + 17, L'\\') == NULL) {
if (dwDesiredAccess == GENERIC_READ)
dwDesiredAccess = 0;
}
return ((P_CreateFileW)__sys_CreateFileW)(lpFileName, dwDesiredAccess, dwShareMode,
lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}
//---------------------------------------------------------------------------
// WinMain
//---------------------------------------------------------------------------
@ -148,10 +184,14 @@ int __stdcall WinMain(
return STATUS_LICENSE_QUOTA_EXCEEDED;
}
Check_Windows_7();
SetupExceptionHandler();
HOOK_WIN32(DuplicateHandle);
HOOK_WIN32(CreateFileW);
// hook privilege-related functions
if (! Hook_Privilege())
return EXIT_FAILURE;

2
Sandboxie/apps/com/WUAU/wuau.c
View File

@ -196,6 +196,8 @@ int __stdcall WinMain(
OSVERSIONINFO osvi;
//BOOL ok;
Check_Windows_7();
SetupExceptionHandler();
HOOK_WIN32(CreateProcessW);

2
Sandboxie/apps/control/BoxPage.cpp
View File

@ -966,7 +966,7 @@ void CBoxPage::Appearance_OnOK(CBox &box)
BOOL enable = (pCheckBox3->GetCheck() == BST_CHECKED ? TRUE : FALSE);
BOOL title = (pCheckBox4->GetCheck() == BST_CHECKED ? TRUE : FALSE);
CString str;
GetDlgItem(ID_MIGRATE_KB)->GetWindowText(str);
GetDlgItem(ID_BORDER_WIDTH)->GetWindowText(str);
int width = _wtoi(str);
ok = box.SetBorder(enable, Appearance_BorderColor, title, width);
}

1
Sandboxie/common/defines.h
View File

@ -92,6 +92,7 @@ typedef enum {
GAME_CONFIG_STORE_PORT,
SMART_CARD_PORT,
BT_PORT,
SSDP_PORT,
NUM_DYNAMIC_PORTS
} ENUM_DYNAMIC_PORT_TYPE;

6
Sandboxie/common/my_version.h
View File

@ -21,9 +21,9 @@
#ifndef _MY_VERSION_H
#define _MY_VERSION_H
#define MY_VERSION_BINARY 5,48,0
#define MY_VERSION_STRING "5.48.0"
#define MY_VERSION_COMPAT "5.48.0" // this refers to the driver ABI compatibility
#define MY_VERSION_BINARY 5,48,5
#define MY_VERSION_STRING "5.48.5"
#define MY_VERSION_COMPAT "5.48.5" // this refers to the driver ABI compatibility
// These #defines are used by either Resource Compiler, or by NSIC installer
#define SBIE_INSTALLER_PATH "..\\Bin\\"

6
Sandboxie/common/win32_ntddk.h
View File

@ -2189,6 +2189,12 @@ __declspec(dllimport) NTSTATUS __stdcall NtPrivilegeCheck(
typedef NTSTATUS (*P_RtlQueryElevationFlags)(ULONG *Flags);
typedef NTSTATUS (*P_RtlCheckTokenMembershipEx)(
HANDLE tokenHandle,
PSID sidToCheck,
DWORD flags,
PBOOL isMember);
__declspec(dllimport) NTSTATUS RtlQueryElevationFlags(ULONG *Flags);
__declspec(dllimport) NTSTATUS __stdcall NtContinue(

2
Sandboxie/core/dll/SboxDll32.def
View File

@ -20,7 +20,7 @@ SbieApi_CheckInternetAccess=_SbieApi_CheckInternetAccess@12
SbieApi_DisableForceProcess=_SbieApi_DisableForceProcess@8
SbieApi_EnumBoxes=_SbieApi_EnumBoxes@8
SbieApi_EnumProcessEx=_SbieApi_EnumProcessEx@16
SbieApi_EnumProcessEx=_SbieApi_EnumProcessEx@20
SbieApi_GetFileName=_SbieApi_GetFileName@12
SbieApi_GetHomePath=_SbieApi_GetHomePath@16

28
Sandboxie/core/dll/com.c
View File

@ -156,7 +156,7 @@ static void Com_Trace(
static void Com_Trace2(
const WCHAR* TraceType, REFCLSID rclsid, REFIID riid,
ULONG ProcNum, HRESULT hr, USHORT monflag);
ULONG ProcNum, ULONG clsctx, HRESULT hr, USHORT monflag);
static void Com_Monitor(REFCLSID rclsid, USHORT monflag);
@ -599,8 +599,8 @@ _FX HRESULT Com_CoGetClassObject(
hr = __sys_CoGetClassObject(rclsid, clsctx, pServerInfo, riid, ppv);
}
Com_Trace2(TraceType, rclsid, riid, 0, clsctx, hr, monflag);
if (clsctx & CLSCTX_LOCAL_SERVER) {
Com_Trace2(TraceType, rclsid, riid, 0, hr, monflag);
if(!Com_TraceFlag) Com_Monitor(rclsid, monflag);
}
@ -646,14 +646,14 @@ _FX HRESULT Com_CoGetObject(
else
monflag |= MONITOR_DENY;
Com_Trace2(TraceType, &clsid, riid, 0, hr, monflag);
if (!Com_TraceFlag) Com_Monitor(&clsid, monflag);
} else {
hr = __sys_CoGetObject(pszName, pBindOptions, riid, ppv);
}
Com_Trace2(TraceType, &clsid, riid, 0, 0, hr, monflag);
if (!Com_TraceFlag) Com_Monitor(&clsid, monflag);
return hr;
}
@ -699,8 +699,8 @@ _FX HRESULT Com_CoCreateInstance(
hr = __sys_CoCreateInstance(rclsid, pUnkOuter, clsctx, riid, ppv);
}
Com_Trace2(TraceType, rclsid, riid, 0, clsctx, hr, monflag);
if (clsctx & CLSCTX_LOCAL_SERVER) {
Com_Trace2(TraceType, rclsid, riid, 0, hr, monflag);
if (!Com_TraceFlag) Com_Monitor(rclsid, monflag);
}
@ -808,11 +808,11 @@ _FX HRESULT Com_CoCreateInstanceEx(
rclsid, pUnkOuter, clsctx, pServerInfo, cmq, pmqs);
}
if (clsctx & CLSCTX_LOCAL_SERVER) {
for (i = 0; i < cmq; ++i) {
MULTI_QI *mqi = &pmqs[i];
Com_Trace2(TraceType, rclsid, mqi->pIID, 0, mqi->hr, monflag);
for (i = 0; i < cmq; ++i) {
MULTI_QI *mqi = &pmqs[i];
Com_Trace2(TraceType, rclsid, mqi->pIID, 0, clsctx, mqi->hr, monflag);
if (clsctx & CLSCTX_LOCAL_SERVER) {
if (!Com_TraceFlag) Com_Monitor(rclsid, monflag);
}
}
@ -3311,12 +3311,12 @@ _FX void Com_Trace(
const WCHAR* TraceType, REFCLSID rclsid, REFIID riid,
ULONG ProcNum, HRESULT hr)
{
Com_Trace2(TraceType, rclsid, riid, ProcNum, hr, MONITOR_TRACE);
Com_Trace2(TraceType, rclsid, riid, ProcNum, 0, hr, MONITOR_TRACE);
}
_FX void Com_Trace2(
const WCHAR* TraceType, REFCLSID rclsid, REFIID riid,
ULONG ProcNum, HRESULT hr, USHORT monflag)
ULONG ProcNum, ULONG clsctx, HRESULT hr, USHORT monflag)
{
WCHAR *text;
WCHAR *ptr;
@ -3325,7 +3325,7 @@ _FX void Com_Trace2(
return;
text = Com_Alloc(1024 * sizeof(WCHAR));
ptr = text + Sbie_snwprintf(text, 1024, L"COM %s <%08X> ", TraceType, hr);
ptr = text + Sbie_snwprintf(text, 1024, L"COM <%08X> %s <%08X> ", clsctx, TraceType, hr);
if (rclsid) {
Com_Trace_Guid(ptr, rclsid, L"CLSID");

140
Sandboxie/core/dll/config.c
View File

@ -24,6 +24,7 @@
#include "dll.h"
#include "common/pool.h"
#include "common\pattern.h"
#include "core/svc/SbieIniWire.h"
//---------------------------------------------------------------------------
// Functions
@ -398,4 +399,143 @@ BOOLEAN SbieDll_GetBorderColor(const WCHAR* box_name, COLORREF* color, BOOL* tit
if (width) *width = _wtoi(ptr);
return TRUE;
}
//---------------------------------------------------------------------------
// SbieDll_MatchImage
//---------------------------------------------------------------------------
BOOLEAN SbieDll_MatchImage_Impl(const WCHAR* pat_str, ULONG pat_len, const WCHAR* test_str, const WCHAR* BoxName, ULONG depth)
{
if (*pat_str == L'<') {
ULONG index;
WCHAR buf[CONF_LINE_LEN];
if (depth >= 6)
return FALSE;
for (index = 0; ; ++index) {
//
// get next process group setting, compare to passed group name.
// if the setting is <passed_group_name>= then we accept it.
//
NTSTATUS status = SbieApi_QueryConfAsIs(
BoxName, L"ProcessGroup", index, buf, CONF_LINE_LEN * sizeof(WCHAR));
if (!NT_SUCCESS(status))
break;
WCHAR* value = buf;
ULONG value_len = wcslen(value);
if (value_len <= pat_len + 1)
continue;
if (_wcsnicmp(value, pat_str, pat_len) != 0)
continue;
value += pat_len;
if (*value != L',')
continue;
++value;
//
// value now points at the comma-separated
// list of processes in this process group
//
while (*value) {
WCHAR* ptr = wcschr(value, L',');
if (ptr)
value_len = (ULONG)(ULONG_PTR)(ptr - value);
else
value_len = wcslen(value);
if (value_len) {
if (SbieDll_MatchImage_Impl(value, value_len, test_str, BoxName, depth + 1))
return TRUE;
}
value += value_len;
while (*value == L',')
++value;
}
}
}
else {
ULONG test_len = wcslen(test_str);
if (test_len == pat_len)
return (_wcsnicmp(test_str, pat_str, test_len) == 0);
}
return FALSE;
}
BOOLEAN SbieDll_MatchImage(const WCHAR* pat_str, const WCHAR* test_str, const WCHAR* BoxName)
{
ULONG pat_len = wcslen(pat_str);
return SbieDll_MatchImage_Impl(pat_str, pat_len, test_str, BoxName, 1);
}
//---------------------------------------------------------------------------
// CheckStringInList
//---------------------------------------------------------------------------
BOOLEAN SbieDll_CheckStringInList(const WCHAR* string, const WCHAR* boxname, const WCHAR* setting)
{
WCHAR buf[66];
ULONG index = 0;
while (1) {
NTSTATUS status = SbieApi_QueryConfAsIs(boxname, setting, index, buf, 64 * sizeof(WCHAR));
++index;
if (NT_SUCCESS(status)) {
if (_wcsicmp(buf, string) == 0) {
return TRUE;
}
}
else if (status != STATUS_BUFFER_TOO_SMALL)
break;
}
return FALSE;
}
//---------------------------------------------------------------------------
// CheckStringInList
//---------------------------------------------------------------------------
SBIEDLL_EXPORT BOOLEAN SbieDll_GetBoolForStringFromList(const WCHAR* string, const WCHAR* boxname, const WCHAR* setting, BOOLEAN def_found, BOOLEAN not_found)
{
WCHAR buf[128];
ULONG index = 0;
while (1) {
NTSTATUS status = SbieApi_QueryConfAsIs(boxname, setting, index, buf, 64 * sizeof(WCHAR));
++index;
if (NT_SUCCESS(status)) {
WCHAR* ptr = wcschr(buf, L',');
if (ptr) *ptr = L'\0';
if (_wcsicmp(buf, string) == 0) {
if (ptr++) {
if (*ptr == L'y' || *ptr == L'Y')
return TRUE;
if (*ptr == L'n' || *ptr == L'N')
return FALSE;
}
return def_found;
}
}
else if (status != STATUS_BUFFER_TOO_SMALL)
break;
}
return not_found;
}

109
Sandboxie/core/dll/custom.c
View File

@ -23,7 +23,6 @@
#include "dll.h"
#include "common/my_version.h"
#include "core/svc/SbieIniWire.h"
#include <stdio.h>
@ -1475,111 +1474,3 @@ _FX void Custom_Load_UxTheme(void)
}
}
}
//---------------------------------------------------------------------------
// SbieDll_MatchImage
//---------------------------------------------------------------------------
BOOLEAN SbieDll_MatchImage_Impl(const WCHAR* pat_str, ULONG pat_len, const WCHAR* test_str, const WCHAR* BoxName, ULONG depth)
{
if (*pat_str == L'<') {
ULONG index;
WCHAR buf[CONF_LINE_LEN];
if (depth >= 6)
return FALSE;
for (index = 0; ; ++index) {
//
// get next process group setting, compare to passed group name.
// if the setting is <passed_group_name>= then we accept it.
//
NTSTATUS status = SbieApi_QueryConfAsIs(
BoxName, L"ProcessGroup", index, buf, CONF_LINE_LEN * sizeof(WCHAR));
if (!NT_SUCCESS(status))
break;
WCHAR* value = buf;
ULONG value_len = wcslen(value);
if (value_len <= pat_len + 1)
continue;
if (_wcsnicmp(value, pat_str, pat_len) != 0)
continue;
value += pat_len;
if (*value != L',')
continue;
++value;
//
// value now points at the comma-separated
// list of processes in this process group
//
while (*value) {
WCHAR* ptr = wcschr(value, L',');
if (ptr)
value_len = (ULONG)(ULONG_PTR)(ptr - value);
else
value_len = wcslen(value);
if (value_len) {
if (SbieDll_MatchImage_Impl(value, value_len, test_str, BoxName, depth + 1))
return TRUE;
}
value += value_len;
while (*value == L',')
++value;
}
}
}
else {
ULONG test_len = wcslen(test_str);
if (test_len == pat_len)
return (_wcsnicmp(test_str, pat_str, test_len) == 0);
}
return FALSE;
}
BOOLEAN SbieDll_MatchImage(const WCHAR* pat_str, const WCHAR* test_str, const WCHAR* BoxName)
{
ULONG pat_len = wcslen(pat_str);
return SbieDll_MatchImage_Impl(pat_str, pat_len, test_str, BoxName, 1);
}
//---------------------------------------------------------------------------
// CheckStringInList
//---------------------------------------------------------------------------
BOOLEAN SbieDll_CheckStringInList(const WCHAR* string, const WCHAR* boxname, const WCHAR* setting)
{
WCHAR buf[66];
ULONG index = 0;
while (1) {
NTSTATUS status = SbieApi_QueryConfAsIs(boxname, setting, index, buf, 64 * sizeof(WCHAR));
++index;
if (NT_SUCCESS(status)) {
if (_wcsicmp(buf, string) == 0) {
return TRUE;
}
}
else if (status != STATUS_BUFFER_TOO_SMALL)
break;
}
return FALSE;
}

6
Sandboxie/core/dll/dll.h
View File

@ -217,6 +217,11 @@ typedef struct _THREAD_DATA {
ULONG SizeofPortMsg;
BOOLEAN bOperaFileDlgThread;
//
// rpc module
//
ULONG_PTR rpc_caller;
} THREAD_DATA;
@ -643,6 +648,7 @@ BOOLEAN Ole_Init(HMODULE);
BOOLEAN Pst_Init(HMODULE);
BOOLEAN Lsa_Init_Secur32(HMODULE);
BOOLEAN Lsa_Init_SspiCli(HMODULE);
BOOLEAN Setup_Init_SetupApi(HMODULE);

23
Sandboxie/core/dll/dllpath.c
View File

@ -228,13 +228,20 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
return 0;
}
if (path_code == L'p') {
if (path_code == L'f') {
monflag = MONITOR_FILE;
} else if (path_code == L'k') {
monflag = MONITOR_KEY;
} else if (path_code == L'p') {
path_code = L'f';
monflag = MONITOR_PIPE;
} else if (path_code == L'i')
} else if (path_code == L'i') {
monflag = MONITOR_IPC;
else
monflag = 0;
if (path && path[0] == L'\\' && path[1] == L'K'
&& (wcsncmp(path, L"\\KnownDlls", 10) == 0)) // this will be traced by the driver
monflag = 0;
} else
monflag = MONITOR_OTHER;
//
// select path list
@ -417,16 +424,20 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
// log access request in the resource access monitor
//
if (monflag) {
if (path && monflag) {
if (PATH_IS_CLOSED(mp_flags))
monflag |= MONITOR_DENY;
// If hts file or key it will be logged by the driver's trace facility
// we only have to log closed events as those never reach the driver
else if (monflag == MONITOR_FILE || monflag == MONITOR_KEY)
bMonitorLog = FALSE;
else if (PATH_IS_OPEN(mp_flags))
monflag |= MONITOR_OPEN;
if (bMonitorLog)
{
SbieApi_MonitorPut2(monflag, path_lwr, bCheckObjectExists);
SbieApi_MonitorPut2(monflag, path, bCheckObjectExists);
}
}

29
Sandboxie/core/dll/file.c
View File

@ -2306,7 +2306,8 @@ _FX NTSTATUS File_NtCreateFile(
// File_NtCreateFileImpl
//---------------------------------------------------------------------------
/*static P_NtCreateFile __sys_NtCreateFile_ = NULL;
/*
static P_NtCreateFile __sys_NtCreateFile_ = NULL;
_FX NTSTATUS File_MyCreateFile(
HANDLE* FileHandle,
@ -2327,9 +2328,11 @@ _FX NTSTATUS File_MyCreateFile(
CreateOptions, EaBuffer, EaLength);
if (ObjectAttributes && ObjectAttributes->ObjectName && ObjectAttributes->ObjectName->Buffer
&& _wcsicmp(ObjectAttributes->ObjectName->Buffer, L"\\??\\C:") == 0)
&& _wcsicmp(ObjectAttributes->ObjectName->Buffer, L"\\??\\PhysicalDrive0") == 0)
{
DebugBreak();
WCHAR text[1024];
Sbie_snwprintf(text, 1024, L"%s <%08X>", ObjectAttributes->ObjectName->Buffer, status);
SbieApi_MonitorPut(MONITOR_OTHER, text);
}
status = StopTailCallOptimization(status);
@ -2376,11 +2379,20 @@ _FX NTSTATUS File_NtCreateFileImpl(
// // __debugbreak();
//}
//if (__sys_NtCreateFile_ == NULL)
//{
// __sys_NtCreateFile_ = __sys_NtCreateFile;
// __sys_NtCreateFile = File_MyCreateFile;
//}
/*if (__sys_NtCreateFile_ == NULL)
{
__sys_NtCreateFile_ = __sys_NtCreateFile;
__sys_NtCreateFile = File_MyCreateFile;
}
if (ObjectAttributes && ObjectAttributes->ObjectName && ObjectAttributes->ObjectName->Buffer
&& _wcsicmp(ObjectAttributes->ObjectName->Buffer, L"\\??\\PhysicalDrive0") == 0)
{
return __sys_NtCreateFile(
FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock,
AllocationSize, FileAttributes, ShareAccess, CreateDisposition,
CreateOptions, EaBuffer, EaLength);
}*/
//
// if this is a recursive invocation of NtCreateFile,
@ -2516,6 +2528,7 @@ ReparseLoop:
&& wcsncmp(ObjectAttributes->ObjectName->Buffer, L"\\??\\", 4) == 0
&& (DesiredAccess & ~(SYNCHRONIZE | READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES)) != 0)
{
if (!SbieApi_QueryConfBool(NULL, L"AllowRawDiskRead", FALSE))
if ((ObjectAttributes->ObjectName->Length == (6 * sizeof(WCHAR)) && ObjectAttributes->ObjectName->Buffer[5] == L':') // \??\C:
|| wcsncmp(&ObjectAttributes->ObjectName->Buffer[4], L"PhysicalDrive", 13) == 0 // \??\PhysicalDrive1
|| wcsncmp(&ObjectAttributes->ObjectName->Buffer[4], L"Volume", 6) == 0) // \??\Volume{2b985816-4b6f-11ea-bd33-48a4725d5bbe}

1
Sandboxie/core/dll/ipc.c
View File

@ -375,6 +375,7 @@ _FX BOOLEAN Ipc_Init(void)
g_Ipc_DynamicPortNames[WPAD_PORT] = Dll_Alloc(DYNAMIC_PORT_NAME_CHARS * sizeof(WCHAR));
g_Ipc_DynamicPortNames[SMART_CARD_PORT] = Dll_Alloc(DYNAMIC_PORT_NAME_CHARS * sizeof(WCHAR));
g_Ipc_DynamicPortNames[BT_PORT] = Dll_Alloc(DYNAMIC_PORT_NAME_CHARS * sizeof(WCHAR));
g_Ipc_DynamicPortNames[SSDP_PORT] = Dll_Alloc(DYNAMIC_PORT_NAME_CHARS * sizeof(WCHAR));
g_Ipc_DynamicPortNames[GAME_CONFIG_STORE_PORT] = Dll_Alloc(DYNAMIC_PORT_NAME_CHARS * sizeof(WCHAR));

90
Sandboxie/core/dll/ldr.c
View File

@ -190,12 +190,17 @@ static P_NtLoadDriver __sys_NtLoadDriver = NULL;
P_LdrGetDllHandleEx __sys_LdrGetDllHandleEx = NULL;
static P_Ldr_CallOneDllCallback __my_Ldr_CallOneDllCallback = NULL;
static P_NtOpenThreadToken __sys_NtOpenThreadToken = NULL;
static P_RtlEqualSid __sys_RtlEqualSid = NULL;
P_RtlEqualSid __sys_RtlEqualSid = NULL;
extern ULONG Dll_Windows;
extern BOOLEAN Secure_Is_IE_NtQueryInformationToken;
extern BOOLEAN Secure_FakeAdmin;
//---------------------------------------------------------------------------
// Variables
//---------------------------------------------------------------------------
@ -487,7 +492,7 @@ _FX BOOLEAN Ldr_Init()
Ldr_Callbacks = Dll_Alloc(sizeof(ULONG_PTR) * LDR_NUM_CALLBACKS);
memzero(Ldr_Callbacks, sizeof(ULONG_PTR) * LDR_NUM_CALLBACKS);
if (Dll_OsBuild >= 6000) {
if (Dll_OsBuild >= 6000) { // Windows Vista
SbieDll_RegisterDllCallback(Ldr_MyDllCallbackA);
__my_Ldr_CallOneDllCallback = Ldr_CallOneDllCallback;
}
@ -499,16 +504,31 @@ _FX BOOLEAN Ldr_Init()
//
// hook entrypoints
//
if (Dll_OsBuild >= 9600) {
void* RtlEqualSid = (P_RtlEqualSid)GetProcAddress(Dll_Ntdll, "RtlEqualSid");
SBIEDLL_HOOK(Ldr_, RtlEqualSid);
if (Secure_FakeAdmin || Dll_OsBuild >= 9600) {
void* NtAccessCheckByType = GetProcAddress(Dll_Ntdll, "NtAccessCheckByType");
void* NtAccessCheck = GetProcAddress(Dll_Ntdll, "NtAccessCheck");
void* NtQuerySecurityAttributesToken = GetProcAddress(Dll_Ntdll, "NtQuerySecurityAttributesToken");
void* NtQueryInformationToken = GetProcAddress(Dll_Ntdll, "NtQueryInformationToken");
void* NtAccessCheckByTypeResultList = GetProcAddress(Dll_Ntdll, "NtAccessCheckByTypeResultList");
SBIEDLL_HOOK(Ldr_, NtQuerySecurityAttributesToken);
SBIEDLL_HOOK(Ldr_, NtAccessCheckByType);
SBIEDLL_HOOK(Ldr_, NtAccessCheck);
SBIEDLL_HOOK(Ldr_, NtAccessCheckByTypeResultList);
SBIEDLL_HOOK(Ldr_, NtQueryInformationToken);
}
if (Dll_OsBuild >= 9600) { // Windows 8.1 and later
NTSTATUS rc = 0;
void *NtAccessCheckByType = GetProcAddress(Dll_Ntdll, "NtAccessCheckByType");
void *NtAccessCheck = GetProcAddress(Dll_Ntdll, "NtAccessCheck");
void *NtQuerySecurityAttributesToken = GetProcAddress(Dll_Ntdll, "NtQuerySecurityAttributesToken");
void *NtQueryInformationToken = GetProcAddress(Dll_Ntdll, "NtQueryInformationToken");
void *NtAccessCheckByTypeResultList = GetProcAddress(Dll_Ntdll, "NtAccessCheckByTypeResultList");
void *NtTerminateProcess = (P_NtTerminateProcess)GetProcAddress(Dll_Ntdll, "NtTerminateProcess");
void *RtlEqualSid = (P_RtlEqualSid)GetProcAddress(Dll_Ntdll, "RtlEqualSid");
__sys_LdrRegisterDllNotification = (P_LdrRegisterDllNotification)GetProcAddress(Dll_Ntdll, "LdrRegisterDllNotification");
__sys_LdrUnregisterDllNotification = (P_LdrUnregisterDllNotification)GetProcAddress(Dll_Ntdll, "LdrUnregisterDllNotification");
@ -525,19 +545,13 @@ _FX BOOLEAN Ldr_Init()
}
SBIEDLL_HOOK(Ldr_, NtTerminateProcess);
SBIEDLL_HOOK(Ldr_, NtQueryInformationToken);
SBIEDLL_HOOK(Ldr_, NtQuerySecurityAttributesToken);
SBIEDLL_HOOK(Ldr_, NtAccessCheckByType);
SBIEDLL_HOOK(Ldr_, NtAccessCheck);
SBIEDLL_HOOK(Ldr_, NtAccessCheckByTypeResultList);
SBIEDLL_HOOK(Ldr_Win10_, LdrLoadDll);
SBIEDLL_HOOK(Ldr_, NtLoadDriver);
if (DLL_IMAGE_GOOGLE_CHROME == Dll_ImageType) {
SBIEDLL_HOOK(Ldr_, NtOpenThreadToken);
}
SBIEDLL_HOOK(Ldr_, RtlEqualSid);
}
else {
else { // Windows 8 and before
SBIEDLL_HOOK(Ldr_, LdrLoadDll);
SBIEDLL_HOOK(Ldr_, LdrUnloadDll);
SBIEDLL_HOOK(Ldr_, LdrQueryImageFileExecutionOptions);
@ -564,7 +578,7 @@ _FX BOOLEAN Ldr_Init()
// on Windows 8, we use a hook on NtApphelpCacheControl instead
//
if (Dll_OsBuild < 8400) {
if (Dll_OsBuild < 8400) { // Windows 7 and older
ReadImageFileExecOptions = (UCHAR *)(NtCurrentPeb() + 1);
@ -589,8 +603,8 @@ _FX BOOLEAN Ldr_Init()
// Ldr_LoadInjectDlls();
//
// initialize manifest
//
// initialize manifest
//
Ldr_Inject_Init(FALSE);
Sxs_ActivateDefaultManifest((void *)Ldr_ImageBase);
@ -1367,6 +1381,9 @@ _FX NTSTATUS Ldr_NtLoadDriver(UNICODE_STRING *RegistryPath)
_FX void Ldr_TestToken(HANDLE token, PHANDLE hTokenReal)
{
if (Dll_OsBuild < 9600) // this magic values are available only from windows 8.1 onwards
return;
if ((LONG_PTR)token == LDR_TOKEN_PRIMARY) {
NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY, hTokenReal);
}
@ -1392,8 +1409,10 @@ _FX NTSTATUS Ldr_NtQueryInformationToken(
NTSTATUS status = 0;
THREAD_DATA *TlsData = NULL;
HANDLE hTokenReal = NULL;
BOOLEAN FakeAdmin = FALSE;
Ldr_TestToken(TokenHandle, &hTokenReal);
status = __sys_NtQueryInformationToken(
hTokenReal ? hTokenReal : TokenHandle, TokenInformationClass,
TokenInformation, TokenInformationLength, ReturnLength);
@ -1403,15 +1422,18 @@ _FX NTSTATUS Ldr_NtQueryInformationToken(
NtClose(hTokenReal);
}
if (!Secure_Is_IE_NtQueryInformationToken)
//
// To make the process think we need to chage here a fe values
// we also ensure that tha token belongs to the current process
//
if (Secure_FakeAdmin && (SbieApi_QueryProcessInfoEx(0, 'ippt', (LONG_PTR)hTokenReal)))
{
return status;
FakeAdmin = TRUE;
}
TlsData = Dll_GetTlsData(NULL);
//
// NtQueryInformationToken is hooked only for Internet Explorer.
// NtQueryInformationToken is hooked for Internet Explorer.
//
// if the check occurs during CreateProcess, then return the real
// information, so UAC elevation may occur for the new process.
@ -1420,9 +1442,21 @@ _FX NTSTATUS Ldr_NtQueryInformationToken(
// we are running as Administrator
//
if (NT_SUCCESS(status) && (!TlsData->proc_create_process)) {
TlsData = Dll_GetTlsData(NULL);
if (TokenInformationClass == TokenElevationType) {
if (Secure_Is_IE_NtQueryInformationToken && !TlsData->proc_create_process)
{
FakeAdmin = TRUE;
}
if (NT_SUCCESS(status) && FakeAdmin) {
if (TokenInformationClass == TokenElevation) {
*(BOOLEAN *)TokenInformation = TRUE;
}
else if (TokenInformationClass == TokenElevationType) {
//
// on Vista, fake a return value for a full token
@ -1431,7 +1465,7 @@ _FX NTSTATUS Ldr_NtQueryInformationToken(
*(ULONG *)TokenInformation = TokenElevationTypeFull;
}
if (TokenInformationClass == TokenIntegrityLevel) {
else if (TokenInformationClass == TokenIntegrityLevel) {
//
// on Vista, fake a high integrity level
@ -1519,7 +1553,9 @@ _FX NTSTATUS Ldr_NtAccessCheck(PSECURITY_DESCRIPTOR SecurityDescriptor, HANDLE C
HANDLE hTokenReal = NULL;
Ldr_TestToken(ClientToken, &hTokenReal);
status = __sys_NtAccessCheck(SecurityDescriptor, hTokenReal ? hTokenReal : ClientToken, DesiredAccess, GenericMapping, RequiredPrivilegesBuffer, BufferLength, GrantedAccess, AccessStatus);
if (hTokenReal) {
NtClose(hTokenReal);
}

125
Sandboxie/core/dll/rpcrt.c
View File

@ -43,6 +43,9 @@ static ULONG RpcRt_RpcBindingInqAuthClientEx(
static ULONG RpcRt_RpcBindingFromStringBindingW(
const WCHAR *StringBinding, void **OutBinding);
static ULONG RpcRt_RpcBindingFromStringBindingA(
const CHAR* StringBinding, void** OutBinding);
static RPC_STATUS NsiRpc_NsiRpcRegisterChangeNotification(
LPVOID p1, LPVOID p2, LPVOID p3, LPVOID p4, LPVOID p5, LPVOID p6, LPVOID p7);
@ -52,6 +55,12 @@ static RPC_STATUS RpcRt_RpcBindingCreateW(
RPC_BINDING_HANDLE_OPTIONS_V1 * Options,
RPC_BINDING_HANDLE * Binding);
static RPC_STATUS RpcRt_RpcBindingCreateA(
RPC_BINDING_HANDLE_TEMPLATE_V1_A* Template,
RPC_BINDING_HANDLE_SECURITY_V1_A* Security,
RPC_BINDING_HANDLE_OPTIONS_V1* Options,
RPC_BINDING_HANDLE* Binding);
void *Scm_QueryServiceByName(
const WCHAR *ServiceNm,
ULONG with_service_status, ULONG with_service_config);
@ -91,6 +100,9 @@ typedef ULONG (*P_RpcBindingInqAuthClientEx)(
typedef ULONG (*P_RpcBindingFromStringBindingW)(
const WCHAR *StringBinding, void **OutBinding);
typedef ULONG(*P_RpcBindingFromStringBindingA)(
const CHAR* StringBinding, void** OutBinding);
typedef RPC_STATUS (*P_NsiRpcRegisterChangeNotification)(
LPVOID p1, LPVOID p2, LPVOID p3, LPVOID p4, LPVOID p5, LPVOID p6, LPVOID p7);
@ -100,6 +112,12 @@ typedef RPC_STATUS (*P_RpcBindingCreateW)(
RPC_BINDING_HANDLE_OPTIONS_V1 * Options,
RPC_BINDING_HANDLE * Binding);
typedef RPC_STATUS(*P_RpcBindingCreateA)(
RPC_BINDING_HANDLE_TEMPLATE_V1_A* Template,
RPC_BINDING_HANDLE_SECURITY_V1_A* Security,
RPC_BINDING_HANDLE_OPTIONS_V1* Options,
RPC_BINDING_HANDLE* Binding);
typedef RPC_STATUS (RPC_ENTRY *P_RpcStringBindingComposeW)( TCHAR *ObjUuid, TCHAR *ProtSeq, TCHAR *NetworkAddr, TCHAR *EndPoint, TCHAR *Options, TCHAR **StringBinding);
RPC_STATUS RPC_ENTRY RpcRt_RpcStringBindingComposeW(
TCHAR *ObjUuid,
@ -133,9 +151,12 @@ P_RpcBindingInqAuthClientEx __sys_RpcBindingInqAuthClientEx = NULL;
P_RpcBindingFromStringBindingW __sys_RpcBindingFromStringBindingW = NULL;
P_RpcBindingFromStringBindingA __sys_RpcBindingFromStringBindingA = NULL;
P_NsiRpcRegisterChangeNotification __sys_NsiRpcRegisterChangeNotification = NULL;
P_RpcBindingCreateW __sys_RpcBindingCreateW = NULL;
P_RpcBindingCreateA __sys_RpcBindingCreateA = NULL;
P_RpcMgmtSetComTimeout __sys_RpcMgmtSetComTimeout = NULL;
#define RPC_C_BINDING_TIMEOUT 4
@ -181,7 +202,9 @@ _FX BOOLEAN RpcRt_Init(HMODULE module)
if (Dll_OsBuild >= 6000) // Vista
{
P_RpcBindingFromStringBindingW RpcBindingFromStringBindingW;
P_RpcBindingFromStringBindingA RpcBindingFromStringBindingA;
P_RpcBindingCreateW RpcBindingCreateW;
P_RpcBindingCreateA RpcBindingCreateA;
if ( Dll_OsBuild >= 15063) {
void *RpcStringBindingComposeW;
@ -194,13 +217,23 @@ _FX BOOLEAN RpcRt_Init(HMODULE module)
SBIEDLL_HOOK(RpcRt_, RpcBindingFromStringBindingW);
RpcBindingFromStringBindingA = (P_RpcBindingFromStringBindingA)
Ldr_GetProcAddrNew(DllName_rpcrt4, L"RpcBindingFromStringBindingA", "RpcBindingFromStringBindingA");
SBIEDLL_HOOK(RpcRt_, RpcBindingFromStringBindingA);
RpcBindingCreateW = (P_RpcBindingCreateW)
Ldr_GetProcAddrNew(DllName_rpcrt4, L"RpcBindingCreateW", "RpcBindingCreateW");
SBIEDLL_HOOK(RpcRt_, RpcBindingCreateW);
RpcBindingCreateA = (P_RpcBindingCreateA)
Ldr_GetProcAddrNew(DllName_rpcrt4, L"RpcBindingCreateA", "RpcBindingCreateA");
SBIEDLL_HOOK(RpcRt_, RpcBindingCreateA);
__sys_RpcMgmtSetComTimeout = (P_RpcMgmtSetComTimeout)Ldr_GetProcAddrNew(DllName_rpcrt4, L"RpcMgmtSetComTimeout", "RpcMgmtSetComTimeout");
__use_RpcMgmtSetComTimeout = Config_GetSettingsForImageName_bool(L"RpcMgmtSetComTimeout", FALSE);
__use_RpcMgmtSetComTimeout = Config_GetSettingsForImageName_bool(L"RpcMgmtSetComTimeout", TRUE);
}
WCHAR wsTraceOptions[4];
@ -385,6 +418,29 @@ WCHAR* GetDynamicLpcPortName(ENUM_DYNAMIC_PORT_TYPE portType)
}
//---------------------------------------------------------------------------
// RpcRt_RpcBindingFromStringBindingA
//---------------------------------------------------------------------------
_FX ULONG RpcRt_RpcBindingFromStringBindingA(
const CHAR* StringBinding, void** OutBinding)
{
NTSTATUS status = 0;
THREAD_DATA* TlsData = NULL;
TlsData = Dll_GetTlsData(NULL);
TlsData->rpc_caller = (ULONG_PTR)_ReturnAddress();
status = __sys_RpcBindingFromStringBindingA(StringBinding, OutBinding);
TlsData->rpc_caller = 0;
return status;
}
//---------------------------------------------------------------------------
// RpcRt_RpcBindingFromStringBindingW
//---------------------------------------------------------------------------
@ -433,7 +489,9 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
BOOLEAN use_RpcMgmtSetComTimeout = __use_RpcMgmtSetComTimeout;
ULONG_PTR pRetAddr = (ULONG_PTR)_ReturnAddress();
THREAD_DATA* TlsData = Dll_GetTlsData(NULL);
ULONG_PTR pRetAddr = TlsData->rpc_caller ? TlsData->rpc_caller : (ULONG_PTR)_ReturnAddress();
WCHAR wstrPortName[DYNAMIC_PORT_NAME_CHARS];
memset(wstrPortName, 0, sizeof(wstrPortName));
@ -461,6 +519,7 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
ULONG_PTR hWinHttp = (ULONG_PTR)GetModuleHandle(L"WinHttp.dll");
ULONG_PTR hBtApi = (ULONG_PTR)GetModuleHandle(L"BluetoothApis.dll");
ULONG_PTR hSsdpApi = (ULONG_PTR)GetModuleHandle(L"SSDPAPI.dll"); // A
if (RpcRt_TestCallingModule(pRetAddr, hWinHttp))
{
@ -472,6 +531,11 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
// Bluetooth support service
pwszTempPortName = GetDynamicLpcPortName(BT_PORT);
}
else if (RpcRt_TestCallingModule(pRetAddr, hSsdpApi))
{
// Simple Service Discovery Protocol API
pwszTempPortName = GetDynamicLpcPortName(SSDP_PORT);
}
if (pwszTempPortName != pwszEmpty) {
@ -504,6 +568,9 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
}
}
WCHAR* CallingModule = Trace_FindModuleByAddress((void*)pRetAddr);
if (CallingModule)
use_RpcMgmtSetComTimeout = SbieDll_GetBoolForStringFromList(CallingModule, NULL, L"UseRpcMgmtSetComTimeout", TRUE, use_RpcMgmtSetComTimeout);
RPC_STATUS status;
status = __sys_RpcBindingFromStringBindingW(*wstrPortName ? wstrPortName : StringBinding, OutBinding);
@ -513,8 +580,6 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
{
WCHAR msg[512];
WCHAR* CallingModule = Trace_FindModuleByAddress((void*)pRetAddr);
//Sbie_snwprintf(msg, 512, L"SBIE p=%06d t=%06d RpcBindingFromStringBindingW StringBinding = '%s', BindingHandle = 0x%X, status = 0x%X\n", GetCurrentProcessId(), GetCurrentThreadId(),
Sbie_snwprintf(msg, 512, L"StringBinding = '%s', wstrPortName = '%s', BindingHandle = 0x%X, status = 0x%08X, timeout = %d, caller = '%s'",
StringBinding, wstrPortName, OutBinding, status, use_RpcMgmtSetComTimeout,
@ -529,6 +594,30 @@ _FX ULONG RpcRt_RpcBindingFromStringBindingW(
}
//---------------------------------------------------------------------------
// RpcRt_RpcBindingCreateW
//---------------------------------------------------------------------------
_FX RPC_STATUS RpcRt_RpcBindingCreateA(
__in RPC_BINDING_HANDLE_TEMPLATE_V1_A* Template,
__in_opt RPC_BINDING_HANDLE_SECURITY_V1_A* Security,
__in_opt RPC_BINDING_HANDLE_OPTIONS_V1* Options,
__out RPC_BINDING_HANDLE* Binding)
{
NTSTATUS status = 0;
THREAD_DATA* TlsData = NULL;
TlsData = Dll_GetTlsData(NULL);
TlsData->rpc_caller = (ULONG_PTR)_ReturnAddress();
status = __sys_RpcBindingCreateA(Template, Security, Options, Binding);
TlsData->rpc_caller = 0;
return status;
}
//---------------------------------------------------------------------------
// RpcRt_RpcBindingCreateW
//---------------------------------------------------------------------------
@ -549,7 +638,11 @@ _FX RPC_STATUS RpcRt_RpcBindingCreateW(
__in_opt RPC_BINDING_HANDLE_OPTIONS_V1 * Options,
__out RPC_BINDING_HANDLE * Binding)
{
ULONG_PTR pRetAddr = (ULONG_PTR)_ReturnAddress();
BOOLEAN use_RpcMgmtSetComTimeout = __use_RpcMgmtSetComTimeout;
THREAD_DATA* TlsData = Dll_GetTlsData(NULL);
ULONG_PTR pRetAddr = TlsData->rpc_caller ? TlsData->rpc_caller : (ULONG_PTR)_ReturnAddress();
if ( (memcmp(&Template->ObjectUuid, &MSDTC_UUID, sizeof(GUID)) == 0) && RPC_PROTSEQ_LRPC == Template->ProtocolSequence && !Template->StringEndpoint)
{
@ -573,8 +666,20 @@ _FX RPC_STATUS RpcRt_RpcBindingCreateW(
// Win 10 AU WinRT interface - {88ABCBC3-34EA-76AE-8215-767520655A23}
Template->StringEndpoint = GetDynamicLpcPortName(GAME_CONFIG_STORE_PORT);
}
else
{
ULONG_PTR pAppXDeploymentClient = (ULONG_PTR)GetModuleHandle(L"AppXDeploymentClient.dll");
if (RpcRt_TestCallingModule(pRetAddr, pAppXDeploymentClient)) {
use_RpcMgmtSetComTimeout = TRUE;
}
}
}
WCHAR* CallingModule = Trace_FindModuleByAddress((void*)pRetAddr);
if (CallingModule)
use_RpcMgmtSetComTimeout = SbieDll_GetBoolForStringFromList(CallingModule, NULL, L"UseRpcMgmtSetComTimeout", TRUE, use_RpcMgmtSetComTimeout);
RPC_STATUS status;
status = __sys_RpcBindingCreateW(Template, Security, Options, Binding);
// If there are any IpcTrace options set, then output this debug string
@ -584,20 +689,18 @@ _FX RPC_STATUS RpcRt_RpcBindingCreateW(
WCHAR msg[512];
RPC_CSTR StringUuid;
WCHAR* CallingModule = Trace_FindModuleByAddress((void*)pRetAddr);
__sys_UuidToStringW(&Template->ObjectUuid, &StringUuid);
//Sbie_snwprintf(msg, 512, L"SBIE p=%06d t=%06d RpcBindingCreateW Endpoint = '%s', UUID = %s, status = 0x%X\n", GetCurrentProcessId(), GetCurrentThreadId(),
Sbie_snwprintf(msg, 512, L"Endpoint = '%s', UUID = %s, status = 0x%08X, timeout = %d, caller = '%s'",
Template && Template->StringEndpoint ? Template->StringEndpoint : L"null",
StringUuid, status, __use_RpcMgmtSetComTimeout,
StringUuid, status, use_RpcMgmtSetComTimeout,
CallingModule ? CallingModule : L"unknown");
__sys_RpcStringFreeW(&StringUuid);
//OutputDebugString(msg);
SbieApi_MonitorPut2(MONITOR_IPC | MONITOR_TRACE, msg, FALSE);
}
if (__use_RpcMgmtSetComTimeout) __sys_RpcMgmtSetComTimeout(*Binding, RPC_C_BINDING_TIMEOUT);
if (use_RpcMgmtSetComTimeout) __sys_RpcMgmtSetComTimeout(*Binding, RPC_C_BINDING_TIMEOUT);
return status;
}
@ -648,12 +751,12 @@ void RpcRt_NdrClientCallX(const WCHAR* Function, void* ReturnAddress,PMIDL_STUB_
WCHAR interfaceID[48];
Sbie_StringFromGUID(&rpcInterface->InterfaceId.SyntaxGUID, interfaceID);
Sbie_snwprintf(text, 512, L"Calling %s for interface %s}, %d.%d by %s", Function, interfaceID,
Sbie_snwprintf(text, 512, L"Calling %s UUID = %s}, %d.%d, caller = '%s'", Function, interfaceID,
rpcInterface->InterfaceId.SyntaxVersion.MajorVersion, rpcInterface->InterfaceId.SyntaxVersion.MinorVersion, CallingModule);
}
else
{
Sbie_snwprintf(text, 512, L"Calling %s by %s", Function, CallingModule);
Sbie_snwprintf(text, 512, L"Calling %s caller = '%s'", Function, CallingModule);
}
}
__except (EXCEPTION_EXECUTE_HANDLER) {}

32
Sandboxie/core/dll/sbieapi.c
View File

@ -631,6 +631,19 @@ _FX LONG SbieApi_QueryProcessEx2(
_FX ULONG64 SbieApi_QueryProcessInfo(
HANDLE ProcessId,
ULONG info_type)
{
return SbieApi_QueryProcessInfoEx(ProcessId, info_type, 0);
}
//---------------------------------------------------------------------------
// SbieApi_QueryProcessInfoEx
//---------------------------------------------------------------------------
_FX ULONG64 SbieApi_QueryProcessInfoEx(
HANDLE ProcessId,
ULONG info_type,
ULONG64 ext_data)
{
NTSTATUS status;
__declspec(align(8)) ULONG64 ResultValue;
@ -643,6 +656,7 @@ _FX ULONG64 SbieApi_QueryProcessInfo(
args->process_id.val64 = (ULONG64)(ULONG_PTR)ProcessId;
args->info_type.val64 = (ULONG64)(ULONG_PTR)info_type;
args->info_data.val64 = (ULONG64)(ULONG_PTR)&ResultValue;
args->ext_data.val64 = (ULONG64)(ULONG_PTR)ext_data;
status = SbieApi_Ioctl(parms);
@ -821,16 +835,19 @@ _FX LONG SbieApi_EnumProcessEx(
const WCHAR *box_name, // WCHAR [34]
BOOLEAN all_sessions,
ULONG which_session, // -1 for current session
ULONG *boxed_pids) // ULONG [512]
ULONG *boxed_pids, // ULONG [512]
ULONG *boxed_count)
{
NTSTATUS status;
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
memset(parms, 0, sizeof(parms));
parms[0] = API_ENUM_PROCESSES;
parms[1] = (ULONG64)(ULONG_PTR)boxed_pids;
parms[2] = (ULONG64)(ULONG_PTR)box_name;
parms[3] = (ULONG64)(ULONG_PTR)all_sessions;
parms[4] = (ULONG64)(LONG_PTR)which_session;
parms[5] = (ULONG64)(LONG_PTR)boxed_count;
status = SbieApi_Ioctl(parms);
if (! NT_SUCCESS(status))
@ -854,6 +871,7 @@ _FX LONG SbieApi_DisableForceProcess(
API_DISABLE_FORCE_PROCESS_ARGS *args =
(API_DISABLE_FORCE_PROCESS_ARGS *)parms;
memset(parms, 0, sizeof(parms));
args->func_code = API_DISABLE_FORCE_PROCESS;
args->set_flag.val64 = (ULONG64)(ULONG_PTR)NewState;
args->get_flag.val64 = (ULONG64)(ULONG_PTR)OldState;
@ -878,6 +896,7 @@ _FX LONG SbieApi_DisableForceProcess(
NTSTATUS status;
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
memset(parms, 0, sizeof(parms));
parms[0] = API_HOOK_TRAMP;
parms[1] = (ULONG64)(ULONG_PTR)Source;
parms[2] = (ULONG64)(ULONG_PTR)Trampoline;
@ -938,6 +957,7 @@ _FX LONG SbieApi_GetFileName(
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_GET_FILE_NAME_ARGS *args = (API_GET_FILE_NAME_ARGS *)parms;
memset(parms, 0, sizeof(parms));
args->func_code = API_GET_FILE_NAME;
args->handle.val64 = (ULONG64)(ULONG_PTR)FileHandle;
args->name_len.val64 = (ULONG64)(ULONG_PTR)NameLen;
@ -1165,6 +1185,7 @@ _FX LONG SbieApi_OpenDeviceMap(
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_OPEN_DEVICE_MAP_ARGS *args = (API_OPEN_DEVICE_MAP_ARGS *)parms;
memset(parms, 0, sizeof(parms));
args->func_code = API_OPEN_DEVICE_MAP;
args->handle.val64 = (ULONG64)(ULONG_PTR)&ResultHandle;
status = SbieApi_Ioctl(parms);
@ -1218,6 +1239,7 @@ _FX LONG SbieApi_ReloadConf(ULONG session_id)
NTSTATUS status;
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
memset(parms, 0, sizeof(parms));
parms[0] = API_RELOAD_CONF;
parms[1] = session_id;
status = SbieApi_Ioctl(parms);
@ -1255,6 +1277,7 @@ _FX LONG SbieApi_QueryConf(
Output.MaximumLength = (USHORT)buffer_len;
Output.Buffer = (ULONG64)(ULONG_PTR)out_buffer;
memset(parms, 0, sizeof(parms));
parms[0] = API_QUERY_CONF;
parms[1] = (ULONG64)(ULONG_PTR)x_section;
parms[2] = (ULONG64)(ULONG_PTR)x_setting;
@ -1379,6 +1402,7 @@ _FX LONG SbieApi_MonitorControl(
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_MONITOR_CONTROL_ARGS *args = (API_MONITOR_CONTROL_ARGS *)parms;
memset(parms, 0, sizeof(parms));
args->func_code = API_MONITOR_CONTROL;
args->set_flag.val64 = (ULONG64)(ULONG_PTR)NewState;
args->get_flag.val64 = (ULONG64)(ULONG_PTR)OldState;
@ -1406,6 +1430,7 @@ _FX LONG SbieApi_MonitorPut(
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_MONITOR_GET_PUT_ARGS *args = (API_MONITOR_GET_PUT_ARGS *)parms;
memset(parms, 0, sizeof(parms));
args->func_code = API_MONITOR_PUT;
args->log_type.val64 = (ULONG64)(ULONG_PTR)&Type;
args->log_len.val64 = wcslen(Name) * sizeof(WCHAR);
@ -1429,6 +1454,7 @@ _FX LONG SbieApi_MonitorPut2(
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_MONITOR_PUT2_ARGS *args = (API_MONITOR_PUT2_ARGS *)parms;
memset(parms, 0, sizeof(parms));
args->func_code = API_MONITOR_PUT2;
args->log_type.val64 = (ULONG64)(ULONG_PTR)&Type;
args->log_len.val64 = wcslen(Name) * sizeof(WCHAR);
@ -1453,6 +1479,7 @@ _FX LONG SbieApi_MonitorGet(
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_MONITOR_GET_PUT_ARGS *args = (API_MONITOR_GET_PUT_ARGS *)parms;
memset(parms, 0, sizeof(parms));
args->func_code = API_MONITOR_GET;
args->log_type.val64 = (ULONG64)(ULONG_PTR)Type;
args->log_len.val64 = 256 * sizeof(WCHAR);
@ -1486,6 +1513,7 @@ _FX LONG SbieApi_MonitorGetEx(
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_MONITOR_GET_EX_ARGS *args = (API_MONITOR_GET_EX_ARGS *)parms;
memset(parms, 0, sizeof(parms));
args->func_code = API_MONITOR_GET_EX;
args->log_seq.val64 = (ULONG64)(ULONG_PTR)SeqNum;
args->log_type.val64 = (ULONG64)(ULONG_PTR)Type;
@ -1518,6 +1546,7 @@ _FX LONG SbieApi_GetUnmountHive(
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_GET_UNMOUNT_HIVE_ARGS *args = (API_GET_UNMOUNT_HIVE_ARGS *)parms;
memset(parms, 0, sizeof(parms));
args->func_code = API_GET_UNMOUNT_HIVE;
args->path.val64 = (ULONG64)(ULONG_PTR)path;
status = SbieApi_Ioctl(parms);
@ -1543,6 +1572,7 @@ _FX LONG SbieApi_SessionLeader(HANDLE TokenHandle, HANDLE *ProcessId)
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_SESSION_LEADER_ARGS *args = (API_SESSION_LEADER_ARGS *)parms;
memset(parms, 0, sizeof(parms));
args->func_code = API_SESSION_LEADER;
if (ProcessId) {
args->token_handle.val64 = (ULONG64)(ULONG_PTR)TokenHandle;

13
Sandboxie/core/dll/sbieapi.h
View File

@ -134,6 +134,12 @@ ULONG64 SbieApi_QueryProcessInfo(
HANDLE ProcessId,
ULONG info_type);
SBIEAPI_EXPORT
ULONG64 SbieApi_QueryProcessInfoEx(
HANDLE ProcessId,
ULONG info_type,
ULONG64 ext_data);
SBIEAPI_EXPORT
LONG SbieApi_QueryBoxPath(
const WCHAR *box_name, // WCHAR [34]
@ -163,13 +169,14 @@ LONG SbieApi_QueryPathList(
SBIEAPI_EXPORT
LONG SbieApi_EnumProcessEx(
const WCHAR *box_name, // WCHAR [34]
const WCHAR* box_name, // WCHAR [34]
BOOLEAN all_sessions,
ULONG which_session, // -1 for current session
ULONG *boxed_pids); // ULONG [512]
ULONG* boxed_pids, // ULONG [512]
ULONG* boxed_count);
#define SbieApi_EnumProcess(box_name,boxed_pids) \
SbieApi_EnumProcessEx(box_name,FALSE,-1,boxed_pids)
SbieApi_EnumProcessEx(box_name,FALSE,-1,boxed_pids, NULL)
//---------------------------------------------------------------------------

1
Sandboxie/core/dll/sbiedll.h
View File

@ -203,6 +203,7 @@ SBIEDLL_EXPORT ULONG SbieDll_InjectLow(HANDLE hProcess, BOOLEAN is_wow64, BOOLE
SBIEDLL_EXPORT BOOLEAN SbieDll_MatchImage(const WCHAR* pat_str, const WCHAR* test_str, const WCHAR* BoxName);
SBIEDLL_EXPORT BOOLEAN SbieDll_CheckStringInList(const WCHAR* string, const WCHAR* boxname, const WCHAR* setting);
SBIEDLL_EXPORT BOOLEAN SbieDll_GetBoolForStringFromList(const WCHAR* string, const WCHAR* boxname, const WCHAR* setting, BOOLEAN def_found, BOOLEAN not_found);
SBIEDLL_EXPORT BOOLEAN SbieDll_GetBorderColor(const WCHAR* box_name, COLORREF* color, BOOL* title, int* width);

62
Sandboxie/core/dll/secure.c
View File

@ -88,6 +88,12 @@ static NTSTATUS Secure_NtAdjustPrivilegesToken(
static NTSTATUS Secure_RtlQueryElevationFlags(ULONG *Flags);
static NTSTATUS Secure_RtlCheckTokenMembershipEx(
HANDLE tokenHandle,
PSID sidToCheck,
DWORD flags,
PUCHAR isMember);
static BOOLEAN Secure_IsSameBox(HANDLE idProcess);
@ -103,6 +109,7 @@ static P_NtQueryInformationToken __sys_NtQueryInformationToken = NULL;
static P_NtSetInformationToken __sys_NtSetInformationToken = NULL;
static P_NtAdjustPrivilegesToken __sys_NtAdjustPrivilegesToken = NULL;
static P_RtlQueryElevationFlags __sys_RtlQueryElevationFlags = NULL;
static P_RtlCheckTokenMembershipEx __sys_RtlCheckTokenMembershipEx = NULL;
static P_NtQuerySecurityAttributesToken __sys_NtQuerySecurityAttributesToken = NULL;
@ -118,6 +125,7 @@ PSECURITY_DESCRIPTOR Secure_EveryoneSD = NULL;
BOOLEAN Secure_IsInternetExplorerTabProcess = FALSE;
BOOLEAN Secure_Is_IE_NtQueryInformationToken = FALSE;
BOOLEAN Secure_FakeAdmin = FALSE;
//---------------------------------------------------------------------------
// Secure_InitSecurityDescriptors
@ -242,6 +250,7 @@ void Secure_InitSecurityDescriptors(void)
_FX BOOLEAN Secure_Init(void)
{
void *RtlQueryElevationFlags;
void *RtlCheckTokenMembershipEx;
//
// intercept NTDLL entry points
@ -274,13 +283,15 @@ _FX BOOLEAN Secure_Init(void)
// install hooks to fake administrator privileges
//
Secure_FakeAdmin = Config_GetSettingsForImageName_bool(L"FakeAdminRights", FALSE);
RtlQueryElevationFlags =
GetProcAddress(Dll_Ntdll, "RtlQueryElevationFlags");
if (RtlQueryElevationFlags) {
BOOLEAN ShouldFakeRunningAsAdmin =
Dll_ImageType == DLL_IMAGE_SANDBOXIE_SBIESVC
BOOLEAN ShouldFakeRunningAsAdmin = Secure_FakeAdmin
|| Dll_ImageType == DLL_IMAGE_SANDBOXIE_SBIESVC
|| Dll_ImageType == DLL_IMAGE_SANDBOXIE_RPCSS
|| Dll_ImageType == DLL_IMAGE_INTERNET_EXPLORER
|| (_wcsicmp(Dll_ImageName, L"SynTPEnh.exe") == 0)
@ -322,6 +333,18 @@ _FX BOOLEAN Secure_Init(void)
}
}
RtlCheckTokenMembershipEx =
GetProcAddress(Dll_Ntdll, "RtlCheckTokenMembershipEx");
if (RtlCheckTokenMembershipEx) {
if (Secure_FakeAdmin) {
SBIEDLL_HOOK(Secure_, RtlCheckTokenMembershipEx);
}
}
return TRUE;
}
@ -876,7 +899,7 @@ _FX NTSTATUS Secure_RtlQueryElevationFlags(ULONG *Flags)
// - InstallerDetectEnabled (0x04) - Detection of installers
//
BOOLEAN fake = FALSE;
BOOLEAN fake = Secure_FakeAdmin; // FALSE;
if (Dll_ImageType == DLL_IMAGE_INTERNET_EXPLORER) {
@ -954,6 +977,39 @@ _FX NTSTATUS Secure_RtlQueryElevationFlags(ULONG *Flags)
}
//---------------------------------------------------------------------------
// Secure_IsRestrictedToken
//---------------------------------------------------------------------------
NTSTATUS Secure_RtlCheckTokenMembershipEx(
HANDLE tokenHandle,
PSID sidToCheck,
DWORD flags,
PUCHAR isMember)
{
static UCHAR AdministratorsSid[16] = {
1, // Revision
2, // SubAuthorityCount
0,0,0,0,0,5, // SECURITY_NT_AUTHORITY // IdentifierAuthority
0x20, 0, 0, 0, // SubAuthority 1 - SECURITY_BUILTIN_DOMAIN_RID
0x20, 2, 0, 0 // SubAuthority 2 - DOMAIN_ALIAS_RID_ADMINS
};
typedef BOOL (*P_EqualSid)(PSID pSid1, PSID pSid2);
extern P_EqualSid __sys_RtlEqualSid;
if (Secure_FakeAdmin && __sys_RtlEqualSid && __sys_RtlEqualSid(sidToCheck, AdministratorsSid)) {
if (isMember) *isMember = TRUE;
return STATUS_SUCCESS;
}
NTSTATUS status = __sys_RtlCheckTokenMembershipEx(tokenHandle, sidToCheck, flags, isMember);
return status;
}
//---------------------------------------------------------------------------
// Secure_IsRestrictedToken
//---------------------------------------------------------------------------

1
Sandboxie/core/drv/api_defs.h
View File

@ -232,6 +232,7 @@ API_ARGS_BEGIN(API_QUERY_PROCESS_INFO_ARGS)
API_ARGS_FIELD(HANDLE,process_id)
API_ARGS_FIELD(ULONG,info_type)
API_ARGS_FIELD(ULONG64 *,info_data)
API_ARGS_FIELD(ULONG64, ext_data)
API_ARGS_CLOSE(API_QUERY_PROCESS_INFO_ARGS)

2
Sandboxie/core/drv/api_flags.h
View File

@ -59,7 +59,7 @@
//#define MONITOR_ 0x0FFB
#define MONITOR_OPEN 0x1000
#define MONITOR_DENY 0x2000
//#define MONITOR_ 0x4000
#define MONITOR_USER 0x4000
#define MONITOR_TRACE 0x8000

41
Sandboxie/core/drv/file.c
View File

@ -610,7 +610,7 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
L"\\Device\\NamedPipe\\XTIERRPCPIPE", // Novell NetIdentity
NULL
};
static const WCHAR *strClosedFiles[] = {
static const WCHAR *strWinRMFiles[] = {
// Windows Remote Management (WinRM) is a large security hole. A sandboxed app running in an elevated cmd shell can send any admin command to the host.
// Block the WinRS.exe and the automation dlls to make it very difficult for someone to use.
// See ICD-10136 "Sandboxie security hole allows guest to run any command in host as admin"
@ -618,6 +618,11 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
L"%SystemRoot%\\System32\\wsmsvc.dll",
L"%SystemRoot%\\System32\\wsmauto.dll",
L"%SystemRoot%\\System32\\winrs.exe",
// Don't forget the WoW64 files
L"%SystemRoot%\\SysWoW64\\wsmsvc.dll",
L"%SystemRoot%\\SysWoW64\\wsmauto.dll",
L"%SystemRoot%\\SysWoW64\\winrs.exe",
// Note: This is not a proper fix its just a cheap mitidation!!!
NULL
};
@ -676,8 +681,9 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
}
}
for (i = 0; strClosedFiles[i] && ok; ++i) {
ok = Process_AddPath(proc, closed_file_paths, _ClosedPath, TRUE, strClosedFiles[i], FALSE);
if(Conf_Get_Boolean(proc->box->name, L"BlockWinRM", 0, TRUE))
for (i = 0; strWinRMFiles[i] && ok; ++i) {
ok = Process_AddPath(proc, closed_file_paths, _ClosedPath, TRUE, strWinRMFiles[i], FALSE);
}
if (! ok) {
@ -2224,6 +2230,35 @@ _FX NTSTATUS File_Api_Open(PROCESS *proc, ULONG64 *parms)
CreateOptions |= FILE_DIRECTORY_FILE;
}
if (proc->file_trace & (TRACE_ALLOW | TRACE_DENY)) {
WCHAR access_str[48];
WCHAR letter;
if (is_closed && (proc->file_trace & TRACE_DENY))
letter = L'D';
else if (proc->file_trace & TRACE_ALLOW)
letter = L'A';
else
letter = 0;
if (letter) {
USHORT mon_type = MONITOR_FILE;
mon_type |= MONITOR_TRACE;
swprintf(access_str, L"(F%c) %08X.%02X.%08X",
letter, DesiredAccess,
0 & 0x0F, CreateOptions);
Log_Debug_Msg(mon_type, access_str, path);
}
}
else if (is_closed) {
Session_MonitorPut(MONITOR_FILE | MONITOR_DENY, path, proc->pid);
}
//
// for a named pipe in the sandbox, use other parameters for the
// call to IoCreateFileSpecifyDeviceObjectHint. this is necessary

25
Sandboxie/core/drv/file_ctrl.c
View File

@ -94,11 +94,11 @@ _FX NTSTATUS Syscall_DeviceIoControlFile(
case 0x211: //CM_Create_DevNode
case 0x212: //CM_Uninstall_DevNode
//case 0x213: //CM_Reenumerate_DevNode,CM_Setup_DevNode
case 0x214: //CM_Open_Device_Interface_Key
//case 0x214: //CM_Open_Device_Interface_Key
case 0x215: //CM_Delete_Device_Interface_Key
case 0x216: //OpenLogConfKey,OpenLogConfKey,CM_Open_DevNode_Key,CM_Get_DevNode_Custom_Property,OpenDeviceHwProfileKey
//case 0x216: //OpenLogConfKey,OpenLogConfKey,CM_Open_DevNode_Key,CM_Get_DevNode_Custom_Property,OpenDeviceHwProfileKey
case 0x217: //CM_Delete_DevNode_Key
case 0x218: //CM_Open_Class_Key
//case 0x218: //CM_Open_Class_Key
case 0x219: //CM_Delete_Class_Key
filter = TRUE;
@ -111,6 +111,25 @@ _FX NTSTATUS Syscall_DeviceIoControlFile(
const WCHAR* strings[2] = { msg_str, NULL };
Session_MonitorPutEx(MONITOR_OTHER | MONITOR_TRACE, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());*/
if (Session_MonitorCount && (proc->ipc_trace & (TRACE_ALLOW | TRACE_DENY))) {
USHORT mon_type = MONITOR_IPC;
if (filter && (proc->ipc_trace & TRACE_DENY))
mon_type |= MONITOR_DENY;
else if (!filter && (proc->ipc_trace & TRACE_ALLOW))
mon_type |= MONITOR_OPEN;
else
mon_type = 0;
if (mon_type) {
WCHAR msg_str[24];
swprintf(msg_str, L" Func: %02X", (ULONG)function);
const WCHAR* strings[3] = { L"\\Device\\DeviceApi\\CMApi", msg_str, NULL };
Session_MonitorPutEx(mon_type, strings, NULL, PsGetCurrentProcessId(), PsGetCurrentThreadId());
}
}
if(filter)
return STATUS_ACCESS_DENIED;
}

5
Sandboxie/core/drv/ipc.c
View File

@ -208,6 +208,7 @@ _FX BOOLEAN Ipc_Init(void)
if (!Mem_GetLockResource(&Ipc_Dynamic_Ports[WPAD_PORT].pPortLock, TRUE)
|| !Mem_GetLockResource(&Ipc_Dynamic_Ports[SMART_CARD_PORT].pPortLock, TRUE)
|| !Mem_GetLockResource(&Ipc_Dynamic_Ports[BT_PORT].pPortLock, TRUE)
|| !Mem_GetLockResource(&Ipc_Dynamic_Ports[SSDP_PORT].pPortLock, TRUE)
// since Windows 8
|| !Mem_GetLockResource(&Ipc_Dynamic_Ports[SPOOLER_PORT].pPortLock, TRUE)
// since Windows 10
@ -647,7 +648,7 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS *proc)
//
proc->ipc_block_password =
Conf_Get_Boolean(proc->box->name, L"BlockPassword", 0, TRUE);
Conf_Get_Boolean(proc->box->name, L"BlockPassword", 0, TRUE); // OpenLsaSSPI (Security Support Provider Interface)
proc->ipc_open_lsa_endpoint =
Conf_Get_Boolean(proc->box->name, L"OpenLsaEndpoint", 0, FALSE);
@ -867,7 +868,7 @@ _FX NTSTATUS Ipc_CheckGenericObject(
//
if (is_open && pattern[0] == L'\\' && pattern[1] == L'K'
&& (wcscmp(pattern, L"\\KnownDlls\\*") == 0)) {
&& (wcsncmp(pattern, L"\\KnownDlls", 10) == 0)) { // L"\\KnownDlls\\*", L"\\KnownDlls32\\*",
if (GrantedAccess & (DELETE | SECTION_EXTEND_SIZE))
status = STATUS_ACCESS_DENIED;

2
Sandboxie/core/drv/process.h
View File

@ -355,7 +355,7 @@ void Process_LogMessage(PROCESS *proc, ULONG msgid);
// Track process limit
void Process_TrackProcessLimit(PROCESS *proc);
//void Process_TrackProcessLimit(PROCESS *proc);
// Cancel process through SbieSvc

59
Sandboxie/core/drv/process_api.c
View File

@ -412,8 +412,21 @@ _FX NTSTATUS Process_Api_QueryInfo(PROCESS *proc, ULONG64 *parms)
else
status = STATUS_NOT_FOUND;
}
}
else
} else if (args->info_type.val == 'ippt') { // is primary process token
HANDLE handle = (HANDLE)(args->ext_data.val);
OBJECT_TYPE* object;
status = ObReferenceObjectByHandle(handle, 0, NULL, UserMode, &object, NULL);
if (NT_SUCCESS(status))
{
*data = (object == proc->primary_token);
ObDereferenceObject(object);
}
} else
status = STATUS_INVALID_INFO_CLASS;
//
@ -785,6 +798,9 @@ _FX NTSTATUS Process_Enumerate(
ULONG num;
KIRQL irql;
if (count == NULL)
return STATUS_INVALID_PARAMETER;
//
// return only processes of the caller user in their logon session
//
@ -812,22 +828,19 @@ _FX NTSTATUS Process_Enumerate(
BOOLEAN same_session =
(all_sessions || box1->session_id == session_id);
if (same_box && same_session) {
++num;
if (pids) {
if (num == API_MAX_PIDS)
break;
if(num >= *count)
break;
pids[num] = (ULONG)(ULONG_PTR)proc1->pid;
}
++num;
}
}
proc1 = (PROCESS *)List_Next(proc1);
}
if (pids)
*(ULONG *)pids = num;
if (count)
*count = num;
*count = num;
status = STATUS_SUCCESS;
@ -850,11 +863,13 @@ _FX NTSTATUS Process_Enumerate(
_FX NTSTATUS Process_Api_Enum(PROCESS *proc, ULONG64 *parms)
{
NTSTATUS status;
ULONG count;
ULONG *user_pids; // user mode ULONG [512]
WCHAR *user_boxname; // user mode WCHAR [34]
BOOLEAN all_sessions;
ULONG session_id;
WCHAR boxname[48];
ULONG *user_count;
// get boxname from second parameter
@ -878,15 +893,33 @@ _FX NTSTATUS Process_Api_Enum(PROCESS *proc, ULONG64 *parms)
// get user pid buffer from first parameter
user_count = (ULONG *)parms[5];
user_pids = (ULONG *)parms[1];
if (! user_pids)
return STATUS_INVALID_PARAMETER;
ProbeForWrite(user_pids, sizeof(ULONG) * 512, sizeof(ULONG));
if (user_count) {
ProbeForRead(user_count, sizeof(ULONG), sizeof(ULONG));
count = user_pids ? *user_count : 0;
}
else // legacy case
{
if (!user_pids)
return STATUS_INVALID_PARAMETER;
count = API_MAX_PIDS - 1;
user_count = user_pids;
user_pids += 1;
}
ProbeForWrite(user_count, sizeof(ULONG), sizeof(ULONG));
if (user_pids) {
ProbeForWrite(user_pids, sizeof(ULONG) * count, sizeof(ULONG));
}
status = Process_Enumerate(boxname, all_sessions, session_id,
user_pids, NULL);
user_pids, &count);
if (! NT_SUCCESS(status))
return status;
*user_count = count;
return status;
}

86
Sandboxie/core/drv/process_util.c
View File

@ -985,49 +985,49 @@ _FX void Process_LogMessage(PROCESS *proc, ULONG msgid)
//---------------------------------------------------------------------------
_FX void Process_TrackProcessLimit(PROCESS *proc)
{
ULONG v;
ULONG ProcessLimit1;
ULONG ProcessLimit2;
//
// get the process limits in this sandbox
//
ProcessLimit1 = 100;
ProcessLimit2 = 200;
v = Conf_Get_Number(proc->box->name, L"ProcessLimit1", 0, 0);
if (v >= 1 && v <= 999999)
ProcessLimit1 = v;
v = Conf_Get_Number(proc->box->name, L"ProcessLimit2", 0, 0);
if (v >= 1 && v <= 999999)
ProcessLimit2 = v;
if (ProcessLimit2 <= ProcessLimit1)
ProcessLimit2 = ProcessLimit1 + 1;
//
// count number of processes in this sandbox
//
Process_Enumerate(proc->box->name, FALSE, proc->box->session_id,
NULL, &v);
if (v > ProcessLimit2) {
Process_SetTerminated(proc, 4);
} else if (v > ProcessLimit1) {
LARGE_INTEGER time;
time.QuadPart = -SECONDS(10);
KeDelayExecutionThread(KernelMode, FALSE, &time);
}
}
//_FX void Process_TrackProcessLimit(PROCESS *proc)
//{
// ULONG v;
// ULONG ProcessLimit1;
// ULONG ProcessLimit2;
//
// //
// // get the process limits in this sandbox
// //
//
// ProcessLimit1 = 100;
// ProcessLimit2 = 200;
//
// v = Conf_Get_Number(proc->box->name, L"ProcessLimit1", 0, 0);
// if (v >= 1 && v <= 999999)
// ProcessLimit1 = v;
//
// v = Conf_Get_Number(proc->box->name, L"ProcessLimit2", 0, 0);
// if (v >= 1 && v <= 999999)
// ProcessLimit2 = v;
//
// if (ProcessLimit2 <= ProcessLimit1)
// ProcessLimit2 = ProcessLimit1 + 1;
//
// //
// // count number of processes in this sandbox
// //
//
// Process_Enumerate(proc->box->name, FALSE, proc->box->session_id,
// NULL, &v);
//
// if (v > ProcessLimit2) {
//
// Process_SetTerminated(proc, 4);
//
// } else if (v > ProcessLimit1) {
//
// LARGE_INTEGER time;
//
// time.QuadPart = -SECONDS(10);
// KeDelayExecutionThread(KernelMode, FALSE, &time);
// }
//}
//---------------------------------------------------------------------------

18
Sandboxie/core/drv/session.c
View File

@ -504,7 +504,8 @@ _FX NTSTATUS Session_Api_DisableForce(PROCESS *proc, ULONG64 *parms)
in_flag = args->set_flag.val;
if (in_flag) {
ProbeForRead(in_flag, sizeof(ULONG), sizeof(ULONG));
if (*in_flag) {
ULONG in_flag_value = *in_flag;
if (in_flag_value) {
if (! Session_CheckAdminAccess(L"ForceDisableAdminOnly"))
return STATUS_ACCESS_DENIED;
@ -513,7 +514,7 @@ _FX NTSTATUS Session_Api_DisableForce(PROCESS *proc, ULONG64 *parms)
} else
time.QuadPart = 0;
if (*in_flag == DISABLE_JUST_THIS_PROCESS) {
if (in_flag_value == DISABLE_JUST_THIS_PROCESS) {
Process_DfpInsert(PROCESS_TERMINATED, PsGetCurrentProcessId());
@ -916,7 +917,7 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
name[1] = L'\0';
}
Session_MonitorPut(type, name, proc->pid);
Session_MonitorPut(type | MONITOR_USER, name, proc->pid);
}
Mem_Free(name, 260 * sizeof(WCHAR));
@ -1034,13 +1035,14 @@ _FX NTSTATUS Session_Api_MonitorGetEx(PROCESS *proc, ULONG64 *parms)
if (log_tid != NULL)
*log_tid = tid64;
log_len -= sizeof(WCHAR); // reserve room for the termination character
if (log_len > entry_size - (2 + 8 + 8))
log_len = entry_size - (2 + 8 + 8);
log_buffer_get_bytes((CHAR*)log_data, log_len, &read_ptr, session->monitor_log);
ULONG data_len = (entry_size - (2 + 8 + 8)) / sizeof(WCHAR);
log_len -= 1; // reserve room for the termination character
if (log_len > data_len)
log_len = data_len;
log_buffer_get_bytes((CHAR*)log_data, log_len * sizeof(WCHAR), &read_ptr, session->monitor_log);
// add required termination character
*(WCHAR*)(((CHAR*)log_data) + log_len) = L'\0';
log_data[log_len] = L'\0';
if (seq_num != NULL)
*seq_num = seq_number;

2
Sandboxie/core/drv/syscall_open.c
View File

@ -261,10 +261,10 @@ _FX NTSTATUS Syscall_OpenHandle(
puName = pObj->ObjectName;
ACCESS_MASK DesiredAccess = (ACCESS_MASK)user_args[1];
if(!Conf_Get_Boolean(proc->box->name, L"AllowRawDiskRead", 0, FALSE))
if (puName->Buffer != NULL && puName->Length > (4 * sizeof(WCHAR)) && wcsncmp(puName->Buffer, L"\\??\\", 4) == 0
&& (DesiredAccess & ~(SYNCHRONIZE | READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES)) != 0)
{
if (!Conf_Get_Boolean(proc->box->name, L"AllowRawDiskRead", 0, FALSE))
if ((puName->Length == (6 * sizeof(WCHAR)) && puName->Buffer[5] == L':') // \??\C:
|| wcsncmp(&puName->Buffer[4], L"PhysicalDrive", 13) == 0 // \??\PhysicalDrive1
|| wcsncmp(&puName->Buffer[4], L"Volume", 6) == 0) // \??\Volume{2b985816-4b6f-11ea-bd33-48a4725d5bbe}

2
Sandboxie/core/svc/DriverAssist.cpp
View File

@ -533,7 +533,7 @@ void DriverAssist::UnmountHive(void *_msg)
for (retries = 0; retries < 20; ++retries) {
rc = SbieApi_EnumProcessEx(
msg->boxname, FALSE, msg->session_id, pids);
msg->boxname, FALSE, msg->session_id, pids, NULL);
if (rc == 0 && *pids == 0) {
ShouldUnmount = true;

6
Sandboxie/core/svc/EpMapperServer.cpp
View File

@ -74,9 +74,11 @@ MSG_HEADER *EpMapperServer::EpmapperGetPortNameHandler(MSG_HEADER *msg)
const WCHAR* wstrSpooler = L"Spooler";
const WCHAR* wstrWPAD = L"WinHttpAutoProxySvc";
//const WCHAR* wstrBT = L"bthserv";
//const WCHAR* wstrSSDP = L"ssdpsrv";
RPC_IF_ID ifidGCS = { {0x88abcbc3, 0x34EA, 0x76AE, { 0x82, 0x15, 0x76, 0x75, 0x20, 0x65, 0x5A, 0x23 }}, 0, 0 };
RPC_IF_ID ifidSmartCard = { {0xC6B5235A, 0xE413, 0x481D, { 0x9A, 0xC8, 0x31, 0x68, 0x1B, 0x1F, 0xAA, 0xF5 }}, 1, 1 };
RPC_IF_ID ifidBluetooth = { {0x2ACB9D68, 0xB434, 0x4B3E, { 0xB9, 0x66, 0xE0, 0x6B, 0x4B, 0x3A, 0x84, 0xCB }}, 1, 0 };
RPC_IF_ID ifidSSDP = { {0x4B112204, 0x0E19, 0x11D3, { 0xB4, 0x2B, 0x00, 0x00, 0xF8, 0x1F, 0xEB, 0x9F }}, 1, 0 };
RPC_IF_ID ifidRequest;
const WCHAR* pwszServiceName = NULL;
@ -91,6 +93,10 @@ MSG_HEADER *EpMapperServer::EpmapperGetPortNameHandler(MSG_HEADER *msg)
//pwszServiceName = wstrBT; break;
memcpy(&ifidRequest, &ifidBluetooth, sizeof(RPC_IF_ID)); break;
case SSDP_PORT: if (!SbieApi_QueryConfBool(boxname, L"OpenUPnP", FALSE)) return SHORT_REPLY(E_ACCESSDENIED);
//pwszServiceName = wstrSSDP; break;
memcpy(&ifidRequest, &ifidSSDP, sizeof(RPC_IF_ID)); break;
case GAME_CONFIG_STORE_PORT: memcpy(&ifidRequest, &ifidGCS, sizeof(RPC_IF_ID)); break;
case SMART_CARD_PORT: if (!SbieApi_QueryConfBool(boxname, L"OpenSmartCard", TRUE)) return SHORT_REPLY(E_ACCESSDENIED);

2
Sandboxie/core/svc/ProcessServer.cpp
View File

@ -269,7 +269,7 @@ NTSTATUS ProcessServer::KillAllHelper(const WCHAR *BoxName, ULONG SessionId)
for (retries = 0; retries < 10; ++retries) {
status = SbieApi_EnumProcessEx(BoxName, FALSE, SessionId, pids);
status = SbieApi_EnumProcessEx(BoxName, FALSE, SessionId, pids, NULL);
if (status != STATUS_SUCCESS)
break;
if (! pids[0])

BIN
Sandboxie/install/Templates.ini
View File

Binary file not shown.

4
Sandboxie/msgs/Text-Italian-1040.txt
View File

@ -1172,6 +1172,10 @@ Controlla a&ggiornamenti
Consenti accesso diretto al driver qWave (Google Hangouts)
.
3460;txt;01
Esclusioni predefinite per la funzione di hooking
.
3461;txt;01
&Avvia nell'area virtuale
.

20
SandboxiePlus/QSbieAPI/SbieAPI.cpp
View File

@ -280,9 +280,8 @@ SB_STATUS CSbieAPI::Connect(bool withQueue)
m->lastMessageNum = 0;
m->lastRecordNum = 0;
#ifndef _DEBUG
// Note: this lib is not using all functions hence it can be compatible with multiple driver ABI revisions
QStringList CompatVersions = QStringList () << "5.48.0";
QStringList CompatVersions = QStringList () << "5.48.5";
QString CurVersion = GetVersion();
if (!CompatVersions.contains(CurVersion))
{
@ -290,7 +289,6 @@ SB_STATUS CSbieAPI::Connect(bool withQueue)
m->SbieApiHandle = INVALID_HANDLE_VALUE;
return SB_ERR(SB_Incompatible, QVariantList() << CurVersion << CompatVersions.join(", "));
}
#endif
m_bWithQueue = withQueue;
m_bTerminate = false;
@ -1085,7 +1083,7 @@ SB_STATUS CSbieAPI::UpdateProcesses(bool bKeep)
return SB_OK;
}
SB_STATUS CSbieAPI__GetProcessPIDs(SSbieAPI* m, const QString& BoxName, ULONG* boxed_pids_512)
SB_STATUS CSbieAPI__GetProcessPIDs(SSbieAPI* m, const QString& BoxName, ULONG* pids, ULONG* count)
{
WCHAR box_name[34];
BoxName.toWCharArray(box_name); // fix-me: potential overflow
@ -1097,10 +1095,11 @@ SB_STATUS CSbieAPI__GetProcessPIDs(SSbieAPI* m, const QString& BoxName, ULONG* b
memset(parms, 0, sizeof(parms));
parms[0] = API_ENUM_PROCESSES;
parms[1] = (ULONG64)boxed_pids_512;
parms[1] = (ULONG64)pids;
parms[2] = (ULONG64)box_name;
parms[3] = (ULONG64)all_sessions;
parms[4] = (ULONG64)which_session;
parms[5] = (ULONG64)count;
NTSTATUS status = m->IoControl(parms);
if (!NT_SUCCESS(status))
@ -1110,14 +1109,15 @@ SB_STATUS CSbieAPI__GetProcessPIDs(SSbieAPI* m, const QString& BoxName, ULONG* b
SB_STATUS CSbieAPI::UpdateProcesses(bool bKeep, const CSandBoxPtr& pBox)
{
ULONG boxed_pids[512]; // ULONG [512]
SB_STATUS Status = CSbieAPI__GetProcessPIDs(m, pBox->GetName(), boxed_pids);
ULONG count = 1024;
ULONG boxed_pids[1024]; // ULONG [512]
SB_STATUS Status = CSbieAPI__GetProcessPIDs(m, pBox->GetName(), boxed_pids, &count);
if (Status.IsError())
return Status;
QMap<quint32, CBoxedProcessPtr> OldProcessList = pBox->m_ProcessList;
for (int i=1; i < boxed_pids[0] + 1; i++)
for (int i=0; i < count; i++)
{
quint32 ProcessId = boxed_pids[i];
@ -1157,8 +1157,8 @@ SB_STATUS CSbieAPI::UpdateProcesses(bool bKeep, const CSandBoxPtr& pBox)
bool CSbieAPI::HasProcesses(const QString& BoxName)
{
ULONG boxed_pids[512]; // ULONG [512]
return CSbieAPI__GetProcessPIDs(m, BoxName, boxed_pids) && (boxed_pids[0] > 0);
ULONG count;
return CSbieAPI__GetProcessPIDs(m, BoxName, NULL, &count) && (count > 0);
}
SB_STATUS CSbieAPI__QueryBoxPath(SSbieAPI* m, const WCHAR *box_name, WCHAR *out_file_path, WCHAR *out_key_path, WCHAR *out_ipc_path,

37
SandboxiePlus/QSbieAPI/SbieTrace.cpp
View File

@ -96,22 +96,28 @@ CTraceEntry::CTraceEntry(quint32 ProcessId, quint32 ThreadId, quint32 Type, cons
QString CTraceEntry::GetTypeStr() const
{
QString Type;
switch (m_Type.Type)
{
case MONITOR_APICALL: return "ApiCall";
case MONITOR_SYSCALL: return "SysCall";
case MONITOR_PIPE: return "Pipe";
case MONITOR_IPC: return "Ipc";
case MONITOR_WINCLASS: return "WinClass";
case MONITOR_DRIVE: return "Drive";
case MONITOR_COMCLASS: return "ComClass";
case MONITOR_IGNORE: return "Ignore";
case MONITOR_IMAGE: return "Image";
case MONITOR_FILE: return "File";
case MONITOR_KEY: return "Key";
case MONITOR_OTHER: return "Debug";
default: return "Unknown: " + QString::number(m_Type.Type);
case MONITOR_APICALL: Type = "ApiCall"; break;
case MONITOR_SYSCALL: Type = "SysCall"; break;
case MONITOR_PIPE: Type = "Pipe"; break;
case MONITOR_IPC: Type = "Ipc"; break;
case MONITOR_WINCLASS: Type = "WinClass"; break;
case MONITOR_DRIVE: Type = "Drive"; break;
case MONITOR_COMCLASS: Type = "ComClass"; break;
case MONITOR_IGNORE: Type = "Ignore"; break;
case MONITOR_IMAGE: Type = "Image"; break;
case MONITOR_FILE: Type = "File"; break;
case MONITOR_KEY: Type = "Key"; break;
case MONITOR_OTHER: Type = "Debug"; break;
default: Type = "Unknown: " + QString::number(m_Type.Type);
}
//if (!m_Type.User)
// Type.append(" (drv)");
return Type;
}
QString CTraceEntry::GetStautsStr() const
@ -126,7 +132,10 @@ QString CTraceEntry::GetStautsStr() const
Status.append("Trace ");
if (m_Counter > 1)
Status.append(QString("(%1)").arg(m_Counter));
Status.append(QString("(%1) ").arg(m_Counter));
if (m_Type.User)
Status = Status.toLower();
return Status;
}

53
SandboxiePlus/QSbieAPI/SbieTrace.h
View File

@ -25,6 +25,57 @@
#define MONITOR_APICALL 0x000A
/*
// Log Event
#define TRACE_LOG_SYSCALL 0x00000001
#define TRACE_LOG_PIPE 0x00000002
#define TRACE_LOG_IPC 0x00000003
#define TRACE_LOG_WINCLASS 0x00000004
#define TRACE_LOG_DRIVE 0x00000005
#define TRACE_LOG_COMCLASS 0x00000006
#define TRACE_LOG_IGNORE 0x00000007
#define TRACE_LOG_IMAGE 0x00000008
#define TRACE_LOG_FILE 0x00000009
#define TRACE_LOG_KEY 0x0000000A
#define TRACE_LOG_OTHER1 0x0000000B
#define TRACE_LOG_OTHER2 0x0000000C
#define TRACE_LOG_OTHER3 0x0000000D
#define TRACE_LOG_OTHER4 0x0000000E
#define TRACE_LOG_APICALL 0x0000000F // needs the logapi.dll
#define TRACE_LOG_EVENT_MASK 0x000000FF
// Event States
#define TRACE_LOG_ALLOWED 0x00000100
#define TRACE_LOG_DENIED 0x00000200
#define TRACE_LOG_STATE_MASK 0x00000F00
// Event Results
#define TRACE_LOG_SUCCESS 0x00001000
#define TRACE_LOG_FAILED 0x00002000
#define TRACE_LOG_RESULT_MASK 0x0000F000
// Reserved
#define TRACE_LOG_RESERVED_MASK 0x00FFFF00
// Event Presets
#define TRACE_LOG_OPEN 0x01000000
#define TRACE_LOG_CLOSED 0x02000000
#define TRACE_LOG_READONLY 0x03000000
#define TRACE_LOG_HIDDEN 0x04000000
#define TRACE_LOG_REDIRECTED 0x05000000
#define TRACE_LOG_TYPE_MASK 0x0F000000
// Event Sources
#define TRACE_LOG_DLL 0x10000000
#define TRACE_LOG_DRV 0x20000000
#define TRACE_LOG_SVC 0x30000000
#define TRACE_LOG_TRACE 0x40000000
#define TRACE_LOG_SOURCE_MASK 0xF0000000
*/
class QSBIEAPI_EXPORT CTraceEntry : public QSharedData
{
public:
@ -66,7 +117,7 @@ protected:
Type : 12,
Open : 1,
Deny : 1,
Reserved : 1,
User : 1,
Trace : 1;
};
} m_Type;

918
SandboxiePlus/SandMan/Forms/OptionsWindow.ui
View File

File diff suppressed because it is too large Load Diff

1
SandboxiePlus/SandMan/SandMan.vcxproj
View File

@ -255,6 +255,7 @@
<ItemGroup>
<None Include="Resources\finder.cur" />
<None Include="sandman_de.ts" />
<None Include="sandman_es.ts" />
<None Include="sandman_pl.ts" />
<None Include="sandman_pt.ts" />
<None Include="sandman_ru.ts" />

3
SandboxiePlus/SandMan/SandMan.vcxproj.filters
View File

@ -213,6 +213,9 @@
<None Include="sandman_zh-CN.ts">
<Filter>Translation Files</Filter>
</None>
<None Include="sandman_es.ts">
<Filter>Translation Files</Filter>
</None>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="SandMan.rc">

2
SandboxiePlus/SandMan/SbiePlusAPI.cpp
View File

@ -115,7 +115,7 @@ void CSandBoxPlus::UpdateDetails()
if (CheckOpenToken() || GetBool("StripSystemPrivileges", false))
m_iUnsecureDebugging = 1;
else if(GetBool("ExposeBoxedSystem", false) || GetBool("UnrestrictedSCM", false) || GetBool("RunServicesAsSystem", false))
else if(GetBool("ExposeBoxedSystem", false) || GetBool("UnrestrictedSCM", false) /*|| GetBool("RunServicesAsSystem", false)*/)
m_iUnsecureDebugging = 2;
else
m_iUnsecureDebugging = 0;

42
SandboxiePlus/SandMan/Views/SbieView.cpp
View File

@ -85,14 +85,18 @@ CSbieView::CSbieView(QWidget* parent) : CPanelView(parent)
m_pMenuCleanUp = m_pMenu->addAction(CSandMan::GetIcon("Erase"), tr("Delete Content"), this, SLOT(OnSandBoxAction()));
m_pMenu->addSeparator();
m_pMenuPresets = m_pMenu->addMenu(CSandMan::GetIcon("Presets"), tr("Sandbox Presets"));
m_pMenuPresetsLogApi = m_pMenuPresets->addAction(tr("Enable API Call logging"), this, SLOT(OnSandBoxAction()));
m_pMenuPresetsLogApi->setCheckable(true);
m_pMenuPresetsAdmin = new QActionGroup(m_pMenuPresets);
m_pMenuPresetsShowUAC = MakeAction(m_pMenuPresetsAdmin, m_pMenuPresets, tr("Ask for UAC Elevation"), 0);
m_pMenuPresetsNoAdmin = MakeAction(m_pMenuPresetsAdmin, m_pMenuPresets, tr("Drop Admin Rights"), 1);
m_pMenuPresetsFakeAdmin = MakeAction(m_pMenuPresetsAdmin, m_pMenuPresets, tr("Emulate Admin Rights"), 1 | 2);
connect(m_pMenuPresetsAdmin, SIGNAL(triggered(QAction*)), this, SLOT(OnSandBoxAction(QAction*)));
m_pMenuPresets->addSeparator();
m_pMenuPresetsINet = m_pMenuPresets->addAction(tr("Block Internet Access"), this, SLOT(OnSandBoxAction()));
m_pMenuPresetsINet->setCheckable(true);
m_pMenuPresetsShares = m_pMenuPresets->addAction(tr("Allow Network Shares"), this, SLOT(OnSandBoxAction()));
m_pMenuPresetsShares->setCheckable(true);
m_pMenuPresetsNoAdmin = m_pMenuPresets->addAction(tr("Drop Admin Rights"), this, SLOT(OnSandBoxAction()));
m_pMenuPresetsNoAdmin->setCheckable(true);
m_pMenuOptions = m_pMenu->addAction(CSandMan::GetIcon("Options"), tr("Sandbox Options"), this, SLOT(OnSandBoxAction()));
m_pMenuRename = m_pMenu->addAction(CSandMan::GetIcon("Rename"), tr("Rename Sandbox"), this, SLOT(OnSandBoxAction()));
m_iMoveTo = m_pMenu->actions().count();
@ -252,10 +256,11 @@ void CSbieView::OnMenu(const QPoint& Point)
m_pMenuRecover->setEnabled(iSandBoxeCount == 1);
m_pMenuPresets->setEnabled(iSandBoxeCount == 1);
m_pMenuPresetsLogApi->setChecked(pBox && pBox.objectCast<CSandBoxPlus>()->HasLogApi());
m_pMenuPresetsShowUAC->setChecked(pBox && !pBox->GetBool("DropAdminRights", false) && !pBox->GetBool("FakeAdminRights", false));
m_pMenuPresetsNoAdmin->setChecked(pBox && pBox->GetBool("DropAdminRights", false) && !pBox->GetBool("FakeAdminRights", false));
m_pMenuPresetsFakeAdmin->setChecked(pBox && pBox->GetBool("DropAdminRights", false) && pBox->GetBool("FakeAdminRights", false));
m_pMenuPresetsINet->setChecked(pBox && pBox.objectCast<CSandBoxPlus>()->IsINetBlocked());
m_pMenuPresetsShares->setChecked(pBox && pBox.objectCast<CSandBoxPlus>()->HasSharesAccess());
m_pMenuPresetsNoAdmin->setChecked(pBox && pBox.objectCast<CSandBoxPlus>()->IsDropRights());
m_pMenuExplore->setEnabled(iSandBoxeCount == 1);
m_pMenuOptions->setEnabled(iSandBoxeCount == 1);
@ -512,10 +517,14 @@ QString CSbieView::AddNewBox()
}
void CSbieView::OnSandBoxAction()
{
OnSandBoxAction(qobject_cast<QAction*>(sender()));
}
void CSbieView::OnSandBoxAction(QAction* Action)
{
QList<SB_STATUS> Results;
QAction* Action = qobject_cast<QAction*>(sender());
QList<CSandBoxPtr> SandBoxes = CSbieView::GetSelectedBoxes();
if (SandBoxes.isEmpty())
return;
@ -552,14 +561,25 @@ void CSbieView::OnSandBoxAction()
Results.append(SandBoxes.first()->RunStart("cmd.exe"));
else if (Action == m_pMenuRunCmdAdmin)
Results.append(SandBoxes.first()->RunStart("cmd.exe", true));
else if (Action == m_pMenuPresetsLogApi)
SandBoxes.first().objectCast<CSandBoxPlus>()->SetLogApi(m_pMenuPresetsLogApi->isChecked());
else if (Action == m_pMenuPresetsShowUAC)
{
SandBoxes.first()->SetBool("DropAdminRights", false);
SandBoxes.first()->SetBool("FakeAdminRights", false);
}
else if (Action == m_pMenuPresetsNoAdmin)
{
SandBoxes.first()->SetBool("DropAdminRights", true);
SandBoxes.first()->SetBool("FakeAdminRights", false);
}
else if (Action == m_pMenuPresetsFakeAdmin)
{
SandBoxes.first()->SetBool("DropAdminRights", true);
SandBoxes.first()->SetBool("FakeAdminRights", true);
}
else if (Action == m_pMenuPresetsINet)
SandBoxes.first().objectCast<CSandBoxPlus>()->SetINetBlock(m_pMenuPresetsINet->isChecked());
else if (Action == m_pMenuPresetsShares)
SandBoxes.first().objectCast<CSandBoxPlus>()->SetAllowShares(m_pMenuPresetsShares->isChecked());
else if (Action == m_pMenuPresetsNoAdmin)
SandBoxes.first().objectCast<CSandBoxPlus>()->SetDropRights(m_pMenuPresetsNoAdmin->isChecked());
else if (Action == m_pMenuOptions)
{
OnDoubleClicked(m_pSbieTree->selectedRows().first());

7
SandboxiePlus/SandMan/Views/SbieView.h
View File

@ -36,6 +36,7 @@ private slots:
void OnGroupAction();
void OnSandBoxAction();
void OnSandBoxAction(QAction* pAction);
void OnProcessAction();
protected:
@ -74,10 +75,12 @@ private:
QAction* m_pMenuRunCmdAdmin;
QAction* m_pMenuMkLink;
QMenu* m_pMenuPresets;
QAction* m_pMenuPresetsLogApi;
QActionGroup* m_pMenuPresetsAdmin;
QAction* m_pMenuPresetsShowUAC;
QAction* m_pMenuPresetsNoAdmin;
QAction* m_pMenuPresetsFakeAdmin;
QAction* m_pMenuPresetsINet;
QAction* m_pMenuPresetsShares;
QAction* m_pMenuPresetsNoAdmin;
QAction* m_pMenuOptions;
QAction* m_pMenuSnapshots;
QAction* m_pMenuEmptyBox;

102
SandboxiePlus/SandMan/Windows/OptionsWindow.cpp
View File

@ -156,10 +156,16 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
connect(ui.chkBlockNetShare, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkBlockNetParam, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkDropRights, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkBlockSpooler, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkOpenSpooler, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkPrintToFile, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkOpenCredentials, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkOpenProtectedStorage, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkOpenSmartCard, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkOpenBluetooth, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.txtCopyLimit, SIGNAL(textChanged(const QString&)), this, SLOT(OnGeneralChanged()));
connect(ui.chkCopyLimit, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkNoCopyWarn, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
@ -167,6 +173,9 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
connect(ui.chkProtectBox, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkAutoEmpty, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkRawDiskRead, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkRawDiskNotify, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.btnAddCmd, SIGNAL(clicked(bool)), this, SLOT(OnAddCommand()));
QMenu* pRunBtnMenu = new QMenu(ui.btnAddFile);
pRunBtnMenu->addAction(tr("Browse for Program"), this, SLOT(OnBrowsePath()));
@ -261,20 +270,18 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
connect(ui.chkRestrictServices, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkProtectSystem, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkOpenCredentials, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkOpenProtectedStorage, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkOpenSmartCard, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkOpenBluetooth, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
//connect(ui.chkOpenLsaEndpoint, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkAddToJob, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkCallTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkFileTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkPipeTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkKeyTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkIpcTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkGuiTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkComTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkApiTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkDbgTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkErrTrace, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
@ -425,12 +432,20 @@ void COptionsWindow::LoadConfig()
ui.chkBlockNetShare->setChecked(m_pBox->GetBool("BlockNetworkFiles", true));
ui.chkBlockNetParam->setChecked(m_pBox->GetBool("BlockNetParam", true));
ui.chkDropRights->setChecked(m_pBox->GetBool("DropAdminRights", false));
ui.chkFakeElevation->setChecked(m_pBox->GetBool("FakeAdminRights", false));
ui.chkBlockSpooler->setChecked(m_pBox->GetBool("ClosePrintSpooler", false));
ui.chkOpenSpooler->setChecked(m_pBox->GetBool("OpenPrintSpooler", false));
ui.chkOpenSpooler->setEnabled(!ui.chkBlockSpooler->isChecked());
ui.chkPrintToFile->setChecked(m_pBox->GetBool("AllowSpoolerPrintToFile", false));
ui.chkPrintToFile->setEnabled(!ui.chkBlockSpooler->isChecked());
ui.chkOpenProtectedStorage->setChecked(m_pBox->GetBool("OpenProtectedStorage", false));
ui.chkOpenCredentials->setEnabled(!ui.chkOpenProtectedStorage->isChecked());
ui.chkOpenCredentials->setChecked(!ui.chkOpenCredentials->isEnabled() || m_pBox->GetBool("OpenCredentials", false));
ui.chkOpenSmartCard->setChecked(m_pBox->GetBool("OpenSmartCard", true));
ui.chkOpenBluetooth->setChecked(m_pBox->GetBool("OpenBluetooth", false));
ui.treeAutoStart->clear();
foreach(const QString & Value, m_pBox->GetTextList("StartProgram", m_Template))
AddAutoRunItem(Value, 0);
@ -454,6 +469,9 @@ void COptionsWindow::LoadConfig()
ui.chkProtectBox->setChecked(m_pBox->GetBool("NeverDelete", false));
ui.chkAutoEmpty->setChecked(m_pBox->GetBool("AutoDelete", false));
ui.chkRawDiskRead->setChecked(m_pBox->GetBool("AllowRawDiskRead", false));
ui.chkRawDiskNotify->setChecked(m_pBox->GetBool("NotifyDirectDiskAccess", false));
m_GeneralChanged = false;
}
@ -490,11 +508,10 @@ void COptionsWindow::LoadConfig()
ui.chkRestrictServices->setChecked(!m_pBox->GetBool("RunServicesAsSystem", false));
ui.chkProtectSystem->setChecked(!m_pBox->GetBool("ExposeBoxedSystem", false));
ui.chkOpenProtectedStorage->setChecked(m_pBox->GetBool("OpenProtectedStorage", false));
ui.chkOpenCredentials->setEnabled(!ui.chkOpenProtectedStorage->isChecked());
ui.chkOpenCredentials->setChecked(!ui.chkOpenCredentials->isEnabled() || m_pBox->GetBool("OpenCredentials", false));
ui.chkOpenSmartCard->setChecked(m_pBox->GetBool("OpenSmartCard", true));
ui.chkOpenBluetooth->setChecked(m_pBox->GetBool("OpenBluetooth", false));
//ui.chkOpenDevCMApi->setChecked(m_pBox->GetBool("OpenDevCMApi", false));
//ui.chkOpenLsaSSPI->setChecked(!m_pBox->GetBool("BlockPassword", true)); // OpenLsaSSPI
//ui.chkOpenSamEndpoint->setChecked(m_pBox->GetBool("OpenSamEndpoint", false));
//ui.chkOpenLsaEndpoint->setChecked(m_pBox->GetBool("OpenLsaEndpoint", false));
@ -505,15 +522,20 @@ void COptionsWindow::LoadConfig()
ui.lstAutoExec->clear();
ui.lstAutoExec->addItems(AutoExec);
ReadAdvancedCheck("FileTrace", ui.chkFileTrace, "*");
ReadAdvancedCheck("PipeTrace", ui.chkPipeTrace, "*");
ReadAdvancedCheck("KeyTrace", ui.chkKeyTrace, "*");
ReadAdvancedCheck("IpcTrace", ui.chkIpcTrace, "*");
ReadAdvancedCheck("GuiTrace", ui.chkGuiTrace, "*");
ReadAdvancedCheck("ClsidTrace", ui.chkComTrace, "*");
ui.chkDbgTrace->setChecked(m_pBox->GetBool("DebugTrace", false));
ui.chkErrTrace->setChecked(m_pBox->GetBool("ErrorTrace", false));
QSharedPointer<CSandBoxPlus> pBoxPlus = m_pBox.objectCast<CSandBoxPlus>();
if (pBoxPlus)
{
ReadAdvancedCheck("CallTrace", ui.chkFileTrace, "*");
ReadAdvancedCheck("FileTrace", ui.chkFileTrace, "*");
ReadAdvancedCheck("PipeTrace", ui.chkPipeTrace, "*");
ReadAdvancedCheck("KeyTrace", ui.chkKeyTrace, "*");
ReadAdvancedCheck("IpcTrace", ui.chkIpcTrace, "*");
ReadAdvancedCheck("GuiTrace", ui.chkGuiTrace, "*");
ReadAdvancedCheck("ClsidTrace", ui.chkComTrace, "*");
ui.chkDbgTrace->setChecked(m_pBox->GetBool("DebugTrace", false));
ui.chkErrTrace->setChecked(m_pBox->GetBool("ErrorTrace", false));
ui.chkApiTrace->setChecked(pBoxPlus->HasLogApi());
}
ui.chkHideOtherBoxes->setChecked(m_pBox->GetBool("HideOtherBoxes", false));
QStringList Processes = m_pBox->GetTextList("HideHostProcess", m_Template);
@ -585,10 +607,18 @@ void COptionsWindow::SaveConfig()
m_pBox->SetBool("BlockNetworkFiles", ui.chkBlockNetShare->isChecked());
m_pBox->SetBool("BlockNetParam", ui.chkBlockNetParam->isChecked());
m_pBox->SetBool("DropAdminRights", ui.chkDropRights->isChecked());
m_pBox->SetBool("FakeAdminRights", ui.chkFakeElevation->isChecked());
m_pBox->SetBool("ClosePrintSpooler", ui.chkBlockSpooler->isChecked());
m_pBox->SetBool("OpenPrintSpooler", ui.chkOpenSpooler->isChecked());
m_pBox->SetBool("AllowSpoolerPrintToFile", ui.chkPrintToFile->isChecked());
WriteAdvancedCheck(ui.chkOpenProtectedStorage, "OpenProtectedStorage", "y", "");
if (ui.chkOpenCredentials->isEnabled())
WriteAdvancedCheck(ui.chkOpenCredentials, "OpenCredentials", "y", "");
WriteAdvancedCheck(ui.chkOpenSmartCard, "OpenSmartCard", "", "n");
WriteAdvancedCheck(ui.chkOpenBluetooth, "OpenBluetooth", "y", "");
QStringList StartProgram;
QStringList StartService;
@ -616,6 +646,10 @@ void COptionsWindow::SaveConfig()
m_pBox->SetBool("NeverDelete", ui.chkProtectBox->isChecked());
m_pBox->SetBool("AutoDelete", ui.chkAutoEmpty->isChecked());
m_pBox->SetBool("AllowRawDiskRead", ui.chkRawDiskRead->isChecked());
m_pBox->SetBool("NotifyDirectDiskAccess", ui.chkRawDiskNotify->isChecked());
m_GeneralChanged = false;
}
@ -658,12 +692,10 @@ void COptionsWindow::SaveConfig()
WriteAdvancedCheck(ui.chkRestrictServices, "RunServicesAsSystem", "", "y");
WriteAdvancedCheck(ui.chkProtectSystem, "ExposeBoxedSystem", "", "y");
WriteAdvancedCheck(ui.chkOpenProtectedStorage, "OpenProtectedStorage", "y", "");
if(ui.chkOpenCredentials->isEnabled())
WriteAdvancedCheck(ui.chkOpenCredentials, "OpenCredentials", "y", "");
WriteAdvancedCheck(ui.chkOpenSmartCard, "OpenSmartCard", "", "n");
WriteAdvancedCheck(ui.chkOpenBluetooth, "OpenBluetooth", "y", "");
//WriteAdvancedCheck(ui.chkOpenLsaEndpoint, "OpenLsaEndpoint", "y", "");
//WriteAdvancedCheck(ui.chkOpenDevCMApi, "OpenDevCMApi", "n", "");
//WriteAdvancedCheck(ui.chkOpenLsaSSPI, "BlockPassword", "", "n"); // OpenLsaSSPI
//WriteAdvancedCheck(ui.chkOpenSamEndpoint, "OpenSamEndpoint", "n", "");
//WriteAdvancedCheck(ui.chkOpenLsaEndpoint, "OpenLsaEndpoint", "n", "");
WriteAdvancedCheck(ui.chkAddToJob, "NoAddProcessToJob", "", "y");
@ -673,15 +705,19 @@ void COptionsWindow::SaveConfig()
m_pBox->UpdateTextList("AutoExec", AutoExec, m_Template);
WriteAdvancedCheck(ui.chkFileTrace, "FileTrace", "*");
WriteAdvancedCheck(ui.chkPipeTrace, "PipeTrace", "*");
WriteAdvancedCheck(ui.chkKeyTrace, "KeyTrace", "*");
WriteAdvancedCheck(ui.chkIpcTrace, "IpcTrace", "*");
WriteAdvancedCheck(ui.chkGuiTrace, "GuiTrace", "*");
WriteAdvancedCheck(ui.chkComTrace, "ClsidTrace", "*");
WriteAdvancedCheck(ui.chkDbgTrace, "DebugTrace", "y");
WriteAdvancedCheck(ui.chkErrTrace, "ErrorTrace", "y");
QSharedPointer<CSandBoxPlus> pBoxPlus = m_pBox.objectCast<CSandBoxPlus>();
if (pBoxPlus)
{
WriteAdvancedCheck(ui.chkFileTrace, "FileTrace", "*");
WriteAdvancedCheck(ui.chkPipeTrace, "PipeTrace", "*");
WriteAdvancedCheck(ui.chkKeyTrace, "KeyTrace", "*");
WriteAdvancedCheck(ui.chkIpcTrace, "IpcTrace", "*");
WriteAdvancedCheck(ui.chkGuiTrace, "GuiTrace", "*");
WriteAdvancedCheck(ui.chkComTrace, "ClsidTrace", "*");
WriteAdvancedCheck(ui.chkDbgTrace, "DebugTrace", "y");
WriteAdvancedCheck(ui.chkErrTrace, "ErrorTrace", "y");
pBoxPlus->SetLogApi(ui.chkApiTrace->isChecked());
}
WriteAdvancedCheck(ui.chkHideOtherBoxes, "HideOtherBoxes");

5942
SandboxiePlus/SandMan/sandman_de.ts
View File

File diff suppressed because it is too large Load Diff

2952
SandboxiePlus/SandMan/sandman_es.ts Normal file
View File

File diff suppressed because it is too large Load Diff

608
SandboxiePlus/SandMan/sandman_pl.ts
View File

File diff suppressed because it is too large Load Diff

608
SandboxiePlus/SandMan/sandman_pt.ts
View File

File diff suppressed because it is too large Load Diff

133
SandboxiePlus/SandMan/sandman_ru.ts
View File

@ -1,21 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE TS>
<TS version="2.1" language="ru">
<context>
<name>CApiMonModel</name>
<message>
<source>Message</source>
<translation type="vanished">Сообщение</translation>
</message>
<message>
<source>Time Stamp</source>
<translation type="vanished">Временная метка</translation>
</message>
<message>
<source>Process</source>
<translation type="vanished">Процесс</translation>
</message>
</context>
<context>
<name>CMultiErrorDialog</name>
<message>
@ -431,8 +416,8 @@
<message>
<source>Do you want to allow %4 (%5) to copy a %1 large file into sandbox: %2?
File name: %3</source>
<translation type="vanished">Разрешить%4 (%5) копировать большой файл %1 в песочницу:%2?
Имя файла:%3</translation>
<translation type="vanished">Разрешить %4 (%5) копировать большой файл %1 в песочницу: %2?
Имя файла: %3</translation>
</message>
<message>
<source>Do you want to allow %1 (%2) access to the internet?
@ -571,7 +556,7 @@ Full path: %4</source>
</message>
<message>
<source>Empty</source>
<translation type="unfinished"></translation>
<translation>Пусто</translation>
</message>
</context>
<context>
@ -648,10 +633,6 @@ Full path: %4</source>
<source>Do you want to check if there is a new version of Sandboxie-Plus?</source>
<translation>Вы хотите проверить, есть ли новая версия Sandboxie-Plus?</translation>
</message>
<message>
<source>Cleanup Api Call Log</source>
<translation type="vanished">Очистить журнал вызовов API</translation>
</message>
<message>
<source>Simple View</source>
<translation>Простой вид</translation>
@ -716,10 +697,6 @@ Full path: %4</source>
<source>Failed to download update from: %1</source>
<translation>Не удалось загрузить обновление с: %1</translation>
</message>
<message>
<source>Api Call Log</source>
<translation type="vanished">Журнал вызовов API</translation>
</message>
<message>
<source>Stop Driver</source>
<translation>Остановить драйвер</translation>
@ -754,10 +731,6 @@ Full path: %4</source>
<source>Online Documentation</source>
<translation>Онлайн-документация</translation>
</message>
<message>
<source>Ignore this update, notify me about the next one.</source>
<translation type="vanished">Игнорировать это обновление, сообщить мне о следующем.</translation>
</message>
<message>
<source>Please enter the duration for disabling forced programs.</source>
<translation>Введите продолжительность принудительного отключения программ.</translation>
@ -802,10 +775,6 @@ Full path: %4</source>
<source>A sandbox must be emptied before it can be renamed.</source>
<translation>Перед переименованием песочницу необходимо очистить.</translation>
</message>
<message>
<source>API Call Logging</source>
<translation type="vanished">Ведение журнала вызовов API</translation>
</message>
<message>
<source>Loaded Config: %1</source>
<translation>Загруженная конфигурация: %1</translation>
@ -958,14 +927,6 @@ Full path: %4</source>
<source>Checking for updates...</source>
<translation>Проверка обновлений...</translation>
</message>
<message>
<source>No sandboxes found; creating: %1</source>
<translation type="vanished">Песочниц не найдено; создание: %1</translation>
</message>
<message>
<source>Cleanup Resource Log</source>
<translation type="vanished">Очистить журнал ресурсов</translation>
</message>
<message>
<source>Cleanup Message Log</source>
<translation>Очистить журнал сообщений</translation>
@ -1086,12 +1047,6 @@ Full path: %4</source>
<source>Do this for all files!</source>
<translation>Сделать это для всех файлов!</translation>
</message>
<message>
<source>To use API logging you must first set up the LogApiDll from https://github.com/sandboxie-plus/LogApiDll with one or more sandboxes.
Please download the latest release and set it up with the Sandboxie.ini as instructed in the README.md of the project.</source>
<translation type="vanished">Чтобы использовать ведение журнала API, вы должны сначала настроить LogApiDll из https://github.com/sandboxie-plus/LogApiDll с одной или несколькими песочницами.
Загрузите последний выпуск и настройте его с помощью Sandboxie.ini, как указано в README.md проекта.</translation>
</message>
<message>
<source>No new updates found, your Sandboxie-Plus is up-to-date.</source>
<translation>Новых обновлений не обнаружено, ваша Sandboxie-Plus актуальна.</translation>
@ -1174,7 +1129,7 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
</message>
<message>
<source>Cleanup Trace Log</source>
<translation type="unfinished"></translation>
<translation>Очистка журнала трассировки</translation>
</message>
</context>
<context>
@ -1285,7 +1240,7 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
</message>
<message>
<source>Enable API Call logging</source>
<translation>Включить ведение журнала вызовов API</translation>
<translation type="vanished">Включить ведение журнала вызовов API</translation>
</message>
<message>
<source>[None]</source>
@ -1444,6 +1399,14 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
</message>
<message>
<source>Run Cmd.exe as Admin</source>
<translation>Запуск Cmd.exe от имени администратора</translation>
</message>
<message>
<source>Ask for UAC Elevation</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Emulate Admin Rights</source>
<translation type="unfinished"></translation>
</message>
</context>
@ -1666,7 +1629,7 @@ If leader processes are defined, all others are treated as lingering processes.<
</message>
<message>
<source>General restrictions</source>
<translation>Общие ограничения</translation>
<translation type="vanished">Общие ограничения</translation>
</message>
<message>
<source>Move Up</source>
@ -2049,7 +2012,7 @@ Note: Forced Programs and Force Folders settings for a sandbox do not apply to
</message>
<message>
<source>Printing</source>
<translation>Печать</translation>
<translation type="vanished">Печать</translation>
</message>
<message>
<source>Remove spooler restriction, printers can be installed outside the sandbox</source>
@ -2081,7 +2044,7 @@ Note: Forced Programs and Force Folders settings for a sandbox do not apply to
</message>
<message>
<source>Lift security restrictions</source>
<translation>Снять ограничения безопасности</translation>
<translation type="vanished">Снять ограничения безопасности</translation>
</message>
<message>
<source>Sandbox isolation</source>
@ -2101,6 +2064,62 @@ Note: Forced Programs and Force Folders settings for a sandbox do not apply to
</message>
<message>
<source>Log all SetError&apos;s to Trace log</source>
<translation type="vanished">Записывать все SetError в журнал трассировки</translation>
</message>
<message>
<source>Elevation restrictions</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Make applications think thay are running elevated (allows to run installers safely)</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Network restrictions</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>(Recommended)</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Security note: Elevated applications running under the supervision of Sandboxie, with an admin token, have more opportunities to bypass isolation and modify the system outside the sandbox.</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Raw Disk access</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Allow elevated sandboxed applications to read the harddrive</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Warn when an application opens a harddrive handle</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Access Options</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Other restrictions</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Printing restrictions</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>API call trace (requirers logapi to be installed in the sbie dir)</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Log all SetError&apos;s to Trace log (creates a lot of output)</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Ntdll syscall Trace (creates a lot of output)</source>
<translation type="unfinished"></translation>
</message>
</context>
@ -2147,10 +2166,6 @@ Note: Forced Programs and Force Folders settings for a sandbox do not apply to
<source>Close</source>
<translation>Закрыть</translation>
</message>
<message>
<source>SandboxiePlus Settings</source>
<translation type="vanished">Настройки SandboxiePlus</translation>
</message>
<message>
<source>Add Folder</source>
<translation>Добавить папку</translation>
@ -2373,10 +2388,6 @@ Note: Forced Programs and Force Folders settings for a sandbox do not apply to
<source>Remove Snapshot</source>
<translation>Удалить снимок</translation>
</message>
<message>
<source>SandboxiePlus Settings</source>
<translation type="vanished">Настройки SandboxiePlus</translation>
</message>
<message>
<source>Description:</source>
<translation>Описание:</translation>

129
SandboxiePlus/SandMan/sandman_tr.ts
View File

@ -1,21 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE TS>
<TS version="2.1" language="tr">
<context>
<name>CApiMonModel</name>
<message>
<source>Message</source>
<translation type="vanished">Mesaj</translation>
</message>
<message>
<source>Time Stamp</source>
<translation type="vanished">Zaman Damgası</translation>
</message>
<message>
<source>Process</source>
<translation type="vanished">İşlem</translation>
</message>
</context>
<context>
<name>CMultiErrorDialog</name>
<message>
@ -571,7 +556,7 @@ Full path: %4</source>
</message>
<message>
<source>Empty</source>
<translation type="unfinished"></translation>
<translation>Boş</translation>
</message>
</context>
<context>
@ -648,10 +633,6 @@ Full path: %4</source>
<source>Do you want to check if there is a new version of Sandboxie-Plus?</source>
<translation>Sandboxie-Plus&apos;ın yeni sürümünü kontrol etmek ister misiniz?</translation>
</message>
<message>
<source>Cleanup Api Call Log</source>
<translation type="vanished">Api Çağrı Günlüğünü Temizle</translation>
</message>
<message>
<source>Simple View</source>
<translation>Basit Görünüm</translation>
@ -716,10 +697,6 @@ Full path: %4</source>
<source>Failed to download update from: %1</source>
<translation>%1&apos;den güncelleme indirilemedi</translation>
</message>
<message>
<source>Api Call Log</source>
<translation type="vanished">Api Çağrı Günlüğü</translation>
</message>
<message>
<source>Stop Driver</source>
<translation>Sürücüyü Durdur</translation>
@ -754,10 +731,6 @@ Full path: %4</source>
<source>Online Documentation</source>
<translation>Çevrimiçi Belgeler</translation>
</message>
<message>
<source>Ignore this update, notify me about the next one.</source>
<translation type="vanished">Bu güncellemeyi yoksay, bir sonrakini bana bildir.</translation>
</message>
<message>
<source>Please enter the duration for disabling forced programs.</source>
<translation>Zorlanmış programların devre dışı bırakma süresini girin.</translation>
@ -802,10 +775,6 @@ Full path: %4</source>
<source>A sandbox must be emptied before it can be renamed.</source>
<translation>Bir korumalı kutu, yeniden adlandırılmadan önce boşaltılmalıdır.</translation>
</message>
<message>
<source>API Call Logging</source>
<translation type="vanished">API Çağrı Günlüğü</translation>
</message>
<message>
<source>Loaded Config: %1</source>
<translation>Yüklü Yapılandırma: %1</translation>
@ -958,14 +927,6 @@ Full path: %4</source>
<source>Checking for updates...</source>
<translation>Güncellemeler kontrol ediliyor...</translation>
</message>
<message>
<source>No sandboxes found; creating: %1</source>
<translation type="vanished">Korumalı kutu bulunamadı; oluşturuluyor: %1</translation>
</message>
<message>
<source>Cleanup Resource Log</source>
<translation type="vanished">Kaynak Günlüğünü Temizle</translation>
</message>
<message>
<source>Cleanup Message Log</source>
<translation>Mesaj Günlüğünü Temizle</translation>
@ -1086,12 +1047,6 @@ Full path: %4</source>
<source>Do this for all files!</source>
<translation>Bunu tüm dosyalar için yap!</translation>
</message>
<message>
<source>To use API logging you must first set up the LogApiDll from https://github.com/sandboxie-plus/LogApiDll with one or more sandboxes.
Please download the latest release and set it up with the Sandboxie.ini as instructed in the README.md of the project.</source>
<translation type="vanished">API günlüğünü kullanmak için önce https://github.com/sandboxie-plus/LogApiDll adresinden bir veya daha fazla korumalı kutu ile LogApiDll&apos;yi kurmanız gerekir.
Lütfen en son sürümü indirin ve projenin README.md dosyasında belirtildiği gibi Sandboxie.ini ile kurun.</translation>
</message>
<message>
<source>No new updates found, your Sandboxie-Plus is up-to-date.</source>
<translation>Yeni güncelleme bulunamadı, Sandboxie-Plus&apos;ınız güncel.</translation>
@ -1174,7 +1129,7 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
</message>
<message>
<source>Cleanup Trace Log</source>
<translation type="unfinished"></translation>
<translation>İzleme Günlüğünü Temizle</translation>
</message>
</context>
<context>
@ -1285,7 +1240,7 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
</message>
<message>
<source>Enable API Call logging</source>
<translation>API Çağrısı günlük kaydını etkinleştir</translation>
<translation type="vanished">API Çağrısı günlük kaydını etkinleştir</translation>
</message>
<message>
<source>[None]</source>
@ -1444,6 +1399,14 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
</message>
<message>
<source>Run Cmd.exe as Admin</source>
<translation>Cmd.exe yi yönetici olarak çalıştır</translation>
</message>
<message>
<source>Ask for UAC Elevation</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Emulate Admin Rights</source>
<translation type="unfinished"></translation>
</message>
</context>
@ -1666,7 +1629,7 @@ If leader processes are defined, all others are treated as lingering processes.<
</message>
<message>
<source>General restrictions</source>
<translation>Genel kısıtlamalar</translation>
<translation type="vanished">Genel kısıtlamalar</translation>
</message>
<message>
<source>Move Up</source>
@ -2049,7 +2012,7 @@ Not: Bir korumalı kutuya ilişkin Zorlanmış Programlar ve Zorlanmış Dizinle
</message>
<message>
<source>Printing</source>
<translation>Yazdırma</translation>
<translation type="vanished">Yazdırma</translation>
</message>
<message>
<source>Remove spooler restriction, printers can be installed outside the sandbox</source>
@ -2081,7 +2044,7 @@ Not: Bir korumalı kutuya ilişkin Zorlanmış Programlar ve Zorlanmış Dizinle
</message>
<message>
<source>Lift security restrictions</source>
<translation>Güvenlik kısıtlamalarını kaldır</translation>
<translation type="vanished">Güvenlik kısıtlamalarını kaldır</translation>
</message>
<message>
<source>Sandbox isolation</source>
@ -2101,6 +2064,62 @@ Not: Bir korumalı kutuya ilişkin Zorlanmış Programlar ve Zorlanmış Dizinle
</message>
<message>
<source>Log all SetError&apos;s to Trace log</source>
<translation type="vanished">Tüm SetError ları logla</translation>
</message>
<message>
<source>Elevation restrictions</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Make applications think thay are running elevated (allows to run installers safely)</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Network restrictions</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>(Recommended)</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Security note: Elevated applications running under the supervision of Sandboxie, with an admin token, have more opportunities to bypass isolation and modify the system outside the sandbox.</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Raw Disk access</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Allow elevated sandboxed applications to read the harddrive</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Warn when an application opens a harddrive handle</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Access Options</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Other restrictions</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Printing restrictions</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>API call trace (requirers logapi to be installed in the sbie dir)</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Log all SetError&apos;s to Trace log (creates a lot of output)</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Ntdll syscall Trace (creates a lot of output)</source>
<translation type="unfinished"></translation>
</message>
</context>
@ -2147,10 +2166,6 @@ Not: Bir korumalı kutuya ilişkin Zorlanmış Programlar ve Zorlanmış Dizinle
<source>Close</source>
<translation>Kapat</translation>
</message>
<message>
<source>SandboxiePlus Settings</source>
<translation type="vanished">SandboxiePlus Ayarları</translation>
</message>
<message>
<source>Add Folder</source>
<translation>Dizin ekle</translation>
@ -2373,10 +2388,6 @@ Not: Bir korumalı kutuya ilişkin Zorlanmış Programlar ve Zorlanmış Dizinle
<source>Remove Snapshot</source>
<translation>Anlık Görüntüyü Kaldır</translation>
</message>
<message>
<source>SandboxiePlus Settings</source>
<translation type="vanished">SandboxiePlus Ayarları</translation>
</message>
<message>
<source>Description:</source>
<translation>ıklama:</translation>

70
SandboxiePlus/SandMan/sandman_zh-CN.ts
View File

@ -1284,7 +1284,7 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
</message>
<message>
<source>Enable API Call logging</source>
<translation>API调用日志</translation>
<translation type="vanished">API调用日志</translation>
</message>
<message>
<source>[None]</source>
@ -1444,6 +1444,14 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
<source>Run Cmd.exe as Admin</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Ask for UAC Elevation</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Emulate Admin Rights</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>CSettingsWindow</name>
@ -1672,7 +1680,7 @@ If leader processes are defined, all others are treated as lingering processes.<
</message>
<message>
<source>General restrictions</source>
<translation></translation>
<translation type="vanished"></translation>
</message>
<message>
<source>Move Up</source>
@ -2028,7 +2036,7 @@ Note: Forced Programs and Force Folders settings for a sandbox do not apply to
</message>
<message>
<source>Printing</source>
<translation></translation>
<translation type="vanished"></translation>
</message>
<message>
<source>Remove spooler restriction, printers can be installed outside the sandbox</source>
@ -2060,7 +2068,7 @@ Note: Forced Programs and Force Folders settings for a sandbox do not apply to
</message>
<message>
<source>Lift security restrictions</source>
<translation></translation>
<translation type="vanished"></translation>
</message>
<message>
<source>Sandbox isolation</source>
@ -2097,7 +2105,59 @@ instead of &quot;*&quot;.</source>
<translation>访</translation>
</message>
<message>
<source>Log all SetError&apos;s to Trace log</source>
<source>Elevation restrictions</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Make applications think thay are running elevated (allows to run installers safely)</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Network restrictions</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>(Recommended)</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Security note: Elevated applications running under the supervision of Sandboxie, with an admin token, have more opportunities to bypass isolation and modify the system outside the sandbox.</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Raw Disk access</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Allow elevated sandboxed applications to read the harddrive</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Warn when an application opens a harddrive handle</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Access Options</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Other restrictions</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Printing restrictions</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>API call trace (requirers logapi to be installed in the sbie dir)</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Log all SetError&apos;s to Trace log (creates a lot of output)</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Ntdll syscall Trace (creates a lot of output)</source>
<translation type="unfinished"></translation>
</message>
</context>

70
SandboxiePlus/SandMan/sandman_zh-TW.ts
View File

@ -1296,7 +1296,7 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
</message>
<message>
<source>Enable API Call logging</source>
<translation> API </translation>
<translation type="vanished"> API </translation>
</message>
<message>
<source>[None]</source>
@ -1456,6 +1456,14 @@ Please download the latest release and set it up with the Sandboxie.ini as instr
<source>Run Cmd.exe as Admin</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Ask for UAC Elevation</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Emulate Admin Rights</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>CSettingsWindow</name>
@ -1688,7 +1696,7 @@ If leader processes are defined, all others are treated as lingering processes.<
</message>
<message>
<source>General restrictions</source>
<translation></translation>
<translation type="vanished"></translation>
</message>
<message>
<source>Move Up</source>
@ -2044,7 +2052,7 @@ Note: Forced Programs and Force Folders settings for a sandbox do not apply to
</message>
<message>
<source>Printing</source>
<translation></translation>
<translation type="vanished"></translation>
</message>
<message>
<source>Remove spooler restriction, printers can be installed outside the sandbox</source>
@ -2076,7 +2084,7 @@ Note: Forced Programs and Force Folders settings for a sandbox do not apply to
</message>
<message>
<source>Lift security restrictions</source>
<translation></translation>
<translation type="vanished"></translation>
</message>
<message>
<source>Sandbox isolation</source>
@ -2113,7 +2121,59 @@ instead of &quot;*&quot;.</source>
<translation></translation>
</message>
<message>
<source>Log all SetError&apos;s to Trace log</source>
<source>Elevation restrictions</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Make applications think thay are running elevated (allows to run installers safely)</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Network restrictions</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>(Recommended)</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Security note: Elevated applications running under the supervision of Sandboxie, with an admin token, have more opportunities to bypass isolation and modify the system outside the sandbox.</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Raw Disk access</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Allow elevated sandboxed applications to read the harddrive</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Warn when an application opens a harddrive handle</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Access Options</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Other restrictions</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Printing restrictions</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>API call trace (requirers logapi to be installed in the sbie dir)</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Log all SetError&apos;s to Trace log (creates a lot of output)</source>
<translation type="unfinished"></translation>
</message>
<message>
<source>Ntdll syscall Trace (creates a lot of output)</source>
<translation type="unfinished"></translation>
</message>
</context>

39
SandboxiePlus/SandboxiePlus.sln
View File

@ -18,57 +18,58 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
ProjectSection(SolutionItems) = preProject
..\CHANGELOG.md = ..\CHANGELOG.md
..\TODO.md = ..\TODO.md
version.h = version.h
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "QtSingleApp", "QtSingleApp\qtsingleapp\qtsingleapp\qtsingleapp.vcxproj", "{B12702AD-ABFB-343A-A199-8E24837244A3}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|x64 = Debug|x64
Debug|Win32 = Debug|Win32
Release|x64 = Release|x64
Debug|x64 = Debug|x64
Release|Win32 = Release|Win32
Release|x64 = Release|x64
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{B7A8576D-A08A-4A97-84E8-013DAF4D4F1F}.Debug|x64.ActiveCfg = Debug|x64
{B7A8576D-A08A-4A97-84E8-013DAF4D4F1F}.Debug|x64.Build.0 = Debug|x64
{B7A8576D-A08A-4A97-84E8-013DAF4D4F1F}.Debug|Win32.ActiveCfg = Debug|Win32
{B7A8576D-A08A-4A97-84E8-013DAF4D4F1F}.Debug|Win32.Build.0 = Debug|Win32
{B7A8576D-A08A-4A97-84E8-013DAF4D4F1F}.Release|x64.ActiveCfg = Release|x64
{B7A8576D-A08A-4A97-84E8-013DAF4D4F1F}.Release|x64.Build.0 = Release|x64
{B7A8576D-A08A-4A97-84E8-013DAF4D4F1F}.Debug|x64.ActiveCfg = Debug|x64
{B7A8576D-A08A-4A97-84E8-013DAF4D4F1F}.Debug|x64.Build.0 = Debug|x64
{B7A8576D-A08A-4A97-84E8-013DAF4D4F1F}.Release|Win32.ActiveCfg = Release|Win32
{B7A8576D-A08A-4A97-84E8-013DAF4D4F1F}.Release|Win32.Build.0 = Release|Win32
{1433EC85-BDA4-402E-BEC1-48611206A64A}.Debug|x64.ActiveCfg = Debug|x64
{1433EC85-BDA4-402E-BEC1-48611206A64A}.Debug|x64.Build.0 = Debug|x64
{B7A8576D-A08A-4A97-84E8-013DAF4D4F1F}.Release|x64.ActiveCfg = Release|x64
{B7A8576D-A08A-4A97-84E8-013DAF4D4F1F}.Release|x64.Build.0 = Release|x64
{1433EC85-BDA4-402E-BEC1-48611206A64A}.Debug|Win32.ActiveCfg = Debug|Win32
{1433EC85-BDA4-402E-BEC1-48611206A64A}.Debug|Win32.Build.0 = Debug|Win32
{1433EC85-BDA4-402E-BEC1-48611206A64A}.Release|x64.ActiveCfg = Release|x64
{1433EC85-BDA4-402E-BEC1-48611206A64A}.Release|x64.Build.0 = Release|x64
{1433EC85-BDA4-402E-BEC1-48611206A64A}.Debug|x64.ActiveCfg = Debug|x64
{1433EC85-BDA4-402E-BEC1-48611206A64A}.Debug|x64.Build.0 = Debug|x64
{1433EC85-BDA4-402E-BEC1-48611206A64A}.Release|Win32.ActiveCfg = Release|Win32
{1433EC85-BDA4-402E-BEC1-48611206A64A}.Release|Win32.Build.0 = Release|Win32
{7AB8215A-59A4-4B8B-8090-16C87A860429}.Debug|x64.ActiveCfg = Debug|x64
{7AB8215A-59A4-4B8B-8090-16C87A860429}.Debug|x64.Build.0 = Debug|x64
{1433EC85-BDA4-402E-BEC1-48611206A64A}.Release|x64.ActiveCfg = Release|x64
{1433EC85-BDA4-402E-BEC1-48611206A64A}.Release|x64.Build.0 = Release|x64
{7AB8215A-59A4-4B8B-8090-16C87A860429}.Debug|Win32.ActiveCfg = Debug|Win32
{7AB8215A-59A4-4B8B-8090-16C87A860429}.Debug|Win32.Build.0 = Debug|Win32
{7AB8215A-59A4-4B8B-8090-16C87A860429}.Release|x64.ActiveCfg = Release|x64
{7AB8215A-59A4-4B8B-8090-16C87A860429}.Release|x64.Build.0 = Release|x64
{7AB8215A-59A4-4B8B-8090-16C87A860429}.Debug|x64.ActiveCfg = Debug|x64
{7AB8215A-59A4-4B8B-8090-16C87A860429}.Debug|x64.Build.0 = Debug|x64
{7AB8215A-59A4-4B8B-8090-16C87A860429}.Release|Win32.ActiveCfg = Release|Win32
{7AB8215A-59A4-4B8B-8090-16C87A860429}.Release|Win32.Build.0 = Release|Win32
{B12702AD-ABFB-343A-A199-8E24837244A3}.Debug|x64.ActiveCfg = Debug|x64
{B12702AD-ABFB-343A-A199-8E24837244A3}.Debug|x64.Build.0 = Debug|x64
{7AB8215A-59A4-4B8B-8090-16C87A860429}.Release|x64.ActiveCfg = Release|x64
{7AB8215A-59A4-4B8B-8090-16C87A860429}.Release|x64.Build.0 = Release|x64
{B12702AD-ABFB-343A-A199-8E24837244A3}.Debug|Win32.ActiveCfg = Debug|Win32
{B12702AD-ABFB-343A-A199-8E24837244A3}.Debug|Win32.Build.0 = Debug|Win32
{B12702AD-ABFB-343A-A199-8E24837244A3}.Release|x64.ActiveCfg = Release|x64
{B12702AD-ABFB-343A-A199-8E24837244A3}.Release|x64.Build.0 = Release|x64
{B12702AD-ABFB-343A-A199-8E24837244A3}.Debug|x64.ActiveCfg = Debug|x64
{B12702AD-ABFB-343A-A199-8E24837244A3}.Debug|x64.Build.0 = Debug|x64
{B12702AD-ABFB-343A-A199-8E24837244A3}.Release|Win32.ActiveCfg = Release|Win32
{B12702AD-ABFB-343A-A199-8E24837244A3}.Release|Win32.Build.0 = Release|Win32
{B12702AD-ABFB-343A-A199-8E24837244A3}.Release|x64.ActiveCfg = Release|x64
{B12702AD-ABFB-343A-A199-8E24837244A3}.Release|x64.Build.0 = Release|x64
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
Qt5Version = msvc2015_64
SolutionGuid = {1DAAF42A-43C6-40CB-848F-DF67122CD602}
Qt5Version = msvc2015_64
EndGlobalSection
GlobalSection(SubversionScc) = preSolution
Svn-Managed = True

2
SandboxiePlus/version.h
View File

@ -2,7 +2,7 @@
#define VERSION_MJR 0
#define VERSION_MIN 7
#define VERSION_REV 0
#define VERSION_REV 1
#define VERSION_UPD 0
#ifndef STR