mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

This commit is contained in:
DavidXanatos 2020-11-28 17:20:56 +01:00
parent 8df6170601
commit dc0e3dc617
179 changed files with 6117 additions and 1680 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
CHANGELOG.md
View File

@ -3,6 +3,46 @@ All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/).
## [0.5.0 / 5.45.0] - 2020-11-28
### Added
- added new notification window
- added user interactive control mechanism when using the new SandMan UI
-- when a file exeeds the copy limit instead of failing, the user is prompted if the file should be copied or not
-- when internet access is blocked it now can be exempted in real time by the user
- added missing file recovery and auto/quick recovery functionality
- added silent MSG_1399 boxed process start notification to keep track of short lived boxed processes
- added ability to prvent system wide process starts, sandboxie can now instead of just alerting also block processed on the alert list
-- set "StartRunAlertDenied=y" to enable prcess blocking
- the process start alert/block mechanism can now also handle folders use "AlertFolder=..."
- added ability to merge snapshots
- added icons to the sandbox context menu in the new UI
- added more advanced options to the sandbox options window
- added file migration progress indicator
- added more run commands and custom run commands per sandbox
-- the the box settings users can now speficy programs to be available from the box run menu
-- also processes can be pinned to that list from the presets menu
- added more windows 10 specific template presets
- added ability to create desktop shortcuts to sandboxed items
- added icons to box option tabs
### Changed
- File migration limit can now be disabled by specifying "CopyLimitKb=-1"
- improved and refactored mesage logging mechanism, reducing memory usage by factor of 2
- terminated boxed processes are now kept listed for a coupel of seconds
- reworked sandbox dletion mechaism ofthe new UI
- restructured sandbox options window
### Fixed
- fixed issues migrating files > 4GB
- fixed a issue that would allow a maliciosue application to bypass the internet blockade
- fixed issue when logging messages from a non sandboxed process, added process_id parameter to API_LOG_MESSAGE_ARGS
- fixed issues with localization
- fixed issue using file recovery in legacy ui SbieCtrl.exe when "SeparateUserFolders=n" is set
- when a program is blocked from starting due to restrictions no redundant messages are issues anymore
- fixed UI not properly displaying async errors
- fixed issues when a snapshot operation failed
- fixed some special cases of IpcPath and WinClass in the new UI
## [0.4.5 / 5.44.1] - 2020-11-16

1
Sandboxie/apps/com/DcomLaunch/dcomlaunch.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/apps/com/RpcSs/linger.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/apps/common/RunBrowser.cpp
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/apps/control/AboutDialog.cpp
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

13
Sandboxie/apps/control/BoxFile.cpp
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -358,17 +359,19 @@ CString CBoxFile::GetCopyPathForTruePath(const WCHAR *TruePath) const
{
ULONG TruePath_len = wcslen(TruePath);
for (int index = -4; index < 26; ++index) {
BOOLEAN SeparateUserFolders = SbieApi_QueryConfBool(m_name, L"SeparateUserFolders", TRUE);
for (int index = SeparateUserFolders ? -4 : -1; index < 26; ++index) {
const WCHAR *prefix = NULL;
if (index == -4)
prefix = L"\\device\\mup";
prefix = SbieDll_GetUserPathEx(L'p');
else if (index == -3)
prefix = SbieDll_GetUserPathEx(L'a');
else if (index == -2)
prefix = SbieDll_GetUserPathEx(L'c');
else if (index == -1)
prefix = SbieDll_GetUserPathEx(L'p');
prefix = L"\\device\\mup";
else
prefix = SbieDll_GetDrivePath(index);
if (! prefix)
@ -381,13 +384,13 @@ CString CBoxFile::GetCopyPathForTruePath(const WCHAR *TruePath) const
CString CopyPath(m_FilePath);
if (index == -4)
CopyPath += L"\\share";
CopyPath += L"\\user\\public";
else if (index == -3)
CopyPath += L"\\user\\all";
else if (index == -2)
CopyPath += L"\\user\\current";
else if (index == -1)
CopyPath += L"\\user\\public";
CopyPath += L"\\share";
else {
WCHAR letter = L'a' + index;
CopyPath += L"\\drive\\";

44
Sandboxie/apps/control/MessageDialog.cpp
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -29,6 +30,7 @@
#include "common/win32_ntddk.h"
#include "common/my_version.h"
#include "core/drv/api_defs.h"
#include "core/svc/InteractiveWire.h"
//---------------------------------------------------------------------------
@ -255,25 +257,36 @@ void CMessageDialog::OnTimer()
ULONG message_number = m_last_message_number;
ULONG code = -1;
ULONG pid = 0;
LONG status = SbieApi_GetMessage(&message_number, CMyApp::m_session_id, &code, &pid, m_buf, len);
ULONG status = SbieApi_GetMessage(&message_number, CMyApp::m_session_id, &code, &pid, m_buf, len);
if (status != 0)
break; // error or no more entries
//if (message_number != m_last_message_number + 1)
// we missed something
m_last_message_number = message_number;
if (code == 0)
continue; // empty dummy
if (/*code == MSG_2199 &&*/ m_firsttime)
continue;
//
// ignore file migration progress notifications
if (code == MSG_2198)
continue;
//
// ignore boxed process start notification
if (code == MSG_1399)
continue;
WCHAR *str1 = m_buf;
ULONG str1_len = wcslen(str1);
WCHAR *str2 = str1 + str1_len + 1;
ULONG str2_len = wcslen(str2);
//
// ignore MANPROXY errors the legacy UI does not support interactive prompts
if (code == MSG_2203 && wcsncmp(str1, L"*" INTERACTIVE_QUEUE_NAME L"_", 10) == 0)
continue;
if (IsHiddenMessage(code, str1, str2))
continue;
@ -695,7 +708,8 @@ void CMessageDialog::OnListDoubleClick()
DWORD process_id = _wtoi(sPid.GetString());
// tell driver to allow spooler print to file for this process
LONG rc = SbieApi_CallOne(API_ALLOW_SPOOLER_PRINT_TO_FILE, (ULONG_PTR)(process_id));
ULONG NewState = TRUE;
LONG rc = SbieApi_ProcessExemptionControl((HANDLE)process_id, 'splr', &NewState, NULL);
sbie.Format(SBIE_IN_MSGS L"%04d", 1319);
DiscardMessages(sbie, detail);
sbie.Format(SBIE_IN_MSGS L"%04d", 1320);
@ -877,14 +891,6 @@ void CMessageDialog::DoRecovery()
msg = (MsgEntry *)m_queue.RemoveHead();
WCHAR *space = wcschr(msg->str1, L' ');
if (! space) {
delete msg;
return;
}
*space = L'\0';
++space;
CBox &box = CBoxes::GetInstance().GetBox(msg->str1);
if (box.GetName().IsEmpty()) {
@ -892,8 +898,8 @@ void CMessageDialog::DoRecovery()
return;
}
if (wcsncmp(space, L"*AUTOPLAY*", 10) == 0) {
DoAutoPlay(box, space[10]);
if (wcsncmp(msg->str2, L"*AUTOPLAY*", 10) == 0) {
DoAutoPlay(box, msg->str2[10]);
delete msg;
return;
}
@ -904,7 +910,7 @@ void CMessageDialog::DoRecovery()
}
m_qr_box = box.GetName();
m_qr = new CQuickRecover(m_pParentWnd, m_qr_box, space, QR_AUTO);
m_qr = new CQuickRecover(m_pParentWnd, m_qr_box, msg->str2, QR_AUTO);
MyDoModal(m_qr);
delete m_qr;

12
Sandboxie/apps/control/MonitorDialog.cpp
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -114,14 +115,17 @@ void CMonitorDialog::OnIdle()
ULONG seq_num = m_last_entry_seq_num;
USHORT type;
ULONG64 pid;
SbieApi_MonitorGetEx(&seq_num, &type, &pid, &name[12]);
if ((! type) || (! name[12]))
break;
ULONG status = SbieApi_MonitorGetEx(&seq_num, &type, &pid, &name[12]);
if (status != 0)
break; // error or no more entries
if(seq_num != m_last_entry_seq_num + 1)
SbieApi_Log(MSG_1242, L"Resource access logger overflow!"); // MSG_MONITOR_OVERFLOW
SbieApi_Log(MSG_1242, NULL); // MSG_MONITOR_OVERFLOW
m_last_entry_seq_num = seq_num;
if ((!type) || (!name[12]))
break;
// privacy protection, hide username
while (m_username_len) {
WCHAR *username_ptr = wcsstr(&name[12], m_username);

2
Sandboxie/apps/ldr/global.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2020, David Xanatos
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

2
Sandboxie/apps/ldr/main.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2020, David Xanatos
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/apps/start/start.cpp
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/common/crc.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

7
Sandboxie/common/my_version.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -20,9 +21,9 @@
#ifndef _MY_VERSION_H
#define _MY_VERSION_H
#define MY_VERSION_BINARY 5,44,1
#define MY_VERSION_STRING "5.44.1"
#define MY_VERSION_COMPAT "5.44.1" // this reffers to the driver ABI compatybility
#define MY_VERSION_BINARY 5,45,0
#define MY_VERSION_STRING "5.45.0"
#define MY_VERSION_COMPAT "5.45.0" // this reffers to the driver ABI compatybility
// These #defines are used by either Resource Compiler, or by NSIC installer
#define SBIE_INSTALLER_PATH "..\\Bin\\"

1
Sandboxie/common/win32_ntddk.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/acscmonitor.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

74
Sandboxie/core/dll/callsvc.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -326,6 +327,78 @@ _FX MSG_HEADER *SbieDll_CallServer(MSG_HEADER *req)
}
//---------------------------------------------------------------------------
// SbieDll_CallServerQueue
//---------------------------------------------------------------------------
_FX void *SbieDll_CallServerQueue(const WCHAR* queue, void *req, ULONG req_len, ULONG rpl_min_len)
{
//static ULONG _Ticks = 0;
//static ULONG _Ticks1 = 0;
WCHAR QueueName[64];
NTSTATUS status;
ULONG req_id;
ULONG data_len;
void *data;
HANDLE event;
//ULONG Ticks0 = GetTickCount();
/*if (1) {
WCHAR txt[128];
Sbie_snwprintf(txt, 128, L"Request command is %08X\n", *(ULONG *)req);
OutputDebugString(txt);
}*/
Sbie_snwprintf(QueueName, 64, L"*%s_%08X", queue, Dll_SessionId);
status = SbieDll_QueuePutReq(QueueName, req, req_len, &req_id, &event);
if (NT_SUCCESS(status)) {
if (WaitForSingleObject(event, 60 * 1000) != 0)
status = STATUS_TIMEOUT;
CloseHandle(event);
}
if (status == 0) {
status = SbieDll_QueueGetRpl(QueueName, req_id, &data, &data_len);
if (NT_SUCCESS(status)) {
if (data_len >= sizeof(ULONG) && *(ULONG *)data) {
status = *(ULONG *)data;
}
else if (data_len >= rpl_min_len) {
/*_Ticks += GetTickCount() - Ticks0;
if (_Ticks > _Ticks1 + 1000) {
WCHAR txt[128];
Sbie_snwprintf(txt, 128, L"Already spent %d ticks in gui\n", _Ticks);
OutputDebugString(txt);
_Ticks1 = _Ticks;
}*/
return data;
}
else
status = STATUS_INFO_LENGTH_MISMATCH;
Dll_Free(data);
}
}
SbieApi_Log(2203, L"%S - %S [%08X]", QueueName, Dll_ImageName, status);
SetLastError(ERROR_SERVER_DISABLED);
return NULL;
}
//---------------------------------------------------------------------------
// SbieDll_FreeMem
//---------------------------------------------------------------------------
@ -763,3 +836,4 @@ _FX BOOL SbieDll_RunSandboxed(
SetLastError(err);
return ok;
}

1
Sandboxie/core/dll/com.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/dll.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/dllhook.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/dllmain.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/dllmem.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

58
Sandboxie/core/dll/file.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -25,6 +26,7 @@
#include <stdio.h>
#include <dbt.h>
#include "core/svc/FileWire.h"
#include "core/svc/InteractiveWire.h"
//---------------------------------------------------------------------------
@ -199,6 +201,8 @@ static NTSTATUS File_MigrateFile(
const WCHAR *TruePath, const WCHAR *CopyPath,
BOOLEAN IsWritePath, BOOLEAN WithContents);
static const BOOLEAN File_MigrateFile_ManualBypass(const WCHAR *TruePath, ULONGLONG file_size);
static const WCHAR *File_MigrateFile_ShouldBypass(const WCHAR *TruePath);
static NTSTATUS File_CopyShortName(
@ -3979,7 +3983,7 @@ _FX NTSTATUS File_MigrateFile(
UNICODE_STRING objname;
IO_STATUS_BLOCK IoStatusBlock;
FILE_NETWORK_OPEN_INFORMATION open_info;
ULONG file_size;
ULONGLONG file_size;
ACCESS_MASK DesiredAccess;
ULONG CreateOptions;
@ -4042,15 +4046,14 @@ _FX NTSTATUS File_MigrateFile(
File_InitCopyLimit();
}
file_size = open_info.EndOfFile.LowPart;
file_size = open_info.EndOfFile.QuadPart;
if (open_info.EndOfFile.HighPart != 0 ||
file_size > (File_CopyLimitKb * 1024)) {
if (File_CopyLimitKb != -1 && file_size > (File_CopyLimitKb * 1024)) {
const WCHAR *TruePathName =
File_MigrateFile_ShouldBypass(TruePath);
if (TruePathName) {
if (TruePathName && !File_MigrateFile_ManualBypass(TruePath, file_size)) {
NtClose(TrueHandle);
@ -4059,7 +4062,7 @@ _FX NTSTATUS File_MigrateFile(
ULONG TruePathNameLen = wcslen(TruePathName);
WCHAR *text = Dll_AllocTemp(
(TruePathNameLen + 64) * sizeof(WCHAR));
Sbie_snwprintf(text, (TruePathNameLen + 64), L"%s [%s / %d]",
Sbie_snwprintf(text, (TruePathNameLen + 64), L"%s [%s / %I64u]",
TruePathName, Dll_BoxName, file_size);
SbieApi_Log(2102, text);
@ -4108,6 +4111,8 @@ _FX NTSTATUS File_MigrateFile(
if (file_size) {
ULONG Next_Status = GetTickCount() + 3000; // wait 3 seconds
void *buffer = Dll_AllocTemp(PAGE_SIZE);
if (! buffer) {
status = STATUS_INSUFFICIENT_RESOURCES;
@ -4117,7 +4122,7 @@ _FX NTSTATUS File_MigrateFile(
while (file_size > 0) {
ULONG buffer_size =
(file_size > PAGE_SIZE) ? PAGE_SIZE : file_size;
(file_size > PAGE_SIZE) ? PAGE_SIZE : (ULONG)file_size;
status = NtReadFile(
TrueHandle, NULL, NULL, NULL, &IoStatusBlock,
@ -4126,7 +4131,7 @@ _FX NTSTATUS File_MigrateFile(
if (NT_SUCCESS(status)) {
buffer_size = (ULONG)IoStatusBlock.Information;
file_size -= buffer_size;
file_size -= (ULONGLONG)buffer_size;
status = NtWriteFile(
CopyHandle, NULL, NULL, NULL, &IoStatusBlock,
@ -4135,6 +4140,16 @@ _FX NTSTATUS File_MigrateFile(
if (! NT_SUCCESS(status))
break;
ULONG Cur_Ticks = GetTickCount();
if (Next_Status < Cur_Ticks) {
Next_Status = Cur_Ticks + 1000; // update prgress every second
WCHAR size_str[32];
Sbie_snwprintf(size_str, 32, L"%I64u", file_size);
const WCHAR* strings[] = { Dll_BoxName, TruePath, size_str, NULL };
SbieApi_LogMsgExt(2198, strings);
}
}
if (buffer)
@ -4178,6 +4193,32 @@ _FX NTSTATUS File_MigrateFile(
}
//---------------------------------------------------------------------------
// File_MigrateFile_ManualBypass
//---------------------------------------------------------------------------
_FX const BOOLEAN File_MigrateFile_ManualBypass(const WCHAR *TruePath, ULONGLONG file_size)
{
MAN_FILE_MIGRATION_REQ req;
MAN_FILE_MIGRATION_RPL *rpl = NULL;
BOOLEAN ok = FALSE;
req.msgid = MAN_FILE_MIGRATION;
req.file_size = file_size;
wcscpy(req.file_path, TruePath);
rpl = SbieDll_CallServerQueue(INTERACTIVE_QUEUE_NAME, &req, sizeof(req), sizeof(*rpl));
if (rpl)
{
ok = rpl->retval != 0;
Dll_Free(rpl);
}
return ok;
}
//---------------------------------------------------------------------------
// File_MigrateFile_ShouldBypass
//---------------------------------------------------------------------------
@ -4185,6 +4226,7 @@ _FX NTSTATUS File_MigrateFile(
_FX const WCHAR *File_MigrateFile_ShouldBypass(const WCHAR *TruePath)
{
// todo: load this list from file
static const WCHAR *_names[] = {
// firefox
L"places.sqlite", L"xul.mfl",

7
Sandboxie/core/dll/file_dir.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -3534,8 +3535,10 @@ _FX void File_DoAutoRecover_2(BOOLEAN force, ULONG ticks)
if (send2199) {
WCHAR *colon = wcschr(rec->path, L':');
if (! colon)
SbieApi_Log2199(rec->path);
if (!colon) {
const WCHAR* strings[] = { Dll_BoxName, rec->path, NULL };
SbieApi_LogMsgExt(2199, strings);
}
List_Remove(&File_RecPaths, rec);
}

7
Sandboxie/core/dll/file_init.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -1517,7 +1518,7 @@ _FX void File_InitCopyLimit(void)
if (SetMaxCopyLimit) {
File_CopyLimitKb = 99999999;
File_CopyLimitKb = -1;
File_CopyLimitSilent = FALSE;
return;
}
@ -1529,9 +1530,9 @@ _FX void File_InitCopyLimit(void)
status = SbieApi_QueryConfAsIs(
NULL, _CopyLimitKb, 0, str, sizeof(str) - sizeof(WCHAR));
if (NT_SUCCESS(status)) {
ULONG num = _wtoi(str);
ULONGLONG num = _wtoi64(str);
if (num)
File_CopyLimitKb = num;
File_CopyLimitKb = (num > 0x000000007fffffff) ? -1 : (ULONG)num;
else
SbieApi_Log(2207, _CopyLimitKb);
}

1
Sandboxie/core/dll/file_misc.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

48
Sandboxie/core/dll/file_pipe.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -78,6 +79,8 @@ static BOOLEAN File_IsPipeSuffix(const WCHAR *ptr);
static ULONG File_IsNamedPipe(const WCHAR *path, const WCHAR **server);
static const BOOLEAN File_InternetBlockade_ManualBypass();
static NTSTATUS File_NtCreateFilePipe(
HANDLE *FileHandle,
ACCESS_MASK DesiredAccess,
@ -253,9 +256,12 @@ _FX ULONG File_IsNamedPipe(const WCHAR *path, const WCHAR **server)
if (len >= 10 && _wcsnicmp(path, File_Mup, 8) == 0) {
if (SbieApi_CheckInternetAccess(NULL, path + 8, TRUE) ==
STATUS_ACCESS_DENIED)
return TYPE_NET_DEVICE;
BOOLEAN prompt = SbieApi_QueryConfBool(NULL, L"PromptForInternetAccess", FALSE);
if (SbieApi_CheckInternetAccess(NULL, path + 8, !prompt) == STATUS_ACCESS_DENIED
&& (!prompt || !File_InternetBlockade_ManualBypass())) {
return TYPE_NET_DEVICE;
}
}
//
@ -266,6 +272,42 @@ _FX ULONG File_IsNamedPipe(const WCHAR *path, const WCHAR **server)
}
//---------------------------------------------------------------------------
// File_InternetBlockade_ManualBypass
//---------------------------------------------------------------------------
_FX const BOOLEAN File_InternetBlockade_ManualBypass()
{
MAN_INET_BLOCKADE_REQ req;
MAN_INET_BLOCKADE_RPL *rpl = NULL;
BOOLEAN ok = FALSE;
req.msgid = MAN_INET_BLOCKADE;
rpl = SbieDll_CallServerQueue(INTERACTIVE_QUEUE_NAME, &req, sizeof(req), sizeof(*rpl));
if (rpl)
{
ok = rpl->retval != 0;
Dll_Free(rpl);
}
else if(SbieApi_QueryConfBool(NULL, L"NotifyInternetAccessDenied", TRUE))
SbieApi_Log(1307, L"%s [%s]", Dll_ImageName, Dll_BoxName);
//
// Note: the granting process must notify the driver about the exemption
// and we must ask the driver to update the open/closed path lists
//
if (ok)
{
Dll_RefreshPathList();
}
return ok;
}
//---------------------------------------------------------------------------
// File_NtCreateMailslotFile
//---------------------------------------------------------------------------

1
Sandboxie/core/dll/gdi.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/gui.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/guiclass.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/guicon.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/guihook.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/guimisc.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/hook.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/hook_inst.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/hook_tramp.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/ipc.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/ipc_start.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/ldr_init.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

3
Sandboxie/core/dll/lowlevel_inject.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/net.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/obj.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/proc.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

165
Sandboxie/core/dll/sbieapi.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -286,7 +287,7 @@ _FX LONG SbieApi_GetWork(
//---------------------------------------------------------------------------
_FX LONG SbieApi_GetMessage(
_FX ULONG SbieApi_GetMessage(
ULONG* MessageNum,
ULONG SessionId,
ULONG *MessageId,
@ -365,10 +366,7 @@ _FX LONG SbieApi_vLogEx(
const WCHAR *format,
va_list va_args)
{
NTSTATUS status;
__declspec(align(8)) UNICODE_STRING64 msgtext;
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_LOG_MESSAGE_ARGS *args = (API_LOG_MESSAGE_ARGS *)parms;
NTSTATUS status;
UCHAR *tmp1, *tmp2;
// make sure to allocate at least twice API_LOG_MESSAGE_MAX_LEN
@ -386,16 +384,8 @@ _FX LONG SbieApi_vLogEx(
*tmp2 = '\0';
Sbie_snwprintf((WCHAR *)tmp1, 510, L"%S", tmp2);
msgtext.Buffer = (ULONG_PTR)tmp1;
msgtext.Length = (USHORT)wcslen((WCHAR *)msgtext.Buffer) * sizeof(WCHAR);
msgtext.MaximumLength = msgtext.Length + sizeof(WCHAR);
memzero(parms, sizeof(parms));
args->func_code = API_LOG_MESSAGE;
args->session_id.val = session_id;
args->msgid.val = msgid;
args->msgtext.val = &msgtext;
status = SbieApi_Ioctl(parms);
status = SbieApi_LogMsgEx(session_id, msgid, (WCHAR*)tmp1, (USHORT)wcslen((WCHAR *)tmp1) * sizeof(WCHAR));
Dll_Free(tmp1);
@ -404,46 +394,76 @@ _FX LONG SbieApi_vLogEx(
//---------------------------------------------------------------------------
// SbieApi_Log2199
// SbieApi_LogMsgEx
//---------------------------------------------------------------------------
_FX LONG SbieApi_Log2199(const WCHAR *path)
_FX LONG SbieApi_LogMsgEx(
ULONG session_id,
ULONG msgid,
const WCHAR* msg_data,
USHORT msg_len)
{
NTSTATUS status;
__declspec(align(8)) UNICODE_STRING64 msgtext;
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_LOG_MESSAGE_ARGS *args = (API_LOG_MESSAGE_ARGS *)parms;
ULONG len;
NTSTATUS status;
__declspec(align(8)) UNICODE_STRING64 msgtext;
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_LOG_MESSAGE_ARGS *args = (API_LOG_MESSAGE_ARGS *)parms;
len = (wcslen(Dll_BoxName) + wcslen(path) + 4) * sizeof(WCHAR);
if (len < API_LOG_MESSAGE_MAX_LEN) {
//
// the msg_data can contain multiple strings separated by L'\0' charakters
//
WCHAR *tmp, *tmp2;
tmp = Dll_AllocTemp(len);
wcscpy(tmp, Dll_BoxName);
tmp2 = tmp + wcslen(tmp);
*tmp2 = L' ';
++tmp2;
wcscpy(tmp2, path);
msgtext.Buffer = (ULONG_PTR)msg_data;
msgtext.Length = msg_len;
msgtext.MaximumLength = msgtext.Length + sizeof(WCHAR);
msgtext.Buffer = (ULONG_PTR)tmp;
msgtext.Length = (USHORT)wcslen(tmp) * sizeof(WCHAR);
msgtext.MaximumLength = msgtext.Length + sizeof(WCHAR);
memzero(parms, sizeof(parms));
args->func_code = API_LOG_MESSAGE;
args->session_id.val = session_id;
args->msgid.val = msgid;
args->msgtext.val = &msgtext;
//args->process_id.val =
status = SbieApi_Ioctl(parms);
memzero(parms, sizeof(parms));
args->func_code = API_LOG_MESSAGE;
args->session_id.val = -1;
args->msgid.val = 2199;
args->msgtext.val = &msgtext;
status = SbieApi_Ioctl(parms);
return status;
}
Dll_Free(tmp);
} else
status = STATUS_INSUFFICIENT_RESOURCES;
//---------------------------------------------------------------------------
// SbieApi_LogMsgExt
//---------------------------------------------------------------------------
return status;
_FX LONG SbieApi_LogMsgExt(
ULONG msgid,
const WCHAR** strings)
{
NTSTATUS status;
ULONG size = 0;
for (const WCHAR** string = strings; *string != NULL; string++)
size += (wcslen(*string) + 1) * sizeof(WCHAR); // include null char
if (size < API_LOG_MESSAGE_MAX_LEN) {
WCHAR *buff, *temp;
temp = buff = Dll_AllocTemp(size);
for (const WCHAR** string = strings; *string != NULL; string++) {
ULONG len = wcslen(*string) + 1;
wmemcpy(temp, *string, len);
temp += len;
}
status = SbieApi_LogMsgEx(-1, msgid, buff, (USHORT)size);
Dll_Free(buff);
}
else
status = STATUS_INSUFFICIENT_RESOURCES;
return status;
}
@ -1390,9 +1410,9 @@ _FX LONG SbieApi_MonitorPut(
API_MONITOR_GET_PUT_ARGS *args = (API_MONITOR_GET_PUT_ARGS *)parms;
args->func_code = API_MONITOR_PUT;
args->name_type.val64 = (ULONG64)(ULONG_PTR)&Type;
args->name_len.val64 = wcslen(Name) * sizeof(WCHAR);
args->name_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
args->log_type.val64 = (ULONG64)(ULONG_PTR)&Type;
args->log_len.val64 = wcslen(Name) * sizeof(WCHAR);
args->log_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
status = SbieApi_Ioctl(parms);
return status;
@ -1413,9 +1433,9 @@ _FX LONG SbieApi_MonitorPut2(
API_MONITOR_PUT2_ARGS *args = (API_MONITOR_PUT2_ARGS *)parms;
args->func_code = API_MONITOR_PUT2;
args->name_type.val64 = (ULONG64)(ULONG_PTR)&Type;
args->name_len.val64 = wcslen(Name) * sizeof(WCHAR);
args->name_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
args->log_type.val64 = (ULONG64)(ULONG_PTR)&Type;
args->log_len.val64 = wcslen(Name) * sizeof(WCHAR);
args->log_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
args->check_object_exists.val64 = bCheckObjectExists;
status = SbieApi_Ioctl(parms);
@ -1437,9 +1457,9 @@ _FX LONG SbieApi_MonitorGet(
API_MONITOR_GET_PUT_ARGS *args = (API_MONITOR_GET_PUT_ARGS *)parms;
args->func_code = API_MONITOR_GET;
args->name_type.val64 = (ULONG64)(ULONG_PTR)Type;
args->name_len.val64 = 256 * sizeof(WCHAR);
args->name_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
args->log_type.val64 = (ULONG64)(ULONG_PTR)Type;
args->log_len.val64 = 256 * sizeof(WCHAR);
args->log_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
status = SbieApi_Ioctl(parms);
if (! NT_SUCCESS(status)) {
@ -1469,11 +1489,11 @@ _FX LONG SbieApi_MonitorGetEx(
API_MONITOR_GET_EX_ARGS *args = (API_MONITOR_GET_EX_ARGS *)parms;
args->func_code = API_MONITOR_GET_EX;
args->name_seq.val64 = (ULONG64)(ULONG_PTR)SeqNum;
args->name_type.val64 = (ULONG64)(ULONG_PTR)Type;
args->name_pid.val64 = (ULONG64)(ULONG_PTR)Pid;
args->name_len.val64 = 256 * sizeof(WCHAR);
args->name_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
args->log_seq.val64 = (ULONG64)(ULONG_PTR)SeqNum;
args->log_type.val64 = (ULONG64)(ULONG_PTR)Type;
args->log_pid.val64 = (ULONG64)(ULONG_PTR)Pid;
args->log_len.val64 = 256 * sizeof(WCHAR);
args->log_ptr.val64 = (ULONG64)(ULONG_PTR)Name;
status = SbieApi_Ioctl(parms);
if (!NT_SUCCESS(status)) {
@ -1617,3 +1637,34 @@ _FX LONG SbieApi_SetLowLabelKey(
return status;
}
//---------------------------------------------------------------------------
// SbieApi_MonitorControl
//---------------------------------------------------------------------------
_FX LONG SbieApi_ProcessExemptionControl(
HANDLE process_id,
ULONG action_id,
ULONG *NewState,
ULONG *OldState)
{
NTSTATUS status;
__declspec(align(8)) ULONG64 parms[API_NUM_ARGS];
API_PROCESS_EXEMPTION_CONTROL_ARGS *args = (API_PROCESS_EXEMPTION_CONTROL_ARGS *)parms;
memzero(parms, sizeof(parms));
args->func_code = API_PROCESS_EXEMPTION_CONTROL;
args->process_id.val = process_id;
args->action_id.val = action_id;
args->set_flag.val64 = (ULONG64)(ULONG_PTR)NewState;
args->get_flag.val64 = (ULONG64)(ULONG_PTR)OldState;
status = SbieApi_Ioctl(parms);
if (!NT_SUCCESS(status)) {
if (OldState)
*OldState = FALSE;
}
return status;
}

17
Sandboxie/core/dll/sbieapi.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -69,7 +70,7 @@ LONG SbieApi_GetWork(
ULONG *Length);*/
SBIEAPI_EXPORT
LONG SbieApi_GetMessage(
ULONG SbieApi_GetMessage(
ULONG* MessageNum,
ULONG SessionId,
ULONG *MessageId,
@ -86,7 +87,11 @@ SBIEAPI_EXPORT LONG SbieApi_LogEx(
SBIEAPI_EXPORT LONG SbieApi_vLogEx(
ULONG session_id, ULONG msgid, const WCHAR *format, va_list va_args);
LONG SbieApi_Log2199(const WCHAR *path);
SBIEAPI_EXPORT LONG SbieApi_LogMsgEx(
ULONG session_id, ULONG msgid, const WCHAR* msg_data, USHORT msg_len);
SBIEAPI_EXPORT LONG SbieApi_LogMsgExt(
ULONG msgid, const WCHAR** strings);
SBIEAPI_EXPORT
LONG SbieApi_GetHomePath(
@ -353,6 +358,14 @@ LONG SbieApi_GetUnmountHive(
//---------------------------------------------------------------------------
SBIEAPI_EXPORT
LONG SbieApi_ProcessExemptionControl(
HANDLE process_id,
ULONG action_id,
ULONG *NewState,
ULONG *OldState);
//---------------------------------------------------------------------------
#ifdef __cplusplus
}

5
Sandboxie/core/dll/sbiedll.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -111,7 +112,6 @@ SBIEDLL_EXPORT BOOL SbieDll_RunSandboxed(
const WCHAR *box_name, const WCHAR *cmd, const WCHAR *dir,
ULONG creation_flags, STARTUPINFO *si, PROCESS_INFORMATION *pi);
//---------------------------------------------------------------------------
// Functions (CallSvc)
//---------------------------------------------------------------------------
@ -122,6 +122,9 @@ SBIEDLL_EXPORT const WCHAR *SbieDll_PortName(void);
SBIEDLL_EXPORT struct _MSG_HEADER *SbieDll_CallServer(
struct _MSG_HEADER *req);
SBIEDLL_EXPORT void *SbieDll_CallServerQueue(
const WCHAR* queue, void *req, ULONG req_len, ULONG rpl_min_len);
SBIEDLL_EXPORT void SbieDll_FreeMem(void *data);
SBIEDLL_EXPORT ULONG SbieDll_QueueCreate(

1
Sandboxie/core/dll/scm.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/scm_create.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/sh.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/support.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/sxs.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/sysinfo.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/dll/taskbar.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

18
Sandboxie/core/drv/SboxDrv.vcxproj
View File

@ -233,6 +233,12 @@
</PostBuildEvent>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\..\common\list.c">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">true</ExcludedFromBuild>
</ClCompile>
<ClCompile Include="..\..\common\pattern.c">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">true</ExcludedFromBuild>
@ -382,6 +388,18 @@
</CustomBuild>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\common\list.h">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">true</ExcludedFromBuild>
</ClInclude>
<ClInclude Include="..\..\common\my_version.h">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">true</ExcludedFromBuild>
</ClInclude>
<ClInclude Include="..\..\common\pattern.h">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">true</ExcludedFromBuild>

137
Sandboxie/core/drv/SboxDrv.vcxproj.filters Normal file
View File

@ -0,0 +1,137 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<ClCompile Include="api.c" />
<ClCompile Include="box.c" />
<ClCompile Include="conf.c" />
<ClCompile Include="conf_expand.c" />
<ClCompile Include="conf_user.c" />
<ClCompile Include="dll.c" />
<ClCompile Include="driver.c" />
<ClCompile Include="file.c" />
<ClCompile Include="file_flt.c" />
<ClCompile Include="file_xlat.c" />
<ClCompile Include="gui.c" />
<ClCompile Include="includes.c" />
<ClCompile Include="ipc.c" />
<ClCompile Include="ipc_port.c" />
<ClCompile Include="ipc_spl.c" />
<ClCompile Include="key.c" />
<ClCompile Include="log.c" />
<ClCompile Include="mem.c" />
<ClCompile Include="obj.c" />
<ClCompile Include="process.c" />
<ClCompile Include="process_api.c" />
<ClCompile Include="process_force.c" />
<ClCompile Include="process_low.c" />
<ClCompile Include="process_util.c" />
<ClCompile Include="log_buff.c" />
<ClCompile Include="session.c" />
<ClCompile Include="syscall.c" />
<ClCompile Include="syscall_32.c" />
<ClCompile Include="syscall_64.c" />
<ClCompile Include="syscall_open.c" />
<ClCompile Include="thread.c" />
<ClCompile Include="token.c" />
<ClCompile Include="util.c" />
<ClCompile Include="file_xp.c">
<Filter>xp</Filter>
</ClCompile>
<ClCompile Include="gui_xp.c">
<Filter>xp</Filter>
</ClCompile>
<ClCompile Include="key_flt.c">
<Filter>xp</Filter>
</ClCompile>
<ClCompile Include="key_xp.c">
<Filter>xp</Filter>
</ClCompile>
<ClCompile Include="obj_xp.c">
<Filter>xp</Filter>
</ClCompile>
<ClCompile Include="hook_64.c">
<Filter>hook</Filter>
</ClCompile>
<ClCompile Include="hook_32.c">
<Filter>hook</Filter>
</ClCompile>
<ClCompile Include="hook.c">
<Filter>hook</Filter>
</ClCompile>
<ClCompile Include="thread_token.c" />
<ClCompile Include="process_hook.c">
<Filter>hook</Filter>
</ClCompile>
<ClCompile Include="..\..\common\pattern.c">
<Filter>common</Filter>
</ClCompile>
<ClCompile Include="..\dll\hook_inst.c">
<Filter>hook</Filter>
</ClCompile>
<ClCompile Include="..\dll\hook_tramp.c">
<Filter>hook</Filter>
</ClCompile>
<ClCompile Include="..\..\common\list.c">
<Filter>common</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="alpc.h" />
<ClInclude Include="api.h" />
<ClInclude Include="api_defs.h" />
<ClInclude Include="api_flags.h" />
<ClInclude Include="box.h" />
<ClInclude Include="conf.h" />
<ClInclude Include="dll.h" />
<ClInclude Include="driver.h" />
<ClInclude Include="file.h" />
<ClInclude Include="gui.h" />
<ClInclude Include="ipc.h" />
<ClInclude Include="key.h" />
<ClInclude Include="log.h" />
<ClInclude Include="mem.h" />
<ClInclude Include="my_fltkernel.h" />
<ClInclude Include="my_winnt.h" />
<ClInclude Include="obj.h" />
<ClInclude Include="process.h" />
<ClInclude Include="log_buff.h" />
<ClInclude Include="session.h" />
<ClInclude Include="syscall.h" />
<ClInclude Include="thread.h" />
<ClInclude Include="token.h" />
<ClInclude Include="util.h" />
<ClInclude Include="hook.h">
<Filter>hook</Filter>
</ClInclude>
<ClInclude Include="..\..\common\pattern.h">
<Filter>common</Filter>
</ClInclude>
<ClInclude Include="..\dll\hook.h">
<Filter>hook</Filter>
</ClInclude>
<ClInclude Include="..\..\common\list.h">
<Filter>common</Filter>
</ClInclude>
<ClInclude Include="..\..\common\my_version.h">
<Filter>common</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<CustomBuild Include="aulldvrm.asm" />
<CustomBuild Include="util_asm.asm" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="resource.rc" />
</ItemGroup>
<ItemGroup>
<Filter Include="xp">
<UniqueIdentifier>{7b01653b-c8d7-4ad8-90f8-46b5893113dc}</UniqueIdentifier>
</Filter>
<Filter Include="hook">
<UniqueIdentifier>{863722d1-e0f8-4c06-892f-40ea71ab98f1}</UniqueIdentifier>
</Filter>
<Filter Include="common">
<UniqueIdentifier>{73d2a54c-a013-4184-b5e6-74b565ecc048}</UniqueIdentifier>
</Filter>
</ItemGroup>
</Project>

172
Sandboxie/core/drv/api.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -68,6 +69,8 @@ static NTSTATUS Api_GetHomePath(PROCESS *proc, ULONG64 *parms);
static NTSTATUS Api_SetServicePort(PROCESS *proc, ULONG64 *parms);
static NTSTATUS Api_ProcessExemptionControl(PROCESS *proc, ULONG64 *parms);
//---------------------------------------------------------------------------
@ -187,6 +190,8 @@ _FX BOOLEAN Api_Init(void)
//Api_SetFunction(API_HOOK_TRAMP, Hook_Api_Tramp);
Api_SetFunction(API_PROCESS_EXEMPTION_CONTROL, Api_ProcessExemptionControl);
if ((! Api_Functions) || (Api_Functions == (void *)-1))
return FALSE;
@ -575,6 +580,7 @@ _FX NTSTATUS Api_LogMessage(PROCESS *proc, ULONG64 *parms)
WCHAR *msgtext_buffer;
POOL *pool;
WCHAR *text;
HANDLE pid;
msgid = args->msgid.val;
if (msgid >= 2101 && msgid <= 2199)
@ -602,10 +608,16 @@ _FX NTSTATUS Api_LogMessage(PROCESS *proc, ULONG64 *parms)
return STATUS_INVALID_PARAMETER;
ProbeForRead(msgtext_buffer, msgtext_length, sizeof(WCHAR));
if (proc)
pool = proc->pool;
else
pool = Driver_Pool;
pid = (HANDLE)args->process_id.val;
if (proc) {
pool = proc->pool;
if (!pid) pid = proc->pid;
}
else {
pool = Driver_Pool;
if (!pid) pid = PsGetCurrentProcessId();
}
text = Mem_Alloc(pool, msgtext_length + 8);
if (! text)
return STATUS_INSUFFICIENT_RESOURCES;
@ -619,7 +631,7 @@ _FX NTSTATUS Api_LogMessage(PROCESS *proc, ULONG64 *parms)
if (status == STATUS_SUCCESS) {
text[msgtext_length / sizeof(WCHAR)] = L'\0';
Log_Popup_Msg(msgid, text, NULL, args->session_id.val, proc->pid);
Log_Popup_MsgEx(msgid, text, msgtext_length / sizeof(WCHAR), NULL, 0, args->session_id.val, pid);
}
Mem_Free(text, msgtext_length + 8);
@ -689,7 +701,7 @@ _FX NTSTATUS Api_GetMessage(PROCESS *proc, ULONG64 *parms)
WCHAR *msgtext_buffer;
KIRQL irql;
if (proc)
if (proc) // sandboxed processes can't read the log
return STATUS_NOT_IMPLEMENTED;
ProbeForRead(args->msg_num.val, sizeof(ULONG), sizeof(ULONG));
@ -711,52 +723,62 @@ _FX NTSTATUS Api_GetMessage(PROCESS *proc, ULONG64 *parms)
__try {
CHAR* read_ptr = log_buffer_get_next(*args->msg_num.val, Api_LogBuffer);
LOG_BUFFER_SEQ_T seq_number = *args->msg_num.val;
for (;;) {
if (!read_ptr) {
status = STATUS_NO_MORE_ENTRIES;
} else {
LOG_BUFFER_SIZE_T entry_size = log_buffer_get_size(&read_ptr, Api_LogBuffer);
LOG_BUFFER_SEQ_T seq_number = log_buffer_get_seq_num(&read_ptr, Api_LogBuffer);
*args->msg_num.val = seq_number;
//[session_id 4][process_id 4][error_code 4][string1 n*2][\0 2][string2 n*2][\0 2]
ULONG session_id;
log_buffer_get_bytes((CHAR*)&session_id, 4, &read_ptr, Api_LogBuffer);
ULONG process_id;
log_buffer_get_bytes((CHAR*)&process_id, 4, &read_ptr, Api_LogBuffer);
if (session_id == args->session_id.val) {
log_buffer_get_bytes((CHAR*)args->msgid.val, 4, &read_ptr, Api_LogBuffer);
SIZE_T msg_length = entry_size - (4 + 4);
if (args->process_id.val != NULL)
{
ProbeForWrite(args->process_id.val, sizeof(ULONG), sizeof(ULONG));
*args->process_id.val = process_id;
}
if (msg_length <= msgtext->MaximumLength)
{
msgtext->Length = (USHORT)msg_length;
ProbeForWrite(msgtext_buffer, msg_length, sizeof(WCHAR));
memcpy(msgtext_buffer, read_ptr, msg_length);
}
else
{
status = STATUS_BUFFER_TOO_SMALL;
}
} else {
// this entry is not for us, so we return an empty result to maintain sequence consistency
*args->msgid.val = 0;
CHAR* read_ptr = log_buffer_get_next(seq_number, Api_LogBuffer);
if (!read_ptr) {
status = STATUS_NO_MORE_ENTRIES;
break;
}
LOG_BUFFER_SIZE_T entry_size = log_buffer_get_size(&read_ptr, Api_LogBuffer);
seq_number = log_buffer_get_seq_num(&read_ptr, Api_LogBuffer);
//if (seq_number != *args->msg_num.val + 1) {
//
// status = STATUS_REQUEST_OUT_OF_SEQUENCE;
// *args->msg_num.val = seq_number - 1;
// break;
//}
//[session_id 4][process_id 4][error_code 4][string1 n*2][\0 2][string2 n*2][\0 2]...[stringN n*2][\0 2][\0 2]
ULONG session_id;
log_buffer_get_bytes((CHAR*)&session_id, 4, &read_ptr, Api_LogBuffer);
entry_size -= 4;
if (args->session_id.val != -1 && session_id != args->session_id.val) // Note: the service (session_id == -1) gets all the entries
continue;
ULONG process_id;
log_buffer_get_bytes((CHAR*)&process_id, 4, &read_ptr, Api_LogBuffer);
entry_size -= 4;
log_buffer_get_bytes((CHAR*)args->msgid.val, 4, &read_ptr, Api_LogBuffer);
entry_size -= 4;
if (args->process_id.val != NULL)
{
ProbeForWrite(args->process_id.val, sizeof(ULONG), sizeof(ULONG));
*args->process_id.val = process_id;
}
// we return all strings in one
if (entry_size <= msgtext->MaximumLength)
{
msgtext->Length = (USHORT)entry_size;
ProbeForWrite(msgtext_buffer, entry_size, sizeof(WCHAR));
memcpy(msgtext_buffer, read_ptr, entry_size);
}
else
{
status = STATUS_BUFFER_TOO_SMALL;
}
*args->msg_num.val = seq_number; // update when everything went fine
break;
}
} __except (EXCEPTION_EXECUTE_HANDLER) {
@ -1162,3 +1184,57 @@ _FX void Api_CopyStringToUser(
}
}
}
//---------------------------------------------------------------------------
// Ipc_Api_AllowSpoolerPrintToFile
//---------------------------------------------------------------------------
_FX NTSTATUS Api_ProcessExemptionControl(PROCESS *proc, ULONG64 *parms)
{
API_PROCESS_EXEMPTION_CONTROL_ARGS *pArgs = (API_PROCESS_EXEMPTION_CONTROL_ARGS *)parms;
ULONG *in_flag;
ULONG *out_flag;
if (proc) // is caller sandboxed?
return STATUS_ACCESS_DENIED;
if (pArgs->process_id.val == 0)
return STATUS_INVALID_PARAMETER;
proc = Process_Find(pArgs->process_id.val, NULL);
if (!proc || proc == PROCESS_TERMINATED)
return STATUS_NOT_FOUND;
in_flag = pArgs->set_flag.val;
if (in_flag) {
ProbeForRead(in_flag, sizeof(ULONG), sizeof(ULONG));
}
out_flag = pArgs->get_flag.val;
if (out_flag) {
ProbeForWrite(out_flag, sizeof(ULONG), sizeof(ULONG));
}
if(!in_flag && !out_flag)
return STATUS_INVALID_PARAMETER;
if (pArgs->action_id.val == 'splr')
{
if(in_flag)
proc->m_boolAllowSpoolerPrintToFile = *in_flag != 0;
if (out_flag)
*out_flag = proc->m_boolAllowSpoolerPrintToFile;
}
else if (pArgs->action_id.val == 'inet')
{
if(in_flag)
proc->AllowInternetAccess = *in_flag != 0;
if (out_flag)
*out_flag = proc->AllowInternetAccess;
}
else
return STATUS_INVALID_INFO_CLASS;
return 0;
}

1
Sandboxie/core/drv/api.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

40
Sandboxie/core/drv/api_defs.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -140,7 +141,7 @@ enum {
API_QUERY_SYSCALLS,
API_INVOKE_SYSCALL,
API_GUI_CLIPBOARD,
API_ALLOW_SPOOLER_PRINT_TO_FILE,
API_ALLOW_SPOOLER_PRINT_TO_FILE_DEPRECATED, // deprecated
API_RELOAD_CONF2,
API_MONITOR_PUT2,
API_GET_SPOOLER_PORT,
@ -149,6 +150,7 @@ enum {
API_SET_SMART_CARD_PORT,
API_MONITOR_GET_EX,
API_GET_MESSAGE,
API_PROCESS_EXEMPTION_CONTROL,
API_LAST
};
@ -203,6 +205,7 @@ API_ARGS_BEGIN(API_LOG_MESSAGE_ARGS)
API_ARGS_FIELD(ULONG,session_id)
API_ARGS_FIELD(ULONG,msgid)
API_ARGS_FIELD(UNICODE_STRING64 *,msgtext)
API_ARGS_FIELD(ULONG *, process_id)
API_ARGS_CLOSE(API_LOG_MESSAGE_ARGS)
API_ARGS_BEGIN(API_GET_MESSAGE_ARGS)
@ -315,23 +318,23 @@ API_ARGS_CLOSE(API_MONITOR_CONTROL_ARGS)
API_ARGS_BEGIN(API_MONITOR_GET_PUT_ARGS)
API_ARGS_FIELD(USHORT *,name_type)
API_ARGS_FIELD(ULONG,name_len)
API_ARGS_FIELD(WCHAR *,name_ptr)
API_ARGS_FIELD(USHORT *,log_type)
API_ARGS_FIELD(ULONG, log_len)
API_ARGS_FIELD(WCHAR *, log_ptr)
API_ARGS_CLOSE(API_MONITOR_GET_PUT_ARGS)
API_ARGS_BEGIN(API_MONITOR_GET_EX_ARGS)
API_ARGS_FIELD(ULONG *, name_seq)
API_ARGS_FIELD(USHORT *, name_type)
API_ARGS_FIELD(ULONG64 *, name_pid)
API_ARGS_FIELD(ULONG, name_len)
API_ARGS_FIELD(WCHAR *, name_ptr)
API_ARGS_FIELD(ULONG *, log_seq)
API_ARGS_FIELD(USHORT *, log_type)
API_ARGS_FIELD(ULONG64 *, log_pid)
API_ARGS_FIELD(ULONG, log_len)
API_ARGS_FIELD(WCHAR *, log_ptr)
API_ARGS_CLOSE(API_MONITOR_GET_EX_ARGS)
API_ARGS_BEGIN(API_MONITOR_PUT2_ARGS)
API_ARGS_FIELD(USHORT *,name_type)
API_ARGS_FIELD(ULONG,name_len)
API_ARGS_FIELD(WCHAR *,name_ptr)
API_ARGS_FIELD(USHORT *, log_type)
API_ARGS_FIELD(ULONG, log_len)
API_ARGS_FIELD(WCHAR *, log_ptr)
API_ARGS_FIELD(BOOLEAN,check_object_exists)
API_ARGS_CLOSE(API_MONITOR_PUT2_ARGS)
@ -408,9 +411,9 @@ API_ARGS_FIELD(WCHAR *,path_str)
API_ARGS_CLOSE(API_SET_LOW_LABEL_ARGS)
API_ARGS_BEGIN(API_ALLOW_SPOOLER_PRINT_TO_FILE_ARGS)
API_ARGS_FIELD(HANDLE,process_id)
API_ARGS_CLOSE(API_ALLOW_SPOOLER_PRINT_TO_FILE_ARGS)
//API_ARGS_BEGIN(API_ALLOW_SPOOLER_PRINT_TO_FILE_ARGS)
//API_ARGS_FIELD(HANDLE,process_id)
//API_ARGS_CLOSE(API_ALLOW_SPOOLER_PRINT_TO_FILE_ARGS)
API_ARGS_BEGIN(API_RELOAD_CONF2_ARGS)
@ -435,6 +438,13 @@ API_ARGS_FIELD(WCHAR *,port_name)
API_ARGS_FIELD(WCHAR *,full_port_name)
API_ARGS_CLOSE(API_SET_SMART_CARD_PORT_ARGS)
API_ARGS_BEGIN(API_PROCESS_EXEMPTION_CONTROL_ARGS)
API_ARGS_FIELD(HANDLE,process_id)
API_ARGS_FIELD(ULONG,action_id)
API_ARGS_FIELD(ULONG *,set_flag)
API_ARGS_FIELD(ULONG *,get_flag)
API_ARGS_CLOSE(API_PROCESS_EXEMPTION_CONTROL_ARGS)
#undef API_ARGS_BEGIN
#undef API_ARGS_FIELD
#undef API_ARGS_CLOSE

1
Sandboxie/core/drv/api_flags.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/drv/conf.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

7
Sandboxie/core/drv/driver.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -78,9 +79,9 @@ static void SbieDrv_DriverUnload(DRIVER_OBJECT *DriverObject);
const ULONG tzuk = 'xobs';
const WCHAR *Driver_S_1_5_18 = L"S-1-5-18";
const WCHAR *Driver_S_1_5_19 = L"S-1-5-19";
const WCHAR *Driver_S_1_5_20 = L"S-1-5-20";
const WCHAR *Driver_S_1_5_18 = L"S-1-5-18"; // System
const WCHAR *Driver_S_1_5_19 = L"S-1-5-19"; // Local Service
const WCHAR *Driver_S_1_5_20 = L"S-1-5-20"; // Network Service
DRIVER_OBJECT *Driver_Object;

18
Sandboxie/core/drv/file.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -750,6 +751,13 @@ _FX BOOLEAN File_BlockInternetAccess(PROCESS *proc)
BOOLEAN is_open, is_closed;
BOOLEAN ok;
//
// is this process excempted from the blocade
//
if (proc->AllowInternetAccess)
return TRUE;
//
// should we warn on access to internet resources
//
@ -2098,6 +2106,16 @@ _FX NTSTATUS File_Api_RefreshPathList(PROCESS *proc, ULONG64 *parms)
memcpy(&proc->closed_file_paths, &closed_paths, sizeof(LIST));
memcpy(&proc->read_file_paths, &read_paths, sizeof(LIST));
memcpy(&proc->write_file_paths, &write_paths, sizeof(LIST));
}
//
// now we need to re block the internet access
//
if (ok)
ok = File_BlockInternetAccess(proc);
if (ok) {
status = STATUS_SUCCESS;

1
Sandboxie/core/drv/file_flt.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/drv/gui.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/drv/gui_xp.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/drv/hook.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/drv/hook.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/drv/includes.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

63
Sandboxie/core/drv/ipc.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -194,7 +195,7 @@ _FX BOOLEAN Ipc_Init(void)
Api_SetFunction(API_CREATE_DIR_OR_LINK, Ipc_Api_CreateDirOrLink);
Api_SetFunction(API_OPEN_DEVICE_MAP, Ipc_Api_OpenDeviceMap);
Api_SetFunction(API_QUERY_SYMBOLIC_LINK, Ipc_Api_QuerySymbolicLink);
Api_SetFunction(API_ALLOW_SPOOLER_PRINT_TO_FILE, Ipc_Api_AllowSpoolerPrintToFile);
//Api_SetFunction(API_ALLOW_SPOOLER_PRINT_TO_FILE, Ipc_Api_AllowSpoolerPrintToFile);
#ifndef _WIN64
Api_SetFunction(API_SET_LSA_AUTH_PKG, Ipc_Api_SetLsaAuthPkg);
@ -748,32 +749,6 @@ _FX BOOLEAN Ipc_InitProcess(PROCESS *proc)
{
BOOLEAN ok = Ipc_InitPaths(proc);
//
// check Start/Run restrictions
// issue message SBIE1308 when Start/Run restrictions apply
//
if (ok) {
PATTERN *pattern = List_Head(&proc->closed_ipc_paths);
while (pattern) {
const WCHAR *source = Pattern_Source(pattern);
if (source[0] == L'*' && source[1] == L'\0') {
if (proc->ipc_warn_startrun) {
Process_LogMessage(proc, MSG_STARTRUN_ACCESS_DENIED);
proc->ipc_warn_startrun = FALSE;
}
return FALSE;
}
pattern = List_Next(pattern);
}
}
//
// finish
//
@ -782,6 +757,40 @@ _FX BOOLEAN Ipc_InitProcess(PROCESS *proc)
}
//---------------------------------------------------------------------------
// Ipc_IsRunRestricted
//---------------------------------------------------------------------------
_FX BOOLEAN Ipc_IsRunRestricted(PROCESS *proc)
{
//
// check Start/Run restrictions
// issue message SBIE1308 when Start/Run restrictions apply
//
PATTERN *pattern = List_Head(&proc->closed_ipc_paths);
while (pattern) {
const WCHAR *source = Pattern_Source(pattern);
if (source[0] == L'*' && source[1] == L'\0') {
if (proc->ipc_warn_startrun) {
Process_LogMessage(proc, MSG_STARTRUN_ACCESS_DENIED);
proc->ipc_warn_startrun = FALSE;
}
return TRUE;
}
pattern = List_Next(pattern);
}
return FALSE;
}
//---------------------------------------------------------------------------
// Ipc_CheckGenericObject
//---------------------------------------------------------------------------

7
Sandboxie/core/drv/ipc.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -64,6 +65,8 @@ void *Ipc_GetServerPort(void *Object);
BOOLEAN Ipc_InitProcess(PROCESS *proc);
BOOLEAN Ipc_IsRunRestricted(PROCESS *proc);
//---------------------------------------------------------------------------
@ -89,7 +92,7 @@ NTSTATUS Ipc_Api_GetSpoolerPort(PROCESS *proc, ULONG64 *parms);
NTSTATUS Ipc_Api_GetSpoolerPortFromPid(PROCESS *proc, ULONG64 *parms);
NTSTATUS Ipc_Api_AllowSpoolerPrintToFile(PROCESS *proc, ULONG64 *parms);
//NTSTATUS Ipc_Api_AllowSpoolerPrintToFile(PROCESS *proc, ULONG64 *parms);
NTSTATUS Ipc_Api_GetSpoolerPortFromPid(PROCESS *proc, ULONG64 *parms);
NTSTATUS Ipc_Api_GetWpadPortFromPid(PROCESS *proc, ULONG64 *parms);

1
Sandboxie/core/drv/ipc_port.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

33
Sandboxie/core/drv/ipc_spl.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -48,22 +49,22 @@ static const WCHAR *_rpc_control = L"\\RPC Control";
// Ipc_Api_AllowSpoolerPrintToFile
//---------------------------------------------------------------------------
_FX NTSTATUS Ipc_Api_AllowSpoolerPrintToFile(PROCESS *proc, ULONG64 *parms)
{
API_ALLOW_SPOOLER_PRINT_TO_FILE_ARGS *pArgs = (API_ALLOW_SPOOLER_PRINT_TO_FILE_ARGS *)parms;
if (Process_Find(NULL, NULL)) { // is caller sandboxed?
return STATUS_ACCESS_DENIED;
}
if (pArgs->process_id.val > 0)
{
PROCESS *proc = Process_Find(pArgs->process_id.val, NULL);
if (proc && proc != PROCESS_TERMINATED)
proc->m_boolAllowSpoolerPrintToFile = TRUE;
}
return 0;
}
//_FX NTSTATUS Ipc_Api_AllowSpoolerPrintToFile(PROCESS *proc, ULONG64 *parms)
//{
// API_ALLOW_SPOOLER_PRINT_TO_FILE_ARGS *pArgs = (API_ALLOW_SPOOLER_PRINT_TO_FILE_ARGS *)parms;
//
// if (Process_Find(NULL, NULL)) { // is caller sandboxed?
// return STATUS_ACCESS_DENIED;
// }
//
// if (pArgs->process_id.val > 0)
// {
// PROCESS *proc = Process_Find(pArgs->process_id.val, NULL);
// if (proc && proc != PROCESS_TERMINATED)
// proc->m_boolAllowSpoolerPrintToFile = TRUE;
// }
// return 0;
//}
_FX NTSTATUS Ipc_Api_GetSpoolerPortFromPid(PROCESS *proc, ULONG64 *parms)

1
Sandboxie/core/drv/key.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/drv/key_flt.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

50
Sandboxie/core/drv/log.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -103,24 +104,40 @@ _FX void Log_Event_Msg(
_FX void Log_Popup_Msg(
NTSTATUS error_code,
const WCHAR *string1,
const WCHAR *string2,
ULONG session_id,
NTSTATUS error_code,
const WCHAR *string1,
const WCHAR *string2,
ULONG session_id,
HANDLE pid)
{
ULONG string1_len, string2_len;
ULONG string1_len, string2_len;
if (string1)
string1_len = wcslen(string1);
else
string1_len = 0;
if (string1)
string1_len = wcslen(string1);
else
string1_len = 0;
if (string2)
string2_len = wcslen(string2);
else
string2_len = 0;
if (string2)
string2_len = wcslen(string2);
else
string2_len = 0;
Log_Popup_MsgEx(error_code, string1, string1_len, string2, string2_len, session_id, pid);
}
//---------------------------------------------------------------------------
// Log_Popup_MsgEx
//---------------------------------------------------------------------------
_FX void Log_Popup_MsgEx(
NTSTATUS error_code,
const WCHAR *string1, ULONG string1_len,
const WCHAR *string2, ULONG string2_len,
ULONG session_id,
HANDLE pid)
{
//
// log message to target session
//
@ -143,11 +160,10 @@ _FX void Log_Popup_Msg(
//
//Log_Popup_Msg_2(
Api_AddMessage(
error_code, string1, string1_len, string2, string2_len, -1, (ULONG)pid);
// error_code, string1, string1_len, string2, string2_len, -1, (ULONG)pid);
string1_len = 0;
Api_SendServiceMessage(SVC_LOG_MESSAGE, sizeof(ULONG), &string1_len);
ULONG data = 0;
Api_SendServiceMessage(SVC_LOG_MESSAGE, sizeof(ULONG), &data);
// DbgPrint("POPUP %04d %S %S\n", error_code & 0xFFFF, string1, string2);
}

8
Sandboxie/core/drv/log.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -122,6 +123,13 @@ void Log_Popup_Msg(
ULONG session_id,
HANDLE pid);
void Log_Popup_MsgEx(
NTSTATUS error_code,
const WCHAR *string1, ULONG string1_len,
const WCHAR *string2, ULONG string2_len,
ULONG session_id,
HANDLE pid);
void Log_Status_Ex(
NTSTATUS error_code,
ULONG error_subcode,

2
Sandboxie/core/drv/log_buff.c
View File

@ -132,7 +132,7 @@ CHAR* log_buffer_get_next(LOG_BUFFER_SEQ_T seq_number, LOG_BUFFER* ptr_buffer)
return NULL; // the last entry in the list is the last one we already got, return NULL
if (cur_number == seq_number + 1)
return read_ptr; // this entry is the one after the last oen we already got, return it
return read_ptr; // this entry is the one after the last one we already got, return it
size_left -= total_size;
}

3
Sandboxie/core/drv/my_fltkernel.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

8
Sandboxie/core/drv/my_winnt.h
View File

@ -253,8 +253,14 @@ typedef void(*P_KeRevertToUserAffinityThreadEx)(KAFFINITY Affinity);
#define PROCESS_QUERY_INFORMATION (0x0400)
#define PROCESS_SUSPEND_RESUME (0x0800)
#define PROCESS_QUERY_LIMITED_INFORMATION (0x1000) // vista
#define PROCESS_SET_LIMITED_INFORMATION (0x2000)
#if (NTDDI_VERSION >= NTDDI_VISTA)
#define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
0xFFF)
0xFFFF)
#else
#define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
0xFFF)
#endif
extern POBJECT_TYPE *PsProcessType;

62
Sandboxie/core/drv/process.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -512,7 +513,8 @@ _FX void Process_CreateTerminated(HANDLE ProcessId, ULONG SessionId)
if (pid_str.Buffer) {
RtlIntPtrToUnicodeString((ULONG_PTR)ProcessId, 10, &pid_str);
Log_Msg_Process(MSG_1211, pid_str.Buffer, NULL, SessionId, ProcessId);
if (SessionId != -1) // for StartRunAlertDenied
Log_Msg_Process(MSG_1211, pid_str.Buffer, NULL, SessionId, ProcessId);
Mem_Free(pid_str.Buffer, pid_str.MaximumLength);
}
@ -1017,6 +1019,10 @@ _FX void Process_NotifyProcess_Create(
if (! bHostInject)
{
WCHAR msg[48], *buf = msg;
buf += swprintf(buf, L"%s%c%d", new_proc->box->name, L'\0', (ULONG)ParentId) + 1;
Log_Popup_MsgEx(MSG_1399, new_proc->image_path, wcslen(new_proc->image_path), msg, (ULONG)(buf - msg), new_proc->box->session_id, ProcessId);
if (! add_process_to_job)
new_proc->parent_was_sandboxed = TRUE;
@ -1062,7 +1068,6 @@ _FX void Process_NotifyProcess_Create(
Process_Low_Inject(
pid, session_id, create_time, nptr1, add_process_to_job, bHostInject);
}
}
@ -1164,7 +1169,7 @@ _FX void Process_NotifyImage(
{
static const WCHAR *_Ntdll32 = L"\\syswow64\\ntdll.dll"; // 19 chars
PROCESS *proc;
ULONG fail = 0;
BOOLEAN ok;
//
// the notify routine is invoked for any image mapped for any purpose.
@ -1214,61 +1219,64 @@ _FX void Process_NotifyImage(
// create the sandbox space
//
ok = TRUE;
if (!proc->bHostInject)
{
if (!fail && !File_CreateBoxPath(proc))
fail = 0x01;
if (ok)
ok = File_CreateBoxPath(proc);
if (!fail && !Ipc_CreateBoxPath(proc))
fail = 0x02;
if (ok)
ok = Ipc_CreateBoxPath(proc);
if (!fail && !Key_MountHive(proc))
fail = 0x03;
if (ok)
ok = Key_MountHive(proc);
//
// initialize the filtering components
//
if (!fail && !File_InitProcess(proc))
fail = 0x04;
if (ok)
ok = File_InitProcess(proc);
if (!fail && !Key_InitProcess(proc))
fail = 0x05;
if (ok)
ok = Key_InitProcess(proc);
if (!fail && !Ipc_InitProcess(proc))
fail = 0x06;
if (ok)
ok = Ipc_InitProcess(proc);
if (!fail && !Gui_InitProcess(proc))
fail = 0x07;
if (ok)
ok = Gui_InitProcess(proc);
if (!fail && !Process_Low_InitConsole(proc))
fail = 0x08;
if (ok)
ok = Process_Low_InitConsole(proc);
if (!fail && !Token_ReplacePrimary(proc))
fail = 0x09;
if (ok)
ok = Token_ReplacePrimary(proc);
if (!fail && !Thread_InitProcess(proc))
fail = 0x0A;
if (ok)
ok = Thread_InitProcess(proc);
}
//
// terminate process if initialization failed
//
if (!fail) {
if (ok && !Ipc_IsRunRestricted(proc)) {
proc->initialized = TRUE;
} else {
Log_Status_Ex_Process(MSG_1231, fail, STATUS_UNSUCCESSFUL, NULL, proc->box->session_id, proc->pid);
if (!ok)
Log_Status_Ex_Process(MSG_1231, 0xA0, STATUS_UNSUCCESSFUL, NULL, proc->box->session_id, proc->pid);
proc->terminated = TRUE;
proc->reason = 0xA0 + fail;
proc->reason = ok ? -1 : 0;
Process_CancelProcess(proc);
}
//DbgPrint("IMAGE LOADED, PROCESS INITIALIZATION %d COMPLETE %d\n", proc->pid, !fail);
//DbgPrint("IMAGE LOADED, PROCESS INITIALIZATION %d COMPLETE %d\n", proc->pid, ok);
}

2
Sandboxie/core/drv/process.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -132,6 +133,7 @@ struct _PROCESS {
ULONG pipe_trace;
BOOLEAN file_warn_internet;
BOOLEAN file_warn_direct_access;
BOOLEAN AllowInternetAccess;
// key-related

34
Sandboxie/core/drv/process_api.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -304,6 +305,7 @@ _FX NTSTATUS Process_Api_QueryInfo(PROCESS *proc, ULONG64 *parms)
NTSTATUS status;
HANDLE ProcessId;
KIRQL irql;
BOOLEAN is_caller_sandboxed = FALSE;
//
// if a ProcessId was specified, then locate and lock the matching
@ -312,6 +314,7 @@ _FX NTSTATUS Process_Api_QueryInfo(PROCESS *proc, ULONG64 *parms)
ProcessId = args->process_id.val;
if (proc) {
is_caller_sandboxed = TRUE;
if (ProcessId == proc->pid || IS_ARG_CURRENT_PROCESS(ProcessId))
ProcessId = 0; // don't have to search for the current pid
} else {
@ -390,20 +393,25 @@ _FX NTSTATUS Process_Api_QueryInfo(PROCESS *proc, ULONG64 *parms)
} else if (args->info_type.val == 'ptok') {
void *PrimaryTokenObject = proc->primary_token;
if (PrimaryTokenObject)
{
ObReferenceObject(PrimaryTokenObject);
HANDLE MyTokenHandle;
status = ObOpenObjectByPointer(PrimaryTokenObject, 0, NULL, TOKEN_QUERY | TOKEN_DUPLICATE, *SeTokenObjectType, UserMode, &MyTokenHandle);
ObDereferenceObject(PrimaryTokenObject);
*data = (ULONG64)MyTokenHandle;
}
if(is_caller_sandboxed)
status = STATUS_ACCESS_DENIED;
else
status = STATUS_NOT_FOUND;
{
void *PrimaryTokenObject = proc->primary_token;
if (PrimaryTokenObject)
{
ObReferenceObject(PrimaryTokenObject);
HANDLE MyTokenHandle;
status = ObOpenObjectByPointer(PrimaryTokenObject, 0, NULL, TOKEN_QUERY | TOKEN_DUPLICATE, *SeTokenObjectType, UserMode, &MyTokenHandle);
ObDereferenceObject(PrimaryTokenObject);
*data = (ULONG64)MyTokenHandle;
}
else
status = STATUS_NOT_FOUND;
}
}
else
status = STATUS_INVALID_INFO_CLASS;

261
Sandboxie/core/drv/process_force.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -42,6 +43,7 @@ typedef struct _FORCE_BOX {
BOX *box;
LIST ForceFolder;
LIST ForceProcess;
LIST AlertFolder;
LIST AlertProcess;
LIST HostInjectProcess;
@ -116,6 +118,9 @@ static BOX *Process_CheckForceFolder(
static BOX *Process_CheckForceProcess(
LIST *boxes, const WCHAR *name, BOOLEAN alert, ULONG *IsAlert);
static void Process_CheckAlertFolder(
LIST *boxes, const WCHAR *path, ULONG *IsAlert);
static void Process_CheckAlertProcess(
LIST *boxes, const WCHAR *name, ULONG *IsAlert);
@ -259,6 +264,16 @@ _FX BOX *Process_GetForcedStartBox(
Process_DfpInsert(PROCESS_TERMINATED, ProcessId);
}
if (alert != 1)
force_alert = FALSE;
if ((! box) && (alert != 1))
Process_CheckAlertFolder(&boxes, ImagePath2, &alert);
//
// for alerting we only care about the process path not about the working dir or command line
//
if ((! box) && (alert != 1))
Process_CheckAlertProcess(&boxes, ImageName, &alert);
}
@ -271,11 +286,6 @@ _FX BOX *Process_GetForcedStartBox(
// sss
//
if ((alert == 1) && (! same_image_name)) {
Log_Msg_Process(MSG_1301, ImageName, NULL, SessionId, ProcessId);
}
if (box) {
box = Box_Clone(Driver_Pool, box);
@ -283,6 +293,21 @@ _FX BOX *Process_GetForcedStartBox(
box = (BOX *)-1;
}
if ((alert == 1) && (! same_image_name)) {
if ((force_alert == 0) && Conf_Get_Boolean(NULL, L"StartRunAlertDenied", 0, FALSE))
{
if(Conf_Get_Boolean(NULL, L"NotifyStartRunAccessDenied", 0, TRUE))
Log_Msg_Process(MSG_1308, ImageName, NULL, SessionId, ProcessId);
box = (BOX *)-1;
}
else
{
Log_Msg_Process(MSG_1301, ImageName, NULL, SessionId, ProcessId);
}
}
//
// finish
//
@ -854,6 +879,7 @@ _FX void Process_CreateForceData(
List_Init(&box->ForceFolder);
List_Init(&box->ForceProcess);
List_Init(&box->AlertFolder);
List_Init(&box->AlertProcess);
List_Init(&box->HostInjectProcess);
@ -987,6 +1013,107 @@ _FX void Process_CreateForceData(
List_Insert_After(&box->ForceProcess, NULL, process);
}
//
// scan list of AlertFolder settings for the box
//
index2 = 0;
while (1) {
static const WCHAR *_AlertFolder = L"AlertFolder";
WCHAR *expnd, *buf;
ULONG buf_len;
value = Conf_Get(section, _AlertFolder, index2);
if (! value)
break;
++index2;
expnd = Conf_Expand(box->box->expand_args, value, _AlertFolder);
buf = NULL;
if (expnd) {
//
// remove duplicate backslashes and translate reparse points
//
WCHAR *tmp1, *tmp2;
buf_len = (wcslen(expnd) + 1) * sizeof(WCHAR);
tmp1 = Mem_Alloc(Driver_Pool, buf_len);
if (tmp1) {
WCHAR *src_ptr = expnd;
WCHAR *dst_ptr = tmp1;
while (*src_ptr) {
if (src_ptr[0] == L'\\' && src_ptr[1] == L'\\') {
++src_ptr;
continue;
}
*dst_ptr = *src_ptr;
++src_ptr;
++dst_ptr;
}
*dst_ptr = L'\0';
tmp2 = File_TranslateReparsePoints(tmp1, Driver_Pool);
if (tmp2) {
Mem_Free(tmp1, buf_len);
buf = tmp2;
buf_len = (wcslen(buf) + 1) * sizeof(WCHAR);
} else
buf = tmp1;
}
Mem_FreeString(expnd);
}
if (! buf)
continue;
folder = Mem_Alloc(Driver_Pool, sizeof(FORCE_FOLDER));
if (! folder) {
Mem_Free(buf, buf_len);
break;
}
if (wcschr(buf, L'*')) {
folder->pat =
Pattern_Create(box->box->expand_args->pool, buf, TRUE);
Mem_Free(buf, buf_len);
if (! folder->pat) {
Mem_Free(folder, sizeof(FORCE_FOLDER));
break;
}
folder->buf_len = 0;
folder->len = 0;
folder->buf = NULL;
} else {
ULONG len = wcslen(buf);
while (len && buf[len - 1] == L'\\')
--len;
folder->buf_len = buf_len;
folder->len = len;
folder->buf = buf;
folder->pat = NULL;
}
List_Insert_After(&box->AlertFolder, NULL, folder);
}
//
// scan list of AlertProcess settings for the box
//
@ -1093,6 +1220,22 @@ _FX void Process_DeleteForceData(LIST *boxes)
Mem_Free(process, sizeof(FORCE_PROCESS));
}
while (1) {
folder = List_Head(&box->AlertFolder);
if (!folder)
break;
List_Remove(&box->AlertFolder, folder);
if (folder->pat)
Pattern_Free(folder->pat);
else
Mem_Free(folder->buf, folder->buf_len);
Mem_Free(folder, sizeof(FORCE_FOLDER));
}
while (1) {
process = List_Head(&box->AlertProcess);
@ -1302,6 +1445,114 @@ _FX BOX *Process_CheckForceProcess(
}
//---------------------------------------------------------------------------
// Process_CheckAlertFolder
//---------------------------------------------------------------------------
_FX void Process_CheckAlertFolder(
LIST *boxes, const WCHAR *path, ULONG *IsAlert)
{
const WCHAR *ptr;
ULONG prefix_len, path_lwr_len;
WCHAR *path_lwr;
FORCE_BOX *box;
//
// make sure we have a proper path
//
ptr = wcsrchr(path, L'\\');
if (ptr && ptr[1])
prefix_len = (ULONG)(ptr - path);
else
prefix_len = 0;
if (! prefix_len)
return;
//
// never alert a program from the Sandboxie home directory
//
if (wcslen(path) > Driver_HomePathNt_Len + 1
&& _wcsnicmp(path, Driver_HomePathNt, Driver_HomePathNt_Len) == 0
&& path[Driver_HomePathNt_Len] == L'\\') {
*IsAlert = 2;
return;
}
//
// check if the folder is alerted to any box
//
path_lwr = NULL;
path_lwr_len = 0;
box = List_Head(boxes);
while (box) {
FORCE_FOLDER *folder = List_Head(&box->AlertFolder);
while (folder) {
BOOLEAN match = FALSE;
if (folder->pat) {
//
// wildcards in AlertFolder: match using pattern
//
if (! path_lwr) {
path_lwr = Mem_AllocString(Driver_Pool, path);
if (path_lwr) {
path_lwr[prefix_len] = L'\0';
_wcslwr(path_lwr);
path_lwr_len = wcslen(path_lwr);
}
}
if (path_lwr) {
match = Pattern_Match(
folder->pat, path_lwr, path_lwr_len);
}
} else {
//
// no wildcards: match using nls-aware string comparison
//
ULONG folder_len = folder->len;
if (folder_len && prefix_len >= folder_len &&
path[folder_len] == L'\\' &&
Box_NlsStrCmp(path, folder->buf, folder_len) == 0) {
match = TRUE;
}
}
if (match) {
if (path_lwr)
Mem_FreeString(path_lwr);
*IsAlert = 1;
return;
}
folder = List_Next(folder);
}
box = List_Next(box);
}
if (path_lwr)
Mem_FreeString(path_lwr);
}
//---------------------------------------------------------------------------
// Process_CheckAlertProcess
//---------------------------------------------------------------------------

3
Sandboxie/core/drv/process_low.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -190,7 +191,7 @@ _FX BOOLEAN Process_Low_Inject(
if (sbielow_loaded)
break;
time.QuadPart = -(SECONDS(1) / 4);
time.QuadPart = -(SECONDS(1) / 4); // 250ms*40 = 10s
KeWaitForSingleObject(Process_Low_Event,
Executive, KernelMode, FALSE, &time);
++retries;

1
Sandboxie/core/drv/process_util.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

158
Sandboxie/core/drv/session.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -591,7 +592,6 @@ _FX void Session_MonitorPutEx(USHORT type, const WCHAR** strings, HANDLE pid)
{
SESSION *session;
KIRQL irql;
const WCHAR** string;
session = Session_Get(FALSE, -1, &irql);
if (! session)
@ -601,7 +601,7 @@ _FX void Session_MonitorPutEx(USHORT type, const WCHAR** strings, HANDLE pid)
ULONG64 pid64 = (ULONG64)pid;
SIZE_T data_len = 0;
for(string = strings; *string != NULL; string++)
for(const WCHAR** string = strings; *string != NULL; string++)
data_len += wcslen(*string) * sizeof(WCHAR);
//[Type 2][PID 8][Data n*2]
@ -613,7 +613,7 @@ _FX void Session_MonitorPutEx(USHORT type, const WCHAR** strings, HANDLE pid)
log_buffer_push_bytes((CHAR*)&pid64, 8, &write_ptr, session->monitor_log);
// join strings seamlessly
for (string = strings; *string != NULL; string++)
for (const WCHAR** string = strings; *string != NULL; string++)
log_buffer_push_bytes((CHAR*)*string, wcslen(*string) * sizeof(WCHAR), &write_ptr, session->monitor_log);
}
else // this can only happen when the entire buffer is to small to hold this one entry
@ -708,7 +708,7 @@ _FX NTSTATUS Session_Api_MonitorControl(PROCESS *proc, ULONG64 *parms)
_FX NTSTATUS Session_Api_MonitorPut(PROCESS *proc, ULONG64 *parms)
{
API_MONITOR_GET_PUT_ARGS *args = (API_MONITOR_GET_PUT_ARGS *)parms;
API_MONITOR_PUT2_ARGS args2 = { args->func_code, args->name_type.val64, args->name_len.val64, args->name_ptr.val64, TRUE };
API_MONITOR_PUT2_ARGS args2 = { args->func_code, args->log_type.val64, args->log_len.val64, args->log_ptr.val64, TRUE };
return Session_Api_MonitorPut2(proc, (ULONG64*)&args2);
}
@ -723,11 +723,11 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
API_MONITOR_PUT2_ARGS *args = (API_MONITOR_PUT2_ARGS *)parms;
UNICODE_STRING objname;
void *object;
USHORT *user_type;
WCHAR *user_name;
USHORT *log_type;
WCHAR *log_data;
WCHAR *name;
NTSTATUS status;
ULONG name_len;
ULONG log_len;
USHORT type;
if (! proc)
@ -736,19 +736,19 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
if (! Session_MonitorCount)
return STATUS_SUCCESS;
user_type = args->name_type.val;
ProbeForRead(user_type, sizeof(USHORT), sizeof(USHORT));
type = *user_type;
log_type = args->log_type.val;
ProbeForRead(log_type, sizeof(USHORT), sizeof(USHORT));
type = *log_type;
if (! type)
return STATUS_INVALID_PARAMETER;
name_len = args->name_len.val / sizeof(WCHAR);
if (! name_len)
log_len = args->log_len.val / sizeof(WCHAR);
if (!log_len)
return STATUS_INVALID_PARAMETER;
if (name_len > 256) // truncate as we only have 260 in buffer
name_len = 256;
user_name = args->name_ptr.val;
ProbeForRead(user_name, name_len * sizeof(WCHAR), sizeof(WCHAR));
if (log_len > 256) // truncate as we only have 260 in buffer
log_len = 256;
log_data = args->log_ptr.val;
ProbeForRead(log_data, log_len * sizeof(WCHAR), sizeof(WCHAR));
name = Mem_Alloc(proc->pool, 260 * sizeof(WCHAR)); // todo: should we increate this ?
if (! name)
@ -761,8 +761,8 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
__try {
wmemcpy(name, user_name, name_len);
name[name_len] = L'\0';
wmemcpy(name, log_data, log_len);
name[log_len] = L'\0';
status = STATUS_SUCCESS;
object = NULL;
@ -860,11 +860,11 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
if (NT_SUCCESS(status)) {
name_len = Name->Name.Length / sizeof(WCHAR);
if (name_len > 256) // truncate as we only have 260 in buffer
name_len = 256;
wmemcpy(name, Name->Name.Buffer, name_len);
name[name_len] = L'\0';
log_len = Name->Name.Length / sizeof(WCHAR);
if (log_len > 256) // truncate as we only have 260 in buffer
log_len = 256;
wmemcpy(name, Name->Name.Buffer, log_len);
name[log_len] = L'\0';
if (Name != &Obj_Unnamed)
Mem_Free(Name, NameLength);
@ -908,7 +908,7 @@ _FX NTSTATUS Session_Api_MonitorPut2(PROCESS *proc, ULONG64 *parms)
_FX NTSTATUS Session_Api_MonitorGet(PROCESS *proc, ULONG64 *parms)
{
API_MONITOR_GET_PUT_ARGS *args = (API_MONITOR_GET_PUT_ARGS *)parms;
API_MONITOR_GET_EX_ARGS args2 = { args->func_code, 0, args->name_type.val64, 0, args->name_len.val64, args->name_ptr.val64 };
API_MONITOR_GET_EX_ARGS args2 = { args->func_code, 0, args->log_type.val64, 0, args->log_len.val64, args->log_ptr.val64 };
return Session_Api_MonitorGetEx(proc, (ULONG64*)&args2);
}
@ -922,80 +922,96 @@ _FX NTSTATUS Session_Api_MonitorGetEx(PROCESS *proc, ULONG64 *parms)
API_MONITOR_GET_EX_ARGS *args = (API_MONITOR_GET_EX_ARGS *)parms;
NTSTATUS status;
ULONG *seq_num;
USHORT *user_type;
ULONG64 *user_pid;
ULONG name_len;
WCHAR *user_name;
USHORT *log_type;
ULONG64 *log_pid;
ULONG log_len;
WCHAR *log_data;
SESSION *session;
KIRQL irql;
if (proc)
return STATUS_NOT_IMPLEMENTED;
seq_num = args->name_seq.val;
seq_num = args->log_seq.val;
if (seq_num != NULL) {
ProbeForRead(seq_num, sizeof(ULONG), sizeof(ULONG));
ProbeForWrite(seq_num, sizeof(ULONG), sizeof(ULONG));
}
user_type = args->name_type.val;
ProbeForWrite(user_type, sizeof(USHORT), sizeof(USHORT));
log_type = args->log_type.val;
ProbeForWrite(log_type, sizeof(USHORT), sizeof(USHORT));
user_pid = args->name_pid.val;
if (user_pid != NULL)
ProbeForWrite(user_pid, sizeof(ULONG64), sizeof(ULONG64));
log_pid = args->log_pid.val;
if (log_pid != NULL)
ProbeForWrite(log_pid, sizeof(ULONG64), sizeof(ULONG64));
name_len = args->name_len.val / sizeof(WCHAR);
if (! name_len)
log_len = args->log_len.val / sizeof(WCHAR);
if (!log_len)
return STATUS_INVALID_PARAMETER;
user_name = args->name_ptr.val;
ProbeForWrite(user_name, name_len * sizeof(WCHAR), sizeof(WCHAR));
log_data = args->log_ptr.val;
ProbeForWrite(log_data, log_len * sizeof(WCHAR), sizeof(WCHAR));
*user_type = 0;
if (user_pid != NULL)
*user_pid = 0;
*user_name = L'\0';
*log_type = 0;
if (log_pid != NULL)
*log_pid = 0;
*log_data = L'\0';
status = STATUS_SUCCESS;
session = Session_Get(FALSE, -1, &irql);
if (! session)
return STATUS_SUCCESS;
return STATUS_UNSUCCESSFUL;
__try {
if (session->monitor_log) {
if (!session->monitor_log) {
CHAR* read_ptr = NULL;
if (seq_num != NULL)
read_ptr = log_buffer_get_next(*seq_num, session->monitor_log);
else if (session->monitor_log->buffer_size > 0) // for compatybility with older versions we return the oldest entry
read_ptr = session->monitor_log->buffer_start_ptr;
status = STATUS_DEVICE_NOT_READY;
__leave;
}
if (read_ptr != NULL) {
LOG_BUFFER_SIZE_T entry_size = log_buffer_get_size(&read_ptr, session->monitor_log);
LOG_BUFFER_SEQ_T seq_number = log_buffer_get_seq_num(&read_ptr, session->monitor_log);
if (seq_num != NULL)
*seq_num = seq_number;
//[Type 2][PID 8][Data n*2]
log_buffer_get_bytes((CHAR*)user_type, 2, &read_ptr, session->monitor_log);
ULONG64 pid64;
log_buffer_get_bytes((CHAR*)&pid64, 8, &read_ptr, session->monitor_log);
if (user_pid != NULL)
*user_pid = pid64;
CHAR* read_ptr = NULL;
if (seq_num != NULL)
read_ptr = log_buffer_get_next(*seq_num, session->monitor_log);
else if (session->monitor_log->buffer_size > 0) // for compatybility with older versions we return the oldest entry
read_ptr = session->monitor_log->buffer_start_ptr;
name_len -= sizeof(WCHAR); // reserve room for the termination charakter
if (name_len > entry_size - (2 + 8))
name_len = entry_size - (2 + 8);
log_buffer_get_bytes((CHAR*)user_name, name_len, &read_ptr, session->monitor_log);
if (!read_ptr) {
// add required termination charakter
*(WCHAR*)(((CHAR*)user_name) + name_len) = L'\0';
}
status = STATUS_NO_MORE_ENTRIES;
__leave;
}
// for compatybility with older versions we fall back to clearing the returned entry
if (seq_num != NULL)
log_buffer_pop_entry(session->monitor_log);
}
LOG_BUFFER_SIZE_T entry_size = log_buffer_get_size(&read_ptr, session->monitor_log);
LOG_BUFFER_SEQ_T seq_number = log_buffer_get_seq_num(&read_ptr, session->monitor_log);
//if (seq_num != NULL && seq_number != *seq_num + 1) {
//
// status = STATUS_REQUEST_OUT_OF_SEQUENCE;
// *seq_num = seq_number - 1;
// __leave;
//}
//[Type 2][PID 8][Data n*2]
log_buffer_get_bytes((CHAR*)log_type, 2, &read_ptr, session->monitor_log);
ULONG64 pid64;
log_buffer_get_bytes((CHAR*)&pid64, 8, &read_ptr, session->monitor_log);
if (log_pid != NULL)
*log_pid = pid64;
log_len -= sizeof(WCHAR); // reserve room for the termination charakter
if (log_len > entry_size - (2 + 8))
log_len = entry_size - (2 + 8);
log_buffer_get_bytes((CHAR*)log_data, log_len, &read_ptr, session->monitor_log);
// add required termination charakter
*(WCHAR*)(((CHAR*)log_data) + log_len) = L'\0';
if (seq_num != NULL)
*seq_num = seq_number;
else // for compatybility with older versions we fall back to clearing the returned entry
log_buffer_pop_entry(session->monitor_log);
} __except (EXCEPTION_EXECUTE_HANDLER) {
status = GetExceptionCode();

1
Sandboxie/core/drv/session.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/drv/syscall_open.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/drv/thread_token.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/drv/token.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/drv/util.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/drv/util.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/low/init.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/low/inject.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/low/lowdata.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

7
Sandboxie/core/svc/DriverAssist.cpp
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -455,10 +456,10 @@ void DriverAssist::CancelProcess(void *_msg)
CloseHandle(hProcess);
}
if (msg->reason != 0)
SbieApi_LogEx(msg->session_id, 2314, L"%S [%d / %d]", msg->process_name, msg->process_id, msg->reason);
else
if (msg->reason == 0)
SbieApi_LogEx(msg->session_id, 2314, msg->process_name);
else if (msg->reason != -1) // in this case we have SBIE1308 and dont want any other messages
SbieApi_LogEx(msg->session_id, 2314, L"%S [%d / %d]", msg->process_name, msg->process_id, msg->reason);
}

1
Sandboxie/core/svc/DriverAssist.h
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

1
Sandboxie/core/svc/DriverAssistInject.cpp
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

11
Sandboxie/core/svc/DriverAssistLog.cpp
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -64,14 +65,8 @@ void DriverAssist::LogMessage()
if (status != 0)
break; // error or no more entries
//if (message_number != m_last_message_number + 1)
// we missed something
m_last_message_number = message_number;
if (code == 0)
break; // empty dummy
LogMessage_Single(code, (wchar_t*)m_workItemBuf);
}
@ -118,6 +113,10 @@ void DriverAssist::LogMessage_Single(ULONG code, wchar_t* data)
if (code == MSG_2199)
return;
if (code == MSG_2198)
return;
if (code == MSG_1399)
return;
WCHAR *str1 = data;
ULONG str1_len = wcslen(str1);

1
Sandboxie/core/svc/DriverAssistStart.cpp
View File

@ -1,5 +1,6 @@
/*
* Copyright 2004-2020 Sandboxie Holdings, LLC
* Copyright 2020 David Xanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

84
Sandboxie/core/svc/InteractiveWire.h Normal file
View File

@ -0,0 +1,84 @@
/*
* Copyright 2020 DavidXanatos, xanasoft.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
//---------------------------------------------------------------------------
// Queue Server -- using PipeServer
//---------------------------------------------------------------------------
#ifndef _MY_INTERACTIVEWIRE_H
#define _MY_INTERACTIVEWIRE_H
#include "../../common/defines.h"
#include "msgids.h"
//---------------------------------------------------------------------------
// Defines
//---------------------------------------------------------------------------
#define INTERACTIVE_QUEUE_NAME L"MANPROXY"
#define MAN_FILE_MIGRATION 1
#define MAN_INET_BLOCKADE 2
//---------------------------------------------------------------------------
// FILE_MIGRATION
//---------------------------------------------------------------------------
struct tagMAN_FILE_MIGRATION_REQ
{
ULONG msgid;
ULONGLONG file_size;
WCHAR file_path[256];
};
struct tagMAN_FILE_MIGRATION_RPL
{
ULONG status;
ULONG retval;
};
typedef struct tagMAN_FILE_MIGRATION_REQ MAN_FILE_MIGRATION_REQ;
typedef struct tagMAN_FILE_MIGRATION_RPL MAN_FILE_MIGRATION_RPL;
//---------------------------------------------------------------------------
// MAN_INET_BLOCKADE
//---------------------------------------------------------------------------
struct tagMAN_INET_BLOCKADE_REQ
{
ULONG msgid;
};
struct tagMAN_INET_BLOCKADE_RPL
{
ULONG status;
ULONG retval;
};
typedef struct tagMAN_INET_BLOCKADE_REQ MAN_INET_BLOCKADE_REQ;
typedef struct tagMAN_INET_BLOCKADE_RPL MAN_INET_BLOCKADE_RPL;
//---------------------------------------------------------------------------
#endif /* _MY_INTERACTIVEWIRE_H */

Some files were not shown because too many files have changed in this diff Show More