From b41d18079abb3449bcb5ee6b5adcd3ccfaba518d Mon Sep 17 00:00:00 2001 From: DavidXanatos <3890945+DavidXanatos@users.noreply.github.com> Date: Sun, 21 Jul 2024 13:57:21 +0200 Subject: [PATCH 1/7] Update OptionsWindow.ui --- SandboxiePlus/SandMan/Forms/OptionsWindow.ui | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui index 2660a9a9..09e93d15 100644 --- a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui +++ b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui @@ -4748,7 +4748,7 @@ This is done to prevent rogue processes inside the sandbox from creating a renam - + Don't allow sandboxed processes to see processes running outside any boxes From 98ea5bf6c45f97e0e15df4ded014fbaf72028eb0 Mon Sep 17 00:00:00 2001 From: DavidXanatos <3890945+DavidXanatos@users.noreply.github.com> Date: Sun, 21 Jul 2024 14:33:05 +0200 Subject: [PATCH 2/7] 1.14.5 --- Sandboxie/core/dll/sysinfo.c | 24 ++- SandboxiePlus/SandMan/Forms/OptionsWindow.ui | 182 +++++++++--------- .../SandMan/Windows/OptionsAdvanced.cpp | 64 +++++- 3 files changed, 175 insertions(+), 95 deletions(-) diff --git a/Sandboxie/core/dll/sysinfo.c b/Sandboxie/core/dll/sysinfo.c index dfd13db8..a5df709a 100644 --- a/Sandboxie/core/dll/sysinfo.c +++ b/Sandboxie/core/dll/sysinfo.c @@ -221,28 +221,36 @@ _FX NTSTATUS SysInfo_NtQuerySystemInformation( typedef LSTATUS(*ROK)(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult); typedef LSTATUS(*RQVEW)(HKEY hKey, LPCWSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData); typedef LSTATUS(*RCK)(HKEY hKey); - ROK RegOpenKeyExW = (ROK)GetProcAddress(GetModuleHandle(DllName_advapi32), "RegOpenKeyExW"); - RQVEW RegQueryValueExW = (RQVEW)GetProcAddress(GetModuleHandle(DllName_advapi32), "RegQueryValueExW"); - RCK RegCloseKey = (RCK)GetProcAddress(GetModuleHandle(DllName_advapi32), "RegCloseKey"); + ROK RegOpenKeyExW = (ROK)GetProcAddress(LoadLibraryW(DllName_advapi32), "RegOpenKeyExW"); + RQVEW RegQueryValueExW = (RQVEW)GetProcAddress(LoadLibraryW(DllName_advapi32), "RegQueryValueExW"); + RCK RegCloseKey = (RCK)GetProcAddress(LoadLibraryW(DllName_advapi32), "RegCloseKey"); HKEY hKey = NULL; - PVOID lpData = NULL; - DWORD dwLen = 0; + DWORD dwLen = 0x10000; + PVOID lpData = Dll_AllocTemp(dwLen); DWORD type; + if (!lpData) + return STATUS_UNSUCCESSFUL; // if not set we return no information, 0 length - if (RegOpenKeyExW && RegOpenKeyExW(HKEY_CURRENT_USER, L"System\\SbieCustom\\", 0, KEY_READ, &hKey)) { + if (RegOpenKeyExW && RegOpenKeyExW(HKEY_CURRENT_USER, L"System\\SbieCustom", 0, KEY_READ, &hKey) == 0) { + RegQueryValueExW(hKey, L"SMBiosTable", 0, &type, lpData, &dwLen); + RegCloseKey(hKey); } *ReturnLength = dwLen; if (dwLen > 0) { - if (dwLen > BufferLength) + if (dwLen + sizeof(PSYSTEM_FIRMWARE_TABLE_INFORMATION) > BufferLength) return STATUS_BUFFER_TOO_SMALL; - memcpy(Buffer, lpData, dwLen); + + firmwareTableInfo->TableBufferLength = dwLen; + memcpy(firmwareTableInfo->TableBuffer, lpData, dwLen); } + Dll_Free(lpData); + return STATUS_SUCCESS; } } diff --git a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui index 09e93d15..e7962ff9 100644 --- a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui +++ b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui @@ -4687,16 +4687,6 @@ This is done to prevent rogue processes inside the sandbox from creating a renam Privacy - - - - - - - Show Templates - - - @@ -4707,50 +4697,13 @@ This is done to prevent rogue processes inside the sandbox from creating a renam - - + + - Add Process + Hide host processes from processes running in the sandbox. - - - - - - - true - true - - - - Process Hiding - - - - - - - Use a custom Locale/LangID - - - - - - - Qt::Vertical - - - - 20 - 40 - - - - - - - - Don't allow sandboxed processes to see processes running outside any boxes + + true @@ -4767,40 +4720,20 @@ This is done to prevent rogue processes inside the sandbox from creating a renam - - + + + + Some programs read system deatils through WMI(A Windows built-in database) instead of normal ways. For example,"tasklist.exe" could get full processes list even if "HideOtherBoxes" is opened through accessing WMI. Enable this option to stop these heavior. + - Remove + Prevent sandboxed processes from accessing system deatils through WMI (see tooltip for more Info) - - + + - Hide host processes from processes running in the sandbox. - - - true - - - - - - - Don't allow sandboxed processes to see processes running in other boxes - - - - - - - - true - true - - - - Data Protection + Don't allow sandboxed processes to see processes running outside any boxes @@ -4821,13 +4754,90 @@ This is done to prevent rogue processes inside the sandbox from creating a renam - - - - Some programs read system deatils through WMI(A Windows built-in database) instead of normal ways. For example,"tasklist.exe" could get full processes list even if "HideOtherBoxes" is opened through accessing WMI. Enable this option to stop these heavior. + + + + + true + true + - Prevent sandboxed processes from accessing system deatils through WMI (see tooltip for more Info) + Process Hiding + + + + + + + Add Process + + + + + + + Use a custom Locale/LangID + + + + + + + Remove + + + + + + + + true + true + + + + Data Protection + + + + + + + + + + Show Templates + + + + + + + Qt::Vertical + + + + 20 + 40 + + + + + + + + Don't allow sandboxed processes to see processes running in other boxes + + + + + + + Dump the current Firmare Tables to HKCU\System\SbieCustom + + + Dump FW Tables diff --git a/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp b/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp index 639e0975..d9d4a5c7 100644 --- a/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp +++ b/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp @@ -100,6 +100,7 @@ void COptionsWindow::CreateAdvanced() connect(ui.chkHideFirmware, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged())); connect(ui.cmbLangID, SIGNAL(currentIndexChanged(int)), this, SLOT(OnAdvancedChanged())); + connect(ui.btnDumpFW, SIGNAL(clicked(bool)), this, SLOT(OnDumpFW())); connect(ui.chkHideOtherBoxes, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged())); connect(ui.chkHideNonSystemProcesses, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged())); @@ -266,7 +267,7 @@ void COptionsWindow::LoadAdvanced() ShowTriggersTmpl(); // - ui.chkHideFirmware->setChecked(m_pBox->GetBool("HideFirmwareInfo", true)); + ui.chkHideFirmware->setChecked(m_pBox->GetBool("HideFirmwareInfo", false)); ui.cmbLangID->setCurrentIndex(ui.cmbLangID->findData(m_pBox->GetNum("CustomLCID", 0))); @@ -1341,6 +1342,67 @@ void COptionsWindow::SaveDebug() } } +#define WIN32_NO_STATUS +typedef long NTSTATUS; + +#include "..\..\Sandboxie\common\win32_ntddk.h" + +typedef struct _SYSTEM_FIRMWARE_TABLE_INFORMATION { + ULONG ProviderSignature; + ULONG Action; + ULONG TableID; + ULONG TableBufferLength; + UCHAR TableBuffer[ANYSIZE_ARRAY]; +} SYSTEM_FIRMWARE_TABLE_INFORMATION, *PSYSTEM_FIRMWARE_TABLE_INFORMATION; + +#define FIRMWARE_TABLE_PROVIDER_ACPI 'ACPI' +#define FIRMWARE_TABLE_PROVIDER_SMBIOS 'RSMB' + +typedef enum _SYSTEM_FIRMWARE_TABLE_ACTION { + SystemFirmwareTable_Enumerate, + SystemFirmwareTable_Get +} SYSTEM_FIRMWARE_TABLE_ACTION; + +void COptionsWindow::OnDumpFW() +{ + ULONG returnLength = 0; + NTSTATUS status; + SYSTEM_FIRMWARE_TABLE_INFORMATION* firmwareTableInfo; + ULONG firmwareTableSize = sizeof(SYSTEM_FIRMWARE_TABLE_INFORMATION) + 0x10000; // Initial size + +retry: + firmwareTableInfo = (SYSTEM_FIRMWARE_TABLE_INFORMATION*)malloc(firmwareTableSize); + firmwareTableInfo->ProviderSignature = FIRMWARE_TABLE_PROVIDER_SMBIOS; + firmwareTableInfo->Action = SystemFirmwareTable_Get; + firmwareTableInfo->TableID = 0; + firmwareTableInfo->TableBufferLength = firmwareTableSize - sizeof(SYSTEM_FIRMWARE_TABLE_INFORMATION); + + status = NtQuerySystemInformation(SystemFirmwareTableInformation, firmwareTableInfo, firmwareTableSize, &returnLength); + + if (status == 0xC0000023L/*STATUS_BUFFER_TOO_SMALL*/) { + free(firmwareTableInfo); + firmwareTableSize += 0x10000; + goto retry; + } + + if (!NT_SUCCESS(status)) + CSandMan::ShowMessageBox(this, QMessageBox::Critical, tr("Failed to retrieve firmware table information.")); + else if(firmwareTableInfo->TableBufferLength) + { + HKEY hKey; + DWORD disposition; + if(RegCreateKeyExW(HKEY_CURRENT_USER, L"System\\SbieCustom", 0, 0, 0, KEY_WRITE, NULL, &hKey, &disposition) == 0) + { + if(RegSetValueExW(hKey, L"SMBiosTable", 0, REG_BINARY, firmwareTableInfo->TableBuffer, firmwareTableInfo->TableBufferLength) == 0) + CSandMan::ShowMessageBox(this, QMessageBox::Information, tr("Firmware table saved successfully to host registry: HKEY_CURRENT_USER\\System\\SbieCustom
you can copy it to the sandboxed registry to have a different value for each box.")); + + RegCloseKey(hKey); + } + } + + free(firmwareTableInfo); +} + void COptionsWindow::InitLangID() { // Note: list by ChatGPT From 4b25afd66d0ab46f355b4a045f00009888645480 Mon Sep 17 00:00:00 2001 From: DavidXanatos <3890945+DavidXanatos@users.noreply.github.com> Date: Sun, 21 Jul 2024 14:34:03 +0200 Subject: [PATCH 3/7] Update CHANGELOG.md --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a0a3d44c..6c4523ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,8 +20,9 @@ This project adheres to [Semantic Versioning](http://semver.org/). - fixed Getting two advanced supporter certificate popups everytime I open Sandbox Settings on any sandbox [#4074](https://github.com/sandboxie-plus/Sandboxie/issues/4074) - fixed issue with HwID bound serial keys failing when no HwID could be obtained - fixed issue with "UseChangeSpeed=y" -- fixed with option "HideFirmwareInfo=y" +- fixed broken "HideFirmwareInfo=y" implementation. - changed reg path to key "HKCU\\System\\SbieCustom", value: "SMBiosTable" + - added UI options ### Changed - the certificate format can now take an explicit validity days specification, needed for gapless certificat renewal. From 29b0ac2154f6d043806d2f1eadfa73ed504941ed Mon Sep 17 00:00:00 2001 From: DavidXanatos <3890945+DavidXanatos@users.noreply.github.com> Date: Sun, 21 Jul 2024 14:42:08 +0200 Subject: [PATCH 4/7] Update OptionsWindow.h --- SandboxiePlus/SandMan/Windows/OptionsWindow.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/SandboxiePlus/SandMan/Windows/OptionsWindow.h b/SandboxiePlus/SandMan/Windows/OptionsWindow.h index 153b09cc..a8fbddd6 100644 --- a/SandboxiePlus/SandMan/Windows/OptionsWindow.h +++ b/SandboxiePlus/SandMan/Windows/OptionsWindow.h @@ -211,6 +211,8 @@ private slots: void OnAddTerminateCmd(); void OnDelAuto(); + void OnDumpFW(); + void OnAddProcess(); void OnDelProcess(); void OnShowHiddenProcTmpl() { ShowHiddenProcTmpl(true); } From a59698b0ebe1d0caa6a25a0167a59cbe2d16d936 Mon Sep 17 00:00:00 2001 From: DavidXanatos <3890945+DavidXanatos@users.noreply.github.com> Date: Sun, 21 Jul 2024 14:52:35 +0200 Subject: [PATCH 5/7] 1.14.5 --- Sandboxie/core/dll/sysinfo.c | 55 ++++++++++++------- .../SandMan/Windows/OptionsAdvanced.cpp | 4 +- 2 files changed, 38 insertions(+), 21 deletions(-) diff --git a/Sandboxie/core/dll/sysinfo.c b/Sandboxie/core/dll/sysinfo.c index a5df709a..4ea3e1da 100644 --- a/Sandboxie/core/dll/sysinfo.c +++ b/Sandboxie/core/dll/sysinfo.c @@ -216,42 +216,59 @@ _FX NTSTATUS SysInfo_NtQuerySystemInformation( PSYSTEM_FIRMWARE_TABLE_INFORMATION firmwareTableInfo = (PSYSTEM_FIRMWARE_TABLE_INFORMATION)Buffer; - if (firmwareTableInfo->ProviderSignature == FIRMWARE_TABLE_PROVIDER_SMBIOS && firmwareTableInfo->Action == SystemFirmwareTable_Get) - { - typedef LSTATUS(*ROK)(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult); - typedef LSTATUS(*RQVEW)(HKEY hKey, LPCWSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData); - typedef LSTATUS(*RCK)(HKEY hKey); - ROK RegOpenKeyExW = (ROK)GetProcAddress(LoadLibraryW(DllName_advapi32), "RegOpenKeyExW"); - RQVEW RegQueryValueExW = (RQVEW)GetProcAddress(LoadLibraryW(DllName_advapi32), "RegQueryValueExW"); - RCK RegCloseKey = (RCK)GetProcAddress(LoadLibraryW(DllName_advapi32), "RegCloseKey"); + if (firmwareTableInfo->ProviderSignature == FIRMWARE_TABLE_PROVIDER_SMBIOS && firmwareTableInfo->Action == SystemFirmwareTable_Get) { + + typedef LSTATUS(*RegOpenKeyExW_t)(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult); + typedef LSTATUS(*RegQueryValueExW_t)(HKEY hKey, LPCWSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData); + typedef LSTATUS(*RegCloseKey_t)(HKEY hKey); + + HMODULE advapi32 = LoadLibraryW(DllName_advapi32); + if (!advapi32) return STATUS_UNSUCCESSFUL; + + RegOpenKeyExW_t RegOpenKeyExW = (RegOpenKeyExW_t)GetProcAddress(advapi32, "RegOpenKeyExW"); + RegQueryValueExW_t RegQueryValueExW = (RegQueryValueExW_t)GetProcAddress(advapi32, "RegQueryValueExW"); + RegCloseKey_t RegCloseKey = (RegCloseKey_t)GetProcAddress(advapi32, "RegCloseKey"); + + if (!RegOpenKeyExW || !RegQueryValueExW || !RegCloseKey) { + FreeLibrary(advapi32); + return STATUS_UNSUCCESSFUL; + } HKEY hKey = NULL; DWORD dwLen = 0x10000; PVOID lpData = Dll_AllocTemp(dwLen); - DWORD type; - if (!lpData) + if (!lpData) { + FreeLibrary(advapi32); return STATUS_UNSUCCESSFUL; + } + DWORD type = 0; // if not set we return no information, 0 length - if (RegOpenKeyExW && RegOpenKeyExW(HKEY_CURRENT_USER, L"System\\SbieCustom", 0, KEY_READ, &hKey) == 0) { - - RegQueryValueExW(hKey, L"SMBiosTable", 0, &type, lpData, &dwLen); - + if (RegOpenKeyExW(HKEY_CURRENT_USER, L"System\\SbieCustom", 0, KEY_READ, &hKey) == ERROR_SUCCESS) { + if (RegQueryValueExW(hKey, L"SMBiosTable", NULL, &type, (LPBYTE)lpData, &dwLen) != ERROR_SUCCESS) { + dwLen = 0; + } RegCloseKey(hKey); } *ReturnLength = dwLen; if (dwLen > 0) { - if (dwLen + sizeof(PSYSTEM_FIRMWARE_TABLE_INFORMATION) > BufferLength) - return STATUS_BUFFER_TOO_SMALL; - + if (dwLen + sizeof(SYSTEM_FIRMWARE_TABLE_INFORMATION) > BufferLength) { + status = STATUS_BUFFER_TOO_SMALL; + goto cleanup; + } + firmwareTableInfo->TableBufferLength = dwLen; memcpy(firmwareTableInfo->TableBuffer, lpData, dwLen); } - Dll_Free(lpData); + status = STATUS_SUCCESS; - return STATUS_SUCCESS; + cleanup: + Dll_Free(lpData); + FreeLibrary(advapi32); + + return status; } } diff --git a/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp b/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp index d9d4a5c7..7dfc8513 100644 --- a/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp +++ b/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp @@ -1391,9 +1391,9 @@ retry: { HKEY hKey; DWORD disposition; - if(RegCreateKeyExW(HKEY_CURRENT_USER, L"System\\SbieCustom", 0, 0, 0, KEY_WRITE, NULL, &hKey, &disposition) == 0) + if(RegCreateKeyExW(HKEY_CURRENT_USER, L"System\\SbieCustom", 0, 0, 0, KEY_WRITE, NULL, &hKey, &disposition) == ERROR_SUCCESS) { - if(RegSetValueExW(hKey, L"SMBiosTable", 0, REG_BINARY, firmwareTableInfo->TableBuffer, firmwareTableInfo->TableBufferLength) == 0) + if(RegSetValueExW(hKey, L"SMBiosTable", 0, REG_BINARY, firmwareTableInfo->TableBuffer, firmwareTableInfo->TableBufferLength) == ERROR_SUCCESS) CSandMan::ShowMessageBox(this, QMessageBox::Information, tr("Firmware table saved successfully to host registry: HKEY_CURRENT_USER\\System\\SbieCustom
you can copy it to the sandboxed registry to have a different value for each box.")); RegCloseKey(hKey); From 418d095d24064137d8a3964ec1336c95e450c9cd Mon Sep 17 00:00:00 2001 From: DavidXanatos <3890945+DavidXanatos@users.noreply.github.com> Date: Sun, 21 Jul 2024 15:45:51 +0200 Subject: [PATCH 6/7] #4090 --- CHANGELOG.md | 1 + SandboxiePlus/SandMan/Forms/SettingsWindow.ui | 104 +++--- SandboxiePlus/SandMan/Helpers/WinAdmin.cpp | 334 +++++++++++++++++- SandboxiePlus/SandMan/Helpers/WinAdmin.h | 3 + .../SandMan/Windows/SettingsWindow.cpp | 7 + .../SandMan/Windows/SettingsWindow.h | 3 + 6 files changed, 402 insertions(+), 50 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c4523ab..96418479 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). ### Added - added hwid display - added Language Spoof "CustomLCID=1033" [#4024](https://github.com/sandboxie-plus/Sandboxie/pull/4024) (thanks Yeyixiao) +- added option to always run the sandman UI as admin [#4090](https://github.com/sandboxie-plus/Sandboxie/issues/4090) ### Fixed - fixed Getting two advanced supporter certificate popups everytime I open Sandbox Settings on any sandbox [#4074](https://github.com/sandboxie-plus/Sandboxie/issues/4074) diff --git a/SandboxiePlus/SandMan/Forms/SettingsWindow.ui b/SandboxiePlus/SandMan/Forms/SettingsWindow.ui index 073b00c6..d83142cb 100644 --- a/SandboxiePlus/SandMan/Forms/SettingsWindow.ui +++ b/SandboxiePlus/SandMan/Forms/SettingsWindow.ui @@ -2196,7 +2196,41 @@ Unlike the preview channel, it does not include untested, potentially breaking, Sandboxie.ini Presets - + + + + Only Administrator user accounts can use Pause Forcing Programs command + + + + + + + Qt::Horizontal + + + + 40 + 20 + + + + + + + + Watch Sandboxie.ini for changes + + + + + + + Only Administrator user accounts can make changes + + + + Qt::Vertical @@ -2209,46 +2243,10 @@ Unlike the preview channel, it does not include untested, potentially breaking, - - - - Clear password when main window becomes hidden - - - - - - - Only Administrator user accounts can use Pause Forcing Programs command - - - - - - - Watch Sandboxie.ini for changes - - - - - - - Change Password - - - - - - - Only Administrator user accounts can make changes - - - - + - 75 true true @@ -2258,25 +2256,33 @@ Unlike the preview channel, it does not include untested, potentially breaking, - + + + + Clear password when main window becomes hidden + + + + Password must be entered in order to make changes - - - - Qt::Horizontal + + + + Change Password - - - 40 - 20 - + + + + + + Always run SandMan UI as Admin - + diff --git a/SandboxiePlus/SandMan/Helpers/WinAdmin.cpp b/SandboxiePlus/SandMan/Helpers/WinAdmin.cpp index 52535ac9..54ca5a88 100644 --- a/SandboxiePlus/SandMan/Helpers/WinAdmin.cpp +++ b/SandboxiePlus/SandMan/Helpers/WinAdmin.cpp @@ -164,4 +164,336 @@ bool AutorunEnable (bool is_enable) } return false; -} \ No newline at end of file +} + +////////////////////////////////////////////////////////////////////////////////// +// Skip UAC + +#define SKIP_UAC_TASK_NAME APP_NAME L"_SkipUac" + +#include +#include + +struct MBSTR +{ + MBSTR (LPCWSTR asString = nullptr) + { + ms_bstr = asString ? SysAllocString (asString) : nullptr; + } + + ~MBSTR () + { + Free (); + } + + operator BSTR() const + { + return ms_bstr; + } + + MBSTR& operator=(LPCWSTR asString) + { + if (asString != ms_bstr) + { + Free (); + ms_bstr = asString ? ::SysAllocString (asString) : NULL; + } + + return *this; + } + + void Free () + { + if (ms_bstr) + { + SysFreeString (ms_bstr); + ms_bstr = nullptr; + } + } +protected: + BSTR ms_bstr; +}; + +bool SkipUacEnable (bool is_enable) +{ + bool result = false; + bool action_result = false; + + ITaskService* service = nullptr; + ITaskFolder* folder = nullptr; + ITaskDefinition* task = nullptr; + IRegistrationInfo* reginfo = nullptr; + IPrincipal* principal = nullptr; + ITaskSettings* settings = nullptr; + IActionCollection* action_collection = nullptr; + IAction* action = nullptr; + IExecAction* exec_action = nullptr; + IRegisteredTask* registered_task = nullptr; + + wchar_t szPath[MAX_PATH]; + if (!GetModuleFileName(NULL, szPath, ARRAYSIZE(szPath))) + return false; + std::wstring::size_type pos = std::wstring(szPath).find_last_of( L"\\/" ); + std::wstring dir = std::wstring(szPath).substr(0, pos); + + MBSTR root (L"\\"); + MBSTR name (SKIP_UAC_TASK_NAME); + MBSTR author (APP_NAME); + MBSTR path (szPath); + MBSTR directory (dir.c_str()); + MBSTR args (L"$(Arg0)"); + MBSTR timelimit (L"PT0S"); + + VARIANT vtEmpty = {VT_EMPTY}; + + if (SUCCEEDED (CoInitializeEx (nullptr, COINIT_APARTMENTTHREADED))) + { + //if (SUCCEEDED (CoInitializeSecurity (nullptr, -1, nullptr, nullptr, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_IMP_LEVEL_IMPERSONATE, nullptr, 0, nullptr))) + { + if (SUCCEEDED (CoCreateInstance (CLSID_TaskScheduler, nullptr, CLSCTX_INPROC_SERVER, IID_ITaskService, (LPVOID*)&service))) + { + if (SUCCEEDED (service->Connect (vtEmpty, vtEmpty, vtEmpty, vtEmpty))) + { + if (SUCCEEDED (service->GetFolder (root, &folder))) + { + // create task + if (is_enable) + { + if (SUCCEEDED (service->NewTask (0, &task))) + { + if (SUCCEEDED (task->get_RegistrationInfo (®info))) + { + reginfo->put_Author (author); + reginfo->Release (); + } + + if (SUCCEEDED (task->get_Principal (&principal))) + { + principal->put_RunLevel (TASK_RUNLEVEL_HIGHEST); + principal->Release (); + } + + if (SUCCEEDED (task->get_Settings (&settings))) + { + settings->put_AllowHardTerminate (VARIANT_BOOL (FALSE)); + settings->put_StartWhenAvailable (VARIANT_BOOL (FALSE)); + settings->put_DisallowStartIfOnBatteries (VARIANT_BOOL (FALSE)); + settings->put_StopIfGoingOnBatteries (VARIANT_BOOL (FALSE)); + settings->put_MultipleInstances (TASK_INSTANCES_PARALLEL); + settings->put_ExecutionTimeLimit (timelimit); + + settings->Release (); + } + + if (SUCCEEDED (task->get_Actions (&action_collection))) + { + if (SUCCEEDED (action_collection->Create (TASK_ACTION_EXEC, &action))) + { + if (SUCCEEDED (action->QueryInterface (IID_IExecAction, (LPVOID*)&exec_action))) + { + if ( + SUCCEEDED (exec_action->put_Path (path)) && + SUCCEEDED (exec_action->put_WorkingDirectory (directory)) && + SUCCEEDED (exec_action->put_Arguments (args)) + ) + { + action_result = true; + } + + exec_action->Release (); + } + + action->Release (); + } + + action_collection->Release (); + } + + if (action_result) + { + if (SUCCEEDED (folder->RegisterTaskDefinition ( + name, + task, + TASK_CREATE_OR_UPDATE, + vtEmpty, + vtEmpty, + TASK_LOGON_INTERACTIVE_TOKEN, + vtEmpty, + ®istered_task) + )) + { + { + //ConfigSet (L"SkipUacIsEnabled", true); + result = true; + + registered_task->Release (); + } + } + + task->Release (); + } + } + } + else + { + // remove task + result = SUCCEEDED (folder->DeleteTask (name, 0)); + + //ConfigSet (L"SkipUacIsEnabled", false); + } + + folder->Release (); + } + } + + service->Release (); + } + } + + CoUninitialize (); + } + + return result; +} + +bool SkipUacRun (bool test_only) +{ + bool result = false; + + ITaskService* service = nullptr; + ITaskFolder* folder = nullptr; + IRegisteredTask* registered_task = nullptr; + + ITaskDefinition* task = nullptr; + IActionCollection* action_collection = nullptr; + IAction* action = nullptr; + IExecAction* exec_action = nullptr; + + IRunningTask* running_task = nullptr; + + wchar_t szPath[MAX_PATH]; + if (!GetModuleFileName(NULL, szPath, ARRAYSIZE(szPath))) + return false; + + MBSTR root (L"\\"); + MBSTR name (SKIP_UAC_TASK_NAME); + + VARIANT vtEmpty = {VT_EMPTY}; + + if (SUCCEEDED (CoInitializeEx (nullptr, COINIT_APARTMENTTHREADED))) + { + //if (SUCCEEDED (CoInitializeSecurity (nullptr, -1, nullptr, nullptr, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_IMP_LEVEL_IMPERSONATE, nullptr, 0, nullptr))) + { + if (SUCCEEDED (CoCreateInstance (CLSID_TaskScheduler, nullptr, CLSCTX_INPROC_SERVER, IID_ITaskService, (LPVOID*)&service))) + { + if (SUCCEEDED (service->Connect (vtEmpty, vtEmpty, vtEmpty, vtEmpty))) + { + if (SUCCEEDED (service->GetFolder (root, &folder))) + { + if (SUCCEEDED (folder->GetTask (name, ®istered_task))) + { + if (SUCCEEDED (registered_task->get_Definition (&task))) + { + if (SUCCEEDED (task->get_Actions (&action_collection))) + { + if (SUCCEEDED (action_collection->get_Item (1, &action))) + { + if (SUCCEEDED (action->QueryInterface (IID_IExecAction, (LPVOID*)&exec_action))) + { + BSTR path = nullptr; + + exec_action->get_Path (&path); + + PathUnquoteSpaces (path); + + // check path is to current module + if (_wcsicmp (path, szPath) == 0) + { + if (test_only) + { + result = true; + } + else + { + std::wstring args; + + // get arguments + { + INT numargs = 0; + LPWSTR* arga = CommandLineToArgvW(GetCommandLine(), &numargs); + + for (INT i = 1; i < numargs; i++) { + if (i > 1) + args.append(L" "); + args.append(arga[i]); + } + + LocalFree(arga); + } + + variant_t params = args.c_str(); + + if (SUCCEEDED(registered_task->RunEx(params, TASK_RUN_NO_FLAGS, 0, nullptr, &running_task))) + { + UINT8 count = 3; // try count + + do + { + QThread::msleep(250); + + TASK_STATE state = TASK_STATE_UNKNOWN; + + running_task->Refresh(); + running_task->get_State(&state); + + if ( + state == TASK_STATE_RUNNING || + state == TASK_STATE_READY || + state == TASK_STATE_DISABLED + ) + { + if ( + state == TASK_STATE_RUNNING || + state == TASK_STATE_READY + ) + { + result = true; + } + + break; + } + } while (count--); + + running_task->Release(); + } + } + } + + exec_action->Release (); + } + + action->Release (); + } + + action_collection->Release (); + } + + task->Release (); + } + + registered_task->Release (); + } + + folder->Release (); + } + } + + service->Release (); + } + } + + CoUninitialize (); + } + + return result; +} diff --git a/SandboxiePlus/SandMan/Helpers/WinAdmin.h b/SandboxiePlus/SandMan/Helpers/WinAdmin.h index 6c6a8215..211c1f6b 100644 --- a/SandboxiePlus/SandMan/Helpers/WinAdmin.h +++ b/SandboxiePlus/SandMan/Helpers/WinAdmin.h @@ -10,3 +10,6 @@ bool IsAdminUser(bool OnlyFull = false); bool IsAutorunEnabled(); bool AutorunEnable(bool is_enable); + +bool SkipUacRun(bool test_only = false); +bool SkipUacEnable(bool is_enable); \ No newline at end of file diff --git a/SandboxiePlus/SandMan/Windows/SettingsWindow.cpp b/SandboxiePlus/SandMan/Windows/SettingsWindow.cpp index 7559f36e..2f2f41df 100644 --- a/SandboxiePlus/SandMan/Windows/SettingsWindow.cpp +++ b/SandboxiePlus/SandMan/Windows/SettingsWindow.cpp @@ -433,6 +433,10 @@ CSettingsWindow::CSettingsWindow(QWidget* parent) connect(ui.chkWatchConfig, SIGNAL(stateChanged(int)), this, SLOT(OnOptChanged())); // not sbie ini + connect(ui.chkSkipUAC, SIGNAL(stateChanged(int)), this, SLOT(OnSkipUAC())); + ui.chkSkipUAC->setEnabled(IsElevated()); + m_SkipUACChanged = false; + connect(ui.chkAdminOnly, SIGNAL(stateChanged(int)), this, SLOT(OnProtectionChange())); connect(ui.chkPassRequired, SIGNAL(stateChanged(int)), this, SLOT(OnProtectionChange())); connect(ui.btnSetPassword, SIGNAL(clicked(bool)), this, SLOT(OnSetPassword())); @@ -953,6 +957,7 @@ void CSettingsWindow::LoadSettings() ui.chkMonitorSize->setChecked(theConf->GetBool("Options/WatchBoxSize", false)); ui.chkWatchConfig->setChecked(theConf->GetBool("Options/WatchIni", true)); + ui.chkSkipUAC->setChecked(SkipUacRun(true)); ui.chkScanMenu->setChecked(theConf->GetBool("Options/ScanStartMenu", true)); ui.cmbIntegrateMenu->setCurrentIndex(theConf->GetInt("Options/IntegrateStartMenu", 0)); @@ -1657,6 +1662,8 @@ void CSettingsWindow::SaveSettings() theConf->SetValue("Options/WatchBoxSize", ui.chkMonitorSize->isChecked()); theConf->SetValue("Options/WatchIni", ui.chkWatchConfig->isChecked()); + if (m_SkipUACChanged) + SkipUacEnable(ui.chkSkipUAC->isChecked()); theConf->SetValue("Options/ScanStartMenu", ui.chkScanMenu->isChecked()); int OldIntegrateStartMenu = theConf->GetInt("Options/IntegrateStartMenu", 0); diff --git a/SandboxiePlus/SandMan/Windows/SettingsWindow.h b/SandboxiePlus/SandMan/Windows/SettingsWindow.h index ab11cfa6..058970d7 100644 --- a/SandboxiePlus/SandMan/Windows/SettingsWindow.h +++ b/SandboxiePlus/SandMan/Windows/SettingsWindow.h @@ -88,6 +88,8 @@ private slots: void OnOptChanged(); + void OnSkipUAC() { m_SkipUACChanged = true; OnOptChanged(); } + void OnChangeGUI() { m_bRebuildUI = true; OnOptChanged(); } void OnFeaturesChanged() { m_FeaturesChanged = true; OnGeneralChanged(); } void OnGeneralChanged() { m_GeneralChanged = true; OnOptChanged(); } @@ -176,6 +178,7 @@ protected: bool m_VolumeChanged; bool m_CompatChanged; bool m_RunChanged; + bool m_SkipUACChanged; bool m_ProtectionChanged; bool m_GeneralChanged; bool m_FeaturesChanged; From 70e6c6d492624f3bc019a8f710b82798c985b076 Mon Sep 17 00:00:00 2001 From: DavidXanatos <3890945+DavidXanatos@users.noreply.github.com> Date: Sun, 21 Jul 2024 15:53:52 +0200 Subject: [PATCH 7/7] #4081 --- CHANGELOG.md | 1 + Sandboxie/core/drv/file_flt.c | 2 +- Sandboxie/core/drv/thread.c | 3 ++- Sandboxie/core/drv/util.c | 6 +++--- Sandboxie/core/drv/util.h | 2 +- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 96418479..9cac078d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). - fixed broken "HideFirmwareInfo=y" implementation. - changed reg path to key "HKCU\\System\\SbieCustom", value: "SMBiosTable" - added UI options +- fixed schannel error SEC_E_SECPKG_NOT_FOUND in encrypted sandboxes [#4081](https://github.com/sandboxie-plus/Sandboxie/issues/4081) ### Changed - the certificate format can now take an explicit validity days specification, needed for gapless certificat renewal. diff --git a/Sandboxie/core/drv/file_flt.c b/Sandboxie/core/drv/file_flt.c index 80f6f752..bbfa54fe 100644 --- a/Sandboxie/core/drv/file_flt.c +++ b/Sandboxie/core/drv/file_flt.c @@ -514,7 +514,7 @@ check: // csrss.exe needs access to binaries of starting up processes. // - if (Util_IsCsrssProcess(PsGetCurrentProcessId())) + if (Util_IsSystemProcess(PsGetCurrentProcessId(), "csrss.exe")) break; status = STATUS_ACCESS_DENIED; diff --git a/Sandboxie/core/drv/thread.c b/Sandboxie/core/drv/thread.c index 795f849e..3baebce5 100644 --- a/Sandboxie/core/drv/thread.c +++ b/Sandboxie/core/drv/thread.c @@ -1138,7 +1138,8 @@ _FX ACCESS_MASK Thread_CheckObject_CommonEx( if (protect_process /*&& MyIsProcessRunningAsSystemAccount(cur_pid)*/) { if ((_wcsicmp(nptr, SBIESVC_EXE) == 0) - || Util_IsCsrssProcess(cur_pid) + || Util_IsSystemProcess(cur_pid, "csrss.exe") + || Util_IsSystemProcess(cur_pid, "lsass.exe") || Util_IsProtectedProcess(cur_pid) || (_wcsicmp(nptr, L"conhost.exe") == 0) || (_wcsicmp(nptr, L"taskmgr.exe") == 0) || (_wcsicmp(nptr, L"sandman.exe") == 0)) diff --git a/Sandboxie/core/drv/util.c b/Sandboxie/core/drv/util.c index aa66d147..4df32af7 100644 --- a/Sandboxie/core/drv/util.c +++ b/Sandboxie/core/drv/util.c @@ -566,12 +566,12 @@ retry: //--------------------------------------------------------------------------- -// Util_IsCsrssProcess +// Util_IsSystemProcess //--------------------------------------------------------------------------- NTKERNELAPI PCHAR NTAPI PsGetProcessImageFileName(_In_ PEPROCESS Process); -_FX BOOLEAN Util_IsCsrssProcess(HANDLE pid) +_FX BOOLEAN Util_IsSystemProcess(HANDLE pid, const char* name) { PEPROCESS ProcessObject; NTSTATUS status; @@ -586,7 +586,7 @@ _FX BOOLEAN Util_IsCsrssProcess(HANDLE pid) ImageFileName = PsGetProcessImageFileName(ProcessObject); - ret = (_stricmp(ImageFileName, "csrss.exe") == 0); + ret = (_stricmp(ImageFileName, name) == 0); ObDereferenceObject(ProcessObject); } diff --git a/Sandboxie/core/drv/util.h b/Sandboxie/core/drv/util.h index 364bef42..d769334a 100644 --- a/Sandboxie/core/drv/util.h +++ b/Sandboxie/core/drv/util.h @@ -121,7 +121,7 @@ NTSTATUS MyValidateCertificate(void); HANDLE Util_GetProcessPidByName(const WCHAR* name); -BOOLEAN Util_IsCsrssProcess(HANDLE pid); +BOOLEAN Util_IsSystemProcess(HANDLE pid, const char* name); BOOLEAN Util_IsProtectedProcess(HANDLE pid);