mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

1.1.1

This commit is contained in:
DavidXanatos 2022-06-05 21:41:34 +02:00
parent 062956105e
commit e3592435ba
11 changed files with 245 additions and 584 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@ -34,6 +34,9 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- fixed issues with box grouping [#1921](https://github.com/sandboxie-plus/Sandboxie/issues/1921) [#1920](https://github.com/sandboxie-plus/Sandboxie/issues/1920)
- fixed issues when changing language [#1914](https://github.com/sandboxie-plus/Sandboxie/issues/1914)
- fixed issue with BreakoutFodler [#1908](https://github.com/sandboxie-plus/Sandboxie/issues/1908)
- fixed issue with sbiedll.dll for x86 exception handling
- fixed issues with application specific hives (RegLoadAppKey) affecting Visual Studio [#1576](https://github.com/sandboxie-plus/Sandboxie/issues/1576)

552
Sandboxie/common/NtCRT/x86/except_handler3.asm
View File

@ -1,552 +0,0 @@
;----------------------------------------------------------------------------
; __except_handler3 support routine is not longer available on ntdll.lib
;
; this is a copy of __except_handler3 procedure and required procedures from
; the c:\WinDDK\7600.16385.1\lib\wnet\i386\ntdll.lib
;
;----------------------------------------------------------------------------
.386
_TEXT segment use32 para public 'CODE'
public __except_handler3
;__except_handler3 proc near
push esi
inc ebx
xor dh,byte ptr [eax]
pop eax
inc ebx
xor byte ptr [eax],dh
__except_handler3:
push ebp
mov ebp,esp
sub esp,8
push ebx
push esi
push edi
push ebp
cld
mov ebx,dword ptr [ebp+0Ch]
mov eax,dword ptr [ebp+8]
test dword ptr [eax+4],6
nop ; 00
jne _lh_unwinding
mov dword ptr [ebp-8],eax
mov eax,dword ptr [ebp+10h]
mov dword ptr [ebp-4],eax
lea eax,[ebp-8]
mov dword ptr [ebx-4],eax
mov esi,dword ptr [ebx+0Ch]
mov edi,dword ptr [ebx+8]
push ebx
call __ValidateEH3RN
add esp,4
or eax,eax
je _lh_abort
_lh_top:
cmp esi,0FFFFFFFFh
je _lh_bagit
lea ecx,[esi+esi*2]
mov eax,dword ptr [edi+ecx*4+4]
or eax,eax
je _lh_continue
push esi
push ebp
lea ebp,[ebx+10h]
xor ebx,ebx
xor ecx,ecx
xor edx,edx
xor esi,esi
xor edi,edi
call eax
pop ebp
pop esi
mov ebx,dword ptr [ebp+0Ch]
or eax,eax
je _lh_continue
js _lh_dismiss
mov edi,dword ptr [ebx+8]
push ebx
call __global_unwind2
add esp,4
lea ebp,[ebx+10h]
push esi
push ebx
call __local_unwind2
add esp,8
lea ecx,[esi+esi*2]
push 1
mov eax,dword ptr [edi+ecx*4+8]
call __NLG_Notify
mov eax,dword ptr [edi+ecx*4]
mov dword ptr [ebx+0Ch],eax
mov eax,dword ptr [edi+ecx*4+8]
xor ebx,ebx
xor ecx,ecx
xor edx,edx
xor esi,esi
xor edi,edi
call eax
_lh_continue:
mov edi,dword ptr [ebx+8]
lea ecx,[esi+esi*2]
mov esi,dword ptr [edi+ecx*4]
jmp _lh_top
_lh_dismiss:
mov eax,0
jmp _lh_return
_lh_abort:
mov eax,dword ptr [ebp+8]
or dword ptr [eax+4],8
_lh_bagit:
mov eax,1
jmp _lh_return
_lh_unwinding:
push ebp
lea ebp,[ebx+10h]
push 0FFFFFFFFh
push ebx
call __local_unwind2
add esp,8
pop ebp
mov eax,1
_lh_return:
pop ebp
pop edi
pop esi
pop ebx
mov esp,ebp
pop ebp
ret
__seh_longjmp_unwind@4:
push ebp
mov ecx,dword ptr [esp+8]
mov ebp,dword ptr [ecx]
mov eax,dword ptr [ecx+1Ch]
push eax
mov eax,dword ptr [ecx+18h]
push eax
call __local_unwind2
add esp,8
pop ebp
ret 4
;__except_handler3 endp
EXTERN _RtlUnwind@16 : PROC
;__global_unwind2 proc near
__global_unwind2:
push ebp
mov ebp,esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset _gu_return
push dword ptr [ebp+8]
;call P_RtlUnwind
call _RtlUnwind@16 ; call it from ntdll.lib
_gu_return:
pop ebp
pop edi
pop esi
pop ebx
mov esp,ebp
pop ebp
ret
__unwind_handler:
mov ecx,dword ptr [esp+4]
test dword ptr [ecx+4],6
nop ; 00
mov eax,1
je _uh_return
mov eax,dword ptr [esp+14h]
push ebp
mov ebp,dword ptr [eax+10h]
mov edx,dword ptr [eax+28h]
push edx
mov edx,dword ptr [eax+24h]
push edx
call __local_unwind2
add esp,8
pop ebp
mov eax,dword ptr [esp+8]
mov edx,dword ptr [esp+10h]
mov dword ptr [edx],eax
mov eax,3
_uh_return:
ret
__local_unwind2:
push ebx
push esi
push edi
mov eax,dword ptr [esp+10h]
push ebp
push eax
push 0FFFFFFFEh
push offset __unwind_handler
push dword ptr fs:[0]
nop ; 00
mov dword ptr fs:[0],esp
nop ; 00
_lu_top:
mov eax,dword ptr [esp+24h]
mov ebx,dword ptr [eax+8]
mov esi,dword ptr [eax+0Ch]
cmp esi,0FFFFFFFFh
je _lu_done
cmp dword ptr [esp+28h],0FFFFFFFFh
je _continue_
cmp esi,dword ptr [esp+28h]
jbe _lu_done
_continue_:
lea esi,[esi+esi*2]
mov ecx,dword ptr [ebx+esi*4]
mov dword ptr [esp+8],ecx
mov dword ptr [eax+0Ch],ecx
cmp dword ptr [ebx+esi*4+4],0
jne __NLG_Return2
push 101h
mov eax,dword ptr [ebx+esi*4+8]
call __NLG_Notify
call dword ptr [ebx+esi*4+8]
__NLG_Return2:
jmp _lu_top
_lu_done:
pop dword ptr fs:[0]
nop ; 00
add esp,10h
pop edi
pop esi
pop ebx
ret
__abnormal_termination:
xor eax,eax
mov ecx,dword ptr fs:[0]
nop ; 00
cmp dword ptr [ecx+4],offset __unwind_handler
nop ; 00
jne _at_done
mov edx,dword ptr [ecx+0Ch]
mov edx,dword ptr [edx+0Ch]
cmp dword ptr [ecx+8],edx
jne _at_done
mov eax,1
_at_done:
ret
__NLG_Notify1:
push ebx
push ecx
mov ebx,offset __NLG_Destination
jmp __NLG_Go
__NLG_Notify:
push ebx
push ecx
mov ebx,offset __NLG_Destination
mov ecx,dword ptr [ebp+8]
__NLG_Go:
mov dword ptr [ebx+8],ecx
mov dword ptr [ebx+4],eax
mov dword ptr [ebx+0Ch],ebp
push ebp
push ecx
push eax
__NLG_Dispatch:
pop eax
pop ecx
pop ebp
pop ecx
pop ebx
ret 4
;__global_unwind2 endp
EXTERN _NtQueryVirtualMemory@24: PROC
;__ValidateEH3RN proc near
__ValidateEH3RN:
mov edi,edi
push ebp
mov ebp,esp
sub esp,20h
push ebx
push esi
mov esi,dword ptr [ebp+8]
mov ebx,dword ptr [esi+8]
test bl,3
jne label01
mov eax,dword ptr fs:[00000004h]
mov dword ptr [ebp+8],eax
mov eax,dword ptr fs:[00000008h]
mov dword ptr [ebp-4],eax
cmp ebx,dword ptr [ebp-4]
jb label02
cmp ebx,dword ptr [ebp+8]
jae label02
label01:
xor eax,eax
jmp label03
label02:
push edi
mov edi,dword ptr [esi+0Ch]
cmp edi,0FFFFFFFFh
jne label04
xor eax,eax
inc eax
jmp label05
label04:
xor edx,edx
mov dword ptr [ebp+8],edx
mov eax,ebx
label30:
mov ecx,dword ptr [eax]
cmp ecx,0FFFFFFFFh
je label06
cmp ecx,edx
jae label07
label06:
cmp dword ptr [eax+4],0
je label10
inc dword ptr [ebp+8]
label10:
inc edx
add eax,0Ch
cmp edx,edi
jbe label30
cmp dword ptr [ebp+8],0
je label11
mov eax,dword ptr [esi-8]
cmp eax,dword ptr [ebp-4]
jb label07
cmp eax,esi
jae label07
label11:
mov ecx,dword ptr [_nValidPages]
mov esi,ebx
and esi,0FFFFF000h
xor eax,eax
test ecx,ecx
jle label08
label12:
cmp dword ptr _rgValidPages[eax*4],esi
nop ; 00
je label09
inc eax
cmp eax,ecx
jl label12
label08:
lea eax,[ebp+8]
push eax
push 1Ch
lea eax,[ebp-20h]
push eax
push 0
push ebx
or edi,0FFFFFFFFh
push edi
;call _NtQueryVirtualMemory
call _NtQueryVirtualMemory@24 ; call it from ntdll.lib
test eax,eax
jl label13
mov eax,dword ptr [ebp+8]
jmp label14
xor eax,eax
label07:
jmp label05
test eax,eax
label09:
jle label15
xor edx,edx
mov ebx,offset _lModifying
inc edx
mov edi,ebx
xchg edx,dword ptr [edi]
test edx,edx
jne label15
cmp dword ptr _rgValidPages[eax*4],esi
nop ; 00
je label15
lea eax,[ecx-1]
test eax,eax
jl label16
label18:
cmp dword ptr _rgValidPages[eax*4],esi
nop ; 00
je label17
dec eax
jns label18
label17:
test eax,eax
jge label19
cmp ecx,10h
label16:
jge label20
inc ecx
mov dword ptr [_nValidPages],ecx
label20:
lea eax,[ecx-1]
jmp label15
label19:
je label21
label15:
xor edx,edx
test eax,eax
jl label21
label22:
lea ecx,_rgValidPages[edx*4]
nop ; 00
mov edi,dword ptr [ecx]
inc edx
cmp edx,eax
mov dword ptr [ecx],esi
mov esi,edi
jle label22
label21:
xor eax,eax
xchg eax,dword ptr [ebx]
jmp label15
label13:
xor eax,eax
label14:
test eax,eax
je label23
cmp dword ptr [ebp-8],1000000h
nop ; 01
jne label23
test byte ptr [ebp-0Ch],0CCh
je label0
mov ecx,dword ptr [ebp-1Ch]
cmp word ptr [ecx],5A4Dh
jne label23
mov eax,dword ptr [ecx+3Ch]
add eax,ecx
cmp dword ptr [eax],4550h
jne label23
cmp word ptr [eax+18h],10Bh
jne label23
sub ebx,ecx
cmp word ptr [eax+6],0
movzx ecx,word ptr [eax+14h]
lea ecx,[ecx+eax+18h]
jbe label23
mov eax,dword ptr [ecx+0Ch]
cmp ebx,eax
jb label0
mov edx,dword ptr [ecx+8]
add edx,eax
cmp ebx,edx
jae label0
test byte ptr [ecx+27h],80h
jne label07
label0:
xor eax,eax
inc eax
mov ecx,eax
mov edx,offset _lModifying
xchg ecx,dword ptr [edx]
test ecx,ecx
jne label05
mov ecx,dword ptr [_nValidPages]
test ecx,ecx
mov edx,ecx
jle label24
lea eax,_rgValidPages[ecx*4+0FFFFFFFCh]
nop ; FF
label25:
cmp dword ptr [eax],esi
je label24
dec edx
sub eax,4
test edx,edx
jg label25
label24:
test edx,edx
jne label26
push 0Fh
pop ebx
cmp ecx,ebx
jg label27
mov ebx,ecx
label27:
xor edx,edx
test ebx,ebx
jl label28
label29:
lea eax,_rgValidPages[edx*4]
nop ; 00
mov edi,dword ptr [eax]
inc edx
cmp edx,ebx
mov dword ptr [eax],esi
mov esi,edi
jle label29
label28:
cmp ecx,10h
jge label26
inc ecx
mov dword ptr [_nValidPages],ecx
label26:
xor eax,eax
mov ecx,offset _lModifying
xchg eax,dword ptr [ecx]
jmp label15
label23:
mov eax,edi
label05:
pop edi
label03:
pop esi
pop ebx
leave
ret
;__ValidateEH3RN endp
_TEXT ends
.model flat
.data
; Global variables for __NLG_Destination
;typedef struct {
; unsigned long dwSig;
; unsigned long uoffDestination;
; unsigned long dwCode;
; unsigned long uoffFramePointer;
;} _NLG_INFO;
;_NLG_INFO _NLG_Destination = { 0x019930520, 0, 0, 0 };
__NLG_Destination LABEL DWORD
dd 1 dup (019930520h) ; MAGIC_NUMBER1
dd 1 dup (0)
dd 1 dup (0)
dd 1 dup (0)
public __NLG_Destination
; Global variables for __ValidateEH3RN
;INT _nValidPages = 0;
_nValidPages LABEL DWORD
dd 1 dup (0)
public _nValidPages
;PVOID _rgValidPages[0x10] = { NULL };
_rgValidPages LABEL DWORD
dd 16 dup (0)
public _rgValidPages
;BOOL _lModifying = FALSE;
_lModifying LABEL DWORD
dd 1 dup (0)
public _lModifying
end

BIN
Sandboxie/common/NtCRT/x86/ntdll/eh3valid_user.obj Normal file
View File

Binary file not shown.

BIN
Sandboxie/common/NtCRT/x86/ntdll/exsup.obj Normal file
View File

Binary file not shown.

BIN
Sandboxie/common/NtCRT/x86/ntdll/exsup2.obj Normal file
View File

Binary file not shown.

BIN
Sandboxie/common/NtCRT/x86/ntdll/exsup3.obj Normal file
View File

Binary file not shown.

34
Sandboxie/common/ntproto.h
View File

@ -531,8 +531,33 @@ typedef NTSTATUS (*P_NtLoadDriver)(
IN PUNICODE_STRING RegistryPath);
typedef NTSTATUS (*P_NtLoadKey)(
IN POBJECT_ATTRIBUTES TargetObjectAttributes,
IN POBJECT_ATTRIBUTES SourceObjectAttributes);
IN POBJECT_ATTRIBUTES KeyObjectAttributes,
IN POBJECT_ATTRIBUTES FileObjectAttributes);
typedef NTSTATUS (*P_NtLoadKey2)(
IN POBJECT_ATTRIBUTES KeyObjectAttributes,
IN POBJECT_ATTRIBUTES FileObjectAttributes,
IN ULONG Flags);
typedef NTSTATUS (*P_NtLoadKey3)(
IN POBJECT_ATTRIBUTES KeyObjectAttributes,
IN POBJECT_ATTRIBUTES FileObjectAttributes,
IN ULONG Flags,
IN PVOID LoadArguments,
IN ULONG LoadArgumentCount,
IN ACCESS_MASK DesiredAccess,
IN HANDLE KeyHandle,
IN ULONG Unkown);
typedef NTSTATUS (*P_NtLoadKeyEx)(
IN POBJECT_ATTRIBUTES TargetKey,
IN POBJECT_ATTRIBUTES SourceFile,
IN ULONG Flags,
IN HANDLE TrustClassKey,
IN PVOID Reserved,
IN PVOID ObjectContext,
IN PVOID CallbackReserved,
OUT PIO_STATUS_BLOCK IoStatusBlock);
typedef NTSTATUS (*P_NtMapViewOfSection)(
IN HANDLE SectionHandle,
@ -897,6 +922,11 @@ typedef NTSTATUS (*P_NtSaveKey)(
IN HANDLE KeyHandle,
IN HANDLE FileHandle);
typedef NTSTATUS (*P_NtSaveKeyEx)(
IN HANDLE KeyHandle,
IN HANDLE FileHandle,
IN ULONG Flags);
typedef NTSTATUS (*P_NtSecureConnectPort)(
OUT PHANDLE ClientPortHandle,
IN PUNICODE_STRING ServerPortName,

27
Sandboxie/core/dll/SboxDll.vcxproj
View File

@ -474,15 +474,6 @@
<Midl Include="pstore.idl" />
</ItemGroup>
<ItemGroup>
<CustomBuild Include="..\..\common\NtCRT\x86\except_handler3.asm">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">true</ExcludedFromBuild>
<FileType>Document</FileType>
<Command Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">ml -c -Cx -nologo -Zi -Zm -Fo$(Configuration)\%(Filename).obj %(FullPath)</Command>
<Outputs Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">%(ProjectDir)$(Configuration)\%(Filename).obj</Outputs>
<Command Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">ml -c -Cx -nologo -Zi -Zm -Fo$(Configuration)\%(Filename).obj %(FullPath)</Command>
<Outputs Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">%(ProjectDir)$(Configuration)\%(Filename).obj</Outputs>
</CustomBuild>
<CustomBuild Include="..\..\common\NtCRT\x64\ntdll.def">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">true</ExcludedFromBuild>
@ -514,6 +505,24 @@
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">true</ExcludedFromBuild>
</None>
</ItemGroup>
<ItemGroup>
<Object Include="..\..\common\NtCRT\x86\ntdll\eh3valid_user.obj">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">true</ExcludedFromBuild>
</Object>
<Object Include="..\..\common\NtCRT\x86\ntdll\exsup.obj">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">true</ExcludedFromBuild>
</Object>
<Object Include="..\..\common\NtCRT\x86\ntdll\exsup2.obj">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">true</ExcludedFromBuild>
</Object>
<Object Include="..\..\common\NtCRT\x86\ntdll\exsup3.obj">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">true</ExcludedFromBuild>
</Object>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>

20
Sandboxie/core/dll/SboxDll.vcxproj.filters
View File

@ -396,6 +396,9 @@
<Filter Include="obj">
<UniqueIdentifier>{05955a21-494a-4624-854e-d7c9b1e33401}</UniqueIdentifier>
</Filter>
<Filter Include="common\ntdll">
<UniqueIdentifier>{3306e464-8b2d-48cb-8d8f-0d222f17e31d}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<Midl Include="pstore.idl">
@ -406,10 +409,21 @@
<CustomBuild Include="util_asm.asm">
<Filter>hook</Filter>
</CustomBuild>
<CustomBuild Include="..\..\common\NtCRT\x86\except_handler3.asm">
<Filter>common</Filter>
</CustomBuild>
<CustomBuild Include="..\..\common\NtCRT\x64\ntdll.def" />
<CustomBuild Include="..\..\common\NtCRT\x86\ntdll.def" />
</ItemGroup>
<ItemGroup>
<Object Include="..\..\common\NtCRT\x86\ntdll\eh3valid_user.obj">
<Filter>common\ntdll</Filter>
</Object>
<Object Include="..\..\common\NtCRT\x86\ntdll\exsup.obj">
<Filter>common\ntdll</Filter>
</Object>
<Object Include="..\..\common\NtCRT\x86\ntdll\exsup2.obj">
<Filter>common\ntdll</Filter>
</Object>
<Object Include="..\..\common\NtCRT\x86\ntdll\exsup3.obj">
<Filter>common\ntdll</Filter>
</Object>
</ItemGroup>
</Project>

181
Sandboxie/core/dll/key.c
View File

@ -248,13 +248,32 @@ static NTSTATUS Key_NtNotifyChangeMultipleKeys(
static NTSTATUS Key_NtRenameKey(
HANDLE KeyHandle, UNICODE_STRING *ReplacementName);
static NTSTATUS Key_NtSaveKey(
HANDLE KeyHandle, HANDLE FileHandle);
static NTSTATUS Key_NtSaveKeyEx(
HANDLE KeyHandle, HANDLE FileHandle, ULONG Flags);
static NTSTATUS Key_NtLoadKey(
OBJECT_ATTRIBUTES *TargetObjectAttributes,
OBJECT_ATTRIBUTES *SourceObjectAttributes);
static NTSTATUS Key_NtLoadKey2(
OBJECT_ATTRIBUTES *TargetObjectAttributes,
OBJECT_ATTRIBUTES *SourceObjectAttributes, ULONG Flags);
static NTSTATUS Key_NtLoadKey3(
OBJECT_ATTRIBUTES *TargetObjectAttributes,
OBJECT_ATTRIBUTES *SourceObjectAttributes, ULONG Flags,
PVOID LoadArguments, ULONG LoadArgumentCount, ACCESS_MASK DesiredAccess, HANDLE KeyHandle, ULONG Unkown);
static NTSTATUS Key_NtLoadKeyEx(
OBJECT_ATTRIBUTES *TargetObjectAttributes,
OBJECT_ATTRIBUTES *SourceObjectAttributes, ULONG Flags,
HANDLE TrustClassKey, PVOID Reserved, PVOID ObjectContext, PVOID CallbackReserved, PIO_STATUS_BLOCK IoStatusBlock);
NTSTATUS File_NtCloseImpl(HANDLE FileHandle);
//---------------------------------------------------------------------------
@ -274,8 +293,13 @@ static P_NtQueryMultipleValueKey __sys_NtQueryMultipleValueKey = NULL;
static P_NtNotifyChangeKey __sys_NtNotifyChangeKey = NULL;
static P_NtNotifyChangeMultipleKeys __sys_NtNotifyChangeMultipleKeys= NULL;
static P_NtRenameKey __sys_NtRenameKey = NULL;
static P_NtSaveKey __sys_NtSaveKey = NULL;
static P_NtSaveKeyEx __sys_NtSaveKeyEx = NULL;
static P_NtLoadKey __sys_NtLoadKey = NULL;
static P_NtLoadKey2 __sys_NtLoadKey2 = NULL;
static P_NtLoadKey3 __sys_NtLoadKey3 = NULL;
static P_NtLoadKeyEx __sys_NtLoadKeyEx = NULL;
//---------------------------------------------------------------------------
@ -353,8 +377,6 @@ BOOLEAN Key_Delete_v2 = FALSE;
_FX BOOLEAN Key_Init(void)
{
void *NtRenameKey;
void *NtOpenKeyEx;
InitializeCriticalSection(&Key_Handles_CritSec);
@ -394,21 +416,41 @@ _FX BOOLEAN Key_Init(void)
SBIEDLL_HOOK(Key_,NtQueryMultipleValueKey);
SBIEDLL_HOOK(Key_,NtNotifyChangeKey);
SBIEDLL_HOOK(Key_,NtNotifyChangeMultipleKeys);
SBIEDLL_HOOK(Key_,NtSaveKey);
SBIEDLL_HOOK(Key_,NtLoadKey);
Dll_OsBuild = 2000; // Windows 2000
NtRenameKey = GetProcAddress(Dll_Ntdll, "NtRenameKey");
void* NtRenameKey = GetProcAddress(Dll_Ntdll, "NtRenameKey");
if (NtRenameKey) {
SBIEDLL_HOOK(Key_,NtRenameKey);
}
NtOpenKeyEx = GetProcAddress(Dll_Ntdll, "NtOpenKeyEx");
void* NtOpenKeyEx = GetProcAddress(Dll_Ntdll, "NtOpenKeyEx");
if (NtOpenKeyEx) {
SBIEDLL_HOOK(Key_, NtOpenKeyEx);
}
if (!Dll_CompartmentMode) {
SBIEDLL_HOOK(Key_, NtSaveKey);
void* NtSaveKeyEx = GetProcAddress(Dll_Ntdll, "NtSaveKeyEx");
if (NtSaveKeyEx) {
SBIEDLL_HOOK(Key_,NtSaveKeyEx);
}
SBIEDLL_HOOK(Key_, NtLoadKey);
void* NtLoadKey2 = GetProcAddress(Dll_Ntdll, "NtLoadKey2");
if (NtLoadKey2) {
SBIEDLL_HOOK(Key_,NtLoadKey2);
}
void* NtLoadKey3 = GetProcAddress(Dll_Ntdll, "NtLoadKey3");
if (NtLoadKey3) {
SBIEDLL_HOOK(Key_,NtLoadKey3);
}
void* NtLoadKeyEx = GetProcAddress(Dll_Ntdll, "NtLoadKeyEx");
if (NtLoadKeyEx) {
SBIEDLL_HOOK(Key_,NtLoadKeyEx);
}
}
Dll_OsBuild = GET_PEB_IMAGE_BUILD;
return TRUE;
}
@ -1280,12 +1322,19 @@ _FX NTSTATUS Key_NtCreateKeyImpl(
#define KEY_READ_WOW64 (KEY_READ | \
(DesiredAccess & (KEY_WOW64_32KEY | KEY_WOW64_64KEY)))
RtlInitUnicodeString(&objname, TruePath);
objattrs.SecurityDescriptor = ObjectAttributes->SecurityDescriptor;
//
// Application specific hives are loaded under \REGISTRY\A\ and can not be enumerated, or opened by name.
// MSDN: All operations on hives loaded by RegLoadAppKey have to be performed relative to the handle returned.
// So it is not possible to use TruePath but we can use the original handle relative ObjectAttributes here instead.
//
//RtlInitUnicodeString(&objname, TruePath);
//objattrs.SecurityDescriptor = ObjectAttributes->SecurityDescriptor;
if (CreateOptions == tzuk) {
status = __sys_NtOpenKey(KeyHandle, DesiredAccess, &objattrs);
//status = __sys_NtOpenKey(KeyHandle, DesiredAccess, &objattrs);
status = __sys_NtOpenKey(KeyHandle, DesiredAccess, ObjectAttributes);
if (status == STATUS_ACCESS_DENIED &&
DesiredAccess == MAXIMUM_ALLOWED) {
@ -1296,8 +1345,11 @@ _FX NTSTATUS Key_NtCreateKeyImpl(
} else {
//status = __sys_NtCreateKey(
// KeyHandle, DesiredAccess, &objattrs,
// TitleIndex, Class, CreateOptions, Disposition);
status = __sys_NtCreateKey(
KeyHandle, DesiredAccess, &objattrs,
KeyHandle, DesiredAccess, ObjectAttributes,
TitleIndex, Class, CreateOptions, Disposition);
if (status == STATUS_ACCESS_DENIED &&
@ -4486,11 +4538,24 @@ _FX NTSTATUS Key_NtSaveKey(
//---------------------------------------------------------------------------
// Key_NtLoadKey
// Key_NtSaveKeyEx
//---------------------------------------------------------------------------
_FX NTSTATUS Key_NtLoadKey(
_FX NTSTATUS Key_NtSaveKeyEx(
HANDLE KeyHandle, HANDLE FileHandle, ULONG Flags)
{
SbieApi_Log(2205, L"NtSaveKeyEx");
return STATUS_SUCCESS;
}
//---------------------------------------------------------------------------
// Key_NtLoadKeyImpl
//---------------------------------------------------------------------------
_FX NTSTATUS Key_NtLoadKeyImpl(
OBJECT_ATTRIBUTES *TargetObjectAttributes,
OBJECT_ATTRIBUTES *SourceObjectAttributes)
{
@ -4504,10 +4569,6 @@ _FX NTSTATUS Key_NtLoadKey(
HANDLE FileHandle;
FILE_LOAD_KEY_REQ *req;
status = __sys_NtLoadKey(TargetObjectAttributes, SourceObjectAttributes);
if (status != STATUS_PRIVILEGE_NOT_HELD)
return status;
//
// get the full paths for the registry key and hive file
//
@ -4605,6 +4666,90 @@ _FX NTSTATUS Key_NtLoadKey(
}
//---------------------------------------------------------------------------
// Key_NtLoadKey
//---------------------------------------------------------------------------
_FX NTSTATUS Key_NtLoadKey(
OBJECT_ATTRIBUTES *TargetObjectAttributes,
OBJECT_ATTRIBUTES *SourceObjectAttributes)
{
NTSTATUS status;
status = __sys_NtLoadKey(TargetObjectAttributes, SourceObjectAttributes);
if (status != STATUS_PRIVILEGE_NOT_HELD)
return status;
return Key_NtLoadKeyImpl(TargetObjectAttributes, SourceObjectAttributes);
}
//---------------------------------------------------------------------------
// Key_NtLoadKey2
//---------------------------------------------------------------------------
_FX NTSTATUS Key_NtLoadKey2(
OBJECT_ATTRIBUTES *TargetObjectAttributes,
OBJECT_ATTRIBUTES *SourceObjectAttributes, ULONG Flags)
{
NTSTATUS status;
status = __sys_NtLoadKey2(TargetObjectAttributes, SourceObjectAttributes, Flags);
if (status != STATUS_PRIVILEGE_NOT_HELD)
return status;
return Key_NtLoadKeyImpl(TargetObjectAttributes, SourceObjectAttributes);
}
//---------------------------------------------------------------------------
// Key_NtLoadKey3
//---------------------------------------------------------------------------
_FX NTSTATUS Key_NtLoadKey3(
OBJECT_ATTRIBUTES *TargetObjectAttributes,
OBJECT_ATTRIBUTES *SourceObjectAttributes, ULONG Flags,
PVOID LoadArguments, ULONG LoadArgumentCount, ACCESS_MASK DesiredAccess, HANDLE KeyHandle, ULONG Unkown)
{
NTSTATUS status;
status = __sys_NtLoadKey3(TargetObjectAttributes, SourceObjectAttributes, Flags,
LoadArguments, LoadArgumentCount, DesiredAccess, KeyHandle, Unkown);
if (status != STATUS_PRIVILEGE_NOT_HELD)
return status;
//return Key_NtLoadKeyImpl(TargetObjectAttributes, SourceObjectAttributes);
SbieApi_Log(2205, L"NtLoadKey3");
return STATUS_SUCCESS;
}
//---------------------------------------------------------------------------
// Key_NtLoadKeyEx
//---------------------------------------------------------------------------
_FX NTSTATUS Key_NtLoadKeyEx(
OBJECT_ATTRIBUTES *TargetObjectAttributes,
OBJECT_ATTRIBUTES *SourceObjectAttributes, ULONG Flags,
HANDLE TrustClassKey, PVOID Reserved, PVOID ObjectContext, PVOID CallbackReserved, PIO_STATUS_BLOCK IoStatusBlock)
{
NTSTATUS status;
status = __sys_NtLoadKeyEx(TargetObjectAttributes, SourceObjectAttributes, Flags,
TrustClassKey, Reserved, ObjectContext, CallbackReserved, IoStatusBlock);
if (status != STATUS_PRIVILEGE_NOT_HELD)
return status;
//return Key_NtLoadKeyImpl(TargetObjectAttributes, SourceObjectAttributes);
SbieApi_Log(2205, L"NtLoadKeyEx");
return STATUS_SUCCESS;
}
//---------------------------------------------------------------------------
// Key_NtQueryObjectName
//---------------------------------------------------------------------------

12
Sandboxie/core/drv/key.c
View File

@ -247,6 +247,13 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
NULL
};
#endif
static const WCHAR *openkeys[] = {
// Application Hives
// https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regloadappkeya
// https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/filtering-registry-operations-on-application-hives
L"\\REGISTRY\\A\\*",
NULL
};
BOOLEAN ok;
@ -297,6 +304,11 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
}
}
for (i = 0; openkeys[i] && ok; ++i) {
ok = Process_AddPath(
proc, &proc->open_key_paths, NULL, TRUE, openkeys[i], FALSE);
}
//
// closed paths
//