drv kill

2024-04-18 20:24:03 +02:00 · 2024-04-18 20:24:03 +02:00 · e3bc36d70d
parent e0f966e865
commit e3bc36d70d
6 changed files with 68 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,6 +14,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 - added "BlockInterferenceControl=y" option to prevent sandboxed processes from forcing windows on top and moving the mounse pointer (thanks Yeyixiao)
  - Note: this option may cause issues in games hence do not enable it for gaming boxes.
 - added support for hardlinks [#3826](https://github.com/sandboxie-plus/Sandboxie/issues/3826)
+- added mechanism to terminate stuck sandboxed processes from the driver

 ### Changed
 - improved Avast template [#3777](https://github.com/sandboxie-plus/Sandboxie/pull/3777)
--- a/Sandboxie/core/drv/api_defs.h
+++ b/Sandboxie/core/drv/api_defs.h
@ -161,6 +161,7 @@ enum {
    API_MONITOR_GET2,
    API_PROTECT_ROOT,
    API_UNPROTECT_ROOT,
+    API_KILL_PROCESS,

    API_LAST
 };
--- a/Sandboxie/core/drv/process.c
+++ b/Sandboxie/core/drv/process.c
@ -214,6 +214,7 @@ _FX BOOLEAN Process_Init(void)
    Api_SetFunction(API_QUERY_PROCESS_PATH,   Process_Api_QueryProcessPath);
    Api_SetFunction(API_QUERY_PATH_LIST,      Process_Api_QueryPathList);
    Api_SetFunction(API_ENUM_PROCESSES,       Process_Api_Enum);
+    Api_SetFunction(API_KILL_PROCESS,         Process_Api_Kill);

    return TRUE;
 }
--- a/Sandboxie/core/drv/process.h
+++ b/Sandboxie/core/drv/process.h
@ -522,6 +522,8 @@ NTSTATUS Process_Api_QueryPathList(PROCESS *proc, ULONG64 *parms);

 NTSTATUS Process_Api_Enum(PROCESS *proc, ULONG64 *parms);

+NTSTATUS Process_Api_Kill(PROCESS *proc, ULONG64 *parms);
+

 //---------------------------------------------------------------------------
 // Variables
--- a/Sandboxie/core/drv/process_api.c
+++ b/Sandboxie/core/drv/process_api.c
@ -1126,3 +1126,62 @@ _FX NTSTATUS Process_Api_Enum(PROCESS *proc, ULONG64 *parms)

    return status;
 }
+
+
+//---------------------------------------------------------------------------
+// Process_Api_Enum
+//---------------------------------------------------------------------------
+
+
+_FX NTSTATUS Process_Api_Kill(PROCESS *proc, ULONG64 *parms)
+{
+    NTSTATUS status;
+    HANDLE user_pid_parm;
+    HANDLE handle = NULL;
+    PEPROCESS ProcessObject = NULL;
+    PROCESS *proc2;
+
+    //
+    // security check, only service is allowed this call
+    //
+
+    if (proc || (PsGetCurrentProcessId() != Api_ServiceProcessId))
+        return STATUS_NOT_IMPLEMENTED;
+
+    //
+    // first parameter is pid
+    //
+
+    user_pid_parm = (HANDLE)parms[1];
+
+    if (! user_pid_parm)
+        return STATUS_INVALID_CID;
+
+    //
+    // security check, target must be a sandboxed process
+    //
+
+    proc2 = Process_Find(user_pid_parm, NULL);
+    if (! proc2)
+        return STATUS_ACCESS_DENIED;
+
+    //
+    // open process, obtain handle and terminate
+    //
+
+    status = PsLookupProcessByProcessId(user_pid_parm, &ProcessObject);
+
+    if (NT_SUCCESS(status)) {
+
+        status = ObOpenObjectByPointer(ProcessObject, OBJ_KERNEL_HANDLE, NULL, PROCESS_TERMINATE, NULL, KernelMode, &handle);
+        ObDereferenceObject(ProcessObject);
+
+        if (NT_SUCCESS(status)) {
+
+            ZwTerminateProcess(handle, DBG_TERMINATE_PROCESS);
+            ZwClose(handle);
+        }
+    }
+
+    return status;
+}
--- a/Sandboxie/core/svc/ProcessServer.cpp
+++ b/Sandboxie/core/svc/ProcessServer.cpp
@ -139,6 +139,10 @@ BOOL ProcessServer::KillProcess(ULONG ProcessId)
            LastError = GetLastError();
        CloseHandle(hProcess);
    }
+
+    if (!ok)
+        ok = NT_SUCCESS(SbieApi_Call(API_KILL_PROCESS, 1, ProcessId));
+
    //WCHAR txt[512]; wsprintf(txt, L"Killing Process Id %d --> %d/%d\n", ProcessId, ok, LastError); OutputDebugString(txt);
    return ok;
 }