diff --git a/CHANGELOG.md b/CHANGELOG.md index e12b6b63..d9f0c0ea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). - added "BlockInterferenceControl=y" option to prevent sandboxed processes from forcing windows on top and moving the mounse pointer (thanks Yeyixiao) - Note: this option may cause issues in games hence do not enable it for gaming boxes. - added support for hardlinks [#3826](https://github.com/sandboxie-plus/Sandboxie/issues/3826) +- added mechanism to terminate stuck sandboxed processes from the driver ### Changed - improved Avast template [#3777](https://github.com/sandboxie-plus/Sandboxie/pull/3777) diff --git a/Sandboxie/core/drv/api_defs.h b/Sandboxie/core/drv/api_defs.h index fa2299a3..35672861 100644 --- a/Sandboxie/core/drv/api_defs.h +++ b/Sandboxie/core/drv/api_defs.h @@ -161,6 +161,7 @@ enum { API_MONITOR_GET2, API_PROTECT_ROOT, API_UNPROTECT_ROOT, + API_KILL_PROCESS, API_LAST }; diff --git a/Sandboxie/core/drv/process.c b/Sandboxie/core/drv/process.c index 047b6f12..7564cffc 100644 --- a/Sandboxie/core/drv/process.c +++ b/Sandboxie/core/drv/process.c @@ -214,6 +214,7 @@ _FX BOOLEAN Process_Init(void) Api_SetFunction(API_QUERY_PROCESS_PATH, Process_Api_QueryProcessPath); Api_SetFunction(API_QUERY_PATH_LIST, Process_Api_QueryPathList); Api_SetFunction(API_ENUM_PROCESSES, Process_Api_Enum); + Api_SetFunction(API_KILL_PROCESS, Process_Api_Kill); return TRUE; } diff --git a/Sandboxie/core/drv/process.h b/Sandboxie/core/drv/process.h index d2441a68..b9087a23 100644 --- a/Sandboxie/core/drv/process.h +++ b/Sandboxie/core/drv/process.h @@ -522,6 +522,8 @@ NTSTATUS Process_Api_QueryPathList(PROCESS *proc, ULONG64 *parms); NTSTATUS Process_Api_Enum(PROCESS *proc, ULONG64 *parms); +NTSTATUS Process_Api_Kill(PROCESS *proc, ULONG64 *parms); + //--------------------------------------------------------------------------- // Variables diff --git a/Sandboxie/core/drv/process_api.c b/Sandboxie/core/drv/process_api.c index 68564429..02bd43e4 100644 --- a/Sandboxie/core/drv/process_api.c +++ b/Sandboxie/core/drv/process_api.c @@ -1126,3 +1126,62 @@ _FX NTSTATUS Process_Api_Enum(PROCESS *proc, ULONG64 *parms) return status; } + + +//--------------------------------------------------------------------------- +// Process_Api_Enum +//--------------------------------------------------------------------------- + + +_FX NTSTATUS Process_Api_Kill(PROCESS *proc, ULONG64 *parms) +{ + NTSTATUS status; + HANDLE user_pid_parm; + HANDLE handle = NULL; + PEPROCESS ProcessObject = NULL; + PROCESS *proc2; + + // + // security check, only service is allowed this call + // + + if (proc || (PsGetCurrentProcessId() != Api_ServiceProcessId)) + return STATUS_NOT_IMPLEMENTED; + + // + // first parameter is pid + // + + user_pid_parm = (HANDLE)parms[1]; + + if (! user_pid_parm) + return STATUS_INVALID_CID; + + // + // security check, target must be a sandboxed process + // + + proc2 = Process_Find(user_pid_parm, NULL); + if (! proc2) + return STATUS_ACCESS_DENIED; + + // + // open process, obtain handle and terminate + // + + status = PsLookupProcessByProcessId(user_pid_parm, &ProcessObject); + + if (NT_SUCCESS(status)) { + + status = ObOpenObjectByPointer(ProcessObject, OBJ_KERNEL_HANDLE, NULL, PROCESS_TERMINATE, NULL, KernelMode, &handle); + ObDereferenceObject(ProcessObject); + + if (NT_SUCCESS(status)) { + + ZwTerminateProcess(handle, DBG_TERMINATE_PROCESS); + ZwClose(handle); + } + } + + return status; +} \ No newline at end of file diff --git a/Sandboxie/core/svc/ProcessServer.cpp b/Sandboxie/core/svc/ProcessServer.cpp index 72c7cc1c..e66bf0ed 100644 --- a/Sandboxie/core/svc/ProcessServer.cpp +++ b/Sandboxie/core/svc/ProcessServer.cpp @@ -139,6 +139,10 @@ BOOL ProcessServer::KillProcess(ULONG ProcessId) LastError = GetLastError(); CloseHandle(hProcess); } + + if (!ok) + ok = NT_SUCCESS(SbieApi_Call(API_KILL_PROCESS, 1, ProcessId)); + //WCHAR txt[512]; wsprintf(txt, L"Killing Process Id %d --> %d/%d\n", ProcessId, ok, LastError); OutputDebugString(txt); return ok; }