drv kill

CHANGELOG.md

@@ -14,6 +14,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 - added "BlockInterferenceControl=y" option to prevent sandboxed processes from forcing windows on top and moving the mounse pointer (thanks Yeyixiao)
   - Note: this option may cause issues in games hence do not enable it for gaming boxes.
 - added support for hardlinks [#3826](https://github.com/sandboxie-plus/Sandboxie/issues/3826)
+- added mechanism to terminate stuck sandboxed processes from the driver
 
 ### Changed
 - improved Avast template [#3777](https://github.com/sandboxie-plus/Sandboxie/pull/3777)

Sandboxie/core/drv/api_defs.h

@@ -161,6 +161,7 @@ enum {
     API_MONITOR_GET2,
     API_PROTECT_ROOT,
     API_UNPROTECT_ROOT,
+    API_KILL_PROCESS,
 
     API_LAST
 };

Sandboxie/core/drv/process.c

@@ -214,6 +214,7 @@ _FX BOOLEAN Process_Init(void)
     Api_SetFunction(API_QUERY_PROCESS_PATH,   Process_Api_QueryProcessPath);
     Api_SetFunction(API_QUERY_PATH_LIST,      Process_Api_QueryPathList);
     Api_SetFunction(API_ENUM_PROCESSES,       Process_Api_Enum);
+    Api_SetFunction(API_KILL_PROCESS,         Process_Api_Kill);
 
     return TRUE;
 }

Sandboxie/core/drv/process.h

@@ -522,6 +522,8 @@ NTSTATUS Process_Api_QueryPathList(PROCESS *proc, ULONG64 *parms);
 
 NTSTATUS Process_Api_Enum(PROCESS *proc, ULONG64 *parms);
 
+NTSTATUS Process_Api_Kill(PROCESS *proc, ULONG64 *parms);
+
 
 //---------------------------------------------------------------------------
 // Variables

Sandboxie/core/drv/process_api.c

@@ -1126,3 +1126,62 @@ _FX NTSTATUS Process_Api_Enum(PROCESS *proc, ULONG64 *parms)
 
     return status;
 }
+
+
+//---------------------------------------------------------------------------
+// Process_Api_Enum
+//---------------------------------------------------------------------------
+
+
+_FX NTSTATUS Process_Api_Kill(PROCESS *proc, ULONG64 *parms)
+{
+    NTSTATUS status;
+    HANDLE user_pid_parm;
+    HANDLE handle = NULL;
+    PEPROCESS ProcessObject = NULL;
+    PROCESS *proc2;
+
+    //
+    // security check, only service is allowed this call
+    //
+
+    if (proc || (PsGetCurrentProcessId() != Api_ServiceProcessId))
+        return STATUS_NOT_IMPLEMENTED;
+
+    //
+    // first parameter is pid
+    //
+
+    user_pid_parm = (HANDLE)parms[1];
+
+    if (! user_pid_parm)
+        return STATUS_INVALID_CID;
+
+    //
+    // security check, target must be a sandboxed process
+    //
+
+    proc2 = Process_Find(user_pid_parm, NULL);
+    if (! proc2)
+        return STATUS_ACCESS_DENIED;
+
+    //
+    // open process, obtain handle and terminate
+    //
+
+    status = PsLookupProcessByProcessId(user_pid_parm, &ProcessObject);
+
+    if (NT_SUCCESS(status)) {
+
+        status = ObOpenObjectByPointer(ProcessObject, OBJ_KERNEL_HANDLE, NULL, PROCESS_TERMINATE, NULL, KernelMode, &handle);
+        ObDereferenceObject(ProcessObject);
+
+        if (NT_SUCCESS(status)) {
+
+            ZwTerminateProcess(handle, DBG_TERMINATE_PROCESS);
+            ZwClose(handle);
+        }
+    }
+
+    return status;
+}

Sandboxie/core/svc/ProcessServer.cpp

@@ -139,6 +139,10 @@ BOOL ProcessServer::KillProcess(ULONG ProcessId)
             LastError = GetLastError();
         CloseHandle(hProcess);
     }
+
+    if (!ok)
+        ok = NT_SUCCESS(SbieApi_Call(API_KILL_PROCESS, 1, ProcessId));
+
     //WCHAR txt[512]; wsprintf(txt, L"Killing Process Id %d --> %d/%d\n", ProcessId, ok, LastError); OutputDebugString(txt);
     return ok;
 }