diff --git a/CHANGELOG.md b/CHANGELOG.md index efe12df8..11867785 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,11 +14,12 @@ This project adheres to [Semantic Versioning](http://semver.org/). ### Changed - "UseSbieWndStation=y" is now the default behavioure [#1442](https://github.com/sandboxie-plus/Sandboxie/issues/1442) +- disabled Win32k hooking when HVCI is enabled due to an incompatybility (BSOD) ### Fixed - fixed box initialization issue in privacy mode [#1469](https://github.com/sandboxie-plus/Sandboxie/issues/1469) - fixed issue creating shortcuts introduced in a recent build [#1471](https://github.com/sandboxie-plus/Sandboxie/issues/1471) - +- fixed access issues in privacy enhanced boxes diff --git a/Sandboxie/core/dll/Win32.c b/Sandboxie/core/dll/Win32.c index 29663c1f..355a8a59 100644 --- a/Sandboxie/core/dll/Win32.c +++ b/Sandboxie/core/dll/Win32.c @@ -390,13 +390,11 @@ finish: _FX BOOLEAN Win32_Init(HMODULE hmodule) { // In Windows 10 all Win32k.sys calls are located in win32u.dll - if (Dll_OsBuild < 10041 || !SbieApi_QueryConfBool(NULL, L"EnableWin32kHooks", TRUE)) - return TRUE; // just return on older builds + if (Dll_OsBuild < 10041 || (Dll_ProcessFlags & SBIE_FLAG_WIN32K_HOOKABLE) == 0) + return TRUE; // just return on older builds, or not enabled - // NoSysCallHooks BEGIN - if ((Dll_ProcessFlags & SBIE_FLAG_APP_COMPARTMENT) != 0 || SbieApi_QueryConfBool(NULL, L"NoSysCallHooks", FALSE)) + if ((Dll_ProcessFlags & SBIE_FLAG_APP_COMPARTMENT) != 0 || SbieApi_data->flags.bNoSysHooks) return TRUE; - // NoSysCallHooks END // disable Electron Workaround when we are ready to hook the required win32k syscalls extern BOOL Dll_ElectronWorkaround; diff --git a/Sandboxie/core/dll/custom.c b/Sandboxie/core/dll/custom.c index 0a6ec48f..1cc6b383 100644 --- a/Sandboxie/core/dll/custom.c +++ b/Sandboxie/core/dll/custom.c @@ -72,7 +72,11 @@ _FX BOOLEAN CustomizeSandbox(void) // customize sandbox if we need to // - Key_CreateBaseKeys(); + if ((Dll_ProcessFlags & SBIE_FLAG_PRIVACY_MODE) != 0) { + + Key_CreateBaseKeys(); + Key_CreateBaseFolders(); + } if (GetSetCustomLevel(0) != '2') { diff --git a/Sandboxie/core/dll/dll.h b/Sandboxie/core/dll/dll.h index 3c7e3765..0522b822 100644 --- a/Sandboxie/core/dll/dll.h +++ b/Sandboxie/core/dll/dll.h @@ -501,6 +501,7 @@ void Key_DeleteValueFromCLSID( const WCHAR *Xxxid, const WCHAR *Guid, const WCHAR *ValueName); void Key_CreateBaseKeys(); +void Key_CreateBaseFolders(); //--------------------------------------------------------------------------- // Functions (sxs) diff --git a/Sandboxie/core/dll/dllpath.c b/Sandboxie/core/dll/dllpath.c index 5e440887..9dc3b7bd 100644 --- a/Sandboxie/core/dll/dllpath.c +++ b/Sandboxie/core/dll/dllpath.c @@ -284,6 +284,12 @@ _FX void SbieDll_GetReadablePaths(WCHAR path_code, const WCHAR *path, LIST **lis lists[2] = &Dll_PathListAnchor->read_key_path; lists[3] = NULL; + } else if (path_code == L'i') { + + lists[0] = &Dll_PathListAnchor->normal_ipc_path; + lists[1] = &Dll_PathListAnchor->open_ipc_path; + lists[2] = NULL; + } } @@ -512,7 +518,7 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO int match_len; ULONG level; - BOOLEAN use_rule_specificity = (path_code == L'f' || path_code == L'k') && (Dll_ProcessFlags & SBIE_FLAG_RULE_SPECIFICITY) != 0; + BOOLEAN use_rule_specificity = (path_code == L'f' || path_code == L'k' || path_code == L'i') && (Dll_ProcessFlags & SBIE_FLAG_RULE_SPECIFICITY) != 0; // // set default behavioure @@ -520,13 +526,13 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO level = 3; // 3 - global default - lower is better, 3 is max value match_len = 0; - if ((path_code != L'f' && path_code != L'k') || (Dll_ProcessFlags & SBIE_FLAG_PRIVACY_MODE) == 0) { + if ((path_code == L'f' || path_code == L'k' || path_code == L'i') && (Dll_ProcessFlags & SBIE_FLAG_PRIVACY_MODE) != 0) { - mp_flags = 0; // normal mode + mp_flags = PATH_WRITE_FLAG; // write path mode } else { - mp_flags = PATH_WRITE_FLAG; // write path mode + mp_flags = 0; // normal mode } // diff --git a/Sandboxie/core/dll/file.c b/Sandboxie/core/dll/file.c index 11b5072b..311ebeaa 100644 --- a/Sandboxie/core/dll/file.c +++ b/Sandboxie/core/dll/file.c @@ -341,6 +341,9 @@ static void *File_Wow64DisableWow64FsRedirection = NULL; static void *File_Wow64RevertWow64FsRedirection = NULL; #endif WOW64_FS_REDIR +static WCHAR *File_SysVolume = NULL; +static ULONG File_SysVolumeLen = 0; + static WCHAR *File_AllUsers = NULL; static ULONG File_AllUsersLen = 0; diff --git a/Sandboxie/core/dll/file_dir.c b/Sandboxie/core/dll/file_dir.c index 58abc987..7d221587 100644 --- a/Sandboxie/core/dll/file_dir.c +++ b/Sandboxie/core/dll/file_dir.c @@ -4108,3 +4108,23 @@ _FX void File_UnScrambleShortName(WCHAR* ShortName, ULONG ScramKey) if (ShortName[ShortNameLength - 1] == L'.') ShortName[ShortNameLength-- - 1] = 0; } + + +//--------------------------------------------------------------------------- +// Key_CreateBaseFolders +//--------------------------------------------------------------------------- + + +_FX void Key_CreateBaseFolders() +{ + // + // in privacy mode we need to pre create some folders or else programs may fail + // + + File_CreateBoxedPath(File_SysVolume); + + if (SbieApi_QueryConfBool(NULL, L"SeparateUserFolders", TRUE)) { + File_CreateBoxedPath(File_AllUsers); + File_CreateBoxedPath(File_CurrentUser); + } +} \ No newline at end of file diff --git a/Sandboxie/core/dll/file_init.c b/Sandboxie/core/dll/file_init.c index 8946f267..5d063c2a 100644 --- a/Sandboxie/core/dll/file_init.c +++ b/Sandboxie/core/dll/file_init.c @@ -297,6 +297,9 @@ _FX void File_InitPathList(void) UNICODE_STRING objname; IO_STATUS_BLOCK MyIoStatusBlock; HANDLE handle; + WCHAR *buf, *ptr; + + // why do we do that? RtlInitUnicodeString(&objname, L"\\SystemRoot"); InitializeObjectAttributes( @@ -304,6 +307,26 @@ _FX void File_InitPathList(void) handle = 0; NtOpenFile(&handle, FILE_READ_DATA, &objattrs, &MyIoStatusBlock, FILE_SHARE_VALID_FLAGS, 0); + + // since we do that for some reason lets use it to get the system volume + + const ULONG PATH_BUF_LEN = 1024; + buf = Dll_AllocTemp(PATH_BUF_LEN); + + if (NT_SUCCESS(File_GetFileName(handle, PATH_BUF_LEN, buf)) && (ptr = wcsrchr(buf, L'\\')) != NULL) + ptr[1] = L'\0'; // strip the folder name + else // fallback + wcscpy(buf, L"\\??\\C:\\"); + + File_SysVolumeLen = wcslen(buf); + File_SysVolume = + Dll_Alloc((File_SysVolumeLen + 1) * sizeof(WCHAR)); + wcscpy(File_SysVolume, buf); + + Dll_Free(buf); + + // + if (handle) NtClose(handle); diff --git a/Sandboxie/core/drv/api_flags.h b/Sandboxie/core/drv/api_flags.h index 41bfa480..8883107a 100644 --- a/Sandboxie/core/drv/api_flags.h +++ b/Sandboxie/core/drv/api_flags.h @@ -97,7 +97,8 @@ //#define SBIE_FLAG_BLOCK_FAKE_INPUT 0x00001000 #define SBIE_FLAG_OPEN_ALL_WIN_CLASS 0x00002000 //#define SBIE_FLAG_BLOCK_SYS_PARAM 0x00004000 - //0x00008000 +#define SBIE_FLAG_WIN32K_HOOKABLE 0x00008000 + //0x00010000 //0x00020000 //0x00040000 @@ -106,6 +107,7 @@ //0x00200000 //0x00400000 //0x00800000 + #define SBIE_FLAG_APP_COMPARTMENT 0x01000000 #define SBIE_FLAG_PRIVACY_MODE 0x02000000 #define SBIE_FLAG_RULE_SPECIFICITY 0x04000000 diff --git a/Sandboxie/core/drv/driver.c b/Sandboxie/core/drv/driver.c index e9356b47..3bf2db68 100644 --- a/Sandboxie/core/drv/driver.c +++ b/Sandboxie/core/drv/driver.c @@ -764,18 +764,17 @@ _FX NTSTATUS Driver_Api_Unload(PROCESS *proc, ULONG64 *parms) //--------------------------------------------------------------------------- -// Driver_CheckThirdParty +// Driver_GetRegDword //--------------------------------------------------------------------------- -_FX BOOLEAN Driver_CheckThirdParty( - const WCHAR *DriverName, ULONG DriverType) +_FX ULONG Driver_GetRegDword( + const WCHAR *KeyPath, const WCHAR *ValueName) { NTSTATUS status; RTL_QUERY_REGISTRY_TABLE qrt[2]; UNICODE_STRING uni; ULONG value; - BOOLEAN IsInstalled = FALSE; value = -1; @@ -787,28 +786,25 @@ _FX BOOLEAN Driver_CheckThirdParty( qrt[0].Flags = RTL_QUERY_REGISTRY_REQUIRED | RTL_QUERY_REGISTRY_DIRECT | RTL_QUERY_REGISTRY_NOEXPAND; - qrt[0].Name = (WCHAR *)L"Type"; + qrt[0].Name = (WCHAR *)ValueName; qrt[0].EntryContext = &uni; qrt[0].DefaultType = REG_NONE; status = RtlQueryRegistryValues( - RTL_REGISTRY_SERVICES, DriverName, qrt, NULL, NULL); + RTL_REGISTRY_ABSOLUTE, KeyPath, qrt, NULL, NULL); - if (status == STATUS_SUCCESS) { + if (status != STATUS_SUCCESS) + return 0; - if (value == -1) { + if (value == -1) { - // - // if value is not string, RtlQueryRegistryValues writes - // it directly into EntryContext - // + // + // if value is not string, RtlQueryRegistryValues writes + // it directly into EntryContext + // - value = *(ULONG *)&uni; - } - - if (value == DriverType) - IsInstalled = TRUE; + value = *(ULONG *)&uni; } - return IsInstalled; + return value; } diff --git a/Sandboxie/core/drv/driver.h b/Sandboxie/core/drv/driver.h index 8d874bf7..36aa3b91 100644 --- a/Sandboxie/core/drv/driver.h +++ b/Sandboxie/core/drv/driver.h @@ -104,7 +104,8 @@ extern P_NtSetInformationToken ZwSetInformationToken; NTSTATUS Driver_Api_Unload(PROCESS *proc, ULONG64 *parms); -BOOLEAN Driver_CheckThirdParty(const WCHAR *DriverName, ULONG DriverType); +ULONG Driver_GetRegDword( + const WCHAR *KeyPath, const WCHAR *ValueName); //--------------------------------------------------------------------------- diff --git a/Sandboxie/core/drv/key_xp.c b/Sandboxie/core/drv/key_xp.c index 1265db61..72527e84 100644 --- a/Sandboxie/core/drv/key_xp.c +++ b/Sandboxie/core/drv/key_xp.c @@ -176,11 +176,10 @@ _FX BOOLEAN Key_Init_XpHook(void) return FALSE; Key_ParseHooked = TRUE; - if (Driver_CheckThirdParty(L"klif", SERVICE_KERNEL_DRIVER)) + if (Driver_GetRegDword(L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\" L"klif", L"Type") == SERVICE_KERNEL_DRIVER) Key_HookWaitForSingleObject(); - if (Driver_CheckThirdParty(L"SAVOnAccessControl", - SERVICE_FILE_SYSTEM_DRIVER)) + if (Driver_GetRegDword(L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\" L"SAVOnAccessControl", L"Type") == SERVICE_FILE_SYSTEM_DRIVER) Key_NeverUnmountHives = TRUE; return TRUE; diff --git a/Sandboxie/core/drv/process_api.c b/Sandboxie/core/drv/process_api.c index 6ec9eb2e..2396c0dc 100644 --- a/Sandboxie/core/drv/process_api.c +++ b/Sandboxie/core/drv/process_api.c @@ -380,11 +380,14 @@ _FX NTSTATUS Process_Api_QueryInfo(PROCESS *proc, ULONG64 *parms) if (proc->open_all_win_classes) flags |= SBIE_FLAG_OPEN_ALL_WIN_CLASS; + extern ULONG Syscall_MaxIndex32; + if (Syscall_MaxIndex32 != 0) + flags |= SBIE_FLAG_WIN32K_HOOKABLE; - //if (proc->use_rule_specificity) - // flags |= SBIE_FLAG_RULE_SPECIFICITY; - //if (proc->use_privacy_mode) - // flags |= SBIE_FLAG_PRIVACY_MODE; + if (proc->use_rule_specificity) + flags |= SBIE_FLAG_RULE_SPECIFICITY; + if (proc->use_privacy_mode) + flags |= SBIE_FLAG_PRIVACY_MODE; if (proc->bAppCompartment) flags |= SBIE_FLAG_APP_COMPARTMENT; } diff --git a/Sandboxie/core/drv/syscall.c b/Sandboxie/core/drv/syscall.c index 609f5a08..c933978a 100644 --- a/Sandboxie/core/drv/syscall.c +++ b/Sandboxie/core/drv/syscall.c @@ -221,8 +221,24 @@ _FX BOOLEAN Syscall_Init(void) return FALSE; #ifdef HOOK_WIN32K - // must be windows 10 or later // Don't use experimental features by default - if (Driver_OsBuild >= 10041 && Conf_Get_Boolean(NULL, L"EnableWin32kHooks", 0, TRUE)) { + + // + // Win32k Hooking requirers 10 or later as only thre Win32u.dll is available + // + // Note: Win32k Hooking is not compatible with HVCI causing a BSOD + // KERNEL_SECURITY_CHECK_FAILURE (139) + // A kernel component has corrupted a critical data structure. + // Arguments: + // Arg1: 0000000000000000, A stack-based buffer has been overrun. + // Arg2: 0000000000000000, Address of the trap frame for the exception that caused the bugcheck + // Arg3: 0000000000000000, Address of the exception record for the exception that caused the bugcheck + // Arg4: ffffxxxxxxxxxxxx, Reserved + // + // Note: this feature applied to GdiDdDDI* solves HW Acceleration issues with chromium, hence we enable it if possible + // + + if (Driver_OsBuild >= 10041 && Conf_Get_Boolean(NULL, L"EnableWin32kHooks", 0, TRUE) + && Driver_GetRegDword(L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\DeviceGuard\\Scenarios\\HypervisorEnforcedCodeIntegrity", L"Enabled") == 0) { if (!Syscall_Init_List32()) return FALSE; @@ -1034,10 +1050,10 @@ _FX NTSTATUS Syscall_Api_Query(PROCESS *proc, ULONG64 *parms) SYSCALL_ENTRY *entry; #ifdef HOOK_WIN32K - if (parms[2] == 1) { // win32k + if (parms[2] == 1) { // 1 - win32k return Syscall_Api_Query32(proc, parms); } - else if (parms[2] != 0) { // ntoskrnl + else if (parms[2] != 0) { // 0 - ntoskrnl return STATUS_INVALID_PARAMETER; } #endif diff --git a/Sandboxie/core/drv/syscall_win32.c b/Sandboxie/core/drv/syscall_win32.c index 8378b11c..2dc1f464 100644 --- a/Sandboxie/core/drv/syscall_win32.c +++ b/Sandboxie/core/drv/syscall_win32.c @@ -601,6 +601,9 @@ _FX NTSTATUS Syscall_Api_Query32(PROCESS *proc, ULONG64 *parms) ULONG *ptr; SYSCALL_ENTRY *entry; + if (Syscall_MaxIndex32 == 0) + return STATUS_NOT_IMPLEMENTED; + BOOLEAN add_names = parms[3] != 0; //