breakout fixes

2022-01-31 11:24:04 +01:00 · 2022-01-31 11:24:04 +01:00 · ec5b682663
parent bdf7b94baa
commit ec5b682663
4 changed files with 28 additions and 15 deletions
--- a/Installer/Sandboxie-Plus.iss
+++ b/Installer/Sandboxie-Plus.iss
@ -30,7 +30,7 @@ AllowNoIcons=yes
 AlwaysRestart=no
 LicenseFile=.\license.txt
 UsedUserAreasWarning=no
-VersionInfoCopyright=Copyright (C) 2020-2021 by David Xanatos (xanasoft.com)
+VersionInfoCopyright=Copyright (C) 2020-2022 by David Xanatos (xanasoft.com)
 VersionInfoVersion={#MyAppVersion}

 ; Handled in code section as always want DirPage for portable mode.
@ -117,7 +117,7 @@ Filename: "{app}\KmdUtil.exe"; Parameters: "install SbieSvc ""{app}\SbieSvc.exe"
 Filename: "{app}\KmdUtil.exe"; Parameters: "start SbieSvc"; StatusMsg: "KmdUtil start SbieSvc"; Check: not IsPortable

 ; Start the Sandman UI.
-Filename: "{app}\SandMan.exe"; Parameters: "-autorun"; StatusMsg: "Launch SandMan UI..."; Flags: postinstall nowait; Check: (not IsPortable) and (not WizardSilent)
+Filename: "{app}\SandMan.exe"; StatusMsg: "Launch SandMan UI..."; Flags: postinstall nowait; Check: (not IsPortable) and (not WizardSilent)
 ;Filename: "{app}\SandMan.exe"; Parameters: "-autorun"; StatusMsg: "Launch SandMan UI..."; Flags: runasoriginaluser nowait; Check: not IsPortable


--- a/Installer/license.txt
+++ b/Installer/license.txt
@ -1,4 +1,4 @@
-Copyright 2020 - 2021 David Xanatos (xanasoft.com)
+Copyright 2020 - 2022 David Xanatos (xanasoft.com)

 This software is provided under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License

--- a/Sandboxie/core/dll/proc.c
+++ b/Sandboxie/core/dll/proc.c
@ -941,21 +941,24 @@ _FX BOOL Proc_CreateProcessInternalW(
    // check if this is a break out candidate
    //

-    if(lpApplicationName && lpCommandLine) {
+    if(lpApplicationName) {
        const WCHAR* lpProgram = wcsrchr(lpApplicationName, L'\\');
        if (lpProgram) {
            if (SbieDll_CheckStringInList(lpProgram + 1, NULL, L"BreakoutProcess")
                || SbieDll_CheckPatternInList(lpApplicationName, (ULONG)(lpProgram - lpApplicationName),  NULL, L"BreakoutFolder")) {
                
-                const WCHAR* lpArguments;
-                if (lpCommandLine[0] == L'\"') {
-                    lpArguments = wcschr(lpCommandLine + 1, L'\"');
-                    if (lpArguments) lpArguments++; // skip "
-                } else
-                    lpArguments = wcschr(lpCommandLine, L' ');
-                if(!lpArguments) lpArguments = wcschr(lpCommandLine, L'\0');
+                const WCHAR* lpArguments = NULL;
+                if (lpCommandLine) {
+                    if (lpCommandLine[0] == L'\"') {
+                        lpArguments = wcschr(lpCommandLine + 1, L'\"');
+                        if (lpArguments) lpArguments++; // skip "
+                    }
+                    else
+                        lpArguments = wcschr(lpCommandLine, L' ');
+                    if (!lpArguments) lpArguments = wcschr(lpCommandLine, L'\0');
+                }

-                WCHAR *mybuf = Dll_Alloc((wcslen(lpApplicationName) + 2 + wcslen(lpArguments) + 1) * sizeof(WCHAR));
+                WCHAR *mybuf = Dll_Alloc((wcslen(lpApplicationName) + 2 + (lpArguments ? wcslen(lpArguments) : 0) + 1) * sizeof(WCHAR));
                if (mybuf) {

                    //
@ -967,9 +970,18 @@ _FX BOOL Proc_CreateProcessInternalW(
                    wcscpy(mybuf, L"\"");
                    wcscat(mybuf, lpApplicationName);
                    wcscat(mybuf, L"\"");
-                    wcscat(mybuf, lpArguments);
+                    if(lpArguments)
+                        wcscat(mybuf, lpArguments);

-                    ULONG crflags2 = dwCreationFlags & (CREATE_NO_WINDOW | CREATE_SUSPENDED
+                    if (! lpCurrentDirectory) {
+                        lpCurrentDirectory = Dll_Alloc(sizeof(WCHAR) * 8192);
+                        if (lpCurrentDirectory) {
+                            ((WCHAR*)lpCurrentDirectory)[0] = L'\0';
+                            RtlGetCurrentDirectory_U(sizeof(WCHAR) * 8190, lpCurrentDirectory);
+                        }
+                    }
+
+                    ULONG crflags2 = dwCreationFlags & (CREATE_NO_WINDOW //| CREATE_SUSPENDED 
                        |   HIGH_PRIORITY_CLASS | ABOVE_NORMAL_PRIORITY_CLASS
                        |   BELOW_NORMAL_PRIORITY_CLASS | IDLE_PRIORITY_CLASS
                        |   CREATE_UNICODE_ENVIRONMENT);
--- a/Sandboxie/core/svc/ProcessServer.cpp
+++ b/Sandboxie/core/svc/ProcessServer.cpp
@ -1322,8 +1322,9 @@ BOOL ProcessServer::RunSandboxedDupAndCloseHandles(
    }

    if (ok) {
+        // Note: PROCESS_SUSPEND_RESUME is enough to start a debugging session which will give a full access handle in the first debug event (diversenok)
        DWORD dwRead =  STANDARD_RIGHTS_READ | SYNCHRONIZE |
-                        PROCESS_VM_READ | PROCESS_QUERY_INFORMATION | PROCESS_SUSPEND_RESUME |
+                        PROCESS_VM_READ | PROCESS_QUERY_INFORMATION | //PROCESS_SUSPEND_RESUME | unlike THREAD_SUSPEND_RESUME this one is dangerous
                        PROCESS_QUERY_LIMITED_INFORMATION;
        ok = DuplicateHandle(GetCurrentProcess(), piInput->hProcess,
                             CallerProcessHandle, &piReply->hProcess,