From ec5b682663ce2f66744e67e32e3b82ebd264c08f Mon Sep 17 00:00:00 2001
From: DavidXanatos <xanatosdavid@gmail.com>
Date: Mon, 31 Jan 2022 11:24:04 +0100
Subject: [PATCH] breakout fixes

---
 Installer/Sandboxie-Plus.iss         |  4 ++--
 Installer/license.txt                |  2 +-
 Sandboxie/core/dll/proc.c            | 34 +++++++++++++++++++---------
 Sandboxie/core/svc/ProcessServer.cpp |  3 ++-
 4 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/Installer/Sandboxie-Plus.iss b/Installer/Sandboxie-Plus.iss
index f0034bf6..11f5796c 100644
--- a/Installer/Sandboxie-Plus.iss
+++ b/Installer/Sandboxie-Plus.iss
@@ -30,7 +30,7 @@ AllowNoIcons=yes
 AlwaysRestart=no
 LicenseFile=.\license.txt
 UsedUserAreasWarning=no
-VersionInfoCopyright=Copyright (C) 2020-2021 by David Xanatos (xanasoft.com)
+VersionInfoCopyright=Copyright (C) 2020-2022 by David Xanatos (xanasoft.com)
 VersionInfoVersion={#MyAppVersion}
 
 ; Handled in code section as always want DirPage for portable mode.
@@ -117,7 +117,7 @@ Filename: "{app}\KmdUtil.exe"; Parameters: "install SbieSvc ""{app}\SbieSvc.exe"
 Filename: "{app}\KmdUtil.exe"; Parameters: "start SbieSvc"; StatusMsg: "KmdUtil start SbieSvc"; Check: not IsPortable
 
 ; Start the Sandman UI.
-Filename: "{app}\SandMan.exe"; Parameters: "-autorun"; StatusMsg: "Launch SandMan UI..."; Flags: postinstall nowait; Check: (not IsPortable) and (not WizardSilent)
+Filename: "{app}\SandMan.exe"; StatusMsg: "Launch SandMan UI..."; Flags: postinstall nowait; Check: (not IsPortable) and (not WizardSilent)
 ;Filename: "{app}\SandMan.exe"; Parameters: "-autorun"; StatusMsg: "Launch SandMan UI..."; Flags: runasoriginaluser nowait; Check: not IsPortable
 
 
diff --git a/Installer/license.txt b/Installer/license.txt
index ec49a37c..9632afb0 100644
--- a/Installer/license.txt
+++ b/Installer/license.txt
@@ -1,4 +1,4 @@
-Copyright 2020 - 2021 David Xanatos (xanasoft.com)
+Copyright 2020 - 2022 David Xanatos (xanasoft.com)
 
 This software is provided under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License
 
diff --git a/Sandboxie/core/dll/proc.c b/Sandboxie/core/dll/proc.c
index 35f788ae..c6fa4d5c 100644
--- a/Sandboxie/core/dll/proc.c
+++ b/Sandboxie/core/dll/proc.c
@@ -941,21 +941,24 @@ _FX BOOL Proc_CreateProcessInternalW(
     // check if this is a break out candidate
     //
 
-    if(lpApplicationName && lpCommandLine) {
+    if(lpApplicationName) {
         const WCHAR* lpProgram = wcsrchr(lpApplicationName, L'\\');
         if (lpProgram) {
             if (SbieDll_CheckStringInList(lpProgram + 1, NULL, L"BreakoutProcess")
                 || SbieDll_CheckPatternInList(lpApplicationName, (ULONG)(lpProgram - lpApplicationName),  NULL, L"BreakoutFolder")) {
                 
-                const WCHAR* lpArguments;
-                if (lpCommandLine[0] == L'\"') {
-                    lpArguments = wcschr(lpCommandLine + 1, L'\"');
-                    if (lpArguments) lpArguments++; // skip "
-                } else
-                    lpArguments = wcschr(lpCommandLine, L' ');
-                if(!lpArguments) lpArguments = wcschr(lpCommandLine, L'\0');
+                const WCHAR* lpArguments = NULL;
+                if (lpCommandLine) {
+                    if (lpCommandLine[0] == L'\"') {
+                        lpArguments = wcschr(lpCommandLine + 1, L'\"');
+                        if (lpArguments) lpArguments++; // skip "
+                    }
+                    else
+                        lpArguments = wcschr(lpCommandLine, L' ');
+                    if (!lpArguments) lpArguments = wcschr(lpCommandLine, L'\0');
+                }
 
-                WCHAR *mybuf = Dll_Alloc((wcslen(lpApplicationName) + 2 + wcslen(lpArguments) + 1) * sizeof(WCHAR));
+                WCHAR *mybuf = Dll_Alloc((wcslen(lpApplicationName) + 2 + (lpArguments ? wcslen(lpArguments) : 0) + 1) * sizeof(WCHAR));
                 if (mybuf) {
 
                     //
@@ -967,9 +970,18 @@ _FX BOOL Proc_CreateProcessInternalW(
                     wcscpy(mybuf, L"\"");
                     wcscat(mybuf, lpApplicationName);
                     wcscat(mybuf, L"\"");
-                    wcscat(mybuf, lpArguments);
+                    if(lpArguments)
+                        wcscat(mybuf, lpArguments);
 
-                    ULONG crflags2 = dwCreationFlags & (CREATE_NO_WINDOW | CREATE_SUSPENDED
+                    if (! lpCurrentDirectory) {
+                        lpCurrentDirectory = Dll_Alloc(sizeof(WCHAR) * 8192);
+                        if (lpCurrentDirectory) {
+                            ((WCHAR*)lpCurrentDirectory)[0] = L'\0';
+                            RtlGetCurrentDirectory_U(sizeof(WCHAR) * 8190, lpCurrentDirectory);
+                        }
+                    }
+
+                    ULONG crflags2 = dwCreationFlags & (CREATE_NO_WINDOW //| CREATE_SUSPENDED 
                         |   HIGH_PRIORITY_CLASS | ABOVE_NORMAL_PRIORITY_CLASS
                         |   BELOW_NORMAL_PRIORITY_CLASS | IDLE_PRIORITY_CLASS
                         |   CREATE_UNICODE_ENVIRONMENT);
diff --git a/Sandboxie/core/svc/ProcessServer.cpp b/Sandboxie/core/svc/ProcessServer.cpp
index ef2c360e..3bfaac1f 100644
--- a/Sandboxie/core/svc/ProcessServer.cpp
+++ b/Sandboxie/core/svc/ProcessServer.cpp
@@ -1322,8 +1322,9 @@ BOOL ProcessServer::RunSandboxedDupAndCloseHandles(
     }
 
     if (ok) {
+        // Note: PROCESS_SUSPEND_RESUME is enough to start a debugging session which will give a full access handle in the first debug event (diversenok)
         DWORD dwRead =  STANDARD_RIGHTS_READ | SYNCHRONIZE |
-                        PROCESS_VM_READ | PROCESS_QUERY_INFORMATION | PROCESS_SUSPEND_RESUME |
+                        PROCESS_VM_READ | PROCESS_QUERY_INFORMATION | //PROCESS_SUSPEND_RESUME | unlike THREAD_SUSPEND_RESUME this one is dangerous
                         PROCESS_QUERY_LIMITED_INFORMATION;
         ok = DuplicateHandle(GetCurrentProcess(), piInput->hProcess,
                              CallerProcessHandle, &piReply->hProcess,