DavidXanatos
parent
b20f965766
commit
ee1a74be5a
|
|
@ -8,10 +8,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
|
||||
### Added
|
||||
- added menu entry to restart SandMan as admin [#3581](https://github.com/sandboxie-plus/Sandboxie/issues/3581) (thanks Yeyixiao)
|
||||
- added option to prevent sandboxed programs from accessing the images of the window outside the sandbox [#1985](https://github.com/sandboxie-plus/Sandboxie/issues/1985) (thanks Yeyixiao)
|
||||
- it can be enabled with "IsBlockCapture=y"
|
||||
- see the sandbox option "Block process from taking screenshots of windows not belonging to the containing sandbox" in SandMan UI
|
||||
- added option to block taking screen capture/screenshot of sandboxed processes [#624](https://github.com/sandboxie-plus/Sandboxie/issues/624) (thanks Yeyixiao)
|
||||
- added option to block taking screen capture/screenshot of sandboxed processes (thanks Yeyixiao)
|
||||
- it can be enabled with "IsProtectScreen=y"
|
||||
- see the sandbox option "Prevents getting an image of the window in the sandbox" in SandMan UI
|
||||
- added option to prevent sandboxed processes from interfering with power operations [#3640](https://github.com/sandboxie-plus/Sandboxie/issues/3640) (thanks Yeyixiao)
|
||||
|
|
|
|||
|
|
@ -380,10 +380,10 @@ _FX BOOLEAN Gui_Init(HMODULE module)
|
|||
Gui_UseProxyService = !Dll_CompartmentMode && !SbieApi_QueryConfBool(NULL, L"NoSandboxieDesktop", FALSE);
|
||||
// NoSbieDesk END
|
||||
|
||||
GUI_IMPORT___(PrintWindow)
|
||||
/*GUI_IMPORT___(PrintWindow)
|
||||
GUI_IMPORT___(GetWindowDC)
|
||||
GUI_IMPORT___(GetDC)
|
||||
GUI_IMPORT___(GetDCEx)
|
||||
GUI_IMPORT___(GetDCEx)*/
|
||||
GUI_IMPORT___(GetWindowThreadProcessId);
|
||||
GUI_IMPORT___(SetThreadDesktop);
|
||||
GUI_IMPORT___(SwitchDesktop);
|
||||
|
|
|
|||
|
|
@ -412,13 +412,13 @@ typedef int (*P_LoadString)(
|
|||
|
||||
typedef BOOL (*P_SetProcessWindowStation)(HWINSTA hWinSta);
|
||||
|
||||
typedef HDC(*P_GetWindowDC)(HWND hWnd);
|
||||
/*typedef HDC(*P_GetWindowDC)(HWND hWnd);
|
||||
|
||||
typedef HDC(*P_GetDC)(HWND hWnd);
|
||||
|
||||
typedef HDC(*P_GetDCEx)(HWND hWnd, HRGN hrgnClip,DWORD flags);
|
||||
|
||||
typedef BOOL (*P_PrintWindow)(HWND hwnd, HDC hdcBlt,UINT nFlags);
|
||||
typedef BOOL (*P_PrintWindow)(HWND hwnd, HDC hdcBlt,UINT nFlags);*/
|
||||
|
||||
typedef BOOL (*P_ShutdownBlockReasonCreate)(HWND hWnd, LPCWSTR pwszReason);
|
||||
|
||||
|
|
@ -546,10 +546,10 @@ extern ATOM Gui_WindowProcOldA_Atom;
|
|||
#endif
|
||||
#define GUI_SYS_VAR_2(nm) GUI_SYS_VAR_AW(nm,A); GUI_SYS_VAR_AW(nm,W);
|
||||
|
||||
GUI_SYS_VAR(GetDC)
|
||||
/*GUI_SYS_VAR(GetDC)
|
||||
GUI_SYS_VAR(GetDCEx)
|
||||
GUI_SYS_VAR(GetWindowDC)
|
||||
GUI_SYS_VAR(PrintWindow)
|
||||
GUI_SYS_VAR(PrintWindow)*/
|
||||
|
||||
GUI_SYS_VAR(ClipCursor)
|
||||
GUI_SYS_VAR(GetClipCursor)
|
||||
|
|
|
|||
|
|
@ -99,13 +99,13 @@ static LONG Gui_GetRawInputDeviceInfoW(
|
|||
_In_opt_ HANDLE hDevice, _In_ UINT uiCommand,
|
||||
_Inout_ LPVOID pData, _Inout_ PUINT pcbSize);
|
||||
|
||||
static HDC Gui_GetDC(HWND hWnd);
|
||||
/*static HDC Gui_GetDC(HWND hWnd);
|
||||
|
||||
static HDC Gui_GetWindowDC(HWND hWnd);
|
||||
|
||||
static HDC Gui_GetDCEx(HWND hWnd, HRGN hrgnClip, DWORD flags);
|
||||
|
||||
static BOOL Gui_PrintWindow(HWND hwnd, HDC hdcBlt, UINT nFlags);
|
||||
static BOOL Gui_PrintWindow(HWND hwnd, HDC hdcBlt, UINT nFlags);*/
|
||||
|
||||
static BOOL Gui_ShutdownBlockReasonCreate(HWND hWnd, LPCWSTR pwszReason);
|
||||
|
||||
|
|
@ -189,10 +189,10 @@ _FX BOOLEAN Gui_InitMisc(HMODULE module)
|
|||
}
|
||||
SBIEDLL_HOOK_GUI(SwapMouseButton);
|
||||
SBIEDLL_HOOK_GUI(SetDoubleClickTime);
|
||||
SBIEDLL_HOOK_GUI(GetWindowDC);
|
||||
/*SBIEDLL_HOOK_GUI(GetWindowDC);
|
||||
SBIEDLL_HOOK_GUI(GetDC);
|
||||
SBIEDLL_HOOK_GUI(GetDCEx);
|
||||
SBIEDLL_HOOK_GUI(PrintWindow);
|
||||
SBIEDLL_HOOK_GUI(PrintWindow);*/
|
||||
if (Dll_OsBuild >= 6000) {
|
||||
|
||||
//
|
||||
|
|
@ -1485,7 +1485,7 @@ _FX BOOL Gui_ImmAssociateContextEx(
|
|||
return ok;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
//---------------------------------------------------------------------------
|
||||
// Gui_GetDC
|
||||
//---------------------------------------------------------------------------
|
||||
|
|
@ -1500,8 +1500,8 @@ _FX HDC Gui_GetDC(HWND hWnd)
|
|||
SetLastError(ERROR_ACCESS_DENIED);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ULONG_PTR pid=0, tid=0;
|
||||
|
||||
if (!Gui_IsSameBox(hWnd, &pid, &tid)) {
|
||||
|
||||
SetLastError(ERROR_ACCESS_DENIED);
|
||||
|
|
@ -1525,8 +1525,8 @@ _FX HDC Gui_GetWindowDC(HWND hWnd)
|
|||
SetLastError(ERROR_ACCESS_DENIED);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ULONG_PTR pid = 0, tid = 0;
|
||||
|
||||
if (!Gui_IsSameBox(hWnd, &pid, &tid)) {
|
||||
|
||||
SetLastError(ERROR_ACCESS_DENIED);
|
||||
|
|
@ -1542,7 +1542,7 @@ _FX HDC Gui_GetWindowDC(HWND hWnd)
|
|||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX HDC Gui_GetDCEx(HWND hWnd,HRGN hrgnClip,DWORD flags)
|
||||
_FX HDC Gui_GetDCEx(HWND hWnd, HRGN hrgnClip, DWORD flags)
|
||||
{
|
||||
if (SbieApi_QueryConfBool(NULL, L"IsBlockCapture", FALSE)) {
|
||||
|
||||
|
|
@ -1551,15 +1551,15 @@ _FX HDC Gui_GetDCEx(HWND hWnd,HRGN hrgnClip,DWORD flags)
|
|||
SetLastError(ERROR_ACCESS_DENIED);
|
||||
return NULL;
|
||||
}
|
||||
ULONG_PTR pid = 0, tid = 0;
|
||||
|
||||
ULONG_PTR pid = 0, tid = 0;
|
||||
if (!Gui_IsSameBox(hWnd, &pid, &tid)) {
|
||||
|
||||
SetLastError(ERROR_ACCESS_DENIED);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
return __sys_GetWindowDC(hWnd);
|
||||
return __sys_GetDCEx(hWnd, hrgnClip, flags);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -1568,7 +1568,7 @@ _FX HDC Gui_GetDCEx(HWND hWnd,HRGN hrgnClip,DWORD flags)
|
|||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX BOOL Gui_PrintWindow(HWND hwnd, HDC hdcBlt, UINT nFlags)
|
||||
_FX BOOL Gui_PrintWindow(HWND hwnd, HDC hdcBlt, UINT nFlags)
|
||||
{
|
||||
if (SbieApi_QueryConfBool(NULL, L"IsBlockCapture", FALSE)) {
|
||||
|
||||
|
|
@ -1577,8 +1577,8 @@ _FX BOOL Gui_PrintWindow(HWND hwnd, HDC hdcBlt, UINT nFlags)
|
|||
SetLastError(ERROR_ACCESS_DENIED);
|
||||
return 0;
|
||||
}
|
||||
ULONG_PTR pid = 0, tid = 0;
|
||||
|
||||
ULONG_PTR pid = 0, tid = 0;
|
||||
if (!Gui_IsSameBox(hwnd, &pid, &tid)) {
|
||||
|
||||
SetLastError(ERROR_ACCESS_DENIED);
|
||||
|
|
@ -1587,7 +1587,7 @@ _FX BOOL Gui_PrintWindow(HWND hwnd, HDC hdcBlt, UINT nFlags)
|
|||
}
|
||||
return __sys_PrintWindow(hwnd, hdcBlt, nFlags);
|
||||
}
|
||||
|
||||
*/
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Gui_ShutdownBlockReasonCreate
|
||||
|
|
|
|||
|
|
@ -673,69 +673,6 @@
|
|||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="6" column="2">
|
||||
<widget class="QCheckBox" name="chkPrintToFile">
|
||||
<property name="sizePolicy">
|
||||
<sizepolicy hsizetype="Minimum" vsizetype="Fixed">
|
||||
<horstretch>0</horstretch>
|
||||
<verstretch>0</verstretch>
|
||||
</sizepolicy>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>Allow the print spooler to print to files outside the sandbox</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="12" column="2">
|
||||
<widget class="QCheckBox" name="chkVmReadNotify">
|
||||
<property name="text">
|
||||
<string>Issue message 2111 when a process access is denied</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="16" column="2">
|
||||
<spacer name="horizontalSpacer_5">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Horizontal</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>556</width>
|
||||
<height>20</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="13" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkBlockCapture">
|
||||
<property name="text">
|
||||
<string>Block process from taking screenshots of windows not belonging to the containing sandbox</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="3" column="0" colspan="2">
|
||||
<widget class="QLabel" name="lblPrinting">
|
||||
<property name="font">
|
||||
<font>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
</property>
|
||||
<property name="toolTip">
|
||||
<string>Protect the system from sandboxed processes</string>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>Printing restrictions</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="10" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkCloseClipBoard">
|
||||
<property name="text">
|
||||
<string>Block read access to the clipboard</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="9" column="1">
|
||||
<widget class="QLabel" name="label_39">
|
||||
<property name="minimumSize">
|
||||
|
|
@ -755,14 +692,27 @@
|
|||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="2" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkBlockNetParam">
|
||||
<item row="13" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkProtectPower">
|
||||
<property name="text">
|
||||
<string>Prevent change to network and firewall parameters (user mode)</string>
|
||||
<string>Prevents processes in the sandbox from interfering with power operation</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="15" column="0">
|
||||
<item row="15" column="2">
|
||||
<spacer name="horizontalSpacer_5">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Horizontal</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>556</width>
|
||||
<height>20</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="14" column="0">
|
||||
<spacer name="verticalSpacer_12">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Vertical</enum>
|
||||
|
|
@ -775,15 +725,8 @@
|
|||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="11" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkVmRead">
|
||||
<property name="text">
|
||||
<string>Allow to read memory of unsandboxed processes (not recommended)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="0" column="0" colspan="2">
|
||||
<widget class="QLabel" name="lblNetwork">
|
||||
<item row="3" column="0" colspan="2">
|
||||
<widget class="QLabel" name="lblPrinting">
|
||||
<property name="font">
|
||||
<font>
|
||||
<bold>true</bold>
|
||||
|
|
@ -794,7 +737,41 @@
|
|||
<string>Protect the system from sandboxed processes</string>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>Network restrictions</string>
|
||||
<string>Printing restrictions</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="11" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkVmRead">
|
||||
<property name="text">
|
||||
<string>Allow to read memory of unsandboxed processes (not recommended)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="6" column="2">
|
||||
<widget class="QCheckBox" name="chkPrintToFile">
|
||||
<property name="sizePolicy">
|
||||
<sizepolicy hsizetype="Minimum" vsizetype="Fixed">
|
||||
<horstretch>0</horstretch>
|
||||
<verstretch>0</verstretch>
|
||||
</sizepolicy>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>Allow the print spooler to print to files outside the sandbox</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="10" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkCloseClipBoard">
|
||||
<property name="text">
|
||||
<string>Block read access to the clipboard</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="1" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkBlockNetShare">
|
||||
<property name="text">
|
||||
<string>Block network files and folders, unless specifically opened.</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
|
|
@ -805,6 +782,20 @@
|
|||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="4" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkBlockSpooler">
|
||||
<property name="text">
|
||||
<string>Block access to the printer spooler</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="2" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkBlockNetParam">
|
||||
<property name="text">
|
||||
<string>Prevent change to network and firewall parameters (user mode)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="7" column="0">
|
||||
<widget class="QLabel" name="lblOther">
|
||||
<property name="font">
|
||||
|
|
@ -821,20 +812,6 @@
|
|||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="4" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkBlockSpooler">
|
||||
<property name="text">
|
||||
<string>Block access to the printer spooler</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="1" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkBlockNetShare">
|
||||
<property name="text">
|
||||
<string>Block network files and folders, unless specifically opened.</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="8" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkOpenProtectedStorage">
|
||||
<property name="text">
|
||||
|
|
@ -842,10 +819,26 @@
|
|||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="14" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkProtectPower">
|
||||
<item row="0" column="0" colspan="2">
|
||||
<widget class="QLabel" name="lblNetwork">
|
||||
<property name="font">
|
||||
<font>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
</property>
|
||||
<property name="toolTip">
|
||||
<string>Protect the system from sandboxed processes</string>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>Prevents processes in the sandbox from interfering with power operation</string>
|
||||
<string>Network restrictions</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="12" column="2">
|
||||
<widget class="QCheckBox" name="chkVmReadNotify">
|
||||
<property name="text">
|
||||
<string>Issue message 2111 when a process access is denied</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
|
|
|
|||
|
|
@ -521,7 +521,7 @@ void COptionsWindow::UpdateBoxIsolation()
|
|||
ui.chkCloseClipBoard->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
|
||||
ui.chkVmRead->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
|
||||
|
||||
ui.chkBlockCapture->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
|
||||
//ui.chkBlockCapture->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
|
||||
ui.chkProtectPower->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
|
||||
|
||||
ui.chkCloseForBox->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
|
||||
|
|
|
|||
|
|
@ -166,7 +166,7 @@ void COptionsWindow::CreateGeneral()
|
|||
connect(ui.chkOpenProtectedStorage, SIGNAL(clicked(bool)), this, SLOT(OnPSTChanged()));
|
||||
connect(ui.chkOpenCredentials, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
|
||||
connect(ui.chkCloseClipBoard, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
|
||||
connect(ui.chkBlockCapture, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
|
||||
//connect(ui.chkBlockCapture, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
|
||||
connect(ui.chkProtectPower, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
|
||||
connect(ui.chkVmRead, SIGNAL(clicked(bool)), this, SLOT(OnVmRead()));
|
||||
connect(ui.chkVmReadNotify, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
|
||||
|
|
@ -284,7 +284,7 @@ void COptionsWindow::LoadGeneral()
|
|||
ui.chkOpenProtectedStorage->setChecked(m_BoxTemplates.contains("OpenProtectedStorage"));
|
||||
ui.chkOpenCredentials->setChecked(!ui.chkOpenCredentials->isEnabled() || m_pBox->GetBool("OpenCredentials", false));
|
||||
ui.chkCloseClipBoard->setChecked(!m_pBox->GetBool("OpenClipboard", true));
|
||||
ui.chkBlockCapture->setChecked(m_pBox->GetBool("IsBlockCapture", false));
|
||||
//ui.chkBlockCapture->setChecked(m_pBox->GetBool("IsBlockCapture", false));
|
||||
ui.chkProtectPower->setChecked(m_pBox->GetBool("BlockInterferePower", false));
|
||||
ui.chkVmReadNotify->setChecked(m_pBox->GetBool("NotifyProcessAccessDenied", false));
|
||||
//ui.chkOpenSmartCard->setChecked(m_pBox->GetBool("OpenSmartCard", true));
|
||||
|
|
@ -420,7 +420,7 @@ void COptionsWindow::SaveGeneral()
|
|||
if (ui.chkOpenCredentials->isEnabled())
|
||||
WriteAdvancedCheck(ui.chkOpenCredentials, "OpenCredentials", "y", "");
|
||||
WriteAdvancedCheck(ui.chkCloseClipBoard, "OpenClipboard", "n", "");
|
||||
WriteAdvancedCheck(ui.chkBlockCapture, "IsBlockCapture", "y", "n");
|
||||
//WriteAdvancedCheck(ui.chkBlockCapture, "IsBlockCapture", "y", "n");
|
||||
WriteAdvancedCheck(ui.chkProtectPower, "BlockInterferePower", "y", "n");
|
||||
WriteAdvancedCheck(ui.chkVmReadNotify, "NotifyProcessAccessDenied", "y", "");
|
||||
//WriteAdvancedCheck(ui.chkOpenSmartCard, "OpenSmartCard", "", "n");
|
||||
|
|
|
|||
Loading…
Reference in New Issue