From ee1a74be5a9d4028ccab6385d61ba4a9bee18258 Mon Sep 17 00:00:00 2001
From: DavidXanatos <3890945+DavidXanatos@users.noreply.github.com>
Date: Tue, 5 Mar 2024 08:22:07 +0100
Subject: [PATCH] 1.13.2
rollback IsBlockCapture
---
CHANGELOG.md | 5 +-
Sandboxie/core/dll/gui.c | 4 +-
Sandboxie/core/dll/gui_p.h | 8 +-
Sandboxie/core/dll/guimisc.c | 26 +--
SandboxiePlus/SandMan/Forms/OptionsWindow.ui | 181 +++++++++---------
.../SandMan/Windows/OptionsAdvanced.cpp | 2 +-
.../SandMan/Windows/OptionsGeneral.cpp | 6 +-
7 files changed, 111 insertions(+), 121 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0dd17bbd..bffcbe39 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,10 +8,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Added
- added menu entry to restart SandMan as admin [#3581](https://github.com/sandboxie-plus/Sandboxie/issues/3581) (thanks Yeyixiao)
-- added option to prevent sandboxed programs from accessing the images of the window outside the sandbox [#1985](https://github.com/sandboxie-plus/Sandboxie/issues/1985) (thanks Yeyixiao)
- - it can be enabled with "IsBlockCapture=y"
- - see the sandbox option "Block process from taking screenshots of windows not belonging to the containing sandbox" in SandMan UI
-- added option to block taking screen capture/screenshot of sandboxed processes [#624](https://github.com/sandboxie-plus/Sandboxie/issues/624) (thanks Yeyixiao)
+- added option to block taking screen capture/screenshot of sandboxed processes (thanks Yeyixiao)
- it can be enabled with "IsProtectScreen=y"
- see the sandbox option "Prevents getting an image of the window in the sandbox" in SandMan UI
- added option to prevent sandboxed processes from interfering with power operations [#3640](https://github.com/sandboxie-plus/Sandboxie/issues/3640) (thanks Yeyixiao)
diff --git a/Sandboxie/core/dll/gui.c b/Sandboxie/core/dll/gui.c
index 31b56dc0..bd7448bd 100644
--- a/Sandboxie/core/dll/gui.c
+++ b/Sandboxie/core/dll/gui.c
@@ -380,10 +380,10 @@ _FX BOOLEAN Gui_Init(HMODULE module)
Gui_UseProxyService = !Dll_CompartmentMode && !SbieApi_QueryConfBool(NULL, L"NoSandboxieDesktop", FALSE);
// NoSbieDesk END
- GUI_IMPORT___(PrintWindow)
+ /*GUI_IMPORT___(PrintWindow)
GUI_IMPORT___(GetWindowDC)
GUI_IMPORT___(GetDC)
- GUI_IMPORT___(GetDCEx)
+ GUI_IMPORT___(GetDCEx)*/
GUI_IMPORT___(GetWindowThreadProcessId);
GUI_IMPORT___(SetThreadDesktop);
GUI_IMPORT___(SwitchDesktop);
diff --git a/Sandboxie/core/dll/gui_p.h b/Sandboxie/core/dll/gui_p.h
index 219ef2af..2822bf85 100644
--- a/Sandboxie/core/dll/gui_p.h
+++ b/Sandboxie/core/dll/gui_p.h
@@ -412,13 +412,13 @@ typedef int (*P_LoadString)(
typedef BOOL (*P_SetProcessWindowStation)(HWINSTA hWinSta);
-typedef HDC(*P_GetWindowDC)(HWND hWnd);
+/*typedef HDC(*P_GetWindowDC)(HWND hWnd);
typedef HDC(*P_GetDC)(HWND hWnd);
typedef HDC(*P_GetDCEx)(HWND hWnd, HRGN hrgnClip,DWORD flags);
-typedef BOOL (*P_PrintWindow)(HWND hwnd, HDC hdcBlt,UINT nFlags);
+typedef BOOL (*P_PrintWindow)(HWND hwnd, HDC hdcBlt,UINT nFlags);*/
typedef BOOL (*P_ShutdownBlockReasonCreate)(HWND hWnd, LPCWSTR pwszReason);
@@ -546,10 +546,10 @@ extern ATOM Gui_WindowProcOldA_Atom;
#endif
#define GUI_SYS_VAR_2(nm) GUI_SYS_VAR_AW(nm,A); GUI_SYS_VAR_AW(nm,W);
-GUI_SYS_VAR(GetDC)
+/*GUI_SYS_VAR(GetDC)
GUI_SYS_VAR(GetDCEx)
GUI_SYS_VAR(GetWindowDC)
-GUI_SYS_VAR(PrintWindow)
+GUI_SYS_VAR(PrintWindow)*/
GUI_SYS_VAR(ClipCursor)
GUI_SYS_VAR(GetClipCursor)
diff --git a/Sandboxie/core/dll/guimisc.c b/Sandboxie/core/dll/guimisc.c
index 9483c6bc..847121fb 100644
--- a/Sandboxie/core/dll/guimisc.c
+++ b/Sandboxie/core/dll/guimisc.c
@@ -99,13 +99,13 @@ static LONG Gui_GetRawInputDeviceInfoW(
_In_opt_ HANDLE hDevice, _In_ UINT uiCommand,
_Inout_ LPVOID pData, _Inout_ PUINT pcbSize);
-static HDC Gui_GetDC(HWND hWnd);
+/*static HDC Gui_GetDC(HWND hWnd);
static HDC Gui_GetWindowDC(HWND hWnd);
static HDC Gui_GetDCEx(HWND hWnd, HRGN hrgnClip, DWORD flags);
-static BOOL Gui_PrintWindow(HWND hwnd, HDC hdcBlt, UINT nFlags);
+static BOOL Gui_PrintWindow(HWND hwnd, HDC hdcBlt, UINT nFlags);*/
static BOOL Gui_ShutdownBlockReasonCreate(HWND hWnd, LPCWSTR pwszReason);
@@ -189,10 +189,10 @@ _FX BOOLEAN Gui_InitMisc(HMODULE module)
}
SBIEDLL_HOOK_GUI(SwapMouseButton);
SBIEDLL_HOOK_GUI(SetDoubleClickTime);
- SBIEDLL_HOOK_GUI(GetWindowDC);
+ /*SBIEDLL_HOOK_GUI(GetWindowDC);
SBIEDLL_HOOK_GUI(GetDC);
SBIEDLL_HOOK_GUI(GetDCEx);
- SBIEDLL_HOOK_GUI(PrintWindow);
+ SBIEDLL_HOOK_GUI(PrintWindow);*/
if (Dll_OsBuild >= 6000) {
//
@@ -1485,7 +1485,7 @@ _FX BOOL Gui_ImmAssociateContextEx(
return ok;
}
-
+/*
//---------------------------------------------------------------------------
// Gui_GetDC
//---------------------------------------------------------------------------
@@ -1500,8 +1500,8 @@ _FX HDC Gui_GetDC(HWND hWnd)
SetLastError(ERROR_ACCESS_DENIED);
return NULL;
}
+
ULONG_PTR pid=0, tid=0;
-
if (!Gui_IsSameBox(hWnd, &pid, &tid)) {
SetLastError(ERROR_ACCESS_DENIED);
@@ -1525,8 +1525,8 @@ _FX HDC Gui_GetWindowDC(HWND hWnd)
SetLastError(ERROR_ACCESS_DENIED);
return NULL;
}
+
ULONG_PTR pid = 0, tid = 0;
-
if (!Gui_IsSameBox(hWnd, &pid, &tid)) {
SetLastError(ERROR_ACCESS_DENIED);
@@ -1542,7 +1542,7 @@ _FX HDC Gui_GetWindowDC(HWND hWnd)
//---------------------------------------------------------------------------
-_FX HDC Gui_GetDCEx(HWND hWnd,HRGN hrgnClip,DWORD flags)
+_FX HDC Gui_GetDCEx(HWND hWnd, HRGN hrgnClip, DWORD flags)
{
if (SbieApi_QueryConfBool(NULL, L"IsBlockCapture", FALSE)) {
@@ -1551,15 +1551,15 @@ _FX HDC Gui_GetDCEx(HWND hWnd,HRGN hrgnClip,DWORD flags)
SetLastError(ERROR_ACCESS_DENIED);
return NULL;
}
- ULONG_PTR pid = 0, tid = 0;
+ ULONG_PTR pid = 0, tid = 0;
if (!Gui_IsSameBox(hWnd, &pid, &tid)) {
SetLastError(ERROR_ACCESS_DENIED);
return NULL;
}
}
- return __sys_GetWindowDC(hWnd);
+ return __sys_GetDCEx(hWnd, hrgnClip, flags);
}
@@ -1568,7 +1568,7 @@ _FX HDC Gui_GetDCEx(HWND hWnd,HRGN hrgnClip,DWORD flags)
//---------------------------------------------------------------------------
-_FX BOOL Gui_PrintWindow(HWND hwnd, HDC hdcBlt, UINT nFlags)
+_FX BOOL Gui_PrintWindow(HWND hwnd, HDC hdcBlt, UINT nFlags)
{
if (SbieApi_QueryConfBool(NULL, L"IsBlockCapture", FALSE)) {
@@ -1577,8 +1577,8 @@ _FX BOOL Gui_PrintWindow(HWND hwnd, HDC hdcBlt, UINT nFlags)
SetLastError(ERROR_ACCESS_DENIED);
return 0;
}
- ULONG_PTR pid = 0, tid = 0;
+ ULONG_PTR pid = 0, tid = 0;
if (!Gui_IsSameBox(hwnd, &pid, &tid)) {
SetLastError(ERROR_ACCESS_DENIED);
@@ -1587,7 +1587,7 @@ _FX BOOL Gui_PrintWindow(HWND hwnd, HDC hdcBlt, UINT nFlags)
}
return __sys_PrintWindow(hwnd, hdcBlt, nFlags);
}
-
+*/
//---------------------------------------------------------------------------
// Gui_ShutdownBlockReasonCreate
diff --git a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
index 3065f6f7..6295f6f2 100644
--- a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
+++ b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
@@ -673,69 +673,6 @@
- -
-
-
-
- 0
- 0
-
-
-
- Allow the print spooler to print to files outside the sandbox
-
-
-
- -
-
-
- Issue message 2111 when a process access is denied
-
-
-
- -
-
-
- Qt::Horizontal
-
-
-
- 556
- 20
-
-
-
-
- -
-
-
- Block process from taking screenshots of windows not belonging to the containing sandbox
-
-
-
- -
-
-
-
- true
- true
-
-
-
- Protect the system from sandboxed processes
-
-
- Printing restrictions
-
-
-
- -
-
-
- Block read access to the clipboard
-
-
-
-
@@ -755,14 +692,27 @@
- -
-
+
-
+
- Prevent change to network and firewall parameters (user mode)
+ Prevents processes in the sandbox from interfering with power operation
- -
+
-
+
+
+ Qt::Horizontal
+
+
+
+ 556
+ 20
+
+
+
+
+ -
Qt::Vertical
@@ -775,15 +725,8 @@
- -
-
-
- Allow to read memory of unsandboxed processes (not recommended)
-
-
-
- -
-
+
-
+
true
@@ -794,7 +737,41 @@
Protect the system from sandboxed processes
- Network restrictions
+ Printing restrictions
+
+
+
+ -
+
+
+ Allow to read memory of unsandboxed processes (not recommended)
+
+
+
+ -
+
+
+
+ 0
+ 0
+
+
+
+ Allow the print spooler to print to files outside the sandbox
+
+
+
+ -
+
+
+ Block read access to the clipboard
+
+
+
+ -
+
+
+ Block network files and folders, unless specifically opened.
@@ -805,6 +782,20 @@
+ -
+
+
+ Block access to the printer spooler
+
+
+
+ -
+
+
+ Prevent change to network and firewall parameters (user mode)
+
+
+
-
@@ -821,20 +812,6 @@
- -
-
-
- Block access to the printer spooler
-
-
-
- -
-
-
- Block network files and folders, unless specifically opened.
-
-
-
-
@@ -842,10 +819,26 @@
- -
-
+
-
+
+
+
+ true
+ true
+
+
+
+ Protect the system from sandboxed processes
+
- Prevents processes in the sandbox from interfering with power operation
+ Network restrictions
+
+
+
+ -
+
+
+ Issue message 2111 when a process access is denied
diff --git a/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp b/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
index 3bfd5316..4e5ba850 100644
--- a/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
+++ b/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
@@ -521,7 +521,7 @@ void COptionsWindow::UpdateBoxIsolation()
ui.chkCloseClipBoard->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
ui.chkVmRead->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
- ui.chkBlockCapture->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
+ //ui.chkBlockCapture->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
ui.chkProtectPower->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
ui.chkCloseForBox->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
diff --git a/SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp b/SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp
index c88ae557..0544d3b3 100644
--- a/SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp
+++ b/SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp
@@ -166,7 +166,7 @@ void COptionsWindow::CreateGeneral()
connect(ui.chkOpenProtectedStorage, SIGNAL(clicked(bool)), this, SLOT(OnPSTChanged()));
connect(ui.chkOpenCredentials, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkCloseClipBoard, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
- connect(ui.chkBlockCapture, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
+ //connect(ui.chkBlockCapture, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkProtectPower, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkVmRead, SIGNAL(clicked(bool)), this, SLOT(OnVmRead()));
connect(ui.chkVmReadNotify, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
@@ -284,7 +284,7 @@ void COptionsWindow::LoadGeneral()
ui.chkOpenProtectedStorage->setChecked(m_BoxTemplates.contains("OpenProtectedStorage"));
ui.chkOpenCredentials->setChecked(!ui.chkOpenCredentials->isEnabled() || m_pBox->GetBool("OpenCredentials", false));
ui.chkCloseClipBoard->setChecked(!m_pBox->GetBool("OpenClipboard", true));
- ui.chkBlockCapture->setChecked(m_pBox->GetBool("IsBlockCapture", false));
+ //ui.chkBlockCapture->setChecked(m_pBox->GetBool("IsBlockCapture", false));
ui.chkProtectPower->setChecked(m_pBox->GetBool("BlockInterferePower", false));
ui.chkVmReadNotify->setChecked(m_pBox->GetBool("NotifyProcessAccessDenied", false));
//ui.chkOpenSmartCard->setChecked(m_pBox->GetBool("OpenSmartCard", true));
@@ -420,7 +420,7 @@ void COptionsWindow::SaveGeneral()
if (ui.chkOpenCredentials->isEnabled())
WriteAdvancedCheck(ui.chkOpenCredentials, "OpenCredentials", "y", "");
WriteAdvancedCheck(ui.chkCloseClipBoard, "OpenClipboard", "n", "");
- WriteAdvancedCheck(ui.chkBlockCapture, "IsBlockCapture", "y", "n");
+ //WriteAdvancedCheck(ui.chkBlockCapture, "IsBlockCapture", "y", "n");
WriteAdvancedCheck(ui.chkProtectPower, "BlockInterferePower", "y", "n");
WriteAdvancedCheck(ui.chkVmReadNotify, "NotifyProcessAccessDenied", "y", "");
//WriteAdvancedCheck(ui.chkOpenSmartCard, "OpenSmartCard", "", "n");