diff --git a/CHANGELOG.md b/CHANGELOG.md index cd284c57..efe12df8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,23 @@ This project adheres to [Semantic Versioning](http://semver.org/). +## [1.0.6 / 5.55.6] - 2021-12-?? + +### Added +- replaced open with with a sandboxie dialog to work on win 10 [#1138](https://github.com/sandboxie-plus/Sandboxie/issues/1138) +- added ability to run store apps in app container mode, requirers COM to be open +- added new debug options "UnstrippedToken=y" and "KeepUserGroup=y" +- added double click to recovery window [#1466](https://github.com/sandboxie-plus/Sandboxie/issues/1466) + +### Changed +- "UseSbieWndStation=y" is now the default behavioure [#1442](https://github.com/sandboxie-plus/Sandboxie/issues/1442) + +### Fixed +- fixed box initialization issue in privacy mode [#1469](https://github.com/sandboxie-plus/Sandboxie/issues/1469) +- fixed issue creating shortcuts introduced in a recent build [#1471](https://github.com/sandboxie-plus/Sandboxie/issues/1471) + + + ## [1.0.5 / 5.55.5] - 2021-12-25 diff --git a/Sandboxie/apps/start/rundlg.cpp b/Sandboxie/apps/start/rundlg.cpp index bfabe5a5..3f83fcba 100644 --- a/Sandboxie/apps/start/rundlg.cpp +++ b/Sandboxie/apps/start/rundlg.cpp @@ -509,11 +509,23 @@ INT_PTR RunDialogProc( SetDlgItemText(hwnd, IDCANCEL, SbieDll_FormatMessage0(MSG_3002)); SetDlgItemText(hwnd, IDBROWSE, SbieDll_FormatMessage0(MSG_3003)); - SetDlgItemText(hwnd, IDRUNDLGTEXT, + extern BOOL execute_open_with; + if (execute_open_with) + { + SetDlgItemText(hwnd, IDRUNDLGTEXT, + SbieDll_FormatMessage0(MSG_3107)); + + extern PWSTR ChildCmdLine; + SetDlgItemText(hwnd, IDRUNDLGTEXT2, ChildCmdLine); + } + else + { + SetDlgItemText(hwnd, IDRUNDLGTEXT, SbieDll_FormatMessage0(MSG_3103)); - SetDlgItemText(hwnd, IDRUNDLGTEXT2, + SetDlgItemText(hwnd, IDRUNDLGTEXT2, SbieDll_FormatMessage0(MSG_3104)); + } // // position window diff --git a/Sandboxie/apps/start/start.cpp b/Sandboxie/apps/start/start.cpp index 7306a9b0..0d6ebe95 100644 --- a/Sandboxie/apps/start/start.cpp +++ b/Sandboxie/apps/start/start.cpp @@ -81,6 +81,7 @@ BOOL run_mail_agent = FALSE; BOOL display_run_dialog = FALSE; BOOL display_start_menu = FALSE; BOOL execute_auto_run = FALSE; +BOOL execute_open_with = FALSE; BOOL run_elevated_2 = FALSE; BOOL disable_force_on_this_program = FALSE; BOOL auto_select_default_box = FALSE; @@ -388,6 +389,7 @@ BOOL Parse_Command_Line(void) static const WCHAR *mail_agent = L"mail_agent"; static const WCHAR *run_dialog = L"run_dialog"; static const WCHAR *start_menu = L"start_menu"; + static const WCHAR *open_with = L"open_with"; static const WCHAR *auto_run = L"auto_run"; static const WCHAR *mount_hive = L"mount_hive"; static const WCHAR *delete_sandbox = L"delete_sandbox"; @@ -757,6 +759,27 @@ BOOL Parse_Command_Line(void) return TRUE; + // show open with dialog + + } else if (wcsncmp(cmd, open_with, wcslen(open_with)) == 0) { + + /*if (! SbieApi_QueryProcessInfo( + (HANDLE)(ULONG_PTR)GetCurrentProcessId(), 0)) { + // this is the instance of Start.exe outside the sandbox + // so just resend the start_menu command line to the + // instance that will restart in the sandbox + ChildCmdLine = cmd; + + }*/ + + execute_open_with = TRUE; + + DWORD len = wcslen(open_with) + 1; + ChildCmdLine = MyHeapAlloc((wcslen(cmd) - len) * sizeof(WCHAR)); + wcscpy(ChildCmdLine, cmd + len); + + return TRUE; + // run auto start entries } else if (wcsncmp(cmd, auto_run, wcslen(auto_run)) == 0) { @@ -1690,9 +1713,20 @@ int __stdcall WinMainCRTStartup( while (1) { - if (display_run_dialog) { + if (display_run_dialog || execute_open_with) { MyCoInitialize(); - ChildCmdLine = DoRunDialog(GetModuleHandle(NULL)); + WCHAR* CmdLine = DoRunDialog(GetModuleHandle(NULL)); + if (! ChildCmdLine) + ChildCmdLine = CmdLine; + else { // execute_open_with + WCHAR* FilePath = ChildCmdLine; + DWORD len = wcslen(CmdLine) + 1 + wcslen(FilePath) + 16; + ChildCmdLine = MyHeapAlloc(len * sizeof(WCHAR)); + wsprintf(ChildCmdLine, L"%s %s", CmdLine, FilePath); + MyHeapFree(CmdLine); + MyHeapFree(FilePath); + } + } else if (display_start_menu) { if (! ChildCmdLine) ChildCmdLine = DoStartMenu(); diff --git a/Sandboxie/common/my_version.h b/Sandboxie/common/my_version.h index 5d0f042f..1f6089fa 100644 --- a/Sandboxie/common/my_version.h +++ b/Sandboxie/common/my_version.h @@ -21,8 +21,8 @@ #ifndef _MY_VERSION_H #define _MY_VERSION_H -#define MY_VERSION_BINARY 5,55,5 -#define MY_VERSION_STRING "5.55.5" +#define MY_VERSION_BINARY 5,55,6 +#define MY_VERSION_STRING "5.55.6" #define MY_VERSION_COMPAT "5.55.0" // this refers to the driver ABI compatibility // These #defines are used by either Resource Compiler, or by NSIC installer diff --git a/Sandboxie/core/dll/custom.c b/Sandboxie/core/dll/custom.c index 9575c16e..0a6ec48f 100644 --- a/Sandboxie/core/dll/custom.c +++ b/Sandboxie/core/dll/custom.c @@ -43,6 +43,7 @@ static BOOLEAN DisableWerFaultUI(void); static BOOLEAN EnableMsiDebugging(void); static BOOLEAN Custom_EnableBrowseNewProcess(void); static BOOLEAN Custom_DisableBHOs(void); +static BOOLEAN Custom_OpenWith(void); static HANDLE OpenExplorerKey( HANDLE ParentKey, const WCHAR *SubkeyName, ULONG *error); static void DeleteShellAssocKeys(ULONG Wow64); @@ -71,9 +72,9 @@ _FX BOOLEAN CustomizeSandbox(void) // customize sandbox if we need to // - if (GetSetCustomLevel(0) != '1') { + Key_CreateBaseKeys(); - Key_CreateBaseKeys(); + if (GetSetCustomLevel(0) != '2') { Custom_CreateRegLinks(); DisableDCOM(); @@ -85,8 +86,10 @@ _FX BOOLEAN CustomizeSandbox(void) Custom_EnableBrowseNewProcess(); DeleteShellAssocKeys(0); Custom_DisableBHOs(); + if (Dll_OsBuild >= 8400) // only on win 8 and later + Custom_OpenWith(); - GetSetCustomLevel('1'); + GetSetCustomLevel('2'); // // process user-defined AutoExec settings @@ -132,6 +135,8 @@ _FX UCHAR GetSetCustomLevel(UCHAR SetLevel) wcscpy(path, L"\\registry\\user\\"); wcscat(path, Dll_SidString); + //wcscpy(path, Dll_BoxKeyPath); + //wcscat(path, L"\\user\\current"); wcscat(path, L"\\software\\SandboxAutoExec"); RtlInitUnicodeString(&uni, path); @@ -438,6 +443,110 @@ _FX BOOLEAN EnableMsiDebugging(void) } +//--------------------------------------------------------------------------- +// Custom_OpenWith +// +// Replace open With dialog as on Win10 it requirers UWP support +//--------------------------------------------------------------------------- + + +_FX BOOLEAN Custom_OpenWith(void) +{ + NTSTATUS status; + OBJECT_ATTRIBUTES objattrs; + UNICODE_STRING uni; + HANDLE hKeyRoot; + HANDLE hKey; + HANDLE hKeyCL; + + ULONG OpenWithSize = (wcslen(Dll_BoxName) + 128) * sizeof(WCHAR); + WCHAR* OpenWithStr = Dll_AllocTemp(OpenWithSize); + OpenWithStr[0] = L'\"'; + wcscpy(&OpenWithStr[1], Dll_HomeDosPath); + wcscat(OpenWithStr, L"\\" START_EXE L"\" open_with \"%1\""); + OpenWithSize = (wcslen(OpenWithStr) + 1) * sizeof(WCHAR); + + // Open HKLM + RtlInitUnicodeString(&uni, Custom_PrefixHKLM); + InitializeObjectAttributes(&objattrs, &uni, OBJ_CASE_INSENSITIVE, NULL, NULL); + if (NtOpenKey(&hKeyRoot, KEY_READ, &objattrs) == STATUS_SUCCESS) + { + // open Classes key + RtlInitUnicodeString(&uni, L"SOFTWARE\\Classes"); + InitializeObjectAttributes(&objattrs, &uni, OBJ_CASE_INSENSITIVE, hKeyRoot, NULL); + if (Key_OpenOrCreateIfBoxed(&hKeyCL, KEY_ALL_ACCESS, &objattrs) == STATUS_SUCCESS) + { + // open/create Undecided\shell\open\command key + RtlInitUnicodeString(&uni, L"Undecided\\shell\\open\\command"); + InitializeObjectAttributes(&objattrs, &uni, OBJ_CASE_INSENSITIVE, hKeyCL, NULL); + if (Key_OpenOrCreateIfBoxed(&hKey, KEY_ALL_ACCESS, &objattrs) == STATUS_SUCCESS) + { + // set @ = "..." + RtlInitUnicodeString(&uni, L""); + status = NtSetValueKey(hKey, &uni, 0, REG_SZ, (BYTE *)OpenWithStr, OpenWithSize); + + RtlInitUnicodeString(&uni, L"DelegateExecute"); + NtDeleteValueKey(hKey, &uni); + + NtClose(hKey); + } + + // open/create Unknown\shell\Open\command key + RtlInitUnicodeString(&uni, L"Unknown\\shell\\Open\\command"); + InitializeObjectAttributes(&objattrs, &uni, OBJ_CASE_INSENSITIVE, hKeyCL, NULL); + if (Key_OpenOrCreateIfBoxed(&hKey, KEY_ALL_ACCESS, &objattrs) == STATUS_SUCCESS) + { + // set @ = "..." + RtlInitUnicodeString(&uni, L""); + status = NtSetValueKey(hKey, &uni, 0, REG_SZ, (BYTE *)OpenWithStr, OpenWithSize); + + RtlInitUnicodeString(&uni, L"DelegateExecute"); + NtDeleteValueKey(hKey, &uni); + + NtClose(hKey); + } + + // open/create Unknown\shell\openas\command key + RtlInitUnicodeString(&uni, L"Unknown\\shell\\openas\\command"); + InitializeObjectAttributes(&objattrs, &uni, OBJ_CASE_INSENSITIVE, hKeyCL, NULL); + if (Key_OpenOrCreateIfBoxed(&hKey, KEY_ALL_ACCESS, &objattrs) == STATUS_SUCCESS) + { + // set @ = "..." + RtlInitUnicodeString(&uni, L""); + status = NtSetValueKey(hKey, &uni, 0, REG_SZ, (BYTE *)OpenWithStr, OpenWithSize); + + RtlInitUnicodeString(&uni, L"DelegateExecute"); + NtDeleteValueKey(hKey, &uni); + + NtClose(hKey); + } + + // open/create Unknown\shell\OpenWithSetDefaultOn\command key + RtlInitUnicodeString(&uni, L"Unknown\\shell\\OpenWithSetDefaultOn\\command"); + InitializeObjectAttributes(&objattrs, &uni, OBJ_CASE_INSENSITIVE, hKeyCL, NULL); + if (Key_OpenOrCreateIfBoxed(&hKey, KEY_ALL_ACCESS, &objattrs) == STATUS_SUCCESS) + { + // set @ = "..." + RtlInitUnicodeString(&uni, L""); + status = NtSetValueKey(hKey, &uni, 0, REG_SZ, (BYTE *)OpenWithStr, OpenWithSize); + + RtlInitUnicodeString(&uni, L"DelegateExecute"); + NtDeleteValueKey(hKey, &uni); + + NtClose(hKey); + } + + NtClose(hKeyCL); + } + NtClose(hKeyRoot); + } + + Dll_Free(OpenWithStr); + + return TRUE; +} + + //--------------------------------------------------------------------------- // DisableWerFaultUI // diff --git a/Sandboxie/core/dll/guienum.c b/Sandboxie/core/dll/guienum.c index 5dd8d345..338c08ad 100644 --- a/Sandboxie/core/dll/guienum.c +++ b/Sandboxie/core/dll/guienum.c @@ -244,7 +244,7 @@ _FX BOOLEAN Gui_InitEnum(void) // raises an error when CreateDesktop is call. This hook // is removed for chrome. See advapi.c: AdvApi_GetSecurityInfo - if (!Config_GetSettingsForImageName_bool(L"UseSbieWndStation", FALSE) && + if (!Config_GetSettingsForImageName_bool(L"UseSbieWndStation", TRUE) && (Dll_ImageType != DLL_IMAGE_GOOGLE_CHROME) && (Dll_ImageType != DLL_IMAGE_MOZILLA_FIREFOX)) { SBIEDLL_HOOK_GUI(CreateDesktopW); diff --git a/Sandboxie/core/dll/key.c b/Sandboxie/core/dll/key.c index e15bac6b..37e8e669 100644 --- a/Sandboxie/core/dll/key.c +++ b/Sandboxie/core/dll/key.c @@ -4300,7 +4300,10 @@ _FX void Key_CreateBaseKeys() UNICODE_STRING objname; WCHAR* base_keys[] = { L"\\machine\\system", L"\\machine\\software", - L"\\user\\current\\software", L"\\user\\current_Classes", NULL}; + L"\\user\\current\\software", L"\\user\\current_Classes", + L"\\machine\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer", + L"\\user\\current\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer", + NULL}; // // in privacy mode we need to pre create some keys or else the box initialization will fail diff --git a/Sandboxie/core/dll/ldr_init.c b/Sandboxie/core/dll/ldr_init.c index ea045415..746caea8 100644 --- a/Sandboxie/core/dll/ldr_init.c +++ b/Sandboxie/core/dll/ldr_init.c @@ -182,6 +182,10 @@ _FX void Ldr_LoadInjectDlls(BOOLEAN bHostInject) WCHAR *dllname = Dll_AllocTemp(MAX_PATH * 2 * sizeof(WCHAR)); ULONG index = 0; + // + // We also end up here form host injection mode so Dll_HomeDosPath is not available + // + WCHAR *path = Dll_AllocTemp(1024 * sizeof(WCHAR)); SbieApi_GetHomePath(NULL, 0, path, 1020); diff --git a/Sandboxie/core/drv/key_flt.c b/Sandboxie/core/drv/key_flt.c index a17ba6c7..0864547c 100644 --- a/Sandboxie/core/drv/key_flt.c +++ b/Sandboxie/core/drv/key_flt.c @@ -274,6 +274,15 @@ _FX NTSTATUS Key_Callback(void *Context, void *Arg1, void *Arg2) pRemainingName = &RemainingName; } + // + // Store app container support + // + + if (Driver_OsVersion >= DRIVER_WINDOWS_10) { + if (_wcsnicmp(pRemainingName->Buffer, proc->box->key_path + 9, (proc->box->key_path_len - (sizeof(WCHAR) * (9 + 1))) / sizeof(WCHAR)) == 0) // +9 skip \REGISTRY, +1 don't compare '\0' + return STATUS_SUCCESS; + } + // // call Key_MyParseProc_2 // diff --git a/Sandboxie/core/drv/token.c b/Sandboxie/core/drv/token.c index 92ef86dd..e79c78e3 100644 --- a/Sandboxie/core/drv/token.c +++ b/Sandboxie/core/drv/token.c @@ -69,7 +69,7 @@ static NTSTATUS Token_RestrictHelper2( static void *Token_RestrictHelper3( void *TokenObject, TOKEN_GROUPS *Groups, TOKEN_PRIVILEGES *Privileges, - PSID UserSid, ULONG FilterFlags, ULONG SessionId); + PSID UserSid, ULONG FilterFlags, PROCESS *proc); static BOOLEAN Token_AssignPrimary( void *ProcessObject, void *TokenObject, ULONG SessionId); @@ -894,6 +894,11 @@ _FX void *Token_Restrict( void *FixedTokenObject = Token_RestrictHelper1( TokenObject, OutIntegrityLevel, proc); + // OpenToken BEGIN + if (Conf_Get_Boolean(proc->box->name, L"UnstrippedToken", 0, FALSE)) + NewTokenObject = FixedTokenObject; + else + // OpenToken END if (FixedTokenObject) { TOKEN_PRIVILEGES *privs_arg = @@ -901,17 +906,11 @@ _FX void *Token_Restrict( NewTokenObject = Token_RestrictHelper3( FixedTokenObject, groups, privs_arg, - user->User.Sid, FilterFlags, proc->box->session_id); + user->User.Sid, FilterFlags, proc); ObDereferenceObject(FixedTokenObject); - } - else - NewTokenObject = NULL; - } - else - NewTokenObject = NULL; if (user) ExFreePool(user); @@ -1430,7 +1429,7 @@ _FX NTSTATUS Token_RestrictHelper2( _FX void *Token_RestrictHelper3( void *TokenObject, TOKEN_GROUPS *Groups, TOKEN_PRIVILEGES *Privileges, - PSID UserSid, ULONG FilterFlags, ULONG SessionId) + PSID UserSid, ULONG FilterFlags, PROCESS *proc) { void *NewTokenObject; TOKEN_GROUPS *Disabled; @@ -1459,6 +1458,7 @@ _FX void *Token_RestrictHelper3( BOOLEAN UserSidAlreadyInGroups = FALSE; BOOLEAN AnonymousLogonSidAlreadyInGroups = FALSE; // todo: should we do somethign with SandboxieLogonSid here? + BOOLEAN KeepUserGroup = Conf_Get_Boolean(proc->box->name, L"KeepUserGroup", 0, FALSE); n = 0; @@ -1467,8 +1467,11 @@ _FX void *Token_RestrictHelper3( if (Groups->Groups[i].Attributes & SE_GROUP_INTEGRITY) continue; - if (RtlEqualSid(Groups->Groups[i].Sid, UserSid)) + if (RtlEqualSid(Groups->Groups[i].Sid, UserSid)) { + if (KeepUserGroup) + continue; UserSidAlreadyInGroups = TRUE; + } if (RtlEqualSid(Groups->Groups[i].Sid, AnonymousLogonSid)) AnonymousLogonSidAlreadyInGroups = TRUE; @@ -1482,7 +1485,7 @@ _FX void *Token_RestrictHelper3( // append the user SID and the anonymous logon SID to the array // - if (!UserSidAlreadyInGroups) { + if (!UserSidAlreadyInGroups && !KeepUserGroup) { Disabled->Groups[n].Sid = UserSid; Disabled->Groups[n].Attributes = 0; @@ -1529,7 +1532,7 @@ _FX void *Token_RestrictHelper3( if (!NT_SUCCESS(status)) { NewTokenObject = NULL; - Log_Status_Ex_Session(MSG_1222, 0x33, status, NULL, SessionId); + Log_Status_Ex_Session(MSG_1222, 0x33, status, NULL, proc->box->session_id); } } diff --git a/Sandboxie/install/Templates.ini b/Sandboxie/install/Templates.ini index b448a8d9..cb48fcb1 100644 --- a/Sandboxie/install/Templates.ini +++ b/Sandboxie/install/Templates.ini @@ -3385,6 +3385,10 @@ RpcPortBinding=kernel32.dll,'0497b57d-2e66-424f-a0c6-157cd5d41700@ncalrpc:',Reso RpcPortBindingIfId=AppInfo,{0497b57d-2e66-424f-a0c6-157cd5d41700} #RpcPortBindingSvc=AppInfo,appinfo +# AppInfo for Store Apps +RpcPortBinding=apisethost.appexecutionalias.dll,'0497b57d-2e66-424f-a0c6-157cd5d41700@ncalrpc:',Resolve=AppInfo,TimeOut=n + + # RpcMgmtSetComTimeout presets UseRpcMgmtSetComTimeout=AppXDeploymentClient.dll,y UseRpcMgmtSetComTimeout=WINNSI.DLL,n diff --git a/Sandboxie/msgs/Sbie-English-1033.txt b/Sandboxie/msgs/Sbie-English-1033.txt index 934fab7a..5a1bb828 100644 --- a/Sandboxie/msgs/Sbie-English-1033.txt +++ b/Sandboxie/msgs/Sbie-English-1033.txt @@ -748,6 +748,10 @@ Remove command from command history Select the sandbox in which to start the program or document. . +3107;txt;01 +Type the name, or path to a program to open the following file with in the current sandbox: +. + 3111;txt;01 Sandboxie Start Menu - %2 %0 . diff --git a/SandboxiePlus/QSbieAPI/SbieAPI.cpp b/SandboxiePlus/QSbieAPI/SbieAPI.cpp index 24d9df43..7a2be769 100644 --- a/SandboxiePlus/QSbieAPI/SbieAPI.cpp +++ b/SandboxiePlus/QSbieAPI/SbieAPI.cpp @@ -993,7 +993,7 @@ QString CSbieAPI::GetUserSection(QString* pUserName, bool* pIsAdmin) const return UserSection; } -SB_STATUS CSbieAPI::RunStart(const QString& BoxName, const QString& Command, bool Elevated, const QString& WorkingDir) +SB_STATUS CSbieAPI::RunStart(const QString& BoxName, const QString& Command, bool Elevated, const QString& WorkingDir, QProcess* pProcess) { if (m_SbiePath.isEmpty()) return SB_ERR(SB_PathFail); @@ -1010,13 +1010,23 @@ SB_STATUS CSbieAPI::RunStart(const QString& BoxName, const QString& Command, boo //wchar_t sysPath[MAX_PATH]; //GetSystemDirectoryW(sysPath, MAX_PATH); - QProcess process; - //process.setWorkingDirectory(QString::fromWCharArray(sysPath)); - if (!WorkingDir.isEmpty()) - process.setWorkingDirectory(WorkingDir); - process.setProgram(GetStartPath()); - process.setNativeArguments(StartArgs); - process.startDetached(); + if (pProcess) { + //pProcess->setWorkingDirectory(QString::fromWCharArray(sysPath)); + if (!WorkingDir.isEmpty()) + pProcess->setWorkingDirectory(WorkingDir); + pProcess->setProgram(GetStartPath()); + pProcess->setNativeArguments(StartArgs); + pProcess->start(); + } + else { + QProcess process; + //process.setWorkingDirectory(QString::fromWCharArray(sysPath)); + if (!WorkingDir.isEmpty()) + process.setWorkingDirectory(WorkingDir); + process.setProgram(GetStartPath()); + process.setNativeArguments(StartArgs); + process.startDetached(); + } /* QString CommandLine = "\"" + GetStartPath() + "\" " + StartArgs; diff --git a/SandboxiePlus/QSbieAPI/SbieAPI.h b/SandboxiePlus/QSbieAPI/SbieAPI.h index 5ffddadd..1193b377 100644 --- a/SandboxiePlus/QSbieAPI/SbieAPI.h +++ b/SandboxiePlus/QSbieAPI/SbieAPI.h @@ -131,7 +131,7 @@ public: // Other virtual QString GetSbieMsgStr(quint32 code, quint32 Lang = 1033); - virtual SB_STATUS RunStart(const QString& BoxName, const QString& Command, bool Elevated = false, const QString& WorkingDir = QString()); + virtual SB_STATUS RunStart(const QString& BoxName, const QString& Command, bool Elevated = false, const QString& WorkingDir = QString(), QProcess* pProcess = NULL); virtual QString GetStartPath() const; virtual quint32 GetSessionID() const; diff --git a/SandboxiePlus/QSbieAPI/SbieUtils.cpp b/SandboxiePlus/QSbieAPI/SbieUtils.cpp index d612812b..e1411426 100644 --- a/SandboxiePlus/QSbieAPI/SbieUtils.cpp +++ b/SandboxiePlus/QSbieAPI/SbieUtils.cpp @@ -347,7 +347,7 @@ bool CSbieUtils::GetStartMenuShortcut(CSbieAPI* pApi, QString &BoxName, QString QString Command = "start_menu:" + QString::fromWCharArray(MapName); if (!LinkPath.isEmpty()) Command += ":" + LinkPath; - pApi->RunStart(BoxName, Command, &Process); + pApi->RunStart(BoxName, Command, false, QString(), &Process); //Process.waitForFinished(-1); while(Process.state() != QProcess::NotRunning) QCoreApplication::processEvents(); // keep UI responsive diff --git a/SandboxiePlus/SandMan/SbiePlusAPI.cpp b/SandboxiePlus/SandMan/SbiePlusAPI.cpp index 2f6e10f4..dcb45740 100644 --- a/SandboxiePlus/SandMan/SbiePlusAPI.cpp +++ b/SandboxiePlus/SandMan/SbiePlusAPI.cpp @@ -163,8 +163,10 @@ bool CSandBoxPlus::CheckUnsecureConfig() const if (GetBool("OriginalToken", false)) return true; if (GetBool("OpenToken", false)) return true; if(GetBool("UnrestrictedToken", false)) return true; - if (!GetBool("AnonymousLogon", true)) return true; if (GetBool("KeepTokenIntegrity", false)) return true; + if (GetBool("UnstrippedToken", false)) return true; + if (GetBool("KeepUserGroup", false)) return true; + if (!GetBool("AnonymousLogon", true)) return true; if(GetBool("UnfilteredToken", false)) return true; if (GetBool("DisableFileFilter", false)) return true; if (GetBool("DisableKeyFilter", false)) return true; diff --git a/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp b/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp index 6e4f5f92..35e8cf79 100644 --- a/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp +++ b/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp @@ -65,7 +65,7 @@ void COptionsWindow::LoadAdvanced() { ui.chkPreferExternalManifest->setChecked(m_pBox->GetBool("PreferExternalManifest", false)); ui.chkNestedJobs->setChecked(m_pBox->GetBool("AllowBoxedJobs", false)); - ui.chkUseSbieWndStation->setChecked(m_pBox->GetBool("UseSbieWndStation", false)); + ui.chkUseSbieWndStation->setChecked(m_pBox->GetBool("UseSbieWndStation", true)); ui.chkAddToJob->setChecked(!m_pBox->GetBool("NoAddProcessToJob", false)); ui.chkProtectSCM->setChecked(!m_pBox->GetBool("UnrestrictedSCM", false)); @@ -130,7 +130,7 @@ void COptionsWindow::LoadAdvanced() void COptionsWindow::SaveAdvanced() { WriteAdvancedCheck(ui.chkPreferExternalManifest, "PreferExternalManifest", "y", ""); - WriteAdvancedCheck(ui.chkUseSbieWndStation, "UseSbieWndStation", "y", ""); + WriteAdvancedCheck(ui.chkUseSbieWndStation, "UseSbieWndStation", "", "n"); WriteAdvancedCheck(ui.chkAddToJob, "NoAddProcessToJob", "", "y"); WriteAdvancedCheck(ui.chkProtectSCM, "UnrestrictedSCM", "", "y"); @@ -242,10 +242,14 @@ void COptionsWindow::OnOpenCOM() { if (ui.chkOpenCOM->isChecked()) { SetAccessEntry(eIPC, "", eOpen, "\\RPC Control\\epmapper"); + SetAccessEntry(eIPC, "", eOpen, "\\RPC Control\\LRPC*"); + SetAccessEntry(eIPC, "", eOpen, "\\RPC Control\\OLE*"); SetAccessEntry(eIPC, "", eOpen, "*\\BaseNamedObjects*\\__ComCatalogCache__"); } else { DelAccessEntry(eIPC, "", eOpen, "\\RPC Control\\epmapper"); + DelAccessEntry(eIPC, "", eOpen, "\\RPC Control\\LRPC*"); + DelAccessEntry(eIPC, "", eOpen, "\\RPC Control\\OLE*"); DelAccessEntry(eIPC, "", eOpen, "*\\BaseNamedObjects*\\__ComCatalogCache__"); } } @@ -399,6 +403,8 @@ void COptionsWindow::CreateDebug() QString Info = DbgOption.Name + "=" + DbgOption.Value; QCheckBox* pCheck = new QCheckBox(tr("%1 (%2)").arg(Description).arg(Info)); + if (ValueDescr.size() >= 2 && ValueDescr[1] == "x") + pCheck->setDisabled(true); //pCheck->setToolTip(Info); ui.dbgLayout->addWidget(pCheck, RowCount++, Column, 1, 10-Column); @@ -439,4 +445,4 @@ void COptionsWindow::SaveDebug() WriteAdvancedCheck(pCheck, DbgOption.Name, DbgOption.Value); DbgOption.Changed = false; } -} +} \ No newline at end of file diff --git a/SandboxiePlus/SandMan/Windows/RecoveryWindow.cpp b/SandboxiePlus/SandMan/Windows/RecoveryWindow.cpp index c167eb91..ef57d97e 100644 --- a/SandboxiePlus/SandMan/Windows/RecoveryWindow.cpp +++ b/SandboxiePlus/SandMan/Windows/RecoveryWindow.cpp @@ -83,7 +83,7 @@ CRecoveryWindow::CRecoveryWindow(const CSandBoxPtr& pBox, QWidget *parent) //connect(ui.treeFiles, SIGNAL(clicked(const QModelIndex&)), this, SLOT(UpdateSnapshot(const QModelIndex&))); //connect(ui.treeFiles->selectionModel(), SIGNAL(currentChanged(QModelIndex, QModelIndex)), this, SLOT(UpdateSnapshot(const QModelIndex&))); - //connect(ui.treeFiles, SIGNAL(doubleClicked(const QModelIndex&)), this, SLOT(OnSelectSnapshot())); + connect(ui.treeFiles, SIGNAL(doubleClicked(const QModelIndex&)), this, SLOT(OnRecover())); connect(ui.btnAddFolder, SIGNAL(clicked(bool)), this, SLOT(OnAddFolder())); connect(ui.chkShowAll, SIGNAL(clicked(bool)), this, SLOT(FindFiles())); diff --git a/SandboxiePlus/version.h b/SandboxiePlus/version.h index 7d1a151a..48502e7c 100644 --- a/SandboxiePlus/version.h +++ b/SandboxiePlus/version.h @@ -2,7 +2,7 @@ #define VERSION_MJR 1 #define VERSION_MIN 0 -#define VERSION_REV 5 +#define VERSION_REV 6 #define VERSION_UPD 0 #ifndef STR