1.0.6
This commit is contained in:
parent
77f8af3a60
commit
f85991b4c9
17
CHANGELOG.md
17
CHANGELOG.md
|
@ -4,6 +4,23 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [1.0.6 / 5.55.6] - 2021-12-??
|
||||||
|
|
||||||
|
### Added
|
||||||
|
- replaced open with with a sandboxie dialog to work on win 10 [#1138](https://github.com/sandboxie-plus/Sandboxie/issues/1138)
|
||||||
|
- added ability to run store apps in app container mode, requirers COM to be open
|
||||||
|
- added new debug options "UnstrippedToken=y" and "KeepUserGroup=y"
|
||||||
|
- added double click to recovery window [#1466](https://github.com/sandboxie-plus/Sandboxie/issues/1466)
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
- "UseSbieWndStation=y" is now the default behavioure [#1442](https://github.com/sandboxie-plus/Sandboxie/issues/1442)
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
- fixed box initialization issue in privacy mode [#1469](https://github.com/sandboxie-plus/Sandboxie/issues/1469)
|
||||||
|
- fixed issue creating shortcuts introduced in a recent build [#1471](https://github.com/sandboxie-plus/Sandboxie/issues/1471)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## [1.0.5 / 5.55.5] - 2021-12-25
|
## [1.0.5 / 5.55.5] - 2021-12-25
|
||||||
|
|
||||||
|
|
|
@ -509,11 +509,23 @@ INT_PTR RunDialogProc(
|
||||||
SetDlgItemText(hwnd, IDCANCEL, SbieDll_FormatMessage0(MSG_3002));
|
SetDlgItemText(hwnd, IDCANCEL, SbieDll_FormatMessage0(MSG_3002));
|
||||||
SetDlgItemText(hwnd, IDBROWSE, SbieDll_FormatMessage0(MSG_3003));
|
SetDlgItemText(hwnd, IDBROWSE, SbieDll_FormatMessage0(MSG_3003));
|
||||||
|
|
||||||
SetDlgItemText(hwnd, IDRUNDLGTEXT,
|
extern BOOL execute_open_with;
|
||||||
|
if (execute_open_with)
|
||||||
|
{
|
||||||
|
SetDlgItemText(hwnd, IDRUNDLGTEXT,
|
||||||
|
SbieDll_FormatMessage0(MSG_3107));
|
||||||
|
|
||||||
|
extern PWSTR ChildCmdLine;
|
||||||
|
SetDlgItemText(hwnd, IDRUNDLGTEXT2, ChildCmdLine);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
SetDlgItemText(hwnd, IDRUNDLGTEXT,
|
||||||
SbieDll_FormatMessage0(MSG_3103));
|
SbieDll_FormatMessage0(MSG_3103));
|
||||||
|
|
||||||
SetDlgItemText(hwnd, IDRUNDLGTEXT2,
|
SetDlgItemText(hwnd, IDRUNDLGTEXT2,
|
||||||
SbieDll_FormatMessage0(MSG_3104));
|
SbieDll_FormatMessage0(MSG_3104));
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// position window
|
// position window
|
||||||
|
|
|
@ -81,6 +81,7 @@ BOOL run_mail_agent = FALSE;
|
||||||
BOOL display_run_dialog = FALSE;
|
BOOL display_run_dialog = FALSE;
|
||||||
BOOL display_start_menu = FALSE;
|
BOOL display_start_menu = FALSE;
|
||||||
BOOL execute_auto_run = FALSE;
|
BOOL execute_auto_run = FALSE;
|
||||||
|
BOOL execute_open_with = FALSE;
|
||||||
BOOL run_elevated_2 = FALSE;
|
BOOL run_elevated_2 = FALSE;
|
||||||
BOOL disable_force_on_this_program = FALSE;
|
BOOL disable_force_on_this_program = FALSE;
|
||||||
BOOL auto_select_default_box = FALSE;
|
BOOL auto_select_default_box = FALSE;
|
||||||
|
@ -388,6 +389,7 @@ BOOL Parse_Command_Line(void)
|
||||||
static const WCHAR *mail_agent = L"mail_agent";
|
static const WCHAR *mail_agent = L"mail_agent";
|
||||||
static const WCHAR *run_dialog = L"run_dialog";
|
static const WCHAR *run_dialog = L"run_dialog";
|
||||||
static const WCHAR *start_menu = L"start_menu";
|
static const WCHAR *start_menu = L"start_menu";
|
||||||
|
static const WCHAR *open_with = L"open_with";
|
||||||
static const WCHAR *auto_run = L"auto_run";
|
static const WCHAR *auto_run = L"auto_run";
|
||||||
static const WCHAR *mount_hive = L"mount_hive";
|
static const WCHAR *mount_hive = L"mount_hive";
|
||||||
static const WCHAR *delete_sandbox = L"delete_sandbox";
|
static const WCHAR *delete_sandbox = L"delete_sandbox";
|
||||||
|
@ -757,6 +759,27 @@ BOOL Parse_Command_Line(void)
|
||||||
|
|
||||||
return TRUE;
|
return TRUE;
|
||||||
|
|
||||||
|
// show open with dialog
|
||||||
|
|
||||||
|
} else if (wcsncmp(cmd, open_with, wcslen(open_with)) == 0) {
|
||||||
|
|
||||||
|
/*if (! SbieApi_QueryProcessInfo(
|
||||||
|
(HANDLE)(ULONG_PTR)GetCurrentProcessId(), 0)) {
|
||||||
|
// this is the instance of Start.exe outside the sandbox
|
||||||
|
// so just resend the start_menu command line to the
|
||||||
|
// instance that will restart in the sandbox
|
||||||
|
ChildCmdLine = cmd;
|
||||||
|
|
||||||
|
}*/
|
||||||
|
|
||||||
|
execute_open_with = TRUE;
|
||||||
|
|
||||||
|
DWORD len = wcslen(open_with) + 1;
|
||||||
|
ChildCmdLine = MyHeapAlloc((wcslen(cmd) - len) * sizeof(WCHAR));
|
||||||
|
wcscpy(ChildCmdLine, cmd + len);
|
||||||
|
|
||||||
|
return TRUE;
|
||||||
|
|
||||||
// run auto start entries
|
// run auto start entries
|
||||||
|
|
||||||
} else if (wcsncmp(cmd, auto_run, wcslen(auto_run)) == 0) {
|
} else if (wcsncmp(cmd, auto_run, wcslen(auto_run)) == 0) {
|
||||||
|
@ -1690,9 +1713,20 @@ int __stdcall WinMainCRTStartup(
|
||||||
|
|
||||||
while (1) {
|
while (1) {
|
||||||
|
|
||||||
if (display_run_dialog) {
|
if (display_run_dialog || execute_open_with) {
|
||||||
MyCoInitialize();
|
MyCoInitialize();
|
||||||
ChildCmdLine = DoRunDialog(GetModuleHandle(NULL));
|
WCHAR* CmdLine = DoRunDialog(GetModuleHandle(NULL));
|
||||||
|
if (! ChildCmdLine)
|
||||||
|
ChildCmdLine = CmdLine;
|
||||||
|
else { // execute_open_with
|
||||||
|
WCHAR* FilePath = ChildCmdLine;
|
||||||
|
DWORD len = wcslen(CmdLine) + 1 + wcslen(FilePath) + 16;
|
||||||
|
ChildCmdLine = MyHeapAlloc(len * sizeof(WCHAR));
|
||||||
|
wsprintf(ChildCmdLine, L"%s %s", CmdLine, FilePath);
|
||||||
|
MyHeapFree(CmdLine);
|
||||||
|
MyHeapFree(FilePath);
|
||||||
|
}
|
||||||
|
|
||||||
} else if (display_start_menu) {
|
} else if (display_start_menu) {
|
||||||
if (! ChildCmdLine)
|
if (! ChildCmdLine)
|
||||||
ChildCmdLine = DoStartMenu();
|
ChildCmdLine = DoStartMenu();
|
||||||
|
|
|
@ -21,8 +21,8 @@
|
||||||
#ifndef _MY_VERSION_H
|
#ifndef _MY_VERSION_H
|
||||||
#define _MY_VERSION_H
|
#define _MY_VERSION_H
|
||||||
|
|
||||||
#define MY_VERSION_BINARY 5,55,5
|
#define MY_VERSION_BINARY 5,55,6
|
||||||
#define MY_VERSION_STRING "5.55.5"
|
#define MY_VERSION_STRING "5.55.6"
|
||||||
#define MY_VERSION_COMPAT "5.55.0" // this refers to the driver ABI compatibility
|
#define MY_VERSION_COMPAT "5.55.0" // this refers to the driver ABI compatibility
|
||||||
|
|
||||||
// These #defines are used by either Resource Compiler, or by NSIC installer
|
// These #defines are used by either Resource Compiler, or by NSIC installer
|
||||||
|
|
|
@ -43,6 +43,7 @@ static BOOLEAN DisableWerFaultUI(void);
|
||||||
static BOOLEAN EnableMsiDebugging(void);
|
static BOOLEAN EnableMsiDebugging(void);
|
||||||
static BOOLEAN Custom_EnableBrowseNewProcess(void);
|
static BOOLEAN Custom_EnableBrowseNewProcess(void);
|
||||||
static BOOLEAN Custom_DisableBHOs(void);
|
static BOOLEAN Custom_DisableBHOs(void);
|
||||||
|
static BOOLEAN Custom_OpenWith(void);
|
||||||
static HANDLE OpenExplorerKey(
|
static HANDLE OpenExplorerKey(
|
||||||
HANDLE ParentKey, const WCHAR *SubkeyName, ULONG *error);
|
HANDLE ParentKey, const WCHAR *SubkeyName, ULONG *error);
|
||||||
static void DeleteShellAssocKeys(ULONG Wow64);
|
static void DeleteShellAssocKeys(ULONG Wow64);
|
||||||
|
@ -71,9 +72,9 @@ _FX BOOLEAN CustomizeSandbox(void)
|
||||||
// customize sandbox if we need to
|
// customize sandbox if we need to
|
||||||
//
|
//
|
||||||
|
|
||||||
if (GetSetCustomLevel(0) != '1') {
|
Key_CreateBaseKeys();
|
||||||
|
|
||||||
Key_CreateBaseKeys();
|
if (GetSetCustomLevel(0) != '2') {
|
||||||
|
|
||||||
Custom_CreateRegLinks();
|
Custom_CreateRegLinks();
|
||||||
DisableDCOM();
|
DisableDCOM();
|
||||||
|
@ -85,8 +86,10 @@ _FX BOOLEAN CustomizeSandbox(void)
|
||||||
Custom_EnableBrowseNewProcess();
|
Custom_EnableBrowseNewProcess();
|
||||||
DeleteShellAssocKeys(0);
|
DeleteShellAssocKeys(0);
|
||||||
Custom_DisableBHOs();
|
Custom_DisableBHOs();
|
||||||
|
if (Dll_OsBuild >= 8400) // only on win 8 and later
|
||||||
|
Custom_OpenWith();
|
||||||
|
|
||||||
GetSetCustomLevel('1');
|
GetSetCustomLevel('2');
|
||||||
|
|
||||||
//
|
//
|
||||||
// process user-defined AutoExec settings
|
// process user-defined AutoExec settings
|
||||||
|
@ -132,6 +135,8 @@ _FX UCHAR GetSetCustomLevel(UCHAR SetLevel)
|
||||||
|
|
||||||
wcscpy(path, L"\\registry\\user\\");
|
wcscpy(path, L"\\registry\\user\\");
|
||||||
wcscat(path, Dll_SidString);
|
wcscat(path, Dll_SidString);
|
||||||
|
//wcscpy(path, Dll_BoxKeyPath);
|
||||||
|
//wcscat(path, L"\\user\\current");
|
||||||
wcscat(path, L"\\software\\SandboxAutoExec");
|
wcscat(path, L"\\software\\SandboxAutoExec");
|
||||||
|
|
||||||
RtlInitUnicodeString(&uni, path);
|
RtlInitUnicodeString(&uni, path);
|
||||||
|
@ -438,6 +443,110 @@ _FX BOOLEAN EnableMsiDebugging(void)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
//---------------------------------------------------------------------------
|
||||||
|
// Custom_OpenWith
|
||||||
|
//
|
||||||
|
// Replace open With dialog as on Win10 it requirers UWP support
|
||||||
|
//---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
_FX BOOLEAN Custom_OpenWith(void)
|
||||||
|
{
|
||||||
|
NTSTATUS status;
|
||||||
|
OBJECT_ATTRIBUTES objattrs;
|
||||||
|
UNICODE_STRING uni;
|
||||||
|
HANDLE hKeyRoot;
|
||||||
|
HANDLE hKey;
|
||||||
|
HANDLE hKeyCL;
|
||||||
|
|
||||||
|
ULONG OpenWithSize = (wcslen(Dll_BoxName) + 128) * sizeof(WCHAR);
|
||||||
|
WCHAR* OpenWithStr = Dll_AllocTemp(OpenWithSize);
|
||||||
|
OpenWithStr[0] = L'\"';
|
||||||
|
wcscpy(&OpenWithStr[1], Dll_HomeDosPath);
|
||||||
|
wcscat(OpenWithStr, L"\\" START_EXE L"\" open_with \"%1\"");
|
||||||
|
OpenWithSize = (wcslen(OpenWithStr) + 1) * sizeof(WCHAR);
|
||||||
|
|
||||||
|
// Open HKLM
|
||||||
|
RtlInitUnicodeString(&uni, Custom_PrefixHKLM);
|
||||||
|
InitializeObjectAttributes(&objattrs, &uni, OBJ_CASE_INSENSITIVE, NULL, NULL);
|
||||||
|
if (NtOpenKey(&hKeyRoot, KEY_READ, &objattrs) == STATUS_SUCCESS)
|
||||||
|
{
|
||||||
|
// open Classes key
|
||||||
|
RtlInitUnicodeString(&uni, L"SOFTWARE\\Classes");
|
||||||
|
InitializeObjectAttributes(&objattrs, &uni, OBJ_CASE_INSENSITIVE, hKeyRoot, NULL);
|
||||||
|
if (Key_OpenOrCreateIfBoxed(&hKeyCL, KEY_ALL_ACCESS, &objattrs) == STATUS_SUCCESS)
|
||||||
|
{
|
||||||
|
// open/create Undecided\shell\open\command key
|
||||||
|
RtlInitUnicodeString(&uni, L"Undecided\\shell\\open\\command");
|
||||||
|
InitializeObjectAttributes(&objattrs, &uni, OBJ_CASE_INSENSITIVE, hKeyCL, NULL);
|
||||||
|
if (Key_OpenOrCreateIfBoxed(&hKey, KEY_ALL_ACCESS, &objattrs) == STATUS_SUCCESS)
|
||||||
|
{
|
||||||
|
// set @ = "..."
|
||||||
|
RtlInitUnicodeString(&uni, L"");
|
||||||
|
status = NtSetValueKey(hKey, &uni, 0, REG_SZ, (BYTE *)OpenWithStr, OpenWithSize);
|
||||||
|
|
||||||
|
RtlInitUnicodeString(&uni, L"DelegateExecute");
|
||||||
|
NtDeleteValueKey(hKey, &uni);
|
||||||
|
|
||||||
|
NtClose(hKey);
|
||||||
|
}
|
||||||
|
|
||||||
|
// open/create Unknown\shell\Open\command key
|
||||||
|
RtlInitUnicodeString(&uni, L"Unknown\\shell\\Open\\command");
|
||||||
|
InitializeObjectAttributes(&objattrs, &uni, OBJ_CASE_INSENSITIVE, hKeyCL, NULL);
|
||||||
|
if (Key_OpenOrCreateIfBoxed(&hKey, KEY_ALL_ACCESS, &objattrs) == STATUS_SUCCESS)
|
||||||
|
{
|
||||||
|
// set @ = "..."
|
||||||
|
RtlInitUnicodeString(&uni, L"");
|
||||||
|
status = NtSetValueKey(hKey, &uni, 0, REG_SZ, (BYTE *)OpenWithStr, OpenWithSize);
|
||||||
|
|
||||||
|
RtlInitUnicodeString(&uni, L"DelegateExecute");
|
||||||
|
NtDeleteValueKey(hKey, &uni);
|
||||||
|
|
||||||
|
NtClose(hKey);
|
||||||
|
}
|
||||||
|
|
||||||
|
// open/create Unknown\shell\openas\command key
|
||||||
|
RtlInitUnicodeString(&uni, L"Unknown\\shell\\openas\\command");
|
||||||
|
InitializeObjectAttributes(&objattrs, &uni, OBJ_CASE_INSENSITIVE, hKeyCL, NULL);
|
||||||
|
if (Key_OpenOrCreateIfBoxed(&hKey, KEY_ALL_ACCESS, &objattrs) == STATUS_SUCCESS)
|
||||||
|
{
|
||||||
|
// set @ = "..."
|
||||||
|
RtlInitUnicodeString(&uni, L"");
|
||||||
|
status = NtSetValueKey(hKey, &uni, 0, REG_SZ, (BYTE *)OpenWithStr, OpenWithSize);
|
||||||
|
|
||||||
|
RtlInitUnicodeString(&uni, L"DelegateExecute");
|
||||||
|
NtDeleteValueKey(hKey, &uni);
|
||||||
|
|
||||||
|
NtClose(hKey);
|
||||||
|
}
|
||||||
|
|
||||||
|
// open/create Unknown\shell\OpenWithSetDefaultOn\command key
|
||||||
|
RtlInitUnicodeString(&uni, L"Unknown\\shell\\OpenWithSetDefaultOn\\command");
|
||||||
|
InitializeObjectAttributes(&objattrs, &uni, OBJ_CASE_INSENSITIVE, hKeyCL, NULL);
|
||||||
|
if (Key_OpenOrCreateIfBoxed(&hKey, KEY_ALL_ACCESS, &objattrs) == STATUS_SUCCESS)
|
||||||
|
{
|
||||||
|
// set @ = "..."
|
||||||
|
RtlInitUnicodeString(&uni, L"");
|
||||||
|
status = NtSetValueKey(hKey, &uni, 0, REG_SZ, (BYTE *)OpenWithStr, OpenWithSize);
|
||||||
|
|
||||||
|
RtlInitUnicodeString(&uni, L"DelegateExecute");
|
||||||
|
NtDeleteValueKey(hKey, &uni);
|
||||||
|
|
||||||
|
NtClose(hKey);
|
||||||
|
}
|
||||||
|
|
||||||
|
NtClose(hKeyCL);
|
||||||
|
}
|
||||||
|
NtClose(hKeyRoot);
|
||||||
|
}
|
||||||
|
|
||||||
|
Dll_Free(OpenWithStr);
|
||||||
|
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
// DisableWerFaultUI
|
// DisableWerFaultUI
|
||||||
//
|
//
|
||||||
|
|
|
@ -244,7 +244,7 @@ _FX BOOLEAN Gui_InitEnum(void)
|
||||||
// raises an error when CreateDesktop is call. This hook
|
// raises an error when CreateDesktop is call. This hook
|
||||||
// is removed for chrome. See advapi.c: AdvApi_GetSecurityInfo
|
// is removed for chrome. See advapi.c: AdvApi_GetSecurityInfo
|
||||||
|
|
||||||
if (!Config_GetSettingsForImageName_bool(L"UseSbieWndStation", FALSE) &&
|
if (!Config_GetSettingsForImageName_bool(L"UseSbieWndStation", TRUE) &&
|
||||||
(Dll_ImageType != DLL_IMAGE_GOOGLE_CHROME) &&
|
(Dll_ImageType != DLL_IMAGE_GOOGLE_CHROME) &&
|
||||||
(Dll_ImageType != DLL_IMAGE_MOZILLA_FIREFOX)) {
|
(Dll_ImageType != DLL_IMAGE_MOZILLA_FIREFOX)) {
|
||||||
SBIEDLL_HOOK_GUI(CreateDesktopW);
|
SBIEDLL_HOOK_GUI(CreateDesktopW);
|
||||||
|
|
|
@ -4300,7 +4300,10 @@ _FX void Key_CreateBaseKeys()
|
||||||
UNICODE_STRING objname;
|
UNICODE_STRING objname;
|
||||||
WCHAR* base_keys[] = {
|
WCHAR* base_keys[] = {
|
||||||
L"\\machine\\system", L"\\machine\\software",
|
L"\\machine\\system", L"\\machine\\software",
|
||||||
L"\\user\\current\\software", L"\\user\\current_Classes", NULL};
|
L"\\user\\current\\software", L"\\user\\current_Classes",
|
||||||
|
L"\\machine\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
|
||||||
|
L"\\user\\current\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
|
||||||
|
NULL};
|
||||||
|
|
||||||
//
|
//
|
||||||
// in privacy mode we need to pre create some keys or else the box initialization will fail
|
// in privacy mode we need to pre create some keys or else the box initialization will fail
|
||||||
|
|
|
@ -182,6 +182,10 @@ _FX void Ldr_LoadInjectDlls(BOOLEAN bHostInject)
|
||||||
WCHAR *dllname = Dll_AllocTemp(MAX_PATH * 2 * sizeof(WCHAR));
|
WCHAR *dllname = Dll_AllocTemp(MAX_PATH * 2 * sizeof(WCHAR));
|
||||||
ULONG index = 0;
|
ULONG index = 0;
|
||||||
|
|
||||||
|
//
|
||||||
|
// We also end up here form host injection mode so Dll_HomeDosPath is not available
|
||||||
|
//
|
||||||
|
|
||||||
WCHAR *path = Dll_AllocTemp(1024 * sizeof(WCHAR));
|
WCHAR *path = Dll_AllocTemp(1024 * sizeof(WCHAR));
|
||||||
SbieApi_GetHomePath(NULL, 0, path, 1020);
|
SbieApi_GetHomePath(NULL, 0, path, 1020);
|
||||||
|
|
||||||
|
|
|
@ -274,6 +274,15 @@ _FX NTSTATUS Key_Callback(void *Context, void *Arg1, void *Arg2)
|
||||||
pRemainingName = &RemainingName;
|
pRemainingName = &RemainingName;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// Store app container support
|
||||||
|
//
|
||||||
|
|
||||||
|
if (Driver_OsVersion >= DRIVER_WINDOWS_10) {
|
||||||
|
if (_wcsnicmp(pRemainingName->Buffer, proc->box->key_path + 9, (proc->box->key_path_len - (sizeof(WCHAR) * (9 + 1))) / sizeof(WCHAR)) == 0) // +9 skip \REGISTRY, +1 don't compare '\0'
|
||||||
|
return STATUS_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// call Key_MyParseProc_2
|
// call Key_MyParseProc_2
|
||||||
//
|
//
|
||||||
|
|
|
@ -69,7 +69,7 @@ static NTSTATUS Token_RestrictHelper2(
|
||||||
|
|
||||||
static void *Token_RestrictHelper3(
|
static void *Token_RestrictHelper3(
|
||||||
void *TokenObject, TOKEN_GROUPS *Groups, TOKEN_PRIVILEGES *Privileges,
|
void *TokenObject, TOKEN_GROUPS *Groups, TOKEN_PRIVILEGES *Privileges,
|
||||||
PSID UserSid, ULONG FilterFlags, ULONG SessionId);
|
PSID UserSid, ULONG FilterFlags, PROCESS *proc);
|
||||||
|
|
||||||
static BOOLEAN Token_AssignPrimary(
|
static BOOLEAN Token_AssignPrimary(
|
||||||
void *ProcessObject, void *TokenObject, ULONG SessionId);
|
void *ProcessObject, void *TokenObject, ULONG SessionId);
|
||||||
|
@ -894,6 +894,11 @@ _FX void *Token_Restrict(
|
||||||
void *FixedTokenObject = Token_RestrictHelper1(
|
void *FixedTokenObject = Token_RestrictHelper1(
|
||||||
TokenObject, OutIntegrityLevel, proc);
|
TokenObject, OutIntegrityLevel, proc);
|
||||||
|
|
||||||
|
// OpenToken BEGIN
|
||||||
|
if (Conf_Get_Boolean(proc->box->name, L"UnstrippedToken", 0, FALSE))
|
||||||
|
NewTokenObject = FixedTokenObject;
|
||||||
|
else
|
||||||
|
// OpenToken END
|
||||||
if (FixedTokenObject) {
|
if (FixedTokenObject) {
|
||||||
|
|
||||||
TOKEN_PRIVILEGES *privs_arg =
|
TOKEN_PRIVILEGES *privs_arg =
|
||||||
|
@ -901,17 +906,11 @@ _FX void *Token_Restrict(
|
||||||
|
|
||||||
NewTokenObject = Token_RestrictHelper3(
|
NewTokenObject = Token_RestrictHelper3(
|
||||||
FixedTokenObject, groups, privs_arg,
|
FixedTokenObject, groups, privs_arg,
|
||||||
user->User.Sid, FilterFlags, proc->box->session_id);
|
user->User.Sid, FilterFlags, proc);
|
||||||
|
|
||||||
ObDereferenceObject(FixedTokenObject);
|
ObDereferenceObject(FixedTokenObject);
|
||||||
|
|
||||||
}
|
}
|
||||||
else
|
|
||||||
NewTokenObject = NULL;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
else
|
|
||||||
NewTokenObject = NULL;
|
|
||||||
|
|
||||||
if (user)
|
if (user)
|
||||||
ExFreePool(user);
|
ExFreePool(user);
|
||||||
|
@ -1430,7 +1429,7 @@ _FX NTSTATUS Token_RestrictHelper2(
|
||||||
|
|
||||||
_FX void *Token_RestrictHelper3(
|
_FX void *Token_RestrictHelper3(
|
||||||
void *TokenObject, TOKEN_GROUPS *Groups, TOKEN_PRIVILEGES *Privileges,
|
void *TokenObject, TOKEN_GROUPS *Groups, TOKEN_PRIVILEGES *Privileges,
|
||||||
PSID UserSid, ULONG FilterFlags, ULONG SessionId)
|
PSID UserSid, ULONG FilterFlags, PROCESS *proc)
|
||||||
{
|
{
|
||||||
void *NewTokenObject;
|
void *NewTokenObject;
|
||||||
TOKEN_GROUPS *Disabled;
|
TOKEN_GROUPS *Disabled;
|
||||||
|
@ -1459,6 +1458,7 @@ _FX void *Token_RestrictHelper3(
|
||||||
BOOLEAN UserSidAlreadyInGroups = FALSE;
|
BOOLEAN UserSidAlreadyInGroups = FALSE;
|
||||||
BOOLEAN AnonymousLogonSidAlreadyInGroups = FALSE;
|
BOOLEAN AnonymousLogonSidAlreadyInGroups = FALSE;
|
||||||
// todo: should we do somethign with SandboxieLogonSid here?
|
// todo: should we do somethign with SandboxieLogonSid here?
|
||||||
|
BOOLEAN KeepUserGroup = Conf_Get_Boolean(proc->box->name, L"KeepUserGroup", 0, FALSE);
|
||||||
|
|
||||||
n = 0;
|
n = 0;
|
||||||
|
|
||||||
|
@ -1467,8 +1467,11 @@ _FX void *Token_RestrictHelper3(
|
||||||
if (Groups->Groups[i].Attributes & SE_GROUP_INTEGRITY)
|
if (Groups->Groups[i].Attributes & SE_GROUP_INTEGRITY)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (RtlEqualSid(Groups->Groups[i].Sid, UserSid))
|
if (RtlEqualSid(Groups->Groups[i].Sid, UserSid)) {
|
||||||
|
if (KeepUserGroup)
|
||||||
|
continue;
|
||||||
UserSidAlreadyInGroups = TRUE;
|
UserSidAlreadyInGroups = TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
if (RtlEqualSid(Groups->Groups[i].Sid, AnonymousLogonSid))
|
if (RtlEqualSid(Groups->Groups[i].Sid, AnonymousLogonSid))
|
||||||
AnonymousLogonSidAlreadyInGroups = TRUE;
|
AnonymousLogonSidAlreadyInGroups = TRUE;
|
||||||
|
@ -1482,7 +1485,7 @@ _FX void *Token_RestrictHelper3(
|
||||||
// append the user SID and the anonymous logon SID to the array
|
// append the user SID and the anonymous logon SID to the array
|
||||||
//
|
//
|
||||||
|
|
||||||
if (!UserSidAlreadyInGroups) {
|
if (!UserSidAlreadyInGroups && !KeepUserGroup) {
|
||||||
|
|
||||||
Disabled->Groups[n].Sid = UserSid;
|
Disabled->Groups[n].Sid = UserSid;
|
||||||
Disabled->Groups[n].Attributes = 0;
|
Disabled->Groups[n].Attributes = 0;
|
||||||
|
@ -1529,7 +1532,7 @@ _FX void *Token_RestrictHelper3(
|
||||||
if (!NT_SUCCESS(status)) {
|
if (!NT_SUCCESS(status)) {
|
||||||
|
|
||||||
NewTokenObject = NULL;
|
NewTokenObject = NULL;
|
||||||
Log_Status_Ex_Session(MSG_1222, 0x33, status, NULL, SessionId);
|
Log_Status_Ex_Session(MSG_1222, 0x33, status, NULL, proc->box->session_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -3385,6 +3385,10 @@ RpcPortBinding=kernel32.dll,'0497b57d-2e66-424f-a0c6-157cd5d41700@ncalrpc:',Reso
|
||||||
RpcPortBindingIfId=AppInfo,{0497b57d-2e66-424f-a0c6-157cd5d41700}
|
RpcPortBindingIfId=AppInfo,{0497b57d-2e66-424f-a0c6-157cd5d41700}
|
||||||
#RpcPortBindingSvc=AppInfo,appinfo
|
#RpcPortBindingSvc=AppInfo,appinfo
|
||||||
|
|
||||||
|
# AppInfo for Store Apps
|
||||||
|
RpcPortBinding=apisethost.appexecutionalias.dll,'0497b57d-2e66-424f-a0c6-157cd5d41700@ncalrpc:',Resolve=AppInfo,TimeOut=n
|
||||||
|
|
||||||
|
|
||||||
# RpcMgmtSetComTimeout presets
|
# RpcMgmtSetComTimeout presets
|
||||||
UseRpcMgmtSetComTimeout=AppXDeploymentClient.dll,y
|
UseRpcMgmtSetComTimeout=AppXDeploymentClient.dll,y
|
||||||
UseRpcMgmtSetComTimeout=WINNSI.DLL,n
|
UseRpcMgmtSetComTimeout=WINNSI.DLL,n
|
||||||
|
|
|
@ -748,6 +748,10 @@ Remove command from command history
|
||||||
Select the sandbox in which to start the program or document.
|
Select the sandbox in which to start the program or document.
|
||||||
.
|
.
|
||||||
|
|
||||||
|
3107;txt;01
|
||||||
|
Type the name, or path to a program to open the following file with in the current sandbox:
|
||||||
|
.
|
||||||
|
|
||||||
3111;txt;01
|
3111;txt;01
|
||||||
Sandboxie Start Menu - %2 %0
|
Sandboxie Start Menu - %2 %0
|
||||||
.
|
.
|
||||||
|
|
|
@ -993,7 +993,7 @@ QString CSbieAPI::GetUserSection(QString* pUserName, bool* pIsAdmin) const
|
||||||
return UserSection;
|
return UserSection;
|
||||||
}
|
}
|
||||||
|
|
||||||
SB_STATUS CSbieAPI::RunStart(const QString& BoxName, const QString& Command, bool Elevated, const QString& WorkingDir)
|
SB_STATUS CSbieAPI::RunStart(const QString& BoxName, const QString& Command, bool Elevated, const QString& WorkingDir, QProcess* pProcess)
|
||||||
{
|
{
|
||||||
if (m_SbiePath.isEmpty())
|
if (m_SbiePath.isEmpty())
|
||||||
return SB_ERR(SB_PathFail);
|
return SB_ERR(SB_PathFail);
|
||||||
|
@ -1010,13 +1010,23 @@ SB_STATUS CSbieAPI::RunStart(const QString& BoxName, const QString& Command, boo
|
||||||
|
|
||||||
//wchar_t sysPath[MAX_PATH];
|
//wchar_t sysPath[MAX_PATH];
|
||||||
//GetSystemDirectoryW(sysPath, MAX_PATH);
|
//GetSystemDirectoryW(sysPath, MAX_PATH);
|
||||||
QProcess process;
|
if (pProcess) {
|
||||||
//process.setWorkingDirectory(QString::fromWCharArray(sysPath));
|
//pProcess->setWorkingDirectory(QString::fromWCharArray(sysPath));
|
||||||
if (!WorkingDir.isEmpty())
|
if (!WorkingDir.isEmpty())
|
||||||
process.setWorkingDirectory(WorkingDir);
|
pProcess->setWorkingDirectory(WorkingDir);
|
||||||
process.setProgram(GetStartPath());
|
pProcess->setProgram(GetStartPath());
|
||||||
process.setNativeArguments(StartArgs);
|
pProcess->setNativeArguments(StartArgs);
|
||||||
process.startDetached();
|
pProcess->start();
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
QProcess process;
|
||||||
|
//process.setWorkingDirectory(QString::fromWCharArray(sysPath));
|
||||||
|
if (!WorkingDir.isEmpty())
|
||||||
|
process.setWorkingDirectory(WorkingDir);
|
||||||
|
process.setProgram(GetStartPath());
|
||||||
|
process.setNativeArguments(StartArgs);
|
||||||
|
process.startDetached();
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
QString CommandLine = "\"" + GetStartPath() + "\" " + StartArgs;
|
QString CommandLine = "\"" + GetStartPath() + "\" " + StartArgs;
|
||||||
|
|
|
@ -131,7 +131,7 @@ public:
|
||||||
// Other
|
// Other
|
||||||
virtual QString GetSbieMsgStr(quint32 code, quint32 Lang = 1033);
|
virtual QString GetSbieMsgStr(quint32 code, quint32 Lang = 1033);
|
||||||
|
|
||||||
virtual SB_STATUS RunStart(const QString& BoxName, const QString& Command, bool Elevated = false, const QString& WorkingDir = QString());
|
virtual SB_STATUS RunStart(const QString& BoxName, const QString& Command, bool Elevated = false, const QString& WorkingDir = QString(), QProcess* pProcess = NULL);
|
||||||
virtual QString GetStartPath() const;
|
virtual QString GetStartPath() const;
|
||||||
|
|
||||||
virtual quint32 GetSessionID() const;
|
virtual quint32 GetSessionID() const;
|
||||||
|
|
|
@ -347,7 +347,7 @@ bool CSbieUtils::GetStartMenuShortcut(CSbieAPI* pApi, QString &BoxName, QString
|
||||||
QString Command = "start_menu:" + QString::fromWCharArray(MapName);
|
QString Command = "start_menu:" + QString::fromWCharArray(MapName);
|
||||||
if (!LinkPath.isEmpty())
|
if (!LinkPath.isEmpty())
|
||||||
Command += ":" + LinkPath;
|
Command += ":" + LinkPath;
|
||||||
pApi->RunStart(BoxName, Command, &Process);
|
pApi->RunStart(BoxName, Command, false, QString(), &Process);
|
||||||
//Process.waitForFinished(-1);
|
//Process.waitForFinished(-1);
|
||||||
while(Process.state() != QProcess::NotRunning)
|
while(Process.state() != QProcess::NotRunning)
|
||||||
QCoreApplication::processEvents(); // keep UI responsive
|
QCoreApplication::processEvents(); // keep UI responsive
|
||||||
|
|
|
@ -163,8 +163,10 @@ bool CSandBoxPlus::CheckUnsecureConfig() const
|
||||||
if (GetBool("OriginalToken", false)) return true;
|
if (GetBool("OriginalToken", false)) return true;
|
||||||
if (GetBool("OpenToken", false)) return true;
|
if (GetBool("OpenToken", false)) return true;
|
||||||
if(GetBool("UnrestrictedToken", false)) return true;
|
if(GetBool("UnrestrictedToken", false)) return true;
|
||||||
if (!GetBool("AnonymousLogon", true)) return true;
|
|
||||||
if (GetBool("KeepTokenIntegrity", false)) return true;
|
if (GetBool("KeepTokenIntegrity", false)) return true;
|
||||||
|
if (GetBool("UnstrippedToken", false)) return true;
|
||||||
|
if (GetBool("KeepUserGroup", false)) return true;
|
||||||
|
if (!GetBool("AnonymousLogon", true)) return true;
|
||||||
if(GetBool("UnfilteredToken", false)) return true;
|
if(GetBool("UnfilteredToken", false)) return true;
|
||||||
if (GetBool("DisableFileFilter", false)) return true;
|
if (GetBool("DisableFileFilter", false)) return true;
|
||||||
if (GetBool("DisableKeyFilter", false)) return true;
|
if (GetBool("DisableKeyFilter", false)) return true;
|
||||||
|
|
|
@ -65,7 +65,7 @@ void COptionsWindow::LoadAdvanced()
|
||||||
{
|
{
|
||||||
ui.chkPreferExternalManifest->setChecked(m_pBox->GetBool("PreferExternalManifest", false));
|
ui.chkPreferExternalManifest->setChecked(m_pBox->GetBool("PreferExternalManifest", false));
|
||||||
ui.chkNestedJobs->setChecked(m_pBox->GetBool("AllowBoxedJobs", false));
|
ui.chkNestedJobs->setChecked(m_pBox->GetBool("AllowBoxedJobs", false));
|
||||||
ui.chkUseSbieWndStation->setChecked(m_pBox->GetBool("UseSbieWndStation", false));
|
ui.chkUseSbieWndStation->setChecked(m_pBox->GetBool("UseSbieWndStation", true));
|
||||||
|
|
||||||
ui.chkAddToJob->setChecked(!m_pBox->GetBool("NoAddProcessToJob", false));
|
ui.chkAddToJob->setChecked(!m_pBox->GetBool("NoAddProcessToJob", false));
|
||||||
ui.chkProtectSCM->setChecked(!m_pBox->GetBool("UnrestrictedSCM", false));
|
ui.chkProtectSCM->setChecked(!m_pBox->GetBool("UnrestrictedSCM", false));
|
||||||
|
@ -130,7 +130,7 @@ void COptionsWindow::LoadAdvanced()
|
||||||
void COptionsWindow::SaveAdvanced()
|
void COptionsWindow::SaveAdvanced()
|
||||||
{
|
{
|
||||||
WriteAdvancedCheck(ui.chkPreferExternalManifest, "PreferExternalManifest", "y", "");
|
WriteAdvancedCheck(ui.chkPreferExternalManifest, "PreferExternalManifest", "y", "");
|
||||||
WriteAdvancedCheck(ui.chkUseSbieWndStation, "UseSbieWndStation", "y", "");
|
WriteAdvancedCheck(ui.chkUseSbieWndStation, "UseSbieWndStation", "", "n");
|
||||||
|
|
||||||
WriteAdvancedCheck(ui.chkAddToJob, "NoAddProcessToJob", "", "y");
|
WriteAdvancedCheck(ui.chkAddToJob, "NoAddProcessToJob", "", "y");
|
||||||
WriteAdvancedCheck(ui.chkProtectSCM, "UnrestrictedSCM", "", "y");
|
WriteAdvancedCheck(ui.chkProtectSCM, "UnrestrictedSCM", "", "y");
|
||||||
|
@ -242,10 +242,14 @@ void COptionsWindow::OnOpenCOM()
|
||||||
{
|
{
|
||||||
if (ui.chkOpenCOM->isChecked()) {
|
if (ui.chkOpenCOM->isChecked()) {
|
||||||
SetAccessEntry(eIPC, "", eOpen, "\\RPC Control\\epmapper");
|
SetAccessEntry(eIPC, "", eOpen, "\\RPC Control\\epmapper");
|
||||||
|
SetAccessEntry(eIPC, "", eOpen, "\\RPC Control\\LRPC*");
|
||||||
|
SetAccessEntry(eIPC, "", eOpen, "\\RPC Control\\OLE*");
|
||||||
SetAccessEntry(eIPC, "", eOpen, "*\\BaseNamedObjects*\\__ComCatalogCache__");
|
SetAccessEntry(eIPC, "", eOpen, "*\\BaseNamedObjects*\\__ComCatalogCache__");
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
DelAccessEntry(eIPC, "", eOpen, "\\RPC Control\\epmapper");
|
DelAccessEntry(eIPC, "", eOpen, "\\RPC Control\\epmapper");
|
||||||
|
DelAccessEntry(eIPC, "", eOpen, "\\RPC Control\\LRPC*");
|
||||||
|
DelAccessEntry(eIPC, "", eOpen, "\\RPC Control\\OLE*");
|
||||||
DelAccessEntry(eIPC, "", eOpen, "*\\BaseNamedObjects*\\__ComCatalogCache__");
|
DelAccessEntry(eIPC, "", eOpen, "*\\BaseNamedObjects*\\__ComCatalogCache__");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -399,6 +403,8 @@ void COptionsWindow::CreateDebug()
|
||||||
|
|
||||||
QString Info = DbgOption.Name + "=" + DbgOption.Value;
|
QString Info = DbgOption.Name + "=" + DbgOption.Value;
|
||||||
QCheckBox* pCheck = new QCheckBox(tr("%1 (%2)").arg(Description).arg(Info));
|
QCheckBox* pCheck = new QCheckBox(tr("%1 (%2)").arg(Description).arg(Info));
|
||||||
|
if (ValueDescr.size() >= 2 && ValueDescr[1] == "x")
|
||||||
|
pCheck->setDisabled(true);
|
||||||
//pCheck->setToolTip(Info);
|
//pCheck->setToolTip(Info);
|
||||||
ui.dbgLayout->addWidget(pCheck, RowCount++, Column, 1, 10-Column);
|
ui.dbgLayout->addWidget(pCheck, RowCount++, Column, 1, 10-Column);
|
||||||
|
|
||||||
|
@ -439,4 +445,4 @@ void COptionsWindow::SaveDebug()
|
||||||
WriteAdvancedCheck(pCheck, DbgOption.Name, DbgOption.Value);
|
WriteAdvancedCheck(pCheck, DbgOption.Name, DbgOption.Value);
|
||||||
DbgOption.Changed = false;
|
DbgOption.Changed = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -83,7 +83,7 @@ CRecoveryWindow::CRecoveryWindow(const CSandBoxPtr& pBox, QWidget *parent)
|
||||||
|
|
||||||
//connect(ui.treeFiles, SIGNAL(clicked(const QModelIndex&)), this, SLOT(UpdateSnapshot(const QModelIndex&)));
|
//connect(ui.treeFiles, SIGNAL(clicked(const QModelIndex&)), this, SLOT(UpdateSnapshot(const QModelIndex&)));
|
||||||
//connect(ui.treeFiles->selectionModel(), SIGNAL(currentChanged(QModelIndex, QModelIndex)), this, SLOT(UpdateSnapshot(const QModelIndex&)));
|
//connect(ui.treeFiles->selectionModel(), SIGNAL(currentChanged(QModelIndex, QModelIndex)), this, SLOT(UpdateSnapshot(const QModelIndex&)));
|
||||||
//connect(ui.treeFiles, SIGNAL(doubleClicked(const QModelIndex&)), this, SLOT(OnSelectSnapshot()));
|
connect(ui.treeFiles, SIGNAL(doubleClicked(const QModelIndex&)), this, SLOT(OnRecover()));
|
||||||
|
|
||||||
connect(ui.btnAddFolder, SIGNAL(clicked(bool)), this, SLOT(OnAddFolder()));
|
connect(ui.btnAddFolder, SIGNAL(clicked(bool)), this, SLOT(OnAddFolder()));
|
||||||
connect(ui.chkShowAll, SIGNAL(clicked(bool)), this, SLOT(FindFiles()));
|
connect(ui.chkShowAll, SIGNAL(clicked(bool)), this, SLOT(FindFiles()));
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
#define VERSION_MJR 1
|
#define VERSION_MJR 1
|
||||||
#define VERSION_MIN 0
|
#define VERSION_MIN 0
|
||||||
#define VERSION_REV 5
|
#define VERSION_REV 6
|
||||||
#define VERSION_UPD 0
|
#define VERSION_UPD 0
|
||||||
|
|
||||||
#ifndef STR
|
#ifndef STR
|
||||||
|
|
Loading…
Reference in New Issue