From f8f78faffda1cf6c0deec737b8b7382570cbcbec Mon Sep 17 00:00:00 2001
From: DavidXanatos <3890945+DavidXanatos@users.noreply.github.com>
Date: Fri, 28 Apr 2023 08:44:42 +0200
Subject: [PATCH] 1.9.2

---
 Sandboxie/core/dll/proc.c       | 69 +++++++++++++++++++--------------
 Sandboxie/install/Templates.ini | 15 ++++---
 2 files changed, 50 insertions(+), 34 deletions(-)

diff --git a/Sandboxie/core/dll/proc.c b/Sandboxie/core/dll/proc.c
index 3010daff..5b968331 100644
--- a/Sandboxie/core/dll/proc.c
+++ b/Sandboxie/core/dll/proc.c
@@ -1016,34 +1016,34 @@ _FX BOOL Proc_CreateProcessInternalW(
         // the system may have quoted the first part of the command line,
         // store this final command line
         //
-
-        if (TlsData->proc_command_line)
-            Dll_Free(TlsData->proc_command_line);
-
-        ULONG len = 0;
-        WCHAR* buf = NULL;
-
-        if (lpApplicationName) {
-            len = wcslen(lpApplicationName) + 2;        // +1 for space, +1 for NULL
-        }
-
-        if (lpCommandLine) {
-            len += wcslen(lpCommandLine) + 1;           // +1 for NULL
-        }
-
-        buf = Dll_Alloc(len * sizeof(WCHAR));
-        memset(buf, 0, len * sizeof(WCHAR));
-
-        if (lpApplicationName) {
-            wcscpy(buf, lpApplicationName);
-            wcscat(buf, L" ");
-        }
-
-        if (lpCommandLine) {
-            wcscat(buf, lpCommandLine);
-        }
-
-        TlsData->proc_command_line = buf;
+        //
+        //if (TlsData->proc_command_line)
+        //    Dll_Free(TlsData->proc_command_line);
+        //
+        //ULONG len = 0;
+        //WCHAR* buf = NULL;
+        //
+        //if (lpApplicationName) {
+        //    len = wcslen(lpApplicationName) + 2;        // +1 for space, +1 for NULL
+        //}
+        //
+        //if (lpCommandLine) {
+        //    len += wcslen(lpCommandLine) + 1;           // +1 for NULL
+        //}
+        //
+        //buf = Dll_Alloc(len * sizeof(WCHAR));
+        //memset(buf, 0, len * sizeof(WCHAR));
+        //
+        //if (lpApplicationName) {
+        //    wcscpy(buf, lpApplicationName);
+        //    wcscat(buf, L" ");
+        //}
+        //
+        //if (lpCommandLine) {
+        //    wcscat(buf, lpCommandLine);
+        //}
+        //
+        //TlsData->proc_command_line = buf;
 
     }
     else { // xp, 7, 8 and 10 before RS5
@@ -1574,6 +1574,12 @@ finish:
 
         if (Config_GetSettingsForImageName_bool(L"ApplyElevateCreateProcessFix", FALSE))
         {
+            if (Dll_OsBuild >= 17677) { // 10 RS5 and later
+
+                if (TlsData->proc_image_is_copy && TlsData->proc_command_line)
+                    lpCommandLine = TlsData->proc_command_line;
+            }
+
             BOOL cancelled = FALSE;
             if (SH32_DoRunAs(lpCommandLine ? lpCommandLine : lpApplicationName, lpCurrentDirectory,
                 lpProcessInformation, &cancelled)) {
@@ -2214,7 +2220,7 @@ _FX NTSTATUS Proc_NtCreateUserProcess(
     _In_opt_ POBJECT_ATTRIBUTES ThreadObjectAttributes,
     _In_ ULONG ProcessFlags, // PROCESS_CREATE_FLAGS_*
     _In_ ULONG ThreadFlags, // THREAD_CREATE_FLAGS_*
-    _In_opt_ PVOID ProcessParameters, // PRTL_USER_PROCESS_PARAMETERS
+    _In_opt_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters,
     _Inout_ PPS_CREATE_INFO CreateInfo,
     _In_ PPS_ATTRIBUTE_LIST AttributeList)
 {
@@ -2260,6 +2266,11 @@ _FX NTSTATUS Proc_NtCreateUserProcess(
 
                 Proc_StoreImagePath(TlsData, FileHandle);
 
+                if (TlsData->proc_image_path && ProcessParameters && ProcessParameters->CommandLine.Buffer) {
+
+                    Proc_FixBatchCommandLine(TlsData, ProcessParameters->CommandLine.Buffer, TlsData->proc_image_path);
+                }
+
                 NtClose(FileHandle);
             }
         }
diff --git a/Sandboxie/install/Templates.ini b/Sandboxie/install/Templates.ini
index 1583c981..242a26b3 100644
--- a/Sandboxie/install/Templates.ini
+++ b/Sandboxie/install/Templates.ini
@@ -409,10 +409,6 @@ NormalFilePath=\Device\Ndis
 NormalFilePath=\Device\PcwDrv
 # Smart App Control
 NormalFilePath=\Device\SrpDevice
-# shell & ui
-NormalKeyPath=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\*
-NormalKeyPath=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\*
-NormalKeyPath=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\*
 
 #
 # Access rules for privacy enhanced boxes
@@ -429,7 +425,16 @@ NormalFilePath=%SystemRoot%\*
 NormalFilePath=%SbieHome%\*
 NormalFilePath=%ProgramFiles%\*
 NormalFilePath=%ProgramFiles% (x86)\*
-
+# shell & ui
+NormalKeyPath=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\*
+NormalKeyPath=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\*
+NormalKeyPath=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\*
+NormalKeyPath=HKEY_CURRENT_USER\SOFTWARE\Classes
+NormalKeyPath=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts
+NormalKeyPath=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
+NormalKeyPath=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts
+NormalKeyPath=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\FileAssociations
+NormalKeyPath=HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Associations
 
 #
 # Access rules for app compartment boxes