Build 0.9.6

CHANGELOG.md

@@ -18,11 +18,10 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 - fixed issue when renaming a box it lost its group association
 - fixed issue with Thunderbird build 91+ [#1156](https://github.com/sandboxie-plus/Sandboxie/issues/1156)
 - fixed an issue with file disposition handling [#1161](https://github.com/sandboxie-plus/Sandboxie/issues/1161)
+- fixed issue with windows 11 22449.1000 [#1164](https://github.com/sandboxie-plus/Sandboxie/issues/1164)
 - fixed SRWare Iron template (by Dyras) [#1146](https://github.com/sandboxie-plus/Sandboxie/pull/1146)
 - fixed labels position in Classic UI (by isaak654) [#1088](https://github.com/sandboxie-plus/Sandboxie/issues/1088)
 
-### Removed
-- removed "DelayLoadDll=" code from the driver as the user mode component since open sourcing never used that information
 
 
 

Sandboxie/core/drv/file.c

@@ -64,13 +64,13 @@ typedef struct _MY_CONTEXT {
 } MY_CONTEXT;
 
 
-//typedef struct _BLOCKED_DLL {
-//
-//    LIST_ELEM list_elem;
-//    ULONG path_len;
-//    WCHAR path[4];      // padding bytes
-//
-//} BLOCKED_DLL;
+typedef struct _BLOCKED_DLL {
+
+    LIST_ELEM list_elem;
+    ULONG path_len;
+    WCHAR path[4];      // padding bytes
+
+} BLOCKED_DLL;
 
 
 
@@ -227,7 +227,7 @@ _FX BOOLEAN File_Init(void)
     Api_SetFunction(API_REFRESH_FILE_PATH_LIST, File_Api_RefreshPathList);
     Api_SetFunction(API_OPEN_FILE,              File_Api_Open);
     Api_SetFunction(API_CHECK_INTERNET_ACCESS,  File_Api_CheckInternetAccess);
-    //Api_SetFunction(API_GET_BLOCKED_DLL,        File_Api_GetBlockedDll);
+    Api_SetFunction(API_GET_BLOCKED_DLL,        File_Api_GetBlockedDll);
 
     return TRUE;
 }
@@ -931,29 +931,29 @@ _FX BOOLEAN File_InitProcess(PROCESS *proc)
 //---------------------------------------------------------------------------
 
 
-//_FX BOOLEAN File_IsDelayLoadDll(PROCESS *proc, const WCHAR *DllName)
-//{
-//    BOOLEAN retval = FALSE;
-//    ULONG idx = 0;
-//
-//    Conf_AdjustUseCount(TRUE);
-//
-//    while (1) {
-//        const WCHAR *value = Conf_Get(proc->box->name, L"DelayLoadDll", idx);
-//        if (! value)
-//            break;
-//        //DbgPrint("Comparing <%S> vs <%S>\n", DllName, value);
-//        if (_wcsicmp(value, DllName) == 0) {
-//            retval = TRUE;
-//            break;
-//        }
-//        ++idx;
-//    }
-//
-//    Conf_AdjustUseCount(FALSE);
-//
-//    return retval;
-//}
+_FX BOOLEAN File_IsDelayLoadDll(PROCESS *proc, const WCHAR *DllName)
+{
+    BOOLEAN retval = FALSE;
+    ULONG idx = 0;
+
+    Conf_AdjustUseCount(TRUE);
+
+    while (1) {
+        const WCHAR *value = Conf_Get(proc->box->name, L"DelayLoadDll", idx);
+        if (! value)
+            break;
+        //DbgPrint("Comparing <%S> vs <%S>\n", DllName, value);
+        if (_wcsicmp(value, DllName) == 0) {
+            retval = TRUE;
+            break;
+        }
+        ++idx;
+    }
+
+    Conf_AdjustUseCount(FALSE);
+
+    return retval;
+}
 
 
 //---------------------------------------------------------------------------
@@ -1420,33 +1420,32 @@ _FX NTSTATUS File_Generic_MyParseProc(
         // has been initialized, then pretend the file does not exist,
         // and add the DLL path so it can be loaded by SbieDll
         //
-        // DX: this info does not seam to be so no point in saving this data
-        //
-        //if ((! proc->sbiedll_loaded) && status == STATUS_SUCCESS
-        //        && (CreateOptions & FILE_DIRECTORY_FILE) == 0) {
-        //
-        //    WCHAR *backslash = wcsrchr(path, L'\\');
-        //    if (backslash && File_IsDelayLoadDll(proc, backslash + 1)) {
-        //
-        //        ULONG len = sizeof(BLOCKED_DLL) + path_len * sizeof(WCHAR);
-        //        BLOCKED_DLL *blk = Mem_Alloc(proc->pool, len);
-        //        if (blk) {
-        //
-        //            blk->path_len = path_len;
-        //            wmemcpy(blk->path, path, path_len + 1);
-        //
-        //            KeRaiseIrql(APC_LEVEL, &irql);
-        //            ExAcquireResourceExclusiveLite(proc->file_lock, TRUE);
-        //
-        //            List_Insert_After(&proc->blocked_dlls, NULL, blk);
-        //
-        //            ExReleaseResourceLite(proc->file_lock);
-        //            KeLowerIrql(irql);
-        //        }
-        //
-        //        status = STATUS_OBJECT_NAME_NOT_FOUND;
-        //    }
-        //}
+
+        if ((! proc->sbiedll_loaded) && status == STATUS_SUCCESS
+                && (CreateOptions & FILE_DIRECTORY_FILE) == 0) {
+        
+            WCHAR *backslash = wcsrchr(path, L'\\');
+            if (backslash && File_IsDelayLoadDll(proc, backslash + 1)) {
+        
+                ULONG len = sizeof(BLOCKED_DLL) + path_len * sizeof(WCHAR);
+                BLOCKED_DLL *blk = Mem_Alloc(proc->pool, len);
+                if (blk) {
+        
+                    blk->path_len = path_len;
+                    wmemcpy(blk->path, path, path_len + 1);
+        
+                    KeRaiseIrql(APC_LEVEL, &irql);
+                    ExAcquireResourceExclusiveLite(proc->file_lock, TRUE);
+        
+                    List_Insert_After(&proc->blocked_dlls, NULL, blk);
+        
+                    ExReleaseResourceLite(proc->file_lock);
+                    KeLowerIrql(irql);
+                }
+        
+                status = STATUS_OBJECT_NAME_NOT_FOUND;
+            }
+        }
 
         //
         // release temporary path
@@ -2515,69 +2514,69 @@ get_program:
 //---------------------------------------------------------------------------
 
 
-//_FX NTSTATUS File_Api_GetBlockedDll(PROCESS *proc, ULONG64 *parms)
-//{
-//    API_GET_BLOCKED_DLL_ARGS *args = (API_GET_BLOCKED_DLL_ARGS *)parms;
-//    WCHAR *user_buf;
-//    ULONG user_len;
-//    ULONG len;
-//    NTSTATUS status;
-//    BLOCKED_DLL *blk;
-//    KIRQL irql;
-//
-//    //
-//    // this API must be invoked by a sandboxed process
-//    //
-//
-//    if (! proc)
-//        return STATUS_NOT_IMPLEMENTED;
-//
-//    //
-//    // check input buffers
-//    //
-//
-//    user_buf = args->dll_name_buf.val;
-//    user_len = args->dll_name_len.val / sizeof(WCHAR);
-//    if ((! user_buf) || (! user_len))
-//        return STATUS_INVALID_PARAMETER;
-//
-//    //
-//    // return first blocked dll in the list
-//    //
-//
-//    KeRaiseIrql(APC_LEVEL, &irql);
-//    ExAcquireResourceExclusiveLite(proc->file_lock, TRUE);
-//
-//    blk = List_Head(&proc->blocked_dlls);
-//    if (! blk)
-//        status = STATUS_END_OF_FILE;
-//    else {
-//
-//        __try {
-//
-//            len = blk->path_len;
-//            if (len >= user_len)
-//                len = user_len - 1;
-//
-//            ProbeForWrite(
-//                user_buf, sizeof(WCHAR) * (len + 1), sizeof(WCHAR));
-//            wmemcpy(user_buf, blk->path, len);
-//            user_buf[len] = L'\0';
-//
-//            status = STATUS_SUCCESS;
-//
-//        } __except (EXCEPTION_EXECUTE_HANDLER) {
-//            status = GetExceptionCode();
-//        }
-//
-//        List_Remove(&proc->blocked_dlls, blk);
-//
-//        len = sizeof(BLOCKED_DLL) + blk->path_len * sizeof(WCHAR);
-//        Mem_Free(blk, len);
-//    }
-//
-//    ExReleaseResourceLite(proc->file_lock);
-//    KeLowerIrql(irql);
-//
-//    return status;
-//}
+_FX NTSTATUS File_Api_GetBlockedDll(PROCESS *proc, ULONG64 *parms)
+{
+    API_GET_BLOCKED_DLL_ARGS *args = (API_GET_BLOCKED_DLL_ARGS *)parms;
+    WCHAR *user_buf;
+    ULONG user_len;
+    ULONG len;
+    NTSTATUS status;
+    BLOCKED_DLL *blk;
+    KIRQL irql;
+
+    //
+    // this API must be invoked by a sandboxed process
+    //
+
+    if (! proc)
+        return STATUS_NOT_IMPLEMENTED;
+
+    //
+    // check input buffers
+    //
+
+    user_buf = args->dll_name_buf.val;
+    user_len = args->dll_name_len.val / sizeof(WCHAR);
+    if ((! user_buf) || (! user_len))
+        return STATUS_INVALID_PARAMETER;
+
+    //
+    // return first blocked dll in the list
+    //
+
+    KeRaiseIrql(APC_LEVEL, &irql);
+    ExAcquireResourceExclusiveLite(proc->file_lock, TRUE);
+
+    blk = List_Head(&proc->blocked_dlls);
+    if (! blk)
+        status = STATUS_END_OF_FILE;
+    else {
+
+        __try {
+
+            len = blk->path_len;
+            if (len >= user_len)
+                len = user_len - 1;
+
+            ProbeForWrite(
+                user_buf, sizeof(WCHAR) * (len + 1), sizeof(WCHAR));
+            wmemcpy(user_buf, blk->path, len);
+            user_buf[len] = L'\0';
+
+            status = STATUS_SUCCESS;
+
+        } __except (EXCEPTION_EXECUTE_HANDLER) {
+            status = GetExceptionCode();
+        }
+
+        List_Remove(&proc->blocked_dlls, blk);
+
+        len = sizeof(BLOCKED_DLL) + blk->path_len * sizeof(WCHAR);
+        Mem_Free(blk, len);
+    }
+
+    ExReleaseResourceLite(proc->file_lock);
+    KeLowerIrql(irql);
+
+    return status;
+}

Sandboxie/core/drv/file.h

@@ -59,7 +59,7 @@ NTSTATUS File_Api_Open(PROCESS *proc, ULONG64 *parms);
 
 NTSTATUS File_Api_CheckInternetAccess(PROCESS *proc, ULONG64 *parms);
 
-//NTSTATUS File_Api_GetBlockedDll(PROCESS *proc, ULONG64 *parms);
+NTSTATUS File_Api_GetBlockedDll(PROCESS *proc, ULONG64 *parms);
 
 
 //---------------------------------------------------------------------------

Sandboxie/core/drv/ipc.c

@@ -546,6 +546,8 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS *proc)
         L"\\RPC Control\\webcache_*",
         L"*\\BaseNamedObjects\\windows_webcache_counters_*",
         L"*\\BaseNamedObjects\\[CoreUI]-*",
+        // open paths 11
+        L"*\\BaseNamedObjects\\SM*:WilStaging_*", // 22449.1000 accesses this before sbiedll load
         NULL
     };
 

Sandboxie/core/drv/process.h

@@ -142,7 +142,7 @@ struct _PROCESS {
     LIST read_file_paths;               // PATTERN elements
     LIST write_file_paths;              // PATTERN elements
     BOOLEAN always_close_for_boxed;
-    //LIST blocked_dlls;
+    LIST blocked_dlls;
     ULONG file_trace;
     ULONG pipe_trace;
     BOOLEAN disable_file_flt;