Merge 1c4fec5f1b into 8517353d75

Added DropAdmin and improved related checkboxes

CHANGELOG.md

@@ -7,6 +7,10 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [1.13.7 / 5.68.7] - 2024-04-
 
+### Added
+- added DropAdmin and improved related checkboxes #3851  https://github.com/sandboxie-plus/Sandboxie/pull/3851 (thanks offhub)
+- added file version info doe SbieDll.dll and SbieSvc.exe to the Plus About dialog
+
 ### Fixed
  - fixed issue with start agent option [#3844](https://github.com/sandboxie-plus/Sandboxie/pull/3844) (thanks offhub)
  - fixed issue with Delete V2 introduced in 1.13.5

Sandboxie/common/my_version.h

@@ -21,9 +21,22 @@
 #ifndef _MY_VERSION_H
 #define _MY_VERSION_H
 
-#define MY_VERSION_BINARY       5,68,7
-#define MY_VERSION_STRING       "5.68.7"
-#define MY_ABI_VERSION          0x56800
+#define STR2(X) #X
+#define STR(X) STR2(X)
+
+#define VERSION_MJR		5
+#define VERSION_MIN 	70
+#define VERSION_REV 	0
+#define VERSION_UPD 	0
+
+#if VERSION_UPD > 0
+  #define MY_VERSION_BINARY VERSION_MJR,VERSION_MIN,VERSION_REV,VERSION_UPD
+  #define MY_VERSION_STRING STR(VERSION_MJR.VERSION_MIN.VERSION_REV.VERSION_UPD)
+#else
+  #define MY_VERSION_BINARY VERSION_MJR,VERSION_MIN,VERSION_REV
+  #define MY_VERSION_STRING STR(VERSION_MJR.VERSION_MIN.VERSION_REV)
+#endif
+#define MY_ABI_VERSION  0x56800
 
 // These #defines are used by either Resource Compiler or NSIS installer
 #define SBIE_INSTALLER_PATH		"..\\Bin\\"

Sandboxie/core/dll/gui.c

@@ -416,7 +416,16 @@ _FX BOOLEAN Gui_Init(HMODULE module)
     GUI_IMPORT___(ClipCursor);
     GUI_IMPORT___(GetClipCursor);
     GUI_IMPORT___(GetCursorPos);
-    GUI_IMPORT___(SetCursorPos);
+	GUI_IMPORT___(SetCursorPos);
+	HMODULE temp = module;
+	module = Dll_Kernel32;
+	GUI_IMPORT___(Sleep);
+	GUI_IMPORT___(SleepEx);
+	GUI_IMPORT___(GetTickCount);
+	GUI_IMPORT___(GetTickCount64);
+	GUI_IMPORT___(QueryUnbiasedInterruptTime);
+	GUI_IMPORT___(QueryPerformanceCounter);
+	module = temp;
 
     GUI_IMPORT___(MsgWaitForMultipleObjects);
     GUI_IMPORT_AW(PeekMessage);

Sandboxie/core/dll/gui_p.h

@@ -100,6 +100,22 @@ typedef void (*P_SwitchToThisWindow)(HWND hWnd, BOOL fAlt);
 
 typedef HWND(*P_SetActiveWindow)(HWND hWnd);
 
+typedef DWORD(*P_GetTickCount)();
+
+typedef ULONGLONG (*P_GetTickCount64)();
+
+typedef BOOL(*P_QueryUnbiasedInterruptTime)(
+	PULONGLONG UnbiasedTime
+	);
+
+typedef void(*P_Sleep)(DWORD dwMiSecond);
+
+typedef DWORD(*P_SleepEx)(DWORD dwMiSecond, BOOL bAlert);
+
+typedef BOOL (*P_QueryPerformanceCounter)(
+	LARGE_INTEGER* lpPerformanceCount
+);
+
 typedef BOOL (*P_GetCursorPos)(LPPOINT lpPoint);
 
 typedef BOOL (*P_SetCursorPos)(int x, int y);
@@ -618,6 +634,13 @@ GUI_SYS_VAR_2(PostMessage)
 GUI_SYS_VAR_2(PostThreadMessage)
 GUI_SYS_VAR_2(DispatchMessage)
 
+GUI_SYS_VAR(Sleep)
+GUI_SYS_VAR(SleepEx)
+GUI_SYS_VAR(GetTickCount)
+GUI_SYS_VAR(QueryUnbiasedInterruptTime)
+GUI_SYS_VAR(GetTickCount64)
+GUI_SYS_VAR(QueryPerformanceCounter)
+
 GUI_SYS_VAR(MapWindowPoints)
 GUI_SYS_VAR(ClientToScreen)
 GUI_SYS_VAR(ScreenToClient)

Sandboxie/core/dll/guimisc.c

@@ -121,6 +121,22 @@ static BOOL Gui_ShutdownBlockReasonCreate(HWND hWnd, LPCWSTR pwszReason);
 
 static EXECUTION_STATE Gui_SetThreadExecutionState(EXECUTION_STATE esFlags);
 
+static DWORD Gui_GetTickCount();
+
+static ULONGLONG Gui_GetTickCount64();
+
+static BOOL Gui_QueryUnbiasedInterruptTime(
+	PULONGLONG UnbiasedTime
+	);
+
+static void Gui_Sleep(DWORD dwMiSecond);
+
+static DWORD Gui_SleepEx(DWORD dwMiSecond, BOOL bAlert);
+
+static BOOL Gui_QueryPerformanceCounter(
+	LARGE_INTEGER* lpPerformanceCount
+	);
+
 
 //---------------------------------------------------------------------------
 
@@ -295,7 +311,21 @@ _FX BOOLEAN Gui_InitMisc(HMODULE module)
 
         SBIEDLL_HOOK(Gui_, SetThreadExecutionState);
     }
-
+	if (SbieApi_QueryConfBool(NULL, L"UseChangeSpeed", FALSE))
+	{
+		module = Dll_Kernel32;
+		SBIEDLL_HOOK(Gui_, GetTickCount);
+		P_GetTickCount64 GetTickCount64 = Ldr_GetProcAddrNew(Dll_Kernel32, "GetTickCount64", "GetTickCount64");
+		if (GetTickCount64)
+			SBIEDLL_HOOK(Gui_, GetTickCount64);
+		P_QueryUnbiasedInterruptTime QueryUnbiasedInterruptTime = Ldr_GetProcAddrNew(Dll_Kernel32, "QueryUnbiasedInterruptTime", "QueryUnbiasedInterruptTime");
+		if (QueryUnbiasedInterruptTime)
+			SBIEDLL_HOOK(Gui_, QueryUnbiasedInterruptTime);
+		SBIEDLL_HOOK(Gui_, QueryPerformanceCounter);
+		SBIEDLL_HOOK(Gui_, Sleep);
+		SBIEDLL_HOOK(Gui_, SleepEx);
+	}
+	
     return TRUE;
 }
 
@@ -1699,3 +1729,35 @@ _FX void Gui_SwitchToThisWindow(HWND hWnd, BOOL fAlt)
 		return;
 	__sys_SwitchToThisWindow(hWnd, fAlt);
 }
+
+_FX DWORD Gui_GetTickCount() {
+	return __sys_GetTickCount() * SbieApi_QueryConfNumber(NULL, L"AddTickSpeed", 1) / SbieApi_QueryConfNumber(NULL,L"LowTickSpeed", 1);
+}
+
+_FX ULONGLONG Gui_GetTickCount64() {
+	return __sys_GetTickCount64() * SbieApi_QueryConfNumber(NULL, L"AddTickSpeed", 1) / SbieApi_QueryConfNumber(NULL, L"LowTickSpeed", 1);
+}
+
+_FX BOOL Gui_QueryUnbiasedInterruptTime(
+	PULONGLONG UnbiasedTime
+) {
+	BOOL rtn = __sys_QueryUnbiasedInterruptTime(UnbiasedTime);
+	*UnbiasedTime *= SbieApi_QueryConfNumber(NULL, L"AddTickSpeed", 1) / SbieApi_QueryConfNumber(NULL, L"LowTickSpeed", 1);
+	return rtn;
+}
+
+_FX void Gui_Sleep(DWORD dwMiSecond) {
+	__sys_Sleep(dwMiSecond * SbieApi_QueryConfNumber(NULL, L"AddSleepSpeed", 1) / SbieApi_QueryConfNumber(NULL, L"LowSleepSpeed", 1));
+}
+
+_FX DWORD Gui_SleepEx(DWORD dwMiSecond, BOOL bAlert) {
+	return __sys_SleepEx(dwMiSecond * SbieApi_QueryConfNumber(NULL, L"AddSleepSpeed", 1) / SbieApi_QueryConfNumber(NULL, L"LowSleepSpeed", 1),bAlert);
+}
+
+_FX BOOL Gui_QueryPerformanceCounter(
+	LARGE_INTEGER* lpPerformanceCount
+) {
+	BOOL rtn = __sys_QueryPerformanceCounter(lpPerformanceCount);
+	lpPerformanceCount->QuadPart = lpPerformanceCount->QuadPart*SbieApi_QueryConfNumber(NULL, L"AddTickSpeed", 1)/ SbieApi_QueryConfNumber(NULL, L"LowTickSpeed", 1);
+	return rtn;
+}

SandboxiePlus/SandMan/Helpers/WinHelper.cpp

@@ -127,4 +127,46 @@ void ProtectWindow(void* hWnd)
         pSetWindowDisplayAffinity = (LPSETWINDOWDISPLAYAFFINITY)GetProcAddress(LoadLibraryA("user32.dll"), "SetWindowDisplayAffinity");
     if (pSetWindowDisplayAffinity)
         pSetWindowDisplayAffinity((HWND)hWnd, 0x00000011);
+}
+
+QString GetProductVersion(const QString &filePath) 
+{
+    QFileInfo check_file(filePath);
+
+    // check if file exists and if yes: Is it really a file and no directory?
+    if (check_file.exists() && check_file.isFile()) {
+        DWORD  verHandle = 0;
+        UINT   size      = 0;
+        LPBYTE lpBuffer  = NULL;
+        DWORD  verSize   = GetFileVersionInfoSize(filePath.toStdWString().c_str(), &verHandle);
+
+        if (verSize != NULL) {
+            LPSTR verData = new char[verSize];
+
+            if (GetFileVersionInfo(filePath.toStdWString().c_str(), verHandle, verSize, verData)) {
+                if (VerQueryValue(verData, L"\\", (VOID FAR* FAR*)&lpBuffer, &size)) {
+                    if (size) {
+                        VS_FIXEDFILEINFO *verInfo = (VS_FIXEDFILEINFO *)lpBuffer;
+                        if (verInfo->dwSignature == 0xfeef04bd) {
+                            // Doesn't matter if you are on 32 bit or 64 bit,
+                            // DWORD is always 32 bits, so first two revision numbers
+                            // come from dwFileVersionMS, last two come from dwFileVersionLS
+                            QString Version = QString("%1.%2.%3")
+                                .arg((verInfo->dwFileVersionMS >> 16) & 0xffff)
+                                .arg((verInfo->dwFileVersionMS >>  0) & 0xffff)
+                                .arg((verInfo->dwFileVersionLS >> 16) & 0xffff)
+                                //.arg((verInfo->dwFileVersionLS >>  0) & 0xffff)
+                                ;
+                            DWORD Update = (verInfo->dwFileVersionLS >> 0) & 0xffff;
+                            if (Update)
+                                Version += QString("%1").arg(QChar((char)('a' + (Update - 1))));
+                            return Version;
+                        }
+                    }
+                }
+            }
+            delete[] verData;
+        }
+    }
+    return QString();
 }

SandboxiePlus/SandMan/Helpers/WinHelper.h

@@ -6,4 +6,6 @@ QPixmap LoadWindowsIcon(const QString& Path, quint32 Index);
 
 bool PickWindowsIcon(QWidget* pParent, QString& Path, quint32& Index);
 
-void ProtectWindow(void* hWnd);
+void ProtectWindow(void* hWnd);
+
+QString GetProductVersion(const QString& filePath);

SandboxiePlus/SandMan/SandMan.cpp

@@ -4101,16 +4101,18 @@ bool CSandMan::IsWFPEnabled() const
 	return (g_FeatureFlags & CSbieAPI::eSbieFeatureWFP) != 0;
 }
 
-QString CSandMan::GetVersion()
+QString CSandMan::GetVersion(bool bWithUpdates)
 {
-	QString Version = QString::number(VERSION_MJR) + "." + QString::number(VERSION_MIN) //.rightJustified(2, '0')
-//#if VERSION_REV > 0 || VERSION_MJR == 0
-		+ "." + QString::number(VERSION_REV)
-//#endif
+	QString Version = QString::number(VERSION_MJR) + "." + QString::number(VERSION_MIN) + "." + QString::number(VERSION_REV);
+	if (bWithUpdates) {
+		int iUpdate = COnlineUpdater::GetCurrentUpdate();
+		if (iUpdate)
+			Version += QChar('a' + (iUpdate - 1));
+	}
 #if VERSION_UPD > 0
-		+ QChar('a' + VERSION_UPD - 1)
+	else
+		Version += QChar('a' + VERSION_UPD - 1);
 #endif
-		;
 	return Version;
 }
 
@@ -4293,30 +4295,39 @@ void CSandMan::OnAbout()
 {
 	if (sender() == m_pAbout)
 	{
+		if ((QGuiApplication::queryKeyboardModifiers() & Qt::ControlModifier) != 0){
+			CSupportDialog::CheckSupport();
+			return;
+		}
+
 		QString AboutCaption = tr(
 			"<h3>About Sandboxie-Plus</h3>"
 			"<p>Version %1</p>"
-			"<p>Copyright (c) 2020-2024 by DavidXanatos</p>"
-		).arg(theGUI->GetVersion());
+			"<p>" MY_COPYRIGHT_STRING "</p>"
+		).arg(theGUI->GetVersion(true));
 
 		QString CertInfo;
-		if (!g_Certificate.isEmpty()) {
-			CertInfo = tr("This copy of Sandboxie+ is certified for: %1").arg(GetArguments(g_Certificate, L'\n', L':').value("NAME"));
-		} else {
-			CertInfo = tr("Sandboxie+ is free for personal and non-commercial use.");
-		}
+		if (!g_Certificate.isEmpty())
+			CertInfo = tr("This copy of Sandboxie-Plus is certified for: %1").arg(GetArguments(g_Certificate, L'\n', L':').value("NAME"));
+		else
+			CertInfo = tr("Sandboxie-Plus is free for personal and non-commercial use.");
+
+		QString SbiePath = theAPI->GetSbiePath();
 
 		QString AboutText = tr(
 			"Sandboxie-Plus is an open source continuation of Sandboxie.<br />"
 			"Visit <a href=\"https://sandboxie-plus.com\">sandboxie-plus.com</a> for more information.<br />"
 			"<br />"
-			"%3<br />"
+			"%2<br />"
 			"<br />"
-			"Driver version: %1<br />"
-			"Features: %2<br />"
+			"Features: %3<br />"
+			"<br />"
+			"Installation: %1<br />"
+			"SbieDrv.sys: %4<br /> SbieSvc.exe: %5<br /> SbieDll.dll: %6<br />"
 			"<br />"
 			"Icons from <a href=\"https://icons8.com\">icons8.com</a>"
-		).arg(theAPI->GetVersion()).arg(theAPI->GetFeatureStr()).arg(CertInfo);
+		).arg(SbiePath).arg(CertInfo).arg(theAPI->GetFeatureStr())
+		.arg(GetProductVersion(SbiePath + "\\SbieDrv.sys")).arg(GetProductVersion(SbiePath + "\\SbieSvc.exe")).arg(GetProductVersion(SbiePath + "\\SbieDll.dll"));
 
 		QMessageBox *msgBox = new QMessageBox(this);
 		msgBox->setAttribute(Qt::WA_DeleteOnClose);

SandboxiePlus/SandMan/SandMan.h

@@ -47,7 +47,7 @@ public:
 	CScriptManager*		GetScripts() { return m_SbieScripts; }
 	CAddonManager*		GetAddonManager() { return m_AddonManager; }
 
-	static QString		GetVersion();
+	static QString		GetVersion(bool bWithUpdates = false);
 	static void			ShowMessageBox(QWidget* Widget, QMessageBox::Icon Icon, const QString& Message);
 
 	bool				IsImDiskReady() const { return m_ImDiskReady; }

SandboxiePlus/SandMan/SandMan.qc.pro

@@ -28,7 +28,7 @@ equals(MY_ARCH, ARM64) {
 CONFIG(debug, debug|release):!contains(QMAKE_HOST.arch, x86_64):LIBS += -L../Bin/Win32/Debug
 CONFIG(release, debug|release):!contains(QMAKE_HOST.arch, x86_64):LIBS += -L../Bin/Win32/Release
 
-LIBS += -lNtdll -lAdvapi32 -lOle32 -lUser32 -lShell32 -lGdi32 -lQSbieAPI -lMiscHelpers -lqtsingleapp -lUGlobalHotkey -lbcrypt
+LIBS += -lNtdll -lAdvapi32 -lOle32 -lUser32 -lShell32 -lGdi32 -lQSbieAPI -lMiscHelpers -lqtsingleapp -lUGlobalHotkey -lbcrypt -lVersion
 
 CONFIG(release, debug|release):{
 QMAKE_CXXFLAGS_RELEASE = $$QMAKE_CFLAGS_RELEASE_WITH_DEBUGINFO

SandboxiePlus/SandMan/Windows/SettingsWindow.cpp

@@ -2449,14 +2449,9 @@ void CSettingsWindow::OnUpdateData(const QVariantMap& Data, const QVariantMap& P
 	if (Data.isEmpty() || Data["error"].toBool())
 		return;
 
-	QString Version = QString::number(VERSION_MJR) + "." + QString::number(VERSION_MIN) + "." + QString::number(VERSION_REV);
-	int iUpdate = COnlineUpdater::GetCurrentUpdate();
-	if(iUpdate) 
-		Version += QChar('a' + (iUpdate - 1));
-
 	m_UpdateData = Data;
 	QVariantMap Releases = m_UpdateData["releases"].toMap();
-	ui.lblCurrent->setText(tr("%1 (Current)").arg(Version));
+	ui.lblCurrent->setText(tr("%1 (Current)").arg(theGUI->GetVersion(true)));
 	ui.lblStable->setText(CSettingsWindow__MkVersion("stable", Releases));
 	ui.lblPreview->setText(CSettingsWindow__MkVersion("preview", Releases));
 	if(ui.radInsider->isEnabled())

SandboxiePlus/SandMan/Wizards/NewBoxWizard.cpp

@@ -252,23 +252,27 @@ SB_STATUS CNewBoxWizard::TryToCreateBox()
                 //pBox->InsertText("ClosedFilePath", "<BlockNetDevices>,InternetAccessDevices");
             }
             pBox->SetBool("BlockNetworkFiles", !field("shareAccess").toBool());
-		    
-            if (field("fakeAdmin").toBool()) {
+
+            bool bHardened = (BoxType == CSandBoxPlus::eHardenedPlus || BoxType == CSandBoxPlus::eHardened);
+            bool bDropAdmin = field("dropAdmin").toBool();
+            if (field("dropAdmin").toBool() && !bHardened)
                 pBox->SetBool("DropAdminRights", true);
+
+            if (field("fakeAdmin").toBool())
                 pBox->SetBool("FakeAdminRights", true);
-            }
-            if(field("msiServer").toBool())
+
+            if(field("msiServer").toBool() && !bDropAdmin && !bHardened)
                 pBox->SetBool("MsiInstallerExemptions", true);
-		    
+
             if(field("boxToken").toBool())
                 pBox->SetBool("SandboxieLogon", true);
-		    
+
             if(field("imagesProtection").toBool())
                 pBox->SetBool("ProtectHostImages", true);
-		    
+
             if (!Password.isEmpty())
                 pBox->ImBoxCreate(ImageSize / 1024, Password);
-		    
+
             if (field("boxVersion").toInt() == 1) {
                 if (theConf->GetBool("Options/WarnDeleteV2", true)) {
                     bool State = false;
@@ -741,6 +745,12 @@ CAdvancedPage::CAdvancedPage(QWidget *parent)
     pAdminLabel->setFont(fnt);
     layout->addWidget(pAdminLabel, row++, 0);
 
+    m_pDropAdmin = new QCheckBox(tr("Drop rights from Administrators and Power Users groups"));
+    m_pDropAdmin->setChecked(theConf->GetBool("BoxDefaults/DropAdmin", false));
+    layout->addWidget(m_pDropAdmin, row++, 1, 1, 3);
+    connect(m_pDropAdmin, &QCheckBox::stateChanged, this, &CAdvancedPage::OnDropAdminChanged);
+    registerField("dropAdmin", m_pDropAdmin);
+
     QCheckBox* pFakeAdmin = new QCheckBox(tr("Make applications think they are running elevated"));
     pFakeAdmin->setChecked(theConf->GetBool("BoxDefaults/FakeAdmin", false));
     layout->addWidget(pFakeAdmin, row++, 1, 1, 3);
@@ -748,7 +758,8 @@ CAdvancedPage::CAdvancedPage(QWidget *parent)
 
     m_pMSIServer = new QCheckBox(tr("Allow MSIServer to run with a sandboxed system token"));
     m_pMSIServer->setToolTip(tr("This option is not recommended for Hardened boxes"));
-    m_pMSIServer->setChecked(theConf->GetBool("BoxDefaults/MsiExemptions", false));
+    if (!theConf->GetBool("BoxDefaults/DropAdmin", false))
+        m_pMSIServer->setChecked(theConf->GetBool("BoxDefaults/MsiExemptions", false));
     layout->addWidget(m_pMSIServer, row++, 1, 1, 3);
     registerField("msiServer", m_pMSIServer);
 
@@ -817,8 +828,11 @@ void CAdvancedPage::initializePage()
     int BoxType = wizard()->field("boxType").toInt();
 
     bool bHardened = (BoxType == CSandBoxPlus::eHardenedPlus || BoxType == CSandBoxPlus::eHardened);
-    m_pMSIServer->setEnabled(!bHardened);
+    bool bDropAdmin = field("dropAdmin").toBool();
+    m_pMSIServer->setEnabled(!bHardened && !bDropAdmin);
     m_pShareAccess->setEnabled(!bHardened);
+    m_pDropAdmin->setEnabled(!bHardened);
+    m_pDropAdmin->setChecked(bDropAdmin || bHardened);
 
     bool bAppBox = (BoxType == CSandBoxPlus::eAppBoxPlus || BoxType == CSandBoxPlus::eAppBox);
     m_pBoxToken->setEnabled(!bAppBox);
@@ -829,6 +843,18 @@ bool CAdvancedPage::validatePage()
     return true;
 }
 
+void CAdvancedPage::OnDropAdminChanged(int state) {
+    // If m_pDropAdmin is checked, disable m_pMSIServer
+    if (state == Qt::Checked) {
+        m_pMSIServer->setEnabled(false);
+        m_pMSIServer->setChecked(false);
+    }
+    else {
+        // If m_pDropAdmin is unchecked, enable m_pMSIServer
+        m_pMSIServer->setEnabled(true);
+    }
+}
+
 
 //////////////////////////////////////////////////////////////////////////////////////////
 // CSummaryPage
@@ -921,6 +947,7 @@ bool CSummaryPage::validatePage()
         theConf->SetValue("BoxDefaults/BlockNetwork", field("blockNetwork").toInt());
         theConf->SetValue("BoxDefaults/ShareAccess", field("shareAccess").toBool());
 
+        theConf->SetValue("BoxDefaults/DropAdmin", field("dropAdmin").toBool());
         theConf->SetValue("BoxDefaults/FakeAdmin", field("fakeAdmin").toBool());
         theConf->SetValue("BoxDefaults/MsiExemptions", field("msiServer").toBool());
 

SandboxiePlus/SandMan/Wizards/NewBoxWizard.h

@@ -116,11 +116,13 @@ public:
     int nextId() const override;
     void initializePage() override;
     bool validatePage() override;
+    void OnDropAdminChanged(int state);
 
 private:
     QCheckBox* m_pShareAccess;
     QCheckBox* m_pMSIServer;
     QCheckBox* m_pBoxToken;
+    QCheckBox* m_pDropAdmin;
 };