1591 lines
45 KiB
1591 lines
45 KiB
* Copyright 2022-2023 David Xanatos, xanasoft.com
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
#include "framework.h"
#include <shellapi.h>
#include <io.h>
#include <fcntl.h>
#include <iostream>
#include "../Common/helpers.h"
#include "../Common/WebUtils.h"
#include "../Common/json/JSON.h"
#include "UpdUtil.h"
extern "C" {
NTSTATUS CreateKeyPair(_In_ PCWSTR PrivFile, _In_ PCWSTR PubFile);
NTSTATUS SignHash(_In_ PVOID Hash, _In_ ULONG HashSize, _In_ PVOID PrivKey, _In_ ULONG PrivKeySize, _Out_ PVOID* Signature, _Out_ ULONG* SignatureSize);
NTSTATUS VerifyHashSignature(PVOID Hash, ULONG HashSize, PVOID Signature, ULONG SignatureSize);
NTSTATUS VerifyFileSignature(const wchar_t* FilePath);
NTSTATUS MyHashBuffer(_In_ PVOID pData, _In_ SIZE_T uSize, _Out_ PVOID* Hash, _Out_ PULONG HashSize);
NTSTATUS MyHashFile(_In_ PCWSTR FileName, _Out_ PVOID* Hash, _Out_ PULONG HashSize);
NTSTATUS MyReadFile(_In_ PWSTR FileName, _In_ ULONG FileSizeLimit, _Out_ PVOID* Buffer, _Out_ PULONG FileSize);
NTSTATUS MyWriteFile(_In_ PWSTR FileName, _In_ PVOID Buffer, _In_ ULONG BufferSize);
size_t b64_encoded_size(size_t inlen);
wchar_t* b64_encode(const unsigned char* in, size_t inlen);
size_t b64_decoded_size(const wchar_t* in);
int b64_decode(const wchar_t* in, unsigned char* out, size_t outlen);
struct SFile
SFile() : State(eNone) {}
std::wstring Path;
std::wstring Url;
std::wstring Hash;
enum EState
eNone = 0,
ePending // downloaded
} State;
struct SFiles
std::map<std::wstring, std::shared_ptr<SFile>> Map;
std::wstring Sign;
struct SRelease: SFiles
//SRelease() : Status(eLoaded) {}
std::wstring Version;
int iUpdate;
std::wstring CI;
//enum EStatus
// eLoaded = 0,
// eScanned,
// ePrepared
//} Status;
std::wstring AgentArch;
std::wstring Framework;
typedef std::list<std::wstring> TScope;
struct SAddon : SFiles
std::wstring Id;
/*std::wstring Name;
std::wstring Icon;
std::wstring Description;
std::wstring Version;
std::wstring InfoUrl;*/
JSONObject Data;
bool IsDefault;
std::wstring InstallPath;
std::wstring Installer;
std::wstring UninstallKey;
typedef std::map<std::wstring, std::shared_ptr<SAddon>> TAddonMap;
std::wstring ReadRegistryStringValue(std::wstring key, const std::wstring& valueName)
auto RootPath = Split2(key, L"\\");
HKEY hKey;
if (_wcsicmp(RootPath.first.c_str(), L"HKEY_LOCAL_MACHINE") == 0)
else if (_wcsicmp(RootPath.first.c_str(), L"HKEY_CURRENT_USER") == 0)
return L"";
if (RegOpenKeyEx(hKey, RootPath.second.c_str(), 0, KEY_READ, &hKey) == ERROR_SUCCESS)
wchar_t valueData[0x1000] = L"";
DWORD dataSize = sizeof(valueData);
DWORD valueType;
RegQueryValueExW(hKey, valueName.c_str(), NULL, &valueType, (LPBYTE)valueData, &dataSize);
return valueData;
return L"";
std::wstring GetBinaryArch(const std::wstring& file)
std::wstring arch;
goto finish;
DWORD bytesRead;
if (!ReadFile(hFile, &dosHeader, sizeof(IMAGE_DOS_HEADER), &bytesRead, NULL) || bytesRead != sizeof(IMAGE_DOS_HEADER))
goto finish;
if (dosHeader.e_magic != IMAGE_DOS_SIGNATURE)
goto finish;
SetFilePointer(hFile, dosHeader.e_lfanew, NULL, FILE_BEGIN);
if (!ReadFile(hFile, &ntHeader, sizeof(IMAGE_NT_HEADERS), &bytesRead, NULL) || bytesRead != sizeof(IMAGE_NT_HEADERS))
goto finish;
if (ntHeader.Signature != IMAGE_NT_SIGNATURE)
goto finish;
switch (ntHeader.FileHeader.Machine)
case IMAGE_FILE_MACHINE_I386: arch = L"x86"; break;
case IMAGE_FILE_MACHINE_AMD64: arch = L"x64"; break;
case IMAGE_FILE_MACHINE_ARM64: arch = L"a64"; break;
if(hFile != INVALID_HANDLE_VALUE) CloseHandle(hFile);
return arch;
std::wstring GetFileVersion(const std::wstring& file)
LPVOID versionInfo = NULL;
UINT fixedFileInfoSize;
DWORD versionHandle;
DWORD versionSize = GetFileVersionInfoSizeW(file.c_str(), &versionHandle);
if (versionSize == 0)
goto finish;
versionInfo = malloc(versionSize);
if (!GetFileVersionInfo(file.c_str(), versionHandle, versionSize, versionInfo))
goto finish;
if (!VerQueryValue(versionInfo, L"\\", (LPVOID *)&fixedFileInfo, &fixedFileInfoSize))
goto finish;
std::wstring version;
if (fixedFileInfo)
DWORD fileVersionMS = fixedFileInfo->dwFileVersionMS;
DWORD fileVersionLS = fixedFileInfo->dwFileVersionLS;
WORD majorVersion = HIWORD(fileVersionMS);
WORD minorVersion = LOWORD(fileVersionMS);
WORD buildNumber = HIWORD(fileVersionLS);
WORD revisionNumber = LOWORD(fileVersionLS);
version = std::to_wstring(majorVersion) + L"." + std::to_wstring(minorVersion) + L"." + std::to_wstring(buildNumber);
if(revisionNumber) version += L"." + std::to_wstring(revisionNumber);
if (versionInfo)free(versionInfo);
return version;
void CreateDirectoryTree(const std::wstring& root, const std::wstring& path)
wchar_t* pathCopy = _wcsdup(path.c_str());
wchar_t* token = _wcstok(pathCopy, L"\\");
wchar_t currentPath[MAX_PATH] = L"";
wcscpy(currentPath, root.c_str());
for (; token != NULL;) {
wcscat(currentPath, L"\\");
wcscat(currentPath, token);
if (CreateDirectoryW(currentPath, NULL) == 0) {
if (GetLastError() != ERROR_ALREADY_EXISTS) {
printf("Error creating directory %S\n", currentPath);
token = _wcstok(NULL, L"\\");
std::pair<std::wstring, std::wstring> SplitName(std::wstring path)
std::wstring name;
size_t pos = path.find_last_of(L"\\");
if (pos == -1) {
name = path;
else {
name = path.substr(pos + 1);
path = L"\\" + path;
return std::make_pair(path, name);
bool DeleteDirectoryRecursively(const std::wstring& root, const std::wstring& path, bool bWithFiles)
std::vector<std::wstring> Entries;
ListDir(root + path, Entries);
for (int i = 0; i < Entries.size(); i++)
auto path_name = SplitName(Entries[i]);
if (path_name.second.empty()) {
if (!DeleteDirectoryRecursively(Entries[i], L"", bWithFiles))
return false;
else if (bWithFiles) {
if (!DeleteFileW(Entries[i].c_str()))
return false;
return false;
return !!RemoveDirectoryW((root + path).c_str());
std::shared_ptr<SRelease> ScanDir(std::wstring Path)
if (Path.back() != L'\\')
std::shared_ptr<SRelease> pFiles = std::make_shared<SRelease>();
std::vector<std::wstring> Entries;
for (int i = 0; i < Entries.size(); i++)
if (Entries[i].back() == '\\') {
ListDir(Entries[i], Entries);
ULONG hashSize;
PVOID hash = NULL;
if (NT_SUCCESS(MyHashFile(Entries[i].c_str(), &hash, &hashSize)))
std::shared_ptr<SFile> pFile = std::make_shared<SFile>();
pFile->Path = Entries[i].substr(Path.length());
pFile->Hash = hexStr((unsigned char*)hash, hashSize);
pFiles->Map[pFile->Path] = pFile;
return pFiles;
std::wstring GetJSONStringSafe(const JSONObject& root, const std::wstring& key, const std::wstring& def = L"")
auto I = root.find(key);
if (I == root.end() || !I->second->IsString())
return def;
return I->second->AsString();
int GetJSONIntSafe(const JSONObject& root, const std::wstring& key, int def = 0)
auto I = root.find(key);
if (I == root.end() || !I->second->IsNumber())
return def;
return (int)I->second->AsNumber();
int GetJSONBoolSafe(const JSONObject& root, const std::wstring& key, bool def = false)
auto I = root.find(key);
if (I == root.end() || !I->second->IsBool())
return def;
return I->second->AsBool();
JSONObject GetJSONObjectSafe(const JSONObject& root, const std::wstring& key)
auto I = root.find(key);
if (I == root.end() || !I->second->IsObject())
return JSONObject();
return I->second->AsObject();
JSONArray GetJSONArraySafe(const JSONObject& root, const std::wstring& key)
auto I = root.find(key);
if (I == root.end() || !I->second->IsArray())
return JSONArray();
return I->second->AsArray();
std::string WriteUpdate(std::shared_ptr<SRelease> pFiles)
JSONObject root;
JSONArray files;
for (auto I = pFiles->Map.begin(); I != pFiles->Map.end(); ++I)
JSONObject file;
file[L"path"] = new JSONValue(I->second->Path);
file[L"hash"] = new JSONValue(I->second->Hash);
file[L"url"] = new JSONValue(I->second->Url);
//if(I->second->State == SFile::eChanged)
// file[L"state"] = new JSONValue(L"changed");
//else if(I->second->State == SFile::ePending)
// file[L"state"] = new JSONValue(L"pending");
files.push_back(new JSONValue(file));
root[L"files"] = new JSONValue(files);
root[L"signature"] = new JSONValue(pFiles->Sign);
root[L"version"] = new JSONValue(pFiles->Version);
root[L"update"] = new JSONValue(pFiles->iUpdate);
root[L"ci"] = new JSONValue(pFiles->CI);
//if(pFiles->Status == SRelease::eScanned)
// root[L"status"] = new JSONValue(L"scanned");
//else if(pFiles->Status == SRelease::ePrepared)
// root[L"status"] = new JSONValue(L"prepared");
root[L"framework"] = new JSONValue(pFiles->Framework);
root[L"agent_arch"] = new JSONValue(pFiles->AgentArch);
JSONValue *value = new JSONValue(root);
auto wJson = value->Stringify();
delete value;
return g_str_conv.to_bytes(wJson);
void ReadFiles(const JSONArray& jsonFiles, std::shared_ptr<SFiles> pFiles)
for (auto I = jsonFiles.begin(); I != jsonFiles.end(); ++I) {
if ((*I)->IsObject()) {
JSONObject jsonFile = (*I)->AsObject();
std::shared_ptr<SFile> pFile = std::make_shared<SFile>();
pFile->Path = GetJSONStringSafe(jsonFile, L"path");
pFile->Hash = GetJSONStringSafe(jsonFile, L"hash");
pFile->Url = GetJSONStringSafe(jsonFile, L"url");
//std::wstring state = GetJSONStringSafe(jsonObject, L"state");
//if(state == L"changed")
// pFile->State = SFile::eChanged;
//else if(state == L"pending")
// pFile->State = SFile::ePending;
pFiles->Map[pFile->Path] = pFile;
std::shared_ptr<SRelease> ReadUpdate(const JSONObject& jsonObject)
if (jsonObject.find(L"files") == jsonObject.end())
return std::shared_ptr<SRelease>();
std::shared_ptr<SRelease> pFiles = std::make_shared<SRelease>();
JSONArray jsonFiles = GetJSONArraySafe(jsonObject, L"files");
ReadFiles(jsonFiles, pFiles);
pFiles->Sign = GetJSONStringSafe(jsonObject, L"signature");
pFiles->Version = GetJSONStringSafe(jsonObject, L"version");
pFiles->iUpdate = GetJSONIntSafe(jsonObject, L"update", -1);
pFiles->CI = GetJSONStringSafe(jsonObject, L"ci");
std::wstring status = GetJSONStringSafe(jsonObject, L"status");
//if(status == L"scanned")
// pFiles->Status = SRelease::eScanned;
//else if(status == L"prepared")
// pFiles->Status = SRelease::ePrepared;
pFiles->Framework = GetJSONStringSafe(jsonObject, L"framework");
pFiles->AgentArch = GetJSONStringSafe(jsonObject, L"agent_arch");
return pFiles;
bool VerifyUpdate(std::shared_ptr<SFiles> pFiles)
bool pass = false;
std::set<std::wstring> hash_set;
for (auto I = pFiles->Map.begin(); I != pFiles->Map.end(); ++I)
hash_set.insert(I->second->Path + L":" + I->second->Hash);
std::string hashes;
for (auto I = hash_set.begin(); I != hash_set.end(); ++I)
hashes += g_str_conv.to_bytes(*I) + "\n";
ULONG hashSize;
PVOID hash = NULL;
if (NT_SUCCESS(MyHashBuffer((void*)hashes.c_str(), hashes.length(), &hash, &hashSize)))
ULONG signatureSize = b64_decoded_size(pFiles->Sign.c_str());
if (signatureSize)
PUCHAR signature = (PUCHAR)malloc(signatureSize);
b64_decode(pFiles->Sign.c_str(), signature, signatureSize);
if (NT_SUCCESS(VerifyHashSignature((PUCHAR)hash, hashSize, (PUCHAR)signature, signatureSize)))
pass = true;
return pass;
void AddFilesToScope(std::shared_ptr<TScope> pScope, const WCHAR* pFiles)
for (const WCHAR* pFile = pFiles; *pFile; pFile += wcslen(pFile) + 1)
// full|core|meta|lang|tmpl
std::shared_ptr<TScope> GetScope(std::wstring scope)
std::shared_ptr<TScope> pScope = std::make_shared<TScope>();
//if (scope == L"full") // everything
if (scope == L"core" || scope == L"full") // core
AddFilesToScope(pScope, SCOPE_CORE_FILES);
if (scope == L"lang" || scope == L"meta" || scope == L"core" || scope == L"full")
AddFilesToScope(pScope, SCOPE_LANG_FILES);
if (scope == L"tmpl" || scope == L"meta" || scope == L"core" || scope == L"full")
AddFilesToScope(pScope, SCOPE_TMPL_FILES);
// when there are no entries it means everything
if (pScope->empty()) pScope.reset();
return pScope;
bool InScope(std::shared_ptr<TScope> pScope, std::wstring name)
if (!pScope) return true;
auto len = name.length();
if (len > 4 && name.substr(len - 4) == L".sig")
name = name.substr(0, len - 4);
for (auto I = pScope->begin(); I != pScope->end(); ++I) {
if (wildstrcmp(I->c_str(), name.c_str()) != NULL)
return true;
return false;
int FindChanges(std::shared_ptr<SRelease> pNewFiles, std::wstring base_dir, std::wstring temp_dir, std::shared_ptr<TScope> pScope)
std::shared_ptr<SRelease> pOldFiles = ScanDir(base_dir);
if (!pOldFiles)
return ERROR_SCAN;
int Count = 0;
for (auto I = pNewFiles->Map.begin(); I != pNewFiles->Map.end(); ++I)
I->second->State = SFile::eNone;
if (!InScope(pScope, I->second->Path))
auto J = pOldFiles->Map.find(I->first);
if (J == pOldFiles->Map.end() || J->second->Hash != I->second->Hash) {
I->second->State = SFile::eChanged;
return Count;
BOOLEAN WebDownload(std::wstring url, PSTR* pData, ULONG* pDataLength)
size_t pos = url.find_first_of(L'/', 8);
if (pos == std::wstring::npos)
return FALSE;
std::wstring path = url.substr(pos);
std::wstring domain = url.substr(8, pos-8);
return WebDownload(domain.c_str(), path.c_str(), pData, pDataLength);
int DownloadUpdate(std::wstring temp_dir, std::shared_ptr<SFiles> pNewFiles)
std::wcout << L"Downloading" << std::endl;
int Count = 0;
for (auto I = pNewFiles->Map.begin(); I != pNewFiles->Map.end(); ++I)
if (I->second->State != SFile::eChanged)
auto path_name = SplitName(I->second->Path);
if (!path_name.first.empty())
CreateDirectoryTree(temp_dir, path_name.first);
ULONG hashSize;
PVOID hash = NULL;
if (NT_SUCCESS(MyHashFile((wchar_t*)(temp_dir + L"\\" + I->second->Path).c_str(), &hash, &hashSize)))
std::wstring Hash = hexStr((unsigned char*)hash, hashSize);
if (I->second->Hash == Hash) {
I->second->State = SFile::ePending;
continue; // already downloaded and up to date
std::wcout << L"\tDownloading: " << I->second->Path << L" ...";
char* pData = NULL;
ULONG uDataLen = 0;
if (WebDownload(I->second->Url, &pData, &uDataLen)) {
ULONG hashSize;
PVOID hash = NULL;
if(NT_SUCCESS(MyHashBuffer(pData, uDataLen, &hash, &hashSize)))
std::wstring Hash = hexStr((unsigned char*)hash, hashSize);
if (I->second->Hash != Hash)
std::wcout << L" BAD!!!" << std::endl;
return ERROR_HASH;
MyWriteFile((wchar_t*)(temp_dir + L"\\" + I->second->Path).c_str(), pData, uDataLen);
I->second->State = SFile::ePending;
std::wcout << L" done" << std::endl;
else {
std::wcout << L" FAILED" << std::endl;
return Count;
int ApplyUpdate(std::wstring base_dir, std::wstring temp_dir, std::shared_ptr<SFiles> pNewFiles)
std::wcout << L"Applying updates" << std::endl;
int Count = 0;
for (auto I = pNewFiles->Map.begin(); I != pNewFiles->Map.end(); ++I)
if (I->second->State != SFile::ePending)
if(_wcsicmp(I->second->Path.c_str(), L"UpdUtil.exe") == 0)
continue; // don't try overwriting ourselves
auto path_name = SplitName(I->second->Path);
std::wcout << L"\tInstalling: " << I->second->Path << L" ...";
std::wstring src = temp_dir + L"\\" + I->second->Path;
std::wstring dest = base_dir + L"\\" + I->second->Path;
if (!path_name.first.empty())
CreateDirectoryTree(base_dir, path_name.first);
if(MoveFileExW(src.c_str(), dest.c_str(), MOVEFILE_REPLACE_EXISTING | MOVEFILE_COPY_ALLOWED))
std::wcout << L" done" << std::endl;
std::wcout << L" FAILED" << std::endl;
//std::wstring src = temp_dir + L"\\" _T(UPDATE_FILE);
//std::wstring dest = base_dir + L"\\" _T(UPDATE_FILE);
//MoveFileExW(src.c_str(), dest.c_str(), MOVEFILE_REPLACE_EXISTING | MOVEFILE_COPY_ALLOWED);
return Count;
void Execute(std::wstring wFile, std::wstring wParams)
si.lpVerb = L"runas";
si.lpFile = wFile.c_str();
si.lpParameters = wParams.c_str();
si.nShow = SW_HIDE;
std::wcout << L"KmdUtil.exe " << si.lpParameters << std::endl;
if (ShellExecuteEx(&si)) {
WaitForSingleObject(si.hProcess, INFINITE);
int ProcessUpdate(std::shared_ptr<SRelease>& pFiles, const std::wstring& step, const std::wstring& temp_dir, const std::wstring& base_dir, const std::wstring& scope)
int ret = 0;
if (!pFiles || pFiles->Map.empty())
//if (step.empty() || step == L"scan" || pFiles->Status < SRelease::eScanned)
if (step.empty() || step == L"scan" || step == L"prepare" || step == L"apply")
std::shared_ptr<TScope> pScope;
if (!scope.empty()) pScope = GetScope(scope);
ret = FindChanges(pFiles, base_dir, temp_dir, pScope);
//pFiles->Status = SRelease::eScanned;
if (ret <= 0)
return ret; // error or nothing todo
if (step == L"scan")
return ret;
//if (step.empty() || step == L"prepare" || pFiles->Status < SRelease::ePrepared)
if (step.empty() || step == L"prepare" || step == L"apply")
ret = DownloadUpdate(temp_dir, pFiles);
//pFiles->Status = SRelease::ePrepared;
if (ret <= 0)
return ret; // error or nothing todo
if (step == L"prepare")
return ret;
return ret;
// addon stuff
std::wstring GetSpecificEntry(const JSONObject& root, const std::wstring& name, const std::wstring& core_arch, const std::wstring& agent_arch, const std::wstring& framework)
if (!framework.empty() && root.find(name + L"-" + framework) != root.end())
return name + L"-" + framework;
std::wstring match = GetJSONStringSafe(root, L"matchArch");
std::wstring arch = (match != L"agent") ? core_arch : agent_arch;
if (!arch.empty() && root.find(name + L"-" + arch) != root.end())
return name + L"-" + arch;
return name;
std::wstring GetSpecificEntryValue(const JSONObject& root, const std::wstring& name, const std::wstring& core_arch, const std::wstring& agent_arch, const std::wstring& framework)
std::wstring entry = GetSpecificEntry(root, name, core_arch, agent_arch, framework);
return GetJSONStringSafe(root, entry);
std::shared_ptr<SAddon> ReadAddon(const JSONObject& addon, const std::wstring& core_arch, const std::wstring& agent_arch, const std::wstring& framework)
std::shared_ptr<SAddon> pAddon = std::make_shared<SAddon>();
pAddon->Id = GetJSONStringSafe(addon, L"id");
std::wstring entry = GetSpecificEntry(addon, L"files", core_arch, agent_arch, framework);
JSONArray jsonFiles = GetJSONArraySafe(addon, entry);
ReadFiles(jsonFiles, pAddon);
pAddon->Sign = GetJSONStringSafe(addon, entry + L"-sig");
/*pAddon->Name = GetJSONStringSafe(addon, L"name");
pAddon->Icon = GetJSONStringSafe(addon, L"icon");
pAddon->Description = GetJSONStringSafe(addon, L"description");
pAddon->Version = GetJSONStringSafe(addon, L"version");
pAddon->InfoUrl = GetJSONStringSafe(addon, L"info_url");*/
pAddon->IsDefault = GetJSONBoolSafe(addon, L"default");
pAddon->InstallPath = GetSpecificEntryValue(addon, L"installPath", core_arch, agent_arch, framework);
pAddon->Installer = GetSpecificEntryValue(addon, L"installer", core_arch, agent_arch, framework);
pAddon->UninstallKey = GetSpecificEntryValue(addon, L"uninstallPey", core_arch, agent_arch, framework);
for (auto I = addon.begin(); I != addon.end(); ++I) {
if (I->first.find(L'-') != std::wstring::npos)
continue; // skip all entries containting "-"
return pAddon;
JSONObject WriteAddon(std::shared_ptr<SAddon> pAddon)
JSONObject addon;
addon[L"id"] = new JSONValue(pAddon->Id);
JSONArray files;
for (auto J = pAddon->Map.begin(); J != pAddon->Map.end(); ++J)
JSONObject file;
file[L"path"] = new JSONValue(J->second->Path);
file[L"hash"] = new JSONValue(J->second->Hash);
file[L"url"] = new JSONValue(J->second->Url);
files.push_back(new JSONValue(file));
if (!files.empty()) {
addon[L"files"] = new JSONValue(files);
addon[L"files-sig"] = new JSONValue(pAddon->Sign);
/*addon[L"name"] = new JSONValue(pAddon->Name);
addon[L"icon"] = new JSONValue(pAddon->Icon);
addon[L"description"] = new JSONValue(pAddon->Description);
addon[L"version"] = new JSONValue(pAddon->Version);
addon[L"info_url"] = new JSONValue(pAddon->InfoUrl);*/
addon[L"default"] = new JSONValue(pAddon->IsDefault);
if (!pAddon->InstallPath.empty()) addon[L"installPath"] = new JSONValue(pAddon->InstallPath);
if (!pAddon->Installer.empty()) addon[L"installer"] = new JSONValue(pAddon->Installer);
if (!pAddon->UninstallKey.empty()) addon[L"uninstallKey"] = new JSONValue(pAddon->UninstallKey);
for (auto I = pAddon->Data.begin(); I != pAddon->Data.end(); ++I) {
return addon;
std::shared_ptr<TAddonMap> ReadAddons(const JSONObject& jsonObject, const std::wstring& core_arch, const std::wstring& agent_arch, const std::wstring& framework)
if (jsonObject.find(L"list") == jsonObject.end())
return std::shared_ptr<TAddonMap>();
std::shared_ptr<TAddonMap> pAddons = std::make_shared<TAddonMap>();
JSONArray list = GetJSONArraySafe(jsonObject, L"list");
for (auto I = list.begin(); I != list.end(); ++I) {
if ((*I)->IsObject()) {
JSONObject addon = (*I)->AsObject();
std::shared_ptr<SAddon> pAddon = ReadAddon(addon, core_arch, agent_arch, framework);
(*pAddons)[MkLower(pAddon->Id)] = pAddon;
return pAddons;
std::string WriteAddons(std::shared_ptr<TAddonMap> pAddons)
JSONObject root;
JSONArray list;
for (auto I = pAddons->begin(); I != pAddons->end(); ++I)
list.push_back(new JSONValue(WriteAddon(I->second)));
root[L"list"] = new JSONValue(list);
JSONValue *value = new JSONValue(root);
auto wJson = value->Stringify();
delete value;
return g_str_conv.to_bytes(wJson);
bool VerifyAddons(std::shared_ptr<TAddonMap> pAddons)
for (auto I = pAddons->begin(); I != pAddons->end(); ++I)
if (I->second->Map.empty())
if (!VerifyUpdate(I->second))
return false;
return true;
int DownloadAddon(std::shared_ptr<SAddon> pAddon, const std::wstring& step, const std::wstring& temp_dir, const std::wstring& base_dir)
int ret = 0;
if (!pAddon || pAddon->Map.empty()) {
std::wcout << L"Addon is not available for this paltform" << std::endl;
// always mark all files for download
for (auto I = pAddon->Map.begin(); I != pAddon->Map.end(); ++I)
I->second->State = SFile::eChanged;
//if (step.empty() || step == L"prepare" || pFiles->Status < SRelease::ePrepared)
if (step.empty() || step == L"prepare" || step == L"apply")
CreateDirectoryTree(temp_dir, pAddon->Id);
ret = DownloadUpdate(temp_dir + L"\\" + pAddon->Id, pAddon);
//pFiles->Status = SRelease::ePrepared;
if (ret <= 0)
return ret; // error or nothing todo
if (step == L"prepare")
return ret;
return ret;
int InstallAddon(std::shared_ptr<SAddon> pAddon, const std::wstring& temp_dir, const std::wstring& base_dir)
int ret = 0;
if (!pAddon->Installer.empty() && FileExists((temp_dir + L"\\" + pAddon->Id + pAddon->Installer).c_str())) {
LPWCH environmentStrings = GetEnvironmentStrings();
DWORD environmentLen = 0;
for (LPWCH current = environmentStrings; *current; current += wcslen(current) + 1)
environmentLen += wcslen(current) + 1;
LPWCH modifiedEnvironment = (LPWCH)LocalAlloc(0, (environmentLen + 32 + base_dir.length() + 1 + 1) * sizeof(wchar_t));
memcpy(modifiedEnvironment, environmentStrings, (environmentLen + 1) * sizeof(wchar_t));
LPWCH modifiedEnvironmentEnd = modifiedEnvironment + environmentLen;
wcscpy(modifiedEnvironmentEnd, L"SBIEHOME=");
wcscat(modifiedEnvironmentEnd, base_dir.c_str());
modifiedEnvironmentEnd += wcslen(modifiedEnvironmentEnd) + 1;
*modifiedEnvironmentEnd = 0;
STARTUPINFO si = { sizeof(si), 0 };
std::wstring cmdLine = temp_dir + L"\\" + pAddon->Id + pAddon->Installer;
if (CreateProcessW(NULL, (wchar_t*)cmdLine.c_str(), NULL, NULL, FALSE, CREATE_UNICODE_ENVIRONMENT, modifiedEnvironment, NULL, &si, &pi))
while (WaitForSingleObject(pi.hProcess, 1000) == WAIT_TIMEOUT);
if (ret >= 0 && !pAddon->UninstallKey.empty()) {
std::wstring cmd = ReadRegistryStringValue(pAddon->UninstallKey, L"UninstallString");
if (cmd.empty()) // when the expected uninstall key is not present,
ret = ERROR_BAD_ADDON2; // it means the instalation failed
return ret;
if (pAddon->InstallPath.empty())
// install addon
CreateDirectoryTree(base_dir, pAddon->InstallPath);
ret = ApplyUpdate(base_dir + pAddon->InstallPath, temp_dir + L"\\" + pAddon->Id, pAddon);
return ret;
std::shared_ptr<SAddon> LoadAddon(const std::wstring& base_dir, const std::wstring& id)
std::shared_ptr<SAddon> pAddon;
char* aJson = NULL;
std::wstring file_path = base_dir + _T(ADDONS_PATH) + id + L".json";
if (NT_SUCCESS(MyReadFile((wchar_t*)file_path.c_str(), 1024 * 1024, (PVOID*)&aJson, NULL)) && aJson != NULL)
JSONValue* jsonObject = JSON::Parse(aJson);
if (jsonObject) {
if (jsonObject->IsObject())
pAddon = ReadAddon(jsonObject->AsObject(), L"", L"", L"");
delete jsonObject;
return pAddon;
int RemoveAddon(std::shared_ptr<SAddon> pAddon, const std::wstring& base_dir)
int ret = 0;
if (!pAddon->UninstallKey.empty())
std::wstring cmdLine = ReadRegistryStringValue(pAddon->UninstallKey, L"UninstallString");
if(cmdLine.empty()) // when the expected uninstall key is not present,
return ret; // then seams addon was already uninstalled
STARTUPINFO si = { sizeof(si), 0 };
if (CreateProcessW(NULL, (wchar_t*)cmdLine.c_str(), NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi))
while (WaitForSingleObject(pi.hProcess, 1000) == WAIT_TIMEOUT);
if (ret >= 0) {
std::wstring cmd = ReadRegistryStringValue(pAddon->UninstallKey, L"UninstallString");
if (!cmd.empty()) // when the expected uninstall key is still present,
ret = ERROR_BAD_ADDON2; // it means the uninstalation failed
return ret;
if (pAddon->InstallPath.empty())
for (auto I = pAddon->Map.begin(); I != pAddon->Map.end(); ++I)
std::wstring file = base_dir + pAddon->InstallPath + I->second->Path;
if (!DeleteFileW(file.c_str()) && FileExists(file.c_str())) {
if (ret >= 0 && pAddon->InstallPath != L"\\")
DeleteDirectoryRecursively(base_dir, pAddon->InstallPath, false);
return ret;
// other stuff
int DownloadFile(std::wstring url, std::wstring file_path)
char* pData = NULL;
ULONG uDataLen = 0;
if (WebDownload(url, &pData, &uDataLen)) {
MyWriteFile((wchar_t*)file_path.c_str(), pData, uDataLen);
std::wcout << L" done" << std::endl;
return 0;
std::wcout << L" FAILED" << std::endl;
int PrintFile(std::wstring url)
char* pData = NULL;
ULONG uDataLen = 0;
if (WebDownload(url, &pData, &uDataLen)) {
std::wcout << pData;
return 0;
void PrintUsage()
std::wcout << L"Sandboxie Update Utility - Usage" << std::endl;
std::wcout << L"================================" << std::endl;
std::wcout << std::endl;
std::wcout << L"Update to the latest version in a given release channel" << std::endl;
std::wcout << L"\tUpdUtil.exe [update|upgrade] software (/channel:[stable|preview|live]) {Options}" << std::endl;
std::wcout << std::endl;
std::wcout << L"Update to the latest update of a specific version" << std::endl;
std::wcout << L"\tUpdUtil.exe [update|upgrade] software (/version:[a.bb.c]) (/update:[d]) {Options}" << std::endl;
std::wcout << std::endl;
std::wcout << L"Options:" << std::endl;
//std::wcout << L"\t/arch:[ARM64|a64|x86_64|x64|i386|x86]" << std::endl;
std::wcout << L"\t/scope:[full|core|meta|lang|tmpl]" << std::endl;
std::wcout << L"\t\tfull - update all components" << std::endl;
std::wcout << L"\t\tcore - core components (for classic, same as full)" << std::endl;
std::wcout << L"\t\tmeta - update metadata (lang and tmpl)" << std::endl;
std::wcout << L"\t\tlang - update language files" << std::endl;
std::wcout << L"\t\ttmpl - update Templates.ini" << std::endl;
std::wcout << L"\t/step:[get|scan|prepare|apply]" << std::endl;
std::wcout << L"\t\tget - download updated information to " _T(UPDATE_FILE) << std::endl;
std::wcout << L"\t\tscan - check for updates, use existing " _T(UPDATE_FILE) " if present" << std::endl;
std::wcout << L"\t\tprepare - download updates, but don't install" << std::endl;
std::wcout << L"\t\tapply - install updates" << std::endl;
std::wcout << L"" << std::endl;
bool HasFlag(const std::vector<std::wstring>& arguments, std::wstring name)
return std::find(arguments.begin(), arguments.end(), L"/" + name) != arguments.end();
std::wstring GetArgument(const std::vector<std::wstring>& arguments, std::wstring name, std::wstring mod = L"/")
std::wstring prefix = mod + name + L":";
for (size_t i = 0; i < arguments.size(); i++) {
if (_wcsicmp(arguments[i].substr(0, prefix.length()).c_str(), prefix.c_str()) == 0) {
return arguments[i].substr(prefix.length());
return L"";
int APIENTRY wWinMain(_In_ HINSTANCE hInstance,
_In_opt_ HINSTANCE hPrevInstance,
_In_ LPWSTR lpCmdLine,
_In_ int nCmdShow)
wchar_t szPath[MAX_PATH];
GetModuleFileNameW(NULL, szPath, ARRAYSIZE(szPath));
*wcsrchr(szPath, L'\\') = L'\0';
std::wstring wPath = szPath;
// install sandboxie-plus /version:1.6.1 /path:C:\Projects\Sandboxie\SandboxieLive\x64\Debug\Sandboxie_test
int nArgs = 0;
LPWSTR* szArglist = CommandLineToArgvW(lpCmdLine, &nArgs); // GetCommandLineW()
std::vector<std::wstring> arguments;
for (int i = 0; i < nArgs; i++)
if (!HasFlag(arguments, L"embedded")) {
freopen("CONIN$", "r", stdin);
freopen("CONOUT$", "w", stdout);
freopen("CONOUT$", "w", stderr);
if (HasFlag(arguments, L"pause")) {
std::cout << "Sandboxie Update Utility" << std::endl;
std::wcout << lpCmdLine << std::endl;
std::cout << std::endl << "Press enter to continue..." << std::endl;
std::wstring temp_dir = GetArgument(arguments, L"temp");
if (temp_dir.empty()) {
wchar_t szTemp[MAX_PATH];
GetTempPath(MAX_PATH, (LPWSTR)&szTemp);
temp_dir = std::wstring(szTemp) + L"sandboxie-updater";
else if (temp_dir.back() == L'\\')
std::wstring base_dir = GetArgument(arguments, L"path");
if (base_dir.empty())
base_dir = wPath;
std::wstring arch = GetArgument(arguments, L"arch");
if (!arch.empty()) {
// normalize architecture
if (arch == L"x64")
arch = L"x86_64";
else if (arch == L"x86")
arch = L"i386";
else if (arch == L"ARM64" || arch == L"A64" || arch == L"a64")
arch = L"arm64";
#ifdef _M_ARM64
arch = L"ARM64";
#elif _WIN64
arch = L"x86_64";
arch = L"i386";
if (arguments.size() >= 2 && arguments[0] == L"download") // download file to disk
std::wstring url = arguments[1];
std::wstring name = GetArgument(arguments, L"name");
if (name.empty()) {
size_t end = url.find_last_of(L'?');
size_t pos = url.find_last_of(L'/', end);
if (pos == std::wstring::npos)
name = url.substr(++pos, end - pos);
return DownloadFile(url, temp_dir + L"\\" + name);
else if (arguments.size() >= 2 && arguments[0] == L"print") // download file and print to stdout
std::wstring url = arguments[1];
return PrintFile(url);
else if (arguments.size() >= 2 && arguments[0] == L"run_setup") // run a signed setup file
std::wstring wFile = arguments[1];
return ERROR_SIGN;
std::wstring wParams;
wParams = L"/open_agent";
if (HasFlag(arguments, L"embedded"))
wParams = L" /SILENT";
//si.lpVerb = L"runas";
si.lpFile = wFile.c_str();
si.lpParameters = wParams.c_str();
si.nShow = SW_SHOW;
if (!ShellExecuteEx(&si)) {
//DWORD dwError = GetLastError();
//if (dwError == ERROR_CANCELLED)
return ERROR_EXEC;
return 0;
else if ((arguments.size() >= 2 && (arguments[0] == L"update" || arguments[0] == L"upgrade" || arguments[0] == L"install")) || (arguments.size() >= 1 && arguments[0] == L"modify"))
int ret = 0;
bool bModify = arguments[0] == L"modify";
bool bDoAddons = (bModify || arguments[0] == L"install");
std::wstring software = bModify ? L"sandboxie-addons" : arguments[1];
std::shared_ptr<SRelease> pFiles;
JSONValue* jsonAddons = NULL;
auto add_addons = SplitStr(GetArgument(arguments, L"add", L""), L",", false);
auto remove_addons = SplitStr(GetArgument(arguments, L"remove", L""), L",", false);
std::wstring step = GetArgument(arguments, L"step");
// Prepare update data, load from file or download
bool bSave = false;
if (!step.empty() && step != L"get") // load from file
if (!bModify) {
char* aJson = NULL;
std::wstring file_path = temp_dir + L"\\" _T(UPDATE_FILE);
if (NT_SUCCESS(MyReadFile((wchar_t*)file_path.c_str(), 1024 * 1024, (PVOID*)&aJson, NULL)) && aJson != NULL)
JSONValue* jsonObject = JSON::Parse(aJson);
if (jsonObject) {
if (jsonObject->IsObject())
pFiles = ReadUpdate(jsonObject->AsObject());
delete jsonObject;
if (!pFiles) {
std::wcout << L"No pending update found!" << std::endl;
return ERROR_LOAD;
if ((bModify && !add_addons.empty()) || arguments[0] == L"install") {
char* aJson = NULL;
std::wstring file_path = temp_dir + L"\\" _T(ADDONS_FILE);
if (NT_SUCCESS(MyReadFile((wchar_t*)file_path.c_str(), 1024 * 1024, (PVOID*)&aJson, NULL)) && aJson != NULL)
JSONValue* jsonObject = JSON::Parse(aJson);
if (jsonObject) {
if (jsonObject->IsObject())
jsonAddons = jsonObject;
if (!jsonAddons && arguments[0] != L"install") { // only fail here when we want to add addons
std::wcout << L"No addons found!" << std::endl;
return ERROR_LOAD;
else // load from server
std::wstringstream params;
params << L"&action=" << arguments[0];
std::wstring channel;
std::wstring version;
if (!bModify)
channel = GetArgument(arguments, L"channel");
if (channel.empty()) channel = GetArgument(arguments, L"release");
if (!channel.empty())
params << L"&channel=" << channel;
version = GetArgument(arguments, L"version");
if (!version.empty()) {
params << L"&version=" << version;
std::wstring update = GetArgument(arguments, L"update");
if (!update.empty())
params << L"&update=" << update;
// version or channel must be specified
if (version.empty() && channel.empty())
params << L"&system=windows-" << g_osvi.dwMajorVersion << L"." << g_osvi.dwMinorVersion << L"." << g_osvi.dwBuildNumber << "-" << arch;
wchar_t StrLang[16];
LCIDToLocaleName(GetUserDefaultLCID(), StrLang, ARRAYSIZE(StrLang), 0);
if (StrLang[2] == L'-') StrLang[2] = '_';
params << L"&language=" << StrLang;
std::wstring update_key = GetArgument(arguments, L"update_key");
if (!update_key.empty()) params << L"&update_key=" + update_key;
CreateDirectoryW(temp_dir.c_str(), NULL);
char* aJson = NULL;
std::wstring path = L"/update.php?software=" + software + params.str();
if (WebDownload(_T(UPDATE_DOMAIN), path.c_str(), &aJson, NULL) && aJson != NULL)
JSONValue* jsonObject = JSON::Parse(aJson);
if (jsonObject) {
if (jsonObject->IsObject()) {
JSONObject root = jsonObject->AsObject();
if (!bModify) {
JSONObject update;
if (!version.empty() && channel.empty())
update = GetJSONObjectSafe(root, L"update");
update = GetJSONObjectSafe(root, L"release");
pFiles = ReadUpdate(update);
if (bDoAddons) {
auto I = root.find(L"addons");
if (I != root.end() && I->second->IsObject()) {
jsonAddons = I->second;
delete jsonObject;
if (!bModify && !pFiles) {
std::wcout << L"No update found !!!" << std::endl;
return ERROR_GET;
ret = 0;
bSave = true;
if (pFiles && !VerifyUpdate(pFiles)) {
std::wcout << L"INVALID Update SIGNATURE in " _T(UPDATE_FILE) "!!!" << std::endl;
return ERROR_SIGN;
// when needed shutdown the software
bool bRestart = false;
if (ret >= 0 && (step.empty() || step == L"apply"))
bRestart = HasFlag(arguments, L"restart");
if (bRestart) {
Execute(base_dir + L"\\KmdUtil.exe", L"scandll_silent");
Execute(base_dir + L"\\KmdUtil.exe", L"stop SbieSvc");
Execute(base_dir + L"\\KmdUtil.exe", L"stop SbieDrv");
Execute(base_dir + L"\\KmdUtil.exe", L"stop SbieDrv");
// apply update
if (step != L"get" && !bModify)
std::wstring scope = GetArgument(arguments, L"scope");
//if(software == L"sandboxie" && scope.empty())
// scope = L"core";
ret = ProcessUpdate(pFiles, step, temp_dir, base_dir, scope);
if (ret >= 0 && (step.empty() || step == L"apply"))
ret = ApplyUpdate(base_dir, temp_dir, pFiles);
if (ret <= 0)
return ret; // error or nothing todo
// load addons apropriate for the current instalation
std::shared_ptr<TAddonMap> pAddons;
if (jsonAddons)
std::wstring core_arch = GetBinaryArch(base_dir + L"\\sbiesvc.exe");
if (core_arch.empty()) {
// convert to new format
if (arch == L"x86_64")
core_arch = L"x64";
else if (arch == L"i386")
core_arch = L"x86";
else if (arch == L"arm64")
core_arch = L"a64";
std::wstring agent_arch = GetArgument(arguments, L"agent_arch");
if (agent_arch.empty()) {
agent_arch = GetBinaryArch(base_dir + L"\\SandMan.exe");
if (agent_arch.empty()) agent_arch = GetBinaryArch(base_dir + L"\\SbieCtrl.exe");
std::wstring framework = GetArgument(arguments, L"framework");
if (framework.empty()) {
framework = GetFileVersion(base_dir + L"\\Qt5Core.dll");
if (framework.empty()) framework = GetFileVersion(base_dir + L"\\Qt6Core.dll");
if (!framework.empty()) framework = L"qt" + framework + L"_" + agent_arch;
if (pFiles) {
if (agent_arch.empty()) agent_arch = pFiles->AgentArch;
if (framework.empty()) agent_arch = pFiles->Framework;
pAddons = ReadAddons(jsonAddons->AsObject(), core_arch, agent_arch, framework);
std::wcout << L"No addons found!" << std::endl;
return ERROR_LOAD;
else if (!VerifyAddons(pAddons)) {
pAddons.reset(); // clear untrusted addon data
std::wcout << L"INVALID " _T(ADDONS_FILE) L" SIGNATURE !!!" << std::endl;
return ERROR_SIGN;
// install addons
if (step != L"get" && pAddons)
if (!bModify) { // install case
for (auto I = pAddons->begin(); I != pAddons->end(); ++I)
if (!I->second->IsDefault)
// dont add default addons marked to be removed
auto F = std::find(remove_addons.begin(), remove_addons.end(), I->first);
if (F != remove_addons.end())
// dont add already added addons
F = std::find(add_addons.begin(), add_addons.end(), I->first);
if (F != add_addons.end())
for (auto I = add_addons.begin(); I != add_addons.end(); ++I)
auto F = pAddons->find(MkLower(*I));
if (F != pAddons->end()) {
std::wcout << L"Downloading addon " << *I << std::endl;
ret = DownloadAddon(F->second, step, temp_dir, base_dir);
else {
std::wcout << L"Addon Not Found" << std::endl;
if (ret >= 0 && (step.empty() || step == L"apply"))
std::shared_ptr<SAddon> pAddon = LoadAddon(base_dir, *I);
if (pAddon && !pAddon->InstallPath.empty()) {
std::wcout << L"Updating addon " << *I << std::endl;
RemoveAddon(pAddon, base_dir);
} else
std::wcout << L"Installing addon " << *I << std::endl;
ret = InstallAddon(F->second, temp_dir, base_dir);
// register addon
if (ret >= 0)
JSONValue* value = new JSONValue(WriteAddon(F->second));
auto wJson = value->Stringify();
delete value;
std::string aJson = g_str_conv.to_bytes(wJson);
MyWriteFile((wchar_t*)(base_dir + _T(ADDONS_PATH) + F->second->Id + L".json").c_str(), (char*)aJson.c_str(), aJson.length());
if (ret >= 0)
DeleteDirectoryRecursively(temp_dir + L"\\", F->second->Id + L"\\", true);
if (ret < 0 && !bModify) // install case
ret = 0; // ignore addon errors
// remove addons
if(step != L"get" && !remove_addons.empty())
for (auto I = remove_addons.begin(); I != remove_addons.end(); ++I)
std::shared_ptr<SAddon> pAddon = LoadAddon(base_dir, *I);
if (!pAddon)
if (ret >= 0 && (step.empty() || step == L"apply"))
std::wcout << L"Removing addon " << *I << std::endl;
ret = RemoveAddon(pAddon, base_dir);
// unregister addon
if (ret >= 0)
DeleteFileW((base_dir + _T(ADDONS_PATH) + pAddon->Id + L".json").c_str());
if (ret < 0 && !bModify) // install case
ret = 0; // ignore addon errors
// restart software
if (bRestart) {
Execute(base_dir + L"\\KmdUtil.exe", L"start SbieSvc");
std::wstring wOpen = GetArgument(arguments, L"open");
if (!wOpen.empty()) {
Execute(base_dir + L"\\start.exe", L"open_agent:" + wOpen);
// save data to file if needed
if (ret >= 0)
if (!bModify) {
std::wstring file_path = temp_dir + L"\\" _T(UPDATE_FILE);
if (step.empty() || step == L"apply" || (ret == 0 && step != L"get"))
DeleteFileW(file_path.c_str()); // cleanup after apply or if there are no updates
//else { // store partial state to file
else if (bSave) {
std::string Json = WriteUpdate(pFiles);
MyWriteFile((wchar_t*)file_path.c_str(), (char*)Json.c_str(), Json.length());
if (bDoAddons && pAddons) {
std::wstring file_path = temp_dir + L"\\" _T(ADDONS_FILE);
if (step.empty() || step == L"apply" /*|| (ret == 0 && step != L"get")*/)
else if (bSave) {
std::string Json = WriteAddons(pAddons);
MyWriteFile((wchar_t*)file_path.c_str(), (char*)Json.c_str(), Json.length());
return ret;