Skip to content

Commit

Permalink
No commit message
Browse files Browse the repository at this point in the history
  • Loading branch information
@DavidXanatos
DavidXanatos committed Jan 12, 2021
1 parent 6673813 commit e5534f4
Show file tree
Hide file tree
Showing 23 changed files with 8,076 additions and 7,934 deletions.
11 changes: 11 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,17 @@ All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/).


## [0.5.4d / 5.46.3] - 2021-01-11

### Changed
- improved access tracing, removed redundant entries
- OpenIpcPath=\BaseNamedObjects\[CoreUI]-* is now hardcoded in the driver no need for the template entry
- WindowsFontCache is now open by default
- refactored some IPC code in the driver

### Fixed
- fixed creation time not always being properly updated in the SandMan UI



## [0.5.4c / 5.46.2] - 2021-01-10
Expand Down
15 changes: 11 additions & 4 deletions Sandboxie/apps/control/MonitorDialog.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,8 @@ void CMonitorDialog::OnIdle()
static const WCHAR *_Drive = L"(Drive) ";
static const WCHAR *_Clsid = L"Clsid ";
static const WCHAR *_Image = L"Image ";
static const WCHAR *_FileOrKey = L"File/Key ";
static const WCHAR *_File = L"File ";
static const WCHAR *_Key = L"Key ";
static const WCHAR *_Other = L"Other ";
static const WCHAR *_Separator = L" -------------------------------";

Expand Down Expand Up @@ -161,8 +162,10 @@ void CMonitorDialog::OnIdle()
PrefixPtr = _Clsid;
else if (type == MONITOR_IMAGE)
PrefixPtr = _Image;
else if (type == MONITOR_FILE_OR_KEY)
PrefixPtr = _FileOrKey;
else if (type == MONITOR_FILE)
PrefixPtr = _File;
else if (type == MONITOR_KEY)
PrefixPtr = _Key;
else if (type == MONITOR_OTHER)
PrefixPtr = _Other;
wcsncpy(name, PrefixPtr, 9);
Expand Down Expand Up @@ -192,7 +195,11 @@ void CMonitorDialog::OnIdle()
wcscat(name, _Separator);
listbox->AddString(name);

wcscpy(name, _FileOrKey);
wcscpy(name, _File);
wcscat(name, _Separator);
listbox->AddString(name);

wcscpy(name, _Key);
wcscat(name, _Separator);
listbox->AddString(name);

Expand Down
4 changes: 2 additions & 2 deletions Sandboxie/common/my_version.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@
#ifndef _MY_VERSION_H
#define _MY_VERSION_H

#define MY_VERSION_BINARY 5,46,2
#define MY_VERSION_STRING "5.46.2"
#define MY_VERSION_BINARY 5,46,3
#define MY_VERSION_STRING "5.46.3"
#define MY_VERSION_COMPAT "5.46.0" // this refers to the driver ABI compatibility

// These #defines are used by either Resource Compiler, or by NSIC installer
Expand Down
31 changes: 21 additions & 10 deletions Sandboxie/core/dll/com.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,10 @@ static void Com_Trace(
const WCHAR *TraceType, REFCLSID rclsid, REFIID riid,
ULONG ProcNum, HRESULT hr);

static void Com_Trace2(
const WCHAR* TraceType, REFCLSID rclsid, REFIID riid,
ULONG ProcNum, HRESULT hr, USHORT monflag);

static void Com_Monitor(REFCLSID rclsid, USHORT monflag);

#define HSTRING void*
Expand Down Expand Up @@ -596,8 +600,8 @@ _FX HRESULT Com_CoGetClassObject(
}

if (clsctx & CLSCTX_LOCAL_SERVER) {
Com_Trace(TraceType, rclsid, riid, 0, hr);
Com_Monitor(rclsid, monflag);
Com_Trace2(TraceType, rclsid, riid, 0, hr, monflag);
if(!Com_TraceFlag) Com_Monitor(rclsid, monflag);
}

return hr;
Expand Down Expand Up @@ -642,8 +646,8 @@ _FX HRESULT Com_CoGetObject(
else
monflag |= MONITOR_DENY;

Com_Trace(TraceType, &clsid, riid, 0, hr);
Com_Monitor(&clsid, monflag);
Com_Trace2(TraceType, &clsid, riid, 0, hr, monflag);
if (!Com_TraceFlag) Com_Monitor(&clsid, monflag);

} else {

Expand Down Expand Up @@ -696,8 +700,8 @@ _FX HRESULT Com_CoCreateInstance(
}

if (clsctx & CLSCTX_LOCAL_SERVER) {
Com_Trace(TraceType, rclsid, riid, 0, hr);
Com_Monitor(rclsid, monflag);
Com_Trace2(TraceType, rclsid, riid, 0, hr, monflag);
if (!Com_TraceFlag) Com_Monitor(rclsid, monflag);
}

//
Expand Down Expand Up @@ -808,8 +812,8 @@ _FX HRESULT Com_CoCreateInstanceEx(

for (i = 0; i < cmq; ++i) {
MULTI_QI *mqi = &pmqs[i];
Com_Trace(TraceType, rclsid, mqi->pIID, 0, mqi->hr);
Com_Monitor(rclsid, monflag);
Com_Trace2(TraceType, rclsid, mqi->pIID, 0, mqi->hr, monflag);
if (!Com_TraceFlag) Com_Monitor(rclsid, monflag);
}
}

Expand Down Expand Up @@ -3304,8 +3308,15 @@ _FX void Com_Trace_Guid(


_FX void Com_Trace(
const WCHAR *TraceType, REFCLSID rclsid, REFIID riid,
const WCHAR* TraceType, REFCLSID rclsid, REFIID riid,
ULONG ProcNum, HRESULT hr)
{
Com_Trace2(TraceType, rclsid, riid, ProcNum, hr, MONITOR_TRACE);
}

_FX void Com_Trace2(
const WCHAR* TraceType, REFCLSID rclsid, REFIID riid,
ULONG ProcNum, HRESULT hr, USHORT monflag)
{
WCHAR *text;
WCHAR *ptr;
Expand Down Expand Up @@ -3341,7 +3352,7 @@ _FX void Com_Trace(
//ptr[1] = L'\0';
//OutputDebugString(text);
*ptr = L'\0';
SbieApi_MonitorPut(MONITOR_COMCLASS | MONITOR_TRACE, text);
SbieApi_MonitorPut(MONITOR_COMCLASS | monflag, text);

Com_Free(text);
}
Expand Down
7 changes: 4 additions & 3 deletions Sandboxie/core/drv/api_flags.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,16 +49,17 @@
#define MONITOR_COMCLASS 0x055B
#define MONITOR_IGNORE 0x066B
#define MONITOR_IMAGE 0x077B
#define MONITOR_FILE_OR_KEY 0x088B
#define MONITOR_OTHER 0x099B
//#define MONITOR_ 0x0AAB
#define MONITOR_FILE 0x088B
#define MONITOR_KEY 0x099B
#define MONITOR_OTHER 0x0AAB
//#define MONITOR_ 0x0BBB
//#define MONITOR_ 0x0CCB
//#define MONITOR_ 0x0DDB
//#define MONITOR_ 0x0EEB
//#define MONITOR_ 0x0FFB
#define MONITOR_OPEN 0x1000
#define MONITOR_DENY 0x2000
//#define MONITOR_ 0x4000
#define MONITOR_TRACE 0x8000


Expand Down
24 changes: 19 additions & 5 deletions Sandboxie/core/drv/file.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -994,7 +994,7 @@ _FX NTSTATUS File_Generic_MyParseProc(
if (proc->file_trace & TRACE_IGNORE)
Log_Debug_Msg(MONITOR_IGNORE, ignore_str, Driver_Empty);

if (Session_MonitorCount &&
else if (Session_MonitorCount &&
device_type != FILE_DEVICE_PHYSICAL_NETCARD)
Session_MonitorPut(MONITOR_IGNORE, ignore_str + 4, proc->pid);

Expand Down Expand Up @@ -1492,14 +1492,25 @@ _FX NTSTATUS File_Generic_MyParseProc(
letter = 0;

if (letter) {

USHORT mon_type = IsPipeDevice ? MONITOR_PIPE : MONITOR_FILE;
if (!IsBoxedPath) {
if (ShouldMonitorAccess == TRUE)
mon_type |= MONITOR_DENY;
else
mon_type |= MONITOR_OPEN;
}
if(!IsPipeDevice && !ShouldMonitorAccess)
mon_type |= MONITOR_TRACE;

swprintf(access_str, L"(F%c) %08X.%02X.%08X",
letter, DesiredAccess,
CreateDisposition & 0x0F, CreateOptions);
Log_Debug_Msg(IsPipeDevice ? MONITOR_PIPE : MONITOR_FILE_OR_KEY, access_str, Name->Name.Buffer);
Log_Debug_Msg(mon_type, access_str, Name->Name.Buffer);
}
}

if (IsPipeDevice && Session_MonitorCount) {
else if (IsPipeDevice && Session_MonitorCount) {

USHORT mon_type = MONITOR_PIPE;
WCHAR *mon_name = Name->Name.Buffer;
Expand All @@ -1515,9 +1526,12 @@ _FX NTSTATUS File_Generic_MyParseProc(

} else if (ShouldMonitorAccess) {

Session_MonitorPut(MONITOR_FILE_OR_KEY | MONITOR_DENY, Name->Name.Buffer, proc->pid);
Session_MonitorPut(MONITOR_FILE | MONITOR_DENY, Name->Name.Buffer, proc->pid);

} else if (msg1313 && status == STATUS_ACCESS_DENIED
}

if (!ShouldMonitorAccess && msg1313
&& status == STATUS_ACCESS_DENIED
&& device_type == FILE_DEVICE_DISK
&& RemainingName && RemainingName->Length == 0) {

Expand Down
6 changes: 3 additions & 3 deletions Sandboxie/core/drv/gui_xp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1442,7 +1442,7 @@ _FX ULONG_PTR Gui_NtUserSendInput(
if (letter) {

swprintf(access_str, L"(G%c) SendInput", letter);
Log_Debug_Msg(MONITOR_WINCLASS, access_str, Driver_Empty);
Log_Debug_Msg(MONITOR_WINCLASS | MONITOR_TRACE, access_str, Driver_Empty);
}
}

Expand Down Expand Up @@ -1538,7 +1538,7 @@ _FX ULONG_PTR Gui_NtUserSetWindowsHookEx(
swprintf(access_str,
L"(G%c) WinHook %04d on tid=%06d pid=%06d",
letter, HookType, idThread, idProcess);
Log_Debug_Msg(MONITOR_WINCLASS, access_str, Driver_Empty);
Log_Debug_Msg(MONITOR_WINCLASS | MONITOR_TRACE, access_str, Driver_Empty);
}
}

Expand Down Expand Up @@ -1595,7 +1595,7 @@ _FX ULONG_PTR Gui_NtUserSetWinEventHook(

swprintf(access_str, L"(G%c) AccHook on tid=%06d pid=%06d",
letter, idThread, idProcess);
Log_Debug_Msg(MONITOR_WINCLASS, access_str, Driver_Empty);
Log_Debug_Msg(MONITOR_WINCLASS | MONITOR_TRACE, access_str, Driver_Empty);
}
}

Expand Down
16 changes: 14 additions & 2 deletions Sandboxie/core/drv/ipc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -520,6 +520,8 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS *proc)
L"\\RPC Control\\LSARPC_ENDPOINT",
L"\\RPC Control\\umpo",
L"*\\BaseNamedObjects*\\FlipEx*",
L"*\\BaseNamedObjects*\\FontCachePort",
L"*\\BaseNamedObjects*\\FntCache-*",
NULL
};
static const WCHAR *openpaths_windows8[] = {
Expand All @@ -541,6 +543,7 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS *proc)
L"*\\BaseNamedObjects*\\CoreMessagingRegistrar",
L"\\RPC Control\\webcache_*",
L"*\\BaseNamedObjects\\windows_webcache_counters_*",
L"*\\BaseNamedObjects\\[CoreUI]-*",
NULL
};

Expand Down Expand Up @@ -935,12 +938,21 @@ _FX NTSTATUS Ipc_CheckGenericObject(
}

if (letter) {

USHORT mon_type = MONITOR_IPC;
if (!IsBoxedPath) {
if (NT_SUCCESS(status))
mon_type |= MONITOR_OPEN;
else
mon_type |= MONITOR_DENY;
}

swprintf(access_str, L"(I%c) %08X", letter, GrantedAccess);
Log_Debug_Msg(MONITOR_IPC, access_str, Name->Buffer);
Log_Debug_Msg(mon_type, access_str, Name->Buffer);
}
}

if (Session_MonitorCount) {
else if (Session_MonitorCount) {

USHORT mon_type = MONITOR_IPC;
WCHAR *mon_name = Name->Buffer;
Expand Down
Loading

0 comments on commit e5534f4

Please sign in to comment.