From 42fab9dcbf90e4d3a54338925d6c16885bddb3e9 Mon Sep 17 00:00:00 2001 From: DavidXanatos Date: Sat, 10 Oct 2020 18:18:01 +0200 Subject: [PATCH] --- CHANGELOG.md | 12 +++++ Sandboxie/Sandbox.sln | 9 +++- Sandboxie/apps/com/DcomLaunch/dcomlaunch.c | 4 +- Sandboxie/apps/com/RpcSs/linger.c | 4 +- Sandboxie/common/my_version.h | 4 +- Sandboxie/core/dll/acscmonitor.c | 4 +- Sandboxie/core/dll/dllmain.c | 1 + Sandboxie/core/dll/guicon.c | 4 +- Sandboxie/core/dll/proc.c | 60 +++++++++++++++++++++- Sandboxie/core/dll/scm_create.c | 7 ++- Sandboxie/core/dll/sh.c | 4 +- Sandboxie/core/svc/DriverAssist.cpp | 8 ++- Sandboxie/core/svc/serviceserver2.cpp | 8 +-- SandboxiePlus/SandMan/SandMan.h | 2 +- SandboxiePlus/SandMan/Views/SbieView.cpp | 11 ++++ SandboxiePlus/SandMan/Views/SbieView.h | 1 + 16 files changed, 126 insertions(+), 17 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a1dd93dad..5917689032 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,18 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). +## [0.4.2 / 5.43.6] - 2020-10-10 + +### Added +- added explore box content menu option + +### Fixed +- fixed thread handle leak in SbieSvc and other components +- msedge.exe is now categorized as a chromium derivate +- fixed chrome 86+ compatybility bug with chroms own sandbox + + + ## [0.4.1 / 5.43.5] - 2020-09-12 ### Added diff --git a/Sandboxie/Sandbox.sln b/Sandboxie/Sandbox.sln index bff10041f1..8e5914e961 100644 --- a/Sandboxie/Sandbox.sln +++ b/Sandboxie/Sandbox.sln @@ -32,9 +32,9 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SandboxBITS", "apps\com\BIT EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SboxDll", "core\dll\SboxDll.vcxproj", "{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}" ProjectSection(ProjectDependencies) = postProject + {67579365-ED6A-C1E4-E0A3-4A7C9F14072D} = {67579365-ED6A-C1E4-E0A3-4A7C9F14072D} {63B0DDD2-5E3B-EF38-F711-9652D2EB73B3} = {63B0DDD2-5E3B-EF38-F711-9652D2EB73B3} {255002EC-9FC7-422E-B497-BE2CC5012B2D} = {255002EC-9FC7-422E-B497-BE2CC5012B2D} - {67579365-ED6A-C1E4-E0A3-4A7C9F14072D} = {67579365-ED6A-C1E4-E0A3-4A7C9F14072D} EndProjectSection EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SandboxCrypto", "apps\com\Crypto\SandboxCrypto.vcxproj", "{41453A79-CA9B-ABCA-981C-5242AFC72DDF}" @@ -66,7 +66,14 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SboxDrv", "core\drv\SboxDrv EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SbieControl", "apps\control\Control.vcxproj", "{D16E291A-1F8A-4B19-AE07-0AF8CB7CCBD0}" ProjectSection(ProjectDependencies) = postProject + {42DB5510-0268-4655-B483-B9D6E4E48D62} = {42DB5510-0268-4655-B483-B9D6E4E48D62} + {E40CC819-6990-DA28-3E1F-6708BC98E37B} = {E40CC819-6990-DA28-3E1F-6708BC98E37B} + {8055A629-631E-84F5-8F3C-1908F264C81D} = {8055A629-631E-84F5-8F3C-1908F264C81D} + {5410C534-4858-C748-86AD-0567A2451FDE} = {5410C534-4858-C748-86AD-0567A2451FDE} {8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4} = {8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4} + {41453A79-CA9B-ABCA-981C-5242AFC72DDF} = {41453A79-CA9B-ABCA-981C-5242AFC72DDF} + {2D3DBCAE-883E-54A6-F8F6-11228D989033} = {2D3DBCAE-883E-54A6-F8F6-11228D989033} + {08A656D9-CDD0-4C9F-AB3F-D98F8E5B6EC6} = {08A656D9-CDD0-4C9F-AB3F-D98F8E5B6EC6} EndProjectSection EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "kmdutil", "install\kmdutil\KmdUtil.vcxproj", "{0BF4988E-2325-4426-8CDC-BD221E4FB68C}" diff --git a/Sandboxie/apps/com/DcomLaunch/dcomlaunch.c b/Sandboxie/apps/com/DcomLaunch/dcomlaunch.c index 0166ff63d5..69a4864efc 100644 --- a/Sandboxie/apps/com/DcomLaunch/dcomlaunch.c +++ b/Sandboxie/apps/com/DcomLaunch/dcomlaunch.c @@ -143,8 +143,10 @@ int __stdcall WinMain( // start dcom launcher service wcscpy(ServiceName, L"DCOMLAUNCH"); ok = Service_Start_ServiceMain( ServiceName, L"rpcss.dll", "ServiceMain", TRUE); + if (ok) + WaitForSingleObject(hThreadEvent, INFINITE); + CloseHandle(hThreadEvent); if (! ok) return EXIT_FAILURE; - WaitForSingleObject(hThreadEvent, INFINITE); return 0; } diff --git a/Sandboxie/apps/com/RpcSs/linger.c b/Sandboxie/apps/com/RpcSs/linger.c index 701bbb1316..59bf820565 100644 --- a/Sandboxie/apps/com/RpcSs/linger.c +++ b/Sandboxie/apps/com/RpcSs/linger.c @@ -303,7 +303,9 @@ int DoLingerLeader(void) InitializeCriticalSection(&ProcessCritSec); heventRpcSs = CreateEvent(0, FALSE, FALSE, NULL); - CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ProcessStartMonitor, NULL, 0, NULL); + HANDLE ThreadHandle = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ProcessStartMonitor, NULL, 0, NULL); + if (ThreadHandle) + CloseHandle(ThreadHandle); if (1) { // diff --git a/Sandboxie/common/my_version.h b/Sandboxie/common/my_version.h index 099fffc7bb..1837584a16 100644 --- a/Sandboxie/common/my_version.h +++ b/Sandboxie/common/my_version.h @@ -20,8 +20,8 @@ #ifndef _MY_VERSION_H #define _MY_VERSION_H -#define MY_VERSION_BINARY 5,43,5 -#define MY_VERSION_STRING "5.43.5" +#define MY_VERSION_BINARY 5,43,6 +#define MY_VERSION_STRING "5.43.6" #define MY_VERSION_COMPAT "5.43.5" // These #defines are used by either Resource Compiler, or by NSIC installer diff --git a/Sandboxie/core/dll/acscmonitor.c b/Sandboxie/core/dll/acscmonitor.c index b87e1cb149..6861a499c7 100644 --- a/Sandboxie/core/dll/acscmonitor.c +++ b/Sandboxie/core/dll/acscmonitor.c @@ -42,6 +42,8 @@ ULONG CALLBACK Acscmonitor_LoadLibrary(LPVOID lpParam) _FX BOOLEAN Acscmonitor_Init(HMODULE hDll) { - CreateThread(NULL, 0, Acscmonitor_LoadLibrary, (LPVOID)0, 0, NULL); + HANDLE ThreadHandle = CreateThread(NULL, 0, Acscmonitor_LoadLibrary, (LPVOID)0, 0, NULL); + if (ThreadHandle) + CloseHandle(ThreadHandle); return TRUE; } diff --git a/Sandboxie/core/dll/dllmain.c b/Sandboxie/core/dll/dllmain.c index c249af60da..2d7acf18c1 100644 --- a/Sandboxie/core/dll/dllmain.c +++ b/Sandboxie/core/dll/dllmain.c @@ -524,6 +524,7 @@ _FX void Dll_SelectImageType(void) L"neon.exe", (WCHAR *)DLL_IMAGE_GOOGLE_CHROME, L"maxthon.exe", (WCHAR *)DLL_IMAGE_GOOGLE_CHROME, L"vivaldi.exe", (WCHAR *)DLL_IMAGE_GOOGLE_CHROME, + L"msedge.exe", (WCHAR *)DLL_IMAGE_GOOGLE_CHROME, // modern edge is chromium based L"GoogleUpdate.exe", (WCHAR *)DLL_IMAGE_GOOGLE_UPDATE, L"AcroRd32.exe", (WCHAR *)DLL_IMAGE_ACROBAT_READER, L"Acrobat.exe", (WCHAR *)DLL_IMAGE_ACROBAT_READER, diff --git a/Sandboxie/core/dll/guicon.c b/Sandboxie/core/dll/guicon.c index cf73ab8a8d..85c2a772fb 100644 --- a/Sandboxie/core/dll/guicon.c +++ b/Sandboxie/core/dll/guicon.c @@ -254,7 +254,9 @@ _FX void Gui_InitConsole2(void) if (_wcsicmp(Dll_ImageName, L"klwtblfs.exe") == 0) { - CreateThread(NULL, 0, Proc_WaitForParentExit, (void *)1, 0, NULL); + HANDLE ThreadHandle = CreateThread(NULL, 0, Proc_WaitForParentExit, (void *)1, 0, NULL); + if (ThreadHandle) + CloseHandle(ThreadHandle); } // diff --git a/Sandboxie/core/dll/proc.c b/Sandboxie/core/dll/proc.c index 944f1621f1..85c1154ccc 100644 --- a/Sandboxie/core/dll/proc.c +++ b/Sandboxie/core/dll/proc.c @@ -64,6 +64,15 @@ static BOOL Proc_CreateProcessInternalW_RS5( LPPROCESS_INFORMATION lpProcessInformation, HANDLE *hNewToken); +static BOOL Proc_UpdateProcThreadAttribute( + _Inout_ LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, + _In_ DWORD dwFlags, + _In_ DWORD_PTR Attribute, + _In_reads_bytes_opt_(cbSize) PVOID lpValue, + _In_ SIZE_T cbSize, + _Out_writes_bytes_opt_(cbSize) PVOID lpPreviousValue, + _In_opt_ PSIZE_T lpReturnSize); + static BOOL Proc_AlternateCreateProcess( const WCHAR *lpApplicationName, WCHAR *lpCommandLine, void *lpCurrentDirectory, LPPROCESS_INFORMATION lpProcessInformation, @@ -245,6 +254,15 @@ typedef BOOL(*P_AddAccessAllowedAceEx)( typedef BOOL(*P_GetLengthSid)( _In_ _Post_readable_byte_size_(return) PSID pSid); +typedef BOOL(*P_UpdateProcThreadAttribute)( + _Inout_ LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, + _In_ DWORD dwFlags, + _In_ DWORD_PTR Attribute, + _In_reads_bytes_opt_(cbSize) PVOID lpValue, + _In_ SIZE_T cbSize, + _Out_writes_bytes_opt_(cbSize) PVOID lpPreviousValue, + _In_opt_ PSIZE_T lpReturnSize); + //--------------------------------------------------------------------------- @@ -275,7 +293,7 @@ static P_AddAccessAllowedAceEx __sys_AddAccessAllowedAceEx = NULL; static P_GetLengthSid __sys_GetLengthSid = NULL;*/ - +static P_UpdateProcThreadAttribute __sys_UpdateProcThreadAttribute = NULL; //--------------------------------------------------------------------------- // Variables @@ -343,6 +361,16 @@ _FX BOOLEAN Proc_Init(void) Dll_Kernel32, &ansi, 0, (void **)&CreateProcessInternalW); } + // fix for chrome 86+ + if (Dll_OsBuild >= 7600) { + void* UpdateProcThreadAttribute = NULL; + RtlInitString(&ansi, "UpdateProcThreadAttribute"); + status = LdrGetProcedureAddress( + Dll_KernelBase, &ansi, 0, (void **)&UpdateProcThreadAttribute); + if (NT_SUCCESS(status)) + SBIEDLL_HOOK(Proc_, UpdateProcThreadAttribute); + } + if(Dll_OsBuild < 17677) { SBIEDLL_HOOK(Proc_,CreateProcessInternalW); @@ -904,6 +932,26 @@ _FX BOOL Proc_CreateProcessInternalW( return ok; } + +_FX BOOL Proc_UpdateProcThreadAttribute( + _Inout_ LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, + _In_ DWORD dwFlags, + _In_ DWORD_PTR Attribute, + _In_reads_bytes_opt_(cbSize) PVOID lpValue, + _In_ SIZE_T cbSize, + _Out_writes_bytes_opt_(cbSize) PVOID lpPreviousValue, + _In_opt_ PSIZE_T lpReturnSize) +{ + // fix for chreom 86+ + // when the PROC_THREAD_ATTRIBUTE_JOB_LIST is set the call CreateProcessAsUserW -> CreateProcessInternalW -> NtCreateProcess + // fals with an access denided error, so we need to block this attribute form being set + // if(Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) + if (Attribute == 0x0002000d) //PROC_THREAD_ATTRIBUTE_JOB_LIST + return TRUE; + + return __sys_UpdateProcThreadAttribute(lpAttributeList, dwFlags, Attribute, lpValue, cbSize, lpPreviousValue, lpReturnSize); +} + void *Proc_GetImageFullPath(const WCHAR *lpApplicationName, const WCHAR *lpCommandLine) { if ((lpApplicationName == NULL) && (lpCommandLine == NULL)) @@ -948,6 +996,16 @@ void *Proc_GetImageFullPath(const WCHAR *lpApplicationName, const WCHAR *lpComma return mybuf; } +#ifndef STARTUPINFOEXW +typedef struct _STARTUPINFOEXA { + STARTUPINFOA StartupInfo; + LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList; +} STARTUPINFOEXA, *LPSTARTUPINFOEXA; +typedef struct _STARTUPINFOEXW { + STARTUPINFOW StartupInfo; + LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList; +} STARTUPINFOEXW, *LPSTARTUPINFOEXW; +#endif // Processes in Windows 10 RS5 will start with the Sandboxie restricted token. // Thus the expected failure of the original call to CreateProcessInternalW doesn't diff --git a/Sandboxie/core/dll/scm_create.c b/Sandboxie/core/dll/scm_create.c index 0e97df62e5..091faa52c9 100644 --- a/Sandboxie/core/dll/scm_create.c +++ b/Sandboxie/core/dll/scm_create.c @@ -1308,8 +1308,11 @@ _FX BOOL Scm_StartServiceCtrlDispatcherX( Scm_IsMsiServer = TRUE; } - if (! CreateThread(NULL, 0, Scm_ServiceMainThread, args, 0, &ThreadId)) - Scm_Stopped = TRUE; + HANDLE ThreadHandle = CreateThread(NULL, 0, Scm_ServiceMainThread, args, 0, &ThreadId); + if (ThreadHandle) + CloseHandle(ThreadHandle); + else + Scm_Stopped = TRUE; // // main loop: wait for changes on the service key diff --git a/Sandboxie/core/dll/sh.c b/Sandboxie/core/dll/sh.c index 049bc4eab0..ee0168cd5a 100644 --- a/Sandboxie/core/dll/sh.c +++ b/Sandboxie/core/dll/sh.c @@ -849,7 +849,9 @@ _FX BOOLEAN SH32_Init(HMODULE module) NULL, L"NoAutoExitExplorer", 0, buf, sizeof(buf)); if (! buf[0]) { - CreateThread(NULL, 0, SH_WindowMonitorThread, NULL, 0, NULL); + HANDLE ThreadHandle = CreateThread(NULL, 0, SH_WindowMonitorThread, NULL, 0, NULL); + if (ThreadHandle) + CloseHandle(ThreadHandle); } } diff --git a/Sandboxie/core/svc/DriverAssist.cpp b/Sandboxie/core/svc/DriverAssist.cpp index 553b0b7dbe..3827ed8256 100644 --- a/Sandboxie/core/svc/DriverAssist.cpp +++ b/Sandboxie/core/svc/DriverAssist.cpp @@ -89,6 +89,7 @@ bool DriverAssist::Initialize() hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)StartDriverAsync, m_instance, 0, &tid); + CloseHandle(hThread); return true; } @@ -309,6 +310,7 @@ DWORD DriverAssist::MsgWorkerThreadStub(void *MyMsg) void DriverAssist::Thread() { NTSTATUS status; + HANDLE hThread; DWORD threadId; MSG_DATA *MsgData; @@ -329,7 +331,11 @@ void DriverAssist::Thread() } MsgData->ClassContext = this; - CreateThread(NULL, 0, MsgWorkerThreadStub, (void *)MsgData, 0, &threadId); + hThread = CreateThread(NULL, 0, MsgWorkerThreadStub, (void *)MsgData, 0, &threadId); + if (hThread) + CloseHandle(hThread); + else + VirtualFree(MsgData, 0, MEM_RELEASE); } } diff --git a/Sandboxie/core/svc/serviceserver2.cpp b/Sandboxie/core/svc/serviceserver2.cpp index 3eb516d67d..6118977933 100644 --- a/Sandboxie/core/svc/serviceserver2.cpp +++ b/Sandboxie/core/svc/serviceserver2.cpp @@ -788,9 +788,9 @@ void ServiceServer::RunUacSlave2(ULONG_PTR *ThreadArgs) if (isAdmin) { CreateThread( - NULL, 0, RunUacSlave2Thread1, (void *)ThreadArgs, 0, NULL); + NULL, 0, RunUacSlave2Thread1, (void *)ThreadArgs, 0, NULL); // fix-me: i'm leaking a thread CreateThread( - NULL, 0, RunUacSlave2Thread2, (void *)ThreadArgs, 0, NULL); + NULL, 0, RunUacSlave2Thread2, (void *)ThreadArgs, 0, NULL); // fix-me: i'm leaking a thread while (1) SuspendThread(GetCurrentThread()); @@ -909,9 +909,9 @@ void ServiceServer::RunUacSlave2(ULONG_PTR *ThreadArgs) strings[2] = strings[1]; CreateThread( - NULL, 0, RunUacSlave2Thread1, (void *)ThreadArgs, 0, NULL); + NULL, 0, RunUacSlave2Thread1, (void *)ThreadArgs, 0, NULL); // fix-me: i'm leaking a thread CreateThread( - NULL, 0, RunUacSlave2Thread2, (void *)ThreadArgs, 0, NULL); + NULL, 0, RunUacSlave2Thread2, (void *)ThreadArgs, 0, NULL); // fix-me: i'm leaking a thread } } } diff --git a/SandboxiePlus/SandMan/SandMan.h b/SandboxiePlus/SandMan/SandMan.h index d8a276eace..440042cf01 100644 --- a/SandboxiePlus/SandMan/SandMan.h +++ b/SandboxiePlus/SandMan/SandMan.h @@ -12,7 +12,7 @@ #define VERSION_MJR 0 #define VERSION_MIN 4 -#define VERSION_REV 1 +#define VERSION_REV 2 #define VERSION_UPD 0 diff --git a/SandboxiePlus/SandMan/Views/SbieView.cpp b/SandboxiePlus/SandMan/Views/SbieView.cpp index 33da7d5fbb..2aee233a03 100644 --- a/SandboxiePlus/SandMan/Views/SbieView.cpp +++ b/SandboxiePlus/SandMan/Views/SbieView.cpp @@ -7,6 +7,10 @@ #include "../Windows/OptionsWindow.h" #include "../Windows/SnapshotsWindow.h" +#include "qt_windows.h" +#include "qwindowdefs_win.h" +#include + CSbieView::CSbieView(QWidget* parent) : CPanelView(parent) { m_pMainLayout = new QVBoxLayout(); @@ -54,6 +58,8 @@ CSbieView::CSbieView(QWidget* parent) : CPanelView(parent) m_pMenuRunCmd = m_pMenuRun->addAction(tr("Run Cmd.exe"), this, SLOT(OnSandBoxAction())); m_pMenuEmptyBox = m_pMenu->addAction(tr("Terminate All Programs"), this, SLOT(OnSandBoxAction())); m_pMenu->addSeparator(); + m_pMenuExplore = m_pMenu->addAction(tr("Explore Content"), this, SLOT(OnSandBoxAction())); + m_pMenu->addSeparator(); m_pMenuSnapshots = m_pMenu->addAction(tr("Snapshots Manager"), this, SLOT(OnSandBoxAction())); m_pMenuCleanUp = m_pMenu->addAction(tr("Delete Content"), this, SLOT(OnSandBoxAction())); m_pMenu->addSeparator(); @@ -218,6 +224,11 @@ void CSbieView::OnSandBoxAction() COptionsWindow* pOptionsWindow = new COptionsWindow(SandBoxes.first(), SandBoxes.first()->GetName(), this); pOptionsWindow->show(); } + else if (Action == m_pMenuExplore) + { + ::ShellExecute(NULL, NULL, SandBoxes.first()->GetFileRoot().toStdWString().c_str(), NULL, NULL, SW_SHOWNORMAL); + // if (ret <= 32) error + } else if (Action == m_pMenuSnapshots) { CSnapshotsWindow* pSnapshotsWindow = new CSnapshotsWindow(SandBoxes.first(), this); diff --git a/SandboxiePlus/SandMan/Views/SbieView.h b/SandboxiePlus/SandMan/Views/SbieView.h index 5dcadf2dd0..0cdd77cc4d 100644 --- a/SandboxiePlus/SandMan/Views/SbieView.h +++ b/SandboxiePlus/SandMan/Views/SbieView.h @@ -54,6 +54,7 @@ private slots: QAction* m_pMenuOptions; QAction* m_pMenuSnapshots; QAction* m_pMenuEmptyBox; + QAction* m_pMenuExplore; QAction* m_pMenuCleanUp; QAction* m_pMenuRemove; QAction* m_pMenuRename;