systemless MSIServer + fixes and some cleanup

sandboxie-plus · Jul 12, 2021 · a4e6b49 · a4e6b49
1 parent 1b7ebbd
commit a4e6b49
Show file tree

Hide file tree

Showing 23 changed files with 283 additions and 107 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,10 +2,27 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+
+
+## [0.8.8 / 5.50.8] - 2021-07-12
+
+### Changed
+- MSIServer no longer requirers being run as system completing the move to not using system tockens in a sandbox by default
+-- the security enhanced option "MsiInstallerExemptions=n" is now the default behavioure
+
+### Fixed
+- fixed issue with the "Explore Sandboxed" command [#972](https://github.com/sandboxie-plus/Sandboxie/issues/972)
+- rolled back the switch from using NtQueryKey to NtQueryObject as it seams to bream soem older w10 versions liek 1803 [#984](https://github.com/sandboxie-plus/Sandboxie/issues/984)
+-- this change was introduced to fix [#951](https://github.com/sandboxie-plus/Sandboxie/issues/951)
+-- to use NtQueryObject the option "UseObjectNameForKeys=y" can be added to sandboxie.ini
+
+
+
+
 ## [0.8.7b / 5.50.7] - 2021-07-11
 
 ### Fixed
-- fixed issue with boxes that had auto-delete activated introduced in the previous build
+- fixed issue with boxes that had auto-delete activated introduced in the previous build [#986](https://github.com/sandboxie-plus/Sandboxie/issues/986)
 
 ## [0.8.7 / 5.50.7] - 2021-07-10
 

diff --git a/Sandboxie/apps/common/Common.vcxproj b/Sandboxie/apps/common/Common.vcxproj
@@ -103,22 +103,17 @@
   <ItemGroup>
   </ItemGroup>
   <ItemGroup>
-    <ClCompile Include="..\..\common\my_ntdll.c" />
     <ClCompile Include="BoxOrder.c" />
     <ClCompile Include="DlgTmplRtl.cpp" />
     <ClCompile Include="MyFileOp.c" />
     <ClCompile Include="MyGdi.c" />
     <ClCompile Include="MyMsgBox.c" />
   </ItemGroup>
   <ItemGroup>
-    <ClInclude Include="..\..\common\my_shlwapi.h" />
-    <ClInclude Include="..\..\common\my_version.h" />
-    <ClInclude Include="..\..\common\my_xeb.h" />
     <ClInclude Include="BoxOrder.h" />
     <ClInclude Include="CommonUtils.h" />
     <ClInclude Include="MyGdi.h" />
     <ClInclude Include="MyMsgBox.h" />
-    <ClInclude Include="MyPool.h" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">

diff --git a/Sandboxie/apps/control/Control.vcxproj b/Sandboxie/apps/control/Control.vcxproj
@@ -183,20 +183,8 @@
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">NotUsing</PrecompiledHeader>
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">NotUsing</PrecompiledHeader>
     </ClCompile>
-    <ClCompile Include="..\common\BoxOrder.c">
-      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">NotUsing</PrecompiledHeader>
-      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">NotUsing</PrecompiledHeader>
-      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">NotUsing</PrecompiledHeader>
-      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">NotUsing</PrecompiledHeader>
-    </ClCompile>
     <ClCompile Include="..\common\FontStore.cpp" />
     <ClCompile Include="..\common\Layout.cpp" />
-    <ClCompile Include="..\common\MyGdi.c">
-      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">NotUsing</PrecompiledHeader>
-      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">NotUsing</PrecompiledHeader>
-      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">NotUsing</PrecompiledHeader>
-      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">NotUsing</PrecompiledHeader>
-    </ClCompile>
     <ClCompile Include="..\common\MyMsg.cpp">
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">NotUsing</PrecompiledHeader>
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">NotUsing</PrecompiledHeader>
@@ -297,11 +285,8 @@
     <ClInclude Include="..\..\common\json\JSON.h" />
     <ClInclude Include="..\..\common\json\JSONValue.h" />
     <ClInclude Include="..\..\common\my_version.h" />
-    <ClInclude Include="..\common\BoxOrder.h" />
-    <ClInclude Include="..\common\CommonUtils.h" />
     <ClInclude Include="..\common\FontStore.h" />
     <ClInclude Include="..\common\Layout.h" />
-    <ClInclude Include="..\common\MyGdi.h" />
     <ClInclude Include="..\common\MyMsg.h" />
     <ClInclude Include="..\common\RunBrowser.h" />
     <ClInclude Include="..\common\RunStartExe.h" />

diff --git a/Sandboxie/apps/control/Control.vcxproj.filters b/Sandboxie/apps/control/Control.vcxproj.filters
@@ -54,18 +54,12 @@
     <ClCompile Include="UserSettings.cpp" />
     <ClCompile Include="ViewTemplateDialog.cpp" />
     <ClCompile Include="WindowTitleMap.cpp" />
-    <ClCompile Include="..\common\BoxOrder.c">
-      <Filter>common</Filter>
-    </ClCompile>
     <ClCompile Include="..\common\FontStore.cpp">
       <Filter>common</Filter>
     </ClCompile>
     <ClCompile Include="..\common\Layout.cpp">
       <Filter>common</Filter>
     </ClCompile>
-    <ClCompile Include="..\common\MyGdi.c">
-      <Filter>common</Filter>
-    </ClCompile>
     <ClCompile Include="..\common\MyMsg.cpp">
       <Filter>common</Filter>
     </ClCompile>
@@ -137,18 +131,12 @@
     <ClInclude Include="UserSettings.h" />
     <ClInclude Include="ViewTemplateDialog.h" />
     <ClInclude Include="WindowTitleMap.h" />
-    <ClInclude Include="..\common\BoxOrder.h">
-      <Filter>common</Filter>
-    </ClInclude>
     <ClInclude Include="..\common\FontStore.h">
       <Filter>common</Filter>
     </ClInclude>
     <ClInclude Include="..\common\Layout.h">
       <Filter>common</Filter>
     </ClInclude>
-    <ClInclude Include="..\common\MyGdi.h">
-      <Filter>common</Filter>
-    </ClInclude>
     <ClInclude Include="..\common\MyMsg.h">
       <Filter>common</Filter>
     </ClInclude>
@@ -166,9 +154,6 @@
     </ClInclude>
     <ClInclude Include="UpdateDialog.h" />
     <ClInclude Include="Updater.h" />
-    <ClInclude Include="..\common\CommonUtils.h">
-      <Filter>common</Filter>
-    </ClInclude>
     <ClInclude Include="..\common\RunStartExe.h">
       <Filter>common</Filter>
     </ClInclude>

diff --git a/Sandboxie/common/my_version.h b/Sandboxie/common/my_version.h
@@ -21,8 +21,8 @@
 #ifndef _MY_VERSION_H
 #define _MY_VERSION_H
 
-#define MY_VERSION_BINARY       5,50,7
-#define MY_VERSION_STRING       "5.50.7"
+#define MY_VERSION_BINARY       5,50,8
+#define MY_VERSION_STRING       "5.50.8"
 #define MY_VERSION_COMPAT		"5.50.0" // this refers to the driver ABI compatibility
 
 // These #defines are used by either Resource Compiler, or by NSIC installer

diff --git a/Sandboxie/core/dll/dll.h b/Sandboxie/core/dll/dll.h
@@ -181,6 +181,12 @@ typedef struct _THREAD_DATA {
 
     ULONG file_dont_strip_write_access;
 
+    //
+    // misc modules
+    //
+
+    HANDLE  scm_last_own_token;
+
     //
     // proc module:  image path for a child process being started
     //

diff --git a/Sandboxie/core/dll/file.c b/Sandboxie/core/dll/file.c
@@ -2440,6 +2440,22 @@ _FX NTSTATUS File_NtCreateFileImpl(
     if (Dll_OsBuild >= 8400 && Dll_ImageType == DLL_IMAGE_TRUSTED_INSTALLER)
         DesiredAccess &= ~ACCESS_SYSTEM_SECURITY;   // for TiWorker.exe (W8)
 
+    // MSIServer without system
+    if (Dll_ImageType == DLL_IMAGE_MSI_INSTALLER && (DesiredAccess & ACCESS_SYSTEM_SECURITY) != 0
+        && ObjectAttributes && ObjectAttributes->ObjectName && ObjectAttributes->ObjectName->Buffer
+        && _wcsicmp(ObjectAttributes->ObjectName->Buffer + (ObjectAttributes->ObjectName->Length / sizeof(WCHAR)) - 3, L".msi") == 0
+        ){
+
+        //
+        // MSIServer when accessing \??\C:\WINDOWS\Installer\???????.msi files will get a PROGOLEGE_NOT_HELD error when requesting ACCESS_SYSTEM_SECURITY
+        // Howeever if we broadly clear this flag we will get error 1946 'System.AppUserModel.ID' could not be set on *.lnk files
+        //
+
+        DesiredAccess &= ~ACCESS_SYSTEM_SECURITY;
+    }
+
+
+
     __try {
 
     IoStatusBlock->Information = FILE_DOES_NOT_EXIST;
@@ -3018,6 +3034,25 @@ _FX NTSTATUS File_NtCreateFileImpl(
                 //  while(!IsDebuggerPresent()) Sleep(50); __debugbreak();
                 //}
 
+                // MSIServer without system
+                if (status == STATUS_ACCESS_DENIED && Dll_ImageType == DLL_IMAGE_MSI_INSTALLER 
+                    && ObjectAttributes->ObjectName->Buffer && ObjectAttributes->ObjectName->Length >= 34
+                    && _wcsicmp(ObjectAttributes->ObjectName->Buffer + (ObjectAttributes->ObjectName->Length / sizeof(WCHAR)) - 11, L"\\Config.Msi") == 0
+                    ) {
+
+                    //
+                    // MSI must not fail accessing \??\C:\WINDOWS\Installer\Config.msi but this folder is readable only for system,
+                    // so we create a boxed copy copy instead and open it
+                    //
+
+                    RtlInitUnicodeString(&objname, CopyPath);
+                    status = __sys_NtCreateFile(
+                        FileHandle, DesiredAccess, &objattrs,
+                        IoStatusBlock, AllocationSize, FileAttributes,
+                        ShareAccess, FILE_OPEN_IF, FILE_DIRECTORY_FILE,
+                        EaBuffer, EaLength);
+                }
+
                 //
                 // special case for SandboxieCrypto on Windows Vista,
                 // which tries to open catdb that are locked by

diff --git a/Sandboxie/core/dll/file_dir.c b/Sandboxie/core/dll/file_dir.c
@@ -170,7 +170,7 @@ static void File_InitRecoverList(
     const WCHAR *setting, LIST *list, BOOLEAN MustBeValidPath,
     WCHAR *buf, ULONG buf_len);
 
-static void File_NotifyRecover(HANDLE FileHandle, MSG_HEADER **out_req);
+static void File_NotifyRecover(HANDLE FileHandle);
 
 static BOOLEAN File_IsRecoverable(const WCHAR *TruePath);
 
@@ -1917,7 +1917,6 @@ _FX NTSTATUS File_NtCloseImpl(HANDLE FileHandle)
     NTSTATUS status;
     ULONG type;
     FILE_MERGE *merge;
-    MSG_HEADER *req;
 
     P_NtClose pSysNtClose = __sys_NtClose;
 
@@ -1961,6 +1960,13 @@ _FX NTSTATUS File_NtCloseImpl(HANDLE FileHandle)
         Key_NtClose(FileHandle);
     }
 
+    //
+    // special handling for scm_msi.c
+    //
+
+    if (TlsData->scm_last_own_token == FileHandle)
+        TlsData->scm_last_own_token = NULL;
+
     //
     // if not closing a file handle, stop here
     //
@@ -1978,8 +1984,6 @@ _FX NTSTATUS File_NtCloseImpl(HANDLE FileHandle)
     // close for a real handle
     //
 
-    req = NULL;
-
     EnterCriticalSection(&File_DirHandles_CritSec);
 
     merge = List_Head(&File_DirHandles);
@@ -1998,17 +2002,10 @@ _FX NTSTATUS File_NtCloseImpl(HANDLE FileHandle)
     // close and recover file
     //
 
-    File_NotifyRecover(FileHandle, &req);
+    File_NotifyRecover(FileHandle);
 
     status = pSysNtClose ? pSysNtClose(FileHandle) : NtClose(FileHandle);
 
-    if (req) {
-        MSG_HEADER *rpl = SbieDll_CallServer(req);
-        Dll_Free(req);
-        if (rpl)
-            Dll_Free(rpl);
-    }
-
     TlsData->file_NtClose_lock = FALSE;
 
     SetLastError(LastError);
@@ -2672,8 +2669,7 @@ _FX void File_DuplicateRecover(
 //---------------------------------------------------------------------------
 
 
-_FX void File_NotifyRecover(
-    HANDLE FileHandle, MSG_HEADER **out_req)
+_FX void File_NotifyRecover(HANDLE FileHandle)
 {
     THREAD_DATA *TlsData = Dll_GetTlsData(NULL);
 

diff --git a/Sandboxie/core/dll/gui.c b/Sandboxie/core/dll/gui.c
@@ -526,9 +526,6 @@ _FX BOOLEAN Gui_Init(HMODULE module)
     if (ok)
         ok = Gui_InitMsg();
 
-    if (ok)
-        ok = Gui_InitWinHooks();
-
     if (ok)
         ok = Gui_InitDlgTmpl();
 
@@ -540,6 +537,9 @@ _FX BOOLEAN Gui_Init(HMODULE module)
 		return ok;
 	// NoSbieDesk END
 
+    if (ok)
+        ok = Gui_InitWinHooks();
+
     SBIEDLL_HOOK_GUI(AttachThreadInput);
 
     return ok;

diff --git a/Sandboxie/core/dll/guihook.c b/Sandboxie/core/dll/guihook.c
@@ -96,6 +96,7 @@ static CRITICAL_SECTION Gui_HooksCritSec;
 static LIST Gui_Hooks;
 static DWORD Gui_HookHelperThreadId = 0;
 static int Gui_HookCount = 0;
+static BOOLEAN Gui_HookInit = FALSE;
 
 //---------------------------------------------------------------------------
 // Gui_InitWinHooks
@@ -111,6 +112,8 @@ _FX BOOLEAN Gui_InitWinHooks(void)
     SBIEDLL_HOOK_GUI(SetWindowsHookExW);
     SBIEDLL_HOOK_GUI(UnhookWindowsHookEx);
 
+    Gui_HookInit = TRUE;
+
     return TRUE;
 }
 
@@ -618,6 +621,9 @@ _FX BOOL Gui_UnhookWindowsHookEx(HHOOK hhk)
 
 _FX LRESULT Gui_NotifyWinHooks()
 {
+    if (!Gui_HookInit)
+        return 0;
+
     GUI_WND_HOOK_NOTIFY_REQ req;
     GUI_WND_HOOK_NOTIFY_RPL *rpl;