1.12.4

CHANGELOG.md

@@ -13,13 +13,14 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ### Changed
 - without an active, non expired, supporter certificate, automatic updates/downloads are not longer available for the stable channel
  - the autoamtic updater will still work and notify about new stable releases, the user will be guided to visit the download page and download the latest installer manually
+- cleanup button is also enabled when not connencted to core
 
 ### Fixed
 - fixed running sandboxed processes located in a imdisk volume [#3472](https://github.com/sandboxie-plus/Sandboxie/discussions/3472)
 - fixed sample 634d066fd4f9a8b201a3ddf346e880be unable to be terminate on windows 7 x64 [#3482](https://github.com/sandboxie-plus/Sandboxie/issues/3482)
 - fixed UseNewSymlinkResolver causes applications to create both the link and the target folder [#3481](https://github.com/sandboxie-plus/Sandboxie/issues/3481)
 - fixed Renaming a sandbox breaks Group hierarchy [#3430](https://github.com/sandboxie-plus/Sandboxie/issues/3430)
-
+- fixed Encrypted confidential Box + red box preset blocks box access to it's own root directories [#3475](https://github.com/sandboxie-plus/Sandboxie/issues/3475)
 
 
 

Sandboxie/core/dll/dll.h

@@ -266,10 +266,12 @@ extern const WCHAR *Dll_HomeDosPath;
 //extern ULONG Dll_HomeDosPathLen;
 
 extern const WCHAR *Dll_BoxFilePath;
+extern const WCHAR *Dll_BoxFileDosPath;
 extern const WCHAR *Dll_BoxKeyPath;
 extern const WCHAR *Dll_BoxIpcPath;
 
 extern ULONG Dll_BoxFilePathLen;
+extern ULONG Dll_BoxFileDosPathLen;
 extern ULONG Dll_BoxKeyPathLen;
 extern ULONG Dll_BoxIpcPathLen;
 extern ULONG Dll_SidStringLen;

Sandboxie/core/dll/dllmain.c

@@ -74,10 +74,12 @@ const WCHAR *Dll_HomeDosPath = NULL;
 //ULONG Dll_HomeDosPathLen = 0;
 
 const WCHAR *Dll_BoxFilePath = NULL;
+const WCHAR *Dll_BoxFileDosPath = NULL;
 const WCHAR *Dll_BoxKeyPath = NULL;
 const WCHAR *Dll_BoxIpcPath = NULL;
 
 ULONG Dll_BoxFilePathLen = 0;
+ULONG Dll_BoxFileDosPathLen = 0;
 ULONG Dll_BoxKeyPathLen = 0;
 ULONG Dll_BoxIpcPathLen = 0;
 ULONG Dll_SidStringLen = 0;

Sandboxie/core/dll/file.c

@@ -7350,6 +7350,21 @@ _FX BOOLEAN SbieDll_TranslateNtToDosPath(WCHAR *path)
     }
 
     path_len = wcslen(path);
+
+    //
+    // workaround for hidden box root
+    //
+
+    if (Dll_BoxFileDosPathLen && Dll_BoxFilePathLen <= path_len && _wcsnicmp(path, Dll_BoxFilePath, Dll_BoxFilePathLen) == 0)
+    {
+        wmemmove(path + Dll_BoxFileDosPathLen, path + Dll_BoxFilePathLen, wcslen(path + Dll_BoxFilePathLen) + 1);
+        wmemcpy(path, Dll_BoxFileDosPath, Dll_BoxFileDosPathLen);
+        return TRUE;
+    }
+
+    //
+    // Find Dos Drive Letter
+    //
 
     drive = File_GetDriveForPath(path, path_len);
     if (drive)

Sandboxie/core/dll/file_init.c

@@ -176,6 +176,34 @@ _FX BOOLEAN File_Init(void)
         }
     }
 
+
+    Dll_BoxFileDosPath = Dll_Alloc((Dll_BoxFilePathLen + 1) * sizeof(WCHAR));
+    wcscpy((WCHAR *)Dll_BoxFileDosPath, Dll_BoxFilePath);
+    if (!SbieDll_TranslateNtToDosPath((WCHAR *)Dll_BoxFileDosPath) || _wcsnicmp(Dll_BoxFileDosPath, L"\\\\.\\", 4) == 0) 
+    {
+        Dll_Free((WCHAR *)Dll_BoxFileDosPath);
+        Dll_BoxFileDosPath = NULL;
+
+        //
+        // the root is redirected with a reparse point and the target device does not have a drvie letter
+        // implement workaround, see SbieDll_TranslateNtToDosPath
+        //
+
+        ULONG BoxFilePathLen = (0x1000 + 1) * sizeof(WCHAR);
+        WCHAR* BoxFilePathConf = Dll_AllocTemp(BoxFilePathLen);
+        SbieApi_QueryConf(NULL, L"FileRootPath", 0, BoxFilePathConf, BoxFilePathLen);
+
+        if (SbieDll_TranslateNtToDosPath(BoxFilePathConf))
+        {
+            Dll_BoxFileDosPathLen = wcslen(BoxFilePathConf);
+            Dll_BoxFileDosPath = Dll_Alloc((Dll_BoxFileDosPathLen + 1) * sizeof(WCHAR));
+            wcscpy((WCHAR *)Dll_BoxFileDosPath, BoxFilePathConf);
+        }
+        Dll_Free(BoxFilePathConf);
+    }
+    else
+        Dll_BoxFileDosPathLen = wcslen(Dll_BoxFileDosPath);
+
 	File_InitSnapshots();
 
     File_InitRecoverFolders();

Sandboxie/core/drv/file.c

@@ -1021,7 +1021,8 @@ _FX BOOLEAN File_InitProcess(PROCESS *proc)
     // make sure the image path does not match a ClosedFilePath setting
     //
 
-    if (ok && proc->image_path && (! proc->image_sbie)) {
+    if (ok && proc->image_path && (! proc->image_sbie) 
+        && _wcsnicmp(proc->image_path, proc->box->file_path, (proc->box->file_path_len / sizeof(WCHAR)) - 1) != 0) {
 
 #ifdef USE_MATCH_PATH_EX
         ULONG mp_flags = Process_MatchPathEx(proc, proc->image_path, wcslen(proc->image_path), L'f', 

Sandboxie/core/drv/file_flt.c

@@ -503,6 +503,11 @@ _FX FLT_PREOP_CALLBACK_STATUS File_PreOperation(
                     && _wcsnicmp(Name->Name.Buffer, root->file_root, root->file_root_len) == 0
                     ) {
 
+                    //DbgPrint("IRP_MJ_CREATE: %S\n", root->file_root);
+
+                    if (Util_IsProtectedProcess(PsGetCurrentProcessId()))
+                        break;
+
                     status = STATUS_ACCESS_DENIED;
 
                     if (proc && !proc->bHostInject) {

Sandboxie/core/drv/thread.c

@@ -1138,36 +1138,6 @@ _FX NTSTATUS Thread_CheckObject_Common(
 }
 
 
-//---------------------------------------------------------------------------
-// Thread_IsProtectedProcess
-//---------------------------------------------------------------------------
-
-NTKERNELAPI BOOLEAN NTAPI PsIsProtectedProcess(_In_ PEPROCESS Process);
-
-_FX BOOLEAN Thread_IsProtectedProcess(HANDLE pid)
-{
-    PEPROCESS ProcessObject;
-    NTSTATUS status;
-    BOOLEAN ret = FALSE;
-
-    //
-    // Check if this process is a protected process,
-    // as protected processes are integral windows processes or trusted antimalware services
-    // we allow such processes to access even confidential sandboxed programs.
-    //
-
-    status = PsLookupProcessByProcessId(pid, &ProcessObject);
-    if (NT_SUCCESS(status)) {
-
-        ret = PsIsProtectedProcess(ProcessObject);
-
-        ObDereferenceObject(ProcessObject);
-    }
-
-    return ret;
-}
-
-
 //---------------------------------------------------------------------------
 // Thread_CheckObject_CommonEx
 //---------------------------------------------------------------------------
@@ -1232,10 +1202,9 @@ _FX ACCESS_MASK Thread_CheckObject_CommonEx(
                         //
 
                         if (protect_process /*&& MyIsProcessRunningAsSystemAccount(cur_pid)*/) {
-                            if ((_wcsicmp(nptr, SBIESVC_EXE) == 0) || (_wcsicmp(nptr, L"csrss.exe") == 0)
+                            if ((_wcsicmp(nptr, SBIESVC_EXE) == 0) || Util_IsProtectedProcess(cur_pid)
                                 || (_wcsicmp(nptr, L"conhost.exe") == 0)
-                                || (_wcsicmp(nptr, L"taskmgr.exe") == 0) || (_wcsicmp(nptr, L"sandman.exe") == 0)
-                                || Thread_IsProtectedProcess(cur_pid))
+                                || (_wcsicmp(nptr, L"taskmgr.exe") == 0) || (_wcsicmp(nptr, L"sandman.exe") == 0))
                                 protect_process = FALSE;
                         }
 

Sandboxie/core/drv/util.c

@@ -446,6 +446,36 @@ _FX HANDLE Util_GetProcessPidByName(const WCHAR* name)
 }
 
 
+//---------------------------------------------------------------------------
+// Util_IsProtectedProcess
+//---------------------------------------------------------------------------
+
+NTKERNELAPI BOOLEAN NTAPI PsIsProtectedProcess(_In_ PEPROCESS Process);
+
+_FX BOOLEAN Util_IsProtectedProcess(HANDLE pid)
+{
+    PEPROCESS ProcessObject;
+    NTSTATUS status;
+    BOOLEAN ret = FALSE;
+
+    //
+    // Check if this process is a protected process,
+    // as protected processes are integral windows processes or trusted antimalware services
+    // we allow such processes to access even confidential sandboxed programs.
+    //
+
+    status = PsLookupProcessByProcessId(pid, &ProcessObject);
+    if (NT_SUCCESS(status)) {
+
+        ret = PsIsProtectedProcess(ProcessObject);
+
+        ObDereferenceObject(ProcessObject);
+    }
+
+    return ret;
+}
+
+
 //---------------------------------------------------------------------------
 // Util_GetTime
 //---------------------------------------------------------------------------

Sandboxie/core/drv/util.h

@@ -109,6 +109,7 @@ NTSTATUS MyValidateCertificate(void);
 
 HANDLE Util_GetProcessPidByName(const WCHAR* name);
 
+BOOLEAN Util_IsProtectedProcess(HANDLE pid);
 
 LARGE_INTEGER Util_GetTimestamp(void);
 

SandboxiePlus/SandMan/SandMan.cpp

@@ -2498,18 +2498,14 @@ void CSandMan::UpdateState()
 	m_pDisableForce->setEnabled(isConnected);
 	m_pDisableForce2->setEnabled(isConnected);
 
-	//m_pCleanUpMenu->setEnabled(isConnected);
-	//m_pCleanUpButton->setEnabled(isConnected);
-	//m_pKeepTerminated->setEnabled(isConnected);
-
 	m_pEditIni->setEnabled(isConnected);
 	if(m_pEditIni2) m_pEditIni2->setEnabled(isConnected);
 	m_pReloadIni->setEnabled(isConnected);
 	if(m_pEnableMonitoring) m_pEnableMonitoring->setEnabled(isConnected);
 
 	if (m_pNewBoxButton) m_pNewBoxButton->setEnabled(isConnected);
 	if (m_pEditIniButton) m_pEditIniButton->setEnabled(isConnected);
-	if (m_pCleanUpButton) m_pCleanUpButton->setEnabled(isConnected);
+	//if (m_pCleanUpButton) m_pCleanUpButton->setEnabled(isConnected);
 }
 
 void CSandMan::OnMenuHover(QAction* action)