Build 0.4.4

CHANGELOG.md

@@ -4,6 +4,47 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 
 
+
+## [0.4.5 / 5.44.1] - 2020-11-16
+
+### Added
+- added "Terminate all processes" and "disable forced programs" commands to tray menu in SandMan ui
+- program start restrictions settings now can be switsched between a white list and a black list
+-- programs can be terminated and blacklisted from the context menu
+- added additional process context menu options, lingering and leader process can be now set from menu
+- added option to view template presets for any given box
+- added text filter to template view
+- added new compatybility templates:
+-- Windows 10 core UI component: OpenIpcPath=\BaseNamedObjects\[CoreUI]-* solving issues with Chinese Input and Emojis
+-- FireFox Quantum, access to windows FontCachePort for compatybility with windows 7
+- added experimental debug option "OriginalToken=y" which lets sandboxed processes retain their original unrestricted token
+-- This option is comparable with "OpenToken=y" and is intended only for testing and debugging, it BREAKS most SECURITY guarantees (!)
+- added debug option "NoSandboxieDesktop=y" it disables the desktop proxy mechanism
+-- Note: without an unrestricted token with this option applications wont be able to start
+- added debug option "NoSysCallHooks=y" it disables the sys call processing by the driver
+-- Note: without an unrestricted token with this option applications wont be able to start
+- added ability to record verbost access tracess to the resource monitor
+-- use ini options "FileTrace=*", "PipeTrace=*", "KeyTrace=*", "IpcTrace=*", "GuiTrace=*" to record all events
+-- replace "*" to log only: "A" - allowed, "D" - denided, or "I" - ignore events
+- added ability to record debug output strings to the resource monitor,
+-- use ini option DebugTrace=y to enable
+
+### Changed
+- AppUserModelID sting no longer contains sandboxie version string
+- now by default sbie's application manifest hack is disabled, as it causes problems with version checking on windows 10
+-- to enable old behavioure add "PreferExternalManifest=y" to the global or the box specific ini section
+- the resource log mechanism can now handle multiple strings to reduce on string copy operations
+
+### Fixed
+- fixed issue with disabling some restriction settings failed
+- fixed disabling of internet block from the presets menu sometimes failed
+- the software compatybility list in the sandman UI now shows the proper template names
+- fixed use of freed memory in the driver
+- replaced swprintf with snwprintf to prevent potential buffer overflow in SbieDll.dll
+- fixed bad list performance with resource log and api log in SandMan UI
+
+
+
 ## [0.4.4 / 5.44.0] - 2020-11-03
 
 ### Added
@@ -14,16 +55,15 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 - moved function hooking mechanism from SbieDrv to SbieDll
 - introduced a new driverless method to resolve wow64 ntdll base address
 
-### Fixed
-
 ### removed
 - removed support for windows vista x64
 
 
+
 ## [0.4.3 / 5.43.7] - 2020-11-03
 
 ### Added
-- added disable forced programs menu command to he sandman ui
+- added disable forced programs menu command to the sandman ui
 
 ### Fixed
 - fixed file rename bug introduced with an earlier driver verifier fix

README.md

@@ -2,13 +2,6 @@
 
 Sandboxie is sandbox-based isolation software for 32- and 64-bit Windows NT-based operating systems. It was developed by Sophos (which acquired it from Invincea, which acquired it earlier from the original author Ronen Tzur). It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying the local or mapped drive. An isolated virtual environment allows controlled testing of untrusted programs and web surfing.
 
-# Sandboxie-Plus
-Adds new functionality like box snapshots, and better logging/tracing and provides a new Qt based UI to utilize that functionality.
-
-## Sandboxie-Classic Documentation
-
-The archived documentation of sandboxie can be found at: https://xanasoft.com/sandboxie/
-
 
 ## History
 
@@ -24,4 +17,4 @@ In 2020 Sophos has released Sandboxie as Open Source under the GPLv3 licence to
 
 ## Support
 
-If you like the tool please consider supporting it on Patreon: https://www.patreon.com/DavidXanatos or directly through paypal with the donation link on my home page: https://xanasoft.com/
+If you like the tool please consider supporting it on Patreon: https://www.patreon.com/DavidXanatos

Sandboxie/apps/control/ThirdPartyDialog.cpp

@@ -816,6 +816,7 @@ void CThirdPartyDialog::CollectTemplates()
     ini.GetTemplateNames(L"Desktop", names);
     ini.GetTemplateNames(L"Download", names);
     ini.GetTemplateNames(L"Misc", names);
+	ini.GetTemplateNames(L"WebBrowser", names);
 
     m_templates.RemoveAll();
     while (! names.IsEmpty()) {

Sandboxie/common/my_version.h

@@ -20,9 +20,9 @@
 #ifndef _MY_VERSION_H
 #define _MY_VERSION_H
 
-#define MY_VERSION_BINARY       5,44,0
-#define MY_VERSION_STRING       "5.44.0"
-#define MY_VERSION_COMPAT		"5.44.0" // this reffers to the driver ABI compatybility
+#define MY_VERSION_BINARY       5,44,1
+#define MY_VERSION_STRING       "5.44.1"
+#define MY_VERSION_COMPAT		"5.44.1" // this reffers to the driver ABI compatybility
 
 // These #defines are used by either Resource Compiler, or by NSIC installer
 #define SBIE_INSTALLER_PATH		"..\\Bin\\"

Sandboxie/core/dll/SboxDll.vcxproj

@@ -329,6 +329,7 @@
     </ClCompile>
     <ClCompile Include="taskbar.c" />
     <ClCompile Include="terminal.c" />
+    <ClCompile Include="trace.c" />
     <ClCompile Include="userenv.c" />
   </ItemGroup>
   <ItemGroup>
@@ -360,6 +361,7 @@
     <ClInclude Include="sbieapi.h" />
     <ClInclude Include="sbiedll.h" />
     <ClInclude Include="taskbar.h" />
+    <ClInclude Include="trace.h" />
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="lowlevel.rc" />

Sandboxie/core/dll/SboxDll.vcxproj.filters

@@ -167,6 +167,7 @@
     <ClCompile Include="dllmain.c">
       <Filter>hook</Filter>
     </ClCompile>
+    <ClCompile Include="trace.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="advapi.h" />
@@ -208,9 +209,7 @@
     <ClInclude Include="obj.h">
       <Filter>com</Filter>
     </ClInclude>
-  </ItemGroup>
-  <ItemGroup>
-    <CustomBuild Include="util_asm.asm" />
+    <ClInclude Include="trace.h" />
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="resource.rc" />
@@ -219,14 +218,18 @@
     </ResourceCompile>
   </ItemGroup>
   <ItemGroup>
-    <None Include="util_32.asm" />
-    <None Include="util_64.asm" />
     <None Include="SboxDll32.def">
       <Filter>api</Filter>
     </None>
     <None Include="SboxDll64.def">
       <Filter>api</Filter>
     </None>
+    <None Include="util_64.asm">
+      <Filter>hook</Filter>
+    </None>
+    <None Include="util_32.asm">
+      <Filter>hook</Filter>
+    </None>
   </ItemGroup>
   <ItemGroup>
     <Filter Include="scm">
@@ -265,4 +268,9 @@
       <Filter>pst</Filter>
     </Midl>
   </ItemGroup>
+  <ItemGroup>
+    <CustomBuild Include="util_asm.asm">
+      <Filter>hook</Filter>
+    </CustomBuild>
+  </ItemGroup>
 </Project>

Sandboxie/core/dll/com.c

@@ -3111,7 +3111,7 @@ _FX void *Com_Alloc(ULONG len)
 
     /*if (Com_Mem_Trace) {
         WCHAR txt[128];
-        Sbie_swprintf(txt, L"ALLOC <%s> AT <%08X>\n", Com_Mem_Trace, ptr);
+        Sbie_snwprintf(txt, 128, L"ALLOC <%s> AT <%08X>\n", Com_Mem_Trace, ptr);
         OutputDebugString(txt);
         Com_Mem_Trace = NULL;
     }*/
@@ -3129,7 +3129,7 @@ _FX void Com_Free(void *ptr)
 {
     /*if (Com_Mem_Trace) {
         WCHAR txt[128];
-        Sbie_swprintf(txt, L"FREE  <%s> AT <%08X>\n", Com_Mem_Trace, ptr);
+        Sbie_snwprintf(txt, 128, L"FREE  <%s> AT <%08X>\n", Com_Mem_Trace, ptr);
         OutputDebugString(txt);
         Com_Mem_Trace = NULL;
     }*/
@@ -3229,7 +3229,7 @@ _FX void Com_Trace(
         return;
 
     text = Com_Alloc(1024 * sizeof(WCHAR));
-    ptr = text + Sbie_swprintf(text, L"SBIE %s <%08X> ", TraceType, hr);
+    ptr = text + Sbie_snwprintf(text, 1024, L"SBIE %s <%08X> ", TraceType, hr);
 
     if (rclsid) {
         Com_Trace_Guid(ptr, rclsid, L"CLSID");

Sandboxie/core/dll/cred.c

@@ -270,9 +270,9 @@ _FX WCHAR *Cred_GetName(
     name = Dll_Alloc(len * sizeof(WCHAR));
 
     if (DomainName)
-        Sbie_swprintf(name, L"%s%s-%s", Cred_DomainCred, DomainName, TargetName);
+        Sbie_snwprintf(name, len, L"%s%s-%s", Cred_DomainCred, DomainName, TargetName);
     else
-        Sbie_swprintf(name, L"%s%08X-%s", Cred_SimpleCred, Type, TargetName);
+        Sbie_snwprintf(name, len, L"%s%08X-%s", Cred_SimpleCred, Type, TargetName);
 
     return name;
 }

Sandboxie/core/dll/custom.c

@@ -155,7 +155,7 @@ _FX UCHAR GetSetCustomLevel(UCHAR SetLevel)
 
         if (! NT_SUCCESS(status)) {
             value_info.Data[0] = 0;
-            Sbie_swprintf(path, L"%d [%08X]", -2, status);
+            Sbie_snwprintf(path, 256, L"%d [%08X]", -2, status);
             SbieApi_Log(2206, path);
         }
 
@@ -174,7 +174,7 @@ _FX UCHAR GetSetCustomLevel(UCHAR SetLevel)
 
         if (! NT_SUCCESS(status)) {
 
-            Sbie_swprintf(path, L"%d [%08X]", -3, status);
+            Sbie_snwprintf(path, 256, L"%d [%08X]", -3, status);
             SbieApi_Log(2206, path);
         }
     }
@@ -231,7 +231,7 @@ _FX BOOLEAN Custom_CreateRegLinks(void)
     }
 
     if (! NT_SUCCESS(status)) {
-        Sbie_swprintf(err, L"[11 / %08X]", status);
+        Sbie_snwprintf(err, 64, L"[11 / %08X]", status);
         SbieApi_Log(2326, err);
         return FALSE;
     }
@@ -255,7 +255,7 @@ _FX BOOLEAN Custom_CreateRegLinks(void)
 
     } else if (status != STATUS_OBJECT_NAME_COLLISION) {
 
-        Sbie_swprintf(err, L"[22 / %08X]", status);
+		Sbie_snwprintf(err, 64, L"[22 / %08X]", status);
         SbieApi_Log(2326, err);
         NtClose(hkey1);
         return FALSE;
@@ -273,7 +273,7 @@ _FX BOOLEAN Custom_CreateRegLinks(void)
     NtClose(hkey1);
 
     if (! NT_SUCCESS(status)) {
-        Sbie_swprintf(err, L"[33 / %08X]", status);
+		Sbie_snwprintf(err, 64, L"[33 / %08X]", status);
         SbieApi_Log(2326, err);
     }
 
@@ -312,7 +312,7 @@ _FX BOOLEAN DisableDCOM(void)
         if (status != STATUS_BAD_INITIAL_PC &&
             status != STATUS_OBJECT_NAME_NOT_FOUND) {
 
-            Sbie_swprintf(err, L"[21 / %08X]", status);
+			Sbie_snwprintf(err, 64, L"[21 / %08X]", status);
             SbieApi_Log(2309, err);
         }
 
@@ -322,7 +322,7 @@ _FX BOOLEAN DisableDCOM(void)
         RtlInitUnicodeString(&objname, L"EnableDCOM");
         status = NtSetValueKey(handle, &objname, 0, REG_SZ, &no, sizeof(no));
         if (! NT_SUCCESS(status)) {
-            Sbie_swprintf(err, L"[22 / %08X]", status);
+			Sbie_snwprintf(err, 64, L"[22 / %08X]", status);
             SbieApi_Log(2309, err);
         }
 
@@ -853,7 +853,7 @@ _FX void AutoExec(void)
 
     status = SbieApi_EnumProcess(Dll_BoxName, (ULONG *)buf1);
     if (status != 0) {
-        Sbie_swprintf(error_str, L"%d [%08X]", -1, status);
+        Sbie_snwprintf(error_str, 16, L"%d [%08X]", -1, status);
         SbieApi_Log(2206, error_str);
         Dll_Free(buf1);
         return;
@@ -906,7 +906,7 @@ _FX void AutoExec(void)
                 SbieDll_ExpandAndRunProgram(buf2);
 
             } else {
-                Sbie_swprintf(error_str, L"%d [%08X]", index, status);
+                Sbie_snwprintf(error_str, 16, L"%d [%08X]", index, status);
                 SbieApi_Log(2206, error_str);
             }
         }

Sandboxie/core/dll/debug.c

@@ -246,7 +246,7 @@ ALIGNED void Debug_RtlSetLastWin32Error(ULONG err)
     if (err) {
         if (InterlockedIncrement(&InError) == 1) {
             WCHAR txt[64];
-            Sbie_swprintf(txt, L"SetErr %d\n", err);
+            Sbie_snwprintf(txt, 64, L"SetErr %d\n", err);
             OutputDebugString(txt);
             InterlockedDecrement(&InError);
         }
@@ -300,7 +300,7 @@ ALIGNED BOOL Debug_DebugActiveProcess(ULONG dwProcessId)
     ULONG err;
 
     WCHAR txt[128];
-    Sbie_swprintf(txt, L"Debug Active Process Id %d\n", dwProcessId);
+    Sbie_snwprintf(txt, 128, L"Debug Active Process Id %d\n", dwProcessId);
     OutputDebugString(txt);
     Debug_dwProcessId = dwProcessId;
 
@@ -329,7 +329,7 @@ ALIGNED BOOL Debug_WaitForDebugEvent(
     ok = __sys_WaitForDebugEvent(lpDebugEvent, dwMilliseconds);
     err = GetLastError();
 
-    Sbie_swprintf(txt, L"Debug Event %d on Process Id %d\n",
+    Sbie_snwprintf(txt, 256, L"Debug Event %d on Process Id %d\n",
         ok ? lpDebugEvent->dwDebugEventCode : 0,
         ok ? lpDebugEvent->dwProcessId : 0);
     OutputDebugString(txt);

Sandboxie/core/dll/dll.h

@@ -35,8 +35,8 @@ typedef long NTSTATUS;
 #include "common/defines.h"
 #include "common/list.h"
 
-extern __declspec(dllexport) int __CRTDECL Sbie_swprintf(wchar_t *_Buffer, const wchar_t * const _Format, ...);
-extern __declspec(dllexport) int __CRTDECL Sbie_sprintf(char *_Buffer, const char * const _Format, ...);
+extern __declspec(dllexport) int __CRTDECL Sbie_snwprintf(wchar_t *_Buffer, size_t Count, const wchar_t * const _Format, ...);
+extern __declspec(dllexport) int __CRTDECL Sbie_snprintf(char *_Buffer, size_t Count, const char * const _Format, ...);
 
 
 //---------------------------------------------------------------------------

Sandboxie/core/dll/dllmain.c

@@ -22,6 +22,7 @@
 
 #include "dll.h"
 #include "obj.h"
+#include "trace.h"
 #include "debug.h"
 #include "core/low/lowdata.h"
 #include "common/my_version.h"
@@ -200,20 +201,23 @@ _FX void Dll_InitGeneric(HINSTANCE hInstance)
 
 _FX void Dll_InitInjected(void)
 {
-    //
-    // Dll_InitInjected is executed by Dll_Ordinal1 in the context
-    // of a program that is running in the sandbox
-    //
+	//
+	// Dll_InitInjected is executed by Dll_Ordinal1 in the context
+	// of a program that is running in the sandbox
+	//
 
-    LONG status;
-    BOOLEAN ok;
-    ULONG BoxFilePathLen;
-    ULONG BoxKeyPathLen;
-    ULONG BoxIpcPathLen;
+	LONG status;
+	BOOLEAN ok;
+	ULONG BoxFilePathLen;
+	ULONG BoxKeyPathLen;
+	ULONG BoxIpcPathLen;
 
-#ifdef WITH_DEBUG
-	OutputDebugString(L"SbieDll: Dll_InitInjected");
-#endif WITH_DEBUG
+	if (SbieApi_QueryConfBool(NULL, L"DebugTrace", FALSE)) {
+
+		Trace_Init();
+
+		OutputDebugString(L"SbieDll injected...");
+	}
 
     //
     // confirm the process is sandboxed before going further
@@ -632,7 +636,7 @@ _FX ULONG_PTR Dll_Ordinal1(
 
     data = (SBIELOW_DATA *)inject->sbielow_data;
 
-    bHostInject = data->bHostInject;
+    bHostInject = data->bHostInject == 1;
 
     //
     // the SbieLow data area includes values that are useful to us