No commit message

CHANGELOG.md

@@ -3,6 +3,18 @@ All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
 
+## [0.4.2 / 5.43.6] - 2020-10-10
+
+### Added
+- added explore box content menu option
+
+### Fixed
+- fixed thread handle leak in SbieSvc and other components
+- msedge.exe is now categorized as a chromium derivate
+- fixed chrome 86+ compatybility bug with chroms own sandbox
+
+
+
 ## [0.4.1 / 5.43.5] - 2020-09-12
 
 ### Added

Sandboxie/Sandbox.sln

@@ -32,9 +32,9 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SandboxBITS", "apps\com\BIT
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SboxDll", "core\dll\SboxDll.vcxproj", "{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}"
 	ProjectSection(ProjectDependencies) = postProject
+		{67579365-ED6A-C1E4-E0A3-4A7C9F14072D} = {67579365-ED6A-C1E4-E0A3-4A7C9F14072D}
 		{63B0DDD2-5E3B-EF38-F711-9652D2EB73B3} = {63B0DDD2-5E3B-EF38-F711-9652D2EB73B3}
 		{255002EC-9FC7-422E-B497-BE2CC5012B2D} = {255002EC-9FC7-422E-B497-BE2CC5012B2D}
-		{67579365-ED6A-C1E4-E0A3-4A7C9F14072D} = {67579365-ED6A-C1E4-E0A3-4A7C9F14072D}
 	EndProjectSection
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SandboxCrypto", "apps\com\Crypto\SandboxCrypto.vcxproj", "{41453A79-CA9B-ABCA-981C-5242AFC72DDF}"
@@ -66,7 +66,14 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SboxDrv", "core\drv\SboxDrv
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SbieControl", "apps\control\Control.vcxproj", "{D16E291A-1F8A-4B19-AE07-0AF8CB7CCBD0}"
 	ProjectSection(ProjectDependencies) = postProject
+		{42DB5510-0268-4655-B483-B9D6E4E48D62} = {42DB5510-0268-4655-B483-B9D6E4E48D62}
+		{E40CC819-6990-DA28-3E1F-6708BC98E37B} = {E40CC819-6990-DA28-3E1F-6708BC98E37B}
+		{8055A629-631E-84F5-8F3C-1908F264C81D} = {8055A629-631E-84F5-8F3C-1908F264C81D}
+		{5410C534-4858-C748-86AD-0567A2451FDE} = {5410C534-4858-C748-86AD-0567A2451FDE}
 		{8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4} = {8E0EAA5B-6F5B-E0E2-338A-453EF2B548E4}
+		{41453A79-CA9B-ABCA-981C-5242AFC72DDF} = {41453A79-CA9B-ABCA-981C-5242AFC72DDF}
+		{2D3DBCAE-883E-54A6-F8F6-11228D989033} = {2D3DBCAE-883E-54A6-F8F6-11228D989033}
+		{08A656D9-CDD0-4C9F-AB3F-D98F8E5B6EC6} = {08A656D9-CDD0-4C9F-AB3F-D98F8E5B6EC6}
 	EndProjectSection
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "kmdutil", "install\kmdutil\KmdUtil.vcxproj", "{0BF4988E-2325-4426-8CDC-BD221E4FB68C}"

Sandboxie/apps/com/DcomLaunch/dcomlaunch.c

@@ -143,8 +143,10 @@ int __stdcall WinMain(
     // start dcom launcher service
     wcscpy(ServiceName, L"DCOMLAUNCH");
     ok = Service_Start_ServiceMain( ServiceName, L"rpcss.dll", "ServiceMain", TRUE);
+	if (ok)
+		WaitForSingleObject(hThreadEvent, INFINITE);
+	CloseHandle(hThreadEvent);
     if (! ok)
         return EXIT_FAILURE;
-    WaitForSingleObject(hThreadEvent, INFINITE);
     return 0;
 }

Sandboxie/apps/com/RpcSs/linger.c

@@ -303,7 +303,9 @@ int DoLingerLeader(void)
 
     InitializeCriticalSection(&ProcessCritSec);
     heventRpcSs = CreateEvent(0, FALSE, FALSE, NULL);
-    CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ProcessStartMonitor, NULL, 0, NULL);
+	HANDLE ThreadHandle = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ProcessStartMonitor, NULL, 0, NULL);
+	if (ThreadHandle)
+		CloseHandle(ThreadHandle);
 
     if (1) {
         //

Sandboxie/common/my_version.h

@@ -20,8 +20,8 @@
 #ifndef _MY_VERSION_H
 #define _MY_VERSION_H
 
-#define MY_VERSION_BINARY       5,43,5
-#define MY_VERSION_STRING       "5.43.5"
+#define MY_VERSION_BINARY       5,43,6
+#define MY_VERSION_STRING       "5.43.6"
 #define MY_VERSION_COMPAT		"5.43.5"
 
 // These #defines are used by either Resource Compiler, or by NSIC installer

Sandboxie/core/dll/acscmonitor.c

@@ -42,6 +42,8 @@ ULONG CALLBACK Acscmonitor_LoadLibrary(LPVOID lpParam)
 
 _FX BOOLEAN Acscmonitor_Init(HMODULE hDll)
 {
-    CreateThread(NULL, 0, Acscmonitor_LoadLibrary, (LPVOID)0, 0, NULL);
+	HANDLE ThreadHandle = CreateThread(NULL, 0, Acscmonitor_LoadLibrary, (LPVOID)0, 0, NULL);
+	if (ThreadHandle)
+		CloseHandle(ThreadHandle); 
     return TRUE;
 }

Sandboxie/core/dll/dllmain.c

@@ -524,6 +524,7 @@ _FX void Dll_SelectImageType(void)
         L"neon.exe",                (WCHAR *)DLL_IMAGE_GOOGLE_CHROME,
         L"maxthon.exe",             (WCHAR *)DLL_IMAGE_GOOGLE_CHROME,
         L"vivaldi.exe",             (WCHAR *)DLL_IMAGE_GOOGLE_CHROME,
+		L"msedge.exe",              (WCHAR *)DLL_IMAGE_GOOGLE_CHROME, // modern edge is chromium based
         L"GoogleUpdate.exe",        (WCHAR *)DLL_IMAGE_GOOGLE_UPDATE,
         L"AcroRd32.exe",            (WCHAR *)DLL_IMAGE_ACROBAT_READER,
         L"Acrobat.exe",             (WCHAR *)DLL_IMAGE_ACROBAT_READER,

Sandboxie/core/dll/guicon.c

@@ -254,7 +254,9 @@ _FX void Gui_InitConsole2(void)
 
     if (_wcsicmp(Dll_ImageName, L"klwtblfs.exe") == 0) {
 
-        CreateThread(NULL, 0, Proc_WaitForParentExit, (void *)1, 0, NULL);
+		HANDLE ThreadHandle = CreateThread(NULL, 0, Proc_WaitForParentExit, (void *)1, 0, NULL);
+		if (ThreadHandle)
+			CloseHandle(ThreadHandle); 
     }
 
     //

Sandboxie/core/dll/proc.c

@@ -64,6 +64,15 @@ static BOOL Proc_CreateProcessInternalW_RS5(
     LPPROCESS_INFORMATION lpProcessInformation,
     HANDLE *hNewToken);
 
+static BOOL Proc_UpdateProcThreadAttribute(
+	_Inout_ LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList,
+	_In_ DWORD dwFlags,
+	_In_ DWORD_PTR Attribute,
+	_In_reads_bytes_opt_(cbSize) PVOID lpValue,
+	_In_ SIZE_T cbSize,
+	_Out_writes_bytes_opt_(cbSize) PVOID lpPreviousValue,
+	_In_opt_ PSIZE_T lpReturnSize);
+
 static BOOL Proc_AlternateCreateProcess(
     const WCHAR *lpApplicationName, WCHAR *lpCommandLine,
     void *lpCurrentDirectory, LPPROCESS_INFORMATION lpProcessInformation,
@@ -245,6 +254,15 @@ typedef BOOL(*P_AddAccessAllowedAceEx)(
 typedef BOOL(*P_GetLengthSid)(
 	_In_ _Post_readable_byte_size_(return) PSID pSid);
 
+typedef BOOL(*P_UpdateProcThreadAttribute)(
+	_Inout_ LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList,
+	_In_ DWORD dwFlags,
+	_In_ DWORD_PTR Attribute,
+	_In_reads_bytes_opt_(cbSize) PVOID lpValue,
+	_In_ SIZE_T cbSize,
+	_Out_writes_bytes_opt_(cbSize) PVOID lpPreviousValue,
+	_In_opt_ PSIZE_T lpReturnSize);
+
 //---------------------------------------------------------------------------
 
 
@@ -275,7 +293,7 @@ static P_AddAccessAllowedAceEx      __sys_AddAccessAllowedAceEx		= NULL;
 
 static P_GetLengthSid				__sys_GetLengthSid				= NULL;*/
 
-
+static P_UpdateProcThreadAttribute	__sys_UpdateProcThreadAttribute = NULL;
 
 //---------------------------------------------------------------------------
 // Variables
@@ -343,6 +361,16 @@ _FX BOOLEAN Proc_Init(void)
             Dll_Kernel32, &ansi, 0, (void **)&CreateProcessInternalW);
     }
 
+	// fix for chrome 86+
+	if (Dll_OsBuild >= 7600) {
+		void* UpdateProcThreadAttribute = NULL;
+		RtlInitString(&ansi, "UpdateProcThreadAttribute");
+		status = LdrGetProcedureAddress(
+			Dll_KernelBase, &ansi, 0, (void **)&UpdateProcThreadAttribute);
+		if (NT_SUCCESS(status))
+			SBIEDLL_HOOK(Proc_, UpdateProcThreadAttribute);
+	}
+
     if(Dll_OsBuild < 17677) {
 
         SBIEDLL_HOOK(Proc_,CreateProcessInternalW);
@@ -904,6 +932,26 @@ _FX BOOL Proc_CreateProcessInternalW(
     return ok;
 }
 
+
+_FX BOOL Proc_UpdateProcThreadAttribute(
+	_Inout_ LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList,
+	_In_ DWORD dwFlags,
+	_In_ DWORD_PTR Attribute,
+	_In_reads_bytes_opt_(cbSize) PVOID lpValue,
+	_In_ SIZE_T cbSize,
+	_Out_writes_bytes_opt_(cbSize) PVOID lpPreviousValue,
+	_In_opt_ PSIZE_T lpReturnSize)
+{
+	// fix for chreom 86+
+	// when the PROC_THREAD_ATTRIBUTE_JOB_LIST is set the call CreateProcessAsUserW -> CreateProcessInternalW -> NtCreateProcess 
+	// fals with an access denided error, so we need to block this attribute form being set
+	// if(Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME)
+	if (Attribute == 0x0002000d) //PROC_THREAD_ATTRIBUTE_JOB_LIST
+		return TRUE;
+
+	return __sys_UpdateProcThreadAttribute(lpAttributeList, dwFlags, Attribute, lpValue, cbSize, lpPreviousValue, lpReturnSize);
+}
+
 void *Proc_GetImageFullPath(const WCHAR *lpApplicationName, const WCHAR *lpCommandLine)
 {
     if ((lpApplicationName == NULL) && (lpCommandLine == NULL))
@@ -948,6 +996,16 @@ void *Proc_GetImageFullPath(const WCHAR *lpApplicationName, const WCHAR *lpComma
     return mybuf;
 }
 
+#ifndef STARTUPINFOEXW
+typedef struct _STARTUPINFOEXA {
+	STARTUPINFOA StartupInfo;
+	LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList;
+} STARTUPINFOEXA, *LPSTARTUPINFOEXA;
+typedef struct _STARTUPINFOEXW {
+	STARTUPINFOW StartupInfo;
+	LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList;
+} STARTUPINFOEXW, *LPSTARTUPINFOEXW;
+#endif
 
 // Processes in Windows 10 RS5 will start with the Sandboxie restricted token.  
 // Thus the expected failure of the original call to CreateProcessInternalW doesn't 

Sandboxie/core/dll/scm_create.c

@@ -1308,8 +1308,11 @@ _FX BOOL Scm_StartServiceCtrlDispatcherX(
 		Scm_IsMsiServer = TRUE;
 	}
 
-    if (! CreateThread(NULL, 0, Scm_ServiceMainThread, args, 0, &ThreadId))
-        Scm_Stopped = TRUE;
+	HANDLE ThreadHandle = CreateThread(NULL, 0, Scm_ServiceMainThread, args, 0, &ThreadId);
+	if (ThreadHandle)
+		CloseHandle(ThreadHandle);
+	else
+		Scm_Stopped = TRUE;
 
     //
     // main loop:  wait for changes on the service key

Sandboxie/core/dll/sh.c

@@ -849,7 +849,9 @@ _FX BOOLEAN SH32_Init(HMODULE module)
             NULL, L"NoAutoExitExplorer", 0, buf, sizeof(buf));
         if (! buf[0]) {
 
-            CreateThread(NULL, 0, SH_WindowMonitorThread, NULL, 0, NULL);
+			HANDLE ThreadHandle = CreateThread(NULL, 0, SH_WindowMonitorThread, NULL, 0, NULL);
+			if (ThreadHandle)
+				CloseHandle(ThreadHandle);
         }
     }
 

Sandboxie/core/svc/DriverAssist.cpp

@@ -89,6 +89,7 @@ bool DriverAssist::Initialize()
 
     hThread = CreateThread(NULL, 0,
         (LPTHREAD_START_ROUTINE)StartDriverAsync, m_instance, 0, &tid);
+	CloseHandle(hThread);
 
     return true;
 }
@@ -309,6 +310,7 @@ DWORD DriverAssist::MsgWorkerThreadStub(void *MyMsg)
 void DriverAssist::Thread()
 {
     NTSTATUS status;
+	HANDLE hThread;
     DWORD threadId;
     MSG_DATA *MsgData;
 
@@ -329,7 +331,11 @@ void DriverAssist::Thread()
         }
 
         MsgData->ClassContext = this;
-        CreateThread(NULL, 0, MsgWorkerThreadStub, (void *)MsgData, 0, &threadId);
+		hThread = CreateThread(NULL, 0, MsgWorkerThreadStub, (void *)MsgData, 0, &threadId);
+		if (hThread)
+			CloseHandle(hThread);
+		else
+			VirtualFree(MsgData, 0, MEM_RELEASE);
     }
 }
 

Sandboxie/core/svc/serviceserver2.cpp

@@ -788,9 +788,9 @@ void ServiceServer::RunUacSlave2(ULONG_PTR *ThreadArgs)
     if (isAdmin) {
 
         CreateThread(
-            NULL, 0, RunUacSlave2Thread1, (void *)ThreadArgs, 0, NULL);
+            NULL, 0, RunUacSlave2Thread1, (void *)ThreadArgs, 0, NULL); // fix-me: i'm leaking a thread
         CreateThread(
-            NULL, 0, RunUacSlave2Thread2, (void *)ThreadArgs, 0, NULL);
+            NULL, 0, RunUacSlave2Thread2, (void *)ThreadArgs, 0, NULL); // fix-me: i'm leaking a thread
 
         while (1)
             SuspendThread(GetCurrentThread());
@@ -909,9 +909,9 @@ void ServiceServer::RunUacSlave2(ULONG_PTR *ThreadArgs)
 
             strings[2] = strings[1];
             CreateThread(
-                NULL, 0, RunUacSlave2Thread1, (void *)ThreadArgs, 0, NULL);
+                NULL, 0, RunUacSlave2Thread1, (void *)ThreadArgs, 0, NULL); // fix-me: i'm leaking a thread
             CreateThread(
-                NULL, 0, RunUacSlave2Thread2, (void *)ThreadArgs, 0, NULL);
+                NULL, 0, RunUacSlave2Thread2, (void *)ThreadArgs, 0, NULL); // fix-me: i'm leaking a thread
         }
     }
 }

SandboxiePlus/SandMan/SandMan.h

@@ -12,7 +12,7 @@
 
 #define VERSION_MJR		0
 #define VERSION_MIN 	4
-#define VERSION_REV 	1
+#define VERSION_REV 	2
 #define VERSION_UPD 	0
 
 

SandboxiePlus/SandMan/Views/SbieView.cpp

@@ -7,6 +7,10 @@
 #include "../Windows/OptionsWindow.h"
 #include "../Windows/SnapshotsWindow.h"
 
+#include "qt_windows.h"
+#include "qwindowdefs_win.h"
+#include <shellapi.h>
+
 CSbieView::CSbieView(QWidget* parent) : CPanelView(parent)
 {
 	m_pMainLayout = new QVBoxLayout();
@@ -54,6 +58,8 @@ CSbieView::CSbieView(QWidget* parent) : CPanelView(parent)
 		m_pMenuRunCmd = m_pMenuRun->addAction(tr("Run Cmd.exe"), this, SLOT(OnSandBoxAction()));
 	m_pMenuEmptyBox = m_pMenu->addAction(tr("Terminate All Programs"), this, SLOT(OnSandBoxAction()));
 	m_pMenu->addSeparator();
+	m_pMenuExplore = m_pMenu->addAction(tr("Explore Content"), this, SLOT(OnSandBoxAction()));
+	m_pMenu->addSeparator();
 	m_pMenuSnapshots = m_pMenu->addAction(tr("Snapshots Manager"), this, SLOT(OnSandBoxAction()));
 	m_pMenuCleanUp = m_pMenu->addAction(tr("Delete Content"), this, SLOT(OnSandBoxAction()));
 	m_pMenu->addSeparator();
@@ -218,6 +224,11 @@ void CSbieView::OnSandBoxAction()
 		COptionsWindow* pOptionsWindow = new COptionsWindow(SandBoxes.first(), SandBoxes.first()->GetName(), this);
 		pOptionsWindow->show();
 	}
+	else if (Action == m_pMenuExplore)
+	{
+		::ShellExecute(NULL, NULL, SandBoxes.first()->GetFileRoot().toStdWString().c_str(), NULL, NULL, SW_SHOWNORMAL);
+		// if (ret <= 32) error
+	}
 	else if (Action == m_pMenuSnapshots)
 	{
 		CSnapshotsWindow* pSnapshotsWindow = new CSnapshotsWindow(SandBoxes.first(), this);

SandboxiePlus/SandMan/Views/SbieView.h

@@ -54,6 +54,7 @@ private slots:
 	QAction*				m_pMenuOptions;
 	QAction*				m_pMenuSnapshots;
 	QAction*				m_pMenuEmptyBox;
+	QAction*				m_pMenuExplore;
 	QAction*				m_pMenuCleanUp;
 	QAction*				m_pMenuRemove;
 	QAction*				m_pMenuRename;