Sandboxie-Plus 1.0.4

System call hooking for Win32k system calls is now enabled by default, it is still used only for a hand full of calls currently, as required to get chromium Hardware Acceleration to work properly. This feature now also works for 32 bit applications running under WoW64.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/1.0.4

Changelog

Added

• Mechanism to hook Win32 system calls now also works for 32 bit applications running under WoW64
• Added customization to Win32k hooking mechanism, as by default only GdiDdDDI* hooks are installed
  -- You can force the installation of other hooks by specifying them with "EnableWin32Hook=..."
  -- or disable the installation of the default hooks with "DisableWin32Hook=..."
  -- Please note that some Win32k hooks may cause BSODs or undefined behaviour. (!)
  -- The most obviously problematic Win32k hooks are blacklisted, this can be bypassed with "IgnoreWin32HookBlacklist=y"
• added debug option "AdjustBoxedSystem=n" to disable the adjustment of service ACLs running with a system token
• added "NoUACProxy=y" option together with the accompanying template, in order to disable UAC proxy
  -- Note: Boxes configured in compartment mode activate this template by default
• added UI option to change default RpcMgmtSetComTimeout preset
• added Plus installer option to start the default browser under Sandboxie through a desktop shortcut
• added more entries to the Plus installer (current translations on Languages.iss file need to be updated)

Changed

• "EnableWin32kHooks=y" is now enabled by default, as no issues were reported in 1.0.3
  -- Note: currently only the GdiDdDDI* hooks are applied, required for Chromium HW acceleration
• Cleaned up low level hooking code a bit
• "RunRpcssAsSystem=y" is now auto applied for boxes in "App Compartment" mode when "RunServicesAsSystem=y" or "MsiInstallerExemptions=y" are present

Fixed

• fixed RPC handling in case a requested open service is not running #1443
• fixed a hooking issue with NdrClientCall2 in 32 bit applications
• fixed issue with start directory to run sandboxed when using SandMan #1436
• fixed issue with recovering from network share locations #1435

 

Thanks, David - nice seasonal pressie

 

Thanks for updating, working great in portable mode too

 

for me thsi still works fine, have you tried rebooting?

 

Hi @DavidXanatos I reported earlier today that Office click-to-run apps aren't working in Windows 11 with Sandboxie 1.0.3, but it's working on all my Windows 10 machines with a mixture of 0.9.8d and 1.0.3. Then I realised a difference between the installation on Windows 11 and my Windows 10 machines. That is the 3 options you added in the global settings to fix the broken "Find on Page" in Edge on Windows 11. Well, it turns out that was the culprit! If I untick those 3 options on my Windows 11 machine, reboot, and then launch Word, it loads just fine.

These are the three options that need to be unticked for Office Click to run in 1.0.3.



It's late here in NZ, so I haven't tested to see if those options break Office click to run on Windows 10 too, I can only report that they do in Windows 11. I'll test tomorrow with this new version 1.0.4 on both OS.

 

@catspyjamas its very unlikely that any of these 3 options breaks office, likely its only one of them.
Could you please test each checkbox separately and let me know which one is the culprit.

 

Mea Cupla, using the x86 by mistake. All working, apologies

 

Sadly Thunderbird still does not work with this version

14:33:20.827 WerFault.exe (2152): SBIE2101 Object name not found: Unnamed object, error OpenProcess (C0000022) access=001FFFFF initialized=1

 

Curious, my v1.0.4 [GlobalSettings] reports EnableWin32kHooks=n
I do not run Edge/Chrome hardware acceleration. I don't know if my machine supports hardware acceleration.
Just curious if my v1.0.4 [GlobalSettings] EnableWin32kHooks=n should be y "by default".

 

Hi @DavidXanatos . I didn't come back to the forum this morning before I'd already uninstalled 1.0.3 and downloaded 1.0.4 on a Win 10 machine and this Win 11 machine. So I didn't see your reply or get a chance to play with those options ticked & unticked one by one in 1.0.3. I just jumped straight into 1.0.4. And I do have good news!

On both machines those 3 options in the Advanced Config tab of Global Settings on 1.0.4 comes UNticked out-of-the-box. I tried the Win 11 machine first with the out-of-the-box settings. Click to Run Word did not work, and the "Find On Page" in Edge is invisible. So I ticked those 3 options that I'd had ticked in 1.0.3 and rebooted. On reboot, I got the Sandboxie Compatibility window pop up (I'd forgotten about that, whoops). I changed the squares to ticks in all the suggested programmes, including Click to Run Office, and pressed OK. Then I tried Word - this time it worked. Then I tried Edge, and no problems with the "Find on Page". Excellent! I then tried UNticking those three options in the Advanced Config tab, since I'd forgotten about making sure compatibility for Click to run Office was ticked on the first try. Good news!! On reboot, with the three options unticked, Word still works, so it must have been the various Office related permissions that were not pre-ticked in the Compatibility settings, that stopped it working the first time. I'm keeping those 3 options ticked so "Find on Page" in Edge works, but those three options don't seem to break Office after-all. In some further experimenting I have discovered having Drop Rights in the Admin Rights section ticked seems to break Office (with or without the 3 options in Advanced Config ticked) on Windows 11. This includes for both the DefaultBox and whatever created Sandbox I'm using for Office. Other Sandboxes can have Drop Rights ticked, but not those two. I thought I'd ruled that out as a cause in 1.0.3, but hadn't unchecked Drop Rights in the DefaultBox as well.

1.0.4 is working on Win 10 out-of-the-box (as long as all programmes are ticked in the Compatibility settings).

 

Which version of Thunderbird are you using henryg1? I'm using Thunderbird x64 91.4.1 on Windows 11 and it works well with 1.0.4. On a gutless Win 10 machine Thunderbird x86 91.4.1 will load, but there's a lot of freezes and it's very slow, to the point of not being that usable. I don't encounter the error you mentioned though.

 

If you already once saved settings the new defaults will not take, as there is a setting value now written.
To overwrite previouse settings i would need to change the preset name

 

I also use TB 91.4.1 (x64) - Win 10 x64; i5_7xxx processor; and 16gb ram. I can't remember when it stopped working for me, but it's been many versions. Even if I set up a new sandbox with no isolation, I still get a werfault error.

I don't need it often, but now and again I want to look at a potentially dodgy email. I have to use Shadow Defender which is a bit of a pain as it requires rebooting after use to restore normality.

 

TB 91.4.1 works on my test system just fine, no idea why for soem it fails, try a windows VM and test there with default config, than compare with your local config

 

That's useful t know. I get the same problem on my Win10 laptop IIRC, but I must check that again. The systems are pretty much the same though, and I'm wondering if AVG Internet Security could be the culprit.

Good idea - I'll re-enable the MS one.

BTW what is a werfault error - in layman's terms please.

 

Ahh....Okay. Thanks
So, "EnableWin32kHooks=y" is now enabled by default with a clean Plus install?

 

That is how I interpret it too, however I've put a clean installation of 1.0.4 on a few machines this morning, as well as the Windows 11 machine yesterday, and in all cases the ini said "EnableWin32kHooks=n" and the three options that relate in the Global settings were all unticked out-of-the-box. (By clean installation I mean when I uninstalled the previous versions (a mixture of 0.9.8d and 1.0.3) I opted to remove all configuration files in the uninstaller. I couldn't find any remnants anywhere... unless there's something kept in the registry that I couldn't see). My sandboxes and preferences were not retained on installing 1.0.4, so it seemed pretty "clean" to me.

 

So, your C:\Windows\Sandboxie.ini was removed?
Did you remove C:\Users\user\AppData\Local\Sandboxie-Plus.ini?

 

That got removed on uninstalling 1.0.3. But yes, I checked just in case after rebooting, and before installing 1.0.4.

 

Okay. I thought Sandboxie-Plus.ini remained. I forget. I'll monitor next time. Thanks

Yeah, head scratch. Thanks

 

Well it does remain if you select the option in the Plus uninstaller to keep your configuration files and sandboxes (i.e. the .ini), however, I selected not to. And it did very thoroughly remove everything Sandboxie off the systems, including the ini. Maybe there's leftovers in the registry that affect this??

I have a machine here that's never had Sandboxie on it. If I get time later I'll chuck 1.0.4 & it and see what the default settings are on that one.

 

both (two) ini files = C:\Windows & AppData\Local are removed?

 

Yes they were.

 

Okay...as test: "clean install" (didn't recall "clean install" )
"Remove configuration files" removes both ini files.
Thanks

Spoiler: Uninstall Type - Advanced Config