New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MessageBox with MB_DEFAULT_DESKTOP_ONLY
or MB_SERVICE_NOTIFICATION
can not display title and text correctly in security hardened box.
#3529
Comments
MB_DEFAULT_DESKTOP_ONLY
or MB_SERVICE_NOTIFICATION
can not display title and text correctly in security enhanced box.MB_DEFAULT_DESKTOP_ONLY
or MB_SERVICE_NOTIFICATION
can not display title and text correctly in security hardened box.
Add the ApproveWinNtSysCall setting to
|
Thank you for your reply! This option does let the application work. After some surveys, I found that #include <Windows.h>
#define STATUS_SERVICE_NOTIFICATION 0x40000018L
#define HARDERROR_OVERRIDE_ERRORMODE 0x10000000L
typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, * PUNICODE_STRING;
typedef NTSTATUS(NTAPI* RtlInitUnicodeString_t)(
PUNICODE_STRING dst_str,
PCWSTR src_str
);
typedef NTSTATUS(NTAPI* NtRaiseHardError_t)(
NTSTATUS ErrorStatus,
ULONG NumberOfParameters,
ULONG UnicodeStringParameterMask,
PULONG_PTR Parameters,
ULONG ValidResponseOption,
PULONG Response
);
int main(int argc, char const* argv[]) {
HMODULE hNtdll = GetModuleHandleA("ntdll.dll");
if (hNtdll != 0) {
ULONG_PTR params[4];
ULONG ulResponse;
UNICODE_STRING Text, Caption;
NtRaiseHardError_t NtRaiseHardError = (NtRaiseHardError_t)GetProcAddress(hNtdll, "NtRaiseHardError");
RtlInitUnicodeString_t RtlInitUnicodeString = (RtlInitUnicodeString_t)GetProcAddress(hNtdll, "RtlInitUnicodeString");
RtlInitUnicodeString(&Text, TEXT("Hello World!"));
RtlInitUnicodeString(&Caption, TEXT("Test"));
params[0] = (ULONG_PTR)&Text;
params[1] = (ULONG_PTR)&Caption;
params[2] = (ULONG_PTR)MB_OKCANCEL;
params[3] = (ULONG_PTR)0;
NtRaiseHardError(
STATUS_SERVICE_NOTIFICATION | HARDERROR_OVERRIDE_ERRORMODE,
4,
3,
params,
1,
&ulResponse
);
}
} As the message box does prompt on the top without |
I don't think ApproveWinNtSysCall=RaiseHardError is particularly risky, its a syscall to crash the application using it, and if we are worried about windows kernel bugs then this syscall even without the full access token will be just as problematic |
Describe what you noticed and did
Hello!
When I use some applications in Sandboxie, I observe that some message boxes do not show properly. After digging the source codes of these apps, I found it is a common issue:
In the security-hardened box, any
MessageBox
withMB_DEFAULT_DESKTOP_ONLY
/MB_SERVICE_NOTIFICATION
will not show the title and text correctly.Here is the example code (Compiled in MSVC 2022):
I can't find where to upload the compiled binary. But with any compile option, it seems the issue will still occur.
Or use the following command to compile a reproducible binary:
also C# code:
Steps to Reproduce:
When running without sandboxied:
When running in a security-hardened box:
Any box with the option
UseSecurityMode=y
orSysCallLockDown=y
will be affected.According to Microsoft docs, this option shows a messagebox in front of any window.
But the executable compiled from the above code still shows the messagebox on top of every window in security hardened box, just leaving the text empty. So I think it is not a security feature but a compatibility issue.
I tested all major sandboxie versions in a virtual machine with a clean installation, it seems this issue exists from an early version (Since Sandboxie Plus 1.3.1 64-bit).
How often did you encounter it so far?
No response
Affected program
Any program with MessageBox using
MB_DEFAULT_DESKTOP_ONLY
/MB_SERVICE_NOTIFICATION
Download link
Not relevant
Where is the program located?
The program is installed both inside and outside the sandbox.
Expected behavior
Show the messagebox title and text correctly.
What is your Windows edition and version?
Windows 10 Pro 21H2 64-bit
In which Windows account you have this problem?
A local account (Standard user).
Please mention any installed security software
Microsoft Defender Antivirus
What version of Sandboxie are you running?
Sandboxie Plus 1.12.5 64-bit
Is it a new installation of Sandboxie?
I recently did a new clean installation.
Is it a regression?
Since Sandboxie Plus 1.3.1 64-bit (Test in VM)
In which sandbox type you have this problem?
In a standard isolation sandbox (yellow sandbox icon).
Can you reproduce this problem on a new empty sandbox?
I can confirm it also on a new empty sandbox.
Did you previously enable some security policy settings outside Sandboxie?
No response
Crash dump
No response
Trace log
No response
Sandboxie.ini configuration
No response
The text was updated successfully, but these errors were encountered: