search

sandboxie-plus / Sandboxie

Sandboxie Plus & Classic
https://Sandboxie-Plus.com
GNU General Public License v3.0
13.69k stars 1.52k forks source link

Getting admin rights failed while running "wemeet" installer with "emulate admin right" preset. #1052

Closed NYGKNYGK closed 3 years ago

NYGKNYGK commented 3 years ago

Describe the bug Well, first i have to thank you for developing such an excellent software. It helped me isolating a bunch of evil-installer from installing unwantted so-called "safety tools, user experience tools, ..." trash software everywhere in my C drive.

So here is the problem, when I try to run "wemeet installer" in an sandbox with "emulate admin right" preset, it says "elevating failed, error code 1722". Just like this: image

To Reproduce Steps to reproduce the behavior:

  1. I'm using win10 21h1 with an online microsoft account. The sandboxie-plus version is 0.8.9

  2. You can download the installer from this link: https://voovmeeting.com/download-center.html?from=1002

  3. Try to run it in a "emulate admin right" sandbox.

  4. It will show a window like this: image

  5. Neihter choices will work. If I choose current user, it will indicates that I need admin right: image If I choose the second one, it will show this: image which indicates that the elevation failed.

If I choose other preset such as "ask for UAC elevation", it will work. But i'm afraid this little bitch will bypass the sandbox limit and install some trash "safety tools" in my host machine. Other installers from this company can do it in "ask for UAC elevation" sandbox. So could u fix it?

DavidXanatos commented 3 years ago

I'll take a look whats failing there.

But i'm afraid this little bitch will bypass the sandbox limit and install some trash "safety tools" in my host machine. Other installers from this company can do it in "ask for UAC elevation" sandbox. So could u fix it?

That should not be possible, can you point me to an installer that can do that, i need to find out how it does it and plug that whole if its true.

NYGKNYGK commented 3 years ago

@DavidXanatos

That's my bad. I've mistaken the left-behind trash after I uninstalled them from host machine for sandbox leaks. I've tested them 3 times. The "ask for UAC elevation" sandbox works just fine. I'm truly sry.

DavidXanatos commented 3 years ago

Ok that is good, so i only need to investigate the failure of fake admin, also it should not try to elevate but think it already is elevated, so the issue is with some yet unhandles checking method for administrative privileges

StoneMoe commented 3 years ago

Ran into this issue with another software installer with SBIE Plus v0.8.2, which has a UAC.dll file. and here is its imports

Click to expand ``` Address Ordinal Name Library 0000000010001000 GetUserNameW ADVAPI32 0000000010001004 OpenServiceW ADVAPI32 0000000010001008 QueryServiceStatus ADVAPI32 000000001000100C CloseServiceHandle ADVAPI32 0000000010001010 OpenProcessToken ADVAPI32 0000000010001014 GetTokenInformation ADVAPI32 0000000010001018 EqualSid ADVAPI32 000000001000101C LookupPrivilegeValueW ADVAPI32 0000000010001020 AdjustTokenPrivileges ADVAPI32 0000000010001024 OpenSCManagerW ADVAPI32 000000001000102C FormatMessageW KERNEL32 0000000010001030 LocalFree KERNEL32 0000000010001034 CloseHandle KERNEL32 0000000010001038 GetModuleHandleW KERNEL32 000000001000103C SetLastError KERNEL32 0000000010001040 GetVersionExW KERNEL32 0000000010001044 GetProcAddress KERNEL32 0000000010001048 lstrcmpiW KERNEL32 000000001000104C GetCurrentThreadId KERNEL32 0000000010001050 GetCommandLineW KERNEL32 0000000010001054 GetCurrentProcessId KERNEL32 0000000010001058 WaitForSingleObject KERNEL32 000000001000105C UnmapViewOfFile KERNEL32 0000000010001060 SetEvent KERNEL32 0000000010001064 DuplicateHandle KERNEL32 0000000010001068 GetLastError KERNEL32 000000001000106C CreateEventW KERNEL32 0000000010001070 CreateFileMappingW KERNEL32 0000000010001074 MapViewOfFile KERNEL32 0000000010001078 CreateThread KERNEL32 000000001000107C GetExitCodeThread KERNEL32 0000000010001080 OpenProcess KERNEL32 0000000010001084 Sleep KERNEL32 0000000010001088 GetExitCodeProcess KERNEL32 000000001000108C GetCurrentProcess KERNEL32 0000000010001090 IsDebuggerPresent KERNEL32 0000000010001094 SetUnhandledExceptionFilter KERNEL32 0000000010001098 UnhandledExceptionFilter KERNEL32 000000001000109C TerminateProcess KERNEL32 00000000100010A0 CreateProcessW KERNEL32 00000000100010A4 lstrlenW KERNEL32 00000000100010A8 GetPrivateProfileIntW KERNEL32 00000000100010AC lstrcatW KERNEL32 00000000100010B0 GetModuleFileNameW KERNEL32 00000000100010B4 GetPrivateProfileStringW KERNEL32 00000000100010B8 LoadLibraryA KERNEL32 00000000100010BC IsProcessorFeaturePresent KERNEL32 00000000100010C0 OutputDebugStringW KERNEL32 00000000100010C4 GlobalFree KERNEL32 00000000100010C8 SetCurrentDirectoryW KERNEL32 00000000100010CC GlobalAlloc KERNEL32 00000000100010D4 ShellExecuteExW SHELL32 00000000100010DC IsWindowVisible USER32 00000000100010E0 SetForegroundWindow USER32 00000000100010E4 CallNextHookEx USER32 00000000100010E8 SetWindowsHookExW USER32 00000000100010EC PeekMessageW USER32 00000000100010F0 IsDialogMessageW USER32 00000000100010F4 TranslateMessage USER32 00000000100010F8 DispatchMessageW USER32 00000000100010FC MsgWaitForMultipleObjects USER32 0000000010001100 PostMessageW USER32 0000000010001104 SetWindowPos USER32 0000000010001108 DefWindowProcW USER32 000000001000110C CreateWindowExW USER32 0000000010001110 GetWindowThreadProcessId USER32 0000000010001114 CallWindowProcW USER32 0000000010001118 GetWindowRect USER32 000000001000111C GetClassNameW USER32 0000000010001120 LoadIconW USER32 0000000010001124 FindWindowExW USER32 0000000010001128 GetClientRect USER32 000000001000112C FindWindowA USER32 0000000010001130 CharNextW USER32 0000000010001134 DialogBoxParamW USER32 0000000010001138 EndDialog USER32 000000001000113C MessageBoxW USER32 0000000010001140 DestroyWindow USER32 0000000010001144 ShowWindow USER32 0000000010001148 EnableWindow USER32 000000001000114C LoadStringW USER32 0000000010001150 wvsprintfW USER32 0000000010001154 MessageBoxA USER32 0000000010001158 wsprintfW USER32 000000001000115C CreateDialogParamW USER32 0000000010001160 UnhookWindowsHookEx USER32 0000000010001164 SendMessageW USER32 0000000010001168 GetDlgItem USER32 000000001000116C SetWindowLongW USER32 0000000010001170 GetWindowLongW USER32 0000000010001174 LoadImageW USER32 000000001000117C CoInitialize ole32 ```

wish this can help.

DavidXanatos commented 3 years ago

have you tried Release v0.9.1 / 5.51.1 that pre release should fix this issue

StoneMoe commented 3 years ago

have you tried Release v0.9.1 / 5.51.1 that pre release should fix this issue

Yes! updated to v0.8.9 not resolve this issue but it works on v0.9.1 (pre) with "NeteaseMusic" installer

thanks alot :D