search

sandboxie-plus / Sandboxie

Sandboxie Plus & Classic
https://Sandboxie-Plus.com
GNU General Public License v3.0
13.78k stars 1.54k forks source link

"sc.exe query" does not return #1931

Open skycommand opened 2 years ago

skycommand commented 2 years ago

What happened?

I've just installed Sandboxie Plus 1.0.22 on a fresh copy of Windows 10. I tried running the "sc.exe query" command in it. (SC.exe is a utility that comes with Microsoft Windows. It shows a list of Windows services. It runs fine with or without admin privileges.) SC.exe runs but hangs. I've waited for 17 minutes so far.

Update: Maybe I was wrong to write "fresh copy of Windows" because although it is recently installed (fresh), I've installed other apps on it too. So, this time, I tested the issue on a clean copy of Windows Server 2022 (i.e., without extra apps) on a virtual machine. After 10 minutes, SC.exe generated the following error message:

[SC] OpenSCManager FAILED 1460:

This operation returned because the timeout period expired.

Download link

Not relevant

To Reproduce

  1. Open Sandboxie Plus
  2. Right-click on the default sandbox and select "Run," "Command Prompt."
  3. Type sc.exe query and press the Enter key.

Expected behavior

SC.exe usually returns very quickly, showing a list of services.

What is your Windows edition and version?

Windows 10 Pro version 21H2

In which Windows account you have this problem?

A local or Microsoft account without special changes.

Please mention any installed security software

Nothing (Windows 10 comes with Microsoft Defender Antivirus, though.)

What version of Sandboxie are you running?

1.022

Is it a regression?

No response

List of affected browsers

No response

In which sandbox type you have this problem?

In a Standard isolation sandbox (yellow sandbox icon).

Where is the program located?

The program is installed only outside the sandbox.

Can you reproduce this problem on an empty sandbox?

I can confirm it also on an empty sandbox.

Did you previously enable some security policy settings outside Sandboxie?

No.

Crash dump

Not relevant

Trace log

Er... I'm not sure what I must trace.

Sandboxie.ini configuration

#
# Sandboxie-Plus configuration file
#

[GlobalSettings]

[UserSettings_52040583]
SbieCtrl_AutoStartAgent=SandMan.exe

[DefaultBox]
Enabled=y
AutoRecover=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=9
DavidXanatos commented 2 years ago

17 minutest that its dead... sandboxie does not play super well with services, yet one more thing to fix imho this part of sbies functionality needs a total rework from scratch to make things proper and streamlined...

DavidXanatos commented 2 years ago

I have investigated this issue and its not easily resolvable, the problem is that to fix it wou would need to eider emulate the ntsvcs endpoint, to much work, or open it entierly, to unsecure

skycommand commented 2 years ago

Ouch! I wonder why Get-Service works without problem.

DavidXanatos commented 2 years ago

hmm that is strange indeed I will investigate further if we can work around this issue somehow what you can do is add OpenIpcPath=*\BaseNamedObjects\*SvcctrlStartEvent_* this solves the hang but makes you just run into a crash just after that, caused by no access to ntsvcs