DavidXanatos
commented
3 years ago what program runs into that crash?
Closed psmetiak closed 3 years ago
DavidXanatos
commented
3 years ago what program runs into that crash?
psmetiak
commented
3 years ago Let admin.exe be file with manifest set to "'requireAdministrator" and project.exe is program that runs "admin.exe" with CreateProcess. Normally (without sandboxing) after executing "project.exe" "admin.exe" is not executed (ERROR_ELEVATION_REQUIRED). But when "project.exe" is executed sandboxed, it crashes.
Here is small project containing souce code for admin.exe and project.exe: https://drive.google.com/file/d/10voK0mIC1J8-hcTVxm-WD6yoQNkmYUrc/view?usp=sharing
DavidXanatos
commented
3 years ago hmm that is really strange on my systems i don't get the crash when running sandboxed
psmetiak
commented
3 years ago I have tried it on two computers (Version 10.0.17763 Build 17763, Version 10.0.19042 Build 19042) and on both it crashes.
If you try my project (I shared with you on google disk) and everything is ok, it will show msgbox "test".
DavidXanatos
commented
3 years ago I ran your project in and outside the sandbox and in booth cases I got the message box saying that no process was created.
whats your box configuration? Are you using FakeAdminRights or alike?
DavidXanatos
commented
3 years ago i can reproduce the issue now working on it
DavidXanatos
commented
3 years ago hmm... its very strange why the CreateProcess handler even tryes to do the elevation norma windows behavioure shoudl be that only shellexecuteex with runas wil show an elevation prompt,It may be best to actually remove that code portion from the create process impolementation
DavidXanatos
commented
3 years ago this explains: https://social.msdn.microsoft.com/Forums/sharepoint/en-US/d0941239-19a9-474a-8e28-0336c9dede8d/does-the-windows-8-program-compatibility-assistant-pca-no-longer-apply-the-elevatecreateprocess?forum=windowscompatibility why the create process to SH32_DoRunAs path way was implemented by the old devs. I'll have to think about what to do here best, aside of fixing the command line issue...
With a simple fix create process always throws the UAC prompt instead of failign with ERROR_ELEVATION_REQUIRED which may not be desired
I would add a sbie ini setting that enables this behavioure on a per orcess basis any by defualt disable it, what do you think?
psmetiak
commented
3 years ago Thank you for link, it's interesting. IMHO I will try to emulate (and preserve) the "real" behaviour of windows OS based on its version. And this "little hack" in sbie ini sounds good. And I'm sorry - I tried to do the best to describe this bug and the way how to reproduce it. Next time I will try to be more accurate.
Describe the bug Sandboxed program crashes after execution (Access violation - code c0000005)
To Reproduce I can't reproduce this bug easily, but I have identified the place in source code where it happens.
Commit hash : 372747da165989fee6992b46c63c00f9c1974d7f
\core\dll\sh.c:782 (function SH32_DoRunAs()) if (CmdLine[0] == L'\"') {
Problem is, if CmdLine is NULL (there is no check of NULL value)
SH32_DoRunAs() is in this case called from: \core\dll\proc.c:1380 if (SH32_DoRunAs(lpCommandLine, lpCurrentDirectory,
lpCommandLine can be NULL (in this case it is NULL). probably it has to be called with lpApplicationName?
Expected behavior No crash.
System details and installed software (please provide the following information): Windows: 10.0.19042 Build 19042