Process Hacker and Windows discussion

 
User avatar
diversenok
Member
Posts: 27
OS: Windows 7 x64
Location: Source Code
Contact:

Not truly constant columns

10 Jul 2017, 14:33

Let's continue our bug-fix marathon ;)

:arrow:  Process Hacker 2.39 & 3.0.782

Main tree view contains several columns, that are not updated even by refresh button. And some of them are not truly constant. If you change Integrity of a process in Token tab it wouldn't be updated in the appropriate column of main window.

Actually, the same thing can happen with User name column, but in much more rare situations. When Sandboxie forces programs to run sandboxed, it changes token on the fly, so PH can show not correct information in that case. It may seems strange, especially without Sandboxie plugin. Oh, and also: where is this plugin in nightly builds plugin system? I just copied SbieSupport.dll from stable release and it works fine, but I couldn't see it in the list.

Image
 
User avatar
dmex
Admin
Posts: 1282
Location: Australia

Re: Not truly constant columns

28 Jul 2017, 05:28

diversenok wrote:
10 Jul 2017, 14:33
When Sandboxie forces programs to run sandboxed, it changes token on the fly
How do you make Sandboxie use a different process token?
 
User avatar
diversenok
Member
Posts: 27
OS: Windows 7 x64
Location: Source Code
Contact:

Re: Not truly constant columns

05 Aug 2017, 19:25

All sandboxed processes use token with "NT AUTHORITY\ANONYMOUS LOGON" user and just because of virtualization they think it's a token of current user. Pro version of Sandboxie can intercept any program execution and force it to run inside sandbox. However standard version provides this mechanism too. If you put an executable file somewhere into "C:\Sandbox\%USER%\%SANDBOX%\" and execute it from unsandboxed application Sandboxie will change it token on the fly and put this program to run inside it's sandbox.

Who is online

Users browsing this forum: No registered users and 3 guests