From cd87bb25ad8cb867b5eb5116aa04c9a7877dbdb6 Mon Sep 17 00:00:00 2001
From: PandaNinjas <admin@malwarefight.wip.la>
Date: Fri, 13 Oct 2023 10:24:27 -0700
Subject: [PATCH] Fix container code

---
 windows_sandbox/build.gradle.kts              |  1 +
 .../src/main/cpp/ContainerCreate.cpp          | 21 +++++++++----------
 ...warefight_nosession_win_WindowsSandbox.cpp | 15 ++++++-------
 ...alwarefight_nosession_win_WindowsSandbox.h | 16 +++++++-------
 4 files changed, 27 insertions(+), 26 deletions(-)

diff --git a/windows_sandbox/build.gradle.kts b/windows_sandbox/build.gradle.kts
index 124bb42..f5c296b 100644
--- a/windows_sandbox/build.gradle.kts
+++ b/windows_sandbox/build.gradle.kts
@@ -47,6 +47,7 @@ project.afterEvaluate {
             compilerArgs.add("/wd4068")
             compilerArgs.add("/std:c++17")
             compilerArgs.add("/EHa")
+            compilerArgs.add("/fsanitize=address")
         }
     }
     val linkRelease: AbstractLinkTask by tasks
diff --git a/windows_sandbox/src/main/cpp/ContainerCreate.cpp b/windows_sandbox/src/main/cpp/ContainerCreate.cpp
index 4c792b3..fa1ad69 100644
--- a/windows_sandbox/src/main/cpp/ContainerCreate.cpp
+++ b/windows_sandbox/src/main/cpp/ContainerCreate.cpp
@@ -9,6 +9,9 @@
 #include "ContainerCreate.h"
 #include <algorithm>
 
+#ifndef DEBUG
+inline
+#endif
 void debug(...) {
 #ifdef DEBUG
     va_list args;
@@ -25,7 +28,7 @@ void debug(...) {
 WELL_KNOWN_SID_TYPE app_capabilities[] = {
         WinCapabilityInternetClientSid,
         WinCapabilityInternetClientServerSid, // allow both connection and binding to ports
-        /**
+        /*
          * binding to ports is allowed even though it might present a risk because it is useful for ipc, and additionally
          * blocking binding to ports presents no security benefit because reverse shells-type connections still work,
          * additionally it wouldn't help prevent c2s from causing problems on machines because c2s would not be able to
@@ -33,8 +36,7 @@ WELL_KNOWN_SID_TYPE app_capabilities[] = {
          */
         WinCapabilityPrivateNetworkClientServerSid, // this is needed when the user is connected to a VPN which
                                                     // routes traffic through a local ip address.
-        // TODO: investigate removing this capability conditionally
-
+                                                    // it may also be needed in order to connect to local minecraft servers
 };
 WCHAR container_desc[] = L"Sandboxing Minecraft";
 
@@ -63,14 +65,14 @@ WCHAR* createContainerName(WCHAR *base_container_name, LPWSTR *rwMounts, LPWSTR
     uint64_t hash = 0xcbf29ce484222325;
     for (int i = 0; i < rwMountsCount; ++i) {
         size_t strlen = wcslen(rwMounts[i]);
-        for (size_t j = 0; j < strlen; j++) {
+        for (size_t j = 0; j < strlen; ++j) {
             hash *= 0x100000001b3;
             hash ^= rwMounts[i][j];
         }
     }
     for (int i = 0; i < roMountsCount; ++i) {
         size_t strlen = wcslen(roMounts[i]);
-        for (size_t j = 0; j < strlen; j++) {
+        for (size_t j = 0; j < strlen; ++j) {
             hash *= 0x100000001b3;
             hash ^= roMounts[i][j];
         }
@@ -126,11 +128,11 @@ BOOL RunExecutableInContainer(LPWSTR command_line, LPWSTR *rwMounts, LPWSTR *roM
         }
 
         for (int i = 0; i < rwMountsCount; i++) {
-            GrantNamedObjectAccess(sid, rwMounts[i], SE_FILE_OBJECT, FILE_ALL_ACCESS | FILE_LIST_DIRECTORY);
+            GrantNamedObjectAccess(sid, rwMounts[i], SE_FILE_OBJECT, STANDARD_RIGHTS_ALL | FILE_ALL_ACCESS | FILE_LIST_DIRECTORY);
         }
 
         for (int i = 0; i < roMountsCount; i++) {
-            GrantNamedObjectAccess(sid, roMounts[i], SE_FILE_OBJECT, GENERIC_READ);
+            GrantNamedObjectAccess(sid, roMounts[i], SE_FILE_OBJECT, GENERIC_READ | FILE_EXECUTE);
         }
 
         InitializeProcThreadAttributeList(nullptr, 1, 0, &attribute_size);
@@ -238,7 +240,7 @@ BOOL GrantNamedObjectAccess(PSID appcontainer_sid, LPWSTR object_name, SE_OBJECT
     BOOL success = FALSE;
 
     do {
-        explicit_access.grfAccessMode = GRANT_ACCESS;
+        explicit_access.grfAccessMode = SET_ACCESS;
         explicit_access.grfAccessPermissions = access_mask;
         explicit_access.grfInheritance = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE;
 
@@ -273,9 +275,6 @@ BOOL GrantNamedObjectAccess(PSID appcontainer_sid, LPWSTR object_name, SE_OBJECT
 
     } while (FALSE);
 
-    if (original_acl)
-        LocalFree(original_acl);
-
     if (new_acl)
         LocalFree(new_acl);
 
diff --git a/windows_sandbox/src/main/cpp/gq_malwarefight_nosession_win_WindowsSandbox.cpp b/windows_sandbox/src/main/cpp/gq_malwarefight_nosession_win_WindowsSandbox.cpp
index f802365..eb4963e 100644
--- a/windows_sandbox/src/main/cpp/gq_malwarefight_nosession_win_WindowsSandbox.cpp
+++ b/windows_sandbox/src/main/cpp/gq_malwarefight_nosession_win_WindowsSandbox.cpp
@@ -27,13 +27,13 @@ LPWSTR objectArrayToLPWSTR(JNIEnv *env, jobjectArray args) {
     }
 
     auto string = static_cast<LPWSTR>(malloc(sizeof(WCHAR) * to_allocate));
-    ZeroMemory(&string, sizeof(WCHAR) * to_allocate);
+    ZeroMemory(&string[0], sizeof(WCHAR) * to_allocate);
 
     size_t index = 0;
     for (jsize i = 0; i < env->GetArrayLength(args); i++) {
         auto jstring_element = static_cast<jstring>(env->GetObjectArrayElement(args, i));
         auto chars = env->GetStringChars(jstring_element, nullptr);
-        for (jsize j = 0; j < env->GetStringLength(jstring_element); i++) {
+        for (jsize j = 0; j < env->GetStringLength(jstring_element); j++) {
             string[index] = chars[j];
             index++;
         }
@@ -47,12 +47,13 @@ LPWSTR objectArrayToLPWSTR(JNIEnv *env, jobjectArray args) {
 
 LPWSTR* objectArrayToLPWSTRArray(JNIEnv *env, jobjectArray array) {
     auto newArray = static_cast<LPWSTR *>(malloc(sizeof(LPWSTR) * env->GetArrayLength(array)));
-    ZeroMemory(&newArray, sizeof(LPWSTR) * env->GetArrayLength(array));
+    ZeroMemory(&newArray[0], sizeof(LPWSTR) * env->GetArrayLength(array));
     for (jsize i = 0; i < env->GetArrayLength(array); i++) {
         auto jstring_element = static_cast<jstring>(env->GetObjectArrayElement(array, i));
         auto chars = env->GetStringChars(jstring_element, nullptr);
-        newArray[i] = static_cast<LPWSTR>(malloc(sizeof(WCHAR) * env->GetStringLength(jstring_element)));
-        for (jsize j = 0; j < env->GetStringLength(jstring_element); i++) {
+        newArray[i] = static_cast<LPWSTR>(malloc(sizeof(WCHAR) * env->GetStringLength(jstring_element) + sizeof(WCHAR)));
+        ZeroMemory(&newArray[i][0], sizeof(WCHAR) * env->GetStringLength(jstring_element) + sizeof(WCHAR));
+        for (jsize j = 0; j < env->GetStringLength(jstring_element); j++) {
             newArray[i][j] = chars[j];
         }
     }
@@ -65,10 +66,10 @@ extern "C" {
 
 /*
  * Class:     gq_malwarefight_nosession_win_WindowsSandbox
- * Method:    runSandboxed
+ * Method:    runProcess
  * Signature: ([Ljava/lang/String;[Ljava/lang/String;[Ljava/lang/String;)Z
  */
-JNIEXPORT jboolean JNICALL Java_gq_malwarefight_nosession_win_WindowsSandbox_runSandboxed
+JNIEXPORT jboolean JNICALL Java_gq_malwarefight_nosession_win_WindowsSandbox_runProcess
         (JNIEnv *env, jclass, jobjectArray rwMounts, jobjectArray roMounts, jobjectArray args) {
     auto lpw_args = objectArrayToLPWSTR(env, args);
     auto lpw_rwMounts = objectArrayToLPWSTRArray(env, rwMounts);
diff --git a/windows_sandbox/src/main/cpp/gq_malwarefight_nosession_win_WindowsSandbox.h b/windows_sandbox/src/main/cpp/gq_malwarefight_nosession_win_WindowsSandbox.h
index 3b5a352..023f125 100644
--- a/windows_sandbox/src/main/cpp/gq_malwarefight_nosession_win_WindowsSandbox.h
+++ b/windows_sandbox/src/main/cpp/gq_malwarefight_nosession_win_WindowsSandbox.h
@@ -2,18 +2,18 @@
 #include <jni.h>
 /* Header for class gq_malwarefight_nosession_win_WindowsSandbox */
 
-#ifndef Included_gq_malwarefight_nosession_win_WindowsSandbox
-#define Included_gq_malwarefight_nosession_win_WindowsSandbox
+#ifndef _Included_gq_malwarefight_nosession_win_WindowsSandbox
+#define _Included_gq_malwarefight_nosession_win_WindowsSandbox
 #ifdef __cplusplus
 extern "C" {
 #endif
 /*
  * Class:     gq_malwarefight_nosession_win_WindowsSandbox
- * Method:    runSandboxed
+ * Method:    runProcess
  * Signature: ([Ljava/lang/String;[Ljava/lang/String;[Ljava/lang/String;)Z
  */
-JNIEXPORT jboolean JNICALL Java_gq_malwarefight_nosession_win_WindowsSandbox_runSandboxed
-  (JNIEnv *, jclass, jobjectArray, jobjectArray, jobjectArray);
+JNIEXPORT jboolean JNICALL Java_gq_malwarefight_nosession_win_WindowsSandbox_runProcess
+        (JNIEnv *, jclass, jobjectArray, jobjectArray, jobjectArray);
 
 /*
  * Class:     gq_malwarefight_nosession_win_WindowsSandbox
@@ -21,9 +21,9 @@ JNIEXPORT jboolean JNICALL Java_gq_malwarefight_nosession_win_WindowsSandbox_run
  * Signature: ()Z
  */
 JNIEXPORT jboolean JNICALL Java_gq_malwarefight_nosession_win_WindowsSandbox_isSandboxed
-  (JNIEnv *, jclass);
+        (JNIEnv *, jclass);
 
 #ifdef __cplusplus
 }
-#endif // __cplusplus
-#endif // Included_gq_malwarefight_nosession_win_WindowsSandbox
+#endif
+#endif