Recent Posts

31

Developers' Blog / [FAQ] Can I save settings from isolated programs?

« Last post by fixer on January 19, 2019, 11:13:56 am »

Program settings (including bookmarks, history, etc.) are usually stored in real user home profile folder or registry hive. For the isolated program to use them, they're copied to the isolated environment. This way these settings persist between reboots, if you start the program in isolation. But this program being executed unisolated will use old settings from real user. This was done this way for security purposes. Otherwise if for example some exploit for settings is possible, malware having infected the isolated environment could spread to the real user via infected settings.

32

ReHIPS / Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors

« Last post by crasher on January 10, 2019, 10:47:42 am »

Display14 inch 16:9, 1920 x 1080 pixel, Windows scaling set as 150%

As temporary solution you can use Qt environment variable:

QT_SCALE_FACTOR [numeric] defines a global scale factor for the whole application, including point sized fonts.

Just set it before applicaton start. You can start from QT_SCALE_FACTOR=0.8.
We'll solve this problem completely in one of the next releases.

33

ReHIPS / Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors

« Last post by Umbra on January 10, 2019, 02:11:48 am »

Display14 inch 16:9, 1920 x 1080 pixel, Windows scaling set as 150%

34

ReHIPS / Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors

« Last post by crasher on January 09, 2019, 11:15:57 pm »

Can we have an option to select different PPI or resize the gui, on one system the GUI take almost the screen making rehips barely usable.

Can you provide more information about the system such as screen resolution and DPI scaling value?

35

ReHIPS / Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors

« Last post by Umbra on January 09, 2019, 07:32:31 pm »

Can we have an option to select different PPI or resize the gui, on one system the GUI take almost the screen making rehips barely usable.

36

Developers' Blog / [FAQ] How do I work with files from an isolated program?

« Last post by fixer on January 08, 2019, 09:23:32 am »

ReHIPS isolates by executing untrusted programs from separate restricted users. So isolated programs don't have any access to real user home profile folder and don't have write access to many locations. So the best way to work with files (like from Word) is to use a ReHIPS folder (more about it in this blogpost https://forum.rehips.com/index.php?topic=9487.0 ). When ReHIPS is installed it installs rules for known programs and for example for Office programs like Word it creates C:\ReHIPS\Office folder. The most secure way is to use this folder to work with files. But you can also use Open File Access feature, it's less secure, but more convenient, it allows to open a file just by standard and familiar double-click (more about it in this blogpost https://forum.rehips.com/index.php?topic=9484.0 ).

37

Developers' Blog / [FAQ] Isolated programs and hotkeys

« Last post by fixer on December 28, 2018, 05:07:04 am »

If your isolated program uses hotkeys, then you probably noticed that they may not work with default isolated environment settings. If the program uses RegisterHotKey API function, it'll fail with access denied error. Just allow WinStation Access Rights->Modify Attributes in isolated environment settings and it'll be OK.

38

Developers' Blog / [BUG] Glasswire BSOD

« Last post by fixer on December 18, 2018, 07:23:23 pm »

If you have Glasswire installed and you're experiencing "blue screen of death" DPC Watchdog Violation with code 133, this blogpost is for you.

At first I'd like to say that ReHIPS has nothing to do with it. These are Glasswire bugs. Here are some that were found during our research.

1. They try to allocate memory in a cycle. If allocation failed, they allocate again. So if for some reason allocation can't succeed (like system is running out of memory or some parameter is wrong) it'll get into infinite cycle. No error checking, nothing, just infinite cycle. This'll lead to either hang thread (and probably system) or system crash (on high IRQL windows will detect too long DPC execution and will BSOD).

2. They don't properly check NET_BUFFER-s for inspection. They get NET_BUFFER_DATA with zero CurrentMdl, CurrentMdlOffset and NbDataLength and still try to call NdisAdvanceNetBufferDataStart without any checking. It leads to negative signed (or very big unsigned) NbDataLength value. So they try to allocate 0xfffffff5 bytes of memory, failing and entering infinite cycle.

39

Developers' Blog / [BUG] WTSFreeMemoryExA and memory leak

« Last post by fixer on December 06, 2018, 10:38:39 am »

WTSFreeMemoryExA API function is supposed to free allocated memory. And one of the parameters it receives is WTSTypeClass, it indicates the types of structures this function should free. It can be WTSTypeProcessInfoLevel0, WTSTypeProcessInfoLevel1 or WTSTypeSessionInfoLevel1. But sanity checking inside this function accepts only the first two and returns ERROR_INVALID_PARAMETER on the third one without freeing anything. And hence it leads to memory leaks.

Any solutions? Looks like WTSFreeMemoryExW doesn't have this bug.

This issue was found several months ago, it wasn't fixed then. I haven't checked it since, but I suspect it to remain broken for many years to come.

40

Developers' Blog / [FAQ] ReHIPS files (part 2)

« Last post by fixer on November 26, 2018, 08:51:05 am »

-default.rdb (RulesManager database of xml format with initial rules for programs);

-settings.xml (file with global settings, more about local and global settings here https://forum.rehips.com/index.php?topic=11745.0);

-opengl32sw.dll, Qt5Core.dll, Qt5Gui.dll, Qt5Network.dll, Qt5Qml.dll, Qt5Quick.dll, Qt5Widgets.dll and Qt5WinExtras.dll files and platforms, QtGraphicalEffects, QtQuick and QtQuick.2 folders (Qt framework libraries and stuff, used in GUI parts DeployHelper, HIPSGui and RulesManager);

-api-ms-win-*, concrt140.dll, msvcp140.dll, ucrtbase.dll and vcruntime140.dll (C++ runtime libraries, used by almost everything);

-Help folder (help files for GUI parts);

-Translations folder (localization files for GUI parts).

-%SystemDrive%\ReHIPS (folder for files exchange with isolated programs, separate blogpost about it here https://forum.rehips.com/index.php?topic=9487.0);

-%SystemRoot%\System32\winevt\Logs\ReHIPS.evtx (saved Event Log file);

-%UserProfile%\AppData\Roaming\ReHIPS\ReHIPS.ini (file with user-specific local settings, more about local and global settings here https://forum.rehips.com/index.php?topic=11745.0).