[pre-commit.ci] auto-fixes from pre-commit hooks

Content/AllowRawDiskRead.md

@@ -1,4 +1,4 @@
-# Allow Raw Disk Read 
+# Allow Raw Disk Read
 
 _AllowRawDiskRead_ is a sandbox setting in [Sandboxie Ini](SandboxieIni.md) available since v0.7.0 / 5.48.0. This setting can be used to disable protection which prevents elevated sandboxed processes from accessing volumes/disks for reading.
 

Content/AppearanceSettings.md

@@ -6,9 +6,9 @@ Sandboxie Control > Sandbox Settings > Appearance:
 
 Normally, Sandboxie inserts the Sandboxie marks [#] in the title bar of windows associated with sandboxed programs.
 
-* You can use the first checkbox to override this default behavior and prevent the Sandboxie marks from appearing. 
+* You can use the first checkbox to override this default behavior and prevent the Sandboxie marks from appearing.
 
-* You can use the second checkbox to extend this default behavior to also insert the name of the sandbox between the [#] marks. This is useful when you frequently use the same programs in more than one sandbox. 
+* You can use the second checkbox to extend this default behavior to also insert the name of the sandbox between the [#] marks. This is useful when you frequently use the same programs in more than one sandbox.
 
 Note: It is not possible to enable both checkboxes at the same time.
 

Content/ApplicationsSettings.md

@@ -50,7 +50,7 @@ For detailed information, see [Sandboxie Ini](SandboxieIni.md) setting: [OpenCre
 
 [Sandboxie Control](SandboxieControl.md) > [Sandbox Settings](SandboxSettings.md) > Applications > Email Reader
 
-![](../Media/EmailReaderSettings.png)  
+![](../Media/EmailReaderSettings.png)
 
 This settings page offers quick configuration for the following email programs:
 

Content/BreakoutDocument.md

@@ -1,6 +1,6 @@
 # Breakout Document
 
-_BreakoutDocument_  is a sandbox setting in [Sandboxie Ini](SandboxieIni.md) available since v1.8.5 / 5.63.5. It specifies which documents shall be opened unsandboxed when opened from within the sandbox. 
+_BreakoutDocument_  is a sandbox setting in [Sandboxie Ini](SandboxieIni.md) available since v1.8.5 / 5.63.5. It specifies which documents shall be opened unsandboxed when opened from within the sandbox.
 
 Usage:
 
@@ -11,4 +11,4 @@ Usage:
    [DefaultBox]
    BreakoutDocument=C:\path\*.txt
    BreakoutDocument=C:\path\*.jpg
-```
+```

Content/BreakoutProcess.md

@@ -17,7 +17,7 @@ Usage:
 
 - `*` defines any name after Program (Program0Test1.exe, Program5Test92G.exe and etc.).
 - `?` defines one character from name (Program1.exe, Programg.exe and etc.).
- 
+
 Also, you can combine several wildcards to match the specified name.
 
 Specifying _ProgramName_ indicates the application that should be launched unsandboxed. Alternatively, the program's path can be specified.

Content/CodeInjection.md

@@ -1,9 +1,9 @@
-# Code Injection 
+# Code Injection
 
 Sandboxie employs a particularly low level approach of injecting its code into processes during creation.
 
 ##### Trigger
-The driver registers a PsSetCreateProcessNotifyRoutine callback and when this is triggered inspects if the process should be sandboxed, when it decides so it blocks and requests the SbieSvc service to inject a loader into the process image. Alternatively a suspended process can be created and the driver triggered to put it into a sandbox by using API_START_PROCESS and resuming the process once the driver has finished. 
+The driver registers a PsSetCreateProcessNotifyRoutine callback and when this is triggered inspects if the process should be sandboxed, when it decides so it blocks and requests the SbieSvc service to inject a loader into the process image. Alternatively a suspended process can be created and the driver triggered to put it into a sandbox by using API_START_PROCESS and resuming the process once the driver has finished.
 
 The injection mechanism itself can be adapted to be utilized without the driver. As of version 5.44 the loader code has been moved from the SbieSvc.exe to SbieDll.dll.
 
@@ -16,7 +16,7 @@ The injection is done calling `_FX ULONG SbieDll_InjectLow(HANDLE hProcess, BOOL
 
 * Starts with preparing a data block `lowdata` of type `SBIELOW_DATA`, and filling in various values like is_wow64, bHostInject and others...
 
-* Than it uses `SbieDll_InjectLow_CopyCode` to allocate `sizeof(shell_code) + sizeof(SBIELOW_J_TABLE) + 0x400` bytes of Memory in the target process and write the shell code to it. 
+* Than it uses `SbieDll_InjectLow_CopyCode` to allocate `sizeof(shell_code) + sizeof(SBIELOW_J_TABLE) + 0x400` bytes of Memory in the target process and write the shell code to it.
 This function also, in an unrelated last step, copies 48 bytes from the begin of `ntdll!LdrInitializeThunk` into `lowdata.LdrInitializeThunk_tramp`.
 
 * Than if `dup_drv_handle` was set `SbieDll_InjectLow_SendHandle` is used to open a handle to the driver and duplicate it into the process, saving its value to `lowdata.api_device_handle`.
@@ -26,7 +26,7 @@ This function also, in an unrelated last step, copies 48 bytes from the begin of
 * Than the actual trampoline is build by `SbieDll_InjectLow_BuildTramp` in `lowdata.LdrInitializeThunk_tramp`.
 
 * Now the function uses `SbieDll_InjectLow_CopySyscalls` to allocate and fill in another memory segment `syscall_data`.
-This block is made up of 2 sections one containing information from the driver that are used to hook all system calls, 
+This block is made up of 2 sections one containing information from the driver that are used to hook all system calls,
 this is optionally done by the shell code when `bHostInject == 0`, that is followed by the `SBIELOW_EXTRA_DATA` that points to values stored behind it in the memory block.
 The data stored there a couple of offsets, as well as the full paths to the SbieDll.dll that is to be injected later on.
 
@@ -36,7 +36,7 @@ The data stored there a couple of offsets, as well as the full paths to the Sbie
 
 Now the process can be resumed and the injected code will do its thing.
 
-An important note to make here is that this function does the same for native 64 bit and wow64 emulated 32 bit processes, 
+An important note to make here is that this function does the same for native 64 bit and wow64 emulated 32 bit processes,
 in fact, on a 64-bit system the injected shell code is always 64 bit. Only much later in the initialization of the process running under wow64 it switches to 32-bit.
 
 ## Shell Code (LowLevel.dll) operation
@@ -55,9 +55,9 @@ At this point the top portion of the `data->syscall_data` before the `SBIELOW_EX
 The function than finds the addresses of `LdrLoadDll`, `LdrGetProcedureAddress`, `NtRaiseHardError` and `RtlFindActivationContextSectionString` using a custom `FindDllExport` lookup function by parsing through the previously selected ntdll image, these addresses are stored into the `INJECT_DATA` region, then a couple values from the `SBIELOW_EXTRA_DATA` are also copied into that region, containing paths to the SbieDll.dll (both 32 and 64 bit paths), as well as the name of kernel32.dll.
 
 On 64-bit systems the function distinguishes between the native and the wow64 execution, in the latter case branching off to `InitInjectWow64`.
-In the native case it continues with hooking the `RtlFindActivationContextSectionString` function in the ntdll.dll. 
-* An original copy of the functions begin is first saved to the `INJECT_DATA` structure 
-* The address of the structure is written into the detour function which is implemented in assembler. 
+In the native case it continues with hooking the `RtlFindActivationContextSectionString` function in the ntdll.dll.
+* An original copy of the functions begin is first saved to the `INJECT_DATA` structure
+* The address of the structure is written into the detour function which is implemented in assembler.
 * Than the `RtlFindActivationContextSectionString` begin is overwritten with a jump instruction to the detour function.
 * Last a pointer to the `SBIELOW_DATA` region is saved into the very top of the `INJECT_DATA` region, and the function exits.
 
@@ -66,7 +66,7 @@ In the wow64 case `InitInjectWow64` sets up the `RtlFindActivationContextSection
 
 ##### RtlFindActivationContextSectionString Detour
 
-In contrary to the above operations which are always executed natively, the `RtlFindActivationContextSectionString` Detour function is executed in the mode matching the bit-ness of the started process. 
+In contrary to the above operations which are always executed natively, the `RtlFindActivationContextSectionString` Detour function is executed in the mode matching the bit-ness of the started process.
 * The function first restores the original `RtlFindActivationContextSectionString` begin.
 * Than it loads the kernel32.dll followed by loading the SbieDll.dll and retrieving the address of Ordinal 1.
 * Than it saves value of the first argument to the `INJECT_DATA` structure and replaces it with a pointer to said structure
@@ -90,4 +90,3 @@ Those are implemented in assembler, they pass a pointer to the return address lo
 
 
 This function first restores the original entry point function from `SbieDll!Ldr_Inject_SaveBytes`  and changes its caller?s return address to point to the begin of the entry point. This way once the caller returns the real entry point will be invoked. Then the function checks if `bHostInject` is set to `0` in which case it first calls `SbieDll!Ldr_LoadInjectDlls` and then `SbieDll!Dll_InitExeEntry` which performs the last initialization steps. If `bHostInject != 0` it calls only `SbieDll!Ldr_LoadInjectDlls` this function checks the [Sandboxie.ini](SandboxieIni.md) for the [InjectDll](InjectDll.md) or the [InjectDll64](InjectDll64.md) respectively, and loads the additional dll?s if any are configured.
-

Content/CommonFeatureRequests.md

@@ -1 +1 @@
-# Common Feature Requests
+# Common Feature Requests

Content/DeleteSandbox.md

@@ -1,6 +1,6 @@
 # Delete Sandbox
 
-[Sandboxie Control](SandboxieControl.md) > [Sandbox Menu](SandboxMenu.md) > Delete Contents  
+[Sandboxie Control](SandboxieControl.md) > [Sandbox Menu](SandboxMenu.md) > Delete Contents
 [Sandboxie Control](SandboxieControl.md) > [Tray Icon Menu](TrayIconMenu.md) > Delete Contents
 
 ![](../Media/DeleteSandbox.png)

Content/DeleteSettings.md

@@ -18,7 +18,7 @@ Use this settings page to indicate when you want the sandbox deleted:
 
 * Deleted only by explicit request: Keep both checkboxes cleared
 * Deleted regularly and automatically: Mark the first checkbox
-* Never deleted: Mark the second checkbox 
+* Never deleted: Mark the second checkbox
 
 Note that while both checkboxes can be cleared, only one checkbox can be marked at any time.
 

Content/DropAdminRights.md

@@ -19,4 +19,3 @@ Specifically, the security credentials used to start the sandboxed program will
 Note that this has little effect if you are already running under a non-Administrator user account.
 
 Related [Sandboxie Control](SandboxieControl.md) setting: [Sandbox Settings > Restrictions > Drop Rights](RestrictionsSettings.md#drop-rights)
-

Content/FAQVirus.md

@@ -44,9 +44,9 @@ A. No. The anti-virus itself is not operating under the supervision of Sandboxie
 
 ### Q. Will viruses remain in the sandbox after I close all programs in the sandbox?
 
-A. Yes and no:  
-1\. No, if your sandbox is set to [automatically](DeleteSettings.md#invocation) delete;  
-2\. Yes, in the configuration, but only until you [manually](DeleteSandbox.md) delete the contents of the sandbox.  
+A. Yes and no:
+1\. No, if your sandbox is set to [automatically](DeleteSettings.md#invocation) delete;
+2\. Yes, in the configuration, but only until you [manually](DeleteSandbox.md) delete the contents of the sandbox.
 It is important to note that a virus file in the sandbox is just that -- _a file_, not much different from your average text file. Unless you move the file out of the sandbox and invoke it, there is little cause for alarm.
 
 ### Q. Do I have to securely wipe the contents of the sandbox to make sure the virus is gone?
@@ -55,7 +55,7 @@ A. No. Although you can [configure](SecureDeleteSandbox.md) Sandboxie to use a t
 
 ### Q. Why does my anti-virus detect a virus in the _System Volume Information_ folder?
 
-A. The System Restore component in Windows collects various files into the _System Volume Information_ when they are deleted. While the intention is to protect your system, sometimes System Restore ends up making copies of virus files. These virus files are inactive, and even if restored, will be restored into the sandbox, so there is little cause for alarm. Nevertheless, it is a good idea to let your anti-virus get rid of any such virus files.  
+A. The System Restore component in Windows collects various files into the _System Volume Information_ when they are deleted. While the intention is to protect your system, sometimes System Restore ends up making copies of virus files. These virus files are inactive, and even if restored, will be restored into the sandbox, so there is little cause for alarm. Nevertheless, it is a good idea to let your anti-virus get rid of any such virus files.
 Note that this will not occur if you securely wipe the contents of the sandbox (see previous question).
 
 ### Q. My computer is already infected with a virus, will Sandboxie protect against that virus?

Content/ForceProcess.md

@@ -14,7 +14,7 @@ _ForceProcess_ is a sandbox setting in [Sandboxie Ini](SandboxieIni.md). It spec
    [MailBox]
    ForceProcess=outlook.exe
    ForceProcess=cl?cke?.exe
-   
+
 ```
 
 - `*` defines any character.

Content/FrequentlyAskedQuestions.md

@@ -267,4 +267,3 @@ In Windows 8/8.1, point to (but do not click) the lower-right or top-right corne
 If using Windows 10/11, ensure that your default Web Browser for Windows is set correctly (click on the Start menu, type "default apps" and Choose your default apps).
 
 **Back to [Table of Contents](#problems)**
-

Content/InjectDll.md

@@ -18,12 +18,12 @@ You should specify a full path to the DLL. If the DLL file itself resides within
 
 The order of DLLs loaded into the sandboxed program is thus:
 
-Ntdll.dll  
-KernelBase.dll (only on Windows 7)  
-Kernel32.dll  
-SbieDll.dll (on 64-bit Windows, this can be either the 64-bit SbieDll or the 32-bit SbieDll)  
-_InjectDlls_ (loaded in the order specified in Sandboxie.ini)  
-Optionally, ShimEng (or AppHelp on Windows 7) and related DLLs  
+Ntdll.dll
+KernelBase.dll (only on Windows 7)
+Kernel32.dll
+SbieDll.dll (on 64-bit Windows, this can be either the 64-bit SbieDll or the 32-bit SbieDll)
+_InjectDlls_ (loaded in the order specified in Sandboxie.ini)
+Optionally, ShimEng (or AppHelp on Windows 7) and related DLLs
 All [statically-linked](https://msdn.microsoft.com/en-us/library/ms684184(VS.85).aspx) DLLs
 
 The behavior described above applies to Sandboxie version 3.46 and later. Earlier versions of Sandboxie implemented a different behavior which is described below:
@@ -45,4 +45,3 @@ It is recommended to use the **hSbieDll** parameter as the module instance handl
 At this time, this setting cannot be manipulated from [Sandboxie Control](SandboxieControl.md). You have to manually edit it into [Sandboxie Ini](SandboxieIni.md).
 
 See also: [InjectDll64](InjectDll64.md), [SBIE DLL API](SBIEDLLAPI.md), [Start Command Line](StartCommandLine.md).
-

Content/NtStatusCodes.md

@@ -8,4 +8,4 @@ Standard Windows NT Kernel Status Codes for Error Conditions:
 
 **C0000034** Object not found
 
-**C000009A** Insufficient system resources, typically indicates an out-of-memory condition
+**C000009A** Insufficient system resources, typically indicates an out-of-memory condition

Content/OpenClsid.md

@@ -19,4 +19,4 @@ Related Sandboxie Plus settings:
 
 Sandbox Options > Resource Access > COM > Add COM Object > Access column > Open
 
-Sandbox Options > Resource Access > COM > Don't use virtualized COM, Open access to hosts COM infrastructure (not recommended)
+Sandbox Options > Resource Access > COM > Don't use virtualized COM, Open access to hosts COM infrastructure (not recommended)

Content/OpenProtectedStorage.md

@@ -11,5 +11,5 @@ _OpenProtectedStorage_ is a sandbox setting in [Sandboxie Ini](SandboxieIni.md).
 
 Indicates that programs running in the DefaultBox sandbox will update the global system [Protected Storage](ProtectedStorage.md), rather than a sandboxed instance of it.
 
-Related [Sandboxie Control](SandboxieControl.md) setting: _Save outside sandbox: History of search strings and invoked commands_  
+Related [Sandboxie Control](SandboxieControl.md) setting: _Save outside sandbox: History of search strings and invoked commands_
 in [Sandbox Settings > Applications > Web Browser](ApplicationsSettings.md#web-browser)

Content/ProtectHostImages.md

@@ -1,6 +1,6 @@
-# Protect Host Images 
+# Protect Host Images
 
-_ProtectHostImages_ is a sandbox setting in [Sandboxie Ini](SandboxieIni.md) available since v1.9.0 / 5.64.0. This setting can be enabled to prevent processes located outside the sandbox from loading boxed DLLs.  
+_ProtectHostImages_ is a sandbox setting in [Sandboxie Ini](SandboxieIni.md) available since v1.9.0 / 5.64.0. This setting can be enabled to prevent processes located outside the sandbox from loading boxed DLLs.
 
 ```
    .

Content/Questions.md

@@ -1,12 +1,11 @@
 # Questions
 
-* "Antivir can remove infected files out from Sandbox, why not some malware can access out of sandbox?" 
+* "Antivir can remove infected files out from Sandbox, why not some malware can access out of sandbox?"
 
 The difference here is that Antivir is not running sandboxed, so why would Sandboxie stop Antivir from doing ANYTHING?
 
 In this case Antivir is reaching into the sandbox, which is a legitimate folder on your hard drive. You can do "Explore Contents of Sandbox" to open a shell window on that folder -- same thing.
 
 But for programs that are running sandboxed, Sandboxie looks at every operation and decides if it allows or denies the operation, or if it redirects the operation to use an object from the sandbox.
 
-* can't get sysinternals regmon(registry monitor) and filemon(file monitor) to work inside the sandbox. 
-
+* can't get sysinternals regmon(registry monitor) and filemon(file monitor) to work inside the sandbox.

Content/QuickRecovery.md

@@ -1,6 +1,6 @@
 # Quick Recovery
 
-[Sandboxie Control](SandboxieControl.md) > [Sandbox Menu](SandboxMenu.md) > Quick Recovery  
+[Sandboxie Control](SandboxieControl.md) > [Sandbox Menu](SandboxMenu.md) > Quick Recovery
 [Sandboxie Control](SandboxieControl.md) > [Tray Icon Menu](TrayIconMenu.md) > Quick Recovery
 
 ![](../Media/QuickRecoverSandbox.png)

Content/Ransomware.md

@@ -8,4 +8,4 @@ Not so with ransomware your important business data can be lost forever.
 
 Did you know that ransomware can hold your data hostage, and can't be stopped with anti-virus software alone?
 
-Sandboxie runs your programs in an isolated space which prevents malware - including ransomware - from making permanent changes to other programs and data in your computer. 
+Sandboxie runs your programs in an isolated space which prevents malware - including ransomware - from making permanent changes to other programs and data in your computer.

Content/RecoverySettings.md

@@ -45,4 +45,4 @@ It may also be desirable to keep Immediate Recovery enabled, but exclude some fi
 
 Use this settings page to enable or disable the Immediate Recovery extension, and configure exclusions to Immediate Recovery.
 
-Related [Sandboxie Ini](SandboxieIni.md) settings: [AutoRecover](AutoRecover.md), [AutoRecoverIgnore](AutoRecoverIgnore.md).
+Related [Sandboxie Ini](SandboxieIni.md) settings: [AutoRecover](AutoRecover.md), [AutoRecoverIgnore](AutoRecoverIgnore.md).

Content/ResourceAccessSettings.md

@@ -10,7 +10,7 @@ Programs that run in a sandbox are generally not allowed to access system resour
 
 Examples where exceptions are convenient or necessary:
 
-*   Allow direct access to some specific folder. For example, let the Web browser place downloads directly in a _Downloads_ folder.  
+*   Allow direct access to some specific folder. For example, let the Web browser place downloads directly in a _Downloads_ folder.
     See the [File Access](ResourceAccessSettings.md#file-access) category below.
 *   A program may need access to some resource for correct operation. If the program is known and trusted, it is reasonable to make such an exception. See [Known Conflicts](KnownConflicts.md) for some examples.