Sandboxie Support

Tzuk, Beta version 3.55.09 does not delete the contents of the sandbox if a system shutdown is invoked and the processes are terminated by the subsystem. You should be able to use RegisterServiceCtrlHandlerEx to register a handler for the SERVICE_CONTROL_SHUTDOWN or SERVICE_CONTROL_PRESHUTDOWN event...

tzuk wrote: Perhaps a problem on your end got resolved somehow?

Tzuk,

Yes I think so, don't waste anymore of your time looking into this.

tzuk,

Sorry about the huge delay... I have been extremely busy.

Have you made any changes to this? While testing Wehntrust with 3.55.05 I have noticed that CryptCATAdminEnumCatalogFromHash is now able to verify the digital signatures in the system catalogs.

-MessageBoxA

Hi, If there are any Windows XP users left out there (andI suspect there are many) then I recommend that you take a look at the WehnTrust project . This is the research that resulted in the ASLR and SEHOP implementations inside Vista and Weven. Just recently Tzuk announced that the Beta version 3.55...

Hi,

Sandboxie cannot protect you from flaws in the Microsoft operating system. Unfortunately Microsoft Windows® is like Swiss cheese.... there are holes and tunnels and privilege escalations everywhere.

-MessageBoxA

My thinking is that I'd like to lock down certain applications after I use them. For example, mediaplayers should not be writing to files. But some players, like GomPlayer are really hard to setup in Sandboxie. It would not matter anyway... With operating systems >= x64 Vista malware can bypass use...

Hey tzuk,

Sure I can do that. I'm a bit busy this week but I have added it to my TODO list. I'll update this thread when I have completed a sample application.

-MessageBoxA

Yes.

Yes, SandboxieCrypto.exe is running in the sandbox.

-MessageBoxA

Hi tzuk, Essentially my software checks the digital signature on all dynamic libraries being loaded into my process. I have been having some issues with the WinVerifyTrust function when my software is running in your sandbox. I can verify the digital signature on ntdll.dll and SbieDll.dll but after ...

Hi, Some of the SbieDll exported functions are version dependent. I think it would be useful if I could query the SandBoxie version and recieve a packed DWORD as the return value. I can get the version from the SbieDll.dll version information block... but maybe it would be better if this was an expo...

tzuk, I can see your point and completely understand. Unfortunately thanks to PatchGuard my only option on 64 bit Vista+ is to bootkit my workstations and servers. It makes me wonder if a commercial bootkit would be a useful security product. Its just that several times each year I have 3-4 zero-day...

tzuk, Thanks for this great piece of software. I am a security researcher and I have been using your product for a number of years for researching/reversing/analyzing malware. I have a swarm of 12 automated honey pots which spider around the net collecting viri/trojan/rootkit. Your sandbox is runnin...

Could you post the source code for this addon? I would like to make some modifications to the project.

Thanks.