Registry changes.

[Liam H]

Hi!

First of all, it's a great program! Now I'm not afraid to test new softwares (who am i kidding... maybe the right term is 'less afraid")

Just wanted to know - where can I see the registry keys that the sandboxed programs change?
the DEVICE folder will show me the files. I've found the REGISTRY.DAT file but couldn't find the change there.

In my case, I installed a 'trojan test" file that puts itself in the 'RUN' registry key. The registry change WAS sandboxed. i just could not 'see' it.

hope to hear from you.
[/list]

[tzuk]

Hi Liam, you can run RegEdit in the sandbox and it shows you the sandboxed registry. Which means you see sandboxed keys "superimposed" (kinda) over your real registry. Then you can run regular RegEdit and hope you notice what's different.

But that's lame. Next version will include a utility to dump the contents of sandboxed Registry.dat files. Can you wait for it a bit?

[Guest]

Thanks for your answer!

I guess I can Export the normal registry and the sandboxed registry and use a utility like FC to compare and point out the changes. (a simple log file will help.. something like:
---------8-<-----------
[program-name/time]file X has been created
[program-name/time]file Y has been changed
[program-name/time]registry key Z has changed with data ABC
---------8-<-----------
)


Anyway, it will be hard, but i'll wait for the next version

Do you have some kind of a changelog or new-features list that you can share with us?

[tzuk]

I have plans to include tracing and logging in Sandboxie, but it's going to take a while to get there.

As for future changes, in general I'd rather not say in advance. And you already know one thing: the reg dump utility

[Guest]

and keep on the good work.