Command-line options + termination

TNT · Post by **TNT** » Thu Feb 22, 2007 6:10 pm

Hi tzuk,

I find Sandboxie to be a GREAT tool to collect "drive-by-download" malware pieces in the wild. However, for practical purposes, this can be done only "manually", because (unless I'm not mistaken) there's no direct way to instruct Sandboxie to terminate sandboxed processes through the command line.

What would be a great (for me, anyway) would be a way to terminate all processes in a particular sandbox with the command line (for instance, terminateall.exe /box:[box]). So far, it's easy to create a batch script (or actually a cygwin script, which is what I'm using) to launch Sandboxie like this:

Start.exe /box:[box] "C:\Program Files\Internet Explorer\iexplore.exe" [exploit site]

However, there are two problems in automating this process: first of all, there is the sandbox creation issue. While the creation of an appropriate folder that will contain the new sandbox and the automated inclusion of this new sandbox parameters (in sandboxie.ini) are no problem because I can do that through the script, Sandboxie will later complain that it doesn't recognize the new sandbox because I can't force it to re-read the sandboxie.ini file through the command line.

The second problem is the termination issue. Unless I can tell sandboxie to terminate all the processes running in a particular sandbox, a script like this will have processes active in each sandbox until they're all terminated manually, which would greatly limit the amount of automated "launch bad site and observe" that can be issued automatically.

If these functions could be implemented, sandboxie would make an almost perfect "honeypot" for bad drive-by-downloads sites: you feed a list of known bad pages to the script, and the script could instruct sandboxie to routinely launch IE on those pages and terminate all that's been created after a while.

F.

tzuk · Post by **tzuk** » Fri Feb 23, 2007 6:57 am

I can't force it to re-read the sandboxie.ini file through the command line

Oh but you can:

Code: Select all

Start.exe /reload

The second problem is the termination issue

I can add Start.exe /terminate. Combined with /box:somebox or /box:* this will be what you need, I guess.

TNT · Post by **TNT** » Fri Feb 23, 2007 9:45 am

tzuk wrote:
I can't force it to re-read the sandboxie.ini file through the command line
Oh but you can:
Code: Select all
Start.exe /reload
Thanks. Very good.

tzuk wrote:
The second problem is the termination issue
I can add Start.exe /terminate. Combined with /box:somebox or /box:* this will be what you need, I guess.

Yes, that would be perfect. Thanks tzuk, this is the best product of its genre and has the best support as well.

tzuk · Post by **tzuk** » Fri Feb 23, 2007 2:06 pm

Sure. Download version 2.78.9 and give it a try then.

TNT · Post by **TNT** » Fri Feb 23, 2007 3:37 pm

tzuk wrote:Sure. Download version 2.78.9 and give it a try then.

Very good tzuk, thanks a lot!

Buster · Post by **Buster** » Fri Oct 05, 2007 9:18 pm

Even if I am late, I also want to thank you for the /terminate command.

Really useful!

Sandboxie Support

Command-line options + termination

Command-line options + termination

Who is online