Block Process Access
@needsomehelpplease
You need to get DbgView working first and enable debug messages in sbiextra.ini. Hopefully that will clue you into what is going on. You can also open the sandboxed process with something like Process Explorer to see if the sbiextra.dll has really been injected.
@budyn
I'm not helping you bypass game anti-cheat mechanisms, so don't bother pursuing the request.
@all
You can safely ignore any warnings from VirusTotal or Jotti. The test apps included in the package are written in AutoIt and are commonly (and unfortunately) flagged by crappy anti-virus engines included in those online scanners.
You need to get DbgView working first and enable debug messages in sbiextra.ini. Hopefully that will clue you into what is going on. You can also open the sandboxed process with something like Process Explorer to see if the sbiextra.dll has really been injected.
@budyn
I'm not helping you bypass game anti-cheat mechanisms, so don't bother pursuing the request.
@all
You can safely ignore any warnings from VirusTotal or Jotti. The test apps included in the package are written in AutoIt and are commonly (and unfortunately) flagged by crappy anti-virus engines included in those online scanners.
sbiextra confilicts with Flash Player in ProtectedMode
I have the following installed: Sandboxie 3.72, sbiextra v1.0.0.17, Firefox 13.0.1, Flash Player 11.3.300.257
I use this web page to test Flash Player functionality: http://www.adobe.com/software/flash/about/
Here is some info on Flash Player's ProtectedMode: https://blogs.adobe.com/asset/2012/06/i ... refox.html
By default, Flash Player has ProtectedMode enabled.
At the bottom of this page (under "Last resort") is how to disable ProtectedMode: http://forums.adobe.com/thread/1018071?tstart=0
I am getting the same results with both Win7 x32 and Win7 x64.
Here are the combinations that work fine for me:
Firefox+Flash Player with ProtectedMode enabled
Sandboxie+sbiextra+Firefox+Flash Player with ProtectedMode disabled
Sandboxie+Firefox+Flash Player with ProtectedMode enabled
Here is the combination that causes Flash Player to crash (on the above test web page):
Sandboxie+sbiextra+Firefox+Flash Player with ProtectedMode enabled
When I say crash, I mean that plugin-container.exe and both instances of FlashPlayerPlugin_11_3_300_257.exe terminate after about 30 seconds, and Flash Player fails to render the intended graphics.
Thus, I have to choose between sbiextra and Flash Player with ProtectedMode enabled. For now, I disabled Flash Player's ProtectedMode.
My questions:
1) Can anyone else reproduce the behavior I am seeing?
2) If so, any ideas on how to modify sbiextra to allow the sandboxed Flash Player to access specifically what it needs, without allowing malware Flash content to have access to dangerous info, and without reducing sbiextra protection on other sandboxed processes?
3) Is it possible to allow entries to 'sbiextra.ini' for "process A is allowed to access process B outside the sandbox"?
I use this web page to test Flash Player functionality: http://www.adobe.com/software/flash/about/
Here is some info on Flash Player's ProtectedMode: https://blogs.adobe.com/asset/2012/06/i ... refox.html
By default, Flash Player has ProtectedMode enabled.
At the bottom of this page (under "Last resort") is how to disable ProtectedMode: http://forums.adobe.com/thread/1018071?tstart=0
I am getting the same results with both Win7 x32 and Win7 x64.
Here are the combinations that work fine for me:
Firefox+Flash Player with ProtectedMode enabled
Sandboxie+sbiextra+Firefox+Flash Player with ProtectedMode disabled
Sandboxie+Firefox+Flash Player with ProtectedMode enabled
Here is the combination that causes Flash Player to crash (on the above test web page):
Sandboxie+sbiextra+Firefox+Flash Player with ProtectedMode enabled
When I say crash, I mean that plugin-container.exe and both instances of FlashPlayerPlugin_11_3_300_257.exe terminate after about 30 seconds, and Flash Player fails to render the intended graphics.
Thus, I have to choose between sbiextra and Flash Player with ProtectedMode enabled. For now, I disabled Flash Player's ProtectedMode.
My questions:
1) Can anyone else reproduce the behavior I am seeing?
2) If so, any ideas on how to modify sbiextra to allow the sandboxed Flash Player to access specifically what it needs, without allowing malware Flash content to have access to dangerous info, and without reducing sbiextra protection on other sandboxed processes?
3) Is it possible to allow entries to 'sbiextra.ini' for "process A is allowed to access process B outside the sandbox"?
-
DR_LaRRY_PEpPeR
- Posts: 291
- Joined: Wed Jul 04, 2012 6:40 pm
- Location: St. Louis area
@DR
The short answer is yes. These are user mode hooks, so a determined app could get around them, but they would specifically have to be aware of the hooks and actively bypass them. This is a limitation of InjectDll.
@Binky
What makes you think there *is* a workaround? If flashplayer needs access to a resource you're blocking, then you simply can't block it. I won't be developing this DLL further to allow the kind of whitelisting you're talking about. Even so, can you selectively allow components in sbiextra.ini until you find the conflict?
The short answer is yes. These are user mode hooks, so a determined app could get around them, but they would specifically have to be aware of the hooks and actively bypass them. This is a limitation of InjectDll.
@Binky
What makes you think there *is* a workaround? If flashplayer needs access to a resource you're blocking, then you simply can't block it. I won't be developing this DLL further to allow the kind of whitelisting you're talking about. Even so, can you selectively allow components in sbiextra.ini until you find the conflict?
-
Sabotaged
Here: http://www.sandboxie.com/phpbb/viewtopic.php?t=12899arclite89 wrote:Can someone update the download link for the DLLs, please? The files aren't available anymore on that link. Thanks.
I downloaded BSA and inside was the latest sbiextra.dll and sbiextra_x64.dll
-
fanish
It may be a dumb question, but is this still useful with version 4?
This is part of what Tzuk mentioned for version 4 - Instead, a program under the supervision of Sandboxie v4 runs with no permissions and cannot access or manipulate objects in the system outside the program's own memory.
This is what this utility does - ...block sandboxed processes from accessing information about processes running outside the sandbox, and to prevent them from reading the memory of any process not running in their same sandbox...
I may be misinterpreting, but it sounds like version 4 does what this tool does? At least, for the most part of it? Is there still any advantage to use it?
Thanks
This is part of what Tzuk mentioned for version 4 - Instead, a program under the supervision of Sandboxie v4 runs with no permissions and cannot access or manipulate objects in the system outside the program's own memory.
This is what this utility does - ...block sandboxed processes from accessing information about processes running outside the sandbox, and to prevent them from reading the memory of any process not running in their same sandbox...
I may be misinterpreting, but it sounds like version 4 does what this tool does? At least, for the most part of it? Is there still any advantage to use it?
Thanks
-
warriorpaw
- Posts: 2
- Joined: Mon Jun 17, 2013 11:00 pm
I run the winhex in sandboxie 4.0.2 without this utility , then the winhex can list the processes running outside the sandbox and read their memory .fanish wrote:It may be a dumb question, but is this still useful with version 4?
This is part of what Tzuk mentioned for version 4 - Instead, a program under the supervision of Sandboxie v4 runs with no permissions and cannot access or manipulate objects in the system outside the program's own memory.
This is what this utility does - ...block sandboxed processes from accessing information about processes running outside the sandbox, and to prevent them from reading the memory of any process not running in their same sandbox...
I may be misinterpreting, but it sounds like version 4 does what this tool does? At least, for the most part of it? Is there still any advantage to use it?
Thanks
I try to read memory from chrome and foobar2000 and PDF reader, even avast! , all access successfully .......
And sbiextra v1.0.0.17 can't work with sandboxie 4.0.2 ....... I got 'CRT not initialized' error ~
PLS update ~~~ thanks ~~!!!
CRT not initialized error.
I have encountered "CRT not initialized" error while trying to run sbiextra v1.0.0.17 on Sandboxie 4.06 (Windows XP SP3).
Wraithdu, could you please take a look on that.
Wraithdu, could you please take a look on that.
Who is online
Users browsing this forum: No registered users and 1 guest
