Block Process Access

Utilities designed for use with Sandboxie
tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Sat Mar 24, 2012 1:52 pm

It might be something as trivial as a typo somewhere, which causes the DLL to not load. Post your Sandboxie.ini so we can review it together.
tzuk

budyn
Posts: 5
Joined: Sat Mar 31, 2012 4:30 pm

Post by budyn » Wed Apr 04, 2012 8:25 am

So iv downloaded sandboxie, i got my diablo III beta and i want to run it sandboxed,
Iv put ur DLL into my sandboxie.ini.
I run D3beta normally, than i want to run it in sandbox it says on the launcher that diablo 3 beta is already running.How to solve that?

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Wed Jun 13, 2012 1:29 am

@needsomehelpplease
You need to get DbgView working first and enable debug messages in sbiextra.ini. Hopefully that will clue you into what is going on. You can also open the sandboxed process with something like Process Explorer to see if the sbiextra.dll has really been injected.

@budyn
I'm not helping you bypass game anti-cheat mechanisms, so don't bother pursuing the request.

@all
You can safely ignore any warnings from VirusTotal or Jotti. The test apps included in the package are written in AutoIt and are commonly (and unfortunately) flagged by crappy anti-virus engines included in those online scanners.

Binky
Posts: 129
Joined: Sun Nov 14, 2010 9:21 pm

sbiextra confilicts with Flash Player in ProtectedMode

Post by Binky » Tue Jun 19, 2012 2:22 pm

I have the following installed: Sandboxie 3.72, sbiextra v1.0.0.17, Firefox 13.0.1, Flash Player 11.3.300.257
I use this web page to test Flash Player functionality: http://www.adobe.com/software/flash/about/
Here is some info on Flash Player's ProtectedMode: https://blogs.adobe.com/asset/2012/06/i ... refox.html
By default, Flash Player has ProtectedMode enabled.
At the bottom of this page (under "Last resort") is how to disable ProtectedMode: http://forums.adobe.com/thread/1018071?tstart=0
I am getting the same results with both Win7 x32 and Win7 x64.

Here are the combinations that work fine for me:
Firefox+Flash Player with ProtectedMode enabled
Sandboxie+sbiextra+Firefox+Flash Player with ProtectedMode disabled
Sandboxie+Firefox+Flash Player with ProtectedMode enabled

Here is the combination that causes Flash Player to crash (on the above test web page):
Sandboxie+sbiextra+Firefox+Flash Player with ProtectedMode enabled

When I say crash, I mean that plugin-container.exe and both instances of FlashPlayerPlugin_11_3_300_257.exe terminate after about 30 seconds, and Flash Player fails to render the intended graphics.

Thus, I have to choose between sbiextra and Flash Player with ProtectedMode enabled. For now, I disabled Flash Player's ProtectedMode.

My questions:
1) Can anyone else reproduce the behavior I am seeing?
2) If so, any ideas on how to modify sbiextra to allow the sandboxed Flash Player to access specifically what it needs, without allowing malware Flash content to have access to dangerous info, and without reducing sbiextra protection on other sandboxed processes?
3) Is it possible to allow entries to 'sbiextra.ini' for "process A is allowed to access process B outside the sandbox"?

Binky
Posts: 129
Joined: Sun Nov 14, 2010 9:21 pm

Post by Binky » Tue Jun 19, 2012 2:37 pm

By the way, I added FlashPlayerPlugin_11_3_300_257.exe to <InternetAccess> and <StartRunAccess>. This is needed to allow Sandboxie+Firefox+Flash Player with ProtectedMode enabled to work.

Binky
Posts: 129
Joined: Sun Nov 14, 2010 9:21 pm

Post by Binky » Thu Jul 19, 2012 2:30 pm

I am experiencing the same problem with Firefox 14.0.1 and Flash Player 11.3.300.265 (with Sandboxie 3.72 and sbiextra v1.0.0.17)

DR_LaRRY_PEpPeR
Posts: 291
Joined: Wed Jul 04, 2012 6:40 pm
Location: St. Louis area

Post by DR_LaRRY_PEpPeR » Sat Jul 21, 2012 11:04 am

Is this blocking only for "nice" programs...? e.g. could code bypass the hooks and call the REAL functions directly? GetProcAddress to get the address from the DLLs, anything like that?

I have some ideas, but not sure if they're worth implementing if it's trivial to get around the hooks. :x

Binky
Posts: 129
Joined: Sun Nov 14, 2010 9:21 pm

Post by Binky » Fri Jul 27, 2012 12:29 pm

I am experiencing the same problem with Firefox 14.0.1 and Flash Player 11.3.300.268 (with Sandboxie 3.72 and sbiextra v1.0.0.17)

Binky
Posts: 129
Joined: Sun Nov 14, 2010 9:21 pm

Post by Binky » Thu Sep 27, 2012 10:05 am

I am experiencing the same problem with Firefox 15.0.1 and Flash Player 11.4.202.278 (with Sandboxie 3.74 and sbiextra v1.0.0.17)

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Fri Oct 05, 2012 5:56 pm

@DR
The short answer is yes. These are user mode hooks, so a determined app could get around them, but they would specifically have to be aware of the hooks and actively bypass them. This is a limitation of InjectDll.

@Binky
What makes you think there *is* a workaround? If flashplayer needs access to a resource you're blocking, then you simply can't block it. I won't be developing this DLL further to allow the kind of whitelisting you're talking about. Even so, can you selectively allow components in sbiextra.ini until you find the conflict?

arclite89
Posts: 1
Joined: Sat Mar 02, 2013 3:14 am

Post by arclite89 » Sat Mar 02, 2013 3:16 am

Can someone update the download link for the DLLs, please? The files aren't available anymore on that link. Thanks.

Sabotaged

Post by Sabotaged » Tue Apr 02, 2013 11:27 pm

arclite89 wrote:Can someone update the download link for the DLLs, please? The files aren't available anymore on that link. Thanks.
Here: http://www.sandboxie.com/phpbb/viewtopic.php?t=12899

I downloaded BSA and inside was the latest sbiextra.dll and sbiextra_x64.dll

fanish

Post by fanish » Wed May 08, 2013 1:47 pm

It may be a dumb question, but is this still useful with version 4?

This is part of what Tzuk mentioned for version 4 - Instead, a program under the supervision of Sandboxie v4 runs with no permissions and cannot access or manipulate objects in the system outside the program's own memory.

This is what this utility does - ...block sandboxed processes from accessing information about processes running outside the sandbox, and to prevent them from reading the memory of any process not running in their same sandbox...

I may be misinterpreting, but it sounds like version 4 does what this tool does? At least, for the most part of it? Is there still any advantage to use it?


Thanks

warriorpaw
Posts: 2
Joined: Mon Jun 17, 2013 11:00 pm

Post by warriorpaw » Mon Jun 17, 2013 11:14 pm

fanish wrote:It may be a dumb question, but is this still useful with version 4?

This is part of what Tzuk mentioned for version 4 - Instead, a program under the supervision of Sandboxie v4 runs with no permissions and cannot access or manipulate objects in the system outside the program's own memory.

This is what this utility does - ...block sandboxed processes from accessing information about processes running outside the sandbox, and to prevent them from reading the memory of any process not running in their same sandbox...

I may be misinterpreting, but it sounds like version 4 does what this tool does? At least, for the most part of it? Is there still any advantage to use it?


Thanks
I run the winhex in sandboxie 4.0.2 without this utility , then the winhex can list the processes running outside the sandbox and read their memory .
I try to read memory from chrome and foobar2000 and PDF reader, even avast! , all access successfully .......

And sbiextra v1.0.0.17 can't work with sandboxie 4.0.2 ....... I got 'CRT not initialized' error ~

PLS update ~~~ thanks ~~!!!

Javapraca
Posts: 1
Joined: Tue Dec 17, 2013 11:20 pm

CRT not initialized error.

Post by Javapraca » Tue Dec 17, 2013 11:30 pm

I have encountered "CRT not initialized" error while trying to run sbiextra v1.0.0.17 on Sandboxie 4.06 (Windows XP SP3).

Wraithdu, could you please take a look on that.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest