Page 2 of 2
Posted: Wed Sep 24, 2008 10:25 am
by tzuk
Posted: Wed Sep 24, 2008 2:41 pm
by raid
tzuk wrote:I don't see Sandboxie as a malware research tool, so I'm not going to add features that are dedicated to malware research. Buster, I've already mentioned the InjectDll setting which would let you inject DLLs into sandboxed programs. All you need is to write a small DLL that hooks DeleteFile and prevent the deletion. Maybe you and guys can team up and figure out how to do that.
Perfectly understandable Tzuk. Although, Sandboxie does a fine job of assisting in malware research. You've really got one fantastic little program.
I will be purchasing a license for it very soon. Your a professional author and have gone out of your way as far as I'm concerned to answer my question.
Thanks again!
Posted: Wed Sep 24, 2008 8:20 pm
by dynarx
raid wrote:You've really got one fantastic little program.
Little it may be, but as we say round here, it's not the amount of code in the fight that counts, but the amount of fight in the code!
Just passing, don't mind me
Cheers, all.
Dynarx
Posted: Thu Sep 25, 2008 2:44 am
by Buster
Would be anyone able to code the same stuff tzuk did but in Delphi?
Posted: Thu Sep 25, 2008 2:54 am
by Ruhe
I'm a home and hobby Delphi coder but always have problems to read this C/C++ stuff.
Posted: Thu Sep 25, 2008 3:46 am
by Buster
Ruhe wrote:I'm a home and hobby Delphi coder but always have problems to read this C/C++ stuff.
I´m in the same situation.
Posted: Sun Sep 28, 2008 7:30 am
by Ruhe
After some tries, I'm not able to convert this code to Delphi.
Posted: Wed Oct 01, 2008 5:47 am
by Buster
http://www.megaupload.com/?d=EDI97UO3
There you can get a working DLL to avoid file deletion with source code included in Delphi.
I was unable to convert tzuk´s code so I used a hooking unit from other person.
tzuk: a question...
I tried to hook NtSetInformationFile from ntdll.dll but Sandboxie rejects to inject the DLL and aborts opening a sandbox.
Why does it happen?
Posted: Wed Oct 01, 2008 9:56 am
by Buster
up!
Posted: Wed Oct 01, 2008 10:41 am
by tzuk
I don't know why it happens.
Posted: Wed Oct 01, 2008 12:15 pm
by Buster
Fixed, thanks!
What about NtSetInformationFile from ntdll.dll? Do you know why it happens?
Posted: Thu Oct 02, 2008 5:26 pm
by tzuk
I don't know why it happens.
Posted: Thu Oct 02, 2008 6:01 pm
by Buster
Sorry, I thought you were meaning other thing.
If I send you the DLL could you check what´s going wrong?
Posted: Thu Oct 02, 2008 6:21 pm
by tzuk
No, Buster, I am sorry but I don't think that's a good idea for me to debug your DLL.