Page 13 of 15

Posted: Sat Mar 24, 2012 1:52 pm
by tzuk
It might be something as trivial as a typo somewhere, which causes the DLL to not load. Post your Sandboxie.ini so we can review it together.

Posted: Wed Apr 04, 2012 8:25 am
by budyn
So iv downloaded sandboxie, i got my diablo III beta and i want to run it sandboxed,
Iv put ur DLL into my sandboxie.ini.
I run D3beta normally, than i want to run it in sandbox it says on the launcher that diablo 3 beta is already running.How to solve that?

Posted: Wed Jun 13, 2012 1:29 am
by wraithdu
@needsomehelpplease
You need to get DbgView working first and enable debug messages in sbiextra.ini. Hopefully that will clue you into what is going on. You can also open the sandboxed process with something like Process Explorer to see if the sbiextra.dll has really been injected.

@budyn
I'm not helping you bypass game anti-cheat mechanisms, so don't bother pursuing the request.

@all
You can safely ignore any warnings from VirusTotal or Jotti. The test apps included in the package are written in AutoIt and are commonly (and unfortunately) flagged by crappy anti-virus engines included in those online scanners.

sbiextra confilicts with Flash Player in ProtectedMode

Posted: Tue Jun 19, 2012 2:22 pm
by Binky
I have the following installed: Sandboxie 3.72, sbiextra v1.0.0.17, Firefox 13.0.1, Flash Player 11.3.300.257
I use this web page to test Flash Player functionality: http://www.adobe.com/software/flash/about/
Here is some info on Flash Player's ProtectedMode: https://blogs.adobe.com/asset/2012/06/i ... refox.html
By default, Flash Player has ProtectedMode enabled.
At the bottom of this page (under "Last resort") is how to disable ProtectedMode: http://forums.adobe.com/thread/1018071?tstart=0
I am getting the same results with both Win7 x32 and Win7 x64.

Here are the combinations that work fine for me:
Firefox+Flash Player with ProtectedMode enabled
Sandboxie+sbiextra+Firefox+Flash Player with ProtectedMode disabled
Sandboxie+Firefox+Flash Player with ProtectedMode enabled

Here is the combination that causes Flash Player to crash (on the above test web page):
Sandboxie+sbiextra+Firefox+Flash Player with ProtectedMode enabled

When I say crash, I mean that plugin-container.exe and both instances of FlashPlayerPlugin_11_3_300_257.exe terminate after about 30 seconds, and Flash Player fails to render the intended graphics.

Thus, I have to choose between sbiextra and Flash Player with ProtectedMode enabled. For now, I disabled Flash Player's ProtectedMode.

My questions:
1) Can anyone else reproduce the behavior I am seeing?
2) If so, any ideas on how to modify sbiextra to allow the sandboxed Flash Player to access specifically what it needs, without allowing malware Flash content to have access to dangerous info, and without reducing sbiextra protection on other sandboxed processes?
3) Is it possible to allow entries to 'sbiextra.ini' for "process A is allowed to access process B outside the sandbox"?

Posted: Tue Jun 19, 2012 2:37 pm
by Binky
By the way, I added FlashPlayerPlugin_11_3_300_257.exe to <InternetAccess> and <StartRunAccess>. This is needed to allow Sandboxie+Firefox+Flash Player with ProtectedMode enabled to work.

Posted: Thu Jul 19, 2012 2:30 pm
by Binky
I am experiencing the same problem with Firefox 14.0.1 and Flash Player 11.3.300.265 (with Sandboxie 3.72 and sbiextra v1.0.0.17)

Posted: Sat Jul 21, 2012 11:04 am
by DR_LaRRY_PEpPeR
Is this blocking only for "nice" programs...? e.g. could code bypass the hooks and call the REAL functions directly? GetProcAddress to get the address from the DLLs, anything like that?

I have some ideas, but not sure if they're worth implementing if it's trivial to get around the hooks. :x

Posted: Fri Jul 27, 2012 12:29 pm
by Binky
I am experiencing the same problem with Firefox 14.0.1 and Flash Player 11.3.300.268 (with Sandboxie 3.72 and sbiextra v1.0.0.17)

Posted: Thu Sep 27, 2012 10:05 am
by Binky
I am experiencing the same problem with Firefox 15.0.1 and Flash Player 11.4.202.278 (with Sandboxie 3.74 and sbiextra v1.0.0.17)

Posted: Fri Oct 05, 2012 5:56 pm
by wraithdu
@DR
The short answer is yes. These are user mode hooks, so a determined app could get around them, but they would specifically have to be aware of the hooks and actively bypass them. This is a limitation of InjectDll.

@Binky
What makes you think there *is* a workaround? If flashplayer needs access to a resource you're blocking, then you simply can't block it. I won't be developing this DLL further to allow the kind of whitelisting you're talking about. Even so, can you selectively allow components in sbiextra.ini until you find the conflict?

Posted: Sat Mar 02, 2013 3:16 am
by arclite89
Can someone update the download link for the DLLs, please? The files aren't available anymore on that link. Thanks.

Posted: Tue Apr 02, 2013 11:27 pm
by Sabotaged
arclite89 wrote:Can someone update the download link for the DLLs, please? The files aren't available anymore on that link. Thanks.
Here: http://www.sandboxie.com/phpbb/viewtopic.php?t=12899

I downloaded BSA and inside was the latest sbiextra.dll and sbiextra_x64.dll

Posted: Wed May 08, 2013 1:47 pm
by fanish
It may be a dumb question, but is this still useful with version 4?

This is part of what Tzuk mentioned for version 4 - Instead, a program under the supervision of Sandboxie v4 runs with no permissions and cannot access or manipulate objects in the system outside the program's own memory.

This is what this utility does - ...block sandboxed processes from accessing information about processes running outside the sandbox, and to prevent them from reading the memory of any process not running in their same sandbox...

I may be misinterpreting, but it sounds like version 4 does what this tool does? At least, for the most part of it? Is there still any advantage to use it?


Thanks

Posted: Mon Jun 17, 2013 11:14 pm
by warriorpaw
fanish wrote:It may be a dumb question, but is this still useful with version 4?

This is part of what Tzuk mentioned for version 4 - Instead, a program under the supervision of Sandboxie v4 runs with no permissions and cannot access or manipulate objects in the system outside the program's own memory.

This is what this utility does - ...block sandboxed processes from accessing information about processes running outside the sandbox, and to prevent them from reading the memory of any process not running in their same sandbox...

I may be misinterpreting, but it sounds like version 4 does what this tool does? At least, for the most part of it? Is there still any advantage to use it?


Thanks
I run the winhex in sandboxie 4.0.2 without this utility , then the winhex can list the processes running outside the sandbox and read their memory .
I try to read memory from chrome and foobar2000 and PDF reader, even avast! , all access successfully .......

And sbiextra v1.0.0.17 can't work with sandboxie 4.0.2 ....... I got 'CRT not initialized' error ~

PLS update ~~~ thanks ~~!!!

CRT not initialized error.

Posted: Tue Dec 17, 2013 11:30 pm
by Javapraca
I have encountered "CRT not initialized" error while trying to run sbiextra v1.0.0.17 on Sandboxie 4.06 (Windows XP SP3).

Wraithdu, could you please take a look on that.