NtQueryInformationProcess hook

Buster · Post by **Buster** » Thu Feb 20, 2014 5:35 pm

Sandboxie hooks NtQueryObject in order to return a faked path instead the real one to sandboxed applications.

I would like to request you hook also NtQueryInformationProcess (ProcessImageFileName) in the same terms as NtQueryObject, so faked path is returned too for that function.

http://msdn.microsoft.com/en-us/library ... 85%29.aspx

ProcessImageFileName
27

Retrieves a UNICODE_STRING value containing the name of the image file for the process.

Curt@invincea · Post by **Curt@invincea** » Fri Feb 21, 2014 1:38 pm

tzuk has some comments in the code that look like he started working on this. It sounds like a good idea, but there may be some issues that caused him to postpone it. Please give us some time to investigate.

Buster · Post by **Buster** » Fri Feb 21, 2014 1:52 pm

Nice, thanks!

Buster · Post by **Buster** » Fri Apr 04, 2014 12:17 am

Will be possible to introduce the requested hook?

Buster · Post by **Buster** » Wed Jun 18, 2014 3:47 pm

Sandboxie 4.13.1 will include this feature?

Curt@invincea · Post by **Curt@invincea** » Wed Jun 18, 2014 6:16 pm

Buster wrote:Sandboxie 4.13.1 will include this feature?

That will probably be in 4.13.2.

Buster · Post by **Buster** » Wed Aug 13, 2014 2:01 pm

Curt@invincea wrote:
Buster wrote:Sandboxie 4.13.1 will include this feature?
That will probably be in 4.13.2.

Has been included?

Curt@invincea · Post by **Curt@invincea** » Thu Aug 14, 2014 12:43 pm

I am working on this right now. It will be in 4.13.3.

Buster · Post by **Buster** » Thu Aug 14, 2014 12:52 pm

Nice, thanks!

Sandboxie Support

NtQueryInformationProcess hook

NtQueryInformationProcess hook

Re: NtQueryInformationProcess hook

Re: NtQueryInformationProcess hook

Re: NtQueryInformationProcess hook

Re: NtQueryInformationProcess hook

Re: NtQueryInformationProcess hook

Re: NtQueryInformationProcess hook

Re: NtQueryInformationProcess hook

Re: NtQueryInformationProcess hook

Who is online