Block Process Access

Utilities designed for use with Sandboxie
InjectDll

Post by InjectDll » Wed Oct 27, 2010 3:39 am

hi, wraithdu, could you give me some help ?

I am writing a injectdll, and have some problems.

I found that my dll was loaded by SandboxieDcomLaunch.exe,SandboxieRpcSs.exe and the sandboxed program, but your dll was only loaded by the sandboxed program, could you tell me how to do that ?

And, if I hook the function which is exported by kernel.dll, the sandboxie and the sandboxed program work well , but if I hook the function which is exported by Ntdll.dll, the sandboxie always gives some errors.

eg. I hook NtReadVirtualMemory, sandboxie would give me "Error 193: %1 is not a valid Win32 application" and SBIE2313 SBIE2204

I use VS2008


thanks

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Tue Jan 18, 2011 4:35 pm

Edit:

I was wrong, gotta rework something before this will work with 3.52.

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Wed Jan 19, 2011 1:08 pm

Ok, updated for Sandboxie 3.51+, to sbiextra version 1.0.0.17. It should work for old versions of Sandboxie still, as I've added code to fall back to my old path discovery method.

EDIT:
Ok, while the fallback is there, the new API names won't, so this will actually only work with SB 3.51 beta+. Oh well, time to upgrade.

darkwolf_99
Posts: 71
Joined: Sun Mar 14, 2010 12:24 pm

Post by darkwolf_99 » Fri Jan 21, 2011 4:35 am

Image

Today I changed v1.0.0.16 to v1.0.0.17, but I got wrong message like above. I tried to re-install Microsoft Visual C++ 2008 SP1 Runtimes, but the wrong message is still there when I start programs in SBie. What should I do my friend? (win 7 32bit, SBie 3.52)



Yeah, I have solved it by myself. It needs Microsoft Visual C++ 2010 Runtimes. I think you should revise the file, Readme.txt.

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Fri Jan 21, 2011 8:35 am

Aww nuts, silly VS 2010. I'll change the first post with a link for the new runtimes.

Binky
Posts: 129
Joined: Sun Nov 14, 2010 9:21 pm

Post by Binky » Fri Jan 21, 2011 1:10 pm

In sbiextra_1.0.0.17.zip, the Readme.txt still refers to the Microsoft Visual C++ 2008 Runtimes.

On my Win7 x64 PC, I already had both the x86 and x64 versions of the Microsoft Visual C++ 2010 Runtimes (after installing Visual Studio 2010 Express). Since both x86 and x64 DLLs are injected, both runtime versions may be needed on an x64 PC. It would be helpful if someone with an x64 PC tests this out for us. Install only the x64 Microsoft Visual C++ 2010 Runtime, and test it with an x86 sandboxed target. If a failure, install the x86 Microsoft Visual C++ 2010 Runtime. Then report the results here.

It would be helpful to clarify in the first post and Readme.txt whether the x86 version of the Microsoft Visual C++ 2010 Runtime is needed with Windows x64.

A Suggestion

Process, files and archive naming

Post by A Suggestion » Tue Feb 08, 2011 1:38 pm

Hi thanks for this sms just what is needed. Although would feel it's name could be better that sbiextra which is meaning is generic extra for sandboxie. I'm sure this isn't generic but really is 'Sandboxie Block Process Access', then why not call it this, and all the files the same.

If someone said to me have you got or you need sbiextra, and sandboxies does have lots of extras Contributed Utilities (sandboxie extras) i would be at a loss. Since the page for Contributed Utilities says 'Block Process Access' not sbiextra.

I haverenamed it for rar file, but the internal files i have left incase need to be named as you have done. Shame since later when i need to find the file on a pc i will not think of 'sbietra' name, only 'Block Process Access' which is its real name. Confusing i agree, 'Block Process Access' for application, files and achive is far better.

1. Let us know here if ok to rename all the files to Block Process Access ?

2. Internaly when run is it known and seen as Block Process Access or sbiextra ?

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Tue Feb 08, 2011 11:29 pm

I don't really understand what you're getting at, but internally there is no reference to a specific file name... that would be poor programming IMO. If you feel the need to rename the DLLs on your system for whatever reason, go for it!

MessageBoxA
Posts: 17
Joined: Wed Dec 29, 2010 2:53 pm

Post by MessageBoxA » Wed Mar 30, 2011 4:15 pm

Could you post the source code for this addon? I would like to make some modifications to the project.

Thanks.

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Fri Apr 01, 2011 1:12 am

MessageBoxA wrote:Could you post the source code for this addon? I would like to make some modifications to the project.

Thanks.
PM me please :)

Todd

Microsoft Visual C++ 2008 vs. 2010 Runtimes

Post by Todd » Wed May 18, 2011 9:29 pm

wraithdu:

Just wanted to point out that the "Contributed Utilities" page still indicates that the "Microsoft Visual C++ 2008 SP1 Runtimes" are required for this utility, whereas your updated post indicates that the 2010 runtimes are now required (for v1.0.0.17).

Todd

Todd

Block Process Access + SandboxiePortable?

Post by Todd » Thu May 19, 2011 2:19 am

Can Block Process Access be made to work with SandboxiePortable?

AlexG
Posts: 21
Joined: Sun Dec 06, 2009 2:24 pm

Post by AlexG » Mon Aug 15, 2011 3:09 pm

Would it be possible for Block Process Access to have a functinality like this, even if disabled by defaul ?

http://www.sandboxie.com/phpbb/viewtopic.php?t=11092

sjd
Posts: 24
Joined: Sun Jan 31, 2010 12:16 pm

Post by sjd » Sun Aug 21, 2011 9:01 pm

I'm trying to setup this dll but have run into a problem. I run IE as my main browser inside and outside of sandboxes. However, I use FF inside sandboxes (not installed on host side) and that's where the problem lies. When I run FF, the following error appears:

firefox.exe - System Error
The Program can't start because MSVCP100.dll is missing from your computer.
Try reinstalling the program to fix this problem.

I've tried disabling each item listed in the sbiextra.ini one at a time but the error still exists. When I remove the InjectDll and InjectDll64, Firefox works as it should. Since I rather not install FF outside a sandbox; I'm wondering, is there a way to somehow add the path to the MSVCP100.dll, in a global\main template to fix FF since I have several of them? Or perhaps there's a better way to fix this?

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Tue Sep 06, 2011 8:41 am

Have you installed the VC++ 2010 runtimes as the first post mentions? If so, you'll have to start a bug report thread as to why Sandboxie is not seeing that installation for injected DLLs.

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests