SandboxDiff - Registry/Files changes

Utilities designed for use with Sandboxie
wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Sat Jul 18, 2009 1:39 pm

Sounds like a C++ runtime problem maybe? What version of the runtime was the app compiled against, and what version do you all have installed?

Guest10
Posts: 5124
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

Post by Guest10 » Sat Jul 18, 2009 6:16 pm

wraithdu wrote:... and what version do you all have installed?
msvcp60.dll is apparently a part of the C++ Run-time package. Mine is:
Microsoft (R) C++ Runtime Library, V 6.2.3104.0, Date Modified 4/13/2008.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007

Guest

Post by Guest » Mon Jul 20, 2009 12:38 am

So is there any fix? msgwait.exe keeps crashing when sandboxdiff is running.
I need this tool very much. Any alternatives?

majoMo
Posts: 14
Joined: Mon Jun 30, 2008 6:18 pm

Post by majoMo » Mon Jul 20, 2009 10:00 am

Anonymous wrote:So is there any fix? msgwait.exe keeps crashing when sandboxdiff is running.
I need this tool very much. Any alternatives?
Please wait a little bit, if you can... :wink:

majoMo
Posts: 14
Joined: Mon Jun 30, 2008 6:18 pm

SandboxDiff updated

Post by majoMo » Mon Jul 20, 2009 10:52 am

SandboxDiff updated.

Changes:

- Fixed: an issue when the RegHive file size is bigger that 6 MB.
- Added: when RegHive file can't be load for some reason, the user is advised - and SandboxDiff closed.
- Fixed: get around the 'msgwait.exe' file crash issue in some users'systems.


Download in: Contributed Utilities page.

Guest

Post by Guest » Tue Jul 21, 2009 5:04 am

Thanks for the update. It fixed the msgwait.exe problem.

I have configured the path:
copy "C:\Sandbox\Superman\DefaultBox\RegHive" hive_1.bak /v /y > NUL

Every time I run the sandboxdiff I encounter this error message:

Code: Select all

file open error:[hive_1.reg.txt]
What is this?
What could cause such a problem?

majoMo
Posts: 14
Joined: Mon Jun 30, 2008 6:18 pm

Post by majoMo » Tue Jul 21, 2009 11:40 am

Humm. What is your OS? Do you have a 'reg.exe' file in 'WINDOWS\system32' folder?

Guest

Post by Guest » Wed Jul 22, 2009 12:44 am

majoMo wrote:Humm. What is your OS? Do you have a 'reg.exe' file in 'WINDOWS\system32' folder?
Windows XP
Yes
Did you hardcode the default path of Windows? In other words does it still work if people installs Windows in other drives (drive letter other than C)?

majoMo
Posts: 14
Joined: Mon Jun 30, 2008 6:18 pm

Post by majoMo » Wed Jul 22, 2009 9:02 am

Yes it should works. BTW is your Windows folder'path in another drive, other than C?

1. Can you try this?: to do the bat file e.g. 'name.bat' in your text editor with:

@echo off
reg.exe load HKU\hive hive_1.bak
reg.exe export HKU\hive hive_1.reg.txt
reg.exe unload HKU\hive
pause


Run it; some warnings? did it create a 'hive_1.reg.txt' file?

2. Copy 'reg.exe' to where 'SandboxDiff.exe' is. Run 'SandboxDiff.exe'. Same message yet?

Guest

Post by Guest » Fri Jul 24, 2009 1:16 am

My account is a limited user account I guess it's the cause of the problem.

1. It cannot run even though the account has "read" and "read and run" rights on reg.exe
The message complains:
Error: The client has no special rights to run it
System couldn't find specific registry key
Error: The client has no special rights to run it

2. I copied the reg.exe using the admin account.
I added my account into the group. Set "read" and "read and run" rights.
Same error message:
file open error:[hive_1.reg.txt]

What should I configure to allow a limited user account to run it successfully?

majoMo
Posts: 14
Joined: Mon Jun 30, 2008 6:18 pm

Post by majoMo » Fri Jul 24, 2009 4:03 pm

1. Right-click the program and select 'Run as...'. Specify a non-limited account.

2. As a workaround, you can use an Administrator account to run the program by performing the following steps:

Right-click the program shortcut, then select Properties.
From the Shortcut tab, click Advanced.
Select the "Run with different credentials" check box, as this figure shows, then click OK.
Click OK to close the Properties dialog box.

Now, when you execute the program shortcut, XP will prompt you to enter the user context in which you want to run the program. Select "The following user" and specify a non-limited account.
Hope this help. :wink:

Todd

File Comparison: More than Filename/Presence of File?

Post by Todd » Thu Aug 13, 2009 12:49 am

Much thanks for this SBie add-on; works great!

Regarding the file comparison, does SandboxDiff compare any more than the filename--or simply the presence of the file(s)--in the sandbox? For example, if a file already present in the sandbox was updated (but filename remained the same) during a sandboxed program session, would SandboxDiff detect the difference and highlight it green in the results? Or would the before and after entries remain un-highlighted?

The reason I ask is after testing it on a program installation, I thought it would be interesting to test it on a subsequent update to that program (weeks later). Prior to the update test, I ran a sandboxed session of the program to pre-populate the sandbox with files already installed and used by the program (so those that didn't change after the update wouldn't show up highlighted green in the results [they would if they weren't in the sandbox already]). I then started SandboxDiff, started the sandboxed program, then updated it in the sandbox.

SandboxDiff worked just fine. But what I'm not sure is whether one or more files that were updated (but no change to filename) were recognized by SandboxDiff as having changed. Does SandboxDiff check any other file attributes? One way to be sure would be to compare a before and after hash (such as SHA1) of the files, but not sure how that would impact comparison speed (runs pretty zippy on my XP SP3 quad-core CPU).

Thanks!

majoMo
Posts: 14
Joined: Mon Jun 30, 2008 6:18 pm

Re: File Comparison: More than Filename/Presence of File?

Post by majoMo » Sat Aug 15, 2009 10:05 am

Todd wrote:Does SandboxDiff check any other file attributes?
No, it doesn't do that. I'll check if it's easy to do something like that.

I appreciated your feedback and your question/suggestion. Thanks.

slatester
Posts: 9
Joined: Wed Sep 16, 2009 5:48 pm

Post by slatester » Tue Sep 22, 2009 12:54 pm

Hi, thanks for this, very helpful.

I also get a regdump.exe crash, but like you said the changes are still visible in Comp-Reg.REG.txt.

majoMo
Posts: 14
Joined: Mon Jun 30, 2008 6:18 pm

Post by majoMo » Sat Sep 26, 2009 7:40 pm

@ slatester,

Good to know you didn't lose the registry entries'changes.

Glad you found it helpful. :wink:

Regards

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest