@tzuk
Could you have a look and see if it's possible to get Sandboxie to work inside MojoPac (normal Sandboxie installation)? I gave it a try. The driver and service (remarkably) install OK, but Sandboxie cannot read or write to the Sandboxie.ini file. Sandboxie also cannot see that an INI file is present in its application directory (versus the WINDOWS location) no matter what I do.
So it's actually really close to working, but not quite there.
http://www.mojopac.com/
MojoPac is now free for personal use, just follow the "For Individuals" link.
Sandboxie inside MojoPac
-
SnDPhoenix
- Posts: 2690
- Joined: Tue Dec 26, 2006 5:44 pm
- Location: West Florida
Actually I couldn't even get that far.
I put the installer onto my usb stick, launched the installer, then went through the installation until it installed (successfully) onto my usb stick, then when I went to actually launch the program though, it said it only runs on XP, how gay.
Even changing the compatibility mode didn't work.
I put the installer onto my usb stick, launched the installer, then went through the installation until it installed (successfully) onto my usb stick, then when I went to actually launch the program though, it said it only runs on XP, how gay.
Even changing the compatibility mode didn't work.
Windows 7 SP1 x64, Sandboxie v3.70 x64 with Experimental Protection, GnuPG, OTR (Off-The-Record), Sticky Password, My Brain.
Yeah, forgot to say it's XP only, sorry there SnDPhoenix. There is a Vista version coming though.
@tzuk
The web registration is free, and as far as I can tell you can enter any sort of fake info you want. There's no registration emails or anything sent. It just creates an account with RingThree to keep track of your MojoPac activations in case you decide to purchase a license for the program, since licensed versions only allow 1 activation at a time.
My idea for getting it running was to protect the MojoPac environment. It's separated from the host machine, but it's vulnerable itself to the same viruses etc. as a regular PC. And considering it's the same amount of work to get the environment set up as configuring a new PC (well almost), I'd like to keep it as safe as possible. Traditional antivirus programs cannot be installed in MojoPac because the kernel mode drivers don't work correctly. So a proactive approach seems prudent.
@tzuk
The web registration is free, and as far as I can tell you can enter any sort of fake info you want. There's no registration emails or anything sent. It just creates an account with RingThree to keep track of your MojoPac activations in case you decide to purchase a license for the program, since licensed versions only allow 1 activation at a time.
My idea for getting it running was to protect the MojoPac environment. It's separated from the host machine, but it's vulnerable itself to the same viruses etc. as a regular PC. And considering it's the same amount of work to get the environment set up as configuring a new PC (well almost), I'd like to keep it as safe as possible. Traditional antivirus programs cannot be installed in MojoPac because the kernel mode drivers don't work correctly. So a proactive approach seems prudent.
Oh, ok then. I installed MojoPac. Then I installed inside MojoPac a version of Sandboxie that was newer than the version outside MojoPac. Immediately following installation I got a Sandboxie error about incompatible driver version. So ...wraithdu wrote:There's no registration emails or anything sent.
... My experience suggests that the driver does not actually install, and that your MojoPac'ed Sandboxie was possibly communicating with the Sandboxie driver outside MojoPac. Do you think you can agree with this statement?wraithdu wrote:The driver and service (remarkably) install OK
Assuming you accept the statement, then ...
... Makes sense because the driver is outside MojoPac and reads the "real" Sandboxie.ini, while SbieSvc and SbieCtrl are inside MojoPac and create/update (but not read!) the MojoPac'ed Sandboxie.ini.wraithdu wrote:Sandboxie cannot read or write to the Sandboxie.ini file. Sandboxie also cannot see that an INI file is present in its application directory (versus the WINDOWS location) no matter what I do.
Makes sense? If you think it makes sense then ...
... Not close at all!wraithdu wrote:So it's actually really close to working, but not quite there.
Also, on a side note, I wasn't able to use Sandboxie inside MojoPac at all. Any attempt to run a sandboxed program give me a Sandboxie error SBIE2306 "Could not locate user directory" (access denied).
tzuk
My bad again. I originally tried Sandboxie in MojoPac on my home laptop with Sandboxie installed locally.....it fried MojoPac 
So no, Sandboxie will not work in MojoPac if it is installed outside because, as you said, it sees the local driver. If you would give it one more try on a host PC that does NOT have Sandboxie installed you might get to the point I was at with the INI errors. MojoPac will give you a warning about installing the driver. Click OK to allow it to install, then as SbieCtrl starts you should see all the INI errors.
So no, Sandboxie will not work in MojoPac if it is installed outside because, as you said, it sees the local driver. If you would give it one more try on a host PC that does NOT have Sandboxie installed you might get to the point I was at with the INI errors. MojoPac will give you a warning about installing the driver. Click OK to allow it to install, then as SbieCtrl starts you should see all the INI errors.
wraithdu wrote:My bad again.
I haven't had the chance to try this today. I may give it a try tomorrow but I don't think we'll be able to make much headway there. Just guessing at this point, but I don't think MojoPac will be trying to virtualize drivers (which would explain the warning message you say you got). So you'll have a situation where SbieDrv is looking at C:\Windows\Sandboxie.ini and SbieSvc is looking at C:\MojoPac\Windows\Sandboxie.ini.wraithdu wrote:If you would give it one more try on a host PC that does NOT have Sandboxie installed you might get to the point I was at with the INI errors. MojoPac will give you a warning about installing the driver. Click OK to allow it to install, then as SbieCtrl starts you should see all the INI errors.
Does MojoPac have an equivalent for OpenFilePath? Maybe that would solve the problem. Again just guessing.
tzuk
MojoPac will virtualize drivers/services, as far as I can tell. When running inside, Sandboxie will see everything the same as if it were a normal PC, ie the location for the service and driver will be C:\Program Files\Sandboxie. I think you'll understand a little more once you spend a bit of time with it.
There's nothing like OpenFilePath for MojoPac.
There's nothing like OpenFilePath for MojoPac.
Looks like minimal virtualization: It creates the service registry key entry for the driver in the MojoPac space, but then allows the driver to load and run freely as part of the 'real' system kernel.wraithdu wrote:MojoPac will virtualize drivers/services, as far as I can tell.
I followed your suggestion and uninstalled Sandboxie from the host. Reinstalling Sandboxie in MojoPac got me the warning you mentioned. Then I got a bunch of "SBIE1402 Configuration file error" messages interspersed with Sandboxie Control error message boxes. All with error code C000003A, or in English (sort of): STATUS_OBJECT_PATH_NOT_FOUND
I assume this matches your experience.
When the Sandboxie driver looks for the configuration file, it checks the installation directory (usually Program Files\Sandboxie) first. If it can't find Sandboxie.ini therer, it will then check the Windows directory. It will silently handle a STATUS_OBJECT_NAME_NOT_FOUND error (i.e., missing Sandboxie.ini) for the first check, but it complains loudly on any other error -- such as a "directory not found" (STATUS_OBJECT_PATH_NOT_FOUND) error.
Once I created \Program Files\Sandboxie on the host, I stopped getting the error messages, instead I get the warning that "configure file is missing, using defaults".
The conclusion is that I guessed correctly.
So what can you do about it? I used junction to do the 'reverse' of something like OpenFilePath:tzuk wrote:So you'll have a situation where SbieDrv is looking at C:\Windows\Sandboxie.ini and SbieSvc is looking at C:\MojoPac\Windows\Sandboxie.ini.
On Host:
Create junction point on host: \Program Files\Sandboxie -> \Program Files\RingThree\Images\Mojo\Program Files\Sandboxie
In MojoPac:
Stop SbieCtrl/SbieSvc in MojoPac
Create dummy (zero-length) Sandboxie.ini: copy nul \Program Files\Sandboxie\Sandboxie.ini
Reload configuration in driver: (Sandboxie) Start.exe /reload
Restart SbieCtrl (and indirectly SbieSvc) in MojoPac
This works perfectly for Sandboxie.ini access. Now, the real troubles begin...
tzuk
Wow, that's quite a workaround. I really appreciate you taking the time to figure out what's going on. But after seeing it, it sounds like a bad idea to set things up like that.
Perhaps in a later version of MojoPac they'll have better driver support and Sandboxie can work properly. Until then, I guess I'll be using VirtualBox.
Thanks again, really.
Perhaps in a later version of MojoPac they'll have better driver support and Sandboxie can work properly. Until then, I guess I'll be using VirtualBox.
Thanks again, really.
I don't think there is something inherently bad about junction points. It's a feature of NTFS, and I use it where it makes sense. The "real trouble" I was referring to is not at all about junction points.wraithdu wrote:But after seeing it, it sounds like a bad idea to set things up like that.
You're welcome.wraithdu wrote:I really appreciate you taking the time to figure out what's going on.
tzuk
I understood what you were saying and I was agreeing. Junctions are fine. But the confusion the driver is going to run into between the 2 environments could be really bad I would think.tzuk wrote:I don't think there is something inherently bad about junction points. It's a feature of NTFS, and I use it where it makes sense. The "real trouble" I was referring to is not at all about junction points.
Who is online
Users browsing this forum: No registered users and 1 guest
