[.08] Problems with AutoExec

Listing issues addressed in beta version 4.01
Locked
DR_LaRRY_PEpPeR
Posts: 291
Joined: Wed Jul 04, 2012 6:40 pm
Location: St. Louis area

[.08] Problems with AutoExec

Post by DR_LaRRY_PEpPeR » Tue May 07, 2013 6:00 am

I had never tried to use AutoExec before yesterday... I see no special instructions, but I couldn't get it to work (in my usual "active" sandbox, new one, nothing with 4.01.07). So had to investigate. :) Worked right away with 4.01.07 on the other XP system! Here's what I found, testing with:

AutoExec=reg add HKCU\Software\Test123

First, it appears that in 3.76 and 4.01, an AutoExec (when it works), is only executed when a sandbox first becomes active -- is that the intended behavior, I guess? Although the SandboxieAutoExec key itself is recreated, if deleted, with each new process.....

It looks like AutoExec in 3.76 ONLY works when using Run Sandboxed, etc. (Start.exe stuff). With Forced Programs, the command will be logged under SandboxieAutoExec, but it doesn't actually run. :? Assuming this won't be fixed if there are no more 3.x releases...

In 4.01, AutoExec ONLY works when using Forced Programs. So that explains why I couldn't get it to work, since using Run Sandboxed, Run... whatever with Start.exe never does anything. :(
XP Home-as-Pro SP3 (Admin) w/ continued updates (Embedded/POSReady 2009)
> Permissions + "2-level" SRP, latest Sandboxie (Pro/registered), EMET 4, no anti-anything (ever)
Did I make tzuk crazed... in his last days? :o

Guest10
Posts: 5124
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

Re: Problems with AutoExec

Post by Guest10 » Tue May 07, 2013 8:42 am

DR_LaRRY_PEpPeR wrote:In 4.01, AutoExec ONLY works when using Forced Programs. So that explains why I couldn't get it to work, since using Run Sandboxed, Run... whatever with Start.exe never does anything. :(
I can confirm this one, when sandboxing notepad.exe on 4.01.07, with:
AutoExec=reg add HKCU\Software\Test123

It works when notepad.exe is forced, but not when 'Run Sandboxed'.
(I didn't try the AutoExec command on 3.76)
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Tue May 07, 2013 4:27 pm

Thanks, I will check it in a day or two and post an update.
tzuk

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Sun May 12, 2013 2:27 pm

This should be fixed in version 4.01.08.
tzuk

DR_LaRRY_PEpPeR
Posts: 291
Joined: Wed Jul 04, 2012 6:40 pm
Location: St. Louis area

Post by DR_LaRRY_PEpPeR » Sat May 18, 2013 11:00 am

I think it all looked OK in my quick testing. Thanks! :)

Is that the expected behavior where an AutoExec doesn't run once the sandbox is active...? I assume so, and that's fine. Just wondering since the SandboxieAutoExec key is recreated anytime a program starts. Plus, the AutoExec page says:

"... they are executed again the next time any sandboxed program starts in that sandbox. But it is also possible to get them to execute again, by manually deleting the command from that sandboxed registry key."

Which doesn't say after the sandboxed becomes inactive, but that's what's needed, thus my curiosity. :o

Guest10
Posts: 5124
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

Post by Guest10 » Sat May 18, 2013 1:32 pm

DR_LaRRY_PEpPeR wrote:Which doesn't say after the sandboxed becomes inactive, but that's what's needed, thus my curiosity.
A question, since I'm not sure that I correctly follow the discussion...
When the sandbox becomes inactive the sandbox reghive is unmounted, so if you wanted to remove the sandbox autoexec key at that time wouldn't you need to modify the reghive file in some way?
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007

DR_LaRRY_PEpPeR
Posts: 291
Joined: Wed Jul 04, 2012 6:40 pm
Location: St. Louis area

Post by DR_LaRRY_PEpPeR » Sat May 18, 2013 1:52 pm

I'm not sure why you're asking (what the difference is :)), but... It's really about deleting the values in SandboxieAutoExec, but I was just simply deleting the whole key, when I saw that launching a program recreates it, though nothing else AutoExec-related happens.

If what you're asking about is having the key gone when/after the sandbox becomes inactive, without deleting contents, the SandboxieAutoExec key can be deleted, and then close any remaining programs without opening anything new, and it should stay deleted. As far as modifying the RegHive without Sandboxie, sure, File->Load Hive in Regedit or whatever (under HKEY_USERS, if it matters), name it whatever, make changes, Unload Hive. I've never done that...

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Sun May 19, 2013 11:07 am

There is a similar StartProgram command which could also be useful.

http://www.sandboxie.com/phpbb/viewtopic.php?t=7512
tzuk

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Sun May 19, 2013 11:07 am

There is a similar StartProgram command which could also be useful.

http://www.sandboxie.com/phpbb/viewtopic.php?t=7512
tzuk

Locked

Who is online

Users browsing this forum: No registered users and 1 guest