Block Process Access

Utilities designed for use with Sandboxie
hch

Post by hch » Tue Feb 17, 2009 2:01 am

WONDERFUL!

everything is working perfectly now, no error messages, process access control is working, explorer runs okay!

many thanks to wraithdu!

Keep up the good work :)

cheers

hch

Post by hch » Tue Feb 17, 2009 2:05 am

so I guess you can release it as an official version now eh?

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Tue Feb 17, 2009 11:00 am

I'm going to test one more thing when I get home tonight. I made a change to how the parent process ID is found, to close a small security hole. In the test version I had to temporarily remove one of the blocks so my own function could work, for the duration of the function call (then the block was replaced). Under most circumstances this is OK, but if the process is multithreaded there's a minute chance that another thread could call the function whose block I removed in that instant.

So instead I'm using the low level kernel functions to perform the same task, which doesn't require me to remove any blocks, and with better performance as well. I want to test this method on my XP box, then I'll release it as a quick test for you, then I'll inform tzuk of the update and update my first post as well.

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Tue Feb 17, 2009 6:13 pm

I've posted v1.0.0.7 which works great on my XP testbed. Barring any problems, this will be the next release version. Let me know if it works for you!

hch

Post by hch » Tue Feb 17, 2009 10:16 pm

tried out v1.0.0.7, it's working fine, and overall performance seems more or less the same as v1.0.0.6.

as far as I've tested this build, i have not encountered any problems.

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Tue Feb 17, 2009 11:06 pm

Thanks for all your work testing over the last few days!

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Thu Feb 19, 2009 6:25 pm

New release version, v1.0.0.7. See first post to download.

demoneye
Posts: 203
Joined: Mon Jan 21, 2008 4:30 pm

Post by demoneye » Wed Jun 03, 2009 8:20 am

@ tzuk @

can we get your reply on this DLL ?is it safe / stable to use it?

10x wraithdu for this ;)

Ruhe
Posts: 803
Joined: Thu Jul 03, 2008 8:56 am
Location: Germany
Contact:

Post by Ruhe » Wed Jun 03, 2009 8:26 am

...and: how compatible is it to new and upcoming releases of Sandboxie?

Jmtyra

Post by Jmtyra » Fri Jun 05, 2009 4:45 pm

wraithdu wrote:Why did I create it? I was curious from the post about WoW and the Warden client. I still hope that guy tests it, cause I wanna know if Warden freaks out. My other reasons... it was a challenge. :)

The purpose is pretty clearly stated. It blocks sandboxed processes from using the ReadProcessMemory function (search MSDN) to read the memory of unsandboxed processes. Incidentally it also blocks the EnumProcessModules function (and perhaps others) of PSAPI.dll, since that function internally seems to use ReadProcessMemory.
Hey there wraithdu! I ~*LOVE*~ what you've done with this DLL, its perfect! I, too, am concerned as to where Blizzard's little Warden tool 'sticks its nose' in my system. I'm a privacy advocate, thus I don't believe it's any of Blizzard's @)#$&(@# business as to what's going on in my system (assuming I'm not affecting/modifying/cheating on their game).

Also, I tried this on Windows 7 RC (build 7100) and it works great ~PLUS~ I believe the runtimes are already installed as I didn't have to install them and your AutoIt test program functioned properly inside and outside of the sandbox.

Any-who, just wanted to say thanks! :D

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Fri Jun 05, 2009 7:18 pm

Glad you like it! Keep in mind I'm not sure this won't get you banned by blizzard or similar online games. Just a warning!

Tom

Post by Tom » Wed Sep 16, 2009 5:12 am

Hi, just what I have been looking for, but I can't for the life of me find "Sandboxie.ini"
Where should i be looking?
I tried in the C/programfiles/sandboxie. But nothing in there editable, except the
Template file.

Thanks.

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Wed Sep 16, 2009 5:55 am

Tom wrote:Hi, just what I have been looking for, but I can't for the life of me find "Sandboxie.ini"
Where should i be looking?
I tried in the C/programfiles/sandboxie. But nothing in there editable, except the
Template file.

Thanks.
SANDBOXIE.INI is located in Windows folder. (usually C:\WINDOWS)

bugmenot
Posts: 45
Joined: Wed Aug 08, 2007 6:31 am

Post by bugmenot » Fri Oct 16, 2009 4:48 am

IDK what happen, but after i tried to put AntiDel and BlockProcessAccess, my Firefox seem bits laggy and the word that i type require some time before it appear,

any solution?

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Fri Oct 16, 2009 5:10 am

bugmenot wrote:IDK what happen, but after i tried to put AntiDel and BlockProcessAccess, my Firefox seem bits laggy and the word that i type require some time before it appear,

any solution?
Enable AntiDel and disable BlockProcessAccess and viceversa to find out what of both DLLs is producing that effect.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest