Block Process Access

[hch]

WONDERFUL!

everything is working perfectly now, no error messages, process access control is working, explorer runs okay!

many thanks to wraithdu!

Keep up the good work

cheers

[hch]

so I guess you can release it as an official version now eh?

[wraithdu]

I'm going to test one more thing when I get home tonight. I made a change to how the parent process ID is found, to close a small security hole. In the test version I had to temporarily remove one of the blocks so my own function could work, for the duration of the function call (then the block was replaced). Under most circumstances this is OK, but if the process is multithreaded there's a minute chance that another thread could call the function whose block I removed in that instant.

So instead I'm using the low level kernel functions to perform the same task, which doesn't require me to remove any blocks, and with better performance as well. I want to test this method on my XP box, then I'll release it as a quick test for you, then I'll inform tzuk of the update and update my first post as well.

[wraithdu]

I've posted v1.0.0.7 which works great on my XP testbed. Barring any problems, this will be the next release version. Let me know if it works for you!

[hch]

tried out v1.0.0.7, it's working fine, and overall performance seems more or less the same as v1.0.0.6.

as far as I've tested this build, i have not encountered any problems.

[wraithdu]

Thanks for all your work testing over the last few days!

[wraithdu]

New release version, v1.0.0.7. See first post to download.

[demoneye]

@ tzuk @

can we get your reply on this DLL ?is it safe / stable to use it?

10x wraithdu for this

[Ruhe]

...and: how compatible is it to new and upcoming releases of Sandboxie?

[Jmtyra]

Why did I create it? I was curious from the post about WoW and the Warden client. I still hope that guy tests it, cause I wanna know if Warden freaks out. My other reasons... it was a challenge.

The purpose is pretty clearly stated. It blocks sandboxed processes from using the ReadProcessMemory function (search MSDN) to read the memory of unsandboxed processes. Incidentally it also blocks the EnumProcessModules function (and perhaps others) of PSAPI.dll, since that function internally seems to use ReadProcessMemory.

Hey there wraithdu! I ~*LOVE*~ what you've done with this DLL, its perfect! I, too, am concerned as to where Blizzard's little Warden tool 'sticks its nose' in my system. I'm a privacy advocate, thus I don't believe it's any of Blizzard's @)#$&(@# business as to what's going on in my system (assuming I'm not affecting/modifying/cheating on their game).

Also, I tried this on Windows 7 RC (build 7100) and it works great ~PLUS~ I believe the runtimes are already installed as I didn't have to install them and your AutoIt test program functioned properly inside and outside of the sandbox.

Any-who, just wanted to say thanks!

[wraithdu]

Glad you like it! Keep in mind I'm not sure this won't get you banned by blizzard or similar online games. Just a warning!

[Tom]

Hi, just what I have been looking for, but I can't for the life of me find "Sandboxie.ini"
Where should i be looking?
I tried in the C/programfiles/sandboxie. But nothing in there editable, except the
Template file.

Thanks.

[Buster]

Hi, just what I have been looking for, but I can't for the life of me find "Sandboxie.ini"
Where should i be looking?
I tried in the C/programfiles/sandboxie. But nothing in there editable, except the
Template file.

Thanks.

SANDBOXIE.INI is located in Windows folder. (usually C:\WINDOWS)

[bugmenot]

IDK what happen, but after i tried to put AntiDel and BlockProcessAccess, my Firefox seem bits laggy and the word that i type require some time before it appear,

any solution?

[Buster]

IDK what happen, but after i tried to put AntiDel and BlockProcessAccess, my Firefox seem bits laggy and the word that i type require some time before it appear,

any solution?

Enable AntiDel and disable BlockProcessAccess and viceversa to find out what of both DLLs is producing that effect.