Registry log module

[Unknown_User_368]

as far as I know,sandboxie only log registry action maked by the sandboxied program at the file : \Sandbox\DefaultBox\Data\Registry.dat

This file is not readable for us and I can't find any operation at the manu to explorer what is contained in this file.

what about to make it easy for human to read it?

[mizzmona]

Sandboxie's RegDump can output the sandbox's registry to a text file.

See these topic threads for more info:

http://sandboxie.com/phpbb/viewtopic.php?t=185

http://sandboxie.com/phpbb/viewtopic.php?t=383

-M

[Guest]

Thanks a lot.

but there goes another problem, it seems that sandboxie only lists all the registry in my computer, not what is changed by the sandboxed program?

[SBIE User]

Thanks a lot.

but there goes another problem, it seems that sandboxie only lists all the registry in my computer, not what is changed by the sandboxed program?

If you are asking what registry keys are used by Sandboxie, you can find them by reading the thread at http://sandboxie.com/phpbb/viewtopic.php?t=198&start=45. Of course, Windows registry will also make a record that Sandboxie is installed on the machine and will include references to its files and installation information.

If you use Pablo's AutoIt script to use Sandboxie portably referenced in the thread I just provided, it will remove Sandboxie's own registry keys when you shut down Sandboxie -- but it will not remove Window's own registry entries about files on your computer (including Sandboxie) and recently accessed files, etc. While Pablo's script is very helpful, it can only be used with computers on which you have administrative rights, and it does not necessarily remove any trace of Sandboxie from a machine on which you run it in portable mode.

If it is very important to know all the persistent registry changes that occur when you install and use Sandboxie, there are a number of freeware registry monitoring programs available like Regmon at http://www.sysinternals.com/SystemInfor ... ities.html. As I expect you know, you can also do a registry search with Regedt32 (native to Windows) for keywords like "sandboxie" and "tzuk" to find obvious references to Sandboxie.

Good luck.

SBIE (Happy) User

[mizzmona]

but there goes another problem, it seems that sandboxie only lists all the registry in my computer, not what is changed by the sandboxed program?

Sandboxie's registry does not list the entire registry, only those keys necessary to sandboxed programs. It would be pointless and time-consuming for Sandboxie to have to read and store all the registry (for every sandbox!) before it could even be used to run the first sandboxed program.

It's understandable if you want to know specifically what keys were added, deleted, or modified by a sandboxed program, though...particularly for freshly installed sandboxed programs.

I haven't tested any of this, but...

Normally, what you want is handled with an installation monitor...so one option might be to install a snapshot-type installation monitor, and then run it sandboxed. (For just registry changes, you might first set the sandboxed monitor to only snapshot the registry, and run only on demand. And, it might be wise to adjust Sandboxie Control's File Copy Options to allow writing more KBytes, as the output could be fairly large.***)

Another option would be to get a simpler program whose function is to output the registry to a text file -- or just use RegEdit itself to do that. (Run sandboxed, of course.) Use a file comparison program to then compare "before and after" text files for differences. With this option, taking the "snapshots" may be faster, but doing the comparisons may be more tedious.

Note that taking sandboxed snapshots of the full registry should force Sandboxie to log the entire registry as well (altho, I'm not 100% positive on that)...and, bearing in mind that taking snapshots of the registry outside of a sandbox usually takes awhile anyway, doing it from within a sandbox (where Sandboxie is effectively duplicating the process too) will likely take at least twice as long.

-M

***Edit: Better yet, just give whatever program is used OpenFilePath permission to its data folders, so the snapshot files are written outside of the sandbox.

[mizzmona]

Of course, what you really wanted is a tool that could be set to log only the registry modifications in a separate file. (Yet, how would one log the deletions, unless the file were of the line-by-line logged output type? Ugh.)

If Tzuk's inclined, he'll think of something.

-M

Away on Tzuk's Trek -- I've no clue where he's going, but it's a fine journey so far!

[Unknown_User_425]

I'm wondering. I want to install Sims 2 within Sandboxie, which I have done successfully once before. however, I wish to "capture" all of the registry entries made by Sims 2 to a text file/reg file so that if I ever want to put Sims 2 on another drive without reinstalling it, I can zip the installed files, decompress them on another drive/partition and import the registry entries.
How can I do this?

[Unknown_User_490]

Because Regmon (www.sysinternals.com) doesn't work sandboxed, Regshot is my weapon of choice.
http://www.softpedia.com/get/Tweak/Regi ... Shot.shtml

Registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one.