Buster Sandbox Analyzer
I can't say that for sure. The update from v7 to v8 was some time ago, it could be that I didn't use the BSA & TestBox in that time, I'm not sure though.
Could please anyone who is using Avast AV try to run Windows Explorer in a sandbox for BSA to confirm if Avast is the problem? Thank you in advance!
Could please anyone who is using Avast AV try to run Windows Explorer in a sandbox for BSA to confirm if Avast is the problem? Thank you in advance!
That's gotta be out of some DOS game, I don't know which one though.
If I delete the LOG API injections from the TestBox I will be still able to see all the file changes and internet connections when trying programs with BSA, right?
Another thing - in the latest BSA version the program icon is in very low resolution, could you fix that please?
If I delete the LOG API injections from the TestBox I will be still able to see all the file changes and internet connections when trying programs with BSA, right?
Another thing - in the latest BSA version the program icon is in very low resolution, could you fix that please?
It is from "The secret of Monkey Island".Bellzemos wrote:That's gotta be out of some DOS game, I don't know which one though.
If I delete the LOG API injections from the TestBox I will be still able to see all the file changes and internet connections when trying programs with BSA, right?
Another thing - in the latest BSA version the program icon is in very low resolution, could you fix that please?
If you do not inject LOG_API you still will be able to see file/registry and internet connections.
1.88 was last release, so I will not change program´s icon.
This Sandbox Analyzer seems to be a nice add-on to Sandboxie.
My intention of using Sandboxie in combination with BSA is making a backup of files before they get actually changed by an installer.
Sadly I have some problems getting it to work properly.
Here are some facts of my evaluating:
1. Under Sandboxie 4.02 the 64-bit-dll doesn't work in Sandboxie (after reading this forum not surprisingly - see 3 posts above) -> "upgraded" to 3.76
2. Under Sandboxie 3.76 the 64-bit-dll doesn't work in Sandboxie. Trying to save a new text-file via notepad leads to an error (see report.wer below); same behaviour trying explorer sandboxed.
But the API-window in BSA shows information. -> Deleted 64-bit-dll-enry in sandboxie-config
3. Both programs run without errors now but something still seems to be wrong.
a) In FileDiff.txt there is no "-" for deleted or ~ for changed files (always it's a "+").
b) In FileDiff.txt the path of files is wrong. Sandboxie runs as normal user, BSA as admin.
When I save a text-file under normal users desktop the result in FileDiff.txt is C:\Users\Admin\Desktop\text.txt
What is the problem with the 64-bit-dll? Why is the FileDiff-output wrong?
Please help me to solve those problems.
Thanks in advance
report.wer:
Version=1
EventType=APPCRASH
EventTime=130160255837303450
ReportType=2
Consent=1
UploadTime=130160255840313622
ReportIdentifier=62a19154-d803-11e2-b545-485b39121d2f
IntegratorReportIdentifier=62a19153-d803-11e2-b545-485b39121d2f
Response.BucketId=117194276
Response.BucketTable=4
Response.type=4
Sig[0].Name=Anwendungsname
Sig[0].Value=notepad.exe
Sig[1].Name=Anwendungsversion
Sig[1].Value=6.1.7600.16385
Sig[2].Name=Anwendungszeitstempel
Sig[2].Value=4a5bc9b3
Sig[3].Name=Fehlermodulname
Sig[3].Value=USER32.dll
Sig[4].Name=Fehlermodulversion
Sig[4].Value=6.1.7601.17514
Sig[5].Name=Fehlermodulzeitstempel
Sig[5].Value=4ce7c9f1
Sig[6].Name=Ausnahmecode
Sig[6].Value=c000001d
Sig[7].Name=Ausnahmeoffset
Sig[7].Value=0000000000005357
DynamicSig[1].Name=Betriebsystemversion
DynamicSig[1].Value=6.1.7601.2.1.0.256.48
DynamicSig[2].Name=Gebietsschema-ID
DynamicSig[2].Value=1031
DynamicSig[22].Name=Zusatzinformation 1
DynamicSig[22].Value=6da2
DynamicSig[23].Name=Zusatzinformation 2
DynamicSig[23].Value=6da2b402497f679254c78375c3071ebd
DynamicSig[24].Name=Zusatzinformation 3
DynamicSig[24].Value=698c
DynamicSig[25].Name=Zusatzinformation 4
DynamicSig[25].Value=698c16f5ae9cd96dc869cf188ea8d63a
UI[2]=C:\Windows\System32\notepad.exe
UI[3]=Editor funktioniert nicht mehr
UI[4]=Windows kann online nach einer Lösung für das Problem suchen.
UI[5]=Online nach einer Lösung suchen und das Programm schließen
UI[6]=Später online nach einer Lösung suchen und das Programm schließen
UI[7]=Programm schließen
LoadedModule[0]=C:\Windows\System32\notepad.exe
LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\Windows\system32\kernel32.dll
LoadedModule[3]=C:\Windows\system32\KERNELBASE.dll
LoadedModule[4]=C:\Windows\system32\USER32.dll
LoadedModule[5]=C:\Windows\system32\GDI32.dll
LoadedModule[6]=C:\Windows\system32\LPK.dll
LoadedModule[7]=C:\Windows\system32\USP10.dll
LoadedModule[8]=C:\Windows\system32\msvcrt.dll
LoadedModule[9]=C:\Windows\system32\IMM32.DLL
LoadedModule[10]=C:\Windows\system32\MSCTF.dll
LoadedModule[11]=C:\Windows\system32\ADVAPI32.dll
LoadedModule[12]=C:\Windows\SYSTEM32\sechost.dll
LoadedModule[13]=C:\Windows\system32\RPCRT4.dll
LoadedModule[14]=C:\Windows\system32\COMDLG32.dll
LoadedModule[15]=C:\Windows\system32\SHLWAPI.dll
LoadedModule[16]=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll
LoadedModule[17]=C:\Windows\system32\SHELL32.dll
LoadedModule[18]=C:\Windows\System32\WINSPOOL.DRV
LoadedModule[19]=C:\Windows\system32\ole32.dll
LoadedModule[20]=C:\Windows\system32\OLEAUT32.dll
LoadedModule[21]=C:\Windows\System32\VERSION.dll
LoadedModule[22]=C:\Windows\System32\CRYPTBASE.dll
LoadedModule[23]=C:\Windows\system32\uxtheme.dll
LoadedModule[24]=C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll
LoadedModule[25]=C:\Program Files (x86)\ATI Technologies\HydraVision\GridHook64.dll
LoadedModule[26]=C:\Windows\System32\dwmapi.dll
LoadedModule[27]=C:\Windows\System32\PROPSYS.dll
LoadedModule[28]=C:\Windows\system32\CLBCatQ.DLL
LoadedModule[29]=C:\Windows\System32\CRYPTSP.dll
LoadedModule[30]=C:\Windows\system32\rsaenh.dll
LoadedModule[31]=C:\Windows\System32\RpcRtRemote.dll
LoadedModule[32]=C:\Windows\system32\explorerframe.dll
LoadedModule[33]=C:\Windows\system32\DUser.dll
LoadedModule[34]=C:\Windows\system32\DUI70.dll
LoadedModule[35]=C:\Windows\System32\WindowsCodecs.dll
LoadedModule[36]=C:\Windows\System32\apphelp.dll
LoadedModule[37]=C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
LoadedModule[38]=C:\Windows\system32\dbghelp.dll
LoadedModule[39]=C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCP90.dll
LoadedModule[40]=C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll
LoadedModule[41]=C:\Windows\system32\EhStorShell.dll
LoadedModule[42]=C:\Windows\system32\SETUPAPI.dll
LoadedModule[43]=C:\Windows\system32\CFGMGR32.dll
LoadedModule[44]=C:\Windows\system32\DEVOBJ.dll
LoadedModule[45]=C:\Windows\System32\cscui.dll
LoadedModule[46]=C:\Windows\System32\CSCDLL.dll
LoadedModule[47]=C:\Windows\System32\CSCAPI.dll
LoadedModule[48]=C:\Windows\system32\ntshrui.dll
LoadedModule[49]=C:\Windows\System32\srvcli.dll
LoadedModule[50]=C:\Windows\System32\slc.dll
LoadedModule[51]=C:\Windows\System32\MsftEdit.dll
LoadedModule[52]=C:\Windows\System32\msls31.dll
LoadedModule[53]=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
LoadedModule[54]=C:\Windows\System32\profapi.dll
LoadedModule[55]=C:\Windows\system32\xmllite.dll
LoadedModule[56]=C:\Windows\System32\ntmarta.dll
LoadedModule[57]=C:\Windows\system32\WLDAP32.dll
LoadedModule[58]=C:\Windows\System32\OLEACC.dll
LoadedModule[59]=C:\Windows\System32\UIAutomationCore.dll
LoadedModule[60]=C:\Windows\system32\PSAPI.DLL
State[0].Key=Transport.DoneStage1
State[0].Value=1
State[1].Key=DataRequest
State[1].Value=iData=1/nDumpFile=//Upload//iCab//82bcc49687fc4801a30910f78b59a551-efc1fb80a9c6f75065d2688dfe301b70-4-117194276-AppCrash64-6-1-7601-2.cab/nDumpServer=watson.microsoft.com/nResponseServer=watson.microsoft.com/nResponseURL=//dw//StageFour64.asp?iBucket=117194276&szCab=82bcc49687fc4801a30910f78b59a551.cab&EventType=AppCrash64&BucketHash=efc1fb80a9c6f75065d2688dfe301b70&MID=06A762C4-FD33-46D0-828F-392F558EFDA4/nBucket=117194276/nBucketTable=4/nResponse=1/n
FriendlyEventName=Nicht mehr funktionsfähig
ConsentKey=APPCRASH
AppName=Editor
AppPath=C:\Windows\System32\notepad.exe
My intention of using Sandboxie in combination with BSA is making a backup of files before they get actually changed by an installer.
Sadly I have some problems getting it to work properly.
Here are some facts of my evaluating:
1. Under Sandboxie 4.02 the 64-bit-dll doesn't work in Sandboxie (after reading this forum not surprisingly - see 3 posts above) -> "upgraded" to 3.76
2. Under Sandboxie 3.76 the 64-bit-dll doesn't work in Sandboxie. Trying to save a new text-file via notepad leads to an error (see report.wer below); same behaviour trying explorer sandboxed.
But the API-window in BSA shows information. -> Deleted 64-bit-dll-enry in sandboxie-config
3. Both programs run without errors now but something still seems to be wrong.
a) In FileDiff.txt there is no "-" for deleted or ~ for changed files (always it's a "+").
b) In FileDiff.txt the path of files is wrong. Sandboxie runs as normal user, BSA as admin.
When I save a text-file under normal users desktop the result in FileDiff.txt is C:\Users\Admin\Desktop\text.txt
What is the problem with the 64-bit-dll? Why is the FileDiff-output wrong?
Please help me to solve those problems.
Thanks in advance
report.wer:
Version=1
EventType=APPCRASH
EventTime=130160255837303450
ReportType=2
Consent=1
UploadTime=130160255840313622
ReportIdentifier=62a19154-d803-11e2-b545-485b39121d2f
IntegratorReportIdentifier=62a19153-d803-11e2-b545-485b39121d2f
Response.BucketId=117194276
Response.BucketTable=4
Response.type=4
Sig[0].Name=Anwendungsname
Sig[0].Value=notepad.exe
Sig[1].Name=Anwendungsversion
Sig[1].Value=6.1.7600.16385
Sig[2].Name=Anwendungszeitstempel
Sig[2].Value=4a5bc9b3
Sig[3].Name=Fehlermodulname
Sig[3].Value=USER32.dll
Sig[4].Name=Fehlermodulversion
Sig[4].Value=6.1.7601.17514
Sig[5].Name=Fehlermodulzeitstempel
Sig[5].Value=4ce7c9f1
Sig[6].Name=Ausnahmecode
Sig[6].Value=c000001d
Sig[7].Name=Ausnahmeoffset
Sig[7].Value=0000000000005357
DynamicSig[1].Name=Betriebsystemversion
DynamicSig[1].Value=6.1.7601.2.1.0.256.48
DynamicSig[2].Name=Gebietsschema-ID
DynamicSig[2].Value=1031
DynamicSig[22].Name=Zusatzinformation 1
DynamicSig[22].Value=6da2
DynamicSig[23].Name=Zusatzinformation 2
DynamicSig[23].Value=6da2b402497f679254c78375c3071ebd
DynamicSig[24].Name=Zusatzinformation 3
DynamicSig[24].Value=698c
DynamicSig[25].Name=Zusatzinformation 4
DynamicSig[25].Value=698c16f5ae9cd96dc869cf188ea8d63a
UI[2]=C:\Windows\System32\notepad.exe
UI[3]=Editor funktioniert nicht mehr
UI[4]=Windows kann online nach einer Lösung für das Problem suchen.
UI[5]=Online nach einer Lösung suchen und das Programm schließen
UI[6]=Später online nach einer Lösung suchen und das Programm schließen
UI[7]=Programm schließen
LoadedModule[0]=C:\Windows\System32\notepad.exe
LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\Windows\system32\kernel32.dll
LoadedModule[3]=C:\Windows\system32\KERNELBASE.dll
LoadedModule[4]=C:\Windows\system32\USER32.dll
LoadedModule[5]=C:\Windows\system32\GDI32.dll
LoadedModule[6]=C:\Windows\system32\LPK.dll
LoadedModule[7]=C:\Windows\system32\USP10.dll
LoadedModule[8]=C:\Windows\system32\msvcrt.dll
LoadedModule[9]=C:\Windows\system32\IMM32.DLL
LoadedModule[10]=C:\Windows\system32\MSCTF.dll
LoadedModule[11]=C:\Windows\system32\ADVAPI32.dll
LoadedModule[12]=C:\Windows\SYSTEM32\sechost.dll
LoadedModule[13]=C:\Windows\system32\RPCRT4.dll
LoadedModule[14]=C:\Windows\system32\COMDLG32.dll
LoadedModule[15]=C:\Windows\system32\SHLWAPI.dll
LoadedModule[16]=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll
LoadedModule[17]=C:\Windows\system32\SHELL32.dll
LoadedModule[18]=C:\Windows\System32\WINSPOOL.DRV
LoadedModule[19]=C:\Windows\system32\ole32.dll
LoadedModule[20]=C:\Windows\system32\OLEAUT32.dll
LoadedModule[21]=C:\Windows\System32\VERSION.dll
LoadedModule[22]=C:\Windows\System32\CRYPTBASE.dll
LoadedModule[23]=C:\Windows\system32\uxtheme.dll
LoadedModule[24]=C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll
LoadedModule[25]=C:\Program Files (x86)\ATI Technologies\HydraVision\GridHook64.dll
LoadedModule[26]=C:\Windows\System32\dwmapi.dll
LoadedModule[27]=C:\Windows\System32\PROPSYS.dll
LoadedModule[28]=C:\Windows\system32\CLBCatQ.DLL
LoadedModule[29]=C:\Windows\System32\CRYPTSP.dll
LoadedModule[30]=C:\Windows\system32\rsaenh.dll
LoadedModule[31]=C:\Windows\System32\RpcRtRemote.dll
LoadedModule[32]=C:\Windows\system32\explorerframe.dll
LoadedModule[33]=C:\Windows\system32\DUser.dll
LoadedModule[34]=C:\Windows\system32\DUI70.dll
LoadedModule[35]=C:\Windows\System32\WindowsCodecs.dll
LoadedModule[36]=C:\Windows\System32\apphelp.dll
LoadedModule[37]=C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
LoadedModule[38]=C:\Windows\system32\dbghelp.dll
LoadedModule[39]=C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCP90.dll
LoadedModule[40]=C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll
LoadedModule[41]=C:\Windows\system32\EhStorShell.dll
LoadedModule[42]=C:\Windows\system32\SETUPAPI.dll
LoadedModule[43]=C:\Windows\system32\CFGMGR32.dll
LoadedModule[44]=C:\Windows\system32\DEVOBJ.dll
LoadedModule[45]=C:\Windows\System32\cscui.dll
LoadedModule[46]=C:\Windows\System32\CSCDLL.dll
LoadedModule[47]=C:\Windows\System32\CSCAPI.dll
LoadedModule[48]=C:\Windows\system32\ntshrui.dll
LoadedModule[49]=C:\Windows\System32\srvcli.dll
LoadedModule[50]=C:\Windows\System32\slc.dll
LoadedModule[51]=C:\Windows\System32\MsftEdit.dll
LoadedModule[52]=C:\Windows\System32\msls31.dll
LoadedModule[53]=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
LoadedModule[54]=C:\Windows\System32\profapi.dll
LoadedModule[55]=C:\Windows\system32\xmllite.dll
LoadedModule[56]=C:\Windows\System32\ntmarta.dll
LoadedModule[57]=C:\Windows\system32\WLDAP32.dll
LoadedModule[58]=C:\Windows\System32\OLEACC.dll
LoadedModule[59]=C:\Windows\System32\UIAutomationCore.dll
LoadedModule[60]=C:\Windows\system32\PSAPI.DLL
State[0].Key=Transport.DoneStage1
State[0].Value=1
State[1].Key=DataRequest
State[1].Value=iData=1/nDumpFile=//Upload//iCab//82bcc49687fc4801a30910f78b59a551-efc1fb80a9c6f75065d2688dfe301b70-4-117194276-AppCrash64-6-1-7601-2.cab/nDumpServer=watson.microsoft.com/nResponseServer=watson.microsoft.com/nResponseURL=//dw//StageFour64.asp?iBucket=117194276&szCab=82bcc49687fc4801a30910f78b59a551.cab&EventType=AppCrash64&BucketHash=efc1fb80a9c6f75065d2688dfe301b70&MID=06A762C4-FD33-46D0-828F-392F558EFDA4/nBucket=117194276/nBucketTable=4/nResponse=1/n
FriendlyEventName=Nicht mehr funktionsfähig
ConsentKey=APPCRASH
AppName=Editor
AppPath=C:\Windows\System32\notepad.exe
SandyBox: BSA is not compatible with Sandboxie 4.xx, so you should stay using Sandboxie 3.76.
I do not know why the 64-bit-dll doesn't work in Sandboxie 3.76. Probably it is due a conflict with other software you have installed in your system. You could try uninstalling other software until you find out what software is the responsible of the conflict.
I do not know why the 64-bit-dll doesn't work in Sandboxie 3.76. Probably it is due a conflict with other software you have installed in your system. You could try uninstalling other software until you find out what software is the responsible of the conflict.
Thank you Buster for your answer.
Instead of uninstalling numerous software (this would be very time consuming and the success is not guaranteed) I actually try to achieve the needed BSA-function by some batch programing (also some kind of time consuming ).
Coders like you are always PC-heroes to me. They spend very much time on their project, make it available to the public and often have to consider to deal with updated software (in this case Sandboxie 4.02) which they upgrade to a more powerful tool.
I wish you all the best.
Instead of uninstalling numerous software (this would be very time consuming and the success is not guaranteed) I actually try to achieve the needed BSA-function by some batch programing (also some kind of time consuming ).
Coders like you are always PC-heroes to me. They spend very much time on their project, make it available to the public and often have to consider to deal with updated software (in this case Sandboxie 4.02) which they upgrade to a more powerful tool.
I wish you all the best.
I have re-released BSA 1.88 in order to fix a bug when processing URLs from command line.
At the moment the package has been updated here:
http://www.woodmann.com/virusbuster/bsa.rar
When the other link has been updated I will post an update.
At the moment the package has been updated here:
http://www.woodmann.com/virusbuster/bsa.rar
When the other link has been updated I will post an update.
Who is online
Users browsing this forum: No registered users and 0 guests