SandDiff

Utilities designed for use with Sandboxie
Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Re: Feature Request: Save Differences in Reg Format

Post by Buster » Thu Oct 29, 2009 7:33 am

brahman wrote:thanks for this great app.

It would be very nice if it could save registry differences automatically in Windows Registry Editor Version 5 format.
Glad you like it!

tzuk has been helping me with the registry comparision part. He told me how to correctly find when a registry or value key has been deleted.

I add your suggestion to the feature request list. If it´s possible to me I will add it.

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Thu Oct 29, 2009 3:22 pm

I have decided that SandDiff will not be used to compare two sandbox states. I have decided this because I can not garantee accurate results comparing two sandboxes and because the goal of SandDiff will be to act like a malware analyzer.

So next version of SandDiff will show only the modifications (file, registry and port) made to system. I think I can garantee accurate results doing that.

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Thu Oct 29, 2009 4:10 pm

So something more along the lines of RegShot or InCtrl5 then?

Sad to hear. I liked the direction this was going. It was very easy to use and fast. So now when you say 'modifications made to system', what do you mean exactly? It won't work at all with Sandboxie now, or it's just testing for leaks to the real system?

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Thu Oct 29, 2009 4:33 pm

I plan removing the "before" button and keep only the "empty".

The rest will be the same, just more accurate.

Keep a copy of actual version for if you need to compare two sandboxes states.

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Fri Oct 30, 2009 12:07 am

I see. So it will function basically the same, we just have to start with an empty sandbox instead of a box that already has something in it. That's cool, that's primarily how I would use it anyway.

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Fri Oct 30, 2009 4:41 am

wraithdu wrote:I see. So it will function basically the same, we just have to start with an empty sandbox instead of a box that already has something in it. That's cool, that's primarily how I would use it anyway.
Yes, it´s like you say: it will function basically the same and you will start with an empty sandbox instead of a box that already has something in it.

I decided this change because like you, I think most people will use it that way anyway.

With this change comparisions will be more accurate so I will be able to accomplish the final goal of the tool much better. The final goal is converting SandDiff in a sandbox analyzer.

Also I plan renaming the tool so people don´t confuse SandDiff with SandboxDiff.

Ruhe
Posts: 803
Joined: Thu Jul 03, 2008 8:56 am
Location: Germany
Contact:

Post by Ruhe » Fri Oct 30, 2009 5:03 am

Buster wrote:Also I plan renaming the tool so people don´t confuse SandDiff with SandboxDiff.
Send me a PM if I have to change the subdomain accordingly.

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Fri Oct 30, 2009 5:29 am

Ruhe wrote:
Buster wrote:Also I plan renaming the tool so people don´t confuse SandDiff with SandboxDiff.
Send me a PM if I have to change the subdomain accordingly.
I will do, thanks!

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Fri Oct 30, 2009 4:11 pm

SandDiff is discontinued. You can get last version from here:

http://bsa.qnea.de/sanddiff.rar

Gantron

Download link doesn't work

Post by Gantron » Mon Aug 02, 2010 11:36 pm

The download link doesn't work.

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Re: Download link doesn't work

Post by Buster » Tue Aug 03, 2010 3:19 am

Gantron wrote:The download link doesn't work.
I suggest you use SandboxDiff by MajoMo:

http://sandboxie.com/phpbb/viewtopic.php?t=3606

Or Buster Sandbox Analyzer:

http://sandboxie.com/phpbb/viewtopic.php?t=6557

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests