I am pretty sure I am using Sandboxie portable.
I say 'pretty sure' because it works as well as installed. But on my old pc I had a folder of my username under c:\sandbox and I think with portable I only have a DefaultBox folder there.
SandboxDiff - Registry/Files changes
Re: comp-reg error
"hive path err" is related to "RegHive" file that wasn't able to be load by SandboxDiff. There are several reasons for, that you can check:gyp wrote:In comp-reg.txt I am getting
1d0
< hive path err
\ No newline at end of file
Otherwise seems to be functioning very easy
. When starting the sandbox folder is empty; so "RegHive" file didn't exist to be analyzed. You need to do a dummy action to create it: e.g. open Notepad.exe sandboxed and close it. Start SandboxDiff after.
. "RegHive" file was in use perhaps. You need to terminate all app. that are sandboxed firstly (when is asked by SandboxDiff).
-
Guest
-
Guest
I really don't know what I'm talking about here but I was able to see when the hive.bak files were being created I could peek in one that said HKEY_USERS hive or something...my reghive created when looked at in wrr starts with \Sandbox_<MyUserName_DefaultBox.
Anyway, if I run sandboxdiff before, during, or after a sandboxed app, it is not finding any reghive file which is at C:\Sandbox\DefaultBox
Anyway, if I run sandboxdiff before, during, or after a sandboxed app, it is not finding any reghive file which is at C:\Sandbox\DefaultBox
When you have "hive path err" SandboxDiff was unable to load "RegHive" file for some reason.Anonymous wrote:but Reg_before also declares hive path err.
BTW, do you have "UserPath.bat" customized?
Can you describe in detail the steps that you do when install an app. sandboxed with SandboxDiff? I think that can allow a clarification.Anonymous wrote:Anyway, if I run sandboxdiff before, during, or after a sandboxed app, it is not finding any reghive file which is at C:\Sandbox\DefaultBox
No annoyance here. I can explain better further along (it's a form issue not a content question).Anonymous wrote:I was able to see when the hive.bak files were being created I could peek in one that said HKEY_USERS hive or something...my reghive created when looked at in wrr starts with \Sandbox_<MyUserName_DefaultBox.
BTW, WRR shows the registry status; SandboxDiff performs the registry changes between two status.
Well I have tried many different orders of operations now, including messing with the path declaration, but no avail.
My user path
C:\Sandbox\DefaultBox
My userpath line
copy "C:\Sandbox\DefaultBox\RegHive" hive_1.bak /v /y > NUL
1. Sandbox "delete contents"
2. SandboxDiff.exe (re-read instructions see if i'm missing something)
3. Press OK
(3.a.) Maybe look at Reg_before and see hive path err, continue anyway
4. Pick an app, right click, "run sandboxed"
5. Right click Sandboxie Control, pick "Terminate all programs"
6. SandboxDiff press "OK"
1d0
< hive path err
\ No newline at end of file
Same results if a RegHive exists or folder is empty.
But also like I said my hive file key starts with Sandbox_Username_DefaultBox even though I have not set it to use a username
My Sandboxie config is %SystemDrive%\Sandbox\%SANDBOX%
I do not see a regdump.exe anywhere on my system. I have an nlited XP install.
Thank you so much if you can explain
My user path
C:\Sandbox\DefaultBox
My userpath line
copy "C:\Sandbox\DefaultBox\RegHive" hive_1.bak /v /y > NUL
1. Sandbox "delete contents"
2. SandboxDiff.exe (re-read instructions see if i'm missing something)
3. Press OK
(3.a.) Maybe look at Reg_before and see hive path err, continue anyway
4. Pick an app, right click, "run sandboxed"
5. Right click Sandboxie Control, pick "Terminate all programs"
6. SandboxDiff press "OK"
1d0
< hive path err
\ No newline at end of file
Same results if a RegHive exists or folder is empty.
But also like I said my hive file key starts with Sandbox_Username_DefaultBox even though I have not set it to use a username
My Sandboxie config is %SystemDrive%\Sandbox\%SANDBOX%
I do not see a regdump.exe anywhere on my system. I have an nlited XP install.
Thank you so much if you can explain
Please try follows the sequence (notes in red):
- The "UserPath.bat" file (don't forget to rename "UserPath.bat.txt" to "UserPath.bat") needs to be in same folder that "SandboxDiff.exe". With your customized path: copy "C:\Sandbox\DefaultBox\RegHive" hive_1.bak /v /y > NUL
1. Sandbox "delete contents" --> When you do this you removes "RegHive" file also! ("C:\Sandbox\DefaultBox\RegHive") - Please add step 1A- and 1B
1A- Run Notepad.exe sandboxed. Close it after - so none app. is running sandboxed now. (this allows to create a "RegHive").
1B- Check if a "RegHive" is in "C:\Sandbox\DefaultBox". It should be.
2. SandboxDiff.exe (re-read instructions see if i'm missing something)
3. Press OK
(3.a.) Maybe look at Reg_before and see hive path err, continue anyway
4. Pick an app, right click, "run sandboxed" --> Don't do this step. For now don't run any app. sandboxed.
5. Right click Sandboxie Control, pick "Terminate all programs"
6. SandboxDiff press "OK"
Please post the text that it is in "Comp-Reg.txt" file.
Obs.: When you want work with SandboxDiff, you don't need to "delete contents". But if you do that you need to do a dummy action before (e.g. open/close Notepad), to create the "RegHive" file.
- The "UserPath.bat" file (don't forget to rename "UserPath.bat.txt" to "UserPath.bat") needs to be in same folder that "SandboxDiff.exe". With your customized path: copy "C:\Sandbox\DefaultBox\RegHive" hive_1.bak /v /y > NUL
1. Sandbox "delete contents" --> When you do this you removes "RegHive" file also! ("C:\Sandbox\DefaultBox\RegHive") - Please add step 1A- and 1B
1A- Run Notepad.exe sandboxed. Close it after - so none app. is running sandboxed now. (this allows to create a "RegHive").
1B- Check if a "RegHive" is in "C:\Sandbox\DefaultBox". It should be.
2. SandboxDiff.exe (re-read instructions see if i'm missing something)
3. Press OK
(3.a.) Maybe look at Reg_before and see hive path err, continue anyway
4. Pick an app, right click, "run sandboxed" --> Don't do this step. For now don't run any app. sandboxed.
5. Right click Sandboxie Control, pick "Terminate all programs"
6. SandboxDiff press "OK"
Please post the text that it is in "Comp-Reg.txt" file.
Obs.: When you want work with SandboxDiff, you don't need to "delete contents". But if you do that you need to do a dummy action before (e.g. open/close Notepad), to create the "RegHive" file.
Still Reg_before gives hive path err
and Comp-Reg
1d0
< hive path err
\ No newline at end of file
Additionally, although these do exist, filemon reports:
SandboxDiff.exe:3252 DIRECTORY C:\SANDBOX\ NO MORE FILES FileNamesInformation
nircmd.exe:548 QUERY INFORMATION C:\Sandbox\UserPath.bat NOT FOUND Attributes: Error
and Comp-Reg
1d0
< hive path err
\ No newline at end of file
Additionally, although these do exist, filemon reports:
SandboxDiff.exe:3252 DIRECTORY C:\SANDBOX\ NO MORE FILES FileNamesInformation
nircmd.exe:548 QUERY INFORMATION C:\Sandbox\UserPath.bat NOT FOUND Attributes: Error
Well like checking an alarm clock you set and already double checked 5 times, I made a new UserPath.bat and it is working now. Scratching my head, then I binary compared this new userpath.bat to the old one I deleted and they are binary = .
??? no clue what, maybe permissions or something???
Anyway, working good! Sorry to have wasted so much time.
??? no clue what, maybe permissions or something???
Anyway, working good! Sorry to have wasted so much time.
-
Guest
Thanks so much for sharing your work and not getting mad at me, this functions very well and is so useful. I do think that the instructions could be written a little bit more clear for dumber users like me, that an initial RegHive must be created first, through, for example, the 'notepad sandbox'.
so now how will we save the world economy next?
so now how will we save the world economy next?
-
Guest
I put both SandboxDiff.exe and UserPath.bat to the main root of sandbox folder.
I configured the path inside the UserPath.bat.
I doubled click on SandboxDiff.exe to start, running normally not being sandboxed!
I saw a dialog and clicked ok.
msgwait.exe crashed and reported the following error:
AppName: msgwait.exe AppVer: 0.0.0.0 ModName: crtdll.dll
ModVer: 4.0.1183.1 Offset: 000115ce
The error report file: http://rapidshare.com/files/256737870/d ... t.txt.html
What's up?
I configured the path inside the UserPath.bat.
I doubled click on SandboxDiff.exe to start, running normally not being sandboxed!
I saw a dialog and clicked ok.
msgwait.exe crashed and reported the following error:
AppName: msgwait.exe AppVer: 0.0.0.0 ModName: crtdll.dll
ModVer: 4.0.1183.1 Offset: 000115ce
The error report file: http://rapidshare.com/files/256737870/d ... t.txt.html
What's up?
Same msgwait.exe crash here. Not encountered with an older version of SandboxDiff.
Found this during Google search, so I assume that SandboxDiff is creating the msgwait.exe process:
http://www.threatexpert.com/report.aspx ... b2263cd4e0
Found this during Google search, so I assume that SandboxDiff is creating the msgwait.exe process:
http://www.threatexpert.com/report.aspx ... b2263cd4e0
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Who is online
Users browsing this forum: No registered users and 1 guest
