Utilities designed for use with Sandboxie
-
tzuk
- Sandboxie Founder
- Posts: 16076
- Joined: Tue Jun 22, 2004 12:57 pm
Post
by tzuk » Wed Sep 24, 2008 10:25 am
tzuk
-
raid
- Posts: 58
- Joined: Sat Aug 23, 2008 12:17 am
- Location: TN, USA
-
Contact:
Post
by raid » Wed Sep 24, 2008 2:41 pm
tzuk wrote:I don't see Sandboxie as a malware research tool, so I'm not going to add features that are dedicated to malware research. Buster, I've already mentioned the InjectDll setting which would let you inject DLLs into sandboxed programs. All you need is to write a small DLL that hooks DeleteFile and prevent the deletion. Maybe you and guys can team up and figure out how to do that.
Perfectly understandable Tzuk. Although, Sandboxie does a fine job of assisting in malware research. You've really got one fantastic little program.
I will be purchasing a license for it very soon. Your a professional author and have gone out of your way as far as I'm concerned to answer my question.
Thanks again!
Everything is so different, yet I am the same...
-
dynarx
- Posts: 174
- Joined: Mon Apr 02, 2007 9:31 pm
- Location: New South Wales, Australia
Post
by dynarx » Wed Sep 24, 2008 8:20 pm
raid wrote:You've really got one fantastic little program.
Little it may be, but as we say round here, it's not the amount of code in the fight that counts, but the amount of fight in the code!
Just passing, don't mind me
Cheers, all.
Dynarx
-
Buster
- Posts: 2576
- Joined: Mon Aug 06, 2007 2:38 pm
-
Contact:
Post
by Buster » Thu Sep 25, 2008 2:44 am
Would be anyone able to code the same stuff tzuk did but in Delphi?
-
Ruhe
- Posts: 803
- Joined: Thu Jul 03, 2008 8:56 am
- Location: Germany
-
Contact:
Post
by Ruhe » Thu Sep 25, 2008 2:54 am
I'm a home and hobby Delphi coder but always have problems to read this C/C++ stuff.
-
Buster
- Posts: 2576
- Joined: Mon Aug 06, 2007 2:38 pm
-
Contact:
Post
by Buster » Thu Sep 25, 2008 3:46 am
Ruhe wrote:I'm a home and hobby Delphi coder but always have problems to read this C/C++ stuff.
I´m in the same situation.
-
Ruhe
- Posts: 803
- Joined: Thu Jul 03, 2008 8:56 am
- Location: Germany
-
Contact:
Post
by Ruhe » Sun Sep 28, 2008 7:30 am
After some tries, I'm not able to convert this code to Delphi.
-
Buster
- Posts: 2576
- Joined: Mon Aug 06, 2007 2:38 pm
-
Contact:
Post
by Buster » Wed Oct 01, 2008 5:47 am
http://www.megaupload.com/?d=EDI97UO3
There you can get a working DLL to avoid file deletion with source code included in Delphi.
I was unable to convert tzuk´s code so I used a hooking unit from other person.
tzuk: a question...
I tried to hook NtSetInformationFile from ntdll.dll but Sandboxie rejects to inject the DLL and aborts opening a sandbox.
Why does it happen?
-
Buster
- Posts: 2576
- Joined: Mon Aug 06, 2007 2:38 pm
-
Contact:
Post
by Buster » Wed Oct 01, 2008 9:56 am
up!
-
tzuk
- Sandboxie Founder
- Posts: 16076
- Joined: Tue Jun 22, 2004 12:57 pm
Post
by tzuk » Wed Oct 01, 2008 10:41 am
I don't know why it happens.
tzuk
-
Buster
- Posts: 2576
- Joined: Mon Aug 06, 2007 2:38 pm
-
Contact:
Post
by Buster » Wed Oct 01, 2008 12:15 pm
Fixed, thanks!
What about NtSetInformationFile from ntdll.dll? Do you know why it happens?
-
tzuk
- Sandboxie Founder
- Posts: 16076
- Joined: Tue Jun 22, 2004 12:57 pm
Post
by tzuk » Thu Oct 02, 2008 5:26 pm
I don't know why it happens.
tzuk
-
Buster
- Posts: 2576
- Joined: Mon Aug 06, 2007 2:38 pm
-
Contact:
Post
by Buster » Thu Oct 02, 2008 6:01 pm
Sorry, I thought you were meaning other thing.
If I send you the DLL could you check what´s going wrong?
-
tzuk
- Sandboxie Founder
- Posts: 16076
- Joined: Tue Jun 22, 2004 12:57 pm
Post
by tzuk » Thu Oct 02, 2008 6:21 pm
No, Buster, I am sorry but I don't think that's a good idea for me to debug your DLL.
tzuk
Who is online
Users browsing this forum: No registered users and 0 guests