Block Process Access
-
- Posts: 12
- Joined: Fri Apr 09, 2010 9:05 am
@Guest10
Thanks for taking the time to test the problem. I really appreciate it and you have saved me a of time indeed.
@wraithdu
With the help of Guest10 and the test of your own. I think now I can pretty much rule out that there is any problem with your DLL. I am sorry to have said that in my previous statements. Anyway, I think I will update my XP to SP3 later to see if the problem go away.
@tzuk
Thanks for taking the time to test the problem. I really appreciate it and you have saved me a of time indeed.
@wraithdu
With the help of Guest10 and the test of your own. I think now I can pretty much rule out that there is any problem with your DLL. I am sorry to have said that in my previous statements. Anyway, I think I will update my XP to SP3 later to see if the problem go away.
@tzuk
Unfortunately, no. Thanks for helping me in this problem though, but since it seems that I'm the only who have this particular problem, so don't worry about it. I think I will deal with this problem later when I have time. Thanks again.ComputerNoob, was your sandbox initially populated by software running under Sandboxie version 3.42 ? Because something related to WinSxS DLLs (like that VC redist) has changed in version 3.43.18 and perhaps this is related. More here:
Hi all!
Looks like latest sbiextra.dll does not work correctly in last builds with other injected dlls. Let me clarify.
I am using 3.45.10 on Win XP Pro SP3 x86. There are three injected dlls:
All dlls work well excepts sbiextra.dll. Nevertheless it loads successfully:
But after that the whole test is failed.
In the case of
only the test is passed.
Possibly due to change of dll injection mechanism in Sandboxie?
Looks like latest sbiextra.dll does not work correctly in last builds with other injected dlls. Let me clarify.
I am using 3.45.10 on Win XP Pro SP3 x86. There are three injected dlls:
Code: Select all
InjectDll=C:\Program Files\Sandboxie\Buster Sandbox Analyzer\Dll\LOG_API.dll
InjectDll=C:\Program Files\Sandboxie\Buster Sandbox Analyzer\Dll\sbiextra.dll
InjectDll=C:\Program Files\Sandboxie\Buster Sandbox Analyzer\Dll\antidel.dll
OpenWinClass=TFormBSA
ConfigLevel=6
Enabled=y
NotifyInternetAccessDenied=y
BoxNameTitle=n
BorderColor=#0000FF
Code: Select all
Executing: c:\sandbox\test!!!\injtest.exe
LoadLibrary(d:\program files\sandboxie\buster sandbox analyzer\sbiextra.dll) [c:\sandbox\test!!!\injtest.exe]
GetModuleHandle(KERNEL32.DLL) [c:\sandbox\test!!!\injtest.exe]
GetModuleHandle(KERNEL32) [c:\sandbox\test!!!\injtest.exe]
GetModuleHandle(PGORT90.dll) [c:\sandbox\test!!!\injtest.exe]
OpenProcess(c:\sandbox\test!!!\injtest.exe) [c:\sandbox\test!!!\injtest.exe]
CreateRemoteThread(c:\sandbox\test!!!\injtest.exe) [c:\sandbox\test!!!\injtest.exe]
LoadLibrary(d:\program files\sandboxie\buster sandbox analyzer\antidel.dll) [c:\sandbox\test!!!\injtest.exe]
RegOpenKeyEx(HKLM\SYSTEM\CurrentControlSet\Control\Session Manager) [c:\sandbox\test!!!\injtest.exe]
RegOpenKeyEx(HKLM\Software\Microsoft\Ole) [c:\sandbox\test!!!\injtest.exe]
RegOpenKeyEx(HKLM\SOFTWARE\Microsoft\OLEAUT) [c:\sandbox\test!!!\injtest.exe]
RegOpenKeyEx(HKLM\SOFTWARE\Microsoft\OLEAUT\UserEra) [c:\sandbox\test!!!\injtest.exe]
LoadLibrary(kernel32.dll) [c:\sandbox\test!!!\injtest.exe]
LoadLibrary(advapi32.dll) [c:\sandbox\test!!!\injtest.exe]
LoadLibrary(oleaut32.dll) [c:\sandbox\test!!!\injtest.exe]
LoadLibrary(user32.dll) [c:\sandbox\test!!!\injtest.exe]
RegOpenKeyEx(HKCU\Software\Borland\Locales) [c:\sandbox\test!!!\injtest.exe]
RegOpenKeyEx(HKLM\Software\Borland\Locales) [c:\sandbox\test!!!\injtest.exe]
RegOpenKeyEx(HKCU\Software\Borland\Delphi\Locales) [c:\sandbox\test!!!\injtest.exe]
LoadLibrary(d:\program files\sandboxie\buster sandbox analyzer\antidel.rus) [c:\sandbox\test!!!\injtest.exe]
LoadLibrary(d:\program files\sandboxie\buster sandbox analyzer\antidel.ru) [c:\sandbox\test!!!\injtest.exe]
LoadLibrary(comctl32.dll) [c:\sandbox\test!!!\injtest.exe]
LoadLibrary(comdlg32.dll) [c:\sandbox\test!!!\injtest.exe]
................................
In the case of
Code: Select all
InjectDll=C:\Program Files\Sandboxie\Buster Sandbox Analyzer\Dll\sbiextra.dll
Possibly due to change of dll injection mechanism in Sandboxie?
Sorry, but I do not understand what you are trying to say. The DLL seems to be loaded... but what test is failed exactly? Are you running the test correctly? If you can provide a step by step process to reproduce your 'failure' results and information on what OS you are running, that would be helpful.
Generally, if sbiextra.dll works alone, but not with the other dlls, then there is a conflict somewhere with the other dlls, not Sandboxie itself. It could be one of the other dlls is hooking the same function(s) and is not coded correctly, I do not know.
Generally, if sbiextra.dll works alone, but not with the other dlls, then there is a conflict somewhere with the other dlls, not Sandboxie itself. It could be one of the other dlls is hooking the same function(s) and is not coded correctly, I do not know.
OS: Windows XP SP3 Pro Rus
"Test" means injtest.exe included in the archive. And it fails according all three criterias mentioned in readme file.
If sbiextra conflicts with two other dlls then I assume they should expect problem during work. But it is not observed.
Please let me know about any additional information that can help.
"Test" means injtest.exe included in the archive. And it fails according all three criterias mentioned in readme file.
If sbiextra conflicts with two other dlls then I assume they should expect problem during work. But it is not observed.
Please let me know about any additional information that can help.
I just made a test and no, GetRawInputData doesn´t call other APIs.
I agree with tzuk, lots of applications make use of those APIs, almost every application.
In my test a keylogger was able to log the keys pressed in an unsandboxed NOTEPAD.EXE. I guess the objective would be blocking sandboxed applications from logging keystrokes from unsandboxed applications but I don´t know if that´s possible. tzuk will know better than me.
I was taking a look at GetRawInputData information at MSDN and I don´t see how could be possible to filter data between sandboxed/unsandboxed source.
I agree with tzuk, lots of applications make use of those APIs, almost every application.
In my test a keylogger was able to log the keys pressed in an unsandboxed NOTEPAD.EXE. I guess the objective would be blocking sandboxed applications from logging keystrokes from unsandboxed applications but I don´t know if that´s possible. tzuk will know better than me.
I was taking a look at GetRawInputData information at MSDN and I don´t see how could be possible to filter data between sandboxed/unsandboxed source.
Who is online
Users browsing this forum: No registered users and 1 guest