and screen loggersBuster wrote:btw... nowadays there are even sound loggers!
Block Process Access
Sorry, I am not clear about it , I think this would be helpfulwraithdu wrote:If you can be more specific about what APIs you would be interested in having the DLL block, I can look into it. I am not a researcher though and have no interest in studying keyloggers to figure out what needs to be done.
http://www.snapfiles.com/get/antikeyloggertester.html
Last edited by rcbblgy on Wed Jun 02, 2010 10:12 pm, edited 1 time in total.
As with all the 'protections' in my DLL, anything is able to be disabled via the INI config file. Obviously this would come with a warning that it might / will break legitimate programs. It would be up to the user to decide if that's an inconvenience they can live with.tzuk wrote:But I do think a lot of legitimate programs use these.
wraithdu, can you add blocking API SetThreadDesktop?
http://www.sandboxie.com/phpbb/viewtopic.php?t=7442
http://www.sandboxie.com/phpbb/viewtopic.php?t=7442
Hi and thanks wraithdu for such a great extension
I wanted to test the ability of the Block Process Access to prevent MeGui (http://sourceforge.net/projects/megui/) (video encoder) from detecting itself from startup. I know that running two instances of Megui is not a good idea but it gives confirmation that another copy of itself is currently running.
I have sbiextra.dll here
C:\SB-blocked\sbiextra.dll
so the Sandboxie.ini should be edited with
(located in "C:\Windows\Sandboxie.ini")
InjectDll=C:\SB-blocked\sbiextra.dll
However when I read
"To use it, download the DLL and save it somewhere. Then insert this line in your Sandboxie.ini file under the sandbox you want to use the DLL."
In the first post I cant find Megui in the Sandboxie.ini file.
What am I doing wrong? Please help
I wanted to test the ability of the Block Process Access to prevent MeGui (http://sourceforge.net/projects/megui/) (video encoder) from detecting itself from startup. I know that running two instances of Megui is not a good idea but it gives confirmation that another copy of itself is currently running.
I have sbiextra.dll here
C:\SB-blocked\sbiextra.dll
so the Sandboxie.ini should be edited with
(located in "C:\Windows\Sandboxie.ini")
InjectDll=C:\SB-blocked\sbiextra.dll
However when I read
"To use it, download the DLL and save it somewhere. Then insert this line in your Sandboxie.ini file under the sandbox you want to use the DLL."
In the first post I cant find Megui in the Sandboxie.ini file.
What am I doing wrong? Please help
Hi again
I went to "Sandbox\Create New Sandbox"
made a new sandbox called MeGui and went to ini config and place "InjectDll=C:\SB-blocked\sbiextra.dll" under the program
[[[[[[[[[[[[[[[[[[[[[[[[[[[[
[MeGui]
Enabled=y
ConfigLevel=7
AutoRecover=y
Template=BlockPorts
Template=LingerPrograms
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
InjectDll=C:\SB-blocked\sbiextra.dll
]]]]]]]]]]]]]]]]]]]]]]]]]]
But I still cant get MeGui to stop detecting another copy of itself
I went to "Sandbox\Create New Sandbox"
made a new sandbox called MeGui and went to ini config and place "InjectDll=C:\SB-blocked\sbiextra.dll" under the program
[[[[[[[[[[[[[[[[[[[[[[[[[[[[
[MeGui]
Enabled=y
ConfigLevel=7
AutoRecover=y
Template=BlockPorts
Template=LingerPrograms
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
InjectDll=C:\SB-blocked\sbiextra.dll
]]]]]]]]]]]]]]]]]]]]]]]]]]
But I still cant get MeGui to stop detecting another copy of itself
1) Are you running both copies of MeGui in the same sandbox? If so, that is not blocked by my DLL. Access within the same sandbox is allowed.
2) MeGui could be using any of a large number of methods to detect another instance of itself, many of which are not blocked by my DLL. Without knowing how MeGui is detecting multiple instances, I can't help you further.
2) MeGui could be using any of a large number of methods to detect another instance of itself, many of which are not blocked by my DLL. Without knowing how MeGui is detecting multiple instances, I can't help you further.
Hi wraithdu, the MeGui test ran very well but Im trying to run multiple instances of a game, and even with 1 in a sandbox and the other not, either instance is still able to detect eah other.
The game is Last Chaos (http://lastchaos.aeriagames.com/) it has a loader so the game can update itself
The loader is LC.exe and it runs another program called "Nksp.exe" in another directory.
If an instance ie LC.exe loads another program (Nksp.exe) how canl that Nksp.exe be able to detect stuff outside of the box?
Is there a work around for this?
Thanks wraithdu
The game is Last Chaos (http://lastchaos.aeriagames.com/) it has a loader so the game can update itself
The loader is LC.exe and it runs another program called "Nksp.exe" in another directory.
If an instance ie LC.exe loads another program (Nksp.exe) how canl that Nksp.exe be able to detect stuff outside of the box?
Is there a work around for this?
Thanks wraithdu
The developer of Sandboxie does not promote using it to circumvent multiplayer game anti-cheat mechanisms, and neither do I.
That being said, as I pointed out above there are a large number of ways a program can detect another instance of itself is running. My DLL only blocks a few of those methods (with the aim being the protection of privacy), so without knowing how your game works, I can't provide any insight. Pursuant to the above statement, I'm not inclined to help you out with that game in any case.
That being said, as I pointed out above there are a large number of ways a program can detect another instance of itself is running. My DLL only blocks a few of those methods (with the aim being the protection of privacy), so without knowing how your game works, I can't provide any insight. Pursuant to the above statement, I'm not inclined to help you out with that game in any case.
Its ok dude, despite what you said, I still think your DLL rocks!
If howeverever sandboxie does in future implement a true sandbox where it absolutly isolates the sandbox from the host machine it will be a massive boon for Sandboxie, for one it can live up to its name and two its sales will sky rocket for Im sure there are copius users just like me whom are willing to shell out for such a program.
VMWear can do what I need as it is a true sandbox however it is very taxing on the system. Sandboxie, however, doesnt require the same overhead but does a good, albeit partial job. The need for a low overhead and true Sandbox is huge, if Sandboxie doesnt do it first, some other softwear company Im sure will take up the slack sooner or later and it will become their boon.
Thank you wraithdu for your innovation and contribution
If howeverever sandboxie does in future implement a true sandbox where it absolutly isolates the sandbox from the host machine it will be a massive boon for Sandboxie, for one it can live up to its name and two its sales will sky rocket for Im sure there are copius users just like me whom are willing to shell out for such a program.
VMWear can do what I need as it is a true sandbox however it is very taxing on the system. Sandboxie, however, doesnt require the same overhead but does a good, albeit partial job. The need for a low overhead and true Sandbox is huge, if Sandboxie doesnt do it first, some other softwear company Im sure will take up the slack sooner or later and it will become their boon.
Thank you wraithdu for your innovation and contribution
Who is online
Users browsing this forum: No registered users and 1 guest