Hi,
I am using version 2.86. I want to look at the part of registry that is kept inside the sandboxie, how can I do that? I don't see the regdump tool from the installed program and the name of the registry file seems to have changed and is in a binary format. I know I can dump the whole system registry from inside sandboxie, but that is too big. I just want to see the registry changes made by a program running inside the sandboxie. Thanks for this nice tool.
Bill
How to dump the part of registry inside the sandboxie?
Moderator: Barb@Invincea
Just adding a little more detail to what Tzuk said above . . .
Use a registry editor like Windows built-in program regedt32, which you can access by presssing the Windows key (the one with the Microsoft flag) plus R (or r) and then typing regedt32. (Note that regedt32 does not have an "i" in it.) Find the Sandbox key under HKEY_USERS. It will look like this:
HKEY_USERS\Sandbox_YOURUSERNAME_DefaultBox, where YOURUSERNAME is your Windows login name.
Then right click on the HKEY_USERS\Sandbox_YOURUSERNAME_DefaultBox registry entry and choose export. That will save the sandboxed registry hive with a .reg extension, and you can open it for viewing with a text editor (like Notepad). Caution: DO NOT open the .reg file by double clicking -- as that will replace the registry hive with what you saved!
To see changes made by installing a program, just do that procedure before you install the new program in the sandbox and export the registry hive. Then repeat the procedure afterwards (renaming the export file, of course, so you don't overwrite the first one) and compare the contents of the two files either visually with a text editor like Notepad or by using a files comparison program.
Hope that helps. That description may be more basic and detailed than you need and I hope I didn't insult the OP, but perhaps some novice users will find these detailed instructions of some use.
Good luck.
Use a registry editor like Windows built-in program regedt32, which you can access by presssing the Windows key (the one with the Microsoft flag) plus R (or r) and then typing regedt32. (Note that regedt32 does not have an "i" in it.) Find the Sandbox key under HKEY_USERS. It will look like this:
HKEY_USERS\Sandbox_YOURUSERNAME_DefaultBox, where YOURUSERNAME is your Windows login name.
Then right click on the HKEY_USERS\Sandbox_YOURUSERNAME_DefaultBox registry entry and choose export. That will save the sandboxed registry hive with a .reg extension, and you can open it for viewing with a text editor (like Notepad). Caution: DO NOT open the .reg file by double clicking -- as that will replace the registry hive with what you saved!
To see changes made by installing a program, just do that procedure before you install the new program in the sandbox and export the registry hive. Then repeat the procedure afterwards (renaming the export file, of course, so you don't overwrite the first one) and compare the contents of the two files either visually with a text editor like Notepad or by using a files comparison program.
Hope that helps. That description may be more basic and detailed than you need and I hope I didn't insult the OP, but perhaps some novice users will find these detailed instructions of some use.
Good luck.
SBIE (Happy) User
-
Guest
Thanks very much for the help from both of you.
I just tried it and want to add some clarifications.
(1) don't try to run regedt32 or regedit inside sandboxie to export the registry, it will freeze that way. So run the regedt32 as regular application.
(2) must have a program running inside sandboxie before using regedt32, as pointed out by tzuk, otherwise you won't find the registry keys.
Bill
I just tried it and want to add some clarifications.
(1) don't try to run regedt32 or regedit inside sandboxie to export the registry, it will freeze that way. So run the regedt32 as regular application.
(2) must have a program running inside sandboxie before using regedt32, as pointed out by tzuk, otherwise you won't find the registry keys.
Bill
Who is online
Users browsing this forum: No registered users and 1 guest
