Explorer sendTo customized not working properly in Sandboxie

[PiwPi]

Hi,

I'm using Sandboxie 3.76 on Windows 7 64-bit. (Experimental protection turned on)

I would like to selectively wipe files from a sandboxed Explorer window. But since I've had a very bad experience with Eraser 6, I am using Eraser portable 5.8.8.1. As a portable app, I had to integrate it manually into Explorer's right click > sendTo menu by dropping a shortcut to a custom made batch file into C:\Users\[UserName]\AppData\Roaming\Microsoft\Windows\SendTo.

The batch script is as follow:

Code: Select all

@echo off
"D:\EraserPortable\App\eraser\Eraserl.exe" -file %1 -subfolders -method Random 6 -results -queue

It works outside of sandboxes, but not inside. I can see the command process being run if I keep an eye on Sandboxie control panel, but eraserl.exe never seems to get called.


Why is that and what can I do to fix this ? Thanks


Unrelated PS:
If you happen to know how I can delete multiple files at once with this technique, I'd be happy to hear it. Aside from putting them in a temp folder and wiping that folder with eraserl's -folder flag. Currently, files are deleted one at a time even if I select several. The sendTo feature might send the path of all selected files (or does it ?), but I don't know how to catch them all from the batch script. Even if I found out, eraserl would probably need to be called once separately for each file, no ? Oh well, that's off topic

[PiwPi]

So does anyone know how I can make the sendTo erase batch work when called from a sandbox ? That would help a ton =)

[Guest10]

Let me say first of all, that I think something's not quite right with EraserL's command line options:
eraserl [Data] [Method] [-silent | -results | -resultsonerror ] [-queue] [-options]
For [Data] they list:

Code: Select all

-file   data [-subfolders] 
-folder data [-subfolders] [-keepfolder]

In the first case, they are specifying that the data to be erased is a file.
But a file cannot have a subfolder, so I think that it the first one should be:

Code: Select all

-file   data

I don't see any indication that file and folder can both be specified on the same command line.
I'm assuming that you have to specify file (or) folder.

So, I created 2 'Send To' items:
Send To > Erase Files.bat
Send To > Erase Folders.bat
and the correct one needs to be used each time you erase anything.
----
Erase Files.bat:

@echo off
for %%a in (%1 %2 %3 %4 %5) do ("D:\EraserPortable\App\eraser\Eraserl.exe" -file %%a -method Random 3 -resultsonerror -queue)

----
Erase Folders.bat:

@echo off
for %%a in (%1 %2 %3 %4 %5) do ("D:\EraserPortable\App\eraser\Eraserl.exe" -folder %%a -subfolders -method Random 3 -resultsonerror -queue)

----

Notes:
I have edited the command lines that I used, so that they specify your location for EraserL.exe.

Please note that the above command lines include some other changes that I recommend, as shown in bold: 3 passes is more than enough; keep the results window open only if there's an error.
Of course, you can disregard those recommendations and use your own options instead.
You may also want to consider adding the '-silent' option, if you get it working.

I doubt that 5 (files or folders) is a limit, if you want to include %6 %7 etc in the above commands, but I only tested it with up to 5 files or folders at a time.

I only have XP (with administrator rights) and I had no problems with using it in a sandboxed Explorer window, so if it doesn't work with your OS I afraid that I can't help with that.

Using it with sandboxed Explorer erased files or folders that were actually located inside of the sandbox.
Since a sandboxed Explorer also shows files that are actually in the corresponding folder that is outside of the sandbox, erasing those files resulted in a 0 byte file being created inside of the sandbox - with the same name as the file that's outside of the sandbox, as expected.

[PiwPi]

Thanks for your very thorough answer.

I do use 2 batch scripts, one for files and one for folders.
I was perplex about using -file %1 -subfolders, but I figured it was allowed for a reason, such as making sure that the content of ZIP archives are wiped as well, or some other reason. I doubt it's for archives since I believe they're treated as one file, content included.


Anyway I tried your script and unfortunately, it didn't work. Both our scripts only work when the .bat is explicitly stored inside the sandbox. For some reason, Sandboxie won't call eraserl.exe. It does call cmd.exe very briefly, but doesn't seem to execute the batch file itself (I can't pause or ping from it to force the window to stay open).

I managed to screenshot the window. There is only one line written in there, saying the syntax is incorrect for the file or folder or volume name.

It looks like Sandboxie doesn't recognize %1. When the batch only contains "echo %1", I get the syntax incorrect thing. When it's "echo yay", it echoes yay properly.



Unrelated PS:
%2, %3, %4 ? Heh okay I'll use that, thanks
Though it's too bad that there doesn't seem to be an easy catch all method. %* probably can't be given to eraserl, since it contains ALL arguments it must be parsed. Maybe "for %%a in (%*)" would work...

[Guest10]

OK, but no commas in between %2 %3 %4 etc.

So you are using a sandboxed Explorer, selecting files, and then using the Send To .bat items that you placed outside of the sandbox? That works on XP.

I guess if you can read what the command windows says, you don't need to try this, but it would probably result in the command window staying open so you can read the messages.
Add (just temporarily):
Start /wait <space> to the beginning of the line:

start /wait for %%a in (%1 %2 %3 %4 %5) do ("D:\EraserPortable\App\eraser\Eraserl.exe" -file %%a -method Random 3 -resultsonerror -queue)

[PiwPi]

start /wait didn't work either for some reason. Screenshot shows the same error as described above but that's due to the %1 issue.

Should I post about this in the problem reports forum ? Maybe it's Sandboxie that needs a fix.

[Guest10]

Well, I don't know if it's related to your operating system version, since it does work on XP.
BTW, I did find this snippet of code on the Internet:
for %%i in (%*) do (echo %%i)
so it looks like %* might just work.

[PiwPi]

Good to know, I'll give it a try next time I need to wipe a non sandboxed file

For the records, I posted the problem report here.