Buster Sandbox Analyzer

Utilities designed for use with Sandboxie
Locked
Bellzemos
Posts: 863
Joined: Wed Feb 17, 2010 2:08 pm

Post by Bellzemos » Tue May 07, 2013 5:00 am

I can't say that for sure. The update from v7 to v8 was some time ago, it could be that I didn't use the BSA & TestBox in that time, I'm not sure though.

Could please anyone who is using Avast AV try to run Windows Explorer in a sandbox for BSA to confirm if Avast is the problem? Thank you in advance!

Bellzemos
Posts: 863
Joined: Wed Feb 17, 2010 2:08 pm

Post by Bellzemos » Wed May 08, 2013 9:26 am

Anyone? Pretty please? :)

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Wed May 08, 2013 10:01 am

Image

Bellzemos
Posts: 863
Joined: Wed Feb 17, 2010 2:08 pm

Post by Bellzemos » Thu May 09, 2013 8:37 am

That's gotta be out of some DOS game, I don't know which one though. :)

If I delete the LOG API injections from the TestBox I will be still able to see all the file changes and internet connections when trying programs with BSA, right?

Another thing - in the latest BSA version the program icon is in very low resolution, could you fix that please?

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Thu May 09, 2013 9:22 am

Bellzemos wrote:That's gotta be out of some DOS game, I don't know which one though. :)

If I delete the LOG API injections from the TestBox I will be still able to see all the file changes and internet connections when trying programs with BSA, right?

Another thing - in the latest BSA version the program icon is in very low resolution, could you fix that please?
It is from "The secret of Monkey Island".

If you do not inject LOG_API you still will be able to see file/registry and internet connections.

1.88 was last release, so I will not change program´s icon.

Bellzemos
Posts: 863
Joined: Wed Feb 17, 2010 2:08 pm

Post by Bellzemos » Thu May 09, 2013 12:02 pm

Thank you, I will use it without LOG API. And I imported a high resolution icon from the BSA 1.81 which I saved before. :)

Bellzemos
Posts: 863
Joined: Wed Feb 17, 2010 2:08 pm

Post by Bellzemos » Tue Jun 18, 2013 11:05 am

Before I update the Sandboxie: does the new v4 work with BSA? What are the limitations?

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Tue Jun 18, 2013 11:58 am

No, it does not work.

Bellzemos
Posts: 863
Joined: Wed Feb 17, 2010 2:08 pm

Post by Bellzemos » Tue Jun 18, 2013 1:07 pm

It doesn't work at all or is it just limited in some functions?

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Tue Jun 18, 2013 2:43 pm

LOG_API does not work at all so it is limited in some functions.

SandyBox
Posts: 8
Joined: Tue Jul 02, 2013 3:27 pm

Post by SandyBox » Fri Jul 05, 2013 12:55 pm

This Sandbox Analyzer seems to be a nice add-on to Sandboxie.
My intention of using Sandboxie in combination with BSA is making a backup of files before they get actually changed by an installer.
Sadly I have some problems getting it to work properly.

Here are some facts of my evaluating:
1. Under Sandboxie 4.02 the 64-bit-dll doesn't work in Sandboxie (after reading this forum not surprisingly - see 3 posts above) -> "upgraded" to 3.76

2. Under Sandboxie 3.76 the 64-bit-dll doesn't work in Sandboxie. Trying to save a new text-file via notepad leads to an error (see report.wer below); same behaviour trying explorer sandboxed.
But the API-window in BSA shows information. -> Deleted 64-bit-dll-enry in sandboxie-config

3. Both programs run without errors now but something still seems to be wrong.
a) In FileDiff.txt there is no "-" for deleted or ~ for changed files (always it's a "+").
b) In FileDiff.txt the path of files is wrong. Sandboxie runs as normal user, BSA as admin.
When I save a text-file under normal users desktop the result in FileDiff.txt is C:\Users\Admin\Desktop\text.txt

What is the problem with the 64-bit-dll? Why is the FileDiff-output wrong?
Please help me to solve those problems.
Thanks in advance

report.wer:
Version=1
EventType=APPCRASH
EventTime=130160255837303450
ReportType=2
Consent=1
UploadTime=130160255840313622
ReportIdentifier=62a19154-d803-11e2-b545-485b39121d2f
IntegratorReportIdentifier=62a19153-d803-11e2-b545-485b39121d2f
Response.BucketId=117194276
Response.BucketTable=4
Response.type=4
Sig[0].Name=Anwendungsname
Sig[0].Value=notepad.exe
Sig[1].Name=Anwendungsversion
Sig[1].Value=6.1.7600.16385
Sig[2].Name=Anwendungszeitstempel
Sig[2].Value=4a5bc9b3
Sig[3].Name=Fehlermodulname
Sig[3].Value=USER32.dll
Sig[4].Name=Fehlermodulversion
Sig[4].Value=6.1.7601.17514
Sig[5].Name=Fehlermodulzeitstempel
Sig[5].Value=4ce7c9f1
Sig[6].Name=Ausnahmecode
Sig[6].Value=c000001d
Sig[7].Name=Ausnahmeoffset
Sig[7].Value=0000000000005357
DynamicSig[1].Name=Betriebsystemversion
DynamicSig[1].Value=6.1.7601.2.1.0.256.48
DynamicSig[2].Name=Gebietsschema-ID
DynamicSig[2].Value=1031
DynamicSig[22].Name=Zusatzinformation 1
DynamicSig[22].Value=6da2
DynamicSig[23].Name=Zusatzinformation 2
DynamicSig[23].Value=6da2b402497f679254c78375c3071ebd
DynamicSig[24].Name=Zusatzinformation 3
DynamicSig[24].Value=698c
DynamicSig[25].Name=Zusatzinformation 4
DynamicSig[25].Value=698c16f5ae9cd96dc869cf188ea8d63a
UI[2]=C:\Windows\System32\notepad.exe
UI[3]=Editor funktioniert nicht mehr
UI[4]=Windows kann online nach einer Lösung für das Problem suchen.
UI[5]=Online nach einer Lösung suchen und das Programm schließen
UI[6]=Später online nach einer Lösung suchen und das Programm schließen
UI[7]=Programm schließen
LoadedModule[0]=C:\Windows\System32\notepad.exe
LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\Windows\system32\kernel32.dll
LoadedModule[3]=C:\Windows\system32\KERNELBASE.dll
LoadedModule[4]=C:\Windows\system32\USER32.dll
LoadedModule[5]=C:\Windows\system32\GDI32.dll
LoadedModule[6]=C:\Windows\system32\LPK.dll
LoadedModule[7]=C:\Windows\system32\USP10.dll
LoadedModule[8]=C:\Windows\system32\msvcrt.dll
LoadedModule[9]=C:\Windows\system32\IMM32.DLL
LoadedModule[10]=C:\Windows\system32\MSCTF.dll
LoadedModule[11]=C:\Windows\system32\ADVAPI32.dll
LoadedModule[12]=C:\Windows\SYSTEM32\sechost.dll
LoadedModule[13]=C:\Windows\system32\RPCRT4.dll
LoadedModule[14]=C:\Windows\system32\COMDLG32.dll
LoadedModule[15]=C:\Windows\system32\SHLWAPI.dll
LoadedModule[16]=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll
LoadedModule[17]=C:\Windows\system32\SHELL32.dll
LoadedModule[18]=C:\Windows\System32\WINSPOOL.DRV
LoadedModule[19]=C:\Windows\system32\ole32.dll
LoadedModule[20]=C:\Windows\system32\OLEAUT32.dll
LoadedModule[21]=C:\Windows\System32\VERSION.dll
LoadedModule[22]=C:\Windows\System32\CRYPTBASE.dll
LoadedModule[23]=C:\Windows\system32\uxtheme.dll
LoadedModule[24]=C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll
LoadedModule[25]=C:\Program Files (x86)\ATI Technologies\HydraVision\GridHook64.dll
LoadedModule[26]=C:\Windows\System32\dwmapi.dll
LoadedModule[27]=C:\Windows\System32\PROPSYS.dll
LoadedModule[28]=C:\Windows\system32\CLBCatQ.DLL
LoadedModule[29]=C:\Windows\System32\CRYPTSP.dll
LoadedModule[30]=C:\Windows\system32\rsaenh.dll
LoadedModule[31]=C:\Windows\System32\RpcRtRemote.dll
LoadedModule[32]=C:\Windows\system32\explorerframe.dll
LoadedModule[33]=C:\Windows\system32\DUser.dll
LoadedModule[34]=C:\Windows\system32\DUI70.dll
LoadedModule[35]=C:\Windows\System32\WindowsCodecs.dll
LoadedModule[36]=C:\Windows\System32\apphelp.dll
LoadedModule[37]=C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
LoadedModule[38]=C:\Windows\system32\dbghelp.dll
LoadedModule[39]=C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCP90.dll
LoadedModule[40]=C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll
LoadedModule[41]=C:\Windows\system32\EhStorShell.dll
LoadedModule[42]=C:\Windows\system32\SETUPAPI.dll
LoadedModule[43]=C:\Windows\system32\CFGMGR32.dll
LoadedModule[44]=C:\Windows\system32\DEVOBJ.dll
LoadedModule[45]=C:\Windows\System32\cscui.dll
LoadedModule[46]=C:\Windows\System32\CSCDLL.dll
LoadedModule[47]=C:\Windows\System32\CSCAPI.dll
LoadedModule[48]=C:\Windows\system32\ntshrui.dll
LoadedModule[49]=C:\Windows\System32\srvcli.dll
LoadedModule[50]=C:\Windows\System32\slc.dll
LoadedModule[51]=C:\Windows\System32\MsftEdit.dll
LoadedModule[52]=C:\Windows\System32\msls31.dll
LoadedModule[53]=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
LoadedModule[54]=C:\Windows\System32\profapi.dll
LoadedModule[55]=C:\Windows\system32\xmllite.dll
LoadedModule[56]=C:\Windows\System32\ntmarta.dll
LoadedModule[57]=C:\Windows\system32\WLDAP32.dll
LoadedModule[58]=C:\Windows\System32\OLEACC.dll
LoadedModule[59]=C:\Windows\System32\UIAutomationCore.dll
LoadedModule[60]=C:\Windows\system32\PSAPI.DLL
State[0].Key=Transport.DoneStage1
State[0].Value=1
State[1].Key=DataRequest
State[1].Value=iData=1/nDumpFile=//Upload//iCab//82bcc49687fc4801a30910f78b59a551-efc1fb80a9c6f75065d2688dfe301b70-4-117194276-AppCrash64-6-1-7601-2.cab/nDumpServer=watson.microsoft.com/nResponseServer=watson.microsoft.com/nResponseURL=//dw//StageFour64.asp?iBucket=117194276&szCab=82bcc49687fc4801a30910f78b59a551.cab&EventType=AppCrash64&BucketHash=efc1fb80a9c6f75065d2688dfe301b70&MID=06A762C4-FD33-46D0-828F-392F558EFDA4/nBucket=117194276/nBucketTable=4/nResponse=1/n
FriendlyEventName=Nicht mehr funktionsfähig
ConsentKey=APPCRASH
AppName=Editor
AppPath=C:\Windows\System32\notepad.exe

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Sun Jul 07, 2013 10:48 am

SandyBox: BSA is not compatible with Sandboxie 4.xx, so you should stay using Sandboxie 3.76.

I do not know why the 64-bit-dll doesn't work in Sandboxie 3.76. Probably it is due a conflict with other software you have installed in your system. You could try uninstalling other software until you find out what software is the responsible of the conflict.

SandyBox
Posts: 8
Joined: Tue Jul 02, 2013 3:27 pm

Post by SandyBox » Sun Jul 07, 2013 3:22 pm

Thank you Buster for your answer.
Instead of uninstalling numerous software (this would be very time consuming and the success is not guaranteed) I actually try to achieve the needed BSA-function by some batch programing (also some kind of time consuming :wink: ).

Coders like you are always PC-heroes to me. They spend very much time on their project, make it available to the public and often have to consider to deal with updated software (in this case Sandboxie 4.02) which they upgrade to a more powerful tool.
I wish you all the best.

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Sat Aug 24, 2013 4:15 pm

I have re-released BSA 1.88 in order to fix a bug when processing URLs from command line.

At the moment the package has been updated here:

http://www.woodmann.com/virusbuster/bsa.rar

When the other link has been updated I will post an update.

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Post by Buster » Tue Aug 27, 2013 7:38 am

Version 1.88 has been re-released to fix a bug and the fixed binary is already available inside BSA package on both servers.

Locked

Who is online

Users browsing this forum: No registered users and 1 guest