Block Process Access

Utilities designed for use with Sandboxie
rcbblgy
Posts: 33
Joined: Wed Oct 22, 2008 9:02 pm

Post by rcbblgy » Wed Jun 02, 2010 9:03 pm

Buster wrote:btw... nowadays there are even sound loggers! :o
and screen loggers 8)

rcbblgy
Posts: 33
Joined: Wed Oct 22, 2008 9:02 pm

Post by rcbblgy » Wed Jun 02, 2010 9:10 pm

wraithdu wrote:If you can be more specific about what APIs you would be interested in having the DLL block, I can look into it. I am not a researcher though and have no interest in studying keyloggers to figure out what needs to be done.
Sorry, I am not clear about it , I think this would be helpful

http://www.snapfiles.com/get/antikeyloggertester.html
Last edited by rcbblgy on Wed Jun 02, 2010 10:12 pm, edited 1 time in total.

rcbblgy
Posts: 33
Joined: Wed Oct 22, 2008 9:02 pm

Post by rcbblgy » Wed Jun 02, 2010 9:11 pm

Image

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Thu Jun 03, 2010 12:18 am

tzuk wrote:But I do think a lot of legitimate programs use these.
As with all the 'protections' in my DLL, anything is able to be disabled via the INI config file. Obviously this would come with a warning that it might / will break legitimate programs. It would be up to the user to decide if that's an inconvenience they can live with.

rcbblgy
Posts: 33
Joined: Wed Oct 22, 2008 9:02 pm

Post by rcbblgy » Thu Jun 03, 2010 6:24 am


rcbblgy
Posts: 33
Joined: Wed Oct 22, 2008 9:02 pm

Post by rcbblgy » Thu Jun 03, 2010 6:27 am

I dont know whether the Trojan virus uses the same way as those test tools

sbieuser

Post by sbieuser » Sat Jun 05, 2010 7:34 am

wraithdu, can you add blocking API SetThreadDesktop?

http://www.sandboxie.com/phpbb/viewtopic.php?t=7442

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Sat Jun 05, 2010 12:58 pm

I'll add it to the list. I'm hoping to get some work done in sbiextra this following week.

Everyone remember though, invoking all these blocks WILL break legitimate software as well. So use it all wisely.

Huma
Posts: 5
Joined: Tue Oct 19, 2010 8:48 pm

Post by Huma » Tue Oct 19, 2010 10:02 pm

Hi and thanks wraithdu for such a great extension

I wanted to test the ability of the Block Process Access to prevent MeGui (http://sourceforge.net/projects/megui/) (video encoder) from detecting itself from startup. I know that running two instances of Megui is not a good idea but it gives confirmation that another copy of itself is currently running.

I have sbiextra.dll here
C:\SB-blocked\sbiextra.dll

so the Sandboxie.ini should be edited with
(located in "C:\Windows\Sandboxie.ini")
InjectDll=C:\SB-blocked\sbiextra.dll

However when I read
"To use it, download the DLL and save it somewhere. Then insert this line in your Sandboxie.ini file under the sandbox you want to use the DLL."
In the first post I cant find Megui in the Sandboxie.ini file.

What am I doing wrong? Please help

Huma
Posts: 5
Joined: Tue Oct 19, 2010 8:48 pm

Post by Huma » Tue Oct 19, 2010 10:21 pm

Hi again
I went to "Sandbox\Create New Sandbox"
made a new sandbox called MeGui and went to ini config and place "InjectDll=C:\SB-blocked\sbiextra.dll" under the program
[[[[[[[[[[[[[[[[[[[[[[[[[[[[
[MeGui]

Enabled=y
ConfigLevel=7
AutoRecover=y
Template=BlockPorts
Template=LingerPrograms
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
InjectDll=C:\SB-blocked\sbiextra.dll
]]]]]]]]]]]]]]]]]]]]]]]]]]

But I still cant get MeGui to stop detecting another copy of itself

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Tue Oct 19, 2010 11:26 pm

1) Are you running both copies of MeGui in the same sandbox? If so, that is not blocked by my DLL. Access within the same sandbox is allowed.
2) MeGui could be using any of a large number of methods to detect another instance of itself, many of which are not blocked by my DLL. Without knowing how MeGui is detecting multiple instances, I can't help you further.

Huma
Posts: 5
Joined: Tue Oct 19, 2010 8:48 pm

Post by Huma » Tue Oct 19, 2010 11:44 pm

Humahaha thank you thank you

It worked!!!!! Thank You wraithdu are so good!!!!!!

I thought the newly created sandboxes were profiles not a single virtual box.

I ran 1 in a sanbox and another not sandboxed

XD

Huma
Posts: 5
Joined: Tue Oct 19, 2010 8:48 pm

Post by Huma » Wed Oct 20, 2010 12:20 am

Hi wraithdu, the MeGui test ran very well but Im trying to run multiple instances of a game, and even with 1 in a sandbox and the other not, either instance is still able to detect eah other.

The game is Last Chaos (http://lastchaos.aeriagames.com/) it has a loader so the game can update itself
The loader is LC.exe and it runs another program called "Nksp.exe" in another directory.

If an instance ie LC.exe loads another program (Nksp.exe) how canl that Nksp.exe be able to detect stuff outside of the box?

Is there a work around for this?

Thanks wraithdu

wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Wed Oct 20, 2010 12:47 pm

The developer of Sandboxie does not promote using it to circumvent multiplayer game anti-cheat mechanisms, and neither do I.

That being said, as I pointed out above there are a large number of ways a program can detect another instance of itself is running. My DLL only blocks a few of those methods (with the aim being the protection of privacy), so without knowing how your game works, I can't provide any insight. Pursuant to the above statement, I'm not inclined to help you out with that game in any case.

Huma
Posts: 5
Joined: Tue Oct 19, 2010 8:48 pm

Post by Huma » Thu Oct 21, 2010 7:26 pm

Its ok dude, despite what you said, I still think your DLL rocks!

If howeverever sandboxie does in future implement a true sandbox where it absolutly isolates the sandbox from the host machine it will be a massive boon for Sandboxie, for one it can live up to its name and two its sales will sky rocket for Im sure there are copius users just like me whom are willing to shell out for such a program.

VMWear can do what I need as it is a true sandbox however it is very taxing on the system. Sandboxie, however, doesnt require the same overhead but does a good, albeit partial job. The need for a low overhead and true Sandbox is huge, if Sandboxie doesnt do it first, some other softwear company Im sure will take up the slack sooner or later and it will become their boon.

Thank you wraithdu for your innovation and contribution ;)

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests