[4.01.06] ExploitShield Browser Edition not compatible

Please post your problem description here

Moderator: Barb@Invincea

Post Reply
Sampei Nihira

[4.01.06] ExploitShield Browser Edition not compatible

Post by Sampei Nihira » Tue Apr 23, 2013 7:56 pm

OS XP Home S.P.3
SBIE ver 4.01.06 beta
ZeroVulnerabilityLabs ExploitShield Browser Edition 0.9.1 beta

____________________________________________________

Applied setup (DR_LaRRY_PEpPeR) SandboxIE - Under Resource Access > IPC Access > Direct Access add theses two lines:

(1) $:Exploitshield.exe
(2) *\BaseNamedObjects*\ZVL_IPC_Channel*

____________________________

Ver. SBIE 3.76 (OK).
Not ver SBIE 4.01.06.

DR_LaRRY_PEpPeR
Posts: 289
Joined: Wed Jul 04, 2012 11:40 pm
Location: St. Louis area

Post by DR_LaRRY_PEpPeR » Mon Apr 29, 2013 11:34 am

The problem isn't the settings (they still work with latest ExploitShield and Sandboxie 3.76). Checking IE 6, I can confirm that ExploitShield.dll will not load, under any circumstances, with any version of SBIE 4.01-4.01.06! :?







P.S. 100th post. :lol: 8)
XP Home-as-Pro SP3 (Admin) w/ continued updates (Embedded/POSReady 2009)
> Permissions + "2-level" SRP, latest Sandboxie (Pro/registered), EMET 4, no anti-anything (ever)
Did I make tzuk crazed... in his last days? :o

Sampei Nihira

Post by Sampei Nihira » Mon Apr 29, 2013 12:02 pm

Work for Tzuk.


p.s. congratulations !!

(100th post)

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Post by tzuk » Mon Apr 29, 2013 7:58 pm

In case ExploitShield uses the same injection scheme as EMET, can you check if version 4.01.07 makes a difference?

EMET discussion topic:
http://www.sandboxie.com/phpbb/viewtopic.php?t=15260
tzuk

DR_LaRRY_PEpPeR
Posts: 289
Joined: Wed Jul 04, 2012 11:40 pm
Location: St. Louis area

Post by DR_LaRRY_PEpPeR » Mon Apr 29, 2013 8:04 pm

Of course I haven't checked .07 yet (just saw the release 2 mins ago :lol:), but ExploitShield does not use the AppCompat mechanism -- it's some some of kernel driver that does the injection...

Sampei Nihira
Posts: 10
Joined: Wed May 22, 2013 5:05 pm

[10] Incompatibility Exploitshield 0.9.1 SBIE 4.01.10

Post by Sampei Nihira » Sun May 26, 2013 6:06 pm

Present in every OS.
All SBIE ver 4.

_______________________

SBIE 3.76 is OK.
Setting:


Sandboxie - Under Resource Access > IPC Access > Direct Access add theses two lines (DR_LaRRY_PEpPeR):

$:Exploitshield.exe
*\BaseNamedObjects*\ZVL_IPC_Channel*

Image
釣りキチ三平

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Post by tzuk » Sun May 26, 2013 9:34 pm

I've thought about this and I'm not sure if I should spend time with this problem. I think I would have to debug ExploitShield to see why it fails to inject the DLL, right? I would have to spend a lot of time to first understand what it is trying to do, and then where it fails. So it makes more sense to me that the ExploitShield people should look into it and find out why their injection method fails, because they already know what to look at. Did you try to reach out to them and ask them to take a look at this?
tzuk

Sampei Nihira
Posts: 10
Joined: Wed May 22, 2013 5:05 pm

Post by Sampei Nihira » Mon May 27, 2013 4:34 am

釣りキチ三平

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Post by tzuk » Mon May 27, 2013 8:36 am

Sampei Nihira it looks like you already had a topic about this so I merged the new topic with the old topic.
tzuk

Sampei Nihira
Posts: 10
Joined: Wed May 22, 2013 5:05 pm

Post by Sampei Nihira » Mon May 27, 2013 10:01 am

tzuk wrote:Sampei Nihira it looks like you already had a topic about this so I merged the new topic with the old topic.
OK.
Sorry.
釣りキチ三平

Sampei Nihira
Posts: 10
Joined: Wed May 22, 2013 5:05 pm

Post by Sampei Nihira » Sun Jun 23, 2013 7:52 am

Malwarebytes bought Zerovulnerabilitylabs:

http://www.zerovulnerabilitylabs.com
釣りキチ三平

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 6 guests