You are here

Sandboxie

24 posts / 0 new
Last post
listaspablo
Offline
Last seen: 18 years 5 months ago
Joined: 2006-01-18 09:23
Sandboxie

I´m testing Portable Sandboxie. My idea is use this soft to safely use USB on any computer without making modification to host computer.
www.sandboxie.com and download the file.
My Batch files wich run browser in sandboxed
The idea is starting PSTart so any app runned by this menu, is sandboxed.
Is a very primitive idea of implementing...but it works.
Try and tell me opinions

start.cmd
--------------------------------
regedit /s Sanboxie+.reg
copy Sandboxie.ini %SystemRoot%\
sandboxieinstall.exe /install /S /D=C:\temp
sc.exe create Sandbox binpath= C:\temp\Sandbox.sys type= kernel start= auto error= normal DisplayName= Sandbox
sc.exe start sandbox
C:\temp\Start.exe default_browser

stop.cmd
----------------------------------
sc.exe stop Sandbox
sc.exe delete Sandbox
pskill.exe Control.exe
sandboxieinstall.exe /remove /S /D=C:\temp
rd /s /q "%APPDATA%\Sandbox"
del %SystemRoot%\Sandboxie.ini

clean.cmd
-----------------------------------
rd /s /q "%APPDATA%\Sandbox"

Sandboxie.ini
--------------------------------------
# Sandboxie Configuration File
# Automatically generated whenever the configuration changes.
# Set ConfigLevel to 99 to prevent the overwriting of this file.

[GlobalSettings]
ConfigLevel=1
BoxRootFolder=%AppData%
CopyLimitKb=32768

[DefaultBox]
Enabled=yes
OpenFilePath=msimn.exe,%AppData%\Identities
OpenFilePath=msimn.exe,%Local AppData%\Identities
OpenKeyPath=msimn.exe,HKEY_CURRENT_USER\Identities
OpenKeyPath=msimn.exe,HKEY_CURRENT_USER\Software\Microsoft\Outlook Express

RecoverFolder=%Favorites%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%

tappet
Offline
Last seen: 4 years 11 months ago
Joined: 2006-01-04 20:32
This is a really neat idea.

This is a really neat idea. Would it be possible to do it from the VB Script from this topic: https://portableapps.com/node/639#comment-2238? This might provide a little bit cleaner solution, although it does require scripting to be enabled on the host computer.

I'm using a version of this script on my key at the moment, although I'm running bblean instead of PStart. It works really well for me. What do you think?

Tappet

Tappet
__________________
"I am still learning."
--Socrates

listaspablo
Offline
Last seen: 18 years 5 months ago
Joined: 2006-01-18 09:23
Portable

Yes, using vbs is more clean...i already started making it. But i´m out of time. BBlean is good, i will try it.
If you make the vbs post it please

listaspablo
Offline
Last seen: 18 years 5 months ago
Joined: 2006-01-18 09:23
New batch

I have installed it and copied to a dir wich i use for sandobxie
Then i have uninstalled it and start it with this batch
Note that runs Notepad with # just to note its started in sandbox.
PSKILL.exe http://www.sysinternals.com/Utilities/PsKill.html
REG.exe http://www.softpanorama.org/Unixification/Registry/microsoft_registry_to...
The need is to convert this to VBS or anything more clean, but this way it works for me.
Thanks

start.cmd--------------------------------------------

cmdow @ /hid
SET sandboxdir=%~dp0
cd %sandboxdir%
REG.exe HKLM\Software\tzuk\Sandboxie\Home=%sandboxdir%
REG.exe UPDATE HKLM\Software\tzuk\Sandboxie\Home=%sandboxdir%
regedit /s Sandboxie+.reg
copy Sandboxie.ini %SystemRoot%\
sc.exe create Sandbox binpath= "%sandboxdir%Sandbox.sys" type= kernel start= auto error= normal DisplayName= Sandbox
sc.exe start sandbox
%sandboxdir%Start.exe notepad.exe

stop.cmd--------------------------------------------------
cmdow @ /hid
sc.exe stop Sandbox
sc.exe delete Sandbox
pskill.exe Control.exe
pskill.exe SandboxieDcomLaunch.exe
pskill.exe SandboxieRpcSs.exe
rd /s /q "%APPDATA%\Sandbox"
del %SystemRoot%\Sandboxie.ini
REG.exe DELETE HKCU\Sandbox\ /FORCE
REG.exe DELETE HKLM\SOFTWARE\tzuk /FORCE
REG.exe DELETE HKCU\Software\tzuk /FORCE

sanboxie.ini---------------------------------------------
# Sandboxie Configuration File
# Automatically generated whenever the configuration changes.
# Set ConfigLevel to 99 to prevent the overwriting of this file.

[GlobalSettings]
ConfigLevel=1
BoxRootFolder=%AppData%
CopyLimitKb=32768

[DefaultBox]
Enabled=yes
OpenFilePath=msimn.exe,%AppData%\Identities
OpenFilePath=msimn.exe,%Local AppData%\Identities
OpenKeyPath=msimn.exe,HKEY_CURRENT_USER\Identities
OpenKeyPath=msimn.exe,HKEY_CURRENT_USER\Software\Microsoft\Outlook Express

RecoverFolder=%Favorites%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%

Sandboxie+.reg-------------------------------------------------
REGEDIT4

[HKEY_CURRENT_USER\Software\tzuk]

[HKEY_CURRENT_USER\Software\tzuk\Sandboxie]

[HKEY_CURRENT_USER\Software\tzuk\Sandboxie\Control]
"Window_Top"=dword:0000000e
"Window_Left"=dword:00000007
"Window_Bottom"=dword:0000016c
"Window_Right"=dword:0000012e
"Column 0 Width"=dword:00000097
"Column 1 Width"=dword:0000002f
"Column 2 Width"=dword:00000050
"Show_All_Processes"=dword:00000000
"FirstRun"=dword:00000000
"Last_Version_Check"=hex:46,02,cc,30,d7,43,c6,01

tappet
Offline
Last seen: 4 years 11 months ago
Joined: 2006-01-04 20:32
A couple of questions...

OK, I'm just trying to see if I understand how to use this. If I have any of this wrong, let me know:

  • There are four files described here: start.cmd, stop.cmd, sandboxie.ini, and sandboxie+.reg.
  • Install Sandboxie on host computer, then copy the install directory to the USB, and uninstall from the host computer.
  • In the USB Sandboxie directory, add the four files, plus PSKILL.exe and REG.exe.
  • Run start.cmd to launch Sandboxie.
  • Do whatever it is you are doing with your portable apps.
  • Run stop.cmd to close sandboxie and clean up the registry.

Do I have that sequence right?

Oh, and just to clarify, is everything that I do between running start.cmd and stop.cmd in the sandbox, or just the program that is run from start.cmd (in your example, notepad)?

Thanks for the work on this. I think it could really solve some of the security concerns that arise with portable apps.

Tappet
__________________
"I am still learning."
--Socrates

Tappet
__________________
"I am still learning."
--Socrates

listaspablo
Offline
Last seen: 18 years 5 months ago
Joined: 2006-01-18 09:23
Sand

Yes, you are right...
Any other soft yo need sandboxed start with "%sandboxdir%Start.exe app.exe"
Use only the start.exe that is on sandbox dir.
I use PStart sandboxed, so any other soft that runs from it has the sandbox.
My english is not so good, so excuse me for my litle explanation in my posts.
You need this too wich cleans the sandbox...BUT BE CAREFULL if you saved something important.

CLEAN.cmd----------------------------------------
cmdow @ /hid
rd /s /q "%APPDATA%\Sandbox"

We need to convert this scripts to something more clean (VBS, NSIS, AutoIT)...

Good luck...and sandbox ALL...

nm35
Offline
Last seen: 18 years 3 months ago
Developer
Joined: 2005-12-12 17:13
Are BAT files "dirty"?I'll

Are BAT files "dirty"?

I'll take a look and see what I can do about NSIS-izing it. Shouldn't be too hard. (Except that the "remove" function doesn't always work right...)

See my blog post on the matter: https://portableapps.com/node/1320

~nm35
a.k.a. Mark

DigeratiPrime
Offline
Last seen: 17 years 10 months ago
Joined: 2005-12-11 20:55
looking forward to the nsis

looking forward to the nsis script Smile

btw anyone know whats causing this error i get with start.cmd

http://img159.imageshack.us/img159/7787/47es.png

listaspablo
Offline
Last seen: 18 years 5 months ago
Joined: 2006-01-18 09:23
This Line in start.cmd REG

This Line in start.cmd
REG HKLM\Software\tzuk\Sandboxie\Home=%sandboxdir%

Should Be

REG ADD HKLM\Software\tzuk\Sandboxie\Home=%sandboxdir%

Sorry, my mistake.
I´´m happy to see some people interested in this.

DigeratiPrime
Offline
Last seen: 17 years 10 months ago
Joined: 2005-12-11 20:55
thank you, i still get a

thank you, yet i still get a error about control.exe Sad

http://img49.imageshack.us/img49/9175/sandboxie2b5dx.png

fyi iam using the 2.31 beta version posted over in the forums there.

i solved another issue by adding (") around two lines in start.cmd

SET sandboxdir=%~dp0
cd %sandboxdir%
REG ADD "HKLM\Software\tzuk\Sandboxie\Home=%sandboxdir%"
REG UPDATE "HKLM\Software\tzuk\Sandboxie\Home=%sandboxdir%"
regedit /s Sandboxie+.reg
copy Sandboxie.ini %SystemRoot%\
sc.exe create Sandbox binpath= "%sandboxdir%Sandbox.sys" type= kernel start= auto error= normal DisplayName= Sandbox
sc.exe start sandbox
%sandboxdir%Start.exe mplayerc.exe

if i manually start control.exe and then run start.cmd it works but the 'sandbox' is stored in the default %APPDATA% folder.

listaspablo
Offline
Last seen: 18 years 5 months ago
Joined: 2006-01-18 09:23
Its MPLAYERC.exe on path or

Its MPLAYERC.exe on path or sandboxdir?

DigeratiPrime
Offline
Last seen: 17 years 10 months ago
Joined: 2005-12-11 20:55
i put mplayerc.exe in

i put mplayerc.exe in D:\Sandboxie which contains start.cmd , start.exe , etc.

azjerry
Offline
Last seen: 7 years 3 months ago
Joined: 2005-12-09 12:42
I had similar problems. To

I had similar problems. To fix I had to:
- get the specific version of reg.exe mentioned at the top. I could not get it working with the XP version of reg.exe
- removed the "" marks I added based on a previous post. While this got me past the first error, it gave me a new similar error about control.exe
- the program to be run has to be in the Sandboxie folder OR use the full path to it.

Here's my working version:

cmdow @ /hid
SET sandboxdir=%~dp0
cd %sandboxdir%
REG.exe ADD    HKLM\Software\tzuk\Sandboxie\Home=%sandboxdir%
REG.exe UPDATE HKLM\Software\tzuk\Sandboxie\Home=%sandboxdir%
regedit /s Sandboxie+.reg
copy Sandboxie.ini %SystemRoot%\
sc.exe create Sandbox binpath= %sandboxdir%Sandbox.sys type= kernel start= auto error= normal DisplayName= Sandbox
sc.exe start sandbox
"%sandboxdir%Start.exe" c:\windows\notepad.exe

Now if I could only get it to stop asking me upbout checking for updates.

listaspablo
Offline
Last seen: 18 years 5 months ago
Joined: 2006-01-18 09:23
Sand

I have made an AutoIt script to make Sandboxie work...i currently use 2.30 to make this. Have anyone interest on this?

azjerry
Offline
Last seen: 7 years 3 months ago
Joined: 2005-12-09 12:42
I'd like to see your script

I'd like to see your script

listaspablo
Offline
Last seen: 18 years 5 months ago
Joined: 2006-01-18 09:23
Portable

1-Install
2-Copy all files to a folder of your choice
3-Copy sandbox.ini on your c:\windows to the folder
4-Uninstall all
5-Reboot
6-Put the au3 code compiled on the folder
7-Run It

You can pass other soft on command line parameters. It run calc when nothing its specified only to show it works


#NoTrayIcon

$exefile=("start.exe")

If FileExists($exefile) Then

FileCopy("sandboxie.ini",@WindowsDir,1)

RegWrite('HKEY_CURRENT_USER\Software\tzuk\Sandboxie\Control','Window_Top',"REG_DWORD",0x0000000e)
RegWrite('HKEY_CURRENT_USER\Software\tzuk\Sandboxie\Control','Window_Left',"REG_DWORD",0x00000007)
RegWrite('HKEY_CURRENT_USER\Software\tzuk\Sandboxie\Control','Window_Bottom',"REG_DWORD",0x0000016c)
RegWrite('HKEY_CURRENT_USER\Software\tzuk\Sandboxie\Control','Window_Right',"REG_DWORD",0x0000012e)
RegWrite('HKEY_CURRENT_USER\Software\tzuk\Sandboxie\Control','Column 0 Width',"REG_DWORD",0x00000097)
RegWrite('HKEY_CURRENT_USER\Software\tzuk\Sandboxie\Control','Column 1 Width',"REG_DWORD",0x0000002f)
RegWrite('HKEY_CURRENT_USER\Software\tzuk\Sandboxie\Control','Column 2 Width',"REG_DWORD",0x00000050)
RegWrite('HKEY_CURRENT_USER\Software\tzuk\Sandboxie\Control','Show_All_Processes',"REG_DWORD",0x00000000)
RegWrite('HKEY_CURRENT_USER\Software\tzuk\Sandboxie\Control','FirstRun',"REG_DWORD",0x00000000)
RegWrite('HKEY_CURRENT_USER\Software\tzuk\Sandboxie\Control','Last_Version_Check',"REG_BINARY","36085aa35457c601")
RegWrite('HKEY_LOCAL_MACHINE\SOFTWARE\tzuk\Sandboxie','Home',"REG_SZ",@ScriptDir)

$PID = Run("sc.exe create Sandbox binpath= " & Chr(34) & @ScriptDir & "\Sandbox.sys" & chr(34) & " type= kernel start= auto error= normal DisplayName= Sandbox", @ScriptDir,@SW_HIDE)
ProcessWaitClose($PID)
$PID = Run("sc.exe start sandbox", "", @SW_HIDE)
ProcessWaitClose($PID)

Select
Case $CmdLine[0] = 0
$PID = Run("control.exe")
Sleep(2000)
Run($exefile & " calc.exe")
ProcessWaitClose($PID)
Case Else
$PID = Run("control.exe")
Sleep(2000)
Run($exefile & " " & $CmdLine[1])
ProcessWaitClose($PID)
EndSelect

ProcessClose("SandboxieDcomLaunch.exe")
ProcessClose("SandboxieRpcSs.exe")
$PID = Run("sc.exe stop Sandbox", "", @SW_HIDE)
ProcessWaitClose($PID)
$PID = Run("sc.exe delete Sandbox", "", @SW_HIDE)
ProcessWaitClose($PID)
DirRemove(@AppDataDir & "\Sandbox",1)
FileDelete(@WindowsDir & "\sandboxie.ini")
RegDelete("HKEY_CURRENT_USER\Sandbox")
RegDelete("HKEY_CURRENT_USER\Software\tzuk")
RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\tzuk")

Exit

EndIf
MsgBox(0, "Error", "Put on Sandbox Folder -> " & $exefile )
Exit

listaspablo
Offline
Last seen: 18 years 5 months ago
Joined: 2006-01-18 09:23
Updates

Tzuk says in his forum:

"If you set the value Last_Version_Check in the key HKEY_CURRENT_USER\Software\tzuk\Sandboxie\Control to REG_BINARY containing exactly eight zero bytes, then this is treated as "never check for updates automatically"

http://sandboxie.com/phpbb/viewtopic.php?p=1161#1161

listaspablo
Offline
Last seen: 18 years 5 months ago
Joined: 2006-01-18 09:23
Sandboxie

Anyone interested on this?
It´s working, it will solve most of the problems with portable software, but no one has saw it...It will intercept all the modifications to the host system.
I hope some see this..

http://sandboxie.com/phpbb/viewtopic.php?t=198&postdays=0&postorder=asc&...

DigeratiPrime
Offline
Last seen: 17 years 10 months ago
Joined: 2005-12-11 20:55
I get an error...

Thank You listaspablo for your effort! Smile
I am having a little error, so let me explain what I did.

1) I used UniExtract to unpack the NSIS installer for v2.43. That way I could get the sandboxie files without needing to install it. I suspect this may have something to do with it.

2) I copied your code into txt file and renamed the extension to au3 and compiled with Aut2Exe. No problems there, Ive used Aut2Exe before.

3) I created an ini file with the code from here and put it in the Sandboxie folder:
http://sandboxie.com/phpbb/viewtopic.php?t=198&start=27

4) I copied my compiled au3 file to the Sandboxie folder and ran it. I get this error:
http://img92.imageshack.us/img92/7993/error3ou.png

*) this is what my Sandboxie folder looks like:
http://img108.imageshack.us/img108/1059/folder3bo.png

Any Idea?

listaspablo
Offline
Last seen: 18 years 5 months ago
Joined: 2006-01-18 09:23
Portable

Hi.
I didnt tried 2.43, it´s beta.
You need to rename SandboxieHelper32.dll to SandboxieHelper.dll, its been done
on installing buy not on extracting.
Save the ini file in unicode format with notepad.
Keep me informed if it works for you..

DigeratiPrime
Offline
Last seen: 17 years 10 months ago
Joined: 2005-12-11 20:55
ah i just needed to rename

ah i just needed to rename that dll and its working perfect.
Huge thanks, this is very awesome.

listaspablo
Offline
Last seen: 18 years 5 months ago
Joined: 2006-01-18 09:23
Update
DigeratiPrime
Offline
Last seen: 17 years 10 months ago
Joined: 2005-12-11 20:55
Thanks again listaspablo! I

Thanks again listaspablo! I am using it as a Limited User with RunAs and it works perfect Smile

MeTheGameMakingGuy
Offline
Last seen: 17 years 9 months ago
Joined: 2007-03-09 23:03
If we want

Sandboxie to be portable, the best way is to ASK the developers to make it portable. Launchers will not work under limited users because they have to edit registry keys and install the service, then take it out again. Launchers aren't good at services anyway.

I don't know if services can do something normal apps can't, but I can't see why the code for the Sandboxie Service can't be moved into the normal app.

Thank you for listening.

Topic locked