Sandboxie-Plus v1.2.1,v1.2.2,v1.2.3

Thanks. I found it right away. However, just as with the Template.ini file in my previous post, I got that same error message (expectedly!) when I clicked on Upload a File and selected the Sandboxie.ini file! (??)

(I must not be the first one to have shared that file with you, I suppose.)

 

I disable the MS security software (defender and windows firewall) and use Tinywall instead. It does not have the inexplicable behavior
of changing it's setting after an update like the windows firewall does.

Other than SBIE that's pretty much it. I do use group policy to disable some features and turn of many services, mostly related to networking because my desktop is a standalone system.

I'm not sure what hooking is honestly. Does it require internet access? I restrict my svchost to the local network which leads to a very large number of blocked entries in my logs. I'll look at my event viewer but that is often filled with various complaints that can be hard to sort through.

Thank you for the help on this.

 

Admittedly I'm not super familiar with this forum software but maybe you can work around it by making a copy with a different file extension, e.g. Sandboxie.txt and then upload that.
(Or maybe just copy the contents and paste it into a code block)

 

Function hooking is the process of redirecting a 3rd party function call through an own function which can modify the parameters or do whatever. Sandboxie does this to a myriad of windows API calls to facilitate virtualization and enable compatibility with the restricted state of the process.

It does not have anything to do with internet or networking, I'm really puzzled why the new hooking mechanism fails for you but not for other users.

 

Please update again to the newest build and try replacing the sbiedll.d.. with this one: xanasoft.com/Downloads/SbieDll_test1.zip
this wil not fix anythign but the error message the one with 888 should contain a second value, please post the messages you get with the new build

 

@DavidXanatos

@dodo1 Thanks for your suggestion! I am not sure I actually did what you suggested, but it gave me the idea to copy/paste the content of the Sandboxie.ini file into a new ".txt" file (@DavidXanatos: see attached file)

I hope this does the trick!

 

I updated but when I went into the folder to delete the .dll and replace, it required admin priveleges which I don't have for some reason?

I have had rights issues before, not sure why.

I changed the security to allow users to delete the .dll but it would not delete. I'll do some investigation here, maybe a reboot.

 

you need to stop the sandboxie service before you can overwrite the dll
you can do that from an admin cmd promot with net stop sbiesvc
if you have office installed you may first need to kill the click to run service

 

Man, I've had an adventure tonight. Had to uninstall/reinstall SBIE and I still cannot replace the .dll file

When I run Chrome unsandboxed (I saved a shortcut for updating purposes) it runs fine.

If I click the quickstart icon I get this:


Ever seen this before?

EDIT: Ignore this, a reboot solved this problem but I still cannot replace the dll file no matter what I do.

 

as test: Hardened with Data Protection sbox

1.2.3

 

use this menu command to stop all sandboxie cmpoments:


than you should be able to replace the dll

 

hmm strange for me it starts,
a thing you can always try is to first run without data protection to create nececery fodlers then make a snapshot and switch data protection on

 

Yes, UsePrivacyMode=n -> create necessary folders -> UsePrivacyMode=y = works.
Not sure how/when/why to use snapshots.
Is this for multiple snapshots of the same sbox?

Yes, UsePrivacyMode=n -> create necessary folders -> Snapshot -> UsePrivacyMode=y = works.
#60 remains head scratch.

 

Could you test by deleting boxed folders one by one which fodlers are required?
strange enough on my test machine it works wit an fully empty private box

 

I also have trouble with the reworked hook management! On my Windows 10 system, an Opera browser installed into a sandbox crashes with a BSoD! If I try the same in a Windows 11 VM, the system does not crash, but the error messages already mentioned here are triggered.

Please also have a look here: https://www.wilderssecurity.com/threads/sandboxie-plus-v1-2-1-v1-2-2-v1-2-3.445923/#post-3092407

(By the way, all other tested applications work flawlessly. I don't know why the Opera browser, which is installed into a sandbox, is affected by a BSoD.)

 

Sorry, do you mean delete "drive" or "user" folder...as test?
Or, do you mean drill down "drive" or "user" folder for a boxed folder to delete...as test?

 

Man, this is frustrating. This morning after boot I was finally able to delete the original dll file, but the new one will not copy in the sandboxie folder. If I drag it, it does not move, if I do a copy and paste it fails. The original dll will not restore from the trash either.

I'll try a reboot now. Then another uninstall/install I guess.

Hooking issues don't seem so bad now.

 

@g17 so whats the status did you manage to replace teh dll?
whats the error message now?

 

I have tried the modified DLL in my VM. Now only the following two error messages are displayed:

opera.exe (5536): SBIE2303 Kein Hook möglich für NetUseAdd (888, 1)
opera.exe (5536): SBIE2318 DLL Initialisierung fehlgeschlagen für 'wkscli.dll'

What I noticed during my tests with the VM is that the issue does not always occur. Sometimes there are the error messages after a complete restart of Windows and sometimes not...

Please also have a look here:
https://www.wilderssecurity.com/thr...-2-1-v1-2-2-v1-2-3.445923/page-3#post-3092914
https://www.wilderssecurity.com/threads/sandboxie-plus-v1-2-1-v1-2-2-v1-2-3.445923/#post-3092407

 

I cannot get that dll to copy to the folder no matter what I do.

I picked a bad week to stop sniffing glue. Thanks for the help, my system is obviously the problem here.

Maybe someone else can try it, I see APMichael already has. I am still seeing the errors though not consistently or frequently.

 

hmm..... (888, 1) is suspiciouse if you have only one other entry in the vtable map it is strange that no otehr can be allocated within the requried range.
I was thinking you would rrather for some reason run into a high count of alocated vtables and that would cause the issue.

 

@APMichael
please try out this test dll xanasoft.com/Downloads/SbieDll_test2.zip and post the same log lines

 

also test xanasoft.com/Downloads/SbieDll_test3.zip it may fix the issue

 

Thank you for the replies.

Here are the error messages of the DLL 2:

opera.exe ( 4348 ): SBIE2303 Kein Hook möglich für NetUseAdd (888, 20)
opera.exe ( 4348 ): SBIE2318 DLL Initialisierung fehlgeschlagen für 'wkscli.dll'

With DLL 3 no error messages have been triggered so far.

BUT: Unfortunately, launching Opera on my non-VM Windows 10 still causes the Blue Screen!

 

hmm... ok one bug fixed one more to go....
So this opera BSOD does this happen with the 1.2.x builds only or with older builds as well, what is the last build which does not have this issue?
do you have any memory dumps from he BSOD you could send me?