ProcessHacker, Integrity Levels and Sandboxie

Discussion in 'other software & services' started by m00nbl00d, Sep 10, 2011.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I've been playing with ProcessHacker and it has an option to run an application as a basic user. This will make the application run with a low integrity level and not medium.

    I tried Chromium, with the default integrity level (parent = medium, child = low), and ProcessHacker is able to make Chromium work with a low integrity level applied to all processes.

    It's still impossible to save files to medium/high integrity level areas, though. Which is where Sandboxie comes in. I'm forcing Chromium to run inside Sandboxie. Inside Sandboxie the low integrity level will propagate to any folder within the sandbox.

    I could also run Windows Media Player (also being forced to Sandboxie).

    But, I could not get Internet Explorer 9 to even start. It loads inside Sandboxie, but it automatically closes without even seeing the UI. If I try it outside Sandboxie, it won't run, at all.

    I'm still trying to figure out why it wouldn't run inside Sandboxie. Inside Sandboxie it would have all the needed permissions, because the low integrity level would propagate... :doubt:

    I need to see if I can automate some stuff to automatically start the low integrity level. Perhaps some batch file. Not sure if ProcessHacker would work like that, though. Maybe something the author could do, if it doesn't. :argh:

    Process Explorer allows the same, but when I tried Chromium, the browser crashed. It's buggy.

    Fun stuff. lol
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    IE9 and Sandboxie are incompatible unless you remove IE's protected mode.
     
  3. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Yes, Sandboxie automatically removes Protected Mode. Once in Sandboxie, IE9 gets a medium integrity level applied to all processes.

    But, I believe that running IE with an explicit low integrity level should make it work inside Sandboxie. Once in Sandboxie, IE's low integrity level would propagate to folders, files. Maybe something else is playing a role, which I'm not thinking about right now. :D

    Anyway, I'd like that ProcessHacker would have 3 different ILs implementations. Change Basic User to Restricted User (this makes more sense, since it applies a low integrity level), have a Basic User (= medium integrity level) and a Elevated User (= high IL, plus elevating with UAC). It would be nice to have the option to apply the flags NoReadUp, NoWriteUp and NoExecuteUp.

    I mean, why not evolve a bit. :D
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Some parts of Internet Explorer aren't designed to work with low integrity, even with Protected Mode on.
     
Loading...
Thread Status:
Not open for further replies.