Sandboxie Plus (Sbie fork)

Discussion in 'sandboxing & virtualization' started by DavidXanatos, Apr 9, 2020.

  1. Survivor

    Survivor Registered Member

    Joined:
    Jul 11, 2020
    Posts:
    51
    Location:
    Land of Oz
    Yeah mate sorry, on it, back to the original 5.4.3 issue. So Buzzzzz no, not working anymore anything fails to start.
    Cannot start sandboxed service RpcSS (-1) and the old WERFAULT, even with sweet old Dishonored 2 and as well FireFox :eek:
    You successfully broke it again. :cool:
     
  2. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,455
    Location:
    Land of the Light
    Last edited: Sep 11, 2020
  3. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    66
    Location:
    uk
    5.43.3 working on my desptop pc (Win10 x64 v2004). Installed over 5.43.2 with no problems.

    It also installed on my Lenovo laptop (also Win10 x64 v2004) after removing 5.33.6 BUT it did not work. IIRC there was an error item or some such (probably werfault now I have seen post above) in Sbie Control when I ran eg Firefox. Reverted to 5.33.6 and all is well, but for the longer term obviously better if I can get a new version working.
     
  4. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    66
    Location:
    uk
    And it stopped working - Werfault.exe in Sbie control window. To be clear it was working (with Firefox) then stopped when I tried to load another bunch of tabs, and then wouldn't work at all.

    Had to uninstall and install 5.43.2 which is now working again.

    In case it is of help/relevance, I have Sbie installed in a non-standard location (C:\Program Files\utils\Sandboxie) and even though I specified that on installation for 5.43.3 as usual, on uninstall Windows seemed to think it was at C:\Program Files\Sandboxie, and there was also a leftover populated folder at C:\Program Files\utils\Sandboxie. With an earlier build I found a similar issue (it will be somewhere in this topic) and assumed I had made an error, but now I'm not so sure,
     
  5. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    612
    Location:
    Viena
    Splendid :D

    Than one more thing to test: https://drive.google.com/file/d/1-wRfKNrojguqCMaOCe7DqocdAnKsc104/view?usp=sharing
    Replace the SbieDll's from the 5.43.3 with the provided once and tell me if its working ok like this.

    Some background the change in the 5.43.3 build is that ine
    3. the hooking mechanism now nops out the area after the detour jump to resolve issues with hooking already hooked functions again (DLL + driver)

    It is strange that it breaks anything but apparently it does, this mechanism brings changes to the driver and the dll, the driver change does not do anything problematic it only returns an additional value telling how many bytes of the original function have been migrated to the trampoline.
    The DLL than overwrites some of the original function begin with a a jump to the trampoline code.
    The change in the DLL than looks how many relocated bytes haven't been used and replaces them with NOP opcodes.

    The test DLL skips the last part so assuming nothing strange happens with the passing of the new value from the driver it should fix the issue.

    Can you please test if with the changed DLL's the 5.43.3 also works fine.
     
  6. Muddy Bleach

    Muddy Bleach Registered Member

    Joined:
    Sep 11, 2020
    Posts:
    2
    Location:
    Minsk
    Psiphon 3 tunneling service cannot establish connection since ver. 5.43.0. :oops: Moreover, it hangs when trying to close the main window and does not respond any more. Worked nice until that update though.
    P.S. My OS is Win 8.1.
     
  7. caduser

    caduser Registered Member

    Joined:
    Aug 24, 2020
    Posts:
    5
    Location:
    Michigan USA
    Still on 5.33.6 but found another program that fails to install or update (I have it already previously installed on an old sandbox). TeamSpeak I run some tests on plugin so install in a sandbox but now it just stops so the last programs that behaved this way unpack files in to the temp folder so it seems anything that works that way now fails. It worked fine until Win 10 2014 update - build 190410. I wish I had figured out how to stay on 1809 (I have done now my old VMWARE blocks MS from updating until I remove it but it was not on this machine sadly).

    Is there any way to work around this install issue with sandboxie and current windows?

    Also since the windows update it runs way slower powerful machine but an sandboxed explorer window take a long time to open and freezes between every interaction many times ending with a GUPROXY issue. Wondering if that final sandboxie update contributed or if all windows incompatibilities?
     
    Last edited: Sep 11, 2020
  8. Survivor

    Survivor Registered Member

    Joined:
    Jul 11, 2020
    Posts:
    51
    Location:
    Land of Oz
    @DavidXanatos stopped service, copied DLL over. Tried Dishonored 2 and FireFox all good again, restarted again to be sure. It is 5.43.3 plus the DLL. All good again.

    It didn't all makes sense what you explained, so I searched a bit, was like :argh: when I found what NOP is. LOL Next was the trampoline...
    Well, so a trampoline is more or less, the encapsulating of the untrusted in the trusted, so it can only talk through the trusted one with the real world but not direct. As you might not need all of the opcodes, you null them (NOP) as they shouldn't be needed? Is this about correct? Sorry, I never did such coding, so this is blank but interesting. Hope this is not to stupid or blasting the sense of this forum. :isay:
     
    Last edited: Sep 11, 2020
  9. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    649
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,573
    Location:
    USA
    How do we install Sandboxie Plus? There's no installer. Do we use a previous installer, and then copy over the .dlls in the installation folder with the new ones?
     
  11. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    612
    Location:
    Viena
    Bug fix release resolving many issues, some of them introduced with the previous build.

    Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v0.4.1

    ChangeLog


    Added

    • added core version compatybility check to sandman UI
    • added shell integration options to SbiePlus
    Changed
    • SbieCtrl does not longer auto show the tutorian on first start
    • when hooking, the to the trampoline migrated section of the original function is not longer noped out
      -- it caused issues with unity games, will be investigated and re enabled later
    Fixed
    • fixed color issue with vertical tabs in dark mode
    • fixed wrong path separators when adding new forced folders
    • fixed directroy listing bug intriduced in 5.43
    • fixed issues with settings window when not being connected to driver
    • fixed issue when starting sandman ui as admin
    • fixed auto content delete not working with sandman ui
     
  12. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    612
    Location:
    Viena
    Could you please find me a application that I could download for free that fails with the 5.43.3 build without the dll.
    I would like to fix the mechanism properly and not just disable it, the nop'ing is necessary for the mechanism to be able to re hook some functions.
     
  13. Muddy Bleach

    Muddy Bleach Registered Member

    Joined:
    Sep 11, 2020
    Posts:
    2
    Location:
    Minsk
    A-a-a-nd... ta-dah! With 5.43.5 the issue with the Psiphon tunnel client is fixed again. I am not sure if you have responded to my feedback above among the other's complaints or it is just a happy coincidence. But thank you anyway!

    A propos. Could somebody explain what is the difference between starting programs placed in a sandbox folder directly or with a shortcut thereto and doing the same by choosing "run sandboxed" in the file context menu (no sandbox selection prompt appearing when the exectutable is already in a particular sandbox)? For a long time, I have noticed that those two options may produce very different effect. E.g. in some cases a program may immediately close or crash when doubleclicked in the Explorer but perform normally after choosing "run sandboxed" item in the context menu or vice versa.

    I cannot readily mention any downloadable examples of such programs to test them right now. but, after all, I have a couple of old games that behave the same way I described above.
     
  14. Survivor

    Survivor Registered Member

    Joined:
    Jul 11, 2020
    Posts:
    51
    Location:
    Land of Oz
    Edit: Forgot to first confirm all working now fine again.

    As Firefox showed the same not starting, werfault issue, just use this one. To check, nothing special needed. Let me know if you don't have the issue.

    Correction for your log:
    The problem with 5.43.3 was: No Program ran at the time, they all ran into the werfault and the cannot start Rpcss service errror. This error repeated itself, till you terminated the program.This bug was not isolated to unity games!​


    The unity game issue is the one where you have to either kill the SBIE Rpc, which exists for all SBIE versions on Win10. The problem is the SBIErpcss does have a process ID but doesn't get a thread. After about 4min, it does and all works fine.
    See post 465 and previous ones
    quote:
    If we will ever find the issue with the hanging issue for unity, well. Still the issue that the SBIERpcSs.exe gets no thread, which is resolved as described wait or kill.
    [​IMG]


    New bug, however I am not sure with which version it happened, as I used most times the legacy client. Today I used the new installer for plus to test. (The Plus is cool but kind of messy for day to day use IMO. Due to the cleanup need to have a clean picture. I would think an autoclean would be nice, check in settings. If you want to have more info, for testing, investigation, switch it off. For normal SBIE use, autoclean terminated programs in list.)


    Switchin API log on, firefox crashes, switching it back off, it starts fine.
    Seems to be isolated to FF, Pilgrims (unity game) no issue, Dishonored 2 no issue.


    And I forgot about the options bug I wrote about. Where you have the lights out effect.
    2020-09-12 14_59_34-Sandboxie Plus - 'GOG' Options.png
    This works now fine. Fixed in an earlier version.
     
    Last edited: Sep 12, 2020
  15. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    66
    Location:
    uk
    5.43.5 working on my desktop pc with Firefox :thumb: I'll add a "so far" this time though ;)
     
  16. Survivor

    Survivor Registered Member

    Joined:
    Jul 11, 2020
    Posts:
    51
    Location:
    Land of Oz

    Thanks Buster_BSA, so the trampoline is then the part, which contains the function code of the original, additional code if you want and the return procedure to the original, function, which then tells the calling program, all done, all good.
    While the orginal functions (DLL, class, object) code, now part of the trampoline, got replaced with the jumpcode to the trampoline.
    As the jump routine is smaller the rest of the not used code will be nulled (NOPs).
    Please excuse my rusty descriptions, I did code but don't seriously for years and never dealed with such things. Machine code is centuries ago tbh, Z80, 8080, 68xxx with 80286 and the complex memory map virtual addressing I gave up. LOL
    With C I constantly avoided ++ parts, as for me it wasn't any benefit. All the smart functions to make a class with clean interface for in and out, encapsulating it... :cool:
    Hope I find more time to look in Python, Rust maybe who knows...
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,060
    Location:
    The Netherlands
    It does have an installer, see link and scroll down. But you will first need to uninstall the original Sandboxie version. Perhaps you can install it on a virtual machine and tell me your findings. At the moment it's not really clear to me what advantages Sandboxie Plus has, would be cool if this was explained on the website. And I'm also hoping that security isn't being lowered or anything.

    https://github.com/sandboxie-plus/Sandboxie/releases/tag/v0.4.1
     
  18. Survivor

    Survivor Registered Member

    Joined:
    Jul 11, 2020
    Posts:
    51
    Location:
    Land of Oz
    In general and David can correct me, as first the options for the sandbox were sorted new, wherr before it was in a treeview on the left and you needed more clicks to come to some of those options. Some others came new already if I am not wrong like in other options, are some additional settings, but not sure.
    From what I see if you want to use sandboxie for a generic split of your system and the programs you want to isolate, both versions do more or less the same. If you use it for isolation of programs you want to investigate without harming your system, with different options and settings, also analyzing logs, or with a rightclick change some of the settings, the plus will be better. I guess in the long run, both might be available, but some options you will only have with SBIE plus, though the underlying drivers and dll's as I understood will be the same.

    @DavidXanatos check the other restrictions screen, there is a typo in the first restriction, unless specificaly opened, you miss the "s", just saw it. Not critical of course.
     
  19. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    354
    Location:
    .
    It's pretty darn clear actually, maybe take two seconds to compare the changelogs of the original Sandboxie vs. Sandboxie Plus, after that tell me you don't know the differences.
     
  20. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,713
    Location:
    Mexico
  21. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,713
    Location:
    Mexico
    Code:
    SBIE1231 Initialization failed for process  [C0000001 / 06]
    Sandboxie 5.43.5
    When I launch Chrome on Windows 8.1 x64.
    It pops up just once after launching it.
     
  22. estervantes

    estervantes Registered Member

    Joined:
    Nov 15, 2007
    Posts:
    48
    Angry responses like this inhibit people from asking questions.
     
  23. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,422
    Plus is the "portable" version of it. to get differences in detail just compare the source code by hash. otherwise, try to deal with the changelog offered by David.
     
  24. wahok

    wahok Registered Member

    Joined:
    Jul 30, 2020
    Posts:
    5
    Location:
    earth
    hi

    i uninstalled "sandboxie 5.33.3" (also erased all folders that were left) that worked perfectly & installed "SandboxieInstall64-v5.43.5.exe", at first it worked & then it started to show error:
    SBIE2101 Object name not found: \Sessions\1\BaseNamedObjects\ISWWH_BEACON@a24@EFR-controller, error CreateEvent (C0000022) access=001F0003 initialized=1

    2020-09-13_100649.png 2020-09-13_100952.png



    tried to reinstall but problem persists.
    tried to install the portable version but the same problem appeared.

    2020-09-13_101620.png


    that problem existed also in previous versions (those that came after 5.33.6).

    what works for now:
    used an acronis backup to restore the system & then installed the portable version of "Sandboxie-Plus-x64-v0.3.5.exe" & it works with the driver of 5.33.3, i have no idea if it is safe.

    once the error appears (it does not appear immediately) the only way to overcome it is to bring the system back using my acronis image, uninstalling does not solve the problem.

    win7 x64 + zonealarm free antivirus+firewall

    is that problem known to you ?
    is there any solution ?




    thanks
     
  25. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,422
    messages shows program PID reso´lve the program behiond the PID using a process manager - windows task manager, process explorer or ProcessHacker.
    uninstall and try again. ZA is one of those hooking DLL into processes and make programs not compatible to sandboxie.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.