Sign in to follow this  
Followers 0
MRXTO09

sandbox control

10 posts in this topic

i've found this script in c++

bool IsitaSandBox()
{
   unsigned char bBuffering;
   unsigned long aCreateProcesses = (unsigned long)GetProcAddress(GetModuleHandle("KERNEL32.dll"),"CreateProcessA");
 
   ReadProcessMemory(GetCurrentProcesses(),(void *)aCreateProcesses, &bBuffering,1,0);
    
   if(bBuffering == 0xE9)
{
       return  1;
}
   else{
       return 0;
}

}

and i've tried to convert it but don't work why?

Func __SandboxControl()
    Local $hModule = _WinAPI_GetModuleHandle("kernel32.dll")
    If $hModule Then
        Local $pFunction = _WinAPI_GetProcAddress($hModule, "CreateProcessA")
        $MemData = DllStructCreate("CHAR")
        $iRead = 4
        $result = _WinAPI_ReadProcessMemory(_WinAPI_GetCurrentProcess(), $pFunction, DllStructGetPtr($MemData), 1, $iRead)
        If Hex(DllStructGetData($MemData, 1)) = 0xE9 Then
            Return True
        Else
            Return False
        EndIf
    EndIf
EndFunc

Share this post


Link to post
Share on other sites



Don't hold me to this but i believe you have to manually add the "0x" to Hex().So what i mean is:

"0x" & Hex(DllStructGetData($MemData, 1))

Share this post


Link to post
Share on other sites

tank you for this but there is another problem because the hex result is 0x0000000 and i don't know why

Share this post


Link to post
Share on other sites

i've try with DllStructCreate("float") but in sandbox and out is the same result why?

Share this post


Link to post
Share on other sites

Well, It's not an exact answer, but here's my script to detect sandboxes:

Func _IsSandbox()
    If WinGetText("Program Manager") = "0" Then
        Return True
    Else
        Return False
    EndIf
EndFunc

( Note: It's a really simple method, but works on most of the public sandboxes, like sandboxie or avast. Naturally it isn't designed to work on Linux :) )

Share this post


Link to post
Share on other sites

Well, It's not an exact answer, but here's my script to detect sandboxes:

Func _IsSandbox()
    If WinGetText("Program Manager") = "0" Then
        Return True
    Else
        Return False
    EndIf
EndFunc

( Note: It's a really simple method, but works on most of the public sandboxes, like sandboxie or avast. Naturally it isn't designed to work on Linux :) )

 

Linux can be detected through registry values, files, and bugs.

I've included my _IsWine UDF to cover the gap, however there will be no single easy code that will detect ALL sandboxes.

_IsWine.au3


My UDFs are generally for me. If they aren't updated for a while, it means I'm not using them myself. As soon as I start using them again, they'll get updated.

MY PROJECTS


Active: IRC UDF, WindowEx UDF
Discontinued: GithubBubbleSort UDF

Share this post


Link to post
Share on other sites

in this there is a problem because if the user don't have installed sandboxie in his computer autoit don't found the directopry and the _FileListArray don't work and have a error and this method work only in sandboxie

Share this post


Link to post
Share on other sites

thanks i

Well, It's not an exact answer, but here's my script to detect sandboxes:

Func _IsSandbox()
    If WinGetText("Program Manager") = "0" Then
        Return True
    Else
        Return False
    EndIf
EndFunc

( Note: It's a really simple method, but works on most of the public sandboxes, like sandboxie or avast. Naturally it isn't designed to work on Linux :) )

thanks i have resolved with

If WinExists("[CLASS:Progman]") Then
        Return False
    Else
        Return True
    EndIf

Share this post


Link to post
Share on other sites

Linux can be detected through registry values, files, and bugs.

I've included my _IsWine UDF to cover the gap, however there will be no single easy code that will detect ALL sandboxes.

attachicon.gif_IsWine.au3

thanks i have added this UDF is very useful

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0