MRXTO09 Posted April 5, 2014 Posted April 5, 2014 i've found this script in c++ bool IsitaSandBox() { unsigned char bBuffering; unsigned long aCreateProcesses = (unsigned long)GetProcAddress(GetModuleHandle("KERNEL32.dll"),"CreateProcessA"); ReadProcessMemory(GetCurrentProcesses(),(void *)aCreateProcesses, &bBuffering,1,0); if(bBuffering == 0xE9) { return 1; } else{ return 0; } } and i've tried to convert it but don't work why? Func __SandboxControl() Local $hModule = _WinAPI_GetModuleHandle("kernel32.dll") If $hModule Then Local $pFunction = _WinAPI_GetProcAddress($hModule, "CreateProcessA") $MemData = DllStructCreate("CHAR") $iRead = 4 $result = _WinAPI_ReadProcessMemory(_WinAPI_GetCurrentProcess(), $pFunction, DllStructGetPtr($MemData), 1, $iRead) If Hex(DllStructGetData($MemData, 1)) = 0xE9 Then Return True Else Return False EndIf EndIf EndFunc
MotionFlex Posted April 5, 2014 Posted April 5, 2014 Don't hold me to this but i believe you have to manually add the "0x" to Hex().So what i mean is: "0x" & Hex(DllStructGetData($MemData, 1))
MRXTO09 Posted April 6, 2014 Author Posted April 6, 2014 tank you for this but there is another problem because the hex result is 0x0000000 and i don't know why
MRXTO09 Posted April 6, 2014 Author Posted April 6, 2014 i've try with DllStructCreate("float") but in sandbox and out is the same result why?
Unc3nZureD Posted April 6, 2014 Posted April 6, 2014 Well, It's not an exact answer, but here's my script to detect sandboxes: Func _IsSandbox() If WinGetText("Program Manager") = "0" Then Return True Else Return False EndIf EndFunc ( Note: It's a really simple method, but works on most of the public sandboxes, like sandboxie or avast. Naturally it isn't designed to work on Linux )
rcmaehl Posted April 6, 2014 Posted April 6, 2014 Well, It's not an exact answer, but here's my script to detect sandboxes: Func _IsSandbox() If WinGetText("Program Manager") = "0" Then Return True Else Return False EndIf EndFunc ( Note: It's a really simple method, but works on most of the public sandboxes, like sandboxie or avast. Naturally it isn't designed to work on Linux ) Linux can be detected through registry values, files, and bugs. I've included my _IsWine UDF to cover the gap, however there will be no single easy code that will detect ALL sandboxes. _IsWine.au3 My UDFs are generally for me. If they aren't updated for a while, it means I'm not using them myself. As soon as I start using them again, they'll get updated.My Projects WhyNotWin11Cisco Finesse, Github, IRC UDF, WindowEx UDF
mesale0077 Posted April 6, 2014 Posted April 6, 2014 look '?do=embed' frameborder='0' data-embedContent>>
MRXTO09 Posted April 7, 2014 Author Posted April 7, 2014 in this there is a problem because if the user don't have installed sandboxie in his computer autoit don't found the directopry and the _FileListArray don't work and have a error and this method work only in sandboxie
MRXTO09 Posted April 7, 2014 Author Posted April 7, 2014 thanks i Well, It's not an exact answer, but here's my script to detect sandboxes: Func _IsSandbox() If WinGetText("Program Manager") = "0" Then Return True Else Return False EndIf EndFunc ( Note: It's a really simple method, but works on most of the public sandboxes, like sandboxie or avast. Naturally it isn't designed to work on Linux ) thanks i have resolved with If WinExists("[CLASS:Progman]") Then Return False Else Return True EndIf
MRXTO09 Posted April 7, 2014 Author Posted April 7, 2014 Linux can be detected through registry values, files, and bugs. I've included my _IsWine UDF to cover the gap, however there will be no single easy code that will detect ALL sandboxes. _IsWine.au3 thanks i have added this UDF is very useful
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now