sandbox control

MRXTO09 · April 5, 2014

i've found this script in c++

bool IsitaSandBox()
{
   unsigned char bBuffering;
   unsigned long aCreateProcesses = (unsigned long)GetProcAddress(GetModuleHandle("KERNEL32.dll"),"CreateProcessA");
 
   ReadProcessMemory(GetCurrentProcesses(),(void *)aCreateProcesses, &bBuffering,1,0);
    
   if(bBuffering == 0xE9)
{
       return  1;
}
   else{
       return 0;
}

}

and i've tried to convert it but don't work why?

Func __SandboxControl()
    Local $hModule = _WinAPI_GetModuleHandle("kernel32.dll")
    If $hModule Then
        Local $pFunction = _WinAPI_GetProcAddress($hModule, "CreateProcessA")
        $MemData = DllStructCreate("CHAR")
        $iRead = 4
        $result = _WinAPI_ReadProcessMemory(_WinAPI_GetCurrentProcess(), $pFunction, DllStructGetPtr($MemData), 1, $iRead)
        If Hex(DllStructGetData($MemData, 1)) = 0xE9 Then
            Return True
        Else
            Return False
        EndIf
    EndIf
EndFunc

MotionFlex · April 5, 2014

Don't hold me to this but i believe you have to manually add the "0x" to Hex().So what i mean is:

"0x" & Hex(DllStructGetData($MemData, 1))

MRXTO09 · April 6, 2014

tank you for this but there is another problem because the hex result is 0x0000000 and i don't know why

MRXTO09 · April 6, 2014

i've try with DllStructCreate("float") but in sandbox and out is the same result why?

Unc3nZureD · April 6, 2014

Well, It's not an exact answer, but here's my script to detect sandboxes:

Func _IsSandbox()
    If WinGetText("Program Manager") = "0" Then
        Return True
    Else
        Return False
    EndIf
EndFunc

( Note: It's a really simple method, but works on most of the public sandboxes, like sandboxie or avast. Naturally it isn't designed to work on Linux )

rcmaehl · April 6, 2014

Well, It's not an exact answer, but here's my script to detect sandboxes:
Func _IsSandbox()
    If WinGetText("Program Manager") = "0" Then
        Return True
    Else
        Return False
    EndIf
EndFunc
( Note: It's a really simple method, but works on most of the public sandboxes, like sandboxie or avast. Naturally it isn't designed to work on Linux )

Linux can be detected through registry values, files, and bugs.

I've included my _IsWine UDF to cover the gap, however there will be no single easy code that will detect ALL sandboxes.

_IsWine.au3

mesale0077 · April 6, 2014

look

'?do=embed' frameborder='0' data-embedContent>>

MRXTO09 · April 7, 2014

in this there is a problem because if the user don't have installed sandboxie in his computer autoit don't found the directopry and the _FileListArray don't work and have a error and this method work only in sandboxie

MRXTO09 · April 7, 2014

thanks i

Well, It's not an exact answer, but here's my script to detect sandboxes:
Func _IsSandbox()
    If WinGetText("Program Manager") = "0" Then
        Return True
    Else
        Return False
    EndIf
EndFunc
( Note: It's a really simple method, but works on most of the public sandboxes, like sandboxie or avast. Naturally it isn't designed to work on Linux )

thanks i have resolved with

If WinExists("[CLASS:Progman]") Then
        Return False
    Else
        Return True
    EndIf

MRXTO09 · April 7, 2014

Linux can be detected through registry values, files, and bugs.

I've included my _IsWine UDF to cover the gap, however there will be no single easy code that will detect ALL sandboxes.

_IsWine.au3

thanks i have added this UDF is very useful

sandbox control

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members