MRXTO09 Posted April 5, 2014 Share Posted April 5, 2014 i've found this script in c++ bool IsitaSandBox() { unsigned char bBuffering; unsigned long aCreateProcesses = (unsigned long)GetProcAddress(GetModuleHandle("KERNEL32.dll"),"CreateProcessA"); ReadProcessMemory(GetCurrentProcesses(),(void *)aCreateProcesses, &bBuffering,1,0); if(bBuffering == 0xE9) { return 1; } else{ return 0; } } and i've tried to convert it but don't work why? Func __SandboxControl() Local $hModule = _WinAPI_GetModuleHandle("kernel32.dll") If $hModule Then Local $pFunction = _WinAPI_GetProcAddress($hModule, "CreateProcessA") $MemData = DllStructCreate("CHAR") $iRead = 4 $result = _WinAPI_ReadProcessMemory(_WinAPI_GetCurrentProcess(), $pFunction, DllStructGetPtr($MemData), 1, $iRead) If Hex(DllStructGetData($MemData, 1)) = 0xE9 Then Return True Else Return False EndIf EndIf EndFunc Link to comment Share on other sites More sharing options...
MotionFlex Posted April 5, 2014 Share Posted April 5, 2014 Don't hold me to this but i believe you have to manually add the "0x" to Hex().So what i mean is: "0x" & Hex(DllStructGetData($MemData, 1)) Link to comment Share on other sites More sharing options...
MRXTO09 Posted April 6, 2014 Author Share Posted April 6, 2014 tank you for this but there is another problem because the hex result is 0x0000000 and i don't know why Link to comment Share on other sites More sharing options...
MRXTO09 Posted April 6, 2014 Author Share Posted April 6, 2014 i've try with DllStructCreate("float") but in sandbox and out is the same result why? Link to comment Share on other sites More sharing options...
Unc3nZureD Posted April 6, 2014 Share Posted April 6, 2014 Well, It's not an exact answer, but here's my script to detect sandboxes: Func _IsSandbox() If WinGetText("Program Manager") = "0" Then Return True Else Return False EndIf EndFunc ( Note: It's a really simple method, but works on most of the public sandboxes, like sandboxie or avast. Naturally it isn't designed to work on Linux ) Link to comment Share on other sites More sharing options...
rcmaehl Posted April 6, 2014 Share Posted April 6, 2014 Well, It's not an exact answer, but here's my script to detect sandboxes: Func _IsSandbox() If WinGetText("Program Manager") = "0" Then Return True Else Return False EndIf EndFunc ( Note: It's a really simple method, but works on most of the public sandboxes, like sandboxie or avast. Naturally it isn't designed to work on Linux ) Linux can be detected through registry values, files, and bugs. I've included my _IsWine UDF to cover the gap, however there will be no single easy code that will detect ALL sandboxes. _IsWine.au3 My UDFs are generally for me. If they aren't updated for a while, it means I'm not using them myself. As soon as I start using them again, they'll get updated.My Projects WhyNotWin11Cisco Finesse, Github, IRC UDF, WindowEx UDF Link to comment Share on other sites More sharing options...
mesale0077 Posted April 6, 2014 Share Posted April 6, 2014 look '?do=embed' frameborder='0' data-embedContent>> Link to comment Share on other sites More sharing options...
MRXTO09 Posted April 7, 2014 Author Share Posted April 7, 2014 in this there is a problem because if the user don't have installed sandboxie in his computer autoit don't found the directopry and the _FileListArray don't work and have a error and this method work only in sandboxie Link to comment Share on other sites More sharing options...
MRXTO09 Posted April 7, 2014 Author Share Posted April 7, 2014 thanks i Well, It's not an exact answer, but here's my script to detect sandboxes: Func _IsSandbox() If WinGetText("Program Manager") = "0" Then Return True Else Return False EndIf EndFunc ( Note: It's a really simple method, but works on most of the public sandboxes, like sandboxie or avast. Naturally it isn't designed to work on Linux ) thanks i have resolved with If WinExists("[CLASS:Progman]") Then Return False Else Return True EndIf Link to comment Share on other sites More sharing options...
MRXTO09 Posted April 7, 2014 Author Share Posted April 7, 2014 Linux can be detected through registry values, files, and bugs. I've included my _IsWine UDF to cover the gap, however there will be no single easy code that will detect ALL sandboxes. _IsWine.au3 thanks i have added this UDF is very useful Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now