熟悉SandBoxie开源代码优先 沙盒
熟悉SandBoxie开源代码优先
https://blog.csdn.net/blackorbird/article/details/105445807
沙盘英文名sandbox(sandboxie),也叫沙箱,顾名思义可以看做是一种容器,里面所做的一切都可以推倒重来。沙盘也为HIPS的一种,称为沙盘HIPS。
原理引用官方网站的一段话:电脑就像一张纸,程序的运行与改动,就像将字写在纸上。而Sandboxie就相当于在纸上放了块玻璃,程序的运行与改动就像写在了那块玻璃上,除去玻璃,纸上还是一点改变都没有的
Note: the core of Sandboxie are the driver, SbieDrv, the service, SbieSvc, and the injection DLL, SbieDll. Study these projects first.
Common (\apps\common). Builds common.lib which is used by the Control and Start projects. It contains some common GUI objects.
KmdUtil (\install\kmdutil). Builds KmdUtil.exe which is used during the installtion process. E.g. to start/stop the Sbie driver (SbieDrv.sys).
LowLevel (\core\low). Creates LowLevel.dll which is used in code injection. LowLevel.dll is embeded into SbieSvc.exe as a resource (see core\svc\lowlevel.rc for more information).
Parse (\msgs). Creates the Sbie messages files.
SandboxBITS (apps\com\BITS). Creates SandboxieBITS.exe (Background Intelligent Transfer Service).
SandboxCrypto (apps\com\Crypto). Creates SandboxieCrypto.exe.
SandboxieInstall (\install\release). Creates the combined x64/x86 installer SandboxieInstall.exe by combining the x64 & x86 installer binaries into a RC file. NOTE: SandboxieInstall is not built during the normal SLN build. It must be built manually after the x64 & x86 installers are completed.
SandboxRpcSs (\apps\com\RpcSs). Creates SandboxieRpcSs.exe, Sbie's wrapper for the Remote Procedure Call Sub-System.
SandboxWUAU (\apps\com\WUAU). Creates SandboxieWUAU.exe, Sbie's wrapper for the Windows Automatic Update Service (WUAUSERV).
SbieControl (\apps\control). Builds SbieCtrl.exe, the Sandboxie Control app that displays real-time sandboxed application activity.
SbieIni (\apps\ini). Creates SbieIni.exe, a utility for querying and updating the sandboxie.ini configuration file.
SboxDcomLaunch (\apps\com\DcomLaunch). Creates SandboxieDcomLaunch.exe
SboxDll (\core\dll). Creates the Sbie injection DLL. This DLL injects into every process running in the sandbox.
SboxDrv (\core\drv). Creates the Sbie kernel-mode driver.
SboxHostDll (\SboxHostDll). Builds the Sbie host injection DLL. This DLL is injected into host processes that must be redirected into the sandbox. Currently, the only app this is used for is MS Office. SboxHostDll.dll is injected into OfficeClickToRun.exe.
SboxMsg (\msgs). Creates SboxMsg.dll, which contains the Sbie user messages in various languages.
SboxSvc (\core\svc). Creates the Sbie service.
Start (\apps\start). Creates start.exe, which is used to start processes in the sandbox.
注:该系统的核心是驱动程序、SbieDrv、服务、SbieSvc和注入DLL、SbieDll。首先研究这些项目。
常见的(\应用程序\常见的)。构建由控制和启动项目使用的公共.lib。它包含了一些常见的GUI对象。
KmdUtil (\install\kmdutil).构建在安装过程中使用的KmdUtil.exe。例如,启动/停止Sbie驱动程序(SbieDrv.sys)。
LowLevel (\core\low).创建用于代码注入的LowLevel.dll。LowLevel.dll作为一种资源被嵌入到SbieSvc.exe中(有关更多信息,请参阅core\svc\lowlevel.rc)。
解析(\msgs)。创建Sbie消息文件。
SandboxBITS (apps\com\BITS).创建SandboxieBITS.exe(后台智能传输服务)。
SandboxCrypto (apps\com\Crypto).创建SandboxieCrypto.exe。
SandboxieInstall (\install\release).通过将x64和x86安装程序二进制文件组合到一个RC文件中,来创建组合后的x64/x86安装程序SandboxieInstall.exe。注意:在正常的SLN构建期间没有进行智能系统安装。它必须在x64和x86安装程序完成后手动构建。
SandboxRpcSs (\apps\com\RpcSs).为远程过程调用子系统创建Sbie的包装器SandboxieRpcSs.exe。
SandboxWUAU (\apps\com\WUAU).创建SandboxieWUAU.exe,Sbie的窗口自动更新服务(软件)包装。
SbieControl (\apps\control).构建SbieCtrl.exe,沙盒控制应用程序,显示实时沙箱应用程序活动。
SbieIni (\apps\ini).创建SbieIni.exe,一个用于查询和更新SbieIni.exe.ini配置文件的实用程序。
SboxDcomLaunch (\apps\com\DcomLaunch).已创建“SandboxieDcomLaunch.exe”
SboxDll (\core\dll).创建Sbie注入DLL。这个DLL被注入到在沙箱中运行的每个进程中。
SboxDrv (\core\drv).创建Sbie内核模式驱动程序。
SboxHostDll (\SboxHostDll).构建Sbie主机注入DLL。此DLL被注入到必须重定向到沙箱中的主机进程中。目前,它唯一使用的应用程序是MSOffice。SboxHostDll.dll被注入到OfficeClickToRun.exe中。
SboxMsg (\msgs).创建SboxMsg.dll,其中包含各种语言的Sbie用户消息。
SboxSvc (\core\svc).创建Sbie服务。
启动(应用程序\启动)。创建start.exe,它用于启动沙箱中的进程。