Sandbox using WinAPI hooks

Question

Sandbox using WinAPI hooks

I would like to process my own code and use WinAPI and system functions to freeze or block this program from performing certain operations, such as reading / writing files, changing the Windows registry, and connecting to the Internet. Is this a good and safe way to do this? How difficult would it be for this program to bypass this level of security?

+2

security winapi hook sandbox native-code

user485332 Jan 2 '10 at 21:40

source share

3 answers

I checked your questions, and all of them are related to a task that seems invalid from the very beginning, and here's why: you are trying to protect one application, and you are ready to invent a wheel for this. There are several approaches (and many ready-made solutions) to solve your problem. Therefore, instead of coding, you need to look for existing solutions.

Approaches:

use Windows permissions to restrict access to your application resources
VMWare Parallels
SDK (, BoxedApp) "" .

+3

Eugene Mayevski 'Allied Bits 03 . '11 8:09

Antivirus applications try to solve almost the same problem without much success.
1. You will never know how to use even the most common operations.
2. There are system calls, so the program does not need to use winapi at all.

+1

Shelwien Jan 2 '10 at 22:01

source share

kellogs · Accepted Answer · 2011-01-02T22:03:29+0000

+1 to Hans, however, if you really get into it, I can recommend Easyhook . I personally used it successfully in Win XP, Vista and 7. I don’t know how to get around this, but there are other alternatives - madSHI hooks, and if you want to go through the official path, try Detours from Microsoft.

Sandbox using WinAPI hooks

More articles: