Question

I'd like to sandbox a native code and use hooking of WinAPI and system functions to block or allow this program to perform some operations like reading/writing files, modify Windows registry, using an Internet connection. Is it a good and secure way to do so? How difficult would it be for that program to bypass such a security layer?

Was it helpful?

Solution

+1 to Hans, however if you are really into it then I can recommend Easyhook. I have personally used it successfully in Win XP, Vista and 7. I don't know how bypassable it is but other alternatives do exist - madSHI hooks, and, if you want to go the official way, try Detours from Microsoft.

OTHER TIPS

I've checked your questions and they all are related to the task that seems to be invalid from the very beginning, and here's why: you are trying to secure one application and you are ready to reinvent the wheel for this. There exist several approaches (and many ready-made solutions) to solve your problem. So instead of coding you need to look at existing solutions.

The approaches are:

  1. use Windows permissions to restrict access of your application to resources
  2. take take VMWare or Parallels or other virtualization platform and run your program there
  3. take sandboxing SDK (such as BoxedApp) and "wrap" your application.

Antivirus apps try to solve nearly the same problem, without much success.
1. You'd never know how even most common operations can be used.
2. There're syscalls, so the program doesn't have to use winapi at all.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top