#1
|
|||
|
|||
safeEngine sandboxie and vmware detection
Hello.
Anyone knows how to circumvent safeEngine's detection of sandboxie and/or vmware (Safengine version 2.4.0)? I have a target I wish to run as to extract some dlls embedded in it and I don't want to risk getting my debug machine messed up by malware (the file is risky as it is detected by *some* online virus scanners as being a trojan, it might be a false positive thoug...) Thank you in advance. Last edited by wassim_; 06-26-2018 at 06:17. |
#2
|
|||
|
|||
Hello,
I don't know of a ready solution, but I may have an idea how it may detect sandboxie. Since the 64bit version sandboxie, afaik it no longer uses the driver for access redirection but instead the injected DLL, the driver is only used to enforce access restrictions. So if I would try to detect if my application runs under sandboxie I would try to bypass possible redirection's implemented by dll hooking and compare the results with accessing files the normal way. Cheers David X. |
The Following User Says Thank You to DavidXanatos For This Useful Post: | ||
wassim_ (07-14-2018) |
#3
|
|||
|
|||
Quote:
|
The Following User Says Thank You to Megin For This Useful Post: | ||
wassim_ (07-14-2018) |
#4
|
|||
|
|||
Quote:
|
#5
|
|||
|
|||
I got that, I was just speculating out how it could check wether its in a sandbox or not. Using know limitations of the 64bit sandbixie implementation as i understand them.
|
Tags |
safeengine, sandboxie, vmware |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
How to hide VirtualBox, Virtual PC and VMware from Detection | ZeNiX | General Discussion | 3 | 04-08-2010 10:13 |