You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Long long time ago in a galaxy far far away it was possible to inject not only BSA dll, but some others also:
Antidel: https://www79.zippyshare.com/v/TqgoF9pH/file.html - simple addon tricking the program to prevent deletion of file. Very helpful when analyzing something that tries to delete all traces after run.
Sbiextra: https://www84.zippyshare.com/v/lnvKGG7X/file.html - DLL to block sandboxed processes from accessing information about processes running outside the sandbox, and to prevent them from reading the memory of any process not running in their same sandbox.
(Some additional info is attached in every archive).
I've tried to inject these good old modules but with no success.
Is it possible to implement these functionality?
The text was updated successfully, but these errors were encountered:
The new release has a function to hide selected host processes from sandboxed processes.
And in the modern sbie builds a sandboxed process shouldn't be able to read memory of unsandboxed processes.
So what aside of "prevent deletion of file" is still missing from the functionality of those dll's ?
Long long time ago in a galaxy far far away it was possible to inject not only BSA dll, but some others also:
Antidel: https://www79.zippyshare.com/v/TqgoF9pH/file.html - simple addon tricking the program to prevent deletion of file. Very helpful when analyzing something that tries to delete all traces after run.
SbieAKL: https://www78.zippyshare.com/v/63Q21Twz/file.html - is a dll used to block the keylogger and clipboard monitor which are sandboxed.
Sbiextra: https://www84.zippyshare.com/v/lnvKGG7X/file.html - DLL to block sandboxed processes from accessing information about processes running outside the sandbox, and to prevent them from reading the memory of any process not running in their same sandbox.
(Some additional info is attached in every archive).
I've tried to inject these good old modules but with no success.
Is it possible to implement these functionality?
The text was updated successfully, but these errors were encountered: