Implement Registry Viewer / Editor with export option per sandbox

[gjf]

A small and extremely low priority feature request.

Sandboxie is nice in comparison of file created by some program inside. But it's a little bit tricky to see registry modification caused by sanboxed file.

I have solved the problem in following quick'n'dirty batch file that should be used for RegHive taken from appropriate sandbox:

REG LOAD HKLM\uuusandboxuuu RegHive
REG EXPORT HKLM\uuusandboxuuu sandbox.reg
REG UNLOAD HKLM\uuusandboxuuu
notepad sandbox.reg

Is it possible to implement natively a possibility of viewing such registry changes inside sandbox in a program itself?

[DavidXanatos]

possible sure but not super high priority

[Gitoffthelawn]

@gjf I haven't tried this tool in the context you request, but it could possibly be helpful:
https://www.nirsoft.net/utils/registry_changes_view.html

Please let us all know if it helps for this task.

[gjf]

@Gitoffthelawn I know about a number of registry comparison utilities - but we don't need them in this context as a RegHive is a difference in fact.
The aim is just to present RegHive in a readable format.

[DavidXanatos]

Would it be sufficient for you to have an option when right clicking on a sandbox to "export registry to file" that would mount the hive and dump it to a *.reg file?

[Gravityzwell]

My take is that is perfect. I wouldn't personally care since I long ago wrote some Python to mount the reg, export it, and also to sanitize it, removing the many redundant keys. Especially the ones sandboxie creates, but also irrelevant ones like MuiCache.

In fact this is one of my top uses for Sandboxie, I can quickly see just what an app added to the registry. I know about reg diff tools. Using Sandboxie is better, especially since I would have run an app through it anyway.

[gjf]

Would it be sufficient for you to have an option when right clicking on a sandbox to "export registry to file" that would mount the hive and dump it to a *.reg file?

I think yes.
As a feature it could be nice to add exclusions but it's not a first priority.

[AndhikaWB]

I tried some registry monitoring apps under Sandboxie-Plus and all of them has their own issue(s):

• RegistryChangesView - Complain not having enough privileges (even when being run as admin)
• RegShot - Stop responding indefinitely after reaching about 40.000 keys (need to force close)
• WhatChanged - Very slow scan but maybe work (I don't have the patience though)
• RegFromApp - Error when running executable that want to be monitored (upstream issue). Also if the executable use another (temporary) executable that writes to registry it may not be monitored (making it useless)

Being able to view registry changes from Sandboxie-Plus directly would be nice. Also there is old (abandoned) utility called SandboxDiff I think? I never use it so I don't know how it works but it can be a perfect example to implement it to Sandboxie-Plus.

EDIT: Forgot to mention that I'm using Windows 10 LTSC x64 (v1809 based Windows).

[gjf]

Being able to view registry changes from Sandboxie-Plus directly would be nice. Also there is old (abandoned) utility called SandboxDiff I think? I never use it so I don't know how it works but it can be a perfect example to implement it to Sandboxie-Plus.

1. Download the file: https://mir.cr/1YUHKTIZ
2. Extract reghive from the sandbox you want to test and copy it to folder where downloaded analyze_reg.exe was placed.
3. Run analyze_reg.exe and it will do the job.

[AndhikaWB]

Ah, now I understand. I thought uuusandboxuuu can be viewed directly using regedit inside the sandbox. Wondered why it doesn't appear in my case, silly me. Thanks for the tool @gjf. However, I don't like granting admin access when not needed so I use the good ol' RawReg instead (tree view only, can't export .reg file).

EDIT: Apparently RegistryViewer is also avaiable, can tree view the registry hive and export to .reg file.

[stdedos]

1. Download the file: mir.cr/1YUHKTIZ

Would've been nice if the sources were available too, and not just a binary.

[isaak654]

1. Download the file: mir.cr/1YUHKTIZ

Would've been nice if the sources were available too, and not just a binary.

@stdedos
I'm using SandboxToys2 on Classic 5.49.5 and the source code is currently available here.

Full documentation: here.

The only drawbacks I've noticed so far:

1. SandboxToys2 doesn't recognize sandboxes names with one or more spaces
2. SandboxToys2 cannot detect any sandbox with a custom FileRootPath blap/SandboxToys2#12

[stdedos]

1. Download the file: mir.cr/1YUHKTIZ

For everyone else that's bored to do accounts etc: SandboxToys2.zip

[boldcompany]

Would it be sufficient for you to have an option when right clicking on a sandbox to "export registry to file" that would mount the hive and dump it to a *.reg file?

This would be very helpful.

[monkeymoong]

Hello
i'm interesting by your idea because i would like to make symlink applications so i need folders and registry keys !
Do you manage to export registry keys from Sandboxie ? or perhaps you found another way to do that ?
i used Sanboxdiff several years ago but it's not updated anylonger !

[AndhikaWB]

Do you manage to export registry keys from Sandboxie ? or perhaps you found another way to do that ?

Some tools are already mentioned above. You may need to load the registry hive file manually (located in sandbox folder).

[Quissol]

« Also there is old (abandoned) utility called SandboxDiff I think?»

"SandboxDiff" utility works very well to see File and Registry changes in Sandboxie. It's a old utility but works like a charm for what was made!

SandboxDiff download here: https://vetusware.com/download/SandboxDiff/?id=16918

[stdedos]

Also there is old (abandoned) utility called SandboxDiff I think?

Yes - however IIRC there's no source code anywhere 😕
(or maybe there's one in one site, but you have to pay)

[user336598776]

https://github.com/user336598776/Convert-Sandboxie-RegHive-to-reg-file
using reg.exe and binmay.exe to convert Sandboxie "RegHive" file to reg(text) file on Windows XP/7/10/11.

Download 1: https://github.com/user336598776/Convert-Sandboxie-RegHive-to-reg-file/releases
Download 2: https://www.mediafire.com/folder/ut5ri54mc0op2/Sandboxie

[Usage]
1.Copy "RegHive" file to same location(path) of "RegHive_to_reg.bat" batch file.
2.Run "RegHive_to_reg.bat" as Administrator.
3."RegHive_reg.txt" text file created(saved).

sample result:

[Gitoffthelawn]

Greetings. The most recent reference I can find for binmay.exe (outside of GitHub pages which may just be copies of the old site) for that useful too is:
https://web.archive.org/web/20121023004318/http://www.filewut.com/spages/page.php/software/binmay

By any chance are you the original author or know where this tool is available from the original author?

Thank you.

[user336598776]

Greetings. The most recent reference I can find for binmay.exe (outside of GitHub pages which may just be copies of the old site) for that useful too is: https://web.archive.org/web/20121023004318/http://www.filewut.com/spages/page.php/software/binmay

By any chance are you the original author or know where this tool is available from the original author?

Thank you.

you can download binmay.exe from here now:
https://www.softpedia.com/get/Office-tools/Other-Office-Tools/Binmay.shtml

this exe is very old(20110615), the official site is down.

the sha256 of "binmay.exe" file is:
a6f95ff62963bef592f68df3f2274be07b05f564d108cde0a0c7aa003bb4a7e7

[blap]

1. Download the file: mir.cr/1YUHKTIZ

Would've been nice if the sources were available too, and not just a binary.

@stdedos I'm using SandboxToys2 on Classic 5.49.5 and it's still available a zip file with the source code here.

Full documentation: here.

The only drawback I noticed: SandboxToys2 doesn't recognize sandboxes names with one or more spaces.

Test this update: https://github.com/blap/SandboxToys2/releases
I am not a AHK programer, but I tried to solve this problem.

[isaak654]

Your update solved that issue, thank you @blap!

reports for v2.1

Further errors / typos

(operating system: Windows 10 21H2 x64)

1. Sandboxie/Sandboxie/msgs/Sbie-English-1033.txt

   Lines 800 to 802 in e823533

   	3204;txt;01
   	Invalid box name parameter: %2
   	.

It can be triggered in the following situations:

• when you right-click any sandbox from the SandboxToys2 menu -> Explore > Sandboxed
• when you right-click any sandbox from the SandboxToys2 menu -> Tools -> Command Prompt (sandboxed)
• when you right-click any sandbox from the SandboxToys2 menu -> Tools -> Programs and Features

2. the cmd prompt contains the error The filename, directory name, or volume label syntax is incorrect when you right-click any sandbox from the SandboxToys2 menu -> Tools -> Command Prompt (unsandboxed)

3. Typos to fix (meaningful instead of meaningfull):

• https://github.com/blap/SandboxToys2/blob/master/SandboxToys2.ahk#L1904
• https://github.com/blap/SandboxToys2/blob/master/SandboxToys2.ahk#L3196

Suggestions

1. prevent SandboxToys2 from autoclosing itself
2. add an Always on Top option

[blap]

Your update solved that issue, thank you @blap!
reports for v2.1

Updated.
Please, use https://github.com/blap/SandboxToys2 to not spam other people.
And thank you for your feeedback.

[stdedos]

Sorry for the spam, thank you @blap ❤️