Hi.
I wish to create a program that will run an executable, and then act as a container for that running executable.
My program should be able to pass the executable fake system information, such as "System Time", and block it from any internet access.
I am working with C# under windows.
What is the best method to accomplish this? Is there a name for programs that do this?
Thankyou for your time, forum-ers!
Programming a container for executables?
[quote name='The Batfrog' timestamp='1328668282' post='4910738']
Is there a name for programs that do this?
Broadly speaking it's a form of sandbox.
[/quote]
Ah! That looks like it!
I'll do some general research on creating sandboxes.
Any ideas on how to implement a sandbox with network access restriction and system information spoofing?
Would the "AppDomain" class be of any help?
[quote name='ApochPiQ' timestamp='1328678556' post='4910784']
Are we talking about arbitrary applications, or just one specific one?
Arbitrary.
[/quote]
Then what you want is called a "virtual machine"
Then what you want is called a "virtual machine"
Thankyou
However, I feel as though using a virtual machine would be unnecessarily computationally expensive, as it would involve running an entire operating system inside the VM.
I imagine there must be a lighter alternative by running the executable through a simpler sandbox, and intercepting kernel API calls such as GetSystemTime.
Is this at all possible?
Can you just hook the Win32 API calls using Detours (or you could do the same thing yourself)?
Can you just hook the Win32 API calls using Detours (or you could do the same thing yourself)?
This 'hooking' looks like exactly what I'm trying to do! YAY!
A couple of questions:
- Is hooking Win32 API calls with my own code (without Detours) relatively easy?
- What's the best way to block network access to a sandboxed executable?
"best"?
Run it on a machine with no network connection.... obviously.
But could we just back up slightly -- why do you want to do this?
Run it on a machine with no network connection.... obviously.
But could we just back up slightly -- why do you want to do this?
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement