Git Product home page Git Product logo

sandbox-win32's Introduction

sandbox-win32

This is a testbed for researching the behaviour of code when running under a sandboxed Win32 process. At its core, it implements the ideas behind David LeBlanc's excellent series [1][2][3] of blog posts on the topic. As both the blog posts and the original revision of this code are rather dated at this point (2007 and 2013, respectively), I have continued to update the sandbox with additional features as Windows' security features continue to evolve.

The sandbox consists of two classes: WindowsSandbox and WindowsSandboxLauncher.

Any implementation of a sandboxed process needs to derive from WindowsSandbox and implement its virtual functions. OnPrivInit is executed while the sandboxed process is running with an impersonation token, imbuing the process with additional rights. Once OnPrivInit has finished executing, the sandbox reverts to its restricted token, adds itself to a job object, and then runs OnInit, which is where untrusted initialization code should be run. OnFini may also be implemented for cleanup code.

WindowsSandboxLauncher is used to prepare and launch the sandboxed process. WindowsSandbox does not provide sandboxing on its own, but only when used in tandem with WindowsSandboxLauncher.

Included Programs

proto was an experimental implementation of a sandbox for EME (now known as GMP) plug-ins. Its job was to load an untrusted DLL as a data file, verify that its entry point was set to NULL, and then run its (de)initialization routines.

comtest is the newest experiment to determine the behaviour of COM over RPC when communicating between a parent process with normal privileges and a sandboxed child process.

Building this software

This repository uses tup as its build system. Provided that the tup binaries are installed and available on your system PATH, you should be able to run tup from the repository's root directory and be able to build the binaries.

This code was written and successfully built using Visual C++ 2013 Community Edition. It requires Windows SDK version 10.0.10586.0 in order to correctly build with the latest Windows 10 security features.

sandbox-win32's People

Contributors

dblohm7 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.