Topic: how Sandbox it works?
Hi all!Who can tell how works mechanisms of sandbox? How can this be accomplished?
Last edited by nop-4 (2011-10-27 11:24:04)
Hi all!Who can tell how works mechanisms of sandbox? How can this be accomplished?
Last edited by nop-4 (2011-10-27 11:24:04)
Hi. I can suppose (I don't know whether my opinion is right, really) that sandbox technique is just using opcode tables. I mean every opcode member has a pointer to it's handler. Shortly it's software emulation of code, but it's not complete - I mean branch instructions - processor doesn't really execute the code, so not all instructions get defined.
How to deal with it? You can just detect it and stop doing suspicious things - that's all, to my mind.
Last edited by fasmotol (2011-10-27 13:25:51)
I think it is difficult to implement.
hooks may be used?
No. No hooks. I'm sure cause at rootkits.su subj has been discussed, so really it's just software emulation, nothing more.
It's not difficult to code, but sandboxes are dumb. The quality of emulation like that is very low.