SnDPhoenix:
Thanks indeed! . I'll take a look at Inctrl first. I was in a mess with the registry hive of my sandboxes, let's see If I can clarify things this way. I was planning to use rolback features to remove crap traces left behind by software, dirty uninstallers... I prefer this ghost-back much more than deleting the sandbox and reinstalling, wich is harmful with big programs. For further information on trash keys please visit:
http://www.databack4u.com/
(it's a legal program athough it doesn't look like being)
Note: someday, somewhere, we should paste links to useful software related to Sbie, DebugView for instance.

There is something I don't understand in Tzuk's method.

Why do we need to export the rehistry keys? We could as well archive the whole content of the sandbox, and restore it later, including the RegHive file, no?

I agree that the RegHive file is not editable, and therefore it is impossible to export the box to another computer or user, but for simple backup purposes, restoring everything as it was in the box at the time of the backup should be sufficient. If I'm right, the procedure is very simple. Be sure to terminate everything running in the box, and compress it in a ZIP file. To restore the box, begin by erasing its current contents, and restore the backup. That's all. Or am I wrong?

I'm using AutoExec to uncompress the zip file, to restore the sandbox from the context of the very same sandbox. This means an empty RegHive file was already created, mounted, and is in use, so I had to find an alternative method to populate the registry hive: By using regedit.

If you're going to invoke the restore yourself, from outside the sandbox, then you're right that you can just backup and restore the RegHive file itself

OK, thanks for the clarification.

But I have another question, indirectly related to the backup method.

I have noticed that when a registry key is deleted by a sandboxed program, the key remains in the unsandboxed registry (that's normal) and is simply emptied in the sandboxed version of the same key. I suppose that the sandboxed version takes precedence, and that the original values are hidden to the sandboxed applications. Right?

Thus my question: does Sandboxie use a similar method to hide deleted files and folders to the sandboxed applications?

For example, let's say "fileA" and "fileB" exists in "directoryD" outside the sandbox. There are no other files in the directory. If a sandboxed program deletes "fileA" and "fileB", or deletes completely "directoryD", those files should not be accessible any more But of course, Sandboxie cannot delete the original files. So, how does it hide them? Is it sufficient to create an empty mirror of "directoryD" in the sandbox? In other words, the question is: is it important to keep the empty directories (and possibly the empty files) in the archive?

This question is important to know if ye can use the option of the archiver that skips the empty directories, and doesn't add them in the archive, and if we can safely delete the empty files before doing the backup.

Zero size files are not always considered deleted. Empty directories or empty registry keys are not always considered deleted. It has to do with the date of the file or key. See here.

I see.

BTW, on the subject of "deleted" files, I have a request. Could you mark it as deleted with your magic creation date trick ONLY when the file exists in the corresponding directory outside of the box, and delete it completely otherwise? As I have explained elsewhere, Skype, for instance, creates a lot of temp files that are only zeroed and marked with your magic creation date. However, they do not have equivalents out of the box. After some days, there are thousands of empty files in the %TEMP% folder of the box!
Maybe the same method should be applied also to the registry keys.

And a question: how can I examine the creation date of a registry key?

I already answered your question about deleting files instead of marking them deleted. But you may have missed it because it was edited into the reply:

http://www.sandboxie.com/phpbb/viewtopic.php?t=2034&start=16

There is no creation date for a registry key, the delete mark is stored in the last-write-time that you can retrieve by using RegQueryInfoKey.

OK, I've replied in the other thread. Sorry to have missed the edit!

BTW, as this is the main subject of this thread, I must say here that SandboxToys has now a simple tool to create automatically a backup of any non-empty sandbox to a ZIP file. There is currently no function to restore the backup automatically, but it is easy enough to do that manually.

Good news!, thanks r0lZ. Easier handling of sandboxes.

It seems registered users can duplicate sandboxies. That is, they can just create a default sandbox and never actually use it (except to duplicate in order to start a new sandbox).

That's a good idea lwc, and it isn't even limited to registered users. Unregistered Sandboxie supports multiple sandboxes just fine -- as long as you don't run programs in more than one sandbox at the same time -- and your solution doesn't require that.

Nice idea to limit just parallel work and not the general idea of parallel sandboxes. At least I know this now.

Anyway, could you answer the two questions in the duplication link (a "duplicate" feature and the best way to do it until then)? Thanks.

(deleted)

the amazing thing is that all the changes that is done to sbInstall is in sbRun
so if i delete content of the sbRun its like rollback to the sbInstall.

am I wrong?

lwc -- I'm happy to see people experimenting with and using Sandboxie in all kinds of unplanned ways, after all that's exactly the idea of open-ended stuff like AutoExec. I hope you will be able to conclude the experiment on your own.

yakir -- I had to delete your comment. Undoubtedly there are people who use Sandboxie in the way that you seem to want to use it, but I won't allow such explicit discussions on my forum. I'm sorry. In the future try to be more vague about it.

Is there a hope about RollBack function in the next future ?
Thanks.