 |
 | SandDiff |  |
|
Buster
|
|
Hi.
I asked majoMo to include some new features in his tool but sadly he is not coding it himself, so I decided to try to code a similar tool. Iīm not a real coder so donīt be so hard with me. You can find my tool (I named it SandDiff meanwhile I donīt find a better name) here: http://www.megaupload.com/?d=BOA44FQ3 Itīs very simple to use: 1.- First you must define the path to the sandbox folder you want to process. e.g. Defaultbox would be something like: C:\SANDBOX\UserName\DefaultBox Here there is a difference with majoMoīs tool. His tool will process all sandboxes when checking for file differences. My tool only check for a specified sandbox. 2.- Before pressing "Step 1" button you must sandbox something, e.g. CALC.EXE. This is the way to initialize the comparision process. Itīs like the "before" state of the sandbox. 3.- Before pressing "Step 2" button you must sandbox whatever you want. When you are done terminate all proceses and then click the "Step 2" button. Then we will get the "after" state of the sandbox and we are ready to compare the "before" and the "after". 4.- File differences will be saved to FileDiff.TXT and registry differences to RegDiff.TXT. 2 new buttons will apear: one to launch a viewer to see file differences and other to launch a viewer to see registry differences. The viewer will be available meanwhile you donīt close the application or donīt restart it. After closing the tool several temporal files will be deleted and only FileDiff.TXT and RegDiff.TXT will remain on disk. The tool has a "Restart" function in the "Menu". That way you can do a new comparision without leaving the application. SandDiff will remember last used sandbox. For this the registry is used to store the required information. I plan to improve the tool. TODO list would be: + Feature to switch from registry to file differences and viceversa directly from viewer + Feature to exclude files and registry entries from differences If anyone has any other ideas just let me know. P.S. Next version will have enabled the folder browser button. |
|||||||||||
|
Last edited by Buster on Wed Sep 23, 2009 9:47 am; edited 1 time in total
|
|||||||||||||
 |
| |
|
Guest
|
|
Hi Buster.
Hey, it's pretty cool: reminds me a'la ZSoft Uninstaller for SBIE 
It worked ok for me, but unfortunately I've already seen some posts about software unprotection hacks (namely - trials) using SBIE and diff-tools... Anyway, I do think it really depends on people only. Cheers |
|||||||||||
|
|||||||||||||
|
| |
|
Buster
|
|
Donīt pay attention to everything you hear. |
|||||||||||||
|
|||||||||||||||
|
| |
|
user2
Guest
|
|
Very poor hosting
|
|||||||||||
|
|||||||||||||
|
| |
|
Buster
|
|
Do you mean megaupload, the host of the binary file? |
|||||||||||||
|
|||||||||||||||
|
| |
|
Ruhe
|
|
Hi Buster,
cool, thanks for this! 
- Is it by design that the user can enter text in the two viewer panes? What I mean, they aren't read-only.
Please change it, please don't use the registry. Store the data in the programs folder as ini/xml or whatever. - The button right of the edit field does nothing, thought it would open a "Select folder" dialog. - Start the program the first time and press the Step 1 button, an access violation window appears. - You should also mention that the sandbox option "Automatically delete contents of sandbox" has to be disabled. |
|||||||||||||
|
|||||||||||||||
|
| |
|
Buster
|
|
Iīm glad you like it.
Yes, itīs by design. I must change that, I know.
No problem.
Read my P.S. from my first post.
Only first time? Not on second and later?
I consider this tool is for advanced users. A user like that one does not need that kind of obvious information. |
|||||||||||||||||||||||
|
|||||||||||||||||||||||||
|
| |
|
Buster
|
|
I just uploaded a new release of SandDiff, version 1.01.
People interested can get it from: http://www.megaupload.com/?d=2WB3E6BP List of modifications and new features: + I changed the GUI a bit, mainly messages. + Version 1.01 does not save information to registry. Now itīs saved to an .INI file per request of Ruhe. + The button to launch a folder navigator works now. + Viewer panels are now read only. This mean you can not edit contents. + I added an option to keep "before" and "after" temporal files. They are used to generate FileDiff.TXT and RegDiff.TXT and they are in text format too. As they may be useful for someone I give the option to easily keep them. Just one note: The feature is to avoid deleting those files (RegHive1/RegHive2 and FileList1/FileList2) on exit. If someone does several processes the files should be kept manually. (just copy them apart) + I have added an option to simulate a totally empty Sandbox. (No registry values and only RegHive and RegHive.LOG files) So now SandDiff can compare differences between a sandbox in 2 different moments or the changes produced to a totally empty sandbox. + From this version the viewer is called from a single button. From inside the viewer the user can switch from File to Registry view and viceversa. + FileDiff.TXT is now more detailed. From version 1.01 it will show removed files (marked with a "-") and new files (marked with a "+" sign) Probably I miss something but thatīs more or less what I changed from version 1.0 to 1.01. Just let me know if anyone finds a bug or have any suggestion or feature request. In my TODO list I got: + Apart of showing deleted/new files I want to include a feature to compare file contents so modified files can be reported too: useful to catch virus file modifications. + I want to add a feature to exclude from differences user defined files and probably registry values too. |
|||||||||||
|
Last edited by Buster on Tue Sep 22, 2009 7:54 pm; edited 1 time in total
|
|||||||||||||
|
| |
|
Ruhe
|
|
In v1.01 everytime I press [Before], even after closing the app and restarting it.  |
|||||||||||||||
|
|||||||||||||||||
|
| |
|
Buster
|
|
|
|||||||||||
|
|||||||||||||
|
| |
|
Ruhe
|
|
Yes, fixed with 1.01 release 2 |
|||||||||||||
|
|||||||||||||||
|
| |
|
Buster
|
|
Ruhe has been so kind to host SandDiff.
Here you have the address to main page: http://sanddiff.qnea.de Here you have a link to last version: http://sanddiff.qnea.de/sanddiff.rar |
|||||||||||
|
|||||||||||||
|
| |
|
Buster
|
|
I thought that I would like that SandDiff becomes something more than just a program showing differences between 2 sandboxes.
My idea is to make a program that after comparing differences can evaluate if the sandboxed application(s) may have performed malicious actions. Before coding that part I want to finish the part getting differences. Iīm interested in active testers. Anyone? |
|||||||||||
|
|||||||||||||
|
| |
|
Ruhe
|
|
It would be funny to give it a try.
|
|||||||||||
|
|||||||||||||
|
| |
|
Buster
|
|
tzuk:
At common feature requests page (http://www.sandboxie.com/index.php?CommonFeatureRequests) you comment:
I pretend SandDiff covers that feature request. I hope you can help me with the feature request I just did. It would help me a lot! |
|||||||||||||
|
|||||||||||||||
|
 | SandDiff | |
|
||
Use the RSS feed to watch this topic for replies |
|
|