www.sandboxie.com :: View topic

Posted: Fri Mar 23, 2012 7:35 pm

Hey,
i got a Windows 7 64bit pc and using Sandboxie with chrome more since one year (i got a life time license)
Today i made an update from Sandboxie 3.64 64bit to 3.66 64bit with the result, that Sandboxie wouldn´t work with the latest version of Google Chrome (Built 17.0.963.83).

When i open Chrome after a few second came the message, that SANDBOXIE COM SERVICE (CrypSvc) wouldn´t work.

Any Idea?

Greetz Hexo

Posted: Fri Mar 23, 2012 8:31 pm

Hey,
it seems that the "Advanced process monitoring" of my Security Suite F-Secure Internet Security 2012 made the problem in the combination with Sandboxie and Chrome. When i disable the "Advanced process monitoring" of F-Secure everthing is working fine. If i enable "Advanced process monitoring":
1. Chrome wouldn´t work in the Sandbox
2. FireFox 11 works fine in the Sandbox
3. Opera works fine in the Sandbox
4. IE9 works fine in the Sandbox

So, only the Chrome Browser wouldn´t work.... in the Sandbox...

EDIT: In the Windows Event Viewer i found this message:

Quote:

Name der fehlerhaften Anwendung: SandboxieCrypto.exe, Version: 3.66.0.0, Zeitstempel: 0x4f6afb6f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651, Zeitstempel: 0x4e21213c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000338f5
ID des fehlerhaften Prozesses: 0x654
Startzeit der fehlerhaften Anwendung: 0x01cd09261949093e
Pfad der fehlerhaften Anwendung: C:\Program Files\Sandboxie\SandboxieCrypto.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung: 575885ba-7519-11e1-9759-ac4bf3d6cf06

Posted: Sat Mar 24, 2012 6:01 pm

Hexo wrote:

When i disable the "Advanced process monitoring" of F-Secure everthing is working fine.

Thanks for pinpointing the cause. I will try to reproduce the problem and post an update, hopefully as early as tomorrow.

Posted: Sun Mar 25, 2012 6:56 pm

I was able to reproduce the problem. Please check if this version fixes the problem:
http://www.sandboxie.com/SandboxieInstall64-367-01a.exe

The problem is really in F-Secure code. In case they are reading this, I will describe my findings. They inject some code into process startup sequence in order to load their fs-hook DLL into the process. This code uses the WriteProcessMemory API. For the fifth parameter to this API (lpNumberOfBytesWritten in the documentation) they pass a 32-bit parameter, when they should pass a 64-bit parameter. This works fine in the normal case when the stack is full of zeroes. But if the stack contains garbage data then the upper 32-bits of that 64-bit parameter is also gargage data. This causes the crash, and it only happen in 64-bit processes (and therefore only on 64-bit Windows).

The fix I put in place was for Sandboxie to reset the stack after it uses it, to emulate the state of the system before Sandboxie code ever had a chance to run and fill the stack with random garbage data.

Posted: Mon Mar 26, 2012 6:52 pm

Thank tzuk for the fast reply.
I have installed the "Bugfix" Version and it seems, that now everything is working fine.
I have post a link to this topic in the F-Secure Forum. Maybe they will read you answere.