I installed Sandboxie 2.85 on my laptop (Windows 2k SP4, 256MB,Pentium III) and find that in I'm running anything in Sandboxie, it isn't long before the laptop locks up. Locking up might not be the correct description: I can move the mouse cursor, but cannot close programs. If I press ctrl-alt-del and select Task Manger (in the hope of shutting down programs), the taskbar at the bottom of the screen goes blank, hard-drive activity all but stops and the only way to sort things out is to do a hard reboot.

Sometimes it'll ahppen after 5 or ten minutes of browsing. At other times it might happen with, for example, Outlook Express open in Snadboxie but inactive in the background and I open Windows Help or Windows Explorer (non-sandboxed). The common theme appears only that a program is open (active or inactive) in Sandboxie.


Any suggestions please.

Thanks

Martin

Can you think of any other program that may conflict with Sandboxie and cause this?

Try to think about programs (or even hardware) that only you, in particular, may have.

Good idea.

I'll troubleshoot and see if I can locate the dodgy application/hardware and report back in a few days.

Once again, many thanks for your help and concern.

Martin

I might possibly be homing in on the problem but would appreciate some assistance. I stopped all startup applications except the firewall and that made no difference. I also took care of a couple of error messages that showed in Event Viewer. But I think the problem appears to be with Outlook Express.

Since then I have now installed verion 2.86. Outlook Express now takes much longer to load in Sandboxie than version 2.85 (which still took an abnormal amount of time to load) (O.E. starts to open as usual but the pane that fills the right hand two thirds of the window remains blank with the hourglass showing for at least a minute), but I have noticed something possibly odd and would really appreciate if someone could tell me if this is normal.

When I looked at the connection properties in O.E. : Tools>Options>Connections then, partway down, Internet Connection Settings and press the button marked Change, the tab Internet Connection Properties shows that the Dialup and Virtual Private Network Settings box is blank, whereas if I do the same to O.E. NOT running in Sandboxie, my dialup ISP shows and all the settings are accessible.

(Of course, Internet Explorer in Sandboxie also shows a blank box under Dialup and Virtual Private Network Settings, but I.E. seems to load just as fast in Sandboxie as it does non-saNdboxed.)

Is it normal to see a blank Dialup and Virtual Private Network Settings box in sandboxed OE and IE?

Thanks

For me it's always blank, either inside or outside sandbox. But you were initially talking about your computer locking up, so I'm at a loss as to why you're looking into VPN settings.

Hi,

I'm using dialup so my ISP dialup properties (DUN file?) are in the Dialup and VPN settings box. I'm guessing that you're on broadband and therefore always see an empty section.

The reason that I was rooting around in there is that Outlook Express seems to be the program that locks up; sometimes after a very short while and sometimes after a few minutes. And since installing 2.86, it now takes one-and-a-half minutes to fully load after opening OE (the right-hand two-thirds of the O.E. window remains blank with the hourglass showing). (Under 2.85, it still took a long time to fully load, but not 90 seconds.) And in looking for a possible cause for these problems, I noticed the discrepancy between the sandboxed O.E. and the non-sandboxed O.E. and wondered if it was normal.

Martin

Hi tzuk,

(000828) SBIE (FA) C0100080.01.00000040 \Device\NamedPipe\_Sandbox_Martin_Rubenstein_DefaultBox_Session_0\ntsvcs


The above is the entry in Debugview immediately prior to Outlook Express taking 90 seconds to finish loading the OE window.

Can you see anything in there to account for such a long time being taken to load Outlook Express?

Many thanks

Martin

Adding to my last post, I think I should have included the last 2 entries in Debugview, as I see that last but one entry is a denial:

(000812) SBIE (FD) 00000001.0F.FFFFFFFF \Device\NamedPipe\ntsvcs

(000812) SBIE (FA) C0100080.01.00000040 \Device\NamedPipe\_Sandbox_Martin_Rubenstein_DefaultBox_Session_0\ntsvcs


If the denial of access to ntsvcs could be the cause of my problem, can you tell me how to correct it please?

Dear tzuk,

Based on my last e-mail and your web page "Open Pipe Path", I inserted

OpenPipePath=\Device\NamedPipe\ntsvcs

into Sandboxie.ini and now Outlook Express loads in normal time i.e. doesn't hang for 90 seconds and, on initial investigation, seems to be stable. If it no longer crashes then the problem is solved.

But, to what degree have I compromised my system with this addition?

Thanks

Martin

i doubt you've compromised your system and/or security in any way seeing as the pipe ntsvcs is related to "Plug and Play" and according to a description on ntsvcs, the \pipe\ntsvcs named pipe endpoint is usually used to reach the pnp (Plug n Play) interface.

Actually ntsvcs is the channel to talk to the system service control manager (SCM), but I would also say, it isn't a big compromise.

A better solution is that you use a debugger on OE at the time when it is hanging, and you tell me, which function OE is trying to use. If you don't know how to use a debugger I can explain what has to be done.

If you'd like to try it, then first you need to install WinDbg from Microsoft:

http://msdl.microsoft.com/download/symbols/debuggers/dbg_x86_6.7.05.0.exe

wouldnt it be better and easier to use Ollydbg instead of WinDbg? But whatever your most used to i guess.

I'll give it a go, but having read about it on http://www.microsoft.com/whdc/devtools/debugging/debugstart.mspx I might struggle a bit.

Just out of interest, what does this debugger do that the Sandboxie trace and DebugView that I used didn't do?

It will tell us which Windows function it is that OE is trying to invoke.

Since Sandboxie is blocking access to that SCM component, it also has to provide helper functions for dealing with SCM. Because some apps do want to talk to that component.

In this case, it seems OE is trying to talk to SCM through a function for which there is no Sandboxie helper. That's why OE tries to access the blocked 'ntsvcs', and fails.

With the debugger, we'll see which function it is, and I'll 'fake' it too.

* * *

To provide the information, you need to start OE sandboxed so it hangs. Look in Sandboxie Control and note the process ID.

Now invoke Windbg from the command line:

\path\to\windbg -p processID

Then type into the Windbg input box:

~* k 99

And post what you get.

Dear tzuk,

I am way out of my depth here: I downloaded WinDbg but I really haven't got a clue how to use it. Nevertheless, I opened WinDbg and then ran Outlook Express from Sandboxie (having removed the fix: OpenPipePath=\Device\NamedPipe\ntsvcs from the ini file). I then quickly opened the WinDbg File menu and clicked on Attach to a Process and selected msimn.exe.

I tried this a few times and on one occasion O.E. overcame the hang point at "(51c.514)" see below and continued to load after hanging for a good couple of minutes (i.e. mshtmled.dll and beyond). On all other occasions it just stayed stuck at that point.

Anyway, as you can see, I haven't a clue what I'm doing with this debugging tool but if you can point me in the right direction I'll give it another go.


.
.
.
.

Executable search path is:
ModLoad: 01000000 01010000 C:\Program Files\Outlook Express\msimn.exe
ModLoad: 77f80000 77ffc000 C:\WINNT\system32\ntdll.dll
ModLoad: 7c2d0000 7c335000 C:\WINNT\system32\ADVAPI32.dll
ModLoad: 7c570000 7c624000 C:\WINNT\system32\KERNEL32.dll
ModLoad: 77d30000 77d9f000 C:\WINNT\system32\RPCRT4.dll
ModLoad: 77e10000 77e6f000 C:\WINNT\system32\USER32.dll
ModLoad: 77f40000 77f7c000 C:\WINNT\system32\GDI32.dll
ModLoad: 70a70000 70ad6000 C:\WINNT\system32\SHLWAPI.dll
ModLoad: 78000000 78045000 C:\WINNT\system32\msvcrt.dll
ModLoad: 7d220000 7d247000 \\?\SandboxieHome\SbieDll.dll
ModLoad: 690a0000 690ab000 C:\WINNT\system32\PSAPI.DLL
ModLoad: 007b0000 008d5000 C:\Program Files\Outlook Express\MSOE.DLL
ModLoad: 773e0000 773f5000 C:\WINNT\system32\ATL.DLL
ModLoad: 008e0000 008ff000 C:\WINNT\system32\MSOERT2.dll
ModLoad: 7ce20000 7cf0f000 C:\WINNT\system32\ole32.dll
ModLoad: 779b0000 77a4b000 C:\WINNT\system32\OLEAUT32.dll
ModLoad: 64300000 6433d000 C:\WINNT\system32\MSOEACCT.dll
ModLoad: 5ec00000 5ec95000 C:\WINNT\system32\INETCOMM.dll
ModLoad: 71710000 71794000 C:\WINNT\system32\comctl32.dll
ModLoad: 00d70000 00d82000 C:\WINNT\system32\acctres.dll
ModLoad: 00da0000 00dae000 C:\WINNT\system32\inetres.dll
ModLoad: 01010000 01270000 C:\Program Files\Outlook Express\msoeres.dll
ModLoad: 01270000 013ba000 C:\WINNT\system32\SHDOCVW.DLL
ModLoad: 63000000 63095000 C:\WINNT\system32\WININET.dll
ModLoad: 7c740000 7c7cc000 C:\WINNT\system32\CRYPT32.dll
ModLoad: 77430000 77441000 C:\WINNT\system32\MSASN1.dll
ModLoad: 7cf30000 7d176000 C:\WINNT\system32\shell32.dll
ModLoad: 7c950000 7c9df000 C:\WINNT\system32\CLBCATQ.DLL
ModLoad: 77800000 7780d000 C:\WINNT\system32\msident.dll
ModLoad: 77820000 77827000 C:\WINNT\system32\VERSION.dll
ModLoad: 759b0000 759b6000 C:\WINNT\system32\LZ32.DLL
ModLoad: 015d0000 015d6000 C:\WINNT\system32\msidntld.dll
ModLoad: 69000000 6900c000 C:\WINNT\system32\PSTOREC.DLL
ModLoad: 01600000 01616000 C:\Program Files\Common Files\System\directdb.dll
ModLoad: 718c0000 71944000 C:\WINNT\system32\shdoclc.dll
ModLoad: 70440000 704cf000 C:\WINNT\system32\mlang.dll
ModLoad: 71500000 715fc000 C:\WINNT\system32\browseui.dll
ModLoad: 35c40000 35cb6000 C:\Program Files\Common Files\System\wab32.dll
ModLoad: 35f40000 35f7f000 C:\Program Files\Common Files\System\wab32res.dll
ModLoad: 77840000 7787e000 C:\WINNT\system32\cscui.dll
ModLoad: 770c0000 770e3000 C:\WINNT\system32\CSCDLL.DLL
ModLoad: 63580000 63820000 C:\WINNT\system32\mshtml.dll
ModLoad: 1a400000 1a47d000 C:\WINNT\system32\URLMON.DLL
ModLoad: 75e60000 75e7a000 C:\WINNT\system32\IMM32.DLL
ModLoad: 75ac0000 75ae8000 C:\WINNT\system32\MSLS31.DLL
ModLoad: 76f90000 77001000 C:\WINNT\system32\jscript.dll
(51c.514): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00000000 ecx=00000101 edx=ffffffff esi=00000000 edi=00000000
eip=77f9193c esp=024affa8 ebp=024affb4 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000286
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ntdll.dll -
ntdll!DbgBreakPoint:
77f9193c cc int 3
0:009> g
ModLoad: 70f30000 70f9e000 C:\WINNT\system32\mshtmled.dll
ModLoad: 70510000 7051a000 C:\WINNT\system32\imgutil.dll
ModLoad: 02d80000 02db4000 C:\WINNT\system32\dxtrans.dll
ModLoad: 727f0000 727f9000 C:\WINNT\System32\ddrawex.dll
ModLoad: 51000000 51049000 C:\WINNT\System32\DDRAW.dll
ModLoad: 728a0000 728a6000 C:\WINNT\System32\DCIMAN32.dll
ModLoad: 031c0000 03219000 C:\WINNT\system32\dxtmsft.dll