Introduction to sandbox Working Principles

Recently, when studying the principle of multiple game activation, I found that one of the methods to achieve multiple activation is the use of sandbox, which attracts my attention. In addition, this method can be used to implement multiple game activation, which can be described as a calf test tool.

Sandbox is actually a security software that logically isolates processes. programs executed in the sandbox do not actually modify or prevent system data from being modified, such as registry and hard disk data.

The following is a brief introduction to the sand table:

 

Some people ask what the sandbox is, and some new people may not know what it is, so I wrote this article and only gave a brief introduction to the sandbox.

Sandbox is also called sandbox. as its name implies, Sandbox can be regarded as a container. Everything in it can be retried. In military scenarios, sandbox is often used to simulate the terrain of war areas, have you ever seen this? If you don't need it, you can flatten the sand.

The sandbox is a security software that can put a program into the sandbox for running. In this way, all files created, modified, and deleted by the program and the Registry are virtualized and redirected, that is to say, all operations are virtual, and real files and registries are not modified. This ensures that the virus cannot change key parts of the system to damage the system. In addition, the sandbox usually has some or complete hips-like program control functions. Some high-risk activities of the program will be prohibited, such as driver installation and underlying disk operations. At present, there are two main types of sand tables: one is the traditional sand table using virtual technology, and the other is the sand table using policy restrictions.

One of the typical representatives of traditional sandbox is sandboxie. Let's see how it describes itself and you will know what a sandbox is.

What is sandboxie?

　　When you run a program, the program will read the data on the hard disk, then the data flows from the hard disk to the program, and the data is processed and displayed, and then written back to the hard disk by the program.

 

If you run a game program, it will first read the data records stored in the hard disk, then display them during the game, and then write them back to the hard disk for the next use.

The role of sandboxie is to change the place where the program writes data, so that it cannot be written back to the hard disk, but to a virtual area created by sandboxie.

 

Demonstrate the key features of sandboxie: a virtual storage area, or a sandbox. When reading data, the data passes through the hard disk to reach the program, which is not affected. However, when a program writes data, the data is stored in the sandbox and not written to the hard disk.

If you run a game in a sandbox environment, sandboxie will read and save the data from the hard disk, and then the game will read the data in the sandbox to meet its needs. But when the game wants to write data, sandboxie intercepts the write and transfers the data to the sandbox.

Application of sandboxie

　　Sbie runs a program in an isolated virtual area called sandbox (sandbox. The program running in this area will not be affected, but it cannot make permanent actual changes to the system. All changes made to the file and registry by the program are only valid in the sand table.

For more information about sandboxie, see related articles in the top tutorial post.

In addition to sandboxie, a sandbox that uses virtual technology, there is also a software that uses policy restrictions, which can also be called sandbox, because it also has the ability to restore all files generated by the program and the registry key value, called rollback (rollback ), unlike traditional sandbox modification and deletion operations, policy restrictions are adopted. Defensewall is a typical example.

DW is not a virtual sandbox, because there are still some defects in the virtual technology, such as problems such as instability of the program in the sandbox or increased resource usage. Therefore, the files and registry key values generated by the programs running in DW are generated by the real machine, and DW will track them. All these generated items are subject to policy restrictions. For example, if an executable file is generated by a program in DW, when running this executable file, the file will be tracked by DW and automatically added to the untrusted zone, which is subject to policy restrictions, this ensures that the file will not cause damage to your system. Modification and deletion of important system files and registry key values will also be subject to policy restrictions and prohibit operations by untrusted programs. The traditional sandbox adopts the virtualization redirection Technology for modification and deletion operations. That is to say, all modification and deletion operations are completed in the virtual area, real files and registries are not modified or deleted. Technically speaking, DW is closer to the traditional hips, but it only adds the tracing restriction function for the generated items. Therefore, DW is an alternative sandbox.

For more information about the defensewall mechanism, see related articles in the top tutorial post.

Currently, sandboxie, defensewall, safespace, bufferzone, and geswall are mainstream sandboxes.

 

Article transferred from: http://news.sanhaostreet.com/NewsData/2008/3/200834105419516.shtml

Introduction to sandbox Working Principles