wraithduLogs are attached.
Ahh, I've also found a problem with BSA. It is blocking my call to GetModuleFileNameW. This causes a critical part of my DLL loading process to fail and causes the DLL to unload itself. If you had enabled the debugging messages (which I should have asked you to do in the first place), you would have seen where this occurs. Basically my DLL cannot build the list of Sandboxie processes to check against the name of the target process.
Please pass this onto the developer of BSA. If he fixes this problem, my DLL should start working again.
A forum for reverse engineering, OS internals and malware analysis
Attachments
(8.64 KiB) Downloaded 29 times
BSA´s actual host is going down soon. The new host is: http://bsa.netai.net
Released Buster Sandbox Analyzer 1.22.
Change list:
Added automatic malware analysis mode
Added digital signature verification
Removed "Check Ports"
Updated Buster Sandbox Analyzer GUI
Updated LOG_API library
It can be downloaded from: http://bsa.netai.net/bsa.rar
Released Buster Sandbox Analyzer 1.22.
Change list:
Added automatic malware analysis mode
Added digital signature verification
Removed "Check Ports"
Updated Buster Sandbox Analyzer GUI
Updated LOG_API library
It can be downloaded from: http://bsa.netai.net/bsa.rar
Version 1.22 has been uploaded again because a bug was reported and fixed it.
New release of BSA 1.22 can be downloaded from:
http://bsa.netai.net/bsa.rar
http://rapidshare.com/files/393478240/B ... r.1.22.rar
http://www.megaupload.com/?d=TOTVC9ZH
http://hotfile.com/dl/45674283/98e6168/ ... 2.rar.html
New release of BSA 1.22 can be downloaded from:
http://bsa.netai.net/bsa.rar
http://rapidshare.com/files/393478240/B ... r.1.22.rar
http://www.megaupload.com/?d=TOTVC9ZH
http://hotfile.com/dl/45674283/98e6168/ ... 2.rar.html
gjf wrote:Did you fix the bug with non-sandboxed connections displayed in "View Connections"? Looks like it still exists.Take a screenshot and show me it, please.
Screenshots of what? Let me explain what am I doing.
1. uTorrent is downloading files at host.
2. Let's start BSA and sandbox notepad.exe for instance.
3. Close sandboxed notepad window.
4. Press "Stop analysis" and "Viewer" - "View connections".
Now we can see some connections which belongs to uTorrent but surely not to notepad.
So what should I screenshot here? Please advise.
1. uTorrent is downloading files at host.
2. Let's start BSA and sandbox notepad.exe for instance.
3. Close sandboxed notepad window.
4. Press "Stop analysis" and "Viewer" - "View connections".
Now we can see some connections which belongs to uTorrent but surely not to notepad.
So what should I screenshot here? Please advise.
gjf wrote:Screenshots of what? Let me explain what am I doing.You should screenshot "View connections", where I can see connections which belongs to uTorrent.
1. uTorrent is downloading files at host.
2. Let's start BSA and sandbox notepad.exe for instance.
3. Close sandboxed notepad window.
4. Press "Stop analysis" and "Viewer" - "View connections".
Now we can see some connections which belongs to uTorrent but surely not to notepad.
So what should I screenshot here? Please advise.
The reports are attached. Is it enough?
Attachments
(8.45 KiB) Downloaded 30 times