Sandboxie Forum - Rollback? (1376)

: Re: rollback

Fri Feb 13, 2009 1:13 am

]]>Quoting yakir.zadok@gmail.com: ]]>(deleted) the amazing thing is that all the changes that is done to sbInstall is in sbRun so if i delete content of the sbRun its like rollback to the sbInstall. am I wrong? ]]> I'd like to know how to do that !! Thank you.

:

Fri Feb 13, 2009 12:32 am

Is there a hope about RollBack function in the next future ? Thanks.

tzuk:

Sat Mar 01, 2008 8:50 pm

lwc -- I'm happy to see people experimenting with and using Sandboxie in all kinds of unplanned ways, after all that's exactly the idea of open-ended stuff like AutoExec. I hope you will be able to conclude the experiment on your own. yakir -- I had to delete your comment. Undoubtedly there are people who use Sandboxie in the way that you seem to want to use it, but I won't allow such explicit discussions on my forum. I'm sorry. In the future try to be more vague about it.

yakir.zadok@gmail.com: rollback

Sat Mar 01, 2008 10:51 am

(deleted) the amazing thing is that all the changes that is done to sbInstall is in sbRun so if i delete content of the sbRun its like rollback to the sbInstall. am I wrong?

lwc:

Fri Feb 29, 2008 5:51 pm

Nice idea to limit just parallel work and not the general idea of parallel sandboxes. At least I know this now. :) Anyway, could you answer the two questions in the duplication link (a "duplicate" feature and the best way to do it until then)? Thanks.

tzuk:

Fri Feb 29, 2008 3:52 pm

That's a good idea lwc, and it isn't even limited to registered users. Unregistered Sandboxie supports multiple sandboxes just fine -- as long as you don't run programs in more than one sandbox at the same time -- and your solution doesn't require that.

lwc:

Mon Feb 25, 2008 4:20 pm

[url=http://sandboxie.com/phpbb/viewtopic.php?t=2894]It seems registered users can duplicate sandboxies[/url]. That is, they can just create a default sandbox and never actually use it (except to duplicate in order to start a new sandbox).

tururu:

Thu Sep 13, 2007 4:51 am

]]>Quoting r0lZ: ]]>SandboxToys has now a simple tool to create automatically a backup of any non-empty sandbox to a ZIP file. ]]>Good news!, thanks r0lZ. Easier handling of sandboxes. :D

r0lZ:

Wed Sep 12, 2007 8:37 am

OK, I've replied in the other thread. Sorry to have missed the edit! BTW, as this is the main subject of this thread, I must say here that SandboxToys has now a simple tool to create automatically a backup of any non-empty sandbox to a ZIP file. There is currently no function to restore the backup automatically, but it is easy enough to do that manually.

tzuk:

Tue Sep 11, 2007 3:20 pm

I already answered your question about deleting files instead of marking them deleted. But you may have missed it because it was edited into the reply: http://www.sandboxie.com/phpbb/viewtopic.php?t=2034&start=16 There is no creation date for a registry key, the delete mark is stored in the last-write-time that you can retrieve by using [url=http://msdn2.microsoft.com/en-us/library/ms724902.aspx]RegQueryInfoKey[/url].

r0lZ:

Tue Sep 11, 2007 12:21 pm

I see. BTW, on the subject of "deleted" files, I have a request. Could you mark it as deleted with your magic creation date trick ONLY when the file exists in the corresponding directory outside of the box, and delete it completely otherwise? As I have explained elsewhere, Skype, for instance, creates a lot of temp files that are only zeroed and marked with your magic creation date. However, they do not have equivalents out of the box. After some days, there are thousands of empty files in the %TEMP% folder of the box! Maybe the same method should be applied also to the registry keys. And a question: how can I examine the creation date of a registry key?

tzuk:

Sun Sep 09, 2007 4:56 pm

Zero size files are not always considered deleted. Empty directories or empty registry keys are not always considered deleted. It has to do with the date of the file or key. [url=http://www.sandboxie.com/phpbb/viewtopic.php?t=1313]See here[/url].

r0lZ:

Sat Sep 08, 2007 1:09 pm

OK, thanks for the clarification. But I have another question, indirectly related to the backup method. I have noticed that when a registry key is deleted by a sandboxed program, the key remains in the unsandboxed registry (that's normal) and is simply emptied in the sandboxed version of the same key. I suppose that the sandboxed version takes precedence, and that the original values are hidden to the sandboxed applications. Right? Thus my question: does Sandboxie use a similar method to hide deleted files and folders to the sandboxed applications? For example, let's say "fileA" and "fileB" exists in "directoryD" outside the sandbox. There are no other files in the directory. If a sandboxed program deletes "fileA" and "fileB", or deletes completely "directoryD", those files should not be accessible any more But of course, Sandboxie cannot delete the original files. So, how does it hide them? Is it sufficient to create an empty mirror of "directoryD" in the sandbox? In other words, the question is: is it important to keep the empty directories (and possibly the empty files) in the archive? This question is important to know if ye can use the option of the archiver that skips the empty directories, and doesn't add them in the archive, and if we can safely delete the empty files before doing the backup.

tzuk:

Sat Sep 08, 2007 12:04 pm

I'm using AutoExec to uncompress the zip file, to restore the sandbox from the context of the very same sandbox. This means an empty RegHive file was already created, mounted, and is in use , so I had to find an alternative method to populate the registry hive: By using regedit. If you're going to invoke the restore yourself, from outside the sandbox, then you're right that you can just backup and restore the RegHive file itself :)

r0lZ:

Sat Sep 08, 2007 12:23 am

There is something I don't understand in Tzuk's method. Why do we need to export the rehistry keys? We could as well archive the whole content of the sandbox, and restore it later, including the RegHive file, no? I agree that the RegHive file is not editable, and therefore it is impossible to export the box to another computer or user, but for simple backup purposes, restoring everything as it was in the box at the time of the backup should be sufficient. If I'm right, the procedure is very simple. Be sure to terminate everything running in the box, and compress it in a ZIP file. To restore the box, begin by erasing its current contents, and restore the backup. That's all. Or am I wrong?

tururu:

Fri Jul 06, 2007 8:00 pm

SnDPhoenix: Thanks indeed! :) . I'll take a look at Inctrl first. I was in a mess with the registry hive of my sandboxes, let's see If I can clarify things this way. I was planning to use rolback features to remove crap traces left behind by software, dirty uninstallers... I prefer this ghost-back much more than deleting the sandbox and reinstalling, wich is harmful with big programs. For further information on trash keys please visit: http://www.databack4u.com/ (it's a legal program athough it doesn't look like being) Note: someday, somewhere, we should paste links to useful software related to Sbie, DebugView for instance.

SnDPhoenix:

Fri Jul 06, 2007 11:22 am

Tururu: I would just use Inctrl if i were you.

tururu:

Thu Jul 05, 2007 12:44 am

And what about Regshot?. Maybe is simpler and faster than RoolbackRX. For further references: http://regshot.blog.googlepages.com/regshot http://exetools.com/forum/showthread.php?t=3356 http://www.woundedmoon.org/win32/undoreg.html The idea is to save a snapshot of the sandbox registry hive, and undo when needed. How would I do this?. Advice, please. I've been sniffing around installation trackers, and some may fit our needs of rolling back without Zip using. Regshot is only for registry tracking, but there are also other programs for these purposes, the installation monitors. Some examples: http://www.devhood.com/tools/tool_details.aspx?tool_id=432 http://www.optimussw.com/trashit/download.html http://www.innovative-sol.com/uninstaller/index.htm Maybe someone in the forums can shed some light, I'm in a mess.

tzuk:

Tue Jun 19, 2007 12:44 pm

I did not answer before because I assumed you would understand, no answer means nothing new to say about this, which in turn means no progress.

lwc:

Tue Jun 19, 2007 12:05 pm

Maybe it was a rollback... But more importantly, what about my two questions (well, the first one was more of a suggestion about the FAQ)? :cry:

Unknown_User_807:

Tue Jun 19, 2007 3:52 am

i thought the same. have seen this topic the last few times i login and check 'new messages since last visit', but its always the same final comment. "mahh, whats up dock?"

tzuk:

Mon Jun 18, 2007 8:23 pm

Am I imagining things or does topic mysteriously re-appear every few days?

lwc:

Sun Jun 17, 2007 6:36 am

]]>Quoting tzuk: ]]>I think the important thing is that all the tools to achieve this, are already in place. ]]> Tzuk's detailed method of basically restoring a snapshot is not so user friendly, but he's right that it's better than nothing. And I guess it's not THAT complicated (except you have to download an external unzip program...). Maybe you should write this detailed method in the FAQ. ]]>Quoting tzuk: ]]>There is a minor annoyance here, in that you have to put the full path to TestBox in the AutoExec command. But this can be fixed in a later version through some variable expansion. There is a larger annoyance, in that you have to take all these steps to create the recorded state. But this too can be revised in a later version. ]]> Any progress with either the minor or the larger annoyances?

tururu:

Tue Apr 24, 2007 1:25 am

All right, i think I already know about that registry exporting. I'll take a look at Rollback by myself, and I'll let you know if i find something useful. It's a question of choosing the more comfortable method, I guess. About the purposes of tracking changes, I vote for lighter sandboxes, just like wiping inside a sandbox with ccleaner. I know you¡ll oposse that deleting the sandbox is even lighter, but maybe i want to keep some information 'circumstancially'. That's the point. In any case I like the idea of sharing software packages, like you said before. I can't add much to this topic, lack of knowledge by my side. Thanks for your patience.

tzuk:

Sun Apr 22, 2007 10:39 pm

[quote:a1df5b2388]And that's why I should work in unsandboxed regedit, isn't?. [/quote:a1df5b2388] No; that's so that you export on those registry keys recorded in the sandbox, in other words, the difference from the real system. If you a sandboxed RegEdit and export the entire tree, it's just a waste of space and time. (Or is it [url=http://en.wikipedia.org/wiki/Spacetime]spacetime[/url]? :P ) [quote:a1df5b2388]What about safetynut's suggestion? Any recommended program? Maybe it's easier way in the meantimes[/quote:a1df5b2388] Maybe, maybe not. Maybe ask him? If you're asking me, I don't understand why you would need to record the state of a [i:a1df5b2388]browser[/i:a1df5b2388] sandbox. What does it matter if you do something wrong and it gets messed up and you delete it?

tururu:

Sun Apr 22, 2007 1:27 pm

Now I understand better; sandboxie merges real system information and i guess this can't be easily undone. And that's why I should work in unsandboxed regedit, isn't?. Too technic for me anyway, I've headache. I'll manage whith your method and wait untill you automate it a liitle more, if you fancy. What about safetynut's suggestion? Any recommended program? Maybe it's easier way in the meantimes.

tzuk:

Sat Apr 21, 2007 10:38 pm

Well actually I liked my idea (if I may say so myself) because it may enable people to distribute software packages as a zipped sandbox, which is neat. But basically what you're asking is for a kind of sandbox-in-a-sandbox: Beginning at some arbitrary point, you'd like all additions or changes in the sandbox to be sort of sandboxed again. Right? This would be a very large change, because Sandboxie merges information from two sources: your real system, and the sandbox system. To extend this to a variable n number of systems is just too much effort, with a very small payoff.

tururu:

Sat Apr 21, 2007 11:14 am

Nice answer Tzuk, as always. If I´m not wrong It´s kind of recovery via the Registry. As you say is a little bit painful to set, and it keeps just initial state of sandbox. I had thought something more flexible, like "start recording from now on" feature. Let's say I've been browsing for a while and I'm about to enter some unsecure pages; I'd like to 'ghost' just before entering, but keeping previous state of sandbox. I´ve already done it the brute way, i save the whole sandbox in different path and after browsing the dirty pages I overwrite the sandbox. Too painful as well. Another idea: since every file in the sandbox should have a creation/modification date, maybe we can set the program to delete all files from an starting date to a final date. I suposse this is easy with 'standard' files, but, Can it be done inside .dat files and similar stuff?. I'm thinking in the powerful editing features of your services. This would work purely inside the sandbox, whith no need to work in unsandboxed Regedit. Sorry for my english, i know it's hard, and even more since I'm not a technician in informatics. Thanks. To safetynut: thanks for the suggestion, but i had in mind to use one single program, moreover since the sandboxie has this hability somehow. I also think that rolling back is a standard security feature used for malware disinfection. Securing sandboxie is a good idea, isn´t it?.

Unknown_User_701:

Fri Apr 20, 2007 8:58 pm

I'm not sure I follow. But why nt simply buy a program like Rollback RX? That pluas sansboxie would seem to give you the strategy you are looking for.

tzuk:

Thu Apr 19, 2007 11:35 pm

Thanks. Tracking changes as they are made is not something I plan for Sandboxie. However I thought a bit about your request and I think I have an interesting solution. Through a combination of Zip files, RegEdit and the [url=http://www.sandboxie.com/index.php?AutoExec]AutoExec setting[/url], it is possible to record the state of the entire sandbox, and then automatically "replay" the contents, each time the sandbox is deleted. Steps to create: 1. Create an empty sandbox. Let's say TestBox. 2. Install some stuff. If you'd like to make it interesting, make sure registry keys as well as files are installed. 3. When done installing, end all programs in TestBox. 4. Bring up the Run Any Program dialog for TestBox. Don't run anything through it. This is important to make sure the sandbox is active, but nothing other than Sandboxie is using it. 5. Bring up an [i:7740a4e9e5]unsandboxed[/i:7740a4e9e5] RegEdit. Find the root key for the new sandbox. For example, for me that would be HKEY_USERS\Sandbox_tzuk_TestBox. 6. Right click and [i:7740a4e9e5]Export[/i:7740a4e9e5] the entire contents of this key, into [i:7740a4e9e5]SandboxRoox[/i:7740a4e9e5]\TestBox\drive\c\complete.reg. 7. Close RegEdit. 8. Explore the Contents of TestBox, and pack the two folders [i:7740a4e9e5]drive[/i:7740a4e9e5] and [i:7740a4e9e5]user[/i:7740a4e9e5] into a zip file. Let's say TestBox.zip. Note, you need to make sure they are added to the zip without path information. So if you unzip into folder c:\test, then c:\test\drive and c:\test\user are created. 9. Move the zip to some pre-defined directory. Let's say C:\TestBox.zip. 10. Finally, add AutoExec commands in Sandboxie.ini, in the section for TestBox: [quote:7740a4e9e5] AutoExec=unzip c:\TestBox.zip -d [i:7740a4e9e5]SandboxRoot[/i:7740a4e9e5]\TestBox AutoExec=regedit /s c:\complete.reg [/quote:7740a4e9e5] Note: command-line unzip utility can be downloaded from: http://gnuwin32.sourceforge.net/packages/unzip.htm This comples the set up of the recorded state. 11. Now, to test this, first delete the contents of TestBox. Obviously all your installed programs are going to be deleted. 12. Next, use Run Sandboxed -> From Start Menu on TestBox. You should see the stuff that you installed has magically re-appeared, even though you've deleted the sandbox. In effect, TestBox will now rollback to the recorded state, any time you delete it. There is a minor annoyance here, in that you have to put the full path to TestBox in the AutoExec command. But this can be fixed in a later version through some variable expansion. There is a larger annoyance, in that you have to take all these steps to create the recorded state. But this too can be revised in a later version. I think the important thing is that all the tools to achieve this, are already in place.

tururu: Rollback?

Tue Apr 17, 2007 6:59 pm

Hello Tzuk: A suggestion for next releases. Why don´t 'record' the changes in the sandbox from a starting point? and so you can undo all changes after a while. Much like ghost-back. It'd be nice for keeping some files inside the box and discard all changes in a 'session'. I mean, useful if you use different configurations for the same programs depending on they are sandboxed or not. Hope you understand me. Also useful if you're infected by malware and don´t want to delete the whole sandbox, you can revert to a 'safe point'. Maybe it can already be done by the command line... i don´t know... By the way, nice work on 2.85! thanks