-
July 6th, 2003, 12:30 AM
#1
Junior Member
Norman Sandbox - virtual computer inside a computer - how'd i do that?
Do u know Norman Sandbox?
It's a container to let an unknown virus run wild without wreaking the system.
It's actually a virtual computer.
I'd like to do a virtual computer also, quite fascinate by how it works but actually donno really
how it works
I think the first step is to intercept all system API calls.
I'm using VB. Any suggestions pls?
I'd be more than happy if anyone could tell me.
ASM,C,C++,BASIC,VB,JAVA,VBS,HTML,ASP,SQL
Programming is fun, but only if you\'re not on a tight deadline
So I consider all those working engineers sad people
-
July 7th, 2003, 01:28 AM
#2
Junior Member
your gonna use vb? why not a more advanced language like C++ you will get much farther in your goal
-
July 7th, 2003, 04:06 AM
#3
Hey Jian2587,
If you are interested in virtual computers (i.e. Virtual machines) check out VMWare.
http://www.vmware.com/landing/ws4_search.html
There is a 30 day trial download, so you can play wih different OSes. For example, you can have Windows and some flavour of Linux running at the same time on the same machine, but on different virtual machines. Good luck!
\"When you say best friends, it means friends forever\" Brand New
\"Best friends means I pulled the trigger
Best friends means you get what you deserve\" Taking Back Sunday
Visit alastairgrant.ca
-
July 7th, 2003, 01:12 PM
#4
Junior Member
Ah, not really virtual computers.
I meant sandbox.
A sandbox basically gives a program a fake environment of the OS it's running.
Not really fake, but all the API calls made by sandbox are intercepted by the sandbox in which
it could modify its return results and give it back to the program.
So let's say you let a virus run wild in a sandbox, it tries to destroy your system files, but the
API call to delete file is intercepted by the sandbox. The sandbox did not delete the files, but
it returns results that convinced the virus that the system files are already deleted. Basically,
we make the virus believe it's destroying something whereby in fact it didn't.
So what we need to do is to intercept system calls from certain programs.
Anyone have suggestions?
sorry, API calls made by a program, and not a sandbox.
I made a mistake.
ASM,C,C++,BASIC,VB,JAVA,VBS,HTML,ASP,SQL
Programming is fun, but only if you\'re not on a tight deadline
So I consider all those working engineers sad people
-
July 7th, 2003, 04:39 PM
#5
Maybe a utility like FileMon or DiskMon from sysinternals can help you out. Check them out at:
http://www.sysinternals.com/ntw2k/utilities.shtml
They allow you to monitor activity to your file system and hard disk respectively. There are also a pile of other utilities that may be of some help as well.
Good luck!
\"When you say best friends, it means friends forever\" Brand New
\"Best friends means I pulled the trigger
Best friends means you get what you deserve\" Taking Back Sunday
Visit alastairgrant.ca
-
July 7th, 2003, 06:42 PM
#6
Sandbox....(Virtual computer / protected from the original O/S) Yeah; I ran into that somewhere and thought it was a great idea. Lets you run/test apps without 'damaging' the computers REAL o/s.
If I see it again.....I will post
Here's a link for those who haven't seen or heard of 'sandbox'
http://www.webopedia.com/TERM/S/sandbox.html
-
July 8th, 2003, 12:44 PM
#7
Junior Member
Yea Algaen, I know that one. But what we need here is how it works, and possibly the source
codes.
ASM,C,C++,BASIC,VB,JAVA,VBS,HTML,ASP,SQL
Programming is fun, but only if you\'re not on a tight deadline
So I consider all those working engineers sad people
-
July 8th, 2003, 12:59 PM
#8
Junior Member
vmware
I Know that i'm very off topic but i installed vmware in xp & i put Debian ,could anyone of you
helpme how ,with host-only configured,share files between XP and DEbian with netcat
Sorry about my offtopic
-
July 8th, 2003, 01:24 PM
#9
I prefer to utilize various types of access controls to mimic sandboxes, sandboxes have the issue that a single userland can contain many sandboxes and data can move between them, plus they fail to protect the data within the sandbox so their usefulness is limited because it means the user needs to have their programs run in an environment that contains no valuable data, which kinda makes most applications useless.
On my system, client applications like my web browser and email client run as a restricted user so that I may speficially set what it can and cannot do, for this purpose the harrison, Ruzzo, and Ullman (HRU) access model is ideal. For services, a simple solution is domain based access controls (DBAC) as these effectively place your services in read only, non-hierarchical compartments isolated from the rest of the system. Both of these systems work even better when placed within hierarchical mandatory access controls. The end result is a system that effectively is sandboxed, however still useful as data can be safely used within the sandboxed environments. Additionally this method provides more finely grained controls, because most sandboxes merely prevent anything from stepping outside as if you are going to create a rule set and a collection of trusted agents to handle intercompartmental communications, you might as well take that extra step and simply use the access controls I've discussed, because to do so without these types of protections would be a monumental task to ensure a wide range of compatability.
Hope this helps.
catch
-
July 9th, 2003, 12:50 PM
#10
Junior Member
catch, u r very knowledgable but I understand none of those
maybe u can explain more in detail but simple?
ASM,C,C++,BASIC,VB,JAVA,VBS,HTML,ASP,SQL
Programming is fun, but only if you\'re not on a tight deadline
So I consider all those working engineers sad people
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|