3CX DLL-Sideloading attack: What you need to know
Important Information Regarding Sandboxie Open Source Release
Sophos is proud to announce the release of the Sandboxie source code to the community, meaning we are finally an open source tool!
We’re excited to give the code to the community. The Sandboxie tool has been built on many years of highly-skilled developer work and is an example of how to integrate with Windows at a very low level. We’re proud to release it to the community in the hope it will spawn a fresh wave of ideas and use cases.
To download this release please visit our download page here.
As we are monitoring and keeping you up to date on the take-up of the source code and its transition to become a true open source project we can imagine that you have some questions about the availability of the free Sandboxie versions and the future of the forum and this website.
FAQ on this release:
Sophos is currently engaging with members of the community who are willing to take on the Sandboxie source code and make it available through an open source project to the community. We will keep you informed about the progress through this website.
The latest version of Sandboxie (Win 7, 8.1 and 10 only) is available here. This is the last version of Sandboxie that Sophos will make available to the community and no further updates will be made to it. All restricted features have been made completely free in this version. Any further improvements to Sandboxie will need to be made through the open source community.
Sophos is planning to close the Sophos community Sandboxie forum on June 1st 2020.
The open source release has no code to check the license server. We have removed any checks against the license server since the 5.31.1 release. For this reason we will be shutting down the license server on June 1st 2020.
As and when the Sandboxie community embraces the available source code, transitioning it to an open source project, we will gradually wind down the website and expect to close the website during the fall of 2020.
There are 3 steps to building Sandboxie:
To start with there is a Readme.txt file in the root of the source code.
The main piece of source that is needed to compile the code is Microsoft Visual Studio 2015. (The Community Version may build the source code but be advised that there are restrictions on the use of the binaries generated by this version).
There is a dependency on the Microsoft Windows Device Driver Kit 7.1.0 (link has been provided in the Readme.txt file).
There is a separate Readme.txt located in the /install/ folder for building the installer. This contains additional requirements to set up.
No, Sandboxie can be compiled entirely from source code withll very few dependencies.
We are releasing the source code under the GPL v3 license (https://www.gnu.org/licenses/gpl-3.0.en.html)
Start with the Readme.txt file at the root. There is a little more explanation of each of the different projects in the source code.
Yes, Microsoft requires that all drivers are signed. This requires purchasing a validated certificate from a Certificate Authority who normally will vet the individual/company that they are issuing too. Since Windows 10, Microsoft also requires that all drivers be submitted to them through their hardware development portal so that it can be validated and signed by them.
For testing purposes, it is possible to create a self-signed certificate and use that to sign your driver locally. Windows still need to run in what is called Test Signing mode in order to accept this form of signed driver.
It is beyond the scope of this document to describe how to sign the binaries but there are plenty of resources online to help with this.
If you use a version of the driver that is already signed, it is possible to update other components and drop in files as replacements. The only condition is that the “Version” associated with the SbieSvc project (see common\my_version.h) matches the driver version.
There is a known issue that opening any *.rc in Visual Studio can cause it to get corrupted. The default versions should work as is.
This has been resolved.
What exact version (update) of VS 2015 is recommended.
because VS 2015.3 encounters some linker errors in SBoxDll,
like "unresolved external symbol memcmp", "unresolved external symbol memmove" and so on
To resolve the issue I had to add to the linker vcruntime.lib, libucrt.lib and libcmt.lib
There also seam to be an issue with the SbieControl.rc it seams the encoding on the original file is broken :/
It seams when adding the copyright notice ASCII text was added before the Unicode BOM, removing the bytes before the boom and fixing the new line characters being not properly Unicode encoded repaired the file, here it is: https://raw.githubusercontent.com/DavidXanatos/Sandboxie/master/Sandboxie/apps/control/SbieControl.rc
Thanks for noticing this.
1) For the .rc files: Yes it appears the .rc files are a little message up however, the build appears to work as long as the .rc is not overwritten by opening the file in Visual Studio and saved again. Unfortunately our last build before releasing was successful and didn't see that. This could be fixed at a later point. I will put a not in the FAQ to avoid editing that file for now.
2) For the linker issue: Do not include any external CRT into sboxdll project. This DLL is injected early into the process start up sequence and adding dependencies may break Sandboxie. Normally we link directly to the CRT build into ntdll.dll.
Again we cannot reproduce for sboxdll.dll, we can produce an this issue when building a DEBUG SbieDrv build. We don't recommend using the DEBUG SbieDrv, if you want to create a test driver use the RELEASE build of SbieDrv (turn off optimizations for more debugging information).
If you are having trouble building sboxdll.dll, that's a strange one. Adding /VERBOSE to the linker settings might reveal more.
Thanks for the quick Reply
1) For the .rc files: when I tested it the build worked as well but the resulting exe file did not contain any resources and crashed on startup.
2) I found out what was wrong, my VS was linking against the wrong version of ntdll.lib hence the initial linker issues, pointing it to the right ntdll.lib fixed that and now it links without the CRT libs.
Cheers
David X.
The .rc files have been fixed in the download source download.
Updated the download link. You can now fork it directly from Github.