Menu
I am trying to understand how software like App-V and sandboxie (http://www.sandboxie.com/) work. But for the life of me, I can't think of anything that could make this possible. How do they intercept API calls and trick the target software? If someone would say that it's just magic and pixie dust, I would believe them. Seriously though, are there any white papers that discuss solutions to this problem?
If this is possible on the CLR level then that would be good but I'm willing to go native if I have to.
553
Executing Application VirtualizationA VMM infrastructure—software, firmware, and/or hardware—creates and operates virtual machines (VMs). A host (server) connects to multiple guests (endpoints). Application and desktop virtualization enables centralized management of the complete desktop environment ecosystem.
Application virtualization software allows users to access and use an application from a separate computer than the one on which the application is installed. Using application virtualization software, IT admins can set up remote applications on a server and deliver the apps to an end user's computer.
Virtual apps are applications that are optimized to run in a virtual environment. Simply put, a virtual app simply runs on a computer without being installed on it. Remote apps are a popular virtual app delivery solution wherein the virtual applications installed on a server are delivered to users' devices.
Sandboxie does it by essentially injecting code into core Windows API, the same way a virus would (which is why Vista x64 prevents this behaviour, and why Sandboxie doesn't work on that OS).
Here is a project explaining API hooking. I learned how all this work by studying the sourcecode for Metamod:Source (used for SourceMod for CounterStrike:Source :) )
126
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
