使用WinAPI挂钩对程序进行沙盒 [英] Sandboxing a program using WinAPI hooks
问题描述
我想对本地代码进行沙盒化,并使用WinAPI和系统函数的挂钩来阻止或允许该程序执行某些操作,例如使用Internet连接读取/写入文件,修改Windows注册表.这是一种很好且安全的方法吗?该程序绕过这种安全层会有多困难?
+1给Hans,但是,如果您真的很喜欢,那么我可以推荐轻松钩.我已经在Win XP,Vista和7中成功地成功使用了它.我不知道它的可绕行性如何,但确实存在其他替代方法-madSHI钩子,如果要采用正式的方法,请尝试使用Microsoft的Detours. >
I'd like to sandbox a native code and use hooking of WinAPI and system functions to block or allow this program to perform some operations like reading/writing files, modify Windows registry, using an Internet connection. Is it a good and secure way to do so? How difficult would it be for that program to bypass such a security layer?
+1 to Hans, however if you are really into it then I can recommend Easyhook. I have personally used it successfully in Win XP, Vista and 7. I don't know how bypassable it is but other alternatives do exist - madSHI hooks, and, if you want to go the official way, try Detours from Microsoft.
这篇关于使用WinAPI挂钩对程序进行沙盒的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
