Registry isolation function suggestions

[Taeyeonzpx]

Is your feature request related to a problem or use case?

I want the registry of programs running in the sandbox to be recorded in a txt file

Describe the solution you'd like

The operation records of the software in the sand table on the registry are put into a txt file in the root directory of the sand table for easy viewing and analysis

Describe alternatives you've considered

No response

[bastik-1001]

Issue #60 might be related.

[Taeyeonzpx]

Issue #60 might be related.

ok thank you, but we also need to use other software. this operation is really a bit troublesome. It's difficult to get started. I hope the sand table can integrate this function

[bastik-1001]

ok thank you, but we also need to use other software. this operation is really a bit troublesome. It's difficult to get started. I hope the sand table can integrate this function

I agree that relying on third-party software might not be ideal, especially if this software needs to be set-up and updated. I think what the linked issue is asking for it, a way to view registry changes, build into software that is maintained here (be it Sandman or some other component of Sandboxie). Your request seems to be even simpler, as the .txt file can be viewed with any text editor.

[Taeyeonzpx]

60

60 In fact, it is still a. txt file in the end. It is more convenient to output a txt file directly from the sand table

[DavidXanatos]

Please clarify do you want a access log as produced by the trace window or ProcMon.exe from sysinternals or do you want the final state of the sandboxied portion of the registry be saved to a txt file, as if we would have mounted the RegHive.dat and exported it to a *.reg file?

[Taeyeonzpx]

Please clarify do you want a access log as produced by the trace window or ProcMon.exe from sysinternals or do you want the final state of the sandboxied portion of the registry be saved to a txt file, as if we would have mounted the RegHive.dat and exported it to a *.reg file?

Save txt file is only an auxiliary option, does not involve the core mode of operation, I just want to visually view the sandbox to add, delete and check those registry files, is the hope as a log to record, more intuitive than using the tracking window some

[DavidXanatos]

isn't then this option enough:

it mounts the boxed hive with all chanegs and open's regedit there

[Taeyeonzpx]

isn't then this option enough:

it mounts the boxed hive with all chanegs and open's regedit there

If I open all the registries in this way, I don't know which registry keys have been modified by the program

[DavidXanatos]

All the sub keys there are keys modified by the sandboxed programs

Some may be modified and then changed back to the original value but they wer writen to at some point in the boxes existence.

[Taeyeonzpx]

All the sub keys there are keys modified by the sandboxed programs

Some may be modified and then changed back to the original value but they wer writen to at some point in the boxes existence.

I now notice that there is a "Sandbox_xxxxxx" key in the registry. Is this the registry key modified by the program in the sandbox?

[Taeyeonzpx]

All the sub keys there are keys modified by the sandboxed programs

Some may be modified and then changed back to the original value but they wer writen to at some point in the boxes existence.

But the sandbox registry structure seems a little hard to understand, I have a structure idea, don't know how about this

[isaak654]

This documentation might help: https://sandboxie-plus.github.io/sandboxie-docs/Content/SandboxHierarchy.html#registry

[Taeyeonzpx]

This documentation might help: https://sandboxie-plus.github.io/sandboxie-docs/Content/SandboxHierarchy.html#registry

I see, the structure of the sandbox registry is just like the structure of "separate user folders" in the sandbox. Since there is a switch for "separate user folders", can the registry be a switch? Because this registry structure is so bad to read, can I make it the data structure I want it to be when I turn off the "isolate different user folders" switch?

[DavidXanatos]

the structure you see there is the "real" registry structure, the root keys you see in regedit exe are mapped thats how nt registry really looks like:

the long SID is replaced by sandboxie with just "user"

[Taeyeonzpx]

the structure you see there is the "real" registry structure, the root keys you see in regedit exe are mapped thats how nt registry really looks like:

the long SID is replaced by sandboxie with just "user"

oh, I understand, thank you for your teaching, because I have been using the "regedit exe" to view the edit registry, long time of use, already used to this mapping structure, mistakenly thought that "regedit exe" structure is the real structure, did not think he is mapped out