SbieHide icon indicating copy to clipboard operation
SbieHide copied to clipboard
verified publisher icon VeroFess

Sandboxie will be detected when a statically-linked DLL contains detection code

Open TheCjw opened this issue 1 year ago • 2 comments

Due to the documentation of Inject DLL

The injected DLL is loaded into the sandboxed process (or program) after all the statically-linked DLLs are loaded and initialized, but before the program itself begins to execute at its entry point.

So the statically linked DLL will load and execute before SbieHide. You can use ProcMon to verify this.

In this scenario, an additional launcher is required to perform DLL injection using DetourCreateProcessWithDlls or Windows debugging APIs.

Hope this helps.

TheCjw avatar Jun 19 '24 02:06 TheCjw

Due to the documentation of Inject DLL

The injected DLL is loaded into the sandboxed process (or program) after all the statically-linked DLLs are loaded and initialized, but before the program itself begins to execute at its entry point.

So the statically linked DLL will load and execute before SbieHide. You can use ProcMon to verify this.

In this scenario, an additional launcher is required to perform DLL injection using DetourCreateProcessWithDlls or Windows debugging APIs.

Hope this helps.

What program does this appear to happen ?

0bbedCode avatar Sep 02 '24 02:09 0bbedCode

Pls try with https://github.com/VeroFess/SbieHide/releases/download/v2.0.0/SbieHideExLoader.exe

VeroFess avatar Jul 09 '25 13:07 VeroFess