应用程序虚拟化是如何实现的?
我试图了解 App-V 和 sandboxie (App-V 等软件="http://www.sandboxie.com/" rel="noreferrer">http://www.sandboxie.com/) 工作。但就我的一生而言,我想不出有什么可以让这一切成为可能。他们如何拦截 API 调用并欺骗目标软件?如果有人说这只是魔法和仙尘,我会相信他们。说真的,有没有讨论这个问题解决方案的白皮书?
如果这在 CLR 级别上是可能的,那就太好了,但如果必须的话,我愿意采用本地化。
I am trying to understand how software like App-V and sandboxie (http://www.sandboxie.com/) work. But for the life of me, I can't think of anything that could make this possible. How do they intercept API calls and trick the target software? If someone would say that it's just magic and pixie dust, I would believe them. Seriously though, are there any white papers that discuss solutions to this problem?
If this is possible on the CLR level then that would be good but I'm willing to go native if I have to.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
Sandboxie 本质上是通过将代码注入核心 Windows API 来实现的,就像病毒一样(这就是为什么 Vista x64 阻止这种行为,以及 Sandboxie 不能在该操作系统上工作的原因)。
这里是一个解释 API 挂钩的项目。我通过研究 Metamod:Source 的源代码(用于 CounterStrike 的 SourceMod)了解了这一切是如何工作的:来源 :) )
Sandboxie does it by essentially injecting code into core Windows API, the same way a virus would (which is why Vista x64 prevents this behaviour, and why Sandboxie doesn't work on that OS).
Here is a project explaining API hooking. I learned how all this work by studying the sourcecode for Metamod:Source (used for SourceMod for CounterStrike:Source :) )
我不知道MS是如何做到的,但这是一种方法的基本理论......
你想要做的是挂钩到系统调用(类似于链接到中断)。
希望这有帮助。
I don't know how MS did it, but here is the basic theory of one way to do it ...
What you want to do is hook into the system calls (similar to chaining into interrupt).
Hope this helps.
查看 X86 虚拟化 上的维基百科页面,其中讨论了软件虚拟化 (早期的 VMWare、Wine、Sandboxie 以及一定程度上的 App-V)和更现代的硬件虚拟化(Hyper-V、VMWare 等)。
我假设您正在专门寻找软件虚拟化,因为通过使用 .NET(或任何 CLR),您已经在一定程度上将自己从 CPU 架构中抽象出来,尤其是使用“AnyCPU”目标。
Check out the Wikipedia page on X86 Virtualization which discusses both software virtualization (early VMWare, Wine, Sandboxie and to an extent App-V) and the more modern hardware virtualization (Hyper-V, VMWare, others).
I'm assuming you're looking specifically for software virtualization as by using .NET (or any CLR) you're already abstracting yourself away from the CPU architecture to an extent, especially with the 'AnyCPU' target.