Awesome
SbieHide
A plugin written for sandboxie-plus, which is used to fight the detection of sbiedll.dll
How to use?
Compile this plug-in or download pre-compiled files from Release
You should ensure file name of this plug-in contains the string 'sbiehide', otherwise it will not hide itself.
Open the configuration file of sandboxie-plus and add the following configuration to the sandbox which need to hide from inner program:
InjectDll64=Path\to\64\SbieHide.dll
InjectDll=Path\to\32\SbieHide.dll
About some applications are still detected sbiedll.dll
First of all, you should not use this plug-in for bypass anti-cheating,
The behavior of this plug-in is very similar to some cheat, which may cause your account banned!
Secondly, this module cannot fight the detection of the kernel layer. Related confrontation needs to write in a driver, and doing so in the kernel will make Microsoft Patchguard unhappy.
Finally, please bring a sample in issue, and I will try to correct this problem.
The detection that has been passed
- Peb->InLoadOrderModuleList
- Peb->InMemoryOrderModuleList
- Peb->InInitializationOrderModuleList
- Peb->HashLinks
- NtQueryVirtualMemory [MemoryBasicInformation|MemoryMappedFilenameInformation|MemoryRegionInformation|MemoryImageInformation|MemoryRegionInformationEx|MemoryEnclaveImageInformation|MemoryBasicInformationCapped]
- NtQueryObject [ObjectNameInformation]
- NtQueryInformationFile [FileNameInformation|FileAllInformation]
- NtQuerySection [SectionOriginalBaseInformation]
LICENSE
SbieHide is licensed under the MIT License. Dependencies are under their respective licenses.