tags:

views:

167

answers:

3
+7  Q: 

How is application virtualization implemented?

I am trying to understand how software like App-V and sandboxie (http://www.sandboxie.com/) work. But for the life of me, I can't think of anything that could make this possible. How do they intercept API calls and trick the target software? If someone would say that it's just magic and pixie dust, I would believe them. Seriously though, are there any white papers that discuss solutions to this problem?

If this is possible on the CLR level then that would be good but I'm willing to go native if I have to.

+2  A: 

Sandboxie does it by essentially injecting code into core Windows API, the same way a virus would (which is why Vista x64 prevents this behaviour, and why Sandboxie doesn't work on that OS).

Here is a project explaining API hooking. I learned how all this work by studying the sourcecode for Metamod:Source (used for SourceMod for CounterStrike:Source :) )

BlueRaja - Danny Pflughoeft  2010-04-23 14:52:59
Cool! Will look into that. Am I correct in assuming that API hooking is not allowed in 64-bit versions of Windows Vista and 7? Thanks!
noob_lurker  2010-04-23 15:11:25
Same term for two different things; you can "hook" insofar as you can have your code called when a specific event happens ("debugging" or "runtime" hooking - only works with the events the OS allows you to hook). You cannot, however, overwrite the dlls which implement the specifics of the actual event, which is what sandboxie needs. See [here](http://en.wikipedia.org/wiki/Hooking)
BlueRaja - Danny Pflughoeft  2010-04-23 15:16:35
A: 

I don't know how MS did it, but here is the basic theory of one way to do it ...

What you want to do is hook into the system calls (similar to chaining into interrupt).

  1. System call occurs.
  2. Your custom intercept gets executed.
  3. If this syscall does not need special processing, continue on. Otherwise it needs special processing and go to step 4.
  4. Get the stack pointer, instruction pointer and all that jazz from the stack, and build a new stack frame to send you back to your custom code in user-land.
  5. Do your massaging of data and paths and stuff in user land. This way if the underlying OS changes, this code does not have to be updated [as frequently].
  6. After all the data massaging, execute the system call again.
  7. Your custom interrupt executes again, but it should detect that you are calling from your user-land helper layer and pass the call on through. Some stack frame manipulation may be required to set up proper return addresses.
  8. Regular system call executes.
  9. When the system call returns, the stack frame should should send you back to your regular program flow.

Hope this helps.

Sparky  2010-04-23 16:47:49
A: 

Check out the Wikipedia page on X86 Virtualization which discusses both software virtualization (early VMWare, Wine, Sandboxie and to an extent App-V) and the more modern hardware virtualization (Hyper-V, VMWare, others).

I'm assuming you're looking specifically for software virtualization as by using .NET (or any CLR) you're already abstracting yourself away from the CPU architecture to an extent, especially with the 'AnyCPU' target.

sascha  2010-04-27 06:34:14

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?