Simonewindows7*64位系统如何用沙盘
的有关信息介绍如下:
驱动程序签名
在Windows Vista x64中,微软为驱动程序引入了强制代码签名。由于Sandboxie依赖驱动程序组件来确保软件隔离,因此在不损害系统完整性的情况下,无法将其加载到Windows Vista x64中。
获取代码签名本身并不是一项不可逾越的任务。然而,下一个原因将说明为什么这在此时毫无意义。
内核补丁保护(PatchGuard)
在64位版本的Windows平台中,微软已经扩展了操作系统的核心,内核,这样它就可以例行地执行自我检查来检测任何篡改。这种增强被正式称为内核补丁保护(Kernel Patch Protection),通常被称为PatchGuard。
Windows内核不支持Sandboxie提供的软件隔离,因此Sandboxie必须对内核进行一些更改才能实现隔离功能。这被PatchGuard检测为篡改,因此系统在Sandboxie安装后很快就会崩溃。
PatchGuard API
windowsvistaservicepack1中引入的新“patchguardapi”不足以替代内核编程中失去的灵活性。这些api不允许Sandboxie在64位Windows Vista上保证隔离。
Sandboxie需要能够监视沙盒中的程序发出的请求,以便与沙盒外的程序或服务进行通信,并在这些请求不适当时丢弃它们。请参阅下面的部分,以获取一些示例,说明这与Sandboxie的关系。
Windows,32位或64位,没有提供官方的Windows内核接口来监视这种访问。然而,在32位Windows上,Sandboxie可以动态地将自己(在内存中,而不是在磁盘上)注入Windows内核,并在将一个程序连接到另一个程序的过程中站稳脚跟。在64位Windows中,此注入被认为是恶意的,并导致PatchGuard使系统崩溃。然而,没有官方接口来补充内核编程中失去的灵活性。
因此,在64位窗口中,Sandboxie只能“推荐”一个程序不出沙箱,但不能强制执行此操作。恶意程序只要忽略这些建议就可以轻松绕过Sandboxie。我决定取消对64位版本的Sandboxie的支持,而不是发布只能提供错误安全感的64位版本的Sandboxie。
摘要:32位版本的Sandboxie既能提供软件隔离,又能保证软件隔离。64位版本可以提供但不能保证相同的隔离。因此,一个64位版本的Sandboxie根本不提供。
兄弟,不要听一楼的胡扯 他就是答非所问
沙盘是无法支持64位系统的,原因官方说的已经很明白
Driver Signing
With Windows Vista x64, Microsoft has introduced mandatory code signing for drivers. Since Sandboxie relies on a driver component to ensure software isolation, it cannot be loaded into Windows Vista x64 without compromising the integrity of the system.
Acquiring the code signature is not in itself an insurmountable task. However, the next reason will show why this is pointless at this time.
Kernel Patch Protection (PatchGuard)
In 64-bit editions of the Windows platform, Microsoft has extended the core of the operating system, the kernel, in such a way that it routinely performs self-checks to detect any tampering. This enhancement is officially called Kernel Patch Protection and commonly referred to as PatchGuard.
The software isolation provided by Sandboxie is not supported by the Windows kernel, so Sandboxie must make some changes to the kernel to implement the isolation features. This is detected by PatchGuard as tampering, and so the system crashes soon after Sandboxie is installed.
PatchGuard APIs
New "PatchGuard APIs" introduced with Windows Vista Service Pack 1 are not an adequate replacement for the lost flexibility in kernel programming. These APIs do not allow Sandboxie to guarantee isolation on 64-bit Windows Vista.
Sandboxie needs to be able to monitor requests issued by a program in the sandbox to communicate with a program or service outside the sandbox, and discard these requests where they are inappropriate. Please see the section below for some examples that show how this relates to Sandboxie.
Windows, 32-bit or 64-bit, offers no official Windows kernel interfaces to monitor such accesses. However, on 32-bit Windows, Sandboxie can dynamically inject itself (in memory, not on disk) into the Windows kernel, and get a foothold in the procedure that connects one program to another. In 64-bit Windows, this injection is considered malicious and causes PatchGuard to crash the system. And yet, there are no official interfaces to supplement the lost flexibility in kernel programming.
Thus in 64-bit Windows, Sandboxie can only "recommend" a program to not go out of the sandbox, but cannot mandate this. A malicious program could easily circumvent Sandboxie by simply ignoring these recommendations. Rather than release a 64-bit version of Sandboxie that can only offer a false sense of security, I have decided to cancel support for 64-bit editions of Sandboxie.
Summary: The 32-bit edition of Sandboxie can both provide and guarantee software isolation. A 64-bit edition can provide, but cannot guarantee, the same isolation. For this reason, a 64-bit edition of Sandboxie is not offered at all.
以上是官方的说明,当然沙盘可以在64位win7的兼容32位xp虚拟机下运行~
如果英语还可以的话 应该很容易看懂~
祝你好运
