windowsprocessregistrysandboxregistry-virtualization

How to create a 'sandbox' with a virtualised registry for an application?


We have a 3rd party native application (written in C I believe) which we want to run multiple instances of on a machine.

however the application reads and writes from one particular registry key in order to find the location of a config file. It reads this location continuously during its running. The registry key is in HKLM. this means that if we try and run 2 different instances of the app with 2 different locations for the config file the processes tread on each others toes.

Is it possible to 'virtualise' the registry (or run each process in a sandbox) that the processes are using so that they can both think they are writing to a single location, but actually they are writing and reading from somewhere different and they won't step on each others toes?


Solution

  • There are several options to virtualize a program:
    https://en.wikipedia.org/wiki/Portable_application_creators

    Creating your own virtualization software is much more complicated and would require an entire coarse on programming and hooking library calls using the windows SDK.

    However an easier option that doesn't require setting up and running additional software for each copy of the program I suggest creating multiple copies of the program and hex editing each executable.

    Make as many copies of the application as you need to run, then open the application file in a hex editor and search for the name of the registry key, ie:
    HKLM\System\CurrentControlSet\Control\Session Manager

    Then change the last byte to a digit for each different version (1 byte, 0-9) ie:
    HKLM\System\CurrentControlSet\Control\Session Manage1
    HKLM\System\CurrentControlSet\Control\Session Manage2
    HKLM\System\CurrentControlSet\Control\Session Manage3

    For more than 10 differences (2 bytes, 00-99) use the last two bytes:
    HKLM\System\CurrentControlSet\Control\Session Manag01
    HKLM\System\CurrentControlSet\Control\Session Manag02
    HKLM\System\CurrentControlSet\Control\Session Manag03