Option Explicit
'NTDLL
Private Declare Function RtlGetCurrentPeb Lib "NTDLL" () As Long
'MSVBVM60
Private Declare Sub GetMem4 Lib "MSVBVM60" (ByVal Addr As Long, ByRef RetVal As Long)
'---------------------------------------------------------------------------------------
' Procedure : AmISandboxied
' Author : Karcrack
' Date : 13/03/2011
' Purpose : Know if we are running under Sandboxie
'---------------------------------------------------------------------------------------
'
Public Function AmISandboxied() As Boolean
Dim lUPP As Long '&RTL_USER_PROCESS_PARAMETERS
Dim lFlags As Long 'RTL_USER_PROCESS_PARAMETERS.Flags
Call GetMem4(RtlGetCurrentPeb() + &H10, lUPP)
Call GetMem4(lUPP + &H8, lFlags)
AmISandboxied = (lFlags <> 1)
End Function
Habitualmente PEB.RTL_USER_PROCESS_PARAMETERS.Flags vale 1, pero cuando estas siendo ejecutado dentro de Sandboxie tiene un valor distinto :)