0

flying-sandbox-monster

Sandboxed, Rust-based, Windows Defender Client

Official Site
Github repo
Main metrics

Github stars Tracking Chart

Flying Sandbox Monster

A proof-of-concept application that sandboxes the Malware Protection engine in an AppContainer on Windows, written in Rust. Flying Sandbox Monster only supports 32-bit builds at this time. Note: there is some trickery performed to make things work since this is a proof-of-concept that interfaces with an undocumented DLL.

WannaCry Detection Demo

Development Setup

  1. Clone this repo: git clone https://github.com/trailofbits/flying-sandbox-monster
  2. Add a new target: rustup target add i686-pc-windows-msvc
  3. Build: cargo build --target i686-pc-windows-msvc
  4. Run the unit tests: cargo test --target i686-pc-windows-msvc

Manual Dependencies

Flying Sandbox Monster requires dependencies that cannot be automatically included.

  • Download mpam-fe.exe (the 32-bit antimalware update file) to the support\ directory
  • Extract mpam-fe.exe in support\ using cabextract or 7Zip.
  • Once complete, check that support\mpengine.dll exists, among other files.

FAQ

cargo build complains that msvc targets depend on msvc linker but "link.exe" was not found

You need to install the Visual C++ 2015 Build Tools or newer.

Main metrics

Overview
Name With Ownertrailofbits/flying-sandbox-monster
Primary LanguageRust
Program languageBatchfile (Language Count: 3)
Platform
License:MIT License
所有者活动
Created At2017-06-20 19:05:36
Pushed At2017-08-01 23:36:14
Last Commit At2017-08-01 19:36:13
Release Count0
用户参与
Stargazers Count180
Watchers Count53
Fork Count27
Commits Count18
Has Issues Enabled
Issues Count0
Issue Open Count0
Pull Requests Count0
Pull Requests Open Count0
Pull Requests Close Count0
项目设置
Has Wiki Enabled
Is Archived
Is Fork
Is Locked
Is Mirror
Is Private