0

flying-sandbox-monster

Sandboxed, Rust-based, Windows Defender Client

官方网站
Github 资源库
主要指标

Github星跟踪图

Flying Sandbox Monster

A proof-of-concept application that sandboxes the Malware Protection engine in an AppContainer on Windows, written in Rust. Flying Sandbox Monster only supports 32-bit builds at this time. Note: there is some trickery performed to make things work since this is a proof-of-concept that interfaces with an undocumented DLL.

WannaCry Detection Demo

Development Setup

  1. Clone this repo: git clone https://github.com/trailofbits/flying-sandbox-monster
  2. Add a new target: rustup target add i686-pc-windows-msvc
  3. Build: cargo build --target i686-pc-windows-msvc
  4. Run the unit tests: cargo test --target i686-pc-windows-msvc

Manual Dependencies

Flying Sandbox Monster requires dependencies that cannot be automatically included.

  • Download mpam-fe.exe (the 32-bit antimalware update file) to the support\ directory
  • Extract mpam-fe.exe in support\ using cabextract or 7Zip.
  • Once complete, check that support\mpengine.dll exists, among other files.

FAQ

cargo build complains that msvc targets depend on msvc linker but "link.exe" was not found

You need to install the Visual C++ 2015 Build Tools or newer.

主要指标

概览
名称与所有者trailofbits/flying-sandbox-monster
主编程语言Rust
编程语言Batchfile (语言数: 3)
平台
许可证MIT License
所有者活动
创建于2017-06-20 19:05:36
推送于2017-08-01 23:36:14
最后一次提交2017-08-01 19:36:13
发布数0
用户参与
星数180
关注者数53
派生数27
提交数18
已启用问题?
问题数0
打开的问题数0
拉请求数0
打开的拉请求数0
关闭的拉请求数0
项目设置
已启用Wiki?
已存档?
是复刻?
已锁定?
是镜像?
是私有?