0

flying-sandbox-monster

Sandboxed, Rust-based, Windows Defender Client

官方網站
Github 資源庫
主要指標

Github星跟蹤圖

Flying Sandbox Monster

A proof-of-concept application that sandboxes the Malware Protection engine in an AppContainer on Windows, written in Rust. Flying Sandbox Monster only supports 32-bit builds at this time. Note: there is some trickery performed to make things work since this is a proof-of-concept that interfaces with an undocumented DLL.

WannaCry Detection Demo

Development Setup

  1. Clone this repo: git clone https://github.com/trailofbits/flying-sandbox-monster
  2. Add a new target: rustup target add i686-pc-windows-msvc
  3. Build: cargo build --target i686-pc-windows-msvc
  4. Run the unit tests: cargo test --target i686-pc-windows-msvc

Manual Dependencies

Flying Sandbox Monster requires dependencies that cannot be automatically included.

  • Download mpam-fe.exe (the 32-bit antimalware update file) to the support\ directory
  • Extract mpam-fe.exe in support\ using cabextract or 7Zip.
  • Once complete, check that support\mpengine.dll exists, among other files.

FAQ

cargo build complains that msvc targets depend on msvc linker but "link.exe" was not found

You need to install the Visual C++ 2015 Build Tools or newer.

主要指標

概覽
名稱與所有者trailofbits/flying-sandbox-monster
主編程語言Rust
編程語言Batchfile (語言數: 3)
平台
許可證MIT License
所有者活动
創建於2017-06-20 19:05:36
推送於2017-08-01 23:36:14
最后一次提交2017-08-01 19:36:13
發布數0
用户参与
星數180
關注者數53
派生數27
提交數18
已啟用問題?
問題數0
打開的問題數0
拉請求數0
打開的拉請求數0
關閉的拉請求數0
项目设置
已啟用Wiki?
已存檔?
是復刻?
已鎖定?
是鏡像?
是私有?