Sandboxed, Rust-based, Windows Defender Client
Rust Other
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
src Clean up a bit Jun 29, 2017
support remove a step Aug 1, 2017
unittest_support Initial import Jun 20, 2017
.gitignore Initial import Jun 20, 2017
Cargo.toml Changing name Jul 20, 2017
LICENSE Create LICENSE Aug 1, 2017
README.md Update README.md Aug 1, 2017
build.bat Initial import Jun 20, 2017
demo.gif Changing name Jul 20, 2017

README.md

Flying Sandbox Monster

A proof-of-concept application that sandboxes the Malware Protection engine in an AppContainer on Windows, written in Rust. Flying Sandbox Monster only supports 32-bit builds at this time. Note: there is some trickery performed to make things work since this is a proof-of-concept that interfaces with an undocumented DLL.

WannaCry Detection Demo

Development Setup

  1. Clone this repo: git clone https://github.com/trailofbits/flying-sandbox-monster
  2. Add a new target: rustup target add i686-pc-windows-msvc
  3. Build: cargo build --target i686-pc-windows-msvc
  4. Run the unit tests: cargo test --target i686-pc-windows-msvc

Manual Dependencies

Flying Sandbox Monster requires dependencies that cannot be automatically included.

  • Download mpam-fe.exe (the 32-bit antimalware update file) to the support\ directory
  • Extract mpam-fe.exe in support\ using cabextract or 7Zip.
  • Once complete, check that support\mpengine.dll exists, among other files.

FAQ

cargo build complains that msvc targets depend on msvc linker but "link.exe" was not found

You need to install the Visual C++ 2015 Build Tools or newer.