Flying Sandbox Monster
A proof-of-concept application that sandboxes the Malware Protection engine in an AppContainer on Windows, written in Rust. Flying Sandbox Monster only supports 32-bit builds at this time. Note: there is some trickery performed to make things work since this is a proof-of-concept that interfaces with an undocumented DLL.
- Clone this repo:
git clone https://github.com/trailofbits/flying-sandbox-monster
- Add a new target:
rustup target add i686-pc-windows-msvc
cargo build --target i686-pc-windows-msvc
- Run the unit tests:
cargo test --target i686-pc-windows-msvc
Flying Sandbox Monster requires dependencies that cannot be automatically included.
mpam-fe.exe(the 32-bit antimalware update file) to the
- Once complete, check that
support\mpengine.dllexists, among other files.
cargo build complains that
msvc targets depend on msvc linker but "link.exe" was not found
You need to install the Visual C++ 2015 Build Tools or newer.