A proof-of-concept application that sandboxes the Malware Protection engine in an AppContainer on Windows, written in Rust. Flying Sandbox Monster only supports 32-bit builds at this time. Note: there is some trickery performed to make things work since this is a proof-of-concept that interfaces with an undocumented DLL.
- Clone this repo:
git clone https://github.com/trailofbits/flying-sandbox-monster - Add a new target:
rustup target add i686-pc-windows-msvc - Build:
cargo build --target i686-pc-windows-msvc - Run the unit tests:
cargo test --target i686-pc-windows-msvc
Flying Sandbox Monster requires dependencies that cannot be automatically included.
- Download
mpam-fe.exe(the 32-bit antimalware update file) to thesupport\directory - Extract
mpam-fe.exeinsupport\usingcabextractor 7Zip. - Once complete, check that
support\mpengine.dllexists, among other files.
You need to install the Visual C++ 2015 Build Tools or newer.