Malware Journey Day 31

If you have seen the news, Microsoft is moving to Rust. I decided for this blog to take a break from malware focus onto learning Rust since eventually Ill be debugging APIs written in this language. Since I have 0 experiance from rust, its time to go over the docs. This blog is going to be very short due to there being nothing of value to add from my rust learning.

For the rest of this blog I am going to cut this very short.

Really what I am going to do first is go to a dll for MessageBoxA. Below is a quick. Now typically I would then use LoadLibraryA and GetProcAddress to get this dll to load and run. But what if I want to hijack this dll…

#include "pch.h"
#define EXTERN_DLL_EXPORT extern "C" __declspec(dllexport)
EXTERN_DLL_EXPORT void main() {
    MessageBoxA(NULL, "HIII", "HELLO", MB_OK);
}
BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                     )
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

cargo init

Time to go into Rust. The above is a package manager. The rest wont be blogged since its going to be all basic understanding of what rust is.