Windows Malware Development Playground — for Research & Education
⚙️ Rust-based Malware Development & Windows Internals Playground
maldev-rust is a collection of Windows malware development experiments written in safe & unsafe Rust.
| 🔖 Topic | 🎯 Goal | 🔑 Key APIs |
|---|---|---|
| 🦀 Rust FFI & Unsafe | Call MessageBoxW from Rust. |
MessageBoxW, w! macro |
| 🧪 Shell Code Injection | Executing shellcode generated by msfvenom. | VirtualAlloc, CreateThread |
| 🧪 Shell Code Injection 2 | Executing shellcode generated by msfvenom. | VirtualAlloc, CreateThread |
| 🧪 Shell Code Injection 3 | Executing shellcode generated by cobalt strike. NO WINDOW, NO GUI | VirtualAlloc, CreateThread |
| ⚙️ Process Enumeration | List all PIDs + names. | EnumProcesses, QueryFullProcessImageNameW. |
| 🔄 Process Hollowing | Spawn a legitimate process (notepad.exe) suspended → replace its memory with raw shellcode → resume → payload runs disguised as notepad.exe |
CreateProcessW + CREATE_SUSPENDED, VirtualAllocEx, WriteProcessMemory, GetThreadContext / SetThreadContext, ResumeThread |
| 🕶️ Stealth Process Spawning | Launch hidden calc.exe. |
CreateProcessW, CREATE_NO_WINDOW |
| 🧠🛠️ Memory Manipulation | Remote memory allocation. | VirtualAllocEx, WriteProcessMemory, CreateRemoteThread, ReadProcessMemory |
| 👻💻 In-Memory Stager | Silently download & execute a stageless beacon from a remote URL with zero GUI, zero console, zero disk artifacts. | reqwest::blocking::get → VirtualAlloc → copy_nonoverlapping → CreateThread → WaitForSingleObject(INFINITE) → CloseHandle + VirtualFree |
| 🌀 APC Injection | Shellcode runs inside the process using only one APC, no new thread created | VirtualAllocEx, QueueUserAPC |
| 🌀 Shellcode Encryption XOR | Shellcode encrypted with xor and ran in the memory | VirtualAlloc, MEM_COMMIT MEM_RESERVE, PAGE_EXECUTE_READWRITE, std::ptr::copy_nonoverlapping, std::slice::from_raw_parts_mut, XOR decryption, std::mem::transmute, extern "system" |
| 🧨 DLL Injection | Dll injection | DllMain, LoadLibraryA, LoadLibraryW, GetProcAddress, MessageBoxA, VirtualAlloc, VirtualAllocEx, VirtualProtect, VirtualProtectEx, WriteProcessMemory, CreateThread, CreateRemoteThread, NtAllocateVirtualMemory, NtWriteVirtualMemory, NtCreateThreadEx, OpenProcess, CloseHandle |