|
| 1 | +/* |
| 2 | +Malware Basics: Allocating at Windows Memory via Rust Functions and Windows API'S ! |
| 3 | +
|
| 4 | +For more codes: https://github.com/Whitecat18/Rust-for-Malware-Development.git |
| 5 | +By: @5mukx |
| 6 | +
|
| 7 | +*/ |
| 8 | + |
| 9 | +// MANUAL MEMORY ALLOCATION WITHOUT [winapi] aka WINDOWS API. |
| 10 | + |
| 11 | +/* |
| 12 | +
|
| 13 | +use std::alloc::{alloc, dealloc, Layout}; |
| 14 | +use std::ptr; |
| 15 | +use std::ffi::CString; |
| 16 | +
|
| 17 | +use std::ptr::copy_nonoverlapping; |
| 18 | +
|
| 19 | +fn main(){ |
| 20 | + let size = 100; |
| 21 | +
|
| 22 | + let layout = Layout::from_size_align(size, std::mem::align_of::<u8>()).unwrap(); |
| 23 | + |
| 24 | + // Allocate memory with global Allocator |
| 25 | + let p_addr = unsafe { alloc(layout)}; |
| 26 | +
|
| 27 | + unsafe{ |
| 28 | + if p_addr.is_null(){ |
| 29 | + // filling the allocated memory with 0 . |
| 30 | + ptr::write_bytes(p_addr, 0, size); |
| 31 | + // Using CString, An C-compatible, nul-terminated string with no nul bytes in the middle. |
| 32 | +
|
| 33 | + let string = CString::new("Maldev hits diffrerent").expect("Error while creating cstring"); |
| 34 | + |
| 35 | + // copy_nonoverlapping is semantically equivalent to C's memcpy but with the argument order swapped |
| 36 | + copy_nonoverlapping(string.as_ptr(), p_addr as *mut i8, string.as_bytes().len()); |
| 37 | +
|
| 38 | + let content = std::slice::from_raw_parts(p_addr, string.as_bytes().len()); |
| 39 | +
|
| 40 | + println!("[+] Memory Content: {:?}",content); |
| 41 | + |
| 42 | + println!("[+] Deallocating Mem contnet"); |
| 43 | + dealloc(p_addr, layout); |
| 44 | + } else { |
| 45 | + println!("[-] Failed to allocate memory"); |
| 46 | + } |
| 47 | + } |
| 48 | +} |
| 49 | +
|
| 50 | +*/ |
| 51 | + |
| 52 | +// MEMORY ALLOCATION USING [winapi] |
| 53 | + |
| 54 | +/* |
| 55 | +Make sure you have include these dependencies on Cargo.toml file ! |
| 56 | +
|
| 57 | +[dependencies] |
| 58 | +winapi = { version = "0.3", features = ["minwindef", "winbase"] } |
| 59 | +*/ |
| 60 | + |
| 61 | + |
| 62 | + |
| 63 | +use winapi::um::heapapi::{GetProcessHeap, HeapAlloc, HeapFree}; |
| 64 | +use std::slice::from_raw_parts; |
| 65 | +fn main(){ |
| 66 | + unsafe{ |
| 67 | + let heap = GetProcessHeap(); |
| 68 | + if heap.is_null(){ |
| 69 | + println!("[-] Failed to get process heap"); |
| 70 | + return |
| 71 | + } |
| 72 | + |
| 73 | + // https://learn.microsoft.com/en-us/windows/win32/api/heapapi/nf-heapapi-heapalloc |
| 74 | + // 0x00000008 -> /. similar to winnt::HEAP_ZERO_MEMORY; |
| 75 | + let p_address = HeapAlloc(heap, 0x00000008, 100); |
| 76 | + |
| 77 | + if p_address.is_null(){ |
| 78 | + println!("[-] Failed to allocate memory on the heap"); |
| 79 | + return |
| 80 | + } |
| 81 | + |
| 82 | + println!("[+] Base Address of Allocated memory: {:#?}",p_address); |
| 83 | + |
| 84 | + let string = "Maldev hits different".as_ptr() as *const u8; |
| 85 | + |
| 86 | + |
| 87 | + std::ptr::copy_nonoverlapping(string , p_address as *mut u8, 100); |
| 88 | + |
| 89 | + let content = from_raw_parts(p_address as *const u8, 100); |
| 90 | + |
| 91 | + println!("[+] Memory content: {:?}", content); |
| 92 | + |
| 93 | + |
| 94 | + HeapFree(heap, 0, p_address); |
| 95 | + |
| 96 | + println!("[+] Freed Allocated memory !"); |
| 97 | + } |
| 98 | +} |
0 commit comments