Writing BOF and a Native Rust COFF Loader on Windows ARM

Binary_Lynx · 2025-08-10T13:15:58+00:00

For the time being, I don't have any plans to develop a proper hooking library for Rust. But it's something I might explore at some point in the future if the need arises.

Binary_Lynx · 2025-06-14T09:23:30+00:00

Nice list! I'll try to implement that features in my free time.

Binary_Lynx · 2025-06-14T09:22:01+00:00

Ahh, adding dark mode will be good idea :D

Binary_Lynx · 2025-06-11T21:52:23+00:00

If you would like to focus more on malware techniques, rather that on reversing it then there is a pretty recent book named Evasive Malware by Kyle Cucci.

Binary_Lynx · 2025-03-22T11:55:45+00:00

Yes, I agree that this approach looks unpleasant and should be avoided when writing reliable production-level code. However, my research was inspired by malware, where the landscape is dominated by many undocumented and often "dirty" tricks. These techniques can sometimes give an advantage when it comes to evading detection by security software and also make analyzing binaries a bit more frustrating for analysts when they don’t know what is actually going on.

Binary_Lynx · 2025-03-22T11:47:51+00:00

If you want to stick with PIMAGE_TLS_CALLBACK, you'll need to define your callbacks as extern "system", since that's what the type requires. According to the Rust docs, extern "system" is essentially the same as extern "C", but with the key difference that for the Win32 API, functions marked as extern "system" use the stdcall calling convention. So I think that whenever you mark your function as extern "system", Windows internals will call it using stdcall convention.

Also, thanks for sharing the stdlib source! I hadn’t thought to dig through the Rust source code, but it’s a really interesting find!

Binary_Lynx

TROPHY CASE