Today, I'm excited to dive into Beacon Object Files (BOFs) and the COFF loaders that bring them to life. I'll peel back the layers of the COFF file specification, and walk you through a process of building a custom COFF loader from scratch, written entirely in pure Rust, specifically for Windows ARM. Much like my previous technical deep-dives, this article will thoroughly explore the low-level details and unique specifications for both Windows and ARM architectures. By the end of this guide, you'll not only understand what BOF files are and how they're executed but also how to implement both a BOF-like format and its corresponding loader in Rust. ...more

In this blog post, I will explore Windows API hooking on Windows 11 ARM using Rust. I'll present two distinct API hooking methods and delve into the specific challenges of implementing hooks on ARM-based Windows systems. Furthermore, I will provide a concise overview of the ARM64 architecture specifications that are essential for implementing API hooking in this environment. ...more

Today, I will explore the potential of executing user-defined code before the main function in Rust. This can be accomplished using Thread-Local Storage (TLS) callbacks or by leveraging C Runtime (CRT) behavior. I will walk through the implementation of TLS callbacks in Rust and delve into the details of the CRT, demonstrating how to use it to run custom code. ...more