It has been more than six months since I wrote the first blog post about RustRAT. During these months, the closest I have come to actually doing something has been to build myself a new computer with many cores in order to compile code faster or something like that. However, rather than develop RustRAT I have been busy playing all the games I have been unable to play the last ten years due to lack of a computer able to play recent games.
It is about time for me to actually attempt to create RustRAT. The plans are mostly unchanged since the last blog post, but I have made one significant change. I initially planned to use lua, however after attempting to write a few simple scripts to call Win32 API functions, I have decided to not use lua. It was possible to do what I wanted but I did not find any elegant solutions to manipulating structs and playing with pointers from the lua scripts. A more elegant solution could probably be achieved by using the FFI library of LuaJIT, however I still intend to avoid JITing if possible.
Therefore, I have decided to replace lua with WebAssembly. That should allow me to write code in more or less any language I want and compile it down to WebAssembly for execution. One opportunity I am excited about is being able to write functionality in Rust and then either include the functionality directly in the executable, or send it over as WebAssembly at a later point. Whether that is feasible and something I want to do remains to be seen.
There are several WebAssembly runtimes, but most of them plays around with executable memory for either AOT or JIT approaches, while I want an interpreter. My choice for WebAssembly runtime therefore is wasm3. Wasm3 has a wrapper for use in Rust, however I will start by writing the code interacting with wasm3 in C as I had some difficulties using the Rust wrapper initially. In the future, I hope to move as much code as possible to Rust, but for now I will write tricky/unsafe code in C.
That is it for this time. Hopefully my next post, on calling Win32 API functions from WebAssembly, will arrive before another six months have passed.