Merge pull request #163 from frack113/version-1-2

frack113 · web-flow · commit 067ffc6e6f86 · 2026-01-25T14:56:15.000+01:00
Version 1.2.0
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -22,14 +22,16 @@ jobs:
       - name: Install git-cliff
         uses: taiki-e/install-action@git-cliff
       - name: Generate changelog
-        run: git-cliff -o
+        run: git-cliff --latest -o
       - name: Release project
         uses: softprops/action-gh-release@v2
         with:
           body_path: CHANGELOG.md
   crates-io:
     name: Publish to crates.io
     runs-on: windows-latest
+    env:
+      CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN  }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v6
@@ -40,5 +42,4 @@ jobs:
       - name: Publish the crate
         run: |-
           cargo publish `
-            --token ${{ secrets.CARGO_REGISTRY_TOKEN }} `
             --all-features
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -4,7 +4,7 @@
 
 [package]
 name = "malware-traces-generator"
-version = "1.1.0"
+version = "1.2.0"
 edition = "2024"
 rust-version = "1.85.0"
 description = "Generate malware traces for detection tests"
@@ -30,6 +30,7 @@ windows = { version = "0.62.2", features = [
   "Win32_System_Services",
   "Win32_System_Diagnostics_ToolHelp",
   "Win32_System_Threading",
+  "Win32_System_LibraryLoader",
 ] }
 
 clap = { version = "4.5.54", features = ["derive"] }
diff --git a/cliff.toml b/cliff.toml
@@ -55,11 +55,11 @@ postprocessors = [
 
 [git]
 conventional_commits = true
-filter_unconventional = true
+filter_unconventional = false
 split_commits = false
 commit_preprocessors = [
   { pattern = '\((\w+\s)?#([0-9]+)\)', replace = "([#${2}](<REPO>/issues/${2}))" },
-  { pattern = '.*', replace_command = 'typos --write-changes -' },
+  { pattern = '.*', replace_command = 'typos --write-changes - || cat' },
 ]
 commit_parsers = [
   { message = "^feat", group = "<!-- 0 -->✨ Features" },
diff --git a/docs/generation-file.md b/docs/generation-file.md
@@ -132,7 +132,8 @@ name = "frack113"
 
 ##### :email: Email
 
-This field is optional. Use it when you want to provide an email address for an author.
+This field is optional. Use it when you want to provide an email address for an
+author.
 
 ```toml
 [[metadata.authors]]
diff --git a/docs/installation.md b/docs/installation.md
@@ -4,6 +4,8 @@ SPDX-FileCopyrightText: 2023 The MalwareTracesGenerator development team
 SPDX-License-Identifier: GPL-3.0-or-later
 -->
 
+<!-- markdownlint-disable code-block-style -->
+
 Before we get into how to use it, we first need to install our tool. There are a
 few ways to do that.
 
diff --git a/docs/traces/drivers/byovd.md b/docs/traces/drivers/byovd.md
@@ -20,7 +20,7 @@ using vulnerable legitimate drivers to hide or even remove security control syst
 
 <!-- markdownlint-disable line-length -->
 ```sh
-mtg traces drivers byovd C:/temp/a360ec883ef5383157080b2e185802ef.bin SeasunProtect loldrivers
+mtg traces drivers byovd C:\\temp\\a360ec883ef5383157080b2e185802ef.bin SeasunProtect loldrivers
 ```
 <!-- markdownlint-enable line-length -->
 
diff --git a/docs/traces/files/browser.md b/docs/traces/files/browser.md
@@ -6,7 +6,8 @@ SPDX-License-Identifier: GPL-3.0-or-later
 
 # :globe_with_meridians: Browser Info-Stealer
 
-Browser info-stealer traces simulate the behavior of malware that targets browser data to steal sensitive information, such as saved passwords and cookies.
+Browser info-stealer traces simulate the behavior of malware that targets
+browser data to steal sensitive information, such as saved passwords and cookies.
 
 ## :link: Technical links
 
diff --git a/docs/traces/index.md b/docs/traces/index.md
@@ -27,6 +27,7 @@ Let's start with what a trace is:
 - [Spoofing a parent process identifier][ppid spoofing]
 - [Browser info-stealer][browser]
 - [Loading a vulnerable driver][byovd]
+- [Load a vulnerable dll][dll]
 
 Now, let's look at what it isn't:
 
@@ -40,3 +41,4 @@ Now, let's look at what it isn't:
 [ppid spoofing]: ./processes/spoofing.md
 [browser]: ./files/browser.md
 [byovd]: ./drivers/byovd.md
+[dll]: ./memory/dll.md
diff --git a/docs/traces/memory/dll.md b/docs/traces/memory/dll.md
@@ -0,0 +1,32 @@
+<!--
+SPDX-FileCopyrightText: 2023 The MalwareTracesGenerator development team
+
+SPDX-License-Identifier: GPL-3.0-or-later
+-->
+
+# :globe_with_meridians: Dll loader
+
+Dll loader traces simulate the behavior of malware that use DLL Sideloading.
+
+## :link: Technical links
+
+- [Hijack Execution Flow: DLL](https://attack.mitre.org/techniques/T1574/001/)
+
+## :teacher: Usage
+
+### :keyboard: CLI
+
+<!-- markdownlint-disable line-length -->
+```sh
+mtg traces memory dll-loader C:\\rust\\wininet.dll
+```
+<!-- markdownlint-enable line-length -->
+
+### :page_facing_up: File configuration
+
+```toml
+[[traces]]
+[traces.dll_loader]
+path = "C:\\rust\\wininet.dll"
+description = "Simulate side loading of wininet.dll "
+```
diff --git a/docs/traces/processes/spoofing.md b/docs/traces/processes/spoofing.md
@@ -21,14 +21,14 @@ process relationships.
 ### :keyboard: CLI
 
 ```sh
-mtg traces processes spoofing C:/windows/notepad.exe RuntimeBroker.exe
+mtg traces processes spoofing C:\\windows\\notepad.exe RuntimeBroker.exe
 ```
 
 ### :page_facing_up: File configuration
 
 ```toml
 [[traces]]
 [traces.spoofing]
-executable= "C:/windows/notepad.exe"
+executable= "C:\\windows\\notepad.exe"
 parent_executable= "RuntimeBroker.exe"
 ```
diff --git a/media/mtg.ico b/media/mtg.ico
diff --git a/mkdocs.yaml b/mkdocs.yaml
@@ -39,6 +39,8 @@ nav:
               - BYOVD: ./traces/drivers/byovd.md
           - Files:
               - Browser: ./traces/files/browser.md
+          - Memory:
+              - Dll: ./traces/memory/dll.md
           - Processes:
               - Spoofing: ./traces/processes/spoofing.md
       - Generation file: ./generation-file.md
diff --git a/mtg-manifest.rc b/mtg-manifest.rc
@@ -19,8 +19,8 @@ FILESUBTYPE 0
 BEGIN
     BLOCK "StringFileInfo" {
         BLOCK "040904B0" {
-            VALUE "FileVersion", "1.0.0"
-            VALUE "ProductVersion", "1.0.0"
+            VALUE "FileVersion", "1.2.0"
+            VALUE "ProductVersion", "1.2.0"
             VALUE "OriginalFilename", "mtg.exe"
             VALUE "InternalName", "MalwareTracesGenerator"
             VALUE "FileDescription", "Generate malware traces for detection tests"
diff --git a/src/commands/traces.rs b/src/commands/traces.rs
@@ -4,13 +4,14 @@
 
 use crate::commands::{
     Runnable,
-    traces::{drivers::Drivers, files::Files, processes::Processes},
+    traces::{drivers::Drivers, files::Files, memory::Memory, processes::Processes},
 };
 use clap::{Args, Subcommand};
 use serde::Deserialize;
 
 mod drivers;
 mod files;
+mod memory;
 mod processes;
 
 #[derive(Args, Deserialize)]
@@ -24,6 +25,7 @@ pub struct Traces {
 #[serde(rename_all = "snake_case", untagged)]
 pub enum Commands {
     Drivers(Drivers),
+    Memory(Memory),
     Processes(Processes),
     Files(Files),
 }
@@ -41,6 +43,7 @@ impl Traversable for Traces {
     fn traverse(&self) -> &dyn Trace {
         match &self.command {
             Commands::Drivers(drivers) => drivers as &dyn Traversable,
+            Commands::Memory(memory) => memory,
             Commands::Processes(processes) => processes,
             Commands::Files(files) => files,
         }
diff --git a/src/commands/traces/memory.rs b/src/commands/traces/memory.rs
diff --git a/src/commands/traces/memory/dll.rs b/src/commands/traces/memory/dll.rs
