ProHoster > Блог > ozi ịntanetị > LoadLibrary, oyi akwa maka itinye Windows DLL n'ime ngwa Linux

LoadLibrary, oyi akwa maka itinye Windows DLL n'ime ngwa Linux

Tavis Ormandy (Tavis ormandy), onye nyocha nchekwa na Google nke na-emepụta ọrụ ahụ Akwụkwọ LoadLibrary, nke ezubere ibubata DLL ndị achịkọtara maka Windows maka ojiji na ngwa Linux. Ọrụ a na-enye ọba akwụkwọ oyi akwa nke ị nwere ike ibunye faịlụ DLL n'ụdị PE/COFF wee kpọọ ọrụ ndị akọwapụtara na ya. PE/COFF bootloader dabere na koodu ndiswrapper. Koodu oru ngo kesara site ikike n'okpuru GPLv2.

LoadLibrary na-ahụ maka ịkwanye ọba akwụkwọ ahụ na ebe nchekwa yana ibubata akara ndị dị ugbu a, na-enye ngwa Linux nwere API dlopen. Enwere ike ịmegharị koodu nkwụnye ahụ site na iji gdb, ASAN na Valgrind. Ọ ga-ekwe omume ịhazigharị koodu executable n'oge a na-eme ya site na ijikọ nko na itinye patches (patching runtime). Na-akwado iche njikwa na ịwepụ maka C++.

Ebumnobi nke oru ngo a bụ ịhazi nnwale na-enweghị atụ na nke ọma na-ekesa nke ọba akwụkwọ DLL na gburugburu Linux. Na Windows, ule fuzzing na mkpuchi anaghị arụ ọrụ nke ọma ma na-achọkarị ịgba ọsọ ụdị Windows dị iche iche, ọkachasị mgbe ị na-achọ nyocha ngwaahịa dị mgbagwoju anya dị ka sọftụwia antivirus na-agbatị kernel na ohere onye ọrụ. N'iji LoadLibrary, ndị nyocha Google na-achọ adịghị ike na codecs vidiyo, nyocha nje, ọba akwụkwọ decompression data, ndị na-ese foto, wdg.

Dịka ọmụmaatụ, site n'enyemaka nke LoadLibrary, anyị nwere ike ibubata Windows Defender antivirus engine ka ọ na-agba ọsọ na Linux. Ọmụmụ mpengine.dll, nke bụ ntọala nke Windows Defender, mere ka o kwe omume nyochaa ọnụ ọgụgụ dị ukwuu nke usoro nhazi ọkaibe maka ụdị dị iche iche, emulator sistemu faịlụ na ndị ntụgharị asụsụ nke nwere ike inye vectors maka. kwere omume ọgụ.

A na-ejikwa LoadLibrary mata ime adịghị ike na ngwugwu antivirus Avast. Mgbe ị na-amụ DLL site na antivirus a, ekpughere na usoro nyocha isi ihe dị mkpa gụnyere ntụgharị Javascript zuru oke nke ejiri ṅomie mmezu nke koodu Javascript nke ndị ọzọ. Usoro a abụghị nke dịpụrụ adịpụ na gburugburu igbe ájá, anaghị ewepụta ohere, ma nyochaa data mpụta enwetaghị site na sistemụ faịlụ yana okporo ụzọ netwọk egbochiri. Ebe ọ bụ na adịghị ike ọ bụla na usoro a dị mgbagwoju anya na nke enweghị nchebe nwere ike iduga n'imebi usoro ahụ dum, e mepụtara shei pụrụ iche dabere na LoadLibrary. avscript iji nyochaa adịghị ike na nyocha Avast antivirus na gburugburu Linux dabere.

isi: opennet.ru

Tinye a comment