Tavis Ormandy (), muongorori wezvekuchengetedza paGoogle ari kugadzira chirongwa ichi , yakanangana nekutakura maDLL akagadzirirwa Windows kuti ashandiswe muLinux application. Iyo purojekiti inopa dhizaini raibhurari iyo iwe yaunogona kurodha DLL faira muPE / COFF fomati uye kudana mabasa anotsanangurwa mairi. PE/COFF bootloader yakavakirwa pakodhi . Project code ane rezinesi pasi peGPLv2.
LoadLibrary inotarisira kurodha raibhurari mundangariro uye kupinza zviratidzo zviripo, ichipa iyo Linux application ine dlopen-style API. Iyo plug-in kodhi inogona kugadziriswa uchishandisa gdb, ASAN uye Valgrind. Zvinokwanisika kugadzirisa kodhi inogadziriswa panguva yekuuraya nekubatanidza zvikorekedzo uye kushandisa zvigamba (runtime patching). Inotsigira kusarudzika kubata uye kusunungura kweC ++.
Chinangwa chepurojekiti ndechekuronga scalable uye inoshanda yakagoverwa fuzzing kuyedzwa kwemaraibhurari eDLL munzvimbo ine Linux-based. PaWindows, kufefetedza uye kuyedzwa kwekuvhara hakuna kunyatso shanda uye kazhinji kunoda kumhanyisa yakaparadzana virtualized muenzaniso weWindows, kunyanya kana uchiedza kuongorora zvigadzirwa zvakaoma senge antivirus software inotora kernel nenzvimbo yemushandisi. Uchishandisa LoadLibrary, vaongorori veGoogle vari kutsvaga kusagadzikana mumavhidhiyo macodec, hutachiona scanner, data decompression raibhurari, mifananidzo decoder, nezvimwe.
Semuenzaniso, nerubatsiro rweLoadLibrary takakwanisa kutakura Windows Defender antivirus injini kumhanya paLinux. Chidzidzo che mpengine.dll, chinoumba hwaro hweWindows Defender, chakaita kuti zvikwanise kuongorora huwandu hukuru hwema processors emhando dzakasiyana siyana, emulator yefaira system uye vaturikiri vemitauro vanogona kupa mavheji ekushandisa. .
LoadLibrary yakashandiswawo kuziva muAvast antivirus package. Paunenge uchidzidza DLL kubva kune iyi antivirus, zvakaratidzwa kuti iyo yakakosha yakasarudzika yekuongorora maitiro inosanganisira yakazara-yakazara JavaScript muturikiri anoshandiswa kutevedzera kuurayiwa kwechitatu-bato JavaScript kodhi. Iyi maitiro haina kuparadzaniswa munzvimbo yesandbox, haigadzirisezve ropafadzo, uye inoongorora isina kuvimbiswa data rekunze kubva kune faira system uye yakabatwa network traffic. Sezvo chero kusadzivirirwa mune iyi yakaoma uye isina kudzivirirwa maitiro inogona kutungamira mukukanganisika kure kwehurongwa hwese, ganda rakakosha rakagadzirwa zvichibva paLoadLibrary. kuongorora kusagadzikana muAvast antivirus scanner mune Linux-based environment.
Source: opennet.ru