Tavis Ormandy (), cilmi-baare dhinaca amniga ah oo Google ka tirsan oo mashruuca horumarinaya , loogu talagalay in lagu soo raro DLL-yada loo diyaariyey Windows si loogu isticmaalo codsiyada Linux. Mashruucu wuxuu bixiyaa maktabad lakab ah oo aad ku shuban karto faylka DLL ee qaabka PE/COFF oo aad wacdo hawlaha lagu qeexay. PE/COFF bootloader waxay ku salaysan tahay koodka . Koodhka mashruuca shatiga ku haysta GPLv2.
LoadLibrary waxay ka taxadartaa ku shubista maktabadda xusuusta iyo soo dejinta calaamadaha jira, iyadoo siinaysa arjiga Linux API dlopen-style ah. Koodhka fur-in waxaa lagu dami karaa iyadoo la isticmaalayo gdb, ASAN iyo Valgrind. Waa suurtagal in la hagaajiyo koodka la fulin karo inta lagu jiro fulinta iyadoo la isku xirayo qabsatooyinkooda iyo dhejinta dhejiska (patching runtime). Waxay taageertaa ka-reebista wax-ka-qabashada iyo dib-u-dejinta C++.
Hadafka mashruucu waa in la abaabulo imtixaan la qaybin karo oo hufan oo hufan ee maktabadaha DLL ee deegaan ku salaysan Linux. Daaqadaha, jahawareerka iyo tijaabinta daboolidu maaha mid wax ku ool ah oo badanaa waxay u baahan tahay socodsiinta tusaale gaar ah oo Windows ah, gaar ahaan marka la isku dayo in la falanqeeyo alaabada adag sida software-ka antivirus ee ku dhereran kernel-ka iyo booska isticmaalaha. Isticmaalka LoadLibrary, cilmi-baarayaasha Google waxay ka raadinayaan baylahda codec-yada fiidyaha, sawir-qaadayaasha fayraska, maktabadaha dempression xogta, sawir-qaadaha, iwm.
Tusaale ahaan, annagoo kaashanayna LoadLibrary waxaan awoodnay inaan dejino mashiinka ka hortagga Windows Defender si uu ugu shaqeeyo Linux. Daraasadda mpengine.dll, oo aasaaska u ah Windows Defender, ayaa suurta gelisay in la falanqeeyo tiro badan oo soo-saareyaal casri ah oo qaabab kala duwan ah, hab-raaca faylalka iyo tarjumaannada luqadda kuwaas oo suurtagal ka dhigaya in la falanqeeyo. .
LoadLibrary ayaa sidoo kale loo isticmaalay in lagu aqoonsado ee xirmada antivirus Avast. Markii aad ka baranaysay DLL-ka fayraskan, waxa la daaha ka qaaday in habka iskaanka mudnaanta leh ee muhiimka ah uu ku jiro turjubaan dhammaystiran oo JavaScript ah oo loo isticmaalo in lagu daydo fulinta koodka JavaScript ee qolo saddexaad. Habkani maaha mid ka go'doonsan jawiga sandbox, ma dib u dajin mudnaanta, oo wuxuu falanqeeyaa xogta dibadda ee aan la xaqiijin ee nidaamka faylka iyo taraafikada shabakada ee la xannibay. Mar haddii u nuglaansho kasta oo ka jirta habkan adag iyo kuwa aan la ilaalin ay u horseedi karto meel-ka-dhac fog oo nidaamka oo dhan ah, qolof gaar ah ayaa la sameeyay oo ku salaysan LoadLibrary si loo falanqeeyo baylahda ku jirta iskaanka fayraska Avast ee deegaan ku salaysan Linux.
Source: opennet.ru