Tavis Ormandy (
I-LoadLibrary inakekela ukulayisha umtapo wezincwadi enkumbulweni futhi ingenise izimpawu ezikhona, inikeze uhlelo lwe-Linux nge-API yesitayela se-dlopen. Ikhodi ye-plug-in ingalungiswa kusetshenziswa i-gdb, i-ASAN ne-Valgrind. Kungenzeka ukulungisa ikhodi esebenzisekayo ngesikhathi sokubulawa ngokuxhuma izingwegwe nokusebenzisa ama-patches (i-runtime patching). Isekela ukuphatha okuhlukile nokuhlehlisa i-C++.
Umgomo wephrojekthi ukuhlela ukuhlolwa kwe-fuzzing okusakazwayo nokuphumelelayo kwemitapo yolwazi ye-DLL endaweni esekwe ku-Linux. Ku-Windows, ukuhlolwa kwe-fuzzing kanye nekhava akusebenzi kahle futhi ngokuvamile kudinga ukusebenzisa isenzakalo esihlukile se-Windows, ikakhulukazi uma uzama ukuhlaziya imikhiqizo eyinkimbinkimbi efana nesofthiwe ye-antivirus ehlanganisa i-kernel nesikhala somsebenzisi. Besebenzisa i-LoadLibrary, abacwaningi be-Google bafuna ubungozi kumakhodekhi wevidiyo, izikena zegciwane, imitapo yolwazi yokuncishiswa kwedatha, amadekhoda ezithombe, njll.
Isibonelo, ngosizo lwe-LoadLibrary sikwazile ukufaka i-Windows Defender antivirus injini ukuze isebenze ku-Linux. Ucwaningo lwe-mpengine.dll, olwakha isisekelo se-Windows Defender, lwenza kwaba nokwenzeka ukuhlaziya inqwaba yamaphrosesa asezingeni eliphezulu amafomethi ahlukahlukene, ama-emulators esistimu yefayela nabahumushi bolimi abangase bakwazi ukuhlinzeka ngama-vectors
I-LoadLibrary nayo isetshenziselwe ukukhomba
Source: opennet.ru