Tavis Ormandy (), umcwaningi wezokuphepha kwa-Google owakha iphrojekthi , okuhloswe ngayo ukuthumela ama-DLL ahlanganiswe iWindows ukuze asetshenziswe ezinhlelweni ze-Linux. Iphrojekthi ihlinzeka ngelabhulali yongqimba ongalayisha ngayo ifayela le-DLL ngefomethi ye-PE/COFF futhi ubize imisebenzi echazwe kuyo. I-PE/COFF bootloader isekelwe kukhodi . Ikhodi yephrojekthi ilayisensi ngaphansi kwe-GPLv2.
I-LoadLibrary inakekela ukulayisha umtapo wezincwadi enkumbulweni futhi ingenise izimpawu ezikhona, inikeze uhlelo lwe-Linux nge-API yesitayela se-dlopen. Ikhodi ye-plug-in ingalungiswa kusetshenziswa i-gdb, i-ASAN ne-Valgrind. Kungenzeka ukulungisa ikhodi esebenzisekayo ngesikhathi sokubulawa ngokuxhuma izingwegwe nokusebenzisa ama-patches (i-runtime patching). Isekela ukuphatha okuhlukile nokuhlehlisa i-C++.
Umgomo wephrojekthi ukuhlela ukuhlolwa kwe-fuzzing okusakazwayo nokuphumelelayo kwemitapo yolwazi ye-DLL endaweni esekwe ku-Linux. Ku-Windows, ukuhlolwa kwe-fuzzing kanye nekhava akusebenzi kahle futhi ngokuvamile kudinga ukusebenzisa isenzakalo esihlukile se-Windows, ikakhulukazi uma uzama ukuhlaziya imikhiqizo eyinkimbinkimbi efana nesofthiwe ye-antivirus ehlanganisa i-kernel nesikhala somsebenzisi. Besebenzisa i-LoadLibrary, abacwaningi be-Google bafuna ubungozi kumakhodekhi wevidiyo, izikena zegciwane, imitapo yolwazi yokuncishiswa kwedatha, amadekhoda ezithombe, njll.
Isibonelo, ngosizo lwe-LoadLibrary sikwazile ukufaka i-Windows Defender antivirus injini ukuze isebenze ku-Linux. Ucwaningo lwe-mpengine.dll, olwakha isisekelo se-Windows Defender, lwenza kwaba nokwenzeka ukuhlaziya inqwaba yamaphrosesa asezingeni eliphezulu amafomethi ahlukahlukene, ama-emulators esistimu yefayela nabahumushi bolimi abangase bakwazi ukuhlinzeka ngama-vectors .
I-LoadLibrary nayo isetshenziselwe ukukhomba kuphakheji ye-antivirus ye-Avast. Lapho kufundwa i-DLL kule antivirus, kwavezwa ukuthi inqubo yokuskena enelungelo elingukhiye ihlanganisa umhumushi ogcwele we-JavaScript osetshenziselwa ukulingisa ukusetshenziswa kwekhodi ye-JavaScript yenkampani yangaphandle. Le nqubo ayihlukanisiwe endaweni ye-sandbox, ayisethi kabusha amalungelo, futhi ihlaziya idatha yangaphandle engaqinisekisiwe evela kusistimu yefayela futhi ivimbe ithrafikhi yenethiwekhi. Njengoba noma yikuphi ukuba sengozini kule nqubo eyinkimbinkimbi nengavikelekile kungase kuholele ekonakaleni okukude kwesistimu yonke, igobolondo elikhethekile lasungulwa ngokusekelwe ku-LoadLibrary. ukuhlaziya ubungozi kusikena se-antivirus ye-Avast endaweni esekwe ku-Linux.
Source: opennet.ru