Google researcher Tavis Ormandy well-known loophole open a Windows DLL can be loaded into the Linux libraries LoadLibrary , the library allows native Linux program to load and call functions from Windows DLL.
Ndiswrapper derived library contains a custom PE / COFF from the loader. The relocation process library and imported and provides classes dlopen API.
Tavis said distributed on Windows, extensible fuzzing can be challenging and inefficient. This is especially true for end use product safety across the kernel and user space complexity of interconnecting components. This usually requires subvert the entire virtualized Windows environment for its fuzz. However, this is not a big problem, if the component of Windows antivirus software can be ported to Linux, then you can run the test code in the smallest container on Linux, while overhead is very small and can be easily extended test range.
Loadlibrary purpose is to allow self-contained in the Windows library on Linux scalable and efficient fuzzing, comprising a video codec, decompression library, the virus scanner and the image decoder or the like. can proceed:
- C ++ exception scheduling and release.
- Load other characters from IDA.
- Using gdb, breakpoints, stack trace debugging, etc.
- Runtime hook and patches.
- ASAN support and Valgrind to detect subtle memory corruption errors.
As a demonstration, Tavis has now ported to the Windows Defender Linux.