Umthwalo weLayibrari, iprojekthi yokulayisha ii-DLL kwiLinux ngokungathi ziyikhowudi yemveli

Layisha ilayibrari

- JT Ormandy umphandi wezokhuseleko kuGoogle, yazise kwiintsuku ezimbalwa ezidlulileyo uphuhliso lweprojekthi Umthwalo weLayibrari, oko ikukuthi yenzelwe ukulayisha iilayibrari zeWindows DLL ukuze zisetyenziswe kwizicelo zeLinux. Iprojekthi ibonelela ngethala leencwadi elinqamlezileyo onokuthi ulayishe i-DLL kwifomathi ye-PE / COFF kwaye ubize imisebenzi echazwe kuyo.

Umthwalo weLayibrari ithatha umsebenzi wokulayisha ilayibrari kwimemori kunye nokungenisa oonobumba abakhoyo, ukubonelela ngesicelo seLinux nge-dlopen style API. Ikhowudi inokulungiswa kwi-gdb, ASAN, kunye neValgrind. Ungajika ikhowudi ephumeziweyo ngexesha lokubaleka ngokudibanisa iihuku kunye nokufaka iziqwengana (ixesha lokubaleka). Ukwahluka okungafunekiyo kuvunyelwe kwi-C ++.

Iprojekthi yokuLayishwa kweLayibrari ayenzelwanga ukubuyisela iiprojekthi zangoku abenza umsebenzi ofanayo, ofana newayini. ILoadLibrary ijonge ukuvumela iilayibrari zeWindows DLL ukuba zilayishwe kwaye zifikeleleke njengoko ziya kuba yikhowudi yemveli yeLinux, ingazami ukusebenzisa iiWindows kwiLinux kunye nezinye iinkqubo ezifanayo, kodwa ngokulayisha nje amathala eencwadi.

Injongo yale projekthi kukucwangcisa iimvavanyo ezinokusasazeka ezinokusasazeka kunye neefayile zeDLL ezifanelekileyo kwindawo esekwe kwiLinux.

Kwi-Windows, ukuvavanywa kokungangqinelani kunye nokugubungela akuvumeli ukusebenza okwaneleyo kwaye kuhlala kufuna ukwazisa umzekelo ohlukileyo weWindows, ngakumbi xa kufikwa ekuhlalutyeni iimveliso ezinobunkunkqele, ezinje ngesoftware ye-antivirus, egubungela umsebenzi kwikernel kunye nendawo yomsebenzisi.

Injongo yokuqhubela phambili nophuhliso lwale projekthi kukwenza ukuba kusasazwe ngokufanelekileyo nangokufanelekileyo iilayibrari ezizimeleyo zeWindows kwiLinux.

  • C ++ ngaphandle kokuthumela kunye nokuphumla.
  • Khuphela iisimboli ezongezelelweyo ze-IDA.
  • Ukulungisa ingxaki nge-gdb (kubandakanya iisimboli), iindawo zokuphumla, ukulandelwa komkhondo, njl.
  • Ixesha lokubaleka libambeke kwaye lifakelwe.
  • Inkxaso ye-ASAN kunye neValgrind yokufumana iimpazamo zenkohliso zememori ezifihlakeleyo.
  • Ukuba ufuna ukongeza inkxaso yayo nayiphi na into engeniswa ngaphandle, ukubhala iziqu kudla ngokukhawuleza kwaye kulula.

Ngoncedo lweLoadLibrary, Abaphandi bakaGoogle bajonge ukuba semngciphekweni kwiikhowudi zevidiyo, Izikena ze-antivirus, iilayibrari zokunciphisa idatha, iikhowudi zemifanekiso, njl.

Ukusasazeka nokusasazeka kweefestile kunokuba ngumceli mngeni kwaye kungasebenzi, oku kuyinyani ngokukodwa kwimveliso yokhuseleko lokugqibela, ezisebenzisa izinto ezintsonkothileyo eziqhagamsheleneyo ezisisiseko kunye nesithuba somsebenzisi.

Oku kufuna ujikeleze imeko yeewindows ebonakalayo kusasazo. Le yingxaki encinci kwi-linux, kwaye ndiye ndafumanisa ukuba kuhlala kunokwenzeka ukuhambisa izinto ezisuka kwiiwindows iimveliso ze-antivirus ukuya kwi-linux, indivumela ukuba ndisebenzise ikhowudi endivavayo kwizikhongozeli ezincinci ezinentloko encinci kakhulu kwaye ndikhulise ngokulula iimvavanyo.

Ngokomzekelo, usebenzisa iLoadLibrary, kunokwenzeka ukubamba iWindows Defender antivirus ukuqhuba kwiLinux. Isifundo sempengine.dll, esenza isiseko seWindows Defender, sisivumele ukuba sihlalutye inani elikhulu labaqhubi abanzima beefomathi ezahlukeneyo, i-FS emulators, kunye neetoliki zolwimi ezinokuthi zibonelele ngee vectors kuhlaselo olunokwenzeka.

Umthwalo weLayibrari yayisetyenziselwa ukuchonga ukuba sesichengeni okukude kwiphakheji yeAvast.

Ngokufunda i-DLL yale antivirus, kwavezwa ukuba eyona nkqubo iphambili yelungelo lokuskena ibandakanya itoliki epheleleyo yeJavaScript esetyenziselwa ukulinganisa ukwenziwa kwekhowudi yomntu wesithathu yeJavaScript.

Le nkqubo ayihlukaniswanga kwibhokisi yesanti, ayibuyiseli amalungelo, kwaye ihlalutye idatha ye-FS yangaphandle engaqinisekiswanga kunye nokugcwala kwenethiwekhi.

Ukusukela nakuphi na ukuba semngciphekweni kule nkqubo inzima kwaye ingakhuselekanga inokukhokelela kulungelelwaniso olukude lwenkqubo yonke, iqokobhe elikhethekileyo le-avscript laphuhliswa ngesiseko seLoadLibrary ukuskena ubungozi kwiskena seAvast antivirus kwindawo esekwe kwiLinux.

Umlayishi we-PE / COFF usekwe kwikhowudi ye-ndiswrapper. Ikhowudi yeprojekthi ihanjiswa phantsi kwelayisensi ye-GPLv2. Ikhowudi inokubonwa Kule khonkco ilandelayo. 


Izimvo, shiya eyakho

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   Imigca yeZip sitsho

    Wonke umntu oshiye i-dlls sele ethe, ungalibali iphepha langasese