Loadlibrary: Tool Google expert used to port Windows DLL to Linux

[WMGroomAK]

This is a bit of a follow-up to an article published earlier by @hey_yo_ (linked below) concerning the Windows Defender exploit that a Google Expert found as well as a really neat tool for anyone who is interested.  So, as the original article talks about, a Google Expert (Tavis Ormandy) had found an exploit in Windows Defender that could be used to spread malicious code and Microsoft released a patch shortly after. Now, Mr. Ormandy has released the tool that he used to find this exploit on Github.  The tool, called Loadlibrary, is created to allow the running of Windows Dynamic Link Library's (DLLs) on Linux, specifically in order to be able to fuzz them in order to find bugs.  

https://www.bleepingcomputer.com/news/software/google-expert-ports-windows-defender-to-linux-to-showcase-new-tool/

Quote

Tavis Ormandy, the most famous of Google's security experts, has ported Windows Defender DLLs to Linux with the aid of a new tool he released today on GitHub.

 

The new tool is named loadlibrary, and Ormandy says he created it for the sole purpose of helping security researchers, not necessarily the Linux user community.

 

Loadlibrary's sole purpose is to allow researchers to run and load Windows DLLs on Linux together with specialized pen-testing tools called fuzz tools, or fuzzers.

 

These tools perform an automated operation called fuzzing, which relies on feeding a software application with random data and analyzing the output for abnormalities.

 

Google's security experts are big fans of fuzzing when searching for undocumented vulnerabilities. In the past years, Google has developed two of the most popular fuzzing tools around, namely OSS-Fuzz and syzkaller.

 

Syzkaller is how Google engineers discovered three major bugs in the Linux kernel. Two of these bugs had survived in the kernel code for 9 and 11 years, respectively, showing a fuzzing tool's ability to uncover bugs that humans couldn't spot during manual code reviews.

Basically this tool removes the requirement to try and fuzz the Windows tool through a VM or other container in order to find issues.  Just to be clear though, Mr. Ormandy says that this tool is not intended as a way to run Windows Apps on Linux and is not intended to replace Wine or Winelib.  Still, it is really neat that researchers can use this to port specific DLL data into a Linux app and not need to worry about all the other Windows app parts.

 

 

[captain_to_fire]

Now, what is Microsoft's tool for looking into vulnerabilities in their own software? I don't think the vulnerability from the one I posted is the last bug we've seen from Windows Defender. 

[mr moose]

Would this tool make it easier for enthusiasts to port hardware drivers to linux?

 

[HarryNyquist]

21 hours ago, hey_yo_ said:

Now, what is Microsoft's tool for looking into vulnerabilities in their own software?

They wait for the bug to be exposed and then patch it. MS doesn't do QA anymore.