Porting Windows Dynamic Link Libraries to Linux
Introduction
This repository contains a library that allows native Linux programs to load
and call functions from a Windows DLL.
As a demonstration, I've ported Windows Defender to Linux.
$ ./mpclient eicar.com
main(): Scanning eicar.com...
EngineScanCallback(): Scanning input
EngineScanCallback(): Threat Virus:DOS/EICAR_Test_File identified.
How does it work?
The peloader directory contains a custom PE/COFF loader derived from
ndiswrapper. The library will process the relocations and imports, then provide
a dlopen-like API. The code supports debugging with gdb (including symbols),
basic block coverage collection, and runtime hooking and patching.
What works?
The intention is to allow scalable and efficient fuzzing of self-contained
Windows libraries on Linux. Good candidates might be video codecs,
decompression libraries, virus scanners, image decoders, and so on.
C++ exception dispatch and unwinding.
Loading additional symbols from IDA.
Debugging with gdb (including symbols), breakpoints, stack traces, etc.
Runtime hooking and patching.
Support for ASAN and Valgrind to detect subtle memory corruption bugs.
If you need to add support for any external imports, writing stubs is usually
quick and easy.
Why?
Distributed, scalable fuzzing on Windows can be challenging and inefficient.
This is especially true for endpoint security products, which use complex
interconnected components that span across