Google expert fuzzes ports Windows Defender to Linux

Google’ s famous security expert, Tavis Ormandy has ported Window Defender DLLs to Linux with the aid of a new tool that is released on GitHub. The new tool called LoadLibrary and created for the sole purpose of helping security researchers.

Ormandy used the Windows DLLs to port into Linux for vulnerability tests. He made his announcement on Twitter. The loadlibrary’ s sole purpose is to allow researchers to run and load Windows DLLs on Linux with specialized penetration testing tools called fuzz tools or fuzzers. The fuzz tools rely on feeding a software application with random data and analyzing the output for abnormalities.

Ormandy lets loose fuzzing against Windows-based software using Linux platforms. “ The intention is to allow scalable and efficient fuzzing of self-contained Windows libraries on Linux. Good candidates might be video codecs, decompression libraries, virus scanners, image decoders, and so on,” he writes.

The tool contains an environment that includes C++ exception dispatch and unwinding, loading additional symbols from IDA, debugging with gdb, breakpoints, stack traces, running hooking and patching and support for ASAN and valgrind to detect subtle memory corruption bugs.

Ormandy ported the Microsoft Malware Protection Engine (MsMpEng), the security service installed by default on Windows 8, 8.1, 10, Windows Server 2016 operating systems. Of the MsMpEng package, he ported the Mpengine component, responsible for scanning and analyzing malware.

He clears the air by saying that this tool is not intended as a way to run Windows apps on Linux. Nor does it replace Wine or Winelib. This project is only intended to allow native Linux code to load simple Windows DLLs.