
Porting Windows Dynamic Link Libraries to Linux - dmit
https://github.com/taviso/loadlibrary
======
kazinator
Did this close to twenty years ago. Ported a COM DLL to Linux and one of the
executables using it.

I implemented everything it needed. COM functions like CoCreateInstance, entry
points like DllCanUnloadNow, Windows Sockets and whatnot.

The registry API! Ha. I mapped HKEY_CURRENT_USER to configuration files rooted
in the user's home directory, and HKEY_LOCAL_MACHINE to /etc.

The lib's DllRegisterServer nicely registered its COM class inside the fake
registry.

Don "COM is Love" Box would have teared up had he seen this.

~~~
yuhong
Open Group had COMsource:
[http://www.opengroup.org/comsource/](http://www.opengroup.org/comsource/)

~~~
blinkingled
Software AG had DCOM (EntireX?) implementation for Solaris/Linux back in the
day It was freely downloadable and came with working examples :)

------
beagle3
Note that the author is Tavis Ormandy, the guy who (among many, many other
things) discovered one of the worst Windows security vulns, that was patched
last month -- and from the README it seems like this is part of the toolchest
he used for this particular discovery.

To all people wondering why not wine or winelib - this is for ease of
debugging and fuzzing DLLs, not for actually running software. Wine and
Winelib bring way too much baggage for those uses.

------
psykotic
This reminds me of a tool Jeff Roberts wrote at RAD Game Tools which would
repackage libraries so they were loadable on Linux. At the time the motivation
was that MSVC was generating much better code than GCC for Bink, so he'd
compile on Windows with MSVC and cross-link to Linux with his custom tool.

~~~
reacweb
Does MSVC still generate better code than GCC ? I do not find any recent
benchmark.

~~~
sqeaky
Of things I have benchmarked in the past 5 or so years GCC has not been beaten
by GCC for any of my workloads or benchmarks. I do mostly things related to 3d
graphics and are heavy on the CPU, but what little IO I have done follows this
pattern too.

As near as I can tell msvc is strictly inferior except for windows community
adoption than gcc/mingw. Of course, benchmark your workload, I could be doing
something odd that you are not.

~~~
cupantae
GCC has not been beaten by GCC \--> MSVC has not been beaten by GCC

ftfy

------
pierrec
This is cool and a lot lighter than WINE, though the important keyword is
_self-contained_ Windows libraries. I gather this won't work on DLLs that call
any of the plethora of Windows APIs. I'm actually very surprised that any non-
trivial DLLs are self-contained in this way, like his example of Windows
Defender which I thought would call 1000 Windows API functions.

~~~
bonzini
A bunch of C runtime library and Windows APIs are implemented or stubbed:

* [https://github.com/taviso/loadlibrary/tree/master/peloader/w...](https://github.com/taviso/loadlibrary/tree/master/peloader/winapi)

* [https://github.com/taviso/loadlibrary/blob/master/peloader/c...](https://github.com/taviso/loadlibrary/blob/master/peloader/crt.c)

~~~
IshKebab
Like... in Wine? (Yes I read the readme)

~~~
bonzini
Much smaller and without wineserver too.

------
weinzierl
If you like this, you might also like the Witchcraft Compiler Collection[1] by
Jonathan Brossard.

It approaches from a different angle (relinking), but (as far as I understand
it) can help to solve the same problem Tavis tackles. In the end they both
allow the dynamic analysis of PE files in Linux. Both tools only work if the
architecture is the same in both worlds, I think.

EDIT: [2] is an intro to the Witchcraft Compiler Collection from Black Hat
Europe 2016 which is probably more helpful than the link to the repo.

[1]
[https://github.com/endrazine/wcc/blob/master/README.md](https://github.com/endrazine/wcc/blob/master/README.md)

[2]
[https://www.blackhat.com/docs/eu-16/materials/eu-16-Brossard...](https://www.blackhat.com/docs/eu-16/materials/eu-16-Brossard-
Witchcraft-Compiler-Collection-Towards-Self-Aware-Computer-Programs.pdf)

------
tathougies
Why not just use full-on WINE? The basic system calls are pretty much fully
covered. It seems this duplicates a lot of work.

~~~
Arnavion
Are the Windows API implementations of WINE usable by a native Linux program
(eg as a library of some sort)? That seems to be the requirement here.

~~~
snarfy
Yes, I've written a windows dll loader for linux based on wine myself. It's
fairly simple to add support for LoadLibrary() and GetProcAddress() to a linux
program using wine libraries.

------
steeve
Did anyone find info on how are user32.dll and kernel32.dll handled ?

~~~
bonzini
There are stubs, or reimplementations on top of the C library, for a
relatively small subset of functions:
[https://github.com/taviso/loadlibrary/tree/master/peloader/w...](https://github.com/taviso/loadlibrary/tree/master/peloader/winapi)
(see e.g. Files.c in there for an example of mapping Windows API functions to
libc).

------
faragon
Very cool, to load .dll, so tests/builds/packaging can be run in Linux. There
is also the possibility of signing .exe/.dll on Linux. AFAIK, the remaining
stuff is to sign .msi files.

------
hexmiles
I read the readme, but i still can't understand how is different than winelib
(and i don't know much of ndiswrapper internal).

I understand that since is a debugging oriented tool has a different scope
than wine, but why don't use (at least partially) the already implemented
windows function? I am missing something? maybe this is more efficient o maybe
wine is not enough modular?

~~~
ConfucianNardin
Winelib requires you to (re-)compile from source.

This project allows you to load (some) windows DLLs as-is.

------
gadnium79
why?

~~~
adrianpike
...why not?

~~~
analognoise
I've always thought why is more important than why not. Example: "I'm going to
hit myself in the dick with a hammer."

~~~
mirimir
Actually, that's not so problematic unless there's an anvil involved, or the
hammer is moving quickly.

~~~
sqeaky
I still don't think its a problem. I can swing the hammer if AnalogNoise
cannot build up sufficient speed.

------
shmerl
Sounds like reimplementing what Wine already does.

------
partycoder
I don't know if I would like software ported to Linux in this way. I already
have mixed feelings about WINE. My concern is really on the legal side of
things. What if these things are patent protected and people start getting
sued?

~~~
mariuolo
Do you realise this is a debugging tool?

