A Google expert has ported Windows Defender DDLs to Linux platform. The new development is aimed to showcase a new tool called loadlibrary that targets at security researchers.
Google security expert Travis Ormandy has specially designed the loadlibrary tool to help security researchers. The tool is not considered to be platform specific. Thus, it is available as an open source offering on a GitHub repository.
Loadlibrary helps researchers run Windows DDLs on Linux along with fuzz tools or fuzzers. Notably, Google already has its open sourced fuzz tool dubbed OSS-Fuzz.
Apart from fuzzing, the open source tool enables the white hat hackers to perform pen-testing on Linux systems. Security experts can also leverage its presence to feed random data and analyse the patterns of applications.
Travis has himself been using loadlibrary to find vulnerabilities in Microsoft Malware Protection Engine. The developer has also published a demo along with the ported package of loadlibrary that shows Windows Defender running on Linux platform. In addition to Windows Defender, Travis has ported Microsoft Malware Protection Engine (MsMpEng), which comes as a default service on Windows editions.
Not a replacement to Wine or Winelib
However, as Travis explicitly mentioned in the instructions on GitHub, loadlibrary is not intended to replace Wine or Winelib. These services are used to port C++ projects from Windows to Linux, whereas loadlibrary is designed to allow native Linux code to load simple Windows DDLs.