# taviso/loadlibrary **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/taviso-loadlibrary).** 4,475 stars · 393 forks · C · gpl-2.0 ## Links - GitHub: https://github.com/taviso/loadlibrary - awesome-repositories: https://awesome-repositories.com/repository/taviso-loadlibrary.md ## Topics `linux` `porting` `windows` ## Description LoadLibrary is a binary instrumentation framework that loads and executes Windows PE/COFF DLLs natively within Linux processes. It provides a cross-platform binary execution layer that maps Windows portable executable files into Linux memory, resolving imports and relocations so that exported functions can be called as if they were native Linux library routines. The framework enables runtime interception and modification of Windows DLL function behavior, including redirecting API calls to Linux-native implementations through a binary patching hook engine. It includes a code coverage auditor that records executed basic blocks in loaded DLLs and produces reports for fuzzing corpus distillation and security research. LoadLibrary also supports debugging loaded DLLs with GDB, providing full symbol support, breakpoints, and stack traces for source-level analysis. The project covers automated security testing workflows, including fuzzing Windows libraries on Linux to find memory corruption bugs using tools like AddressSanitizer and Valgrind. It also enables porting Windows antivirus engines to Linux for scanning files, and provides a fuzzing corpus distiller that reduces large input sets to minimal subsets that still exercise all recorded code paths. ## Tags ### Development Tools & Productivity - [Windows DLL Loaders for Linux](https://awesome-repositories.com/f/development-tools-productivity/command-execution/arbitrary/dll-loading/windows-dll-loaders-for-linux.md) — Loads Windows PE/COFF DLLs into a Linux process, resolving imports and relocations for native execution. ([source](https://github.com/taviso/loadlibrary#readme)) - [DLL Injection Hooks](https://awesome-repositories.com/f/development-tools-productivity/application-customization-frameworks/system-hooking-frameworks/dll-injection-hooks.md) — Replaces exported DLL functions with custom implementations at runtime to intercept calls for instrumentation or fuzzing. ([source](https://github.com/taviso/loadlibrary#readme)) - [Windows DLL Function Lookups](https://awesome-repositories.com/f/development-tools-productivity/command-execution/arbitrary/dll-loading/windows-dll-function-lookups.md) — Looks up and invokes exported functions from loaded Windows DLLs using a dlopen-style API. ([source](https://github.com/taviso/loadlibrary#readme)) - [Windows DLL Invocations](https://awesome-repositories.com/f/development-tools-productivity/command-execution/arbitrary/dll-loading/windows-dll-invocations.md) — Invokes exported functions from loaded Windows DLLs as if they were native Linux library routines. ([source](https://github.com/taviso/loadlibrary/blob/master/mpclient.c)) ### Operating Systems & Systems Programming - [Windows PE Execution Layers](https://awesome-repositories.com/f/operating-systems-systems-programming/windows-pe-execution-layers.md) — Loads and executes Windows PE/COFF DLLs natively within Linux processes for testing and analysis. - [Trampoline-Based Hook Engines](https://awesome-repositories.com/f/operating-systems-systems-programming/binary-instruction-patching/trampoline-based-hook-engines.md) — Intercepts function calls by disassembling target code and inserting trampolines that redirect execution to custom handlers. - [Binary Translation Layers](https://awesome-repositories.com/f/operating-systems-systems-programming/virtualization-emulation/virtualization-platforms/virtualization-platforms/cross-architecture-virtualization/binary-translation-layers.md) — Provides a binary translation layer that enables Windows DLLs to execute natively on Linux through memory mapping and patching. - [Linux DLL Loaders](https://awesome-repositories.com/f/operating-systems-systems-programming/windows-pe-execution-layers/linux-dll-loaders.md) — Maps Windows portable executable files into Linux memory and resolves imports and relocations for native execution. - [Windows DLL Loaders for Linux](https://awesome-repositories.com/f/operating-systems-systems-programming/windows-pe-execution-layers/windows-dll-loaders-for-linux.md) — Loads Windows PE/COFF binaries into a Linux process and resolves their imports for native execution. ([source](https://github.com/taviso/loadlibrary#readme)) - [Heap Corruption Detection](https://awesome-repositories.com/f/operating-systems-systems-programming/heap-analyzers/heap-corruption-detection.md) — Runs loaded Windows DLLs under ASAN and Valgrind to detect heap overflows, use-after-free, and memory corruption bugs. ([source](https://github.com/taviso/loadlibrary#readme)) ### Business & Productivity Software - [Windows Library Fuzzers for Linux](https://awesome-repositories.com/f/business-productivity-software/a-b-testing/windows-a-b-feature-state-readers/windows-library-fuzzers-for-linux.md) — Loads self-contained Windows DLLs into a Linux process and tests them for memory corruption bugs using tools like ASAN and Valgrind. ([source](https://github.com/taviso/loadlibrary#readme)) ### DevOps & Infrastructure - [PE/COFF Loaders](https://awesome-repositories.com/f/devops-infrastructure/cicd-pipeline-automation/core-build-engines/build-tooling/high-performance/linkers/multithreaded-pe-coff/pe-coff-loaders.md) — Maps Windows portable executable files into a Linux process address space, resolving imports and relocations without a native Windows loader. ### Graphics & Multimedia - [Windows API Call Redirectors](https://awesome-repositories.com/f/graphics-multimedia/graphics-engines-rendering/rendering/graphics-apis-bindings/graphics-rendering-apis/windows-api-hooking-engines/windows-api-call-redirectors.md) — Redirects Windows API calls from loaded DLLs to Linux-native implementations for cross-platform execution. ([source](https://github.com/taviso/loadlibrary#readme)) ### Programming Languages & Runtimes - [Windows DLL Instrumentation Frameworks](https://awesome-repositories.com/f/programming-languages-runtimes/binary-instrumentation/windows-dll-instrumentation-frameworks.md) — Ships a binary instrumentation framework that loads and executes Windows DLLs natively on Linux for analysis. - [GDB Extensions](https://awesome-repositories.com/f/programming-languages-runtimes/gdb-extensions.md) — Attaches GDB to loaded Windows DLLs with full symbol support, breakpoints, and stack traces for debugging. ([source](https://github.com/taviso/loadlibrary#readme)) - [Cross-Platform DLL Debuggers](https://awesome-repositories.com/f/programming-languages-runtimes/gdb-extensions/cross-platform-dll-debuggers.md) — Attaches GDB to loaded Windows DLLs with full symbol support, breakpoints, and stack traces for source-level debugging. ([source](https://github.com/taviso/loadlibrary#readme)) ### Security & Cryptography - [Library Fuzzings](https://awesome-repositories.com/f/security-cryptography/security-fuzzing-engines/library-fuzzings.md) — Loads self-contained Windows DLLs on Linux and tests them for memory corruption bugs using ASAN and Valgrind. ([source](https://github.com/taviso/loadlibrary#readme)) - [Windows Library Fuzzers for Linux](https://awesome-repositories.com/f/security-cryptography/security-fuzzing-engines/library-fuzzings/windows-library-fuzzers-for-linux.md) — Fuzzes Windows libraries on Linux to find memory corruption bugs using sanitizers and coverage feedback. - [Malware Scanning](https://awesome-repositories.com/f/security-cryptography/file-upload-security/malware-scanning.md) — Runs a ported Windows antivirus engine on Linux to scan files for malware using the mpclient tool. ([source](https://github.com/taviso/loadlibrary/blob/master/mpscript.c)) - [Windows Antivirus Engine Ports](https://awesome-repositories.com/f/security-cryptography/file-upload-security/malware-scanning/windows-antivirus-engine-ports.md) — Ports a Windows antivirus engine to Linux and uses it to scan files for malware and threats. - [Binary Corpus Distillation](https://awesome-repositories.com/f/security-cryptography/security-fuzzing-engines/binary-corpus-distillation.md) — Reduces large fuzzer input sets to minimal subsets that still exercise all recorded code paths for efficient fuzzing. ### Testing & Quality Assurance - [Cross-Platform Function Invocations](https://awesome-repositories.com/f/testing-quality-assurance/function-call-tracking/cross-platform-function-invocations.md) — Invokes exported functions from Windows DLLs as if they were native Linux library calls. ([source](https://github.com/taviso/loadlibrary/blob/master/exports.lst)) - [Code Coverage Analysis](https://awesome-repositories.com/f/testing-quality-assurance/code-coverage-analysis.md) — Collects basic block coverage data from loaded Windows DLLs and produces reports for fuzzing corpus distillation. ([source](https://github.com/taviso/loadlibrary/tree/master/coverage)) - [Binary Basic Block Coverage Auditors](https://awesome-repositories.com/f/testing-quality-assurance/code-coverage-analysis/binary-basic-block-coverage-auditors.md) — Collects and audits basic block coverage from loaded Windows DLLs to identify untested code paths. ### User Interface & Experience - [Runtime Function Hooking](https://awesome-repositories.com/f/user-interface-experience/font-rasterizers/api-interception-hooks/runtime-function-hooking.md) — Provides runtime function interception and redirection for Windows DLLs loaded natively on Linux. ### Part of an Awesome List - [Binary Code Coverage Auditors](https://awesome-repositories.com/f/awesome-lists/devtools/code-coverage/binary-code-coverage-auditors.md) — Records every basic block executed in loaded Windows DLLs and produces coverage reports for fuzzing corpus distillation. ### System Administration & Monitoring - [Corruption Detectors](https://awesome-repositories.com/f/system-administration-monitoring/memory-usage-analyzers/memory-allocation-debuggers/corruption-detectors.md) — Leverages AddressSanitizer and Valgrind to detect buffer overflows, use-after-free, and other memory safety bugs in loaded Windows code.