Home > Uncategorized > Executables and Shared Libraries

Executables and Shared Libraries

So i’ve known about Windows DLL’s and shared objects in Linux/Unix but hadn’t realized that the concept exists in MacOS also. I haven’t owned any Apple products, so clearly i have poor insight into the OS

Terminology:

  • Windows -> DLL’s (Dynamic Link Libraries)
  • Linux -> .so files (Shared Objects)
  • MacOS -> Dylib’s (Dynamic libraries) and Frameworks

They seem to serve the same purpose in general, but I suppose each has their own particular intricacies tied to the way the OS uses executables.

On DLL Hijacking:

Unexpected loading DLL’s from expected/ unexpected locations

  • Using web locations
  • Hijacking DLL loading order
  • Hijacking paths

If you control the binary, you can control the DLL’s.

You can still control the DLL’s, even if you don’t control the binary, if the binary does not enforce / check the paths or the signatures of the DLL’s.

Current solutions:

  • DLL signing
  • Binary/Executable Signing

References:
https://superuser.com/questions/228309/macos-dll-equivalent
https://stackoverflow.com/questions/1212477/creating-a-dll-on-a-mac-dylib-or-framework
https://attack.mitre.org/techniques/T1038/
https://attack.mitre.org/techniques/T1157/

Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: