# How to Use

{% embed url="<https://github.com/0dayResearchLab/msFuzz>" %}

## 0. Tested Environment <a href="#user-content-section-0" id="user-content-section-0"></a>

***

```
CPU : Intel i-7 12700K
RAM : 84G
GPU : Nvidia Geforce 1060 super
OS : Ubuntu 20.04.6 LTS
```

## 1. Install dependencies <a href="#user-content-section-1" id="user-content-section-1"></a>

***

```
sudo apt-get update -y
sudo apt-get install gcc git make curl vim python3 python3.8-venv -y
```

## 2. Enroll github SSH Keys <a href="#user-content-section-2" id="user-content-section-2"></a>

***

```
$ ssh-keygen -t rsa -C <example@example.com>

$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3Nz...

put this string to github -> profile -> settings -> SSH and GPG Keys -> New SSH key
```

## 3. Clone this repo & change kernel to 6.0.0-nyx+ <a href="#user-content-section-3" id="user-content-section-3"></a>

***

```
cd ~
git clone git@github.com:0dayResearchLab/msFuzz.git kAFL
cd kAFL
make deploy
reboot
```

## 4. Build the Windows VM Template <a href="#user-content-section-4" id="user-content-section-4"></a>

***

```
cd ~/kAFL
make deploy -- --tags examples,examples-template-windows
cd ./kafl/examples/templates/windows
make build
```

## 5. Import the template into Vagrant <a href="#user-content-section-5" id="user-content-section-5"></a>

***

```
make import
```

## 6. Import into libvirt <a href="#user-content-section-6" id="user-content-section-6"></a>

***

```
cd ../../windows_x86_64
make init
```

## 7. Run Fuzz <a href="#user-content-section-7" id="user-content-section-7"></a>

***

```
cd ~/kAFL
make env
cd kafl/examples/windows_x86_64/
mkdir -p bin/driver 
cp ../../fuzzer/Utils/Harness_for_nyx.sys ./bin/driver


1. vi src/driver/vuln_test.c -> Change Symbolic Link Name / target sys ( Target Driver Name )

2. Qemu Booting
-> vagrant up --no-provision

3. Make Qemu Snapshot named 'ready_provision'
-> vagrant snapshot save --force 'ready_provision'

4.a
    make target -> automatic loading the Driver to Qemu that located in bin/driver/target.sys & bin/driver/vuln_test.exe
4.b
    make no_target -> automatic loading the Driver to Qemu that located in vuln_test.exe / call_stack.sys
4.c
    make environment yourself


6. mkdir -p ./seed

7. ./run.sh


8. Show GUI
cd ~/kAFL
make env
cd kafl/examples/windows_x86_64/
kafl gui -w work

9. make revoke -> Revoke the Snapshot from fuzzed to Stage #3 ( 'ready_provison' )
```

<figure><img src="https://github.com/0dayResearchLab/msFuzz/raw/master/docs/installation/fuzzing.png?raw=true" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://today-0day.gitbook.io/main/our-approach/how-to-use.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.