How to Use

GitHub - 0dayResearchLab/msFuzz: msFuzz is a coverage-guided fuzzer for Windows kernel drivers that utilizes Intel PT and leverages constraint and dependency analysis to guide fuzzing.GitHub

0. Tested Environment

CPU : Intel i-7 12700K
RAM : 84G
GPU : Nvidia Geforce 1060 super
OS : Ubuntu 20.04.6 LTS

1. Install dependencies

sudo apt-get update -y
sudo apt-get install gcc git make curl vim python3 python3.8-venv -y

2. Enroll github SSH Keys

$ ssh-keygen -t rsa -C <example@example.com>

$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3Nz...

put this string to github -> profile -> settings -> SSH and GPG Keys -> New SSH key

3. Clone this repo & change kernel to 6.0.0-nyx+

cd ~
git clone git@github.com:0dayResearchLab/msFuzz.git kAFL
cd kAFL
make deploy
reboot

4. Build the Windows VM Template

cd ~/kAFL
make deploy -- --tags examples,examples-template-windows
cd ./kafl/examples/templates/windows
make build

5. Import the template into Vagrant

make import

6. Import into libvirt

cd ../../windows_x86_64
make init

7. Run Fuzz

cd ~/kAFL
make env
cd kafl/examples/windows_x86_64/
mkdir -p bin/driver 
cp ../../fuzzer/Utils/Harness_for_nyx.sys ./bin/driver


1. vi src/driver/vuln_test.c -> Change Symbolic Link Name / target sys ( Target Driver Name )

2. Qemu Booting
-> vagrant up --no-provision

3. Make Qemu Snapshot named 'ready_provision'
-> vagrant snapshot save --force 'ready_provision'

4.a
    make target -> automatic loading the Driver to Qemu that located in bin/driver/target.sys & bin/driver/vuln_test.exe
4.b
    make no_target -> automatic loading the Driver to Qemu that located in vuln_test.exe / call_stack.sys
4.c
    make environment yourself


6. mkdir -p ./seed

7. ./run.sh


8. Show GUI
cd ~/kAFL
make env
cd kafl/examples/windows_x86_64/
kafl gui -w work

9. make revoke -> Revoke the Snapshot from fuzzed to Stage #3 ( 'ready_provison' )

PreviousCall Stack Parser NextReferences

Last updated 9 months ago