{"id":21261171,"url":"https://github.com/nixawk/hello-iocontrolcode-fuzzer","last_synced_at":"2025-07-11T03:31:13.738Z","repository":{"id":86182204,"uuid":"134809514","full_name":"nixawk/hello-IoControlCode-fuzzer","owner":"nixawk","description":"A fuzz demo for windows driver based on IoControlCode","archived":false,"fork":false,"pushed_at":"2018-05-25T05:53:41.000Z","size":26,"stargazers_count":12,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-05T19:51:17.421Z","etag":null,"topics":["driver","fuzzing","iocontrolcode","windows"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nixawk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-05-25T05:52:45.000Z","updated_at":"2024-12-19T01:55:30.000Z","dependencies_parsed_at":"2023-05-05T07:32:48.992Z","dependency_job_id":null,"html_url":"https://github.com/nixawk/hello-IoControlCode-fuzzer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/nixawk/hello-IoControlCode-fuzzer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nixawk%2Fhello-IoControlCode-fuzzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nixawk%2Fhello-IoControlCode-fuzzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nixawk%2Fhello-IoControlCode-fuzzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nixawk%2Fhello-IoControlCode-fuzzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nixawk","download_url":"https://codeload.github.com/nixawk/hello-IoControlCode-fuzzer/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nixawk%2Fhello-IoControlCode-fuzzer/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264721302,"owners_count":23653916,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["driver","fuzzing","iocontrolcode","windows"],"created_at":"2024-11-21T04:25:23.169Z","updated_at":"2025-07-11T03:31:13.729Z","avatar_url":"https://github.com/nixawk.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# CrashMeat\n\nA simple fuzz demo for windows driver based on io control code. (Some features will be in the future).\nA fuzz framework should have:\n\n  - 1. Raw data input\n  - 2. Rand raw data\n  - 3. Crash targets\n  - 4. Recv crash log\n  - 5. Analysis log\n\n## :: Help\n\n```\nC:\\Users\\debug\\Desktop\\CrashMeat\\src\u003e..\\bin\\crashmeat.EXE\n\n   _____               _       __  __            _\n  / ____|             | |     |  \\/  |          | |\n | |     _ __ __ _ ___| |__   | \\  / | ___  __ _| |_\n | |    | '__/ _` / __| '_ \\  | |\\/| |/ _ \\/ _` | __|\n | |____| | | (_| \\__ \\ | | | | |  | |  __/ (_| | |_\n  \\_____|_|  \\__,_|___/_| |_| |_|  |_|\\___|\\__,_|\\__|\n\n                                             [Nixawk]\n\n  Usage\n  -----\n\n  :: Help\n     -h/-? Show help information\n\n  :: Enum Drivers\n     -l    List all drivers name and status in system.\n\n  :: Load Drivers\n     -a    Load all drivers in system automatically\n     -d    \u003cSymbolicLinkName\u003e Load a driver with symlink name\n\n  :: Load Io Control Code\n     -c    Input available io control code, split with dot (ex: 1,3-5)\n     -b    Bruteforce io control code\n\n  :: Fuzz Mode\n     -n    Null Pointer Fuzz\n     -s    Stack Overflow Fuzz\n     -i    Invalid Address Fuzz\n\n  :: Verbose Mode\n     -v    Make the operation more talkative\n\n```\n\n## :: Enum Mode\n\n```\nC:\\Users\\debug\\Desktop\\CrashMeat\\src\u003e..\\bin\\crashmeat.EXE -l | more\n{'ObjectName': 'USB#VID_0E0F\u0026PID_0002#6\u0026201153c1\u00260\u00267#{f18a0e88-c30c-11d0-8815-00a0c906bed8}', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'Yes', 'GetLastError': 0}\n{'ObjectName': 'D:', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'Yes', 'GetLastError': 0}\n{'ObjectName': 'ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'Yes', 'GetLastError': 0}\n{'ObjectName': 'ACPI#PNP0501#3#{4d36e978-e325-11ce-bfc1-08002be10318}', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'Yes', 'GetLastError': 0}\n{'ObjectName': 'VmGenerationCounter', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'No', 'GetLastError': 5}\n{'ObjectName': 'PhysicalDrive0', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'No', 'GetLastError': 5}\n{'ObjectName': 'VDRVROOT', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'Yes', 'GetLastError': 0}\n{'ObjectName': 'DISPLAY1', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'No', 'GetLastError': 5}\n{'ObjectName': 'ROOT#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'Yes', 'GetLastError': 0}\n{'ObjectName': 'gpuenergydrv', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'Yes', 'GetLastError': 0}\n{'ObjectName': 'SWD#IP_TUNNEL_VBUS#ISATAP_0#{ad498944-762f-11d0-8dcb-00c04fc3358c}', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'Yes', 'GetLastError': 0}\n{'ObjectName': 'WUDFLpcDevice', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'No', 'GetLastError': 5}\n{'ObjectName': '{28B8F286-E5AB-473E-869E-ADE5F342366F}', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'Yes', 'GetLastError': 0}\n{'ObjectName': 'ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'Yes', 'GetLastError': 0}\n{'ObjectName': 'Volume{a1814082-f32d-4f98-ada4-e073e440b01d}', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'No', 'GetLastError': 5}\n{'ObjectName': 'ROOT#spaceport#0000#{ef66a56f-88d1-4cd8-98c4-49faf57ad8af}', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'Yes', 'GetLastError': 0}\n{'ObjectName': 'SWD#MMDEVAPI#{0.0.0.00000000}.{cbd0ca6f-1229-4c9f-8dd8-74962834ad71}#{e6327cad-dcec-4949-ae8a-991e976a79d2}', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'No', 'GetLastError': 1}\n{'ObjectName': 'PCI#VEN_15AD\u0026DEV_0774\u0026SUBSYS_197615AD\u0026REV_00#4\u0026b70f118\u00260\u00260088#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'Yes', 'GetLastError': 0}\n{'ObjectName': 'Psched', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'No', 'GetLastError': 5}\n{'ObjectName': 'SWD#RADIO#Bluetooth_c4e3ac32bcac#{a8804298-2d5f-42e3-9531-9c8c39eb29ce}', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'No', 'GetLastError': 1}\n{'ObjectName': 'PCI#VEN_15AD\u0026DEV_0405\u0026SUBSYS_040515AD\u0026REV_00#3\u002618d45aa6\u00260\u002678#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'No', 'GetLastError': 5}\n{'ObjectName': 'ROOT#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'Yes', 'GetLastError': 0}\n{'ObjectName': 'STORAGE#Volume#{a72219b9-54a9-11e8-9bc2-806e6f6e6963}#0000000022600000#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}', 'ObjectTypeName': 'SymbolicLink', 'AccessStatus': 'Yes', 'GetLastError': 0}\n-- More  --\n```\n\n## :: Fuzz Mode\n\n```\nC:\\Users\\debug\\Desktop\\CrashMeat\\src\u003e..\\bin\\crashmeat.EXE -d AUX -c 1 -i -s -n\n{'func': 'Fuzz_NULL_Pointer', 'text': 'IoControlCode: 00000001','code': 0,'symlink': 'AUX'}\n{'func': 'Fuzz_Stack_Overflow', 'text': 'IoControlCode: 00000001','code': 0,'symlink': 'AUX','bufsize': 65536,}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidAddress: 00000000','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidAddress: FFFFFFFF','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidAddress: 00000000','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidAddress: 00000000','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidAddress: CCCCCCCC','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidAddress: FFFFFFFF','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17BE','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17BD','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17BC','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17BB','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17BA','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17B9','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17B8','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17B7','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17B6','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17B5','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17B4','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17B3','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17B2','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17B1','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17B0','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17AF','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17AE','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17AD','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17AC','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17AB','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17AA','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17A9','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17A8','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17A7','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17A6','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17A5','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17A4','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17A3','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17A2','symlink': 'AUX','bufsize': 65536}\n{'func': 'Fuzz_Invalid_Address', 'text': 'IoControlCode: 00000001, InvalidHeapAddress: 79FC17A1','symlink': 'AUX','bufsize': 65536}\n```\n\n## References\n\n- https://github.com/koutto/ioctlbf/\n- https://github.com/k0keoyo/kDriver-Fuzzer\n- https://github.com/hacksysteam/HackSysExtremeVulnerableDriver\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnixawk%2Fhello-iocontrolcode-fuzzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnixawk%2Fhello-iocontrolcode-fuzzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnixawk%2Fhello-iocontrolcode-fuzzer/lists"}