https://github.com/0dayResearchLab/msFuzz

msFuzz is a coverage-guided fuzzer for Windows kernel drivers using Intel PT. It is constraint- and dependency-aware for efficient path exploration.
https://github.com/0dayResearchLab/msFuzz

fuzz-testing fuzzer fuzzing kernel research security security-vulnerability windows windows-kernel windows-kernel-exploitation

Last synced: 12 days ago
JSON representation

msFuzz is a coverage-guided fuzzer for Windows kernel drivers using Intel PT. It is constraint- and dependency-aware for efficient path exploration.

• Host: GitHub
• URL: https://github.com/0dayResearchLab/msFuzz
• Owner: 0dayResearchLab
• License: mit
• Created: 2023-11-06T13:59:24.000Z (over 2 years ago)
• Default Branch: master
• Last Pushed: 2025-04-16T05:32:27.000Z (about 1 year ago)
• Last Synced: 2025-04-16T06:49:00.587Z (about 1 year ago)
• Topics: fuzz-testing, fuzzer, fuzzing, kernel, research, security, security-vulnerability, windows, windows-kernel, windows-kernel-exploitation
• Language: Makefile
• Homepage:
• Size: 5.35 MB
• Stars: 169
• Watchers: 5
• Forks: 26
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

• Awesome-Bootkits-Rootkits-Development - Github: MS Fuzz - Targeting Windows Kernel Driver Fuzzer - > MS Fuzzer is coverage-guided Fuzzer that is targeting Windows Kernel Driver. (***Windows Kernel*** / ***Drivers***)

README

          
# msFuzz

**msFuzz** is a coverage-guided fuzzer for Windows kernel drivers that utilizes Intel PT and leverages constraint and dependency analysis to guide fuzzing.



  

    

  



## Feature

- **msFuzz** uses [_Intel PT_](https://www.intel.com/content/www/us/en/developer/videos/collecting-processor-trace-in-intel-system-debugger.html) to achieve code coverage. 

- The **msFuzz** follows an AFL-like design and can detect semi-stateful bugs.

- **msFuzz** is a well-designed fuzzer based on [_Nyx-Fuzzer_](https://nyx-fuzz.com)/[_kAFL_](https://github.com/IntelLabs/kAFL) and [_Redqueen_](https://github.com/RUB-SysSec/redqueen).

- Designed to find bugs for windows Driver that interact with user using **DeviceIoControl**.

![Fuzz Success](docs/installation/fuzz_overall.png?raw=true)

## Requirements

- **Intel Skylake or later:** The setup requires a Gen-6 or newer Intel CPU (for

  Intel PT) and adequate system memory (~2GB RAM per CPU)

- **Patched Host Kernel:** A modified Linux host kernel will be installed as part

  of the setup. Running kAFL inside a VM may work starting IceLake or later CPU.

- **Ubuntu:** The installation and tutorials are

  tested for recent Ubuntu 20.04.6 LTS.

## Our Achievements

- 100+ Security Bugs in 100 days

- 20+ EoP (Elevation of Privilege)

## How to use

- [_How to use_](docs/installation/README.md)