You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CPU : Intel i-7 12700K
RAM : 84G
GPU : Nvidia Geforce 1060 super
OS : Ubuntu 20.04.6 LTS
1. Install dependencies
sudo apt-get update -y
sudo apt-get install gcc git make curl vim python3 python3.8-venv -y
2. Enroll github SSH Keys
$ ssh-keygen -t rsa -C <[email protected]>
$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3Nz...
put this string to github -> profile -> settings -> SSH and GPG Keys -> New SSH key
3. Clone this repo & change kernel to 6.0.0-nyx+
cd ~
git clone [email protected]:0dayResearchLab/msFuzz.git kAFL
cd kAFL
make deploy
reboot
4. Build the Windows VM Template
cd ~/kAFL
make deploy -- --tags examples,examples-template-windows
cd ./kafl/examples/templates/windows
make build
5. Import the template into Vagrant
make import
6. Import into libvirt
cd ../../windows_x86_64
make init
7. Run Fuzz
cd ~/kAFL
make env
cd kafl/examples/windows_x86_64/
mkdir -p bin/driver
cp ../../fuzzer/Utils/Harness_for_nyx.sys ./bin/driver
1. vi src/driver/vuln_test.c -> Change Symbolic Link Name / target sys ( Target Driver Name )
2. Qemu Booting
-> vagrant up --no-provision
3. Make Qemu Snapshot named 'ready_provision'
-> vagrant snapshot save --force 'ready_provision'
4.a
make target -> automatic loading the Driver to Qemu that located in bin/driver/target.sys & bin/driver/vuln_test.exe
4.b
make no_target -> automatic loading the Driver to Qemu that located in vuln_test.exe / call_stack.sys
4.c
make environment yourself
6. mkdir -p ./seed
7. ./run.sh
you can get the result.json file at angrPT(https://github.com/0dayResearchLab/angrPT)
And result.json have the information about the each IoControl Constraint and Global Variable dependencies.
8. Show GUI
cd ~/kAFL
make env
cd kafl/examples/windows_x86_64/
kafl gui -w work
9. make revoke -> Revoke the Snapshot from fuzzed to Stage #3 ( 'ready_provison' )