spotFuzzer: Static Instrument and Fuzzing Windows COTs

01/20/2022
by   Yeming Gu, et al.
0

The security research on Windows has received little attention in the academic circle. Most of the new methods are usually designed for Linux system, and are difficult to transplant to Windows. Fuzzing for Windows programs always suffering from its closed source. Therefore, we need to find an appropriate way to achieve feedback from Windows programs. To our knowledge, there are no stable and scalable static instrumentation tools for Windows yet, and dynamic tools, such as DynamoRIO, have been criticized for their performance. To make matters worse, dynamic instrumentation tools have very limited usage scenarios and are impotent for many system services or large commercial software. In this paper, we proposed spotInstr, a novel static tool for instrumenting Windows binaries. It is lightweight and can instrument most Windows PE programs in a very short time. At the same time, spotInstr provides a set of filters, which can be used to select instrumentation points or restrict the target regions. Based on these filters, we propose a novel memory-sensitive instrumentation method which can speed up both instrumentation and fuzzing. After that, we design a system called spotFuzzer, which leverage the ability of spotInstr and can fuzz most Windows binaries. We tested spotInstr and spotFuzzer in multiple dimensions to show their superior performance and stability.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
09/15/2016

Confining Windows Inter-Process Communications for OS-Level Virtual Machine

As OS-level virtualization technology usually imposes little overhead on...
research
01/22/2016

HyBIS: Windows Guest Protection through Advanced Memory Introspection

Effectively protecting the Windows OS is a challenging task, since most ...
research
09/15/2016

Virtualizing System and Ordinary Services in Windows-based OS-Level Virtual Machines

OS-level virtualization incurs smaller start-up and run-time overhead th...
research
08/13/2016

Duplication of Windows Services

OS-level virtualization techniques virtualize system resources at the sy...
research
05/23/2019

MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel

Windows OS kernel memory is one of the main targets of cyber-attacks. By...
research
02/07/2022

Ransomware: Analysing the Impact on Windows Active Directory Domain Services

Ransomware has become an increasingly popular type of malware across the...
research
12/04/2018

A novel lightweight hardware-assisted static instrumentation approach for ARM SoC using debug components

Most of hardware-assisted solutions for software security, program monit...

Please sign up or login with your details

Forgot password? Click here to reset