spotFuzzer: Static Instrument and Fuzzing Windows COTs

by   Yeming Gu, et al.

The security research on Windows has received little attention in the academic circle. Most of the new methods are usually designed for Linux system, and are difficult to transplant to Windows. Fuzzing for Windows programs always suffering from its closed source. Therefore, we need to find an appropriate way to achieve feedback from Windows programs. To our knowledge, there are no stable and scalable static instrumentation tools for Windows yet, and dynamic tools, such as DynamoRIO, have been criticized for their performance. To make matters worse, dynamic instrumentation tools have very limited usage scenarios and are impotent for many system services or large commercial software. In this paper, we proposed spotInstr, a novel static tool for instrumenting Windows binaries. It is lightweight and can instrument most Windows PE programs in a very short time. At the same time, spotInstr provides a set of filters, which can be used to select instrumentation points or restrict the target regions. Based on these filters, we propose a novel memory-sensitive instrumentation method which can speed up both instrumentation and fuzzing. After that, we design a system called spotFuzzer, which leverage the ability of spotInstr and can fuzz most Windows binaries. We tested spotInstr and spotFuzzer in multiple dimensions to show their superior performance and stability.


page 1

page 2

page 3

page 4


Confining Windows Inter-Process Communications for OS-Level Virtual Machine

As OS-level virtualization technology usually imposes little overhead on...

HyBIS: Windows Guest Protection through Advanced Memory Introspection

Effectively protecting the Windows OS is a challenging task, since most ...

Virtualizing System and Ordinary Services in Windows-based OS-Level Virtual Machines

OS-level virtualization incurs smaller start-up and run-time overhead th...

Duplication of Windows Services

OS-level virtualization techniques virtualize system resources at the sy...

MemoryRanger Prevents Hijacking FILE_OBJECT Structures in Windows Kernel

Windows OS kernel memory is one of the main targets of cyber-attacks. By...

Ransomware: Analysing the Impact on Windows Active Directory Domain Services

Ransomware has become an increasingly popular type of malware across the...

A novel lightweight hardware-assisted static instrumentation approach for ARM SoC using debug components

Most of hardware-assisted solutions for software security, program monit...

Please sign up or login with your details

Forgot password? Click here to reset