Win-fuzzer is a Windows fuzzing tool designed to efficiently discover vulnerabilities by launching and hooking system calls in ntdll.dll and win32u.dll using Frida. The tool allows you to modify buffer values and arguments through a mutation function to test the robustness of the target application.
Before using Win-fuzzer, make sure you have the following dependencies installed:
- Python
- Frida
- IDA (Interactive Disassembler)
-
Clone the Win-fuzzer repository to your local machine.
-
Edit the
config.jsonfile to configure the necessary settings for your environment. -
Run the system call scanner to generate a list of available system calls and save them to
syscalls.json.
python sys_scanner.py config.json syscalls.json- Launch the system call hooker with the specified configuration and system call list. Optionally, provide the target program (e.g.,
$PROG) (0, 1, 2, 3, etc.).
python sys_hooker.py config.json syscalls.json $PROGAlternatively, you can use the provided batch file for convenience:
.\launcher.bat-
Edit the
config.jsonfile to customize the configuration parameters according to your testing requirements. -
Run the system call scanner to identify available system calls and create the
syscalls.jsonfile. -
Launch the system call hooker to intercept and modify system calls. Optionally, provide the target program and choose a mutation level.
-
Observe the behavior of the target program and analyze the results to identify potential vulnerabilities.