Affiliation:
1. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450000, China
Abstract
The security research on Windows has received little attention in the academic circle. Most of the new methods are usually designed for the Linux system and are difficult to transplant to Windows. Fuzzing for Windows programs always suffers from its closed source. Therefore, we need to find an appropriate way to achieve feedback from Windows programs. To our knowledge, there are no stable and scalable static instrumentation tools for Windows yet, and dynamic tools, such as DynamoRIO, have been criticized for their performance. To make matters worse, dynamic instrumentation tools have very limited usage scenarios and are impotent for many system services or large commercial software. In this paper, we proposed SpotInstr, a novel static tool for instrumenting Windows binaries. It is lightweight and can instrument most Windows PE programs in a very short time. At the same time, SpotInstr provides a set of filters, which can be used to select instrumentation points or restrict the target regions. Based on these filters, we propose a novel selective instrumentation method which can speed up both instrumentation and fuzzing. After that, we design a system called SpotFuzzer, which leverages the ability of SpotInstr and can fuzz most Windows binaries. We tested SpotInstr and SpotFuzzer in multiple dimensions to show their superior performance and stability.
Funder
National Basic Research Program of China
Subject
Computer Networks and Communications,Information Systems
Reference46 articles.
1. The art, science, and engineering of fuzzing: a survey;V. J. Manès,2018
2. American fuzzy lop;M. Zalewski,2013
3. Peach fuzzer platform;Peach.tech,2015
4. KAFL: hardware-assisted feedback fuzzing for OS kernels;S. Schumilo