Winkafl
Static binary instrumentation for windows kernel drivers, to use with winafl
Install / Use
/learn @Y3A/WinkaflREADME
winkafl
- Based on the original pe-afl by wmliang and peafl64 by SentinelOne
- Supports fuzzing 64-bit drivers on Windows 11
- Blogpost at https://y3a.github.io/2023/12/22/fuzzing6/
Usage
- Use
ida_dumper.pyin IDA to generate basic block information - Use
instrument.pyto statically instrument target driver - Replace target driver in fuzzing VM with instrumented version
- Compile
helperdriver and load in fuzzing VM - Attach WinDbg to fuzzing VM
- Fuzz and wait for crash
- Use
post_crash/dump_sample.pyto extract crashing sample
FAQ
Q: Why does my winafl return [-] PROGRAM ABORT : No instrumentation detected?
A: This is likely due to the offsets changing across Windows versions.
Modify the pid filtering shellcode in asm_stubs.py to match the implementation of PsGetCurrentProcessId() on your machine.
The current offset is for Windows 11 23H2.
Related Skills
node-connect
343.1kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
90.0kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
343.1kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
343.1kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
