Dynamic symbolic execution, or DSE for short, has become a promising technique in software testing. However, the implementation details of DSE have not been described in depth in existing works. Although some open-source DSE tools are available nowadays, to design and implement a specific DSE tool from scratch is necessary for some reasons. To this end, we implement a Smart Fuzzing Tool for Windows Native Executables, or SMAFE for short, which utilizes Pin and STP for instrumentation and constraint solving, respectively. Advantages of Pin and STP make SMAFE portable. The major contribution of this paper is our detailed description of the implementation of DSE, including symbolization of inputs, tracking of symbols, synchronization of overlapped symbols, environment modeling, and so on. A practical case study validates the effectiveness of SMAFE. Then, the experiments with two benchmark sets present that the code coverage is above 90% on average. Benefits from this paper are at least twofold: moderating learning curve for scholars and shortening the development circle for practitioners.instructions that affect EFLAGS is considerably large. Hence, the cost of the complete method is rather expensive. Furthermore, the complete method is more complete than we need because we empirically observed that only three instructions CMP, TEST, and SUB are commonly utilized for comparison in practice (account for 100% of comparisons in our experiments).As other instructions, comparison instructions also need to convert into the CRD language. CMP and SUB are converted into 'CMPn' operation straightforwardly. But the conversion of TEST is different. SMAFE does the conversion according to the semantics of TEST. For instance, here is an instruction 'TEST al, 10' and the register al is symbolized as input1. The conversion result in CRD language is '(CMP8 (AND8 input1 10) 0)'. Figure 9. Heuristic rules for searching in memory tables. 1262 T. CHEN ET AL.