WINNIE : Fuzzing Windows Applications with Harness Synthesis and Fast Cloning

Abstract: Fuzzing is an emerging technique to automatically validate programs and uncover bugs. It has been widely used to test many programs and has found thousands of security vulnerabilities. However, existing fuzzing efforts are mainly centered around Unix-like systems, as Windows imposes unique challenges for fuzzing: a closed-source ecosystem, the heavy use of graphical interfaces and the lack of fast process cloning machinery. In this paper, we propose two solutions to address the challenges Windows fuzzing faces… Show more

“…5.1.6 Applications with Graphical User Interface. The execution speed of applications with Graphical User Interface (GUI) is much slower than command-line programs [91]. Since the execution speed is one of the keys for the success of fuzzing, the automation of GUI applications often replaces the GUI with a faster approach and executes targets in the command-line manner [91,106,121].…”

“…The execution speed of applications with Graphical User Interface (GUI) is much slower than command-line programs [91]. Since the execution speed is one of the keys for the success of fuzzing, the automation of GUI applications often replaces the GUI with a faster approach and executes targets in the command-line manner [91,106,121]. For instance, fuzzers can model the interactions of user interfaces so that they generate event sequences for Android applications [106,121].…”

“…For instance, fuzzers can model the interactions of user interfaces so that they generate event sequences for Android applications [106,121]. Moreover, fuzzers can also utilize a harness, which prepares the execution context, to directly invoke target functions in GUIs [91].…”

“…A higher execution speed means that fuzzing can examine more test cases, which ofers a higher opportunity to ind defects. Therefore, researchers put many eforts to improve the execution speed of fuzzing, including binary analysis [58,134], optimized execution processes [46,133,204,216], and application-speciied techniques [91,162,163,174,195,196,211].…”

“…Windows applications are diferent from Linux's because they heavily use graphical interfaces, and Windows lacks approaches to clone a process quickly. WINNIE [91] synthesizes a harness to run applications without graphical interfaces. Moreover, it implements fork() for Windows to clone processes eiciently.…”

Fuzzing: A Survey for Roadmap

“…5.1.6 Applications with Graphical User Interface. The execution speed of applications with Graphical User Interface (GUI) is much slower than command-line programs [91]. Since the execution speed is one of the keys for the success of fuzzing, the automation of GUI applications often replaces the GUI with a faster approach and executes targets in the command-line manner [91,106,121].…”

“…The execution speed of applications with Graphical User Interface (GUI) is much slower than command-line programs [91]. Since the execution speed is one of the keys for the success of fuzzing, the automation of GUI applications often replaces the GUI with a faster approach and executes targets in the command-line manner [91,106,121]. For instance, fuzzers can model the interactions of user interfaces so that they generate event sequences for Android applications [106,121].…”

“…For instance, fuzzers can model the interactions of user interfaces so that they generate event sequences for Android applications [106,121]. Moreover, fuzzers can also utilize a harness, which prepares the execution context, to directly invoke target functions in GUIs [91].…”

“…A higher execution speed means that fuzzing can examine more test cases, which ofers a higher opportunity to ind defects. Therefore, researchers put many eforts to improve the execution speed of fuzzing, including binary analysis [58,134], optimized execution processes [46,133,204,216], and application-speciied techniques [91,162,163,174,195,196,211].…”

“…Windows applications are diferent from Linux's because they heavily use graphical interfaces, and Windows lacks approaches to clone a process quickly. WINNIE [91] synthesizes a harness to run applications without graphical interfaces. Moreover, it implements fork() for Windows to clone processes eiciently.…”

Fuzzing: A Survey for Roadmap

Differential Testing of Cryptographic Libraries with Hybrid Fuzzing

SP-Fuzz: Fuzzing Soft PLC with Semi-automated Harness Synthesis