spotFuzzer: Static Instrument and Fuzzing Windows COTs

TL;DR

This paper introduces spotFuzzer, a static instrumentation and fuzzing system for Windows binaries, addressing the lack of scalable tools and performance issues in existing dynamic methods, thereby enabling effective fuzzing of Windows programs.

Contribution

The paper presents spotInstr, a lightweight static instrumentation tool for Windows, and integrates it into spotFuzzer, a system that improves fuzzing efficiency and stability for Windows binaries.

Findings

spotInstr can instrument most Windows PE files quickly.

spotFuzzer effectively fuzzes Windows binaries with high performance.

The system demonstrates superior stability and scalability.

Abstract

The security research on Windows has received little attention in the academic circle. Most of the new methods are usually designed for Linux system, and are difficult to transplant to Windows. Fuzzing for Windows programs always suffering from its closed source. Therefore, we need to find an appropriate way to achieve feedback from Windows programs. To our knowledge, there are no stable and scalable static instrumentation tools for Windows yet, and dynamic tools, such as DynamoRIO, have been criticized for their performance. To make matters worse, dynamic instrumentation tools have very limited usage scenarios and are impotent for many system services or large commercial software. In this paper, we proposed spotInstr, a novel static tool for instrumenting Windows binaries. It is lightweight and can instrument most Windows PE programs in a very short time. At the same time, spotInstr provides a set of filters, which can be used to select instrumentation points or restrict the target regions. Based on these filters, we propose a novel memory-sensitive instrumentation method which can speed up both instrumentation and fuzzing. After that, we design a system called spotFuzzer, which leverage the ability of spotInstr and can fuzz most Windows binaries. We tested spotInstr and spotFuzzer in multiple dimensions to show their superior performance and stability.