As written on esage lab, website of IOCTL fuzzer creators:
"IOCTL Fuzzer is a command line tool designed to automate searching vulnerabilities in Windows kernel drivers by performing fuzz tests on them."
When started without a configuration the tool starts in a useful monitor mode, that will log irps. From the log we can see driver, device, process and IOCTL in irp, these will be of interest to create a configuration for the fuzzer.
example of use: ioctl_fuzzer > log
Wandering through the log can take a little to find what we are looking for, that's where IOCTL filter comes in help.
It's a python script written to help organize IOCTL fuzzer logs better and find immediately what we need.
example of use: python ioctl_fuzzer.py -p process <> out
it takes the log from stdin and outputs to stdout, with -p, -e, -r options we can choose to filter only a process/device/driver respectively containing a word we are interested in.
In the example we are interested in all processes which name contains "process".
With informations retrieved, we can then build a configuration xml to fuzz the IRPs we are interested in.
regards
Showing posts with label Fuzzing. Show all posts
Showing posts with label Fuzzing. Show all posts
Sunday, September 27, 2009
Subscribe to:
Posts (Atom)
