Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Fuzzing driver

Shinji_BahiaShinji_Bahia Member - All Emails Posts: 8

Hi,

I'm developing a WDM driver. I would like to know what methods, strategies, frameworks, tools.... you are using to fuzzing drivers. I'm mostly interested in fuzzing IOCTLs but open to learn any kind of fuzzing to test the driver.

Any tip apreciated, thanks!

Comments

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,013

    I'm developing a WDM driver

    Why? A WDM driver these days is a pretty rare thing.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,578

    The base WHQL/HCK/HLK tests do some of this, like generating random ioctl codes, or generating lots of ioctls in a short time. It's a little dangerous to do anything else generically, because they don't know if a certain ioctl pattern might trigger the detonation sequence on your device.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Shinji_BahiaShinji_Bahia Member - All Emails Posts: 8

    Hey Peter,

    I started the project years ago and I would like to cover it with some test doing fuzzing.

  • Shinji_BahiaShinji_Bahia Member - All Emails Posts: 8

    @Tim_Roberts said:
    The base WHQL/HCK/HLK tests do some of this, like generating random ioctl codes, or generating lots of ioctls in a short time. It's a little dangerous to do anything else generically, because they don't know if a certain ioctl pattern might trigger the detonation sequence on your device.

    Thanks Tim, I'll check it out

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,013
    edited March 6

    The tests to which Mr. Roberts is referring are IoSpy and IoAttack.

    The former tool named "Device Path Exerciser" (DevPathExer originally DC2.exe) was excellent for testing drivers... and doing some pretty great fuzzing. A brief write-up here, also. As you'll note from the date of that latter article, this is pretty ancient shit.

    I'm not sure why this tool was discontinued (except for the fact that the code for it was pretty much a mess, the app itself was super complicated between the tests it did and the NUMEROUS sometimes odd and involved logging options, and it was inherited by the folks responsible for the WHQL tests who never did quite understand its full value). If you can find a copy of THAT, I'd recommend it highly. It can even do things like use the I/O Manager to monitor your driver over time to determine what IOCTL function codes it supports, and then POUND those IOCTLs specifically with bad buffers and whatnot. What other tool does stuff like, 20K rapid opens and closes, sometimes specifying really long and weird, path names after the devicename... just to see if your driver can handle it?

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Shinji_BahiaShinji_Bahia Member - All Emails Posts: 8

    Thank you Peter for such a detailed response.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA