Question 1

How to set up NTFUZZ on a new Windows VM?

Accepted Answer

Follow the README's steps: use WSL for static analysis with .NET, build the hooker driver in Visual Studio, and copy files to a VM with the exact Windows build. Expect several hours for initial setup due to dependencies and manual configuration.

Question 2

NTFUZZ vs Syzkaller for Windows kernel fuzzing?

Accepted Answer

NTFUZZ is specialized for Windows with type-awareness from static analysis, potentially finding deeper bugs, while Syzkaller is a more general, mature framework with better ecosystem support but less Windows-specific optimization. Choose NTFUZZ for targeted Windows research.

Question 3

What seed apps are supported in NTFUZZ?

Accepted Answer

The Launcher module includes scripts for apps like SumatraPDF, WordPad, and chess engines, as listed in the apps directory. You can add custom seeds by creating Python scripts that meet the file path requirements specified in the README.

Question 4

How to handle kernel crashes during fuzzing?

Accepted Answer

The README recommends using a VM to avoid system damage and points to an external repository for automation scripts to detect crashes and reboot VMs, but detailed documentation is limited, requiring manual effort.

Question 5

Does NTFUZZ work on Windows 11 or newer builds?

Accepted Answer

Currently, NTFUZZ is only tested on specific Windows 10 builds (e.g., 17134.1). For newer versions, you must manually adapt the static analysis by placing DLLs in the binaries directory and creating new scripts, with no guaranteed compatibility.

NTFuzz

What is NTFuzz?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions