Skip to content
Kernel driver to fuzz Hyper-V hypercalls
Branch: master
Clone or download
amardeep.chana
Latest commit 6abe014 Feb 14, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
ViFuR3
ViridianFuzzer
.gitignore
HypercallsOnlyFromPdf.txt
README.md
ViridianFuzzer.sln
create_cases.py
create_hvreserved_defines.py
extract_hypercalls_from_pdf.py
extract_ret_codes_from_pdf.py
extract_vmcall_handler_table_apply_idb.py

README.md

Viridian Fuzzer

It is a kernel driver that make hypercalls, execute CPUID, read/write to MSRs from CPL0.

Requirements

  • Requires a scheduled task, start at logon with admin privs
  • Requires ViFu3.h defines for share address
  • Store credentials of parent UNC in guest credential manager
  • Compiled as x64 Debug
  • Tested in Win10, with Hypercall Dispatch Table extracted for 1607

Information

  • Every time a fuzz attempt is ran it first writes info to fuzz_logger.txt, and registry data to VIFU_LOG.txt
  • On fuzzer start, a datetime is written to fuzz_logger.txt, and checks if log has any data written to it. If so find the latest fuzz entry, and increment to next isFast/isRep, then continue fuzzing
  • To start/stop autostart of fuzzer, create/delete file autoStart.txt in the log share.
    • Fuzzer won't start if it can't connect to share
  • To add more fuzzing rules: UM: add loops to BASIC FUZZER LOOPS, or increment switch() for specific conditions i.e. different GPA mem KM: if mod'ing GPA mem, in case IOCTL_HYPERCALL, add new else if
You can’t perform that action at this time.