A directed greybox fuzzer for windows applications

Abstract Directed greybox fuzzing (DGF) has proven effective in vulnerability discovery, but most efforts focus on the Linux platform, with substantially less attention devoted to Windows platform due to its closed-source and GUI software nature. This paper proposes WinDGF, a novel directed greybox...

Full description

Saved in:
Bibliographic Details
Main Authors: Xin Ren, Peng-fei Wang, Xu Zhou, Kai Lu
Format: Article
Language:English
Published: Nature Portfolio 2025-07-01
Series:Scientific Reports
Subjects:
Online Access:https://doi.org/10.1038/s41598-025-09777-3
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1849237833670197248
author Xin Ren
Peng-fei Wang
Xu Zhou
Kai Lu
author_facet Xin Ren
Peng-fei Wang
Xu Zhou
Kai Lu
author_sort Xin Ren
collection DOAJ
description Abstract Directed greybox fuzzing (DGF) has proven effective in vulnerability discovery, but most efforts focus on the Linux platform, with substantially less attention devoted to Windows platform due to its closed-source and GUI software nature. This paper proposes WinDGF, a novel directed greybox fuzzer for Windows applications that addresses challenges including target function localization in persistent testing, GUI bypassing, and fitness metric calculation. WinDGF offers two modes: WinDGF_path, which guides fuzzing towards specific execution paths by iteratively reducing path distances, ideal for deep exploration in complex programs, and WinDGF_keyblock, which enhances defect identification by maximizing key-block coverage, suitable for focused and rapid testing in security-critical parts of applications. By flexibly selecting the appropriate mode, users can optimize their testing strategies based on different objectives, enhancing the effectiveness and efficiency of the tests. This paper evaluates the overall performance and crash reproduction capabilities of WinDGF against WinAFL and Winnie across 10 Windows applications. The results demonstrate that WinDGF substantially enhances test case exploration and vulnerability detection capabilities. Compared to WinAFL, WinDGF_path and WinDGF_keyblock show an average increases of 31.72% and 79.48% , respectively, in the number of unique crashes discovered. Moreover, relative to Winnie, WinDGF achieves further improvements of 5.96% and 33.25%, respectively. WinDGF also successfully reproduces 11 known crash points, highlighting its targeted fuzzing capabilities.
format Article
id doaj-art-339e8a1640b043b69377ab0e37d1ba9b
institution Kabale University
issn 2045-2322
language English
publishDate 2025-07-01
publisher Nature Portfolio
record_format Article
series Scientific Reports
spelling doaj-art-339e8a1640b043b69377ab0e37d1ba9b2025-08-20T04:01:49ZengNature PortfolioScientific Reports2045-23222025-07-0115111810.1038/s41598-025-09777-3A directed greybox fuzzer for windows applicationsXin Ren0Peng-fei Wang1Xu Zhou2Kai Lu3College of Computer Science and Technology, National University of Defense TechnologyCollege of Computer Science and Technology, National University of Defense TechnologyCollege of Computer Science and Technology, National University of Defense TechnologyCollege of Computer Science and Technology, National University of Defense TechnologyAbstract Directed greybox fuzzing (DGF) has proven effective in vulnerability discovery, but most efforts focus on the Linux platform, with substantially less attention devoted to Windows platform due to its closed-source and GUI software nature. This paper proposes WinDGF, a novel directed greybox fuzzer for Windows applications that addresses challenges including target function localization in persistent testing, GUI bypassing, and fitness metric calculation. WinDGF offers two modes: WinDGF_path, which guides fuzzing towards specific execution paths by iteratively reducing path distances, ideal for deep exploration in complex programs, and WinDGF_keyblock, which enhances defect identification by maximizing key-block coverage, suitable for focused and rapid testing in security-critical parts of applications. By flexibly selecting the appropriate mode, users can optimize their testing strategies based on different objectives, enhancing the effectiveness and efficiency of the tests. This paper evaluates the overall performance and crash reproduction capabilities of WinDGF against WinAFL and Winnie across 10 Windows applications. The results demonstrate that WinDGF substantially enhances test case exploration and vulnerability detection capabilities. Compared to WinAFL, WinDGF_path and WinDGF_keyblock show an average increases of 31.72% and 79.48% , respectively, in the number of unique crashes discovered. Moreover, relative to Winnie, WinDGF achieves further improvements of 5.96% and 33.25%, respectively. WinDGF also successfully reproduces 11 known crash points, highlighting its targeted fuzzing capabilities.https://doi.org/10.1038/s41598-025-09777-3Windows applicationsDirected greybox fuzzerPath distancesKey-block coverage
spellingShingle Xin Ren
Peng-fei Wang
Xu Zhou
Kai Lu
A directed greybox fuzzer for windows applications
Scientific Reports
Windows applications
Directed greybox fuzzer
Path distances
Key-block coverage
title A directed greybox fuzzer for windows applications
title_full A directed greybox fuzzer for windows applications
title_fullStr A directed greybox fuzzer for windows applications
title_full_unstemmed A directed greybox fuzzer for windows applications
title_short A directed greybox fuzzer for windows applications
title_sort directed greybox fuzzer for windows applications
topic Windows applications
Directed greybox fuzzer
Path distances
Key-block coverage
url https://doi.org/10.1038/s41598-025-09777-3
work_keys_str_mv AT xinren adirectedgreyboxfuzzerforwindowsapplications
AT pengfeiwang adirectedgreyboxfuzzerforwindowsapplications
AT xuzhou adirectedgreyboxfuzzerforwindowsapplications
AT kailu adirectedgreyboxfuzzerforwindowsapplications
AT xinren directedgreyboxfuzzerforwindowsapplications
AT pengfeiwang directedgreyboxfuzzerforwindowsapplications
AT xuzhou directedgreyboxfuzzerforwindowsapplications
AT kailu directedgreyboxfuzzerforwindowsapplications