A directed greybox fuzzer for windows applications
Abstract Directed greybox fuzzing (DGF) has proven effective in vulnerability discovery, but most efforts focus on the Linux platform, with substantially less attention devoted to Windows platform due to its closed-source and GUI software nature. This paper proposes WinDGF, a novel directed greybox...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Nature Portfolio
2025-07-01
|
| Series: | Scientific Reports |
| Subjects: | |
| Online Access: | https://doi.org/10.1038/s41598-025-09777-3 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849237833670197248 |
|---|---|
| author | Xin Ren Peng-fei Wang Xu Zhou Kai Lu |
| author_facet | Xin Ren Peng-fei Wang Xu Zhou Kai Lu |
| author_sort | Xin Ren |
| collection | DOAJ |
| description | Abstract Directed greybox fuzzing (DGF) has proven effective in vulnerability discovery, but most efforts focus on the Linux platform, with substantially less attention devoted to Windows platform due to its closed-source and GUI software nature. This paper proposes WinDGF, a novel directed greybox fuzzer for Windows applications that addresses challenges including target function localization in persistent testing, GUI bypassing, and fitness metric calculation. WinDGF offers two modes: WinDGF_path, which guides fuzzing towards specific execution paths by iteratively reducing path distances, ideal for deep exploration in complex programs, and WinDGF_keyblock, which enhances defect identification by maximizing key-block coverage, suitable for focused and rapid testing in security-critical parts of applications. By flexibly selecting the appropriate mode, users can optimize their testing strategies based on different objectives, enhancing the effectiveness and efficiency of the tests. This paper evaluates the overall performance and crash reproduction capabilities of WinDGF against WinAFL and Winnie across 10 Windows applications. The results demonstrate that WinDGF substantially enhances test case exploration and vulnerability detection capabilities. Compared to WinAFL, WinDGF_path and WinDGF_keyblock show an average increases of 31.72% and 79.48% , respectively, in the number of unique crashes discovered. Moreover, relative to Winnie, WinDGF achieves further improvements of 5.96% and 33.25%, respectively. WinDGF also successfully reproduces 11 known crash points, highlighting its targeted fuzzing capabilities. |
| format | Article |
| id | doaj-art-339e8a1640b043b69377ab0e37d1ba9b |
| institution | Kabale University |
| issn | 2045-2322 |
| language | English |
| publishDate | 2025-07-01 |
| publisher | Nature Portfolio |
| record_format | Article |
| series | Scientific Reports |
| spelling | doaj-art-339e8a1640b043b69377ab0e37d1ba9b2025-08-20T04:01:49ZengNature PortfolioScientific Reports2045-23222025-07-0115111810.1038/s41598-025-09777-3A directed greybox fuzzer for windows applicationsXin Ren0Peng-fei Wang1Xu Zhou2Kai Lu3College of Computer Science and Technology, National University of Defense TechnologyCollege of Computer Science and Technology, National University of Defense TechnologyCollege of Computer Science and Technology, National University of Defense TechnologyCollege of Computer Science and Technology, National University of Defense TechnologyAbstract Directed greybox fuzzing (DGF) has proven effective in vulnerability discovery, but most efforts focus on the Linux platform, with substantially less attention devoted to Windows platform due to its closed-source and GUI software nature. This paper proposes WinDGF, a novel directed greybox fuzzer for Windows applications that addresses challenges including target function localization in persistent testing, GUI bypassing, and fitness metric calculation. WinDGF offers two modes: WinDGF_path, which guides fuzzing towards specific execution paths by iteratively reducing path distances, ideal for deep exploration in complex programs, and WinDGF_keyblock, which enhances defect identification by maximizing key-block coverage, suitable for focused and rapid testing in security-critical parts of applications. By flexibly selecting the appropriate mode, users can optimize their testing strategies based on different objectives, enhancing the effectiveness and efficiency of the tests. This paper evaluates the overall performance and crash reproduction capabilities of WinDGF against WinAFL and Winnie across 10 Windows applications. The results demonstrate that WinDGF substantially enhances test case exploration and vulnerability detection capabilities. Compared to WinAFL, WinDGF_path and WinDGF_keyblock show an average increases of 31.72% and 79.48% , respectively, in the number of unique crashes discovered. Moreover, relative to Winnie, WinDGF achieves further improvements of 5.96% and 33.25%, respectively. WinDGF also successfully reproduces 11 known crash points, highlighting its targeted fuzzing capabilities.https://doi.org/10.1038/s41598-025-09777-3Windows applicationsDirected greybox fuzzerPath distancesKey-block coverage |
| spellingShingle | Xin Ren Peng-fei Wang Xu Zhou Kai Lu A directed greybox fuzzer for windows applications Scientific Reports Windows applications Directed greybox fuzzer Path distances Key-block coverage |
| title | A directed greybox fuzzer for windows applications |
| title_full | A directed greybox fuzzer for windows applications |
| title_fullStr | A directed greybox fuzzer for windows applications |
| title_full_unstemmed | A directed greybox fuzzer for windows applications |
| title_short | A directed greybox fuzzer for windows applications |
| title_sort | directed greybox fuzzer for windows applications |
| topic | Windows applications Directed greybox fuzzer Path distances Key-block coverage |
| url | https://doi.org/10.1038/s41598-025-09777-3 |
| work_keys_str_mv | AT xinren adirectedgreyboxfuzzerforwindowsapplications AT pengfeiwang adirectedgreyboxfuzzerforwindowsapplications AT xuzhou adirectedgreyboxfuzzerforwindowsapplications AT kailu adirectedgreyboxfuzzerforwindowsapplications AT xinren directedgreyboxfuzzerforwindowsapplications AT pengfeiwang directedgreyboxfuzzerforwindowsapplications AT xuzhou directedgreyboxfuzzerforwindowsapplications AT kailu directedgreyboxfuzzerforwindowsapplications |