WinAFL is a Windows-compatible fork of AFL that enables coverage-guided fuzzing of Windows binaries using dynamic and static instrumentation techniques.
A fork of AFL for fuzzing Windows binaries
WinAFL is used by security researchers and vulnerability analysts to perform fuzz testing on Windows applications and binaries to discover security vulnerabilities. It is especially useful for fuzzing black-box Windows binaries where source code instrumentation is not feasible. The tool helps automate the process of finding bugs by intelligently exploring new execution paths.
WinAFL requires setting up external instrumentation frameworks like DynamoRIO or TinyInst, which may have their own installation prerequisites. Persistent fuzzing mode significantly improves performance but requires identifying a suitable target function for looping. Users should ensure compatibility of the target binary and instrumentation mode. Familiarity with fuzzing concepts and Windows internals is recommended for effective use.
Clone the repository from https://github.com/googleprojectzero/winafl
Set up DynamoRIO or TinyInst for dynamic instrumentation as per your fuzzing mode
Build WinAFL using the provided build scripts or Visual Studio project files
Configure the target binary and select the target function to fuzz
Run afl-fuzz.exe with appropriate parameters to start fuzzingafl-fuzz.exe -i <input_dir> -o <output_dir> -D <dynamorio_path> -- <target_binary> <target_args>
Starts fuzzing the target binary using DynamoRIO dynamic instrumentation mode.
afl-fuzz.exe -i <input_dir> -o <output_dir> -T <target_function> -- <target_binary> <target_args>
Runs persistent fuzzing mode by looping the specified target function to reduce startup overhead.