Kernel Fuzzer for Xen (KF/x)

Welcome to the kernel-fuzzer-for-xen-project wiki! This wiki is the main documentation for KF/x and includes documentation and training exercises for reference, and to learn the tool.

Starter Tutorials

If you are new to KF/x, start here. The tutorials will guide you through all the knowledge and hands on practice you need to fuzz each of the primary target types KF/x is built for. The tutorials are all built to be run inside of VirtualBox, so you can learn to use KF/x no matter what host operating system or hardware you have.

The starter tutorials use tiny binaries to demonstrate how things are done without letting build systems or complicated configuration get in the way.

1. Install KF/x
2. Creating a Linux Guest
3. Harnessing a Linux Program
4. Fuzzing a Linux Program
5. Harnessing a Linux Kernel Module
6. Creating a Windows Guest
7. Harnessing a Windows Program
8. Fuzzing a Windows Program
9. Harnessing a Windows Kernel Driver
10. Fuzzing a Windows Kernel Driver

Conventions

Code Blocks

Throughout this tutorial, command prompts will be shown for both Xen/Linux and Windows. In code blocks, Xen/Linux commands will be prefixed with a $ character if output is shown in the code block and will not be prefixed otherwise. Likewise, PowerShell prompts will be prefixed with PS > when output is shown in the code block and will not be prefixed otherwise.

Commands

To keep formatting of commands easy to read, commands in this tutorial are split over multiple lines. PowerShell code blocks will split commands using the Windows line continuation character '`'. Linux code blocks will split commands using \, the typical Linux line continuation character. When typing commands manually, you can omit these line breaks and place options on one line.

For example, the command below:

PS > echo `
    "hello"
hello

Might also be written:

echo "hello"

Likewise, the command:

$ echo \
    "hi"
hi

Might also be written:

echo "hi"