CPU : Intel i-7 12700K
RAM : 84G
GPU : Nvidia Geforce 1060 super
OS : Ubuntu 20.04.6 LTS

sudo apt-get update -y
sudo apt-get install gcc git make curl vim python3 python3.8-venv -y

$ ssh-keygen -t rsa -C <example@example.com>

$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3Nz...

put this string to github -> profile -> settings -> SSH and GPG Keys -> New SSH key

cd ~
git clone git@github.com:0dayResearchLab/msFuzz.git kAFL
cd kAFL
make deploy
reboot

cd ~/kAFL
make deploy -- --tags examples,examples-template-windows
cd ./kafl/examples/templates/windows
make build

make import

cd ../../windows_x86_64
make init

cd ~/kAFL
make env
cd kafl/examples/windows_x86_64/
mkdir -p bin/driver 
cp ../../fuzzer/Utils/Harness_for_nyx.sys ./bin/driver


1. vi src/driver/vuln_test.c -> Change Symbolic Link Name / target sys ( Target Driver Name )

2. Qemu Booting
-> vagrant up --no-provision

3. Make Qemu Snapshot named 'ready_provision'
-> vagrant snapshot save --force 'ready_provision'

4.a
    make target -> automatic loading the Driver to Qemu that located in bin/driver/target.sys & bin/driver/vuln_test.exe
4.b
    make no_target -> automatic loading the Driver to Qemu that located in vuln_test.exe / call_stack.sys
4.c
    make environment yourself


6. mkdir -p ./seed

7. ./run.sh
    you can get the result.json file at angrPT(https://github.com/0dayResearchLab/angrPT)
    And result.json have the information about the each IoControl Constraint and Global Variable dependencies.

8. Show GUI
cd ~/kAFL
make env
cd kafl/examples/windows_x86_64/
kafl gui -w work

9. make revoke -> Revoke the Snapshot from fuzzed to Stage #3 ( 'ready_provison' )