Version 2.0.0 from 29 Jun 2025
Almost complete rewrite
Heuristic Parameter Fuzzing (-h switch)
- New logic for heuristically inferring syscall parameter types.
- Generates structured fuzz data for more realistic syscall fuzzing.
- Includes a parameter type database for both NT and Win32k syscalls, with support for common structures (e.g.,
UNICODE_STRING,OBJECT_ATTRIBUTES, security descriptors, etc.).
Blacklist Enhancements
- Blacklist logic now uses a 256-bucket hash table with FNV-1a hashing for efficient lookup, replacing the previous linear search approach.
- Blacklist has been extended with more problematic services.
Fuzzing Session Statistics
- Now tracks and reports:
- Total syscall invocations
- Successful calls
- Failed calls
- Crashes
- Timeouts
- Results are printed at the end of each fuzzing session.
Logging Improvements
- Binary Log Format: Parameters are now logged in a fixed binary format for easier post-processing and analysis.
- Log Options Simplified: Use a single
-ooption to specify either a port or file as the logging target.
Platform Support Changes
- Removed support for Windows 7, 8, and 8.1.
Multiple other minor changes and bugfixes.