Harnessing Intel Processor Trace on Windows for Fuzz

Explore Intel Processor Trace, a hardware branch tracing feature in Intel Skylake processors, in this 55-minute conference talk from Recon Conference. Delve into the design and implementation of Intel PT, including filtering modes and output configurations. Learn about the development of the first open-source Intel PT driver for Microsoft Windows, overcoming low-level programming challenges in PMU programming, Performance Monitoring Interrupts, Local Vector Table management, and physical memory handling. Discover new features like IP filtering and multi-processor support. Witness demonstrations of Intel PT in Windows environments for diagnostic and debugging purposes, including a tracing demo and an IDA Plugin for decoding and applying trace data to visual assembly graphs. Explore how Intel PT is harnessed for guided fuzzing, integrating it with the evolutionary fuzzer American Fuzzy Lop (AFL) for targeting Windows binaries. Understand the implementation of new functionality in AFL for guided fuzzing, allowing users to specify targeted areas on program control flow graphs. Gain insights into combining static analysis results with known-vulnerable locations to automate vulnerability reproduction without symbolic execution limitations. Learn about innovative methods for efficiently encoding weighted graphs into comparable bytemaps to maintain high performance.