IoAttack

Note

IoSpy and IoAttack are no longer available in the WDK after Windows 10 Version 1703.

As an alternative to these tools, consider using the fuzzing tests available in the HLK. Here are a few to consider.

DF - Fuzz random IOCTL test (Reliability)

DF - Fuzz sub-opens test (Reliability)

DF - Fuzz zero length buffer FSCTL test (Reliability)

DF - Fuzz random FSCTL test (Reliability)

DF - Fuzz Misc API test (Reliability)

You can also use the Kernel synchronization delay fuzzing that is included with Driver Verifier.

The Penetration Tests (Device Fundamentals) test Run I/O Attack performs the fuzz tests. The Run I/O Attack test uses the IoSpy data file that was previously created through IoSpy on a test system.

Before running IoAttack on a test system, you must do the following:

• Enable kernel-mode debugging on the test computer. This is done when you configure a computer for testing, see Provision a computer for driver deployment and testing (WDK 8.1), or Provision a computer for driver deployment and testing (WDK 8).

• Run the Enable Driver Verifier test to enable Driver Verifier options on all of the drivers in the driver stack for the devices to be tested. In particular, you should enable the Special Pool option. In the Add or Remove Driver Tests dialog box, the Enable Driver Verifier test is under All Tests\Driver Verifier. See How to test a driver at runtime using Visual Studio. For information about selecting and configuring tests and tool parameters, see How to select and configure the Device Fundamentals tests

• Remove IoSpy from the test system. To do this, run the Disable I/O Spy test.

If any of these steps have been performed, you must reboot the test system before you run IoAttack.

For more information about how to run fuzz tests, see How to Perform Fuzz tests with IoSpy and IoAttack.