# ROCALL **Repository Path**: hfiref0x/ROCALL ## Basic Information - **Project Name**: ROCALL - **Description**: ReactOS x86-32 syscall fuzzer - **Primary Language**: C - **License**: MIT - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2021-04-16 - **Last Updated**: 2021-04-16 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # ROCALL ## ReactOS x86-32 syscall fuzzer. # System Requirements + ReactOS x86-32; + Account with administrative privileges (optional). # Usage ROCALL [-win32k] [-logn | logv ] [-pc Value] [-wt Value] [-sc Value] [-s] * -logn - enable logging via COM1 port, service name will be logged, default disabled; * -logv - enable logging via COM1 port, service name and call parameters will be logged(slow), default disabled; * -win32k - launch win32k service table fuzzing, default ntoskrnl service table fuzzing; * -pc Value - number of passes for each service, default value 1024; * -wt Value - wait timeout in seconds, default value 30; * -sc Value - start fuzzing from service entry number (index from 0), default 0; * -s - restart program under LocalSystem account. When used without parameters RoCall will start fuzzing system service table. Example: + ROCALL + ROCALL -logn + ROCALL -logv + ROCALL -logn -pc 1234 + ROCALL -logv -pc 1234 + ROCALL -logn -pc 1234 -sc 100 + ROCALL -logv -pc 1234 -sc 100 + ROCALL -win32k + ROCALL -win32k -logn + ROCALL -win32k -logv + ROCALL -win32k -logn -pc 1234 + ROCALL -win32k -logv -pc 1234 + ROCALL -win32k -logn -pc 1234 -sc 100 + ROCALL -win32k -logv -pc 1234 -sc 100 + ROCALL -wt 40 + ROCALL -s Note: make sure to configure virtual machine COM1 port settings before trying this tool. # How it work It brute-force through system services and call them multiple times with input parameters randomly taken from predefined "bad arguments" list. # Configuration By using blacklist.ini configuration file you can blacklist certain services. To do this - add service name (case sensitive) to the corresponding section of the blacklist.ini, e.g. if you want to blacklist services from KiServiceTable then use [ntos] section. Example of blacklist.ini (default config shipped with program) 
[ntos]
NtClose
NtShutdownSystem
NtSuspendProcess
NtSuspendThread
NtTerminateProcess
NtTerminateThread

[win32k]
NtUserSwitchDesktop
NtUserLockWorkStation
# Warning This program may crash the operation system, affect it stability, which may result in data lost or program crash itself. You use it at your own risk. # Build ROCALL comes with full source code written in C with tiny assembler usage. In order to build from source you need Microsoft Visual Studio 2015 and later versions. ## Instructions * Select Platform ToolSet first for project in solution you want to build (Project->Properties->General): * v120 for Visual Studio 2013; * v140 for Visual Studio 2015; * v141 for Visual Studio 2017; * v142 for Visual Studio 2019. * For v140 and above set Target Platform Version (Project->Properties->General): * If v140 then select 8.1; * If v141/v142 then select 10. * Minimum required Windows SDK version is 8.1. # Bugs found with ROCALL * Making ReactOS Great Again, https://www.kernelmode.info/forum/viewtopic6f46.html?f=11&t=5302 (Long list and explanation) * Is ReactOS Great Again (2019), https://swapcontext.blogspot.com/2019/12/is-reactos-great-again-2019.html # Authors (c) 2018 - 2019 ROCALL Project