{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,6]],"date-time":"2026-06-06T01:09:27Z","timestamp":1780708167315,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":74,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,12,5]],"date-time":"2022-12-05T00:00:00Z","timestamp":1670198400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-18-1-2662"],"award-info":[{"award-number":["N00014-18-1-2662"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["HR001118C0060"],"award-info":[{"award-number":["HR001118C0060"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1749711,"],"award-info":[{"award-number":["CNS-1749711,"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,12,5]]},"DOI":"10.1145\/3564625.3564631","type":"proceedings-article","created":{"date-parts":[[2022,12,3]],"date-time":"2022-12-03T01:01:29Z","timestamp":1670029289000},"page":"854-868","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["POPKORN: Popping Windows Kernel Drivers At Scale"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2789-3932","authenticated-orcid":false,"given":"Rajat","family":"Gupta","sequence":"first","affiliation":[{"name":"Systems Software &amp; Security Lab, Georgia Institute of Technology, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0335-2602","authenticated-orcid":false,"given":"Lukas Patrick","family":"Dresel","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of California, Santa Barbara, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2723-0370","authenticated-orcid":false,"given":"Noah","family":"Spahn","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of California, Santa Barbara, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3422-5369","authenticated-orcid":false,"given":"Giovanni","family":"Vigna","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of California, Santa Barbara, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5140-3414","authenticated-orcid":false,"given":"Christopher","family":"Kruegel","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of California, Santa Barbara, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7440-2067","authenticated-orcid":false,"given":"Taesoo","family":"Kim","sequence":"additional","affiliation":[{"name":"Systems Software &amp; Security Lab, Georgia Institute of Technology, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2022,12,5]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Angr. 2018. Programming SimProcedures. angr. https:\/\/docs.angr.io\/extending-angr\/simprocedures  Angr. 2018. Programming SimProcedures. angr. https:\/\/docs.angr.io\/extending-angr\/simprocedures"},{"key":"e_1_3_2_1_2_1","volume-title":"Tools and algorithms for the construction and analysis of systems, C.\u00a0R","author":"Balakrishnan Gogul","unstructured":"Gogul Balakrishnan and Thomas Reps . 2008. Analyzing stripped device-driver executables . In Tools and algorithms for the construction and analysis of systems, C.\u00a0R . Ramakrishnanand Jakob Rehof (Eds.). Springer Berlin Heidelberg , Berlin, Heidelberg , 124\u2013140. Gogul Balakrishnan and Thomas Reps. 2008. Analyzing stripped device-driver executables. In Tools and algorithms for the construction and analysis of systems, C.\u00a0R. Ramakrishnanand Jakob Rehof (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 124\u2013140."},{"key":"e_1_3_2_1_4_1","volume-title":"Bounded Model Checking.Handbook of satisfiability 185, 99","author":"Biere Armin","year":"2009","unstructured":"Armin Biere , Alessandro Cimatti , Edmund\u00a0 M Clarke , Ofer Strichman , and Yunshan Zhu . 2009. Bounded Model Checking.Handbook of satisfiability 185, 99 ( 2009 ), 457\u2013481. Armin Biere, Alessandro Cimatti, Edmund\u00a0M Clarke, Ofer Strichman, and Yunshan Zhu. 2009. Bounded Model Checking.Handbook of satisfiability 185, 99 (2009), 457\u2013481."},{"key":"e_1_3_2_1_5_1","unstructured":"Ruben Boonen. 2017. Part 19: Kernel Exploitation -> Logic bugs in Razer rzpnk.sys. FuzzySecurity. https:\/\/www.fuzzysecurity.com\/tutorials\/expDev\/23.html  Ruben Boonen. 2017. Part 19: Kernel Exploitation -> Logic bugs in Razer rzpnk.sys. FuzzySecurity. https:\/\/www.fuzzysecurity.com\/tutorials\/expDev\/23.html"},{"key":"e_1_3_2_1_6_1","volume-title":"KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In 17th USENIX Security Symposium (USENIX Security 08)","author":"Cadar Cristian","year":"2008","unstructured":"Cristian Cadar , Daniel Dunbar , and Dawson Engler . 2008 . KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In 17th USENIX Security Symposium (USENIX Security 08) (San Diego, California) (OSDI\u201908). USENIX Association, USA, 209\u2013224. Cristian Cadar, Daniel Dunbar, and Dawson Engler. 2008. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In 17th USENIX Security Symposium (USENIX Security 08) (San Diego, California) (OSDI\u201908). USENIX Association, USA, 209\u2013224."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345654"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1950365.1950396"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00114"},{"key":"e_1_3_2_1_10_1","volume-title":"Direct Memory Access and Bus Mastering. O\u2019Reilly Media","author":"Corbet Jonathan","unstructured":"Jonathan Corbet . 2018. Direct Memory Access and Bus Mastering. O\u2019Reilly Media , Inc . https:\/\/www.oreilly.com\/library\/view\/linux-device-drivers\/0596000081\/ch13s04.html Jonathan Corbet. 2018. Direct Memory Access and Bus Mastering. O\u2019Reilly Media, Inc. https:\/\/www.oreilly.com\/library\/view\/linux-device-drivers\/0596000081\/ch13s04.html"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134069"},{"key":"e_1_3_2_1_12_1","unstructured":"[\n  12\n  ]  Eclypsium.2019. https:\/\/eclypsium.com\/wp-content\/uploads\/2019\/08\/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf  [12] Eclypsium.2019. https:\/\/eclypsium.com\/wp-content\/uploads\/2019\/08\/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf"},{"key":"e_1_3_2_1_13_1","unstructured":"William Engelmann. 2015. Universal Extractor 2. https:\/\/github.com\/Bioruebe\/UniExtract2\/  William Engelmann. 2015. Universal Extractor 2. https:\/\/github.com\/Bioruebe\/UniExtract2\/"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23326"},{"key":"e_1_3_2_1_15_1","unstructured":"Owen\u00a0S. Good. 2018. Counter-Strike pro get caught cheating during a major esports tournament. Polygon Vox Media. https:\/\/www.polygon.com\/2018\/10\/21\/18006358\/counter-strike-esports-cheating-shanghai-video  Owen\u00a0S. Good. 2018. Counter-Strike pro get caught cheating during a major esports tournament. Polygon Vox Media. https:\/\/www.polygon.com\/2018\/10\/21\/18006358\/counter-strike-esports-cheating-shanghai-video"},{"key":"e_1_3_2_1_16_1","unstructured":"Google. 2021. google\/syzkaller. https:\/\/github.com\/google\/syzkaller original-date: 2015-10-12T06:05:05Z.  Google. 2021. google\/syzkaller. https:\/\/github.com\/google\/syzkaller original-date: 2015-10-12T06:05:05Z."},{"key":"e_1_3_2_1_17_1","volume-title":"Methodology for Static Reverse Engineering of Windows Kernel Drivers. Specter Ops","author":"Hand Matt","unstructured":"Matt Hand . 2020. Methodology for Static Reverse Engineering of Windows Kernel Drivers. Specter Ops , Inc . https:\/\/posts.specterops.io\/methodology-for-static-reverse-engineering-of-windows-kernel-drivers-3115b2efed83 Matt Hand. 2020. Methodology for Static Reverse Engineering of Windows Kernel Drivers. Specter Ops, Inc. https:\/\/posts.specterops.io\/methodology-for-static-reverse-engineering-of-windows-kernel-drivers-3115b2efed83"},{"key":"e_1_3_2_1_18_1","volume-title":"Formal methods in computer aided design","author":"Kinder Johannes","unstructured":"Johannes Kinder and Helmut Veith . 2010. Precise static analysis of untrusted driver binaries . In Formal methods in computer aided design . FMCAD Association , Lugano, Switzerland , 43\u201350. Johannes Kinder and Helmut Veith. 2010. Precise static analysis of untrusted driver binaries. In Formal methods in computer aided design. FMCAD Association, Lugano, Switzerland, 43\u201350."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855840.1855852"},{"key":"e_1_3_2_1_20_1","unstructured":"Kaspersky Lab. 2018. The Slingshot APT. Kaspersky. https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2018\/03\/09133534\/The-Slingshot-APT_report_ENG_final.pdf  Kaspersky Lab. 2018. The Slingshot APT. Kaspersky. https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2018\/03\/09133534\/The-Slingshot-APT_report_ENG_final.pdf"},{"key":"e_1_3_2_1_21_1","volume-title":"DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers. In 26th USENIX Security Symposium (USENIX Security 17)","author":"Machiry Aravind","year":"2017","unstructured":"Aravind Machiry , Chad Spensky , Jake Corina , Nick Stephens , Christopher Kruegel , and Giovanni Vigna . 2017 . DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers. In 26th USENIX Security Symposium (USENIX Security 17) . USENIX Association, Vancouver, BC, 1007\u20131024. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/machiry Aravind Machiry, Chad Spensky, Jake Corina, Nick Stephens, Christopher Kruegel, and Giovanni Vigna. 2017. DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1007\u20131024. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/machiry"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3471621.3471863"},{"key":"e_1_3_2_1_23_1","unstructured":"Debasish Mandal. 2021. debasishm89\/iofuzz. https:\/\/github.com\/debasishm89\/iofuzz original-date: 2014-03-16T17:17:46Z.  Debasish Mandal. 2021. debasishm89\/iofuzz. https:\/\/github.com\/debasishm89\/iofuzz original-date: 2014-03-16T17:17:46Z."},{"key":"e_1_3_2_1_24_1","unstructured":"Microsoft. 2017. Driver Verifier. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/devtest\/driver-verifier  Microsoft. 2017. Driver Verifier. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/devtest\/driver-verifier"},{"key":"e_1_3_2_1_25_1","unstructured":"Microsoft. 2017. Introduction to WDM. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/kernel\/introduction-to-wdm  Microsoft. 2017. Introduction to WDM. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/kernel\/introduction-to-wdm"},{"key":"e_1_3_2_1_26_1","unstructured":"Microsoft. 2017. I\/O Stack Locations. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/kernel\/i-o-stack-locations  Microsoft. 2017. I\/O Stack Locations. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/kernel\/i-o-stack-locations"},{"key":"e_1_3_2_1_27_1","unstructured":"Microsoft. 2017. IO_STACK_LOCATION structure (wdm.h). Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/ddi\/wdm\/ns-wdm-_io_stack_location  Microsoft. 2017. IO_STACK_LOCATION structure (wdm.h). Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/ddi\/wdm\/ns-wdm-_io_stack_location"},{"key":"e_1_3_2_1_28_1","unstructured":"Microsoft. 2017. IRP_MJ_DEVICE_CONTROL. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/kernel\/irp-mj-device-control  Microsoft. 2017. IRP_MJ_DEVICE_CONTROL. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/kernel\/irp-mj-device-control"},{"key":"e_1_3_2_1_29_1","unstructured":"Microsoft. 2017. Kernel-Mode Driver Architecture Design Guide. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/kernel\/  Microsoft. 2017. Kernel-Mode Driver Architecture Design Guide. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/kernel\/"},{"key":"e_1_3_2_1_30_1","unstructured":"Microsoft. 2017. Overview of Windows Components. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/kernel\/overview-of-windows-components  Microsoft. 2017. Overview of Windows Components. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/kernel\/overview-of-windows-components"},{"key":"e_1_3_2_1_31_1","unstructured":"Microsoft. 2017. Section Objects and Views. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/kernel\/section-objects-and-views  Microsoft. 2017. Section Objects and Views. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/kernel\/section-objects-and-views"},{"key":"e_1_3_2_1_32_1","unstructured":"Microsoft. 2017. Types of WDM Drivers. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/kernel\/types-of-wdm-drivers#possible-driver-layers  Microsoft. 2017. Types of WDM Drivers. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/kernel\/types-of-wdm-drivers#possible-driver-layers"},{"key":"e_1_3_2_1_33_1","unstructured":"Microsoft. 2017. User mode and kernel mode. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/gettingstarted\/user-mode-and-kernel-mode  Microsoft. 2017. User mode and kernel mode. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/gettingstarted\/user-mode-and-kernel-mode"},{"key":"e_1_3_2_1_34_1","unstructured":"Microsoft. 2017. Using Nt and Zw Versions of the Native System Services Routines. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/kernel\/using-nt-and-zw-versions-of-the-native-system-services-routines?redirectedfrom=MSDN  Microsoft. 2017. Using Nt and Zw Versions of the Native System Services Routines. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/kernel\/using-nt-and-zw-versions-of-the-native-system-services-routines?redirectedfrom=MSDN"},{"key":"e_1_3_2_1_35_1","unstructured":"Microsoft. 2017. Using WDF to Develop a Driver. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/wdf\/using-the-framework-to-develop-a-driver  Microsoft. 2017. Using WDF to Develop a Driver. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/wdf\/using-the-framework-to-develop-a-driver"},{"key":"e_1_3_2_1_36_1","unstructured":"Microsoft. 2017. WHQL Release Signature. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/install\/whql-release-signature  Microsoft. 2017. WHQL Release Signature. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/install\/whql-release-signature"},{"key":"e_1_3_2_1_37_1","unstructured":"Microsoft. 2018. Device Input and Output Control (IOCTL). Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/devio\/device-input-and-output-control-ioctl-  Microsoft. 2018. Device Input and Output Control (IOCTL). Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/devio\/device-input-and-output-control-ioctl-"},{"key":"e_1_3_2_1_38_1","unstructured":"Microsoft. 2018. DeviceIoControl function (ioapiset.h). Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/api\/ioapiset\/nf-ioapiset-deviceiocontrol  Microsoft. 2018. DeviceIoControl function (ioapiset.h). Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/api\/ioapiset\/nf-ioapiset-deviceiocontrol"},{"key":"e_1_3_2_1_39_1","unstructured":"Microsoft. 2018. IoAllocateMdl function (wdm.h). Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/ddi\/wdm\/nf-wdm-ioallocatemdl  Microsoft. 2018. IoAllocateMdl function (wdm.h). Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/ddi\/wdm\/nf-wdm-ioallocatemdl"},{"key":"e_1_3_2_1_40_1","unstructured":"Microsoft. 2018. MmMapIoSpace function (wdm.h). Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/ddi\/wdm\/nf-wdm-mmmapiospace  Microsoft. 2018. MmMapIoSpace function (wdm.h). Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/ddi\/wdm\/nf-wdm-mmmapiospace"},{"key":"e_1_3_2_1_41_1","unstructured":"Microsoft. 2018. MmMapLockedPages function (wdm.h). Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/ddi\/wdm\/nf-wdm-mmmaplockedpages  Microsoft. 2018. MmMapLockedPages function (wdm.h). Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/ddi\/wdm\/nf-wdm-mmmaplockedpages"},{"key":"e_1_3_2_1_42_1","unstructured":"Microsoft. 2018. ZwMapViewOfSection function (wdm.h). Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/ddi\/wdm\/nf-wdm-zwmapviewofsection  Microsoft. 2018. ZwMapViewOfSection function (wdm.h). Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/ddi\/wdm\/nf-wdm-zwmapviewofsection"},{"key":"e_1_3_2_1_43_1","unstructured":"Microsoft. 2018. ZwOpenProcess function (ntddk.h). Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/ddi\/ntddk\/nf-ntddk-zwopenprocess  Microsoft. 2018. ZwOpenProcess function (ntddk.h). Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/ddi\/ntddk\/nf-ntddk-zwopenprocess"},{"key":"e_1_3_2_1_44_1","unstructured":"Microsoft. 2019. Bug Check 0x3B: SYSTEM_SERVICE_EXCEPTION. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/debugger\/bug-check-0x3b\u2013system-service-exception  Microsoft. 2019. Bug Check 0x3B: SYSTEM_SERVICE_EXCEPTION. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/debugger\/bug-check-0x3b\u2013system-service-exception"},{"key":"e_1_3_2_1_45_1","unstructured":"Microsoft. 2019. Bug Check 0xBE: ATTEMPTED_WRITE_TO_READONLY_MEMORY. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/debugger\/bug-check-0xbe\u2013attempted-write-to-readonly-memory  Microsoft. 2019. Bug Check 0xBE: ATTEMPTED_WRITE_TO_READONLY_MEMORY. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/debugger\/bug-check-0xbe\u2013attempted-write-to-readonly-memory"},{"key":"e_1_3_2_1_46_1","unstructured":"Microsoft. 2019. Static Driver Verifier. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/devtest\/static-driver-verifier  Microsoft. 2019. Static Driver Verifier. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/devtest\/static-driver-verifier"},{"key":"e_1_3_2_1_47_1","unstructured":"Microsoft. 2020. Bug Check 0xC4: DRIVER_VERIFIER_DETECTED_VIOLATION. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/debugger\/bug-check-0xc4\u2013driver-verifier-detected-violation  Microsoft. 2020. Bug Check 0xC4: DRIVER_VERIFIER_DETECTED_VIOLATION. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/debugger\/bug-check-0xc4\u2013driver-verifier-detected-violation"},{"key":"e_1_3_2_1_48_1","unstructured":"Microsoft. 2020. Bug Check Code Reference. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/debugger\/bug-check-code-reference2  Microsoft. 2020. Bug Check Code Reference. Microsoft. https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/debugger\/bug-check-code-reference2"},{"key":"e_1_3_2_1_49_1","unstructured":"Microsoft. 2021. memmove function from C runtime library. Microsoft. https:\/\/docs.microsoft.com\/en-us\/cpp\/c-runtime-library\/reference\/memmove-wmemmove?view=msvc-160  Microsoft. 2021. memmove function from C runtime library. Microsoft. https:\/\/docs.microsoft.com\/en-us\/cpp\/c-runtime-library\/reference\/memmove-wmemmove?view=msvc-160"},{"key":"e_1_3_2_1_50_1","unstructured":"MITRE. 1999. CVE - CVE. https:\/\/cve.mitre.org\/  MITRE. 1999. CVE - CVE. https:\/\/cve.mitre.org\/"},{"key":"e_1_3_2_1_51_1","unstructured":"MITRE. 1999. CVE - Download CVE List. https:\/\/cve.mitre.org\/data\/downloads\/index.html  MITRE. 1999. CVE - Download CVE List. https:\/\/cve.mitre.org\/data\/downloads\/index.html"},{"key":"e_1_3_2_1_52_1","unstructured":"CVE MITRE. 2021. CVE-2021-21551. MITRE. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-21551  CVE MITRE. 2021. CVE-2021-21551. MITRE. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-21551"},{"key":"e_1_3_2_1_53_1","unstructured":"Sophos News. 202"},{"key":"e_1_3_2_1_54_1","unstructured":"Dmytro Oleksiuk. 2021. Cr4sh\/ioctlfuzzer. https:\/\/github.com\/Cr4sh\/ioctlfuzzer original-date: 2015-06-06T12:45:14Z.  Dmytro Oleksiuk. 2021. Cr4sh\/ioctlfuzzer. https:\/\/github.com\/Cr4sh\/ioctlfuzzer original-date: 2015-06-06T12:45:14Z."},{"key":"e_1_3_2_1_55_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Peng Hui","year":"2020","unstructured":"Hui Peng and Mathias Payer . 2020 . USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation . In 29th USENIX Security Symposium (USENIX Security 20) . USENIX Association, Online, 2559\u20132575. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/peng Hui Peng and Mathias Payer. 2020. USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, Online, 2559\u20132575. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/peng"},{"key":"e_1_3_2_1_56_1","unstructured":"Threat Post. 2020. BYO-Bug Tactic Attacks Windows Kernel with Outdated Driver. Thread Post. https:\/\/threatpost.com\/byo-bug-windows-kernel-outdated-driver\/152762\/  Threat Post. 2020. BYO-Bug Tactic Attacks Windows Kernel with Outdated Driver. Thread Post. https:\/\/threatpost.com\/byo-bug-windows-kernel-outdated-driver\/152762\/"},{"key":"e_1_3_2_1_57_1","first-page":"2017","volume":"201","author":"Razer\u00a0 OpenProcess","unstructured":"rzpnk.sys driver\u00a0Zw OpenProcess Razer\u00a0 Synapse. 201 7. CVE- 2017 - 9769 . MITRE. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-9769 rzpnk.sys driver\u00a0ZwOpenProcess Razer\u00a0Synapse. 2017. CVE-2017-9769. MITRE. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-9769","journal-title":"Synapse."},{"key":"e_1_3_2_1_58_1","unstructured":"The Register. 2020. Windows kernel vulnerability disclosed by Google\u2019s Project Zero after bug exploited in the wild by hackers. The Register. https:\/\/www.theregister.com\/2020\/10\/30\/windows_kernel_zeroday\/  The Register. 2020. Windows kernel vulnerability disclosed by Google\u2019s Project Zero after bug exploited in the wild by hackers. The Register. https:\/\/www.theregister.com\/2020\/10\/30\/windows_kernel_zeroday\/"},{"key":"e_1_3_2_1_59_1","volume-title":"10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12)","author":"Renzelmann J.","year":"2012","unstructured":"Matthew\u00a0 J. Renzelmann , Asim Kadav , and Michael\u00a0 M. Swift . 2012 . SymDrive: Testing Drivers without Devices . In 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12) . USENIX Association, Hollywood, CA, 279\u2013292. https:\/\/www.usenix.org\/conference\/osdi12\/technical-sessions\/presentation\/renzelmann Matthew\u00a0J. Renzelmann, Asim Kadav, and Michael\u00a0M. Swift. 2012. SymDrive: Testing Drivers without Devices. In 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12). USENIX Association, Hollywood, CA, 279\u2013292. https:\/\/www.usenix.org\/conference\/osdi12\/technical-sessions\/presentation\/renzelmann"},{"key":"e_1_3_2_1_60_1","unstructured":"ESET Research. 2018. LoJax: First UEFI rootkit found in the wild courtesy of the Sednit group. ESET. https:\/\/www.welivesecurity.com\/2018\/09\/27\/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group\/  ESET Research. 2018. LoJax: First UEFI rootkit found in the wild courtesy of the Sednit group. ESET. https:\/\/www.welivesecurity.com\/2018\/09\/27\/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group\/"},{"key":"e_1_3_2_1_61_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Schumilo Sergej","year":"2017","unstructured":"Sergej Schumilo , Cornelius Aschermann , Robert Gawlik , Sebastian Schinzel , and Thorsten Holz . 2017 . kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels . In 26th USENIX Security Symposium (USENIX Security 17) . USENIX Association, Vancouver, BC, 167\u2013182. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/schumilo Sergej Schumilo, Cornelius Aschermann, Robert Gawlik, Sebastian Schinzel, and Thorsten Holz. 2017. kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 167\u2013182. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/schumilo"},{"key":"e_1_3_2_1_62_1","volume-title":"Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints. In 29th USENIX Security Symposium (USENIX Security 20)","author":"Song Dokyung","year":"2020","unstructured":"Dokyung Song , Felicitas Hetzelt , Jonghwan Kim , Brent\u00a0 ByungHoon Kang , Jean-Pierre Seifert , and Michael Franz . 2020 . Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints. In 29th USENIX Security Symposium (USENIX Security 20) . USENIX Association, Online, 2541\u20132557. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/song Dokyung Song, Felicitas Hetzelt, Jonghwan Kim, Brent\u00a0ByungHoon Kang, Jean-Pierre Seifert, and Michael Franz. 2020. Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, Online, 2541\u20132557. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/song"},{"key":"e_1_3_2_1_63_1","unstructured":"Phillip Tinner. 2020. Valorant Anti-Cheat Exploit Discoveries Can Net Players $100 000. ScreenRant. https:\/\/screenrant.com\/valorant-anti-cheat-exploit-hacker-cracker\/  Phillip Tinner. 2020. Valorant Anti-Cheat Exploit Discoveries Can Net Players $100 000. ScreenRant. https:\/\/screenrant.com\/valorant-anti-cheat-exploit-hacker-cracker\/"},{"key":"e_1_3_2_1_64_1","unstructured":"The Verge. 2020. The World\u2019s Biggest PC Games are fighting a new surge of Cheaters and Hackers. The Verge. https:\/\/www.theverge.com\/2020\/5\/6\/21246229\/pc-gaming-cheating-aimbots-wallhacks-hacking-tools-developer-response-problem  The Verge. 2020. The World\u2019s Biggest PC Games are fighting a new surge of Cheaters and Hackers. The Verge. https:\/\/www.theverge.com\/2020\/5\/6\/21246229\/pc-gaming-cheating-aimbots-wallhacks-hacking-tools-developer-response-problem"},{"key":"e_1_3_2_1_65_1","volume-title":"Angr-the next generation of binary analysis. In 2017 IEEE Cybersecurity Development (SecDev)","author":"Wang Fish","unstructured":"Fish Wang and Yan Shoshitaishvili . 2017. Angr-the next generation of binary analysis. In 2017 IEEE Cybersecurity Development (SecDev) . IEEE, IEEE , Cambridge, MA, USA , 8\u20139. Fish Wang and Yan Shoshitaishvili. 2017. Angr-the next generation of binary analysis. In 2017 IEEE Cybersecurity Development (SecDev). IEEE, IEEE, Cambridge, MA, USA, 8\u20139."},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243844"},{"key":"e_1_3_2_1_67_1","volume-title":"10th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI} 12). USENIX","author":"Wang Xi","unstructured":"Xi Wang , Haogang Chen , Zhihao Jia , Nickolai Zeldovich , and M\u00a0Frans Kaashoek . 2012. Improving integer security for systems with {KINT} . In 10th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI} 12). USENIX , Hollywood , Los Angeles, CA, USA , 163\u2013177. Xi Wang, Haogang Chen, Zhihao Jia, Nickolai Zeldovich, and M\u00a0Frans Kaashoek. 2012. Improving integer security for systems with {KINT}. In 10th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI} 12). USENIX, Hollywood, Los Angeles, CA, USA, 163\u2013177."},{"key":"e_1_3_2_1_68_1","unstructured":"Ubuntu Wiki. 2019. EFI\/UEFI Boot Loaders. Ubuntu. https:\/\/wiki.ubuntu.com\/EFIBootLoaders  Ubuntu Wiki. 2019. EFI\/UEFI Boot Loaders. Ubuntu. https:\/\/wiki.ubuntu.com\/EFIBootLoaders"},{"key":"e_1_3_2_1_69_1","unstructured":"Wikipedia. 2017. Formal verification. Wikipedia. https:\/\/en.wikipedia.org\/wiki\/Formal_verification  Wikipedia. 2017. Formal verification. Wikipedia. https:\/\/en.wikipedia.org\/wiki\/Formal_verification"},{"key":"e_1_3_2_1_70_1","unstructured":"Wikipedia. 2018. Extended Validation Certificate. Wikipedia. https:\/\/en.wikipedia.org\/wiki\/Extended_Validation_Certificate  Wikipedia. 2018. Extended Validation Certificate. Wikipedia. https:\/\/en.wikipedia.org\/wiki\/Extended_Validation_Certificate"},{"key":"e_1_3_2_1_71_1","unstructured":"Wikipedia. 2018. Peripheral Component Interconnect. Wikipedia. https:\/\/en.wikipedia.org\/wiki\/Peripheral_Component_Interconnect  Wikipedia. 2018. Peripheral Component Interconnect. Wikipedia. https:\/\/en.wikipedia.org\/wiki\/Peripheral_Component_Interconnect"},{"key":"e_1_3_2_1_72_1","unstructured":"Wikipedia. 2018. Protection ring. Wikipedia. https:\/\/en.wikipedia.org\/wiki\/Protection_ring  Wikipedia. 2018. Protection ring. Wikipedia. https:\/\/en.wikipedia.org\/wiki\/Protection_ring"},{"key":"e_1_3_2_1_73_1","unstructured":"Wikipedia. 2021. Portable Executable. Wikipedia. http:\/\/web.archive.org\/web\/20210604044347\/https:\/\/en.wikipedia.org\/wiki\/Portable_Executable  Wikipedia. 2021. Portable Executable. Wikipedia. http:\/\/web.archive.org\/web\/20210604044347\/https:\/\/en.wikipedia.org\/wiki\/Portable_Executable"},{"key":"e_1_3_2_1_74_1","unstructured":"xst3nz. 2012. ioctlbf: Scanning IOCTLs & Fuzzing Windows kernel drivers. https:\/\/code.google.com\/archive\/p\/ioctlbf\/  xst3nz. 2012. ioctlbf: Scanning IOCTLs & Fuzzing Windows kernel drivers. https:\/\/code.google.com\/archive\/p\/ioctlbf\/"},{"key":"e_1_3_2_1_75_1","unstructured":"ZDNET. 2020. Ransomware installs Gigabyte driver to kill antivirus products. ZDNET. https:\/\/www.zdnet.com\/article\/ransomware-installs-gigabyte-driver-to-kill-antivirus-products\/  ZDNET. 2020. Ransomware installs Gigabyte driver to kill antivirus products. ZDNET. https:\/\/www.zdnet.com\/article\/ransomware-installs-gigabyte-driver-to-kill-antivirus-products\/"}],"event":{"name":"ACSAC: Annual Computer Security Applications Conference","location":"Austin TX USA","acronym":"ACSAC"},"container-title":["Proceedings of the 38th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3564625.3564631","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3564625.3564631","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3564625.3564631","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:09:11Z","timestamp":1750183751000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3564625.3564631"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,12,5]]},"references-count":74,"alternative-id":["10.1145\/3564625.3564631","10.1145\/3564625"],"URL":"https:\/\/doi.org\/10.1145\/3564625.3564631","relation":{},"subject":[],"published":{"date-parts":[[2022,12,5]]},"assertion":[{"value":"2022-12-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}