executor, sys/windows: initial windows support

11 files changed, 372 insertions, 53 deletions

diff --git a/sys/sys.go b/sys/sys.go
index 87abb9997..7ba783e5e 100644
--- a/sys/sys.go
+++ b/sys/sys.go
@@ -6,6 +6,7 @@ package sys
 import (
 	_ "github.com/google/syzkaller/sys/fuchsia"
 	_ "github.com/google/syzkaller/sys/linux"
+	_ "github.com/google/syzkaller/sys/windows"
 )
 
 // Emitted by Makefile.
diff --git a/sys/syz-extract/extract.go b/sys/syz-extract/extract.go
index 6820363db..bff00b23f 100644
--- a/sys/syz-extract/extract.go
+++ b/sys/syz-extract/extract.go
@@ -9,9 +9,11 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"runtime"
 	"sort"
+	"strconv"
 	"strings"
 	"sync"
 
@@ -55,6 +57,7 @@ var oses = map[string]OS{
 	"linux":   new(linux),
 	"android": new(linux),
 	"fuchsia": new(fuchsia),
+	"windows": new(windows),
 }
 
 func main() {
@@ -68,9 +71,6 @@ func main() {
 	if OS == nil {
 		failf("unknown os: %v", *flagOS)
 	}
-	if *flagSourceDir == "" {
-		failf("provide path to kernel checkout via -sourcedir flag (or make extract SOURCEDIR)")
-	}
 	if *flagBuild && *flagBuildDir != "" {
 		failf("-build and -builddir is an invalid combination")
 	}
@@ -230,3 +230,35 @@ func processFile(OS OS, arch *Arch, inname string) (map[string]bool, error) {
 	}
 	return undeclared, nil
 }
+
+func runBinaryAndParse(bin string, vals []string, undeclared map[string]bool) (map[string]uint64, error) {
+	out, err := exec.Command(bin).CombinedOutput()
+	if err != nil {
+		return nil, fmt.Errorf("failed to run flags binary: %v\n%v", err, string(out))
+	}
+	flagVals := strings.Split(string(out), " ")
+	if len(out) == 0 {
+		flagVals = nil
+	}
+	if len(flagVals) != len(vals)-len(undeclared) {
+		return nil, fmt.Errorf("fetched wrong number of values %v != %v - %v\nflagVals: %q\nvals: %q\nundeclared: %q",
+			len(flagVals), len(vals), len(undeclared),
+			flagVals, vals, undeclared)
+	}
+	res := make(map[string]uint64)
+	j := 0
+	for _, v := range flagVals {
+		name := vals[j]
+		j++
+		for undeclared[name] {
+			name = vals[j]
+			j++
+		}
+		n, err := strconv.ParseUint(v, 10, 64)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse value: %v (%v)", err, v)
+		}
+		res[name] = n
+	}
+	return res, nil
+}
diff --git a/sys/syz-extract/fuchsia.go b/sys/syz-extract/fuchsia.go
index 1d3405ba8..f3cab132f 100644
--- a/sys/syz-extract/fuchsia.go
+++ b/sys/syz-extract/fuchsia.go
@@ -9,7 +9,6 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
-	"strconv"
 	"strings"
 
 	"github.com/google/syzkaller/pkg/compiler"
@@ -18,6 +17,9 @@ import (
 type fuchsia struct{}
 
 func (*fuchsia) prepare(sourcedir string, build bool, arches []string) error {
+	if sourcedir == "" {
+		return fmt.Errorf("provide path to kernel checkout via -sourcedir flag (or make extract SOURCEDIR)")
+	}
 	return nil
 }
 
@@ -31,26 +33,9 @@ func (*fuchsia) processFile(arch *Arch, info *compiler.ConstInfo) (map[string]ui
 		return nil, nil, fmt.Errorf("failed to run compiler: %v\n%v", err, string(out))
 	}
 	defer os.Remove(bin)
-
-	out, err = exec.Command(bin).CombinedOutput()
+	res, err := runBinaryAndParse(bin, info.Consts, nil)
 	if err != nil {
-		return nil, nil, fmt.Errorf("failed to run compiled binary: %v\n%v", err, string(out))
-	}
-
-	flagVals := strings.Split(string(out), " ")
-	if len(out) == 0 {
-		flagVals = nil
-	}
-	if len(flagVals) != len(info.Consts) {
-		return nil, nil, fmt.Errorf("fetched wrong number of values %v, want %v", len(flagVals), len(info.Consts))
-	}
-	res := make(map[string]uint64)
-	for i, v := range flagVals {
-		n, err := strconv.ParseUint(v, 10, 64)
-		if err != nil {
-			return nil, nil, fmt.Errorf("failed to parse value: %v (%v)", err, v)
-		}
-		res[info.Consts[i]] = n
+		return nil, nil, err
 	}
 	return res, nil, nil
 }
diff --git a/sys/syz-extract/linux.go b/sys/syz-extract/linux.go
index 8c38c75ee..7a0a226ef 100644
--- a/sys/syz-extract/linux.go
+++ b/sys/syz-extract/linux.go
@@ -9,7 +9,6 @@ import (
 	"os"
 	"os/exec"
 	"regexp"
-	"strconv"
 	"strings"
 	"time"
 
@@ -21,6 +20,9 @@ import (
 type linux struct{}
 
 func (*linux) prepare(sourcedir string, build bool, arches []string) error {
+	if sourcedir == "" {
+		return fmt.Errorf("provide path to kernel checkout via -sourcedir flag (or make extract SOURCEDIR)")
+	}
 	if build {
 		// Otherwise out-of-tree build fails.
 		fmt.Printf("make mrproper\n")
@@ -110,34 +112,9 @@ func (*linux) processFile(arch *Arch, info *compiler.ConstInfo) (map[string]uint
 	}
 	defer os.Remove(bin)
 
-	out, err = exec.Command(bin).CombinedOutput()
+	res, err := runBinaryAndParse(bin, vals, undeclared)
 	if err != nil {
-		return nil, nil, fmt.Errorf("failed to run flags binary: %v\n%v", err, string(out))
-	}
-
-	flagVals := strings.Split(string(out), " ")
-	if len(out) == 0 {
-		flagVals = nil
-	}
-	if len(flagVals) != len(vals)-len(undeclared) {
-		return nil, nil, fmt.Errorf("fetched wrong number of values %v != %v - %v\nflagVals: %q\nvals: %q\nundeclared: %q",
-			len(flagVals), len(vals), len(undeclared),
-			flagVals, vals, undeclared)
-	}
-	res := make(map[string]uint64)
-	j := 0
-	for _, v := range flagVals {
-		name := vals[j]
-		j++
-		for undeclared[name] {
-			name = vals[j]
-			j++
-		}
-		n, err := strconv.ParseUint(v, 10, 64)
-		if err != nil {
-			return nil, nil, fmt.Errorf("failed to parse value: %v (%v)", err, v)
-		}
-		res[name] = n
+		return nil, nil, err
 	}
 	return res, undeclared, nil
 }
diff --git a/sys/syz-extract/windows.go b/sys/syz-extract/windows.go
new file mode 100644
index 000000000..81e3f6c23
--- /dev/null
+++ b/sys/syz-extract/windows.go
@@ -0,0 +1,94 @@
+// Copyright 2017 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"strings"
+
+	"github.com/google/syzkaller/pkg/compiler"
+)
+
+type windows struct{}
+
+func (*windows) prepare(sourcedir string, build bool, arches []string) error {
+	return nil
+}
+
+func (*windows) prepareArch(arch *Arch) error {
+	return nil
+}
+
+func (*windows) processFile(arch *Arch, info *compiler.ConstInfo) (map[string]uint64, map[string]bool, error) {
+	bin, out, err := windowsCompile(arch.sourceDir, info.Consts, info.Includes, info.Incdirs, info.Defines)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to run compiler: %v\n%v", err, string(out))
+	}
+	defer os.Remove(bin)
+	res, err := runBinaryAndParse(bin, info.Consts, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+	return res, nil, nil
+}
+
+func windowsCompile(sourceDir string, vals, includes, incdirs []string, defines map[string]string) (bin string, out []byte, err error) {
+	includeText := ""
+	for _, inc := range includes {
+		includeText += fmt.Sprintf("#include <%v>\n", inc)
+	}
+	definesText := ""
+	for k, v := range defines {
+		definesText += fmt.Sprintf("#ifndef %v\n#define %v %v\n#endif\n", k, k, v)
+	}
+	valsText := "(unsigned long long)" + strings.Join(vals, ", (unsigned long long)")
+	src := windowsSrc
+	src = strings.Replace(src, "[[INCLUDES]]", includeText, 1)
+	src = strings.Replace(src, "[[DEFAULTS]]", definesText, 1)
+	src = strings.Replace(src, "[[VALS]]", valsText, 1)
+	binFile, err := ioutil.TempFile("", "")
+	if err != nil {
+		return "", nil, fmt.Errorf("failed to create temp file: %v", err)
+	}
+	binFile.Close()
+
+	srcFile, err := ioutil.TempFile("", "")
+	if err != nil {
+		return "", nil, fmt.Errorf("failed to create temp file: %v", err)
+	}
+	srcFile.Close()
+	os.Remove(srcFile.Name())
+	srcName := srcFile.Name() + ".cc"
+	if err := ioutil.WriteFile(srcName, []byte(src), 0600); err != nil {
+		return "", nil, fmt.Errorf("failed to write source file: %v", err)
+	}
+	defer os.Remove(srcName)
+	args := []string{"-o", binFile.Name(), srcName}
+	cmd := exec.Command("cl", args...)
+	out, err = cmd.CombinedOutput()
+	if err != nil {
+		os.Remove(binFile.Name())
+		return "", out, err
+	}
+	return binFile.Name(), nil, nil
+}
+
+var windowsSrc = `
+#include <stdio.h>
+[[INCLUDES]]
+[[DEFAULTS]]
+int main() {
+	int i;
+	unsigned long long vals[] = {[[VALS]]};
+	for (i = 0; i < sizeof(vals)/sizeof(vals[0]); i++) {
+		if (i != 0)
+			printf(" ");
+		printf("%llu", vals[i]);
+	}
+	return 0;
+}
+`
diff --git a/sys/syz-sysgen/sysgen.go b/sys/syz-sysgen/sysgen.go
index 273bb7d04..e34055f1c 100644
--- a/sys/syz-sysgen/sysgen.go
+++ b/sys/syz-sysgen/sysgen.go
@@ -36,7 +36,7 @@ func main() {
 	flag.Parse()
 
 	for OS, archs := range targets.List {
-		top := ast.ParseGlob(filepath.Join("sys", OS, "*\\.txt"), nil)
+		top := ast.ParseGlob(filepath.Join("sys", OS, "*.txt"), nil)
 		if top == nil {
 			os.Exit(1)
 		}
@@ -67,7 +67,7 @@ func main() {
 				eh := func(pos ast.Pos, msg string) {
 					job.Errors = append(job.Errors, fmt.Sprintf("%v: %v\n", pos, msg))
 				}
-				consts := compiler.DeserializeConstsGlob(filepath.Join("sys", OS, "*_"+job.Target.Arch+"\\.const"), eh)
+				consts := compiler.DeserializeConstsGlob(filepath.Join("sys", OS, "*_"+job.Target.Arch+".const"), eh)
 				if consts == nil {
 					return
 				}
diff --git a/sys/targets/targets.go b/sys/targets/targets.go
index 8e00b0fa6..3c0011be4 100644
--- a/sys/targets/targets.go
+++ b/sys/targets/targets.go
@@ -72,6 +72,12 @@ var List = map[string]map[string]*Target{
 			CArch:   []string{"__aarch64__"},
 		},
 	},
+	"windows": map[string]*Target{
+		"amd64": {
+			PtrSize: 8,
+			CArch:   []string{"_M_X64"},
+		},
+	},
 }
 
 type OS struct {
@@ -86,6 +92,9 @@ var OSList = map[string]*OS{
 	"fuchsia": {
 		SyscallNumbers: false,
 	},
+	"windows": {
+		SyscallNumbers: false,
+	},
 }
 
 func init() {
diff --git a/sys/windows/amd64.go b/sys/windows/amd64.go
new file mode 100644
index 000000000..0d6884835
--- /dev/null
+++ b/sys/windows/amd64.go
@@ -0,0 +1,129 @@
+// AUTOGENERATED FILE
+package windows
+
+import . "github.com/google/syzkaller/prog"
+
+func init() {
+	RegisterTarget(&Target{OS: "windows", Arch: "amd64", Revision: revision_amd64, PtrSize: 8, Syscalls: syscalls_amd64, Resources: resources_amd64, Structs: structDescs_amd64, Consts: consts_amd64}, initTarget)
+}
+
+var resources_amd64 = []*ResourceDesc{
+	{Name: "HANDLE", Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", TypeSize: 8}}}, Kind: []string{"HANDLE"}, Values: []uint64{18446744073709551615}},
+	{Name: "hFile", Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", TypeSize: 8}}}, Kind: []string{"HANDLE", "hFile"}, Values: []uint64{18446744073709551615}},
+}
+
+var structDescs_amd64 = []*KeyedStruct{
+	{Key: StructKey{Name: "SECURITY_ATTRIBUTES"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "SECURITY_ATTRIBUTES", TypeSize: 24}, Fields: []Type{
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "nLength", TypeSize: 4}}, Buf: "parent"},
+		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "pad", TypeSize: 4}}, IsPad: true},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "lpSecurityDescriptor", TypeSize: 8, IsOptional: true}, Type: &StructType{Key: StructKey{Name: "SECURITY_DESCRIPTOR"}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "bInheritHandle", TypeSize: 4}}, Kind: 2, RangeEnd: 1},
+		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "pad", TypeSize: 4}}, IsPad: true},
+	}}},
+	{Key: StructKey{Name: "SECURITY_DESCRIPTOR"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "SECURITY_DESCRIPTOR", TypeSize: 4}, Fields: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "stub", TypeSize: 4}}},
+	}}},
+}
+
+var syscalls_amd64 = []*Syscall{
+	{Name: "CloseHandle", CallName: "CloseHandle", Args: []Type{
+		&ResourceType{TypeCommon: TypeCommon{TypeName: "HANDLE", FldName: "hObject", TypeSize: 8}},
+	}},
+	{ID: 1, Name: "CreateFileA", CallName: "CreateFileA", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "lpFileName", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename"}, Kind: 3}},
+		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "file_access_rights", FldName: "dwDesiredAccess", TypeSize: 8}}, Vals: []uint64{65536, 131072, 1048576, 262144, 524288, 2, 4, 2032127, 4, 4, 64, 32, 1, 128, 1, 8, 32, 256, 2, 16}},
+		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "file_share_mode", FldName: "dwShareMode", TypeSize: 8}}, Vals: []uint64{4, 1, 2}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "lpSecurityAttributes", TypeSize: 8, IsOptional: true}, Type: &StructType{Key: StructKey{Name: "SECURITY_ATTRIBUTES"}}},
+		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "file_create_disposition", FldName: "dwCreationDisposition", TypeSize: 8}}, Vals: []uint64{2, 1, 4, 3, 5}},
+		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "file_attributes", FldName: "dwFlagsAndAttributes", TypeSize: 8}}, Vals: []uint64{32, 16384, 2, 128, 4096, 1, 4, 256, 33554432, 67108864, 536870912, 1048576, 2097152, 1073741824, 16777216, 268435456, 8388608, 134217728, 2147483648, 0, 262144, 196608, 524288, 65536, 131072}},
+		&ResourceType{TypeCommon: TypeCommon{TypeName: "HANDLE", FldName: "hTemplateFile", TypeSize: 8, IsOptional: true}},
+	}, Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "hFile", FldName: "ret", TypeSize: 8, ArgDir: 1}}},
+	{ID: 2, Name: "VirtualAlloc", CallName: "VirtualAlloc", Args: []Type{
+		&VmaType{TypeCommon: TypeCommon{TypeName: "vma", FldName: "lpAddress", TypeSize: 8}},
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "dwSize", TypeSize: 8}}, Buf: "lpAddress"},
+		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "allocation_type", FldName: "flAllocationType", TypeSize: 8}}, Vals: []uint64{4096, 8192, 524288, 16777216, 536870912, 4194304, 1048576, 2097152}},
+		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "protect_flags", FldName: "flProtect", TypeSize: 8}}, Vals: []uint64{16, 32, 64, 128, 1, 2, 4, 8, 1073741824, 1073741824, 256, 512, 1024, 2147483648, 536870912}},
+	}},
+}
+
+var consts_amd64 = []ConstValue{
+	{Name: "CREATE_ALWAYS", Value: 2},
+	{Name: "CREATE_NEW", Value: 1},
+	{Name: "DELETE", Value: 65536},
+	{Name: "FILE_ADD_FILE", Value: 2},
+	{Name: "FILE_ADD_SUBDIRECTORY", Value: 4},
+	{Name: "FILE_ALL_ACCESS", Value: 2032127},
+	{Name: "FILE_APPEND_DATA", Value: 4},
+	{Name: "FILE_ATTRIBUTE_ARCHIVE", Value: 32},
+	{Name: "FILE_ATTRIBUTE_ENCRYPTED", Value: 16384},
+	{Name: "FILE_ATTRIBUTE_HIDDEN", Value: 2},
+	{Name: "FILE_ATTRIBUTE_NORMAL", Value: 128},
+	{Name: "FILE_ATTRIBUTE_OFFLINE", Value: 4096},
+	{Name: "FILE_ATTRIBUTE_READONLY", Value: 1},
+	{Name: "FILE_ATTRIBUTE_SYSTEM", Value: 4},
+	{Name: "FILE_ATTRIBUTE_TEMPORARY", Value: 256},
+	{Name: "FILE_CREATE_PIPE_INSTANCE", Value: 4},
+	{Name: "FILE_DELETE_CHILD", Value: 64},
+	{Name: "FILE_EXECUTE", Value: 32},
+	{Name: "FILE_FLAG_BACKUP_SEMANTICS", Value: 33554432},
+	{Name: "FILE_FLAG_DELETE_ON_CLOSE", Value: 67108864},
+	{Name: "FILE_FLAG_NO_BUFFERING", Value: 536870912},
+	{Name: "FILE_FLAG_OPEN_NO_RECALL", Value: 1048576},
+	{Name: "FILE_FLAG_OPEN_REPARSE_POINT", Value: 2097152},
+	{Name: "FILE_FLAG_OVERLAPPED", Value: 1073741824},
+	{Name: "FILE_FLAG_POSIX_SEMANTICS", Value: 16777216},
+	{Name: "FILE_FLAG_RANDOM_ACCESS", Value: 268435456},
+	{Name: "FILE_FLAG_SEQUENTIAL_SCAN", Value: 134217728},
+	{Name: "FILE_FLAG_SESSION_AWARE", Value: 8388608},
+	{Name: "FILE_FLAG_WRITE_THROUGH", Value: 2147483648},
+	{Name: "FILE_LIST_DIRECTORY", Value: 1},
+	{Name: "FILE_READ_ATTRIBUTES", Value: 128},
+	{Name: "FILE_READ_DATA", Value: 1},
+	{Name: "FILE_READ_EA", Value: 8},
+	{Name: "FILE_SHARE_DELETE", Value: 4},
+	{Name: "FILE_SHARE_READ", Value: 1},
+	{Name: "FILE_SHARE_WRITE", Value: 2},
+	{Name: "FILE_TRAVERSE", Value: 32},
+	{Name: "FILE_WRITE_ATTRIBUTES", Value: 256},
+	{Name: "FILE_WRITE_DATA", Value: 2},
+	{Name: "FILE_WRITE_EA", Value: 16},
+	{Name: "INVALID_HANDLE_VALUE", Value: 18446744073709551615},
+	{Name: "MEM_COMMIT", Value: 4096},
+	{Name: "MEM_LARGE_PAGES", Value: 536870912},
+	{Name: "MEM_PHYSICAL", Value: 4194304},
+	{Name: "MEM_RESERVE", Value: 8192},
+	{Name: "MEM_RESET", Value: 524288},
+	{Name: "MEM_RESET_UNDO", Value: 16777216},
+	{Name: "MEM_TOP_DOWN", Value: 1048576},
+	{Name: "MEM_WRITE_WATCH", Value: 2097152},
+	{Name: "OPEN_ALWAYS", Value: 4},
+	{Name: "OPEN_EXISTING", Value: 3},
+	{Name: "PAGE_ENCLAVE_THREAD_CONTROL", Value: 2147483648},
+	{Name: "PAGE_ENCLAVE_UNVALIDATED\x00", Value: 536870912},
+	{Name: "PAGE_EXECUTE", Value: 16},
+	{Name: "PAGE_EXECUTE_READ", Value: 32},
+	{Name: "PAGE_EXECUTE_READWRITE", Value: 64},
+	{Name: "PAGE_EXECUTE_WRITECOPY", Value: 128},
+	{Name: "PAGE_GUARD", Value: 256},
+	{Name: "PAGE_NOACCESS", Value: 1},
+	{Name: "PAGE_NOCACHE", Value: 512},
+	{Name: "PAGE_READONLY", Value: 2},
+	{Name: "PAGE_READWRITE", Value: 4},
+	{Name: "PAGE_TARGETS_INVALID", Value: 1073741824},
+	{Name: "PAGE_TARGETS_NO_UPDATE", Value: 1073741824},
+	{Name: "PAGE_WRITECOMBINE", Value: 1024},
+	{Name: "PAGE_WRITECOPY", Value: 8},
+	{Name: "READ_CONTROL", Value: 131072},
+	{Name: "SECURITY_ANONYMOUS"},
+	{Name: "SECURITY_CONTEXT_TRACKING", Value: 262144},
+	{Name: "SECURITY_DELEGATION", Value: 196608},
+	{Name: "SECURITY_EFFECTIVE_ONLY", Value: 524288},
+	{Name: "SECURITY_IDENTIFICATION", Value: 65536},
+	{Name: "SECURITY_IMPERSONATION", Value: 131072},
+	{Name: "SYNCHRONIZE", Value: 1048576},
+	{Name: "TRUNCATE_EXISTING", Value: 5},
+	{Name: "WRITE_DAC", Value: 262144},
+	{Name: "WRITE_OWNER", Value: 524288},
+}
+
+const revision_amd64 = "5abfe477fc941d0acacdeae7934602a90c22d5bc"
diff --git a/sys/windows/init.go b/sys/windows/init.go
new file mode 100644
index 000000000..8e3761024
--- /dev/null
+++ b/sys/windows/init.go
@@ -0,0 +1,61 @@
+// Copyright 2017 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package windows
+
+import (
+	"github.com/google/syzkaller/prog"
+)
+
+func initTarget(target *prog.Target) {
+	arch := &arch{
+		virtualAllocSyscall:    target.SyscallMap["VirtualAlloc"],
+		MEM_COMMIT:             target.ConstMap["MEM_COMMIT"],
+		MEM_RESERVE:            target.ConstMap["MEM_RESERVE"],
+		PAGE_EXECUTE_READWRITE: target.ConstMap["PAGE_EXECUTE_READWRITE"],
+	}
+
+	target.PageSize = pageSize
+	target.DataOffset = dataOffset
+	target.MmapSyscall = arch.virtualAllocSyscall
+	target.MakeMmap = arch.makeMmap
+	target.AnalyzeMmap = arch.analyzeMmap
+}
+
+const (
+	// TODO(dvyukov): what should we do about 4k vs 64k?
+	pageSize   = 4 << 10
+	dataOffset = 512 << 20
+)
+
+type arch struct {
+	virtualAllocSyscall *prog.Syscall
+
+	MEM_COMMIT             uint64
+	MEM_RESERVE            uint64
+	PAGE_EXECUTE_READWRITE uint64
+}
+
+func (arch *arch) makeMmap(start, npages uint64) *prog.Call {
+	meta := arch.virtualAllocSyscall
+	return &prog.Call{
+		Meta: meta,
+		Args: []prog.Arg{
+			prog.MakePointerArg(meta.Args[0], start, 0, npages, nil),
+			prog.MakeConstArg(meta.Args[1], npages*pageSize),
+			prog.MakeConstArg(meta.Args[2], arch.MEM_COMMIT|arch.MEM_RESERVE),
+			prog.MakeConstArg(meta.Args[3], arch.PAGE_EXECUTE_READWRITE),
+		},
+		Ret: prog.MakeReturnArg(meta.Ret),
+	}
+}
+
+func (arch *arch) analyzeMmap(c *prog.Call) (start, npages uint64, mapped bool) {
+	switch c.Meta.Name {
+	case "VirtualAlloc":
+		npages = c.Args[1].(*prog.ConstArg).Val / pageSize
+		start = c.Args[0].(*prog.PointerArg).PageIndex
+		mapped = true
+	}
+	return
+}
diff --git a/sys/windows/sys.txt b/sys/windows/sys.txt
new file mode 100644
index 000000000..077a499db
--- /dev/null
+++ b/sys/windows/sys.txt
@@ -0,0 +1,31 @@
+# Copyright 2017 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+include <windows.h>
+
+resource HANDLE[intptr]: INVALID_HANDLE_VALUE
+resource hFile[HANDLE]
+
+CloseHandle(hObject HANDLE)
+CreateFileA(lpFileName ptr[in, filename], dwDesiredAccess flags[file_access_rights], dwShareMode flags[file_share_mode], lpSecurityAttributes ptr[in, SECURITY_ATTRIBUTES, opt], dwCreationDisposition flags[file_create_disposition], dwFlagsAndAttributes flags[file_attributes], hTemplateFile HANDLE[opt]) hFile
+VirtualAlloc(lpAddress vma, dwSize len[lpAddress], flAllocationType flags[allocation_type], flProtect flags[protect_flags])
+
+SECURITY_ATTRIBUTES {
+	nLength len[parent, int32]
+	lpSecurityDescriptor ptr[in, SECURITY_DESCRIPTOR, opt]
+# TODO: at this point we probably do need the BOOL type.
+	bInheritHandle int32[0:1]
+}
+
+# TODO: describe
+SECURITY_DESCRIPTOR {
+	stub int32
+}
+
+access_rights = DELETE, READ_CONTROL, SYNCHRONIZE, WRITE_DAC, WRITE_OWNER
+file_access_rights = DELETE, READ_CONTROL, SYNCHRONIZE, WRITE_DAC, WRITE_OWNER, FILE_ADD_FILE, FILE_ADD_SUBDIRECTORY, FILE_ALL_ACCESS, FILE_APPEND_DATA, FILE_CREATE_PIPE_INSTANCE, FILE_DELETE_CHILD, FILE_EXECUTE, FILE_LIST_DIRECTORY, FILE_READ_ATTRIBUTES, FILE_READ_DATA, FILE_READ_EA, FILE_TRAVERSE, FILE_WRITE_ATTRIBUTES, FILE_WRITE_DATA, FILE_WRITE_EA
+file_share_mode = FILE_SHARE_DELETE, FILE_SHARE_READ, FILE_SHARE_WRITE
+file_create_disposition = CREATE_ALWAYS, CREATE_NEW, OPEN_ALWAYS, OPEN_EXISTING, TRUNCATE_EXISTING
+file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_ENCRYPTED, FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_OFFLINE, FILE_ATTRIBUTE_READONLY, FILE_ATTRIBUTE_SYSTEM, FILE_ATTRIBUTE_TEMPORARY, FILE_FLAG_BACKUP_SEMANTICS, FILE_FLAG_DELETE_ON_CLOSE, FILE_FLAG_NO_BUFFERING, FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_OPEN_REPARSE_POINT, FILE_FLAG_OVERLAPPED, FILE_FLAG_POSIX_SEMANTICS, FILE_FLAG_RANDOM_ACCESS, FILE_FLAG_SESSION_AWARE, FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH, SECURITY_ANONYMOUS, SECURITY_CONTEXT_TRACKING, SECURITY_DELEGATION, SECURITY_EFFECTIVE_ONLY, SECURITY_IDENTIFICATION, SECURITY_IMPERSONATION
+allocation_type = MEM_COMMIT, MEM_RESERVE, MEM_RESET, MEM_RESET_UNDO, MEM_LARGE_PAGES, MEM_PHYSICAL, MEM_TOP_DOWN, MEM_WRITE_WATCH
+protect_flags = PAGE_EXECUTE, PAGE_EXECUTE_READ, PAGE_EXECUTE_READWRITE, PAGE_EXECUTE_WRITECOPY, PAGE_NOACCESS, PAGE_READONLY, PAGE_READWRITE, PAGE_WRITECOPY, PAGE_TARGETS_INVALID, PAGE_TARGETS_NO_UPDATE, PAGE_GUARD, PAGE_NOCACHE, PAGE_WRITECOMBINE, PAGE_ENCLAVE_THREAD_CONTROL, PAGE_ENCLAVE_UNVALIDATED
\ No newline at end of file
diff --git a/sys/windows/sys_amd64.const b/sys/windows/sys_amd64.const
new file mode 100644
index 000000000..d20c17bf3
--- /dev/null
+++ b/sys/windows/sys_amd64.const