SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers
Most drivers expose their interfaces through the uniform syscall IOConnectCallMethod (ioctl is its counterpart in Linux). SyzGen could learn from traces collected from existing applications that invoke the target driver and then perform symbolic execution to anlyze the driver to produce the syscall specification used by Syzkaller for fuzzing.
Please refer to SyzGen_setup.
Please follow the instructions