Created
September 9, 2015 00:50
-
-
Save Jack2/b36c94bd87c664d49ff2 to your computer and use it in GitHub Desktop.
Peach Pit for .wav fuzzing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8"?> | |
| <Peach xmlns="http://peachfuzzer.com/2012/Peach" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xsi:schemaLocation="http://peachfuzzer.com/2012/Peach /peach/peach.xsd"> | |
| <!-- Defines the common wave chunk --> | |
| <DataModel name="Chunk"> | |
| <String name="ID" length="4" padCharacter=" " /> | |
| <Number name="Size" size="32" > | |
| <Relation type="size" of="Data" /> | |
| </Number> | |
| <Blob name="Data" /> | |
| <Padding alignment="16" /> | |
| </DataModel> | |
| <DataModel name="ChunkData" ref="Chunk"> | |
| <String name="ID" value="data" token="true"/> | |
| </DataModel> | |
| <DataModel name="ChunkFact" ref="Chunk"> | |
| <String name="ID" value="fact" token="true"/> | |
| <Block name="Data"> | |
| <Number size="32" /> | |
| <Blob/> | |
| </Block> | |
| </DataModel> | |
| <DataModel name="ChunkSint" ref="Chunk"> | |
| <String name="ID" value="sInt" token="true"/> | |
| <Block name="Data"> | |
| <Number size="32" /> | |
| </Block> | |
| </DataModel> | |
| <DataModel name="ChunkWavl" ref="Chunk"> | |
| <String name="ID" value="wavl" token="true"/> | |
| <Block name="Data"> | |
| <Block name="ArrayOfChunks" maxOccurs="3000"> | |
| <Block ref="ChunkSint"/> | |
| <Block ref="ChunkData" /> | |
| </Block> | |
| </Block> | |
| </DataModel> | |
| <DataModel name="ChunkCue" ref="Chunk"> | |
| <String name="ID" value="cue " token="true"/> | |
| <Block name="Data"> | |
| <Block name="ArrayOfCues" maxOccurs="3000"> | |
| <String length="4" /> | |
| <Number size="32" /> | |
| <String length="4" /> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| </Block> | |
| </Block> | |
| </DataModel> | |
| <DataModel name="ChunkFmt" ref="Chunk"> | |
| <String name="ID" value="fmt " token="true"/> | |
| <Block name="Data"> | |
| <Number name="CompressionCode" size="16" /> | |
| <Number name="NumberOfChannels" size="16" /> | |
| <Number name="SampleRate" size="32" /> | |
| <Number name="AverageBytesPerSecond" size="32" /> | |
| <Number name="BlockAlign" size="16" /> | |
| <Number name="SignificantBitsPerSample" size="16" /> | |
| <Number name="ExtraFormatBytes" size="16" /> | |
| <Blob name="ExtraData" /> | |
| </Block> | |
| </DataModel> | |
| <DataModel name="ChunkPlst" ref="Chunk"> | |
| <String name="ID" value="plst" token="true"/> | |
| <Block name="Data"> | |
| <Number name="NumberOfSegments" size="32" > | |
| <Relation type="count" of="ArrayOfSegments"/> | |
| </Number> | |
| <Block name="ArrayOfSegments" maxOccurs="3000"> | |
| <String length="4" /> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| </Block> | |
| </Block> | |
| </DataModel> | |
| <DataModel name="ChunkLtxt" ref="Chunk"> | |
| <String name="ID" value="ltxt" token="true"/> | |
| <Block name="Data"> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| <Number size="16" /> | |
| <Number size="16" /> | |
| <Number size="16" /> | |
| <Number size="16" /> | |
| <String nullTerminated="true" /> | |
| </Block> | |
| </DataModel> | |
| <DataModel name="ChunkSmpl" ref="Chunk"> | |
| <String name="ID" value="smpl" token="true"/> | |
| <Block name="Data"> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| <Block maxOccurs="3000"> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| <Number size="32" /> | |
| </Block> | |
| </Block> | |
| </DataModel> | |
| <DataModel name="ChunkInst" ref="Chunk"> | |
| <String name="ID" value="inst" token="true"/> | |
| <Block name="Data"> | |
| <Number size="8"/> | |
| <Number size="8"/> | |
| <Number size="8"/> | |
| <Number size="8"/> | |
| <Number size="8"/> | |
| <Number size="8"/> | |
| <Number size="8"/> | |
| </Block> | |
| </DataModel> | |
| <!-- Defines the format of a WAV file --> | |
| <DataModel name="Wav"> | |
| <!-- wave header --> | |
| <String value="RIFF" token="true" /> | |
| <Number size="32" /> | |
| <String value="WAVE" token="true"/> | |
| <Choice maxOccurs="30000"> | |
| <Block ref="ChunkFmt"/> | |
| <Block ref="ChunkData"/> | |
| <Block ref="ChunkFact"/> | |
| <Block ref="ChunkSint"/> | |
| <Block ref="ChunkWavl"/> | |
| <Block ref="ChunkCue"/> | |
| <Block ref="ChunkPlst"/> | |
| <Block ref="ChunkLtxt"/> | |
| <Block ref="ChunkSmpl"/> | |
| <Block ref="ChunkInst"/> | |
| <Block ref="Chunk"/> | |
| </Choice> | |
| </DataModel> | |
| <!-- This is our simple wave state model --> | |
| <StateModel name="TheState" initialState="Initial"> | |
| <State name="Initial"> | |
| <!-- Write out our wave file --> | |
| <Action type="output"> | |
| <DataModel ref="Wav"/> | |
| <!-- This is our sample file to read in --> | |
| <Data fileName="C:\\Fuzzing\\peach-3.0.202-win-x86-release\\sample_wav"/> | |
| </Action> | |
| <Action type="close"/> | |
| <!-- Launch the target process --> | |
| <Action type="call" method="StartMPlayer" publisher="Peach.Agent" /> | |
| </State> | |
| </StateModel> | |
| <!-- TODO: Configure agent --> | |
| <Agent name="TheAgent" location="http://127.0.0.1:9000"/> | |
| <Agent name="WinAgent"> | |
| <Monitor class="WindowsDebugger"> | |
| <!-- The command line to run. Notice the filename provided matched up | |
| to what is provided below in the Publisher configuration --> | |
| <Param name="CommandLine" value="C:\\KMPlayer\\KMPlayer.exe C:\\Fuzzing\\peach-3.0.202-win-x86-release\\sample_wav" /> | |
| <!-- windbg 경로를 설정합니다. 64비트 peach라면 반드시 64비트 디버거여야 함 --> | |
| <Param name="WinDbgPath" value="C:\\Program Files\\Windows Kits\\8.1\\Debuggers\\x86" /> | |
| <!-- This parameter will cause the debugger to wait for an action-call in | |
| the state model with a method="StartMPlayer" before running | |
| program. | |
| --> | |
| <Param name="StartOnCall" value="StartMPlayer" /> | |
| <!-- This parameter will cause the monitor to terminate the process | |
| once the CPU usage reaches zero. | |
| --> | |
| <Param name="CpuKill" value="true"/> | |
| </Monitor> | |
| <!-- Enable heap debugging on our process as well. --> | |
| <Monitor class="PageHeap"> | |
| <Param name="Executable" value="C:\\KMPlayer\\KMPlayer.exe"/> | |
| <Param name="WinDbgPath" value="C:\\Program Files\\Windows Kits\\8.1\\Debuggers\\x86" /> | |
| </Monitor> | |
| </Agent> | |
| <Test name="Default"> | |
| <Agent ref="WinAgent" platform="windows"/> | |
| <StateModel ref="TheState"/> | |
| <Publisher class="File"> | |
| <Param name="FileName" value="fuzzed.wav"/> | |
| </Publisher> | |
| <Logger class="Filesystem"> | |
| <Param name="Path" value="logs" /> | |
| </Logger> | |
| </Test> | |
| </Peach> | |
| <!-- end --> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment