我是文件模糊测试的初学者。我想用桃子3模糊Adrenalin Player 2.2.5.3并且在编译期间遇到了问题。当我输入此命令c:\peach\peach.exe wav.xml时收到此错误:unable to locate test named "Default"。
这是我在xml中的代码:
<!-- Defines the common wave chunk -->
<DataModel name="Chunk">
<String name="ID" length="4" padCharacter=" " />
<Number name="Size" size="32" >
<Relation type="size" of="Data" />
</Number>
<Blob name="Data" />
<Padding alignment="16" />
</DataModel>
<DataModel name="ChunkData" ref="Chunk">
<String name="ID" value="data" token="true"/>
</DataModel>
<DataModel name="ChunkFact" ref="Chunk">
<String name="ID" value="fact" token="true"/>
<Block name="Data">
<Number size="32" />
<Blob/>
</Block>
</DataModel>
<DataModel name="ChunkSint" ref="Chunk">
<String name="ID" value="sInt" token="true"/>
<Block name="Data">
<Number size="32" />
</Block>
</DataModel>
<DataModel name="ChunkWavl" ref="Chunk">
<String name="ID" value="wavl" token="true"/>
<Block name="Data">
<Block name="ArrayOfChunks" maxOccurs="3000">
<Block ref="ChunkSint"/>
<Block ref="ChunkData" />
</Block>
</Block>
</DataModel>
<DataModel name="ChunkCue" ref="Chunk">
<String name="ID" value="cue " token="true"/>
<Block name="Data">
<Block name="ArrayOfCues" maxOccurs="3000">
<String length="4" />
<Number size="32" />
<String length="4" />
<Number size="32" />
<Number size="32" />
<Number size="32" />
</Block>
</Block>
</DataModel>
<DataModel name="ChunkFmt" ref="Chunk">
<String name="ID" value="fmt " token="true"/>
<Block name="Data">
<Number name="CompressionCode" size="16" />
<Number name="NumberOfChannels" size="16" />
<Number name="SampleRate" size="32" />
<Number name="AverageBytesPerSecond" size="32" />
<Number name="BlockAlign" size="16" />
<Number name="SignificantBitsPerSample" size="16" />
<Number name="ExtraFormatBytes" size="16" />
<Blob name="ExtraData" />
</Block>
</DataModel>
<DataModel name="ChunkPlst" ref="Chunk">
<String name="ID" value="plst" token="true"/>
<Block name="Data">
<Number name="NumberOfSegments" size="32" >
<Relation type="count" of="ArrayOfSegments"/>
</Number>
<Block name="ArrayOfSegments" maxOccurs="3000">
<String length="4" />
<Number size="32" />
<Number size="32" />
</Block>
</Block>
</DataModel>
<DataModel name="ChunkLtxt" ref="Chunk">
<String name="ID" value="ltxt" token="true"/>
<Block name="Data">
<Number size="32" />
<Number size="32" />
<Number size="32" />
<Number size="16" />
<Number size="16" />
<Number size="16" />
<Number size="16" />
<String nullTerminated="true" />
</Block>
</DataModel>
<DataModel name="ChunkSmpl" ref="Chunk">
<String name="ID" value="smpl" token="true"/>
<Block name="Data">
<Number size="32" />
<Number size="32" />
<Number size="32" />
<Number size="32" />
<Number size="32" />
<Number size="32" />
<Number size="32" />
<Number size="32" />
<Number size="32" />
<Block maxOccurs="3000">
<Number size="32" />
<Number size="32" />
<Number size="32" />
<Number size="32" />
<Number size="32" />
<Number size="32" />
</Block>
</Block>
</DataModel>
<DataModel name="ChunkInst" ref="Chunk">
<String name="ID" value="inst" token="true"/>
<Block name="Data">
<Number size="8"/>
<Number size="8"/>
<Number size="8"/>
<Number size="8"/>
<Number size="8"/>
<Number size="8"/>
<Number size="8"/>
</Block>
</DataModel>
<!-- Defines the format of a WAV file -->
<DataModel name="Wav">
<!-- wave header -->
<String value="RIFF" token="true" />
<Number size="32" />
<String value="WAVE" token="true"/>
<Choice maxOccurs="30000">
<Block ref="ChunkFmt"/>
<Block ref="ChunkData"/>
<Block ref="ChunkFact"/>
<Block ref="ChunkSint"/>
<Block ref="ChunkWavl"/>
<Block ref="ChunkCue"/>
<Block ref="ChunkPlst"/>
<Block ref="ChunkLtxt"/>
<Block ref="ChunkSmpl"/>
<Block ref="ChunkInst"/>
<Block ref="Chunk"/>
</Choice>
</DataModel>
<!-- This is our simple wave state model -->
<StateModel name="TheState" initialState="Initial">
<State name="Initial">
<!-- Write out our wave file -->
<Action type="output">
<DataModel ref="Wav"/>
<!-- This is our sample file to read in -->
<Data fileName="sample.wav"/>
</Action>
<Action type="close"/>
<!-- Launch the target process -->
<Action type="call" method="StartMPlayer" publisher="Peach.Agent" />
</State>
</StateModel>
<Agent name="WinAgent">
<Monitor class="WindowsDebugger">
<!-- The command line to run. Notice the filename provided matched up
to what is provided below in the Publisher configuration -->
<Param name="CommandLine" value="c:\\Program Files (x86)\\adrenalin\\play.exe fuzzed.wav" />
<!-- This parameter will cause the debugger to wait for an action-call in
the state model with a method="StartMPlayer" before running
program.
-->
<Param name="StartOnCall" value="StartMPlayer" />
<!-- This parameter will cause the monitor to terminate the process
once the CPU usage reaches zero.
-->
<Param name="CpuKill" value="true"/>
</Monitor>
<!-- Enable heap debugging on our process as well. -->
<Monitor class="PageHeap">
<Param name="Executable" value="c:\\Program Files (x86)\\adrenalin\\play.exe"/>
</Monitor>
</Agent>
<Agent name="LinAgent">
<!-- Register for core file notifications. -->
<Monitor class="LinuxCrashMonitor"/>
<Monitor class="Process">
<!-- The executable to run. -->
<Param name="Executable" value="mplayer"/>
<!-- This parameter will cause the monitor to wait for an action-call in
the state model with a method="StartMPlayer" before running
program.
-->
<Param name="StartOnCall" value="StartMPlayer"/>
<!-- The program arguments. Notice the filename provided matched up
to what is provided below in the Publisher configuration -->
<Param name="Arguments" value="fuzzed.wav"/>
<!-- This parameter will cause the monitor to terminate the process
once the CPU usage reaches zero.
-->
<Param name="CpuKill" value="true"/>
</Monitor>
</Agent>
<Agent name="OsxAgent">
<Monitor class="CrashWrangler">
<!-- The executable to run. -->
<Param name="Command" value="mplayer" />
<!-- The program arguments. Notice the filename provided matched up
to what is provided below in the Publisher configuration -->
<Param name="Arguments" value="fuzzed.wav" />
<!-- Do not use debug malloc. -->
<Param name="UseDebugMalloc" value="false" />
<!-- Treat read access violations as exploitable. -->
<Param name="ExploitableReads" value="true" />
<!-- Path to Crash Wrangler Execution Handler program. -->
<Param name="ExecHandler" value="/usr/local/bin/exc_handler" />
<!-- This parameter will cause the monitor to wait for an action-call in
the state model with a method="StartMPlayer" before running
program.
-->
<Param name="StartOnCall" value="StartMPlayer" />
</Monitor>
</Agent>
<Test name="Default">
<Agent ref="WinAgent" platform="windows"/>
<Agent ref="LinAgent" platform="linux"/>
<Agent ref="OsxAgent" platform="osx"/>
<StateModel ref="TheState"/>
<Publisher class="File">
<Param name="FileName" value="fuzzed.wav"/>
</Publisher>
<Logger class="Filesystem">
<Param name="Path" value="logs" />
</Logger>
</Test>
答案 0 :(得分:0)
当您使用Peach Framework时,您的pit文件(包含的xml文件)必须由<Peach>.........</Peach>标记封装完成。试试这个,看看会发生什么!