|
XML Processing Instructions |
|
XML Processing Instructions (PI) are used by Fuzzware to define relationships between XML nodes e.g. one node contains the byte length of another node. This allows nodes whose value depends on other nodes, to have their value updated using the command given in the XML PI. To specify an XML PI in an XML document it should be placed immediately before the node it is targetting and it should have the form '<?Schemer Command="Value"?>'. Note that multiple Command="Value" are supported, separated by a space. You may also stack multiple PI on top of each other. Command
| Value
| Description
| | Id | a string
| Assigns the node an Id that other processing instructions can use to reference the node.
| | ByteLength | another node's Id
| Instructs the fuzzer to assign the value of this node to be the length in bytes of the node referenced. This will respect the output format of the node referenced. This should only be applied to numeric type nodes e.g. unsignedInt. | CharLength
| another node's Id | Instructs the fuzzer to assign the value of this node to be the length in characters of the node referenced. This will respect the output format of the node referenced. This should only be applied to numeric type nodes e.g. unsignedInt.
| | CRC32 | another node's Id | Instructs the fuzzer to assign the value of this node to be the CRC32 of the node referenced. This will respect the output format of the node referenced. This should only be applied to hexBinary type nodes, and the endianness of the result corresponds to the endianness of the machine.
| | Count | another node's Id | Instructs the fuzzer to assign the value of this node to be the number of occurrences of the node referenced. This is for nodes that can occur multiple times (e.g. Entries in an Address Book), placing the Id instruction above the first occurrence, then this instruction will count the number of occurrences and update its node (e.g. EntiresCount). This should only be applied to numeric type nodes e.g. unsignedInt.
| | Order | an integer
| Assigns the node an Order that tells the fuzzer in which order to apply/carry out the processing instruction. The default value of Order is 100. A lower value will be applied/carried out before a higher value.
| | KeepEndBytes | an unsigned integer
| Instructs the fuzzer to restrict the output of the byte representation of the node to specified count of end bytes. E.g. Restrict the output of an Int32 length node in Little Endian to 3 bytes.
| | KeepStartBytes | an unsigned integer | Instructs the fuzzer to restrict the output of the byte representation of the node to specified count of start bytes. E.g. Restrict the output of an Int32 length node in Big Endian to 3 bytes.
| | dontFuzz | true
false | Indicates whether or not the current node, and all child nodes should be fuzzed. This can be overridden on child nodes.
| | TypeID | a string
| Use this command when a data format has a choice data structure where the element in the data file is specified by an identifier in another part of a file. For instance, a file format that can contain several different types of records, but the specific record used in a particular file is identified by a field that is part of the header of the file.
This attribute needs to be both a schema attribute command (as this is where the identifier is specified) and an XML processing instruction command (so the identifier in the file format header (for instance) can be set to the right value).
See the TLS example to see a practical application of this command.
|
These 3 commands need to be used together UserCode
| another node's ID
| Instructs the fuzzer to pass the node with this Id to the user code specified by the other related processing instructions.
| LoadAssembly
| a string
| This instruction should contain the name of a dll assembly that implements the required interface. This instruction is required for user code, and can occur more than once to load dependent assemblies.
| NamespaceDotClass
| a string
| This instruction should contain the namespace and class name, in the format 'namespace.classname' of the class that implements Fuzzware.Extensible.IUserNodeProcessor (in Extensible.dll). This is a required instruction for user code.
|
|