<?xml version="1.0" encoding="utf-8"?>
<Peach version="1.0" author="Jason Kratzer" site="http://www.flinkd.org">
<Include ns="default" src="file:defaults.xml"/>
<DataModel name="AVIFileFormat">
<!-- http://msdn.microsoft.com/en-us/library/dd318189%28v=vs.85%29.aspx -->
<Block name="RIFF_Header">
<String name="RiffFourCC" value="RIFF" token="true"/>
<Number name="FileSize" size="32" endian="little" signed="false"/><!-- Add relation -->
<String name="FileType" value="AVI " token="true"/>
</Block>
<Block name="AviHdrlList">
<String name="ListFourCC" value="LIST" token="true"/>
<Number name="ListSize" size="32" endian="little" signed="false"/> <!-- Add relation counting used elements in ListHDRL -->
<Block name="ListHdrl">
<String name="Hdrl_Header" value="hdrl" token="true"/>
<String name="MainAviHeader" value="avih" token="true"/>
<Number name="cbFileSize" size="32" endian="little" signed="false"/><!-- Add relation -->
<Number name="dwMicroSecPerFrame" size="32" endian="little" signed="false"/>
<Number name="dwMaxBytesPerSec" size="32" endian="little" signed="false"/>
<Number name="dwPaddingGranularity" size="32" endian="little" signed="false"/>
<Number name="dwFlags" size="32" endian="little" signed="false"/>
<Number name="dwTotalFrames" size="32" endian="little" signed="false"/>
<Number name="dwInitialFrames" size="32" endian="little" signed="false"/>
<Number name="dwStreams" size="32" endian="little" signed="false"/>
<Number name="dwSuggestedBufferSize" size="32" endian="little" signed="false"/>
<Number name="dwWidth" size="32" endian="little" signed="false"/>
<Number name="dwHeight" size="32" endian="little" signed="false"/>
<Number name="dwScale" size="32" endian="little" signed="false"/>
<Number name="dwRate" size="32" endian="little" signed="false"/>
<Number name="dwStart" size="32" endian="little" signed="false"/>
<Number name="dwLength" size="32" endian="little" signed="false"/>
<Block>
<String name="ListFourCC" value="LIST" token="true"/>
<Number name="ListSize" size="32" endian="little" signed="false"/>
<String name="StreamList" value="strl" token="true"/>
<Block name="StreamHeaderChunk">
<String name="StreamHeaderFourCC" value="strh" token="true"/>
<Number name="cbFileSize" size="32" endian="little" signed="false"/><!-- Add relation -->
<Choice name="fccType" maxOccurs="1">
<String name="AudioStream" value="auds" token="true"/>
<String name="MIDIStream" value="mids" token="true"/>
<String name="TextStream" value="txts" token="true"/>
<String name="VideoStream" value="vids" token="true"/>
</Choice>
<Number name="fccHandler" size="32" endian="little" signed="false"/>
<Number name="dwFlags" size="32" endian="little" signed="false"/>
<Number name="wPriority" size="16" endian="little" signed="false"/>
<Number name="wLanguage" size="16" endian="little" signed="false"/>
<Number name="dwInitialFrames" size="32" endian="little" signed="false"/>
<Number name="dwScale" size="32" endian="little" signed="false"/>
<Number name="dwRate" size="32" endian="little" signed="false"/>
<Number name="dwStart" size="32" endian="little" signed="false"/>
<Number name="dwLength" size="32" endian="little" signed="false"/>
<Number name="dwSuggestedBufferSize" size="32" endian="little" signed="false"/>
<Number name="dwQuality" size="32" endian="little" signed="false"/>
<Number name="dwSampleSize" size="32" endian="little" signed="false"/>
<Number name="rcFrame" size="64" endian="little" signed="false"/>
<!--<Choice minOccurs="0" maxOccurs="2">
<Number name="Handler" size="32" endian="little" signed="false" constraint="int(123) == -1"/>
</Choice>-->
<!-- Can't find this in the spec -->
</Block>
<Block name="StreamFormatChunk">
<String name="StreamFormatFourCC" value="strf" token="true"/>
<Number name="cbFileSize" size="32" endian="little" signed="false"/>
<Choice maxOccurs="1">
<Block name="BITMAPINFO">
<Number name="biSize" size="32" endian="little" signed="false"/>
<Number name="biWidth" size="32" endian="little" signed="true"/>
<Number name="biHeight" size="32" endian="little" signed="true"/>
<Number name="biPlanes" size="16" endian="little" signed="false"/>
<Number name="biBitCount" size="16" endian="little" signed="false"/>
<Number name="biCompression" size="32" endian="little" signed="false"/>
<Number name="biSizeImage" size="32" endian="little" signed="false"/>
<Number name="biXPelsPerMeter" size="32" endian="little" signed="true"/>
<Number name="biYPelsPerMeter" size="32" endian="little" signed="true"/>
<Number name="biClrUsed" size="32" endian="little" signed="false"/>
<Number name="biClrImportant" size="32" endian="little" signed="false"/>
</Block>
<Block name="WAVEFORMATEX">
<Number name="wFormatTag" size="16" endian="little" signed="false"/>
<Number name="nChannels" size="16" endian="little" signed="false"/>
<Number name="nSamplesPerSec" size="32" endian="little" signed="false"/>
<Number name="nAvgBytesPerSec" size="32" endian="little" signed="false"/>
<Number name="nBlockAlign" size="16" endian="little" signed="false"/>
<Number name="wBitsPerSample" size="16" endian="little" signed="false"/>
<Number name="cbSize" size="16" endian="little" signed="false"/>
</Block>
</Choice>
</Block>
<!-- Add STRD - Stream Header Data Chunk -->
<!-- Add STRN - Null Terminated Comment -->
<Block name="JUNK">
<String name="JunkFourCC" value="JUNK" token="true"/>
<Number name="cbFileSize" size="32" endian="little" signed="false">
<Relation type="size" of="JunkData" />
</Number>
<Blob name="JunkData"/>
</Block>
</Block>
</Block>
</Block>
<Block name="AviMoviList">
<String name="ListFourCC" value="LIST" token="true"/>
<Number name="ListSize" size="32" endian="little" signed="false">
<Relation type="size" expressionGet="size-4" expressionSet="size" of="MoviData" />
</Number>
<String name="MOVI_Header" value="movi" token="true"/>
<Blob name="MoviData"/>
<!-- Consider breaking this into Two Char Code Chunks -->
<!-- May Break Size Relation. Investigate -->
<!-- Also expected to increase parse time significantly -->
</Block>
<Block name="Avi1Index">
<String name="AviIndex1Start" value="idx1" token="true"/>
<Number name="cbFileSize" size="32" endian="little" signed="false"/> <!-- Add relation -->
<Block maxOccurs="1000">
<Number name="dwChunkId" size="32" endian="little" signed="false"/>
<Number name="dwFlags" size="32" endian="little" signed="false"/>
<Number name="dwOffset" size="32" endian="little" signed="false"/> <!-- Consider adding relation to support hdrl stream offset -->
<Number name="dwSize" size="32" endian="little" signed="false"/> <!-- Consider adding relation to support hdrl stream size -->
</Block>
<Number name="null" size="16" endian="little" signed="false"/>
</Block>
<!-- Consider adding support for AVI Index 2.0 -->
<!-- http://msdn.microsoft.com/en-us/library/ff625868%28v=vs.85%29.aspx -->
</DataModel>
<DataModel name="Param">
<String name="Value" isStatic="true"/>
</DataModel>
<Agent name="LocalAgent">
<Monitor class="debugger.WindowsDebugEngine">
<Param name="CommandLine" value="C:\Program Files\Windows Media Player\wmplayer.exe fuzzed.avi"/>
<Param name="StartOnCall" value="ScoobySnacks"/>
</Monitor>
<Monitor class="process.PageHeap">
<Param name="Executable" value="wmplayer.exe"/>
</Monitor>
</Agent>
<Test name="TheTest">
<Strategy class="rand.RandomMutationStrategy" switchCount="1500" maxFieldsToMutate="7"/>
<Agent ref="LocalAgent"/>
<StateModel ref="TheState"/>
<Publisher class="file.FileWriterLauncherGui">
<Param name="fileName" value="fuzzed.avi"/>
<Param name="windowName" value="Windows Media Player"/>
<Param name="debugger" value="true"/>
</Publisher>
</Test>
<Run name="DefaultRun">
<Test ref="TheTest"/>
<Logger class="logger.Filesystem">
<Param name="path" value="C:\peachfuzz\logs\"/>
</Logger>
</Run>
</Peach>