Frequently Asked Questions
Q: Fuzzsaw crashes when I try to open it?
A: Fuzzware requires version 3.5 of the .Net framework, make sure you have that installed.
Q: My fuzzing target already consumes XML, but it errors if I add a namespace to the XML and it seems
like Schemer always adds a namespace, can I turn that off?
A: Not currently, what you can do though is add a new root node to your XSD and XML so that the
namespace appears on that node and then add the SchemaAttributeCommand sac:markup="remove" to
that node. This command will remove remove the markup of this node so that it doesn't appear
in the output.
Q: I am fuzzing an XML format that has a standard XSD, however Schemer errors when it tries to
compile the XSD?
A: Schemer uses the .Net libraries for compiling the XSD, so it's a case of satisfying .Net. The
problem can usually be fixed by adjusting the imports, includes and referenced namespaces of the
XSD files involved. XSD's that use xml:lang from the 1998 XML Schema definition can be problematic,
but XPS shows how this can be solved (copy xml.xsd and all the dtd files to the XSD directory).
Q: When I output to the an executable it can't find the test case file?
A: The [filename] variable will be the 'Output Directory' concatenated with the test case filename,
however many application require a full path to the file, so you need to prepend the path to the
'Output Directory' in the 'Command Line'.
E.g. If 'Output Directory' is 'Examples\Format\' then [filename] becomes 'Examples\Format\testcase.ext'
(where testcase.ext is a placeholder for the actual testcase filename), meaning that if the executable
requires a full path you should use a 'Command Line' of 'c:\Fuzzware\[filename]' (given you installed
Fuzzware at 'c:\Fuzzware'). Don't forget to use quotes if the path contains spaces.
Update: As of version 1.4 there is a new token you can use on the command line [workingdir]. This token
will be substituted with the current working directory. This should eliminate the need to hard code any paths
into the command line.
Q: I'm using Fuzzware version 1.4 on Vista and it needs to run with administrative privileges, why?
A: With the introduction of FuzzwareDBG this is a new requirement. Basically to register FuzzwareDBG as a
COM component or as the post-mortem debugger, admin credentials are required. The easiest solution was
just to require all the Fuzzware exe's to run elevated. It's something I could probably change if it
becomes an issue.
Q: Why doesn't Schemer support any of the date, time or duration XML Schema types?
A: Not any particularly good reason, just that there is currently no date or time fuzzer in Schemer. It is
tempting to just fuzz these as strings, but that would lead to just about all test cases being rejected as
invalid according to their type. If you need to fuzz date, time or duration types, change their type to string
and define a custom fuzzer for that node.
Should sufficient demand arise then I can add a date, time and duration fuzzer to Schemer in a future release.