LuaQEMU
basically, it includes lua objects inside the C source code. And They use luaobject to create a new qemu hw under /hw/arm/lua.c call lua. they add monitor states inside the lua hw and they add virtual peripherals for the lua SoC. When executing code on the CPU, they do analysis and print monitor messages.
afl-unicorn: Fuzzing Arbitrary Binary Code
they use unicorn( which is a simplified version of qemu, only contains the cpu emulation part)
Unicorn is a lightweight multi-platform, multi-architecture CPU emulator framework. (It use Capstone to disassemble the binary and )
Capstone is a lightweight multi-platform, multi-architecture disassembly framework. (derived from llvm, qemu add it as a submodule for new architecture)
So they build up the memory map and cpu register states, then use afl to instrument every block edge of translation block (TB). They write out the output in a sepcified memory region. Then they start unicorn to emulate and fuzz.
没有评论:
发表评论