Crate libafl_qemu

Source
Expand description

Welcome to LibAFL QEMU

Warning: The documentation is built by default for x86_64 in usermode. To access the documentation of other architectures or systemmode, the documentation must be rebuilt with the right features.

§LibAFL QEMU

LibAFL QEMU is a fuzzing-oriented emulation library that wraps QEMU with a rich API in Rust.

It comes in two variants, usermode to fuzz Linux ELFs userspace binaries and systemmode, to fuzz arbitrary operating systems with QEMU TCG.

§Cite

If you use LibAFL QEMU for your academic work, consider citing the follwing paper:

@InProceedings{libaflqemu:bar24,
  title        = {{LibAFL QEMU: A Library for Fuzzing-oriented Emulation}},
  author       = {Romain Malmain and Andrea Fioraldi and Aurélien Francillon},
  year         = {2024},
  series       = {BAR 24},
  month        = {March},
  booktitle    = {Workshop on Binary Analysis Research (colocated with NDSS Symposium)},
  location     = {San Diego (USA)},
  keywords     = {fuzzing, emulation},
}

§Feature Flags

§General Features

  • injections (enabled by default) — Find injections during fuzzing
  • python — Python bindings support
  • fork (enabled by default) — Fork support
  • build_libgasan (enabled by default) — Build libqasan for address sanitization

§The following architecture features are mutually exclusive.

  • x86_64 — build qemu for x86_64 (default)
  • be — Big Endian mode
  • usermode (enabled by default) — Usermode (mutually exclusive to Systemmode)
  • systemmode — Systemmode (mutually exclusive to Usermode)

§SerdeAny features

  • serdeany_autoreg (enabled by default) — Automatically register all #[derive(SerdeAny)] types at startup.

§Internal features, don’t use in normal projects

  • clippy — clippy workaround

Re-exports§

pub use executor::QemuExecutor;
pub use executor::QemuForkExecutor;
pub use libafl_qemu_sys as sys;
pub use arch::*;
pub use qemu::*;
pub use emu::*;

Modules§

arch
breakpoint
command
elf
Utilities to parse and process ELFs
emu
Higher-level abstraction of Qemu
executor
A QEMU-based executor for binary-only instrumentation in LibAFL
modules
qemu
Low-level QEMU library
sync_exit

Enums§

MmapPerms

Traits§

IntoEnumIterator
This trait designates that an Enum can be iterated over. It can be auto generated using the EnumIter derive macro.

Functions§

filter_qemu_args
python_module

Type Aliases§

GuestAddr