Struct libafl_qemu::emu::Emulator
source · [−]pub struct Emulator { /* private fields */ }
Implementations
sourceimpl Emulator
impl Emulator
pub fn new(args: &[String], env: &[(String, String)]) -> Emulator
sourcepub fn mappings(&self) -> GuestMapsⓘNotable traits for GuestMapsimpl Iterator for GuestMaps type Item = MapInfo;
pub fn mappings(&self) -> GuestMapsⓘNotable traits for GuestMapsimpl Iterator for GuestMaps type Item = MapInfo;
This function gets the memory mappings from the emulator.
pub fn num_cpus(&self) -> usize
pub fn current_cpu(&self) -> Option<CPU>
pub fn cpu_from_index(&self, index: usize) -> CPU
pub fn g2h<T>(&self, addr: GuestAddr) -> *mut T
pub fn h2g<T>(&self, addr: *const T) -> GuestAddr
pub unsafe fn write_mem(&self, addr: GuestAddr, buf: &[u8])
pub unsafe fn read_mem(&self, addr: GuestAddr, buf: &mut [u8])
pub fn num_regs(&self) -> i32
pub fn write_reg<R, T>(&self, reg: R, val: T) -> Result<(), String> where
T: Num + PartialOrd + Copy,
R: Into<i32>,
pub fn read_reg<R, T>(&self, reg: R) -> Result<T, String> where
T: Num + PartialOrd + Copy,
R: Into<i32>,
pub fn set_breakpoint(&self, addr: GuestAddr)
pub fn remove_breakpoint(&self, addr: GuestAddr)
pub fn set_hook(
&self,
addr: GuestAddr,
callback: extern "C" fn(_: GuestAddr, _: u64),
data: u64,
invalidate_block: bool
) -> usize
pub fn remove_hook(&self, addr: GuestAddr, invalidate_block: bool) -> usize
sourcepub unsafe fn run(&self)
pub unsafe fn run(&self)
This function will run the emulator until the next breakpoint, or until finish.
Safety
Should, in general, be safe to call. Of course, the emulated target is not contained securely and can corrupt state or interact with the operating system.
pub fn binary_path<'a>(&self) -> &'a str
pub fn load_addr(&self) -> GuestAddr
pub fn get_brk(&self) -> GuestAddr
pub fn set_brk(&self, brk: GuestAddr)
pub fn get_mmap_start(&self) -> GuestAddr
pub fn set_mmap_start(&self, start: GuestAddr)
pub fn map_private(
&self,
addr: GuestAddr,
size: usize,
perms: MmapPerms
) -> Result<GuestAddr, String>
pub fn map_fixed(
&self,
addr: GuestAddr,
size: usize,
perms: MmapPerms
) -> Result<GuestAddr, String>
pub fn mprotect(
&self,
addr: GuestAddr,
size: usize,
perms: MmapPerms
) -> Result<(), String>
pub fn unmap(&self, addr: GuestAddr, size: usize) -> Result<(), String>
pub fn flush_jit(&self)
pub fn add_edge_hooks(
&self,
gen: Option<extern "C" fn(_: GuestAddr, _: GuestAddr, _: u64) -> u64>,
exec: Option<extern "C" fn(_: u64, _: u64)>,
data: u64
)
pub fn add_block_hooks(
&self,
gen: Option<extern "C" fn(_: GuestAddr, _: u64) -> u64>,
exec: Option<extern "C" fn(_: u64, _: u64)>,
data: u64
)
pub fn add_read_hooks(
&self,
gen: Option<extern "C" fn(_: GuestAddr, _: usize, _: u64) -> u64>,
exec1: Option<extern "C" fn(_: u64, _: GuestAddr, _: u64)>,
exec2: Option<extern "C" fn(_: u64, _: GuestAddr, _: u64)>,
exec4: Option<extern "C" fn(_: u64, _: GuestAddr, _: u64)>,
exec8: Option<extern "C" fn(_: u64, _: GuestAddr, _: u64)>,
exec_n: Option<extern "C" fn(_: u64, _: GuestAddr, _: usize, _: u64)>,
data: u64
)
pub fn add_write_hooks(
&self,
gen: Option<extern "C" fn(_: GuestAddr, _: usize, _: u64) -> u64>,
exec1: Option<extern "C" fn(_: u64, _: GuestAddr, _: u64)>,
exec2: Option<extern "C" fn(_: u64, _: GuestAddr, _: u64)>,
exec4: Option<extern "C" fn(_: u64, _: GuestAddr, _: u64)>,
exec8: Option<extern "C" fn(_: u64, _: GuestAddr, _: u64)>,
exec_n: Option<extern "C" fn(_: u64, _: GuestAddr, _: usize, _: u64)>,
data: u64
)
pub fn add_cmp_hooks(
&self,
gen: Option<extern "C" fn(_: GuestAddr, _: usize, _: u64) -> u64>,
exec1: Option<extern "C" fn(_: u64, _: u8, _: u8, _: u64)>,
exec2: Option<extern "C" fn(_: u64, _: u16, _: u16, _: u64)>,
exec4: Option<extern "C" fn(_: u64, _: u32, _: u32, _: u64)>,
exec8: Option<extern "C" fn(_: u64, _: u64, _: u64, _: u64)>,
data: u64
)
pub fn add_backdoor_hook(
&self,
exec: extern "C" fn(_: GuestAddr, _: u64),
data: u64
)
pub fn set_on_thread_hook(&self, hook: extern "C" fn(tid: u32))
pub fn set_pre_syscall_hook(
&self,
hook: extern "C" fn(_: i32, _: u64, _: u64, _: u64, _: u64, _: u64, _: u64, _: u64, _: u64) -> SyscallHookResult
)
pub fn set_post_syscall_hook(
&self,
hook: extern "C" fn(_: u64, _: i32, _: u64, _: u64, _: u64, _: u64, _: u64, _: u64, _: u64, _: u64) -> u64
)
pub fn add_gdb_cmd(&self, callback: Box<dyn FnMut(&Self, &str) -> bool>)
pub fn gdb_reply(&self, output: &str)
Trait Implementations
Auto Trait Implementations
impl RefUnwindSafe for Emulator
impl Send for Emulator
impl Sync for Emulator
impl Unpin for Emulator
impl UnwindSafe for Emulator
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<Tail, T> Prepend<T> for Tail
impl<Tail, T> Prepend<T> for Tail
type PreprendResult = Tail
type PreprendResult = Tail
The Resulting [TupleList
], of an Prepend::prepend()
call,
including the prepended entry. Read more
sourcefn prepend(self, value: T) -> (T, <Tail as Prepend<T>>::PreprendResult)
fn prepend(self, value: T) -> (T, <Tail as Prepend<T>>::PreprendResult)
Prepend a value to this tuple, returning a new tuple with prepended value.
impl<SS, SP> SupersetOf<SS> for SP where
SS: SubsetOf<SP>,
impl<SS, SP> SupersetOf<SS> for SP where
SS: SubsetOf<SP>,
fn to_subset(&self) -> Option<SS>
fn to_subset(&self) -> Option<SS>
The inverse inclusion map: attempts to construct self
from the equivalent element of its
superset. Read more
fn is_in_subset(&self) -> bool
fn is_in_subset(&self) -> bool
Checks if self
is actually part of its subset T
(and can be converted to it).
fn to_subset_unchecked(&self) -> SS
fn to_subset_unchecked(&self) -> SS
Use with care! Same as self.to_subset
but without any property checks. Always succeeds.
fn from_subset(element: &SS) -> SP
fn from_subset(element: &SS) -> SP
The inclusion map: converts self
to the equivalent element of its superset.