Crate libafl_qemu

source ·
Expand description

Welcome to LibAFL QEMU

Warning: The documentation is built by default for x86_64 in usermode. To access the documentation of other architectures or systemmode, the documentation must be rebuilt with the right features.

§LibAFL QEMU

LibAFL QEMU is a fuzzing-oriented emulation library that wraps QEMU with a rich API in Rust.

It comes in two variants, usermode to fuzz Linux ELFs userspace binaries and systemmode, to fuzz arbitrary operating systems with QEMU TCG.

§Cite

If you use LibAFL QEMU for your academic work, consider citing the follwing paper:

@InProceedings{libaflqemu:bar24,
  title        = {{LibAFL QEMU: A Library for Fuzzing-oriented Emulation}},
  author       = {Romain Malmain and Andrea Fioraldi and Aurélien Francillon},
  year         = {2024},
  series       = {BAR 24},
  month        = {March},
  booktitle    = {Workshop on Binary Analysis Research (colocated with NDSS Symposium)},
  location     = {San Diego (USA)},
  keywords     = {fuzzing, emulation},
}

§Feature Flags

§General Features

  • injections (enabled by default) — Find injections during fuzzing
  • python — Python bindings support
  • fork (enabled by default) — Fork support
  • build_libgasan (enabled by default) — Build libqasan for address sanitization

§The following architecture features are mutually exclusive.

  • x86_64 — build qemu for x86_64 (default)
  • be — Big Endian mode
  • usermode — Usermode (mutually exclusive to Systemmode)
  • systemmode — Systemmode (mutually exclusive to Usermode)

§SerdeAny features

  • serdeany_autoreg (enabled by default) — Automatically register all #[derive(SerdeAny)] types at startup.

§Internal features, don’t use in normal projects

  • clippy — clippy workaround

Re-exports§

Modules§

Traits§

  • This trait designates that an Enum can be iterated over. It can be auto generated using the EnumIter derive macro.

Functions§