Crate libafl_qemu
source ·Expand description
Welcome to LibAFL
QEMU
Warning: The documentation is built by default for x86_64
in usermode
. To access the documentation of other architectures or systemmode
, the documentation must be rebuilt with the right features.
§LibAFL QEMU
LibAFL QEMU is a fuzzing-oriented emulation library that wraps QEMU with a rich API in Rust.
It comes in two variants, usermode to fuzz Linux ELFs userspace binaries and systemmode, to fuzz arbitrary operating systems with QEMU TCG.
§Cite
If you use LibAFL QEMU for your academic work, consider citing the follwing paper:
@InProceedings{libaflqemu:bar24,
title = {{LibAFL QEMU: A Library for Fuzzing-oriented Emulation}},
author = {Romain Malmain and Andrea Fioraldi and Aurélien Francillon},
year = {2024},
series = {BAR 24},
month = {March},
booktitle = {Workshop on Binary Analysis Research (colocated with NDSS Symposium)},
location = {San Diego (USA)},
keywords = {fuzzing, emulation},
}
§Feature Flags
§General Features
injections
(enabled by default) — Find injections during fuzzingpython
— Python bindings supportfork
(enabled by default) — Fork supportbuild_libgasan
(enabled by default) — Build libqasan for address sanitization
§The following architecture features are mutually exclusive.
x86_64
— build qemu for x86_64 (default)be
— Big Endian modeusermode
— Usermode (mutually exclusive to Systemmode)systemmode
— Systemmode (mutually exclusive to Usermode)
§SerdeAny features
serdeany_autoreg
(enabled by default) — Automatically register all#[derive(SerdeAny)]
types at startup.
§Internal features, don’t use in normal projects
clippy
— clippy workaround
Re-exports§
pub use executor::QemuExecutor;
pub use executor::QemuForkExecutor;
pub use libafl_qemu_sys as sys;
pub use arch::*;
pub use qemu::*;
pub use emu::*;
Modules§
- Utilities to parse and process ELFs
- Higher-level abstraction of
Qemu
- A
QEMU
-based executor for binary-only instrumentation inLibAFL
- Low-level QEMU library
Traits§
- This trait designates that an
Enum
can be iterated over. It can be auto generated using theEnumIter
derive macro.