Unicorn Plugin #29

Closed
Manouchehri opened this Issue Jun 26, 2016 · 11 comments

Projects

None yet

6 participants

@Manouchehri

As previously mentioned in angr/cle#22 (comment), a Unicorn Engine plugin is in progress. Thought it would make sense to open up a GitHub issue in the proper repo so other people are aware.

@isra17 recently posted a neat benchmark showing angr vs. Unicorn. https://github.com/isra17/emu_test

@rhelmot
Member
rhelmot commented Jun 26, 2016

(As a clerical note, it looks likely at this point that we will not release
the unicorn support until after the CGC in August)

On Sunday, June 26, 2016, David Manouchehri notifications@github.com
wrote:

As previously mentioned in angr/cle#22 (comment)
angr/cle#22 (comment), a Unicorn
Engine http://www.unicorn-engine.org/ plugin is in progress. Thought it
would make sense to open up a GitHub issue in the proper repo so other
people are aware.

@isra17 https://github.com/isra17 recently posted a neat benchmark
showing angr vs. Unicorn. https://github.com/isra17/emu_test

โ€”
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#29, or mute the thread
https://github.com/notifications/unsubscribe/ACYg9eC-MY_47pwdrVxQaNLCuygLboVqks5qPstKgaJpZM4I-nde
.

@zardus zardus added the enhancement label Jun 27, 2016
@zardus
Member
zardus commented Jun 27, 2016

Yep, we're definitely working on it! It won't quite match @isra17's unicorn benchmarks (because we need to hook memory accesses to sync the state back into angr), but it'll be a lot faster than emulating VEX with python. Some preliminary benchmarks show runtime increases of 600x for certain workloads.

@Manouchehri

Exciting stuff! Looking forward to the release after you win CGC. =)

@ltfish
Member
ltfish commented Jun 27, 2016

I guess we will release it even if we don't win CGC :D

@aquynh
aquynh commented Jun 27, 2016

nice to hear, and looking forward to your release this Unicorn support :-)

@Manouchehri

For anyone following this, Unicorn support has been completed but not pushed to the repo yet.

@aquynh
aquynh commented Aug 10, 2016

cool, cant wait! but exactly how Unicorn is used there?

@Manouchehri
Manouchehri commented Aug 10, 2016 edited

As per @zardus' previous comment, it's used instead of emulating VEX with Python.

@salls
Member
salls commented Aug 10, 2016

The main use cases of unicorn right now are the following:

  1. The data currently being operated on is concrete. Symbolic emulation isn't necessary so we jump into unicorn and let unicorn/qemu execute until symbolic data would be touched or introduced.
  2. There is something we haven't implemented (weird vex instruction, syscall etc). In these cases I believe it is better to run the part angr can't handle with unicorn. We lose the symbolic relationship, but at least we can continue execution in a sane state
@Manouchehri

Looks like it's been pushed!

@rhelmot
Member
rhelmot commented Aug 21, 2016

It's been pushed for the last two weeks! The big thing, though, is that our fork of Unicorn is now pushed, to https://github.com/angr/unicorn.

The changes we've made are all pending pull requests to upstream. They're mostly bug fixes and minor features, the biggest thing is that it overhauls the python setup process to do things like actually work correctly without manually copying files around, and also packaging the library headers so simuvex can build against it.

Basically, you should just be able to python setup.py install in the bindings/python directory and it should Just Work. (You can also run the setup.py in the repo root but that's just a compatibility shim until it's distributed on pip)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment