Scenario Executor for Binaries
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
code_examples
doc
docker
gdb
.gitignore
LICENSE
README.md
seb.py

README.md

SEB: Scenario Executor for Binaries

Objective of SEB is to take a scenario for a binary, execute it, and check some properties during execution.

Technically, seb is a set of commands for gdb and a simple driver to launch gdb and attach to running QEMU.

It uses QEMU (with plugins extension) to run a program and gdb to control it through its gdbstub implementation.

In more, save/restore of program is permitted via use of criu (Checkpoint/Restore in User Space - https://github.com/xemul/criu) project.

Dependencies

Please check docker/Dockerfile to know it.

Build qemu with plugins

QEMU dep:

sudo apt-get install -y pkg-config zlib1g-dev libglib2.0-dev libpixman-1-dev libfdt-dev libcapstone3-dev

QEMU configure:

./configure --enable-capstone --enable-tcg-plugin-cpp\
 --target-list=x86_64-linux-user,arm-linux-user,aarch64-linux-user,arm-softmmu

QEMU configure for debug + ccache use:

./configure --cc='/usr/bin/ccache gcc'\
--enable-capstone --enable-tcg-plugin-cpp --enable-debug\
--target-list=x86_64-linux-user,arm-linux-user,aarch64-linux-user,arm-softmmu

Example of use

make -C ./seb/code_examples && \
./seb/seb.py \
--qemu-path ./qemu-plugins/x86_64-linux-user/qemu-x86_64 \
--qemu-plugin ./qemu-plugins/x86_64-linux-user/tcg-plugin-icount-inlined.so \
--input-file ./seb/code_examples/gdbcommand \
./seb/code_examples/simple_loop 5

GDB new commands (to type from gdb prompt)

help qemu
help prefix
help function-hook