GitHub - zyw-200/EQUAFL

EQUAFL

Our tool is mainly built on top of QEMU. The source code we modified as follows.

Outline

EQUAFL contains both observation and replay mechanisms. The observation mechanism is mainly implemented in the following source file.

Full/cpu-exec.c

Notes: we implment the observation of dynamic files by instrumenting the both beginning and the end of the system call executions. You can refer to the function "syscall_start_ana" and "syscall_end_ana" in the source file. In particular, file-related system call includes open, read, write, dup, dup2, etc.

Full/linux_vmi_new.cpp

Notes: we identify application launch varaibles including arguments and environment variables by instrumenting the "do_execve" function. You can refer to the function "execve_analysis_vmi". The function would be executed after detecting the kernel execution to specific program point, and then it performs dumping for the launch variables.

The replay mechnism is mainly implemented in the following source file.

linux-user/main.c

Notes: we implment the replay mechnism of EQUAFL by instrumenting the system call execution. You can refer to the function "determine_local_or_not". The instrumented system calls are as follows. Process Limit: getrlimit, setrlimit Network: socket, bind, listen, accept, getpeername, getsockname, getsockopt, poll, select, etc.

We have written the comments for the implmentation in these source files.

Setup

In the top directory,

./configure --target-list=mipsel-linux-user,mips-linux-user,arm-linux-user --static --disable-werror make

Then, you can get the compiled emulator for enhance emulation, which can be obtained from mips-linux-user, mipsel-linux-user, arm-linux-user directory.

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
Full		Full
accel		accel
audio		audio
backends		backends
block		block
bsd-user		bsd-user
chardev		chardev
contrib		contrib
crypto		crypto
default-configs		default-configs
disas		disas
docs		docs
dtc		dtc
fpu		fpu
fsdev		fsdev
gdb-xml		gdb-xml
hw		hw
include		include
io		io
libdecnumber		libdecnumber
libnvram		libnvram
linux-headers		linux-headers
linux-user		linux-user
migration		migration
nbd		nbd
net		net
paper		paper
pc-bios		pc-bios
pixman		pixman
po		po
qapi		qapi
qga		qga
qobject		qobject
qom		qom
replay		replay
roms		roms
scripts		scripts
slirp		slirp
stubs		stubs
target		target
tcg		tcg
tests		tests
trace		trace
ui		ui
util		util
CODING_STYLE		CODING_STYLE
COPYING		COPYING
COPYING.LIB		COPYING.LIB
Changelog		Changelog
HACKING		HACKING
LICENSE		LICENSE
MAINTAINERS		MAINTAINERS
Makefile		Makefile
Makefile.objs		Makefile.objs
Makefile.target		Makefile.target
README.md		README.md
README_QEMU		README_QEMU
TRENDnet ticket.pdf		TRENDnet ticket.pdf
VERSION		VERSION
afl-qemu-cpu-inl.h		afl-qemu-cpu-inl.h
arch_init.c		arch_init.c
atomic_template.h		atomic_template.h
balloon.c		balloon.c
block.c		block.c
blockdev-nbd.c		blockdev-nbd.c
blockdev.c		blockdev.c
blockjob.c		blockjob.c
bootdevice.c		bootdevice.c
bt-host.c		bt-host.c
bt-vhci.c		bt-vhci.c
config.h		config.h
configure		configure
cpus-common.c		cpus-common.c
cpus.c		cpus.c
device-hotplug.c		device-hotplug.c
device_tree.c		device_tree.c
disas.c		disas.c
dlink-email-cve.pdf		dlink-email-cve.pdf
dlink-email-cve2.pdf		dlink-email-cve2.pdf
dma-helpers.c		dma-helpers.c
dump.c		dump.c
exec.c		exec.c
gdbstub.c		gdbstub.c
hax-stub.c		hax-stub.c
hmp-commands-info.hx		hmp-commands-info.hx
hmp-commands.hx		hmp-commands.hx
hmp.c		hmp.c
hmp.h		hmp.h
ioport.c		ioport.c
iothread.c		iothread.c
memory.c		memory.c
memory_ldst.inc.c		memory_ldst.inc.c
memory_mapping.c		memory_mapping.c
module-common.c		module-common.c
monitor.c		monitor.c
numa.c		numa.c
os-posix.c		os-posix.c
os-win32.c		os-win32.c
package_required		package_required
qapi-schema.json		qapi-schema.json

License

Licenses found

zyw-200/EQUAFL

Folders and files

Latest commit

History