GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → atrosinenko → qinst

atrosinenko / qinst

Licence: Unknown and 2 other licenses found Licenses found Unknown LICENSE GPL-2.0 COPYING LGPL-2.1 COPYING.LIB
Draft of generic instrumentation tool based on QEMU using eBPF to implement trivial instrumentations with trivial code

Programming Languages

c
50402 projects - #5 most used programming language
C++
36643 projects - #6 most used programming language
python
139335 projects - #7 most used programming language
shell
77523 projects
assembly
5116 projects
haxe
709 projects

Labels

instrumentationqemuebpfdynamic-instrumentation

Projects that are alternatives of or similar to qinst

uprobe-http-tracer
uprobe-based HTTP tracer for Go binaries
Stars: ✭ 45 (+164.71%)
Mutual labels:  instrumentation, ebpf
Aflplusplus
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Stars: ✭ 2,319 (+13541.18%)
Mutual labels:  instrumentation, qemu
Orbit
C/C++ Performance Profiler
Stars: ✭ 2,291 (+13376.47%)
Mutual labels:  instrumentation, dynamic-instrumentation
Tools
Combination of different utilities, have fun!
Stars: ✭ 166 (+876.47%)
Mutual labels:  qemu
prometheus-fastapi-instrumentator
Instrument your FastAPI app
Stars: ✭ 511 (+2905.88%)
Mutual labels:  instrumentation
ebpf
Elastic's eBPF
Stars: ✭ 45 (+164.71%)
Mutual labels:  ebpf
EmbedSanitizer
EmbedSantizer is a runtime race detection tool which extends ThreadSanitizer to detect data races in 32-bit ARM applications.
Stars: ✭ 16 (-5.88%)
Mutual labels:  instrumentation
sbt-instrumentation
Configurable instrumentation of LLVM bitcode
Stars: ✭ 31 (+82.35%)
Mutual labels:  instrumentation
libbpf-sys
Rust bindings to libbpf from the Linux kernel
Stars: ✭ 103 (+505.88%)
Mutual labels:  ebpf
rbbcc
BCC port for MRI - this is unofficial bonsai project.
Stars: ✭ 45 (+164.71%)
Mutual labels:  ebpf
nodeprof.js
Instrumentation framework for Node.js compliant to ECMAScript 2020 based on GraalVM.
Stars: ✭ 44 (+158.82%)
Mutual labels:  instrumentation
bpfbox
🐝 BPFBox 📦 Exploring process confinement in eBPF
Stars: ✭ 93 (+447.06%)
Mutual labels:  ebpf
kube-knark
Open Source runtime tool which help to detect malware code execution and run time mis-configuration change on a kubernetes cluster
Stars: ✭ 32 (+88.24%)
Mutual labels:  ebpf
MIDI-VAE
No description or website provided.
Stars: ✭ 56 (+229.41%)
Mutual labels:  instrumentation
solcover
Code coverage for solidity
Stars: ✭ 64 (+276.47%)
Mutual labels:  instrumentation
Sloth
Sloth 🦥 is a coverage guided fuzzing framework for fuzzing Android Native libraries that makes use of libFuzzer and QEMU user-mode emulation
Stars: ✭ 91 (+435.29%)
Mutual labels:  qemu
afl-dyninst
American Fuzzy Lop + Dyninst == AFL Fuzzing blackbox binaries
Stars: ✭ 65 (+282.35%)
Mutual labels:  instrumentation
byok
A bare-metal x86 Forth interpreter & compiler
Stars: ✭ 48 (+182.35%)
Mutual labels:  qemu
virtblkiosim
Virtual Linux block device driver for simulating and performing I/O.
Stars: ✭ 30 (+76.47%)
Mutual labels:  qemu
qemu-arm
Approximation Raspberry Pi Emulator in Docker Container
Stars: ✭ 31 (+82.35%)
Mutual labels:  qemu
View All Similar Projects ➔

QInst is a dynamic instrumentation tool based on QEMU and supposed to perform trivial instrumentation with trivial code. It inserts snippets of code before the specified ops of QEMU internal representation. To achieve this, it takes arbitrary plugin.so with native code of the instrumenter run-time as well as little plugin-bpf.a with specially named functions that are hooked to QEMU internal ops. This allows to very easily hook into deep internals of QEMU between the disasm/codegen and dead code elimination/optimization logic.

This software is at the very early development stage, still it is already able to run instrumentation of AFL.

The AFL instrumentation looks like the following (this is the actual working example):

#include <stdint.h>
  
extern uint8_t *__afl_area_ptr;
extern uint64_t prev;

void inst_qemu_brcond_i64(uint64_t tag, uint64_t x, uint64_t y, uint64_t z, uint64_t u)
{
    __afl_area_ptr[((prev >> 1) ^ tag) & 0xFFFF] += 1;
    prev = tag;
}

void inst_qemu_brcond_i32(uint64_t tag, uint64_t x, uint64_t y, uint64_t z, uint64_t u)
{
    __afl_area_ptr[((prev >> 1) ^ tag) & 0xFFFF] += 1;
    prev = tag;
}

The nice fact about this tool is that its instrumentations are not tied to QEMU. Sure, they use QEMU opcode names and signatures but it should be probably easy to make the instrumentation cross-tool if other implementation will become available (such as LLVM or DynamoRIO).

Possibilities from slowest to fastest:

(a) Dynamic instrumentation: QEMU, DynamoRIO (you are here)
(b) Static instrumentation: LLVM
--
(c) Hardware-assisted generic instrumentation
(d) Hardware-assisted instrumentation baked into instantiated softprocessor
  • (a) is already implemented as an early draft
  • (b) is not very hard to implement
  • (d) is already implemented (early draft) as a RoCC accelerator for RocketChip and patched RocketChip
  • (c) would be the most flexible (if possible at all) but requires some configurable FPGA-like additions to CPU :)

Examples

Examples are in the instrumentation-examples directory. Compile the eBPF part with compile-bpf.sh, then compile native part and run

NATIVE_INST=./path/to/native.so BPF_INST=./path/to/bpf.o ./x86_64-linux-user/qemu-x86_64 -- /bin/gzip -d

For now, Pull Requests are not accepted. I hope to upstream it someday, but QEMU has a non-trivial policy on pushing the changes (Signed-Off's, etc.).

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].