3 QEMU From the Ground

In this chapter, we will start to look at QEMU from a stricter technical point of view. We will revise why it has become fundamental in cybersecurity and we will start to look at the emulator internals, the Tiny Code Generator (TCG), and general and specialized parts of the code. We will also check out some very powerful orchestrators, such as Avatar2 and Platform for Architecture-Neutral Dynamic Analysis (PANDA). Moreover, we will go briefly over some successful cases of vulnerabilities found with QEMU.

This chapter will cover the following main topics:

Approaching IoT devices with emulation
Code structure
QEMU emulation
QEMU extensions and mods

Approaching IoT devices with emulation

A few years ago, emulation was mostly ...

Get Fuzzing Against the Machine now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Fuzzing Against the Machine by Antonio Nappa, Eduardo Blázquez

3

QEMU From the Ground

Approaching IoT devices with emulation

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly