Skip to content
/ Qemu4_Tainting Public

This is a taint analysis tool on top of Qemu version 4.

License

Unknown and 2 other licenses found

Licenses found

Unknown
LICENSE
GPL-2.0
COPYING
LGPL-2.1
COPYING.LIB
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

adava/Qemu4_Tainting

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
accel
accel
 
 
audio
audio
 
 
authz
authz
 
 
backends
backends
 
 
block
block
 
 
bsd-user
bsd-user
 
 
chardev
chardev
 
 
contrib
contrib
 
 
crypto
crypto
 
 
default-configs
default-configs
 
 
disas
disas
 
 
docs
docs
 
 
dump
dump
 
 
fpu
fpu
 
 
fsdev
fsdev
 
 
gdb-xml
gdb-xml
 
 
hw
hw
 
 
include
include
 
 
io
io
 
 
libdecnumber
libdecnumber
 
 
linux-headers
linux-headers
 
 
linux-user
linux-user
 
 
migration
migration
 
 
monitor
monitor
 
 
nbd
nbd
 
 
net
net
 
 
pc-bios
pc-bios
 
 
plugins
plugins
 
 
po
po
 
 
python/qemu
python/qemu
 
 
qapi
qapi
 
 
qga
qga
 
 
qobject
qobject
 
 
qom
qom
 
 
replay
replay
 
 
roms
roms
 
 
scripts
scripts
 
 
scsi
scsi
 
 
softmmu
softmmu
 
 
storage-daemon
storage-daemon
 
 
stubs
stubs
 
 
target
target
 
 
tcg
tcg
 
 
tests
tests
 
 
tools/virtiofsd
tools/virtiofsd
 
 
trace
trace
 
 
ui
ui
 
 
util
util
 
 
.cirrus.yml
.cirrus.yml
 
 
.dir-locals.el
.dir-locals.el
 
 
.editorconfig
.editorconfig
 
 
.exrc
.exrc
 
 
.gdbinit
.gdbinit
 
 
.gitignore
.gitignore
 
 
.gitlab-ci-edk2.yml
.gitlab-ci-edk2.yml
 
 
.gitlab-ci-opensbi.yml
.gitlab-ci-opensbi.yml
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.gitmodules
.gitmodules
 
 
.gitpublish
.gitpublish
 
 
.mailmap
.mailmap
 
 
.patchew.yml
.patchew.yml
 
 
.readthedocs.yml
.readthedocs.yml
 
 
.shippable.yml
.shippable.yml
 
 
.travis.yml
.travis.yml
 
 
CODING_STYLE.rst
CODING_STYLE.rst
 
 
COPYING
COPYING
 
 
COPYING.LIB
COPYING.LIB
 
 
Changelog
Changelog
 
 
Kconfig.host
Kconfig.host
 
 
LICENSE
LICENSE
 
 
MAINTAINERS
MAINTAINERS
 
 
Makefile
Makefile
 
 
Makefile.objs
Makefile.objs
 
 
Makefile.target
Makefile.target
 
 
README.md
README.md
 
 
VERSION
VERSION
 
 
arch_init.c
arch_init.c
 
 
balloon.c
balloon.c
 
 
block.c
block.c
 
 
blockdev-nbd.c
blockdev-nbd.c
 
 
blockdev.c
blockdev.c
 
 
blockjob.c
blockjob.c
 
 
bootdevice.c
bootdevice.c
 
 
c-fgets.c
c-fgets.c
 
 
configure
configure
 
 
cpus-common.c
cpus-common.c
 
 
cpus.c
cpus.c
 
 
device_tree.c
device_tree.c
 
 
disas.c
disas.c
 
 
dma-helpers.c
dma-helpers.c
 
 
exec-vary.c
exec-vary.c
 
 
exec.c
exec.c
 
 
gdbstub.c
gdbstub.c
 
 
gitdm.config
gitdm.config
 
 
hmp-commands-info.hx
hmp-commands-info.hx
 
 
hmp-commands.hx
hmp-commands.hx
 
 
ioport.c
ioport.c
 
 
iothread.c
iothread.c
 
 
job-qmp.c
job-qmp.c
 
 
job.c
job.c
 
 

Repository files navigation

Qemu4_Tainting

This is a taint analysis tool on top of Qemu version 4. The tool is a Qemu plugin, and currently supports linux 64 bits user programs. The tainting has bit level granularity, and the rules are inspired by Valgrind memcheck and DECAF. The optimization proposed by DECAF++ is also implemented.

Compilation

./configure --target-list=x86_64-linux-user --enable-plugins --enable-debug --enable-kvm
make
cd ./tests/plugin
make

Execution

 x86_64-linux-user/qemu-x86_64 -d plugin -D [/PATH/TO/shadow.log] -plugin tests/plugin/libtaint.so,arg=hint [PATH/TO/BINARY]

Currently, only the input from the keyboard is considered as a taint source. To change the code, see the file in tests/plugin/taint.c After the execution, [/PATH/TO/shadow.log] will containt the taint information (and debug information if configured so) of the live memory addresses.

About

This is a taint analysis tool on top of Qemu version 4.

Resources

Readme

License

Unknown and 2 other licenses found

Licenses found

Unknown
LICENSE
GPL-2.0
COPYING
LGPL-2.1
COPYING.LIB
Activity

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages