QEMU Execution Modes and Fuzzing
In this chapter, we will cover QEMU modes, namely the user mode and full-system emulation. Once we understand the difference, we will dig into fuzzing code with these two different modes. In the first case, we will be able to fuzz a program through the interface it exposes to the user, that is, stdin. In the second case, we will have to choose our battle and select a component of the operating system, for example, a piece of the network stack, a specific device driver interface, or in the case of an embedded operating system, a particular task such as the memory allocator or the CPU scheduler.
This chapter will cover the following main topics:
- QEMU user mode
- QEMU system mode
- Static versus dynamic fuzzing
- Sophisticated methods with constraint solving
- Advantages of AFL and AFL++ versus my own fuzzer
