Qemu tracer - a tracer based on qemu project. It executes a binary executable and saves trace data using Protocol Buffer format. The contents of the trace data is defined in bap-frames project.
If you don't want to mess with the source and building, then you can just dowload a tarball with prebuilt binaries. Look at the latest release and it might happen, that we have built binaries for your linux distribution, if it is not the case, then create an issue, and we will build it for you.
Let's pretend, that you're using Ubuntu Trusty, and install it. First download it with your favorite downloader:
wget https://github.com/BinaryAnalysisPlatform/qemu/releases/download/v2.0.0-tracewrap-2.0.0-rc1/qemu-tracewrap-ubuntu-14.04.4-LTS.tgz
Install it in the specified prefix with a command like tar -C <prefix> -xf qemu-tracewrap-ubuntu-14.04.4-LTS.tgz
, e.g.,
to install in your home directory:
tar -C $HOME -xf qemu-tracewrap-ubuntu-14.04.4-LTS.tgz
Note: the instructions assume that you're using Ubuntu, but it
may work on other systems, that uses apt-get
.
Before building the qemu-tracewrap, you need to install the following packages:
- qemu build dependencies
- autoconf, libtool, protobuf-c-compiler
- piqi library
To install qemu build dependencies, use the following command
$ sudo apt-get --no-install-recommends -y build-dep qemu
To install autoconf, libtool, protobuf-c-compiler, use the following command
$ sudo apt-get install autoconf libtool protobuf-c-compiler
To install piqi library with opam, use the following command
$ opam install piqi
Download bap-frames with following command
$ git clone https://github.com/BinaryAnalysisPlatform/bap-frames.git
Download qemu tracer with following command
$ git clone [email protected]:BinaryAnalysisPlatform/qemu.git
Change folder to qemu and build tracer:
$ cd qemu
$ ./configure --prefix=$HOME --with-tracewrap=<absolute-path-to>/bap-frames --target-list=arm-linux-user
$ ninja -C build
$ ninja -C build install
To run executable exec
compiled for arch
, use qemu-arch exec
command, e.g.,
qemu-x86_64 /bin/ls
. It will dump the trace into ls.frames
file. You can configure
the filename with -tracefile
option, e.g., qemu-arm -tracefile arm.ls.frames ls
Hints: use option -L to set the elf interpreter prefix to 'path'. Use fetchlibs.sh to download arm and x86 libraries.
Only ARM target is supported in this branch.