Blog Category: virtual machines

Cannoli: The Fast QEMU Tracer

Cannoli is a high-performance tracing engine for qemu-user. It can record a trace of both PCs executed as well as memory operations. It consists of a small patch to QEMU to expose locations to inject some code directly into the JIT, a shared library which is loaded into QEMU to decide what and how to instrument, and a final library which consumes the stream produced by QEMU in another process, where analysis can be done on the trace. … Read More 

An opinionated guide on how to reverse engineer software, part 1

Reverse engineering is just one step on the road to some final goal. Which could be to reimplement someone’s algorithm, interoperate with a new system or application, look for software vulnerabilities you can exploit, make game cheats, or revive old dead software to run on new systems. This is the first post in a series meant to help improve your static reverse engineering skills. … Read More 

Out-of-Order Execution as a Cross-VM Side-Channel and Other Applications

Given the rise in popularity of cloud computing and platform-as-a-service, vulnerabilities in systems which share hardware have become more attractive targets to malicious actors. One of the vulnerabilities inherent to these systems is the potential for side-channels, especially ones that violate the isolation between virtual machines. … Read More