geohot/qira geohot/qira

  • Stars
    star
    3,806
  • Rank 11,218 (Top 0.3 %)
  • Language
    C
  • License
    MIT License
  • Created almost 10 years ago
  • Updated almost 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
geohot/qira
github

geohot

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

QEMU Interactive Runtime Analyser

QIRA

Build Status

  • QIRA is a competitor to strace and gdb
  • See http://qira.me/ for high level usage information
  • All QIRA code is released under MIT license
  • Other code in this repo released under its respective license

Supported OS

Ubuntu 14.04 and 16.04 supported out of the box.
18.04 is having a problem with building QEMU
See forked QEMU source at https://github.com/geohot/qemu/tree/qira to fix.

Non Linux hosts may run the rest of QIRA, but cannot run the QEMU tracer.
Very limited support for Mac OS X and Windows natively.
The Docker image in docker should work everywhere.

Installing release

See instructions on qira.me to install 1.3

Installing trunk

cd ~/
git clone https://github.com/geohot/qira.git
cd qira/
./install.sh

Installation Extras

  • ./fetchlibs.sh will fetch the libraries for i386, armhf, armel, aarch64, mips, mipsel, and ppc
  • ./tracers/pin_build.sh will install the QIRA PIN plugin, allowing --pin to work

Releases

  • v1.3 -- Update using pinned python packages
  • v1.2 -- Many many changes. Forced release due to v1.0 not working anymore.
  • v1.1 -- Support for names and comments. Static stuff added. Register colors.
  • v1.0 -- Perf is good! Tons of bugfixes. Quality software. http://qira.me/
  • v0.9 -- Function indentation. haddrline added (look familiar?). Register highlighting in hexdump.
  • v0.8 -- Intel syntax! Shipping CDA (cda a.out) and experimental PIN backend. Bugfixes. Windows support?
  • v0.7 -- DWARF support. Builds QEMU if distributed binaries don't work. Windows IDA plugin.
  • v0.6 -- Added changes before webforking. Highlight strace addresses. Default on analysis.
  • v0.5 -- Fixed regression in C++ database causing wrong values. Added PowerPC support. Added "A" button.
  • v0.4 -- Using 50x faster C++ database. strace support. argv and envp are there.
  • v0.3 -- Built in socat, multiple traces, forks (experimental). Somewhat working x86-64 and ARM support
  • v0.2 -- Removed dependency on mongodb, much faster. IDA plugin fixes, Mac version.
  • v0.1 -- Initial release

UI

At the top, you have 4 boxes, called the controls.
  Blue = change number, grey = fork number
  red = instruction address (iaddr), yellow = data address (daddr).

On the left you have the vtimeline, this is the full trace of the program.
  The top is the start of the program, the bottom is the end/current state.
  More green = deeper into a function.
  The currently selected change is blue, red is every passthrough of the current iaddr
  Bright yellow is a write to the daddr, dark yellow is a read from the daddr.
  This color scheme is followed everywhere.

Below the controls, you have the idump, showing instructions near the current change
Under that is the regviewer, datachanges, hexeditor, and strace, all self explanatory.

Mouse Actions

Click on vtimeline to navigate around. Right-click forks to delete them. Click on data (or doubleclick if highlightable) to follow in data. Right-click on instruction address to follow in instruction.

Keyboard Shortcuts in web/client/controls.js

j -- next invocation of instruction
k -- prev invocation of instruction

shift-j -- next toucher of data
shift-k -- prev toucher of data

m -- go to return from current function
, -- go to start of current function

z -- zoom out max on vtimeline

left  -- -1 fork
right -- +1 fork
up    -- -1 clnum
down  -- +1 clnum

esc -- back

shift-c -- clear all forks

n -- rename instruction
shift-n -- rename data
: -- add comment at instruction
shift-: -- add comment at data

g -- go to change, address, or name
space -- toggle flat/function view

p -- analyze function at iaddr
c -- make code at iaddr, one instruction
a -- make ascii at iaddr
d -- make data at iaddr
u -- make undefined at iaddr

Installation on Windows (experimental)

  • Install git and python 2.7.9
  • Run install.bat

Session state

clnum -- selected changelist number
forknum -- selected fork number
iaddr -- selected instruction address
daddr -- selected data address

cview -- viewed changelists in the vtimeline
dview -- viewed window into data in the hexeditor
iview -- viewed address in the static view

max_clnum -- max changelist number for each fork
dirtyiaddr -- whether we should update the clnum based on the iaddr or not
flat -- if we are in flat view

Static

QIRA static has historically been such a trash heap it's gated behind -S. QIRA should not be trying to compete with IDA.

User input and the actual traces of the program should drive creation of the static database. Don't try to recover all CFGs, only what ran.

The basic idea of static is that it exists at change -1 and doesn't change ever. Each address has a set of tags, including things like name.

More Repositories

1

fromthetransistor

From the Transistor to the Web Browser, a rough outline for a 12 week course
3,512
star
2

minikeyvalue

A distributed key value store in under 1000 lines. Used in production at comma.ai
Go
2,791
star
3

corona

Reverse engineering SARS-CoV-2
Python
2,450
star
4

ai-notebooks

Some ipython notebooks implementing AI algorithms
Jupyter Notebook
959
star
5

twitchslam

A toy implementation of monocular SLAM written while livestreaming
Python
941
star
6

configuration

Like some files bro
Haskell
379
star
7

tinyvoice

Letting computers listen to you and really care
Jupyter Notebook
361
star
8

twitchchess

like twitchslam, for chess
Python
349
star
9

lolrecaptcha

We try to break the recaptcha for the Merry Christmas for all!
Go
292
star
10

mergesorts

mergesort in many languages
Shell
254
star
11

twitchcore

It's a core. Made on Twitch.
Verilog
229
star
12

cuda_ioctl_sniffer

Sniff CUDA ioctls
C
147
star
13

eda-reversing

The Embedded Disassembler
C++
110
star
14

kvm-kext

An implementation of /dev/kvm for Mac OS X
C
108
star
15

twitchcoq

It's a poorly named metamath verifier
Prolog
104
star
16

twitchtactoe

Tic Tac Toe in React because it is Simple Skills Sunday
JavaScript
102
star
17

battlechess

A distributed decentralized chess tournament
Python
99
star
18

tinyxxx

tiny corporation website
HTML
96
star
19

hammer-website

HTML
71
star
20

edgetpuxray

Enabling tinygrad compatibility with the Google Edge TPU
C++
68
star
21

pie

Computing digits of pi for the people
JavaScript
68
star
22

eda-2

Even better than eda-reversing...I hope
C++
61
star
23

haskell-scheme

Writing Scheme in Haskell
Haskell
58
star
24

twitchctw

compression = AI
Python
53
star
25

coq-hardy

Formalizing the Theorems from Hardy's "An Introduction to the Theory of Numbers" in coq
Coq
52
star
26

freethedsp

For winners only. Are you a winner?
C
40
star
27

twitchcoins

Python
36
star
28

openhexagon

An attempt at an open source toolchain for the Hexagon DSP
Shell
35
star
29

crappycase

So many shitty coders: Adobe, Blizzard, Valve. This is a case insensitivity emulator.
C
29
star
30

body_loop

comma body does a loop around the office
Python
28
star
31

amdgpu-dkms

Unpacking AMD's dkms packages
C
25
star
32

jenkyiphonetools

iPhone Tools of the lowest quality
Python
25
star
33

lowqualityraytracer

ever wonder how to raytrace? me too. i love america
Python
25
star
34

commaled

comma.ai LED controller cause the car needs some lights bro. SWAG!
Assembly
25
star
35

trinity-osxnew

C
22
star
36

aes_serial

There is so much swag in the world, just some of it is hidden -- Gandalf
C
17
star
37

eda-3

eda-3 from many years ago
JavaScript
13
star
38

collfun

It's Christmas time, you know what it is
Python
11
star
39

nnweights

6
star
40

7900xtx

5
star
41

gpysieve

ghetto sieves in python that don't work
Python
4
star
42

angr-travis

Run travis-ci testing on release version of angr
Shell
4
star
43

tt06-fp4-mac

FP4 MAC Array
Tcl
3
star
44

tt-twitch

tenstorrent kernel from twitch
C++
2
star