FAQ

Why is my execution so slow?

Typically, it’s due to

• Instrumenting every instruction executed.
• Instrumenting every memory access.

Optimize your program with less instrumentation.

Why do I get a wrong PC after emulation stops?

PC is only guaranteed to be correct if you install any hooks.

I get an “Unhandled CPU Exception”, why?

Qnicorn is a pure CPU emulator and usually it’s due to no handler registered for instructions like syscall and SVC. If you expect system emulation, you probably would like qiling framework.

I would like to instrument a specific instruction but get an UC_ERR_HOOK, why?

Currently, only a small subset of the instructions can be instrumented.

On x86, all available instructions are: in out syscall sysenter cpuid.

How to emulate interrupts (or ticks) with Qnicorn?

As stated, Qnicorn is a pure CPU emulator. For such emulation, you have two choices:

• Use the timeout parameter of uc_emu_start
• Use the count parameter of uc_emu_start

After emulation stops, you may check anything you feel interested and resume emulation accordingly.

Note that for cortex-m exec_return, Qnicorn has a magic software exception with interrupt number 8. You may register a hook to handle that.

Why not keep up the upstream qemu?

We will do. Stay tuned!

Is there anyway to disable softmmu to speed up execution?

Yes, it’s possible but that is not Qnicorn’s goal and there is no simple switch in qemu to disable softmmu.

I'd like to make contributions, where do I start?

See milestones and coding convention.

Be sure to send pull requests for our dev branch only.

Which qemu version is Qnicorn based on?

See qemu/VERSION file for details.