Unicorn – The Ultimate CPU Emulator

This is actually the whole reason I wrote the patches that allow you to read and write memory and registers. I work on fuzzing, and fuzzing tools are a fragmented ecosystem of QEMU forks and patches that are outdated the moment they are published. Even PANDA from MIT LL which has great support struggled to keep their patches rebased and compatible with QEMU's actually-pretty-fast releases. Upstream or bust, it's really not that hard, it just takes a little persistence (and with LLMs learning git email is easy)!

This looks useful for a lot of instrumentation use cases, but less so for building custom emulators, if I'm understanding it correctly.

I use Qiling [0] (built on top of Unicorn) sometimes for this kind of things (it can take application snapshots, that you can restore; and you can also use something similar to x86/x86-64 memory hardware breakpoints too). Might fit what you want, although it can sometimes be in a pain in the rear to set up...

[0] https://github.com/qilingframework/qiling

Maybe kinda sorta https://github.com/momo5502/sogen? It can even virtualize Modern Warfare 2 these days.

Well, there's ptrace/gdb? (Since you mentioned Diablo II, you might want a windows debugger, but same idea)

Unicorn is more like a fork of Qemu than something that depends on it. So what they're saying here is, they reimplemented the Unicorn feature-set (which dramatically diverges from the Qemu feature-set) from scratch based on a newer Qemu branch.

Low-level debugging, older games (so many consoles have used everything from MIPS to PowerPC as CPUs), etc.

In the early 2000s, I used a linux-based emulator to virtualize some ancient manufacturing hardware control software that was still running on EOL and very expensive PA-RISC kit. It saved the company tens of thousands of dollars in new hardware, while also running faster (it involved early 1990s-era proprietary vector graphics as part of it was printing on the goods). The HP sales people were not amused and tried very hard to get my 22 year old self fired, but my manager convinced them to use it and the old hardware as a backup for awhile. Last I heard in 2011 it was still being used, though running in linux on VMware.

An emulator is a computer program that executes the machine code of some system. For example, if your computer is x86, you can't natively run ARM machine code. But an emulator can.

QEMU is an emulator that can run entire operating systems, because it emulates hardware devices like hard drives and displays. Unicorn doesn't emulate any of those things, it only emulates the CPU. It's probably mostly useful for compiler development and security research / reverse engineering.

This comparison to qemu gives some idea: https://www.unicorn-engine.org/docs/beyond_qemu.html

The ability to execute and inspect some code without any context (no OS, not even a complete binary) is useful for reverse/security engineering.

Well, say all you've got is an x86 device, but you want to develop for ARM. You can write and compile your code, push it to unicorn, and see how it runs.

Or you can use it as a sandbox serving x86 software on an x86 machine.

Or as a "virtual machine" serving say AOSP for ARM on a Windows x86 host.

There's a long list of projects using Unicorn at https://www.unicorn-engine.org/showcase/

It can be used for many things. But the main use is reverse engineering.

I think they re-implemented Unicorn on a newer version of QEMU 5, rather than trying to port their old modifications over. Unicorn apparently did not support RV and PPC in the older version.