out-of-tree kernel {module, exploit} development tool
out-of-tree is for automating some routine actions for creating development environments for debugging kernel modules and exploits, generating reliability statistics for exploits, and also provides the ability to easily integrate into CI (Continuous Integration).
GNU/Linux (with Nix)
$ curl -fsSL https://get.docker.com | sh
$ sudo usermod -aG docker user && newgrp docker
$ curl -L https://nixos.org/nix/install | sh
$ nix-env -iA nixpkgs.out-of-tree
Note that adding a user to group docker has serious security implications. Check Docker documentation for more information.
$ brew cask install docker
$ open --background -a Docker && sleep 1m
$ brew tap jollheef/repo
$ brew install out-of-tree
Read documentation for further info.
Run by absolute path
$ out-of-tree --path /path/to/exploit/directory pew
Test only with one kernel:
$ out-of-tree pew --kernel='Ubuntu:5.4.0-29-generic
Run debug environment:
$ out-of-tree debug --kernel='Ubuntu:5.4.0-29-generic
Test binary module/exploit with implicit defined test ($BINARY_test)
$ out-of-tree pew --binary /path/to/exploit
Test binary module/exploit with explicit defined test
$ out-of-tree pew --binary /path/to/exploit --test /path/to/exploit_test
Guess work kernels:
$ out-of-tree pew --guess
Use custom kernels config
$ out-of-tree --kernels /path/to/kernels.toml pew
Generate all kernels
$ out-of-tree kernel genall --distro Ubuntu --ver 20.04
If anything happens that you cannot solve -- just remove $HOME/.out-of-tree
.
But it'll be better if you'll write the bug report.
Read Qemu API.