[fluoridation]

Somewhat relatedly, is there something halfway between QEMU and Unicorn? That is, a full VM in a library, with debugging capabilities. I'd like to be able to configure a VM, save the execution at a specific point, modify memory, run, and stop when some condition is hit (e.g. a memory address is read, or executed). For years I've had this idea of running the Jamella editor in multiple threads to crack Diablo II item seeds.

[neitsa]

I use Qiling [0] (built on top of Unicorn) sometimes for this kind of things (it can take application snapshots, that you can restore; and you can also use something similar to x86/x86-64 memory hardware breakpoints too). Might fit what you want, although it can sometimes be in a pain in the rear to set up...

[0] https://github.com/qilingframework/qiling

[fluoridation]

Sweet, thanks. It doesn't seem to be exactly what I'm looking for, in that it simulates (replaces) the OS instead of hosting it, but it's still interesting.

[not_a9]

Maybe kinda sorta https://github.com/momo5502/sogen? It can even virtualize Modern Warfare 2 these days.

[fluoridation]

Also interesting, but like Qiling it simulates the kernel. That seems weird to me, that two projects would independently converge on the same solution. Is it that hard to emulate both rings, or is it that it makes useful analysis more difficult?

[Retr0id]

Well, there's ptrace/gdb? (Since you mentioned Diablo II, you might want a windows debugger, but same idea)

[fluoridation]

Well, the program doesn't really work anymore, hence why I want a VM.

[Retr0id]

If it runs in Wine, you can use winedbg