
Unicorn Vs. QEMU - peter_d_sherman
http://www.unicorn-engine.org/docs/beyond_qemu.html
======
peter_d_sherman
Excerpts:

"Flexible: QEMU cannot emulate a chunk of raw binary code without any context:
it requires either a proper executable binary (for example, a file in ELF
format), or a whole system image with a full OS inside. Meanwhile, Unicorn
just focuses on CPU operations, and can emulate raw code without context

[...]

Instrumentation: QEMU does not support dynamic instrumentation, but with
Unicorn you can register customized handlers for various kind of events from
CPU execution to memory access. This feature gives tool programmers all the
power they need to monitor and analyze the code under emulation.

[...]

Lightweight: Unicorn is much more lightweight than QEMU because we stripped
all the subsystems that do not involve in CPU emulation. As a result, Unicorn
is less than 10 times smaller in size and also in memory consumption.

Safety: QEMU has a bad track of security record with a lot of vulnerabilities
that can be exploited to break out of the guest. Its history says that all of
these bugs are from subsystems such as devices, BIOS, firmware etc, but none
of them comes from CPU emulator component. Therefore, in principle Unicorn is
much more secure because it has way smaller attack surface."

