"Flexible: QEMU cannot emulate a chunk of raw binary code without any context: it requires either a proper executable binary (for example, a file in ELF format), or a whole system image with a full OS inside. Meanwhile, Unicorn just focuses on CPU operations, and can emulate raw code without context
[...]
Instrumentation: QEMU does not support dynamic instrumentation, but with Unicorn you can register customized handlers for various kind of events from CPU execution to memory access. This feature gives tool programmers all the power they need to monitor and analyze the code under emulation.
[...]
Lightweight: Unicorn is much more lightweight than QEMU because we stripped all the subsystems that do not involve in CPU emulation. As a result, Unicorn is less than 10 times smaller in size and also in memory consumption.
Safety: QEMU has a bad track of security record with a lot of vulnerabilities that can be exploited to break out of the guest. Its history says that all of these bugs are from subsystems such as devices, BIOS, firmware etc, but none of them comes from CPU emulator component. Therefore, in principle Unicorn is much more secure because it has way smaller attack surface."
"Flexible: QEMU cannot emulate a chunk of raw binary code without any context: it requires either a proper executable binary (for example, a file in ELF format), or a whole system image with a full OS inside. Meanwhile, Unicorn just focuses on CPU operations, and can emulate raw code without context
[...]
Instrumentation: QEMU does not support dynamic instrumentation, but with Unicorn you can register customized handlers for various kind of events from CPU execution to memory access. This feature gives tool programmers all the power they need to monitor and analyze the code under emulation.
[...]
Lightweight: Unicorn is much more lightweight than QEMU because we stripped all the subsystems that do not involve in CPU emulation. As a result, Unicorn is less than 10 times smaller in size and also in memory consumption.
Safety: QEMU has a bad track of security record with a lot of vulnerabilities that can be exploited to break out of the guest. Its history says that all of these bugs are from subsystems such as devices, BIOS, firmware etc, but none of them comes from CPU emulator component. Therefore, in principle Unicorn is much more secure because it has way smaller attack surface."