qiling v1.4.4 releases: Advanced Binary Emulation framework
Qiling – Advanced Binary Emulation framework
Qiling is an advanced binary emulation framework, with the following features:
- Cross-platform: Windows, MacOS, Linux, BSD
- Cross architecture: X86, X86_64, Arm, Arm64, Mips
- Multiple file formats: PE, MachO, ELF
- Emulate & sandbox machine code in an isolated environment
- Provide high-level API to setup & configure the sandbox
- Fine-grain instrumentation: allow hooks at various levels (instruction/basic-block/memory-access/exception/syscall/IO/etc)
- Allow dynamic hotpatch on-the-fly running code, including the loaded library
- True framework in Python, make it easy to build customized security analysis tools on top
Qiling is backed by Unicorn engine.
Changelog v1.4.3
Changes since 1.4.3
New features:
- Add r2 extension (#1172)
- Introduce procfs to Linux OS (#1174)
- Add a tracer for IDAPro’s Tenet plugin (#1205)
Improvements:
- Collect a few additional DLLs for x8664 (#1167)
- Use global cwd in thread (#1170)
- Fix QlLinuxThreadManagement.threads to be updated appropriately (#1180)
- Fix Unix socket subsystem (#1181)
- Maintenance PR for security and code quality (#1182 #1195)
- Enable android 32bit test (#1184)
- Fix wrong platform_system for unicornafl (#1185)
- Fix arm thumb mode shellcode emulation (#1187)
- Pump unicorn version to 2.0.0 (#1189)
- Procfs improve & pwndbg compatiblity (#1190)
- Fix example script issues (#1193 #1194)
- Introduce a human-friendly disassembler (#1196)
- Fix gdb step/continue handling (#1200)
- Fix README.md (#1203)
- Fix typo of default ip 127.0.0.1 (#1205)
- Temporarily mask Python versions that are not supported by the EVM module (#1208)
- Windows Maintenance PR (#1210)
- Improvements around POSIX sockets (#1216)
- Add x86_64 debug support for Qdb (#1218)
- Renew code for picohttpd (#1221)
- Fix missing retaddr_on_stack in Qdb for arm (#1225)
- Qdb improvments: Mark, Jump and modify register value in qdb (#1226)
- Allow user to build config from dictionary other than disk file (#1227)
- fix(ida): replace getattribute with getattr (#1231)
Install
git clone https://github.com/qilingframework/qiling.git
cd qiling
python3 setup.py install
Use
- Below example shows how to use Qiling framework to emulate a Windows EXE on a Linux machine.
- Below example shows how to use Qiling framework to dynamically patch a Windows crackme, make it always display “Congratulation” dialog.
Qltool
Qiling also provides a friendly tool named qltool to quickly emulate shellcode & executable binaries.
To emulate a binary, run:
$ ./qltool run -f examples/rootfs/arm_linux/bin/arm32-hello --rootfs examples/rootfs/arm_linux/
To run shellcode, run:
$ ./qltool shellcode --os linux --arch x86 --asm -f examples/shellcodes/lin32_execve.asm
Demo
Copyright (C) 2019
- kaijern (xwings) Lau kj@qiling.io
- Nguyen Anh Quynh aquynh@gmail.com
- tianze (Dliv3) Ding dddliv3@gmail.com
- bowen (w1tcher) Sun w1tcher.bupt@gmail.com
- huitao (null) Chen null@qiling.io
