qiling v1.2.2 releases: Advanced Binary Emulation framework

Qiling – Advanced Binary Emulation framework

Qiling is an advanced binary emulation framework, with the following features:

• Cross-platform: Windows, MacOS, Linux, BSD
• Cross architecture: X86, X86_64, Arm, Arm64, Mips
• Multiple file formats: PE, MachO, ELF
• Emulate & sandbox machine code in an isolated environment
• Provide high-level API to setup & configure the sandbox
• Fine-grain instrumentation: allow hooks at various levels (instruction/basic-block/memory-access/exception/syscall/IO/etc)
• Allow dynamic hotpatch on-the-fly running code, including the loaded library
• True framework in Python, make it easy to build customized security analysis tools on top

Qiling is backed by Unicorn engine.

Changelog v1.2.2

• Changes since 1.2.1
  • Fix _acmdln and _wcmdln handling
  • More UEFI refactor
  • Refactor common OS space
  • Bring sality test to work again
  • Clean up more test case
  • First stage multithread rewrite done
  • Updated Qiling(shellcode=) to Qiling(code=), still keeping Qiling(shellcode=) for legacy purpose
  • Added support for SMM_RUNTIME_SERVICES_TABLE
  • Fixed regression in code coverage collection
  • Added generic ql.mem.read_ptr helper function
  • merged UEFI, windows, linux and macos print_function
  • merged UEFI, windows, linux and macos fncc
  • make MacOS uses more Qiling API

Install

git clone https://github.com/qilingframework/qiling.git
cd qiling
python3 setup.py install

Use

• Below example shows how to use Qiling framework to emulate a Windows EXE on a Linux machine.

$ ./qltool run -f examples/rootfs/arm_linux/bin/arm32-hello --rootfs examples/rootfs/arm_linux/

$ ./qltool shellcode --os linux --arch x86 --asm -f examples/shellcodes/lin32_execve.asm