How to use qiling - 10 common examples
To help you get started, we’ve selected a few qiling examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
qilingframework / qiling / qiling / loader / elf.py View on Github 
ql.dprint("[+] load 0x%x - 0x%x"%(loadbase + i['p_vaddr'], loadbase + i['p_vaddr'] + i['p_filesz']))
entry_point = elfhead['e_entry'] + loadbase
ql.dprint("[+] mem_start: " + hex(mem_start) + " mem_end: " + hex(mem_end))
ql.brk_address = mem_end + loadbase
# Load interpreter if there is an interpreter
if interp_path != '':
if sys.version_info >= (3, 0):
interp_path = str(interp_path, 'utf-8', errors="ignore")
interp = ELFParse(ql.rootfs + interp_path, ql)
interphead = interp.parse_header(ql)
ql.dprint("[+] interp is : %s" % (ql.rootfs + interp_path))
interp_mem_size = -1
for i in interp.parse_program_header(ql):
if i['p_type'] == PT_LOAD:
if interp_mem_size < i['p_vaddr'] + i['p_memsz'] or interp_mem_size == -1:
interp_mem_size = i['p_vaddr'] + i['p_memsz']
interp_mem_size = (interp_mem_size // 0x1000 + 1) * 0x1000
ql.dprint("[+] interp_mem_size is : %x" % int(interp_mem_size))
if ql.interp_base == 0:
if ql.archbit == 64:
ql.interp_base = 0x7ffff7dd5000
elif ql.archbit == 32 and ql.arch != QL_MIPS32EL:
ql.interp_base = 0xfb7d3000def test_syscall_ftruncate(ql, ftrunc_fd, ftrunc_length, *args):
target = False
pathname = ql.file_des[ftrunc_fd].name.split('/')[-1]
if pathname == "test_syscall_ftruncate.txt":
print("test => ftruncate(%d, 0x%x)" % (ftrunc_fd, ftrunc_length))
target = True
syscall.ql_syscall_ftruncate(ql, ftrunc_fd, ftrunc_length, *args)
if target:
real_path = ql_transform_to_real_path(ql, pathname)
assert os.stat(real_path).st_size == 0x10
os.remove(real_path)def test_syscall_unlink(ql, unlink_pathname, *args):
target = False
pathname = ql_read_string(ql, unlink_pathname)
if pathname == "test_syscall_unlink.txt":
print("test => unlink(%s)" % (pathname))
target = True
syscall.ql_syscall_unlink(ql, unlink_pathname, *args)
if target:
real_path = ql_transform_to_real_path(ql, pathname)
assert os.path.isfile(real_path) == Falsedef test_syscall_open(ql, open_pathname, open_flags, open_mode, *args):
target = False
pathname = ql_read_string(ql, open_pathname)
if pathname == "test_syscall_open.txt":
print("test => open(%s, 0x%x, 0%o)" % (pathname, open_flags, open_mode))
target = True
syscall.ql_syscall_open(ql, open_pathname, open_flags, open_mode, *args)
if target:
real_path = ql_transform_to_real_path(ql, pathname)
assert os.path.isfile(real_path) == True
os.remove(real_path)class LoadDataInCode(LoadCommand):
def __init__(self, data):
super().__init__(data)
self.data_offset = unpack("def get_complete(self):
pass
class LoadMain(LoadCommand):
def __init__(self, data):
super().__init__(data)
self.entry_offset = unpack("class LoadDylinker(LoadCommand):
def __init__(self, data):
super().__init__(data)
self.str_offset = unpack("def get_complete(self):
pass
class LoadFunctionStarts(LoadCommand):
def __init__(self, data):
super().__init__(data)
self.data_offset = unpack("def get_complete(self):
pass
class LoadUuid(LoadCommand):
def __init__(self, data):
super().__init__(data)
self.uuid = self.FR.read(16)
def get_complete(self):
pass
class LoadVersionMinMacosx(LoadCommand):
def __init__(self, data):
super().__init__(data)
self.version = unpack("def get_complete(self):
pass
class LoadSegmentSplitInfo(LoadCommand):
def __init__(self, data):
super().__init__(data)
self.data_offset = unpack("qiling
Qiling is an advanced binary emulation framework that cross-platform-architecture
Package Health Score
62 / 100Popular qiling functions
- qiling.arch.arch.Arch
- qiling.exception.QlErrorBase
- qiling.loader.elf.ELFParse
- qiling.loader.elf.ELFParse.__init__
- qiling.loader.macho_parser.loadcommand.LoadCommand
- qiling.loader.macho_parser.loadcommand.LoadSection
- qiling.loader.macho_parser.loadcommand.LoadSegment
- qiling.loader.pe.PE
- qiling.loader.pe.Process
- qiling.loader.pe.Shellcode
- qiling.os.posix.filestruct.ql_socket
- qiling.os.posix.syscall
- qiling.os.posix.syscall.ql_syscall_ftruncate
- qiling.os.windows.clipboard.Clipboard
- qiling.os.windows.handle.Handle
- qiling.os.windows.handle.HandleManager
- qiling.os.windows.memory.Chunk
- qiling.os.windows.memory.Heap
- qiling.os.windows.registry.RegistryManager
- qiling.os.windows.thread.Thread