How to use the qiling.arch.arch.Arch function in qiling
To help you get started, we’ve selected a few qiling examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
qilingframework / qiling / qiling / arch / x86.py View on Github 
# get PC
def get_pc(self):
return self.ql.uc.reg_read(UC_X86_REG_EIP)
# set stack pointer
def set_sp(self, value):
self.ql.uc.reg_write(UC_X86_REG_ESP, value)
# get stack pointer
def get_sp(self):
return self.ql.uc.reg_read(UC_X86_REG_ESP)
class X8664(Arch):
def __init__(self, ql):
super(X8664, self).__init__(ql)
def stack_push(self, value):
SP = self.ql.uc.reg_read(UC_X86_REG_RSP)
SP -= 8
self.ql.uc.mem_write(SP, self.ql.pack64(value))
self.ql.uc.reg_write(UC_X86_REG_RSP, SP)
return SP
def stack_pop(self):
SP = self.ql.uc.reg_read(UC_X86_REG_RSP)
data = self.ql.unpack64(self.ql.uc.mem_read(SP, 8))
self.ql.uc.reg_write(UC_X86_REG_RSP, SP + 8)
return data#!/usr/bin/env python3
#
# Cross Platform and Multi Architecture Advanced Binary Emulation Framework
# Built on top of Unicorn emulator (www.unicorn-engine.org)
from unicorn import *
from unicorn.arm_const import *
from struct import pack
from .arch import Arch
def ql_arm_check_thumb(uc, reg_cpsr):
mode = UC_MODE_ARM
if reg_cpsr & 0b100000 != 0:
mode = UC_MODE_THUMB
return mode
class ARM(Arch):
def __init__(self, ql):
super(ARM, self).__init__(ql)
def stack_push(self, value):
SP = self.ql.uc.reg_read(UC_ARM_REG_SP)
SP -= 4
self.ql.uc.mem_write(SP, self.ql.pack32(value))
self.ql.uc.reg_write(UC_ARM_REG_SP, SP)
return SP
def stack_pop(self):
SP = self.ql.uc.reg_read(UC_ARM_REG_SP)
data = self.ql.unpack32(self.ql.uc.mem_read(SP, 4))
self.ql.uc.reg_write(UC_ARM_REG_SP, SP + 4)#!/usr/bin/env python3
#
# Cross Platform and Multi Architecture Advanced Binary Emulation Framework
# Built on top of Unicorn emulator (www.unicorn-engine.org)
from unicorn import *
from unicorn.mips_const import *
from struct import pack
from .arch import Arch
class MIPS32EL(Arch):
def __init__(self, ql):
super(MIPS32EL, self).__init__(ql)
def stack_push(self, value):
SP = self.ql.uc.reg_read(UC_MIPS_REG_SP)
SP -= 4
self.ql.uc.mem_write(SP, self.ql.pack32(value))
self.ql.uc.reg_write(UC_MIPS_REG_SP, SP)
return SP
def stack_pop(self):
SP = self.ql.uc.reg_read(UC_MIPS_REG_SP)
data = self.ql.unpack32(self.ql.uc.mem_read(SP, 4))
self.ql.uc.reg_write(UC_MIPS_REG_SP, SP + 4)QL_X86_S_GDT = 0x0
QL_X86_S_LDT = 0x4
QL_X86_S_PRIV_3 = 0x3
QL_X86_S_PRIV_2 = 0x2
QL_X86_S_PRIV_1 = 0x1
QL_X86_S_PRIV_0 = 0x0
QL_X86_GDT_ADDR = 0x3000
QL_X86_GDT_LIMIT = 0x1000
QL_X86_GDT_ENTRY_SIZE = 0x8
QL_X86_GDT_ADDR_PADDING = 0xe0000000
QL_X8664_GDT_ADDR_PADDING = 0x7effffff00000000
class X86(Arch):
def __init__(self, ql):
super(X86, self).__init__(ql)
def stack_push(self, value):
SP = self.ql.uc.reg_read(UC_X86_REG_ESP)
SP -= 4
self.ql.uc.mem_write(SP, self.ql.pack32(value))
self.ql.uc.reg_write(UC_X86_REG_ESP, SP)
return SP
def stack_pop(self):
SP = self.ql.uc.reg_read(UC_X86_REG_ESP)
data = self.ql.unpack32(self.ql.uc.mem_read(SP, 4))
self.ql.uc.reg_write(UC_X86_REG_ESP, SP + 4)
return data#!/usr/bin/env python3
#
# Cross Platform and Multi Architecture Advanced Binary Emulation Framework
# Built on top of Unicorn emulator (www.unicorn-engine.org)
from unicorn import *
from unicorn.arm64_const import *
from struct import pack
from .arch import Arch
class ARM64(Arch):
def __init__(self, ql):
super(ARM64, self).__init__(ql)
def stack_push(self, value):
SP = self.ql.uc.reg_read(UC_ARM64_REG_SP)
SP -= 8
self.ql.uc.mem_write(SP, self.ql.pack64(value))
self.ql.uc.reg_write(UC_ARM64_REG_SP, SP)
return SP
def stack_pop(self):
SP = self.ql.uc.reg_read(UC_ARM64_REG_SP)
data = self.ql.unpack64(self.ql.uc.mem_read(SP, 8))
self.ql.uc.reg_write(UC_ARM64_REG_SP, SP + 8)qiling
Qiling is an advanced binary emulation framework that cross-platform-architecture
Package Health Score
62 / 100Popular qiling functions
- qiling.arch.arch.Arch
- qiling.exception.QlErrorBase
- qiling.loader.elf.ELFParse
- qiling.loader.elf.ELFParse.__init__
- qiling.loader.macho_parser.loadcommand.LoadCommand
- qiling.loader.macho_parser.loadcommand.LoadSection
- qiling.loader.macho_parser.loadcommand.LoadSegment
- qiling.loader.pe.PE
- qiling.loader.pe.Process
- qiling.loader.pe.Shellcode
- qiling.os.posix.filestruct.ql_socket
- qiling.os.posix.syscall
- qiling.os.posix.syscall.ql_syscall_ftruncate
- qiling.os.windows.clipboard.Clipboard
- qiling.os.windows.handle.Handle
- qiling.os.windows.handle.HandleManager
- qiling.os.windows.memory.Chunk
- qiling.os.windows.memory.Heap
- qiling.os.windows.registry.RegistryManager
- qiling.os.windows.thread.Thread