qiling
qiling copied to clipboard
qilingframework
变量解析出现了错误
*Describe the bug eapAlloc(hHeap = 0x5000000, dwFlags = 0x0, dwBytes = 0x20) = 0x5025e44 HeapAlloc(hHeap = 0x5000000, dwFlags = 0x0, dwBytes = 0x20) = 0x5025e64 HeapAlloc(hHeap = 0x5000000, dwFlags = 0x0, dwBytes = 0x30) = 0x5025e84 HeapAlloc(hHeap = 0x5000000, dwFlags = 0x0, dwBytes = 0x20) = 0x5025eb4 HeapAlloc(hHeap = 0x5000000, dwFlags = 0x0, dwBytes = 0x20) = 0x5025ed4 HeapAlloc(hHeap = 0x5000000, dwFlags = 0x0, dwBytes = 0x20) = 0x5025ef4 HeapAlloc(hHeap = 0x5000000, dwFlags = 0x0, dwBytes = 0x20) = 0x5025f14 EnterCriticalSection(lpCriticalSection = 0x4273c8) = 0x0 LeaveCriticalSection(lpCriticalSection = 0x4273c8) = 0x0 InitializeCriticalSection(lpCriticalSection = 0x42e560) = 0x1 MultiByteToWideChar(CodePage = 0xfde9, dwFlags = 0x0, lpMultiByteStr = "kernel32.dll", cbMultiByte = 0xd, lpWideCharStr = 0xffffcdc8, cchWideChar = 0xd) = 0x1a HeapAlloc(hHeap = 0x5000000, dwFlags = 0x0, dwBytes = 0x20) = 0x5025f34 LoadLibraryW(lpLibFileName = "kernel32.dll") = 0x101a3000 HeapFree(hHeap = 0x5000000, dwFlags = 0x0, lpMem = 0x5025f34) = 0x1 MultiByteToWideChar(CodePage = 0xfde9, dwFlags = 0x0, lpMultiByteStr = "advapi32.dll ", cbMultiByte = 0xd, lpWideCharStr = 0xffffcdc8, cchWideChar = 0xd) = 0x1c HeapAlloc(hHeap = 0x5000000, dwFlags = 0x0, dwBytes = 0x20) = 0x5025f54 [!] LoadLibraryW Exception Found [!] Emulation Error
Expected behavior
变量解析出现了错误,使用x32dbg调试查看是没啥问题的,
Additional context
How to reproduce?
https://cowtransfer.com/s/39d71adc0db345 password: 123
Log file and malware in this zip
from qiling import * from qiling.const import *
def my_sandbox(path, rootfs): # setup Qiling engine
ql = Qiling(path, rootfs)
ql.run()
if name == "main":
my_sandbox(["temp/test.dll"], "qiling/examples/rootfs/x86_windows")
Will you be able to try the latest version of Qiling and see if you still face same issue. There is lots of rework since 2021. Feel free to open a new issue if you have any similar problem.