qiling
qiling copied to clipboard
qilingframework
A True Instrumentable Binary Emulation Framework
I'm trying to emulate a driver which calls `RtlDuplicateUnicodeString` and it gets me an unspported api error with the following stackrace: ``` [=] Initiate stack address at 0x7ffffffde000 [=] Loading...
**Describe the bug** Trying to run shellcode and does not appear to be getting to the part where it runs the shellcode at all when calling via a custom python...
***Describe the bug** Previously, when fuzzing an ARM binary using a Qiling fuzzing script with Qiliing stable, AFL++ was able to properly identify and record when the binary crashed but...
what am I doing wrong...   ?
## Checklist ### Which kind of PR do you create? - [x] This PR only contains minor fixes. - [ ] This PR contains major feature update. - [ ]...
## Checklist ### Which kind of PR do you create? - [x] This PR only contains minor fixes. - [ ] This PR contains major feature update. - [ ]...
Packed x86 PE file (compiled Debug) cannot execute to OEP, it stoped and exited when it called GetProcAddress() in pack code. Unicorn called ExitProcess() when it get address of function...
***Describe the bug** qiling not recognize CMOVZ series? **Sample Code** ```asm __text:000000010127AED0 lea rdi, [rbp+var_54A0] __text:000000010127AED7 mov [rbp+var_22E0], rdi __text:000000010127AEDE mov rax, [rbp+var_22E0] __text:000000010127AEE5 call sub_1012BD8F2 __text:000000010127AEEA lea rdi, [rbp+var_5488]...
## Checklist ### Which kind of PR do you create? - [x] This PR only contains minor fixes. - [ ] This PR contains major feature update. - [ ]...
Analyzing .so in app may be challenging due to mocking JNI functions behavior like FindClass(), GetMethodID(), RegisterNatives() is hard. So any wordaround for qiling to overcome it? May be we...
Metadata
Owner
Metadata
A True Instrumentable Binary Emulation Framework