RE FORUM

[REVERSE ENGINEERING] => Tools => Topic started by: RubberDuck on October 03, 2020, 08:35:03 AM

Title: Qiling Framework - Advanced Binary Emulation Framework
Post by: RubberDuck on October 03, 2020, 08:35:03 AM

What is Qiling Framework

Qiling Framework is not just an emulation platform or a reverse engineering tool. It combines binary instrumentation and binary emulation into one single framework, solving the problem that applications do not run in a vacuum and are highly dependent on the OS. With vast OS support, Qiling Framework opens up endless possibilities and potential for binary analysis. With Qiling Framework, it is able to:

• Cross platform: Windows, MacOS, Linux, BSD, UEFI, DOS
• Cross architecture: X86, X86_64, ARM, ARM64, MIPS, 8086
• Multiple file formats: PE, MachO, ELF, COM
• Emulate & sandbox machine code in an isolated environment
• Support cross architecture and platform debugging capabilities
• Provide high level API to setup & configure the sandbox
• Fine-grain instrumentation: allow hooks at various levels (instruction/basic-block/memory-access/exception/syscall/IO/etc)
• Allow dynamic hotpatch on-the-fly running code, including the loaded library
• True framework in Python, making it easy to build customized security analysis tools on top

Qiling Framework is able to emulate:

   

• Windows X86 32/64bit
• Linux X86 32/64bit, ARM, AARCH64, MIPS
• MacOS X86 32/64bit
• FreeBSD X86 32/64bit
• UEFI
• DOS
• MBR

Qiling Framework is able to run on top of Linux/FreeBSD/MacOS/Windows (WSL2) without CPU architecture limitation[/i]

https://www.qiling.io/ (https://www.qiling.io/)