basic execution of qiling
In this segment we will take a sample code from the how to and try to execute according to our own. In this test, we will try to perform an simple addition and see how it goes. The below tutorial will be a very basic entry into the qiling framework where we will perform a simple addition.
To perform the addition, following code will be executed onto the CPU.
mov eax, 0x1 mov ebx, 0x3 add eax, ebx
The above code will be used to see whether we can perform addition on the our emulated CPU. This code has been converted to raw code from https://defuse.ca/online-x86-assembler.htm#disassembly . From the site we can see the raw hex code shows
from qiling import Qiling from qiling.const import QL_VERBOSE shellcode = bytes.fromhex('''B801000000BB0300000001D8''') ql = Qiling(code=shellcode, archtype='x86', ostype='Linux', verbose=QL_VERBOSE.DISASM) ql.run()
We can now for simplicity run the code in they ipython3 or use python script to run the code. The full log has been provided below:
In : from qiling import Qiling ...: from qiling.const import QL_VERBOSE ...: ...: shellcode = bytes.fromhex('''B801000000BB0300000001D8''') ...: ql = Qiling(code=shellcode, archtype='x86', ostype='Linux', verbose=QL_VERBOSE.DISASM) ...: ql.run() [+] Profile: default [+] Mapping GDT at 0x30000 with limit 0x1000 [=] 011ff000 [[shellcode_stack] + 0x1ff000] b8 01 00 00 00 mov eax, 1 [=] 011ff005 [[shellcode_stack] + 0x1ff005] bb 03 00 00 00 mov ebx, 3 [=] 011ff00a [[shellcode_stack] + 0x1ff00a] 01 d8 add eax, ebx [+] [+] syscalls called [+] ------------------------ [+] [+] strings ocurrences [+] ------------------------ In : ql.arch.regs.eax Out: 4 In : ql.arch.regs.ebx Out: 3
As we can see the qiling framework successfully executed the provided assembly bytes and then stored the result in the
eaxregister as expected.