In this post we will try to understand the memory more. From here we will be able tweak some parameters and obtain more information regarding how we can assigne values into the memory which we have allocated and then try to access them via pointer and dereference. If we lookinto the code below, we can see that we have mapped a memory location at 0x404000 and we have called it my memory.

Continue reading

qiling cheatsheet

Qiling is an advanced binary emulation framework. It can emulate various types of archs and can be used to perform advanced operations as well. Below are some of the quick commands which are needed for my tasks. python module from qiling import Qiling # import from qiling.const import QL_VERBOSE init code=b"\x90" ql = Qiling(code=code, archtype='x86', ostype='Linux', verbose=QL_VERBOSE.DISASM) register ql.arch.regs.read("EAX") # read register ql.arch.regs.write("EAX", 0xff) # write register memory ql.mem.get_mapinfo() #get memory related information ql.

Continue reading

prohibited mnemonics

In this guide we will try to explore if we can check for any mnemonics which we don’t want the CPU to execute. In the below example, we will try to block some specific commands from being executed in the CPU. The challenge is to convert rawbytes to assembly language again and check for prohibited mnemonics. code # prohibit command # the objective is to block certain commands from qiling import Qiling from qiling.

Continue reading

basic execution of qiling

In this segment we will take a sample code from the how to and try to execute according to our own. In this test, we will try to perform an simple addition and see how it goes. The below tutorial will be a very basic entry into the qiling framework where we will perform a simple addition. addition To perform the addition, following code will be executed onto the CPU.

Continue reading

push and search data

In this part, we will try to push a value on to the stack and will try to read it. We will assembly code mov eax, 0xdead mov ebx, 0xbeef push eax push ebx We get the below raw bytes (there are various websites from which you can do this, if you do not know how to generate the raw bytes.): B8ADDE0000BBEFBE00005053 Now we will try to execute the code below and try to read the values found in the register:

Continue reading

set registers using python

In this section we will use another code to push and set various variable into the emulator prior running the code and set appropriate registers and stack so that we can simulate the code. In the previous writeup, we have used rar bytes code from the In this segment we will just add values for a predefined value in eax and ebx. The below segment uses asmmethod found from pwntools .

Continue reading

Author's picture

rezaur rahman

just thinking out loud to help others

cybersecurity researcher

Mars