qiling icon indicating copy to clipboard operation
qiling copied to clipboard
verified publisher icon qilingframework

*bin file create in x64dbg

Open xSanx opened this issue 3 years ago • 6 comments

what am I doing wrong... 1 2 ?

xSanx avatar May 16 '22 12:05 xSanx

any bin file causes this error...

xSanx avatar May 16 '22 12:05 xSanx

When a file is provided, Qiling tries to infer the appropriate architecture and OS to emulate from the file characteristics. If the file is not structured as a standard executable (e.g. PE, ELF, etc.) then Qiling cannot infer that. The best way to emulate a raw binary is to provide its content through the code argument, i.e.:

with open(r'heavensgate_00C31000.bin', 'rb') as infile:
    data = infile.read()

ql = Qiling(code=data, rootfs=r'rootfs/x86_windows', verbose=QL_VERBOSE.DEBUG)

elicn avatar May 16 '22 13:05 elicn

1 1_1 2 2_2 in Unicorn all works

xSanx avatar May 17 '22 07:05 xSanx

You are using an old version of Qiling.. If possible, pull the latest Qiling dev branch and use it instead. Otherwise, try to change the arg name from code to shellcode, which is the way it was called before.

elicn avatar May 17 '22 15:05 elicn

Снимок экрана 2022-05-17 195518

xSanx avatar May 17 '22 16:05 xSanx

I figued out I forgot to add explicit OS and arch types:

from qiling import Qiling
from qiling.const import QL_ARCH, QL_OS, QL_VERBOSE

with open(r'heavensgate_00C31000.bin', 'rb') as infile:
    data = infile.read()

ql = Qiling(code=data, rootfs=r'rootfs/x86_windows', archtype=QL_ARCH.X86, ostype=QL_OS.WINDOWS, verbose=QL_VERBOSE.DEBUG)
# ...
ql.run()

elicn avatar May 17 '22 20:05 elicn

Close for now.

We updated the codebase for Qiling and Unicorn since this issue being posted.

Feel free to try the latest version.

xwings avatar Oct 06 '22 03:10 xwings