{"id":8895,"date":"2020-02-09T17:21:12","date_gmt":"2020-02-09T11:51:12","guid":{"rendered":"http:\/\/kalilinuxtutorials.com\/?p=8895"},"modified":"2020-02-09T17:21:12","modified_gmt":"2020-02-09T11:51:12","slug":"qiling","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/qiling\/","title":{"rendered":"Qiling : Advanced Binary Emulation Framework"},"content":{"rendered":"\n<p><strong>Qiling <\/strong>is an advanced binary emulation framework, with the following features:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Cross platform: Windows, MacOS, Linux, BSD<\/li><li>Cross architecture: X86, X86_64, Arm, Arm64, Mips<\/li><li>Multiple file formats: PE, MachO, ELF<\/li><li>Emulate &amp; sandbox machine code in a isolated environment<\/li><li>Provide high level API to setup &amp; configure the sandbox<\/li><li>Fine-grain instrumentation: allow hooks at various levels (instruction\/basic-block\/memory-access\/exception\/syscall\/IO\/etc)<\/li><li>Allow dynamic hotpatch on-the-fly running code, including the loaded library<\/li><li>True framework in Python, making it easy to build customized security analysis tools on top<\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Qiling vs Other Emulators<\/strong><\/p>\n\n\n\n<p>There are many open source emulators, but two projects closest to Qiling are <a href=\"http:\/\/www.unicorn-engine.org\">Unicorn<\/a> &amp; <a href=\"https:\/\/qemu.org\">Qemu usermode<\/a>. This section explains the main differences of Qiling against them.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/qilingframework\/qiling#qiling-vs-unicorn-engine\"><\/a><\/h5>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Qiling vs Unicorn engine<\/strong><\/p>\n\n\n\n<p>Built on top of Unicorn, but Qiling &amp; Unicorn are two different animals.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Unicorn is just a CPU emulator, so it focuses on emulating CPU  instructions, that can understand emulator memory. Beyond that, Unicorn  is not aware of higher level concepts, such as dynamic libraries, system  calls, I\/O handling or executable formats like PE, MachO or ELF. As a  result, Unicorn can only emulate raw machine instructions, without  Operating System (OS) context.<\/li><li>Qiling is designed as a higher level framework, that leverages  Unicorn to emulate CPU instructions, but can understand OS: it has  executable format loaders (for PE, MachO &amp; ELF at the moment),  dynamic linkers (so we can load &amp; relocate shared libraries),  syscall &amp; IO handlers. For this reason, Qiling can run executable  binary without requiring its native OS.<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center\"><strong>Also Read &#8211; <a href=\"https:\/\/kalilinuxtutorials.com\/obfuscapk\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Obfuscapk : Black-Box Obfuscation Tool For Android Apps (opens in a new tab)\">Obfuscapk : Black-Box Obfuscation Tool For Android Apps<\/a><\/strong><\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/qilingframework\/qiling#qiling-vs-qemu-usermode\"><\/a><\/h5>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Qiling vs Qemu usermode<\/strong><\/p>\n\n\n\n<p>Qemu usermode does similar thing to our emulator, that is to emulate \nwhole executable binaries in cross-architecture way. However, Qiling \noffers some important differences against Qemu usermode.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Qiling is a true analysis framework, that allows you to build your \nown dynamic analysis tools on top (in friendly Python language). \nMeanwhile, Qemu is just a tool, not a framework.<\/li><li>Qiling can perform dynamic instrumentation, and can even hotpatch code at runtime. Qemu does not do either.<\/li><li>Not only working cross-architecture, Qiling is also cross-platform, \nso for example you can run Linux ELF file on top of Windows. In \ncontrast, Qemu usermode only run binary of the same OS, such as Linux \nELF on Linux, due to the way it forwards syscall from emulated code to \nnative OS.<\/li><li>Qiling supports more platforms, including Windows, MacOS, Linux &amp; BSD. Qemu usermode can only handles Linux &amp; BSD.<\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/qilingframework\/qiling#install\"><\/a><\/h4>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Install<\/strong><\/p>\n\n\n\n<p>Run below command line to install Qiling (Python3 is required).<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>python3 setup.py install <\/strong><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/qilingframework\/qiling#examples\"><\/a><\/h4>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Examples<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Below example shows how to use Qiling framework to emulate a Windows EXE on a Linux machine.<\/li><\/ul>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">from qiling import *<br><br><strong>#sandbox to emulate the EXE<\/strong><br>def my_sandbox(path, rootfs):<br>     # setup Qiling engine<br>     ql = Qiling(path, rootfs)<br>     # now emulate the EXE<br>     ql.run()<br> <br>if <strong>name<\/strong> == &#8220;<strong>main<\/strong>&#8220;:<br>     # execute Windows EXE under our rootfs<br>     my_sandbox([&#8220;examples\/rootfs\/x86_windows\/bin\/x86-windows-hello.exe&#8221;], &#8220;examples\/rootfs\/x86_windows&#8221;)<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Below example shows how to use Qiling framework to dynamically patch a  Windows crackme, make it always display &#8220;Congratulation&#8221; dialog. <\/li><\/ul>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">from qiling import *<br><br>def force_call_dialog_func(ql):<br>     # get DialogFunc address<br>     lpDialogFunc = ql.unpack32(ql.mem_read(ql.sp &#8211; 0x8, 4))<br>     # setup stack memory for DialogFunc<br>     ql.stack_push(0)<br>     ql.stack_push(1001)<br>     ql.stack_push(273)<br>     ql.stack_push(0)<br>     ql.stack_push(0x0401018)<br>     # force EIP to DialogFunc<br>     ql.pc = lpDialogFunc<br> <br>def my_sandbox(path, rootfs):<br>     ql = Qiling(path, rootfs)<br>     # NOP out some code<br>     ql.patch(0x004010B5, b&#8217;\\x90\\x90&#8242;)<br>     ql.patch(0x004010CD, b&#8217;\\x90\\x90&#8242;)<br>     ql.patch(0x0040110B, b&#8217;\\x90\\x90&#8242;)<br>     ql.patch(0x00401112, b&#8217;\\x90\\x90&#8242;)<br>     # hook at an address with a callback<br>     ql.hook_address(0x00401016, force_call_dialog_func)<br>     ql.run()<br> <br>if <strong>name<\/strong> == &#8220;<strong>main<\/strong>&#8220;:<br>     my_sandbox([&#8220;rootfs\/x86_windows\/bin\/Easy_CrackMe.exe&#8221;], &#8220;rootfs\/x86_windows&#8221;)<\/p>\n\n\n\n<p>The below Youtube video shows how the above example works. <\/p>\n\n\n\n<figure class=\"wp-block-embed-youtube wp-block-embed is-type-video is-provider-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/www.youtube.com\/watch?v=p17ONUbCnUU\n<\/div><\/figure>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Wannacry demo<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The below Youtube video shows how Qiling analyzes Wannacry malware.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-embed-youtube wp-block-embed is-type-video is-provider-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/www.youtube.com\/watch?v=gVtpcXBxwE8\n<\/div><\/figure>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Qltool<\/strong><\/p>\n\n\n\n<p>Qiling also provides a friendly tool named <code><strong>qltool<\/strong><\/code> to quickly emulate shellcode &amp; executable binaries.<\/p>\n\n\n\n<p>To emulate a binary, run:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>$ .\/qltool run -f examples\/rootfs\/arm_linux\/bin\/arm32-hello &#8211;rootfs examples\/rootfs\/arm_linux\/ <\/strong><\/p>\n\n\n\n<p>To run shellcode, run:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>$ .\/qltool shellcode &#8211;os linux &#8211;arch x86 &#8211;asm -f examples\/shellcodes\/lin32_execve.asm <\/strong><\/p>\n\n\n\n<div class=\"wp-block-button aligncenter is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-background has-vivid-cyan-blue-background-color\" href=\"https:\/\/github.com\/qilingframework\/qiling\"><strong>Download<\/strong><\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Qiling is an advanced binary emulation framework, with the following features: Cross platform: Windows, MacOS, Linux, BSD Cross architecture: X86, X86_64, Arm, Arm64, Mips Multiple file formats: PE, MachO, ELF Emulate &amp; sandbox machine code in a isolated environment Provide high level API to setup &amp; configure the sandbox Fine-grain instrumentation: allow hooks at various [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16089,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-YRAZsApCwGk\/XjyPGRsWvqI\/AAAAAAAAEwQ\/J4uaJ2DSn3QupVqTkyNE0ArIFLLSmKc7wCLcBGAsYHQ\/s1600\/Qiling%25281%2529.png","fifu_image_alt":"Qiling : Advanced Binary Emulation Framework","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[1036,2697],"class_list":["post-8895","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-emulation","tag-qiling"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Qiling : Advanced Binary Emulation Framework 2020<\/title>\n<meta name=\"description\" content=\"Qiling is an advanced binary emulation framework, with the following features. Cross platform: Windows, MacOS, Linux, BSD\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/qiling\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Qiling : Advanced Binary Emulation Framework 2020\" \/>\n<meta property=\"og:description\" content=\"Qiling is an advanced binary emulation framework, with the following features. Cross platform: Windows, MacOS, Linux, BSD\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/qiling\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2020-02-09T11:51:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-YRAZsApCwGk\/XjyPGRsWvqI\/AAAAAAAAEwQ\/J4uaJ2DSn3QupVqTkyNE0ArIFLLSmKc7wCLcBGAsYHQ\/s1600\/Qiling%25281%2529.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-YRAZsApCwGk\/XjyPGRsWvqI\/AAAAAAAAEwQ\/J4uaJ2DSn3QupVqTkyNE0ArIFLLSmKc7wCLcBGAsYHQ\/s1600\/Qiling%25281%2529.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/qiling\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/qiling\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"Qiling : Advanced Binary Emulation Framework\",\"datePublished\":\"2020-02-09T11:51:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/qiling\/\"},\"wordCount\":732,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/qiling\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-YRAZsApCwGk\/XjyPGRsWvqI\/AAAAAAAAEwQ\/J4uaJ2DSn3QupVqTkyNE0ArIFLLSmKc7wCLcBGAsYHQ\/s1600\/Qiling%25281%2529.png\",\"keywords\":[\"Emulation\",\"Qiling\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/qiling\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/qiling\/\",\"name\":\"Qiling : Advanced Binary Emulation Framework 2020\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/qiling\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/qiling\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-YRAZsApCwGk\/XjyPGRsWvqI\/AAAAAAAAEwQ\/J4uaJ2DSn3QupVqTkyNE0ArIFLLSmKc7wCLcBGAsYHQ\/s1600\/Qiling%25281%2529.png\",\"datePublished\":\"2020-02-09T11:51:12+00:00\",\"description\":\"Qiling is an advanced binary emulation framework, with the following features. Cross platform: Windows, MacOS, Linux, BSD\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/qiling\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/qiling\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-YRAZsApCwGk\/XjyPGRsWvqI\/AAAAAAAAEwQ\/J4uaJ2DSn3QupVqTkyNE0ArIFLLSmKc7wCLcBGAsYHQ\/s1600\/Qiling%25281%2529.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-YRAZsApCwGk\/XjyPGRsWvqI\/AAAAAAAAEwQ\/J4uaJ2DSn3QupVqTkyNE0ArIFLLSmKc7wCLcBGAsYHQ\/s1600\/Qiling%25281%2529.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Qiling : Advanced Binary Emulation Framework 2020","description":"Qiling is an advanced binary emulation framework, with the following features. Cross platform: Windows, MacOS, Linux, BSD","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/qiling\/","og_locale":"en_US","og_type":"article","og_title":"Qiling : Advanced Binary Emulation Framework 2020","og_description":"Qiling is an advanced binary emulation framework, with the following features. Cross platform: Windows, MacOS, Linux, BSD","og_url":"https:\/\/kalilinuxtutorials.com\/qiling\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2020-02-09T11:51:12+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-YRAZsApCwGk\/XjyPGRsWvqI\/AAAAAAAAEwQ\/J4uaJ2DSn3QupVqTkyNE0ArIFLLSmKc7wCLcBGAsYHQ\/s1600\/Qiling%25281%2529.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-YRAZsApCwGk\/XjyPGRsWvqI\/AAAAAAAAEwQ\/J4uaJ2DSn3QupVqTkyNE0ArIFLLSmKc7wCLcBGAsYHQ\/s1600\/Qiling%25281%2529.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/qiling\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/qiling\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"Qiling : Advanced Binary Emulation Framework","datePublished":"2020-02-09T11:51:12+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/qiling\/"},"wordCount":732,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/qiling\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-YRAZsApCwGk\/XjyPGRsWvqI\/AAAAAAAAEwQ\/J4uaJ2DSn3QupVqTkyNE0ArIFLLSmKc7wCLcBGAsYHQ\/s1600\/Qiling%25281%2529.png","keywords":["Emulation","Qiling"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/qiling\/","url":"https:\/\/kalilinuxtutorials.com\/qiling\/","name":"Qiling : Advanced Binary Emulation Framework 2020","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/qiling\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/qiling\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-YRAZsApCwGk\/XjyPGRsWvqI\/AAAAAAAAEwQ\/J4uaJ2DSn3QupVqTkyNE0ArIFLLSmKc7wCLcBGAsYHQ\/s1600\/Qiling%25281%2529.png","datePublished":"2020-02-09T11:51:12+00:00","description":"Qiling is an advanced binary emulation framework, with the following features. Cross platform: Windows, MacOS, Linux, BSD","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/qiling\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/qiling\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-YRAZsApCwGk\/XjyPGRsWvqI\/AAAAAAAAEwQ\/J4uaJ2DSn3QupVqTkyNE0ArIFLLSmKc7wCLcBGAsYHQ\/s1600\/Qiling%25281%2529.png","contentUrl":"https:\/\/1.bp.blogspot.com\/-YRAZsApCwGk\/XjyPGRsWvqI\/AAAAAAAAEwQ\/J4uaJ2DSn3QupVqTkyNE0ArIFLLSmKc7wCLcBGAsYHQ\/s1600\/Qiling%25281%2529.png"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-YRAZsApCwGk\/XjyPGRsWvqI\/AAAAAAAAEwQ\/J4uaJ2DSn3QupVqTkyNE0ArIFLLSmKc7wCLcBGAsYHQ\/s1600\/Qiling%25281%2529.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":37205,"url":"https:\/\/kalilinuxtutorials.com\/squid\/","url_meta":{"origin":8895,"position":0},"title":"Squid : A RISC-V Emulator For Vulnerability Research","author":"Varshini","date":"March 21, 2025","format":false,"excerpt":"Squid is a powerful RISC-V emulator designed specifically for vulnerability research and fuzzing. It leverages Ahead-of-Time (AOT) compilation instead of Just-In-Time (JIT), allowing users to rewrite binary code before emulation. This feature provides full control over system calls and events during runtime, making it ideal for creating custom sanitizers and\u2026","rel":"","context":"In &quot;Exploitation Tools&quot;","block_context":{"text":"Exploitation Tools","link":"https:\/\/kalilinuxtutorials.com\/category\/et\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Squid.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Squid.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Squid.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Squid.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Squid.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Squid.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":9768,"url":"https:\/\/kalilinuxtutorials.com\/zelos\/","url_meta":{"origin":8895,"position":1},"title":"Zelos : A Comprehensive Binary Emulation Platform","author":"R K","date":"March 18, 2020","format":false,"excerpt":"Zelos is a comprehensive binary emulation platform. It (Zeropoint\u00a0Emulated\u00a0Lightweight\u00a0Operating\u00a0System) is a python-based binary emulation platform. One use of it is to quickly assess the dynamic behavior of binaries via command-line or python scripts. All syscalls are emulated to isolate the target binary. Linux x86_64 (32- and 64-bit), ARM and MIPS\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":24794,"url":"https:\/\/kalilinuxtutorials.com\/maat\/","url_meta":{"origin":8895,"position":2},"title":"Maat : Open-source Symbolic Execution Framework","author":"R K","date":"May 28, 2022","format":false,"excerpt":"Maat is an open-source Dynamic Symbolic Execution and Binary Analysis framework. It provides various functionalities such as symbolic execution, taint analysis, constraint solving, binary loading, environment simulation, and leverages Ghidra's sleigh library for assembly lifting:\u00a0https:\/\/maat.re Key Features Fast & Portable: Designed to scale to real-world applications. Fully written in C++\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiHuuKsX7VNZe2suL6QjpFftnd5_yfcJ-OZe0O0FYz0yUD9YuZ3SM61rHjBukPHRRwiJv54wVBnVHe8VZR8q2pTDY7Wk_smeP1p_g_aBw9cYK1SSvZtiimYarRkiODnBOUUqqkdTc343Sndb6wIXOtJCwYB85QoMhwH5e26UhReVzFtpox53Lbts3YN\/s728\/maat_logo%20%281%29.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiHuuKsX7VNZe2suL6QjpFftnd5_yfcJ-OZe0O0FYz0yUD9YuZ3SM61rHjBukPHRRwiJv54wVBnVHe8VZR8q2pTDY7Wk_smeP1p_g_aBw9cYK1SSvZtiimYarRkiODnBOUUqqkdTc343Sndb6wIXOtJCwYB85QoMhwH5e26UhReVzFtpox53Lbts3YN\/s728\/maat_logo%20%281%29.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiHuuKsX7VNZe2suL6QjpFftnd5_yfcJ-OZe0O0FYz0yUD9YuZ3SM61rHjBukPHRRwiJv54wVBnVHe8VZR8q2pTDY7Wk_smeP1p_g_aBw9cYK1SSvZtiimYarRkiODnBOUUqqkdTc343Sndb6wIXOtJCwYB85QoMhwH5e26UhReVzFtpox53Lbts3YN\/s728\/maat_logo%20%281%29.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiHuuKsX7VNZe2suL6QjpFftnd5_yfcJ-OZe0O0FYz0yUD9YuZ3SM61rHjBukPHRRwiJv54wVBnVHe8VZR8q2pTDY7Wk_smeP1p_g_aBw9cYK1SSvZtiimYarRkiODnBOUUqqkdTc343Sndb6wIXOtJCwYB85QoMhwH5e26UhReVzFtpox53Lbts3YN\/s728\/maat_logo%20%281%29.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":17800,"url":"https:\/\/kalilinuxtutorials.com\/speakeasy\/","url_meta":{"origin":8895,"position":3},"title":"Speakeasy : Windows Kernel And User Mode Emulation","author":"R K","date":"September 16, 2021","format":false,"excerpt":"Speakeasy is a portable, modular, binary emulator designed to emulate Windows kernel and user mode malware. Check out the overview in the first\u00a0Speakeasy blog post. Instead of attempting to perform dynamic analysis using an entire virtualized operating system, Speakeasy will emulate specific components of Windows. Specifically, by emulating operating system\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/1.bp.blogspot.com\/-IwOL8AeecUQ\/YTD3QTYKlmI\/AAAAAAAAKpg\/ZyIJAK43im4uX1TFGMD7YK58BteZIcjtwCLcBGAsYHQ\/s951\/w%2B%25281%2529.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/1.bp.blogspot.com\/-IwOL8AeecUQ\/YTD3QTYKlmI\/AAAAAAAAKpg\/ZyIJAK43im4uX1TFGMD7YK58BteZIcjtwCLcBGAsYHQ\/s951\/w%2B%25281%2529.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/1.bp.blogspot.com\/-IwOL8AeecUQ\/YTD3QTYKlmI\/AAAAAAAAKpg\/ZyIJAK43im4uX1TFGMD7YK58BteZIcjtwCLcBGAsYHQ\/s951\/w%2B%25281%2529.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/1.bp.blogspot.com\/-IwOL8AeecUQ\/YTD3QTYKlmI\/AAAAAAAAKpg\/ZyIJAK43im4uX1TFGMD7YK58BteZIcjtwCLcBGAsYHQ\/s951\/w%2B%25281%2529.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":36850,"url":"https:\/\/kalilinuxtutorials.com\/atomic-red-team\/","url_meta":{"origin":8895,"position":4},"title":"Atomic Red Team : Mastering Threat Simulations For Advanced Security Testing","author":"Varshini","date":"March 5, 2025","format":false,"excerpt":"The Atomic Red Team is an open-source framework designed to help security teams emulate adversarial tactics and techniques in alignment with the MITRE ATT&CK\u00ae framework. Developed by Red Canary, it provides a library of small, portable detection tests, known as \"atomics,\" that can be executed to assess the effectiveness of\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Atomic-Red-Team.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Atomic-Red-Team.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Atomic-Red-Team.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Atomic-Red-Team.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Atomic-Red-Team.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/Atomic-Red-Team.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":36461,"url":"https:\/\/kalilinuxtutorials.com\/ghidra\/","url_meta":{"origin":8895,"position":5},"title":"Ghidra : A Comprehensive Tool For Software Reverse Engineering","author":"Varshini","date":"February 14, 2025","format":false,"excerpt":"Ghidra is a powerful open-source Software Reverse Engineering (SRE) framework developed by the U.S. National Security Agency (NSA). Designed to analyze compiled code from diverse platforms such as Windows, macOS, and Linux, Ghidra provides an extensive suite of tools for disassembly, decompilation, debugging, emulation, and scripting. Its versatility and extensibility\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Ghidra-.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Ghidra-.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Ghidra-.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Ghidra-.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Ghidra-.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Ghidra-.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/8895","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=8895"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/8895\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16089"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=8895"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=8895"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=8895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}