### Emulating Windows Executable with Qiling (Python)
Source: https://github.com/qilingframework/qiling/blob/master/README.md
This example demonstrates the basic usage of the Qiling framework to emulate a Windows executable. It initializes a Qiling instance with the target binary and its root filesystem, then starts the emulation process. It requires the Qiling library and a compatible rootfs setup.
```python
from qiling import Qiling
if __name__ == "__main__":
# initialize Qiling instance, specifying the executable to emulate and the emulated system root.
# note that the current working directory is assumed to be Qiling home
ql = Qiling([r'examples/rootfs/x86_windows/bin/x86_hello.exe'], r'examples/rootfs/x86_windows')
# start emulation
ql.run()
```
--------------------------------
### Executing X86 Windows Patching and Callback Example (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs an example script demonstrating how to use ql.patch and ql.set_callback features with an X86 Windows binary using python3 and Qiling.
```Shell
$ python3 crackme_x86_windows_setcallback.py
```
--------------------------------
### Executing X86 Windows Callback Example (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs an example script demonstrating the use of ql.set_callback with an X86 Windows binary using python3 and Qiling.
```Shell
$ python3 crackme_x86_windows_unpatch.py
```
--------------------------------
### Run Binary with qltool and Code Coverage (UEFI x86-64)
Source: https://github.com/qilingframework/qiling/blob/master/README.md
Provides an example of executing a UEFI binary with qltool and collecting code coverage data in a specified format and output file.
```Shell
./qltool run -f examples/rootfs/x8664_efi/bin/TcgPlatformSetupPolicy --rootfs examples/rootfs/x8664_efi --coverage-format drcov --coverage-file TcgPlatformSetupPolicy.cov
```
--------------------------------
### Change Directory to Examples (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Changes the current directory to the 'examples' folder, which is a prerequisite for running the Qiling sample scripts located within that directory.
```Shell
cd examples
```
--------------------------------
### Run Binary with qltool (Linux x86-64)
Source: https://github.com/qilingframework/qiling/blob/master/README.md
Shows how to execute a binary file using qltool, providing the path to the executable and the necessary root filesystem.
```Shell
./qltool run -f examples/rootfs/x8664_linux/bin/x8664_hello --rootfs examples/rootfs/x8664_linux/
```
--------------------------------
### Executing ARM Linux Stack Overflow Example (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs a simple stack overflow example for an ARM Linux binary using python3 and Qiling.
```Shell
$ python3 bofsample_arm_linux.py
```
--------------------------------
### Install AFL++ for Binary-Only Fuzzing
Source: https://github.com/qilingframework/qiling/blob/master/examples/fuzzing/linux_x8664/README.md
Clones the AFL++ repository from GitHub, changes the current directory into the cloned repository, and compiles AFL++ specifically for binary-only fuzzing, which is necessary for integration with tools like Unicornafl.
```bash
git clone https://github.com/AFLplusplus/AFLplusplus.git
cd ./AFLplusplus
make binary-only
```
--------------------------------
### Executing X86 Windows Wannacry Killswitch Example (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs an example script demonstrating how to catch Wannacry's killswitch using ql.set_exit with an X86 Windows binary using python3 and Qiling.
```Shell
$ python3 wannacry_x86_windows_setexit.py
```
--------------------------------
### Executing ARM Linux Helloworld (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs the simple helloworld example for an ARM Linux binary using python3 and Qiling.
```Shell
$ python3 hello_arm_linux.py
```
--------------------------------
### Executing X86 Linux Helloworld (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs the simple helloworld example for an X86 Linux binary using python3 and Qiling.
```Shell
$ python3 hello_x86_linux.py
```
--------------------------------
### Executing X86 Windows Multithreading Example (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs an example script demonstrating Qiling's handling of multithreading with an X86 Windows binary using python3.
```Shell
$ python3 multithreading_x86_windows.py
```
--------------------------------
### Unpack Firmware with Binwalk
Source: https://github.com/qilingframework/qiling/blob/master/examples/fuzzing/rt_n12_b1/README.md
Uses binwalk with the `-eM` flags to extract filesystems from the firmware image. Requires `sasquatch` for squashfs extraction.
```Shell
binwalk -eM
```
--------------------------------
### Executing ARM64 Linux Helloworld (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs the simple helloworld example for an ARM64 Linux binary using python3 and Qiling.
```Shell
$ python3 hello_arm64_linux.py
```
--------------------------------
### Executing X86_64 Windows Disassembly Output Example (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs an example script demonstrating how to set output options for disassembly with an X86_64 Windows binary using python3 and Qiling.
```Shell
$ python3 disasm_x8664_windows.py
```
--------------------------------
### Run Binary with qltool and JSON Output (Windows x86)
Source: https://github.com/qilingframework/qiling/blob/master/README.md
Demonstrates running a Windows binary with qltool, disabling console output, and enabling JSON output for results.
```Shell
./qltool run -f examples/rootfs/x86_windows/bin/x86_hello.exe --rootfs examples/rootfs/x86_windows/ --console False --json
```
--------------------------------
### Dynamically Patching and Hooking with Qiling (Python)
Source: https://github.com/qilingframework/qiling/blob/master/README.md
This example shows how to use Qiling for dynamic analysis by patching code and hooking execution flow. It defines a callback function `force_call_dialog_func` to manipulate the stack and redirect execution, then uses `ql.patch` to NOP out instructions and `ql.hook_address` to register the callback at a specific address before running the emulation. This requires the Qiling library and a target binary like a crackme.
```python
from qiling import Qiling
def force_call_dialog_func(ql: Qiling):
# get DialogFunc address from current stack frame
lpDialogFunc = ql.stack_read(-8)
# setup stack memory for DialogFunc
ql.stack_push(0)
ql.stack_push(1001) # IDS_APPNAME
ql.stack_push(0x111) # WM_COMMAND
ql.stack_push(0)
# push return address
ql.stack_push(0x0401018)
# resume emulation from DialogFunc address
ql.arch.regs.eip = lpDialogFunc
if __name__ == "__main__":
# initialize Qiling instance
ql = Qiling([r'rootfs/x86_windows/bin/Easy_CrackMe.exe'], r'rootfs/x86_windows')
# NOP out some code
ql.patch(0x004010B5, b'\x90\x90')
ql.patch(0x004010CD, b'\x90\x90')
ql.patch(0x0040110B, b'\x90\x90')
ql.patch(0x00401112, b'\x90\x90')
# hook at an address with a callback
ql.hook_address(force_call_dialog_func, 0x00401016)
ql.run()
```
--------------------------------
### Executing X86_64 FreeBSD Helloworld (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs the simple helloworld example for an X86_64 FreeBSD binary using python3 and Qiling.
```Shell
$ python3 hello_x8664_freebsd.py
```
--------------------------------
### Executing X86_64 Linux Helloworld (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs the simple helloworld example for an X86_64 Linux binary using python3 and Qiling.
```Shell
$ python3 hello_x8664_linux.py
```
--------------------------------
### Executing X86 macOS Helloworld (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs the simple helloworld example for an X86 macOS binary using python3 and Qiling.
```Shell
$ python3 hello_x86_macos.py
```
--------------------------------
### Executing X86_64 Linux Helloworld with Disassembly (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs the helloworld example for an X86_64 Linux binary, demonstrating manual disassembler output using python3 and Qiling.
```Shell
$ python3 hello_x8664_linux_disasm.py
```
--------------------------------
### Executing Shellcode Executor Example (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs the shellcode executor example script using python3. This script demonstrates Qiling's capability to execute multi-architecture, cross-platform shellcode.
```Shell
$ python3 shellcode_run.py
```
--------------------------------
### Run Binary with qltool and GDB (Linux x86-64)
Source: https://github.com/qilingframework/qiling/blob/master/README.md
Illustrates running a binary with qltool while enabling GDB debugging, specifying the debugger's host and port.
```Shell
./qltool run -f examples/rootfs/x8664_linux/bin/x8664_hello --gdb 127.0.0.1:9999 --rootfs examples/rootfs/x8664_linux
```
--------------------------------
### Executing MIPS32EL Linux Helloworld (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs the simple helloworld example for a MIPS32EL Linux binary using python3 and Qiling.
```Shell
$ python3 hello_mips32el_linux.py
```
--------------------------------
### Executing X86_64 macOS Helloworld (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs the simple helloworld example for an X86_64 macOS binary using python3 and Qiling.
```Shell
$ python3 hello_x8664_macos.py
```
--------------------------------
### Executing ARM64 Linux Exit on Memory Write Example (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs an example script for an ARM64 Linux binary that demonstrates how to exit execution when a write occurs to a specific memory address (0x555555566260) using python3 and Qiling.
```Shell
$ python3 exitmemwrite_arm64_linux.py
```
--------------------------------
### Executing X86 Windows Helloworld Debug Mode (Shell)
Source: https://github.com/qilingframework/qiling/blob/master/examples/README.md
Runs the helloworld example for an X86 Windows binary with debug mode enabled using python3 and Qiling.
```Shell
$ python3 hello_x86_windows_debug.py
```
--------------------------------
### Execute Shellcode with qltool (Linux ARM)
Source: https://github.com/qilingframework/qiling/blob/master/README.md
Demonstrates how to use qltool to execute shellcode from a file, specifying the target OS, architecture, and input format.
```Shell
./qltool code --os linux --arch arm --format hex -f examples/shellcodes/linarm32_tcp_reverse_shell.hex
```
--------------------------------
### Run AFL++ Fuzzer with Qiling Target
Source: https://github.com/qilingframework/qiling/blob/master/examples/fuzzing/rt_n12_b1/README.md
Executes the AFL++ fuzzer (`afl-fuzz`) using the Qiling-based Python script (`fuzz.py`) as the target. Specifies input/output directories, an optional dictionary, and the `-U` flag for persistent mode (often used with custom harnesses like Qiling). The `@@` placeholder is where AFL++ puts the input filename.
```Shell
afl-fuzz -i -o