search

qilingframework / qiling

A True Instrumentable Binary Emulation Framework
https://qiling.io
GNU General Public License v2.0
5.14k stars 745 forks source link

Heap Memory Allocator for Linux #1279

Open mustakimur opened 1 year ago

mustakimur commented 1 year ago

It seems like every platform except Linux implements the QlMemoryHeap class that lets users manipulate the heap memory. Unfortunately, for Linux binaries, we could not find equivalent functions as ql.os.heap.alloc(size).

Can anyone point out why it is like that/ how we could manipulate heap memory for Linux binaries?

Thanks.

rootkiter commented 10 months ago

This code is suitable for my scenario, I'm not sure if it's universal.

class Qlkit(qiling.Qiling):
    def __init__(self, *args, **kw):
         qiling.Qiling.__init__(self, *args, **kw)
         self.heap = self.heap_init()

    def heap_init(self):
        qlkit_heap_address = None

        # search mem space
        heap_base = 0x0060000000
        heap = None
        for i in range(0, 0x10):
            hbase = heap_base + (i * 0x100000)
            if(not self.mem.is_mapped(hbase, 4)):
                qlkit_heap_address = hbase

        # map the heap
        if(qlkit_heap_address != None):
            heap = QlMemoryHeap(self,
                qlkit_heap_address, qlkit_heap_address+0x10000
            )
        else:
            print("Didn't find memory space for qlkit_heap")
        return heap