api and var how-to - Githubissues

qilingframework / qiling

A True Instrumentable Binary Emulation Framework

https://qiling.io

GNU General Public License v2.0

5.14k stars 744 forks source link

api and var how-to #183

Closed xwings closed 4 years ago

xwings commented 4 years ago

for documentation purposed, this is for @chfl4gs to build documentation

ql.regdiff = /path/to/regsitery.json

this is to record registry changes

xwings commented 4 years ago

We had a chat in gitter and lets do some planning here.

0: not print anything, except exception
1: only nprint this will be pretty much strace in linux
2: disassemble output
3: ql.print with level 0

level will be defined during

ql.dprint(0, "some msg %s %i"  % (str1, int2))

so, i added verbose option, by default verbose is 0 and verbose only can use with

ql.output in (QL_OUT_DEBUG, QL_OUT_DUMP)

example, says we need to set verbose to 1

def stopatkillerswtich(ql):
    print("killerswtch found")
    ql.uc.emu_stop()

if __name__ == "__main__":
    ql = Qiling(["rootfs/x86_windows/bin/wannacry.bin"], "rootfs/x86_windows", output = "debug", verbose = 1)
    ql.hook_address(stopatkillerswtich, 0x40819a)
    ql.run()

xwings commented 4 years ago

to read register

ql.reg.read("EAX")

ql.reg.read(UC_X86_REG_EAX)

eax = ql.reg.eax

to write register

ql.reg.write("EAX", 0xFF)

ql.reg.write(UC_X86_REG_EAX, 0xFF)

ql.reg.eax =  0xFF

xwings commented 4 years ago

issue #184

xwings commented 4 years ago

qiling (output, log_console, verbose) usage

output takes in 'default', 'disasm', 'debug', 'dump' log_console = True or False verbose takes in 1-99

output = 'default' means standard strace output output = 'disasm' means disasmble printout output = 'debug' means debug printout output = 'dump' mean debug + disasm print out

log_console = print nothing to console. but if log_dir is enabled. it will still write to log

verbose will only work with output = 'debug' or output = 'dump' depends on how many level of output we want