Beyond that, Unicorn is not aware of higher level concepts, such as dynamic libraries, system calls, I/O handling or executable formats like PE, MachO or ELF. Unicorn is just a CPU emulator, so it focuses on emulating CPU instructions, that can understand emulator memory.Qiling vs Unicorn engineīuilt on top of Unicorn, but Qiling & Unicorn are two different animals. This section explains the main differences of Qiling against them.
There are many open source emulators, but two projects closest to Qiling are Unicorn & Qemu usermode.
Q emulator download software license#
This project is released and distributed under free software license GPLv2 and later version. Qiling also made its way to various international conferences.
True framework in Python, making it easy to build customized security analysis tools on top. Allows dynamic hotpatch on-the-fly running code, including the loaded library. Built-in debugger with reverse debugging capability. Supports cross architecture and platform debugging capabilities. Provides virtual machine level API such as save and restore current execution state. 
Fine-grain instrumentation: allows hooks at various levels (instruction/basic-block/memory-access/exception/syscall/IO/etc). Provides in-depth memory, register, OS level and filesystem level API. Emulates & sandbox code in an isolated environment. Support Windows Driver (.sys), Linux Kernel Module (.ko) & MacOS Kernel (.kext) via Demigod. Support multiple file formats: PE, MachO, ELF, COM, MBR. Emulate multi-architectures: 8086, X86, X86_64, ARM, ARM64, MIPS, RISCV, PowerPC. Emulate multi-platforms: Windows, MacOS, Linux, Android, BSD, UEFI, DOS, MBR, Ethereum Virtual Machine. Qiling is an advanced binary emulation framework, with the following features:
0 kommentar(er)
