How to use the qiling.loader.pe.Process function in qiling

To help you get started, we’ve selected a few qiling examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

qilingframework / qiling / qiling / loader / pe.py View on Github

# load shellcode in
        self.ql.uc.mem_map(self.ql.code_address, self.ql.code_size)
        self.ql.mem_write(self.ql.code_address, self.ql.shellcoder)

        # init tib/peb/ldr
        super().init_tib()
        super().init_peb()
        super().init_ldr_data()

        # load dlls
        for each in self.init_dlls:
            super().load_dll(each)


class PE(Process):
    def __init__(self, ql, path=""):
        self.ql = ql
        self.path = path
        self.filepath = ''
        self.PE_IMAGE_BASE = 0
        self.PE_IMAGE_SIZE = 0
        self.PE_ENTRY_POINT = 0
        self.sizeOfStackReserve = 0
        super().__init__(ql)

    def load(self):
        self.pe = pefile.PE(self.path, fast_load=True)

        # for simplicity, no image base relocation
        self.ql.PE_IMAGE_BASE = self.PE_IMAGE_BASE = self.pe.OPTIONAL_HEADER.ImageBase
        self.ql.PE_IMAGE_SIZE = self.PE_IMAGE_SIZE = self.pe.OPTIONAL_HEADER.SizeOfImage

qilingframework / qiling / qiling / loader / pe.py View on Github

ldr_table_entry.InLoadOrderLinks['Blink'] = blink.InLoadOrderModuleList['Blink']
        ldr_table_entry.InMemoryOrderLinks['Blink'] = blink.InMemoryOrderModuleList['Blink']
        ldr_table_entry.InInitializationOrderLinks['Blink'] = blink.InInitializationOrderModuleList['Blink']

        blink.InLoadOrderModuleList['Blink'] = ldr_table_entry.base
        blink.InMemoryOrderModuleList['Blink'] = ldr_table_entry.base + 2 * self.ql.pointersize
        blink.InInitializationOrderModuleList['Blink'] = ldr_table_entry.base + 4 * self.ql.pointersize

        self.ql.uc.mem_write(flink.base, flink.bytes())
        self.ql.uc.mem_write(blink.base, blink.bytes())
        self.ql.uc.mem_write(ldr_table_entry.base, ldr_table_entry.bytes())

        self.ldr_list.append(ldr_table_entry)


class Shellcode(Process):
    def __init__(self, ql, dlls=[]):
        self.ql = ql
        self.init_dlls = dlls
        super().__init__(ql)

    def load(self):
        # setup stack memory
        self.ql.uc.mem_map(self.ql.stack_address, self.ql.stack_size)
        if self.ql.arch == QL_X86:
            self.ql.uc.reg_write(UC_X86_REG_ESP, self.ql.stack_address + 0x3000)
            self.ql.uc.reg_write(UC_X86_REG_EBP, self.ql.stack_address + 0x3000)
        else:
            self.ql.uc.reg_write(UC_X86_REG_RSP, self.ql.stack_address + 0x3000)
            self.ql.uc.reg_write(UC_X86_REG_RBP, self.ql.stack_address + 0x3000)

        # load shellcode in

How to use the qiling.loader.pe.Process function in qiling

To help you get started, we’ve selected a few qiling examples, based on popular ways it is used in public projects.

qiling

Package Health Score

Popular qiling functions

Similar packages