Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/qbdi/qbdi

A Dynamic Binary Instrumentation framework based on LLVM.
https://github.com/qbdi/qbdi

dbi frida instrumentation llvm reverse-engineering

Last synced: about 2 hours ago
JSON representation

A Dynamic Binary Instrumentation framework based on LLVM.

Host: GitHub
URL: https://github.com/qbdi/qbdi
Owner: QBDI
License: other
Created: 2017-10-24T15:33:03.000Z (about 7 years ago)
Default Branch: dev-next
Last Pushed: 2024-08-27T13:39:02.000Z (5 months ago)
Last Synced: 2024-10-29T14:55:04.512Z (3 months ago)
Topics: dbi, frida, instrumentation, llvm, reverse-engineering
Language: C++
Homepage: https://qbdi.quarkslab.com
Size: 3.18 MB
Stars: 1,414
Watchers: 68
Forks: 161
Open Issues: 15
Metadata Files:
- Readme: README-pypi.rst
- Changelog: CHANGELOG
- License: LICENSE.txt

Awesome Lists containing this project

README

        Introduction

============

.. image:: https://readthedocs.org/projects/qbdi/badge/?version=stable

    :target: https://qbdi.readthedocs.io/en/stable/?badge=stable

    :alt: Documentation Status

.. image:: https://img.shields.io/github/v/release/QBDI/QBDI

    :target: https://github.com/QBDI/QBDI/releases

.. image:: https://img.shields.io/pypi/pyversions/PyQBDI

    :target: https://pypi.org/project/PyQBDI/

.. image:: https://img.shields.io/pypi/v/PyQBDI

    :target: https://pypi.org/project/PyQBDI/

QuarkslaB Dynamic binary Instrumentation (QBDI) is a modular, cross-platform and cross-architecture

DBI framework. It aims to support Linux, macOS, Android, iOS and Windows operating systems running on

x86, x86-64, ARM and AArch64 architectures. In addition of C/C++ API, Python and JS/frida bindings are

available to script QBDI. Information about what is a DBI framework and how QBDI

works can be found in the `documentation introduction `_.

QBDI modularity means it doesn't contain a preferred injection method and it is designed to be

used in conjunction with an external injection tool. QBDI includes a tiny (``LD_PRELOAD`` based)

Linux and macOS injector for dynamic executables (QBDIPreload).

QBDI is also fully integrated with `Frida `_, a reference dynamic instrumentation toolkit,

allowing anybody to use their combined powers.

A current limitation is that QBDI doesn't handle signals, multithreading (it doesn't deal with new

threads creation) and C++ exception mechanisms.

However, those system-dependent features will probably not be part of the core library (KISS),

and should be integrated as a new layer (to be determined how).

Status

++++++

.. role:: green

.. role:: yellow

.. role:: orange

.. role:: red

=======   ==============================   ========================   =================================

CPU       Operating Systems                Execution                  Memory Access Information

=======   ==============================   ========================   =================================

x86-64    Android, Linux, macOS, Windows   :green:`Supported`         :green:`Supported`

x86       Android, Linux, macOS, Windows   :green:`Supported`         :green:`Supported`

ARM       Android, Linux                   :yellow:`Supported (*)`    :yellow:`Supported (*)`

AArch64   Android, Linux, macOS            :yellow:`Supported (*)`    :yellow:`Supported (*)`

=======   ==============================   ========================   =================================

\* The ARM and AArch64 instruction sets are supported but in early support.

Installation

============

Python API (PyQBDI)

+++++++++++++++++++

PyQBDI is available through PyPI. The wheel package can be either `downloaded `__ or installed with the following command:

    pip install PyQBDI

The PyQBDI package is self-contained so completely independent from the C/C++ package.

Devel packages

++++++++++++++

There is no strict development timeline or scheduled release plan for the QBDI project.

All the new features and fixes are merged onto the ``dev-next`` branch.

Devel packages can be downloaded in the artefacts of `Github Actions `__.

Compilation

===========

The PyQDBI library (apart from the wheel package) can be built by solely passing the **'-DQBDI_TOOLS_PYQBDI=ON'** option to the CMake build system.

However, if you want to build the wheel package, you can run these commands::

    git clone https://github.com/QBDI/QBDI.git

    python -m pip install --upgrade pip

    python -m pip install setuptools wheel build

    python -m build -w

A 32-bit version of Python is mandatory for the X86 architecture whereas a 64-bit one is required for the X86-64 architecture.