Blink is a JIT-based instruction emulator and x86-64 Linux emulator designed to run Linux binaries and ELF files across different host operating systems and architectures. It functions as a binary execution sandbox and system call simulator, providing a controlled environment for running programs. The project distinguishes itself with a terminal user interface for monitoring execution, managing breakpoints, and visualizing JIT compilation paths. It supports self-modifying code through a cache-invalidating memory model and provides execution environment isolation using restricted directory ove
capa is a static analysis tool that scans executable files to identify what a program can do, detecting capabilities such as API calls, byte sequences, and structural patterns without executing the code. It supports multiple file formats including PE, ELF, .NET, and shellcode, and can also process runtime behavior traces from sandbox reports generated by CAPE, DRAKVUF, or VMRay. The tool integrates directly with reverse engineering environments through plugins for IDA Pro and Ghidra, allowing analysts to view capability matches and author detection rules within their disassembler of choice. C
Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the
HyperDbg is a hardware-assisted kernel-mode debugging platform that leverages virtualization to monitor and control system execution. By utilizing hypervisor-level primitives, it enables deep system analysis and instrumentation without relying on standard operating system debugging interfaces. The framework provides a comprehensive environment for inspecting both kernel and user-mode processes, allowing for granular control over execution flow and system state. The project distinguishes itself through a transparent debugging layer designed to remain invisible to the target environment. It emp
A True Instrumentable Binary Emulation Framework
Die Hauptfunktionen von qilingframework/qiling sind: Instrumentable Binary Emulators, Binary and Reverse Engineering, Emulated Code Hotpatching Engines, Configurable Execution Sandboxes, Multi-OS, Multi-Platform Binary Runners, Instrumentable Emulation Engines, Multi-Level Execution Instrumentation.
Open-Source-Alternativen zu qilingframework/qiling sind unter anderem: jart/blink — Blink is a JIT-based instruction emulator and x86-64 Linux emulator designed to run Linux binaries and ELF files… fireeye/capa — capa is a static analysis tool that scans executable files to identify what a program can do, detecting capabilities… unicorn-engine/unicorn — Unicorn is a multi-architecture CPU emulation framework and library that utilizes just-in-time compilation to execute… angr/angr — Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves… hyperdbg/hyperdbg — HyperDbg is a hardware-assisted kernel-mode debugging platform that leverages virtualization to monitor and control… tianocore/edk2 — edk2 is a development project for creating system firmware that complies with the UEFI specification. It provides the…