awesome-repositories.com
Blog
awesome-repositories.com

Entdecke die besten Open-Source-Repositories mit KI-gestützter Suche.

EntdeckenKuratierte SuchenOpen-Source-AlternativenSelf-hosted SoftwareBlogSitemap
ProjektÜber unsRanking-MethodikPresseMCP-Server
RechtlichesDatenschutzAGB
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
qilingframework avatar

qilingframework/qiling

0
View on GitHub↗
5,965 Stars·782 Forks·Python·GPL-2.0·2 Aufrufeqiling.io↗

Qiling

A True Instrumentable Binary Emulation Framework

Features

  • Instrumentable Binary Emulators - An instrumentable framework that emulates executable files across multiple operating systems and CPU architectures.
  • Binary and Reverse Engineering - Emulates and debugs binaries across architectures with reverse execution and state snapshots.
  • Emulated Code Hotpatching Engines - Provides a dynamic code hotpatching engine that modifies emulated code at runtime without restarting the binary.
  • Configurable Execution Sandboxes - Ships a fully configurable sandbox controlling memory, registers, OS, and filesystem interactions.
  • Multi-OS - Emulates binaries for Windows, macOS, Linux, Android, BSD, UEFI, DOS, and MBR without requiring the native OS.
  • Multi-Platform Binary Runners - Runs binaries for Windows, macOS, Linux, Android, BSD, UEFI, DOS, and MBR without requiring the native OS.
  • Instrumentable Emulation Engines - Hooks into instructions, basic blocks, memory accesses, syscalls, and I/O to inspect or modify behavior during emulation.
  • Multi-Level Execution Instrumentation - Hooks into instructions, basic blocks, memory accesses, exceptions, syscalls, and I/O to inspect or modify behavior during emulation.
  • Multi-Format Binary Loaders - Parses and loads multiple executable formats such as PE, ELF, and Mach-O into the emulated address space.
  • Emulated Syscall Handlers - Maps guest OS syscalls to emulated handlers, replicating kernel behavior without the native OS.
  • Cross-Platform Binary Emulators - Runs binaries compiled for one architecture or OS on a completely different host platform, such as ARM firmware on x86 Linux.
  • Binary Instrumentation - Emulates and instruments binary code across multiple architectures and operating systems for analysis and debugging.
  • CPU Emulation Libraries - Emulates machine code via the Unicorn engine for cross-architecture execution and analysis.
  • Unicorn-Based Emulators - Emulates machine code by translating guest instructions into host instructions via the Unicorn engine.
  • Binary Execution Sandboxes - Runs executable files in a virtual environment that intercepts all system interactions.
  • Machine State Restoration - Captures and restores full CPU, memory, and peripheral state for repeatable analysis and reverse execution.
  • Emulator State Snapshots - Captures and restores the full emulated state for repeatable analysis and debugging sessions.
  • Reverse Execution Debuggers - Provides a built-in debugger that steps backward through emulated code execution.
  • Hook-Based Plugin Systems - Attaches user-defined callbacks to execution events like instructions, memory access, and syscalls via a modular hook system.
  • Execution Event Hooks - Attaches user-defined callbacks to execution events like instructions, memory access, and syscalls.
  • Reverse Execution Debuggers - Steps through emulated code forward and backward with support for saving and restoring execution state.
  • Multi-Architecture Firmware Emulators - Emulates and analyzes firmware binaries for UEFI, MBR, and embedded systems across different CPU architectures.
  • Cross-Platform Malware Sandboxes - Runs untrusted executables from different operating systems in a fully configurable isolated environment.
  • Emulated Code Patching and Hooking - Modifies executable code and library behavior on-the-fly during emulation for testing and analysis.
  • Cross-Platform Debuggers - Debugs code across different operating systems and CPU architectures without switching tools or environments.
  • Kernel Module and Driver Emulators - Emulates kernel modules, drivers, and extensions across operating systems for security research and vulnerability testing.
  • Emulated Code Hotpatching - Modifies instructions or data in memory during execution, including within loaded libraries, without restarting the process.
  • Kernel and Driver Security Analysis - Emulates and analyzes kernel modules, drivers, and firmware for vulnerability research and security testing.
  • Multi-Architecture Execution Sandboxes - Runs untrusted executables from multiple architectures in a fully configurable isolated environment.
  • Cross-Platform Malware Runners - Runs and analyzes malware samples from different operating systems without needing the native platform.
  • Shellcode Emulation Tools - Provides a command-line utility to quickly emulate shellcode or executable files with debugging options.
  • Binary Analysis - Provides an advanced framework for binary emulation.
  • Firmware Emulation Frameworks - Advanced binary emulation framework for cross-platform analysis.

Star-Verlauf

Star-Verlauf für qilingframework/qilingStar-Verlauf für qilingframework/qiling

KI-Suche

Entdecke weitere awesome Repositories

Beschreibe in einfachen Worten, was du brauchst — die KI bewertet tausende kuratierte Open-Source-Projekte nach Relevanz.

Start searching with AI

Open-Source-Alternativen zu Qiling

Ähnliche Open-Source-Projekte, sortiert nach der Anzahl der gemeinsamen Funktionen mit Qiling.
  • jart/blinkAvatar von jart

    jart/blink

    7,534Auf GitHub ansehen↗

    Blink is a JIT-based instruction emulator and x86-64 Linux emulator designed to run Linux binaries and ELF files across different host operating systems and architectures. It functions as a binary execution sandbox and system call simulator, providing a controlled environment for running programs. The project distinguishes itself with a terminal user interface for monitoring execution, managing breakpoints, and visualizing JIT compilation paths. It supports self-modifying code through a cache-invalidating memory model and provides execution environment isolation using restricted directory ove

    C
    Auf GitHub ansehen↗7,534
  • fireeye/capaAvatar von fireeye

    fireeye/capa

    6,062Auf GitHub ansehen↗

    capa is a static analysis tool that scans executable files to identify what a program can do, detecting capabilities such as API calls, byte sequences, and structural patterns without executing the code. It supports multiple file formats including PE, ELF, .NET, and shellcode, and can also process runtime behavior traces from sandbox reports generated by CAPE, DRAKVUF, or VMRay. The tool integrates directly with reverse engineering environments through plugins for IDA Pro and Ghidra, allowing analysts to view capability matches and author detection rules within their disassembler of choice. C

    Python
    Auf GitHub ansehen↗6,062
  • angr/angrAvatar von angr

    angr/angr

    8,898Auf GitHub ansehen↗

    Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the

    Python
    Auf GitHub ansehen↗8,898
  • hyperdbg/hyperdbgAvatar von HyperDbg

    HyperDbg/HyperDbg

    3,885Auf GitHub ansehen↗

    HyperDbg is a hardware-assisted kernel-mode debugging platform that leverages virtualization to monitor and control system execution. By utilizing hypervisor-level primitives, it enables deep system analysis and instrumentation without relying on standard operating system debugging interfaces. The framework provides a comprehensive environment for inspecting both kernel and user-mode processes, allowing for granular control over execution flow and system state. The project distinguishes itself through a transparent debugging layer designed to remain invisible to the target environment. It emp

    Cbinary-analysisdebugdebugger
    Auf GitHub ansehen↗3,885
Alle 30 Alternativen zu Qiling anzeigen→

Häufig gestellte Fragen

Was macht qilingframework/qiling?

A True Instrumentable Binary Emulation Framework

Was sind die Hauptfunktionen von qilingframework/qiling?

Die Hauptfunktionen von qilingframework/qiling sind: Instrumentable Binary Emulators, Binary and Reverse Engineering, Emulated Code Hotpatching Engines, Configurable Execution Sandboxes, Multi-OS, Multi-Platform Binary Runners, Instrumentable Emulation Engines, Multi-Level Execution Instrumentation.

Welche Open-Source-Alternativen gibt es zu qilingframework/qiling?

Open-Source-Alternativen zu qilingframework/qiling sind unter anderem: jart/blink — Blink is a JIT-based instruction emulator and x86-64 Linux emulator designed to run Linux binaries and ELF files… fireeye/capa — capa is a static analysis tool that scans executable files to identify what a program can do, detecting capabilities… unicorn-engine/unicorn — Unicorn is a multi-architecture CPU emulation framework and library that utilizes just-in-time compilation to execute… angr/angr — Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves… hyperdbg/hyperdbg — HyperDbg is a hardware-assisted kernel-mode debugging platform that leverages virtualization to monitor and control… tianocore/edk2 — edk2 is a development project for creating system firmware that complies with the UEFI specification. It provides the…