Qiling
- Adding Syscalls and OS APIs
- Architectural Registers API
- Code Coverage
- EVM Engine
- Extending Qiling Framework
- FAQ
- Getting Started
- Hijack API
- Hook API
- Installation
- Memory API
- Pack, Unpack & C Structs
- Print and Logging
- Profile
- Qdb Debugger
- Qiling IDA Pro Plugin
- qltool CLI
- Remote Debugging
- Snapshot & Partial Execution
- Syscall Generator Scripts
Qiling Framework 文档索引
来源:qilingframework/rtfd.io + qilingframework/qiling 抓取日期:2026-04-22 文件数:20
Table of Contents
| File | Summary |
|---|---|
| content/howto.md | Qiling Framework initialization, emulation configuration, and run controls — binary emulation, shellcode emulation, fs mapping, patching, and ql.run() parameters. |
| content/hook.md | Qiling Framework hook API — address hooks, code/block/instruction hooks, memory read/write/fetch hooks, interrupt hooks, and hook management. |
| content/memory.md | Qiling Framework memory subsystem API — map/unmap, read/write bytes and integers, search, alignment utilities, and architectural stack operations. |
| content/register.md | Qiling Framework register API — read/write architectural registers by name or Unicorn constant, generic PC/SP aliases, Intel MSR, and ARM coprocessors. |
| content/hijack.md | Qiling Framework hijacking API — stdin/stdout/stderr redirection, VFS object mapping, POSIX syscall interception, OS API hooking for POSIX/Windows/UEFI. |
| content/ida.md | Qiling IDA Pro plugin — installation, emulation setup, debugging controls, custom user scripts, snapshot save/restore, and OLLVM de-obfuscation. |
| content/debugger.md | Qiling Framework remote debugging — GDB server setup, IDA Pro connection, GDB commands, and Qdb built-in debugger with record-and-replay. |
| content/snapshot.md | Qiling Framework snapshot and partial execution API — save/restore full state, CPU context, memory, registers, file descriptors, and skip-ahead emulation patterns. |
| content/qltool.md | qltool CLI reference — run/code/qltui commands with all options for binary emulation, shellcode execution, debugging, coverage, and output control. |
| content/install.md | Qiling Framework installation — pip, GitHub dev branch, Docker, Windows DLL setup, and macOS Keystone workaround. |
| content/coverage.md | Qiling Framework code coverage plugin — drcov format output via qltool CLI or Python script, and guide for adding new coverage format backends. |
| content/print.md | Qiling Framework logging API — verbosity levels, ql.log usage, and log filtering with regex. |
| content/profile.md | Qiling Framework profile files — INI-format configuration for OS-specific settings like mmap_address, log_dir, and log_split; default profiles per OS. |
| content/struct.md | Qiling Framework pack/unpack API and struct memory layout guide — ql.pack/unpack for 16/32/64-bit values, signed variants, and Python struct module usage for C structs. |
| content/evm.md | Qiling Framework EVM engine — install, execute and debug Ethereum smart contract bytecode, create accounts, send transactions, and set EVM hard forks. |
| content/faq.md | Qiling Framework FAQ — rootfs errors, missing syscalls/APIs, UC_ERR_FETCH_UNMAPPED causes, GDB timeout fix, multithread requirement, Windows A/W API compatibility. |
| content/syscall_api.md | Guide for adding POSIX syscalls and OS API implementations to Qiling — file organization by header, testing approach, and arch mapping. |
| content/extension.md | Guide for extending Qiling Framework with new loaders, architectures, and operating systems — required components and relevant source files for each extension type. |
| content/qdb.md | Qdb built-in debugger for Qiling — command-line interface, step/continue/breakpoint/examine commands, and record-and-replay usage. |
| content/references.md | Utility scripts for generating Qiling syscall mappings from FreeBSD and macOS syscall master files. |