Extending Qiling Framework
Extending Qiling Framework
Three extension points: Loader, Architecture, and Operating System.
Loader
Handles binary format identification, memory layout, and environment setup.
Required components:
- File identifier (OS + arch detection)
- Loader implementation
- Shellcode memory mapping support
- Stack, heap, and memory initialization
- Environment variable setup (
ENV) - Argument vector setup (
ARGV)
Relevant files:
qiling/utils.pyqiling/const.pyqiling/loader/<loader>.py
Architecture (Arch)
Handles CPU-level initialization during OS setup.
Required components:
- VFP (floating point) setup
- Architecture-specific features (e.g. x86 GS/FS segment registers)
- TLS (
init_tls) initialization
Relevant files:
qiling/arch/<arch>.py
Operating System
Two stages: initialize and run.
Initialization must include:
- CPU setup
- OS components:
- Output (stdout/stderr)
- stdio
- Registry (Windows)
- Thread management
- API or syscall mapping (see syscall_api.md)
Relevant files:
qiling/os/<os>.py