SandAnalyze is a program that allows you to examine Windows EXE files on Linux with the help of GDB Debugger or QDB Debugger and perform operations on memory.
SandAnalyze, Linux üzerinde Windows EXE dosyalarını GDB Debugger veya QDB Debugger yardımıyla inceleyebileceğiniz ve memory üzerinde işlem yapabileceğiniz bir programdır.
- Windows (EXE and BIN)
- macOS (DMG and BIN)
- Android (APK, Testing)
- iOS (APK, Testing)
First, run the "dllscollector.bat" file on a Windows computer. If the file you want to examine is 32 bit, copy the EXE file into the "examples/rootfs/x86_windows/bin" folder, if it is 64 bit, copy the EXE file into the "examples/rootfs/x8664_windows/bin" folder. Then, run the "pip3 install -r requirements.txt" command on a Linux computer and install the Python PIP packages. After all these procedures, you can start examining your EXE file with the "python3 example.py example.exe" command.
Öncelikle, Windows bir bilgisayar üzerinde "dllscollector.bat" dosyasını çalıştırın. İncelemek istediğiniz dosya eğer 32 bit ise "examples/rootfs/x86_windows/bin" klasörü içerisine, 64 bit ise "examples/rootfs/x8664_windows/bin" klasörü içerisine EXE dosyasını kopyalayın Ardından Linux bir bilgisayar üzerinden "pip3 install -r requirements.txt" komutunu çalıştırıp Python PIP paketlerini kurun. Tüm bu işlemlerden sonra "python3 example.py example.exe" komutuyla EXE dosyanızı incelemeye başlayabilirsiniz.
Installation
Proof of Concepts
UC_ERR_FETCH_UNMAPPED, UC_ERR_WRITE_UNMAPPED and related issues
This is not a "bug". There are several possibilities why these errors occur.
1 - Windows API or syscall not being implemented
SandAnalyze with Qiling Framework tries to emulate various platforms such as Linux, MacOS, Windows, FreeBSD and UEFI. All these platforms come with different archnitecture. Its not possible for SandAnalyze with Qiling Framework to be able to emulate all these syscall/API. Community help is needed.
2 - Some specific requiremments are needed.
Firmware might need interface br0 and a users testing enviroment might not have it. In this case, ql.patch will come in handy.
3 - Required files are missing.
Missing conifig file or library can cause the targeted binary fail to run properly.
It is adviseble to always turn on debugging or disassambly mode to pintpoint the issue and try to resolve it. Technically, this is not a bug but rather a feature.
Powered by Qiling Framework
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent