There are 3 major components in Qiling Framework.

Loader

This part should contain:

  • File identifier: which os, which arch
  • Loader itself
  • Mapping for shellcode. The OS supported shellcode
  • stack, memory and heap setup
  • ENV setup
  • ARGV setup

  • Related files:

    • qiling/utils.py
    • qiling/const.py
    • qiling/loader/.py

Arch

This part should contain all the functions or CPU features needed to be configured during OS initialization.

  • set up VFP
  • very specific arch functions, such as GS/FS and etc
  • init_tls settings

  • Related files:

    • qiling/arch/.py

Operating System

There are 2 stages in this part, initialize and run. OS initialization should contain:

  • CPU setup
  • OS related components, such as

    • output
    • stdio
    • registry
    • thread management
    • API or syscall mapping, read here
  • Related files:

    • qiling/os/.py