There are 3 major components in Qiling Framework.
This part should contain:
- File identifier: which os, which arch
- Loader itself
- Mapping for shellcode. The OS supported shellcode
- stack, memory and heap setup
- ENV setup
This part should contain all the functions or CPU features needed to be configured during OS initialization.
- set up VFP
- very specific arch functions, such as GS/FS and etc
There are 2 stages in this part, initialize and run. OS initialization should contain:
- CPU setup
OS related components, such as
- thread management
- API or syscall mapping, read here