Python API reference

Main Interface

pyqbdl exposes Python bindings over QBDL.

class pyqbdl.Arch(self: pyqbdl.Arch, arch: lief.ARCHITECTURES, endianness: lief.ENDIANNESS, is_64: bool)None

Create an Arch object from its architecture, endianness, and whether it is 64 bits

arm64_v8a = Arch(lief.ARCHITECTURES.ARM64, lief.ENDIANNESS.LITTLE, True)
property arch

LIEF Architecture.

property endianness

Endianness associated with the underlying architecture:

  • lief.ENDIANNESS.LITTLE

  • lief.ENDIANNESS.BIG

static from_bin(bin: lief.Binary)pyqbdl.Arch

Construct an Arch object from a LIEF binary object

property is64

True if the architecture is based on 64 bits

class pyqbdl.Loader

Base class for all format loaders. See: loaders

class BIND(self: pyqbdl.Loader.BIND, value: int)None

Enum used to tweak the symbol binding mechanism

Members:

NOT_BIND : Do not bind symbol at all

NOW : Bind all the symbols while loading the binary

LAZY : Bind symbols when they are used (i.e lazily)

LAZY = <BIND.LAZY: 2>
NOT_BIND = <BIND.NOT_BIND: 0>
NOW = <BIND.NOW: 1>
property name
property value
property entrypoint

Binary entrypoint as an absolute address

get_address(*args, **kwargs)

Overloaded function.

  1. get_address(self: pyqbdl.Loader, sym_name: str) -> int

Return the absolute address associated with the symbol given in parameter

  1. get_address(self: pyqbdl.Loader, offset: int) -> int

Get the absolute address form the offset given in parameter

class pyqbdl.TargetMemory(self: pyqbdl.TargetMemory)None

Memory model of the targeted system

mmap(self: pyqbdl.TargetMemory, ptr: int, len: int)int

Function used by the loaders to allocate memory pages

mprotect(self: pyqbdl.TargetMemory, addr: int, len: int, prot: int)bool

Function used by the loaders to change permissions on a memory area

read(self: pyqbdl.TargetMemory, arg0: capsule, arg1: int, arg2: int)None

Function used by the loaders to read data from memory

write(self: pyqbdl.TargetMemory, arg0: int, arg1: capsule, arg2: int)None

Function used by the loader to write data in memory

class pyqbdl.TargetSystem(self: pyqbdl.TargetSystem, arg0: pyqbdl.TargetMemory)None
base_address_hint(self: pyqbdl.TargetSystem, binary_base_address: int, virtual_size: int)int

Function that returns the preferred based address where the binary should be mapped. If it returns 0, the loader can choose any address.

supports(self: pyqbdl.TargetSystem, binary: lief.Binary)bool

Function that returns whether we support the architecture associated with the given binary

Callback used by the loader to resolve external functions.

The first parameter of this callback is the Loader and the second parameter is the LIEF’s symbol object to resolve (lief.Symbol).

This callback must return an address (int) that will be bound to the symbol.

def resolve(loader: pyqbdl.Loader, symbol: lief.Symbol):
    if symbol.name == "printf":
        return printf_address
    return default_address

Loaders

This module contains the different classes used to load binary formats.

class pyqbdl.loaders.ELF

ELF loader

static from_file(bin_path: str, engines: pyqbdl.TargetSystem, bind: pyqbdl.Loader.BIND = <BIND.NOW: 1>)pyqbdl.loaders.ELF

Load an ELF file from its path on the disk

is_valid(self: pyqbdl.loaders.ELF)bool

Whether the loader object is consistent

class pyqbdl.loaders.MachO

Mach-O loader

static from_file(path: str, arch: pyqbdl.Arch, engine: pyqbdl.TargetSystem, binding: pyqbdl.Loader.BIND = <BIND.NOW: 1>)pyqbdl.loaders.MachO

Load a Mach-O file from its path on the disk

is_valid(self: pyqbdl.loaders.MachO)bool

Whether the loader is in a consistent state

static take_arch_binary(fatbin: lief.MachO.FatBinary, arch: pyqbdl.Arch)lief.MachO.Binary

Extract a Mach-O binary from a Fat binary that matches the given architecture

class pyqbdl.loaders.PE

PE loader

static from_file(bin_path: str, engines: pyqbdl.TargetSystem, bind: pyqbdl.Loader.BIND = <BIND.NOW: 1>)pyqbdl.loaders.PE

Load an PE file from its path on the disk

is_valid(self: pyqbdl.loaders.PE)bool

Whether the loader object is consistent

Engines

Default engines provided by QBDL

Native

Native engine that provides that matches the OS on which QBDL is running

class pyqbdl.engines.Native.TargetSystem(self: pyqbdl.engines.Native.TargetSystem, arg0: pyqbdl.TargetMemory)None

See pyqbdl.TargetSystem.symlink()

pyqbdl.engines.Native.arch()pyqbdl.Arch

Arch object that matches the system on which QBDL is running on.

pyqbdl.engines.Native.memory()pyqbdl.TargetMemory

Return a native implementation of the memory accesses.

This model assumes that the loader and the loaded binary share the same memory space.