Qiling Framework is designed as a binary instrumentation and binary emulation framework that supports cross-platform and multi-architecture targets. It is also packed with powerful features such as code interception and arbitary code injection before or during a binary execution and hotpatching packed binary.

QIling is a sandbox framework that focuses on providing low level Python API to enable users to build highly customizable analysis tool on top. Using emulator technology inside, our engine can run any machine code on any target platforms. This allows analyzing Windows malware on Linux Arm64, or  running IoT firmware based on Mips on MacOS, and so on.

This research introduces a comprehensive overview on the Qiling. We will present all the technical issues we had to deal with. To conclude the presentation, we will show some cool live demos.