You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ida pro SP1 (7.6.210427 Windows x64 (32-bit address size)
Windows 10 22H2
qiling 1.4.6
Python 3.10.11
IDAPython v7.4.0 final (serial 0)
Trying to run qiling on example\rootfs\x86_windows\bin\x86_hello.exe
with demo.py
fromqilingimport*# sandbox to emulate the EXEdefmy_sandbox(path, rootfs):
# setup Qiling engineql=Qiling(path, rootfs)
# now emulate the EXEql.run()
if__name__=="__main__":
# execute Windows EXE under our rootfsmy_sandbox(["c:\\users\\internet\\qiling\\examples\\rootfs\\x86_windows\\bin\\x86_hello.exe"], "c:\\users\internet\\qiling\\examples\\rootfs\\x86_windows")
I get
Possible file format: MS-DOS executable (EXE) (C:\Users\internet\Downloads\IDAPro7.6\loaders\dos.dll)
Possible file format: Portable executable for 80386 (PE) (C:\Users\internet\Downloads\IDAPro7.6\loaders\pe.dll)
bytes pages size description
--------- ----- ---- --------------------------------------------
524288 64 8192 allocating memory for b-tree...
65536 8 8192 allocating memory for virtual array...
262144 32 8192 allocating memory for name pointers...
-----------------------------------------------------------------
851968 total memory allocated
Loading processor module C:\Users\internet\Downloads\IDAPro7.6\procs\pc.dll for metapc...Initializing processor module metapc...OK
Autoanalysis subsystem has been initialized.
Loading file 'C:\Users\internet\Downloads\x86_hello.exe' into database...
Detected file format: Portable executable for 80386 (PE)
0. Creating a new segment (00401000-00402000) ... ... OK
1. Creating a new segment (00402000-00403000) ... ... OK
2. Creating a new segment (00403000-00404000) ... ... OK
3. Creating a new segment (00404000-00405000) ... ... OK
4. Creating a new segment (00405000-00406000) ... ... OK
5. Creating a new segment (00406000-00407000) ... ... OK
6. Creating a new segment (00407000-00408000) ... ... OK
7. Creating a new segment (00408000-00409000) ... ... OK
Reading imports directory...
Assuming __cdecl calling convention by default
Plan FLIRT signature: GCC (mingw/cygwin) v3.4 runtime
main() function at 401C10, named "_main"
Type library 'mssdk_win7' loaded. Applying types...
Types applied to 28 names.
Marking typical code sequences...
Flushing buffers, please wait...ok
File 'C:\Users\internet\Downloads\x86_hello.exe' has been successfully loaded into the database.
Hex-Rays Decompiler plugin has been loaded (v7.6.0.210427)
License: xxxx
The hotkeys are F5: decompile, Ctrl-F5: decompile all.
Please check the Edit/Plugins menu for more informaton.
[INFO][qilinqida:1002] ---------------------------------------------------------------------------------------
[INFO][qilinqida:1003] Qiling Emulator Plugin For IDA, by Qiling Team. Version 1.4.7.dev0, 2020
[INFO][qilinqida:1004] Based on Qiling v1.4.7.dev0
[INFO][qilinqida:1005] Find more information about Qiling at https://qiling.io
[INFO][qilinqida:1006] ---------------------------------------------------------------------------------------
IDA is analysing the input file...
You may start to explore the input file right now.
[INFO][qilinqida:1017] UI is ready, register our menu actions.
[INFO][qilinqida:1012] Registering actions.
-------------------------------------------------------------------------------------------
Python 3.10.11 (tags/v3.10.11:7d4cc5a, Apr 5 2023, 00:38:17) [MSC v.1929 64 bit (AMD64)]
IDAPython v7.4.0 final (serial 0) (c) The IDAPython Team <[email protected]>
-------------------------------------------------------------------------------------------
Using FLIRT signature: GCC (mingw/cygwin) v3.4 runtime
Propagating type information...
Function argument information has been propagated
The initial autoanalysis has been finished.
[INFO][qilinqida:2066] ['C:\\Users\\internet\\Downloads\\x86_hello.exe']
[INFO][qilinqida:1032] Rootfs: C:\Users\internet\qiling\examples\rootfs
[INFO][qilinqida:1033] Custom user script: C:\Users\internet\qiling\examples\demo.py
[INFO][qilinqida:1034] Custom env: {}
[+] Profile: default
[+] Mapping GDT at 0x30000 with limit 0x1000
[+] Loading Windows registry hive from C:\Users\internet\qiling\examples\rootfs\Windows\registry
[=] Initiate stack address at 0xfffdd000
[=] Loading C:\Users\internet\Downloads\x86_hello.exe to 0x400000
[=] PE entry point at 0x401280
[=] TEB is at 0x6000
[=] PEB is at 0x61b0
[=] LDR is at 0x6630
[=] Loading ntdll.dll ...
[+] Warnings while loading ntdll.dll:
[+] - SizeOfHeaders is smaller than AddressOfEntryPoint: this file cannot run under Windows 8.
[+] - AddressOfEntryPoint lies outside the sections' boundaries. AddressOfEntryPoint: 0x0
[+] - Failed parsing FunctionEntry of UNWIND_INFO at 16b85c: 'Chained function entry cannot be changed'
[+] - Failed parsing FunctionEntry of UNWIND_INFO at 16b898: 'Chained function entry cannot be changed'
[+] DLL preferred base address: 0x180000000
[+] DLL preferred base address exceeds memory upper bound, loading to: 0x10000000
[+] Init imports for ntdll.dll
[=] Done loading ntdll.dll
[=] Loading kernel32.dll ...
[+] DLL preferred base address: 0x180000000
[+] DLL preferred base address exceeds memory upper bound, loading to: 0x10200000
[+] Init imports for kernel32.dll
[+] Requesting imports from api-ms-win-core-rtlsupport-l1-1-0.dll
[+] Redirecting api-ms-win-core-rtlsupport-l1-1-0.dll to ntdll.dll
[+] Requesting imports from ntdll.dll
[+] Requesting imports from kernelbase.dll
[=] Loading kernelbase.dll ...
[+] DLL preferred base address: 0x180000000
[+] DLL preferred base address exceeds memory upper bound, loading to: 0x102d0000
[+] Init imports for kernelbase.dll
[+] Requesting imports from ntdll.dll
[+] Requesting imports from api-ms-win-eventing-provider-l1-1-0.dll
[+] Redirecting api-ms-win-eventing-provider-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-apiquery-l1-1-0.dll
[+] Redirecting api-ms-win-core-apiquery-l1-1-0.dll to ntdll.dll
[+] Requesting imports from api-ms-win-core-apiquery-l1-1-1.dll
[+] Redirecting api-ms-win-core-apiquery-l1-1-1.dll to ntdll.dll
[+] Ignoring kernelbase.dll entry point
[=] Done loading kernelbase.dll
[+] Requesting imports from api-ms-win-core-processthreads-l1-1-0.dll
[+] Redirecting api-ms-win-core-processthreads-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-processthreads-l1-1-3.dll
[+] Redirecting api-ms-win-core-processthreads-l1-1-3.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-processthreads-l1-1-2.dll
[+] Redirecting api-ms-win-core-processthreads-l1-1-2.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-processthreads-l1-1-1.dll
[+] Redirecting api-ms-win-core-processthreads-l1-1-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-registry-l1-1-0.dll
[+] Redirecting api-ms-win-core-registry-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-heap-l1-1-0.dll
[+] Redirecting api-ms-win-core-heap-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-heap-l2-1-0.dll
[+] Redirecting api-ms-win-core-heap-l2-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-memory-l1-1-1.dll
[+] Redirecting api-ms-win-core-memory-l1-1-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-memory-l1-1-0.dll
[+] Redirecting api-ms-win-core-memory-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-memory-l1-1-2.dll
[+] Redirecting api-ms-win-core-memory-l1-1-2.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-handle-l1-1-0.dll
[+] Redirecting api-ms-win-core-handle-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-synch-l1-1-0.dll
[+] Redirecting api-ms-win-core-synch-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-synch-l1-2-1.dll
[+] Redirecting api-ms-win-core-synch-l1-2-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-synch-l1-2-0.dll
[+] Redirecting api-ms-win-core-synch-l1-2-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-file-l1-1-0.dll
[+] Redirecting api-ms-win-core-file-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-file-l1-2-0.dll
[+] Redirecting api-ms-win-core-file-l1-2-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-file-l1-2-2.dll
[+] Redirecting api-ms-win-core-file-l1-2-2.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-file-l1-2-1.dll
[+] Redirecting api-ms-win-core-file-l1-2-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-delayload-l1-1-0.dll
[+] Redirecting api-ms-win-core-delayload-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-io-l1-1-0.dll
[+] Redirecting api-ms-win-core-io-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-io-l1-1-1.dll
[+] Redirecting api-ms-win-core-io-l1-1-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-job-l1-1-0.dll
[+] Redirecting api-ms-win-core-job-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-threadpool-legacy-l1-1-0.dll
[+] Redirecting api-ms-win-core-threadpool-legacy-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-threadpool-private-l1-1-0.dll
[+] Redirecting api-ms-win-core-threadpool-private-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-largeinteger-l1-1-0.dll
[+] Redirecting api-ms-win-core-largeinteger-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-libraryloader-l1-2-2.dll
[+] Redirecting api-ms-win-core-libraryloader-l1-2-2.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-libraryloader-l1-2-0.dll
[+] Redirecting api-ms-win-core-libraryloader-l1-2-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-libraryloader-l1-2-1.dll
[+] Redirecting api-ms-win-core-libraryloader-l1-2-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-libraryloader-l2-1-0.dll
[+] Redirecting api-ms-win-core-libraryloader-l2-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-namedpipe-l1-2-2.dll
[+] Redirecting api-ms-win-core-namedpipe-l1-2-2.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-namedpipe-l1-1-0.dll
[+] Redirecting api-ms-win-core-namedpipe-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-namedpipe-l1-2-1.dll
[+] Redirecting api-ms-win-core-namedpipe-l1-2-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-datetime-l1-1-0.dll
[+] Redirecting api-ms-win-core-datetime-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-datetime-l1-1-1.dll
[+] Redirecting api-ms-win-core-datetime-l1-1-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-datetime-l1-1-2.dll
[+] Redirecting api-ms-win-core-datetime-l1-1-2.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-sysinfo-l1-2-0.dll
[+] Redirecting api-ms-win-core-sysinfo-l1-2-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-sysinfo-l1-1-0.dll
[+] Redirecting api-ms-win-core-sysinfo-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-sysinfo-l1-2-3.dll
[+] Redirecting api-ms-win-core-sysinfo-l1-2-3.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-sysinfo-l1-2-1.dll
[+] Redirecting api-ms-win-core-sysinfo-l1-2-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-timezone-l1-1-0.dll
[+] Redirecting api-ms-win-core-timezone-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-localization-l1-2-0.dll
[+] Redirecting api-ms-win-core-localization-l1-2-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-processsnapshot-l1-1-0.dll
[+] Redirecting api-ms-win-core-processsnapshot-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-processenvironment-l1-1-0.dll
[+] Redirecting api-ms-win-core-processenvironment-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-processenvironment-l1-2-0.dll
[+] Redirecting api-ms-win-core-processenvironment-l1-2-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-string-l1-1-0.dll
[+] Redirecting api-ms-win-core-string-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-debug-l1-1-1.dll
[+] Redirecting api-ms-win-core-debug-l1-1-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-debug-l1-1-0.dll
[+] Redirecting api-ms-win-core-debug-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-errorhandling-l1-1-0.dll
[+] Redirecting api-ms-win-core-errorhandling-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-errorhandling-l1-1-3.dll
[+] Redirecting api-ms-win-core-errorhandling-l1-1-3.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-fibers-l1-1-0.dll
[+] Redirecting api-ms-win-core-fibers-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-util-l1-1-0.dll
[+] Redirecting api-ms-win-core-util-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-profile-l1-1-0.dll
[+] Redirecting api-ms-win-core-profile-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-security-base-l1-1-0.dll
[+] Redirecting api-ms-win-security-base-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-security-base-l1-2-0.dll
[+] Redirecting api-ms-win-security-base-l1-2-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-security-appcontainer-l1-1-0.dll
[+] Redirecting api-ms-win-security-appcontainer-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-comm-l1-1-0.dll
[+] Redirecting api-ms-win-core-comm-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-realtime-l1-1-0.dll
[+] Redirecting api-ms-win-core-realtime-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-wow64-l1-1-1.dll
[+] Redirecting api-ms-win-core-wow64-l1-1-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-wow64-l1-1-0.dll
[+] Redirecting api-ms-win-core-wow64-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-wow64-l1-1-3.dll
[+] Redirecting api-ms-win-core-wow64-l1-1-3.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-systemtopology-l1-1-1.dll
[+] Redirecting api-ms-win-core-systemtopology-l1-1-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-systemtopology-l1-1-0.dll
[+] Redirecting api-ms-win-core-systemtopology-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-processtopology-l1-1-0.dll
[+] Redirecting api-ms-win-core-processtopology-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-namespace-l1-1-0.dll
[+] Redirecting api-ms-win-core-namespace-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-file-l2-1-2.dll
[+] Redirecting api-ms-win-core-file-l2-1-2.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-file-l2-1-0.dll
[+] Redirecting api-ms-win-core-file-l2-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-file-l2-1-3.dll
[+] Redirecting api-ms-win-core-file-l2-1-3.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-file-l2-1-1.dll
[+] Redirecting api-ms-win-core-file-l2-1-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-xstate-l2-1-0.dll
[+] Redirecting api-ms-win-core-xstate-l2-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-xstate-l2-1-1.dll
[+] Redirecting api-ms-win-core-xstate-l2-1-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-localization-l2-1-0.dll
[+] Redirecting api-ms-win-core-localization-l2-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-normalization-l1-1-0.dll
[+] Redirecting api-ms-win-core-normalization-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-fibers-l2-1-0.dll
[+] Redirecting api-ms-win-core-fibers-l2-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-fibers-l2-1-1.dll
[+] Redirecting api-ms-win-core-fibers-l2-1-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-localization-private-l1-1-0.dll
[+] Redirecting api-ms-win-core-localization-private-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-sidebyside-l1-1-0.dll
[+] Redirecting api-ms-win-core-sidebyside-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-appcompat-l1-1-0.dll
[+] Redirecting api-ms-win-core-appcompat-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-windowserrorreporting-l1-1-0.dll
[+] Redirecting api-ms-win-core-windowserrorreporting-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-windowserrorreporting-l1-1-3.dll
[+] Redirecting api-ms-win-core-windowserrorreporting-l1-1-3.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-windowserrorreporting-l1-1-1.dll
[+] Redirecting api-ms-win-core-windowserrorreporting-l1-1-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-windowserrorreporting-l1-1-2.dll
[+] Redirecting api-ms-win-core-windowserrorreporting-l1-1-2.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-console-l1-1-0.dll
[+] Redirecting api-ms-win-core-console-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-console-l1-2-0.dll
[+] Redirecting api-ms-win-core-console-l1-2-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-console-l1-2-1.dll
[+] Redirecting api-ms-win-core-console-l1-2-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-console-l2-1-0.dll
[+] Redirecting api-ms-win-core-console-l2-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-console-l2-2-0.dll
[+] Redirecting api-ms-win-core-console-l2-2-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-console-l3-2-0.dll
[+] Redirecting api-ms-win-core-console-l3-2-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-psapi-l1-1-0.dll
[+] Redirecting api-ms-win-core-psapi-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-psapi-ansi-l1-1-0.dll
[+] Redirecting api-ms-win-core-psapi-ansi-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-eventing-provider-l1-1-0.dll
[+] Redirecting api-ms-win-eventing-provider-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-apiquery-l1-1-0.dll
[+] Redirecting api-ms-win-core-apiquery-l1-1-0.dll to ntdll.dll
[+] Requesting imports from api-ms-win-core-delayload-l1-1-1.dll
[+] Redirecting api-ms-win-core-delayload-l1-1-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-appcompat-l1-1-1.dll
[+] Redirecting api-ms-win-core-appcompat-l1-1-1.dll to kernelbase.dll
[+] Ignoring kernel32.dll entry point
[=] Done loading kernel32.dll
[=] Loading mscoree.dll ...
[+] DLL preferred base address: 0x180000000
[+] DLL preferred base address exceeds memory upper bound, loading to: 0x105d0000
[+] Init imports for mscoree.dll
[+] Requesting imports from kernel32.dll
[=] Calling mscoree.dll DllMain at 0x105fbd50
[x] Error encountered while running mscoree.dll DllMain, bailing
[=] Done loading mscoree.dll
[=] Loading ucrtbase.dll ...
[+] DLL preferred base address: 0x180000000
[+] DLL preferred base address exceeds memory upper bound, loading to: 0x10640000
[+] Init imports for ucrtbase.dll
[+] Requesting imports from api-ms-win-core-errorhandling-l1-1-0.dll
[+] Redirecting api-ms-win-core-errorhandling-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-heap-l1-1-0.dll
[+] Redirecting api-ms-win-core-heap-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-processthreads-l1-1-0.dll
[+] Redirecting api-ms-win-core-processthreads-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-libraryloader-l1-1-0.dll
[+] Redirecting api-ms-win-core-libraryloader-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-synch-l1-1-0.dll
[+] Redirecting api-ms-win-core-synch-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-debug-l1-1-0.dll
[+] Redirecting api-ms-win-core-debug-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-processenvironment-l1-1-0.dll
[+] Redirecting api-ms-win-core-processenvironment-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-file-l1-1-0.dll
[+] Redirecting api-ms-win-core-file-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-string-l1-1-0.dll
[+] Redirecting api-ms-win-core-string-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-localization-l1-2-0.dll
[+] Redirecting api-ms-win-core-localization-l1-2-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-datetime-l1-1-0.dll
[+] Redirecting api-ms-win-core-datetime-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-sysinfo-l1-1-0.dll
[+] Redirecting api-ms-win-core-sysinfo-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-rtlsupport-l1-1-0.dll
[+] Redirecting api-ms-win-core-rtlsupport-l1-1-0.dll to ntdll.dll
[+] Requesting imports from api-ms-win-core-processthreads-l1-1-1.dll
[+] Redirecting api-ms-win-core-processthreads-l1-1-1.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-console-l1-1-0.dll
[+] Redirecting api-ms-win-core-console-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-handle-l1-1-0.dll
[+] Redirecting api-ms-win-core-handle-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-file-l1-2-0.dll
[+] Redirecting api-ms-win-core-file-l1-2-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-namedpipe-l1-1-0.dll
[+] Redirecting api-ms-win-core-namedpipe-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-timezone-l1-1-0.dll
[+] Redirecting api-ms-win-core-timezone-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-file-l2-1-0.dll
[+] Redirecting api-ms-win-core-file-l2-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-synch-l1-2-0.dll
[+] Redirecting api-ms-win-core-synch-l1-2-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-profile-l1-1-0.dll
[+] Redirecting api-ms-win-core-profile-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-memory-l1-1-0.dll
[+] Redirecting api-ms-win-core-memory-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-util-l1-1-0.dll
[+] Redirecting api-ms-win-core-util-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-interlocked-l1-1-0.dll
[+] Redirecting api-ms-win-core-interlocked-l1-1-0.dll to kernelbase.dll
[=] Done loading ucrtbase.dll
[+] Init imports for C:\Users\internet\Downloads\x86_hello.exe
[+] Requesting imports from kernel32.dll
[+] Requesting imports from msvcrt.dll
[=] Loading msvcrt.dll ...
[+] DLL preferred base address: 0x110100000
[+] DLL preferred base address exceeds memory upper bound, loading to: 0x10740000
[+] Init imports for msvcrt.dll
[+] Requesting imports from ntdll.dll
[+] Requesting imports from api-ms-win-core-console-l1-1-0.dll
[+] Redirecting api-ms-win-core-console-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-console-l1-2-0.dll
[+] Redirecting api-ms-win-core-console-l1-2-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-datetime-l1-1-0.dll
[+] Redirecting api-ms-win-core-datetime-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-debug-l1-1-0.dll
[+] Redirecting api-ms-win-core-debug-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-errorhandling-l1-1-0.dll
[+] Redirecting api-ms-win-core-errorhandling-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-fibers-l1-1-0.dll
[+] Redirecting api-ms-win-core-fibers-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-file-l1-1-0.dll
[+] Redirecting api-ms-win-core-file-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-handle-l1-1-0.dll
[+] Redirecting api-ms-win-core-handle-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-heap-l1-1-0.dll
[+] Redirecting api-ms-win-core-heap-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-localization-l1-2-0.dll
[+] Redirecting api-ms-win-core-localization-l1-2-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-libraryloader-l1-2-0.dll
[+] Redirecting api-ms-win-core-libraryloader-l1-2-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-memory-l1-1-0.dll
[+] Redirecting api-ms-win-core-memory-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-namedpipe-l1-1-0.dll
[+] Redirecting api-ms-win-core-namedpipe-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-processenvironment-l1-1-0.dll
[+] Redirecting api-ms-win-core-processenvironment-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-processthreads-l1-1-0.dll
[+] Redirecting api-ms-win-core-processthreads-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-profile-l1-1-0.dll
[+] Redirecting api-ms-win-core-profile-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-string-l1-1-0.dll
[+] Redirecting api-ms-win-core-string-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-synch-l1-1-0.dll
[+] Redirecting api-ms-win-core-synch-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-synch-l1-2-0.dll
[+] Redirecting api-ms-win-core-synch-l1-2-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-sysinfo-l1-1-0.dll
[+] Redirecting api-ms-win-core-sysinfo-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from api-ms-win-core-util-l1-1-0.dll
[+] Redirecting api-ms-win-core-util-l1-1-0.dll to kernelbase.dll
[+] Requesting imports from kernelbase.dll
[=] Done loading msvcrt.dll
[+] Error in loading function __p__environ (msvcrt.dll)
[+] Error in loading function __p__fmode (msvcrt.dll)
[+] Done loading C:\Users\internet\Downloads\x86_hello.exe
[INFO][(unknown file):0] Qiling is initialized successfully.
[INFO][(unknown file):0] C:\Users\internet\qiling\examples
[INFO][(unknown file):0] demo.py
[INFO][(unknown file):0] demo
[ERROR][(unknown file):0]
Traceback (most recent call last):
File "C:/Users/internet/Downloads/IDAPro7.6/plugins/qilinqida.py", line 2032, in get_user_scripts_obj
cls = getattr(module, classname)
AttributeError: module 'demo' has no attribute 'QILING_IDA'
[INFO][(unknown file):0] Custom user script not found.
Traceback (most recent call last):
File "C:/Users/internet/Downloads/IDAPro7.6/plugins/qilinqida.py", line 810, in activate
self.action_handler.ql_handle_menu_action(self.action_type)
File "C:/Users/internet/Downloads/IDAPro7.6/plugins/qilinqida.py", line 2098, in ql_handle_menu_action
[x.handler() for x in self.menuitems if x.action == action]
File "C:/Users/internet/Downloads/IDAPro7.6/plugins/qilinqida.py", line 2098, in <listcomp>
[x.handler() for x in self.menuitems if x.action == action]
File "C:/Users/internet/Downloads/IDAPro7.6/plugins/qilinqida.py", line 1045, in ql_start
self.userobj.custom_prepare(self.qlemu.ql)
AttributeError: 'NoneType' object has no attribute 'custom_prepare'
What do I wrong?
Thank you.
The text was updated successfully, but these errors were encountered:
Ida pro SP1 (7.6.210427 Windows x64 (32-bit address size)
Windows 10 22H2
qiling 1.4.6
Python 3.10.11
IDAPython v7.4.0 final (serial 0)
Trying to run qiling on example\rootfs\x86_windows\bin\x86_hello.exe
with demo.py
I get
What do I wrong?
Thank you.
The text was updated successfully, but these errors were encountered: