QBDI Documentation
QuarkslaB Dynamic binary Instrumentation (QBDI) is a modular, cross-platform and cross-architecture DBI framework. It aims to support Linux, macOS, Android, iOS and Windows operating systems running on x86, x86-64, ARM and AArch64 architectures. In addition of C/C++ API, Python and JS/frida bindings are available to script QBDI. Information about what is a DBI framework and how QBDI works can be found in the documentation introduction.
QBDI modularity means it doesn’t contain a preferred injection method and it is designed to be
used in conjunction with an external injection tool. QBDI includes a tiny (LD_PRELOAD
based)
Linux and macOS injector for dynamic executables (QBDIPreload).
QBDI is also fully integrated with Frida, a reference dynamic instrumentation toolkit,
allowing anybody to use their combined powers.
A current limitation is that QBDI doesn’t handle signals, multithreading (it doesn’t deal with new threads creation) and C++ exception mechanisms. However, those system-dependent features will probably not be part of the core library (KISS), and should be integrated as a new layer (to be determined how).
Status
CPU |
Operating Systems |
Execution |
Memory Access Information |
---|---|---|---|
x86-64 |
Android, Linux, macOS, Windows |
Supported |
Supported |
x86 |
Android, Linux, macOS, Windows |
Supported |
Supported |
ARM |
Android, Linux |
Supported (*) |
Supported (*) |
AArch64 |
Android, Linux, macOS |
Supported (*) |
Supported (*) |
* The ARM and AArch64 instruction sets are supported but in early support.
stable
dev