QuarkslaB Dynamic binary Instrumentation (QBDI) is a modular, cross-platform and cross-architecture DBI framework. It aims to support Linux, macOS, Android, iOS and Windows operating systems running on x86, x86-64, ARM and AArch64 architectures. Information about what is a DBI framework and how QBDI works can be found in the user documentation introduction (User Documentation).
QBDI modularity means it doesn’t contain a preferred injection method and it is designed to be
used in conjunction with an external injection tool. QBDI includes a tiny (
Linux and macOS injector for dynamic executables (QBDIPreload), which acts as the foundation for our
Python bindings (pyQBDI).
QBDI is also fully integrated with Frida, a reference dynamic instrumentation toolkit,
allowing anybody to use their combined powers.
x86-64 support is mature (even if SIMD memory access are not yet reported). The support of x86 is new and some bug may occur. ARM architecture is a work in progress but already sufficient to execute simple CLI program like ls or cat. AArch64 is planned, but currently unsupported.
A current limitation is that QBDI doesn’t handle signals, multithreading (it doesn’t deal with new threads creation) and C++ exception mechanisms. However, those system-dependent features will probably not be part of the core library (KISS), and should be integrated as a new layer (to be determined how).
|CPU||Operating Systems||Execution||Memory Access Information|
|x86-64||Android, Linux, macOS, Windows||Supported||Partial (only non SIMD)|
|x86||Android, Linux, macOS, Windows||Supported||Partial (only non SIMD)|
|ARM||Linux, Android, iOS||Planned (*)||Planned (*)|
|AArch64||Android||Planned (*)||Planned (*)|
The ARM and AArch64 instruction sets are supported but they still need to be integrated along with x86 and x86-64.
- User Documentation
- Developer Documentation