QBDI can be installed using our prebuilt packages, docker images or from the source. For a more relaxing experience, we recommend using the stable release’s prebuilt packages, following per-platform steps detailed on this page. The docker images is recommended for the x86 to have a full environment in 32bits. In order to install from source please refer to the developer documentation: Compilation From Source.
Using Pre-Built Packages¶
The package x86 can be incompatible with the package x86_64.
Two different kinds of packages exist:
- systemwide installation packages
- archive packages
Systemwide packages install headers and binaries in system directories. Archives are created to be extracted and used in a local folder. They are provided for targets where systemwide install is not supported yet or doesn’t make sense (like cross-compiled targets).
Debian / Ubuntu¶
Debian and Ubuntu packages are provided for stable and LTS releases, and can be installed using
$ dpkg -i QBDI-*-*-X86_64.deb
Archlinux packages can be installed using
$ pacman -U QBDI-*-*-X86_64.tar.xz
A software installer is provided for macOS. Opening the
.pkg in Finder and following the
instructions should install QBDI seamlessly.
A software installer is provided for Windows. Running the
.exe and following the instructions
should install QBDI seamlessly.
Do not modify the default installation path. If you do so you will need to fix frida-qbdi.js with the new path.
The docker image is available in Docker Hub. The image is minimal and does not contain any compiler. You need to install the needed application or adapt the following dockerfile.
FROM qbdi/qbdi:x86_ubuntu ENV USER="docker" \ HOME="/home/docker" # install some needed tools RUN apt-get update && \ apt-get upgrade -y && \ apt-get install -y \ build-essential \ cmake \ libstdc++-8-dev \ zlib1g-dev \ python \ python-dev \ #gdb \ #vim \ sudo \ bash && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* # create a user RUN adduser --disabled-password --gecos '' $USER && \ adduser $USER sudo && \ echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers # switch to new user USER $USER WORKDIR $HOME # TODO : Add yours needed files #ADD --chown=$USER . $HOME/ CMD ["/bin/bash"]
To run the container, we recommend allowing the usage of PTRACE that is necessary to use QBDIPreload.
$ docker run -it --rm --cap-add=SYS_PTRACE --security-opt seccomp:unconfined <image> bash
Testing Your Installation¶
A QBDI template project is distributed along binaries and headers. On archive package targets, it is
located in the
template root-directory. On systemwide targets, a shell command is provided to
populate a directory with this template:
$ mkdir test $ cd test $ qbdi-template
The template consists in a sample annotated source code with a basic CMake build script. A
README is also provided with simple steps to compile the template. Successful compilation of
the template and execution of the resulting binary should produce something similar:
$ ./qbdi_template 0x556a4a023e0a: push rbp 0x556a4a023e0b: mov rbp, rsp 0x556a4a023e0e: mov dword ptr [rbp - 4], edi 0x556a4a023e11: mov eax, dword ptr [rbp - 4] 0x556a4a023e14: xor eax, 92 0x556a4a023e17: pop rbp 0x556a4a023e18: ret [*] retval=0x2c6