Installation

QBDI can be installed using our prebuilt packages, docker images or from the source. For a more relaxing experience, we recommend using the stable release’s prebuilt packages, following per-platform steps detailed on this page. The docker images is recommended for the x86 to have a full environment in 32bits. In order to install from source please refer to the developer documentation: Compilation From Source.

Using Pre-Built Packages

Warning

The package x86 can be incompatible with the package x86_64.

Two different kinds of packages exist:

  • systemwide installation packages
  • archive packages

Systemwide packages install headers and binaries in system directories. Archives are created to be extracted and used in a local folder. They are provided for targets where systemwide install is not supported yet or doesn’t make sense (like cross-compiled targets).

Debian / Ubuntu

Debian and Ubuntu packages are provided for stable and LTS releases, and can be installed using dpkg:

$ dpkg -i QBDI-*-*-X86_64.deb

Arch Linux

Archlinux packages can be installed using pacman:

$ pacman -U QBDI-*-*-X86_64.tar.xz

macOS

A software installer is provided for macOS. Opening the .pkg in Finder and following the instructions should install QBDI seamlessly.

Windows

A software installer is provided for Windows. Running the .exe and following the instructions should install QBDI seamlessly.

Warning

Do not modify the default installation path. If you do so you will need to fix frida-qbdi.js with the new path.

Docker

The docker image is available in Docker Hub. The image is minimal and does not contain any compiler. You need to install the needed application or adapt the following dockerfile.

FROM qbdi/qbdi:x86_ubuntu

ENV USER="docker" \
    HOME="/home/docker"

# install some needed tools
RUN apt-get update && \
    apt-get upgrade -y && \
    apt-get install -y \
        build-essential \
        cmake \
        libstdc++-8-dev \
        zlib1g-dev \
        python \
        python-dev \
        #gdb \
        #vim \
        sudo \
        bash && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# create a user
RUN adduser --disabled-password --gecos '' $USER && \
    adduser $USER sudo && \
    echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers

# switch to new user
USER $USER
WORKDIR $HOME

# TODO : Add yours needed files
#ADD --chown=$USER . $HOME/

CMD ["/bin/bash"]

To run the container, we recommend allowing the usage of PTRACE that is necessary to use QBDIPreload.

$ docker run -it --rm --cap-add=SYS_PTRACE --security-opt seccomp:unconfined <image> bash

Testing Your Installation

A QBDI template project is distributed along binaries and headers. On archive package targets, it is located in the template root-directory. On systemwide targets, a shell command is provided to populate a directory with this template:

$ mkdir test
$ cd test
$ qbdi-template

The template consists in a sample annotated source code with a basic CMake build script. A README is also provided with simple steps to compile the template. Successful compilation of the template and execution of the resulting binary should produce something similar:

$ ./qbdi_template
0x556a4a023e0a:     push    rbp
0x556a4a023e0b:     mov rbp, rsp
0x556a4a023e0e:     mov dword ptr [rbp - 4], edi
0x556a4a023e11:     mov eax, dword ptr [rbp - 4]
0x556a4a023e14:     xor eax, 92
0x556a4a023e17:     pop rbp
0x556a4a023e18:     ret
[*] retval=0x2c6