From blog.lazym.io
|-------| |---------|
|Program| <-------> | Binary |
| OS | <-------> | Qiling |
| CPU | <-------> | Unicorn |
|-------| |---------|
Native app Emulated app
Analyzing a real mode binary like DOS executables or MBR code is never an easy task. The best approach we have is to utilize Bochs, QEMU or Dosbox to emulate such binaries with some debuggers like gdb, debug.exe and IDA Pro. But that’s the situation before Qiling Framework. Now we proudly annouce the 16bit emulation support of Qiling Framework, shipped with the ability to analyze the binary in multiple dimensions.
This post will serve as an introduction of how real mode emulation is implemented as well as a basic tutorial of the whole Qiling Framework.