QuarkslaB Dynamic binary Instrumentation (QBDI) is a modular, cross-platform and cross-architecture DBI framework. It aims to support Linux, macOS, Android, iOS and Windows operating systems running on x86, x86-64, ARM and AArch64 architectures. In addition of C/C++ API, Python and JS/frida bindings are available to script QBDI. Information about what is a DBI framework and how QBDI works can be found in the documentation introduction.
QBDI modularity means it doesn't contain a preferred injection method and it is designed to be
used in conjunction with an external injection tool. QBDI includes a tiny (LD_PRELOAD based)
Linux and macOS injector for dynamic executables (QBDIPreload).
QBDI is also fully integrated with Frida, a reference dynamic instrumentation toolkit,
allowing anybody to use their combined powers.
A current limitation is that QBDI doesn't handle signals, multithreading (it doesn't deal with new threads creation) and C++ exception mechanisms. However, those system-dependent features will probably not be part of the core library (KISS), and should be integrated as a new layer (to be determined how).
| CPU | Operating Systems | Execution | Memory Access Information |
|---|---|---|---|
| x86-64 | Android, Linux, macOS, Windows | Supported | Supported |
| x86 | Android, Linux, macOS, Windows | Supported | Supported |
| ARM | Android, Linux | Supported (*) | Supported (*) |
| AArch64 | Android, Linux, macOS | Supported (*) | Supported (*) |
* The ARM and AArch64 instruction sets are supported but in early support.
PyQBDI is available through PyPI. The wheel package can be either downloaded or installed with the following command:
pip install PyQBDI
The PyQBDI package is self-contained so completely independent from the C/C++ package.
There is no strict development timeline or scheduled release plan for the QBDI project.
All the new features and fixes are merged onto the dev-next branch.
Devel packages can be downloaded in the artefacts of:
- Github Actions for Linux PyQBDI
- Github Actions for OSX PyQBDI
- Github Actions for windows PyQBDI
The PyQDBI library (apart from the wheel package) can be built by solely passing the '-DQBDI_TOOLS_PYQBDI=ON' option to the CMake build system.
However, if you want to build the wheel package, you can run these commands:
git clone https://github.com/QBDI/QBDI.git python -m pip install --upgrade pip python -m pip install setuptools wheel build python -m build -w
A 32-bit version of Python is mandatory for the X86 architecture whereas a 64-bit one is required for the X86-64 architecture.