Zelos : A Comprehensive Binary Emulation Platform

Zelos is a comprehensive binary emulation platform. It (Zeropoint Emulated Lightweight Operating System) is a python-based binary emulation platform.

One use of it is to quickly assess the dynamic behavior of binaries via command-line or python scripts.

All syscalls are emulated to isolate the target binary. Linux x86_64 (32- and 64-bit), ARM and MIPS binaries are supported. Unicorn provides CPU emulation.

Full documentation is available here.

Installation

Use the package manager pip to install the tool.

Also Read – Sifter : A Osint, Recon & Vulnerability Scanner

pip install zelos

Basic Usage

Command-line:

To emulate a binary with default options:

$ zelos my_binary

To view the instructions that are being executed, add the -v flag:

$ zelos -v my_binary

You can print only the first time each instruction is executed, rather than every execution, using --fasttrace:

$ zelos -v –fasttrace my_binary

By default, syscalls are emitted on stdout. To write syscalls to a file instead, use the --strace flag:

$ zelos –strace path/to/file my_binary

Specify any command line arguments after the binary name:

$ zelos my_binary arg1 arg2

Programmatic

import zelos

z = zelos.Zelos(“my_binary”)
z.start(timeout=3)

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

Local Development Environment

First, create a new python virtual environment. This will ensure no package version conflicts arise:

$ python3 -m venv ~/.venv/zelos
$ source ~/.venv/zelos/bin/activate

Now clone the repository and change into the zelos directory:

(zelos) $ git clone git@github.com:zeropointdynamics/zelos.git
(zelos) $ cd zelos

Install an editable version of it into the virtual environment. This makes import zelos available, and any local changes to it will be effective immediately:

(zelos) $ pip install -e ‘.[dev]’

At this point, tests should pass and documentation should build:

(zelos) $ pytest
(zelos) $ cd docs
(zelos) $ make html

Built documentation is found in docs/_build/html/.

Install it to pre-commit hooks to ensure code style compliance:

(zelos) $ pre-commit install

In addition to automatically running every commit, you can run them anytime with:

(zelos) $ pre-commit run –all-files

Windows Development:

Commands vary slightly on Windows:

C:> python3 -m venv zelos_venv
C:> zelos_venv\Scripts\activate.bat
(zelos) C:> pip install -e .[dev]

R K

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

2 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago