Zelos : A Comprehensive Binary Emulation Platform

Zelos is a comprehensive binary emulation platform. It (Zeropoint Emulated Lightweight Operating System) is a python-based binary emulation platform.

One use of it is to quickly assess the dynamic behavior of binaries via command-line or python scripts.

All syscalls are emulated to isolate the target binary. Linux x86_64 (32- and 64-bit), ARM and MIPS binaries are supported. Unicorn provides CPU emulation.

Full documentation is available here.

Installation

Use the package manager pip to install the tool.

Also Read – Sifter : A Osint, Recon & Vulnerability Scanner

pip install zelos

Basic Usage

Command-line:

To emulate a binary with default options:

$ zelos my_binary

To view the instructions that are being executed, add the -v flag:

$ zelos -v my_binary

You can print only the first time each instruction is executed, rather than every execution, using --fasttrace:

$ zelos -v –fasttrace my_binary

By default, syscalls are emitted on stdout. To write syscalls to a file instead, use the --strace flag:

$ zelos –strace path/to/file my_binary

Specify any command line arguments after the binary name:

$ zelos my_binary arg1 arg2

Programmatic

import zelos

z = zelos.Zelos(“my_binary”)
z.start(timeout=3)

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

Local Development Environment

First, create a new python virtual environment. This will ensure no package version conflicts arise:

$ python3 -m venv ~/.venv/zelos
$ source ~/.venv/zelos/bin/activate

Now clone the repository and change into the zelos directory:

(zelos) $ git clone git@github.com:zeropointdynamics/zelos.git
(zelos) $ cd zelos

Install an editable version of it into the virtual environment. This makes import zelos available, and any local changes to it will be effective immediately:

(zelos) $ pip install -e ‘.[dev]’

At this point, tests should pass and documentation should build:

(zelos) $ pytest
(zelos) $ cd docs
(zelos) $ make html

Built documentation is found in docs/_build/html/.

Install it to pre-commit hooks to ensure code style compliance:

(zelos) $ pre-commit install

In addition to automatically running every commit, you can run them anytime with:

(zelos) $ pre-commit run –all-files

Windows Development:

Commands vary slightly on Windows:

C:> python3 -m venv zelos_venv
C:> zelos_venv\Scripts\activate.bat
(zelos) C:> pip install -e .[dev]

R K

Recent Posts

Bomber : Navigating Security Vulnerabilities In SBOMs

bomber is an application that scans SBOMs for security vulnerabilities. So you've asked a vendor…

4 hours ago

EmbedPayloadInPng : A Guide To Embedding And Extracting Encrypted Payloads In PNG Files

Embed a payload within a PNG file by splitting the payload across multiple IDAT sections.…

4 hours ago

Exploit Street – Navigating The New Terrain Of Windows LPEs

Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…

2 days ago

ShadowDumper – Advanced Techniques For LSASS Memory Extraction

Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…

3 days ago

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

2 weeks ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

3 weeks ago