Decouple BLOB entry point and load address

elicn · elicn · commit 327f475ba3d7 · 2025-07-06T18:23:07.000+03:00
diff --git a/examples/uboot_bin.ql b/examples/uboot_bin.ql
@@ -1,5 +1,6 @@
 [CODE]
 ram_size = 0xa00000
+load_address = 0x80800000
 entry_point = 0x80800000
 heap_size = 0x300000
 
diff --git a/qiling/loader/blob.py b/qiling/loader/blob.py
@@ -15,7 +15,8 @@ def __init__(self, ql: Qiling):
         self.load_address = 0
 
     def run(self):
-        self.load_address = self.ql.os.entry_point      # for consistency
+        self.load_address = self.ql.os.load_address
+        self.entry_point = self.ql.os.entry_point
 
         code_begins = self.load_address
         code_size = self.ql.os.code_ram_size
@@ -28,8 +29,10 @@ def run(self):
         self.images.append(Image(code_begins, code_ends, 'blob_code'))
 
         # FIXME: heap starts above end of ram??
+        # FIXME: heap should be allocated by OS, not loader
         heap_base = code_ends
         heap_size = int(self.ql.os.profile.get("CODE", "heap_size"), 16)
         self.ql.os.heap = QlMemoryHeap(self.ql, heap_base, heap_base + heap_size)
 
+        # FIXME: stack pointer should be a configurable profile setting
         self.ql.arch.regs.arch_sp = code_ends - 0x1000
diff --git a/qiling/os/blob/blob.py b/qiling/os/blob/blob.py
@@ -9,6 +9,7 @@
 from qiling.os.fcall import QlFunctionCall
 from qiling.os.os import QlOs
 
+
 class QlOsBlob(QlOs):
     """ QlOsBlob for bare barines.
 
@@ -21,7 +22,7 @@ class QlOsBlob(QlOs):
     type = QL_OS.BLOB
 
     def __init__(self, ql: Qiling):
-        super(QlOsBlob, self).__init__(ql)
+        super().__init__(ql)
 
         self.ql = ql
 
@@ -39,11 +40,14 @@ def __init__(self, ql: Qiling):
         self.fcall = QlFunctionCall(ql, cc)
 
     def run(self):
-        if self.ql.entry_point:
+        # if entry point was set explicitly, override the default one
+        if self.ql.entry_point is not None:
             self.entry_point = self.ql.entry_point
 
-        self.exit_point = self.ql.loader.load_address + len(self.ql.code)
-        if self.ql.exit_point:
+        self.exit_point = self.load_address + len(self.ql.code)
+
+        # if exit point was set explicitly, override the default one
+        if self.ql.exit_point is not None:
             self.exit_point = self.ql.exit_point
 
         self.ql.emu_start(self.entry_point, self.exit_point, self.ql.timeout, self.ql.count)
diff --git a/qiling/os/os.py b/qiling/os/os.py
@@ -89,6 +89,7 @@ def __init__(self, ql: Qiling, resolvers: Mapping[Any, Resolver] = {}):
         if self.ql.code:
             # this shellcode entrypoint does not work for windows
             # windows shellcode entry point will comes from pe loader
+            self.load_address = self.profile.getint('CODE', 'load_address')
             self.entry_point = self.profile.getint('CODE', 'entry_point')
             self.code_ram_size = self.profile.getint('CODE', 'ram_size')
 
diff --git a/tests/profiles/uboot_bin.ql b/tests/profiles/uboot_bin.ql
@@ -1,5 +1,6 @@
 [CODE]
 ram_size = 0xa00000
+load_address = 0x80800000
 entry_point = 0x80800000
 heap_size = 0x300000
 
