qilingframework
diff --git a/‎examples/doogie_8086_crack.py‎
Lines changed: 4 additions & 4 deletions b/‎examples/doogie_8086_crack.py‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎examples/petya_8086_crack.py‎
Lines changed: 2 additions & 2 deletions b/‎examples/petya_8086_crack.py‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎examples/rootfs/8086/doogie/doogie.bin‎ ‎…amples/rootfs/8086/doogie/doogie.DOS_MBR‎examples/rootfs/8086/doogie/doogie.bin renamed to examples/rootfs/8086/doogie/doogie.DOS_MBR b/‎examples/rootfs/8086/doogie/doogie.bin‎ ‎…amples/rootfs/8086/doogie/doogie.DOS_MBR‎examples/rootfs/8086/doogie/doogie.bin renamed to examples/rootfs/8086/doogie/doogie.DOS_MBR
diff --git a/‎examples/rootfs/8086/dos/ARKA.DOS_EXE‎
15.3 KB b/‎examples/rootfs/8086/dos/ARKA.DOS_EXE‎
15.3 KB
diff --git a/‎examples/rootfs/8086/dos/HI.COM‎ ‎examples/rootfs/8086/dos/HI.DOS_COM‎examples/rootfs/8086/dos/HI.COM renamed to examples/rootfs/8086/dos/HI.DOS_COM b/‎examples/rootfs/8086/dos/HI.COM‎ ‎examples/rootfs/8086/dos/HI.DOS_COM‎examples/rootfs/8086/dos/HI.COM renamed to examples/rootfs/8086/dos/HI.DOS_COM
diff --git a/‎examples/rootfs/8086/petya/mbr.bin‎ ‎examples/rootfs/8086/petya/petya.DOS_MBR‎examples/rootfs/8086/petya/mbr.bin renamed to examples/rootfs/8086/petya/petya.DOS_MBR b/‎examples/rootfs/8086/petya/mbr.bin‎ ‎examples/rootfs/8086/petya/petya.DOS_MBR‎examples/rootfs/8086/petya/mbr.bin renamed to examples/rootfs/8086/petya/petya.DOS_MBR
diff --git a/‎qiling/utils.py‎
Lines changed: 22 additions & 32 deletions b/‎qiling/utils.py‎
Lines changed: 22 additions & 32 deletions
diff --git a/‎setup.py‎
Lines changed: 0 additions & 5 deletions b/‎setup.py‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎tests/ARKA.EXE‎
15.3 KB b/‎tests/ARKA.EXE‎
15.3 KB
diff --git a/‎tests/test_dos.py‎
Lines changed: 1 addition & 1 deletion b/‎tests/test_dos.py‎
Lines changed: 1 addition & 1 deletion
@@ -129,11 +129,11 @@ def show_once(ql: Qiling, key):
 # In this stage, we show every key.
 def third_stage(keys):
     # To setup terminal again, we have to restart the whole program.
-    ql = Qiling(["rootfs/8086/doogie/doogie.bin"], 
+    ql = Qiling(["rootfs/8086/doogie/doogie.DOS_MBR"], 
                  "rootfs/8086",
                  console=False,
                  log_dir=".")
-    ql.add_fs_mapper(0x80, QlDisk("rootfs/8086/doogie/doogie.bin", 0x80))
+    ql.add_fs_mapper(0x80, QlDisk("rootfs/8086/doogie/doogie.DOS_MBR", 0x80))
     ql.set_api((0x1a, 4), set_required_datetime, QL_INTERCEPT.EXIT)
     hk = ql.hook_code(stop, begin=0x8018, end=0x8018)
     ql.run()
@@ -183,11 +183,11 @@ def stop(ql, addr, data):
 
 # In this stage, we get the encrypted data which xored with the specific date.
 def first_stage():
-    ql = Qiling(["rootfs/8086/doogie/doogie.bin"], 
+    ql = Qiling(["rootfs/8086/doogie/doogie.DOS_MBR"], 
                  "rootfs/8086",
                  console=False,
                  log_dir=".")
-    ql.add_fs_mapper(0x80, QlDisk("rootfs/8086/doogie/doogie.bin", 0x80))
+    ql.add_fs_mapper(0x80, QlDisk("rootfs/8086/doogie/doogie.DOS_MBR", 0x80))
     # Doogie suggests that the datetime should be 1990-02-06.
     ql.set_api((0x1a, 4), set_required_datetime, QL_INTERCEPT.EXIT)
     # A workaround to stop the program.
 
@@ -43,7 +43,7 @@ def input_key(ql, addr, data):
         curses.ungetch(ord("\n"))
         curses.ungetch(ord("\r"))
 
-    ql = Qiling(["rootfs/8086/petya/mbr.bin"], 
+    ql = Qiling(["rootfs/8086/petya/petya.DOS_MBR"], 
                  "rootfs/8086",
                  console=False, 
                  output="debug", 
@@ -87,7 +87,7 @@ def second_stage(ql: Qiling):
 
 # In this stage, we have to wait for petya being load to the right place.
 def first_stage():
-    ql = Qiling(["rootfs/8086/petya/mbr.bin"], 
+    ql = Qiling(["rootfs/8086/petya/petya.DOS_MBR"], 
                  "rootfs/8086",
                  console=False, 
                  output="debug", 
 
@@ -7,7 +7,7 @@
 This module is intended for general purpose functions that can be used
 thoughout the qiling framework
 """
-import importlib, logging, os, logging, copy, re, pefile, magic, configparser
+import importlib, logging, os, logging, copy, re, pefile, configparser
 from logging import LogRecord
 from pathlib import Path
 from .exception import *
@@ -333,8 +333,11 @@ def getident():
     return arch, ostype, archendian
 
 def ql_pe_parse_emu_env(path):
+    try:
+        pe = pefile.PE(path, fast_load=True)
+    except:
+        return None, None, None
 
-    pe = pefile.PE(path, fast_load=True)
     ostype = None
     arch = None
     archendian = None
@@ -364,43 +367,30 @@ def ql_pe_parse_emu_env(path):
     return arch, ostype, archendian
 
 def ql_guess_emu_env(path):
-    if os.path.isdir(path) and (str(path)).endswith(".kext"):
-        return QL_ARCH.X8664, QL_OS.MACOS, QL_ENDIAN.EL
-
     arch = None
     ostype = None
     archendian = None
 
-    ftype = magic.from_file(path)
+    if os.path.isdir(path) and (str(path)).endswith(".kext"):
+        return QL_ARCH.X8664, QL_OS.MACOS, QL_ENDIAN.EL
+
+    if os.path.isfile(path) and (str(path)).endswith(".DOS_COM"):
+        return QL_ARCH.A8086, QL_OS.DOS, QL_ENDIAN.EL
 
-    if "ELF" in ftype:
-        arch, ostype, archendian = ql_elf_parse_emu_env(path)
-    elif "Mach-O" in ftype:
+    if os.path.isfile(path) and (str(path)).endswith(".DOS_MBR"):
+        return QL_ARCH.A8086, QL_OS.DOS, QL_ENDIAN.EL
+
+    if os.path.isfile(path) and (str(path)).endswith(".DOS_EXE"):
+        return QL_ARCH.A8086, QL_OS.DOS, QL_ENDIAN.EL
+
+    arch, ostype, archendian = ql_elf_parse_emu_env(path)
+
+    if arch == None or ostype == None or archendian == None:
         arch, ostype, archendian = ql_macho_parse_emu_env(path)
-    elif "PE32" in ftype:
-        arch, ostype, archendian = ql_pe_parse_emu_env(path)
-    elif ("COM" in ftype and "DOS" in ftype) or "COM" in path:
-        arch = QL_ARCH.A8086
-        ostype = QL_OS.DOS
-        archendian = QL_ENDIAN.EL
-    elif "MBR" in ftype and "DOS" in ftype: # Yes, we put MBR into dos.py.
-        arch = QL_ARCH.A8086
-        ostype = QL_OS.DOS
-        archendian = QL_ENDIAN.EL
-    elif "MS-DOS" in ftype:
-        # Here we have to distinguish between real 16bit DOS executables and EFI excutables.
-        # I could confirm from specs that all UEFI executables should be PE/PE32+.
-        # But 16bit DOS executables don't have a valid NT header.
-        # I'm not sure why libmagic(file) classify EFI executables as "MS-DOS executable"
-        try:
-            pefile.PE(path)
-        except pefile.PEFormatError:
-            arch = QL_ARCH.A8086
-            ostype = QL_OS.DOS
-            archendian = QL_ENDIAN.EL
-        else:
-            arch, ostype, archendian = ql_pe_parse_emu_env(path)
 
+    if arch == None or ostype == None or archendian == None:
+        arch, ostype, archendian = ql_pe_parse_emu_env(path)
+  
     if ostype not in (QL_OS_ALL):
         raise QlErrorOsType("[!] File does not belong to either 'linux', 'windows', 'freebsd', 'macos', 'ios', 'dos'")
 
 
@@ -25,11 +25,6 @@
 with open("README.md", "r", encoding="utf-8") as ld:
     long_description = ld.read()
 
-if sys.platform in ('linux', 'cygwin'):
-    requirements += ["python-magic>=0.4.16"]
-else:
-    requirements += ["python-magic-bin>=0.4.14"]
-
 if "win32" in sys.platform:
     requirements += ["windows-curses>=2.1.0"]
 
 
@@ -19,7 +19,7 @@
 class DOSTest(unittest.TestCase):
 
     def test_dos_8086_hello(self):
-        ql = Qiling(["../examples/rootfs/8086/dos/HI.COM"], "../examples/rootfs/8086/dos")
+        ql = Qiling(["../examples/rootfs/8086/dos/HI.DOS_COM"], "../examples/rootfs/8086/dos")
         ql.run()
         del ql