graph LR
Virtual_Machine_VM_Core["Virtual Machine (VM) Core"]
Instrumentation_Engine["Instrumentation Engine"]
Execution_Manager["Execution Manager"]
System_Abstraction_Layer["System Abstraction Layer"]
Tooling_API_Bindings["Tooling & API Bindings"]
Project_Infrastructure["Project Infrastructure"]
Virtual_Machine_VM_Core -- "Orchestrates" --> Instrumentation_Engine
Virtual_Machine_VM_Core -- "Controls" --> Execution_Manager
Virtual_Machine_VM_Core -- "Relies on" --> System_Abstraction_Layer
Tooling_API_Bindings -- "Consumes API from" --> Virtual_Machine_VM_Core
Instrumentation_Engine -- "Utilizes" --> System_Abstraction_Layer
Execution_Manager -- "Manages via" --> System_Abstraction_Layer
System_Abstraction_Layer -- "Provides services to" --> Virtual_Machine_VM_Core
System_Abstraction_Layer -- "Provides services to" --> Instrumentation_Engine
System_Abstraction_Layer -- "Provides services to" --> Execution_Manager
Project_Infrastructure -- "Supports" --> Virtual_Machine_VM_Core
Project_Infrastructure -- "Supports" --> Instrumentation_Engine
Project_Infrastructure -- "Supports" --> Execution_Manager
Project_Infrastructure -- "Supports" --> System_Abstraction_Layer
Project_Infrastructure -- "Supports" --> Tooling_API_Bindings
click Instrumentation_Engine href "https://github.com/CodeBoarding/GeneratedOnBoardings/blob/main/QBDI/Instrumentation_Engine.md" "Details"
click Execution_Manager href "https://github.com/CodeBoarding/GeneratedOnBoardings/blob/main/QBDI/Execution_Manager.md" "Details"
click System_Abstraction_Layer href "https://github.com/CodeBoarding/GeneratedOnBoardings/blob/main/QBDI/System_Abstraction_Layer.md" "Details"
click Tooling_API_Bindings href "https://github.com/CodeBoarding/GeneratedOnBoardings/blob/main/QBDI/Tooling_API_Bindings.md" "Details"
click Project_Infrastructure href "https://github.com/CodeBoarding/GeneratedOnBoardings/blob/main/QBDI/Project_Infrastructure.md" "Details"
QBDI is a Dynamic Binary Instrumentation (DBI) framework designed for security research, reverse engineering, and dynamic analysis. At its core, the Virtual Machine (VM) Core orchestrates the entire instrumentation process, managing the target program's state and dispatching user-defined callbacks. It interacts with the Instrumentation Engine to dynamically analyze and transform native machine code into instrumented code, leveraging LLVM for advanced code generation. The Execution Manager handles the seamless execution of this instrumented code, managing memory blocks and controlling the program's flow. All these core functionalities rely on the System Abstraction Layer, which provides a unified interface to operating system and CPU architecture-specific services like memory management, context switching, and register state manipulation, ensuring portability. Higher-level Tooling & API Bindings (like Python bindings and preload injectors) are built on top of the VM Core's public API, extending QBDI's utility. Finally, Project Infrastructure components manage the build, testing, and documentation processes, supporting the framework's development and maintenance.
The central orchestrator of QBDI. It initializes the instrumentation process, manages the target program's execution state, registers and dispatches user-defined callbacks, and coordinates the dynamic re-compilation and execution of code. It serves as the primary API interface for users.
Related Classes/Methods:
VM.cppEngine.cppVM.hVM_C.h
Instrumentation Engine [Expand]
Responsible for the core logic of analyzing, transforming, and generating instrumented code. It leverages LLVM for lifting native instructions to IR, applying instrumentation passes, and lowering the IR back to machine code. It also provides detailed instruction analysis.
Related Classes/Methods:
Patch.cppPatchGenerator.cppInstrRule.cppLLVMCPU.cppLLVMCPU.hInstAnalysis.cppInstAnalysis.h
Execution Manager [Expand]
Manages the dynamic execution environment, including the allocation and management of executable memory regions (execution blocks) where instrumented code resides. It also handles the seamless transition of control flow between the original application and the instrumented code, managing execution contexts and exceptions.
Related Classes/Methods:
ExecBlockManager.cppExecBlockManager.hExecBlock.cppExecBlock.hExecBroker.cppExecBroker.h
System Abstraction Layer [Expand]
Provides a unified, platform-agnostic interface for interacting with underlying operating system functionalities (e.g., memory allocation, protection, thread context manipulation, signal handling) and CPU architecture-specific details (e.g., register state representation, stack switching).
Related Classes/Methods:
Memory.cppMemory.hMemory_android.cppMemory_linux.cppMemory_osx.cppMemory_windows.cppSystem.hSystem_generic.cppStackSwitch.cppCallback.hRegister.cppRegister.h
Tooling & API Bindings [Expand]
A collection of higher-level tools and language bindings that extend QBDI's functionality and make it accessible to different user groups and environments. This includes Python bindings (PyQBDI), a preload injector for easy library injection, and integration with frameworks like Frida.
Related Classes/Methods:
frida-qbdi.js
Project Infrastructure [Expand]
Encompasses the essential supporting systems for the development, testing, and documentation of the QBDI framework. This includes the build system (CMake), the comprehensive testing framework, and the documentation generation system.
Related Classes/Methods:
CMakeLists.txt