Skip to content

Troubleshooting

Jump to bottom
xwings edited this page Jul 6, 2025 · 2 revisions

Troubleshooting Common Issues

This page lists some common problems you might encounter when using Qiling and how to resolve them.

Issue: ImportError: No module named 'qiling'

Cause: Qiling is not installed in your Python environment or you are using a different Python interpreter than the one you installed it with.

Solution:

  1. Make sure you have installed Qiling using pip install qiling.
  2. If you are using a virtual environment, ensure it is activated.
  3. Verify that the python command you are using to run your script is the same one that pip is associated with. You can check with which python and which pip.

Issue: FileNotFoundError when loading a binary

Cause: The rootfs is not set up correctly, and the emulated program cannot find a required library or file.

Example Error: qiling.exception.QlFileNotFoundError: File ‘/lib/x86_64-linux-gnu/libc.so.6’ not found

Solution:

  1. Check your rootfs path: Ensure the rootfs variable in your Qiling script points to the correct directory.
  2. Verify the rootfs contents: Make sure the rootfs you are using matches the architecture and OS of the binary you are emulating. For example, an x86_64 Linux binary needs an x8664_linux rootfs.
  3. Check for missing libraries: Ensure the required shared libraries (like libc) exist within the rootfs directory structure.

Issue: The emulated program crashes with a memory access error

Example Error: unicorn.uc.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED)

Cause: The program is trying to read from or write to a memory address that has not been mapped. This could be due to:

  • A bug in the emulated program itself.
  • An incorrect memory layout set up by Qiling.
  • A missing or incorrect implementation of a syscall or API that was supposed to allocate that memory.

Solution:

  1. Enable verbose logging: Run Qiling with verbose=QL_VERBOSE.DEBUG to get a detailed trace of the instructions leading up to the crash.
  2. Use the GDB stub: This is the most effective way to debug. Set ql.debugger = "gdb" and connect with a GDB client. You can then inspect the memory map, registers, and backtrace at the point of the crash.
  3. Check your hooks: If you are using hooks, make sure they are not corrupting the memory or registers in an unexpected way.

Issue: Syscall or API is not implemented

Example Warning: [+] syscall ‘some_syscall’ is not implemented, return 0

Cause: The emulated program is calling an OS function that Qiling does not yet have an implementation for.

Solution:

  1. Check for updates: The Qiling team is constantly adding new syscalls and APIs. Make sure you are using the latest version of Qiling.
  2. Implement it yourself: This is a great way to contribute! You can define a Python function to handle the syscall/API and use ql.os.set_syscall() or ql.os.set_api() to register it.
  3. Ignore it: If the function is not critical to the execution path you are analyzing, you can often ignore the warning. Qiling will typically return a default value (like 0) and continue.

If you encounter an issue that is not listed here, please feel free to open an issue on our GitHub repository.

Clone this wiki locally