Zelos (Zeropoint Emulated Lightweight Operating System) is a python-based binary emulation platform. One use of zelos is to quickly assess the dynamic behavior of binaries via command-line or python scripts. All syscalls are emulated to isolate the target binary. Linux x86_64 (32- and 64-bit), ARM and MIPS binaries are supported. Unicorn provides CPU emulation.
Full documentation is available here.
Use the package manager pip to install zelos.
pip install zelos
To emulate a binary with default options:
$ zelos my_binary
To view the instructions that are being executed, add the
$ zelos -v my_binary
You can print only the first time each instruction is executed, rather than every execution, using
$ zelos -v --fasttrace my_binary
By default, syscalls are emitted on stdout. To write syscalls to a file instead, use the
$ zelos --strace path/to/file my_binary
Specify any command line arguments after the binary name:
$ zelos my_binary arg1 arg2
import zelos z = zelos.Zelos("my_binary") z.start(timeout=3)
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.
Local Development Environment
First, create a new python virtual environment. This will ensure no package version conflicts arise:
$ python3 -m venv ~/.venv/zelos $ source ~/.venv/zelos/bin/activate
Now clone the repository and change into the
(zelos) $ git clone [email protected]:zeropointdynamics/zelos.git (zelos) $ cd zelos
Install an editable version of zelos into the virtual environment. This makes
import zelos available, and any local changes to zelos will be effective immediately:
(zelos) $ pip install -e '.[dev]'
At this point, tests should pass and documentation should build:
(zelos) $ pytest (zelos) $ cd docs (zelos) $ make html
Built documentation is found in
Install zelos pre-commit hooks to ensure code style compliance:
(zelos) $ pre-commit install
In addition to automatically running every commit, you can run them anytime with:
(zelos) $ pre-commit run --all-files
Commands vary slightly on Windows:
C:\> python3 -m venv zelos_venv C:\> zelos_venv\Scripts\activate.bat (zelos) C:\> pip install -e .[dev]
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
- Blog2022.10.12Vulnerability management with Wazuh open source XDR
- Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
- Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky