01 - Command Line Use

To emulate a binary with default options:

$ zelos my_binary

To emulate a binary and view the instructions being executed, add the -v flag:

$ zelos -v my_binary

To print only the first time an instruction is executed, rather than every instruction, using the --fasttrace flag:

$ zelos -v --fasttrace my_binary

To write output to a file use the --trace_file flag:

$ zelos --trace_file /path/to/file my_binary

To provide command line arguments to the emulated binary, specify them after the binary name:

$ zelos my_binary arg1 arg2

To log various Zelos-related debug information, you can specify log level with flag --log and specify one of the options from ‘info’, ‘verbose’, ‘debug’, ‘spam’, ‘notice’, ‘warning’, ‘success’, ‘error’, or ‘fatal’. The default options is ‘info’.

$ zelos --log debug my_binary

To specify a timeout in seconds, after which emulation will stop, use the flag -t:

$ zelos -t 10 my_binary

To specify a memory limit in mb, after which an exception is thrown an emulation will stop, use the flag m:

$ zelos -m 1024 my_binary

To specify a virtual filename, the name that will be used for the binary during emulation, use the --virtual_filename flag:

$ zelos --virtual_filename virtualname my_binary

To specify a virtual file path, the path that will be used for the binary during emulation, use the --virtual_path flag:

$ zelos --virtual_path /home/admin/ my_binary

To specify environment variables to use during emulation, use the --env_vars (-ev) flag. This can be specified multiple times to set multiple environment variables:

$ zelos --env_vars FOO=bar --env_vars LOREM=ipsum my_binary

To specify the date in YYYY-MM-DD format, use the --date flag. This is primarily used when emulating date-related system calls such as time and gettimeofday.

$ zelos --date 2020-03-04 my_binary

To see an example of the above, you can use zelos to emulate the date GNU coreutil. This is included on most linux systems at /bin/date. The source code for date is available here.

$ zelos --date 2020-03-04 /bin/date

To mount a specified file or path into the emulated filesystem, use the --mount flag. The format is --mount ARCH,DEST,SRC. ARCH is one of x86, x86-64, arm, or mips. DEST is the emulated path to mount the specified SRC. SRC is the absolute host path to the file or path to mount.

$ zelos --mount x86,/path/to/dest,/path/to/src my_binary

To specify a directory to use as the rootfs directory during emulation of a linux system, use --linux_rootfs flag. The format is --linux_rootfs ARCH,PATH. ARCH is one of x86, x86-64, arm, or mips. PATH is the absolute host path to the directory to be used as rootfs. For example, if you were running Zelos on a linux host machine, and you wanted to use your own root filesystem as the emulated rootfs, you would do the following:

$ zelos --linux_rootfs x86,/ my_binary