search

decaf-project / DECAF

DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF.
GNU General Public License v3.0
803 stars 168 forks source link

In the step "3. VMI configuration for Linux", after copying procinfo.c and Makefile into guest OS, errors occur while running the command "make". #104

Open Kingsdom005 opened 10 months ago

Kingsdom005 commented 10 months ago

My system information: Host OS: Ubuntu20.04 Guest OS: Ubuntu18.04/16.04/14.04/12.04 ( try four versions, but all failed while "make" )

In Ubuntu 18.04, the error information goes like this: /home/username/desktop/DECAF/procinfo.c:21:22:error: array type has incomplete element type 'struct jprobe' static struct jprobe jprobes[JPROBE_TOTAL]; (jprobe error)

In Ubuntu 16.04/14.04/12.04, the same error is: error: implicit declaration of function 'jprobe_return' error:'struct module' has no member named 'core_size'/'module core' with other similar errors.

what version of kernel should I use?(like linux-headers-5.4.0-150-generic) And how to deal with the "make" error?

enlighten5 commented 10 months ago

Hi,

Currently, only kernel versions before 4.4 are supported. Since kernel data structures change during each update, the generic procinfo.c may not work for other kernel versions.

You can modify procinfo.c according to your kernel versions to make it compatible with relevant kernel data structures.

Please refer to issue #58 and pr #66 for more information.