DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF.
Hi, during my project with DECAF, I found sometimes DECAF cannot extract symbols for some modules, e.g. user32.dll, ws2_32.dll, etc. After simple investigation, seems there is a little bug existed in the module class in shared/vmi.h. It doesn't intialize most of its member variables, so the symbols_extracted variable can sometimes be intialized as true randomly. And it will cause DECAF not extracting symbols for that module. The fix will be intialization in the constructor of module class. Please confirm the bug. Thanks.
Hi, during my project with DECAF, I found sometimes DECAF cannot extract symbols for some modules, e.g. user32.dll, ws2_32.dll, etc. After simple investigation, seems there is a little bug existed in the
module
class in shared/vmi.h. It doesn't intialize most of its member variables, so thesymbols_extracted
variable can sometimes be intialized as true randomly. And it will cause DECAF not extracting symbols for that module. The fix will be intialization in the constructor ofmodule
class. Please confirm the bug. Thanks.