search

decaf-project / DECAF

DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF.
GNU General Public License v3.0
801 stars 168 forks source link

symbol extraction bug and fix #44

Closed gkso closed 7 years ago

gkso commented 7 years ago

Hi, during my project with DECAF, I found sometimes DECAF cannot extract symbols for some modules, e.g. user32.dll, ws2_32.dll, etc. After simple investigation, seems there is a little bug existed in the module class in shared/vmi.h. It doesn't intialize most of its member variables, so the symbols_extracted variable can sometimes be intialized as true randomly. And it will cause DECAF not extracting symbols for that module. The fix will be intialization in the constructor of module class. Please confirm the bug. Thanks.

hengyin commented 7 years ago

I think you are right. Can you submit a patch to us? Much appreciated.