decaf-project / DECAF

DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF.
GNU General Public License v3.0
803 stars 168 forks source link

Running performance benchmarks on DECAF #81

Open johnfxgalea opened 4 years ago

johnfxgalea commented 4 years ago

Firstly, thank you for making Decaf open-source. I managed to get it running on my machine!

I am wondering whether you can share your experiences with running performance benchmarks on the system. Essentially, I want to measure the overhead of Decaf on my machine. Are there any tips and tricks that I should keep in mind please?

In particular, when I launch DECAF, I am struggling to actually start any of my performance experiments due to the significant overhead incurred (with tainting). In particular, I can't even start a terminal due to the overhead. Is this expected?

Moreover, I am running Ubuntu as a guest. Is support as stable for Linux as for Windows? I have VMI enabled.

Thanks!

hengyin commented 4 years ago

This is a good question. Zhenxiao, can you share some experience?

Heng

On Mar 11, 2020, at 8:55 PM, John F.X. Galea notifications@github.com wrote:

Firstly, thank you for making Decaf open-source. I managed to get it running on my machine!

I am wondering whether you can share your experiences with running performance benchmarks on the system. Essentially, I want to measure the overhead of Decaf on my machine. Are there any tips and tricks that I should keep in mind please?

In particular, when I launch DECAF, I am struggling to actually start any of my performance experiments due to the significant overhead incurred (with tainting). In particular, I can't even start a terminal due to the overhead. Is this expected?

Moreover, I am running Ubuntu as a guest. Is support as stable for Linux as for Windows? I have VMI enabled.

Thanks!

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/decaf-project/DECAF/issues/81, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAWJ2RUE62ZLB6B4JDXWVGLRHBMMXANCNFSM4LGDSA6A.

enlighten5 commented 4 years ago

Hi,

To avoid the significant overhead introduced by the GUI, Lubuntu or pure TTY mode is recommended. To enter the TTY mode, you can start DECAF with -monitor stdio option, and enter sendkey ctrl-alt-f1 in qemu console after the system boot up.

For windows support, I only tested DECAF with WinXp images, it works well. It may not work on other Windows images like Win10. For Linux support, I have tested it on different versions of Ubuntu and Debian systems. It should work well on those systems. If you find the VMI does not work on your target system, try to generate a profile for it following the instructions in the procinfo_generic folder. Plus, to use the VMI, you have to allocate 2GB memory when starting the system.

Let me know if you have any further questions.

Zhenxiao

johnfxgalea commented 4 years ago

Thanks a lot for your reply! Running in TTY mode made things so much easier!