Giters

decaf-project / DECAF

DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

In the step "3. VMI configuration for Linux", after copying procinfo.c and Makefile into guest OS, errors occur while running the command "make".

Kingsdom005 opened this issue · comments

commented

My system information:
Host OS: Ubuntu20.04
Guest OS: Ubuntu18.04/16.04/14.04/12.04 ( try four versions, but all failed while "make" )

In Ubuntu 18.04, the error information goes like this:
/home/username/desktop/DECAF/procinfo.c:21:22:error: array type has incomplete element type 'struct jprobe'
static struct jprobe jprobes[JPROBE_TOTAL]; (jprobe error)

In Ubuntu 16.04/14.04/12.04, the same error is:
error: implicit declaration of function 'jprobe_return'
error:'struct module' has no member named 'core_size'/'module core'
with other similar errors.

what version of kernel should I use?(like linux-headers-5.4.0-150-generic)
And how to deal with the "make" error?

commented

Hi,

Currently, only kernel versions before 4.4 are supported. Since kernel data structures change during each update, the generic procinfo.c may not work for other kernel versions.

You can modify procinfo.c according to your kernel versions to make it compatible with relevant kernel data structures.

Please refer to issue #58 and pr #66 for more information.