DRAKVUF Black-box Binary Analysis
Support added to build DRAKVUF with the Meson build system, increasing the speed with which the project can be built.
Several new plugins contributed by the community:
As usual there has been a large number of performance improvements and bugfixes, as well as an upgrade to the latest Xen release of 4.17.0.
Changes in terms of lines of code: +24610, -7848
Thanks for the ongoing contributions by @manorit2001, @disaykin, @archercreat, @chivay, @skvl, @BonusPlay! Cheers!
In this release you will find new plugins:
codemon
hidsim
filetracer for linux
procdump2
tlsmon
rpcmon
rootkitmon
exploitmon
ipt
There has also been a major cleanup to libinjector with improvements and bugfixes, as well as improvements to the libhook and libusermode libraries. This release works best with Xen 4.16 or later.
Thank you for all the contributors in this release: Adam Kliś, Ayush Dosa, Dmitry Isaikin, exescript, Hubert Jasudowicz, Id3aFly, Jan Gruber, Kağan IŞILDAK, Konstanty Cieśliński, Manorit Chawdhry, Michał Leszczyński, Pavel, Pwnosaur, Sergey Kovalev
In this release you will find new plugins and tools such as:
A new helper library was also added: libusermode
. It helps with monitoring usermode code. In this release we also switched to using Volatility 3's IST JSON profiles. Requires Xen 4.14 or later which includes several bugfixes and performance improvements to the VMI subsystem.
Thanks to all the contributors in this release: @icedevml @skvl @zodeak @disaykin @kaganisildak @BonusPlay @sasza8 @chengsteven @4M4Z4 @kscieslinski
This latest release contains a lot of bugfixes and improvements. Injector now supports Linux as well. Requires Xen 4.12.1 or later.
There are a bunch of new plugins as well:
The latest release moves the project onto Xen 4.9 and also includes::
ExAllocatePoolWithTag
This release is based on Xen 4.8 and includes two new plugins: cpuidmon and debugmon! Furthermore, this release also includes support for monitoring system calls in Linux guests.
DRAKVUF 0.3 release runs on a custom version of Xen 4.7 and includes many bugfixes and improvements, including new plugin to monitor malware modifying the SSDT. It is the most stable version of DRAKVUF to date.
Various fixes to the 0.2 release:
DRAKVUF 0.2 release runs on Xen 4.6 and adds support to multi-vCPU guests. This release also re-organizes the internals of DRAKVUF to allow developers to interact with the generic monitoring capability of DRAKVUF via a plugin system.
This is the initial, alpha release of DRAKVUF. It works with Xen up to 4.5 and supports Windows 7 32 and 64-bit versions.