Drakvuf Versions Save

DRAKVUF Black-box Binary Analysis

1.0

1 year ago

What's New

Support added to build DRAKVUF with the Meson build system, increasing the speed with which the project can be built.

Several new plugins contributed by the community:

As usual there has been a large number of performance improvements and bugfixes, as well as an upgrade to the latest Xen release of 4.17.0.

Changes in terms of lines of code: +24610, -7848

Regular contributors

Thanks for the ongoing contributions by @manorit2001, @disaykin, @archercreat, @chivay, @skvl, @BonusPlay! Cheers!

New Contributors

Full Changelog: https://github.com/tklengyel/drakvuf/compare/0.8...1.0

0.8

2 years ago

In this release you will find new plugins:

codemon
hidsim
filetracer for linux
procdump2
tlsmon
rpcmon
rootkitmon
exploitmon
ipt

There has also been a major cleanup to libinjector with improvements and bugfixes, as well as improvements to the libhook and libusermode libraries. This release works best with Xen 4.16 or later.

Thank you for all the contributors in this release: Adam Kliś, Ayush Dosa, Dmitry Isaikin, exescript, Hubert Jasudowicz, Id3aFly, Jan Gruber, Kağan IŞILDAK, Konstanty Cieśliński, Manorit Chawdhry, Michał Leszczyński, Pavel, Pwnosaur, Sergey Kovalev

0.7

3 years ago

In this release you will find new plugins and tools such as:

  • procdump
  • apimon
  • REPL

A new helper library was also added: libusermode. It helps with monitoring usermode code. In this release we also switched to using Volatility 3's IST JSON profiles. Requires Xen 4.14 or later which includes several bugfixes and performance improvements to the VMI subsystem.

Thanks to all the contributors in this release: @icedevml @skvl @zodeak @disaykin @kaganisildak @BonusPlay @sasza8 @chengsteven @4M4Z4 @kscieslinski

0.6

4 years ago

This latest release contains a lot of bugfixes and improvements. Injector now supports Linux as well. Requires Xen 4.12.1 or later.

There are a bunch of new plugins as well:

  • Regmon
  • Procmon
  • BSODmon
  • EnvMon
  • CrashMon
  • ClipboardMon
  • WindowMon
  • LibraryMon
  • DKOMmon
  • WMIMon
  • MEMDump

0.5

6 years ago

The latest release moves the project onto Xen 4.9 and also includes::

  • Adding support up to Windows 10!
  • New plugin added, socketmon: monitor TCP and UDP connections for Windows machines
  • Changing filetracer to use syscalls instead of monitoring ExAllocatePoolWithTag
  • The syscall plugin now also prints detailed arguments for Windows guests
  • Variety of bugfixes and improvements

0.4

7 years ago

This release is based on Xen 4.8 and includes two new plugins: cpuidmon and debugmon! Furthermore, this release also includes support for monitoring system calls in Linux guests.

0.3

7 years ago

DRAKVUF 0.3 release runs on a custom version of Xen 4.7 and includes many bugfixes and improvements, including new plugin to monitor malware modifying the SSDT. It is the most stable version of DRAKVUF to date.

0.2.1

8 years ago

Various fixes to the 0.2 release:

  • timeout only starts at loop start
  • do injection with drakvuf binary before plugin/loop start
  • speed-up trap addition by not looping entire module list for RVA based traps

0.2

8 years ago

DRAKVUF 0.2 release runs on Xen 4.6 and adds support to multi-vCPU guests. This release also re-organizes the internals of DRAKVUF to allow developers to interact with the generic monitoring capability of DRAKVUF via a plugin system.

0.1

8 years ago

This is the initial, alpha release of DRAKVUF. It works with Xen up to 4.5 and supports Windows 7 32 and 64-bit versions.