Tamas K Lengyel
Tamas K Lengyel
When examining EFI PE files, it is very useful to calculate the Authenticode hash, which is used by the UEFI firmware to record measurements into the TPM. Currently `pehash` does...
ShellExec injection seems to be broken now under recent versions of Windows 10. Used to work fine with a version from ~2017.
Using the HIDSIM plugin with --hid-monitor-gui alongside other plugins leads to frequent segfaults. This is most likely due to insufficient locking around the LibVMI instance in libdrakvuf. While plugins always...
Various plugins using usermode hooks fail to properly track track their memory allocations and free them when DRAKVUF is interrupted. All plugins need to track their memory allocations such that...
Jenkins now reports that the ci/dll-hooks-list file is malformed: ``` Running DRAKVUF #2 for 60 seconds. Opts: -S /shared/jenkins/workspace/DRAKVUF-windows10/ci/syscalls.txt -a syscalls -a memdump -a apimon --dll-hooks /shared/jenkins/workspace/DRAKVUF-windows10/ci/dll-hooks-list DRAKVUF is running...
https://sonarcloud.io/organizations/drakvuf/issues?open=AWk6EfAkllUQ4PNQDki_&resolved=false&severities=BLOCKER&types=BUG @skvl
Detect when a domain crashes, reboots or shuts down to exit DRAKVUF as well
The current implementation of injector simply starts a process already present on the filesystem of the VM (or injects commands to download one). Directly injecting a binary into memory would...
Implement Linux tracing for ARM guests by implementing Xen altp2m for ARM and by avoiding using the guest-accessible single-stepping apparatus provided by the CPU. Singlestepping can also be achieved by...