DroidScope is available for download

Skip to first unread message

Heng Yin

Jan 29, 2013, 12:03:42 PM1/29/13
to bitblaz...@googlegroups.com

If you are interested in our paper ``DroidScope: Seamlessly
Reconstructing OS and Dalvik Semantic Views for Dynamic Android
Malware Analysis" published in the 21st USENIX Security Symposium, and
like to play with it. You can now find the source code at


Alex Bazhanyuk

Jan 29, 2013, 10:12:39 PM1/29/13
to bitblaz...@googlegroups.com
It is really good news.
Thank you for shared your code.
It is very interesting and useful.
I will be write feedback about DroidScope soon.



You received this message because you are subscribed to the Google Groups "BitBlaze User Discussion group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitblaze-user...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



May 10, 2013, 11:02:43 AM5/10/13
to bitblaz...@googlegroups.com

I have studied BitBlaze for a while , then I saw your paper "DroidScope:Seamlessly Reconstructing OS and Dalvik Semantic Views for Dynamic Android Malware Analysis", and I downloaded the decaf source code , however, I have been learning the i386 platform ,so , I compiled the source code for i386 platform, and I have been trying to write some plugin based on the given plugin exmple. when I want to analyze a process in Win XP, I want  to get the image base address dynamicly. I tried to use the parameters in "loadmainmodule_callback"-like function------procmod_Callback_Params, it's member lm.base, but the value is obviously not the image base address. Then I tried to use the function locate_module_byname( ) in procmod.cpp with the two  parameters set to be targetname and targetpid, but the returned tmodinfo_t is NULL. I also tried to use the function get_proc_modules( ) in procmod.cpp to get all the modules of the process whose pid is targetpid, then try to find the mainmodule in the returned old_modinfo_t[ ] ,however, it's still failed.

Can you give me some hint about how to get the process's image base address?

thank you very much..

在 2013年1月30日星期三UTC+8上午1时03分42秒,Heng Yin写道:

Heng Yin

May 21, 2013, 12:22:38 PM5/21/13
to bitblaz...@googlegroups.com
For DroidScope and DECAF related questions, please use the following forum:


Jun 28, 2018, 10:43:34 AM6/28/18
to BitBlaze User Discussion group
Hi, how can I get the software to see how it works
Reply all
Reply to author
0 new messages