#9 - DRAKVUF: Support for Dynamic Malware Analysis on ARM

The relevance of ARM processors is rising. Especially since ARM recently started targeting the servers and desktop market, thus going beyond the mobile devices. That’s why malware targeting ARM is becoming an even bigger threat every day. On the other hand, it is still the x86 architecture for which most reverse engineering tools are developed. This Google Summer of Code (GSoC) project aims to add ARM support for both the dynamic analysis framework DRAKVUF and the virtual machine introspection (VMI) library libvmi. The idea is to base our project upon the result of an earlier GSoC project which added altp2m support for Xen on ARM. The altp2m subsystem defines different views on the guest’s physical memory and allows to dynamically switch among them. With altp2m and DRAKVUF we are able to build a stealthy VMI framework. In summary, the goal of the GSoC project is to add support for DRAKVUF for ARM and thus provide more options for reverse engineering on the ARM architecture.